xfantazy.com/video/60030b8cd7357618a3cab844
302 Found 0 B URL HTTP/1.1 xfantazy.com/video/60030b8cd7357618a3cab844
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /video/60030b8cd7357618a3cab844 HTTP/1.1
Host: xfantazy.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 302 Found
Date: Wed, 28 Sep 2022 05:50:55 GMT
Content-Length: 0
Connection: keep-alive
location: https://xfantazy.com/video/60030b8cd7357618a3cab844
cache-control: no-cache
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=YkklMsotzHEXSyPzVHZ7nGucK2HJfm06w%2FIFhhpNt%2BfxfMtToYD1GOEnCG%2FYnCVU%2FzXhd%2FU9iYZuj9GbZ9F4hPXsO1buEsIiRSCaeBpSuulmyrXbNEHzWtBJwMvSmw%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 751a344bbbec1c12-OSL
alt-svc: h2=":443"; ma=60
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 7fb7c70f7f4e2cee27eb0e7d875931f7
98fca3817a551b1daecebae103a48e718b8b5a53
2a40f957a6b1734aa3f87cff51b673f0536732db15b09033dd604879692df349
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "2A40F957A6B1734AA3F87CFF51B673F0536732DB15B09033DD604879692DF349"
Last-Modified: Tue, 27 Sep 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=13040
Expires: Wed, 28 Sep 2022 09:28:15 GMT
Date: Wed, 28 Sep 2022 05:50:55 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/
200 OK 939 B URL HTTP/1.1 firefox.settings.services.mozilla.com/v1/
IP
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash 1b3053fa528e28810f8a2cc9284cc921
cca9eb471d941881a6b9a1793aecb6c281908f6a
a2427848ba35575dda8a82cf88f104978234c05389deebc3fc8279d9075eff45
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 939
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Alert, Content-Type, Backoff, Content-Length, Retry-After
Cache-Control: max-age=3600
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Date: Wed, 28 Sep 2022 05:15:39 GMT
X-Content-Type-Options: nosniff
X-Cache: Hit from cloudfront
Via: 1.1 a6d89f7e2d55548b941f1ff5d5b3c8d4.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: vF8bm2-l81VRXL7RIrvdHDsVJZS5KE_UGKMHO5qFOPWCKSp6nzxnGQ==
Age: 2116
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-10-30-18-47-44.chain
200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-10-30-18-47-44.chain
IP
File type PEM certificate\012- , ASCII text
Hash 6113f8408c59aebe188d6af273b90743
7398873bf00f99944eaa77ad3ebc0d43c23dba6b
b6e0cc9ad68306208a160f3835fb8da76acc5a82d8fde1da5a98e1de1c11a770
GET /chains/remote-settings.content-signature.mozilla.org-2022-10-30-18-47-44.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: binary/octet-stream
content-length: 5348
last-modified: Sat, 10 Sep 2022 18:47:45 GMT
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
date: Tue, 27 Sep 2022 09:24:14 GMT
etag: "6113f8408c59aebe188d6af273b90743"
x-cache: Hit from cloudfront
via: 1.1 aac54e3fe9825ce24d51e0204433c2c0.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: DE9Dxv9llSv50XT-HT2bWxAMQ1qcp5FYgvQ0yNNec6P_aYYCE2133A==
age: 73602
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Wed, 28 Sep 2022 05:50:55 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
xfantazy.com/_next/static/chunks/69.b3ff95d1d1b8e7cf25a2.js
200 OK 1.3 kB URL HTTP/2 xfantazy.com/_next/static/chunks/69.b3ff95d1d1b8e7cf25a2.js
IP
File type ASCII text, with very long lines (1564), with no line terminators
Hash 2050a43a50ed7de138bb0eb0d4c73c50
c269ae9f7020ec1181b3c3444738adb3d22be5cd
918a1bb5a43968765330ee73f1b574c77f35d3f3d7bcaf2046349a63236c868c
GET /_next/static/chunks/69.b3ff95d1d1b8e7cf25a2.js HTTP/1.1
Host: xfantazy.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/video/60030b8cd7357618a3cab844
Cookie: visitorId=ni6eiv1w84d5fobgow4re; experiment-popup-payment-7=0; experiment-save-to-button-2=0
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Wed, 28 Sep 2022 05:50:55 GMT
content-type: application/javascript; charset=UTF-8
cf-bgj: minify
cache-control: public, max-age=31536000, immutable
etag: W/"61c-179fb7179e1"
last-modified: Fri, 11 Jun 2021 14:19:48 GMT
vary: Origin, Accept-Encoding
cf-cache-status: HIT
age: 30801323
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=tbqSspVz1aEHKY1OdE1IObjL6aWsxMXEG2n7lR5LmOoSjJ9u6b4mGSwytQ5dGM8gb9nUBOp2MnsFrUDPWYfugVMaRxA6O1BNOLyrawRDndGqYIwAsNcKdJaFtRtcUA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 751a344f487e1c02-OSL
content-encoding: br
X-Firefox-Spdy: h2
ocsp.sectigo.com/
200 OK 472 B IP
Hash 407be3936fecfd367eddf61693f2f323
3c91052b762b2f87269fbbd452bb3d1d99fcc596
87517b56a5370161db3eded9c23cf8a805397dfef44e14e8fa66450e740439f4
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Wed, 28 Sep 2022 05:50:56 GMT
Content-Type: application/ocsp-response
Content-Length: 472
Connection: keep-alive
Last-Modified: Tue, 27 Sep 2022 15:14:20 GMT
Expires: Tue, 04 Oct 2022 15:14:19 GMT
Etag: "3c91052b762b2f87269fbbd452bb3d1d99fcc596"
Cache-Control: max-age=551603,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb4
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 751a344fccf9b506-OSL
xfantazy.com/_next/static/chunks/47.6c9a4510342e4dd3af77.js
200 OK 1.3 kB URL HTTP/2 xfantazy.com/_next/static/chunks/47.6c9a4510342e4dd3af77.js
IP
File type ASCII text, with very long lines (1568), with no line terminators
Hash 6a6e157b17555959eb11eb2f4af1ee80
6545dbf3cab2b12085e72ba31aabc7ae6cfe9d16
7b261259fa31b4c30bb318a1b18ce75114996c85921c343e2c97364fe589be87
GET /_next/static/chunks/47.6c9a4510342e4dd3af77.js HTTP/1.1
Host: xfantazy.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/video/60030b8cd7357618a3cab844
Cookie: visitorId=ni6eiv1w84d5fobgow4re; experiment-popup-payment-7=0; experiment-save-to-button-2=0
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Wed, 28 Sep 2022 05:50:55 GMT
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=31536000, immutable
cf-bgj: minify
etag: W/"620-181397f9e59"
last-modified: Mon, 06 Jun 2022 14:51:13 GMT
vary: Origin, Accept-Encoding
cf-cache-status: HIT
age: 9785416
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=FAR6jeaSkXafMjy9AxxdGwlTeybqe573oeG2QG7NeXf2LrgNIfVQJT6xCkTpMYOxSk8dp95lBYKN4gNhSWYNWG3cvfdUOTPJXhCrzXQ4DA5DZwFl6bqWMjD2T7f%2BdQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 751a344f487d1c02-OSL
content-encoding: br
X-Firefox-Spdy: h2
xfantazy.com/_next/static/CQQjK-JMZPEm6YR1Hp7eX/pages/video.js
200 OK 8.3 kB URL HTTP/2 xfantazy.com/_next/static/CQQjK-JMZPEm6YR1Hp7eX/pages/video.js
IP
File type ASCII text, with very long lines (22910), with no line terminators
Hash 1e269f25d73ba0796347c61cb63f5774
a08ad3dbcf3ca86e80472fc2d8aa4f5411572d33
8f85da4a31cd801e2af505ef0da155451af19689a3312e6456a1dbec228aa13d
GET /_next/static/CQQjK-JMZPEm6YR1Hp7eX/pages/video.js HTTP/1.1
Host: xfantazy.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/video/60030b8cd7357618a3cab844
Cookie: visitorId=ni6eiv1w84d5fobgow4re; experiment-popup-payment-7=0; experiment-save-to-button-2=0
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Wed, 28 Sep 2022 05:50:55 GMT
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=31536000, immutable
cf-bgj: minify
etag: W/"597e-18350160ab4"
last-modified: Sun, 18 Sep 2022 10:12:45 GMT
vary: Origin, Accept-Encoding
cf-cache-status: HIT
age: 846750
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=wnik9HFgUcvlJC%2BTkJA1vloYQnZca5Wn6QnJ6IMeLAchjBAfd8uaZhbW3nvwIxnlHZosGCxMZYpDaQUKOpC%2BZqoYInTri9JyDjP5%2F%2F0aUMro7OaCfXFqhVzYlkntbA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 751a344f486a1c02-OSL
content-encoding: br
X-Firefox-Spdy: h2
xfantazy.com/_next/static/chunks/16.2fcecc4fbe403da70f1d.js
200 OK 21 kB URL HTTP/2 xfantazy.com/_next/static/chunks/16.2fcecc4fbe403da70f1d.js
IP
File type ASCII text, with very long lines (20298), with no line terminators
Hash 863496cf1708b6570dc837f95e52e20c
94d405b1722d25851b8f9790c4617d01bb990f56
f7ac1bf5bb13391cc25d68adac2c9c4e6f17cad2fe571dbb61e4a4ae5f789aea
GET /_next/static/chunks/16.2fcecc4fbe403da70f1d.js HTTP/1.1
Host: xfantazy.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/video/60030b8cd7357618a3cab844
Cookie: visitorId=ni6eiv1w84d5fobgow4re; experiment-popup-payment-7=0; experiment-save-to-button-2=0
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Wed, 28 Sep 2022 05:50:55 GMT
content-type: application/javascript; charset=UTF-8
cf-bgj: minify
cache-control: public, max-age=31536000, immutable
etag: W/"4f4a-179fb7093d6"
last-modified: Fri, 11 Jun 2021 14:18:49 GMT
vary: Origin, Accept-Encoding
cf-cache-status: HIT
age: 30801323
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Lc3xXd3OxBUfMlCRyCUKpE5uQblXAJAhPqPawrt4Fs7u4BBPzMVautY28UV0VuvBEn4WWsdLeAV8JSaGiuQJxcQguSWXSsYZvjhr446d7NerUhM3AmFFBfOQbyT1uQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 751a344f48791c02-OSL
content-encoding: br
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
200 OK 471 B IP
Hash 2f76d47ed4f3c90f557522303bb760bc
f34542cabea7a4517debf64c298b59fc009ea56c
5ce5c216b7cb6a4425f12453e447ad364bcc1cd7d23a9d2468a8a40adfc2cb10
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 28 Sep 2022 05:50:56 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
static-cache.k2s.cc/thumbnail/Ie2RvCLzyKfq-26Xqg/w320h240/0.jpeg
200 OK 7.6 kB URL HTTP/2 static-cache.k2s.cc/thumbnail/Ie2RvCLzyKfq-26Xqg/w320h240/0.jpeg
IP
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v80), quality = 80", baseline, precision 8, 320x240, components 3\012- data
Hash 0d3555dd4a9b55deaad34c99cf13e861
1c187014a157c2954398b4af1343738388b24f0f
293d1bc27ce07b9936a37e279145baf5de7e0376fb95b259233965bcbfb3e94e
GET /thumbnail/Ie2RvCLzyKfq-26Xqg/w320h240/0.jpeg HTTP/1.1
Host: static-cache.k2s.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: openresty
date: Wed, 28 Sep 2022 05:50:56 GMT
content-type: image/jpeg
content-length: 7558
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
access-control-allow-origin: *
x-cache-status: HIT
X-Firefox-Spdy: h2
xfantazy.com/_next/static/runtime/main-8daa673a54696bb62abb.js
200 OK 26 kB URL HTTP/2 xfantazy.com/_next/static/runtime/main-8daa673a54696bb62abb.js
IP
File type ASCII text, with very long lines (65536), with no line terminators
Hash c24b3c6a101d34ebe6653925df25f25b
e0f8d07b839e370cb3e4d86df87b40f4b32bd0dc
0d110ba5728c01f7ee1e0dfbaabf9cb66fb5ba46acf7ab24484ece3fcc04b46f
GET /_next/static/runtime/main-8daa673a54696bb62abb.js HTTP/1.1
Host: xfantazy.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/video/60030b8cd7357618a3cab844
Cookie: visitorId=ni6eiv1w84d5fobgow4re; experiment-popup-payment-7=0; experiment-save-to-button-2=0
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Wed, 28 Sep 2022 05:50:55 GMT
content-type: application/javascript; charset=UTF-8
cf-bgj: minify
cache-control: public, max-age=31536000, immutable
etag: W/"11cd7-179fb717a09"
last-modified: Fri, 11 Jun 2021 14:19:48 GMT
vary: Origin, Accept-Encoding
cf-cache-status: HIT
age: 30801322
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=PUQxvB4LoD97xieY%2BgoSawHAN0FU0WWdBQuHcVIEOvCzQTzqkeOZcbOpmJigxUwXIEUlOtXdluNwrw54yFiUskzzxDc70e5cLMpVScS6AklvqUKE0SJkQBd%2Fz0n7EQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 751a344f58851c02-OSL
content-encoding: br
X-Firefox-Spdy: h2
static-cache.k2s.cc/thumbnail/JuzHtXCinPvv-jnC-Q/w320h240/0.jpeg
200 OK 14 kB URL HTTP/2 static-cache.k2s.cc/thumbnail/JuzHtXCinPvv-jnC-Q/w320h240/0.jpeg
IP
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v80), quality = 80", baseline, precision 8, 320x240, components 3\012- data
Hash 4f4b13986c45ec5a3f7ad7481d6d565d
826edb6e860022ab5d2c9fe86ffc863a71dd240f
ac43d4c56c75c3f46390a657f924e8846051c140e83caac6fe8b1569a0374550
GET /thumbnail/JuzHtXCinPvv-jnC-Q/w320h240/0.jpeg HTTP/1.1
Host: static-cache.k2s.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: openresty
date: Wed, 28 Sep 2022 05:50:56 GMT
content-type: image/jpeg
content-length: 14433
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
access-control-allow-origin: *
x-cache-status: HIT
X-Firefox-Spdy: h2
xfantazy.com/static/logo-tv-light.svg
200 OK 1.6 kB URL HTTP/2 xfantazy.com/static/logo-tv-light.svg
IP
File type SVG Scalable Vector Graphics image\012- , ASCII text, with very long lines (1395)
Hash 80cbfbd1fc4c51d01150a0e40a0a3235
3db3b38318be5d23302f0d27f242ffceef487699
84c16a5dd5ea2dde3ed1cbc1ba2ac17127a8465679db6764d682f128dface11c
GET /static/logo-tv-light.svg HTTP/1.1
Host: xfantazy.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/video/60030b8cd7357618a3cab844
Cookie: visitorId=ni6eiv1w84d5fobgow4re; experiment-popup-payment-7=0; experiment-save-to-button-2=0
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Wed, 28 Sep 2022 05:50:56 GMT
content-type: image/svg+xml
vary: Origin, Accept-Encoding
cache-control: public, max-age=14400
last-modified: Sun, 18 Sep 2022 10:07:55 GMT
etag: W/"101b-18350119cac"
cf-cache-status: REVALIDATED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=K8m%2FkGszV5nvvPthu64pom9U6lWmZHaAhJP4EzkX9o4pelznGyRPW3aGZg%2FYgrLgkXNfHOsz4%2BLa8Im%2FaXRPkNwnCqyxOpHXrzj9zun8nScOvRS7UWY6HcBaoVISGA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 751a344f58891c02-OSL
content-encoding: br
X-Firefox-Spdy: h2
www.googletagmanager.com/gtm.js?id=GTM-PLKQLTX
200 OK 53 kB URL HTTP/2 www.googletagmanager.com/gtm.js?id=GTM-PLKQLTX
IP
File type ASCII text, with very long lines (15971)
Hash a16451408b7acbabcb49b176824e41b8
4052e182b125453eb12d3b9302cd564f4babc662
b07ca676b0845b8edfa9c8a32b2578036c17b0628ebbf5a5a845d3d0f8a5db51
GET /gtm.js?id=GTM-PLKQLTX HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Wed, 28 Sep 2022 05:50:56 GMT
expires: Wed, 28 Sep 2022 05:50:56 GMT
cache-control: private, max-age=900
last-modified: Wed, 28 Sep 2022 03:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 53125
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
xfantazy.com/_next/static/runtime/webpack-f4d22593ad73f080a168.js
200 OK 472 B URL HTTP/2 xfantazy.com/_next/static/runtime/webpack-f4d22593ad73f080a168.js
IP
Hash fc82211401f793132f7d43c2fd253af5
605d8371709b5d2a41967fd390c34fa649f89ea3
b23fd36ec037710672ac1aa6fea284e3869c4bae7941d9b53c771cff8743478e
GET /_next/static/runtime/webpack-f4d22593ad73f080a168.js HTTP/1.1
Host: xfantazy.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/video/60030b8cd7357618a3cab844
Cookie: visitorId=ni6eiv1w84d5fobgow4re; experiment-popup-payment-7=0; experiment-save-to-button-2=0
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Wed, 28 Sep 2022 05:50:55 GMT
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=31536000, immutable
cf-bgj: minify
etag: W/"2fb2-1826d2b92c0"
last-modified: Fri, 05 Aug 2022 08:42:28 GMT
vary: Origin, Accept-Encoding
cf-cache-status: HIT
age: 4655196
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=gMnH8WbHK4Z%2BO%2F9O1jpH9geMx71p8RQHlL4PieiLDYFMTUEOKEKOjnR83n7usU%2FViHS1zteDeM6H7KVLC8BdIfEStI6vMFd9%2Fbu03V8yB5aVAcxZ36Kj3J5FwaB28Q%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 751a344f48811c02-OSL
content-encoding: br
X-Firefox-Spdy: h2
xfantazy.com/_next/static/chunks/9.be198c87e436634bf765.js
200 OK 11 kB URL HTTP/2 xfantazy.com/_next/static/chunks/9.be198c87e436634bf765.js
IP
File type ASCII text, with very long lines (40085), with no line terminators
Hash 4d17c7a83600a2a70db3b470ecdd4748
7fe229c2d39a64afb391dee723467fcb1a0c3a24
1dcdfdba24330850e3be684498afce12d1ef10a89aa2b3333ef330775722be75
GET /_next/static/chunks/9.be198c87e436634bf765.js HTTP/1.1
Host: xfantazy.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/video/60030b8cd7357618a3cab844
Cookie: visitorId=ni6eiv1w84d5fobgow4re; experiment-popup-payment-7=0; experiment-save-to-button-2=0
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Wed, 28 Sep 2022 05:50:55 GMT
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=31536000, immutable
cf-bgj: minify
etag: W/"9c95-181397f9e55"
last-modified: Mon, 06 Jun 2022 14:51:13 GMT
vary: Origin, Accept-Encoding
cf-cache-status: HIT
age: 9785014
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=dCb293K5Zy59GaohAd8wyN1yHUbBKLVaC5UPCRkA4oAxJ5Cd6rc%2Fu1fy4agvotUR2RepvPNaOUDXTlm89q2J6IBiEuKOV%2BtQeCdIzWuFIQ2SdOpGTkBI61RLifsa4A%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 751a344f48781c02-OSL
content-encoding: br
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
200 OK 472 B IP
Hash fc82211401f793132f7d43c2fd253af5
605d8371709b5d2a41967fd390c34fa649f89ea3
b23fd36ec037710672ac1aa6fea284e3869c4bae7941d9b53c771cff8743478e
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 28 Sep 2022 05:50:56 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
200 OK 472 B IP
Hash fc82211401f793132f7d43c2fd253af5
605d8371709b5d2a41967fd390c34fa649f89ea3
b23fd36ec037710672ac1aa6fea284e3869c4bae7941d9b53c771cff8743478e
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 28 Sep 2022 05:50:56 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2
200 OK 16 kB URL HTTP/2 fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2
IP
File type Web Open Font Format (Version 2), TrueType, length 15860, version 1.0\012- data
Hash e9f5aaf547f165386cd313b995dddd8e
acdef5603c2387b0e5bffd744b679a24a8bc1968
f5aebdfea35d1e7656ef4acc5db1f243209755ae3300943ef8fc6280f363c860
GET /s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://xfantazy.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15860
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 21 Sep 2022 19:34:08 GMT
expires: Thu, 21 Sep 2023 19:34:08 GMT
cache-control: public, max-age=31536000
age: 555408
last-modified: Wed, 11 May 2022 19:24:42 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
static-cache.k2s.cc/thumbnail/97993ed77e806/main/0.jpeg
200 OK 46 kB URL HTTP/2 static-cache.k2s.cc/thumbnail/97993ed77e806/main/0.jpeg
IP
File type JPEG image data, JFIF standard 1.02, aspect ratio, density 1x1, segment length 16, comment: "Lavc58.35.100", baseline, precision 8, 1920x1080, components 3\012- data
Hash cdb160d09e72e4dc3cfd789ae620ca3c
09b22bd49ca1549187969af9b97f971f36f22fd1
28c13af7ab6374181b2f20e2768e76d4557a7cd782b7b22eb6df4dd77f4b5a0d
GET /thumbnail/97993ed77e806/main/0.jpeg HTTP/1.1
Host: static-cache.k2s.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: openresty
date: Wed, 28 Sep 2022 05:50:56 GMT
content-type: image/jpeg
content-length: 46045
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
access-control-allow-origin: *
x-cache-status: MISS
X-Firefox-Spdy: h2
fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2
200 OK 16 kB URL HTTP/2 fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2
IP
File type Web Open Font Format (Version 2), TrueType, length 15744, version 1.0\012- data
Hash 15d9f621c3bd1599f0169dcf0bd5e63e
7ca9c5967f3bb8bffeab24b639b49c1e7d03fa52
f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615
GET /s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://xfantazy.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15744
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 21 Sep 2022 19:34:08 GMT
expires: Thu, 21 Sep 2023 19:34:08 GMT
cache-control: public, max-age=31536000
age: 555408
last-modified: Wed, 11 May 2022 19:24:48 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmEU9fBBc4.woff2
200 OK 16 kB URL HTTP/2 fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmEU9fBBc4.woff2
IP
File type Web Open Font Format (Version 2), TrueType, length 15920, version 1.0\012- data
Hash 3a44e06eb954b96aa043227f3534189d
23cef6993ddb2b2979e8e7647fc3763694e2ba7d
b019538234514166ec7665359d097403358f8a4c991901983922fb4d56989f1e
GET /s/roboto/v30/KFOlCnqEu92Fr1MmEU9fBBc4.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://xfantazy.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15920
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Sun, 25 Sep 2022 18:14:12 GMT
expires: Mon, 25 Sep 2023 18:14:12 GMT
cache-control: public, max-age=31536000
last-modified: Wed, 11 May 2022 19:24:45 GMT
content-type: font/woff2
age: 214604
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
xfantazy.com/static/xf-small.png
200 OK 1.2 kB URL HTTP/2 xfantazy.com/static/xf-small.png
IP
File type PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced\012- data
Hash 73788af337ff4a5e7c8d8ea19dba155f
e0bd72878475603f40ebd05077c626816ed3285c
be4a320fd44fdaaced2a2056ff7a4c0765a6ed0996c9b4c94a0cb2458967e8df
GET /static/xf-small.png HTTP/1.1
Host: xfantazy.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/video/60030b8cd7357618a3cab844
Cookie: visitorId=ni6eiv1w84d5fobgow4re; experiment-popup-payment-7=0; experiment-save-to-button-2=0
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Wed, 28 Sep 2022 05:50:56 GMT
content-type: image/png
content-length: 1153
vary: Origin, Accept-Encoding
cache-control: public, max-age=14400
last-modified: Sun, 18 Sep 2022 10:07:53 GMT
etag: W/"481-18350119794"
cf-cache-status: HIT
age: 6526
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=zUsgVDz5gx3kmeEiaPZjDDIMVOx5ejBNBdsHyp4RVadf7SUVlBTRA8%2BCN2VV8nlkaQa%2B99xNDjNVN7VQWdKtw6y7dIn2L1KxPIHLXV1ILQm9t7p8H00i%2FjBydEqZlw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 751a34523ac11c02-OSL
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
200 OK 472 B IP
Hash fc82211401f793132f7d43c2fd253af5
605d8371709b5d2a41967fd390c34fa649f89ea3
b23fd36ec037710672ac1aa6fea284e3869c4bae7941d9b53c771cff8743478e
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 28 Sep 2022 05:50:56 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.digicert.com/
200 OK 471 B IP
Hash c18823050f86339eaa73ddb1bf80d64c
ac4ee81f59f706cee8a74458d498bbc20d8d351a
9a505647517bd02d8ff994fd4ad98dc2f4b519916145b0c327691420c1084c46
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 2717
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Wed, 28 Sep 2022 05:50:56 GMT
Last-Modified: Wed, 28 Sep 2022 05:05:39 GMT
Server: ECS (ska/F71D)
X-Cache: HIT
Content-Length: 471
www.google-analytics.com/analytics.js
200 OK 20 kB URL HTTP/2 www.google-analytics.com/analytics.js
IP
File type ASCII text, with very long lines (1325)
Hash cae538dcce82598fbe43c0bf443e62dd
cc68ac6be9c5e0087a0000e5735b83270ace30f5
954b9e9d9744e1319c51760780a35de2dec353afffac705c2cca6d836a5e056d
GET /analytics.js HTTP/1.1
Host: www.google-analytics.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 19826
date: Wed, 28 Sep 2022 04:41:09 GMT
expires: Wed, 28 Sep 2022 06:41:09 GMT
cache-control: public, max-age=7200
age: 4187
last-modified: Sun, 11 Sep 2022 13:50:09 GMT
content-type: text/javascript
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
cdn.jsdelivr.net/npm/yandex-metrica-watch/tag.js
200 OK 84 kB URL HTTP/2 cdn.jsdelivr.net/npm/yandex-metrica-watch/tag.js
IP
File type Unicode text, UTF-8 (with BOM) text, with very long lines (593)
Hash 5df383641efa0a3ba4302c7fec8d6394
f0cec22d20f41110ab644ee246201cb8787379b0
10fb3cdc6d2cbc33aa86bd81a8325449c04d227555a8a9f504deb8cfb0f16e91
GET /npm/yandex-metrica-watch/tag.js HTTP/1.1
Host: cdn.jsdelivr.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: *
timing-allow-origin: *
cache-control: public, max-age=604800, s-maxage=43200
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/javascript; charset=utf-8
x-jsd-version: 1.245.0
x-jsd-version-type: version
etag: W/"33a2f-8LAWo/m1uPKVR6/desBN4giRHHM"
content-encoding: gzip
accept-ranges: bytes
date: Wed, 28 Sep 2022 05:50:56 GMT
age: 31201
x-served-by: cache-fra19130-FRA, cache-bma1657-BMA
x-cache: HIT, HIT
vary: Accept-Encoding
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 83822
X-Firefox-Spdy: h2
push.services.mozilla.com/
101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: 2cJ2ia/1wKSKACRA3ljgJA==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: Gqe06qRxvouJR4FEj9ByOYgrPJU=
ocsp.globalsign.com/ca/gsatlasr3dvtlsca2022q1
200 OK 1.5 kB URL HTTP/1.1 ocsp.globalsign.com/ca/gsatlasr3dvtlsca2022q1
IP
Hash 4f32bf6c33823b202c71cd82ec201a23
3df6c6e84559fd60850a74918570e2646f184eed
23bdcf5884664de550f811e69115ed9e90c4230a142cd809a99ef8bd9036eb5b
POST /ca/gsatlasr3dvtlsca2022q1 HTTP/1.1
Host: ocsp.globalsign.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Wed, 28 Sep 2022 05:50:56 GMT
Content-Type: application/ocsp-response
Transfer-Encoding: chunked
Connection: keep-alive
Etag: "435A7A7DCFD8CE57DCA201D7EDE7C4994F18EF1A"
Expires: Wed, 28 Sep 2022 17:00:00 GMT
Last-Modified: Wed, 28 Sep 2022 05:00:00 UTC
Cache-Control: s-maxage=3600, public, no-transform, must-revalidate
CF-Cache-Status: HIT
Age: 425
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 751a34549d2ab515-OSL
xfantazy.com/api/events/user/videoOpened
200 OK 2 B URL HTTP/2 xfantazy.com/api/events/user/videoOpened
IP
File type ASCII text, with no line terminators
Hash e0aa021e21dddbd6d8cecec71e9cf564
9ce3bd4224c8c1780db56b4125ecf3f24bf748b7
565339bc4d33d72817b583024112eb7f5cdf3e5eef0252d6ec1b9c9a94e12bb3
POST /api/events/user/videoOpened HTTP/1.1
Host: xfantazy.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://xfantazy.com/video/60030b8cd7357618a3cab844
Content-Type: application/x-www-form-urlencoded
Origin: https://xfantazy.com
Content-Length: 81
Connection: keep-alive
Cookie: visitorId=ni6eiv1w84d5fobgow4re; experiment-popup-payment-7=0; experiment-save-to-button-2=0; safeMode=0; advancedOptions=0; viewedVideoCounter=0
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Wed, 28 Sep 2022 05:50:56 GMT
content-type: text/plain; charset=utf-8
content-length: 2
vary: Origin
access-control-allow-origin: https://b.xfantazy.com
access-control-allow-credentials: true
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=kRDtUFmLptYt6otj%2BVCyv%2BFws3%2FslSofrdghBlAU6haW0fcO1GkAZ0PmwweM1K%2FcSetZBs6euTHJIRWIHW211NklhmcSq0TvzhP%2FyxczUHLrFYnQ8aIMuWfeznL0ig%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 751a34554cf41c02-OSL
X-Firefox-Spdy: h2
xfantazy.com/api/auth/login
200 OK 2 B URL HTTP/2 xfantazy.com/api/auth/login
IP
File type ASCII text, with no line terminators
Hash e0aa021e21dddbd6d8cecec71e9cf564
9ce3bd4224c8c1780db56b4125ecf3f24bf748b7
565339bc4d33d72817b583024112eb7f5cdf3e5eef0252d6ec1b9c9a94e12bb3
POST /api/auth/login HTTP/1.1
Host: xfantazy.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://xfantazy.com/video/60030b8cd7357618a3cab844
Content-Type: application/x-www-form-urlencoded
Origin: https://xfantazy.com
Connection: keep-alive
Cookie: visitorId=ni6eiv1w84d5fobgow4re; experiment-popup-payment-7=0; experiment-save-to-button-2=0; safeMode=0; advancedOptions=0; viewedVideoCounter=0
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Content-Length: 0
TE: trailers
HTTP/2 200 OK
date: Wed, 28 Sep 2022 05:50:56 GMT
content-type: text/plain; charset=utf-8
content-length: 2
vary: Origin
access-control-allow-origin: https://b.xfantazy.com
access-control-allow-credentials: true
set-cookie: k2sAccessToken=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiI1YjM5Y2ZjY2ZjNGUwNzFjNzE4MWQ0ZmQiLCJhdWQiOiJjbGllbnQiLCJ0eXBlIjoiYWNjZXNzVG9rZW4iLCJpc3MiOiJrMnMiLCJjSWQiOiI1YjM5Y2ZjY2ZjNGUwNzFjNzE4MWQ0ZmQiLCJqdGkiOiI2YjY0NmFkNDJhOWE2IiwiaWF0IjoxNjY0MzQ0MjU2LCJleHAiOjE2NjQ5NDkwNTZ9.-0xuPdbDbDP0RHbpIqsnJWlpGjkPagY18bChOZY22Jk; path=/; expires=Wed, 05 Oct 2022 05:50:56 GMT; domain=xfantazy.com; httponly
k2sRefreshToken=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiI1YjM5Y2ZjY2ZjNGUwNzFjNzE4MWQ0ZmQiLCJhdWQiOiJjbGllbnQiLCJ0eXBlIjoicmVmcmVzaFRva2VuIiwiaXNzIjoiazJzIiwiY0lkIjoiNWIzOWNmY2NmYzRlMDcxYzcxODFkNGZkIiwianRpIjoiNWJiMzJmZTM2NGY1YSIsImlhdCI6MTY2NDM0NDI1NiwiZXhwIjoxNjY2OTM2MjU2fQ.2QtfCtCGr9V0B16UQ1I5FoNulJTOUi4vy-pQMliGxkc; path=/; expires=Fri, 28 Oct 2022 05:50:56 GMT; domain=xfantazy.com; httponly
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=smg9UEWNUEbR6BX9yTdo2foGQhzYYbxo27jHoNxC7r2XKo24wE35XkfpKUMCeOEhh3T3v9NoAIHiHEC7wQzT8I0nSdweMOw7jNbjzeWzzIOdovCkq0T63g8gGCyzcw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 751a34554cf31c02-OSL
X-Firefox-Spdy: h2
a.focusde.info/zRdVuw7.js
200 OK 34 kB URL HTTP/2 a.focusde.info/zRdVuw7.js
IP
ASN #24940 Hetzner Online GmbH
File type Unicode text, UTF-8 text, with very long lines (37787), with NEL line terminators
Hash 0bfc926c8717a33d199bd68e1b75af88
8cf397d588f3f00adc9606838b33df88646c38a8
e0a1a633931c7aa2cb79662bdd9c0a78ab87132ca6e549ec64366cf6095e146e
GET /zRdVuw7.js HTTP/1.1
Host: a.focusde.info
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Wed, 28 Sep 2022 05:50:56 GMT
content-type: application/javascript
content-length: 34358
expires: Fri, 22 Sep 2023 14:13:59 GMT
content-encoding: gzip
last-modified: Thu, 22 Sep 2022 14:12:29 GMT
etag: "632c6d4d-8636"
cache-control: max-age=315360000, public
x-hw: 1663856039.dop129.am5.t,1663856039.cds267.am5.c
access-control-allow-origin: *
x-frame-options: DENY
x-content-type-options: nosniff
accept-ranges: bytes
X-Firefox-Spdy: h2
a.focusde.info/5qpfbg7.js
200 OK 34 kB URL HTTP/2 a.focusde.info/5qpfbg7.js
IP
ASN #24940 Hetzner Online GmbH
File type Unicode text, UTF-8 text, with very long lines (37787), with NEL line terminators
Hash 0bfc926c8717a33d199bd68e1b75af88
8cf397d588f3f00adc9606838b33df88646c38a8
e0a1a633931c7aa2cb79662bdd9c0a78ab87132ca6e549ec64366cf6095e146e
GET /5qpfbg7.js HTTP/1.1
Host: a.focusde.info
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Wed, 28 Sep 2022 05:50:56 GMT
content-type: application/javascript
content-length: 34358
expires: Fri, 22 Sep 2023 14:13:59 GMT
content-encoding: gzip
last-modified: Thu, 22 Sep 2022 14:12:29 GMT
etag: "632c6d4d-8636"
cache-control: max-age=315360000, public
x-hw: 1663856039.dop129.am5.t,1663856039.cds267.am5.c
access-control-allow-origin: *
x-frame-options: DENY
x-content-type-options: nosniff
accept-ranges: bytes
X-Firefox-Spdy: h2
xfantazy.com/_next/static/CQQjK-JMZPEm6YR1Hp7eX/pages/signup.js
200 OK 1.7 kB URL HTTP/2 xfantazy.com/_next/static/CQQjK-JMZPEm6YR1Hp7eX/pages/signup.js
IP
File type ASCII text, with very long lines (2988), with no line terminators
Hash 4ea7fb89777cf1f2789946f63887b45b
74214045f4cce5c74ac11cba7a89c1da6eea6767
f342063232d47ff213e4c81bf53901abe638cc2611274ac4b8572e9d0a92eaef
GET /_next/static/CQQjK-JMZPEm6YR1Hp7eX/pages/signup.js HTTP/1.1
Host: xfantazy.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/video/60030b8cd7357618a3cab844
Cookie: visitorId=ni6eiv1w84d5fobgow4re; experiment-popup-payment-7=0; experiment-save-to-button-2=0; safeMode=0; advancedOptions=0; viewedVideoCounter=0; adScript2Groups=push1-push1%2Cpop-desk%2CTest-Code%20; k2sAccessToken=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiI1YjM5Y2ZjY2ZjNGUwNzFjNzE4MWQ0ZmQiLCJhdWQiOiJjbGllbnQiLCJ0eXBlIjoiYWNjZXNzVG9rZW4iLCJpc3MiOiJrMnMiLCJjSWQiOiI1YjM5Y2ZjY2ZjNGUwNzFjNzE4MWQ0ZmQiLCJqdGkiOiI2YjY0NmFkNDJhOWE2IiwiaWF0IjoxNjY0MzQ0MjU2LCJleHAiOjE2NjQ5NDkwNTZ9.-0xuPdbDbDP0RHbpIqsnJWlpGjkPagY18bChOZY22Jk; k2sRefreshToken=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiI1YjM5Y2ZjY2ZjNGUwNzFjNzE4MWQ0ZmQiLCJhdWQiOiJjbGllbnQiLCJ0eXBlIjoicmVmcmVzaFRva2VuIiwiaXNzIjoiazJzIiwiY0lkIjoiNWIzOWNmY2NmYzRlMDcxYzcxODFkNGZkIiwianRpIjoiNWJiMzJmZTM2NGY1YSIsImlhdCI6MTY2NDM0NDI1NiwiZXhwIjoxNjY2OTM2MjU2fQ.2QtfCtCGr9V0B16UQ1I5FoNulJTOUi4vy-pQMliGxkc
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Wed, 28 Sep 2022 05:50:57 GMT
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=31536000, immutable
cf-bgj: minify
etag: W/"bac-183501608c8"
last-modified: Sun, 18 Sep 2022 10:12:44 GMT
vary: Origin, Accept-Encoding
cf-cache-status: HIT
age: 846626
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=PwxMj3J5NzhnGPm3dhgtqMdoGssabG8xU2f4h9ey0gSlI1VB5C3f155RUO9ljs%2BxZ5UZcRs1I%2BU2mnQ3LyiFd7ZqMmH2rAH7wNSH5oWoxTqvYCezR9nA1lEteg64Bg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 751a34567e151c02-OSL
content-encoding: br
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
200 OK 472 B IP
Hash 6ab8b69fade235ccf1a15d2cac6dd95e
37c426c0e6940920c4478855c6bb610731edd316
025fc814f74bed6fcfc2a4c25b670c1d538d06c5ce07af13d3f9f8354ca34604
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 28 Sep 2022 05:50:57 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
xfantazy.com/_next/static/CQQjK-JMZPEm6YR1Hp7eX/pages/top.js
200 OK 681 B URL HTTP/2 xfantazy.com/_next/static/CQQjK-JMZPEm6YR1Hp7eX/pages/top.js
IP
File type ASCII text, with very long lines (1410), with no line terminators
Hash 3e03209aa96c5fcd35ba34ba00bacddc
cf2909c741c35f17b4372d9ff015fefcc820ec98
a207885a1fda7132f08ada12648c1f4ffe5c2bc9761911ce871d7b32a2f6f19b
GET /_next/static/CQQjK-JMZPEm6YR1Hp7eX/pages/top.js HTTP/1.1
Host: xfantazy.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/video/60030b8cd7357618a3cab844
Cookie: visitorId=ni6eiv1w84d5fobgow4re; experiment-popup-payment-7=0; experiment-save-to-button-2=0; safeMode=0; advancedOptions=0; viewedVideoCounter=0; adScript2Groups=push1-push1%2Cpop-desk%2CTest-Code%20; k2sAccessToken=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiI1YjM5Y2ZjY2ZjNGUwNzFjNzE4MWQ0ZmQiLCJhdWQiOiJjbGllbnQiLCJ0eXBlIjoiYWNjZXNzVG9rZW4iLCJpc3MiOiJrMnMiLCJjSWQiOiI1YjM5Y2ZjY2ZjNGUwNzFjNzE4MWQ0ZmQiLCJqdGkiOiI2YjY0NmFkNDJhOWE2IiwiaWF0IjoxNjY0MzQ0MjU2LCJleHAiOjE2NjQ5NDkwNTZ9.-0xuPdbDbDP0RHbpIqsnJWlpGjkPagY18bChOZY22Jk; k2sRefreshToken=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiI1YjM5Y2ZjY2ZjNGUwNzFjNzE4MWQ0ZmQiLCJhdWQiOiJjbGllbnQiLCJ0eXBlIjoicmVmcmVzaFRva2VuIiwiaXNzIjoiazJzIiwiY0lkIjoiNWIzOWNmY2NmYzRlMDcxYzcxODFkNGZkIiwianRpIjoiNWJiMzJmZTM2NGY1YSIsImlhdCI6MTY2NDM0NDI1NiwiZXhwIjoxNjY2OTM2MjU2fQ.2QtfCtCGr9V0B16UQ1I5FoNulJTOUi4vy-pQMliGxkc
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Wed, 28 Sep 2022 05:50:57 GMT
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=31536000, immutable
cf-bgj: minify
etag: W/"582-18350160ab4"
last-modified: Sun, 18 Sep 2022 10:12:45 GMT
vary: Origin, Accept-Encoding
cf-cache-status: HIT
age: 846626
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=0oDfQbi1YpCirBLePUAs4bZmTNZ2%2BADdGBdsyn6YsWcFzHEF2CiBOXIwx4nMyPdr9jVePT%2BJN8xggA08%2BgN6xfh%2FItiTFBX%2Fhv2NboWvRDhhSETB6yBOda5t4BvB5g%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 751a34567e211c02-OSL
content-encoding: br
X-Firefox-Spdy: h2
ocsp.globalsign.com/gseccovsslca2018
200 OK 940 B URL HTTP/1.1 ocsp.globalsign.com/gseccovsslca2018
IP
Hash be00902334cbd1b79889e8c9f9f52735
43f1e56d497b5e8f449cabf26f25cedf2e77c463
074054ea3e3d8ea787a665fa8169e4b64473ff058241f251247ade034f7ea87a
POST /gseccovsslca2018 HTTP/1.1
Host: ocsp.globalsign.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 79
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Wed, 28 Sep 2022 05:50:57 GMT
Content-Type: application/ocsp-response
Content-Length: 940
Connection: keep-alive
Expires: Sun, 02 Oct 2022 03:58:11 GMT
ETag: "43f1e56d497b5e8f449cabf26f25cedf2e77c463"
Last-Modified: Wed, 28 Sep 2022 03:58:12 GMT
Cache-Control: public, no-transform, must-revalidate, s-maxage=3600
CF-Cache-Status: HIT
Age: 817
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 751a3457d858b515-OSL
ocsp.pki.goog/gts1c3
200 OK 472 B IP
Hash 6ab8b69fade235ccf1a15d2cac6dd95e
37c426c0e6940920c4478855c6bb610731edd316
025fc814f74bed6fcfc2a4c25b670c1d538d06c5ce07af13d3f9f8354ca34604
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 28 Sep 2022 05:50:57 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
mc.yandex.ru/watch/49415098?wmode=7&page-url=https%3A%2F%2Fxfantazy.com%2Fvideo%2F60030b8cd7357618a3cab844&charset=utf-8&browser-info=pv%3A1%3Agdpr%3A14%3Avf%3Aat6op7b9z7b01ildvcz5k%3Afp%3A1036%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A904%3Acn%3A1%3Adp%3A0%3Als%3A960769979749%3Ahid%3A410057346%3Az%3A0%3Ai%3A20220928055054%3Aet%3A1664344255%3Ac%3A1%3Arn%3A178866805%3Arqn%3A1%3Au%3A1664344255780915727%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ads%3A2%2C19%2C234%2C0%2C261%2C0%2C%2C245%2C6%2C%2C%2C%2C1048%3Ans%3A1664344252860%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1664344255%3At%3AFucking%20a%20Fresh%20Natalia%20Starr.%20-%20XFantazy.com&t=gdpr(14)clc(0-0-0)aw(1)rqnt(1)fip(1)rqnl(1)ti(2)
302 Found 419 B URL HTTP/2 mc.yandex.ru/watch/49415098?wmode=7&page-url=https%3A%2F%2Fxfantazy.com%2Fvideo%2F60030b8cd7357618a3cab844&charset=utf-8&browser-info=pv%3A1%3Agdpr%3A14%3Avf%3Aat6op7b9z7b01ildvcz5k%3Afp%3A1036%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A904%3Acn%3A1%3Adp%3A0%3Als%3A960769979749%3Ahid%3A410057346%3Az%3A0%3Ai%3A20220928055054%3Aet%3A1664344255%3Ac%3A1%3Arn%3A178866805%3Arqn%3A1%3Au%3A1664344255780915727%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ads%3A2%2C19%2C234%2C0%2C261%2C0%2C%2C245%2C6%2C%2C%2C%2C1048%3Ans%3A1664344252860%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1664344255%3At%3AFucking%20a%20Fresh%20Natalia%20Starr.%20-%20XFantazy.com&t=gdpr(14)clc(0-0-0)aw(1)rqnt(1)fip(1)rqnl(1)ti(2)
IP
File type JSON data\012- , ASCII text, with very long lines (419), with no line terminators
Hash a60ed61c792a6c7544694b14678bb941
69384b163a2006433dcaa0cceca1b7778044af04
4e70d46c5ee08d14009c69073583977b9df771daab0c7fe92fbe743b4dc06c5b
GET /watch/49415098?wmode=7&page-url=https%3A%2F%2Fxfantazy.com%2Fvideo%2F60030b8cd7357618a3cab844&charset=utf-8&browser-info=pv%3A1%3Agdpr%3A14%3Avf%3Aat6op7b9z7b01ildvcz5k%3Afp%3A1036%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A904%3Acn%3A1%3Adp%3A0%3Als%3A960769979749%3Ahid%3A410057346%3Az%3A0%3Ai%3A20220928055054%3Aet%3A1664344255%3Ac%3A1%3Arn%3A178866805%3Arqn%3A1%3Au%3A1664344255780915727%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ads%3A2%2C19%2C234%2C0%2C261%2C0%2C%2C245%2C6%2C%2C%2C%2C1048%3Ans%3A1664344252860%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1664344255%3At%3AFucking%20a%20Fresh%20Natalia%20Starr.%20-%20XFantazy.com&t=gdpr(14)clc(0-0-0)aw(1)rqnt(1)fip(1)rqnl(1)ti(2) HTTP/1.1
Host: mc.yandex.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://xfantazy.com
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
location: /watch/49415098/1?wmode=7&page-url=https%3A%2F%2Fxfantazy.com%2Fvideo%2F60030b8cd7357618a3cab844&charset=utf-8&browser-info=pv%3A1%3Agdpr%3A14%3Avf%3Aat6op7b9z7b01ildvcz5k%3Afp%3A1036%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A904%3Acn%3A1%3Adp%3A0%3Als%3A960769979749%3Ahid%3A410057346%3Az%3A0%3Ai%3A20220928055054%3Aet%3A1664344255%3Ac%3A1%3Arn%3A178866805%3Arqn%3A1%3Au%3A1664344255780915727%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ads%3A2%2C19%2C234%2C0%2C261%2C0%2C%2C245%2C6%2C%2C%2C%2C1048%3Ans%3A1664344252860%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1664344255%3At%3AFucking%20a%20Fresh%20Natalia%20Starr.%20-%20XFantazy.com&t=gdpr%2814%29clc%280-0-0%29aw%281%29rqnt%281%29fip%281%29rqnl%281%29ti%282%29
date: Wed, 28 Sep 2022 05:50:57 GMT
access-control-allow-origin: https://xfantazy.com
set-cookie: yandexuid=8782870721664344257; Expires=Thu, 28-Sep-2023 05:50:57 GMT; Domain=.yandex.ru; Path=/; SameSite=None; Secure
yuidss=8782870721664344257; Expires=Thu, 28-Sep-2023 05:50:57 GMT; Domain=.yandex.ru; Path=/; SameSite=None; Secure
yabs-sid=209436111664344257; Path=/; SameSite=None; Secure
i=wj0eUbfLHADS4lLKSJGc5+eHaY+MUlVLOoZENvZePOkAgXC2LnKN/N8UkP4CuzrYkhlEgwDNoO8bR+8FjZMD+yduhJU=; Expires=Sat, 25-Sep-2032 05:50:56 GMT; Domain=.yandex.ru; Path=/; Secure; HttpOnly; SameSite=None
ymex=1695880257.yrts.1664344257#1695880257.yrtsi.1664344257; Expires=Thu, 28-Sep-2023 05:50:57 GMT; Domain=.yandex.ru; Path=/; SameSite=None; Secure
access-control-allow-credentials: true
pragma: no-cache
x-xss-protection: 1; mode=block
expires: Wed, 28-Sep-2022 05:50:57 GMT
last-modified: Wed, 28-Sep-2022 05:50:57 GMT
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
exploredefinitely.com/a2/f9/90/a2f990f10476061c719d1c1aa3a2ecd2.js
200 OK 13 kB URL HTTP/1.1 exploredefinitely.com/a2/f9/90/a2f990f10476061c719d1c1aa3a2ecd2.js
IP
ASN #39572 DataWeb Global Group B.V.
