Report - 1hd.sh

Report Overview

Visited public
2025-04-30 22:42:58
Tags
URL
1hd.sh
Finishing URL
1hd.sh/
IP / ASN
104.21.70.229
#13335 CLOUDFLARENET
Title
1HD | Watch Free Movies online

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
fonts.gstatic.com	unknown	2008-02-11	2014-04-02	2025-04-30	2.2 kB	245 kB	142.250.74.35
acscdn.com	93608	2020-05-05	2020-05-06	2025-04-30	2.1 kB	496 kB	188.114.96.1
masterlist.tv	unknown	unknown	2024-02-10	2025-04-26	436 B	18 kB	104.21.16.153
imasdk.googleapis.com	11661	2005-01-25	2014-02-25	2025-04-25	971 B	1.3 MB	142.250.74.42
www.googletagmanager.com	75	2011-11-11	2012-10-04	2025-04-30	427 B	382 kB	142.250.74.168
youradexchange.com	273384	2012-11-09	2013-02-04	2025-04-30	6.6 kB	14 kB	172.67.177.214
cdnjs.cloudflare.com	235	2009-02-17	2012-05-23	2025-04-30	3.7 kB	641 kB	104.17.25.14
auto-deploy.pages.dev	unknown	2020-09-02	2023-07-05	2025-04-30	4.0 kB	212 kB	188.114.96.1
fonts.googleapis.com	8877	2005-01-25	2012-05-23	2025-04-30	992 B	15 kB	142.250.74.10
maxcdn.bootstrapcdn.com	724	2012-05-25	2014-06-18	2025-04-30	454 B	142 kB	104.18.10.207
1hd.sh	unknown	2023-08-24	2023-09-12	2025-04-27	3.8 kB	219 kB	172.67.140.43
pubtrky.com	unknown	2023-11-21	2023-11-21	2025-04-27	470 B	777 B	172.67.188.110

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Timestamp	Severity	Source IP	Destination IP	Alert
2025-04-30 22:42:47	low	Client IP	188.114.96.1	ET INFO Observed Cloudflare Page Developer Domain (pages .dev in TLS SNI)

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

JavaScript (21)

	URL	From	Size	First Seen	Last Seen
	cdnjs.cloudflare.com/ajax/libs/twitter-bootstrap/4.6.1/js/bootstrap.bundle.min.js	ScriptElement	83 kB	2023-03-07	2025-05-08
Pretty URL cdnjs.cloudflare.com/ajax/libs/twitter-bootstrap/4.6.1/js/bootstrap.bundle.min.js IP 104.17.25.14 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:10 Last Seen2025-05-08 22:26 Times Seen1903 Hash 90146f01d8a2028ed6f2c3d2fba4ac9b 0363cb58b7a7b60ef7fbf82b8bceb6305232501a 7e02c082fedfc821a8a51fe004dab6896dd928876a21ccac8675142c2e2f7b1f Loading...

	1hd.sh/assets/js/custom.js	ScriptElement	19 kB	2024-07-13	2025-05-08
Pretty URL 1hd.sh/assets/js/custom.js IP 172.67.140.43 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-07-13 04:40 Last Seen2025-05-08 10:15 Times Seen9 Hash 28c98063fb6f44b912a27435a44b503c ee3b6f1a16e33a2e63a2671d9066690eff8c5fda 831cfbe8ed41066900f00d7b869f5a952b61e3c4c9a6a8d7fb7f66cb857f8861 Loading...

	acscdn.com/script/inpagepush.js	ScriptElement	87 kB	2025-04-30	2025-05-09
Pretty URL acscdn.com/script/inpagepush.js IP 188.114.96.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2025-04-30 22:43 Last Seen2025-05-09 04:45 Times Seen7 Hash e5bf6d77c6955d7e3f74f9a2b1ba62a2 27b33e9887ea93c566857cd7f3f935c6033a749f 4a1ce121dfee34de0ce3170e3783e6e1d5e52256047531e8160c2382d724841c Loading...

	1hd.sh/	ScriptElement	153 B	2024-08-19	2025-05-08
Pretty URL 1hd.sh/ IP 172.67.140.43 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2024-08-19 13:10 Last Seen2025-05-08 10:15 Times Seen8 Hash 2964c0a51cd59d0c5197839f28dce36b 3acac78da03660430f8dff512ae9babdb2cd7b33 25276aae750e8d5182bb6c02525ac4b20f940406fd4b06c276287c0c6f38970c Loading...

	cdnjs.cloudflare.com/ajax/libs/jquery/1.12.3/jquery.min.js	ScriptElement	97 kB	2023-03-07	2025-05-09
Pretty URL cdnjs.cloudflare.com/ajax/libs/jquery/1.12.3/jquery.min.js IP 104.17.25.14 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:29 Last Seen2025-05-09 02:48 Times Seen1288 Hash c07f2267a050732b752cc3e7a06850ac 220dad6750fba4898e10b8d9b78ca46f4f774544 69a3831c082fc105b56c53865cc797fa90b83d920fb2f9f6875b00ad83a18174 Loading...

	1hd.sh/	ScriptElement	62 B	2025-04-30	2025-05-08
Pretty URL 1hd.sh/ IP 172.67.140.43 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2025-04-30 22:43 Last Seen2025-05-08 10:15 Times Seen2 Hash a7a74323155064456ddff5371129a2d7 1b4ee6c2e84701e59df1cd7690e1674f0d18579b 4645500a0842c9c1fa877774c37c0b6807a6975edbe65155df1ffc0c7a46e208 Loading...

	acscdn.com/script/videoSlider.js	ScriptElement	81 kB	2025-04-30	2025-05-08
Pretty URL acscdn.com/script/videoSlider.js IP 188.114.96.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2025-04-30 22:43 Last Seen2025-05-08 10:15 Times Seen2 Hash 70fca07e82bb82547a085f2574541ea7 89f9bf08ab7aa7a53d08d57251b497c8c12b9bd0 258b2010103a9970af2ac06c4a3f19354f5d09c92c44edf15fa794fa716b45be Loading...

	imasdk.googleapis.com/js/sdkloader/ima3.js	ScriptElement	460 kB	2025-04-30	2025-04-30
Pretty URL imasdk.googleapis.com/js/sdkloader/ima3.js IP 142.250.74.42 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2025-04-30 22:43 Last Seen2025-04-30 22:43 Times Seen1 Hash 6cce99b582d904cd23554af137134da0 e4ba4333e50f76a5ed468bb4f457a3821838820b c831a0530c7a9267d2fa75df214ad7a4b1c4ec9332ad5d913e26076f038685c8 Loading...

	acscdn.com/script/aclib.js	ScriptElement	136 kB	2025-04-30	2025-05-09
Pretty URL acscdn.com/script/aclib.js IP 188.114.96.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2025-04-30 20:31 Last Seen2025-05-09 05:24 Times Seen27 Hash 99396b8be1aa8280e0b3aa86075a4094 4b9bfac1a58c0364f0c55405873eec27c159a407 68332c022d13f9d1e22c76a638225a949cea39cbd14d5d84fdbc1003e0c6076e Loading...

	1hd.sh/	ScriptElement	63 B	2025-04-30	2025-05-08
Pretty URL 1hd.sh/ IP 172.67.140.43 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2025-04-30 22:43 Last Seen2025-05-08 10:15 Times Seen2 Hash 87fe794222554ba6158f9990e6669ed1 aa74946d55045338911e93d199aff413b3239886 6311e8bccedddfbe0c48e36f4942d7b3bec7a381ffded0c79978532949f979ee Loading...

	www.googletagmanager.com/gtag/js?id=G-V45H598T28	ScriptElement	382 kB	2025-04-30	2025-04-30
Pretty URL www.googletagmanager.com/gtag/js?id=G-V45H598T28 IP 142.250.74.168 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2025-04-30 22:43 Last Seen2025-04-30 22:43 Times Seen1 Hash 00036b60499143b0cb2a5ff3fc8ae2db ebef7ea991687f4cd576458892f4e1cff8ef4b12 7f78dc6a680eff3c4b5425351903ceb3d9e8808f62885277819957f9e3b41d5d Loading...

	auto-deploy.pages.dev/IPP/Artjom/GAME/ENG/428/?cid=174605296617120TNOTV415326358024V11867&network=adcash&utm_source=9795758-3775522587-3930541253&camp=401936220&creative=23833512&format=%5BADD_FORMAT_STRING%5D&offer=%5BADD_OFFER_STRING%5D	ScriptElement	1.2 kB	2025-04-27	2025-05-09
Pretty URL auto-deploy.pages.dev/IPP/Artjom/GAME/ENG/428/?cid=174605296617120TNOTV415326358024V11867&network=adcash&utm_source=9795758-3775522587-3930541253&camp=401936220&creative=23833512&format=%5BADD_FORMAT_STRING%5D&offer=%5BADD_OFFER_STRING%5D IP 188.114.96.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2025-04-27 23:58 Last Seen2025-05-09 04:45 Times Seen11 Hash 11a4f7fea656c397c29ec4b2c644fdd5 72fb9f635dc3bbeecb109b9bfa75c9c91f094351 6f44f431658b4630b607a9370f197900140cdfdf51ac2704030fddf89e6495aa Loading...

	cdnjs.cloudflare.com/ajax/libs/Swiper/5.4.4/js/swiper.min.js	ScriptElement	141 kB	2023-04-18	2025-05-08
Pretty URL cdnjs.cloudflare.com/ajax/libs/Swiper/5.4.4/js/swiper.min.js IP 104.17.25.14 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-04-18 10:35 Last Seen2025-05-08 10:15 Times Seen677 Hash cf2fe63069b52d6a5bc1bccdb2626273 c1a56d0735470b2ab51e4dda017eefc281cbd7ce 636ee53e0454d4eff633ac3467f3540087e0ed55f4db06c2ef5f4662302b6329 Loading...

	cdnjs.cloudflare.com/ajax/libs/tooltipster/4.0.0/js/tooltipster.bundle.min.js	ScriptElement	39 kB	2023-05-07	2025-05-08
Pretty URL cdnjs.cloudflare.com/ajax/libs/tooltipster/4.0.0/js/tooltipster.bundle.min.js IP 104.17.25.14 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-05-07 20:25 Last Seen2025-05-08 10:15 Times Seen600 Hash 150195cfb0977fbf7ca16de64ab19baa f310c457edb13f6affd5b9e90f44a1d9044489b5 aebd88d78695843b04af0fd0575a081795c46a3d940d48579781bab1327c4d91 Loading...

	acscdn.com/script/ut.js?cb=1746052946144	ScriptElement	81 kB	2025-04-30	2025-05-09
Pretty URL acscdn.com/script/ut.js?cb=1746052946144 IP 188.114.96.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2025-04-30 16:49 Last Seen2025-05-09 05:24 Times Seen38 Hash eaa11c5f044a59ec54c82e06a8beba81 afb33a13f1b0b1163ae1d5f98703c9eacd35bee3 b05b9df2027483a401c352424c15d0adff42dbe771c52b71333e5b4e68f1260c Loading...

	acscdn.com/script/atagv2.js	ScriptElement	105 kB	2025-04-30	2025-05-09
Pretty URL acscdn.com/script/atagv2.js IP 188.114.96.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2025-04-30 22:43 Last Seen2025-05-09 04:45 Times Seen6 Hash e9665e024942ea8eab3f55346f7589ff 9feed0923fbcc8d26b0a05ab961d529742488f27 229f433b11059ca784b5d479d5eac12003544bfb758f1045269f4fe541d0ed10 Loading...

	imasdk.googleapis.com/js/core/bridge3.695.1_en.html?gdpr=1#fid=goog_958653353	ScriptElement	803 kB	2025-04-30	2025-05-08
Pretty URL imasdk.googleapis.com/js/core/bridge3.695.1_en.html?gdpr=1#fid=goog_958653353 IP 142.250.74.42 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML true Observations First Seen2025-04-30 22:43 Last Seen2025-05-08 16:30 Times Seen22 Hash a2bf960fb0399d729af2430cd73cc319 5c327be2c8998c80f99c4086c278e90c136d64d1 d9c748907bf3ddef6e00e09fa99a8e4de32673edc6489f950d2af1713e107d13 Loading...

	1hd.sh/assets/js/lights.js?v=3	ScriptElement	5.6 kB	2023-03-07	2025-05-08
Pretty URL 1hd.sh/assets/js/lights.js?v=3 IP 172.67.140.43 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 13:13 Last Seen2025-05-08 10:15 Times Seen60 Hash 3c0668bf818160d6c0d8cf81703f2daa 2890f10417ebce711ed58ee8aa5cbc8b5df2f1d3 d3ee876cbd3740b000bd768cdf6aa1b3f4a9e40bee461c97f8d01ed90e5304e1 Loading...

	1hd.sh/assets/js/sweetalert.js	ScriptElement	17 kB	2023-03-07	2025-05-09
Pretty URL 1hd.sh/assets/js/sweetalert.js IP 172.67.140.43 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:15 Last Seen2025-05-09 04:45 Times Seen1757 Hash 0068f44b0aa1b83fa7679860ceb26590 20d5cdb9d2002442843baab241f2e883563d1de5 7a056fc64aba501090c8acd106b0c7bbc9a267914e695ae34aa42a6ae2a094a7 Loading...

	1hd.sh/	ScriptElement	38 B	2024-08-19	2025-05-08
Pretty URL 1hd.sh/ IP 172.67.140.43 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2024-08-19 13:10 Last Seen2025-05-08 10:15 Times Seen8 Hash 441ac630cdff5f38c83824e49b0132dd f8c6e4b5b8f8d7b7f7fd7d3faf0eb58e784eb8bb 2164b23dc2f5db3da31557be2391f411f8d4615af469f860f6303470560e1540 Loading...

	auto-deploy.pages.dev/IPP/Artjom/GAME/ENG/428/template.js?cid=174605296617120TNOTV415326358024V11867&network=adcash&utm_source=9795758-3775522587-3930541253&camp=401936220&creative=23833512&format=[ADD_FORMAT_STRING]&offer=[ADD_OFFER_STRING]	ScriptElement	6.5 kB	2024-08-16	2025-05-06
Pretty URL auto-deploy.pages.dev/IPP/Artjom/GAME/ENG/428/template.js?cid=174605296617120TNOTV415326358024V11867&network=adcash&utm_source=9795758-3775522587-3930541253&camp=401936220&creative=23833512&format=[ADD_FORMAT_STRING]&offer=[ADD_OFFER_STRING] IP 188.114.96.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-08-16 17:34 Last Seen2025-05-06 19:00 Times Seen19 Hash 185ee985dc9959167fe15a99378cc48b fce07415892b597fc146a957d00299f45e6eb2c5 c3b360216f9d4979030db72ee7771f98f1dd68291749f485255263650058e69a Loading...

HTTP Transactions (47)

	URL	IP	Response	Size
	youradexchange.com/video/select.php?r=9795770&srs=ba20a8b2c012ac402448a8b1211e340e&ufp=Linux%20x86_64%2FMozilla%2FNetscape%2Ftrue%2Ffalse%2F1280x10240en-USunknown4824%20bits&cbpage=https%3A%2F%2F1hd.sh%2F&atv=60.0&cbref=	172.67.177.214	200 OK	68 B
URL GET youradexchange.com/video/select.php?r=9795770&srs=ba20a8b2c012ac402448a8b1211e340e&ufp=Linux%20x86_64%2FMozilla%2FNetscape%2Ftrue%2Ffalse%2F1280x10240en-USunknown4824%20bits&cbpage=https%3A%2F%2F1hd.sh%2F&atv=60.0&cbref= IP 172.67.177.214:443 ASN #13335 CLOUDFLARENET Requested by https://1hd.sh/ Certificate IssuerGoogle Trust Services Subjectyouradexchange.com Fingerprint15:B3:64:96:16:B0:F4:77:6F:50:C1:66:99:8E:A6:A8:90:64:AD:7E ValidityThu, 03 Apr 2025 15:59:56 GMT - Wed, 02 Jul 2025 16:56:55 GMT File type XML 1.0 document, ASCII text Size 68 B (68 bytes) Hash 21563b0946d77e57a5613e5b74234bec f3ae94417bb905526cab264120bc2a03d43ed9d5 6d00c65a4a3725d48500d4f896ffc66e3f3b335dd21c4fb5b527dcbd219e0bea HTTP Headers GET /video/select.php?r=9795770&srs=ba20a8b2c012ac402448a8b1211e340e&ufp=Linux%20x86_64%2FMozilla%2FNetscape%2Ftrue%2Ffalse%2F1280x10240en-USunknown4824%20bits&cbpage=https%3A%2F%2F1hd.sh%2F&atv=60.0&cbref= HTTP/1.1 Host: youradexchange.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Referer: https://1hd.sh/ Origin: https://1hd.sh DNT: 1 Connection: keep-alive Sec-Fetch-Dest: empty Sec-Fetch-Mode: cors Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache HTTP/3 200 OK date: Wed, 30 Apr 2025 22:42:27 GMT content-type: application/xml; charset=utf-8 nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=5g21xSoCsQd1rzLHdJ0d234tvKCApJnal8ENYXvv1dBn%2BEocXvQgZOIFMfokQH%2F4WPNdWn4TxGsfGEn4SEC3%2BZXOmUcHRyEqIFeYn0VZ1VL2BfFsyaUJ%2Bh%2B9ElQwolVn%2FsAGNhI%3D"}],"group":"cf-nel","max_age":604800} access-control-allow-origin: https://1hd.sh access-control-allow-credentials: true access-control-allow-methods: GET, POST, OPTIONS access-control-allow-headers: Content-Type content-encoding: gzip via: 1.1 google cf-cache-status: DYNAMIC vary: accept-encoding cf-ray: 938a8d675b4d56b9-OSL server: cloudflare alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=QUIC&rtt=2980&min_rtt=1181&rtt_var=1674&sent=16&recv=13&lost=0&retrans=0&sent_bytes=6062&recv_bytes=1988&delivery_rate=11860&cwnd=12000&unsent_bytes=0&cid=bea54c665be1036d&ts=772&x=16"

