r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash ec47f9eed203ae063b9c210009de54a9
19ff156471b9cffbc2432c5b65543bdd18e36271
3974208ce1840f6c9467287b7e220379ed881d76db64939f411dbc500c103d48
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "3974208CE1840F6C9467287B7E220379ED881D76DB64939F411DBC500C103D48"
Last-Modified: Thu, 02 Feb 2023 16:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3714
Expires: Fri, 03 Feb 2023 22:20:25 GMT
Date: Fri, 03 Feb 2023 21:18:31 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash d4e95d0d8982bcd07804baf6fc88231c
5027abda0875bd2529dd4d6691784c74da71a9ee
373799b5749d2cb08b5721699a3e4c6b94b0d41604ac07d4ef7179e47dabc71f
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "373799B5749D2CB08B5721699A3E4C6B94B0D41604AC07D4EF7179E47DABC71F"
Last-Modified: Wed, 01 Feb 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5857
Expires: Fri, 03 Feb 2023 22:56:08 GMT
Date: Fri, 03 Feb 2023 21:18:31 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/
35.241.9.150200 OK 939 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash 30db107dcf4380cef05efea409c2e6a3
96e6a306fbc07299aba64e5c14e2bfca35872fa9
b64051a4a8e346e3c72b2aef77f360a5736ab5e16711d8e0bae3876feaa15b6e
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Type, Alert, Retry-After, Content-Length, Backoff
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Fri, 03 Feb 2023 20:36:11 GMT
content-type: application/json
age: 2540
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 7d2222d41721947297aaeb5a6e3d0714
04cc1ee417c8bf6338657fd4c2e4e1c1ddfd3065
de0e45969a2ad95e52f7e2fbd0d021d9075dd7b14666c929346efe111f648f7c
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "DE0E45969A2AD95E52F7E2FBD0D021D9075DD7B14666C929346EFE111F648F7C"
Last-Modified: Thu, 02 Feb 2023 16:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6887
Expires: Fri, 03 Feb 2023 23:13:18 GMT
Date: Fri, 03 Feb 2023 21:18:31 GMT
Connection: keep-alive
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain
34.160.144.191200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain
IP 34.160.144.191:0
File type PEM certificate\012- , ASCII text
Hash 7b922915ebf1fa3639b333f994c74f24
144a3f80b98fd0652d4614f24cf6cbbee40f8938
adbb3e06df0e870f5c7a9cb81e8979d4e92735853d75c9b779c06470d4db5d9c
GET /chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: DpaNA0Bp5IeZ9aH7vVh3yWE84w4yUGt0XJouiPQaEfHAR/ivdg9LGRHUhWzniAktkXaC236mTFQ=
x-amz-request-id: AWCNXKSFHEEN4868
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Fri, 03 Feb 2023 20:23:41 GMT
age: 3290
last-modified: Mon, 09 Jan 2023 18:04:21 GMT
etag: "7b922915ebf1fa3639b333f994c74f24"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Fri, 03 Feb 2023 21:18:31 GMT
content-type: application/json
content-length: 12
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-allow-credentials: true
access-control-expose-headers: content-type
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
www.xxx-fun.com/searching/%E4%BB%80%E4%B9%88-1.html
104.21.93.13200 OK 15 kB URL HTTP/1.1 www.xxx-fun.com/searching/%E4%BB%80%E4%B9%88-1.html
IP 104.21.93.13:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (1221), with CRLF, LF line terminators
Hash 2e4bd47e37fc072545d4e2e0c2a088cb
1c8c33dd571d06944d1afed08caac2e5bf171e30
a814de9479f01c9f4ef919ff12e61bc33b472249e1ceff324e63e72d6e2a284a
Analyzer Verdict Alert fortinet Malware
GET /searching/%E4%BB%80%E4%B9%88-1.html HTTP/1.1
Host: www.xxx-fun.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Date: Fri, 03 Feb 2023 21:18:31 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
X-Powered-By: PHP/7.2.34
Set-Cookie: fl=en; expires=Sat, 04-Feb-2023 21:18:31 GMT; Max-Age=86400; path=/
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=gkfxpVSqQhwXiWKWJ1xOdvLythG4FTcSpfAy1Ob3dsPX14Gdh3WYCAyMJGG8Z6nQ48OUVoHwFumI8dcCAC6Cmhj%2FfTBJTcX3I9CqtLZEvuefRbe12H%2FkEdbajZ7rLgev3ss%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 793e33148b85b4ed-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
www.xxx-fun.com/css/custom.css
104.21.93.13200 OK 6.7 kB URL HTTP/1.1 www.xxx-fun.com/css/custom.css
IP 104.21.93.13:0
File type ASCII text, with very long lines (1174), with CRLF line terminators
Hash 0ccfe37ad0556b67b424de647b16422d
9a06938e39b7f29bac6725dbec2b2602f13d1ddb
8fbd6267a95715885a6586d0d27c111ec412dc0fd9071acf412af5ab1f40b45c
GET /css/custom.css HTTP/1.1
Host: www.xxx-fun.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.xxx-fun.com/searching/%E4%BB%80%E4%B9%88-1.html
Cookie: fl=en
HTTP/1.1 200 OK
Date: Fri, 03 Feb 2023 21:18:31 GMT
Content-Type: text/css
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Thu, 04 Jun 2020 19:57:05 GMT
Vary: Accept-Encoding
ETag: W/"5ed95211-6ee2"
Content-Encoding: gzip
Cache-Control: max-age=14400
CF-Cache-Status: HIT
Age: 5610
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ohtFVtC%2BI9PhpgSzW8XNQgyY%2Fg%2BqBHKXnTMZCuZKSE3JVpFIkPeu%2FCH1sHfbkOsY%2FKGrkp0MRDOKUAy5YSuNc5vtly1ogzsx6NvFfja4b5TW5Ap8HjXFUfRwpePe64mDIL0%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 793e33179fc6b4ed-OSL
alt-svc: h2=":443"; ma=60
www.xxx-fun.com/js/func.js
104.21.93.13200 OK 1.1 kB URL HTTP/1.1 www.xxx-fun.com/js/func.js
IP 104.21.93.13:0
File type ASCII text, with very long lines (828)
Hash a2bfa77d61ef3b783ede263ef2ecfbc1
f1f78d6c3c7cb3125d9b3f47be41b46e3fc1f11c
8bba62c1eaef451efb11f37e1b8b61470dd59acdc86c1d3c4b35f82cb84d54a8
Analyzer Verdict Alert fortinet Malware
GET /js/func.js HTTP/1.1
Host: www.xxx-fun.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.xxx-fun.com/searching/%E4%BB%80%E4%B9%88-1.html
Cookie: fl=en
HTTP/1.1 200 OK
Date: Fri, 03 Feb 2023 21:18:31 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Sun, 24 Jan 2021 02:47:40 GMT
Vary: Accept-Encoding
ETag: W/"600cdfcc-9bf"
Content-Encoding: gzip
Cache-Control: max-age=14400
CF-Cache-Status: HIT
Age: 5610
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=0CRbVinpW2OB%2BImiTEI%2BRb6RNxkkJiOM1krcmUFYIcnlJa69Suy8KK6DTBBds1nb0LlEYlFzPsVy2cRlvoyqIe1Jjzb5i48RkiMT1JhSrvzog7hhqmUPgnA2Uf3nxiUhNo0%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 793e33179c64b50f-OSL
alt-svc: h2=":443"; ma=60
www.xxx-fun.com/js/main.js
104.21.93.13200 OK 3.3 kB URL HTTP/1.1 www.xxx-fun.com/js/main.js
IP 104.21.93.13:0
Hash 290211e5d1b3fa8e4cfe79eb7fe71673
d4ab50160ec95cb1fde10f5d54dd775f1d9c508e
ad8bb35eca4b3f721a5e6019fee2d647195b29af23673aa2793c16904e0be587
Analyzer Verdict Alert fortinet Malware
GET /js/main.js HTTP/1.1
Host: www.xxx-fun.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.xxx-fun.com/searching/%E4%BB%80%E4%B9%88-1.html
Cookie: fl=en
HTTP/1.1 200 OK
Date: Fri, 03 Feb 2023 21:18:31 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Tue, 04 Sep 2018 11:24:35 GMT
Vary: Accept-Encoding
ETag: W/"5b8e6b73-28bd"
Content-Encoding: gzip
Cache-Control: max-age=14400
CF-Cache-Status: HIT
Age: 5609
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=oY399qwNRzozlRkqJfISLtximzmDt%2FwVFC2vU4%2FImrDNSmpzqQOrsttlysH286u3JAR35ycvCAq8EPnzBolyV4vyrxR6YjlVcBjSE1dEvWaVdTBW795OLHrmcAoAFJ%2F%2BHog%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 793e331798aab52d-OSL
alt-svc: h2=":443"; ma=60
s1.ekogate.club/templates/t4/js/postload.js
172.67.198.61200 OK 8.2 kB URL HTTP/1.1 s1.ekogate.club/templates/t4/js/postload.js
IP 172.67.198.61:0
File type ASCII text, with very long lines (24644), with no line terminators
Hash 59645cf150a653341e385d4f1d6e7b72
c568a2dc71a0d18241d4556181664ea7badbfb01
e158f933243257cf852d14d6ad9b8126dc24607ed70990c668a7c05d278654f0
GET /templates/t4/js/postload.js HTTP/1.1
Host: s1.ekogate.club
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.xxx-fun.com/
HTTP/1.1 200 OK
Date: Fri, 03 Feb 2023 21:18:31 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: *
Cf-Bgj: minify
Cf-Polished: origSize=24645
ETag: W/"58a0128f-6045"
Last-Modified: Sun, 12 Feb 2017 07:45:19 GMT
Vary: Accept-Encoding
Cache-Control: max-age=14400
CF-Cache-Status: HIT
Age: 2594
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=4dTWexvUd2SynbaEdMvmqw34SVnmdQ0ol7j6vDZurjcUnEm6oWe08scKCQK5Oiug4NFz28sI6RzKfKYoCkp2vd09ygfoOFtdQ%2FRq5aKbfDc%2Fnc3TR18lCk%2BjvvMEtxa%2FsVg%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 793e3317cfe6b4f3-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
s1.ekogate.club/templates/t4/css/style.css
172.67.198.61200 OK 4.0 kB URL HTTP/1.1 s1.ekogate.club/templates/t4/css/style.css
IP 172.67.198.61:0
File type ASCII text, with very long lines (15761)
Hash 586333755ab0a7bec861768e874bf3ab
d9c418b0dbd86fd18a0d071c82bd1c23153da387
92612c7dd2665fdd57928ac866774ba546fbb628245e67deeb0e0aea2ec5eea5
GET /templates/t4/css/style.css HTTP/1.1
Host: s1.ekogate.club
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.xxx-fun.com/
HTTP/1.1 200 OK
Date: Fri, 03 Feb 2023 21:18:31 GMT
Content-Type: text/css
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: *
Cf-Bgj: minify
Cf-Polished: origSize=16412
ETag: W/"5abb0692-401c"
Last-Modified: Wed, 28 Mar 2018 03:05:54 GMT
Vary: Accept-Encoding
Cache-Control: max-age=14400
CF-Cache-Status: HIT
Age: 2594
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=l8%2BGkAmfTfF1lVvU4ggtD52N8pagWXebPnBYiQBBV9gY2yWODyz5DL2BlP0qXKccuLC3cSMhltgIlRFWj5V1Ul4vd%2FE%2Be8qngTGtLEJgnz5MzEq%2FEe7mtiDaAAtogRvNeWk%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 793e3317c8a40b51-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
s1.ekogate.club/templates/t3/js/jquery.autocomplete.min.js
172.67.198.61200 OK 3.1 kB URL HTTP/1.1 s1.ekogate.club/templates/t3/js/jquery.autocomplete.min.js
IP 172.67.198.61:0