File type ASCII text, with very long lines (37151), with no line terminators
Hash 7bc1f11ea043a67e22b6f0678475f60d
b483fec6190ca425627c2e612aede8ece02560bc
a51288a04b6273e466a57499710d7bb302c2174e9599dd2abbc399af225b243e
GET /a2/f9/90/a2f990f10476061c719d1c1aa3a2ecd2.js HTTP/1.1
Host: exploredefinitely.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.17.6
Date: Wed, 28 Sep 2022 05:50:57 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA-Full-Version-ListSec-CH-UA-MobileSec-CH-UA-Platform,Sec-CH-UA-Mobile,Sec-CH-UA-Platform,Sec-CH-UA-PlatformSec-CH-UA-ModelSec-CH-UA-Mobile,Sec-CH-UA-PlatformSec-CH-UA-Platform-Version,Sec-CH-UASec-CH-UA-MobileSec-CH-UA-Platform,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: b7ba1792b9e0b901cd59546baaa570cb
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
mc.yandex.ru/metrika/advert.gif
200 OK 43 B URL HTTP/2 mc.yandex.ru/metrika/advert.gif
IP
File type GIF image data, version 89a, 1 x 1\012- data
Hash df3e567d6f16d040326c7a0ea29a4f41
ea7df583983133b62712b5e73bffbcd45cc53736
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
GET /metrika/advert.gif HTTP/1.1
Host: mc.yandex.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-length: 43
date: Wed, 28 Sep 2022 05:50:57 GMT
access-control-allow-origin: *
etag: "632d6d03-2b"
expires: Wed, 28 Sep 2022 06:50:57 GMT
accept-ranges: bytes
last-modified: Fri, 23 Sep 2022 11:23:31 GMT
cache-control: max-age=3600
content-type: image/gif
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
ocsp.digicert.com/
200 OK 279 B IP
Hash 3abd787e77629e21daa6606aeae67118
18be3a2080869ae7cde7053504d2ed5188406fda
bb630a804424bd198b8b534ab48c40a42c7b9e3996676523aaab0d8e0e3b1233
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4661
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Wed, 28 Sep 2022 05:50:57 GMT
Last-Modified: Wed, 28 Sep 2022 04:33:16 GMT
Server: ECS (ska/F71D)
X-Cache: HIT
Content-Length: 279
ocsp.sca1b.amazontrust.com/
200 OK 471 B URL HTTP/1.1 ocsp.sca1b.amazontrust.com/
IP
Hash b3d6b07e3998c6d4341acb2b263e609e
12e3561297d635de3fbd5212e2ae66a6e91ac673
534a36edebee87dbf492d6b5895e47385e65849b261348ab3623a8e17dc323cc
POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: 'max-age=158059'
Date: Wed, 28 Sep 2022 05:50:57 GMT
Last-Modified: Wed, 28 Sep 2022 04:49:46 GMT
Server: ECS (bsa/EB12)
X-Cache: Miss from cloudfront
Via: 1.1 bb1da7862c4968b28920b91b324095c0.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: Au1ilMJlpJn28jKc-k6Vzqlhk5QoeoGX4a-r44cMZ4As-CemnrwDTQ==
Age: 3671
mc.yandex.ru/watch/49415098/1?page-url=https%3A%2F%2Fxfantazy.com%2Fvideo%2F60030b8cd7357618a3cab844&charset=utf-8&hittoken=1664344257_092839815645d97d10b4c5ac23efdcef45e56d859efefccd0385be5b6f33bb0a&browser-info=pa%3A1%3Aar%3A1%3Agdpr%3A14%3Avf%3Aat6op7b9z7b01ildvcz5k%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A904%3Acn%3A1%3Adp%3A0%3Als%3A960769979749%3Ahid%3A410057346%3Az%3A0%3Ai%3A20220928055055%3Aet%3A1664344255%3Ac%3A1%3Arn%3A857869613%3Arqn%3A4%3Au%3A1664344255780915727%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ans%3A1664344252860%3Aadb%3A2%3Arqnl%3A1%3Ast%3A1664344255&t=gdpr(14)mc(p-6)clc(0-0-0)aw(1)rqnt(4)rqnl(1)ti(2)
200 OK 43 B URL HTTP/2 mc.yandex.ru/watch/49415098/1?page-url=https%3A%2F%2Fxfantazy.com%2Fvideo%2F60030b8cd7357618a3cab844&charset=utf-8&hittoken=1664344257_092839815645d97d10b4c5ac23efdcef45e56d859efefccd0385be5b6f33bb0a&browser-info=pa%3A1%3Aar%3A1%3Agdpr%3A14%3Avf%3Aat6op7b9z7b01ildvcz5k%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A904%3Acn%3A1%3Adp%3A0%3Als%3A960769979749%3Ahid%3A410057346%3Az%3A0%3Ai%3A20220928055055%3Aet%3A1664344255%3Ac%3A1%3Arn%3A857869613%3Arqn%3A4%3Au%3A1664344255780915727%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ans%3A1664344252860%3Aadb%3A2%3Arqnl%3A1%3Ast%3A1664344255&t=gdpr(14)mc(p-6)clc(0-0-0)aw(1)rqnt(4)rqnl(1)ti(2)
IP
File type GIF image data, version 89a, 1 x 1\012- data
Hash df3e567d6f16d040326c7a0ea29a4f41
ea7df583983133b62712b5e73bffbcd45cc53736
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
POST /watch/49415098/1?page-url=https%3A%2F%2Fxfantazy.com%2Fvideo%2F60030b8cd7357618a3cab844&charset=utf-8&hittoken=1664344257_092839815645d97d10b4c5ac23efdcef45e56d859efefccd0385be5b6f33bb0a&browser-info=pa%3A1%3Aar%3A1%3Agdpr%3A14%3Avf%3Aat6op7b9z7b01ildvcz5k%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A904%3Acn%3A1%3Adp%3A0%3Als%3A960769979749%3Ahid%3A410057346%3Az%3A0%3Ai%3A20220928055055%3Aet%3A1664344255%3Ac%3A1%3Arn%3A857869613%3Arqn%3A4%3Au%3A1664344255780915727%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ans%3A1664344252860%3Aadb%3A2%3Arqnl%3A1%3Ast%3A1664344255&t=gdpr(14)mc(p-6)clc(0-0-0)aw(1)rqnt(4)rqnl(1)ti(2) HTTP/1.1
Host: mc.yandex.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Content-Length: 108
Origin: https://xfantazy.com
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-length: 43
date: Wed, 28 Sep 2022 05:50:57 GMT
access-control-allow-origin: https://xfantazy.com
access-control-allow-credentials: true
pragma: no-cache
x-xss-protection: 1; mode=block
expires: Wed, 28-Sep-2022 05:50:57 GMT
last-modified: Wed, 28-Sep-2022 05:50:57 GMT
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
content-type: image/gif
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
mc.yandex.ru/watch/49415098/1?page-url=https%3A%2F%2Fxfantazy.com%2Fvideo%2F60030b8cd7357618a3cab844&charset=utf-8&hittoken=1664344257_092839815645d97d10b4c5ac23efdcef45e56d859efefccd0385be5b6f33bb0a&browser-info=pa%3A1%3Aar%3A1%3Agdpr%3A14%3Avf%3Aat6op7b9z7b01ildvcz5k%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A904%3Acn%3A1%3Adp%3A0%3Als%3A960769979749%3Ahid%3A410057346%3Az%3A0%3Ai%3A20220928055055%3Aet%3A1664344255%3Ac%3A1%3Arn%3A485112013%3Arqn%3A2%3Au%3A1664344255780915727%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ans%3A1664344252860%3Aadb%3A2%3Arqnl%3A1%3Ast%3A1664344255&t=gdpr(14)mc(p-6)clc(0-0-0)aw(1)rqnt(2)rqnl(1)ti(2)
200 OK 43 B URL HTTP/2 mc.yandex.ru/watch/49415098/1?page-url=https%3A%2F%2Fxfantazy.com%2Fvideo%2F60030b8cd7357618a3cab844&charset=utf-8&hittoken=1664344257_092839815645d97d10b4c5ac23efdcef45e56d859efefccd0385be5b6f33bb0a&browser-info=pa%3A1%3Aar%3A1%3Agdpr%3A14%3Avf%3Aat6op7b9z7b01ildvcz5k%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A904%3Acn%3A1%3Adp%3A0%3Als%3A960769979749%3Ahid%3A410057346%3Az%3A0%3Ai%3A20220928055055%3Aet%3A1664344255%3Ac%3A1%3Arn%3A485112013%3Arqn%3A2%3Au%3A1664344255780915727%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ans%3A1664344252860%3Aadb%3A2%3Arqnl%3A1%3Ast%3A1664344255&t=gdpr(14)mc(p-6)clc(0-0-0)aw(1)rqnt(2)rqnl(1)ti(2)
IP
File type GIF image data, version 89a, 1 x 1\012- data
Hash df3e567d6f16d040326c7a0ea29a4f41
ea7df583983133b62712b5e73bffbcd45cc53736
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
POST /watch/49415098/1?page-url=https%3A%2F%2Fxfantazy.com%2Fvideo%2F60030b8cd7357618a3cab844&charset=utf-8&hittoken=1664344257_092839815645d97d10b4c5ac23efdcef45e56d859efefccd0385be5b6f33bb0a&browser-info=pa%3A1%3Aar%3A1%3Agdpr%3A14%3Avf%3Aat6op7b9z7b01ildvcz5k%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A904%3Acn%3A1%3Adp%3A0%3Als%3A960769979749%3Ahid%3A410057346%3Az%3A0%3Ai%3A20220928055055%3Aet%3A1664344255%3Ac%3A1%3Arn%3A485112013%3Arqn%3A2%3Au%3A1664344255780915727%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ans%3A1664344252860%3Aadb%3A2%3Arqnl%3A1%3Ast%3A1664344255&t=gdpr(14)mc(p-6)clc(0-0-0)aw(1)rqnt(2)rqnl(1)ti(2) HTTP/1.1
Host: mc.yandex.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Content-Length: 45
Origin: https://xfantazy.com
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-length: 43
date: Wed, 28 Sep 2022 05:50:57 GMT
access-control-allow-origin: https://xfantazy.com
access-control-allow-credentials: true
pragma: no-cache
x-xss-protection: 1; mode=block
expires: Wed, 28-Sep-2022 05:50:57 GMT
last-modified: Wed, 28-Sep-2022 05:50:57 GMT
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
content-type: image/gif
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
mc.yandex.ru/watch/49415098/1?page-url=https%3A%2F%2Fxfantazy.com%2Fvideo%2F60030b8cd7357618a3cab844&charset=utf-8&hittoken=1664344257_092839815645d97d10b4c5ac23efdcef45e56d859efefccd0385be5b6f33bb0a&browser-info=pa%3A1%3Aar%3A1%3Agdpr%3A14%3Avf%3Aat6op7b9z7b01ildvcz5k%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A904%3Acn%3A1%3Adp%3A0%3Als%3A960769979749%3Ahid%3A410057346%3Az%3A0%3Ai%3A20220928055055%3Aet%3A1664344255%3Ac%3A1%3Arn%3A975468232%3Arqn%3A3%3Au%3A1664344255780915727%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ans%3A1664344252860%3Aadb%3A2%3Arqnl%3A1%3Ast%3A1664344255&t=gdpr(14)mc(p-6)clc(0-0-0)aw(1)rqnt(3)rqnl(1)ti(2)
200 OK 43 B URL HTTP/2 mc.yandex.ru/watch/49415098/1?page-url=https%3A%2F%2Fxfantazy.com%2Fvideo%2F60030b8cd7357618a3cab844&charset=utf-8&hittoken=1664344257_092839815645d97d10b4c5ac23efdcef45e56d859efefccd0385be5b6f33bb0a&browser-info=pa%3A1%3Aar%3A1%3Agdpr%3A14%3Avf%3Aat6op7b9z7b01ildvcz5k%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A904%3Acn%3A1%3Adp%3A0%3Als%3A960769979749%3Ahid%3A410057346%3Az%3A0%3Ai%3A20220928055055%3Aet%3A1664344255%3Ac%3A1%3Arn%3A975468232%3Arqn%3A3%3Au%3A1664344255780915727%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ans%3A1664344252860%3Aadb%3A2%3Arqnl%3A1%3Ast%3A1664344255&t=gdpr(14)mc(p-6)clc(0-0-0)aw(1)rqnt(3)rqnl(1)ti(2)
IP
File type GIF image data, version 89a, 1 x 1\012- data
Hash df3e567d6f16d040326c7a0ea29a4f41
ea7df583983133b62712b5e73bffbcd45cc53736
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
POST /watch/49415098/1?page-url=https%3A%2F%2Fxfantazy.com%2Fvideo%2F60030b8cd7357618a3cab844&charset=utf-8&hittoken=1664344257_092839815645d97d10b4c5ac23efdcef45e56d859efefccd0385be5b6f33bb0a&browser-info=pa%3A1%3Aar%3A1%3Agdpr%3A14%3Avf%3Aat6op7b9z7b01ildvcz5k%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A904%3Acn%3A1%3Adp%3A0%3Als%3A960769979749%3Ahid%3A410057346%3Az%3A0%3Ai%3A20220928055055%3Aet%3A1664344255%3Ac%3A1%3Arn%3A975468232%3Arqn%3A3%3Au%3A1664344255780915727%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ans%3A1664344252860%3Aadb%3A2%3Arqnl%3A1%3Ast%3A1664344255&t=gdpr(14)mc(p-6)clc(0-0-0)aw(1)rqnt(3)rqnl(1)ti(2) HTTP/1.1
Host: mc.yandex.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Content-Length: 52
Origin: https://xfantazy.com
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-length: 43
date: Wed, 28 Sep 2022 05:50:57 GMT
access-control-allow-origin: https://xfantazy.com
access-control-allow-credentials: true
pragma: no-cache
x-xss-protection: 1; mode=block
expires: Wed, 28-Sep-2022 05:50:57 GMT
last-modified: Wed, 28-Sep-2022 05:50:57 GMT
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
content-type: image/gif
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
mc.yandex.ru/watch/49415098/1?page-url=https%3A%2F%2Fxfantazy.com%2Fvideo%2F60030b8cd7357618a3cab844&charset=utf-8&hittoken=1664344257_092839815645d97d10b4c5ac23efdcef45e56d859efefccd0385be5b6f33bb0a&browser-info=pa%3A1%3Aar%3A1%3Agdpr%3A14%3Avf%3Aat6op7b9z7b01ildvcz5k%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A904%3Acn%3A1%3Adp%3A0%3Als%3A960769979749%3Ahid%3A410057346%3Az%3A0%3Ai%3A20220928055055%3Aet%3A1664344255%3Ac%3A1%3Arn%3A330584776%3Arqn%3A5%3Au%3A1664344255780915727%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ans%3A1664344252860%3Aadb%3A2%3Arqnl%3A1%3Ast%3A1664344255&t=gdpr(14)mc(p-6)clc(0-0-0)aw(1)rqnt(5)rqnl(1)ti(2)
200 OK 43 B URL HTTP/2 mc.yandex.ru/watch/49415098/1?page-url=https%3A%2F%2Fxfantazy.com%2Fvideo%2F60030b8cd7357618a3cab844&charset=utf-8&hittoken=1664344257_092839815645d97d10b4c5ac23efdcef45e56d859efefccd0385be5b6f33bb0a&browser-info=pa%3A1%3Aar%3A1%3Agdpr%3A14%3Avf%3Aat6op7b9z7b01ildvcz5k%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A904%3Acn%3A1%3Adp%3A0%3Als%3A960769979749%3Ahid%3A410057346%3Az%3A0%3Ai%3A20220928055055%3Aet%3A1664344255%3Ac%3A1%3Arn%3A330584776%3Arqn%3A5%3Au%3A1664344255780915727%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ans%3A1664344252860%3Aadb%3A2%3Arqnl%3A1%3Ast%3A1664344255&t=gdpr(14)mc(p-6)clc(0-0-0)aw(1)rqnt(5)rqnl(1)ti(2)
IP
File type GIF image data, version 89a, 1 x 1\012- data
Hash df3e567d6f16d040326c7a0ea29a4f41
ea7df583983133b62712b5e73bffbcd45cc53736
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
POST /watch/49415098/1?page-url=https%3A%2F%2Fxfantazy.com%2Fvideo%2F60030b8cd7357618a3cab844&charset=utf-8&hittoken=1664344257_092839815645d97d10b4c5ac23efdcef45e56d859efefccd0385be5b6f33bb0a&browser-info=pa%3A1%3Aar%3A1%3Agdpr%3A14%3Avf%3Aat6op7b9z7b01ildvcz5k%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A904%3Acn%3A1%3Adp%3A0%3Als%3A960769979749%3Ahid%3A410057346%3Az%3A0%3Ai%3A20220928055055%3Aet%3A1664344255%3Ac%3A1%3Arn%3A330584776%3Arqn%3A5%3Au%3A1664344255780915727%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ans%3A1664344252860%3Aadb%3A2%3Arqnl%3A1%3Ast%3A1664344255&t=gdpr(14)mc(p-6)clc(0-0-0)aw(1)rqnt(5)rqnl(1)ti(2) HTTP/1.1
Host: mc.yandex.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Content-Length: 98
Origin: https://xfantazy.com
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-length: 43
date: Wed, 28 Sep 2022 05:50:57 GMT
access-control-allow-origin: https://xfantazy.com
access-control-allow-credentials: true
pragma: no-cache
x-xss-protection: 1; mode=block
expires: Wed, 28-Sep-2022 05:50:57 GMT
last-modified: Wed, 28-Sep-2022 05:50:57 GMT
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
content-type: image/gif
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
mc.yandex.ru/watch/49415098/1?page-url=https%3A%2F%2Fxfantazy.com%2Fvideo%2F60030b8cd7357618a3cab844&charset=utf-8&hittoken=1664344257_092839815645d97d10b4c5ac23efdcef45e56d859efefccd0385be5b6f33bb0a&browser-info=pa%3A1%3Aar%3A1%3Agdpr%3A14%3Avf%3Aat6op7b9z7b01ildvcz5k%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A904%3Acn%3A1%3Adp%3A0%3Als%3A960769979749%3Ahid%3A410057346%3Az%3A0%3Ai%3A20220928055055%3Aet%3A1664344255%3Ac%3A1%3Arn%3A831920195%3Arqn%3A6%3Au%3A1664344255780915727%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ans%3A1664344252860%3Aadb%3A2%3Arqnl%3A1%3Ast%3A1664344255&t=gdpr(14)mc(p-6)clc(0-0-0)aw(1)rqnt(6)rqnl(1)ti(2)
200 OK 43 B URL HTTP/2 mc.yandex.ru/watch/49415098/1?page-url=https%3A%2F%2Fxfantazy.com%2Fvideo%2F60030b8cd7357618a3cab844&charset=utf-8&hittoken=1664344257_092839815645d97d10b4c5ac23efdcef45e56d859efefccd0385be5b6f33bb0a&browser-info=pa%3A1%3Aar%3A1%3Agdpr%3A14%3Avf%3Aat6op7b9z7b01ildvcz5k%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A904%3Acn%3A1%3Adp%3A0%3Als%3A960769979749%3Ahid%3A410057346%3Az%3A0%3Ai%3A20220928055055%3Aet%3A1664344255%3Ac%3A1%3Arn%3A831920195%3Arqn%3A6%3Au%3A1664344255780915727%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ans%3A1664344252860%3Aadb%3A2%3Arqnl%3A1%3Ast%3A1664344255&t=gdpr(14)mc(p-6)clc(0-0-0)aw(1)rqnt(6)rqnl(1)ti(2)
IP
File type GIF image data, version 89a, 1 x 1\012- data
Hash df3e567d6f16d040326c7a0ea29a4f41
ea7df583983133b62712b5e73bffbcd45cc53736
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
POST /watch/49415098/1?page-url=https%3A%2F%2Fxfantazy.com%2Fvideo%2F60030b8cd7357618a3cab844&charset=utf-8&hittoken=1664344257_092839815645d97d10b4c5ac23efdcef45e56d859efefccd0385be5b6f33bb0a&browser-info=pa%3A1%3Aar%3A1%3Agdpr%3A14%3Avf%3Aat6op7b9z7b01ildvcz5k%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A904%3Acn%3A1%3Adp%3A0%3Als%3A960769979749%3Ahid%3A410057346%3Az%3A0%3Ai%3A20220928055055%3Aet%3A1664344255%3Ac%3A1%3Arn%3A831920195%3Arqn%3A6%3Au%3A1664344255780915727%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ans%3A1664344252860%3Aadb%3A2%3Arqnl%3A1%3Ast%3A1664344255&t=gdpr(14)mc(p-6)clc(0-0-0)aw(1)rqnt(6)rqnl(1)ti(2) HTTP/1.1
Host: mc.yandex.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Content-Length: 99
Origin: https://xfantazy.com
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-length: 43
date: Wed, 28 Sep 2022 05:50:57 GMT
access-control-allow-origin: https://xfantazy.com
access-control-allow-credentials: true
pragma: no-cache
x-xss-protection: 1; mode=block
expires: Wed, 28-Sep-2022 05:50:57 GMT
last-modified: Wed, 28-Sep-2022 05:50:57 GMT
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
content-type: image/gif
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
simplewebanalysis.com/stats
200 OK 40 B URL HTTP/2 simplewebanalysis.com/stats
IP
File type ASCII text, with no line terminators
Hash b6a70c0b6eb4ad1609e1663e7600bc61
ca6fe959e2272dec6d1a7fa5091e7b1fb1bcbf11
7010f4665770474405483dab2956def680558e5e7a603e8652ac3e672aab049c
GET /stats HTTP/1.1
Host: simplewebanalysis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://xfantazy.com
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Wed, 28 Sep 2022 05:50:57 GMT
content-type: text/html; charset=UTF-8
content-length: 40
server: fasthttp
access-control-allow-origin: https://xfantazy.com
access-control-allow-credentials: true
set-cookie: uid_id2=6ea9962f-206d-4837-a11e-524eaf673041:2:1; expires=Sat, 25 Sep 2032 05:50:57 GMT; secure; SameSite=None
X-Firefox-Spdy: h2
xfantazy.com/_next/static/CQQjK-JMZPEm6YR1Hp7eX/pages/categories.js
200 OK 31 kB URL HTTP/2 xfantazy.com/_next/static/CQQjK-JMZPEm6YR1Hp7eX/pages/categories.js
IP
File type ASCII text, with very long lines (9227), with no line terminators
Hash 447e276281b651952b27198d86328c43
4cb426220e172a5f16d5fee701bbda6dec743af8
1dd4937c8a72a92544f8b4994d321e39d441000c635e5f79e14579085d016462
GET /_next/static/CQQjK-JMZPEm6YR1Hp7eX/pages/categories.js HTTP/1.1
Host: xfantazy.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/video/60030b8cd7357618a3cab844
Cookie: visitorId=ni6eiv1w84d5fobgow4re; experiment-popup-payment-7=0; experiment-save-to-button-2=0; safeMode=0; advancedOptions=0; viewedVideoCounter=0; adScript2Groups=push1-push1%2Cpop-desk%2CTest-Code%20; k2sAccessToken=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiI1YjM5Y2ZjY2ZjNGUwNzFjNzE4MWQ0ZmQiLCJhdWQiOiJjbGllbnQiLCJ0eXBlIjoiYWNjZXNzVG9rZW4iLCJpc3MiOiJrMnMiLCJjSWQiOiI1YjM5Y2ZjY2ZjNGUwNzFjNzE4MWQ0ZmQiLCJqdGkiOiI2YjY0NmFkNDJhOWE2IiwiaWF0IjoxNjY0MzQ0MjU2LCJleHAiOjE2NjQ5NDkwNTZ9.-0xuPdbDbDP0RHbpIqsnJWlpGjkPagY18bChOZY22Jk; k2sRefreshToken=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiI1YjM5Y2ZjY2ZjNGUwNzFjNzE4MWQ0ZmQiLCJhdWQiOiJjbGllbnQiLCJ0eXBlIjoicmVmcmVzaFRva2VuIiwiaXNzIjoiazJzIiwiY0lkIjoiNWIzOWNmY2NmYzRlMDcxYzcxODFkNGZkIiwianRpIjoiNWJiMzJmZTM2NGY1YSIsImlhdCI6MTY2NDM0NDI1NiwiZXhwIjoxNjY2OTM2MjU2fQ.2QtfCtCGr9V0B16UQ1I5FoNulJTOUi4vy-pQMliGxkc
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Wed, 28 Sep 2022 05:50:57 GMT
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=31536000, immutable
cf-bgj: minify
etag: W/"240b-183501608c8"
last-modified: Sun, 18 Sep 2022 10:12:44 GMT
vary: Origin, Accept-Encoding
cf-cache-status: HIT
age: 846626
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=wW226DYRznEmWoZ8H7L%2BVJt8k7Ezum3RDblAfvTk8iEGCXFALhJAZjMB3Wbhf0oyYCP93xLIdLu8OYEDj87fqONpeE5QvRX2YIkk5J7TNxGtpQ8FaI8QBkvo%2BCZW1g%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 751a34567e291c02-OSL
content-encoding: br
X-Firefox-Spdy: h2
mc.yandex.ru/watch/49415098/1?page-url=https%3A%2F%2Fxfantazy.com%2Fvideo%2F60030b8cd7357618a3cab844&charset=utf-8&hittoken=1664344257_092839815645d97d10b4c5ac23efdcef45e56d859efefccd0385be5b6f33bb0a&browser-info=pa%3A1%3Aar%3A1%3Agdpr%3A14%3Avf%3Aat6op7b9z7b01ildvcz5k%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A904%3Acn%3A1%3Adp%3A0%3Als%3A960769979749%3Ahid%3A410057346%3Az%3A0%3Ai%3A20220928055055%3Aet%3A1664344255%3Ac%3A1%3Arn%3A172956757%3Arqn%3A7%3Au%3A1664344255780915727%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ans%3A1664344252860%3Aadb%3A2%3Arqnl%3A1%3Ast%3A1664344255&t=gdpr(14)mc(p-6)clc(0-0-0)aw(1)rqnt(7)rqnl(1)ti(2)
200 OK 43 B URL HTTP/2 mc.yandex.ru/watch/49415098/1?page-url=https%3A%2F%2Fxfantazy.com%2Fvideo%2F60030b8cd7357618a3cab844&charset=utf-8&hittoken=1664344257_092839815645d97d10b4c5ac23efdcef45e56d859efefccd0385be5b6f33bb0a&browser-info=pa%3A1%3Aar%3A1%3Agdpr%3A14%3Avf%3Aat6op7b9z7b01ildvcz5k%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A904%3Acn%3A1%3Adp%3A0%3Als%3A960769979749%3Ahid%3A410057346%3Az%3A0%3Ai%3A20220928055055%3Aet%3A1664344255%3Ac%3A1%3Arn%3A172956757%3Arqn%3A7%3Au%3A1664344255780915727%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ans%3A1664344252860%3Aadb%3A2%3Arqnl%3A1%3Ast%3A1664344255&t=gdpr(14)mc(p-6)clc(0-0-0)aw(1)rqnt(7)rqnl(1)ti(2)
IP
File type GIF image data, version 89a, 1 x 1\012- data
Hash df3e567d6f16d040326c7a0ea29a4f41
ea7df583983133b62712b5e73bffbcd45cc53736
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
POST /watch/49415098/1?page-url=https%3A%2F%2Fxfantazy.com%2Fvideo%2F60030b8cd7357618a3cab844&charset=utf-8&hittoken=1664344257_092839815645d97d10b4c5ac23efdcef45e56d859efefccd0385be5b6f33bb0a&browser-info=pa%3A1%3Aar%3A1%3Agdpr%3A14%3Avf%3Aat6op7b9z7b01ildvcz5k%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A904%3Acn%3A1%3Adp%3A0%3Als%3A960769979749%3Ahid%3A410057346%3Az%3A0%3Ai%3A20220928055055%3Aet%3A1664344255%3Ac%3A1%3Arn%3A172956757%3Arqn%3A7%3Au%3A1664344255780915727%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ans%3A1664344252860%3Aadb%3A2%3Arqnl%3A1%3Ast%3A1664344255&t=gdpr(14)mc(p-6)clc(0-0-0)aw(1)rqnt(7)rqnl(1)ti(2) HTTP/1.1
Host: mc.yandex.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Content-Length: 98
Origin: https://xfantazy.com
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-length: 43
date: Wed, 28 Sep 2022 05:50:57 GMT
access-control-allow-origin: https://xfantazy.com
access-control-allow-credentials: true
pragma: no-cache
x-xss-protection: 1; mode=block
expires: Wed, 28-Sep-2022 05:50:57 GMT
last-modified: Wed, 28-Sep-2022 05:50:57 GMT
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
content-type: image/gif
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 639785692dc29802e484e1e1d0ec86c4
cf81784351ce6302f540f491f893b44496809677
0e47d6e33fe9f6e588d308b62fa059c960a000c56651713e30baf6cd09b7de41
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "0E47D6E33FE9F6E588D308B62FA059C960A000C56651713E30BAF6CD09B7DE41"
Last-Modified: Sun, 25 Sep 2022 22:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11343
Expires: Wed, 28 Sep 2022 09:00:00 GMT
Date: Wed, 28 Sep 2022 05:50:57 GMT
Connection: keep-alive
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 639785692dc29802e484e1e1d0ec86c4
cf81784351ce6302f540f491f893b44496809677
0e47d6e33fe9f6e588d308b62fa059c960a000c56651713e30baf6cd09b7de41
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "0E47D6E33FE9F6E588D308B62FA059C960A000C56651713E30BAF6CD09B7DE41"
Last-Modified: Sun, 25 Sep 2022 22:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11343
Expires: Wed, 28 Sep 2022 09:00:00 GMT
Date: Wed, 28 Sep 2022 05:50:57 GMT
Connection: keep-alive
xfantazy.com/_next/static/chunks/styles.77acb212b856be16971e.js
200 OK 570 B URL HTTP/2 xfantazy.com/_next/static/chunks/styles.77acb212b856be16971e.js
IP
File type ASCII text, with no line terminators
Hash 0c03501b2889e9d15059b62a6381aca7
58c7c195b00701d6443949019fa70961ded37e85
fa6788644eaa6c71847f10a3c8eea3fbf6cc4fa3a32b8c3774c66dd3922bccc2
GET /_next/static/chunks/styles.77acb212b856be16971e.js HTTP/1.1
Host: xfantazy.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/video/60030b8cd7357618a3cab844
Cookie: visitorId=ni6eiv1w84d5fobgow4re; experiment-popup-payment-7=0; experiment-save-to-button-2=0; safeMode=0; advancedOptions=0; viewedVideoCounter=0
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Wed, 28 Sep 2022 05:50:56 GMT
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=31536000, immutable
cf-bgj: minify
etag: W/"55-1835016572f"
last-modified: Sun, 18 Sep 2022 10:13:04 GMT
vary: Origin, Accept-Encoding
cf-cache-status: HIT
age: 1152
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=PIs5hIlAbQW1ceVF1z12gmoqdtjEuK63Y8CzQTF8phYF8FWFGdrrvbmRz3jSRIEYhrDqBWdBpfjpkj%2F4ADocsd0CX69QuwocScow9k9kEqz7w8XxQS%2F5x2x22DkMUw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 751a34543c371c02-OSL
content-encoding: br
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd5653a1a-a7d7-4b1e-a27e-4eb6b032901d.jpeg
200 OK 11 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd5653a1a-a7d7-4b1e-a27e-4eb6b032901d.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash ee83d08d024d127fad5918e1ffacb78b
8ad289a77705358ab660b6123e9d90de991b6c13
aaab3590ef3777ce8b7a9a34f18866fa20ecaa554cbcdcdb3f1fa3c34c88ceb4
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd5653a1a-a7d7-4b1e-a27e-4eb6b032901d.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 11314
x-amzn-requestid: 9f410158-cd1a-45a9-9e86-4005b25577e4
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZI3e4Hw7oAMFpAg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63336c5f-70683c681f22a3b6103fcb4a;Sampled=0
x-amzn-remapped-date: Tue, 27 Sep 2022 21:34:23 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: l9IinQYCcQV_iymSArIEnOWgbmLlmVqz94402zcsmga5Bp3Sty7QRg==
via: 1.1 cd48ffda04934d18865e47e99ea080bc.cloudfront.net (CloudFront), 1.1 2f7934de1dfe281c3e4446892eab6462.cloudfront.net (CloudFront), 1.1 google
date: Tue, 27 Sep 2022 21:40:49 GMT
age: 29408
etag: "8ad289a77705358ab660b6123e9d90de991b6c13"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F8a264fec-4624-4025-b0d1-044fc33e338f.webp
200 OK 9.8 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F8a264fec-4624-4025-b0d1-044fc33e338f.webp
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 43d7c0db2af42ad4d0095324b2691f6c
1a1139cff14aff6755b9e43ff4ef8c9ece1102c1
42073c84e0c215109b54ab55a53cce9e6cce44f4619f5988fa4e2776ff70b362
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F8a264fec-4624-4025-b0d1-044fc33e338f.webp HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 9780
x-amzn-requestid: 9938422e-12cd-4aab-9e58-c26b8fee53b8
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZI3UOH3DoAMFZRw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63336c1a-37105d923f19437025abec71;Sampled=0
x-amzn-remapped-date: Tue, 27 Sep 2022 21:33:14 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: Halsx09hxT_sMRc2jy-fJA0tE85F6Bgz9P9Trx02Z9aMfIZVLkLW4g==
via: 1.1 7f5e0d3b9ea85d0d75063a66c0ebc840.cloudfront.net (CloudFront), 1.1 ee330666adf9f04c8c30094f8ddcd004.cloudfront.net (CloudFront), 1.1 google
date: Tue, 27 Sep 2022 22:11:14 GMT
age: 27583
etag: "1a1139cff14aff6755b9e43ff4ef8c9ece1102c1"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9aa8d9d6-9650-4c92-a2db-529657be591b.png
200 OK 10 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9aa8d9d6-9650-4c92-a2db-529657be591b.png
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 07f06c54e3b1431203308e4134e7efcb
e26e7e4f7c67d680f0c2d0fa84dcb77ffbef6a49
2814f21c6a21623c189163672867272eb24f754d3d22a8285349e5dd9f6b49f7
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9aa8d9d6-9650-4c92-a2db-529657be591b.png HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 10031
x-amzn-requestid: 0ac9a228-b6ce-4695-b269-f6a5ba959576
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZI3e4HTsoAMF8dQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63336c5f-1d1cacef2608d5820b2bc1b1;Sampled=0
x-amzn-remapped-date: Tue, 27 Sep 2022 21:34:23 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: HKSCXbOStqMfD92WWwpkNF1l9euR9RkHTo2boSKqhPAunGl2u_YGlg==
via: 1.1 f13aef0c4b52f6f681401f232d03eb68.cloudfront.net (CloudFront), 1.1 e80693c02cfdfd081110512210d57840.cloudfront.net (CloudFront), 1.1 google
date: Tue, 27 Sep 2022 21:46:48 GMT
age: 29049
etag: "e26e7e4f7c67d680f0c2d0fa84dcb77ffbef6a49"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc892aae9-4381-46ed-9dd8-bd581d7389ee.jpeg
200 OK 8.6 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc892aae9-4381-46ed-9dd8-bd581d7389ee.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 59163c799f3d48e74abdd285ee615119
883e61d46ef6c09013724aa7b8f560272ee08574
e1bafc575ff4274b210bee481a8e73c065de5bc14ddf46c269ef91eda0df8d84
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc892aae9-4381-46ed-9dd8-bd581d7389ee.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8621
x-amzn-requestid: 5a828651-41c2-4aa0-931d-6522098a8438
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZASUWEYvIAMFUJg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-632ffdb5-5ace75523a98a9237fabca8f;Sampled=0
x-amzn-remapped-date: Sun, 25 Sep 2022 07:05:25 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: _r1yeWUGcjSAzmlPcqiZrNgOGrGb29Dxgrz3AOm9oU0-wgHy7axiKw==
via: 1.1 41e349e25dc4bc856d0e5d2c162428a0.cloudfront.net (CloudFront), 1.1 2f7934de1dfe281c3e4446892eab6462.cloudfront.net (CloudFront), 1.1 google
date: Tue, 27 Sep 2022 07:40:36 GMT
age: 79821
etag: "883e61d46ef6c09013724aa7b8f560272ee08574"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ffb17f4e8-cf01-41dc-8d4d-247daf3e0160.jpeg
200 OK 14 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ffb17f4e8-cf01-41dc-8d4d-247daf3e0160.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash d039db0b842a4cbbaefdaab98bc6722b
78b1a603c4f7f2d6fbad15d7a4cd1397554339e9
65a3c7b0515cfd2a723f3bc3147cb98f3dd75ce1ecfce915c7c8e9ba5ae0bf2d
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ffb17f4e8-cf01-41dc-8d4d-247daf3e0160.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 14018
x-amzn-requestid: fb0f02e7-1ce0-4861-9446-13d60df06f24
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZI3xSEhCIAMFWkQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63336cd4-79f482493d204a1208fad00f;Sampled=0
x-amzn-remapped-date: Tue, 27 Sep 2022 21:36:20 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: ZAov4fpWAjIBhHfeYEwu39wJTG58HnW7ebekpIoNSgA7PLIs5b7sSg==
via: 1.1 4d7fa73f804f1c93f20cfc24c4b1266e.cloudfront.net (CloudFront), 1.1 ebe4011a81a36e2bf678f69ce1711330.cloudfront.net (CloudFront), 1.1 google
date: Tue, 27 Sep 2022 22:09:19 GMT
age: 27698
etag: "78b1a603c4f7f2d6fbad15d7a4cd1397554339e9"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb9a3b058-92c9-490e-9cbb-736f7e46510d.jpeg
200 OK 7.5 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb9a3b058-92c9-490e-9cbb-736f7e46510d.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash ea3890e460356d6ecc3ba4e405ac2e9e
b383135e2ebc23fe80eb0d594b198cb8c89327a5
8fcff053ce6e5750136bf876bad5b2916935f13ea039912d977928b086f0a48b
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb9a3b058-92c9-490e-9cbb-736f7e46510d.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7455
x-amzn-requestid: e99c9f33-b72a-4070-80cf-06fb4a87d1df
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZG4S6EcAoAMFX1A=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6332a0df-04122b4a345dbc3f3918af98;Sampled=0
x-amzn-remapped-date: Tue, 27 Sep 2022 07:06:07 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: yW-bGn5vYTa6Z28ELKYgYpy98wQEbYJIl5yxd1qLxz1YjVYKxMH2Wg==
via: 1.1 eece508272520f70691e4eebdc5a6dea.cloudfront.net (CloudFront), 1.1 5397b304713f6301c7c94ac084b6ed08.cloudfront.net (CloudFront), 1.1 google
date: Tue, 27 Sep 2022 07:31:02 GMT
age: 80395
etag: "b383135e2ebc23fe80eb0d594b198cb8c89327a5"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 5a456768063d5c349a3fce3f122f49e7
22bfe9598eb992fe6bd963ac685eab520c01559f
5b1a787ad6f6bc2b928da984ad90b55060dd2df0352483505c82f76c1a83f83c
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "5B1A787AD6F6BC2B928DA984AD90B55060DD2DF0352483505C82F76C1A83F83C"
Last-Modified: Tue, 27 Sep 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2750
Expires: Wed, 28 Sep 2022 06:36:47 GMT
Date: Wed, 28 Sep 2022 05:50:57 GMT
Connection: keep-alive
driverpartially.com/4d/0a/fc/4d0afc2425eea6b0cd5a468c9f8a69ed.js
200 OK 29 kB URL HTTP/1.1 driverpartially.com/4d/0a/fc/4d0afc2425eea6b0cd5a468c9f8a69ed.js
IP
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (65536), with no line terminators
Hash 70e4d708428201380c7dea5d917a2d42
3e61ffea99f256c3d23c65663dda15d0dbf603ac
4bf0b475ed03fd5e5fcf764013b2cc95d0669b250f84e663f0dfea74f163590f
Analyzer Verdict Alert fortinet Phishing
quad9 Sinkholed
GET /4d/0a/fc/4d0afc2425eea6b0cd5a468c9f8a69ed.js HTTP/1.1
Host: driverpartially.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Wed, 28 Sep 2022 05:50:58 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA-Full-Version-ListSec-CH-UA-MobileSec-CH-UA-Platform,Sec-CH-UA-Mobile,Sec-CH-UA-Platform,Sec-CH-UA-PlatformSec-CH-UA-ModelSec-CH-UA-Mobile,Sec-CH-UA-PlatformSec-CH-UA-Platform-Version,Sec-CH-UASec-CH-UA-MobileSec-CH-UA-Platform,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: c687f1c2ce015c875f09fac35a9c8e61
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
e1.o.lencr.org/
200 OK 345 B IP
ASN #20940 Akamai International B.V.
Hash 281a1314db9ff5d58e798af43ff5006a
91257ac2f1882606b05a985115645908572a00a1
9f3ff1aea2eeba30718c8516117dd6feb67277d27cf4e7b60cbf5f25353cad73
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "9F3FF1AEA2EEBA30718C8516117DD6FEB67277D27CF4E7B60CBF5F25353CAD73"
Last-Modified: Tue, 27 Sep 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=735
Expires: Wed, 28 Sep 2022 06:03:13 GMT
Date: Wed, 28 Sep 2022 05:50:58 GMT
Connection: keep-alive
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash eeaf400c970fa942e9b23fe0aa1a4538
6abdc0419a2ed2faa1a13c34e7350925cd19c46e
75f990711f04bce6bdf99e45d4a836cae317387ff360e7e5b5bf2d6a6a85cd48
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "75F990711F04BCE6BDF99E45D4A836CAE317387FF360E7E5B5BF2D6A6A85CD48"
Last-Modified: Mon, 26 Sep 2022 14:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3702
Expires: Wed, 28 Sep 2022 06:52:40 GMT
Date: Wed, 28 Sep 2022 05:50:58 GMT
Connection: keep-alive
e1.o.lencr.org/
200 OK 346 B IP
ASN #20940 Akamai International B.V.
Hash 2917b8abe74403bc4f20b2eed1ac39a2
8421735ad0b1729a0f3467a5fb0fe06db7a6a5fc
6389a79fa621d32138dab9c0fab190c515288ef534b023cc909a156979fcef39
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 346
ETag: "6389A79FA621D32138DAB9C0FAB190C515288EF534B023CC909A156979FCEF39"
Last-Modified: Mon, 26 Sep 2022 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12783
Expires: Wed, 28 Sep 2022 09:24:01 GMT
Date: Wed, 28 Sep 2022 05:50:58 GMT
Connection: keep-alive
driverpartially.com/sbar.json?key=a2f990f10476061c719d1c1aa3a2ecd2
200 OK 3.1 kB URL HTTP/1.1 driverpartially.com/sbar.json?key=a2f990f10476061c719d1c1aa3a2ecd2
IP
File type JSON data\012- , Unicode text, UTF-8 text, with very long lines (5715), with no line terminators
Hash c536b9c63cb9b0317eb4d4f2fc489b14
2f151b8805b63bc9d73cf53f6b4b389530fc2551
99447a78a4c1970685c1c953232821078d9bfe0deab1cf48ed21a706084747bf
Analyzer Verdict Alert quad9 Sinkholed
GET /sbar.json?key=a2f990f10476061c719d1c1aa3a2ecd2 HTTP/1.1
Host: driverpartially.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://xfantazy.com
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Wed, 28 Sep 2022 05:50:58 GMT
Content-Type: text/plain; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA-Full-Version-ListSec-CH-UA-MobileSec-CH-UA-Platform,Sec-CH-UA-Mobile,Sec-CH-UA-Platform,Sec-CH-UA-PlatformSec-CH-UA-ModelSec-CH-UA-Mobile,Sec-CH-UA-PlatformSec-CH-UA-Platform-Version,Sec-CH-UASec-CH-UA-MobileSec-CH-UA-Platform,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: https://xfantazy.com
Access-Control-Allow-Origin: https://xfantazy.com
Access-Control-Allow-Credentials: true
Set-Cookie: u_pl=15600826; expires=Thu, 29 Sep 2022 05:50:58 GMT; secure; SameSite=None
pdhtkv=true; expires=Thu, 29 Sep 2022 05:50:58 GMT; secure; SameSite=None
uncs=1; expires=Thu, 29 Sep 2022 05:50:58 GMT; secure; SameSite=None
pdhtkv29=true; expires=Thu, 29 Sep 2022 05:50:58 GMT; secure; SameSite=None
uncs29=1; expires=Thu, 29 Sep 2022 05:50:58 GMT; secure; SameSite=None
sleca2f990f10476061c719d1c1aa3a2ecd2=[3688733]; expires=Wed, 28 Sep 2022 05:51:03 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: ad1500ed52d6f861f19607608f8f494f
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 60eb1758175320a24926288a2b33cd16
014fffa4ecc7c98c2753e9667bc972527a6c5c17
d744b389b51cbfd427e404f20921da0863330fa9d9c176c7c7d4b6df6e48eb52
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "D744B389B51CBFD427E404F20921DA0863330FA9D9C176C7C7D4B6DF6E48EB52"
Last-Modified: Tue, 27 Sep 2022 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=17847
Expires: Wed, 28 Sep 2022 10:48:25 GMT
Date: Wed, 28 Sep 2022 05:50:58 GMT
Connection: keep-alive
precedentadministrator.com/pixel/purst?dl=0&th=0&sc=0&rs=2911&rd=2911&fd=756&bv=22.8.v.2&tmpl=136
200 OK 0 B URL HTTP/1.1 precedentadministrator.com/pixel/purst?dl=0&th=0&sc=0&rs=2911&rd=2911&fd=756&bv=22.8.v.2&tmpl=136
IP
ASN #39572 DataWeb Global Group B.V.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /pixel/purst?dl=0&th=0&sc=0&rs=2911&rd=2911&fd=756&bv=22.8.v.2&tmpl=136 HTTP/1.1
Host: precedentadministrator.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.22.0
Date: Wed, 28 Sep 2022 05:50:58 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
driverpartially.com/ren.gif?sid=H4sIAAAAAAAC%2F1SSz2skxRvGq5Ncvnw9qOQiEpnjCjLp7pn0zLiHxRizBONm3VX0JtVV3ZMy1V1NVdf0ZEQIuyB7nPwHnWeSDWpYFDwJLtJZ8BBQdjzlYPzxB3gR9roys8HRF5r3fft5Dp%2F3feuzA3tBXFh6vvaOGggp6fJK3a1d%2BdDzrtY2RWr7tX47%2BChoXq3p3uudoO6%2BWrsesR217Lue63quV1sXOopVf3kiQmQnHa%2FecetNv%2B6tNNHX%2F%2B2NdWCoA967IC9C8PHCI2cRglVIk6%2FWIrOTq%2By1txIraa40evz4%2FXQnVUWKZFbG2kGcHl%2B6oczj9YdQ6dEUF6r3jzEUY%2BL88BBhenwJibB3OOUMJaIUIf8%2Fil6FSFYQtAJTdyH4YwIwjhtbSJP7N5Qu6O4zlU7UMVl48hdEMSYLvywiTR6sStGv3VbS5kKlBv24hOhXEN0KmT1FPpiDKE7B8jsQ%2FEey%2FGQTaXK4ZaSC4OV0diEqiLiCjIagxoGdfMKBjR3YzEHCz2vM87yWyxl12x3GGrwVhQF3PdqKPeq5QRuWTfCGyLMhmByC6T1keg87Yn9MyJ1DaPs9zHYJwx2YfEycd%2FfQ4yWKiKAwBAUlKARBkRMUvfKIS%2BOb8j6XxobeZfYvc6Mcqbx7QI9U3o1ScpBdkBemy%2FnzuW%2BxE53XqB93Om7suc1W4AYea3kd7jGP0gb1I8Z9GFFCmLnpvAMxJosv%2F4FscrBPnyKkpzDyFEw8D2qXQItRy3dBt0fNtotBetKPaZrTwW6dqQRclcjyBeS7zoG8IC9NOdobS4jY2bVvBr9ff7D4CZgukekSH4tHBF15b3RLFeTwlioM%2BXory0UiBnRywNs5zaP5L96Odgul%2BcaaGX7%2BBpsIk%2FLkvcjkmzTlIu0a8uWq4DzS60qziHy3YT6IwpvWbK9andps8%2Bab6xtJpiNjhEorUDEmZP9XMDEm%2F3s6N32bSz9dgdAVtC2R2DNyGRDqFCzbg8lm%2FEbNQ8uZJ8wcFLYcaT%2Bc%2FZSCQEaznoYlzL%2F6cFYfmHvo6ldA87tIkxI9XaInS1A5hLHzozzTZ9d%2BbkwDoXRGodTOYSi13H%2B2XCPOa61Gw6VBZ8VrtWjUCpt%2BOw48TqnfDPwgoA3kZswav1V%2FAwAA%2F%2F8BAAD%2F%2FyJcWb1mBAAA
200 OK 7 B URL HTTP/1.1 driverpartially.com/ren.gif?sid=H4sIAAAAAAAC%2F1SSz2skxRvGq5Ncvnw9qOQiEpnjCjLp7pn0zLiHxRizBONm3VX0JtVV3ZMy1V1NVdf0ZEQIuyB7nPwHnWeSDWpYFDwJLtJZ8BBQdjzlYPzxB3gR9roys8HRF5r3fft5Dp%2F3feuzA3tBXFh6vvaOGggp6fJK3a1d%2BdDzrtY2RWr7tX47%2BChoXq3p3uudoO6%2BWrsesR217Lue63quV1sXOopVf3kiQmQnHa%2FecetNv%2B6tNNHX%2F%2B2NdWCoA967IC9C8PHCI2cRglVIk6%2FWIrOTq%2By1txIraa40evz4%2FXQnVUWKZFbG2kGcHl%2B6oczj9YdQ6dEUF6r3jzEUY%2BL88BBhenwJibB3OOUMJaIUIf8%2Fil6FSFYQtAJTdyH4YwIwjhtbSJP7N5Qu6O4zlU7UMVl48hdEMSYLvywiTR6sStGv3VbS5kKlBv24hOhXEN0KmT1FPpiDKE7B8jsQ%2FEey%2FGQTaXK4ZaSC4OV0diEqiLiCjIagxoGdfMKBjR3YzEHCz2vM87yWyxl12x3GGrwVhQF3PdqKPeq5QRuWTfCGyLMhmByC6T1keg87Yn9MyJ1DaPs9zHYJwx2YfEycd%2FfQ4yWKiKAwBAUlKARBkRMUvfKIS%2BOb8j6XxobeZfYvc6Mcqbx7QI9U3o1ScpBdkBemy%2FnzuW%2BxE53XqB93Om7suc1W4AYea3kd7jGP0gb1I8Z9GFFCmLnpvAMxJosv%2F4FscrBPnyKkpzDyFEw8D2qXQItRy3dBt0fNtotBetKPaZrTwW6dqQRclcjyBeS7zoG8IC9NOdobS4jY2bVvBr9ff7D4CZgukekSH4tHBF15b3RLFeTwlioM%2BXory0UiBnRywNs5zaP5L96Odgul%2BcaaGX7%2BBpsIk%2FLkvcjkmzTlIu0a8uWq4DzS60qziHy3YT6IwpvWbK9andps8%2Bab6xtJpiNjhEorUDEmZP9XMDEm%2F3s6N32bSz9dgdAVtC2R2DNyGRDqFCzbg8lm%2FEbNQ8uZJ8wcFLYcaT%2Bc%2FZSCQEaznoYlzL%2F6cFYfmHvo6ldA87tIkxI9XaInS1A5hLHzozzTZ9d%2BbkwDoXRGodTOYSi13H%2B2XCPOa61Gw6VBZ8VrtWjUCpt%2BOw48TqnfDPwgoA3kZswav1V%2FAwAA%2F%2F8BAAD%2F%2FyJcWb1mBAAA
IP
File type ASCII text, with no line terminators
Hash 132d6af1b46048b45cf86cdee7991d31
eb7007d03d59b65bc6da7e098c4d38fc6dfb6285
ab852e838deccd742a03ca81d4a8d75cf1a00b327db3eaf46bd7da6b6db9384c
Analyzer Verdict Alert fortinet Phishing
quad9 Sinkholed
GET /ren.gif?sid=H4sIAAAAAAAC%2F1SSz2skxRvGq5Ncvnw9qOQiEpnjCjLp7pn0zLiHxRizBONm3VX0JtVV3ZMy1V1NVdf0ZEQIuyB7nPwHnWeSDWpYFDwJLtJZ8BBQdjzlYPzxB3gR9roys8HRF5r3fft5Dp%2F3feuzA3tBXFh6vvaOGggp6fJK3a1d%2BdDzrtY2RWr7tX47%2BChoXq3p3uudoO6%2BWrsesR217Lue63quV1sXOopVf3kiQmQnHa%2FecetNv%2B6tNNHX%2F%2B2NdWCoA967IC9C8PHCI2cRglVIk6%2FWIrOTq%2By1txIraa40evz4%2FXQnVUWKZFbG2kGcHl%2B6oczj9YdQ6dEUF6r3jzEUY%2BL88BBhenwJibB3OOUMJaIUIf8%2Fil6FSFYQtAJTdyH4YwIwjhtbSJP7N5Qu6O4zlU7UMVl48hdEMSYLvywiTR6sStGv3VbS5kKlBv24hOhXEN0KmT1FPpiDKE7B8jsQ%2FEey%2FGQTaXK4ZaSC4OV0diEqiLiCjIagxoGdfMKBjR3YzEHCz2vM87yWyxl12x3GGrwVhQF3PdqKPeq5QRuWTfCGyLMhmByC6T1keg87Yn9MyJ1DaPs9zHYJwx2YfEycd%2FfQ4yWKiKAwBAUlKARBkRMUvfKIS%2BOb8j6XxobeZfYvc6Mcqbx7QI9U3o1ScpBdkBemy%2FnzuW%2BxE53XqB93Om7suc1W4AYea3kd7jGP0gb1I8Z9GFFCmLnpvAMxJosv%2F4FscrBPnyKkpzDyFEw8D2qXQItRy3dBt0fNtotBetKPaZrTwW6dqQRclcjyBeS7zoG8IC9NOdobS4jY2bVvBr9ff7D4CZgukekSH4tHBF15b3RLFeTwlioM%2BXory0UiBnRywNs5zaP5L96Odgul%2BcaaGX7%2BBpsIk%2FLkvcjkmzTlIu0a8uWq4DzS60qziHy3YT6IwpvWbK9andps8%2Bab6xtJpiNjhEorUDEmZP9XMDEm%2F3s6N32bSz9dgdAVtC2R2DNyGRDqFCzbg8lm%2FEbNQ8uZJ8wcFLYcaT%2Bc%2FZSCQEaznoYlzL%2F6cFYfmHvo6ldA87tIkxI9XaInS1A5hLHzozzTZ9d%2BbkwDoXRGodTOYSi13H%2B2XCPOa61Gw6VBZ8VrtWjUCpt%2BOw48TqnfDPwgoA3kZswav1V%2FAwAA%2F%2F8BAAD%2F%2FyJcWb1mBAAA HTTP/1.1
Host: driverpartially.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Cookie: u_pl=15600826; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1; sleca2f990f10476061c719d1c1aa3a2ecd2=[3688733]
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Wed, 28 Sep 2022 05:50:58 GMT
Content-Type: image/gif
Content-Length: 7
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA-Full-Version-ListSec-CH-UA-MobileSec-CH-UA-Platform,Sec-CH-UA-Mobile,Sec-CH-UA-Platform,Sec-CH-UA-PlatformSec-CH-UA-ModelSec-CH-UA-Mobile,Sec-CH-UA-PlatformSec-CH-UA-Platform-Version,Sec-CH-UASec-CH-UA-MobileSec-CH-UA-Platform,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 77cf47d4a73050ea3bf7366642f484df
Strict-Transport-Security: max-age=0; includeSubdomains
static-cache.k2s.cc/thumbnail/Iemb7yfzw625qWnB-Q/w320h240/0.jpeg
200 OK 14 kB URL HTTP/2 static-cache.k2s.cc/thumbnail/Iemb7yfzw625qWnB-Q/w320h240/0.jpeg
IP
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v80), quality = 80", baseline, precision 8, 320x240, components 3\012- data
Hash 9cb4edae936d340a2fb1cdec13935e3e
189ee2426c0312af5e65bc5a29b0f8c4d53d124c
bfd51e9e092259c6633aaf91c6bc4e1e912424664536bab36c5e7f8f7e4a0ef5
GET /thumbnail/Iemb7yfzw625qWnB-Q/w320h240/0.jpeg HTTP/1.1
Host: static-cache.k2s.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: openresty
date: Wed, 28 Sep 2022 05:50:58 GMT
content-type: image/jpeg
content-length: 14375
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
access-control-allow-origin: *
x-cache-status: HIT
X-Firefox-Spdy: h2
static-cache.k2s.cc/thumbnail/cO_BtXelnKvprW2WqQ/w320h240/0.jpeg
200 OK 6.3 kB URL HTTP/2 static-cache.k2s.cc/thumbnail/cO_BtXelnKvprW2WqQ/w320h240/0.jpeg
IP
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v80), quality = 80", baseline, precision 8, 320x240, components 3\012- data
Hash 2099e26ca89aa1a8424e19134f163acd
9911767619015667a6709fc9626b864d5425cb5b
9d9e1398e6b296bfe65ef8f7ccc2bb04fd5f3455834aa43e10c733942e74e06b
GET /thumbnail/cO_BtXelnKvprW2WqQ/w320h240/0.jpeg HTTP/1.1
Host: static-cache.k2s.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: openresty
date: Wed, 28 Sep 2022 05:50:58 GMT
content-type: image/jpeg
content-length: 6347
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
access-control-allow-origin: *
x-cache-status: HIT
X-Firefox-Spdy: h2
static-cache.k2s.cc/thumbnail/d7-atCCvyv--8G2XrQ/w320h240/0.jpeg
200 OK 11 kB URL HTTP/2 static-cache.k2s.cc/thumbnail/d7-atCCvyv--8G2XrQ/w320h240/0.jpeg
IP
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v80), quality = 80", baseline, precision 8, 320x240, components 3\012- data
Hash 7bab7e9c7c84a8184c7225abed374de1
3f9748800bd105a0b591a9926d31f75986c0c402
0d914f6498388a62e8c51a5331d47edb7edfb0ae3713f87393663ee4de7f0b46
GET /thumbnail/d7-atCCvyv--8G2XrQ/w320h240/0.jpeg HTTP/1.1
Host: static-cache.k2s.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: openresty
date: Wed, 28 Sep 2022 05:50:58 GMT
content-type: image/jpeg
content-length: 10673
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
access-control-allow-origin: *
x-cache-status: HIT
X-Firefox-Spdy: h2
static-cache.k2s.cc/thumbnail/cO6U73Cvy6_k_jnB-w/w320h240/0.jpeg
200 OK 10 kB URL HTTP/2 static-cache.k2s.cc/thumbnail/cO6U73Cvy6_k_jnB-w/w320h240/0.jpeg
IP
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v80), quality = 80", baseline, precision 8, 320x240, components 3\012- data
Hash c5723b9fdc174c77afcdaa4e9544b126
4e994a7d34eaeea112e8062a20ab4f7aa32aeb00
6779f4fa2656a08ec85ed0ec108231b1b5ed83bfce8eb5f56393e833352d150b
GET /thumbnail/cO6U73Cvy6_k_jnB-w/w320h240/0.jpeg HTTP/1.1
Host: static-cache.k2s.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: openresty
date: Wed, 28 Sep 2022 05:50:58 GMT
content-type: image/jpeg
content-length: 10485
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
access-control-allow-origin: *
x-cache-status: HIT
X-Firefox-Spdy: h2
static-cache.k2s.cc/thumbnail/JLuUuyCimKzr_WmXrg/w320h240/0.jpeg
200 OK 13 kB URL HTTP/2 static-cache.k2s.cc/thumbnail/JLuUuyCimKzr_WmXrg/w320h240/0.jpeg
IP
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v80), quality = 80", baseline, precision 8, 320x240, components 3\012- data
Hash a4cc22e94653013f1c64a7b0ffdc928a
e290013c90834601aa35cdf0b7d199ae65fe4ce3
8acb82513a7b8c0d20509d45c3c6f67fed2e93e9ccfa4e0a5d7555ffaca2e106
GET /thumbnail/JLuUuyCimKzr_WmXrg/w320h240/0.jpeg HTTP/1.1
Host: static-cache.k2s.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: openresty
date: Wed, 28 Sep 2022 05:50:58 GMT
content-type: image/jpeg
content-length: 12590
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
access-control-allow-origin: *
x-cache-status: HIT
X-Firefox-Spdy: h2
static-cache.k2s.cc/thumbnail/I-zBu3Kny6jv8TjEqQ/w320h240/0.jpeg
200 OK 12 kB URL HTTP/2 static-cache.k2s.cc/thumbnail/I-zBu3Kny6jv8TjEqQ/w320h240/0.jpeg
IP
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v80), quality = 80", baseline, precision 8, 320x240, components 3\012- data
Hash 8916e0ba06e2c1158d6907bff60bd6cb
e1403dad53a837dbf95e4eaedbc97c3d477176bd
778b0722c9982990410c48ac0990ad46a15bbaef8c269fc7cbdda41ca42e84cf
GET /thumbnail/I-zBu3Kny6jv8TjEqQ/w320h240/0.jpeg HTTP/1.1
Host: static-cache.k2s.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: openresty
date: Wed, 28 Sep 2022 05:50:58 GMT
content-type: image/jpeg
content-length: 11482
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
access-control-allow-origin: *
x-cache-status: HIT
X-Firefox-Spdy: h2
static-cache.k2s.cc/thumbnail/I-6UtHShyPrpqmqV_g/w320h240/0.jpeg
200 OK 8.5 kB URL HTTP/2 static-cache.k2s.cc/thumbnail/I-6UtHShyPrpqmqV_g/w320h240/0.jpeg
IP
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v80), quality = 80", baseline, precision 8, 320x240, components 3\012- data
Hash cd132966aaedb6c142ce74232eeb6641
2588a478f20c8b71de1c8307731f0d4212920438
52b8e7dfdec0b0ee482411bc5470f7a48a2b7b953538b55dbbe275ac3afe8ded
GET /thumbnail/I-6UtHShyPrpqmqV_g/w320h240/0.jpeg HTTP/1.1
Host: static-cache.k2s.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: openresty
date: Wed, 28 Sep 2022 05:50:58 GMT
content-type: image/jpeg
content-length: 8505
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
access-control-allow-origin: *
x-cache-status: HIT
X-Firefox-Spdy: h2
static-cache.k2s.cc/thumbnail/dbvGuSClza7u-DjGrA/w320h240/0.jpeg
200 OK 10 kB URL HTTP/2 static-cache.k2s.cc/thumbnail/dbvGuSClza7u-DjGrA/w320h240/0.jpeg
IP
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v80), quality = 80", baseline, precision 8, 320x240, components 3\012- data
Hash a2f17c5853bfdb4bdd39beb2ce822920
33feacfcf03d3db2c06cb5a0e390f9e8a50530cf
cadf06004168a120b2f5fdf8c7e69b532985c2f9001ea93e798d4317a2718e91
GET /thumbnail/dbvGuSClza7u-DjGrA/w320h240/0.jpeg HTTP/1.1
Host: static-cache.k2s.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: openresty
date: Wed, 28 Sep 2022 05:50:58 GMT
content-type: image/jpeg
content-length: 9990
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
access-control-allow-origin: *
x-cache-status: HIT
X-Firefox-Spdy: h2
a.focusde.info/api/spots/395190?host=xfantazy.com&ev=196&wh=939&ww=1280
200 OK 0 B URL HTTP/2 a.focusde.info/api/spots/395190?host=xfantazy.com&ev=196&wh=939&ww=1280
IP
ASN #24940 Hetzner Online GmbH
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /api/spots/395190?host=xfantazy.com&ev=196&wh=939&ww=1280 HTTP/1.1
Host: a.focusde.info
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Cookie: nauid=eEWRVhjhbGeGzuTuETHa
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 28 Sep 2022 05:50:58 GMT
content-length: 0
cache-control: private
X-Firefox-Spdy: h2
a.focusde.info/api/spots/391867?host=xfantazy.com&ev=196&wh=939&ww=1280
200 OK 850 B URL HTTP/2 a.focusde.info/api/spots/391867?host=xfantazy.com&ev=196&wh=939&ww=1280
IP
ASN #24940 Hetzner Online GmbH
Hash 6b341aa1c064063bd483c2b6a4758c59
8ea9e362364a45858067db53e0f44bc0aeed5154
75db382531472aecc9a8b04c3d0a4e9d262f3e63c8f5c48a2cc9c52b168a0997
GET /api/spots/391867?host=xfantazy.com&ev=196&wh=939&ww=1280 HTTP/1.1
Host: a.focusde.info
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Cookie: nauid=eEWRVhjhbGeGzuTuETHa
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 28 Sep 2022 05:50:58 GMT
content-type: text/javascript; charset=utf-8
vary: Accept-Encoding
cache-control: private
content-encoding: gzip
X-Firefox-Spdy: h2
e1.o.lencr.org/
200 OK 345 B IP
ASN #20940 Akamai International B.V.