	1hd.sh/	172.67.140.43	200 OK	30 kB
URL User Request GET 1hd.sh/ IP 172.67.140.43:443 ASN #13335 CLOUDFLARENET Certificate IssuerGoogle Trust Services Subject1hd.sh Fingerprint66:51:A8:05:23:C1:BB:7C:C6:BC:51:55:80:7A:33:4C:04:5F:70:DE ValidityThu, 24 Apr 2025 09:39:47 GMT - Wed, 23 Jul 2025 10:38:14 GMT File type HTML document, Unicode text, UTF-8 text, with very long lines (3849), with CRLF, LF line terminators Size 30 kB (29574 bytes) Hash e981a801de9c5049576442d9aacd3541 f97b9745897ece1f6dccd65c35d25357d8800766 9f04e78bc8c28e695435a0376414692e725277f7e3bb5c9d082c7f0154701b28 HTTP Headers `GET / HTTP/1.1 Host: 1hd.sh User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br DNT: 1 Upgrade-Insecure-Requests: 1 Connection: keep-alive Sec-Fetch-Dest: document Sec-Fetch-Mode: navigate Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache` HTTP/2 200 OK date: Wed, 30 Apr 2025 22:42:24 GMT content-type: text/html; charset=UTF-8 x-powered-by: PHP/8.2.28, PleskLin set-cookie: PHPSESSID=0kh1mguvgdt5u7ka8uco6sh9la; expires=Thu, 30 Apr 2026 22:42:24 GMT; Max-Age=31536000; path=/; secure; HttpOnly expires: Thu, 19 Nov 1981 08:52:00 GMT cache-control: no-store, no-cache, must-revalidate pragma: no-cache cf-cache-status: DYNAMIC vary: accept-encoding report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=svQ5hWdBP6Sg8ryri3bRcNQ4xRJRSNNEOdxffsFm3JOQoLngekgFKxcXAcBQNDf0%2FUCg6iAK%2BbEh%2BoVJK6Tj3Hrmoxzu8IUF%2FRAyuvXYTOaYH15Rp1QCR0U%3D"}],"group":"cf-nel","max_age":604800} nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server: cloudflare cf-ray: 938a8d58ecfb0b69-OSL content-encoding: br alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=5778&min_rtt=469&rtt_var=10547&sent=7&recv=11&lost=0&retrans=0&sent_bytes=3257&recv_bytes=1238&delivery_rate=8150093&cwnd=253&unsent_bytes=0&cid=5b16e40c59ce04a4&ts=212&x=0" X-Firefox-Spdy: h2

	1hd.sh/assets/js/lights.js?v=3	172.67.140.43	200 OK	5.6 kB
URL GET 1hd.sh/assets/js/lights.js?v=3 IP 172.67.140.43:443 ASN #13335 CLOUDFLARENET Requested by https://1hd.sh/ Certificate IssuerGoogle Trust Services Subject1hd.sh Fingerprint66:51:A8:05:23:C1:BB:7C:C6:BC:51:55:80:7A:33:4C:04:5F:70:DE ValidityThu, 24 Apr 2025 09:39:47 GMT - Wed, 23 Jul 2025 10:38:14 GMT File type JavaScript source, ASCII text, with CRLF line terminators Size 5.6 kB (5588 bytes) Hash 3c0668bf818160d6c0d8cf81703f2daa 2890f10417ebce711ed58ee8aa5cbc8b5df2f1d3 d3ee876cbd3740b000bd768cdf6aa1b3f4a9e40bee461c97f8d01ed90e5304e1 HTTP Headers `GET /assets/js/lights.js?v=3 HTTP/1.1 Host: 1hd.sh User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br DNT: 1 Connection: keep-alive Referer: https://1hd.sh/ Cookie: PHPSESSID=0kh1mguvgdt5u7ka8uco6sh9la Sec-Fetch-Dest: script Sec-Fetch-Mode: no-cors Sec-Fetch-Site: same-origin Pragma: no-cache Cache-Control: no-cache` HTTP/2 200 OK date: Wed, 30 Apr 2025 22:42:25 GMT content-type: application/javascript last-modified: Wed, 11 Jan 2023 03:34:24 GMT etag: W/"63be2e40-15d4" x-powered-by: PleskLin cache-control: max-age=14400 cf-cache-status: HIT age: 3013 report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=I4gWnVf6BdBzhrP4GHtouDGlVtf3Z8PDBBYSFEgqbIQwz6Z7y8Nvepb8n0yBjJhCTeB2X3isBFnqxptMqc8qz8fRsh7INHTJb9ZKoV8RRMUcwuNiOhNi%2Bsk%3D"}],"group":"cf-nel","max_age":604800} nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} vary: Accept-Encoding server: cloudflare cf-ray: 938a8d5c3f930b69-OSL content-encoding: br alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=853&min_rtt=374&rtt_var=474&sent=72&recv=41&lost=0&retrans=0&sent_bytes=76345&recv_bytes=1850&delivery_rate=22917985&cwnd=256&unsent_bytes=0&cid=5b16e40c59ce04a4&ts=553&x=0" X-Firefox-Spdy: h2

	1hd.sh/assets/css/all.css	172.67.140.43	200 OK	75 kB
URL GET 1hd.sh/assets/css/all.css IP 172.67.140.43:443 ASN #13335 CLOUDFLARENET Requested by https://1hd.sh/ Certificate IssuerGoogle Trust Services Subject1hd.sh Fingerprint66:51:A8:05:23:C1:BB:7C:C6:BC:51:55:80:7A:33:4C:04:5F:70:DE ValidityThu, 24 Apr 2025 09:39:47 GMT - Wed, 23 Jul 2025 10:38:14 GMT File type ASCII text, with very long lines (65536), with no line terminators Size 75 kB (75220 bytes) Hash bf446b2d0fffcae08a015ae28c5fd8a3 57963e274db23f2188872481c3f9c08c8e74adfc e2ed3c859904accd2e902795f54c7c07a23ec5bdaf3be9b513e9608fac2e51e2 HTTP Headers `GET /assets/css/all.css HTTP/1.1 Host: 1hd.sh User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0 Accept: text/css,/;q=0.1 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br DNT: 1 Connection: keep-alive Referer: https://1hd.sh/ Cookie: PHPSESSID=0kh1mguvgdt5u7ka8uco6sh9la Sec-Fetch-Dest: style Sec-Fetch-Mode: no-cors Sec-Fetch-Site: same-origin Pragma: no-cache Cache-Control: no-cache` HTTP/2 200 OK date: Wed, 30 Apr 2025 22:42:25 GMT content-type: text/css last-modified: Mon, 11 Dec 2023 06:00:34 GMT etag: W/"6576a582-125d4" x-powered-by: PleskLin age: 3627 cache-control: max-age=14400 cf-cache-status: HIT report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=m74CxohOK1lLlcAMK6siwZK8NX3vqRYjAHI8TauJIzbUyA7kJvmL7KAcZ6LGgZsw9blhcSF9OBiGvQBEvR2hq2aQh3H1VaUdBQM%2FhjLRU6LneBL%2Fz9RtifM%3D"}],"group":"cf-nel","max_age":604800} nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} vary: Accept-Encoding server: cloudflare cf-ray: 938a8d5c1f7d0b69-OSL content-encoding: br alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1549&min_rtt=374&rtt_var=2149&sent=23&recv=27&lost=0&retrans=0&sent_bytes=15987&recv_bytes=1684&delivery_rate=13738140&cwnd=256&unsent_bytes=0&cid=5b16e40c59ce04a4&ts=538&x=0" X-Firefox-Spdy: h2

	cdnjs.cloudflare.com/ajax/libs/tooltipster/4.0.0/js/tooltipster.bundle.min.js	104.17.25.14	200 OK	39 kB
URL GET cdnjs.cloudflare.com/ajax/libs/tooltipster/4.0.0/js/tooltipster.bundle.min.js IP 104.17.25.14:443 ASN #13335 CLOUDFLARENET Requested by https://1hd.sh/ Certificate IssuerGoogle Trust Services Subjectcdnjs.cloudflare.com Fingerprint5D:9B:5B:BE:24:B7:4B:CA:F3:05:47:2F:AB:3F:3C:F7:4E:C3:4D:BC ValidityMon, 24 Mar 2025 12:00:12 GMT - Sun, 22 Jun 2025 13:00:01 GMT File type JavaScript source, ASCII text, with very long lines (32107) Size 39 kB (39220 bytes) Hash 150195cfb0977fbf7ca16de64ab19baa f310c457edb13f6affd5b9e90f44a1d9044489b5 aebd88d78695843b04af0fd0575a081795c46a3d940d48579781bab1327c4d91 HTTP Headers `GET /ajax/libs/tooltipster/4.0.0/js/tooltipster.bundle.min.js HTTP/1.1 Host: cdnjs.cloudflare.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br DNT: 1 Connection: keep-alive Referer: https://1hd.sh/ Sec-Fetch-Dest: script Sec-Fetch-Mode: no-cors Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache` HTTP/2 200 OK date: Wed, 30 Apr 2025 22:42:25 GMT content-type: application/javascript; charset=utf-8 content-length: 8881 access-control-allow-origin: * cache-control: public, max-age=30672000 content-encoding: br etag: "5f559a80-9934" last-modified: Mon, 07 Sep 2020 02:27:12 GMT cf-cdnjs-via: cfworker/kv cross-origin-resource-policy: cross-origin timing-allow-origin: * x-content-type-options: nosniff vary: Accept-Encoding cf-cache-status: HIT age: 546170 expires: Mon, 20 Apr 2026 22:42:25 GMT accept-ranges: bytes report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=yNIcCEzP4Y3B8gEYWx%2FqvQavi938nnWp2bSxUvpREINyzRyS2Y8fPC%2Bv3MLLbIegVvKmPxL3M7yScHpmkTwPRjrNjMMOX3jre%2BP4CGIQ9viWJ4KZ8aFWxwWEkxSYTpb2kGalQ0y9"}],"group":"cf-nel","max_age":604800} nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800} strict-transport-security: max-age=15780000 server: cloudflare cf-ray: 938a8d5d0f1b56c9-OSL alt-svc: h3=":443"; ma=86400 X-Firefox-Spdy: h2

	youradexchange.com/video/slider.php?r=9795770&atv=60.0	172.67.177.214	200 OK	76 B
URL GET youradexchange.com/video/slider.php?r=9795770&atv=60.0 IP 172.67.177.214:443 ASN #13335 CLOUDFLARENET Requested by https://1hd.sh/ Certificate IssuerGoogle Trust Services Subjectyouradexchange.com Fingerprint15:B3:64:96:16:B0:F4:77:6F:50:C1:66:99:8E:A6:A8:90:64:AD:7E ValidityThu, 03 Apr 2025 15:59:56 GMT - Wed, 02 Jul 2025 16:56:55 GMT File type JSON text data Size 76 B (76 bytes) Hash 81b1352198727eaa623526f27cfdc064 46d561df353393f0cf452ed69c86df7157a573f4 cb994ea1bed264342c6cf20ce7436d6098b5b821285b23655fdaf987c77fada5 HTTP Headers `GET /video/slider.php?r=9795770&atv=60.0 HTTP/1.1 Host: youradexchange.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Referer: https://1hd.sh/ Origin: https://1hd.sh DNT: 1 Connection: keep-alive Sec-Fetch-Dest: empty Sec-Fetch-Mode: cors Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache` HTTP/2 200 OK date: Wed, 30 Apr 2025 22:42:26 GMT content-type: application/json; charset=utf-8 access-control-allow-origin: * access-control-allow-methods: GET, POST, OPTIONS access-control-allow-headers: Content-Type content-encoding: gzip via: 1.1 google cf-cache-status: DYNAMIC vary: accept-encoding report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=IV2JZOo%2Bj2VcyiwW%2FOr5gzf7%2Bs5FZbE9coaE3DwgcfYmZrw6DBUPMwFphpJnpstd2bJFWFvtjK0iCnL9Mns2TE5JntxPpTbiLNedQfKSf5M8US9JJLerJAB%2BQyZomIZOxmg5vh0%3D"}],"group":"cf-nel","max_age":604800} nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server: cloudflare cf-ray: 938a8d62dee35695-OSL alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=5046&min_rtt=427&rtt_var=8737&sent=12&recv=15&lost=0&retrans=0&sent_bytes=4366&recv_bytes=1816&delivery_rate=5983471&cwnd=256&unsent_bytes=0&cid=94fada0f4e41b92d&ts=542&x=0" X-Firefox-Spdy: h2

	fonts.gstatic.com/s/pathwayextreme/v3/neIczCC3pJ0rsaH2_sD-QttXPfDPonv2Tboxxpgufnv1fG7LZQ.woff2	142.250.74.35	200 OK	60 kB
URL GET fonts.gstatic.com/s/pathwayextreme/v3/neIczCC3pJ0rsaH2_sD-QttXPfDPonv2Tboxxpgufnv1fG7LZQ.woff2 IP 142.250.74.35:443 ASN #15169 GOOGLE Requested by https://1hd.sh/ Certificate IssuerGoogle Trust Services Subject.gstatic.com Fingerprint62:27:9C:C9:95:FF:8F:83:34:D0:B1:42:CB:B7:63:C0:8E:6F:3E:F1 ValidityMon, 31 Mar 2025 08:55:41 GMT - Mon, 23 Jun 2025 08:55:40 GMT File type Web Open Font Format (Version 2), TrueType, length 60384, version 1.0 Size 60 kB (60384 bytes) Hash 3dab586cabfeaa291a506459b98fa3e7 31fdfb6cf6ea77b01e5d6a4e2f271c479a260a3c 20cc723814ee90c35309d8ca98dc2133007ad86cfebe0719babf021edc840a55 HTTP Headers GET /s/pathwayextreme/v3/neIczCC3pJ0rsaH2_sD-QttXPfDPonv2Tboxxpgufnv1fG7LZQ.woff2 HTTP/1.1 Host: fonts.gstatic.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0 Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,/;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: identity Origin: https://1hd.sh DNT: 1 Connection: keep-alive Referer: https://fonts.googleapis.com/ Sec-Fetch-Dest: font Sec-Fetch-Mode: cors Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache HTTP/2 200 OK accept-ranges: bytes access-control-allow-origin: content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes cross-origin-resource-policy: cross-origin cross-origin-opener-policy: same-origin; report-to="apps-themes" report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]} timing-allow-origin: * content-length: 60384 x-content-type-options: nosniff server: sffe x-xss-protection: 0 date: Thu, 24 Apr 2025 15:20:36 GMT expires: Fri, 24 Apr 2026 15:20:36 GMT cache-control: public, max-age=31536000 last-modified: Thu, 20 Apr 2023 13:35:14 GMT content-type: font/woff2 age: 544910 alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 X-Firefox-Spdy: h2

	fonts.gstatic.com/s/pathwayextreme/v3/neIczCC3pJ0rsaH2_sD-QttXPfDPonv2Tboxxpgufnv1fG7LZQ.woff2	142.250.74.35	200 OK	60 kB
URL GET fonts.gstatic.com/s/pathwayextreme/v3/neIczCC3pJ0rsaH2_sD-QttXPfDPonv2Tboxxpgufnv1fG7LZQ.woff2 IP 142.250.74.35:443 ASN #15169 GOOGLE Requested by https://1hd.sh/ Certificate IssuerGoogle Trust Services Subject.gstatic.com Fingerprint62:27:9C:C9:95:FF:8F:83:34:D0:B1:42:CB:B7:63:C0:8E:6F:3E:F1 ValidityMon, 31 Mar 2025 08:55:41 GMT - Mon, 23 Jun 2025 08:55:40 GMT File type Web Open Font Format (Version 2), TrueType, length 60384, version 1.0 Size 60 kB (60384 bytes) Hash 3dab586cabfeaa291a506459b98fa3e7 31fdfb6cf6ea77b01e5d6a4e2f271c479a260a3c 20cc723814ee90c35309d8ca98dc2133007ad86cfebe0719babf021edc840a55 HTTP Headers GET /s/pathwayextreme/v3/neIczCC3pJ0rsaH2_sD-QttXPfDPonv2Tboxxpgufnv1fG7LZQ.woff2 HTTP/1.1 Host: fonts.gstatic.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0 Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,/;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: identity Origin: https://1hd.sh DNT: 1 Connection: keep-alive Referer: https://fonts.googleapis.com/ Sec-Fetch-Dest: font Sec-Fetch-Mode: cors Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache HTTP/2 200 OK accept-ranges: bytes access-control-allow-origin: content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes cross-origin-resource-policy: cross-origin cross-origin-opener-policy: same-origin; report-to="apps-themes" report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]} timing-allow-origin: * content-length: 60384 x-content-type-options: nosniff server: sffe x-xss-protection: 0 date: Thu, 24 Apr 2025 15:20:36 GMT expires: Fri, 24 Apr 2026 15:20:36 GMT cache-control: public, max-age=31536000 last-modified: Thu, 20 Apr 2023 13:35:14 GMT content-type: font/woff2 age: 544910 alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 X-Firefox-Spdy: h2

	pubtrky.com/ut/hb.php?cb=0.22671872502767376&v=1	172.67.188.110	204 No Content	0 B
URL POST pubtrky.com/ut/hb.php?cb=0.22671872502767376&v=1 IP 172.67.188.110:443 ASN #13335 CLOUDFLARENET Requested by https://1hd.sh/ Certificate IssuerGoogle Trust Services Subjectpubtrky.com FingerprintE5:4C:CF:74:BF:B8:D7:8B:39:F8:13:97:6C:AE:46:2B:E5:A8:E7:0B ValidityFri, 07 Mar 2025 10:09:06 GMT - Thu, 05 Jun 2025 11:07:39 GMT File type Size 0 B (0 bytes) Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 HTTP Headers `POST /ut/hb.php?cb=0.22671872502767376&v=1 HTTP/1.1 Host: pubtrky.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Content-Type: text/plain; charset=utf-8 Content-Length: 973 Origin: https://1hd.sh DNT: 1 Connection: keep-alive Referer: https://1hd.sh/ Sec-Fetch-Dest: empty Sec-Fetch-Mode: no-cors Sec-Fetch-Site: cross-site` HTTP/2 204 No Content date: Wed, 30 Apr 2025 22:42:26 GMT access-control-allow-origin: * via: 1.1 google cf-cache-status: DYNAMIC report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=1JdcBjN1YFsm6SLGfBPxY%2BHNDxUhcWxdIfbzkqOI1C8%2Bx3Bhra9kir6uyCKpUyaCm%2Fq65v7baEeeleTnV0paEXsI%2BRaLj%2Fkt2hkxsaYBsH2CKEjNtoAuNrhIgGbUJw%3D%3D"}],"group":"cf-nel","max_age":604800} nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server: cloudflare cf-ray: 938a8d632db8b529-OSL alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=560&min_rtt=419&rtt_var=300&sent=7&recv=11&lost=0&retrans=0&sent_bytes=3202&recv_bytes=2102&delivery_rate=6972712&cwnd=254&unsent_bytes=0&cid=1c89979ad1942b52&ts=169&x=0" X-Firefox-Spdy: h2

	fonts.gstatic.com/s/pathwayextreme/v3/neIczCC3pJ0rsaH2_sD-QttXPfDPonv2Tboxxpgufnv1fG7LZQ.woff2	142.250.74.35	200 OK	60 kB
URL GET fonts.gstatic.com/s/pathwayextreme/v3/neIczCC3pJ0rsaH2_sD-QttXPfDPonv2Tboxxpgufnv1fG7LZQ.woff2 IP 142.250.74.35:443 ASN #15169 GOOGLE Requested by https://1hd.sh/ Certificate IssuerGoogle Trust Services Subject.gstatic.com Fingerprint62:27:9C:C9:95:FF:8F:83:34:D0:B1:42:CB:B7:63:C0:8E:6F:3E:F1 ValidityMon, 31 Mar 2025 08:55:41 GMT - Mon, 23 Jun 2025 08:55:40 GMT File type Web Open Font Format (Version 2), TrueType, length 60384, version 1.0 Size 60 kB (60384 bytes) Hash 3dab586cabfeaa291a506459b98fa3e7 31fdfb6cf6ea77b01e5d6a4e2f271c479a260a3c 20cc723814ee90c35309d8ca98dc2133007ad86cfebe0719babf021edc840a55 HTTP Headers GET /s/pathwayextreme/v3/neIczCC3pJ0rsaH2_sD-QttXPfDPonv2Tboxxpgufnv1fG7LZQ.woff2 HTTP/1.1 Host: fonts.gstatic.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0 Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,/;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: identity Origin: https://1hd.sh DNT: 1 Connection: keep-alive Referer: https://fonts.googleapis.com/ Sec-Fetch-Dest: font Sec-Fetch-Mode: cors Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache HTTP/2 200 OK accept-ranges: bytes access-control-allow-origin: content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes cross-origin-resource-policy: cross-origin cross-origin-opener-policy: same-origin; report-to="apps-themes" report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]} timing-allow-origin: * content-length: 60384 x-content-type-options: nosniff server: sffe x-xss-protection: 0 date: Thu, 24 Apr 2025 15:20:36 GMT expires: Fri, 24 Apr 2026 15:20:36 GMT cache-control: public, max-age=31536000 last-modified: Thu, 20 Apr 2023 13:35:14 GMT content-type: font/woff2 age: 544910 alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 X-Firefox-Spdy: h2

