r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 7e05c8461bd2dc5a149f71e2c465ea29
705983959c887e243cb55a8a1796757b579ee977
4d9ea085d5dda9dabed11af9847c2b0aa6182358673b356a4e2bd631e22a9922
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "4D9EA085D5DDA9DABED11AF9847C2B0AA6182358673B356A4E2BD631E22A9922"
Last-Modified: Tue, 31 Jan 2023 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12507
Expires: Wed, 01 Feb 2023 02:41:20 GMT
Date: Tue, 31 Jan 2023 23:12:53 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 0c35c3ec659d3a26ea97e68d787bb043
d97e3672244efec5b7814f2d8a734cd1a9387854
4c946a026114ff05316d92277750facf3d5f5d162839149da0b7fb1a4cff6b5e
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "4C946A026114FF05316D92277750FACF3D5F5D162839149DA0B7FB1A4CFF6B5E"
Last-Modified: Mon, 30 Jan 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3650
Expires: Wed, 01 Feb 2023 00:13:43 GMT
Date: Tue, 31 Jan 2023 23:12:53 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash a8d45deaa7ebfcd996c2055dae592ab8
55befe074589fe7b39757c145968058162a8fc6b
50d7d516f446458145a304b288a0a39d391cd37ea50dabea36ae48d291c65ba7
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "50D7D516F446458145A304B288A0A39D391CD37EA50DABEA36AE48D291C65BA7"
Last-Modified: Tue, 31 Jan 2023 04:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7276
Expires: Wed, 01 Feb 2023 01:14:09 GMT
Date: Tue, 31 Jan 2023 23:12:53 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/
35.241.9.150200 OK 939 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash 30db107dcf4380cef05efea409c2e6a3
96e6a306fbc07299aba64e5c14e2bfca35872fa9
b64051a4a8e346e3c72b2aef77f360a5736ab5e16711d8e0bae3876feaa15b6e
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Backoff, Retry-After, Content-Length, Alert, Content-Type
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Tue, 31 Jan 2023 22:43:20 GMT
content-type: application/json
age: 1773
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain
34.160.144.191200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain
IP 34.160.144.191:0
File type PEM certificate\012- , ASCII text
Hash 7b922915ebf1fa3639b333f994c74f24
144a3f80b98fd0652d4614f24cf6cbbee40f8938
adbb3e06df0e870f5c7a9cb81e8979d4e92735853d75c9b779c06470d4db5d9c
GET /chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: UNBodt1sEJmavQrE6hYMwGDD1ntl0m2f33zavNfh0FQoc4OjojVBPP0YAe614Q+oLR1y9vkHJTnrDLEAHL0z8A==
x-amz-request-id: 5N3MH08245JPHW8V
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Tue, 31 Jan 2023 22:22:23 GMT
age: 3030
last-modified: Mon, 09 Jan 2023 18:04:21 GMT
etag: "7b922915ebf1fa3639b333f994c74f24"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
1080p.hentaitube.win/v/s:/www.liaoai.xyz/videos/79397/0f2731498b39828ae9d20dcaa1c10cdd/
172.64.161.18200 OK 8.4 kB URL HTTP/1.1 1080p.hentaitube.win/v/s:/www.liaoai.xyz/videos/79397/0f2731498b39828ae9d20dcaa1c10cdd/
IP 172.64.161.18:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (9917), with CRLF line terminators
Hash 71a41bec7f7147a04ce3bfb7352038c0
fc1d6e7068f42aea9a6650aa4230045cd20c8c5a
d4a0be9e6d96f7abfaf5ddc3b5a0a1bcb65c76d85047a73a3e072a70b8ff1baf
GET /v/s:/www.liaoai.xyz/videos/79397/0f2731498b39828ae9d20dcaa1c10cdd/ HTTP/1.1
Host: 1080p.hentaitube.win
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Date: Tue, 31 Jan 2023 23:12:53 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Host,Accept-Encoding
pdo-line8: host-1080p.hentaitube.win127.0.0.1-myhost-1080p.hentaitube.win127.0.0.1/v/s://www.liaoai.xyz/videos/79397/0f2731498b39828ae9d20dcaa1c10cdd/
phost: 1080p.hentaitube.win
line1066: notjp-1080-myhost-1080p.hentaitube.win-filteron-
pdo106: feedvid-, cachefileb-cacpdo1/fb/3e/31a065, lfm-1-32, lmd-32, lud-315600, xfvlen-1700183, fsize-1056349, played-32997
pdophp-line408: -; cachetime- 64975.664234877; ctime- 20221209052815
line1514: method-0: ik-网曝|||-【|||小萝|||莉高|||清合|||集】|||大神|||玩转|||东南|||亚小|||萝莉|||~!|||内容|||过于|||精彩|||!-|||聊爱|||视频|||网曝|||小萝莉高清合集|||大神玩转东南亚小萝莉|||内容过于精彩|||聊爱视频网曝-【小萝莉高清合集】大神玩转东南亚小萝莉~!内容过于精彩!-聊爱视频: vidlang-cn9709
line1528: method-0: ik--【|||莉高|||清合|||集】|||大神|||玩转|||东南|||亚小|||~!|||内容|||过于|||精彩|||小萝莉高清合集|||大神玩转东南亚小萝莉|||内容过于精彩网曝-【小萝莉高清合集】大神玩转东南亚小萝莉~!内容过于精彩!-聊爱视频: vidlang-cn
pdoline1599: sarray-599cn8080
pdoline1662: notjp-1080: fvkwcnt-9671
pdoline1666: notjp-1080: fvkwcnt-599
pdo-line1950: $i-62$load-0.8578125
Cache-Control: max-age=54784, public
genre: genre=
Access-Control-Allow-Origin: *
X-Proxy-Cache-5950: MISS
Xkey-5950: 1080p./v/s:/www.liaoai.xyz/videos/79397/0f2731498b39828ae9d20dcaa1c10cdd/-A-1080p.hentaitube.win-1080p.hentaitube.win-cacpdo0---yes
X-Proxy-Cache-gla: HIT
Xkey-gla: 1080p./v/s:/www.liaoai.xyz/videos/79397/0f2731498b39828ae9d20dcaa1c10cdd/-A-1080p.hentaitube.win--my_zone
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2BylQ3r2jCobRZYHMYbTcN4n%2F15BBJ8GYFgJ8JziE6ABLoyTauYvjJDhbyuvZOoYFdzmEApY0s30XYBHUwy57SX5Vmc3LgbhxxtdugxZ7PxJYN3xBuURnDHyd1YZ1yyzHbohDiCohHQ%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 7926227d589a7702-LHR
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Tue, 31 Jan 2023 23:12:53 GMT
content-type: application/json
content-length: 12
access-control-expose-headers: content-type
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-allow-credentials: true
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 279 B IP 93.184.220.29:0
Hash fd5ce84e08b92a1707340d9633a3acb1
015ffb97e9f7a5fbd54430c9a8be91d1af7ea1bd
274e0988ecd4eb09bf30158aa2b3810e3793712f102480e8f76e50d97f9a7f24
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 1703
Cache-Control: max-age=91732
Content-Type: application/ocsp-response
Date: Tue, 31 Jan 2023 23:12:53 GMT
Etag: "63d85d22-117"
Expires: Thu, 02 Feb 2023 00:41:45 GMT
Last-Modified: Tue, 31 Jan 2023 00:13:22 GMT
Server: ECS (ska/F715)
X-Cache: HIT
Content-Length: 279
ocsp.digicert.com/
93.184.220.29200 OK 279 B IP 93.184.220.29:0
Hash fd5ce84e08b92a1707340d9633a3acb1
015ffb97e9f7a5fbd54430c9a8be91d1af7ea1bd
274e0988ecd4eb09bf30158aa2b3810e3793712f102480e8f76e50d97f9a7f24
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 1703
Cache-Control: max-age=91732
Content-Type: application/ocsp-response
Date: Tue, 31 Jan 2023 23:12:53 GMT
Etag: "63d85d22-117"
Expires: Thu, 02 Feb 2023 00:41:45 GMT
Last-Modified: Tue, 31 Jan 2023 00:13:22 GMT
Server: ECS (ska/F715)
X-Cache: HIT
Content-Length: 279
ocsp.digicert.com/
93.184.220.29200 OK 279 B IP 93.184.220.29:0
Hash fd5ce84e08b92a1707340d9633a3acb1
015ffb97e9f7a5fbd54430c9a8be91d1af7ea1bd
274e0988ecd4eb09bf30158aa2b3810e3793712f102480e8f76e50d97f9a7f24
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 1704
Cache-Control: max-age=91732
Content-Type: application/ocsp-response
Date: Tue, 31 Jan 2023 23:12:54 GMT
Etag: "63d85d22-117"
Expires: Thu, 02 Feb 2023 00:41:46 GMT
Last-Modified: Tue, 31 Jan 2023 00:13:22 GMT
Server: ECS (ska/F715)
X-Cache: HIT
Content-Length: 279
jsjs.gazo.space/index.php?js=av4&advertisement&
104.21.235.169200 OK 37 kB URL HTTP/2 jsjs.gazo.space/index.php?js=av4&advertisement&
IP 104.21.235.169:0
File type HTML document, Unicode text, UTF-8 text, with very long lines (6476), with CRLF line terminators
Hash 092f134424180918f12ba5707968bfd6
1f19f2f84fc162ad5f98d42e9ca82d0d6cfd8258
deed15d3bf533961f67427947d1917a1ee62f4fd0f7da0221e27c63a3b31866b
GET /index.php?js=av4&advertisement& HTTP/1.1
Host: jsjs.gazo.space
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://1080p.hentaitube.win/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Tue, 31 Jan 2023 23:12:53 GMT
content-type: text/html; charset=UTF-8
access-control-allow-origin: *
access-control-allow-headers: Cake
imghost: 240026512804c008ad763d1c3-h-jsjsgazospacmh--GB-rm2400cb003761024ac46553b/index.php?js=av4&advertisement&
55nloadrate: 0.55
cache-control: public, max-age=7200, s-max-age=1800
vary: Accept-Encoding
cf-cache-status: HIT
age: 982
last-modified: Tue, 31 Jan 2023 22:56:31 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=sydUlbyZq4xnFuJSd9PAw4t91VDlKHJj5%2FiIU%2B8At5j81bP4FGEUtiXM3Qk7O%2BMIyG0RM1dOADMzMTArPhQExBzuEvurOXzjndS%2Bga3WKBRJjErc%2BrB6SIb0b4us5sB7KHQ%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 79262281292c7720-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
dvcasha2.ocsp-certum.com/
23.36.79.17200 OK 1.6 kB URL HTTP/1.1 dvcasha2.ocsp-certum.com/
IP 23.36.79.17:0
ASN #20940 Akamai International B.V.