Hash a8efccf4c61af35f8011cfb61e7f66ca
90987edc2453bcd66d8c89ed47c9882a846b22d6
973f1eaa5748b6c10ab41032e3a0dfd1f370ac6c25e819e54e81b8c3c4bd78a0
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "973F1EAA5748B6C10AB41032E3A0DFD1F370AC6C25E819E54E81B8C3C4BD78A0"
Last-Modified: Mon, 26 Sep 2022 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8279
Expires: Wed, 28 Sep 2022 08:08:57 GMT
Date: Wed, 28 Sep 2022 05:50:58 GMT
Connection: keep-alive
driverpartially.com/pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.barscreative1.com%2Fsb%2Fau%2F29%2F79%2Fb6%2F2979b6cd81afad6251e222515b2d8311%2F1663145782.html&l=1775&fd=94
200 OK 0 B URL HTTP/1.1 driverpartially.com/pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.barscreative1.com%2Fsb%2Fau%2F29%2F79%2Fb6%2F2979b6cd81afad6251e222515b2d8311%2F1663145782.html&l=1775&fd=94
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.barscreative1.com%2Fsb%2Fau%2F29%2F79%2Fb6%2F2979b6cd81afad6251e222515b2d8311%2F1663145782.html&l=1775&fd=94 HTTP/1.1
Host: driverpartially.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Cookie: u_pl=15600826; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1; sleca2f990f10476061c719d1c1aa3a2ecd2=[3688733]
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Wed, 28 Sep 2022 05:50:58 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
a.focusde.info/api/spots/391866?host=xfantazy.com&ev=196&wh=939&ww=1280
200 OK 850 B URL HTTP/2 a.focusde.info/api/spots/391866?host=xfantazy.com&ev=196&wh=939&ww=1280
IP
ASN #24940 Hetzner Online GmbH
Hash 5c49a497c59ff4895fbec15445116562
e98341a85a85fe7c7b076c18fccff3fee64c4c0a
a4917cbad65d6a8ce55730a460fef11f6f7643524fbf5fbafa14e67d6abd4338
GET /api/spots/391866?host=xfantazy.com&ev=196&wh=939&ww=1280 HTTP/1.1
Host: a.focusde.info
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Cookie: nauid=eEWRVhjhbGeGzuTuETHa
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 28 Sep 2022 05:50:58 GMT
content-type: text/javascript; charset=utf-8
vary: Accept-Encoding
cache-control: private
content-encoding: gzip
X-Firefox-Spdy: h2
static-cache.k2s.cc/thumbnail/J-mSvXajmKu5-27Cqw/w320h240/0.jpeg
404 Not Found 622 B URL HTTP/2 static-cache.k2s.cc/thumbnail/J-mSvXajmKu5-27Cqw/w320h240/0.jpeg
IP
Hash 152fa285e61c93292141ca2f996a9dea
65d67996a01164aee6fb04a26be5358dbe41d0d3
755e5fa1d46ec5da04d2faf56b813a24d8edf70fd9f468889fe7e5b4c0513a83
GET /thumbnail/J-mSvXajmKu5-27Cqw/w320h240/0.jpeg HTTP/1.1
Host: static-cache.k2s.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 404 Not Found
server: openresty
date: Wed, 28 Sep 2022 05:50:58 GMT
content-type: application/json
access-control-allow-origin: *
X-Firefox-Spdy: h2
a.focusde.info/api/click/7771533940847691095?c=90
200 OK 0 B URL HTTP/2 a.focusde.info/api/click/7771533940847691095?c=90
IP
ASN #24940 Hetzner Online GmbH
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /api/click/7771533940847691095?c=90 HTTP/1.1
Host: a.focusde.info
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://a.focusde.info/api/spots/312873?p=1&s1=%subid1%&kw=
Cookie: nauid=eEWRVhjhbGeGzuTuETHa
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 28 Sep 2022 05:50:58 GMT
content-length: 0
access-control-allow-credentials: true
access-control-allow-origin: *
cache-control: private
X-Firefox-Spdy: h2
media.aso1.net/js/ifr.html
200 OK 665 B URL HTTP/2 media.aso1.net/js/ifr.html
IP
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash 3697209092332e6efe700a51ca307453
88ec1d2ce0eab02648e75aa4fb910b4f6a78c9d2
e69326eb6b42ad44bc24d8e9638b551553cf4eb7eac5fee4a2eb8d29c1c33f38
GET /js/ifr.html HTTP/1.1
Host: media.aso1.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Wed, 28 Sep 2022 05:50:58 GMT
content-type: text/html
last-modified: Mon, 29 Aug 2022 13:18:49 GMT
etag: W/"630cbcb9-6ea"
expires: Fri, 02 Sep 2022 06:53:13 GMT
cache-control: max-age=259200
x-robots-tag: noindex, nofollow, noarchive, noimageindex
cf-cache-status: HIT
age: 839594
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=qcZ4BiM5J0QZPNigSBzfAcg9xhCeWJdjmUkd1hK0ljQpaFYa8hyaupb4X1URZA%2BROUxfXAqcTAHKQL4887dhCD5OTlhZI4OIrTvk8w9tb6d7HFAt2fr2s5Yk%2Bg%2BvPFVveQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 751a34617c2f740f-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
driverpartially.com/pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.sb4you1.com%2Fsb%2Fssp%2Fnotifications%2Ftext_bubble%2F2%2Fcss%2Fstyle.css&l=9193&fd=129
200 OK 0 B URL HTTP/1.1 driverpartially.com/pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.sb4you1.com%2Fsb%2Fssp%2Fnotifications%2Ftext_bubble%2F2%2Fcss%2Fstyle.css&l=9193&fd=129
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.sb4you1.com%2Fsb%2Fssp%2Fnotifications%2Ftext_bubble%2F2%2Fcss%2Fstyle.css&l=9193&fd=129 HTTP/1.1
Host: driverpartially.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Cookie: u_pl=15600826; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1; sleca2f990f10476061c719d1c1aa3a2ecd2=[3688733]
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Wed, 28 Sep 2022 05:50:59 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
driverpartially.com/pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.sb4you1.com%2Fsb%2Fssp%2Fnotifications%2Ftext_bubble%2F2%2Fcss%2Fanimate.css&l=79249&fd=132
200 OK 0 B URL HTTP/1.1 driverpartially.com/pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.sb4you1.com%2Fsb%2Fssp%2Fnotifications%2Ftext_bubble%2F2%2Fcss%2Fanimate.css&l=79249&fd=132
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.sb4you1.com%2Fsb%2Fssp%2Fnotifications%2Ftext_bubble%2F2%2Fcss%2Fanimate.css&l=79249&fd=132 HTTP/1.1
Host: driverpartially.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Cookie: u_pl=15600826; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1; sleca2f990f10476061c719d1c1aa3a2ecd2=[3688733]
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Wed, 28 Sep 2022 05:50:59 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
media.aso1.net/js/ifr.html
200 OK 1.8 kB URL HTTP/2 media.aso1.net/js/ifr.html
IP
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash 645ae94afdcc2b567272c406e7d4ac36
c9e94b012739a62b05d12fa3a529d914f06f6ed6
9a80010e6148a9485638e4e7d1704870b5d00aed64053f0bba5b3212c56a83ba
GET /js/ifr.html HTTP/1.1
Host: media.aso1.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Wed, 28 Sep 2022 05:50:58 GMT
content-type: text/html
last-modified: Mon, 29 Aug 2022 13:18:49 GMT
etag: W/"630cbcb9-6ea"
expires: Fri, 02 Sep 2022 06:53:13 GMT
cache-control: max-age=259200
x-robots-tag: noindex, nofollow, noarchive, noimageindex
cf-cache-status: HIT
age: 839594
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=WHxj%2FfCgq713doCf0LW5szv%2FPjr7NjSg9wDrkSsIambd5l8WB2ldB6Gc7vdRGTxk6MDBg8Zvyn4R0R%2Bo39%2BzBhgcBTVEcv0OW6h0umoGJ8CFJMVEMB5GtLtEjmlJXxz9WQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 751a34612c04740f-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
a.focusde.info/api/spots/312874?p=1&s1=%subid1%&kw=
200 OK 5.8 kB URL HTTP/2 a.focusde.info/api/spots/312874?p=1&s1=%subid1%&kw=
IP
ASN #24940 Hetzner Online GmbH
Hash 2c9f4f269483759d9af25e8fa382adca
e1c1fc8ff78cea3266a3744f1ff045a9b7620645
c0d7ae774b3a91f1d7eb0cceb1446e2aafa46ee888712470361477b2b6a2fafe
GET /api/spots/312874?p=1&s1=%subid1%&kw= HTTP/1.1
Host: a.focusde.info
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 28 Sep 2022 05:50:58 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
set-cookie: nauid=704vMot37h6tvByBqqIE; Path=/; Expires=Wed, 11 Nov 2037 11:11:11 GMT; Secure; SameSite=None
cache-control: private
content-encoding: gzip
X-Firefox-Spdy: h2
r3.o.lencr.org/
200 OK 1.2 kB IP
ASN #20940 Akamai International B.V.
File type gzip compressed data, max compression\012- data
Hash b23dc13e52597139d64043a6c4379d7d
3824a64e117f5908732a55e48c82d151cf35b51a
d2a5308af28839a820b31c4e7ef92954fd71513bf3135d5bc681fbaf4a31a6ec
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "2501F62B10B278C0E95705040A281C9DD8DF9EE336C30995C85F5329FD8BE7C0"
Last-Modified: Mon, 26 Sep 2022 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8736
Expires: Wed, 28 Sep 2022 08:16:35 GMT
Date: Wed, 28 Sep 2022 05:50:59 GMT
Connection: keep-alive
a.focusde.info/api/spots/303891?p=1&s1=%subid1%&kw=
200 OK 14 kB URL HTTP/2 a.focusde.info/api/spots/303891?p=1&s1=%subid1%&kw=
IP
ASN #24940 Hetzner Online GmbH
Hash 2435184a1e795518c014ad5da73415f2
ecf8a1d53f27302b5f37f6aa8a1c039e5f3f7246
21eb2761206501f8dca8b6e1e2ea314a8c07304b5bd59b900281e4960c35bac6
GET /api/spots/303891?p=1&s1=%subid1%&kw= HTTP/1.1
Host: a.focusde.info
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 28 Sep 2022 05:50:58 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
set-cookie: nauid=n5oglx1eCO7hDTJbPJqC; Path=/; Expires=Wed, 11 Nov 2037 11:11:11 GMT; Secure; SameSite=None
cache-control: private
content-encoding: gzip
X-Firefox-Spdy: h2
e1.o.lencr.org/
200 OK 345 B IP
ASN #20940 Akamai International B.V.
Hash db9b9fa82e0451233d6327abb9fb80b0
3980b6dc6cf4732bbfa58a37a5b00d667f8a607d
ba50ae670a5909d2cd739d2a0b48f997809330c7280de4b58296a1ffa59d4694
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "BA50AE670A5909D2CD739D2A0B48F997809330C7280DE4B58296A1FFA59D4694"
Last-Modified: Mon, 26 Sep 2022 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2035
Expires: Wed, 28 Sep 2022 06:24:54 GMT
Date: Wed, 28 Sep 2022 05:50:59 GMT
Connection: keep-alive
e1.o.lencr.org/
200 OK 344 B IP
ASN #20940 Akamai International B.V.
Hash 061c104da310316018034ea438ff3472
957a1a074a0b4997456fd1dfaf46fba592be5713
9d73939fba3149ff3da99ca69a8c5fe0f09c144fe39200a5c0725c6df4d429ac
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 344
ETag: "9D73939FBA3149FF3DA99CA69A8C5FE0F09C144FE39200A5C0725C6DF4D429AC"
Last-Modified: Tue, 27 Sep 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=14347
Expires: Wed, 28 Sep 2022 09:50:06 GMT
Date: Wed, 28 Sep 2022 05:50:59 GMT
Connection: keep-alive
e1.o.lencr.org/
200 OK 344 B IP
ASN #20940 Akamai International B.V.
Hash 061c104da310316018034ea438ff3472
957a1a074a0b4997456fd1dfaf46fba592be5713
9d73939fba3149ff3da99ca69a8c5fe0f09c144fe39200a5c0725c6df4d429ac
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 344
ETag: "9D73939FBA3149FF3DA99CA69A8C5FE0F09C144FE39200A5C0725C6DF4D429AC"
Last-Modified: Tue, 27 Sep 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=14347
Expires: Wed, 28 Sep 2022 09:50:06 GMT
Date: Wed, 28 Sep 2022 05:50:59 GMT
Connection: keep-alive
a.focusde.info/api/spots/391865?host=xfantazy.com&ev=196&wh=939&ww=1280
200 OK 22 kB URL HTTP/2 a.focusde.info/api/spots/391865?host=xfantazy.com&ev=196&wh=939&ww=1280
IP
ASN #24940 Hetzner Online GmbH
Hash 2253a7cc5c1f48ebe137d0833ca64ea2
e0bfc9c1321b59b45b7be1e6dfbd4fea69c6f02f
d1f0608f466936ea3a653b7dd31d9f6cdc7d92ee6ae2aeff7f41c09476c23b7e
GET /api/spots/391865?host=xfantazy.com&ev=196&wh=939&ww=1280 HTTP/1.1
Host: a.focusde.info
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Cookie: nauid=eEWRVhjhbGeGzuTuETHa
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 28 Sep 2022 05:50:58 GMT
content-type: text/javascript; charset=utf-8
vary: Accept-Encoding
cache-control: private
content-encoding: gzip
X-Firefox-Spdy: h2
e1.o.lencr.org/
200 OK 344 B IP
ASN #20940 Akamai International B.V.
Hash 061c104da310316018034ea438ff3472
957a1a074a0b4997456fd1dfaf46fba592be5713
9d73939fba3149ff3da99ca69a8c5fe0f09c144fe39200a5c0725c6df4d429ac
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 344
ETag: "9D73939FBA3149FF3DA99CA69A8C5FE0F09C144FE39200A5C0725C6DF4D429AC"
Last-Modified: Tue, 27 Sep 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=14347
Expires: Wed, 28 Sep 2022 09:50:06 GMT
Date: Wed, 28 Sep 2022 05:50:59 GMT
Connection: keep-alive
thachuchopy.com/cwHxV-z.azGAlBtCZ_zE9FhGZHE-lJkKPLTMQ_0OOPDQARz-MTiUZVjWd_DY0ZmaZbn-Bd2ePfTgg_wiMjDkAlm-ZnnoJp2qP_TsEtwuMvD-AxwyJzmAl_tCZDzE1Fo-dHHIRJwKc_yMUNzOQPS-URySRTiUU_yWRXjYEZw-ObTcQd1eL_TgIhuicjy-5ljmZnGo4_xqNrSs5tj-bv2w0xlyM_kAZBjCcDm-VFhGdHGIl_2KZLXMMNl-MPkQYRxSN_zUEVzWNXT-cZlaMbkcY_yeMfTgYhx-MjTkMllmM_koYp0qNrD-gtwuMvzwJ_fyNzDAVBh-NDzEgFuGc_GI5JnKJLn-BNhOePTQ0_4SMTDUAVw-JXnYBZhae_Wc9d1edfF-BhlicjkkN_smanWoNpr-PrTsAtmuc_mwVx2yPzT-EBwCMDDEA_wGJHnINJz-PLTMUNmOc_3QQR9SMTS-ZV6WbX2Y5_laSbWcQd9-NfDgQh2iN_Dkkl2mMng-
302 Found 0 B URL HTTP/2 thachuchopy.com/cwHxV-z.azGAlBtCZ_zE9FhGZHE-lJkKPLTMQ_0OOPDQARz-MTiUZVjWd_DY0ZmaZbn-Bd2ePfTgg_wiMjDkAlm-ZnnoJp2qP_TsEtwuMvD-AxwyJzmAl_tCZDzE1Fo-dHHIRJwKc_yMUNzOQPS-URySRTiUU_yWRXjYEZw-ObTcQd1eL_TgIhuicjy-5ljmZnGo4_xqNrSs5tj-bv2w0xlyM_kAZBjCcDm-VFhGdHGIl_2KZLXMMNl-MPkQYRxSN_zUEVzWNXT-cZlaMbkcY_yeMfTgYhx-MjTkMllmM_koYp0qNrD-gtwuMvzwJ_fyNzDAVBh-NDzEgFuGc_GI5JnKJLn-BNhOePTQ0_4SMTDUAVw-JXnYBZhae_Wc9d1edfF-BhlicjkkN_smanWoNpr-PrTsAtmuc_mwVx2yPzT-EBwCMDDEA_wGJHnINJz-PLTMUNmOc_3QQR9SMTS-ZV6WbX2Y5_laSbWcQd9-NfDgQh2iN_Dkkl2mMng-
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /cwHxV-z.azGAlBtCZ_zE9FhGZHE-lJkKPLTMQ_0OOPDQARz-MTiUZVjWd_DY0ZmaZbn-Bd2ePfTgg_wiMjDkAlm-ZnnoJp2qP_TsEtwuMvD-AxwyJzmAl_tCZDzE1Fo-dHHIRJwKc_yMUNzOQPS-URySRTiUU_yWRXjYEZw-ObTcQd1eL_TgIhuicjy-5ljmZnGo4_xqNrSs5tj-bv2w0xlyM_kAZBjCcDm-VFhGdHGIl_2KZLXMMNl-MPkQYRxSN_zUEVzWNXT-cZlaMbkcY_yeMfTgYhx-MjTkMllmM_koYp0qNrD-gtwuMvzwJ_fyNzDAVBh-NDzEgFuGc_GI5JnKJLn-BNhOePTQ0_4SMTDUAVw-JXnYBZhae_Wc9d1edfF-BhlicjkkN_smanWoNpr-PrTsAtmuc_mwVx2yPzT-EBwCMDDEA_wGJHnINJz-PLTMUNmOc_3QQR9SMTS-ZV6WbX2Y5_laSbWcQd9-NfDgQh2iN_Dkkl2mMng- HTTP/1.1
Host: thachuchopy.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://media.aso1.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 302 Found
server: nginx
date: Wed, 28 Sep 2022 05:50:59 GMT
content-length: 0
expires: Mon, 26 Jul 2011 05:00:00 GMT
cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
pragma: no-cache
accept-ch: Sec-CH-UA-Platform-Version, Sec-CH-UA-Platform
location: https://10945-2.s.cdn15.com/creatives/171357/216113/448032_45a78.png
x-content-type-options: nosniff
X-Firefox-Spdy: h2
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash b56134771794748d7d8788b4f4e677c2
104d818d4b9ef1f1bd8e96c860766d021fc628f5
da1ae9892ad3e3453af5b255d0c5a3cd145f45e1444a1406cbbb5e663959c2b3
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "DA1AE9892AD3E3453AF5B255D0C5A3CD145F45E1444A1406CBBB5E663959C2B3"
Last-Modified: Tue, 27 Sep 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=20936
Expires: Wed, 28 Sep 2022 11:39:55 GMT
Date: Wed, 28 Sep 2022 05:50:59 GMT
Connection: keep-alive
xfantazy.com/cdn-cgi/challenge-platform/h/b/scripts/alpha/invisible.js?ts=1664337600
200 OK 30 kB URL HTTP/2 xfantazy.com/cdn-cgi/challenge-platform/h/b/scripts/alpha/invisible.js?ts=1664337600
IP
File type ASCII text, with very long lines (43101), with no line terminators
Hash 80f4270b68a37c42792aed958dcb00e2
d64bcae30aab8e5cb3d5b8c1b47eebd93e08ea05
a575bf827eade8aed5ed9a15f3d81042c39c2779f48d5ec31fd4b5c2ef44771f
GET /cdn-cgi/challenge-platform/h/b/scripts/alpha/invisible.js?ts=1664337600 HTTP/1.1
Host: xfantazy.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Cookie: visitorId=ni6eiv1w84d5fobgow4re; experiment-popup-payment-7=0; experiment-save-to-button-2=0
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Wed, 28 Sep 2022 05:50:56 GMT
content-type: application/javascript; charset=UTF-8
cache-control: max-age=14400, public
x-control-type-options: nosniff
vary: accept-encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=3ixKqE4ATCXh3aCWpJnMiFHdqP6NJkor%2FTqhGpl0DwS4X%2B2Z73QIrEgzkb2JgoKKQk0lPddOHXESXKqsGAUoxfFoqwAF2oideaw7JLSAHKX0QWZGlT6xT7SIUMessg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 751a3451ea851c02-OSL
content-encoding: br
X-Firefox-Spdy: h2
ocsp.sectigo.com/
200 OK 472 B IP
Hash f8826519fae90d681854a581b06615c2
d2c22fa085aae20ff7d563cc44f9d44f898614cc
b0971fe17ce963c7a8aa3b18ac0f61b60ebfb12316dd01c12804e61cbce3f7e3
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Wed, 28 Sep 2022 05:50:59 GMT
Content-Type: application/ocsp-response
Content-Length: 472
Connection: keep-alive
Last-Modified: Tue, 27 Sep 2022 08:27:05 GMT
Expires: Tue, 04 Oct 2022 08:27:04 GMT
Etag: "d2c22fa085aae20ff7d563cc44f9d44f898614cc"
Cache-Control: max-age=527164,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb3
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 751a34651e65b51d-OSL
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash d80d9a637cf8b04c4efc31f50696faf4
c4994993a8588db01e0b73e56efa403d5f9dbac2
547d7732026dddccf5e0bb9a786c89bab78f8b06f905666fbcf0ae9219715b3d
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "547D7732026DDDCCF5E0BB9A786C89BAB78F8B06F905666FBCF0AE9219715B3D"
Last-Modified: Mon, 26 Sep 2022 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=17870
Expires: Wed, 28 Sep 2022 10:48:49 GMT
Date: Wed, 28 Sep 2022 05:50:59 GMT
Connection: keep-alive
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 9f3a3a4917e04be315609e439bde888f
a00db137814e6505f4b93b0f62acda17fcb77584
918bed1e201f5a597d7be79297b3b50fed2b37fec068f29072ad64f8bf96bc05
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "918BED1E201F5A597D7BE79297B3B50FED2B37FEC068F29072AD64F8BF96BC05"
Last-Modified: Tue, 27 Sep 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=17813
Expires: Wed, 28 Sep 2022 10:47:52 GMT
Date: Wed, 28 Sep 2022 05:50:59 GMT
Connection: keep-alive
poweredby.jads.co/js/jads.js
301 Moved Permanently 178 B URL HTTP/1.1 poweredby.jads.co/js/jads.js
IP
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash cd2e0e43980a00fb6a2742d3afd803b8
81ffbd1712afe8cdf138b570c0fc9934742c33c1
bd9df047d51943acc4bc6cf55d88edb5b6785a53337ee2a0f74dd521aedde87d
GET /js/jads.js HTTP/1.1
Host: poweredby.jads.co
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://media.aso1.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Wed, 28 Sep 2022 05:50:59 GMT
Content-Type: text/html
Content-Length: 178
Connection: keep-alive
Location: jads2.js
poweredby.jads.co/js/jads2.js
200 OK 1.7 kB URL HTTP/1.1 poweredby.jads.co/js/jads2.js
IP
File type ASCII text, with very long lines (3758), with no line terminators
Hash 558e1b61fc513016183a3812938e79fb
5f72ea61a2aad8f7a0956321d3fd8524db70eddf
a79f8c0aabfc2d1d45e4df2a86ca9172d292b08987f7a9d5c10bd10abf3aef54
GET /js/jads2.js HTTP/1.1
Host: poweredby.jads.co
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://media.aso1.net/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Wed, 28 Sep 2022 05:50:59 GMT
Content-Type: application/x-javascript
Last-Modified: Mon, 11 Jul 2022 00:36:11 GMT
Transfer-Encoding: chunked
Connection: close
ETag: W/"62cb707b-eae"
Content-Encoding: gzip
cdn.sb4you1.com/sb/ssp/notifications/text_bubble/2/css/style.css
200 OK 5.0 kB URL HTTP/2 cdn.sb4you1.com/sb/ssp/notifications/text_bubble/2/css/style.css
IP
Hash 84219769e874d963f1039835a66d0f46
365f1ffea01fbdc179ab904837aaad5bb605370a
43c181522898b30343813bead83bffefdb41a2cf866da983041a4fa76048dfa2
GET /sb/ssp/notifications/text_bubble/2/css/style.css HTTP/1.1
Host: cdn.sb4you1.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://xfantazy.com
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Wed, 28 Sep 2022 05:50:58 GMT
content-type: text/css
last-modified: Tue, 12 Jul 2022 11:09:04 GMT
etag: W/"62cd5650-23e9"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 1198420
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=hQSs2Joi28QYv3CwgW%2FqWj2SDz2OxaRuTIdim%2FSdp86uO36qtEfAq9rh%2B%2BiUIFnWU0gHyvBxxenRl0RsPwI0xVS8ZgBx7cO%2FzHEASfI37X40HqlJ5OHFp27%2FjWhB2F5KXKM%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 751a3461fd567732-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
10945-2.s.cdn15.com/creatives/171357/216113/448032_45a78.png
200 OK 9.4 kB URL HTTP/2 10945-2.s.cdn15.com/creatives/171357/216113/448032_45a78.png
IP
ASN #61107 Toonbox Studio Ltd
File type PNG image data, 192 x 192, 8-bit/color RGBA, non-interlaced\012- data
Hash 03cfef95b159bac03fd92ca6864284e6
709a5eba38c15a0fb2c9fff295021019877df5c5
53e0793d137cd5a3896a1ca0126b5548b9d67053eb8a8b8feeb5c501beb045aa
GET /creatives/171357/216113/448032_45a78.png HTTP/1.1
Host: 10945-2.s.cdn15.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://media.aso1.net/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: ucdn/1.22.0
date: Wed, 28 Sep 2022 05:50:59 GMT
content-type: image/png
content-length: 9418
last-modified: Tue, 27 Sep 2022 12:35:41 GMT
etag: "03cfef95b159bac03fd92ca6864284e6"
x-timestamp: 1664282140.63901
x-trans-id: tx110c496f138d4f98aec28-006332ee22
x-openstack-request-id: tx110c496f138d4f98aec28-006332ee22
expires: Thu, 09 Mar 2023 20:20:57 GMT
cache-control: max-age=14048998
x-ureq-id: XDrrrzssYKy7XniAYHDaCxO/1BtQYlPAo1HVcwFLMsr3uaLidETSLqKazNe79F20GEByJQyhOC8MENovHnWAlKl6rDOZz1zoddCAgTNgNdg=
x-served-from: l1
access-control-allow-origin: *
access-control-allow-methods: HEAD, GET, OPTIONS
x-vhostid: 6589, 24218
accept-ranges: bytes
X-Firefox-Spdy: h2
unseenreport.com/pxf.gif?uuid=6ea9962f-206d-4837-a11e-524eaf673041&eb=afa55bd8bbaeee6cbf2f0b21fb513961&te=9e4947f35751465411fd1a4f5c358c78&ua=Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64%3B%20rv%3A96.0)%20Gecko%2F20100101%20Firefox%2F96.0&dev=r&res=14.31&b_frame=0&pk=a2f990f10476061c719d1c1aa3a2ecd2&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=5
200 OK 1 B URL HTTP/1.1 unseenreport.com/pxf.gif?uuid=6ea9962f-206d-4837-a11e-524eaf673041&eb=afa55bd8bbaeee6cbf2f0b21fb513961&te=9e4947f35751465411fd1a4f5c358c78&ua=Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64%3B%20rv%3A96.0)%20Gecko%2F20100101%20Firefox%2F96.0&dev=r&res=14.31&b_frame=0&pk=a2f990f10476061c719d1c1aa3a2ecd2&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=5
IP
ASN #39572 DataWeb Global Group B.V.
File type very short file (no magic)
Hash 93b885adfe0da089cdf634904fd59f71
5ba93c9db0cff93f52b521d7420e43f6eda2784f
6e340b9cffb37a989ca544e6bb780a2c78901d3fb33738768511a30617afa01d
Analyzer Verdict Alert quad9 Sinkholed
GET /pxf.gif?uuid=6ea9962f-206d-4837-a11e-524eaf673041&eb=afa55bd8bbaeee6cbf2f0b21fb513961&te=9e4947f35751465411fd1a4f5c358c78&ua=Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64%3B%20rv%3A96.0)%20Gecko%2F20100101%20Firefox%2F96.0&dev=r&res=14.31&b_frame=0&pk=a2f990f10476061c719d1c1aa3a2ecd2&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=5 HTTP/1.1
Host: unseenreport.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.17.6
Date: Wed, 28 Sep 2022 05:50:59 GMT
Content-Type: image/gif
Content-Length: 1
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: de03e4487ecf791d3020db7bceaf76fe
Strict-Transport-Security: max-age=0; includeSubdomains
unseenreport.com/pxf.gif?uuid=6ea9962f-206d-4837-a11e-524eaf673041&eb=afa55bd8bbaeee6cbf2f0b21fb513961&te=9e4947f35751465411fd1a4f5c358c78&ua=Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64%3B%20rv%3A96.0)%20Gecko%2F20100101%20Firefox%2F96.0&dev=r&res=14.31&b_frame=0&pk=4d0afc2425eea6b0cd5a468c9f8a69ed&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=5
200 OK 1 B URL HTTP/1.1 unseenreport.com/pxf.gif?uuid=6ea9962f-206d-4837-a11e-524eaf673041&eb=afa55bd8bbaeee6cbf2f0b21fb513961&te=9e4947f35751465411fd1a4f5c358c78&ua=Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64%3B%20rv%3A96.0)%20Gecko%2F20100101%20Firefox%2F96.0&dev=r&res=14.31&b_frame=0&pk=4d0afc2425eea6b0cd5a468c9f8a69ed&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=5
IP
ASN #39572 DataWeb Global Group B.V.