	auto-deploy.pages.dev/IPP/Artjom/GAME/ENG/428/src/style.css	188.114.96.1	200 OK	681 B
URL GET auto-deploy.pages.dev/IPP/Artjom/GAME/ENG/428/src/style.css IP 188.114.96.1:443 ASN #13335 CLOUDFLARENET Requested by https://auto-deploy.pages.dev/IPP/Artjom/GAME/ENG/428/?cid=174605296617120TNOTV415326358024V11867&network=adcash&utm_source=9795758-3775522587-3930541253&camp=401936220&creative=23833512&format=%5BADD_FORMAT_STRING%5D&offer=%5BADD_OFFER_STRING%5D Certificate IssuerGoogle Trust Services Subjectauto-deploy.pages.dev FingerprintB6:70:20:01:ED:7F:9D:3B:F8:B9:B7:9C:39:B6:37:C6:F5:C9:4C:B0 ValidityThu, 24 Apr 2025 01:32:13 GMT - Wed, 23 Jul 2025 02:30:33 GMT File type ASCII text, with CRLF line terminators Size 681 B (681 bytes) Hash 4b3679508ec5704df03efe959d914a44 3a658353793ee3bc59dc4e04b097e0b2bef6f7d4 ed0393986b89dc3d274c6617581495f1f5c96f50d6f610ca25fb72e87e286fa9 HTTP Headers GET /IPP/Artjom/GAME/ENG/428/src/style.css HTTP/1.1 Host: auto-deploy.pages.dev User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0 Accept: text/css,/;q=0.1 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Referer: https://auto-deploy.pages.dev/IPP/Artjom/GAME/ENG/428/?cid=174605296617120TNOTV415326358024V11867&network=adcash&utm_source=9795758-3775522587-3930541253&camp=401936220&creative=23833512&format=%5BADD_FORMAT_STRING%5D&offer=%5BADD_OFFER_STRING%5D DNT: 1 Connection: keep-alive Sec-Fetch-Dest: style Sec-Fetch-Mode: no-cors Sec-Fetch-Site: same-origin Pragma: no-cache Cache-Control: no-cache HTTP/3 200 OK date: Wed, 30 Apr 2025 22:42:47 GMT content-type: text/css; charset=utf-8 access-control-allow-origin: * cache-control: public, max-age=0, must-revalidate etag: W/"f6f4fbd00f108f98961c850177170c75" referrer-policy: strict-origin-when-cross-origin x-content-type-options: nosniff priority: u=2,i=?0 report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=rJPVpjfEgNvGkv3xsjFSz0ApFyHc2saR5ybC%2BTTLvbWIf6S7ZQqUndCWWV0p3n81tyGS7%2BU0y43FC2MXOdio%2BOYE22BlHA7NR2gEUwVjfGK5lScWuiuOi5J%2Fbsiu6%2FcB7MxK%2BcHTaZo%3D"}],"group":"cf-nel","max_age":604800} nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} vary: Accept-Encoding server: cloudflare cf-ray: 938a8de53af9b4eb-OSL content-encoding: br alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=QUIC&rtt=2845&min_rtt=1118&rtt_var=2439&sent=133&recv=19&lost=0&retrans=0&sent_bytes=140391&recv_bytes=3508&delivery_rate=1261082&cwnd=96000&unsent_bytes=0&cid=29e7137ba546498c&ts=169&x=1", cfExtPri, cfHdrFlush;dur=0

	auto-deploy.pages.dev/IPP/Artjom/GAME/ENG/428/src/Banners_U-s_DE_Google_1200628_WG_SPb_WoWs-ezgif.com-resize%20(1).jpg	188.114.96.1	200 OK	65 kB
URL GET auto-deploy.pages.dev/IPP/Artjom/GAME/ENG/428/src/Banners_U-s_DE_Google_1200628_WG_SPb_WoWs-ezgif.com-resize%20(1).jpg IP 188.114.96.1:443 ASN #13335 CLOUDFLARENET Requested by https://auto-deploy.pages.dev/IPP/Artjom/GAME/ENG/428/?cid=174605296617120TNOTV415326358024V11867&network=adcash&utm_source=9795758-3775522587-3930541253&camp=401936220&creative=23833512&format=%5BADD_FORMAT_STRING%5D&offer=%5BADD_OFFER_STRING%5D Certificate IssuerGoogle Trust Services Subjectauto-deploy.pages.dev FingerprintB6:70:20:01:ED:7F:9D:3B:F8:B9:B7:9C:39:B6:37:C6:F5:C9:4C:B0 ValidityThu, 24 Apr 2025 01:32:13 GMT - Wed, 23 Jul 2025 02:30:33 GMT File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, comment: "JPG edited with https://ezgif.com/resize", baseline, precision 8, 300x157, components 3 Size 65 kB (64583 bytes) Hash 55bb249cb935ab01d0bba0fe3d9da0a6 140439976db172e93122ad1bd6ef564d51d0e2d4 d8afa95d695ca29e8c3f6accb00bc9e020082502a631bf7908b5cf9a00777d24 HTTP Headers GET /IPP/Artjom/GAME/ENG/428/src/Banners_U-s_DE_Google_1200628_WG_SPb_WoWs-ezgif.com-resize%20(1).jpg HTTP/1.1 Host: auto-deploy.pages.dev User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0 Accept: image/avif,image/webp,/ Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Referer: https://auto-deploy.pages.dev/IPP/Artjom/GAME/ENG/428/?cid=174605296617120TNOTV415326358024V11867&network=adcash&utm_source=9795758-3775522587-3930541253&camp=401936220&creative=23833512&format=%5BADD_FORMAT_STRING%5D&offer=%5BADD_OFFER_STRING%5D DNT: 1 Connection: keep-alive Sec-Fetch-Dest: image Sec-Fetch-Mode: no-cors Sec-Fetch-Site: same-origin Pragma: no-cache Cache-Control: no-cache HTTP/3 200 OK date: Wed, 30 Apr 2025 22:42:47 GMT content-type: image/jpeg content-length: 64583 access-control-allow-origin: * cache-control: public, max-age=0, must-revalidate etag: "20acdfcd1d01a4ae70c6ff4d774985b5" referrer-policy: strict-origin-when-cross-origin x-content-type-options: nosniff priority: u=4,i=?0 report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=FN58Rx%2BJ9hrvSAZWLCgdVDhxJLOo9fWcA9CL8t1X9p0pmKU9NzwUnOKzsQbi%2BaKBBo%2FjT6gXabRuLlKdx1enjSpD9B5%2FezZiT%2F86zv77vVTjMowvAy5aOPtkRfiQ%2FlHHtN81oO3g%2BK8%3D"}],"group":"cf-nel","max_age":604800} nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} vary: Accept-Encoding server: cloudflare cf-ray: 938a8de53afab4eb-OSL alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=QUIC&rtt=2845&min_rtt=1118&rtt_var=2439&sent=134&recv=19&lost=0&retrans=0&sent_bytes=141453&recv_bytes=3508&delivery_rate=1261082&cwnd=96000&unsent_bytes=0&cid=29e7137ba546498c&ts=171&x=1", cfExtPri, cfHdrFlush;dur=0

	fonts.gstatic.com/s/pathwayextreme/v3/neIczCC3pJ0rsaH2_sD-QttXPfDPonv2Tboxxpgufnv1fG7LZQ.woff2	142.250.74.35	200 OK	60 kB
URL GET fonts.gstatic.com/s/pathwayextreme/v3/neIczCC3pJ0rsaH2_sD-QttXPfDPonv2Tboxxpgufnv1fG7LZQ.woff2 IP 142.250.74.35:443 ASN #15169 GOOGLE Requested by https://1hd.sh/ Certificate IssuerGoogle Trust Services Subject.gstatic.com Fingerprint62:27:9C:C9:95:FF:8F:83:34:D0:B1:42:CB:B7:63:C0:8E:6F:3E:F1 ValidityMon, 31 Mar 2025 08:55:41 GMT - Mon, 23 Jun 2025 08:55:40 GMT File type Web Open Font Format (Version 2), TrueType, length 60384, version 1.0 Size 60 kB (60384 bytes) Hash 3dab586cabfeaa291a506459b98fa3e7 31fdfb6cf6ea77b01e5d6a4e2f271c479a260a3c 20cc723814ee90c35309d8ca98dc2133007ad86cfebe0719babf021edc840a55 HTTP Headers GET /s/pathwayextreme/v3/neIczCC3pJ0rsaH2_sD-QttXPfDPonv2Tboxxpgufnv1fG7LZQ.woff2 HTTP/1.1 Host: fonts.gstatic.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0 Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,/;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: identity Origin: https://1hd.sh DNT: 1 Connection: keep-alive Referer: https://fonts.googleapis.com/ Sec-Fetch-Dest: font Sec-Fetch-Mode: cors Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache HTTP/2 200 OK accept-ranges: bytes access-control-allow-origin: content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes cross-origin-resource-policy: cross-origin cross-origin-opener-policy: same-origin; report-to="apps-themes" report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]} timing-allow-origin: * content-length: 60384 x-content-type-options: nosniff server: sffe x-xss-protection: 0 date: Thu, 24 Apr 2025 15:20:36 GMT expires: Fri, 24 Apr 2026 15:20:36 GMT cache-control: public, max-age=31536000 last-modified: Thu, 20 Apr 2023 13:35:14 GMT content-type: font/woff2 age: 544910 alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 X-Firefox-Spdy: h2

	acscdn.com/script/ut.js?cb=1746052946144	188.114.96.1	200 OK	81 kB
URL GET acscdn.com/script/ut.js?cb=1746052946144 IP 188.114.96.1:443 ASN #13335 CLOUDFLARENET Requested by https://1hd.sh/ Certificate IssuerGoogle Trust Services Subjectacscdn.com Fingerprint8F:A7:B8:69:9D:95:64:41:D3:00:72:86:8A:93:96:A4:28:FC:BB:C6 ValidityWed, 16 Apr 2025 20:29:49 GMT - Tue, 15 Jul 2025 21:24:42 GMT File type JavaScript source, Unicode text, UTF-8 text, with very long lines (65493), with no line terminators Size 81 kB (81040 bytes) Hash eaa11c5f044a59ec54c82e06a8beba81 afb33a13f1b0b1163ae1d5f98703c9eacd35bee3 b05b9df2027483a401c352424c15d0adff42dbe771c52b71333e5b4e68f1260c HTTP Headers `GET /script/ut.js?cb=1746052946144 HTTP/1.1 Host: acscdn.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br DNT: 1 Connection: keep-alive Referer: https://1hd.sh/ Sec-Fetch-Dest: script Sec-Fetch-Mode: no-cors Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache` HTTP/3 200 OK date: Wed, 30 Apr 2025 22:42:26 GMT content-type: text/javascript x-guploader-uploadid: AAO2VwrtKbcu2ZAbexYQOEAo-RL3uXkdhkK4CiXtAI9RrAuoFsO4XGBRbKcDRXO7O63rVNQ x-goog-generation: 1746014128527462 x-goog-metageneration: 2 x-goog-stored-content-encoding: identity x-goog-stored-content-length: 81040 x-goog-hash: crc32c=I1uWZQ==, md5=6qEcXwRKWexUyC4GqL66gQ== x-goog-storage-class: MULTI_REGIONAL access-control-allow-origin: * expires: Wed, 30 Apr 2025 22:57:46 GMT cache-control: public, max-age=3600 last-modified: Wed, 30 Apr 2025 11:55:28 GMT etag: W/"eaa11c5f044a59ec54c82e06a8beba81" age: 2334 alt-svc: h3=":443"; ma=86400 cf-cache-status: HIT priority: u=3,i=?0 report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=DyQ7nwK7a8DljetmjsqAWpTopvU2wEdWQwHVu7kjcFymLfkHdJODzFx%2B59PyBCwUTiR9ekSftYpdo15pWmQv%2BtgusZUzZCRUBkkTwlBvElh7Z%2B%2F5LSisfad0orrH"}],"group":"cf-nel","max_age":604800} nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} vary: Accept-Encoding server: cloudflare cf-ray: 938a8d618b88569f-OSL content-encoding: br server-timing: cfL4;desc="?proto=QUIC&rtt=3741&min_rtt=1681&rtt_var=1846&sent=41&recv=12&lost=0&retrans=0&sent_bytes=34294&recv_bytes=1545&delivery_rate=47175&cwnd=24000&unsent_bytes=0&cid=b5c928dea1858291&ts=544&x=1", cfExtPri, cfHdrFlush;dur=0

	acscdn.com/script/inpagepush.js	188.114.96.1	200 OK	87 kB
URL GET acscdn.com/script/inpagepush.js IP 188.114.96.1:443 ASN #13335 CLOUDFLARENET Requested by https://1hd.sh/ Certificate IssuerGoogle Trust Services Subjectacscdn.com Fingerprint8F:A7:B8:69:9D:95:64:41:D3:00:72:86:8A:93:96:A4:28:FC:BB:C6 ValidityWed, 16 Apr 2025 20:29:49 GMT - Tue, 15 Jul 2025 21:24:42 GMT File type JavaScript source, Unicode text, UTF-8 text, with very long lines (33238), with NEL line terminators Size 87 kB (86793 bytes) Hash e5bf6d77c6955d7e3f74f9a2b1ba62a2 27b33e9887ea93c566857cd7f3f935c6033a749f 4a1ce121dfee34de0ce3170e3783e6e1d5e52256047531e8160c2382d724841c HTTP Headers `GET /script/inpagepush.js HTTP/1.1 Host: acscdn.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br DNT: 1 Connection: keep-alive Referer: https://1hd.sh/ Sec-Fetch-Dest: script Sec-Fetch-Mode: no-cors Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache` HTTP/3 200 OK date: Wed, 30 Apr 2025 22:42:26 GMT content-type: text/javascript x-guploader-uploadid: AAO2Vwr4pK7kXeFIeuTLiWD5kFqkB5Nr58Cn_4hVZLDgcdbEV-8Pm6QI_b6zKVroCWaL-vI x-goog-generation: 1746013906272041 x-goog-metageneration: 2 x-goog-stored-content-encoding: identity x-goog-stored-content-length: 86793 x-goog-hash: crc32c=k06O4w==, md5=5b9td8aVXX4/dPmisbpiog== x-goog-storage-class: MULTI_REGIONAL access-control-allow-origin: * expires: Wed, 30 Apr 2025 23:00:09 GMT cache-control: public, max-age=3600 last-modified: Wed, 30 Apr 2025 11:51:46 GMT etag: W/"e5bf6d77c6955d7e3f74f9a2b1ba62a2" age: 403 alt-svc: h3=":443"; ma=86400 cf-cache-status: HIT priority: u=3,i=?0 report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=BCNCMPlHcfSSO5raqi5vhUaz18K0q1agQACc02XGJerBW2OgFwkSthQMemTYVdNYPPe3zSeRFKMW7wO3XsXyDhQokZrrZhOcLNk0KTgEcJKDOxqi1oJPH9rGNOyz"}],"group":"cf-nel","max_age":604800} nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} vary: Accept-Encoding server: cloudflare cf-ray: 938a8d638d1e569f-OSL content-encoding: br server-timing: cfL4;desc="?proto=QUIC&rtt=2874&min_rtt=1018&rtt_var=1671&sent=104&recv=18&lost=0&retrans=0&sent_bytes=101421&recv_bytes=2201&delivery_rate=1397537&cwnd=37200&unsent_bytes=0&cid=b5c928dea1858291&ts=866&x=1", cfExtPri, cfHdrFlush;dur=0

	acscdn.com/script/aclib.js	188.114.96.1	200 OK	136 kB
URL GET acscdn.com/script/aclib.js IP 188.114.96.1:443 ASN #13335 CLOUDFLARENET Requested by https://1hd.sh/ Certificate IssuerGoogle Trust Services Subjectacscdn.com Fingerprint8F:A7:B8:69:9D:95:64:41:D3:00:72:86:8A:93:96:A4:28:FC:BB:C6 ValidityWed, 16 Apr 2025 20:29:49 GMT - Tue, 15 Jul 2025 21:24:42 GMT File type JavaScript source, Unicode text, UTF-8 text, with very long lines (65493), with no line terminators Size 136 kB (135598 bytes) Hash 99396b8be1aa8280e0b3aa86075a4094 4b9bfac1a58c0364f0c55405873eec27c159a407 68332c022d13f9d1e22c76a638225a949cea39cbd14d5d84fdbc1003e0c6076e HTTP Headers `GET /script/aclib.js HTTP/1.1 Host: acscdn.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br DNT: 1 Connection: keep-alive Referer: https://1hd.sh/ Sec-Fetch-Dest: script Sec-Fetch-Mode: no-cors Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache` HTTP/2 200 OK date: Wed, 30 Apr 2025 22:42:25 GMT content-type: text/javascript x-guploader-uploadid: AAO2Vwpsnc6S85oh6Qaaynn8Q2mkynM7DX8gEKbehF8-plI_nYQ1tY2_IdTeDguZkFHTFBLC x-goog-generation: 1746013745736030 x-goog-metageneration: 2 x-goog-stored-content-encoding: identity x-goog-stored-content-length: 135598 x-goog-hash: crc32c=cuDBGg==, md5=mTlri+GqgoDgs6qGB1pAlA== x-goog-storage-class: MULTI_REGIONAL access-control-allow-origin: * expires: Wed, 30 Apr 2025 23:15:53 GMT cache-control: public, max-age=3600 last-modified: Wed, 30 Apr 2025 11:49:05 GMT etag: W/"99396b8be1aa8280e0b3aa86075a4094" age: 1542 alt-svc: h3=":443"; ma=86400 cf-cache-status: HIT report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=5KyucewMraFAshbDmyYBvFutlb2VNppMumbW6pdZ0Q7A4QbL%2BE1XN3CMY1mpmD3xz7M41trFckIFeFA8CoGYkDJ2QW2dbjYyuRZD8LqtvvMSrg2EN4n22GVXl1Tu"}],"group":"cf-nel","max_age":604800} nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} vary: Accept-Encoding server: cloudflare cf-ray: 938a8d5d0ec1712a-OSL content-encoding: br server-timing: cfL4;desc="?proto=TCP&rtt=606&min_rtt=410&rtt_var=347&sent=7&recv=11&lost=0&retrans=0&sent_bytes=3270&recv_bytes=1182&delivery_rate=7647887&cwnd=254&unsent_bytes=0&cid=ecbccefa34443bd5&ts=67&x=0" X-Firefox-Spdy: h2