Hash 9331620d0d8554afb16f8dfdfa133164
b0d6114695065405db17edc871bdd9b196dc2048
6a9017b61e5a52dab96e8b501112ed3531afd2628d7d397f39d467eb5385704a
POST / HTTP/1.1
Host: dvcasha2.ocsp-certum.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 1599
X-Cached: HIT
Strict-Transport-Security: max-age=63072000,includeSubDomains,preload
Cache-Control: max-age=411
Date: Tue, 31 Jan 2023 23:12:54 GMT
Connection: keep-alive
X-N: S
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 22b9916fc1fafc9bdc9bb37f9eac8a9a
86f640e134a741a0f906a8e3a0f5c6659dd0e394
a29ee843c8a39551a1507cc6ad949ad509e33aaae8b72c58ac4884bad8b0b38e
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "A29EE843C8A39551A1507CC6AD949AD509E33AAAE8B72C58AC4884BAD8B0B38E"
Last-Modified: Sun, 29 Jan 2023 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10486
Expires: Wed, 01 Feb 2023 02:07:40 GMT
Date: Tue, 31 Jan 2023 23:12:54 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash a778fb1083a04f6306a460effc25dfab
e43c582276f458b86fa2a0b295e2cb69766d2059
9c9bd3e460a79cf158f00d6b5b06cb9af175bd2aa8f814839fb1ed0e0157d4d0
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "9C9BD3E460A79CF158F00D6B5B06CB9AF175BD2AA8F814839FB1ED0E0157D4D0"
Last-Modified: Mon, 30 Jan 2023 15:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3143
Expires: Wed, 01 Feb 2023 00:05:17 GMT
Date: Tue, 31 Jan 2023 23:12:54 GMT
Connection: keep-alive
push.services.mozilla.com/
34.210.150.237101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 34.210.150.237:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: K93bcLrlHEwS6aH4fSMqgg==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: riz8/5QCNBPzObM2DwlSK6Ua3JA=
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 9004ba4b34f1ae3498b3afeccc240e8c
ee465f20e9365246ef0e90b5349df5d0ec7afc31
e75b585711a65a09bb8188ef1a592d6c8708bfb3f1fa395befa9643974b0a680
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "E75B585711A65A09BB8188EF1A592D6C8708BFB3F1FA395BEFA9643974B0A680"
Last-Modified: Mon, 30 Jan 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2161
Expires: Tue, 31 Jan 2023 23:48:55 GMT
Date: Tue, 31 Jan 2023 23:12:54 GMT
Connection: keep-alive
js.wpadmngr.com/npc/sdk/wp-banners.js
45.133.44.25200 OK 0 B URL HTTP/2 js.wpadmngr.com/npc/sdk/wp-banners.js
IP 45.133.44.25:0
ASN #39572 DataWeb Global Group B.V.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /npc/sdk/wp-banners.js HTTP/1.1
Host: js.wpadmngr.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://1080p.hentaitube.win/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Tue, 31 Jan 2023 23:12:54 GMT
content-type: application/javascript; charset=utf-8
content-length: 0
server: nginx/1.18.0
last-modified: Fri, 20 Aug 2021 15:14:31 GMT
etag: "611fc6d7-0"
expires: Tue, 31 Jan 2023 23:17:54 GMT
cache-control: max-age=300
x-proxy-cache: HIT
access-control-allow-origin: *
accept-ranges: bytes
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 279 B IP 93.184.220.29:0
Hash fd5ce84e08b92a1707340d9633a3acb1
015ffb97e9f7a5fbd54430c9a8be91d1af7ea1bd
274e0988ecd4eb09bf30158aa2b3810e3793712f102480e8f76e50d97f9a7f24
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 1705
Cache-Control: max-age=91732
Content-Type: application/ocsp-response
Date: Tue, 31 Jan 2023 23:12:55 GMT
Etag: "63d85d22-117"
Expires: Thu, 02 Feb 2023 00:41:47 GMT
Last-Modified: Tue, 31 Jan 2023 00:13:22 GMT
Server: ECS (ska/F715)
X-Cache: HIT
Content-Length: 279
jp.co-vid.win/tags/nonvNO
148.72.246.38200 OK 18 kB URL HTTP/1.1 jp.co-vid.win/tags/nonvNO
IP 148.72.246.38:0
ASN #26496 AS-26496-GO-DADDY-COM-LLC
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (52792), with CRLF line terminators
Hash 77cbea75d229f503ed91e2f56d4ed24d
e049ae77019cd71b64636030fed8bb950d82cc39
7b1e3ec84248be1f95be777b45a4756f64c60cb4076fba2dbc613dde80bc5e4a
GET /tags/nonvNO HTTP/1.1
Host: jp.co-vid.win
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://1080p.hentaitube.win/
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Server: nginx/1.20.1
Date: Tue, 31 Jan 2023 23:12:54 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: close
Vary: Host,Accept-Encoding
pdo-line8: host-jp.co-vid.win127.0.0.1-myhost-jp.co-vid.win127.0.0.1/tags/nonvNO
phost: jp.co-vid.win
line1066: notjp-jp-myhost-jp.co-vid.win-filteron-
line2430: notjp-/tags/nonvNO-myhost-jp.co-vid.win-filteron-
line2438: tag--kw--filteron-
Cache-Control: max-age=1800, public
Content-Encoding: gzip
Access-Control-Allow-Origin: *
X-Proxy-Cache-5950: EXPIRED
Xkey-5950: jp./tags/nonvNO-A-jp.co-vid.win-jp.co-vid.win-cacpdo0---yes
X-Proxy-Cache-g-jp: HIT
Xkey-g-jp2: jp./tags/nonvNO-A-jp.co-vid.win--my_zone
cacrip.nakadashi.pw/AV4.us.jpg
172.64.128.21200 OK 8.7 kB URL HTTP/1.1 cacrip.nakadashi.pw/AV4.us.jpg
IP 172.64.128.21:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 307x82, components 3\012- data
Hash edfe007a6e5b3d268b2528f564b60b43
1644c8ef97c871079e07e5079d613af5cb94052f
bf5bb657f5e788af0c02b9b437d3f15bec91e27175e5a654e3d431fb6d063390
NIDS Severity Alert suricata low ET INFO HTTP Request to a *.pw domain
suricata low ET INFO HTTP Request to a *.pw domain
GET /AV4.us.jpg HTTP/1.1
Host: cacrip.nakadashi.pw
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://jp.co-vid.win/
HTTP/1.1 200 OK
Date: Tue, 31 Jan 2023 23:12:55 GMT
Content-Type: image/jpeg
Content-Length: 8741
Connection: keep-alive
ETag: "2225-5499bcea176c0"
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=360000
X-Proxy-Cache-5950: HIT
Xkey-5950: cacrip./AV4.us.jpg-A-cacrip.nakadashi.pw--cacpdo0---yes
CF-Cache-Status: HIT
Age: 308989
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=fh93aM2soQdnSC7FlvI9ymeLDUgE4PYRW3vO%2BZnOXnW6YJfeyiQYFH%2FI%2FVRQtV%2Bmab3h95GeoTD79KGWVgZpgUqQXCfex0hIXcxiuCUqRRHAD2D4Cb4CF6fCX5I20pcXgClsa3Ns"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 7926228c3b7a24d5-LHR
alt-svc: h2=":443"; ma=60
cdnjs.cloudflare.com/ajax/libs/nosleep/0.11.0/NoSleep.min.js
104.17.24.14200 OK 4.0 kB URL HTTP/2 cdnjs.cloudflare.com/ajax/libs/nosleep/0.11.0/NoSleep.min.js
IP 104.17.24.14:0
File type ASCII text, with very long lines (10613)
Hash 9653b380e66b38af571efdafa5763f0d
835aa2c117b6b3156a3b439ec302ffa268466c55
3181b9ecf39cca87ae50e71c715a2accc9787ac8655edf1d0fc5195bd688b38f
GET /ajax/libs/nosleep/0.11.0/NoSleep.min.js HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://jp.co-vid.win/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Tue, 31 Jan 2023 23:12:55 GMT
content-type: application/javascript; charset=utf-8
content-length: 3953
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "5ed16b69-29bf"
last-modified: Fri, 29 May 2020 20:07:05 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 1663783
expires: Sun, 21 Jan 2024 23:12:55 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=QXrLaayDZS7wkg54vHqyktyqm1pBHbNUpd6lf5hsoxrl0Xqb%2Fj7dW5FKgt66C2tSPkNUeqz66SZfqbmFi8IZEP%2BuRmIZ6BnIfivqDH2mnoQ%2B16fZFD%2BYWzNIYCLPRCHQ2uJfgeXz"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 7926228c5cf7b51e-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash 0dea93a9adb1e26a6ebfaf2e12c22cd5
e286810b718e374858f11adf0aae18dc65f27d66
73dafa5cd629cdf850ca05894932507c209713024ef27ce7597cb25365f2150e
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 31 Jan 2023 23:12:55 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 84a619e9e5fe473391cba1166025d292
f91ce28271b76787d9fb3dae7a6aa0e5ae92f7bc
83280d0d6e15e7784bb091374dca46094441d678fe5afc386bcae98c0a463cac
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "83280D0D6E15E7784BB091374DCA46094441D678FE5AFC386BCAE98C0A463CAC"
Last-Modified: Tue, 31 Jan 2023 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3543
Expires: Wed, 01 Feb 2023 00:11:58 GMT
Date: Tue, 31 Jan 2023 23:12:55 GMT
Connection: keep-alive
jsjs.gazo.space/index.php?js=very
104.21.235.170200 OK 1.4 kB URL HTTP/2 jsjs.gazo.space/index.php?js=very
IP 104.21.235.170:0
File type ASCII text, with no line terminators
Hash 56fe06a4bde03e13f34e722552e195d0
ac9abbc2ad3c589d1109e4ab51c4315c953a7fad
8abd99845de96c2ad2aec88d18cc3f49234b663e8c97a96da42829a0006abec9
Analyzer Verdict Alert fortinet Phishing
GET /index.php?js=very HTTP/1.1
Host: jsjs.gazo.space
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://jp.co-vid.win/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Tue, 31 Jan 2023 23:12:55 GMT
content-type: text/html; charset=UTF-8
access-control-allow-origin: *
access-control-allow-headers: Cake
imghost: 240026512804c008ad763d1c3-h-jsjsgazospacmh--NO-rm2400cb003761024ac465508/index.php?js=very
55nloadrate: 0.4559375
cache-control: max-age=360000, private
vary: Accept-Encoding
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=8D%2F9MtbprRORNmGNV9TsgrIF9RJgb1wzf9kD23DSryI65cIpoKcXBId80p%2BY0sVV8zC5G6kjRRuwUfa%2B6rDErz0gW%2Fm4SYCKYxKCUD7pel2sos9L1yleQf4a%2FevdQkG1q2w%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 792622890dff88b9-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
comments.gazo.space/comments/embed.js?37
104.21.235.169200 OK 6.7 kB URL HTTP/1.1 comments.gazo.space/comments/embed.js?37
IP 104.21.235.169:0
File type ASCII text, with very long lines (14022)
Hash 352c889af2cf2163a866e7e381ae9252
dba161ee742e83c96891e1c3fa8e9a6ecd88ab55
aca3691a6709b371e3dedde66943ed3a1b9a8d2b67734123916d74c1a82e510c
Analyzer Verdict Alert fortinet Phishing
GET /comments/embed.js?37 HTTP/1.1
Host: comments.gazo.space
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://jp.co-vid.win/
HTTP/1.1 200 OK
Date: Tue, 31 Jan 2023 23:12:55 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=360000
Cf-Bgj: minify
Cf-Polished: origSize=20813
ETag: W/"514d-5e998fd344edc"
X-Proxy-Cache-Rip: HIT
XkeyRip: jcomments./comments/embed.js?37-A-comments.gazo.space--my_zone-yes
CF-Cache-Status: HIT
Age: 129842
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ImAs74sM%2FvFiBZM6ejxTsNmyYdPKNCwrYIzNOHClSWpIb5ZdqpI%2FA0jy7newjoih5CAiHpVP6UHMQB1F5e4Q3fEys7NM%2F2lvallgXmG66YVuUNr7NS%2F82LeQrxvUzohU8pIGMiap"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 7926228c8f6adc8b-LHR
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 43bc5afe1d7330aa521e0efc78185a92
f53e9daa0a32e0acf7a10d9494fb383c1d039305
429d5a3a918137cae61e9dee0f05b0d5b4c799517aa6ae30e041a2a3e7f05cac
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "429D5A3A918137CAE61E9DEE0F05B0D5B4C799517AA6AE30E041A2A3E7F05CAC"
Last-Modified: Mon, 30 Jan 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3796
Expires: Wed, 01 Feb 2023 00:16:11 GMT
Date: Tue, 31 Jan 2023 23:12:55 GMT
Connection: keep-alive
ajax.googleapis.com/ajax/libs/jquery/3.3.1/jquery.min.js
142.250.74.74200 OK 30 kB URL HTTP/2 ajax.googleapis.com/ajax/libs/jquery/3.3.1/jquery.min.js
IP 142.250.74.74:0
File type ASCII text, with very long lines (65451)
Hash 0f83cadc148d2ad7e53c91f6c4ee05bb
90035c5fffedf4b0f099465f6b929a030b46c92b
3f59aa77bbbed7760a9968af27d3c19ffddda021c948edf0bf0c0f828dd308ae
GET /ajax/libs/jquery/3.3.1/jquery.min.js HTTP/1.1
Host: ajax.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://jp.co-vid.win/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="hosted-libraries-pushers"
report-to: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
timing-allow-origin: *
content-length: 30399
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 31 Jan 2023 09:05:01 GMT
expires: Wed, 31 Jan 2024 09:05:01 GMT
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
age: 50874
last-modified: Tue, 03 Mar 2020 19:15:00 GMT
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash c004ef398fc2138876eac9e202e6e7c9
9b695108fe043113ee8dc3369be58234f1a73323
ab71d4c6d64f3c7a0114070414615b26843c22de34b0f04c9ad932ca112031c7
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 31 Jan 2023 23:12:55 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 43bc5afe1d7330aa521e0efc78185a92
f53e9daa0a32e0acf7a10d9494fb383c1d039305
429d5a3a918137cae61e9dee0f05b0d5b4c799517aa6ae30e041a2a3e7f05cac
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "429D5A3A918137CAE61E9DEE0F05B0D5B4C799517AA6AE30E041A2A3E7F05CAC"
Last-Modified: Mon, 30 Jan 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3796
Expires: Wed, 01 Feb 2023 00:16:11 GMT
Date: Tue, 31 Jan 2023 23:12:55 GMT
Connection: keep-alive
cdn.jsdelivr.net/npm/yandex-metrica-watch/watch.js
151.101.193.229200 OK 67 kB URL HTTP/2 cdn.jsdelivr.net/npm/yandex-metrica-watch/watch.js
IP 151.101.193.229:0
File type Unicode text, UTF-8 (with BOM) text, with very long lines (554)