File type very short file (no magic)
Hash 93b885adfe0da089cdf634904fd59f71
5ba93c9db0cff93f52b521d7420e43f6eda2784f
6e340b9cffb37a989ca544e6bb780a2c78901d3fb33738768511a30617afa01d
Analyzer Verdict Alert quad9 Sinkholed
GET /pxf.gif?uuid=6ea9962f-206d-4837-a11e-524eaf673041&eb=afa55bd8bbaeee6cbf2f0b21fb513961&te=9e4947f35751465411fd1a4f5c358c78&ua=Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64%3B%20rv%3A96.0)%20Gecko%2F20100101%20Firefox%2F96.0&dev=r&res=14.31&b_frame=0&pk=4d0afc2425eea6b0cd5a468c9f8a69ed&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=5 HTTP/1.1
Host: unseenreport.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.17.6
Date: Wed, 28 Sep 2022 05:50:59 GMT
Content-Type: image/gif
Content-Length: 1
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: d66c800cb239c735f25a6a070fac1593
Strict-Transport-Security: max-age=0; includeSubdomains
driverpartially.com/impr.gif?sid=H4sIAAAAAAAC%2F1SSz2skxRvGq5Ncvnw9qOQiEpnjCjLpnpnMD%2FewGGOWYNysu4repLqqelKmuqup6pqejAhhF2SPk%2F%2Bg80yyQQ2LgifBRToLHgLKjqccjD%2F%2BAC%2FCXldmNjj6QvO%2Bbz%2FP4fO%2Bb3124C6ID0fP197RA6kUXV6p%2BpUrHwbB1cqmTFy%2F0m83P2o2rlZM7%2FVOs%2Bq%2FWrku2I5ervmB7wd%2BUFmXRkS6vzwRIdOTTlDt%2BNVGrRqsNNA3%2F%2B2t82CpB967IC9C8vHCI28RkpVI4q%2FWhN3JdPraW7FTNNMGPX78frKT6DxBPCsj4yFKji%2Fd0Pbx%2BkPo5GiKC937xxjKMfF%2BeIgwOb6ERNg7nHKGCiJByP%2BPvFdCqBKSlmD6LiR%2FTADGcWMLSXz%2FhjY53X2m0ok6JgtP%2FoLMx2Thl0Uk8YNVJfuV21q5TOrEoh8VkP0SslsidafIBnOQ%2BSlYdgeS%2F0iWn2wiiQ%2B3rNKQvJjOLmUJGZVQYghqPbjJJz24yINLPcT8vMKCIGj5nFG%2F3WGszlsibHI%2FoK0ooIHfbMOxCd4QWToEU0Mws4fU7GFH7o8JuXMI476H3S5guQebjYn37h56vEAuCHJLkFOCXBLkGUHeK464sjVb3OfKujC4zLXLXC9GOuse0COddUVCDtIL8sJ0OX8%2B9y12xHmF1qJOx48Cv9Fq%2Bs2AtYIOD1hAaZ3WBOM1WFlA2rnpvAM5Josv%2F4F0crBPnyKkp7DqFEw%2BD%2BqWQPNRq%2BaDbo8abR%2BD5KQf0SSjg90q0zG4LpBmC8h2vQN1QV6acrQ3liDY2bVvBr9ff7D4CZgpkJoCH8tHBF11b3RL5%2BTwls4t%2BXorzWQsB3RywNsZzcT8F2%2BL3VwbvrFmh5%2B%2FwSbCpDx5T9hskyZcJl1LvlyVnAuzrg0T5LsN%2B4EIbzq7vepM4tLNm2%2Bub8SpEdZKnZSgckzI%2Fq9gckz%2B93Ru%2BjaXfroCaUoYVyB2Z%2BQyIPUpWLoHm874rZ6HUTNPmHrIXTEytXD2U0kCJWY9DQvYf%2FXhrD6w99A1r4Bmd5HEBXqmQE8VoGoI6%2BZHWWrOrv1cnwZC5Y1CZbzDUBm1%2F2y5Vp5X6j5vhSISrVA0VhqRYDxcWQl9FrGwzttthsyOWf238m8AAAD%2F%2FwEAAP%2F%2FooiMVWYEAAA%3D
200 OK 7 B URL HTTP/1.1 driverpartially.com/impr.gif?sid=H4sIAAAAAAAC%2F1SSz2skxRvGq5Ncvnw9qOQiEpnjCjLpnpnMD%2FewGGOWYNysu4repLqqelKmuqup6pqejAhhF2SPk%2F%2Bg80yyQQ2LgifBRToLHgLKjqccjD%2F%2BAC%2FCXldmNjj6QvO%2Bbz%2FP4fO%2Bb3124C6ID0fP197RA6kUXV6p%2BpUrHwbB1cqmTFy%2F0m83P2o2rlZM7%2FVOs%2Bq%2FWrku2I5ervmB7wd%2BUFmXRkS6vzwRIdOTTlDt%2BNVGrRqsNNA3%2F%2B2t82CpB967IC9C8vHCI28RkpVI4q%2FWhN3JdPraW7FTNNMGPX78frKT6DxBPCsj4yFKji%2Fd0Pbx%2BkPo5GiKC937xxjKMfF%2BeIgwOb6ERNg7nHKGCiJByP%2BPvFdCqBKSlmD6LiR%2FTADGcWMLSXz%2FhjY53X2m0ok6JgtP%2FoLMx2Thl0Uk8YNVJfuV21q5TOrEoh8VkP0SslsidafIBnOQ%2BSlYdgeS%2F0iWn2wiiQ%2B3rNKQvJjOLmUJGZVQYghqPbjJJz24yINLPcT8vMKCIGj5nFG%2F3WGszlsibHI%2FoK0ooIHfbMOxCd4QWToEU0Mws4fU7GFH7o8JuXMI476H3S5guQebjYn37h56vEAuCHJLkFOCXBLkGUHeK464sjVb3OfKujC4zLXLXC9GOuse0COddUVCDtIL8sJ0OX8%2B9y12xHmF1qJOx48Cv9Fq%2Bs2AtYIOD1hAaZ3WBOM1WFlA2rnpvAM5Josv%2F4F0crBPnyKkp7DqFEw%2BD%2BqWQPNRq%2BaDbo8abR%2BD5KQf0SSjg90q0zG4LpBmC8h2vQN1QV6acrQ3liDY2bVvBr9ff7D4CZgpkJoCH8tHBF11b3RL5%2BTwls4t%2BXorzWQsB3RywNsZzcT8F2%2BL3VwbvrFmh5%2B%2FwSbCpDx5T9hskyZcJl1LvlyVnAuzrg0T5LsN%2B4EIbzq7vepM4tLNm2%2Bub8SpEdZKnZSgckzI%2Fq9gckz%2B93Ru%2BjaXfroCaUoYVyB2Z%2BQyIPUpWLoHm874rZ6HUTNPmHrIXTEytXD2U0kCJWY9DQvYf%2FXhrD6w99A1r4Bmd5HEBXqmQE8VoGoI6%2BZHWWrOrv1cnwZC5Y1CZbzDUBm1%2F2y5Vp5X6j5vhSISrVA0VhqRYDxcWQl9FrGwzttthsyOWf238m8AAAD%2F%2FwEAAP%2F%2FooiMVWYEAAA%3D
IP
File type ASCII text, with no line terminators
Hash 132d6af1b46048b45cf86cdee7991d31
eb7007d03d59b65bc6da7e098c4d38fc6dfb6285
ab852e838deccd742a03ca81d4a8d75cf1a00b327db3eaf46bd7da6b6db9384c
Analyzer Verdict Alert fortinet Phishing
quad9 Sinkholed
GET /impr.gif?sid=H4sIAAAAAAAC%2F1SSz2skxRvGq5Ncvnw9qOQiEpnjCjLpnpnMD%2FewGGOWYNysu4repLqqelKmuqup6pqejAhhF2SPk%2F%2Bg80yyQQ2LgifBRToLHgLKjqccjD%2F%2BAC%2FCXldmNjj6QvO%2Bbz%2FP4fO%2Bb3124C6ID0fP197RA6kUXV6p%2BpUrHwbB1cqmTFy%2F0m83P2o2rlZM7%2FVOs%2Bq%2FWrku2I5ervmB7wd%2BUFmXRkS6vzwRIdOTTlDt%2BNVGrRqsNNA3%2F%2B2t82CpB967IC9C8vHCI28RkpVI4q%2FWhN3JdPraW7FTNNMGPX78frKT6DxBPCsj4yFKji%2Fd0Pbx%2BkPo5GiKC937xxjKMfF%2BeIgwOb6ERNg7nHKGCiJByP%2BPvFdCqBKSlmD6LiR%2FTADGcWMLSXz%2FhjY53X2m0ok6JgtP%2FoLMx2Thl0Uk8YNVJfuV21q5TOrEoh8VkP0SslsidafIBnOQ%2BSlYdgeS%2F0iWn2wiiQ%2B3rNKQvJjOLmUJGZVQYghqPbjJJz24yINLPcT8vMKCIGj5nFG%2F3WGszlsibHI%2FoK0ooIHfbMOxCd4QWToEU0Mws4fU7GFH7o8JuXMI476H3S5guQebjYn37h56vEAuCHJLkFOCXBLkGUHeK464sjVb3OfKujC4zLXLXC9GOuse0COddUVCDtIL8sJ0OX8%2B9y12xHmF1qJOx48Cv9Fq%2Bs2AtYIOD1hAaZ3WBOM1WFlA2rnpvAM5Josv%2F4F0crBPnyKkp7DqFEw%2BD%2BqWQPNRq%2BaDbo8abR%2BD5KQf0SSjg90q0zG4LpBmC8h2vQN1QV6acrQ3liDY2bVvBr9ff7D4CZgpkJoCH8tHBF11b3RL5%2BTwls4t%2BXorzWQsB3RywNsZzcT8F2%2BL3VwbvrFmh5%2B%2FwSbCpDx5T9hskyZcJl1LvlyVnAuzrg0T5LsN%2B4EIbzq7vepM4tLNm2%2Bub8SpEdZKnZSgckzI%2Fq9gckz%2B93Ru%2BjaXfroCaUoYVyB2Z%2BQyIPUpWLoHm874rZ6HUTNPmHrIXTEytXD2U0kCJWY9DQvYf%2FXhrD6w99A1r4Bmd5HEBXqmQE8VoGoI6%2BZHWWrOrv1cnwZC5Y1CZbzDUBm1%2F2y5Vp5X6j5vhSISrVA0VhqRYDxcWQl9FrGwzttthsyOWf238m8AAAD%2F%2FwEAAP%2F%2FooiMVWYEAAA%3D HTTP/1.1
Host: driverpartially.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Cookie: u_pl=15600826; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1; sleca2f990f10476061c719d1c1aa3a2ecd2=[3688733]
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Wed, 28 Sep 2022 05:50:59 GMT
Content-Type: image/gif
Content-Length: 7
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA-Full-Version-ListSec-CH-UA-MobileSec-CH-UA-Platform,Sec-CH-UA-Mobile,Sec-CH-UA-Platform,Sec-CH-UA-PlatformSec-CH-UA-ModelSec-CH-UA-Mobile,Sec-CH-UA-PlatformSec-CH-UA-Platform-Version,Sec-CH-UASec-CH-UA-MobileSec-CH-UA-Platform,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 87a0c7e44aaccb5e1cb46079ddaa6d76
Strict-Transport-Security: max-age=0; includeSubdomains
driverpartially.com/pixel/sbs?c=1
200 OK 0 B URL HTTP/1.1 driverpartially.com/pixel/sbs?c=1
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /pixel/sbs?c=1 HTTP/1.1
Host: driverpartially.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Cookie: u_pl=15600826; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1; sleca2f990f10476061c719d1c1aa3a2ecd2=[3688733]
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Wed, 28 Sep 2022 05:50:59 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 44951777ccf8c5e67526c905de9b420b
b851697eb272dfc945cf82315962cd3163c2d883
c9764c1aa45c8f43bfd07b261b39bf5667d4e5be335dea57635c03e20623a840
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C9764C1AA45C8F43BFD07B261B39BF5667D4E5BE335DEA57635C03E20623A840"
Last-Modified: Tue, 27 Sep 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2197
Expires: Wed, 28 Sep 2022 06:27:36 GMT
Date: Wed, 28 Sep 2022 05:50:59 GMT
Connection: keep-alive
rtbrennab.com/banner/in/show/?mid=1616166003&pid=0&site=4511&sc=NO&usage_type=DCH&subid=2045230537&sid=0&cid=12774&price=0&is_cpm=1&cpm=0.0048&ecpm=0.0048&crid=&crtid=d41d8cd98f00b204e9800998ecf8427e&tcid=0&out_id=&ver=&ver_c=&refdom=a.focusde.info&hostname=auc-banner-hz-0&site_id=0&spot_id=0&utm_source=tcban_i&utm_medium=4511&utm_campaign=19775&utm_content=&expirationTimestamp=0&created_at=0000-00-00&is_native=6&auction_queue=0&pop_winurl=&ip=91.90.42.154&testab=&px_id=0&adblock=0&auction_host=&mm=&yc=&render_type=&campaign_type=&uniq=&exp=&resp_type=iframeAd&iabcat=&min_cpm=0.0001&placement_type_id=-1&skin_test=&verify_hash=&score=31&ml=&ttl=&space_id=859&banner_width=300&banner_height=250&accel=0&gyr=0&iabcat=&url=%2F%2Fin16.zog.link%2Fin%2Ftishow%2F%3Fkatds_ep%3DiVpSLyYA0vGaC9LVs0-WRIj0JaXY9icLMKxfih6Z9qT-hSXFkaSUaioKgFCQb1SYpLvl7FzkcrghlQyKFTQRkFr0i8PLlbHF9s1W8Y-GPJhqXJVs0tkDajKuhd1n6daMmzYDlUTuisQ6AMkZDtbtEwg4zzFF9gE6bJzeGY1E5C-nyJHBROgdv6RLFE5EjIqrP9t1HsX_uELjFa1LkyCOWUzqW54u5eRPLcmnMMQ6tz0pCTXs39D1Vg6JxU6TzLCX4V7TsAr6O43al5vhZqpAflwThuVz1peSR8ojvb9wSaRo89AWmCsGS_8GBqgF0yf7778Icu0Wr5tYWWRjG_FIvjzexl6T3wnXxTwDvULVyEdIQDyV4iA1VdM1BdAaSYmRMJQuO6HImSx0KnkQbe_Tj14jStneAwVrGEuCRvl2_nxLeRIrd2VFBUJxFOEFATdr4MIh5B71jGD7pM-o4E8UA3e42uB9a364iuKUuKaTL5JquTndjuNZIm9xXPijcJCSGRLdCh0SsZIwK4Lxor4o6de9HcZPHesGDL3ftEuj-H8s3a4mIdMLZdtLIOBX7KXzxFOjLnq0inBABstjbVJqGHNSn7U0Ah3nxJc2ffS4SRuzmk-nD2HAMi5QSxZHSNv33o16um--j_TnihiNF8jKITlTujdIVXqEbMeziqslCo4K-agEaD2RWKY6rdij7IOIiteua4OPVEBSuf9oCZ-tOWFuBXA2Q8q2FN77l2bGKRNC_reY142KCdCAcyY1MHD2HruwFLXni21hbspntaST56G--0bpjTRINm7VIMwdAmyhASTjHmDIOGvcJdquDNGzY13TpYhhi4kC4Q9WzuVgHx2B_L6RYVlfbp3QWRmInSW-tqAwyMOBIjXznQ8CDGxT8TmybG_8VN-Lm4yUkYEZJBCEFc08ntfbHNYCDb0kvnwIaH3bjD4iAX_MxbGRTfM_8sKMmsdgd2i_4HIYtpHJBHc9wo3gS62pe7_bcrviK8BRNVpMdZq4zSKo-ZzwdSh-L6TpX4ALv5MEHOwxI23u0X7iBAk3Eo8IHDZpyy0_34BZ_hoSsRmLeoOYbFb_iODJOPIgml7wAj6FgzwfWXwA6S49X03-3jwIQgjpLqDUBNF2bV4caGsWAMXPaedmiT41OxRW4GIfT2ya6-fx4bWA3AMstlZus_SZ1pLOjF3b-r4o2Vm1LwtfhtMzHLKbDbuXAaBpYM913yhJRCyWIHB50WDYgWcjc1eHborfj0AB6oMUpF0xKqVOpIzwIzTt-c329nP9hGlYawjn1UVXuVW6l5E4IyVJxTiKFlVtRNYZl8tQ5znk0924QIqwbW6jwdQtiGN2Lcpl5XA2IpcOmZJo73hHMXF9Quhx2R_F5eC_k4hAoai9IEwf8PrQLfWOet3sTsnjk1Y7S0rqatSY_Ex-RkJbqvstEL_VvLrBuUXSCuUOFglB-Wehog7Qhny2HMBw1B88LlSJwcWm9vLQERXamyVE_khb88N_ysd5j2d2q7KQXoLEycosm2bXyYRZKVFaHJ8n0QoT4l2zjZ4-su8r6SgyFl7C2bZuN1XjirUMJeb9DMz3cNpDuq8_1x1h_XtEH5ew03r-kvL8SxaH5mGmhT9hsyDWg8N6g0ZE1kWvupYhaJNCf9yFPrx3Ps6_VOVCJFvWOoGKDsreMfwXh32LW09GsV_YPqFhxZAhzWKmL_dnyVxmVOp7mdg_nQHtDPM2h4s80lmQhPgh7vSajI9EZG5JYGNxlxuxnwKibpfD18tFP7-06d1d_LkVw2r5ADXNxmmWfv6psVyRvDQuWEBGpBKxbTirkDpImwdYK2qtR6Mr7CzBqFE2o1b1eop_Bs7JquogYkn0z9-_80WQcxD7O9iEKvpfnSKF7jbTM_VCyxHftPxzppkUWErpu__Ig4adatfD2tAJhpfY2wVBC0ehVFUKAEUwqa63Uu59KONSK-SPVRf9bhBXRBwoPm7oo4ja_8O-W3wtl1ku4tGQkQe0gbJvImvXtgcrXSFlG4u_2wk2ZGl3gEGDbE997QekhJSCQ60nhGq0UwCnry--roNV%26sp%3D0.0048&pr=&bid_crid=&bid_cid=&is_iframe=0&ad_tags=&stratagem=&ssp=0
302 Found 0 B URL HTTP/2 rtbrennab.com/banner/in/show/?mid=1616166003&pid=0&site=4511&sc=NO&usage_type=DCH&subid=2045230537&sid=0&cid=12774&price=0&is_cpm=1&cpm=0.0048&ecpm=0.0048&crid=&crtid=d41d8cd98f00b204e9800998ecf8427e&tcid=0&out_id=&ver=&ver_c=&refdom=a.focusde.info&hostname=auc-banner-hz-0&site_id=0&spot_id=0&utm_source=tcban_i&utm_medium=4511&utm_campaign=19775&utm_content=&expirationTimestamp=0&created_at=0000-00-00&is_native=6&auction_queue=0&pop_winurl=&ip=91.90.42.154&testab=&px_id=0&adblock=0&auction_host=&mm=&yc=&render_type=&campaign_type=&uniq=&exp=&resp_type=iframeAd&iabcat=&min_cpm=0.0001&placement_type_id=-1&skin_test=&verify_hash=&score=31&ml=&ttl=&space_id=859&banner_width=300&banner_height=250&accel=0&gyr=0&iabcat=&url=%2F%2Fin16.zog.link%2Fin%2Ftishow%2F%3Fkatds_ep%3DiVpSLyYA0vGaC9LVs0-WRIj0JaXY9icLMKxfih6Z9qT-hSXFkaSUaioKgFCQb1SYpLvl7FzkcrghlQyKFTQRkFr0i8PLlbHF9s1W8Y-GPJhqXJVs0tkDajKuhd1n6daMmzYDlUTuisQ6AMkZDtbtEwg4zzFF9gE6bJzeGY1E5C-nyJHBROgdv6RLFE5EjIqrP9t1HsX_uELjFa1LkyCOWUzqW54u5eRPLcmnMMQ6tz0pCTXs39D1Vg6JxU6TzLCX4V7TsAr6O43al5vhZqpAflwThuVz1peSR8ojvb9wSaRo89AWmCsGS_8GBqgF0yf7778Icu0Wr5tYWWRjG_FIvjzexl6T3wnXxTwDvULVyEdIQDyV4iA1VdM1BdAaSYmRMJQuO6HImSx0KnkQbe_Tj14jStneAwVrGEuCRvl2_nxLeRIrd2VFBUJxFOEFATdr4MIh5B71jGD7pM-o4E8UA3e42uB9a364iuKUuKaTL5JquTndjuNZIm9xXPijcJCSGRLdCh0SsZIwK4Lxor4o6de9HcZPHesGDL3ftEuj-H8s3a4mIdMLZdtLIOBX7KXzxFOjLnq0inBABstjbVJqGHNSn7U0Ah3nxJc2ffS4SRuzmk-nD2HAMi5QSxZHSNv33o16um--j_TnihiNF8jKITlTujdIVXqEbMeziqslCo4K-agEaD2RWKY6rdij7IOIiteua4OPVEBSuf9oCZ-tOWFuBXA2Q8q2FN77l2bGKRNC_reY142KCdCAcyY1MHD2HruwFLXni21hbspntaST56G--0bpjTRINm7VIMwdAmyhASTjHmDIOGvcJdquDNGzY13TpYhhi4kC4Q9WzuVgHx2B_L6RYVlfbp3QWRmInSW-tqAwyMOBIjXznQ8CDGxT8TmybG_8VN-Lm4yUkYEZJBCEFc08ntfbHNYCDb0kvnwIaH3bjD4iAX_MxbGRTfM_8sKMmsdgd2i_4HIYtpHJBHc9wo3gS62pe7_bcrviK8BRNVpMdZq4zSKo-ZzwdSh-L6TpX4ALv5MEHOwxI23u0X7iBAk3Eo8IHDZpyy0_34BZ_hoSsRmLeoOYbFb_iODJOPIgml7wAj6FgzwfWXwA6S49X03-3jwIQgjpLqDUBNF2bV4caGsWAMXPaedmiT41OxRW4GIfT2ya6-fx4bWA3AMstlZus_SZ1pLOjF3b-r4o2Vm1LwtfhtMzHLKbDbuXAaBpYM913yhJRCyWIHB50WDYgWcjc1eHborfj0AB6oMUpF0xKqVOpIzwIzTt-c329nP9hGlYawjn1UVXuVW6l5E4IyVJxTiKFlVtRNYZl8tQ5znk0924QIqwbW6jwdQtiGN2Lcpl5XA2IpcOmZJo73hHMXF9Quhx2R_F5eC_k4hAoai9IEwf8PrQLfWOet3sTsnjk1Y7S0rqatSY_Ex-RkJbqvstEL_VvLrBuUXSCuUOFglB-Wehog7Qhny2HMBw1B88LlSJwcWm9vLQERXamyVE_khb88N_ysd5j2d2q7KQXoLEycosm2bXyYRZKVFaHJ8n0QoT4l2zjZ4-su8r6SgyFl7C2bZuN1XjirUMJeb9DMz3cNpDuq8_1x1h_XtEH5ew03r-kvL8SxaH5mGmhT9hsyDWg8N6g0ZE1kWvupYhaJNCf9yFPrx3Ps6_VOVCJFvWOoGKDsreMfwXh32LW09GsV_YPqFhxZAhzWKmL_dnyVxmVOp7mdg_nQHtDPM2h4s80lmQhPgh7vSajI9EZG5JYGNxlxuxnwKibpfD18tFP7-06d1d_LkVw2r5ADXNxmmWfv6psVyRvDQuWEBGpBKxbTirkDpImwdYK2qtR6Mr7CzBqFE2o1b1eop_Bs7JquogYkn0z9-_80WQcxD7O9iEKvpfnSKF7jbTM_VCyxHftPxzppkUWErpu__Ig4adatfD2tAJhpfY2wVBC0ehVFUKAEUwqa63Uu59KONSK-SPVRf9bhBXRBwoPm7oo4ja_8O-W3wtl1ku4tGQkQe0gbJvImvXtgcrXSFlG4u_2wk2ZGl3gEGDbE997QekhJSCQ60nhGq0UwCnry--roNV%26sp%3D0.0048&pr=&bid_crid=&bid_cid=&is_iframe=0&ad_tags=&stratagem=&ssp=0
IP
ASN #24940 Hetzner Online GmbH
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /banner/in/show/?mid=1616166003&pid=0&site=4511&sc=NO&usage_type=DCH&subid=2045230537&sid=0&cid=12774&price=0&is_cpm=1&cpm=0.0048&ecpm=0.0048&crid=&crtid=d41d8cd98f00b204e9800998ecf8427e&tcid=0&out_id=&ver=&ver_c=&refdom=a.focusde.info&hostname=auc-banner-hz-0&site_id=0&spot_id=0&utm_source=tcban_i&utm_medium=4511&utm_campaign=19775&utm_content=&expirationTimestamp=0&created_at=0000-00-00&is_native=6&auction_queue=0&pop_winurl=&ip=91.90.42.154&testab=&px_id=0&adblock=0&auction_host=&mm=&yc=&render_type=&campaign_type=&uniq=&exp=&resp_type=iframeAd&iabcat=&min_cpm=0.0001&placement_type_id=-1&skin_test=&verify_hash=&score=31&ml=&ttl=&space_id=859&banner_width=300&banner_height=250&accel=0&gyr=0&iabcat=&url=%2F%2Fin16.zog.link%2Fin%2Ftishow%2F%3Fkatds_ep%3DiVpSLyYA0vGaC9LVs0-WRIj0JaXY9icLMKxfih6Z9qT-hSXFkaSUaioKgFCQb1SYpLvl7FzkcrghlQyKFTQRkFr0i8PLlbHF9s1W8Y-GPJhqXJVs0tkDajKuhd1n6daMmzYDlUTuisQ6AMkZDtbtEwg4zzFF9gE6bJzeGY1E5C-nyJHBROgdv6RLFE5EjIqrP9t1HsX_uELjFa1LkyCOWUzqW54u5eRPLcmnMMQ6tz0pCTXs39D1Vg6JxU6TzLCX4V7TsAr6O43al5vhZqpAflwThuVz1peSR8ojvb9wSaRo89AWmCsGS_8GBqgF0yf7778Icu0Wr5tYWWRjG_FIvjzexl6T3wnXxTwDvULVyEdIQDyV4iA1VdM1BdAaSYmRMJQuO6HImSx0KnkQbe_Tj14jStneAwVrGEuCRvl2_nxLeRIrd2VFBUJxFOEFATdr4MIh5B71jGD7pM-o4E8UA3e42uB9a364iuKUuKaTL5JquTndjuNZIm9xXPijcJCSGRLdCh0SsZIwK4Lxor4o6de9HcZPHesGDL3ftEuj-H8s3a4mIdMLZdtLIOBX7KXzxFOjLnq0inBABstjbVJqGHNSn7U0Ah3nxJc2ffS4SRuzmk-nD2HAMi5QSxZHSNv33o16um--j_TnihiNF8jKITlTujdIVXqEbMeziqslCo4K-agEaD2RWKY6rdij7IOIiteua4OPVEBSuf9oCZ-tOWFuBXA2Q8q2FN77l2bGKRNC_reY142KCdCAcyY1MHD2HruwFLXni21hbspntaST56G--0bpjTRINm7VIMwdAmyhASTjHmDIOGvcJdquDNGzY13TpYhhi4kC4Q9WzuVgHx2B_L6RYVlfbp3QWRmInSW-tqAwyMOBIjXznQ8CDGxT8TmybG_8VN-Lm4yUkYEZJBCEFc08ntfbHNYCDb0kvnwIaH3bjD4iAX_MxbGRTfM_8sKMmsdgd2i_4HIYtpHJBHc9wo3gS62pe7_bcrviK8BRNVpMdZq4zSKo-ZzwdSh-L6TpX4ALv5MEHOwxI23u0X7iBAk3Eo8IHDZpyy0_34BZ_hoSsRmLeoOYbFb_iODJOPIgml7wAj6FgzwfWXwA6S49X03-3jwIQgjpLqDUBNF2bV4caGsWAMXPaedmiT41OxRW4GIfT2ya6-fx4bWA3AMstlZus_SZ1pLOjF3b-r4o2Vm1LwtfhtMzHLKbDbuXAaBpYM913yhJRCyWIHB50WDYgWcjc1eHborfj0AB6oMUpF0xKqVOpIzwIzTt-c329nP9hGlYawjn1UVXuVW6l5E4IyVJxTiKFlVtRNYZl8tQ5znk0924QIqwbW6jwdQtiGN2Lcpl5XA2IpcOmZJo73hHMXF9Quhx2R_F5eC_k4hAoai9IEwf8PrQLfWOet3sTsnjk1Y7S0rqatSY_Ex-RkJbqvstEL_VvLrBuUXSCuUOFglB-Wehog7Qhny2HMBw1B88LlSJwcWm9vLQERXamyVE_khb88N_ysd5j2d2q7KQXoLEycosm2bXyYRZKVFaHJ8n0QoT4l2zjZ4-su8r6SgyFl7C2bZuN1XjirUMJeb9DMz3cNpDuq8_1x1h_XtEH5ew03r-kvL8SxaH5mGmhT9hsyDWg8N6g0ZE1kWvupYhaJNCf9yFPrx3Ps6_VOVCJFvWOoGKDsreMfwXh32LW09GsV_YPqFhxZAhzWKmL_dnyVxmVOp7mdg_nQHtDPM2h4s80lmQhPgh7vSajI9EZG5JYGNxlxuxnwKibpfD18tFP7-06d1d_LkVw2r5ADXNxmmWfv6psVyRvDQuWEBGpBKxbTirkDpImwdYK2qtR6Mr7CzBqFE2o1b1eop_Bs7JquogYkn0z9-_80WQcxD7O9iEKvpfnSKF7jbTM_VCyxHftPxzppkUWErpu__Ig4adatfD2tAJhpfY2wVBC0ehVFUKAEUwqa63Uu59KONSK-SPVRf9bhBXRBwoPm7oo4ja_8O-W3wtl1ku4tGQkQe0gbJvImvXtgcrXSFlG4u_2wk2ZGl3gEGDbE997QekhJSCQ60nhGq0UwCnry--roNV%26sp%3D0.0048&pr=&bid_crid=&bid_cid=&is_iframe=0&ad_tags=&stratagem=&ssp=0 HTTP/1.1
Host: rtbrennab.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://rtbbnr.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 302 Found
server: nginx/1.18.0
date: Wed, 28 Sep 2022 05:50:59 GMT
content-length: 0
vary: Origin
cache-control: no-transform, no-cache, no-store, must-revalidate
pragma: no-cache
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: *
location: //in16.zog.link/in/tishow/?katds_ep=iVpSLyYA0vGaC9LVs0-WRIj0JaXY9icLMKxfih6Z9qT-hSXFkaSUaioKgFCQb1SYpLvl7FzkcrghlQyKFTQRkFr0i8PLlbHF9s1W8Y-GPJhqXJVs0tkDajKuhd1n6daMmzYDlUTuisQ6AMkZDtbtEwg4zzFF9gE6bJzeGY1E5C-nyJHBROgdv6RLFE5EjIqrP9t1HsX_uELjFa1LkyCOWUzqW54u5eRPLcmnMMQ6tz0pCTXs39D1Vg6JxU6TzLCX4V7TsAr6O43al5vhZqpAflwThuVz1peSR8ojvb9wSaRo89AWmCsGS_8GBqgF0yf7778Icu0Wr5tYWWRjG_FIvjzexl6T3wnXxTwDvULVyEdIQDyV4iA1VdM1BdAaSYmRMJQuO6HImSx0KnkQbe_Tj14jStneAwVrGEuCRvl2_nxLeRIrd2VFBUJxFOEFATdr4MIh5B71jGD7pM-o4E8UA3e42uB9a364iuKUuKaTL5JquTndjuNZIm9xXPijcJCSGRLdCh0SsZIwK4Lxor4o6de9HcZPHesGDL3ftEuj-H8s3a4mIdMLZdtLIOBX7KXzxFOjLnq0inBABstjbVJqGHNSn7U0Ah3nxJc2ffS4SRuzmk-nD2HAMi5QSxZHSNv33o16um--j_TnihiNF8jKITlTujdIVXqEbMeziqslCo4K-agEaD2RWKY6rdij7IOIiteua4OPVEBSuf9oCZ-tOWFuBXA2Q8q2FN77l2bGKRNC_reY142KCdCAcyY1MHD2HruwFLXni21hbspntaST56G--0bpjTRINm7VIMwdAmyhASTjHmDIOGvcJdquDNGzY13TpYhhi4kC4Q9WzuVgHx2B_L6RYVlfbp3QWRmInSW-tqAwyMOBIjXznQ8CDGxT8TmybG_8VN-Lm4yUkYEZJBCEFc08ntfbHNYCDb0kvnwIaH3bjD4iAX_MxbGRTfM_8sKMmsdgd2i_4HIYtpHJBHc9wo3gS62pe7_bcrviK8BRNVpMdZq4zSKo-ZzwdSh-L6TpX4ALv5MEHOwxI23u0X7iBAk3Eo8IHDZpyy0_34BZ_hoSsRmLeoOYbFb_iODJOPIgml7wAj6FgzwfWXwA6S49X03-3jwIQgjpLqDUBNF2bV4caGsWAMXPaedmiT41OxRW4GIfT2ya6-fx4bWA3AMstlZus_SZ1pLOjF3b-r4o2Vm1LwtfhtMzHLKbDbuXAaBpYM913yhJRCyWIHB50WDYgWcjc1eHborfj0AB6oMUpF0xKqVOpIzwIzTt-c329nP9hGlYawjn1UVXuVW6l5E4IyVJxTiKFlVtRNYZl8tQ5znk0924QIqwbW6jwdQtiGN2Lcpl5XA2IpcOmZJo73hHMXF9Quhx2R_F5eC_k4hAoai9IEwf8PrQLfWOet3sTsnjk1Y7S0rqatSY_Ex-RkJbqvstEL_VvLrBuUXSCuUOFglB-Wehog7Qhny2HMBw1B88LlSJwcWm9vLQERXamyVE_khb88N_ysd5j2d2q7KQXoLEycosm2bXyYRZKVFaHJ8n0QoT4l2zjZ4-su8r6SgyFl7C2bZuN1XjirUMJeb9DMz3cNpDuq8_1x1h_XtEH5ew03r-kvL8SxaH5mGmhT9hsyDWg8N6g0ZE1kWvupYhaJNCf9yFPrx3Ps6_VOVCJFvWOoGKDsreMfwXh32LW09GsV_YPqFhxZAhzWKmL_dnyVxmVOp7mdg_nQHtDPM2h4s80lmQhPgh7vSajI9EZG5JYGNxlxuxnwKibpfD18tFP7-06d1d_LkVw2r5ADXNxmmWfv6psVyRvDQuWEBGpBKxbTirkDpImwdYK2qtR6Mr7CzBqFE2o1b1eop_Bs7JquogYkn0z9-_80WQcxD7O9iEKvpfnSKF7jbTM_VCyxHftPxzppkUWErpu__Ig4adatfD2tAJhpfY2wVBC0ehVFUKAEUwqa63Uu59KONSK-SPVRf9bhBXRBwoPm7oo4ja_8O-W3wtl1ku4tGQkQe0gbJvImvXtgcrXSFlG4u_2wk2ZGl3gEGDbE997QekhJSCQ60nhGq0UwCnry--roNV&sp=0.0048
X-Firefox-Spdy: h2
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash c27e33a6bfe07d0550a20ba4224ba664
6b56b50e615f2a66a576c6c1c755f922aba66ad3
309254aa70b39b34c952e5c9765084bd9336935ffa1e1e565fe7027f963a7b51
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "309254AA70B39B34C952E5C9765084BD9336935FFA1E1E565FE7027F963A7B51"
Last-Modified: Mon, 26 Sep 2022 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10756
Expires: Wed, 28 Sep 2022 08:50:15 GMT
Date: Wed, 28 Sep 2022 05:50:59 GMT
Connection: keep-alive
ocsp.sectigo.com/
200 OK 471 B IP
Hash 3356dc06f6b32344742c535d3223c902
c333a0f12bd5c8e24125e52e92c0e1d9b91ef95c
1ce67b4ccefb7e5f3d729c9fa71b5e147cf0c052f505b9bef7aa3b564a1b4d19
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Wed, 28 Sep 2022 05:50:59 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Sun, 25 Sep 2022 14:40:10 GMT
Expires: Sun, 02 Oct 2022 14:40:09 GMT
Etag: "c333a0f12bd5c8e24125e52e92c0e1d9b91ef95c"
Cache-Control: max-age=376749,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb2
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 751a34678971b4f3-OSL
in16.zog.link/in/tishow/?katds_ep=iVpSLyYA0vGaC9LVs0-WRIj0JaXY9icLMKxfih6Z9qT-hSXFkaSUaioKgFCQb1SYpLvl7FzkcrghlQyKFTQRkFr0i8PLlbHF9s1W8Y-GPJhqXJVs0tkDajKuhd1n6daMmzYDlUTuisQ6AMkZDtbtEwg4zzFF9gE6bJzeGY1E5C-nyJHBROgdv6RLFE5EjIqrP9t1HsX_uELjFa1LkyCOWUzqW54u5eRPLcmnMMQ6tz0pCTXs39D1Vg6JxU6TzLCX4V7TsAr6O43al5vhZqpAflwThuVz1peSR8ojvb9wSaRo89AWmCsGS_8GBqgF0yf7778Icu0Wr5tYWWRjG_FIvjzexl6T3wnXxTwDvULVyEdIQDyV4iA1VdM1BdAaSYmRMJQuO6HImSx0KnkQbe_Tj14jStneAwVrGEuCRvl2_nxLeRIrd2VFBUJxFOEFATdr4MIh5B71jGD7pM-o4E8UA3e42uB9a364iuKUuKaTL5JquTndjuNZIm9xXPijcJCSGRLdCh0SsZIwK4Lxor4o6de9HcZPHesGDL3ftEuj-H8s3a4mIdMLZdtLIOBX7KXzxFOjLnq0inBABstjbVJqGHNSn7U0Ah3nxJc2ffS4SRuzmk-nD2HAMi5QSxZHSNv33o16um--j_TnihiNF8jKITlTujdIVXqEbMeziqslCo4K-agEaD2RWKY6rdij7IOIiteua4OPVEBSuf9oCZ-tOWFuBXA2Q8q2FN77l2bGKRNC_reY142KCdCAcyY1MHD2HruwFLXni21hbspntaST56G--0bpjTRINm7VIMwdAmyhASTjHmDIOGvcJdquDNGzY13TpYhhi4kC4Q9WzuVgHx2B_L6RYVlfbp3QWRmInSW-tqAwyMOBIjXznQ8CDGxT8TmybG_8VN-Lm4yUkYEZJBCEFc08ntfbHNYCDb0kvnwIaH3bjD4iAX_MxbGRTfM_8sKMmsdgd2i_4HIYtpHJBHc9wo3gS62pe7_bcrviK8BRNVpMdZq4zSKo-ZzwdSh-L6TpX4ALv5MEHOwxI23u0X7iBAk3Eo8IHDZpyy0_34BZ_hoSsRmLeoOYbFb_iODJOPIgml7wAj6FgzwfWXwA6S49X03-3jwIQgjpLqDUBNF2bV4caGsWAMXPaedmiT41OxRW4GIfT2ya6-fx4bWA3AMstlZus_SZ1pLOjF3b-r4o2Vm1LwtfhtMzHLKbDbuXAaBpYM913yhJRCyWIHB50WDYgWcjc1eHborfj0AB6oMUpF0xKqVOpIzwIzTt-c329nP9hGlYawjn1UVXuVW6l5E4IyVJxTiKFlVtRNYZl8tQ5znk0924QIqwbW6jwdQtiGN2Lcpl5XA2IpcOmZJo73hHMXF9Quhx2R_F5eC_k4hAoai9IEwf8PrQLfWOet3sTsnjk1Y7S0rqatSY_Ex-RkJbqvstEL_VvLrBuUXSCuUOFglB-Wehog7Qhny2HMBw1B88LlSJwcWm9vLQERXamyVE_khb88N_ysd5j2d2q7KQXoLEycosm2bXyYRZKVFaHJ8n0QoT4l2zjZ4-su8r6SgyFl7C2bZuN1XjirUMJeb9DMz3cNpDuq8_1x1h_XtEH5ew03r-kvL8SxaH5mGmhT9hsyDWg8N6g0ZE1kWvupYhaJNCf9yFPrx3Ps6_VOVCJFvWOoGKDsreMfwXh32LW09GsV_YPqFhxZAhzWKmL_dnyVxmVOp7mdg_nQHtDPM2h4s80lmQhPgh7vSajI9EZG5JYGNxlxuxnwKibpfD18tFP7-06d1d_LkVw2r5ADXNxmmWfv6psVyRvDQuWEBGpBKxbTirkDpImwdYK2qtR6Mr7CzBqFE2o1b1eop_Bs7JquogYkn0z9-_80WQcxD7O9iEKvpfnSKF7jbTM_VCyxHftPxzppkUWErpu__Ig4adatfD2tAJhpfY2wVBC0ehVFUKAEUwqa63Uu59KONSK-SPVRf9bhBXRBwoPm7oo4ja_8O-W3wtl1ku4tGQkQe0gbJvImvXtgcrXSFlG4u_2wk2ZGl3gEGDbE997QekhJSCQ60nhGq0UwCnry--roNV&sp=0.0048
302 Found 0 B URL HTTP/2 in16.zog.link/in/tishow/?katds_ep=iVpSLyYA0vGaC9LVs0-WRIj0JaXY9icLMKxfih6Z9qT-hSXFkaSUaioKgFCQb1SYpLvl7FzkcrghlQyKFTQRkFr0i8PLlbHF9s1W8Y-GPJhqXJVs0tkDajKuhd1n6daMmzYDlUTuisQ6AMkZDtbtEwg4zzFF9gE6bJzeGY1E5C-nyJHBROgdv6RLFE5EjIqrP9t1HsX_uELjFa1LkyCOWUzqW54u5eRPLcmnMMQ6tz0pCTXs39D1Vg6JxU6TzLCX4V7TsAr6O43al5vhZqpAflwThuVz1peSR8ojvb9wSaRo89AWmCsGS_8GBqgF0yf7778Icu0Wr5tYWWRjG_FIvjzexl6T3wnXxTwDvULVyEdIQDyV4iA1VdM1BdAaSYmRMJQuO6HImSx0KnkQbe_Tj14jStneAwVrGEuCRvl2_nxLeRIrd2VFBUJxFOEFATdr4MIh5B71jGD7pM-o4E8UA3e42uB9a364iuKUuKaTL5JquTndjuNZIm9xXPijcJCSGRLdCh0SsZIwK4Lxor4o6de9HcZPHesGDL3ftEuj-H8s3a4mIdMLZdtLIOBX7KXzxFOjLnq0inBABstjbVJqGHNSn7U0Ah3nxJc2ffS4SRuzmk-nD2HAMi5QSxZHSNv33o16um--j_TnihiNF8jKITlTujdIVXqEbMeziqslCo4K-agEaD2RWKY6rdij7IOIiteua4OPVEBSuf9oCZ-tOWFuBXA2Q8q2FN77l2bGKRNC_reY142KCdCAcyY1MHD2HruwFLXni21hbspntaST56G--0bpjTRINm7VIMwdAmyhASTjHmDIOGvcJdquDNGzY13TpYhhi4kC4Q9WzuVgHx2B_L6RYVlfbp3QWRmInSW-tqAwyMOBIjXznQ8CDGxT8TmybG_8VN-Lm4yUkYEZJBCEFc08ntfbHNYCDb0kvnwIaH3bjD4iAX_MxbGRTfM_8sKMmsdgd2i_4HIYtpHJBHc9wo3gS62pe7_bcrviK8BRNVpMdZq4zSKo-ZzwdSh-L6TpX4ALv5MEHOwxI23u0X7iBAk3Eo8IHDZpyy0_34BZ_hoSsRmLeoOYbFb_iODJOPIgml7wAj6FgzwfWXwA6S49X03-3jwIQgjpLqDUBNF2bV4caGsWAMXPaedmiT41OxRW4GIfT2ya6-fx4bWA3AMstlZus_SZ1pLOjF3b-r4o2Vm1LwtfhtMzHLKbDbuXAaBpYM913yhJRCyWIHB50WDYgWcjc1eHborfj0AB6oMUpF0xKqVOpIzwIzTt-c329nP9hGlYawjn1UVXuVW6l5E4IyVJxTiKFlVtRNYZl8tQ5znk0924QIqwbW6jwdQtiGN2Lcpl5XA2IpcOmZJo73hHMXF9Quhx2R_F5eC_k4hAoai9IEwf8PrQLfWOet3sTsnjk1Y7S0rqatSY_Ex-RkJbqvstEL_VvLrBuUXSCuUOFglB-Wehog7Qhny2HMBw1B88LlSJwcWm9vLQERXamyVE_khb88N_ysd5j2d2q7KQXoLEycosm2bXyYRZKVFaHJ8n0QoT4l2zjZ4-su8r6SgyFl7C2bZuN1XjirUMJeb9DMz3cNpDuq8_1x1h_XtEH5ew03r-kvL8SxaH5mGmhT9hsyDWg8N6g0ZE1kWvupYhaJNCf9yFPrx3Ps6_VOVCJFvWOoGKDsreMfwXh32LW09GsV_YPqFhxZAhzWKmL_dnyVxmVOp7mdg_nQHtDPM2h4s80lmQhPgh7vSajI9EZG5JYGNxlxuxnwKibpfD18tFP7-06d1d_LkVw2r5ADXNxmmWfv6psVyRvDQuWEBGpBKxbTirkDpImwdYK2qtR6Mr7CzBqFE2o1b1eop_Bs7JquogYkn0z9-_80WQcxD7O9iEKvpfnSKF7jbTM_VCyxHftPxzppkUWErpu__Ig4adatfD2tAJhpfY2wVBC0ehVFUKAEUwqa63Uu59KONSK-SPVRf9bhBXRBwoPm7oo4ja_8O-W3wtl1ku4tGQkQe0gbJvImvXtgcrXSFlG4u_2wk2ZGl3gEGDbE997QekhJSCQ60nhGq0UwCnry--roNV&sp=0.0048
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /in/tishow/?katds_ep=iVpSLyYA0vGaC9LVs0-WRIj0JaXY9icLMKxfih6Z9qT-hSXFkaSUaioKgFCQb1SYpLvl7FzkcrghlQyKFTQRkFr0i8PLlbHF9s1W8Y-GPJhqXJVs0tkDajKuhd1n6daMmzYDlUTuisQ6AMkZDtbtEwg4zzFF9gE6bJzeGY1E5C-nyJHBROgdv6RLFE5EjIqrP9t1HsX_uELjFa1LkyCOWUzqW54u5eRPLcmnMMQ6tz0pCTXs39D1Vg6JxU6TzLCX4V7TsAr6O43al5vhZqpAflwThuVz1peSR8ojvb9wSaRo89AWmCsGS_8GBqgF0yf7778Icu0Wr5tYWWRjG_FIvjzexl6T3wnXxTwDvULVyEdIQDyV4iA1VdM1BdAaSYmRMJQuO6HImSx0KnkQbe_Tj14jStneAwVrGEuCRvl2_nxLeRIrd2VFBUJxFOEFATdr4MIh5B71jGD7pM-o4E8UA3e42uB9a364iuKUuKaTL5JquTndjuNZIm9xXPijcJCSGRLdCh0SsZIwK4Lxor4o6de9HcZPHesGDL3ftEuj-H8s3a4mIdMLZdtLIOBX7KXzxFOjLnq0inBABstjbVJqGHNSn7U0Ah3nxJc2ffS4SRuzmk-nD2HAMi5QSxZHSNv33o16um--j_TnihiNF8jKITlTujdIVXqEbMeziqslCo4K-agEaD2RWKY6rdij7IOIiteua4OPVEBSuf9oCZ-tOWFuBXA2Q8q2FN77l2bGKRNC_reY142KCdCAcyY1MHD2HruwFLXni21hbspntaST56G--0bpjTRINm7VIMwdAmyhASTjHmDIOGvcJdquDNGzY13TpYhhi4kC4Q9WzuVgHx2B_L6RYVlfbp3QWRmInSW-tqAwyMOBIjXznQ8CDGxT8TmybG_8VN-Lm4yUkYEZJBCEFc08ntfbHNYCDb0kvnwIaH3bjD4iAX_MxbGRTfM_8sKMmsdgd2i_4HIYtpHJBHc9wo3gS62pe7_bcrviK8BRNVpMdZq4zSKo-ZzwdSh-L6TpX4ALv5MEHOwxI23u0X7iBAk3Eo8IHDZpyy0_34BZ_hoSsRmLeoOYbFb_iODJOPIgml7wAj6FgzwfWXwA6S49X03-3jwIQgjpLqDUBNF2bV4caGsWAMXPaedmiT41OxRW4GIfT2ya6-fx4bWA3AMstlZus_SZ1pLOjF3b-r4o2Vm1LwtfhtMzHLKbDbuXAaBpYM913yhJRCyWIHB50WDYgWcjc1eHborfj0AB6oMUpF0xKqVOpIzwIzTt-c329nP9hGlYawjn1UVXuVW6l5E4IyVJxTiKFlVtRNYZl8tQ5znk0924QIqwbW6jwdQtiGN2Lcpl5XA2IpcOmZJo73hHMXF9Quhx2R_F5eC_k4hAoai9IEwf8PrQLfWOet3sTsnjk1Y7S0rqatSY_Ex-RkJbqvstEL_VvLrBuUXSCuUOFglB-Wehog7Qhny2HMBw1B88LlSJwcWm9vLQERXamyVE_khb88N_ysd5j2d2q7KQXoLEycosm2bXyYRZKVFaHJ8n0QoT4l2zjZ4-su8r6SgyFl7C2bZuN1XjirUMJeb9DMz3cNpDuq8_1x1h_XtEH5ew03r-kvL8SxaH5mGmhT9hsyDWg8N6g0ZE1kWvupYhaJNCf9yFPrx3Ps6_VOVCJFvWOoGKDsreMfwXh32LW09GsV_YPqFhxZAhzWKmL_dnyVxmVOp7mdg_nQHtDPM2h4s80lmQhPgh7vSajI9EZG5JYGNxlxuxnwKibpfD18tFP7-06d1d_LkVw2r5ADXNxmmWfv6psVyRvDQuWEBGpBKxbTirkDpImwdYK2qtR6Mr7CzBqFE2o1b1eop_Bs7JquogYkn0z9-_80WQcxD7O9iEKvpfnSKF7jbTM_VCyxHftPxzppkUWErpu__Ig4adatfD2tAJhpfY2wVBC0ehVFUKAEUwqa63Uu59KONSK-SPVRf9bhBXRBwoPm7oo4ja_8O-W3wtl1ku4tGQkQe0gbJvImvXtgcrXSFlG4u_2wk2ZGl3gEGDbE997QekhJSCQ60nhGq0UwCnry--roNV&sp=0.0048 HTTP/1.1
Host: in16.zog.link
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://rtbbnr.com/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
server: nginx/1.20.1
date: Wed, 28 Sep 2022 05:50:59 GMT
content-length: 0
location: https://12112336.pix-cdn.org/m/p/0/11/11508/yPndOg0m.html?__OS_FAMILY__={{ __OS_FAMILY__ }}&__OS_TYPE__={{ __OS_TYPE__ }}&__GEOIP_COUNTRY_SHORT__={{ __GEOIP_COUNTRY_SHORT__ }}&__IP2L_MOBILE__={{ __IP2L_MOBILE__ }}&__BROWSER_FAMILY__={{ __BROWSER_FAMILY__ }}&OS_FAMILY=[OS_FAMILY]&OS_TYPE=[OS_TYPE]&COUNTRY_ISO_CODE=[COUNTRY_ISO_CODE]&MOBILE_BRAND=[MOBILE_BRAND]&BROWSER_FAMILY=[BROWSER_FAMILY]&DOMAIN=a.focusde.info&PRICE=0.0050&PRICING_MODEL=[PRICING_MODEL]&CAMPAIGN_ID=6435&CLICK_ID=33cd9372-b63c-4358-9029-ee88b36c5be0&id_zone=[idzone]&site={{ site }}&out_name=37319%7C4317%7Ccpm%7C0.0048%7C%24%200.0050&campaign_id=37319&price=0.0050&bidding_price=0.0048&pricebox_price=0.0200&pricing_model=cpm&click_id=33cd9372-b63c-4358-9029-ee88b36c5be0&priority=[PRIORITY]&ad_sub=173501021&utm1=tcb&utm2=878669509-100&utm3=249-6435-14933&utm4=0-10346131-0
pragma: no-cache
vary: *
cache-control: no-cache, no-store, must-revalidate
set-cookie: 2325.0=1; expires=Thu, 29 Sep 2022 05:50:59 GMT; path=/; secure; SameSite=None
X-Firefox-Spdy: h2
cachew.camsoda.com/assets/img/camsoda-logo-160x50.png
200 OK 4.5 kB URL HTTP/2 cachew.camsoda.com/assets/img/camsoda-logo-160x50.png
IP
File type PNG image data, 160 x 50, 8-bit colormap, non-interlaced\012- data
Hash a26f6cb889250cca822d07ed1fa17020
20b51a9dbe0928016d917e71b809c4f01a13d16f
fb6f54664e2adec6f304d47e544629a3ae46b0fdeb9ac1daab247f817ef2be13
GET /assets/img/camsoda-logo-160x50.png HTTP/1.1
Host: cachew.camsoda.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://promos.camsoda.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 200 OK
date: Wed, 28 Sep 2022 05:51:00 GMT
content-type: image/png
content-length: 4520
last-modified: Mon, 02 May 2022 15:02:15 GMT
etag: "626ff277-11a8"
expires: Sun, 22 May 2022 14:47:25 GMT
access-control-allow-origin: *
cache-control: max-age=1296000, public, no-transform
accept-ranges: bytes
x-cdn-diag: ams5-7619-3-62172-h-0-0---;6141-22-4861----0-0-1
X-Firefox-Spdy: h2
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 1fe78c86fa5316cff5b32b065e79210a
b314893db78f02b4fc7152ddb23a8c540c0be3b4
68381679e3fe402a4d8a71642ee706101e2c2bcd674e45c93022c41e730ca1cd
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "68381679E3FE402A4D8A71642EE706101E2C2BCD674E45C93022C41E730CA1CD"
Last-Modified: Tue, 27 Sep 2022 13:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3628
Expires: Wed, 28 Sep 2022 06:51:28 GMT
Date: Wed, 28 Sep 2022 05:51:00 GMT
Connection: keep-alive
rtbbnr.com/get/?go=1&data=eyJpbXAiOlt7InNlY3VyZSI6MSwiZXh0Ijp7InNwb3QiOjQ1MTEsImlkIjo4NTksImxhYmVscyI6IiIsInNpdGVfaWQiOjQ1MTEsInR5cGUiOiJiYW5uZXIiLCJzcGFjZWlkIjo4NTksInNwb3RfaWQiOjAsImlkem9uZSI6MzgzMDgxOSwiem9uZSI6InRjX3BhYl8zMDB4MjUwIiwiYWRfdGFncyI6IiIsInRpdGxlIjoiIiwic3ViaWQiOiIyMDQ1MjMwNTM3IiwidXRtMSI6InRjYmFuX2kiLCJ1dG0yIjoiNDUxMSIsInV0bTMiOiIxOTc3NSIsInV0bTQiOiIifSwiYmFubmVyIjp7InciOjMwMCwiaCI6MjUwfX1dLCJzaXRlIjp7ImlkIjoiNDUxMSIsInBhZ2UiOiJodHRwczovL2EuZm9jdXNkZS5pbmZvLyJ9LCJkZXZpY2UiOnsidyI6MTI4MCwiaCI6MTAyNH0sInVzZXIiOnsiaWQiOiI3YTc0MWI0ODg5ZTc2M2MxZTQ1Zjc3OTEyNGZkYTVjZSJ9LCJleHQiOnsiZHQiOjE2NjQzNDQyNTY5ODZ9fQ==
200 OK 3.1 kB URL HTTP/2 rtbbnr.com/get/?go=1&data=eyJpbXAiOlt7InNlY3VyZSI6MSwiZXh0Ijp7InNwb3QiOjQ1MTEsImlkIjo4NTksImxhYmVscyI6IiIsInNpdGVfaWQiOjQ1MTEsInR5cGUiOiJiYW5uZXIiLCJzcGFjZWlkIjo4NTksInNwb3RfaWQiOjAsImlkem9uZSI6MzgzMDgxOSwiem9uZSI6InRjX3BhYl8zMDB4MjUwIiwiYWRfdGFncyI6IiIsInRpdGxlIjoiIiwic3ViaWQiOiIyMDQ1MjMwNTM3IiwidXRtMSI6InRjYmFuX2kiLCJ1dG0yIjoiNDUxMSIsInV0bTMiOiIxOTc3NSIsInV0bTQiOiIifSwiYmFubmVyIjp7InciOjMwMCwiaCI6MjUwfX1dLCJzaXRlIjp7ImlkIjoiNDUxMSIsInBhZ2UiOiJodHRwczovL2EuZm9jdXNkZS5pbmZvLyJ9LCJkZXZpY2UiOnsidyI6MTI4MCwiaCI6MTAyNH0sInVzZXIiOnsiaWQiOiI3YTc0MWI0ODg5ZTc2M2MxZTQ1Zjc3OTEyNGZkYTVjZSJ9LCJleHQiOnsiZHQiOjE2NjQzNDQyNTY5ODZ9fQ==
IP
ASN #24940 Hetzner Online GmbH
Hash 8909b5596bff5feccca843d4cc46e7b8
b1c9543c2b4856021e98f8b7391f6ba825380e55
bd0e0ba965dba30c57086b506f28bec098d0d5738ee9306657aeffa26e81b3af
GET /get/?go=1&data=eyJpbXAiOlt7InNlY3VyZSI6MSwiZXh0Ijp7InNwb3QiOjQ1MTEsImlkIjo4NTksImxhYmVscyI6IiIsInNpdGVfaWQiOjQ1MTEsInR5cGUiOiJiYW5uZXIiLCJzcGFjZWlkIjo4NTksInNwb3RfaWQiOjAsImlkem9uZSI6MzgzMDgxOSwiem9uZSI6InRjX3BhYl8zMDB4MjUwIiwiYWRfdGFncyI6IiIsInRpdGxlIjoiIiwic3ViaWQiOiIyMDQ1MjMwNTM3IiwidXRtMSI6InRjYmFuX2kiLCJ1dG0yIjoiNDUxMSIsInV0bTMiOiIxOTc3NSIsInV0bTQiOiIifSwiYmFubmVyIjp7InciOjMwMCwiaCI6MjUwfX1dLCJzaXRlIjp7ImlkIjoiNDUxMSIsInBhZ2UiOiJodHRwczovL2EuZm9jdXNkZS5pbmZvLyJ9LCJkZXZpY2UiOnsidyI6MTI4MCwiaCI6MTAyNH0sInVzZXIiOnsiaWQiOiI3YTc0MWI0ODg5ZTc2M2MxZTQ1Zjc3OTEyNGZkYTVjZSJ9LCJleHQiOnsiZHQiOjE2NjQzNDQyNTY5ODZ9fQ== HTTP/1.1
Host: rtbbnr.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://cdn.tubecorp.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx/1.18.0
date: Wed, 28 Sep 2022 05:50:59 GMT
content-type: text/html
vary: Origin
cache-control: no-transform, no-cache, no-store, must-revalidate
pragma: no-cache
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: *
content-encoding: gzip
X-Firefox-Spdy: h2
poweredby.jads.co/adshow.php?adzone=985600
200 OK 1.5 kB URL HTTP/1.1 poweredby.jads.co/adshow.php?adzone=985600
IP
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with very long lines (409), with CRLF, LF line terminators
Hash 737f057f192541afaf941a1504f82764
0e24546963788d5930499c93d0d9021c24702c7c
cc1e768598eae92e974f4a2fefe44ae912227c22555ea7d1ee3da6d7cd4cc9a7
GET /adshow.php?adzone=985600 HTTP/1.1
Host: poweredby.jads.co
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://media.aso1.net/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Wed, 28 Sep 2022 05:51:00 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: close
X-Powered-By: PHP/5.6.40
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CUR OUR IND STA"
Set-Cookie: surferid=8025b7030692d11972261a75481df254; expires=Thu, 28-Sep-2023 05:50:59 GMT; Max-Age=31536000; path=/; SameSite=None; Secure; domain=.jads.co
imps47386=1; expires=Thu, 29-Sep-2022 05:50:59 GMT; Max-Age=86400; path=/; SameSite=None; Secure; domain=.jads.co
juicy_data_1=YToxOntpOjEzMTk2Nzg7aToxNjY0NjAzNDU5O30%3D; expires=Sat, 01-Oct-2022 05:50:59 GMT; Max-Age=259200; path=/; SameSite=None; Secure; domain=jads.co
juicy_data=YToxOntzOjEyOiJqdWljeV9kYXRhXzEiO3M6MToiMSI7fQ%3D%3D; expires=Sat, 01-Oct-2022 05:50:59 GMT; Max-Age=259200; path=/; SameSite=None; Secure; domain=jads.co
Content-Encoding: gzip
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 24ec9126493f30dad8f29e69399bbc49
3c2bc6e0a2a87b31e0b3d1315540505529146fe9
3fe017ce6fde28d674f133511aafb55ea095ae26e6cbecbfce0f23e4666696dd
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "3FE017CE6FDE28D674F133511AAFB55EA095AE26E6CBECBFCE0F23E4666696DD"
Last-Modified: Mon, 26 Sep 2022 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3113
Expires: Wed, 28 Sep 2022 06:42:53 GMT
Date: Wed, 28 Sep 2022 05:51:00 GMT
Connection: keep-alive
roomimg.stream.highwebmedia.com/riw/kaileeshy.jpg?1664344260
200 OK 12 kB URL HTTP/2 roomimg.stream.highwebmedia.com/riw/kaileeshy.jpg?1664344260
IP
File type JPEG image data, JFIF standard 1.02, aspect ratio, density 548x549, segment length 16, progressive, precision 8, 480x270, components 3\012- data
Hash a0080e9250c7274753480f4a645c5d28
0cc9af11d39790cb1ab2cbde928d393d0a847796
1b4202cbf57962f1e0a0bb26061ba9a969e1d92ecfe6f31e10e450fee2740b54
GET /riw/kaileeshy.jpg?1664344260 HTTP/1.1
Host: roomimg.stream.highwebmedia.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://chaturbate.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Wed, 28 Sep 2022 05:51:00 GMT
content-type: image/jpeg
content-length: 12071
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
cache-control: public, max-age=30
cf-bgj: imgq:100,h2pri
cf-polished: origSize=12098
content-security-policy: default-src 'none'; img-src data:; style-src 'unsafe-inline'
referrer-policy: strict-origin-when-cross-origin
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
x-frame-options: DENY
x-xss-protection: 1; mode=block
cf-cache-status: HIT
age: 15
last-modified: Wed, 28 Sep 2022 05:50:45 GMT
expires: Wed, 28 Sep 2022 05:51:30 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=73Co1XLwxcUYLnijVcOgelr3k%2BAE6dyWlEMW0M1rpr8L55OF19en0CHAvn%2FfU5%2BCc0dKIAjhtT66SscGleY%2BIm3AAQo05KbJpYL73VIFzvGqatBEZJSmSvVQFqiCg82EiGLGYsGvP3kjpIuBNFM7kNg%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
set-cookie: _cfuvid=kXs_XlsKrsTQ2.IV836bLhTFr5S80l2xUOMphpiEoDo-1664344260160-0-604800000; path=/; domain=.highwebmedia.com; HttpOnly; Secure; SameSite=None
server: cloudflare
cf-ray: 751a3469fcad0afa-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
poweredby.jads.co/adshow.php?adzone=969388
200 OK 1.7 kB URL HTTP/1.1 poweredby.jads.co/adshow.php?adzone=969388
IP
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (1332), with CRLF, LF line terminators
Hash 49606d8b8c096f520b7ab88aee0a5963
0b9b79de60ec89aebd9d41ea81a7cae9d1081ea1
5e71a9d3e48973c364cc2f4d5304b8670c0ad24f5571b91e0df4c40858783cac
GET /adshow.php?adzone=969388 HTTP/1.1
Host: poweredby.jads.co
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://media.aso1.net/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Wed, 28 Sep 2022 05:51:00 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: close
X-Powered-By: PHP/5.6.40
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CUR OUR IND STA"
Set-Cookie: surferid=8025b7030692d11972261a75481df254; expires=Thu, 28-Sep-2023 05:50:59 GMT; Max-Age=31536000; path=/; SameSite=None; Secure; domain=.jads.co
imps61=1; expires=Thu, 29-Sep-2022 05:50:59 GMT; Max-Age=86400; path=/; SameSite=None; Secure; domain=.jads.co
juicy_data_1=YToxOntpOjExOTY5NDI7aToxNjY0NjAzNDU5O30%3D; expires=Sat, 01-Oct-2022 05:50:59 GMT; Max-Age=259200; path=/; SameSite=None; Secure; domain=jads.co
juicy_data=YToxOntzOjEyOiJqdWljeV9kYXRhXzEiO3M6MToiMSI7fQ%3D%3D; expires=Sat, 01-Oct-2022 05:50:59 GMT; Max-Age=259200; path=/; SameSite=None; Secure; domain=jads.co
Content-Encoding: gzip
secure.vs3.com/_special/banners/LiveWebCams.php?cta=gtr&style=450x250-categories-0001&mp_code=dc16m&service=girls&language=en&use_promo=0&model_id=&bgcolor=FFFFFF&txtcolor=000000&linkcolor=000000&num_models=50&sitekey=whitelabel&whitelabel_domain=chatwithwebcams.com&target=_blank&btncolor=000099&btntxtcolor=FFFFFF&accentcolor=FFFF66
200 OK 2.6 kB URL HTTP/2 secure.vs3.com/_special/banners/LiveWebCams.php?cta=gtr&style=450x250-categories-0001&mp_code=dc16m&service=girls&language=en&use_promo=0&model_id=&bgcolor=FFFFFF&txtcolor=000000&linkcolor=000000&num_models=50&sitekey=whitelabel&whitelabel_domain=chatwithwebcams.com&target=_blank&btncolor=000099&btntxtcolor=FFFFFF&accentcolor=FFFF66
IP
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (867), with CRLF, CR, LF line terminators
Hash 83bd795c2d1974e126fa4e924c0fc70c
7bc850ed66a6fa2c0395cafd5adc03e47aa2eba7
7331e47656f298f98f402047af22627b9de78fe8e6aeb3f7d49e158595fbe51a
GET /_special/banners/LiveWebCams.php?cta=gtr&style=450x250-categories-0001&mp_code=dc16m&service=girls&language=en&use_promo=0&model_id=&bgcolor=FFFFFF&txtcolor=000000&linkcolor=000000&num_models=50&sitekey=whitelabel&whitelabel_domain=chatwithwebcams.com&target=_blank&btncolor=000099&btntxtcolor=FFFFFF&accentcolor=FFFF66 HTTP/1.1
Host: secure.vs3.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://nnteens.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Wed, 28 Sep 2022 05:51:00 GMT
cache-control: no-store, no-cache, must-revalidate, max-age=0, max-age=2592000, post-check=0, pre-check=0
pragma: no-cache
content-encoding: gzip
vary: Accept-Encoding
expires: Fri, 28 Oct 2022 05:51:00 GMT
access-control-allow-origin: *
content-length: 2636
content-type: text/html; charset=utf-8
strict-transport-security: max-age=31536000; preload;
X-Firefox-Spdy: h2
camschat.net/900250/adnium.php
200 OK 3.5 kB URL HTTP/2 camschat.net/900250/adnium.php
IP
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (1149)
Hash 0eafbb64b50d642a4441dc13799c0818
d8339f83c161d589a4c2bc637958c3ea161d5ef2
581d56a833b49e7b0c61da06dfd4fe1f5107b1db37e1896e0694e80b4a50a04d
GET /900250/adnium.php HTTP/1.1
Host: camschat.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://a.medfoodsafety.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Wed, 28 Sep 2022 05:50:59 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
x-powered-by: PHP/7.4.3
content-encoding: gzip
X-Firefox-Spdy: h2
i.jads.co/network/user81419/47386-1642692260-0719830001642692260.gif
200 OK 92 kB URL HTTP/2 i.jads.co/network/user81419/47386-1642692260-0719830001642692260.gif
IP
File type GIF image data, version 89a, 300 x 250\012- data
Hash efce1909a426b6848e64f728ff234d1f
44b701160776dd5d73fdc33abdb725e567806c48
443431deee747fc76f1cde9f5d23eba8f9284dbbd6aae342f7367386bd606da8
GET /network/user81419/47386-1642692260-0719830001642692260.gif HTTP/1.1
Host: i.jads.co
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://poweredby.jads.co/
Cookie: surferid=8025b7030692d11972261a75481df254; imps47386=1; juicy_data_1=YToxOntpOjEzMTk2Nzg7aToxNjY0NjAzNDU5O30%3D; juicy_data=YToxOntzOjEyOiJqdWljeV9kYXRhXzEiO3M6MToiMSI7fQ%3D%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
HTTP/2 200 OK
date: Wed, 28 Sep 2022 05:51:00 GMT
etag: "1642692260"
cache-control: max-age=12417633
content-length: 91468
content-type: image/gif
last-modified: Thu, 20 Jan 2022 15:24:20 GMT
accept-ranges: bytes
x-hw: 1664344260.dop010.sk1.t,1664344260.cds246.sk1.hn,1664344260.cds228.sk1.c
X-Firefox-Spdy: h2
awecre.com/embed/lf?c=object_container&site=wl3&cobrandId=240622&psid=cybermike&pstool=202_1&psprogram=cbrnd&campaign_id=118122&category=girl&forcedPerformers[]=&vp[showChat]=false&vp[chatAutoHide]=false&vp[showCallToAction]=false&vp[showPerformerName]=false&vp[showPerformerStatus]=false&filters=&ms_notrack=1&subAffId={SUBAFFID}
200 OK 123 kB URL HTTP/2 awecre.com/embed/lf?c=object_container&site=wl3&cobrandId=240622&psid=cybermike&pstool=202_1&psprogram=cbrnd&campaign_id=118122&category=girl&forcedPerformers[]=&vp[showChat]=false&vp[chatAutoHide]=false&vp[showCallToAction]=false&vp[showPerformerName]=false&vp[showPerformerStatus]=false&filters=&ms_notrack=1&subAffId={SUBAFFID}
IP
ASN #34655 DuoDecad IT Services Luxembourg S.a r.l.