	cdnjs.cloudflare.com/ajax/libs/jquery/1.12.3/jquery.min.js	104.17.25.14	200 OK	97 kB
URL GET cdnjs.cloudflare.com/ajax/libs/jquery/1.12.3/jquery.min.js IP 104.17.25.14:443 ASN #13335 CLOUDFLARENET Requested by https://1hd.sh/ Certificate IssuerGoogle Trust Services Subjectcdnjs.cloudflare.com Fingerprint5D:9B:5B:BE:24:B7:4B:CA:F3:05:47:2F:AB:3F:3C:F7:4E:C3:4D:BC ValidityMon, 24 Mar 2025 12:00:12 GMT - Sun, 22 Jun 2025 13:00:01 GMT File type JavaScript source, ASCII text, with very long lines (32029) Size 97 kB (97180 bytes) Hash c07f2267a050732b752cc3e7a06850ac 220dad6750fba4898e10b8d9b78ca46f4f774544 69a3831c082fc105b56c53865cc797fa90b83d920fb2f9f6875b00ad83a18174 HTTP Headers `GET /ajax/libs/jquery/1.12.3/jquery.min.js HTTP/1.1 Host: cdnjs.cloudflare.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br DNT: 1 Connection: keep-alive Referer: https://1hd.sh/ Sec-Fetch-Dest: script Sec-Fetch-Mode: no-cors Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache` HTTP/2 200 OK date: Wed, 30 Apr 2025 22:42:25 GMT content-type: application/javascript; charset=utf-8 content-length: 30308 access-control-allow-origin: * cache-control: public, max-age=30672000 content-encoding: br etag: "5eb03ec4-17b9c" last-modified: Mon, 04 May 2020 16:11:48 GMT cf-cdnjs-via: cfworker/kv cross-origin-resource-policy: cross-origin timing-allow-origin: * x-content-type-options: nosniff vary: Accept-Encoding cf-cache-status: HIT age: 175553 expires: Mon, 20 Apr 2026 22:42:25 GMT accept-ranges: bytes report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Y6s5luWkBdp%2BJgAOQgbeZwt9DvVNVB4LTey2LA2IvlC%2Bt%2FeH%2BJKLrN9M3iTMVLSa8IIw0NdZrvlwZ13FG0N1zDgMKR%2FZ8DYqUKOMoTJyN3AIxj%2FoJGihuUEZ4a44MnSKn8U3yBZx"}],"group":"cf-nel","max_age":604800} nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800} strict-transport-security: max-age=15780000 server: cloudflare cf-ray: 938a8d5ceef156c9-OSL alt-svc: h3=":443"; ma=86400 X-Firefox-Spdy: h2

	cdnjs.cloudflare.com/ajax/libs/font-awesome/6.4.0/css/all.min.css	104.17.25.14	200 OK	102 kB
URL GET cdnjs.cloudflare.com/ajax/libs/font-awesome/6.4.0/css/all.min.css IP 104.17.25.14:443 ASN #13335 CLOUDFLARENET Requested by https://1hd.sh/ Certificate IssuerGoogle Trust Services Subjectcdnjs.cloudflare.com Fingerprint5D:9B:5B:BE:24:B7:4B:CA:F3:05:47:2F:AB:3F:3C:F7:4E:C3:4D:BC ValidityMon, 24 Mar 2025 12:00:12 GMT - Sun, 22 Jun 2025 13:00:01 GMT File type ASCII text, with very long lines (52276) Size 102 kB (102025 bytes) Hash ded1c367363e8b20bdc6a19b8350a737 8c06d82739d14b094ff6d9036021a252bd1d985d 1edb1725a9ea8ca4dcf2f5508cee183218aa1685e47c1b23056717f754f58ebf HTTP Headers `GET /ajax/libs/font-awesome/6.4.0/css/all.min.css HTTP/1.1 Host: cdnjs.cloudflare.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0 Accept: text/css,/;q=0.1 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br DNT: 1 Connection: keep-alive Referer: https://1hd.sh/ Sec-Fetch-Dest: style Sec-Fetch-Mode: no-cors Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache` HTTP/2 200 OK date: Wed, 30 Apr 2025 22:42:25 GMT content-type: text/css; charset=utf-8 content-length: 18752 access-control-allow-origin: * cache-control: public, max-age=30672000 content-encoding: br etag: "6421d693-4940" last-modified: Mon, 27 Mar 2023 17:46:59 GMT cf-cdnjs-via: cfworker/kv cross-origin-resource-policy: cross-origin timing-allow-origin: * x-content-type-options: nosniff vary: Accept-Encoding cf-cache-status: HIT age: 92437 expires: Mon, 20 Apr 2026 22:42:25 GMT accept-ranges: bytes report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=nV%2FCO8FDOcIPM%2FMfYzGtNYPiwO4Uw6qSB2BlZpveCWlePMNkSb3jcGzmOC0ixU7ykKrOcV3wbq4Eyd%2FRbFEOak7Hc3uAbIPPD6VBM5Kcm0mG8bZSGm%2BGb7t60F0G7LqFd4T1JUos"}],"group":"cf-nel","max_age":604800} nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800} strict-transport-security: max-age=15780000 server: cloudflare cf-ray: 938a8d5ccee056c9-OSL alt-svc: h3=":443"; ma=86400 X-Firefox-Spdy: h2

	masterlist.tv/images/banner2.png?v=5	104.21.16.153	200 OK	17 kB
URL GET masterlist.tv/images/banner2.png?v=5 IP 104.21.16.153:443 ASN #13335 CLOUDFLARENET Requested by https://1hd.sh/ Certificate IssuerGoogle Trust Services Subjectmasterlist.tv Fingerprint31:3E:CE:AE:F5:14:7A:DD:CA:FF:7C:5A:74:71:69:7D:2C:E8:80:E1 ValidityTue, 08 Apr 2025 01:06:17 GMT - Mon, 07 Jul 2025 02:05:04 GMT File type PNG image data, 720 x 90, 8-bit/color RGB, non-interlaced Size 17 kB (17086 bytes) Hash 1731c9863012f339615d16002661d0e6 c11b368205419d231c9b3d0418fb7f5ec82b8d5d f7ff97c1d66f0439acb08036b23ede3e1747dae0319feaae1f56386f75af69a7 HTTP Headers `GET /images/banner2.png?v=5 HTTP/1.1 Host: masterlist.tv User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0 Accept: image/avif,image/webp,/ Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br DNT: 1 Connection: keep-alive Referer: https://1hd.sh/ Sec-Fetch-Dest: image Sec-Fetch-Mode: no-cors Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache` HTTP/2 200 OK date: Wed, 30 Apr 2025 22:42:25 GMT content-type: image/png content-length: 17086 last-modified: Sat, 28 Sep 2024 09:47:54 GMT etag: "66f7d0ca-42be" x-powered-by: PleskLin cache-control: max-age=14400 cf-cache-status: HIT age: 483 accept-ranges: bytes report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=E3z3P8kn%2FQgC40qG7iAR%2BVd3EXMn2I7o5J1raJIN6YRyTve50E3RewWWoSABBzHXXQNf%2F6MKH7aD1uCnGMOb%2Bm6HN9GItSmHXvng8BHbVhLk%2BtyCuZEJ3w%2FZY5FVXYDh"}],"group":"cf-nel","max_age":604800} nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} vary: Accept-Encoding server: cloudflare cf-ray: 938a8d5d39fd569d-OSL alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=890&min_rtt=398&rtt_var=969&sent=7&recv=11&lost=0&retrans=0&sent_bytes=3281&recv_bytes=1208&delivery_rate=7168316&cwnd=254&unsent_bytes=0&cid=8808e5c100164ecc&ts=87&x=0" X-Firefox-Spdy: h2

	1hd.sh/assets/js/custom.js	172.67.140.43	200 OK	19 kB
URL GET 1hd.sh/assets/js/custom.js IP 172.67.140.43:443 ASN #13335 CLOUDFLARENET Requested by https://1hd.sh/ Certificate IssuerGoogle Trust Services Subject1hd.sh Fingerprint66:51:A8:05:23:C1:BB:7C:C6:BC:51:55:80:7A:33:4C:04:5F:70:DE ValidityThu, 24 Apr 2025 09:39:47 GMT - Wed, 23 Jul 2025 10:38:14 GMT File type JavaScript source, ASCII text, with very long lines (19072), with no line terminators Size 19 kB (19072 bytes) Hash 28c98063fb6f44b912a27435a44b503c ee3b6f1a16e33a2e63a2671d9066690eff8c5fda 831cfbe8ed41066900f00d7b869f5a952b61e3c4c9a6a8d7fb7f66cb857f8861 HTTP Headers `GET /assets/js/custom.js HTTP/1.1 Host: 1hd.sh User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br DNT: 1 Connection: keep-alive Referer: https://1hd.sh/ Cookie: PHPSESSID=0kh1mguvgdt5u7ka8uco6sh9la Sec-Fetch-Dest: script Sec-Fetch-Mode: no-cors Sec-Fetch-Site: same-origin Pragma: no-cache Cache-Control: no-cache` HTTP/2 200 OK date: Wed, 30 Apr 2025 22:42:25 GMT content-type: application/javascript last-modified: Mon, 11 Dec 2023 10:40:33 GMT etag: W/"6576e721-4a80" x-powered-by: PleskLin age: 3012 cache-control: max-age=14400 cf-cache-status: HIT report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=QVKx7NVxLBkqTUv2Vn%2BXgDcI8GohlQWDROgCE%2BlYCaxWwaz3aWV9zXhhKpUOs2ZIhTujUdElWPRM5L%2ByJwvR9Layn9Gh67cbJRB65wsCO%2Bgwo%2B16ulDGdxQ%3D"}],"group":"cf-nel","max_age":604800} nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} vary: Accept-Encoding server: cloudflare cf-ray: 938a8d5c3f920b69-OSL content-encoding: br alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1386&min_rtt=374&rtt_var=1422&sent=76&recv=42&lost=0&retrans=0&sent_bytes=78738&recv_bytes=1850&delivery_rate=22917985&cwnd=256&unsent_bytes=0&cid=5b16e40c59ce04a4&ts=553&x=0" X-Firefox-Spdy: h2

	youradexchange.com/script/i.php?t=1&c=23952152&stamat=m%257C%252C%252CA2MWYiI2tGU3BU-GH0dEdHP3xP.708%252CDpnP5rL0pwQLbET0a7S3cwuwhxDxX0hpAkh6npj4waGN79bhoBmGFx1D-aboNPvtdZrkhZN4bZnh0bABCPMxVGXjo4-LoHZzph7t8e25j0_4Bs2c3qDBYm08gyH-WSN9auNzK1vfSZcoYI17pLfTSOBxr0PoKf0nsvoWqAnRn_hTjqdIn2gdek7PZDu2yPzkNFwGWXndbZ2GT6OUdJ_RK61dT35YvRR1_5VQtvG9wNJ1x6Xapd4OnHe4OVkQ4C87L5F1_qlNBKkgGVzjpCkr60XZLRZDjKH8OWgnT18GCviTLZ-BkC6vJdXVyKuWxx_MNOJU_hGm1X3BOmL40gIZJjSeN-DlUFp7kPD4N_r0h13oZ1gs6glpk5U3wOxreEDkVZNztaWS6GO82Gfo96D_e4l0EOBk5RODwBwav2xIpX6_pEGoDgcOLPjQTk5O-Pu2W2zdjNDKIJOgMWVz4Rd-jeaQY-Lln46ZPK4UaNv_sOiQc2ep_d5StUxLGhowJi9a1yiBUXViQE3qISoNrgpQwVPcdwfYJuD-E_h1rRw7CQWKUsBpSjq5sqgj53wrYGRRbM35tLRLfutFnlWirlEMV8KI-NXdbjqdIKAPqpRzW7lqIMdlOymoC2_4CTEHki5mgroAqs6hFNfuzdHUlVKhqo82Hmp9KCdP9UwiP-Ez92qeLUDiiy1iktTBk0trj6gKg3AKKwDSxoqnSyHnCsf1c7yyL1lp2Q0s6WtSBD86V88%252C&utsid=ba20a8b2c012ac402448a8b1211e340e&cbpage=https%3A%2F%2F1hd.sh%2F&cbref=	172.67.177.214	204 No Content	0 B
URL GET youradexchange.com/script/i.php?t=1&c=23952152&stamat=m%257C%252C%252CA2MWYiI2tGU3BU-GH0dEdHP3xP.708%252CDpnP5rL0pwQLbET0a7S3cwuwhxDxX0hpAkh6npj4waGN79bhoBmGFx1D-aboNPvtdZrkhZN4bZnh0bABCPMxVGXjo4-LoHZzph7t8e25j0_4Bs2c3qDBYm08gyH-WSN9auNzK1vfSZcoYI17pLfTSOBxr0PoKf0nsvoWqAnRn_hTjqdIn2gdek7PZDu2yPzkNFwGWXndbZ2GT6OUdJ_RK61dT35YvRR1_5VQtvG9wNJ1x6Xapd4OnHe4OVkQ4C87L5F1_qlNBKkgGVzjpCkr60XZLRZDjKH8OWgnT18GCviTLZ-BkC6vJdXVyKuWxx_MNOJU_hGm1X3BOmL40gIZJjSeN-DlUFp7kPD4N_r0h13oZ1gs6glpk5U3wOxreEDkVZNztaWS6GO82Gfo96D_e4l0EOBk5RODwBwav2xIpX6_pEGoDgcOLPjQTk5O-Pu2W2zdjNDKIJOgMWVz4Rd-jeaQY-Lln46ZPK4UaNv_sOiQc2ep_d5StUxLGhowJi9a1yiBUXViQE3qISoNrgpQwVPcdwfYJuD-E_h1rRw7CQWKUsBpSjq5sqgj53wrYGRRbM35tLRLfutFnlWirlEMV8KI-NXdbjqdIKAPqpRzW7lqIMdlOymoC2_4CTEHki5mgroAqs6hFNfuzdHUlVKhqo82Hmp9KCdP9UwiP-Ez92qeLUDiiy1iktTBk0trj6gKg3AKKwDSxoqnSyHnCsf1c7yyL1lp2Q0s6WtSBD86V88%252C&utsid=ba20a8b2c012ac402448a8b1211e340e&cbpage=https%3A%2F%2F1hd.sh%2F&cbref= IP 172.67.177.214:443 ASN #13335 CLOUDFLARENET Requested by https://1hd.sh/ Certificate IssuerGoogle Trust Services Subjectyouradexchange.com Fingerprint15:B3:64:96:16:B0:F4:77:6F:50:C1:66:99:8E:A6:A8:90:64:AD:7E ValidityThu, 03 Apr 2025 15:59:56 GMT - Wed, 02 Jul 2025 16:56:55 GMT File type Size 0 B (0 bytes) Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 HTTP Headers GET /script/i.php?t=1&c=23952152&stamat=m%257C%252C%252CA2MWYiI2tGU3BU-GH0dEdHP3xP.708%252CDpnP5rL0pwQLbET0a7S3cwuwhxDxX0hpAkh6npj4waGN79bhoBmGFx1D-aboNPvtdZrkhZN4bZnh0bABCPMxVGXjo4-LoHZzph7t8e25j0_4Bs2c3qDBYm08gyH-WSN9auNzK1vfSZcoYI17pLfTSOBxr0PoKf0nsvoWqAnRn_hTjqdIn2gdek7PZDu2yPzkNFwGWXndbZ2GT6OUdJ_RK61dT35YvRR1_5VQtvG9wNJ1x6Xapd4OnHe4OVkQ4C87L5F1_qlNBKkgGVzjpCkr60XZLRZDjKH8OWgnT18GCviTLZ-BkC6vJdXVyKuWxx_MNOJU_hGm1X3BOmL40gIZJjSeN-DlUFp7kPD4N_r0h13oZ1gs6glpk5U3wOxreEDkVZNztaWS6GO82Gfo96D_e4l0EOBk5RODwBwav2xIpX6_pEGoDgcOLPjQTk5O-Pu2W2zdjNDKIJOgMWVz4Rd-jeaQY-Lln46ZPK4UaNv_sOiQc2ep_d5StUxLGhowJi9a1yiBUXViQE3qISoNrgpQwVPcdwfYJuD-E_h1rRw7CQWKUsBpSjq5sqgj53wrYGRRbM35tLRLfutFnlWirlEMV8KI-NXdbjqdIKAPqpRzW7lqIMdlOymoC2_4CTEHki5mgroAqs6hFNfuzdHUlVKhqo82Hmp9KCdP9UwiP-Ez92qeLUDiiy1iktTBk0trj6gKg3AKKwDSxoqnSyHnCsf1c7yyL1lp2Q0s6WtSBD86V88%252C&utsid=ba20a8b2c012ac402448a8b1211e340e&cbpage=https%3A%2F%2F1hd.sh%2F&cbref= HTTP/1.1 Host: youradexchange.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0 Accept: image/avif,image/webp,/ Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br DNT: 1 Connection: keep-alive Referer: https://1hd.sh/ Sec-Fetch-Dest: image Sec-Fetch-Mode: no-cors Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache HTTP/3 204 No Content date: Wed, 30 Apr 2025 22:42:26 GMT report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=6sljWs4jPwih4gduT%2F1IzwwRmNH44VVMPR2uHqagaVKZlRvp8AOiODw4ktYGa1%2FnQYC3vrjjaQbkWvmhwdxnJrJdc5Qk0nVmwGAjCkx734vYG7NrSONpvThGRmerkvgGPAE6pEY%3D"}],"group":"cf-nel","max_age":604800} access-control-allow-origin: * via: 1.1 google cf-cache-status: DYNAMIC cf-ray: 938a8d65a80556c3-OSL server: cloudflare nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=QUIC&rtt=4130&min_rtt=2435&rtt_var=1868&sent=58&recv=81&lost=0&retrans=0&sent_bytes=6255&recv_bytes=5685&delivery_rate=1935&cwnd=12000&unsent_bytes=0&cid=0fb8fc5d7afccc2d&ts=751&x=16"