Hash ef43d3ffb8aef2b411a0b682c4b1ad69
4eda3ff7d52a8f45881d9856c425d92a0ae037ef
62813252c14a793232d7c1bd6cff9d05ea450c30b9e1b4a0a6dd115ebfac4b56
GET /npm/yandex-metrica-watch/watch.js HTTP/1.1
Host: cdn.jsdelivr.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://jp.co-vid.win/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: *
timing-allow-origin: *
cache-control: public, max-age=604800, s-maxage=43200
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/javascript; charset=utf-8
x-jsd-version: 1.257.0
x-jsd-version-type: version
etag: W/"28b9e-k7VMbzLlxta0PUMGv7+1skJZRMc"
content-encoding: gzip
accept-ranges: bytes
date: Tue, 31 Jan 2023 23:12:55 GMT
age: 7833
x-served-by: cache-fra-eddf8230043-FRA, cache-bma1646-BMA
x-cache: HIT, HIT
vary: Accept-Encoding
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 67152
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb0378a78-c173-4036-ab09-812b1651c606.jpeg
34.120.237.76200 OK 8.5 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb0378a78-c173-4036-ab09-812b1651c606.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 85cde231b700eec450e0611b97742a43
c2c6279d74efdcceb319d6943cbcb9d1d1b686ca
d52297e17f93932aa7c99ae734d4b68f3b9b09b9938db95ecc96bac9f3bb588c
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb0378a78-c173-4036-ab09-812b1651c606.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8542
x-amzn-requestid: ad485963-7e2e-410d-ad1c-6386fb738f18
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: foJaVHXcoAMFuhw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d9890e-12d7e4502d1fc1511b6f2260;Sampled=0
x-amzn-remapped-date: Tue, 31 Jan 2023 21:33:02 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: rC264m8TiZxhRlRlGWDTLZY35P1iIQMwBsfaz6gBVgQEZapoCU2PBg==
via: 1.1 4dde8ec6d6c12741888c2d3a059d4a2e.cloudfront.net (CloudFront), 1.1 5565a51537c689d1d16f6b4d41f40082.cloudfront.net (CloudFront), 1.1 google
date: Tue, 31 Jan 2023 21:42:20 GMT
age: 5435
etag: "c2c6279d74efdcceb319d6943cbcb9d1d1b686ca"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc6718344-fcb4-4366-9239-8921034a7114.jpeg
34.120.237.76200 OK 13 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc6718344-fcb4-4366-9239-8921034a7114.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 8e0be7db14d930d6227443314bcd1747
4e42e2ad289dfe5bd9a55d34fd768f7532bdf71d
baedfbdb08a67f9ff4c698f7e65b08d7e4c5078d0a4233e6bff529b44812735a
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc6718344-fcb4-4366-9239-8921034a7114.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 12967
x-amzn-requestid: 38c58626-f4ad-4e2b-ad71-a628519d2ea2
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fmEdHFwCoAMFhxQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d8b453-7da6d0c1093468d320caaa1e;Sampled=0
x-amzn-remapped-date: Tue, 31 Jan 2023 06:25:23 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: SrnNcGgKQY9Qj1eCwgU0YOwb-PwJDZGhvObZxFAfPHiGhdmfrjHitw==
via: 1.1 41e349e25dc4bc856d0e5d2c162428a0.cloudfront.net (CloudFront), 1.1 a847181d425b7fc57e81eb3c800bfdf2.cloudfront.net (CloudFront), 1.1 google
date: Tue, 31 Jan 2023 13:15:35 GMT
age: 35840
etag: "4e42e2ad289dfe5bd9a55d34fd768f7532bdf71d"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe2d02739-590e-4a37-9ca5-c27003f9e416.jpeg
34.120.237.76200 OK 16 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe2d02739-590e-4a37-9ca5-c27003f9e416.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 4bb3a6fba496d54cdbbccaf2b9600386
8e30002699e9fbf2047f9ac11a36d2175fc9c591
927bf3a04b011b4e3bc8d8772a3d5813507f7f523312d43627767b64615562f3
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe2d02739-590e-4a37-9ca5-c27003f9e416.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 15857
x-amzn-requestid: cfe36b9d-34f6-4f3f-896e-e70ec45c4a04
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fmJ2JGGWoAMFSLA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d8bcf3-0dd68dd778b9aba268a129b0;Sampled=0
x-amzn-remapped-date: Tue, 31 Jan 2023 07:02:11 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: pU_436f27nMZKPxZZWqZekERHFTvcG5NT5p_CYEXHRPtIWjDtSA-uA==
via: 1.1 98e601970ea59f4d5f56a752787ff9fc.cloudfront.net (CloudFront), 1.1 fda3b2797d2719576f6b916583a28e52.cloudfront.net (CloudFront), 1.1 google
date: Tue, 31 Jan 2023 07:27:38 GMT
etag: "8e30002699e9fbf2047f9ac11a36d2175fc9c591"
content-type: image/jpeg
age: 56717
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6a7557cc-bf07-438f-8710-ba1b44e30270.jpeg
34.120.237.76200 OK 5.6 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6a7557cc-bf07-438f-8710-ba1b44e30270.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash fec00239dceb510f051645ae93dac5f2
6524837e65b070341f9c8f4589492876ae293f17
d00272557742c57d084ab7e46b9b1722b28b869ae9c63e2169e7124e5107c009
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6a7557cc-bf07-438f-8710-ba1b44e30270.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 5583
x-amzn-requestid: f37b4455-c9fb-46e4-a287-f40c1138a77a
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fflQWGqCIAMFvjA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d61c02-01d34b0d3a9a0101555081f5;Sampled=0
x-amzn-remapped-date: Sun, 29 Jan 2023 07:10:58 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: B6h-UbN1ZGshwcCuhhT82vu8ApQHq2E-5IybV31s1Enq2jXM_dd42A==
via: 1.1 da5952aa802df39905ceb16592e9698a.cloudfront.net (CloudFront), 1.1 b2f9564ebf9c745cc2ceae96d434977e.cloudfront.net (CloudFront), 1.1 google
date: Tue, 31 Jan 2023 08:17:35 GMT
age: 53720
etag: "6524837e65b070341f9c8f4589492876ae293f17"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
ocsp.globalsign.com/ca/gsatlasr3dvtlsca2022q4
104.18.21.226200 OK 1.5 kB URL HTTP/1.1 ocsp.globalsign.com/ca/gsatlasr3dvtlsca2022q4
IP 104.18.21.226:0
Hash ddda1b75769190d92ec48528129fd10f
3c2deb540654929a14fd7576a7d761404045f46a
6e50617966592a352ea49a5f0b8084a94b39d36b4a8e11a865de28108f32da29
POST /ca/gsatlasr3dvtlsca2022q4 HTTP/1.1
Host: ocsp.globalsign.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Tue, 31 Jan 2023 23:12:55 GMT
Content-Type: application/ocsp-response
Transfer-Encoding: chunked
Connection: keep-alive
Etag: "3DDA217AA5B732C7A19F9795ACD3094D5F7DAFF5"
Expires: Wed, 01 Feb 2023 10:00:00 GMT
Last-Modified: Tue, 31 Jan 2023 22:00:00 UTC
Cache-Control: s-maxage=3600, public, no-transform, must-revalidate
CF-Cache-Status: HIT
Age: 1178
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 7926228d3ea60b61-OSL
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fbaa9536b-a4e6-42f5-99dd-75298eecbbb1.jpeg
34.120.237.76200 OK 16 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fbaa9536b-a4e6-42f5-99dd-75298eecbbb1.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash a4392f298c9e98515493f1235810838f
b89eebf2b8adac69487262100b07da8bc171ecf7
b368d87d3a0fe4e1a8ddc82bed704b3056ad2874b8d325111b399b18807c1e5e
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fbaa9536b-a4e6-42f5-99dd-75298eecbbb1.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 15656
x-amzn-requestid: 6723d22f-8b16-4fb2-af92-9b3257fc2a1d
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fi3bIHpRoAMFRYQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d76c47-03b1c6646f63ba716a6298e1;Sampled=0
x-amzn-remapped-date: Mon, 30 Jan 2023 07:05:43 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: hI_26DHcHAlPCmTjye1fME6LZ-P77thSz8OXLtyxZS2613uv0SAH7Q==
via: 1.1 c34da255183aa208dd1c722ff211f9b2.cloudfront.net (CloudFront), 1.1 57a21088b36c69a83578b5a5579df58e.cloudfront.net (CloudFront), 1.1 google
date: Tue, 31 Jan 2023 07:26:49 GMT
age: 56766
etag: "b89eebf2b8adac69487262100b07da8bc171ecf7"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd3e99cd9-0681-47a5-bd03-80ff73a169b8.jpeg
34.120.237.76200 OK 15 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd3e99cd9-0681-47a5-bd03-80ff73a169b8.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 1ad49e3ca0f9935c7ff8f922039e5864
6382ee41cb26e42293e1ba5d9f0d3af64ddb672c
7a838e4e1aff60581fbf939920955ea67dae8fb3fa4e31572787c773404d071e
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd3e99cd9-0681-47a5-bd03-80ff73a169b8.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 14809
x-amzn-requestid: fc920367-4bb1-40fd-9f1d-1d50b27cfc77
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: foJaXEQEoAMF3Zw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d9890e-0f70e0252fc3a3e5248bb372;Sampled=0
x-amzn-remapped-date: Tue, 31 Jan 2023 21:33:02 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: _DJyuRqSNr1URN__l7CCcUxBQIxKze2Uyo-BwQzSahrJCvFJcT8w1w==
via: 1.1 1cc6ed0d2d3dd9529ce544f9dfe61a52.cloudfront.net (CloudFront), 1.1 943c6a4d4ee43b18ee91634536f53eae.cloudfront.net (CloudFront), 1.1 google
date: Tue, 31 Jan 2023 21:42:21 GMT
age: 5434
etag: "6382ee41cb26e42293e1ba5d9f0d3af64ddb672c"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash 0dea93a9adb1e26a6ebfaf2e12c22cd5
e286810b718e374858f11adf0aae18dc65f27d66
73dafa5cd629cdf850ca05894932507c209713024ef27ce7597cb25365f2150e
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 31 Jan 2023 23:12:55 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.googletagmanager.com/gtag/js?id=UA-620120-3
142.250.74.168200 OK 44 kB URL HTTP/2 www.googletagmanager.com/gtag/js?id=UA-620120-3
IP 142.250.74.168:0
File type ASCII text, with very long lines (1759)
Hash 7e17d5e31e1a2d4eb028d3b85cff10ee
947302165d7c29127abb6d909aebe56732b87cd0
e0a128cfd5ac16d771f81bada33c8705f49c72e6279d446514f1355e15360281
GET /gtag/js?id=UA-620120-3 HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://jp.co-vid.win/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Tue, 31 Jan 2023 23:12:55 GMT
expires: Tue, 31 Jan 2023 23:12:55 GMT
cache-control: private, max-age=900
last-modified: Tue, 31 Jan 2023 22:25:37 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 43887
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash c004ef398fc2138876eac9e202e6e7c9
9b695108fe043113ee8dc3369be58234f1a73323
ab71d4c6d64f3c7a0114070414615b26843c22de34b0f04c9ad932ca112031c7
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 31 Jan 2023 23:12:55 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.globalsign.com/gseccovsslca2018
104.18.21.226200 OK 940 B URL HTTP/1.1 ocsp.globalsign.com/gseccovsslca2018
IP 104.18.21.226:0
Hash 874d780cda11e92f8b263afef4bdb3a4
f2109289c6ed491b2e7546549c55201e2dfc1fef
182662d2bdab403afdc3a0ec8282e1de265d370ebdabd7a8b5902787024dcf3e
POST /gseccovsslca2018 HTTP/1.1
Host: ocsp.globalsign.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 79
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Tue, 31 Jan 2023 23:12:56 GMT
Content-Type: application/ocsp-response
Content-Length: 940
Connection: keep-alive
Expires: Sat, 04 Feb 2023 21:09:45 GMT
ETag: "f2109289c6ed491b2e7546549c55201e2dfc1fef"
Last-Modified: Tue, 31 Jan 2023 21:09:46 GMT
Cache-Control: public, no-transform, must-revalidate, s-maxage=3600
CF-Cache-Status: HIT
Age: 441
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 7926228f3ff50b61-OSL
mc.yandex.ru/watch/48140495?wmode=7&page-url=http%3A%2F%2Fjp.co-vid.win%2Ftags%2FnonvNO&page-ref=http%3A%2F%2F1080p.hentaitube.win%2F&charset=utf-8&browser-info=pv%3A1%3Avf%3Afppw4pdxetycw4cz2ehur%3Afp%3A1457%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A960%3Acn%3A1%3Adp%3A0%3Als%3A1258344706269%3Ahid%3A863162743%3Az%3A0%3Ai%3A20230131231314%3Aet%3A1675206795%3Ac%3A1%3Arn%3A980230823%3Arqn%3A1%3Au%3A16752067951011623717%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Ads%3A96%2C238%2C310%2C0%2C%2C0%2C%2C%2C%2C%2C%2C%2C%3Aco%3A0%3Ans%3A1675206793243%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1675206795%3At%3A%E5%8B%95%E7%94%BB%40AV4.us&t=gdpr(14)clc(0-0-0)rqnt(1)aw(1)fip(1)ti(2)
77.88.21.119302 Found 400 B URL HTTP/2 mc.yandex.ru/watch/48140495?wmode=7&page-url=http%3A%2F%2Fjp.co-vid.win%2Ftags%2FnonvNO&page-ref=http%3A%2F%2F1080p.hentaitube.win%2F&charset=utf-8&browser-info=pv%3A1%3Avf%3Afppw4pdxetycw4cz2ehur%3Afp%3A1457%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A960%3Acn%3A1%3Adp%3A0%3Als%3A1258344706269%3Ahid%3A863162743%3Az%3A0%3Ai%3A20230131231314%3Aet%3A1675206795%3Ac%3A1%3Arn%3A980230823%3Arqn%3A1%3Au%3A16752067951011623717%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Ads%3A96%2C238%2C310%2C0%2C%2C0%2C%2C%2C%2C%2C%2C%2C%3Aco%3A0%3Ans%3A1675206793243%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1675206795%3At%3A%E5%8B%95%E7%94%BB%40AV4.us&t=gdpr(14)clc(0-0-0)rqnt(1)aw(1)fip(1)ti(2)