Size 123 kB (122633 bytes)
Hash 8731ccbd779500863a4f42ba3d1c17ed
bdda941f573d17fc877a6348628c22f583d14d29
85e09ae71c1742ef9d617c0a5f3241e546a988693bc4bddb169cacf63ee81183
GET /embed/lf?c=object_container&site=wl3&cobrandId=240622&psid=cybermike&pstool=202_1&psprogram=cbrnd&campaign_id=118122&category=girl&forcedPerformers[]=&vp[showChat]=false&vp[chatAutoHide]=false&vp[showCallToAction]=false&vp[showPerformerName]=false&vp[showPerformerStatus]=false&filters=&ms_notrack=1&subAffId={SUBAFFID} HTTP/1.1
Host: awecre.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://camschat.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript
cache-control: no-cache
date: Wed, 28 Sep 2022 05:50:59 GMT
server: unknown
set-cookie: psui=c11170dca089cc3d7eb6d01a7f1a1068; Path=/; Expires=Fri, 28-Oct-22 05:50:59 GMT; SameSite=None; Secure
X-Firefox-Spdy: h2
i.jads.co/1x1.gif
200 OK 43 B IP
File type GIF image data, version 89a, 1 x 1\012- data
Hash 9bb191c6827273aa978cab39a3587950
25d8043336eb799e52b1a0e15ff6b95e09c24e35
24e480e4659fbae818853a38f8a3036f529f539024dc3e772c0b594ce02ea9db
GET /1x1.gif HTTP/1.1
Host: i.jads.co
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://poweredby.jads.co/
Cookie: surferid=8025b7030692d11972261a75481df254; imps47386=1; juicy_data_1=YToxOntpOjExOTY5NDI7aToxNjY0NjAzNDU5O30%3D; juicy_data=YToxOntzOjEyOiJqdWljeV9kYXRhXzEiO3M6MToiMSI7fQ%3D%3D; imps61=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 200 OK
date: Wed, 28 Sep 2022 05:51:00 GMT
etag: "1457030838"
cache-control: max-age=22881006
content-length: 43
content-type: image/gif
last-modified: Thu, 03 Mar 2016 18:47:18 GMT
accept-ranges: bytes
x-hw: 1664344260.dop010.sk1.t,1664344260.cds246.sk1.hn,1664344260.cds217.sk1.c
X-Firefox-Spdy: h2
as.sexad.net/as/if?p=reseller&w=1&h=1&v=5104&noplaybtn=1&adHeight=175&adWidth=235&adType=live&autoplay=true&hn=fap247.com&AFNO=1-286
200 5.3 kB URL HTTP/1.1 as.sexad.net/as/if?p=reseller&w=1&h=1&v=5104&noplaybtn=1&adHeight=175&adWidth=235&adType=live&autoplay=true&hn=fap247.com&AFNO=1-286
IP
Hash 44ae50b900a5e7549985e31501780a06
a790d6ccba9eba7a8b12eeb2bdf5cc2c51b29afd
31c33b33b08ca852b2c96583242b52e8d17f95a3f82d4770e55e217f9b282239
GET /as/if?p=reseller&w=1&h=1&v=5104&noplaybtn=1&adHeight=175&adWidth=235&adType=live&autoplay=true&hn=fap247.com&AFNO=1-286 HTTP/1.1
Host: as.sexad.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://camschat.net/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 200
Server: nginx/1.18.0
Date: Wed, 28 Sep 2022 05:51:00 GMT
Content-Type: text/html;charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: no-store
Access-Control-Allow-Origin: *
Set-Cookie: at11664344260937_0_5104_5671=0001000; expires=Fri, 28-Oct-2022 05:51:00 GMT; Max-Age=2592000; path=/as; secure; SameSite=None
iid=3806-1664344260; expires=Sat, 25-Sep-2032 05:51:00 GMT; Max-Age=315360000; path=/; secure; SameSite=None
P3P: policyref="/w3c/p3p.xml", CP="This is not our comprehensive privacy policy (P3P). For complete information, please see http://streamate.com/privacy.html"
Content-Encoding: gzip
static-assets.highwebmedia.com/CACHE/css/output.5c1e955e3832.css
200 OK 12 kB URL HTTP/2 static-assets.highwebmedia.com/CACHE/css/output.5c1e955e3832.css
IP
File type ASCII text, with very long lines (52985), with no line terminators
Hash 63dce2137595801737e61b964d7fe75d
9836333ca2a9de90b3548136d396c7c187d25255
d21b7b9299085745d2bb0c72147e6d6912701734067c9897603a91d0e73b4363
GET /CACHE/css/output.5c1e955e3832.css HTTP/1.1
Host: static-assets.highwebmedia.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://chaturbate.com/
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Wed, 28 Sep 2022 05:51:00 GMT
content-type: text/css
cache-control: public, max-age=2592000
cf-bgj: minify
cf-polished: origSize=63849
etag: W/"03c072147fa475d9bd57bcc9b73d3260"
last-modified: Thu, 22 Sep 2022 16:22:00 GMT
x-amz-id-2: src6WemkBrmxeGDZVP+4ipre01PPVsPb7jxfzfVQ0ssDy7l2IzQ439zT3Wf7YWS5u4ixFo+mPb4=
x-amz-meta-s3cmd-attrs: md5:03c072147fa475d9bd57bcc9b73d3260
x-amz-request-id: 12Q62S61BDK4RBY8
cf-cache-status: HIT
age: 480360
expires: Fri, 28 Oct 2022 05:51:00 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=CBtLxilOX4WTNcNGSyhMl1llpIIBb7N05nO3LHT6rq%2Fvn6L1%2BYV6U%2BBZR%2BD4AmWyA%2FBNCLQXjlTKeCW4O7JJPFnm5o5O4MrzTKhEmTjBTMvrOBI5wP8U4Y%2Bl8uuWFkPZICNP7UjRHYa%2F1ZKMjUab2Q%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
set-cookie: _cfuvid=bjx0EnmHgoIzjt4ZEmQTKSYa8JJVixaqJ7wSg5ieITU-1664344260145-0-604800000; path=/; domain=.highwebmedia.com; HttpOnly; Secure; SameSite=None
server: cloudflare
cf-ray: 751a3469dc66b505-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash e72c84829a3afd77e87f0c2d8542e9ec
13f0311ff3ab4a84b8ef635db64ce79e745681b9
b04417c1d4801389cc81d3e91d02c657aadf16171dc9e09b7b74c06d2ebf9945
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "B04417C1D4801389CC81D3E91D02C657AADF16171DC9E09B7B74C06D2EBF9945"
Last-Modified: Mon, 26 Sep 2022 22:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6447
Expires: Wed, 28 Sep 2022 07:38:27 GMT
Date: Wed, 28 Sep 2022 05:51:00 GMT
Connection: keep-alive
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash e72c84829a3afd77e87f0c2d8542e9ec
13f0311ff3ab4a84b8ef635db64ce79e745681b9
b04417c1d4801389cc81d3e91d02c657aadf16171dc9e09b7b74c06d2ebf9945
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "B04417C1D4801389CC81D3E91D02C657AADF16171DC9E09B7B74C06D2EBF9945"
Last-Modified: Mon, 26 Sep 2022 22:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6447
Expires: Wed, 28 Sep 2022 07:38:27 GMT
Date: Wed, 28 Sep 2022 05:51:00 GMT
Connection: keep-alive
camschat.net/900250/cuntempire.webp
200 OK 140 kB URL HTTP/2 camschat.net/900250/cuntempire.webp
IP
File type RIFF (little-endian) data, Web/P image\012- data
Size 140 kB (140194 bytes)
Hash c1c6645c102f386f353ce1345707e238
d823cbcfe8028f8748b4e853ef8ad78ecb9019a4
0651eac705432bf92424f8374ebcbfc82186659d3cc73c2c63fafc8a24be0e3b
GET /900250/cuntempire.webp HTTP/1.1
Host: camschat.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://camschat.net/900250/game.php
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 28 Sep 2022 05:50:59 GMT
content-type: image/webp
last-modified: Mon, 12 Apr 2021 15:04:52 GMT
vary: Accept-Encoding
etag: W/"60746194-1dc40"
content-encoding: gzip
X-Firefox-Spdy: h2
nnteens.com/adnium900x250soda.php?id=4776911
200 OK 402 B URL HTTP/2 nnteens.com/adnium900x250soda.php?id=4776911
IP
Hash 8010a87ed10213ac9fee30653fc56f05
0774b113b72bd526199fc93571688a3a33510251
f5a3ca4bf74bc1f9b4070cd6eeb8dee1df7bc02dd77a88d6f260fd1a70acaa9a
GET /adnium900x250soda.php?id=4776911 HTTP/1.1
Host: nnteens.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://a.medfoodsafety.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Wed, 28 Sep 2022 05:50:59 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
x-powered-by: PHP/7.4.3
content-encoding: gzip
X-Firefox-Spdy: h2
xvt.vscdns.com/assets/min/js/XVHoverAutoplay_2020_04_29_01.js
200 OK 1.6 kB URL HTTP/2 xvt.vscdns.com/assets/min/js/XVHoverAutoplay_2020_04_29_01.js
IP
File type ASCII text, with very long lines (1636)
Hash 05c7b3bce5164394e2484252b1562da3
9034e5055de0bba6127cd140cc8122395abc2a01
693db4fcf7e148b11f8f0aaa7790e0ae58827bf351b52069169496ef4cea9aa9
GET /assets/min/js/XVHoverAutoplay_2020_04_29_01.js HTTP/1.1
Host: xvt.vscdns.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://secure.vs3.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Wed, 28 Sep 2022 05:51:00 GMT
etag: "1588176588"
cache-control: max-age=60
content-encoding: gzip
content-length: 1641
content-type: application/javascript
last-modified: Wed, 29 Apr 2020 16:09:48 GMT
accept-ranges: bytes
x-hw: 1664344260.dop225.sk1.t,1664344260.cds212.sk1.hn,1664344260.cds237.sk1.c
access-control-allow-origin: *
X-Firefox-Spdy: h2
static-assets.highwebmedia.com/CACHE/js/output.6f6724a00cb8.js
200 OK 70 kB URL HTTP/2 static-assets.highwebmedia.com/CACHE/js/output.6f6724a00cb8.js
IP
File type ASCII text, with very long lines (316), with no line terminators
Hash d9ade6fc0968c089f3ad97e6c104d0a8
fa8fb7295baf348d53fe8c710137608f81632636
6d04834122a2ec3b41e22b89ad8caa3a0d2fd894b1939f44760febd924c4c32d
GET /CACHE/js/output.6f6724a00cb8.js HTTP/1.1
Host: static-assets.highwebmedia.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://chaturbate.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Wed, 28 Sep 2022 05:51:00 GMT
content-type: application/javascript
cache-control: public, max-age=2592000
cf-bgj: minify
etag: W/"a708027bfbbde438a72a93082d4bc4b5"
last-modified: Thu, 24 Jun 2021 21:24:05 GMT
x-amz-id-2: JSy2VAlm3gAahvlCm5/iqNOQuasckcIrq13CGup8iDmNjJ/I2mSXsAw6q4OzSeK3RH88h3oFZ3U=
x-amz-meta-s3cmd-attrs: md5:a708027bfbbde438a72a93082d4bc4b5
x-amz-request-id: 2D5V5B3Y2TWH6PZC
cf-cache-status: HIT
age: 894219
expires: Fri, 28 Oct 2022 05:51:00 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=aRX%2FEZ6SMoYyWwooRKNDxAwEjLJ%2BGaEn8APNvxkFPre%2Bw9xgfEA8FMo4X%2FpTHwsgtI7bNk0hpFndsD2nDYp0wr%2FvDKlVodTtI%2BflEe8rzNDz9ehC44ehQwTdJ%2FAHIHD0AOlmFVo5NGr1X2hI2Bu%2BEg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
set-cookie: _cfuvid=Muyqt9dwv2jK5gpyHlJlZ6OzZApBnE099PLJudZznRc-1664344260158-0-604800000; path=/; domain=.highwebmedia.com; HttpOnly; Secure; SameSite=None
server: cloudflare
cf-ray: 751a3469fc82b505-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
camschat.net/900250/awe900250.php
200 OK 3.8 kB URL HTTP/2 camschat.net/900250/awe900250.php
IP
File type HTML document, ASCII text, with very long lines (439)
Hash ca92ba59d901ae6927bb414eb17f8343
9a2bff69d52669374b0954151ec0f1e39b5d52f3
932d8547b83778e84acae155d8127a258724a73f585dc896a3d94b661ecdaf28
GET /900250/awe900250.php HTTP/1.1
Host: camschat.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://camschat.net/900250/adnium.php
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 28 Sep 2022 05:50:59 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
x-powered-by: PHP/7.4.3
content-encoding: gzip
X-Firefox-Spdy: h2
xvt.vscdns.com/assets/js/utils/ajax.js
200 OK 2.3 kB URL HTTP/2 xvt.vscdns.com/assets/js/utils/ajax.js
IP
Hash 88204c0d3765c7b0eda262d148b7d703
58fcc028b41fe00f7acabf3d0471585eb94e1f5d
b21e9b97709c1496852365c3de23a3bd0df2b1a4367fe6d4b4b66a8bfa6994b4
GET /assets/js/utils/ajax.js HTTP/1.1
Host: xvt.vscdns.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://secure.vs3.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Wed, 28 Sep 2022 05:51:00 GMT
etag: "1592603159"
cache-control: max-age=60
content-encoding: gzip
content-length: 2290
content-type: application/javascript
last-modified: Fri, 19 Jun 2020 21:45:59 GMT
accept-ranges: bytes
x-hw: 1664344260.dop225.sk1.t,1664344260.cds212.sk1.hn,1664344260.cds229.sk1.c
access-control-allow-origin: *
X-Firefox-Spdy: h2
xvt.vscdns.com/assets/js/utils/promise-polyfill.js
200 OK 1.1 kB URL HTTP/2 xvt.vscdns.com/assets/js/utils/promise-polyfill.js
IP
File type ASCII text, with very long lines (3065), with no line terminators
Hash ab4acc8f38cda8f6fe82cdf1b04af0da
06b0a68ed44fbc0494d8e47c2f17e027afd20a3e
1b94506542cc62c485d70fde21e6d79135584881afb5382ea82b49300d68da76
GET /assets/js/utils/promise-polyfill.js HTTP/1.1
Host: xvt.vscdns.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://secure.vs3.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Wed, 28 Sep 2022 05:51:00 GMT
etag: "1523652866"
cache-control: max-age=60
content-encoding: gzip
content-length: 1146
content-type: application/javascript
last-modified: Fri, 13 Apr 2018 20:54:26 GMT
accept-ranges: bytes
x-hw: 1664344260.dop225.sk1.t,1664344260.cds212.sk1.hn,1664344260.cds024.sk1.c
access-control-allow-origin: *
X-Firefox-Spdy: h2
m.sancdn.net/jquery-plugins/modernizr-2.6.2-respond-1.1.0.min.js
200 OK 20 kB URL HTTP/1.1 m.sancdn.net/jquery-plugins/modernizr-2.6.2-respond-1.1.0.min.js
IP
File type HTML document, ASCII text, with very long lines (14756)
Hash 70d492eca4141bdd1452977dd893dd63
9cd9504b3afdeca86a03251591e1afab36ae2c57
ce0f70d9e807bb959717d8350c21a107f5b6b7221a774b6d1ed057219468a260
GET /jquery-plugins/modernizr-2.6.2-respond-1.1.0.min.js HTTP/1.1
Host: m.sancdn.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://as.sexad.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Date: Wed, 28 Sep 2022 05:51:00 GMT
Connection: Keep-Alive
ETag: "1367368554"
Cache-Control: max-age=86400
Content-Length: 19484
Content-Type: application/javascript
Last-Modified: Wed, 01 May 2013 00:35:54 GMT
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
X-HW: 1664344260.dop210.sk1.t,1664344260.cds258.sk1.shn,1664344260.dop210.sk1.t,1664344260.cds026.sk1.c
ocsp.digicert.com/
200 OK 471 B IP
Hash 3de0f4884c63086faf4381174c8ec8ce
db6ee8934446374f1f47c405b78181434ba0d6c0
4e2940fe161a89e662af7efb2b6511501312d7226d7926beb55f06f7391d51d4
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4889
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Wed, 28 Sep 2022 05:51:00 GMT
Last-Modified: Wed, 28 Sep 2022 04:29:31 GMT
Server: ECS (ska/F71D)
X-Cache: HIT
Content-Length: 471
m.sancdn.net/common/videojs/videojs.min-original-v2.css
200 OK 12 kB URL HTTP/1.1 m.sancdn.net/common/videojs/videojs.min-original-v2.css
IP
File type ASCII text, with very long lines (11336)
Hash 4b6813504d31e3b11655aafacf165db4
96517f0033bd59f277cd2eefa7d088ae6ff82dad
063b4a568733054fea7f238a10b384170ce29c136d3194feed44d8c8b451f55d
GET /common/videojs/videojs.min-original-v2.css HTTP/1.1
Host: m.sancdn.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://as.sexad.net/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Date: Wed, 28 Sep 2022 05:51:00 GMT
Connection: Keep-Alive
ETag: "1385146323"
Cache-Control: max-age=46929
Content-Length: 11451
Content-Type: text/css
Last-Modified: Fri, 22 Nov 2013 18:52:03 GMT
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
X-HW: 1664344260.dop213.sk1.t,1664344260.cds244.sk1.shn,1664344260.cds244.sk1.c
xfantazy.com/_next/static/chunks/7.38d845e9473548212694.js
200 OK 40 kB URL HTTP/2 xfantazy.com/_next/static/chunks/7.38d845e9473548212694.js
IP
File type ASCII text, with very long lines (38842), with no line terminators
Hash e21293975cdcc8fa047cc3c5520c20f7
9ebfc7412ec15beccfcdff725c3ee991e3bd7dfe
f410a8baed930010fb35cd4025dc3007c077e10389b2816da2d97984a059ce14
GET /_next/static/chunks/7.38d845e9473548212694.js HTTP/1.1
Host: xfantazy.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/video/60030b8cd7357618a3cab844
Cookie: visitorId=ni6eiv1w84d5fobgow4re; experiment-popup-payment-7=0; experiment-save-to-button-2=0
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Wed, 28 Sep 2022 05:50:55 GMT
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=31536000, immutable
cf-bgj: minify
etag: W/"97ba-181397f9e55"
last-modified: Mon, 06 Jun 2022 14:51:13 GMT
vary: Origin, Accept-Encoding
cf-cache-status: HIT
age: 9784648
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=mr2YAuuD76eYTLtUMAzs5haYz6OSeqDbk7R%2BDtiplac8zMN%2B18wHRJgdIEheQuoiHfIoaA6NFrkcncsdU%2FUCui0KUXw1mOr2KPKc%2FmJpANXioTQtu3pPVwyP3%2FZexw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 751a344f48771c02-OSL
content-encoding: br
X-Firefox-Spdy: h2
m.sancdn.net/common/fontawesome-430/font-awesome.min.css
200 OK 24 kB URL HTTP/1.1 m.sancdn.net/common/fontawesome-430/font-awesome.min.css
IP
File type ASCII text, with very long lines (23523)
Hash 3738ef90dad175977dc8a695809bb71a
98aa676ba7987caa86d49ab1b71f73896d08ad13
c86f7b62a894d5799f1aa0a535efb34ed6f914447f901f1da50c837dee13fa72
GET /common/fontawesome-430/font-awesome.min.css HTTP/1.1
Host: m.sancdn.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://as.sexad.net/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Date: Wed, 28 Sep 2022 05:51:00 GMT
Connection: Keep-Alive
ETag: "1422564509"
Cache-Control: max-age=86400
Content-Length: 23685
Content-Type: text/css
Last-Modified: Thu, 29 Jan 2015 20:48:29 GMT
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
X-HW: 1664344260.dop227.sk1.t,1664344260.cds023.sk1.shn,1664344260.cds023.sk1.c
m.sancdn.net/common/videojs/videojs-411.js
200 OK 71 kB URL HTTP/1.1 m.sancdn.net/common/videojs/videojs-411.js
IP
File type ASCII text, with very long lines (691)
Hash 532c3b3953d350e917649027f2c2accc
ffa74d9d511742bcf131580f71475dda94b962bc
16d0f10631780e6f883d0ec99240c59cc9836c76121d31111331732aac932fe0
GET /common/videojs/videojs-411.js HTTP/1.1
Host: m.sancdn.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://as.sexad.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Date: Wed, 28 Sep 2022 05:51:00 GMT
Connection: Keep-Alive
ETag: "1448403647"
Cache-Control: max-age=86400
Content-Length: 71023
Content-Type: application/javascript
Last-Modified: Tue, 24 Nov 2015 22:20:47 GMT
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
X-HW: 1664344260.dop009.sk1.t,1664344260.cds229.sk1.shn,1664344260.dop009.sk1.t,1664344260.cds202.sk1.c
as.sexad.net/px.gif?stno=3-937-fap247.com-0-5104-0-0-3001-5671-3&p=reseller&w=1&h=1&v=5104&noplaybtn=1&adHeight=175&adWidth=235&adType=live&autoplay=true&hn=fap247.com&AFNO=1-286&cam=0&adv=0&ctry=NO&lang=en&dev=Other
200 35 B URL HTTP/1.1 as.sexad.net/px.gif?stno=3-937-fap247.com-0-5104-0-0-3001-5671-3&p=reseller&w=1&h=1&v=5104&noplaybtn=1&adHeight=175&adWidth=235&adType=live&autoplay=true&hn=fap247.com&AFNO=1-286&cam=0&adv=0&ctry=NO&lang=en&dev=Other
IP
File type GIF image data, version 87a, 1 x 1\012- data
Hash 729c3007a8ed0597531b0c76d54a94bb
90fe9b8a8142548fdfab29f59cb0a164a0eaef81
6a842ea462daca2a0b5a0f5f25bcfc8e0059ac811ca6c6a1bc54e4d9119621c3
GET /px.gif?stno=3-937-fap247.com-0-5104-0-0-3001-5671-3&p=reseller&w=1&h=1&v=5104&noplaybtn=1&adHeight=175&adWidth=235&adType=live&autoplay=true&hn=fap247.com&AFNO=1-286&cam=0&adv=0&ctry=NO&lang=en&dev=Other HTTP/1.1
Host: as.sexad.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://as.sexad.net/as/if?p=reseller&w=1&h=1&v=5104&noplaybtn=1&adHeight=175&adWidth=235&adType=live&autoplay=true&hn=fap247.com&AFNO=1-286
Cookie: iid=3806-1664344260
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200
Server: nginx/1.18.0
Date: Wed, 28 Sep 2022 05:51:00 GMT
Content-Type: image/gif
Content-Length: 35
Connection: keep-alive
Cache-Control: no-cache, no-store, must-revalidate, private, max-age=0
Access-Control-Allow-Origin: *
Set-Cookie: ust=1664344260; expires=Sat, 25-Sep-2032 05:51:00 GMT; Max-Age=315360000; path=/; secure; SameSite=None
P3P: policyref="/w3c/p3p.xml", CP="This is not our comprehensive privacy policy (P3P). For complete information, please see http://streamate.com/privacy.html"
camschat.net/900250/game.php
200 OK 229 B URL HTTP/2 camschat.net/900250/game.php
IP
Hash 9e7d77484a80075c49939af21c615c8d
cb02f74ca91de7a6bd2a2a927338696c2e931bd8
e43ec72cb4a2e53031d54c5517af5b0933c3096da16776d82b6148106e1e3180
GET /900250/game.php HTTP/1.1
Host: camschat.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://camschat.net/900250/adnium.php
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 28 Sep 2022 05:50:59 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
x-powered-by: PHP/7.4.3
content-encoding: gzip
X-Firefox-Spdy: h2
bam.nr-data.net/1/6f524845d1?a=24279235&v=1216.487a282&to=MwYEbUdYXxJQWhULDApMIExbWkUIXldOFgwRERUXQ1BUFkIDFQ0WFlA%3D&rst=792&ck=1&ref=https://chaturbate.com/tours/3/&ap=30&be=417&fe=628&dc=531&af=err,xhr,stn,ins,spa&perf=%7B%22timing%22:%7B%22of%22:1664344257296,%22n%22:0,%22r%22:1,%22re%22:196,%22f%22:196,%22dn%22:196,%22dne%22:196,%22c%22:196,%22s%22:196,%22ce%22:196,%22rq%22:201,%22rp%22:391,%22rpe%22:393,%22dl%22:404,%22di%22:525,%22ds%22:531,%22de%22:536,%22dc%22:627,%22l%22:627,%22le%22:629%7D,%22navigation%22:%7B%22rc%22:1%7D%7D&fcp=515&at=H0ETGw9CExRCXBM9CgBBXAkZG0QSVEsPAw4BQVwbamZQD15XPj1BSEEVUFJXRBFuXQAWBkZZVhUXenc%2BY1gYQFlGVFMIVAoFVwkNBFYBBlcAXxh2Yi0TFUMhJTshCU0XAwdYHRsiJDwmDBJ8TU1DABMDQwQCCBADFVNYXRJUG01AEQECCmZcSRNbEwBQTFpUTVILGwgEVRMVQwMNCw05X1lYVhITA0NAT0YBA0pBZlYUVEoSPQoUQVwbDAgfWAEXVVBNVVZSGxkbUwRCTT4FFgEQFWZSXF5DCxsvLUFIQQ9JalpeFF9NExtBXkEodhcVEwhBZgINFgoXFEBqWl4PV1AFBw0HBkQDFwwBQx0bCBI8CgYSTlpLWkMLGwMOChxNBVZYGx1DWEk%2BDREDAghQT1hFCF5XQ1hBJg8PQRVqXg1ETQgNDRdBShtcSW4IQklDWEEmDw9BFWpeDURNCA0NF0FKG1xJbgBCV0NYVlRQVg0ZG1gRblgSDDwLEQEbDxtzDVhBQTEMCBYSUFpXQkFwakNOQQ0TOVpaV18EUk0IDQ07Fx9JUBsLQ3JYAw4GSyc1dRcVEwhBZhQRBhY8EkBFXBNbE0sEEQoABghNXFhdQx0bEwcSEQYVTWpJUBVZG1tATBAME0tGFgJOExVDFQ87CwlKQRsLQ1JRABYWFgEHTVAXUg5cG01AEA0XA2ZcXRNbABVDEQoQBjldWlRQCF8bW0AADAISTEdbUBVUFwINDkZPREtQSEQEQk0%2BCgwXF0QDF1pZAEVMEwACEAZIWlpUE00TWxMNFBcGFGZcXRNbE1gFVFNQVwMJGFpXVQAUVVAHV05eDwEMHAIIWlVaVlEGUQoAChNNE0sEBAYWBhQbDxtZFUVJElhMSwAHVEZaWQBFFw8HF0tBShtHXEAUVEoVPQ4BFw5WURsLQ3Z8NUBPRhMfTV1WXz5HXBMRCgsNRAMXCh9WExVDFwI7BwNPXFpUPldYDAsPHUFcG3pNWQRDG01AFgU8AlxDUFIEbk0YEgZGWURdUEpaFV5JQ05BEQI5VkZmVwBcUA0bQV5BKlBbTElDHRsUAzwLEDlPUEtCCF5XQ1hBRk9ETFRmUxNeThIHETsFB1RcVUhDCxsnCxEBBQlBFxUTFFBmAxAMExADS2pPVBNCUA4MQV5BXw8bCRNNE0wAPRAQEQ9XUhsLQ3xWGwsPCAJJDBsJEUlpCFBZQygKCExNGUlZB2ZXVlhEERADDA8fURgZJgcADwxJCwUIAVEACVBCJQ0RA19aQR5YBxdRQE9GBA9NalpeDFxQFUBZRgVTDwZcUgUHC1gDAkZPRElUS1AMQhtbQBg4QRJWQEttQwsZPUAbVTECZRcVET0TWgAPEwUKAVdpGwtBbRsVAywXITobGRltQ1JlQ1hDOEFXZRcVET0TST1AWUQ/RAlpGx1BbRsGBw0ABhRlFwMRPRNfPUBPRD9EXVxKUANdXD4RDBENAmUXAxE9Ewk9QB5GT0RcWVBWCFNVBD0QFA8PTWpNVBJFSkNYQUQnFVpDS3NQEX0SARUWIVQZcUpSF0N7UkInFwAQS3cNEUMdGwQOCgMKBFVQZkIRXVAVPRcBEBJKaldCQwsbQQYKFwAJT1BLSD5BWAYHQ0ZPRFhWTVgXVGYSEg8NFzlNUEpFEhMDQ0InFwAQS3cIEUMdGwABFw0VA2ZGSV0IRWYVBxAQEDlXRhsLQxFdCBEACxUDS0xmQQBWXEFAHhk%3D&jsonp=NREUM.setToken
200 OK 77 B URL HTTP/1.1 bam.nr-data.net/1/6f524845d1?a=24279235&v=1216.487a282&to=MwYEbUdYXxJQWhULDApMIExbWkUIXldOFgwRERUXQ1BUFkIDFQ0WFlA%3D&rst=792&ck=1&ref=https://chaturbate.com/tours/3/&ap=30&be=417&fe=628&dc=531&af=err,xhr,stn,ins,spa&perf=%7B%22timing%22:%7B%22of%22:1664344257296,%22n%22:0,%22r%22:1,%22re%22:196,%22f%22:196,%22dn%22:196,%22dne%22:196,%22c%22:196,%22s%22:196,%22ce%22:196,%22rq%22:201,%22rp%22:391,%22rpe%22:393,%22dl%22:404,%22di%22:525,%22ds%22:531,%22de%22:536,%22dc%22:627,%22l%22:627,%22le%22:629%7D,%22navigation%22:%7B%22rc%22:1%7D%7D&fcp=515&at=H0ETGw9CExRCXBM9CgBBXAkZG0QSVEsPAw4BQVwbamZQD15XPj1BSEEVUFJXRBFuXQAWBkZZVhUXenc%2BY1gYQFlGVFMIVAoFVwkNBFYBBlcAXxh2Yi0TFUMhJTshCU0XAwdYHRsiJDwmDBJ8TU1DABMDQwQCCBADFVNYXRJUG01AEQECCmZcSRNbEwBQTFpUTVILGwgEVRMVQwMNCw05X1lYVhITA0NAT0YBA0pBZlYUVEoSPQoUQVwbDAgfWAEXVVBNVVZSGxkbUwRCTT4FFgEQFWZSXF5DCxsvLUFIQQ9JalpeFF9NExtBXkEodhcVEwhBZgINFgoXFEBqWl4PV1AFBw0HBkQDFwwBQx0bCBI8CgYSTlpLWkMLGwMOChxNBVZYGx1DWEk%2BDREDAghQT1hFCF5XQ1hBJg8PQRVqXg1ETQgNDRdBShtcSW4IQklDWEEmDw9BFWpeDURNCA0NF0FKG1xJbgBCV0NYVlRQVg0ZG1gRblgSDDwLEQEbDxtzDVhBQTEMCBYSUFpXQkFwakNOQQ0TOVpaV18EUk0IDQ07Fx9JUBsLQ3JYAw4GSyc1dRcVEwhBZhQRBhY8EkBFXBNbE0sEEQoABghNXFhdQx0bEwcSEQYVTWpJUBVZG1tATBAME0tGFgJOExVDFQ87CwlKQRsLQ1JRABYWFgEHTVAXUg5cG01AEA0XA2ZcXRNbABVDEQoQBjldWlRQCF8bW0AADAISTEdbUBVUFwINDkZPREtQSEQEQk0%2BCgwXF0QDF1pZAEVMEwACEAZIWlpUE00TWxMNFBcGFGZcXRNbE1gFVFNQVwMJGFpXVQAUVVAHV05eDwEMHAIIWlVaVlEGUQoAChNNE0sEBAYWBhQbDxtZFUVJElhMSwAHVEZaWQBFFw8HF0tBShtHXEAUVEoVPQ4BFw5WURsLQ3Z8NUBPRhMfTV1WXz5HXBMRCgsNRAMXCh9WExVDFwI7BwNPXFpUPldYDAsPHUFcG3pNWQRDG01AFgU8AlxDUFIEbk0YEgZGWURdUEpaFV5JQ05BEQI5VkZmVwBcUA0bQV5BKlBbTElDHRsUAzwLEDlPUEtCCF5XQ1hBRk9ETFRmUxNeThIHETsFB1RcVUhDCxsnCxEBBQlBFxUTFFBmAxAMExADS2pPVBNCUA4MQV5BXw8bCRNNE0wAPRAQEQ9XUhsLQ3xWGwsPCAJJDBsJEUlpCFBZQygKCExNGUlZB2ZXVlhEERADDA8fURgZJgcADwxJCwUIAVEACVBCJQ0RA19aQR5YBxdRQE9GBA9NalpeDFxQFUBZRgVTDwZcUgUHC1gDAkZPRElUS1AMQhtbQBg4QRJWQEttQwsZPUAbVTECZRcVET0TWgAPEwUKAVdpGwtBbRsVAywXITobGRltQ1JlQ1hDOEFXZRcVET0TST1AWUQ/RAlpGx1BbRsGBw0ABhRlFwMRPRNfPUBPRD9EXVxKUANdXD4RDBENAmUXAxE9Ewk9QB5GT0RcWVBWCFNVBD0QFA8PTWpNVBJFSkNYQUQnFVpDS3NQEX0SARUWIVQZcUpSF0N7UkInFwAQS3cNEUMdGwQOCgMKBFVQZkIRXVAVPRcBEBJKaldCQwsbQQYKFwAJT1BLSD5BWAYHQ0ZPRFhWTVgXVGYSEg8NFzlNUEpFEhMDQ0InFwAQS3cIEUMdGwABFw0VA2ZGSV0IRWYVBxAQEDlXRhsLQxFdCBEACxUDS0xmQQBWXEFAHhk%3D&jsonp=NREUM.setToken
IP
File type ASCII text, with no line terminators
Hash f1442f5831dbbe0210da2d7a4180d6b8
2ade23c6c7a001c66f0c0a9a101ec152747b434e
c6acf9fb2ecc1b144c51bd0337bbf1c26db3df2f649ac2da5c56db20d93eb3ef
GET /1/6f524845d1?a=24279235&v=1216.487a282&to=MwYEbUdYXxJQWhULDApMIExbWkUIXldOFgwRERUXQ1BUFkIDFQ0WFlA%3D&rst=792&ck=1&ref=https://chaturbate.com/tours/3/&ap=30&be=417&fe=628&dc=531&af=err,xhr,stn,ins,spa&perf=%7B%22timing%22:%7B%22of%22:1664344257296,%22n%22:0,%22r%22:1,%22re%22:196,%22f%22:196,%22dn%22:196,%22dne%22:196,%22c%22:196,%22s%22:196,%22ce%22:196,%22rq%22:201,%22rp%22:391,%22rpe%22:393,%22dl%22:404,%22di%22:525,%22ds%22:531,%22de%22:536,%22dc%22:627,%22l%22:627,%22le%22:629%7D,%22navigation%22:%7B%22rc%22:1%7D%7D&fcp=515&at=H0ETGw9CExRCXBM9CgBBXAkZG0QSVEsPAw4BQVwbamZQD15XPj1BSEEVUFJXRBFuXQAWBkZZVhUXenc%2BY1gYQFlGVFMIVAoFVwkNBFYBBlcAXxh2Yi0TFUMhJTshCU0XAwdYHRsiJDwmDBJ8TU1DABMDQwQCCBADFVNYXRJUG01AEQECCmZcSRNbEwBQTFpUTVILGwgEVRMVQwMNCw05X1lYVhITA0NAT0YBA0pBZlYUVEoSPQoUQVwbDAgfWAEXVVBNVVZSGxkbUwRCTT4FFgEQFWZSXF5DCxsvLUFIQQ9JalpeFF9NExtBXkEodhcVEwhBZgINFgoXFEBqWl4PV1AFBw0HBkQDFwwBQx0bCBI8CgYSTlpLWkMLGwMOChxNBVZYGx1DWEk%2BDREDAghQT1hFCF5XQ1hBJg8PQRVqXg1ETQgNDRdBShtcSW4IQklDWEEmDw9BFWpeDURNCA0NF0FKG1xJbgBCV0NYVlRQVg0ZG1gRblgSDDwLEQEbDxtzDVhBQTEMCBYSUFpXQkFwakNOQQ0TOVpaV18EUk0IDQ07Fx9JUBsLQ3JYAw4GSyc1dRcVEwhBZhQRBhY8EkBFXBNbE0sEEQoABghNXFhdQx0bEwcSEQYVTWpJUBVZG1tATBAME0tGFgJOExVDFQ87CwlKQRsLQ1JRABYWFgEHTVAXUg5cG01AEA0XA2ZcXRNbABVDEQoQBjldWlRQCF8bW0AADAISTEdbUBVUFwINDkZPREtQSEQEQk0%2BCgwXF0QDF1pZAEVMEwACEAZIWlpUE00TWxMNFBcGFGZcXRNbE1gFVFNQVwMJGFpXVQAUVVAHV05eDwEMHAIIWlVaVlEGUQoAChNNE0sEBAYWBhQbDxtZFUVJElhMSwAHVEZaWQBFFw8HF0tBShtHXEAUVEoVPQ4BFw5WURsLQ3Z8NUBPRhMfTV1WXz5HXBMRCgsNRAMXCh9WExVDFwI7BwNPXFpUPldYDAsPHUFcG3pNWQRDG01AFgU8AlxDUFIEbk0YEgZGWURdUEpaFV5JQ05BEQI5VkZmVwBcUA0bQV5BKlBbTElDHRsUAzwLEDlPUEtCCF5XQ1hBRk9ETFRmUxNeThIHETsFB1RcVUhDCxsnCxEBBQlBFxUTFFBmAxAMExADS2pPVBNCUA4MQV5BXw8bCRNNE0wAPRAQEQ9XUhsLQ3xWGwsPCAJJDBsJEUlpCFBZQygKCExNGUlZB2ZXVlhEERADDA8fURgZJgcADwxJCwUIAVEACVBCJQ0RA19aQR5YBxdRQE9GBA9NalpeDFxQFUBZRgVTDwZcUgUHC1gDAkZPRElUS1AMQhtbQBg4QRJWQEttQwsZPUAbVTECZRcVET0TWgAPEwUKAVdpGwtBbRsVAywXITobGRltQ1JlQ1hDOEFXZRcVET0TST1AWUQ/RAlpGx1BbRsGBw0ABhRlFwMRPRNfPUBPRD9EXVxKUANdXD4RDBENAmUXAxE9Ewk9QB5GT0RcWVBWCFNVBD0QFA8PTWpNVBJFSkNYQUQnFVpDS3NQEX0SARUWIVQZcUpSF0N7UkInFwAQS3cNEUMdGwQOCgMKBFVQZkIRXVAVPRcBEBJKaldCQwsbQQYKFwAJT1BLSD5BWAYHQ0ZPRFhWTVgXVGYSEg8NFzlNUEpFEhMDQ0InFwAQS3cIEUMdGwABFw0VA2ZGSV0IRWYVBxAQEDlXRhsLQxFdCBEACxUDS0xmQQBWXEFAHhk%3D&jsonp=NREUM.setToken HTTP/1.1
Host: bam.nr-data.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://chaturbate.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Date: Wed, 28 Sep 2022 05:51:00 GMT
Content-Type: text/javascript
Transfer-Encoding: chunked
Connection: keep-alive
CF-Ray: 751a346cdb630b61-OSL
Access-Control-Allow-Origin: *
Set-Cookie: JSESSIONID=44b105042d4a2076; Path=/; Domain=.nr-data.net; Secure; SameSite=None
CF-Cache-Status: DYNAMIC
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, PUT, HEAD, OPTIONS
Cross-Origin-Resource-Policy: cross-origin
Vary: Accept-Encoding
Server: cloudflare
Content-Encoding: gzip
m.sancdn.net/common/fontawesome-430/fontawesome-webfont.woff2?v=4.3.0
200 OK 57 kB URL HTTP/1.1 m.sancdn.net/common/fontawesome-430/fontawesome-webfont.woff2?v=4.3.0
IP
File type Web Open Font Format (Version 2), TrueType, length 56780, version 4.197\012- data
Hash 97493d3f11c0a3bd5cbd959f5d19b699
1075231650f579955905bb2f6527148a8e2b4b16
aadc3580d2b64ff5a7e6f1425587db4e8b033efcbf8f5c332ca52a5ed580c87c
GET /common/fontawesome-430/fontawesome-webfont.woff2?v=4.3.0 HTTP/1.1
Host: m.sancdn.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://as.sexad.net
Connection: keep-alive
Referer: https://m.sancdn.net/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Date: Wed, 28 Sep 2022 05:51:00 GMT
Connection: Keep-Alive
ETag: "1422564509"
Cache-Control: max-age=86400
Content-Length: 56780
Content-Type: application/octet-stream
Last-Modified: Thu, 29 Jan 2015 20:48:29 GMT
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
X-HW: 1664344260.dop016.sk1.t,1664344260.cds207.sk1.shn,1664344260.cds207.sk1.c
pt-static1.ptlwmstc.com/npe/image/smilies_ex.png
200 OK 8.5 kB URL HTTP/2 pt-static1.ptlwmstc.com/npe/image/smilies_ex.png
IP
ASN #34655 DuoDecad IT Services Luxembourg S.a r.l.
File type PNG image data, 536 x 138, 8-bit colormap, non-interlaced\012- data
Hash 53fc00ebf44066190d5faea2a7931e7c
21178ac1ffb10f958d26d17a0fe49d5d31a00720
63526a6642f64fadb44cd33d634bb626f8e96af3f850215cfdd78a9c609fc85c
GET /npe/image/smilies_ex.png HTTP/1.1
Host: pt-static1.ptlwmstc.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://pt.wmptctl.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Wed, 28 Sep 2022 05:51:00 GMT
content-type: image/png
content-length: 8533
last-modified: Wed, 03 Aug 2022 06:46:21 GMT
etag: "62ea19bd-2155"
access-control-allow-origin: *
server: unknown
x-cdn-node: sesto
x-cache-status: R-HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
galleryn12.awemdia.com/ff268cab8d9fbae1ed7506f97496274f1b/b1cc3c22e45365ec048321d56b2986b4_glamour_896x504.jpg
200 OK 48 kB URL HTTP/2 galleryn12.awemdia.com/ff268cab8d9fbae1ed7506f97496274f1b/b1cc3c22e45365ec048321d56b2986b4_glamour_896x504.jpg
IP
ASN #34655 DuoDecad IT Services Luxembourg S.a r.l.
