xfantazy.com/video/603ced975ec2cb18b80961dc
172.64.204.27302 Found 0 B URL HTTP/1.1 xfantazy.com/video/603ced975ec2cb18b80961dc
IP 172.64.204.27:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /video/603ced975ec2cb18b80961dc HTTP/1.1
Host: xfantazy.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 302 Found
Date: Fri, 03 Feb 2023 02:45:28 GMT
Content-Length: 0
Connection: keep-alive
location: https://xfantazy.com/video/603ced975ec2cb18b80961dc
cache-control: no-cache
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=eCJukUirZHTaB0NlGzNLL3y4Tb%2FENeeGR6JnA4P%2FbpYYKDIgLv6g5G3brWklFXbx7BMvBjJ%2BvwG7bVBbNf8IKXAoo%2FMDWeVe7MiqF27xyhaEMZ7mojZAj0Ip%2FUKvwyA%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 7937d4a1e8d576ea-LHR
alt-svc: h2=":443"; ma=60
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 7e05c8461bd2dc5a149f71e2c465ea29
705983959c887e243cb55a8a1796757b579ee977
4d9ea085d5dda9dabed11af9847c2b0aa6182358673b356a4e2bd631e22a9922
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "4D9EA085D5DDA9DABED11AF9847C2B0AA6182358673B356A4E2BD631E22A9922"
Last-Modified: Tue, 31 Jan 2023 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6544
Expires: Fri, 03 Feb 2023 04:34:32 GMT
Date: Fri, 03 Feb 2023 02:45:28 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash e935ea42be4feaed61a824b0b903913e
f966cfa80d65a805cb9d7c6a53b3340865d7c51a
eb0ce9ae50d156fe5924b2d77346735e4e93b5240cff301c9aa835bb0b385815
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "EB0CE9AE50D156FE5924B2D77346735E4E93B5240CFF301C9AA835BB0B385815"
Last-Modified: Wed, 01 Feb 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2403
Expires: Fri, 03 Feb 2023 03:25:31 GMT
Date: Fri, 03 Feb 2023 02:45:28 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/
35.241.9.150200 OK 939 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash 30db107dcf4380cef05efea409c2e6a3
96e6a306fbc07299aba64e5c14e2bfca35872fa9
b64051a4a8e346e3c72b2aef77f360a5736ab5e16711d8e0bae3876feaa15b6e
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Type, Alert, Retry-After, Content-Length, Backoff
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Fri, 03 Feb 2023 02:36:09 GMT
content-type: application/json
age: 559
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 9a76feabb767086ae0fa54e0ffbf763f
3655d78994a1e9838340669462728b67c8c12e54
bf215ab858c7785b7c01f7d3d437a918f056f00fe9b065820e1cdd09b7bba8f9
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "BF215AB858C7785B7C01F7D3D437A918F056F00FE9B065820E1CDD09B7BBA8F9"
Last-Modified: Wed, 01 Feb 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5129
Expires: Fri, 03 Feb 2023 04:10:57 GMT
Date: Fri, 03 Feb 2023 02:45:28 GMT
Connection: keep-alive
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain
34.160.144.191200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain
IP 34.160.144.191:0
File type PEM certificate\012- , ASCII text
Hash 7b922915ebf1fa3639b333f994c74f24
144a3f80b98fd0652d4614f24cf6cbbee40f8938
adbb3e06df0e870f5c7a9cb81e8979d4e92735853d75c9b779c06470d4db5d9c
GET /chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: aFuUROiHNuYb+m9wUhZEQA8M0G0v1fBPHOrykEDi+d3pl3ozVLKCK2TCy/DJaZVgl9ughIodvGM=
x-amz-request-id: 7VHHP7XXRTZKCFV3
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Fri, 03 Feb 2023 01:52:13 GMT
age: 3195
last-modified: Mon, 09 Jan 2023 18:04:21 GMT
etag: "7b922915ebf1fa3639b333f994c74f24"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Fri, 03 Feb 2023 02:45:28 GMT
content-type: application/json
content-length: 12
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-expose-headers: content-type
access-control-allow-credentials: true
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
ocsp.pki.goog/s/gts1p5/VPvL6SobR40
142.250.74.99200 OK 471 B URL HTTP/1.1 ocsp.pki.goog/s/gts1p5/VPvL6SobR40
IP 142.250.74.99:0
Hash e99b997230503ee646e88f130937a783
c21dbfe6ccf5ac8f596b918fdd04ee8fcbd4d377
05cb6ccfe8f5ea9065d6bba9331eb86d6ff9bb9254723e77ab57585ca9461a3a
POST /s/gts1p5/VPvL6SobR40 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 03 Feb 2023 02:45:28 GMT
Cache-Control: public, max-age=14400
Server: scaffolding on HTTPServer2
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
35.241.9.150200 OK 329 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Pragma, Backoff, Retry-After, Content-Length, Last-Modified, Expires, Cache-Control, ETag, Alert, Content-Type
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Fri, 03 Feb 2023 02:07:19 GMT
age: 2289
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.99200 OK 471 B IP 142.250.74.99:0
Hash bbeb609cbf32a8842bf96a124588e65e
40c0f548bcb714731f62df5a27cad21adef0463d
502c60a18a13b84598933731d182aafd4b83576bfc56451b36f9238c621a571d
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 03 Feb 2023 02:45:28 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/s/gts1p5/VPvL6SobR40
142.250.74.99200 OK 471 B URL HTTP/1.1 ocsp.pki.goog/s/gts1p5/VPvL6SobR40
IP 142.250.74.99:0
Hash e99b997230503ee646e88f130937a783
c21dbfe6ccf5ac8f596b918fdd04ee8fcbd4d377
05cb6ccfe8f5ea9065d6bba9331eb86d6ff9bb9254723e77ab57585ca9461a3a
POST /s/gts1p5/VPvL6SobR40 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 03 Feb 2023 02:45:28 GMT
Cache-Control: public, max-age=14400
Server: scaffolding on HTTPServer2
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 8913af0be619500295008bb91f506660
a7b8068ba9aa506205a295b24458c2616997a0d1
6a9838d00256431807ca382fc205064b07c08d5054f2895c2ae3cc4e9094179a
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "6A9838D00256431807CA382FC205064B07C08D5054F2895C2AE3CC4E9094179A"
Last-Modified: Wed, 01 Feb 2023 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12896
Expires: Fri, 03 Feb 2023 06:20:24 GMT
Date: Fri, 03 Feb 2023 02:45:28 GMT
Connection: keep-alive
xfantazy.com/_next/static/chunks/59.edff5ae0d8d83054b552.js
172.64.204.27200 OK 2.0 kB URL HTTP/2 xfantazy.com/_next/static/chunks/59.edff5ae0d8d83054b552.js
IP 172.64.204.27:0
File type ASCII text, with very long lines (3211), with no line terminators
Hash 35b8c25c2052f80881a8939e181fb222
e018c08ef5dfb8c10d3108f10e15f3475143b824
9f1ac54cb414cceaa955be54ec71ec5c6f6fedf494b693d4fb4b274dbf89197a
GET /_next/static/chunks/59.edff5ae0d8d83054b552.js HTTP/1.1
Host: xfantazy.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/video/603ced975ec2cb18b80961dc
Cookie: visitorId=7q0rjrynv79mbyk87zcws; experiment-popup-payment-7=0; experiment-save-to-button-2=0
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Fri, 03 Feb 2023 02:45:28 GMT
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=31536000, immutable
cf-bgj: minify
etag: W/"c8b-183501608b0"
last-modified: Sun, 18 Sep 2022 10:12:44 GMT
vary: Origin, Accept-Encoding
cf-cache-status: HIT
age: 8623308
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=qraanwM%2FpxhPf%2FrTapjbpBEaltrIZ32QpxGvxO3kcdjtbOYTIOZt8%2FPfGvyrUF%2FeOUtDb6Qo5zikZfF60Gj%2FnMgQRD8sjNhw4qlSp3jg4CgMDla7PbeTetcrXEhKJWc%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7937d4a719cd72f0-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.sectigo.com/
172.64.155.188200 OK 472 B IP 172.64.155.188:0
Hash fd6a8ea54d6522ccb41d11c88d2d081b
ad435cb1713904e120b9741183c5123454858f9f
1641554ff367f334d6dab0d87f29f8c1746249c5c65d1bf8605ef9b461376dc0
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 03 Feb 2023 02:45:28 GMT
Content-Type: application/ocsp-response
Content-Length: 472
Connection: keep-alive
Last-Modified: Tue, 31 Jan 2023 15:14:23 GMT
Expires: Tue, 07 Feb 2023 15:14:22 GMT
Etag: "ad435cb1713904e120b9741183c5123454858f9f"
Cache-Control: max-age=389933,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb1
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 7937d4a7da9fb4fd-OSL
xfantazy.com/static/logo-tv-light.svg
172.64.204.27200 OK 1.8 kB URL HTTP/2 xfantazy.com/static/logo-tv-light.svg
IP 172.64.204.27:0
File type SVG Scalable Vector Graphics image\012- , ASCII text, with very long lines (1395)
Hash 5177e7ffe5d7d6259a3ca9e9801b8ad9
fcff25282122ae8f7fcf7c15dcbd7f136895dd9c
87029e790d4f7e4f6a6bd1796024f01aacf88e33fb1a86cfd1293b7b582665a5
GET /static/logo-tv-light.svg HTTP/1.1
Host: xfantazy.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/video/603ced975ec2cb18b80961dc
Cookie: visitorId=7q0rjrynv79mbyk87zcws; experiment-popup-payment-7=0; experiment-save-to-button-2=0
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Fri, 03 Feb 2023 02:45:28 GMT
content-type: image/svg+xml
vary: Origin, Accept-Encoding
cache-control: public, max-age=14400
last-modified: Thu, 26 Jan 2023 06:25:59 GMT
etag: W/"101b-185ecc12645"
cf-cache-status: EXPIRED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=E0d3g6U%2FKIfVCDirztjXVXFeUf7Q5E55ru6O3dp1DleL0Rvkzfwv8%2FH6cUeZGWD4Nj698my7PshrAgIDF34yQq597PpOxsq7r8wUwpK9PTUBaMq%2B8zEL8JL1dO%2B5NBs%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7937d4a749d972f0-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
static-cache.k2s.cc/thumbnail/ILmRv3-ky_jq8G2Q_g/w320h240/0.jpeg
188.72.235.185200 OK 10 kB URL HTTP/2 static-cache.k2s.cc/thumbnail/ILmRv3-ky_jq8G2Q_g/w320h240/0.jpeg
IP 188.72.235.185:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v80), quality = 80", baseline, precision 8, 320x240, components 3\012- data
Hash 9bbb82962c1ae663c6b00d758f4ac4c1
35fe65d0a2d7ba55f0299f0a10cca534a570d6d7
c36260e6cef8dfdd4d4185f45a0853541a6945267de06cf8d002cb4223b1aaa3
GET /thumbnail/ILmRv3-ky_jq8G2Q_g/w320h240/0.jpeg HTTP/1.1
Host: static-cache.k2s.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: openresty
date: Fri, 03 Feb 2023 02:45:28 GMT
content-type: image/jpeg
content-length: 10044
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
access-control-allow-origin: *
x-cache-status: HIT
X-Firefox-Spdy: h2
static-cache.k2s.cc/thumbnail/drzF6HL0zavp_T6Vrg/w320h240/0.jpeg
188.72.235.185200 OK 9.4 kB URL HTTP/2 static-cache.k2s.cc/thumbnail/drzF6HL0zavp_T6Vrg/w320h240/0.jpeg
IP 188.72.235.185:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v80), quality = 80", baseline, precision 8, 320x240, components 3\012- data
Hash 4deef0960460af17af1de5a6da291fe6
29a462d2b167b708b0a1cb4a4541edd67b431a09
5ef6130af0e09d79dda3bb20ac2749c82d88398f5a569bc3c4a0eec8303091b1
GET /thumbnail/drzF6HL0zavp_T6Vrg/w320h240/0.jpeg HTTP/1.1
Host: static-cache.k2s.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: openresty
date: Fri, 03 Feb 2023 02:45:28 GMT
content-type: image/jpeg
content-length: 9366
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
access-control-allow-origin: *
x-cache-status: HIT
X-Firefox-Spdy: h2
static-cache.k2s.cc/thumbnail/dbnF7HSlzKru-zXE_g/w320h240/0.jpeg
188.72.235.185200 OK 12 kB URL HTTP/2 static-cache.k2s.cc/thumbnail/dbnF7HSlzKru-zXE_g/w320h240/0.jpeg
IP 188.72.235.185:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v80), quality = 80", baseline, precision 8, 320x240, components 3\012- data
Hash d583640a414f270882a04dc2d95f18ec
322577c3cad3fd3b187da1a4cef4e0b4a2b698bd
135dbe85ed362082f9ab6f8852c1fdf8ec2f8f894ab8d825274c53c2ee93818c
GET /thumbnail/dbnF7HSlzKru-zXE_g/w320h240/0.jpeg HTTP/1.1
Host: static-cache.k2s.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: openresty
date: Fri, 03 Feb 2023 02:45:28 GMT
content-type: image/jpeg
content-length: 11901
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
access-control-allow-origin: *
x-cache-status: HIT
X-Firefox-Spdy: h2
xfantazy.com/_next/static/chunks/69.b3ff95d1d1b8e7cf25a2.js
172.64.204.27200 OK 17 kB URL HTTP/2 xfantazy.com/_next/static/chunks/69.b3ff95d1d1b8e7cf25a2.js
IP 172.64.204.27:0
File type ASCII text, with very long lines (1564), with no line terminators
Hash aaa942e41088d78843ff62433bc94177
e4f32f7ab73b89f1bb8790bdf9c65c56df802f20
e9ae722deb776089c31d1d182f74589f6a5216efeb8883f02939400b06fc37ef
GET /_next/static/chunks/69.b3ff95d1d1b8e7cf25a2.js HTTP/1.1
Host: xfantazy.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/video/603ced975ec2cb18b80961dc
Cookie: visitorId=7q0rjrynv79mbyk87zcws; experiment-popup-payment-7=0; experiment-save-to-button-2=0
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Fri, 03 Feb 2023 02:45:28 GMT
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=31536000, immutable
cf-bgj: minify
etag: W/"61c-183501608b4"
last-modified: Sun, 18 Sep 2022 10:12:44 GMT
vary: Origin, Accept-Encoding
cf-cache-status: HIT
age: 8623279
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=73sUKuYo%2BAJTlUxr%2B83FpICVMdrpEzRVZl%2BwDyVYJC5dcNWgST8M3txfujUTxDk4aM42cfHcL7GNbEZrPRfPr57G2anZ%2BXyVDHZCSwoPJyNYH7o8UKtBK6g3fjrOBiM%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7937d4a719d072f0-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
xfantazy.com/_next/static/chunks/9.be198c87e436634bf765.js
172.64.204.27200 OK 27 kB URL HTTP/2 xfantazy.com/_next/static/chunks/9.be198c87e436634bf765.js
IP 172.64.204.27:0
File type ASCII text, with very long lines (40085), with no line terminators
Hash 6ac013c1364e6bbb95c06f44337b2830
c8181acb27a7606a093168f9945d88147792f007
6247eb0fdc301b3c7e494f55b5bd27d2a771f119dc3b8506c9db8748d31a1753
GET /_next/static/chunks/9.be198c87e436634bf765.js HTTP/1.1
Host: xfantazy.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/video/603ced975ec2cb18b80961dc
Cookie: visitorId=7q0rjrynv79mbyk87zcws; experiment-popup-payment-7=0; experiment-save-to-button-2=0
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Fri, 03 Feb 2023 02:45:28 GMT
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=31536000, immutable
cf-bgj: minify
etag: W/"9c95-185ecc5d3f1"
last-modified: Thu, 26 Jan 2023 06:31:05 GMT
vary: Origin, Accept-Encoding
cf-cache-status: HIT
age: 645811
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=MNPHHpL7iqW%2Foc0iKq%2FeNPwTkhcV56mpqX%2F91oS5szgHu8ezV1h%2B76YT1GRMcNXBsFYu9sfPE5r%2B4czIco%2BNy3hAVrgGb4LOitG54LpiEVrtuZQyzg%2FYkbmBwAhZvN4%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7937d4a719c972f0-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
static-cache.k2s.cc/thumbnail/Ie2RvCLzyKfq-26Xqg/w320h240/0.jpeg
188.72.235.185200 OK 7.6 kB URL HTTP/2 static-cache.k2s.cc/thumbnail/Ie2RvCLzyKfq-26Xqg/w320h240/0.jpeg
IP 188.72.235.185:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v80), quality = 80", baseline, precision 8, 320x240, components 3\012- data
Hash 0d3555dd4a9b55deaad34c99cf13e861
1c187014a157c2954398b4af1343738388b24f0f
293d1bc27ce07b9936a37e279145baf5de7e0376fb95b259233965bcbfb3e94e
GET /thumbnail/Ie2RvCLzyKfq-26Xqg/w320h240/0.jpeg HTTP/1.1
Host: static-cache.k2s.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: openresty
date: Fri, 03 Feb 2023 02:45:28 GMT
content-type: image/jpeg
content-length: 7558
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
access-control-allow-origin: *
x-cache-status: HIT
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.99200 OK 472 B IP 142.250.74.99:0
Hash 9c45ea25709afbea416f215ee34611b0
117c52c0ee3ff15a2485c0b1e39cc12c7c2021ed
7fbc3c806c7fc6d70d70b55723dbbfc00698b14fcad55014218bc5e03e92a118
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 03 Feb 2023 02:45:29 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.99200 OK 471 B IP 142.250.74.99:0
Hash e3383a870b280d28b1d924543e6128af
0e9ccaf308e10ae68774fe0d32e10d063f379e7d
093a4523b327faf080d2d200d6e8d9e615abe6e048a72d70c3bc8e9f89cc50bf
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 03 Feb 2023 02:45:29 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
xfantazy.com/_next/static/runtime/webpack-f6e00aacd372b5a1ee4b.js
172.64.204.27200 OK 42 kB URL HTTP/2 xfantazy.com/_next/static/runtime/webpack-f6e00aacd372b5a1ee4b.js
IP 172.64.204.27:0
File type ASCII text, with very long lines (12210), with no line terminators
Hash b14c67a62ab79a12c85316e24ecd224f
b1a7b8a394d4a1d14cc8a92d5160bd7e91f1304c
29ae9180b0860b495541dae2e65bd1af0f8e25efdb94da6956d179a95942d290
GET /_next/static/runtime/webpack-f6e00aacd372b5a1ee4b.js HTTP/1.1
Host: xfantazy.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/video/603ced975ec2cb18b80961dc
Cookie: visitorId=7q0rjrynv79mbyk87zcws; experiment-popup-payment-7=0; experiment-save-to-button-2=0
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Fri, 03 Feb 2023 02:45:28 GMT
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=31536000, immutable
cf-bgj: minify
etag: W/"2fb2-185ecc5e0e5"
last-modified: Thu, 26 Jan 2023 06:31:09 GMT
vary: Origin, Accept-Encoding
cf-cache-status: HIT
age: 646066
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=I%2BFeTrYCO35zFuG9r6zWMql0pCfdTuNXA%2BD6jPyDn%2F8t7hMN5tpxaW3etVgxLTqr%2FVRqfWWE4UCwinaWZYrtICsthQDdhheZ1q0r4K%2BHXUOUZCz2JeSBxP8cEyQhT2Y%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7937d4a719d172f0-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
xfantazy.com/_next/static/chunks/47.6c9a4510342e4dd3af77.js
172.64.204.27200 OK 55 kB URL HTTP/2 xfantazy.com/_next/static/chunks/47.6c9a4510342e4dd3af77.js
IP 172.64.204.27:0
File type ASCII text, with very long lines (1568), with no line terminators
Hash d356489e62ac17e7d3250b5772a6b371
dd6d5cba555121f57c8a0e3d846a34bc89478e4e
7297f8100b5aea2cc6331c44488fa6f07b070f599a7c46ab30988b859d9dbf0f
GET /_next/static/chunks/47.6c9a4510342e4dd3af77.js HTTP/1.1
Host: xfantazy.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/video/603ced975ec2cb18b80961dc
Cookie: visitorId=7q0rjrynv79mbyk87zcws; experiment-popup-payment-7=0; experiment-save-to-button-2=0
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Fri, 03 Feb 2023 02:45:28 GMT
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=31536000, immutable
cf-bgj: minify
etag: W/"620-1852f08c10f"
last-modified: Tue, 20 Dec 2022 10:16:21 GMT
vary: Origin, Accept-Encoding
cf-cache-status: HIT
age: 2579341
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=9sXGToSvDZnUvU7n0jt82agCInbA%2BDO8eT7fItCxpcDxwe6PBQUfKqt12iqBruK8qYqLOiYKk7RNsokqfrKcI9LUZVqCCVhQYDPOSkT5rNp16V658%2BUOPVUv5U7kCEU%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7937d4a719cf72f0-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.99200 OK 472 B IP 142.250.74.99:0
Hash 9c45ea25709afbea416f215ee34611b0
117c52c0ee3ff15a2485c0b1e39cc12c7c2021ed
7fbc3c806c7fc6d70d70b55723dbbfc00698b14fcad55014218bc5e03e92a118
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 03 Feb 2023 02:45:29 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
xfantazy.com/_next/static/chunks/commons.80405a2d3f491416f5b9.js
172.64.204.27200 OK 401 kB URL HTTP/2 xfantazy.com/_next/static/chunks/commons.80405a2d3f491416f5b9.js
IP 172.64.204.27:0
File type ASCII text, with very long lines (65536), with no line terminators
Size 401 kB (400744 bytes)
Hash ffb8aeb9c48ed238d88fb8382b7c63ee
5656a1e288dbdab448251cb37b39444d81862a11
be4e6e58ba6f8200a7f3938d57031bed0e636c75b30791508dce36ab0a8923c9
GET /_next/static/chunks/commons.80405a2d3f491416f5b9.js HTTP/1.1
Host: xfantazy.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/video/603ced975ec2cb18b80961dc
Cookie: visitorId=7q0rjrynv79mbyk87zcws; experiment-popup-payment-7=0; experiment-save-to-button-2=0
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Fri, 03 Feb 2023 02:45:28 GMT
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=31536000, immutable
cf-bgj: minify
cf-polished: origSize=1388393
etag: W/"152f69-185ecc5d3b2"
last-modified: Thu, 26 Jan 2023 06:31:05 GMT
vary: Origin, Accept-Encoding
cf-cache-status: HIT
age: 677596
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ligvRkFcbYzL4so%2BKuSzqSCF%2BBPgyEFJ2E%2FMgbOq8sMUduNXsZOfuf1i1qopIQ36JBX1I%2BRyhPmQ3P%2BbAj7TXZ%2F%2FKLGy8sWFqgrOSRIoczFfh%2F%2F7DSd7go%2FUrmPE6A8%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7937d4a719c572f0-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.sectigo.com/
172.64.155.188200 OK 472 B IP 172.64.155.188:0
Hash fd6a8ea54d6522ccb41d11c88d2d081b
ad435cb1713904e120b9741183c5123454858f9f
1641554ff367f334d6dab0d87f29f8c1746249c5c65d1bf8605ef9b461376dc0
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 03 Feb 2023 02:45:29 GMT
Content-Type: application/ocsp-response
Content-Length: 472
Connection: keep-alive
Last-Modified: Tue, 31 Jan 2023 15:14:23 GMT
Expires: Tue, 07 Feb 2023 15:14:22 GMT
Etag: "ad435cb1713904e120b9741183c5123454858f9f"
Cache-Control: max-age=389932,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb4
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 7937d4a7f8d4b517-OSL
push.services.mozilla.com/
52.13.249.229101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 52.13.249.229:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: qGTaR+lfn/sMSCYAln6k9w==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: uW/oY7h5Il1zCh3eUxqWzWYkmvo=
www.google-analytics.com/analytics.js
142.250.74.46200 OK 20 kB URL HTTP/2 www.google-analytics.com/analytics.js
IP 142.250.74.46:0
File type ASCII text, with very long lines (1490)
Hash ca7fbbfd120e3e329633044190bbf134
d17f81e03dd827554ddd207ea081fb46b3415445
847004cefb32f85a9cc16b0b1eb77529ff5753680c145bfcb23f651d214737db
GET /analytics.js HTTP/1.1
Host: www.google-analytics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 20085
date: Fri, 03 Feb 2023 01:45:20 GMT
expires: Fri, 03 Feb 2023 03:45:20 GMT
cache-control: public, max-age=7200
age: 3609
last-modified: Tue, 10 Jan 2023 21:29:14 GMT
content-type: text/javascript
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
cdn.jsdelivr.net/npm/yandex-metrica-watch/tag.js
151.101.129.229200 OK 86 kB URL HTTP/2 cdn.jsdelivr.net/npm/yandex-metrica-watch/tag.js
IP 151.101.129.229:0
File type Unicode text, UTF-8 (with BOM) text, with very long lines (659)
Hash ddf45926107f7a74103f5d00d3bf564c
03c2b22623ccf1d593513956829f891ff07f3169
c709076ef37b9b1720b78c124e329645762b476d566ed204a23cadd762e9c580
GET /npm/yandex-metrica-watch/tag.js HTTP/1.1
Host: cdn.jsdelivr.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: *
timing-allow-origin: *
cache-control: public, max-age=604800, s-maxage=43200
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/javascript; charset=utf-8
x-jsd-version: 1.257.0
x-jsd-version-type: version
etag: W/"34e3a-eIUrj6hD3pmnKAQZCp7YaNtM0Rc"
content-encoding: gzip
accept-ranges: bytes
date: Fri, 03 Feb 2023 02:45:29 GMT
age: 4137
x-served-by: cache-fra-eddf8230060-FRA, cache-bma1675-BMA
x-cache: HIT, HIT
vary: Accept-Encoding
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 85751
X-Firefox-Spdy: h2
ocsp.globalsign.com/ca/gsatlasr3dvtlsca2022q4
104.18.20.226200 OK 40 kB URL HTTP/1.1 ocsp.globalsign.com/ca/gsatlasr3dvtlsca2022q4
IP 104.18.20.226:0
Hash f3c57c7c72c22fe5a88619c46d59182d
f6b3c435e1501a9091a1e7c0ecd9cc0dfb26f3b7
4a9af4907d41cbcb3c1d6b9b74322dd3bcbf5462a17ba457e1eac204f874c9ca
POST /ca/gsatlasr3dvtlsca2022q4 HTTP/1.1
Host: ocsp.globalsign.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 03 Feb 2023 02:45:29 GMT
Content-Type: application/ocsp-response
Transfer-Encoding: chunked
Connection: keep-alive
Etag: "D09DD5A32358C9687160E9FF471748EEC8E61095"
Expires: Fri, 03 Feb 2023 13:00:00 GMT
Last-Modified: Fri, 03 Feb 2023 01:00:00 UTC
Cache-Control: s-maxage=3600, public, no-transform, must-revalidate
CF-Cache-Status: HIT
Age: 2719
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 7937d4ac2b46b51b-OSL
r3.o.lencr.org/
23.36.77.32200 OK 897 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash dad1bb02c5cd79c14aa2fd72fb800ad9
7799b84a1a52876007ce7440732c03eb59ff2e7a
4b8fc5a83ca4211de90eb683e0ea781a7e3cc28bb1a380d7d8fa1382f32928b7
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "00BC0610A20FC536E42AB9FB6A043FBE00C4A29463DD33FACCBA929774EC2DA8"
Last-Modified: Wed, 01 Feb 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=14845
Expires: Fri, 03 Feb 2023 06:52:54 GMT
Date: Fri, 03 Feb 2023 02:45:29 GMT
Connection: keep-alive
exploredefinitely.com/a2/f9/90/a2f990f10476061c719d1c1aa3a2ecd2.js
192.243.61.225200 OK 13 kB URL HTTP/1.1 exploredefinitely.com/a2/f9/90/a2f990f10476061c719d1c1aa3a2ecd2.js
IP 192.243.61.225:0
ASN #39572 DataWeb Global Group B.V.
File type ASCII text, with very long lines (37191), with no line terminators
Hash 746d223f6e4c7dc75ac50ee0a89ca979
86d294794a986d512dcb0a7f47b363b9d4fc30d6
e647dbcb46ace42990243147ab9b336f3b6ddbd993dfa052219d8a8faa27f79e
GET /a2/f9/90/a2f990f10476061c719d1c1aa3a2ecd2.js HTTP/1.1
Host: exploredefinitely.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Fri, 03 Feb 2023 02:45:30 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 9c2c82455c3becbbc3e96577474011cf
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
ocsp.sectigo.com/
172.64.155.188200 OK 472 B IP 172.64.155.188:0
Hash fd6a8ea54d6522ccb41d11c88d2d081b
ad435cb1713904e120b9741183c5123454858f9f
1641554ff367f334d6dab0d87f29f8c1746249c5c65d1bf8605ef9b461376dc0
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 03 Feb 2023 02:45:30 GMT
Content-Type: application/ocsp-response
Content-Length: 472
Connection: keep-alive
Last-Modified: Tue, 31 Jan 2023 15:14:23 GMT
Expires: Tue, 07 Feb 2023 15:14:22 GMT
Etag: "ad435cb1713904e120b9741183c5123454858f9f"
Cache-Control: max-age=389932,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb5
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 7937d4a7fedb0b31-OSL
ocsp.globalsign.com/gseccovsslca2018
104.18.20.226200 OK 1.9 kB URL HTTP/1.1 ocsp.globalsign.com/gseccovsslca2018
IP 104.18.20.226:0
Hash f391b4a4a1efda97a242cb18aeb6e49b
f97198cc556d341d10ed2108e65fc639c9922b98
18f5afc99739cb59adcad2e68257768a4769f85e890c78007f31006f02f045bb
POST /gseccovsslca2018 HTTP/1.1
Host: ocsp.globalsign.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 79
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 03 Feb 2023 02:45:30 GMT
Content-Type: application/ocsp-response
Content-Length: 938
Connection: keep-alive
Expires: Mon, 06 Feb 2023 22:34:27 GMT
ETag: "f0c89247d4dd3c067825a4f052012750757004c6"
Last-Modified: Thu, 02 Feb 2023 22:34:28 GMT
Cache-Control: public, no-transform, must-revalidate, s-maxage=3600
CF-Cache-Status: HIT
Age: 2202
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 7937d4afaca8b51b-OSL
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 3ec8b878955719e846affdf101852ff1
e1da96f8a801899e2987a00df071b556b279e8a9
570c9998c39a1a0bd1203a11db10a473f7b5eb89f54776ef1e40ffc7037d8351
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "570C9998C39A1A0BD1203A11DB10A473F7B5EB89F54776EF1E40FFC7037D8351"
Last-Modified: Wed, 01 Feb 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11656
Expires: Fri, 03 Feb 2023 05:59:46 GMT
Date: Fri, 03 Feb 2023 02:45:30 GMT
Connection: keep-alive
e1.o.lencr.org/
23.36.77.32200 OK 345 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash b5a404b308fa06356367c560e850e1bc
62a5d88a31451b0387e6444c079b6175fa8065a0
f0896232da72586ab3db7427040e653b271df7da7f4c192f44d1b38392702598
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "F0896232DA72586AB3DB7427040E653B271DF7DA7F4C192F44D1B38392702598"
Last-Modified: Fri, 03 Feb 2023 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12656
Expires: Fri, 03 Feb 2023 06:16:26 GMT
Date: Fri, 03 Feb 2023 02:45:30 GMT
Connection: keep-alive
mc.yandex.ru/watch/49415098?wmode=7&page-url=https%3A%2F%2Fxfantazy.com%2Fvideo%2F603ced975ec2cb18b80961dc&charset=utf-8&browser-info=pv%3A1%3Avf%3A14qzoz81s4a176hik6jd9j%3Afp%3A1233%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A960%3Acn%3A1%3Adp%3A0%3Als%3A1417269631422%3Ahid%3A63019764%3Az%3A0%3Ai%3A20230203024558%3Aet%3A1675392359%3Ac%3A1%3Arn%3A302642671%3Arqn%3A1%3Au%3A1675392359143039795%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ads%3A0%2C167%2C306%2C0%2C393%2C0%2C%2C217%2C8%2C%2C%2C%2C1221%3Aco%3A0%3Ans%3A1675392356753%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1675392359%3At%3AAbella%20Danger%20(So%20Fresh%20%26%20So%20Clean)%5BHOT%20BABES%20-%20www.LOVELY-MILF.com%20Video%5D%20-%20XFantazy.com&t=gdpr(14)clc(0-0-0)rqnt(1)aw(1)fip(1)ti(2)
87.250.250.119302 Found 419 B URL HTTP/2 mc.yandex.ru/watch/49415098?wmode=7&page-url=https%3A%2F%2Fxfantazy.com%2Fvideo%2F603ced975ec2cb18b80961dc&charset=utf-8&browser-info=pv%3A1%3Avf%3A14qzoz81s4a176hik6jd9j%3Afp%3A1233%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A960%3Acn%3A1%3Adp%3A0%3Als%3A1417269631422%3Ahid%3A63019764%3Az%3A0%3Ai%3A20230203024558%3Aet%3A1675392359%3Ac%3A1%3Arn%3A302642671%3Arqn%3A1%3Au%3A1675392359143039795%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ads%3A0%2C167%2C306%2C0%2C393%2C0%2C%2C217%2C8%2C%2C%2C%2C1221%3Aco%3A0%3Ans%3A1675392356753%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1675392359%3At%3AAbella%20Danger%20(So%20Fresh%20%26%20So%20Clean)%5BHOT%20BABES%20-%20www.LOVELY-MILF.com%20Video%5D%20-%20XFantazy.com&t=gdpr(14)clc(0-0-0)rqnt(1)aw(1)fip(1)ti(2)
IP 87.250.250.119:0
File type JSON data\012- , ASCII text, with very long lines (419), with no line terminators
Hash 7e194000c2ac822c4bec4a23de9d2fc2
2768fb0c33d2494e4d2ace9649478a36224e6349
34cab5f9d6ae0d23b095e7a00d459a9f9bcc24a6fc97a5a899862cdcf950cd15
GET /watch/49415098?wmode=7&page-url=https%3A%2F%2Fxfantazy.com%2Fvideo%2F603ced975ec2cb18b80961dc&charset=utf-8&browser-info=pv%3A1%3Avf%3A14qzoz81s4a176hik6jd9j%3Afp%3A1233%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A960%3Acn%3A1%3Adp%3A0%3Als%3A1417269631422%3Ahid%3A63019764%3Az%3A0%3Ai%3A20230203024558%3Aet%3A1675392359%3Ac%3A1%3Arn%3A302642671%3Arqn%3A1%3Au%3A1675392359143039795%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ads%3A0%2C167%2C306%2C0%2C393%2C0%2C%2C217%2C8%2C%2C%2C%2C1221%3Aco%3A0%3Ans%3A1675392356753%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1675392359%3At%3AAbella%20Danger%20(So%20Fresh%20%26%20So%20Clean)%5BHOT%20BABES%20-%20www.LOVELY-MILF.com%20Video%5D%20-%20XFantazy.com&t=gdpr(14)clc(0-0-0)rqnt(1)aw(1)fip(1)ti(2) HTTP/1.1
Host: mc.yandex.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://xfantazy.com
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
location: /watch/49415098/1?wmode=7&page-url=https%3A%2F%2Fxfantazy.com%2Fvideo%2F603ced975ec2cb18b80961dc&charset=utf-8&browser-info=pv%3A1%3Avf%3A14qzoz81s4a176hik6jd9j%3Afp%3A1233%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A960%3Acn%3A1%3Adp%3A0%3Als%3A1417269631422%3Ahid%3A63019764%3Az%3A0%3Ai%3A20230203024558%3Aet%3A1675392359%3Ac%3A1%3Arn%3A302642671%3Arqn%3A1%3Au%3A1675392359143039795%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ads%3A0%2C167%2C306%2C0%2C393%2C0%2C%2C217%2C8%2C%2C%2C%2C1221%3Aco%3A0%3Ans%3A1675392356753%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1675392359%3At%3AAbella%20Danger%20%28So%20Fresh%20%26%20So%20Clean%29%5BHOT%20BABES%20-%20www.LOVELY-MILF.com%20Video%5D%20-%20XFantazy.com&t=gdpr%2814%29clc%280-0-0%29rqnt%281%29aw%281%29fip%281%29ti%282%29
date: Fri, 03 Feb 2023 02:45:30 GMT
access-control-allow-origin: https://xfantazy.com
set-cookie: yabs-sid=2240106371675392330; Path=/; SameSite=None; Secure
i=aGGmRhr7GmNFllT0puDXklRO93e8VvUZH7VrkOIzG6mzdh6TYRuyV4AuiFAcuPF7dcB4rfZIqBdFWd6MW5nuhrFYSE8=; Expires=Mon, 31-Jan-2033 02:45:27 GMT; Domain=.yandex.ru; Path=/; Secure; HttpOnly; SameSite=None
yandexuid=2815841751675392330; Expires=Sat, 03-Feb-2024 02:45:30 GMT; Domain=.yandex.ru; Path=/; SameSite=None; Secure
yuidss=2815841751675392330; Expires=Sat, 03-Feb-2024 02:45:30 GMT; Domain=.yandex.ru; Path=/; SameSite=None; Secure
ymex=1706928330.yc.1675392330#1706928330.yrts.1675392330#1706928330.yrtsi.1675392330; Expires=Sat, 03-Feb-2024 02:45:30 GMT; Domain=.yandex.ru; Path=/; SameSite=None; Secure
access-control-allow-credentials: true
pragma: no-cache
x-xss-protection: 1; mode=block
expires: Fri, 03-Feb-2023 02:45:30 GMT
last-modified: Fri, 03-Feb-2023 02:45:30 GMT
accept-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
ocsp.sca1b.amazontrust.com/
143.204.42.156200 OK 471 B URL HTTP/1.1 ocsp.sca1b.amazontrust.com/
IP 143.204.42.156:0
Hash 3f11c62617c2bee07a8ed3cf82151243
ba58aa99e6fda4e73216a5b6a382dfd4f1f5b33a
a0b39826bd54ed8244e2c90f71d51146feaba0b9100446256479344837c50228
POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=131335
Date: Fri, 03 Feb 2023 02:45:30 GMT
Etag: "63dbbb1a-1d7"
Expires: Sat, 04 Feb 2023 15:14:25 GMT
Last-Modified: Thu, 02 Feb 2023 13:31:06 GMT
Server: ECS (bsa/EB11)
X-Cache: Miss from cloudfront
Via: 1.1 2afd697fc5d0058ea30d6c4b939e714c.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: bCtLd3t1MhlWW2tL3kqHn0JKhMQK7LqcCQCGMYQxulE1jJHy-4yQgA==
Age: 6199
fonts.googleapis.com/css?family=Roboto:100,300,400,500,700&display=swap
142.250.74.170200 OK 872 B URL HTTP/2 fonts.googleapis.com/css?family=Roboto:100,300,400,500,700&display=swap
IP 142.250.74.170:0
Hash b9eac354b7238ebe81e4858079c21da0
e587065df654ea8b3164f9314e55cdafd43d6009
4633644349555122884d1969888a9eff08e21f496a2e3bc6baad788554f8f2e6
GET /css?family=Roboto:100,300,400,500,700&display=swap HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Fri, 03 Feb 2023 02:45:28 GMT
date: Fri, 03 Feb 2023 02:45:28 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash d719402de0cd695e55dab2767247da49
f12f4795987a284820f6785ec16b5032b9861d79
98a14bd950cec10aeb3d76fa956fe13514f52c742adbded7a0fcef218c7195ba
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "98A14BD950CEC10AEB3D76FA956FE13514F52C742ADBDED7A0FCEF218C7195BA"
Last-Modified: Wed, 01 Feb 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=13610
Expires: Fri, 03 Feb 2023 06:32:20 GMT
Date: Fri, 03 Feb 2023 02:45:30 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash d719402de0cd695e55dab2767247da49
f12f4795987a284820f6785ec16b5032b9861d79
98a14bd950cec10aeb3d76fa956fe13514f52c742adbded7a0fcef218c7195ba
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "98A14BD950CEC10AEB3D76FA956FE13514F52C742ADBDED7A0FCEF218C7195BA"
Last-Modified: Wed, 01 Feb 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=13610
Expires: Fri, 03 Feb 2023 06:32:20 GMT
Date: Fri, 03 Feb 2023 02:45:30 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash d719402de0cd695e55dab2767247da49
f12f4795987a284820f6785ec16b5032b9861d79
98a14bd950cec10aeb3d76fa956fe13514f52c742adbded7a0fcef218c7195ba
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "98A14BD950CEC10AEB3D76FA956FE13514F52C742ADBDED7A0FCEF218C7195BA"
Last-Modified: Wed, 01 Feb 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=13610
Expires: Fri, 03 Feb 2023 06:32:20 GMT
Date: Fri, 03 Feb 2023 02:45:30 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash d719402de0cd695e55dab2767247da49
f12f4795987a284820f6785ec16b5032b9861d79
98a14bd950cec10aeb3d76fa956fe13514f52c742adbded7a0fcef218c7195ba
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "98A14BD950CEC10AEB3D76FA956FE13514F52C742ADBDED7A0FCEF218C7195BA"
Last-Modified: Wed, 01 Feb 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=13610
Expires: Fri, 03 Feb 2023 06:32:20 GMT
Date: Fri, 03 Feb 2023 02:45:30 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash d719402de0cd695e55dab2767247da49
f12f4795987a284820f6785ec16b5032b9861d79
98a14bd950cec10aeb3d76fa956fe13514f52c742adbded7a0fcef218c7195ba
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "98A14BD950CEC10AEB3D76FA956FE13514F52C742ADBDED7A0FCEF218C7195BA"
Last-Modified: Wed, 01 Feb 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=13610
Expires: Fri, 03 Feb 2023 06:32:20 GMT
Date: Fri, 03 Feb 2023 02:45:30 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F32d005c4-44bd-4c69-b179-e966a5e62bc4.jpeg
34.120.237.76200 OK 7.7 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F32d005c4-44bd-4c69-b179-e966a5e62bc4.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 08efac01fbe2d2949d81cfa427e8f360
e354cd76c38a72a10eddad9298b43415f8f04ed1
a5edf287aefdfb2f4c33d19b322b2574553fc9f5646f147359a3dcf8c1d75cb1
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F32d005c4-44bd-4c69-b179-e966a5e62bc4.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7700
x-amzn-requestid: 11dd2ef1-f809-4a95-aeef-361cfa745eea
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fYyFIHUVIAMFgbA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d363ba-7841e2a6249f0e5d7aa91c8d;Sampled=0
x-amzn-remapped-date: Fri, 27 Jan 2023 05:40:10 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: 3Sifk75KAGXpZLUjJcgatoWp5WXv_v7gG3bt9-u1xJhXxuhk3g4HzQ==
via: 1.1 d1151317ba32afe0e6370fd69fed222e.cloudfront.net (CloudFront), 1.1 476c2ba6d9f6cd69dbcedbd65688cbc0.cloudfront.net (CloudFront), 1.1 google
date: Thu, 02 Feb 2023 08:59:57 GMT
age: 63933
etag: "e354cd76c38a72a10eddad9298b43415f8f04ed1"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
skiingsettling.com/21/fe/39/21fe3950f412e026c33f1b6cee613eba.js
192.243.61.225200 OK 13 kB URL HTTP/1.1 skiingsettling.com/21/fe/39/21fe3950f412e026c33f1b6cee613eba.js
IP 192.243.61.225:0
ASN #39572 DataWeb Global Group B.V.