File type Unicode text, UTF-8 (with BOM) text, with very long lines (538), with CRLF line terminators
Hash 19039e0eda63c45142d94ff05dc6750d
688d53b202caad99b63991ebb8d1c908a2cfb5b7
d0d61284f661dd6162e721a231979c7ca8785ee5e719a15076dee2dc40c79ce6
GET /templates/t3/js/jquery.autocomplete.min.js HTTP/1.1
Host: s1.ekogate.club
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.xxx-fun.com/
HTTP/1.1 200 OK
Date: Fri, 03 Feb 2023 21:18:31 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Fri, 03 Feb 2017 17:56:27 GMT
Vary: Accept-Encoding
ETag: W/"5894c44b-21e8"
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: true
Content-Encoding: gzip
Cache-Control: max-age=14400
CF-Cache-Status: HIT
Age: 3137
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=dpWaT9wxG%2BzjR0u%2BL0TXbSOeV2%2FpRp3NOo66Ba6REvc7jY07gZ3Q920qg33oYkLofDYSm8D4zuQ9vh%2FgTNogQ0MbAeWo0DjSivxWt1%2FaPcSQa1yl4%2FFbbpHgydJUfwzDMDE%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 793e3317cf5fb521-OSL
alt-svc: h2=":443"; ma=60
s1.ekogate.club/templates/t5/js/jquery.lazyload.js
172.67.198.61200 OK 1.6 kB URL HTTP/1.1 s1.ekogate.club/templates/t5/js/jquery.lazyload.js
IP 172.67.198.61:0
File type ASCII text, with very long lines (861)
Hash f4bbb0c9c095a7fae9a607e5647ac641
56ccc5ec11746ab3fd1f79652ac6b31b3b24f430
23754c3ddec727e3fe757f077e43a2cb557524195f9b2a1365b3bc5ef4973013
GET /templates/t5/js/jquery.lazyload.js HTTP/1.1
Host: s1.ekogate.club
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.xxx-fun.com/
HTTP/1.1 200 OK
Date: Fri, 03 Feb 2023 21:18:31 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: *
Cf-Bgj: minify
Cf-Polished: origSize=9058
ETag: W/"59678a5f-2362"
Last-Modified: Thu, 13 Jul 2017 14:57:35 GMT
Vary: Accept-Encoding
Cache-Control: max-age=14400
CF-Cache-Status: HIT
Age: 3088
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=5Pf3rB%2BPYpctGitlh1%2FWdzO9LnNzFonAPuXI%2FUhT7Vr3jd9c85FNXid41FlmtIQvU1r9agzF%2BoHn6jK567ldO%2BDzI4yX1e4Hkvp%2BkcxVtyeDJ5OzWmITojwKpzg%2BvH8u8Ls%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 793e3317cf06b518-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
s1.ekogate.club/templates/t4/js/preload.js
172.67.198.61200 OK 42 kB URL HTTP/1.1 s1.ekogate.club/templates/t4/js/preload.js
IP 172.67.198.61:0
File type Unicode text, UTF-8 text, with very long lines (65535), with no line terminators
Hash 6e9852d005ad907bc5b7b69b81344fc9
c5092bfdfe051b552e4c20636b53e1e929ef7a20
d47fcfa4958be5d9f9032d2537f1750db4e8a50ed7744f94a58e64c343506a62
GET /templates/t4/js/preload.js HTTP/1.1
Host: s1.ekogate.club
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.xxx-fun.com/
HTTP/1.1 200 OK
Date: Fri, 03 Feb 2023 21:18:31 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: *
Cf-Bgj: minify
Cf-Polished: origSize=127930
ETag: W/"589eb471-1f3ba"
Last-Modified: Sat, 11 Feb 2017 06:51:29 GMT
Vary: Accept-Encoding
Cache-Control: max-age=14400
CF-Cache-Status: HIT
Age: 2594
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Ko70x4%2BRp4XwuFVWzBryt3Lut1wXMtY%2BYpO8C%2FfkiHvpYSgKWbTLktKtXgT86hKf4QcmmnZc0nrgeVilxigFEiECz9E%2Bc30gCDVxW89JSTmIvPaj1Ll6GiUox2FQuPnVp60%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 793e3317cbceb506-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
www.warpstorage.pro/images/xxx-fun.com/68/209--.jpg
172.67.129.21200 OK 8.7 kB URL HTTP/1.1 www.warpstorage.pro/images/xxx-fun.com/68/209--.jpg
IP 172.67.129.21:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 400x334, components 3\012- data
Hash f1eff5bf98e6c350f3e30757abe1a136
ec9cc1c7acef2b966ca5b4c8eab3a586a5dfa069
1d8a67a18f01e38bfe06b33f73f4190f90884ee2938536dae4a0af9220c5c9ef
GET /images/xxx-fun.com/68/209--.jpg HTTP/1.1
Host: www.warpstorage.pro
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.xxx-fun.com/
HTTP/1.1 200 OK
Date: Fri, 03 Feb 2023 21:18:31 GMT
Content-Type: image/jpeg
Content-Length: 8658
Connection: keep-alive
Last-Modified: Sat, 23 May 2020 06:09:27 GMT
ETag: "5ec8be17-21d2"
Expires: Thu, 31 Dec 2037 23:55:55 GMT
Cache-Control: public, max-age=315360000
CF-Cache-Status: MISS
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=LIX%2BtqKV0wyTu6rovJ%2FBEtIYdus4Z%2BHGg9c%2Bgdz5YWnATrhwLopnLedfRDn1hVdrfzSUym3wT1ADiR2w0DeBdbWcbEe%2Bp%2B%2BkCXRVCJ9LiWSMSc1o5BbVacXKRlAkrqRFEZd6L5HR"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 793e3317ec8fb515-OSL
alt-svc: h2=":443"; ma=60
www.xxx-fun.com/css/fonts/FredokaOne-Regular.ttf
104.21.93.13200 OK 42 kB URL HTTP/1.1 www.xxx-fun.com/css/fonts/FredokaOne-Regular.ttf
IP 104.21.93.13:0
File type TrueType Font data, 15 tables, 1st "GDEF", 9 names, Microsoft, language 0x409, Copyright (c) 2011 Milena B Brandao (milenabbrandao@gmail.com), with Reserved Font Name "Fredoka\012- data
Hash 4a2f2ea45a0bb1abe81b47d0afde4aae
a1e23edbf2b1640ca17ca5e863bf4508f3b404a7
08a0193637baffaa1d9926085fe2a2716c1ce06136b74a9627e61663649c0f37
Analyzer Verdict Alert fortinet Malware
GET /css/fonts/FredokaOne-Regular.ttf HTTP/1.1
Host: www.xxx-fun.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.xxx-fun.com/css/custom.css
Cookie: fl=en
HTTP/1.1 200 OK
Date: Fri, 03 Feb 2023 21:18:31 GMT
Content-Type: application/octet-stream
Content-Length: 42452
Connection: keep-alive
Last-Modified: Thu, 04 Jun 2020 19:57:02 GMT
ETag: "5ed9520e-a5d4"
Cache-Control: max-age=14400
CF-Cache-Status: HIT
Age: 5614
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=x17%2BkPFlSMs3UDvP2YZFsVp0kjDqMVa1tjlutILxjC0ziAdriSrjRop8Sz8ycpOS%2FaieHyWjHMdg%2BBfIbtNcrILsGRxJPRE2xaMlSrIaX%2FuUHYkP5%2F2Vy01F54I6Ftry844%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 793e3318c9d8b52d-OSL
alt-svc: h2=":443"; ma=60
www.xxx-fun.com/android-icon-192x192.png
104.21.93.13200 OK 12 kB URL HTTP/1.1 www.xxx-fun.com/android-icon-192x192.png
IP 104.21.93.13:0
File type PNG image data, 192 x 192, 8-bit/color RGBA, non-interlaced\012- data
Hash 9d118c232da92a6203dce340ce2cd192
4cfc43bffce5f3444e6f93bd71c8b9b8984550c4
ff8c0d0c85428809d18134b8c1a7ab7fce1947cddf46c1bce4dcdd20ea7f7a7a
GET /android-icon-192x192.png HTTP/1.1
Host: www.xxx-fun.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.xxx-fun.com/searching/%E4%BB%80%E4%B9%88-1.html
Cookie: fl=en; AM_RAW_COUNT=1; XXX_UQ_ID=1
HTTP/1.1 200 OK
Date: Fri, 03 Feb 2023 21:18:31 GMT
Content-Type: image/png
Content-Length: 12470
Connection: keep-alive
Last-Modified: Wed, 27 May 2020 22:34:29 GMT
ETag: "5eceeaf5-30b6"
Cache-Control: max-age=14400
CF-Cache-Status: HIT
Age: 5612
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=x6rNS70SI4Ri1DJzahIpvELk86vapFN3jhpsoU9gYY6nBFEf1CrfViIjFjAHt4JJZmJQIEI%2Bj9IVziMz51W87LNuwBK0ol292%2FEP9sekmHu%2FHb4VQnYBQarZtLo1fk1106Q%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 793e33193a49b52d-OSL
alt-svc: h2=":443"; ma=60
ocsp.digicert.com/
93.184.220.29200 OK 280 B IP 93.184.220.29:0
Hash 501d351445a9a197383de1cfe3851d1c
a45b226dfaf49b84a6fcdf9389226225dc755750
b73099c107509db91b8f72ebac781a2bbd78e8dd3595c784f3643914bd60663c
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 698
Cache-Control: max-age=152984
Content-Type: application/ocsp-response
Date: Fri, 03 Feb 2023 21:18:32 GMT
Etag: "63dd2a05-118"
Expires: Sun, 05 Feb 2023 15:48:15 GMT
Last-Modified: Fri, 03 Feb 2023 15:36:37 GMT
Server: ECS (ska/F70A)
X-Cache: HIT
Content-Length: 280
ocsp.digicert.com/
93.184.220.29200 OK 280 B IP 93.184.220.29:0
Hash 501d351445a9a197383de1cfe3851d1c
a45b226dfaf49b84a6fcdf9389226225dc755750
b73099c107509db91b8f72ebac781a2bbd78e8dd3595c784f3643914bd60663c
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 699
Cache-Control: max-age=152984
Content-Type: application/ocsp-response
Date: Fri, 03 Feb 2023 21:18:32 GMT
Etag: "63dd2a05-118"
Expires: Sun, 05 Feb 2023 15:48:16 GMT
Last-Modified: Fri, 03 Feb 2023 15:36:37 GMT
Server: ECS (ska/F70A)
X-Cache: HIT
Content-Length: 280
zendplace.pro/redis/uniq?domain=www.xxx-fun.com
172.64.100.14200 OK 2 B URL HTTP/2 zendplace.pro/redis/uniq?domain=www.xxx-fun.com
IP 172.64.100.14:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 99914b932bd37a50b983c5e7c90ae93b
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
GET /redis/uniq?domain=www.xxx-fun.com HTTP/1.1
Host: zendplace.pro
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://www.xxx-fun.com
Connection: keep-alive
Referer: http://www.xxx-fun.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 03 Feb 2023 21:18:32 GMT
content-type: application/json; charset=utf-8
content-length: 2
access-control-allow-origin: http://www.xxx-fun.com
access-control-allow-credentials: true
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=bWY8bO4dUDNCZEyFBNI0WgnLg1OUVW8l9kL1dL10NXrExY6UrGUDT6t2YffaNuiY6CCtzSPu3XhMDtEAAYRxTITs3imxf9Oqs66cEunYyKV5FtQr2cndPZNdiu6lDmTs"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 793e331a3aed23c6-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 280 B IP 93.184.220.29:0
Hash 501d351445a9a197383de1cfe3851d1c
a45b226dfaf49b84a6fcdf9389226225dc755750
b73099c107509db91b8f72ebac781a2bbd78e8dd3595c784f3643914bd60663c
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 699
Cache-Control: max-age=152984
Content-Type: application/ocsp-response
Date: Fri, 03 Feb 2023 21:18:32 GMT
Etag: "63dd2a05-118"
Expires: Sun, 05 Feb 2023 15:48:16 GMT
Last-Modified: Fri, 03 Feb 2023 15:36:37 GMT
Server: ECS (ska/F70A)
X-Cache: HIT
Content-Length: 280
zendplace.pro/text
172.64.100.14200 OK 2 B IP 172.64.100.14:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 99914b932bd37a50b983c5e7c90ae93b
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
GET /text HTTP/1.1
Host: zendplace.pro