	youradexchange.com/ad/czcf.php?cz=wdeltsiage&atv=60.0	172.67.177.214	200 OK	891 B
URL GET youradexchange.com/ad/czcf.php?cz=wdeltsiage&atv=60.0 IP 172.67.177.214:443 ASN #13335 CLOUDFLARENET Requested by https://1hd.sh/ Certificate IssuerGoogle Trust Services Subjectyouradexchange.com Fingerprint15:B3:64:96:16:B0:F4:77:6F:50:C1:66:99:8E:A6:A8:90:64:AD:7E ValidityThu, 03 Apr 2025 15:59:56 GMT - Wed, 02 Jul 2025 16:56:55 GMT File type JSON text data Size 891 B (891 bytes) Hash de5db069134f1dc408d11e3c37ea1580 1d52eb8e8f45524f106f40ff033652b9cbb39b59 c1c91830358a3ad0659db28b5481362b4c631d719acc11bc24ac4cdc2b3805b4 HTTP Headers `GET /ad/czcf.php?cz=wdeltsiage&atv=60.0 HTTP/1.1 Host: youradexchange.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Referer: https://1hd.sh/ Origin: https://1hd.sh DNT: 1 Connection: keep-alive Sec-Fetch-Dest: empty Sec-Fetch-Mode: cors Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache` HTTP/2 200 OK date: Wed, 30 Apr 2025 22:42:26 GMT content-type: text/html; charset=utf-8 access-control-allow-origin: * access-control-allow-headers: Content-Type access-control-allow-methods: GET, POST, OPTIONS via: 1.1 google cf-cache-status: DYNAMIC vary: accept-encoding report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=TD31CJ0un8zvCpuKk5EjcxNp6s%2FKEZnPhtfiz%2BmTbVxP0npUqoOixXwWRN5Obh3A%2FJyf9HfY4O30h0tCIx6E0B7FOYk7CuBQ%2FkjFBWFm6w0SuioUASWlLe3jVUsKn4z10BOufr4%3D"}],"group":"cf-nel","max_age":604800} nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server: cloudflare cf-ray: 938a8d60cd365695-OSL content-encoding: br alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=6459&min_rtt=661&rtt_var=11177&sent=8&recv=11&lost=0&retrans=0&sent_bytes=3292&recv_bytes=1226&delivery_rate=3380544&cwnd=254&unsent_bytes=0&cid=94fada0f4e41b92d&ts=193&x=0" X-Firefox-Spdy: h2

	acscdn.com/script/videoSlider.js	188.114.96.1	200 OK	81 kB
URL GET acscdn.com/script/videoSlider.js IP 188.114.96.1:443 ASN #13335 CLOUDFLARENET Requested by https://1hd.sh/ Certificate IssuerGoogle Trust Services Subjectacscdn.com Fingerprint8F:A7:B8:69:9D:95:64:41:D3:00:72:86:8A:93:96:A4:28:FC:BB:C6 ValidityWed, 16 Apr 2025 20:29:49 GMT - Tue, 15 Jul 2025 21:24:42 GMT File type JavaScript source, Unicode text, UTF-8 text, with very long lines (32982), with NEL line terminators Size 81 kB (81043 bytes) Hash 70fca07e82bb82547a085f2574541ea7 89f9bf08ab7aa7a53d08d57251b497c8c12b9bd0 258b2010103a9970af2ac06c4a3f19354f5d09c92c44edf15fa794fa716b45be HTTP Headers `GET /script/videoSlider.js HTTP/1.1 Host: acscdn.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br DNT: 1 Connection: keep-alive Referer: https://1hd.sh/ Sec-Fetch-Dest: script Sec-Fetch-Mode: no-cors Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache` HTTP/3 200 OK date: Wed, 30 Apr 2025 22:42:26 GMT content-type: text/javascript x-guploader-uploadid: AAO2VwqACIHLXtlcN7VjCNwo7SGazHawY3DjA71pRJvueD6-PJqWBi3jRy0-v8STp-LEXKPo x-goog-generation: 1746014141135426 x-goog-metageneration: 2 x-goog-stored-content-encoding: identity x-goog-stored-content-length: 81043 x-goog-hash: crc32c=qS0B/w==, md5=cPygfoK7glR6CF8ldFQepw== x-goog-storage-class: MULTI_REGIONAL access-control-allow-origin: * expires: Wed, 30 Apr 2025 22:59:45 GMT cache-control: public, max-age=3600 last-modified: Wed, 30 Apr 2025 11:55:41 GMT etag: W/"70fca07e82bb82547a085f2574541ea7" age: 29 alt-svc: h3=":443"; ma=86400 cf-cache-status: HIT priority: u=3,i=?0 report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=fzMX9UFEMVuppJunfwBnw%2F5C5wckN1BPedck5T7I2Y7GO%2Bn5CbdfTggnz4dIeLU3PbdhcrFu8oY9wPEkITg%2BXrKyFjwhD9m0JfpHsFyjkAM9wdmpXrKg2qwinAGf"}],"group":"cf-nel","max_age":604800} nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} vary: Accept-Encoding server: cloudflare cf-ray: 938a8d608a9b569f-OSL content-encoding: br server-timing: cfL4;desc="?proto=QUIC&rtt=3430&min_rtt=1681&rtt_var=1879&sent=13&recv=8&lost=0&retrans=0&sent_bytes=4112&recv_bytes=1166&delivery_rate=350213&cwnd=12000&unsent_bytes=0&cid=b5c928dea1858291&ts=394&x=1", cfExtPri, cfHdrFlush;dur=0

	youradexchange.com/script/push.php?r=9795758&ipp=1&mads=2&position=top&czid=wdeltsiage&atag=1&aggr=3&ppv=1&ab_test=AdOpt_B_nocapping-2021-12-08v1&srs=ba20a8b2c012ac402448a8b1211e340e&ufp=Linux%20x86_64%2FMozilla%2FNetscape%2Ftrue%2Ffalse%2F1280x10240en-USunknown4824%20bits&cbpage=https%3A%2F%2F1hd.sh%2F&atv=60.0&cbref=	172.67.177.214	200 OK	2.0 kB
URL GET youradexchange.com/script/push.php?r=9795758&ipp=1&mads=2&position=top&czid=wdeltsiage&atag=1&aggr=3&ppv=1&ab_test=AdOpt_B_nocapping-2021-12-08v1&srs=ba20a8b2c012ac402448a8b1211e340e&ufp=Linux%20x86_64%2FMozilla%2FNetscape%2Ftrue%2Ffalse%2F1280x10240en-USunknown4824%20bits&cbpage=https%3A%2F%2F1hd.sh%2F&atv=60.0&cbref= IP 172.67.177.214:443 ASN #13335 CLOUDFLARENET Requested by https://1hd.sh/ Certificate IssuerGoogle Trust Services Subjectyouradexchange.com Fingerprint15:B3:64:96:16:B0:F4:77:6F:50:C1:66:99:8E:A6:A8:90:64:AD:7E ValidityThu, 03 Apr 2025 15:59:56 GMT - Wed, 02 Jul 2025 16:56:55 GMT File type JSON text data Size 2.0 kB (1976 bytes) Hash 68c9c1558b7e73f7f6461ec5b0f6f76c fce09fb07bb0ffda259ed4339eb2d8d154e95eb0 9fd60e698fd281a95aa665fbdb723f0083583809aee6f88a757e95e6403185b2 HTTP Headers GET /script/push.php?r=9795758&ipp=1&mads=2&position=top&czid=wdeltsiage&atag=1&aggr=3&ppv=1&ab_test=AdOpt_B_nocapping-2021-12-08v1&srs=ba20a8b2c012ac402448a8b1211e340e&ufp=Linux%20x86_64%2FMozilla%2FNetscape%2Ftrue%2Ffalse%2F1280x10240en-USunknown4824%20bits&cbpage=https%3A%2F%2F1hd.sh%2F&atv=60.0&cbref= HTTP/1.1 Host: youradexchange.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Referer: https://1hd.sh/ Origin: https://1hd.sh DNT: 1 Connection: keep-alive Sec-Fetch-Dest: empty Sec-Fetch-Mode: cors Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache HTTP/3 200 OK date: Wed, 30 Apr 2025 22:42:26 GMT content-type: application/json; charset=utf-8 nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=nub%2FmP6WuZUU3XdHmhRX6NoQvT0pF%2FQ4%2BEhof4gLFaj1qXeXn0wXN6mwVSi9v8eBzPKHp%2Fxv0b7GGO61ifeWyfUcfLGw3jfECbegLzdm6bOQQAVUOrB%2FI4ZNHIz%2Fmf5iVH5UfkQ%3D"}],"group":"cf-nel","max_age":604800} access-control-allow-origin: * access-control-allow-methods: GET, POST, OPTIONS access-control-allow-headers: Content-Type content-encoding: gzip via: 1.1 google cf-cache-status: DYNAMIC vary: accept-encoding cf-ray: 938a8d645b1a56b9-OSL server: cloudflare alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=QUIC&rtt=3237&min_rtt=1251&rtt_var=1547&sent=13&recv=11&lost=0&retrans=0&sent_bytes=3826&recv_bytes=1543&delivery_rate=2273&cwnd=12000&unsent_bytes=0&cid=bea54c665be1036d&ts=320&x=16"

	fonts.googleapis.com/css2?family=Pathway+Extreme:opsz,wght@8..144,300;8..144,400;8..144,500;8..144,600;8..144,700&display=swap	142.250.74.10	200 OK	7.1 kB
URL GET fonts.googleapis.com/css2?family=Pathway+Extreme:opsz,wght@8..144,300;8..144,400;8..144,500;8..144,600;8..144,700&display=swap IP 142.250.74.10:443 ASN #15169 GOOGLE Requested by https://1hd.sh/ Certificate IssuerGoogle Trust Services Subjectupload.video.google.com Fingerprint7E:14:87:08:DF:BA:04:65:17:BA:3B:4F:BA:EA:BC:8C:3F:0A:A4:00 ValidityMon, 31 Mar 2025 08:55:43 GMT - Mon, 23 Jun 2025 08:55:42 GMT File type ASCII text Size 7.1 kB (7115 bytes) Hash baa9d83d34d8f88c73c8b0c3c57496a7 435fb640e1d7cddd0d825b633d3707b3ab0fbe76 067e8a9f3f69884f7ffe55e47732561a48643778f78829aa2cb1d76e23d1fd3b HTTP Headers GET /css2?family=Pathway+Extreme:opsz,wght@8..144,300;8..144,400;8..144,500;8..144,600;8..144,700&display=swap HTTP/1.1 Host: fonts.googleapis.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0 Accept: text/css,/;q=0.1 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br DNT: 1 Connection: keep-alive Referer: https://1hd.sh/ Sec-Fetch-Dest: style Sec-Fetch-Mode: no-cors Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache HTTP/2 200 OK content-type: text/css; charset=utf-8 vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site access-control-allow-origin: * timing-allow-origin: * link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin strict-transport-security: max-age=31536000 expires: Wed, 30 Apr 2025 22:42:25 GMT date: Wed, 30 Apr 2025 22:42:25 GMT cache-control: private, max-age=86400 cross-origin-opener-policy: same-origin-allow-popups cross-origin-resource-policy: cross-origin content-encoding: gzip server: ESF x-xss-protection: 0 x-frame-options: SAMEORIGIN x-content-type-options: nosniff alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 X-Firefox-Spdy: h2

	cdnjs.cloudflare.com/ajax/libs/tooltipster/4.0.0/css/tooltipster.bundle.min.css	104.17.25.14	200 OK	6.5 kB
URL GET cdnjs.cloudflare.com/ajax/libs/tooltipster/4.0.0/css/tooltipster.bundle.min.css IP 104.17.25.14:443 ASN #13335 CLOUDFLARENET Requested by https://1hd.sh/ Certificate IssuerGoogle Trust Services Subjectcdnjs.cloudflare.com Fingerprint5D:9B:5B:BE:24:B7:4B:CA:F3:05:47:2F:AB:3F:3C:F7:4E:C3:4D:BC ValidityMon, 24 Mar 2025 12:00:12 GMT - Sun, 22 Jun 2025 13:00:01 GMT File type ASCII text, with very long lines (6495), with no line terminators Size 6.5 kB (6495 bytes) Hash b15ef24270546e5fe896d3ea387ea134 63910103e8cc5e4bdeb2c289cfbf41f89966ea5b 41ce2509fa9959868717986010e16b6334885fd46bc64d0d3c745a73ed3c41e4 HTTP Headers `GET /ajax/libs/tooltipster/4.0.0/css/tooltipster.bundle.min.css HTTP/1.1 Host: cdnjs.cloudflare.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0 Accept: text/css,/;q=0.1 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br DNT: 1 Connection: keep-alive Referer: https://1hd.sh/ Sec-Fetch-Dest: style Sec-Fetch-Mode: no-cors Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache` HTTP/2 200 OK date: Wed, 30 Apr 2025 22:42:25 GMT content-type: text/css; charset=utf-8 content-length: 932 access-control-allow-origin: * cache-control: public, max-age=30672000 content-encoding: br etag: "5f559a80-195f" last-modified: Mon, 07 Sep 2020 02:27:12 GMT cf-cdnjs-via: cfworker/kv cross-origin-resource-policy: cross-origin timing-allow-origin: * x-content-type-options: nosniff vary: Accept-Encoding cf-cache-status: HIT age: 95101 expires: Mon, 20 Apr 2026 22:42:25 GMT accept-ranges: bytes report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=HcJj0fQbyj1hglMkS1qv4YLigSFSGrb43ayYd5ixuXaz8o%2FJRvll36OePIe0TWUd%2Fcg%2BFtnxwFtHv5co8lciAP6o0fKOosxpetokaI7NEEsG5rAfAZVWZ%2Bky4AGRKAlIoWvYaAKb"}],"group":"cf-nel","max_age":604800} nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800} strict-transport-security: max-age=15780000 server: cloudflare cf-ray: 938a8d5caec656c9-OSL alt-svc: h3=":443"; ma=86400 X-Firefox-Spdy: h2

	fonts.googleapis.com/css2?family=Quicksand:wght@300;400;500;600;700&display=swap	142.250.74.10	200 OK	6.3 kB
URL GET fonts.googleapis.com/css2?family=Quicksand:wght@300;400;500;600;700&display=swap IP 142.250.74.10:443 ASN #15169 GOOGLE Requested by https://1hd.sh/ Certificate IssuerGoogle Trust Services Subjectupload.video.google.com Fingerprint7E:14:87:08:DF:BA:04:65:17:BA:3B:4F:BA:EA:BC:8C:3F:0A:A4:00 ValidityMon, 31 Mar 2025 08:55:43 GMT - Mon, 23 Jun 2025 08:55:42 GMT File type ASCII text Size 6.3 kB (6255 bytes) Hash b5d640d15db013ad4f01353d9de3ca1c d883ac3418e44c53e72ee89fde16c1d99a621664 bf7bbcdbaa596637121fa8d2814ef7f11b1280435d95c6d48d4a2fdab0d598e8 HTTP Headers `GET /css2?family=Quicksand:wght@300;400;500;600;700&display=swap HTTP/1.1 Host: fonts.googleapis.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0 Accept: text/css,/;q=0.1 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br DNT: 1 Connection: keep-alive Referer: https://1hd.sh/ Sec-Fetch-Dest: style Sec-Fetch-Mode: no-cors Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache` HTTP/2 200 OK content-type: text/css; charset=utf-8 vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site access-control-allow-origin: * timing-allow-origin: * link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin strict-transport-security: max-age=31536000 expires: Wed, 30 Apr 2025 22:42:25 GMT date: Wed, 30 Apr 2025 22:42:25 GMT cache-control: private, max-age=86400 cross-origin-opener-policy: same-origin-allow-popups cross-origin-resource-policy: cross-origin content-encoding: gzip server: ESF x-xss-protection: 0 x-frame-options: SAMEORIGIN x-content-type-options: nosniff alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 X-Firefox-Spdy: h2

	1hd.sh/images/logo.png	172.67.140.43	200 OK	35 kB
URL GET 1hd.sh/images/logo.png IP 172.67.140.43:443 ASN #13335 CLOUDFLARENET Requested by https://1hd.sh/ Certificate IssuerGoogle Trust Services Subject1hd.sh Fingerprint66:51:A8:05:23:C1:BB:7C:C6:BC:51:55:80:7A:33:4C:04:5F:70:DE ValidityThu, 24 Apr 2025 09:39:47 GMT - Wed, 23 Jul 2025 10:38:14 GMT File type PNG image data, 400 x 122, 8-bit/color RGBA, interlaced Size 35 kB (35135 bytes) Hash f1f909ebf4aa5d74fcd3f8cbe28c2bb1 c3a6ada7410491dc7171ecd5ac8a8cbcc1f385bb 62ba338377bfa2b737a4134c8bb1917a4b53e378832eb04433c32deb71cd984f HTTP Headers `GET /images/logo.png HTTP/1.1 Host: 1hd.sh User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0 Accept: image/avif,image/webp,/ Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br DNT: 1 Connection: keep-alive Referer: https://1hd.sh/ Cookie: PHPSESSID=0kh1mguvgdt5u7ka8uco6sh9la Sec-Fetch-Dest: image Sec-Fetch-Mode: no-cors Sec-Fetch-Site: same-origin Pragma: no-cache Cache-Control: no-cache` HTTP/2 200 OK date: Wed, 30 Apr 2025 22:42:25 GMT content-type: image/png content-length: 35135 last-modified: Tue, 12 Sep 2023 08:58:22 GMT etag: "6500282e-893f" x-powered-by: PleskLin cache-control: max-age=14400 cf-cache-status: HIT age: 3628 accept-ranges: bytes report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ROazx8k3YkkuyQSUZp77cTT4gXB2veF62ZMGAecDN44zZSCvMJesFS%2Bv9x%2B0%2Ft%2BP01dLRBybne97S9N%2Fj%2B2mfh9%2BHtrwu6XX1eWeNzX19YY4au6JGzB1m28%3D"}],"group":"cf-nel","max_age":604800} nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} vary: Accept-Encoding server: cloudflare cf-ray: 938a8d5c2f860b69-OSL alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=853&min_rtt=374&rtt_var=474&sent=44&recv=41&lost=0&retrans=0&sent_bytes=40373&recv_bytes=1850&delivery_rate=22917985&cwnd=256&unsent_bytes=0&cid=5b16e40c59ce04a4&ts=551&x=0" X-Firefox-Spdy: h2