File type ASCII text, with very long lines (37167), with no line terminators
Hash 9b1f7ba195349a3cbb39f510ac7a382f
0e761a055a255282287f144f57ada5f99e2d6982
1c19bafb2620b838f4212852448879b2c1c3036444352699679504973c160491
Analyzer Verdict Alert fortinet Malware
quad9 Sinkholed
GET /21/fe/39/21fe3950f412e026c33f1b6cee613eba.js HTTP/1.1
Host: skiingsettling.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Fri, 03 Feb 2023 02:45:30 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 373d802f7596960db447a8f50d597f73
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4d1adf44-5bff-4d36-99c4-8dd0dc2e5ac2.jpeg
34.120.237.76200 OK 9.8 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4d1adf44-5bff-4d36-99c4-8dd0dc2e5ac2.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 352e4166a431e781e56cc7f169c7f8ca
866b76c34076cf2e18c6a071336fcf4f581f3c4d
75ba13b601f4b00c5b091eb29e7f6739ffee3e127bd6d3c4b35cc967bb6d354a
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4d1adf44-5bff-4d36-99c4-8dd0dc2e5ac2.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 9779
x-amzn-requestid: 101b984b-9c04-4d07-b1fe-3d888f4bcd49
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ftcNRFV_oAMF2_w=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63dba721-72679ba0378015034e17b8ca;Sampled=0
x-amzn-remapped-date: Thu, 02 Feb 2023 12:05:53 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: p74tt3doRE9DKoD5cpPKriYPFEQhq7f3Xf8vhgNNz7QhZNIvdc6NQQ==
via: 1.1 5a1753718d8b33365e5f693dd338c510.cloudfront.net (CloudFront), 1.1 ee8246c5442dace7525c74f6a799bb46.cloudfront.net (CloudFront), 1.1 google
date: Thu, 02 Feb 2023 22:05:18 GMT
age: 18896
etag: "866b76c34076cf2e18c6a071336fcf4f581f3c4d"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
mc.yandex.ru/watch/49415098/1?page-url=https%3A%2F%2Fxfantazy.com%2Fvideo%2F603ced975ec2cb18b80961dc&charset=utf-8&hittoken=1675392330_5a043193fcc060e1d089f0759c708b4ef61502435d97100ea21299533187449f&browser-info=pa%3A1%3Aar%3A1%3Avf%3A14qzoz81s4a176hik6jd9j%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A960%3Acn%3A1%3Adp%3A0%3Als%3A1417269631422%3Ahid%3A63019764%3Az%3A0%3Ai%3A20230203024559%3Aet%3A1675392359%3Ac%3A1%3Arn%3A334303218%3Arqn%3A2%3Au%3A1675392359143039795%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Aco%3A0%3Ans%3A1675392356753%3Ast%3A1675392359&t=gdpr(14)mc(p-6)clc(0-0-0)rqnt(2)aw(1)ti(2)
87.250.250.119200 OK 43 B URL HTTP/2 mc.yandex.ru/watch/49415098/1?page-url=https%3A%2F%2Fxfantazy.com%2Fvideo%2F603ced975ec2cb18b80961dc&charset=utf-8&hittoken=1675392330_5a043193fcc060e1d089f0759c708b4ef61502435d97100ea21299533187449f&browser-info=pa%3A1%3Aar%3A1%3Avf%3A14qzoz81s4a176hik6jd9j%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A960%3Acn%3A1%3Adp%3A0%3Als%3A1417269631422%3Ahid%3A63019764%3Az%3A0%3Ai%3A20230203024559%3Aet%3A1675392359%3Ac%3A1%3Arn%3A334303218%3Arqn%3A2%3Au%3A1675392359143039795%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Aco%3A0%3Ans%3A1675392356753%3Ast%3A1675392359&t=gdpr(14)mc(p-6)clc(0-0-0)rqnt(2)aw(1)ti(2)
IP 87.250.250.119:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash df3e567d6f16d040326c7a0ea29a4f41
ea7df583983133b62712b5e73bffbcd45cc53736
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
POST /watch/49415098/1?page-url=https%3A%2F%2Fxfantazy.com%2Fvideo%2F603ced975ec2cb18b80961dc&charset=utf-8&hittoken=1675392330_5a043193fcc060e1d089f0759c708b4ef61502435d97100ea21299533187449f&browser-info=pa%3A1%3Aar%3A1%3Avf%3A14qzoz81s4a176hik6jd9j%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A960%3Acn%3A1%3Adp%3A0%3Als%3A1417269631422%3Ahid%3A63019764%3Az%3A0%3Ai%3A20230203024559%3Aet%3A1675392359%3Ac%3A1%3Arn%3A334303218%3Arqn%3A2%3Au%3A1675392359143039795%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Aco%3A0%3Ans%3A1675392356753%3Ast%3A1675392359&t=gdpr(14)mc(p-6)clc(0-0-0)rqnt(2)aw(1)ti(2) HTTP/1.1
Host: mc.yandex.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Content-Length: 45
Origin: https://xfantazy.com
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-length: 43
date: Fri, 03 Feb 2023 02:45:30 GMT
access-control-allow-origin: https://xfantazy.com
access-control-allow-credentials: true
pragma: no-cache
x-xss-protection: 1; mode=block
expires: Fri, 03-Feb-2023 02:45:30 GMT
last-modified: Fri, 03-Feb-2023 02:45:30 GMT
accept-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
content-type: image/gif
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ffda40dcf-1e5b-4e49-bd65-084935f52db9.jpeg
34.120.237.76200 OK 6.8 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ffda40dcf-1e5b-4e49-bd65-084935f52db9.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash e706db8a6107758a148463e916f2532d
4b0b8cb5ced3e3e67b0320a3bbaecd2176e21b81
673f18036a53f8ff297ef6a63fd094e7c41d90f3960f0e687a741cc7dd3f6172
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ffda40dcf-1e5b-4e49-bd65-084935f52db9.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 6791
x-amzn-requestid: 665115ea-728e-4a55-aaf8-b09db3fa67a2
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ffl96FIzIAMFYGg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d61d25-0abbd7262ca10b7a7d2bf9eb;Sampled=0
x-amzn-remapped-date: Sun, 29 Jan 2023 07:15:49 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: T-OEFTj1rywKfBhEUUD0Rc6pFbk-gyFsETr_fjDQR5WGHAVOBgrB9A==
via: 1.1 446313511980eb02f28ff5a9a4147c0a.cloudfront.net (CloudFront), 1.1 57a21088b36c69a83578b5a5579df58e.cloudfront.net (CloudFront), 1.1 google
date: Thu, 02 Feb 2023 19:18:01 GMT
age: 26849
etag: "4b0b8cb5ced3e3e67b0320a3bbaecd2176e21b81"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F64144d1c-f524-496f-8b52-ba63714dbfc5.jpeg
34.120.237.76200 OK 12 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F64144d1c-f524-496f-8b52-ba63714dbfc5.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash e366b32074025aaf60bbae8bdb08d330
a52c2883bad98fa20333aa639a5dd3a5bf544c8e
9d661c26effaec9efee16833f6459d6ecbe4f77b822c9c46e2a6433bda816e5c
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F64144d1c-f524-496f-8b52-ba63714dbfc5.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 11565
x-amzn-requestid: 87a84ffd-1176-4656-aac4-e98f38ec2cd9
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fboIrFGboAMFyyQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d48704-162ed8114aa1809204500548;Sampled=0
x-amzn-remapped-date: Sat, 28 Jan 2023 02:23:00 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: lsQxPtozrh2Ty1T-3d-1crDfi8HgVKRafOXb1UFl033bCx3kAzTS7w==
via: 1.1 d83ae0e1ba84e92e58bc1efc23a0c652.cloudfront.net (CloudFront), 1.1 caf6806821bc479b28a6f1ce3043b8a6.cloudfront.net (CloudFront), 1.1 google
date: Thu, 02 Feb 2023 21:46:35 GMT
age: 17935
etag: "a52c2883bad98fa20333aa639a5dd3a5bf544c8e"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
mc.yandex.ru/watch/49415098/1?page-url=https%3A%2F%2Fxfantazy.com%2Fvideo%2F603ced975ec2cb18b80961dc&charset=utf-8&hittoken=1675392330_5a043193fcc060e1d089f0759c708b4ef61502435d97100ea21299533187449f&browser-info=pa%3A1%3Aar%3A1%3Avf%3A14qzoz81s4a176hik6jd9j%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A960%3Acn%3A1%3Adp%3A0%3Als%3A1417269631422%3Ahid%3A63019764%3Az%3A0%3Ai%3A20230203024559%3Aet%3A1675392359%3Ac%3A1%3Arn%3A123221065%3Arqn%3A3%3Au%3A1675392359143039795%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Aco%3A0%3Ans%3A1675392356753%3Ast%3A1675392359&t=gdpr(14)mc(p-6)clc(0-0-0)rqnt(3)aw(1)ti(2)
87.250.250.119200 OK 43 B URL HTTP/2 mc.yandex.ru/watch/49415098/1?page-url=https%3A%2F%2Fxfantazy.com%2Fvideo%2F603ced975ec2cb18b80961dc&charset=utf-8&hittoken=1675392330_5a043193fcc060e1d089f0759c708b4ef61502435d97100ea21299533187449f&browser-info=pa%3A1%3Aar%3A1%3Avf%3A14qzoz81s4a176hik6jd9j%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A960%3Acn%3A1%3Adp%3A0%3Als%3A1417269631422%3Ahid%3A63019764%3Az%3A0%3Ai%3A20230203024559%3Aet%3A1675392359%3Ac%3A1%3Arn%3A123221065%3Arqn%3A3%3Au%3A1675392359143039795%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Aco%3A0%3Ans%3A1675392356753%3Ast%3A1675392359&t=gdpr(14)mc(p-6)clc(0-0-0)rqnt(3)aw(1)ti(2)
IP 87.250.250.119:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash df3e567d6f16d040326c7a0ea29a4f41
ea7df583983133b62712b5e73bffbcd45cc53736
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
POST /watch/49415098/1?page-url=https%3A%2F%2Fxfantazy.com%2Fvideo%2F603ced975ec2cb18b80961dc&charset=utf-8&hittoken=1675392330_5a043193fcc060e1d089f0759c708b4ef61502435d97100ea21299533187449f&browser-info=pa%3A1%3Aar%3A1%3Avf%3A14qzoz81s4a176hik6jd9j%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A960%3Acn%3A1%3Adp%3A0%3Als%3A1417269631422%3Ahid%3A63019764%3Az%3A0%3Ai%3A20230203024559%3Aet%3A1675392359%3Ac%3A1%3Arn%3A123221065%3Arqn%3A3%3Au%3A1675392359143039795%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Aco%3A0%3Ans%3A1675392356753%3Ast%3A1675392359&t=gdpr(14)mc(p-6)clc(0-0-0)rqnt(3)aw(1)ti(2) HTTP/1.1
Host: mc.yandex.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Content-Length: 52
Origin: https://xfantazy.com
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-length: 43
date: Fri, 03 Feb 2023 02:45:30 GMT
access-control-allow-origin: https://xfantazy.com
access-control-allow-credentials: true
pragma: no-cache
x-xss-protection: 1; mode=block
expires: Fri, 03-Feb-2023 02:45:30 GMT
last-modified: Fri, 03-Feb-2023 02:45:30 GMT
accept-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
content-type: image/gif
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F8458d532-a4e7-4e54-9165-f01ff92729f5.jpeg
34.120.237.76200 OK 5.3 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F8458d532-a4e7-4e54-9165-f01ff92729f5.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash fe87e986c62630127a7fdd979c802947
28ce91c8643c4bc4dcc4cd26dfc69dc6219ce5bf
770a765c927c0f81d0c41acd45a7a24f5799f9497fcc73489cab4fafbf994bdb
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F8458d532-a4e7-4e54-9165-f01ff92729f5.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 5256
x-amzn-requestid: b0455eb8-b10c-4328-8abe-65c5184f6654
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: frx7uFcooAMFpxQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63dafd17-553139816e1fb7b65e683dc6;Sampled=0
x-amzn-remapped-date: Thu, 02 Feb 2023 00:00:23 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: pwRBB72InX8OP4KXpQKTs9T4iMY0E3hPX8Nko9gd7m1BOm8_DqbRaA==
via: 1.1 8dbfaf7df256a75768461d934659b6b2.cloudfront.net (CloudFront), 1.1 570075675953459325e00b7bcd171df2.cloudfront.net (CloudFront), 1.1 google
date: Thu, 02 Feb 2023 21:46:56 GMT
age: 17914
etag: "28ce91c8643c4bc4dcc4cd26dfc69dc6219ce5bf"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Feed96488-989b-49ab-8eef-5c9dea89a5ca.jpeg
34.120.237.76200 OK 5.9 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Feed96488-989b-49ab-8eef-5c9dea89a5ca.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 5314f1087266189144982b464f4aa7a6
438b5a17b9060f6825331348aa3797ab1c15895d
fb7d5ec834d28c99f6430703c002c24a9caf50b7701a369cbd69e51576f1e73c
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Feed96488-989b-49ab-8eef-5c9dea89a5ca.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 5898
x-amzn-requestid: 50d6181d-6804-48ab-bc38-9fcaf4da1bc5
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fZALWF5IIAMFv5g=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d37a48-2e2e53124ce2f9eb31290ec4;Sampled=0
x-amzn-remapped-date: Fri, 27 Jan 2023 07:16:24 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: 9Jus6UYlOGiDdqLBxJ387FMtEAST6THfW-oz6gjgFzKzchCdwUCcvQ==
via: 1.1 98e601970ea59f4d5f56a752787ff9fc.cloudfront.net (CloudFront), 1.1 a847181d425b7fc57e81eb3c800bfdf2.cloudfront.net (CloudFront), 1.1 google
date: Thu, 02 Feb 2023 03:35:26 GMT
age: 83404
etag: "438b5a17b9060f6825331348aa3797ab1c15895d"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
mc.yandex.ru/watch/49415098/1?page-url=https%3A%2F%2Fxfantazy.com%2Fvideo%2F603ced975ec2cb18b80961dc&charset=utf-8&hittoken=1675392330_5a043193fcc060e1d089f0759c708b4ef61502435d97100ea21299533187449f&browser-info=pa%3A1%3Aar%3A1%3Avf%3A14qzoz81s4a176hik6jd9j%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A960%3Acn%3A1%3Adp%3A0%3Als%3A1417269631422%3Ahid%3A63019764%3Az%3A0%3Ai%3A20230203024559%3Aet%3A1675392359%3Ac%3A1%3Arn%3A535185376%3Arqn%3A4%3Au%3A1675392359143039795%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Aco%3A0%3Ans%3A1675392356753%3Ast%3A1675392359&t=gdpr(14)mc(p-6)clc(0-0-0)rqnt(4)aw(1)ti(2)
87.250.250.119200 OK 43 B URL HTTP/2 mc.yandex.ru/watch/49415098/1?page-url=https%3A%2F%2Fxfantazy.com%2Fvideo%2F603ced975ec2cb18b80961dc&charset=utf-8&hittoken=1675392330_5a043193fcc060e1d089f0759c708b4ef61502435d97100ea21299533187449f&browser-info=pa%3A1%3Aar%3A1%3Avf%3A14qzoz81s4a176hik6jd9j%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A960%3Acn%3A1%3Adp%3A0%3Als%3A1417269631422%3Ahid%3A63019764%3Az%3A0%3Ai%3A20230203024559%3Aet%3A1675392359%3Ac%3A1%3Arn%3A535185376%3Arqn%3A4%3Au%3A1675392359143039795%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Aco%3A0%3Ans%3A1675392356753%3Ast%3A1675392359&t=gdpr(14)mc(p-6)clc(0-0-0)rqnt(4)aw(1)ti(2)
IP 87.250.250.119:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash df3e567d6f16d040326c7a0ea29a4f41
ea7df583983133b62712b5e73bffbcd45cc53736
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
POST /watch/49415098/1?page-url=https%3A%2F%2Fxfantazy.com%2Fvideo%2F603ced975ec2cb18b80961dc&charset=utf-8&hittoken=1675392330_5a043193fcc060e1d089f0759c708b4ef61502435d97100ea21299533187449f&browser-info=pa%3A1%3Aar%3A1%3Avf%3A14qzoz81s4a176hik6jd9j%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A960%3Acn%3A1%3Adp%3A0%3Als%3A1417269631422%3Ahid%3A63019764%3Az%3A0%3Ai%3A20230203024559%3Aet%3A1675392359%3Ac%3A1%3Arn%3A535185376%3Arqn%3A4%3Au%3A1675392359143039795%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Aco%3A0%3Ans%3A1675392356753%3Ast%3A1675392359&t=gdpr(14)mc(p-6)clc(0-0-0)rqnt(4)aw(1)ti(2) HTTP/1.1
Host: mc.yandex.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Content-Length: 122
Origin: https://xfantazy.com
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-length: 43
date: Fri, 03 Feb 2023 02:45:30 GMT
access-control-allow-origin: https://xfantazy.com
access-control-allow-credentials: true
pragma: no-cache
x-xss-protection: 1; mode=block
expires: Fri, 03-Feb-2023 02:45:30 GMT
last-modified: Fri, 03-Feb-2023 02:45:30 GMT
accept-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
content-type: image/gif
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
mc.yandex.ru/watch/49415098/1?page-url=https%3A%2F%2Fxfantazy.com%2Fvideo%2F603ced975ec2cb18b80961dc&charset=utf-8&hittoken=1675392330_5a043193fcc060e1d089f0759c708b4ef61502435d97100ea21299533187449f&browser-info=pa%3A1%3Aar%3A1%3Avf%3A14qzoz81s4a176hik6jd9j%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A960%3Acn%3A1%3Adp%3A0%3Als%3A1417269631422%3Ahid%3A63019764%3Az%3A0%3Ai%3A20230203024559%3Aet%3A1675392359%3Ac%3A1%3Arn%3A768159467%3Arqn%3A5%3Au%3A1675392359143039795%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Aco%3A0%3Ans%3A1675392356753%3Ast%3A1675392359&t=gdpr(14)mc(p-6)clc(0-0-0)rqnt(5)aw(1)ti(2)
87.250.250.119200 OK 43 B URL HTTP/2 mc.yandex.ru/watch/49415098/1?page-url=https%3A%2F%2Fxfantazy.com%2Fvideo%2F603ced975ec2cb18b80961dc&charset=utf-8&hittoken=1675392330_5a043193fcc060e1d089f0759c708b4ef61502435d97100ea21299533187449f&browser-info=pa%3A1%3Aar%3A1%3Avf%3A14qzoz81s4a176hik6jd9j%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A960%3Acn%3A1%3Adp%3A0%3Als%3A1417269631422%3Ahid%3A63019764%3Az%3A0%3Ai%3A20230203024559%3Aet%3A1675392359%3Ac%3A1%3Arn%3A768159467%3Arqn%3A5%3Au%3A1675392359143039795%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Aco%3A0%3Ans%3A1675392356753%3Ast%3A1675392359&t=gdpr(14)mc(p-6)clc(0-0-0)rqnt(5)aw(1)ti(2)
IP 87.250.250.119:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash df3e567d6f16d040326c7a0ea29a4f41
ea7df583983133b62712b5e73bffbcd45cc53736
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
POST /watch/49415098/1?page-url=https%3A%2F%2Fxfantazy.com%2Fvideo%2F603ced975ec2cb18b80961dc&charset=utf-8&hittoken=1675392330_5a043193fcc060e1d089f0759c708b4ef61502435d97100ea21299533187449f&browser-info=pa%3A1%3Aar%3A1%3Avf%3A14qzoz81s4a176hik6jd9j%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A960%3Acn%3A1%3Adp%3A0%3Als%3A1417269631422%3Ahid%3A63019764%3Az%3A0%3Ai%3A20230203024559%3Aet%3A1675392359%3Ac%3A1%3Arn%3A768159467%3Arqn%3A5%3Au%3A1675392359143039795%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Aco%3A0%3Ans%3A1675392356753%3Ast%3A1675392359&t=gdpr(14)mc(p-6)clc(0-0-0)rqnt(5)aw(1)ti(2) HTTP/1.1
Host: mc.yandex.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Content-Length: 98
Origin: https://xfantazy.com
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-length: 43
date: Fri, 03 Feb 2023 02:45:30 GMT
access-control-allow-origin: https://xfantazy.com
access-control-allow-credentials: true
pragma: no-cache
x-xss-protection: 1; mode=block
expires: Fri, 03-Feb-2023 02:45:30 GMT
last-modified: Fri, 03-Feb-2023 02:45:30 GMT
accept-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
content-type: image/gif
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
mc.yandex.ru/watch/49415098/1?page-url=https%3A%2F%2Fxfantazy.com%2Fvideo%2F603ced975ec2cb18b80961dc&charset=utf-8&hittoken=1675392330_5a043193fcc060e1d089f0759c708b4ef61502435d97100ea21299533187449f&browser-info=pa%3A1%3Aar%3A1%3Avf%3A14qzoz81s4a176hik6jd9j%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A960%3Acn%3A1%3Adp%3A0%3Als%3A1417269631422%3Ahid%3A63019764%3Az%3A0%3Ai%3A20230203024559%3Aet%3A1675392359%3Ac%3A1%3Arn%3A536964960%3Arqn%3A6%3Au%3A1675392359143039795%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Aco%3A0%3Ans%3A1675392356753%3Ast%3A1675392359&t=gdpr(14)mc(p-6)clc(0-0-0)rqnt(6)aw(1)ti(2)
87.250.250.119200 OK 43 B URL HTTP/2 mc.yandex.ru/watch/49415098/1?page-url=https%3A%2F%2Fxfantazy.com%2Fvideo%2F603ced975ec2cb18b80961dc&charset=utf-8&hittoken=1675392330_5a043193fcc060e1d089f0759c708b4ef61502435d97100ea21299533187449f&browser-info=pa%3A1%3Aar%3A1%3Avf%3A14qzoz81s4a176hik6jd9j%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A960%3Acn%3A1%3Adp%3A0%3Als%3A1417269631422%3Ahid%3A63019764%3Az%3A0%3Ai%3A20230203024559%3Aet%3A1675392359%3Ac%3A1%3Arn%3A536964960%3Arqn%3A6%3Au%3A1675392359143039795%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Aco%3A0%3Ans%3A1675392356753%3Ast%3A1675392359&t=gdpr(14)mc(p-6)clc(0-0-0)rqnt(6)aw(1)ti(2)
IP 87.250.250.119:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash df3e567d6f16d040326c7a0ea29a4f41
ea7df583983133b62712b5e73bffbcd45cc53736
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
POST /watch/49415098/1?page-url=https%3A%2F%2Fxfantazy.com%2Fvideo%2F603ced975ec2cb18b80961dc&charset=utf-8&hittoken=1675392330_5a043193fcc060e1d089f0759c708b4ef61502435d97100ea21299533187449f&browser-info=pa%3A1%3Aar%3A1%3Avf%3A14qzoz81s4a176hik6jd9j%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A960%3Acn%3A1%3Adp%3A0%3Als%3A1417269631422%3Ahid%3A63019764%3Az%3A0%3Ai%3A20230203024559%3Aet%3A1675392359%3Ac%3A1%3Arn%3A536964960%3Arqn%3A6%3Au%3A1675392359143039795%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Aco%3A0%3Ans%3A1675392356753%3Ast%3A1675392359&t=gdpr(14)mc(p-6)clc(0-0-0)rqnt(6)aw(1)ti(2) HTTP/1.1
Host: mc.yandex.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Content-Length: 99
Origin: https://xfantazy.com
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-length: 43
date: Fri, 03 Feb 2023 02:45:30 GMT
access-control-allow-origin: https://xfantazy.com
access-control-allow-credentials: true
pragma: no-cache
x-xss-protection: 1; mode=block
expires: Fri, 03-Feb-2023 02:45:30 GMT
last-modified: Fri, 03-Feb-2023 02:45:30 GMT
accept-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
content-type: image/gif
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
mc.yandex.ru/watch/49415098/1?page-url=https%3A%2F%2Fxfantazy.com%2Fvideo%2F603ced975ec2cb18b80961dc&charset=utf-8&hittoken=1675392330_5a043193fcc060e1d089f0759c708b4ef61502435d97100ea21299533187449f&browser-info=pa%3A1%3Aar%3A1%3Avf%3A14qzoz81s4a176hik6jd9j%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A960%3Acn%3A1%3Adp%3A0%3Als%3A1417269631422%3Ahid%3A63019764%3Az%3A0%3Ai%3A20230203024559%3Aet%3A1675392359%3Ac%3A1%3Arn%3A14739455%3Arqn%3A7%3Au%3A1675392359143039795%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Aco%3A0%3Ans%3A1675392356753%3Ast%3A1675392359&t=gdpr(14)mc(p-6)clc(0-0-0)rqnt(7)aw(1)ti(2)
87.250.250.119200 OK 43 B URL HTTP/2 mc.yandex.ru/watch/49415098/1?page-url=https%3A%2F%2Fxfantazy.com%2Fvideo%2F603ced975ec2cb18b80961dc&charset=utf-8&hittoken=1675392330_5a043193fcc060e1d089f0759c708b4ef61502435d97100ea21299533187449f&browser-info=pa%3A1%3Aar%3A1%3Avf%3A14qzoz81s4a176hik6jd9j%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A960%3Acn%3A1%3Adp%3A0%3Als%3A1417269631422%3Ahid%3A63019764%3Az%3A0%3Ai%3A20230203024559%3Aet%3A1675392359%3Ac%3A1%3Arn%3A14739455%3Arqn%3A7%3Au%3A1675392359143039795%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Aco%3A0%3Ans%3A1675392356753%3Ast%3A1675392359&t=gdpr(14)mc(p-6)clc(0-0-0)rqnt(7)aw(1)ti(2)
IP 87.250.250.119:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash df3e567d6f16d040326c7a0ea29a4f41
ea7df583983133b62712b5e73bffbcd45cc53736
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
POST /watch/49415098/1?page-url=https%3A%2F%2Fxfantazy.com%2Fvideo%2F603ced975ec2cb18b80961dc&charset=utf-8&hittoken=1675392330_5a043193fcc060e1d089f0759c708b4ef61502435d97100ea21299533187449f&browser-info=pa%3A1%3Aar%3A1%3Avf%3A14qzoz81s4a176hik6jd9j%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A960%3Acn%3A1%3Adp%3A0%3Als%3A1417269631422%3Ahid%3A63019764%3Az%3A0%3Ai%3A20230203024559%3Aet%3A1675392359%3Ac%3A1%3Arn%3A14739455%3Arqn%3A7%3Au%3A1675392359143039795%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Aco%3A0%3Ans%3A1675392356753%3Ast%3A1675392359&t=gdpr(14)mc(p-6)clc(0-0-0)rqnt(7)aw(1)ti(2) HTTP/1.1
Host: mc.yandex.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Content-Length: 98
Origin: https://xfantazy.com
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-length: 43
date: Fri, 03 Feb 2023 02:45:30 GMT
access-control-allow-origin: https://xfantazy.com
access-control-allow-credentials: true
pragma: no-cache
x-xss-protection: 1; mode=block
expires: Fri, 03-Feb-2023 02:45:30 GMT
last-modified: Fri, 03-Feb-2023 02:45:30 GMT
accept-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
content-type: image/gif
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash d13039d250f1d021a465372a2f8c3736
c7de12a63c56f71f77cbd227cbe54cb89e522421
b8f3b9bb597d54fba374ddb7f5efd71b2e7b40beeca0ca76f9877a091d997b38
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "B8F3B9BB597D54FBA374DDB7F5EFD71B2E7B40BEECA0CA76F9877A091D997B38"
Last-Modified: Thu, 02 Feb 2023 01:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7506
Expires: Fri, 03 Feb 2023 04:50:36 GMT
Date: Fri, 03 Feb 2023 02:45:30 GMT
Connection: keep-alive
simplewebanalysis.com/stats
3.120.47.42200 OK 40 B URL HTTP/2 simplewebanalysis.com/stats
IP 3.120.47.42:0
File type ASCII text, with no line terminators
Hash e76da235115795ee1d71f6a1ac21c92b
84709de3c84c929d105491b688539e115751b97d
ba01e6e18dff60ac73c7b480c2ac2ce885bcd080fd9b28a73fb6db9f58795eb2
GET /stats HTTP/1.1
Host: simplewebanalysis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://xfantazy.com
Connection: keep-alive
Referer: https://xfantazy.com/
Cookie: uid_id2=24fe6844-4fa9-462b-a76f-bb99de33f774:2:1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Fri, 03 Feb 2023 02:45:30 GMT
content-type: text/html; charset=UTF-8
content-length: 40
server: fasthttp
access-control-allow-origin: https://xfantazy.com
access-control-allow-credentials: true
X-Firefox-Spdy: h2
e1.o.lencr.org/
23.36.77.32200 OK 345 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash b5a404b308fa06356367c560e850e1bc
62a5d88a31451b0387e6444c079b6175fa8065a0
f0896232da72586ab3db7427040e653b271df7da7f4c192f44d1b38392702598
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "F0896232DA72586AB3DB7427040E653B271DF7DA7F4C192F44D1B38392702598"
Last-Modified: Fri, 03 Feb 2023 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12656
Expires: Fri, 03 Feb 2023 06:16:26 GMT
Date: Fri, 03 Feb 2023 02:45:30 GMT
Connection: keep-alive
xfantazy.com/_next/static/runtime/main-8daa673a54696bb62abb.js
172.64.204.27200 OK 54 kB URL HTTP/2 xfantazy.com/_next/static/runtime/main-8daa673a54696bb62abb.js
IP 172.64.204.27:0
File type ASCII text, with very long lines (65536), with no line terminators
Hash 6368cc1bdc6c0df1cdc2999f578ca210
c1d803cf409c6355c4ad3e4e5d7cc51e2de853e4
d18d69d4e8eaeda73547f09ab9b216e6bb81c4092c98bedf4c2d758ee27b79ef
GET /_next/static/runtime/main-8daa673a54696bb62abb.js HTTP/1.1
Host: xfantazy.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/video/603ced975ec2cb18b80961dc
Cookie: visitorId=7q0rjrynv79mbyk87zcws; experiment-popup-payment-7=0; experiment-save-to-button-2=0
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Fri, 03 Feb 2023 02:45:28 GMT
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=31536000, immutable
cf-bgj: minify
etag: W/"11cd7-1835016572f"
last-modified: Sun, 18 Sep 2022 10:13:04 GMT
vary: Origin, Accept-Encoding
cf-cache-status: HIT
age: 8623318
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=phtb%2BZtpfWCty2gRuE3CAbgJocSdjgKG36fpTLkJ1Wamc5XCoD46%2B9jmYXOZHFw2X2%2FAFjsQjNitpBIug9v9jbMJ47tiZezJYlU%2B6l2AkqWdBR0wcWQToTMJN94V2AQ%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7937d4a739d872f0-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash b72cb35a5eabcbf8aff9e5478158e600
0b5fc52ffd56ca69abbba640847d5f127532ace3
a8145e4221675401d3e474ee8b15393a218b0ac598944dadfa7bf48a0c05b20c
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "A8145E4221675401D3E474EE8B15393A218B0AC598944DADFA7BF48A0C05B20C"
Last-Modified: Wed, 01 Feb 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3282
Expires: Fri, 03 Feb 2023 03:40:13 GMT
Date: Fri, 03 Feb 2023 02:45:31 GMT
Connection: keep-alive
peevishchasingstir.com/01/f7/5a/01f75a95a38a8db0a8e82d995253a076.js
192.243.59.12200 OK 29 kB URL HTTP/1.1 peevishchasingstir.com/01/f7/5a/01f75a95a38a8db0a8e82d995253a076.js
IP 192.243.59.12:0
ASN #39572 DataWeb Global Group B.V.
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (65536), with no line terminators
Hash 0f7488fe0d160f6ec3b373fd9d8879a2
c94c74bf703a72aca9b97844db563bc96c641f24
d3903e3f7e344017c4d99d89b28e00acbd48abe55841eafc5731804bd169c1d0
Analyzer Verdict Alert fortinet Phishing
quad9 Sinkholed
GET /01/f7/5a/01f75a95a38a8db0a8e82d995253a076.js HTTP/1.1
Host: peevishchasingstir.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.17.6
Date: Fri, 03 Feb 2023 02:45:31 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 1114968a5f20df0647584320fa84c4cc
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 47d3156a01937914d3788651a5a1df4e
9f757e95fa9ba9ea3949d29f2617040b3088464a
95796fa7ec26c1f9f6f4d1503b0034405e323786758ae835de2ae53f6e378ec5
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "95796FA7EC26C1F9F6F4D1503B0034405E323786758AE835DE2AE53F6E378EC5"
Last-Modified: Thu, 02 Feb 2023 01:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7619
Expires: Fri, 03 Feb 2023 04:52:30 GMT
Date: Fri, 03 Feb 2023 02:45:31 GMT
Connection: keep-alive
helpedhandwritingintestine.com/sbar.json?key=a2f990f10476061c719d1c1aa3a2ecd2&uuid=24fe6844-4fa9-462b-a76f-bb99de33f774%3A2%3A1
192.243.59.20200 OK 4.2 kB URL HTTP/1.1 helpedhandwritingintestine.com/sbar.json?key=a2f990f10476061c719d1c1aa3a2ecd2&uuid=24fe6844-4fa9-462b-a76f-bb99de33f774%3A2%3A1
IP 192.243.59.20:0
ASN #39572 DataWeb Global Group B.V.
File type JSON data\012- , ASCII text, with very long lines (5773), with no line terminators
Hash 9011e37c96bbd4234e391f9157472c7f
7370a606a5beb666a29aa6ee5fc06d38133ef244
a27e8e0a0f40796d4afb1a6817ea6023373cd9c1a752c01f372c797ff375e50f
Analyzer Verdict Alert quad9 Sinkholed
GET /sbar.json?key=a2f990f10476061c719d1c1aa3a2ecd2&uuid=24fe6844-4fa9-462b-a76f-bb99de33f774%3A2%3A1 HTTP/1.1
Host: helpedhandwritingintestine.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://xfantazy.com
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.17.9
Date: Fri, 03 Feb 2023 02:45:31 GMT
Content-Type: text/plain; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: https://xfantazy.com
Access-Control-Allow-Origin: https://xfantazy.com
Access-Control-Allow-Credentials: true
Set-Cookie: u_pl=15600826; expires=Sat, 04 Feb 2023 02:45:31 GMT; secure; SameSite=None
uid_id2=24fe6844-4fa9-462b-a76f-bb99de33f774:2:1; expires=Fri, 10 Feb 2023 02:45:31 GMT; secure; SameSite=None
pdhtkv=true; expires=Sat, 04 Feb 2023 02:45:31 GMT; secure; SameSite=None
uncs=1; expires=Sat, 04 Feb 2023 02:45:31 GMT; secure; SameSite=None
pdhtkv29=true; expires=Sat, 04 Feb 2023 02:45:31 GMT; secure; SameSite=None
uncs29=1; expires=Sat, 04 Feb 2023 02:45:31 GMT; secure; SameSite=None
sleca2f990f10476061c719d1c1aa3a2ecd2=[3870583]; expires=Fri, 03 Feb 2023 02:45:36 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 5c60853d14dfd655b425857833d25b68
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
inflectedminimalbits.com/pixel/purst?dl=0&th=0&sc=0&rs=3092&rd=3092&fd=736&bv=22.10.v.10&tmpl=136
192.243.59.13200 OK 0 B URL HTTP/1.1 inflectedminimalbits.com/pixel/purst?dl=0&th=0&sc=0&rs=3092&rd=3092&fd=736&bv=22.10.v.10&tmpl=136
IP 192.243.59.13:0
ASN #39572 DataWeb Global Group B.V.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /pixel/purst?dl=0&th=0&sc=0&rs=3092&rd=3092&fd=736&bv=22.10.v.10&tmpl=136 HTTP/1.1
Host: inflectedminimalbits.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.17.6
Date: Fri, 03 Feb 2023 02:45:31 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
helpedhandwritingintestine.com/ren.gif?sid=H4sIAAAAAAAC%2F1RSzYsc1Rd9leS3%2BSn4QTYiYi9cKDidqurq7imzCMY4MiROhiQy4u59Vc9zXtcr3qvq6mkQhgQky87OZc3pmQyaQQzuhID0uJFZ2S6kQWfhH%2BBGcKt0T0PrXdS9p86Fd%2B659%2FP94oz4KOh080MzUFrTK826X3tzS6XClK62ca8W%2BHX%2Fam1Lpa3oaq0%2F%2B9jeO4HfrPtv1T6QfMdcCf3A9wM%2FqK0pKxPTvzJnobLjOKjHfj0K60EzQt%2F%2BF7vCg6MeRO%2BMvAwlJv%2Fb%2FvEpFB8j7X5zQ7qd3GRvv98tNM2NRU8cfZTupKZM0V2WifWQpEeLbhg3IeSLCzDp0WICmN7BbAIwNSHeLwFYerSQCdY7PFfKNGQKJp5D2RtD6jEUHYObB1DiJwJwgY3bSLuPN4wt6e45S2fshFz660%2BockIu%2FXYZaffr61r1a3eNLnJlUod%2BUkH1x1CdMbLiBPnAgypPwPP7UIIg7VZQYvpGGCWytRpFK1FC45WoFbIV2m4lK4zFsZCNRtJuR3NrlBpDJWNoOQR1F1A4D4XyUCQeisxDV0xrtBknvt9OWNJorEac80aD8%2BZqSzRFI1pNfBR8pn2IPBuC6yG43UNm97CjHk0IuX8AW3wPt13BCQ8uJ%2BiJCqUkKB1BSQlKRVDmBGWvOhTaha56LLQrWLDI4SI3qpHJO%2Fv00OQdmZL97Iy8NHftj%2Be%2Fw46c1miYxLGfBH7UbvmtgLeDWAQ8oLRBQ8lFCKcqKHcB1HkYqAm5%2FOrvyGar%2FOxvMHoCp0%2FA1YugxWug5agd%2BqDbo2jVxyA97ic0zelgt85NF8JUyPJLyHe9fX1GXpnruPpCCclPr33bmAe4rZDZCp%2BqHwg6%2BuHojinJwR1TOvL0dparrhrQ2Wbv5jSXF7%2B6KXdLY8X6DTf88l0%2BI2bl8T3p8ls0FSrtOPLkuhJC2jVjuSTP1t2WZJuF275e2LTIbm2%2Bt7bezax0Tpl0DKomhEzXwdWE%2FP%2FZJ%2FOrff3Jx1B2DFtU6BanZBFQ5gQ824PLlvqdIbB62cMyD2VRjWzIlj%2B1ItByiSmr4P6F2bLedw%2FRsR5o%2FmB%2Bqz1boacrUD2EKy6O8syeXvt58TjT3ohp6x0wbfWjc3OdmtZkM%2FET6YeSJTFL2tQXcRLFjMaBbLMmDZC7Cf%2B1uPkPAAAA%2F%2F8BAAD%2F%2F20qETmNBAAA
192.243.59.20200 OK 7 B URL HTTP/1.1 helpedhandwritingintestine.com/ren.gif?sid=H4sIAAAAAAAC%2F1RSzYsc1Rd9leS3%2BSn4QTYiYi9cKDidqurq7imzCMY4MiROhiQy4u59Vc9zXtcr3qvq6mkQhgQky87OZc3pmQyaQQzuhID0uJFZ2S6kQWfhH%2BBGcKt0T0PrXdS9p86Fd%2B659%2FP94oz4KOh080MzUFrTK826X3tzS6XClK62ca8W%2BHX%2Fam1Lpa3oaq0%2F%2B9jeO4HfrPtv1T6QfMdcCf3A9wM%2FqK0pKxPTvzJnobLjOKjHfj0K60EzQt%2F%2BF7vCg6MeRO%2BMvAwlJv%2Fb%2FvEpFB8j7X5zQ7qd3GRvv98tNM2NRU8cfZTupKZM0V2WifWQpEeLbhg3IeSLCzDp0WICmN7BbAIwNSHeLwFYerSQCdY7PFfKNGQKJp5D2RtD6jEUHYObB1DiJwJwgY3bSLuPN4wt6e45S2fshFz660%2BockIu%2FXYZaffr61r1a3eNLnJlUod%2BUkH1x1CdMbLiBPnAgypPwPP7UIIg7VZQYvpGGCWytRpFK1FC45WoFbIV2m4lK4zFsZCNRtJuR3NrlBpDJWNoOQR1F1A4D4XyUCQeisxDV0xrtBknvt9OWNJorEac80aD8%2BZqSzRFI1pNfBR8pn2IPBuC6yG43UNm97CjHk0IuX8AW3wPt13BCQ8uJ%2BiJCqUkKB1BSQlKRVDmBGWvOhTaha56LLQrWLDI4SI3qpHJO%2Fv00OQdmZL97Iy8NHftj%2Be%2Fw46c1miYxLGfBH7UbvmtgLeDWAQ8oLRBQ8lFCKcqKHcB1HkYqAm5%2FOrvyGar%2FOxvMHoCp0%2FA1YugxWug5agd%2BqDbo2jVxyA97ic0zelgt85NF8JUyPJLyHe9fX1GXpnruPpCCclPr33bmAe4rZDZCp%2BqHwg6%2BuHojinJwR1TOvL0dparrhrQ2Wbv5jSXF7%2B6KXdLY8X6DTf88l0%2BI2bl8T3p8ls0FSrtOPLkuhJC2jVjuSTP1t2WZJuF275e2LTIbm2%2Bt7bezax0Tpl0DKomhEzXwdWE%2FP%2FZJ%2FOrff3Jx1B2DFtU6BanZBFQ5gQ824PLlvqdIbB62cMyD2VRjWzIlj%2B1ItByiSmr4P6F2bLedw%2FRsR5o%2FmB%2Bqz1boacrUD2EKy6O8syeXvt58TjT3ohp6x0wbfWjc3OdmtZkM%2FET6YeSJTFL2tQXcRLFjMaBbLMmDZC7Cf%2B1uPkPAAAA%2F%2F8BAAD%2F%2F20qETmNBAAA
IP 192.243.59.20:0
ASN #39572 DataWeb Global Group B.V.
File type ASCII text, with no line terminators
Hash 132d6af1b46048b45cf86cdee7991d31
eb7007d03d59b65bc6da7e098c4d38fc6dfb6285
ab852e838deccd742a03ca81d4a8d75cf1a00b327db3eaf46bd7da6b6db9384c
Analyzer Verdict Alert quad9 Sinkholed
GET /ren.gif?sid=H4sIAAAAAAAC%2F1RSzYsc1Rd9leS3%2BSn4QTYiYi9cKDidqurq7imzCMY4MiROhiQy4u59Vc9zXtcr3qvq6mkQhgQky87OZc3pmQyaQQzuhID0uJFZ2S6kQWfhH%2BBGcKt0T0PrXdS9p86Fd%2B659%2FP94oz4KOh080MzUFrTK826X3tzS6XClK62ca8W%2BHX%2Fam1Lpa3oaq0%2F%2B9jeO4HfrPtv1T6QfMdcCf3A9wM%2FqK0pKxPTvzJnobLjOKjHfj0K60EzQt%2F%2BF7vCg6MeRO%2BMvAwlJv%2Fb%2FvEpFB8j7X5zQ7qd3GRvv98tNM2NRU8cfZTupKZM0V2WifWQpEeLbhg3IeSLCzDp0WICmN7BbAIwNSHeLwFYerSQCdY7PFfKNGQKJp5D2RtD6jEUHYObB1DiJwJwgY3bSLuPN4wt6e45S2fshFz660%2BockIu%2FXYZaffr61r1a3eNLnJlUod%2BUkH1x1CdMbLiBPnAgypPwPP7UIIg7VZQYvpGGCWytRpFK1FC45WoFbIV2m4lK4zFsZCNRtJuR3NrlBpDJWNoOQR1F1A4D4XyUCQeisxDV0xrtBknvt9OWNJorEac80aD8%2BZqSzRFI1pNfBR8pn2IPBuC6yG43UNm97CjHk0IuX8AW3wPt13BCQ8uJ%2BiJCqUkKB1BSQlKRVDmBGWvOhTaha56LLQrWLDI4SI3qpHJO%2Fv00OQdmZL97Iy8NHftj%2Be%2Fw46c1miYxLGfBH7UbvmtgLeDWAQ8oLRBQ8lFCKcqKHcB1HkYqAm5%2FOrvyGar%2FOxvMHoCp0%2FA1YugxWug5agd%2BqDbo2jVxyA97ic0zelgt85NF8JUyPJLyHe9fX1GXpnruPpCCclPr33bmAe4rZDZCp%2BqHwg6%2BuHojinJwR1TOvL0dparrhrQ2Wbv5jSXF7%2B6KXdLY8X6DTf88l0%2BI2bl8T3p8ls0FSrtOPLkuhJC2jVjuSTP1t2WZJuF275e2LTIbm2%2Bt7bezax0Tpl0DKomhEzXwdWE%2FP%2FZJ%2FOrff3Jx1B2DFtU6BanZBFQ5gQ824PLlvqdIbB62cMyD2VRjWzIlj%2B1ItByiSmr4P6F2bLedw%2FRsR5o%2FmB%2Bqz1boacrUD2EKy6O8syeXvt58TjT3ohp6x0wbfWjc3OdmtZkM%2FET6YeSJTFL2tQXcRLFjMaBbLMmDZC7Cf%2B1uPkPAAAA%2F%2F8BAAD%2F%2F20qETmNBAAA HTTP/1.1
Host: helpedhandwritingintestine.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Cookie: u_pl=15600826; uid_id2=24fe6844-4fa9-462b-a76f-bb99de33f774:2:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.17.9
Date: Fri, 03 Feb 2023 02:45:31 GMT
Content-Type: image/gif
Content-Length: 7
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: a199bca391fbae5b01a2e295b93402a9
Strict-Transport-Security: max-age=0; includeSubdomains
a.naturalhealthsource.club/api/spots/391868?host=xfantazy.com&ev=204&wh=939&ww=1280&uuid=
135.181.208.216200 OK 1.0 kB URL HTTP/2 a.naturalhealthsource.club/api/spots/391868?host=xfantazy.com&ev=204&wh=939&ww=1280&uuid=
IP 135.181.208.216:0
ASN #24940 Hetzner Online GmbH
Hash ec1236396d6a7634e7af51a89310f1e6
c1fe8131fbdc36d067abdfb6aea9b4dbe6a65cdd
f67be24df409983397156197894d510e9c38f997bb15db95b9fd1483b3d00f1e
GET /api/spots/391868?host=xfantazy.com&ev=204&wh=939&ww=1280&uuid= HTTP/1.1
Host: a.naturalhealthsource.club
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 03 Feb 2023 02:45:31 GMT
content-type: text/javascript; charset=utf-8
vary: Accept-Encoding
set-cookie: nauid=bM2nehCzu0xi4DKuDAhO; Path=/; Expires=Wed, 11 Nov 2037 11:11:11 GMT; Secure; SameSite=None
cache-control: private
content-encoding: gzip
X-Firefox-Spdy: h2
peevishchasingstir.com/sbar.json?key=21fe3950f412e026c33f1b6cee613eba&uuid=24fe6844-4fa9-462b-a76f-bb99de33f774%3A2%3A1
192.243.59.12200 OK 4.1 kB URL HTTP/1.1 peevishchasingstir.com/sbar.json?key=21fe3950f412e026c33f1b6cee613eba&uuid=24fe6844-4fa9-462b-a76f-bb99de33f774%3A2%3A1
IP 192.243.59.12:0
ASN #39572 DataWeb Global Group B.V.
File type JSON data\012- , ASCII text, with very long lines (5777), with no line terminators
Hash becade91b739c2469ca3576c82220196
22d41927fdaa355957fbf3fe97a02b0cf0bd4a52
a2e84836b7e90cc3ef6d2ecebde33f584f1bbfd730a974b087e4d46eb871f026
Analyzer Verdict Alert quad9 Sinkholed
GET /sbar.json?key=21fe3950f412e026c33f1b6cee613eba&uuid=24fe6844-4fa9-462b-a76f-bb99de33f774%3A2%3A1 HTTP/1.1
Host: peevishchasingstir.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://xfantazy.com
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.17.6
Date: Fri, 03 Feb 2023 02:45:31 GMT
Content-Type: text/plain; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: https://xfantazy.com
Access-Control-Allow-Origin: https://xfantazy.com
Access-Control-Allow-Credentials: true
Set-Cookie: u_pl=17661735; expires=Sat, 04 Feb 2023 02:45:31 GMT; secure; SameSite=None
uid_id2=24fe6844-4fa9-462b-a76f-bb99de33f774:2:1; expires=Fri, 10 Feb 2023 02:45:31 GMT; secure; SameSite=None
pdhtkv=true; expires=Sat, 04 Feb 2023 02:45:31 GMT; secure; SameSite=None
uncs=1; expires=Sat, 04 Feb 2023 02:45:31 GMT; secure; SameSite=None
pdhtkv29=true; expires=Sat, 04 Feb 2023 02:45:31 GMT; secure; SameSite=None
uncs29=1; expires=Sat, 04 Feb 2023 02:45:31 GMT; secure; SameSite=None
slec21fe3950f412e026c33f1b6cee613eba=[3870583]; expires=Fri, 03 Feb 2023 02:45:36 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: cdceaf5d98f3354e7f4d437e3e853c8a
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
a.naturalhealthsource.club/api/spots/391866?host=xfantazy.com&ev=204&wh=939&ww=1280&uuid=
135.181.208.216200 OK 1.0 kB URL HTTP/2 a.naturalhealthsource.club/api/spots/391866?host=xfantazy.com&ev=204&wh=939&ww=1280&uuid=
IP 135.181.208.216:0
ASN #24940 Hetzner Online GmbH
Hash 08df3a15c4c639303f3c2f1a0f84eb1b
928104e9d0a572a0276415eb0f19a8184ff9a48d
e5e69f304fd67607cf8033489fcd1ef518b81705339b3e777cb05d14f86309cb
GET /api/spots/391866?host=xfantazy.com&ev=204&wh=939&ww=1280&uuid= HTTP/1.1
Host: a.naturalhealthsource.club
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 03 Feb 2023 02:45:31 GMT
content-type: text/javascript; charset=utf-8
vary: Accept-Encoding
set-cookie: nauid=ZZE5YWNZhZix09M4A4i0; Path=/; Expires=Wed, 11 Nov 2037 11:11:11 GMT; Secure; SameSite=None
cache-control: private
content-encoding: gzip
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash b13b109c8c5fcca2b6ab28ec0a971cdf
b34d9e1f8e6d72be674ae7f5153b7b03eea87380
877e2f970a48c0081a4cad7a7833d24e1ca1a38a0ed7891137b032bdfbf67ce1
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "877E2F970A48C0081A4CAD7A7833D24E1CA1A38A0ED7891137B032BDFBF67CE1"
Last-Modified: Tue, 31 Jan 2023 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=308
Expires: Fri, 03 Feb 2023 02:50:39 GMT
Date: Fri, 03 Feb 2023 02:45:31 GMT
Connection: keep-alive
peevishchasingstir.com/ren.gif?sid=H4sIAAAAAAAC%2F1RSzW9bxRed1%2FYn%2FUSF%2BBAbFoAXSIBE3PdlO6aLilCCopY0aouC2M3Mm2cPGb95mnnj52RD1EqoS3fH8uU4aQStEBUbNpUqhw3KCrNAliD%2FBBJrZMeS4S7eveedK825596vD9wZ8eHodOtTvSeVolcadb%2F27rbMEl3a2ubdWuDX%2Fau1bZk146u1wexj%2Bh8EfqPuv1f7RPAdfSX0A98P%2FKC2Lo1I9eDKnIXMn7SDetuvx2E9aMQYmP9i6zxY6iHpn5FXIZPJ%2F7q%2FPIXkY2S9H64Lu1Po%2FP2Pe07RQhv0k%2BPPsp1Mlxl6yzI1HtLseNENbSeEfHMBOjteTADdP5xNACYnxPs9AMuOFzLB%2BkfnSpmCyMCSyyj7Ywg1hqRjcH0fMvmVADzB5i1kvUeb2pR095ylM3ZCLv39F2Q5IZf%2BfA1Z7%2Fs1JQe1O1q5QurMYpBWkIMxZGeM3J2g2PMgyxPw4h5kQpD1Kshk%2BnYYp6K5GscrcUrbK3EzZCu01UxXGGu3ExFFaasVz62RcgyZjqHEENRegLMenPTgUg8u99BLpjXaaKe%2B30pZGkWrMec8ijhvrDaTRhLFq6kPx2fahyjyIbgagpt95GYfO%2FLhhJB7hzDuOWy3gk082IKgn1QoBUFpCUpKUEqCsiAo%2B9VRomxoq0eJso4FixwuclSNdNE5oEe66IiMHORn5JWZa96LX72DHTGthUEqonbDT%2BMgFH7Y5FGUBqzJhWgGkWAUVlaQ9gKo9bAnJ%2BTNxmXkckL%2Bf%2B05GD2BVSfg8mVQ9wZoOWqFPmh3FK%2F62Mt%2BymjhDFVdQVXRtdoZLupcOYZEV8iLSyh2vQN1Rl6fb%2FLqSyUEP732YzQPcFMhNxW%2BlD8TdNSD0W1dksPburTk6a28kD25R2dbvlPQQlz87obYLbVJNq7b4bcf8hkxK5%2FcFba4SbNEZh1LHq%2FJJBFmXRsuyLMNuy3YlrPdNWcyl9%2Fc%2Bmh9o5cbYa3U2RhUTgiZboDLCXnh2RfzC37r8eeQZgzjKvTcKVkEpD4Bz%2Fdh86V%2BqwmMWvaw3EPpqpEJ2fKnkgRKLDFlFey%2FMFvWB%2FYBOsYDLe7P77ZvKvRVBaqGsO7iqMjN6bXfFo8z5Y2YMt4hU0Y9PDfXymlNNFI%2FFX4oWNpmaYv6STuN24y2A9FiDRqgsBP%2Bh7vxDwAAAP%2F%2FAQAA%2F%2F8gJvX%2BmQQAAA%3D%3D
192.243.59.12200 OK 7 B URL HTTP/1.1 peevishchasingstir.com/ren.gif?sid=H4sIAAAAAAAC%2F1RSzW9bxRed1%2FYn%2FUSF%2BBAbFoAXSIBE3PdlO6aLilCCopY0aouC2M3Mm2cPGb95mnnj52RD1EqoS3fH8uU4aQStEBUbNpUqhw3KCrNAliD%2FBBJrZMeS4S7eveedK825596vD9wZ8eHodOtTvSeVolcadb%2F27rbMEl3a2ubdWuDX%2Fau1bZk146u1wexj%2Bh8EfqPuv1f7RPAdfSX0A98P%2FKC2Lo1I9eDKnIXMn7SDetuvx2E9aMQYmP9i6zxY6iHpn5FXIZPJ%2F7q%2FPIXkY2S9H64Lu1Po%2FP2Pe07RQhv0k%2BPPsp1Mlxl6yzI1HtLseNENbSeEfHMBOjteTADdP5xNACYnxPs9AMuOFzLB%2BkfnSpmCyMCSyyj7Ywg1hqRjcH0fMvmVADzB5i1kvUeb2pR095ylM3ZCLv39F2Q5IZf%2BfA1Z7%2Fs1JQe1O1q5QurMYpBWkIMxZGeM3J2g2PMgyxPw4h5kQpD1Kshk%2BnYYp6K5GscrcUrbK3EzZCu01UxXGGu3ExFFaasVz62RcgyZjqHEENRegLMenPTgUg8u99BLpjXaaKe%2B30pZGkWrMec8ijhvrDaTRhLFq6kPx2fahyjyIbgagpt95GYfO%2FLhhJB7hzDuOWy3gk082IKgn1QoBUFpCUpKUEqCsiAo%2B9VRomxoq0eJso4FixwuclSNdNE5oEe66IiMHORn5JWZa96LX72DHTGthUEqonbDT%2BMgFH7Y5FGUBqzJhWgGkWAUVlaQ9gKo9bAnJ%2BTNxmXkckL%2Bf%2B05GD2BVSfg8mVQ9wZoOWqFPmh3FK%2F62Mt%2BymjhDFVdQVXRtdoZLupcOYZEV8iLSyh2vQN1Rl6fb%2FLqSyUEP732YzQPcFMhNxW%2BlD8TdNSD0W1dksPburTk6a28kD25R2dbvlPQQlz87obYLbVJNq7b4bcf8hkxK5%2FcFba4SbNEZh1LHq%2FJJBFmXRsuyLMNuy3YlrPdNWcyl9%2Fc%2Bmh9o5cbYa3U2RhUTgiZboDLCXnh2RfzC37r8eeQZgzjKvTcKVkEpD4Bz%2Fdh86V%2BqwmMWvaw3EPpqpEJ2fKnkgRKLDFlFey%2FMFvWB%2FYBOsYDLe7P77ZvKvRVBaqGsO7iqMjN6bXfFo8z5Y2YMt4hU0Y9PDfXymlNNFI%2FFX4oWNpmaYv6STuN24y2A9FiDRqgsBP%2Bh7vxDwAAAP%2F%2FAQAA%2F%2F8gJvX%2BmQQAAA%3D%3D
IP 192.243.59.12:0
ASN #39572 DataWeb Global Group B.V.
File type ASCII text, with no line terminators
Hash 132d6af1b46048b45cf86cdee7991d31
eb7007d03d59b65bc6da7e098c4d38fc6dfb6285
ab852e838deccd742a03ca81d4a8d75cf1a00b327db3eaf46bd7da6b6db9384c
Analyzer Verdict Alert fortinet Phishing
quad9 Sinkholed
GET /ren.gif?sid=H4sIAAAAAAAC%2F1RSzW9bxRed1%2FYn%2FUSF%2BBAbFoAXSIBE3PdlO6aLilCCopY0aouC2M3Mm2cPGb95mnnj52RD1EqoS3fH8uU4aQStEBUbNpUqhw3KCrNAliD%2FBBJrZMeS4S7eveedK825596vD9wZ8eHodOtTvSeVolcadb%2F27rbMEl3a2ubdWuDX%2Fau1bZk146u1wexj%2Bh8EfqPuv1f7RPAdfSX0A98P%2FKC2Lo1I9eDKnIXMn7SDetuvx2E9aMQYmP9i6zxY6iHpn5FXIZPJ%2F7q%2FPIXkY2S9H64Lu1Po%2FP2Pe07RQhv0k%2BPPsp1Mlxl6yzI1HtLseNENbSeEfHMBOjteTADdP5xNACYnxPs9AMuOFzLB%2BkfnSpmCyMCSyyj7Ywg1hqRjcH0fMvmVADzB5i1kvUeb2pR095ylM3ZCLv39F2Q5IZf%2BfA1Z7%2Fs1JQe1O1q5QurMYpBWkIMxZGeM3J2g2PMgyxPw4h5kQpD1Kshk%2BnYYp6K5GscrcUrbK3EzZCu01UxXGGu3ExFFaasVz62RcgyZjqHEENRegLMenPTgUg8u99BLpjXaaKe%2B30pZGkWrMec8ijhvrDaTRhLFq6kPx2fahyjyIbgagpt95GYfO%2FLhhJB7hzDuOWy3gk082IKgn1QoBUFpCUpKUEqCsiAo%2B9VRomxoq0eJso4FixwuclSNdNE5oEe66IiMHORn5JWZa96LX72DHTGthUEqonbDT%2BMgFH7Y5FGUBqzJhWgGkWAUVlaQ9gKo9bAnJ%2BTNxmXkckL%2Bf%2B05GD2BVSfg8mVQ9wZoOWqFPmh3FK%2F62Mt%2BymjhDFVdQVXRtdoZLupcOYZEV8iLSyh2vQN1Rl6fb%2FLqSyUEP732YzQPcFMhNxW%2BlD8TdNSD0W1dksPburTk6a28kD25R2dbvlPQQlz87obYLbVJNq7b4bcf8hkxK5%2FcFba4SbNEZh1LHq%2FJJBFmXRsuyLMNuy3YlrPdNWcyl9%2Fc%2Bmh9o5cbYa3U2RhUTgiZboDLCXnh2RfzC37r8eeQZgzjKvTcKVkEpD4Bz%2Fdh86V%2BqwmMWvaw3EPpqpEJ2fKnkgRKLDFlFey%2FMFvWB%2FYBOsYDLe7P77ZvKvRVBaqGsO7iqMjN6bXfFo8z5Y2YMt4hU0Y9PDfXymlNNFI%2FFX4oWNpmaYv6STuN24y2A9FiDRqgsBP%2Bh7vxDwAAAP%2F%2FAQAA%2F%2F8gJvX%2BmQQAAA%3D%3D HTTP/1.1
Host: peevishchasingstir.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Cookie: u_pl=17661735; uid_id2=24fe6844-4fa9-462b-a76f-bb99de33f774:2:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.17.6
Date: Fri, 03 Feb 2023 02:45:31 GMT
Content-Type: image/gif
Content-Length: 7
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: e06e81cc8d7d4a6241d172b03e82f173
Strict-Transport-Security: max-age=0; includeSubdomains
choreinevitable.com/pixel/purst?dl=0&th=0&sc=0&rs=3536&rd=3536&fd=790&bv=22.10.v.10&tmpl=136
192.243.61.227200 OK 0 B URL HTTP/1.1 choreinevitable.com/pixel/purst?dl=0&th=0&sc=0&rs=3536&rd=3536&fd=790&bv=22.10.v.10&tmpl=136
IP 192.243.61.227:0
ASN #39572 DataWeb Global Group B.V.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /pixel/purst?dl=0&th=0&sc=0&rs=3536&rd=3536&fd=790&bv=22.10.v.10&tmpl=136 HTTP/1.1
Host: choreinevitable.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Fri, 03 Feb 2023 02:45:31 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
mc.yandex.ru/metrika/advert.gif
87.250.250.119200 OK 43 B URL HTTP/2 mc.yandex.ru/metrika/advert.gif
IP 87.250.250.119:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash df3e567d6f16d040326c7a0ea29a4f41
ea7df583983133b62712b5e73bffbcd45cc53736
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
GET /metrika/advert.gif HTTP/1.1
Host: mc.yandex.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-length: 43
date: Fri, 03 Feb 2023 02:45:32 GMT
access-control-allow-origin: *
etag: "63c93a4b-2b"
expires: Fri, 03 Feb 2023 03:45:32 GMT
accept-ranges: bytes
last-modified: Thu, 19 Jan 2023 15:40:43 GMT
accept-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
cache-control: max-age=3600
content-type: image/gif
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
cdn.barscreative1.com/sb/au/e6/d7/97/e6d797a3a7be0e7ec1877d1b33146dfa/1657714258.html
45.133.44.3200 OK 875 B URL HTTP/2 cdn.barscreative1.com/sb/au/e6/d7/97/e6d797a3a7be0e7ec1877d1b33146dfa/1657714258.html
IP 45.133.44.3:0
ASN #39572 DataWeb Global Group B.V.