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://www.xxx-fun.com
Connection: keep-alive
Referer: http://www.xxx-fun.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 03 Feb 2023 21:18:32 GMT
content-type: application/json; charset=utf-8
content-length: 2
access-control-allow-origin: http://www.xxx-fun.com
access-control-allow-credentials: true
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Mpkizyy8kVeE0C%2Bapj4m0uXnJ6Tu2afCPsgObpMPvpox5XUdEbVS9HclpZ32BtuMO3dpfEI17Ct8Q7VEmOohLjkBaHRsspjq24GfjQxUar%2FZe79LNd9GJt1YJHCW%2BRZx"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 793e331a1d0875db-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
35.241.9.150200 OK 329 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Pragma, Backoff, Retry-After, Content-Length, Last-Modified, Expires, Cache-Control, ETag, Alert, Content-Type
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Fri, 03 Feb 2023 20:49:06 GMT
age: 1766
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
www.sigmapics.com/images/xxxsexpic.net/22/811_set_leone.jpg
104.21.1.69200 OK 144 kB URL HTTP/1.1 www.sigmapics.com/images/xxxsexpic.net/22/811_set_leone.jpg
IP 104.21.1.69:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, progressive, precision 8, 400x602, components 3\012- data
Size 144 kB (143924 bytes)
Hash 0007c8bc007f00277109356e540a8d66
0e495540eb4605348344416b8f04c4828183ce11
2695fb1b46b2450c3da0659e0d6bd55e18b29eede91a77739401e8e3c99c8a3f
GET /images/xxxsexpic.net/22/811_set_leone.jpg HTTP/1.1
Host: www.sigmapics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.xxx-fun.com/
HTTP/1.1 200 OK
Date: Fri, 03 Feb 2023 21:18:32 GMT
Content-Type: image/jpeg
Content-Length: 143924
Connection: keep-alive
Last-Modified: Sat, 01 Oct 2016 03:29:44 GMT
ETag: "57ef2da8-23234"
Expires: Thu, 31 Dec 2037 23:55:55 GMT
Cache-Control: public, max-age=315360000
CF-Cache-Status: HIT
Age: 52424
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=k2yf79zi5W%2BdcJbp2%2FXtHiBJfCl2%2FEqQv6FdLjjjwb9C3ZvnJDcXbHVI17w5Djg78zh1dTP7I1Mj8VWHhBbk4ruuRIbNAQZijWYv8HU%2BRVeoGAYVvxPtZXAiu2vcQmvC9Jdwcg%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 793e331c1cba0b55-OSL
alt-svc: h2=":443"; ma=60
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash dedf9c519ac38c4bece9c5bc895787d7
4911175c3f8a435978c5301c33c7a99a5e00a1d5
bddd7e3a4939f863642a7c5348c1c8b9bc569b35c10a27f4cf5ec71f7e6b9698
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "BDDD7E3A4939F863642A7C5348C1C8B9BC569B35C10A27F4CF5EC71F7E6B9698"
Last-Modified: Fri, 03 Feb 2023 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=18743
Expires: Sat, 04 Feb 2023 02:30:55 GMT
Date: Fri, 03 Feb 2023 21:18:32 GMT
Connection: keep-alive
ocsp.digicert.com/
93.184.220.29200 OK 279 B IP 93.184.220.29:0
Hash 53cc76e2c9af65901c768e24dfbb04cf
a10f6204bdb634e2c8a0e01a3691f68f97e3a63e
db49ea3216e9c370437ea5027d45d1ad8d6c6072d21f9cf0931adfb5a3ccdb89
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5350
Cache-Control: max-age=168447
Content-Type: application/ocsp-response
Date: Fri, 03 Feb 2023 21:18:32 GMT
Etag: "63dd5441-117"
Expires: Sun, 05 Feb 2023 20:05:59 GMT
Last-Modified: Fri, 03 Feb 2023 18:36:49 GMT
Server: ECS (ska/F70A)
X-Cache: HIT
Content-Length: 279
b1.hentaibaka.one/api/spots/296902?p=1&s1=%subid1%&kw=
135.181.208.216200 OK 3.4 kB URL HTTP/1.1 b1.hentaibaka.one/api/spots/296902?p=1&s1=%subid1%&kw=
IP 135.181.208.216:0
ASN #24940 Hetzner Online GmbH
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- assembler source, ASCII text, with very long lines (712)
Hash a76ed224c8068bd5b1fc736f8e0e6012
bc1951689c17ac1b07eede0d5518006f691db559
1154a65f6901d76a0bc2b4d3877236a196f0d2eedbd5f032cfb73a9c7b7b2f93
GET /api/spots/296902?p=1&s1=%subid1%&kw= HTTP/1.1
Host: b1.hentaibaka.one
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.xxx-fun.com/
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 03 Feb 2023 21:18:32 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Set-Cookie: nauid=sVR5ADCZng5ypANm72Ik; Path=/; Expires=Wed, 11 Nov 2037 11:11:11 GMT; SameSite=None
Cache-Control: private
Content-Encoding: gzip
ocsp.digicert.com/
93.184.220.29200 OK 279 B IP 93.184.220.29:0
Hash 53cc76e2c9af65901c768e24dfbb04cf
a10f6204bdb634e2c8a0e01a3691f68f97e3a63e
db49ea3216e9c370437ea5027d45d1ad8d6c6072d21f9cf0931adfb5a3ccdb89
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5350
Cache-Control: max-age=168447
Content-Type: application/ocsp-response
Date: Fri, 03 Feb 2023 21:18:32 GMT
Etag: "63dd5441-117"
Expires: Sun, 05 Feb 2023 20:05:59 GMT
Last-Modified: Fri, 03 Feb 2023 18:36:49 GMT
Server: ECS (ska/F70A)
X-Cache: HIT
Content-Length: 279
www.naughtywomenpics.com/use/movies
188.114.96.1200 OK 226 B URL HTTP/1.1 www.naughtywomenpics.com/use/movies
IP 188.114.96.1:0
File type HTML document text\012- HTML document, ASCII text
Hash 97cff6fb3d05e57f8abc030bbb2c5382
306c7b85c49d5c6b6ed34ac5c7c6f0433c9a556d
91359c8bffd4f9c2f9816cf74d03ed6053aba0abd24aee2a8e3315bcdc67fa89
GET /use/movies HTTP/1.1
Host: www.naughtywomenpics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.xxx-fun.com/
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Date: Fri, 03 Feb 2023 21:18:32 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
X-Powered-By: PHP/7.2.34
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=UyKWEzz%2BvbDq0atXgqkLTMSA4u7rrzfUqHtkmQFgKd2TwtNeVoqtxyGkcpzAANlRAGryjZ0Bgq1oFmdsMi49QfLgkSLbkH7v7Gksokbgddy%2BeVuPlOHf35zzP11nBo24Gej3egaW2QK7AKo%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 793e331c1d60b521-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
www.xxx-fun.com/favicon-16x16.png
104.21.93.13200 OK 1.1 kB URL HTTP/1.1 www.xxx-fun.com/favicon-16x16.png
IP 104.21.93.13:0
File type PNG image data, 16 x 16, 8-bit colormap, non-interlaced\012- data
Hash 008fe8e58e30899c302989fc3a62b3aa
296b238223bec08e6236affb6bb794ab1126e1b3
d57dcba72a3cce910d192b3544e7e6206a3346adc0f6a99a6febab7e4ad111dd
GET /favicon-16x16.png HTTP/1.1
Host: www.xxx-fun.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.xxx-fun.com/searching/%E4%BB%80%E4%B9%88-1.html
Cookie: fl=en; AM_RAW_COUNT=1; XXX_UQ_ID=1
HTTP/1.1 200 OK
Date: Fri, 03 Feb 2023 21:18:32 GMT
Content-Type: image/png
Content-Length: 1059
Connection: keep-alive
Last-Modified: Wed, 27 May 2020 22:34:24 GMT
ETag: "5eceeaf0-423"
Cache-Control: max-age=14400
CF-Cache-Status: REVALIDATED
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=acLknMmAhd8Y5OE5LU0iI9Sx98gdNTxB%2FX8w7k5hgWOwMLxrK9WJnmNx8OpY08Glf8H9zHK%2FfVInh8KMLFLnLkFq5%2BwkpUiVWRMGvBnujVOdaD0F2twPM2bMi%2FqjOtpoJ4I%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 793e331bacd3b52d-OSL
alt-svc: h2=":443"; ma=60
a.realsrv.com/iframe.php?idzone=4212504&size=300x250
185.76.9.17200 OK 184 B URL HTTP/1.1 a.realsrv.com/iframe.php?idzone=4212504&size=300x250
IP 185.76.9.17:0
ASN #60068 Datacamp Limited
File type HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash 6900c25bb2c16817b9939ee2089863bd
238e249bfcb6d85a67d3d99ad85a9b30ca38fa62
778f00d2956e81b38397f8571cac16722f22a507a4266c0097d60a848ee2d90b
GET /iframe.php?idzone=4212504&size=300x250 HTTP/1.1
Host: a.realsrv.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.naughtywomenpics.com/
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Date: Fri, 03 Feb 2023 21:18:32 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Expires: Fri, 03 Feb 2023 21:47:52 GMT
Cache-Control: max-age=10800
Access-Control-Allow-Origin: *
X-Cache-OP: HIT
X-Accel-Expires: @1675460941
Server: CDN77-Turbo
X-77-NZT: AblMCQ30wHv/CyMAAA
X-77-NZT-Ray: c0a4cc2872087c9b287add63ea0d2d21
X-Cache: HIT
X-Age: 8971
X-77-POP: stockholmSE
X-77-Cache: HIT
Content-Encoding: gzip
retroxxxmovs.com/use/show
192.187.112.82301 Moved Permanently 169 B URL HTTP/1.1 retroxxxmovs.com/use/show
IP 192.187.112.82:0
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash 0f952b73d3f5586637ea9a5a789d48f4
b29aff4ffa1d4decd77db5160f920e1c6417e5e9
69d11528ee32902d0c47ed215877f0610399536f755db03ed02a77ecedd74751
GET /use/show HTTP/1.1
Host: retroxxxmovs.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.xxx-fun.com/
Upgrade-Insecure-Requests: 1
HTTP/1.1 301 Moved Permanently
Server: nginx/1.20.1
Date: Fri, 03 Feb 2023 21:18:32 GMT
Content-Type: text/html
Content-Length: 169
Connection: keep-alive
Location: http://www.retroxxxmovs.com/use/show
b1.hentaibaka.one/api/click/1284565093935632095?c=90
135.181.208.216200 OK 0 B URL HTTP/1.1 b1.hentaibaka.one/api/click/1284565093935632095?c=90
IP 135.181.208.216:0
ASN #24940 Hetzner Online GmbH
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /api/click/1284565093935632095?c=90 HTTP/1.1
Host: b1.hentaibaka.one
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://b1.hentaibaka.one/api/spots/296902?p=1&s1=%subid1%&kw=
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 03 Feb 2023 21:18:32 GMT
Content-Length: 0
Connection: keep-alive
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: *
Cache-Control: private
push.services.mozilla.com/
44.226.39.149101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 44.226.39.149:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: n4wa+M+sGpQ7JOx0a5ooYw==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: bShKOeid6KNmonM+KPbJP3dUqps=
syndication.realsrv.com/splash.php?native-settings=1&idzone=4139552&cookieconsent=true&&p=http%3A%2F%2Fwww.xxx-fun.com%2F&max=1&loaded=0
95.211.229.248200 OK 1.9 kB URL HTTP/1.1 syndication.realsrv.com/splash.php?native-settings=1&idzone=4139552&cookieconsent=true&&p=http%3A%2F%2Fwww.xxx-fun.com%2F&max=1&loaded=0
IP 95.211.229.248:0
ASN #60781 LeaseWeb Netherlands B.V.