IP 77.88.21.119:0
File type JSON data\012- , ASCII text, with very long lines (400), with no line terminators
Hash cdc87f0a69daad19680d5313b09d2b8f
bc5610451edcb70abc1cafe62efc73a8a1d88f7e
cab4151f6620c6eebbb9994995eb7016c954655ecaf0c4e719994354ce459da4
GET /watch/48140495?wmode=7&page-url=http%3A%2F%2Fjp.co-vid.win%2Ftags%2FnonvNO&page-ref=http%3A%2F%2F1080p.hentaitube.win%2F&charset=utf-8&browser-info=pv%3A1%3Avf%3Afppw4pdxetycw4cz2ehur%3Afp%3A1457%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A960%3Acn%3A1%3Adp%3A0%3Als%3A1258344706269%3Ahid%3A863162743%3Az%3A0%3Ai%3A20230131231314%3Aet%3A1675206795%3Ac%3A1%3Arn%3A980230823%3Arqn%3A1%3Au%3A16752067951011623717%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Ads%3A96%2C238%2C310%2C0%2C%2C0%2C%2C%2C%2C%2C%2C%2C%3Aco%3A0%3Ans%3A1675206793243%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1675206795%3At%3A%E5%8B%95%E7%94%BB%40AV4.us&t=gdpr(14)clc(0-0-0)rqnt(1)aw(1)fip(1)ti(2) HTTP/1.1
Host: mc.yandex.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://jp.co-vid.win
Connection: keep-alive
Referer: http://jp.co-vid.win/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
location: /watch/48140495/1?wmode=7&page-url=http%3A%2F%2Fjp.co-vid.win%2Ftags%2FnonvNO&page-ref=http%3A%2F%2F1080p.hentaitube.win%2F&charset=utf-8&browser-info=pv%3A1%3Avf%3Afppw4pdxetycw4cz2ehur%3Afp%3A1457%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A960%3Acn%3A1%3Adp%3A0%3Als%3A1258344706269%3Ahid%3A863162743%3Az%3A0%3Ai%3A20230131231314%3Aet%3A1675206795%3Ac%3A1%3Arn%3A980230823%3Arqn%3A1%3Au%3A16752067951011623717%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Ads%3A96%2C238%2C310%2C0%2C%2C0%2C%2C%2C%2C%2C%2C%2C%3Aco%3A0%3Ans%3A1675206793243%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1675206795%3At%3A%E5%8B%95%E7%94%BB%40AV4.us&t=gdpr%2814%29clc%280-0-0%29rqnt%281%29aw%281%29fip%281%29ti%282%29
date: Tue, 31 Jan 2023 23:12:56 GMT
access-control-allow-origin: http://jp.co-vid.win
set-cookie: yabs-sid=2295430411675206776; Path=/; SameSite=None; Secure
i=VE6EVu6/k5Q1EU8gk5AH3Aq8Gju/fIuebpOIW1GMUFxgIEIFLjPMSEEl4R/2q7RqIT8ZngteZBz0l0VI7G9/2Hz/ytU=; Expires=Fri, 28-Jan-2033 23:12:50 GMT; Domain=.yandex.ru; Path=/; Secure; HttpOnly; SameSite=None
yandexuid=1328951221675206776; Expires=Wed, 31-Jan-2024 23:12:56 GMT; Domain=.yandex.ru; Path=/; SameSite=None; Secure
yuidss=1328951221675206776; Expires=Wed, 31-Jan-2024 23:12:56 GMT; Domain=.yandex.ru; Path=/; SameSite=None; Secure
ymex=1706742776.yc.1675206776#1706742776.yrts.1675206776#1706742776.yrtsi.1675206776; Expires=Wed, 31-Jan-2024 23:12:56 GMT; Domain=.yandex.ru; Path=/; SameSite=None; Secure
access-control-allow-credentials: true
pragma: no-cache
x-xss-protection: 1; mode=block
expires: Tue, 31-Jan-2023 23:12:56 GMT
last-modified: Tue, 31-Jan-2023 23:12:56 GMT
accept-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
page.myfile-host.info/myda.php
150.95.129.59200 OK 0 B URL HTTP/1.1 page.myfile-host.info/myda.php
IP 150.95.129.59:0
ASN #7506 GMO Internet,Inc
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /myda.php HTTP/1.1
Host: page.myfile-host.info
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://jp.co-vid.win/
HTTP/1.1 200 OK
Date: Tue, 31 Jan 2023 23:12:56 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.1e-fips mod_fcgid/2.3.9 PHP/7.4.20
X-Powered-By: PHP/7.4.20
Access-Control-Allow-Origin: *
Content-Length: 0
Connection: close
Content-Type: text/html; charset=utf-8
www.w3schools.com/w3css/4/w3.css
192.229.133.221200 OK 5.3 kB URL HTTP/2 www.w3schools.com/w3css/4/w3.css
IP 192.229.133.221:0
File type Unicode text, UTF-8 (with BOM) text
Hash bd0134a8010d900a12467e64fa200c2c
766215eb731902d1baaa66a86971fdf9de5899ff
dacb3ed1677e9400c9eec217f67c1e4678ee25fe804771fd1c8f7d8b2b0d556f
GET /w3css/4/w3.css HTTP/1.1
Host: www.w3schools.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://jp.co-vid.win/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-encoding: gzip
accept-ranges: bytes
age: 9621
cache-control: public,max-age=14400,public
content-security-policy: frame-ancestors 'self' https://mycourses.w3schools.com;
content-type: text/css
date: Tue, 31 Jan 2023 23:12:58 GMT
etag: "0d39b39a234d91:0+gzip"
last-modified: Mon, 30 Jan 2023 11:58:54 GMT
server: ECS (ska/F716)
vary: Accept-Encoding
x-cache: HIT
x-content-security-policy: frame-ancestors 'self' https://mycourses.w3schools.com;
x-powered-by: ASP.NET
content-length: 5256
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 314 B IP 93.184.220.29:0
Hash ec5921cfb4d12bbd5bd0ea5feb80ee6c
28f0468ac65ed13cf56945a6674c786833384d90
11418d0ec446bf3f5965de9612e03936517010b83764731b91cf4ab7259ef047
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5659
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Tue, 31 Jan 2023 23:12:59 GMT
Last-Modified: Tue, 31 Jan 2023 21:38:40 GMT
Server: ECS (ska/F715)
X-Cache: HIT
Content-Length: 314
twitter.com/favicon.ico
104.244.42.129200 OK 1.2 kB IP 104.244.42.129:0
File type MS Windows icon resource - 1 icon, 16x16, 32 bits/pixel\012- data
Hash 630d203cdeba06df4c0e289c8c8094f6
eee14e8a36b0512c12ba26c0516b4553618dea36
bbce71345828a27c5572637dbe88a3dd1e065266066600c8a841985588bf2902
GET /favicon.ico HTTP/1.1
Host: twitter.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://jp.co-vid.win/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Tue, 31 Jan 2023 23:12:59 UTC
perf: 7626143928
server: tsa_o
set-cookie: guest_id=v1%3A167520677939331437; Max-Age=34214400; Expires=Sat, 02 Mar 2024 23:12:59 GMT; Path=/; Domain=.twitter.com; Secure; SameSite=None
content-type: image/x-icon
cache-control: no-cache, no-store, max-age=0
content-length: 1150
x-transaction-id: 9ccf110bbaaefade
strict-transport-security: max-age=631138519
x-response-time: 109
x-connection-hash: ff7657afad7ca588adb3608e45bb7e6ef0dd1b73ddedb3290423508a0866db51
X-Firefox-Spdy: h2
page.myfile-host.info/myda.php
150.95.129.59200 OK 0 B URL HTTP/1.1 page.myfile-host.info/myda.php
IP 150.95.129.59:0
ASN #7506 GMO Internet,Inc
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /myda.php HTTP/1.1
Host: page.myfile-host.info
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://jp.co-vid.win/
HTTP/1.1 200 OK
Date: Tue, 31 Jan 2023 23:12:58 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.1e-fips mod_fcgid/2.3.9 PHP/7.4.20
X-Powered-By: PHP/7.4.20
Access-Control-Allow-Origin: *
Content-Length: 0
Connection: close
Content-Type: text/html; charset=utf-8
mc.yandex.ru/metrika/advert.gif
77.88.21.119200 OK 43 B URL HTTP/2 mc.yandex.ru/metrika/advert.gif
IP 77.88.21.119:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash df3e567d6f16d040326c7a0ea29a4f41
ea7df583983133b62712b5e73bffbcd45cc53736
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
GET /metrika/advert.gif HTTP/1.1
Host: mc.yandex.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://jp.co-vid.win/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-length: 43
date: Tue, 31 Jan 2023 23:12:59 GMT
access-control-allow-origin: *
etag: "63c93a4b-2b"
expires: Wed, 01 Feb 2023 00:12:59 GMT
accept-ranges: bytes
last-modified: Thu, 19 Jan 2023 15:40:43 GMT
accept-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
cache-control: max-age=3600
content-type: image/gif
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash a778fb1083a04f6306a460effc25dfab
e43c582276f458b86fa2a0b295e2cb69766d2059
9c9bd3e460a79cf158f00d6b5b06cb9af175bd2aa8f814839fb1ed0e0157d4d0
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "9C9BD3E460A79CF158F00D6B5B06CB9AF175BD2AA8F814839FB1ED0E0157D4D0"
Last-Modified: Mon, 30 Jan 2023 15:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3137
Expires: Wed, 01 Feb 2023 00:05:17 GMT
Date: Tue, 31 Jan 2023 23:13:00 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 9004ba4b34f1ae3498b3afeccc240e8c
ee465f20e9365246ef0e90b5349df5d0ec7afc31
e75b585711a65a09bb8188ef1a592d6c8708bfb3f1fa395befa9643974b0a680
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "E75B585711A65A09BB8188EF1A592D6C8708BFB3F1FA395BEFA9643974B0A680"
Last-Modified: Mon, 30 Jan 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2155
Expires: Tue, 31 Jan 2023 23:48:55 GMT
Date: Tue, 31 Jan 2023 23:13:00 GMT
Connection: keep-alive
js.wpadmngr.com/npc/sdk/wp-banners.js
45.133.44.25200 OK 0 B URL HTTP/2 js.wpadmngr.com/npc/sdk/wp-banners.js
IP 45.133.44.25:0
ASN #39572 DataWeb Global Group B.V.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /npc/sdk/wp-banners.js HTTP/1.1
Host: js.wpadmngr.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://jp.co-vid.win/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Tue, 31 Jan 2023 23:13:00 GMT
content-type: application/javascript; charset=utf-8
content-length: 0
server: nginx/1.18.0
last-modified: Fri, 20 Aug 2021 15:14:31 GMT
etag: "611fc6d7-0"
expires: Tue, 31 Jan 2023 23:18:00 GMT
cache-control: max-age=300
x-proxy-cache: HIT
access-control-allow-origin: *
accept-ranges: bytes
X-Firefox-Spdy: h2
fp.metricswpsh.com/fp?tag_id=23782
157.90.84.242204 No Content 0 B URL HTTP/1.1 fp.metricswpsh.com/fp?tag_id=23782
IP 157.90.84.242:0
ASN #24940 Hetzner Online GmbH
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
OPTIONS /fp?tag_id=23782 HTTP/1.1
Host: fp.metricswpsh.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: http://jp.co-vid.win/
Origin: http://jp.co-vid.win
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 204 No Content
Server: nginx/1.20.1
Date: Tue, 31 Jan 2023 23:13:00 GMT
Connection: keep-alive
Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: content-type
Access-Control-Allow-Methods: GET,HEAD,PUT,PATCH,POST,DELETE
Access-Control-Allow-Origin: http://jp.co-vid.win
Vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
notification.tubecup.net/tags?tag_id=23782&timezone_olson=UTC&version_name=c
88.198.204.166200 OK 2.6 kB URL HTTP/2 notification.tubecup.net/tags?tag_id=23782&timezone_olson=UTC&version_name=c
IP 88.198.204.166:0
ASN #24940 Hetzner Online GmbH
File type JSON data\012- , ASCII text, with very long lines (2643), with no line terminators
Hash bf302c542f31517e319468f0f84a52a0
54760c86f7dfa7fc8154d6f7ce13b950987d75f8
d24b104435ad454083443653e91cfc67a5b5730c236395c4cad72e3cf9814702
GET /tags?tag_id=23782&timezone_olson=UTC&version_name=c HTTP/1.1
Host: notification.tubecup.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://jp.co-vid.win
Connection: keep-alive
Referer: http://jp.co-vid.win/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx/1.18.0
date: Tue, 31 Jan 2023 23:13:00 GMT
content-type: application/json
content-length: 2643
vary: Origin
cache-control: no-transform, no-cache, no-store, must-revalidate
pragma: no-cache
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: *
X-Firefox-Spdy: h2
fp.metricswpsh.com/fp?tag_id=23782
157.90.84.242200 OK 28 B URL HTTP/1.1 fp.metricswpsh.com/fp?tag_id=23782
IP 157.90.84.242:0
ASN #24940 Hetzner Online GmbH
File type JSON data\012- , ASCII text
Hash e3af49472d683a217237a6ebaf79bcb7
378db4d7e6171a2676ee15c80b4475d7f5ec9742
7714898d715fb8b1ce7a1de73e0e7c9f6394acc8a08cf1a3b342a7829d4de84a
POST /fp?tag_id=23782 HTTP/1.1
Host: fp.metricswpsh.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json;charset=utf-8
Content-Length: 22284
Origin: http://jp.co-vid.win
Connection: keep-alive
Referer: http://jp.co-vid.win/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.20.1
Date: Tue, 31 Jan 2023 23:13:00 GMT
Content-Type: application/json; charset=UTF-8
Content-Length: 28
Connection: keep-alive
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: http://jp.co-vid.win
Set-Cookie: id=1811744577852431156; Expires=Wed, 31 Jan 2024 23:13:00 GMT; Secure; SameSite=None
Vary: Origin
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 48237dc866d6f2387b67ad0ba335689d
766b9034cf7cb4d04ce8cb76107834772611cdfa
f7e4b65ebd6a99bcd51f95bd777025d00fe3947654a3c58ac06708ecf9f53f03
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "F7E4B65EBD6A99BCD51F95BD777025D00FE3947654A3C58AC06708ECF9F53F03"
Last-Modified: Mon, 30 Jan 2023 18:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4067
Expires: Wed, 01 Feb 2023 00:20:47 GMT
Date: Tue, 31 Jan 2023 23:13:00 GMT
Connection: keep-alive
97ad8a430e.3841f4b0c4.com/34d738b0d653c5789650d520a85fe19c.js
45.133.44.24200 OK 17 kB URL HTTP/2 97ad8a430e.3841f4b0c4.com/34d738b0d653c5789650d520a85fe19c.js
IP 45.133.44.24:0
ASN #39572 DataWeb Global Group B.V.