Hash 778c8e930a26c28845000bca686fdb6a
a9eee99f68e2c88830caa2aab4b665c2672e7c37
22953d9e50e3d0ee0ae18292d575503fd543c43279fa970a294dc6a7ac5f8021
Analyzer Verdict Alert fortinet Phishing
GET /sb/au/e6/d7/97/e6d797a3a7be0e7ec1877d1b33146dfa/1657714258.html HTTP/1.1
Host: cdn.barscreative1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://xfantazy.com
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 03 Feb 2023 02:45:32 GMT
content-type: text/html; charset=utf-8
server: nginx/1.17.6
last-modified: Wed, 13 Jul 2022 12:11:03 GMT
etag: W/"62ceb657-4a6"
cache-control: max-age=3600
access-control-allow-origin: *
access-control-expose-headers: Date
content-encoding: gzip
expires: Fri, 03 Feb 2023 03:45:32 GMT
x-proxy-cache: HIT
X-Firefox-Spdy: h2
e1.o.lencr.org/
23.36.77.32200 OK 345 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash e55279b0641fb8435b27a53d5af7d6e8
cd3ac0125fc6e1705f9340d797e76d4cd1045ff4
0e8644ff039742611260e8288f1466bcce8bdfa61b0bc9b6223b75836225dc34
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "0E8644FF039742611260E8288F1466BCCE8BDFA61B0BC9B6223B75836225DC34"
Last-Modified: Tue, 31 Jan 2023 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2803
Expires: Fri, 03 Feb 2023 03:32:15 GMT
Date: Fri, 03 Feb 2023 02:45:32 GMT
Connection: keep-alive
a.naturalhealthsource.club/api/spots/406857?host=xfantazy.com&ev=204&wh=939&ww=1280&uuid=
135.181.208.216200 OK 536 B URL HTTP/2 a.naturalhealthsource.club/api/spots/406857?host=xfantazy.com&ev=204&wh=939&ww=1280&uuid=
IP 135.181.208.216:0
ASN #24940 Hetzner Online GmbH
Hash 135ec19a8b74d7ceabdb3b77c99b4272
7a65d4f60641ee9e7e8b8c3e82099ff37e4036d9
647ef13512238f26c9ff08b11f4b4581d6a05804149833c82655e6cafe0977af
GET /api/spots/406857?host=xfantazy.com&ev=204&wh=939&ww=1280&uuid= HTTP/1.1
Host: a.naturalhealthsource.club
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 03 Feb 2023 02:45:31 GMT
content-type: text/javascript; charset=utf-8
vary: Accept-Encoding
set-cookie: nauid=HDHhphy4mauHrJvwMPiI; Path=/; Expires=Wed, 11 Nov 2037 11:11:11 GMT; Secure; SameSite=None
cache-control: private
content-encoding: gzip
X-Firefox-Spdy: h2
e1.o.lencr.org/
23.36.77.32200 OK 345 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash e55279b0641fb8435b27a53d5af7d6e8
cd3ac0125fc6e1705f9340d797e76d4cd1045ff4
0e8644ff039742611260e8288f1466bcce8bdfa61b0bc9b6223b75836225dc34
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "0E8644FF039742611260E8288F1466BCCE8BDFA61B0BC9B6223B75836225DC34"
Last-Modified: Tue, 31 Jan 2023 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2803
Expires: Fri, 03 Feb 2023 03:32:15 GMT
Date: Fri, 03 Feb 2023 02:45:32 GMT
Connection: keep-alive
ocsp.pki.goog/gts1c3
142.250.74.99200 OK 472 B IP 142.250.74.99:0
Hash 9bfd33253208c9d034988400d66abd5d
8811fd76d9bc56c15431433f8f08d648185992ed
6382de7eb2bc0b40dc6d2e21ab8b6cb90cc0effe3241e3fb5008d2e4f626e92c
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 03 Feb 2023 02:45:32 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
cdn.creative-bars1.com/sb/chat/mob/ssp/v2/new/3/img/close.png
172.64.167.9200 OK 6.0 kB URL HTTP/2 cdn.creative-bars1.com/sb/chat/mob/ssp/v2/new/3/img/close.png
IP 172.64.167.9:0
File type PNG image data, 522 x 391, 8-bit/color RGBA, non-interlaced\012- data
Hash c489ce2c491a22ee37a55e26a92dfd73
2fa588ab09e94dd902e5bd24b48f98ad1949c9d6
1eed147c7d5de6291c25fbc5274830c12d5549262fb144271576d4e15966e5bd
GET /sb/chat/mob/ssp/v2/new/3/img/close.png HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Fri, 03 Feb 2023 02:45:32 GMT
content-type: image/png
content-length: 5982
last-modified: Tue, 05 Jul 2022 10:43:39 GMT
etag: "62c415db-175e"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 6872061
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=vE4cQFtEeUCIXN5%2F1C2OGFUFBNZ1RVqCnoC9n7Ox%2BWDcBjnCZ%2FqBaWQ%2FiJqhr3tKW8fbCxzVj7Pp%2F03swFG%2FSoqQTb38YZfe3sULco%2FZI6aa%2BtD%2Fs7XDoJdfl1TSmvW0Gwt%2FMx9EvfeR"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7937d4bc1c58f3f7-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
cdn.creative-bars1.com/sb/chat/mob/ssp/v2/new/3/js/jquery.min.js
172.64.167.9200 OK 32 kB URL HTTP/2 cdn.creative-bars1.com/sb/chat/mob/ssp/v2/new/3/js/jquery.min.js
IP 172.64.167.9:0
File type ASCII text, with very long lines (65451)
Hash 8f86f24a176e87877d2036b1a0e2b5fe
e1c1f9400ca11c7f98f39bf4a05dc870d3489cac
ad5a15970570f6e3c37ceb557e20d4e8c9410725278c717a26268ec579fdec30
GET /sb/chat/mob/ssp/v2/new/3/js/jquery.min.js HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Fri, 03 Feb 2023 02:45:32 GMT
content-type: application/javascript
last-modified: Wed, 13 Jul 2022 12:13:58 GMT
etag: W/"62ceb706-15d94"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 6872061
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=yZbJHsyaHNm8fgDrNb%2B1Vlx4H6dD%2B7BvEvhkeoestaTSzVgq%2B%2B0kzIc1DYRHhWFlfoRzpX7OD8hNdu0MbYIwU3%2BEmQ1Z%2BoyZBAo0SmAMXJsFyYf5L2eck58BvrZ5nEvkPNQOdkAG59EI"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7937d4bc1c5cf3f7-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
a.naturalhealthsource.club/api/spots/391865?host=xfantazy.com&ev=204&wh=939&ww=1280&uuid=
135.181.208.216200 OK 114 kB URL HTTP/2 a.naturalhealthsource.club/api/spots/391865?host=xfantazy.com&ev=204&wh=939&ww=1280&uuid=
IP 135.181.208.216:0
ASN #24940 Hetzner Online GmbH
File type Unicode text, UTF-8 text, with very long lines (15955)
Size 114 kB (114394 bytes)
Hash d2aa4c340a9ad2d569924b2cced0eeee
9b7c795d84c23764f88ed47e370b5c41bf126e6a
d7f8da5afb937e3b60cf890297dd909d63084d27efe388a6e96d7828dd037fad
GET /api/spots/391865?host=xfantazy.com&ev=204&wh=939&ww=1280&uuid= HTTP/1.1
Host: a.naturalhealthsource.club
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 03 Feb 2023 02:45:31 GMT
content-type: text/javascript; charset=utf-8
vary: Accept-Encoding
set-cookie: nauid=EsvWW6hOqIpw2b3d3qyv; Path=/; Expires=Wed, 11 Nov 2037 11:11:11 GMT; Secure; SameSite=None
cache-control: private
content-encoding: gzip
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 98f0950ed03ec36f411e972a9c167b2a
f5da8f3faa05536769ce459ed3028a1f0bec4fb0
9db298b3908012b0310ffc50ae948424d0ec38a8f1f9b6ae09c36a64f596e91b
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "9DB298B3908012B0310FFC50AE948424D0EC38A8F1F9B6AE09C36A64F596E91B"
Last-Modified: Fri, 03 Feb 2023 01:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=15339
Expires: Fri, 03 Feb 2023 07:01:11 GMT
Date: Fri, 03 Feb 2023 02:45:32 GMT
Connection: keep-alive
cdn.cloudimagesb.com/si/59/92/d7/5992d7e81c8c076d0f9c30e952fcb498/1671506223.png
45.133.44.10200 OK 78 kB URL HTTP/2 cdn.cloudimagesb.com/si/59/92/d7/5992d7e81c8c076d0f9c30e952fcb498/1671506223.png
IP 45.133.44.10:0
ASN #39572 DataWeb Global Group B.V.
File type PNG image data, 192 x 192, 8-bit/color RGBA, non-interlaced\012- data
Hash da6e8937f3fcec61da25fb1ea7f619e8
c1f12b107da32a253a8cd69ded672148eeda5743
29b3dcf70160206a05807816cf001886c4715a0fa27bf39170909041a50a2c6e
GET /si/59/92/d7/5992d7e81c8c076d0f9c30e952fcb498/1671506223.png HTTP/1.1
Host: cdn.cloudimagesb.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 03 Feb 2023 02:45:32 GMT
content-type: image/png
content-length: 78410
server: nginx/1.17.6
last-modified: Tue, 20 Dec 2022 03:17:11 GMT
etag: "63a12937-1324a"
expires: Sun, 05 Feb 2023 02:45:32 GMT
cache-control: max-age=172800
x-proxy-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
cdn.creative-bars1.com/sb/chat/mob/ssp/v2/new/3/css/animate.css
172.64.167.9200 OK 5.2 kB URL HTTP/2 cdn.creative-bars1.com/sb/chat/mob/ssp/v2/new/3/css/animate.css
IP 172.64.167.9:0
Hash 5534d5cf55f5b86d3a2cf327b3ae8998
aec7e89f2a294fe30a85eb1f8d4372542aa938e3
f7888a92707f39f7e460f06d56a1cbb450186c7e658f3d3520afbe60ac34a33d
GET /sb/chat/mob/ssp/v2/new/3/css/animate.css HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://xfantazy.com
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Fri, 03 Feb 2023 02:45:32 GMT
content-type: text/css
last-modified: Wed, 13 Jul 2022 12:13:56 GMT
etag: W/"62ceb704-135d1"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 4974972
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=JTTxdcZ0OzNXgVXCQuobK3qKN4zwCBlHWBl6QKPX825V55DRRgkNIEff355k%2Fj0IqCK8mM383miYqw1w7CEbvBn7LT6q3yDWSOf2Yrl3tk9Jn9dbXvJkSksv8AT6kYl%2BgoLxFkpsqARI"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7937d4bbdc4ef3f7-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.pki.goog/s/gts1p5/QJ2XgEbwD7g
142.250.74.99200 OK 471 B URL HTTP/1.1 ocsp.pki.goog/s/gts1p5/QJ2XgEbwD7g
IP 142.250.74.99:0
Hash bb996bfb8a858ecd05a2428121b1837b
f038902eb9d1ffe474531280ec3be1b5a74bb579
3258a8c2ea7f9d4a779c6c9df530ea3fa47ffe2b74a5395a390080cb22493702
POST /s/gts1p5/QJ2XgEbwD7g HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 03 Feb 2023 02:45:32 GMT
Cache-Control: public, max-age=14400
Server: scaffolding on HTTPServer2
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
cdn.barscreative1.com/sb/au/e6/d7/97/e6d797a3a7be0e7ec1877d1b33146dfa/1657714258.html
45.133.44.3200 OK 5.3 kB URL HTTP/2 cdn.barscreative1.com/sb/au/e6/d7/97/e6d797a3a7be0e7ec1877d1b33146dfa/1657714258.html
IP 45.133.44.3:0
ASN #39572 DataWeb Global Group B.V.
Hash 85c4ea0c384d86bed4babb0a061af207
84ae3fe5432f1b66eb4f45fe0999088630ea48c3
1c6344f4e3f81e14d0bfc0c2ce11ccf3db75a13b7e7cf096c03cae90705bd396
Analyzer Verdict Alert fortinet Phishing
GET /sb/au/e6/d7/97/e6d797a3a7be0e7ec1877d1b33146dfa/1657714258.html HTTP/1.1
Host: cdn.barscreative1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://xfantazy.com
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 03 Feb 2023 02:45:32 GMT
content-type: text/html; charset=utf-8
server: nginx/1.17.6
last-modified: Wed, 13 Jul 2022 12:11:03 GMT
etag: W/"62ceb657-4a6"
cache-control: max-age=3600
access-control-allow-origin: *
access-control-expose-headers: Date
content-encoding: gzip
expires: Fri, 03 Feb 2023 03:45:32 GMT
x-proxy-cache: HIT
X-Firefox-Spdy: h2
ocsp.pki.goog/s/gts1p5/QJ2XgEbwD7g
142.250.74.99200 OK 471 B URL HTTP/1.1 ocsp.pki.goog/s/gts1p5/QJ2XgEbwD7g
IP 142.250.74.99:0
Hash bb996bfb8a858ecd05a2428121b1837b
f038902eb9d1ffe474531280ec3be1b5a74bb579
3258a8c2ea7f9d4a779c6c9df530ea3fa47ffe2b74a5395a390080cb22493702
POST /s/gts1p5/QJ2XgEbwD7g HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 03 Feb 2023 02:45:32 GMT
Cache-Control: public, max-age=14400
Server: scaffolding on HTTPServer2
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
hatwasallo.com/b0h2akIOKhUHfQ51FEw3HSRLT3ApbUQsJlw8Tl0tACdGXHtYOE5EIQMnAw4kHScYHmwBLQJPcCkaLCIUFhshLwooIAEcGgcJFSwsPREjWhAjLho4ASc/MwcGFxo/OiVWHzcSA0p6MA8oDD0iLhAZDiReEDt7GiIBLRkVJi4XCzMoNR4QMDwWKjFGLhU6DiM6ECoEPgF6VwwBKxMpCzc6Az0OIzoDLRIxKHIVCzcNGCp6Dj4LBAoVDxc9HyQ8LUp6NCkDABo+PnY8GSMOASUwICgQXwJCPxcfDiBZLQUZIw4BPy8RIRNfEgU/KzUZJyIpNR0dLBoKITgoEF9lP10EXw4xJ3EHGiM8NiwRMzgVPRojGQMIcBc8cRwmIAEUKy0gLBQ9HTgZF14ZIi04HA03Ai0kKjAnKz0NPFIWXhoiKHE9GVAAMQAmBlcOKX8RDw9cHjxTBA
54.230.111.81200 OK 1.2 kB URL HTTP/2 hatwasallo.com/b0h2akIOKhUHfQ51FEw3HSRLT3ApbUQsJlw8Tl0tACdGXHtYOE5EIQMnAw4kHScYHmwBLQJPcCkaLCIUFhshLwooIAEcGgcJFSwsPREjWhAjLho4ASc/MwcGFxo/OiVWHzcSA0p6MA8oDD0iLhAZDiReEDt7GiIBLRkVJi4XCzMoNR4QMDwWKjFGLhU6DiM6ECoEPgF6VwwBKxMpCzc6Az0OIzoDLRIxKHIVCzcNGCp6Dj4LBAoVDxc9HyQ8LUp6NCkDABo+PnY8GSMOASUwICgQXwJCPxcfDiBZLQUZIw4BPy8RIRNfEgU/KzUZJyIpNR0dLBoKITgoEF9lP10EXw4xJ3EHGiM8NiwRMzgVPRojGQMIcBc8cRwmIAEUKy0gLBQ9HTgZF14ZIi04HA03Ai0kKjAnKz0NPFIWXhoiKHE9GVAAMQAmBlcOKX8RDw9cHjxTBA
IP 54.230.111.81:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (3038), with no line terminators
Hash d88f705f3a4b2000bdabdd4aeda9b669
0f8269766b3820b048f496643dbbf13824f517db
dc29f8354c752c5960e22710ae42ede9f02790cc0190730e97703576852aabc1
GET /b0h2akIOKhUHfQ51FEw3HSRLT3ApbUQsJlw8Tl0tACdGXHtYOE5EIQMnAw4kHScYHmwBLQJPcCkaLCIUFhshLwooIAEcGgcJFSwsPREjWhAjLho4ASc/MwcGFxo/OiVWHzcSA0p6MA8oDD0iLhAZDiReEDt7GiIBLRkVJi4XCzMoNR4QMDwWKjFGLhU6DiM6ECoEPgF6VwwBKxMpCzc6Az0OIzoDLRIxKHIVCzcNGCp6Dj4LBAoVDxc9HyQ8LUp6NCkDABo+PnY8GSMOASUwICgQXwJCPxcfDiBZLQUZIw4BPy8RIRNfEgU/KzUZJyIpNR0dLBoKITgoEF9lP10EXw4xJ3EHGiM8NiwRMzgVPRojGQMIcBc8cRwmIAEUKy0gLBQ9HTgZF14ZIi04HA03Ai0kKjAnKz0NPFIWXhoiKHE9GVAAMQAmBlcOKX8RDw9cHjxTBA HTTP/1.1
Host: hatwasallo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/html
content-length: 1187
date: Fri, 03 Feb 2023 02:45:32 GMT
server: openresty/1.17.8.2
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
content-encoding: gzip
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
x-cache: Miss from cloudfront
via: 1.1 ab09332bca1a3bd382d2e408f65b98d2.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: dqNC43GuZwjZZkABZpnzYGyOjXjLWZcqpVLhhxeYL_MO3xMfpo4Hxw==
X-Firefox-Spdy: h2
hatwasallo.com/U0NoSnIyIQsnTTJ+CmwHIS9Vb0AVZloMFmA3UH0dPCxYfEtkM1BkET8sHS4UISwGPlw9JhxvQBUOMhwwAiASLTUDOVwcMCsGXQQ3ZwE9Jzw4ESk+NhwqJSkkOxUcCTEFFDh4MxYIP344HAApJjo7BhkEN2cKOTAFKws+cys3KT0uJWIrAC4aGSAqeEM4FT16NzEXWCkjNDRQGjAaJz4yKD8bOSIzCi4qKCYkNE14MB0BEBo0PRUBG0MKEQwdOBcAPhxXYQExDCsfCVscGwJzUAciPhkgAiQKEAwfNxoLPxAZBSQbJBYECSwZGh1yMTA7GRU/HFdhATkyNBIaBWczBhs5E0UDcjEBO2EJDxsVOxUxHTAQCz4uFR0rGAEzFxpNeDQQO1kSND4FLA4nJyQMLSsVFSlsGCAsBjpPCxUGEEIHGT4mGiMV
54.230.111.81200 OK 1.2 kB URL HTTP/2 hatwasallo.com/U0NoSnIyIQsnTTJ+CmwHIS9Vb0AVZloMFmA3UH0dPCxYfEtkM1BkET8sHS4UISwGPlw9JhxvQBUOMhwwAiASLTUDOVwcMCsGXQQ3ZwE9Jzw4ESk+NhwqJSkkOxUcCTEFFDh4MxYIP344HAApJjo7BhkEN2cKOTAFKws+cys3KT0uJWIrAC4aGSAqeEM4FT16NzEXWCkjNDRQGjAaJz4yKD8bOSIzCi4qKCYkNE14MB0BEBo0PRUBG0MKEQwdOBcAPhxXYQExDCsfCVscGwJzUAciPhkgAiQKEAwfNxoLPxAZBSQbJBYECSwZGh1yMTA7GRU/HFdhATkyNBIaBWczBhs5E0UDcjEBO2EJDxsVOxUxHTAQCz4uFR0rGAEzFxpNeDQQO1kSND4FLA4nJyQMLSsVFSlsGCAsBjpPCxUGEEIHGT4mGiMV
IP 54.230.111.81:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (3021), with no line terminators
Hash 9d1d48c0212930e25f6bb4567c5e6f31
442f12341349995394992fb761d1b4e5a1883f9c
0f2bdc14786abb5bc2340e41ba717d8a7c02209c23ef7513588d1a8c78b41497
GET /U0NoSnIyIQsnTTJ+CmwHIS9Vb0AVZloMFmA3UH0dPCxYfEtkM1BkET8sHS4UISwGPlw9JhxvQBUOMhwwAiASLTUDOVwcMCsGXQQ3ZwE9Jzw4ESk+NhwqJSkkOxUcCTEFFDh4MxYIP344HAApJjo7BhkEN2cKOTAFKws+cys3KT0uJWIrAC4aGSAqeEM4FT16NzEXWCkjNDRQGjAaJz4yKD8bOSIzCi4qKCYkNE14MB0BEBo0PRUBG0MKEQwdOBcAPhxXYQExDCsfCVscGwJzUAciPhkgAiQKEAwfNxoLPxAZBSQbJBYECSwZGh1yMTA7GRU/HFdhATkyNBIaBWczBhs5E0UDcjEBO2EJDxsVOxUxHTAQCz4uFR0rGAEzFxpNeDQQO1kSND4FLA4nJyQMLSsVFSlsGCAsBjpPCxUGEEIHGT4mGiMV HTTP/1.1
Host: hatwasallo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: text/html
content-length: 1175
date: Fri, 03 Feb 2023 02:45:32 GMT
server: openresty/1.17.8.2
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
content-encoding: gzip
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
x-cache: Miss from cloudfront
via: 1.1 ab09332bca1a3bd382d2e408f65b98d2.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: CguV8DUoMB2N6ZQCPJQtfBHaCYFi7g-qFd3TITjPPfMqXafOBDDsog==
X-Firefox-Spdy: h2
mc.yandex.ru/watch/49415098?page-url=https%3A%2F%2Fxfantazy.com%2Fvideo%2F603ced975ec2cb18b80961dc&charset=utf-8&hittoken=1675392330_5a043193fcc060e1d089f0759c708b4ef61502435d97100ea21299533187449f&browser-info=pv%3A1%3Aar%3A1%3Avf%3A14qzoz81s4a176hik6jd9j%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A960%3Acn%3A1%3Adp%3A0%3Als%3A1417269631422%3Ahid%3A63019764%3Az%3A0%3Ai%3A20230203024601%3Aet%3A1675392361%3Ac%3A1%3Arn%3A862758049%3Arqn%3A8%3Au%3A1675392359143039795%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Aco%3A0%3Aeu%3A1%3Ans%3A1675392356753%3Aadb%3A2%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1675392361%3At%3AAbella%20Danger%20(So%20Fresh%20%26%20So%20Clean)%5BHOT%20BABES%20-%20www.LOVELY-MILF.com%20Video%5D%20-%20XFantazy.com&t=gdpr(14)mc(p-6)clc(0-0-0)rqnt(8)aw(1)fip(1)ti(2)
87.250.250.119302 Found 43 B URL HTTP/2 mc.yandex.ru/watch/49415098?page-url=https%3A%2F%2Fxfantazy.com%2Fvideo%2F603ced975ec2cb18b80961dc&charset=utf-8&hittoken=1675392330_5a043193fcc060e1d089f0759c708b4ef61502435d97100ea21299533187449f&browser-info=pv%3A1%3Aar%3A1%3Avf%3A14qzoz81s4a176hik6jd9j%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A960%3Acn%3A1%3Adp%3A0%3Als%3A1417269631422%3Ahid%3A63019764%3Az%3A0%3Ai%3A20230203024601%3Aet%3A1675392361%3Ac%3A1%3Arn%3A862758049%3Arqn%3A8%3Au%3A1675392359143039795%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Aco%3A0%3Aeu%3A1%3Ans%3A1675392356753%3Aadb%3A2%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1675392361%3At%3AAbella%20Danger%20(So%20Fresh%20%26%20So%20Clean)%5BHOT%20BABES%20-%20www.LOVELY-MILF.com%20Video%5D%20-%20XFantazy.com&t=gdpr(14)mc(p-6)clc(0-0-0)rqnt(8)aw(1)fip(1)ti(2)
IP 87.250.250.119:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash df3e567d6f16d040326c7a0ea29a4f41
ea7df583983133b62712b5e73bffbcd45cc53736
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
GET /watch/49415098?page-url=https%3A%2F%2Fxfantazy.com%2Fvideo%2F603ced975ec2cb18b80961dc&charset=utf-8&hittoken=1675392330_5a043193fcc060e1d089f0759c708b4ef61502435d97100ea21299533187449f&browser-info=pv%3A1%3Aar%3A1%3Avf%3A14qzoz81s4a176hik6jd9j%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A960%3Acn%3A1%3Adp%3A0%3Als%3A1417269631422%3Ahid%3A63019764%3Az%3A0%3Ai%3A20230203024601%3Aet%3A1675392361%3Ac%3A1%3Arn%3A862758049%3Arqn%3A8%3Au%3A1675392359143039795%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Aco%3A0%3Aeu%3A1%3Ans%3A1675392356753%3Aadb%3A2%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1675392361%3At%3AAbella%20Danger%20(So%20Fresh%20%26%20So%20Clean)%5BHOT%20BABES%20-%20www.LOVELY-MILF.com%20Video%5D%20-%20XFantazy.com&t=gdpr(14)mc(p-6)clc(0-0-0)rqnt(8)aw(1)fip(1)ti(2) HTTP/1.1
Host: mc.yandex.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://xfantazy.com
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 302 Found
location: /watch/49415098/1?page-url=https%3A%2F%2Fxfantazy.com%2Fvideo%2F603ced975ec2cb18b80961dc&charset=utf-8&hittoken=1675392330_5a043193fcc060e1d089f0759c708b4ef61502435d97100ea21299533187449f&browser-info=pv%3A1%3Aar%3A1%3Avf%3A14qzoz81s4a176hik6jd9j%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A960%3Acn%3A1%3Adp%3A0%3Als%3A1417269631422%3Ahid%3A63019764%3Az%3A0%3Ai%3A20230203024601%3Aet%3A1675392361%3Ac%3A1%3Arn%3A862758049%3Arqn%3A8%3Au%3A1675392359143039795%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Aco%3A0%3Aeu%3A1%3Ans%3A1675392356753%3Aadb%3A2%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1675392361%3At%3AAbella%20Danger%20%28So%20Fresh%20%26%20So%20Clean%29%5BHOT%20BABES%20-%20www.LOVELY-MILF.com%20Video%5D%20-%20XFantazy.com&t=gdpr%2814%29mc%28p-6%29clc%280-0-0%29rqnt%288%29aw%281%29fip%281%29ti%282%29
date: Fri, 03 Feb 2023 02:45:32 GMT
access-control-allow-origin: https://xfantazy.com
set-cookie: yabs-sid=1372408061675392332; Path=/; SameSite=None; Secure
i=I8QTqi/3scKiZzWPgz4cJnYcy0BVeSrqBYnqWAr43zEw/+UXFkehVVDG1PN/R8b2x598TDvE7fYD+dq5Xh3zs5zVwvw=; Expires=Mon, 31-Jan-2033 02:45:31 GMT; Domain=.yandex.ru; Path=/; Secure; HttpOnly; SameSite=None
yandexuid=5217555401675392332; Expires=Sat, 03-Feb-2024 02:45:32 GMT; Domain=.yandex.ru; Path=/; SameSite=None; Secure
yuidss=5217555401675392332; Expires=Sat, 03-Feb-2024 02:45:32 GMT; Domain=.yandex.ru; Path=/; SameSite=None; Secure
ymex=1706928332.yc.1675392332#1706928332.yrts.1675392332#1706928332.yrtsi.1675392332; Expires=Sat, 03-Feb-2024 02:45:32 GMT; Domain=.yandex.ru; Path=/; SameSite=None; Secure
access-control-allow-credentials: true
pragma: no-cache
x-xss-protection: 1; mode=block
expires: Fri, 03-Feb-2023 02:45:32 GMT
last-modified: Fri, 03-Feb-2023 02:45:32 GMT
accept-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
hatwasallo.com/MlMwZlVTMVMLalNuUkAgQD8NQ2d0dgIgMQEnCFE6XTwAUGwFIwhINl48RQIzQDxeEntcNkRDZ3QcYiMDBzBcIzt5O1MzN1gSQy4ACzxTCDF4AgIwPH4kXwIFSAEELwF3NXE3MksVcRU6dD8IIR5LEQQ1A2NqejUmVwcDBT15K0A2DHUaWy4HcCBTIRh8ElpSI1cRQwIcZjAVVBN3O2lWGFsnViQvcGZ7JAx7HHMBJXUVVAwUXBFoNztgYVQwEHQccwk9dDRlDwxqN3ouFmQ7VFY5dgpnFmRqFnUyDGo3eiQBVSJTVmRqClc8MmFjeRY2XBVTNwd8O1RWeFkSelQTABx1KD1RBEQsAgEBAgIHBgt9D21DC3UnDVY9Zi8EXxUBAgBaC2lVBFgWcSdlezpfJAMAHnMCEF4bVlUHWBd1XzIUOUMJO0JuaCUbdx57AA9eAA
54.230.111.81200 OK 1.2 kB URL HTTP/2 hatwasallo.com/MlMwZlVTMVMLalNuUkAgQD8NQ2d0dgIgMQEnCFE6XTwAUGwFIwhINl48RQIzQDxeEntcNkRDZ3QcYiMDBzBcIzt5O1MzN1gSQy4ACzxTCDF4AgIwPH4kXwIFSAEELwF3NXE3MksVcRU6dD8IIR5LEQQ1A2NqejUmVwcDBT15K0A2DHUaWy4HcCBTIRh8ElpSI1cRQwIcZjAVVBN3O2lWGFsnViQvcGZ7JAx7HHMBJXUVVAwUXBFoNztgYVQwEHQccwk9dDRlDwxqN3ouFmQ7VFY5dgpnFmRqFnUyDGo3eiQBVSJTVmRqClc8MmFjeRY2XBVTNwd8O1RWeFkSelQTABx1KD1RBEQsAgEBAgIHBgt9D21DC3UnDVY9Zi8EXxUBAgBaC2lVBFgWcSdlezpfJAMAHnMCEF4bVlUHWBd1XzIUOUMJO0JuaCUbdx57AA9eAA
IP 54.230.111.81:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (3037), with no line terminators
Hash f93cdc3878d77f747723e3089daab601
a6c4ea7a37824abab9610a5f9b1b9a86e3f1d229
8b27bb07cf86c48014e3de2bef40a85c73377d7667e35767a8ce650ae24fb745
GET /MlMwZlVTMVMLalNuUkAgQD8NQ2d0dgIgMQEnCFE6XTwAUGwFIwhINl48RQIzQDxeEntcNkRDZ3QcYiMDBzBcIzt5O1MzN1gSQy4ACzxTCDF4AgIwPH4kXwIFSAEELwF3NXE3MksVcRU6dD8IIR5LEQQ1A2NqejUmVwcDBT15K0A2DHUaWy4HcCBTIRh8ElpSI1cRQwIcZjAVVBN3O2lWGFsnViQvcGZ7JAx7HHMBJXUVVAwUXBFoNztgYVQwEHQccwk9dDRlDwxqN3ouFmQ7VFY5dgpnFmRqFnUyDGo3eiQBVSJTVmRqClc8MmFjeRY2XBVTNwd8O1RWeFkSelQTABx1KD1RBEQsAgEBAgIHBgt9D21DC3UnDVY9Zi8EXxUBAgBaC2lVBFgWcSdlezpfJAMAHnMCEF4bVlUHWBd1XzIUOUMJO0JuaCUbdx57AA9eAA HTTP/1.1
Host: hatwasallo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: text/html
content-length: 1190
date: Fri, 03 Feb 2023 02:45:32 GMT
server: openresty/1.17.8.2
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
content-encoding: gzip
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
x-cache: Miss from cloudfront
via: 1.1 ab09332bca1a3bd382d2e408f65b98d2.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: hLvVIbVTZZlD2pyZsPuj-pSZ0zAi2eEOB_KAwR8ZYWZGc4dSSm4Rbw==
X-Firefox-Spdy: h2
e1.o.lencr.org/
23.36.77.32200 OK 346 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash b1a7b37ab41ab2c241ca4b4a3bb3319a
daf83e4a20f0849dc16777ed18d21806f978c555
4b423ec7676253213ed3bab15af479edcfa43ee8bd23da39b5ee34589020e033
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 346
ETag: "4B423EC7676253213ED3BAB15AF479EDCFA43EE8BD23DA39B5EE34589020E033"
Last-Modified: Wed, 01 Feb 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3989
Expires: Fri, 03 Feb 2023 03:52:01 GMT
Date: Fri, 03 Feb 2023 02:45:32 GMT
Connection: keep-alive
ocsp.pki.goog/s/gts1p5/QJ2XgEbwD7g
142.250.74.99200 OK 471 B URL HTTP/1.1 ocsp.pki.goog/s/gts1p5/QJ2XgEbwD7g
IP 142.250.74.99:0
Hash bb996bfb8a858ecd05a2428121b1837b
f038902eb9d1ffe474531280ec3be1b5a74bb579
3258a8c2ea7f9d4a779c6c9df530ea3fa47ffe2b74a5395a390080cb22493702
POST /s/gts1p5/QJ2XgEbwD7g HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 03 Feb 2023 02:45:32 GMT
Cache-Control: public, max-age=14400
Server: scaffolding on HTTPServer2
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
lehebraverooper.xyz/ZlJERHVJbSc3SDMUNBAiMyYuJTIkIyEDOxULAwZNPD80KBQuPWIwHAJvfXNGUmV3YgUPNnl1TUAhMCUBEyF5dVMPPCIrSEAkeXVbVnx2akdAJ3l1UxIiJSNIV3Q0MAEKb3VyQlNhfXZGUGN2d0M
104.21.68.94204 No Content 0 B URL HTTP/2 lehebraverooper.xyz/ZlJERHVJbSc3SDMUNBAiMyYuJTIkIyEDOxULAwZNPD80KBQuPWIwHAJvfXNGUmV3YgUPNnl1TUAhMCUBEyF5dVMPPCIrSEAkeXVbVnx2akdAJ3l1UxIiJSNIV3Q0MAEKb3VyQlNhfXZGUGN2d0M
IP 104.21.68.94:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /ZlJERHVJbSc3SDMUNBAiMyYuJTIkIyEDOxULAwZNPD80KBQuPWIwHAJvfXNGUmV3YgUPNnl1TUAhMCUBEyF5dVMPPCIrSEAkeXVbVnx2akdAJ3l1UxIiJSNIV3Q0MAEKb3VyQlNhfXZGUGN2d0M HTTP/1.1
Host: lehebraverooper.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 204 No Content
date: Fri, 03 Feb 2023 02:45:32 GMT
access-control-allow-origin: *
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=kEo7nLDPhZGwiIHrlO6JA%2F%2B0l6g30EJcDpmmCD9dRlPhAodyVwPBZw2rFz3WFKHJdUpF0wLEIiND1NKSLTamX%2BZPmMREuTJ3JFaFwrXHwlgpwcUPIY5L6BLrC%2FJMV3IHD7SPqO4I"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7937d4bdb98e1c12-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.pki.goog/s/gts1p5/QJ2XgEbwD7g
142.250.74.99200 OK 471 B URL HTTP/1.1 ocsp.pki.goog/s/gts1p5/QJ2XgEbwD7g
IP 142.250.74.99:0
Hash bb996bfb8a858ecd05a2428121b1837b
f038902eb9d1ffe474531280ec3be1b5a74bb579
3258a8c2ea7f9d4a779c6c9df530ea3fa47ffe2b74a5395a390080cb22493702
POST /s/gts1p5/QJ2XgEbwD7g HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 03 Feb 2023 02:45:32 GMT
Cache-Control: public, max-age=14400
Server: scaffolding on HTTPServer2
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
lehebraverooper.xyz/c1FxRXdcbhI2SiQ6QHA5GD0CIEc2FhcCPUYCMCFSQRMQKyUxEyl9UQc4FXhORWNBdENVIRghSkJ3AjEWByQCeEZVOB8jGE53B3hGXWJFa0RCf0NjAk5gVzEHEjZMdFEDJQUpSkJnRnBESmNCc0ZBZkE
104.21.68.94204 No Content 0 B URL HTTP/2 lehebraverooper.xyz/c1FxRXdcbhI2SiQ6QHA5GD0CIEc2FhcCPUYCMCFSQRMQKyUxEyl9UQc4FXhORWNBdENVIRghSkJ3AjEWByQCeEZVOB8jGE53B3hGXWJFa0RCf0NjAk5gVzEHEjZMdFEDJQUpSkJnRnBESmNCc0ZBZkE
IP 104.21.68.94:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /c1FxRXdcbhI2SiQ6QHA5GD0CIEc2FhcCPUYCMCFSQRMQKyUxEyl9UQc4FXhORWNBdENVIRghSkJ3AjEWByQCeEZVOB8jGE53B3hGXWJFa0RCf0NjAk5gVzEHEjZMdFEDJQUpSkJnRnBESmNCc0ZBZkE HTTP/1.1
Host: lehebraverooper.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 204 No Content
date: Fri, 03 Feb 2023 02:45:32 GMT
access-control-allow-origin: *
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=y8VO6kTdclwxHsbrnr5%2F5sHipcBc24gviWsctQRhTA%2FM71YlD4I2AVCZLUUr6Un%2BLqLGYVW7XrMU%2BbeBwQFfqH7QNepE1wrZstkc%2BT0wYvbBn3gYbctSMe3Ba7%2FbljiGQlcRCzSr"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7937d4bdf9991c12-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
lehebraverooper.xyz/dTRZRWpaCzo2VyxZEzUwMXoOEgZEZxgpDhRhH3UtI1gtJzwSfX8xAxEJYHJbTANsYxocUGR2WFNHLSQeAEdkdEwcWj8qV1NCZHVETBpoa1pTQWR0TAFEOCJXRBIpMR4ZCWhzXUAHYHdZQwVrd14
104.21.68.94204 No Content 0 B URL HTTP/2 lehebraverooper.xyz/dTRZRWpaCzo2VyxZEzUwMXoOEgZEZxgpDhRhH3UtI1gtJzwSfX8xAxEJYHJbTANsYxocUGR2WFNHLSQeAEdkdEwcWj8qV1NCZHVETBpoa1pTQWR0TAFEOCJXRBIpMR4ZCWhzXUAHYHdZQwVrd14
IP 104.21.68.94:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /dTRZRWpaCzo2VyxZEzUwMXoOEgZEZxgpDhRhH3UtI1gtJzwSfX8xAxEJYHJbTANsYxocUGR2WFNHLSQeAEdkdEwcWj8qV1NCZHVETBpoa1pTQWR0TAFEOCJXRBIpMR4ZCWhzXUAHYHdZQwVrd14 HTTP/1.1
Host: lehebraverooper.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 204 No Content
date: Fri, 03 Feb 2023 02:45:32 GMT
access-control-allow-origin: *
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=gWq8ZOW85l5MQEEJsTt4bmPFY5s6KNSyjUxYYD%2FYoLM0pHVsJGUWz%2FZV%2BcnbSEeo8suMyOkHanWqw%2F2Xxqw3qO9Lux%2BhFvrz1v0dtSIf0VaxRRjJRdYK40e%2BK8YlMN1V9FYU4j%2FS"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7937d4be59b11c12-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
d3t87ooo0697p8.cloudfront.net/RZHVySWEHGhwvXhAcFnRYU0RLflRCHwEmDxRIPg9WAxA/ejcuTDRvFR4RT3lHCBQcLlxCEBwqXFVTEy0DWUFUPRELHk88DwAQFCAPARFUPABZGB0zCAgZE2xTIkBceURWRVo+CAoRHT4SQUdCJxVBR0J4UUpFV3ojQUdCPggKQ0ZsUiZQQHkZUkFXeiNBR0-I7F0FGM3hRUVtCYERWRRUsAg8aV3snVkVDeVFVRUNsU1QTGzsEAhoKbFMiREJ8T1RTB3RQ
143.204.42.128200 OK 327 B URL HTTP/2 d3t87ooo0697p8.cloudfront.net/RZHVySWEHGhwvXhAcFnRYU0RLflRCHwEmDxRIPg9WAxA/ejcuTDRvFR4RT3lHCBQcLlxCEBwqXFVTEy0DWUFUPRELHk88DwAQFCAPARFUPABZGB0zCAgZE2xTIkBceURWRVo+CAoRHT4SQUdCJxVBR0J4UUpFV3ojQUdCPggKQ0ZsUiZQQHkZUkFXeiNBR0-I7F0FGM3hRUVtCYERWRRUsAg8aV3snVkVDeVFVRUNsU1QTGzsEAhoKbFMiREJ8T1RTB3RQ
IP 143.204.42.128:0
File type ASCII text, with very long lines (415), with no line terminators
Hash 9c2c83420ffd5e06050813b1c99d491f
add36023995445174ea20161e690216631a1712e
bb75eb558318507780dafe69947a3f7cb726a1c8dde4942ef57b2aeef3bfb1c6
GET /RZHVySWEHGhwvXhAcFnRYU0RLflRCHwEmDxRIPg9WAxA/ejcuTDRvFR4RT3lHCBQcLlxCEBwqXFVTEy0DWUFUPRELHk88DwAQFCAPARFUPABZGB0zCAgZE2xTIkBceURWRVo+CAoRHT4SQUdCJxVBR0J4UUpFV3ojQUdCPggKQ0ZsUiZQQHkZUkFXeiNBR0-I7F0FGM3hRUVtCYERWRRUsAg8aV3snVkVDeVFVRUNsU1QTGzsEAhoKbFMiREJ8T1RTB3RQ HTTP/1.1
Host: d3t87ooo0697p8.cloudfront.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://hatwasallo.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-length: 327
date: Fri, 03 Feb 2023 02:45:32 GMT
access-control-allow-origin: *
cache-control: max-age=31556926
content-encoding: gzip
x-cache: Miss from cloudfront
via: 1.1 6cb1d4b545e7beb4ead790454f4807c6.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: ruOFoNmpQlUtG7InNilnLXqgYb-fiv5SmmkoFrwg6wI0KcBZIusStw==
X-Firefox-Spdy: h2
helpedhandwritingintestine.com/impr.gif?sid=H4sIAAAAAAAC%2F1RSz2skRRSuzsaLCv5gLyLiHDwomEn%2Fml%2FmsBjXSNg1G3ZXIt6qq6onZWq6mqru6cmAEHZB9jh789j5JtmgG8TFm7AgEy%2BSk%2BNBBjQH%2FwAvgldlJgPjvkO%2F9%2FX3oL73vfflYX5BXOR0sv2x7kul6Gqt6lbe3pEJ14WtbN2teG7VXavsyKQerlV604%2Fpvue5tar7TuUjwfb0qu96ruu5XmVDGhHr3uqMhUxPW1615VZDv%2BrVQvTMs9jmDix1wLsX5FVIPn5u9%2BcnkGyEpPPddWH3Mp2%2B%2B2EnVzTTBl1%2B8kmyl%2BgiQWdRxsZBnJzMu6HtmJCvlqCTk%2FkE0N2j6QSI5Jg4v3mIkpO5TETd40ulkYJIEPEXUHRHEGoESUdg%2Bj4k%2F4UAjGPrFpLOoy1tCrp%2FydIpOybL%2F%2FwNWYzJ8h9XkXS%2BXVeyV7mjVZ5JnVj04hKyN4Jsj5DmZ8j6DmRxBpbdg%2BQESaeE5JO3%2FDAW9WYYroQxba2EdT9aoY16vBJFrRYXQRA3GuHMGilHkPEISgxA7RJy6yCXDvLYQZ466PBJhdZases24igOgmbIGAsCxmrNOq%2FxIGzGLnI21T5Alg7A1ADMHCA1B9iTD8eE3DuCyX%2BE3S1huQObEXR5iUIQFJagoASFJCgygqJbHnNlfVs%2B4srmkTfP%2FjwH5VBn7UN6rLO2SMhhekFembn214s%2FYE9MKtSPWy039tywUXfrHmt4Le4xj9KA%2BoJxH1aWkHYJ1DroyzG5%2BvqfSKer%2FOJfRPQMVp2ByZdB8zdAi2HDd0F3h2HTRT857cU0yWh%2Fv8p0B1yXSLNlZPvOobogr810rL1UQLDza98HswAzJVJT4nP5E0FbPRje1gU5uq0LS57cSjPZkX063eydjGbiyjc3xH6hDd%2B8bgdfv8%2BmxLQ8vStsdpMmXCZtSx6vS86F2dCGCfJ00%2B6IaDu3u%2Bu5SfL05vYHG5ud1AhrpU5GoHJMyGQTTI7J808%2Fm13tm48%2FhTQjmLxEJz8n84DUZ2DpAWy60G81gVGLnih1UOTl0PjR4qeSBEosMI1K2P%2FhaFEf2gdoGwc0uz%2B71a4p0VUlqBrA5leGWWrOr%2F06fzxSzjBSxjmKlFEPL821clKpeaFoRs0G4zwSjHsNP2gGrutzHjZawmshs2P2e37jPwAAAP%2F%2FAQAA%2F%2F95Ip%2FfjQQAAA%3D%3D
192.243.59.20200 OK 7 B URL HTTP/1.1 helpedhandwritingintestine.com/impr.gif?sid=H4sIAAAAAAAC%2F1RSz2skRRSuzsaLCv5gLyLiHDwomEn%2Fml%2FmsBjXSNg1G3ZXIt6qq6onZWq6mqru6cmAEHZB9jh789j5JtmgG8TFm7AgEy%2BSk%2BNBBjQH%2FwAvgldlJgPjvkO%2F9%2FX3oL73vfflYX5BXOR0sv2x7kul6Gqt6lbe3pEJ14WtbN2teG7VXavsyKQerlV604%2Fpvue5tar7TuUjwfb0qu96ruu5XmVDGhHr3uqMhUxPW1615VZDv%2BrVQvTMs9jmDix1wLsX5FVIPn5u9%2BcnkGyEpPPddWH3Mp2%2B%2B2EnVzTTBl1%2B8kmyl%2BgiQWdRxsZBnJzMu6HtmJCvlqCTk%2FkE0N2j6QSI5Jg4v3mIkpO5TETd40ulkYJIEPEXUHRHEGoESUdg%2Bj4k%2F4UAjGPrFpLOoy1tCrp%2FydIpOybL%2F%2FwNWYzJ8h9XkXS%2BXVeyV7mjVZ5JnVj04hKyN4Jsj5DmZ8j6DmRxBpbdg%2BQESaeE5JO3%2FDAW9WYYroQxba2EdT9aoY16vBJFrRYXQRA3GuHMGilHkPEISgxA7RJy6yCXDvLYQZ466PBJhdZases24igOgmbIGAsCxmrNOq%2FxIGzGLnI21T5Alg7A1ADMHCA1B9iTD8eE3DuCyX%2BE3S1huQObEXR5iUIQFJagoASFJCgygqJbHnNlfVs%2B4srmkTfP%2FjwH5VBn7UN6rLO2SMhhekFembn214s%2FYE9MKtSPWy039tywUXfrHmt4Le4xj9KA%2BoJxH1aWkHYJ1DroyzG5%2BvqfSKer%2FOJfRPQMVp2ByZdB8zdAi2HDd0F3h2HTRT857cU0yWh%2Fv8p0B1yXSLNlZPvOobogr810rL1UQLDza98HswAzJVJT4nP5E0FbPRje1gU5uq0LS57cSjPZkX063eydjGbiyjc3xH6hDd%2B8bgdfv8%2BmxLQ8vStsdpMmXCZtSx6vS86F2dCGCfJ00%2B6IaDu3u%2Bu5SfL05vYHG5ud1AhrpU5GoHJMyGQTTI7J808%2Fm13tm48%2FhTQjmLxEJz8n84DUZ2DpAWy60G81gVGLnih1UOTl0PjR4qeSBEosMI1K2P%2FhaFEf2gdoGwc0uz%2B71a4p0VUlqBrA5leGWWrOr%2F06fzxSzjBSxjmKlFEPL821clKpeaFoRs0G4zwSjHsNP2gGrutzHjZawmshs2P2e37jPwAAAP%2F%2FAQAA%2F%2F95Ip%2FfjQQAAA%3D%3D
IP 192.243.59.20:0
ASN #39572 DataWeb Global Group B.V.
File type ASCII text, with no line terminators
Hash 132d6af1b46048b45cf86cdee7991d31
eb7007d03d59b65bc6da7e098c4d38fc6dfb6285
ab852e838deccd742a03ca81d4a8d75cf1a00b327db3eaf46bd7da6b6db9384c
Analyzer Verdict Alert quad9 Sinkholed
GET /impr.gif?sid=H4sIAAAAAAAC%2F1RSz2skRRSuzsaLCv5gLyLiHDwomEn%2Fml%2FmsBjXSNg1G3ZXIt6qq6onZWq6mqru6cmAEHZB9jh789j5JtmgG8TFm7AgEy%2BSk%2BNBBjQH%2FwAvgldlJgPjvkO%2F9%2FX3oL73vfflYX5BXOR0sv2x7kul6Gqt6lbe3pEJ14WtbN2teG7VXavsyKQerlV604%2Fpvue5tar7TuUjwfb0qu96ruu5XmVDGhHr3uqMhUxPW1615VZDv%2BrVQvTMs9jmDix1wLsX5FVIPn5u9%2BcnkGyEpPPddWH3Mp2%2B%2B2EnVzTTBl1%2B8kmyl%2BgiQWdRxsZBnJzMu6HtmJCvlqCTk%2FkE0N2j6QSI5Jg4v3mIkpO5TETd40ulkYJIEPEXUHRHEGoESUdg%2Bj4k%2F4UAjGPrFpLOoy1tCrp%2FydIpOybL%2F%2FwNWYzJ8h9XkXS%2BXVeyV7mjVZ5JnVj04hKyN4Jsj5DmZ8j6DmRxBpbdg%2BQESaeE5JO3%2FDAW9WYYroQxba2EdT9aoY16vBJFrRYXQRA3GuHMGilHkPEISgxA7RJy6yCXDvLYQZ466PBJhdZases24igOgmbIGAsCxmrNOq%2FxIGzGLnI21T5Alg7A1ADMHCA1B9iTD8eE3DuCyX%2BE3S1huQObEXR5iUIQFJagoASFJCgygqJbHnNlfVs%2B4srmkTfP%2FjwH5VBn7UN6rLO2SMhhekFembn214s%2FYE9MKtSPWy039tywUXfrHmt4Le4xj9KA%2BoJxH1aWkHYJ1DroyzG5%2BvqfSKer%2FOJfRPQMVp2ByZdB8zdAi2HDd0F3h2HTRT857cU0yWh%2Fv8p0B1yXSLNlZPvOobogr810rL1UQLDza98HswAzJVJT4nP5E0FbPRje1gU5uq0LS57cSjPZkX063eydjGbiyjc3xH6hDd%2B8bgdfv8%2BmxLQ8vStsdpMmXCZtSx6vS86F2dCGCfJ00%2B6IaDu3u%2Bu5SfL05vYHG5ud1AhrpU5GoHJMyGQTTI7J808%2Fm13tm48%2FhTQjmLxEJz8n84DUZ2DpAWy60G81gVGLnih1UOTl0PjR4qeSBEosMI1K2P%2FhaFEf2gdoGwc0uz%2B71a4p0VUlqBrA5leGWWrOr%2F06fzxSzjBSxjmKlFEPL821clKpeaFoRs0G4zwSjHsNP2gGrutzHjZawmshs2P2e37jPwAAAP%2F%2FAQAA%2F%2F95Ip%2FfjQQAAA%3D%3D HTTP/1.1
Host: helpedhandwritingintestine.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Cookie: u_pl=15600826; uid_id2=24fe6844-4fa9-462b-a76f-bb99de33f774:2:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.17.9
Date: Fri, 03 Feb 2023 02:45:32 GMT
Content-Type: image/gif
Content-Length: 7
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 6a162cb487f289c802f0dba62800936a
Strict-Transport-Security: max-age=0; includeSubdomains
pogothere.xyz/asd100.bin
172.64.133.29200 OK 103 kB IP 172.64.133.29:0
Size 103 kB (102589 bytes)
Hash d62b9c001057ed5e6b88370ba161b625
fa6f35f3ef93242eabca84347cce0988f63d1bd0
6bac7a607738746478dfaa87dfa741229e51bce71831c0fd0ac51d9a4c1895c7
Analyzer Verdict Alert quad9 Sinkholed
GET /asd100.bin HTTP/1.1
Host: pogothere.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://xfantazy.com/
Origin: https://xfantazy.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Fri, 03 Feb 2023 02:45:32 GMT
content-type: binary/octet-stream
access-control-allow-origin: https://xfantazy.com
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-headers: X-Requested-With, content-type
cache-control: max-age=14400
cf-cache-status: HIT
age: 6338
last-modified: Fri, 03 Feb 2023 00:59:54 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=dQSLvbf5YEKSPorxBYgHUGc6p05lxmlmgz6dAZvD2AiMr0YX0npccw1Q96oeVQlAjmw7Sqwtfx46T%2BezaSXp9TFhKOxKumcnHpm1O5a53dHrRGTsnlWfu40ZAum4EopJ"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7937d4bdcb5b772c-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
helpedhandwritingintestine.com/pixel/sbs?c=1
192.243.59.20200 OK 0 B URL HTTP/1.1 helpedhandwritingintestine.com/pixel/sbs?c=1
IP 192.243.59.20:0
ASN #39572 DataWeb Global Group B.V.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /pixel/sbs?c=1 HTTP/1.1
Host: helpedhandwritingintestine.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Cookie: u_pl=15600826; uid_id2=24fe6844-4fa9-462b-a76f-bb99de33f774:2:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.17.9
Date: Fri, 03 Feb 2023 02:45:32 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
d3t87ooo0697p8.cloudfront.net/OREV5clEnKhcUbjAsHU9ocndJQ2ViLwodPzR4ITEfAQgyFAsoFl8GKyB4SVQ9JSseT3chKxpPYGIkHRBscGMNAj4veBsdITc/EhY0MitfBzB5KBYIOCgpGFdjAnBXQnR2dVEFOCohFgUiYXdJHCVhd0lDYWp1XEETYXdJBTgqc01XYgZgS0IpcnFcQRNhd0-kAJ2F2OENhcWtJW3R2dR4XMi8qXEAXdnVIQmF1dUhXY3QjEAA0IioBV2MCdElHf3RjDE9g
143.204.42.128200 OK 573 B URL HTTP/2 d3t87ooo0697p8.cloudfront.net/OREV5clEnKhcUbjAsHU9ocndJQ2ViLwodPzR4ITEfAQgyFAsoFl8GKyB4SVQ9JSseT3chKxpPYGIkHRBscGMNAj4veBsdITc/EhY0MitfBzB5KBYIOCgpGFdjAnBXQnR2dVEFOCohFgUiYXdJHCVhd0lDYWp1XEETYXdJBTgqc01XYgZgS0IpcnFcQRNhd0-kAJ2F2OENhcWtJW3R2dR4XMi8qXEAXdnVIQmF1dUhXY3QjEAA0IioBV2MCdElHf3RjDE9g
IP 143.204.42.128:0
File type ASCII text, with very long lines (814), with no line terminators
Hash bb21f2f47571cf438ff7636c47afa0ac
5898715b1eacc52da4c265dcace341218c5e7ac3
7b28beb53de130400f66bfecac9626572533935d96f3a75c0ce24bc68a5c4565
GET /OREV5clEnKhcUbjAsHU9ocndJQ2ViLwodPzR4ITEfAQgyFAsoFl8GKyB4SVQ9JSseT3chKxpPYGIkHRBscGMNAj4veBsdITc/EhY0MitfBzB5KBYIOCgpGFdjAnBXQnR2dVEFOCohFgUiYXdJHCVhd0lDYWp1XEETYXdJBTgqc01XYgZgS0IpcnFcQRNhd0-kAJ2F2OENhcWtJW3R2dR4XMi8qXEAXdnVIQmF1dUhXY3QjEAA0IioBV2MCdElHf3RjDE9g HTTP/1.1
Host: d3t87ooo0697p8.cloudfront.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://hatwasallo.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-length: 573
date: Fri, 03 Feb 2023 02:45:32 GMT
access-control-allow-origin: *
cache-control: max-age=31556926
content-encoding: gzip
x-cache: Miss from cloudfront
via: 1.1 6cb1d4b545e7beb4ead790454f4807c6.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: wsr3wKlerpbgksqFD9E9HkYFRNaWFMZzjfRuYxwM5f6PpvXWP1gdzg==
X-Firefox-Spdy: h2
lehebraverooper.xyz/TEZHQW9jeSQyUi0RLHQKCCojFD59CQQHFx4HAgQiFBAGDTwrIWE1Bih7fnZedXFyZx8lInpyXWo1MyAbOTV6c198cWEoASopenBJOnt3b1Zid2lxSTl7dmcbPCcgfF5qNjM1A3F3cXZaf391cll9dHV3
104.21.68.94204 No Content 0 B URL HTTP/2 lehebraverooper.xyz/TEZHQW9jeSQyUi0RLHQKCCojFD59CQQHFx4HAgQiFBAGDTwrIWE1Bih7fnZedXFyZx8lInpyXWo1MyAbOTV6c198cWEoASopenBJOnt3b1Zid2lxSTl7dmcbPCcgfF5qNjM1A3F3cXZaf391cll9dHV3
IP 104.21.68.94:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /TEZHQW9jeSQyUi0RLHQKCCojFD59CQQHFx4HAgQiFBAGDTwrIWE1Bih7fnZedXFyZx8lInpyXWo1MyAbOTV6c198cWEoASopenBJOnt3b1Zid2lxSTl7dmcbPCcgfF5qNjM1A3F3cXZaf391cll9dHV3 HTTP/1.1
Host: lehebraverooper.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 204 No Content
date: Fri, 03 Feb 2023 02:45:32 GMT
access-control-allow-origin: *
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=XRHhzizRgO2BwNLG%2FTRnRtCc2SGRr%2FTEfKvvtwAa5Jj28cTr%2BhZRoflglWh%2BFP%2BCE%2FPE3WIQhlO76RbhGy4kzmbjuu31%2Brp0fMaQ9pYy2Jh2Jv7VFKHtJcM1Hr%2BGEXflotSu55Or"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7937d4be89bc1c12-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.pki.goog/s/gts1p5/QJ2XgEbwD7g
142.250.74.99200 OK 471 B URL HTTP/1.1 ocsp.pki.goog/s/gts1p5/QJ2XgEbwD7g
IP 142.250.74.99:0
Hash bb996bfb8a858ecd05a2428121b1837b
f038902eb9d1ffe474531280ec3be1b5a74bb579
3258a8c2ea7f9d4a779c6c9df530ea3fa47ffe2b74a5395a390080cb22493702
POST /s/gts1p5/QJ2XgEbwD7g HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 03 Feb 2023 02:45:32 GMT
Cache-Control: public, max-age=14400
Server: scaffolding on HTTPServer2
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
peevishchasingstir.com/impr.gif?sid=H4sIAAAAAAAC%2F1RSzYsc1Rd9leQHPwziB25cqL0QVHA69dVfZhGMMTIkJiGJRNy9r%2Bp%2Bzut6xXv1ujqzMSQgWXZ2LmtOTzJoghjcuAmEHjeSle1CGnT%2BCcG1dKeh9S7q3lPnwjv33Pv1nj8iITxdXPnU7Cqt6alWM2y8e0PlwlSucel6Iwqb4enGDZW309ON8fJjRx9EYasZvtf4RPIdcyoOozCMwqhxXlmZmfGpFQtVPOpFzV7YTONm1Eoxtv%2FFzgdwNIAYHZFXocT8f4NfHkPxGfLhD%2Bek2ylN8f7HQ69paSxG4uCzfCc3VY7hpsxsgCw%2FWHfDuDkh3xyDyQ%2FWE8CM9pcTgKk5CX6PwPKDtUyw0f3nSpmGzMHESVSjGaSeQdEZuLkDJX4lABe4dBn58MElYyt68zlLl%2BycnPj7L6hqTk78%2BRry4fdntRo3rhntS2Vyh3FWQ41nUP0ZCn%2BIcjeAqg7By9tQgiAf1lBi8XacZrLdTdOtNKO9rbQdsy3aaWdbjPV6QiZJ1umkK2uUmkFlM2g5AXXH4F0ArwL4LIAvAgzFokFbvSwMOxnLkqSbcs6ThPNWty1aIkm7WQjPl9onKIsJuJ6A21so7C3sqHtzQm7vw%2FqncIMaTgRwJcFI1KgkQeUIKkpQKYKqJKhG9X2hXezqB0I7z6J1jtc5qaem7O%2FR%2B6bsy5zsFUfklaVrwYtfvYMduWjEUSaTXivM0iiWYdzmSZJFrM2lbEeJZBRO1VDuGKgLsKvm5M3WSRRqTv5%2F5ikYPYTTh%2BDqZVD%2FBmg17cQh6GCadkPs5j%2FltPSW6oGkuhw44y2XTa49gzA1ivIEypvBnj4ir682efqlCpI%2FO%2FNjsgpwW6OwNb5UPxP09d3pVVOR%2FaumcuTx5aJUQ7VLl1u%2BVtJSHv%2FugrxZGSu2z7nJtx%2FyJbEsH12XrrxIc6HyviMPzyohpD1vLJfkyba7IdkV7wZnvc19cfHKR%2Be3h4WVzimTz0DVnJDFNriakxeefLG64Lcefg5lZ7C%2BxtA%2FI%2BuAMofgxS24YqPfGQKrNz2sCFD5empjtvmpFYGWG0xZDfcvzDb1nruLvg1Ayzurux3ZGiNdg%2BoJnD8%2BLQv77Mxv68eZDqZM22CfaavvPTfXqUWjFaWyy7odLgSTXESdOOkmYRgLkXZ6MuqhdHP%2Bh7%2FwDwAAAP%2F%2FAQAA%2F%2F80LnsYmQQAAA%3D%3D
192.243.59.12200 OK 7 B URL HTTP/1.1 peevishchasingstir.com/impr.gif?sid=H4sIAAAAAAAC%2F1RSzYsc1Rd9leQHPwziB25cqL0QVHA69dVfZhGMMTIkJiGJRNy9r%2Bp%2Bzut6xXv1ujqzMSQgWXZ2LmtOTzJoghjcuAmEHjeSle1CGnT%2BCcG1dKeh9S7q3lPnwjv33Pv1nj8iITxdXPnU7Cqt6alWM2y8e0PlwlSucel6Iwqb4enGDZW309ON8fJjRx9EYasZvtf4RPIdcyoOozCMwqhxXlmZmfGpFQtVPOpFzV7YTONm1Eoxtv%2FFzgdwNIAYHZFXocT8f4NfHkPxGfLhD%2Bek2ylN8f7HQ69paSxG4uCzfCc3VY7hpsxsgCw%2FWHfDuDkh3xyDyQ%2FWE8CM9pcTgKk5CX6PwPKDtUyw0f3nSpmGzMHESVSjGaSeQdEZuLkDJX4lABe4dBn58MElYyt68zlLl%2BycnPj7L6hqTk78%2BRry4fdntRo3rhntS2Vyh3FWQ41nUP0ZCn%2BIcjeAqg7By9tQgiAf1lBi8XacZrLdTdOtNKO9rbQdsy3aaWdbjPV6QiZJ1umkK2uUmkFlM2g5AXXH4F0ArwL4LIAvAgzFokFbvSwMOxnLkqSbcs6ThPNWty1aIkm7WQjPl9onKIsJuJ6A21so7C3sqHtzQm7vw%2FqncIMaTgRwJcFI1KgkQeUIKkpQKYKqJKhG9X2hXezqB0I7z6J1jtc5qaem7O%2FR%2B6bsy5zsFUfklaVrwYtfvYMduWjEUSaTXivM0iiWYdzmSZJFrM2lbEeJZBRO1VDuGKgLsKvm5M3WSRRqTv5%2F5ikYPYTTh%2BDqZVD%2FBmg17cQh6GCadkPs5j%2FltPSW6oGkuhw44y2XTa49gzA1ivIEypvBnj4ir682efqlCpI%2FO%2FNjsgpwW6OwNb5UPxP09d3pVVOR%2FaumcuTx5aJUQ7VLl1u%2BVtJSHv%2FugrxZGSu2z7nJtx%2FyJbEsH12XrrxIc6HyviMPzyohpD1vLJfkyba7IdkV7wZnvc19cfHKR%2Be3h4WVzimTz0DVnJDFNriakxeefLG64Lcefg5lZ7C%2BxtA%2FI%2BuAMofgxS24YqPfGQKrNz2sCFD5empjtvmpFYGWG0xZDfcvzDb1nruLvg1Ayzurux3ZGiNdg%2BoJnD8%2BLQv77Mxv68eZDqZM22CfaavvPTfXqUWjFaWyy7odLgSTXESdOOkmYRgLkXZ6MuqhdHP%2Bh7%2FwDwAAAP%2F%2FAQAA%2F%2F80LnsYmQQAAA%3D%3D
IP 192.243.59.12:0
ASN #39572 DataWeb Global Group B.V.