File type JSON data\012- , ASCII text, with very long lines (3477), with no line terminators
Hash e8aac973af38a9394a8e4422b76f1d88
a94865fa4020509b7f15e4e824c33db501a27a14
71aeb254174ea7ad09726d619549615e4f8e3850ba67b0bf60563749d4b69515
GET /splash.php?native-settings=1&idzone=4139552&cookieconsent=true&&p=http%3A%2F%2Fwww.xxx-fun.com%2F&max=1&loaded=0 HTTP/1.1
Host: syndication.realsrv.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://b1.hentaibaka.one
Connection: keep-alive
Referer: http://b1.hentaibaka.one/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 03 Feb 2023 21:18:32 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Origin: http://b1.hentaibaka.one
Access-Control-Allow-Credentials: true
Set-Cookie: __uvt=a%3A1%3A%7Bi%3A0%3Bs%3A33%3A%2263dd7a28a25f17.679623222492235013%22%3B%7D; expires=Sun, 02 Feb 2025 21:18:32 GMT; path=; domain=.realsrv.com; Secure; SameSite=none
impressions=oslmrxbrnxgxamrcraoxsgeicxbmsbcenxgxamrcremlrgeimmccrbebnxgxamcbexxbmgeioslmrxbmnxgxamrccmecbgeicxbmsbocnxgxamrcraoxsgeimmccrlaonxgxamrcremlrgeimmccrlacnxgxamcmlarclgeicxbmsboenxgxamrscrmeogeioslmrxlrnxgxamslescrogeimmccrbxenxgxamrescroogeislsaroornxgxamccolacbgeioslmroemnxgxamrcremlrgeioslmrxlsnxgxamroamsoegeicmmsxrbonxgxamsoeamlmgeimmccrlaenxgxamrsxxxmrgeimmccrbeanxgxamcssabxegeicaocmrmanxgxamolcrcergeimcclsxronxgxamsscrmclgeimcclsxmenxgxamrceerargeialbserebnxgxamccrrssogeimcclsxaonxgxamsxsxllxgeicxbmsbxcnxgxamrsarxclgeimrblxebenxgxamselmborgeimcclsxconxgxamrcraoxsgeirbabxabbnxgxamrescroogeimcclsxacnxgxamsscrmclgeicmmsxaeenxgxamcmrmsrmgeialbsereanxgxamsoeabscgeicaxsscmbnxgxamsosomemgeimcclosconxgxamrcremlrgeimcclsoeonxgxamrcraoxsgeimcclsxlcnxgxamrceerargeimcclossbnxgxamcscxaesgeimcclsxscnxgxamsmoooeegeimcclsxlenxgxamcbrorxbgeimaecseaenxgxamrcremlrgeimaecsxcbnxgxamsmoooeegeimcclsxoanxgxamclrbcelgeimcclsxlbnxgxamcrbalrageimccloscanxgxamrceerargeiclsmrbsonxgxamsmmrbmbgeiclsmarsenxgxamsmmrbmbgeiccmmllebnxgxamclarlmmgeimcclsxsbnxgxamrcremlrgeiclsmrbxonxgxamsbebceegeiclsmrbxcnxgxamsbebceegeiclsmarscnxgxamsbebceegeiccmmlmlcnxgxamsbebceegeiclsmarrenxgxamsbebceegeicaormbaonxgxamsbxxbsrgeicaormlrenxgxamcememscgeimcclsxlonxgxamcsmlmxcgeimrblelronxgxamsbremaegeimaecsxobnxgxamsbremaegeiclsmrbrcnxgxamsbroemmgeiclsmrraanxgxamclsslaegeiclsmrmxbnxgxamsbroemmgeimccloscenxgxamrcraoxsgeimcclsxxonxgxamslescrogeimrblelxbnxgxamslescrogeimcclsoeenxgxamclrbcelgeimrblelmonxgxamcxcrasxgeimrbleloenxgxamcxcrasxgeiclsmrrmanxgxamcxabcxbgeiclsmrbeonxgxamcxabcxbgeiclsmrrcenxgxamcxabcxbgeiclsmrmxanxgxamcxabcxbgeiclsmrbxenxgxamcxabcxbgeiclsmaroonxgxamcxabcxbgeialbserxenxgxamcosraregeimcclsxsenxgxamrcraoxsgeimcclsxlanxgxamcblrlbcgeiccmmlleanxgxamccrrssogeicaormlabnxgxamcrllsmageicaormlconxgxamcrllsmageiclsmarsonxgxamclsslaegeiclsmrmlbnxgxamclsslaegeiclsmrmocnxgxamclsslaegeiccmmllecnxgxamclsslaegeimcclsxcanxgxamrceerscgeimrblelcenxgxamclrbcelgeimaecsxrcnxgxamclrbcelgeialbserxonxgxamclarlmmgeimcclosscnxgxamrceerscgeimaecobronxgxamrescroogeimaecobeenxgxamrescroogeimcclosccnxgxamrescroogeimaecoboonxgxamrescroogeimrblxelenxgxamrescroogeimbclraronmgxamrsmcxsogxcceimxlbmoobnogxamrsmcxsogxcceimesoasbanxgxamrsboxccgxcceimxesoxcbnxgxamrsboxccgxcceialrexeoonxgxamrsbsbsagxcceialrexexbnxgxamrsbsbsagxcceimblrcssonxgxamrsbmosegxcceimblrcsscnxgxamrsbmosegxcceimxlbmxbbnxgxamrsbbexbgxcceimbbcemobncgxamrsbbexlgxcceimaoobbebnxgxamrsbbexlgxcceimxlbmoscnogxamrslosssgxcceimbsblroanlgxamrslosssgxcceixaoosscrnxgxamrslcexrgxcceicmarxbbonsgxamrslcexrgxcceimbrscsxcnsgxamrslaersgxcceimcssmlrcnsgxamrslamrrgxcceimxlbalscnxgxamrslamrrgxcceimblelambnxgxamrslamrrgxcceimaooloranxgxamrslboacgxcceimclsaoxbncgxamrslboacgxcceimlxocxoanogxamrceerscgxcceimbleabcanogxamrceerscgxcceiceecmorsnxgxamrceerscgxcceixaoossalnxgxamrceerargxcceimxlbmosenogxamrceerargxcceimxlbmosonogxamrceeraagxcceialaroxrcnxgxamrceeraagxcceimeembescnogxamrcxorsmgxcceimsacexoonxgxamrcxbbmsgxcceimeembecenxgxamrcxbbmsgxcceimeembesonxgxamrcoxcmagxcceimxeemblenogxamrcoxcmagxcceimcssmlrenogxamrcoxcbegxcceimxeemleonogxamrcoxcbegxcceimblraeabnsgxamrcooeelgxcceimrmaobxanogxamrcooeelgxcceimxlbmxlcnogxamrcoscrlgxcceimaoolslanxgxamrcobllogxcceirarrrcaenxgxamrcceorxgxcceimexexabbnxgxamrccrbsogxcceimbscxmxanxgxamrccarblgxcceimxlbmosanogxamrccmecbgxcceicxmecmcanxgxamrccmecbgxcceimcssmlronsgxamrcresmegxcceimrbxmxmanxgxamrcremlrgxcceimaecsxccnxgxamrcremlrgeimocbmmmbnxgxamrcrxblmgxcceimocbmmacnxgxamrcrxblmgxcceimocbmmaanxgxamrcrxblmgxcceimrxccosanxgxamrcrolmegxcceimrxccosenxgxamrcrolmegxcceimrxccoscnxgxamrcrolmegxcceimxlbmoconxgxamrcraoxsgxcceimxeoxsacnxgxamrcraoxsgxcceimlxbaxlonxgxamrcraoxsgeimxlbalsbnxgxamrcrblsagxcce; expires=Sat, 04 Feb 2023 21:18:32 GMT; path=/; domain=.realsrv.com; Secure; SameSite=none
c-tag=%7B%22tag-banner%22%3A%22v3%7C%7CNOR%7C4139552%7C78389526%7C0%7C%7C508%7C41%7C3%7C40%7C0%7C0%7C0%7C25344%7C0%7C0%7C0%7C1%7C0%7C0%7C0%7C0%7C1%7C0%7C0%7C1%7C%7C4e6a2c22c53147ee6d69402aebb8121f%7C0%7Cxxx-fun.com%7C%7C%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7Cok%22%7D; expires=Sat, 04 Feb 2023 21:18:32 GMT; path=/; domain=.realsrv.com; Secure; SameSite=none
X-Robots-Tag: noindex, follow
Content-Encoding: gzip
ocsp.sectigo.com/
172.64.155.188200 OK 472 B IP 172.64.155.188:0
Hash ee17b3a343927157437a1582b2c0d9ec
8b57752d0459a9e25a347bc69a497586330ef71e
1dae2dc7a311c681cc15821d1a767b9669373688d2eeda19fa908d1f10c761bf
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 03 Feb 2023 21:18:32 GMT
Content-Type: application/ocsp-response
Content-Length: 472
Connection: keep-alive
Last-Modified: Fri, 03 Feb 2023 19:08:29 GMT
Expires: Fri, 10 Feb 2023 19:08:28 GMT
Etag: "8b57752d0459a9e25a347bc69a497586330ef71e"
Cache-Control: max-age=596395,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb4
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 793e331d6d14b4ff-OSL
adserver.juicyads.com/js/jads.js
185.94.236.247200 OK 1.7 kB URL HTTP/1.1 adserver.juicyads.com/js/jads.js
IP 185.94.236.247:0
File type ASCII text, with very long lines (3769), with no line terminators
Hash 65b1efdf55163b144c5018b8772765ad
509de5f40450f3cf05e0d8d1b939fed2bbb11cbe
cf23ab637d84de0eb1c1e67764e05ca0aa140e6ee932a60700fc35661644ee48
GET /js/jads.js HTTP/1.1
Host: adserver.juicyads.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.redteenporn.net/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 03 Feb 2023 21:18:32 GMT
Content-Type: application/x-javascript
Last-Modified: Mon, 21 Nov 2022 05:24:20 GMT
Transfer-Encoding: chunked
Connection: close
ETag: W/"637b0b84-eb9"
Content-Encoding: gzip
s3t3d2y8.afcdn.net/library/426059/ca3c36473024303ff73194dba002fe4549b397a0.webp
185.76.9.26200 OK 13 kB URL HTTP/2 s3t3d2y8.afcdn.net/library/426059/ca3c36473024303ff73194dba002fe4549b397a0.webp
IP 185.76.9.26:0
ASN #60068 Datacamp Limited
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 300x300, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash 1d262ebff5c05a42d0eb7e45836eb3bc
ca3c36473024303ff73194dba002fe4549b397a0
d489c2b443812337fb4246e719c92c8a576979786af6531f22c92e45402d20f9
GET /library/426059/ca3c36473024303ff73194dba002fe4549b397a0.webp HTTP/1.1
Host: s3t3d2y8.afcdn.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://b1.hentaibaka.one/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 03 Feb 2023 21:18:32 GMT
content-type: image/webp
content-length: 13160
last-modified: Thu, 15 Sep 2022 15:28:27 GMT
etag: "6323449b-3368"
expires: Tue, 31 Oct 2023 21:29:31 GMT
cache-control: max-age=31536000
access-control-allow-origin: *
x-robots-tag: noindex, follow
x-cache-op: HIT
x-accel-expires: @1704989464
server: CDN77-Turbo
x-77-nzt: AblMCRR5zrP/kJoeAA
x-77-nzt-ray: af585630a0a7e888287add63fc65292f
x-cache: HIT
x-age: 2005648
x-77-pop: stockholmSE
x-77-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
zendplace.pro/api/v3/contents?d=www.xxx-fun.com&n=Multiniche&abl=0&ot=0&bs=spots%5B6%5D%5B300x250%5D=4%26spots%5B8%5D%5B300x250%5D=1