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, progressive, precision 8, 896x504, components 3\012- data
Hash 889d97aac69a9ff34965a28c092b558d
1048059440e8e67cda4b41e24c8029b16aa8f474
cecd1bfdd3de6439476a19adbd2e7506c82818f6377fc431ca31eae09597ef21
GET /ff268cab8d9fbae1ed7506f97496274f1b/b1cc3c22e45365ec048321d56b2986b4_glamour_896x504.jpg HTTP/1.1
Host: galleryn12.awemdia.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://pt.wmptctl.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Wed, 28 Sep 2022 05:51:01 GMT
content-type: image/jpeg
content-length: 48130
last-modified: Thu, 08 Sep 2022 20:08:16 GMT
etag: "889d97aac69a9ff34965a28c092b558d"
access-control-allow-origin: *
x-content-type-options: nosniff
x-cache-source: Origin
x-cache-status: R-HIT
expires: Wed, 12 Oct 2022 05:51:01 GMT
server: unknown
x-cdn-node: sesto
cache-control: max-age=1209600
x-real-source: -
accept-ranges: bytes
X-Firefox-Spdy: h2
secure.vs3.com/xml/live-video-ads.php?mp_code=dc16m&utm_source=affiliates&utm_medium=iframe&utm_campaign=450x250-categories-0001&utm_content=dc16m&service=girls&sitekey=whitelabel|chatwithwebcams.com&limit=50&cats=&response_type=json&t=1664344258524
301 Moved Permanently 20 B URL HTTP/2 secure.vs3.com/xml/live-video-ads.php?mp_code=dc16m&utm_source=affiliates&utm_medium=iframe&utm_campaign=450x250-categories-0001&utm_content=dc16m&service=girls&sitekey=whitelabel|chatwithwebcams.com&limit=50&cats=&response_type=json&t=1664344258524
IP
Hash 7029066c27ac6f5ef18d660d5741979a
46c6643f07aa7f6bfe7118de926b86defc5087c4
59869db34853933b239f1e2219cf7d431da006aa919635478511fabbfc8849d2
GET /xml/live-video-ads.php?mp_code=dc16m&utm_source=affiliates&utm_medium=iframe&utm_campaign=450x250-categories-0001&utm_content=dc16m&service=girls&sitekey=whitelabel|chatwithwebcams.com&limit=50&cats=&response_type=json&t=1664344258524 HTTP/1.1
Host: secure.vs3.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://secure.vs3.com/_special/banners/LiveWebCams.php?cta=gtr&style=450x250-categories-0001&mp_code=dc16m&service=girls&language=en&use_promo=0&model_id=&bgcolor=FFFFFF&txtcolor=000000&linkcolor=000000&num_models=50&sitekey=whitelabel&whitelabel_domain=chatwithwebcams.com&target=_blank&btncolor=000099&btntxtcolor=FFFFFF&accentcolor=FFFF66
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 301 Moved Permanently
date: Wed, 28 Sep 2022 05:51:00 GMT
set-cookie: PHPSESSID=r9095760o5nj3vl2tov15hfai7; path=/ ;SameSite=None; secure; HttpOnly
service=girls; expires=Thu, 28-Sep-2023 05:51:01 GMT; path=/; domain=.vs3.com; secure
mp_code=dc16m; expires=Fri, 28-Oct-2022 05:51:01 GMT; path=/; domain=.vs3.com
language=en; expires=Wed, 05-Oct-2022 05:51:01 GMT; path=/; domain=.vs3.com; secure
source_code=default; expires=Wed, 05-Oct-2022 05:51:01 GMT; path=/; domain=.vs3.com; secure
layout04=1; expires=Wed, 05-Oct-2022 05:51:01 GMT; path=/; SameSite=Strict; domain=.vs3.com
started=1664344260; expires=Thu, 29-Sep-2022 05:51:01 GMT; path=/; SameSite=Strict; domain=.vs3.com
pb_cc=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; SameSite=Strict; domain=.vs3.com
location: /xml/live-video-ads.php?utm_source=affiliates&utm_medium=iframe&utm_campaign=450x250-categories-0001&utm_content=dc16m&service=girls&sitekey=whitelabel|chatwithwebcams.com&limit=50&response_type=json&t=1664344258524
content-encoding: gzip
vary: Accept-Encoding
access-control-allow-origin: *
content-length: 20
content-type: text/html; charset=utf-8
strict-transport-security: max-age=31536000; preload;
X-Firefox-Spdy: h2
pt.wmptctl.com/RnqQM/K9Z.gif?c=object_container&site=wl3&cobrandId=240622&psid=cybermike&pstool=202_1&psprogram=cbrnd&campaign_id=118122&vp%5BshowChat%5D=false&vp%5BchatAutoHide%5D=false&vp%5BshowCallToAction%5D=false&vp%5BshowPerformerName%5D=false&vp%5BshowPerformerStatus%5D=false&filters=&subAffId=%7BSUBAFFID%7D&categoryName=girl&embedTool=1&origin=camschat.net
200 OK 11 kB URL HTTP/2 pt.wmptctl.com/RnqQM/K9Z.gif?c=object_container&site=wl3&cobrandId=240622&psid=cybermike&pstool=202_1&psprogram=cbrnd&campaign_id=118122&vp%5BshowChat%5D=false&vp%5BchatAutoHide%5D=false&vp%5BshowCallToAction%5D=false&vp%5BshowPerformerName%5D=false&vp%5BshowPerformerStatus%5D=false&filters=&subAffId=%7BSUBAFFID%7D&categoryName=girl&embedTool=1&origin=camschat.net
IP
ASN #34655 DuoDecad IT Services Luxembourg S.a r.l.
Hash 3dea478bfd4751d6481f50165b61e206
d8eba712b97124da3fbb1caca301109ba705a01f
318d5e0b79a64b218702acae737b5e54c6b698d29ef75753742b225b749cdcf6
GET /RnqQM/K9Z.gif?c=object_container&site=wl3&cobrandId=240622&psid=cybermike&pstool=202_1&psprogram=cbrnd&campaign_id=118122&vp%5BshowChat%5D=false&vp%5BchatAutoHide%5D=false&vp%5BshowCallToAction%5D=false&vp%5BshowPerformerName%5D=false&vp%5BshowPerformerStatus%5D=false&filters=&subAffId=%7BSUBAFFID%7D&categoryName=girl&embedTool=1&origin=camschat.net HTTP/1.1
Host: pt.wmptctl.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://pt.wmptctl.com/live-feed/fk/?c=object_container&site=wl3&cobrandId=240622&psid=cybermike&pstool=202_1&psprogram=cbrnd&campaign_id=118122&forcedPerformers%5B0%5D=&vp%5BshowChat%5D=false&vp%5BchatAutoHide%5D=false&vp%5BshowCallToAction%5D=false&vp%5BshowPerformerName%5D=false&vp%5BshowPerformerStatus%5D=false&filters=&subAffId=%7BSUBAFFID%7D&categoryName=girl&embedTool=1&origin=camschat.net
Cookie: psui=c11170dca089cc3d7eb6d01a7f1a1068
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Wed, 28 Sep 2022 05:51:01 GMT
content-type: image/gif
content-length: 43
last-modified: Mon, 28 Sep 1970 06:00:00 GMT
server: unknown
set-cookie: psui=c11170dca089cc3d7eb6d01a7f1a1068; Path=/; Expires=Fri, 28-Oct-22 05:51:01 GMT; SameSite=None; Secure
expires: Wed, 28 Sep 2022 05:51:00 GMT
cache-control: no-cache
access-control-allow-origin: *
X-Firefox-Spdy: h2
m1.nsimg.net//media/1/3/2/13251416.jpg
200 OK 15 kB URL HTTP/1.1 m1.nsimg.net//media/1/3/2/13251416.jpg
IP
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 90", baseline, precision 8, 320x240, components 3\012- data
Hash b504b1496936273e6a7d900fbeecd9c8
a0d1195348a89ede9a7d62c0aa7515abfb89f297
be954527549500d5c85fcfd00bb706e363a55c36717815acfc967395c8b2b908
GET //media/1/3/2/13251416.jpg HTTP/1.1
Host: m1.nsimg.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://as.sexad.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Wed, 28 Sep 2022 05:51:01 GMT
Content-Type: image/jpeg
Content-Length: 15316
Connection: keep-alive
Last-Modified: Sat, 10 Sep 2022 02:01:37 GMT
ETag: "631bf001-3bd4"
Expires: Wed, 20 Sep 2023 20:58:49 GMT
Cache-Control: max-age=31536000
X-Varnish: 282138235 259183450
Age: 624571
Access-Control-Allow-Origin: *
Accept-Ranges: bytes
galleryn12.awemdia.com/ff268cab8d9fbae1ed7506f97496274f16/67d3c173d381ed3300912c899ac2728e_glamour_896x504.jpg
200 OK 74 kB URL HTTP/2 galleryn12.awemdia.com/ff268cab8d9fbae1ed7506f97496274f16/67d3c173d381ed3300912c899ac2728e_glamour_896x504.jpg
IP
ASN #34655 DuoDecad IT Services Luxembourg S.a r.l.
Hash c8ce5312f5af9d87561e915ffd50337e
b3cfb02f76239d6d5d4335c7942f0d8cab987b6a
1d9c05fa1bb5f58767e505810058a14bd7bf6324067b8a91cc159eb514255030
GET /ff268cab8d9fbae1ed7506f97496274f16/67d3c173d381ed3300912c899ac2728e_glamour_896x504.jpg HTTP/1.1
Host: galleryn12.awemdia.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://pt.wmptctl.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Wed, 28 Sep 2022 05:51:01 GMT
content-type: image/jpeg
content-length: 59227
last-modified: Tue, 20 Sep 2022 00:30:35 GMT
etag: "234f7da162d8e0c44f50f2bb2de2cf85"
access-control-allow-origin: *
x-content-type-options: nosniff
x-cache-source: Origin
x-cache-status: R-HIT
expires: Wed, 12 Oct 2022 05:51:01 GMT
server: unknown
x-cdn-node: sesto
cache-control: max-age=1209600
x-real-source: -
accept-ranges: bytes
X-Firefox-Spdy: h2
galleryn12.awemdia.com/ff268cab8d9fbae1ed7506f97496274f15/53efd7333aedd5ddcc191e591d57c083_glamour_896x504.jpg
200 OK 40 kB URL HTTP/2 galleryn12.awemdia.com/ff268cab8d9fbae1ed7506f97496274f15/53efd7333aedd5ddcc191e591d57c083_glamour_896x504.jpg
IP
ASN #34655 DuoDecad IT Services Luxembourg S.a r.l.
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 72x72, segment length 16, progressive, precision 8, 896x504, components 3\012- data
Hash 7e7b7ef8e320eb4cfb0e8d64c830a37e
8d91dc1c469be836363778dd375b5a271f018909
47234b27042fdf182a652dd42c7aa35d3107c44a761b35f7b4ae3c8d0cf19cc5
GET /ff268cab8d9fbae1ed7506f97496274f15/53efd7333aedd5ddcc191e591d57c083_glamour_896x504.jpg HTTP/1.1
Host: galleryn12.awemdia.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://pt.wmptctl.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Wed, 28 Sep 2022 05:51:01 GMT
content-type: image/jpeg
content-length: 40525
last-modified: Thu, 21 Jul 2022 19:50:05 GMT
etag: "7e7b7ef8e320eb4cfb0e8d64c830a37e"
access-control-allow-origin: *
x-content-type-options: nosniff
x-cache-source: Origin
x-cache-status: R-HIT
expires: Wed, 12 Oct 2022 05:51:01 GMT
server: unknown
x-cdn-node: sesto
cache-control: max-age=1209600
x-real-source: -
accept-ranges: bytes
X-Firefox-Spdy: h2
galleryn12.awemdia.com/ff268cab8d9fbae1ed7506f97496274f12/242a1f131794f8d469a280a927b1e374_glamour_896x504.jpg
200 OK 72 kB URL HTTP/2 galleryn12.awemdia.com/ff268cab8d9fbae1ed7506f97496274f12/242a1f131794f8d469a280a927b1e374_glamour_896x504.jpg
IP
ASN #34655 DuoDecad IT Services Luxembourg S.a r.l.
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 72x72, segment length 16, progressive, precision 8, 896x504, components 3\012- data
Hash b1249b840df1f5aec7fa66980533ca5a
2ea18d4d000d9c07dc7200a0794db2b6fc080eb1
3c6552ee4725c91df3bbad2fa65549070adc58a2b10e1aa5d98c666f0c529c21
GET /ff268cab8d9fbae1ed7506f97496274f12/242a1f131794f8d469a280a927b1e374_glamour_896x504.jpg HTTP/1.1
Host: galleryn12.awemdia.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://pt.wmptctl.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Wed, 28 Sep 2022 05:51:01 GMT
content-type: image/jpeg
content-length: 72198
last-modified: Fri, 06 May 2022 08:22:17 GMT
etag: "b1249b840df1f5aec7fa66980533ca5a"
access-control-allow-origin: *
x-content-type-options: nosniff
x-cache-source: Origin
x-cache-status: R-HIT
expires: Wed, 12 Oct 2022 05:51:01 GMT
server: unknown
x-cdn-node: sesto
cache-control: max-age=1209600
x-real-source: -
accept-ranges: bytes
X-Firefox-Spdy: h2
galleryn12.awemdia.com/ff268cab8d9fbae1ed7506f97496274f12/273a6c0b169c648b0ce46a7be334dd2b_glamour_896x504.jpg
200 OK 103 kB URL HTTP/2 galleryn12.awemdia.com/ff268cab8d9fbae1ed7506f97496274f12/273a6c0b169c648b0ce46a7be334dd2b_glamour_896x504.jpg
IP
ASN #34655 DuoDecad IT Services Luxembourg S.a r.l.
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 72x72, segment length 16, progressive, precision 8, 896x504, components 3\012- data
Size 103 kB (103358 bytes)
Hash 2770a5e69f2bf21dcf318e1eded54fa2
699abf3dad75e3094be3f0497d7e108c6fa2b410
3df4b881fe11c083dc42b82d9cb5fa98fff82e6cbda5fe34d2e1aa605ea23471
GET /ff268cab8d9fbae1ed7506f97496274f12/273a6c0b169c648b0ce46a7be334dd2b_glamour_896x504.jpg HTTP/1.1
Host: galleryn12.awemdia.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://pt.wmptctl.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Wed, 28 Sep 2022 05:51:01 GMT
content-type: image/jpeg
content-length: 103358
last-modified: Thu, 09 Jun 2022 15:56:14 GMT
etag: "2770a5e69f2bf21dcf318e1eded54fa2"
access-control-allow-origin: *
x-content-type-options: nosniff
x-cache-source: Origin
x-cache-status: R-HIT
expires: Wed, 12 Oct 2022 05:51:01 GMT
server: unknown
x-cdn-node: sesto
cache-control: max-age=1209600
x-real-source: -
accept-ranges: bytes
X-Firefox-Spdy: h2
bam.nr-data.net/events/1/6f524845d1?a=24279235&v=1216.487a282&to=MwYEbUdYXxJQWhULDApMIExbWkUIXldOFgwRERUXQ1BUFkIDFQ0WFlA%3D&rst=1875&ck=1&ref=https://chaturbate.com/tours/3/
200 OK 24 B URL HTTP/1.1 bam.nr-data.net/events/1/6f524845d1?a=24279235&v=1216.487a282&to=MwYEbUdYXxJQWhULDApMIExbWkUIXldOFgwRERUXQ1BUFkIDFQ0WFlA%3D&rst=1875&ck=1&ref=https://chaturbate.com/tours/3/
IP
File type GIF image data, version 89a, 1 x 1\012- data
Hash bc32ed98d624acb4008f986349a20d26
2d3df8c11d2168ce2c27e0937421d11d85016361
0c9cf152a0ad00d4f102c93c613c104914be5517ac8f8e0831727f8bfbe8b300
POST /events/1/6f524845d1?a=24279235&v=1216.487a282&to=MwYEbUdYXxJQWhULDApMIExbWkUIXldOFgwRERUXQ1BUFkIDFQ0WFlA%3D&rst=1875&ck=1&ref=https://chaturbate.com/tours/3/ HTTP/1.1
Host: bam.nr-data.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://chaturbate.com/
content-type: text/plain
Content-Length: 1901
Origin: https://chaturbate.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Date: Wed, 28 Sep 2022 05:51:01 GMT
Content-Type: image/gif
Content-Length: 24
Connection: keep-alive
CF-Ray: 751a3472c8010b61-OSL
Access-Control-Allow-Origin: https://chaturbate.com
CF-Cache-Status: DYNAMIC
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, PUT, HEAD, OPTIONS
Vary: Accept-Encoding
Server: cloudflare
cbjpeg.stream.highwebmedia.com/stream?room=jennycutey&f=0.11049296595175162
200 OK 47 kB URL HTTP/2 cbjpeg.stream.highwebmedia.com/stream?room=jennycutey&f=0.11049296595175162
IP
ASN #50389 Phoenix Nap, LLC.
Hash dc52979cc342840bacb1447c86c6e4f9
11cc676bdf8e2fddeec61181ba526b94d938c80f
8bc3dad7204a759fbd595eb92a66ba431cae44566b4da20729de55f6c2a02b96
GET /stream?room=jennycutey&f=0.11049296595175162 HTTP/1.1
Host: cbjpeg.stream.highwebmedia.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://chaturbate.com/
Connection: keep-alive
Cookie: _cfuvid=kXs_XlsKrsTQ2.IV836bLhTFr5S80l2xUOMphpiEoDo-1664344260160-0-604800000
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Wed, 28 Sep 2022 05:51:01 GMT
content-type: image/jpeg
content-length: 46534
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: default-src 'none'; img-src data:; style-src 'unsafe-inline'
cache-tag: cbjpeg
x-frame-options: DENY
X-Firefox-Spdy: h2
secure.vs3.com/xml/live-video-ads.php?utm_source=affiliates&utm_medium=iframe&utm_campaign=450x250-categories-0001&utm_content=dc16m&service=girls&sitekey=whitelabel|chatwithwebcams.com&limit=50&response_type=json&t=1664344258524
200 OK 3.7 kB URL HTTP/2 secure.vs3.com/xml/live-video-ads.php?utm_source=affiliates&utm_medium=iframe&utm_campaign=450x250-categories-0001&utm_content=dc16m&service=girls&sitekey=whitelabel|chatwithwebcams.com&limit=50&response_type=json&t=1664344258524
IP
File type JSON data\012- , ASCII text, with very long lines (65536), with no line terminators
Hash 9e278a70881dc61590c9ada88eb7c828
ce80cf7dc7c636253e84b9e8daf2d6fa17093aec
b27cb96aa2ac827bd4485e76dfe1a3029bb15d11cb37b41466b0beefc068941c
GET /xml/live-video-ads.php?utm_source=affiliates&utm_medium=iframe&utm_campaign=450x250-categories-0001&utm_content=dc16m&service=girls&sitekey=whitelabel|chatwithwebcams.com&limit=50&response_type=json&t=1664344258524 HTTP/1.1
Host: secure.vs3.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://secure.vs3.com/_special/banners/LiveWebCams.php?cta=gtr&style=450x250-categories-0001&mp_code=dc16m&service=girls&language=en&use_promo=0&model_id=&bgcolor=FFFFFF&txtcolor=000000&linkcolor=000000&num_models=50&sitekey=whitelabel&whitelabel_domain=chatwithwebcams.com&target=_blank&btncolor=000099&btntxtcolor=FFFFFF&accentcolor=FFFF66
Connection: keep-alive
Cookie: PHPSESSID=r9095760o5nj3vl2tov15hfai7
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Wed, 28 Sep 2022 05:51:01 GMT
set-cookie: service=girls; expires=Thu, 28-Sep-2023 05:51:01 GMT; path=/; domain=.vs3.com; secure
mp_code=0000; expires=Fri, 28-Oct-2022 05:51:01 GMT; path=/; domain=.vs3.com
language=en; expires=Wed, 05-Oct-2022 05:51:01 GMT; path=/; domain=.vs3.com; secure
source_code=default; expires=Wed, 05-Oct-2022 05:51:01 GMT; path=/; domain=.vs3.com; secure
layout04=1; expires=Wed, 05-Oct-2022 05:51:01 GMT; path=/; SameSite=Strict; domain=.vs3.com
started=1664344260; expires=Thu, 29-Sep-2022 05:51:01 GMT; path=/; SameSite=Strict; domain=.vs3.com
pb_cc=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; SameSite=Strict; domain=.vs3.com
BILLING_TEST_SUB_GROUP_4=NEW; expires=Thu, 29-Sep-2022 05:51:01 GMT; path=/; domain=.vs3.com; secure
BILLING_TEST_GROUP_4=GROUP_B%3A%3Av8; expires=Wed, 05-Oct-2022 05:51:01 GMT; path=/; domain=.vs3.com; secure
content-encoding: gzip
vary: Accept-Encoding
access-control-allow-origin: *
content-length: 3651
content-type: application/json; charset=utf-8
strict-transport-security: max-age=31536000; preload;
X-Firefox-Spdy: h2
cbjpeg.stream.highwebmedia.com/stream?room=jennycutey&f=0.4065580517051063
200 OK 46 kB URL HTTP/2 cbjpeg.stream.highwebmedia.com/stream?room=jennycutey&f=0.4065580517051063
IP
ASN #50389 Phoenix Nap, LLC.
File type JPEG image data, JFIF standard 1.02, aspect ratio, density 1280x1281, segment length 16, comment: "Lavc58.91.100", baseline, precision 8, 854x480, components 3\012- data
Hash 49bf851064ce2072c2f775ec6da4437f
8e9acd89faca57b3abf3b9a998463c6c351de35b
7994232f0b22c696ed699438d038ceb20ceca2142db8625fa6d7602d11c67ceb
GET /stream?room=jennycutey&f=0.4065580517051063 HTTP/1.1
Host: cbjpeg.stream.highwebmedia.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://chaturbate.com/
Connection: keep-alive
Cookie: _cfuvid=kXs_XlsKrsTQ2.IV836bLhTFr5S80l2xUOMphpiEoDo-1664344260160-0-604800000
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 28 Sep 2022 05:51:02 GMT
content-type: image/jpeg
content-length: 46373
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: default-src 'none'; img-src data:; style-src 'unsafe-inline'
cache-tag: cbjpeg
x-frame-options: DENY
X-Firefox-Spdy: h2
cbjpeg.stream.highwebmedia.com/stream?room=jennycutey&f=0.9835476764699982
200 OK 107 kB URL HTTP/2 cbjpeg.stream.highwebmedia.com/stream?room=jennycutey&f=0.9835476764699982
IP
ASN #50389 Phoenix Nap, LLC.
Size 107 kB (107098 bytes)
Hash a6d9fea41c606a7d78213438a1a0dea0
10af77be13ada34a956095ca1b20350434ada226
edde1256db9f93b786c7ba443dbdf1526632f9e23a9b04a27651e372ce8edc33
GET /stream?room=jennycutey&f=0.9835476764699982 HTTP/1.1
Host: cbjpeg.stream.highwebmedia.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://chaturbate.com/
Connection: keep-alive
Cookie: _cfuvid=kXs_XlsKrsTQ2.IV836bLhTFr5S80l2xUOMphpiEoDo-1664344260160-0-604800000
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 28 Sep 2022 05:51:02 GMT
content-type: image/jpeg
content-length: 46849
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: default-src 'none'; img-src data:; style-src 'unsafe-inline'
cache-tag: cbjpeg
x-frame-options: DENY
X-Firefox-Spdy: h2
cbjpeg.stream.highwebmedia.com/stream?room=jennycutey&f=0.45971874139596325
200 OK 46 kB URL HTTP/2 cbjpeg.stream.highwebmedia.com/stream?room=jennycutey&f=0.45971874139596325
IP
ASN #50389 Phoenix Nap, LLC.
File type JPEG image data, JFIF standard 1.02, aspect ratio, density 1280x1281, segment length 16, comment: "Lavc58.91.100", baseline, precision 8, 854x480, components 3\012- data
Hash d3afab92e9bea0896b7a8e8417ec9b2f
f46e925dc0ae6ccca89afaec9d0cba0c7271db71
6dacbce8f051bdfe5883211c8ad4dc8514bf9bbd22d6d4a49ad9c8d6eae109f2
GET /stream?room=jennycutey&f=0.45971874139596325 HTTP/1.1
Host: cbjpeg.stream.highwebmedia.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://chaturbate.com/
Connection: keep-alive
Cookie: _cfuvid=kXs_XlsKrsTQ2.IV836bLhTFr5S80l2xUOMphpiEoDo-1664344260160-0-604800000
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 28 Sep 2022 05:51:02 GMT
content-type: image/jpeg
content-length: 45829
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: default-src 'none'; img-src data:; style-src 'unsafe-inline'
cache-tag: cbjpeg
x-frame-options: DENY
X-Firefox-Spdy: h2
thachuchopy.com/cbHcV.zda-GflgthZiz_9khlZmEnl-kpPqTrQsz_MuTvIw4xN-CzZAjBdCD_0EmFZGnHB-2JPKTLAMm_ZOnPJQ2RP-TTAUmVaWW_1YnZPaWbh-0ddeHfBgz_JiTjNkBlJ-TnJoGpJqT_JsGtMuTvA-5xNyDzUAt_MCiD5EzFL-mHNIkJbKj_EM1NLOmPN-vRbSSTUUy_RWmXNYyZZ-WbFc0daeX_ZglhciyjU-ylRmjnEo1_MqjrMsytN-yvUwyxRyj_IAwBMCzDM-4FOGCHUIy_RKjLQMzNM-TPIQ4RNSF_8UxVMWjXJ-mZMayb5cw_bemfcgmhc-GjFk5lPmT_AompcqGrF-5tbu3vVw0_UyGzVAyBQ-2DxEpFYG2_sI9JMKCLZ-yNZOXPYQ9_MSCTZUzVc-zX0Y1ZJan_Nc0dPeTfE-mheimj9ku_ZmUnlokpP-TrQs0tNuj_Qw5xNyjzI-
302 Found 0 B URL HTTP/2 thachuchopy.com/cbHcV.zda-GflgthZiz_9khlZmEnl-kpPqTrQsz_MuTvIw4xN-CzZAjBdCD_0EmFZGnHB-2JPKTLAMm_ZOnPJQ2RP-TTAUmVaWW_1YnZPaWbh-0ddeHfBgz_JiTjNkBlJ-TnJoGpJqT_JsGtMuTvA-5xNyDzUAt_MCiD5EzFL-mHNIkJbKj_EM1NLOmPN-vRbSSTUUy_RWmXNYyZZ-WbFc0daeX_ZglhciyjU-ylRmjnEo1_MqjrMsytN-yvUwyxRyj_IAwBMCzDM-4FOGCHUIy_RKjLQMzNM-TPIQ4RNSF_8UxVMWjXJ-mZMayb5cw_bemfcgmhc-GjFk5lPmT_AompcqGrF-5tbu3vVw0_UyGzVAyBQ-2DxEpFYG2_sI9JMKCLZ-yNZOXPYQ9_MSCTZUzVc-zX0Y1ZJan_Nc0dPeTfE-mheimj9ku_ZmUnlokpP-TrQs0tNuj_Qw5xNyjzI-
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /cbHcV.zda-GflgthZiz_9khlZmEnl-kpPqTrQsz_MuTvIw4xN-CzZAjBdCD_0EmFZGnHB-2JPKTLAMm_ZOnPJQ2RP-TTAUmVaWW_1YnZPaWbh-0ddeHfBgz_JiTjNkBlJ-TnJoGpJqT_JsGtMuTvA-5xNyDzUAt_MCiD5EzFL-mHNIkJbKj_EM1NLOmPN-vRbSSTUUy_RWmXNYyZZ-WbFc0daeX_ZglhciyjU-ylRmjnEo1_MqjrMsytN-yvUwyxRyj_IAwBMCzDM-4FOGCHUIy_RKjLQMzNM-TPIQ4RNSF_8UxVMWjXJ-mZMayb5cw_bemfcgmhc-GjFk5lPmT_AompcqGrF-5tbu3vVw0_UyGzVAyBQ-2DxEpFYG2_sI9JMKCLZ-yNZOXPYQ9_MSCTZUzVc-zX0Y1ZJan_Nc0dPeTfE-mheimj9ku_ZmUnlokpP-TrQs0tNuj_Qw5xNyjzI- HTTP/1.1
Host: thachuchopy.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://media.aso1.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 302 Found
server: nginx
date: Wed, 28 Sep 2022 05:51:02 GMT
content-length: 0
expires: Mon, 26 Jul 2011 05:00:00 GMT
cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
pragma: no-cache
accept-ch: Sec-CH-UA-Platform-Version, Sec-CH-UA-Platform
location: https://10945-2.s.cdn15.com/creatives/152327/203388/431284_122f3.png
x-content-type-options: nosniff
X-Firefox-Spdy: h2
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 0430085417cf41ae8c6abab3f215a785
56ee36f9675690d36820831e26f5b471a1a6c0f7
96fdd156523808fe10d786642c0ae040e50985816e8626fac6c77930466faffe
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "96FDD156523808FE10D786642C0AE040E50985816E8626FAC6C77930466FAFFE"
Last-Modified: Tue, 27 Sep 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6550
Expires: Wed, 28 Sep 2022 07:40:12 GMT
Date: Wed, 28 Sep 2022 05:51:02 GMT
Connection: keep-alive
cbjpeg.stream.highwebmedia.com/stream?room=jennycutey&f=0.5730293521020258
200 OK 46 kB URL HTTP/2 cbjpeg.stream.highwebmedia.com/stream?room=jennycutey&f=0.5730293521020258
IP
ASN #50389 Phoenix Nap, LLC.
File type JPEG image data, JFIF standard 1.02, aspect ratio, density 1280x1281, segment length 16, comment: "Lavc58.91.100", baseline, precision 8, 854x480, components 3\012- data
Hash 6d1c91a3c72d2c24b22292978ae41bfc
f3812b612611b0b0d22513ff8f43d0da5d75cea3
4c54cd295a148d6f1ac5373f9c0fa77dcadaef8e69b1c16b5cb54589f31e926e
GET /stream?room=jennycutey&f=0.5730293521020258 HTTP/1.1
Host: cbjpeg.stream.highwebmedia.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://chaturbate.com/
Connection: keep-alive
Cookie: _cfuvid=kXs_XlsKrsTQ2.IV836bLhTFr5S80l2xUOMphpiEoDo-1664344260160-0-604800000
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 28 Sep 2022 05:51:02 GMT
content-type: image/jpeg
content-length: 46301
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: default-src 'none'; img-src data:; style-src 'unsafe-inline'
cache-tag: cbjpeg
x-frame-options: DENY
X-Firefox-Spdy: h2
pt-static3.ptlwmstc.com/npe/ba/fklf/script/fk.lf-v268837.js
200 OK 138 kB URL HTTP/2 pt-static3.ptlwmstc.com/npe/ba/fklf/script/fk.lf-v268837.js
IP
ASN #34655 DuoDecad IT Services Luxembourg S.a r.l.
Size 138 kB (138493 bytes)
Hash ecfd8f25ad7c80f03802c7c0f6afccf4
927225afe2f61937264aba390d32c15ce6f6017d
109c45a8fa9f6c54a24ec3e90be91ca5db5438314da0aebfcdea3ad7fa15a439
GET /npe/ba/fklf/script/fk.lf-v268837.js HTTP/1.1
Host: pt-static3.ptlwmstc.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://pt.wmptctl.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Wed, 28 Sep 2022 05:51:00 GMT
content-type: application/javascript
last-modified: Tue, 27 Sep 2022 10:46:12 GMT
vary: Accept-Encoding, Accept-Encoding
etag: W/"6332d474-4f951"
access-control-allow-origin: *
server: unknown
x-cdn-node: sesto
x-cache-status: R-HIT
content-encoding: gzip
X-Firefox-Spdy: h2
pt.wmptctl.com/oe4jg/7nI.gif?c=object_container&%3Bsite=wl3&%3BcobrandId=240622&%3Bpsid=cybermike&%3Bpstool=302_1&%3Bpsprogram=cbrnd&%3Bcampaign_id=118122&%3BforcedPerformers%5B0%5D=&%3Bvp%5BshowChat%5D=false&%3Bvp%5BchatAutoHide%5D=false&%3Bvp%5BshowCallToAction%5D=false&%3Bvp%5BshowPerformerName%5D=false&%3Bvp%5BshowPerformerStatus%5D=false&%3Bfilters=&%3BsubAffId=%7BSUBAFFID%7D&%3BcategoryName=girl&%3BembedTool=1&%3Borigin=camschat.net&%3Brrc=3
200 OK 43 B URL HTTP/2 pt.wmptctl.com/oe4jg/7nI.gif?c=object_container&%3Bsite=wl3&%3BcobrandId=240622&%3Bpsid=cybermike&%3Bpstool=302_1&%3Bpsprogram=cbrnd&%3Bcampaign_id=118122&%3BforcedPerformers%5B0%5D=&%3Bvp%5BshowChat%5D=false&%3Bvp%5BchatAutoHide%5D=false&%3Bvp%5BshowCallToAction%5D=false&%3Bvp%5BshowPerformerName%5D=false&%3Bvp%5BshowPerformerStatus%5D=false&%3Bfilters=&%3BsubAffId=%7BSUBAFFID%7D&%3BcategoryName=girl&%3BembedTool=1&%3Borigin=camschat.net&%3Brrc=3
IP
ASN #34655 DuoDecad IT Services Luxembourg S.a r.l.
File type GIF image data, version 89a, 1 x 1\012- data
Hash ad4b0f606e0f8465bc4c4c170b37e1a3
50b30fd5f87c85fe5cba2635cb83316ca71250d7
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
GET /oe4jg/7nI.gif?c=object_container&%3Bsite=wl3&%3BcobrandId=240622&%3Bpsid=cybermike&%3Bpstool=302_1&%3Bpsprogram=cbrnd&%3Bcampaign_id=118122&%3BforcedPerformers%5B0%5D=&%3Bvp%5BshowChat%5D=false&%3Bvp%5BchatAutoHide%5D=false&%3Bvp%5BshowCallToAction%5D=false&%3Bvp%5BshowPerformerName%5D=false&%3Bvp%5BshowPerformerStatus%5D=false&%3Bfilters=&%3BsubAffId=%7BSUBAFFID%7D&%3BcategoryName=girl&%3BembedTool=1&%3Borigin=camschat.net&%3Brrc=3 HTTP/1.1
Host: pt.wmptctl.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://pt.wmptctl.com/live-feed?c=object_container&site=wl3&cobrandId=240622&psid=cybermike&pstool=302_1&psprogram=cbrnd&campaign_id=118122&forcedPerformers%5B0%5D=&vp%5BshowChat%5D=false&vp%5BchatAutoHide%5D=false&vp%5BshowCallToAction%5D=false&vp%5BshowPerformerName%5D=false&vp%5BshowPerformerStatus%5D=false&filters=&subAffId=%7BSUBAFFID%7D&categoryName=girl&embedTool=1&origin=camschat.net&rrc=3
Cookie: psui=c11170dca089cc3d7eb6d01a7f1a1068
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Wed, 28 Sep 2022 05:51:02 GMT
content-type: image/gif
content-length: 43
last-modified: Mon, 28 Sep 1970 06:00:00 GMT
server: unknown
set-cookie: psui=c11170dca089cc3d7eb6d01a7f1a1068; Path=/; Expires=Fri, 28-Oct-22 05:51:02 GMT; SameSite=None; Secure
expires: Wed, 28 Sep 2022 05:51:01 GMT
cache-control: no-cache
access-control-allow-origin: *
X-Firefox-Spdy: h2
10945-2.s.cdn15.com/creatives/152327/203388/431284_122f3.png
200 OK 668 kB URL HTTP/2 10945-2.s.cdn15.com/creatives/152327/203388/431284_122f3.png
IP
ASN #61107 Toonbox Studio Ltd
File type PNG image data, 720 x 483, 8-bit/color RGBA, non-interlaced\012- data
Size 668 kB (667713 bytes)
Hash a19d3b5a7fb72235bf29ec7a73b73811
0cac2c7f214328b0db3bc8d4ccbddd33e41f1140
3ffd01fa191ec59c92c991d5e341f807f41b1425a770e13cb79614ea87ce240a
GET /creatives/152327/203388/431284_122f3.png HTTP/1.1
Host: 10945-2.s.cdn15.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://media.aso1.net/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: ucdn/1.22.0
date: Wed, 28 Sep 2022 05:51:02 GMT
content-type: image/png
content-length: 667713
last-modified: Wed, 11 May 2022 13:07:19 GMT
etag: "a19d3b5a7fb72235bf29ec7a73b73811"
x-timestamp: 1652274438.78210
x-trans-id: tx39fe478e6cba4491846ae-00627bb5b0
x-openstack-request-id: tx39fe478e6cba4491846ae-00627bb5b0
expires: Fri, 21 Oct 2022 20:55:19 GMT
cache-control: max-age=2041457
x-ureq-id: OoAmJoUAEw1FmrRSUCPKweut4VA1NA==
x-served-from: l1
access-control-allow-origin: *
access-control-allow-methods: HEAD, GET, OPTIONS
x-vhostid: 6611, 24238
accept-ranges: bytes
X-Firefox-Spdy: h2
cbjpeg.stream.highwebmedia.com/stream?room=jennycutey&f=0.42151807555576104
200 OK 47 kB URL HTTP/2 cbjpeg.stream.highwebmedia.com/stream?room=jennycutey&f=0.42151807555576104
IP
ASN #50389 Phoenix Nap, LLC.
File type JPEG image data, JFIF standard 1.02, aspect ratio, density 1280x1281, segment length 16, comment: "Lavc58.91.100", baseline, precision 8, 854x480, components 3\012- data
Hash 5e7f6686305a5a6e6a61e6c0cafc5e14
efca9268db76fd5ee66cf9d03262c5fb29811703
7169d0a3998e843a51dad2dfdd5938af5a43a4faf19a42e362e7e3fa500b9cb3
GET /stream?room=jennycutey&f=0.42151807555576104 HTTP/1.1
Host: cbjpeg.stream.highwebmedia.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://chaturbate.com/
Connection: keep-alive
Cookie: _cfuvid=kXs_XlsKrsTQ2.IV836bLhTFr5S80l2xUOMphpiEoDo-1664344260160-0-604800000
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 28 Sep 2022 05:51:02 GMT
content-type: image/jpeg
content-length: 46834
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: default-src 'none'; img-src data:; style-src 'unsafe-inline'
cache-tag: cbjpeg
x-frame-options: DENY
X-Firefox-Spdy: h2
galleryn3.awemdia.com/ff268cab8d9fbae1ed7506f97496274f1e/ebf92b100463ecc301cc3a2d3138b267_glamour_896x504.jpg
200 OK 79 kB URL HTTP/2 galleryn3.awemdia.com/ff268cab8d9fbae1ed7506f97496274f1e/ebf92b100463ecc301cc3a2d3138b267_glamour_896x504.jpg
IP
ASN #34655 DuoDecad IT Services Luxembourg S.a r.l.
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, progressive, precision 8, 896x504, components 3\012- data
Hash 36c371eb9f16e88f341d75cc5ae6f3df
ea3a3ddbed1ab1e7b8b04ab0a974626f6fd28510
70e64b631be36be5841a1aee441244974828982fc6ddc875fbb07b6adc100112
GET /ff268cab8d9fbae1ed7506f97496274f1e/ebf92b100463ecc301cc3a2d3138b267_glamour_896x504.jpg HTTP/1.1
Host: galleryn3.awemdia.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://pt.wmptctl.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Wed, 28 Sep 2022 05:51:02 GMT
content-type: image/jpeg
content-length: 78603
last-modified: Tue, 19 Jul 2022 00:18:16 GMT
etag: "36c371eb9f16e88f341d75cc5ae6f3df"
access-control-allow-origin: *
x-content-type-options: nosniff
x-cache-source: Origin
x-cache-status: R-HIT
expires: Wed, 12 Oct 2022 05:51:02 GMT
server: unknown
x-cdn-node: sesto
cache-control: max-age=1209600
x-real-source: -
accept-ranges: bytes
X-Firefox-Spdy: h2
pt-static3.ptlwmstc.com/npe/ba/elf/script/elf-v268837.js
200 OK 188 kB URL HTTP/2 pt-static3.ptlwmstc.com/npe/ba/elf/script/elf-v268837.js
IP
ASN #34655 DuoDecad IT Services Luxembourg S.a r.l.
File type ASCII text, with very long lines (65536), with no line terminators
Size 188 kB (187931 bytes)
Hash 98d49662d468864ef432f7d5ed1ee477
217a9407ecf0edf6e98eca5290c07cd6d6f53b13
a75cb6bae987c7635878fd0db097f53fb480f97ff854eae73f1639008c611aae
GET /npe/ba/elf/script/elf-v268837.js HTTP/1.1
Host: pt-static3.ptlwmstc.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://pt.wmptctl.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Wed, 28 Sep 2022 05:51:02 GMT
content-type: application/javascript
last-modified: Tue, 27 Sep 2022 10:46:12 GMT
vary: Accept-Encoding, Accept-Encoding
etag: W/"6332d474-8a384"
access-control-allow-origin: *
server: unknown
x-cdn-node: sesto
x-cache-status: R-HIT
content-encoding: gzip
X-Firefox-Spdy: h2
bam.nr-data.net/ins/1/6f524845d1?a=24279235&v=1216.487a282&to=MwYEbUdYXxJQWhULDApMIExbWkUIXldOAQsFF0hPXFxGEgtrDg0OMgoDThteVBU%3D&rst=2610&ck=1&ref=https://chaturbate.com/embed/jennycutey/&at=H0ETGw9CExRCXBM9CgBBXAkZG0QSVEsPAw4BQVwbamZQD15XPj1BSEEVUFJXRBFuXQAWBkZZVhUXenc%2BY1gYQFlGVFMIVAoFV1ULBQQBBlZXDBh2Yi0TFUMhJTshCU0XAwlWHRsiJDwmDBJ8TU1DABMDQwQCCBADFVNYXRJUG01AEQECCmZcSRNbEwBQTFpUTVILGwgEVRMVQwMNCw05X1lYVhITA0NAT0YBA0pBZlYUVEoSPQoUQVwbDAgfWAEXVVBNVVZSGxkbUwRCTT4FFgEQFWZSXF5DCxsvLUFIQQ9JalpeFF9NExtBXkEodhcVEwhBZgINFgoXFEBqWl4PV1AFBw0HBkQDFwwBQx0bCBI8CgYSTlpLWkMLGwMOChxNBVZYGx1DWEk%2BDREDAghQT1hFCF5XQ1hBJg8PQRVqXg1ETQgNDRdBShtcSW4IQklDWEEmDw9BFWpeDURNCA0NF0FKG1xJbgBCV0NYVlRQVg0ZG1gRblgSDDwLEQEbDxtzDVhBQTEMCBYSUFpXQkFwakNOQQ0TOVpaV18EUk0IDQ07Fx9JUBsLQ3JYAw4GSyc1dRcVEwhBZhQRBhY8EkBFXBNbE0sEEQoABghNXFhdQx0bEwcSEQYVTWpJUBVZG1tATAEOBFxRFlsEX1cYARYQBh8WFxUTFl1mCQ0QEEFcG1ZRUBVESwMDFwFNBVZYGx1DQlAVBzwNB0QDBBUTElhNBD0HCw4HUFsbC0NSUQAWFhYBB01QF1IOXBtNQBEBEhNcRk1uCV5KFUBZRgAOWEFMQwNQTQRMAAsORBUXW0MORkoEEDwNB0QDFwBUAwkPBFEFSVsAAAUUBQNTXUxbUVACS1wBAQUDUgpYA1UGVEQVF0tUB1RLBBBBXkEOTUFJQlseFlBQUlVRVQoDF0EISRQCBg1KDBReGhsdQ0NcEBcGFxc5VFBNWQ5VG1tAJCE3RBUXSUgVWVYPPRUBERVQWlcTWxMKT1VBSEETWGpdVBdYWgQ9BQUOD1VMGwtDfk0JBxFGT0RMVGZVBEdQAgc8EBoWXBcDEwVUSgoWDBRBShtAWG4OQmYHAw4NDx8bDxt9CF9MGUBPRhYHZlpKbhdUSxILDApBXBsXFRMUUGYDEAwTEANLal9QDFhVGEBZRiUPS1BfXhkTFUMXAjsBFFZCSlQTbk8EEBANDAgbDxsIVx8JQ05BEQI5SkFLWA9WG1tALgsZD1VZWB5UHwlBSjtVUl0ZeVBfFEkZGVpVO1VSAhVLR1sID09SSkQkA1peVh5TAQhRUlJUUkZ/XEtUB15BTltVSlNEFRdeWBVuWg4PDg0XRAMXXwRXAlwCBlVWWgdYFxUTEVBLAA8QRllEQmkbWw5YVz4NFQERClhMZRNbEWVDUz9GT0ZlF01eFENlQ1hDOEECbVgJbUMdGT1AAAUOFlhcXl89EwNBPkEQAilKd2UTTRFlQwYKFwIEVVBmQg5EVwU%2BQV5DOhsEZRNNEWVDDwwGCgpcZ1xVCENcAhY/RllGZRdYRBVeZUNOQzhBA1RXXFU%2BR1AFBww7DAhVTGUTWxFlQ1M/Rk9GZRdNUBNWXBU%2BQV5DOhtqW10AX1I9QB5GT0RcWVBWCFNVBD0QFA8PTWpNVBJFSkNYQUQnFVpDS3NQEX0SARUWIVQZcUpSF0N7UkInFwAQS3cNEUMdGwQOCgMKBFVQZkIRXVAVPRcBEBJKaldCQwsbQQYKFwAJT1BLSD5BWAYHQ0ZPRFhWTVgXVGYSEg8NFzlNUEpFEhMDQ0InFwAQS3cLEUMdGwABFw0VA2ZGSV0IRWYVBxAQEDlXRhsLQxFdCBEACxUDS0xmQQBWXEFAT0YAB1RqTVAGEwNDEhYGDw9aFxUTAl5VDhA8CQwCXBcDEw1YXgkWDgsHAxsZG0MOXlQ%2BERcFFxNKFwMTDVhPBEAeGQ%3D%3D
204 No Content 0 B URL HTTP/1.1 bam.nr-data.net/ins/1/6f524845d1?a=24279235&v=1216.487a282&to=MwYEbUdYXxJQWhULDApMIExbWkUIXldOAQsFF0hPXFxGEgtrDg0OMgoDThteVBU%3D&rst=2610&ck=1&ref=https://chaturbate.com/embed/jennycutey/&at=H0ETGw9CExRCXBM9CgBBXAkZG0QSVEsPAw4BQVwbamZQD15XPj1BSEEVUFJXRBFuXQAWBkZZVhUXenc%2BY1gYQFlGVFMIVAoFV1ULBQQBBlZXDBh2Yi0TFUMhJTshCU0XAwlWHRsiJDwmDBJ8TU1DABMDQwQCCBADFVNYXRJUG01AEQECCmZcSRNbEwBQTFpUTVILGwgEVRMVQwMNCw05X1lYVhITA0NAT0YBA0pBZlYUVEoSPQoUQVwbDAgfWAEXVVBNVVZSGxkbUwRCTT4FFgEQFWZSXF5DCxsvLUFIQQ9JalpeFF9NExtBXkEodhcVEwhBZgINFgoXFEBqWl4PV1AFBw0HBkQDFwwBQx0bCBI8CgYSTlpLWkMLGwMOChxNBVZYGx1DWEk%2BDREDAghQT1hFCF5XQ1hBJg8PQRVqXg1ETQgNDRdBShtcSW4IQklDWEEmDw9BFWpeDURNCA0NF0FKG1xJbgBCV0NYVlRQVg0ZG1gRblgSDDwLEQEbDxtzDVhBQTEMCBYSUFpXQkFwakNOQQ0TOVpaV18EUk0IDQ07Fx9JUBsLQ3JYAw4GSyc1dRcVEwhBZhQRBhY8EkBFXBNbE0sEEQoABghNXFhdQx0bEwcSEQYVTWpJUBVZG1tATAEOBFxRFlsEX1cYARYQBh8WFxUTFl1mCQ0QEEFcG1ZRUBVESwMDFwFNBVZYGx1DQlAVBzwNB0QDBBUTElhNBD0HCw4HUFsbC0NSUQAWFhYBB01QF1IOXBtNQBEBEhNcRk1uCV5KFUBZRgAOWEFMQwNQTQRMAAsORBUXW0MORkoEEDwNB0QDFwBUAwkPBFEFSVsAAAUUBQNTXUxbUVACS1wBAQUDUgpYA1UGVEQVF0tUB1RLBBBBXkEOTUFJQlseFlBQUlVRVQoDF0EISRQCBg1KDBReGhsdQ0NcEBcGFxc5VFBNWQ5VG1tAJCE3RBUXSUgVWVYPPRUBERVQWlcTWxMKT1VBSEETWGpdVBdYWgQ9BQUOD1VMGwtDfk0JBxFGT0RMVGZVBEdQAgc8EBoWXBcDEwVUSgoWDBRBShtAWG4OQmYHAw4NDx8bDxt9CF9MGUBPRhYHZlpKbhdUSxILDApBXBsXFRMUUGYDEAwTEANLal9QDFhVGEBZRiUPS1BfXhkTFUMXAjsBFFZCSlQTbk8EEBANDAgbDxsIVx8JQ05BEQI5SkFLWA9WG1tALgsZD1VZWB5UHwlBSjtVUl0ZeVBfFEkZGVpVO1VSAhVLR1sID09SSkQkA1peVh5TAQhRUlJUUkZ/XEtUB15BTltVSlNEFRdeWBVuWg4PDg0XRAMXXwRXAlwCBlVWWgdYFxUTEVBLAA8QRllEQmkbWw5YVz4NFQERClhMZRNbEWVDUz9GT0ZlF01eFENlQ1hDOEECbVgJbUMdGT1AAAUOFlhcXl89EwNBPkEQAilKd2UTTRFlQwYKFwIEVVBmQg5EVwU%2BQV5DOhsEZRNNEWVDDwwGCgpcZ1xVCENcAhY/RllGZRdYRBVeZUNOQzhBA1RXXFU%2BR1AFBww7DAhVTGUTWxFlQ1M/Rk9GZRdNUBNWXBU%2BQV5DOhtqW10AX1I9QB5GT0RcWVBWCFNVBD0QFA8PTWpNVBJFSkNYQUQnFVpDS3NQEX0SARUWIVQZcUpSF0N7UkInFwAQS3cNEUMdGwQOCgMKBFVQZkIRXVAVPRcBEBJKaldCQwsbQQYKFwAJT1BLSD5BWAYHQ0ZPRFhWTVgXVGYSEg8NFzlNUEpFEhMDQ0InFwAQS3cLEUMdGwABFw0VA2ZGSV0IRWYVBxAQEDlXRhsLQxFdCBEACxUDS0xmQQBWXEFAT0YAB1RqTVAGEwNDEhYGDw9aFxUTAl5VDhA8CQwCXBcDEw1YXgkWDgsHAxsZG0MOXlQ%2BERcFFxNKFwMTDVhPBEAeGQ%3D%3D
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /ins/1/6f524845d1?a=24279235&v=1216.487a282&to=MwYEbUdYXxJQWhULDApMIExbWkUIXldOAQsFF0hPXFxGEgtrDg0OMgoDThteVBU%3D&rst=2610&ck=1&ref=https://chaturbate.com/embed/jennycutey/&at=H0ETGw9CExRCXBM9CgBBXAkZG0QSVEsPAw4BQVwbamZQD15XPj1BSEEVUFJXRBFuXQAWBkZZVhUXenc%2BY1gYQFlGVFMIVAoFV1ULBQQBBlZXDBh2Yi0TFUMhJTshCU0XAwlWHRsiJDwmDBJ8TU1DABMDQwQCCBADFVNYXRJUG01AEQECCmZcSRNbEwBQTFpUTVILGwgEVRMVQwMNCw05X1lYVhITA0NAT0YBA0pBZlYUVEoSPQoUQVwbDAgfWAEXVVBNVVZSGxkbUwRCTT4FFgEQFWZSXF5DCxsvLUFIQQ9JalpeFF9NExtBXkEodhcVEwhBZgINFgoXFEBqWl4PV1AFBw0HBkQDFwwBQx0bCBI8CgYSTlpLWkMLGwMOChxNBVZYGx1DWEk%2BDREDAghQT1hFCF5XQ1hBJg8PQRVqXg1ETQgNDRdBShtcSW4IQklDWEEmDw9BFWpeDURNCA0NF0FKG1xJbgBCV0NYVlRQVg0ZG1gRblgSDDwLEQEbDxtzDVhBQTEMCBYSUFpXQkFwakNOQQ0TOVpaV18EUk0IDQ07Fx9JUBsLQ3JYAw4GSyc1dRcVEwhBZhQRBhY8EkBFXBNbE0sEEQoABghNXFhdQx0bEwcSEQYVTWpJUBVZG1tATAEOBFxRFlsEX1cYARYQBh8WFxUTFl1mCQ0QEEFcG1ZRUBVESwMDFwFNBVZYGx1DQlAVBzwNB0QDBBUTElhNBD0HCw4HUFsbC0NSUQAWFhYBB01QF1IOXBtNQBEBEhNcRk1uCV5KFUBZRgAOWEFMQwNQTQRMAAsORBUXW0MORkoEEDwNB0QDFwBUAwkPBFEFSVsAAAUUBQNTXUxbUVACS1wBAQUDUgpYA1UGVEQVF0tUB1RLBBBBXkEOTUFJQlseFlBQUlVRVQoDF0EISRQCBg1KDBReGhsdQ0NcEBcGFxc5VFBNWQ5VG1tAJCE3RBUXSUgVWVYPPRUBERVQWlcTWxMKT1VBSEETWGpdVBdYWgQ9BQUOD1VMGwtDfk0JBxFGT0RMVGZVBEdQAgc8EBoWXBcDEwVUSgoWDBRBShtAWG4OQmYHAw4NDx8bDxt9CF9MGUBPRhYHZlpKbhdUSxILDApBXBsXFRMUUGYDEAwTEANLal9QDFhVGEBZRiUPS1BfXhkTFUMXAjsBFFZCSlQTbk8EEBANDAgbDxsIVx8JQ05BEQI5SkFLWA9WG1tALgsZD1VZWB5UHwlBSjtVUl0ZeVBfFEkZGVpVO1VSAhVLR1sID09SSkQkA1peVh5TAQhRUlJUUkZ/XEtUB15BTltVSlNEFRdeWBVuWg4PDg0XRAMXXwRXAlwCBlVWWgdYFxUTEVBLAA8QRllEQmkbWw5YVz4NFQERClhMZRNbEWVDUz9GT0ZlF01eFENlQ1hDOEECbVgJbUMdGT1AAAUOFlhcXl89EwNBPkEQAilKd2UTTRFlQwYKFwIEVVBmQg5EVwU%2BQV5DOhsEZRNNEWVDDwwGCgpcZ1xVCENcAhY/RllGZRdYRBVeZUNOQzhBA1RXXFU%2BR1AFBww7DAhVTGUTWxFlQ1M/Rk9GZRdNUBNWXBU%2BQV5DOhtqW10AX1I9QB5GT0RcWVBWCFNVBD0QFA8PTWpNVBJFSkNYQUQnFVpDS3NQEX0SARUWIVQZcUpSF0N7UkInFwAQS3cNEUMdGwQOCgMKBFVQZkIRXVAVPRcBEBJKaldCQwsbQQYKFwAJT1BLSD5BWAYHQ0ZPRFhWTVgXVGYSEg8NFzlNUEpFEhMDQ0InFwAQS3cLEUMdGwABFw0VA2ZGSV0IRWYVBxAQEDlXRhsLQxFdCBEACxUDS0xmQQBWXEFAT0YAB1RqTVAGEwNDEhYGDw9aFxUTAl5VDhA8CQwCXBcDEw1YXgkWDgsHAxsZG0MOXlQ%2BERcFFxNKFwMTDVhPBEAeGQ%3D%3D HTTP/1.1
Host: bam.nr-data.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://chaturbate.com/
content-type: text/plain
Content-Length: 1883
Origin: https://chaturbate.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 204 No Content
Date: Wed, 28 Sep 2022 05:51:03 GMT
Connection: keep-alive
CF-Ray: 751a347b2f4a0b61-OSL
Access-Control-Allow-Origin: https://chaturbate.com
CF-Cache-Status: DYNAMIC
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, PUT, HEAD, OPTIONS
Vary: Accept-Encoding
Server: cloudflare
cbjpeg.stream.highwebmedia.com/stream?room=jennycutey&f=0.7410538874345489
200 OK 46 kB URL HTTP/2 cbjpeg.stream.highwebmedia.com/stream?room=jennycutey&f=0.7410538874345489
IP
ASN #50389 Phoenix Nap, LLC.