File type ASCII text, with no line terminators
Hash 132d6af1b46048b45cf86cdee7991d31
eb7007d03d59b65bc6da7e098c4d38fc6dfb6285
ab852e838deccd742a03ca81d4a8d75cf1a00b327db3eaf46bd7da6b6db9384c
Analyzer Verdict Alert fortinet Phishing
quad9 Sinkholed
GET /impr.gif?sid=H4sIAAAAAAAC%2F1RSzYsc1Rd9leQHPwziB25cqL0QVHA69dVfZhGMMTIkJiGJRNy9r%2Bp%2Bzut6xXv1ujqzMSQgWXZ2LmtOTzJoghjcuAmEHjeSle1CGnT%2BCcG1dKeh9S7q3lPnwjv33Pv1nj8iITxdXPnU7Cqt6alWM2y8e0PlwlSucel6Iwqb4enGDZW309ON8fJjRx9EYasZvtf4RPIdcyoOozCMwqhxXlmZmfGpFQtVPOpFzV7YTONm1Eoxtv%2FFzgdwNIAYHZFXocT8f4NfHkPxGfLhD%2Bek2ylN8f7HQ69paSxG4uCzfCc3VY7hpsxsgCw%2FWHfDuDkh3xyDyQ%2FWE8CM9pcTgKk5CX6PwPKDtUyw0f3nSpmGzMHESVSjGaSeQdEZuLkDJX4lABe4dBn58MElYyt68zlLl%2BycnPj7L6hqTk78%2BRry4fdntRo3rhntS2Vyh3FWQ41nUP0ZCn%2BIcjeAqg7By9tQgiAf1lBi8XacZrLdTdOtNKO9rbQdsy3aaWdbjPV6QiZJ1umkK2uUmkFlM2g5AXXH4F0ArwL4LIAvAgzFokFbvSwMOxnLkqSbcs6ThPNWty1aIkm7WQjPl9onKIsJuJ6A21so7C3sqHtzQm7vw%2FqncIMaTgRwJcFI1KgkQeUIKkpQKYKqJKhG9X2hXezqB0I7z6J1jtc5qaem7O%2FR%2B6bsy5zsFUfklaVrwYtfvYMduWjEUSaTXivM0iiWYdzmSZJFrM2lbEeJZBRO1VDuGKgLsKvm5M3WSRRqTv5%2F5ikYPYTTh%2BDqZVD%2FBmg17cQh6GCadkPs5j%2FltPSW6oGkuhw44y2XTa49gzA1ivIEypvBnj4ir682efqlCpI%2FO%2FNjsgpwW6OwNb5UPxP09d3pVVOR%2FaumcuTx5aJUQ7VLl1u%2BVtJSHv%2FugrxZGSu2z7nJtx%2FyJbEsH12XrrxIc6HyviMPzyohpD1vLJfkyba7IdkV7wZnvc19cfHKR%2Be3h4WVzimTz0DVnJDFNriakxeefLG64Lcefg5lZ7C%2BxtA%2FI%2BuAMofgxS24YqPfGQKrNz2sCFD5empjtvmpFYGWG0xZDfcvzDb1nruLvg1Ayzurux3ZGiNdg%2BoJnD8%2BLQv77Mxv68eZDqZM22CfaavvPTfXqUWjFaWyy7odLgSTXESdOOkmYRgLkXZ6MuqhdHP%2Bh7%2FwDwAAAP%2F%2FAQAA%2F%2F80LnsYmQQAAA%3D%3D HTTP/1.1
Host: peevishchasingstir.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Cookie: u_pl=17661735; uid_id2=24fe6844-4fa9-462b-a76f-bb99de33f774:2:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.17.6
Date: Fri, 03 Feb 2023 02:45:32 GMT
Content-Type: image/gif
Content-Length: 7
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 985bd2e1ba7fa2bfd07aaf6d09971eff
Strict-Transport-Security: max-age=0; includeSubdomains
peevishchasingstir.com/pixel/sbs?c=1
192.243.59.12200 OK 0 B URL HTTP/1.1 peevishchasingstir.com/pixel/sbs?c=1
IP 192.243.59.12:0
ASN #39572 DataWeb Global Group B.V.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /pixel/sbs?c=1 HTTP/1.1
Host: peevishchasingstir.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Cookie: u_pl=17661735; uid_id2=24fe6844-4fa9-462b-a76f-bb99de33f774:2:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.17.6
Date: Fri, 03 Feb 2023 02:45:32 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash ede42358dbe8cf2e6b7e6a2653774d01
5dc8ca0b929f04fb15c7ff81d0a9decda023b7fb
8e841815d41c4ade06e328cb1ffb9be342640167ec6acb658f6b4b373e23a52a
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5402
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Fri, 03 Feb 2023 02:45:32 GMT
Last-Modified: Fri, 03 Feb 2023 01:15:30 GMT
Server: ECS (ska/F711)
X-Cache: HIT
Content-Length: 471
ocsp.pki.goog/gts1c3
142.250.74.99200 OK 471 B IP 142.250.74.99:0
Hash 8d777e9406316814b36e3c580cccd4c8
7653df86c61ff7c801e35da9eeca3ecc70c7d7e8
2c4bb952aa3359712306a7c20b845627ee26689aacdb2560a61fc175e7c0c731
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 03 Feb 2023 02:45:32 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.99200 OK 471 B IP 142.250.74.99:0
Hash 8d777e9406316814b36e3c580cccd4c8
7653df86c61ff7c801e35da9eeca3ecc70c7d7e8
2c4bb952aa3359712306a7c20b845627ee26689aacdb2560a61fc175e7c0c731
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 03 Feb 2023 02:45:32 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
accounts.google.com/ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&uilel=3&hl=en&service=mail
142.250.74.77302 Found 395 B URL HTTP/2 accounts.google.com/ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&uilel=3&hl=en&service=mail
IP 142.250.74.77:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (380)
Hash 3b63c9e76177f6dddc54d519b96bc689
b9c6ef7fd365173cc7ac473640f55329eeffee43
53dea4f8b470cc24a6a4faf3267a3f773810ee5ee2d2d9e297710664e85a0f4f
GET /ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&uilel=3&hl=en&service=mail HTTP/1.1
Host: accounts.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
content-type: text/html; charset=UTF-8
x-frame-options: DENY
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Fri, 03 Feb 2023 02:45:32 GMT
location: https://accounts.google.com/v3/signin/identifier?dsh=S1879219957%3A1675392332826621&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&hl=en&passive=true&service=mail&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&ifkv=AWnogHfqhZ5gAXtND90sR1WDfgrCCTZKz628QNzhIIrDRLVvH5ut27lJ4YWK1pB5dPGbZwd3NMyjgA
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-opener-policy-report-only: same-origin; report-to="coop_gse_qebhlk"
content-security-policy: require-trusted-types-for 'script';report-uri /cspreport, script-src 'nonce-2mlfnaE5WxpHsvJ8hYkt-Q' 'unsafe-inline' 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /cspreport
report-to: {"group":"coop_gse_qebhlk","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gse_qebhlk"}]}
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 395
server: GSE
set-cookie: __Host-GAPS=1:faWyr_OJMRDOIh3kPdmAD_ecLEAXjg:FeJP0IYjUqVzb4UQ;Path=/;Expires=Sun, 02-Feb-2025 02:45:32 GMT;Secure;HttpOnly;Priority=HIGH
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
accounts.google.com/ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&uilel=3&hl=en&service=youtube
142.250.74.77302 Found 399 B URL HTTP/2 accounts.google.com/ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&uilel=3&hl=en&service=youtube
IP 142.250.74.77:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (385)
Hash fb2e2a5b4a9ed14e79b6b9291c68b021
8c9a11d88ca9d444d84a492e87580d2c2fab3980
c91bddc7a5da02d927d97b37083c84463febefe5900e3e8152b260d4c6cd8240
GET /ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&uilel=3&hl=en&service=youtube HTTP/1.1
Host: accounts.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
content-type: text/html; charset=UTF-8
x-frame-options: DENY
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Fri, 03 Feb 2023 02:45:32 GMT
location: https://accounts.google.com/v3/signin/identifier?dsh=S-1929082469%3A1675392332875660&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&hl=en&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&ifkv=AWnogHfJeLX7Eml1DgJrS5qETYU4ivRPIEFpKrHgRYuMi2mL0hoOdvclk5z1RIV96oau03_pZN1F_Q
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-opener-policy-report-only: same-origin; report-to="coop_gse_qebhlk"
report-to: {"group":"coop_gse_qebhlk","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gse_qebhlk"}]}
content-security-policy: require-trusted-types-for 'script';report-uri /cspreport, script-src 'nonce-NR8q1RRQ__0fqmJ5LdL7MA' 'unsafe-inline' 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /cspreport
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 399
server: GSE
set-cookie: __Host-GAPS=1:g88d89Dl2laGwscRZ658nO7JOvufCg:S4ahfESqwKqhoNC2;Path=/;Expires=Sun, 02-Feb-2025 02:45:32 GMT;Secure;HttpOnly;Priority=HIGH
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.99200 OK 472 B IP 142.250.74.99:0
Hash 0c15fd84f4711d994724c35236542194
c47d77fe5b373a86bd9a116bd8baac07ec746add
a210a4599baaa980674b456f020282cd470559b319be263fdcf9eaec7cff0d3b
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 03 Feb 2023 02:45:32 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
hatwasallo.com/utx?cb=Fh94H8LFUOqo&top=xfantazy.com&tid=971975
54.230.111.81204 No Content 0 B URL HTTP/2 hatwasallo.com/utx?cb=Fh94H8LFUOqo&top=xfantazy.com&tid=971975
IP 54.230.111.81:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /utx?cb=Fh94H8LFUOqo&top=xfantazy.com&tid=971975 HTTP/1.1
Host: hatwasallo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://xfantazy.com
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 204 No Content
date: Fri, 03 Feb 2023 02:45:32 GMT
server: openresty/1.17.8.2
access-control-allow-credentials: true
access-control-allow-origin: https://xfantazy.com
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
set-cookie: ut=x; Expires=Fri, 03 Feb 2023 02:46:32 GMT; Max-Age=60
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
x-cache: Miss from cloudfront
via: 1.1 ab09332bca1a3bd382d2e408f65b98d2.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: -6Az-xXs5xL5B2hd7c9ByyVstyd6SNVjP_WoLMBtkqF4KfeNgVt7eQ==
X-Firefox-Spdy: h2
hatwasallo.com/utx?cb=wReUhmgdVBpZ&top=xfantazy.com&tid=962014
54.230.111.81204 No Content 0 B URL HTTP/2 hatwasallo.com/utx?cb=wReUhmgdVBpZ&top=xfantazy.com&tid=962014
IP 54.230.111.81:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /utx?cb=wReUhmgdVBpZ&top=xfantazy.com&tid=962014 HTTP/1.1
Host: hatwasallo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://xfantazy.com
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 204 No Content
date: Fri, 03 Feb 2023 02:45:32 GMT
server: openresty/1.17.8.2
access-control-allow-credentials: true
access-control-allow-origin: https://xfantazy.com
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
set-cookie: ut=x; Expires=Fri, 03 Feb 2023 02:46:32 GMT; Max-Age=60
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
x-cache: Miss from cloudfront
via: 1.1 ab09332bca1a3bd382d2e408f65b98d2.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: FRGNzEQonmahdWOJeNJwhdoE6M5AXm5uJlTk78CEXE8YWtoKmK_D5w==
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash ede42358dbe8cf2e6b7e6a2653774d01
5dc8ca0b929f04fb15c7ff81d0a9decda023b7fb
8e841815d41c4ade06e328cb1ffb9be342640167ec6acb658f6b4b373e23a52a
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5402
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Fri, 03 Feb 2023 02:45:32 GMT
Last-Modified: Fri, 03 Feb 2023 01:15:30 GMT
Server: ECS (ska/F711)
X-Cache: HIT
Content-Length: 471
static-cache.k2s.cc/thumbnail/I7nB6X6im666qW7DrA/w320h240/0.jpeg
188.72.235.185200 OK 55 kB URL HTTP/2 static-cache.k2s.cc/thumbnail/I7nB6X6im666qW7DrA/w320h240/0.jpeg
IP 188.72.235.185:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=4, xresolution=62, yresolution=70, resolutionunit=3, software=paint.net 4.3.11], baseline, precision 8, 950x150, components 3\012- data
Hash 473783ee57bd0ee251ab02455e361039
accc7d775614c48f333f83563da11e71e37fa13b
5768bc3ca5691cfb9f27fb59317f03b928b6ae12b3e9e182b160156022bab04b
GET /thumbnail/I7nB6X6im666qW7DrA/w320h240/0.jpeg HTTP/1.1
Host: static-cache.k2s.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: openresty
date: Fri, 03 Feb 2023 02:45:33 GMT
content-type: image/jpeg
content-length: 11623
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
access-control-allow-origin: *
x-cache-status: HIT
X-Firefox-Spdy: h2
static-cache.k2s.cc/thumbnail/JryT7HX3yPrr-TyR9g/w320h240/0.jpeg
188.72.235.185200 OK 16 kB URL HTTP/2 static-cache.k2s.cc/thumbnail/JryT7HX3yPrr-TyR9g/w320h240/0.jpeg
IP 188.72.235.185:0
File type gzip compressed data, max compression\012- data
Hash 2014c23e9ebdbfc784f5c28135d90245
4a9a1efd4c23171ebe9e567e5e57ade39e41bb49
08d91316f36a6440208c9549e427578d217501cbf8a3af653515395c5e95cb9c
GET /thumbnail/JryT7HX3yPrr-TyR9g/w320h240/0.jpeg HTTP/1.1
Host: static-cache.k2s.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: openresty
date: Fri, 03 Feb 2023 02:45:33 GMT
content-type: image/jpeg
content-length: 15001
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
access-control-allow-origin: *
x-cache-status: HIT
X-Firefox-Spdy: h2
static-cache.k2s.cc/thumbnail/IOyTvXD0mPzqrWqQ_A/w320h240/0.jpeg
188.72.235.185200 OK 9.8 kB URL HTTP/2 static-cache.k2s.cc/thumbnail/IOyTvXD0mPzqrWqQ_A/w320h240/0.jpeg
IP 188.72.235.185:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v80), quality = 80", baseline, precision 8, 320x240, components 3\012- data
Hash 6065ab825c8d59d17bbc0bff6a3b389c
983fcd7128dca2d6507e95bad50d41b905f8fac0
519e46517f2dc7264bae92a70bc433d27277df22d8f7996fc965ffa29c090f30
GET /thumbnail/IOyTvXD0mPzqrWqQ_A/w320h240/0.jpeg HTTP/1.1
Host: static-cache.k2s.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: openresty
date: Fri, 03 Feb 2023 02:45:33 GMT
content-type: image/jpeg
content-length: 9769
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
access-control-allow-origin: *
x-cache-status: HIT
X-Firefox-Spdy: h2
cdn.creative-bars1.com/sb/chat/mob/ssp/v2/new/3/css/style.css
172.64.167.9200 OK 9.3 kB URL HTTP/2 cdn.creative-bars1.com/sb/chat/mob/ssp/v2/new/3/css/style.css
IP 172.64.167.9:0
Hash 118478cd5500fb7dc6f180750b8ec546
3222b1fee6f595bbf1570f16521d6ef10e6a0554
9751e46e12af53799f76353d9cae0cc38241ce5c0a8c83d8b13f26a8809148d2
GET /sb/chat/mob/ssp/v2/new/3/css/style.css HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://xfantazy.com
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Fri, 03 Feb 2023 02:45:32 GMT
content-type: text/css
last-modified: Wed, 13 Jul 2022 12:13:55 GMT
etag: W/"62ceb703-1229"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 4997235
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=8teSFg7cYPWesHwS%2F5TsZ3nSch5Boq7nbuM0jWVEFLRvK8mhi71kh6FxJuUTa2psUSbmww%2B3FrOGm6K970%2BZZ2rWc1noj7gGItZOe%2B0dr%2FV3XxCkGgpZmWPGvNRy94K7iKwSHJN5i78X"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7937d4bbdc4cf3f7-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
static-cache.k2s.cc/thumbnail/d--XuHelz_i4qW-fqw/w320h240/0.jpeg
188.72.235.185200 OK 11 kB URL HTTP/2 static-cache.k2s.cc/thumbnail/d--XuHelz_i4qW-fqw/w320h240/0.jpeg
IP 188.72.235.185:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v80), quality = 80", baseline, precision 8, 320x240, components 3\012- data
Hash f671ab01fb0134e3ac9775c096b6498b
ca06570dd9f5bd766d544113146cefe115fcdb46
725692d7210f78e34ccc4d3020a0e8cd682c37c1ccd05275e9788c9811cf9ec1
GET /thumbnail/d--XuHelz_i4qW-fqw/w320h240/0.jpeg HTTP/1.1
Host: static-cache.k2s.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: openresty
date: Fri, 03 Feb 2023 02:45:33 GMT
content-type: image/jpeg
content-length: 10938
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
access-control-allow-origin: *
x-cache-status: HIT
X-Firefox-Spdy: h2
cdn.creative-bars1.com/sb/chat/mob/ssp/v2/new/3/css/style.css
172.64.167.9200 OK 16 kB URL HTTP/2 cdn.creative-bars1.com/sb/chat/mob/ssp/v2/new/3/css/style.css
IP 172.64.167.9:0
Hash a2be99f8c7ca2673057fc1666ce3a592
21a2fadb69d503972e3b93a4f5b88d747f012760
f23e0f12246a121b8b41d6ee63117961a79498bc3fcb4ed85220c679787a300f
GET /sb/chat/mob/ssp/v2/new/3/css/style.css HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://xfantazy.com
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 03 Feb 2023 02:45:32 GMT
content-type: text/css
last-modified: Wed, 13 Jul 2022 12:13:55 GMT
etag: W/"62ceb703-1229"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 4997235
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=6r%2BN5imPlab0wC10d9dVpjspvdO0jamJ%2FbsU0PTKR8ModDPNARdDyGhr50aLDiEnbaqBKvk4NAtg%2FhyZqVP46kOjgP5CvSl1zT5cl9R5zoXgRThItbbwmxYkZzgFZbFuqtba%2Br4lBiSs"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7937d4bbec4ff3f7-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
static-cache.k2s.cc/thumbnail/IejFuXKvyqjurjSW9w/w320h240/0.jpeg
188.72.235.185200 OK 18 kB URL HTTP/2 static-cache.k2s.cc/thumbnail/IejFuXKvyqjurjSW9w/w320h240/0.jpeg
IP 188.72.235.185:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v80), quality = 80", baseline, precision 8, 320x240, components 3\012- data
Hash 111afbd17226874bc571e22026764f1a
1c4cb8ad6b06534502828fc1a2f190e97e358199
438ed9a7e0422f085ba691d2c8fb4ba2e578bd077ab0125923da112529872559
GET /thumbnail/IejFuXKvyqjurjSW9w/w320h240/0.jpeg HTTP/1.1
Host: static-cache.k2s.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: openresty
date: Fri, 03 Feb 2023 02:45:33 GMT
content-type: image/jpeg
content-length: 18415
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
access-control-allow-origin: *
x-cache-status: HIT
X-Firefox-Spdy: h2
static-cache.k2s.cc/thumbnail/cbyQvSSkzqq_8DmQ_Q/w320h240/0.jpeg
188.72.235.185200 OK 16 kB URL HTTP/2 static-cache.k2s.cc/thumbnail/cbyQvSSkzqq_8DmQ_Q/w320h240/0.jpeg
IP 188.72.235.185:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v80), quality = 80", baseline, precision 8, 320x240, components 3\012- data
Hash 77e0daa3a876a4ab66d91a5ac779416e
926e2f66470be993ebeee547b2654de9be41169b
2c5245d5f826b90464f19bcaee44e476dcd2f84bcdf035620dd90d57ccaa88a7
GET /thumbnail/cbyQvSSkzqq_8DmQ_Q/w320h240/0.jpeg HTTP/1.1
Host: static-cache.k2s.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: openresty
date: Fri, 03 Feb 2023 02:45:33 GMT
content-type: image/jpeg
content-length: 16423
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
access-control-allow-origin: *
x-cache-status: HIT
X-Firefox-Spdy: h2
static-cache.k2s.cc/thumbnail/J-nBuSOvm_rvrTuV9g/w320h240/0.jpeg
188.72.235.185200 OK 12 kB URL HTTP/2 static-cache.k2s.cc/thumbnail/J-nBuSOvm_rvrTuV9g/w320h240/0.jpeg
IP 188.72.235.185:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v80), quality = 80", baseline, precision 8, 320x240, components 3\012- data
Hash bf2a10d481449e93b7552fa030e5f5e4
757d631aa5937b1e4e24ab9ca889b90095b4746b
17fcc3471ed8485c2b003e9ea4b0353e829b62b6b40424bc30b79758864e016d
GET /thumbnail/J-nBuSOvm_rvrTuV9g/w320h240/0.jpeg HTTP/1.1
Host: static-cache.k2s.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: openresty
date: Fri, 03 Feb 2023 02:45:33 GMT
content-type: image/jpeg
content-length: 12014
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
access-control-allow-origin: *
x-cache-status: HIT
X-Firefox-Spdy: h2
a.naturalhealthsource.club/api/spots/312874?p=1&s1=%subid1%&kw=
135.181.208.216200 OK 3.9 kB URL HTTP/2 a.naturalhealthsource.club/api/spots/312874?p=1&s1=%subid1%&kw=
IP 135.181.208.216:0
ASN #24940 Hetzner Online GmbH
Hash e45fe979345b8a492789fcd55dd23132
8a90ec35f8d0ccabb4719a36a3f77efdcfbbaa6b
2947b753bc66bbcad3400c18e262d036d98b13f0b7edad21b9734de658a8b335
GET /api/spots/312874?p=1&s1=%subid1%&kw= HTTP/1.1
Host: a.naturalhealthsource.club
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Cookie: nauid=HDHhphy4mauHrJvwMPiI
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 03 Feb 2023 02:45:33 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
cache-control: private
content-encoding: gzip
X-Firefox-Spdy: h2
ads.adxadserv.com/ad?spotid=636bc5d561d6e27071201a23&type=300x250&output=html
185.98.53.2200 OK 1.6 kB URL HTTP/2 ads.adxadserv.com/ad?spotid=636bc5d561d6e27071201a23&type=300x250&output=html
IP 185.98.53.2:0
ASN #39572 DataWeb Global Group B.V.
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (579)
Hash 982e30126a116339557fd48d96034ada
734480453858debc61e9428dbad55c041da61163
dbc9b494d733679c91d1f12e65d7e4efab16f5364358862b4e2025fbe16e3edb
GET /ad?spotid=636bc5d561d6e27071201a23&type=300x250&output=html HTTP/1.1
Host: ads.adxadserv.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Fri, 03 Feb 2023 02:45:33 GMT
content-type: text/html; charset=utf-8
content-length: 1631
cache-control: no-cache
X-Firefox-Spdy: h2
e1.o.lencr.org/
23.36.77.32200 OK 345 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 03da5c6aa37a4d971cc2fd7e55478e9f
330b0b61e3c5966e6e739b0f75a10fc3ecf36319
b2fb7f459311816420b4bec226f4bb56ddbaef061fcc1877645c4f991aab167c
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "B2FB7F459311816420B4BEC226F4BB56DDBAEF061FCC1877645C4F991AAB167C"
Last-Modified: Thu, 02 Feb 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4926
Expires: Fri, 03 Feb 2023 04:07:39 GMT
Date: Fri, 03 Feb 2023 02:45:33 GMT
Connection: keep-alive
accounts.google.com/v3/signin/identifier?dsh=S1879219957%3A1675392332826621&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&hl=en&passive=true&service=mail&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&ifkv=AWnogHfqhZ5gAXtND90sR1WDfgrCCTZKz628QNzhIIrDRLVvH5ut27lJ4YWK1pB5dPGbZwd3NMyjgA
142.250.74.77403 Forbidden 2.4 kB URL HTTP/2 accounts.google.com/v3/signin/identifier?dsh=S1879219957%3A1675392332826621&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&hl=en&passive=true&service=mail&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&ifkv=AWnogHfqhZ5gAXtND90sR1WDfgrCCTZKz628QNzhIIrDRLVvH5ut27lJ4YWK1pB5dPGbZwd3NMyjgA
IP 142.250.74.77:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, Unicode text, UTF-8 text, with very long lines (4979), with no line terminators
Hash cb3632c35f7e78601f184b06d3477164
7989f8d4a14470066f843cb3ee1f1334180f5baf
41388639123d88b757dcf691bf638cf10896bff44e6cbcb326b7ad7f66efa03e
GET /v3/signin/identifier?dsh=S1879219957%3A1675392332826621&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&hl=en&passive=true&service=mail&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&ifkv=AWnogHfqhZ5gAXtND90sR1WDfgrCCTZKz628QNzhIIrDRLVvH5ut27lJ4YWK1pB5dPGbZwd3NMyjgA HTTP/1.1
Host: accounts.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://xfantazy.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 403 Forbidden
content-type: text/html; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Fri, 03 Feb 2023 02:45:32 GMT
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: script-src 'nonce-5QhwjdZShzK0UbfuPHTFeg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /v3/signin/_/AccountsSignInUi/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /v3/signin/_/AccountsSignInUi/cspreport/allowlist, require-trusted-types-for 'script';report-uri /v3/signin/_/AccountsSignInUi/cspreport
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-platform=*, ch-ua-platform-version=*
cross-origin-opener-policy-report-only: same-origin
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
e1.o.lencr.org/
23.36.77.32200 OK 345 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 03da5c6aa37a4d971cc2fd7e55478e9f
330b0b61e3c5966e6e739b0f75a10fc3ecf36319
b2fb7f459311816420b4bec226f4bb56ddbaef061fcc1877645c4f991aab167c
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "B2FB7F459311816420B4BEC226F4BB56DDBAEF061FCC1877645C4F991AAB167C"
Last-Modified: Thu, 02 Feb 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4926
Expires: Fri, 03 Feb 2023 04:07:39 GMT
Date: Fri, 03 Feb 2023 02:45:33 GMT
Connection: keep-alive
syndication.realsrv.com/splash.php?native-settings=1&idzone=4891816&cookieconsent=true&&p=https%3A%2F%2Fxfantazy.com%2F&max=1&loaded=0
95.211.229.245200 OK 1.9 kB URL HTTP/1.1 syndication.realsrv.com/splash.php?native-settings=1&idzone=4891816&cookieconsent=true&&p=https%3A%2F%2Fxfantazy.com%2F&max=1&loaded=0
IP 95.211.229.245:0
ASN #60781 LeaseWeb Netherlands B.V.
File type JSON data\012- , ASCII text, with very long lines (3488), with no line terminators
Hash ce0acc5c81627605e0adc2e947e26b40
a4a61e8894a167427fb795ccd305c388cd369a49
6bdb32e6ff07d21592087419ff5c42019dcd026a1c72451d0ec7d9c157d4177b
GET /splash.php?native-settings=1&idzone=4891816&cookieconsent=true&&p=https%3A%2F%2Fxfantazy.com%2F&max=1&loaded=0 HTTP/1.1
Host: syndication.realsrv.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://a.naturalhealthsource.club
Connection: keep-alive
Referer: https://a.naturalhealthsource.club/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 03 Feb 2023 02:45:33 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Origin: https://a.naturalhealthsource.club
Access-Control-Allow-Credentials: true
Set-Cookie: __uvt=a%3A1%3A%7Bi%3A0%3Bs%3A33%3A%2263dc754d646807.142538793593638346%22%3B%7D; expires=Sun, 02 Feb 2025 02:45:33 GMT; path=; domain=.realsrv.com; Secure; SameSite=none
impressions=oslmrxbrnxgxamrscrmeogeicxbmsbcenxgxamrseoscsgeimmccrbebnxgxamcbexxbmgeioslmrxbmnxgxamreseallgeicxbmsbocnxgxamrolmocogeimmccrlaonxgxamccxobsegeimmccrlacnxgxamcmlarclgeicxbmsboenxgxamrscrmeogeioslmrxlrnxgxamslescrogeimmccrbxenxgxamrescroogeislsaroornxgxamccolacbgeioslmroemnxgxamrsxxxmrgeioslmrxlsnxgxamroamsoegeicmmsxrbonxgxamsoeamlmgeimmccrlaenxgxamrsxxxmrgeimmccrbeanxgxamcssabxegeicaocmrmanxgxamolcrcergeimcclsxronxgxamsscrmclgeimcclsxmenxgxamrescroogeialbserebnxgxamccrrssogeimcclsxaonxgxamsxsxllxgeicxbmsbxcnxgxamrsarxclgeimrblxebenxgxamselmborgeimcclsxconxgxamsbremaegeirbabxabbnxgxamrescroogeimcclsxacnxgxamsscrmclgeicmmsxaeenxgxamcmrmsrmgeialbsereanxgxamsoeabscgeicaxsscmbnxgxamsosomemgeimcclosconxgxamcxbemmxgeimcclsoeonxgxamrolmocogeimcclsxlcnxgxamreaccbbgeimcclossbnxgxamcscxaesgeimcclsxscnxgxamsmoooeegeimcclsxlenxgxamcbrorxbgeimaecseaenxgxamsmoooeegeimaecsxcbnxgxamsmoooeegeimcclsxoanxgxamclrbcelgeimcclsxlbnxgxamcrbalrageimccloscanxgxamclrbcrogeiclsmrbsonxgxamsmmrbmbgeiclsmarsenxgxamsmmrbmbgeiccmmllebnxgxamclarlmmgeimcclsxsbnxgxamreollxsgeiclsmrbxonxgxamsbebceegeiclsmrbxcnxgxamsbebceegeiclsmarscnxgxamsbebceegeiccmmlmlcnxgxamsbebceegeiclsmarrenxgxamsbebceegeicaormbaonxgxamsbxxbsrgeicaormlrenxgxamcememscgeimcclsxlonxgxamcsmlmxcgeimrblelronxgxamsbremaegeimaecsxobnxgxamsbremaegeiclsmrbrcnxgxamsbroemmgeiclsmrraanxgxamclsslaegeiclsmrmxbnxgxamsbroemmgeimccloscenxgxamsbmrxregeimcclsxxonxgxamslescrogeimrblelxbnxgxamslescrogeimcclsoeenxgxamclrbcelgeimrblelmonxgxamcxcrasxgeimrbleloenxgxamcxcrasxgeiclsmrrmanxgxamcxabcxbgeiclsmrbeonxgxamcxabcxbgeiclsmrrcenxgxamcxabcxbgeiclsmrmxanxgxamcxabcxbgeiclsmrbxenxgxamcxabcxbgeiclsmaroonxgxamcxabcxbgeialbserxenxgxamcosraregeimcclsxsenxgxamrescroogeimcclsxlanxgxamcblrlbcgeiccmmlleanxgxamccrrssogeicaormlabnxgxamcrllsmageicaormlconxgxamcrllsmageiclsmarsonxgxamclsslaegeiclsmrmlbnxgxamclsslaegeiclsmrmocnxgxamclsslaegeiccmmllecnxgxamclsslaegeimcclsxcanxgxamclrbcelgeimrblelcenxgxamclrbcelgeimaecsxrcnxgxamclrbcelgeialbserxonxgxamclarlmmgeimcclosscnxgxamreaccbbgeimaecobronxgxamrescroogeimaecobeenxgxamrescroogeimcclosccnxgxamrescroogeimaecoboonxgxamrescroogeimrblxelenxgxamrescroogeimbroosxcnxgxamrselcmrgxcceimsmxmosenxgxamrsxeecrgxcceicxmecmcanxgxamrsxeecbgxcceimxlbmosonogxamrsxxxmrgxcceimrxccosonxgxamrsxamrrgxcceiallxlmscnxgxamrsxleelgxcceimeembecenxgxamrsomsecgxcceimxeemblcnxgxamrsomsergxcceimrbleaebnxgxamrsseeoagxcceimbeelllanxgxamrssoeomgxcceicloaxxabnxgxamrssoalagxcceimxlbmxlcnogxamrssomelgxcceimcssmlrenxgxamrsssoabgxcceimeembesonxgxamrsscsbagxcceimxlbmosancgxamrsrooalgxcceimcssmlronsgxamrsrooalgxcceimmraexsenxgxamrsrcaccgxcceimmraexxanxgxamrsrcaccgxcceimboslabcnxgxamrsarxclgxcceimxeoxsacnxgxamrsarxclgxcceimbbcemoanrgxamrsamobsgxcceimxlbmoconogxamrsamobcgxcceimbclraronrgxamrsmcxsogxcceimxlbmoobnogxamrsmcxsogxcceimesoasbanxgxamrsboxccgxcceimxesoxcbnxgxamrsboxccgxcceialrexeoonxgxamrsbsbsagxcceialrexexbnxgxamrsbsbsagxcceimblrcssonxgxamrsbmosegxcceimblrcsscnxgxamrsbmosegxcceimxlbmxbbnxgxamrsbbexbgxcceimbbcemobnogxamrsbbexlgxcceimaoobbebnxgxamrsbbexlgxcce; expires=Sat, 04 Feb 2023 02:45:33 GMT; path=/; domain=.realsrv.com; Secure; SameSite=none
c-tag=%7B%22tag-banner%22%3A%22v3%7C%7CNOR%7C4891816%7C71987242%7C100644%7C%7C508%7C41%7C3%7C40%7C0%7C0%7C0%7C25344%7C0%7C0%7C0%7C1%7C0%7C0%7C0%7C0%7C1%7C0%7C0%7C1%7C%7C1cffa26cab9227e1600343a9ffbf0de2%7C0%7Cxfantazy.com%7C%7C%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7Cok%22%7D; expires=Sat, 04 Feb 2023 02:45:33 GMT; path=/; domain=.realsrv.com; Secure; SameSite=none
X-Robots-Tag: noindex, follow
Content-Encoding: gzip
syndication.realsrv.com/splash.php?native-settings=1&idzone=4891818&cookieconsent=true&&p=https%3A%2F%2Fxfantazy.com%2F&max=1&loaded=0
95.211.229.245200 OK 1.9 kB URL HTTP/1.1 syndication.realsrv.com/splash.php?native-settings=1&idzone=4891818&cookieconsent=true&&p=https%3A%2F%2Fxfantazy.com%2F&max=1&loaded=0
IP 95.211.229.245:0
ASN #60781 LeaseWeb Netherlands B.V.
File type JSON data\012- , ASCII text, with very long lines (3492), with no line terminators
Hash 7552a3648555b9e80667368e8ba8041d
c72921428cf7112b1631bf751ab6fa920448e3b2
61317db423d82950c7512b4ae0b3ac170474554e5eb7b5903271151f603e9ea8
GET /splash.php?native-settings=1&idzone=4891818&cookieconsent=true&&p=https%3A%2F%2Fxfantazy.com%2F&max=1&loaded=0 HTTP/1.1
Host: syndication.realsrv.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://a.naturalhealthsource.club
Connection: keep-alive
Referer: https://a.naturalhealthsource.club/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 03 Feb 2023 02:45:33 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Origin: https://a.naturalhealthsource.club
Access-Control-Allow-Credentials: true
Set-Cookie: __uvt=a%3A1%3A%7Bi%3A0%3Bs%3A33%3A%2263dc754d68d029.352003591164609022%22%3B%7D; expires=Sun, 02 Feb 2025 02:45:33 GMT; path=; domain=.realsrv.com; Secure; SameSite=none
impressions=oslmrxbrnxgxamrscrmeogeicxbmsbcenxgxamrseoscsgeimmccrbebnxgxamcbexxbmgeioslmrxbmnxgxamreseallgeicxbmsbocnxgxamrolmocogeimmccrlaonxgxamccxobsegeimmccrlacnxgxamcmlarclgeicxbmsboenxgxamrscrmeogeioslmrxlrnxgxamslescrogeimmccrbxenxgxamrescroogeislsaroornxgxamccolacbgeioslmroemnxgxamrsxxxmrgeioslmrxlsnxgxamroamsoegeicmmsxrbonxgxamsoeamlmgeimmccrlaenxgxamrsxxxmrgeimmccrbeanxgxamcssabxegeicaocmrmanxgxamolcrcergeimcclsxronxgxamsscrmclgeimcclsxmenxgxamrescroogeialbserebnxgxamccrrssogeimcclsxaonxgxamsxsxllxgeicxbmsbxcnxgxamrsarxclgeimrblxebenxgxamselmborgeimcclsxconxgxamsbremaegeirbabxabbnxgxamrescroogeimcclsxacnxgxamsscrmclgeicmmsxaeenxgxamcmrmsrmgeialbsereanxgxamsoeabscgeicaxsscmbnxgxamsosomemgeimcclosconxgxamcxbemmxgeimcclsoeonxgxamrolmocogeimcclsxlcnxgxamreaccbbgeimcclossbnxgxamcscxaesgeimcclsxscnxgxamsmoooeegeimcclsxlenxgxamcbrorxbgeimaecseaenxgxamsmoooeegeimaecsxcbnxgxamsmoooeegeimcclsxoanxgxamclrbcelgeimcclsxlbnxgxamcrbalrageimccloscanxgxamclrbcrogeiclsmrbsonxgxamsmmrbmbgeiclsmarsenxgxamsmmrbmbgeiccmmllebnxgxamclarlmmgeimcclsxsbnxgxamreollxsgeiclsmrbxonxgxamsbebceegeiclsmrbxcnxgxamsbebceegeiclsmarscnxgxamsbebceegeiccmmlmlcnxgxamsbebceegeiclsmarrenxgxamsbebceegeicaormbaonxgxamsbxxbsrgeicaormlrenxgxamcememscgeimcclsxlonxgxamcsmlmxcgeimrblelronxgxamsbremaegeimaecsxobnxgxamsbremaegeiclsmrbrcnxgxamsbroemmgeiclsmrraanxgxamclsslaegeiclsmrmxbnxgxamsbroemmgeimccloscenxgxamsbmrxregeimcclsxxonxgxamslescrogeimrblelxbnxgxamslescrogeimcclsoeenxgxamclrbcelgeimrblelmonxgxamcxcrasxgeimrbleloenxgxamcxcrasxgeiclsmrrmanxgxamcxabcxbgeiclsmrbeonxgxamcxabcxbgeiclsmrrcenxgxamcxabcxbgeiclsmrmxanxgxamcxabcxbgeiclsmrbxenxgxamcxabcxbgeiclsmaroonxgxamcxabcxbgeialbserxenxgxamcosraregeimcclsxsenxgxamrescroogeimcclsxlanxgxamcblrlbcgeiccmmlleanxgxamccrrssogeicaormlabnxgxamcrllsmageicaormlconxgxamcrllsmageiclsmarsonxgxamclsslaegeiclsmrmlbnxgxamclsslaegeiclsmrmocnxgxamclsslaegeiccmmllecnxgxamclsslaegeimcclsxcanxgxamclrbcelgeimrblelcenxgxamclrbcelgeimaecsxrcnxgxamclrbcelgeialbserxonxgxamclarlmmgeimcclosscnxgxamreaccbbgeimaecobronxgxamrescroogeimaecobeenxgxamrescroogeimcclosccnxgxamrescroogeimaecoboonxgxamrescroogeimrblxelenxgxamrescroogeimbroosxcnxgxamrselcmrgxcceimsmxmosenxgxamrsxeecrgxcceicxmecmcanxgxamrsxeecbgxcceimxlbmosonogxamrsxxxmrgxcceimrxccosonxgxamrsxamrrgxcceiallxlmscnxgxamrsxleelgxcceimeembecenxgxamrsomsecgxcceimxeemblcnxgxamrsomsergxcceimrbleaebnxgxamrsseeoagxcceimbeelllanxgxamrssoeomgxcceicloaxxabnxgxamrssoalagxcceimxlbmxlcnogxamrssomelgxcceimcssmlrenxgxamrsssoabgxcceimeembesonxgxamrsscsbagxcceimxlbmosancgxamrsrooalgxcceimcssmlronsgxamrsrooalgxcceimmraexsenxgxamrsrcaccgxcceimmraexxanxgxamrsrcaccgxcceimboslabcnxgxamrsarxclgxcceimxeoxsacnxgxamrsarxclgxcceimbbcemoanrgxamrsamobsgxcceimxlbmoconogxamrsamobcgxcceimbclraronrgxamrsmcxsogxcceimxlbmoobnogxamrsmcxsogxcceimesoasbanxgxamrsboxccgxcceimxesoxcbnxgxamrsboxccgxcceialrexeoonxgxamrsbsbsagxcceialrexexbnxgxamrsbsbsagxcceimblrcssonxgxamrsbmosegxcceimblrcsscnxgxamrsbmosegxcceimxlbmxbbnxgxamrsbbexbgxcceimbbcemobnogxamrsbbexlgxcceimaoobbebnxgxamrsbbexlgxcce; expires=Sat, 04 Feb 2023 02:45:33 GMT; path=/; domain=.realsrv.com; Secure; SameSite=none
c-tag=%7B%22tag-banner%22%3A%22v3%7C%7CNOR%7C4891818%7C71987242%7C100644%7C%7C508%7C41%7C3%7C40%7C0%7C0%7C0%7C25344%7C0%7C0%7C0%7C1%7C0%7C0%7C0%7C0%7C1%7C0%7C0%7C1%7C%7C1cffa26cab9227e1600343a9ffbf0de2%7C0%7Cxfantazy.com%7C%7C%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7Cok%22%7D; expires=Sat, 04 Feb 2023 02:45:33 GMT; path=/; domain=.realsrv.com; Secure; SameSite=none
X-Robots-Tag: noindex, follow
Content-Encoding: gzip
syndication.realsrv.com/splash.php?native-settings=1&idzone=4891814&cookieconsent=true&&p=https%3A%2F%2Fxfantazy.com%2F&max=1&loaded=0
95.211.229.245200 OK 1.8 kB URL HTTP/1.1 syndication.realsrv.com/splash.php?native-settings=1&idzone=4891814&cookieconsent=true&&p=https%3A%2F%2Fxfantazy.com%2F&max=1&loaded=0
IP 95.211.229.245:0
ASN #60781 LeaseWeb Netherlands B.V.
File type JSON data\012- , ASCII text, with very long lines (3442), with no line terminators
Hash 037c7f340e393b91f2fb37ee88dd6552
081774474f07c495a4584a6a2a4d1cfd57da5f87
25aa15532df9dc1026eaeb39530748161a245a9f4ea68cfdc13f6994b77ce7f1
GET /splash.php?native-settings=1&idzone=4891814&cookieconsent=true&&p=https%3A%2F%2Fxfantazy.com%2F&max=1&loaded=0 HTTP/1.1
Host: syndication.realsrv.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://a.naturalhealthsource.club
Connection: keep-alive
Referer: https://a.naturalhealthsource.club/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 03 Feb 2023 02:45:33 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Origin: https://a.naturalhealthsource.club
Access-Control-Allow-Credentials: true
Set-Cookie: __uvt=a%3A1%3A%7Bi%3A0%3Bs%3A33%3A%2263dc754d6b3534.867551032219796802%22%3B%7D; expires=Sun, 02 Feb 2025 02:45:33 GMT; path=; domain=.realsrv.com; Secure; SameSite=none
impressions=oslmrxbrnxgxamrscrmeogeicxbmsbcenxgxamrseoscsgeimmccrbebnxgxamcbexxbmgeioslmrxbmnxgxamreseallgeicxbmsbocnxgxamrolmocogeimmccrlaonxgxamccxobsegeimmccrlacnxgxamcmlarclgeicxbmsboenxgxamrscrmeogeioslmrxlrnxgxamslescrogeimmccrbxenxgxamrescroogeislsaroornxgxamccolacbgeioslmroemnxgxamrsxxxmrgeioslmrxlsnxgxamroamsoegeicmmsxrbonxgxamsoeamlmgeimmccrlaenxgxamrsxxxmrgeimmccrbeanxgxamcssabxegeicaocmrmanxgxamolcrcergeimcclsxronxgxamsscrmclgeimcclsxmenxgxamrescroogeialbserebnxgxamccrrssogeimcclsxaonxgxamsxsxllxgeicxbmsbxcnxgxamrsarxclgeimrblxebenxgxamselmborgeimcclsxconxgxamsbremaegeirbabxabbnxgxamrescroogeimcclsxacnxgxamsscrmclgeicmmsxaeenxgxamcmrmsrmgeialbsereanxgxamsoeabscgeicaxsscmbnxgxamsosomemgeimcclosconxgxamcxbemmxgeimcclsoeonxgxamrolmocogeimcclsxlcnxgxamreaccbbgeimcclossbnxgxamcscxaesgeimcclsxscnxgxamsmoooeegeimcclsxlenxgxamcbrorxbgeimaecseaenxgxamsmoooeegeimaecsxcbnxgxamsmoooeegeimcclsxoanxgxamclrbcelgeimcclsxlbnxgxamcrbalrageimccloscanxgxamclrbcrogeiclsmrbsonxgxamsmmrbmbgeiclsmarsenxgxamsmmrbmbgeiccmmllebnxgxamclarlmmgeimcclsxsbnxgxamreollxsgeiclsmrbxonxgxamsbebceegeiclsmrbxcnxgxamsbebceegeiclsmarscnxgxamsbebceegeiccmmlmlcnxgxamsbebceegeiclsmarrenxgxamsbebceegeicaormbaonxgxamsbxxbsrgeicaormlrenxgxamcememscgeimcclsxlonxgxamcsmlmxcgeimrblelronxgxamsbremaegeimaecsxobnxgxamsbremaegeiclsmrbrcnxgxamsbroemmgeiclsmrraanxgxamclsslaegeiclsmrmxbnxgxamsbroemmgeimccloscenxgxamsbmrxregeimcclsxxonxgxamslescrogeimrblelxbnxgxamslescrogeimcclsoeenxgxamclrbcelgeimrblelmonxgxamcxcrasxgeimrbleloenxgxamcxcrasxgeiclsmrrmanxgxamcxabcxbgeiclsmrbeonxgxamcxabcxbgeiclsmrrcenxgxamcxabcxbgeiclsmrmxanxgxamcxabcxbgeiclsmrbxenxgxamcxabcxbgeiclsmaroonxgxamcxabcxbgeialbserxenxgxamcosraregeimcclsxsenxgxamrescroogeimcclsxlanxgxamcblrlbcgeiccmmlleanxgxamccrrssogeicaormlabnxgxamcrllsmageicaormlconxgxamcrllsmageiclsmarsonxgxamclsslaegeiclsmrmlbnxgxamclsslaegeiclsmrmocnxgxamclsslaegeiccmmllecnxgxamclsslaegeimcclsxcanxgxamclrbcelgeimrblelcenxgxamclrbcelgeimaecsxrcnxgxamclrbcelgeialbserxonxgxamclarlmmgeimcclosscnxgxamreaccbbgeimaecobronxgxamrescroogeimaecobeenxgxamrescroogeimcclosccnxgxamrescroogeimaecoboonxgxamrescroogeimrblxelenxgxamrescroogeimbroosxcnxgxamrselcmrgxcceimsmxmosenxgxamrsxeecrgxcceicxmecmcanxgxamrsxeecbgxcceimxlbmosonogxamrsxxxmrgxcceimrxccosonxgxamrsxamrrgxcceiallxlmscnxgxamrsxleelgxcceimeembecenxgxamrsomsecgxcceimxeemblcnxgxamrsomsergxcceimrbleaebnxgxamrsseeoagxcceimbeelllanxgxamrssoeomgxcceicloaxxabnxgxamrssoalagxcceimxlbmxlcnogxamrssomelgxcceimcssmlrenxgxamrsssoabgxcceimeembesonxgxamrsscsbagxcceimxlbmosancgxamrsrooalgxcceimcssmlronsgxamrsrooalgxcceimmraexsenxgxamrsrcaccgxcceimmraexxanxgxamrsrcaccgxcceimboslabcnxgxamrsarxclgxcceimxeoxsacnxgxamrsarxclgxcceimbbcemoanrgxamrsamobsgxcceimxlbmoconxgxamrsamobcgxcceimbclraronrgxamrsmcxsogxcceimxlbmoobnogxamrsmcxsogxcceimesoasbanxgxamrsboxccgxcceimxesoxcbnxgxamrsboxccgxcceialrexeoonxgxamrsbsbsagxcceialrexexbnxgxamrsbsbsagxcceimblrcssonxgxamrsbmosegxcceimblrcsscnxgxamrsbmosegxcceimxlbmxbbnxgxamrsbbexbgxcceimbbcemobnogxamrsbbexlgxcceimaoobbebnxgxamrsbbexlgxcceimxlbmoscnxgxamrslosssgxcce; expires=Sat, 04 Feb 2023 02:45:33 GMT; path=/; domain=.realsrv.com; Secure; SameSite=none
c-tag=%7B%22tag-banner%22%3A%22v3%7C%7CNOR%7C4891814%7C71987234%7C100644%7C%7C508%7C41%7C3%7C40%7C0%7C0%7C0%7C25344%7C0%7C0%7C0%7C1%7C0%7C0%7C0%7C0%7C1%7C0%7C0%7C1%7C%7C1cffa26cab9227e1600343a9ffbf0de2%7C0%7Cxfantazy.com%7C%7C%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7Cok%22%7D; expires=Sat, 04 Feb 2023 02:45:33 GMT; path=/; domain=.realsrv.com; Secure; SameSite=none
X-Robots-Tag: noindex, follow
Content-Encoding: gzip
a.realsrv.com/iframe.php?idzone=4891806&size=300x250
185.76.9.17200 OK 3.7 kB URL HTTP/2 a.realsrv.com/iframe.php?idzone=4891806&size=300x250
IP 185.76.9.17:0
ASN #60068 Datacamp Limited
File type HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (6543)
Hash 583367d45f9c5fecfc5b65033bb7bf4c
02764cabf5546e376c3048fe8779aea4c5369aca
81fb1d969cbb8e0f741a05a8e1ae21c4dcbb0c0cb583fbc333cf4444334bd4c2
GET /iframe.php?idzone=4891806&size=300x250 HTTP/1.1
Host: a.realsrv.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://a.naturalhealthsource.club/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 03 Feb 2023 02:45:33 GMT
content-type: text/html; charset=UTF-8
expires: Fri, 03 Feb 2023 03:47:19 GMT
cache-control: max-age=10800
access-control-allow-origin: *
x-cache-op: HIT
x-accel-expires: @1675396364
server: CDN77-Turbo
x-77-nzt: AblMCQ0ImAb/cRoAAA
x-77-nzt-ray: c0a4cc28490e5a604d75dc636b9d760e
x-cache: HIT
x-age: 6769
x-77-pop: stockholmSE
x-77-cache: HIT
content-encoding: gzip
X-Firefox-Spdy: h2
syndication.realsrv.com/splash.php?native-settings=1&idzone=4891816&cookieconsent=true&&p=https%3A%2F%2Fxfantazy.com%2F&max=3&loaded=1
95.211.229.245200 OK 3.5 kB URL HTTP/1.1 syndication.realsrv.com/splash.php?native-settings=1&idzone=4891816&cookieconsent=true&&p=https%3A%2F%2Fxfantazy.com%2F&max=3&loaded=1
IP 95.211.229.245:0
ASN #60781 LeaseWeb Netherlands B.V.