172.64.100.14200 OK 4.0 kB URL HTTP/2 zendplace.pro/api/v3/contents?d=www.xxx-fun.com&n=Multiniche&abl=0&ot=0&bs=spots%5B6%5D%5B300x250%5D=4%26spots%5B8%5D%5B300x250%5D=1
IP 172.64.100.14:0
File type JSON data\012- , ASCII text, with very long lines (3235), with no line terminators
Hash 04dd1065c96841b287d5d7192fea5cb1
b97d5b7503ca77013d93fadf3c10beb93393ec86
08eb57415a6e8b325a458512af5d9441f7646c5b1867296976f76091d81d3618
GET /api/v3/contents?d=www.xxx-fun.com&n=Multiniche&abl=0&ot=0&bs=spots%5B6%5D%5B300x250%5D=4%26spots%5B8%5D%5B300x250%5D=1 HTTP/1.1
Host: zendplace.pro
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://www.xxx-fun.com
Connection: keep-alive
Referer: http://www.xxx-fun.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 03 Feb 2023 21:18:32 GMT
content-type: application/json; charset=utf-8
vary: Accept-Encoding
access-control-allow-origin: http://www.xxx-fun.com
access-control-allow-credentials: true
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Ddq7U7OI2rr9U7xKACydvQNjoZYTCyltSmVdrFlLpFgi4zAi8rtlX3TeF0UhZsYlQRibxyVOfggpiM9fCMIRPPeKwmbyXqT6yaGqZVN4MpwYodRbMClbfWcISbW16n8D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 793e331a1d0e75db-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
syndication.realsrv.com/cimp.php?t=api&data=H4sIAAAAAAAAAz2PXU4EIRCEr+IFhlQ30A377LMmGg+AzKCbOLtm1t+kDy/DJlJpqEB3voLBfgJP8DckB0oHz5bJZbjAjmKwu/sHC2Sn8vny+vH7fV6X0/uxXlw9ryYqmrMpS/LBUk4xswUmjggWkXqxagimlJNy6I8wb+ji6Pt9dw6gIF5NYU+Pt6Ooi2F93+m7Ha0/+2AniSxpeZ7LPDegJfFVcvVclppT6kOw4ralvF22rxETFlk8jADZoY4YcUeMJFdNNI6+YMMd21bWxey/4xrXdADYKPS/kJk00uZpjrFVrQiIotDqY2tKIPoDPpCUgGEBAAA=
95.211.229.248200 OK 20 B URL HTTP/1.1 syndication.realsrv.com/cimp.php?t=api&data=H4sIAAAAAAAAAz2PXU4EIRCEr+IFhlQ30A377LMmGg+AzKCbOLtm1t+kDy/DJlJpqEB3voLBfgJP8DckB0oHz5bJZbjAjmKwu/sHC2Sn8vny+vH7fV6X0/uxXlw9ryYqmrMpS/LBUk4xswUmjggWkXqxagimlJNy6I8wb+ji6Pt9dw6gIF5NYU+Pt6Ooi2F93+m7Ha0/+2AniSxpeZ7LPDegJfFVcvVclppT6kOw4ralvF22rxETFlk8jADZoY4YcUeMJFdNNI6+YMMd21bWxey/4xrXdADYKPS/kJk00uZpjrFVrQiIotDqY2tKIPoDPpCUgGEBAAA=
IP 95.211.229.248:0
ASN #60781 LeaseWeb Netherlands B.V.
Hash a4745abc5e7fdb89cc6df3069f3c6e69
74789f7ddbebd5b7323f6f8174005b4bf8c1f1ed
d1111b245f685176180e6f1631e6dc49badf6672368e9ce260c71355165effdf
GET /cimp.php?t=api&data=H4sIAAAAAAAAAz2PXU4EIRCEr+IFhlQ30A377LMmGg+AzKCbOLtm1t+kDy/DJlJpqEB3voLBfgJP8DckB0oHz5bJZbjAjmKwu/sHC2Sn8vny+vH7fV6X0/uxXlw9ryYqmrMpS/LBUk4xswUmjggWkXqxagimlJNy6I8wb+ji6Pt9dw6gIF5NYU+Pt6Ooi2F93+m7Ha0/+2AniSxpeZ7LPDegJfFVcvVclppT6kOw4ralvF22rxETFlk8jADZoY4YcUeMJFdNNI6+YMMd21bWxey/4xrXdADYKPS/kJk00uZpjrFVrQiIotDqY2tKIPoDPpCUgGEBAAA= HTTP/1.1
Host: syndication.realsrv.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Origin: http://a.realsrv.com
Connection: keep-alive
Referer: http://a.realsrv.com/
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 03 Feb 2023 21:18:32 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Origin: http://a.realsrv.com
Access-Control-Allow-Credentials: true
Set-Cookie: __upt=%7B%22v%22%3A1%2C%22id%22%3A%220%22%2C%22pcma%22%3A%22%22%2C%22acma%22%3A%22508.0199%22%7D; expires=Sun, 02 Feb 2025 21:18:32 GMT; path=/; domain=.realsrv.com;
X-Robots-Tag: noindex, follow
Content-Encoding: gzip
a.exosrv.com/iframe.js?idzone=3524377
185.76.9.15200 OK 3.8 kB URL HTTP/2 a.exosrv.com/iframe.js?idzone=3524377
IP 185.76.9.15:0
ASN #60068 Datacamp Limited
File type ASCII text, with very long lines (7919), with no line terminators
Hash 986ec22552cd8a9048c8ff2bc76a778c
127dd90d549751bf9bf3aae0ad40732457dc7338
2e9a93b8d5557e3c37784b3905ba45bc59d8c594695ddeb3862f21fb1f997d3f
GET /iframe.js?idzone=3524377 HTTP/1.1
Host: a.exosrv.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://a.exosrv.com/iframe.php?idzone=3524377&size=300x250
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Fri, 03 Feb 2023 21:18:32 GMT
content-type: application/javascript
etag: W/"bd33aa930c1893af6733dddcf97"
expires: Thu, 02 Feb 2023 18:45:39 GMT
cache-control: max-age=10800
access-control-allow-origin: *
x-cache-op: HIT
x-accel-expires: @1675461035
server: CDN77-Turbo
x-77-nzt: AblMCQ0Kqsz/rSIAAA
x-77-nzt-ray: c0a4cc28ce0fcf9a287add630e494025
x-cache: HIT
x-age: 8877
x-77-pop: stockholmSE
x-77-cache: HIT
content-encoding: gzip
X-Firefox-Spdy: h2
s3t3d2y8.afcdn.net/library/676799/cd5710823e62b921a06dc0045d7f2b1b663076c9.jpg
185.76.9.26200 OK 19 kB URL HTTP/1.1 s3t3d2y8.afcdn.net/library/676799/cd5710823e62b921a06dc0045d7f2b1b663076c9.jpg
IP 185.76.9.26:0
ASN #60068 Datacamp Limited
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 90", baseline, precision 8, 300x300, components 3\012- data
Hash e14b72a35908bf1d0aa5be9f877917e1
cd5710823e62b921a06dc0045d7f2b1b663076c9
ace2d7b48d4ce56f5df3d44e08dacb1ee3251c631af636a3ca793005309a31b3
GET /library/676799/cd5710823e62b921a06dc0045d7f2b1b663076c9.jpg HTTP/1.1
Host: s3t3d2y8.afcdn.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://a.realsrv.com/
HTTP/1.1 200 OK
Date: Fri, 03 Feb 2023 21:18:32 GMT
Content-Type: image/jpeg
Content-Length: 18726
Connection: keep-alive
Last-Modified: Fri, 29 May 2020 12:09:23 GMT
ETag: "5ed0fb73-4926"
Expires: Fri, 30 Jun 2023 18:47:20 GMT
Cache-Control: max-age=31536000
Access-Control-Allow-Origin: *
X-Cache-OP: HIT
X-Accel-Expires: @1688195246
Server: CDN77-Turbo
X-Robots-Tag: noindex, follow
X-77-NZT: AblMCRQv2+3/+tweAQ
X-77-NZT-Ray: af5856302db1a989287add6355b33f33
X-Cache: HIT
X-Age: 18799866
X-77-POP: stockholmSE
X-77-Cache: HIT
Accept-Ranges: bytes
www.retroxxxmovs.com/use/show
192.187.112.82200 OK 184 B URL HTTP/1.1 www.retroxxxmovs.com/use/show
IP 192.187.112.82:0
File type HTML document text\012- HTML document, ASCII text
Hash 72c87fef1ef8a85b577a214d913a6a00
927d2c6709bc4addd39d67408d57cb9c28d81a18
6f8baa89fd8c78ea80589c03d1b5b0352bd3adf2df7b1cbf3e52652df3c704dd
GET /use/show HTTP/1.1
Host: www.retroxxxmovs.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://www.xxx-fun.com/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Server: nginx/1.20.1
Date: Fri, 03 Feb 2023 21:18:32 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
X-Powered-By: PHP/7.2.34
Content-Encoding: gzip
s3t3d2y8.afcdn.net/library/426059/c939fdb909578ebf7577341bb1723ce604f19d28.jpg
185.76.9.26200 OK 32 kB URL HTTP/2 s3t3d2y8.afcdn.net/library/426059/c939fdb909578ebf7577341bb1723ce604f19d28.jpg
IP 185.76.9.26:0
ASN #60068 Datacamp Limited
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 90", baseline, precision 8, 300x300, components 3\012- data
Hash 84d61f43ec1dc4b715ee00d2888a78fc
c939fdb909578ebf7577341bb1723ce604f19d28
4a81caa135ac5cacceaa88d1e96d64266fd640caf99911e3ba43a8e1691f61c0
GET /library/426059/c939fdb909578ebf7577341bb1723ce604f19d28.jpg HTTP/1.1
Host: s3t3d2y8.afcdn.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://a.exosrv.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Fri, 03 Feb 2023 21:18:32 GMT
content-type: image/jpeg
content-length: 32171
last-modified: Thu, 15 Sep 2022 15:28:27 GMT
etag: "6323449b-7dab"
expires: Wed, 25 Oct 2023 20:53:30 GMT
cache-control: max-age=31536000
access-control-allow-origin: *
x-robots-tag: noindex, follow
x-cache-op: HIT
x-accel-expires: @1704988813
server: CDN77-Turbo
x-77-nzt: AblMCRQ3wO3/G50eAA
x-77-nzt-ray: af585630a0a7e888287add637240ff34
x-cache: HIT
x-age: 2006299
x-77-pop: stockholmSE
x-77-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
syndication.exosrv.com/cimp.php?t=api&data=H4sIAAAAAAAAAz1Py2oDMQz8lf5AjF625Jzbawsp+QBn44VA00ACZQ/z8fVuSTUHDdIwGgmJ7kh2pC9c9hx7FVROlZJJ4mx4/zjAGMuyfPXH6dK+H+naYVIoVxSNSo6gUjRDs5i6I1PAvLJWgseQZCkwgoIGJKvZyhKRM0sxLR5cqMIJx89XvB0P4ETh+dmEAN6irD42OC2r11mKtOnsxN5jZm/53Gk4dp1iPllZhWipL7fH/SdNt+uWYL09XouxledgYMdbG0XY2GW+t/Er/hV/ueGbrcGCBgO3PnHhWXObwqJXE7Vaa59mFzvpL9ByZatjAQAA