	youradexchange.com/script/push.php?r=9795758&ipp=1&mads=2&position=top&czid=wdeltsiage&atag=1&aggr=3&rbd=1&ppv=1&ab_test=AdOpt_B_nocapping-2021-12-08v1&srs=ba20a8b2c012ac402448a8b1211e340e&ufp=Linux%20x86_64%2FMozilla%2FNetscape%2Ftrue%2Ffalse%2F1280x10240en-USunknown4824%20bits&cbpage=https%3A%2F%2F1hd.sh%2F&atv=60.0&cbref=	172.67.177.214	200 OK	2.1 kB
URL GET youradexchange.com/script/push.php?r=9795758&ipp=1&mads=2&position=top&czid=wdeltsiage&atag=1&aggr=3&rbd=1&ppv=1&ab_test=AdOpt_B_nocapping-2021-12-08v1&srs=ba20a8b2c012ac402448a8b1211e340e&ufp=Linux%20x86_64%2FMozilla%2FNetscape%2Ftrue%2Ffalse%2F1280x10240en-USunknown4824%20bits&cbpage=https%3A%2F%2F1hd.sh%2F&atv=60.0&cbref= IP 172.67.177.214:443 ASN #13335 CLOUDFLARENET Requested by https://1hd.sh/ Certificate IssuerGoogle Trust Services Subjectyouradexchange.com Fingerprint15:B3:64:96:16:B0:F4:77:6F:50:C1:66:99:8E:A6:A8:90:64:AD:7E ValidityThu, 03 Apr 2025 15:59:56 GMT - Wed, 02 Jul 2025 16:56:55 GMT File type JSON text data Size 2.1 kB (2099 bytes) Hash 502dafbd3479cbadaed32065c773a320 5d9b3ce466a45d55287db69539a1a42dc534c134 b55d67aad05e4517a9f5aa30a91dd5a83fc1ca8c375639069cb848b4f90492e6 HTTP Headers GET /script/push.php?r=9795758&ipp=1&mads=2&position=top&czid=wdeltsiage&atag=1&aggr=3&rbd=1&ppv=1&ab_test=AdOpt_B_nocapping-2021-12-08v1&srs=ba20a8b2c012ac402448a8b1211e340e&ufp=Linux%20x86_64%2FMozilla%2FNetscape%2Ftrue%2Ffalse%2F1280x10240en-USunknown4824%20bits&cbpage=https%3A%2F%2F1hd.sh%2F&atv=60.0&cbref= HTTP/1.1 Host: youradexchange.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Referer: https://1hd.sh/ Origin: https://1hd.sh DNT: 1 Connection: keep-alive Sec-Fetch-Dest: empty Sec-Fetch-Mode: cors Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache HTTP/3 200 OK date: Wed, 30 Apr 2025 22:42:46 GMT content-type: application/json; charset=utf-8 nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=IpxaZ0BY4OvyIR7Wgwuoss7ZsgZnFQf6EaLbCAwGppkGTxLRLvaFe%2BPqM3D7lgf3sLwM5kMVPLhxPwi%2B0y9qAb976XQkweZnr12QMbVOVsuziXkdUGNXBNDWHJAELX%2FVA1orKY4%3D"}],"group":"cf-nel","max_age":604800} access-control-allow-origin: * access-control-allow-methods: GET, POST, OPTIONS access-control-allow-headers: Content-Type content-encoding: gzip via: 1.1 google cf-cache-status: DYNAMIC vary: accept-encoding cf-ray: 938a8de299ec56b9-OSL server: cloudflare alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=QUIC&rtt=2853&min_rtt=1181&rtt_var=1508&sent=18&recv=15&lost=0&retrans=0&sent_bytes=6827&recv_bytes=2511&delivery_rate=4072&cwnd=12000&unsent_bytes=0&cid=bea54c665be1036d&ts=20510&x=16"

	auto-deploy.pages.dev/IPP/Artjom/GAME/ENG/428/src/WOS%20LOGO-Photoroom%20(1).png	188.114.96.1	200 OK	130 kB
URL GET auto-deploy.pages.dev/IPP/Artjom/GAME/ENG/428/src/WOS%20LOGO-Photoroom%20(1).png IP 188.114.96.1:443 ASN #13335 CLOUDFLARENET Requested by https://1hd.sh/ Certificate IssuerGoogle Trust Services Subjectauto-deploy.pages.dev FingerprintB6:70:20:01:ED:7F:9D:3B:F8:B9:B7:9C:39:B6:37:C6:F5:C9:4C:B0 ValidityThu, 24 Apr 2025 01:32:13 GMT - Wed, 23 Jul 2025 02:30:33 GMT File type PNG image data, 866 x 650, 8-bit/color RGBA, non-interlaced Size 130 kB (129588 bytes) Hash 6c4d116868472c0ea4afc6f024e2b0a6 97a8b38e5c699ba0ce241ae3f17299ae17d690e3 04b5f7a886645e31a10bd0b95997d6d47a5db7fc77aa431e274d29749c5a2b78 HTTP Headers `GET /IPP/Artjom/GAME/ENG/428/src/WOS%20LOGO-Photoroom%20(1).png HTTP/1.1 Host: auto-deploy.pages.dev User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0 Accept: image/avif,image/webp,/ Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br DNT: 1 Connection: keep-alive Referer: https://1hd.sh/ Sec-Fetch-Dest: image Sec-Fetch-Mode: no-cors Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache` HTTP/3 200 OK date: Wed, 30 Apr 2025 22:42:47 GMT content-type: image/png content-length: 129588 access-control-allow-origin: * cache-control: public, max-age=0, must-revalidate etag: "03d5ec8fb753206dadd3bed7a8b4ef36" referrer-policy: strict-origin-when-cross-origin x-content-type-options: nosniff priority: u=4,i=?0 report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=p01kThuMdQGkl8xqghEY65nKGcwq8kPRRv8nVAvV51AYwNlKPpv6BRM5UdXposdtMmOR5iFi8ScyOIxDuawNwP4G%2FP8krj2IBgPEiZ6X9%2B7k8ao8E6txQb2AniaEfI6xXEILOnUGK%2FM%3D"}],"group":"cf-nel","max_age":604800} nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} vary: Accept-Encoding server: cloudflare cf-ray: 938a8de48a54b4eb-OSL alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=QUIC&rtt=3091&min_rtt=2832&rtt_var=1246&sent=14&recv=9&lost=0&retrans=0&sent_bytes=4208&recv_bytes=1731&delivery_rate=209683&cwnd=12000&unsent_bytes=0&cid=29e7137ba546498c&ts=61&x=1", cfExtPri, cfHdrFlush;dur=0

	maxcdn.bootstrapcdn.com/bootstrap/4.1.3/css/bootstrap.min.css	104.18.10.207	200 OK	141 kB
URL GET maxcdn.bootstrapcdn.com/bootstrap/4.1.3/css/bootstrap.min.css IP 104.18.10.207:443 ASN #13335 CLOUDFLARENET Requested by https://1hd.sh/ Certificate IssuerGoogle Trust Services Subjectbootstrapcdn.com Fingerprint90:B1:98:4A:7E:D6:37:CF:9B:DC:7D:67:82:58:17:6C:F7:F6:11:DE ValiditySun, 16 Mar 2025 01:14:49 GMT - Sat, 14 Jun 2025 02:14:23 GMT File type ASCII text, with very long lines (65324) Size 141 kB (140936 bytes) Hash 04aca1f4cd3ec3c05a75a879f3be75a3 675fcf28f9fbf37139d3b2c0b676f96f601a4203 7928b5ab63c6e89ee0ee26f5ef201a58c72baf91abb688580a1aa26eb57b3c11 HTTP Headers `GET /bootstrap/4.1.3/css/bootstrap.min.css HTTP/1.1 Host: maxcdn.bootstrapcdn.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0 Accept: text/css,/;q=0.1 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br DNT: 1 Connection: keep-alive Referer: https://1hd.sh/ Sec-Fetch-Dest: style Sec-Fetch-Mode: no-cors Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache` HTTP/2 200 OK date: Wed, 30 Apr 2025 22:42:25 GMT content-type: text/css; charset=utf-8 cdn-pullzone: 252412 cdn-uid: b1941f61-b576-4f40-80de-5677acb38f74 cdn-requestcountrycode: DE vary: Accept-Encoding access-control-allow-origin: * cache-control: public, max-age=31919000 content-encoding: br etag: W/"04aca1f4cd3ec3c05a75a879f3be75a3" last-modified: Mon, 25 Jan 2021 22:04:06 GMT cdn-cachedat: 03/18/2024 12:28:12 cdn-proxyver: 1.04 cdn-requestpullcode: 200 cdn-requestpullsuccess: True cdn-edgestorageid: 752 timing-allow-origin: * cross-origin-resource-policy: cross-origin x-content-type-options: nosniff cdn-status: 200 cdn-requestid: 702e145dd070a28ef381a81e33a0aeab cdn-cache: HIT cf-cache-status: HIT age: 1700912 strict-transport-security: max-age=31536000; includeSubDomains; preload server: cloudflare cf-ray: 938a8d5cd936568b-OSL alt-svc: h3=":443"; ma=86400 X-Firefox-Spdy: h2

	cdnjs.cloudflare.com/ajax/libs/twitter-bootstrap/4.6.1/js/bootstrap.bundle.min.js	104.17.25.14	200 OK	83 kB
URL GET cdnjs.cloudflare.com/ajax/libs/twitter-bootstrap/4.6.1/js/bootstrap.bundle.min.js IP 104.17.25.14:443 ASN #13335 CLOUDFLARENET Requested by https://1hd.sh/ Certificate IssuerGoogle Trust Services Subjectcdnjs.cloudflare.com Fingerprint5D:9B:5B:BE:24:B7:4B:CA:F3:05:47:2F:AB:3F:3C:F7:4E:C3:4D:BC ValidityMon, 24 Mar 2025 12:00:12 GMT - Sun, 22 Jun 2025 13:00:01 GMT File type JavaScript source, ASCII text, with very long lines (65299) Size 83 kB (83253 bytes) Hash 90146f01d8a2028ed6f2c3d2fba4ac9b 0363cb58b7a7b60ef7fbf82b8bceb6305232501a 7e02c082fedfc821a8a51fe004dab6896dd928876a21ccac8675142c2e2f7b1f HTTP Headers `GET /ajax/libs/twitter-bootstrap/4.6.1/js/bootstrap.bundle.min.js HTTP/1.1 Host: cdnjs.cloudflare.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br DNT: 1 Connection: keep-alive Referer: https://1hd.sh/ Sec-Fetch-Dest: script Sec-Fetch-Mode: no-cors Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache` HTTP/2 200 OK date: Wed, 30 Apr 2025 22:42:25 GMT content-type: application/javascript; charset=utf-8 content-length: 19418 access-control-allow-origin: * cache-control: public, max-age=30672000 content-encoding: br etag: "617ac9de-4bda" last-modified: Thu, 28 Oct 2021 16:03:42 GMT cf-cdnjs-via: cfworker/kv cross-origin-resource-policy: cross-origin timing-allow-origin: * x-content-type-options: nosniff vary: Accept-Encoding cf-cache-status: HIT age: 177060 expires: Mon, 20 Apr 2026 22:42:25 GMT accept-ranges: bytes report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=tA0hED933mN%2F7Ypnn%2BsXbKPH5eilIDOdacn80Qv5e5E9RavNucRX9%2Fu9m9p%2F9e0%2BOQrstscrtGU%2BT8VNRGdy5XkEgaQtkgew50sD%2BNlYkkgp32eSO2e%2Fn3ftQOWJLOyPibzbuBSN"}],"group":"cf-nel","max_age":604800} nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800} strict-transport-security: max-age=15780000 server: cloudflare cf-ray: 938a8d5cdee456c9-OSL alt-svc: h3=":443"; ma=86400 X-Firefox-Spdy: h2

	1hd.sh/images/favicon.png?v=13	172.67.140.43	200 OK	14 kB
URL GET 1hd.sh/images/favicon.png?v=13 IP 172.67.140.43:443 ASN #13335 CLOUDFLARENET Requested by https://1hd.sh/ Certificate IssuerGoogle Trust Services Subject1hd.sh Fingerprint66:51:A8:05:23:C1:BB:7C:C6:BC:51:55:80:7A:33:4C:04:5F:70:DE ValidityThu, 24 Apr 2025 09:39:47 GMT - Wed, 23 Jul 2025 10:38:14 GMT File type PNG image data, 100 x 100, 8-bit/color RGBA, interlaced Size 14 kB (14514 bytes) Hash fd943465a16f5ec11e4e18b0f3ae445f 999a252495cdfbb1473f255ac9623fd6729835ef 3cf5f0a0645c4d0effb7f55f632dad1d6c626af70a7ca6bcdb872dcdee66d446 HTTP Headers GET /images/favicon.png?v=13 HTTP/1.1 Host: 1hd.sh User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0 Accept: image/avif,image/webp,/ Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br DNT: 1 Connection: keep-alive Referer: https://1hd.sh/ Cookie: PHPSESSID=0kh1mguvgdt5u7ka8uco6sh9la; _ga_V45H598T28=GS1.1.1746052946.1.0.1746052946.0.0.0; _ga=GA1.1.1331062429.1746052946 Sec-Fetch-Dest: image Sec-Fetch-Mode: no-cors Sec-Fetch-Site: same-origin Pragma: no-cache Cache-Control: no-cache HTTP/3 200 OK date: Wed, 30 Apr 2025 22:42:26 GMT content-type: image/png content-length: 14514 report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=IkSP22hc0uo86sUJzFJTiJnp9Hs4pNulIZgQ1PKXKLPtWeqwMx6WnLzS2i6nunoNm51ZS65qN8KmKz07PGHGow6emImpp7NRhVyrMdTPENIi%2BlL4vqSuUDc%3D"}],"group":"cf-nel","max_age":604800} last-modified: Tue, 12 Sep 2023 08:58:19 GMT etag: "6500282b-38b2" x-powered-by: PleskLin cache-control: max-age=14400 cf-cache-status: HIT age: 3013 accept-ranges: bytes cf-ray: 938a8d65790bb4ff-OSL server: cloudflare vary: Accept-Encoding nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=QUIC&rtt=2739&min_rtt=645&rtt_var=1590&sent=250&recv=309&lost=0&retrans=0&sent_bytes=16740&recv_bytes=16956&delivery_rate=2240&cwnd=12000&unsent_bytes=0&cid=709420b601cd5301&ts=1824&x=16"

	youradexchange.com/script/i.php?t=1&c=23833512&stamat=m%257C%252C%252Cw3I69iLqoGU3BU-GH0dEdHP3xP.b7f%252Ct1dQp8pvo4-3R0rm9v36KeOg5bew5sIDAlVK0_zh31dl5G8WQ7hJ1Iv-QWBITtsgX6CANutFImU8heG4k411hPn-vhq-1MK5M_ac_qdyl-xD3j9t8G8caFDTh7hdG23KwFRtbaGdXIaQuna0hJb9grPnPCOi2Sddsih73c_76DpMGQxiLE01zxu34Rc-bqZfEAeJEVzAKPZFPr60K7CYwwCEkGFDCA50fQSCNKSReYW1bR0mgsCGgMU8L0r3R7Mmk7Id9NjgiJY4iH-yb6yG51xoE-jfGzxc2dxwYtM1aiu-cztrh-aX-yJ-GjLEowf5cejb8z0r0j4vlGv4OfrqZzoZOeobaOZXo0Ln2lo-UGjrT6WppWnq7-RNEJeUSrnImMU04QhBAPEP8B5fieb-TQiwzGtMF-3oUwwjmId4UYTw_PxjJf2nnYwOanNxcXs32R51kWw3C3xpA4PEAYNJMViRusiO6bfF-LwIvsMVPYPiCyq3Qjm6QxPHD3xDO6TMjob2WAXZlGqpVQhYQI63ChSDAuK2pyd0RYp1V7v4sazgnD4SYEvYWUwy7T6b4uSwDmaK0k0gH0NqdE6rDXBoTet65mTTvaGe4IV8qGmF-2jlQiRPAZvbZJXgpgIRa51dxfQBKTmjVcP8ei8lerqeereszIz4wlZ2QnEoi0Wg9YDU-7s6a-zSHYhMMK-x5vQqnW0Hqd3a2fByKkitcBpFVrjYeUO8zKjmzek1sMwPh34%252C&utsid=ba20a8b2c012ac402448a8b1211e340e&cbpage=https%3A%2F%2F1hd.sh%2F&cbref=	172.67.177.214	204 No Content	0 B
URL GET youradexchange.com/script/i.php?t=1&c=23833512&stamat=m%257C%252C%252Cw3I69iLqoGU3BU-GH0dEdHP3xP.b7f%252Ct1dQp8pvo4-3R0rm9v36KeOg5bew5sIDAlVK0_zh31dl5G8WQ7hJ1Iv-QWBITtsgX6CANutFImU8heG4k411hPn-vhq-1MK5M_ac_qdyl-xD3j9t8G8caFDTh7hdG23KwFRtbaGdXIaQuna0hJb9grPnPCOi2Sddsih73c_76DpMGQxiLE01zxu34Rc-bqZfEAeJEVzAKPZFPr60K7CYwwCEkGFDCA50fQSCNKSReYW1bR0mgsCGgMU8L0r3R7Mmk7Id9NjgiJY4iH-yb6yG51xoE-jfGzxc2dxwYtM1aiu-cztrh-aX-yJ-GjLEowf5cejb8z0r0j4vlGv4OfrqZzoZOeobaOZXo0Ln2lo-UGjrT6WppWnq7-RNEJeUSrnImMU04QhBAPEP8B5fieb-TQiwzGtMF-3oUwwjmId4UYTw_PxjJf2nnYwOanNxcXs32R51kWw3C3xpA4PEAYNJMViRusiO6bfF-LwIvsMVPYPiCyq3Qjm6QxPHD3xDO6TMjob2WAXZlGqpVQhYQI63ChSDAuK2pyd0RYp1V7v4sazgnD4SYEvYWUwy7T6b4uSwDmaK0k0gH0NqdE6rDXBoTet65mTTvaGe4IV8qGmF-2jlQiRPAZvbZJXgpgIRa51dxfQBKTmjVcP8ei8lerqeereszIz4wlZ2QnEoi0Wg9YDU-7s6a-zSHYhMMK-x5vQqnW0Hqd3a2fByKkitcBpFVrjYeUO8zKjmzek1sMwPh34%252C&utsid=ba20a8b2c012ac402448a8b1211e340e&cbpage=https%3A%2F%2F1hd.sh%2F&cbref= IP 172.67.177.214:443 ASN #13335 CLOUDFLARENET Requested by https://1hd.sh/ Certificate IssuerGoogle Trust Services Subjectyouradexchange.com Fingerprint15:B3:64:96:16:B0:F4:77:6F:50:C1:66:99:8E:A6:A8:90:64:AD:7E ValidityThu, 03 Apr 2025 15:59:56 GMT - Wed, 02 Jul 2025 16:56:55 GMT File type Size 0 B (0 bytes) Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 HTTP Headers GET /script/i.php?t=1&c=23833512&stamat=m%257C%252C%252Cw3I69iLqoGU3BU-GH0dEdHP3xP.b7f%252Ct1dQp8pvo4-3R0rm9v36KeOg5bew5sIDAlVK0_zh31dl5G8WQ7hJ1Iv-QWBITtsgX6CANutFImU8heG4k411hPn-vhq-1MK5M_ac_qdyl-xD3j9t8G8caFDTh7hdG23KwFRtbaGdXIaQuna0hJb9grPnPCOi2Sddsih73c_76DpMGQxiLE01zxu34Rc-bqZfEAeJEVzAKPZFPr60K7CYwwCEkGFDCA50fQSCNKSReYW1bR0mgsCGgMU8L0r3R7Mmk7Id9NjgiJY4iH-yb6yG51xoE-jfGzxc2dxwYtM1aiu-cztrh-aX-yJ-GjLEowf5cejb8z0r0j4vlGv4OfrqZzoZOeobaOZXo0Ln2lo-UGjrT6WppWnq7-RNEJeUSrnImMU04QhBAPEP8B5fieb-TQiwzGtMF-3oUwwjmId4UYTw_PxjJf2nnYwOanNxcXs32R51kWw3C3xpA4PEAYNJMViRusiO6bfF-LwIvsMVPYPiCyq3Qjm6QxPHD3xDO6TMjob2WAXZlGqpVQhYQI63ChSDAuK2pyd0RYp1V7v4sazgnD4SYEvYWUwy7T6b4uSwDmaK0k0gH0NqdE6rDXBoTet65mTTvaGe4IV8qGmF-2jlQiRPAZvbZJXgpgIRa51dxfQBKTmjVcP8ei8lerqeereszIz4wlZ2QnEoi0Wg9YDU-7s6a-zSHYhMMK-x5vQqnW0Hqd3a2fByKkitcBpFVrjYeUO8zKjmzek1sMwPh34%252C&utsid=ba20a8b2c012ac402448a8b1211e340e&cbpage=https%3A%2F%2F1hd.sh%2F&cbref= HTTP/1.1 Host: youradexchange.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Referer: https://1hd.sh/ Origin: https://1hd.sh DNT: 1 Connection: keep-alive Sec-Fetch-Dest: empty Sec-Fetch-Mode: cors Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache HTTP/3 204 No Content date: Wed, 30 Apr 2025 22:42:47 GMT report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=yKjY2We1XpcP36%2BfM%2FqDJWOwJiZark2kUx7t9VNrb61hOZ2zGWbtwbesaahpv0g8sOQqZ%2FbsOLOmotlalCh3Yn6ilG9wbEqMuIZHt2b7%2F70Q%2BWxs0P9opUosIfev9Tl6dGlWrEg%3D"}],"group":"cf-nel","max_age":604800} access-control-allow-origin: * via: 1.1 google cf-cache-status: DYNAMIC cf-ray: 938a8de3c9f956b9-OSL server: cloudflare nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=QUIC&rtt=2679&min_rtt=1181&rtt_var=1480&sent=21&recv=17&lost=0&retrans=0&sent_bytes=9117&recv_bytes=3526&delivery_rate=12840&cwnd=12000&unsent_bytes=0&cid=bea54c665be1036d&ts=20667&x=16"