File type ASCII text, with very long lines (46390)
Hash 591191f6782fb22d38343bf51ea2c917
595e04190119eadffad7fb3632519375d8043004
31dab054dec9b237f38d4588f0c16102e60d0af0cefb3bba519a5a049aa8b5c0
GET /34d738b0d653c5789650d520a85fe19c.js HTTP/1.1
Host: 97ad8a430e.3841f4b0c4.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://jp.co-vid.win/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Tue, 31 Jan 2023 23:13:00 GMT
content-type: application/javascript; charset=utf-8
server: nginx/1.18.0
last-modified: Wed, 25 Jan 2023 09:48:07 GMT
etag: W/"63d0fad7-b577"
content-encoding: gzip
expires: Tue, 31 Jan 2023 23:18:00 GMT
cache-control: max-age=300
x-proxy-cache: HIT
access-control-allow-origin: *
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 09279cffb185fb304b4b680466f8131a
4e75472feef2de3ad786ac83bc01ec95d3492b6b
463e235a9afbda0ea9b51157165164f5e5efd857e9b2129bf90d6a8f2bb7d537
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "463E235A9AFBDA0EA9B51157165164F5E5EFD857E9B2129BF90D6A8F2BB7D537"
Last-Modified: Mon, 30 Jan 2023 15:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3729
Expires: Wed, 01 Feb 2023 00:15:09 GMT
Date: Tue, 31 Jan 2023 23:13:00 GMT
Connection: keep-alive
1842fc94dc.109c957fb6.com/in/track?data=eyJ3bCI6MSwic3ViaWQiOjAsInVzZXJfaWQiOiI3Mjk1NjE2Mjk5ODI4OTU1MDAwIiwidGltZXpvbmUiOjAsInZlciI6IjMuMjEuMSIsInRhZ19pZCI6MjM3ODIsInNjcmVlbl9yZXNvbHV0aW9uIjoiMTI4MHgxMDI0IiwiYWRibG9jayI6MCwidGltZXpvbmVfb2xzb24iOiJVVEMiLCJ1dG1fc291cmNlIjoiIiwidXRtX21lZGl1bSI6IiIsInV0bV9jYW1wYWlnbiI6IiIsInV0bV9jb250ZW50IjoiIiwibW0iOjAsImluaXRfc3RhcnRfbGF0ZW5jeSI6MC40MywiaXNfdjIiOjEsImlzX3YyX2VtcHR5IjpudWxsLCJ1c2VyX2tleXdvcmRzIjoiJUU1JThCJTk1JUU3JTk0JUJCJTQwQVY0LnVzIn0=
45.133.44.24200 OK 0 B URL HTTP/2 1842fc94dc.109c957fb6.com/in/track?data=eyJ3bCI6MSwic3ViaWQiOjAsInVzZXJfaWQiOiI3Mjk1NjE2Mjk5ODI4OTU1MDAwIiwidGltZXpvbmUiOjAsInZlciI6IjMuMjEuMSIsInRhZ19pZCI6MjM3ODIsInNjcmVlbl9yZXNvbHV0aW9uIjoiMTI4MHgxMDI0IiwiYWRibG9jayI6MCwidGltZXpvbmVfb2xzb24iOiJVVEMiLCJ1dG1fc291cmNlIjoiIiwidXRtX21lZGl1bSI6IiIsInV0bV9jYW1wYWlnbiI6IiIsInV0bV9jb250ZW50IjoiIiwibW0iOjAsImluaXRfc3RhcnRfbGF0ZW5jeSI6MC40MywiaXNfdjIiOjEsImlzX3YyX2VtcHR5IjpudWxsLCJ1c2VyX2tleXdvcmRzIjoiJUU1JThCJTk1JUU3JTk0JUJCJTQwQVY0LnVzIn0=
IP 45.133.44.24:0
ASN #39572 DataWeb Global Group B.V.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /in/track?data=eyJ3bCI6MSwic3ViaWQiOjAsInVzZXJfaWQiOiI3Mjk1NjE2Mjk5ODI4OTU1MDAwIiwidGltZXpvbmUiOjAsInZlciI6IjMuMjEuMSIsInRhZ19pZCI6MjM3ODIsInNjcmVlbl9yZXNvbHV0aW9uIjoiMTI4MHgxMDI0IiwiYWRibG9jayI6MCwidGltZXpvbmVfb2xzb24iOiJVVEMiLCJ1dG1fc291cmNlIjoiIiwidXRtX21lZGl1bSI6IiIsInV0bV9jYW1wYWlnbiI6IiIsInV0bV9jb250ZW50IjoiIiwibW0iOjAsImluaXRfc3RhcnRfbGF0ZW5jeSI6MC40MywiaXNfdjIiOjEsImlzX3YyX2VtcHR5IjpudWxsLCJ1c2VyX2tleXdvcmRzIjoiJUU1JThCJTk1JUU3JTk0JUJCJTQwQVY0LnVzIn0= HTTP/1.1
Host: 1842fc94dc.109c957fb6.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://jp.co-vid.win
Connection: keep-alive
Referer: http://jp.co-vid.win/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Tue, 31 Jan 2023 23:13:00 GMT
content-length: 0
server: nginx/1.18.0
vary: Origin
cache-control: no-transform, no-cache, no-store, must-revalidate
pragma: no-cache
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: *
X-Firefox-Spdy: h2
nereserv.com/in/dip?site=native-push&wl=1&event_id=591d06a0-2f59-47ab-8a3a-16a113f9e0fb&subid=809032184&sid=1763883698&spot_id=17050&created_at=2023-01-31&timezone=0&ver=8.23.0&is_native=1
157.90.84.246200 OK 0 B URL HTTP/2 nereserv.com/in/dip?site=native-push&wl=1&event_id=591d06a0-2f59-47ab-8a3a-16a113f9e0fb&subid=809032184&sid=1763883698&spot_id=17050&created_at=2023-01-31&timezone=0&ver=8.23.0&is_native=1
IP 157.90.84.246:0
ASN #24940 Hetzner Online GmbH
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /in/dip?site=native-push&wl=1&event_id=591d06a0-2f59-47ab-8a3a-16a113f9e0fb&subid=809032184&sid=1763883698&spot_id=17050&created_at=2023-01-31&timezone=0&ver=8.23.0&is_native=1 HTTP/1.1
Host: nereserv.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://jp.co-vid.win
Connection: keep-alive
Referer: http://jp.co-vid.win/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx/1.20.1
date: Tue, 31 Jan 2023 23:13:00 GMT
content-length: 0
vary: Origin
cache-control: no-transform, no-cache, no-store, must-revalidate
pragma: no-cache
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: *
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 84977c8cbaf6eb041e9db5df1103da18
766fc07cf5017292125d35fbfa034d5e29eb66ea
757fcef91d12f97e53a7a80e08ccdca2efabd7272efa60c88a078260dc081665
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "757FCEF91D12F97E53A7A80E08CCDCA2EFABD7272EFA60C88A078260DC081665"
Last-Modified: Mon, 30 Jan 2023 16:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7682
Expires: Wed, 01 Feb 2023 01:21:02 GMT
Date: Tue, 31 Jan 2023 23:13:00 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 84977c8cbaf6eb041e9db5df1103da18
766fc07cf5017292125d35fbfa034d5e29eb66ea
757fcef91d12f97e53a7a80e08ccdca2efabd7272efa60c88a078260dc081665
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "757FCEF91D12F97E53A7A80E08CCDCA2EFABD7272EFA60C88A078260DC081665"
Last-Modified: Mon, 30 Jan 2023 16:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7682
Expires: Wed, 01 Feb 2023 01:21:02 GMT
Date: Tue, 31 Jan 2023 23:13:00 GMT
Connection: keep-alive
084cc7e11c.abc35a1d01.com/in/multy
94.130.198.6204 No Content 0 B URL HTTP/2 084cc7e11c.abc35a1d01.com/in/multy
IP 94.130.198.6:0
ASN #24940 Hetzner Online GmbH
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
OPTIONS /in/multy HTTP/1.1
Host: 084cc7e11c.abc35a1d01.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: http://jp.co-vid.win/
Origin: http://jp.co-vid.win
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 204 No Content
server: nginx/1.20.1
date: Tue, 31 Jan 2023 23:13:00 GMT
vary: Origin
cache-control: no-transform, no-cache, no-store, must-revalidate
pragma: no-cache
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: *
X-Firefox-Spdy: h2
js.wpshsdk.com/npc/sdk/push.m.js?v=1
45.133.44.24200 OK 29 kB URL HTTP/2 js.wpshsdk.com/npc/sdk/push.m.js?v=1
IP 45.133.44.24:0
ASN #39572 DataWeb Global Group B.V.
File type Unicode text, UTF-8 text, with very long lines (65353), with no line terminators
Hash bd8faabe0c4dbcb6e52de685edb90ad3
d1321edf369dae1b4fec7d35a0bf183bebb4047d
187b1452b947f03b4fed51333a04133b994241521a05a737b2325e1178f9ff41
GET /npc/sdk/push.m.js?v=1 HTTP/1.1
Host: js.wpshsdk.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://jp.co-vid.win/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Tue, 31 Jan 2023 23:13:00 GMT
content-type: application/javascript; charset=utf-8
server: nginx/1.18.0
last-modified: Thu, 26 Jan 2023 12:22:57 GMT
etag: W/"63d270a1-f96f"
content-encoding: gzip
expires: Tue, 31 Jan 2023 23:18:00 GMT
cache-control: max-age=300
x-proxy-cache: HIT
access-control-allow-origin: *
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash ef67ed7498a5d6bc04b4de2b6dc1b9dd
2fc136d79ff78b4d0e94a7b631fb1bb9948fe41e
63d4b56b131ee8787fb27eed0d304cc241c0d699c76968f14beedb3c5ad2c085
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "63D4B56B131EE8787FB27EED0D304CC241C0D699C76968F14BEEDB3C5AD2C085"
Last-Modified: Mon, 30 Jan 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7983
Expires: Wed, 01 Feb 2023 01:26:04 GMT
Date: Tue, 31 Jan 2023 23:13:01 GMT
Connection: keep-alive
ba759340c5.c5a43d09cb.com/get/
94.130.197.134200 OK 232 B URL HTTP/2 ba759340c5.c5a43d09cb.com/get/
IP 94.130.197.134:0
ASN #24940 Hetzner Online GmbH
File type JSON data\012- , ASCII text, with no line terminators
Hash 437aed80f24e6e50a7f24b0c58b8113a
1b84cdfc908bd3218280c0d28c5d8e051de80229
1f124ebab4b6f5dd7db0cdf018f274f5e53e4e9f3a30f470f2088a06b3a2e324
POST /get/ HTTP/1.1
Host: ba759340c5.c5a43d09cb.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://jp.co-vid.win/
Content-Type: text/plain;charset=UTF-8
Origin: http://jp.co-vid.win
Content-Length: 622
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx/1.16.0
date: Tue, 31 Jan 2023 23:13:01 GMT
content-type: application/json
content-length: 232
vary: Origin
cache-control: no-transform, no-cache, no-store, must-revalidate
pragma: no-cache
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: *
X-Firefox-Spdy: h2
084cc7e11c.abc35a1d01.com/in/multy
94.130.198.6200 OK 19 kB URL HTTP/2 084cc7e11c.abc35a1d01.com/in/multy
IP 94.130.198.6:0
ASN #24940 Hetzner Online GmbH
File type JSON data\012- , Unicode text, UTF-8 text, with very long lines (19129), with no line terminators
Hash 1048faea330107f54965834e5684493e
16511766ea64d123ccf095b699bfae1a388d4c12
f0f46fe60215e7b7fc1f47e22058ccb2eef44f1c7e75ef032f00f3afe1020ec5
POST /in/multy HTTP/1.1
Host: 084cc7e11c.abc35a1d01.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json;charset=utf-8
Content-Length: 778
Origin: http://jp.co-vid.win
Connection: keep-alive
Referer: http://jp.co-vid.win/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx/1.20.1
date: Tue, 31 Jan 2023 23:13:02 GMT
content-type: application/json
content-length: 19131
vary: Origin
cache-control: no-transform, no-cache, no-store, must-revalidate
pragma: no-cache
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: *
X-Firefox-Spdy: h2