95.211.229.246200 OK 20 B URL HTTP/1.1 syndication.exosrv.com/cimp.php?t=api&data=H4sIAAAAAAAAAz1Py2oDMQz8lf5AjF625Jzbawsp+QBn44VA00ACZQ/z8fVuSTUHDdIwGgmJ7kh2pC9c9hx7FVROlZJJ4mx4/zjAGMuyfPXH6dK+H+naYVIoVxSNSo6gUjRDs5i6I1PAvLJWgseQZCkwgoIGJKvZyhKRM0sxLR5cqMIJx89XvB0P4ETh+dmEAN6irD42OC2r11mKtOnsxN5jZm/53Gk4dp1iPllZhWipL7fH/SdNt+uWYL09XouxledgYMdbG0XY2GW+t/Er/hV/ueGbrcGCBgO3PnHhWXObwqJXE7Vaa59mFzvpL9ByZatjAQAA
IP 95.211.229.246:0
ASN #60781 LeaseWeb Netherlands B.V.
Hash a4745abc5e7fdb89cc6df3069f3c6e69
74789f7ddbebd5b7323f6f8174005b4bf8c1f1ed
d1111b245f685176180e6f1631e6dc49badf6672368e9ce260c71355165effdf
GET /cimp.php?t=api&data=H4sIAAAAAAAAAz1Py2oDMQz8lf5AjF625Jzbawsp+QBn44VA00ACZQ/z8fVuSTUHDdIwGgmJ7kh2pC9c9hx7FVROlZJJ4mx4/zjAGMuyfPXH6dK+H+naYVIoVxSNSo6gUjRDs5i6I1PAvLJWgseQZCkwgoIGJKvZyhKRM0sxLR5cqMIJx89XvB0P4ETh+dmEAN6irD42OC2r11mKtOnsxN5jZm/53Gk4dp1iPllZhWipL7fH/SdNt+uWYL09XouxledgYMdbG0XY2GW+t/Er/hV/ueGbrcGCBgO3PnHhWXObwqJXE7Vaa59mFzvpL9ByZatjAQAA HTTP/1.1
Host: syndication.exosrv.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://a.exosrv.com
Connection: keep-alive
Referer: https://a.exosrv.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 03 Feb 2023 21:18:32 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Origin: https://a.exosrv.com
Access-Control-Allow-Credentials: true
Set-Cookie: __upt=%7B%22v%22%3A1%2C%22id%22%3A%220%22%2C%22pcma%22%3A%22%22%2C%22acma%22%3A%22508.0199%22%7D; expires=Sun, 02 Feb 2025 21:18:32 GMT; path=/; domain=.exosrv.com; Secure; SameSite=none
X-Robots-Tag: noindex, follow
Content-Encoding: gzip
a.exosrv.com/iframe.php?idzone=3606015&size=300x250
185.76.9.15200 OK 184 B URL HTTP/1.1 a.exosrv.com/iframe.php?idzone=3606015&size=300x250
IP 185.76.9.15:0
ASN #60068 Datacamp Limited
File type HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash 7cfa96670a84cd201078d75a707bed77
46392f3e0e713dd51211d3f6e15f6bd48958e2ed
7b5cf6dff74f8755de10b4944016a6b0391e3ccb4a73638a00cb02e97cce418c
GET /iframe.php?idzone=3606015&size=300x250 HTTP/1.1
Host: a.exosrv.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.retroxxxmovs.com/
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Date: Fri, 03 Feb 2023 21:18:32 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Expires: Fri, 03 Feb 2023 21:50:45 GMT
Cache-Control: max-age=10800
Access-Control-Allow-Origin: *
X-Cache-OP: HIT
X-Accel-Expires: @1675461134
Server: CDN77-Turbo
X-77-NZT: AblMCQ1/pGn/SiIAAA
X-77-NZT-Ray: c0a4cc286d08259f287add63f50b2536
X-Cache: HIT
X-Age: 8778
X-77-POP: stockholmSE
X-77-Cache: HIT
Content-Encoding: gzip
a.realsrv.com/nativeads-v2.js
185.76.9.17200 OK 15 kB URL HTTP/2 a.realsrv.com/nativeads-v2.js
IP 185.76.9.17:0
ASN #60068 Datacamp Limited
File type C source, ASCII text, with very long lines (60680), with no line terminators
Hash b232467bf6cb1103f4a34028850ef429
ed5c8048021727329c6b097a9cf19618d911b4c0
4b42c24b1c5c8c2c33db98d830eb08fc733d01c5b71194520dc143eac35b179a
GET /nativeads-v2.js HTTP/1.1
Host: a.realsrv.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://b1.hentaibaka.one/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 03 Feb 2023 21:18:32 GMT
content-type: application/javascript
etag: W/"21b43fd9d304f2027f605b8ad4d"
expires: Thu, 02 Feb 2023 18:45:28 GMT
cache-control: max-age=10800
access-control-allow-origin: *
x-cache-op: HIT
x-accel-expires: @1675460810
server: CDN77-Turbo
x-77-nzt: AblMCQ00n0f/jiMAAA
x-77-nzt-ray: c0a4cc28d50c409b287add633a837a20
x-cache: HIT
x-age: 9102
x-77-pop: stockholmSE
x-77-cache: HIT
content-encoding: gzip
X-Firefox-Spdy: h2
adserver.juicyads.com/adshow.php?adzone=480341
185.94.236.247200 OK 1.5 kB URL HTTP/1.1 adserver.juicyads.com/adshow.php?adzone=480341
IP 185.94.236.247:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with very long lines (434), with CRLF, LF line terminators
Hash 30c07940ef820139e186eec5fe0c04cb
cb30a0ccac3136ce24c26e3a6554f020c32b38be
f803aacdb3b93ac884dc3f76657fd28b5ce77dc4d7bf0c72f083cc8c6d490af3
GET /adshow.php?adzone=480341 HTTP/1.1
Host: adserver.juicyads.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.redteenporn.net/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 03 Feb 2023 21:18:33 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: close
X-Powered-By: PHP/5.6.40
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CUR OUR IND STA"
Set-Cookie: surferid=8150f639bfa406c67caf0122642c7219; expires=Sat, 03-Feb-2024 21:18:32 GMT; Max-Age=31536000; path=/; SameSite=None; Secure; domain=.juicyads.com
juicy_data_1=YTowOnt9; expires=Mon, 06-Feb-2023 21:18:32 GMT; Max-Age=259200; path=/; SameSite=None; Secure; domain=juicyads.com
juicy_data=YToxOntzOjEyOiJqdWljeV9kYXRhXzEiO3M6MToiMSI7fQ%3D%3D; expires=Mon, 06-Feb-2023 21:18:32 GMT; Max-Age=259200; path=/; SameSite=None; Secure; domain=juicyads.com
Content-Encoding: gzip
ads.juicyads.me/network/user1037/78-1639151697-0324899001639151697.jpg
69.16.175.10200 OK 36 kB URL HTTP/2 ads.juicyads.me/network/user1037/78-1639151697-0324899001639151697.jpg
IP 69.16.175.10:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 300x250, components 3\012- data
Hash 2aeab316e738140feea3d8e6e841aafa
d9505c0a4f803d9e18f7dee02dd8ad5f6b65745e
dd1ec02cb97c9bed95bda4931284f16a6e4997bb35f9ef6ac266a052e9d93dd1
GET /network/user1037/78-1639151697-0324899001639151697.jpg HTTP/1.1
Host: ads.juicyads.me
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://adserver.juicyads.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 03 Feb 2023 21:18:33 GMT
etag: "1639151697"
cache-control: max-age=29716440
content-length: 36542
content-type: image/jpeg
last-modified: Fri, 10 Dec 2021 15:54:57 GMT
accept-ranges: bytes
x-hw: 1675459113.dop022.sk1.t,1675459113.cds202.sk1.hn,1675459113.cds219.sk1.c
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash c14d3cf8ade0150a711f094be32ac474
11e7fb5487d364c5392e1594e09f5b49831043ea
2a98ce39894b7d9befdba3916467bc95962376d0b308103e0a1eea36c0bc2302
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "2A98CE39894B7D9BEFDBA3916467BC95962376D0B308103E0A1EEA36C0BC2302"
Last-Modified: Fri, 03 Feb 2023 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5062
Expires: Fri, 03 Feb 2023 22:42:56 GMT
Date: Fri, 03 Feb 2023 21:18:34 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash c14d3cf8ade0150a711f094be32ac474
11e7fb5487d364c5392e1594e09f5b49831043ea
2a98ce39894b7d9befdba3916467bc95962376d0b308103e0a1eea36c0bc2302
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "2A98CE39894B7D9BEFDBA3916467BC95962376D0B308103E0A1EEA36C0BC2302"
Last-Modified: Fri, 03 Feb 2023 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5062
Expires: Fri, 03 Feb 2023 22:42:56 GMT
Date: Fri, 03 Feb 2023 21:18:34 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash c14d3cf8ade0150a711f094be32ac474
11e7fb5487d364c5392e1594e09f5b49831043ea
2a98ce39894b7d9befdba3916467bc95962376d0b308103e0a1eea36c0bc2302
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "2A98CE39894B7D9BEFDBA3916467BC95962376D0B308103E0A1EEA36C0BC2302"
Last-Modified: Fri, 03 Feb 2023 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5062
Expires: Fri, 03 Feb 2023 22:42:56 GMT
Date: Fri, 03 Feb 2023 21:18:34 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash c14d3cf8ade0150a711f094be32ac474
11e7fb5487d364c5392e1594e09f5b49831043ea
2a98ce39894b7d9befdba3916467bc95962376d0b308103e0a1eea36c0bc2302
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "2A98CE39894B7D9BEFDBA3916467BC95962376D0B308103E0A1EEA36C0BC2302"
Last-Modified: Fri, 03 Feb 2023 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5062
Expires: Fri, 03 Feb 2023 22:42:56 GMT
Date: Fri, 03 Feb 2023 21:18:34 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash c14d3cf8ade0150a711f094be32ac474
11e7fb5487d364c5392e1594e09f5b49831043ea
2a98ce39894b7d9befdba3916467bc95962376d0b308103e0a1eea36c0bc2302
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "2A98CE39894B7D9BEFDBA3916467BC95962376D0B308103E0A1EEA36C0BC2302"