File type JSON data\012- , ASCII text, with very long lines (6482), with no line terminators
Hash 9c725eabb8e6cd83b6f01e0dad39b4d9
48cd22719c74b141ab11903745b1dcc03f2a8eb9
8902735f97a51693c3f9c634857759291d7032008373e76fb53f89e58309d364
GET /splash.php?native-settings=1&idzone=4891816&cookieconsent=true&&p=https%3A%2F%2Fxfantazy.com%2F&max=3&loaded=1 HTTP/1.1
Host: syndication.realsrv.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://a.naturalhealthsource.club
Connection: keep-alive
Referer: https://a.naturalhealthsource.club/
Cookie: __uvt=a%3A1%3A%7Bi%3A0%3Bs%3A33%3A%2263dc754d646807.142538793593638346%22%3B%7D; impressions=oslmrxbrnxgxamrscrmeogeicxbmsbcenxgxamrseoscsgeimmccrbebnxgxamcbexxbmgeioslmrxbmnxgxamreseallgeicxbmsbocnxgxamrolmocogeimmccrlaonxgxamccxobsegeimmccrlacnxgxamcmlarclgeicxbmsboenxgxamrscrmeogeioslmrxlrnxgxamslescrogeimmccrbxenxgxamrescroogeislsaroornxgxamccolacbgeioslmroemnxgxamrsxxxmrgeioslmrxlsnxgxamroamsoegeicmmsxrbonxgxamsoeamlmgeimmccrlaenxgxamrsxxxmrgeimmccrbeanxgxamcssabxegeicaocmrmanxgxamolcrcergeimcclsxronxgxamsscrmclgeimcclsxmenxgxamrescroogeialbserebnxgxamccrrssogeimcclsxaonxgxamsxsxllxgeicxbmsbxcnxgxamrsarxclgeimrblxebenxgxamselmborgeimcclsxconxgxamsbremaegeirbabxabbnxgxamrescroogeimcclsxacnxgxamsscrmclgeicmmsxaeenxgxamcmrmsrmgeialbsereanxgxamsoeabscgeicaxsscmbnxgxamsosomemgeimcclosconxgxamcxbemmxgeimcclsoeonxgxamrolmocogeimcclsxlcnxgxamreaccbbgeimcclossbnxgxamcscxaesgeimcclsxscnxgxamsmoooeegeimcclsxlenxgxamcbrorxbgeimaecseaenxgxamsmoooeegeimaecsxcbnxgxamsmoooeegeimcclsxoanxgxamclrbcelgeimcclsxlbnxgxamcrbalrageimccloscanxgxamclrbcrogeiclsmrbsonxgxamsmmrbmbgeiclsmarsenxgxamsmmrbmbgeiccmmllebnxgxamclarlmmgeimcclsxsbnxgxamreollxsgeiclsmrbxonxgxamsbebceegeiclsmrbxcnxgxamsbebceegeiclsmarscnxgxamsbebceegeiccmmlmlcnxgxamsbebceegeiclsmarrenxgxamsbebceegeicaormbaonxgxamsbxxbsrgeicaormlrenxgxamcememscgeimcclsxlonxgxamcsmlmxcgeimrblelronxgxamsbremaegeimaecsxobnxgxamsbremaegeiclsmrbrcnxgxamsbroemmgeiclsmrraanxgxamclsslaegeiclsmrmxbnxgxamsbroemmgeimccloscenxgxamsbmrxregeimcclsxxonxgxamslescrogeimrblelxbnxgxamslescrogeimcclsoeenxgxamclrbcelgeimrblelmonxgxamcxcrasxgeimrbleloenxgxamcxcrasxgeiclsmrrmanxgxamcxabcxbgeiclsmrbeonxgxamcxabcxbgeiclsmrrcenxgxamcxabcxbgeiclsmrmxanxgxamcxabcxbgeiclsmrbxenxgxamcxabcxbgeiclsmaroonxgxamcxabcxbgeialbserxenxgxamcosraregeimcclsxsenxgxamrescroogeimcclsxlanxgxamcblrlbcgeiccmmlleanxgxamccrrssogeicaormlabnxgxamcrllsmageicaormlconxgxamcrllsmageiclsmarsonxgxamclsslaegeiclsmrmlbnxgxamclsslaegeiclsmrmocnxgxamclsslaegeiccmmllecnxgxamclsslaegeimcclsxcanxgxamclrbcelgeimrblelcenxgxamclrbcelgeimaecsxrcnxgxamclrbcelgeialbserxonxgxamclarlmmgeimcclosscnxgxamreaccbbgeimaecobronxgxamrescroogeimaecobeenxgxamrescroogeimcclosccnxgxamrescroogeimaecoboonxgxamrescroogeimrblxelenxgxamrescroogeimbroosxcnxgxamrselcmrgxcceimsmxmosenxgxamrsxeecrgxcceicxmecmcanxgxamrsxeecbgxcceimxlbmosonogxamrsxxxmrgxcceimrxccosonxgxamrsxamrrgxcceiallxlmscnxgxamrsxleelgxcceimeembecenxgxamrsomsecgxcceimxeemblcnxgxamrsomsergxcceimrbleaebnxgxamrsseeoagxcceimbeelllanxgxamrssoeomgxcceicloaxxabnxgxamrssoalagxcceimxlbmxlcnogxamrssomelgxcceimcssmlrenxgxamrsssoabgxcceimeembesonxgxamrsscsbagxcceimxlbmosancgxamrsrooalgxcceimcssmlronsgxamrsrooalgxcceimmraexsenxgxamrsrcaccgxcceimmraexxanxgxamrsrcaccgxcceimboslabcnxgxamrsarxclgxcceimxeoxsacnxgxamrsarxclgxcceimbbcemoanrgxamrsamobsgxcceimxlbmoconogxamrsamobcgxcceimbclraronrgxamrsmcxsogxcceimxlbmoobnogxamrsmcxsogxcceimesoasbanxgxamrsboxccgxcceimxesoxcbnxgxamrsboxccgxcceialrexeoonxgxamrsbsbsagxcceialrexexbnxgxamrsbsbsagxcceimblrcssonxgxamrsbmosegxcceimblrcsscnxgxamrsbmosegxcceimxlbmxbbnxgxamrsbbexbgxcceimbbcemobnogxamrsbbexlgxcceimaoobbebnxgxamrsbbexlgxcce; c-tag=%7B%22tag-banner%22%3A%22v3%7C%7CNOR%7C4891816%7C71987242%7C100644%7C%7C508%7C41%7C3%7C40%7C0%7C0%7C0%7C25344%7C0%7C0%7C0%7C1%7C0%7C0%7C0%7C0%7C1%7C0%7C0%7C1%7C%7C1cffa26cab9227e1600343a9ffbf0de2%7C0%7Cxfantazy.com%7C%7C%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7Cok%22%7D
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 03 Feb 2023 02:45:33 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Origin: https://a.naturalhealthsource.club
Access-Control-Allow-Credentials: true
Set-Cookie: __uvt=a%3A1%3A%7Bi%3A0%3Bs%3A33%3A%2263dc754d646807.142538793593638346%22%3B%7D; expires=Sun, 02 Feb 2025 02:45:33 GMT; path=; domain=.realsrv.com; Secure; SameSite=none
impressions=oslmrxbrnxgxamrscrmeogeicxbmsbcenxgxamrseoscsgeimmccrbebnxgxamcbexxbmgeioslmrxbmnxgxamreseallgeicxbmsbocnxgxamrolmocogeimmccrlaonxgxamccxobsegeimmccrlacnxgxamcmlarclgeicxbmsboenxgxamrslosssgeioslmrxlrnxgxamslescrogeimmccrbxenxgxamrescroogeislsaroornxgxamccolacbgeioslmroemnxgxamrsxxxmrgeioslmrxlsnxgxamroamsoegeicmmsxrbonxgxamsoeamlmgeimmccrlaenxgxamrsxxxmrgeimmccrbeanxgxamcssabxegeicaocmrmanxgxamolcrcergeimcclsxronxgxamsscrmclgeimcclsxmenxgxamrescroogeialbserebnxgxamccrrssogeimcclsxaonxgxamsxsxllxgeicxbmsbxcnxgxamrsarxclgeimrblxebenxgxamselmborgeimcclsxconxgxamsbremaegeirbabxabbnxgxamrescroogeimcclsxacnxgxamsscrmclgeicmmsxaeenxgxamcmrmsrmgeialbsereanxgxamsoeabscgeicaxsscmbnxgxamsosomemgeimcclosconxgxamcxbemmxgeimcclsoeonxgxamrolmocogeimcclsxlcnxgxamreaccbbgeimcclossbnxgxamcscxaesgeimcclsxscnxgxamsmoooeegeimcclsxlenxgxamcbrorxbgeimaecseaenxgxamsmoooeegeimaecsxcbnxgxamsmoooeegeimcclsxoanxgxamclrbcelgeimcclsxlbnxgxamcrbalrageimccloscanxgxamclrbcrogeiclsmrbsonxgxamsmmrbmbgeiclsmarsenxgxamsmmrbmbgeiccmmllebnxgxamclarlmmgeimcclsxsbnxgxamreollxsgeiclsmrbxonxgxamsbebceegeiclsmrbxcnxgxamsbebceegeiclsmarscnxgxamsbebceegeiccmmlmlcnxgxamsbebceegeiclsmarrenxgxamsbebceegeicaormbaonxgxamsbxxbsrgeicaormlrenxgxamcememscgeimcclsxlonxgxamcsmlmxcgeimrblelronxgxamsbremaegeimaecsxobnxgxamsbremaegeiclsmrbrcnxgxamsbroemmgeiclsmrraanxgxamclsslaegeiclsmrmxbnxgxamsbroemmgeimccloscenxgxamsbmrxregeimcclsxxonxgxamslescrogeimrblelxbnxgxamslescrogeimcclsoeenxgxamclrbcelgeimrblelmonxgxamcxcrasxgeimrbleloenxgxamcxcrasxgeiclsmrrmanxgxamcxabcxbgeiclsmrbeonxgxamcxabcxbgeiclsmrrcenxgxamcxabcxbgeiclsmrmxanxgxamcxabcxbgeiclsmrbxenxgxamcxabcxbgeiclsmaroonxgxamcxabcxbgeialbserxenxgxamcosraregeimcclsxsenxgxamrescroogeimcclsxlanxgxamcblrlbcgeiccmmlleanxgxamccrrssogeicaormlabnxgxamcrllsmageicaormlconxgxamcrllsmageiclsmarsonxgxamclsslaegeiclsmrmlbnxgxamclsslaegeiclsmrmocnxgxamclsslaegeiccmmllecnxgxamclsslaegeimcclsxcanxgxamclrbcelgeimrblelcenxgxamclrbcelgeimaecsxrcnxgxamclrbcelgeialbserxonxgxamclarlmmgeimcclosscnxgxamreaccbbgeimaecobronxgxamrescroogeimaecobeenxgxamrescroogeimcclosccnxgxamrescroogeimaecoboonxgxamrescroogeimrblxelenxgxamrescroogeimbroosxcnxgxamrselcmrgxcceimsmxmosenxgxamrsxeecrgxcceicxmecmcanxgxamrsxeecbgxcceimxlbmosonogxamrsxxxmrgxcceimrxccosonxgxamrsxamrrgxcceiallxlmscnxgxamrsxleelgxcceimeembecenxgxamrsomsecgxcceimxeemblcnxgxamrsomsergxcceimrbleaebnxgxamrsseeoagxcceimbeelllanxgxamrssoeomgxcceicloaxxabnxgxamrssoalagxcceimxlbmxlcnogxamrssomelgxcceimcssmlrenxgxamrsssoabgxcceimeembesonxgxamrsscsbagxcceimxlbmosancgxamrsrooalgxcceimcssmlronsgxamrsrooalgxcceimmraexsenxgxamrsrcaccgxcceimmraexxanxgxamrsrcaccgxcceimboslabcnxgxamrsarxclgxcceimxeoxsacnxgxamrsarxclgxcceimbbcemoanrgxamrsamobsgxcceimxlbmoconogxamrsamobcgxcceimbclraronrgxamrsmcxsogxcceimxlbmoobnogxamrsmcxsogxcceimesoasbanxgxamrsboxccgxcceimxesoxcbnxgxamrsboxccgxcceialrexeoonxgxamrsbsbsagxcceialrexexbnxgxamrsbsbsagxcceimblrcssonxgxamrsbmosegxcceimblrcsscnxgxamrsbmosegxcceimxlbmxbbnxgxamrsbbexbgxcceimbbcemobnogxamrsbbexlgxcceimaoobbebnxgxamrsbbexlgxcceimsacexoonxgxamrslosssgxcceimxlbmoscnxgxamrslosssgxcceimcssmlrcnxgxamrslosssgxcce; expires=Sat, 04 Feb 2023 02:45:33 GMT; path=/; domain=.realsrv.com; Secure; SameSite=none
c-tag=%7B%22tag-banner%22%3A%22v3%7C%7CNOR%7C4891816%7C71987234%7C100644%7C%7C508%7C41%7C3%7C40%7C0%7C0%7C0%7C25344%7C0%7C0%7C0%7C1%7C0%7C0%7C0%7C0%7C1%7C0%7C0%7C1%7C63dc754d646807.142538793593638346%7C1cffa26cab9227e1600343a9ffbf0de2%7C0%7Cxfantazy.com%7C%7C%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7Cok%22%7D; expires=Sat, 04 Feb 2023 02:45:33 GMT; path=/; domain=.realsrv.com; Secure; SameSite=none
c-tag=%7B%22tag-banner%22%3A%22v3%7C%7CNOR%7C4891816%7C41873820%7C0%7C%7C508%7C41%7C3%7C40%7C0%7C0%7C0%7C25344%7C0%7C0%7C0%7C1%7C0%7C0%7C0%7C0%7C1%7C0%7C0%7C1%7C63dc754d646807.142538793593638346%7C1cffa26cab9227e1600343a9ffbf0de2%7C0%7Cxfantazy.com%7C%7C%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7Cok%22%7D; expires=Sat, 04 Feb 2023 02:45:33 GMT; path=/; domain=.realsrv.com; Secure; SameSite=none
c-tag=%7B%22tag-banner%22%3A%22v3%7C%7CNOR%7C4891816%7C74337954%7C0%7C%7C508%7C41%7C3%7C40%7C0%7C0%7C0%7C25344%7C0%7C0%7C0%7C1%7C0%7C0%7C0%7C0%7C1%7C0%7C0%7C1%7C63dc754d646807.142538793593638346%7C1cffa26cab9227e1600343a9ffbf0de2%7C0%7Cxfantazy.com%7C%7C%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7Cok%22%7D; expires=Sat, 04 Feb 2023 02:45:33 GMT; path=/; domain=.realsrv.com; Secure; SameSite=none
X-Robots-Tag: noindex, follow
Content-Encoding: gzip
a.naturalhealthsource.club/api/spots/420556?p=1&s1=%subid1%&kw=
135.181.208.216200 OK 6.9 kB URL HTTP/2 a.naturalhealthsource.club/api/spots/420556?p=1&s1=%subid1%&kw=
IP 135.181.208.216:0
ASN #24940 Hetzner Online GmbH
Hash 0de3de0827228ddbe989bbbfecab62ab
661f882850161ad2148d0c41998b1a772b6914fe
9bc7b59b1f47fbcfa196e6729a8dc60e6f23b874e40022f61d5d056a328dd93d
GET /api/spots/420556?p=1&s1=%subid1%&kw= HTTP/1.1
Host: a.naturalhealthsource.club
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Cookie: nauid=HDHhphy4mauHrJvwMPiI
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 03 Feb 2023 02:45:33 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
cache-control: private
content-encoding: gzip
X-Firefox-Spdy: h2
20915.polarbearyulia.com/v2/a/ban/image?d=BQ5qQHPe8ZUmrjkpVBYR5dfYEhCRJPFAwtB8Cc6s86BthKQiGmDA977aJlW1ewhPoKhf_RnlsL1JykNHq7Pz-kBoJCbmjmhqHI9ah1Ycy3Yn1a9hS2ta9i-31MMLsg_zbwrBjJ9bEnpF-rSAW-uk7_hKH_BmfpevvZPLFU83vebx3bw14ttNO9rqT3AN9ueroy7kmeKLiVzYW0Xd52jj4xPMohYTgWiXRKvB-F6IXUTddag9CQG0lQeBYwy92mt1lz1up-bdrgwhTLmlP1IJxk0KiAFAa1AqSk24aUZ4FQm2IQyFiW6WTVsltD7_QuPL8Jk9KC7i-z04Ausko8fXL_JM3i15o0dJYQGlsvM3_PnpR9ASkr1n4tLvX0eXwpwI7engE5lSguNdZUNO8Ud2Bm4Uiubjix2Xph3qaiYwrXl6busjFVykgGuQq1ON1CSRDQv-nrcyCLKp_e8zMgSHCcpriXJ5irXi5EPfqz1SsFWVhsdGaByy1ZDEAbVwIVb3lkXMCiycIPjlTm13zcQaomTTGOd-V-YPN1XXO2-FwAXw1RnGA6bU9T5hLPquISeh73OVYuoQhYFGdA_S2pS_gREppydNG_Yxt9NCsNVH82CAsqOBfuzf3xEjz0kNkOiwyFO0phdeSNHCIltTz9sSLTvmYEG7sStjJ3BxIgn0-W23Qme7NDbptdoGSq4QrCPvqkDbfuhQwegtR2XBYSv0WjVcB63qjoQ28K2j8TTQ4jkeqsQoYX6zox9jUCawt5vNOUqRhTi3lV2Q_NaJJnRe9i-7xBhGRxXEu5_MVKl7zYvcjLyGcDb9Dfn70-PcfSJN_2FTudzm9Jxl7TuMr9eNGhy-D9KvUU2yprcF67cWh9zLhrPzmZdk1O9W3ec0WrZwQ4UXt5DmsFwu3-EmAEXaKRbLCChlo9VXxBG05J1NuyG1L4_g0hxlUwK5fBKvRNmz_efJigvMY8OkUfImRThOIdpSD_2GVUyY_0SeWVi53NMFmyLkQQPTNFIf3de8nqBInIKkC7sEUbWGNpT_0ryAOjOdzhXh7jdQPDQmXHvA1mgNJruPFEsU6P3Thn4DC7BcCUHNqc_IUo7evzC-AH36JueXSvbfNhVe3A7rkaWZdTwvFQRQZlGnbab6VHlslbD5Ux4ez77zfLqvH67ePUPS1qR-4Exoqfv6ik88GybfrPoaFgRMmUDkFSJoHYA_29kJEg
88.208.59.103307 Temporary Redirect 0 B URL HTTP/2 20915.polarbearyulia.com/v2/a/ban/image?d=BQ5qQHPe8ZUmrjkpVBYR5dfYEhCRJPFAwtB8Cc6s86BthKQiGmDA977aJlW1ewhPoKhf_RnlsL1JykNHq7Pz-kBoJCbmjmhqHI9ah1Ycy3Yn1a9hS2ta9i-31MMLsg_zbwrBjJ9bEnpF-rSAW-uk7_hKH_BmfpevvZPLFU83vebx3bw14ttNO9rqT3AN9ueroy7kmeKLiVzYW0Xd52jj4xPMohYTgWiXRKvB-F6IXUTddag9CQG0lQeBYwy92mt1lz1up-bdrgwhTLmlP1IJxk0KiAFAa1AqSk24aUZ4FQm2IQyFiW6WTVsltD7_QuPL8Jk9KC7i-z04Ausko8fXL_JM3i15o0dJYQGlsvM3_PnpR9ASkr1n4tLvX0eXwpwI7engE5lSguNdZUNO8Ud2Bm4Uiubjix2Xph3qaiYwrXl6busjFVykgGuQq1ON1CSRDQv-nrcyCLKp_e8zMgSHCcpriXJ5irXi5EPfqz1SsFWVhsdGaByy1ZDEAbVwIVb3lkXMCiycIPjlTm13zcQaomTTGOd-V-YPN1XXO2-FwAXw1RnGA6bU9T5hLPquISeh73OVYuoQhYFGdA_S2pS_gREppydNG_Yxt9NCsNVH82CAsqOBfuzf3xEjz0kNkOiwyFO0phdeSNHCIltTz9sSLTvmYEG7sStjJ3BxIgn0-W23Qme7NDbptdoGSq4QrCPvqkDbfuhQwegtR2XBYSv0WjVcB63qjoQ28K2j8TTQ4jkeqsQoYX6zox9jUCawt5vNOUqRhTi3lV2Q_NaJJnRe9i-7xBhGRxXEu5_MVKl7zYvcjLyGcDb9Dfn70-PcfSJN_2FTudzm9Jxl7TuMr9eNGhy-D9KvUU2yprcF67cWh9zLhrPzmZdk1O9W3ec0WrZwQ4UXt5DmsFwu3-EmAEXaKRbLCChlo9VXxBG05J1NuyG1L4_g0hxlUwK5fBKvRNmz_efJigvMY8OkUfImRThOIdpSD_2GVUyY_0SeWVi53NMFmyLkQQPTNFIf3de8nqBInIKkC7sEUbWGNpT_0ryAOjOdzhXh7jdQPDQmXHvA1mgNJruPFEsU6P3Thn4DC7BcCUHNqc_IUo7evzC-AH36JueXSvbfNhVe3A7rkaWZdTwvFQRQZlGnbab6VHlslbD5Ux4ez77zfLqvH67ePUPS1qR-4Exoqfv6ik88GybfrPoaFgRMmUDkFSJoHYA_29kJEg
IP 88.208.59.103:0
ASN #39572 DataWeb Global Group B.V.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /v2/a/ban/image?d=BQ5qQHPe8ZUmrjkpVBYR5dfYEhCRJPFAwtB8Cc6s86BthKQiGmDA977aJlW1ewhPoKhf_RnlsL1JykNHq7Pz-kBoJCbmjmhqHI9ah1Ycy3Yn1a9hS2ta9i-31MMLsg_zbwrBjJ9bEnpF-rSAW-uk7_hKH_BmfpevvZPLFU83vebx3bw14ttNO9rqT3AN9ueroy7kmeKLiVzYW0Xd52jj4xPMohYTgWiXRKvB-F6IXUTddag9CQG0lQeBYwy92mt1lz1up-bdrgwhTLmlP1IJxk0KiAFAa1AqSk24aUZ4FQm2IQyFiW6WTVsltD7_QuPL8Jk9KC7i-z04Ausko8fXL_JM3i15o0dJYQGlsvM3_PnpR9ASkr1n4tLvX0eXwpwI7engE5lSguNdZUNO8Ud2Bm4Uiubjix2Xph3qaiYwrXl6busjFVykgGuQq1ON1CSRDQv-nrcyCLKp_e8zMgSHCcpriXJ5irXi5EPfqz1SsFWVhsdGaByy1ZDEAbVwIVb3lkXMCiycIPjlTm13zcQaomTTGOd-V-YPN1XXO2-FwAXw1RnGA6bU9T5hLPquISeh73OVYuoQhYFGdA_S2pS_gREppydNG_Yxt9NCsNVH82CAsqOBfuzf3xEjz0kNkOiwyFO0phdeSNHCIltTz9sSLTvmYEG7sStjJ3BxIgn0-W23Qme7NDbptdoGSq4QrCPvqkDbfuhQwegtR2XBYSv0WjVcB63qjoQ28K2j8TTQ4jkeqsQoYX6zox9jUCawt5vNOUqRhTi3lV2Q_NaJJnRe9i-7xBhGRxXEu5_MVKl7zYvcjLyGcDb9Dfn70-PcfSJN_2FTudzm9Jxl7TuMr9eNGhy-D9KvUU2yprcF67cWh9zLhrPzmZdk1O9W3ec0WrZwQ4UXt5DmsFwu3-EmAEXaKRbLCChlo9VXxBG05J1NuyG1L4_g0hxlUwK5fBKvRNmz_efJigvMY8OkUfImRThOIdpSD_2GVUyY_0SeWVi53NMFmyLkQQPTNFIf3de8nqBInIKkC7sEUbWGNpT_0ryAOjOdzhXh7jdQPDQmXHvA1mgNJruPFEsU6P3Thn4DC7BcCUHNqc_IUo7evzC-AH36JueXSvbfNhVe3A7rkaWZdTwvFQRQZlGnbab6VHlslbD5Ux4ez77zfLqvH67ePUPS1qR-4Exoqfv6ik88GybfrPoaFgRMmUDkFSJoHYA_29kJEg HTTP/1.1
Host: 20915.polarbearyulia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://20915.polarbearyulia.com/v2/a/ban/iframe/210450
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 307 Temporary Redirect
server: nginx
date: Fri, 03 Feb 2023 02:45:33 GMT
content-type: text/plain; charset=UTF-8
content-length: 0
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-max-age: 86400
referrer-policy: unsafe-url
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Device-Memory
accept-ch-lifetime: 31536000
location: https://bcdn.clickaine.com/22784/c6639570-9918-11eb-9dc3-916fe9770f93.gif
p3p: CP="NOI DEVa TAIa OUR BUS UNI STA"
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
pragma: no-cache
last-modified: Fri, 03 Feb 2023 02:45:33 UTC
expires: Fri, 03 Feb 2023 02:45:33 UTC
X-Firefox-Spdy: h2
static.adxadserv.com/css/wm.css
185.76.9.21200 OK 2.9 kB URL HTTP/2 static.adxadserv.com/css/wm.css
IP 185.76.9.21:0
ASN #60068 Datacamp Limited
File type ASCII text, with very long lines (3794), with CRLF line terminators
Hash 266c655793feca85e12e3b6d0af24efa
5c55c2c0c499e0fe7f71b12fe04adecb9e9f13ab
92924b3dde74c272a456a393536939fab9790531d6d0e0fe8c2a70433c7055f1
GET /css/wm.css HTTP/1.1
Host: static.adxadserv.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ads.adxadserv.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
HTTP/2 200 OK
date: Fri, 03 Feb 2023 02:45:33 GMT
content-type: text/css
last-modified: Mon, 03 Aug 2020 09:41:06 GMT
etag: W/"5f27dbb2-711"
x-accel-expires: @1676019710
server: CDN77-Turbo
x-77-nzt: AblMCRSNm8//Tz8GAA
x-77-nzt-ray: af58563008b24e9e4d75dc630a212123
x-cache: HIT
x-age: 409423
x-77-pop: stockholmSE
x-77-cache: HIT
content-encoding: gzip
X-Firefox-Spdy: h2
a.naturalhealthsource.club/api/spots/303892?p=1&s1=%subid1%&kw=
135.181.208.216200 OK 147 kB URL HTTP/2 a.naturalhealthsource.club/api/spots/303892?p=1&s1=%subid1%&kw=
IP 135.181.208.216:0
ASN #24940 Hetzner Online GmbH
Size 147 kB (146984 bytes)
Hash 016377c1dfefc778e335daec6bf3caf8
c23a74adfb6654f5b40a1ba5b4bc3193016d3386
b0cb565c140565afc49211a79bce109fcf4adffc5eb1cde5fd12578022d5d246
GET /api/spots/303892?p=1&s1=%subid1%&kw= HTTP/1.1
Host: a.naturalhealthsource.club
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Cookie: nauid=HDHhphy4mauHrJvwMPiI
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 03 Feb 2023 02:45:33 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
cache-control: private
content-encoding: gzip
X-Firefox-Spdy: h2
syndication.realsrv.com/v1/api.php
95.211.229.245200 OK 2.9 kB URL HTTP/1.1 syndication.realsrv.com/v1/api.php
IP 95.211.229.245:0
ASN #60781 LeaseWeb Netherlands B.V.
File type JSON data\012- , ASCII text, with very long lines (5880), with no line terminators
Hash 47ba2fa7249311a84bce3a8621b6a590
dc9254f351584632cd143e210146cc87140b4196
0e89afa9aa0928d990d9538b3492871a61215de763552df32199cdf55af782ff
POST /v1/api.php HTTP/1.1
Host: syndication.realsrv.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 312
Origin: https://a.realsrv.com
Connection: keep-alive
Referer: https://a.realsrv.com/
Cookie: __uvt=a%3A1%3A%7Bi%3A0%3Bs%3A33%3A%2263dc754d68d029.352003591164609022%22%3B%7D; impressions=oslmrxbrnxgxamrscrmeogeicxbmsbcenxgxamrslosssgeimmccrbebnxgxamcbexxbmgeioslmrxbmnxgxamreseallgeicxbmsbocnxgxamrolmocogeimmccrlaonxgxamccxobsegeimmccrlacnxgxamcmlarclgeicxbmsboenxgxamrscrmeogeioslmrxlrnxgxamslescrogeimmccrbxenxgxamrescroogeislsaroornxgxamccolacbgeioslmroemnxgxamrsxxxmrgeioslmrxlsnxgxamroamsoegeicmmsxrbonxgxamsoeamlmgeimmccrlaenxgxamrsxxxmrgeimmccrbeanxgxamcssabxegeicaocmrmanxgxamolcrcergeimcclsxronxgxamsscrmclgeimcclsxmenxgxamrescroogeialbserebnxgxamccrrssogeimcclsxaonxgxamsxsxllxgeicxbmsbxcnxgxamrsarxclgeimrblxebenxgxamselmborgeimcclsxconxgxamsbremaegeirbabxabbnxgxamrescroogeimcclsxacnxgxamsscrmclgeicmmsxaeenxgxamcmrmsrmgeialbsereanxgxamsoeabscgeicaxsscmbnxgxamsosomemgeimcclosconxgxamcxbemmxgeimcclsoeonxgxamrolmocogeimcclsxlcnxgxamreaccbbgeimcclossbnxgxamcscxaesgeimcclsxscnxgxamsmoooeegeimcclsxlenxgxamcbrorxbgeimaecseaenxgxamsmoooeegeimaecsxcbnxgxamsmoooeegeimcclsxoanxgxamclrbcelgeimcclsxlbnxgxamcrbalrageimccloscanxgxamclrbcrogeiclsmrbsonxgxamsmmrbmbgeiclsmarsenxgxamsmmrbmbgeiccmmllebnxgxamclarlmmgeimcclsxsbnxgxamreollxsgeiclsmrbxonxgxamsbebceegeiclsmrbxcnxgxamsbebceegeiclsmarscnxgxamsbebceegeiccmmlmlcnxgxamsbebceegeiclsmarrenxgxamsbebceegeicaormbaonxgxamsbxxbsrgeicaormlrenxgxamcememscgeimcclsxlonxgxamcsmlmxcgeimrblelronxgxamsbremaegeimaecsxobnxgxamsbremaegeiclsmrbrcnxgxamsbroemmgeiclsmrraanxgxamclsslaegeiclsmrmxbnxgxamsbroemmgeimccloscenxgxamsbmrxregeimcclsxxonxgxamslescrogeimrblelxbnxgxamslescrogeimcclsoeenxgxamclrbcelgeimrblelmonxgxamcxcrasxgeimrbleloenxgxamcxcrasxgeiclsmrrmanxgxamcxabcxbgeiclsmrbeonxgxamcxabcxbgeiclsmrrcenxgxamcxabcxbgeiclsmrmxanxgxamcxabcxbgeiclsmrbxenxgxamcxabcxbgeiclsmaroonxgxamcxabcxbgeialbserxenxgxamcosraregeimcclsxsenxgxamrescroogeimcclsxlanxgxamcblrlbcgeiccmmlleanxgxamccrrssogeicaormlabnxgxamcrllsmageicaormlconxgxamcrllsmageiclsmarsonxgxamclsslaegeiclsmrmlbnxgxamclsslaegeiclsmrmocnxgxamclsslaegeiccmmllecnxgxamclsslaegeimcclsxcanxgxamclrbcelgeimrblelcenxgxamclrbcelgeimaecsxrcnxgxamclrbcelgeialbserxonxgxamclarlmmgeimcclosscnxgxamreaccbbgeimaecobronxgxamrescroogeimaecobeenxgxamrescroogeimcclosccnxgxamrescroogeimaecoboonxgxamrescroogeimrblxelenxgxamrescroogeimbroosxcnxgxamrselcmrgxcceimsmxmosenxgxamrsxeecrgxcceicxmecmcanxgxamrsxeecbgxcceimxlbmosonogxamrsxxxmrgxcceimrxccosonxgxamrsxamrrgxcceiallxlmscnxgxamrsxleelgxcceimeembecenxgxamrsomsecgxcceimxeemblcnxgxamrsomsergxcceimrbleaebnxgxamrsseeoagxcceimbeelllanxgxamrssoeomgxcceicloaxxabnxgxamrssoalagxcceimxlbmxlcnogxamrssomelgxcceimcssmlrenxgxamrsssoabgxcceimeembesonxgxamrsscsbagxcceimxlbmosancgxamrsrooalgxcceimcssmlronsgxamrsrooalgxcceimmraexsenxgxamrsrcaccgxcceimmraexxanxgxamrsrcaccgxcceimboslabcnxgxamrsarxclgxcceimxeoxsacnxgxamrsarxclgxcceimbbcemoanrgxamrsamobsgxcceimxlbmoconogxamrsamobcgxcceimbclraronrgxamrsmcxsogxcceimxlbmoobnogxamrsmcxsogxcceimesoasbanxgxamrsboxccgxcceimxesoxcbnxgxamrsboxccgxcceialrexeoonxgxamrsbsbsagxcceialrexexbnxgxamrsbsbsagxcceimblrcssonxgxamrsbmosegxcceimblrcsscnxgxamrsbmosegxcceimxlbmxbbnxgxamrsbbexbgxcceimbbcemobnogxamrsbbexlgxcceimaoobbebnxgxamrsbbexlgxcceimcssmlrcnxgxamrslosssgxcceimsacexoonxgxamrslosssgxcceimxlbmosenxgxamrslosssgxcce; c-tag=%7B%22tag-banner%22%3A%22v3%7C%7CNOR%7C4891818%7C41873840%7C0%7C%7C508%7C41%7C3%7C40%7C0%7C0%7C0%7C25344%7C0%7C0%7C0%7C1%7C0%7C0%7C0%7C0%7C1%7C0%7C0%7C1%7C63dc754d68d029.352003591164609022%7C1cffa26cab9227e1600343a9ffbf0de2%7C0%7Cxfantazy.com%7C%7C%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7Cok%22%7D
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 03 Feb 2023 02:45:33 GMT
Content-Type: application/json
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Origin: https://a.realsrv.com
Access-Control-Allow-Headers: Authorization, Content-Type
Access-Control-Request-Method: POST
Access-Control-Allow-Credentials: true
X-Robots-Tag: noindex, follow
Content-Encoding: gzip
fonts.gstatic.com/s/ubuntu/v20/4iCs6KVjbNBYlgoKfw72.woff2
142.250.74.163200 OK 35 kB URL HTTP/2 fonts.gstatic.com/s/ubuntu/v20/4iCs6KVjbNBYlgoKfw72.woff2
IP 142.250.74.163:0
File type Web Open Font Format (Version 2), TrueType, length 34852, version 1.0\012- data
Hash 0e8eefb4549a2edf26c560cb9845952e
8d0b1718aacad934fd0043c87cbc54aa091396bf
7f653b3ce9d3277457fc6da4edb246ae2f6c913f088c42dcb8cd2e96267aa21a
GET /s/ubuntu/v20/4iCs6KVjbNBYlgoKfw72.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://ads.adxadserv.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 34852
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 02 Feb 2023 10:06:00 GMT
expires: Fri, 02 Feb 2024 10:06:00 GMT
cache-control: public, max-age=31536000
age: 59973
last-modified: Wed, 27 Apr 2022 16:31:23 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
syndication.realsrv.com/cimp.php?t=api&data=H4sIAAAAAAAAA02PQWoDMQxFr9ILxEiy5JGzbrctpOQAzthDCkkDk0zJ4h++nlmU+hv0EdbXs5DEHUm/L8J7tX2MyBwyBZXApnj/OEAZ3+WxzOVybuXyON9vyzy2MF6WE1RdjWEpaU7IA1FMUM/slGDkMB4GJ8LgrjSIQwkR1CUWVVcXiCSLwQlvxwOOn6+9lzkLGIJI9BSj7lcWCEG7pychxToOpjV57QEhmvTtlpmTJsokAqs1nUxaaacqk+dchbmQj6n1QaprEEqY+7fu808Yb9eNbGMy5m0//WnHW+mHsLmvaS7XBvx7s2rYYjul6oqN0qJmimxkuU01ysSTW9U2plLc7Ret/3j9hQEAAA==
95.211.229.245200 OK 20 B URL HTTP/1.1 syndication.realsrv.com/cimp.php?t=api&data=H4sIAAAAAAAAA02PQWoDMQxFr9ILxEiy5JGzbrctpOQAzthDCkkDk0zJ4h++nlmU+hv0EdbXs5DEHUm/L8J7tX2MyBwyBZXApnj/OEAZ3+WxzOVybuXyON9vyzy2MF6WE1RdjWEpaU7IA1FMUM/slGDkMB4GJ8LgrjSIQwkR1CUWVVcXiCSLwQlvxwOOn6+9lzkLGIJI9BSj7lcWCEG7pychxToOpjV57QEhmvTtlpmTJsokAqs1nUxaaacqk+dchbmQj6n1QaprEEqY+7fu808Yb9eNbGMy5m0//WnHW+mHsLmvaS7XBvx7s2rYYjul6oqN0qJmimxkuU01ysSTW9U2plLc7Ret/3j9hQEAAA==
IP 95.211.229.245:0
ASN #60781 LeaseWeb Netherlands B.V.
Hash a4745abc5e7fdb89cc6df3069f3c6e69
74789f7ddbebd5b7323f6f8174005b4bf8c1f1ed
d1111b245f685176180e6f1631e6dc49badf6672368e9ce260c71355165effdf
GET /cimp.php?t=api&data=H4sIAAAAAAAAA02PQWoDMQxFr9ILxEiy5JGzbrctpOQAzthDCkkDk0zJ4h++nlmU+hv0EdbXs5DEHUm/L8J7tX2MyBwyBZXApnj/OEAZ3+WxzOVybuXyON9vyzy2MF6WE1RdjWEpaU7IA1FMUM/slGDkMB4GJ8LgrjSIQwkR1CUWVVcXiCSLwQlvxwOOn6+9lzkLGIJI9BSj7lcWCEG7pychxToOpjV57QEhmvTtlpmTJsokAqs1nUxaaacqk+dchbmQj6n1QaprEEqY+7fu808Yb9eNbGMy5m0//WnHW+mHsLmvaS7XBvx7s2rYYjul6oqN0qJmimxkuU01ysSTW9U2plLc7Ret/3j9hQEAAA== HTTP/1.1
Host: syndication.realsrv.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://a.realsrv.com
Connection: keep-alive
Referer: https://a.realsrv.com/
Cookie: __uvt=a%3A1%3A%7Bi%3A0%3Bs%3A33%3A%2263dc754d68d029.352003591164609022%22%3B%7D; impressions=oslmrxbrnxgxamrscrmeogeicxbmsbcenxgxamrslosssgeimmccrbebnxgxamcbexxbmgeioslmrxbmnxgxamreseallgeicxbmsbocnxgxamrolmocogeimmccrlaonxgxamccxobsegeimmccrlacnxgxamcmlarclgeicxbmsboenxgxamrscrmeogeioslmrxlrnxgxamslescrogeimmccrbxenxgxamrescroogeislsaroornxgxamccolacbgeioslmroemnxgxamrsxxxmrgeioslmrxlsnxgxamroamsoegeicmmsxrbonxgxamsoeamlmgeimmccrlaenxgxamrsxxxmrgeimmccrbeanxgxamcssabxegeicaocmrmanxgxamolcrcergeimcclsxronxgxamsscrmclgeimcclsxmenxgxamrescroogeialbserebnxgxamccrrssogeimcclsxaonxgxamsxsxllxgeicxbmsbxcnxgxamrsarxclgeimrblxebenxgxamselmborgeimcclsxconxgxamsbremaegeirbabxabbnxgxamrescroogeimcclsxacnxgxamsscrmclgeicmmsxaeenxgxamcmrmsrmgeialbsereanxgxamsoeabscgeicaxsscmbnxgxamsosomemgeimcclosconxgxamcxbemmxgeimcclsoeonxgxamrolmocogeimcclsxlcnxgxamreaccbbgeimcclossbnxgxamcscxaesgeimcclsxscnxgxamsmoooeegeimcclsxlenxgxamcbrorxbgeimaecseaenxgxamsmoooeegeimaecsxcbnxgxamsmoooeegeimcclsxoanxgxamclrbcelgeimcclsxlbnxgxamcrbalrageimccloscanxgxamclrbcrogeiclsmrbsonxgxamsmmrbmbgeiclsmarsenxgxamsmmrbmbgeiccmmllebnxgxamclarlmmgeimcclsxsbnxgxamreollxsgeiclsmrbxonxgxamsbebceegeiclsmrbxcnxgxamsbebceegeiclsmarscnxgxamsbebceegeiccmmlmlcnxgxamsbebceegeiclsmarrenxgxamsbebceegeicaormbaonxgxamsbxxbsrgeicaormlrenxgxamcememscgeimcclsxlonxgxamcsmlmxcgeimrblelronxgxamsbremaegeimaecsxobnxgxamsbremaegeiclsmrbrcnxgxamsbroemmgeiclsmrraanxgxamclsslaegeiclsmrmxbnxgxamsbroemmgeimccloscenxgxamsbmrxregeimcclsxxonxgxamslescrogeimrblelxbnxgxamslescrogeimcclsoeenxgxamclrbcelgeimrblelmonxgxamcxcrasxgeimrbleloenxgxamcxcrasxgeiclsmrrmanxgxamcxabcxbgeiclsmrbeonxgxamcxabcxbgeiclsmrrcenxgxamcxabcxbgeiclsmrmxanxgxamcxabcxbgeiclsmrbxenxgxamcxabcxbgeiclsmaroonxgxamcxabcxbgeialbserxenxgxamcosraregeimcclsxsenxgxamrescroogeimcclsxlanxgxamcblrlbcgeiccmmlleanxgxamccrrssogeicaormlabnxgxamcrllsmageicaormlconxgxamcrllsmageiclsmarsonxgxamclsslaegeiclsmrmlbnxgxamclsslaegeiclsmrmocnxgxamclsslaegeiccmmllecnxgxamclsslaegeimcclsxcanxgxamclrbcelgeimrblelcenxgxamclrbcelgeimaecsxrcnxgxamclrbcelgeialbserxonxgxamclarlmmgeimcclosscnxgxamreaccbbgeimaecobronxgxamrescroogeimaecobeenxgxamrescroogeimcclosccnxgxamrescroogeimaecoboonxgxamrescroogeimrblxelenxgxamrescroogeimbroosxcnxgxamrselcmrgxcceimsmxmosenxgxamrsxeecrgxcceicxmecmcanxgxamrsxeecbgxcceimxlbmosonogxamrsxxxmrgxcceimrxccosonxgxamrsxamrrgxcceiallxlmscnxgxamrsxleelgxcceimeembecenxgxamrsomsecgxcceimxeemblcnxgxamrsomsergxcceimrbleaebnxgxamrsseeoagxcceimbeelllanxgxamrssoeomgxcceicloaxxabnxgxamrssoalagxcceimxlbmxlcnogxamrssomelgxcceimcssmlrenxgxamrsssoabgxcceimeembesonxgxamrsscsbagxcceimxlbmosancgxamrsrooalgxcceimcssmlronsgxamrsrooalgxcceimmraexsenxgxamrsrcaccgxcceimmraexxanxgxamrsrcaccgxcceimboslabcnxgxamrsarxclgxcceimxeoxsacnxgxamrsarxclgxcceimbbcemoanrgxamrsamobsgxcceimxlbmoconogxamrsamobcgxcceimbclraronrgxamrsmcxsogxcceimxlbmoobnogxamrsmcxsogxcceimesoasbanxgxamrsboxccgxcceimxesoxcbnxgxamrsboxccgxcceialrexeoonxgxamrsbsbsagxcceialrexexbnxgxamrsbsbsagxcceimblrcssonxgxamrsbmosegxcceimblrcsscnxgxamrsbmosegxcceimxlbmxbbnxgxamrsbbexbgxcceimbbcemobnogxamrsbbexlgxcceimaoobbebnxgxamrsbbexlgxcceimcssmlrcnxgxamrslosssgxcceimsacexoonxgxamrslosssgxcceimxlbmosenxgxamrslosssgxcce; c-tag=%7B%22tag-banner%22%3A%22v3%7C%7CNOR%7C4891818%7C41873840%7C0%7C%7C508%7C41%7C3%7C40%7C0%7C0%7C0%7C25344%7C0%7C0%7C0%7C1%7C0%7C0%7C0%7C0%7C1%7C0%7C0%7C1%7C63dc754d68d029.352003591164609022%7C1cffa26cab9227e1600343a9ffbf0de2%7C0%7Cxfantazy.com%7C%7C%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7Cok%22%7D
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 03 Feb 2023 02:45:33 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Origin: https://a.realsrv.com
Access-Control-Allow-Credentials: true
Set-Cookie: __upt=%7B%22v%22%3A1%2C%22id%22%3A%2263dc754d68d029.352003591164609022%22%2C%22pcma%22%3A%22%22%2C%22acma%22%3A%22508.0199%22%7D; expires=Sun, 02 Feb 2025 02:45:33 GMT; path=/; domain=.realsrv.com; Secure; SameSite=none
X-Robots-Tag: noindex, follow
Content-Encoding: gzip
syndication.realsrv.com/cimp.php?t=api&data=H4sIAAAAAAAAAz1QQWoDMQz8Sj8QM5Il28q91xYCfYDX3iWFpIVNUnrQ4+vd0lo2GiExnhGD4wE87hPTUfQYoxsFQxAOpOIvrycX8o96f6z1cp7r5X6+fT7WNod2eUwunKDmmpJYcstATC7FqBBcUVyyUTR4LrGY8mjCo2MEaxTZUAAyZRaK2SIhihf489tpf+QUULI6w0ex6dkoZGB8w1PsLav0VDrYQlQeCtSIkiQYmJ1SLlYy19wKF82J0SauZaE+CSs2Iq9hHdZu61don9dd3aaLSEeX/+oRB9rTOPAdvS9rvc7u/xO/ljzvtDJWsX3gWGwSzK21qvPw2XWh1qc+tLaaCT8qBf05iAEAAA==
95.211.229.245200 OK 20 B URL HTTP/1.1 syndication.realsrv.com/cimp.php?t=api&data=H4sIAAAAAAAAAz1QQWoDMQz8Sj8QM5Il28q91xYCfYDX3iWFpIVNUnrQ4+vd0lo2GiExnhGD4wE87hPTUfQYoxsFQxAOpOIvrycX8o96f6z1cp7r5X6+fT7WNod2eUwunKDmmpJYcstATC7FqBBcUVyyUTR4LrGY8mjCo2MEaxTZUAAyZRaK2SIhihf489tpf+QUULI6w0ex6dkoZGB8w1PsLav0VDrYQlQeCtSIkiQYmJ1SLlYy19wKF82J0SauZaE+CSs2Iq9hHdZu61don9dd3aaLSEeX/+oRB9rTOPAdvS9rvc7u/xO/ljzvtDJWsX3gWGwSzK21qvPw2XWh1qc+tLaaCT8qBf05iAEAAA==
IP 95.211.229.245:0
ASN #60781 LeaseWeb Netherlands B.V.