084cc7e11c.abc35a1d01.com/in/show/?mid=4433957922142722323&pid=0&site=native-push-adult&sc=NO&usage_type=DCH&subid=809032184&sid=1763883698&cid=2957&price=0&is_cpm=0&cpm=0&ecpm=0&crid=&crtid=8fc5a3949d58ed66158a5da3a7b48b19&tcid=0&out_id=1&ver=8.23.0&ver_c=&refdom=jp.co-vid.win&hostname=auc-inpage-hz-7-c&site_id=3117050&spot_id=17050&utm_source=&utm_medium=&utm_campaign=&utm_content=&expiration_timestamp=0&created_at=2023-01-31&is_native=4&auction_queue=0&burl=uOXWWZM-lVRz5KrVlbXr5fUo5GVK3tIMJqUUAJTTj8xOI63tixKU0w&pop_winurl=&ip=91.90.42.154&testab=0&px_id=0&adblock=0&auction_host=apply&mm=0&yc=0&render_type=mq&campaign_type=pop-default&uniq=e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855&exp=0&resp_type=&iabcat=IAB25-3&min_cpm=0&placement_type_id=&skin_test=0&verify_hash=86a449446c301dc2e8a13ccdf68467fe&score=26.83668015341641&durl=https%3A%2F%2Fts.cvastico.com%2Fin%2F1546%2F%3Fad_sub%3D809032184%26spot_id%3D17050%26is_adult%3D1%26p%3Dhttp%253A%252F%252Fjp.co-vid.win%252F%26idzone%3D0%26sid%3D1886&ml=&tag_ab=c&original_bid=0&user_fp=0&v2=1&v2_track=0&is_pop_cpc=0&applied_features=main-skins-settings&url=5fdKtZLF5UDI7lF5ovKtCargyLYxJC8bbrUu6P6VeAqJhDINn1gPXVCcCnSuWz91O62Y_8gN7El91cB44vjqoxhX94mdcPi2XP9aAJUfTBWaLWbaBrqXhMKL9HRddMRuJtEuyfc69VHmtPScBpFKJQybDDswaUIxEaHiFs0iFUSrzXAjOA&image_url=https%3A%2F%2Fstatic.bookmsg.com%2Fcreatives%2FUS%2FUS_34c3a6403004486b593fb6a3428d7a2748437f4f_icon.webp&skin_id=2&vertical_id=0&real_bid=0&pr=1080p.hentaitube.win&user_keywords=&auc_type=1&aid=0&ext_cid=0&device_theme=light&keywords=&label_ids=0&conditions=dch_ip,tz_offset&need_redirect_show=0&mlf=1&cpa=93773bde-f6fe-430b-9931-c98c49e3899f&mlc=1&format=default-slide-b_r-body
94.130.198.6200 OK 0 B URL HTTP/2 084cc7e11c.abc35a1d01.com/in/show/?mid=4433957922142722323&pid=0&site=native-push-adult&sc=NO&usage_type=DCH&subid=809032184&sid=1763883698&cid=2957&price=0&is_cpm=0&cpm=0&ecpm=0&crid=&crtid=8fc5a3949d58ed66158a5da3a7b48b19&tcid=0&out_id=1&ver=8.23.0&ver_c=&refdom=jp.co-vid.win&hostname=auc-inpage-hz-7-c&site_id=3117050&spot_id=17050&utm_source=&utm_medium=&utm_campaign=&utm_content=&expiration_timestamp=0&created_at=2023-01-31&is_native=4&auction_queue=0&burl=uOXWWZM-lVRz5KrVlbXr5fUo5GVK3tIMJqUUAJTTj8xOI63tixKU0w&pop_winurl=&ip=91.90.42.154&testab=0&px_id=0&adblock=0&auction_host=apply&mm=0&yc=0&render_type=mq&campaign_type=pop-default&uniq=e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855&exp=0&resp_type=&iabcat=IAB25-3&min_cpm=0&placement_type_id=&skin_test=0&verify_hash=86a449446c301dc2e8a13ccdf68467fe&score=26.83668015341641&durl=https%3A%2F%2Fts.cvastico.com%2Fin%2F1546%2F%3Fad_sub%3D809032184%26spot_id%3D17050%26is_adult%3D1%26p%3Dhttp%253A%252F%252Fjp.co-vid.win%252F%26idzone%3D0%26sid%3D1886&ml=&tag_ab=c&original_bid=0&user_fp=0&v2=1&v2_track=0&is_pop_cpc=0&applied_features=main-skins-settings&url=5fdKtZLF5UDI7lF5ovKtCargyLYxJC8bbrUu6P6VeAqJhDINn1gPXVCcCnSuWz91O62Y_8gN7El91cB44vjqoxhX94mdcPi2XP9aAJUfTBWaLWbaBrqXhMKL9HRddMRuJtEuyfc69VHmtPScBpFKJQybDDswaUIxEaHiFs0iFUSrzXAjOA&image_url=https%3A%2F%2Fstatic.bookmsg.com%2Fcreatives%2FUS%2FUS_34c3a6403004486b593fb6a3428d7a2748437f4f_icon.webp&skin_id=2&vertical_id=0&real_bid=0&pr=1080p.hentaitube.win&user_keywords=&auc_type=1&aid=0&ext_cid=0&device_theme=light&keywords=&label_ids=0&conditions=dch_ip,tz_offset&need_redirect_show=0&mlf=1&cpa=93773bde-f6fe-430b-9931-c98c49e3899f&mlc=1&format=default-slide-b_r-body
IP 94.130.198.6:0
ASN #24940 Hetzner Online GmbH
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /in/show/?mid=4433957922142722323&pid=0&site=native-push-adult&sc=NO&usage_type=DCH&subid=809032184&sid=1763883698&cid=2957&price=0&is_cpm=0&cpm=0&ecpm=0&crid=&crtid=8fc5a3949d58ed66158a5da3a7b48b19&tcid=0&out_id=1&ver=8.23.0&ver_c=&refdom=jp.co-vid.win&hostname=auc-inpage-hz-7-c&site_id=3117050&spot_id=17050&utm_source=&utm_medium=&utm_campaign=&utm_content=&expiration_timestamp=0&created_at=2023-01-31&is_native=4&auction_queue=0&burl=uOXWWZM-lVRz5KrVlbXr5fUo5GVK3tIMJqUUAJTTj8xOI63tixKU0w&pop_winurl=&ip=91.90.42.154&testab=0&px_id=0&adblock=0&auction_host=apply&mm=0&yc=0&render_type=mq&campaign_type=pop-default&uniq=e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855&exp=0&resp_type=&iabcat=IAB25-3&min_cpm=0&placement_type_id=&skin_test=0&verify_hash=86a449446c301dc2e8a13ccdf68467fe&score=26.83668015341641&durl=https%3A%2F%2Fts.cvastico.com%2Fin%2F1546%2F%3Fad_sub%3D809032184%26spot_id%3D17050%26is_adult%3D1%26p%3Dhttp%253A%252F%252Fjp.co-vid.win%252F%26idzone%3D0%26sid%3D1886&ml=&tag_ab=c&original_bid=0&user_fp=0&v2=1&v2_track=0&is_pop_cpc=0&applied_features=main-skins-settings&url=5fdKtZLF5UDI7lF5ovKtCargyLYxJC8bbrUu6P6VeAqJhDINn1gPXVCcCnSuWz91O62Y_8gN7El91cB44vjqoxhX94mdcPi2XP9aAJUfTBWaLWbaBrqXhMKL9HRddMRuJtEuyfc69VHmtPScBpFKJQybDDswaUIxEaHiFs0iFUSrzXAjOA&image_url=https%3A%2F%2Fstatic.bookmsg.com%2Fcreatives%2FUS%2FUS_34c3a6403004486b593fb6a3428d7a2748437f4f_icon.webp&skin_id=2&vertical_id=0&real_bid=0&pr=1080p.hentaitube.win&user_keywords=&auc_type=1&aid=0&ext_cid=0&device_theme=light&keywords=&label_ids=0&conditions=dch_ip,tz_offset&need_redirect_show=0&mlf=1&cpa=93773bde-f6fe-430b-9931-c98c49e3899f&mlc=1&format=default-slide-b_r-body HTTP/1.1
Host: 084cc7e11c.abc35a1d01.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://jp.co-vid.win/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx/1.20.1
date: Tue, 31 Jan 2023 23:13:02 GMT
content-length: 0
vary: Origin
cache-control: no-transform, no-cache, no-store, must-revalidate
pragma: no-cache
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: *
X-Firefox-Spdy: h2
084cc7e11c.abc35a1d01.com/in/show/?mid=4433957922142722323&pid=0&site=native-push-adult&sc=NO&usage_type=DCH&subid=809032184&sid=1763883698&cid=12695&price=0&is_cpm=1&cpm=0.036&ecpm=0.036&crid=2240&crtid=f70aa6a0d437f901eea3e30be1aacaa8&tcid=0&out_id=0&ver=8.23.0&ver_c=&refdom=jp.co-vid.win&hostname=auc-inpage-hz-7-c&site_id=3117050&spot_id=17050&utm_source=&utm_medium=&utm_campaign=&utm_content=&expiration_timestamp=1675379581&created_at=2023-01-31&is_native=1&auction_queue=0&burl=d-gurCiWQabq6buF9b4eE1bEwXTuK4Oxq4lStXoH_eAhhkeRZMTdiA&pop_winurl=&ip=91.90.42.154&testab=0&px_id=3117050&adblock=0&auction_host=apply&mm=0&yc=0&render_type=mq&campaign_type=mq&uniq=&exp=&resp_type=&iabcat=IAB25-3&min_cpm=0.002068377370356087&placement_type_id=&skin_test=0&verify_hash=76296c31bca56e3d5886f722d3b03992&score=26.83668015341641&durl=https%3A%2F%2Fts.cvastico.com%2Fin%2F1546%2F%3Fad_sub%3D809032184%26spot_id%3D17050%26is_adult%3D1%26p%3Dhttp%253A%252F%252Fjp.co-vid.win%252F%26idzone%3D0%26sid%3D1886&ml=&tag_ab=c&original_bid=0.036&user_fp=0&v2=1&v2_track=0&is_pop_cpc=0&applied_features=main-skins-settings&url=Hj7_dnJKVkQBddiVhO7XVOq_53vrVuHw9KQal68E3Dga8yQe9ooUwcm5BD9xvv7qUkYE7Gj0TLcj_OWbLxWs_Qbq10RVXnbAylod8tpRYhMYEOSyB-2_F-B4zVak2o2z616oJh_CqRY53cSC71UiFPE_j68CdIPaFUrbXZR1lfjB1dbFSD97VsjVJ3d8M4wk5vDwQo5IUPLqiO4nHIMmVoVIjJ3SVFYWIZurXdhayL1PO9fDdlRg-F9wpL6SkSmun-O-zcQMr_0YVYloQg-iJ71rNnIdASvP1F1P4XGjlUK0t1sIr9yepvl_tyWB-EAwz1Pw4NHXyVC5Kt-lBcq8r4g060oKJcJg_CUs64FsljL2RVLplsu1pf81SBBfesqI_jzq-QqxayByirJ5DLuIuH9ylRO1k-TfHYWETUB3km5DLwsaD2xOR5LPw7F7COexCJDMO43k1fq5cAi8MPBq3x92tD08zDFLnkHsloaoTniOlcnjmJ2IJ1UBjpTwi6edMTSxSj5Xqk6tKi5zg9U_e3jKqFfuj787CsEs2a4yjYaxbR-7u1nX5PCBf6t57beOtjcFv6ZMrwd9d3kyfHC0FK_PODh24Yjv0waVwFZKiVGifwgf41thnh3PLOWlMspYNOIga2vmTeWLbUMPzG99jUY38jvrM5ewUXV6OsE3kE2A47Im5kVZ18N9ufAQh9Hd4C7HJnxLxr1xLyelORwfEWvwnaG9lomsdPKvf2KhU3dhj7GGc6iA-2_TEvys53DMHjEYNcfEyTP7PW25jNqDxBtAbiifSNK8u-edEgGGOR-WQXNmU_b3I5XO4Vov1J1H9hMtI8auhc-1qT7-lP5lOWTjJ82ftGfZe7bW5MhRQHeMV8shu6teChgmBwjVVZygzDVuM7mr7rbCD_dIPmZsHzkPcqEKiYBMWuY-jjUKx1LLOHZi0s_N_aZyDjT_iXJibiEl9AswiWCKMJM0mIZ6Cg5VYdYXMhU_HIOWSXEzulrm2mq7TDME__4LVMlIJhDd7ZGxw3SQWqlQIZfgQ9XxuWb3NUCjDW6IDmOviIkrJuPEf-lCjSXBosUboxtI64fMqibY_RQ-6-pl42k-g6St_oVcQCjsn368boqswjt27USSOqFJFH4PF4oXfyFhKwHYGxru3e6LHpGySY5RHX02FPik7dd8WBhqzkpBT3Eu12WrvOJIXyf00yAr5ElqbwGuIc9yptcoezhZm-mz8MY14wYuUadUjMDtOUwvwA&image_url=https%3A%2F%2F12112336.pix-cdn.org%2Fm%2Fp%2F0%2F374%2F374539%2Fconversions%2FuaDvnmZE-minify.jpg&skin_id=2&vertical_id=0&real_bid=0.036&pr=1080p.hentaitube.win&user_keywords=&auc_type=1&aid=127&ext_cid=100266&device_theme=light&keywords=&label_ids=0,4,101,5&conditions=dch_ip,tz_offset&need_redirect_show=0&cpa=e626633b-a449-4dac-86d7-89c1f2e63497&format=default-slide-b_r-body