Last-Modified: Fri, 03 Feb 2023 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5062
Expires: Fri, 03 Feb 2023 22:42:56 GMT
Date: Fri, 03 Feb 2023 21:18:34 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F64144d1c-f524-496f-8b52-ba63714dbfc5.jpeg
34.120.237.76200 OK 12 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F64144d1c-f524-496f-8b52-ba63714dbfc5.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash e366b32074025aaf60bbae8bdb08d330
a52c2883bad98fa20333aa639a5dd3a5bf544c8e
9d661c26effaec9efee16833f6459d6ecbe4f77b822c9c46e2a6433bda816e5c
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F64144d1c-f524-496f-8b52-ba63714dbfc5.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 11565
x-amzn-requestid: 87a84ffd-1176-4656-aac4-e98f38ec2cd9
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fboIrFGboAMFyyQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d48704-162ed8114aa1809204500548;Sampled=0
x-amzn-remapped-date: Sat, 28 Jan 2023 02:23:00 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: w0Zm5V0TQxsQ7917U3fdhS_n7qKE143PuhI2JmNCDM_Pf0yPLyW6yA==
via: 1.1 d83ae0e1ba84e92e58bc1efc23a0c652.cloudfront.net (CloudFront), 1.1 32c16f33c8f5601364fa8229b0d74dc2.cloudfront.net (CloudFront), 1.1 google
date: Thu, 02 Feb 2023 21:48:01 GMT
age: 84633
etag: "a52c2883bad98fa20333aa639a5dd3a5bf544c8e"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F49d52576-44b1-4baf-92c0-88f267415a19.jpeg
34.120.237.76200 OK 5.6 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F49d52576-44b1-4baf-92c0-88f267415a19.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash d4041f3b5316bc84c9e6d88ddbc85b89
4978a4a20836b6f5d863d331bcedad782b7b4ac6
549b62d2c4ec965b8bec62010c0ce338dfea7992ee83eb7af61ff1a30d21f8b5
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F49d52576-44b1-4baf-92c0-88f267415a19.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 5641
x-amzn-requestid: b53b54b1-3b00-47cf-a25c-e93910c2ebfb
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fuvzpHsXoAMFsuw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63dc2ce3-0c4fc8154763febb44460ac2;Sampled=0
x-amzn-remapped-date: Thu, 02 Feb 2023 21:36:36 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: x4-BZdG4JGRKCSdKynnuweZfo9l0XZtDB-MiANy7C2Yz1URYMHP4sQ==
via: 1.1 cd48ffda04934d18865e47e99ea080bc.cloudfront.net (CloudFront), 1.1 64f86ae1c24221f3a2e4d653d6dbc416.cloudfront.net (CloudFront), 1.1 google
date: Thu, 02 Feb 2023 21:57:49 GMT
age: 84045
etag: "4978a4a20836b6f5d863d331bcedad782b7b4ac6"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ffda40dcf-1e5b-4e49-bd65-084935f52db9.jpeg
34.120.237.76200 OK 6.8 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ffda40dcf-1e5b-4e49-bd65-084935f52db9.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash e706db8a6107758a148463e916f2532d
4b0b8cb5ced3e3e67b0320a3bbaecd2176e21b81
673f18036a53f8ff297ef6a63fd094e7c41d90f3960f0e687a741cc7dd3f6172
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ffda40dcf-1e5b-4e49-bd65-084935f52db9.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 6791
x-amzn-requestid: 665115ea-728e-4a55-aaf8-b09db3fa67a2
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ffl96FIzIAMFYGg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d61d25-0abbd7262ca10b7a7d2bf9eb;Sampled=0
x-amzn-remapped-date: Sun, 29 Jan 2023 07:15:49 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: nPgaBSGyLJQnN0ofVRFniW2LqzgKVWchSKYSjYCmuPtpL9Ner81ARQ==
via: 1.1 446313511980eb02f28ff5a9a4147c0a.cloudfront.net (CloudFront), 1.1 325ed3ba58a560748d886354beef39c0.cloudfront.net (CloudFront), 1.1 google
date: Thu, 02 Feb 2023 22:14:03 GMT
age: 83071
etag: "4b0b8cb5ced3e3e67b0320a3bbaecd2176e21b81"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe4c16006-34b0-45cb-bb9f-46fe6dd44e3c.jpeg
34.120.237.76200 OK 13 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe4c16006-34b0-45cb-bb9f-46fe6dd44e3c.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash cf80667db0c35c9c6139eca4ba5d12fd
4c4cfdc2463e8704a7bf8e1477c43b6adf7c7590
d63e69f4b6ea16333d242bf33d4f02a4a6c96a739ca018d86afc5741d85b774d
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe4c16006-34b0-45cb-bb9f-46fe6dd44e3c.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 13065
x-amzn-requestid: 20c6f462-0f1f-44d1-9b6b-6afbc4e79e8b
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fpYpcELtIAMFvFg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63da07d5-44cd803c0feba28919b0a9ec;Sampled=0
x-amzn-remapped-date: Wed, 01 Feb 2023 06:33:57 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: T3PhGRcHX1X2hn8K_4587fXBrEyuY5Em-b9Jg41uH4uyQXeFoRBIYg==
via: 1.1 49b94a8674d6e86a841d6523f7dbaf14.cloudfront.net (CloudFront), 1.1 b2f9564ebf9c745cc2ceae96d434977e.cloudfront.net (CloudFront), 1.1 google
date: Thu, 02 Feb 2023 21:46:56 GMT
age: 84698
etag: "4c4cfdc2463e8704a7bf8e1477c43b6adf7c7590"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6b4ea648-021a-44ef-a083-3ea03f73dca3.jpeg
34.120.237.76200 OK 11 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6b4ea648-021a-44ef-a083-3ea03f73dca3.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 3490571dd2de0a747987b9a0e18cccc8
18e9f8f160d3515f1cb31fc7538ac762a6cab344
1c071d7f3b288b29254500f94f19c0db0633c6aa90812f2e92c4f64992f5221a
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6b4ea648-021a-44ef-a083-3ea03f73dca3.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 10796
x-amzn-requestid: 5c9b1a83-c99a-44b9-9a90-5edd7ef1e225
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fi0XKG93oAMFtsA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d76760-01bf754d6c725c3275c02a1b;Sampled=0
x-amzn-remapped-date: Mon, 30 Jan 2023 06:44:48 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: XTZJAn0LMAfFtaQ2bN8z58cCsUT5GzxDMnHVB_iw9E_NskHQ-BgbRQ==
via: 1.1 d83ae0e1ba84e92e58bc1efc23a0c652.cloudfront.net (CloudFront), 1.1 e4d3d5aafc7d7d582423c073065ab562.cloudfront.net (CloudFront), 1.1 google
date: Thu, 02 Feb 2023 22:19:26 GMT
age: 84437
etag: "18e9f8f160d3515f1cb31fc7538ac762a6cab344"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fedd456a0-d42f-4b40-ad63-ea1dcfaf69eb.jpeg
34.120.237.76200 OK 10 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fedd456a0-d42f-4b40-ad63-ea1dcfaf69eb.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 2a6aaf87a867f93dc9268a8b27973b97
f52ccbe6cbced1994acb13a00b05436553b6813e
3fbd7441712035f4d53c17eec93bc278e6c072043f3b5a721cac349fc0dabe77
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fedd456a0-d42f-4b40-ad63-ea1dcfaf69eb.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 10166
x-amzn-requestid: 54fe0d12-360f-4d97-bcf3-b24747d956aa
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fY_4zHEcoAMF1iA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d379d1-4ba89e44005f616a0ed3ed24;Sampled=0
x-amzn-remapped-date: Fri, 27 Jan 2023 07:14:25 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: hSyEfSDToqgfnFIW68Krz-ANYUNQoUPWhyb-8xDUarI6mnVLXriHDQ==
via: 1.1 2afae0d44e2540f472c0635ab62c232a.cloudfront.net (CloudFront), 1.1 476c2ba6d9f6cd69dbcedbd65688cbc0.cloudfront.net (CloudFront), 1.1 google
date: Thu, 02 Feb 2023 21:59:54 GMT
age: 83920
etag: "f52ccbe6cbced1994acb13a00b05436553b6813e"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
adserver.juicyads.com/adshow.php?adzone=480341
185.94.236.247200 OK 1.5 kB URL HTTP/1.1 adserver.juicyads.com/adshow.php?adzone=480341
IP 185.94.236.247:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with very long lines (424), with CRLF, LF line terminators
Hash 50b50657658190a4cbfbb6cc87a3eb1b
e66d5ea969dcf0df4c485829cb224e5329217154
1b707686b813e279383612e32997b1986dca23a14bfd7f10b8c4abc7ef39c8cf
GET /adshow.php?adzone=480341 HTTP/1.1