Hash a4745abc5e7fdb89cc6df3069f3c6e69
74789f7ddbebd5b7323f6f8174005b4bf8c1f1ed
d1111b245f685176180e6f1631e6dc49badf6672368e9ce260c71355165effdf
GET /cimp.php?t=api&data=H4sIAAAAAAAAAz1QQWoDMQz8Sj8QM5Il28q91xYCfYDX3iWFpIVNUnrQ4+vd0lo2GiExnhGD4wE87hPTUfQYoxsFQxAOpOIvrycX8o96f6z1cp7r5X6+fT7WNod2eUwunKDmmpJYcstATC7FqBBcUVyyUTR4LrGY8mjCo2MEaxTZUAAyZRaK2SIhihf489tpf+QUULI6w0ex6dkoZGB8w1PsLav0VDrYQlQeCtSIkiQYmJ1SLlYy19wKF82J0SauZaE+CSs2Iq9hHdZu61don9dd3aaLSEeX/+oRB9rTOPAdvS9rvc7u/xO/ljzvtDJWsX3gWGwSzK21qvPw2XWh1qc+tLaaCT8qBf05iAEAAA== HTTP/1.1
Host: syndication.realsrv.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://a.realsrv.com
Connection: keep-alive
Referer: https://a.realsrv.com/
Cookie: __uvt=a%3A1%3A%7Bi%3A0%3Bs%3A33%3A%2263dc754d68d029.352003591164609022%22%3B%7D; impressions=oslmrxbrnxgxamrscrmeogeicxbmsbcenxgxamrslosssgeimmccrbebnxgxamcbexxbmgeioslmrxbmnxgxamreseallgeicxbmsbocnxgxamrolmocogeimmccrlaonxgxamccxobsegeimmccrlacnxgxamcmlarclgeicxbmsboenxgxamrscrmeogeioslmrxlrnxgxamslescrogeimmccrbxenxgxamrescroogeislsaroornxgxamccolacbgeioslmroemnxgxamrsxxxmrgeioslmrxlsnxgxamroamsoegeicmmsxrbonxgxamsoeamlmgeimmccrlaenxgxamrsxxxmrgeimmccrbeanxgxamcssabxegeicaocmrmanxgxamolcrcergeimcclsxronxgxamsscrmclgeimcclsxmenxgxamrescroogeialbserebnxgxamccrrssogeimcclsxaonxgxamsxsxllxgeicxbmsbxcnxgxamrsarxclgeimrblxebenxgxamselmborgeimcclsxconxgxamsbremaegeirbabxabbnxgxamrescroogeimcclsxacnxgxamsscrmclgeicmmsxaeenxgxamcmrmsrmgeialbsereanxgxamsoeabscgeicaxsscmbnxgxamsosomemgeimcclosconxgxamcxbemmxgeimcclsoeonxgxamrolmocogeimcclsxlcnxgxamreaccbbgeimcclossbnxgxamcscxaesgeimcclsxscnxgxamsmoooeegeimcclsxlenxgxamcbrorxbgeimaecseaenxgxamsmoooeegeimaecsxcbnxgxamsmoooeegeimcclsxoanxgxamclrbcelgeimcclsxlbnxgxamcrbalrageimccloscanxgxamclrbcrogeiclsmrbsonxgxamsmmrbmbgeiclsmarsenxgxamsmmrbmbgeiccmmllebnxgxamclarlmmgeimcclsxsbnxgxamreollxsgeiclsmrbxonxgxamsbebceegeiclsmrbxcnxgxamsbebceegeiclsmarscnxgxamsbebceegeiccmmlmlcnxgxamsbebceegeiclsmarrenxgxamsbebceegeicaormbaonxgxamsbxxbsrgeicaormlrenxgxamcememscgeimcclsxlonxgxamcsmlmxcgeimrblelronxgxamsbremaegeimaecsxobnxgxamsbremaegeiclsmrbrcnxgxamsbroemmgeiclsmrraanxgxamclsslaegeiclsmrmxbnxgxamsbroemmgeimccloscenxgxamsbmrxregeimcclsxxonxgxamslescrogeimrblelxbnxgxamslescrogeimcclsoeenxgxamclrbcelgeimrblelmonxgxamcxcrasxgeimrbleloenxgxamcxcrasxgeiclsmrrmanxgxamcxabcxbgeiclsmrbeonxgxamcxabcxbgeiclsmrrcenxgxamcxabcxbgeiclsmrmxanxgxamcxabcxbgeiclsmrbxenxgxamcxabcxbgeiclsmaroonxgxamcxabcxbgeialbserxenxgxamcosraregeimcclsxsenxgxamrescroogeimcclsxlanxgxamcblrlbcgeiccmmlleanxgxamccrrssogeicaormlabnxgxamcrllsmageicaormlconxgxamcrllsmageiclsmarsonxgxamclsslaegeiclsmrmlbnxgxamclsslaegeiclsmrmocnxgxamclsslaegeiccmmllecnxgxamclsslaegeimcclsxcanxgxamclrbcelgeimrblelcenxgxamclrbcelgeimaecsxrcnxgxamclrbcelgeialbserxonxgxamclarlmmgeimcclosscnxgxamreaccbbgeimaecobronxgxamrescroogeimaecobeenxgxamrescroogeimcclosccnxgxamrescroogeimaecoboonxgxamrescroogeimrblxelenxgxamrescroogeimbroosxcnxgxamrselcmrgxcceimsmxmosenxgxamrsxeecrgxcceicxmecmcanxgxamrsxeecbgxcceimxlbmosonogxamrsxxxmrgxcceimrxccosonxgxamrsxamrrgxcceiallxlmscnxgxamrsxleelgxcceimeembecenxgxamrsomsecgxcceimxeemblcnxgxamrsomsergxcceimrbleaebnxgxamrsseeoagxcceimbeelllanxgxamrssoeomgxcceicloaxxabnxgxamrssoalagxcceimxlbmxlcnogxamrssomelgxcceimcssmlrenxgxamrsssoabgxcceimeembesonxgxamrsscsbagxcceimxlbmosancgxamrsrooalgxcceimcssmlronsgxamrsrooalgxcceimmraexsenxgxamrsrcaccgxcceimmraexxanxgxamrsrcaccgxcceimboslabcnxgxamrsarxclgxcceimxeoxsacnxgxamrsarxclgxcceimbbcemoanrgxamrsamobsgxcceimxlbmoconogxamrsamobcgxcceimbclraronrgxamrsmcxsogxcceimxlbmoobnogxamrsmcxsogxcceimesoasbanxgxamrsboxccgxcceimxesoxcbnxgxamrsboxccgxcceialrexeoonxgxamrsbsbsagxcceialrexexbnxgxamrsbsbsagxcceimblrcssonxgxamrsbmosegxcceimblrcsscnxgxamrsbmosegxcceimxlbmxbbnxgxamrsbbexbgxcceimbbcemobnogxamrsbbexlgxcceimaoobbebnxgxamrsbbexlgxcceimcssmlrcnxgxamrslosssgxcceimsacexoonxgxamrslosssgxcceimxlbmosenxgxamrslosssgxcce; c-tag=%7B%22tag-banner%22%3A%22v3%7C%7CNOR%7C4891818%7C41873840%7C0%7C%7C508%7C41%7C3%7C40%7C0%7C0%7C0%7C25344%7C0%7C0%7C0%7C1%7C0%7C0%7C0%7C0%7C1%7C0%7C0%7C1%7C63dc754d68d029.352003591164609022%7C1cffa26cab9227e1600343a9ffbf0de2%7C0%7Cxfantazy.com%7C%7C%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7Cok%22%7D
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 03 Feb 2023 02:45:33 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Origin: https://a.realsrv.com
Access-Control-Allow-Credentials: true
Set-Cookie: __upt=%7B%22v%22%3A1%2C%22id%22%3A%2263dc754d68d029.352003591164609022%22%2C%22pcma%22%3A%22%22%2C%22acma%22%3A%22508.0199%22%7D; expires=Sun, 02 Feb 2025 02:45:33 GMT; path=/; domain=.realsrv.com; Secure; SameSite=none
X-Robots-Tag: noindex, follow
Content-Encoding: gzip
a.medfoodsafety.com/loader?a=4788037&s=4776911&t=1&p=8575
172.64.138.21200 OK 852 B URL HTTP/2 a.medfoodsafety.com/loader?a=4788037&s=4776911&t=1&p=8575
IP 172.64.138.21:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash a7a0467860e9079f6137e06cc2e1174b
3f64a46a91969636754d90cd255b6c52063d2a2f
bfe94f951464f4d6ec44c2ad82e2818bdd9a98e36b015f0d49874b39000400b8
GET /loader?a=4788037&s=4776911&t=1&p=8575 HTTP/1.1
Host: a.medfoodsafety.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://a.naturalhealthsource.club/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 03 Feb 2023 02:45:33 GMT
content-type: text/html
cache-control: no-cache, no-store, must-revalidate
expires: Sat, 26 Jul 1997 05:00:00 GMT
last-modified: Sun, 17 May 1998 03:00:00 GMT
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=0jyxUlVRXOmRY%2BCk3shctPiJZ1nGhTMuc8MS%2FXiGQu%2Fa%2FKo5uEg3K3%2BxUFP8FqXiAOJ%2F9Jjwq3fciXQ3tpnteqVoNLDL7NNH%2BbIn4WGhIHmCGCMvKyOpjj0Dttpr5ly4sTJkv54A"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7937d4c2f8e223f0-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
rxeosevsso.com/chicken.gif?z=1963298&pb=7a7170df79afd841b6b0ba89a81ec8f11675399533&psp=UAI9LBbSMBUltchx0qOe2QUyKKCI7_JvA2x-qwf-tzkmwKlOQg7P2GFVin2z0NU6EOyCh5ZSXRr9BYckyDehtgK6_sqszAKi0e_oOjti_u2SW7rEKOasHIsafY6XHfqpUUwp_c5yPIBZwRJqZG8fSVxS9UZ6EHtpd3qFfLGHaQDleGtHoCo7XiHhfZNpQh4Z_FUzDGEIV8HQn4iMuMq7DurlxPDagzJdDU-07Pu8c3vOZHGYLgz4c0XEmypVm_EgdRpHaLfMjMcAwHh02ZNpNQyGmqtrKwJC4sLiiLcY1KvAYlqOKNHNtqHrBF2YALern6jb7NRx0hhtl8tpzLjdaGYXYpZqlh63xmxmEAGHdwXP1IKD-QMtyWw7xqJrb9JaBh7KdX2J-yeu3Cxaw8GQ42rZDj7aGiJ8qMD1ppEzpQztNEU4qaXY0lfZ7FSxCPo3rbLIaIlPcQWBtODrQ1HhjGt-iFhns8OUARqdShNeonqc9awszsikzoB-3Uc5R3Z8ymjU0KATdYJInLF44l8QhYQh_6smyOBJrVDs8HXi8OiHFOL_J1gM3kWZNLcceRSKsG4QeuV8giYuq-Ezdr7Rgj2Vs3yPsEwq0--BYynsowJg3ctc9rXh-uh-lv314URsLdUmmhkOBIPTxci1kJdylAeoufKoDh5Z0a0qm0jktSasV1BuKapX-IC5YQweHr06b0G8KGXcAe5u15sL-A06IRrPIWA9fspUy5FIzaVp6NbjheGK9k1puhrHeMEC7L4IQPgqLTTI9z4bVVQYVQIMkTHZToFMNMSck6u-Og-yBa9EsCyQI7J0zKxpn7GBnGgXrA5PVCKURaCeq5sY5XaftrL_YG9IuKzcQtv9aTRiTh3aoUMylg6F4_-Fmygr1R8A2g930T8c_5Yijvn6xXKWyq20yzWMSO5apE2_DMBjVOa89u6V3wLBsGcp0qFkII2lL2FJYNxGS8bi-hPO8boATmWhX0PQpgKAtNi5&abvar=4&os=0
62.122.171.6200 OK 43 B URL HTTP/2 rxeosevsso.com/chicken.gif?z=1963298&pb=7a7170df79afd841b6b0ba89a81ec8f11675399533&psp=UAI9LBbSMBUltchx0qOe2QUyKKCI7_JvA2x-qwf-tzkmwKlOQg7P2GFVin2z0NU6EOyCh5ZSXRr9BYckyDehtgK6_sqszAKi0e_oOjti_u2SW7rEKOasHIsafY6XHfqpUUwp_c5yPIBZwRJqZG8fSVxS9UZ6EHtpd3qFfLGHaQDleGtHoCo7XiHhfZNpQh4Z_FUzDGEIV8HQn4iMuMq7DurlxPDagzJdDU-07Pu8c3vOZHGYLgz4c0XEmypVm_EgdRpHaLfMjMcAwHh02ZNpNQyGmqtrKwJC4sLiiLcY1KvAYlqOKNHNtqHrBF2YALern6jb7NRx0hhtl8tpzLjdaGYXYpZqlh63xmxmEAGHdwXP1IKD-QMtyWw7xqJrb9JaBh7KdX2J-yeu3Cxaw8GQ42rZDj7aGiJ8qMD1ppEzpQztNEU4qaXY0lfZ7FSxCPo3rbLIaIlPcQWBtODrQ1HhjGt-iFhns8OUARqdShNeonqc9awszsikzoB-3Uc5R3Z8ymjU0KATdYJInLF44l8QhYQh_6smyOBJrVDs8HXi8OiHFOL_J1gM3kWZNLcceRSKsG4QeuV8giYuq-Ezdr7Rgj2Vs3yPsEwq0--BYynsowJg3ctc9rXh-uh-lv314URsLdUmmhkOBIPTxci1kJdylAeoufKoDh5Z0a0qm0jktSasV1BuKapX-IC5YQweHr06b0G8KGXcAe5u15sL-A06IRrPIWA9fspUy5FIzaVp6NbjheGK9k1puhrHeMEC7L4IQPgqLTTI9z4bVVQYVQIMkTHZToFMNMSck6u-Og-yBa9EsCyQI7J0zKxpn7GBnGgXrA5PVCKURaCeq5sY5XaftrL_YG9IuKzcQtv9aTRiTh3aoUMylg6F4_-Fmygr1R8A2g930T8c_5Yijvn6xXKWyq20yzWMSO5apE2_DMBjVOa89u6V3wLBsGcp0qFkII2lL2FJYNxGS8bi-hPO8boATmWhX0PQpgKAtNi5&abvar=4&os=0
IP 62.122.171.6:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash 28e463819a210071de3b45ebe7633613
6dccd571828ec0912629119cf7eabfea9f33ddbc
44251f61629e2bfeead421241a917f43ad047af351659f01cd8fd937f0417f84
Analyzer Verdict Alert quad9 Sinkholed
GET /chicken.gif?z=1963298&pb=7a7170df79afd841b6b0ba89a81ec8f11675399533&psp=UAI9LBbSMBUltchx0qOe2QUyKKCI7_JvA2x-qwf-tzkmwKlOQg7P2GFVin2z0NU6EOyCh5ZSXRr9BYckyDehtgK6_sqszAKi0e_oOjti_u2SW7rEKOasHIsafY6XHfqpUUwp_c5yPIBZwRJqZG8fSVxS9UZ6EHtpd3qFfLGHaQDleGtHoCo7XiHhfZNpQh4Z_FUzDGEIV8HQn4iMuMq7DurlxPDagzJdDU-07Pu8c3vOZHGYLgz4c0XEmypVm_EgdRpHaLfMjMcAwHh02ZNpNQyGmqtrKwJC4sLiiLcY1KvAYlqOKNHNtqHrBF2YALern6jb7NRx0hhtl8tpzLjdaGYXYpZqlh63xmxmEAGHdwXP1IKD-QMtyWw7xqJrb9JaBh7KdX2J-yeu3Cxaw8GQ42rZDj7aGiJ8qMD1ppEzpQztNEU4qaXY0lfZ7FSxCPo3rbLIaIlPcQWBtODrQ1HhjGt-iFhns8OUARqdShNeonqc9awszsikzoB-3Uc5R3Z8ymjU0KATdYJInLF44l8QhYQh_6smyOBJrVDs8HXi8OiHFOL_J1gM3kWZNLcceRSKsG4QeuV8giYuq-Ezdr7Rgj2Vs3yPsEwq0--BYynsowJg3ctc9rXh-uh-lv314URsLdUmmhkOBIPTxci1kJdylAeoufKoDh5Z0a0qm0jktSasV1BuKapX-IC5YQweHr06b0G8KGXcAe5u15sL-A06IRrPIWA9fspUy5FIzaVp6NbjheGK9k1puhrHeMEC7L4IQPgqLTTI9z4bVVQYVQIMkTHZToFMNMSck6u-Og-yBa9EsCyQI7J0zKxpn7GBnGgXrA5PVCKURaCeq5sY5XaftrL_YG9IuKzcQtv9aTRiTh3aoUMylg6F4_-Fmygr1R8A2g930T8c_5Yijvn6xXKWyq20yzWMSO5apE2_DMBjVOa89u6V3wLBsGcp0qFkII2lL2FJYNxGS8bi-hPO8boATmWhX0PQpgKAtNi5&abvar=4&os=0 HTTP/1.1
Host: rxeosevsso.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Cookie: UID=23020221454682052d34a842c387e9e030a0
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 03 Feb 2023 02:45:33 GMT
content-type: image/gif
content-length: 43
x-route-id: stats.impression
set-cookie: OACICAP=ACMMLgAAAAAAAAAB; Path=/; Expires=Sun, 05 Mar 2023 02:45:33 GMT; Secure; SameSite=None
OACIBLOCK=ACMMLgAAAABj3Gqg; Path=/; Expires=Sun, 05 Mar 2023 02:45:33 GMT; Secure; SameSite=None
ppucnt=0; Path=/; Expires=Sat, 04 Feb 2023 02:45:33 GMT; Secure; SameSite=None
timing-allow-origin: *
accept-ch: sec-ch-ua,ua,sec-ch-ua-platform,ua-platform,sec-ch-ua-mobile,ua-mobile,sec-ch-ua-full-version,ua-full-version,sec-ch-ua-platform-version,ua-platform-version,sec-ch-ua-arch,ua-arch,sec-ch-ua-bitness,ua-bitness,sec-ch-ua-model,ua-model,sec-ch-lang,lang,sec-ch-save-data,save-data,sec-ch-width,width,sec-ch-viewport-width,viewport-width,sec-ch-viewport-height,viewport-height,sec-ch-dpr,dpr,sec-ch-device-memory,device-memory,sec-ch-rtt,rtt,sec-ch-downlink,downlink,sec-ch-ect,ect,sec-ch-prefers-color-scheme,sec-ch-prefers-reduced-motion,sec-ch-prefers-reduced-transparency,sec-ch-prefers-contrast,sec-ch-forced-colors,sec-ch-prefers-reduced-data
X-Firefox-Spdy: h2
s3t3d2y8.afcdn.net/library/448451/0823ddfbbed3b0112ae4193bff0044adfaef5759.gif
185.76.9.18200 OK 72 kB URL HTTP/2 s3t3d2y8.afcdn.net/library/448451/0823ddfbbed3b0112ae4193bff0044adfaef5759.gif
IP 185.76.9.18:0
ASN #60068 Datacamp Limited
File type GIF image data, version 89a, 300 x 250\012- data
Hash cf340b46c32f856a3d3682fa07bc7ad1
0823ddfbbed3b0112ae4193bff0044adfaef5759
1c2bacc7a287a9e6dee066c2bdb857cb42c2f1ea92130312c7e61e5db3950da3
GET /library/448451/0823ddfbbed3b0112ae4193bff0044adfaef5759.gif HTTP/1.1
Host: s3t3d2y8.afcdn.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://a.realsrv.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 03 Feb 2023 02:45:33 GMT
content-type: image/gif
content-length: 71800
last-modified: Sat, 28 Jan 2023 20:21:35 GMT
etag: "63d583cf-11878"
expires: Sun, 28 Jan 2024 20:35:41 GMT
cache-control: max-age=31536000
access-control-allow-origin: *
x-robots-tag: noindex, follow
x-cache-op: HIT
x-accel-expires: @1706474463
server: CDN77-Turbo
x-77-nzt: AblMCQ3vwCL/7uwGAA
x-77-nzt-ray: c0a4cc28d50cb6624d75dc63d01de639
x-cache: HIT
x-age: 453870
x-77-pop: stockholmSE
x-77-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
s3t3d2y8.afcdn.net/library/426059/c939fdb909578ebf7577341bb1723ce604f19d28.jpg
185.76.9.18200 OK 32 kB URL HTTP/2 s3t3d2y8.afcdn.net/library/426059/c939fdb909578ebf7577341bb1723ce604f19d28.jpg
IP 185.76.9.18:0
ASN #60068 Datacamp Limited
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 90", baseline, precision 8, 300x300, components 3\012- data
Hash 84d61f43ec1dc4b715ee00d2888a78fc
c939fdb909578ebf7577341bb1723ce604f19d28
4a81caa135ac5cacceaa88d1e96d64266fd640caf99911e3ba43a8e1691f61c0
GET /library/426059/c939fdb909578ebf7577341bb1723ce604f19d28.jpg HTTP/1.1
Host: s3t3d2y8.afcdn.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://a.realsrv.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 03 Feb 2023 02:45:33 GMT
content-type: image/jpeg
content-length: 32171
last-modified: Thu, 15 Sep 2022 15:28:27 GMT
etag: "6323449b-7dab"
expires: Wed, 25 Oct 2023 20:53:30 GMT
cache-control: max-age=31536000
access-control-allow-origin: *
x-robots-tag: noindex, follow
x-cache-op: HIT
x-accel-expires: @1704988924
server: CDN77-Turbo
x-77-nzt: AblMCQ2J2qH/0ZcdAA
x-77-nzt-ray: c0a4cc28d50cb6624d75dc63e0855a3a
x-cache: HIT
x-age: 1939409
x-77-pop: stockholmSE
x-77-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
s3t3d2y8.afcdn.net/library/676799/a8434536bee74a0f2e0dad6eeb7ce34c6b860c03.webp
185.76.9.18200 OK 4.5 kB URL HTTP/2 s3t3d2y8.afcdn.net/library/676799/a8434536bee74a0f2e0dad6eeb7ce34c6b860c03.webp
IP 185.76.9.18:0
ASN #60068 Datacamp Limited
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 300x300, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash adca33b56b764b0c5cee2bc5937f6a95
a8434536bee74a0f2e0dad6eeb7ce34c6b860c03
68101315421f073c64a0f568064df141b0df9de16438221bd4d2b340e5cc611c
GET /library/676799/a8434536bee74a0f2e0dad6eeb7ce34c6b860c03.webp HTTP/1.1
Host: s3t3d2y8.afcdn.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://a.naturalhealthsource.club/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Fri, 03 Feb 2023 02:45:33 GMT
content-type: image/webp
content-length: 4516
last-modified: Wed, 03 Nov 2021 19:32:37 GMT
etag: "6182e3d5-11a4"
expires: Fri, 30 Jun 2023 18:46:47 GMT
cache-control: max-age=31536000
access-control-allow-origin: *
x-cache-op: HIT
x-accel-expires: @1688195221
server: CDN77-Turbo
x-robots-tag: noindex, follow
x-77-nzt: AblMCQ3Wq3//ONgdAQ
x-77-nzt-ray: c0a4cc28d50cb6624d75dc639c8ef039
x-cache: HIT
x-age: 18733112
x-77-pop: stockholmSE
x-77-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
s3t3d2y8.afcdn.net/library/676799/334f1a6c3f1ff0b5f417b1d2f32991bb7e5367a0.webp
185.76.9.18200 OK 15 kB URL HTTP/2 s3t3d2y8.afcdn.net/library/676799/334f1a6c3f1ff0b5f417b1d2f32991bb7e5367a0.webp
IP 185.76.9.18:0
ASN #60068 Datacamp Limited
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 300x300, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash e75534030234907de7ea4c78aeffe5e8
334f1a6c3f1ff0b5f417b1d2f32991bb7e5367a0
1fde854971dbb1f4dd0d678f46c7be0e2bc8b8c9e111a5c6e2b64435b10bed3c
GET /library/676799/334f1a6c3f1ff0b5f417b1d2f32991bb7e5367a0.webp HTTP/1.1
Host: s3t3d2y8.afcdn.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://a.naturalhealthsource.club/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Fri, 03 Feb 2023 02:45:33 GMT
content-type: image/webp
content-length: 14960
last-modified: Tue, 15 Mar 2022 12:26:31 GMT
etag: "623085f7-3a70"
expires: Fri, 30 Jun 2023 12:16:28 GMT
cache-control: max-age=31536000
access-control-allow-origin: *
x-cache-op: HIT
x-accel-expires: @1688195632
server: CDN77-Turbo
x-robots-tag: noindex, follow
x-77-nzt: AblMCQ1cLsf/ndYdAQ
x-77-nzt-ray: c0a4cc28d50cb6624d75dc63c56ff239
x-cache: HIT
x-age: 18732701
x-77-pop: stockholmSE
x-77-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
s3t3d2y8.afcdn.net/library/475567/cc7211683ae26562c2df637755f311868f37c8ea.jpg
185.76.9.18200 OK 25 kB URL HTTP/2 s3t3d2y8.afcdn.net/library/475567/cc7211683ae26562c2df637755f311868f37c8ea.jpg
IP 185.76.9.18:0
ASN #60068 Datacamp Limited
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 90", baseline, precision 8, 300x300, components 3\012- data
Hash dbe31828ea0277ab9845bf67aa749927
cc7211683ae26562c2df637755f311868f37c8ea
6499cca4ce115e6dcb44a71342a5c705f938fbffbe5c410b55e60051a417b917
GET /library/475567/cc7211683ae26562c2df637755f311868f37c8ea.jpg HTTP/1.1
Host: s3t3d2y8.afcdn.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://a.naturalhealthsource.club/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Fri, 03 Feb 2023 02:45:33 GMT
content-type: image/jpeg
content-length: 25056
last-modified: Thu, 30 Mar 2017 09:55:25 GMT
etag: "58dcd60d-61e0"
expires: Fri, 30 Jun 2023 14:29:46 GMT
cache-control: max-age=31536000
access-control-allow-origin: *
x-cache-op: HIT
x-accel-expires: @1688195223
server: CDN77-Turbo
x-robots-tag: noindex, follow
x-77-nzt: AblMCQ3ICM//NtgdAQ
x-77-nzt-ray: c0a4cc28d50cb6624d75dc63ab181e3a
x-cache: HIT
x-age: 18733110
x-77-pop: stockholmSE
x-77-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
xfantazy.com/_next/static/KBkpA7zKZaPVD7oedA69Q/pages/video.js
172.64.204.27200 OK 18 kB URL HTTP/2 xfantazy.com/_next/static/KBkpA7zKZaPVD7oedA69Q/pages/video.js
IP 172.64.204.27:0
File type ASCII text, with very long lines (22910), with no line terminators
Hash dc5444cae8681a172297f780b03d788c
52b8a2a49b34a59409608f1150fc11a2950f5d4a
ddc90ce380b84fa6e9b60f67aab0beae8f89c07280cd35b8bced95dfd562ebe9
GET /_next/static/KBkpA7zKZaPVD7oedA69Q/pages/video.js HTTP/1.1
Host: xfantazy.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/video/603ced975ec2cb18b80961dc
Cookie: visitorId=7q0rjrynv79mbyk87zcws; experiment-popup-payment-7=0; experiment-save-to-button-2=0
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Fri, 03 Feb 2023 02:45:28 GMT
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=31536000, immutable
cf-bgj: minify
etag: W/"597e-185ecc6567e"
last-modified: Thu, 26 Jan 2023 06:31:39 GMT
vary: Origin, Accept-Encoding
cf-cache-status: HIT
age: 677555
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=E7aFML4LHqiEsahaeVHHAP4lqn1g3NUp2VH6333CjSPfYHGUM0wCg5gXDtHuwj1jtNUB1n66NCm7iH6YwEJU%2BUTbXU7ZBpHtqDbHAxLtxcC5LQShvndLaLAUzZart3M%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7937d4a709c172f0-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
s3t3d2y8.afcdn.net/library/238464/f6d40bd5d590015afcd00318eddc902913886963.webp
185.76.9.18200 OK 7.5 kB URL HTTP/2 s3t3d2y8.afcdn.net/library/238464/f6d40bd5d590015afcd00318eddc902913886963.webp
IP 185.76.9.18:0
ASN #60068 Datacamp Limited
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 300x300, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash 521e8810391ac697b94d998db25e9de5
f6d40bd5d590015afcd00318eddc902913886963
61abbac0b854039034ed4ffe2646c5bbf1897d01fb9f6ea6b809564038aba003
GET /library/238464/f6d40bd5d590015afcd00318eddc902913886963.webp HTTP/1.1
Host: s3t3d2y8.afcdn.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://a.naturalhealthsource.club/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 03 Feb 2023 02:45:33 GMT
content-type: image/webp
content-length: 7464
last-modified: Wed, 15 Jun 2022 07:36:33 GMT
etag: "62a98c01-1d28"
expires: Fri, 30 Jun 2023 11:52:45 GMT
cache-control: max-age=31536000
access-control-allow-origin: *
x-cache-op: HIT
x-accel-expires: @1688195228
server: CDN77-Turbo
x-robots-tag: noindex, follow
x-77-nzt: AblMCQ20/sD/MdgdAQ
x-77-nzt-ray: c0a4cc28d50cb6624d75dc636af0a13a
x-cache: HIT
x-age: 18733105
x-77-pop: stockholmSE
x-77-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
s3t3d2y8.afcdn.net/library/676799/43cc0f34a7085743076083a29185a6d24ec79f8a.webp
185.76.9.18200 OK 6.5 kB URL HTTP/2 s3t3d2y8.afcdn.net/library/676799/43cc0f34a7085743076083a29185a6d24ec79f8a.webp
IP 185.76.9.18:0
ASN #60068 Datacamp Limited
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 300x300, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash a7375e17e76259ef804acd4ce417e2da
43cc0f34a7085743076083a29185a6d24ec79f8a
0b2a5cff40ab5764f6c94a9bb88b8103e5c1bc8e54dc27f472bdb4fca12a37b7
GET /library/676799/43cc0f34a7085743076083a29185a6d24ec79f8a.webp HTTP/1.1
Host: s3t3d2y8.afcdn.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://a.naturalhealthsource.club/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 03 Feb 2023 02:45:33 GMT
content-type: image/webp
content-length: 6512
last-modified: Thu, 04 Nov 2021 10:09:28 GMT
etag: "6183b158-1970"
expires: Fri, 30 Jun 2023 14:50:48 GMT
cache-control: max-age=31536000
access-control-allow-origin: *
x-cache-op: HIT
x-accel-expires: @1688195410
server: CDN77-Turbo
x-robots-tag: noindex, follow
x-77-nzt: AblMCQ14l57/e9cdAQ
x-77-nzt-ray: c0a4cc28d50cb6624d75dc6352d9b93a
x-cache: HIT
x-age: 18732923
x-77-pop: stockholmSE
x-77-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
s3t3d2y8.afcdn.net/library/623611/2278481571affd0d06433855ece073cb06237a2a.webp
185.76.9.18200 OK 6.1 kB URL HTTP/2 s3t3d2y8.afcdn.net/library/623611/2278481571affd0d06433855ece073cb06237a2a.webp
IP 185.76.9.18:0
ASN #60068 Datacamp Limited
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 300x300, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash 6fa982653e11bf92f711f516bff7cc24
2278481571affd0d06433855ece073cb06237a2a
4ec89f5331b8e33f6ba993e5e835df7b3a008ee32ab12dcca448781bca935a97
GET /library/623611/2278481571affd0d06433855ece073cb06237a2a.webp HTTP/1.1
Host: s3t3d2y8.afcdn.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://a.naturalhealthsource.club/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 03 Feb 2023 02:45:33 GMT
content-type: image/webp
content-length: 6076
last-modified: Wed, 03 Nov 2021 19:29:43 GMT
etag: "6182e327-17bc"
expires: Wed, 25 Oct 2023 01:17:49 GMT
cache-control: max-age=31536000
access-control-allow-origin: *
x-robots-tag: noindex, follow
x-cache-op: HIT
x-accel-expires: @1702026514
server: CDN77-Turbo
x-77-nzt: AblMCQ00hx//u8tKAA
x-77-nzt-ray: c0a4cc28d50cb6624d75dc636ca0db3a
x-cache: HIT
x-age: 4901819
x-77-pop: stockholmSE
x-77-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
cams.gratis/banner/300x250.php?site=xfanta
172.64.165.31200 OK 1.2 kB URL HTTP/2 cams.gratis/banner/300x250.php?site=xfanta
IP 172.64.165.31:0
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (739), with CRLF line terminators
Hash 32eb94e8bb33b2d1a0ae8b5b02ebd49a
e81ea3dd5c845f8b8d335b6dc4be11a3e141fc0f
3df03deabe2da5f7114cc8b2ec75ce3a3af29bc1c2844624f7cdd0a731a425b6
GET /banner/300x250.php?site=xfanta HTTP/1.1
Host: cams.gratis
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ads.adxadserv.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 03 Feb 2023 02:45:33 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding,User-Agent
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=7RTp73vW1IXfy9p7OuoDt%2BQzO90zUGG5kKz6szRKFopFMNjbYWI8opsM3k7ULfrhX0PQqBYAGhGDPv9Ce6VsIzU8wkN9IrTjY2qhFHVFh%2BNbv81TBlFAmiMRYFvMBg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7937d4c70c75745b-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
adxadserv.com/ascripts/pxl.js
185.98.53.29200 OK 78 kB URL HTTP/1.1 adxadserv.com/ascripts/pxl.js
IP 185.98.53.29:0
ASN #39572 DataWeb Global Group B.V.
File type Unicode text, UTF-8 text, with very long lines (36114)
Hash 8348b78d100940ba1808a8e9b93f2e94
c2aa612dc3256c9f235dcfc6e330d0ecaf957768
9c983adf86ebc949957bdf55d524dfa278a79bea8d13f2efa9512c6dd37b86f5
GET /ascripts/pxl.js HTTP/1.1
Host: adxadserv.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ads.adxadserv.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
HTTP/1.1 200 OK
Server: nginx/1.20.1
Date: Fri, 03 Feb 2023 02:45:34 GMT
Content-Type: application/javascript
Content-Length: 77806
Connection: keep-alive
Last-Modified: Fri, 25 Sep 2020 09:55:25 GMT
ETag: "5f6dbe8d-12fee"
Expires: Fri, 03 Feb 2023 08:34:11 GMT
Cache-Control: max-age=86400, public
X-77-NZT: AblMCgHINOT/yv8AAA
X-77-NZT-Ray: 382b0f19730554dc4d75dc63e545913b
X-Cache: HIT
X-Age: 65482
X-77-POP: amsterdamNL
X-77-Cache: HIT
Accept-Ranges: bytes
ocsp.digicert.com/
93.184.220.29200 OK 312 B IP 93.184.220.29:0
Hash 7cceb66c7fcbfb39f6a026dd9f7024bf
74b740acde0811ba381185f2c6470edf1da85548
c10cdb30efbee3ff81094a4d195008ac41a963c0fe256f9779b1543d7c71c991
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 1377
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Fri, 03 Feb 2023 02:45:34 GMT
Last-Modified: Fri, 03 Feb 2023 02:22:37 GMT
Server: ECS (ska/F711)
X-Cache: HIT
Content-Length: 312
ocsp.sectigo.com/
172.64.155.188200 OK 471 B IP 172.64.155.188:0
Hash af3795063a912953cacb87b4fb011dd9
03e274238fbd153c55fd859b7af5a0c885bdb450
4b53b6fc02434518699f8de767bb94375a2f9defb2f7d4e4cad20b3cd2cf0d2b
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 03 Feb 2023 02:45:34 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Mon, 30 Jan 2023 17:56:23 GMT
Expires: Mon, 06 Feb 2023 17:56:22 GMT
Etag: "03e274238fbd153c55fd859b7af5a0c885bdb450"
Cache-Control: max-age=313247,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb1
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 7937d4c6fe54b4fd-OSL
bcdn.clickaine.com/22784/c6639570-9918-11eb-9dc3-916fe9770f93.gif
185.244.209.62200 OK 322 kB URL HTTP/2 bcdn.clickaine.com/22784/c6639570-9918-11eb-9dc3-916fe9770f93.gif
IP 185.244.209.62:0
ASN #58286 Electric-IT Business S.R.L.
File type GIF image data, version 89a, 300 x 250\012- data
Size 322 kB (321640 bytes)
Hash ea0709f28c4a8c0f475c330d65d6a75b
cc4f02c9d2f3c78acccd3df6c528cfec1923cfc9
1a37f5de50621c3687f805f6c04005ef03674ae41bc56385792ffd4550e538bb
GET /22784/c6639570-9918-11eb-9dc3-916fe9770f93.gif HTTP/1.1
Host: bcdn.clickaine.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://20915.polarbearyulia.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Fri, 03 Feb 2023 02:45:34 GMT
content-type: image/gif
content-length: 321640
last-modified: Fri, 09 Apr 2021 09:48:45 GMT
etag: "607022fd-4e868"
cache: HIT
x-cached-since: 2023-01-31T11:24:12+00:00
x-id: osix-up-gc4
accept-ranges: bytes
X-Firefox-Spdy: h2
adxadserv.com/px/event/v1?e_t=pageview&url=https%253A%252F%252Fads.adxadserv.com%252Fad%253Fspotid%253D636bc5d561d6e27071201a23%2526type%253D300x250%2526output%253Dhtml&ref=https%253A%252F%252Fxfantazy.com%252F&d_r=1&d_s=1280x1024&d_w=300x250&t_s=1675392362279&t_i=1675392362728&u_tz=0&u_l=en-US&u_l2=&u_l3=&pv_uid=deecb189-bee7-4951-94d7-41b5138e22d0&nav_rc=0&nav_nt=NAVIGATE&p_nn=adxad-rtb&p_pt=IFRAME&imid=d44f6420-a36c-11ed-93df-e2e38133f3a0&spid=636bc5d561d6e27071201a23&fpid_sa=1675392362728&fpid=&feid_sa=1675392362728&sid_sa=1675392362728&feid=d64917d2354e92f9f52fcf852811eee9&sid=bef203d8e07aa6cf18c3132a3195beba&u_adb=0&vn=T-0.1.1&utm_typ=referral&utm_src=xfantazy.com&s_rst=1&e_d=%7B%22isResetRequired%22%3Atrue%7D&t_op=0.318
185.98.53.29200 OK 0 B URL HTTP/1.1 adxadserv.com/px/event/v1?e_t=pageview&url=https%253A%252F%252Fads.adxadserv.com%252Fad%253Fspotid%253D636bc5d561d6e27071201a23%2526type%253D300x250%2526output%253Dhtml&ref=https%253A%252F%252Fxfantazy.com%252F&d_r=1&d_s=1280x1024&d_w=300x250&t_s=1675392362279&t_i=1675392362728&u_tz=0&u_l=en-US&u_l2=&u_l3=&pv_uid=deecb189-bee7-4951-94d7-41b5138e22d0&nav_rc=0&nav_nt=NAVIGATE&p_nn=adxad-rtb&p_pt=IFRAME&imid=d44f6420-a36c-11ed-93df-e2e38133f3a0&spid=636bc5d561d6e27071201a23&fpid_sa=1675392362728&fpid=&feid_sa=1675392362728&sid_sa=1675392362728&feid=d64917d2354e92f9f52fcf852811eee9&sid=bef203d8e07aa6cf18c3132a3195beba&u_adb=0&vn=T-0.1.1&utm_typ=referral&utm_src=xfantazy.com&s_rst=1&e_d=%7B%22isResetRequired%22%3Atrue%7D&t_op=0.318
IP 185.98.53.29:0
ASN #39572 DataWeb Global Group B.V.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /px/event/v1?e_t=pageview&url=https%253A%252F%252Fads.adxadserv.com%252Fad%253Fspotid%253D636bc5d561d6e27071201a23%2526type%253D300x250%2526output%253Dhtml&ref=https%253A%252F%252Fxfantazy.com%252F&d_r=1&d_s=1280x1024&d_w=300x250&t_s=1675392362279&t_i=1675392362728&u_tz=0&u_l=en-US&u_l2=&u_l3=&pv_uid=deecb189-bee7-4951-94d7-41b5138e22d0&nav_rc=0&nav_nt=NAVIGATE&p_nn=adxad-rtb&p_pt=IFRAME&imid=d44f6420-a36c-11ed-93df-e2e38133f3a0&spid=636bc5d561d6e27071201a23&fpid_sa=1675392362728&fpid=&feid_sa=1675392362728&sid_sa=1675392362728&feid=d64917d2354e92f9f52fcf852811eee9&sid=bef203d8e07aa6cf18c3132a3195beba&u_adb=0&vn=T-0.1.1&utm_typ=referral&utm_src=xfantazy.com&s_rst=1&e_d=%7B%22isResetRequired%22%3Atrue%7D&t_op=0.318 HTTP/1.1
Host: adxadserv.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ads.adxadserv.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
HTTP/1.1 200 OK
Server: nginx/1.20.1
Date: Fri, 03 Feb 2023 02:45:34 GMT
Content-Length: 0
Connection: keep-alive
ocsp.pki.goog/s/gts1p5/JOSWRLamYCo
142.250.74.99200 OK 472 B URL HTTP/1.1 ocsp.pki.goog/s/gts1p5/JOSWRLamYCo
IP 142.250.74.99:0
Hash d761e1c07d308221dc376a1f736b2ed7
db08f84371e46e5129f491bfa85cc1364983ecad
2a8aa8c64b3eb1cf49095f697a652a5270ec1d7068d0d482af1b14c5d20ab140
POST /s/gts1p5/JOSWRLamYCo HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 03 Feb 2023 02:45:34 GMT
Cache-Control: public, max-age=14400
Server: scaffolding on HTTPServer2
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
go.xlirdr.com/i?campaignId=banner2609start&creativeId=300x250&modelsCountry=&modelsLanguage=&sourceId=xfanta&tag=females&targetDomain=&buttonColor=&hideModelNameOnSmallSpots=0&hideTitleOnSmallSpots=1&liveBadgeColor=%2324d7d7&showButton=1&showModelName=1&showTitle=0&showLiveBadge=1&isXhDesign=0&actionButtonPlacement=bottom&thumbSizeKey=small&hideButtonOnSmallSpots=1&userId=b47aedc2c088e2f21e0cc23e0318384c557941461efdbc48212e7282df45f2f4&landing=WidgetV4Universal
104.18.59.150302 Found 0 B URL HTTP/2 go.xlirdr.com/i?campaignId=banner2609start&creativeId=300x250&modelsCountry=&modelsLanguage=&sourceId=xfanta&tag=females&targetDomain=&buttonColor=&hideModelNameOnSmallSpots=0&hideTitleOnSmallSpots=1&liveBadgeColor=%2324d7d7&showButton=1&showModelName=1&showTitle=0&showLiveBadge=1&isXhDesign=0&actionButtonPlacement=bottom&thumbSizeKey=small&hideButtonOnSmallSpots=1&userId=b47aedc2c088e2f21e0cc23e0318384c557941461efdbc48212e7282df45f2f4&landing=WidgetV4Universal
IP 104.18.59.150:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /i?campaignId=banner2609start&creativeId=300x250&modelsCountry=&modelsLanguage=&sourceId=xfanta&tag=females&targetDomain=&buttonColor=&hideModelNameOnSmallSpots=0&hideTitleOnSmallSpots=1&liveBadgeColor=%2324d7d7&showButton=1&showModelName=1&showTitle=0&showLiveBadge=1&isXhDesign=0&actionButtonPlacement=bottom&thumbSizeKey=small&hideButtonOnSmallSpots=1&userId=b47aedc2c088e2f21e0cc23e0318384c557941461efdbc48212e7282df45f2f4&landing=WidgetV4Universal HTTP/1.1
Host: go.xlirdr.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://cams.gratis/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
date: Fri, 03 Feb 2023 02:45:34 GMT
content-length: 0
location: https://creative.xlirdr.com/widgets/v4/Universal/?actionButtonPlacement=bottom&buttonColor=&campaignId=banner2609start&creativeId=300x250&domain=stripchat&hideButtonOnSmallSpots=1&hideModelNameOnSmallSpots=0&hideTitleOnSmallSpots=1&isXhDesign=0&liveBadgeColor=%2324d7d7&modelsCountry=&modelsLanguage=&showButton=1&showLiveBadge=1&showModelName=1&showTitle=0&sound=off&sourceId=xfanta&tag=females&targetDomain=&thumbSizeKey=small&trackOff=1&userId=b47aedc2c088e2f21e0cc23e0318384c557941461efdbc48212e7282df45f2f4
access-control-allow-origin: *
cf-cache-status: DYNAMIC
set-cookie: __cflb=0H28uukSkGJRy5UBr2St4i2aEH3UZ9Z4jnrABqPPVhv; SameSite=None; Secure; path=/; expires=Sat, 04-Feb-23 01:45:34 GMT; HttpOnly
server: cloudflare
cf-ray: 7937d4c90f17b51b-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash fee867d660e7db4f404f9d19666d1a06
db98da7eacd4966c62c7f688e10921fc71579bce
6d54bae814fa49d7b9f10b42371f23af095338193032f711af9eef02dd814534
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "6D54BAE814FA49D7B9F10B42371F23AF095338193032F711AF9EEF02DD814534"
Last-Modified: Thu, 02 Feb 2023 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12344
Expires: Fri, 03 Feb 2023 06:11:18 GMT
Date: Fri, 03 Feb 2023 02:45:34 GMT
Connection: keep-alive
ocsp.digicert.com/
93.184.220.29200 OK 312 B IP 93.184.220.29:0
Hash 7cceb66c7fcbfb39f6a026dd9f7024bf
74b740acde0811ba381185f2c6470edf1da85548
c10cdb30efbee3ff81094a4d195008ac41a963c0fe256f9779b1543d7c71c991
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 1377
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Fri, 03 Feb 2023 02:45:34 GMT
Last-Modified: Fri, 03 Feb 2023 02:22:37 GMT
Server: ECS (ska/F711)
X-Cache: HIT
Content-Length: 312
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash fee867d660e7db4f404f9d19666d1a06
db98da7eacd4966c62c7f688e10921fc71579bce
6d54bae814fa49d7b9f10b42371f23af095338193032f711af9eef02dd814534
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "6D54BAE814FA49D7B9F10B42371F23AF095338193032F711AF9EEF02DD814534"
Last-Modified: Thu, 02 Feb 2023 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12344
Expires: Fri, 03 Feb 2023 06:11:18 GMT
Date: Fri, 03 Feb 2023 02:45:34 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash fee867d660e7db4f404f9d19666d1a06
db98da7eacd4966c62c7f688e10921fc71579bce
6d54bae814fa49d7b9f10b42371f23af095338193032f711af9eef02dd814534
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "6D54BAE814FA49D7B9F10B42371F23AF095338193032F711AF9EEF02DD814534"
Last-Modified: Thu, 02 Feb 2023 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12344
Expires: Fri, 03 Feb 2023 06:11:18 GMT
Date: Fri, 03 Feb 2023 02:45:34 GMT
Connection: keep-alive
creative.xlirdr.com/widgets/v4/Universal/lang/en.json
104.18.59.150200 OK 374 B URL HTTP/2 creative.xlirdr.com/widgets/v4/Universal/lang/en.json
IP 104.18.59.150:0
File type JSON data\012- , ASCII text
Hash 73e4afbaae083cfe12fed445b8a40e32
3003df4ec8c0901273cf4560e9aca40307bf2c73
315c9db3cc8baf54f619977cf38a08364b0d72bc08cbd1d330c9d519ad6f149c
GET /widgets/v4/Universal/lang/en.json HTTP/1.1
Host: creative.xlirdr.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://creative.xlirdr.com/widgets/v4/Universal/?actionButtonPlacement=bottom&buttonColor=&campaignId=banner2609start&creativeId=300x250&domain=stripchat&hideButtonOnSmallSpots=1&hideModelNameOnSmallSpots=0&hideTitleOnSmallSpots=1&isXhDesign=0&liveBadgeColor=%2324d7d7&modelsCountry=&modelsLanguage=&showButton=1&showLiveBadge=1&showModelName=1&showTitle=0&sound=off&sourceId=xfanta&tag=females&targetDomain=&thumbSizeKey=small&trackOff=1&userId=b47aedc2c088e2f21e0cc23e0318384c557941461efdbc48212e7282df45f2f4
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Fri, 03 Feb 2023 02:45:34 GMT
content-type: application/json
last-modified: Tue, 31 Jan 2023 09:49:21 GMT
etag: W/"63d8e421-ac"
expires: Fri, 03 Feb 2023 02:45:33 GMT
cache-control: max-age=10
pragma: public
cf-cache-status: HIT
age: 5
vary: Accept-Encoding
server: cloudflare
cf-ray: 7937d4ca3fa6b51b-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
creative.xlirdr.com/widgets/v4/Universal/main.33831b792a3809ba493a.css
104.18.59.150200 OK 4.7 kB URL HTTP/2 creative.xlirdr.com/widgets/v4/Universal/main.33831b792a3809ba493a.css
IP 104.18.59.150:0
File type ASCII text, with very long lines (13315), with no line terminators
Hash 36d0f5288b8b73f2d7aa9cb594962dbb
0f2ac53781d23cd2c9525223f08cc2e55c061e37
77933cbf37535c1f4adce2a9f822a946a40890882c63a61ddadda0af081af21f
GET /widgets/v4/Universal/main.33831b792a3809ba493a.css HTTP/1.1
Host: creative.xlirdr.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://creative.xlirdr.com/widgets/v4/Universal/?actionButtonPlacement=bottom&buttonColor=&campaignId=banner2609start&creativeId=300x250&domain=stripchat&hideButtonOnSmallSpots=1&hideModelNameOnSmallSpots=0&hideTitleOnSmallSpots=1&isXhDesign=0&liveBadgeColor=%2324d7d7&modelsCountry=&modelsLanguage=&showButton=1&showLiveBadge=1&showModelName=1&showTitle=0&sound=off&sourceId=xfanta&tag=females&targetDomain=&thumbSizeKey=small&trackOff=1&userId=b47aedc2c088e2f21e0cc23e0318384c557941461efdbc48212e7282df45f2f4
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Fri, 03 Feb 2023 02:45:34 GMT
content-type: text/css
last-modified: Tue, 31 Jan 2023 09:52:08 GMT
etag: W/"63d8e4c8-3403"
expires: Fri, 03 Feb 2023 02:45:28 GMT
cache-control: max-age=10
pragma: public
cf-cache-status: HIT
age: 8
vary: Accept-Encoding
server: cloudflare
cf-ray: 7937d4c99f70b51b-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.pki.goog/s/gts1p5/JOSWRLamYCo
142.250.74.99200 OK 472 B URL HTTP/1.1 ocsp.pki.goog/s/gts1p5/JOSWRLamYCo
IP 142.250.74.99:0
Hash d761e1c07d308221dc376a1f736b2ed7
db08f84371e46e5129f491bfa85cc1364983ecad
2a8aa8c64b3eb1cf49095f697a652a5270ec1d7068d0d482af1b14c5d20ab140
POST /s/gts1p5/JOSWRLamYCo HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 03 Feb 2023 02:45:34 GMT
Cache-Control: public, max-age=14400
Server: scaffolding on HTTPServer2
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
video.ktkjmp.com/adsbygoogle.js
104.18.48.21200 OK 16 B URL HTTP/2 video.ktkjmp.com/adsbygoogle.js
IP 104.18.48.21:0
Hash 3d7f7a60216d40dea48e495fef6903c9
fecdb5184f55cf012563d78940eb97b10b9cc99b
96d83ac9f20fc0b88404f307f135e212642e02d6ea295c96b28aed0d771a224f
GET /adsbygoogle.js HTTP/1.1
Host: video.ktkjmp.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://creative.xlirdr.com/
Origin: https://creative.xlirdr.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 03 Feb 2023 02:45:34 GMT
content-type: application/javascript
content-length: 16
x-amz-id-2: lcNIxMaAofF7Fv+CenZmpGJJrSUFrD74EH/RfdAjL9Jhx1+3B0JyXF3qWYdsiZqTewxi/ePstns=
x-amz-request-id: 3YWB4S6N4MZ3W6PX
last-modified: Thu, 10 Mar 2022 13:52:07 GMT
etag: "3d7f7a60216d40dea48e495fef6903c9"
x-amz-meta-s3cmd-attrs: atime:1646920284/ctime:1646920283/gid:20/gname:staff/md5:3d7f7a60216d40dea48e495fef6903c9/mode:33188/mtime:1646920283/uid:501/uname:mikhailchubar
x-amz-version-id: eIgLIBoMMcsEXtxOH6UDjWyfAquRpkIG
access-control-allow-origin: https://creative.xlirdr.com
access-control-allow-credentials: true
access-control-allow-headers: Content-Type, Content-Length, Accept-Encoding, x-requested-with
cf-cache-status: HIT
age: 435
expires: Fri, 03 Feb 2023 06:45:34 GMT
cache-control: public, max-age=14400
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 7937d4ca6f24b518-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 280 B IP 93.184.220.29:0
Hash 66549050cb78bb4fd953ab9fb5cd453d
0f3d71bc10c76aa872f4ac05e1732f180cbc1809
d6f4c312d1beb5e0d43215c7c578c82e5ee6df8b92d5934cc02d9fe2a1ff842e
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4337
Cache-Control: max-age=90235
Content-Type: application/ocsp-response
Date: Fri, 03 Feb 2023 02:45:34 GMT
Etag: "63db21d8-118"
Expires: Sat, 04 Feb 2023 03:49:29 GMT
Last-Modified: Thu, 02 Feb 2023 02:37:12 GMT
Server: ECS (ska/F711)
X-Cache: HIT
Content-Length: 280
creative.xlirdr.com/widgets/v4/Universal/?actionButtonPlacement=bottom&buttonColor=&campaignId=banner2609start&creativeId=300x250&domain=stripchat&hideButtonOnSmallSpots=1&hideModelNameOnSmallSpots=0&hideTitleOnSmallSpots=1&isXhDesign=0&liveBadgeColor=%2324d7d7&modelsCountry=&modelsLanguage=&showButton=1&showLiveBadge=1&showModelName=1&showTitle=0&sound=off&sourceId=xfanta&tag=females&targetDomain=&thumbSizeKey=small&trackOff=1&userId=b47aedc2c088e2f21e0cc23e0318384c557941461efdbc48212e7282df45f2f4
104.18.59.150200 OK 310 B URL HTTP/2 creative.xlirdr.com/widgets/v4/Universal/?actionButtonPlacement=bottom&buttonColor=&campaignId=banner2609start&creativeId=300x250&domain=stripchat&hideButtonOnSmallSpots=1&hideModelNameOnSmallSpots=0&hideTitleOnSmallSpots=1&isXhDesign=0&liveBadgeColor=%2324d7d7&modelsCountry=&modelsLanguage=&showButton=1&showLiveBadge=1&showModelName=1&showTitle=0&sound=off&sourceId=xfanta&tag=females&targetDomain=&thumbSizeKey=small&trackOff=1&userId=b47aedc2c088e2f21e0cc23e0318384c557941461efdbc48212e7282df45f2f4
IP 104.18.59.150:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash 1ab3e663cbe43dcdd713923b7b3fee96
1256dbec4521d29c441d17234cadbde489edb006
13f000857cca2943a3fc9254b231f09e64d7113c2ca4b5372f80e5f016dd0dcd
GET /widgets/v4/Universal/?actionButtonPlacement=bottom&buttonColor=&campaignId=banner2609start&creativeId=300x250&domain=stripchat&hideButtonOnSmallSpots=1&hideModelNameOnSmallSpots=0&hideTitleOnSmallSpots=1&isXhDesign=0&liveBadgeColor=%2324d7d7&modelsCountry=&modelsLanguage=&showButton=1&showLiveBadge=1&showModelName=1&showTitle=0&sound=off&sourceId=xfanta&tag=females&targetDomain=&thumbSizeKey=small&trackOff=1&userId=b47aedc2c088e2f21e0cc23e0318384c557941461efdbc48212e7282df45f2f4 HTTP/1.1
Host: creative.xlirdr.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://cams.gratis/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Fri, 03 Feb 2023 02:45:34 GMT
content-type: text/html
last-modified: Tue, 31 Jan 2023 09:49:21 GMT
expires: Fri, 03 Feb 2023 02:45:30 GMT
cache-control: max-age=10
strict-transport-security: max-age=15768000
pragma: public
report-to: { "endpoints":[{ "url": "https://go.stripchat.com/report" }], "group": "default", "max_age": 1048576 }
cf-cache-status: HIT
age: 5
vary: Accept-Encoding
server: cloudflare
cf-ray: 7937d4c96f55b51b-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
unseenreport.com/pxf.gif?uuid=24fe6844-4fa9-462b-a76f-bb99de33f774&eb=afa55bd8bbaeee6cbf2f0b21fb513961&te=9e4947f35751465411fd1a4f5c358c78&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&dev=e&res=14.1055&b_frame=0&pk=01f75a95a38a8db0a8e82d995253a076&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=2
192.243.59.20200 OK 1 B URL HTTP/1.1 unseenreport.com/pxf.gif?uuid=24fe6844-4fa9-462b-a76f-bb99de33f774&eb=afa55bd8bbaeee6cbf2f0b21fb513961&te=9e4947f35751465411fd1a4f5c358c78&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&dev=e&res=14.1055&b_frame=0&pk=01f75a95a38a8db0a8e82d995253a076&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=2
IP 192.243.59.20:0
ASN #39572 DataWeb Global Group B.V.