File type JPEG image data, JFIF standard 1.02, aspect ratio, density 1280x1281, segment length 16, comment: "Lavc58.91.100", baseline, precision 8, 854x480, components 3\012- data
Hash f013e74b252760683fe0257d74d3194d
764fefd972d5c3fc63fccbae3fc226f54bfac363
db4e7ae0a1f9f88f93a99bde4ee738c9412e2d8437586f76a92d4d64f16259ab
GET /stream?room=jennycutey&f=0.7410538874345489 HTTP/1.1
Host: cbjpeg.stream.highwebmedia.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://chaturbate.com/
Connection: keep-alive
Cookie: _cfuvid=kXs_XlsKrsTQ2.IV836bLhTFr5S80l2xUOMphpiEoDo-1664344260160-0-604800000
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 28 Sep 2022 05:51:03 GMT
content-type: image/jpeg
content-length: 45648
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: default-src 'none'; img-src data:; style-src 'unsafe-inline'
cache-tag: cbjpeg
x-frame-options: DENY
X-Firefox-Spdy: h2
ocsp.sectigo.com/
200 OK 472 B IP
Hash 0eff56985c3b3625a9f2fee1ebd251e9
3e259c0ccf3283bbb8553d924e15dc015c7000be
c365c3857216c3753ef6dd139c54b4a61d45b3232e18173bad66486e659a7f22
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Wed, 28 Sep 2022 05:51:03 GMT
Content-Type: application/ocsp-response
Content-Length: 472
Connection: keep-alive
Last-Modified: Tue, 27 Sep 2022 07:51:02 GMT
Expires: Tue, 04 Oct 2022 07:51:01 GMT
Etag: "3e259c0ccf3283bbb8553d924e15dc015c7000be"
Cache-Control: max-age=524997,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb5
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 751a347c4e7c0b65-OSL
realtime.pa.highwebmedia.com/keys/KSKw2g.L36ISg/requestToken?rnd=166471029152917
204 No Content 0 B URL HTTP/2 realtime.pa.highwebmedia.com/keys/KSKw2g.L36ISg/requestToken?rnd=166471029152917
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
OPTIONS /keys/KSKw2g.L36ISg/requestToken?rnd=166471029152917 HTTP/1.1
Host: realtime.pa.highwebmedia.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: ably-agent,content-type,x-ably-version
Referer: https://chaturbate.com/
Origin: https://chaturbate.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 204 No Content
access-control-allow-credentials: true
access-control-allow-headers: Origin,X-Requested-With,Content-Type,Content-Length,Accept,Authorization,X-Ably-Version,X-Ably-Lib,X-Ably-ClientId,Ably-Agent
access-control-allow-methods: GET,PUT,POST,DELETE,OPTIONS
access-control-allow-origin: https://chaturbate.com
access-control-max-age: 3600
date: Wed, 28 Sep 2022 05:51:03 GMT
x-cache: Miss from cloudfront
via: 1.1 5bcfe2deda0bdbc6bade0af9b61602ca.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: cuSmKbvHSR3liBM8FpMg7AbwaAQT_bpL-C7K_LV5G0ahI2IcHN0MkQ==
X-Firefox-Spdy: h2
dss-relay-109-71-166-18.dditscdn.com/?psid=&pstool=
101 Switching Protocols 0 B URL HTTP/1.1 dss-relay-109-71-166-18.dditscdn.com/?psid=&pstool=
IP
ASN #34655 DuoDecad IT Services Luxembourg S.a r.l.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /?psid=&pstool= HTTP/1.1
Host: dss-relay-109-71-166-18.dditscdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: https://pt.wmptctl.com
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: AKN7bJYveIvwb/CKFxd1DQ==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Server: unknown
Date: Wed, 28 Sep 2022 05:51:03 GMT
Connection: upgrade
Upgrade: websocket
Sec-WebSocket-Accept: dXF7dpjKd4ETUIA3J5hBR8299fM=
cbjpeg.stream.highwebmedia.com/stream?room=jennycutey&f=0.9152000776929119
200 OK 46 kB URL HTTP/2 cbjpeg.stream.highwebmedia.com/stream?room=jennycutey&f=0.9152000776929119
IP
ASN #50389 Phoenix Nap, LLC.
File type JPEG image data, JFIF standard 1.02, aspect ratio, density 1280x1281, segment length 16, comment: "Lavc58.91.100", baseline, precision 8, 854x480, components 3\012- data
Hash 50442b1d8ba4a778f01de153de4322a3
7457db8e0450b64a40ea4e43379362fc303dfd1a
a341d651ea522afd1ac769838bb570554512cd488d447f5238f3e910570939ca
GET /stream?room=jennycutey&f=0.9152000776929119 HTTP/1.1
Host: cbjpeg.stream.highwebmedia.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://chaturbate.com/
Connection: keep-alive
Cookie: _cfuvid=kXs_XlsKrsTQ2.IV836bLhTFr5S80l2xUOMphpiEoDo-1664344260160-0-604800000
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 28 Sep 2022 05:51:03 GMT
content-type: image/jpeg
content-length: 45716
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: default-src 'none'; img-src data:; style-src 'unsafe-inline'
cache-tag: cbjpeg
x-frame-options: DENY
X-Firefox-Spdy: h2
realtime.pa.highwebmedia.com/keys/KSKw2g.L36ISg/requestToken?rnd=166471029152917
201 Created 1.0 kB URL HTTP/2 realtime.pa.highwebmedia.com/keys/KSKw2g.L36ISg/requestToken?rnd=166471029152917
IP
File type JSON data\012- , ASCII text, with very long lines (804)
Hash 4f35a3cc23f5cc871d455a02de5270a1
f9f31c80a73dadcd4aab477a1951330815c5b818
c267b3363bd0952407d0c490c863a3f849d38759d76e77350cca07307ea2025b
POST /keys/KSKw2g.L36ISg/requestToken?rnd=166471029152917 HTTP/1.1
Host: realtime.pa.highwebmedia.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://chaturbate.com/
content-type: application/json
X-Ably-Version: 1.2
Ably-Agent: ably-js/1.2.13 browser
Content-Length: 1039
Origin: https://chaturbate.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 201 Created
content-type: application/json
content-length: 1036
access-control-allow-credentials: true
access-control-allow-origin: https://chaturbate.com
access-control-expose-headers: Link,Transfer-Encoding,Content-Length,X-Ably-ErrorCode,X-Ably-ErrorMessage,X-Ably-ServerId,Server
date: Wed, 28 Sep 2022 05:51:03 GMT
vary: Origin
x-ably-serverid: frontend.f4ed.8.eu-central-1-A.i-09fbaabe1123a1bd4.e91y0UtVQBGKGz
x-robots-tag: noindex
x-cache: Miss from cloudfront
via: 1.1 5bcfe2deda0bdbc6bade0af9b61602ca.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: t5kjngrhFvSxZ4LVtunOrAc7-ieJVoFjx1HabGPttUhjZDDcqnnLfQ==
X-Firefox-Spdy: h2
cbjpeg.stream.highwebmedia.com/stream?room=jennycutey&f=0.6021989137417296
200 OK 47 kB URL HTTP/2 cbjpeg.stream.highwebmedia.com/stream?room=jennycutey&f=0.6021989137417296
IP
ASN #50389 Phoenix Nap, LLC.
Hash 124ab2f2d2b6174940483a1d79fcba11
fbfd16df985cd00e363774aa5bf9185f95fcac92
4603132743e1e2b38bd2aa670dbd4b152f0745d3067c4c3ad80dc34ae573daf2
GET /stream?room=jennycutey&f=0.6021989137417296 HTTP/1.1
Host: cbjpeg.stream.highwebmedia.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://chaturbate.com/
Connection: keep-alive
Cookie: _cfuvid=kXs_XlsKrsTQ2.IV836bLhTFr5S80l2xUOMphpiEoDo-1664344260160-0-604800000
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 28 Sep 2022 05:51:03 GMT
content-type: image/jpeg
content-length: 46537
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: default-src 'none'; img-src data:; style-src 'unsafe-inline'
cache-tag: cbjpeg
x-frame-options: DENY
X-Firefox-Spdy: h2
bam.nr-data.net/events/1/6f524845d1?a=24279235&v=1216.487a282&to=MwYEbUdYXxJQWhULDApMIExbWkUIXldOAQsFF0hPXFxGEgtrDg0OMgoDThteVBU%3D&rst=3059&ck=1&ref=https://chaturbate.com/embed/jennycutey/
200 OK 24 B URL HTTP/1.1 bam.nr-data.net/events/1/6f524845d1?a=24279235&v=1216.487a282&to=MwYEbUdYXxJQWhULDApMIExbWkUIXldOAQsFF0hPXFxGEgtrDg0OMgoDThteVBU%3D&rst=3059&ck=1&ref=https://chaturbate.com/embed/jennycutey/
IP
File type GIF image data, version 89a, 1 x 1\012- data
Hash bc32ed98d624acb4008f986349a20d26
2d3df8c11d2168ce2c27e0937421d11d85016361
0c9cf152a0ad00d4f102c93c613c104914be5517ac8f8e0831727f8bfbe8b300
POST /events/1/6f524845d1?a=24279235&v=1216.487a282&to=MwYEbUdYXxJQWhULDApMIExbWkUIXldOAQsFF0hPXFxGEgtrDg0OMgoDThteVBU%3D&rst=3059&ck=1&ref=https://chaturbate.com/embed/jennycutey/ HTTP/1.1
Host: bam.nr-data.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://chaturbate.com/
content-type: text/plain
Content-Length: 3279
Origin: https://chaturbate.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Date: Wed, 28 Sep 2022 05:51:03 GMT
Content-Type: image/gif
Content-Length: 24
Connection: keep-alive
CF-Ray: 751a347de9cb0b61-OSL
Access-Control-Allow-Origin: https://chaturbate.com
CF-Cache-Status: DYNAMIC
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, PUT, HEAD, OPTIONS
Vary: Accept-Encoding
Server: cloudflare
realtime.pa.highwebmedia.com/comet/connect?access_token=KSKw2g.AL36ISgOSm8SqQyi5zt9CoZ0tQoGZJsbzL6VJYwAnMLGiU0TXE&stream=false&heartbeats=true&v=1.2&agent=ably-js%2F1.2.13%20browser&remainPresentFor=0&rnd=7242009660469089
200 OK 572 B URL HTTP/2 realtime.pa.highwebmedia.com/comet/connect?access_token=KSKw2g.AL36ISgOSm8SqQyi5zt9CoZ0tQoGZJsbzL6VJYwAnMLGiU0TXE&stream=false&heartbeats=true&v=1.2&agent=ably-js%2F1.2.13%20browser&remainPresentFor=0&rnd=7242009660469089
IP
File type JSON data\012- , ASCII text
Hash 05127d41d6c9b5da2ebed7f6eff8524c
68211311bd18dc03e95ab2ea26fbe703ded2fc28
ac8c51688058625865b7481f4e249ce93d5e47c067608426d2e19eede956272e
GET /comet/connect?access_token=KSKw2g.AL36ISgOSm8SqQyi5zt9CoZ0tQoGZJsbzL6VJYwAnMLGiU0TXE&stream=false&heartbeats=true&v=1.2&agent=ably-js%2F1.2.13%20browser&remainPresentFor=0&rnd=7242009660469089 HTTP/1.1
Host: realtime.pa.highwebmedia.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://chaturbate.com/
Origin: https://chaturbate.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: application/json
content-length: 572
access-control-allow-credentials: true
access-control-allow-origin: https://chaturbate.com
access-control-expose-headers: Link,Transfer-Encoding,Content-Length,X-Ably-ErrorCode,X-Ably-ErrorMessage,X-Ably-ServerId,Server
date: Wed, 28 Sep 2022 05:51:03 GMT
vary: Origin
x-ably-serverid: frontend.4ac7.8.eu-central-1-A.i-02b077e81e4a7136d.e91pWhDJQBGKFP
x-robots-tag: noindex
x-cache: Miss from cloudfront
via: 1.1 5bcfe2deda0bdbc6bade0af9b61602ca.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: rcrUtI5A0ET_zDQnAeNQZe3524JIcEYP-KbHSO85JiUzqennz9UiBg==
X-Firefox-Spdy: h2
realtime.pa.highwebmedia.com/comet/e91pWhDJQBGKFP!3m_Exyrd1HrTS7FU-1a5aee91pWhDJQBGKFP/send?access_token=KSKw2g.AL36ISgOSm8SqQyi5zt9CoZ0tQoGZJsbzL6VJYwAnMLGiU0TXE&rnd=8980342108352016
204 No Content 0 B URL HTTP/2 realtime.pa.highwebmedia.com/comet/e91pWhDJQBGKFP!3m_Exyrd1HrTS7FU-1a5aee91pWhDJQBGKFP/send?access_token=KSKw2g.AL36ISgOSm8SqQyi5zt9CoZ0tQoGZJsbzL6VJYwAnMLGiU0TXE&rnd=8980342108352016
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
OPTIONS /comet/e91pWhDJQBGKFP!3m_Exyrd1HrTS7FU-1a5aee91pWhDJQBGKFP/send?access_token=KSKw2g.AL36ISgOSm8SqQyi5zt9CoZ0tQoGZJsbzL6VJYwAnMLGiU0TXE&rnd=8980342108352016 HTTP/1.1
Host: realtime.pa.highwebmedia.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: https://chaturbate.com/
Origin: https://chaturbate.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 204 No Content
access-control-allow-credentials: true
access-control-allow-headers: Origin,X-Requested-With,Content-Type,Content-Length,Accept,Authorization,X-Ably-Version,X-Ably-Lib,X-Ably-ClientId,Ably-Agent
access-control-allow-methods: GET,PUT,POST,DELETE,OPTIONS
access-control-allow-origin: https://chaturbate.com
access-control-max-age: 3600
date: Wed, 28 Sep 2022 05:51:03 GMT
x-cache: Miss from cloudfront
via: 1.1 5bcfe2deda0bdbc6bade0af9b61602ca.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: rIjYhJl9aXLtzAnHtnSjgfn63fJgsx_eHmvWmjpC0XPEVOqJh-Rvfg==
X-Firefox-Spdy: h2
cbjpeg.stream.highwebmedia.com/stream?room=jennycutey&f=0.41458410376435173
200 OK 47 kB URL HTTP/2 cbjpeg.stream.highwebmedia.com/stream?room=jennycutey&f=0.41458410376435173
IP
ASN #50389 Phoenix Nap, LLC.
File type JPEG image data, JFIF standard 1.02, aspect ratio, density 1280x1281, segment length 16, comment: "Lavc58.91.100", baseline, precision 8, 854x480, components 3\012- data
Hash 0271243477659b38cff11d51ed35c97d
3b82cf7c8d4ef57a8cc2c7be04d0f89c4f771850
1d364fb584734443c266ab5f705d593035169e4d82a2e4fccbdb05b29efa5a52
GET /stream?room=jennycutey&f=0.41458410376435173 HTTP/1.1
Host: cbjpeg.stream.highwebmedia.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://chaturbate.com/
Connection: keep-alive
Cookie: _cfuvid=kXs_XlsKrsTQ2.IV836bLhTFr5S80l2xUOMphpiEoDo-1664344260160-0-604800000
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 28 Sep 2022 05:51:03 GMT
content-type: image/jpeg
content-length: 47256
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: default-src 'none'; img-src data:; style-src 'unsafe-inline'
cache-tag: cbjpeg
x-frame-options: DENY
X-Firefox-Spdy: h2
realtime.pa.highwebmedia.com/comet/e91pWhDJQBGKFP!3m_Exyrd1HrTS7FU-1a5aee91pWhDJQBGKFP/send?access_token=KSKw2g.AL36ISgOSm8SqQyi5zt9CoZ0tQoGZJsbzL6VJYwAnMLGiU0TXE&rnd=8980342108352016
201 Created 2 B URL HTTP/2 realtime.pa.highwebmedia.com/comet/e91pWhDJQBGKFP!3m_Exyrd1HrTS7FU-1a5aee91pWhDJQBGKFP/send?access_token=KSKw2g.AL36ISgOSm8SqQyi5zt9CoZ0tQoGZJsbzL6VJYwAnMLGiU0TXE&rnd=8980342108352016
IP
File type JSON data\012- , ASCII text, with no line terminators
Hash d751713988987e9331980363e24189ce
97d170e1550eee4afc0af065b78cda302a97674c
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
POST /comet/e91pWhDJQBGKFP!3m_Exyrd1HrTS7FU-1a5aee91pWhDJQBGKFP/send?access_token=KSKw2g.AL36ISgOSm8SqQyi5zt9CoZ0tQoGZJsbzL6VJYwAnMLGiU0TXE&rnd=8980342108352016 HTTP/1.1
Host: realtime.pa.highwebmedia.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://chaturbate.com/
content-type: application/json
Content-Length: 77
Origin: https://chaturbate.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 201 Created
content-type: application/json
content-length: 2
access-control-allow-credentials: true
access-control-allow-origin: https://chaturbate.com
access-control-expose-headers: Link,Transfer-Encoding,Content-Length,X-Ably-ErrorCode,X-Ably-ErrorMessage,X-Ably-ServerId,Server
date: Wed, 28 Sep 2022 05:51:03 GMT
vary: Origin
x-ably-serverid: frontend.4ac7.8.eu-central-1-A.i-02b077e81e4a7136d.e91pWhDJQBGKFP
x-robots-tag: noindex
x-cache: Miss from cloudfront
via: 1.1 5bcfe2deda0bdbc6bade0af9b61602ca.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: D4kdWcBC7jP0dpwm-uaJZHOub59fdvvOup2yz0cYWjWV7a5bDN5dLg==
X-Firefox-Spdy: h2
realtime.pa.highwebmedia.com/comet/e91pWhDJQBGKFP!3m_Exyrd1HrTS7FU-1a5aee91pWhDJQBGKFP/recv?access_token=KSKw2g.AL36ISgOSm8SqQyi5zt9CoZ0tQoGZJsbzL6VJYwAnMLGiU0TXE&rnd=71906493421854
200 OK 147 B URL HTTP/2 realtime.pa.highwebmedia.com/comet/e91pWhDJQBGKFP!3m_Exyrd1HrTS7FU-1a5aee91pWhDJQBGKFP/recv?access_token=KSKw2g.AL36ISgOSm8SqQyi5zt9CoZ0tQoGZJsbzL6VJYwAnMLGiU0TXE&rnd=71906493421854
IP
File type JSON data\012- , ASCII text
Hash debfcd6b9d8c39aad4260a10f6d67f1c
33d7d2240efdf19ad5579096632c3ae2c797e135
2771819c4c5d30fafc0aebfd0625bb7263f89058c4b9cb2e202564ad6a15dbaf
GET /comet/e91pWhDJQBGKFP!3m_Exyrd1HrTS7FU-1a5aee91pWhDJQBGKFP/recv?access_token=KSKw2g.AL36ISgOSm8SqQyi5zt9CoZ0tQoGZJsbzL6VJYwAnMLGiU0TXE&rnd=71906493421854 HTTP/1.1
Host: realtime.pa.highwebmedia.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://chaturbate.com/
Origin: https://chaturbate.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: application/json
content-length: 147
access-control-allow-credentials: true
access-control-allow-origin: https://chaturbate.com
access-control-expose-headers: Link,Transfer-Encoding,Content-Length,X-Ably-ErrorCode,X-Ably-ErrorMessage,X-Ably-ServerId,Server
date: Wed, 28 Sep 2022 05:51:03 GMT
vary: Origin
x-ably-serverid: frontend.4ac7.8.eu-central-1-A.i-02b077e81e4a7136d.e91pWhDJQBGKFP
x-robots-tag: noindex
x-cache: Miss from cloudfront
via: 1.1 5bcfe2deda0bdbc6bade0af9b61602ca.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: dxiTgE7aXmxApbAtllhKAbTvgFLHzR2oC0H7QOiEexwO3jXDyUam-A==
X-Firefox-Spdy: h2
realtime.pa.highwebmedia.com/?access_token=KSKw2g.AL36ISgOSm8SqQyi5zt9CoZ0tQoGZJsbzL6VJYwAnMLGiU0TXE&upgrade=e91pWhDJQBGKFP!3m_Exyrd1HrTS7FU-1a5aee91pWhDJQBGKFP&format=json&heartbeats=true&v=1.2&agent=ably-js%2F1.2.13%20browser&remainPresentFor=0
101 Switching Protocols 0 B URL HTTP/1.1 realtime.pa.highwebmedia.com/?access_token=KSKw2g.AL36ISgOSm8SqQyi5zt9CoZ0tQoGZJsbzL6VJYwAnMLGiU0TXE&upgrade=e91pWhDJQBGKFP!3m_Exyrd1HrTS7FU-1a5aee91pWhDJQBGKFP&format=json&heartbeats=true&v=1.2&agent=ably-js%2F1.2.13%20browser&remainPresentFor=0
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /?access_token=KSKw2g.AL36ISgOSm8SqQyi5zt9CoZ0tQoGZJsbzL6VJYwAnMLGiU0TXE&upgrade=e91pWhDJQBGKFP!3m_Exyrd1HrTS7FU-1a5aee91pWhDJQBGKFP&format=json&heartbeats=true&v=1.2&agent=ably-js%2F1.2.13%20browser&remainPresentFor=0 HTTP/1.1
Host: realtime.pa.highwebmedia.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: https://chaturbate.com
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: Qt0XprahQ9+WTKmZ5t1i0A==
Connection: keep-alive, Upgrade
Cookie: _cfuvid=kXs_XlsKrsTQ2.IV836bLhTFr5S80l2xUOMphpiEoDo-1664344260160-0-604800000
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Date: Wed, 28 Sep 2022 05:51:03 GMT
Connection: upgrade
Sec-Websocket-Accept: JTS9ePqv4jPDGdSmPG4e9c7rB9M=
Upgrade: websocket
X-Cache: Miss from cloudfront
Via: 1.1 193a8c13b6e0a6b90db7172f6358335e.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: cSRNVSQTOj4F6BTgIYQoLYha2jzGysNFJW5ChYFSAG0Xs_3F6p6fLQ==
cbjpeg.stream.highwebmedia.com/stream?room=jennycutey&f=0.08551360933694219
200 OK 46 kB URL HTTP/2 cbjpeg.stream.highwebmedia.com/stream?room=jennycutey&f=0.08551360933694219
IP
ASN #50389 Phoenix Nap, LLC.
File type JPEG image data, JFIF standard 1.02, aspect ratio, density 1280x1281, segment length 16, comment: "Lavc58.91.100", baseline, precision 8, 854x480, components 3\012- data
Hash 32257e8a44a20469d75c1edac9d2ef00
88eca312f7a4346f7c90b1ca6169619e7621f34b
36248fa75cb65ac52990b34f3f2c38b5c9a01623fd4b9730fd97521b205b1aac
GET /stream?room=jennycutey&f=0.08551360933694219 HTTP/1.1
Host: cbjpeg.stream.highwebmedia.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://chaturbate.com/
Connection: keep-alive
Cookie: _cfuvid=kXs_XlsKrsTQ2.IV836bLhTFr5S80l2xUOMphpiEoDo-1664344260160-0-604800000
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 28 Sep 2022 05:51:03 GMT
content-type: image/jpeg
content-length: 45894
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: default-src 'none'; img-src data:; style-src 'unsafe-inline'
cache-tag: cbjpeg
x-frame-options: DENY
X-Firefox-Spdy: h2
realtime.pa.highwebmedia.com/comet/e91pWhDJQBGKFP!3m_Exyrd1HrTS7FU-1a5aee91pWhDJQBGKFP/send?access_token=KSKw2g.AL36ISgOSm8SqQyi5zt9CoZ0tQoGZJsbzL6VJYwAnMLGiU0TXE&rnd=9965689668088424
204 No Content 0 B URL HTTP/2 realtime.pa.highwebmedia.com/comet/e91pWhDJQBGKFP!3m_Exyrd1HrTS7FU-1a5aee91pWhDJQBGKFP/send?access_token=KSKw2g.AL36ISgOSm8SqQyi5zt9CoZ0tQoGZJsbzL6VJYwAnMLGiU0TXE&rnd=9965689668088424
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
OPTIONS /comet/e91pWhDJQBGKFP!3m_Exyrd1HrTS7FU-1a5aee91pWhDJQBGKFP/send?access_token=KSKw2g.AL36ISgOSm8SqQyi5zt9CoZ0tQoGZJsbzL6VJYwAnMLGiU0TXE&rnd=9965689668088424 HTTP/1.1
Host: realtime.pa.highwebmedia.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: https://chaturbate.com/
Origin: https://chaturbate.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 204 No Content
access-control-allow-credentials: true
access-control-allow-headers: Origin,X-Requested-With,Content-Type,Content-Length,Accept,Authorization,X-Ably-Version,X-Ably-Lib,X-Ably-ClientId,Ably-Agent
access-control-allow-methods: GET,PUT,POST,DELETE,OPTIONS
access-control-allow-origin: https://chaturbate.com
access-control-max-age: 3600
date: Wed, 28 Sep 2022 05:51:03 GMT
x-cache: Miss from cloudfront
via: 1.1 5bcfe2deda0bdbc6bade0af9b61602ca.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: dF0Egd9PmFkEg8GW4tz-gX-7w-hQBS1gwn8CVY3ksZmXl_vXPH3P2Q==
X-Firefox-Spdy: h2
realtime.pa.highwebmedia.com/comet/e91pWhDJQBGKFP!3m_Exyrd1HrTS7FU-1a5aee91pWhDJQBGKFP/recv?access_token=KSKw2g.AL36ISgOSm8SqQyi5zt9CoZ0tQoGZJsbzL6VJYwAnMLGiU0TXE&rnd=4282112812853506
200 OK 1.5 kB URL HTTP/2 realtime.pa.highwebmedia.com/comet/e91pWhDJQBGKFP!3m_Exyrd1HrTS7FU-1a5aee91pWhDJQBGKFP/recv?access_token=KSKw2g.AL36ISgOSm8SqQyi5zt9CoZ0tQoGZJsbzL6VJYwAnMLGiU0TXE&rnd=4282112812853506
IP
File type JSON data\012- , ASCII text
Hash 9f2df5776f38aa9f61df007e344e3156
e12a61b483aa4454577b8e24df9fe4e97827c297
5850b694e755142677efa6088cf40e19c28e2b54656e3499504138dd55c3f760
GET /comet/e91pWhDJQBGKFP!3m_Exyrd1HrTS7FU-1a5aee91pWhDJQBGKFP/recv?access_token=KSKw2g.AL36ISgOSm8SqQyi5zt9CoZ0tQoGZJsbzL6VJYwAnMLGiU0TXE&rnd=4282112812853506 HTTP/1.1
Host: realtime.pa.highwebmedia.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://chaturbate.com/
Origin: https://chaturbate.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: application/json
content-length: 1459
access-control-allow-credentials: true
access-control-allow-origin: https://chaturbate.com
access-control-expose-headers: Link,Transfer-Encoding,Content-Length,X-Ably-ErrorCode,X-Ably-ErrorMessage,X-Ably-ServerId,Server
date: Wed, 28 Sep 2022 05:51:03 GMT
vary: Origin
x-ably-serverid: frontend.4ac7.8.eu-central-1-A.i-02b077e81e4a7136d.e91pWhDJQBGKFP
x-robots-tag: noindex
x-cache: Miss from cloudfront
via: 1.1 5bcfe2deda0bdbc6bade0af9b61602ca.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: -0dWxeh2vkiEW88_YnUTd-j0yiM--zNF4DBvof6_-F2RFmTDkTeHhw==
X-Firefox-Spdy: h2
realtime.pa.highwebmedia.com/comet/e91pWhDJQBGKFP!3m_Exyrd1HrTS7FU-1a5aee91pWhDJQBGKFP/send?access_token=KSKw2g.AL36ISgOSm8SqQyi5zt9CoZ0tQoGZJsbzL6VJYwAnMLGiU0TXE&rnd=9965689668088424
201 Created 2 B URL HTTP/2 realtime.pa.highwebmedia.com/comet/e91pWhDJQBGKFP!3m_Exyrd1HrTS7FU-1a5aee91pWhDJQBGKFP/send?access_token=KSKw2g.AL36ISgOSm8SqQyi5zt9CoZ0tQoGZJsbzL6VJYwAnMLGiU0TXE&rnd=9965689668088424
IP
File type JSON data\012- , ASCII text, with no line terminators
Hash d751713988987e9331980363e24189ce
97d170e1550eee4afc0af065b78cda302a97674c
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
POST /comet/e91pWhDJQBGKFP!3m_Exyrd1HrTS7FU-1a5aee91pWhDJQBGKFP/send?access_token=KSKw2g.AL36ISgOSm8SqQyi5zt9CoZ0tQoGZJsbzL6VJYwAnMLGiU0TXE&rnd=9965689668088424 HTTP/1.1
Host: realtime.pa.highwebmedia.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://chaturbate.com/
content-type: application/json
Content-Length: 1304
Origin: https://chaturbate.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 201 Created
content-type: application/json
content-length: 2
access-control-allow-credentials: true
access-control-allow-origin: https://chaturbate.com
access-control-expose-headers: Link,Transfer-Encoding,Content-Length,X-Ably-ErrorCode,X-Ably-ErrorMessage,X-Ably-ServerId,Server
date: Wed, 28 Sep 2022 05:51:03 GMT
vary: Origin
x-ably-serverid: frontend.4ac7.8.eu-central-1-A.i-02b077e81e4a7136d.e91pWhDJQBGKFP
x-robots-tag: noindex
x-cache: Miss from cloudfront
via: 1.1 5bcfe2deda0bdbc6bade0af9b61602ca.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: fGCocTk1lykofDx4EatgvfilKiJ4_EMeMndwt1nFzpNk5XVeY58ppQ==
X-Firefox-Spdy: h2
realtime.pa.highwebmedia.com/comet/e91pWhDJQBGKFP!3m_Exyrd1HrTS7FU-1a5aee91pWhDJQBGKFP/recv?access_token=KSKw2g.AL36ISgOSm8SqQyi5zt9CoZ0tQoGZJsbzL6VJYwAnMLGiU0TXE&rnd=7373276935616293
200 OK 1.0 kB URL HTTP/2 realtime.pa.highwebmedia.com/comet/e91pWhDJQBGKFP!3m_Exyrd1HrTS7FU-1a5aee91pWhDJQBGKFP/recv?access_token=KSKw2g.AL36ISgOSm8SqQyi5zt9CoZ0tQoGZJsbzL6VJYwAnMLGiU0TXE&rnd=7373276935616293
IP
File type JSON data\012- , ASCII text
Hash 9f16ac708b1403decf6f0ff96e52447d
82772207fa2a6e72f41ecfe172f6cd3eecf68a93
8f84f10ea6298e6f34d5a98b0bf6f4ce15015ac3e81493a24a09299d1bbabd80
GET /comet/e91pWhDJQBGKFP!3m_Exyrd1HrTS7FU-1a5aee91pWhDJQBGKFP/recv?access_token=KSKw2g.AL36ISgOSm8SqQyi5zt9CoZ0tQoGZJsbzL6VJYwAnMLGiU0TXE&rnd=7373276935616293 HTTP/1.1
Host: realtime.pa.highwebmedia.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://chaturbate.com/
Origin: https://chaturbate.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: application/json
content-length: 1006
access-control-allow-credentials: true
access-control-allow-origin: https://chaturbate.com
access-control-expose-headers: Link,Transfer-Encoding,Content-Length,X-Ably-ErrorCode,X-Ably-ErrorMessage,X-Ably-ServerId,Server
date: Wed, 28 Sep 2022 05:51:03 GMT
vary: Origin
x-ably-serverid: frontend.4ac7.8.eu-central-1-A.i-02b077e81e4a7136d.e91pWhDJQBGKFP
x-robots-tag: noindex
x-cache: Miss from cloudfront
via: 1.1 5bcfe2deda0bdbc6bade0af9b61602ca.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: RR9exVam5B59Dfx2Y4JBdpMH08bRFy2fNQ21cBtR56YFL8Ppr5WmtQ==
X-Firefox-Spdy: h2
cbjpeg.stream.highwebmedia.com/stream?room=jennycutey&f=0.81993766881964
200 OK 47 kB URL HTTP/2 cbjpeg.stream.highwebmedia.com/stream?room=jennycutey&f=0.81993766881964
IP
ASN #50389 Phoenix Nap, LLC.
File type JPEG image data, JFIF standard 1.02, aspect ratio, density 1280x1281, segment length 16, comment: "Lavc58.91.100", baseline, precision 8, 854x480, components 3\012- data
Hash 0f8aaad20704bfb2f7f16d6c89dfed08
6b01a9ef28ad12850c8ea46e2db945d950933857
68c747daea58751d3ecc1e9a1d872d811444adc02baa3eb1cc4056c27c0faaa8
GET /stream?room=jennycutey&f=0.81993766881964 HTTP/1.1
Host: cbjpeg.stream.highwebmedia.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://chaturbate.com/
Connection: keep-alive
Cookie: _cfuvid=kXs_XlsKrsTQ2.IV836bLhTFr5S80l2xUOMphpiEoDo-1664344260160-0-604800000
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 28 Sep 2022 05:51:03 GMT
content-type: image/jpeg
content-length: 46555
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: default-src 'none'; img-src data:; style-src 'unsafe-inline'
cache-tag: cbjpeg
x-frame-options: DENY
X-Firefox-Spdy: h2
realtime.pa.highwebmedia.com/comet/e91pWhDJQBGKFP!3m_Exyrd1HrTS7FU-1a5aee91pWhDJQBGKFP/disconnect?access_token=KSKw2g.AL36ISgOSm8SqQyi5zt9CoZ0tQoGZJsbzL6VJYwAnMLGiU0TXE&rnd=8262556584324054
204 No Content 0 B URL HTTP/2 realtime.pa.highwebmedia.com/comet/e91pWhDJQBGKFP!3m_Exyrd1HrTS7FU-1a5aee91pWhDJQBGKFP/disconnect?access_token=KSKw2g.AL36ISgOSm8SqQyi5zt9CoZ0tQoGZJsbzL6VJYwAnMLGiU0TXE&rnd=8262556584324054
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /comet/e91pWhDJQBGKFP!3m_Exyrd1HrTS7FU-1a5aee91pWhDJQBGKFP/disconnect?access_token=KSKw2g.AL36ISgOSm8SqQyi5zt9CoZ0tQoGZJsbzL6VJYwAnMLGiU0TXE&rnd=8262556584324054 HTTP/1.1
Host: realtime.pa.highwebmedia.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://chaturbate.com/
Origin: https://chaturbate.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 204 No Content
access-control-allow-credentials: true
access-control-allow-origin: https://chaturbate.com
access-control-expose-headers: Link,Transfer-Encoding,Content-Length,X-Ably-ErrorCode,X-Ably-ErrorMessage,X-Ably-ServerId,Server
date: Wed, 28 Sep 2022 05:51:03 GMT
vary: Origin
x-ably-serverid: frontend.4ac7.8.eu-central-1-A.i-02b077e81e4a7136d.e91pWhDJQBGKFP
x-robots-tag: noindex
x-cache: Miss from cloudfront
via: 1.1 5bcfe2deda0bdbc6bade0af9b61602ca.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: 1Sw6V4UYog2KOoRiF3muuHLMC3j0-7oT09dfFKQsDg2F-Ks3P_wLFQ==
X-Firefox-Spdy: h2
cbjpeg.stream.highwebmedia.com/stream?room=jennycutey&f=0.2717839006188696
200 OK 47 kB URL HTTP/2 cbjpeg.stream.highwebmedia.com/stream?room=jennycutey&f=0.2717839006188696
IP
ASN #50389 Phoenix Nap, LLC.
File type JPEG image data, JFIF standard 1.02, aspect ratio, density 1280x1281, segment length 16, comment: "Lavc58.91.100", baseline, precision 8, 854x480, components 3\012- data
Hash e209e2467aca1a3caadc6b704b200b14
52723165882546a7f045d85a5e08f676e5d9d6a8
b495585258d90078fa194005577a51db5bab10f1c4b76a12d70fbfbd952dd1f7
GET /stream?room=jennycutey&f=0.2717839006188696 HTTP/1.1
Host: cbjpeg.stream.highwebmedia.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://chaturbate.com/
Connection: keep-alive
Cookie: _cfuvid=kXs_XlsKrsTQ2.IV836bLhTFr5S80l2xUOMphpiEoDo-1664344260160-0-604800000
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 28 Sep 2022 05:51:03 GMT
content-type: image/jpeg
content-length: 47411
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: default-src 'none'; img-src data:; style-src 'unsafe-inline'
cache-tag: cbjpeg
x-frame-options: DENY
X-Firefox-Spdy: h2
cbjpeg.stream.highwebmedia.com/stream?room=jennycutey&f=0.2643833656723866
200 OK 46 kB URL HTTP/2 cbjpeg.stream.highwebmedia.com/stream?room=jennycutey&f=0.2643833656723866
IP
ASN #50389 Phoenix Nap, LLC.
File type JPEG image data, JFIF standard 1.02, aspect ratio, density 1280x1281, segment length 16, comment: "Lavc58.91.100", baseline, precision 8, 854x480, components 3\012- data
Hash df269e813fb311bbf632a381e4642015
ce90f80637a08507a0a6a779b8234c789b40ffef
6fe6cf15a3d5418703247f57f7b5b38b561ab91990db2be9eb4b9145ba51f03e
GET /stream?room=jennycutey&f=0.2643833656723866 HTTP/1.1
Host: cbjpeg.stream.highwebmedia.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://chaturbate.com/
Connection: keep-alive
Cookie: _cfuvid=kXs_XlsKrsTQ2.IV836bLhTFr5S80l2xUOMphpiEoDo-1664344260160-0-604800000
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 28 Sep 2022 05:51:04 GMT
content-type: image/jpeg
content-length: 46265
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: default-src 'none'; img-src data:; style-src 'unsafe-inline'
cache-tag: cbjpeg
x-frame-options: DENY
X-Firefox-Spdy: h2
cbjpeg.stream.highwebmedia.com/stream?room=jennycutey&f=0.10640444396124515
200 OK 46 kB URL HTTP/2 cbjpeg.stream.highwebmedia.com/stream?room=jennycutey&f=0.10640444396124515
IP
ASN #50389 Phoenix Nap, LLC.
File type JPEG image data, JFIF standard 1.02, aspect ratio, density 1280x1281, segment length 16, comment: "Lavc58.91.100", baseline, precision 8, 854x480, components 3\012- data
Hash ccc6fefca7102bc197cc6b4fa066cb35
2449f621375a3c39d9412259c099d97aade2573f
44ba59c57d74d1c64035470dcec4a5e7ed03eb1276f82908d559ee8261d5f470
GET /stream?room=jennycutey&f=0.10640444396124515 HTTP/1.1
Host: cbjpeg.stream.highwebmedia.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://chaturbate.com/
Connection: keep-alive
Cookie: _cfuvid=kXs_XlsKrsTQ2.IV836bLhTFr5S80l2xUOMphpiEoDo-1664344260160-0-604800000
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 28 Sep 2022 05:51:04 GMT
content-type: image/jpeg
content-length: 46409
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: default-src 'none'; img-src data:; style-src 'unsafe-inline'
cache-tag: cbjpeg
x-frame-options: DENY
X-Firefox-Spdy: h2
cbjpeg.stream.highwebmedia.com/stream?room=jennycutey&f=0.13710022611702477
200 OK 47 kB URL HTTP/2 cbjpeg.stream.highwebmedia.com/stream?room=jennycutey&f=0.13710022611702477
IP
ASN #50389 Phoenix Nap, LLC.
File type JPEG image data, JFIF standard 1.02, aspect ratio, density 1280x1281, segment length 16, comment: "Lavc58.91.100", baseline, precision 8, 854x480, components 3\012- data
Hash 6f023faf54293a9e7552d682f85efbcb
1bf0cf91c9ed9107f4979de4f24e3f4ad8c947e5
4ae166912371d385c6314b2221a3cc93d3715b34cf654098a9745df8ca6ecf3e
GET /stream?room=jennycutey&f=0.13710022611702477 HTTP/1.1
Host: cbjpeg.stream.highwebmedia.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://chaturbate.com/
Connection: keep-alive
Cookie: _cfuvid=kXs_XlsKrsTQ2.IV836bLhTFr5S80l2xUOMphpiEoDo-1664344260160-0-604800000
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 28 Sep 2022 05:51:04 GMT
content-type: image/jpeg
content-length: 47287
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: default-src 'none'; img-src data:; style-src 'unsafe-inline'
cache-tag: cbjpeg
x-frame-options: DENY
X-Firefox-Spdy: h2
cbjpeg.stream.highwebmedia.com/stream?room=jennycutey&f=0.078022405408395
200 OK 46 kB URL HTTP/2 cbjpeg.stream.highwebmedia.com/stream?room=jennycutey&f=0.078022405408395
IP
ASN #50389 Phoenix Nap, LLC.
File type JPEG image data, JFIF standard 1.02, aspect ratio, density 1280x1281, segment length 16, comment: "Lavc58.91.100", baseline, precision 8, 854x480, components 3\012- data
Hash f36943bce514385c2abdafff2ebb4bae
c5e4fb1ec80ef9b370370151fdd9b2d3e5eb75ff
2061c6adea7a439a8466ab521363dc8e5f043398a1f65cab244ee7cf34d0a6a4
GET /stream?room=jennycutey&f=0.078022405408395 HTTP/1.1
Host: cbjpeg.stream.highwebmedia.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://chaturbate.com/
Connection: keep-alive
Cookie: _cfuvid=kXs_XlsKrsTQ2.IV836bLhTFr5S80l2xUOMphpiEoDo-1664344260160-0-604800000
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 28 Sep 2022 05:51:04 GMT
content-type: image/jpeg
content-length: 46479
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: default-src 'none'; img-src data:; style-src 'unsafe-inline'
cache-tag: cbjpeg
x-frame-options: DENY
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F838bed0c-c665-42d6-8c20-1decd709953c.jpeg
200 OK 9.3 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F838bed0c-c665-42d6-8c20-1decd709953c.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 3c58fdf09a7d552be0c8666522a29de7
60c873f097c85376797fed366804119f7e9c445e
24569f084d3fd428526503bde8b3da64152911934cd5e0e9140c06d954e4bcd9
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F838bed0c-c665-42d6-8c20-1decd709953c.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
content-length: 9314
x-amzn-requestid: 0639452b-7f17-4513-aeb1-20b465ed3e93
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZI3e3HzCIAMF-vQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63336c5e-52afa1da17c4557c5e8c3564;Sampled=0
x-amzn-remapped-date: Tue, 27 Sep 2022 21:34:22 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: 4mjt2-5F0Chu1G7jShI6rXfTuBMd6JOYxFMtla-EgL7i82SThJnp5w==
via: 1.1 e5af640ced3aa8764b82c4bc3f7af38e.cloudfront.net (CloudFront), 1.1 1508efc4152aa1778ed4adecb328b374.cloudfront.net (CloudFront), 1.1 google
date: Tue, 27 Sep 2022 21:38:41 GMT
age: 29543
etag: "60c873f097c85376797fed366804119f7e9c445e"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
xfantazy.com/_next/static/CQQjK-JMZPEm6YR1Hp7eX/pages/_app.js
200 OK 0 B URL HTTP/2 xfantazy.com/_next/static/CQQjK-JMZPEm6YR1Hp7eX/pages/_app.js
IP
GET /_next/static/CQQjK-JMZPEm6YR1Hp7eX/pages/_app.js HTTP/1.1
Host: xfantazy.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/video/60030b8cd7357618a3cab844
Cookie: visitorId=ni6eiv1w84d5fobgow4re; experiment-popup-payment-7=0; experiment-save-to-button-2=0
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Wed, 28 Sep 2022 05:50:55 GMT
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=31536000, immutable
cf-bgj: minify
etag: W/"20e2f-183501608c8"
last-modified: Sun, 18 Sep 2022 10:12:44 GMT
vary: Origin, Accept-Encoding
cf-cache-status: HIT
age: 846635
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=TGHDQ%2FNYEbrmJ9pB3Wxl8r3BNXkCg9Qak%2BY%2BFU14TJ%2FTaOCAU6t3Ch8l6jfeC03GefOC%2BovBOFayUC65kj9142iITqgo3Hu9LZNv%2FB7LJtmO3ys54%2BKLE7S3H%2B9H8A%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 751a344f486c1c02-OSL
content-encoding: br
X-Firefox-Spdy: h2
api-protected.protoawegw.com/v2/player/performer/get?noRedirect=1&mitigable=1&includeTestAccounts=0&product=livejasmin&presets=&certified=0&streamType=rtmp&category=girl&performerIds[]=e9c44dca-3db1-4b94-8f92-6a3fe89db7ca
200 OK 0 B URL HTTP/2 api-protected.protoawegw.com/v2/player/performer/get?noRedirect=1&mitigable=1&includeTestAccounts=0&product=livejasmin&presets=&certified=0&streamType=rtmp&category=girl&performerIds[]=e9c44dca-3db1-4b94-8f92-6a3fe89db7ca
IP
ASN #34655 DuoDecad IT Services Luxembourg S.a r.l.
GET /v2/player/performer/get?noRedirect=1&mitigable=1&includeTestAccounts=0&product=livejasmin&presets=&certified=0&streamType=rtmp&category=girl&performerIds[]=e9c44dca-3db1-4b94-8f92-6a3fe89db7ca HTTP/1.1
Host: api-protected.protoawegw.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://pt.wmptctl.com/
Origin: https://pt.wmptctl.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Wed, 28 Sep 2022 05:51:02 GMT
content-type: application/json
vary: Accept-Encoding
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: X-Requested-With, Content-Type
access-control-allow-methods: OPTIONS, GET, POST, PUT, DELETE, PATCH
server: unknown
content-encoding: gzip
X-Firefox-Spdy: h2
xfantazy.com/_next/static/CQQjK-JMZPEm6YR1Hp7eX/pages/index.js
200 OK 0 B URL HTTP/2 xfantazy.com/_next/static/CQQjK-JMZPEm6YR1Hp7eX/pages/index.js
IP
GET /_next/static/CQQjK-JMZPEm6YR1Hp7eX/pages/index.js HTTP/1.1
Host: xfantazy.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/video/60030b8cd7357618a3cab844
Cookie: visitorId=ni6eiv1w84d5fobgow4re; experiment-popup-payment-7=0; experiment-save-to-button-2=0; safeMode=0; advancedOptions=0; viewedVideoCounter=0; adScript2Groups=push1-push1%2Cpop-desk%2CTest-Code%20; k2sAccessToken=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiI1YjM5Y2ZjY2ZjNGUwNzFjNzE4MWQ0ZmQiLCJhdWQiOiJjbGllbnQiLCJ0eXBlIjoiYWNjZXNzVG9rZW4iLCJpc3MiOiJrMnMiLCJjSWQiOiI1YjM5Y2ZjY2ZjNGUwNzFjNzE4MWQ0ZmQiLCJqdGkiOiI2YjY0NmFkNDJhOWE2IiwiaWF0IjoxNjY0MzQ0MjU2LCJleHAiOjE2NjQ5NDkwNTZ9.-0xuPdbDbDP0RHbpIqsnJWlpGjkPagY18bChOZY22Jk; k2sRefreshToken=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiI1YjM5Y2ZjY2ZjNGUwNzFjNzE4MWQ0ZmQiLCJhdWQiOiJjbGllbnQiLCJ0eXBlIjoicmVmcmVzaFRva2VuIiwiaXNzIjoiazJzIiwiY0lkIjoiNWIzOWNmY2NmYzRlMDcxYzcxODFkNGZkIiwianRpIjoiNWJiMzJmZTM2NGY1YSIsImlhdCI6MTY2NDM0NDI1NiwiZXhwIjoxNjY2OTM2MjU2fQ.2QtfCtCGr9V0B16UQ1I5FoNulJTOUi4vy-pQMliGxkc
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Wed, 28 Sep 2022 05:50:57 GMT
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=31536000, immutable
cf-bgj: minify
etag: W/"2b7-183501608c8"
last-modified: Sun, 18 Sep 2022 10:12:44 GMT
vary: Origin, Accept-Encoding
cf-cache-status: HIT
age: 846626
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=KXXaTKbZbT5VAFXZZpis%2BMWoUxr8lecgqLfreE4XVoMHBEV9REUrLGxmjNWJDTx8Y6eR2ap3lZLZ2tCabHADuHvCyEv7OmPExaRPTncQc02aRcEizQOhZpwGuHdTpg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 751a34566dff1c02-OSL
content-encoding: br
X-Firefox-Spdy: h2
cdn.barscreative1.com/sb/au/29/79/b6/2979b6cd81afad6251e222515b2d8311/1663145782.html
200 OK 0 B URL HTTP/2 cdn.barscreative1.com/sb/au/29/79/b6/2979b6cd81afad6251e222515b2d8311/1663145782.html
IP
ASN #39572 DataWeb Global Group B.V.