94.130.198.6200 OK 0 B URL HTTP/2 084cc7e11c.abc35a1d01.com/in/show/?mid=4433957922142722323&pid=0&site=native-push-adult&sc=NO&usage_type=DCH&subid=809032184&sid=1763883698&cid=12695&price=0&is_cpm=1&cpm=0.036&ecpm=0.036&crid=2240&crtid=f70aa6a0d437f901eea3e30be1aacaa8&tcid=0&out_id=0&ver=8.23.0&ver_c=&refdom=jp.co-vid.win&hostname=auc-inpage-hz-7-c&site_id=3117050&spot_id=17050&utm_source=&utm_medium=&utm_campaign=&utm_content=&expiration_timestamp=1675379581&created_at=2023-01-31&is_native=1&auction_queue=0&burl=d-gurCiWQabq6buF9b4eE1bEwXTuK4Oxq4lStXoH_eAhhkeRZMTdiA&pop_winurl=&ip=91.90.42.154&testab=0&px_id=3117050&adblock=0&auction_host=apply&mm=0&yc=0&render_type=mq&campaign_type=mq&uniq=&exp=&resp_type=&iabcat=IAB25-3&min_cpm=0.002068377370356087&placement_type_id=&skin_test=0&verify_hash=76296c31bca56e3d5886f722d3b03992&score=26.83668015341641&durl=https%3A%2F%2Fts.cvastico.com%2Fin%2F1546%2F%3Fad_sub%3D809032184%26spot_id%3D17050%26is_adult%3D1%26p%3Dhttp%253A%252F%252Fjp.co-vid.win%252F%26idzone%3D0%26sid%3D1886&ml=&tag_ab=c&original_bid=0.036&user_fp=0&v2=1&v2_track=0&is_pop_cpc=0&applied_features=main-skins-settings&url=Hj7_dnJKVkQBddiVhO7XVOq_53vrVuHw9KQal68E3Dga8yQe9ooUwcm5BD9xvv7qUkYE7Gj0TLcj_OWbLxWs_Qbq10RVXnbAylod8tpRYhMYEOSyB-2_F-B4zVak2o2z616oJh_CqRY53cSC71UiFPE_j68CdIPaFUrbXZR1lfjB1dbFSD97VsjVJ3d8M4wk5vDwQo5IUPLqiO4nHIMmVoVIjJ3SVFYWIZurXdhayL1PO9fDdlRg-F9wpL6SkSmun-O-zcQMr_0YVYloQg-iJ71rNnIdASvP1F1P4XGjlUK0t1sIr9yepvl_tyWB-EAwz1Pw4NHXyVC5Kt-lBcq8r4g060oKJcJg_CUs64FsljL2RVLplsu1pf81SBBfesqI_jzq-QqxayByirJ5DLuIuH9ylRO1k-TfHYWETUB3km5DLwsaD2xOR5LPw7F7COexCJDMO43k1fq5cAi8MPBq3x92tD08zDFLnkHsloaoTniOlcnjmJ2IJ1UBjpTwi6edMTSxSj5Xqk6tKi5zg9U_e3jKqFfuj787CsEs2a4yjYaxbR-7u1nX5PCBf6t57beOtjcFv6ZMrwd9d3kyfHC0FK_PODh24Yjv0waVwFZKiVGifwgf41thnh3PLOWlMspYNOIga2vmTeWLbUMPzG99jUY38jvrM5ewUXV6OsE3kE2A47Im5kVZ18N9ufAQh9Hd4C7HJnxLxr1xLyelORwfEWvwnaG9lomsdPKvf2KhU3dhj7GGc6iA-2_TEvys53DMHjEYNcfEyTP7PW25jNqDxBtAbiifSNK8u-edEgGGOR-WQXNmU_b3I5XO4Vov1J1H9hMtI8auhc-1qT7-lP5lOWTjJ82ftGfZe7bW5MhRQHeMV8shu6teChgmBwjVVZygzDVuM7mr7rbCD_dIPmZsHzkPcqEKiYBMWuY-jjUKx1LLOHZi0s_N_aZyDjT_iXJibiEl9AswiWCKMJM0mIZ6Cg5VYdYXMhU_HIOWSXEzulrm2mq7TDME__4LVMlIJhDd7ZGxw3SQWqlQIZfgQ9XxuWb3NUCjDW6IDmOviIkrJuPEf-lCjSXBosUboxtI64fMqibY_RQ-6-pl42k-g6St_oVcQCjsn368boqswjt27USSOqFJFH4PF4oXfyFhKwHYGxru3e6LHpGySY5RHX02FPik7dd8WBhqzkpBT3Eu12WrvOJIXyf00yAr5ElqbwGuIc9yptcoezhZm-mz8MY14wYuUadUjMDtOUwvwA&image_url=https%3A%2F%2F12112336.pix-cdn.org%2Fm%2Fp%2F0%2F374%2F374539%2Fconversions%2FuaDvnmZE-minify.jpg&skin_id=2&vertical_id=0&real_bid=0.036&pr=1080p.hentaitube.win&user_keywords=&auc_type=1&aid=127&ext_cid=100266&device_theme=light&keywords=&label_ids=0,4,101,5&conditions=dch_ip,tz_offset&need_redirect_show=0&cpa=e626633b-a449-4dac-86d7-89c1f2e63497&format=default-slide-b_r-body
IP 94.130.198.6:0
ASN #24940 Hetzner Online GmbH
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /in/show/?mid=4433957922142722323&pid=0&site=native-push-adult&sc=NO&usage_type=DCH&subid=809032184&sid=1763883698&cid=12695&price=0&is_cpm=1&cpm=0.036&ecpm=0.036&crid=2240&crtid=f70aa6a0d437f901eea3e30be1aacaa8&tcid=0&out_id=0&ver=8.23.0&ver_c=&refdom=jp.co-vid.win&hostname=auc-inpage-hz-7-c&site_id=3117050&spot_id=17050&utm_source=&utm_medium=&utm_campaign=&utm_content=&expiration_timestamp=1675379581&created_at=2023-01-31&is_native=1&auction_queue=0&burl=d-gurCiWQabq6buF9b4eE1bEwXTuK4Oxq4lStXoH_eAhhkeRZMTdiA&pop_winurl=&ip=91.90.42.154&testab=0&px_id=3117050&adblock=0&auction_host=apply&mm=0&yc=0&render_type=mq&campaign_type=mq&uniq=&exp=&resp_type=&iabcat=IAB25-3&min_cpm=0.002068377370356087&placement_type_id=&skin_test=0&verify_hash=76296c31bca56e3d5886f722d3b03992&score=26.83668015341641&durl=https%3A%2F%2Fts.cvastico.com%2Fin%2F1546%2F%3Fad_sub%3D809032184%26spot_id%3D17050%26is_adult%3D1%26p%3Dhttp%253A%252F%252Fjp.co-vid.win%252F%26idzone%3D0%26sid%3D1886&ml=&tag_ab=c&original_bid=0.036&user_fp=0&v2=1&v2_track=0&is_pop_cpc=0&applied_features=main-skins-settings&url=Hj7_dnJKVkQBddiVhO7XVOq_53vrVuHw9KQal68E3Dga8yQe9ooUwcm5BD9xvv7qUkYE7Gj0TLcj_OWbLxWs_Qbq10RVXnbAylod8tpRYhMYEOSyB-2_F-B4zVak2o2z616oJh_CqRY53cSC71UiFPE_j68CdIPaFUrbXZR1lfjB1dbFSD97VsjVJ3d8M4wk5vDwQo5IUPLqiO4nHIMmVoVIjJ3SVFYWIZurXdhayL1PO9fDdlRg-F9wpL6SkSmun-O-zcQMr_0YVYloQg-iJ71rNnIdASvP1F1P4XGjlUK0t1sIr9yepvl_tyWB-EAwz1Pw4NHXyVC5Kt-lBcq8r4g060oKJcJg_CUs64FsljL2RVLplsu1pf81SBBfesqI_jzq-QqxayByirJ5DLuIuH9ylRO1k-TfHYWETUB3km5DLwsaD2xOR5LPw7F7COexCJDMO43k1fq5cAi8MPBq3x92tD08zDFLnkHsloaoTniOlcnjmJ2IJ1UBjpTwi6edMTSxSj5Xqk6tKi5zg9U_e3jKqFfuj787CsEs2a4yjYaxbR-7u1nX5PCBf6t57beOtjcFv6ZMrwd9d3kyfHC0FK_PODh24Yjv0waVwFZKiVGifwgf41thnh3PLOWlMspYNOIga2vmTeWLbUMPzG99jUY38jvrM5ewUXV6OsE3kE2A47Im5kVZ18N9ufAQh9Hd4C7HJnxLxr1xLyelORwfEWvwnaG9lomsdPKvf2KhU3dhj7GGc6iA-2_TEvys53DMHjEYNcfEyTP7PW25jNqDxBtAbiifSNK8u-edEgGGOR-WQXNmU_b3I5XO4Vov1J1H9hMtI8auhc-1qT7-lP5lOWTjJ82ftGfZe7bW5MhRQHeMV8shu6teChgmBwjVVZygzDVuM7mr7rbCD_dIPmZsHzkPcqEKiYBMWuY-jjUKx1LLOHZi0s_N_aZyDjT_iXJibiEl9AswiWCKMJM0mIZ6Cg5VYdYXMhU_HIOWSXEzulrm2mq7TDME__4LVMlIJhDd7ZGxw3SQWqlQIZfgQ9XxuWb3NUCjDW6IDmOviIkrJuPEf-lCjSXBosUboxtI64fMqibY_RQ-6-pl42k-g6St_oVcQCjsn368boqswjt27USSOqFJFH4PF4oXfyFhKwHYGxru3e6LHpGySY5RHX02FPik7dd8WBhqzkpBT3Eu12WrvOJIXyf00yAr5ElqbwGuIc9yptcoezhZm-mz8MY14wYuUadUjMDtOUwvwA&image_url=https%3A%2F%2F12112336.pix-cdn.org%2Fm%2Fp%2F0%2F374%2F374539%2Fconversions%2FuaDvnmZE-minify.jpg&skin_id=2&vertical_id=0&real_bid=0.036&pr=1080p.hentaitube.win&user_keywords=&auc_type=1&aid=127&ext_cid=100266&device_theme=light&keywords=&label_ids=0,4,101,5&conditions=dch_ip,tz_offset&need_redirect_show=0&cpa=e626633b-a449-4dac-86d7-89c1f2e63497&format=default-slide-b_r-body HTTP/1.1
Host: 084cc7e11c.abc35a1d01.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://jp.co-vid.win/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx/1.20.1
date: Tue, 31 Jan 2023 23:13:02 GMT
content-length: 0
vary: Origin
cache-control: no-transform, no-cache, no-store, must-revalidate
pragma: no-cache
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: *
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 278 B IP 93.184.220.29:0
Hash a9e3db02d1460a9b732fb3abf97ac0de
4d6cbe25899e4987a0993bc1bcbbab079e703374
f65a70b914e826fcdf595b4ab8e75f2f899de62aba7ee7003d91efa6180acf8c
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 998
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Tue, 31 Jan 2023 23:13:02 GMT
Last-Modified: Tue, 31 Jan 2023 22:56:24 GMT
Server: ECS (ska/F715)
X-Cache: HIT
Content-Length: 278
pn.bquildna43.site/in/tip_shows/?katds_ep=VEbfVIf_TOCXZJmvxNkMmRPOvKWaWp_u-VUlJk_USUH0vzak6I9jHBUcyGuIk3zPkOzf9b_n_th5HrZQt3-mWOLP4PXXJNc7kwaLj7Sl6wXj_kiOUztb6289Owsp8w3KyNp3AIOlMnDFgiFKNXMaRZNefxw76ue7T-9wlsyzEDz-FNPKZxBvRRTF_MgVYaWQtXLX8peyShL-4CerBtkwwU94LntsiUWgDhT89AJ5530IT4MmzlAl22saaLyGqja80ACzUjAAPaiO-7tQO8QXtgTm34Kmuq2fyjX5-ahSzX0nGKLIFxf4X0CiU3NS_WvlgaQEtl9f6C8dbZjgJHAvp_ZQjYQ-R057hpQMMz3VIgHnVcUo24yJAiyClxD7g5iz7KxqRW6PahtaYsq_uAcFLbJ1Yv2oC2rLNiRxrAMQszwPbpWhXmaf02Yz4u2XWtHGlTZusRML0dxeRIpcZiTHzgB7N6FB1lS2-ZXPCwV2JdnkWSGMTgTu5X6FFKjY9JvXmK270fwjTBrVy7huLVIV6wlk1YJo9l21l5gck0Ort9jtQli0-a3BqPPpAGgX27kNImAmeAXwlhbJp_x9rDojx8Z-9EHeJL0ymxe6s5Bj6MLdUejoaXhEG-PRNA2YKv2gqRHYI9XsvBT9TrFxhSuqLQVpdK1LYhIXPUkdzSjK1TSI-17cErFXqsEybZDooxsOS7ogzdTnd19MLeNPnLPb_KGXnFu8x9sIznm8PN4yebypb8wpKDvYb9ezvX2RW9h6PNBDAmMpik9OmYk8_eyMHMP95qYc6MOWNgx754zWLJotgp_YWfJZSYcTEWrzqNA&sp=${SECOND_PRICE}&cpa=7d626ecb-b452-487c-ac77-7d1879587f25&format=default-slide-b_r-body
188.114.96.1302 Found 0 B URL HTTP/2 pn.bquildna43.site/in/tip_shows/?katds_ep=VEbfVIf_TOCXZJmvxNkMmRPOvKWaWp_u-VUlJk_USUH0vzak6I9jHBUcyGuIk3zPkOzf9b_n_th5HrZQt3-mWOLP4PXXJNc7kwaLj7Sl6wXj_kiOUztb6289Owsp8w3KyNp3AIOlMnDFgiFKNXMaRZNefxw76ue7T-9wlsyzEDz-FNPKZxBvRRTF_MgVYaWQtXLX8peyShL-4CerBtkwwU94LntsiUWgDhT89AJ5530IT4MmzlAl22saaLyGqja80ACzUjAAPaiO-7tQO8QXtgTm34Kmuq2fyjX5-ahSzX0nGKLIFxf4X0CiU3NS_WvlgaQEtl9f6C8dbZjgJHAvp_ZQjYQ-R057hpQMMz3VIgHnVcUo24yJAiyClxD7g5iz7KxqRW6PahtaYsq_uAcFLbJ1Yv2oC2rLNiRxrAMQszwPbpWhXmaf02Yz4u2XWtHGlTZusRML0dxeRIpcZiTHzgB7N6FB1lS2-ZXPCwV2JdnkWSGMTgTu5X6FFKjY9JvXmK270fwjTBrVy7huLVIV6wlk1YJo9l21l5gck0Ort9jtQli0-a3BqPPpAGgX27kNImAmeAXwlhbJp_x9rDojx8Z-9EHeJL0ymxe6s5Bj6MLdUejoaXhEG-PRNA2YKv2gqRHYI9XsvBT9TrFxhSuqLQVpdK1LYhIXPUkdzSjK1TSI-17cErFXqsEybZDooxsOS7ogzdTnd19MLeNPnLPb_KGXnFu8x9sIznm8PN4yebypb8wpKDvYb9ezvX2RW9h6PNBDAmMpik9OmYk8_eyMHMP95qYc6MOWNgx754zWLJotgp_YWfJZSYcTEWrzqNA&sp=${SECOND_PRICE}&cpa=7d626ecb-b452-487c-ac77-7d1879587f25&format=default-slide-b_r-body
IP 188.114.96.1:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /in/tip_shows/?katds_ep=VEbfVIf_TOCXZJmvxNkMmRPOvKWaWp_u-VUlJk_USUH0vzak6I9jHBUcyGuIk3zPkOzf9b_n_th5HrZQt3-mWOLP4PXXJNc7kwaLj7Sl6wXj_kiOUztb6289Owsp8w3KyNp3AIOlMnDFgiFKNXMaRZNefxw76ue7T-9wlsyzEDz-FNPKZxBvRRTF_MgVYaWQtXLX8peyShL-4CerBtkwwU94LntsiUWgDhT89AJ5530IT4MmzlAl22saaLyGqja80ACzUjAAPaiO-7tQO8QXtgTm34Kmuq2fyjX5-ahSzX0nGKLIFxf4X0CiU3NS_WvlgaQEtl9f6C8dbZjgJHAvp_ZQjYQ-R057hpQMMz3VIgHnVcUo24yJAiyClxD7g5iz7KxqRW6PahtaYsq_uAcFLbJ1Yv2oC2rLNiRxrAMQszwPbpWhXmaf02Yz4u2XWtHGlTZusRML0dxeRIpcZiTHzgB7N6FB1lS2-ZXPCwV2JdnkWSGMTgTu5X6FFKjY9JvXmK270fwjTBrVy7huLVIV6wlk1YJo9l21l5gck0Ort9jtQli0-a3BqPPpAGgX27kNImAmeAXwlhbJp_x9rDojx8Z-9EHeJL0ymxe6s5Bj6MLdUejoaXhEG-PRNA2YKv2gqRHYI9XsvBT9TrFxhSuqLQVpdK1LYhIXPUkdzSjK1TSI-17cErFXqsEybZDooxsOS7ogzdTnd19MLeNPnLPb_KGXnFu8x9sIznm8PN4yebypb8wpKDvYb9ezvX2RW9h6PNBDAmMpik9OmYk8_eyMHMP95qYc6MOWNgx754zWLJotgp_YWfJZSYcTEWrzqNA&sp=${SECOND_PRICE}&cpa=7d626ecb-b452-487c-ac77-7d1879587f25&format=default-slide-b_r-body HTTP/1.1
Host: pn.bquildna43.site
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://jp.co-vid.win/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
date: Tue, 31 Jan 2023 23:13:02 GMT
content-type: application/json
content-length: 0
location: https://12112336.pix-cdn.org/m/p/0/374/374538/conversions/6OTjphwd-minify.jpg
access-control-allow-credentials: true
access-control-allow-origin: *
set-cookie: 2357.0=1; expires=Wed, 01 Feb 2023 23:13:02 GMT; path=/; secure; SameSite=None
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=0Bysz5JWedZ2lKXecmpB%2B1arpEFPdCAQwPplfZzzKqDB4WxJUJNb6%2B6rK%2FSJJmBqjHty39FuMqWB2SPnkgwParIrIk9J%2B60e9QO9mGsfITwjNU5yXXVaDLIrIVJg0B1jH6xD6%2FI%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 792622b4efd6b529-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
97ad8a430e.3841f4b0c4.com/d0a81e167b3f0c9f44e4d74db405d0fc.js
45.133.44.24200 OK 80 kB URL HTTP/2 97ad8a430e.3841f4b0c4.com/d0a81e167b3f0c9f44e4d74db405d0fc.js
IP 45.133.44.24:0
ASN #39572 DataWeb Global Group B.V.