File type very short file (no magic)
Hash 93b885adfe0da089cdf634904fd59f71
5ba93c9db0cff93f52b521d7420e43f6eda2784f
6e340b9cffb37a989ca544e6bb780a2c78901d3fb33738768511a30617afa01d
Analyzer Verdict Alert quad9 Sinkholed
GET /pxf.gif?uuid=24fe6844-4fa9-462b-a76f-bb99de33f774&eb=afa55bd8bbaeee6cbf2f0b21fb513961&te=9e4947f35751465411fd1a4f5c358c78&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&dev=e&res=14.1055&b_frame=0&pk=01f75a95a38a8db0a8e82d995253a076&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=2 HTTP/1.1
Host: unseenreport.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.17.9
Date: Fri, 03 Feb 2023 02:45:34 GMT
Content-Type: image/gif
Content-Length: 1
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: b1374069c19b12a0f155bf678c9dc4cc
Strict-Transport-Security: max-age=0; includeSubdomains
a.realsrv.com/build-iframe-js-url.js?idzone=4891810
185.76.9.17200 OK 1.5 kB URL HTTP/2 a.realsrv.com/build-iframe-js-url.js?idzone=4891810
IP 185.76.9.17:0
ASN #60068 Datacamp Limited
Hash fc34aa54f64327f2932997a0b0c173f3
bd3b39d535920a9be28ce4e3ba4cebe388cf533e
a50195f3fea72e73682fb1eebbb345f60b3b36055b8826f79e20f567eb25cadf
GET /build-iframe-js-url.js?idzone=4891810 HTTP/1.1
Host: a.realsrv.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://a.realsrv.com/iframe.php?idzone=4891810&size=300x250
Cookie: __uvt=a%3A1%3A%7Bi%3A0%3Bs%3A33%3A%2263dc754d6b3534.867551032219796802%22%3B%7D; impressions=oslmrxbrnxgxamrscrmeogeicxbmsbcenxgxamrseoscsgeimmccrbebnxgxamcbexxbmgeioslmrxbmnxgxamreseallgeicxbmsbocnxgxamrolmocogeimmccrlaonxgxamccxobsegeimmccrlacnxgxamcmlarclgeicxbmsboenxgxamrscrmeogeioslmrxlrnxgxamslescrogeimmccrbxenxgxamrescroogeislsaroornxgxamccolacbgeioslmroemnxgxamrsxxxmrgeioslmrxlsnxgxamroamsoegeicmmsxrbonxgxamsoeamlmgeimmccrlaenxgxamrsxxxmrgeimmccrbeanxgxamcssabxegeicaocmrmanxgxamolcrcergeimcclsxronxgxamsscrmclgeimcclsxmenxgxamrescroogeialbserebnxgxamccrrssogeimcclsxaonxgxamsxsxllxgeicxbmsbxcnxgxamrsarxclgeimrblxebenxgxamselmborgeimcclsxconxgxamsbremaegeirbabxabbnxgxamrescroogeimcclsxacnxgxamsscrmclgeicmmsxaeenxgxamcmrmsrmgeialbsereanxgxamsoeabscgeicaxsscmbnxgxamsosomemgeimcclosconxgxamcxbemmxgeimcclsoeonxgxamrolmocogeimcclsxlcnxgxamreaccbbgeimcclossbnxgxamcscxaesgeimcclsxscnxgxamsmoooeegeimcclsxlenxgxamcbrorxbgeimaecseaenxgxamsmoooeegeimaecsxcbnxgxamsmoooeegeimcclsxoanxgxamclrbcelgeimcclsxlbnxgxamcrbalrageimccloscanxgxamclrbcrogeiclsmrbsonxgxamsmmrbmbgeiclsmarsenxgxamsmmrbmbgeiccmmllebnxgxamclarlmmgeimcclsxsbnxgxamreollxsgeiclsmrbxonxgxamsbebceegeiclsmrbxcnxgxamsbebceegeiclsmarscnxgxamsbebceegeiccmmlmlcnxgxamsbebceegeiclsmarrenxgxamsbebceegeicaormbaonxgxamsbxxbsrgeicaormlrenxgxamcememscgeimcclsxlonxgxamcsmlmxcgeimrblelronxgxamsbremaegeimaecsxobnxgxamsbremaegeiclsmrbrcnxgxamsbroemmgeiclsmrraanxgxamclsslaegeiclsmrmxbnxgxamsbroemmgeimccloscenxgxamsbmrxregeimcclsxxonxgxamslescrogeimrblelxbnxgxamslescrogeimcclsoeenxgxamclrbcelgeimrblelmonxgxamcxcrasxgeimrbleloenxgxamcxcrasxgeiclsmrrmanxgxamcxabcxbgeiclsmrbeonxgxamcxabcxbgeiclsmrrcenxgxamcxabcxbgeiclsmrmxanxgxamcxabcxbgeiclsmrbxenxgxamcxabcxbgeiclsmaroonxgxamcxabcxbgeialbserxenxgxamcosraregeimcclsxsenxgxamrescroogeimcclsxlanxgxamcblrlbcgeiccmmlleanxgxamccrrssogeicaormlabnxgxamcrllsmageicaormlconxgxamcrllsmageiclsmarsonxgxamclsslaegeiclsmrmlbnxgxamclsslaegeiclsmrmocnxgxamclsslaegeiccmmllecnxgxamclsslaegeimcclsxcanxgxamclrbcelgeimrblelcenxgxamclrbcelgeimaecsxrcnxgxamclrbcelgeialbserxonxgxamclarlmmgeimcclosscnxgxamreaccbbgeimaecobronxgxamrescroogeimaecobeenxgxamrescroogeimcclosccnxgxamrescroogeimaecoboonxgxamrescroogeimrblxelenxgxamrescroogeimbroosxcnxgxamrselcmrgxcceimsmxmosenxgxamrsxeecrgxcceicxmecmcanxgxamrsxeecbgxcceimxlbmosonogxamrsxxxmrgxcceimrxccosonxgxamrsxamrrgxcceiallxlmscnxgxamrsxleelgxcceimeembecenxgxamrsomsecgxcceimxeemblcnxgxamrsomsergxcceimrbleaebnxgxamrsseeoagxcceimbeelllanxgxamrssoeomgxcceicloaxxabnxgxamrssoalagxcceimxlbmxlcnogxamrssomelgxcceimcssmlrenxgxamrsssoabgxcceimeembesonxgxamrsscsbagxcceimxlbmosancgxamrsrooalgxcceimcssmlronsgxamrsrooalgxcceimmraexsenxgxamrsrcaccgxcceimmraexxanxgxamrsrcaccgxcceimboslabcnxgxamrsarxclgxcceimxeoxsacnxgxamrsarxclgxcceimbbcemoanrgxamrsamobsgxcceimxlbmoconxgxamrsamobcgxcceimbclraronrgxamrsmcxsogxcceimxlbmoobnogxamrsmcxsogxcceimesoasbanxgxamrsboxccgxcceimxesoxcbnxgxamrsboxccgxcceialrexeoonxgxamrsbsbsagxcceialrexexbnxgxamrsbsbsagxcceimblrcssonxgxamrsbmosegxcceimblrcsscnxgxamrsbmosegxcceimxlbmxbbnxgxamrsbbexbgxcceimbbcemobnogxamrsbbexlgxcceimaoobbebnxgxamrsbbexlgxcceimxlbmoscnxgxamrslosssgxcce; c-tag=%7B%22tag-banner%22%3A%22v3%7C%7CNOR%7C4891814%7C71987234%7C100644%7C%7C508%7C41%7C3%7C40%7C0%7C0%7C0%7C25344%7C0%7C0%7C0%7C1%7C0%7C0%7C0%7C0%7C1%7C0%7C0%7C1%7C%7C1cffa26cab9227e1600343a9ffbf0de2%7C0%7Cxfantazy.com%7C%7C%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7Cok%22%7D
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Fri, 03 Feb 2023 02:45:33 GMT
content-type: application/javascript
etag: W/"1789784d9721457eb3c560b1f16"
expires: Thu, 02 Feb 2023 18:45:39 GMT
cache-control: max-age=10800
access-control-allow-origin: *
x-cache-op: HIT
x-accel-expires: @1675396148
server: CDN77-Turbo
x-77-nzt: AblMCQ0qIQH/SRsAAA
x-77-nzt-ray: c0a4cc28490e5a604d75dc632b138b20
x-cache: HIT
x-age: 6985
x-77-pop: stockholmSE
x-77-cache: HIT
content-encoding: gzip
X-Firefox-Spdy: h2
ocsp.pki.goog/s/gts1p5/u51L6QJwQ0w
142.250.74.99200 OK 472 B URL HTTP/1.1 ocsp.pki.goog/s/gts1p5/u51L6QJwQ0w
IP 142.250.74.99:0
Hash f9bdcefaa86ce07b007dd7cb3955e4ab
126dc96b0be0c281219ac49f13e227fac239cba6
5050b58cc825de38eeddc9d339eaefeaaaf6a5bb93e067ffa57763d5e71d4e6f
POST /s/gts1p5/u51L6QJwQ0w HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 03 Feb 2023 02:45:34 GMT
Cache-Control: public, max-age=14400
Server: scaffolding on HTTPServer2
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
unseenreport.com/pxf.gif?uuid=24fe6844-4fa9-462b-a76f-bb99de33f774&eb=afa55bd8bbaeee6cbf2f0b21fb513961&te=9e4947f35751465411fd1a4f5c358c78&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&dev=e&res=14.1055&b_frame=0&pk=4d0afc2425eea6b0cd5a468c9f8a69ed&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=2
192.243.59.20200 OK 1 B URL HTTP/1.1 unseenreport.com/pxf.gif?uuid=24fe6844-4fa9-462b-a76f-bb99de33f774&eb=afa55bd8bbaeee6cbf2f0b21fb513961&te=9e4947f35751465411fd1a4f5c358c78&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&dev=e&res=14.1055&b_frame=0&pk=4d0afc2425eea6b0cd5a468c9f8a69ed&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=2
IP 192.243.59.20:0
ASN #39572 DataWeb Global Group B.V.
File type very short file (no magic)
Hash 93b885adfe0da089cdf634904fd59f71
5ba93c9db0cff93f52b521d7420e43f6eda2784f
6e340b9cffb37a989ca544e6bb780a2c78901d3fb33738768511a30617afa01d
Analyzer Verdict Alert quad9 Sinkholed
GET /pxf.gif?uuid=24fe6844-4fa9-462b-a76f-bb99de33f774&eb=afa55bd8bbaeee6cbf2f0b21fb513961&te=9e4947f35751465411fd1a4f5c358c78&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&dev=e&res=14.1055&b_frame=0&pk=4d0afc2425eea6b0cd5a468c9f8a69ed&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=2 HTTP/1.1
Host: unseenreport.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.17.9
Date: Fri, 03 Feb 2023 02:45:34 GMT
Content-Type: image/gif
Content-Length: 1
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: b927daa624fec530998cd82de18ca50b
Strict-Transport-Security: max-age=0; includeSubdomains
unseenreport.com/pxf.gif?uuid=24fe6844-4fa9-462b-a76f-bb99de33f774&eb=afa55bd8bbaeee6cbf2f0b21fb513961&te=9e4947f35751465411fd1a4f5c358c78&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&dev=e&res=14.1055&b_frame=0&pk=a2f990f10476061c719d1c1aa3a2ecd2&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=2
192.243.59.20200 OK 1 B URL HTTP/1.1 unseenreport.com/pxf.gif?uuid=24fe6844-4fa9-462b-a76f-bb99de33f774&eb=afa55bd8bbaeee6cbf2f0b21fb513961&te=9e4947f35751465411fd1a4f5c358c78&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&dev=e&res=14.1055&b_frame=0&pk=a2f990f10476061c719d1c1aa3a2ecd2&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=2
IP 192.243.59.20:0
ASN #39572 DataWeb Global Group B.V.
File type very short file (no magic)
Hash 93b885adfe0da089cdf634904fd59f71
5ba93c9db0cff93f52b521d7420e43f6eda2784f
6e340b9cffb37a989ca544e6bb780a2c78901d3fb33738768511a30617afa01d
Analyzer Verdict Alert quad9 Sinkholed
GET /pxf.gif?uuid=24fe6844-4fa9-462b-a76f-bb99de33f774&eb=afa55bd8bbaeee6cbf2f0b21fb513961&te=9e4947f35751465411fd1a4f5c358c78&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&dev=e&res=14.1055&b_frame=0&pk=a2f990f10476061c719d1c1aa3a2ecd2&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=2 HTTP/1.1
Host: unseenreport.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.17.9
Date: Fri, 03 Feb 2023 02:45:34 GMT
Content-Type: image/gif
Content-Length: 1
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: cb4d9a72a0c873d8413b3c3843c6d776
Strict-Transport-Security: max-age=0; includeSubdomains
kjm34.xyz/images/campaigns/creativity-2308521-16693108308667.png
172.67.152.253200 OK 25 kB URL HTTP/2 kjm34.xyz/images/campaigns/creativity-2308521-16693108308667.png
IP 172.67.152.253:0
File type PNG image data, 192 x 192, 8-bit colormap, non-interlaced\012- data
Hash c168c6b74312da308388c450def122b4
99a9c781305e19ad2134e843d25a4730c5485737
0f3dddc67a27688b19dc772302fd59dfaed3f16312d3ea6e7e0d31d515a56297
GET /images/campaigns/creativity-2308521-16693108308667.png HTTP/1.1
Host: kjm34.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 03 Feb 2023 02:45:34 GMT
content-type: image/png
content-length: 24894
cdn-pullzone: 283898
cdn-uid: 10270df6-3a78-4ee3-9e7e-62f57a8521e8
cdn-requestcountrycode: NO
cache-control: public, max-age=31919000
etag: "637fa96f-613e"
last-modified: Thu, 24 Nov 2022 17:27:11 GMT
cdn-proxyver: 1.03
cdn-requestpullsuccess: True
cdn-requestpullcode: 200
cdn-cachedat: 11/24/2022 17:34:52
cdn-edgestorageid: 860
cdn-status: 200
cdn-requestid: 9c2573d08a040c83310eb32d258f2e27
cdn-cache: HIT
cf-cache-status: HIT
age: 6073566
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=P8mkLPoKUaBLQsBjl%2BfrNkU73rJAbZ8rA5Rz7OWQKJ5J2gtALR7mtQskSLKO0mzKYQtsXvi65%2BOUJYeU8RwyiC2r%2FE36lPuIKJPZ3a%2BvfjwsrQ5nOatTV3exkZo%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7937d4cae8e0fabc-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.pki.goog/s/gts1p5/u51L6QJwQ0w
142.250.74.99200 OK 472 B URL HTTP/1.1 ocsp.pki.goog/s/gts1p5/u51L6QJwQ0w
IP 142.250.74.99:0
Hash f9bdcefaa86ce07b007dd7cb3955e4ab
126dc96b0be0c281219ac49f13e227fac239cba6
5050b58cc825de38eeddc9d339eaefeaaaf6a5bb93e067ffa57763d5e71d4e6f
POST /s/gts1p5/u51L6QJwQ0w HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 03 Feb 2023 02:45:34 GMT
Cache-Control: public, max-age=14400
Server: scaffolding on HTTPServer2
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.digicert.com/
93.184.220.29200 OK 313 B IP 93.184.220.29:0
Hash cfb737f48ea46c45455a10efd3481b8a
6a81a70970e36d7b7cb2450951ac8ed2f79e764e
f051f92fa0000ebf5248a8bb806bd83b9b3f9fe544bcdd54d38d954ce27cb1fa
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3259
Cache-Control: max-age=157192
Content-Type: application/ocsp-response
Date: Fri, 03 Feb 2023 02:45:34 GMT
Etag: "63dc2b9b-139"
Expires: Sat, 04 Feb 2023 22:25:26 GMT
Last-Modified: Thu, 02 Feb 2023 21:31:07 GMT
Server: ECS (ska/F711)
X-Cache: HIT
Content-Length: 313
ocsp.digicert.com/
93.184.220.29200 OK 313 B IP 93.184.220.29:0
Hash cfb737f48ea46c45455a10efd3481b8a
6a81a70970e36d7b7cb2450951ac8ed2f79e764e
f051f92fa0000ebf5248a8bb806bd83b9b3f9fe544bcdd54d38d954ce27cb1fa
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3259
Cache-Control: max-age=157192
Content-Type: application/ocsp-response
Date: Fri, 03 Feb 2023 02:45:34 GMT
Etag: "63dc2b9b-139"
Expires: Sat, 04 Feb 2023 22:25:26 GMT
Last-Modified: Thu, 02 Feb 2023 21:31:07 GMT
Server: ECS (ska/F711)
X-Cache: HIT
Content-Length: 313
ocsp.digicert.com/
93.184.220.29200 OK 313 B IP 93.184.220.29:0
Hash cfb737f48ea46c45455a10efd3481b8a
6a81a70970e36d7b7cb2450951ac8ed2f79e764e
f051f92fa0000ebf5248a8bb806bd83b9b3f9fe544bcdd54d38d954ce27cb1fa
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6019
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Fri, 03 Feb 2023 02:45:34 GMT
Last-Modified: Fri, 03 Feb 2023 01:05:15 GMT
Server: ECS (ska/F714)
X-Cache: HIT
Content-Length: 313
ocsp.pki.goog/s/gts1p5/u51L6QJwQ0w
142.250.74.99200 OK 472 B URL HTTP/1.1 ocsp.pki.goog/s/gts1p5/u51L6QJwQ0w
IP 142.250.74.99:0
Hash f9bdcefaa86ce07b007dd7cb3955e4ab
126dc96b0be0c281219ac49f13e227fac239cba6
5050b58cc825de38eeddc9d339eaefeaaaf6a5bb93e067ffa57763d5e71d4e6f
POST /s/gts1p5/u51L6QJwQ0w HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 03 Feb 2023 02:45:34 GMT
Cache-Control: public, max-age=14400
Server: scaffolding on HTTPServer2
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
chaturbate.com/tours/3/?tour=x1Rd&campaign=NcAyU&c=3&p=0&gender=f&disable_sound=0
104.18.100.40200 OK 35 kB URL HTTP/2 chaturbate.com/tours/3/?tour=x1Rd&campaign=NcAyU&c=3&p=0&gender=f&disable_sound=0
IP 104.18.100.40:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (60824)
Hash 0bb2c2da181ce38c822280e68bb727a8
6bc921424e3873ef6e5bbf76b09f5c0563c423fc
e4f7b5480a0244435ac40beeacd9dd7ee1aebf155b2b9b535fdeea743903ebb1
GET /tours/3/?tour=x1Rd&campaign=NcAyU&c=3&p=0&gender=f&disable_sound=0 HTTP/1.1
Host: chaturbate.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://cams.gratis/
Connection: keep-alive
Cookie: __cf_bm=gkgk4GKr3xXlgOwlOhCnV3Asga0aIkHNR5.GLdYlft0-1675392334-0-AW54cTG+m8QmGaMkVad+wmLJcAD0dvkqNIZs7e4DFtH8iS1CND2b5mCDveNzGS33fkh9nL6AaxwfcVVfpQ5usvA=
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Fri, 03 Feb 2023 02:45:34 GMT
content-type: text/html; charset=utf-8
vary: Accept-Encoding, Accept-Language, Cookie
p3p: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"
content-language: en
content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.mmcdn.com https://*.highwebmedia.com https://*.chaturbate.com https://chaturbate.com https://ajax.googleapis.com https://js-agent.newrelic.com https://cdnjs.cloudflare.com https://www.google-analytics.com https://www.google.com/recaptcha/ https://www.google.com/cv/ https://www.gstatic.com/recaptcha/ https://www.gstatic.com/cv/ https://www.gstatic.com/eureka/ https://www.gstatic.com/cast/ https://*.nr-data.net https://certify-js.alexametrics.com https://player.vimeo.com/api/player.js https://static.hotjar.com https://script.hotjar.com ; style-src 'self' data: 'unsafe-inline' https://*.highwebmedia.com https://cdnjs.cloudflare.com https://fonts.googleapis.com https://static.hotjar.com https://script.hotjar.com; img-src 'self' data: https://*.mmcdn.com https://*.highwebmedia.com https://*.stream.highwebmedia.com https://*.chaturbate.com https://chaturbate.com https://www.google-analytics.com https://static-pub.highwebmedia.com https://s3pv.highwebmedia.com https://cbphotovideo.s3.amazonaws.com https://cbphotovideo-eu.s3.amazonaws.com https://static-pub.highwebmedia.com.s3.amazonaws.com https://wowdvr.s3.amazonaws.com https://cbvideoupload.s3.amazonaws.com https://cdnjs.cloudflare.com https://www.gstatic.com https://*.nr-data.net https://certify.alexametrics.com https://stats.g.doubleclick.net https://cbgames.s3.amazonaws.com https://player.vimeo.com https://script.hotjar.com http://script.hotjar.com ; font-src 'self' data: https://*.mmcdn.com https://*.highwebmedia.com https://cdnjs.cloudflare.com https://fonts.gstatic.com http://script.hotjar.com https://script.hotjar.com ; connect-src 'self' blob: blob https://*.mmcdn.com wss://*.mmcdn.com wss://*.mmcdn.com:8443 https://*.highwebmedia.com wss://*.highwebmedia.com wss://*.highwebmedia.com:8443 https://*.nr-data.net https://*.chaturbate.com https://chaturbate.com https://www.google-analytics.com https://cbvideoupload.s3-accelerate.amazonaws.com https://stats.g.doubleclick.net https://internet-up.ably-realtime.com https://static-pub.highwebmedia.com https://s3pv.highwebmedia.com https://cbphotovideo.s3.amazonaws.com https://cbphotovideo-eu.s3.amazonaws.com https://static-pub.highwebmedia.com.s3.amazonaws.com https://wowdvr.s3.amazonaws.com https://cbvideoupload.s3.amazonaws.com https://tls-use1.fpapi.io https://use1.fptls.com https://eun1.fptls.com https://aps1.fptls.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com ; media-src 'self' https://*.mmcdn.com https://*.highwebmedia.com https://*.chaturbate.com https://chaturbate.com mediasource: blob: data: https://static-pub.highwebmedia.com https://s3pv.highwebmedia.com https://cbphotovideo.s3.amazonaws.com https://cbphotovideo-eu.s3.amazonaws.com https://static-pub.highwebmedia.com.s3.amazonaws.com https://wowdvr.s3.amazonaws.com https://cbvideoupload.s3.amazonaws.com; object-src 'self' https://*.mmcdn.com https://*.highwebmedia.com https://download.macromedia.com https://static-pub.highwebmedia.com https://s3pv.highwebmedia.com https://cbphotovideo.s3.amazonaws.com https://cbphotovideo-eu.s3.amazonaws.com https://static-pub.highwebmedia.com.s3.amazonaws.com https://wowdvr.s3.amazonaws.com https://cbvideoupload.s3.amazonaws.com ; frame-src 'self' https://*.mmcdn.com https://*.chaturbate.com https://chaturbate.com https://*.highwebmedia.com https://adserver.exoticads.com https://www.google.com/recaptcha/ https://*.wnu.com https://wnu.com https://checkout.2000charge.com https://www.sofort.com https://*.girogate.de https://player.vimeo.com https://vars.hotjar.com ; child-src 'self' blob: blob ; worker-src 'self' blob: blob ; form-action 'self' https://*.chaturbate.com https://chaturbate.com https://*.stream.highwebmedia.com https://*.wnu.com https://wnu.com https://devportal.cb.dev https://*.web.amer-1.jumio.ai https://smartpay.coinsmart.com https://secure.paygarden.com ; manifest-src 'self' https://*.mmcdn.com https://*.highwebmedia.com ; report-uri https://report-uri.mmcdn.com/r/t/csp/enforce;
report-to: {"group":"default","max_age":2592000,"endpoints":[{"url":"https://report-uri.mmcdn.com/a/t/g"}],"include_subdomains":true}
nel: {"report_to":"default","max_age":2592000,"include_subdomains":true}
cache-control: no-cache
x-content-type-options: nosniff
x-xss-protection: 1; mode=block; report=https://report-uri.highwebmedia.com/r/t/xss/enforce
referrer-policy: strict-origin-when-cross-origin
via: 1.1 google
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
set-cookie: affkey="eJyrVipSslJQyigpKSi20tdPTswt1ksvSizJLNZXqgUAilAJow=="; Domain=.chaturbate.com; expires=Sun, 05 Mar 2023 02:45:34 GMT; Max-Age=2592000; Path=/
sbr=sec:sbrab2df551-b8de-4f6b-9787-26c7273e19c9:1pNm50:dNK6kSxXW6e5tJjQL7pEBqYA3fU; Domain=.chaturbate.com; expires=Wed, 29 Oct 2025 02:45:34 GMT; HttpOnly; Max-Age=86313600; Path=/; Secure
cf-cache-status: DYNAMIC
strict-transport-security: max-age=31536000; includeSubDomains; preload
server: cloudflare
cf-ray: 7937d4c95eccb518-OSL
content-encoding: br
X-Firefox-Spdy: h2
roomimg.stream.highwebmedia.com/riw/heatherbby.jpg?1675392330
104.19.242.83200 OK 9.1 kB URL HTTP/2 roomimg.stream.highwebmedia.com/riw/heatherbby.jpg?1675392330
IP 104.19.242.83:0
File type JPEG image data, JFIF standard 1.02, aspect ratio, density 548x549, segment length 16, progressive, precision 8, 480x270, components 3\012- data
Hash 31117fc4654d605936cf1f6a66d43677
01710849bb8beac525b0a34f8dabc84549d0b016
8363d7df3114a84d270d00ffc27ce6f26015841a22be0e504bace8c93ee9c899
GET /riw/heatherbby.jpg?1675392330 HTTP/1.1
Host: roomimg.stream.highwebmedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://chaturbate.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Fri, 03 Feb 2023 02:45:34 GMT
content-type: image/jpeg
content-length: 9074
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
cache-control: public, max-age=30
cf-bgj: imgq:100,h2pri
cf-polished: origSize=9259
content-security-policy: default-src 'none'; img-src data:; style-src 'unsafe-inline'
referrer-policy: strict-origin-when-cross-origin
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
x-frame-options: DENY
x-xss-protection: 1; mode=block
cf-cache-status: HIT
age: 3
last-modified: Fri, 03 Feb 2023 02:45:31 GMT
expires: Fri, 03 Feb 2023 02:46:04 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=riM356O9rwLhnsPblKXqoa6%2B9VbcEMupqrtkDcJNKdvrL2T5iUgq1z2VWPfZl5QqpPNhyhKl6B%2B12eJ2PCz34BELbWc7WlJ5E2ghQuDvhx2eu1ryW%2Bv5iLJnRaUIXRYmrFr6ftFqYoNd6kNXgiGTrDs%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
set-cookie: _cfuvid=EFgLgGTMypLxGWl9XEDfXNrV2MpvgGgdXKAqbmqXdJw-1675392334678-0-604800000; path=/; domain=.highwebmedia.com; HttpOnly; Secure; SameSite=None
server: cloudflare
cf-ray: 7937d4cbbc2bb4e8-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
roomimg.stream.highwebmedia.com/riw/chillwithkira.jpg?1675392330
104.19.242.83200 OK 9.1 kB URL HTTP/2 roomimg.stream.highwebmedia.com/riw/chillwithkira.jpg?1675392330
IP 104.19.242.83:0
File type JPEG image data, JFIF standard 1.02, aspect ratio, density 548x549, segment length 16, comment: "Lavc58.91.100", baseline, precision 8, 480x270, components 3\012- data
Hash 2d009e22f81fdb92b15b1c0659dcf782
a507868ff6db1c9208dff4249e57bbad2723e65f
9378521c7d4f0ae94d7ae44bd77970b31f8b3fe3c75b5cd96637338d63143e85
GET /riw/chillwithkira.jpg?1675392330 HTTP/1.1
Host: roomimg.stream.highwebmedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://chaturbate.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Fri, 03 Feb 2023 02:45:34 GMT
content-type: image/jpeg
content-length: 9104
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
cache-control: public, max-age=30
cf-bgj: imgq:100,h2pri
cf-polished: status=not_needed
content-security-policy: default-src 'none'; img-src data:; style-src 'unsafe-inline'
referrer-policy: strict-origin-when-cross-origin
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
x-frame-options: DENY
x-xss-protection: 1; mode=block
cf-cache-status: HIT
age: 9
last-modified: Fri, 03 Feb 2023 02:45:25 GMT
expires: Fri, 03 Feb 2023 02:46:04 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=tOBTz4kkcVwNAtwvcU7pCknwHCEfLkKNgzmi%2FGaSWJby0Re7ho75qMsL6jCStUUD8Ti8b9VGDA%2BfFwRq38FmN7IeExXGxINxnsBVKhn4nV%2ByWVXwV7XXYJUvTjwcQbfl61IQsBYg2prki5qEkzPVny0%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
set-cookie: _cfuvid=LeLoucGyqHXEw8gjyTEbtrnvKiWv_y43hE8oZqOMfoQ-1675392334679-0-604800000; path=/; domain=.highwebmedia.com; HttpOnly; Secure; SameSite=None
server: cloudflare
cf-ray: 7937d4cbbc2cb4e8-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 280 B IP 93.184.220.29:0
Hash 9853cdf762d617058e15a6ebf8cf6007
bac2b32ed54e1efb9e4006b74704ae972bbf3a47
31d0fd314bad4bb07426823578583418b6f84de540c23afc0b9a280b531e1d78
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4565
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Fri, 03 Feb 2023 02:45:34 GMT
Last-Modified: Fri, 03 Feb 2023 01:29:29 GMT
Server: ECS (ska/F711)
X-Cache: HIT
Content-Length: 280
ocsp.digicert.com/
93.184.220.29200 OK 313 B IP 93.184.220.29:0
Hash cfb737f48ea46c45455a10efd3481b8a
6a81a70970e36d7b7cb2450951ac8ed2f79e764e
f051f92fa0000ebf5248a8bb806bd83b9b3f9fe544bcdd54d38d954ce27cb1fa
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6019
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Fri, 03 Feb 2023 02:45:34 GMT
Last-Modified: Fri, 03 Feb 2023 01:05:15 GMT
Server: ECS (ska/F714)
X-Cache: HIT
Content-Length: 313
img.strpst.com/thumbs/1675392241/85364341
104.18.63.124200 OK 35 kB URL HTTP/2 img.strpst.com/thumbs/1675392241/85364341
IP 104.18.63.124:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 0x0, segment length 16, progressive, precision 8, 640x360, components 3\012- data
Hash 7c962f574adfb81fd1d585a1eed88983
adddeb635618271fa1f2a145ea3ef8d6b6a78603
2bad38dc502b0351721d1a40e5795cf6bb44432b32ba3abeea4d2ecedcfa18cc
GET /thumbs/1675392241/85364341 HTTP/1.1
Host: img.strpst.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://creative.xlirdr.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 03 Feb 2023 02:45:34 GMT
content-type: image/jpeg
content-length: 34585
access-control-allow-credentials: true
access-control-allow-headers: *
access-control-allow-methods: GET
access-control-allow-origin: *
cf-bgj: imgq:100,h2pri
cf-polished: origSize=35638, status=webp_bigger
etag: "570b90f2a00227d3293b539b8013b8c9"
last-modified: Fri, 03 Feb 2023 02:43:32 GMT
cf-cache-status: HIT
age: 61
expires: Fri, 03 Feb 2023 03:15:34 GMT
cache-control: public, max-age=1800
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 7937d4cbf86cb51b-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 280 B IP 93.184.220.29:0
Hash 9853cdf762d617058e15a6ebf8cf6007
bac2b32ed54e1efb9e4006b74704ae972bbf3a47
31d0fd314bad4bb07426823578583418b6f84de540c23afc0b9a280b531e1d78
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4565
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Fri, 03 Feb 2023 02:45:34 GMT
Last-Modified: Fri, 03 Feb 2023 01:29:29 GMT
Server: ECS (ska/F711)
X-Cache: HIT
Content-Length: 280
js-agent.newrelic.com/692.215647de-1223.js
151.101.194.137200 OK 1.1 kB URL HTTP/2 js-agent.newrelic.com/692.215647de-1223.js
IP 151.101.194.137:0
File type ASCII text, with very long lines (2024), with no line terminators
Hash 1dc08a1beb61f5f16d5972c0bee130e4
9f79e0cdf3d763c3caa0c0be870c86b2d64a8dc9
cdd769feea442da1672ab541a2d9846e1561520bb24484e8ee09d1d5d17570f0
GET /692.215647de-1223.js HTTP/1.1
Host: js-agent.newrelic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://chaturbate.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: 2yt9zIT4kPGAHbZR3GCMZ5QoLheWqVlcJX0f/njjzvUTTdDRBkBy06VpOX/u//lzjAgeAveu2U8=
x-amz-request-id: 29B921PPM35DC69W
last-modified: Fri, 27 Jan 2023 21:42:05 GMT
etag: "2a9c8457fef96067bf92a4ec54fb10b8"
x-amz-version-id: I.n_PBR7fU5g2cmlAwgMlzr4Oik5bP_f
content-type: application/javascript
server: AmazonS3
access-control-allow-origin: *
cache-control: public, max-age=7200, stale-if-error=604800
content-encoding: gzip
accept-ranges: bytes
date: Fri, 03 Feb 2023 02:45:34 GMT
via: 1.1 varnish
x-served-by: cache-bma1641-BMA
x-cache: HIT
x-cache-hits: 504
x-timer: S1675392335.823341,VS0,VE0
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
content-length: 1087
X-Firefox-Spdy: h2
js-agent.newrelic.com/112.215647de-1223.js
151.101.194.137200 OK 2.8 kB URL HTTP/2 js-agent.newrelic.com/112.215647de-1223.js
IP 151.101.194.137:0
File type ASCII text, with very long lines (7285), with no line terminators
Hash 51f26008d21e2bd91b8a9baa4c356ab9
59888996bcb03c11b1d2e61a868009e57846b8cb
feebd27b271ee3a7198d3dbc69610281a43503080d724ec0fcb7c4bfa13d42f6
GET /112.215647de-1223.js HTTP/1.1
Host: js-agent.newrelic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://chaturbate.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
x-amz-id-2: 89jhP8k1dPBysMYdCzqbzxQ1KxABx3MYRt9LPVpreRIcgdqnpH5bT0LvyouOsXZFM+UKIfDjy0I=
x-amz-request-id: 29BA48WT782NR5G3
last-modified: Fri, 27 Jan 2023 21:42:05 GMT
etag: "b225b095bddb200dcb67ba7625a14e0b"
x-amz-version-id: 9bSPwe8fMEYRcVSv2EMBWMHRAeUObfWk
content-type: application/javascript
server: AmazonS3
access-control-allow-origin: *
cache-control: public, max-age=7200, stale-if-error=604800
content-encoding: gzip
accept-ranges: bytes
date: Fri, 03 Feb 2023 02:45:34 GMT
via: 1.1 varnish
x-served-by: cache-bma1641-BMA
x-cache: HIT
x-cache-hits: 372
x-timer: S1675392335.824071,VS0,VE0
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
content-length: 2800
X-Firefox-Spdy: h2
js-agent.newrelic.com/817.215647de-1223.js
151.101.194.137200 OK 1.0 kB URL HTTP/2 js-agent.newrelic.com/817.215647de-1223.js
IP 151.101.194.137:0
File type ASCII text, with very long lines (2422), with no line terminators
Hash f899718de7c8c66eeb4bbfa0c22acf5e
ec2a6857256c2ed00c401b4888ff36871baf6b43
809f4867eaf293e35d10315d6e65aa69289d7eee0ab7e8de437b18c2a06fed94
GET /817.215647de-1223.js HTTP/1.1
Host: js-agent.newrelic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://chaturbate.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
x-amz-id-2: sWkU684Mr3Z5/fJ2O0srvU3HupQDLlairtucn7ucXJIoplwlZJHmVmeQSK82HUlRykCYQPaNYBk=
x-amz-request-id: 29BE804GA0J43Q99
last-modified: Fri, 27 Jan 2023 21:42:05 GMT
etag: "a5dc24e5a104adfcf70621ff7fb620ff"
x-amz-version-id: fbj3lJUaysglBYTWHHCwffYncZ19MQ50
content-type: application/javascript
server: AmazonS3
access-control-allow-origin: *
cache-control: public, max-age=7200, stale-if-error=604800
content-encoding: gzip
accept-ranges: bytes
date: Fri, 03 Feb 2023 02:45:34 GMT
via: 1.1 varnish
x-served-by: cache-bma1641-BMA
x-cache: HIT
x-cache-hits: 269
x-timer: S1675392335.824197,VS0,VE0
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
content-length: 1044
X-Firefox-Spdy: h2
js-agent.newrelic.com/378.215647de-1223.js
151.101.194.137200 OK 6.4 kB URL HTTP/2 js-agent.newrelic.com/378.215647de-1223.js
IP 151.101.194.137:0
File type ASCII text, with very long lines (17828), with no line terminators
Hash d58a3a565fc0bbaf659cdd5bf0c3cd4f
8cd110e6b7199e11de72368b73abb8a3afddfff8
bd6f2c9e271f74ce10d1ad05fdde0fa7bf0ffa34ea85f6076a58e50111df8de7
GET /378.215647de-1223.js HTTP/1.1
Host: js-agent.newrelic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://chaturbate.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
x-amz-id-2: jhmNL7TL7NMx1UoOR5WpT5kMljdWRrYGpnmm3iqO7tDQcfjU0mie9CCq0LQCgRqufry0GCFQmEg=
x-amz-request-id: 93FTN287CT7M20VW
last-modified: Fri, 27 Jan 2023 21:42:05 GMT
etag: "2705e6768fceda2e9c8355d65e268d7c"
x-amz-version-id: tRin0ET_go6ogNo.J2ffgT9M6xH6BEos
content-type: application/javascript
server: AmazonS3
access-control-allow-origin: *
cache-control: public, max-age=7200, stale-if-error=604800
content-encoding: gzip
accept-ranges: bytes
date: Fri, 03 Feb 2023 02:45:34 GMT
via: 1.1 varnish
x-served-by: cache-bma1641-BMA
x-cache: HIT
x-cache-hits: 207
x-timer: S1675392335.824298,VS0,VE0
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
content-length: 6410
X-Firefox-Spdy: h2
js-agent.newrelic.com/307.215647de-1223.js
151.101.194.137200 OK 3.6 kB URL HTTP/2 js-agent.newrelic.com/307.215647de-1223.js
IP 151.101.194.137:0
File type ASCII text, with very long lines (9700), with no line terminators
Hash ee729b93fd1e54d7c6108a4a252b67a2
e87fca8b97e56a89980ad6eb488ef1ac50116366
b48a5e5b92d4d04becc06d85a678fffe33bf31611398c217ec232171f6d11f8f
GET /307.215647de-1223.js HTTP/1.1
Host: js-agent.newrelic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://chaturbate.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
x-amz-id-2: xbAyM3B6Z/Ooy6PMw2GgjfE/Ir1lbwXjKVU7JKeSJnjmMgE/GpUd1AOACsKLCPxaWbQWAHrYzE0=
x-amz-request-id: KRHE8V2CFA00B292
last-modified: Fri, 27 Jan 2023 21:42:05 GMT
etag: "cca13aa273adc25aced599968bea0601"
x-amz-version-id: ED2qEQGkNHGjLDyC2ELlsbsj8AXnsN9k
content-type: application/javascript
server: AmazonS3
access-control-allow-origin: *
cache-control: public, max-age=7200, stale-if-error=604800
content-encoding: gzip
accept-ranges: bytes
date: Fri, 03 Feb 2023 02:45:34 GMT
via: 1.1 varnish
x-served-by: cache-bma1641-BMA
x-cache: HIT
x-cache-hits: 270
x-timer: S1675392335.826466,VS0,VE0
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
content-length: 3648
X-Firefox-Spdy: h2
js-agent.newrelic.com/785.215647de-1223.js
151.101.194.137200 OK 2.1 kB URL HTTP/2 js-agent.newrelic.com/785.215647de-1223.js
IP 151.101.194.137:0
File type ASCII text, with very long lines (5141), with no line terminators
Hash 7fa55562924d9fae72bef9c581681545
2a9f69db97168913e41c20b42278f0b020f19e02
9ab186c1c3c7132d927edd774e14412550e0127ae67bcf04353f94ce22dd1b5f
GET /785.215647de-1223.js HTTP/1.1
Host: js-agent.newrelic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://chaturbate.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: +m4UupLkIm012wjkD0AOw3MWK5aT8Y0g0D4hdCiEX5xVgPPr8nsRchoPSx3Y9Rb4NP65eTC0O6I=
x-amz-request-id: 29B11CZV4JJHK42G
last-modified: Fri, 27 Jan 2023 21:42:05 GMT
etag: "85340359c90104ea511047eb2b57ebb5"
x-amz-version-id: 24gfKeCbKAAA6djjTUpWk6gRfGGq6MlZ
content-type: application/javascript
server: AmazonS3
access-control-allow-origin: *
cache-control: public, max-age=7200, stale-if-error=604800
content-encoding: gzip
accept-ranges: bytes
date: Fri, 03 Feb 2023 02:45:34 GMT
via: 1.1 varnish
x-served-by: cache-bma1641-BMA
x-cache: HIT
x-cache-hits: 504
x-timer: S1675392335.828739,VS0,VE0
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
content-length: 2103
X-Firefox-Spdy: h2
js-agent.newrelic.com/779.215647de-1223.js
151.101.194.137200 OK 3.5 kB URL HTTP/2 js-agent.newrelic.com/779.215647de-1223.js
IP 151.101.194.137:0
File type ASCII text, with very long lines (8307), with no line terminators
Hash 411c3ac790a3a8f8f71906adf57df690
ceef347ad1356a868f3c371ffc84c205958aed6d
59a8f0bcbad548fd487a595f4a2c3642268a19437d80096f1f0e3a67301132ac
GET /779.215647de-1223.js HTTP/1.1
Host: js-agent.newrelic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://chaturbate.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: oJiVqgUxxXTGlb3WHfPODQ+0hnRNaK4Wu3C5q0qzLW1Wy1zUCv3lJDvZMbOZXlmpWlVHYmT68X8=
x-amz-request-id: 29B6GFQJDW5ETZPK
last-modified: Fri, 27 Jan 2023 21:42:05 GMT
etag: "1f9dc6167676d6db728e844d20a97ad5"
x-amz-version-id: d0hMUd3mWD9ItciiSIXCSy8OWToOTtsf
content-type: application/javascript
server: AmazonS3
access-control-allow-origin: *
cache-control: public, max-age=7200, stale-if-error=604800
content-encoding: gzip
accept-ranges: bytes
date: Fri, 03 Feb 2023 02:45:34 GMT
via: 1.1 varnish
x-served-by: cache-bma1641-BMA
x-cache: HIT
x-cache-hits: 506
x-timer: S1675392335.830714,VS0,VE0
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
content-length: 3516
X-Firefox-Spdy: h2
js-agent.newrelic.com/823.215647de-1223.js
151.101.194.137200 OK 1.4 kB URL HTTP/2 js-agent.newrelic.com/823.215647de-1223.js
IP 151.101.194.137:0
File type ASCII text, with very long lines (3147), with no line terminators
Hash 87de67cddb1db12fc7ee256669fcd9ba
5c882b5cc4bff34d8f4c603d6077f424b442a0df
42e88e7da2ca5f5fbd6fb461147d562a317c22508508c937cc57ad65c04e5986
GET /823.215647de-1223.js HTTP/1.1
Host: js-agent.newrelic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://chaturbate.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: 5Fb4P8xJczd5vSJcDjiJeEIdldSbkECuaWyErtMTeAtEHKfdyrVuRuzSrltAg1+Dqn5ZyguqAlc=
x-amz-request-id: 29B2ND18W5AQM0T8
last-modified: Fri, 27 Jan 2023 21:42:05 GMT
etag: "ce7762cf4b6665f79c15503dbccd6c68"
x-amz-version-id: W2tA0gkaWp6JlPnYeFhc2plzNBl_myPN
content-type: application/javascript
server: AmazonS3
access-control-allow-origin: *
cache-control: public, max-age=7200, stale-if-error=604800
content-encoding: gzip
accept-ranges: bytes
date: Fri, 03 Feb 2023 02:45:34 GMT
via: 1.1 varnish
x-served-by: cache-bma1641-BMA
x-cache: HIT
x-cache-hits: 507
x-timer: S1675392335.833786,VS0,VE0
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
content-length: 1365
X-Firefox-Spdy: h2
js-agent.newrelic.com/325.215647de-1223.js
151.101.194.137200 OK 560 B URL HTTP/2 js-agent.newrelic.com/325.215647de-1223.js
IP 151.101.194.137:0
File type ASCII text, with very long lines (1119), with no line terminators
Hash dbb8514b0fe73ed1c9a3bb94d6bd624b
083e321a63d3e24555e87c564d3b52588ed49ae1
10a720318922a38e6bf41921f3adc6f56bc61f215e251be7f5f37ec991d9b852
GET /325.215647de-1223.js HTTP/1.1
Host: js-agent.newrelic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://chaturbate.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: y2K+rpeLF3Ym/3l6sNpa29RWC/g7TNS9+AlxD2Yrljl995Eo6bNRqMUpU5PNsi1SzBJybaX6onw=
x-amz-request-id: 5D6X5R0HEXVCYE0Y
last-modified: Fri, 27 Jan 2023 21:42:05 GMT
etag: "8bfb1318203f2143642fa7f2620e90b9"
x-amz-version-id: TZXfN40R6cv9QsF3fTfxRxppzwQ_LugL
content-type: application/javascript
server: AmazonS3
access-control-allow-origin: *
cache-control: public, max-age=7200, stale-if-error=604800
content-encoding: gzip
accept-ranges: bytes
date: Fri, 03 Feb 2023 02:45:34 GMT
via: 1.1 varnish
x-served-by: cache-bma1641-BMA
x-cache: HIT
x-cache-hits: 506
x-timer: S1675392335.836232,VS0,VE0
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
content-length: 560
X-Firefox-Spdy: h2
js-agent.newrelic.com/960.215647de-1223.js
151.101.194.137200 OK 18 kB URL HTTP/2 js-agent.newrelic.com/960.215647de-1223.js
IP 151.101.194.137:0
Hash 005c085e4060126d42a21a9685e65d41
e49c244a57857166041670bf4366b3cad7380ba8
a2712e500df1528ec5201d9634dfe91f209cf386063274adcd4703079d7f8b8d
GET /960.215647de-1223.js HTTP/1.1
Host: js-agent.newrelic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://chaturbate.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: gNdtGXUJfleX+6Y/31csogbPXnzsvAdQ2x0ORpMeZLnvhbSRfapicWEnWrmVHTcguxNTc34ROLE=
x-amz-request-id: 29B7ET22KYPXWQTJ
last-modified: Fri, 27 Jan 2023 21:42:05 GMT
etag: "57e420fb6a7c52d0c27d5548fef4de16"
x-amz-version-id: iCdpSHjuiF_zf7kNvVpWKcwVkVeojeJa
content-type: application/javascript
server: AmazonS3
access-control-allow-origin: *
cache-control: public, max-age=7200, stale-if-error=604800
content-encoding: gzip
accept-ranges: bytes
date: Fri, 03 Feb 2023 02:45:34 GMT
via: 1.1 varnish
x-served-by: cache-bma1641-BMA
x-cache: HIT
x-cache-hits: 257
x-timer: S1675392335.837600,VS0,VE0
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
content-length: 2233
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 282d6132e7d6e1c8aae030543ebb8ad4
3f0e12f89adeda9af0ae6065c810b216359b7581
6de5dfbdd3884f6505bebd5469c2cadc701bdee16ae542d87ea7204cf25be344
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 389
Cache-Control: max-age=159352
Content-Type: application/ocsp-response
Date: Fri, 03 Feb 2023 02:45:34 GMT
Etag: "63dc3f41-1d7"
Expires: Sat, 04 Feb 2023 23:01:26 GMT
Last-Modified: Thu, 02 Feb 2023 22:54:57 GMT
Server: ECS (ska/F711)
X-Cache: HIT
Content-Length: 471
bam.nr-data.net/1/6f524845d1?a=24279235&v=1223.PROD&to=MwYEbUdYXxJQWhULDApMIExbWkUIXldOFgwRERUXQ1BUFkIDFQ0WFlA%3D&rst=851&ck=0&s=6cb633e255ca5064&ref=https://chaturbate.com/tours/3/&ap=26&be=510&fe=201&dc=133&perf=%7B%22timing%22:%7B%22of%22:1675392362953,%22n%22:0,%22r%22:0,%22re%22:241,%22f%22:241,%22dn%22:241,%22dne%22:241,%22c%22:241,%22s%22:241,%22ce%22:241,%22rq%22:249,%22rp%22:436,%22rpe%22:440,%22dl%22:490,%22di%22:629,%22ds%22:641,%22de%22:648,%22dc%22:709,%22l%22:709,%22le%22:731%7D,%22navigation%22:%7B%22rc%22:1%7D%7D&fcp=643&at=H0ETGw9CExRCXBM9CgBBXAkZG0QSVEsPAw4BQVwbamZQD15XPj1BSEEVUFJXRBFuXQAWBkZZVhUXenc%2BY1gYQFlGVF8KAl0FAggMBAEABlZXARh4Yy8TFUMhJTshCU0XAwZQHRsiJDwmDBJ8TU1DABMDQwQCCBADFVNYXRJUG01AEQECCmZcSRNbEwBQTFpUTVILGwgEVRMVQwMNCw05X1lYVhITA0NAT0YBA0pBZlYUVEoSPQoUQVwbDAgfWAEXVVBNVVZSGxkbUwRCTT4FFgEQFWZSXF5DCxsvLUFIQQ9JalpeFF9NExtBXkEodhcVEwhBZgINFgoXFEBqWl4PV1AFBw0HBkQDFwAIQx0bCBI8CgYSTlpLWkMLGwMOChxNBVZYGx1DWEk%2BDREDAghQT1hFCF5XQ1hBJg8PQRVqXg1ETQgNDRdBShtcSW4IQklDWEEmDw9BFWpeDURNCA0NF0FKG1xJbgBCV0NYVlRQVg0ZG1gRblgSDDwLEQEbDxtzDVhBQTEMCBYSUFpXQkFwakNOQQ0TOVpaV18EUk0IDQ07Fx9JUBsLQ3JYAw4GSyc1dRcVEwhBZhQRBhY8EkBFXBNbE0sEEQoABghNXFhdQx0bEwcSEQYVTWpJUBVZG1tATBAME0tGFgJOExVDFQ87CwlKQRsLQ1JRABYWFgEHTVAXUg5cG01AEA0XA2ZcXRNbABVDEQoQBjldWlRQCF8bW0AADAISTEdbUBVUFwINDkZPREtQSEQEQk0%2BCgwXF0QDF1pZAEVMEwACEAZIWlpUE00TWxMNFBcGFGZcXRNbE1gDUAcCVlMIGFsJBVQUVQRVBk5fDg0OHFMHWlZQVFcGVwBWABNNE0sEBAYWBhQbDxtZFUVJElhMSwAHVEYXVhNQTQgRTEZPREtQSEQEQk0%2BDwYQCwldFwMTJnRtQ05BFBoSUVpXbhdUSxILDApBXBsGFwZDHRsUAzwABhBQVlxuB1BUCA4aRllEdkFRVBMTFUMXAjsHA09cWlQ%2BRUARB0FeQQJcRlJFDkEbTUAWBTwJSmpfUAxYVRhAWUY0D1dRVkYSExVDFwI7DBVmQ1xDElhWD0BZRlJWGxkbRABuWxMNFBcGFGZTWFwIXUBDWEEiChRcU1ZJQx0bFAM8BhEJTkZcQz5HXBMRCgsNRAMXCAFUHwlDTkERAjlKQUtYD1YbW0AuCxkPVVlYHlQfCUFKNA0NAlZCShEvZRlQUk1UWEZuXFcHVQoZGVRXX0MUTw8IAVQfCUhCJAEADVYaCwFQAQlQUlJEJQ9LUF9eGR4IUVdNVEFKG1JQRT5SVgwPChBBXBsBWARXUA9QBgFSW14bGRtBAENYDBFBXkEdZRdNXhRDZUNYQzhBHghnXW1DHRk9QAAFDhZYXF5fPRMDQT5BKgAnQGBlE00RZUMBP0ZZRmUXCm1DHRk9QBM4QVwZaRsBPRMVQT5BAwYIXVBLbUMLGT1ABThBShlpG1UIQlgDDgY7EAlMW11tQwsZPUBTOEEbG0hE&jsonp=NREUM.setToken