	auto-deploy.pages.dev/IPP/Artjom/GAME/ENG/428/?cid=174605296617120TNOTV415326358024V11867&network=adcash&utm_source=9795758-3775522587-3930541253&camp=401936220&creative=23833512&format=%5BADD_FORMAT_STRING%5D&offer=%5BADD_OFFER_STRING%5D	188.114.96.1	200 OK	2.2 kB
URL GET auto-deploy.pages.dev/IPP/Artjom/GAME/ENG/428/?cid=174605296617120TNOTV415326358024V11867&network=adcash&utm_source=9795758-3775522587-3930541253&camp=401936220&creative=23833512&format=%5BADD_FORMAT_STRING%5D&offer=%5BADD_OFFER_STRING%5D IP 188.114.96.1:443 ASN #13335 CLOUDFLARENET Requested by https://1hd.sh/ Certificate IssuerGoogle Trust Services Subjectauto-deploy.pages.dev FingerprintB6:70:20:01:ED:7F:9D:3B:F8:B9:B7:9C:39:B6:37:C6:F5:C9:4C:B0 ValidityThu, 24 Apr 2025 01:32:13 GMT - Wed, 23 Jul 2025 02:30:33 GMT File type HTML document, ASCII text Size 2.2 kB (2163 bytes) Hash b53f7863fb8c15b7553b3a9d025ffc64 334487876a9c0209a232542ad5ee635f21325c15 5296b060a370cebb63ef0903e595fec8124b55ec9a32ab1e398c6fa25c529f9d HTTP Headers GET /IPP/Artjom/GAME/ENG/428/?cid=174605296617120TNOTV415326358024V11867&network=adcash&utm_source=9795758-3775522587-3930541253&camp=401936220&creative=23833512&format=%5BADD_FORMAT_STRING%5D&offer=%5BADD_OFFER_STRING%5D HTTP/1.1 Host: auto-deploy.pages.dev User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Referer: https://1hd.sh/ DNT: 1 Connection: keep-alive Upgrade-Insecure-Requests: 1 Sec-Fetch-Dest: iframe Sec-Fetch-Mode: navigate Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache HTTP/3 200 OK date: Wed, 30 Apr 2025 22:42:47 GMT content-type: text/html; charset=utf-8 access-control-allow-origin: * cache-control: public, max-age=0, must-revalidate referrer-policy: strict-origin-when-cross-origin x-content-type-options: nosniff priority: u=4,i=?0 report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=rSIWKj%2FTrS40gTVZU9kYk%2FeycLVJG%2BtQiR%2Fm1Harc1GeDQn%2F2%2BwNq3sD6qSrf82uqeN3D%2BTrEG9r6i1LrnHY6G6RvIS7uF0%2BbkjiM65bmCMyUEjtkvclZLFRvMPRoXcX3U7EcPNTS88%3D"}],"group":"cf-nel","max_age":604800} nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} vary: Accept-Encoding server: cloudflare cf-ray: 938a8de4ba90b4eb-OSL content-encoding: br alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=QUIC&rtt=3060&min_rtt=1118&rtt_var=2678&sent=128&recv=16&lost=0&retrans=0&sent_bytes=138647&recv_bytes=2480&delivery_rate=41215&cwnd=96000&unsent_bytes=0&cid=29e7137ba546498c&ts=103&x=1", cfExtPri, cfHdrFlush;dur=0

	1hd.sh/assets/js/sweetalert.js	172.67.140.43	200 OK	17 kB
URL GET 1hd.sh/assets/js/sweetalert.js IP 172.67.140.43:443 ASN #13335 CLOUDFLARENET Requested by https://1hd.sh/ Certificate IssuerGoogle Trust Services Subject1hd.sh Fingerprint66:51:A8:05:23:C1:BB:7C:C6:BC:51:55:80:7A:33:4C:04:5F:70:DE ValidityThu, 24 Apr 2025 09:39:47 GMT - Wed, 23 Jul 2025 10:38:14 GMT File type JavaScript source, ASCII text, with very long lines (16977), with no line terminators Size 17 kB (16977 bytes) Hash 0068f44b0aa1b83fa7679860ceb26590 20d5cdb9d2002442843baab241f2e883563d1de5 7a056fc64aba501090c8acd106b0c7bbc9a267914e695ae34aa42a6ae2a094a7 HTTP Headers `GET /assets/js/sweetalert.js HTTP/1.1 Host: 1hd.sh User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br DNT: 1 Connection: keep-alive Referer: https://1hd.sh/ Cookie: PHPSESSID=0kh1mguvgdt5u7ka8uco6sh9la Sec-Fetch-Dest: script Sec-Fetch-Mode: no-cors Sec-Fetch-Site: same-origin Pragma: no-cache Cache-Control: no-cache` HTTP/2 200 OK date: Wed, 30 Apr 2025 22:42:25 GMT content-type: application/javascript last-modified: Sun, 25 Dec 2022 04:47:05 GMT etag: W/"63a7d5c9-4251" x-powered-by: PleskLin age: 3012 cache-control: max-age=14400 cf-cache-status: HIT report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Ts%2ByF53pVdqkdHVqB8RPGsBAJOhk5dn7Z4tOzlbGR4Cdv%2B9cgZy87d7zRcrg6Nv3thrzn4iG1EVhZNH0DziLbxtF2LCcdwFgq1UOB1B8tDZDYxZYzMZQ%2Ba4%3D"}],"group":"cf-nel","max_age":604800} nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} vary: Accept-Encoding server: cloudflare cf-ray: 938a8d5c2f870b69-OSL content-encoding: br alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=853&min_rtt=374&rtt_var=474&sent=38&recv=41&lost=0&retrans=0&sent_bytes=34326&recv_bytes=1850&delivery_rate=22917985&cwnd=256&unsent_bytes=0&cid=5b16e40c59ce04a4&ts=547&x=0" X-Firefox-Spdy: h2

	cdnjs.cloudflare.com/ajax/libs/font-awesome/6.4.0/webfonts/fa-solid-900.woff2	104.17.25.14	200 OK	150 kB
URL GET cdnjs.cloudflare.com/ajax/libs/font-awesome/6.4.0/webfonts/fa-solid-900.woff2 IP 104.17.25.14:443 ASN #13335 CLOUDFLARENET Requested by https://1hd.sh/ Certificate IssuerGoogle Trust Services Subjectcdnjs.cloudflare.com Fingerprint5D:9B:5B:BE:24:B7:4B:CA:F3:05:47:2F:AB:3F:3C:F7:4E:C3:4D:BC ValidityMon, 24 Mar 2025 12:00:12 GMT - Sun, 22 Jun 2025 13:00:01 GMT File type Web Open Font Format (Version 2), TrueType, length 150124, version 772.256 Size 150 kB (150124 bytes) Hash c64278386c2bbb5e293e11b94ca2f6d1 6b99aa650bd12a36caa14e0127435d8f4cd3ba73 7152a6933ee3d690ec2af3d09da9d701723d16aa3410a6d80f28ff8866f3b880 HTTP Headers GET /ajax/libs/font-awesome/6.4.0/webfonts/fa-solid-900.woff2 HTTP/1.1 Host: cdnjs.cloudflare.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0 Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,/;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: identity Origin: https://1hd.sh DNT: 1 Connection: keep-alive Referer: https://cdnjs.cloudflare.com/ Sec-Fetch-Dest: font Sec-Fetch-Mode: cors Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache HTTP/3 200 OK date: Wed, 30 Apr 2025 22:42:26 GMT content-type: application/octet-stream; charset=utf-8 content-length: 150124 access-control-allow-origin: * cache-control: public, max-age=30672000 etag: "6421d693-24a6c" last-modified: Mon, 27 Mar 2023 17:46:59 GMT cf-cdnjs-via: cfworker/kv cross-origin-resource-policy: cross-origin timing-allow-origin: * x-content-type-options: nosniff vary: Accept-Encoding cf-cache-status: HIT age: 80745 expires: Mon, 20 Apr 2026 22:42:26 GMT accept-ranges: bytes priority: u=4,i=?0 report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=6RovlvEDXHYxJH86MS0SZn9E1Uw3t65tqOAVTgLpQPTmJ22q3f8UQYe2K%2B74b%2BSWKEJYClWl41u3ZZvDbR8c9ho59Oa4tBVn1pudVn1LbBhzWD3I73pblkyfrs52iv2Yw5brPL1F"}],"group":"cf-nel","max_age":604800} nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800} strict-transport-security: max-age=15780000 server: cloudflare cf-ray: 938a8d60fe957131-OSL alt-svc: h3=":443"; ma=86400 server-timing: cfExtPri

	acscdn.com/script/atagv2.js	188.114.96.1	200 OK	105 kB
URL GET acscdn.com/script/atagv2.js IP 188.114.96.1:443 ASN #13335 CLOUDFLARENET Requested by https://1hd.sh/ Certificate IssuerGoogle Trust Services Subjectacscdn.com Fingerprint8F:A7:B8:69:9D:95:64:41:D3:00:72:86:8A:93:96:A4:28:FC:BB:C6 ValidityWed, 16 Apr 2025 20:29:49 GMT - Tue, 15 Jul 2025 21:24:42 GMT File type JavaScript source, Unicode text, UTF-8 text, with very long lines (65493), with no line terminators Size 105 kB (104663 bytes) Hash e9665e024942ea8eab3f55346f7589ff 9feed0923fbcc8d26b0a05ab961d529742488f27 229f433b11059ca784b5d479d5eac12003544bfb758f1045269f4fe541d0ed10 HTTP Headers `GET /script/atagv2.js HTTP/1.1 Host: acscdn.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br DNT: 1 Connection: keep-alive Referer: https://1hd.sh/ Sec-Fetch-Dest: script Sec-Fetch-Mode: no-cors Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache` HTTP/3 200 OK date: Wed, 30 Apr 2025 22:42:26 GMT content-type: text/javascript x-guploader-uploadid: AAO2Vwq1S85vrEMsoL8FXDcsxYHHrsYdc2jFeaYS7hDLI8Jp7V_GGSlgmaGlIZuc5Q1ZmODC6Ceo3eM x-goog-generation: 1746013788662802 x-goog-metageneration: 2 x-goog-stored-content-encoding: identity x-goog-stored-content-length: 104663 x-goog-hash: crc32c=GdQbww==, md5=6WZeAklC6o6rP1U0b3WJ/w== x-goog-storage-class: MULTI_REGIONAL access-control-allow-origin: * expires: Wed, 30 Apr 2025 23:21:47 GMT cache-control: public, max-age=3600 last-modified: Wed, 30 Apr 2025 11:49:48 GMT etag: W/"e9665e024942ea8eab3f55346f7589ff" age: 81 alt-svc: h3=":443"; ma=86400 cf-cache-status: HIT priority: u=3,i=?0 report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Hca17EZCDnnAmkfmKzGdO68npu9TToAzo78D6BNn2d1nPSwAU2pOv0P%2FS%2Bwol%2FeA9WJMoyYoP5PGqt3naSrrfwQc8CDWKniZvZGupPxUtZ2%2BTtNG1YffMBcm27VY"}],"group":"cf-nel","max_age":604800} nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} vary: Accept-Encoding server: cloudflare cf-ray: 938a8d62ecad569f-OSL content-encoding: br server-timing: cfL4;desc="?proto=QUIC&rtt=2967&min_rtt=1018&rtt_var=1979&sent=69&recv=16&lost=0&retrans=0&sent_bytes=64831&recv_bytes=1914&delivery_rate=1794409&cwnd=37200&unsent_bytes=0&cid=b5c928dea1858291&ts=784&x=1", cfExtPri, cfHdrFlush;dur=0

	auto-deploy.pages.dev/IPP/Artjom/GAME/ENG/428/template.js?cid=174605296617120TNOTV415326358024V11867&network=adcash&utm_source=9795758-3775522587-3930541253&camp=401936220&creative=23833512&format=[ADD_FORMAT_STRING]&offer=[ADD_OFFER_STRING]	188.114.96.1	200 OK	6.5 kB
URL GET auto-deploy.pages.dev/IPP/Artjom/GAME/ENG/428/template.js?cid=174605296617120TNOTV415326358024V11867&network=adcash&utm_source=9795758-3775522587-3930541253&camp=401936220&creative=23833512&format=[ADD_FORMAT_STRING]&offer=[ADD_OFFER_STRING] IP 188.114.96.1:443 ASN #13335 CLOUDFLARENET Requested by https://1hd.sh/ Certificate IssuerGoogle Trust Services Subjectauto-deploy.pages.dev FingerprintB6:70:20:01:ED:7F:9D:3B:F8:B9:B7:9C:39:B6:37:C6:F5:C9:4C:B0 ValidityThu, 24 Apr 2025 01:32:13 GMT - Wed, 23 Jul 2025 02:30:33 GMT File type JavaScript source, Unicode text, UTF-8 text Size 6.5 kB (6548 bytes) Hash 185ee985dc9959167fe15a99378cc48b fce07415892b597fc146a957d00299f45e6eb2c5 c3b360216f9d4979030db72ee7771f98f1dd68291749f485255263650058e69a HTTP Headers GET /IPP/Artjom/GAME/ENG/428/template.js?cid=174605296617120TNOTV415326358024V11867&network=adcash&utm_source=9795758-3775522587-3930541253&camp=401936220&creative=23833512&format=[ADD_FORMAT_STRING]&offer=[ADD_OFFER_STRING] HTTP/1.1 Host: auto-deploy.pages.dev User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br DNT: 1 Connection: keep-alive Referer: https://1hd.sh/ Sec-Fetch-Dest: script Sec-Fetch-Mode: no-cors Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache HTTP/2 200 OK date: Wed, 30 Apr 2025 22:42:47 GMT content-type: application/javascript access-control-allow-origin: * cache-control: public, max-age=0, must-revalidate etag: W/"c4ec9f04d74989c4278e0424765f5ce2" referrer-policy: strict-origin-when-cross-origin x-content-type-options: nosniff report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=U7XSbiwlwpRBdHo%2BdrUbSwtINCqnxBiFylfmuecR2%2FVkoOKkDs83%2BUTks9vMJQEUezO8V%2FSacXst5HVcH%2BORAXVAEVGMH5Vf0RecNZB%2FbhlvXaWEbAKeWj5Z6EahiDrAQzPSh2jIqEg%3D"}],"group":"cf-nel","max_age":604800} nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} vary: Accept-Encoding server: cloudflare cf-ray: 938a8de41afc0b49-OSL content-encoding: br alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=544&min_rtt=452&rtt_var=241&sent=6&recv=10&lost=0&retrans=0&sent_bytes=3300&recv_bytes=1359&delivery_rate=8059369&cwnd=254&unsent_bytes=0&cid=7ea321259e7a1645&ts=33&x=0" X-Firefox-Spdy: h2

	imasdk.googleapis.com/js/core/bridge3.695.1_en.html?gdpr=1#fid=goog_958653353	142.250.74.42	200 OK	852 kB
URL GET imasdk.googleapis.com/js/core/bridge3.695.1_en.html?gdpr=1#fid=goog_958653353 IP 142.250.74.42:443 ASN #15169 GOOGLE Requested by https://1hd.sh/ Certificate IssuerGoogle Trust Services Subjectupload.video.google.com Fingerprint7E:14:87:08:DF:BA:04:65:17:BA:3B:4F:BA:EA:BC:8C:3F:0A:A4:00 ValidityMon, 31 Mar 2025 08:55:43 GMT - Mon, 23 Jun 2025 08:55:42 GMT File type HTML document, ASCII text, with very long lines (48645) Size 852 kB (852028 bytes) Hash 3610063ed1e46c3f8ae0faea7e3845e3 51353991a871baad0bfba450a39805d0b3ff8145 afea105e2021c43fa7d4e5244c93981f34c1b3c53dcaade1f774dcbef177c496 HTTP Headers GET /js/core/bridge3.695.1_en.html?gdpr=1 HTTP/1.1 Host: imasdk.googleapis.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br DNT: 1 Connection: keep-alive Referer: https://1hd.sh/ Upgrade-Insecure-Requests: 1 Sec-Fetch-Dest: iframe Sec-Fetch-Mode: navigate Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache HTTP/3 200 OK accept-ranges: bytes content-encoding: gzip cross-origin-resource-policy: cross-origin cross-origin-opener-policy: same-origin; report-to="ads-doubleclick-instream-static" report-to: {"group":"ads-doubleclick-instream-static","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-instream-static"}]} content-length: 268458 x-content-type-options: nosniff server: sffe x-xss-protection: 0 date: Mon, 28 Apr 2025 20:56:28 GMT expires: Tue, 28 Apr 2026 20:56:28 GMT cache-control: public, max-age=31536000 last-modified: Mon, 28 Apr 2025 18:50:27 GMT content-type: text/html vary: Accept-Encoding age: 179159 alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