Hash 2192399d1a038b25dfd042562334b07b
f7a3b5a06b3c33037647c3d6e1a73a4bb9e30ffd
5ec3d48e0bbd5c1fd1183e56d085014d1ad4c7453ef5e7e5c5404920913d423c
GET /d0a81e167b3f0c9f44e4d74db405d0fc.js HTTP/1.1
Host: 97ad8a430e.3841f4b0c4.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://jp.co-vid.win/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Tue, 31 Jan 2023 23:13:00 GMT
content-type: application/javascript; charset=utf-8
server: nginx/1.18.0
last-modified: Tue, 31 Jan 2023 13:11:15 GMT
etag: W/"63d91373-4dbb1"
content-encoding: gzip
expires: Tue, 31 Jan 2023 23:18:00 GMT
cache-control: max-age=300
x-proxy-cache: HIT
access-control-allow-origin: *
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 278 B IP 93.184.220.29:0
Hash a9e3db02d1460a9b732fb3abf97ac0de
4d6cbe25899e4987a0993bc1bcbbab079e703374
f65a70b914e826fcdf595b4ab8e75f2f899de62aba7ee7003d91efa6180acf8c
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 998
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Tue, 31 Jan 2023 23:13:02 GMT
Last-Modified: Tue, 31 Jan 2023 22:56:24 GMT
Server: ECS (ska/F715)
X-Cache: HIT
Content-Length: 278
12112336.pix-cdn.org/m/p/0/374/374539/conversions/uaDvnmZE-minify.jpg
45.133.44.25200 OK 9.0 kB URL HTTP/2 12112336.pix-cdn.org/m/p/0/374/374539/conversions/uaDvnmZE-minify.jpg
IP 45.133.44.25:0
ASN #39572 DataWeb Global Group B.V.
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 70", baseline, precision 8, 300x200, components 3\012- data
Hash ac4fce2099a6cbd7264384fba760fc66
d95ed9daf1b4e01d98b089f6688319cc5e377aad
0e5e7942344997c25d52522d74def5e71eb22337f2fecf13ac63fe940bcdb176
GET /m/p/0/374/374539/conversions/uaDvnmZE-minify.jpg HTTP/1.1
Host: 12112336.pix-cdn.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://jp.co-vid.win/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Tue, 31 Jan 2023 23:13:02 GMT
content-type: image/jpeg
content-length: 9014
server: nginx/1.12.2
last-modified: Sat, 30 Jul 2022 08:18:07 GMT
etag: "62e4e93f-2336"
cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
expires: 0
x-proxy-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
12112336.pix-cdn.org/m/p/0/374/374538/conversions/6OTjphwd-minify.jpg
45.133.44.25200 OK 2.9 kB URL HTTP/2 12112336.pix-cdn.org/m/p/0/374/374538/conversions/6OTjphwd-minify.jpg
IP 45.133.44.25:0
ASN #39572 DataWeb Global Group B.V.
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 70", baseline, precision 8, 100x100, components 3\012- data
Hash 66098442dc8934e8c6f5351e39d40e71
6bdebd9a664636433febe19afd7a5b37bff07126
b264aead392358ee4523a21bdd6726c1ec24c6ff849dbdf07dfd15bc6dedff4e
GET /m/p/0/374/374538/conversions/6OTjphwd-minify.jpg HTTP/1.1
Host: 12112336.pix-cdn.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://jp.co-vid.win/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Tue, 31 Jan 2023 23:13:02 GMT
content-type: image/jpeg
content-length: 2921
server: nginx/1.12.2
last-modified: Sat, 30 Jul 2022 08:17:53 GMT
etag: "62e4e931-b69"
cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
expires: 0
x-proxy-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
static.bookmsg.com/creatives/US/US_34c3a6403004486b593fb6a3428d7a2748437f4f_icon.webp
138.201.236.216200 OK 590 B URL HTTP/2 static.bookmsg.com/creatives/US/US_34c3a6403004486b593fb6a3428d7a2748437f4f_icon.webp
IP 138.201.236.216:0
ASN #24940 Hetzner Online GmbH
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 100x100, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash debce753f1ce6652c1637491fd72b1b1
fd102eb3f058f7a43b0f9ec03541681699f5895e
c2443b0a74b25158756abb7aa12832e5442adab247aab6e24514f54396c72579
GET /creatives/US/US_34c3a6403004486b593fb6a3428d7a2748437f4f_icon.webp HTTP/1.1
Host: static.bookmsg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://jp.co-vid.win/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx/1.18.0
date: Tue, 31 Jan 2023 23:13:02 GMT
content-type: image/webp
content-length: 590
last-modified: Tue, 24 Nov 2020 14:24:12 GMT
etag: "5fbd178c-24e"
cache-control: public, max-age=315360000
accept-ranges: bytes
X-Firefox-Spdy: h2
static.bookmsg.com/creatives/US/US_34c3a6403004486b593fb6a3428d7a2748437f4f_icon.webp?mlf=1&cpa=59200aa8-8c45-461e-bab5-1f46c3c8cb3f&mlc=1&format=default-slide-b_r-body
138.201.236.216200 OK 590 B URL HTTP/2 static.bookmsg.com/creatives/US/US_34c3a6403004486b593fb6a3428d7a2748437f4f_icon.webp?mlf=1&cpa=59200aa8-8c45-461e-bab5-1f46c3c8cb3f&mlc=1&format=default-slide-b_r-body
IP 138.201.236.216:0
ASN #24940 Hetzner Online GmbH
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 100x100, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash debce753f1ce6652c1637491fd72b1b1
fd102eb3f058f7a43b0f9ec03541681699f5895e
c2443b0a74b25158756abb7aa12832e5442adab247aab6e24514f54396c72579
GET /creatives/US/US_34c3a6403004486b593fb6a3428d7a2748437f4f_icon.webp?mlf=1&cpa=59200aa8-8c45-461e-bab5-1f46c3c8cb3f&mlc=1&format=default-slide-b_r-body HTTP/1.1
Host: static.bookmsg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://jp.co-vid.win/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx/1.18.0
date: Tue, 31 Jan 2023 23:13:02 GMT
content-type: image/webp
content-length: 590
last-modified: Tue, 24 Nov 2020 14:24:12 GMT
etag: "5fbd178c-24e"
cache-control: public, max-age=315360000
accept-ranges: bytes
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash 74fb517f26359326e41f69c0c1826bd1
693f1fb0a1147db8e73c59700630c3da71b1a1ba
9fd11f32aefbb6191356ef10775629a52e420bbce09f95b363f8ef30479c37b1
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 31 Jan 2023 23:13:02 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
accounts.google.com/ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&uilel=3&hl=en&service=youtube
142.250.74.109302 Found 394 B URL HTTP/2 accounts.google.com/ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&uilel=3&hl=en&service=youtube
IP 142.250.74.109:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (384)
Hash 2d73aaa3663b2fc94d2bb9bb47b3c907
c73b49c9ced81e17e6205fc571774cab5fa9dc67
9915b08597ef7490b6d03a00c4c96f35ee6f446b38c43433641eb559a14c3126
GET /ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&uilel=3&hl=en&service=youtube HTTP/1.1
Host: accounts.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://jp.co-vid.win/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
content-type: text/html; charset=UTF-8
x-frame-options: DENY
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Tue, 31 Jan 2023 23:13:02 GMT
location: https://accounts.google.com/v3/signin/identifier?dsh=S-838792461%3A1675206782432301&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&hl=en&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&ifkv=AWnogHevbeMG_6mm__eY01F1zbWz_DAKtzza7qVK7eOFtexLY3w9GICcIiLmdWWA8m4DvP3dXRFHlw
strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: script-src 'nonce-VmS8xbZz6zl6AxYPkwbszg' 'unsafe-inline' 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /cspreport, require-trusted-types-for 'script';report-uri /cspreport
report-to: {"group":"coop_gse_qebhlk","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gse_qebhlk"}]}
cross-origin-opener-policy-report-only: same-origin; report-to="coop_gse_qebhlk"
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 394
server: GSE
set-cookie: __Host-GAPS=1:XWSJZy6SF6nSq6uj5lNgfcb-0bRyrg:d75LuZVVgyRUD2Mo;Path=/;Expires=Thu, 30-Jan-2025 23:13:02 GMT;Secure;HttpOnly;Priority=HIGH
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
97ad8a430e.3841f4b0c4.com/75bf6bb558cb3e61c272c8297a9e0a37.js
45.133.44.24200 OK 0 B URL HTTP/2 97ad8a430e.3841f4b0c4.com/75bf6bb558cb3e61c272c8297a9e0a37.js
IP 45.133.44.24:0
ASN #39572 DataWeb Global Group B.V.
GET /75bf6bb558cb3e61c272c8297a9e0a37.js HTTP/1.1
Host: 97ad8a430e.3841f4b0c4.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://jp.co-vid.win
Connection: keep-alive
Referer: http://jp.co-vid.win/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Tue, 31 Jan 2023 23:13:00 GMT
content-type: application/javascript; charset=utf-8
server: nginx/1.18.0
last-modified: Fri, 13 Jan 2023 14:07:40 GMT
etag: W/"63c165ac-188ee"
content-encoding: gzip
expires: Tue, 31 Jan 2023 23:18:00 GMT
cache-control: max-age=300
x-proxy-cache: HIT
access-control-allow-origin: *
X-Firefox-Spdy: h2
js.wpshsdk.com/npc/sdk/push/styles.css
45.133.44.24200 OK 0 B URL HTTP/2 js.wpshsdk.com/npc/sdk/push/styles.css
IP 45.133.44.24:0
ASN #39572 DataWeb Global Group B.V.
GET /npc/sdk/push/styles.css HTTP/1.1
Host: js.wpshsdk.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://jp.co-vid.win/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Tue, 31 Jan 2023 23:13:00 GMT
content-type: text/css
server: nginx/1.18.0
last-modified: Tue, 30 Aug 2022 09:15:33 GMT
etag: W/"630dd535-10f4"
content-encoding: gzip
expires: Tue, 31 Jan 2023 23:18:00 GMT
cache-control: max-age=300
x-proxy-cache: HIT
access-control-allow-origin: *
X-Firefox-Spdy: h2
jsjs.gazo.space/index.php?js=very
104.21.235.169200 OK 0 B URL HTTP/2 jsjs.gazo.space/index.php?js=very
IP 104.21.235.169:0
Analyzer Verdict Alert fortinet Phishing
GET /index.php?js=very HTTP/1.1
Host: jsjs.gazo.space
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://1080p.hentaitube.win/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Tue, 31 Jan 2023 23:12:54 GMT
content-type: text/html; charset=UTF-8
access-control-allow-origin: *
access-control-allow-headers: Cake
imghost: 240026512804c008ad763d1c3-h-jsjsgazospacmh--NO-rm2400cb003761024ac46560a/index.php?js=very
55nloadrate: 0.4559375
cache-control: max-age=360000, private
vary: Accept-Encoding
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=xVOdnVsxavf5B5YaCSrsOteloXMjLcmIGWEeLtSi1zAiw0ax3FvRL6CyNAap0x5gQwvUmW7lofYh2x7LqQl8FiqfH7FMUbTzPsnFjY5CHxa8Q56E7r5tlunmyaRs9VuWIM4%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 79262281190b7720-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
97ad8a430e.3841f4b0c4.com/75bf6bb558cb3e61c272c8297a9e0a37.js
45.133.44.25200 OK 0 B URL HTTP/2 97ad8a430e.3841f4b0c4.com/75bf6bb558cb3e61c272c8297a9e0a37.js
IP 45.133.44.25:0
ASN #39572 DataWeb Global Group B.V.
GET /75bf6bb558cb3e61c272c8297a9e0a37.js HTTP/1.1
Host: 97ad8a430e.3841f4b0c4.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://1080p.hentaitube.win
Connection: keep-alive
Referer: http://1080p.hentaitube.win/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Tue, 31 Jan 2023 23:12:54 GMT
content-type: application/javascript; charset=utf-8
server: nginx/1.18.0
last-modified: Fri, 13 Jan 2023 14:07:40 GMT
etag: W/"63c165ac-188ee"
content-encoding: gzip
expires: Tue, 31 Jan 2023 23:17:54 GMT
cache-control: max-age=300
x-proxy-cache: HIT
access-control-allow-origin: *
X-Firefox-Spdy: h2
jsjs.gazo.space/index.php?js=av4&advertisement&
104.21.235.170200 OK 0 B URL HTTP/2 jsjs.gazo.space/index.php?js=av4&advertisement&
IP 104.21.235.170:0
GET /index.php?js=av4&advertisement& HTTP/1.1
Host: jsjs.gazo.space
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://jp.co-vid.win/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Tue, 31 Jan 2023 23:12:55 GMT
content-type: text/html; charset=UTF-8
access-control-allow-origin: *
access-control-allow-headers: Cake
imghost: 240026512804c008ad763d1c3-h-jsjsgazospacmh--GB-rm2400cb003761024ac46553b/index.php?js=av4&advertisement&
55nloadrate: 0.55
cache-control: public, max-age=7200, s-max-age=1800
vary: Accept-Encoding
cf-cache-status: HIT
age: 984
last-modified: Tue, 31 Jan 2023 22:56:31 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=49sWDqmkxt4LUjbuR3v6cYGCiFrLoeBjPDP5kSLLWGot1ZCAueI%2FBIcPlFUqgl9zMqcDjmtwv9aOVXqdpLwi77ruiRCtQucjvnGlP2%2Fwln9fVGcUVAs7AmnlgqNeazR%2BU6Y%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 792622891e1988b9-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
97ad8a430e.3841f4b0c4.com/94a3020ac654e6f5827f3974082f65fc.js
45.133.44.24200 OK 0 B URL HTTP/2 97ad8a430e.3841f4b0c4.com/94a3020ac654e6f5827f3974082f65fc.js
IP 45.133.44.24:0
ASN #39572 DataWeb Global Group B.V.
GET /94a3020ac654e6f5827f3974082f65fc.js HTTP/1.1
Host: 97ad8a430e.3841f4b0c4.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://jp.co-vid.win/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Tue, 31 Jan 2023 23:13:00 GMT
content-type: application/javascript; charset=utf-8
server: nginx/1.18.0
last-modified: Wed, 07 Dec 2022 08:28:22 GMT
etag: W/"63904ea6-16019"
content-encoding: gzip
expires: Tue, 31 Jan 2023 23:18:00 GMT
cache-control: max-age=300
x-proxy-cache: HIT
access-control-allow-origin: *
X-Firefox-Spdy: h2