162.247.241.14200 OK 77 B URL HTTP/1.1 bam.nr-data.net/1/6f524845d1?a=24279235&v=1223.PROD&to=MwYEbUdYXxJQWhULDApMIExbWkUIXldOFgwRERUXQ1BUFkIDFQ0WFlA%3D&rst=851&ck=0&s=6cb633e255ca5064&ref=https://chaturbate.com/tours/3/&ap=26&be=510&fe=201&dc=133&perf=%7B%22timing%22:%7B%22of%22:1675392362953,%22n%22:0,%22r%22:0,%22re%22:241,%22f%22:241,%22dn%22:241,%22dne%22:241,%22c%22:241,%22s%22:241,%22ce%22:241,%22rq%22:249,%22rp%22:436,%22rpe%22:440,%22dl%22:490,%22di%22:629,%22ds%22:641,%22de%22:648,%22dc%22:709,%22l%22:709,%22le%22:731%7D,%22navigation%22:%7B%22rc%22:1%7D%7D&fcp=643&at=H0ETGw9CExRCXBM9CgBBXAkZG0QSVEsPAw4BQVwbamZQD15XPj1BSEEVUFJXRBFuXQAWBkZZVhUXenc%2BY1gYQFlGVF8KAl0FAggMBAEABlZXARh4Yy8TFUMhJTshCU0XAwZQHRsiJDwmDBJ8TU1DABMDQwQCCBADFVNYXRJUG01AEQECCmZcSRNbEwBQTFpUTVILGwgEVRMVQwMNCw05X1lYVhITA0NAT0YBA0pBZlYUVEoSPQoUQVwbDAgfWAEXVVBNVVZSGxkbUwRCTT4FFgEQFWZSXF5DCxsvLUFIQQ9JalpeFF9NExtBXkEodhcVEwhBZgINFgoXFEBqWl4PV1AFBw0HBkQDFwAIQx0bCBI8CgYSTlpLWkMLGwMOChxNBVZYGx1DWEk%2BDREDAghQT1hFCF5XQ1hBJg8PQRVqXg1ETQgNDRdBShtcSW4IQklDWEEmDw9BFWpeDURNCA0NF0FKG1xJbgBCV0NYVlRQVg0ZG1gRblgSDDwLEQEbDxtzDVhBQTEMCBYSUFpXQkFwakNOQQ0TOVpaV18EUk0IDQ07Fx9JUBsLQ3JYAw4GSyc1dRcVEwhBZhQRBhY8EkBFXBNbE0sEEQoABghNXFhdQx0bEwcSEQYVTWpJUBVZG1tATBAME0tGFgJOExVDFQ87CwlKQRsLQ1JRABYWFgEHTVAXUg5cG01AEA0XA2ZcXRNbABVDEQoQBjldWlRQCF8bW0AADAISTEdbUBVUFwINDkZPREtQSEQEQk0%2BCgwXF0QDF1pZAEVMEwACEAZIWlpUE00TWxMNFBcGFGZcXRNbE1gDUAcCVlMIGFsJBVQUVQRVBk5fDg0OHFMHWlZQVFcGVwBWABNNE0sEBAYWBhQbDxtZFUVJElhMSwAHVEYXVhNQTQgRTEZPREtQSEQEQk0%2BDwYQCwldFwMTJnRtQ05BFBoSUVpXbhdUSxILDApBXBsGFwZDHRsUAzwABhBQVlxuB1BUCA4aRllEdkFRVBMTFUMXAjsHA09cWlQ%2BRUARB0FeQQJcRlJFDkEbTUAWBTwJSmpfUAxYVRhAWUY0D1dRVkYSExVDFwI7DBVmQ1xDElhWD0BZRlJWGxkbRABuWxMNFBcGFGZTWFwIXUBDWEEiChRcU1ZJQx0bFAM8BhEJTkZcQz5HXBMRCgsNRAMXCAFUHwlDTkERAjlKQUtYD1YbW0AuCxkPVVlYHlQfCUFKNA0NAlZCShEvZRlQUk1UWEZuXFcHVQoZGVRXX0MUTw8IAVQfCUhCJAEADVYaCwFQAQlQUlJEJQ9LUF9eGR4IUVdNVEFKG1JQRT5SVgwPChBBXBsBWARXUA9QBgFSW14bGRtBAENYDBFBXkEdZRdNXhRDZUNYQzhBHghnXW1DHRk9QAAFDhZYXF5fPRMDQT5BKgAnQGBlE00RZUMBP0ZZRmUXCm1DHRk9QBM4QVwZaRsBPRMVQT5BAwYIXVBLbUMLGT1ABThBShlpG1UIQlgDDgY7EAlMW11tQwsZPUBTOEEbG0hE&jsonp=NREUM.setToken
IP 162.247.241.14:0
File type ASCII text, with no line terminators
Hash f1442f5831dbbe0210da2d7a4180d6b8
2ade23c6c7a001c66f0c0a9a101ec152747b434e
c6acf9fb2ecc1b144c51bd0337bbf1c26db3df2f649ac2da5c56db20d93eb3ef
GET /1/6f524845d1?a=24279235&v=1223.PROD&to=MwYEbUdYXxJQWhULDApMIExbWkUIXldOFgwRERUXQ1BUFkIDFQ0WFlA%3D&rst=851&ck=0&s=6cb633e255ca5064&ref=https://chaturbate.com/tours/3/&ap=26&be=510&fe=201&dc=133&perf=%7B%22timing%22:%7B%22of%22:1675392362953,%22n%22:0,%22r%22:0,%22re%22:241,%22f%22:241,%22dn%22:241,%22dne%22:241,%22c%22:241,%22s%22:241,%22ce%22:241,%22rq%22:249,%22rp%22:436,%22rpe%22:440,%22dl%22:490,%22di%22:629,%22ds%22:641,%22de%22:648,%22dc%22:709,%22l%22:709,%22le%22:731%7D,%22navigation%22:%7B%22rc%22:1%7D%7D&fcp=643&at=H0ETGw9CExRCXBM9CgBBXAkZG0QSVEsPAw4BQVwbamZQD15XPj1BSEEVUFJXRBFuXQAWBkZZVhUXenc%2BY1gYQFlGVF8KAl0FAggMBAEABlZXARh4Yy8TFUMhJTshCU0XAwZQHRsiJDwmDBJ8TU1DABMDQwQCCBADFVNYXRJUG01AEQECCmZcSRNbEwBQTFpUTVILGwgEVRMVQwMNCw05X1lYVhITA0NAT0YBA0pBZlYUVEoSPQoUQVwbDAgfWAEXVVBNVVZSGxkbUwRCTT4FFgEQFWZSXF5DCxsvLUFIQQ9JalpeFF9NExtBXkEodhcVEwhBZgINFgoXFEBqWl4PV1AFBw0HBkQDFwAIQx0bCBI8CgYSTlpLWkMLGwMOChxNBVZYGx1DWEk%2BDREDAghQT1hFCF5XQ1hBJg8PQRVqXg1ETQgNDRdBShtcSW4IQklDWEEmDw9BFWpeDURNCA0NF0FKG1xJbgBCV0NYVlRQVg0ZG1gRblgSDDwLEQEbDxtzDVhBQTEMCBYSUFpXQkFwakNOQQ0TOVpaV18EUk0IDQ07Fx9JUBsLQ3JYAw4GSyc1dRcVEwhBZhQRBhY8EkBFXBNbE0sEEQoABghNXFhdQx0bEwcSEQYVTWpJUBVZG1tATBAME0tGFgJOExVDFQ87CwlKQRsLQ1JRABYWFgEHTVAXUg5cG01AEA0XA2ZcXRNbABVDEQoQBjldWlRQCF8bW0AADAISTEdbUBVUFwINDkZPREtQSEQEQk0%2BCgwXF0QDF1pZAEVMEwACEAZIWlpUE00TWxMNFBcGFGZcXRNbE1gDUAcCVlMIGFsJBVQUVQRVBk5fDg0OHFMHWlZQVFcGVwBWABNNE0sEBAYWBhQbDxtZFUVJElhMSwAHVEYXVhNQTQgRTEZPREtQSEQEQk0%2BDwYQCwldFwMTJnRtQ05BFBoSUVpXbhdUSxILDApBXBsGFwZDHRsUAzwABhBQVlxuB1BUCA4aRllEdkFRVBMTFUMXAjsHA09cWlQ%2BRUARB0FeQQJcRlJFDkEbTUAWBTwJSmpfUAxYVRhAWUY0D1dRVkYSExVDFwI7DBVmQ1xDElhWD0BZRlJWGxkbRABuWxMNFBcGFGZTWFwIXUBDWEEiChRcU1ZJQx0bFAM8BhEJTkZcQz5HXBMRCgsNRAMXCAFUHwlDTkERAjlKQUtYD1YbW0AuCxkPVVlYHlQfCUFKNA0NAlZCShEvZRlQUk1UWEZuXFcHVQoZGVRXX0MUTw8IAVQfCUhCJAEADVYaCwFQAQlQUlJEJQ9LUF9eGR4IUVdNVEFKG1JQRT5SVgwPChBBXBsBWARXUA9QBgFSW14bGRtBAENYDBFBXkEdZRdNXhRDZUNYQzhBHghnXW1DHRk9QAAFDhZYXF5fPRMDQT5BKgAnQGBlE00RZUMBP0ZZRmUXCm1DHRk9QBM4QVwZaRsBPRMVQT5BAwYIXVBLbUMLGT1ABThBShlpG1UIQlgDDgY7EAlMW11tQwsZPUBTOEEbG0hE&jsonp=NREUM.setToken HTTP/1.1
Host: bam.nr-data.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://chaturbate.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Date: Fri, 03 Feb 2023 02:45:35 GMT
Content-Type: text/javascript
Transfer-Encoding: chunked
Connection: keep-alive
CF-Ray: 7937d4cda9abb4ee-OSL
Access-Control-Allow-Origin: *
CF-Cache-Status: DYNAMIC
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, PUT, HEAD, OPTIONS
Cross-Origin-Resource-Policy: cross-origin
Vary: Accept-Encoding
Server: cloudflare
Content-Encoding: gzip
bam.nr-data.net/events/1/6f524845d1?a=24279235&v=1223.PROD&to=MwYEbUdYXxJQWhULDApMIExbWkUIXldOFgwRERUXQ1BUFkIDFQ0WFlA%3D&rst=1102&ck=0&s=6cb633e255ca5064&ref=https://chaturbate.com/tours/3/
162.247.241.14200 OK 24 B URL HTTP/1.1 bam.nr-data.net/events/1/6f524845d1?a=24279235&v=1223.PROD&to=MwYEbUdYXxJQWhULDApMIExbWkUIXldOFgwRERUXQ1BUFkIDFQ0WFlA%3D&rst=1102&ck=0&s=6cb633e255ca5064&ref=https://chaturbate.com/tours/3/
IP 162.247.241.14:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash bc32ed98d624acb4008f986349a20d26
2d3df8c11d2168ce2c27e0937421d11d85016361
0c9cf152a0ad00d4f102c93c613c104914be5517ac8f8e0831727f8bfbe8b300
POST /events/1/6f524845d1?a=24279235&v=1223.PROD&to=MwYEbUdYXxJQWhULDApMIExbWkUIXldOFgwRERUXQ1BUFkIDFQ0WFlA%3D&rst=1102&ck=0&s=6cb633e255ca5064&ref=https://chaturbate.com/tours/3/ HTTP/1.1
Host: bam.nr-data.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://chaturbate.com/
content-type: text/plain
Content-Length: 1681
Origin: https://chaturbate.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Date: Fri, 03 Feb 2023 02:45:35 GMT
Content-Type: image/gif
Content-Length: 24
Connection: keep-alive
CF-Ray: 7937d4ceba0eb4ee-OSL
Access-Control-Allow-Origin: https://chaturbate.com
CF-Cache-Status: DYNAMIC
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, PUT, HEAD, OPTIONS
Vary: Accept-Encoding
Server: cloudflare
cdn.creative-bars1.com/sb/chat/mob/ssp/v2/new/3/js/script.js
172.64.167.9200 OK 0 B URL HTTP/2 cdn.creative-bars1.com/sb/chat/mob/ssp/v2/new/3/js/script.js
IP 172.64.167.9:0
GET /sb/chat/mob/ssp/v2/new/3/js/script.js HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://xfantazy.com
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Fri, 03 Feb 2023 02:45:32 GMT
content-type: application/javascript
last-modified: Wed, 13 Jul 2022 12:13:56 GMT
etag: W/"62ceb704-17f"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 4974972
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=fGVCJMGSPCQp2inIaVWzRmtQouCM9wZMnO7f8DXHjoIyaMNy%2BrRJbkMQ2zGqjN2Cg%2FTuMukFxYO6zJDoQ20VdQo9wNt81qL4LS4msDkXKoemuPBfHNbQ1JaQsxhGoLERyJaSpKrLBPMk"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7937d4bc8c70f3f7-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
a.naturalhealthsource.club/api/spots/312875?p=1&s1=%subid1%&kw=
135.181.208.216200 OK 0 B URL HTTP/2 a.naturalhealthsource.club/api/spots/312875?p=1&s1=%subid1%&kw=
IP 135.181.208.216:0
ASN #24940 Hetzner Online GmbH
GET /api/spots/312875?p=1&s1=%subid1%&kw= HTTP/1.1
Host: a.naturalhealthsource.club
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Cookie: nauid=HDHhphy4mauHrJvwMPiI
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 03 Feb 2023 02:45:33 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
cache-control: private
content-encoding: gzip
X-Firefox-Spdy: h2
a.naturalhealthsource.club/api/spots/420555?p=1&s1=%subid1%&kw=
135.181.208.216200 OK 0 B URL HTTP/2 a.naturalhealthsource.club/api/spots/420555?p=1&s1=%subid1%&kw=
IP 135.181.208.216:0
ASN #24940 Hetzner Online GmbH
GET /api/spots/420555?p=1&s1=%subid1%&kw= HTTP/1.1
Host: a.naturalhealthsource.club
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Cookie: nauid=HDHhphy4mauHrJvwMPiI
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 03 Feb 2023 02:45:33 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
cache-control: private
content-encoding: gzip
X-Firefox-Spdy: h2
a.naturalhealthsource.club/zRdVuw7.js
135.181.208.216200 OK 0 B URL HTTP/2 a.naturalhealthsource.club/zRdVuw7.js
IP 135.181.208.216:0
ASN #24940 Hetzner Online GmbH
Analyzer Verdict Alert fortinet Malware
GET /zRdVuw7.js HTTP/1.1
Host: a.naturalhealthsource.club
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Fri, 03 Feb 2023 02:45:29 GMT
content-type: application/javascript
last-modified: Thu, 02 Feb 2023 11:45:01 GMT
etag: W/"63dba23d-2a581"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000, public
vary: Accept-Encoding, Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 0d795eafd076030e534112fa223d138a.cloudfront.net (CloudFront)
x-amz-cf-pop: ARN54-C1
alt-svc: h3=":443"; ma=86400
x-amz-cf-id: SrI2BRjABKWOdt7VqFs61W-EHPLn6wYJvjf4JPAUBOfirt5z5wnQ5g==
age: 193
x-frame-options: DENY
x-content-type-options: nosniff
content-encoding: gzip
X-Firefox-Spdy: h2
friendshipmale.com/sfp.js
172.64.203.23200 OK 0 B URL HTTP/2 friendshipmale.com/sfp.js
IP 172.64.203.23:0
Analyzer Verdict Alert fortinet Malware
GET /sfp.js HTTP/1.1
Host: friendshipmale.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 03 Feb 2023 02:45:30 GMT
content-type: application/javascript; charset=utf-8
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
access-control-allow-origin: *
expires: Thu, 01 Jan 1970 00:00:01 GMT
cache-control: max-age=14400
x-request-id: 3c84b1e7cf9b3d2a5b41d6409bce5014
strict-transport-security: max-age=0; includeSubdomains
cf-cache-status: EXPIRED
last-modified: Fri, 03 Feb 2023 02:45:29 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=wVInnV5na2RTAhyh%2Fqp6VG%2FP4NVN2CCtRcJESHCpuUlTCeg1ZqQ7rUSTnBKdNTYInu%2BZ3g1iDKZaIKXl854J3iPPjW37J838aMEfygvYCTzseZk2DuvMR4YP5OiXp81arc4oSQk%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7937d4b05bb28865-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
a.naturalhealthsource.club/api/spots/420557?p=1&s1=%subid1%&kw=
135.181.208.216200 OK 0 B URL HTTP/2 a.naturalhealthsource.club/api/spots/420557?p=1&s1=%subid1%&kw=
IP 135.181.208.216:0
ASN #24940 Hetzner Online GmbH
GET /api/spots/420557?p=1&s1=%subid1%&kw= HTTP/1.1
Host: a.naturalhealthsource.club
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Cookie: nauid=HDHhphy4mauHrJvwMPiI
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 03 Feb 2023 02:45:33 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
cache-control: private
content-encoding: gzip
X-Firefox-Spdy: h2
static-assets.highwebmedia.com/CACHE/css/output.86af60575b63.css
104.16.93.42200 OK 0 B URL HTTP/2 static-assets.highwebmedia.com/CACHE/css/output.86af60575b63.css
IP 104.16.93.42:0
GET /CACHE/css/output.86af60575b63.css HTTP/1.1
Host: static-assets.highwebmedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://chaturbate.com/
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 03 Feb 2023 02:45:34 GMT
content-type: text/css
cache-control: public, max-age=2592000
cf-bgj: minify
cf-polished: origSize=29633
etag: W/"a8afa6db6e602567cf4bc61349cc04f9"
last-modified: Fri, 27 Jan 2023 00:08:58 GMT
x-amz-id-2: OLI4HYRcmYFzq5aXGV2Ict6iYPHWmgq3P2ReCRB9kH5NULrf/69TdCRei6i2pG3JGoa3uytE+Os=
x-amz-meta-s3cmd-attrs: md5:a8afa6db6e602567cf4bc61349cc04f9
x-amz-request-id: ARKQGQ1WNC88THKA
cf-cache-status: HIT
age: 614008
expires: Sun, 05 Mar 2023 02:45:34 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=UymYx6uy5F8o16jTFRvo8eC7SeFfojVJMmYQkYIUM%2FM%2B%2B7XNhB9QABlN%2B317b3tciGdbUYYJ1v1LEj45F3TZkJsGjE0TadD3IiYHbODRG30rCzZLgPDtkb9CFsxjcG36NuM4OeEbrEKDhfYlCBOeOg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
set-cookie: _cfuvid=25eqd9X6lUyDpUxLUBSA3Z9o5H3n4X.G2yjhxfqu94s-1675392334630-0-604800000; path=/; domain=.highwebmedia.com; HttpOnly; Secure; SameSite=None
server: cloudflare
cf-ray: 7937d4cb6f81b518-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
xfantazy.com/video/603ced975ec2cb18b80961dc
172.64.204.27200 OK 0 B URL HTTP/2 xfantazy.com/video/603ced975ec2cb18b80961dc
IP 172.64.204.27:0
GET /video/603ced975ec2cb18b80961dc HTTP/1.1
Host: xfantazy.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/2 200 OK
date: Fri, 03 Feb 2023 02:45:28 GMT
content-type: text/html; charset=utf-8
vary: Origin
set-cookie: visitorId=7q0rjrynv79mbyk87zcws; Domain=xfantazy.com; Path=/; Expires=Thu, 03 Feb 2033 02:45:28 GMT; HttpOnly
experiment-popup-payment-7=0; Path=/; Expires=Fri, 10 Feb 2023 02:45:28 GMT
experiment-save-to-button-2=0; Path=/; Expires=Fri, 10 Feb 2023 02:45:28 GMT
x-powered-by: Next.js
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=n3iMtPZpODheYUhttQnMPvA5Dz3ULDhJZWkctGNZiUx67D%2B4ZTocSFPABYfc4zwj1HLH7erB3HPO8LA%2F9KFUOegabGD%2BFzTPKVzj42sRYvHsyNXvMBtifwg3GpDJajo%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7937d4a4b8e772f0-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
chaturbate.com/in/?track=xfanta&tour=x1Rd&campaign=NcAyU&c=3&p=0&gender=f
104.18.100.40302 Found 0 B URL HTTP/2 chaturbate.com/in/?track=xfanta&tour=x1Rd&campaign=NcAyU&c=3&p=0&gender=f
IP 104.18.100.40:0
GET /in/?track=xfanta&tour=x1Rd&campaign=NcAyU&c=3&p=0&gender=f HTTP/1.1
Host: chaturbate.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://cams.gratis/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
date: Fri, 03 Feb 2023 02:45:34 GMT
content-type: text/html; charset=utf-8
location: /tours/3/?tour=x1Rd&campaign=NcAyU&c=3&p=0&gender=f&disable_sound=0
p3p: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"
vary: Accept-Language, Cookie
content-language: en
content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.mmcdn.com https://*.highwebmedia.com https://*.chaturbate.com https://chaturbate.com https://ajax.googleapis.com https://js-agent.newrelic.com https://cdnjs.cloudflare.com https://www.google-analytics.com https://www.google.com/recaptcha/ https://www.google.com/cv/ https://www.gstatic.com/recaptcha/ https://www.gstatic.com/cv/ https://www.gstatic.com/eureka/ https://www.gstatic.com/cast/ https://*.nr-data.net https://certify-js.alexametrics.com https://player.vimeo.com/api/player.js https://static.hotjar.com https://script.hotjar.com ; style-src 'self' data: 'unsafe-inline' https://*.highwebmedia.com https://cdnjs.cloudflare.com https://fonts.googleapis.com https://static.hotjar.com https://script.hotjar.com; img-src 'self' data: https://*.mmcdn.com https://*.highwebmedia.com https://*.stream.highwebmedia.com https://*.chaturbate.com https://chaturbate.com https://www.google-analytics.com https://static-pub.highwebmedia.com https://s3pv.highwebmedia.com https://cbphotovideo.s3.amazonaws.com https://cbphotovideo-eu.s3.amazonaws.com https://static-pub.highwebmedia.com.s3.amazonaws.com https://wowdvr.s3.amazonaws.com https://cbvideoupload.s3.amazonaws.com https://cdnjs.cloudflare.com https://www.gstatic.com https://*.nr-data.net https://certify.alexametrics.com https://stats.g.doubleclick.net https://cbgames.s3.amazonaws.com https://player.vimeo.com https://script.hotjar.com http://script.hotjar.com ; font-src 'self' data: https://*.mmcdn.com https://*.highwebmedia.com https://cdnjs.cloudflare.com https://fonts.gstatic.com http://script.hotjar.com https://script.hotjar.com ; connect-src 'self' blob: blob https://*.mmcdn.com wss://*.mmcdn.com wss://*.mmcdn.com:8443 https://*.highwebmedia.com wss://*.highwebmedia.com wss://*.highwebmedia.com:8443 https://*.nr-data.net https://*.chaturbate.com https://chaturbate.com https://www.google-analytics.com https://cbvideoupload.s3-accelerate.amazonaws.com https://stats.g.doubleclick.net https://internet-up.ably-realtime.com https://static-pub.highwebmedia.com https://s3pv.highwebmedia.com https://cbphotovideo.s3.amazonaws.com https://cbphotovideo-eu.s3.amazonaws.com https://static-pub.highwebmedia.com.s3.amazonaws.com https://wowdvr.s3.amazonaws.com https://cbvideoupload.s3.amazonaws.com https://tls-use1.fpapi.io https://use1.fptls.com https://eun1.fptls.com https://aps1.fptls.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com ; media-src 'self' https://*.mmcdn.com https://*.highwebmedia.com https://*.chaturbate.com https://chaturbate.com mediasource: blob: data: https://static-pub.highwebmedia.com https://s3pv.highwebmedia.com https://cbphotovideo.s3.amazonaws.com https://cbphotovideo-eu.s3.amazonaws.com https://static-pub.highwebmedia.com.s3.amazonaws.com https://wowdvr.s3.amazonaws.com https://cbvideoupload.s3.amazonaws.com; object-src 'self' https://*.mmcdn.com https://*.highwebmedia.com https://download.macromedia.com https://static-pub.highwebmedia.com https://s3pv.highwebmedia.com https://cbphotovideo.s3.amazonaws.com https://cbphotovideo-eu.s3.amazonaws.com https://static-pub.highwebmedia.com.s3.amazonaws.com https://wowdvr.s3.amazonaws.com https://cbvideoupload.s3.amazonaws.com ; frame-src 'self' https://*.mmcdn.com https://*.chaturbate.com https://chaturbate.com https://*.highwebmedia.com https://adserver.exoticads.com https://www.google.com/recaptcha/ https://*.wnu.com https://wnu.com https://checkout.2000charge.com https://www.sofort.com https://*.girogate.de https://player.vimeo.com https://vars.hotjar.com ; child-src 'self' blob: blob ; worker-src 'self' blob: blob ; form-action 'self' https://*.chaturbate.com https://chaturbate.com https://*.stream.highwebmedia.com https://*.wnu.com https://wnu.com https://devportal.cb.dev https://*.web.amer-1.jumio.ai https://smartpay.coinsmart.com https://secure.paygarden.com ; manifest-src 'self' https://*.mmcdn.com https://*.highwebmedia.com ; report-uri https://report-uri.mmcdn.com/r/t/csp/enforce;
report-to: {"group":"default","max_age":2592000,"endpoints":[{"url":"https://report-uri.mmcdn.com/a/t/g"}],"include_subdomains":true}
nel: {"report_to":"default","max_age":2592000,"include_subdomains":true}
x-frame-options: DENY
cache-control: no-cache
x-content-type-options: nosniff
x-xss-protection: 1; mode=block; report=https://report-uri.highwebmedia.com/r/t/xss/enforce
referrer-policy: strict-origin-when-cross-origin
via: 1.1 google
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cf-cache-status: DYNAMIC
set-cookie: u_x1Rd=1; expires=Wed, 08 Feb 2023 02:45:34 GMT; Max-Age=432000; Path=/
us_x1Rd=1; Path=/
affkey="eJyrVipRslJQqjAMSlHSUVBKzi0Acf2SHStDQfySomywdFpiXkkiSKAIxM0oKSkottLXT07MLdZLL0osySzWB0kmpqWBpHMTKyoqclNTMhONDAwtQBJgQ40MlWoBzegfMA=="; Domain=.chaturbate.com; expires=Sun, 05 Mar 2023 02:45:34 GMT; Max-Age=2592000; Path=/
fromaffiliate=1; Domain=.chaturbate.com; Path=/
noads=1; expires=Fri, 03 Feb 2023 08:45:34 GMT; Max-Age=21600; Path=/
sbr=sec:sbrc8025257-ab2e-4a1a-9e14-cbc182322fad:1pNm50:zz6HGmJQGJXX5MWues1YRjx-2fs; Domain=.chaturbate.com; expires=Wed, 29 Oct 2025 02:45:34 GMT; HttpOnly; Max-Age=86313600; Path=/; Secure
__cf_bm=gkgk4GKr3xXlgOwlOhCnV3Asga0aIkHNR5.GLdYlft0-1675392334-0-AW54cTG+m8QmGaMkVad+wmLJcAD0dvkqNIZs7e4DFtH8iS1CND2b5mCDveNzGS33fkh9nL6AaxwfcVVfpQ5usvA=; path=/; expires=Fri, 03-Feb-23 03:15:34 GMT; domain=.chaturbate.com; HttpOnly; Secure; SameSite=None
strict-transport-security: max-age=31536000; includeSubDomains; preload
server: cloudflare
cf-ray: 7937d4c81e28b518-OSL
X-Firefox-Spdy: h2
static-assets.highwebmedia.com/CACHE/js/output.6f6724a00cb8.js
104.16.93.42200 OK 0 B URL HTTP/2 static-assets.highwebmedia.com/CACHE/js/output.6f6724a00cb8.js
IP 104.16.93.42:0
GET /CACHE/js/output.6f6724a00cb8.js HTTP/1.1
Host: static-assets.highwebmedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://chaturbate.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 03 Feb 2023 02:45:34 GMT
content-type: application/javascript
cache-control: public, max-age=2592000
cf-bgj: minify
etag: W/"a708027bfbbde438a72a93082d4bc4b5"
last-modified: Thu, 24 Jun 2021 21:24:05 GMT
x-amz-id-2: 8ewmTI2jy/M5oxfm1Zo8bv1SqrieGnfrMfmtZmR336jUoc4rRdbotq/wectU+HY8mdvt156QxDvmJAhJfohIWQ==
x-amz-meta-s3cmd-attrs: md5:a708027bfbbde438a72a93082d4bc4b5
x-amz-request-id: CHGKMTPSKZ4AFT0N
cf-cache-status: HIT
age: 1291089
expires: Sun, 05 Mar 2023 02:45:34 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=LUCtKU3XnujesGznEVv5PuQ7oTqH6JznewJv4ykUUVRFnkOxMtrGTA2NWnAWB5%2Bzq9EoVSTiy0hTnqZJJ9%2FIWvtFJQy%2FqlKoahjfZZR01BMRaH1aiuIFnBpbypiMZmghRgpYrduNb9VZlFE%2Fh7odhQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
set-cookie: _cfuvid=bWe5f4XSLPpJrGbyUf9iNJkx410p.5IkwbhKkq.9cpE-1675392334610-0-604800000; path=/; domain=.highwebmedia.com; HttpOnly; Secure; SameSite=None
server: cloudflare
cf-ray: 7937d4cb4f70b518-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
go.xlirdr.com/config?url=https%3A%2F%2Fcreative.xlirdr.com%2Fwidgets%2Fv4%2FUniversal%2F%3FactionButtonPlacement%3Dbottom%26buttonColor%3D%26campaignId%3Dbanner2609start%26creativeId%3D300x250%26domain%3Dstripchat%26hideButtonOnSmallSpots%3D1%26hideModelNameOnSmallSpots%3D0%26hideTitleOnSmallSpots%3D1%26isXhDesign%3D0%26liveBadgeColor%3D%252324d7d7%26modelsCountry%3D%26modelsLanguage%3D%26showButton%3D1%26showLiveBadge%3D1%26showModelName%3D1%26showTitle%3D0%26sound%3Doff%26sourceId%3Dxfanta%26tag%3Dfemales%26targetDomain%3D%26thumbSizeKey%3Dsmall%26trackOff%3D1%26userId%3Db47aedc2c088e2f21e0cc23e0318384c557941461efdbc48212e7282df45f2f4
104.18.59.150200 OK 0 B URL HTTP/2 go.xlirdr.com/config?url=https%3A%2F%2Fcreative.xlirdr.com%2Fwidgets%2Fv4%2FUniversal%2F%3FactionButtonPlacement%3Dbottom%26buttonColor%3D%26campaignId%3Dbanner2609start%26creativeId%3D300x250%26domain%3Dstripchat%26hideButtonOnSmallSpots%3D1%26hideModelNameOnSmallSpots%3D0%26hideTitleOnSmallSpots%3D1%26isXhDesign%3D0%26liveBadgeColor%3D%252324d7d7%26modelsCountry%3D%26modelsLanguage%3D%26showButton%3D1%26showLiveBadge%3D1%26showModelName%3D1%26showTitle%3D0%26sound%3Doff%26sourceId%3Dxfanta%26tag%3Dfemales%26targetDomain%3D%26thumbSizeKey%3Dsmall%26trackOff%3D1%26userId%3Db47aedc2c088e2f21e0cc23e0318384c557941461efdbc48212e7282df45f2f4
IP 104.18.59.150:0
GET /config?url=https%3A%2F%2Fcreative.xlirdr.com%2Fwidgets%2Fv4%2FUniversal%2F%3FactionButtonPlacement%3Dbottom%26buttonColor%3D%26campaignId%3Dbanner2609start%26creativeId%3D300x250%26domain%3Dstripchat%26hideButtonOnSmallSpots%3D1%26hideModelNameOnSmallSpots%3D0%26hideTitleOnSmallSpots%3D1%26isXhDesign%3D0%26liveBadgeColor%3D%252324d7d7%26modelsCountry%3D%26modelsLanguage%3D%26showButton%3D1%26showLiveBadge%3D1%26showModelName%3D1%26showTitle%3D0%26sound%3Doff%26sourceId%3Dxfanta%26tag%3Dfemales%26targetDomain%3D%26thumbSizeKey%3Dsmall%26trackOff%3D1%26userId%3Db47aedc2c088e2f21e0cc23e0318384c557941461efdbc48212e7282df45f2f4 HTTP/1.1
Host: go.xlirdr.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://creative.xlirdr.com/
Origin: https://creative.xlirdr.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 200 OK
date: Fri, 03 Feb 2023 02:45:34 GMT
content-type: application/json
access-control-allow-origin: *
last-modified: Fri, 03 Feb 2023 02:24:47 GMT
cf-cache-status: HIT
age: 217
vary: Accept-Encoding
server: cloudflare
cf-ray: 7937d4ca3fa7b51b-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
rxeosevsso.com/get/1963298?zoneid=1963298&jp=_clcqetz6e1vhxgux641yke&nojs=0&ix=0&abvar=4&t=0&x=801&y=801&wcks=0&wgl=0&cnvs=1&os=0&md=0&bb=0&lang=en-US&pf=Linux%20x86_64&cd=24&freq=0&cid=672748467257940
62.122.171.6200 OK 0 B URL HTTP/2 rxeosevsso.com/get/1963298?zoneid=1963298&jp=_clcqetz6e1vhxgux641yke&nojs=0&ix=0&abvar=4&t=0&x=801&y=801&wcks=0&wgl=0&cnvs=1&os=0&md=0&bb=0&lang=en-US&pf=Linux%20x86_64&cd=24&freq=0&cid=672748467257940
IP 62.122.171.6:0
Analyzer Verdict Alert quad9 Sinkholed
GET /get/1963298?zoneid=1963298&jp=_clcqetz6e1vhxgux641yke&nojs=0&ix=0&abvar=4&t=0&x=801&y=801&wcks=0&wgl=0&cnvs=1&os=0&md=0&bb=0&lang=en-US&pf=Linux%20x86_64&cd=24&freq=0&cid=672748467257940 HTTP/1.1
Host: rxeosevsso.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://a.naturalhealthsource.club/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 03 Feb 2023 02:45:33 GMT
content-type: text/javascript; charset=utf-8
vary: Accept-Encoding
x-route-id: config
set-cookie: UID=23020221454682052d34a842c387e9e030a0; Path=/; Expires=Sat, 03 Feb 2024 02:45:33 GMT; HttpOnly; Secure; SameSite=None
content-encoding: gzip
timing-allow-origin: *
accept-ch: sec-ch-ua,ua,sec-ch-ua-platform,ua-platform,sec-ch-ua-mobile,ua-mobile,sec-ch-ua-full-version,ua-full-version,sec-ch-ua-platform-version,ua-platform-version,sec-ch-ua-arch,ua-arch,sec-ch-ua-bitness,ua-bitness,sec-ch-ua-model,ua-model,sec-ch-lang,lang,sec-ch-save-data,save-data,sec-ch-width,width,sec-ch-viewport-width,viewport-width,sec-ch-viewport-height,viewport-height,sec-ch-dpr,dpr,sec-ch-device-memory,device-memory,sec-ch-rtt,rtt,sec-ch-downlink,downlink,sec-ch-ect,ect,sec-ch-prefers-color-scheme,sec-ch-prefers-reduced-motion,sec-ch-prefers-reduced-transparency,sec-ch-prefers-contrast,sec-ch-forced-colors,sec-ch-prefers-reduced-data
X-Firefox-Spdy: h2
www.facebook.com/login.php?next=https%3A%2F%2Fwww.facebook.com%2Ffavicon.ico%3F_rdr%3Dp
157.240.205.35200 OK 0 B URL HTTP/2 www.facebook.com/login.php?next=https%3A%2F%2Fwww.facebook.com%2Ffavicon.ico%3F_rdr%3Dp
IP 157.240.205.35:0
GET /login.php?next=https%3A%2F%2Fwww.facebook.com%2Ffavicon.ico%3F_rdr%3Dp HTTP/1.1
Host: www.facebook.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-encoding: br
pragma: no-cache
cache-control: private, no-cache, no-store, must-revalidate
expires: Sat, 01 Jan 2000 00:00:00 GMT
content-security-policy: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net 'unsafe-eval';script-src *.facebook.com *.fbcdn.net 'unsafe-inline' blob: data: 'self' 'unsafe-eval';style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* wss://*.fbcdn.net attachment.fbsbx.com blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ *.fbsbx.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster: *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: *.fbcdn.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
report-to: {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}, {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown"}]}
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
x-frame-options: DENY
x-content-type-options: nosniff
x-xss-protection: 0
cross-origin-opener-policy: same-origin-allow-popups
vary: Sec-Fetch-Site, Sec-Fetch-Mode, Accept-Encoding
strict-transport-security: max-age=15552000; preload
content-type: text/html; charset="utf-8"
x-fb-debug: PVGKMgos4WGbF2EScbfZ6YQGdQnJNGYG9BPaC9CSRAQmynFVO4RahhWZ+3kn+rJeBBNo/JXzk9AUqatZDq2TYw==
date: Fri, 03 Feb 2023 02:45:32 GMT
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
xfantazy.com/_next/static/chunks/16.2fcecc4fbe403da70f1d.js
172.64.204.27200 OK 0 B URL HTTP/2 xfantazy.com/_next/static/chunks/16.2fcecc4fbe403da70f1d.js
IP 172.64.204.27:0
GET /_next/static/chunks/16.2fcecc4fbe403da70f1d.js HTTP/1.1
Host: xfantazy.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/video/603ced975ec2cb18b80961dc
Cookie: visitorId=7q0rjrynv79mbyk87zcws; experiment-popup-payment-7=0; experiment-save-to-button-2=0
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Fri, 03 Feb 2023 02:45:28 GMT
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=31536000, immutable
cf-bgj: minify
etag: W/"4f4a-183501608ac"
last-modified: Sun, 18 Sep 2022 10:12:44 GMT
vary: Origin, Accept-Encoding
cf-cache-status: HIT
age: 3921644
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=RmemJWkpInjvHWafiJB496hV7U053%2FxNViE1DrkejGz24VJmcd1PMnDr8ygO0Nu0rLd524YbaztmDx9R2Fxrs3h3XRiEHC2NbTtCH3j8PbU6D2oV%2FYF7btsFJGBo5C0%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7937d4a719cb72f0-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
xfantazy.com/_next/static/chunks/7.38d845e9473548212694.js
172.64.204.27200 OK 0 B URL HTTP/2 xfantazy.com/_next/static/chunks/7.38d845e9473548212694.js
IP 172.64.204.27:0
GET /_next/static/chunks/7.38d845e9473548212694.js HTTP/1.1
Host: xfantazy.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/video/603ced975ec2cb18b80961dc
Cookie: visitorId=7q0rjrynv79mbyk87zcws; experiment-popup-payment-7=0; experiment-save-to-button-2=0
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Fri, 03 Feb 2023 02:45:28 GMT
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=31536000, immutable
cf-bgj: minify
etag: W/"97ba-183501656f3"
last-modified: Sun, 18 Sep 2022 10:13:04 GMT
vary: Origin, Accept-Encoding
cf-cache-status: HIT
age: 8623307
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=4bX9gaf5uyXfNZMsaY631%2FdFcEvAUHdJ5DgicaX5zX%2FMvxSvTm%2BFQaWHHzH5%2BV8QQqHamYCnt9uMtbmAXjBjUa7Z7MT1ZS3VWrTMF2%2B3vpMmrWwC%2FvBBrMosBgYiX%2F0%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7937d4a719c772f0-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
xfantazy.com/_next/static/KBkpA7zKZaPVD7oedA69Q/pages/_app.js
172.64.204.27200 OK 0 B URL HTTP/2 xfantazy.com/_next/static/KBkpA7zKZaPVD7oedA69Q/pages/_app.js
IP 172.64.204.27:0
GET /_next/static/KBkpA7zKZaPVD7oedA69Q/pages/_app.js HTTP/1.1
Host: xfantazy.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/video/603ced975ec2cb18b80961dc
Cookie: visitorId=7q0rjrynv79mbyk87zcws; experiment-popup-payment-7=0; experiment-save-to-button-2=0
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Fri, 03 Feb 2023 02:45:28 GMT
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=31536000, immutable
cf-bgj: minify
etag: W/"20e2f-185ecc6547e"
last-modified: Thu, 26 Jan 2023 06:31:38 GMT
vary: Origin, Accept-Encoding
cf-cache-status: HIT
age: 677588
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=lRoJOw2l1X%2FgnmnCx4LxTiQICNRS793g8qaj6P2pPPQ0SCSUUF2PQYItw8dmA%2BmdOQnzB%2F5dCtUl93Q46wgPXSnomwNDYoqnTIdtIbpqQZSj4q%2FGtLFxlygTf9gE8LY%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7937d4a709c372f0-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
a.realsrv.com/ad-provider.js
185.76.9.17200 OK 0 B URL HTTP/2 a.realsrv.com/ad-provider.js
IP 185.76.9.17:0
ASN #60068 Datacamp Limited
GET /ad-provider.js HTTP/1.1
Host: a.realsrv.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://a.realsrv.com/iframe.php?idzone=4891806&size=300x250
Cookie: __uvt=a%3A1%3A%7Bi%3A0%3Bs%3A33%3A%2263dc754d6b3534.867551032219796802%22%3B%7D; impressions=oslmrxbrnxgxamrscrmeogeicxbmsbcenxgxamrseoscsgeimmccrbebnxgxamcbexxbmgeioslmrxbmnxgxamreseallgeicxbmsbocnxgxamrolmocogeimmccrlaonxgxamccxobsegeimmccrlacnxgxamcmlarclgeicxbmsboenxgxamrscrmeogeioslmrxlrnxgxamslescrogeimmccrbxenxgxamrescroogeislsaroornxgxamccolacbgeioslmroemnxgxamrsxxxmrgeioslmrxlsnxgxamroamsoegeicmmsxrbonxgxamsoeamlmgeimmccrlaenxgxamrsxxxmrgeimmccrbeanxgxamcssabxegeicaocmrmanxgxamolcrcergeimcclsxronxgxamsscrmclgeimcclsxmenxgxamrescroogeialbserebnxgxamccrrssogeimcclsxaonxgxamsxsxllxgeicxbmsbxcnxgxamrsarxclgeimrblxebenxgxamselmborgeimcclsxconxgxamsbremaegeirbabxabbnxgxamrescroogeimcclsxacnxgxamsscrmclgeicmmsxaeenxgxamcmrmsrmgeialbsereanxgxamsoeabscgeicaxsscmbnxgxamsosomemgeimcclosconxgxamcxbemmxgeimcclsoeonxgxamrolmocogeimcclsxlcnxgxamreaccbbgeimcclossbnxgxamcscxaesgeimcclsxscnxgxamsmoooeegeimcclsxlenxgxamcbrorxbgeimaecseaenxgxamsmoooeegeimaecsxcbnxgxamsmoooeegeimcclsxoanxgxamclrbcelgeimcclsxlbnxgxamcrbalrageimccloscanxgxamclrbcrogeiclsmrbsonxgxamsmmrbmbgeiclsmarsenxgxamsmmrbmbgeiccmmllebnxgxamclarlmmgeimcclsxsbnxgxamreollxsgeiclsmrbxonxgxamsbebceegeiclsmrbxcnxgxamsbebceegeiclsmarscnxgxamsbebceegeiccmmlmlcnxgxamsbebceegeiclsmarrenxgxamsbebceegeicaormbaonxgxamsbxxbsrgeicaormlrenxgxamcememscgeimcclsxlonxgxamcsmlmxcgeimrblelronxgxamsbremaegeimaecsxobnxgxamsbremaegeiclsmrbrcnxgxamsbroemmgeiclsmrraanxgxamclsslaegeiclsmrmxbnxgxamsbroemmgeimccloscenxgxamsbmrxregeimcclsxxonxgxamslescrogeimrblelxbnxgxamslescrogeimcclsoeenxgxamclrbcelgeimrblelmonxgxamcxcrasxgeimrbleloenxgxamcxcrasxgeiclsmrrmanxgxamcxabcxbgeiclsmrbeonxgxamcxabcxbgeiclsmrrcenxgxamcxabcxbgeiclsmrmxanxgxamcxabcxbgeiclsmrbxenxgxamcxabcxbgeiclsmaroonxgxamcxabcxbgeialbserxenxgxamcosraregeimcclsxsenxgxamrescroogeimcclsxlanxgxamcblrlbcgeiccmmlleanxgxamccrrssogeicaormlabnxgxamcrllsmageicaormlconxgxamcrllsmageiclsmarsonxgxamclsslaegeiclsmrmlbnxgxamclsslaegeiclsmrmocnxgxamclsslaegeiccmmllecnxgxamclsslaegeimcclsxcanxgxamclrbcelgeimrblelcenxgxamclrbcelgeimaecsxrcnxgxamclrbcelgeialbserxonxgxamclarlmmgeimcclosscnxgxamreaccbbgeimaecobronxgxamrescroogeimaecobeenxgxamrescroogeimcclosccnxgxamrescroogeimaecoboonxgxamrescroogeimrblxelenxgxamrescroogeimbroosxcnxgxamrselcmrgxcceimsmxmosenxgxamrsxeecrgxcceicxmecmcanxgxamrsxeecbgxcceimxlbmosonogxamrsxxxmrgxcceimrxccosonxgxamrsxamrrgxcceiallxlmscnxgxamrsxleelgxcceimeembecenxgxamrsomsecgxcceimxeemblcnxgxamrsomsergxcceimrbleaebnxgxamrsseeoagxcceimbeelllanxgxamrssoeomgxcceicloaxxabnxgxamrssoalagxcceimxlbmxlcnogxamrssomelgxcceimcssmlrenxgxamrsssoabgxcceimeembesonxgxamrsscsbagxcceimxlbmosancgxamrsrooalgxcceimcssmlronsgxamrsrooalgxcceimmraexsenxgxamrsrcaccgxcceimmraexxanxgxamrsrcaccgxcceimboslabcnxgxamrsarxclgxcceimxeoxsacnxgxamrsarxclgxcceimbbcemoanrgxamrsamobsgxcceimxlbmoconxgxamrsamobcgxcceimbclraronrgxamrsmcxsogxcceimxlbmoobnogxamrsmcxsogxcceimesoasbanxgxamrsboxccgxcceimxesoxcbnxgxamrsboxccgxcceialrexeoonxgxamrsbsbsagxcceialrexexbnxgxamrsbsbsagxcceimblrcssonxgxamrsbmosegxcceimblrcsscnxgxamrsbmosegxcceimxlbmxbbnxgxamrsbbexbgxcceimbbcemobnogxamrsbbexlgxcceimaoobbebnxgxamrsbbexlgxcceimxlbmoscnxgxamrslosssgxcce; c-tag=%7B%22tag-banner%22%3A%22v3%7C%7CNOR%7C4891814%7C71987234%7C100644%7C%7C508%7C41%7C3%7C40%7C0%7C0%7C0%7C25344%7C0%7C0%7C0%7C1%7C0%7C0%7C0%7C0%7C1%7C0%7C0%7C1%7C%7C1cffa26cab9227e1600343a9ffbf0de2%7C0%7Cxfantazy.com%7C%7C%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7Cok%22%7D
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Fri, 03 Feb 2023 02:45:33 GMT
content-type: application/javascript
etag: W/"e2bbca1c479226a45392909d6a4"
expires: Thu, 02 Feb 2023 18:45:33 GMT
cache-control: max-age=10800
access-control-allow-origin: *
x-cache-op: HIT
x-accel-expires: @1675396003
server: CDN77-Turbo
x-77-nzt: AblMCQ2mRqr/2hsAAA
x-77-nzt-ray: c0a4cc28490e5a604d75dc6343d2d81e
x-cache: HIT
x-age: 7130
x-77-pop: stockholmSE
x-77-cache: HIT
content-encoding: gzip
X-Firefox-Spdy: h2
creative.xlirdr.com/widgets/v4/Universal/main.33831b792a3809ba493a.js
104.18.59.150200 OK 0 B URL HTTP/2 creative.xlirdr.com/widgets/v4/Universal/main.33831b792a3809ba493a.js
IP 104.18.59.150:0
GET /widgets/v4/Universal/main.33831b792a3809ba493a.js HTTP/1.1
Host: creative.xlirdr.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://creative.xlirdr.com/widgets/v4/Universal/?actionButtonPlacement=bottom&buttonColor=&campaignId=banner2609start&creativeId=300x250&domain=stripchat&hideButtonOnSmallSpots=1&hideModelNameOnSmallSpots=0&hideTitleOnSmallSpots=1&isXhDesign=0&liveBadgeColor=%2324d7d7&modelsCountry=&modelsLanguage=&showButton=1&showLiveBadge=1&showModelName=1&showTitle=0&sound=off&sourceId=xfanta&tag=females&targetDomain=&thumbSizeKey=small&trackOff=1&userId=b47aedc2c088e2f21e0cc23e0318384c557941461efdbc48212e7282df45f2f4
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Fri, 03 Feb 2023 02:45:34 GMT
content-type: application/javascript; charset=utf-8
last-modified: Tue, 31 Jan 2023 09:52:08 GMT
etag: W/"63d8e4c8-42f63"
expires: Fri, 03 Feb 2023 02:45:31 GMT
cache-control: max-age=10
pragma: public
cf-cache-status: HIT
age: 3
vary: Accept-Encoding
server: cloudflare
cf-ray: 7937d4c9af72b51b-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
a.naturalhealthsource.club/api/spots/382499?host=xfantazy.com&ev=204&wh=939&ww=1280&uuid=
135.181.208.216200 OK 0 B URL HTTP/2 a.naturalhealthsource.club/api/spots/382499?host=xfantazy.com&ev=204&wh=939&ww=1280&uuid=
IP 135.181.208.216:0
ASN #24940 Hetzner Online GmbH
GET /api/spots/382499?host=xfantazy.com&ev=204&wh=939&ww=1280&uuid= HTTP/1.1
Host: a.naturalhealthsource.club
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 03 Feb 2023 02:45:31 GMT
content-type: text/javascript; charset=utf-8
vary: Accept-Encoding
set-cookie: nauid=6MyJes3xteenkA42OEDY; Path=/; Expires=Wed, 11 Nov 2037 11:11:11 GMT; Secure; SameSite=None
cache-control: private
content-encoding: gzip
X-Firefox-Spdy: h2
a.naturalhealthsource.club/api/spots/303894?p=1&s1=%subid1%&kw=
135.181.208.216200 OK 0 B URL HTTP/2 a.naturalhealthsource.club/api/spots/303894?p=1&s1=%subid1%&kw=
IP 135.181.208.216:0
ASN #24940 Hetzner Online GmbH
GET /api/spots/303894?p=1&s1=%subid1%&kw= HTTP/1.1
Host: a.naturalhealthsource.club
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Cookie: nauid=HDHhphy4mauHrJvwMPiI
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 03 Feb 2023 02:45:33 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
cache-control: private
content-encoding: gzip
X-Firefox-Spdy: h2
20915.polarbearyulia.com/v2/a/ban/iframe/210450
88.208.59.103200 OK 0 B URL HTTP/2 20915.polarbearyulia.com/v2/a/ban/iframe/210450
IP 88.208.59.103:0
ASN #39572 DataWeb Global Group B.V.
GET /v2/a/ban/iframe/210450 HTTP/1.1
Host: 20915.polarbearyulia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://a.naturalhealthsource.club/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Fri, 03 Feb 2023 02:45:33 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-max-age: 86400
referrer-policy: unsafe-url
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Device-Memory
accept-ch-lifetime: 31536000
content-encoding: gzip
X-Firefox-Spdy: h2
a.realsrv.com/build-iframe-js-url.js?idzone=4891806
185.76.9.17200 OK 0 B URL HTTP/2 a.realsrv.com/build-iframe-js-url.js?idzone=4891806
IP 185.76.9.17:0
ASN #60068 Datacamp Limited
GET /build-iframe-js-url.js?idzone=4891806 HTTP/1.1
Host: a.realsrv.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://a.realsrv.com/iframe.php?idzone=4891806&size=300x250
Cookie: __uvt=a%3A1%3A%7Bi%3A0%3Bs%3A33%3A%2263dc754d6b3534.867551032219796802%22%3B%7D; impressions=oslmrxbrnxgxamrscrmeogeicxbmsbcenxgxamrseoscsgeimmccrbebnxgxamcbexxbmgeioslmrxbmnxgxamreseallgeicxbmsbocnxgxamrolmocogeimmccrlaonxgxamccxobsegeimmccrlacnxgxamcmlarclgeicxbmsboenxgxamrscrmeogeioslmrxlrnxgxamslescrogeimmccrbxenxgxamrescroogeislsaroornxgxamccolacbgeioslmroemnxgxamrsxxxmrgeioslmrxlsnxgxamroamsoegeicmmsxrbonxgxamsoeamlmgeimmccrlaenxgxamrsxxxmrgeimmccrbeanxgxamcssabxegeicaocmrmanxgxamolcrcergeimcclsxronxgxamsscrmclgeimcclsxmenxgxamrescroogeialbserebnxgxamccrrssogeimcclsxaonxgxamsxsxllxgeicxbmsbxcnxgxamrsarxclgeimrblxebenxgxamselmborgeimcclsxconxgxamsbremaegeirbabxabbnxgxamrescroogeimcclsxacnxgxamsscrmclgeicmmsxaeenxgxamcmrmsrmgeialbsereanxgxamsoeabscgeicaxsscmbnxgxamsosomemgeimcclosconxgxamcxbemmxgeimcclsoeonxgxamrolmocogeimcclsxlcnxgxamreaccbbgeimcclossbnxgxamcscxaesgeimcclsxscnxgxamsmoooeegeimcclsxlenxgxamcbrorxbgeimaecseaenxgxamsmoooeegeimaecsxcbnxgxamsmoooeegeimcclsxoanxgxamclrbcelgeimcclsxlbnxgxamcrbalrageimccloscanxgxamclrbcrogeiclsmrbsonxgxamsmmrbmbgeiclsmarsenxgxamsmmrbmbgeiccmmllebnxgxamclarlmmgeimcclsxsbnxgxamreollxsgeiclsmrbxonxgxamsbebceegeiclsmrbxcnxgxamsbebceegeiclsmarscnxgxamsbebceegeiccmmlmlcnxgxamsbebceegeiclsmarrenxgxamsbebceegeicaormbaonxgxamsbxxbsrgeicaormlrenxgxamcememscgeimcclsxlonxgxamcsmlmxcgeimrblelronxgxamsbremaegeimaecsxobnxgxamsbremaegeiclsmrbrcnxgxamsbroemmgeiclsmrraanxgxamclsslaegeiclsmrmxbnxgxamsbroemmgeimccloscenxgxamsbmrxregeimcclsxxonxgxamslescrogeimrblelxbnxgxamslescrogeimcclsoeenxgxamclrbcelgeimrblelmonxgxamcxcrasxgeimrbleloenxgxamcxcrasxgeiclsmrrmanxgxamcxabcxbgeiclsmrbeonxgxamcxabcxbgeiclsmrrcenxgxamcxabcxbgeiclsmrmxanxgxamcxabcxbgeiclsmrbxenxgxamcxabcxbgeiclsmaroonxgxamcxabcxbgeialbserxenxgxamcosraregeimcclsxsenxgxamrescroogeimcclsxlanxgxamcblrlbcgeiccmmlleanxgxamccrrssogeicaormlabnxgxamcrllsmageicaormlconxgxamcrllsmageiclsmarsonxgxamclsslaegeiclsmrmlbnxgxamclsslaegeiclsmrmocnxgxamclsslaegeiccmmllecnxgxamclsslaegeimcclsxcanxgxamclrbcelgeimrblelcenxgxamclrbcelgeimaecsxrcnxgxamclrbcelgeialbserxonxgxamclarlmmgeimcclosscnxgxamreaccbbgeimaecobronxgxamrescroogeimaecobeenxgxamrescroogeimcclosccnxgxamrescroogeimaecoboonxgxamrescroogeimrblxelenxgxamrescroogeimbroosxcnxgxamrselcmrgxcceimsmxmosenxgxamrsxeecrgxcceicxmecmcanxgxamrsxeecbgxcceimxlbmosonogxamrsxxxmrgxcceimrxccosonxgxamrsxamrrgxcceiallxlmscnxgxamrsxleelgxcceimeembecenxgxamrsomsecgxcceimxeemblcnxgxamrsomsergxcceimrbleaebnxgxamrsseeoagxcceimbeelllanxgxamrssoeomgxcceicloaxxabnxgxamrssoalagxcceimxlbmxlcnogxamrssomelgxcceimcssmlrenxgxamrsssoabgxcceimeembesonxgxamrsscsbagxcceimxlbmosancgxamrsrooalgxcceimcssmlronsgxamrsrooalgxcceimmraexsenxgxamrsrcaccgxcceimmraexxanxgxamrsrcaccgxcceimboslabcnxgxamrsarxclgxcceimxeoxsacnxgxamrsarxclgxcceimbbcemoanrgxamrsamobsgxcceimxlbmoconxgxamrsamobcgxcceimbclraronrgxamrsmcxsogxcceimxlbmoobnogxamrsmcxsogxcceimesoasbanxgxamrsboxccgxcceimxesoxcbnxgxamrsboxccgxcceialrexeoonxgxamrsbsbsagxcceialrexexbnxgxamrsbsbsagxcceimblrcssonxgxamrsbmosegxcceimblrcsscnxgxamrsbmosegxcceimxlbmxbbnxgxamrsbbexbgxcceimbbcemobnogxamrsbbexlgxcceimaoobbebnxgxamrsbbexlgxcceimxlbmoscnxgxamrslosssgxcce; c-tag=%7B%22tag-banner%22%3A%22v3%7C%7CNOR%7C4891814%7C71987234%7C100644%7C%7C508%7C41%7C3%7C40%7C0%7C0%7C0%7C25344%7C0%7C0%7C0%7C1%7C0%7C0%7C0%7C0%7C1%7C0%7C0%7C1%7C%7C1cffa26cab9227e1600343a9ffbf0de2%7C0%7Cxfantazy.com%7C%7C%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7Cok%22%7D
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Fri, 03 Feb 2023 02:45:33 GMT
content-type: application/javascript
etag: W/"ea7570751cfbc7c3ffd25f04a47"
expires: Thu, 02 Feb 2023 18:45:39 GMT
cache-control: max-age=10800
access-control-allow-origin: *
x-cache-op: HIT
x-accel-expires: @1675396364
server: CDN77-Turbo
x-77-nzt: AblMCQ3h0fv/cRoAAA
x-77-nzt-ray: c0a4cc28490e5a604d75dc63125ed31e
x-cache: HIT
x-age: 6769
x-77-pop: stockholmSE
x-77-cache: HIT
content-encoding: gzip
X-Firefox-Spdy: h2