Host: adserver.juicyads.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.redteenporn.net/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 03 Feb 2023 21:18:34 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: close
X-Powered-By: PHP/5.6.40
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CUR OUR IND STA"
Set-Cookie: surferid=d85a11885eff1e7d3d7c47d6165faf5e; expires=Sat, 03-Feb-2024 21:18:33 GMT; Max-Age=31536000; path=/; SameSite=None; Secure; domain=.juicyads.com
imps9183=1; expires=Sat, 04-Feb-2023 21:18:33 GMT; Max-Age=86400; path=/; SameSite=None; Secure; domain=.juicyads.com
juicy_data_1=YToxOntpOjI5MDIzMztpOjE2NzU3MTgzMTM7fQ%3D%3D; expires=Mon, 06-Feb-2023 21:18:33 GMT; Max-Age=259200; path=/; SameSite=None; Secure; domain=juicyads.com
juicy_data=YToxOntzOjEyOiJqdWljeV9kYXRhXzEiO3M6MToiMSI7fQ%3D%3D; expires=Mon, 06-Feb-2023 21:18:33 GMT; Max-Age=259200; path=/; SameSite=None; Secure; domain=juicyads.com
Content-Encoding: gzip
ads.juicyads.me/network/user22416/300x250-1392051358.jpg
69.16.175.10200 OK 30 kB URL HTTP/2 ads.juicyads.me/network/user22416/300x250-1392051358.jpg
IP 69.16.175.10:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 100x100, segment length 16, baseline, precision 8, 300x250, components 3\012- data
Hash 1c1fbc8e6d4eef72451f4dd0ba063100
b7100d92e3dd6b9aee8700913bb1c5dd91f5bbf0
65dfd5345e9e11d6825f552319a0c5711f90712e2addab7f6b0cf919dda47ccc
GET /network/user22416/300x250-1392051358.jpg HTTP/1.1
Host: ads.juicyads.me
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://adserver.juicyads.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Fri, 03 Feb 2023 21:18:34 GMT
etag: "1456947710"
cache-control: max-age=25855064
content-length: 29810
content-type: image/jpeg
last-modified: Wed, 02 Mar 2016 19:41:50 GMT
accept-ranges: bytes
x-hw: 1675459114.dop022.sk1.t,1675459114.cds202.sk1.hn,1675459114.cds068.sk1.c
X-Firefox-Spdy: h2
zendplace.pro/api/v3/contents?d=www.xxx-fun.com&n=Multiniche&abl=0&ot=0&bs=spots%5B6%5D%5B300x250%5D=4%26spots%5B8%5D%5B300x250%5D=1
172.64.100.14200 OK 0 B URL HTTP/2 zendplace.pro/api/v3/contents?d=www.xxx-fun.com&n=Multiniche&abl=0&ot=0&bs=spots%5B6%5D%5B300x250%5D=4%26spots%5B8%5D%5B300x250%5D=1
IP 172.64.100.14:0
GET /api/v3/contents?d=www.xxx-fun.com&n=Multiniche&abl=0&ot=0&bs=spots%5B6%5D%5B300x250%5D=4%26spots%5B8%5D%5B300x250%5D=1 HTTP/1.1
Host: zendplace.pro
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://www.xxx-fun.com
Connection: keep-alive
Referer: http://www.xxx-fun.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 03 Feb 2023 21:18:32 GMT
content-type: application/json; charset=utf-8
vary: Accept-Encoding
access-control-allow-origin: http://www.xxx-fun.com
access-control-allow-credentials: true
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=EP0wE6WO6HGNT0be%2BgWL1LoMEVsKyH2K6KKBfi49MPnBrfptTj29LI%2B3BqTT8rNW1A%2FGsOl71GNj8DKaJcg7FWnjiBKJBy25o2dz3d2prxOm8PoBp7BWJdrLGnNgUdWy"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 793e331a2d2575db-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
a.exosrv.com/build-iframe-js-url.js?idzone=3524377
185.76.9.15200 OK 0 B URL HTTP/2 a.exosrv.com/build-iframe-js-url.js?idzone=3524377
IP 185.76.9.15:0
ASN #60068 Datacamp Limited
GET /build-iframe-js-url.js?idzone=3524377 HTTP/1.1
Host: a.exosrv.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://a.exosrv.com/iframe.php?idzone=3524377&size=300x250
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Fri, 03 Feb 2023 21:18:32 GMT
content-type: application/javascript
etag: W/"89be11c1937992f69f85f25d821"
expires: Thu, 02 Feb 2023 18:45:39 GMT
cache-control: max-age=10800
access-control-allow-origin: *
x-cache-op: HIT
x-accel-expires: @1675461035
server: CDN77-Turbo
x-77-nzt: AblMCQ2GZHb/rSIAAA
x-77-nzt-ray: c0a4cc28ce0fcf9a287add6334206221
x-cache: HIT
x-age: 8877
x-77-pop: stockholmSE
x-77-cache: HIT
content-encoding: gzip
X-Firefox-Spdy: h2
a.exosrv.com/iframe.js?idzone=3606015
185.76.9.15200 OK 0 B URL HTTP/2 a.exosrv.com/iframe.js?idzone=3606015
IP 185.76.9.15:0
ASN #60068 Datacamp Limited
GET /iframe.js?idzone=3606015 HTTP/1.1
Host: a.exosrv.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://a.exosrv.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Fri, 03 Feb 2023 21:18:32 GMT
content-type: application/javascript
etag: W/"13b1ff291f5790bf6fb4cb0ff0b"
expires: Thu, 02 Feb 2023 18:45:43 GMT
cache-control: max-age=10800
access-control-allow-origin: *
x-cache-op: HIT
x-accel-expires: @1675461258
server: CDN77-Turbo
x-77-nzt: AblMCQ19O67/ziEAAA
x-77-nzt-ray: c0a4cc28ce0fcf9a287add63a4952238
x-cache: HIT
x-age: 8654
x-77-pop: stockholmSE
x-77-cache: HIT
content-encoding: gzip
X-Firefox-Spdy: h2
www.xxxlesbians.me/get/show_desktop
104.21.13.15200 OK 0 B URL HTTP/2 www.xxxlesbians.me/get/show_desktop
IP 104.21.13.15:0
GET /get/show_desktop HTTP/1.1
Host: www.xxxlesbians.me
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.xxx-fun.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 03 Feb 2023 21:18:32 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
x-powered-by: PHP/7.2.34
cache-control: max-age=2678400
cf-cache-status: HIT
age: 2608425
last-modified: Wed, 04 Jan 2023 16:44:47 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=cle0vt1NKoOBVAenRb%2Fgh5%2BKw%2B9ixrrMHmRra0tH0vx3Y%2B8nUrPrnmYCWww6VBBXq1xVDYMkmnUcT8dZ7XAGp7W411a3h%2Bp5Q9lit%2F3O7CjghQHf3QBSgMqP015Rx6%2BC%2BAuNLho%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 793e331c6bb4b4ff-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
www.redteenporn.net/use/juicy
104.21.61.149200 OK 0 B URL HTTP/2 www.redteenporn.net/use/juicy
IP 104.21.61.149:0
GET /use/juicy HTTP/1.1
Host: www.redteenporn.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.xxx-fun.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 03 Feb 2023 21:18:32 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
x-powered-by: PHP/5.6.40
referrer-policy: origin
cache-control: max-age=2678400
cf-cache-status: HIT
age: 1535823
last-modified: Tue, 17 Jan 2023 02:41:29 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=pMPEfsBzkcQmsV0Qgq9u3qHXvoYddGgQa01WGh4ldc%2Flw7k5Lngr3zTVhs%2BUQC89FmajOrBbvn9ki8KpotqFd2pNwKmNcsPsChwOrsNM0Tx9ZuJ7ubDcPp%2BvA3OFcarM86GDkZSi"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 793e331c8e20b4ed-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
a.exosrv.com/ad-provider.js
185.76.9.15200 OK 0 B URL HTTP/2 a.exosrv.com/ad-provider.js
IP 185.76.9.15:0
ASN #60068 Datacamp Limited
GET /ad-provider.js HTTP/1.1
Host: a.exosrv.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://a.exosrv.com/iframe.php?idzone=3524377&size=300x250
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Fri, 03 Feb 2023 21:18:32 GMT
content-type: application/javascript
etag: W/"f7a203d9879ab30da94f5d83984"
expires: Thu, 02 Feb 2023 18:45:38 GMT
cache-control: max-age=10800
access-control-allow-origin: *
x-cache-op: HIT
x-accel-expires: @1675460817
server: CDN77-Turbo
x-77-nzt: AblMCQ3ftGf/hyMAAA
x-77-nzt-ray: c0a4cc28ce0fcf9a287add63912a4221
x-cache: HIT
x-age: 9095
x-77-pop: stockholmSE
x-77-cache: HIT
content-encoding: gzip
X-Firefox-Spdy: h2
a.realsrv.com/iframe.js?idzone=4212504
185.76.9.17200 OK 0 B URL HTTP/2 a.realsrv.com/iframe.js?idzone=4212504
IP 185.76.9.17:0
ASN #60068 Datacamp Limited
GET /iframe.js?idzone=4212504 HTTP/1.1
Host: a.realsrv.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://a.realsrv.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Fri, 03 Feb 2023 21:18:32 GMT
content-type: application/javascript
etag: W/"b0ee2fe287b77e97c7448296c29"
expires: Thu, 02 Feb 2023 18:45:53 GMT
cache-control: max-age=10800
access-control-allow-origin: *
x-cache-op: HIT
x-accel-expires: @1675461035
server: CDN77-Turbo
x-77-nzt: AblMCQ3HHTD/rSIAAA
x-77-nzt-ray: c0a4cc28d50c409b287add63712cce26
x-cache: HIT
x-age: 8877
x-77-pop: stockholmSE
x-77-cache: HIT
content-encoding: gzip
X-Firefox-Spdy: h2