Analyzer Verdict Alert fortinet Phishing
GET /sb/au/29/79/b6/2979b6cd81afad6251e222515b2d8311/1663145782.html HTTP/1.1
Host: cdn.barscreative1.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://xfantazy.com
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Wed, 28 Sep 2022 05:50:58 GMT
content-type: text/html; charset=utf-8
server: nginx/1.17.6
last-modified: Wed, 14 Sep 2022 08:56:26 GMT
etag: W/"6321973a-6ef"
cache-control: max-age=3600
access-control-allow-origin: *
access-control-expose-headers: Date
content-encoding: gzip
expires: Wed, 28 Sep 2022 06:50:58 GMT
x-proxy-cache: HIT
X-Firefox-Spdy: h2
promos.camsoda.com/embed/?id=cybermike2&cmp=adnium900x250-4776911&page=new
200 OK 0 B URL HTTP/2 promos.camsoda.com/embed/?id=cybermike2&cmp=adnium900x250-4776911&page=new
IP
GET /embed/?id=cybermike2&cmp=adnium900x250-4776911&page=new HTTP/1.1
Host: promos.camsoda.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://nnteens.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Wed, 28 Sep 2022 05:50:59 GMT
content-type: text/html
x-powered-by: PHP/5.4.45-0reflected3+deb8u1
cache-control: public, max-age=20
expires: Wed, 28 Sep 2022 05:51:06 GMT
vary: Accept-Encoding
x-cdn-diag: ams5-7846-3-7936-h-0-0---;6141-23-4861----0-0-0
X-Firefox-Spdy: h2
a.bestcontentfood.top/warp/4787908?r=36762
200 OK 0 B URL HTTP/2 a.bestcontentfood.top/warp/4787908?r=36762
IP
Analyzer Verdict Alert fortinet Phishing
GET /warp/4787908?r=36762 HTTP/1.1
Host: a.bestcontentfood.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://a.focusde.info/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Wed, 28 Sep 2022 05:50:59 GMT
content-type: application/javascript; charset=UTF-8
referer: a.medfoodsafety.com
cache-control: public, max-age=900
etag: W/"b5bfe5efa4321a0b085300dd0d4edb9f"
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=bErViCTivhikulWDaECqgbJNfO96Un76CrNHr5oJp2qpVTod9RHSMZwruhccnrKCHyQZW1T4oBhPJZYsGn8pw%2Bb7zpLlPcT61q75joBwbC3UMeOFSHh6BQa%2F5yCeB85qeg9jMg7EH94%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 751a34625dc6757a-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
a.bestcontentfood.top/warp/4788752?r=82610
200 OK 0 B URL HTTP/2 a.bestcontentfood.top/warp/4788752?r=82610
IP
Analyzer Verdict Alert fortinet Phishing
GET /warp/4788752?r=82610 HTTP/1.1
Host: a.bestcontentfood.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://a.focusde.info/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Wed, 28 Sep 2022 05:50:59 GMT
content-type: application/javascript; charset=UTF-8
referer: a.medfoodsafety.com
cache-control: public, max-age=900
etag: W/"b5bfe5efa4321a0b085300dd0d4edb9f"
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Npyl071%2BnfYnSV6DRyk65kEe65w2fHxNAhFvZBE%2Bl%2Fx7cPBFtFSxoKQ9xo0m%2FbjcNjXWib%2FOHwtzoVOPKa00CSiYAwTybyj1kqxpg8w1SnzvkfKNs0KHuU87mitvXK%2Fn%2FNMTPf7exu0%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 751a34627dde757a-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
xfantazy.com/_next/static/chunks/70.aeba4e9e28ccf1bae13a.js
200 OK 0 B URL HTTP/2 xfantazy.com/_next/static/chunks/70.aeba4e9e28ccf1bae13a.js
IP
GET /_next/static/chunks/70.aeba4e9e28ccf1bae13a.js HTTP/1.1
Host: xfantazy.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/video/60030b8cd7357618a3cab844
Cookie: visitorId=ni6eiv1w84d5fobgow4re; experiment-popup-payment-7=0; experiment-save-to-button-2=0; safeMode=0; advancedOptions=0; viewedVideoCounter=0
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Wed, 28 Sep 2022 05:50:56 GMT
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=31536000, immutable
cf-bgj: minify
etag: W/"56d-181397f9e5d"
last-modified: Mon, 06 Jun 2022 14:51:13 GMT
vary: Origin, Accept-Encoding
cf-cache-status: HIT
age: 9790519
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=d%2FiFiLgMSsvNVpA643W2%2BsyPgu0dqj3tjQxMkEHGTvRirxn4PbD31qbxyd94f2jkGr7mPHTLp9BIiQBLbBDBDTUR1cN3oeavSFU25myWKOEep0bMfbY3a0osQHxEXA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 751a34551cc91c02-OSL
content-encoding: br
X-Firefox-Spdy: h2
fonts.googleapis.com/css?family=Roboto:100,300,400,500,700&display=swap
200 OK 0 B URL HTTP/2 fonts.googleapis.com/css?family=Roboto:100,300,400,500,700&display=swap
IP
GET /css?family=Roboto:100,300,400,500,700&display=swap HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Wed, 28 Sep 2022 05:50:55 GMT
date: Wed, 28 Sep 2022 05:50:55 GMT
cache-control: private, max-age=86400
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
a.focusde.info/api/spots/312873?p=1&s1=%subid1%&kw=
200 OK 0 B URL HTTP/2 a.focusde.info/api/spots/312873?p=1&s1=%subid1%&kw=
IP
ASN #24940 Hetzner Online GmbH
GET /api/spots/312873?p=1&s1=%subid1%&kw= HTTP/1.1
Host: a.focusde.info
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 28 Sep 2022 05:50:58 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
set-cookie: nauid=ryxPuUc4QeXzgfi83l8c; Path=/; Expires=Wed, 11 Nov 2037 11:11:11 GMT; Secure; SameSite=None
cache-control: private
content-encoding: gzip
X-Firefox-Spdy: h2
xfantazy.com/video/60030b8cd7357618a3cab844
200 OK 0 B URL HTTP/2 xfantazy.com/video/60030b8cd7357618a3cab844
IP
GET /video/60030b8cd7357618a3cab844 HTTP/1.1
Host: xfantazy.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/2 200 OK
date: Wed, 28 Sep 2022 05:50:55 GMT
content-type: text/html; charset=utf-8
vary: Origin
set-cookie: visitorId=ni6eiv1w84d5fobgow4re; Domain=xfantazy.com; Path=/; Expires=Tue, 28 Sep 2032 05:50:55 GMT; HttpOnly
experiment-popup-payment-7=0; Path=/; Expires=Wed, 05 Oct 2022 05:50:55 GMT
experiment-save-to-button-2=0; Path=/; Expires=Wed, 05 Oct 2022 05:50:55 GMT
x-powered-by: Next.js
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=0PjoEistk2H%2Bf%2FVPw03Sm84bYhQdXTBXq48%2FYVgz8WKP80vmt2lpp2jWLlNZLCch%2Bu6z4r9DHFldGSrLJlq61u5sYoVaPJd18Nzm8BoqaSFynSwFsd7JtoB%2BLb5B%2Bg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 751a344d1ec61c02-OSL
content-encoding: br
X-Firefox-Spdy: h2
xfantazy.com/_next/static/CQQjK-JMZPEm6YR1Hp7eX/pages/channels.js
200 OK 0 B URL HTTP/2 xfantazy.com/_next/static/CQQjK-JMZPEm6YR1Hp7eX/pages/channels.js
IP
GET /_next/static/CQQjK-JMZPEm6YR1Hp7eX/pages/channels.js HTTP/1.1
Host: xfantazy.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/video/60030b8cd7357618a3cab844
Cookie: visitorId=ni6eiv1w84d5fobgow4re; experiment-popup-payment-7=0; experiment-save-to-button-2=0; safeMode=0; advancedOptions=0; viewedVideoCounter=0; adScript2Groups=push1-push1%2Cpop-desk%2CTest-Code%20; k2sAccessToken=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiI1YjM5Y2ZjY2ZjNGUwNzFjNzE4MWQ0ZmQiLCJhdWQiOiJjbGllbnQiLCJ0eXBlIjoiYWNjZXNzVG9rZW4iLCJpc3MiOiJrMnMiLCJjSWQiOiI1YjM5Y2ZjY2ZjNGUwNzFjNzE4MWQ0ZmQiLCJqdGkiOiI2YjY0NmFkNDJhOWE2IiwiaWF0IjoxNjY0MzQ0MjU2LCJleHAiOjE2NjQ5NDkwNTZ9.-0xuPdbDbDP0RHbpIqsnJWlpGjkPagY18bChOZY22Jk; k2sRefreshToken=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiI1YjM5Y2ZjY2ZjNGUwNzFjNzE4MWQ0ZmQiLCJhdWQiOiJjbGllbnQiLCJ0eXBlIjoicmVmcmVzaFRva2VuIiwiaXNzIjoiazJzIiwiY0lkIjoiNWIzOWNmY2NmYzRlMDcxYzcxODFkNGZkIiwianRpIjoiNWJiMzJmZTM2NGY1YSIsImlhdCI6MTY2NDM0NDI1NiwiZXhwIjoxNjY2OTM2MjU2fQ.2QtfCtCGr9V0B16UQ1I5FoNulJTOUi4vy-pQMliGxkc
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Wed, 28 Sep 2022 05:50:57 GMT
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=31536000, immutable
cf-bgj: minify
etag: W/"975-183501608c8"
last-modified: Sun, 18 Sep 2022 10:12:44 GMT
vary: Origin, Accept-Encoding
cf-cache-status: HIT
age: 846626
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=6c2axnMnYxizNLsOHec1faI34zjun5T4Nm0aBzJ0w7wo%2BXbDJ3vVjzuX71F8Xw%2BS3hrH95%2Bj4rww1YQUUMVX1dnhBsrtXb5%2FwcV8oYoD5XR7Gs2ZEcNDphOc8C7Zxg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 751a34568e2c1c02-OSL
content-encoding: br
X-Firefox-Spdy: h2
a.focusde.info/api/spots/303892?p=1&s1=%subid1%&kw=
200 OK 0 B URL HTTP/2 a.focusde.info/api/spots/303892?p=1&s1=%subid1%&kw=
IP
ASN #24940 Hetzner Online GmbH
GET /api/spots/303892?p=1&s1=%subid1%&kw= HTTP/1.1
Host: a.focusde.info
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 28 Sep 2022 05:50:58 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
set-cookie: nauid=eEWRVhjhbGeGzuTuETHa; Path=/; Expires=Wed, 11 Nov 2037 11:11:11 GMT; Secure; SameSite=None
cache-control: private
content-encoding: gzip
X-Firefox-Spdy: h2
a.medfoodsafety.com/loader?a=4787908&v=2&t=1&s=4776911&p=8575&if=true
200 OK 0 B URL HTTP/2 a.medfoodsafety.com/loader?a=4787908&v=2&t=1&s=4776911&p=8575&if=true
IP
GET /loader?a=4787908&v=2&t=1&s=4776911&p=8575&if=true HTTP/1.1
Host: a.medfoodsafety.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://a.focusde.info/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Wed, 28 Sep 2022 05:50:59 GMT
content-type: text/html
cache-control: no-cache, no-store, must-revalidate
expires: Sat, 26 Jul 1997 05:00:00 GMT
last-modified: Sun, 17 May 1998 03:00:00 GMT
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=K5FSzbEcxZrUySzozV0PMd%2Bzj6NDv2f535LCTJqMG2khF0%2By40kyz%2BTUB85mEYPdCIJAyO9FXpFiaV7dLzTUWaLCFHrE0TL3nZDUPvdvHPBvcAxdoX1iwLGGcaI7eaiVky6Pi4mU"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 751a34641f9c71d4-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
xfantazy.com/_next/static/chunks/242.e6062ff562716b6e41db.js
200 OK 0 B URL HTTP/2 xfantazy.com/_next/static/chunks/242.e6062ff562716b6e41db.js
IP
GET /_next/static/chunks/242.e6062ff562716b6e41db.js HTTP/1.1
Host: xfantazy.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/video/60030b8cd7357618a3cab844
Cookie: visitorId=ni6eiv1w84d5fobgow4re; experiment-popup-payment-7=0; experiment-save-to-button-2=0; safeMode=0; advancedOptions=0; viewedVideoCounter=0
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Wed, 28 Sep 2022 05:50:56 GMT
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=31536000, immutable
cf-bgj: minify
etag: W/"26cdb-181a9f40d06"
last-modified: Tue, 28 Jun 2022 10:55:52 GMT
vary: Origin, Accept-Encoding
cf-cache-status: HIT
age: 7930386
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=uIZ1G0dAxGPBYJ%2Fq4bXtDHZV7uV4hBnTE6SJJ06CdJnRHw3qzcyiOEyLSR5b8%2BGzzp%2Fkk4Ytr9szDfDodF6Zrorsp%2FjSVBv2oiX3ANKudn%2B0g7Y3LzctEhir%2FvAUUg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 751a34543c381c02-OSL
content-encoding: br
X-Firefox-Spdy: h2
a.focusde.info/api/spots/303894?p=1&s1=%subid1%&kw=
200 OK 0 B URL HTTP/2 a.focusde.info/api/spots/303894?p=1&s1=%subid1%&kw=
IP
ASN #24940 Hetzner Online GmbH
GET /api/spots/303894?p=1&s1=%subid1%&kw= HTTP/1.1
Host: a.focusde.info
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Cookie: nauid=eEWRVhjhbGeGzuTuETHa
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 28 Sep 2022 05:50:58 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
cache-control: private
content-encoding: gzip
X-Firefox-Spdy: h2
thachuchopy.com/aMW/5.wRY/Wyd/l/Qi2L9MkXZETu9j6KbD2y5VlESBWZQQ9IN_DyQL2pNNDvk/2WMDid0Z0HNvDcYk0ZO_T_YwzA
200 OK 0 B URL HTTP/2 thachuchopy.com/aMW/5.wRY/Wyd/l/Qi2L9MkXZETu9j6KbD2y5VlESBWZQQ9IN_DyQL2pNNDvk/2WMDid0Z0HNvDcYk0ZO_T_YwzA
IP
GET /aMW/5.wRY/Wyd/l/Qi2L9MkXZETu9j6KbD2y5VlESBWZQQ9IN_DyQL2pNNDvk/2WMDid0Z0HNvDcYk0ZO_T_YwzA HTTP/1.1
Host: thachuchopy.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://media.aso1.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Wed, 28 Sep 2022 05:50:59 GMT
content-type: application/javascript; charset=utf-8
vary: Accept-Encoding
expires: Mon, 26 Jul 2011 05:00:00 GMT
cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
pragma: no-cache
accept-ch: Sec-CH-UA-Platform-Version, Sec-CH-UA-Platform
x-content-type-options: nosniff
content-encoding: br
X-Firefox-Spdy: h2
chaturbate.com/in/?track=adnium-900x250&tour=x1Rd&campaign=taOsB&c=1&p=0&gender=f
302 Found 0 B URL HTTP/2 chaturbate.com/in/?track=adnium-900x250&tour=x1Rd&campaign=taOsB&c=1&p=0&gender=f
IP
GET /in/?track=adnium-900x250&tour=x1Rd&campaign=taOsB&c=1&p=0&gender=f HTTP/1.1
Host: chaturbate.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://camschat.net/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
date: Wed, 28 Sep 2022 05:50:59 GMT
content-type: text/html; charset=utf-8
location: /tours/3/?tour=x1Rd&campaign=taOsB&c=1&p=0&gender=f&disable_sound=0
p3p: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"
vary: Accept-Language, Cookie
content-language: en
content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.mmcdn.com https://*.highwebmedia.com https://*.chaturbate.com https://chaturbate.com https://ajax.googleapis.com https://js-agent.newrelic.com https://cdnjs.cloudflare.com https://www.google-analytics.com https://www.google.com/recaptcha/ https://www.google.com/cv/ https://www.gstatic.com/recaptcha/ https://www.gstatic.com/cv/ https://www.gstatic.com/eureka/ https://www.gstatic.com/cast/ https://*.nr-data.net https://certify-js.alexametrics.com https://player.vimeo.com/api/player.js http://static.hotjar.com https://static.hotjar.com https://script.hotjar.com ; style-src 'self' data: 'unsafe-inline' https://*.highwebmedia.com https://cdnjs.cloudflare.com https://fonts.googleapis.com ; img-src 'self' data: https://*.mmcdn.com https://*.highwebmedia.com https://*.stream.highwebmedia.com https://*.chaturbate.com https://chaturbate.com https://www.google-analytics.com https://static-pub.highwebmedia.com https://s3pv.highwebmedia.com https://cbphotovideo.s3.amazonaws.com https://cbphotovideo-eu.s3.amazonaws.com https://static-pub.highwebmedia.com.s3.amazonaws.com https://wowdvr.s3.amazonaws.com https://cbvideoupload.s3.amazonaws.com https://cdnjs.cloudflare.com https://www.gstatic.com https://*.nr-data.net https://certify.alexametrics.com https://stats.g.doubleclick.net https://cbgames.s3.amazonaws.com https://player.vimeo.com https://script.hotjar.com http://script.hotjar.com ; font-src 'self' data: https://*.mmcdn.com https://*.highwebmedia.com https://cdnjs.cloudflare.com https://fonts.gstatic.com http://script.hotjar.com https://script.hotjar.com ; connect-src 'self' blob: blob https://*.mmcdn.com wss://*.mmcdn.com wss://*.mmcdn.com:8443 https://*.highwebmedia.com wss://*.highwebmedia.com wss://*.highwebmedia.com:8443 https://*.nr-data.net https://*.chaturbate.com https://chaturbate.com https://www.google-analytics.com https://cbvideoupload.s3-accelerate.amazonaws.com https://stats.g.doubleclick.net https://internet-up.ably-realtime.com https://static-pub.highwebmedia.com https://s3pv.highwebmedia.com https://cbphotovideo.s3.amazonaws.com https://cbphotovideo-eu.s3.amazonaws.com https://static-pub.highwebmedia.com.s3.amazonaws.com https://wowdvr.s3.amazonaws.com https://cbvideoupload.s3.amazonaws.com https://tls-use1.fpapi.io http://*.hotjar.com:* https://*.hotjar.com:* https://vc.hotjar.io:* https://surveystats.hotjar.io wss://*.hotjar.com ; media-src 'self' https://*.mmcdn.com https://*.highwebmedia.com https://*.chaturbate.com https://chaturbate.com mediasource: blob: data: https://static-pub.highwebmedia.com https://s3pv.highwebmedia.com https://cbphotovideo.s3.amazonaws.com https://cbphotovideo-eu.s3.amazonaws.com https://static-pub.highwebmedia.com.s3.amazonaws.com https://wowdvr.s3.amazonaws.com https://cbvideoupload.s3.amazonaws.com; object-src 'self' https://*.mmcdn.com https://*.highwebmedia.com https://download.macromedia.com https://static-pub.highwebmedia.com https://s3pv.highwebmedia.com https://cbphotovideo.s3.amazonaws.com https://cbphotovideo-eu.s3.amazonaws.com https://static-pub.highwebmedia.com.s3.amazonaws.com https://wowdvr.s3.amazonaws.com https://cbvideoupload.s3.amazonaws.com ; frame-src 'self' https://*.mmcdn.com https://*.chaturbate.com https://chaturbate.com https://*.highwebmedia.com https://adserver.exoticads.com https://www.google.com/recaptcha/ https://*.wnu.com https://wnu.com https://checkout.2000charge.com https://www.sofort.com https://*.girogate.de https://player.vimeo.com https://vars.hotjar.com ; child-src 'self' blob: blob ; worker-src 'self' blob: blob ; form-action 'self' https://*.chaturbate.com https://chaturbate.com https://*.stream.highwebmedia.com https://www.coinpayments.net https://*.wnu.com https://wnu.com https://devportal.cb.dev https://*.web.amer-1.jumio.ai https://smartpay.coinsmart.com ; manifest-src 'self' https://*.mmcdn.com https://*.highwebmedia.com ; report-uri https://report-uri.mmcdn.com/r/t/csp/enforce;
report-to: {"group":"default","max_age":2592000,"endpoints":[{"url":"https://report-uri.mmcdn.com/a/t/g"}],"include_subdomains":true}
nel: {"report_to":"default","max_age":2592000,"include_subdomains":true}
x-frame-options: DENY
cache-control: no-cache
x-content-type-options: nosniff
x-xss-protection: 1; mode=block; report=https://report-uri.highwebmedia.com/r/t/xss/enforce
referrer-policy: strict-origin-when-cross-origin
via: 1.1 google
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cf-cache-status: DYNAMIC
set-cookie: u_x1Rd=1; expires=Mon, 03-Oct-2022 05:50:59 GMT; Max-Age=432000; Path=/
us_x1Rd=1; Path=/
affkey="eJwdjFsKgCAQAK8S+135gD7qswsE3WAzRREjdAMjuntsnzMD8wDB1EBV6w5tAyadjIRLmZkpR2bcj3ClbpSy6kFyyKw90VkmIQymYjxSf1gSXNE57ubebE4hWnb/WCt4PzeUIDE="; Domain=.chaturbate.com; expires=Fri, 28-Oct-2022 05:50:59 GMT; Max-Age=2592000; Path=/
fromaffiliate=1; Domain=.chaturbate.com; Path=/
noads=1; expires=Wed, 28-Sep-2022 11:50:59 GMT; Max-Age=21600; Path=/
stcki="pOtSwZ=1\054FqPd9a=0\0546pduSG=0\054aDBbcK=0"; expires=Fri, 28-Oct-2022 05:50:59 GMT; Max-Age=2592000; Path=/
sbr=sec:sbrb9c58231-6361-47a9-ba15-04a9f620a374:1odPyF:ldvsg6cP2EL6pDZf3otWm2nY-wQ; Domain=.chaturbate.com; expires=Mon, 23-Jun-2025 05:50:59 GMT; HttpOnly; Max-Age=86313600; Path=/; Secure
__cf_bm=8ORAi0EDgFbzJnOzz7RJCjqEAJa.hTTQxa05TviIsLE-1664344259-0-AXfgSr3A4wPDYy5XNM2to0fhWwM6FgXhoMCUscHYOQ/aaTBcuOHiVR3qkV+ax01gn+gJli1TvjvR3tnp7hYXqRw=; path=/; expires=Wed, 28-Sep-22 06:20:59 GMT; domain=.chaturbate.com; HttpOnly; Secure; SameSite=None
strict-transport-security: max-age=31536000; includeSubDomains; preload
server: cloudflare
cf-ray: 751a34673d18b4ff-OSL
X-Firefox-Spdy: h2
xfantazy.com/_next/static/chunks/51.21792104df3f91cda445.js
200 OK 0 B URL HTTP/2 xfantazy.com/_next/static/chunks/51.21792104df3f91cda445.js
IP
GET /_next/static/chunks/51.21792104df3f91cda445.js HTTP/1.1
Host: xfantazy.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/video/60030b8cd7357618a3cab844
Cookie: visitorId=ni6eiv1w84d5fobgow4re; experiment-popup-payment-7=0; experiment-save-to-button-2=0; safeMode=0; advancedOptions=0; viewedVideoCounter=0
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Wed, 28 Sep 2022 05:50:56 GMT
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=31536000, immutable
cf-bgj: minify
etag: W/"ce5-181397f9e59"
last-modified: Mon, 06 Jun 2022 14:51:13 GMT
vary: Origin, Accept-Encoding
cf-cache-status: HIT
age: 9790505
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=w4WOj32iUAfX2%2FdPO5Iu71E%2FFiuCWnuRH8rKrhJkcg%2FaTfTyJiHp3ldt3E9Vm0NxbHdSpelwTngtpM8Wndc%2FRxif9IxpntlpsxMNErCJySQ7TaElnFLFex0Gybj8TQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 751a34551cc71c02-OSL
content-encoding: br
X-Firefox-Spdy: h2
xfantazy.com/_next/static/CQQjK-JMZPEm6YR1Hp7eX/pages/login.js
200 OK 0 B URL HTTP/2 xfantazy.com/_next/static/CQQjK-JMZPEm6YR1Hp7eX/pages/login.js
IP
GET /_next/static/CQQjK-JMZPEm6YR1Hp7eX/pages/login.js HTTP/1.1
Host: xfantazy.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/video/60030b8cd7357618a3cab844
Cookie: visitorId=ni6eiv1w84d5fobgow4re; experiment-popup-payment-7=0; experiment-save-to-button-2=0; safeMode=0; advancedOptions=0; viewedVideoCounter=0; adScript2Groups=push1-push1%2Cpop-desk%2CTest-Code%20; k2sAccessToken=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiI1YjM5Y2ZjY2ZjNGUwNzFjNzE4MWQ0ZmQiLCJhdWQiOiJjbGllbnQiLCJ0eXBlIjoiYWNjZXNzVG9rZW4iLCJpc3MiOiJrMnMiLCJjSWQiOiI1YjM5Y2ZjY2ZjNGUwNzFjNzE4MWQ0ZmQiLCJqdGkiOiI2YjY0NmFkNDJhOWE2IiwiaWF0IjoxNjY0MzQ0MjU2LCJleHAiOjE2NjQ5NDkwNTZ9.-0xuPdbDbDP0RHbpIqsnJWlpGjkPagY18bChOZY22Jk; k2sRefreshToken=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiI1YjM5Y2ZjY2ZjNGUwNzFjNzE4MWQ0ZmQiLCJhdWQiOiJjbGllbnQiLCJ0eXBlIjoicmVmcmVzaFRva2VuIiwiaXNzIjoiazJzIiwiY0lkIjoiNWIzOWNmY2NmYzRlMDcxYzcxODFkNGZkIiwianRpIjoiNWJiMzJmZTM2NGY1YSIsImlhdCI6MTY2NDM0NDI1NiwiZXhwIjoxNjY2OTM2MjU2fQ.2QtfCtCGr9V0B16UQ1I5FoNulJTOUi4vy-pQMliGxkc
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Wed, 28 Sep 2022 05:50:57 GMT
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=31536000, immutable
cf-bgj: minify
etag: W/"ba5-183501608c8"
last-modified: Sun, 18 Sep 2022 10:12:44 GMT
vary: Origin, Accept-Encoding
cf-cache-status: HIT
age: 1290
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=U%2BfzghQcmQZ00HawlKqAUuojDsiG5QjPHRLFK7qQm8UC6AsPgV3cHZyxxg0X%2FqnzO%2FFlv5bW%2B8EbUxuceIwkgzzXiMgDmvi0uEsVchdLkjNGnca7QTTuSbzRuO8HwA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 751a34567e081c02-OSL
content-encoding: br
X-Firefox-Spdy: h2
pt.wmptctl.com/live-feed?c=object_container&site=wl3&cobrandId=240622&psid=cybermike&pstool=302_1&psprogram=cbrnd&campaign_id=118122&forcedPerformers%5B0%5D=&vp%5BshowChat%5D=false&vp%5BchatAutoHide%5D=false&vp%5BshowCallToAction%5D=false&vp%5BshowPerformerName%5D=false&vp%5BshowPerformerStatus%5D=false&filters=&subAffId=%7BSUBAFFID%7D&categoryName=girl&embedTool=1&origin=camschat.net&rrc=3
200 OK 0 B URL HTTP/2 pt.wmptctl.com/live-feed?c=object_container&site=wl3&cobrandId=240622&psid=cybermike&pstool=302_1&psprogram=cbrnd&campaign_id=118122&forcedPerformers%5B0%5D=&vp%5BshowChat%5D=false&vp%5BchatAutoHide%5D=false&vp%5BshowCallToAction%5D=false&vp%5BshowPerformerName%5D=false&vp%5BshowPerformerStatus%5D=false&filters=&subAffId=%7BSUBAFFID%7D&categoryName=girl&embedTool=1&origin=camschat.net&rrc=3
IP
ASN #34655 DuoDecad IT Services Luxembourg S.a r.l.
GET /live-feed?c=object_container&site=wl3&cobrandId=240622&psid=cybermike&pstool=302_1&psprogram=cbrnd&campaign_id=118122&forcedPerformers%5B0%5D=&vp%5BshowChat%5D=false&vp%5BchatAutoHide%5D=false&vp%5BshowCallToAction%5D=false&vp%5BshowPerformerName%5D=false&vp%5BshowPerformerStatus%5D=false&filters=&subAffId=%7BSUBAFFID%7D&categoryName=girl&embedTool=1&origin=camschat.net&rrc=3 HTTP/1.1
Host: pt.wmptctl.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://pt.wmptctl.com/live-feed/fk/?c=object_container&site=wl3&cobrandId=240622&psid=cybermike&pstool=202_1&psprogram=cbrnd&campaign_id=118122&forcedPerformers%5B0%5D=&vp%5BshowChat%5D=false&vp%5BchatAutoHide%5D=false&vp%5BshowCallToAction%5D=false&vp%5BshowPerformerName%5D=false&vp%5BshowPerformerStatus%5D=false&filters=&subAffId=%7BSUBAFFID%7D&categoryName=girl&embedTool=1&origin=camschat.net
Cookie: psui=c11170dca089cc3d7eb6d01a7f1a1068
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
cache-control: no-cache
date: Wed, 28 Sep 2022 05:51:02 GMT
server: unknown
set-cookie: psui=c11170dca089cc3d7eb6d01a7f1a1068; Path=/; Expires=Fri, 28-Oct-22 05:51:02 GMT; SameSite=None; Secure
content-encoding: gzip
X-Firefox-Spdy: h2
cdn.tubecorp.com/i/b.html?spot=4511&src=2045230537&pid=19775&width=300&height=250&spaceid=859
200 OK 0 B URL HTTP/2 cdn.tubecorp.com/i/b.html?spot=4511&src=2045230537&pid=19775&width=300&height=250&spaceid=859
IP
ASN #39572 DataWeb Global Group B.V.
GET /i/b.html?spot=4511&src=2045230537&pid=19775&width=300&height=250&spaceid=859 HTTP/1.1
Host: cdn.tubecorp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://a.focusde.info/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Wed, 28 Sep 2022 05:50:58 GMT
content-type: text/html; charset=UTF-8
server: nginx/1.20.1
last-modified: Sat, 20 Nov 2021 06:50:54 GMT
etag: W/"df-5d132d02c9e77"
x-request-id: dc516bd3d4d1e2fc43b3c6ce09f538e2
content-encoding: gzip
expires: Wed, 28 Sep 2022 06:50:58 GMT
cache-control: max-age=3600
x-proxy-cache: HIT
access-control-allow-origin: *
X-Firefox-Spdy: h2
a.focusde.info/api/spots/391868?host=xfantazy.com&ev=196&wh=939&ww=1280
200 OK 0 B URL HTTP/2 a.focusde.info/api/spots/391868?host=xfantazy.com&ev=196&wh=939&ww=1280
IP
ASN #24940 Hetzner Online GmbH
GET /api/spots/391868?host=xfantazy.com&ev=196&wh=939&ww=1280 HTTP/1.1
Host: a.focusde.info
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Cookie: nauid=eEWRVhjhbGeGzuTuETHa
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 28 Sep 2022 05:50:58 GMT
content-type: text/javascript; charset=utf-8
vary: Accept-Encoding
cache-control: private
content-encoding: gzip
X-Firefox-Spdy: h2
xfantazy.com/_next/static/chunks/commons.9b890646c0aa33eb63fe.js
200 OK 0 B URL HTTP/2 xfantazy.com/_next/static/chunks/commons.9b890646c0aa33eb63fe.js
IP
GET /_next/static/chunks/commons.9b890646c0aa33eb63fe.js HTTP/1.1
Host: xfantazy.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/video/60030b8cd7357618a3cab844
Cookie: visitorId=ni6eiv1w84d5fobgow4re; experiment-popup-payment-7=0; experiment-save-to-button-2=0
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Wed, 28 Sep 2022 05:50:55 GMT
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=31536000, immutable
cf-bgj: minify
cf-polished: origSize=1388386
etag: W/"152f62-1826d2bb0af"
last-modified: Fri, 05 Aug 2022 08:42:36 GMT
vary: Origin, Accept-Encoding
cf-cache-status: HIT
age: 4655196
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=rie%2BhFTL9rGWRUFjY10yAmsfiP3iZVbs8R8kq%2BmfoZgYmB4JbDqBB8UolfxpxVkLjnRnPzIQIkGG%2F2fmoBKR3%2F87NW41qkQsCTthOvtWDLNkZTF3KbwXf3ix1lMoEg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 751a344f48751c02-OSL
content-encoding: br
X-Firefox-Spdy: h2
realtime.pa.highwebmedia.com/comet/connect?access_token=KSKw2g.AL36ISgOSm8SqQyi5zt9CoZ0tQoGZJsbzL6VJYwAnMLGiU0TXE&upgrade=e91pWhDJQBGKFP!3m_Exyrd1HrTS7FU-1a5aee91pWhDJQBGKFP&heartbeats=true&v=1.2&agent=ably-js%2F1.2.13%20browser&remainPresentFor=0&rnd=6077472996305459
200 OK 0 B URL HTTP/2 realtime.pa.highwebmedia.com/comet/connect?access_token=KSKw2g.AL36ISgOSm8SqQyi5zt9CoZ0tQoGZJsbzL6VJYwAnMLGiU0TXE&upgrade=e91pWhDJQBGKFP!3m_Exyrd1HrTS7FU-1a5aee91pWhDJQBGKFP&heartbeats=true&v=1.2&agent=ably-js%2F1.2.13%20browser&remainPresentFor=0&rnd=6077472996305459
IP
GET /comet/connect?access_token=KSKw2g.AL36ISgOSm8SqQyi5zt9CoZ0tQoGZJsbzL6VJYwAnMLGiU0TXE&upgrade=e91pWhDJQBGKFP!3m_Exyrd1HrTS7FU-1a5aee91pWhDJQBGKFP&heartbeats=true&v=1.2&agent=ably-js%2F1.2.13%20browser&remainPresentFor=0&rnd=6077472996305459 HTTP/1.1
Host: realtime.pa.highwebmedia.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://chaturbate.com/
Origin: https://chaturbate.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: application/json
access-control-allow-credentials: true
access-control-allow-origin: https://chaturbate.com
access-control-expose-headers: Link,Transfer-Encoding,Content-Length,X-Ably-ErrorCode,X-Ably-ErrorMessage,X-Ably-ServerId,Server
date: Wed, 28 Sep 2022 05:51:03 GMT
vary: Origin
x-ably-serverid: frontend.4ac7.8.eu-central-1-A.i-02b077e81e4a7136d.e91pWhDJQBGKFP
x-content-type-options: nosniff
x-robots-tag: noindex
x-cache: Miss from cloudfront
via: 1.1 5bcfe2deda0bdbc6bade0af9b61602ca.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: TtwTArZ3cjK8dlMmOeDZlhA3zwyge0Lk11H_lwVlyJ4LWESo2KrIBg==
X-Firefox-Spdy: h2
chaturbate.com/tours/3/?tour=x1Rd&campaign=taOsB&c=1&p=0&gender=f&disable_sound=0
200 OK 0 B URL HTTP/2 chaturbate.com/tours/3/?tour=x1Rd&campaign=taOsB&c=1&p=0&gender=f&disable_sound=0
IP
GET /tours/3/?tour=x1Rd&campaign=taOsB&c=1&p=0&gender=f&disable_sound=0 HTTP/1.1
Host: chaturbate.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://camschat.net/
Connection: keep-alive
Cookie: __cf_bm=8ORAi0EDgFbzJnOzz7RJCjqEAJa.hTTQxa05TviIsLE-1664344259-0-AXfgSr3A4wPDYy5XNM2to0fhWwM6FgXhoMCUscHYOQ/aaTBcuOHiVR3qkV+ax01gn+gJli1TvjvR3tnp7hYXqRw=
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Wed, 28 Sep 2022 05:51:00 GMT
content-type: text/html; charset=utf-8
vary: Accept-Encoding, Accept-Language, Cookie
p3p: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"
content-language: en
content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.mmcdn.com https://*.highwebmedia.com https://*.chaturbate.com https://chaturbate.com https://ajax.googleapis.com https://js-agent.newrelic.com https://cdnjs.cloudflare.com https://www.google-analytics.com https://www.google.com/recaptcha/ https://www.google.com/cv/ https://www.gstatic.com/recaptcha/ https://www.gstatic.com/cv/ https://www.gstatic.com/eureka/ https://www.gstatic.com/cast/ https://*.nr-data.net https://certify-js.alexametrics.com https://player.vimeo.com/api/player.js http://static.hotjar.com https://static.hotjar.com https://script.hotjar.com ; style-src 'self' data: 'unsafe-inline' https://*.highwebmedia.com https://cdnjs.cloudflare.com https://fonts.googleapis.com ; img-src 'self' data: https://*.mmcdn.com https://*.highwebmedia.com https://*.stream.highwebmedia.com https://*.chaturbate.com https://chaturbate.com https://www.google-analytics.com https://static-pub.highwebmedia.com https://s3pv.highwebmedia.com https://cbphotovideo.s3.amazonaws.com https://cbphotovideo-eu.s3.amazonaws.com https://static-pub.highwebmedia.com.s3.amazonaws.com https://wowdvr.s3.amazonaws.com https://cbvideoupload.s3.amazonaws.com https://cdnjs.cloudflare.com https://www.gstatic.com https://*.nr-data.net https://certify.alexametrics.com https://stats.g.doubleclick.net https://cbgames.s3.amazonaws.com https://player.vimeo.com https://script.hotjar.com http://script.hotjar.com ; font-src 'self' data: https://*.mmcdn.com https://*.highwebmedia.com https://cdnjs.cloudflare.com https://fonts.gstatic.com http://script.hotjar.com https://script.hotjar.com ; connect-src 'self' blob: blob https://*.mmcdn.com wss://*.mmcdn.com wss://*.mmcdn.com:8443 https://*.highwebmedia.com wss://*.highwebmedia.com wss://*.highwebmedia.com:8443 https://*.nr-data.net https://*.chaturbate.com https://chaturbate.com https://www.google-analytics.com https://cbvideoupload.s3-accelerate.amazonaws.com https://stats.g.doubleclick.net https://internet-up.ably-realtime.com https://static-pub.highwebmedia.com https://s3pv.highwebmedia.com https://cbphotovideo.s3.amazonaws.com https://cbphotovideo-eu.s3.amazonaws.com https://static-pub.highwebmedia.com.s3.amazonaws.com https://wowdvr.s3.amazonaws.com https://cbvideoupload.s3.amazonaws.com https://tls-use1.fpapi.io http://*.hotjar.com:* https://*.hotjar.com:* https://vc.hotjar.io:* https://surveystats.hotjar.io wss://*.hotjar.com ; media-src 'self' https://*.mmcdn.com https://*.highwebmedia.com https://*.chaturbate.com https://chaturbate.com mediasource: blob: data: https://static-pub.highwebmedia.com https://s3pv.highwebmedia.com https://cbphotovideo.s3.amazonaws.com https://cbphotovideo-eu.s3.amazonaws.com https://static-pub.highwebmedia.com.s3.amazonaws.com https://wowdvr.s3.amazonaws.com https://cbvideoupload.s3.amazonaws.com; object-src 'self' https://*.mmcdn.com https://*.highwebmedia.com https://download.macromedia.com https://static-pub.highwebmedia.com https://s3pv.highwebmedia.com https://cbphotovideo.s3.amazonaws.com https://cbphotovideo-eu.s3.amazonaws.com https://static-pub.highwebmedia.com.s3.amazonaws.com https://wowdvr.s3.amazonaws.com https://cbvideoupload.s3.amazonaws.com ; frame-src 'self' https://*.mmcdn.com https://*.chaturbate.com https://chaturbate.com https://*.highwebmedia.com https://adserver.exoticads.com https://www.google.com/recaptcha/ https://*.wnu.com https://wnu.com https://checkout.2000charge.com https://www.sofort.com https://*.girogate.de https://player.vimeo.com https://vars.hotjar.com ; child-src 'self' blob: blob ; worker-src 'self' blob: blob ; form-action 'self' https://*.chaturbate.com https://chaturbate.com https://*.stream.highwebmedia.com https://www.coinpayments.net https://*.wnu.com https://wnu.com https://devportal.cb.dev https://*.web.amer-1.jumio.ai https://smartpay.coinsmart.com ; manifest-src 'self' https://*.mmcdn.com https://*.highwebmedia.com ; report-uri https://report-uri.mmcdn.com/r/t/csp/enforce;
report-to: {"group":"default","max_age":2592000,"endpoints":[{"url":"https://report-uri.mmcdn.com/a/t/g"}],"include_subdomains":true}
nel: {"report_to":"default","max_age":2592000,"include_subdomains":true}
cache-control: no-cache
set-cookie: stcki="pOtSwZ=1\054FqPd9a=0\0546pduSG=0\054aDBbcK=0"; expires=Fri, 28-Oct-2022 05:51:00 GMT; Max-Age=2592000; Path=/
affkey="eJyrVipSslJQyigpKSi20tdPTswtTs5ILNHLSy3RV6oFAJUzCgA="; Domain=.chaturbate.com; expires=Fri, 28-Oct-2022 05:51:00 GMT; Max-Age=2592000; Path=/
sbr=sec:sbrad6044e0-cf41-42d3-8645-c9c4855e7353:1odPyG:2o6F2p7VQJnuyo7Vhftktq_xkck; Domain=.chaturbate.com; expires=Mon, 23-Jun-2025 05:51:00 GMT; HttpOnly; Max-Age=86313600; Path=/; Secure
x-content-type-options: nosniff
x-xss-protection: 1; mode=block; report=https://report-uri.highwebmedia.com/r/t/xss/enforce
referrer-policy: strict-origin-when-cross-origin
via: 1.1 google
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cf-cache-status: DYNAMIC
strict-transport-security: max-age=31536000; includeSubDomains; preload
server: cloudflare
cf-ray: 751a34684e4bb4ff-OSL
content-encoding: br
X-Firefox-Spdy: h2
12112336.pix-cdn.org/m/p/0/11/11508/yPndOg0m.html?__OS_FAMILY__={{%20__OS_FAMILY__%20}}&__OS_TYPE__={{%20__OS_TYPE__%20}}&__GEOIP_COUNTRY_SHORT__={{%20__GEOIP_COUNTRY_SHORT__%20}}&__IP2L_MOBILE__={{%20__IP2L_MOBILE__%20}}&__BROWSER_FAMILY__={{%20__BROWSER_FAMILY__%20}}&OS_FAMILY=[OS_FAMILY]&OS_TYPE=[OS_TYPE]&COUNTRY_ISO_CODE=[COUNTRY_ISO_CODE]&MOBILE_BRAND=[MOBILE_BRAND]&BROWSER_FAMILY=[BROWSER_FAMILY]&DOMAIN=a.focusde.info&PRICE=0.0050&PRICING_MODEL=[PRICING_MODEL]&CAMPAIGN_ID=6435&CLICK_ID=33cd9372-b63c-4358-9029-ee88b36c5be0&id_zone=[idzone]&site={{%20site%20}}&out_name=37319%7C4317%7Ccpm%7C0.0048%7C%24%200.0050&campaign_id=37319&price=0.0050&bidding_price=0.0048&pricebox_price=0.0200&pricing_model=cpm&click_id=33cd9372-b63c-4358-9029-ee88b36c5be0&priority=[PRIORITY]&ad_sub=173501021&utm1=tcb&utm2=878669509-100&utm3=249-6435-14933&utm4=0-10346131-0
200 OK 0 B URL HTTP/2 12112336.pix-cdn.org/m/p/0/11/11508/yPndOg0m.html?__OS_FAMILY__={{%20__OS_FAMILY__%20}}&__OS_TYPE__={{%20__OS_TYPE__%20}}&__GEOIP_COUNTRY_SHORT__={{%20__GEOIP_COUNTRY_SHORT__%20}}&__IP2L_MOBILE__={{%20__IP2L_MOBILE__%20}}&__BROWSER_FAMILY__={{%20__BROWSER_FAMILY__%20}}&OS_FAMILY=[OS_FAMILY]&OS_TYPE=[OS_TYPE]&COUNTRY_ISO_CODE=[COUNTRY_ISO_CODE]&MOBILE_BRAND=[MOBILE_BRAND]&BROWSER_FAMILY=[BROWSER_FAMILY]&DOMAIN=a.focusde.info&PRICE=0.0050&PRICING_MODEL=[PRICING_MODEL]&CAMPAIGN_ID=6435&CLICK_ID=33cd9372-b63c-4358-9029-ee88b36c5be0&id_zone=[idzone]&site={{%20site%20}}&out_name=37319%7C4317%7Ccpm%7C0.0048%7C%24%200.0050&campaign_id=37319&price=0.0050&bidding_price=0.0048&pricebox_price=0.0200&pricing_model=cpm&click_id=33cd9372-b63c-4358-9029-ee88b36c5be0&priority=[PRIORITY]&ad_sub=173501021&utm1=tcb&utm2=878669509-100&utm3=249-6435-14933&utm4=0-10346131-0
IP
ASN #39572 DataWeb Global Group B.V.
GET /m/p/0/11/11508/yPndOg0m.html?__OS_FAMILY__={{%20__OS_FAMILY__%20}}&__OS_TYPE__={{%20__OS_TYPE__%20}}&__GEOIP_COUNTRY_SHORT__={{%20__GEOIP_COUNTRY_SHORT__%20}}&__IP2L_MOBILE__={{%20__IP2L_MOBILE__%20}}&__BROWSER_FAMILY__={{%20__BROWSER_FAMILY__%20}}&OS_FAMILY=[OS_FAMILY]&OS_TYPE=[OS_TYPE]&COUNTRY_ISO_CODE=[COUNTRY_ISO_CODE]&MOBILE_BRAND=[MOBILE_BRAND]&BROWSER_FAMILY=[BROWSER_FAMILY]&DOMAIN=a.focusde.info&PRICE=0.0050&PRICING_MODEL=[PRICING_MODEL]&CAMPAIGN_ID=6435&CLICK_ID=33cd9372-b63c-4358-9029-ee88b36c5be0&id_zone=[idzone]&site={{%20site%20}}&out_name=37319%7C4317%7Ccpm%7C0.0048%7C%24%200.0050&campaign_id=37319&price=0.0050&bidding_price=0.0048&pricebox_price=0.0200&pricing_model=cpm&click_id=33cd9372-b63c-4358-9029-ee88b36c5be0&priority=[PRIORITY]&ad_sub=173501021&utm1=tcb&utm2=878669509-100&utm3=249-6435-14933&utm4=0-10346131-0 HTTP/1.1
Host: 12112336.pix-cdn.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://rtbbnr.com/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Wed, 28 Sep 2022 05:51:00 GMT
content-type: text/html; charset=utf-8
server: nginx/1.12.2
last-modified: Wed, 02 Sep 2020 10:48:37 GMT
etag: W/"5f4f7885-7e9"
content-encoding: gzip
cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
expires: 0
x-proxy-cache: MISS
X-Firefox-Spdy: h2
addresseepaper.com/sfp.js
200 OK 0 B URL HTTP/2 addresseepaper.com/sfp.js
IP
GET /sfp.js HTTP/1.1
Host: addresseepaper.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Wed, 28 Sep 2022 05:50:58 GMT
content-type: application/javascript; charset=utf-8
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
access-control-allow-origin: *
expires: Thu, 01 Jan 1970 00:00:01 GMT
cache-control: max-age=14400
x-request-id: 436d75f2489d8ae00aab3e913c1777de
strict-transport-security: max-age=0; includeSubdomains
cf-cache-status: EXPIRED
last-modified: Wed, 28 Sep 2022 05:50:58 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=f9NzXM591dXvhnouuJk3Ht7BBcABCPbA1uwRInMbnFam%2Fk8Q646iaS7SUaf2I9sXOrw2RSFJXvX2pfequAQUPgLuA%2BAM2l7GWcDXP76SYQpZBmsqnHTvV746Gw3VoB62mr5FyjQ%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 751a345e19134071-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
xfantazy.com/_next/static/chunks/59.edff5ae0d8d83054b552.js
200 OK 0 B URL HTTP/2 xfantazy.com/_next/static/chunks/59.edff5ae0d8d83054b552.js
IP
GET /_next/static/chunks/59.edff5ae0d8d83054b552.js HTTP/1.1
Host: xfantazy.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/video/60030b8cd7357618a3cab844
Cookie: visitorId=ni6eiv1w84d5fobgow4re; experiment-popup-payment-7=0; experiment-save-to-button-2=0
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Wed, 28 Sep 2022 05:50:55 GMT
content-type: application/javascript; charset=UTF-8
cf-bgj: minify
cache-control: public, max-age=31536000, immutable
etag: W/"c8b-179fb71df0d"
last-modified: Fri, 11 Jun 2021 14:20:14 GMT
vary: Origin, Accept-Encoding
cf-cache-status: HIT
age: 30801323
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=CrukHYZH6IB98n6hN%2BvX2MRypmA0H9wR2AkufD%2BZQOfFTSOtQxVImKi1057imjKKHKapcWaUzl9VU55BlOt7Jq8eylDvcUWgo0tbcDMUV%2FVSgabzRha97koN%2F60jWQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 751a344f487b1c02-OSL
content-encoding: br
X-Firefox-Spdy: h2
a.focusde.info/api/spots/382499?host=xfantazy.com&ev=196&wh=939&ww=1280
200 OK 0 B URL HTTP/2 a.focusde.info/api/spots/382499?host=xfantazy.com&ev=196&wh=939&ww=1280
IP
ASN #24940 Hetzner Online GmbH
GET /api/spots/382499?host=xfantazy.com&ev=196&wh=939&ww=1280 HTTP/1.1
Host: a.focusde.info
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Cookie: nauid=eEWRVhjhbGeGzuTuETHa
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 28 Sep 2022 05:50:58 GMT
content-type: text/javascript; charset=utf-8
vary: Accept-Encoding
cache-control: private
content-encoding: gzip
X-Firefox-Spdy: h2
cdn.sb4you1.com/sb/ssp/notifications/text_bubble/2/css/animate.css
200 OK 0 B URL HTTP/2 cdn.sb4you1.com/sb/ssp/notifications/text_bubble/2/css/animate.css
IP
GET /sb/ssp/notifications/text_bubble/2/css/animate.css HTTP/1.1
Host: cdn.sb4you1.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://xfantazy.com
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Wed, 28 Sep 2022 05:50:58 GMT
content-type: text/css
last-modified: Tue, 12 Jul 2022 10:56:21 GMT
etag: W/"62cd5355-13591"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 1198420
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=0ZWFPFK07nTAeA65Idf5fdJvjEkakXUDgWrsK1PozXY1wMT2FoWli%2F%2FGVjf9ePvpstSAVwStNdIret7hE1Y3x%2FYRe%2BSZErU%2BtE1ky2HYtVxalGraNR7Orc78vEtHphvMLxQ%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 751a3461fd597732-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
104.26.1.188
188.72.235.186
104.18.32.68
135.181.208.216
93.93.51.190
23.36.77.32
151.101.85.229
159.69.163.6
185.18.187.89
87.250.250.119
93.184.220.29