	auto-deploy.pages.dev/IPP/Artjom/GAME/ENG/428/index.html?cid=174605296617120TNOTV415326358024V11867&network=adcash&utm_source=9795758-3775522587-3930541253&camp=401936220&creative=23833512&format=%5BADD_FORMAT_STRING%5D&offer=%5BADD_OFFER_STRING%5D	188.114.96.1	308 Permanent Redirect	2.2 kB
URL GET auto-deploy.pages.dev/IPP/Artjom/GAME/ENG/428/index.html?cid=174605296617120TNOTV415326358024V11867&network=adcash&utm_source=9795758-3775522587-3930541253&camp=401936220&creative=23833512&format=%5BADD_FORMAT_STRING%5D&offer=%5BADD_OFFER_STRING%5D IP 188.114.96.1:443 ASN #13335 CLOUDFLARENET Requested by https://1hd.sh/ Certificate IssuerGoogle Trust Services Subjectauto-deploy.pages.dev FingerprintB6:70:20:01:ED:7F:9D:3B:F8:B9:B7:9C:39:B6:37:C6:F5:C9:4C:B0 ValidityThu, 24 Apr 2025 01:32:13 GMT - Wed, 23 Jul 2025 02:30:33 GMT File type HTML document, ASCII text Size 2.2 kB (2163 bytes) Hash b53f7863fb8c15b7553b3a9d025ffc64 334487876a9c0209a232542ad5ee635f21325c15 5296b060a370cebb63ef0903e595fec8124b55ec9a32ab1e398c6fa25c529f9d HTTP Headers GET /IPP/Artjom/GAME/ENG/428/index.html?cid=174605296617120TNOTV415326358024V11867&network=adcash&utm_source=9795758-3775522587-3930541253&camp=401936220&creative=23833512&format=%5BADD_FORMAT_STRING%5D&offer=%5BADD_OFFER_STRING%5D HTTP/1.1 Host: auto-deploy.pages.dev User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br DNT: 1 Connection: keep-alive Referer: https://1hd.sh/ Upgrade-Insecure-Requests: 1 Sec-Fetch-Dest: iframe Sec-Fetch-Mode: navigate Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache HTTP/3 308 Permanent Redirect date: Wed, 30 Apr 2025 22:42:47 GMT content-length: 0 location: /IPP/Artjom/GAME/ENG/428/?cid=174605296617120TNOTV415326358024V11867&network=adcash&utm_source=9795758-3775522587-3930541253&camp=401936220&creative=23833512&format=%5BADD_FORMAT_STRING%5D&offer=%5BADD_OFFER_STRING%5D access-control-allow-origin: * referrer-policy: strict-origin-when-cross-origin priority: u=4,i=?0 report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=dwLtY%2BE1uGOmpNiZ6eU%2FLYHS1a5Bkpph95znOJgHVjvJMqu5%2Bq%2Bp3aTVegCUX5YuAi7BQ8P5WD1YrunwZ5AWOAOm%2FNAcj0j8wVSKXnHhEMAUNrYfyqEMClmDNSUqnhRzUKXdxCa4k4M%3D"}],"group":"cf-nel","max_age":604800} nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} vary: Accept-Encoding server: cloudflare cf-ray: 938a8de49a67b4eb-OSL alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=QUIC&rtt=2501&min_rtt=1118&rtt_var=1414&sent=126&recv=12&lost=0&retrans=0&sent_bytes=137779&recv_bytes=1862&delivery_rate=28606590&cwnd=96000&unsent_bytes=0&cid=29e7137ba546498c&ts=67&x=1", cfExtPri, cfHdrFlush;dur=0

	cdnjs.cloudflare.com/ajax/libs/Swiper/5.4.4/css/swiper.min.css	104.17.25.14	200 OK	14 kB
URL GET cdnjs.cloudflare.com/ajax/libs/Swiper/5.4.4/css/swiper.min.css IP 104.17.25.14:443 ASN #13335 CLOUDFLARENET Requested by https://1hd.sh/ Certificate IssuerGoogle Trust Services Subjectcdnjs.cloudflare.com Fingerprint5D:9B:5B:BE:24:B7:4B:CA:F3:05:47:2F:AB:3F:3C:F7:4E:C3:4D:BC ValidityMon, 24 Mar 2025 12:00:12 GMT - Sun, 22 Jun 2025 13:00:01 GMT File type ASCII text, with very long lines (13425) Size 14 kB (13677 bytes) Hash 773d8f074cf687b5607c41a7e5e3c3ef 0456b77b6ebd7c1af268f611923fea64d5a1770f 3f607be9c8cccb04ff271240354b48285f25377662bb326bad8930ac2903a2b9 HTTP Headers `GET /ajax/libs/Swiper/5.4.4/css/swiper.min.css HTTP/1.1 Host: cdnjs.cloudflare.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0 Accept: text/css,/;q=0.1 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br DNT: 1 Connection: keep-alive Referer: https://1hd.sh/ Sec-Fetch-Dest: style Sec-Fetch-Mode: no-cors Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache` HTTP/2 200 OK date: Wed, 30 Apr 2025 22:42:25 GMT content-type: text/css; charset=utf-8 content-length: 3569 access-control-allow-origin: * cache-control: public, max-age=30672000 content-encoding: br etag: "5ee8d6b2-356d" last-modified: Tue, 16 Jun 2020 14:26:58 GMT cf-cdnjs-via: cfworker/kv cross-origin-resource-policy: cross-origin timing-allow-origin: * x-content-type-options: nosniff vary: Accept-Encoding cf-cache-status: HIT age: 201274 expires: Mon, 20 Apr 2026 22:42:25 GMT accept-ranges: bytes report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=0wU8UVRZA1s6s%2BeoDa2jKqIZQO39fvnN%2Bw4VJ%2B7xF65BfpkOqT6KfNqX8rGDTs4fWzH3T3lKeN9m2A1S%2BWcB0O5fPpjMeuOP2GBVpY7QG%2FhkT4HI3yC6OHx2imB%2FbiW6yqI5lTuD"}],"group":"cf-nel","max_age":604800} nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800} strict-transport-security: max-age=15780000 server: cloudflare cf-ray: 938a8d5c8eab56c9-OSL alt-svc: h3=":443"; ma=86400 X-Firefox-Spdy: h2

	1hd.sh/assets/css/sweetalert.css	172.67.140.43	200 OK	15 kB
URL GET 1hd.sh/assets/css/sweetalert.css IP 172.67.140.43:443 ASN #13335 CLOUDFLARENET Requested by https://1hd.sh/ Certificate IssuerGoogle Trust Services Subject1hd.sh Fingerprint66:51:A8:05:23:C1:BB:7C:C6:BC:51:55:80:7A:33:4C:04:5F:70:DE ValidityThu, 24 Apr 2025 09:39:47 GMT - Wed, 23 Jul 2025 10:38:14 GMT File type ASCII text, with very long lines (12616), with CRLF line terminators Size 15 kB (15303 bytes) Hash 8c8a9a2a618582e621499ae884a3d7c4 71aa7d1105318554f11033e004888cd1943fcf51 ebd7eef3117c94ff9a0244240540d26596cc4940e8d29f703595dca12d40c9c6 HTTP Headers `GET /assets/css/sweetalert.css HTTP/1.1 Host: 1hd.sh User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0 Accept: text/css,/;q=0.1 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br DNT: 1 Connection: keep-alive Referer: https://1hd.sh/ Cookie: PHPSESSID=0kh1mguvgdt5u7ka8uco6sh9la Sec-Fetch-Dest: style Sec-Fetch-Mode: no-cors Sec-Fetch-Site: same-origin Pragma: no-cache Cache-Control: no-cache` HTTP/2 200 OK date: Wed, 30 Apr 2025 22:42:25 GMT content-type: text/css last-modified: Sun, 25 Dec 2022 04:47:31 GMT etag: W/"63a7d5e3-3bc7" x-powered-by: PleskLin age: 3627 cache-control: max-age=14400 cf-cache-status: HIT report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=KwT42MbHI%2BGCnKWDd8HkUWWFVwd3AgN6%2F0r5FMc06%2Fe6Qw7RgAyoKaLWAwE%2FBjSUgwzQ8vP2tMQLlXnOIKwt9uiIQhRd4gAHakZSlKD2BcixySgRmR7DaUI%3D"}],"group":"cf-nel","max_age":604800} nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} vary: Accept-Encoding server: cloudflare cf-ray: 938a8d5c1f7b0b69-OSL content-encoding: br alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=2592&min_rtt=468&rtt_var=4112&sent=18&recv=22&lost=0&retrans=0&sent_bytes=12339&recv_bytes=1684&delivery_rate=13514666&cwnd=256&unsent_bytes=0&cid=5b16e40c59ce04a4&ts=536&x=0" X-Firefox-Spdy: h2

	cdnjs.cloudflare.com/ajax/libs/Swiper/5.4.4/js/swiper.min.js	104.17.25.14	200 OK	141 kB
URL GET cdnjs.cloudflare.com/ajax/libs/Swiper/5.4.4/js/swiper.min.js IP 104.17.25.14:443 ASN #13335 CLOUDFLARENET Requested by https://1hd.sh/ Certificate IssuerGoogle Trust Services Subjectcdnjs.cloudflare.com Fingerprint5D:9B:5B:BE:24:B7:4B:CA:F3:05:47:2F:AB:3F:3C:F7:4E:C3:4D:BC ValidityMon, 24 Mar 2025 12:00:12 GMT - Sun, 22 Jun 2025 13:00:01 GMT File type JavaScript source, ASCII text, with very long lines (65284) Size 141 kB (140929 bytes) Hash cf2fe63069b52d6a5bc1bccdb2626273 c1a56d0735470b2ab51e4dda017eefc281cbd7ce 636ee53e0454d4eff633ac3467f3540087e0ed55f4db06c2ef5f4662302b6329 HTTP Headers `GET /ajax/libs/Swiper/5.4.4/js/swiper.min.js HTTP/1.1 Host: cdnjs.cloudflare.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br DNT: 1 Connection: keep-alive Referer: https://1hd.sh/ Sec-Fetch-Dest: script Sec-Fetch-Mode: no-cors Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache` HTTP/2 200 OK date: Wed, 30 Apr 2025 22:42:25 GMT content-type: application/javascript; charset=utf-8 content-length: 31039 access-control-allow-origin: * cache-control: public, max-age=30672000 content-encoding: br etag: "5ee8d6b2-22681" last-modified: Tue, 16 Jun 2020 14:26:58 GMT cf-cdnjs-via: cfworker/kv cross-origin-resource-policy: cross-origin timing-allow-origin: * x-content-type-options: nosniff vary: Accept-Encoding cf-cache-status: HIT age: 1119448 expires: Mon, 20 Apr 2026 22:42:25 GMT accept-ranges: bytes report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=EAmbWRCPl6cLIxM3lh2dwBlEwEZ6ClvqJwFvBEvQMQ1rvzg3wdWZYdfussWvDGdrzp78JqSX5zaPi0es7T11RoHOQNhsxPZB%2Fgumveajt583fPwMCJJ1Tc6AjF8HYGLmys99Iws5"}],"group":"cf-nel","max_age":604800} nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800} strict-transport-security: max-age=15780000 server: cloudflare cf-ray: 938a8d5c8eac56c9-OSL alt-svc: h3=":443"; ma=86400 X-Firefox-Spdy: h2

	www.googletagmanager.com/gtag/js?id=G-V45H598T28	142.250.74.168	200 OK	382 kB
URL GET www.googletagmanager.com/gtag/js?id=G-V45H598T28 IP 142.250.74.168:443 ASN #15169 GOOGLE Requested by https://1hd.sh/ Certificate IssuerGoogle Trust Services Subject.google-analytics.com FingerprintE4:97:12:2A:2B:30:84:66:33:9D:D6:09:14:D3:8F:CE:3E:20:73:24 ValidityMon, 31 Mar 2025 08:54:37 GMT - Mon, 23 Jun 2025 08:54:36 GMT File type JavaScript source, ASCII text, with very long lines (6129) Size 382 kB (381454 bytes) Hash 00036b60499143b0cb2a5ff3fc8ae2db ebef7ea991687f4cd576458892f4e1cff8ef4b12 7f78dc6a680eff3c4b5425351903ceb3d9e8808f62885277819957f9e3b41d5d HTTP Headers `GET /gtag/js?id=G-V45H598T28 HTTP/1.1 Host: www.googletagmanager.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0 Accept: /* Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br DNT: 1 Connection: keep-alive Referer: https://1hd.sh/ Sec-Fetch-Dest: script Sec-Fetch-Mode: no-cors Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache` HTTP/2 200 OK content-type: application/javascript; charset=UTF-8 access-control-allow-origin: * access-control-allow-credentials: true access-control-allow-headers: Cache-Control content-encoding: br vary: Accept-Encoding date: Wed, 30 Apr 2025 22:42:25 GMT expires: Wed, 30 Apr 2025 22:42:25 GMT cache-control: private, max-age=900 strict-transport-security: max-age=31536000; includeSubDomains cross-origin-resource-policy: cross-origin content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascgcycc:1072:0 cross-origin-opener-policy-report-only: same-origin; report-to=ascgcycc:1072:0 report-to: {"group":"ascgcycc:1072:0","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascgcycc:1072:0"}],} server: Google Tag Manager content-length: 127125 x-xss-protection: 0 alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 X-Firefox-Spdy: h2

	youradexchange.com/script/suurl5.php?r=9795762&atag=1&cbur=0.6969160465980706&cbiframe=0&cbWidth=1280&cbHeight=1024&cbtitle=1HD%20%7C%20Watch%20Free%20Movies%20online&cbpage=https%3A%2F%2F1hd.sh%2F&cbref=&cbdescription=1HD%20%7C%20Watch%20free%20movies%20online%2C%20free%201HD%20%7C%20Watch%20movies%20online%20in%20hd%2C%20update%20daily%2C%20HD%20quality&cbkeywords=&cbcdn=acscdn.com&ts=1746052946456&atv=60.0&ufp=Linux%20x86_64%2FMozilla%2FNetscape%2Ftrue%2Ffalse%2F1280x10240en-USunknown4824%20bits&srs=ba20a8b2c012ac402448a8b1211e340e&aggr=3&czid=wdeltsiage&ppv=1&ab_test=AdOpt_B_nocapping-2021-12-08v1&cap=0	172.67.177.214	200 OK	1.3 kB
URL GET youradexchange.com/script/suurl5.php?r=9795762&atag=1&cbur=0.6969160465980706&cbiframe=0&cbWidth=1280&cbHeight=1024&cbtitle=1HD%20%7C%20Watch%20Free%20Movies%20online&cbpage=https%3A%2F%2F1hd.sh%2F&cbref=&cbdescription=1HD%20%7C%20Watch%20free%20movies%20online%2C%20free%201HD%20%7C%20Watch%20movies%20online%20in%20hd%2C%20update%20daily%2C%20HD%20quality&cbkeywords=&cbcdn=acscdn.com&ts=1746052946456&atv=60.0&ufp=Linux%20x86_64%2FMozilla%2FNetscape%2Ftrue%2Ffalse%2F1280x10240en-USunknown4824%20bits&srs=ba20a8b2c012ac402448a8b1211e340e&aggr=3&czid=wdeltsiage&ppv=1&ab_test=AdOpt_B_nocapping-2021-12-08v1&cap=0 IP 172.67.177.214:443 ASN #13335 CLOUDFLARENET Requested by https://1hd.sh/ Certificate IssuerGoogle Trust Services Subjectyouradexchange.com Fingerprint15:B3:64:96:16:B0:F4:77:6F:50:C1:66:99:8E:A6:A8:90:64:AD:7E ValidityThu, 03 Apr 2025 15:59:56 GMT - Wed, 02 Jul 2025 16:56:55 GMT File type JSON text data Size 1.3 kB (1252 bytes) Hash 39fe55b35de87b0ee3f2ffc9b456a130 2a73c12a6e027d5578fbe96bb9b342bd1e802532 aef4bfa818ff13441fb770ca61151a2945cb2af21841366888397280db0fb6ad HTTP Headers GET /script/suurl5.php?r=9795762&atag=1&cbur=0.6969160465980706&cbiframe=0&cbWidth=1280&cbHeight=1024&cbtitle=1HD%20%7C%20Watch%20Free%20Movies%20online&cbpage=https%3A%2F%2F1hd.sh%2F&cbref=&cbdescription=1HD%20%7C%20Watch%20free%20movies%20online%2C%20free%201HD%20%7C%20Watch%20movies%20online%20in%20hd%2C%20update%20daily%2C%20HD%20quality&cbkeywords=&cbcdn=acscdn.com&ts=1746052946456&atv=60.0&ufp=Linux%20x86_64%2FMozilla%2FNetscape%2Ftrue%2Ffalse%2F1280x10240en-USunknown4824%20bits&srs=ba20a8b2c012ac402448a8b1211e340e&aggr=3&czid=wdeltsiage&ppv=1&ab_test=AdOpt_B_nocapping-2021-12-08v1&cap=0 HTTP/1.1 Host: youradexchange.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Referer: https://1hd.sh/ Origin: https://1hd.sh DNT: 1 Connection: keep-alive Sec-Fetch-Dest: empty Sec-Fetch-Mode: cors Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache HTTP/2 200 OK date: Wed, 30 Apr 2025 22:42:26 GMT content-type: application/json; charset=utf-8 access-control-allow-origin: * access-control-allow-headers: Content-Type access-control-allow-methods: GET, POST, OPTIONS content-encoding: gzip via: 1.1 google cf-cache-status: DYNAMIC vary: accept-encoding report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=C%2B6rvLDyg3UypWBEIKcplK6sV8p6xllT3V3LGJSnq7xaeRjxVnWP%2FCm1%2Fq6xL1JOy7UKTR%2FnJtEVRHKh6qTrR9w0zuQWQK%2BCb4v5dicXhMAjm5W%2FBTu8MC1OdcET9ucrV8xyiWM%3D"}],"group":"cf-nel","max_age":604800} nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server: cloudflare cf-ray: 938a8d638fd95695-OSL alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=3981&min_rtt=427&rtt_var=6761&sent=14&recv=17&lost=0&retrans=0&sent_bytes=4974&recv_bytes=1816&delivery_rate=5983471&cwnd=257&unsent_bytes=0&cid=94fada0f4e41b92d&ts=657&x=0" X-Firefox-Spdy: h2

	imasdk.googleapis.com/js/sdkloader/ima3.js	142.250.74.42	200 OK	460 kB
URL GET imasdk.googleapis.com/js/sdkloader/ima3.js IP 142.250.74.42:443 ASN #15169 GOOGLE Requested by https://1hd.sh/ Certificate IssuerGoogle Trust Services Subjectupload.video.google.com Fingerprint7E:14:87:08:DF:BA:04:65:17:BA:3B:4F:BA:EA:BC:8C:3F:0A:A4:00 ValidityMon, 31 Mar 2025 08:55:43 GMT - Mon, 23 Jun 2025 08:55:42 GMT File type JavaScript source, ASCII text, with very long lines (3426) Size 460 kB (460152 bytes) Hash 6cce99b582d904cd23554af137134da0 e4ba4333e50f76a5ed468bb4f457a3821838820b c831a0530c7a9267d2fa75df214ad7a4b1c4ec9332ad5d913e26076f038685c8 HTTP Headers `GET /js/sdkloader/ima3.js HTTP/1.1 Host: imasdk.googleapis.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br DNT: 1 Connection: keep-alive Referer: https://1hd.sh/ Sec-Fetch-Dest: script Sec-Fetch-Mode: no-cors Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache` HTTP/2 200 OK p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC" timing-allow-origin: * cross-origin-resource-policy: cross-origin vary: Accept-Encoding date: Wed, 30 Apr 2025 22:42:26 GMT expires: Wed, 30 Apr 2025 22:42:26 GMT cache-control: private, max-age=900, stale-while-revalidate=3600 content-type: text/javascript; charset=UTF-8 etag: 2681142086226466766 access-control-allow-origin: * x-content-type-options: nosniff content-disposition: attachment; filename="f.txt" content-encoding: br server: cafe content-length: 145179 x-xss-protection: 0 alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 X-Firefox-Spdy: h2

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

Quad9 DNS

ThreatFox

JavaScript (21)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML