xfantazy.com/video/62ec725f33a7ea06001346ec
172.64.143.8302 Found 0 B URL HTTP/1.1 xfantazy.com/video/62ec725f33a7ea06001346ec
IP 172.64.143.8:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /video/62ec725f33a7ea06001346ec HTTP/1.1
Host: xfantazy.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 302 Found
Date: Sat, 04 Feb 2023 15:41:57 GMT
Content-Length: 0
Connection: keep-alive
location: https://xfantazy.com/video/62ec725f33a7ea06001346ec
cache-control: no-cache
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=TbzEQeXFLP9CGG2OgBkCmtkdAaI4ACLxumwd%2FhJu7ACu4ccqJ8eb6IQ54S2iS%2F6s3u8Mvmcw4qSlArr9ujzwDuxYmPYbpCycHvvMESAiSq6Qk%2BSG44erqLWa0KCuwnQ%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 7944836f5c190712-LHR
alt-svc: h2=":443"; ma=60
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 1cdc095521e9ee2606059be447d1fdd5
02b5d0a5b5823e2338daf7e144700babe2a213af
8bda3aabcf331c2bfcc4c7023cd797c760fd301dc353641bb95048e072f66c66
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "8BDA3AABCF331C2BFCC4C7023CD797C760FD301DC353641BB95048E072F66C66"
Last-Modified: Sat, 04 Feb 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2524
Expires: Sat, 04 Feb 2023 16:24:01 GMT
Date: Sat, 04 Feb 2023 15:41:57 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash c21ba65e44ac95470c314e068e49a9eb
17a13b13738993d889d4afa3d848dc63bf6eba64
9bd0795b30e84ce63b6e2a365ca91bbffc395dd955e112152066c31e63a4ab66
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "9BD0795B30E84CE63B6E2A365CA91BBFFC395DD955E112152066C31E63A4AB66"
Last-Modified: Sat, 04 Feb 2023 11:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6078
Expires: Sat, 04 Feb 2023 17:23:15 GMT
Date: Sat, 04 Feb 2023 15:41:57 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/
35.241.9.150200 OK 939 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash 30db107dcf4380cef05efea409c2e6a3
96e6a306fbc07299aba64e5c14e2bfca35872fa9
b64051a4a8e346e3c72b2aef77f360a5736ab5e16711d8e0bae3876feaa15b6e
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Type, Alert, Retry-After, Content-Length, Backoff
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Sat, 04 Feb 2023 14:43:38 GMT
content-type: application/json
age: 3499
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash fb7b6b46e708ad73eaaa3c21e74569ae
950663c025acad81556af5aa3022ecc9d55097fe
763f58b9fb838378c92033b59907b036f4c33081f5103d9bcc2ca2a8de500d64
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "763F58B9FB838378C92033B59907B036F4C33081F5103D9BCC2CA2A8DE500D64"
Last-Modified: Sat, 04 Feb 2023 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=13695
Expires: Sat, 04 Feb 2023 19:30:12 GMT
Date: Sat, 04 Feb 2023 15:41:57 GMT
Connection: keep-alive
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain
34.160.144.191200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain
IP 34.160.144.191:0
File type PEM certificate\012- , ASCII text
Hash 7b922915ebf1fa3639b333f994c74f24
144a3f80b98fd0652d4614f24cf6cbbee40f8938
adbb3e06df0e870f5c7a9cb81e8979d4e92735853d75c9b779c06470d4db5d9c
GET /chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: W6GZWh3mw+HgD1fqUoRZ1joQQVnFp4yBQl8M91qHrx9ps/MlV9fMDr/J1iEjEWacjNxA89G5rec=
x-amz-request-id: DHM4P8XH50WZ0W2R
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Sat, 04 Feb 2023 14:52:52 GMT
age: 2945
last-modified: Mon, 09 Jan 2023 18:04:21 GMT
etag: "7b922915ebf1fa3639b333f994c74f24"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
ocsp.pki.goog/s/gts1p5/VPvL6SobR40
142.250.74.131200 OK 471 B URL HTTP/1.1 ocsp.pki.goog/s/gts1p5/VPvL6SobR40
IP 142.250.74.131:0
Hash abaa87f86db3edcae8f657ec4b794cce
6486a15c74f10d03148a243df0a43ada63bb1e32
55b5239cfb9f5ab7437f46e0bc10277436347f0e95c5082ad3aa1bd4b787789f
POST /s/gts1p5/VPvL6SobR40 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 04 Feb 2023 15:41:57 GMT
Cache-Control: public, max-age=14400
Server: scaffolding on HTTPServer2
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Sat, 04 Feb 2023 15:41:57 GMT
content-type: application/json
content-length: 12
access-control-expose-headers: content-type
access-control-allow-credentials: true
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
35.241.9.150200 OK 329 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Expires, Content-Type, ETag, Last-Modified, Alert, Retry-After, Content-Length, Cache-Control, Pragma, Backoff
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Sat, 04 Feb 2023 15:07:19 GMT
age: 2078
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash dedf9c519ac38c4bece9c5bc895787d7
4911175c3f8a435978c5301c33c7a99a5e00a1d5
bddd7e3a4939f863642a7c5348c1c8b9bc569b35c10a27f4cf5ec71f7e6b9698
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "BDDD7E3A4939F863642A7C5348C1C8B9BC569B35C10A27F4CF5EC71F7E6B9698"
Last-Modified: Fri, 03 Feb 2023 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3171
Expires: Sat, 04 Feb 2023 16:34:48 GMT
Date: Sat, 04 Feb 2023 15:41:57 GMT
Connection: keep-alive
push.services.mozilla.com/
54.148.119.23101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 54.148.119.23:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: UJNFWq3bxWFyy5nePHMRww==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: FOypV6Mmlfb07CJWYW6bi1+HqK0=
ocsp.pki.goog/s/gts1p5/VPvL6SobR40
142.250.74.131200 OK 471 B URL HTTP/1.1 ocsp.pki.goog/s/gts1p5/VPvL6SobR40
IP 142.250.74.131:0
Hash abaa87f86db3edcae8f657ec4b794cce
6486a15c74f10d03148a243df0a43ada63bb1e32
55b5239cfb9f5ab7437f46e0bc10277436347f0e95c5082ad3aa1bd4b787789f
POST /s/gts1p5/VPvL6SobR40 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 04 Feb 2023 15:41:58 GMT
Cache-Control: public, max-age=14400
Server: scaffolding on HTTPServer2
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
xfantazy.com/_next/static/EL4BCXkdtWPhg6C5p-CCd/pages/video.js
172.64.143.8200 OK 8.3 kB URL HTTP/2 xfantazy.com/_next/static/EL4BCXkdtWPhg6C5p-CCd/pages/video.js
IP 172.64.143.8:0
File type ASCII text, with very long lines (22910), with no line terminators
Hash 7ed904f98a59b3435f014f1d94a77e7a
019723dd14c54c1649985b6f3349206b25665b94
4a26473b1365631a479c746f84aa3840afdec1d3b698c25db94c3eaf66a50148
GET /_next/static/EL4BCXkdtWPhg6C5p-CCd/pages/video.js HTTP/1.1
Host: xfantazy.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/video/62ec725f33a7ea06001346ec
Cookie: visitorId=uoxrgt07mw17pbfjp1sk; experiment-popup-payment-7=0; experiment-save-to-button-2=0
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sat, 04 Feb 2023 15:41:58 GMT
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=31536000, immutable
cf-bgj: minify
etag: W/"597e-185ecc6528a"
last-modified: Thu, 26 Jan 2023 06:31:38 GMT
vary: Origin, Accept-Encoding
cf-cache-status: HIT
age: 810570
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=C9Vz7soQM7yEstetCzXY7OGySdBLfMfMHSyKXpc%2BIYzMbm6yghZsG9W2CT%2FWzxxSaxJI9mvQbr91lyWN4%2FNlPfbhcK3zxMHZsWFqbdO38MxBYvsOdwVR2utuNmp6tTk%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 79448376d8d58883-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
fonts.googleapis.com/css?family=Roboto:100,300,400,500,700&display=swap
142.250.74.106200 OK 1.3 kB URL HTTP/2 fonts.googleapis.com/css?family=Roboto:100,300,400,500,700&display=swap
IP 142.250.74.106:0
Hash 72240c4a84ebd983265d742eeba5bb0d
1d37d9872030673edb36dd53dc2e9e8027ef200d
c72d77972de142715cb5294ca138e8d57864a9effaaadd3d19b4ccd4baf630b6
GET /css?family=Roboto:100,300,400,500,700&display=swap HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Sat, 04 Feb 2023 15:41:58 GMT
date: Sat, 04 Feb 2023 15:41:58 GMT
cache-control: private, max-age=86400
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
xfantazy.com/static/logo-tv-light.svg
172.64.143.8200 OK 1.8 kB URL HTTP/2 xfantazy.com/static/logo-tv-light.svg
IP 172.64.143.8:0
File type SVG Scalable Vector Graphics image\012- , ASCII text, with very long lines (1395)
Hash e78a06f8e7e6c04e38cc7e4fd1de2c4d
d0fde48298dc87ffc49c52303d14905195a1b32d
4840d16366ed743c45e7ebb22de7ba5077ab6ae3b48b5d67d41a14197df93a74
GET /static/logo-tv-light.svg HTTP/1.1
Host: xfantazy.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/video/62ec725f33a7ea06001346ec
Cookie: visitorId=uoxrgt07mw17pbfjp1sk; experiment-popup-payment-7=0; experiment-save-to-button-2=0
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sat, 04 Feb 2023 15:41:58 GMT
content-type: image/svg+xml
vary: Origin, Accept-Encoding
cache-control: public, max-age=14400
last-modified: Thu, 26 Jan 2023 06:26:22 GMT
etag: W/"101b-185ecc1800b"
cf-cache-status: HIT
age: 1392
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=CZEHjJ6iRssjZQhAIrNvO4k0GvDJKmZMgx%2FUsVbuoIM2z72rvQ9cklpxh1k3uLrMHL2fnI5OgJEhQXbJBRhp%2FlDN6MSNPLxFtQn8y7L%2FozS5yHGoBWzSZywjQ6IQ0ck%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 79448376f9178883-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
xfantazy.com/_next/static/runtime/webpack-f6e00aacd372b5a1ee4b.js
172.64.143.8200 OK 5.4 kB URL HTTP/2 xfantazy.com/_next/static/runtime/webpack-f6e00aacd372b5a1ee4b.js
IP 172.64.143.8:0
File type ASCII text, with very long lines (12210), with no line terminators
Hash 90c78866525bdc01daf9fca1d623e360
fa05cd06432b95b086268fcdd4917c13921e2dfa
9d2b89b8aa08960af15cfd1b0d8a71ad10cacbdf74005c13655b0958c6173a41
GET /_next/static/runtime/webpack-f6e00aacd372b5a1ee4b.js HTTP/1.1
Host: xfantazy.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/video/62ec725f33a7ea06001346ec
Cookie: visitorId=uoxrgt07mw17pbfjp1sk; experiment-popup-payment-7=0; experiment-save-to-button-2=0
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sat, 04 Feb 2023 15:41:58 GMT
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=31536000, immutable
cf-bgj: minify
etag: W/"2fb2-185ecc5e0e5"
last-modified: Thu, 26 Jan 2023 06:31:09 GMT
vary: Origin, Accept-Encoding
cf-cache-status: HIT
age: 779056
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=enErvnJ4diQXEWoRwa1y3nUuqktuUANBlSUjC6%2BNtN2c1vfkOiaQDM8cUm8VrzJhfWm7AMejqC%2FHVtmcHM%2FHRm%2FELv86oHffP9wQ%2BVMn02FtwgPDAGvsO%2Bb8Z2wAfq0%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 79448376e8ea8883-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.sectigo.com/
104.18.32.68200 OK 472 B IP 104.18.32.68:0
Hash 4fb1bbcedf6b3659d27f416c89a13da9
c8fdb87b425d19f9d8ae3b487bf20bc2a9589542
4d1b277ae39ba973e45b4c7e7be903500f3e2492e1f746bb45e8c5ad137efda3
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sat, 04 Feb 2023 15:41:58 GMT
Content-Type: application/ocsp-response
Content-Length: 472
Connection: keep-alive
Last-Modified: Sat, 04 Feb 2023 03:14:21 GMT
Expires: Sat, 11 Feb 2023 03:14:20 GMT
Etag: "c8fdb87b425d19f9d8ae3b487bf20bc2a9589542"
Cache-Control: max-age=559341,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb2
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 794483776d880b49-OSL
xfantazy.com/_next/static/chunks/69.b3ff95d1d1b8e7cf25a2.js
172.64.143.8200 OK 1.3 kB URL HTTP/2 xfantazy.com/_next/static/chunks/69.b3ff95d1d1b8e7cf25a2.js
IP 172.64.143.8:0
File type ASCII text, with very long lines (1564), with no line terminators
Hash 7f1de0e28eefbaace44cdd671f5f9640
3de7f18a864ec535ed133fe766bc0ac286db104d
0e9dad43ec23077f0ec98047ec13225bab76cb80196c97f729e1f0232addfedf
GET /_next/static/chunks/69.b3ff95d1d1b8e7cf25a2.js HTTP/1.1
Host: xfantazy.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/video/62ec725f33a7ea06001346ec
Cookie: visitorId=uoxrgt07mw17pbfjp1sk; experiment-popup-payment-7=0; experiment-save-to-button-2=0
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sat, 04 Feb 2023 15:41:58 GMT
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=31536000, immutable
cf-bgj: minify
etag: W/"61c-183501608b4"
last-modified: Sun, 18 Sep 2022 10:12:44 GMT
vary: Origin, Accept-Encoding
cf-cache-status: HIT
age: 8756269
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ULRN%2FA0U2I4tpVLQMhLm6K4Ke5tqdK%2ByBP5dT6C5ha910mDvjxTo0WB7mlUZ7Crxs8Ya7pZpqUhsyuXMgLsjOzkByiYniP7O0j3IIu2IQoeDxFHvt6QgFR91kpUgM7I%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 79448376e8e78883-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
static-cache.k2s.cc/thumbnail/LeSWtSWvyvq5qWnC_Q/w320h240/0.jpeg
188.72.235.186200 OK 12 kB URL HTTP/2 static-cache.k2s.cc/thumbnail/LeSWtSWvyvq5qWnC_Q/w320h240/0.jpeg
IP 188.72.235.186:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v80), quality = 80", baseline, precision 8, 320x240, components 3\012- data
Hash 1ddf13c46d1d811aa03a0a78328f619a
040f08be87fe6df667745cad064de1a0c87b550a
0654d23d2240ded9c76a31610a530f165d7bc60a8b13bc0b0b4386a5b730634a
GET /thumbnail/LeSWtSWvyvq5qWnC_Q/w320h240/0.jpeg HTTP/1.1
Host: static-cache.k2s.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: openresty
date: Sat, 04 Feb 2023 15:41:58 GMT
content-type: image/jpeg
content-length: 11754
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
access-control-allow-origin: *
x-cache-status: HIT
X-Firefox-Spdy: h2
static-cache.k2s.cc/thumbnail/IrmU6HLyn6rv_GnBqw/w320h240/0.jpeg
188.72.235.186200 OK 13 kB URL HTTP/2 static-cache.k2s.cc/thumbnail/IrmU6HLyn6rv_GnBqw/w320h240/0.jpeg
IP 188.72.235.186:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v80), quality = 80", baseline, precision 8, 320x240, components 3\012- data
Hash ce232dd1e34a9c01ac6c32af1f0ac80b
b91ecd6c853da072e5f9d89fd70ed1a916832db2
8672277404c981ab86dcaa4a5067090fa02de5986134fc66f51a9d0e09daa4a7
GET /thumbnail/IrmU6HLyn6rv_GnBqw/w320h240/0.jpeg HTTP/1.1
Host: static-cache.k2s.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: openresty
date: Sat, 04 Feb 2023 15:41:58 GMT
content-type: image/jpeg
content-length: 12780
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
access-control-allow-origin: *
x-cache-status: HIT
X-Firefox-Spdy: h2
static-cache.k2s.cc/thumbnail/JeqavCP1n6a6-T3B9g/w320h240/0.jpeg
188.72.235.186200 OK 13 kB URL HTTP/2 static-cache.k2s.cc/thumbnail/JeqavCP1n6a6-T3B9g/w320h240/0.jpeg
IP 188.72.235.186:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v80), quality = 80", baseline, precision 8, 320x240, components 3\012- data
Hash 6b425a3fc81f9ac1501337e8b9df9224
33a4422d17f0684a585984b2e0abd8dee9257b08
f0a857a4c1edfd634fd985b159a0fba8a9cd48a1d4bec349c94abe57dd0cb88b
GET /thumbnail/JeqavCP1n6a6-T3B9g/w320h240/0.jpeg HTTP/1.1
Host: static-cache.k2s.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: openresty
date: Sat, 04 Feb 2023 15:41:58 GMT
content-type: image/jpeg
content-length: 13054
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
access-control-allow-origin: *
x-cache-status: HIT
X-Firefox-Spdy: h2
static-cache.k2s.cc/thumbnail/cb-T6ySkyvu4-G7D-Q/w320h240/0.jpeg
188.72.235.186200 OK 8.6 kB URL HTTP/2 static-cache.k2s.cc/thumbnail/cb-T6ySkyvu4-G7D-Q/w320h240/0.jpeg
IP 188.72.235.186:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v80), quality = 80", baseline, precision 8, 320x240, components 3\012- data
Hash c9c29ef3462a27139995ba61d663283a
dfa61b01de5ce092a732891bb0f66dcf506fce62
8a10bd83cd8818c6fe686ee870e069466ee36ff0c91a231b63c8fa25f7307e31
GET /thumbnail/cb-T6ySkyvu4-G7D-Q/w320h240/0.jpeg HTTP/1.1
Host: static-cache.k2s.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: openresty
date: Sat, 04 Feb 2023 15:41:58 GMT
content-type: image/jpeg
content-length: 8631
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
access-control-allow-origin: *
x-cache-status: HIT
X-Firefox-Spdy: h2
www.googletagmanager.com/gtm.js?id=GTM-PLKQLTX
142.250.74.168200 OK 55 kB URL HTTP/2 www.googletagmanager.com/gtm.js?id=GTM-PLKQLTX
IP 142.250.74.168:0
File type ASCII text, with very long lines (15971)
Hash e8f63d4810000f83db26a0b1bd261abd
907ee9241eb56f9b3bea6d03635c04798a82f4d9
59c748ebe40810e3f109a2d1ba0f75f9a32c8dfc5eb9caf9ca20d686a4191162
GET /gtm.js?id=GTM-PLKQLTX HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Sat, 04 Feb 2023 15:41:58 GMT
expires: Sat, 04 Feb 2023 15:41:58 GMT
cache-control: private, max-age=900
last-modified: Sat, 04 Feb 2023 15:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 54656
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
xfantazy.com/_next/static/EL4BCXkdtWPhg6C5p-CCd/pages/_app.js
172.64.143.8200 OK 38 kB URL HTTP/2 xfantazy.com/_next/static/EL4BCXkdtWPhg6C5p-CCd/pages/_app.js
IP 172.64.143.8:0
File type ASCII text, with very long lines (65536), with no line terminators
Hash f5d3c0151f9dd3238b56ad3c1ab604c6
8e223fcfaff167151beeee90c26d0ac109f85a1f
b4944185dc45eeb76634c3ec913931b4cb1218766765f1f426991d3422952187
GET /_next/static/EL4BCXkdtWPhg6C5p-CCd/pages/_app.js HTTP/1.1
Host: xfantazy.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/video/62ec725f33a7ea06001346ec
Cookie: visitorId=uoxrgt07mw17pbfjp1sk; experiment-popup-payment-7=0; experiment-save-to-button-2=0
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sat, 04 Feb 2023 15:41:58 GMT
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=31536000, immutable
cf-bgj: minify
etag: W/"20e2f-185ecc65286"
last-modified: Thu, 26 Jan 2023 06:31:38 GMT
vary: Origin, Accept-Encoding
cf-cache-status: HIT
age: 778711
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=cqFAqRFPammjWlyVjup0QoAeWvQIn3WRsqWWlbvSeVCEBtVcAUcM5c18kfA97Qj0AO2in0lb2Z3%2FrTR07kxcR7DjzsMvx10xU9iSkVpU8rCx4gC2F0eu4iAII7inIjQ%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 79448376d8d78883-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
xfantazy.com/_next/static/chunks/7.38d845e9473548212694.js
172.64.143.8200 OK 11 kB URL HTTP/2 xfantazy.com/_next/static/chunks/7.38d845e9473548212694.js
IP 172.64.143.8:0
File type ASCII text, with very long lines (38842), with no line terminators
Hash e34aefc8f78227ba82e53688239085e9
8d85b7485153437697932bd53dab425dfb8bf3c0
f8ddec3b008e07b03cadc04314ea82e528d1d04adda7a37456d2d452081262a9
GET /_next/static/chunks/7.38d845e9473548212694.js HTTP/1.1
Host: xfantazy.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/video/62ec725f33a7ea06001346ec
Cookie: visitorId=uoxrgt07mw17pbfjp1sk; experiment-popup-payment-7=0; experiment-save-to-button-2=0
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sat, 04 Feb 2023 15:41:58 GMT
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=31536000, immutable
cf-bgj: minify
etag: W/"97ba-183501656f3"
last-modified: Sun, 18 Sep 2022 10:13:04 GMT
vary: Origin, Accept-Encoding
cf-cache-status: HIT
age: 8756297
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=7aAy5oT2Y4Fo5F2jBWu87zfSfJ7K%2BeHgS%2BhSA3h7qUMK3G6%2BhcDw7ddiY6KlMNAZP6B%2B6ARd4rAO2jw3Gp%2Byz7Uu5FcuCdHMTx%2BL4TBPoOUPbcEt9AjCdZnUbivj18s%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 79448376d8db8883-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
xfantazy.com/_next/static/runtime/main-8daa673a54696bb62abb.js
172.64.143.8200 OK 26 kB URL HTTP/2 xfantazy.com/_next/static/runtime/main-8daa673a54696bb62abb.js
IP 172.64.143.8:0
File type ASCII text, with very long lines (65536), with no line terminators
Hash 2b8937ce9049adb85a3126de1dd72c19
ffd4e0620737be580fd7efc6592310b317e978e5
7fca11c5606b5f14189eb96abc02233b48f7dba9f7c114686c8c02d3cdb9f627
GET /_next/static/runtime/main-8daa673a54696bb62abb.js HTTP/1.1
Host: xfantazy.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/video/62ec725f33a7ea06001346ec
Cookie: visitorId=uoxrgt07mw17pbfjp1sk; experiment-popup-payment-7=0; experiment-save-to-button-2=0
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sat, 04 Feb 2023 15:41:58 GMT
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=31536000, immutable
cf-bgj: minify
etag: W/"11cd7-1835016572f"
last-modified: Sun, 18 Sep 2022 10:13:04 GMT
vary: Origin, Accept-Encoding
cf-cache-status: HIT
age: 8756308
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=VJoh1Y0ZarMghaWV3SzmThPSqShCAAhHbK3fb035JmJ0daZNEHX8IqDbwntUzNFoSHq1v8WuLx7WeDCBofudXeAG08xiusNzHJIqPwc6aeXiavGCL%2BuQimxSGxtHX%2B8%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 79448376f9158883-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
xfantazy.com/_next/static/chunks/commons.80405a2d3f491416f5b9.js
172.64.143.8200 OK 401 kB URL HTTP/2 xfantazy.com/_next/static/chunks/commons.80405a2d3f491416f5b9.js
IP 172.64.143.8:0
File type ASCII text, with very long lines (65536), with no line terminators
Size 401 kB (400744 bytes)
Hash e935007f7c551cc40bf48fcf14f0e434
2f9314ad158fe8844c1c49555cb6b0cd4b7e79fd
9385e57c8e6f01264f7ce4d06362b82a04ae49b440e578246c89769b4e1c3459
GET /_next/static/chunks/commons.80405a2d3f491416f5b9.js HTTP/1.1
Host: xfantazy.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/video/62ec725f33a7ea06001346ec
Cookie: visitorId=uoxrgt07mw17pbfjp1sk; experiment-popup-payment-7=0; experiment-save-to-button-2=0
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sat, 04 Feb 2023 15:41:58 GMT
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=31536000, immutable
cf-bgj: minify
cf-polished: origSize=1388393
etag: W/"152f69-185ecc5d3b2"
last-modified: Thu, 26 Jan 2023 06:31:05 GMT
vary: Origin, Accept-Encoding
cf-cache-status: HIT
age: 810586
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Qz0kb%2F3z1HjfZLOYK74oRK2tSlAgs%2BMRmVKj5uTynkfyTF3Znoj5%2BJcw%2FvMW%2BI4DBs4jv3X1%2BWk8c41F2ZrTn6QeYCLONpiSaWS3agWkJoi%2B9ssA%2FoM7IMtbgYXBk74%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 79448376d8d88883-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash 23287a0337047631e479bb3cbe8b0fcd
15ec24f5ee1990ee456a6fd3bbcbdbe27bf62c99
da05b381eec3589d2689bc5fab2b89eb5d65f9a5652f9254f3353e30a4540034
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 04 Feb 2023 15:41:58 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
xfantazy.com/_next/static/chunks/59.edff5ae0d8d83054b552.js
172.64.143.8200 OK 73 kB URL HTTP/2 xfantazy.com/_next/static/chunks/59.edff5ae0d8d83054b552.js
IP 172.64.143.8:0
File type ASCII text, with very long lines (3211), with no line terminators
Hash baf20078952ba802a95416d6bed4607c
f19b783eaf961d72d39d264b8a94a11a469038d3
2d87cbcec6f29b73bb452c80517f072fdb3fac403515ee6356cd6471614a8321
GET /_next/static/chunks/59.edff5ae0d8d83054b552.js HTTP/1.1
Host: xfantazy.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/video/62ec725f33a7ea06001346ec
Cookie: visitorId=uoxrgt07mw17pbfjp1sk; experiment-popup-payment-7=0; experiment-save-to-button-2=0
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sat, 04 Feb 2023 15:41:58 GMT
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=31536000, immutable
cf-bgj: minify
etag: W/"c8b-183501608b0"
last-modified: Sun, 18 Sep 2022 10:12:44 GMT
vary: Origin, Accept-Encoding
cf-cache-status: HIT
age: 8756298
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=MaBwrbL9lK%2F%2FaWolB4wgBxXoj6T0fz6zEXH%2BSlzOaNm0xPdYjjXtVOzSN6vXxCoI%2F6er8bJEHW9eeg6L1LeW32DqXlv4A2fUzcU%2FrcNYGHs31H0yRS0CCj%2FVfYwoacM%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 79448376e8e58883-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
xfantazy.com/_next/static/chunks/47.6c9a4510342e4dd3af77.js
172.64.143.8200 OK 16 kB URL HTTP/2 xfantazy.com/_next/static/chunks/47.6c9a4510342e4dd3af77.js
IP 172.64.143.8:0
File type ASCII text, with very long lines (1568), with no line terminators
Hash b30c2226109450dcd60ed1d06d53772a
e8d4937162fab92a14e168ecce160ed4dcc8a8eb
48de1c209b96726e71387e4693536ac8d14f68dae3b1b29e6facab7d725020db
GET /_next/static/chunks/47.6c9a4510342e4dd3af77.js HTTP/1.1
Host: xfantazy.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/video/62ec725f33a7ea06001346ec
Cookie: visitorId=uoxrgt07mw17pbfjp1sk; experiment-popup-payment-7=0; experiment-save-to-button-2=0
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sat, 04 Feb 2023 15:41:58 GMT
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=31536000, immutable
cf-bgj: minify
etag: W/"620-1852f08c10f"
last-modified: Tue, 20 Dec 2022 10:16:21 GMT
vary: Origin, Accept-Encoding
cf-cache-status: HIT
age: 2712331
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2BuZBO15Vxlrxhyi4anNXVFh4piBb7383U8gYQ%2BBYZ3ddp4v4AIAg28IqMP5PuwPgHPwppNodOhO3viGOFu6GXR9hGjTUqnuKU7OxcZ7yNSVxR6KRlPTF5eN6mGsNEac%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 79448376e8e68883-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2
216.58.207.227200 OK 16 kB URL HTTP/2 fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2
IP 216.58.207.227:0
File type Web Open Font Format (Version 2), TrueType, length 15860, version 1.0\012- data
Hash e9f5aaf547f165386cd313b995dddd8e
acdef5603c2387b0e5bffd744b679a24a8bc1968
f5aebdfea35d1e7656ef4acc5db1f243209755ae3300943ef8fc6280f363c860
GET /s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://xfantazy.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15860
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 31 Jan 2023 13:09:06 GMT
expires: Wed, 31 Jan 2024 13:09:06 GMT
cache-control: public, max-age=31536000
age: 354772
last-modified: Wed, 11 May 2022 19:24:42 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmEU9fBBc4.woff2
216.58.207.227200 OK 16 kB URL HTTP/2 fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmEU9fBBc4.woff2
IP 216.58.207.227:0
File type Web Open Font Format (Version 2), TrueType, length 15920, version 1.0\012- data
Hash 3a44e06eb954b96aa043227f3534189d
23cef6993ddb2b2979e8e7647fc3763694e2ba7d
b019538234514166ec7665359d097403358f8a4c991901983922fb4d56989f1e
GET /s/roboto/v30/KFOlCnqEu92Fr1MmEU9fBBc4.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://xfantazy.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15920
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 01 Feb 2023 07:51:59 GMT
expires: Thu, 01 Feb 2024 07:51:59 GMT
cache-control: public, max-age=31536000
age: 287399
last-modified: Wed, 11 May 2022 19:24:45 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash 5452c58c07ce8d3cade93b323b271c35
581b1e438daeb32a12feaf50f2aab17dcf3e3171
b99ea2af71e697f45db51732f7d3e8d3e50258c9c96e50a772b8c4638577140a
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 04 Feb 2023 15:41:58 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.google-analytics.com/analytics.js
142.250.74.110200 OK 20 kB URL HTTP/2 www.google-analytics.com/analytics.js
IP 142.250.74.110:0
File type ASCII text, with very long lines (1490)
Hash ca7fbbfd120e3e329633044190bbf134
d17f81e03dd827554ddd207ea081fb46b3415445
847004cefb32f85a9cc16b0b1eb77529ff5753680c145bfcb23f651d214737db
GET /analytics.js HTTP/1.1
Host: www.google-analytics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 20085
date: Sat, 04 Feb 2023 13:44:08 GMT
expires: Sat, 04 Feb 2023 15:44:08 GMT
cache-control: public, max-age=7200
age: 7070
last-modified: Tue, 10 Jan 2023 21:29:14 GMT
content-type: text/javascript
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
cdn.jsdelivr.net/npm/yandex-metrica-watch/tag.js
151.101.1.229200 OK 86 kB URL HTTP/2 cdn.jsdelivr.net/npm/yandex-metrica-watch/tag.js
IP 151.101.1.229:0
File type Unicode text, UTF-8 (with BOM) text, with very long lines (659)
Hash ddf45926107f7a74103f5d00d3bf564c
03c2b22623ccf1d593513956829f891ff07f3169
c709076ef37b9b1720b78c124e329645762b476d566ed204a23cadd762e9c580
GET /npm/yandex-metrica-watch/tag.js HTTP/1.1
Host: cdn.jsdelivr.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: *
timing-allow-origin: *
cache-control: public, max-age=604800, s-maxage=43200
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/javascript; charset=utf-8
x-jsd-version: 1.257.0
x-jsd-version-type: version
etag: W/"34e3a-eIUrj6hD3pmnKAQZCp7YaNtM0Rc"
content-encoding: gzip
accept-ranges: bytes
date: Sat, 04 Feb 2023 15:41:58 GMT
age: 7525
x-served-by: cache-fra-eddf8230060-FRA, cache-bma1640-BMA
x-cache: HIT, HIT
vary: Accept-Encoding
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 85751
X-Firefox-Spdy: h2
ocsp.globalsign.com/ca/gsatlasr3dvtlsca2022q4
104.18.20.226200 OK 1.5 kB URL HTTP/1.1 ocsp.globalsign.com/ca/gsatlasr3dvtlsca2022q4
IP 104.18.20.226:0
Hash e6fdc7a4a5f211ee6e70271ceef95929
2038d2a4cc522737f7328f85fa1410d3e9b2d86f
618f0c8ef3a142bc40663fbb9c3f39bee0c0822d8669ba25abf4356a7e6f068f
POST /ca/gsatlasr3dvtlsca2022q4 HTTP/1.1
Host: ocsp.globalsign.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sat, 04 Feb 2023 15:41:58 GMT
Content-Type: application/ocsp-response
Transfer-Encoding: chunked
Connection: keep-alive
Etag: "CA32368961D9E1BF5805E83AFA9A827C2A9894A2"
Expires: Sun, 05 Feb 2023 02:00:00 GMT
Last-Modified: Sat, 04 Feb 2023 14:00:00 UTC
Cache-Control: s-maxage=3600, public, no-transform, must-revalidate
CF-Cache-Status: HIT
Age: 2283
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 7944837b58f8b512-OSL
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash c14d3cf8ade0150a711f094be32ac474
11e7fb5487d364c5392e1594e09f5b49831043ea
2a98ce39894b7d9befdba3916467bc95962376d0b308103e0a1eea36c0bc2302
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "2A98CE39894B7D9BEFDBA3916467BC95962376D0B308103E0A1EEA36C0BC2302"
Last-Modified: Fri, 03 Feb 2023 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=20593
Expires: Sat, 04 Feb 2023 21:25:12 GMT
Date: Sat, 04 Feb 2023 15:41:59 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F10640252-429d-4110-bf18-1908ac233402.jpeg
34.120.237.76200 OK 14 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F10640252-429d-4110-bf18-1908ac233402.jpeg
IP 34.120.237.76:0
Hash b96097dbe18aed13f56ce7ca4bc3b600
95d54090870d0bf3d6bb5d5c32f8d76d3cb0776d
7c074d0531ca3b9fa685c77ff9bae42d661faa98a3608e3d53f9e6fba8a5ff22
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F10640252-429d-4110-bf18-1908ac233402.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 10253
x-amzn-requestid: a90cb6b3-8a72-4b4b-b4f5-6dafc8c6752a
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fyD7GGv5IAMFu8A=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63dd8046-3ca59e7c52800a4e44bda8fd;Sampled=0
x-amzn-remapped-date: Fri, 03 Feb 2023 21:44:38 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: G8F3Fflod6HB4QFtjpD09xzi-2LKPw_DBJT0PKYKU3bs3pvOwO_LRw==
via: 1.1 9c60d6224ac0b44e908b5c9dcf70e9a4.cloudfront.net (CloudFront), 1.1 caf6806821bc479b28a6f1ce3043b8a6.cloudfront.net (CloudFront), 1.1 google
date: Fri, 03 Feb 2023 22:10:32 GMT
age: 63087
etag: "d2de32b52e0d3f4fc6acaf687b3521294b01dc03"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F64144d1c-f524-496f-8b52-ba63714dbfc5.jpeg
34.120.237.76200 OK 12 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F64144d1c-f524-496f-8b52-ba63714dbfc5.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash e366b32074025aaf60bbae8bdb08d330
a52c2883bad98fa20333aa639a5dd3a5bf544c8e
9d661c26effaec9efee16833f6459d6ecbe4f77b822c9c46e2a6433bda816e5c
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F64144d1c-f524-496f-8b52-ba63714dbfc5.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 11565
x-amzn-requestid: 87a84ffd-1176-4656-aac4-e98f38ec2cd9
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fboIrFGboAMFyyQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d48704-162ed8114aa1809204500548;Sampled=0
x-amzn-remapped-date: Sat, 28 Jan 2023 02:23:00 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: lsQxPtozrh2Ty1T-3d-1crDfi8HgVKRafOXb1UFl033bCx3kAzTS7w==
via: 1.1 d83ae0e1ba84e92e58bc1efc23a0c652.cloudfront.net (CloudFront), 1.1 caf6806821bc479b28a6f1ce3043b8a6.cloudfront.net (CloudFront), 1.1 google
date: Fri, 03 Feb 2023 21:48:04 GMT
age: 64435
etag: "a52c2883bad98fa20333aa639a5dd3a5bf544c8e"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd74fd89c-32f8-4ed4-ab23-e95f810fbc57.jpeg
34.120.237.76200 OK 10 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd74fd89c-32f8-4ed4-ab23-e95f810fbc57.jpeg
IP 34.120.237.76:0
Hash cbaa1244ed3c5a9ef6815e55314540d6
fda15c9bf407f7833c7a5e9a812c24a967b14a05
264c5e2bc7c9e5714f85345a6cf7206d38eea2115aac67dddb5a18b95fdc8dc9
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd74fd89c-32f8-4ed4-ab23-e95f810fbc57.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 9349
x-amzn-requestid: ecd1913d-7dbe-4ffd-ba85-0549aab51a06
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fyayOGPlIAMFQ7Q=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63dda4da-6a9b8d146155fa8b6c1c02d6;Sampled=0
x-amzn-remapped-date: Sat, 04 Feb 2023 00:20:42 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: jGBEz2d-SXXPBZhwlJgR4w248y-NY2c-18euLre5PULjWUIfhfUmNQ==
via: 1.1 a20e81b65d2465c729ce2f6bfe539dd0.cloudfront.net (CloudFront), 1.1 6172bb1a5d00a3b06ae3700570ebe116.cloudfront.net (CloudFront), 1.1 google
date: Sat, 04 Feb 2023 00:20:43 GMT
etag: "edbb557a3bf57128467335685aebbd4831d802f8"
content-type: image/jpeg
age: 55276
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F2ec84086-8ac2-4887-bc81-86003255ab99.jpeg
34.120.237.76200 OK 5.2 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F2ec84086-8ac2-4887-bc81-86003255ab99.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash e5b4e4f15da3323c73974c3f1cdb5d74
1f14971d0cf979cc34ff191849dc43d86e8ac463
5893d7e5b2fd9de92829b303c42d0c07ff32b3f6b8705b6f5b4a784315c8808e
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F2ec84086-8ac2-4887-bc81-86003255ab99.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 5174
x-amzn-requestid: 35630c70-3bad-47b4-94bb-09c873632194
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fyD7EFAHIAMFQQQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63dd8046-317b1fbb3bee0f377697bf3d;Sampled=0
x-amzn-remapped-date: Fri, 03 Feb 2023 21:44:38 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: OD5cy75AkNMwTIvIool2nKbKgr5Jpo1Plm_X_YPr3rdPbg86_V2fdA==
via: 1.1 112c6b3f9aea37a6cb00b7d933e5af6e.cloudfront.net (CloudFront), 1.1 e4d3d5aafc7d7d582423c073065ab562.cloudfront.net (CloudFront), 1.1 google
date: Fri, 03 Feb 2023 22:10:21 GMT
age: 63098
etag: "1f14971d0cf979cc34ff191849dc43d86e8ac463"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fcae6042d-d677-4e39-b4e4-858988eb847b.jpeg
34.120.237.76200 OK 11 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fcae6042d-d677-4e39-b4e4-858988eb847b.jpeg
IP 34.120.237.76:0
Hash 78075b4144da87d3554de18e8f793f88
c0b02b4f4ec73d23341d1c7bfd5452b624e5ccb3
2b27089b86ee830602a24b7a2ae83d37ac16b87e97b6143f043d9d319ddfe1c4
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fcae6042d-d677-4e39-b4e4-858988eb847b.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 9141
x-amzn-requestid: ed7db574-6bca-4f3e-8879-c3e836549339
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fyD8zE5lIAMF1HA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63dd8051-4480112f11d4ced0037d1ad8;Sampled=0
x-amzn-remapped-date: Fri, 03 Feb 2023 21:44:49 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: 6kDIOqhM4aVL80sF02uFu2TuGbiBE7_L_S2W7x-P46hO5YZFmuL9nQ==
via: 1.1 da5952aa802df39905ceb16592e9698a.cloudfront.net (CloudFront), 1.1 d8792dbd3191bbe722eba5b536b979c8.cloudfront.net (CloudFront), 1.1 google
date: Fri, 03 Feb 2023 22:13:30 GMT
age: 62909
etag: "8e674830a97d8ce3818132fda197db4f0289d316"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3a6c7026-85a2-4419-bd6b-ba1bac463dda.jpeg
34.120.237.76200 OK 24 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3a6c7026-85a2-4419-bd6b-ba1bac463dda.jpeg
IP 34.120.237.76:0
Hash a519450f2289abf0b31c7dc951bbb036
11e4f2df391148cbad7cd6c153af0ea83faa0873
06394eadbb817dbfd371351950ef5894f5f3d795022a6bfa2644d539f7256c5d
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3a6c7026-85a2-4419-bd6b-ba1bac463dda.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8527
x-amzn-requestid: f95a2821-ae89-4ea9-93b2-43e570285df3
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fyEC3FyboAMFe0A=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63dd8078-7e2177f11d5715d4092cad2c;Sampled=0
x-amzn-remapped-date: Fri, 03 Feb 2023 21:45:28 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: dcFgY5x3Ef0J__7wGn3llTjZ9as5nX1H4HErIT3VlKfeQaQTjymW2g==
via: 1.1 a4fe306096165bb1e86e69365dc8fac2.cloudfront.net (CloudFront), 1.1 a3bd0eb50c22e4d5fbda56a30b96002c.cloudfront.net (CloudFront), 1.1 google
date: Fri, 03 Feb 2023 22:10:33 GMT
etag: "b7b5831c6b3ccc41d7a980b6088adc10ff8785f1"
content-type: image/jpeg
age: 63086
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 9eb16637902fbe644a93b94eaa6aa6cd
8905cb93941bbb2c9bf06d3941e62fde63ba7a83
f3c263dc5b5f567da6b6530983e712baf0c242d9ce804bcdeb1d8450fd3e5497
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "F3C263DC5B5F567DA6B6530983E712BAF0C242D9CE804BCDEB1D8450FD3E5497"
Last-Modified: Fri, 03 Feb 2023 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5314
Expires: Sat, 04 Feb 2023 17:10:33 GMT
Date: Sat, 04 Feb 2023 15:41:59 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 2e502ed9db0c36062facc7e4bf7d0cca
d1e37c4c37f1879cf03c813d1a09271396ee537a
19d0806f0433722d3da82d3d179c5da55116a2cec4421fb26a2cb5c6d5be9501
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "19D0806F0433722D3DA82D3D179C5DA55116A2CEC4421FB26A2CB5C6D5BE9501"
Last-Modified: Thu, 02 Feb 2023 16:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=16484
Expires: Sat, 04 Feb 2023 20:16:43 GMT
Date: Sat, 04 Feb 2023 15:41:59 GMT
Connection: keep-alive
ocsp.globalsign.com/gseccovsslca2018
104.18.20.226200 OK 940 B URL HTTP/1.1 ocsp.globalsign.com/gseccovsslca2018
IP 104.18.20.226:0
Hash b34e97e53cc25279f4ef1f8a22ee01f0
0d8cc59e658679ae0543b2aa0aed40df78df4674
9b378af2b7beea16ab245432bae27f849f03c86a1270f7a2d49dd4491e1ba947
POST /gseccovsslca2018 HTTP/1.1
Host: ocsp.globalsign.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 79
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sat, 04 Feb 2023 15:41:59 GMT
Content-Type: application/ocsp-response
Content-Length: 940
Connection: keep-alive
Expires: Wed, 08 Feb 2023 13:16:19 GMT
ETag: "0d8cc59e658679ae0543b2aa0aed40df78df4674"
Last-Modified: Sat, 04 Feb 2023 13:16:20 GMT
Cache-Control: public, no-transform, must-revalidate, s-maxage=3600
CF-Cache-Status: HIT
Age: 1819
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 7944837f1dbcb512-OSL
a.naturalhealthsource.club/api/settings/382499
135.181.208.216200 OK 472 B URL HTTP/2 a.naturalhealthsource.club/api/settings/382499
IP 135.181.208.216:0
ASN #24940 Hetzner Online GmbH
Hash a053e52e621ba983f61ca471983603d4
43b7b2be3b5b72c2754b5ebacd65c5f396834eca
e692723852662a0e103c9cf07da80c825b32e0fafa7053ac973b37930ebc91d6
Analyzer Verdict Alert fortinet Malware
GET /api/settings/382499 HTTP/1.1
Host: a.naturalhealthsource.club
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://xfantazy.com/
Origin: https://xfantazy.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Sat, 04 Feb 2023 15:41:59 GMT
content-type: application/json
vary: Accept-Encoding
access-control-allow-origin: *
cache-control: private
content-encoding: gzip
X-Firefox-Spdy: h2
exploredefinitely.com/a2/f9/90/a2f990f10476061c719d1c1aa3a2ecd2.js
173.233.139.164200 OK 13 kB URL HTTP/1.1 exploredefinitely.com/a2/f9/90/a2f990f10476061c719d1c1aa3a2ecd2.js
IP 173.233.139.164:0
File type ASCII text, with very long lines (37155), with no line terminators
Hash 019bddd5890c620825487b6a2680df43
4d642f9f8b51f1307224a45a984d8dcaf9cf51fa
99b1d52bf1ebed6c78ee4cb6dbda96f11e9cc062b0e5dd396a8d87db475f4f85
GET /a2/f9/90/a2f990f10476061c719d1c1aa3a2ecd2.js HTTP/1.1
Host: exploredefinitely.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Sat, 04 Feb 2023 15:41:59 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: f56ebcece3c3f082e0fb8c35f0664f00
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
skiingsettling.com/21/fe/39/21fe3950f412e026c33f1b6cee613eba.js
192.243.59.20200 OK 15 kB URL HTTP/1.1 skiingsettling.com/21/fe/39/21fe3950f412e026c33f1b6cee613eba.js
IP 192.243.59.20:0
ASN #39572 DataWeb Global Group B.V.
Hash 91de436853ba5e015afd3dd1eb3a268f
86c0162c01c97d67f014cfc294f3a17588989e13
a640f39ed059ab8f0a4f197f681eeabb4b7ea9925380a8f62cd5497ac53af976
Analyzer Verdict Alert fortinet Malware
quad9 Sinkholed
GET /21/fe/39/21fe3950f412e026c33f1b6cee613eba.js HTTP/1.1
Host: skiingsettling.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.17.9
Date: Sat, 04 Feb 2023 15:41:59 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 5763eb8c1df41d11172a4d7504b922f2
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
mc.yandex.ru/watch/49415098/1?page-url=https%3A%2F%2Fxfantazy.com%2Fvideo%2F62ec725f33a7ea06001346ec&charset=utf-8&hittoken=1675525319_2e798666e078d330098aff2affb97e86f54c61ed1f00b5af518ab962793eedb8&browser-info=pa%3A1%3Aar%3A1%3Avf%3A14qzoz81s4a176hik6jd9j%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A960%3Acn%3A1%3Adp%3A0%3Als%3A865198999680%3Ahid%3A172071718%3Az%3A0%3Ai%3A20230204154235%3Aet%3A1675525356%3Ac%3A1%3Arn%3A505349130%3Arqn%3A2%3Au%3A1675525356919022230%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Aco%3A0%3Ans%3A1675525353069%3Ast%3A1675525356&t=gdpr(14)mc(p-6)clc(0-0-0)rqnt(2)aw(1)ti(2)
87.250.250.119200 OK 43 B URL HTTP/2 mc.yandex.ru/watch/49415098/1?page-url=https%3A%2F%2Fxfantazy.com%2Fvideo%2F62ec725f33a7ea06001346ec&charset=utf-8&hittoken=1675525319_2e798666e078d330098aff2affb97e86f54c61ed1f00b5af518ab962793eedb8&browser-info=pa%3A1%3Aar%3A1%3Avf%3A14qzoz81s4a176hik6jd9j%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A960%3Acn%3A1%3Adp%3A0%3Als%3A865198999680%3Ahid%3A172071718%3Az%3A0%3Ai%3A20230204154235%3Aet%3A1675525356%3Ac%3A1%3Arn%3A505349130%3Arqn%3A2%3Au%3A1675525356919022230%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Aco%3A0%3Ans%3A1675525353069%3Ast%3A1675525356&t=gdpr(14)mc(p-6)clc(0-0-0)rqnt(2)aw(1)ti(2)
IP 87.250.250.119:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash df3e567d6f16d040326c7a0ea29a4f41
ea7df583983133b62712b5e73bffbcd45cc53736
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
POST /watch/49415098/1?page-url=https%3A%2F%2Fxfantazy.com%2Fvideo%2F62ec725f33a7ea06001346ec&charset=utf-8&hittoken=1675525319_2e798666e078d330098aff2affb97e86f54c61ed1f00b5af518ab962793eedb8&browser-info=pa%3A1%3Aar%3A1%3Avf%3A14qzoz81s4a176hik6jd9j%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A960%3Acn%3A1%3Adp%3A0%3Als%3A865198999680%3Ahid%3A172071718%3Az%3A0%3Ai%3A20230204154235%3Aet%3A1675525356%3Ac%3A1%3Arn%3A505349130%3Arqn%3A2%3Au%3A1675525356919022230%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Aco%3A0%3Ans%3A1675525353069%3Ast%3A1675525356&t=gdpr(14)mc(p-6)clc(0-0-0)rqnt(2)aw(1)ti(2) HTTP/1.1
Host: mc.yandex.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Content-Length: 45
Origin: https://xfantazy.com
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-length: 43
date: Sat, 04 Feb 2023 15:41:59 GMT
access-control-allow-origin: https://xfantazy.com
access-control-allow-credentials: true
pragma: no-cache
x-xss-protection: 1; mode=block
expires: Sat, 04-Feb-2023 15:41:59 GMT
last-modified: Sat, 04-Feb-2023 15:41:59 GMT
accept-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
content-type: image/gif
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
mc.yandex.ru/watch/49415098/1?page-url=https%3A%2F%2Fxfantazy.com%2Fvideo%2F62ec725f33a7ea06001346ec&charset=utf-8&hittoken=1675525319_2e798666e078d330098aff2affb97e86f54c61ed1f00b5af518ab962793eedb8&browser-info=pa%3A1%3Aar%3A1%3Avf%3A14qzoz81s4a176hik6jd9j%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A960%3Acn%3A1%3Adp%3A0%3Als%3A865198999680%3Ahid%3A172071718%3Az%3A0%3Ai%3A20230204154235%3Aet%3A1675525356%3Ac%3A1%3Arn%3A898523295%3Arqn%3A4%3Au%3A1675525356919022230%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Aco%3A0%3Ans%3A1675525353069%3Ast%3A1675525356&t=gdpr(14)mc(p-6)clc(0-0-0)rqnt(4)aw(1)ti(2)
87.250.250.119200 OK 43 B URL HTTP/2 mc.yandex.ru/watch/49415098/1?page-url=https%3A%2F%2Fxfantazy.com%2Fvideo%2F62ec725f33a7ea06001346ec&charset=utf-8&hittoken=1675525319_2e798666e078d330098aff2affb97e86f54c61ed1f00b5af518ab962793eedb8&browser-info=pa%3A1%3Aar%3A1%3Avf%3A14qzoz81s4a176hik6jd9j%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A960%3Acn%3A1%3Adp%3A0%3Als%3A865198999680%3Ahid%3A172071718%3Az%3A0%3Ai%3A20230204154235%3Aet%3A1675525356%3Ac%3A1%3Arn%3A898523295%3Arqn%3A4%3Au%3A1675525356919022230%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Aco%3A0%3Ans%3A1675525353069%3Ast%3A1675525356&t=gdpr(14)mc(p-6)clc(0-0-0)rqnt(4)aw(1)ti(2)
IP 87.250.250.119:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash df3e567d6f16d040326c7a0ea29a4f41
ea7df583983133b62712b5e73bffbcd45cc53736
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
POST /watch/49415098/1?page-url=https%3A%2F%2Fxfantazy.com%2Fvideo%2F62ec725f33a7ea06001346ec&charset=utf-8&hittoken=1675525319_2e798666e078d330098aff2affb97e86f54c61ed1f00b5af518ab962793eedb8&browser-info=pa%3A1%3Aar%3A1%3Avf%3A14qzoz81s4a176hik6jd9j%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A960%3Acn%3A1%3Adp%3A0%3Als%3A865198999680%3Ahid%3A172071718%3Az%3A0%3Ai%3A20230204154235%3Aet%3A1675525356%3Ac%3A1%3Arn%3A898523295%3Arqn%3A4%3Au%3A1675525356919022230%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Aco%3A0%3Ans%3A1675525353069%3Ast%3A1675525356&t=gdpr(14)mc(p-6)clc(0-0-0)rqnt(4)aw(1)ti(2) HTTP/1.1
Host: mc.yandex.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Content-Length: 122
Origin: https://xfantazy.com
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-length: 43
date: Sat, 04 Feb 2023 15:41:59 GMT
access-control-allow-origin: https://xfantazy.com
access-control-allow-credentials: true
pragma: no-cache
x-xss-protection: 1; mode=block
expires: Sat, 04-Feb-2023 15:41:59 GMT
last-modified: Sat, 04-Feb-2023 15:41:59 GMT
accept-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
content-type: image/gif
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
mc.yandex.ru/watch/49415098/1?page-url=https%3A%2F%2Fxfantazy.com%2Fvideo%2F62ec725f33a7ea06001346ec&charset=utf-8&hittoken=1675525319_2e798666e078d330098aff2affb97e86f54c61ed1f00b5af518ab962793eedb8&browser-info=pa%3A1%3Aar%3A1%3Avf%3A14qzoz81s4a176hik6jd9j%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A960%3Acn%3A1%3Adp%3A0%3Als%3A865198999680%3Ahid%3A172071718%3Az%3A0%3Ai%3A20230204154235%3Aet%3A1675525356%3Ac%3A1%3Arn%3A527141393%3Arqn%3A3%3Au%3A1675525356919022230%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Aco%3A0%3Ans%3A1675525353069%3Ast%3A1675525356&t=gdpr(14)mc(p-6)clc(0-0-0)rqnt(3)aw(1)ti(2)
87.250.250.119200 OK 43 B URL HTTP/2 mc.yandex.ru/watch/49415098/1?page-url=https%3A%2F%2Fxfantazy.com%2Fvideo%2F62ec725f33a7ea06001346ec&charset=utf-8&hittoken=1675525319_2e798666e078d330098aff2affb97e86f54c61ed1f00b5af518ab962793eedb8&browser-info=pa%3A1%3Aar%3A1%3Avf%3A14qzoz81s4a176hik6jd9j%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A960%3Acn%3A1%3Adp%3A0%3Als%3A865198999680%3Ahid%3A172071718%3Az%3A0%3Ai%3A20230204154235%3Aet%3A1675525356%3Ac%3A1%3Arn%3A527141393%3Arqn%3A3%3Au%3A1675525356919022230%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Aco%3A0%3Ans%3A1675525353069%3Ast%3A1675525356&t=gdpr(14)mc(p-6)clc(0-0-0)rqnt(3)aw(1)ti(2)
IP 87.250.250.119:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash df3e567d6f16d040326c7a0ea29a4f41
ea7df583983133b62712b5e73bffbcd45cc53736
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
POST /watch/49415098/1?page-url=https%3A%2F%2Fxfantazy.com%2Fvideo%2F62ec725f33a7ea06001346ec&charset=utf-8&hittoken=1675525319_2e798666e078d330098aff2affb97e86f54c61ed1f00b5af518ab962793eedb8&browser-info=pa%3A1%3Aar%3A1%3Avf%3A14qzoz81s4a176hik6jd9j%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A960%3Acn%3A1%3Adp%3A0%3Als%3A865198999680%3Ahid%3A172071718%3Az%3A0%3Ai%3A20230204154235%3Aet%3A1675525356%3Ac%3A1%3Arn%3A527141393%3Arqn%3A3%3Au%3A1675525356919022230%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Aco%3A0%3Ans%3A1675525353069%3Ast%3A1675525356&t=gdpr(14)mc(p-6)clc(0-0-0)rqnt(3)aw(1)ti(2) HTTP/1.1
Host: mc.yandex.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Content-Length: 52
Origin: https://xfantazy.com
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-length: 43
date: Sat, 04 Feb 2023 15:41:59 GMT
access-control-allow-origin: https://xfantazy.com
access-control-allow-credentials: true
pragma: no-cache
x-xss-protection: 1; mode=block
expires: Sat, 04-Feb-2023 15:41:59 GMT
last-modified: Sat, 04-Feb-2023 15:41:59 GMT
accept-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
content-type: image/gif
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
mc.yandex.ru/watch/49415098/1?page-url=https%3A%2F%2Fxfantazy.com%2Fvideo%2F62ec725f33a7ea06001346ec&charset=utf-8&hittoken=1675525319_2e798666e078d330098aff2affb97e86f54c61ed1f00b5af518ab962793eedb8&browser-info=pa%3A1%3Aar%3A1%3Avf%3A14qzoz81s4a176hik6jd9j%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A960%3Acn%3A1%3Adp%3A0%3Als%3A865198999680%3Ahid%3A172071718%3Az%3A0%3Ai%3A20230204154235%3Aet%3A1675525356%3Ac%3A1%3Arn%3A597861670%3Arqn%3A5%3Au%3A1675525356919022230%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Aco%3A0%3Ans%3A1675525353069%3Ast%3A1675525356&t=gdpr(14)mc(p-6)clc(0-0-0)rqnt(5)aw(1)ti(2)
87.250.250.119200 OK 38 kB URL HTTP/2 mc.yandex.ru/watch/49415098/1?page-url=https%3A%2F%2Fxfantazy.com%2Fvideo%2F62ec725f33a7ea06001346ec&charset=utf-8&hittoken=1675525319_2e798666e078d330098aff2affb97e86f54c61ed1f00b5af518ab962793eedb8&browser-info=pa%3A1%3Aar%3A1%3Avf%3A14qzoz81s4a176hik6jd9j%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A960%3Acn%3A1%3Adp%3A0%3Als%3A865198999680%3Ahid%3A172071718%3Az%3A0%3Ai%3A20230204154235%3Aet%3A1675525356%3Ac%3A1%3Arn%3A597861670%3Arqn%3A5%3Au%3A1675525356919022230%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Aco%3A0%3Ans%3A1675525353069%3Ast%3A1675525356&t=gdpr(14)mc(p-6)clc(0-0-0)rqnt(5)aw(1)ti(2)
IP 87.250.250.119:0
Hash 4b763cf45dcf9a1024142c624337bcab
5aa9c1a7f3073c26033b4c3c36f2a80136d5d9a8
de78a58199edbee3561672aa1f48434cec05bdab4bea982c004510255bac763f
POST /watch/49415098/1?page-url=https%3A%2F%2Fxfantazy.com%2Fvideo%2F62ec725f33a7ea06001346ec&charset=utf-8&hittoken=1675525319_2e798666e078d330098aff2affb97e86f54c61ed1f00b5af518ab962793eedb8&browser-info=pa%3A1%3Aar%3A1%3Avf%3A14qzoz81s4a176hik6jd9j%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A960%3Acn%3A1%3Adp%3A0%3Als%3A865198999680%3Ahid%3A172071718%3Az%3A0%3Ai%3A20230204154235%3Aet%3A1675525356%3Ac%3A1%3Arn%3A597861670%3Arqn%3A5%3Au%3A1675525356919022230%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Aco%3A0%3Ans%3A1675525353069%3Ast%3A1675525356&t=gdpr(14)mc(p-6)clc(0-0-0)rqnt(5)aw(1)ti(2) HTTP/1.1
Host: mc.yandex.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Content-Length: 98
Origin: https://xfantazy.com
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-length: 43
date: Sat, 04 Feb 2023 15:41:59 GMT
access-control-allow-origin: https://xfantazy.com
access-control-allow-credentials: true
pragma: no-cache
x-xss-protection: 1; mode=block
expires: Sat, 04-Feb-2023 15:41:59 GMT
last-modified: Sat, 04-Feb-2023 15:41:59 GMT
accept-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
content-type: image/gif
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
xfantazy.com/_next/static/chunks/16.2fcecc4fbe403da70f1d.js
172.64.143.8200 OK 6.3 kB URL HTTP/2 xfantazy.com/_next/static/chunks/16.2fcecc4fbe403da70f1d.js
IP 172.64.143.8:0
File type ASCII text, with very long lines (20298), with no line terminators
Hash 243b1d731385c356f99a7199d4b65fc7
1c41af72152c93181a794e0bc9d13e226327a461
39bef4275eb17a42327e5e11c815222c2deaca3f441140c79f794a9e81078366
GET /_next/static/chunks/16.2fcecc4fbe403da70f1d.js HTTP/1.1
Host: xfantazy.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/video/62ec725f33a7ea06001346ec
Cookie: visitorId=uoxrgt07mw17pbfjp1sk; experiment-popup-payment-7=0; experiment-save-to-button-2=0
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sat, 04 Feb 2023 15:41:58 GMT
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=31536000, immutable
cf-bgj: minify
etag: W/"4f4a-183501608ac"
last-modified: Sun, 18 Sep 2022 10:12:44 GMT
vary: Origin, Accept-Encoding
cf-cache-status: HIT
age: 4054634
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=wzXBRjH%2BE4ge9szXEYaPr3fj9Q1Ws1J%2BZM1rEyoi8S4MqgSbesQyeNrZN5RJ4O1VGKUhxByrVccNdBYgDg6uXseOcgs1nwv%2BLIqXEmalX%2F1z9Wv%2BIs7n6qa%2F3yH3%2FkM%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 79448376e8e28883-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
e1.o.lencr.org/
23.36.77.32200 OK 345 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash b5a404b308fa06356367c560e850e1bc
62a5d88a31451b0387e6444c079b6175fa8065a0
f0896232da72586ab3db7427040e653b271df7da7f4c192f44d1b38392702598
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "F0896232DA72586AB3DB7427040E653B271DF7DA7F4C192F44D1B38392702598"
Last-Modified: Fri, 03 Feb 2023 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3048
Expires: Sat, 04 Feb 2023 16:32:47 GMT
Date: Sat, 04 Feb 2023 15:41:59 GMT
Connection: keep-alive
mc.yandex.ru/watch/49415098/1?page-url=https%3A%2F%2Fxfantazy.com%2Fvideo%2F62ec725f33a7ea06001346ec&charset=utf-8&hittoken=1675525319_2e798666e078d330098aff2affb97e86f54c61ed1f00b5af518ab962793eedb8&browser-info=pa%3A1%3Aar%3A1%3Avf%3A14qzoz81s4a176hik6jd9j%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A960%3Acn%3A1%3Adp%3A0%3Als%3A865198999680%3Ahid%3A172071718%3Az%3A0%3Ai%3A20230204154235%3Aet%3A1675525356%3Ac%3A1%3Arn%3A465718452%3Arqn%3A7%3Au%3A1675525356919022230%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Aco%3A0%3Ans%3A1675525353069%3Ast%3A1675525356&t=gdpr(14)mc(p-6)clc(0-0-0)rqnt(7)aw(1)ti(2)
87.250.250.119200 OK 43 B URL HTTP/2 mc.yandex.ru/watch/49415098/1?page-url=https%3A%2F%2Fxfantazy.com%2Fvideo%2F62ec725f33a7ea06001346ec&charset=utf-8&hittoken=1675525319_2e798666e078d330098aff2affb97e86f54c61ed1f00b5af518ab962793eedb8&browser-info=pa%3A1%3Aar%3A1%3Avf%3A14qzoz81s4a176hik6jd9j%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A960%3Acn%3A1%3Adp%3A0%3Als%3A865198999680%3Ahid%3A172071718%3Az%3A0%3Ai%3A20230204154235%3Aet%3A1675525356%3Ac%3A1%3Arn%3A465718452%3Arqn%3A7%3Au%3A1675525356919022230%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Aco%3A0%3Ans%3A1675525353069%3Ast%3A1675525356&t=gdpr(14)mc(p-6)clc(0-0-0)rqnt(7)aw(1)ti(2)
IP 87.250.250.119:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash df3e567d6f16d040326c7a0ea29a4f41
ea7df583983133b62712b5e73bffbcd45cc53736
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
POST /watch/49415098/1?page-url=https%3A%2F%2Fxfantazy.com%2Fvideo%2F62ec725f33a7ea06001346ec&charset=utf-8&hittoken=1675525319_2e798666e078d330098aff2affb97e86f54c61ed1f00b5af518ab962793eedb8&browser-info=pa%3A1%3Aar%3A1%3Avf%3A14qzoz81s4a176hik6jd9j%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A960%3Acn%3A1%3Adp%3A0%3Als%3A865198999680%3Ahid%3A172071718%3Az%3A0%3Ai%3A20230204154235%3Aet%3A1675525356%3Ac%3A1%3Arn%3A465718452%3Arqn%3A7%3Au%3A1675525356919022230%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Aco%3A0%3Ans%3A1675525353069%3Ast%3A1675525356&t=gdpr(14)mc(p-6)clc(0-0-0)rqnt(7)aw(1)ti(2) HTTP/1.1
Host: mc.yandex.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Content-Length: 98
Origin: https://xfantazy.com
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-length: 43
date: Sat, 04 Feb 2023 15:41:59 GMT
access-control-allow-origin: https://xfantazy.com
access-control-allow-credentials: true
pragma: no-cache
x-xss-protection: 1; mode=block
expires: Sat, 04-Feb-2023 15:41:59 GMT
last-modified: Sat, 04-Feb-2023 15:41:59 GMT
accept-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
content-type: image/gif
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
ocsp.sca1b.amazontrust.com/
54.230.245.100200 OK 471 B URL HTTP/1.1 ocsp.sca1b.amazontrust.com/
IP 54.230.245.100:0
Hash dccebcfaad6c97d820364ec92d4a511b
a1adef127bad0f85751b5a7b47025c33d40083c4
6be12cee36873a68c71f277876470b5a3807acf44b39a92b575595e9aa95c973
POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=167468
Date: Sat, 04 Feb 2023 15:41:59 GMT
Etag: "63de5e16-1d7"
Expires: Mon, 06 Feb 2023 14:13:07 GMT
Last-Modified: Sat, 04 Feb 2023 13:31:02 GMT
Server: ECS (nyb/1D06)
X-Cache: Miss from cloudfront
Via: 1.1 b053873243f91b1bb6dc406ce0c67db4.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: rHHlU5aGlPxfY8R3yz4tnJzxMs_haVQ6NI5K3w0vKGxBEAuuXxMAZA==
Age: 2525
simplewebanalysis.com/stats
35.156.167.37200 OK 40 B URL HTTP/2 simplewebanalysis.com/stats
IP 35.156.167.37:0
File type ASCII text, with no line terminators
Hash 217794608c61ca782b097f969fb3e00d
38ac5ef7c4ce8cae39f40692a5ba4e86cf295a3d
29419b6b8df5b0f0be1f660bfe6e45edf183bdab166c1b77b4cc00bf285e44d5
GET /stats HTTP/1.1
Host: simplewebanalysis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://xfantazy.com
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 04 Feb 2023 15:41:59 GMT
content-type: text/html; charset=UTF-8
content-length: 40
server: fasthttp
access-control-allow-origin: https://xfantazy.com
access-control-allow-credentials: true
set-cookie: uid_id2=8e25f49c-857d-4795-88d8-b94490128f88:1:1; expires=Tue, 01 Feb 2033 15:41:59 GMT; secure; SameSite=None
X-Firefox-Spdy: h2
ocsp.sca1b.amazontrust.com/
54.230.245.100200 OK 471 B URL HTTP/1.1 ocsp.sca1b.amazontrust.com/
IP 54.230.245.100:0
Hash dccebcfaad6c97d820364ec92d4a511b
a1adef127bad0f85751b5a7b47025c33d40083c4
6be12cee36873a68c71f277876470b5a3807acf44b39a92b575595e9aa95c973
POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: 'max-age=158059'
Date: Sat, 04 Feb 2023 15:41:59 GMT
Last-Modified: Sat, 04 Feb 2023 15:21:03 GMT
Server: ECS (nyb/1D29)
X-Cache: Miss from cloudfront
Via: 1.1 92c4bb210eab82a152000047d3609a02.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: fhlh5j--WlgN9_YoL8YIFU9zoZdHHGPpW-dkdvZ8-B3L0UUbv4xTaA==
Age: 1256
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 071c54cca1f0ab8b597a8e442b005f08
369bdbfd3a4baeb4cbbbaa173ce2688e6ce00369
f2f85daf0ea1700715989fc102db9c6abf5f4c4744c3fbe348952e155c242f88
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "F2F85DAF0EA1700715989FC102DB9C6ABF5F4C4744C3FBE348952E155C242F88"
Last-Modified: Thu, 02 Feb 2023 16:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8451
Expires: Sat, 04 Feb 2023 18:02:51 GMT
Date: Sat, 04 Feb 2023 15:42:00 GMT
Connection: keep-alive
simplewebanalysis.com/stats
35.156.167.37200 OK 40 B URL HTTP/2 simplewebanalysis.com/stats
IP 35.156.167.37:0
File type ASCII text, with no line terminators
Hash 6aea2ff84d8e0f2573eca678d72b47c6
e524663403b55953c5762c5464de13d607ad4902
1a9f96e383b037d859973e573268ad9709998d31fcaa0bfdbc5996d0e6cd2ed6
GET /stats HTTP/1.1
Host: simplewebanalysis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://xfantazy.com
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 04 Feb 2023 15:42:00 GMT
content-type: text/html; charset=UTF-8
content-length: 40
server: fasthttp
access-control-allow-origin: https://xfantazy.com
access-control-allow-credentials: true
set-cookie: uid_id2=ff2f2f3c-c867-457c-a7e6-2940551d90ca:2:1; expires=Tue, 01 Feb 2033 15:42:00 GMT; secure; SameSite=None
X-Firefox-Spdy: h2
e1.o.lencr.org/
23.36.77.32200 OK 345 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash b5a404b308fa06356367c560e850e1bc
62a5d88a31451b0387e6444c079b6175fa8065a0
f0896232da72586ab3db7427040e653b271df7da7f4c192f44d1b38392702598
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "F0896232DA72586AB3DB7427040E653B271DF7DA7F4C192F44D1B38392702598"
Last-Modified: Fri, 03 Feb 2023 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3047
Expires: Sat, 04 Feb 2023 16:32:47 GMT
Date: Sat, 04 Feb 2023 15:42:00 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 6fdf2cc1432e9b9d48e91cfbb1ec827c
d8f106fb542283c654a2edd0c8ec4f99f3b0d2a3
ceae4a0d3c64968dc6b232b68eacd509ca112101fa5a54ea2d4540a37b4c8de8
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "CEAE4A0D3C64968DC6B232B68EACD509CA112101FA5A54EA2D4540A37B4C8DE8"
Last-Modified: Fri, 03 Feb 2023 13:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2340
Expires: Sat, 04 Feb 2023 16:21:00 GMT
Date: Sat, 04 Feb 2023 15:42:00 GMT
Connection: keep-alive
mc.yandex.ru/metrika/advert.gif
87.250.250.119200 OK 43 B URL HTTP/2 mc.yandex.ru/metrika/advert.gif
IP 87.250.250.119:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash df3e567d6f16d040326c7a0ea29a4f41
ea7df583983133b62712b5e73bffbcd45cc53736
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
GET /metrika/advert.gif HTTP/1.1
Host: mc.yandex.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-length: 43
date: Sat, 04 Feb 2023 15:42:00 GMT
access-control-allow-origin: *
etag: "63c93a4b-2b"
expires: Sat, 04 Feb 2023 16:42:00 GMT
accept-ranges: bytes
last-modified: Thu, 19 Jan 2023 15:40:43 GMT
accept-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
cache-control: max-age=3600
content-type: image/gif
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 42f7bb86070a306c0902a2947bfd5db1
679751d86f7520d1e5e30b5bc050015450de75a7
ebccfef4e98d659e8e275dd6b2797b1154e42572695aefc916825bc0819e96dd
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 04 Feb 2023 15:42:00 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j99&tid=UA-121614197-2&cid=937945912.1675525355&jid=839220863&gjid=1362915298&_gid=945420048.1675525355&_u=YGBAiEABBAAAAEAAI~&z=1605512879
64.233.161.155200 OK 1 B URL HTTP/2 stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j99&tid=UA-121614197-2&cid=937945912.1675525355&jid=839220863&gjid=1362915298&_gid=945420048.1675525355&_u=YGBAiEABBAAAAEAAI~&z=1605512879
IP 64.233.161.155:0
File type very short file (no magic)
Hash c4ca4238a0b923820dcc509a6f75849b
356a192b7913b04c54574d18c28d46e6395428ab
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
POST /j/collect?t=dc&aip=1&_r=3&v=1&_v=j99&tid=UA-121614197-2&cid=937945912.1675525355&jid=839220863&gjid=1362915298&_gid=945420048.1675525355&_u=YGBAiEABBAAAAEAAI~&z=1605512879 HTTP/1.1
Host: stats.g.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 0
Origin: https://xfantazy.com
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: https://xfantazy.com
strict-transport-security: max-age=10886400; includeSubDomains; preload
date: Sat, 04 Feb 2023 15:42:00 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
last-modified: Sun, 17 May 1998 03:00:00 GMT
access-control-allow-credentials: true
x-content-type-options: nosniff
content-type: text/plain
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 1
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 42f7bb86070a306c0902a2947bfd5db1
679751d86f7520d1e5e30b5bc050015450de75a7
ebccfef4e98d659e8e275dd6b2797b1154e42572695aefc916825bc0819e96dd
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 04 Feb 2023 15:42:00 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
utilitypresent.com/4d/0a/fc/4d0afc2425eea6b0cd5a468c9f8a69ed.js
192.243.59.13200 OK 29 kB URL HTTP/1.1 utilitypresent.com/4d/0a/fc/4d0afc2425eea6b0cd5a468c9f8a69ed.js
IP 192.243.59.13:0
ASN #39572 DataWeb Global Group B.V.
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (65536), with no line terminators
Hash 5ee71cd0ffc984046ef3c617f521dd9a
784eaf2c5ae6cfd14a0138a6cbe578eb64bb60e9
8ceef1f7b5be4a1269b8922ff1f8f43ffa2835e9425e12f42c5d507215f2ec99
Analyzer Verdict Alert fortinet Malware
quad9 Sinkholed
GET /4d/0a/fc/4d0afc2425eea6b0cd5a468c9f8a69ed.js HTTP/1.1
Host: utilitypresent.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.17.6
Date: Sat, 04 Feb 2023 15:42:00 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 06c827a2267774f900dfa1733605e93f
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
outdilateinterrupt.com/01/f7/5a/01f75a95a38a8db0a8e82d995253a076.js
173.233.137.60200 OK 29 kB URL HTTP/1.1 outdilateinterrupt.com/01/f7/5a/01f75a95a38a8db0a8e82d995253a076.js
IP 173.233.137.60:0
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (65536), with no line terminators
Hash 2df1b5ab32c7dcacc032d0c4399e0c43
934a5d69b076752a506eb4678e8031609c943079
76ddbcf43a3f0a27f54300a14669d42be8e851ff429b6ea11b793d842db2f7f1
Analyzer Verdict Alert fortinet Malware
quad9 Sinkholed
GET /01/f7/5a/01f75a95a38a8db0a8e82d995253a076.js HTTP/1.1
Host: outdilateinterrupt.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Sat, 04 Feb 2023 15:42:00 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: e8ffb66cd0fabb2fa205589bd9bd1970
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
d3t87ooo0697p8.cloudfront.net/?oootd=971975
143.204.42.128200 OK 114 kB URL HTTP/2 d3t87ooo0697p8.cloudfront.net/?oootd=971975
IP 143.204.42.128:0
File type Unicode text, UTF-8 text, with very long lines (15955)
Size 114 kB (113865 bytes)
Hash fbae3cade208e5457da6b1e01e85a7c8
6f60f4391790640cdc8ac57862145a8be46c67bc
02df7ff3d0141c15b03e159e2d4786f80a599794d4413704d1cd4cef36c61895
GET /?oootd=971975 HTTP/1.1
Host: d3t87ooo0697p8.cloudfront.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-length: 113865
date: Sat, 04 Feb 2023 15:42:00 GMT
access-control-allow-origin: *
cache-control: no-store, no-cache, proxy-revalidate, must-revalidate, private, no-transform
content-encoding: gzip
pragma: no-cache
x-cache: Miss from cloudfront
via: 1.1 bcd5dadccb0831729969c938747ff79a.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: rcFczK3Ezb42VM6nJTGRPfAjjaTZ-VqhgYO6gf6wyzICZjmAQwi1cQ==
X-Firefox-Spdy: h2
friendshipmale.com/sfp.js
172.64.109.35200 OK 27 kB URL HTTP/2 friendshipmale.com/sfp.js
IP 172.64.109.35:0
File type Unicode text, UTF-8 text, with very long lines (65529), with no line terminators
Hash 1b7dfbc8b83bcb302c46d8233b12b883
baf5bfef67b9b338af0a064e6b388d610cd9a14f
6842d5b3ef7f2d718eee18d5bca324fdd7523bf3595da7def038bf858521f039
Analyzer Verdict Alert fortinet Malware
GET /sfp.js HTTP/1.1
Host: friendshipmale.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 04 Feb 2023 15:41:59 GMT
content-type: application/javascript; charset=utf-8
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
access-control-allow-origin: *
expires: Thu, 01 Jan 1970 00:00:01 GMT
cache-control: max-age=14400
x-request-id: 6b67e5412b54a0ad1d707a4a42bc1f7b
strict-transport-security: max-age=0; includeSubdomains
cf-cache-status: EXPIRED
last-modified: Sat, 04 Feb 2023 15:41:59 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ONSGDCF43ImaYrSkAvVLkjiTzagycF6Ok2%2Ff1gy3dV%2FJ59bvjyjUX4REqqC%2FNvdexoorZ5StVMNEAod5LFgcoFca8cr3R46ed%2BgFu1xCgf5RgRoxA1Q64tUFZAXSVB2mCapl1xc%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 794483815b1b24ef-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
utilitypresent.com/pixel/purst?dl=0&th=0&sc=0&rs=3467&rd=3467&fd=638&bv=22.10.v.10&tmpl=136
192.243.59.13200 OK 0 B URL HTTP/1.1 utilitypresent.com/pixel/purst?dl=0&th=0&sc=0&rs=3467&rd=3467&fd=638&bv=22.10.v.10&tmpl=136
IP 192.243.59.13:0
ASN #39572 DataWeb Global Group B.V.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /pixel/purst?dl=0&th=0&sc=0&rs=3467&rd=3467&fd=638&bv=22.10.v.10&tmpl=136 HTTP/1.1
Host: utilitypresent.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.17.6
Date: Sat, 04 Feb 2023 15:42:00 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
ocsp.pki.goog/s/gts1p5/bjlwOPa5ksQ
142.250.74.131200 OK 472 B URL HTTP/1.1 ocsp.pki.goog/s/gts1p5/bjlwOPa5ksQ
IP 142.250.74.131:0
Hash 4878847e239b3697640ccaf65ff8dd54
970c1bd6c968727d5752b5e4072a8f4eed0a9cb3
0d265a524952284d786e1fbae8f1260a219b1a366fca1fdfc8a6a512dac72003
POST /s/gts1p5/bjlwOPa5ksQ HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 04 Feb 2023 15:42:00 GMT
Cache-Control: public, max-age=14400
Server: scaffolding on HTTPServer2
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
mc.yandex.ru/watch/49415098/1?page-url=https%3A%2F%2Fxfantazy.com%2Fvideo%2F62ec725f33a7ea06001346ec&charset=utf-8&hittoken=1675525319_2e798666e078d330098aff2affb97e86f54c61ed1f00b5af518ab962793eedb8&browser-info=pa%3A1%3Aar%3A1%3Avf%3A14qzoz81s4a176hik6jd9j%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A960%3Acn%3A1%3Adp%3A0%3Als%3A865198999680%3Ahid%3A172071718%3Az%3A0%3Ai%3A20230204154236%3Aet%3A1675525357%3Ac%3A1%3Arn%3A456609127%3Arqn%3A9%3Au%3A1675525356919022230%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Aco%3A0%3Aeu%3A1%3Ans%3A1675525353069%3Aadb%3A2%3Ast%3A1675525357&t=gdpr(14)mc(p-6-h-1)clc(0-0-0)rqnt(9)aw(1)ti(2)
87.250.250.119200 OK 43 B URL HTTP/2 mc.yandex.ru/watch/49415098/1?page-url=https%3A%2F%2Fxfantazy.com%2Fvideo%2F62ec725f33a7ea06001346ec&charset=utf-8&hittoken=1675525319_2e798666e078d330098aff2affb97e86f54c61ed1f00b5af518ab962793eedb8&browser-info=pa%3A1%3Aar%3A1%3Avf%3A14qzoz81s4a176hik6jd9j%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A960%3Acn%3A1%3Adp%3A0%3Als%3A865198999680%3Ahid%3A172071718%3Az%3A0%3Ai%3A20230204154236%3Aet%3A1675525357%3Ac%3A1%3Arn%3A456609127%3Arqn%3A9%3Au%3A1675525356919022230%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Aco%3A0%3Aeu%3A1%3Ans%3A1675525353069%3Aadb%3A2%3Ast%3A1675525357&t=gdpr(14)mc(p-6-h-1)clc(0-0-0)rqnt(9)aw(1)ti(2)
IP 87.250.250.119:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash df3e567d6f16d040326c7a0ea29a4f41
ea7df583983133b62712b5e73bffbcd45cc53736
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
POST /watch/49415098/1?page-url=https%3A%2F%2Fxfantazy.com%2Fvideo%2F62ec725f33a7ea06001346ec&charset=utf-8&hittoken=1675525319_2e798666e078d330098aff2affb97e86f54c61ed1f00b5af518ab962793eedb8&browser-info=pa%3A1%3Aar%3A1%3Avf%3A14qzoz81s4a176hik6jd9j%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A960%3Acn%3A1%3Adp%3A0%3Als%3A865198999680%3Ahid%3A172071718%3Az%3A0%3Ai%3A20230204154236%3Aet%3A1675525357%3Ac%3A1%3Arn%3A456609127%3Arqn%3A9%3Au%3A1675525356919022230%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Aco%3A0%3Aeu%3A1%3Ans%3A1675525353069%3Aadb%3A2%3Ast%3A1675525357&t=gdpr(14)mc(p-6-h-1)clc(0-0-0)rqnt(9)aw(1)ti(2) HTTP/1.1
Host: mc.yandex.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Content-Length: 39
Origin: https://xfantazy.com
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-length: 43
date: Sat, 04 Feb 2023 15:42:00 GMT
access-control-allow-origin: https://xfantazy.com
access-control-allow-credentials: true
pragma: no-cache
x-xss-protection: 1; mode=block
expires: Sat, 04-Feb-2023 15:42:00 GMT
last-modified: Sat, 04-Feb-2023 15:42:00 GMT
accept-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
content-type: image/gif
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
outdilateinterrupt.com/pixel/purst?dl=0&th=0&sc=0&rs=3477&rd=3477&fd=546&bv=22.10.v.10&tmpl=136
173.233.137.60200 OK 0 B URL HTTP/1.1 outdilateinterrupt.com/pixel/purst?dl=0&th=0&sc=0&rs=3477&rd=3477&fd=546&bv=22.10.v.10&tmpl=136
IP 173.233.137.60:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /pixel/purst?dl=0&th=0&sc=0&rs=3477&rd=3477&fd=546&bv=22.10.v.10&tmpl=136 HTTP/1.1
Host: outdilateinterrupt.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Sat, 04 Feb 2023 15:42:00 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
mc.yandex.ru/watch/49415098/1?page-url=https%3A%2F%2Fxfantazy.com%2Fvideo%2F62ec725f33a7ea06001346ec&charset=utf-8&hittoken=1675525319_2e798666e078d330098aff2affb97e86f54c61ed1f00b5af518ab962793eedb8&browser-info=pv%3A1%3Aar%3A1%3Avf%3A14qzoz81s4a176hik6jd9j%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A960%3Acn%3A1%3Adp%3A0%3Als%3A865198999680%3Ahid%3A172071718%3Az%3A0%3Ai%3A20230204154236%3Aet%3A1675525357%3Ac%3A1%3Arn%3A728213203%3Arqn%3A8%3Au%3A1675525356919022230%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Aco%3A0%3Aeu%3A1%3Ans%3A1675525353069%3Aadb%3A2%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1675525357%3At%3ANishimoto%20Meisa%20STARS-575%20Height%20Difference%2040%20Cm%21%20%21%21%20My%20Favorite%20Big%20Guys%20Are%20Appearing%20One%20After%20Another%21%20Insert%20Immediately%21%20Gulliver%20Sex%20For%207%20Hours%20In%20The%20Middle%20Of%20The%20Day%21%20The%20First%206%20Pages%20...%20...%20-%20XFantazy.com&t=gdpr%2814%29mc%28p-6%29clc%280-0-0%29rqnt%288%29aw%281%29fip%281%29ti%282%29
87.250.250.119200 OK 43 B URL HTTP/2 mc.yandex.ru/watch/49415098/1?page-url=https%3A%2F%2Fxfantazy.com%2Fvideo%2F62ec725f33a7ea06001346ec&charset=utf-8&hittoken=1675525319_2e798666e078d330098aff2affb97e86f54c61ed1f00b5af518ab962793eedb8&browser-info=pv%3A1%3Aar%3A1%3Avf%3A14qzoz81s4a176hik6jd9j%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A960%3Acn%3A1%3Adp%3A0%3Als%3A865198999680%3Ahid%3A172071718%3Az%3A0%3Ai%3A20230204154236%3Aet%3A1675525357%3Ac%3A1%3Arn%3A728213203%3Arqn%3A8%3Au%3A1675525356919022230%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Aco%3A0%3Aeu%3A1%3Ans%3A1675525353069%3Aadb%3A2%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1675525357%3At%3ANishimoto%20Meisa%20STARS-575%20Height%20Difference%2040%20Cm%21%20%21%21%20My%20Favorite%20Big%20Guys%20Are%20Appearing%20One%20After%20Another%21%20Insert%20Immediately%21%20Gulliver%20Sex%20For%207%20Hours%20In%20The%20Middle%20Of%20The%20Day%21%20The%20First%206%20Pages%20...%20...%20-%20XFantazy.com&t=gdpr%2814%29mc%28p-6%29clc%280-0-0%29rqnt%288%29aw%281%29fip%281%29ti%282%29
IP 87.250.250.119:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash df3e567d6f16d040326c7a0ea29a4f41
ea7df583983133b62712b5e73bffbcd45cc53736
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
GET /watch/49415098/1?page-url=https%3A%2F%2Fxfantazy.com%2Fvideo%2F62ec725f33a7ea06001346ec&charset=utf-8&hittoken=1675525319_2e798666e078d330098aff2affb97e86f54c61ed1f00b5af518ab962793eedb8&browser-info=pv%3A1%3Aar%3A1%3Avf%3A14qzoz81s4a176hik6jd9j%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A960%3Acn%3A1%3Adp%3A0%3Als%3A865198999680%3Ahid%3A172071718%3Az%3A0%3Ai%3A20230204154236%3Aet%3A1675525357%3Ac%3A1%3Arn%3A728213203%3Arqn%3A8%3Au%3A1675525356919022230%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Aco%3A0%3Aeu%3A1%3Ans%3A1675525353069%3Aadb%3A2%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1675525357%3At%3ANishimoto%20Meisa%20STARS-575%20Height%20Difference%2040%20Cm%21%20%21%21%20My%20Favorite%20Big%20Guys%20Are%20Appearing%20One%20After%20Another%21%20Insert%20Immediately%21%20Gulliver%20Sex%20For%207%20Hours%20In%20The%20Middle%20Of%20The%20Day%21%20The%20First%206%20Pages%20...%20...%20-%20XFantazy.com&t=gdpr%2814%29mc%28p-6%29clc%280-0-0%29rqnt%288%29aw%281%29fip%281%29ti%282%29 HTTP/1.1
Host: mc.yandex.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://xfantazy.com
Referer: https://xfantazy.com/
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-length: 43
date: Sat, 04 Feb 2023 15:42:00 GMT
access-control-allow-origin: https://xfantazy.com
access-control-allow-credentials: true
pragma: no-cache
x-xss-protection: 1; mode=block
expires: Sat, 04-Feb-2023 15:42:00 GMT
last-modified: Sat, 04-Feb-2023 15:42:00 GMT
accept-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
content-type: image/gif
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
ocsp.pki.goog/s/gts1p5/bjlwOPa5ksQ
142.250.74.131200 OK 472 B URL HTTP/1.1 ocsp.pki.goog/s/gts1p5/bjlwOPa5ksQ
IP 142.250.74.131:0
Hash 4878847e239b3697640ccaf65ff8dd54
970c1bd6c968727d5752b5e4072a8f4eed0a9cb3
0d265a524952284d786e1fbae8f1260a219b1a366fca1fdfc8a6a512dac72003
POST /s/gts1p5/bjlwOPa5ksQ HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 04 Feb 2023 15:42:00 GMT
Cache-Control: public, max-age=14400
Server: scaffolding on HTTPServer2
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/s/gts1p5/bjlwOPa5ksQ
142.250.74.131200 OK 472 B URL HTTP/1.1 ocsp.pki.goog/s/gts1p5/bjlwOPa5ksQ
IP 142.250.74.131:0
Hash 4878847e239b3697640ccaf65ff8dd54
970c1bd6c968727d5752b5e4072a8f4eed0a9cb3
0d265a524952284d786e1fbae8f1260a219b1a366fca1fdfc8a6a512dac72003
POST /s/gts1p5/bjlwOPa5ksQ HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 04 Feb 2023 15:42:00 GMT
Cache-Control: public, max-age=14400
Server: scaffolding on HTTPServer2
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
outdilateinterrupt.com/sbar.json?key=21fe3950f412e026c33f1b6cee613eba
173.233.137.60200 OK 4.1 kB URL HTTP/1.1 outdilateinterrupt.com/sbar.json?key=21fe3950f412e026c33f1b6cee613eba
IP 173.233.137.60:0
File type JSON data\012- , ASCII text, with very long lines (5657), with no line terminators
Hash b37d4d705dcd2ab5f1e0cf37b87ad125
e447877171fa47240c7ff5b513870639f48645a5
a39cf4934704f595c2f5da57dc8ddd70693dbc476516bc5a918a44b645a71764
Analyzer Verdict Alert quad9 Sinkholed
GET /sbar.json?key=21fe3950f412e026c33f1b6cee613eba HTTP/1.1
Host: outdilateinterrupt.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://xfantazy.com
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Sat, 04 Feb 2023 15:42:00 GMT
Content-Type: text/plain; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: https://xfantazy.com
Access-Control-Allow-Origin: https://xfantazy.com
Access-Control-Allow-Credentials: true
Set-Cookie: u_pl=17661735; expires=Sun, 05 Feb 2023 15:42:00 GMT; secure; SameSite=None
pdhtkv=true; expires=Sun, 05 Feb 2023 15:42:00 GMT; secure; SameSite=None
uncs=1; expires=Sun, 05 Feb 2023 15:42:00 GMT; secure; SameSite=None
pdhtkv29=true; expires=Sun, 05 Feb 2023 15:42:00 GMT; secure; SameSite=None
uncs29=1; expires=Sun, 05 Feb 2023 15:42:00 GMT; secure; SameSite=None
slec21fe3950f412e026c33f1b6cee613eba=[3870583]; expires=Sat, 04 Feb 2023 15:42:05 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: c716f91b9d05f50e47ccdddc07003ed2
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
estkewasa.com/bGpJNGUNCCpZWg1XKxIQHgZ0EVcqT3tyAV8ecQMKAwV5AlxbGnEaBgAFPFADHgUnQEsCDz0RVyozKHERXDkPWykmKCZBPz4dIHEtOgARBxUiDHsNKiU7KlorLgJ7cyQtJA5dFS4oG18tIzgtAAMuHTFxLTobHV0GOiAjBTMOOAxZKjo8f2EMB097diYCMAhWDFgzA3ZcXSY+bRMpOX1OJwVeGFYMVCAtXA4CIwhxCyspJRFXKj0uBSc2Bzl6ADk4Lng0KQYMdwYYLXsBIgkuGFcHBzB9VVQEBhtzVBwhJAEiCSl5di85IHFSVB8gHGwVHS8BBSQOPSJFBwdHEwAuLl88ZhIAGB58UA0PAXorCT8YQjUbGS5zV10FBVoJKQ8eRDwJARsBA10afnEMKQUNZ1UOJwENBCg/HwAHXDB+YQ9dBB5lQwYZJloVUQYBYxcNXwR3Ch4JeQ
54.192.99.31200 OK 1.2 kB URL HTTP/2 estkewasa.com/bGpJNGUNCCpZWg1XKxIQHgZ0EVcqT3tyAV8ecQMKAwV5AlxbGnEaBgAFPFADHgUnQEsCDz0RVyozKHERXDkPWykmKCZBPz4dIHEtOgARBxUiDHsNKiU7KlorLgJ7cyQtJA5dFS4oG18tIzgtAAMuHTFxLTobHV0GOiAjBTMOOAxZKjo8f2EMB097diYCMAhWDFgzA3ZcXSY+bRMpOX1OJwVeGFYMVCAtXA4CIwhxCyspJRFXKj0uBSc2Bzl6ADk4Lng0KQYMdwYYLXsBIgkuGFcHBzB9VVQEBhtzVBwhJAEiCSl5di85IHFSVB8gHGwVHS8BBSQOPSJFBwdHEwAuLl88ZhIAGB58UA0PAXorCT8YQjUbGS5zV10FBVoJKQ8eRDwJARsBA10afnEMKQUNZ1UOJwENBCg/HwAHXDB+YQ9dBB5lQwYZJloVUQYBYxcNXwR3Ch4JeQ
IP 54.192.99.31:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (3041), with no line terminators
Hash b338b8c337de06472bcfa4b6db5e593d
d5a99ae4112328567f1dc6d80e8e0b08df4fb4e8
24a2baef66fa0ab9d1c5760793d4171ea95b40d6db0a42af09f5809b50366cfd
GET /bGpJNGUNCCpZWg1XKxIQHgZ0EVcqT3tyAV8ecQMKAwV5AlxbGnEaBgAFPFADHgUnQEsCDz0RVyozKHERXDkPWykmKCZBPz4dIHEtOgARBxUiDHsNKiU7KlorLgJ7cyQtJA5dFS4oG18tIzgtAAMuHTFxLTobHV0GOiAjBTMOOAxZKjo8f2EMB097diYCMAhWDFgzA3ZcXSY+bRMpOX1OJwVeGFYMVCAtXA4CIwhxCyspJRFXKj0uBSc2Bzl6ADk4Lng0KQYMdwYYLXsBIgkuGFcHBzB9VVQEBhtzVBwhJAEiCSl5di85IHFSVB8gHGwVHS8BBSQOPSJFBwdHEwAuLl88ZhIAGB58UA0PAXorCT8YQjUbGS5zV10FBVoJKQ8eRDwJARsBA10afnEMKQUNZ1UOJwENBCg/HwAHXDB+YQ9dBB5lQwYZJloVUQYBYxcNXwR3Ch4JeQ HTTP/1.1
Host: estkewasa.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/html
content-length: 1192
date: Sat, 04 Feb 2023 15:42:00 GMT
server: openresty/1.17.8.2
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
content-encoding: gzip
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
x-cache: Miss from cloudfront
via: 1.1 67d9c6999f4bc9c9c60e1e5f24b316e8.cloudfront.net (CloudFront)
x-amz-cf-pop: ARN1-C1
x-amz-cf-id: caq6tT-bCi5vkB6uJ36Cn48IDCd77Qz78fdU2idTreMaJ411iz8TPw==
X-Firefox-Spdy: h2
estkewasa.com/VWQxMTM0BlJcDDRZUxdGJwgMFAETQQN3V2YQCQZcOgsBBwpiFAkfUDkLRFVVJwtfRR07AUUUARNQVVphJj5kCWUeE3h1UBQtRXJ1PVZgaVcMMV9JYhkMCXp6BD4EewJlVXRyAjYneVZyETV8Un1lNQh9ZhhTdXJxBzJmWlIfNXhyUDklWXBUDx1jA3obJWIAfzYhXmB/PhdBcEttCXZYVBs1eQFENjF7Z1I+NgFjcRwJdnJyESFbSWcxCEZ9fGQqA2l1B0EDd2QdNntnVGQwVV1EBi5ZWUoCIXMJfRIiVGdnMSVSdF8CIGd/AQ0mUgRmZgdFZ3tsIFBdHi0pUFphZSdGcEAdN0V7ZSIIdFV1ZDJXAVdlPGRzCgcNeHd1LAtgeksHJVdlcWQ8d3NbBwl4a2QdUBdbQDoKQQx4bR5XWAM4U0d4XCwcA0hy
54.192.99.31200 OK 1.2 kB URL HTTP/2 estkewasa.com/VWQxMTM0BlJcDDRZUxdGJwgMFAETQQN3V2YQCQZcOgsBBwpiFAkfUDkLRFVVJwtfRR07AUUUARNQVVphJj5kCWUeE3h1UBQtRXJ1PVZgaVcMMV9JYhkMCXp6BD4EewJlVXRyAjYneVZyETV8Un1lNQh9ZhhTdXJxBzJmWlIfNXhyUDklWXBUDx1jA3obJWIAfzYhXmB/PhdBcEttCXZYVBs1eQFENjF7Z1I+NgFjcRwJdnJyESFbSWcxCEZ9fGQqA2l1B0EDd2QdNntnVGQwVV1EBi5ZWUoCIXMJfRIiVGdnMSVSdF8CIGd/AQ0mUgRmZgdFZ3tsIFBdHi0pUFphZSdGcEAdN0V7ZSIIdFV1ZDJXAVdlPGRzCgcNeHd1LAtgeksHJVdlcWQ8d3NbBwl4a2QdUBdbQDoKQQx4bR5XWAM4U0d4XCwcA0hy
IP 54.192.99.31:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (3030), with no line terminators
Hash ad20f16f429f2c5717802d0267670aaa
fabfbf40137bfdd6d1515a72431df33b0f2659bd
e77461fa2b534ce3132672ec01a072b00ca37541dfb2d62831d7812197e593a6
GET /VWQxMTM0BlJcDDRZUxdGJwgMFAETQQN3V2YQCQZcOgsBBwpiFAkfUDkLRFVVJwtfRR07AUUUARNQVVphJj5kCWUeE3h1UBQtRXJ1PVZgaVcMMV9JYhkMCXp6BD4EewJlVXRyAjYneVZyETV8Un1lNQh9ZhhTdXJxBzJmWlIfNXhyUDklWXBUDx1jA3obJWIAfzYhXmB/PhdBcEttCXZYVBs1eQFENjF7Z1I+NgFjcRwJdnJyESFbSWcxCEZ9fGQqA2l1B0EDd2QdNntnVGQwVV1EBi5ZWUoCIXMJfRIiVGdnMSVSdF8CIGd/AQ0mUgRmZgdFZ3tsIFBdHi0pUFphZSdGcEAdN0V7ZSIIdFV1ZDJXAVdlPGRzCgcNeHd1LAtgeksHJVdlcWQ8d3NbBwl4a2QdUBdbQDoKQQx4bR5XWAM4U0d4XCwcA0hy HTTP/1.1
Host: estkewasa.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/html
content-length: 1180
date: Sat, 04 Feb 2023 15:42:00 GMT
server: openresty/1.17.8.2
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
content-encoding: gzip
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
x-cache: Miss from cloudfront
via: 1.1 67d9c6999f4bc9c9c60e1e5f24b316e8.cloudfront.net (CloudFront)
x-amz-cf-pop: ARN1-C1
x-amz-cf-id: oWDBw_0XsZddDQvYYosF-DTPF2OpbcKEJWTF-kAQh8vgyS2MbK_uMw==
X-Firefox-Spdy: h2
estkewasa.com/RVNXMjYkMTRfCSRuNRRDNz9qFwQDdmV0UnYnbwVZKjxnBA9yI28cVSk8IlZQNzw5RhgrNiMXBAMpAGpGdAo6WQADASR3YCxjA3dgfAI1Al4DBmYDE3cVEnNvCxEuXn4MFQFWcgY8IH1fFBgHWW8TFBQCQBArDmZmEDcRYHcQZxFwfCMHLUVjAz9ua1A9IAVzcBcnD3NzFhE9eH4HEgJ3egQgAHNBNnZlcHADHg9xcRQLEFpRBB0Fa2MXYiRUYnQnBGZxMRgPYGMEHS8GVwMBJwplAAYaem49GgVkeB83Z0JnEAAjCmUABgFzciEeBmdSJBRmC34QOxFEYil+FWB9diseYGQENTF3XXUGZl5FExYBfmICJxx3USYYGlpgFAYUC0QWOAVhYRI7HGBzITE2YEEmFhZFE3cVEWMHDQQvC3oXBTN6VxMkFmoHInU9QVkrI2pnAXEGB3duCAATAUE0JwI
54.192.99.31200 OK 1.2 kB URL HTTP/2 estkewasa.com/RVNXMjYkMTRfCSRuNRRDNz9qFwQDdmV0UnYnbwVZKjxnBA9yI28cVSk8IlZQNzw5RhgrNiMXBAMpAGpGdAo6WQADASR3YCxjA3dgfAI1Al4DBmYDE3cVEnNvCxEuXn4MFQFWcgY8IH1fFBgHWW8TFBQCQBArDmZmEDcRYHcQZxFwfCMHLUVjAz9ua1A9IAVzcBcnD3NzFhE9eH4HEgJ3egQgAHNBNnZlcHADHg9xcRQLEFpRBB0Fa2MXYiRUYnQnBGZxMRgPYGMEHS8GVwMBJwplAAYaem49GgVkeB83Z0JnEAAjCmUABgFzciEeBmdSJBRmC34QOxFEYil+FWB9diseYGQENTF3XXUGZl5FExYBfmICJxx3USYYGlpgFAYUC0QWOAVhYRI7HGBzITE2YEEmFhZFE3cVEWMHDQQvC3oXBTN6VxMkFmoHInU9QVkrI2pnAXEGB3duCAATAUE0JwI
IP 54.192.99.31:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (3049), with no line terminators
Hash 42eaebfe18f7476e58dcdb8a4243505d
c856346f7c37b26c688321dc9f55a5f8e9e9cc60
f40a3373e8e8b482aac9c11ffa6bd3566b864e4de0bc592893570229b503a7d0
GET /RVNXMjYkMTRfCSRuNRRDNz9qFwQDdmV0UnYnbwVZKjxnBA9yI28cVSk8IlZQNzw5RhgrNiMXBAMpAGpGdAo6WQADASR3YCxjA3dgfAI1Al4DBmYDE3cVEnNvCxEuXn4MFQFWcgY8IH1fFBgHWW8TFBQCQBArDmZmEDcRYHcQZxFwfCMHLUVjAz9ua1A9IAVzcBcnD3NzFhE9eH4HEgJ3egQgAHNBNnZlcHADHg9xcRQLEFpRBB0Fa2MXYiRUYnQnBGZxMRgPYGMEHS8GVwMBJwplAAYaem49GgVkeB83Z0JnEAAjCmUABgFzciEeBmdSJBRmC34QOxFEYil+FWB9diseYGQENTF3XXUGZl5FExYBfmICJxx3USYYGlpgFAYUC0QWOAVhYRI7HGBzITE2YEEmFhZFE3cVEWMHDQQvC3oXBTN6VxMkFmoHInU9QVkrI2pnAXEGB3duCAATAUE0JwI HTTP/1.1
Host: estkewasa.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: text/html
content-length: 1197
date: Sat, 04 Feb 2023 15:42:00 GMT
server: openresty/1.17.8.2
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
content-encoding: gzip
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
x-cache: Miss from cloudfront
via: 1.1 67d9c6999f4bc9c9c60e1e5f24b316e8.cloudfront.net (CloudFront)
x-amz-cf-pop: ARN1-C1
x-amz-cf-id: ZDAEpGSR5gCDBF5zsEFB_ERa8kf1He99LXPhHi9j2cQzRFIRi-tjnA==
X-Firefox-Spdy: h2
ocsp.pki.goog/s/gts1p5/bjlwOPa5ksQ
142.250.74.131200 OK 472 B URL HTTP/1.1 ocsp.pki.goog/s/gts1p5/bjlwOPa5ksQ
IP 142.250.74.131:0
Hash 4878847e239b3697640ccaf65ff8dd54
970c1bd6c968727d5752b5e4072a8f4eed0a9cb3
0d265a524952284d786e1fbae8f1260a219b1a366fca1fdfc8a6a512dac72003
POST /s/gts1p5/bjlwOPa5ksQ HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 04 Feb 2023 15:42:00 GMT
Cache-Control: public, max-age=14400
Server: scaffolding on HTTPServer2
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
uckbrokennailsa.xyz/SUpUUFZmdTcjaywfIAoEARwaM2Q5egAFZ3ETDB4bHSRhNzAMenIkPy13bWZkeXtgdiYgLmlhcDo+NSQjOndldj8nLDttcD93ZX5lfWRnYXh7bCFtZ28+JDExdHtyICI9JmlhYH5/YWJjen9iZ2Rw
188.114.96.1204 No Content 0 B URL HTTP/2 uckbrokennailsa.xyz/SUpUUFZmdTcjaywfIAoEARwaM2Q5egAFZ3ETDB4bHSRhNzAMenIkPy13bWZkeXtgdiYgLmlhcDo+NSQjOndldj8nLDttcD93ZX5lfWRnYXh7bCFtZ28+JDExdHtyICI9JmlhYH5/YWJjen9iZ2Rw
IP 188.114.96.1:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /SUpUUFZmdTcjaywfIAoEARwaM2Q5egAFZ3ETDB4bHSRhNzAMenIkPy13bWZkeXtgdiYgLmlhcDo+NSQjOndldj8nLDttcD93ZX5lfWRnYXh7bCFtZ28+JDExdHtyICI9JmlhYH5/YWJjen9iZ2Rw HTTP/1.1
Host: uckbrokennailsa.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 204 No Content
date: Sat, 04 Feb 2023 15:42:00 GMT
access-control-allow-origin: *
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=YZxasMa76%2Bm0RVS2QTYe%2FT2E2Y4aBKHy3ynFTCLS%2FigPrvjsITd5XGbLxFCqH32pr%2B4dETN9kleyzBiSUrVLpVsx1hP7Hg6RZXXuVcK8BE9Dy1HoyyCIjSmj3nSxbjDMFqgzhhEP"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 79448385fb960b39-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
uckbrokennailsa.xyz/ZlJpVmRJbQolWTQWP2IpCDZYFyEBFjgOBysDKDIiBQMrHyUzG08iDQJvUGFXUmVacBQPNlRnXEAhHTcQEyFUZ0IPPA85WUAkVGdKVnxbeFZAJ1RnQhIiCDFZV3QZIhAKb1hgU1NnW2NXU2Rfb1Q
188.114.96.1204 No Content 0 B URL HTTP/2 uckbrokennailsa.xyz/ZlJpVmRJbQolWTQWP2IpCDZYFyEBFjgOBysDKDIiBQMrHyUzG08iDQJvUGFXUmVacBQPNlRnXEAhHTcQEyFUZ0IPPA85WUAkVGdKVnxbeFZAJ1RnQhIiCDFZV3QZIhAKb1hgU1NnW2NXU2Rfb1Q
IP 188.114.96.1:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /ZlJpVmRJbQolWTQWP2IpCDZYFyEBFjgOBysDKDIiBQMrHyUzG08iDQJvUGFXUmVacBQPNlRnXEAhHTcQEyFUZ0IPPA85WUAkVGdKVnxbeFZAJ1RnQhIiCDFZV3QZIhAKb1hgU1NnW2NXU2Rfb1Q HTTP/1.1
Host: uckbrokennailsa.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 204 No Content
date: Sat, 04 Feb 2023 15:42:00 GMT
access-control-allow-origin: *
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Bf3%2FkRc5mNRu4S89H6h%2FXBr%2F%2F3dbzD8tM%2BOXmya0FMP0ps%2FVsfDM5nK8Lwg%2Fhaj1HB9LyH1HUC2av1PlvtC9jczxJkFqVqiQf3mhOBbbPnjPJvP2EN71e99lKg2yakxb4d%2Fq901P"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 794483865c180b39-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
utilitypresent.com/sbar.json?key=a2f990f10476061c719d1c1aa3a2ecd2
192.243.59.13200 OK 3.9 kB URL HTTP/1.1 utilitypresent.com/sbar.json?key=a2f990f10476061c719d1c1aa3a2ecd2
IP 192.243.59.13:0
ASN #39572 DataWeb Global Group B.V.
File type JSON data\012- , ASCII text, with very long lines (5607), with no line terminators
Hash 16796286f9c51da3c1848304251b09a1
f893f007a6156ad95e441c1ffe6f169922606674
7129cc97902ef2b94437f95aeeae2e21a1dea3891ac67c5fb065b8d42ca51f27
Analyzer Verdict Alert fortinet Malware
quad9 Sinkholed
GET /sbar.json?key=a2f990f10476061c719d1c1aa3a2ecd2 HTTP/1.1
Host: utilitypresent.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://xfantazy.com
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.17.6
Date: Sat, 04 Feb 2023 15:42:00 GMT
Content-Type: text/plain; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: https://xfantazy.com
Access-Control-Allow-Origin: https://xfantazy.com
Access-Control-Allow-Credentials: true
Set-Cookie: u_pl=15600826; expires=Sun, 05 Feb 2023 15:42:00 GMT; secure; SameSite=None
pdhtkv=true; expires=Sun, 05 Feb 2023 15:42:00 GMT; secure; SameSite=None
uncs=1; expires=Sun, 05 Feb 2023 15:42:00 GMT; secure; SameSite=None
pdhtkv29=true; expires=Sun, 05 Feb 2023 15:42:00 GMT; secure; SameSite=None
uncs29=1; expires=Sun, 05 Feb 2023 15:42:00 GMT; secure; SameSite=None
sleca2f990f10476061c719d1c1aa3a2ecd2=[3870583]; expires=Sat, 04 Feb 2023 15:42:05 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 0d1c1bec21eb079bd4eeb327175e1312
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
uckbrokennailsa.xyz/Rmt2NVJpVBVGbyIGDnEfECU+YhoHLixwZxAPN3s8FD0eTRERLlBBOyJWTwJjf1xDEyIvD0sGYGAYAlQmMxhLBHQvBRBab2AdSwV8f0VHG2JgHksEdDIbF1Jvd00GQSYqVkcDZXNeRABhc11AAmo
188.114.96.1204 No Content 0 B URL HTTP/2 uckbrokennailsa.xyz/Rmt2NVJpVBVGbyIGDnEfECU+YhoHLixwZxAPN3s8FD0eTRERLlBBOyJWTwJjf1xDEyIvD0sGYGAYAlQmMxhLBHQvBRBab2AdSwV8f0VHG2JgHksEdDIbF1Jvd00GQSYqVkcDZXNeRABhc11AAmo
IP 188.114.96.1:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /Rmt2NVJpVBVGbyIGDnEfECU+YhoHLixwZxAPN3s8FD0eTRERLlBBOyJWTwJjf1xDEyIvD0sGYGAYAlQmMxhLBHQvBRBab2AdSwV8f0VHG2JgHksEdDIbF1Jvd00GQSYqVkcDZXNeRABhc11AAmo HTTP/1.1
Host: uckbrokennailsa.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 204 No Content
date: Sat, 04 Feb 2023 15:42:00 GMT
access-control-allow-origin: *
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=E1i8F%2BTHdquSwcdplJmNkxseNDkaqIB%2B7MJdyorQyohYpHUNiM6yYVWzlQS8qrGRKdn9KxpzeLKenELJ3f35mhK%2FWmGMkf63ffEpYESQHVp6Vga3tmn24ASmcE9gbCZj4grLWV9J"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 794483867c940b39-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.pki.goog/s/gts1p5/bjlwOPa5ksQ
142.250.74.131200 OK 472 B URL HTTP/1.1 ocsp.pki.goog/s/gts1p5/bjlwOPa5ksQ
IP 142.250.74.131:0
Hash 4878847e239b3697640ccaf65ff8dd54
970c1bd6c968727d5752b5e4072a8f4eed0a9cb3
0d265a524952284d786e1fbae8f1260a219b1a366fca1fdfc8a6a512dac72003
POST /s/gts1p5/bjlwOPa5ksQ HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 04 Feb 2023 15:42:00 GMT
Cache-Control: public, max-age=14400
Server: scaffolding on HTTPServer2
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
uckbrokennailsa.xyz/MFd4THIfaBs/T2NlSTQkXS9OGyd6PS9/PGUFFR4rVREUCBBcY144G1RqQXtDCWBNagJZM0V/QBYkDC0GRSRFfkIAYF4lHFY4RX1URmpIYkseZlZ8VEVqSWoGQDYfcUMWJww4Hg1mTntHBWVNf0cGYUB8
188.114.96.1204 No Content 0 B URL HTTP/2 uckbrokennailsa.xyz/MFd4THIfaBs/T2NlSTQkXS9OGyd6PS9/PGUFFR4rVREUCBBcY144G1RqQXtDCWBNagJZM0V/QBYkDC0GRSRFfkIAYF4lHFY4RX1URmpIYkseZlZ8VEVqSWoGQDYfcUMWJww4Hg1mTntHBWVNf0cGYUB8
IP 188.114.96.1:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /MFd4THIfaBs/T2NlSTQkXS9OGyd6PS9/PGUFFR4rVREUCBBcY144G1RqQXtDCWBNagJZM0V/QBYkDC0GRSRFfkIAYF4lHFY4RX1URmpIYkseZlZ8VEVqSWoGQDYfcUMWJww4Hg1mTntHBWVNf0cGYUB8 HTTP/1.1
Host: uckbrokennailsa.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 204 No Content
date: Sat, 04 Feb 2023 15:42:00 GMT
access-control-allow-origin: *
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=1rHVIu2PWAXh1BfAZ4whPiYjxWNTVVTfDQru1tQkF6A4s09Du5IihYGkw2PiX7ufBEKT3rWfLXtzvvHwJm05mj0pmlNfTkeV70vwx4TNY%2FcgISZp%2Bh9ra726WW0x6awFBpxpRPiW"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 79448386acbe0b39-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
outdilateinterrupt.com/ren.gif?sid=H4sIAAAAAAAC%2F1RSz2skxRev3s0XvriIP%2FDiQZ2bCjLpnp5JMuYQjGskuGbj7krEW%2F3qmTI1XU1V1%2FQkCIZdkD3O3jx2PpNs0F3ExYuXhWXiQcnJ9iA5mH9C8CwzGRh9UPXeq8%2BD%2Bnzee18f%2BgsSwtPz7Y%2FNvtKaLrbqYe2tHZUKU7ja1p1aFNbD1dqOSpeaq7XB5LL9d6OwVQ%2Ffrn0o%2Ba5ZbIRRGEZhVNtQViZmsDhFobLH7ajeDuvNRj1qNTGw%2F82dD%2BBoANG%2FIC9Diep%2F3V%2BfQPEx0t4P16XbzU32zgc9r2luLPri5NN0NzVFit48TGyAJD2ZVcO4ipBvrsCkJzMFMP2jiQIwVZHgjwgsPZnRBOsfXzJlGjIFE9dQ9MeQegxFx%2BDmHpT4jQBcYOsm0t7DLWMLuneJ0glakYW%2F%2F4IqKrLw5ytIe9%2BvazWo3Tba58qkDoOkhBqMoTpjZP4U%2BX4AVZyC53ehBEHaK6FEOVWt1BgqGUPLIagL4CdHBfBJAJ8F6InzGm21kzBcTlgSxytNznkcc95aWRItETdXkhCeT2gNkWdDcD0EtwfI7AF21YOKkLtHsP4ZXLeEEwFcXpHgkwP0RYlCEhSOoKAEhSIocoKiXx4L7RqufCi08yya%2BcbMx%2BXI5J1DemzyjkzJYXZBXpo0JXj%2BqzexK89rjSiRcbsVJs2oIcPGEo%2FjJGJLXMqlKJaMwqkSyl2Z6t1XFXm9dQ2Zqsj%2F156B0VM4fQquXgT1r4EWo%2BVGCNodNVdC7Kc%2FpTT3luqupDrvOuMtl3WuPYMwJbJ8AflecKgvyKvTQa2%2BUEDys7Uf46mB2xKZLfGF%2Bpmgo%2B%2BPbpmCHN0yhSNPbma56ql9Ohni7Zzm8up3H8m9wlixed0Nv32PT4BJ%2BPiOdPkNmgqVdhx5tK6EkHbDWC7J0023I9m2d911b1Of3dh%2Bf2Ozl1npnDLpGFRVhJxvgquKPPf08%2BmCvvHoMyg7hvUlev6MzAzKnIJnB3DZnL8zBFbPa1gWoPDlyDbY%2FFErAi3nOWUl3L9yNo8P3X10bACa35uuZd%2BW6OsSVA%2Fh%2FNVRntmztd9nnzMdjJi2wRHTVj%2B4bK5T5zXZSsJEhg3JkjZLlmko2kmzzWg7ksusRSPkruIXX%2F7yDwAAAP%2F%2FAQAA%2F%2F9omlYBeAQAAA%3D%3D
173.233.137.60200 OK 7 B URL HTTP/1.1 outdilateinterrupt.com/ren.gif?sid=H4sIAAAAAAAC%2F1RSz2skxRev3s0XvriIP%2FDiQZ2bCjLpnp5JMuYQjGskuGbj7krEW%2F3qmTI1XU1V1%2FQkCIZdkD3O3jx2PpNs0F3ExYuXhWXiQcnJ9iA5mH9C8CwzGRh9UPXeq8%2BD%2Bnzee18f%2BgsSwtPz7Y%2FNvtKaLrbqYe2tHZUKU7ja1p1aFNbD1dqOSpeaq7XB5LL9d6OwVQ%2Ffrn0o%2Ba5ZbIRRGEZhVNtQViZmsDhFobLH7ajeDuvNRj1qNTGw%2F82dD%2BBoANG%2FIC9Diep%2F3V%2BfQPEx0t4P16XbzU32zgc9r2luLPri5NN0NzVFit48TGyAJD2ZVcO4ipBvrsCkJzMFMP2jiQIwVZHgjwgsPZnRBOsfXzJlGjIFE9dQ9MeQegxFx%2BDmHpT4jQBcYOsm0t7DLWMLuneJ0glakYW%2F%2F4IqKrLw5ytIe9%2BvazWo3Tba58qkDoOkhBqMoTpjZP4U%2BX4AVZyC53ehBEHaK6FEOVWt1BgqGUPLIagL4CdHBfBJAJ8F6InzGm21kzBcTlgSxytNznkcc95aWRItETdXkhCeT2gNkWdDcD0EtwfI7AF21YOKkLtHsP4ZXLeEEwFcXpHgkwP0RYlCEhSOoKAEhSIocoKiXx4L7RqufCi08yya%2BcbMx%2BXI5J1DemzyjkzJYXZBXpo0JXj%2BqzexK89rjSiRcbsVJs2oIcPGEo%2FjJGJLXMqlKJaMwqkSyl2Z6t1XFXm9dQ2Zqsj%2F156B0VM4fQquXgT1r4EWo%2BVGCNodNVdC7Kc%2FpTT3luqupDrvOuMtl3WuPYMwJbJ8AflecKgvyKvTQa2%2BUEDys7Uf46mB2xKZLfGF%2Bpmgo%2B%2BPbpmCHN0yhSNPbma56ql9Ohni7Zzm8up3H8m9wlixed0Nv32PT4BJ%2BPiOdPkNmgqVdhx5tK6EkHbDWC7J0023I9m2d911b1Of3dh%2Bf2Ozl1npnDLpGFRVhJxvgquKPPf08%2BmCvvHoMyg7hvUlev6MzAzKnIJnB3DZnL8zBFbPa1gWoPDlyDbY%2FFErAi3nOWUl3L9yNo8P3X10bACa35uuZd%2BW6OsSVA%2Fh%2FNVRntmztd9nnzMdjJi2wRHTVj%2B4bK5T5zXZSsJEhg3JkjZLlmko2kmzzWg7ksusRSPkruIXX%2F7yDwAAAP%2F%2FAQAA%2F%2F9omlYBeAQAAA%3D%3D
IP 173.233.137.60:0
File type ASCII text, with no line terminators
Hash 132d6af1b46048b45cf86cdee7991d31
eb7007d03d59b65bc6da7e098c4d38fc6dfb6285
ab852e838deccd742a03ca81d4a8d75cf1a00b327db3eaf46bd7da6b6db9384c
Analyzer Verdict Alert fortinet Malware
quad9 Sinkholed
GET /ren.gif?sid=H4sIAAAAAAAC%2F1RSz2skxRev3s0XvriIP%2FDiQZ2bCjLpnp5JMuYQjGskuGbj7krEW%2F3qmTI1XU1V1%2FQkCIZdkD3O3jx2PpNs0F3ExYuXhWXiQcnJ9iA5mH9C8CwzGRh9UPXeq8%2BD%2Bnzee18f%2BgsSwtPz7Y%2FNvtKaLrbqYe2tHZUKU7ja1p1aFNbD1dqOSpeaq7XB5LL9d6OwVQ%2Ffrn0o%2Ba5ZbIRRGEZhVNtQViZmsDhFobLH7ajeDuvNRj1qNTGw%2F82dD%2BBoANG%2FIC9Diep%2F3V%2BfQPEx0t4P16XbzU32zgc9r2luLPri5NN0NzVFit48TGyAJD2ZVcO4ipBvrsCkJzMFMP2jiQIwVZHgjwgsPZnRBOsfXzJlGjIFE9dQ9MeQegxFx%2BDmHpT4jQBcYOsm0t7DLWMLuneJ0glakYW%2F%2F4IqKrLw5ytIe9%2BvazWo3Tba58qkDoOkhBqMoTpjZP4U%2BX4AVZyC53ehBEHaK6FEOVWt1BgqGUPLIagL4CdHBfBJAJ8F6InzGm21kzBcTlgSxytNznkcc95aWRItETdXkhCeT2gNkWdDcD0EtwfI7AF21YOKkLtHsP4ZXLeEEwFcXpHgkwP0RYlCEhSOoKAEhSIocoKiXx4L7RqufCi08yya%2BcbMx%2BXI5J1DemzyjkzJYXZBXpo0JXj%2BqzexK89rjSiRcbsVJs2oIcPGEo%2FjJGJLXMqlKJaMwqkSyl2Z6t1XFXm9dQ2Zqsj%2F156B0VM4fQquXgT1r4EWo%2BVGCNodNVdC7Kc%2FpTT3luqupDrvOuMtl3WuPYMwJbJ8AflecKgvyKvTQa2%2BUEDys7Uf46mB2xKZLfGF%2Bpmgo%2B%2BPbpmCHN0yhSNPbma56ql9Ohni7Zzm8up3H8m9wlixed0Nv32PT4BJ%2BPiOdPkNmgqVdhx5tK6EkHbDWC7J0023I9m2d911b1Of3dh%2Bf2Ozl1npnDLpGFRVhJxvgquKPPf08%2BmCvvHoMyg7hvUlev6MzAzKnIJnB3DZnL8zBFbPa1gWoPDlyDbY%2FFErAi3nOWUl3L9yNo8P3X10bACa35uuZd%2BW6OsSVA%2Fh%2FNVRntmztd9nnzMdjJi2wRHTVj%2B4bK5T5zXZSsJEhg3JkjZLlmko2kmzzWg7ksusRSPkruIXX%2F7yDwAAAP%2F%2FAQAA%2F%2F9omlYBeAQAAA%3D%3D HTTP/1.1
Host: outdilateinterrupt.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Cookie: u_pl=17661735; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Sat, 04 Feb 2023 15:42:00 GMT
Content-Type: image/gif
Content-Length: 7
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 92db276ffcecd65ee5c42793f1390fc5
Strict-Transport-Security: max-age=0; includeSubdomains
d3t87ooo0697p8.cloudfront.net/YaEt0SFoLJBouZRwiEHVjX3pNf29OIQcnNBh2GAANGipBBRkHORd4fBwxEHVqTicVJj1VbREmOVV6Uik+CnZAbi4YJB91LwYvES4zBi4Qbi8JdhknIAEnGCl/Wg1BZmpNeURgLQElECctG25GeDQcbkZ4a1hlRG1pKm5GeC0BJUJ8f1sJUXpqEH1AbWkqbk-Z4KB5uRwlrWH5aeHNNeUQvPwsgG21oLnlEeWpYekR5f1p7EiEoDS0bMH9aDUV4b0Z7Uj1nWQ
143.204.42.128200 OK 328 B URL HTTP/2 d3t87ooo0697p8.cloudfront.net/YaEt0SFoLJBouZRwiEHVjX3pNf29OIQcnNBh2GAANGipBBRkHORd4fBwxEHVqTicVJj1VbREmOVV6Uik+CnZAbi4YJB91LwYvES4zBi4Qbi8JdhknIAEnGCl/Wg1BZmpNeURgLQElECctG25GeDQcbkZ4a1hlRG1pKm5GeC0BJUJ8f1sJUXpqEH1AbWkqbk-Z4KB5uRwlrWH5aeHNNeUQvPwsgG21oLnlEeWpYekR5f1p7EiEoDS0bMH9aDUV4b0Z7Uj1nWQ
IP 143.204.42.128:0
File type ASCII text, with very long lines (416), with no line terminators
Hash 343351be91f0ab0275469f10a52e8079
c0eb9b05a2e47aac32c2916a03edf67b0af57bd4
5e4d8dd578a730e11cdb690bad29e4a88cb505a72876aae1c6d7d40f761b7370
GET /YaEt0SFoLJBouZRwiEHVjX3pNf29OIQcnNBh2GAANGipBBRkHORd4fBwxEHVqTicVJj1VbREmOVV6Uik+CnZAbi4YJB91LwYvES4zBi4Qbi8JdhknIAEnGCl/Wg1BZmpNeURgLQElECctG25GeDQcbkZ4a1hlRG1pKm5GeC0BJUJ8f1sJUXpqEH1AbWkqbk-Z4KB5uRwlrWH5aeHNNeUQvPwsgG21oLnlEeWpYekR5f1p7EiEoDS0bMH9aDUV4b0Z7Uj1nWQ HTTP/1.1
Host: d3t87ooo0697p8.cloudfront.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://estkewasa.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-length: 328
date: Sat, 04 Feb 2023 15:42:00 GMT
access-control-allow-origin: *
cache-control: max-age=31556926
content-encoding: gzip
x-cache: Miss from cloudfront
via: 1.1 bcd5dadccb0831729969c938747ff79a.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: KPGVroL95TBqg5lltR8RowvuTDGvkvCNHv8WeMZLluQx0c9tHLVmpA==
X-Firefox-Spdy: h2
d3t87ooo0697p8.cloudfront.net/4dkRsZU8VKwIDcAItCFh2QXdYUnxQLh8KIQZ5J101EC1cCHgADQMcN0Q9LUM7DCBRVWkaJQICclAhAgZyR2INAS1LcEoQLkspAx8mGigNQH0wcUJVakR0RBImGCADEjxTdlwLO1N2XFR/WHRJVg1TdlwSJhhyWEB8NGFeVTdAcElWDVN2XBc5U3ctVH9Dal-xMakR0CwAsHStJVwlEdF1Vf0d0XUB9RiIFFyoQKxRAfTB1XFBhRmIZWH4
143.204.42.128200 OK 187 B URL HTTP/2 d3t87ooo0697p8.cloudfront.net/4dkRsZU8VKwIDcAItCFh2QXdYUnxQLh8KIQZ5J101EC1cCHgADQMcN0Q9LUM7DCBRVWkaJQICclAhAgZyR2INAS1LcEoQLkspAx8mGigNQH0wcUJVakR0RBImGCADEjxTdlwLO1N2XFR/WHRJVg1TdlwSJhhyWEB8NGFeVTdAcElWDVN2XBc5U3ctVH9Dal-xMakR0CwAsHStJVwlEdF1Vf0d0XUB9RiIFFyoQKxRAfTB1XFBhRmIZWH4
IP 143.204.42.128:0
File type ASCII text, with no line terminators
Hash 668969ec5039345db795556bfc4e2994
9a9e7513bde449c4044a5f996cd41b11ccf1ec38
f7d5b757ea118ed6f4122a8ce9705004ff4683d9fdf6d1a7c30b7a01ea07a502
GET /4dkRsZU8VKwIDcAItCFh2QXdYUnxQLh8KIQZ5J101EC1cCHgADQMcN0Q9LUM7DCBRVWkaJQICclAhAgZyR2INAS1LcEoQLkspAx8mGigNQH0wcUJVakR0RBImGCADEjxTdlwLO1N2XFR/WHRJVg1TdlwSJhhyWEB8NGFeVTdAcElWDVN2XBc5U3ctVH9Dal-xMakR0CwAsHStJVwlEdF1Vf0d0XUB9RiIFFyoQKxRAfTB1XFBhRmIZWH4 HTTP/1.1
Host: d3t87ooo0697p8.cloudfront.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://estkewasa.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-length: 187
date: Sat, 04 Feb 2023 15:42:00 GMT
access-control-allow-origin: *
cache-control: max-age=31556926
content-encoding: gzip
x-cache: Miss from cloudfront
via: 1.1 bcd5dadccb0831729969c938747ff79a.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: Tgjb4UIsS8rpTCW0HOWCDqE3x6maQf8RRzvhoofdYj_3UAtoAbdRtw==
X-Firefox-Spdy: h2
d3t87ooo0697p8.cloudfront.net/zWXp1Ymk6FRsEVi0TEV9Qb0hFU11/EAYNBylHIFVdDCowOiQKPkYVGC0vUxYTPUdFRAU4FBJfTzwUFl9YfxsRAFRtXAESBjJHBAUELAsWAws+FFMXCGQXGhgANRYUR1sfT1tSTGtKXRUANx4aFRp8SEUMHXxIRVNZd0pQUSt8SEUVADdMQUdaG19HUhFvTl-BRK3xIRRAffEk0U1lsVEVLTGtKEgcKMhVQUC9rSkRSWWhKREdbaRwcEAw/FQ1HWx9LRVdHaVwAX1g
143.204.42.128200 OK 573 B URL HTTP/2 d3t87ooo0697p8.cloudfront.net/zWXp1Ymk6FRsEVi0TEV9Qb0hFU11/EAYNBylHIFVdDCowOiQKPkYVGC0vUxYTPUdFRAU4FBJfTzwUFl9YfxsRAFRtXAESBjJHBAUELAsWAws+FFMXCGQXGhgANRYUR1sfT1tSTGtKXRUANx4aFRp8SEUMHXxIRVNZd0pQUSt8SEUVADdMQUdaG19HUhFvTl-BRK3xIRRAffEk0U1lsVEVLTGtKEgcKMhVQUC9rSkRSWWhKREdbaRwcEAw/FQ1HWx9LRVdHaVwAX1g
IP 143.204.42.128:0
File type ASCII text, with very long lines (815), with no line terminators
Hash 6cd76ea75ff569e83e1e5762266465ef
36e0580e0906ff7740e527c81dd3ff3605fc88f2
febeeca05cba5e59b675f77e9862900d796a12c0437ea8a1c8047c5d62142c72
GET /zWXp1Ymk6FRsEVi0TEV9Qb0hFU11/EAYNBylHIFVdDCowOiQKPkYVGC0vUxYTPUdFRAU4FBJfTzwUFl9YfxsRAFRtXAESBjJHBAUELAsWAws+FFMXCGQXGhgANRYUR1sfT1tSTGtKXRUANx4aFRp8SEUMHXxIRVNZd0pQUSt8SEUVADdMQUdaG19HUhFvTl-BRK3xIRRAffEk0U1lsVEVLTGtKEgcKMhVQUC9rSkRSWWhKREdbaRwcEAw/FQ1HWx9LRVdHaVwAX1g HTTP/1.1
Host: d3t87ooo0697p8.cloudfront.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://estkewasa.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-length: 573
date: Sat, 04 Feb 2023 15:42:00 GMT
access-control-allow-origin: *
cache-control: max-age=31556926
content-encoding: gzip
x-cache: Miss from cloudfront
via: 1.1 bcd5dadccb0831729969c938747ff79a.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: uCcsdSl05Ct3l0TWMBHUITU158b-fMRwNKQsy1npx5Av_2SljCMd0w==
X-Firefox-Spdy: h2
e1.o.lencr.org/
23.36.77.32200 OK 345 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 89a100ea773a6223d24ca5e2df477ef8
4d64028b8df107e2ee97314fd77c1508e1556d16
064ead0181ad64406bc6506f73730f522e9d4c35f1f304f3d6ca5e3ef4a342ab
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "064EAD0181AD64406BC6506F73730F522E9D4C35F1F304F3D6CA5E3EF4A342AB"
Last-Modified: Sat, 04 Feb 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5288
Expires: Sat, 04 Feb 2023 17:10:09 GMT
Date: Sat, 04 Feb 2023 15:42:01 GMT
Connection: keep-alive
e1.o.lencr.org/
23.36.77.32200 OK 345 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 89a100ea773a6223d24ca5e2df477ef8
4d64028b8df107e2ee97314fd77c1508e1556d16
064ead0181ad64406bc6506f73730f522e9d4c35f1f304f3d6ca5e3ef4a342ab
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "064EAD0181AD64406BC6506F73730F522E9D4C35F1F304F3D6CA5E3EF4A342AB"
Last-Modified: Sat, 04 Feb 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5288
Expires: Sat, 04 Feb 2023 17:10:09 GMT
Date: Sat, 04 Feb 2023 15:42:01 GMT
Connection: keep-alive
e1.o.lencr.org/
23.36.77.32200 OK 345 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 89a100ea773a6223d24ca5e2df477ef8
4d64028b8df107e2ee97314fd77c1508e1556d16
064ead0181ad64406bc6506f73730f522e9d4c35f1f304f3d6ca5e3ef4a342ab
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "064EAD0181AD64406BC6506F73730F522E9D4C35F1F304F3D6CA5E3EF4A342AB"
Last-Modified: Sat, 04 Feb 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5288
Expires: Sat, 04 Feb 2023 17:10:09 GMT
Date: Sat, 04 Feb 2023 15:42:01 GMT
Connection: keep-alive
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash 7815df9178e9a1b99aacd0e4b012d9e0
24d0c3c04404356ce1fbffabcf82fc196fa0e99c
02661905ba6f91909a98b1038f9b260f9e7e524515246775567d6ed26a0f4a48
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 04 Feb 2023 15:42:01 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash 7815df9178e9a1b99aacd0e4b012d9e0
24d0c3c04404356ce1fbffabcf82fc196fa0e99c
02661905ba6f91909a98b1038f9b260f9e7e524515246775567d6ed26a0f4a48
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 04 Feb 2023 15:42:01 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash a3a67dba1b1b1f3ae766058d9cd538d7
9dc833327c3755593c077f703117f6187f4d3e97
b8990e3b7ba47804077dd1d5c3b3e05c8beec9a3288e3fa9e41680dc15045f0d
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 2847
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Sat, 04 Feb 2023 15:42:01 GMT
Last-Modified: Sat, 04 Feb 2023 14:54:34 GMT
Server: ECS (ska/F719)
X-Cache: HIT
Content-Length: 471
e1.o.lencr.org/
23.36.77.32200 OK 345 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 89a100ea773a6223d24ca5e2df477ef8
4d64028b8df107e2ee97314fd77c1508e1556d16
064ead0181ad64406bc6506f73730f522e9d4c35f1f304f3d6ca5e3ef4a342ab
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "064EAD0181AD64406BC6506F73730F522E9D4C35F1F304F3D6CA5E3EF4A342AB"
Last-Modified: Sat, 04 Feb 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5288
Expires: Sat, 04 Feb 2023 17:10:09 GMT
Date: Sat, 04 Feb 2023 15:42:01 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 358c0cc441f7401b74509340db8b0014
19c0c7970d9a01d09daa48fd89a756d3da76a4d8
f4b0f1711cc67ff151c6ce05827d1663b2569b55a669e8bb4a1dd21b3972dfea
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "F4B0F1711CC67FF151C6CE05827D1663B2569B55A669E8BB4A1DD21B3972DFEA"
Last-Modified: Fri, 03 Feb 2023 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=19526
Expires: Sat, 04 Feb 2023 21:07:27 GMT
Date: Sat, 04 Feb 2023 15:42:01 GMT
Connection: keep-alive
accounts.google.com/ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&uilel=3&hl=en&service=youtube
142.250.74.109302 Found 396 B URL HTTP/2 accounts.google.com/ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&uilel=3&hl=en&service=youtube
IP 142.250.74.109:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (382)
Hash e7c2e5d9a773814b311c7a91b9be6245
a683f0f6c6bed98bead834e2e7961e30a56dbc0c
b0edc0be0a71860b0198868052c737c7bb3ba38224d445c9ca678b7aa6570932
GET /ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&uilel=3&hl=en&service=youtube HTTP/1.1
Host: accounts.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
content-type: text/html; charset=UTF-8
x-frame-options: DENY
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Sat, 04 Feb 2023 15:42:01 GMT
location: https://accounts.google.com/v3/signin/identifier?dsh=S1426243658%3A1675525321075928&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&hl=en&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&ifkv=AWnogHf5WKzKYtL6hv8_bdWKVrQEdqA4qjtE7ODFCR0qeZjubnCq470FJKSLkiOAacMaCy-jcP-y
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-opener-policy-report-only: same-origin; report-to="coop_gse_qebhlk"
content-security-policy: script-src 'nonce--iD-wlZWV7c2Fygkf5toUQ' 'unsafe-inline' 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /cspreport, require-trusted-types-for 'script';report-uri /cspreport
report-to: {"group":"coop_gse_qebhlk","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gse_qebhlk"}]}
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 396
server: GSE
set-cookie: __Host-GAPS=1:VuHf_WKMgOnDXrfMzaBTa_tMjaK65w:f-SZFGYinT-6MgMj;Path=/;Expires=Mon, 03-Feb-2025 15:42:01 GMT;Secure;HttpOnly;Priority=HIGH
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
estkewasa.com/utx?cb=6lC4JOYonkXV&top=xfantazy.com&tid=971975
54.192.99.31204 No Content 0 B URL HTTP/2 estkewasa.com/utx?cb=6lC4JOYonkXV&top=xfantazy.com&tid=971975
IP 54.192.99.31:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /utx?cb=6lC4JOYonkXV&top=xfantazy.com&tid=971975 HTTP/1.1
Host: estkewasa.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://xfantazy.com
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 204 No Content
date: Sat, 04 Feb 2023 15:42:01 GMT
server: openresty/1.17.8.2
access-control-allow-credentials: true
access-control-allow-origin: https://xfantazy.com
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
set-cookie: ut=x; Expires=Sat, 04 Feb 2023 15:43:01 GMT; Max-Age=60
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
x-cache: Miss from cloudfront
via: 1.1 67d9c6999f4bc9c9c60e1e5f24b316e8.cloudfront.net (CloudFront)
x-amz-cf-pop: ARN1-C1
x-amz-cf-id: _sJu2oE_ThA5wUZKGVHub_GKHixz8pB4ql18sLUnSVFVImCipM_hoA==
X-Firefox-Spdy: h2
estkewasa.com/utx?cb=PVAnD8DOX81F&top=xfantazy.com&tid=962014
54.192.99.31204 No Content 0 B URL HTTP/2 estkewasa.com/utx?cb=PVAnD8DOX81F&top=xfantazy.com&tid=962014
IP 54.192.99.31:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /utx?cb=PVAnD8DOX81F&top=xfantazy.com&tid=962014 HTTP/1.1
Host: estkewasa.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://xfantazy.com
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 204 No Content
date: Sat, 04 Feb 2023 15:42:01 GMT
server: openresty/1.17.8.2
access-control-allow-credentials: true
access-control-allow-origin: https://xfantazy.com
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
set-cookie: ut=x; Expires=Sat, 04 Feb 2023 15:43:01 GMT; Max-Age=60
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
x-cache: Miss from cloudfront
via: 1.1 67d9c6999f4bc9c9c60e1e5f24b316e8.cloudfront.net (CloudFront)
x-amz-cf-pop: ARN1-C1
x-amz-cf-id: AP3NJlLcpjhUzHOBPuCUoYLdZ3frpAY94gprVbGJmjDy3S46RPA9OA==
X-Firefox-Spdy: h2
accounts.google.com/ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&uilel=3&hl=en&service=mail
142.250.74.109302 Found 392 B URL HTTP/2 accounts.google.com/ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&uilel=3&hl=en&service=mail
IP 142.250.74.109:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (377)
Hash 2fb75d47ed292fda712c02a09097c9c7
5576016594ed89d2240be154a0b15cefb6ca5ae1
f5d0172b534cd36404fa21a0ad86ce7d20253ff22e9bf39bc85957be697376ca
GET /ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&uilel=3&hl=en&service=mail HTTP/1.1
Host: accounts.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
content-type: text/html; charset=UTF-8
x-frame-options: DENY
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Sat, 04 Feb 2023 15:42:01 GMT
location: https://accounts.google.com/v3/signin/identifier?dsh=S252625315%3A1675525321117255&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&hl=en&passive=true&service=mail&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&ifkv=AWnogHeVaP-g69YbhFicX1cYnPqoXiH1WaxsqQZe4Rvw3IrPJ-HAUY_Xz7G6cW0h6jW9yHqbYLdN
strict-transport-security: max-age=31536000; includeSubDomains
report-to: {"group":"coop_gse_qebhlk","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gse_qebhlk"}]}
cross-origin-opener-policy-report-only: same-origin; report-to="coop_gse_qebhlk"
content-security-policy: script-src 'nonce-5Rwe-9zpj5KoBMWsEAYRVw' 'unsafe-inline' 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /cspreport, require-trusted-types-for 'script';report-uri /cspreport
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 392
server: GSE
set-cookie: __Host-GAPS=1:g8AFDMLez9Kw1PlReSkrF158bUgnYQ:0B0_g9scVF9cZSrE;Path=/;Expires=Mon, 03-Feb-2025 15:42:01 GMT;Secure;HttpOnly;Priority=HIGH
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 8176ac8bbb8fa05f36bdfa163da09e0c
b936c84c5fa7e781b12a17952c82bca546ca0575
1aa7e39fd02514a4023036a8a100d7e7898ee220063ebfb41c509264c81ed727
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 04 Feb 2023 15:42:01 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash a3a67dba1b1b1f3ae766058d9cd538d7
9dc833327c3755593c077f703117f6187f4d3e97
b8990e3b7ba47804077dd1d5c3b3e05c8beec9a3288e3fa9e41680dc15045f0d
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 2847
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Sat, 04 Feb 2023 15:42:01 GMT
Last-Modified: Sat, 04 Feb 2023 14:54:34 GMT
Server: ECS (ska/F719)
X-Cache: HIT
Content-Length: 471
accounts.google.com/v3/signin/identifier?dsh=S252625315%3A1675525321117255&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&hl=en&passive=true&service=mail&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&ifkv=AWnogHeVaP-g69YbhFicX1cYnPqoXiH1WaxsqQZe4Rvw3IrPJ-HAUY_Xz7G6cW0h6jW9yHqbYLdN
142.250.74.109403 Forbidden 843 B URL HTTP/2 accounts.google.com/v3/signin/identifier?dsh=S252625315%3A1675525321117255&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&hl=en&passive=true&service=mail&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&ifkv=AWnogHeVaP-g69YbhFicX1cYnPqoXiH1WaxsqQZe4Rvw3IrPJ-HAUY_Xz7G6cW0h6jW9yHqbYLdN
IP 142.250.74.109:0
Hash 21ae5d23a71e8b3379e8a20867ae93bd
4cf0e8c61f665003b71cd83b64d42d3c83effee2
de441766a7d2ef0145fa3634cfe34fb04ea2aee418ca8de44fde0b08ea1cffa9
GET /v3/signin/identifier?dsh=S252625315%3A1675525321117255&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&hl=en&passive=true&service=mail&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&ifkv=AWnogHeVaP-g69YbhFicX1cYnPqoXiH1WaxsqQZe4Rvw3IrPJ-HAUY_Xz7G6cW0h6jW9yHqbYLdN HTTP/1.1
Host: accounts.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://xfantazy.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 403 Forbidden
content-type: text/html; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Sat, 04 Feb 2023 15:42:01 GMT
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
strict-transport-security: max-age=31536000; includeSubDomains
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-platform=*, ch-ua-platform-version=*
cross-origin-opener-policy-report-only: same-origin
content-security-policy: require-trusted-types-for 'script';report-uri /v3/signin/_/AccountsSignInUi/cspreport, script-src 'nonce-JoCz4_hZjuE0u_COsKH9EA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /v3/signin/_/AccountsSignInUi/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /v3/signin/_/AccountsSignInUi/cspreport/allowlist
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
static-cache.k2s.cc/thumbnail/LemS6SKmnqa--26e-A/w320h240/0.jpeg
188.72.235.186200 OK 11 kB URL HTTP/2 static-cache.k2s.cc/thumbnail/LemS6SKmnqa--26e-A/w320h240/0.jpeg
IP 188.72.235.186:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v80), quality = 80", baseline, precision 8, 320x240, components 3\012- data
Hash 475650cb0800b97eecacc1007c7ecf04
e20121aa805e8a487d45925277ab84b53b8f6f38
9b215cd30fb857c629aeaf4283621ce3acf724b7cdd3854a49b2ecbe28b01d2d
GET /thumbnail/LemS6SKmnqa--26e-A/w320h240/0.jpeg HTTP/1.1
Host: static-cache.k2s.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: openresty
date: Sat, 04 Feb 2023 15:42:01 GMT
content-type: image/jpeg
content-length: 10615
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
access-control-allow-origin: *
x-cache-status: HIT
X-Firefox-Spdy: h2
static-cache.k2s.cc/thumbnail/JbiWvyf0z6q-_22S-w/w320h240/0.jpeg
188.72.235.186200 OK 13 kB URL HTTP/2 static-cache.k2s.cc/thumbnail/JbiWvyf0z6q-_22S-w/w320h240/0.jpeg
IP 188.72.235.186:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v80), quality = 80", baseline, precision 8, 320x240, components 3\012- data
Hash 9d389185c8c154d40f1f1fbbc258a1c3
3e11cfa82cf01dee23bde4deaf865158f03bbdd4
2fe9d82f1b2489db7659329983520c53a8b8577f2a4ea96cb8e915c52c80fa10
GET /thumbnail/JbiWvyf0z6q-_22S-w/w320h240/0.jpeg HTTP/1.1
Host: static-cache.k2s.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: openresty
date: Sat, 04 Feb 2023 15:42:01 GMT
content-type: image/jpeg
content-length: 12940
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
access-control-allow-origin: *
x-cache-status: HIT
X-Firefox-Spdy: h2
static-cache.k2s.cc/thumbnail/deWWtX73yvvt_mqe_g/w320h240/0.jpeg
188.72.235.186200 OK 17 kB URL HTTP/2 static-cache.k2s.cc/thumbnail/deWWtX73yvvt_mqe_g/w320h240/0.jpeg
IP 188.72.235.186:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v80), quality = 80", baseline, precision 8, 320x240, components 3\012- data
Hash cfa6b99cb975474a3123eefcb2e4d9d2
2bb7475d5e6e3d30be8af8e6eb5e285ce6aed6cb
078f2e615de571c99bd8502aa91fbff4516335a3d6c7e74e7591451ed72c5287
GET /thumbnail/deWWtX73yvvt_mqe_g/w320h240/0.jpeg HTTP/1.1
Host: static-cache.k2s.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: openresty
date: Sat, 04 Feb 2023 15:42:01 GMT
content-type: image/jpeg
content-length: 17313
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
access-control-allow-origin: *
x-cache-status: HIT
X-Firefox-Spdy: h2
static-cache.k2s.cc/thumbnail/J-uQ6XTwnqy__TXBrQ/w320h240/0.jpeg
188.72.235.186200 OK 6.0 kB URL HTTP/2 static-cache.k2s.cc/thumbnail/J-uQ6XTwnqy__TXBrQ/w320h240/0.jpeg
IP 188.72.235.186:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v80), quality = 80", baseline, precision 8, 320x240, components 3\012- data
Hash aee209a6c2164e514eefb4e072b9f062
50503682cfb18c406860f00ce8e8252978e825de
44d533424f88268528db8c54a17a76e23abe98f281b1e78dedaf1756189bf2b7
GET /thumbnail/J-uQ6XTwnqy__TXBrQ/w320h240/0.jpeg HTTP/1.1
Host: static-cache.k2s.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: openresty
date: Sat, 04 Feb 2023 15:42:01 GMT
content-type: image/jpeg
content-length: 6006
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
access-control-allow-origin: *
x-cache-status: HIT
X-Firefox-Spdy: h2
static-cache.k2s.cc/thumbnail/cOjB6yT0y6_t-T3F_A/w320h240/0.jpeg
188.72.235.186200 OK 15 kB URL HTTP/2 static-cache.k2s.cc/thumbnail/cOjB6yT0y6_t-T3F_A/w320h240/0.jpeg
IP 188.72.235.186:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v80), quality = 80", baseline, precision 8, 320x240, components 3\012- data
Hash 3df1a838c1dde3e2d4d846a480f8059b
1c495be72d37c211cf822d7270ea9c96be3dc76c
286c3c0ab3a918b46c7f2b3586286548896750159624202c6ef57e9775243669
GET /thumbnail/cOjB6yT0y6_t-T3F_A/w320h240/0.jpeg HTTP/1.1
Host: static-cache.k2s.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: openresty
date: Sat, 04 Feb 2023 15:42:01 GMT
content-type: image/jpeg
content-length: 15375
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
access-control-allow-origin: *
x-cache-status: HIT
X-Firefox-Spdy: h2
static-cache.k2s.cc/thumbnail/Le6V6XGnz67oqmqT-Q/w320h240/0.jpeg
188.72.235.186200 OK 18 kB URL HTTP/2 static-cache.k2s.cc/thumbnail/Le6V6XGnz67oqmqT-Q/w320h240/0.jpeg
IP 188.72.235.186:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v80), quality = 80", baseline, precision 8, 320x240, components 3\012- data
Hash 63c46a2d4189eabe9ae2387dab9cc0a2
2d3268ebe95ffe69cbfd02e4153a27f25e357b9b
768683d496a1eb3fc4abbed5e2b3b03bc6454c59ebb8e75e0c92e0d4d8413b48
GET /thumbnail/Le6V6XGnz67oqmqT-Q/w320h240/0.jpeg HTTP/1.1
Host: static-cache.k2s.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: openresty
date: Sat, 04 Feb 2023 15:42:01 GMT
content-type: image/jpeg
content-length: 17552
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
access-control-allow-origin: *
x-cache-status: HIT
X-Firefox-Spdy: h2
static-cache.k2s.cc/thumbnail/d-iV6ySmzf3lq2jD_g/w320h240/0.jpeg
188.72.235.186200 OK 10 kB URL HTTP/2 static-cache.k2s.cc/thumbnail/d-iV6ySmzf3lq2jD_g/w320h240/0.jpeg
IP 188.72.235.186:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v80), quality = 80", baseline, precision 8, 320x240, components 3\012- data
Hash af87a5803f392eab15e9060d3edb84df
d8bf106e5da97479a7bcb1e3515c4bfa610c4bb5
5a2561b793028aa80c9a64945ba91445c43ac455433e960666beae5b080bc604
GET /thumbnail/d-iV6ySmzf3lq2jD_g/w320h240/0.jpeg HTTP/1.1
Host: static-cache.k2s.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: openresty
date: Sat, 04 Feb 2023 15:42:01 GMT
content-type: image/jpeg
content-length: 10371
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
access-control-allow-origin: *
x-cache-status: HIT
X-Firefox-Spdy: h2
static-cache.k2s.cc/thumbnail/d-nBtCX1yay4rTSRrQ/w320h240/0.jpeg
188.72.235.186200 OK 14 kB URL HTTP/2 static-cache.k2s.cc/thumbnail/d-nBtCX1yay4rTSRrQ/w320h240/0.jpeg
IP 188.72.235.186:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v80), quality = 80", baseline, precision 8, 320x240, components 3\012- data
Hash 4a63f96dac656a1767ce6d568e563e8b
f73e40f27ee58140d32e0b13a239df92611b49ab
617d3670dfc4e09155ab3a9fc1dd4a781ab3825ccb5880bba1ee38ab1aa45c8e
GET /thumbnail/d-nBtCX1yay4rTSRrQ/w320h240/0.jpeg HTTP/1.1
Host: static-cache.k2s.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: openresty
date: Sat, 04 Feb 2023 15:42:01 GMT
content-type: image/jpeg
content-length: 13733
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
access-control-allow-origin: *
x-cache-status: HIT
X-Firefox-Spdy: h2
static-cache.k2s.cc/thumbnail/J-zGtXb0yv3uqj6f-w/w320h240/0.jpeg
188.72.235.186200 OK 15 kB URL HTTP/2 static-cache.k2s.cc/thumbnail/J-zGtXb0yv3uqj6f-w/w320h240/0.jpeg
IP 188.72.235.186:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v80), quality = 80", baseline, precision 8, 320x240, components 3\012- data
Hash 123fc900b16a339601cae6634e811b29
137b50f24d94d0aeb560f08ca9c4b29159bf6f01
39fc082df6d5f3cb47b6adca0882cfe22e38fb85f2c7ee5ef66625e0dd948eaf
GET /thumbnail/J-zGtXb0yv3uqj6f-w/w320h240/0.jpeg HTTP/1.1
Host: static-cache.k2s.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: openresty
date: Sat, 04 Feb 2023 15:42:01 GMT
content-type: image/jpeg
content-length: 15091
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
access-control-allow-origin: *
x-cache-status: HIT
X-Firefox-Spdy: h2
e1.o.lencr.org/
23.36.77.32200 OK 346 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash de26603d2dd53bbc97ab84a98a423fc8
0ef00c310251712fe1993300278436541a835629
a751738f67caaaf0a6be71b9a542dc444fe76fa18cadbaa963090627d01e894d
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 346
ETag: "A751738F67CAAAF0A6BE71B9A542DC444FE76FA18CADBAA963090627D01E894D"
Last-Modified: Fri, 03 Feb 2023 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5857
Expires: Sat, 04 Feb 2023 17:19:38 GMT
Date: Sat, 04 Feb 2023 15:42:01 GMT
Connection: keep-alive
utilitypresent.com/ren.gif?sid=H4sIAAAAAAAC%2F1RSz2skxRev3s338lXwB3sREfuoIJPq%2BZHJmMNiXCPBNRt3VyLeqquqJ2Wqu5qq7unJoBB2QfY4e%2FPY%2BUyyQTeIizdhQSYelJxsD5KDc%2FAP8CJ4VWYyMPqg6r1Xnwf1%2Bbz3Pj%2FMJ4QiZxfb75uB0pott2rUf21HJcIUzt%2B66we0Rtf8HZWsNNf8%2FvSyvTcD2qrR1%2F13Jd8zy3UaUBrQwN9QVkamvzxDodLTTlDr0FqzXgtaTfTtf3OXe3DMg%2BhNyItQovrf7k9PoPgYSfzNDen2MpO%2B8U6ca5YZi544%2BTDZS0yRIF6EkfUQJSfzahhXEfLFFZjkZK4Apnc0VYBQVcT7NUCYnMxpIuwdXzINNWSCUDyDojeG1GMoNgY396HEzwTgAlu3kMSPtowt2P4lyqZoRZb%2B%2BhOqqMjSb9eQxF%2Bva9X37xidZ8okDv2ohOqPobpjpPkZsoEHVZyBZ%2FegBEESl1CinKlWagwVjaHlEMx5yKdHecgjD3nqIRYXPmt1IkrbURg1GqtNznmjwXlrdUW0RKO5GlHkfEpriCwdgushuD1Aag%2Bwpx5WhNw7gs2%2Fh9st4YQHl1XE%2B%2BAAPVGikASFIygYQaEIioyg6JXHQru6Kx8J7fIwmPv63DfKkcm6h%2BzYZF2ZkMN0Ql6YNeWPZ7%2FDnrzwWT3qdGgU0GZ7ha4EvB10RMADxhqsLrmow6kSyl2Z6R2oilx7%2BXek00l99jdCdganz8DV82D5K2DFqF2nYLuj5irFIDntRyzJ2GC%2Fxk0MYUqk2RKyfe9QT8hLMx5rzxWQ%2FPz6t42ZgdsSqS3xifqBoKsfjG6bghzdNoUjT26lmYrVgE0Hdydjmbz61XtyvzBWbN5wwy%2Ff4lNgGp7elS67yRKhkq4jj9eVENJuGMslebrpdmS4nbvd9dwmeXpz%2B%2B2NzTi10jllkjGYqgi52ARXFfn%2F049nS%2Fnq44%2Bg7Bg2LxHn52RuUOYMPD2ASxf8nSGwelETph6KvBzZerh41IpAy0XOwhLuX3m4iA%2FdA3StB5bdn61iz5bo6RJMD%2BHyq6MstefXf5l%2FHmpvFGrrHYXa6oeXzXXqwpetiEaS1mUYdcKozajoRM1OyDqBbIctFiBzFZ98%2BuM%2FAAAA%2F%2F8BAAD%2F%2FxBM1FJsBAAA
192.243.59.13200 OK 7 B URL HTTP/1.1 utilitypresent.com/ren.gif?sid=H4sIAAAAAAAC%2F1RSz2skxRev3s338lXwB3sREfuoIJPq%2BZHJmMNiXCPBNRt3VyLeqquqJ2Wqu5qq7unJoBB2QfY4e%2FPY%2BUyyQTeIizdhQSYelJxsD5KDc%2FAP8CJ4VWYyMPqg6r1Xnwf1%2Bbz3Pj%2FMJ4QiZxfb75uB0pott2rUf21HJcIUzt%2B66we0Rtf8HZWsNNf8%2FvSyvTcD2qrR1%2F13Jd8zy3UaUBrQwN9QVkamvzxDodLTTlDr0FqzXgtaTfTtf3OXe3DMg%2BhNyItQovrf7k9PoPgYSfzNDen2MpO%2B8U6ca5YZi544%2BTDZS0yRIF6EkfUQJSfzahhXEfLFFZjkZK4Apnc0VYBQVcT7NUCYnMxpIuwdXzINNWSCUDyDojeG1GMoNgY396HEzwTgAlu3kMSPtowt2P4lyqZoRZb%2B%2BhOqqMjSb9eQxF%2Bva9X37xidZ8okDv2ohOqPobpjpPkZsoEHVZyBZ%2FegBEESl1CinKlWagwVjaHlEMx5yKdHecgjD3nqIRYXPmt1IkrbURg1GqtNznmjwXlrdUW0RKO5GlHkfEpriCwdgushuD1Aag%2Bwpx5WhNw7gs2%2Fh9st4YQHl1XE%2B%2BAAPVGikASFIygYQaEIioyg6JXHQru6Kx8J7fIwmPv63DfKkcm6h%2BzYZF2ZkMN0Ql6YNeWPZ7%2FDnrzwWT3qdGgU0GZ7ha4EvB10RMADxhqsLrmow6kSyl2Z6R2oilx7%2BXek00l99jdCdganz8DV82D5K2DFqF2nYLuj5irFIDntRyzJ2GC%2Fxk0MYUqk2RKyfe9QT8hLMx5rzxWQ%2FPz6t42ZgdsSqS3xifqBoKsfjG6bghzdNoUjT26lmYrVgE0Hdydjmbz61XtyvzBWbN5wwy%2Ff4lNgGp7elS67yRKhkq4jj9eVENJuGMslebrpdmS4nbvd9dwmeXpz%2B%2B2NzTi10jllkjGYqgi52ARXFfn%2F049nS%2Fnq44%2Bg7Bg2LxHn52RuUOYMPD2ASxf8nSGwelETph6KvBzZerh41IpAy0XOwhLuX3m4iA%2FdA3StB5bdn61iz5bo6RJMD%2BHyq6MstefXf5l%2FHmpvFGrrHYXa6oeXzXXqwpetiEaS1mUYdcKozajoRM1OyDqBbIctFiBzFZ98%2BuM%2FAAAA%2F%2F8BAAD%2F%2FxBM1FJsBAAA
IP 192.243.59.13:0
ASN #39572 DataWeb Global Group B.V.
File type ASCII text, with no line terminators
Hash 132d6af1b46048b45cf86cdee7991d31
eb7007d03d59b65bc6da7e098c4d38fc6dfb6285
ab852e838deccd742a03ca81d4a8d75cf1a00b327db3eaf46bd7da6b6db9384c
Analyzer Verdict Alert quad9 Sinkholed
GET /ren.gif?sid=H4sIAAAAAAAC%2F1RSz2skxRev3s338lXwB3sREfuoIJPq%2BZHJmMNiXCPBNRt3VyLeqquqJ2Wqu5qq7unJoBB2QfY4e%2FPY%2BUyyQTeIizdhQSYelJxsD5KDc%2FAP8CJ4VWYyMPqg6r1Xnwf1%2Bbz3Pj%2FMJ4QiZxfb75uB0pott2rUf21HJcIUzt%2B66we0Rtf8HZWsNNf8%2FvSyvTcD2qrR1%2F13Jd8zy3UaUBrQwN9QVkamvzxDodLTTlDr0FqzXgtaTfTtf3OXe3DMg%2BhNyItQovrf7k9PoPgYSfzNDen2MpO%2B8U6ca5YZi544%2BTDZS0yRIF6EkfUQJSfzahhXEfLFFZjkZK4Apnc0VYBQVcT7NUCYnMxpIuwdXzINNWSCUDyDojeG1GMoNgY396HEzwTgAlu3kMSPtowt2P4lyqZoRZb%2B%2BhOqqMjSb9eQxF%2Bva9X37xidZ8okDv2ohOqPobpjpPkZsoEHVZyBZ%2FegBEESl1CinKlWagwVjaHlEMx5yKdHecgjD3nqIRYXPmt1IkrbURg1GqtNznmjwXlrdUW0RKO5GlHkfEpriCwdgushuD1Aag%2Bwpx5WhNw7gs2%2Fh9st4YQHl1XE%2B%2BAAPVGikASFIygYQaEIioyg6JXHQru6Kx8J7fIwmPv63DfKkcm6h%2BzYZF2ZkMN0Ql6YNeWPZ7%2FDnrzwWT3qdGgU0GZ7ha4EvB10RMADxhqsLrmow6kSyl2Z6R2oilx7%2BXek00l99jdCdganz8DV82D5K2DFqF2nYLuj5irFIDntRyzJ2GC%2Fxk0MYUqk2RKyfe9QT8hLMx5rzxWQ%2FPz6t42ZgdsSqS3xifqBoKsfjG6bghzdNoUjT26lmYrVgE0Hdydjmbz61XtyvzBWbN5wwy%2Ff4lNgGp7elS67yRKhkq4jj9eVENJuGMslebrpdmS4nbvd9dwmeXpz%2B%2B2NzTi10jllkjGYqgi52ARXFfn%2F049nS%2Fnq44%2Bg7Bg2LxHn52RuUOYMPD2ASxf8nSGwelETph6KvBzZerh41IpAy0XOwhLuX3m4iA%2FdA3StB5bdn61iz5bo6RJMD%2BHyq6MstefXf5l%2FHmpvFGrrHYXa6oeXzXXqwpetiEaS1mUYdcKozajoRM1OyDqBbIctFiBzFZ98%2BuM%2FAAAA%2F%2F8BAAD%2F%2FxBM1FJsBAAA HTTP/1.1
Host: utilitypresent.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Cookie: u_pl=15600826; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.17.6
Date: Sat, 04 Feb 2023 15:42:01 GMT
Content-Type: image/gif
Content-Length: 7
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: edad0faaca261a0aefe7012a02324e5f
Strict-Transport-Security: max-age=0; includeSubdomains
cdn.creative-bars1.com/sb/chat/mob/ssp/v2/new/3/css/style.css
172.64.167.9200 OK 1.5 kB URL HTTP/2 cdn.creative-bars1.com/sb/chat/mob/ssp/v2/new/3/css/style.css
IP 172.64.167.9:0
Hash adae99827a5a308159dd43d773a553d0
16a6c156042917374f915e0d8eaf58924eeb561b
879f7b0f025d4e36bce3847b316081d5a1c105225cdf09ab0285f4a18affda32
GET /sb/chat/mob/ssp/v2/new/3/css/style.css HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://xfantazy.com
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 04 Feb 2023 15:42:01 GMT
content-type: text/css
last-modified: Wed, 13 Jul 2022 12:13:55 GMT
etag: W/"62ceb703-1229"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 5306927
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=1qe1KnADwBIpSYzSybBYq3A56nHGRIINNqHGALYTNRhAm9u54CyiPjbgW1JqYmHQd%2FrmljieY0zOtizuwxilXVWL0Xz5lPn4rx%2FSqIGEmMAtXnbUl%2BCkQScApE5OL91SerjSI9CtXEsv"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7944838bba842502-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
cdn.creative-bars1.com/sb/chat/mob/ssp/v2/new/3/css/animate.css
172.64.167.9200 OK 5.2 kB URL HTTP/2 cdn.creative-bars1.com/sb/chat/mob/ssp/v2/new/3/css/animate.css
IP 172.64.167.9:0
Hash f87f5c91af77b0626d602e5ae678c31d
b6557a644e978f49a7014242a99130ed0646c902
baedf84f4207eeb94e346acc6d8e2d982a34abc833b0d8996734e1e9f49ab6eb
GET /sb/chat/mob/ssp/v2/new/3/css/animate.css HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://xfantazy.com
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 04 Feb 2023 15:42:01 GMT
content-type: text/css
last-modified: Wed, 13 Jul 2022 12:13:56 GMT
etag: W/"62ceb704-135d1"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 5306927
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=0kROhpnjVyINzFZzGwhyCb8FXPhrjj0YKa9IUQ5dCZvJofY9yALF8FzcWcGFZ0kQgNA8qTX%2BpY6hrK%2FeJg%2Bbcs6J5kzak6dnxb%2F4gdQJHMOKX2rDiTwSUFS6gI8UIoF%2BnTuaBJygoojr"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7944838bdabd2502-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
pogothere.xyz/asd100.bin
172.67.139.155200 OK 104 kB IP 172.67.139.155:0
Size 104 kB (104031 bytes)
Hash 67e96ed9b75de31f6873ea8752035642
207b1964dd3d0104892b9dd17dde28d578ec7413
a699103d5f5bf57381e04a61782623f9221dd125782343c987b99d41a0ef336f
Analyzer Verdict Alert quad9 Sinkholed
GET /asd100.bin HTTP/1.1
Host: pogothere.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://xfantazy.com/
Origin: https://xfantazy.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sat, 04 Feb 2023 15:42:01 GMT
content-type: binary/octet-stream
access-control-allow-origin: https://xfantazy.com
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-headers: X-Requested-With, content-type
cache-control: max-age=14400
cf-cache-status: HIT
age: 2316
last-modified: Sat, 04 Feb 2023 15:03:25 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=q7h3dxhCO%2FGrr6XlJ65Bi186jDzndNMHHxELJlHqfzNbzMzUwKrMvWX5uVKH7SazHUjiDfACcApwaYe9PaAuhv16HIrJ14oxnVTefLGsEBg4sljBDi05gsUyFkAHATsW"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7944838888f5b503-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
cdn.barscreative1.com/sb/au/e6/d7/97/e6d797a3a7be0e7ec1877d1b33146dfa/1657714258.html
45.133.44.3200 OK 2.1 kB URL HTTP/2 cdn.barscreative1.com/sb/au/e6/d7/97/e6d797a3a7be0e7ec1877d1b33146dfa/1657714258.html
IP 45.133.44.3:0
ASN #39572 DataWeb Global Group B.V.
File type HTML document, ASCII text, with very long lines (3566)
Hash 37ae025760877a698105a6f7a29b6e78
f531ebd3d07bed42d95b936136da83ec800cdd10
9832bbe19245a9da7ca36eda81739c8db772d34b5ca7b2ad4c9036885d8694b3
Analyzer Verdict Alert fortinet Phishing
GET /sb/au/e6/d7/97/e6d797a3a7be0e7ec1877d1b33146dfa/1657714258.html HTTP/1.1
Host: cdn.barscreative1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://xfantazy.com
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 04 Feb 2023 15:42:01 GMT
content-type: text/html; charset=utf-8
server: nginx/1.17.6
last-modified: Wed, 13 Jul 2022 12:11:03 GMT
etag: W/"62ceb657-4a6"
cache-control: max-age=3600
access-control-allow-origin: *
access-control-expose-headers: Date
content-encoding: gzip
expires: Sat, 04 Feb 2023 16:42:01 GMT
x-proxy-cache: HIT
X-Firefox-Spdy: h2
a.naturalhealthsource.club/api/spots/312875?p=1&s1=%subid1%&kw=
135.181.208.216200 OK 3.8 kB URL HTTP/2 a.naturalhealthsource.club/api/spots/312875?p=1&s1=%subid1%&kw=
IP 135.181.208.216:0
ASN #24940 Hetzner Online GmbH
Hash f99b5ed2b2a67fd480977d73eafea640
cc61313c141fc14b030688502261c042d52d1381
6d05c905820e5d16b772d2bbf0a3774dbb660741c36dd54fe5759ba6b6c87f62
GET /api/spots/312875?p=1&s1=%subid1%&kw= HTTP/1.1
Host: a.naturalhealthsource.club
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 04 Feb 2023 15:42:01 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
set-cookie: nauid=mCDCdggE1szOQ15uBhOR; Path=/; Expires=Wed, 11 Nov 2037 11:11:11 GMT; Secure; SameSite=None
cache-control: private
content-encoding: gzip
X-Firefox-Spdy: h2
ocsp.sectigo.com/
104.18.32.68200 OK 471 B IP 104.18.32.68:0
Hash 0d32467b2072d17bc565348479da0b77
3fa64c7f279aaf94c7c80bf72ea00bbb3eef4a52
32bb7ace231ca091d2a97f40cd0fff99f922d16dbf16b5b1cff6fd4d33531aa6
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sat, 04 Feb 2023 15:42:01 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Fri, 03 Feb 2023 05:56:26 GMT
Expires: Fri, 10 Feb 2023 05:56:25 GMT
Etag: "3fa64c7f279aaf94c7c80bf72ea00bbb3eef4a52"
Cache-Control: max-age=482663,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb1
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 7944838d1d7db51b-OSL
a.naturalhealthsource.club/api/spots/391866?host=xfantazy.com&ev=204&wh=939&ww=1280&uuid=
135.181.208.216200 OK 13 kB URL HTTP/2 a.naturalhealthsource.club/api/spots/391866?host=xfantazy.com&ev=204&wh=939&ww=1280&uuid=
IP 135.181.208.216:0
ASN #24940 Hetzner Online GmbH
File type ASCII text, with very long lines (28408)
Hash c279286b054fe598456e2f5fcfb51039
e63164b951049698468709b781cde89bffa38d59
39f4ea0092479e04f4ad143546af03b5f002d3d72f26292e0d27c986addbfadc
GET /api/spots/391866?host=xfantazy.com&ev=204&wh=939&ww=1280&uuid= HTTP/1.1
Host: a.naturalhealthsource.club
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Cookie: nauid=3z7YphwPmNU0PJkOkmmT
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 04 Feb 2023 15:42:01 GMT
content-type: text/javascript; charset=utf-8
vary: Accept-Encoding
cache-control: private
content-encoding: gzip
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 604c3cbda1f304eef93aa15329e8e7ac
d9f25abc81500d2740265d4a2b11fa7e2d251d1f
5b0938197333a46575fa5d665e649f70b3268e27d0f3cbcac04065cc70acf9c5
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "5B0938197333A46575FA5D665E649F70B3268E27D0F3CBCAC04065CC70ACF9C5"
Last-Modified: Fri, 03 Feb 2023 01:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=13796
Expires: Sat, 04 Feb 2023 19:31:57 GMT
Date: Sat, 04 Feb 2023 15:42:01 GMT
Connection: keep-alive
a.naturalhealthsource.club/api/spots/312874?p=1&s1=%subid1%&kw=
135.181.208.216200 OK 3.5 kB URL HTTP/2 a.naturalhealthsource.club/api/spots/312874?p=1&s1=%subid1%&kw=
IP 135.181.208.216:0
ASN #24940 Hetzner Online GmbH
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- assembler source, ASCII text, with very long lines (712)
Hash d0969be1d5dc02257744c0d0a22de6e0
14a520bf7afd8acac4fd88f72adb03fc3864f824
f49c9d13df98c4bfba69b9b0a822579637062cf4f00abbde2917cba9e24e874d
GET /api/spots/312874?p=1&s1=%subid1%&kw= HTTP/1.1
Host: a.naturalhealthsource.club
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 04 Feb 2023 15:42:01 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
set-cookie: nauid=iwCWGEkmJ1aLwgzHHXHV; Path=/; Expires=Wed, 11 Nov 2037 11:11:11 GMT; Secure; SameSite=None
cache-control: private
content-encoding: gzip
X-Firefox-Spdy: h2
e1.o.lencr.org/
23.36.77.32200 OK 345 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 03da5c6aa37a4d971cc2fd7e55478e9f
330b0b61e3c5966e6e739b0f75a10fc3ecf36319
b2fb7f459311816420b4bec226f4bb56ddbaef061fcc1877645c4f991aab167c
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "B2FB7F459311816420B4BEC226F4BB56DDBAEF061FCC1877645C4F991AAB167C"
Last-Modified: Thu, 02 Feb 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=15161
Expires: Sat, 04 Feb 2023 19:54:42 GMT
Date: Sat, 04 Feb 2023 15:42:01 GMT
Connection: keep-alive
syndication.realsrv.com/splash.php?native-settings=1&idzone=4891828&cookieconsent=true&&p=https%3A%2F%2Fxfantazy.com%2F&max=1&loaded=0
95.211.229.248200 OK 1.8 kB URL HTTP/1.1 syndication.realsrv.com/splash.php?native-settings=1&idzone=4891828&cookieconsent=true&&p=https%3A%2F%2Fxfantazy.com%2F&max=1&loaded=0
IP 95.211.229.248:0
ASN #60781 LeaseWeb Netherlands B.V.
File type JSON data\012- , ASCII text, with very long lines (3333), with no line terminators
Hash 2630e7f3bb8c479d15b7a736daf4177f
91f1e76a19074d8ff2b8958f0e8f0462d6084aa0
567965897f94e6fa53b13d74ea478ced6fefa9e992a02c96c1d56720382bb26c
GET /splash.php?native-settings=1&idzone=4891828&cookieconsent=true&&p=https%3A%2F%2Fxfantazy.com%2F&max=1&loaded=0 HTTP/1.1
Host: syndication.realsrv.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://a.naturalhealthsource.club
Connection: keep-alive
Referer: https://a.naturalhealthsource.club/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 04 Feb 2023 15:42:01 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Origin: https://a.naturalhealthsource.club
Access-Control-Allow-Credentials: true
Set-Cookie: __uvt=a%3A1%3A%7Bi%3A0%3Bs%3A33%3A%2263de7cc9d33768.602148653919810212%22%3B%7D; expires=Mon, 03 Feb 2025 15:42:01 GMT; path=; domain=.realsrv.com; Secure; SameSite=none
c-tag=%7B%22tag-banner%22%3A%22v3%7C%7CNOR%7C4891828%7C41873824%7C0%7C%7C508%7C41%7C3%7C40%7C0%7C0%7C0%7C25344%7C0%7C0%7C0%7C1%7C0%7C0%7C0%7C0%7C1%7C0%7C0%7C1%7C%7C1cffa26cab9227e1600343a9ffbf0de2%7C0%7Cxfantazy.com%7C%7C%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7Cok%22%7D; expires=Sun, 05 Feb 2023 15:42:01 GMT; path=/; domain=.realsrv.com; Secure; SameSite=none
X-Robots-Tag: noindex, follow
Content-Encoding: gzip
cdn.cloudimagesb.com/si/59/92/d7/5992d7e81c8c076d0f9c30e952fcb498/1671506223.png
45.133.44.9200 OK 78 kB URL HTTP/2 cdn.cloudimagesb.com/si/59/92/d7/5992d7e81c8c076d0f9c30e952fcb498/1671506223.png
IP 45.133.44.9:0
ASN #39572 DataWeb Global Group B.V.
File type PNG image data, 192 x 192, 8-bit/color RGBA, non-interlaced\012- data
Hash da6e8937f3fcec61da25fb1ea7f619e8
c1f12b107da32a253a8cd69ded672148eeda5743
29b3dcf70160206a05807816cf001886c4715a0fa27bf39170909041a50a2c6e
GET /si/59/92/d7/5992d7e81c8c076d0f9c30e952fcb498/1671506223.png HTTP/1.1
Host: cdn.cloudimagesb.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 04 Feb 2023 15:42:01 GMT
content-type: image/png
content-length: 78410
server: nginx/1.17.6
last-modified: Tue, 20 Dec 2022 03:17:11 GMT
etag: "63a12937-1324a"
expires: Mon, 06 Feb 2023 15:42:01 GMT
cache-control: max-age=172800
x-proxy-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
syndication.realsrv.com/splash.php?native-settings=1&idzone=4891818&cookieconsent=true&&p=https%3A%2F%2Fxfantazy.com%2F&max=1&loaded=0
95.211.229.248200 OK 1.7 kB URL HTTP/1.1 syndication.realsrv.com/splash.php?native-settings=1&idzone=4891818&cookieconsent=true&&p=https%3A%2F%2Fxfantazy.com%2F&max=1&loaded=0
IP 95.211.229.248:0
ASN #60781 LeaseWeb Netherlands B.V.
File type JSON data\012- , ASCII text, with very long lines (3318), with no line terminators
Hash 86247e562e981d5aa27fbc3f48da2539
c98b415fdfdaaaa1c25c4a6e84ec238d12763d60
658060943a69a88e5f979ca96cf6ff8a693c8cb3decdcc1b4cfe8db9ad7e70f6
GET /splash.php?native-settings=1&idzone=4891818&cookieconsent=true&&p=https%3A%2F%2Fxfantazy.com%2F&max=1&loaded=0 HTTP/1.1
Host: syndication.realsrv.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://a.naturalhealthsource.club
Connection: keep-alive
Referer: https://a.naturalhealthsource.club/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 04 Feb 2023 15:42:01 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Origin: https://a.naturalhealthsource.club
Access-Control-Allow-Credentials: true
Set-Cookie: __uvt=a%3A1%3A%7Bi%3A0%3Bs%3A33%3A%2263de7cc9dd5721.297649924026655659%22%3B%7D; expires=Mon, 03 Feb 2025 15:42:01 GMT; path=; domain=.realsrv.com; Secure; SameSite=none
c-tag=%7B%22tag-banner%22%3A%22v3%7C%7CNOR%7C4891818%7C41873840%7C0%7C%7C508%7C41%7C3%7C40%7C0%7C0%7C0%7C25344%7C0%7C0%7C0%7C1%7C0%7C0%7C0%7C0%7C1%7C0%7C0%7C1%7C%7C1cffa26cab9227e1600343a9ffbf0de2%7C0%7Cxfantazy.com%7C%7C%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7Cok%22%7D; expires=Sun, 05 Feb 2023 15:42:01 GMT; path=/; domain=.realsrv.com; Secure; SameSite=none
X-Robots-Tag: noindex, follow
Content-Encoding: gzip
cdn.creative-bars1.com/sb/chat/mob/ssp/v2/new/3/js/script.js
172.64.167.9200 OK 1.5 kB URL HTTP/2 cdn.creative-bars1.com/sb/chat/mob/ssp/v2/new/3/js/script.js
IP 172.64.167.9:0
Hash 31d5024bd06d9d3d8bbfc070c0ff3c39
67d4ac17f267e037d6280a81a03d9856cebd1f51
14b1bba5e9eb5234704f789fd1872e26175465be1aa4ddc63c2cc837a2ab7b95
GET /sb/chat/mob/ssp/v2/new/3/js/script.js HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://xfantazy.com
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sat, 04 Feb 2023 15:42:01 GMT
content-type: application/javascript
last-modified: Wed, 13 Jul 2022 12:13:56 GMT
etag: W/"62ceb704-17f"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 5305863
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=M4RAhMDoqvbeoaPkL4xs6D4i2VOwfi%2F2wH2fIL%2BMyaBOwAg%2FILf38iBOgOwsbSSQqQMZo%2FcA6omBACbwFhGZL9ofSgjdr3zdi37ZScgim11IkMwrOm%2BBpE%2Fg26u6JOBpuBm89J%2BaV7TY"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7944838e2e232502-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.sectigo.com/
104.18.32.68200 OK 472 B IP 104.18.32.68:0
Hash 031be4d46456a983025a51dbafe041b8
028f4f0edcd725d7a87e785c595cb695defeb31f
668963244fb14a5bced5a013c2f8f7ff3aeec27695d402b3c1e07ae528f4e11f
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sat, 04 Feb 2023 15:42:02 GMT
Content-Type: application/ocsp-response
Content-Length: 472
Connection: keep-alive
Last-Modified: Wed, 01 Feb 2023 03:56:20 GMT
Expires: Wed, 08 Feb 2023 03:56:19 GMT
Etag: "028f4f0edcd725d7a87e785c595cb695defeb31f"
Cache-Control: max-age=302656,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb2
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 7944838f2e7fb527-OSL
a.realsrv.com/build-iframe-js-url.js?idzone=4891810
185.76.9.17200 OK 3.3 kB URL HTTP/2 a.realsrv.com/build-iframe-js-url.js?idzone=4891810
IP 185.76.9.17:0
ASN #60068 Datacamp Limited
File type ASCII text, with very long lines (2590)
Hash 47083706325242e8dfb974f4ca3a45df
6e30dc3bf81984c205e33e75f98bf0d0c62d6c1f
45816e8755854e5d7d2640840303a442f2861a998d84dc036ebd1db005ef500b
GET /build-iframe-js-url.js?idzone=4891810 HTTP/1.1
Host: a.realsrv.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://a.realsrv.com/iframe.php?idzone=4891810&size=300x250
Cookie: __uvt=a%3A1%3A%7Bi%3A0%3Bs%3A33%3A%2263de7cc9d33768.602148653919810212%22%3B%7D; c-tag=%7B%22tag-banner%22%3A%22v3%7C%7CNOR%7C4891828%7C41873824%7C0%7C%7C508%7C41%7C3%7C40%7C0%7C0%7C0%7C25344%7C0%7C0%7C0%7C1%7C0%7C0%7C0%7C0%7C1%7C0%7C0%7C1%7C%7C1cffa26cab9227e1600343a9ffbf0de2%7C0%7Cxfantazy.com%7C%7C%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7Cok%22%7D
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sat, 04 Feb 2023 15:42:01 GMT
content-type: application/javascript
etag: W/"1789784d9721457eb3c560b1f16"
expires: Thu, 02 Feb 2023 18:45:39 GMT
cache-control: max-age=10800
access-control-allow-origin: *
x-cache-op: HIT
x-accel-expires: @1675527109
server: CDN77-Turbo
x-77-nzt: AblMCQ354sr/NCMAAA
x-77-nzt-ray: c0a4cc28be01f57cc97cde63f5f5e338
x-cache: HIT
x-age: 9012
x-77-pop: stockholmSE
x-77-cache: HIT
content-encoding: gzip
X-Firefox-Spdy: h2
lcdn.tsyndicate.com/sdk/v1/b.b.js
8.254.252.210304 Not Modified 0 B URL HTTP/2 lcdn.tsyndicate.com/sdk/v1/b.b.js
IP 8.254.252.210:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /sdk/v1/b.b.js HTTP/1.1
Host: lcdn.tsyndicate.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://a.naturalhealthsource.club/
Cookie: ts_uid=8e2eb010-ac1d-485e-b227-bc741eb15d2c; bfq=APeIECNCx5YZMGbcmEGDBgsZOGDEwFGjRhcWIsYU3BKDRYyLIspsjGHjRg0bMWLckNGRpEmUKmXI6NJH
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
If-Modified-Since: Tue, 22 Feb 2022 13:07:15 GMT
If-None-Match: W/"6214e003-1eb1"
TE: trailers
HTTP/2 304 Not Modified
date: Sat, 04 Feb 2023 15:42:02 GMT
last-modified: Tue, 22 Feb 2022 13:07:15 GMT
server: nginx
x-robots-tag: noindex, nofollow
vary: Accept-Encoding
etag: W/"6214e003-1eb1"
age: 28791059
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 312 B IP 93.184.220.29:0
Hash 3d84979ba8fb44b083716b6359684601
6779aa23c14e94569f1babb49c1cb8fe8a7e766f
c651a5fcaf1d770e4c62f0a105543f0b27556374d4464cd39326ae81fffafc9b
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 2288
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Sat, 04 Feb 2023 15:42:02 GMT
Last-Modified: Sat, 04 Feb 2023 15:03:54 GMT
Server: ECS (ska/F719)
X-Cache: HIT
Content-Length: 312
syndication.realsrv.com/splash.php?native-settings=1&idzone=4891818&cookieconsent=true&&p=https%3A%2F%2Fxfantazy.com%2F&max=3&loaded=1
95.211.229.248200 OK 3.1 kB URL HTTP/1.1 syndication.realsrv.com/splash.php?native-settings=1&idzone=4891818&cookieconsent=true&&p=https%3A%2F%2Fxfantazy.com%2F&max=3&loaded=1
IP 95.211.229.248:0
ASN #60781 LeaseWeb Netherlands B.V.
File type JSON data\012- , ASCII text, with very long lines (5735), with no line terminators
Hash 88e552f24531b2db0186f8cb9d04787e
59226cdf293291eb4eab0a911591a7005e075659
b618a041d39dcbfac49e6c1cdd192e41d257410dea3e5aa3fe2751f7a7428c43
GET /splash.php?native-settings=1&idzone=4891818&cookieconsent=true&&p=https%3A%2F%2Fxfantazy.com%2F&max=3&loaded=1 HTTP/1.1
Host: syndication.realsrv.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://a.naturalhealthsource.club
Connection: keep-alive
Referer: https://a.naturalhealthsource.club/
Cookie: __uvt=a%3A1%3A%7Bi%3A0%3Bs%3A33%3A%2263de7cc9dd5721.297649924026655659%22%3B%7D; c-tag=%7B%22tag-banner%22%3A%22v3%7C%7CNOR%7C4891818%7C41873840%7C0%7C%7C508%7C41%7C3%7C40%7C0%7C0%7C0%7C25344%7C0%7C0%7C0%7C1%7C0%7C0%7C0%7C0%7C1%7C0%7C0%7C1%7C%7C1cffa26cab9227e1600343a9ffbf0de2%7C0%7Cxfantazy.com%7C%7C%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7Cok%22%7D
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 04 Feb 2023 15:42:02 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Origin: https://a.naturalhealthsource.club
Access-Control-Allow-Credentials: true
Set-Cookie: __uvt=a%3A1%3A%7Bi%3A0%3Bs%3A33%3A%2263de7cc9dd5721.297649924026655659%22%3B%7D; expires=Mon, 03 Feb 2025 15:42:02 GMT; path=; domain=.realsrv.com; Secure; SameSite=none
impressions=oslmrxbrnxgxamrcraoxsgeicxbmsbcenxgxamrrxsoaageimmccrbebnxgxamcbexxbmgeioslmrxbmnxgxamrroelrxgeicxbmsbocnxgxamrroelrxgeimmccrlaonxgxamrcremlrgeimmccrlacnxgxamcmlarclgeicxbmsboenxgxamrroelrxgeioslmrxlrnxgxamslescrogeimmccrbxenxgxamrescroogeislsaroornxgxamccolacbgeioslmroemnxgxamrrorsoogeioslmrxlsnxgxamrremcslgeicmmsxrbonxgxamsoeamlmgeimmccrlaenxgxamrsxxxmrgeimmccrbeanxgxamcssabxegeicaocmrmanxgxamolcrcergeimcclsxronxgxamsscrmclgeimcclsxmenxgxamrceerargeialbserebnxgxamccrrssogeimcclsxaonxgxamsxsxllxgeicxbmsbxcnxgxamrrorsoogeimrblxebenxgxamselmborgeimcclsxconxgxamrcraoxsgeirbabxabbnxgxamrescroogeimcclsxacnxgxamsscrmclgeicmmsxaeenxgxamcmrmsrmgeialbsereanxgxamsoeabscgeicaxsscmbnxgxamsosomemgeimcclosconxgxamrrxsoaageimcclsoeonxgxamrcraoxsgeimcclsxlcnxgxamrrxsoaageimcclossbnxgxamcscxaesgeimcclsxscnxgxamsmoooeegeimcclsxlenxgxamcbrorxbgeimaecseaenxgxamrcremlrgeimaecsxcbnxgxamsmoooeegeimcclsxoanxgxamclrbcelgeimcclsxlbnxgxamcrbalrageimccloscanxgxamrceerargeiclsmrbsonxgxamsmmrbmbgeiclsmarsenxgxamsmmrbmbgeiccmmllebnxgxamclarlmmgeimcclsxsbnxgxamrroelrxgeiclsmrbxonxgxamsbebceegeiclsmrbxcnxgxamsbebceegeiclsmarscnxgxamsbebceegeiccmmlmlcnxgxamsbebceegeiclsmarrenxgxamsbebceegeicaormbaonxgxamsbxxbsrgeicaormlrenxgxamcememscgeimcclsxlonxgxamcsmlmxcgeimrblelronxgxamsbremaegeimaecsxobnxgxamsbremaegeiclsmrbrcnxgxamsbroemmgeiclsmrraanxgxamclsslaegeiclsmrmxbnxgxamsbroemmgeimccloscenxgxamrcraoxsgeimcclsxxonxgxamslescrogeimrblelxbnxgxamslescrogeimcclsoeenxgxamclrbcelgeimrblelmonxgxamcxcrasxgeimrbleloenxgxamcxcrasxgeiclsmrrmanxgxamcxabcxbgeiclsmrbeonxgxamcxabcxbgeiclsmrrcenxgxamcxabcxbgeiclsmrmxanxgxamcxabcxbgeiclsmrbxenxgxamcxabcxbgeiclsmaroonxgxamcxabcxbgeialbserxenxgxamcosraregeimcclsxsenxgxamrcraoxsgeimcclsxlanxgxamcblrlbcgeiccmmlleanxgxamccrrssogeicaormlabnxgxamcrllsmageicaormlconxgxamcrllsmageiclsmarsonxgxamclsslaegeiclsmrmlbnxgxamclsslaegeiclsmrmocnxgxamclsslaegeiccmmllecnxgxamclsslaegeimcclsxcanxgxamrceerscgeimrblelcenxgxamclrbcelgeimaecsxrcnxgxamclrbcelgeialbserxonxgxamclarlmmgeimcclosscnxgxamrceerscgeimaecobronxgxamrescroogeimaecobeenxgxamrescroogeimcclosccnxgxamrescroogeimaecoboonxgxamrescroogeimrblxelenxgxamrescroogeirarrrcaenxgxamrcceorxgxcceimexexabbnxgxamrccrbsogxcceimbscxmxanxgxamrccarblgxcceimxlbmosanogxamrccmecbgxcceicxmecmcanxgxamrccmecbgxcceimcssmlronsgxamrcresmegxcceimrbxmxmanxgxamrcremlrgxcceimaecsxccnxgxamrcremlrgeimocbmmmbnxgxamrcrxblmgxcceimocbmmacnxgxamrcrxblmgxcceimocbmmaanxgxamrcrxblmgxcceimrxccosanxgxamrcrolmegxcceimrxccosensgxamrcrolmegxcceimrxccoscnxgxamrcrolmegxcceimxlbmoconogxamrcraoxsgxcceimxeoxsacnrgxamrcraoxsgxcceimlxbaxlonxgxamrcraoxsgeimxlbalsbnogxamrcrblsagxcceimlxbaxbanxgxamrcaxocmgeimxlbmxlenogxamrcaxocmgxcceimxlbalcenogxamrcaxocbgxcceimxlbmoobnxgxamrcaobasgxcceimrxccosonxgxamrcacbrlgxcceimxlbmoaonxgxamrcabersgxcceimlxasascnxgxamrcmoorsgxcceimxelmbranxgxamrcmoormgxcceimblelamenxgxamrcmoscagxcceimlxoblmonxgxamrcmoscagxcceialrexexbnxgxamrcmrbebgxcceimxlbmxbbnxgxamrcmacemgxcceimxlbmxlonogxamrcmacemgxcceimrbleaebnxgxamrcmmbacgxcceimaooblebnogxamrcbmccogxcceimxlbmoscnogxamrclresagxcceimboslabcnxgxamrclresagxcceimcssmlrcnsgxamrclresagxcceimblelamanxgxamrclresagxcceimbbcemoancgxamrclrcergxcceialaroxrcnxgxamrclaermgxcceimxeemblbnxgxamrclaeaegxcceialrexeoonxgxamrclamblgxcceimaoobbebnxgxamrclablagxcceimclsaoxbncgxamrclablagxcceimlxmrlxonxgxamrrexelcgxcceimlxocxobncgxamrrexelcgxcceixaoosscrnxgxamrrexelcgxcceimxxerreonxgxamrreosbmgxcceimxlbmosonogxamrreosbbgxcceialbbebsanxgxamrreosbbgxcceimlxocxoonxgxamrreosblgxcceimbbcemobncgxamrreosblgxcceimaooloranxgxamrreoslxgxcceimeembescnxgxamrreoslogxcceicmarxbbonsgxamrreoslogxcceimxlbmosenogxamrrecasxgxcceimlxbaxbonxgxamrroelrxgeimsacexoonxgxamrremcslgxcceixaoossalnxgxamrrelbergxcceimbscxmobnxgxamrrelbergxcceimeembecenxgxamrrxemecgxcceimxlbmxlcnogxamrrxobrlgxcceimmooobronxgxamrrxolcogxcceimmooobrbnxgxamrrxolcogxcceimmooobranxgxamrrxolcogxcceimbscxmoanxgxamrrxolcogxcceimcssmlrensgxamrrxolcogxcceimeembesonogxamrrxsoamgxcceimrmaobxanogxamrrxmabrgxcceirrmlllronxgxamrroelrxgxcceialbbebsbnxgxamrroelrxgxcceimxxerrxenxgxamrroelrxgxcceimblelabenxgxamrroelrxgxcceimbrsslsanxgxamrroelrxgxcceimbclraronxgxamrroelrxgxcceicloaxxmonxgxamrroelrxgxcceimlxbrrbenxgxamrroxsmcgcbeimeelaclanxgxamrrocsalgxcceimxeemlxenxgxamrrocsalgxcceimeelaclcnxgxamrrocsalgxcceimeelaclonxgxamrrocsalgxcceimlxbaxlanxgxamrrorsoogeimxxerreanxgxamrrorsoogxcce; expires=Sun, 05 Feb 2023 15:42:02 GMT; path=/; domain=.realsrv.com; Secure; SameSite=none
c-tag=%7B%22tag-banner%22%3A%22v3%7C%7CNOR%7C4891818%7C71105506%7C0%7C%7C508%7C41%7C3%7C40%7C0%7C0%7C0%7C25344%7C0%7C0%7C0%7C1%7C0%7C0%7C0%7C0%7C1%7C0%7C0%7C1%7C63de7cc9dd5721.297649924026655659%7C1cffa26cab9227e1600343a9ffbf0de2%7C0%7Cxfantazy.com%7C%7C%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7Cok%22%7D; expires=Sun, 05 Feb 2023 15:42:02 GMT; path=/; domain=.realsrv.com; Secure; SameSite=none
c-tag=%7B%22tag-banner%22%3A%22v3%7C%7CNOR%7C4891818%7C23975207%7C0%7C%7C508%7C41%7C3%7C40%7C0%7C0%7C0%7C25344%7C0%7C0%7C0%7C1%7C0%7C0%7C0%7C0%7C1%7C0%7C0%7C1%7C63de7cc9dd5721.297649924026655659%7C1cffa26cab9227e1600343a9ffbf0de2%7C0%7Cxfantazy.com%7C%7C%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7Cok%22%7D; expires=Sun, 05 Feb 2023 15:42:02 GMT; path=/; domain=.realsrv.com; Secure; SameSite=none
c-tag=%7B%22tag-banner%22%3A%22v3%7C%7CNOR%7C4891818%7C41873814%7C0%7C%7C508%7C41%7C3%7C40%7C0%7C0%7C0%7C25344%7C0%7C0%7C0%7C1%7C0%7C0%7C0%7C0%7C1%7C0%7C0%7C1%7C63de7cc9dd5721.297649924026655659%7C1cffa26cab9227e1600343a9ffbf0de2%7C0%7Cxfantazy.com%7C%7C%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7Cok%22%7D; expires=Sun, 05 Feb 2023 15:42:02 GMT; path=/; domain=.realsrv.com; Secure; SameSite=none
X-Robots-Tag: noindex, follow
Content-Encoding: gzip
outdilateinterrupt.com/pixel/sbs?c=1
173.233.137.60200 OK 660 B URL HTTP/1.1 outdilateinterrupt.com/pixel/sbs?c=1
IP 173.233.137.60:0
File type gzip compressed data, max compression\012- data
Hash 5860c780c8e9daa4f852038f02b5bdc2
c75c8b4db36bffe075ce493f06d011f855d5541a
f11b9f8e851e15c0c6abd53a9994c6dcef78ceeebd0f0b8bbde610fec8332c85
Analyzer Verdict Alert quad9 Sinkholed
GET /pixel/sbs?c=1 HTTP/1.1
Host: outdilateinterrupt.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Cookie: u_pl=17661735; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Sat, 04 Feb 2023 15:42:02 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
outdilateinterrupt.com/impr.gif?sid=H4sIAAAAAAAC%2F1RSz2skxRev3t0vfHERf%2BDFg9o3FWS2f8wkM%2BYQjGskuGbj7krEW3VV9UyZmq6mqmt6EgTDLsgeZ28eO59JNugu4uLFy8Iy8aDkZHuQHMw%2FIXiWmQyMPqh679XnQX0%2B772vD9w5CeDo2dbHek8qRa%2B1GoH%2F1rbMuC6tv3nHD4NGsOJvy2ypueIPp5cZvBsGrUbwtv%2BhYDv6WhSEQRAGob8ujUj18NoMhcwfd8JGJ2g0o0bYamJo%2Fptb58FSD3xwTl6G5PX%2Fer8%2BgWQTZP0frgu7U%2Bj8nQ%2F6TtFCGwz48afZTqbLDP1FmBoPaXY8r4a2NSHfXILOjucKoAeHUwVIZE28P0Ik2fGcJpLB0QXTREFkSPhVlIMJhJpA0gmYvgfJfyMA49i8iaz%2FcFObku5eoHSK1uTK339BljW58ucryPrfryk59G9r5QqpM4thWkEOJ5DdCXJ3gmLPgyxPwIq7kJwg61eQvJqplnICmU6gxAjUenDTIz241IPLPfT5mU9bnTQIltMkjeN2kzEWx4y12ku8xeNmOw3g2JTWCEU%2BAlMjMLOP3OxjRz6oCbl7COOewfYqWO7BFjXxPtnHgFcoBUFpCUpKUEqCsiAoB9URVzay1UOurEvCuY%2FmPq7Guuge0CNddEVGDvJz8tK0Kd7zX72JHXHmR2Eq4k4rSJthJIJoicVxGiZLTIilMBYJhZUVpL0007sna%2FJ66ypyWZP%2Frz5DQk9g1QmYfBHUvQZajpejALQ3brYD7GU%2FZbRwhqqeoKroWe0MEw2mXAKuK%2BTFFRS73oE6J6%2FOBrXyQgnBTld%2FjGcGZirkpsIX8meCrro%2FvqVLcnhLl5Y8uZkXsi%2F36HSItwtaiMvffSR2S234xnU7%2BvY9NgWm4eM7whY3aMZl1rXk0ZrkXJh1bZggTzfstki2nO2tOZO5%2FMbW%2B%2Bsb%2FdwIa6XOJqCyJuRsA0zW5Lmnn88W9I1Hn0GaCYyr0HenZG6Q%2BgQs34fNF%2FytJjBqUZPkHkpXjU2ULB6VJFBikdOkgv1XniziA3sfXeOBFvdmazkwFQaqAlUjWHd5XOTmdPX3%2BeeJ8saJMt5hoox6cNFcK8%2F8VtgU7aS9zDhPBOPhchS34yCIOG8ud0TYQWFrdv7lL%2F8AAAD%2F%2FwEAAP%2F%2FfJLY53gEAAA%3D
173.233.137.60200 OK 7 B URL HTTP/1.1 outdilateinterrupt.com/impr.gif?sid=H4sIAAAAAAAC%2F1RSz2skxRev3t0vfHERf%2BDFg9o3FWS2f8wkM%2BYQjGskuGbj7krEW3VV9UyZmq6mqmt6EgTDLsgeZ28eO59JNugu4uLFy8Iy8aDkZHuQHMw%2FIXiWmQyMPqh679XnQX0%2B772vD9w5CeDo2dbHek8qRa%2B1GoH%2F1rbMuC6tv3nHD4NGsOJvy2ypueIPp5cZvBsGrUbwtv%2BhYDv6WhSEQRAGob8ujUj18NoMhcwfd8JGJ2g0o0bYamJo%2Fptb58FSD3xwTl6G5PX%2Fer8%2BgWQTZP0frgu7U%2Bj8nQ%2F6TtFCGwz48afZTqbLDP1FmBoPaXY8r4a2NSHfXILOjucKoAeHUwVIZE28P0Ik2fGcJpLB0QXTREFkSPhVlIMJhJpA0gmYvgfJfyMA49i8iaz%2FcFObku5eoHSK1uTK339BljW58ucryPrfryk59G9r5QqpM4thWkEOJ5DdCXJ3gmLPgyxPwIq7kJwg61eQvJqplnICmU6gxAjUenDTIz241IPLPfT5mU9bnTQIltMkjeN2kzEWx4y12ku8xeNmOw3g2JTWCEU%2BAlMjMLOP3OxjRz6oCbl7COOewfYqWO7BFjXxPtnHgFcoBUFpCUpKUEqCsiAoB9URVzay1UOurEvCuY%2FmPq7Guuge0CNddEVGDvJz8tK0Kd7zX72JHXHmR2Eq4k4rSJthJIJoicVxGiZLTIilMBYJhZUVpL0007sna%2FJ66ypyWZP%2Frz5DQk9g1QmYfBHUvQZajpejALQ3brYD7GU%2FZbRwhqqeoKroWe0MEw2mXAKuK%2BTFFRS73oE6J6%2FOBrXyQgnBTld%2FjGcGZirkpsIX8meCrro%2FvqVLcnhLl5Y8uZkXsi%2F36HSItwtaiMvffSR2S234xnU7%2BvY9NgWm4eM7whY3aMZl1rXk0ZrkXJh1bZggTzfstki2nO2tOZO5%2FMbW%2B%2Bsb%2FdwIa6XOJqCyJuRsA0zW5Lmnn88W9I1Hn0GaCYyr0HenZG6Q%2BgQs34fNF%2FytJjBqUZPkHkpXjU2ULB6VJFBikdOkgv1XniziA3sfXeOBFvdmazkwFQaqAlUjWHd5XOTmdPX3%2BeeJ8saJMt5hoox6cNFcK8%2F8VtgU7aS9zDhPBOPhchS34yCIOG8ud0TYQWFrdv7lL%2F8AAAD%2F%2FwEAAP%2F%2FfJLY53gEAAA%3D
IP 173.233.137.60:0
File type ASCII text, with no line terminators
Hash 132d6af1b46048b45cf86cdee7991d31
eb7007d03d59b65bc6da7e098c4d38fc6dfb6285
ab852e838deccd742a03ca81d4a8d75cf1a00b327db3eaf46bd7da6b6db9384c
Analyzer Verdict Alert fortinet Malware
quad9 Sinkholed
GET /impr.gif?sid=H4sIAAAAAAAC%2F1RSz2skxRev3t0vfHERf%2BDFg9o3FWS2f8wkM%2BYQjGskuGbj7krEW3VV9UyZmq6mqmt6EgTDLsgeZ28eO59JNugu4uLFy8Iy8aDkZHuQHMw%2FIXiWmQyMPqh679XnQX0%2B772vD9w5CeDo2dbHek8qRa%2B1GoH%2F1rbMuC6tv3nHD4NGsOJvy2ypueIPp5cZvBsGrUbwtv%2BhYDv6WhSEQRAGob8ujUj18NoMhcwfd8JGJ2g0o0bYamJo%2Fptb58FSD3xwTl6G5PX%2Fer8%2BgWQTZP0frgu7U%2Bj8nQ%2F6TtFCGwz48afZTqbLDP1FmBoPaXY8r4a2NSHfXILOjucKoAeHUwVIZE28P0Ik2fGcJpLB0QXTREFkSPhVlIMJhJpA0gmYvgfJfyMA49i8iaz%2FcFObku5eoHSK1uTK339BljW58ucryPrfryk59G9r5QqpM4thWkEOJ5DdCXJ3gmLPgyxPwIq7kJwg61eQvJqplnICmU6gxAjUenDTIz241IPLPfT5mU9bnTQIltMkjeN2kzEWx4y12ku8xeNmOw3g2JTWCEU%2BAlMjMLOP3OxjRz6oCbl7COOewfYqWO7BFjXxPtnHgFcoBUFpCUpKUEqCsiAoB9URVzay1UOurEvCuY%2FmPq7Guuge0CNddEVGDvJz8tK0Kd7zX72JHXHmR2Eq4k4rSJthJIJoicVxGiZLTIilMBYJhZUVpL0007sna%2FJ66ypyWZP%2Frz5DQk9g1QmYfBHUvQZajpejALQ3brYD7GU%2FZbRwhqqeoKroWe0MEw2mXAKuK%2BTFFRS73oE6J6%2FOBrXyQgnBTld%2FjGcGZirkpsIX8meCrro%2FvqVLcnhLl5Y8uZkXsi%2F36HSItwtaiMvffSR2S234xnU7%2BvY9NgWm4eM7whY3aMZl1rXk0ZrkXJh1bZggTzfstki2nO2tOZO5%2FMbW%2B%2Bsb%2FdwIa6XOJqCyJuRsA0zW5Lmnn88W9I1Hn0GaCYyr0HenZG6Q%2BgQs34fNF%2FytJjBqUZPkHkpXjU2ULB6VJFBikdOkgv1XniziA3sfXeOBFvdmazkwFQaqAlUjWHd5XOTmdPX3%2BeeJ8saJMt5hoox6cNFcK8%2F8VtgU7aS9zDhPBOPhchS34yCIOG8ud0TYQWFrdv7lL%2F8AAAD%2F%2FwEAAP%2F%2FfJLY53gEAAA%3D HTTP/1.1
Host: outdilateinterrupt.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Cookie: u_pl=17661735; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Sat, 04 Feb 2023 15:42:02 GMT
Content-Type: image/gif
Content-Length: 7
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 74296eb93203edd5234814b0e468d2ce
Strict-Transport-Security: max-age=0; includeSubdomains
fonts.gstatic.com/s/ubuntu/v20/4iCs6KVjbNBYlgoKfw72.woff2
216.58.207.227200 OK 35 kB URL HTTP/2 fonts.gstatic.com/s/ubuntu/v20/4iCs6KVjbNBYlgoKfw72.woff2
IP 216.58.207.227:0
File type Web Open Font Format (Version 2), TrueType, length 34852, version 1.0\012- data
Hash 0e8eefb4549a2edf26c560cb9845952e
8d0b1718aacad934fd0043c87cbc54aa091396bf
7f653b3ce9d3277457fc6da4edb246ae2f6c913f088c42dcb8cd2e96267aa21a
GET /s/ubuntu/v20/4iCs6KVjbNBYlgoKfw72.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://ads.adxadserv.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 34852
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Mon, 30 Jan 2023 00:48:39 GMT
expires: Tue, 30 Jan 2024 00:48:39 GMT
cache-control: public, max-age=31536000
age: 485603
last-modified: Wed, 27 Apr 2022 16:31:23 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
static.adxadserv.com/css/wm.css
185.76.9.19200 OK 35 kB URL HTTP/2 static.adxadserv.com/css/wm.css
IP 185.76.9.19:0
ASN #60068 Datacamp Limited
Hash 44a9fca1ab4e22bc31dfbb6aa9df8635
cda28879e0cf172d6548519f240a4b933dc8d8a4
d0142b7db740978cd8baad082edf32a107e21e358d2aaa381e57138d5e504f35
GET /css/wm.css HTTP/1.1
Host: static.adxadserv.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ads.adxadserv.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
HTTP/2 200 OK
date: Sat, 04 Feb 2023 15:42:02 GMT
content-type: text/css
last-modified: Mon, 03 Aug 2020 09:41:06 GMT
etag: W/"5f27dbb2-711"
x-accel-expires: @1676019691
server: CDN77-Turbo
x-77-nzt: AblMCQ34vQD/30YIAA
x-77-nzt-ray: c0a4cc28c7fa0482ca7cde63b0e53306
x-cache: HIT
x-age: 542431
x-77-pop: stockholmSE
x-77-cache: HIT
content-encoding: gzip
X-Firefox-Spdy: h2
a.naturalhealthsource.club/api/spots/391868?host=xfantazy.com&ev=204&wh=939&ww=1280&uuid=
135.181.208.216200 OK 138 kB URL HTTP/2 a.naturalhealthsource.club/api/spots/391868?host=xfantazy.com&ev=204&wh=939&ww=1280&uuid=
IP 135.181.208.216:0
ASN #24940 Hetzner Online GmbH
Size 138 kB (137600 bytes)
Hash b1bc4d7b2eebb6038517f28b9537f702
1f19e3ed1739588cce3a95abfb2a1b4cc52b71a0
4945c3b68f5995fdf9e2377ccb74db45baf974bb81e7074e3b5a7f35b538e999
GET /api/spots/391868?host=xfantazy.com&ev=204&wh=939&ww=1280&uuid= HTTP/1.1
Host: a.naturalhealthsource.club
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Cookie: nauid=3z7YphwPmNU0PJkOkmmT
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 04 Feb 2023 15:42:01 GMT
content-type: text/javascript; charset=utf-8
vary: Accept-Encoding
cache-control: private
content-encoding: gzip
X-Firefox-Spdy: h2
a.naturalhealthsource.club/api/spots/420557?p=1&s1=%subid1%&kw=
135.181.208.216200 OK 18 kB URL HTTP/2 a.naturalhealthsource.club/api/spots/420557?p=1&s1=%subid1%&kw=
IP 135.181.208.216:0
ASN #24940 Hetzner Online GmbH
Hash 7973ebb2a8eb6fab8931de4fbe6974f1
9f25b148f4aa8f7835c49420433cacfbc495876d
9650f7e72257f56bbc77a6dedc743985c982cf151b334ec6fdc65c30b672a4fd
GET /api/spots/420557?p=1&s1=%subid1%&kw= HTTP/1.1
Host: a.naturalhealthsource.club
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 04 Feb 2023 15:42:01 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
set-cookie: nauid=lN9L1GQJYsa1LRsgDqK5; Path=/; Expires=Wed, 11 Nov 2037 11:11:11 GMT; Secure; SameSite=None
cache-control: private
content-encoding: gzip
X-Firefox-Spdy: h2
utilitypresent.com/impr.gif?sid=H4sIAAAAAAAC%2F1RSz2skxRev3s338lXwB3sREeeoIJPunpnMjDksxjUSXLNxdyXirbqqelKmuqqp6p6eDAphF2SPszePnc8kG3SDuHgTFmTiQcnJ9iA5mIN%2FgBfBqzKTgdEHVe%2B9%2Bjyoz%2Be99%2FlBfkF85PR8630zlErR5Vbdr722LTU3hatt3q0Fft1frW1LvdJcrQ2ml%2B2%2FGfituv967V3Bds1y6Ae%2BH%2FhBbV1aEZvB8gyFTE%2B6Qb3r15thPWg1MbD%2FzV3uwVEPvH9BXoTk1f92fnoCySbQyTc3hNvNTPrGO0muaGYs%2Bvz4Q72rTaGRLMLYeoj18bwaxlWEfHEFRh%2FPFcD0D6cKEMmKeL8GiPTxnCai%2FtEl00hBaET8GRT9CYSaQNIJmLkPyX8mAOPYvAWdPNo0tqB7lyidohVZ%2ButPyKIiS79dg06%2BXlNyULtjVJ5Jox0GcQk5mED2JkjzU2RDD7I4BcvuQXICnZSQvJyplnICGU%2BgxAjUecinR3rIYw956iHh5zXa6sa%2B346juNHoNBljjQZjrc4Kb%2FFGsxP7yNmU1ghZOgJTIzC7j9TuY1c%2BrAi5dwibfw%2B3U8JxDy6riPfBPvq8RCEICkdQUIJCEhQZQdEvj7hyoSsfceXyKJj7cO4b5dhkvQN6ZLKe0OQgvSAvzJryx7PfYVec12gYd7t%2BHPjN9oq%2FErB20OUBCyht0FAwHsLJEtJdmekdyopce%2Fl3pNNJffY3InoKp07B5POg%2BSugxbgd%2BqA742bHx1CfDGKqMzrcqzOTgJsSabaEbM87UBfkpRmP1ecKCHZ2%2FdvGzMBsidSW%2BET%2BQNBTD8a3TUEOb5vCkSe30kwmcking7uT0Uxc%2Feo9sVcYyzduuNGXb7EpMA1P7gqX3aSaS91z5PGa5FzYdWOZIE833LaItnK3s5Zbnac3t95e30hSK5yTRk9AZUXI%2BQaYrMj%2Fn348W8pXH38EaSeweYkkPyNzgzSnYOk%2BXLrg7wyBVYuaKPVQ5OXYhtHiUUkCJRY5jUq4f%2BXRIj5wD9CzHmh2f7aKfVuir0pQNYLLr46z1J5d%2F2X%2BeaS8caSsdxgpqx5eNtfJ81oraIpO1GkzziPBeNAOG52G74ecN9tdEXSRuYpdfPrjPwAAAP%2F%2FAQAA%2F%2F8ERFq0bAQAAA%3D%3D
192.243.59.13200 OK 7 B URL HTTP/1.1 utilitypresent.com/impr.gif?sid=H4sIAAAAAAAC%2F1RSz2skxRev3s338lXwB3sREeeoIJPunpnMjDksxjUSXLNxdyXirbqqelKmuqqp6p6eDAphF2SPszePnc8kG3SDuHgTFmTiQcnJ9iA5mIN%2FgBfBqzKTgdEHVe%2B9%2Bjyoz%2Be99%2FlBfkF85PR8630zlErR5Vbdr722LTU3hatt3q0Fft1frW1LvdJcrQ2ml%2B2%2FGfituv967V3Bds1y6Ae%2BH%2FhBbV1aEZvB8gyFTE%2B6Qb3r15thPWg1MbD%2FzV3uwVEPvH9BXoTk1f92fnoCySbQyTc3hNvNTPrGO0muaGYs%2Bvz4Q72rTaGRLMLYeoj18bwaxlWEfHEFRh%2FPFcD0D6cKEMmKeL8GiPTxnCai%2FtEl00hBaET8GRT9CYSaQNIJmLkPyX8mAOPYvAWdPNo0tqB7lyidohVZ%2ButPyKIiS79dg06%2BXlNyULtjVJ5Jox0GcQk5mED2JkjzU2RDD7I4BcvuQXICnZSQvJyplnICGU%2BgxAjUecinR3rIYw956iHh5zXa6sa%2B346juNHoNBljjQZjrc4Kb%2FFGsxP7yNmU1ghZOgJTIzC7j9TuY1c%2BrAi5dwibfw%2B3U8JxDy6riPfBPvq8RCEICkdQUIJCEhQZQdEvj7hyoSsfceXyKJj7cO4b5dhkvQN6ZLKe0OQgvSAvzJryx7PfYVec12gYd7t%2BHPjN9oq%2FErB20OUBCyht0FAwHsLJEtJdmekdyopce%2Fl3pNNJffY3InoKp07B5POg%2BSugxbgd%2BqA742bHx1CfDGKqMzrcqzOTgJsSabaEbM87UBfkpRmP1ecKCHZ2%2FdvGzMBsidSW%2BET%2BQNBTD8a3TUEOb5vCkSe30kwmcking7uT0Uxc%2Feo9sVcYyzduuNGXb7EpMA1P7gqX3aSaS91z5PGa5FzYdWOZIE833LaItnK3s5Zbnac3t95e30hSK5yTRk9AZUXI%2BQaYrMj%2Fn348W8pXH38EaSeweYkkPyNzgzSnYOk%2BXLrg7wyBVYuaKPVQ5OXYhtHiUUkCJRY5jUq4f%2BXRIj5wD9CzHmh2f7aKfVuir0pQNYLLr46z1J5d%2F2X%2BeaS8caSsdxgpqx5eNtfJ81oraIpO1GkzziPBeNAOG52G74ecN9tdEXSRuYpdfPrjPwAAAP%2F%2FAQAA%2F%2F8ERFq0bAQAAA%3D%3D
IP 192.243.59.13:0
ASN #39572 DataWeb Global Group B.V.
File type ASCII text, with no line terminators
Hash 132d6af1b46048b45cf86cdee7991d31
eb7007d03d59b65bc6da7e098c4d38fc6dfb6285
ab852e838deccd742a03ca81d4a8d75cf1a00b327db3eaf46bd7da6b6db9384c
Analyzer Verdict Alert fortinet Malware
quad9 Sinkholed
GET /impr.gif?sid=H4sIAAAAAAAC%2F1RSz2skxRev3s338lXwB3sREeeoIJPunpnMjDksxjUSXLNxdyXirbqqelKmuqqp6p6eDAphF2SPszePnc8kG3SDuHgTFmTiQcnJ9iA5mIN%2FgBfBqzKTgdEHVe%2B9%2Bjyoz%2Be99%2FlBfkF85PR8630zlErR5Vbdr722LTU3hatt3q0Fft1frW1LvdJcrQ2ml%2B2%2FGfituv967V3Bds1y6Ae%2BH%2FhBbV1aEZvB8gyFTE%2B6Qb3r15thPWg1MbD%2FzV3uwVEPvH9BXoTk1f92fnoCySbQyTc3hNvNTPrGO0muaGYs%2Bvz4Q72rTaGRLMLYeoj18bwaxlWEfHEFRh%2FPFcD0D6cKEMmKeL8GiPTxnCai%2FtEl00hBaET8GRT9CYSaQNIJmLkPyX8mAOPYvAWdPNo0tqB7lyidohVZ%2ButPyKIiS79dg06%2BXlNyULtjVJ5Jox0GcQk5mED2JkjzU2RDD7I4BcvuQXICnZSQvJyplnICGU%2BgxAjUecinR3rIYw956iHh5zXa6sa%2B346juNHoNBljjQZjrc4Kb%2FFGsxP7yNmU1ghZOgJTIzC7j9TuY1c%2BrAi5dwibfw%2B3U8JxDy6riPfBPvq8RCEICkdQUIJCEhQZQdEvj7hyoSsfceXyKJj7cO4b5dhkvQN6ZLKe0OQgvSAvzJryx7PfYVec12gYd7t%2BHPjN9oq%2FErB20OUBCyht0FAwHsLJEtJdmekdyopce%2Fl3pNNJffY3InoKp07B5POg%2BSugxbgd%2BqA742bHx1CfDGKqMzrcqzOTgJsSabaEbM87UBfkpRmP1ecKCHZ2%2FdvGzMBsidSW%2BET%2BQNBTD8a3TUEOb5vCkSe30kwmcking7uT0Uxc%2Feo9sVcYyzduuNGXb7EpMA1P7gqX3aSaS91z5PGa5FzYdWOZIE833LaItnK3s5Zbnac3t95e30hSK5yTRk9AZUXI%2BQaYrMj%2Fn348W8pXH38EaSeweYkkPyNzgzSnYOk%2BXLrg7wyBVYuaKPVQ5OXYhtHiUUkCJRY5jUq4f%2BXRIj5wD9CzHmh2f7aKfVuir0pQNYLLr46z1J5d%2F2X%2BeaS8caSsdxgpqx5eNtfJ81oraIpO1GkzziPBeNAOG52G74ecN9tdEXSRuYpdfPrjPwAAAP%2F%2FAQAA%2F%2F8ERFq0bAQAAA%3D%3D HTTP/1.1
Host: utilitypresent.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Cookie: u_pl=15600826; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.17.6
Date: Sat, 04 Feb 2023 15:42:02 GMT
Content-Type: image/gif
Content-Length: 7
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 9ef210ec6d42134a0ad4c4588d1f5911
Strict-Transport-Security: max-age=0; includeSubdomains
utilitypresent.com/pixel/sbs?c=1
192.243.59.13200 OK 0 B URL HTTP/1.1 utilitypresent.com/pixel/sbs?c=1
IP 192.243.59.13:0
ASN #39572 DataWeb Global Group B.V.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert fortinet Malware
quad9 Sinkholed
GET /pixel/sbs?c=1 HTTP/1.1
Host: utilitypresent.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Cookie: u_pl=15600826; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.17.6
Date: Sat, 04 Feb 2023 15:42:02 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
s3t3d2y8.afcdn.net/library/623611/2278481571affd0d06433855ece073cb06237a2a.webp
185.76.9.26200 OK 6.1 kB URL HTTP/2 s3t3d2y8.afcdn.net/library/623611/2278481571affd0d06433855ece073cb06237a2a.webp
IP 185.76.9.26:0
ASN #60068 Datacamp Limited
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 300x300, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash 6fa982653e11bf92f711f516bff7cc24
2278481571affd0d06433855ece073cb06237a2a
4ec89f5331b8e33f6ba993e5e835df7b3a008ee32ab12dcca448781bca935a97
GET /library/623611/2278481571affd0d06433855ece073cb06237a2a.webp HTTP/1.1
Host: s3t3d2y8.afcdn.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://a.naturalhealthsource.club/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sat, 04 Feb 2023 15:42:02 GMT
content-type: image/webp
content-length: 6076
last-modified: Wed, 03 Nov 2021 19:29:43 GMT
etag: "6182e327-17bc"
expires: Wed, 25 Oct 2023 01:17:49 GMT
cache-control: max-age=31536000
access-control-allow-origin: *
x-robots-tag: noindex, follow
x-cache-op: HIT
x-accel-expires: @1702010249
server: CDN77-Turbo
x-77-nzt: AblMCRTbU5X/wRJNAA
x-77-nzt-ray: af58563045bab011ca7cde630fcebc10
x-cache: HIT
x-age: 5051073
x-77-pop: stockholmSE
x-77-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
s3t3d2y8.afcdn.net/library/759202/14cdf1353d64a64ee271f5211a0dc1e60cf6f0e6.webp
185.76.9.26200 OK 7.8 kB URL HTTP/2 s3t3d2y8.afcdn.net/library/759202/14cdf1353d64a64ee271f5211a0dc1e60cf6f0e6.webp
IP 185.76.9.26:0
ASN #60068 Datacamp Limited
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 300x300, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash d207740399aab46e880de871c8aaed60
14cdf1353d64a64ee271f5211a0dc1e60cf6f0e6
2eeb7427375b10973a39daaccbc7adac1a143988e3fe2768ec7cacac8aa73c48
GET /library/759202/14cdf1353d64a64ee271f5211a0dc1e60cf6f0e6.webp HTTP/1.1
Host: s3t3d2y8.afcdn.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://a.naturalhealthsource.club/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 04 Feb 2023 15:42:02 GMT
content-type: image/webp
content-length: 7778
last-modified: Thu, 04 Nov 2021 11:46:24 GMT
etag: "6183c810-1e62"
expires: Tue, 24 Oct 2023 16:35:29 GMT
cache-control: max-age=31536000
access-control-allow-origin: *
x-robots-tag: noindex, follow
x-cache-op: HIT
x-accel-expires: @1699450168
server: CDN77-Turbo
x-77-nzt: AblMCRTo7+v/EiN0AA
x-77-nzt-ray: af58563045bab011ca7cde63fa68e510
x-cache: HIT
x-age: 7611154
x-77-pop: stockholmSE
x-77-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
s3t3d2y8.afcdn.net/library/759202/cd02c9fbef3622b4ead82aec2dc490e7f11c3e42.webp
185.76.9.26200 OK 11 kB URL HTTP/2 s3t3d2y8.afcdn.net/library/759202/cd02c9fbef3622b4ead82aec2dc490e7f11c3e42.webp
IP 185.76.9.26:0
ASN #60068 Datacamp Limited
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 300x300, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash e013eb1fd6cafd3a64a5ff5865a61cc7
cd02c9fbef3622b4ead82aec2dc490e7f11c3e42
1bf220f6be4aaeeafc1a8078542d162682d8bb7be6f329829d7545659f843587
GET /library/759202/cd02c9fbef3622b4ead82aec2dc490e7f11c3e42.webp HTTP/1.1
Host: s3t3d2y8.afcdn.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://a.naturalhealthsource.club/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sat, 04 Feb 2023 15:42:02 GMT
content-type: image/webp
content-length: 10906
last-modified: Thu, 04 Nov 2021 11:46:24 GMT
etag: "6183c810-2a9a"
expires: Tue, 24 Oct 2023 16:35:36 GMT
cache-control: max-age=31536000
access-control-allow-origin: *
x-robots-tag: noindex, follow
x-cache-op: HIT
x-accel-expires: @1699450281
server: CDN77-Turbo
x-77-nzt: AblMCRQfxBb/oSJ0AA
x-77-nzt-ray: af58563045bab011ca7cde630f26ec10
x-cache: HIT
x-age: 7611041
x-77-pop: stockholmSE
x-77-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
s3t3d2y8.afcdn.net/library/140058/a0df5c23efcee52a99fe073a05b56d57e3f8a452.webp
185.76.9.26200 OK 11 kB URL HTTP/2 s3t3d2y8.afcdn.net/library/140058/a0df5c23efcee52a99fe073a05b56d57e3f8a452.webp
IP 185.76.9.26:0
ASN #60068 Datacamp Limited
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 300x300, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash 532d1e5a87c63c6b3b95dcfeaed2e9fa
a0df5c23efcee52a99fe073a05b56d57e3f8a452
44bd8c81a5015fb8eef901a20569b69dc421fcffc831263ff88ec087dd47b091
GET /library/140058/a0df5c23efcee52a99fe073a05b56d57e3f8a452.webp HTTP/1.1
Host: s3t3d2y8.afcdn.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://a.naturalhealthsource.club/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sat, 04 Feb 2023 15:42:02 GMT
content-type: image/webp
content-length: 10738
last-modified: Wed, 03 Nov 2021 11:53:34 GMT
etag: "6182783e-29f2"
expires: Fri, 30 Jun 2023 11:27:16 GMT
cache-control: max-age=31536000
access-control-allow-origin: *
x-cache-op: HIT
x-accel-expires: @1688195355
server: CDN77-Turbo
x-robots-tag: noindex, follow
x-77-nzt: AblMCRQyNJ//L98fAQ
x-77-nzt-ray: af58563045bab011ca7cde631006f610
x-cache: HIT
x-age: 18865967
x-77-pop: stockholmSE
x-77-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
s3t3d2y8.afcdn.net/library/623611/26c94b1b9322fb1f2558083727af47e58151007e.webp
185.76.9.26200 OK 6.8 kB URL HTTP/2 s3t3d2y8.afcdn.net/library/623611/26c94b1b9322fb1f2558083727af47e58151007e.webp
IP 185.76.9.26:0
ASN #60068 Datacamp Limited
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 300x300, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash ac7f0a83b67d9661811c62d68cdd2074
26c94b1b9322fb1f2558083727af47e58151007e
24c3c958813cf663205712c9a41003d3c5f304d3a90301d63847ab46047fc66f
GET /library/623611/26c94b1b9322fb1f2558083727af47e58151007e.webp HTTP/1.1
Host: s3t3d2y8.afcdn.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://a.naturalhealthsource.club/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sat, 04 Feb 2023 15:42:02 GMT
content-type: image/webp
content-length: 6782
last-modified: Wed, 03 Nov 2021 19:29:43 GMT
etag: "6182e327-1a7e"
expires: Tue, 24 Oct 2023 13:33:06 GMT
cache-control: max-age=31536000
access-control-allow-origin: *
x-robots-tag: noindex, follow
x-cache-op: HIT
x-accel-expires: @1702062165
server: CDN77-Turbo
x-77-nzt: AblMCRRZYu7/9UdMAA
x-77-nzt-ray: af58563045bab011ca7cde63cd49fc10
x-cache: HIT
x-age: 4999157
x-77-pop: stockholmSE
x-77-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 279 B IP 93.184.220.29:0
Hash e69146b2b3cc4fedc68b10de5fa1c071
90d9d81bb5513e701edac6b93fea10d0d536e2f1
f3706f157fe37709ef692f56e8bbd7763e372b0a02926ce27892769860f7e9f0
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4356
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Sat, 04 Feb 2023 15:42:02 GMT
Last-Modified: Sat, 04 Feb 2023 14:29:26 GMT
Server: ECS (ska/F719)
X-Cache: HIT
Content-Length: 279
s3t3d2y8.afcdn.net/library/623611/b15895baaf99a97c8834ba6bec7f8db1fef4fe99.jpg
185.76.9.26200 OK 23 kB URL HTTP/2 s3t3d2y8.afcdn.net/library/623611/b15895baaf99a97c8834ba6bec7f8db1fef4fe99.jpg
IP 185.76.9.26:0
ASN #60068 Datacamp Limited
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 240x240, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 90", baseline, precision 8, 300x300, components 3\012- data
Hash 441547a9707a39c963c3711eb1bde65f
b15895baaf99a97c8834ba6bec7f8db1fef4fe99
62aecdb0f6d107e9245712c74358f209336d3d33a6c90857b44bc10e3fc9b8c6
GET /library/623611/b15895baaf99a97c8834ba6bec7f8db1fef4fe99.jpg HTTP/1.1
Host: s3t3d2y8.afcdn.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://a.realsrv.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sat, 04 Feb 2023 15:42:02 GMT
content-type: image/jpeg
content-length: 22647
last-modified: Mon, 25 May 2020 13:39:38 GMT
etag: "5ecbca9a-5877"
expires: Tue, 24 Oct 2023 15:03:19 GMT
cache-control: max-age=31536000
access-control-allow-origin: *
x-robots-tag: noindex, follow
x-cache-op: HIT
x-accel-expires: @1701963206
server: CDN77-Turbo
x-77-nzt: AblMCRRyZnf/hMpNAA
x-77-nzt-ray: af58563045bab011ca7cde6387204114
x-cache: HIT
x-age: 5098116
x-77-pop: stockholmSE
x-77-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 314 B IP 93.184.220.29:0
Hash fe99dce2d214fe1bba009ba0e075e018
238b45faf38b4f4c7483a049a21f065b19a976c1
952d4c7ed5c5eefbfdedd2fe8bcd76401cdce36352e911109eb35492484f7b61
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4294
Cache-Control: max-age=95446
Content-Type: application/ocsp-response
Date: Sat, 04 Feb 2023 15:42:02 GMT
Etag: "63dd3dda-13a"
Expires: Sun, 05 Feb 2023 18:12:48 GMT
Last-Modified: Fri, 03 Feb 2023 17:01:14 GMT
Server: ECS (ska/F719)
X-Cache: HIT
Content-Length: 314
syndication.realsrv.com/cimp.php?t=api&data=H4sIAAAAAAAAAz1PW2oDMQy8Si8QI8m2LOW7/W0hJQfw2htSSBvYJKUfc/h604cE0jCImZGQxA3JhtID0zbJlgTOwSkkCZwTnl92SIyPer0t9XSc6+l6vJxvS5tDO90mqERlRlZNrvBCFBXJnI0JmQzRObvaELESjRMSIYJGS44prSgQDVsjPO132L8+DsbZBQwhjLlmWGEamL4IGvtcWvPecxEO4mWYuyQS1Zw1O1iLuRWppZlYLirUJql24D4lybQKoYZlvHNZPkM7v98TrVk4kq/Of8ToDd/XKMIdvR2W+j4D/xc/f6CAfwkGetFsZRaZm+tkLbPH2NU6WZzmqt+tmd7vewEAAA==
95.211.229.248200 OK 20 B URL HTTP/1.1 syndication.realsrv.com/cimp.php?t=api&data=H4sIAAAAAAAAAz1PW2oDMQy8Si8QI8m2LOW7/W0hJQfw2htSSBvYJKUfc/h604cE0jCImZGQxA3JhtID0zbJlgTOwSkkCZwTnl92SIyPer0t9XSc6+l6vJxvS5tDO90mqERlRlZNrvBCFBXJnI0JmQzRObvaELESjRMSIYJGS44prSgQDVsjPO132L8+DsbZBQwhjLlmWGEamL4IGvtcWvPecxEO4mWYuyQS1Zw1O1iLuRWppZlYLirUJql24D4lybQKoYZlvHNZPkM7v98TrVk4kq/Of8ToDd/XKMIdvR2W+j4D/xc/f6CAfwkGetFsZRaZm+tkLbPH2NU6WZzmqt+tmd7vewEAAA==
IP 95.211.229.248:0
ASN #60781 LeaseWeb Netherlands B.V.
Hash a4745abc5e7fdb89cc6df3069f3c6e69
74789f7ddbebd5b7323f6f8174005b4bf8c1f1ed
d1111b245f685176180e6f1631e6dc49badf6672368e9ce260c71355165effdf
GET /cimp.php?t=api&data=H4sIAAAAAAAAAz1PW2oDMQy8Si8QI8m2LOW7/W0hJQfw2htSSBvYJKUfc/h604cE0jCImZGQxA3JhtID0zbJlgTOwSkkCZwTnl92SIyPer0t9XSc6+l6vJxvS5tDO90mqERlRlZNrvBCFBXJnI0JmQzRObvaELESjRMSIYJGS44prSgQDVsjPO132L8+DsbZBQwhjLlmWGEamL4IGvtcWvPecxEO4mWYuyQS1Zw1O1iLuRWppZlYLirUJql24D4lybQKoYZlvHNZPkM7v98TrVk4kq/Of8ToDd/XKMIdvR2W+j4D/xc/f6CAfwkGetFsZRaZm+tkLbPH2NU6WZzmqt+tmd7vewEAAA== HTTP/1.1
Host: syndication.realsrv.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://a.realsrv.com
Connection: keep-alive
Referer: https://a.realsrv.com/
Cookie: __uvt=a%3A1%3A%7Bi%3A0%3Bs%3A33%3A%2263de7cc9dd5721.297649924026655659%22%3B%7D; c-tag=%7B%22tag-banner%22%3A%22v3%7C%7CNOR%7C4891818%7C41873814%7C0%7C%7C508%7C41%7C3%7C40%7C0%7C0%7C0%7C25344%7C0%7C0%7C0%7C1%7C0%7C0%7C0%7C0%7C1%7C0%7C0%7C1%7C63de7cc9dd5721.297649924026655659%7C1cffa26cab9227e1600343a9ffbf0de2%7C0%7Cxfantazy.com%7C%7C%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7Cok%22%7D
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 04 Feb 2023 15:42:02 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Origin: https://a.realsrv.com
Access-Control-Allow-Credentials: true
Set-Cookie: __upt=%7B%22v%22%3A1%2C%22id%22%3A%2263de7cc9dd5721.297649924026655659%22%2C%22pcma%22%3A%22%22%2C%22acma%22%3A%22508.0199%22%7D; expires=Mon, 03 Feb 2025 15:42:02 GMT; path=/; domain=.realsrv.com; Secure; SameSite=none
X-Robots-Tag: noindex, follow
Content-Encoding: gzip
ocsp.digicert.com/
93.184.220.29200 OK 279 B IP 93.184.220.29:0
Hash f996f2c36b8368738336a3ddcc19e753
96d3a2efd4cb522dd1461eb67c80d363a5e0b5fa
cab50e93346cacb34d9715772d0b2aba2f91648c169544d78bc9cb9b0a2bf584
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6303
Cache-Control: max-age=139925
Content-Type: application/ocsp-response
Date: Sat, 04 Feb 2023 15:42:02 GMT
Etag: "63dde3c0-117"
Expires: Mon, 06 Feb 2023 06:34:07 GMT
Last-Modified: Sat, 04 Feb 2023 04:49:04 GMT
Server: ECS (ska/F719)
X-Cache: HIT
Content-Length: 279
go.xlivrdr.com/smartpop/0344371630277140d4e6e843762bdf964d4ae7bf351771961595fbde6c2ada11?userId=d100f7df1b38527c59f2a01ce658dbfb8b696949c12c1469164f408167d4a1ca&sourceId=477848&memberId=91y8tpVGMQqxHH7ZeVltju_NPbbc9fNMV8ie9l9NAfrOoaDDUDbj-_Ot2gdNFp42E1CiNtMNNWuXUQ1OSjkjFEU6MyG3ynl_k_aM8i7xzR5159g_gUIDRUi&p1=4235550
104.18.51.106302 Found 0 B URL HTTP/2 go.xlivrdr.com/smartpop/0344371630277140d4e6e843762bdf964d4ae7bf351771961595fbde6c2ada11?userId=d100f7df1b38527c59f2a01ce658dbfb8b696949c12c1469164f408167d4a1ca&sourceId=477848&memberId=91y8tpVGMQqxHH7ZeVltju_NPbbc9fNMV8ie9l9NAfrOoaDDUDbj-_Ot2gdNFp42E1CiNtMNNWuXUQ1OSjkjFEU6MyG3ynl_k_aM8i7xzR5159g_gUIDRUi&p1=4235550
IP 104.18.51.106:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /smartpop/0344371630277140d4e6e843762bdf964d4ae7bf351771961595fbde6c2ada11?userId=d100f7df1b38527c59f2a01ce658dbfb8b696949c12c1469164f408167d4a1ca&sourceId=477848&memberId=91y8tpVGMQqxHH7ZeVltju_NPbbc9fNMV8ie9l9NAfrOoaDDUDbj-_Ot2gdNFp42E1CiNtMNNWuXUQ1OSjkjFEU6MyG3ynl_k_aM8i7xzR5159g_gUIDRUi&p1=4235550 HTTP/1.1
Host: go.xlivrdr.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://tsyndicate.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
date: Sat, 04 Feb 2023 15:42:02 GMT
content-length: 0
location: https://creative.xlivrdr.com/widgets/v4/Universal?campaignId=0344371630277140d4e6e843762bdf964d4ae7bf351771961595fbde6c2ada11&campaignType=smartpop&creativeId=37acc769fa476626fe6b90aec4a1f923bc4ff59b110ff874761e96a2a9218620&iterationId=379973&masterSmartpopId=1914&memberId=91y8tpVGMQqxHH7ZeVltju_NPbbc9fNMV8ie9l9NAfrOoaDDUDbj-_Ot2gdNFp42E1CiNtMNNWuXUQ1OSjkjFEU6MyG3ynl_k_aM8i7xzR5159g_gUIDRUi&p1=4235550&quality=optimal&ruleId=17&smartpopId=1793&sourceId=477848&tag=-girls%2Findian&userId=d100f7df1b38527c59f2a01ce658dbfb8b696949c12c1469164f408167d4a1ca&variationId=30009
access-control-allow-credentials: true
access-control-allow-headers: Content-Type, Content-Length, Accept-Encoding, x-requested-with
cf-cache-status: DYNAMIC
set-cookie: _var=887637.30009; Path=/; HttpOnly; SameSite=Strict
__cflb=02DiuDfsBaY2bRYJiCfFHYpfgnRfzoh6KuZsoQ9sxZ9pG; SameSite=None; Secure; path=/; expires=Sun, 05-Feb-23 14:42:02 GMT; HttpOnly
server: cloudflare
cf-ray: 794483909f8ab4f7-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 312 B IP 93.184.220.29:0
Hash 3d84979ba8fb44b083716b6359684601
6779aa23c14e94569f1babb49c1cb8fe8a7e766f
c651a5fcaf1d770e4c62f0a105543f0b27556374d4464cd39326ae81fffafc9b
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 2288
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Sat, 04 Feb 2023 15:42:02 GMT
Last-Modified: Sat, 04 Feb 2023 15:03:54 GMT
Server: ECS (ska/F719)
X-Cache: HIT
Content-Length: 312
ocsp.digicert.com/
93.184.220.29200 OK 279 B IP 93.184.220.29:0
Hash e69146b2b3cc4fedc68b10de5fa1c071
90d9d81bb5513e701edac6b93fea10d0d536e2f1
f3706f157fe37709ef692f56e8bbd7763e372b0a02926ce27892769860f7e9f0
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4356
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Sat, 04 Feb 2023 15:42:02 GMT
Last-Modified: Sat, 04 Feb 2023 14:29:26 GMT
Server: ECS (ska/F719)
X-Cache: HIT
Content-Length: 279
ocsp.digicert.com/
93.184.220.29200 OK 279 B IP 93.184.220.29:0
Hash f996f2c36b8368738336a3ddcc19e753
96d3a2efd4cb522dd1461eb67c80d363a5e0b5fa
cab50e93346cacb34d9715772d0b2aba2f91648c169544d78bc9cb9b0a2bf584
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6303
Cache-Control: max-age=139925
Content-Type: application/ocsp-response
Date: Sat, 04 Feb 2023 15:42:02 GMT
Etag: "63dde3c0-117"
Expires: Mon, 06 Feb 2023 06:34:07 GMT
Last-Modified: Sat, 04 Feb 2023 04:49:04 GMT
Server: ECS (ska/F719)
X-Cache: HIT
Content-Length: 279
cams.gratis/banner/leer.gif
172.64.165.31200 OK 290 B URL HTTP/2 cams.gratis/banner/leer.gif
IP 172.64.165.31:0
File type GIF image data, version 89a, 192 x 192\012- data
Hash 72e33229faa7e5ba8930deac92a1aae0
496e880a0024b268b4e3987c0863cdbf8a64d696
a556ed9ee99be72f01ac6bf6232e3357ad104cf28d05afd91efbaf5953df1a6a
GET /banner/leer.gif HTTP/1.1
Host: cams.gratis
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://cams.gratis/banner/300x250.php?site=xfanta
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sat, 04 Feb 2023 15:42:02 GMT
content-type: image/gif
content-length: 290
last-modified: Sun, 13 Jan 2019 11:23:18 GMT
cache-control: max-age=2592000
expires: Mon, 20 Feb 2023 08:27:52 GMT
cf-cache-status: HIT
age: 1235650
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=k3hiLRkuECoNCVQ%2FKkjHSQhccj%2BPlFUYHWfTZFUdLJEtPFZmutN2ya1MS504lTksw65cwmIIR9SVpd4jqhup6FFeXhp5YgNwMiiCs3EEiDqfY3nPLb%2F2pURsZYrQPA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 794483917a42730f-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
adxadserv.com/ascripts/pxl.js
185.98.53.29200 OK 78 kB URL HTTP/1.1 adxadserv.com/ascripts/pxl.js
IP 185.98.53.29:0
ASN #39572 DataWeb Global Group B.V.
File type Unicode text, UTF-8 text, with very long lines (36114)
Hash 8348b78d100940ba1808a8e9b93f2e94
c2aa612dc3256c9f235dcfc6e330d0ecaf957768
9c983adf86ebc949957bdf55d524dfa278a79bea8d13f2efa9512c6dd37b86f5
GET /ascripts/pxl.js HTTP/1.1
Host: adxadserv.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ads.adxadserv.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
HTTP/1.1 200 OK
Server: nginx/1.20.1
Date: Sat, 04 Feb 2023 15:42:02 GMT
Content-Type: application/javascript
Content-Length: 77806
Connection: keep-alive
Last-Modified: Fri, 25 Sep 2020 09:55:25 GMT
ETag: "5f6dbe8d-12fee"
Expires: Fri, 03 Feb 2023 14:15:49 GMT
Cache-Control: max-age=86400, public
X-77-NZT: AblMCgq0q7X/MxQAAA
X-77-NZT-Ray: 2109d11049493d5dca7cde639738991a
X-Cache: HIT
X-Age: 5171
X-77-POP: amsterdamNL
X-77-Cache: HIT
Accept-Ranges: bytes
cams.gratis/banner/bg6.jpg
172.64.165.31200 OK 37 kB URL HTTP/2 cams.gratis/banner/bg6.jpg
IP 172.64.165.31:0
File type JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 405x252, components 3\012- data
Hash 7ee983f81d742869a176e874651c7231
3072b7ce2833a2611d679374493a5533bd1bd32e
ab168995f8ac84c48b20c8850d35aa43723211710953253ce75c1811bbb0ecbc
GET /banner/bg6.jpg HTTP/1.1
Host: cams.gratis
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://cams.gratis/banner/300x250.php?site=xfanta
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sat, 04 Feb 2023 15:42:02 GMT
content-type: image/jpeg
content-length: 37209
last-modified: Tue, 18 Oct 2022 10:44:50 GMT
cache-control: max-age=2592000
expires: Sat, 25 Feb 2023 15:17:24 GMT
cf-cache-status: HIT
age: 779078
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=CaJeJkIL%2FpnhaR53tJOiv7rgLJRaS2b3M3yFtPiokj%2BhS3BtR6HIejCk8QbA%2FyQN%2BMRXApdn7pzdgnJLkTmDO8AFr8VOdcliBC2c5gHvOLMWhBoKiKuWSte%2Fakso4g%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 794483918a55730f-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash fee867d660e7db4f404f9d19666d1a06
db98da7eacd4966c62c7f688e10921fc71579bce
6d54bae814fa49d7b9f10b42371f23af095338193032f711af9eef02dd814534
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "6D54BAE814FA49D7B9F10B42371F23AF095338193032F711AF9EEF02DD814534"
Last-Modified: Thu, 02 Feb 2023 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=16612
Expires: Sat, 04 Feb 2023 20:18:54 GMT
Date: Sat, 04 Feb 2023 15:42:02 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash fee867d660e7db4f404f9d19666d1a06
db98da7eacd4966c62c7f688e10921fc71579bce
6d54bae814fa49d7b9f10b42371f23af095338193032f711af9eef02dd814534
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "6D54BAE814FA49D7B9F10B42371F23AF095338193032F711AF9EEF02DD814534"
Last-Modified: Thu, 02 Feb 2023 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=16612
Expires: Sat, 04 Feb 2023 20:18:54 GMT
Date: Sat, 04 Feb 2023 15:42:02 GMT
Connection: keep-alive
hw-cdn2.ang-content.com/delivery/vortex/vortex-simple-1.0.0.js
205.185.208.20200 OK 5.0 kB URL HTTP/1.1 hw-cdn2.ang-content.com/delivery/vortex/vortex-simple-1.0.0.js
IP 205.185.208.20:0
File type ASCII text, with very long lines (5027), with no line terminators
Hash 5e5817bcf4c82c7c85d1d88636d221ce
b5c32cc6c931c33c1297884016e13d3b9a5bf261
6f0e50ac39121175ca0427c4e87cdfa2520b526c8497e23cffbca726eb6ca42c
GET /delivery/vortex/vortex-simple-1.0.0.js HTTP/1.1
Host: hw-cdn2.ang-content.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://a.adtng.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Date: Sat, 04 Feb 2023 15:42:02 GMT
Connection: Keep-Alive
ETag: "1541168231"
Content-Length: 5027
Content-Type: application/javascript
Last-Modified: Fri, 02 Nov 2018 14:17:11 GMT
Accept-Ranges: bytes
Cache-Control: max-age=10649420
X-HW: 1675525322.dop010.sk1.t,1675525322.cds013.sk1.shn,1675525322.cds013.sk1.c
Access-Control-Allow-Origin: *
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash fee867d660e7db4f404f9d19666d1a06
db98da7eacd4966c62c7f688e10921fc71579bce
6d54bae814fa49d7b9f10b42371f23af095338193032f711af9eef02dd814534
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "6D54BAE814FA49D7B9F10B42371F23AF095338193032F711AF9EEF02DD814534"
Last-Modified: Thu, 02 Feb 2023 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=16612
Expires: Sat, 04 Feb 2023 20:18:54 GMT
Date: Sat, 04 Feb 2023 15:42:02 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash fee867d660e7db4f404f9d19666d1a06
db98da7eacd4966c62c7f688e10921fc71579bce
6d54bae814fa49d7b9f10b42371f23af095338193032f711af9eef02dd814534
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "6D54BAE814FA49D7B9F10B42371F23AF095338193032F711AF9EEF02DD814534"
Last-Modified: Thu, 02 Feb 2023 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=16612
Expires: Sat, 04 Feb 2023 20:18:54 GMT
Date: Sat, 04 Feb 2023 15:42:02 GMT
Connection: keep-alive
hw-cdn2.adtng.com/delivery/intersection_observer/IntersectionObserver.js
209.197.3.25200 OK 17 kB URL HTTP/1.1 hw-cdn2.adtng.com/delivery/intersection_observer/IntersectionObserver.js
IP 209.197.3.25:0
File type ASCII text, with very long lines (16885), with no line terminators
Hash 48c80c7c28b5b00a8b4ff94a22b72fe3
d57303c2ad2fd5cedc5cb20f264a6965a7819cee
6e9be773031b3234fb9c2d6cf3d9740db1208f4351beca325ec34f76fd38f356
GET /delivery/intersection_observer/IntersectionObserver.js HTTP/1.1
Host: hw-cdn2.adtng.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://a.adtng.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
HTTP/1.1 200 OK
Date: Sat, 04 Feb 2023 15:42:02 GMT
Connection: Keep-Alive
ETag: "1649192094"
Content-Length: 16885
Content-Type: application/javascript
Last-Modified: Tue, 05 Apr 2022 20:54:54 GMT
Accept-Ranges: bytes
Cache-Control: max-age=10430420
X-HW: 1675525322.dop222.sk1.t,1675525322.cds202.sk1.shn,1675525322.cds202.sk1.c
Access-Control-Allow-Origin: *
hw-cdn2.ang-content.com/a7/creatives/1/49/814861/1038673/1038673_logo.png
205.185.208.20200 OK 64 kB URL HTTP/1.1 hw-cdn2.ang-content.com/a7/creatives/1/49/814861/1038673/1038673_logo.png
IP 205.185.208.20:0
File type PNG image data, 900 x 250, 8-bit colormap, non-interlaced\012- data
Hash 59891fd0f1c8814f36f98c05500a133d
2f18c14f9c7bff07ee6c09fa24aac3276c7e713f
57e16796036a6af78fda472f284ac5eb0b7a3e3b71c6d8b102e02c0437be787b
GET /a7/creatives/1/49/814861/1038673/1038673_logo.png HTTP/1.1
Host: hw-cdn2.ang-content.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://a.adtng.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Date: Sat, 04 Feb 2023 15:42:02 GMT
Connection: Keep-Alive
ETag: "1659026507"
Content-Length: 64368
Content-Type: image/png
Last-Modified: Thu, 28 Jul 2022 16:41:47 GMT
Accept-Ranges: bytes
Cache-Control: max-age=10393791
X-HW: 1675525322.dop068.sk1.t,1675525322.cds250.sk1.shn,1675525322.dop068.sk1.t,1675525322.cds201.sk1.c
Access-Control-Allow-Origin: *
adxadserv.com/px/event/v1?e_t=pageview&url=https%253A%252F%252Fads.adxadserv.com%252Fad%253Fspotid%253D636bc5d561d6e27071201a23%2526type%253D300x250%2526output%253Dhtml&ref=https%253A%252F%252Fxfantazy.com%252F&d_r=1&d_s=1280x1024&d_w=300x250&t_s=1675525358028&t_i=1675525358383&u_tz=0&u_l=en-US&u_l2=&u_l3=&pv_uid=762c4c00-4aab-445c-973c-87e0225d753b&nav_rc=0&nav_nt=NAVIGATE&p_nn=adxad-rtb&p_pt=IFRAME&imid=77968caa-a4a2-11ed-8703-e25a5bb9767f&spid=636bc5d561d6e27071201a23&fpid_sa=1675525358383&fpid=&feid_sa=1675525358383&sid_sa=1675525358383&feid=16984f54e1b8cee90015e4822a3f4c06&sid=62802078c5dd16862fc891bb27e0c374&u_adb=0&vn=T-0.1.1&utm_typ=referral&utm_src=xfantazy.com&s_rst=1&e_d=%7B%22isResetRequired%22%3Atrue%7D&t_op=0.398
185.98.53.29200 OK 0 B URL HTTP/1.1 adxadserv.com/px/event/v1?e_t=pageview&url=https%253A%252F%252Fads.adxadserv.com%252Fad%253Fspotid%253D636bc5d561d6e27071201a23%2526type%253D300x250%2526output%253Dhtml&ref=https%253A%252F%252Fxfantazy.com%252F&d_r=1&d_s=1280x1024&d_w=300x250&t_s=1675525358028&t_i=1675525358383&u_tz=0&u_l=en-US&u_l2=&u_l3=&pv_uid=762c4c00-4aab-445c-973c-87e0225d753b&nav_rc=0&nav_nt=NAVIGATE&p_nn=adxad-rtb&p_pt=IFRAME&imid=77968caa-a4a2-11ed-8703-e25a5bb9767f&spid=636bc5d561d6e27071201a23&fpid_sa=1675525358383&fpid=&feid_sa=1675525358383&sid_sa=1675525358383&feid=16984f54e1b8cee90015e4822a3f4c06&sid=62802078c5dd16862fc891bb27e0c374&u_adb=0&vn=T-0.1.1&utm_typ=referral&utm_src=xfantazy.com&s_rst=1&e_d=%7B%22isResetRequired%22%3Atrue%7D&t_op=0.398
IP 185.98.53.29:0
ASN #39572 DataWeb Global Group B.V.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /px/event/v1?e_t=pageview&url=https%253A%252F%252Fads.adxadserv.com%252Fad%253Fspotid%253D636bc5d561d6e27071201a23%2526type%253D300x250%2526output%253Dhtml&ref=https%253A%252F%252Fxfantazy.com%252F&d_r=1&d_s=1280x1024&d_w=300x250&t_s=1675525358028&t_i=1675525358383&u_tz=0&u_l=en-US&u_l2=&u_l3=&pv_uid=762c4c00-4aab-445c-973c-87e0225d753b&nav_rc=0&nav_nt=NAVIGATE&p_nn=adxad-rtb&p_pt=IFRAME&imid=77968caa-a4a2-11ed-8703-e25a5bb9767f&spid=636bc5d561d6e27071201a23&fpid_sa=1675525358383&fpid=&feid_sa=1675525358383&sid_sa=1675525358383&feid=16984f54e1b8cee90015e4822a3f4c06&sid=62802078c5dd16862fc891bb27e0c374&u_adb=0&vn=T-0.1.1&utm_typ=referral&utm_src=xfantazy.com&s_rst=1&e_d=%7B%22isResetRequired%22%3Atrue%7D&t_op=0.398 HTTP/1.1
Host: adxadserv.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ads.adxadserv.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
HTTP/1.1 200 OK
Server: nginx/1.20.1
Date: Sat, 04 Feb 2023 15:42:02 GMT
Content-Length: 0
Connection: keep-alive
ocsp.pki.goog/s/gts1p5/JOSWRLamYCo
142.250.74.131200 OK 4.7 kB URL HTTP/1.1 ocsp.pki.goog/s/gts1p5/JOSWRLamYCo
IP 142.250.74.131:0
Hash 79a2384a41d56dd81104a419ae5205b9
64b5ec5967ef89886f0b100b9bae434866a908d9
6807f95bbe1f75e2791d058bd4902041f24a7f37fb686cb226b6422c9ef7d18f
POST /s/gts1p5/JOSWRLamYCo HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 04 Feb 2023 15:42:02 GMT
Cache-Control: public, max-age=14400
Server: scaffolding on HTTPServer2
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
chaturbate.com/topembed/?join_overlay=1&tour=dTm0&campaign=taOsB&disable_sound=1&mobileRedirect=auto&embed_video_only=1&target=_blank
104.18.101.40302 Found 278 B URL HTTP/2 chaturbate.com/topembed/?join_overlay=1&tour=dTm0&campaign=taOsB&disable_sound=1&mobileRedirect=auto&embed_video_only=1&target=_blank
IP 104.18.101.40:0
Hash 8f027d3c6cbb7ac20739d625793de242
76e66c0c2a0a17eed38e5601f740d78077ae3eae
be7a9b4ba36604077c75c76234e39f33e0cc75fe9b717930f28bef0cbe90cdd3
GET /topembed/?join_overlay=1&tour=dTm0&campaign=taOsB&disable_sound=1&mobileRedirect=auto&embed_video_only=1&target=_blank HTTP/1.1
Host: chaturbate.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://a.medfoodsafety.com/
Connection: keep-alive
Cookie: __cf_bm=d4ahzy72wEmJlfkGM79G_0LmclQkmXGYyV71_YtFpSY-1675525322-0-AXBBSTKaVEY0CYJYNRUBev7+Zvb79jLIQpakyQk5m/dI4KvkGljevPniSHwJrPpEZZ7IWPe2/21prm3NMiPum0c=
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 302 Found
date: Sat, 04 Feb 2023 15:42:02 GMT
content-type: text/html; charset=utf-8
location: /embed/claire_moulin/?join_overlay=1&tour=dTm0&campaign=taOsB&disable_sound=1&mobileRedirect=auto&embed_video_only=1&target=_blank
p3p: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"
vary: Accept-Language, Cookie
content-language: en
content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.mmcdn.com https://*.highwebmedia.com https://*.chaturbate.com https://chaturbate.com https://ajax.googleapis.com https://js-agent.newrelic.com https://cdnjs.cloudflare.com https://www.google-analytics.com https://www.google.com/recaptcha/ https://www.google.com/cv/ https://www.gstatic.com/recaptcha/ https://www.gstatic.com/cv/ https://www.gstatic.com/eureka/ https://www.gstatic.com/cast/ https://*.nr-data.net https://certify-js.alexametrics.com https://player.vimeo.com/api/player.js https://static.hotjar.com https://script.hotjar.com ; style-src 'self' data: 'unsafe-inline' https://*.highwebmedia.com https://cdnjs.cloudflare.com https://fonts.googleapis.com https://static.hotjar.com https://script.hotjar.com; img-src 'self' data: https://*.mmcdn.com https://*.highwebmedia.com https://*.stream.highwebmedia.com https://*.chaturbate.com https://chaturbate.com https://www.google-analytics.com https://static-pub.highwebmedia.com https://s3pv.highwebmedia.com https://cbphotovideo.s3.amazonaws.com https://cbphotovideo-eu.s3.amazonaws.com https://static-pub.highwebmedia.com.s3.amazonaws.com https://wowdvr.s3.amazonaws.com https://cbvideoupload.s3.amazonaws.com https://cdnjs.cloudflare.com https://www.gstatic.com https://*.nr-data.net https://certify.alexametrics.com https://stats.g.doubleclick.net https://cbgames.s3.amazonaws.com https://player.vimeo.com https://script.hotjar.com http://script.hotjar.com ; font-src 'self' data: https://*.mmcdn.com https://*.highwebmedia.com https://cdnjs.cloudflare.com https://fonts.gstatic.com http://script.hotjar.com https://script.hotjar.com ; connect-src 'self' blob: blob https://*.mmcdn.com wss://*.mmcdn.com wss://*.mmcdn.com:8443 https://*.highwebmedia.com wss://*.highwebmedia.com wss://*.highwebmedia.com:8443 https://*.nr-data.net https://*.chaturbate.com https://chaturbate.com https://www.google-analytics.com https://cbvideoupload.s3-accelerate.amazonaws.com https://stats.g.doubleclick.net https://internet-up.ably-realtime.com https://static-pub.highwebmedia.com https://s3pv.highwebmedia.com https://cbphotovideo.s3.amazonaws.com https://cbphotovideo-eu.s3.amazonaws.com https://static-pub.highwebmedia.com.s3.amazonaws.com https://wowdvr.s3.amazonaws.com https://cbvideoupload.s3.amazonaws.com https://tls-use1.fpapi.io https://use1.fptls.com https://eun1.fptls.com https://aps1.fptls.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com ; media-src 'self' https://*.mmcdn.com https://*.highwebmedia.com https://*.chaturbate.com https://chaturbate.com mediasource: blob: data: https://static-pub.highwebmedia.com https://s3pv.highwebmedia.com https://cbphotovideo.s3.amazonaws.com https://cbphotovideo-eu.s3.amazonaws.com https://static-pub.highwebmedia.com.s3.amazonaws.com https://wowdvr.s3.amazonaws.com https://cbvideoupload.s3.amazonaws.com; object-src 'self' https://*.mmcdn.com https://*.highwebmedia.com https://download.macromedia.com https://static-pub.highwebmedia.com https://s3pv.highwebmedia.com https://cbphotovideo.s3.amazonaws.com https://cbphotovideo-eu.s3.amazonaws.com https://static-pub.highwebmedia.com.s3.amazonaws.com https://wowdvr.s3.amazonaws.com https://cbvideoupload.s3.amazonaws.com ; frame-src 'self' https://*.mmcdn.com https://*.chaturbate.com https://chaturbate.com https://*.highwebmedia.com https://adserver.exoticads.com https://www.google.com/recaptcha/ https://*.wnu.com https://wnu.com https://checkout.2000charge.com https://www.sofort.com https://*.girogate.de https://player.vimeo.com https://vars.hotjar.com ; child-src 'self' blob: blob ; worker-src 'self' blob: blob ; form-action 'self' https://*.chaturbate.com https://chaturbate.com https://*.stream.highwebmedia.com https://*.wnu.com https://wnu.com https://devportal.cb.dev https://*.web.amer-1.jumio.ai https://smartpay.coinsmart.com https://secure.paygarden.com ; manifest-src 'self' https://*.mmcdn.com https://*.highwebmedia.com ; report-uri https://report-uri.mmcdn.com/r/t/csp/enforce;
report-to: {"group":"default","max_age":2592000,"endpoints":[{"url":"https://report-uri.mmcdn.com/a/t/g"}],"include_subdomains":true}
nel: {"report_to":"default","max_age":2592000,"include_subdomains":true}
x-frame-options: DENY
cache-control: no-cache
set-cookie: affkey=eJyrVipSslJQyigpKSi20tdP1MtNTUnLz08pTkxLLanUS87P1VeqBQDmXQyt; Domain=.chaturbate.com; expires=Mon, 06 Mar 2023 15:42:02 GMT; Max-Age=2592000; Path=/
sbr=sec:sbr3dcfff50-a1b8-42ca-b1e9-08c5174db033:1pOKfy:LxiDGJXHi5I1VSio-yKkuvw-Bhk; Domain=.chaturbate.com; expires=Thu, 30 Oct 2025 15:42:02 GMT; HttpOnly; Max-Age=86313600; Path=/; Secure
x-content-type-options: nosniff
x-xss-protection: 1; mode=block; report=https://report-uri.highwebmedia.com/r/t/xss/enforce
referrer-policy: strict-origin-when-cross-origin
via: 1.1 google
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cf-cache-status: DYNAMIC
strict-transport-security: max-age=31536000; includeSubDomains; preload
server: cloudflare
cf-ray: 794483912c830b51-OSL
X-Firefox-Spdy: h2
unseenreport.com/pxf.gif?uuid=ff2f2f3c-c867-457c-a7e6-2940551d90ca&eb=afa55bd8bbaeee6cbf2f0b21fb513961&te=9e4947f35751465411fd1a4f5c358c78&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&dev=e&res=14.1055&b_frame=0&pk=a2f990f10476061c719d1c1aa3a2ecd2&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=15
192.243.61.227200 OK 1 B URL HTTP/1.1 unseenreport.com/pxf.gif?uuid=ff2f2f3c-c867-457c-a7e6-2940551d90ca&eb=afa55bd8bbaeee6cbf2f0b21fb513961&te=9e4947f35751465411fd1a4f5c358c78&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&dev=e&res=14.1055&b_frame=0&pk=a2f990f10476061c719d1c1aa3a2ecd2&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=15
IP 192.243.61.227:0
ASN #39572 DataWeb Global Group B.V.
File type very short file (no magic)
Hash 93b885adfe0da089cdf634904fd59f71
5ba93c9db0cff93f52b521d7420e43f6eda2784f
6e340b9cffb37a989ca544e6bb780a2c78901d3fb33738768511a30617afa01d
Analyzer Verdict Alert quad9 Sinkholed
GET /pxf.gif?uuid=ff2f2f3c-c867-457c-a7e6-2940551d90ca&eb=afa55bd8bbaeee6cbf2f0b21fb513961&te=9e4947f35751465411fd1a4f5c358c78&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&dev=e&res=14.1055&b_frame=0&pk=a2f990f10476061c719d1c1aa3a2ecd2&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=15 HTTP/1.1
Host: unseenreport.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Sat, 04 Feb 2023 15:42:02 GMT
Content-Type: image/gif
Content-Length: 1
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 898ecdf0737ab9b24af140cceb5cfd58
Strict-Transport-Security: max-age=0; includeSubdomains
unseenreport.com/pxf.gif?uuid=ff2f2f3c-c867-457c-a7e6-2940551d90ca&eb=afa55bd8bbaeee6cbf2f0b21fb513961&te=9e4947f35751465411fd1a4f5c358c78&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&dev=e&res=14.1055&b_frame=0&pk=4d0afc2425eea6b0cd5a468c9f8a69ed&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=15
192.243.61.227200 OK 1 B URL HTTP/1.1 unseenreport.com/pxf.gif?uuid=ff2f2f3c-c867-457c-a7e6-2940551d90ca&eb=afa55bd8bbaeee6cbf2f0b21fb513961&te=9e4947f35751465411fd1a4f5c358c78&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&dev=e&res=14.1055&b_frame=0&pk=4d0afc2425eea6b0cd5a468c9f8a69ed&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=15
IP 192.243.61.227:0
ASN #39572 DataWeb Global Group B.V.
File type very short file (no magic)
Hash 93b885adfe0da089cdf634904fd59f71
5ba93c9db0cff93f52b521d7420e43f6eda2784f
6e340b9cffb37a989ca544e6bb780a2c78901d3fb33738768511a30617afa01d
Analyzer Verdict Alert quad9 Sinkholed
GET /pxf.gif?uuid=ff2f2f3c-c867-457c-a7e6-2940551d90ca&eb=afa55bd8bbaeee6cbf2f0b21fb513961&te=9e4947f35751465411fd1a4f5c358c78&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&dev=e&res=14.1055&b_frame=0&pk=4d0afc2425eea6b0cd5a468c9f8a69ed&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=15 HTTP/1.1
Host: unseenreport.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Sat, 04 Feb 2023 15:42:02 GMT
Content-Type: image/gif
Content-Length: 1
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: ff0b94cdcd9357a309b2ea7abcb61f8a
Strict-Transport-Security: max-age=0; includeSubdomains
video.ktkjmp.com/adsbygoogle.js
104.18.48.21200 OK 16 B URL HTTP/2 video.ktkjmp.com/adsbygoogle.js
IP 104.18.48.21:0
Hash 3d7f7a60216d40dea48e495fef6903c9
fecdb5184f55cf012563d78940eb97b10b9cc99b
96d83ac9f20fc0b88404f307f135e212642e02d6ea295c96b28aed0d771a224f
GET /adsbygoogle.js HTTP/1.1
Host: video.ktkjmp.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://creative.xlivrdr.com/
Origin: https://creative.xlivrdr.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 04 Feb 2023 15:42:02 GMT
content-type: application/javascript
content-length: 16
x-amz-id-2: umnGOMVCjminO+qe5UBV06OrSizh/U59KvaEibge5v1gMRbq/UnThpljPBepeh+5w7wEpQIcu/4=
x-amz-request-id: 3YW9SERF7DC7262X
last-modified: Thu, 10 Mar 2022 13:52:07 GMT
etag: "3d7f7a60216d40dea48e495fef6903c9"
x-amz-meta-s3cmd-attrs: atime:1646920284/ctime:1646920283/gid:20/gname:staff/md5:3d7f7a60216d40dea48e495fef6903c9/mode:33188/mtime:1646920283/uid:501/uname:mikhailchubar
x-amz-version-id: eIgLIBoMMcsEXtxOH6UDjWyfAquRpkIG
access-control-allow-origin: https://creative.xlivrdr.com
access-control-allow-credentials: true
access-control-allow-headers: Content-Type, Content-Length, Accept-Encoding, x-requested-with
cf-cache-status: HIT
age: 1343
expires: Sat, 04 Feb 2023 19:42:02 GMT
cache-control: public, max-age=14400
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 794483937cf71bfa-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
unseenreport.com/pxf.gif?uuid=ff2f2f3c-c867-457c-a7e6-2940551d90ca&eb=afa55bd8bbaeee6cbf2f0b21fb513961&te=9e4947f35751465411fd1a4f5c358c78&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&dev=e&res=14.1055&b_frame=0&pk=01f75a95a38a8db0a8e82d995253a076&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=15
192.243.61.227200 OK 1 B URL HTTP/1.1 unseenreport.com/pxf.gif?uuid=ff2f2f3c-c867-457c-a7e6-2940551d90ca&eb=afa55bd8bbaeee6cbf2f0b21fb513961&te=9e4947f35751465411fd1a4f5c358c78&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&dev=e&res=14.1055&b_frame=0&pk=01f75a95a38a8db0a8e82d995253a076&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=15
IP 192.243.61.227:0
ASN #39572 DataWeb Global Group B.V.
File type very short file (no magic)
Hash 93b885adfe0da089cdf634904fd59f71
5ba93c9db0cff93f52b521d7420e43f6eda2784f
6e340b9cffb37a989ca544e6bb780a2c78901d3fb33738768511a30617afa01d
Analyzer Verdict Alert quad9 Sinkholed
GET /pxf.gif?uuid=ff2f2f3c-c867-457c-a7e6-2940551d90ca&eb=afa55bd8bbaeee6cbf2f0b21fb513961&te=9e4947f35751465411fd1a4f5c358c78&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&dev=e&res=14.1055&b_frame=0&pk=01f75a95a38a8db0a8e82d995253a076&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=15 HTTP/1.1
Host: unseenreport.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Sat, 04 Feb 2023 15:42:02 GMT
Content-Type: image/gif
Content-Length: 1
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: ed40bd7942087425f8eabc3f4fceee4f
Strict-Transport-Security: max-age=0; includeSubdomains
ocsp.digicert.com/
93.184.220.29200 OK 278 B IP 93.184.220.29:0
Hash 8f027d3c6cbb7ac20739d625793de242
76e66c0c2a0a17eed38e5601f740d78077ae3eae
be7a9b4ba36604077c75c76234e39f33e0cc75fe9b717930f28bef0cbe90cdd3
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5505
Cache-Control: max-age=131212
Content-Type: application/ocsp-response
Date: Sat, 04 Feb 2023 15:42:02 GMT
Etag: "63ddc4d5-116"
Expires: Mon, 06 Feb 2023 04:08:54 GMT
Last-Modified: Sat, 04 Feb 2023 02:37:09 GMT
Server: ECS (ska/F719)
X-Cache: HIT
Content-Length: 278
go.xlirdr.com/i?campaignId=banner2609start&creativeId=300x250&modelsCountry=&modelsLanguage=&sourceId=xfanta&tag=females&targetDomain=&buttonColor=&hideModelNameOnSmallSpots=0&hideTitleOnSmallSpots=1&liveBadgeColor=%2324d7d7&showButton=1&showModelName=1&showTitle=0&showLiveBadge=1&isXhDesign=0&actionButtonPlacement=bottom&thumbSizeKey=small&hideButtonOnSmallSpots=1&userId=b47aedc2c088e2f21e0cc23e0318384c557941461efdbc48212e7282df45f2f4&landing=WidgetV4Universal
104.18.59.150302 Found 0 B URL HTTP/2 go.xlirdr.com/i?campaignId=banner2609start&creativeId=300x250&modelsCountry=&modelsLanguage=&sourceId=xfanta&tag=females&targetDomain=&buttonColor=&hideModelNameOnSmallSpots=0&hideTitleOnSmallSpots=1&liveBadgeColor=%2324d7d7&showButton=1&showModelName=1&showTitle=0&showLiveBadge=1&isXhDesign=0&actionButtonPlacement=bottom&thumbSizeKey=small&hideButtonOnSmallSpots=1&userId=b47aedc2c088e2f21e0cc23e0318384c557941461efdbc48212e7282df45f2f4&landing=WidgetV4Universal
IP 104.18.59.150:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /i?campaignId=banner2609start&creativeId=300x250&modelsCountry=&modelsLanguage=&sourceId=xfanta&tag=females&targetDomain=&buttonColor=&hideModelNameOnSmallSpots=0&hideTitleOnSmallSpots=1&liveBadgeColor=%2324d7d7&showButton=1&showModelName=1&showTitle=0&showLiveBadge=1&isXhDesign=0&actionButtonPlacement=bottom&thumbSizeKey=small&hideButtonOnSmallSpots=1&userId=b47aedc2c088e2f21e0cc23e0318384c557941461efdbc48212e7282df45f2f4&landing=WidgetV4Universal HTTP/1.1
Host: go.xlirdr.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://cams.gratis/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
date: Sat, 04 Feb 2023 15:42:02 GMT
content-length: 0
location: https://creative.xlirdr.com/widgets/v4/Universal/?actionButtonPlacement=bottom&buttonColor=&campaignId=banner2609start&creativeId=300x250&domain=stripchat&hideButtonOnSmallSpots=1&hideModelNameOnSmallSpots=0&hideTitleOnSmallSpots=1&isXhDesign=0&liveBadgeColor=%2324d7d7&modelsCountry=&modelsLanguage=&showButton=1&showLiveBadge=1&showModelName=1&showTitle=0&sound=off&sourceId=xfanta&tag=females&targetDomain=&thumbSizeKey=small&trackOff=1&userId=b47aedc2c088e2f21e0cc23e0318384c557941461efdbc48212e7282df45f2f4
access-control-allow-origin: *
cf-cache-status: DYNAMIC
set-cookie: __cflb=02DiuDfsBaY2bRYJiCeS4Kkib9dpHBnhaepChANKNDNNY; SameSite=None; Secure; path=/; expires=Sun, 05-Feb-23 14:42:02 GMT; HttpOnly
server: cloudflare
cf-ray: 794483935a931c0a-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
unseenreport.com/pxf.gif?uuid=ff2f2f3c-c867-457c-a7e6-2940551d90ca&eb=afa55bd8bbaeee6cbf2f0b21fb513961&te=9e4947f35751465411fd1a4f5c358c78&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&dev=e&res=14.1055&b_frame=0&pk=21fe3950f412e026c33f1b6cee613eba&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=15
192.243.61.227200 OK 1 B URL HTTP/1.1 unseenreport.com/pxf.gif?uuid=ff2f2f3c-c867-457c-a7e6-2940551d90ca&eb=afa55bd8bbaeee6cbf2f0b21fb513961&te=9e4947f35751465411fd1a4f5c358c78&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&dev=e&res=14.1055&b_frame=0&pk=21fe3950f412e026c33f1b6cee613eba&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=15
IP 192.243.61.227:0
ASN #39572 DataWeb Global Group B.V.
File type very short file (no magic)
Hash 93b885adfe0da089cdf634904fd59f71
5ba93c9db0cff93f52b521d7420e43f6eda2784f
6e340b9cffb37a989ca544e6bb780a2c78901d3fb33738768511a30617afa01d
Analyzer Verdict Alert quad9 Sinkholed
GET /pxf.gif?uuid=ff2f2f3c-c867-457c-a7e6-2940551d90ca&eb=afa55bd8bbaeee6cbf2f0b21fb513961&te=9e4947f35751465411fd1a4f5c358c78&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&dev=e&res=14.1055&b_frame=0&pk=21fe3950f412e026c33f1b6cee613eba&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=15 HTTP/1.1
Host: unseenreport.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Sat, 04 Feb 2023 15:42:02 GMT
Content-Type: image/gif
Content-Length: 1
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 6eb7cc1c1de7932a82421b7cfff5c3f9
Strict-Transport-Security: max-age=0; includeSubdomains
e1.o.lencr.org/
23.36.77.32200 OK 344 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash ae1a7d7505a1a76c4b9340e512601909
84a6aadad240c6b87617ce081f51368c54330a30
18d765be5478156b5bd6810118465a49404fffb42c28063541d6f9e6f30e0ce4
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 344
ETag: "18D765BE5478156B5BD6810118465A49404FFFB42C28063541D6F9E6F30E0CE4"
Last-Modified: Sat, 04 Feb 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=19398
Expires: Sat, 04 Feb 2023 21:05:20 GMT
Date: Sat, 04 Feb 2023 15:42:02 GMT
Connection: keep-alive
pxl.tsyndicate.com/api/v1/p/p.js?p=APeIQFMmDJkycuaI0DEjBgsRYcbQWehQBJ0zCyHGwIEjjI0ZN1rMsCEjTAsaNGzUaBHmxg0yLcbI4IgjhxgcN8zYoCHiYZg6YzLaKCOmTI4ZM8bETGrm5E0aLMPUwNEiBg0xDW-EgVGUjJieEMnYWWgjB8mHcOp81RFDRg4YFcPAgbMQJ40ZD-fAmcgQBwy_OB-20cuXBgyVNWJUHNOGrg4aMmrkyFHDJxkzC2c-FOPGTWa_G2tUFtHGDUYdMm6MzIG29GmVNCrWiZERDR06cOboePEijAuDdEy7GPOmzYszZei8iAEDLgwZNHD8oJOmTZkeMSRDz0Ejx8wbMmxwqdM8fBg6Y3pAlkx5fHkbcsX0mONmTRkhb4aUwZGHCZMvNiCxRA1SrIHEDG0s4YQdT5jRFAxTlGaHGmHM0IIcQTRRxRdv9BcEHWEkuMYMX0zBxhhr1HFFE0vkcAMRSXyRhRBkYEEFG0PMcQUaReDIWR1t4DYEFUrIkQMbczBBRRlOMCHEDVOUQQUdQhQxhg1qsHGHFGE4AYUdX5xRRRJESFFFGmDB0QZFD72hJpsikFFcRr65cV4dcoTBBkF60oHGHG_gOUYZw7GhFlhjnLfQFg11gZYcQekAgwvNVSQGZpJSupiaX8AB6UKTVtpdRXLY4Vh2D5UxxpuZVnpDDTQ8VEcdaOogAg5lyECUcyyNEQNM0dVQRgtiyJAasWPcEBtR2ZEhQ1APpeGYCDnE4MJbLkDmQnY8PSTHF9JmVO21k2rLLVh1hJFRE2_okQYbbITxQg2UgoDCFWm4Iecdc4DgBBUgMEfpDiDg68ZOBOOBMAilsgUDvTCkAMIRqq7xxgsyOOdcDCAYkYYcZZjxBh7LPUwpopGK4MQTYL3x7RgprwzWiRkV4QRYB4EJMhsU1eASDiP5BYO3Z3iG2lQ3PJTzF2LIURcOSpcBZhtvkPGZDRWRIccbC-ElwhsKPfboyHksFKsIIGM60G257dabC3bSgaeefLLhJ6CCEjqGoWK8ANYdGbXlF1hoBP5ctyLMUWpGW4NIh8st1OFGGnRURS8ZvsqAc8oHfYF5W2DRsSZbNrxaQ2QzGPuQ6JqTbjrqxioWFxlfgKzXF4q6LhrsFUmNOxsI0RE2ozQ4CpEYfMUZ8k92p0mzpA-NcRoMfSgQEA%3D%3D&s=8ba93388eb778b2e9cb4c68295e48688ecf133f159dd1ebd2d244acd4760e2531675525322&w=t&r=1&d=520&priv=false
136.243.43.25200 OK 118 B URL HTTP/2 pxl.tsyndicate.com/api/v1/p/p.js?p=APeIQFMmDJkycuaI0DEjBgsRYcbQWehQBJ0zCyHGwIEjjI0ZN1rMsCEjTAsaNGzUaBHmxg0yLcbI4IgjhxgcN8zYoCHiYZg6YzLaKCOmTI4ZM8bETGrm5E0aLMPUwNEiBg0xDW-EgVGUjJieEMnYWWgjB8mHcOp81RFDRg4YFcPAgbMQJ40ZD-fAmcgQBwy_OB-20cuXBgyVNWJUHNOGrg4aMmrkyFHDJxkzC2c-FOPGTWa_G2tUFtHGDUYdMm6MzIG29GmVNCrWiZERDR06cOboePEijAuDdEy7GPOmzYszZei8iAEDLgwZNHD8oJOmTZkeMSRDz0Ejx8wbMmxwqdM8fBg6Y3pAlkx5fHkbcsX0mONmTRkhb4aUwZGHCZMvNiCxRA1SrIHEDG0s4YQdT5jRFAxTlGaHGmHM0IIcQTRRxRdv9BcEHWEkuMYMX0zBxhhr1HFFE0vkcAMRSXyRhRBkYEEFG0PMcQUaReDIWR1t4DYEFUrIkQMbczBBRRlOMCHEDVOUQQUdQhQxhg1qsHGHFGE4AYUdX5xRRRJESFFFGmDB0QZFD72hJpsikFFcRr65cV4dcoTBBkF60oHGHG_gOUYZw7GhFlhjnLfQFg11gZYcQekAgwvNVSQGZpJSupiaX8AB6UKTVtpdRXLY4Vh2D5UxxpuZVnpDDTQ8VEcdaOogAg5lyECUcyyNEQNM0dVQRgtiyJAasWPcEBtR2ZEhQ1APpeGYCDnE4MJbLkDmQnY8PSTHF9JmVO21k2rLLVh1hJFRE2_okQYbbITxQg2UgoDCFWm4Iecdc4DgBBUgMEfpDiDg68ZOBOOBMAilsgUDvTCkAMIRqq7xxgsyOOdcDCAYkYYcZZjxBh7LPUwpopGK4MQTYL3x7RgprwzWiRkV4QRYB4EJMhsU1eASDiP5BYO3Z3iG2lQ3PJTzF2LIURcOSpcBZhtvkPGZDRWRIccbC-ElwhsKPfboyHksFKsIIGM60G257dabC3bSgaeefLLhJ6CCEjqGoWK8ANYdGbXlF1hoBP5ctyLMUWpGW4NIh8st1OFGGnRURS8ZvsqAc8oHfYF5W2DRsSZbNrxaQ2QzGPuQ6JqTbjrqxioWFxlfgKzXF4q6LhrsFUmNOxsI0RE2ozQ4CpEYfMUZ8k92p0mzpA-NcRoMfSgQEA%3D%3D&s=8ba93388eb778b2e9cb4c68295e48688ecf133f159dd1ebd2d244acd4760e2531675525322&w=t&r=1&d=520&priv=false
IP 136.243.43.25:0
ASN #24940 Hetzner Online GmbH
Hash 920b795fe2f517c7bf770dcbcfa30a0b
5589fd9c969b81b71f68106f8a34d525a7f01d52
393e5719e798e5497ed6060f8ae16f7325c291ee21fa5c6435d58d7f31d20bc1
GET /api/v1/p/p.js?p=APeIQFMmDJkycuaI0DEjBgsRYcbQWehQBJ0zCyHGwIEjjI0ZN1rMsCEjTAsaNGzUaBHmxg0yLcbI4IgjhxgcN8zYoCHiYZg6YzLaKCOmTI4ZM8bETGrm5E0aLMPUwNEiBg0xDW-EgVGUjJieEMnYWWgjB8mHcOp81RFDRg4YFcPAgbMQJ40ZD-fAmcgQBwy_OB-20cuXBgyVNWJUHNOGrg4aMmrkyFHDJxkzC2c-FOPGTWa_G2tUFtHGDUYdMm6MzIG29GmVNCrWiZERDR06cOboePEijAuDdEy7GPOmzYszZei8iAEDLgwZNHD8oJOmTZkeMSRDz0Ejx8wbMmxwqdM8fBg6Y3pAlkx5fHkbcsX0mONmTRkhb4aUwZGHCZMvNiCxRA1SrIHEDG0s4YQdT5jRFAxTlGaHGmHM0IIcQTRRxRdv9BcEHWEkuMYMX0zBxhhr1HFFE0vkcAMRSXyRhRBkYEEFG0PMcQUaReDIWR1t4DYEFUrIkQMbczBBRRlOMCHEDVOUQQUdQhQxhg1qsHGHFGE4AYUdX5xRRRJESFFFGmDB0QZFD72hJpsikFFcRr65cV4dcoTBBkF60oHGHG_gOUYZw7GhFlhjnLfQFg11gZYcQekAgwvNVSQGZpJSupiaX8AB6UKTVtpdRXLY4Vh2D5UxxpuZVnpDDTQ8VEcdaOogAg5lyECUcyyNEQNM0dVQRgtiyJAasWPcEBtR2ZEhQ1APpeGYCDnE4MJbLkDmQnY8PSTHF9JmVO21k2rLLVh1hJFRE2_okQYbbITxQg2UgoDCFWm4Iecdc4DgBBUgMEfpDiDg68ZOBOOBMAilsgUDvTCkAMIRqq7xxgsyOOdcDCAYkYYcZZjxBh7LPUwpopGK4MQTYL3x7RgprwzWiRkV4QRYB4EJMhsU1eASDiP5BYO3Z3iG2lQ3PJTzF2LIURcOSpcBZhtvkPGZDRWRIccbC-ElwhsKPfboyHksFKsIIGM60G257dabC3bSgaeefLLhJ6CCEjqGoWK8ANYdGbXlF1hoBP5ctyLMUWpGW4NIh8st1OFGGnRURS8ZvsqAc8oHfYF5W2DRsSZbNrxaQ2QzGPuQ6JqTbjrqxioWFxlfgKzXF4q6LhrsFUmNOxsI0RE2ozQ4CpEYfMUZ8k92p0mzpA-NcRoMfSgQEA%3D%3D&s=8ba93388eb778b2e9cb4c68295e48688ecf133f159dd1ebd2d244acd4760e2531675525322&w=t&r=1&d=520&priv=false HTTP/1.1
Host: pxl.tsyndicate.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://a.naturalhealthsource.club/
Cookie: ts_uid=8e2eb010-ac1d-485e-b227-bc741eb15d2c; bfq=APeIECNCx5YZMGbcmEGDBgsZOGDEwFGjRhcWIsYU3BKDRYyLIspsjGHjRg0bMWLckNGRpEmUKmXI6NJH
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Sat, 04 Feb 2023 15:42:02 GMT
content-type: text/plain; charset=utf-8
content-length: 24
x-robots-tag: noindex, nofollow
X-Firefox-Spdy: h2
e1.o.lencr.org/
23.36.77.32200 OK 344 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash ae1a7d7505a1a76c4b9340e512601909
84a6aadad240c6b87617ce081f51368c54330a30
18d765be5478156b5bd6810118465a49404fffb42c28063541d6f9e6f30e0ce4
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 344
ETag: "18D765BE5478156B5BD6810118465A49404FFFB42C28063541D6F9E6F30E0CE4"
Last-Modified: Sat, 04 Feb 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=19398
Expires: Sat, 04 Feb 2023 21:05:20 GMT
Date: Sat, 04 Feb 2023 15:42:02 GMT
Connection: keep-alive
pxl.tsyndicate.com/api/v1/p/p.js?p=APeIQFMmDJkycuaI0BGjBgsRYcbQWRjjIZ0zC0WYMSMmBwwxMXC0mJHjRowWNMbQINNCDI4wN1qQgZHDDI0aNczY2FlDxMMwdcZkJHPTzAwcZHK0yCGGJkoZMGS0LFNDTIsyYxrKGFMDxowaNML4hEjGDkUaJnE8hFNHDEUZHitChANnIY4bNGY8nANnog4aMr7ihPFwTJu6f2_cwEFDLVkzFB-KceNm4QyvN2bQoPGwjRuMDGfIgLrWM2gbYOXWiZERDR06cOboePHizBsXeNiksSOHjBwXY960eTGnTRg5sN_AeeF18wyTNi7LUByDBgyiZWyUYfzchgwxZMzksLEybJkbYozWiEF9fMMcOcFnHyPDYJgYMX7UmYMwCZkeZMQAAwxm3BBeDGIcVcN0XNVUHwwxjJFdDUil55IYNoyXAw05ZLVVdRnGQJ5NMOAgooFhRRgGF3UMKIMNc7xRhxwS-tcDWos1xqKLNrRRRhti9PefEFWEUQYbN9gwBA5YhBEEEXFMQUQMOQjRwhBTlFHEF0mwEQQORMwwhR5u6DEGGTNkoYeBaVhRhw1FwPHFeDXAQcMadsAgRRBsTPEFHklAUQQOVeghhxo0xKHHG2m0EMUbSygxxBVQyFBHE3RYOUeTRlCh5BJNSMEEDS1UYcZHURJxxxdnVJEEEVJUkcaOUdkARww3BoZTV2ORIVxGYbjgRhh0zBgGGwQdSwcaMc4oIXBstDXWGMQutMUMMXSxFo0LyeCCdi3A4JAI6S0EgwsQFgZHG1_Awa0O50Ylg1xy2IFYQw9hta656OolQh11pJERDmXIUEZTArYQUQwsNVZDGS2NFpMYY-AVw8ENkbHVWGkgJkIOMbjgkQuAudAQDWPJ8UXHGYEs8rklnzxWHWLpIEITb-iRBhtshPFCDeiCgMIVabjh6x1zgOAEFSAIiO4OIBDtBnlQ40E1CPUyJC66KYBwBFZrvPECVAJCCCEIRqQhRxlmvIHHCwICDcO0QtnsxBNjvaHyGHWLcPdYbPRdhBO9lmHHF2uzQVENiuEwgw04DPiQHGdUpoMMFN7w0EGHiyGHXY5x_kUbb5DRLQ42yOXbG5Y99IZCf23rdh4LcSYCGXlYToccdZQxOdutvRbbbC8EO2yxchybLBvLNktjGdC29cJYc9SbkRxv0EGs3i3U4UYadLSQoQtkeNhr3wd9UX4MMoxFRxsU2XADTpiLJtf77TMkP_012L-YDT8hA-LKwJcvVEt_81tQ_-aVr8MdCyF0gN0W2MMCEWkLImLwy-3YBhTmjQUOgTNXYUADgz4oICA%3D&s=d652d58d14332283841da4e9f9ea0c01cb0dcb8c61bc531e3e2675020c60a2931675525321&w=t&r=1&d=547&priv=false
136.243.43.25200 OK 24 B URL HTTP/2 pxl.tsyndicate.com/api/v1/p/p.js?p=APeIQFMmDJkycuaI0BGjBgsRYcbQWRjjIZ0zC0WYMSMmBwwxMXC0mJHjRowWNMbQINNCDI4wN1qQgZHDDI0aNczY2FlDxMMwdcZkJHPTzAwcZHK0yCGGJkoZMGS0LFNDTIsyYxrKGFMDxowaNML4hEjGDkUaJnE8hFNHDEUZHitChANnIY4bNGY8nANnog4aMr7ihPFwTJu6f2_cwEFDLVkzFB-KceNm4QyvN2bQoPGwjRuMDGfIgLrWM2gbYOXWiZERDR06cOboePHizBsXeNiksSOHjBwXY960eTGnTRg5sN_AeeF18wyTNi7LUByDBgyiZWyUYfzchgwxZMzksLEybJkbYozWiEF9fMMcOcFnHyPDYJgYMX7UmYMwCZkeZMQAAwxm3BBeDGIcVcN0XNVUHwwxjJFdDUil55IYNoyXAw05ZLVVdRnGQJ5NMOAgooFhRRgGF3UMKIMNc7xRhxwS-tcDWos1xqKLNrRRRhti9PefEFWEUQYbN9gwBA5YhBEEEXFMQUQMOQjRwhBTlFHEF0mwEQQORMwwhR5u6DEGGTNkoYeBaVhRhw1FwPHFeDXAQcMadsAgRRBsTPEFHklAUQQOVeghhxo0xKHHG2m0EMUbSygxxBVQyFBHE3RYOUeTRlCh5BJNSMEEDS1UYcZHURJxxxdnVJEEEVJUkcaOUdkARww3BoZTV2ORIVxGYbjgRhh0zBgGGwQdSwcaMc4oIXBstDXWGMQutMUMMXSxFo0LyeCCdi3A4JAI6S0EgwsQFgZHG1_Awa0O50Ylg1xy2IFYQw9hta656OolQh11pJERDmXIUEZTArYQUQwsNVZDGS2NFpMYY-AVw8ENkbHVWGkgJkIOMbjgkQuAudAQDWPJ8UXHGYEs8rklnzxWHWLpIEITb-iRBhtshPFCDeiCgMIVabjh6x1zgOAEFSAIiO4OIBDtBnlQ40E1CPUyJC66KYBwBFZrvPECVAJCCCEIRqQhRxlmvIHHCwICDcO0QtnsxBNjvaHyGHWLcPdYbPRdhBO9lmHHF2uzQVENiuEwgw04DPiQHGdUpoMMFN7w0EGHiyGHXY5x_kUbb5DRLQ42yOXbG5Y99IZCf23rdh4LcSYCGXlYToccdZQxOdutvRbbbC8EO2yxchybLBvLNktjGdC29cJYc9SbkRxv0EGs3i3U4UYadLSQoQtkeNhr3wd9UX4MMoxFRxsU2XADTpiLJtf77TMkP_012L-YDT8hA-LKwJcvVEt_81tQ_-aVr8MdCyF0gN0W2MMCEWkLImLwy-3YBhTmjQUOgTNXYUADgz4oICA%3D&s=d652d58d14332283841da4e9f9ea0c01cb0dcb8c61bc531e3e2675020c60a2931675525321&w=t&r=1&d=547&priv=false
IP 136.243.43.25:0
ASN #24940 Hetzner Online GmbH
File type ASCII text, with no line terminators
Hash 0959ba36d476b6dc1994ba3c678b07c4
d30b94da72daa02766965206a85b7e0356375f5e
897410b87e27e3dfba3a7d6caab315a5e69cc941bb96d91fc74878a9b051843a
GET /api/v1/p/p.js?p=APeIQFMmDJkycuaI0BGjBgsRYcbQWRjjIZ0zC0WYMSMmBwwxMXC0mJHjRowWNMbQINNCDI4wN1qQgZHDDI0aNczY2FlDxMMwdcZkJHPTzAwcZHK0yCGGJkoZMGS0LFNDTIsyYxrKGFMDxowaNML4hEjGDkUaJnE8hFNHDEUZHitChANnIY4bNGY8nANnog4aMr7ihPFwTJu6f2_cwEFDLVkzFB-KceNm4QyvN2bQoPGwjRuMDGfIgLrWM2gbYOXWiZERDR06cOboePHizBsXeNiksSOHjBwXY960eTGnTRg5sN_AeeF18wyTNi7LUByDBgyiZWyUYfzchgwxZMzksLEybJkbYozWiEF9fMMcOcFnHyPDYJgYMX7UmYMwCZkeZMQAAwxm3BBeDGIcVcN0XNVUHwwxjJFdDUil55IYNoyXAw05ZLVVdRnGQJ5NMOAgooFhRRgGF3UMKIMNc7xRhxwS-tcDWos1xqKLNrRRRhti9PefEFWEUQYbN9gwBA5YhBEEEXFMQUQMOQjRwhBTlFHEF0mwEQQORMwwhR5u6DEGGTNkoYeBaVhRhw1FwPHFeDXAQcMadsAgRRBsTPEFHklAUQQOVeghhxo0xKHHG2m0EMUbSygxxBVQyFBHE3RYOUeTRlCh5BJNSMEEDS1UYcZHURJxxxdnVJEEEVJUkcaOUdkARww3BoZTV2ORIVxGYbjgRhh0zBgGGwQdSwcaMc4oIXBstDXWGMQutMUMMXSxFo0LyeCCdi3A4JAI6S0EgwsQFgZHG1_Awa0O50Ylg1xy2IFYQw9hta656OolQh11pJERDmXIUEZTArYQUQwsNVZDGS2NFpMYY-AVw8ENkbHVWGkgJkIOMbjgkQuAudAQDWPJ8UXHGYEs8rklnzxWHWLpIEITb-iRBhtshPFCDeiCgMIVabjh6x1zgOAEFSAIiO4OIBDtBnlQ40E1CPUyJC66KYBwBFZrvPECVAJCCCEIRqQhRxlmvIHHCwICDcO0QtnsxBNjvaHyGHWLcPdYbPRdhBO9lmHHF2uzQVENiuEwgw04DPiQHGdUpoMMFN7w0EGHiyGHXY5x_kUbb5DRLQ42yOXbG5Y99IZCf23rdh4LcSYCGXlYToccdZQxOdutvRbbbC8EO2yxchybLBvLNktjGdC29cJYc9SbkRxv0EGs3i3U4UYadLSQoQtkeNhr3wd9UX4MMoxFRxsU2XADTpiLJtf77TMkP_012L-YDT8hA-LKwJcvVEt_81tQ_-aVr8MdCyF0gN0W2MMCEWkLImLwy-3YBhTmjQUOgTNXYUADgz4oICA%3D&s=d652d58d14332283841da4e9f9ea0c01cb0dcb8c61bc531e3e2675020c60a2931675525321&w=t&r=1&d=547&priv=false HTTP/1.1
Host: pxl.tsyndicate.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://tsyndicate.com/
Cookie: ts_uid=8e2eb010-ac1d-485e-b227-bc741eb15d2c; bfq=APeIECNCx5YZMGbcmEGDBgsZOGDEwFGjRhcWIsYU3BKDRYyLIspsjGHjRg0bMWLckNGRpEmUKmXI6NJH
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
HTTP/2 200 OK
server: nginx
date: Sat, 04 Feb 2023 15:42:02 GMT
content-type: text/plain; charset=utf-8
content-length: 24
x-robots-tag: noindex, nofollow
X-Firefox-Spdy: h2
k03y7.xyz/images/campaigns/creativity-2308521-16693108308667.png
188.114.97.1200 OK 25 kB URL HTTP/2 k03y7.xyz/images/campaigns/creativity-2308521-16693108308667.png
IP 188.114.97.1:0
File type PNG image data, 192 x 192, 8-bit colormap, non-interlaced\012- data
Hash c168c6b74312da308388c450def122b4
99a9c781305e19ad2134e843d25a4730c5485737
0f3dddc67a27688b19dc772302fd59dfaed3f16312d3ea6e7e0d31d515a56297
GET /images/campaigns/creativity-2308521-16693108308667.png HTTP/1.1
Host: k03y7.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 04 Feb 2023 15:42:02 GMT
content-type: image/png
content-length: 24894
cdn-pullzone: 283898
cdn-uid: 10270df6-3a78-4ee3-9e7e-62f57a8521e8
cdn-requestcountrycode: NO
cache-control: public, max-age=31919000
etag: "637fa96f-613e"
last-modified: Thu, 24 Nov 2022 17:27:11 GMT
cdn-proxyver: 1.03
cdn-requestpullsuccess: True
cdn-requestpullcode: 200
cdn-cachedat: 11/24/2022 17:34:52
cdn-edgestorageid: 860
cdn-status: 200
cdn-requestid: d51467ca00817c96863976afe42c701a
cdn-cache: HIT
cf-cache-status: HIT
age: 6119449
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=jQ1n37yoWWKyKAOrB0OwaQmfS%2BCGE0WxenLsB919w3DccOuj1mXDflBV8ZemHLyQGp%2BZ9Wes7srSYg34iGcnAr5w3kqb1PN4xlVacFgTXcp5pDWOP3Sed7y1EaA%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 794483944c5eb509-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
tsyndicate.com/do2/4K7esoiMRbdmWXtGu7Vp9FjsD2M7K5vE/master?w=1280&h=1024&tz=0&count=10
136.243.134.97200 OK 3.0 kB URL HTTP/2 tsyndicate.com/do2/4K7esoiMRbdmWXtGu7Vp9FjsD2M7K5vE/master?w=1280&h=1024&tz=0&count=10
IP 136.243.134.97:0
ASN #24940 Hetzner Online GmbH
Hash 854a14f14f515d2c5629c68bdf2e0abe
f81ee78f6085d704fabb1a8660d70489b888aa3f
fb9c4275d75f29c204d178e54982a6d17ed63f09647a584dd6e4ffd9a4cfc8e8
GET /do2/4K7esoiMRbdmWXtGu7Vp9FjsD2M7K5vE/master?w=1280&h=1024&tz=0&count=10 HTTP/1.1
Host: tsyndicate.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://a.naturalhealthsource.club
Connection: keep-alive
Referer: https://a.naturalhealthsource.club/
Cookie: ts_uid=8e2eb010-ac1d-485e-b227-bc741eb15d2c; bfq=APeIECNCx5YZMGbcmEGDRhcWIsYU3BLjoYgyE2PYuFHDRowYN2RU7KMg
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 04 Feb 2023 15:42:02 GMT
content-type: application/json; charset=utf-8
access-control-allow-origin: https://a.naturalhealthsource.club
access-control-allow-methods: POST, GET, HEAD
access-control-allow-headers: Accept, X-Requested-With, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, X-Legacy
access-control-allow-credentials: true
pragma: no-cache
expires: 0
vary: Accept-Encoding, *
x-api-version: 2
link: <https://lcdn.tsyndicate.com/sdk/v1/b.b.js>; rel=preload; as=script
x-request-id: 0e86124ae8e76d45
set-cookie: ts_uid=8e2eb010-ac1d-485e-b227-bc741eb15d2c; expires=Fri, 04 Aug 2023 15:42:02 GMT; domain=.tsyndicate.com; path=/; HttpOnly; secure; SameSite=None
bfq=APeIECNCx5YZMGbcmEGDBgsZOGDEwFGjRhcWIsYU3BKDRYyLIspsjGHjRg0bMWLckNGRpEmUKmXI6NJH; expires=Sun, 05 Feb 2023 15:42:02 GMT; domain=.tsyndicate.com; path=/; secure; SameSite=None
cache-control: no-cache, no-store, no-transform, must-revalidate, no-transform
x-robots-tag: none, noindex, nofollow
report-to: { "url": "https://pxl.tsyndicate.com/api/v1/heavy-ad/report", "max_age": 86401 }
content-encoding: gzip
X-Firefox-Spdy: h2
ocsp.pki.goog/s/gts1p5/JOSWRLamYCo
142.250.74.131200 OK 472 B URL HTTP/1.1 ocsp.pki.goog/s/gts1p5/JOSWRLamYCo
IP 142.250.74.131:0
Hash e755b311d8373f3666998d560d2ab0d2
ca9770909afe5e96f44450c80744113a26aea04c
e46a54ba60e23f467752512884ed570a1b3e1276a6b4c508486d8b366c4d44b0
POST /s/gts1p5/JOSWRLamYCo HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 04 Feb 2023 15:42:02 GMT
Cache-Control: public, max-age=14400
Server: scaffolding on HTTPServer2
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/s/gts1p5/JOSWRLamYCo
142.250.74.131200 OK 79 kB URL HTTP/1.1 ocsp.pki.goog/s/gts1p5/JOSWRLamYCo
IP 142.250.74.131:0
Hash 177ae4673443ee38cc01d1972fd37dc7
265723b69f3fed0342bef7e8b1bb155ddad5b64f
d75928e4ef6556948efb846cce1b2015bdcb600f6ecf8ffefef094918c1b39a4
POST /s/gts1p5/JOSWRLamYCo HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 04 Feb 2023 15:42:03 GMT
Cache-Control: public, max-age=14400
Server: scaffolding on HTTPServer2
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.digicert.com/
93.184.220.29200 OK 280 B IP 93.184.220.29:0
Hash f0a2c75ca4cc72cf2477f1457c96323e
787bb1bdb7c7faa5a5ccfb5194abc5d9b8d8d0ca
34ce6167ecf6dbccf1c2aefd01dd17881fd5b8a44f2e1cdb63f22805239266a5
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 2537
Cache-Control: max-age=140491
Content-Type: application/ocsp-response
Date: Sat, 04 Feb 2023 15:42:03 GMT
Etag: "63ddf4ad-118"
Expires: Mon, 06 Feb 2023 06:43:34 GMT
Last-Modified: Sat, 04 Feb 2023 06:01:17 GMT
Server: ECS (ska/F719)
X-Cache: HIT
Content-Length: 280
ocsp.digicert.com/
93.184.220.29200 OK 313 B IP 93.184.220.29:0
Hash d1ad16d539b3abf2cdb01778d2c64585
b4d83c2a1bc4fdd06e03c96dfe173ad053ac2ef9
26a942a460938aa688cfb5134c33800423cc2ee979eab5a60a079dc3ebb118ff
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 2087
Cache-Control: max-age=109433
Content-Type: application/ocsp-response
Date: Sat, 04 Feb 2023 15:42:03 GMT
Etag: "63dd7d1d-139"
Expires: Sun, 05 Feb 2023 22:05:56 GMT
Last-Modified: Fri, 03 Feb 2023 21:31:09 GMT
Server: ECS (ska/F719)
X-Cache: HIT
Content-Length: 313
ocsp.digicert.com/
93.184.220.29200 OK 313 B IP 93.184.220.29:0
Hash d1ad16d539b3abf2cdb01778d2c64585
b4d83c2a1bc4fdd06e03c96dfe173ad053ac2ef9
26a942a460938aa688cfb5134c33800423cc2ee979eab5a60a079dc3ebb118ff
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3219
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Sat, 04 Feb 2023 15:42:03 GMT
Last-Modified: Sat, 04 Feb 2023 14:48:25 GMT
Server: ECS (ska/F709)
X-Cache: HIT
Content-Length: 313
ocsp.digicert.com/
93.184.220.29200 OK 313 B IP 93.184.220.29:0
Hash d1ad16d539b3abf2cdb01778d2c64585
b4d83c2a1bc4fdd06e03c96dfe173ad053ac2ef9
26a942a460938aa688cfb5134c33800423cc2ee979eab5a60a079dc3ebb118ff
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 2087
Cache-Control: max-age=109433
Content-Type: application/ocsp-response
Date: Sat, 04 Feb 2023 15:42:03 GMT
Etag: "63dd7d1d-139"
Expires: Sun, 05 Feb 2023 22:05:56 GMT
Last-Modified: Fri, 03 Feb 2023 21:31:09 GMT
Server: ECS (ska/F719)
X-Cache: HIT
Content-Length: 313
img.strpst.com/thumbs/1675525201/95918594
104.18.63.124200 OK 66 kB URL HTTP/2 img.strpst.com/thumbs/1675525201/95918594
IP 104.18.63.124:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 0x0, segment length 16, progressive, precision 8, 640x360, components 3\012- data
Hash f49148918922ee461e635baee038ed7d
2de18b75cfbc5423216bfe0b2e9be978520f5010
6c23800ec98909cead9fc1a8a59ec80b661eed381c06352383b9c3cb2bbf7811
GET /thumbs/1675525201/95918594 HTTP/1.1
Host: img.strpst.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://creative.xlivrdr.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 04 Feb 2023 15:42:03 GMT
content-type: image/jpeg
content-length: 65587
access-control-allow-credentials: true
access-control-allow-headers: *
access-control-allow-methods: GET
access-control-allow-origin: *
cf-bgj: imgq:100,h2pri
cf-polished: origSize=67908, status=webp_bigger
etag: "7eaf9f6c11f78b499b78e1ff8c545a82"
last-modified: Sat, 04 Feb 2023 15:40:09 GMT
cf-cache-status: HIT
age: 65
expires: Sat, 04 Feb 2023 16:12:03 GMT
cache-control: public, max-age=1800
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 794483956c190b02-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
roomimg.stream.highwebmedia.com/riw/princess__aurora.jpg?1675525320
104.19.241.83200 OK 31 kB URL HTTP/2 roomimg.stream.highwebmedia.com/riw/princess__aurora.jpg?1675525320
IP 104.19.241.83:0
Hash 6d0f5746335fef257755c8d9813a4d0a
cd43dd3f584a755c07bf41c44b4715be896e010d
4b79186b8a1e3f8c40b7d4774d3803ed99bd762ea6b590ef77bf7f5c5b9094a7
GET /riw/princess__aurora.jpg?1675525320 HTTP/1.1
Host: roomimg.stream.highwebmedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://chaturbate.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sat, 04 Feb 2023 15:42:03 GMT
content-type: image/jpeg
content-length: 6929
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
cache-control: public, max-age=30
cf-bgj: imgq:100,h2pri
cf-polished: status=not_needed
content-security-policy: default-src 'none'; img-src data:; style-src 'unsafe-inline'
referrer-policy: strict-origin-when-cross-origin
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
x-frame-options: DENY
x-xss-protection: 1; mode=block
cf-cache-status: HIT
age: 7
last-modified: Sat, 04 Feb 2023 15:41:56 GMT
expires: Sat, 04 Feb 2023 15:42:33 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=uI7WiWAVP4O8woywgEBV1EK%2BdnRRj32bYp2f5zUaFQ6CAOkLFQ0bqPULLYLMbszWb2sQdH5u9aMcEpl3gcnkadU0JSUiGp5t2G2pqVuKtB1PesdRIK0UVTMDnJ9JpddUDCpoo9wAt8yXdsQxam3e05Y%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
set-cookie: _cfuvid=OAjhWhWiTs6zHER0tJyNxUHKezck.hX88rN4Fmu.I34-1675525323144-0-604800000; path=/; domain=.highwebmedia.com; HttpOnly; Secure; SameSite=None
server: cloudflare
cf-ray: 794483959c55b503-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
roomimg.stream.highwebmedia.com/riw/seltin_sweety.jpg?1675525320
104.19.241.83200 OK 11 kB URL HTTP/2 roomimg.stream.highwebmedia.com/riw/seltin_sweety.jpg?1675525320
IP 104.19.241.83:0
File type JPEG image data, JFIF standard 1.02, aspect ratio, density 548x549, segment length 16, progressive, precision 8, 480x270, components 3\012- data
Hash 07ab6cae26ffa9a5bad7ad960d8a69fd
39e5e99678c1fc71d8e1f77480974e70484c6f48
5c68c6d1a533211943f43fde1cb52c002e414d5e28fca49edabc209fe3dba78c
GET /riw/seltin_sweety.jpg?1675525320 HTTP/1.1
Host: roomimg.stream.highwebmedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://chaturbate.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sat, 04 Feb 2023 15:42:03 GMT
content-type: image/jpeg
content-length: 10991
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
cache-control: public, max-age=30
cf-bgj: imgq:100,h2pri
cf-polished: origSize=10996
content-security-policy: default-src 'none'; img-src data:; style-src 'unsafe-inline'
referrer-policy: strict-origin-when-cross-origin
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
x-frame-options: DENY
x-xss-protection: 1; mode=block
cf-cache-status: HIT
age: 25
last-modified: Sat, 04 Feb 2023 15:41:38 GMT
expires: Sat, 04 Feb 2023 15:42:33 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=vEo5hjyTY0OSS1dPBQic%2F6s8waTAzM1mqSeJ1QWvIfjTmdPtlMmt8Vh6ZrnYRLRYCV4YqBZDc01xUVSXn5gqaIARpnIU4qS9M%2BsJIHJiCxaVNlvz%2FE5BFICBmQBO48Zyacv5QwxpHYLTuvGC2iDZ87s%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
set-cookie: _cfuvid=OAjhWhWiTs6zHER0tJyNxUHKezck.hX88rN4Fmu.I34-1675525323144-0-604800000; path=/; domain=.highwebmedia.com; HttpOnly; Secure; SameSite=None
server: cloudflare
cf-ray: 794483959c5bb503-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
creative.xlirdr.com/widgets/v4/Universal/?actionButtonPlacement=bottom&buttonColor=&campaignId=banner2609start&creativeId=300x250&domain=stripchat&hideButtonOnSmallSpots=1&hideModelNameOnSmallSpots=0&hideTitleOnSmallSpots=1&isXhDesign=0&liveBadgeColor=%2324d7d7&modelsCountry=&modelsLanguage=&showButton=1&showLiveBadge=1&showModelName=1&showTitle=0&sound=off&sourceId=xfanta&tag=females&targetDomain=&thumbSizeKey=small&trackOff=1&userId=b47aedc2c088e2f21e0cc23e0318384c557941461efdbc48212e7282df45f2f4
104.18.59.150200 OK 7.3 kB URL HTTP/2 creative.xlirdr.com/widgets/v4/Universal/?actionButtonPlacement=bottom&buttonColor=&campaignId=banner2609start&creativeId=300x250&domain=stripchat&hideButtonOnSmallSpots=1&hideModelNameOnSmallSpots=0&hideTitleOnSmallSpots=1&isXhDesign=0&liveBadgeColor=%2324d7d7&modelsCountry=&modelsLanguage=&showButton=1&showLiveBadge=1&showModelName=1&showTitle=0&sound=off&sourceId=xfanta&tag=females&targetDomain=&thumbSizeKey=small&trackOff=1&userId=b47aedc2c088e2f21e0cc23e0318384c557941461efdbc48212e7282df45f2f4
IP 104.18.59.150:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash d7f6187ececdaf372089bf0674b4eb3c
379727ae49beb702ba130a8831dfac8d3b1e3de8
403f175156aa9102f5e899df4cbadb3565ea4a2e7f29f1c88c034b3639deb3db
GET /widgets/v4/Universal/?actionButtonPlacement=bottom&buttonColor=&campaignId=banner2609start&creativeId=300x250&domain=stripchat&hideButtonOnSmallSpots=1&hideModelNameOnSmallSpots=0&hideTitleOnSmallSpots=1&isXhDesign=0&liveBadgeColor=%2324d7d7&modelsCountry=&modelsLanguage=&showButton=1&showLiveBadge=1&showModelName=1&showTitle=0&sound=off&sourceId=xfanta&tag=females&targetDomain=&thumbSizeKey=small&trackOff=1&userId=b47aedc2c088e2f21e0cc23e0318384c557941461efdbc48212e7282df45f2f4 HTTP/1.1
Host: creative.xlirdr.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://cams.gratis/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sat, 04 Feb 2023 15:42:02 GMT
content-type: text/html
last-modified: Tue, 31 Jan 2023 09:49:21 GMT
expires: Sat, 04 Feb 2023 15:41:58 GMT
cache-control: max-age=10
strict-transport-security: max-age=15768000
pragma: public
report-to: { "endpoints":[{ "url": "https://go.stripchat.com/report" }], "group": "default", "max_age": 1048576 }
cf-cache-status: HIT
age: 5
vary: Accept-Encoding
server: cloudflare
cf-ray: 794483942b411c0a-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 280 B IP 93.184.220.29:0
Hash f0a2c75ca4cc72cf2477f1457c96323e
787bb1bdb7c7faa5a5ccfb5194abc5d9b8d8d0ca
34ce6167ecf6dbccf1c2aefd01dd17881fd5b8a44f2e1cdb63f22805239266a5
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 2537
Cache-Control: max-age=140491
Content-Type: application/ocsp-response
Date: Sat, 04 Feb 2023 15:42:03 GMT
Etag: "63ddf4ad-118"
Expires: Mon, 06 Feb 2023 06:43:34 GMT
Last-Modified: Sat, 04 Feb 2023 06:01:17 GMT
Server: ECS (ska/F719)
X-Cache: HIT
Content-Length: 280
static-assets.highwebmedia.com/CACHE/css/output.86af60575b63.css
104.16.93.42200 OK 35 kB URL HTTP/2 static-assets.highwebmedia.com/CACHE/css/output.86af60575b63.css
IP 104.16.93.42:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (60824)
Hash 028f66ce400b2bee6c8806abb093261f
517f388a7006e00feb761b05a3ec2426e5c13efa
47faec28e95e7bddfb716b6de6575d80254572bfde5c56b924a063e93b95b20d
GET /CACHE/css/output.86af60575b63.css HTTP/1.1
Host: static-assets.highwebmedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://chaturbate.com/
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 04 Feb 2023 15:42:03 GMT
content-type: text/css
cache-control: public, max-age=2592000
cf-bgj: minify
cf-polished: origSize=29633
etag: W/"a8afa6db6e602567cf4bc61349cc04f9"
last-modified: Fri, 27 Jan 2023 00:08:58 GMT
x-amz-id-2: OLI4HYRcmYFzq5aXGV2Ict6iYPHWmgq3P2ReCRB9kH5NULrf/69TdCRei6i2pG3JGoa3uytE+Os=
x-amz-meta-s3cmd-attrs: md5:a8afa6db6e602567cf4bc61349cc04f9
x-amz-request-id: ARKQGQ1WNC88THKA
cf-cache-status: HIT
age: 746997
expires: Mon, 06 Mar 2023 15:42:03 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=I6O0keu%2FZPKTgaD9viy3G3noWWRe3C4WUv0YseHlIQ3NtWloEgmnGIR2Y1TcLPR%2FuVaNv%2FerJWkGAA2CyCuSE33KtMeoBGWQuyg6YwHTMMPiTdsQELpjx5V%2FvpfbTCgdPEvuBxBNI5%2FUaCi%2BgE0upg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
set-cookie: _cfuvid=IIJaPQaQDf5cO2Q1OIL.N9g6kJj1TCbi4FGSeWBLubY-1675525323179-0-604800000; path=/; domain=.highwebmedia.com; HttpOnly; Secure; SameSite=None
server: cloudflare
cf-ray: 79448395cd42b517-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
js-agent.newrelic.com/779.215647de-1223.js
151.101.66.137200 OK 3.7 kB URL HTTP/2 js-agent.newrelic.com/779.215647de-1223.js
IP 151.101.66.137:0
Hash bbff2d6a6bbeb84e6d970c9ef71acb60
b1b007d474421b4016c5e9e1da5ef8d800895386
33c4a536894cc2399216972de5e286d49976d34387ecfa57a55d88c6fbac5aeb
GET /779.215647de-1223.js HTTP/1.1
Host: js-agent.newrelic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://chaturbate.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: oJiVqgUxxXTGlb3WHfPODQ+0hnRNaK4Wu3C5q0qzLW1Wy1zUCv3lJDvZMbOZXlmpWlVHYmT68X8=
x-amz-request-id: 29B6GFQJDW5ETZPK
last-modified: Fri, 27 Jan 2023 21:42:05 GMT
etag: "1f9dc6167676d6db728e844d20a97ad5"
x-amz-version-id: d0hMUd3mWD9ItciiSIXCSy8OWToOTtsf
content-type: application/javascript
server: AmazonS3
access-control-allow-origin: *
cache-control: public, max-age=7200, stale-if-error=604800
content-encoding: gzip
accept-ranges: bytes
date: Sat, 04 Feb 2023 15:42:03 GMT
via: 1.1 varnish
x-served-by: cache-bma1647-BMA
x-cache: HIT
x-cache-hits: 3621
x-timer: S1675525324.839746,VS0,VE0
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
content-length: 3516
X-Firefox-Spdy: h2
js-agent.newrelic.com/817.215647de-1223.js
151.101.66.137200 OK 1.0 kB URL HTTP/2 js-agent.newrelic.com/817.215647de-1223.js
IP 151.101.66.137:0
File type ASCII text, with very long lines (2422), with no line terminators
Hash f899718de7c8c66eeb4bbfa0c22acf5e
ec2a6857256c2ed00c401b4888ff36871baf6b43
809f4867eaf293e35d10315d6e65aa69289d7eee0ab7e8de437b18c2a06fed94
GET /817.215647de-1223.js HTTP/1.1
Host: js-agent.newrelic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://chaturbate.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
x-amz-id-2: sWkU684Mr3Z5/fJ2O0srvU3HupQDLlairtucn7ucXJIoplwlZJHmVmeQSK82HUlRykCYQPaNYBk=
x-amz-request-id: 29BE804GA0J43Q99
last-modified: Fri, 27 Jan 2023 21:42:05 GMT
etag: "a5dc24e5a104adfcf70621ff7fb620ff"
x-amz-version-id: fbj3lJUaysglBYTWHHCwffYncZ19MQ50
content-type: application/javascript
server: AmazonS3
access-control-allow-origin: *
cache-control: public, max-age=7200, stale-if-error=604800
content-encoding: gzip
accept-ranges: bytes
date: Sat, 04 Feb 2023 15:42:03 GMT
via: 1.1 varnish
x-served-by: cache-bma1647-BMA
x-cache: HIT
x-cache-hits: 1487
x-timer: S1675525324.840215,VS0,VE0
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
content-length: 1044
X-Firefox-Spdy: h2
js-agent.newrelic.com/378.215647de-1223.js
151.101.66.137200 OK 6.4 kB URL HTTP/2 js-agent.newrelic.com/378.215647de-1223.js
IP 151.101.66.137:0
File type ASCII text, with very long lines (17828), with no line terminators
Hash d58a3a565fc0bbaf659cdd5bf0c3cd4f
8cd110e6b7199e11de72368b73abb8a3afddfff8
bd6f2c9e271f74ce10d1ad05fdde0fa7bf0ffa34ea85f6076a58e50111df8de7
GET /378.215647de-1223.js HTTP/1.1
Host: js-agent.newrelic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://chaturbate.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
x-amz-id-2: jhmNL7TL7NMx1UoOR5WpT5kMljdWRrYGpnmm3iqO7tDQcfjU0mie9CCq0LQCgRqufry0GCFQmEg=
x-amz-request-id: 93FTN287CT7M20VW
last-modified: Fri, 27 Jan 2023 21:42:05 GMT
etag: "2705e6768fceda2e9c8355d65e268d7c"
x-amz-version-id: tRin0ET_go6ogNo.J2ffgT9M6xH6BEos
content-type: application/javascript
server: AmazonS3
access-control-allow-origin: *
cache-control: public, max-age=7200, stale-if-error=604800
content-encoding: gzip
accept-ranges: bytes
date: Sat, 04 Feb 2023 15:42:03 GMT
via: 1.1 varnish
x-served-by: cache-bma1647-BMA
x-cache: HIT
x-cache-hits: 968
x-timer: S1675525324.840400,VS0,VE0
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
content-length: 6410
X-Firefox-Spdy: h2
js-agent.newrelic.com/112.215647de-1223.js
151.101.66.137200 OK 2.8 kB URL HTTP/2 js-agent.newrelic.com/112.215647de-1223.js
IP 151.101.66.137:0
File type ASCII text, with very long lines (7285), with no line terminators
Hash 51f26008d21e2bd91b8a9baa4c356ab9
59888996bcb03c11b1d2e61a868009e57846b8cb
feebd27b271ee3a7198d3dbc69610281a43503080d724ec0fcb7c4bfa13d42f6
GET /112.215647de-1223.js HTTP/1.1
Host: js-agent.newrelic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://chaturbate.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
x-amz-id-2: 89jhP8k1dPBysMYdCzqbzxQ1KxABx3MYRt9LPVpreRIcgdqnpH5bT0LvyouOsXZFM+UKIfDjy0I=
x-amz-request-id: 29BA48WT782NR5G3
last-modified: Fri, 27 Jan 2023 21:42:05 GMT
etag: "b225b095bddb200dcb67ba7625a14e0b"
x-amz-version-id: 9bSPwe8fMEYRcVSv2EMBWMHRAeUObfWk
content-type: application/javascript
server: AmazonS3
access-control-allow-origin: *
cache-control: public, max-age=7200, stale-if-error=604800
content-encoding: gzip
accept-ranges: bytes
date: Sat, 04 Feb 2023 15:42:03 GMT
via: 1.1 varnish
x-served-by: cache-bma1647-BMA
x-cache: HIT
x-cache-hits: 2106
x-timer: S1675525324.841039,VS0,VE0
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
content-length: 2800
X-Firefox-Spdy: h2
js-agent.newrelic.com/325.215647de-1223.js
151.101.66.137200 OK 560 B URL HTTP/2 js-agent.newrelic.com/325.215647de-1223.js
IP 151.101.66.137:0
File type ASCII text, with very long lines (1119), with no line terminators
Hash dbb8514b0fe73ed1c9a3bb94d6bd624b
083e321a63d3e24555e87c564d3b52588ed49ae1
10a720318922a38e6bf41921f3adc6f56bc61f215e251be7f5f37ec991d9b852
GET /325.215647de-1223.js HTTP/1.1
Host: js-agent.newrelic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://chaturbate.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
x-amz-id-2: y2K+rpeLF3Ym/3l6sNpa29RWC/g7TNS9+AlxD2Yrljl995Eo6bNRqMUpU5PNsi1SzBJybaX6onw=
x-amz-request-id: 5D6X5R0HEXVCYE0Y
last-modified: Fri, 27 Jan 2023 21:42:05 GMT
etag: "8bfb1318203f2143642fa7f2620e90b9"
x-amz-version-id: TZXfN40R6cv9QsF3fTfxRxppzwQ_LugL
content-type: application/javascript
server: AmazonS3
access-control-allow-origin: *
cache-control: public, max-age=7200, stale-if-error=604800
content-encoding: gzip
accept-ranges: bytes
date: Sat, 04 Feb 2023 15:42:03 GMT
via: 1.1 varnish
x-served-by: cache-bma1647-BMA
x-cache: HIT
x-cache-hits: 3611
x-timer: S1675525324.841048,VS0,VE0
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
content-length: 560
X-Firefox-Spdy: h2
js-agent.newrelic.com/960.215647de-1223.js
151.101.66.137200 OK 2.2 kB URL HTTP/2 js-agent.newrelic.com/960.215647de-1223.js
IP 151.101.66.137:0
File type ASCII text, with very long lines (4860), with no line terminators
Hash e760ffc71afd5bd3c903e8f29818c668
11e73304cc011c73068a27c4ae873eb2adf85f7d
b3128fc00ad75d145325e82722ae64fb77919f398989850180eb5a821cbd4504
GET /960.215647de-1223.js HTTP/1.1
Host: js-agent.newrelic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://chaturbate.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
x-amz-id-2: gNdtGXUJfleX+6Y/31csogbPXnzsvAdQ2x0ORpMeZLnvhbSRfapicWEnWrmVHTcguxNTc34ROLE=
x-amz-request-id: 29B7ET22KYPXWQTJ
last-modified: Fri, 27 Jan 2023 21:42:05 GMT
etag: "57e420fb6a7c52d0c27d5548fef4de16"
x-amz-version-id: iCdpSHjuiF_zf7kNvVpWKcwVkVeojeJa
content-type: application/javascript
server: AmazonS3
access-control-allow-origin: *
cache-control: public, max-age=7200, stale-if-error=604800
content-encoding: gzip
accept-ranges: bytes
date: Sat, 04 Feb 2023 15:42:03 GMT
via: 1.1 varnish
x-served-by: cache-bma1647-BMA
x-cache: HIT
x-cache-hits: 1416
x-timer: S1675525324.844392,VS0,VE0
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
content-length: 2233
X-Firefox-Spdy: h2
js-agent.newrelic.com/307.215647de-1223.js
151.101.66.137200 OK 3.6 kB URL HTTP/2 js-agent.newrelic.com/307.215647de-1223.js
IP 151.101.66.137:0
File type ASCII text, with very long lines (9700), with no line terminators
Hash ee729b93fd1e54d7c6108a4a252b67a2
e87fca8b97e56a89980ad6eb488ef1ac50116366
b48a5e5b92d4d04becc06d85a678fffe33bf31611398c217ec232171f6d11f8f
GET /307.215647de-1223.js HTTP/1.1
Host: js-agent.newrelic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://chaturbate.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
x-amz-id-2: xbAyM3B6Z/Ooy6PMw2GgjfE/Ir1lbwXjKVU7JKeSJnjmMgE/GpUd1AOACsKLCPxaWbQWAHrYzE0=
x-amz-request-id: KRHE8V2CFA00B292
last-modified: Fri, 27 Jan 2023 21:42:05 GMT
etag: "cca13aa273adc25aced599968bea0601"
x-amz-version-id: ED2qEQGkNHGjLDyC2ELlsbsj8AXnsN9k
content-type: application/javascript
server: AmazonS3
access-control-allow-origin: *
cache-control: public, max-age=7200, stale-if-error=604800
content-encoding: gzip
accept-ranges: bytes
date: Sat, 04 Feb 2023 15:42:03 GMT
via: 1.1 varnish
x-served-by: cache-bma1647-BMA
x-cache: HIT
x-cache-hits: 1493
x-timer: S1675525324.844611,VS0,VE0
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
content-length: 3648
X-Firefox-Spdy: h2
js-agent.newrelic.com/823.215647de-1223.js
151.101.66.137200 OK 1.8 kB URL HTTP/2 js-agent.newrelic.com/823.215647de-1223.js
IP 151.101.66.137:0
Hash 3fb9d92aa5ec9bbe1183a21d9d8f0d6e
8bf6b7654f28b0e66e1d1183239e92508c489317
ee3fb895706384b7920f7ec38d36395a9bf921b65e291e57bdd2563e9e21c12b
GET /823.215647de-1223.js HTTP/1.1
Host: js-agent.newrelic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://chaturbate.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: 5Fb4P8xJczd5vSJcDjiJeEIdldSbkECuaWyErtMTeAtEHKfdyrVuRuzSrltAg1+Dqn5ZyguqAlc=
x-amz-request-id: 29B2ND18W5AQM0T8
last-modified: Fri, 27 Jan 2023 21:42:05 GMT
etag: "ce7762cf4b6665f79c15503dbccd6c68"
x-amz-version-id: W2tA0gkaWp6JlPnYeFhc2plzNBl_myPN
content-type: application/javascript
server: AmazonS3
access-control-allow-origin: *
cache-control: public, max-age=7200, stale-if-error=604800
content-encoding: gzip
accept-ranges: bytes
date: Sat, 04 Feb 2023 15:42:03 GMT
via: 1.1 varnish
x-served-by: cache-bma1647-BMA
x-cache: HIT
x-cache-hits: 3636
x-timer: S1675525324.850806,VS0,VE0
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
content-length: 1365
X-Firefox-Spdy: h2
js-agent.newrelic.com/692.215647de-1223.js
151.101.66.137200 OK 1.5 kB URL HTTP/2 js-agent.newrelic.com/692.215647de-1223.js
IP 151.101.66.137:0
Hash 2b43fb313aea92a3f0ff17f4d81196ae
a4925a56461bff39e83cb545a7cc1a92b00e2992
4f462a14456e83f7cb8e97245bc3a67576fa67ba83c0a4514f242c87b514b7d6
GET /692.215647de-1223.js HTTP/1.1
Host: js-agent.newrelic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://chaturbate.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: 2yt9zIT4kPGAHbZR3GCMZ5QoLheWqVlcJX0f/njjzvUTTdDRBkBy06VpOX/u//lzjAgeAveu2U8=
x-amz-request-id: 29B921PPM35DC69W
last-modified: Fri, 27 Jan 2023 21:42:05 GMT
etag: "2a9c8457fef96067bf92a4ec54fb10b8"
x-amz-version-id: I.n_PBR7fU5g2cmlAwgMlzr4Oik5bP_f
content-type: application/javascript
server: AmazonS3
access-control-allow-origin: *
cache-control: public, max-age=7200, stale-if-error=604800
content-encoding: gzip
accept-ranges: bytes
date: Sat, 04 Feb 2023 15:42:03 GMT
via: 1.1 varnish
x-served-by: cache-bma1647-BMA
x-cache: HIT
x-cache-hits: 3625
x-timer: S1675525324.856934,VS0,VE0
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
content-length: 1087
X-Firefox-Spdy: h2
js-agent.newrelic.com/785.215647de-1223.js
151.101.66.137200 OK 2.1 kB URL HTTP/2 js-agent.newrelic.com/785.215647de-1223.js
IP 151.101.66.137:0
File type ASCII text, with very long lines (5141), with no line terminators
Hash 7fa55562924d9fae72bef9c581681545
2a9f69db97168913e41c20b42278f0b020f19e02
9ab186c1c3c7132d927edd774e14412550e0127ae67bcf04353f94ce22dd1b5f
GET /785.215647de-1223.js HTTP/1.1
Host: js-agent.newrelic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://chaturbate.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: +m4UupLkIm012wjkD0AOw3MWK5aT8Y0g0D4hdCiEX5xVgPPr8nsRchoPSx3Y9Rb4NP65eTC0O6I=
x-amz-request-id: 29B11CZV4JJHK42G
last-modified: Fri, 27 Jan 2023 21:42:05 GMT
etag: "85340359c90104ea511047eb2b57ebb5"
x-amz-version-id: 24gfKeCbKAAA6djjTUpWk6gRfGGq6MlZ
content-type: application/javascript
server: AmazonS3
access-control-allow-origin: *
cache-control: public, max-age=7200, stale-if-error=604800
content-encoding: gzip
accept-ranges: bytes
date: Sat, 04 Feb 2023 15:42:03 GMT
via: 1.1 varnish
x-served-by: cache-bma1647-BMA
x-cache: HIT
x-cache-hits: 3626
x-timer: S1675525324.856907,VS0,VE0
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
content-length: 2103
X-Firefox-Spdy: h2
cbjpeg.stream.highwebmedia.com/stream?room=claire_moulin&f=0.770230593469193
131.153.88.93200 OK 22 kB URL HTTP/2 cbjpeg.stream.highwebmedia.com/stream?room=claire_moulin&f=0.770230593469193
IP 131.153.88.93:0
ASN #50389 Phoenix Nap, LLC.
File type JPEG image data, JFIF standard 1.02, aspect ratio, density 1280x1281, segment length 16, comment: "Lavc58.91.100", baseline, precision 8, 854x480, components 3\012- data
Hash 4aba9ff498f83aa84c42d436a1030912
36f330a05b2a51710a6445afca1db7f7dbcce673
35524d84c3282326894c27d4541d54d0c65a86f825ff8a7c0d8b5e748ed321ff
GET /stream?room=claire_moulin&f=0.770230593469193 HTTP/1.1
Host: cbjpeg.stream.highwebmedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://chaturbate.com/
Connection: keep-alive
Cookie: _cfuvid=zQRvoRtu1PdfTxywsPaSsW8zHCe1PRgbwnGkiNh4Zn8-1675525323178-0-604800000
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Sat, 04 Feb 2023 15:42:03 GMT
content-type: image/jpeg
content-length: 22417
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: default-src 'none'; img-src data:; style-src 'unsafe-inline'
cache-tag: cbjpeg
x-frame-options: DENY
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 511a81ddc5300e50f0bca90cd2e438d6
28322a98c7e3e738eb5baf49ca9d0f715bab4e77
4370ace82b76df0f6d6c5e82a93fa0c99ae11feea98d95f720faf28c3f407dd0
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6506
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Sat, 04 Feb 2023 15:42:04 GMT
Last-Modified: Sat, 04 Feb 2023 13:53:38 GMT
Server: ECS (ska/F719)
X-Cache: HIT
Content-Length: 471
cbjpeg.stream.highwebmedia.com/stream?room=claire_moulin&f=0.7042653698099918
131.153.88.93200 OK 22 kB URL HTTP/2 cbjpeg.stream.highwebmedia.com/stream?room=claire_moulin&f=0.7042653698099918
IP 131.153.88.93:0
ASN #50389 Phoenix Nap, LLC.
File type JPEG image data, JFIF standard 1.02, aspect ratio, density 1280x1281, segment length 16, comment: "Lavc58.91.100", baseline, precision 8, 854x480, components 3\012- data
Hash 6a428d36c6256d3c575b2e0740633d38
e2da2e3c0b801b56614b6d110c058ecd9752a206
5e7345d56ff08309a90f7873b07924f7d364527a0fe73f0a61be48d1166d2a2f
GET /stream?room=claire_moulin&f=0.7042653698099918 HTTP/1.1
Host: cbjpeg.stream.highwebmedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://chaturbate.com/
Connection: keep-alive
Cookie: _cfuvid=zQRvoRtu1PdfTxywsPaSsW8zHCe1PRgbwnGkiNh4Zn8-1675525323178-0-604800000
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 04 Feb 2023 15:42:04 GMT
content-type: image/jpeg
content-length: 22120
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: default-src 'none'; img-src data:; style-src 'unsafe-inline'
cache-tag: cbjpeg
x-frame-options: DENY
X-Firefox-Spdy: h2
bam.nr-data.net/1/6f524845d1?a=24279235&v=1223.PROD&to=MwYEbUdYXxJQWhULDApMIExbWkUIXldOFgwRERUXQ1BUFkIDFQ0WFlA%3D&rst=1498&ck=0&s=793bfb1a24d364e7&ref=https://chaturbate.com/tours/3/&ap=55&be=564&fe=763&dc=522&perf=%7B%22timing%22:%7B%22of%22:1675525358614,%22n%22:0,%22r%22:0,%22re%22:182,%22f%22:182,%22dn%22:182,%22dne%22:182,%22c%22:182,%22s%22:182,%22ce%22:182,%22rq%22:184,%22rp%22:411,%22rpe%22:415,%22dl%22:535,%22di%22:1021,%22ds%22:1085,%22de%22:1092,%22dc%22:1324,%22l%22:1324,%22le%22:1344%7D,%22navigation%22:%7B%22rc%22:1%7D%7D&fcp=925&at=H0ETGw9CExRCXBM9CgBBXAkZG0QSVEsPAw4BQVwbamZQD15XPj1BSEEVUFJXRBFuXQAWBkZZVhUXenc%2BY1gYQFlGVF8NAQECWAMBWAZXBlcADhh4Yy8TFUMhJTshCU0XAwhVHRsiJDwmDBJ8TU1DABMDQwQCCBADFVNYXRJUG01AEQECCmZcSRNbEwBQTFpUTVILGwgEVRMVQwMNCw05X1lYVhITA0NAT0YBA0pBZlYUVEoSPQoUQVwbDAgfWAEXVVBNVVZSGxkbUwRCTT4FFgEQFWZSXF5DCxsvLUFIQQ9JalpeFF9NExtBXkEodhcVEwhBZgINFgoXFEBqWl4PV1AFBw0HBkQDFwAIQx0bCBI8CgYSTlpLWkMLGwMOChxNBVZYGx1DWEk%2BDREDAghQT1hFCF5XQ1hBJg8PQRVqXg1ETQgNDRdBShtcSW4IQklDWEEmDw9BFWpeDURNCA0NF0FKG1xJbgBCV0NYVlRQVg0ZG1gRblgSDDwLEQEbDxtzDVhBQTEMCBYSUFpXQkFwakNOQQ0TOVpaV18EUk0IDQ07Fx9JUBsLQ3JYAw4GSyc1dRcVEwhBZhQRBhY8EkBFXBNbE0sEEQoABghNXFhdQx0bEwcSEQYVTWpJUBVZG1tATBAME0tGFgJOExVDFQ87CwlKQRsLQ1JRABYWFgEHTVAXUg5cG01AEA0XA2ZcXRNbABVDEQoQBjldWlRQCF8bW0AADAISTEdbUBVUFwINDkZPREtQSEQEQk0%2BCgwXF0QDF1pZAEVMEwACEAZIWlpUE00TWxMNFBcGFGZcXRNbEw9ZUVFVVFMPGFoCU1cUVQNTU04HDgBbHFZVAQRUUFRWUAhUARNNE0sEBAYWBhQbDxtZFUVJElhMSwAHVEYXVhNQTQgRTEZPREtQSEQEQk0%2BDwYQCwldFwMTJnRtQ05BFBoSUVpXbhdUSxILDApBXBsGFwZDHRsUAzwABhBQVlxuB1BUCA4aRllEdkFRVBMTFUMXAjsHA09cWlQ%2BRUARB0FeQQJcRlJFDkEbTUAWBTwJSmpfUAxYVRhAWUY0D1dRVkYSExVDFwI7DBVmQ1xDElhWD0BZRlJWGxkbRABuWxMNFBcGFGZTWFwIXUBDWEEiChRcU1ZJQx0bFAM8BhEJTkZcQz5HXBMRCgsNRAMXCAFUHwlDTkERAjlKQUtYD1YbW0AuCxkPVVlYHlQfCUFKNA0NAlZCShEvZRlQUk1UWEZuXFcHVQoZGVRXX0MUTw8IAVQfCUhCJAEADVYaCwFQAQlQUlJEJQ9LUF9eGR4IUVdNVEFKG1JQRT5SVgwPChBBXBsBWARXUA9QBgFSW14bGRtBAENYDBFBXkEdZRdNXhRDZUNYQzhBHghnXW1DHRk9QAAFDhZYXF5fPRMDQT5BKgAnQGBlE00RZUMBP0ZZRmUXCm1DHRk9QBM4QVwZaRsBPRMVQT5BAwYIXVBLbUMLGT1ABThBShlpG1UIQlgDDgY7EAlMW11tQwsZPUBTOEEbG0hE&jsonp=NREUM.setToken
162.247.241.14200 OK 77 B URL HTTP/1.1 bam.nr-data.net/1/6f524845d1?a=24279235&v=1223.PROD&to=MwYEbUdYXxJQWhULDApMIExbWkUIXldOFgwRERUXQ1BUFkIDFQ0WFlA%3D&rst=1498&ck=0&s=793bfb1a24d364e7&ref=https://chaturbate.com/tours/3/&ap=55&be=564&fe=763&dc=522&perf=%7B%22timing%22:%7B%22of%22:1675525358614,%22n%22:0,%22r%22:0,%22re%22:182,%22f%22:182,%22dn%22:182,%22dne%22:182,%22c%22:182,%22s%22:182,%22ce%22:182,%22rq%22:184,%22rp%22:411,%22rpe%22:415,%22dl%22:535,%22di%22:1021,%22ds%22:1085,%22de%22:1092,%22dc%22:1324,%22l%22:1324,%22le%22:1344%7D,%22navigation%22:%7B%22rc%22:1%7D%7D&fcp=925&at=H0ETGw9CExRCXBM9CgBBXAkZG0QSVEsPAw4BQVwbamZQD15XPj1BSEEVUFJXRBFuXQAWBkZZVhUXenc%2BY1gYQFlGVF8NAQECWAMBWAZXBlcADhh4Yy8TFUMhJTshCU0XAwhVHRsiJDwmDBJ8TU1DABMDQwQCCBADFVNYXRJUG01AEQECCmZcSRNbEwBQTFpUTVILGwgEVRMVQwMNCw05X1lYVhITA0NAT0YBA0pBZlYUVEoSPQoUQVwbDAgfWAEXVVBNVVZSGxkbUwRCTT4FFgEQFWZSXF5DCxsvLUFIQQ9JalpeFF9NExtBXkEodhcVEwhBZgINFgoXFEBqWl4PV1AFBw0HBkQDFwAIQx0bCBI8CgYSTlpLWkMLGwMOChxNBVZYGx1DWEk%2BDREDAghQT1hFCF5XQ1hBJg8PQRVqXg1ETQgNDRdBShtcSW4IQklDWEEmDw9BFWpeDURNCA0NF0FKG1xJbgBCV0NYVlRQVg0ZG1gRblgSDDwLEQEbDxtzDVhBQTEMCBYSUFpXQkFwakNOQQ0TOVpaV18EUk0IDQ07Fx9JUBsLQ3JYAw4GSyc1dRcVEwhBZhQRBhY8EkBFXBNbE0sEEQoABghNXFhdQx0bEwcSEQYVTWpJUBVZG1tATBAME0tGFgJOExVDFQ87CwlKQRsLQ1JRABYWFgEHTVAXUg5cG01AEA0XA2ZcXRNbABVDEQoQBjldWlRQCF8bW0AADAISTEdbUBVUFwINDkZPREtQSEQEQk0%2BCgwXF0QDF1pZAEVMEwACEAZIWlpUE00TWxMNFBcGFGZcXRNbEw9ZUVFVVFMPGFoCU1cUVQNTU04HDgBbHFZVAQRUUFRWUAhUARNNE0sEBAYWBhQbDxtZFUVJElhMSwAHVEYXVhNQTQgRTEZPREtQSEQEQk0%2BDwYQCwldFwMTJnRtQ05BFBoSUVpXbhdUSxILDApBXBsGFwZDHRsUAzwABhBQVlxuB1BUCA4aRllEdkFRVBMTFUMXAjsHA09cWlQ%2BRUARB0FeQQJcRlJFDkEbTUAWBTwJSmpfUAxYVRhAWUY0D1dRVkYSExVDFwI7DBVmQ1xDElhWD0BZRlJWGxkbRABuWxMNFBcGFGZTWFwIXUBDWEEiChRcU1ZJQx0bFAM8BhEJTkZcQz5HXBMRCgsNRAMXCAFUHwlDTkERAjlKQUtYD1YbW0AuCxkPVVlYHlQfCUFKNA0NAlZCShEvZRlQUk1UWEZuXFcHVQoZGVRXX0MUTw8IAVQfCUhCJAEADVYaCwFQAQlQUlJEJQ9LUF9eGR4IUVdNVEFKG1JQRT5SVgwPChBBXBsBWARXUA9QBgFSW14bGRtBAENYDBFBXkEdZRdNXhRDZUNYQzhBHghnXW1DHRk9QAAFDhZYXF5fPRMDQT5BKgAnQGBlE00RZUMBP0ZZRmUXCm1DHRk9QBM4QVwZaRsBPRMVQT5BAwYIXVBLbUMLGT1ABThBShlpG1UIQlgDDgY7EAlMW11tQwsZPUBTOEEbG0hE&jsonp=NREUM.setToken
IP 162.247.241.14:0
File type ASCII text, with no line terminators
Hash f1442f5831dbbe0210da2d7a4180d6b8
2ade23c6c7a001c66f0c0a9a101ec152747b434e
c6acf9fb2ecc1b144c51bd0337bbf1c26db3df2f649ac2da5c56db20d93eb3ef
GET /1/6f524845d1?a=24279235&v=1223.PROD&to=MwYEbUdYXxJQWhULDApMIExbWkUIXldOFgwRERUXQ1BUFkIDFQ0WFlA%3D&rst=1498&ck=0&s=793bfb1a24d364e7&ref=https://chaturbate.com/tours/3/&ap=55&be=564&fe=763&dc=522&perf=%7B%22timing%22:%7B%22of%22:1675525358614,%22n%22:0,%22r%22:0,%22re%22:182,%22f%22:182,%22dn%22:182,%22dne%22:182,%22c%22:182,%22s%22:182,%22ce%22:182,%22rq%22:184,%22rp%22:411,%22rpe%22:415,%22dl%22:535,%22di%22:1021,%22ds%22:1085,%22de%22:1092,%22dc%22:1324,%22l%22:1324,%22le%22:1344%7D,%22navigation%22:%7B%22rc%22:1%7D%7D&fcp=925&at=H0ETGw9CExRCXBM9CgBBXAkZG0QSVEsPAw4BQVwbamZQD15XPj1BSEEVUFJXRBFuXQAWBkZZVhUXenc%2BY1gYQFlGVF8NAQECWAMBWAZXBlcADhh4Yy8TFUMhJTshCU0XAwhVHRsiJDwmDBJ8TU1DABMDQwQCCBADFVNYXRJUG01AEQECCmZcSRNbEwBQTFpUTVILGwgEVRMVQwMNCw05X1lYVhITA0NAT0YBA0pBZlYUVEoSPQoUQVwbDAgfWAEXVVBNVVZSGxkbUwRCTT4FFgEQFWZSXF5DCxsvLUFIQQ9JalpeFF9NExtBXkEodhcVEwhBZgINFgoXFEBqWl4PV1AFBw0HBkQDFwAIQx0bCBI8CgYSTlpLWkMLGwMOChxNBVZYGx1DWEk%2BDREDAghQT1hFCF5XQ1hBJg8PQRVqXg1ETQgNDRdBShtcSW4IQklDWEEmDw9BFWpeDURNCA0NF0FKG1xJbgBCV0NYVlRQVg0ZG1gRblgSDDwLEQEbDxtzDVhBQTEMCBYSUFpXQkFwakNOQQ0TOVpaV18EUk0IDQ07Fx9JUBsLQ3JYAw4GSyc1dRcVEwhBZhQRBhY8EkBFXBNbE0sEEQoABghNXFhdQx0bEwcSEQYVTWpJUBVZG1tATBAME0tGFgJOExVDFQ87CwlKQRsLQ1JRABYWFgEHTVAXUg5cG01AEA0XA2ZcXRNbABVDEQoQBjldWlRQCF8bW0AADAISTEdbUBVUFwINDkZPREtQSEQEQk0%2BCgwXF0QDF1pZAEVMEwACEAZIWlpUE00TWxMNFBcGFGZcXRNbEw9ZUVFVVFMPGFoCU1cUVQNTU04HDgBbHFZVAQRUUFRWUAhUARNNE0sEBAYWBhQbDxtZFUVJElhMSwAHVEYXVhNQTQgRTEZPREtQSEQEQk0%2BDwYQCwldFwMTJnRtQ05BFBoSUVpXbhdUSxILDApBXBsGFwZDHRsUAzwABhBQVlxuB1BUCA4aRllEdkFRVBMTFUMXAjsHA09cWlQ%2BRUARB0FeQQJcRlJFDkEbTUAWBTwJSmpfUAxYVRhAWUY0D1dRVkYSExVDFwI7DBVmQ1xDElhWD0BZRlJWGxkbRABuWxMNFBcGFGZTWFwIXUBDWEEiChRcU1ZJQx0bFAM8BhEJTkZcQz5HXBMRCgsNRAMXCAFUHwlDTkERAjlKQUtYD1YbW0AuCxkPVVlYHlQfCUFKNA0NAlZCShEvZRlQUk1UWEZuXFcHVQoZGVRXX0MUTw8IAVQfCUhCJAEADVYaCwFQAQlQUlJEJQ9LUF9eGR4IUVdNVEFKG1JQRT5SVgwPChBBXBsBWARXUA9QBgFSW14bGRtBAENYDBFBXkEdZRdNXhRDZUNYQzhBHghnXW1DHRk9QAAFDhZYXF5fPRMDQT5BKgAnQGBlE00RZUMBP0ZZRmUXCm1DHRk9QBM4QVwZaRsBPRMVQT5BAwYIXVBLbUMLGT1ABThBShlpG1UIQlgDDgY7EAlMW11tQwsZPUBTOEEbG0hE&jsonp=NREUM.setToken HTTP/1.1
Host: bam.nr-data.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://chaturbate.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Date: Sat, 04 Feb 2023 15:42:04 GMT
Content-Type: text/javascript
Transfer-Encoding: chunked
Connection: keep-alive
CF-Ray: 7944839b1812b4fa-OSL
Access-Control-Allow-Origin: *
CF-Cache-Status: DYNAMIC
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, PUT, HEAD, OPTIONS
Cross-Origin-Resource-Policy: cross-origin
Vary: Accept-Encoding
Server: cloudflare
Content-Encoding: gzip
cbjpeg.stream.highwebmedia.com/stream?room=claire_moulin&f=0.3957158515018845
131.153.88.93200 OK 22 kB URL HTTP/2 cbjpeg.stream.highwebmedia.com/stream?room=claire_moulin&f=0.3957158515018845
IP 131.153.88.93:0
ASN #50389 Phoenix Nap, LLC.
File type JPEG image data, JFIF standard 1.02, aspect ratio, density 1280x1281, segment length 16, comment: "Lavc58.91.100", baseline, precision 8, 854x480, components 3\012- data
Hash a1d67d25eb924e3c9df84a14221e58cd
dc142d3a11ecee064f5c5bea81cdfa62150757bc
37662eac0f37ef42b0d2f9598dbdf74532fcd93a69184cd25605d1a49ab6dae8
GET /stream?room=claire_moulin&f=0.3957158515018845 HTTP/1.1
Host: cbjpeg.stream.highwebmedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://chaturbate.com/
Connection: keep-alive
Cookie: _cfuvid=zQRvoRtu1PdfTxywsPaSsW8zHCe1PRgbwnGkiNh4Zn8-1675525323178-0-604800000
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 04 Feb 2023 15:42:04 GMT
content-type: image/jpeg
content-length: 22080
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: default-src 'none'; img-src data:; style-src 'unsafe-inline'
cache-tag: cbjpeg
x-frame-options: DENY
X-Firefox-Spdy: h2
bam.nr-data.net/events/1/6f524845d1?a=24279235&v=1223.PROD&to=MwYEbUdYXxJQWhULDApMIExbWkUIXldOFgwRERUXQ1BUFkIDFQ0WFlA%3D&rst=1718&ck=0&s=793bfb1a24d364e7&ref=https://chaturbate.com/tours/3/
162.247.241.14429 Too Many Requests 2 B URL HTTP/1.1 bam.nr-data.net/events/1/6f524845d1?a=24279235&v=1223.PROD&to=MwYEbUdYXxJQWhULDApMIExbWkUIXldOFgwRERUXQ1BUFkIDFQ0WFlA%3D&rst=1718&ck=0&s=793bfb1a24d364e7&ref=https://chaturbate.com/tours/3/
IP 162.247.241.14:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 99914b932bd37a50b983c5e7c90ae93b
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
POST /events/1/6f524845d1?a=24279235&v=1223.PROD&to=MwYEbUdYXxJQWhULDApMIExbWkUIXldOFgwRERUXQ1BUFkIDFQ0WFlA%3D&rst=1718&ck=0&s=793bfb1a24d364e7&ref=https://chaturbate.com/tours/3/ HTTP/1.1
Host: bam.nr-data.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://chaturbate.com/
content-type: text/plain
Content-Length: 1685
Origin: https://chaturbate.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 429 Too Many Requests
Date: Sat, 04 Feb 2023 15:42:04 GMT
Content-Type: application/json; charset=UTF-8
Content-Length: 2
Connection: keep-alive
CF-Ray: 7944839c39acb4fa-OSL
Access-Control-Allow-Origin: https://chaturbate.com
Retry-After: 22
CF-Cache-Status: DYNAMIC
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, PUT, HEAD, OPTIONS
Vary: Accept-Encoding
Server: cloudflare
cbjpeg.stream.highwebmedia.com/stream?room=claire_moulin&f=0.8206405461747623
131.153.88.93200 OK 22 kB URL HTTP/2 cbjpeg.stream.highwebmedia.com/stream?room=claire_moulin&f=0.8206405461747623
IP 131.153.88.93:0
ASN #50389 Phoenix Nap, LLC.
File type JPEG image data, JFIF standard 1.02, aspect ratio, density 1280x1281, segment length 16, comment: "Lavc58.91.100", baseline, precision 8, 854x480, components 3\012- data
Hash 41eac5aa9bc78f6ad15cf8826e003669
6de85490f215a9d9ea9e0d0bd78b8e6c85ea5318
5f40035ac7112296b616838ca8d21434568ef254b14d1f333a72ff730334296d
GET /stream?room=claire_moulin&f=0.8206405461747623 HTTP/1.1
Host: cbjpeg.stream.highwebmedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://chaturbate.com/
Connection: keep-alive
Cookie: _cfuvid=zQRvoRtu1PdfTxywsPaSsW8zHCe1PRgbwnGkiNh4Zn8-1675525323178-0-604800000
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 04 Feb 2023 15:42:04 GMT
content-type: image/jpeg
content-length: 22287
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: default-src 'none'; img-src data:; style-src 'unsafe-inline'
cache-tag: cbjpeg
x-frame-options: DENY
X-Firefox-Spdy: h2
bam.nr-data.net/1/6f524845d1?a=24279235&v=1223.PROD&to=MwYEbUdYXxJQWhULDApMIExbWkUIXldOAQsFF0hPXFxGEgtrDg0OMgoDThteVBU%3D&rst=2155&ck=0&s=793bfb1a24d364e7&ref=https://chaturbate.com/embed/claire_moulin/&ap=148&be=969&fe=1024&dc=465&perf=%7B%22timing%22:%7B%22of%22:1675525358285,%22n%22:0,%22r%22:1,%22re%22:472,%22f%22:472,%22dn%22:472,%22dne%22:472,%22c%22:472,%22s%22:472,%22ce%22:472,%22rq%22:475,%22rp%22:789,%22rpe%22:795,%22dl%22:876,%22di%22:1408,%22ds%22:1433,%22de%22:1447,%22dc%22:1988,%22l%22:1989,%22le%22:2003%7D,%22navigation%22:%7B%22rc%22:2%7D%7D&fcp=1712&at=H0ETGw9CExRCXBM9CgBBXAkZG0QSVEsPAw4BQVwbamZQD15XPj1BSEEVUFJXRBFuXQAWBkZZVhUXenc%2BY1gYQFlGVF8NAQECWAMMWFRRBlcADhh4Yy8TFUMhJTshCU0XAwhVHRsiJDwmDBJ8TU1DABMDQwQCCBADFVNYXRJUG01AEQECCmZcSRNbEwBQTFpUTVILGwgEVRMVQwMNCw05X1lYVhITA0NAT0YBA0pBZlYUVEoSPQoUQVwbDAgfWAEXVVBNVVZSGxkbUwRCTT4FFgEQFWZSXF5DCxsvLUFIQQ9JalpeFF9NExtBXkEodhcVEwhBZgINFgoXFEBqWl4PV1AFBw0HBkQDFwAIQx0bCBI8CgYSTlpLWkMLGwMOChxNBVZYGx1DWEk%2BDREDAghQT1hFCF5XQ1hBJg8PQRVqXg1ETQgNDRdBShtcSW4IQklDWEEmDw9BFWpeDURNCA0NF0FKG1xJbgBCV0NYVlRQVg0ZG1gRblgSDDwLEQEbDxtzDVhBQTEMCBYSUFpXQkFwakNOQQ0TOVpaV18EUk0IDQ07Fx9JUBsLQ3JYAw4GSyc1dRcVEwhBZhQRBhY8EkBFXBNbE0sEEQoABghNXFhdQx0bEwcSEQYVTWpJUBVZG1tATAEOBFxRFlINUFATBzwJDBNVXFceQx0bFg48DAwVTRcDEwJZWBUXEQYCElwbWl4MExVDEQoQBjlQURsLUB0bEgsXATwCVlhYWA8TA0MBCwUXE0tXWEUEH1oOD0FIQRRcRExUEkVmCQ0QEEFcG1ZRUBVESwMDFwFNBVZYGx1DU0sOFRABETlQURsLQ1ANB1oAUgZSFFcMAQQcDVMBUEkBVgoEFANRAAtZUltUW18JABsdQ0NcBwcRARFEAxdRRRVBSltNTAVNC1xRX14OVUoABAYQGkhaWlQeQx0bEwcSEQYVTWpUVBVZVgVAWUYkI20XFRMRSE0JDQ07FQNLRlBeDxMDQ1FNU0FKG0BYbgVUTwgBBjsFB1RcVUhDCxsuFgsBEUQVF0xQPlVcFwsAATwSQEVcE1sTXQQRCBAMFhsZG0QAblYSPQUFDg9VTBsLQ2ZQDwYMExBEFRdMUD5eSj4UBhYQD1ZbGwtDAAlDTkERAjlbR1ZGElRLPgQCCQoKQBcDEydYSwQEDBxBShtAWG4DQ1YWEQYWPBBcR0pYDl8bW0BSVFZICRcVExRQZhIWEQ0NARsPG3wOS1ANDgJLVkgJFRFmCF9dDhUQRC0yGQQJH1EKGTYLDVJXXRlNDwVaEUsXWFJUVkgJHBl2BFJSDk1RVFJWCQQJAEF3UBMHBQsbSQgFDB9RExVDBQoQPAVWWFRYFRMDQ1YCUVUHDwRdU1cJAUNOQRQCFFhYShNbE0I9QAkLCghmWk9UE11YGD5BXkM6GwRlE00RZUMWDBEROhsPGW1DVW0MUj9GT0ZlF1pQDEFYCAUNOEFcGWkbRQB%2BSiM%2BQUhDOhtRUEIAU1UEPRALFghdaRsLQW0bUD5BSEM6G1hWUwhdXDMHBw0RA1pBZRNbEWVDAxYQDDobGRltQ1RUAwcHOxUPXVBWbg5fVRg%2BQV5DOhsEZRNNEWVDFgIWBANNaRsLQW0bPgAPBQ0NZRdEE00TWgAPPBACARsPG0EUU1UIAUFIQQVWWVZDPlxWBQdBXkEKUFJRRQxeXQRAT0YRCVZYZkIVUE0UEUFeQQpQQ1wTHEw%3D&jsonp=NREUM.setToken
162.247.241.14200 OK 31 kB URL HTTP/1.1 bam.nr-data.net/1/6f524845d1?a=24279235&v=1223.PROD&to=MwYEbUdYXxJQWhULDApMIExbWkUIXldOAQsFF0hPXFxGEgtrDg0OMgoDThteVBU%3D&rst=2155&ck=0&s=793bfb1a24d364e7&ref=https://chaturbate.com/embed/claire_moulin/&ap=148&be=969&fe=1024&dc=465&perf=%7B%22timing%22:%7B%22of%22:1675525358285,%22n%22:0,%22r%22:1,%22re%22:472,%22f%22:472,%22dn%22:472,%22dne%22:472,%22c%22:472,%22s%22:472,%22ce%22:472,%22rq%22:475,%22rp%22:789,%22rpe%22:795,%22dl%22:876,%22di%22:1408,%22ds%22:1433,%22de%22:1447,%22dc%22:1988,%22l%22:1989,%22le%22:2003%7D,%22navigation%22:%7B%22rc%22:2%7D%7D&fcp=1712&at=H0ETGw9CExRCXBM9CgBBXAkZG0QSVEsPAw4BQVwbamZQD15XPj1BSEEVUFJXRBFuXQAWBkZZVhUXenc%2BY1gYQFlGVF8NAQECWAMMWFRRBlcADhh4Yy8TFUMhJTshCU0XAwhVHRsiJDwmDBJ8TU1DABMDQwQCCBADFVNYXRJUG01AEQECCmZcSRNbEwBQTFpUTVILGwgEVRMVQwMNCw05X1lYVhITA0NAT0YBA0pBZlYUVEoSPQoUQVwbDAgfWAEXVVBNVVZSGxkbUwRCTT4FFgEQFWZSXF5DCxsvLUFIQQ9JalpeFF9NExtBXkEodhcVEwhBZgINFgoXFEBqWl4PV1AFBw0HBkQDFwAIQx0bCBI8CgYSTlpLWkMLGwMOChxNBVZYGx1DWEk%2BDREDAghQT1hFCF5XQ1hBJg8PQRVqXg1ETQgNDRdBShtcSW4IQklDWEEmDw9BFWpeDURNCA0NF0FKG1xJbgBCV0NYVlRQVg0ZG1gRblgSDDwLEQEbDxtzDVhBQTEMCBYSUFpXQkFwakNOQQ0TOVpaV18EUk0IDQ07Fx9JUBsLQ3JYAw4GSyc1dRcVEwhBZhQRBhY8EkBFXBNbE0sEEQoABghNXFhdQx0bEwcSEQYVTWpJUBVZG1tATAEOBFxRFlINUFATBzwJDBNVXFceQx0bFg48DAwVTRcDEwJZWBUXEQYCElwbWl4MExVDEQoQBjlQURsLUB0bEgsXATwCVlhYWA8TA0MBCwUXE0tXWEUEH1oOD0FIQRRcRExUEkVmCQ0QEEFcG1ZRUBVESwMDFwFNBVZYGx1DU0sOFRABETlQURsLQ1ANB1oAUgZSFFcMAQQcDVMBUEkBVgoEFANRAAtZUltUW18JABsdQ0NcBwcRARFEAxdRRRVBSltNTAVNC1xRX14OVUoABAYQGkhaWlQeQx0bEwcSEQYVTWpUVBVZVgVAWUYkI20XFRMRSE0JDQ07FQNLRlBeDxMDQ1FNU0FKG0BYbgVUTwgBBjsFB1RcVUhDCxsuFgsBEUQVF0xQPlVcFwsAATwSQEVcE1sTXQQRCBAMFhsZG0QAblYSPQUFDg9VTBsLQ2ZQDwYMExBEFRdMUD5eSj4UBhYQD1ZbGwtDAAlDTkERAjlbR1ZGElRLPgQCCQoKQBcDEydYSwQEDBxBShtAWG4DQ1YWEQYWPBBcR0pYDl8bW0BSVFZICRcVExRQZhIWEQ0NARsPG3wOS1ANDgJLVkgJFRFmCF9dDhUQRC0yGQQJH1EKGTYLDVJXXRlNDwVaEUsXWFJUVkgJHBl2BFJSDk1RVFJWCQQJAEF3UBMHBQsbSQgFDB9RExVDBQoQPAVWWFRYFRMDQ1YCUVUHDwRdU1cJAUNOQRQCFFhYShNbE0I9QAkLCghmWk9UE11YGD5BXkM6GwRlE00RZUMWDBEROhsPGW1DVW0MUj9GT0ZlF1pQDEFYCAUNOEFcGWkbRQB%2BSiM%2BQUhDOhtRUEIAU1UEPRALFghdaRsLQW0bUD5BSEM6G1hWUwhdXDMHBw0RA1pBZRNbEWVDAxYQDDobGRltQ1RUAwcHOxUPXVBWbg5fVRg%2BQV5DOhsEZRNNEWVDFgIWBANNaRsLQW0bPgAPBQ0NZRdEE00TWgAPPBACARsPG0EUU1UIAUFIQQVWWVZDPlxWBQdBXkEKUFJRRQxeXQRAT0YRCVZYZkIVUE0UEUFeQQpQQ1wTHEw%3D&jsonp=NREUM.setToken
IP 162.247.241.14:0
Hash b3edbd8fd899eb86fe89812fca64a79d
dc14a7bf8c2062711ef0e9f51a6c05eb8592ecb9
5e12247fcfb2969483d07a8783f4e19c8af2367d9319a6dcf97c51ea140be901
GET /1/6f524845d1?a=24279235&v=1223.PROD&to=MwYEbUdYXxJQWhULDApMIExbWkUIXldOAQsFF0hPXFxGEgtrDg0OMgoDThteVBU%3D&rst=2155&ck=0&s=793bfb1a24d364e7&ref=https://chaturbate.com/embed/claire_moulin/&ap=148&be=969&fe=1024&dc=465&perf=%7B%22timing%22:%7B%22of%22:1675525358285,%22n%22:0,%22r%22:1,%22re%22:472,%22f%22:472,%22dn%22:472,%22dne%22:472,%22c%22:472,%22s%22:472,%22ce%22:472,%22rq%22:475,%22rp%22:789,%22rpe%22:795,%22dl%22:876,%22di%22:1408,%22ds%22:1433,%22de%22:1447,%22dc%22:1988,%22l%22:1989,%22le%22:2003%7D,%22navigation%22:%7B%22rc%22:2%7D%7D&fcp=1712&at=H0ETGw9CExRCXBM9CgBBXAkZG0QSVEsPAw4BQVwbamZQD15XPj1BSEEVUFJXRBFuXQAWBkZZVhUXenc%2BY1gYQFlGVF8NAQECWAMMWFRRBlcADhh4Yy8TFUMhJTshCU0XAwhVHRsiJDwmDBJ8TU1DABMDQwQCCBADFVNYXRJUG01AEQECCmZcSRNbEwBQTFpUTVILGwgEVRMVQwMNCw05X1lYVhITA0NAT0YBA0pBZlYUVEoSPQoUQVwbDAgfWAEXVVBNVVZSGxkbUwRCTT4FFgEQFWZSXF5DCxsvLUFIQQ9JalpeFF9NExtBXkEodhcVEwhBZgINFgoXFEBqWl4PV1AFBw0HBkQDFwAIQx0bCBI8CgYSTlpLWkMLGwMOChxNBVZYGx1DWEk%2BDREDAghQT1hFCF5XQ1hBJg8PQRVqXg1ETQgNDRdBShtcSW4IQklDWEEmDw9BFWpeDURNCA0NF0FKG1xJbgBCV0NYVlRQVg0ZG1gRblgSDDwLEQEbDxtzDVhBQTEMCBYSUFpXQkFwakNOQQ0TOVpaV18EUk0IDQ07Fx9JUBsLQ3JYAw4GSyc1dRcVEwhBZhQRBhY8EkBFXBNbE0sEEQoABghNXFhdQx0bEwcSEQYVTWpJUBVZG1tATAEOBFxRFlINUFATBzwJDBNVXFceQx0bFg48DAwVTRcDEwJZWBUXEQYCElwbWl4MExVDEQoQBjlQURsLUB0bEgsXATwCVlhYWA8TA0MBCwUXE0tXWEUEH1oOD0FIQRRcRExUEkVmCQ0QEEFcG1ZRUBVESwMDFwFNBVZYGx1DU0sOFRABETlQURsLQ1ANB1oAUgZSFFcMAQQcDVMBUEkBVgoEFANRAAtZUltUW18JABsdQ0NcBwcRARFEAxdRRRVBSltNTAVNC1xRX14OVUoABAYQGkhaWlQeQx0bEwcSEQYVTWpUVBVZVgVAWUYkI20XFRMRSE0JDQ07FQNLRlBeDxMDQ1FNU0FKG0BYbgVUTwgBBjsFB1RcVUhDCxsuFgsBEUQVF0xQPlVcFwsAATwSQEVcE1sTXQQRCBAMFhsZG0QAblYSPQUFDg9VTBsLQ2ZQDwYMExBEFRdMUD5eSj4UBhYQD1ZbGwtDAAlDTkERAjlbR1ZGElRLPgQCCQoKQBcDEydYSwQEDBxBShtAWG4DQ1YWEQYWPBBcR0pYDl8bW0BSVFZICRcVExRQZhIWEQ0NARsPG3wOS1ANDgJLVkgJFRFmCF9dDhUQRC0yGQQJH1EKGTYLDVJXXRlNDwVaEUsXWFJUVkgJHBl2BFJSDk1RVFJWCQQJAEF3UBMHBQsbSQgFDB9RExVDBQoQPAVWWFRYFRMDQ1YCUVUHDwRdU1cJAUNOQRQCFFhYShNbE0I9QAkLCghmWk9UE11YGD5BXkM6GwRlE00RZUMWDBEROhsPGW1DVW0MUj9GT0ZlF1pQDEFYCAUNOEFcGWkbRQB%2BSiM%2BQUhDOhtRUEIAU1UEPRALFghdaRsLQW0bUD5BSEM6G1hWUwhdXDMHBw0RA1pBZRNbEWVDAxYQDDobGRltQ1RUAwcHOxUPXVBWbg5fVRg%2BQV5DOhsEZRNNEWVDFgIWBANNaRsLQW0bPgAPBQ0NZRdEE00TWgAPPBACARsPG0EUU1UIAUFIQQVWWVZDPlxWBQdBXkEKUFJRRQxeXQRAT0YRCVZYZkIVUE0UEUFeQQpQQ1wTHEw%3D&jsonp=NREUM.setToken HTTP/1.1
Host: bam.nr-data.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://chaturbate.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Date: Sat, 04 Feb 2023 15:42:04 GMT
Content-Type: text/javascript
Transfer-Encoding: chunked
Connection: keep-alive
CF-Ray: 7944839ceda01bfa-OSL
Access-Control-Allow-Origin: *
CF-Cache-Status: DYNAMIC
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, PUT, HEAD, OPTIONS
Cross-Origin-Resource-Policy: cross-origin
Vary: Accept-Encoding
Server: cloudflare
Content-Encoding: gzip
cbjpeg.stream.highwebmedia.com/stream?room=claire_moulin&f=0.7055222487758167
131.153.88.93200 OK 22 kB URL HTTP/2 cbjpeg.stream.highwebmedia.com/stream?room=claire_moulin&f=0.7055222487758167
IP 131.153.88.93:0
ASN #50389 Phoenix Nap, LLC.
File type JPEG image data, JFIF standard 1.02, aspect ratio, density 1280x1281, segment length 16, comment: "Lavc58.91.100", baseline, precision 8, 854x480, components 3\012- data
Hash 6aa22f35e0b97a87ff445e7f3a9390c4
39581dead181b9fccc9c29fd9e3894af7e89f2d4
0e88c3a29630187ebf99ecb3659d87dddb4b239059df0942ad776bd6ac9a8e59
GET /stream?room=claire_moulin&f=0.7055222487758167 HTTP/1.1
Host: cbjpeg.stream.highwebmedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://chaturbate.com/
Connection: keep-alive
Cookie: _cfuvid=zQRvoRtu1PdfTxywsPaSsW8zHCe1PRgbwnGkiNh4Zn8-1675525323178-0-604800000
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 04 Feb 2023 15:42:04 GMT
content-type: image/jpeg
content-length: 22045
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: default-src 'none'; img-src data:; style-src 'unsafe-inline'
cache-tag: cbjpeg
x-frame-options: DENY
X-Firefox-Spdy: h2
bam.nr-data.net/ins/1/6f524845d1?a=24279235&v=1223.PROD&to=MwYEbUdYXxJQWhULDApMIExbWkUIXldOAQsFF0hPXFxGEgtrDg0OMgoDThteVBU%3D&rst=2379&ck=0&s=793bfb1a24d364e7&ref=https://chaturbate.com/embed/claire_moulin/&at=H0ETGw9CExRCXBM9CgBBXAkZG0QSVEsPAw4BQVwbamZQD15XPj1BSEEVUFJXRBFuXQAWBkZZVhUXenc%2BY1gYQFlGVF8NAQECWAMMWFRRBlcADhh4Yy8TFUMhJTshCU0XAwhVHRsiJDwmDBJ8TU1DABMDQwQCCBADFVNYXRJUG01AEQECCmZcSRNbEwBQTFpUTVILGwgEVRMVQwMNCw05X1lYVhITA0NAT0YBA0pBZlYUVEoSPQoUQVwbDAgfWAEXVVBNVVZSGxkbUwRCTT4FFgEQFWZSXF5DCxsvLUFIQQ9JalpeFF9NExtBXkEodhcVEwhBZgINFgoXFEBqWl4PV1AFBw0HBkQDFwAIQx0bCBI8CgYSTlpLWkMLGwMOChxNBVZYGx1DWEk%2BDREDAghQT1hFCF5XQ1hBJg8PQRVqXg1ETQgNDRdBShtcSW4IQklDWEEmDw9BFWpeDURNCA0NF0FKG1xJbgBCV0NYVlRQVg0ZG1gRblgSDDwLEQEbDxtzDVhBQTEMCBYSUFpXQkFwakNOQQ0TOVpaV18EUk0IDQ07Fx9JUBsLQ3JYAw4GSyc1dRcVEwhBZhQRBhY8EkBFXBNbE0sEEQoABghNXFhdQx0bEwcSEQYVTWpJUBVZG1tATAEOBFxRFlINUFATBzwJDBNVXFceQx0bFg48DAwVTRcDEwJZWBUXEQYCElwbWl4MExVDEQoQBjlQURsLUB0bEgsXATwCVlhYWA8TA0MBCwUXE0tXWEUEH1oOD0FIQRRcRExUEkVmCQ0QEEFcG1ZRUBVESwMDFwFNBVZYGx1DU0sOFRABETlQURsLQ1ANB1oAUgZSFFcMAQQcDVMBUEkBVgoEFANRAAtZUltUW18JABsdQ0NcBwcRARFEAxdRRRVBSltNTAVNC1xRX14OVUoABAYQGkhaWlQeQx0bEwcSEQYVTWpUVBVZVgVAWUYkI20XFRMRSE0JDQ07FQNLRlBeDxMDQ1FNU0FKG0BYbgVUTwgBBjsFB1RcVUhDCxsuFgsBEUQVF0xQPlVcFwsAATwSQEVcE1sTXQQRCBAMFhsZG0QAblYSPQUFDg9VTBsLQ2ZQDwYMExBEFRdMUD5eSj4UBhYQD1ZbGwtDAAlDTkERAjlbR1ZGElRLPgQCCQoKQBcDEydYSwQEDBxBShtAWG4DQ1YWEQYWPBBcR0pYDl8bW0BSVFZICRcVExRQZhIWEQ0NARsPG3wOS1ANDgJLVkgJFRFmCF9dDhUQRC0yGQQJH1EKGTYLDVJXXRlNDwVaEUsXWFJUVkgJHBl2BFJSDk1RVFJWCQQJAEF3UBMHBQsbSQgFDB9RExVDBQoQPAVWWFRYFRMDQ1YCUVUHDwRdU1cJAUNOQRQCFFhYShNbE0I9QAkLCghmWk9UE11YGD5BXkM6GwRlE00RZUMWDBEROhsPGW1DVW0MUj9GT0ZlF1pQDEFYCAUNOEFcGWkbRQB%2BSiM%2BQUhDOhtRUEIAU1UEPRALFghdaRsLQW0bUD5BSEM6G1hWUwhdXDMHBw0RA1pBZRNbEWVDAxYQDDobGRltQ1RUAwcHOxUPXVBWbg5fVRg%2BQV5DOhsEZRNNEWVDFgIWBANNaRsLQW0bPgAPBQ0NZRdEE00TWgAPPBACARsPG0EUU1UIAUFIQQVWWVZDPlxWBQdBXkEKUFJRRQxeXQRAT0YRCVZYZkIVUE0UEUFeQQpQQ1wTHEw%3D
162.247.241.14429 Too Many Requests 2 B URL HTTP/1.1 bam.nr-data.net/ins/1/6f524845d1?a=24279235&v=1223.PROD&to=MwYEbUdYXxJQWhULDApMIExbWkUIXldOAQsFF0hPXFxGEgtrDg0OMgoDThteVBU%3D&rst=2379&ck=0&s=793bfb1a24d364e7&ref=https://chaturbate.com/embed/claire_moulin/&at=H0ETGw9CExRCXBM9CgBBXAkZG0QSVEsPAw4BQVwbamZQD15XPj1BSEEVUFJXRBFuXQAWBkZZVhUXenc%2BY1gYQFlGVF8NAQECWAMMWFRRBlcADhh4Yy8TFUMhJTshCU0XAwhVHRsiJDwmDBJ8TU1DABMDQwQCCBADFVNYXRJUG01AEQECCmZcSRNbEwBQTFpUTVILGwgEVRMVQwMNCw05X1lYVhITA0NAT0YBA0pBZlYUVEoSPQoUQVwbDAgfWAEXVVBNVVZSGxkbUwRCTT4FFgEQFWZSXF5DCxsvLUFIQQ9JalpeFF9NExtBXkEodhcVEwhBZgINFgoXFEBqWl4PV1AFBw0HBkQDFwAIQx0bCBI8CgYSTlpLWkMLGwMOChxNBVZYGx1DWEk%2BDREDAghQT1hFCF5XQ1hBJg8PQRVqXg1ETQgNDRdBShtcSW4IQklDWEEmDw9BFWpeDURNCA0NF0FKG1xJbgBCV0NYVlRQVg0ZG1gRblgSDDwLEQEbDxtzDVhBQTEMCBYSUFpXQkFwakNOQQ0TOVpaV18EUk0IDQ07Fx9JUBsLQ3JYAw4GSyc1dRcVEwhBZhQRBhY8EkBFXBNbE0sEEQoABghNXFhdQx0bEwcSEQYVTWpJUBVZG1tATAEOBFxRFlINUFATBzwJDBNVXFceQx0bFg48DAwVTRcDEwJZWBUXEQYCElwbWl4MExVDEQoQBjlQURsLUB0bEgsXATwCVlhYWA8TA0MBCwUXE0tXWEUEH1oOD0FIQRRcRExUEkVmCQ0QEEFcG1ZRUBVESwMDFwFNBVZYGx1DU0sOFRABETlQURsLQ1ANB1oAUgZSFFcMAQQcDVMBUEkBVgoEFANRAAtZUltUW18JABsdQ0NcBwcRARFEAxdRRRVBSltNTAVNC1xRX14OVUoABAYQGkhaWlQeQx0bEwcSEQYVTWpUVBVZVgVAWUYkI20XFRMRSE0JDQ07FQNLRlBeDxMDQ1FNU0FKG0BYbgVUTwgBBjsFB1RcVUhDCxsuFgsBEUQVF0xQPlVcFwsAATwSQEVcE1sTXQQRCBAMFhsZG0QAblYSPQUFDg9VTBsLQ2ZQDwYMExBEFRdMUD5eSj4UBhYQD1ZbGwtDAAlDTkERAjlbR1ZGElRLPgQCCQoKQBcDEydYSwQEDBxBShtAWG4DQ1YWEQYWPBBcR0pYDl8bW0BSVFZICRcVExRQZhIWEQ0NARsPG3wOS1ANDgJLVkgJFRFmCF9dDhUQRC0yGQQJH1EKGTYLDVJXXRlNDwVaEUsXWFJUVkgJHBl2BFJSDk1RVFJWCQQJAEF3UBMHBQsbSQgFDB9RExVDBQoQPAVWWFRYFRMDQ1YCUVUHDwRdU1cJAUNOQRQCFFhYShNbE0I9QAkLCghmWk9UE11YGD5BXkM6GwRlE00RZUMWDBEROhsPGW1DVW0MUj9GT0ZlF1pQDEFYCAUNOEFcGWkbRQB%2BSiM%2BQUhDOhtRUEIAU1UEPRALFghdaRsLQW0bUD5BSEM6G1hWUwhdXDMHBw0RA1pBZRNbEWVDAxYQDDobGRltQ1RUAwcHOxUPXVBWbg5fVRg%2BQV5DOhsEZRNNEWVDFgIWBANNaRsLQW0bPgAPBQ0NZRdEE00TWgAPPBACARsPG0EUU1UIAUFIQQVWWVZDPlxWBQdBXkEKUFJRRQxeXQRAT0YRCVZYZkIVUE0UEUFeQQpQQ1wTHEw%3D
IP 162.247.241.14:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 99914b932bd37a50b983c5e7c90ae93b
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
POST /ins/1/6f524845d1?a=24279235&v=1223.PROD&to=MwYEbUdYXxJQWhULDApMIExbWkUIXldOAQsFF0hPXFxGEgtrDg0OMgoDThteVBU%3D&rst=2379&ck=0&s=793bfb1a24d364e7&ref=https://chaturbate.com/embed/claire_moulin/&at=H0ETGw9CExRCXBM9CgBBXAkZG0QSVEsPAw4BQVwbamZQD15XPj1BSEEVUFJXRBFuXQAWBkZZVhUXenc%2BY1gYQFlGVF8NAQECWAMMWFRRBlcADhh4Yy8TFUMhJTshCU0XAwhVHRsiJDwmDBJ8TU1DABMDQwQCCBADFVNYXRJUG01AEQECCmZcSRNbEwBQTFpUTVILGwgEVRMVQwMNCw05X1lYVhITA0NAT0YBA0pBZlYUVEoSPQoUQVwbDAgfWAEXVVBNVVZSGxkbUwRCTT4FFgEQFWZSXF5DCxsvLUFIQQ9JalpeFF9NExtBXkEodhcVEwhBZgINFgoXFEBqWl4PV1AFBw0HBkQDFwAIQx0bCBI8CgYSTlpLWkMLGwMOChxNBVZYGx1DWEk%2BDREDAghQT1hFCF5XQ1hBJg8PQRVqXg1ETQgNDRdBShtcSW4IQklDWEEmDw9BFWpeDURNCA0NF0FKG1xJbgBCV0NYVlRQVg0ZG1gRblgSDDwLEQEbDxtzDVhBQTEMCBYSUFpXQkFwakNOQQ0TOVpaV18EUk0IDQ07Fx9JUBsLQ3JYAw4GSyc1dRcVEwhBZhQRBhY8EkBFXBNbE0sEEQoABghNXFhdQx0bEwcSEQYVTWpJUBVZG1tATAEOBFxRFlINUFATBzwJDBNVXFceQx0bFg48DAwVTRcDEwJZWBUXEQYCElwbWl4MExVDEQoQBjlQURsLUB0bEgsXATwCVlhYWA8TA0MBCwUXE0tXWEUEH1oOD0FIQRRcRExUEkVmCQ0QEEFcG1ZRUBVESwMDFwFNBVZYGx1DU0sOFRABETlQURsLQ1ANB1oAUgZSFFcMAQQcDVMBUEkBVgoEFANRAAtZUltUW18JABsdQ0NcBwcRARFEAxdRRRVBSltNTAVNC1xRX14OVUoABAYQGkhaWlQeQx0bEwcSEQYVTWpUVBVZVgVAWUYkI20XFRMRSE0JDQ07FQNLRlBeDxMDQ1FNU0FKG0BYbgVUTwgBBjsFB1RcVUhDCxsuFgsBEUQVF0xQPlVcFwsAATwSQEVcE1sTXQQRCBAMFhsZG0QAblYSPQUFDg9VTBsLQ2ZQDwYMExBEFRdMUD5eSj4UBhYQD1ZbGwtDAAlDTkERAjlbR1ZGElRLPgQCCQoKQBcDEydYSwQEDBxBShtAWG4DQ1YWEQYWPBBcR0pYDl8bW0BSVFZICRcVExRQZhIWEQ0NARsPG3wOS1ANDgJLVkgJFRFmCF9dDhUQRC0yGQQJH1EKGTYLDVJXXRlNDwVaEUsXWFJUVkgJHBl2BFJSDk1RVFJWCQQJAEF3UBMHBQsbSQgFDB9RExVDBQoQPAVWWFRYFRMDQ1YCUVUHDwRdU1cJAUNOQRQCFFhYShNbE0I9QAkLCghmWk9UE11YGD5BXkM6GwRlE00RZUMWDBEROhsPGW1DVW0MUj9GT0ZlF1pQDEFYCAUNOEFcGWkbRQB%2BSiM%2BQUhDOhtRUEIAU1UEPRALFghdaRsLQW0bUD5BSEM6G1hWUwhdXDMHBw0RA1pBZRNbEWVDAxYQDDobGRltQ1RUAwcHOxUPXVBWbg5fVRg%2BQV5DOhsEZRNNEWVDFgIWBANNaRsLQW0bPgAPBQ0NZRdEE00TWgAPPBACARsPG0EUU1UIAUFIQQVWWVZDPlxWBQdBXkEKUFJRRQxeXQRAT0YRCVZYZkIVUE0UEUFeQQpQQ1wTHEw%3D HTTP/1.1
Host: bam.nr-data.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://chaturbate.com/
content-type: text/plain
Content-Length: 2560
Origin: https://chaturbate.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 429 Too Many Requests
Date: Sat, 04 Feb 2023 15:42:04 GMT
Content-Type: application/json; charset=UTF-8
Content-Length: 2
Connection: keep-alive
CF-Ray: 7944839e4cb8b4fa-OSL
Access-Control-Allow-Origin: https://chaturbate.com
Retry-After: 22
CF-Cache-Status: DYNAMIC
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, PUT, HEAD, OPTIONS
Vary: Accept-Encoding
Server: cloudflare
bam.nr-data.net/events/1/6f524845d1?a=24279235&v=1223.PROD&to=MwYEbUdYXxJQWhULDApMIExbWkUIXldOAQsFF0hPXFxGEgtrDg0OMgoDThteVBU%3D&rst=2394&ck=0&s=793bfb1a24d364e7&ref=https://chaturbate.com/embed/claire_moulin/
162.247.241.14429 Too Many Requests 2 B URL HTTP/1.1 bam.nr-data.net/events/1/6f524845d1?a=24279235&v=1223.PROD&to=MwYEbUdYXxJQWhULDApMIExbWkUIXldOAQsFF0hPXFxGEgtrDg0OMgoDThteVBU%3D&rst=2394&ck=0&s=793bfb1a24d364e7&ref=https://chaturbate.com/embed/claire_moulin/
IP 162.247.241.14:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 99914b932bd37a50b983c5e7c90ae93b
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
POST /events/1/6f524845d1?a=24279235&v=1223.PROD&to=MwYEbUdYXxJQWhULDApMIExbWkUIXldOAQsFF0hPXFxGEgtrDg0OMgoDThteVBU%3D&rst=2394&ck=0&s=793bfb1a24d364e7&ref=https://chaturbate.com/embed/claire_moulin/ HTTP/1.1
Host: bam.nr-data.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://chaturbate.com/
content-type: text/plain
Content-Length: 2432
Origin: https://chaturbate.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 429 Too Many Requests
Date: Sat, 04 Feb 2023 15:42:04 GMT
Content-Type: application/json; charset=UTF-8
Content-Length: 2
Connection: keep-alive
CF-Ray: 7944839e789a1bfa-OSL
Access-Control-Allow-Origin: https://chaturbate.com
Retry-After: 22
CF-Cache-Status: DYNAMIC
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, PUT, HEAD, OPTIONS
Vary: Accept-Encoding
Server: cloudflare
cbjpeg.stream.highwebmedia.com/stream?room=claire_moulin&f=0.9743472493299037
131.153.88.93200 OK 22 kB URL HTTP/2 cbjpeg.stream.highwebmedia.com/stream?room=claire_moulin&f=0.9743472493299037
IP 131.153.88.93:0
ASN #50389 Phoenix Nap, LLC.
File type JPEG image data, JFIF standard 1.02, aspect ratio, density 1280x1281, segment length 16, comment: "Lavc58.91.100", baseline, precision 8, 854x480, components 3\012- data
Hash 5e64081eb8f4fba535efef15ca90c181
1942371ba8cb15f811f9c34c42482b135ff74710
ed6646084c376d91699541c60e083de611eda05f02ae6907739d51dd769823e9
GET /stream?room=claire_moulin&f=0.9743472493299037 HTTP/1.1
Host: cbjpeg.stream.highwebmedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://chaturbate.com/
Connection: keep-alive
Cookie: _cfuvid=zQRvoRtu1PdfTxywsPaSsW8zHCe1PRgbwnGkiNh4Zn8-1675525323178-0-604800000
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 04 Feb 2023 15:42:04 GMT
content-type: image/jpeg
content-length: 21867
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: default-src 'none'; img-src data:; style-src 'unsafe-inline'
cache-tag: cbjpeg
x-frame-options: DENY
X-Firefox-Spdy: h2
cbjpeg.stream.highwebmedia.com/stream?room=claire_moulin&f=0.5992692250720599
131.153.88.93200 OK 23 kB URL HTTP/2 cbjpeg.stream.highwebmedia.com/stream?room=claire_moulin&f=0.5992692250720599
IP 131.153.88.93:0
ASN #50389 Phoenix Nap, LLC.
File type JPEG image data, JFIF standard 1.02, aspect ratio, density 1280x1281, segment length 16, comment: "Lavc58.91.100", baseline, precision 8, 854x480, components 3\012- data
Hash 6681c5c76fc1e3e830319413af087ef2
e01c998a05f7ab55d6c2687780d6721f7a6adc21
de560b615c24f9ec5450ce861cb5b95c2390e0cfb5174869b2cbcb427403db34
GET /stream?room=claire_moulin&f=0.5992692250720599 HTTP/1.1
Host: cbjpeg.stream.highwebmedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://chaturbate.com/
Connection: keep-alive
Cookie: _cfuvid=zQRvoRtu1PdfTxywsPaSsW8zHCe1PRgbwnGkiNh4Zn8-1675525323178-0-604800000
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 04 Feb 2023 15:42:04 GMT
content-type: image/jpeg
content-length: 22899
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: default-src 'none'; img-src data:; style-src 'unsafe-inline'
cache-tag: cbjpeg
x-frame-options: DENY
X-Firefox-Spdy: h2
cbjpeg.stream.highwebmedia.com/stream?room=claire_moulin&f=0.1369043893866323
131.153.88.93200 OK 24 kB URL HTTP/2 cbjpeg.stream.highwebmedia.com/stream?room=claire_moulin&f=0.1369043893866323
IP 131.153.88.93:0
ASN #50389 Phoenix Nap, LLC.
File type JPEG image data, JFIF standard 1.02, aspect ratio, density 1280x1281, segment length 16, comment: "Lavc58.91.100", baseline, precision 8, 854x480, components 3\012- data
Hash 38c2544bd214a3901ab571742530a983
ba14d52dd09ef95fab5f0861e0b313632fdda70e
c83dc6a60463e00363befd00bbbede56c9c2a711311996aacf90b1d30fe9574d
GET /stream?room=claire_moulin&f=0.1369043893866323 HTTP/1.1
Host: cbjpeg.stream.highwebmedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://chaturbate.com/
Connection: keep-alive
Cookie: _cfuvid=zQRvoRtu1PdfTxywsPaSsW8zHCe1PRgbwnGkiNh4Zn8-1675525323178-0-604800000
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 04 Feb 2023 15:42:04 GMT
content-type: image/jpeg
content-length: 23994
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: default-src 'none'; img-src data:; style-src 'unsafe-inline'
cache-tag: cbjpeg
x-frame-options: DENY
X-Firefox-Spdy: h2
realtime.pa.highwebmedia.com/comet/connect?access_token=eyJhbGciOiJIUzI1NiIsImtpZCI6IktTS3cyZy5MMzZJU2ciLCJ0eXAiOiJKV1QifQ.eyJpYXQiOjE2NzU1MjUzMjQsImV4cCI6MTY3NTYxMTcyNC4wLCJ4LWFibHktY2FwYWJpbGl0eSI6IntcInJvb206dGlwX2FsZXJ0OlJTUTdaRExcIjogW1wic3Vic2NyaWJlXCJdLCBcInJvb206cHVyY2hhc2U6UlNRN1pETFwiOiBbXCJzdWJzY3JpYmVcIl0sIFwicm9vbTpmYW5jbHViOlJTUTdaRExcIjogW1wic3Vic2NyaWJlXCJdLCBcInJvb206bWVzc2FnZTpSU1E3WkRMOjRcIjogW1wic3Vic2NyaWJlXCJdLCBcImdsb2JhbDpwdXNoX3NlcnZpY2VcIjogW1wic3Vic2NyaWJlXCJdLCBcInJvb21fYW5vbjpwcmVzZW5jZTpSU1E3WkRMOjRcIjogW1wic3Vic2NyaWJlXCJdLCBcInJvb206cXVhbGl0eV91cGRhdGU6UlNRN1pETFwiOiBbXCJzdWJzY3JpYmVcIl0sIFwicm9vbTpub3RpY2U6UlNRN1pETFwiOiBbXCJzdWJzY3JpYmVcIl0sIFwicm9vbTplbnRlcl9sZWF2ZTpSU1E3WkRMXCI6IFtcInN1YnNjcmliZVwiXSwgXCJyb29tOnBhc3N3b3JkX3Byb3RlY3RlZDpSU1E3WkRMOjRcIjogW1wic3Vic2NyaWJlXCJdLCBcInJvb206bW9kX3Byb21vdGVkOlJTUTdaRExcIjogW1wic3Vic2NyaWJlXCJdLCBcInJvb206bW9kX3Jldm9rZWQ6UlNRN1pETFwiOiBbXCJzdWJzY3JpYmVcIl0sIFwicm9vbTpzdGF0dXM6UlNRN1pETDo0XCI6IFtcInN1YnNjcmliZVwiXSwgXCJyb29tOnRpdGxlX2NoYW5nZTpSU1E3WkRMXCI6IFtcInN1YnNjcmliZVwiXSwgXCJyb29tOnNpbGVuY2U6UlNRN1pETFwiOiBbXCJzdWJzY3JpYmVcIl0sIFwicm9vbTpraWNrOlJTUTdaRExcIjogW1wic3Vic2NyaWJlXCJdLCBcInJvb206dXBkYXRlOlJTUTdaRExcIjogW1wic3Vic2NyaWJlXCJdLCBcInJvb206c2V0dGluZ3M6UlNRN1pETFwiOiBbXCJzdWJzY3JpYmVcIl19IiwieC1hYmx5LWNsaWVudElkIjoiYW5vbjY3MWIzZTM1LTIzZjAtNGUzYi05OTAzLThlZTAyZDU0M2EwOSJ9.kKYBOPEf4fg3rSrDLXaIqSJ6QxZtnmBYvYTBadn2iw4&stream=false&heartbeats=true&v=1.2&agent=ably-js%2F1.2.13%20browser&remainPresentFor=0&rnd=6858643565566641
54.230.111.129200 OK 544 B URL HTTP/2 realtime.pa.highwebmedia.com/comet/connect?access_token=eyJhbGciOiJIUzI1NiIsImtpZCI6IktTS3cyZy5MMzZJU2ciLCJ0eXAiOiJKV1QifQ.eyJpYXQiOjE2NzU1MjUzMjQsImV4cCI6MTY3NTYxMTcyNC4wLCJ4LWFibHktY2FwYWJpbGl0eSI6IntcInJvb206dGlwX2FsZXJ0OlJTUTdaRExcIjogW1wic3Vic2NyaWJlXCJdLCBcInJvb206cHVyY2hhc2U6UlNRN1pETFwiOiBbXCJzdWJzY3JpYmVcIl0sIFwicm9vbTpmYW5jbHViOlJTUTdaRExcIjogW1wic3Vic2NyaWJlXCJdLCBcInJvb206bWVzc2FnZTpSU1E3WkRMOjRcIjogW1wic3Vic2NyaWJlXCJdLCBcImdsb2JhbDpwdXNoX3NlcnZpY2VcIjogW1wic3Vic2NyaWJlXCJdLCBcInJvb21fYW5vbjpwcmVzZW5jZTpSU1E3WkRMOjRcIjogW1wic3Vic2NyaWJlXCJdLCBcInJvb206cXVhbGl0eV91cGRhdGU6UlNRN1pETFwiOiBbXCJzdWJzY3JpYmVcIl0sIFwicm9vbTpub3RpY2U6UlNRN1pETFwiOiBbXCJzdWJzY3JpYmVcIl0sIFwicm9vbTplbnRlcl9sZWF2ZTpSU1E3WkRMXCI6IFtcInN1YnNjcmliZVwiXSwgXCJyb29tOnBhc3N3b3JkX3Byb3RlY3RlZDpSU1E3WkRMOjRcIjogW1wic3Vic2NyaWJlXCJdLCBcInJvb206bW9kX3Byb21vdGVkOlJTUTdaRExcIjogW1wic3Vic2NyaWJlXCJdLCBcInJvb206bW9kX3Jldm9rZWQ6UlNRN1pETFwiOiBbXCJzdWJzY3JpYmVcIl0sIFwicm9vbTpzdGF0dXM6UlNRN1pETDo0XCI6IFtcInN1YnNjcmliZVwiXSwgXCJyb29tOnRpdGxlX2NoYW5nZTpSU1E3WkRMXCI6IFtcInN1YnNjcmliZVwiXSwgXCJyb29tOnNpbGVuY2U6UlNRN1pETFwiOiBbXCJzdWJzY3JpYmVcIl0sIFwicm9vbTpraWNrOlJTUTdaRExcIjogW1wic3Vic2NyaWJlXCJdLCBcInJvb206dXBkYXRlOlJTUTdaRExcIjogW1wic3Vic2NyaWJlXCJdLCBcInJvb206c2V0dGluZ3M6UlNRN1pETFwiOiBbXCJzdWJzY3JpYmVcIl19IiwieC1hYmx5LWNsaWVudElkIjoiYW5vbjY3MWIzZTM1LTIzZjAtNGUzYi05OTAzLThlZTAyZDU0M2EwOSJ9.kKYBOPEf4fg3rSrDLXaIqSJ6QxZtnmBYvYTBadn2iw4&stream=false&heartbeats=true&v=1.2&agent=ably-js%2F1.2.13%20browser&remainPresentFor=0&rnd=6858643565566641
IP 54.230.111.129:0
File type JSON data\012- , ASCII text
Hash 684503c2a2135f15b9771b8d99fb85c6
f879586ee8cfd5b5c50f43a45f1e30e2f1fc0ec3
da2229155a2ff2682dfe3cecc04abf3efda36a53732977d2000e4a7f1352d0bd
GET /comet/connect?access_token=eyJhbGciOiJIUzI1NiIsImtpZCI6IktTS3cyZy5MMzZJU2ciLCJ0eXAiOiJKV1QifQ.eyJpYXQiOjE2NzU1MjUzMjQsImV4cCI6MTY3NTYxMTcyNC4wLCJ4LWFibHktY2FwYWJpbGl0eSI6IntcInJvb206dGlwX2FsZXJ0OlJTUTdaRExcIjogW1wic3Vic2NyaWJlXCJdLCBcInJvb206cHVyY2hhc2U6UlNRN1pETFwiOiBbXCJzdWJzY3JpYmVcIl0sIFwicm9vbTpmYW5jbHViOlJTUTdaRExcIjogW1wic3Vic2NyaWJlXCJdLCBcInJvb206bWVzc2FnZTpSU1E3WkRMOjRcIjogW1wic3Vic2NyaWJlXCJdLCBcImdsb2JhbDpwdXNoX3NlcnZpY2VcIjogW1wic3Vic2NyaWJlXCJdLCBcInJvb21fYW5vbjpwcmVzZW5jZTpSU1E3WkRMOjRcIjogW1wic3Vic2NyaWJlXCJdLCBcInJvb206cXVhbGl0eV91cGRhdGU6UlNRN1pETFwiOiBbXCJzdWJzY3JpYmVcIl0sIFwicm9vbTpub3RpY2U6UlNRN1pETFwiOiBbXCJzdWJzY3JpYmVcIl0sIFwicm9vbTplbnRlcl9sZWF2ZTpSU1E3WkRMXCI6IFtcInN1YnNjcmliZVwiXSwgXCJyb29tOnBhc3N3b3JkX3Byb3RlY3RlZDpSU1E3WkRMOjRcIjogW1wic3Vic2NyaWJlXCJdLCBcInJvb206bW9kX3Byb21vdGVkOlJTUTdaRExcIjogW1wic3Vic2NyaWJlXCJdLCBcInJvb206bW9kX3Jldm9rZWQ6UlNRN1pETFwiOiBbXCJzdWJzY3JpYmVcIl0sIFwicm9vbTpzdGF0dXM6UlNRN1pETDo0XCI6IFtcInN1YnNjcmliZVwiXSwgXCJyb29tOnRpdGxlX2NoYW5nZTpSU1E3WkRMXCI6IFtcInN1YnNjcmliZVwiXSwgXCJyb29tOnNpbGVuY2U6UlNRN1pETFwiOiBbXCJzdWJzY3JpYmVcIl0sIFwicm9vbTpraWNrOlJTUTdaRExcIjogW1wic3Vic2NyaWJlXCJdLCBcInJvb206dXBkYXRlOlJTUTdaRExcIjogW1wic3Vic2NyaWJlXCJdLCBcInJvb206c2V0dGluZ3M6UlNRN1pETFwiOiBbXCJzdWJzY3JpYmVcIl19IiwieC1hYmx5LWNsaWVudElkIjoiYW5vbjY3MWIzZTM1LTIzZjAtNGUzYi05OTAzLThlZTAyZDU0M2EwOSJ9.kKYBOPEf4fg3rSrDLXaIqSJ6QxZtnmBYvYTBadn2iw4&stream=false&heartbeats=true&v=1.2&agent=ably-js%2F1.2.13%20browser&remainPresentFor=0&rnd=6858643565566641 HTTP/1.1
Host: realtime.pa.highwebmedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://chaturbate.com/
Origin: https://chaturbate.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/json
content-length: 544
access-control-allow-credentials: true
access-control-allow-origin: https://chaturbate.com
access-control-expose-headers: Link,Transfer-Encoding,Content-Length,X-Ably-ErrorCode,X-Ably-ErrorMessage,X-Ably-ServerId,X-Ably-Cluster,Server,X-Amz-Cf-Pop
date: Sat, 04 Feb 2023 15:42:05 GMT
vary: Origin
x-ably-cluster: production:highwebmedia
x-ably-serverid: frontend.a61d.3.eu-central-1-A.i-0ca9174e25d9ea74c.e91-P9cogBL0Ky
x-robots-tag: noindex
x-cache: Miss from cloudfront
via: 1.1 09ae414c9d6c5323d5147457ada70ec6.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: IYtnWyy1U1V-nZHgq9qek-WPVPF84K822AYh-zglLlZtsXHt9YDPqA==
X-Firefox-Spdy: h2
realtime.pa.highwebmedia.com/comet/e91-P9cogBL0Ky!QWKJfQnTS9DkKfhf-31d2b/send?access_token=eyJhbGciOiJIUzI1NiIsImtpZCI6IktTS3cyZy5MMzZJU2ciLCJ0eXAiOiJKV1QifQ.eyJpYXQiOjE2NzU1MjUzMjQsImV4cCI6MTY3NTYxMTcyNC4wLCJ4LWFibHktY2FwYWJpbGl0eSI6IntcInJvb206dGlwX2FsZXJ0OlJTUTdaRExcIjogW1wic3Vic2NyaWJlXCJdLCBcInJvb206cHVyY2hhc2U6UlNRN1pETFwiOiBbXCJzdWJzY3JpYmVcIl0sIFwicm9vbTpmYW5jbHViOlJTUTdaRExcIjogW1wic3Vic2NyaWJlXCJdLCBcInJvb206bWVzc2FnZTpSU1E3WkRMOjRcIjogW1wic3Vic2NyaWJlXCJdLCBcImdsb2JhbDpwdXNoX3NlcnZpY2VcIjogW1wic3Vic2NyaWJlXCJdLCBcInJvb21fYW5vbjpwcmVzZW5jZTpSU1E3WkRMOjRcIjogW1wic3Vic2NyaWJlXCJdLCBcInJvb206cXVhbGl0eV91cGRhdGU6UlNRN1pETFwiOiBbXCJzdWJzY3JpYmVcIl0sIFwicm9vbTpub3RpY2U6UlNRN1pETFwiOiBbXCJzdWJzY3JpYmVcIl0sIFwicm9vbTplbnRlcl9sZWF2ZTpSU1E3WkRMXCI6IFtcInN1YnNjcmliZVwiXSwgXCJyb29tOnBhc3N3b3JkX3Byb3RlY3RlZDpSU1E3WkRMOjRcIjogW1wic3Vic2NyaWJlXCJdLCBcInJvb206bW9kX3Byb21vdGVkOlJTUTdaRExcIjogW1wic3Vic2NyaWJlXCJdLCBcInJvb206bW9kX3Jldm9rZWQ6UlNRN1pETFwiOiBbXCJzdWJzY3JpYmVcIl0sIFwicm9vbTpzdGF0dXM6UlNRN1pETDo0XCI6IFtcInN1YnNjcmliZVwiXSwgXCJyb29tOnRpdGxlX2NoYW5nZTpSU1E3WkRMXCI6IFtcInN1YnNjcmliZVwiXSwgXCJyb29tOnNpbGVuY2U6UlNRN1pETFwiOiBbXCJzdWJzY3JpYmVcIl0sIFwicm9vbTpraWNrOlJTUTdaRExcIjogW1wic3Vic2NyaWJlXCJdLCBcInJvb206dXBkYXRlOlJTUTdaRExcIjogW1wic3Vic2NyaWJlXCJdLCBcInJvb206c2V0dGluZ3M6UlNRN1pETFwiOiBbXCJzdWJzY3JpYmVcIl19IiwieC1hYmx5LWNsaWVudElkIjoiYW5vbjY3MWIzZTM1LTIzZjAtNGUzYi05OTAzLThlZTAyZDU0M2EwOSJ9.kKYBOPEf4fg3rSrDLXaIqSJ6QxZtnmBYvYTBadn2iw4&rnd=18399825566146633
54.230.111.129204 No Content 0 B URL HTTP/2 realtime.pa.highwebmedia.com/comet/e91-P9cogBL0Ky!QWKJfQnTS9DkKfhf-31d2b/send?access_token=eyJhbGciOiJIUzI1NiIsImtpZCI6IktTS3cyZy5MMzZJU2ciLCJ0eXAiOiJKV1QifQ.eyJpYXQiOjE2NzU1MjUzMjQsImV4cCI6MTY3NTYxMTcyNC4wLCJ4LWFibHktY2FwYWJpbGl0eSI6IntcInJvb206dGlwX2FsZXJ0OlJTUTdaRExcIjogW1wic3Vic2NyaWJlXCJdLCBcInJvb206cHVyY2hhc2U6UlNRN1pETFwiOiBbXCJzdWJzY3JpYmVcIl0sIFwicm9vbTpmYW5jbHViOlJTUTdaRExcIjogW1wic3Vic2NyaWJlXCJdLCBcInJvb206bWVzc2FnZTpSU1E3WkRMOjRcIjogW1wic3Vic2NyaWJlXCJdLCBcImdsb2JhbDpwdXNoX3NlcnZpY2VcIjogW1wic3Vic2NyaWJlXCJdLCBcInJvb21fYW5vbjpwcmVzZW5jZTpSU1E3WkRMOjRcIjogW1wic3Vic2NyaWJlXCJdLCBcInJvb206cXVhbGl0eV91cGRhdGU6UlNRN1pETFwiOiBbXCJzdWJzY3JpYmVcIl0sIFwicm9vbTpub3RpY2U6UlNRN1pETFwiOiBbXCJzdWJzY3JpYmVcIl0sIFwicm9vbTplbnRlcl9sZWF2ZTpSU1E3WkRMXCI6IFtcInN1YnNjcmliZVwiXSwgXCJyb29tOnBhc3N3b3JkX3Byb3RlY3RlZDpSU1E3WkRMOjRcIjogW1wic3Vic2NyaWJlXCJdLCBcInJvb206bW9kX3Byb21vdGVkOlJTUTdaRExcIjogW1wic3Vic2NyaWJlXCJdLCBcInJvb206bW9kX3Jldm9rZWQ6UlNRN1pETFwiOiBbXCJzdWJzY3JpYmVcIl0sIFwicm9vbTpzdGF0dXM6UlNRN1pETDo0XCI6IFtcInN1YnNjcmliZVwiXSwgXCJyb29tOnRpdGxlX2NoYW5nZTpSU1E3WkRMXCI6IFtcInN1YnNjcmliZVwiXSwgXCJyb29tOnNpbGVuY2U6UlNRN1pETFwiOiBbXCJzdWJzY3JpYmVcIl0sIFwicm9vbTpraWNrOlJTUTdaRExcIjogW1wic3Vic2NyaWJlXCJdLCBcInJvb206dXBkYXRlOlJTUTdaRExcIjogW1wic3Vic2NyaWJlXCJdLCBcInJvb206c2V0dGluZ3M6UlNRN1pETFwiOiBbXCJzdWJzY3JpYmVcIl19IiwieC1hYmx5LWNsaWVudElkIjoiYW5vbjY3MWIzZTM1LTIzZjAtNGUzYi05OTAzLThlZTAyZDU0M2EwOSJ9.kKYBOPEf4fg3rSrDLXaIqSJ6QxZtnmBYvYTBadn2iw4&rnd=18399825566146633
IP 54.230.111.129:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
OPTIONS /comet/e91-P9cogBL0Ky!QWKJfQnTS9DkKfhf-31d2b/send?access_token=eyJhbGciOiJIUzI1NiIsImtpZCI6IktTS3cyZy5MMzZJU2ciLCJ0eXAiOiJKV1QifQ.eyJpYXQiOjE2NzU1MjUzMjQsImV4cCI6MTY3NTYxMTcyNC4wLCJ4LWFibHktY2FwYWJpbGl0eSI6IntcInJvb206dGlwX2FsZXJ0OlJTUTdaRExcIjogW1wic3Vic2NyaWJlXCJdLCBcInJvb206cHVyY2hhc2U6UlNRN1pETFwiOiBbXCJzdWJzY3JpYmVcIl0sIFwicm9vbTpmYW5jbHViOlJTUTdaRExcIjogW1wic3Vic2NyaWJlXCJdLCBcInJvb206bWVzc2FnZTpSU1E3WkRMOjRcIjogW1wic3Vic2NyaWJlXCJdLCBcImdsb2JhbDpwdXNoX3NlcnZpY2VcIjogW1wic3Vic2NyaWJlXCJdLCBcInJvb21fYW5vbjpwcmVzZW5jZTpSU1E3WkRMOjRcIjogW1wic3Vic2NyaWJlXCJdLCBcInJvb206cXVhbGl0eV91cGRhdGU6UlNRN1pETFwiOiBbXCJzdWJzY3JpYmVcIl0sIFwicm9vbTpub3RpY2U6UlNRN1pETFwiOiBbXCJzdWJzY3JpYmVcIl0sIFwicm9vbTplbnRlcl9sZWF2ZTpSU1E3WkRMXCI6IFtcInN1YnNjcmliZVwiXSwgXCJyb29tOnBhc3N3b3JkX3Byb3RlY3RlZDpSU1E3WkRMOjRcIjogW1wic3Vic2NyaWJlXCJdLCBcInJvb206bW9kX3Byb21vdGVkOlJTUTdaRExcIjogW1wic3Vic2NyaWJlXCJdLCBcInJvb206bW9kX3Jldm9rZWQ6UlNRN1pETFwiOiBbXCJzdWJzY3JpYmVcIl0sIFwicm9vbTpzdGF0dXM6UlNRN1pETDo0XCI6IFtcInN1YnNjcmliZVwiXSwgXCJyb29tOnRpdGxlX2NoYW5nZTpSU1E3WkRMXCI6IFtcInN1YnNjcmliZVwiXSwgXCJyb29tOnNpbGVuY2U6UlNRN1pETFwiOiBbXCJzdWJzY3JpYmVcIl0sIFwicm9vbTpraWNrOlJTUTdaRExcIjogW1wic3Vic2NyaWJlXCJdLCBcInJvb206dXBkYXRlOlJTUTdaRExcIjogW1wic3Vic2NyaWJlXCJdLCBcInJvb206c2V0dGluZ3M6UlNRN1pETFwiOiBbXCJzdWJzY3JpYmVcIl19IiwieC1hYmx5LWNsaWVudElkIjoiYW5vbjY3MWIzZTM1LTIzZjAtNGUzYi05OTAzLThlZTAyZDU0M2EwOSJ9.kKYBOPEf4fg3rSrDLXaIqSJ6QxZtnmBYvYTBadn2iw4&rnd=18399825566146633 HTTP/1.1
Host: realtime.pa.highwebmedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: https://chaturbate.com/
Origin: https://chaturbate.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 204 No Content
access-control-allow-credentials: true
access-control-allow-headers: Origin,X-Requested-With,Content-Type,Content-Length,Accept,Authorization,X-Ably-Version,X-Ably-Lib,X-Ably-ClientId,Ably-Agent
access-control-allow-methods: GET,PUT,POST,DELETE,OPTIONS
access-control-allow-origin: https://chaturbate.com
access-control-max-age: 3600
date: Sat, 04 Feb 2023 15:42:05 GMT
x-cache: Miss from cloudfront
via: 1.1 09ae414c9d6c5323d5147457ada70ec6.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: TFNA9qzdC8Sg-gRHkEjyGUm7f9rZJ4icKZ0qSwDkzORzM64VFOxqIg==
X-Firefox-Spdy: h2
static-assets.highwebmedia.com/CACHE/js/output.bc85e791cb2f.js
104.16.93.42200 OK 56 kB URL HTTP/2 static-assets.highwebmedia.com/CACHE/js/output.bc85e791cb2f.js
IP 104.16.93.42:0
File type Unicode text, UTF-8 text, with very long lines (65328)
Hash b07777d66e5a1a590d51a4309d279583
f7950c604fbdba877bc4b0f4dfc047690e5b6883
bddbf6cd0845fafd1ea06938940c6c16629854f0710115ef7460a7e41c788089
GET /CACHE/js/output.bc85e791cb2f.js HTTP/1.1
Host: static-assets.highwebmedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://chaturbate.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sat, 04 Feb 2023 15:42:03 GMT
content-type: application/javascript
cache-control: public, max-age=2592000
cf-bgj: minify
cf-polished: origSize=202270
etag: W/"7d90e856406997eee24123ea8a61c92d"
last-modified: Fri, 10 Sep 2021 01:29:44 GMT
x-amz-id-2: HJqgrzmpP8NIgQA+YW8wx4YmDeOFkE860/zZrYgEfEOOhSRenFjn4mxx7ChaQYvyWjZAxImMIY8=
x-amz-meta-s3cmd-attrs: md5:7d90e856406997eee24123ea8a61c92d
x-amz-request-id: EVKN10SQAKNB8VZG
cf-cache-status: HIT
age: 230894
expires: Mon, 06 Mar 2023 15:42:03 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=9NcfIA%2FQHhYK6y%2BC9x2%2BSmnup1g8h72fFJhhu8NffXGcpzZnxfCNkmDHh77HwGZdBqzXTYkEt5TJxgzvuyEqOt39f%2FspyDCnJ25M84sKbir2LH7tPAwTL00D0wfo5zWuVOOxbSIOMC9z77gXQ153Cw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
set-cookie: _cfuvid=JMD2XT2V7nxvhP9EgNeGEneV_mqSGSKn_DNSNZhEKIo-1675525323182-0-604800000; path=/; domain=.highwebmedia.com; HttpOnly; Secure; SameSite=None
server: cloudflare
cf-ray: 79448395cd45b517-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
cbjpeg.stream.highwebmedia.com/stream?room=claire_moulin&f=0.9123153830819618
131.153.88.93200 OK 24 kB URL HTTP/2 cbjpeg.stream.highwebmedia.com/stream?room=claire_moulin&f=0.9123153830819618
IP 131.153.88.93:0
ASN #50389 Phoenix Nap, LLC.
File type JPEG image data, JFIF standard 1.02, aspect ratio, density 1280x1281, segment length 16, comment: "Lavc58.91.100", baseline, precision 8, 854x480, components 3\012- data
Hash 38c2544bd214a3901ab571742530a983
ba14d52dd09ef95fab5f0861e0b313632fdda70e
c83dc6a60463e00363befd00bbbede56c9c2a711311996aacf90b1d30fe9574d
GET /stream?room=claire_moulin&f=0.9123153830819618 HTTP/1.1
Host: cbjpeg.stream.highwebmedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://chaturbate.com/
Connection: keep-alive
Cookie: _cfuvid=zQRvoRtu1PdfTxywsPaSsW8zHCe1PRgbwnGkiNh4Zn8-1675525323178-0-604800000
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 04 Feb 2023 15:42:05 GMT
content-type: image/jpeg
content-length: 23994
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: default-src 'none'; img-src data:; style-src 'unsafe-inline'
cache-tag: cbjpeg
x-frame-options: DENY
X-Firefox-Spdy: h2
realtime.pa.highwebmedia.com/comet/e91-P9cogBL0Ky!QWKJfQnTS9DkKfhf-31d2b/recv?access_token=eyJhbGciOiJIUzI1NiIsImtpZCI6IktTS3cyZy5MMzZJU2ciLCJ0eXAiOiJKV1QifQ.eyJpYXQiOjE2NzU1MjUzMjQsImV4cCI6MTY3NTYxMTcyNC4wLCJ4LWFibHktY2FwYWJpbGl0eSI6IntcInJvb206dGlwX2FsZXJ0OlJTUTdaRExcIjogW1wic3Vic2NyaWJlXCJdLCBcInJvb206cHVyY2hhc2U6UlNRN1pETFwiOiBbXCJzdWJzY3JpYmVcIl0sIFwicm9vbTpmYW5jbHViOlJTUTdaRExcIjogW1wic3Vic2NyaWJlXCJdLCBcInJvb206bWVzc2FnZTpSU1E3WkRMOjRcIjogW1wic3Vic2NyaWJlXCJdLCBcImdsb2JhbDpwdXNoX3NlcnZpY2VcIjogW1wic3Vic2NyaWJlXCJdLCBcInJvb21fYW5vbjpwcmVzZW5jZTpSU1E3WkRMOjRcIjogW1wic3Vic2NyaWJlXCJdLCBcInJvb206cXVhbGl0eV91cGRhdGU6UlNRN1pETFwiOiBbXCJzdWJzY3JpYmVcIl0sIFwicm9vbTpub3RpY2U6UlNRN1pETFwiOiBbXCJzdWJzY3JpYmVcIl0sIFwicm9vbTplbnRlcl9sZWF2ZTpSU1E3WkRMXCI6IFtcInN1YnNjcmliZVwiXSwgXCJyb29tOnBhc3N3b3JkX3Byb3RlY3RlZDpSU1E3WkRMOjRcIjogW1wic3Vic2NyaWJlXCJdLCBcInJvb206bW9kX3Byb21vdGVkOlJTUTdaRExcIjogW1wic3Vic2NyaWJlXCJdLCBcInJvb206bW9kX3Jldm9rZWQ6UlNRN1pETFwiOiBbXCJzdWJzY3JpYmVcIl0sIFwicm9vbTpzdGF0dXM6UlNRN1pETDo0XCI6IFtcInN1YnNjcmliZVwiXSwgXCJyb29tOnRpdGxlX2NoYW5nZTpSU1E3WkRMXCI6IFtcInN1YnNjcmliZVwiXSwgXCJyb29tOnNpbGVuY2U6UlNRN1pETFwiOiBbXCJzdWJzY3JpYmVcIl0sIFwicm9vbTpraWNrOlJTUTdaRExcIjogW1wic3Vic2NyaWJlXCJdLCBcInJvb206dXBkYXRlOlJTUTdaRExcIjogW1wic3Vic2NyaWJlXCJdLCBcInJvb206c2V0dGluZ3M6UlNRN1pETFwiOiBbXCJzdWJzY3JpYmVcIl19IiwieC1hYmx5LWNsaWVudElkIjoiYW5vbjY3MWIzZTM1LTIzZjAtNGUzYi05OTAzLThlZTAyZDU0M2EwOSJ9.kKYBOPEf4fg3rSrDLXaIqSJ6QxZtnmBYvYTBadn2iw4&rnd=36943872571392067
54.230.111.129200 OK 146 B URL HTTP/2 realtime.pa.highwebmedia.com/comet/e91-P9cogBL0Ky!QWKJfQnTS9DkKfhf-31d2b/recv?access_token=eyJhbGciOiJIUzI1NiIsImtpZCI6IktTS3cyZy5MMzZJU2ciLCJ0eXAiOiJKV1QifQ.eyJpYXQiOjE2NzU1MjUzMjQsImV4cCI6MTY3NTYxMTcyNC4wLCJ4LWFibHktY2FwYWJpbGl0eSI6IntcInJvb206dGlwX2FsZXJ0OlJTUTdaRExcIjogW1wic3Vic2NyaWJlXCJdLCBcInJvb206cHVyY2hhc2U6UlNRN1pETFwiOiBbXCJzdWJzY3JpYmVcIl0sIFwicm9vbTpmYW5jbHViOlJTUTdaRExcIjogW1wic3Vic2NyaWJlXCJdLCBcInJvb206bWVzc2FnZTpSU1E3WkRMOjRcIjogW1wic3Vic2NyaWJlXCJdLCBcImdsb2JhbDpwdXNoX3NlcnZpY2VcIjogW1wic3Vic2NyaWJlXCJdLCBcInJvb21fYW5vbjpwcmVzZW5jZTpSU1E3WkRMOjRcIjogW1wic3Vic2NyaWJlXCJdLCBcInJvb206cXVhbGl0eV91cGRhdGU6UlNRN1pETFwiOiBbXCJzdWJzY3JpYmVcIl0sIFwicm9vbTpub3RpY2U6UlNRN1pETFwiOiBbXCJzdWJzY3JpYmVcIl0sIFwicm9vbTplbnRlcl9sZWF2ZTpSU1E3WkRMXCI6IFtcInN1YnNjcmliZVwiXSwgXCJyb29tOnBhc3N3b3JkX3Byb3RlY3RlZDpSU1E3WkRMOjRcIjogW1wic3Vic2NyaWJlXCJdLCBcInJvb206bW9kX3Byb21vdGVkOlJTUTdaRExcIjogW1wic3Vic2NyaWJlXCJdLCBcInJvb206bW9kX3Jldm9rZWQ6UlNRN1pETFwiOiBbXCJzdWJzY3JpYmVcIl0sIFwicm9vbTpzdGF0dXM6UlNRN1pETDo0XCI6IFtcInN1YnNjcmliZVwiXSwgXCJyb29tOnRpdGxlX2NoYW5nZTpSU1E3WkRMXCI6IFtcInN1YnNjcmliZVwiXSwgXCJyb29tOnNpbGVuY2U6UlNRN1pETFwiOiBbXCJzdWJzY3JpYmVcIl0sIFwicm9vbTpraWNrOlJTUTdaRExcIjogW1wic3Vic2NyaWJlXCJdLCBcInJvb206dXBkYXRlOlJTUTdaRExcIjogW1wic3Vic2NyaWJlXCJdLCBcInJvb206c2V0dGluZ3M6UlNRN1pETFwiOiBbXCJzdWJzY3JpYmVcIl19IiwieC1hYmx5LWNsaWVudElkIjoiYW5vbjY3MWIzZTM1LTIzZjAtNGUzYi05OTAzLThlZTAyZDU0M2EwOSJ9.kKYBOPEf4fg3rSrDLXaIqSJ6QxZtnmBYvYTBadn2iw4&rnd=36943872571392067
IP 54.230.111.129:0
File type JSON data\012- , ASCII text
Hash d33bc03f84157e92c00335b49a6a09ae
cfa9962a1d1244c1c0a7eb493723cd4f3228dcd9
247a702c9f2eb441d360962381d3a480f125d079b0e2480f60bdebf7588b513e
GET /comet/e91-P9cogBL0Ky!QWKJfQnTS9DkKfhf-31d2b/recv?access_token=eyJhbGciOiJIUzI1NiIsImtpZCI6IktTS3cyZy5MMzZJU2ciLCJ0eXAiOiJKV1QifQ.eyJpYXQiOjE2NzU1MjUzMjQsImV4cCI6MTY3NTYxMTcyNC4wLCJ4LWFibHktY2FwYWJpbGl0eSI6IntcInJvb206dGlwX2FsZXJ0OlJTUTdaRExcIjogW1wic3Vic2NyaWJlXCJdLCBcInJvb206cHVyY2hhc2U6UlNRN1pETFwiOiBbXCJzdWJzY3JpYmVcIl0sIFwicm9vbTpmYW5jbHViOlJTUTdaRExcIjogW1wic3Vic2NyaWJlXCJdLCBcInJvb206bWVzc2FnZTpSU1E3WkRMOjRcIjogW1wic3Vic2NyaWJlXCJdLCBcImdsb2JhbDpwdXNoX3NlcnZpY2VcIjogW1wic3Vic2NyaWJlXCJdLCBcInJvb21fYW5vbjpwcmVzZW5jZTpSU1E3WkRMOjRcIjogW1wic3Vic2NyaWJlXCJdLCBcInJvb206cXVhbGl0eV91cGRhdGU6UlNRN1pETFwiOiBbXCJzdWJzY3JpYmVcIl0sIFwicm9vbTpub3RpY2U6UlNRN1pETFwiOiBbXCJzdWJzY3JpYmVcIl0sIFwicm9vbTplbnRlcl9sZWF2ZTpSU1E3WkRMXCI6IFtcInN1YnNjcmliZVwiXSwgXCJyb29tOnBhc3N3b3JkX3Byb3RlY3RlZDpSU1E3WkRMOjRcIjogW1wic3Vic2NyaWJlXCJdLCBcInJvb206bW9kX3Byb21vdGVkOlJTUTdaRExcIjogW1wic3Vic2NyaWJlXCJdLCBcInJvb206bW9kX3Jldm9rZWQ6UlNRN1pETFwiOiBbXCJzdWJzY3JpYmVcIl0sIFwicm9vbTpzdGF0dXM6UlNRN1pETDo0XCI6IFtcInN1YnNjcmliZVwiXSwgXCJyb29tOnRpdGxlX2NoYW5nZTpSU1E3WkRMXCI6IFtcInN1YnNjcmliZVwiXSwgXCJyb29tOnNpbGVuY2U6UlNRN1pETFwiOiBbXCJzdWJzY3JpYmVcIl0sIFwicm9vbTpraWNrOlJTUTdaRExcIjogW1wic3Vic2NyaWJlXCJdLCBcInJvb206dXBkYXRlOlJTUTdaRExcIjogW1wic3Vic2NyaWJlXCJdLCBcInJvb206c2V0dGluZ3M6UlNRN1pETFwiOiBbXCJzdWJzY3JpYmVcIl19IiwieC1hYmx5LWNsaWVudElkIjoiYW5vbjY3MWIzZTM1LTIzZjAtNGUzYi05OTAzLThlZTAyZDU0M2EwOSJ9.kKYBOPEf4fg3rSrDLXaIqSJ6QxZtnmBYvYTBadn2iw4&rnd=36943872571392067 HTTP/1.1
Host: realtime.pa.highwebmedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://chaturbate.com/
Origin: https://chaturbate.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: application/json
content-length: 146
access-control-allow-credentials: true
access-control-allow-origin: https://chaturbate.com
access-control-expose-headers: Link,Transfer-Encoding,Content-Length,X-Ably-ErrorCode,X-Ably-ErrorMessage,X-Ably-ServerId,X-Ably-Cluster,Server,X-Amz-Cf-Pop
date: Sat, 04 Feb 2023 15:42:05 GMT
vary: Origin
x-ably-cluster: production:highwebmedia
x-ably-serverid: frontend.a61d.3.eu-central-1-A.i-0ca9174e25d9ea74c.e91-P9cogBL0Ky
x-robots-tag: noindex
x-cache: Miss from cloudfront
via: 1.1 09ae414c9d6c5323d5147457ada70ec6.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: I48VN7Ft0LqkXZ4hHOgH-UcKBKNL-fjHeiAEmj1wETPuLbPP5p_aIQ==
X-Firefox-Spdy: h2
realtime.pa.highwebmedia.com/comet/e91-P9cogBL0Ky!QWKJfQnTS9DkKfhf-31d2b/send?access_token=eyJhbGciOiJIUzI1NiIsImtpZCI6IktTS3cyZy5MMzZJU2ciLCJ0eXAiOiJKV1QifQ.eyJpYXQiOjE2NzU1MjUzMjQsImV4cCI6MTY3NTYxMTcyNC4wLCJ4LWFibHktY2FwYWJpbGl0eSI6IntcInJvb206dGlwX2FsZXJ0OlJTUTdaRExcIjogW1wic3Vic2NyaWJlXCJdLCBcInJvb206cHVyY2hhc2U6UlNRN1pETFwiOiBbXCJzdWJzY3JpYmVcIl0sIFwicm9vbTpmYW5jbHViOlJTUTdaRExcIjogW1wic3Vic2NyaWJlXCJdLCBcInJvb206bWVzc2FnZTpSU1E3WkRMOjRcIjogW1wic3Vic2NyaWJlXCJdLCBcImdsb2JhbDpwdXNoX3NlcnZpY2VcIjogW1wic3Vic2NyaWJlXCJdLCBcInJvb21fYW5vbjpwcmVzZW5jZTpSU1E3WkRMOjRcIjogW1wic3Vic2NyaWJlXCJdLCBcInJvb206cXVhbGl0eV91cGRhdGU6UlNRN1pETFwiOiBbXCJzdWJzY3JpYmVcIl0sIFwicm9vbTpub3RpY2U6UlNRN1pETFwiOiBbXCJzdWJzY3JpYmVcIl0sIFwicm9vbTplbnRlcl9sZWF2ZTpSU1E3WkRMXCI6IFtcInN1YnNjcmliZVwiXSwgXCJyb29tOnBhc3N3b3JkX3Byb3RlY3RlZDpSU1E3WkRMOjRcIjogW1wic3Vic2NyaWJlXCJdLCBcInJvb206bW9kX3Byb21vdGVkOlJTUTdaRExcIjogW1wic3Vic2NyaWJlXCJdLCBcInJvb206bW9kX3Jldm9rZWQ6UlNRN1pETFwiOiBbXCJzdWJzY3JpYmVcIl0sIFwicm9vbTpzdGF0dXM6UlNRN1pETDo0XCI6IFtcInN1YnNjcmliZVwiXSwgXCJyb29tOnRpdGxlX2NoYW5nZTpSU1E3WkRMXCI6IFtcInN1YnNjcmliZVwiXSwgXCJyb29tOnNpbGVuY2U6UlNRN1pETFwiOiBbXCJzdWJzY3JpYmVcIl0sIFwicm9vbTpraWNrOlJTUTdaRExcIjogW1wic3Vic2NyaWJlXCJdLCBcInJvb206dXBkYXRlOlJTUTdaRExcIjogW1wic3Vic2NyaWJlXCJdLCBcInJvb206c2V0dGluZ3M6UlNRN1pETFwiOiBbXCJzdWJzY3JpYmVcIl19IiwieC1hYmx5LWNsaWVudElkIjoiYW5vbjY3MWIzZTM1LTIzZjAtNGUzYi05OTAzLThlZTAyZDU0M2EwOSJ9.kKYBOPEf4fg3rSrDLXaIqSJ6QxZtnmBYvYTBadn2iw4&rnd=18399825566146633
54.230.111.129201 Created 2 B URL HTTP/2 realtime.pa.highwebmedia.com/comet/e91-P9cogBL0Ky!QWKJfQnTS9DkKfhf-31d2b/send?access_token=eyJhbGciOiJIUzI1NiIsImtpZCI6IktTS3cyZy5MMzZJU2ciLCJ0eXAiOiJKV1QifQ.eyJpYXQiOjE2NzU1MjUzMjQsImV4cCI6MTY3NTYxMTcyNC4wLCJ4LWFibHktY2FwYWJpbGl0eSI6IntcInJvb206dGlwX2FsZXJ0OlJTUTdaRExcIjogW1wic3Vic2NyaWJlXCJdLCBcInJvb206cHVyY2hhc2U6UlNRN1pETFwiOiBbXCJzdWJzY3JpYmVcIl0sIFwicm9vbTpmYW5jbHViOlJTUTdaRExcIjogW1wic3Vic2NyaWJlXCJdLCBcInJvb206bWVzc2FnZTpSU1E3WkRMOjRcIjogW1wic3Vic2NyaWJlXCJdLCBcImdsb2JhbDpwdXNoX3NlcnZpY2VcIjogW1wic3Vic2NyaWJlXCJdLCBcInJvb21fYW5vbjpwcmVzZW5jZTpSU1E3WkRMOjRcIjogW1wic3Vic2NyaWJlXCJdLCBcInJvb206cXVhbGl0eV91cGRhdGU6UlNRN1pETFwiOiBbXCJzdWJzY3JpYmVcIl0sIFwicm9vbTpub3RpY2U6UlNRN1pETFwiOiBbXCJzdWJzY3JpYmVcIl0sIFwicm9vbTplbnRlcl9sZWF2ZTpSU1E3WkRMXCI6IFtcInN1YnNjcmliZVwiXSwgXCJyb29tOnBhc3N3b3JkX3Byb3RlY3RlZDpSU1E3WkRMOjRcIjogW1wic3Vic2NyaWJlXCJdLCBcInJvb206bW9kX3Byb21vdGVkOlJTUTdaRExcIjogW1wic3Vic2NyaWJlXCJdLCBcInJvb206bW9kX3Jldm9rZWQ6UlNRN1pETFwiOiBbXCJzdWJzY3JpYmVcIl0sIFwicm9vbTpzdGF0dXM6UlNRN1pETDo0XCI6IFtcInN1YnNjcmliZVwiXSwgXCJyb29tOnRpdGxlX2NoYW5nZTpSU1E3WkRMXCI6IFtcInN1YnNjcmliZVwiXSwgXCJyb29tOnNpbGVuY2U6UlNRN1pETFwiOiBbXCJzdWJzY3JpYmVcIl0sIFwicm9vbTpraWNrOlJTUTdaRExcIjogW1wic3Vic2NyaWJlXCJdLCBcInJvb206dXBkYXRlOlJTUTdaRExcIjogW1wic3Vic2NyaWJlXCJdLCBcInJvb206c2V0dGluZ3M6UlNRN1pETFwiOiBbXCJzdWJzY3JpYmVcIl19IiwieC1hYmx5LWNsaWVudElkIjoiYW5vbjY3MWIzZTM1LTIzZjAtNGUzYi05OTAzLThlZTAyZDU0M2EwOSJ9.kKYBOPEf4fg3rSrDLXaIqSJ6QxZtnmBYvYTBadn2iw4&rnd=18399825566146633
IP 54.230.111.129:0
File type JSON data\012- , ASCII text, with no line terminators
Hash d751713988987e9331980363e24189ce
97d170e1550eee4afc0af065b78cda302a97674c
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
POST /comet/e91-P9cogBL0Ky!QWKJfQnTS9DkKfhf-31d2b/send?access_token=eyJhbGciOiJIUzI1NiIsImtpZCI6IktTS3cyZy5MMzZJU2ciLCJ0eXAiOiJKV1QifQ.eyJpYXQiOjE2NzU1MjUzMjQsImV4cCI6MTY3NTYxMTcyNC4wLCJ4LWFibHktY2FwYWJpbGl0eSI6IntcInJvb206dGlwX2FsZXJ0OlJTUTdaRExcIjogW1wic3Vic2NyaWJlXCJdLCBcInJvb206cHVyY2hhc2U6UlNRN1pETFwiOiBbXCJzdWJzY3JpYmVcIl0sIFwicm9vbTpmYW5jbHViOlJTUTdaRExcIjogW1wic3Vic2NyaWJlXCJdLCBcInJvb206bWVzc2FnZTpSU1E3WkRMOjRcIjogW1wic3Vic2NyaWJlXCJdLCBcImdsb2JhbDpwdXNoX3NlcnZpY2VcIjogW1wic3Vic2NyaWJlXCJdLCBcInJvb21fYW5vbjpwcmVzZW5jZTpSU1E3WkRMOjRcIjogW1wic3Vic2NyaWJlXCJdLCBcInJvb206cXVhbGl0eV91cGRhdGU6UlNRN1pETFwiOiBbXCJzdWJzY3JpYmVcIl0sIFwicm9vbTpub3RpY2U6UlNRN1pETFwiOiBbXCJzdWJzY3JpYmVcIl0sIFwicm9vbTplbnRlcl9sZWF2ZTpSU1E3WkRMXCI6IFtcInN1YnNjcmliZVwiXSwgXCJyb29tOnBhc3N3b3JkX3Byb3RlY3RlZDpSU1E3WkRMOjRcIjogW1wic3Vic2NyaWJlXCJdLCBcInJvb206bW9kX3Byb21vdGVkOlJTUTdaRExcIjogW1wic3Vic2NyaWJlXCJdLCBcInJvb206bW9kX3Jldm9rZWQ6UlNRN1pETFwiOiBbXCJzdWJzY3JpYmVcIl0sIFwicm9vbTpzdGF0dXM6UlNRN1pETDo0XCI6IFtcInN1YnNjcmliZVwiXSwgXCJyb29tOnRpdGxlX2NoYW5nZTpSU1E3WkRMXCI6IFtcInN1YnNjcmliZVwiXSwgXCJyb29tOnNpbGVuY2U6UlNRN1pETFwiOiBbXCJzdWJzY3JpYmVcIl0sIFwicm9vbTpraWNrOlJTUTdaRExcIjogW1wic3Vic2NyaWJlXCJdLCBcInJvb206dXBkYXRlOlJTUTdaRExcIjogW1wic3Vic2NyaWJlXCJdLCBcInJvb206c2V0dGluZ3M6UlNRN1pETFwiOiBbXCJzdWJzY3JpYmVcIl19IiwieC1hYmx5LWNsaWVudElkIjoiYW5vbjY3MWIzZTM1LTIzZjAtNGUzYi05OTAzLThlZTAyZDU0M2EwOSJ9.kKYBOPEf4fg3rSrDLXaIqSJ6QxZtnmBYvYTBadn2iw4&rnd=18399825566146633 HTTP/1.1
Host: realtime.pa.highwebmedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://chaturbate.com/
content-type: application/json
Content-Length: 77
Origin: https://chaturbate.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 201 Created
content-type: application/json
content-length: 2
access-control-allow-credentials: true
access-control-allow-origin: https://chaturbate.com
access-control-expose-headers: Link,Transfer-Encoding,Content-Length,X-Ably-ErrorCode,X-Ably-ErrorMessage,X-Ably-ServerId,X-Ably-Cluster,Server,X-Amz-Cf-Pop
date: Sat, 04 Feb 2023 15:42:05 GMT
vary: Origin
x-ably-cluster: production:highwebmedia
x-ably-serverid: frontend.a61d.3.eu-central-1-A.i-0ca9174e25d9ea74c.e91-P9cogBL0Ky
x-robots-tag: noindex
x-cache: Miss from cloudfront
via: 1.1 09ae414c9d6c5323d5147457ada70ec6.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: vXU0-4fboVbj6bWqG4i3QYs5A_z9iHI-IFY-yMypKI44aEuIAecLMw==
X-Firefox-Spdy: h2
realtime.pa.highwebmedia.com/comet/e91-P9cogBL0Ky!QWKJfQnTS9DkKfhf-31d2b/send?access_token=eyJhbGciOiJIUzI1NiIsImtpZCI6IktTS3cyZy5MMzZJU2ciLCJ0eXAiOiJKV1QifQ.eyJpYXQiOjE2NzU1MjUzMjQsImV4cCI6MTY3NTYxMTcyNC4wLCJ4LWFibHktY2FwYWJpbGl0eSI6IntcInJvb206dGlwX2FsZXJ0OlJTUTdaRExcIjogW1wic3Vic2NyaWJlXCJdLCBcInJvb206cHVyY2hhc2U6UlNRN1pETFwiOiBbXCJzdWJzY3JpYmVcIl0sIFwicm9vbTpmYW5jbHViOlJTUTdaRExcIjogW1wic3Vic2NyaWJlXCJdLCBcInJvb206bWVzc2FnZTpSU1E3WkRMOjRcIjogW1wic3Vic2NyaWJlXCJdLCBcImdsb2JhbDpwdXNoX3NlcnZpY2VcIjogW1wic3Vic2NyaWJlXCJdLCBcInJvb21fYW5vbjpwcmVzZW5jZTpSU1E3WkRMOjRcIjogW1wic3Vic2NyaWJlXCJdLCBcInJvb206cXVhbGl0eV91cGRhdGU6UlNRN1pETFwiOiBbXCJzdWJzY3JpYmVcIl0sIFwicm9vbTpub3RpY2U6UlNRN1pETFwiOiBbXCJzdWJzY3JpYmVcIl0sIFwicm9vbTplbnRlcl9sZWF2ZTpSU1E3WkRMXCI6IFtcInN1YnNjcmliZVwiXSwgXCJyb29tOnBhc3N3b3JkX3Byb3RlY3RlZDpSU1E3WkRMOjRcIjogW1wic3Vic2NyaWJlXCJdLCBcInJvb206bW9kX3Byb21vdGVkOlJTUTdaRExcIjogW1wic3Vic2NyaWJlXCJdLCBcInJvb206bW9kX3Jldm9rZWQ6UlNRN1pETFwiOiBbXCJzdWJzY3JpYmVcIl0sIFwicm9vbTpzdGF0dXM6UlNRN1pETDo0XCI6IFtcInN1YnNjcmliZVwiXSwgXCJyb29tOnRpdGxlX2NoYW5nZTpSU1E3WkRMXCI6IFtcInN1YnNjcmliZVwiXSwgXCJyb29tOnNpbGVuY2U6UlNRN1pETFwiOiBbXCJzdWJzY3JpYmVcIl0sIFwicm9vbTpraWNrOlJTUTdaRExcIjogW1wic3Vic2NyaWJlXCJdLCBcInJvb206dXBkYXRlOlJTUTdaRExcIjogW1wic3Vic2NyaWJlXCJdLCBcInJvb206c2V0dGluZ3M6UlNRN1pETFwiOiBbXCJzdWJzY3JpYmVcIl19IiwieC1hYmx5LWNsaWVudElkIjoiYW5vbjY3MWIzZTM1LTIzZjAtNGUzYi05OTAzLThlZTAyZDU0M2EwOSJ9.kKYBOPEf4fg3rSrDLXaIqSJ6QxZtnmBYvYTBadn2iw4&rnd=802393989415269
54.230.111.129204 No Content 0 B URL HTTP/2 realtime.pa.highwebmedia.com/comet/e91-P9cogBL0Ky!QWKJfQnTS9DkKfhf-31d2b/send?access_token=eyJhbGciOiJIUzI1NiIsImtpZCI6IktTS3cyZy5MMzZJU2ciLCJ0eXAiOiJKV1QifQ.eyJpYXQiOjE2NzU1MjUzMjQsImV4cCI6MTY3NTYxMTcyNC4wLCJ4LWFibHktY2FwYWJpbGl0eSI6IntcInJvb206dGlwX2FsZXJ0OlJTUTdaRExcIjogW1wic3Vic2NyaWJlXCJdLCBcInJvb206cHVyY2hhc2U6UlNRN1pETFwiOiBbXCJzdWJzY3JpYmVcIl0sIFwicm9vbTpmYW5jbHViOlJTUTdaRExcIjogW1wic3Vic2NyaWJlXCJdLCBcInJvb206bWVzc2FnZTpSU1E3WkRMOjRcIjogW1wic3Vic2NyaWJlXCJdLCBcImdsb2JhbDpwdXNoX3NlcnZpY2VcIjogW1wic3Vic2NyaWJlXCJdLCBcInJvb21fYW5vbjpwcmVzZW5jZTpSU1E3WkRMOjRcIjogW1wic3Vic2NyaWJlXCJdLCBcInJvb206cXVhbGl0eV91cGRhdGU6UlNRN1pETFwiOiBbXCJzdWJzY3JpYmVcIl0sIFwicm9vbTpub3RpY2U6UlNRN1pETFwiOiBbXCJzdWJzY3JpYmVcIl0sIFwicm9vbTplbnRlcl9sZWF2ZTpSU1E3WkRMXCI6IFtcInN1YnNjcmliZVwiXSwgXCJyb29tOnBhc3N3b3JkX3Byb3RlY3RlZDpSU1E3WkRMOjRcIjogW1wic3Vic2NyaWJlXCJdLCBcInJvb206bW9kX3Byb21vdGVkOlJTUTdaRExcIjogW1wic3Vic2NyaWJlXCJdLCBcInJvb206bW9kX3Jldm9rZWQ6UlNRN1pETFwiOiBbXCJzdWJzY3JpYmVcIl0sIFwicm9vbTpzdGF0dXM6UlNRN1pETDo0XCI6IFtcInN1YnNjcmliZVwiXSwgXCJyb29tOnRpdGxlX2NoYW5nZTpSU1E3WkRMXCI6IFtcInN1YnNjcmliZVwiXSwgXCJyb29tOnNpbGVuY2U6UlNRN1pETFwiOiBbXCJzdWJzY3JpYmVcIl0sIFwicm9vbTpraWNrOlJTUTdaRExcIjogW1wic3Vic2NyaWJlXCJdLCBcInJvb206dXBkYXRlOlJTUTdaRExcIjogW1wic3Vic2NyaWJlXCJdLCBcInJvb206c2V0dGluZ3M6UlNRN1pETFwiOiBbXCJzdWJzY3JpYmVcIl19IiwieC1hYmx5LWNsaWVudElkIjoiYW5vbjY3MWIzZTM1LTIzZjAtNGUzYi05OTAzLThlZTAyZDU0M2EwOSJ9.kKYBOPEf4fg3rSrDLXaIqSJ6QxZtnmBYvYTBadn2iw4&rnd=802393989415269
IP 54.230.111.129:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
OPTIONS /comet/e91-P9cogBL0Ky!QWKJfQnTS9DkKfhf-31d2b/send?access_token=eyJhbGciOiJIUzI1NiIsImtpZCI6IktTS3cyZy5MMzZJU2ciLCJ0eXAiOiJKV1QifQ.eyJpYXQiOjE2NzU1MjUzMjQsImV4cCI6MTY3NTYxMTcyNC4wLCJ4LWFibHktY2FwYWJpbGl0eSI6IntcInJvb206dGlwX2FsZXJ0OlJTUTdaRExcIjogW1wic3Vic2NyaWJlXCJdLCBcInJvb206cHVyY2hhc2U6UlNRN1pETFwiOiBbXCJzdWJzY3JpYmVcIl0sIFwicm9vbTpmYW5jbHViOlJTUTdaRExcIjogW1wic3Vic2NyaWJlXCJdLCBcInJvb206bWVzc2FnZTpSU1E3WkRMOjRcIjogW1wic3Vic2NyaWJlXCJdLCBcImdsb2JhbDpwdXNoX3NlcnZpY2VcIjogW1wic3Vic2NyaWJlXCJdLCBcInJvb21fYW5vbjpwcmVzZW5jZTpSU1E3WkRMOjRcIjogW1wic3Vic2NyaWJlXCJdLCBcInJvb206cXVhbGl0eV91cGRhdGU6UlNRN1pETFwiOiBbXCJzdWJzY3JpYmVcIl0sIFwicm9vbTpub3RpY2U6UlNRN1pETFwiOiBbXCJzdWJzY3JpYmVcIl0sIFwicm9vbTplbnRlcl9sZWF2ZTpSU1E3WkRMXCI6IFtcInN1YnNjcmliZVwiXSwgXCJyb29tOnBhc3N3b3JkX3Byb3RlY3RlZDpSU1E3WkRMOjRcIjogW1wic3Vic2NyaWJlXCJdLCBcInJvb206bW9kX3Byb21vdGVkOlJTUTdaRExcIjogW1wic3Vic2NyaWJlXCJdLCBcInJvb206bW9kX3Jldm9rZWQ6UlNRN1pETFwiOiBbXCJzdWJzY3JpYmVcIl0sIFwicm9vbTpzdGF0dXM6UlNRN1pETDo0XCI6IFtcInN1YnNjcmliZVwiXSwgXCJyb29tOnRpdGxlX2NoYW5nZTpSU1E3WkRMXCI6IFtcInN1YnNjcmliZVwiXSwgXCJyb29tOnNpbGVuY2U6UlNRN1pETFwiOiBbXCJzdWJzY3JpYmVcIl0sIFwicm9vbTpraWNrOlJTUTdaRExcIjogW1wic3Vic2NyaWJlXCJdLCBcInJvb206dXBkYXRlOlJTUTdaRExcIjogW1wic3Vic2NyaWJlXCJdLCBcInJvb206c2V0dGluZ3M6UlNRN1pETFwiOiBbXCJzdWJzY3JpYmVcIl19IiwieC1hYmx5LWNsaWVudElkIjoiYW5vbjY3MWIzZTM1LTIzZjAtNGUzYi05OTAzLThlZTAyZDU0M2EwOSJ9.kKYBOPEf4fg3rSrDLXaIqSJ6QxZtnmBYvYTBadn2iw4&rnd=802393989415269 HTTP/1.1
Host: realtime.pa.highwebmedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: https://chaturbate.com/
Origin: https://chaturbate.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 204 No Content
access-control-allow-credentials: true
access-control-allow-headers: Origin,X-Requested-With,Content-Type,Content-Length,Accept,Authorization,X-Ably-Version,X-Ably-Lib,X-Ably-ClientId,Ably-Agent
access-control-allow-methods: GET,PUT,POST,DELETE,OPTIONS
access-control-allow-origin: https://chaturbate.com
access-control-max-age: 3600
date: Sat, 04 Feb 2023 15:42:05 GMT
x-cache: Miss from cloudfront
via: 1.1 09ae414c9d6c5323d5147457ada70ec6.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: PJrbiyX0cujL_wuRsYmOaVx_SOOQgy_vHx4W-vI0q_MXLMc731ELyQ==
X-Firefox-Spdy: h2
cbjpeg.stream.highwebmedia.com/stream?room=claire_moulin&f=0.22764171874530847
131.153.88.93200 OK 24 kB URL HTTP/2 cbjpeg.stream.highwebmedia.com/stream?room=claire_moulin&f=0.22764171874530847
IP 131.153.88.93:0
ASN #50389 Phoenix Nap, LLC.
File type JPEG image data, JFIF standard 1.02, aspect ratio, density 1280x1281, segment length 16, comment: "Lavc58.91.100", baseline, precision 8, 854x480, components 3\012- data
Hash 8e7271c9f1bc0d19c726d168c84713eb
5d9207e795ed3497be1a15eca9bf690f9055a328
1c9e99e2e93bcebd3b6b7fa44435fd3a00914dbee6356a48c120ced515a2fadd
GET /stream?room=claire_moulin&f=0.22764171874530847 HTTP/1.1
Host: cbjpeg.stream.highwebmedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://chaturbate.com/
Connection: keep-alive
Cookie: _cfuvid=zQRvoRtu1PdfTxywsPaSsW8zHCe1PRgbwnGkiNh4Zn8-1675525323178-0-604800000
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 04 Feb 2023 15:42:05 GMT
content-type: image/jpeg
content-length: 23631
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: default-src 'none'; img-src data:; style-src 'unsafe-inline'
cache-tag: cbjpeg
x-frame-options: DENY
X-Firefox-Spdy: h2
realtime.pa.highwebmedia.com/comet/e91-P9cogBL0Ky!QWKJfQnTS9DkKfhf-31d2b/send?access_token=eyJhbGciOiJIUzI1NiIsImtpZCI6IktTS3cyZy5MMzZJU2ciLCJ0eXAiOiJKV1QifQ.eyJpYXQiOjE2NzU1MjUzMjQsImV4cCI6MTY3NTYxMTcyNC4wLCJ4LWFibHktY2FwYWJpbGl0eSI6IntcInJvb206dGlwX2FsZXJ0OlJTUTdaRExcIjogW1wic3Vic2NyaWJlXCJdLCBcInJvb206cHVyY2hhc2U6UlNRN1pETFwiOiBbXCJzdWJzY3JpYmVcIl0sIFwicm9vbTpmYW5jbHViOlJTUTdaRExcIjogW1wic3Vic2NyaWJlXCJdLCBcInJvb206bWVzc2FnZTpSU1E3WkRMOjRcIjogW1wic3Vic2NyaWJlXCJdLCBcImdsb2JhbDpwdXNoX3NlcnZpY2VcIjogW1wic3Vic2NyaWJlXCJdLCBcInJvb21fYW5vbjpwcmVzZW5jZTpSU1E3WkRMOjRcIjogW1wic3Vic2NyaWJlXCJdLCBcInJvb206cXVhbGl0eV91cGRhdGU6UlNRN1pETFwiOiBbXCJzdWJzY3JpYmVcIl0sIFwicm9vbTpub3RpY2U6UlNRN1pETFwiOiBbXCJzdWJzY3JpYmVcIl0sIFwicm9vbTplbnRlcl9sZWF2ZTpSU1E3WkRMXCI6IFtcInN1YnNjcmliZVwiXSwgXCJyb29tOnBhc3N3b3JkX3Byb3RlY3RlZDpSU1E3WkRMOjRcIjogW1wic3Vic2NyaWJlXCJdLCBcInJvb206bW9kX3Byb21vdGVkOlJTUTdaRExcIjogW1wic3Vic2NyaWJlXCJdLCBcInJvb206bW9kX3Jldm9rZWQ6UlNRN1pETFwiOiBbXCJzdWJzY3JpYmVcIl0sIFwicm9vbTpzdGF0dXM6UlNRN1pETDo0XCI6IFtcInN1YnNjcmliZVwiXSwgXCJyb29tOnRpdGxlX2NoYW5nZTpSU1E3WkRMXCI6IFtcInN1YnNjcmliZVwiXSwgXCJyb29tOnNpbGVuY2U6UlNRN1pETFwiOiBbXCJzdWJzY3JpYmVcIl0sIFwicm9vbTpraWNrOlJTUTdaRExcIjogW1wic3Vic2NyaWJlXCJdLCBcInJvb206dXBkYXRlOlJTUTdaRExcIjogW1wic3Vic2NyaWJlXCJdLCBcInJvb206c2V0dGluZ3M6UlNRN1pETFwiOiBbXCJzdWJzY3JpYmVcIl19IiwieC1hYmx5LWNsaWVudElkIjoiYW5vbjY3MWIzZTM1LTIzZjAtNGUzYi05OTAzLThlZTAyZDU0M2EwOSJ9.kKYBOPEf4fg3rSrDLXaIqSJ6QxZtnmBYvYTBadn2iw4&rnd=802393989415269
54.230.111.129201 Created 2 B URL HTTP/2 realtime.pa.highwebmedia.com/comet/e91-P9cogBL0Ky!QWKJfQnTS9DkKfhf-31d2b/send?access_token=eyJhbGciOiJIUzI1NiIsImtpZCI6IktTS3cyZy5MMzZJU2ciLCJ0eXAiOiJKV1QifQ.eyJpYXQiOjE2NzU1MjUzMjQsImV4cCI6MTY3NTYxMTcyNC4wLCJ4LWFibHktY2FwYWJpbGl0eSI6IntcInJvb206dGlwX2FsZXJ0OlJTUTdaRExcIjogW1wic3Vic2NyaWJlXCJdLCBcInJvb206cHVyY2hhc2U6UlNRN1pETFwiOiBbXCJzdWJzY3JpYmVcIl0sIFwicm9vbTpmYW5jbHViOlJTUTdaRExcIjogW1wic3Vic2NyaWJlXCJdLCBcInJvb206bWVzc2FnZTpSU1E3WkRMOjRcIjogW1wic3Vic2NyaWJlXCJdLCBcImdsb2JhbDpwdXNoX3NlcnZpY2VcIjogW1wic3Vic2NyaWJlXCJdLCBcInJvb21fYW5vbjpwcmVzZW5jZTpSU1E3WkRMOjRcIjogW1wic3Vic2NyaWJlXCJdLCBcInJvb206cXVhbGl0eV91cGRhdGU6UlNRN1pETFwiOiBbXCJzdWJzY3JpYmVcIl0sIFwicm9vbTpub3RpY2U6UlNRN1pETFwiOiBbXCJzdWJzY3JpYmVcIl0sIFwicm9vbTplbnRlcl9sZWF2ZTpSU1E3WkRMXCI6IFtcInN1YnNjcmliZVwiXSwgXCJyb29tOnBhc3N3b3JkX3Byb3RlY3RlZDpSU1E3WkRMOjRcIjogW1wic3Vic2NyaWJlXCJdLCBcInJvb206bW9kX3Byb21vdGVkOlJTUTdaRExcIjogW1wic3Vic2NyaWJlXCJdLCBcInJvb206bW9kX3Jldm9rZWQ6UlNRN1pETFwiOiBbXCJzdWJzY3JpYmVcIl0sIFwicm9vbTpzdGF0dXM6UlNRN1pETDo0XCI6IFtcInN1YnNjcmliZVwiXSwgXCJyb29tOnRpdGxlX2NoYW5nZTpSU1E3WkRMXCI6IFtcInN1YnNjcmliZVwiXSwgXCJyb29tOnNpbGVuY2U6UlNRN1pETFwiOiBbXCJzdWJzY3JpYmVcIl0sIFwicm9vbTpraWNrOlJTUTdaRExcIjogW1wic3Vic2NyaWJlXCJdLCBcInJvb206dXBkYXRlOlJTUTdaRExcIjogW1wic3Vic2NyaWJlXCJdLCBcInJvb206c2V0dGluZ3M6UlNRN1pETFwiOiBbXCJzdWJzY3JpYmVcIl19IiwieC1hYmx5LWNsaWVudElkIjoiYW5vbjY3MWIzZTM1LTIzZjAtNGUzYi05OTAzLThlZTAyZDU0M2EwOSJ9.kKYBOPEf4fg3rSrDLXaIqSJ6QxZtnmBYvYTBadn2iw4&rnd=802393989415269
IP 54.230.111.129:0
File type JSON data\012- , ASCII text, with no line terminators
Hash d751713988987e9331980363e24189ce
97d170e1550eee4afc0af065b78cda302a97674c
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
POST /comet/e91-P9cogBL0Ky!QWKJfQnTS9DkKfhf-31d2b/send?access_token=eyJhbGciOiJIUzI1NiIsImtpZCI6IktTS3cyZy5MMzZJU2ciLCJ0eXAiOiJKV1QifQ.eyJpYXQiOjE2NzU1MjUzMjQsImV4cCI6MTY3NTYxMTcyNC4wLCJ4LWFibHktY2FwYWJpbGl0eSI6IntcInJvb206dGlwX2FsZXJ0OlJTUTdaRExcIjogW1wic3Vic2NyaWJlXCJdLCBcInJvb206cHVyY2hhc2U6UlNRN1pETFwiOiBbXCJzdWJzY3JpYmVcIl0sIFwicm9vbTpmYW5jbHViOlJTUTdaRExcIjogW1wic3Vic2NyaWJlXCJdLCBcInJvb206bWVzc2FnZTpSU1E3WkRMOjRcIjogW1wic3Vic2NyaWJlXCJdLCBcImdsb2JhbDpwdXNoX3NlcnZpY2VcIjogW1wic3Vic2NyaWJlXCJdLCBcInJvb21fYW5vbjpwcmVzZW5jZTpSU1E3WkRMOjRcIjogW1wic3Vic2NyaWJlXCJdLCBcInJvb206cXVhbGl0eV91cGRhdGU6UlNRN1pETFwiOiBbXCJzdWJzY3JpYmVcIl0sIFwicm9vbTpub3RpY2U6UlNRN1pETFwiOiBbXCJzdWJzY3JpYmVcIl0sIFwicm9vbTplbnRlcl9sZWF2ZTpSU1E3WkRMXCI6IFtcInN1YnNjcmliZVwiXSwgXCJyb29tOnBhc3N3b3JkX3Byb3RlY3RlZDpSU1E3WkRMOjRcIjogW1wic3Vic2NyaWJlXCJdLCBcInJvb206bW9kX3Byb21vdGVkOlJTUTdaRExcIjogW1wic3Vic2NyaWJlXCJdLCBcInJvb206bW9kX3Jldm9rZWQ6UlNRN1pETFwiOiBbXCJzdWJzY3JpYmVcIl0sIFwicm9vbTpzdGF0dXM6UlNRN1pETDo0XCI6IFtcInN1YnNjcmliZVwiXSwgXCJyb29tOnRpdGxlX2NoYW5nZTpSU1E3WkRMXCI6IFtcInN1YnNjcmliZVwiXSwgXCJyb29tOnNpbGVuY2U6UlNRN1pETFwiOiBbXCJzdWJzY3JpYmVcIl0sIFwicm9vbTpraWNrOlJTUTdaRExcIjogW1wic3Vic2NyaWJlXCJdLCBcInJvb206dXBkYXRlOlJTUTdaRExcIjogW1wic3Vic2NyaWJlXCJdLCBcInJvb206c2V0dGluZ3M6UlNRN1pETFwiOiBbXCJzdWJzY3JpYmVcIl19IiwieC1hYmx5LWNsaWVudElkIjoiYW5vbjY3MWIzZTM1LTIzZjAtNGUzYi05OTAzLThlZTAyZDU0M2EwOSJ9.kKYBOPEf4fg3rSrDLXaIqSJ6QxZtnmBYvYTBadn2iw4&rnd=802393989415269 HTTP/1.1
Host: realtime.pa.highwebmedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://chaturbate.com/
content-type: application/json
Content-Length: 1304
Origin: https://chaturbate.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 201 Created
content-type: application/json
content-length: 2
access-control-allow-credentials: true
access-control-allow-origin: https://chaturbate.com
access-control-expose-headers: Link,Transfer-Encoding,Content-Length,X-Ably-ErrorCode,X-Ably-ErrorMessage,X-Ably-ServerId,X-Ably-Cluster,Server,X-Amz-Cf-Pop
date: Sat, 04 Feb 2023 15:42:05 GMT
vary: Origin
x-ably-cluster: production:highwebmedia
x-ably-serverid: frontend.a61d.3.eu-central-1-A.i-0ca9174e25d9ea74c.e91-P9cogBL0Ky
x-robots-tag: noindex
x-cache: Miss from cloudfront
via: 1.1 09ae414c9d6c5323d5147457ada70ec6.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: P_6iF32QyXtphiFKquHiBA6j3l5i3gvfP9MJrc_kbMlKjONNe9PO_g==
X-Firefox-Spdy: h2
cbjpeg.stream.highwebmedia.com/stream?room=claire_moulin&f=0.7435315678687324
131.153.88.93200 OK 24 kB URL HTTP/2 cbjpeg.stream.highwebmedia.com/stream?room=claire_moulin&f=0.7435315678687324
IP 131.153.88.93:0
ASN #50389 Phoenix Nap, LLC.
File type JPEG image data, JFIF standard 1.02, aspect ratio, density 1280x1281, segment length 16, comment: "Lavc58.91.100", baseline, precision 8, 854x480, components 3\012- data
Hash 0bbf3cb034290ec4466b1f27cad6dd7c
a90b13999a0667c2e2daf21ea0deb9dc184d088e
edb6a4b0afde471b2d05893656752d9f6825475bc1016565c47d0658344155d5
GET /stream?room=claire_moulin&f=0.7435315678687324 HTTP/1.1
Host: cbjpeg.stream.highwebmedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://chaturbate.com/
Connection: keep-alive
Cookie: _cfuvid=zQRvoRtu1PdfTxywsPaSsW8zHCe1PRgbwnGkiNh4Zn8-1675525323178-0-604800000
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 04 Feb 2023 15:42:05 GMT
content-type: image/jpeg
content-length: 23542
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: default-src 'none'; img-src data:; style-src 'unsafe-inline'
cache-tag: cbjpeg
x-frame-options: DENY
X-Firefox-Spdy: h2
realtime.pa.highwebmedia.com/comet/e91-P9cogBL0Ky!QWKJfQnTS9DkKfhf-31d2b/recv?access_token=eyJhbGciOiJIUzI1NiIsImtpZCI6IktTS3cyZy5MMzZJU2ciLCJ0eXAiOiJKV1QifQ.eyJpYXQiOjE2NzU1MjUzMjQsImV4cCI6MTY3NTYxMTcyNC4wLCJ4LWFibHktY2FwYWJpbGl0eSI6IntcInJvb206dGlwX2FsZXJ0OlJTUTdaRExcIjogW1wic3Vic2NyaWJlXCJdLCBcInJvb206cHVyY2hhc2U6UlNRN1pETFwiOiBbXCJzdWJzY3JpYmVcIl0sIFwicm9vbTpmYW5jbHViOlJTUTdaRExcIjogW1wic3Vic2NyaWJlXCJdLCBcInJvb206bWVzc2FnZTpSU1E3WkRMOjRcIjogW1wic3Vic2NyaWJlXCJdLCBcImdsb2JhbDpwdXNoX3NlcnZpY2VcIjogW1wic3Vic2NyaWJlXCJdLCBcInJvb21fYW5vbjpwcmVzZW5jZTpSU1E3WkRMOjRcIjogW1wic3Vic2NyaWJlXCJdLCBcInJvb206cXVhbGl0eV91cGRhdGU6UlNRN1pETFwiOiBbXCJzdWJzY3JpYmVcIl0sIFwicm9vbTpub3RpY2U6UlNRN1pETFwiOiBbXCJzdWJzY3JpYmVcIl0sIFwicm9vbTplbnRlcl9sZWF2ZTpSU1E3WkRMXCI6IFtcInN1YnNjcmliZVwiXSwgXCJyb29tOnBhc3N3b3JkX3Byb3RlY3RlZDpSU1E3WkRMOjRcIjogW1wic3Vic2NyaWJlXCJdLCBcInJvb206bW9kX3Byb21vdGVkOlJTUTdaRExcIjogW1wic3Vic2NyaWJlXCJdLCBcInJvb206bW9kX3Jldm9rZWQ6UlNRN1pETFwiOiBbXCJzdWJzY3JpYmVcIl0sIFwicm9vbTpzdGF0dXM6UlNRN1pETDo0XCI6IFtcInN1YnNjcmliZVwiXSwgXCJyb29tOnRpdGxlX2NoYW5nZTpSU1E3WkRMXCI6IFtcInN1YnNjcmliZVwiXSwgXCJyb29tOnNpbGVuY2U6UlNRN1pETFwiOiBbXCJzdWJzY3JpYmVcIl0sIFwicm9vbTpraWNrOlJTUTdaRExcIjogW1wic3Vic2NyaWJlXCJdLCBcInJvb206dXBkYXRlOlJTUTdaRExcIjogW1wic3Vic2NyaWJlXCJdLCBcInJvb206c2V0dGluZ3M6UlNRN1pETFwiOiBbXCJzdWJzY3JpYmVcIl19IiwieC1hYmx5LWNsaWVudElkIjoiYW5vbjY3MWIzZTM1LTIzZjAtNGUzYi05OTAzLThlZTAyZDU0M2EwOSJ9.kKYBOPEf4fg3rSrDLXaIqSJ6QxZtnmBYvYTBadn2iw4&rnd=33260819520944995
54.230.111.129200 OK 25 kB URL HTTP/2 realtime.pa.highwebmedia.com/comet/e91-P9cogBL0Ky!QWKJfQnTS9DkKfhf-31d2b/recv?access_token=eyJhbGciOiJIUzI1NiIsImtpZCI6IktTS3cyZy5MMzZJU2ciLCJ0eXAiOiJKV1QifQ.eyJpYXQiOjE2NzU1MjUzMjQsImV4cCI6MTY3NTYxMTcyNC4wLCJ4LWFibHktY2FwYWJpbGl0eSI6IntcInJvb206dGlwX2FsZXJ0OlJTUTdaRExcIjogW1wic3Vic2NyaWJlXCJdLCBcInJvb206cHVyY2hhc2U6UlNRN1pETFwiOiBbXCJzdWJzY3JpYmVcIl0sIFwicm9vbTpmYW5jbHViOlJTUTdaRExcIjogW1wic3Vic2NyaWJlXCJdLCBcInJvb206bWVzc2FnZTpSU1E3WkRMOjRcIjogW1wic3Vic2NyaWJlXCJdLCBcImdsb2JhbDpwdXNoX3NlcnZpY2VcIjogW1wic3Vic2NyaWJlXCJdLCBcInJvb21fYW5vbjpwcmVzZW5jZTpSU1E3WkRMOjRcIjogW1wic3Vic2NyaWJlXCJdLCBcInJvb206cXVhbGl0eV91cGRhdGU6UlNRN1pETFwiOiBbXCJzdWJzY3JpYmVcIl0sIFwicm9vbTpub3RpY2U6UlNRN1pETFwiOiBbXCJzdWJzY3JpYmVcIl0sIFwicm9vbTplbnRlcl9sZWF2ZTpSU1E3WkRMXCI6IFtcInN1YnNjcmliZVwiXSwgXCJyb29tOnBhc3N3b3JkX3Byb3RlY3RlZDpSU1E3WkRMOjRcIjogW1wic3Vic2NyaWJlXCJdLCBcInJvb206bW9kX3Byb21vdGVkOlJTUTdaRExcIjogW1wic3Vic2NyaWJlXCJdLCBcInJvb206bW9kX3Jldm9rZWQ6UlNRN1pETFwiOiBbXCJzdWJzY3JpYmVcIl0sIFwicm9vbTpzdGF0dXM6UlNRN1pETDo0XCI6IFtcInN1YnNjcmliZVwiXSwgXCJyb29tOnRpdGxlX2NoYW5nZTpSU1E3WkRMXCI6IFtcInN1YnNjcmliZVwiXSwgXCJyb29tOnNpbGVuY2U6UlNRN1pETFwiOiBbXCJzdWJzY3JpYmVcIl0sIFwicm9vbTpraWNrOlJTUTdaRExcIjogW1wic3Vic2NyaWJlXCJdLCBcInJvb206dXBkYXRlOlJTUTdaRExcIjogW1wic3Vic2NyaWJlXCJdLCBcInJvb206c2V0dGluZ3M6UlNRN1pETFwiOiBbXCJzdWJzY3JpYmVcIl19IiwieC1hYmx5LWNsaWVudElkIjoiYW5vbjY3MWIzZTM1LTIzZjAtNGUzYi05OTAzLThlZTAyZDU0M2EwOSJ9.kKYBOPEf4fg3rSrDLXaIqSJ6QxZtnmBYvYTBadn2iw4&rnd=33260819520944995
IP 54.230.111.129:0
Hash 7525f782b03bc9ed57ac9a8b1c1aa43e
1ca2464312218aaab787a6db5f52b1e9c92dc319
312f52b3ff35d6dbf13489f5009db4fbc3dc0636af85b43b54ed294bb0fe8025
GET /comet/e91-P9cogBL0Ky!QWKJfQnTS9DkKfhf-31d2b/recv?access_token=eyJhbGciOiJIUzI1NiIsImtpZCI6IktTS3cyZy5MMzZJU2ciLCJ0eXAiOiJKV1QifQ.eyJpYXQiOjE2NzU1MjUzMjQsImV4cCI6MTY3NTYxMTcyNC4wLCJ4LWFibHktY2FwYWJpbGl0eSI6IntcInJvb206dGlwX2FsZXJ0OlJTUTdaRExcIjogW1wic3Vic2NyaWJlXCJdLCBcInJvb206cHVyY2hhc2U6UlNRN1pETFwiOiBbXCJzdWJzY3JpYmVcIl0sIFwicm9vbTpmYW5jbHViOlJTUTdaRExcIjogW1wic3Vic2NyaWJlXCJdLCBcInJvb206bWVzc2FnZTpSU1E3WkRMOjRcIjogW1wic3Vic2NyaWJlXCJdLCBcImdsb2JhbDpwdXNoX3NlcnZpY2VcIjogW1wic3Vic2NyaWJlXCJdLCBcInJvb21fYW5vbjpwcmVzZW5jZTpSU1E3WkRMOjRcIjogW1wic3Vic2NyaWJlXCJdLCBcInJvb206cXVhbGl0eV91cGRhdGU6UlNRN1pETFwiOiBbXCJzdWJzY3JpYmVcIl0sIFwicm9vbTpub3RpY2U6UlNRN1pETFwiOiBbXCJzdWJzY3JpYmVcIl0sIFwicm9vbTplbnRlcl9sZWF2ZTpSU1E3WkRMXCI6IFtcInN1YnNjcmliZVwiXSwgXCJyb29tOnBhc3N3b3JkX3Byb3RlY3RlZDpSU1E3WkRMOjRcIjogW1wic3Vic2NyaWJlXCJdLCBcInJvb206bW9kX3Byb21vdGVkOlJTUTdaRExcIjogW1wic3Vic2NyaWJlXCJdLCBcInJvb206bW9kX3Jldm9rZWQ6UlNRN1pETFwiOiBbXCJzdWJzY3JpYmVcIl0sIFwicm9vbTpzdGF0dXM6UlNRN1pETDo0XCI6IFtcInN1YnNjcmliZVwiXSwgXCJyb29tOnRpdGxlX2NoYW5nZTpSU1E3WkRMXCI6IFtcInN1YnNjcmliZVwiXSwgXCJyb29tOnNpbGVuY2U6UlNRN1pETFwiOiBbXCJzdWJzY3JpYmVcIl0sIFwicm9vbTpraWNrOlJTUTdaRExcIjogW1wic3Vic2NyaWJlXCJdLCBcInJvb206dXBkYXRlOlJTUTdaRExcIjogW1wic3Vic2NyaWJlXCJdLCBcInJvb206c2V0dGluZ3M6UlNRN1pETFwiOiBbXCJzdWJzY3JpYmVcIl19IiwieC1hYmx5LWNsaWVudElkIjoiYW5vbjY3MWIzZTM1LTIzZjAtNGUzYi05OTAzLThlZTAyZDU0M2EwOSJ9.kKYBOPEf4fg3rSrDLXaIqSJ6QxZtnmBYvYTBadn2iw4&rnd=33260819520944995 HTTP/1.1
Host: realtime.pa.highwebmedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://chaturbate.com/
Origin: https://chaturbate.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: application/json
access-control-allow-credentials: true
access-control-allow-origin: https://chaturbate.com
access-control-expose-headers: Link,Transfer-Encoding,Content-Length,X-Ably-ErrorCode,X-Ably-ErrorMessage,X-Ably-ServerId,X-Ably-Cluster,Server,X-Amz-Cf-Pop
date: Sat, 04 Feb 2023 15:42:05 GMT
vary: Accept-Encoding, Origin
x-ably-cluster: production:highwebmedia
x-ably-serverid: frontend.a61d.3.eu-central-1-A.i-0ca9174e25d9ea74c.e91-P9cogBL0Ky
x-robots-tag: noindex
content-encoding: gzip
x-cache: Miss from cloudfront
via: 1.1 09ae414c9d6c5323d5147457ada70ec6.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: zSnMFKPgEHi0rA3-IBt8t5_9LbeCIE1QsYcvfgAx3qAIerZx6H2MaQ==
X-Firefox-Spdy: h2
realtime.pa.highwebmedia.com/comet/e91-P9cogBL0Ky!QWKJfQnTS9DkKfhf-31d2b/recv?access_token=eyJhbGciOiJIUzI1NiIsImtpZCI6IktTS3cyZy5MMzZJU2ciLCJ0eXAiOiJKV1QifQ.eyJpYXQiOjE2NzU1MjUzMjQsImV4cCI6MTY3NTYxMTcyNC4wLCJ4LWFibHktY2FwYWJpbGl0eSI6IntcInJvb206dGlwX2FsZXJ0OlJTUTdaRExcIjogW1wic3Vic2NyaWJlXCJdLCBcInJvb206cHVyY2hhc2U6UlNRN1pETFwiOiBbXCJzdWJzY3JpYmVcIl0sIFwicm9vbTpmYW5jbHViOlJTUTdaRExcIjogW1wic3Vic2NyaWJlXCJdLCBcInJvb206bWVzc2FnZTpSU1E3WkRMOjRcIjogW1wic3Vic2NyaWJlXCJdLCBcImdsb2JhbDpwdXNoX3NlcnZpY2VcIjogW1wic3Vic2NyaWJlXCJdLCBcInJvb21fYW5vbjpwcmVzZW5jZTpSU1E3WkRMOjRcIjogW1wic3Vic2NyaWJlXCJdLCBcInJvb206cXVhbGl0eV91cGRhdGU6UlNRN1pETFwiOiBbXCJzdWJzY3JpYmVcIl0sIFwicm9vbTpub3RpY2U6UlNRN1pETFwiOiBbXCJzdWJzY3JpYmVcIl0sIFwicm9vbTplbnRlcl9sZWF2ZTpSU1E3WkRMXCI6IFtcInN1YnNjcmliZVwiXSwgXCJyb29tOnBhc3N3b3JkX3Byb3RlY3RlZDpSU1E3WkRMOjRcIjogW1wic3Vic2NyaWJlXCJdLCBcInJvb206bW9kX3Byb21vdGVkOlJTUTdaRExcIjogW1wic3Vic2NyaWJlXCJdLCBcInJvb206bW9kX3Jldm9rZWQ6UlNRN1pETFwiOiBbXCJzdWJzY3JpYmVcIl0sIFwicm9vbTpzdGF0dXM6UlNRN1pETDo0XCI6IFtcInN1YnNjcmliZVwiXSwgXCJyb29tOnRpdGxlX2NoYW5nZTpSU1E3WkRMXCI6IFtcInN1YnNjcmliZVwiXSwgXCJyb29tOnNpbGVuY2U6UlNRN1pETFwiOiBbXCJzdWJzY3JpYmVcIl0sIFwicm9vbTpraWNrOlJTUTdaRExcIjogW1wic3Vic2NyaWJlXCJdLCBcInJvb206dXBkYXRlOlJTUTdaRExcIjogW1wic3Vic2NyaWJlXCJdLCBcInJvb206c2V0dGluZ3M6UlNRN1pETFwiOiBbXCJzdWJzY3JpYmVcIl19IiwieC1hYmx5LWNsaWVudElkIjoiYW5vbjY3MWIzZTM1LTIzZjAtNGUzYi05OTAzLThlZTAyZDU0M2EwOSJ9.kKYBOPEf4fg3rSrDLXaIqSJ6QxZtnmBYvYTBadn2iw4&rnd=8280004260980285
54.230.111.129200 OK 998 B URL HTTP/2 realtime.pa.highwebmedia.com/comet/e91-P9cogBL0Ky!QWKJfQnTS9DkKfhf-31d2b/recv?access_token=eyJhbGciOiJIUzI1NiIsImtpZCI6IktTS3cyZy5MMzZJU2ciLCJ0eXAiOiJKV1QifQ.eyJpYXQiOjE2NzU1MjUzMjQsImV4cCI6MTY3NTYxMTcyNC4wLCJ4LWFibHktY2FwYWJpbGl0eSI6IntcInJvb206dGlwX2FsZXJ0OlJTUTdaRExcIjogW1wic3Vic2NyaWJlXCJdLCBcInJvb206cHVyY2hhc2U6UlNRN1pETFwiOiBbXCJzdWJzY3JpYmVcIl0sIFwicm9vbTpmYW5jbHViOlJTUTdaRExcIjogW1wic3Vic2NyaWJlXCJdLCBcInJvb206bWVzc2FnZTpSU1E3WkRMOjRcIjogW1wic3Vic2NyaWJlXCJdLCBcImdsb2JhbDpwdXNoX3NlcnZpY2VcIjogW1wic3Vic2NyaWJlXCJdLCBcInJvb21fYW5vbjpwcmVzZW5jZTpSU1E3WkRMOjRcIjogW1wic3Vic2NyaWJlXCJdLCBcInJvb206cXVhbGl0eV91cGRhdGU6UlNRN1pETFwiOiBbXCJzdWJzY3JpYmVcIl0sIFwicm9vbTpub3RpY2U6UlNRN1pETFwiOiBbXCJzdWJzY3JpYmVcIl0sIFwicm9vbTplbnRlcl9sZWF2ZTpSU1E3WkRMXCI6IFtcInN1YnNjcmliZVwiXSwgXCJyb29tOnBhc3N3b3JkX3Byb3RlY3RlZDpSU1E3WkRMOjRcIjogW1wic3Vic2NyaWJlXCJdLCBcInJvb206bW9kX3Byb21vdGVkOlJTUTdaRExcIjogW1wic3Vic2NyaWJlXCJdLCBcInJvb206bW9kX3Jldm9rZWQ6UlNRN1pETFwiOiBbXCJzdWJzY3JpYmVcIl0sIFwicm9vbTpzdGF0dXM6UlNRN1pETDo0XCI6IFtcInN1YnNjcmliZVwiXSwgXCJyb29tOnRpdGxlX2NoYW5nZTpSU1E3WkRMXCI6IFtcInN1YnNjcmliZVwiXSwgXCJyb29tOnNpbGVuY2U6UlNRN1pETFwiOiBbXCJzdWJzY3JpYmVcIl0sIFwicm9vbTpraWNrOlJTUTdaRExcIjogW1wic3Vic2NyaWJlXCJdLCBcInJvb206dXBkYXRlOlJTUTdaRExcIjogW1wic3Vic2NyaWJlXCJdLCBcInJvb206c2V0dGluZ3M6UlNRN1pETFwiOiBbXCJzdWJzY3JpYmVcIl19IiwieC1hYmx5LWNsaWVudElkIjoiYW5vbjY3MWIzZTM1LTIzZjAtNGUzYi05OTAzLThlZTAyZDU0M2EwOSJ9.kKYBOPEf4fg3rSrDLXaIqSJ6QxZtnmBYvYTBadn2iw4&rnd=8280004260980285
IP 54.230.111.129:0
File type JSON data\012- , ASCII text
Hash 4ab20777c0b5ba571ad44443fa658820
ed1bfc82601ed3236e847d8dee9d4ccb903464e1
5860ab7fb6d3f33c377ea591c84e482c0e8ce43d89b8f98873a81bb3fceca45f
GET /comet/e91-P9cogBL0Ky!QWKJfQnTS9DkKfhf-31d2b/recv?access_token=eyJhbGciOiJIUzI1NiIsImtpZCI6IktTS3cyZy5MMzZJU2ciLCJ0eXAiOiJKV1QifQ.eyJpYXQiOjE2NzU1MjUzMjQsImV4cCI6MTY3NTYxMTcyNC4wLCJ4LWFibHktY2FwYWJpbGl0eSI6IntcInJvb206dGlwX2FsZXJ0OlJTUTdaRExcIjogW1wic3Vic2NyaWJlXCJdLCBcInJvb206cHVyY2hhc2U6UlNRN1pETFwiOiBbXCJzdWJzY3JpYmVcIl0sIFwicm9vbTpmYW5jbHViOlJTUTdaRExcIjogW1wic3Vic2NyaWJlXCJdLCBcInJvb206bWVzc2FnZTpSU1E3WkRMOjRcIjogW1wic3Vic2NyaWJlXCJdLCBcImdsb2JhbDpwdXNoX3NlcnZpY2VcIjogW1wic3Vic2NyaWJlXCJdLCBcInJvb21fYW5vbjpwcmVzZW5jZTpSU1E3WkRMOjRcIjogW1wic3Vic2NyaWJlXCJdLCBcInJvb206cXVhbGl0eV91cGRhdGU6UlNRN1pETFwiOiBbXCJzdWJzY3JpYmVcIl0sIFwicm9vbTpub3RpY2U6UlNRN1pETFwiOiBbXCJzdWJzY3JpYmVcIl0sIFwicm9vbTplbnRlcl9sZWF2ZTpSU1E3WkRMXCI6IFtcInN1YnNjcmliZVwiXSwgXCJyb29tOnBhc3N3b3JkX3Byb3RlY3RlZDpSU1E3WkRMOjRcIjogW1wic3Vic2NyaWJlXCJdLCBcInJvb206bW9kX3Byb21vdGVkOlJTUTdaRExcIjogW1wic3Vic2NyaWJlXCJdLCBcInJvb206bW9kX3Jldm9rZWQ6UlNRN1pETFwiOiBbXCJzdWJzY3JpYmVcIl0sIFwicm9vbTpzdGF0dXM6UlNRN1pETDo0XCI6IFtcInN1YnNjcmliZVwiXSwgXCJyb29tOnRpdGxlX2NoYW5nZTpSU1E3WkRMXCI6IFtcInN1YnNjcmliZVwiXSwgXCJyb29tOnNpbGVuY2U6UlNRN1pETFwiOiBbXCJzdWJzY3JpYmVcIl0sIFwicm9vbTpraWNrOlJTUTdaRExcIjogW1wic3Vic2NyaWJlXCJdLCBcInJvb206dXBkYXRlOlJTUTdaRExcIjogW1wic3Vic2NyaWJlXCJdLCBcInJvb206c2V0dGluZ3M6UlNRN1pETFwiOiBbXCJzdWJzY3JpYmVcIl19IiwieC1hYmx5LWNsaWVudElkIjoiYW5vbjY3MWIzZTM1LTIzZjAtNGUzYi05OTAzLThlZTAyZDU0M2EwOSJ9.kKYBOPEf4fg3rSrDLXaIqSJ6QxZtnmBYvYTBadn2iw4&rnd=8280004260980285 HTTP/1.1
Host: realtime.pa.highwebmedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://chaturbate.com/
Origin: https://chaturbate.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: application/json
content-length: 998
access-control-allow-credentials: true
access-control-allow-origin: https://chaturbate.com
access-control-expose-headers: Link,Transfer-Encoding,Content-Length,X-Ably-ErrorCode,X-Ably-ErrorMessage,X-Ably-ServerId,X-Ably-Cluster,Server,X-Amz-Cf-Pop
date: Sat, 04 Feb 2023 15:42:05 GMT
vary: Origin
x-ably-cluster: production:highwebmedia
x-ably-serverid: frontend.a61d.3.eu-central-1-A.i-0ca9174e25d9ea74c.e91-P9cogBL0Ky
x-robots-tag: noindex
x-cache: Miss from cloudfront
via: 1.1 09ae414c9d6c5323d5147457ada70ec6.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: gh_8jx6I4jUE9iufxxduvhdhN8zdrFKHW-DvyJXQ47O_T6pSEtg0Bg==
X-Firefox-Spdy: h2
cbjpeg.stream.highwebmedia.com/stream?room=claire_moulin&f=0.29267463249582715
131.153.88.93200 OK 23 kB URL HTTP/2 cbjpeg.stream.highwebmedia.com/stream?room=claire_moulin&f=0.29267463249582715
IP 131.153.88.93:0
ASN #50389 Phoenix Nap, LLC.
File type JPEG image data, JFIF standard 1.02, aspect ratio, density 1280x1281, segment length 16, comment: "Lavc58.91.100", baseline, precision 8, 854x480, components 3\012- data
Hash 515a798067c716b8bc3e8940790cae1e
ebcb1d0e0c246042ee61d2c2bcedafa203d9fd2e
858fc21a49a789d1219bf6ea3d989888c550b858f5f4aea9f4cde409348928fa
GET /stream?room=claire_moulin&f=0.29267463249582715 HTTP/1.1
Host: cbjpeg.stream.highwebmedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://chaturbate.com/
Connection: keep-alive
Cookie: _cfuvid=zQRvoRtu1PdfTxywsPaSsW8zHCe1PRgbwnGkiNh4Zn8-1675525323178-0-604800000
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 04 Feb 2023 15:42:05 GMT
content-type: image/jpeg
content-length: 23234
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: default-src 'none'; img-src data:; style-src 'unsafe-inline'
cache-tag: cbjpeg
x-frame-options: DENY
X-Firefox-Spdy: h2
cbjpeg.stream.highwebmedia.com/stream?room=claire_moulin&f=0.9974936295725286
131.153.88.93200 OK 23 kB URL HTTP/2 cbjpeg.stream.highwebmedia.com/stream?room=claire_moulin&f=0.9974936295725286
IP 131.153.88.93:0
ASN #50389 Phoenix Nap, LLC.
File type JPEG image data, JFIF standard 1.02, aspect ratio, density 1280x1281, segment length 16, comment: "Lavc58.91.100", baseline, precision 8, 854x480, components 3\012- data
Hash fb7f0fb2491ceaa3c54b43ee549faf30
81f6c58d0c0ef60637178b784c471bed45662145
eb9a7be9a68de14a8753795c6666225857404c06277978061d51b36f84587e81
GET /stream?room=claire_moulin&f=0.9974936295725286 HTTP/1.1
Host: cbjpeg.stream.highwebmedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://chaturbate.com/
Connection: keep-alive
Cookie: _cfuvid=zQRvoRtu1PdfTxywsPaSsW8zHCe1PRgbwnGkiNh4Zn8-1675525323178-0-604800000
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 04 Feb 2023 15:42:05 GMT
content-type: image/jpeg
content-length: 23357
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: default-src 'none'; img-src data:; style-src 'unsafe-inline'
cache-tag: cbjpeg
x-frame-options: DENY
X-Firefox-Spdy: h2
cbjpeg.stream.highwebmedia.com/stream?room=claire_moulin&f=0.9752047622859003
131.153.88.93200 OK 23 kB URL HTTP/2 cbjpeg.stream.highwebmedia.com/stream?room=claire_moulin&f=0.9752047622859003
IP 131.153.88.93:0
ASN #50389 Phoenix Nap, LLC.
File type JPEG image data, JFIF standard 1.02, aspect ratio, density 1280x1281, segment length 16, comment: "Lavc58.91.100", baseline, precision 8, 854x480, components 3\012- data
Hash ffbb871f867dc8dca6fb42bfe0c68b5b
6e7bdf51f035c7785019cc6312aca20298acaeba
0dbb7e485405ce8e113f7a21a7cca2f728cd7fe9728af2d3d57cc37d0e085832
GET /stream?room=claire_moulin&f=0.9752047622859003 HTTP/1.1
Host: cbjpeg.stream.highwebmedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://chaturbate.com/
Connection: keep-alive
Cookie: _cfuvid=zQRvoRtu1PdfTxywsPaSsW8zHCe1PRgbwnGkiNh4Zn8-1675525323178-0-604800000
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 04 Feb 2023 15:42:06 GMT
content-type: image/jpeg
content-length: 22990
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: default-src 'none'; img-src data:; style-src 'unsafe-inline'
cache-tag: cbjpeg
x-frame-options: DENY
X-Firefox-Spdy: h2
realtime.pa.highwebmedia.com/comet/e91-P9cogBL0Ky!QWKJfQnTS9DkKfhf-31d2b/disconnect?access_token=eyJhbGciOiJIUzI1NiIsImtpZCI6IktTS3cyZy5MMzZJU2ciLCJ0eXAiOiJKV1QifQ.eyJpYXQiOjE2NzU1MjUzMjQsImV4cCI6MTY3NTYxMTcyNC4wLCJ4LWFibHktY2FwYWJpbGl0eSI6IntcInJvb206dGlwX2FsZXJ0OlJTUTdaRExcIjogW1wic3Vic2NyaWJlXCJdLCBcInJvb206cHVyY2hhc2U6UlNRN1pETFwiOiBbXCJzdWJzY3JpYmVcIl0sIFwicm9vbTpmYW5jbHViOlJTUTdaRExcIjogW1wic3Vic2NyaWJlXCJdLCBcInJvb206bWVzc2FnZTpSU1E3WkRMOjRcIjogW1wic3Vic2NyaWJlXCJdLCBcImdsb2JhbDpwdXNoX3NlcnZpY2VcIjogW1wic3Vic2NyaWJlXCJdLCBcInJvb21fYW5vbjpwcmVzZW5jZTpSU1E3WkRMOjRcIjogW1wic3Vic2NyaWJlXCJdLCBcInJvb206cXVhbGl0eV91cGRhdGU6UlNRN1pETFwiOiBbXCJzdWJzY3JpYmVcIl0sIFwicm9vbTpub3RpY2U6UlNRN1pETFwiOiBbXCJzdWJzY3JpYmVcIl0sIFwicm9vbTplbnRlcl9sZWF2ZTpSU1E3WkRMXCI6IFtcInN1YnNjcmliZVwiXSwgXCJyb29tOnBhc3N3b3JkX3Byb3RlY3RlZDpSU1E3WkRMOjRcIjogW1wic3Vic2NyaWJlXCJdLCBcInJvb206bW9kX3Byb21vdGVkOlJTUTdaRExcIjogW1wic3Vic2NyaWJlXCJdLCBcInJvb206bW9kX3Jldm9rZWQ6UlNRN1pETFwiOiBbXCJzdWJzY3JpYmVcIl0sIFwicm9vbTpzdGF0dXM6UlNRN1pETDo0XCI6IFtcInN1YnNjcmliZVwiXSwgXCJyb29tOnRpdGxlX2NoYW5nZTpSU1E3WkRMXCI6IFtcInN1YnNjcmliZVwiXSwgXCJyb29tOnNpbGVuY2U6UlNRN1pETFwiOiBbXCJzdWJzY3JpYmVcIl0sIFwicm9vbTpraWNrOlJTUTdaRExcIjogW1wic3Vic2NyaWJlXCJdLCBcInJvb206dXBkYXRlOlJTUTdaRExcIjogW1wic3Vic2NyaWJlXCJdLCBcInJvb206c2V0dGluZ3M6UlNRN1pETFwiOiBbXCJzdWJzY3JpYmVcIl19IiwieC1hYmx5LWNsaWVudElkIjoiYW5vbjY3MWIzZTM1LTIzZjAtNGUzYi05OTAzLThlZTAyZDU0M2EwOSJ9.kKYBOPEf4fg3rSrDLXaIqSJ6QxZtnmBYvYTBadn2iw4&rnd=9931581599581047
54.230.111.129204 No Content 0 B URL HTTP/2 realtime.pa.highwebmedia.com/comet/e91-P9cogBL0Ky!QWKJfQnTS9DkKfhf-31d2b/disconnect?access_token=eyJhbGciOiJIUzI1NiIsImtpZCI6IktTS3cyZy5MMzZJU2ciLCJ0eXAiOiJKV1QifQ.eyJpYXQiOjE2NzU1MjUzMjQsImV4cCI6MTY3NTYxMTcyNC4wLCJ4LWFibHktY2FwYWJpbGl0eSI6IntcInJvb206dGlwX2FsZXJ0OlJTUTdaRExcIjogW1wic3Vic2NyaWJlXCJdLCBcInJvb206cHVyY2hhc2U6UlNRN1pETFwiOiBbXCJzdWJzY3JpYmVcIl0sIFwicm9vbTpmYW5jbHViOlJTUTdaRExcIjogW1wic3Vic2NyaWJlXCJdLCBcInJvb206bWVzc2FnZTpSU1E3WkRMOjRcIjogW1wic3Vic2NyaWJlXCJdLCBcImdsb2JhbDpwdXNoX3NlcnZpY2VcIjogW1wic3Vic2NyaWJlXCJdLCBcInJvb21fYW5vbjpwcmVzZW5jZTpSU1E3WkRMOjRcIjogW1wic3Vic2NyaWJlXCJdLCBcInJvb206cXVhbGl0eV91cGRhdGU6UlNRN1pETFwiOiBbXCJzdWJzY3JpYmVcIl0sIFwicm9vbTpub3RpY2U6UlNRN1pETFwiOiBbXCJzdWJzY3JpYmVcIl0sIFwicm9vbTplbnRlcl9sZWF2ZTpSU1E3WkRMXCI6IFtcInN1YnNjcmliZVwiXSwgXCJyb29tOnBhc3N3b3JkX3Byb3RlY3RlZDpSU1E3WkRMOjRcIjogW1wic3Vic2NyaWJlXCJdLCBcInJvb206bW9kX3Byb21vdGVkOlJTUTdaRExcIjogW1wic3Vic2NyaWJlXCJdLCBcInJvb206bW9kX3Jldm9rZWQ6UlNRN1pETFwiOiBbXCJzdWJzY3JpYmVcIl0sIFwicm9vbTpzdGF0dXM6UlNRN1pETDo0XCI6IFtcInN1YnNjcmliZVwiXSwgXCJyb29tOnRpdGxlX2NoYW5nZTpSU1E3WkRMXCI6IFtcInN1YnNjcmliZVwiXSwgXCJyb29tOnNpbGVuY2U6UlNRN1pETFwiOiBbXCJzdWJzY3JpYmVcIl0sIFwicm9vbTpraWNrOlJTUTdaRExcIjogW1wic3Vic2NyaWJlXCJdLCBcInJvb206dXBkYXRlOlJTUTdaRExcIjogW1wic3Vic2NyaWJlXCJdLCBcInJvb206c2V0dGluZ3M6UlNRN1pETFwiOiBbXCJzdWJzY3JpYmVcIl19IiwieC1hYmx5LWNsaWVudElkIjoiYW5vbjY3MWIzZTM1LTIzZjAtNGUzYi05OTAzLThlZTAyZDU0M2EwOSJ9.kKYBOPEf4fg3rSrDLXaIqSJ6QxZtnmBYvYTBadn2iw4&rnd=9931581599581047
IP 54.230.111.129:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /comet/e91-P9cogBL0Ky!QWKJfQnTS9DkKfhf-31d2b/disconnect?access_token=eyJhbGciOiJIUzI1NiIsImtpZCI6IktTS3cyZy5MMzZJU2ciLCJ0eXAiOiJKV1QifQ.eyJpYXQiOjE2NzU1MjUzMjQsImV4cCI6MTY3NTYxMTcyNC4wLCJ4LWFibHktY2FwYWJpbGl0eSI6IntcInJvb206dGlwX2FsZXJ0OlJTUTdaRExcIjogW1wic3Vic2NyaWJlXCJdLCBcInJvb206cHVyY2hhc2U6UlNRN1pETFwiOiBbXCJzdWJzY3JpYmVcIl0sIFwicm9vbTpmYW5jbHViOlJTUTdaRExcIjogW1wic3Vic2NyaWJlXCJdLCBcInJvb206bWVzc2FnZTpSU1E3WkRMOjRcIjogW1wic3Vic2NyaWJlXCJdLCBcImdsb2JhbDpwdXNoX3NlcnZpY2VcIjogW1wic3Vic2NyaWJlXCJdLCBcInJvb21fYW5vbjpwcmVzZW5jZTpSU1E3WkRMOjRcIjogW1wic3Vic2NyaWJlXCJdLCBcInJvb206cXVhbGl0eV91cGRhdGU6UlNRN1pETFwiOiBbXCJzdWJzY3JpYmVcIl0sIFwicm9vbTpub3RpY2U6UlNRN1pETFwiOiBbXCJzdWJzY3JpYmVcIl0sIFwicm9vbTplbnRlcl9sZWF2ZTpSU1E3WkRMXCI6IFtcInN1YnNjcmliZVwiXSwgXCJyb29tOnBhc3N3b3JkX3Byb3RlY3RlZDpSU1E3WkRMOjRcIjogW1wic3Vic2NyaWJlXCJdLCBcInJvb206bW9kX3Byb21vdGVkOlJTUTdaRExcIjogW1wic3Vic2NyaWJlXCJdLCBcInJvb206bW9kX3Jldm9rZWQ6UlNRN1pETFwiOiBbXCJzdWJzY3JpYmVcIl0sIFwicm9vbTpzdGF0dXM6UlNRN1pETDo0XCI6IFtcInN1YnNjcmliZVwiXSwgXCJyb29tOnRpdGxlX2NoYW5nZTpSU1E3WkRMXCI6IFtcInN1YnNjcmliZVwiXSwgXCJyb29tOnNpbGVuY2U6UlNRN1pETFwiOiBbXCJzdWJzY3JpYmVcIl0sIFwicm9vbTpraWNrOlJTUTdaRExcIjogW1wic3Vic2NyaWJlXCJdLCBcInJvb206dXBkYXRlOlJTUTdaRExcIjogW1wic3Vic2NyaWJlXCJdLCBcInJvb206c2V0dGluZ3M6UlNRN1pETFwiOiBbXCJzdWJzY3JpYmVcIl19IiwieC1hYmx5LWNsaWVudElkIjoiYW5vbjY3MWIzZTM1LTIzZjAtNGUzYi05OTAzLThlZTAyZDU0M2EwOSJ9.kKYBOPEf4fg3rSrDLXaIqSJ6QxZtnmBYvYTBadn2iw4&rnd=9931581599581047 HTTP/1.1
Host: realtime.pa.highwebmedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://chaturbate.com/
Origin: https://chaturbate.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 204 No Content
access-control-allow-credentials: true
access-control-allow-origin: https://chaturbate.com
access-control-expose-headers: Link,Transfer-Encoding,Content-Length,X-Ably-ErrorCode,X-Ably-ErrorMessage,X-Ably-ServerId,X-Ably-Cluster,Server,X-Amz-Cf-Pop
date: Sat, 04 Feb 2023 15:42:06 GMT
vary: Origin
x-ably-cluster: production:highwebmedia
x-ably-serverid: frontend.a61d.3.eu-central-1-A.i-0ca9174e25d9ea74c.e91-P9cogBL0Ky
x-robots-tag: noindex
x-cache: Miss from cloudfront
via: 1.1 09ae414c9d6c5323d5147457ada70ec6.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: zOdqgF-9ubkmJzZJtrFqloylBXHUE__jPw3DpFplDPSHbkzVt_Ze9Q==
X-Firefox-Spdy: h2
cbjpeg.stream.highwebmedia.com/stream?room=claire_moulin&f=0.5561267111264838
131.153.88.93200 OK 23 kB URL HTTP/2 cbjpeg.stream.highwebmedia.com/stream?room=claire_moulin&f=0.5561267111264838
IP 131.153.88.93:0
ASN #50389 Phoenix Nap, LLC.
File type JPEG image data, JFIF standard 1.02, aspect ratio, density 1280x1281, segment length 16, comment: "Lavc58.91.100", baseline, precision 8, 854x480, components 3\012- data
Hash 16055597b7a6ed0911b56e4be5fa045a
0f6f9fda9cee1aa623c0d87c006c1c3fd2678a61
a471d914ddd53606a0fb4210ac1945e4ef9c6db07bf8872d8ae32633759a677d
GET /stream?room=claire_moulin&f=0.5561267111264838 HTTP/1.1
Host: cbjpeg.stream.highwebmedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://chaturbate.com/
Connection: keep-alive
Cookie: _cfuvid=zQRvoRtu1PdfTxywsPaSsW8zHCe1PRgbwnGkiNh4Zn8-1675525323178-0-604800000
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 04 Feb 2023 15:42:06 GMT
content-type: image/jpeg
content-length: 23361
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: default-src 'none'; img-src data:; style-src 'unsafe-inline'
cache-tag: cbjpeg
x-frame-options: DENY
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5c030376-7935-4601-969c-86a91f4f5e85.jpeg
34.120.237.76200 OK 7.2 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5c030376-7935-4601-969c-86a91f4f5e85.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash d7afd5ce8fb9ec7b62e528bf97705e49
afbf22f5d8f54adcb00e8980a9b22f2c5b6703c3
b2d93ba6c0ed2c858d91afba1c81251afbffa41c779be2e9203994dcfb7bbc9d
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5c030376-7935-4601-969c-86a91f4f5e85.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
content-length: 7249
x-amzn-requestid: 007ce521-ed5c-4074-a314-684ad0df2e22
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fyD9GH5goAMF_ag=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63dd8053-7060f02b767c90371991a190;Sampled=0
x-amzn-remapped-date: Fri, 03 Feb 2023 21:44:51 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: 5fTV_e56nzjiXo4Guu67WXDDvp3nrjB0Yfyy6ByjcDSx23J-8r0fmQ==
via: 1.1 0aebf3fe433ff96e68d785fad4ea4c0e.cloudfront.net (CloudFront), 1.1 a847181d425b7fc57e81eb3c800bfdf2.cloudfront.net (CloudFront), 1.1 google
date: Fri, 03 Feb 2023 22:10:21 GMT
age: 63105
etag: "afbf22f5d8f54adcb00e8980a9b22f2c5b6703c3"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
accounts.google.com/v3/signin/identifier?dsh=S1426243658%3A1675525321075928&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&hl=en&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&ifkv=AWnogHf5WKzKYtL6hv8_bdWKVrQEdqA4qjtE7ODFCR0qeZjubnCq470FJKSLkiOAacMaCy-jcP-y
142.250.74.109403 Forbidden 0 B URL HTTP/2 accounts.google.com/v3/signin/identifier?dsh=S1426243658%3A1675525321075928&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&hl=en&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&ifkv=AWnogHf5WKzKYtL6hv8_bdWKVrQEdqA4qjtE7ODFCR0qeZjubnCq470FJKSLkiOAacMaCy-jcP-y
IP 142.250.74.109:0
GET /v3/signin/identifier?dsh=S1426243658%3A1675525321075928&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&hl=en&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&ifkv=AWnogHf5WKzKYtL6hv8_bdWKVrQEdqA4qjtE7ODFCR0qeZjubnCq470FJKSLkiOAacMaCy-jcP-y HTTP/1.1
Host: accounts.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://xfantazy.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 403 Forbidden
content-type: text/html; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Sat, 04 Feb 2023 15:42:01 GMT
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
strict-transport-security: max-age=31536000; includeSubDomains
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-platform=*, ch-ua-platform-version=*
cross-origin-opener-policy-report-only: same-origin
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
content-security-policy: script-src 'nonce-tlNsKL4mx1Z6fneTqAALww' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /v3/signin/_/AccountsSignInUi/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /v3/signin/_/AccountsSignInUi/cspreport/allowlist, require-trusted-types-for 'script';report-uri /v3/signin/_/AccountsSignInUi/cspreport
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
a.naturalhealthsource.club/api/spots/303892?p=1&s1=%subid1%&kw=
135.181.208.216200 OK 0 B URL HTTP/2 a.naturalhealthsource.club/api/spots/303892?p=1&s1=%subid1%&kw=
IP 135.181.208.216:0
ASN #24940 Hetzner Online GmbH
GET /api/spots/303892?p=1&s1=%subid1%&kw= HTTP/1.1
Host: a.naturalhealthsource.club
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 04 Feb 2023 15:42:01 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
set-cookie: nauid=3z7YphwPmNU0PJkOkmmT; Path=/; Expires=Wed, 11 Nov 2037 11:11:11 GMT; Secure; SameSite=None
cache-control: private
content-encoding: gzip
X-Firefox-Spdy: h2
a.medfoodsafety.com/loader?a=4788037&s=4776911&t=1&p=8575
172.64.139.21200 OK 0 B URL HTTP/2 a.medfoodsafety.com/loader?a=4788037&s=4776911&t=1&p=8575
IP 172.64.139.21:0
GET /loader?a=4788037&s=4776911&t=1&p=8575 HTTP/1.1
Host: a.medfoodsafety.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://a.naturalhealthsource.club/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 04 Feb 2023 15:42:01 GMT
content-type: text/html
cache-control: no-cache, no-store, must-revalidate
expires: Sat, 26 Jul 1997 05:00:00 GMT
last-modified: Sun, 17 May 1998 03:00:00 GMT
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=vyHp2EuaBWvdsIyWQvZoBeMNB%2F0ILADQLqThoyQfd5mWxefQ5Jdq7GyZy4TV29qGvMmL9eSPs6O0%2FEi7y7wFqC6Cjqsr6sYh45V7qFFdX9HBjmtO8wJ8Slfx%2FGXle5uJnk5W%2Fm2w"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7944838ccc4773e3-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
a.realsrv.com/iframe.js?idzone=4891810
185.76.9.17200 OK 0 B URL HTTP/2 a.realsrv.com/iframe.js?idzone=4891810
IP 185.76.9.17:0
ASN #60068 Datacamp Limited
GET /iframe.js?idzone=4891810 HTTP/1.1
Host: a.realsrv.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://a.realsrv.com/iframe.php?idzone=4891810&size=300x250
Cookie: __uvt=a%3A1%3A%7Bi%3A0%3Bs%3A33%3A%2263de7cc9d33768.602148653919810212%22%3B%7D; c-tag=%7B%22tag-banner%22%3A%22v3%7C%7CNOR%7C4891828%7C41873824%7C0%7C%7C508%7C41%7C3%7C40%7C0%7C0%7C0%7C25344%7C0%7C0%7C0%7C1%7C0%7C0%7C0%7C0%7C1%7C0%7C0%7C1%7C%7C1cffa26cab9227e1600343a9ffbf0de2%7C0%7Cxfantazy.com%7C%7C%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7Cok%22%7D
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sat, 04 Feb 2023 15:42:01 GMT
content-type: application/javascript
etag: W/"d907adca85c6966b68c12420015"
expires: Thu, 02 Feb 2023 18:45:39 GMT
cache-control: max-age=10800
access-control-allow-origin: *
x-cache-op: HIT
x-accel-expires: @1675527109
server: CDN77-Turbo
x-77-nzt: AblMCQ32QJ7/NCMAAA
x-77-nzt-ray: c0a4cc28be01f57cc97cde639b386e3b
x-cache: HIT
x-age: 9012
x-77-pop: stockholmSE
x-77-cache: HIT
content-encoding: gzip
X-Firefox-Spdy: h2
mc.yandex.ru/watch/49415098?page-url=https%3A%2F%2Fxfantazy.com%2Fvideo%2F62ec725f33a7ea06001346ec&charset=utf-8&hittoken=1675525319_2e798666e078d330098aff2affb97e86f54c61ed1f00b5af518ab962793eedb8&browser-info=pv%3A1%3Aar%3A1%3Avf%3A14qzoz81s4a176hik6jd9j%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A960%3Acn%3A1%3Adp%3A0%3Als%3A865198999680%3Ahid%3A172071718%3Az%3A0%3Ai%3A20230204154236%3Aet%3A1675525357%3Ac%3A1%3Arn%3A728213203%3Arqn%3A8%3Au%3A1675525356919022230%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Aco%3A0%3Aeu%3A1%3Ans%3A1675525353069%3Aadb%3A2%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1675525357%3At%3ANishimoto%20Meisa%20STARS-575%20Height%20Difference%2040%20Cm!%20!!%20My%20Favorite%20Big%20Guys%20Are%20Appearing%20One%20After%20Another!%20Insert%20Immediately!%20Gulliver%20Sex%20For%207%20Hours%20In%20The%20Middle%20Of%20The%20Day!%20The%20First%206%20Pages%20...%20...%20-%20XFantazy.com&t=gdpr(14)mc(p-6)clc(0-0-0)rqnt(8)aw(1)fip(1)ti(2)
87.250.250.119302 Found 0 B URL HTTP/2 mc.yandex.ru/watch/49415098?page-url=https%3A%2F%2Fxfantazy.com%2Fvideo%2F62ec725f33a7ea06001346ec&charset=utf-8&hittoken=1675525319_2e798666e078d330098aff2affb97e86f54c61ed1f00b5af518ab962793eedb8&browser-info=pv%3A1%3Aar%3A1%3Avf%3A14qzoz81s4a176hik6jd9j%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A960%3Acn%3A1%3Adp%3A0%3Als%3A865198999680%3Ahid%3A172071718%3Az%3A0%3Ai%3A20230204154236%3Aet%3A1675525357%3Ac%3A1%3Arn%3A728213203%3Arqn%3A8%3Au%3A1675525356919022230%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Aco%3A0%3Aeu%3A1%3Ans%3A1675525353069%3Aadb%3A2%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1675525357%3At%3ANishimoto%20Meisa%20STARS-575%20Height%20Difference%2040%20Cm!%20!!%20My%20Favorite%20Big%20Guys%20Are%20Appearing%20One%20After%20Another!%20Insert%20Immediately!%20Gulliver%20Sex%20For%207%20Hours%20In%20The%20Middle%20Of%20The%20Day!%20The%20First%206%20Pages%20...%20...%20-%20XFantazy.com&t=gdpr(14)mc(p-6)clc(0-0-0)rqnt(8)aw(1)fip(1)ti(2)
IP 87.250.250.119:0
GET /watch/49415098?page-url=https%3A%2F%2Fxfantazy.com%2Fvideo%2F62ec725f33a7ea06001346ec&charset=utf-8&hittoken=1675525319_2e798666e078d330098aff2affb97e86f54c61ed1f00b5af518ab962793eedb8&browser-info=pv%3A1%3Aar%3A1%3Avf%3A14qzoz81s4a176hik6jd9j%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A960%3Acn%3A1%3Adp%3A0%3Als%3A865198999680%3Ahid%3A172071718%3Az%3A0%3Ai%3A20230204154236%3Aet%3A1675525357%3Ac%3A1%3Arn%3A728213203%3Arqn%3A8%3Au%3A1675525356919022230%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Aco%3A0%3Aeu%3A1%3Ans%3A1675525353069%3Aadb%3A2%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1675525357%3At%3ANishimoto%20Meisa%20STARS-575%20Height%20Difference%2040%20Cm!%20!!%20My%20Favorite%20Big%20Guys%20Are%20Appearing%20One%20After%20Another!%20Insert%20Immediately!%20Gulliver%20Sex%20For%207%20Hours%20In%20The%20Middle%20Of%20The%20Day!%20The%20First%206%20Pages%20...%20...%20-%20XFantazy.com&t=gdpr(14)mc(p-6)clc(0-0-0)rqnt(8)aw(1)fip(1)ti(2) HTTP/1.1
Host: mc.yandex.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://xfantazy.com
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 302 Found
location: /watch/49415098/1?page-url=https%3A%2F%2Fxfantazy.com%2Fvideo%2F62ec725f33a7ea06001346ec&charset=utf-8&hittoken=1675525319_2e798666e078d330098aff2affb97e86f54c61ed1f00b5af518ab962793eedb8&browser-info=pv%3A1%3Aar%3A1%3Avf%3A14qzoz81s4a176hik6jd9j%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A960%3Acn%3A1%3Adp%3A0%3Als%3A865198999680%3Ahid%3A172071718%3Az%3A0%3Ai%3A20230204154236%3Aet%3A1675525357%3Ac%3A1%3Arn%3A728213203%3Arqn%3A8%3Au%3A1675525356919022230%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Aco%3A0%3Aeu%3A1%3Ans%3A1675525353069%3Aadb%3A2%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1675525357%3At%3ANishimoto%20Meisa%20STARS-575%20Height%20Difference%2040%20Cm%21%20%21%21%20My%20Favorite%20Big%20Guys%20Are%20Appearing%20One%20After%20Another%21%20Insert%20Immediately%21%20Gulliver%20Sex%20For%207%20Hours%20In%20The%20Middle%20Of%20The%20Day%21%20The%20First%206%20Pages%20...%20...%20-%20XFantazy.com&t=gdpr%2814%29mc%28p-6%29clc%280-0-0%29rqnt%288%29aw%281%29fip%281%29ti%282%29
date: Sat, 04 Feb 2023 15:42:00 GMT
access-control-allow-origin: https://xfantazy.com
set-cookie: yabs-sid=2481340571675525320; Path=/; SameSite=None; Secure
i=lOXo3SCQHNgL3Sa8fWMwJYoyNtJZ0NFQrpVzBMOg+wjfz9NYxdTno2NVlAIV3cDeh0dUI31UvLxKxzb0O5REyAsoo3s=; Expires=Tue, 01-Feb-2033 15:41:56 GMT; Domain=.yandex.ru; Path=/; Secure; HttpOnly; SameSite=None
yandexuid=1313054801675525320; Expires=Sun, 04-Feb-2024 15:42:00 GMT; Domain=.yandex.ru; Path=/; SameSite=None; Secure
yuidss=1313054801675525320; Expires=Sun, 04-Feb-2024 15:42:00 GMT; Domain=.yandex.ru; Path=/; SameSite=None; Secure
ymex=1707061320.yc.1675525320#1707061320.yrts.1675525320#1707061320.yrtsi.1675525320; Expires=Sun, 04-Feb-2024 15:42:00 GMT; Domain=.yandex.ru; Path=/; SameSite=None; Secure
access-control-allow-credentials: true
pragma: no-cache
x-xss-protection: 1; mode=block
expires: Sat, 04-Feb-2023 15:42:00 GMT
last-modified: Sat, 04-Feb-2023 15:42:00 GMT
accept-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
static-assets.highwebmedia.com/CACHE/js/output.e1067846ea15.js
104.16.93.42200 OK 0 B URL HTTP/2 static-assets.highwebmedia.com/CACHE/js/output.e1067846ea15.js
IP 104.16.93.42:0
GET /CACHE/js/output.e1067846ea15.js HTTP/1.1
Host: static-assets.highwebmedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://chaturbate.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sat, 04 Feb 2023 15:42:03 GMT
content-type: application/javascript
cache-control: public, max-age=2592000
cf-bgj: minify
cf-polished: origSize=108152
etag: W/"97a23c5e27826ee4bed1dbcfe0601da8"
last-modified: Thu, 24 Jun 2021 21:24:09 GMT
x-amz-id-2: gJdq637yDaGW5b/k/xLZcaVgKR2zPrz11wa1iwf3/kEEAF2JWIngCVC4T9LIrDSnBaklrTBcytM=
x-amz-meta-s3cmd-attrs: md5:97a23c5e27826ee4bed1dbcfe0601da8
x-amz-request-id: C8A0N4S7KE12CYZQ
cf-cache-status: HIT
age: 1707272
expires: Mon, 06 Mar 2023 15:42:03 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=s8SvMivIwzG7W4hYplXa22CgEc%2FzzJvKdi7ulpVQKR4Zts8AGHU1Iqj7Cx9a5euLMPTjFumNHWS0%2BY9xE1NkOJXUH8m0iXsscrxvWMIRg65oA9yOZ3m75v5bBpVfLSMcn8kACcSmeKbgdyxBfv7Pag%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
set-cookie: _cfuvid=nEn5G7s.pJDSdqhfy63XX1jt.aDKCqswI2uhIPQ_A7E-1675525323151-0-604800000; path=/; domain=.highwebmedia.com; HttpOnly; Secure; SameSite=None
server: cloudflare
cf-ray: 794483959cf6b517-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
static-assets.highwebmedia.com/cachebust/theatermode-react-9c25f3c712289443f537.js
104.16.93.42200 OK 0 B URL HTTP/2 static-assets.highwebmedia.com/cachebust/theatermode-react-9c25f3c712289443f537.js
IP 104.16.93.42:0
GET /cachebust/theatermode-react-9c25f3c712289443f537.js HTTP/1.1
Host: static-assets.highwebmedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://chaturbate.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sat, 04 Feb 2023 15:42:03 GMT
content-type: application/javascript
cache-control: public, max-age=2592000
cf-bgj: minify
cf-polished: origSize=22445
etag: W/"a022f421e8330e6c732c0ff5438b381a"
last-modified: Fri, 03 Feb 2023 01:47:49 GMT
x-amz-id-2: xWRR2vtFb8xbSVoYrACCi1T5xYOHXkVe9ehWQt/i7rpia44F2OltYQ/FM9MgNZxiqtoZgN/SqfM=
x-amz-meta-s3cmd-attrs: md5:a022f421e8330e6c732c0ff5438b381a
x-amz-request-id: 8ZDXVHQC8N1WHESZ
cf-cache-status: HIT
age: 136294
expires: Mon, 06 Mar 2023 15:42:03 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=H308DB%2FUyCZ78yQ1KfeuDt0iqytVdPYk8lJWeUzNJKtfVALhQqhwEKpyvY2u97%2F2OWztZGHYcNLwOaw731EmQq36BdnSKGMq8pxjaC9JMVZdIszWXdvCOX6isgDZa4drvSgdGpYk5kvfy5Idl7HKUg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
set-cookie: _cfuvid=TeYal8NLVcrItIUDJhjU1teBt7H2ZsZNwiHeNtrxhSs-1675525323146-0-604800000; path=/; domain=.highwebmedia.com; HttpOnly; Secure; SameSite=None
server: cloudflare
cf-ray: 794483959cfdb517-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
xfantazy.com/video/62ec725f33a7ea06001346ec
172.64.143.8200 OK 0 B URL HTTP/2 xfantazy.com/video/62ec725f33a7ea06001346ec
IP 172.64.143.8:0
GET /video/62ec725f33a7ea06001346ec HTTP/1.1
Host: xfantazy.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/2 200 OK
date: Sat, 04 Feb 2023 15:41:58 GMT
content-type: text/html; charset=utf-8
vary: Origin
set-cookie: visitorId=uoxrgt07mw17pbfjp1sk; Domain=xfantazy.com; Path=/; Expires=Fri, 04 Feb 2033 15:41:57 GMT; HttpOnly
experiment-popup-payment-7=0; Path=/; Expires=Sat, 11 Feb 2023 15:41:57 GMT
experiment-save-to-button-2=0; Path=/; Expires=Sat, 11 Feb 2023 15:41:57 GMT
x-powered-by: Next.js
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=lEIFsc%2F1ZD6fO5w6mDW22xEKh4Ibo8VcrAtIurGIMcp536Lo%2B9Hf8E3stW1OdERJSZAH7Fhex0MDDsvUhVOSVOeXW7SRgiseFpGMUW5jhtGNf84yJqxB4I2nIL93q4I%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7944837168618883-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
a.naturalhealthsource.club/zRdVuw7.js
135.181.208.216200 OK 0 B URL HTTP/2 a.naturalhealthsource.club/zRdVuw7.js
IP 135.181.208.216:0
ASN #24940 Hetzner Online GmbH
Analyzer Verdict Alert fortinet Malware
GET /zRdVuw7.js HTTP/1.1
Host: a.naturalhealthsource.club
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Sat, 04 Feb 2023 15:41:59 GMT
content-type: application/javascript
last-modified: Thu, 02 Feb 2023 11:45:01 GMT
etag: W/"63dba23d-2a581"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000, public
vary: Accept-Encoding, Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 0d795eafd076030e534112fa223d138a.cloudfront.net (CloudFront)
x-amz-cf-pop: ARN54-C1
alt-svc: h3=":443"; ma=86400
x-amz-cf-id: SrI2BRjABKWOdt7VqFs61W-EHPLn6wYJvjf4JPAUBOfirt5z5wnQ5g==
age: 193
x-frame-options: DENY
x-content-type-options: nosniff
content-encoding: gzip
X-Firefox-Spdy: h2
mc.yandex.ru/watch/49415098?wmode=7&page-url=https%3A%2F%2Fxfantazy.com%2Fvideo%2F62ec725f33a7ea06001346ec&charset=utf-8&browser-info=pv%3A1%3Avf%3A14qzoz81s4a176hik6jd9j%3Afp%3A1571%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A960%3Acn%3A1%3Adp%3A0%3Als%3A865198999680%3Ahid%3A172071718%3Az%3A0%3Ai%3A20230204154235%3Aet%3A1675525356%3Ac%3A1%3Arn%3A232961558%3Arqn%3A1%3Au%3A1675525356919022230%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ads%3A3%2C148%2C775%2C0%2C259%2C0%2C%2C213%2C8%2C%2C%2C%2C1594%3Aco%3A0%3Ans%3A1675525353069%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1675525356%3At%3ANishimoto%20Meisa%20STARS-575%20Height%20Difference%2040%20Cm!%20!!%20My%20Favorite%20Big%20Guys%20Are%20Appearing%20One%20After%20Another!%20Insert%20Immediately!%20Gulliver%20Sex%20For%207%20Hours%20In%20The%20Middle%20Of%20The%20Day!%20The%20First%206%20Pages%20...%20...%20-%20XFantazy.com&t=gdpr(14)clc(0-0-0)rqnt(1)aw(1)fip(1)ti(2)
87.250.250.119302 Found 0 B URL HTTP/2 mc.yandex.ru/watch/49415098?wmode=7&page-url=https%3A%2F%2Fxfantazy.com%2Fvideo%2F62ec725f33a7ea06001346ec&charset=utf-8&browser-info=pv%3A1%3Avf%3A14qzoz81s4a176hik6jd9j%3Afp%3A1571%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A960%3Acn%3A1%3Adp%3A0%3Als%3A865198999680%3Ahid%3A172071718%3Az%3A0%3Ai%3A20230204154235%3Aet%3A1675525356%3Ac%3A1%3Arn%3A232961558%3Arqn%3A1%3Au%3A1675525356919022230%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ads%3A3%2C148%2C775%2C0%2C259%2C0%2C%2C213%2C8%2C%2C%2C%2C1594%3Aco%3A0%3Ans%3A1675525353069%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1675525356%3At%3ANishimoto%20Meisa%20STARS-575%20Height%20Difference%2040%20Cm!%20!!%20My%20Favorite%20Big%20Guys%20Are%20Appearing%20One%20After%20Another!%20Insert%20Immediately!%20Gulliver%20Sex%20For%207%20Hours%20In%20The%20Middle%20Of%20The%20Day!%20The%20First%206%20Pages%20...%20...%20-%20XFantazy.com&t=gdpr(14)clc(0-0-0)rqnt(1)aw(1)fip(1)ti(2)
IP 87.250.250.119:0
GET /watch/49415098?wmode=7&page-url=https%3A%2F%2Fxfantazy.com%2Fvideo%2F62ec725f33a7ea06001346ec&charset=utf-8&browser-info=pv%3A1%3Avf%3A14qzoz81s4a176hik6jd9j%3Afp%3A1571%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A960%3Acn%3A1%3Adp%3A0%3Als%3A865198999680%3Ahid%3A172071718%3Az%3A0%3Ai%3A20230204154235%3Aet%3A1675525356%3Ac%3A1%3Arn%3A232961558%3Arqn%3A1%3Au%3A1675525356919022230%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ads%3A3%2C148%2C775%2C0%2C259%2C0%2C%2C213%2C8%2C%2C%2C%2C1594%3Aco%3A0%3Ans%3A1675525353069%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1675525356%3At%3ANishimoto%20Meisa%20STARS-575%20Height%20Difference%2040%20Cm!%20!!%20My%20Favorite%20Big%20Guys%20Are%20Appearing%20One%20After%20Another!%20Insert%20Immediately!%20Gulliver%20Sex%20For%207%20Hours%20In%20The%20Middle%20Of%20The%20Day!%20The%20First%206%20Pages%20...%20...%20-%20XFantazy.com&t=gdpr(14)clc(0-0-0)rqnt(1)aw(1)fip(1)ti(2) HTTP/1.1
Host: mc.yandex.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://xfantazy.com
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
location: /watch/49415098/1?wmode=7&page-url=https%3A%2F%2Fxfantazy.com%2Fvideo%2F62ec725f33a7ea06001346ec&charset=utf-8&browser-info=pv%3A1%3Avf%3A14qzoz81s4a176hik6jd9j%3Afp%3A1571%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A960%3Acn%3A1%3Adp%3A0%3Als%3A865198999680%3Ahid%3A172071718%3Az%3A0%3Ai%3A20230204154235%3Aet%3A1675525356%3Ac%3A1%3Arn%3A232961558%3Arqn%3A1%3Au%3A1675525356919022230%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ads%3A3%2C148%2C775%2C0%2C259%2C0%2C%2C213%2C8%2C%2C%2C%2C1594%3Aco%3A0%3Ans%3A1675525353069%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1675525356%3At%3ANishimoto%20Meisa%20STARS-575%20Height%20Difference%2040%20Cm%21%20%21%21%20My%20Favorite%20Big%20Guys%20Are%20Appearing%20One%20After%20Another%21%20Insert%20Immediately%21%20Gulliver%20Sex%20For%207%20Hours%20In%20The%20Middle%20Of%20The%20Day%21%20The%20First%206%20Pages%20...%20...%20-%20XFantazy.com&t=gdpr%2814%29clc%280-0-0%29rqnt%281%29aw%281%29fip%281%29ti%282%29
date: Sat, 04 Feb 2023 15:41:59 GMT
access-control-allow-origin: https://xfantazy.com
set-cookie: yabs-sid=2296831181675525319; Path=/; SameSite=None; Secure
i=m9hwkiOuK9fm5oL55/DPMpoF2pgF6p5/WIPlwmLFpEqhSaKvddzxCRkisSWekuVkxZIoehpaUT4v/TXFnXrW181g5Ek=; Expires=Tue, 01-Feb-2033 15:41:58 GMT; Domain=.yandex.ru; Path=/; Secure; HttpOnly; SameSite=None
yandexuid=9674284691675525319; Expires=Sun, 04-Feb-2024 15:41:59 GMT; Domain=.yandex.ru; Path=/; SameSite=None; Secure
yuidss=9674284691675525319; Expires=Sun, 04-Feb-2024 15:41:59 GMT; Domain=.yandex.ru; Path=/; SameSite=None; Secure
ymex=1707061319.yc.1675525319#1707061319.yrts.1675525319#1707061319.yrtsi.1675525319; Expires=Sun, 04-Feb-2024 15:41:59 GMT; Domain=.yandex.ru; Path=/; SameSite=None; Secure
access-control-allow-credentials: true
pragma: no-cache
x-xss-protection: 1; mode=block
expires: Sat, 04-Feb-2023 15:41:59 GMT
last-modified: Sat, 04-Feb-2023 15:41:59 GMT
accept-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
pogothere.xyz/
172.67.139.155200 OK 0 B IP 172.67.139.155:0
Analyzer Verdict Alert quad9 Sinkholed
GET / HTTP/1.1
Host: pogothere.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://xfantazy.com/
Origin: https://xfantazy.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 04 Feb 2023 15:42:01 GMT
content-type: text/plain
set-cookie: csu=937466359841930@1@1675525321; Max-Age=31104000; Secure; SameSite=None
access-control-allow-origin: https://xfantazy.com
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-headers: X-Requested-With, content-type
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2FW%2F3vlA2wsQbNUHFlFKsSw8xpVrIhWMyfzLmz9%2FuiYtKfeS9F%2BHTP%2BEU0hR8%2FcH7aFiBrADjOWN3EASDngYcCpYue%2B40fqm82rHksomulsu8mxQYjbCbdpbLiNmUGljM"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7944838898fab503-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
a.naturalhealthsource.club/api/spots/420555?p=1&s1=%subid1%&kw=
135.181.208.216200 OK 0 B URL HTTP/2 a.naturalhealthsource.club/api/spots/420555?p=1&s1=%subid1%&kw=
IP 135.181.208.216:0
ASN #24940 Hetzner Online GmbH
GET /api/spots/420555?p=1&s1=%subid1%&kw= HTTP/1.1
Host: a.naturalhealthsource.club
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 04 Feb 2023 15:42:01 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
set-cookie: nauid=gQnUnVRLddgTt2VTgE9Q; Path=/; Expires=Wed, 11 Nov 2037 11:11:11 GMT; Secure; SameSite=None
cache-control: private
content-encoding: gzip
X-Firefox-Spdy: h2
static-assets.highwebmedia.com/CACHE/js/output.9b823bb2f723.js
104.16.93.42200 OK 0 B URL HTTP/2 static-assets.highwebmedia.com/CACHE/js/output.9b823bb2f723.js
IP 104.16.93.42:0
GET /CACHE/js/output.9b823bb2f723.js HTTP/1.1
Host: static-assets.highwebmedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://chaturbate.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sat, 04 Feb 2023 15:42:03 GMT
content-type: application/javascript
cache-control: public, max-age=2592000
cf-bgj: minify
etag: W/"1360376b8f5657814f662391b765d655"
last-modified: Tue, 24 May 2022 17:14:17 GMT
x-amz-id-2: KTWJY/HCZAzfCN7zvoTtoCRDkjCDtsx43npe+RSp0Ebo2HF6WHgess4Ct9QL7Zi8XExzaRuhmCw=
x-amz-meta-s3cmd-attrs: md5:1360376b8f5657814f662391b765d655
x-amz-request-id: M1HHWCFNA8C6CV81
cf-cache-status: HIT
age: 230893
expires: Mon, 06 Mar 2023 15:42:03 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=LBeYCpP0QeJiezyKuZm%2BUiC7HPufuyuYlNJEr5CMtF4eke%2BdEHz%2FMHn%2B%2BHyuaPc%2FQqwyWTidQj10Hp0vBmuX54ChqbzL1bCSKVESnTK5lZeGPYYWCxdYkjkvt0VSF4etXNaWg7gLOcCodjH5fBxRqQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
set-cookie: _cfuvid=zFBSDGXa_9i3jOhbvnP0AvZnrVds7gPMHJgkn.dimLQ-1675525323145-0-604800000; path=/; domain=.highwebmedia.com; HttpOnly; Secure; SameSite=None
server: cloudflare
cf-ray: 794483959cf5b517-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
cdn.creative-bars1.com/sb/chat/mob/ssp/v2/new/3/css/animate.css
172.64.167.9200 OK 0 B URL HTTP/2 cdn.creative-bars1.com/sb/chat/mob/ssp/v2/new/3/css/animate.css
IP 172.64.167.9:0
GET /sb/chat/mob/ssp/v2/new/3/css/animate.css HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://xfantazy.com
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 04 Feb 2023 15:42:01 GMT
content-type: text/css
last-modified: Wed, 13 Jul 2022 12:13:56 GMT
etag: W/"62ceb704-135d1"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 5306927
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=4ONjdTVGSOxYW2WpfiipfP2e2NklogTnXDXaEhtZVkv%2Bnk0jnK1qZdPtJBu4yDvntWGxCp1ttHYClP2qk%2FuABfV9owScvQiOZYLyNIC4qM7imqGSAGoeYR3h4k9qcC13WcObCkF7TSjC"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7944838bdab42502-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
cams.gratis/banner/300x250.php?site=xfanta
172.64.165.31200 OK 0 B URL HTTP/2 cams.gratis/banner/300x250.php?site=xfanta
IP 172.64.165.31:0
GET /banner/300x250.php?site=xfanta HTTP/1.1
Host: cams.gratis
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ads.adxadserv.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 04 Feb 2023 15:42:02 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding,User-Agent
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=FKK2ZNcuHibwubboOuwUM9jVyUoP5z7iZnk7b3xEBJPHtHHhTYPZw7xPOXDkW09yQtM22IVEREIZovFBRs8w2JhhBEQoKnX5JZH0aeT7rlMe6lSRjFFDg6V6iVlC5g%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 79448390d935730f-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
a.naturalhealthsource.club/api/spots/382499?host=xfantazy.com&ev=204&wh=939&ww=1280&uuid=
135.181.208.216200 OK 0 B URL HTTP/2 a.naturalhealthsource.club/api/spots/382499?host=xfantazy.com&ev=204&wh=939&ww=1280&uuid=
IP 135.181.208.216:0
ASN #24940 Hetzner Online GmbH
GET /api/spots/382499?host=xfantazy.com&ev=204&wh=939&ww=1280&uuid= HTTP/1.1
Host: a.naturalhealthsource.club
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Cookie: nauid=3z7YphwPmNU0PJkOkmmT
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 04 Feb 2023 15:42:01 GMT
content-type: text/javascript; charset=utf-8
vary: Accept-Encoding
cache-control: private
content-encoding: gzip
X-Firefox-Spdy: h2
static-assets.highwebmedia.com/CACHE/js/output.97a5db11ca63.js
104.16.93.42200 OK 0 B URL HTTP/2 static-assets.highwebmedia.com/CACHE/js/output.97a5db11ca63.js
IP 104.16.93.42:0
GET /CACHE/js/output.97a5db11ca63.js HTTP/1.1
Host: static-assets.highwebmedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://chaturbate.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sat, 04 Feb 2023 15:42:03 GMT
content-type: application/javascript
cache-control: public, max-age=2592000
cf-bgj: minify
cf-polished: origSize=827275
etag: W/"692ec922d2a39b4037073f70286968b3"
last-modified: Fri, 13 May 2022 09:09:46 GMT
x-amz-id-2: cm1wH1tB3VPUytbB+ZVpHkw/m3SedhP243fBi2a1vig2wRGFAOdRFt9NQ1zfS8O0H/B731DXlN8=
x-amz-meta-s3cmd-attrs: md5:692ec922d2a39b4037073f70286968b3
x-amz-request-id: 932N29A1CDHYXHRM
cf-cache-status: HIT
age: 1421786
expires: Mon, 06 Mar 2023 15:42:03 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=VyGIQT%2BGkNJx6de96sZBmpvSPNy%2FgpvjW8y8d8GC3kbwnOnbpyHtdzXdsiKzapiF%2Fnbx5J1uMpk90bNBLosU6O4m7Obh7AZVAYOdYJi0U7IhfXKpuQXrOb1I50g2IP%2B2KyGNXGjwdWZ%2Blq5MaA0fyw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
set-cookie: _cfuvid=CuLLICAIefUqy1OVzhbQrlGgz4t2jSx34w88jT7OkF4-1675525323150-0-604800000; path=/; domain=.highwebmedia.com; HttpOnly; Secure; SameSite=None
server: cloudflare
cf-ray: 794483959cf7b517-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
a.naturalhealthsource.club/api/spots/406857?host=xfantazy.com&ev=204&wh=939&ww=1280&uuid=
135.181.208.216200 OK 0 B URL HTTP/2 a.naturalhealthsource.club/api/spots/406857?host=xfantazy.com&ev=204&wh=939&ww=1280&uuid=
IP 135.181.208.216:0
ASN #24940 Hetzner Online GmbH
GET /api/spots/406857?host=xfantazy.com&ev=204&wh=939&ww=1280&uuid= HTTP/1.1
Host: a.naturalhealthsource.club
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Cookie: nauid=3z7YphwPmNU0PJkOkmmT
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 04 Feb 2023 15:42:01 GMT
content-type: text/javascript; charset=utf-8
vary: Accept-Encoding
cache-control: private
content-encoding: gzip
X-Firefox-Spdy: h2
cdn.creative-bars1.com/sb/chat/mob/ssp/v2/new/3/css/style.css
172.64.167.9200 OK 0 B URL HTTP/2 cdn.creative-bars1.com/sb/chat/mob/ssp/v2/new/3/css/style.css
IP 172.64.167.9:0
GET /sb/chat/mob/ssp/v2/new/3/css/style.css HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://xfantazy.com
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 04 Feb 2023 15:42:01 GMT
content-type: text/css
last-modified: Wed, 13 Jul 2022 12:13:55 GMT
etag: W/"62ceb703-1229"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 5306927
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=xocB8pj00pv5W6%2B3gTEKuq%2FHacHujNPG1oVWEjjCi1f6TulCFduwJwKUckflyQjSm7A7t5ue8egVSN1YUfgWVDwwH5467xwrhR5oKrgdctwTIkhQfjw1bxobmY9qx4LSScCe7VhPPLn9"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7944838bba7e2502-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
www.facebook.com/login.php?next=https%3A%2F%2Fwww.facebook.com%2Ffavicon.ico%3F_rdr%3Dp
157.240.205.35200 OK 0 B URL HTTP/2 www.facebook.com/login.php?next=https%3A%2F%2Fwww.facebook.com%2Ffavicon.ico%3F_rdr%3Dp
IP 157.240.205.35:0
GET /login.php?next=https%3A%2F%2Fwww.facebook.com%2Ffavicon.ico%3F_rdr%3Dp HTTP/1.1
Host: www.facebook.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-encoding: br
pragma: no-cache
cache-control: private, no-cache, no-store, must-revalidate
expires: Sat, 01 Jan 2000 00:00:00 GMT
content-security-policy: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net 'unsafe-eval';script-src *.facebook.com *.fbcdn.net 'unsafe-inline' blob: data: 'self' 'unsafe-eval';style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* wss://*.fbcdn.net attachment.fbsbx.com blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ *.fbsbx.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster: *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: *.fbcdn.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
report-to: {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}, {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown"}]}
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
x-frame-options: DENY
x-content-type-options: nosniff
x-xss-protection: 0
cross-origin-opener-policy: same-origin-allow-popups
vary: Sec-Fetch-Site, Sec-Fetch-Mode, Accept-Encoding
strict-transport-security: max-age=15552000; preload
content-type: text/html; charset="utf-8"
x-fb-debug: 3rkduzA2jmr7r79lgGI4z4zLEc+pRHPHUZB+lgl3AMrAbyqh74JtHb6veYqQ0eiqqZMjL7g1WFgCUIdLAdw9cw==
date: Sat, 04 Feb 2023 15:42:01 GMT
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
a.naturalhealthsource.club/api/spots/303891?p=1&s1=%subid1%&kw=
135.181.208.216200 OK 0 B URL HTTP/2 a.naturalhealthsource.club/api/spots/303891?p=1&s1=%subid1%&kw=
IP 135.181.208.216:0
ASN #24940 Hetzner Online GmbH
GET /api/spots/303891?p=1&s1=%subid1%&kw= HTTP/1.1
Host: a.naturalhealthsource.club
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 04 Feb 2023 15:42:01 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
set-cookie: nauid=Ytuza8CVJ1EkehxmI9BC; Path=/; Expires=Wed, 11 Nov 2037 11:11:11 GMT; Secure; SameSite=None
cache-control: private
content-encoding: gzip
X-Firefox-Spdy: h2
a.naturalhealthsource.club/api/spots/303894?p=1&s1=%subid1%&kw=
135.181.208.216200 OK 0 B URL HTTP/2 a.naturalhealthsource.club/api/spots/303894?p=1&s1=%subid1%&kw=
IP 135.181.208.216:0
ASN #24940 Hetzner Online GmbH
GET /api/spots/303894?p=1&s1=%subid1%&kw= HTTP/1.1
Host: a.naturalhealthsource.club
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Cookie: nauid=3z7YphwPmNU0PJkOkmmT
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 04 Feb 2023 15:42:01 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
cache-control: private
content-encoding: gzip
X-Firefox-Spdy: h2
static-assets.highwebmedia.com/CACHE/css/output.29f74a450c49.css
104.16.93.42200 OK 0 B URL HTTP/2 static-assets.highwebmedia.com/CACHE/css/output.29f74a450c49.css
IP 104.16.93.42:0
GET /CACHE/css/output.29f74a450c49.css HTTP/1.1
Host: static-assets.highwebmedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://chaturbate.com/
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sat, 04 Feb 2023 15:42:03 GMT
content-type: text/css
cache-control: public, max-age=2592000
cf-bgj: minify
cf-polished: origSize=84251
etag: W/"c4257273e8b956906fe269270c4fde24"
last-modified: Thu, 05 Jan 2023 22:05:58 GMT
x-amz-id-2: D8WOWKPKquhJPAFj8yuxA65mNAg71O5xCPtsQdBR1GlJW3MSAcFWJxjm8ayXigzuRUGytDtPXRo=
x-amz-meta-s3cmd-attrs: md5:c4257273e8b956906fe269270c4fde24
x-amz-request-id: 5TEV2W7QVDF279A9
cf-cache-status: HIT
age: 2568824
expires: Mon, 06 Mar 2023 15:42:03 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=chOIrvxKhV3nLMuZao9G5nby6PKlaWdPHntWMyr%2FaVvLijENr0Xvl1zDl6C4qDWz5DfeRJIFGyu0p0Qq24Bfg0b%2F16mZy7TWgLgZcwuQlRrUVb%2FOGE50zcuZdqe%2BEri87%2BDAGf%2FL%2FqgT8mwSJsGoyA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
set-cookie: _cfuvid=dA0U6asZ6RHsP6Br7ebbRtyo7TSzSLLgo.FmZcwFk5Q-1675525323147-0-604800000; path=/; domain=.highwebmedia.com; HttpOnly; Secure; SameSite=None
server: cloudflare
cf-ray: 794483959cf1b517-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
static-assets.highwebmedia.com/CACHE/js/output.90a7a6687776.js
104.16.93.42200 OK 0 B URL HTTP/2 static-assets.highwebmedia.com/CACHE/js/output.90a7a6687776.js
IP 104.16.93.42:0
GET /CACHE/js/output.90a7a6687776.js HTTP/1.1
Host: static-assets.highwebmedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://chaturbate.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sat, 04 Feb 2023 15:42:03 GMT
content-type: application/javascript
cache-control: public, max-age=2592000
cf-bgj: minify
etag: W/"eba6018c1d2ab593c234e5750506e38a"
last-modified: Mon, 17 Oct 2022 21:37:31 GMT
x-amz-id-2: MuRi9INFlyZ8s0MfpOqtyosRRye3EDr/cdpWTRrQUKKo6PNFSGfohJwm10zs48bLswjVhUc8b0Z/eZ9oVm3U4Q==
x-amz-meta-s3cmd-attrs: md5:eba6018c1d2ab593c234e5750506e38a
x-amz-request-id: VR1ABN9AAN3FB4KK
cf-cache-status: HIT
age: 1706521
expires: Mon, 06 Mar 2023 15:42:03 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Elie9YxislXYzcSa6OBHxaDlVWYvEU%2FvPRjOLMjJS7oq9iDCI5vxPNFiOWZu%2BzZolP%2FSk15JBFasaX07FDk%2FO0Fy0isTa3hqrBtBYKxXUaBM7sZCTggYChdzrkjTt91Yhd3mUFwLZpi8KUE6db%2FO0Q%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
set-cookie: _cfuvid=TeYal8NLVcrItIUDJhjU1teBt7H2ZsZNwiHeNtrxhSs-1675525323146-0-604800000; path=/; domain=.highwebmedia.com; HttpOnly; Secure; SameSite=None
server: cloudflare
cf-ray: 794483959cf8b517-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
xfantazy.com/_next/static/chunks/9.be198c87e436634bf765.js
172.64.143.8200 OK 0 B URL HTTP/2 xfantazy.com/_next/static/chunks/9.be198c87e436634bf765.js
IP 172.64.143.8:0
GET /_next/static/chunks/9.be198c87e436634bf765.js HTTP/1.1
Host: xfantazy.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/video/62ec725f33a7ea06001346ec
Cookie: visitorId=uoxrgt07mw17pbfjp1sk; experiment-popup-payment-7=0; experiment-save-to-button-2=0
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sat, 04 Feb 2023 15:41:58 GMT
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=31536000, immutable
cf-bgj: minify
etag: W/"9c95-185ecc5d3f1"
last-modified: Thu, 26 Jan 2023 06:31:05 GMT
vary: Origin, Accept-Encoding
cf-cache-status: HIT
age: 778801
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=AX5edOwuT2Em9OtRTut5%2FEc7z3W41tRUTq1S0WVPoD72hmFNixGrqJLGNr6vk2FVSm1oZdlUHRUvifDGWCc9DEmxXs8mCZ7Tm11q1tighEfWuJ%2FsykKRJQ2ZOLucNeY%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 79448376d8de8883-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
realtime.pa.highwebmedia.com/comet/connect?access_token=eyJhbGciOiJIUzI1NiIsImtpZCI6IktTS3cyZy5MMzZJU2ciLCJ0eXAiOiJKV1QifQ.eyJpYXQiOjE2NzU1MjUzMjQsImV4cCI6MTY3NTYxMTcyNC4wLCJ4LWFibHktY2FwYWJpbGl0eSI6IntcInJvb206dGlwX2FsZXJ0OlJTUTdaRExcIjogW1wic3Vic2NyaWJlXCJdLCBcInJvb206cHVyY2hhc2U6UlNRN1pETFwiOiBbXCJzdWJzY3JpYmVcIl0sIFwicm9vbTpmYW5jbHViOlJTUTdaRExcIjogW1wic3Vic2NyaWJlXCJdLCBcInJvb206bWVzc2FnZTpSU1E3WkRMOjRcIjogW1wic3Vic2NyaWJlXCJdLCBcImdsb2JhbDpwdXNoX3NlcnZpY2VcIjogW1wic3Vic2NyaWJlXCJdLCBcInJvb21fYW5vbjpwcmVzZW5jZTpSU1E3WkRMOjRcIjogW1wic3Vic2NyaWJlXCJdLCBcInJvb206cXVhbGl0eV91cGRhdGU6UlNRN1pETFwiOiBbXCJzdWJzY3JpYmVcIl0sIFwicm9vbTpub3RpY2U6UlNRN1pETFwiOiBbXCJzdWJzY3JpYmVcIl0sIFwicm9vbTplbnRlcl9sZWF2ZTpSU1E3WkRMXCI6IFtcInN1YnNjcmliZVwiXSwgXCJyb29tOnBhc3N3b3JkX3Byb3RlY3RlZDpSU1E3WkRMOjRcIjogW1wic3Vic2NyaWJlXCJdLCBcInJvb206bW9kX3Byb21vdGVkOlJTUTdaRExcIjogW1wic3Vic2NyaWJlXCJdLCBcInJvb206bW9kX3Jldm9rZWQ6UlNRN1pETFwiOiBbXCJzdWJzY3JpYmVcIl0sIFwicm9vbTpzdGF0dXM6UlNRN1pETDo0XCI6IFtcInN1YnNjcmliZVwiXSwgXCJyb29tOnRpdGxlX2NoYW5nZTpSU1E3WkRMXCI6IFtcInN1YnNjcmliZVwiXSwgXCJyb29tOnNpbGVuY2U6UlNRN1pETFwiOiBbXCJzdWJzY3JpYmVcIl0sIFwicm9vbTpraWNrOlJTUTdaRExcIjogW1wic3Vic2NyaWJlXCJdLCBcInJvb206dXBkYXRlOlJTUTdaRExcIjogW1wic3Vic2NyaWJlXCJdLCBcInJvb206c2V0dGluZ3M6UlNRN1pETFwiOiBbXCJzdWJzY3JpYmVcIl19IiwieC1hYmx5LWNsaWVudElkIjoiYW5vbjY3MWIzZTM1LTIzZjAtNGUzYi05OTAzLThlZTAyZDU0M2EwOSJ9.kKYBOPEf4fg3rSrDLXaIqSJ6QxZtnmBYvYTBadn2iw4&upgrade=e91-P9cogBL0Ky!QWKJfQnTS9DkKfhf-31d2b&heartbeats=true&v=1.2&agent=ably-js%2F1.2.13%20browser&remainPresentFor=0&rnd=3072572538280943
54.230.111.129200 OK 0 B URL HTTP/2 realtime.pa.highwebmedia.com/comet/connect?access_token=eyJhbGciOiJIUzI1NiIsImtpZCI6IktTS3cyZy5MMzZJU2ciLCJ0eXAiOiJKV1QifQ.eyJpYXQiOjE2NzU1MjUzMjQsImV4cCI6MTY3NTYxMTcyNC4wLCJ4LWFibHktY2FwYWJpbGl0eSI6IntcInJvb206dGlwX2FsZXJ0OlJTUTdaRExcIjogW1wic3Vic2NyaWJlXCJdLCBcInJvb206cHVyY2hhc2U6UlNRN1pETFwiOiBbXCJzdWJzY3JpYmVcIl0sIFwicm9vbTpmYW5jbHViOlJTUTdaRExcIjogW1wic3Vic2NyaWJlXCJdLCBcInJvb206bWVzc2FnZTpSU1E3WkRMOjRcIjogW1wic3Vic2NyaWJlXCJdLCBcImdsb2JhbDpwdXNoX3NlcnZpY2VcIjogW1wic3Vic2NyaWJlXCJdLCBcInJvb21fYW5vbjpwcmVzZW5jZTpSU1E3WkRMOjRcIjogW1wic3Vic2NyaWJlXCJdLCBcInJvb206cXVhbGl0eV91cGRhdGU6UlNRN1pETFwiOiBbXCJzdWJzY3JpYmVcIl0sIFwicm9vbTpub3RpY2U6UlNRN1pETFwiOiBbXCJzdWJzY3JpYmVcIl0sIFwicm9vbTplbnRlcl9sZWF2ZTpSU1E3WkRMXCI6IFtcInN1YnNjcmliZVwiXSwgXCJyb29tOnBhc3N3b3JkX3Byb3RlY3RlZDpSU1E3WkRMOjRcIjogW1wic3Vic2NyaWJlXCJdLCBcInJvb206bW9kX3Byb21vdGVkOlJTUTdaRExcIjogW1wic3Vic2NyaWJlXCJdLCBcInJvb206bW9kX3Jldm9rZWQ6UlNRN1pETFwiOiBbXCJzdWJzY3JpYmVcIl0sIFwicm9vbTpzdGF0dXM6UlNRN1pETDo0XCI6IFtcInN1YnNjcmliZVwiXSwgXCJyb29tOnRpdGxlX2NoYW5nZTpSU1E3WkRMXCI6IFtcInN1YnNjcmliZVwiXSwgXCJyb29tOnNpbGVuY2U6UlNRN1pETFwiOiBbXCJzdWJzY3JpYmVcIl0sIFwicm9vbTpraWNrOlJTUTdaRExcIjogW1wic3Vic2NyaWJlXCJdLCBcInJvb206dXBkYXRlOlJTUTdaRExcIjogW1wic3Vic2NyaWJlXCJdLCBcInJvb206c2V0dGluZ3M6UlNRN1pETFwiOiBbXCJzdWJzY3JpYmVcIl19IiwieC1hYmx5LWNsaWVudElkIjoiYW5vbjY3MWIzZTM1LTIzZjAtNGUzYi05OTAzLThlZTAyZDU0M2EwOSJ9.kKYBOPEf4fg3rSrDLXaIqSJ6QxZtnmBYvYTBadn2iw4&upgrade=e91-P9cogBL0Ky!QWKJfQnTS9DkKfhf-31d2b&heartbeats=true&v=1.2&agent=ably-js%2F1.2.13%20browser&remainPresentFor=0&rnd=3072572538280943
IP 54.230.111.129:0
GET /comet/connect?access_token=eyJhbGciOiJIUzI1NiIsImtpZCI6IktTS3cyZy5MMzZJU2ciLCJ0eXAiOiJKV1QifQ.eyJpYXQiOjE2NzU1MjUzMjQsImV4cCI6MTY3NTYxMTcyNC4wLCJ4LWFibHktY2FwYWJpbGl0eSI6IntcInJvb206dGlwX2FsZXJ0OlJTUTdaRExcIjogW1wic3Vic2NyaWJlXCJdLCBcInJvb206cHVyY2hhc2U6UlNRN1pETFwiOiBbXCJzdWJzY3JpYmVcIl0sIFwicm9vbTpmYW5jbHViOlJTUTdaRExcIjogW1wic3Vic2NyaWJlXCJdLCBcInJvb206bWVzc2FnZTpSU1E3WkRMOjRcIjogW1wic3Vic2NyaWJlXCJdLCBcImdsb2JhbDpwdXNoX3NlcnZpY2VcIjogW1wic3Vic2NyaWJlXCJdLCBcInJvb21fYW5vbjpwcmVzZW5jZTpSU1E3WkRMOjRcIjogW1wic3Vic2NyaWJlXCJdLCBcInJvb206cXVhbGl0eV91cGRhdGU6UlNRN1pETFwiOiBbXCJzdWJzY3JpYmVcIl0sIFwicm9vbTpub3RpY2U6UlNRN1pETFwiOiBbXCJzdWJzY3JpYmVcIl0sIFwicm9vbTplbnRlcl9sZWF2ZTpSU1E3WkRMXCI6IFtcInN1YnNjcmliZVwiXSwgXCJyb29tOnBhc3N3b3JkX3Byb3RlY3RlZDpSU1E3WkRMOjRcIjogW1wic3Vic2NyaWJlXCJdLCBcInJvb206bW9kX3Byb21vdGVkOlJTUTdaRExcIjogW1wic3Vic2NyaWJlXCJdLCBcInJvb206bW9kX3Jldm9rZWQ6UlNRN1pETFwiOiBbXCJzdWJzY3JpYmVcIl0sIFwicm9vbTpzdGF0dXM6UlNRN1pETDo0XCI6IFtcInN1YnNjcmliZVwiXSwgXCJyb29tOnRpdGxlX2NoYW5nZTpSU1E3WkRMXCI6IFtcInN1YnNjcmliZVwiXSwgXCJyb29tOnNpbGVuY2U6UlNRN1pETFwiOiBbXCJzdWJzY3JpYmVcIl0sIFwicm9vbTpraWNrOlJTUTdaRExcIjogW1wic3Vic2NyaWJlXCJdLCBcInJvb206dXBkYXRlOlJTUTdaRExcIjogW1wic3Vic2NyaWJlXCJdLCBcInJvb206c2V0dGluZ3M6UlNRN1pETFwiOiBbXCJzdWJzY3JpYmVcIl19IiwieC1hYmx5LWNsaWVudElkIjoiYW5vbjY3MWIzZTM1LTIzZjAtNGUzYi05OTAzLThlZTAyZDU0M2EwOSJ9.kKYBOPEf4fg3rSrDLXaIqSJ6QxZtnmBYvYTBadn2iw4&upgrade=e91-P9cogBL0Ky!QWKJfQnTS9DkKfhf-31d2b&heartbeats=true&v=1.2&agent=ably-js%2F1.2.13%20browser&remainPresentFor=0&rnd=3072572538280943 HTTP/1.1
Host: realtime.pa.highwebmedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://chaturbate.com/
Origin: https://chaturbate.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: application/json
access-control-allow-credentials: true
access-control-allow-origin: https://chaturbate.com
access-control-expose-headers: Link,Transfer-Encoding,Content-Length,X-Ably-ErrorCode,X-Ably-ErrorMessage,X-Ably-ServerId,X-Ably-Cluster,Server,X-Amz-Cf-Pop
date: Sat, 04 Feb 2023 15:42:05 GMT
vary: Origin
x-ably-cluster: production:highwebmedia
x-ably-serverid: frontend.a61d.3.eu-central-1-A.i-0ca9174e25d9ea74c.e91-P9cogBL0Ky
x-content-type-options: nosniff
x-robots-tag: noindex
x-cache: Miss from cloudfront
via: 1.1 09ae414c9d6c5323d5147457ada70ec6.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: 3Uv6tWdBJE78c_i4SrP8meTWBsXuJ1DcWKcFNXH4dD6hfp3D6E04gA==
X-Firefox-Spdy: h2
pogothere.xyz/asd100.bin
172.67.139.155200 OK 0 B IP 172.67.139.155:0
Analyzer Verdict Alert quad9 Sinkholed
GET /asd100.bin HTTP/1.1
Host: pogothere.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://xfantazy.com/
Origin: https://xfantazy.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sat, 04 Feb 2023 15:42:01 GMT
content-type: binary/octet-stream
access-control-allow-origin: https://xfantazy.com
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-headers: X-Requested-With, content-type
cache-control: max-age=14400
cf-cache-status: HIT
age: 2316
last-modified: Sat, 04 Feb 2023 15:03:25 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=E4KJdPdQKxexQmcfHs0ckFwA7fL1JCmoKxH9i6w0kUuEymAshMQ73eavfizeHjKKj%2F7fjFFGgtwHZHD%2FIRrOAquhHN6V3xxAz7K28FD%2BSw%2F4Q11fsg8Q239sDSIUvAqV"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7944838888efb503-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
static-assets.highwebmedia.com/cachebust/runtime-react-afb237e8b31275fe8b77.js
104.16.93.42200 OK 0 B URL HTTP/2 static-assets.highwebmedia.com/cachebust/runtime-react-afb237e8b31275fe8b77.js
IP 104.16.93.42:0
GET /cachebust/runtime-react-afb237e8b31275fe8b77.js HTTP/1.1
Host: static-assets.highwebmedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://chaturbate.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sat, 04 Feb 2023 15:42:03 GMT
content-type: application/javascript
cache-control: public, max-age=2592000
cf-bgj: minify
cf-polished: origSize=2562
etag: W/"cf9f6aa238586d52f229a7c69315220c"
last-modified: Fri, 03 Feb 2023 01:47:49 GMT
x-amz-id-2: H+OQOab8jyLazuGfQcb1jQRjUx4B9zVTBWfSw3aGbiSYmTrYEVMTDuafkHv7StkOxiSFsJEDYvQ=
x-amz-meta-s3cmd-attrs: md5:cf9f6aa238586d52f229a7c69315220c
x-amz-request-id: 8ZDGPX65Q0PQ1773
cf-cache-status: HIT
age: 136294
expires: Mon, 06 Mar 2023 15:42:03 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=HwNwS4v89L5VZlgZu%2BxCsnDUteeoRXBSulUb1YSRzmyppipbmRjgzwH1Wb3yRgzFuR2BhWzBb9fpdANRPEiNO3R1WsSOXViRHfTkOqm14toNUM2N4qe4DdxVLbp8y8Jj05Ru5LY0Txsty6H0vuR6xQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
set-cookie: _cfuvid=zFBSDGXa_9i3jOhbvnP0AvZnrVds7gPMHJgkn.dimLQ-1675525323145-0-604800000; path=/; domain=.highwebmedia.com; HttpOnly; Secure; SameSite=None
server: cloudflare
cf-ray: 794483959cf9b517-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
a.naturalhealthsource.club/api/spots/420556?p=1&s1=%subid1%&kw=
135.181.208.216200 OK 0 B URL HTTP/2 a.naturalhealthsource.club/api/spots/420556?p=1&s1=%subid1%&kw=
IP 135.181.208.216:0
ASN #24940 Hetzner Online GmbH
GET /api/spots/420556?p=1&s1=%subid1%&kw= HTTP/1.1
Host: a.naturalhealthsource.club
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 04 Feb 2023 15:42:01 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
set-cookie: nauid=Yo1be9Y4Plnx7f8oJx3K; Path=/; Expires=Wed, 11 Nov 2037 11:11:11 GMT; Secure; SameSite=None
cache-control: private
content-encoding: gzip
X-Firefox-Spdy: h2
a.naturalhealthsource.club/api/spots/391865?host=xfantazy.com&ev=204&wh=939&ww=1280&uuid=
135.181.208.216200 OK 0 B URL HTTP/2 a.naturalhealthsource.club/api/spots/391865?host=xfantazy.com&ev=204&wh=939&ww=1280&uuid=
IP 135.181.208.216:0
ASN #24940 Hetzner Online GmbH
GET /api/spots/391865?host=xfantazy.com&ev=204&wh=939&ww=1280&uuid= HTTP/1.1
Host: a.naturalhealthsource.club
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Cookie: nauid=3z7YphwPmNU0PJkOkmmT
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 04 Feb 2023 15:42:01 GMT
content-type: text/javascript; charset=utf-8
vary: Accept-Encoding
cache-control: private
content-encoding: gzip
X-Firefox-Spdy: h2
static-assets.highwebmedia.com/CACHE/js/output.6f6724a00cb8.js
104.16.93.42200 OK 0 B URL HTTP/2 static-assets.highwebmedia.com/CACHE/js/output.6f6724a00cb8.js
IP 104.16.93.42:0
GET /CACHE/js/output.6f6724a00cb8.js HTTP/1.1
Host: static-assets.highwebmedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://chaturbate.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 04 Feb 2023 15:42:03 GMT
content-type: application/javascript
cache-control: public, max-age=2592000
cf-bgj: minify
etag: W/"a708027bfbbde438a72a93082d4bc4b5"
last-modified: Thu, 24 Jun 2021 21:24:05 GMT
x-amz-id-2: 8ewmTI2jy/M5oxfm1Zo8bv1SqrieGnfrMfmtZmR336jUoc4rRdbotq/wectU+HY8mdvt156QxDvmJAhJfohIWQ==
x-amz-meta-s3cmd-attrs: md5:a708027bfbbde438a72a93082d4bc4b5
x-amz-request-id: CHGKMTPSKZ4AFT0N
cf-cache-status: HIT
age: 1424078
expires: Mon, 06 Mar 2023 15:42:03 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=SroK4gyPMt%2FhAX%2Bxx1Tu4gure7REBrZqu%2B5ixUUCLAMtU9n4dM1AyWtbGj3Um06Y6qv7JmOZKaDUrmck1HSIBN7RqZ3vuVgb6Y3rugkA49ddMkqjHgVYosxD3iXCXoEfiOJgOg%2BYqJ4VGg3vGluMfw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
set-cookie: _cfuvid=zFBSDGXa_9i3jOhbvnP0AvZnrVds7gPMHJgkn.dimLQ-1675525323145-0-604800000; path=/; domain=.highwebmedia.com; HttpOnly; Secure; SameSite=None
server: cloudflare
cf-ray: 794483959ceeb517-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
static-assets.highwebmedia.com/CACHE/js/output.caee332d326d.js
104.16.93.42200 OK 0 B URL HTTP/2 static-assets.highwebmedia.com/CACHE/js/output.caee332d326d.js
IP 104.16.93.42:0
GET /CACHE/js/output.caee332d326d.js HTTP/1.1
Host: static-assets.highwebmedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://chaturbate.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sat, 04 Feb 2023 15:42:03 GMT
content-type: application/javascript
cache-control: public, max-age=2592000
cf-bgj: minify
etag: W/"b61e15511bf0db70d0d422e98c465403"
last-modified: Thu, 24 Jun 2021 21:24:08 GMT
x-amz-id-2: HeoCFEUKzTihPkh1D1dueOkltnCJFjGi5HuYWiCUmgPBwm4469ef2j6fTJmt3Rc9WX3D61SDttc=
x-amz-meta-s3cmd-attrs: md5:b61e15511bf0db70d0d422e98c465403
x-amz-request-id: 75T4PX5CV0NYCRDS
cf-cache-status: HIT
age: 1421785
expires: Mon, 06 Mar 2023 15:42:03 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=IQXmLBMOoDrYPkoRBcxnVrPsVLLeFN5c0gEa3NEqKLDChPgYe0nym4bcb5LBG%2FCEmDbQblOjUXqsP42luEmZ5UsUoKCPZ0AhC3vB4BtE72EDBbMxtM%2Fp7OjXsoy6t%2ByS6ajts9%2B9OJbV2ZF%2B5NGmhQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
set-cookie: _cfuvid=0atPeK6ysN5TOu6xx0ZvqB51bwfOme.jkq9vpbhACf0-1675525323148-0-604800000; path=/; domain=.highwebmedia.com; HttpOnly; Secure; SameSite=None
server: cloudflare
cf-ray: 794483959cf4b517-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
static-assets.highwebmedia.com/CACHE/js/output.21e4d7885076.js
104.16.93.42200 OK 0 B URL HTTP/2 static-assets.highwebmedia.com/CACHE/js/output.21e4d7885076.js
IP 104.16.93.42:0
GET /CACHE/js/output.21e4d7885076.js HTTP/1.1
Host: static-assets.highwebmedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://chaturbate.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sat, 04 Feb 2023 15:42:03 GMT
content-type: application/javascript
cache-control: public, max-age=2592000
cf-bgj: minify
cf-polished: origSize=114830
etag: W/"b4ad9510a310ef8a83f71a5f317f091d"
last-modified: Wed, 02 Nov 2022 16:55:42 GMT
x-amz-id-2: PsN3iv65Njn7hNZwOdYd1oAvY+pAIQWUXN9tndhJWmeM1MvoPlyG8vIpgAHr+IS5kjdZ1+l3zUY=
x-amz-meta-s3cmd-attrs: md5:b4ad9510a310ef8a83f71a5f317f091d
x-amz-request-id: QXPZJGZRTB4AE79K
cf-cache-status: HIT
age: 341028
expires: Mon, 06 Mar 2023 15:42:03 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=OjnHtek%2FASLg3kKa50JBjSgC1nTm4T0SU8yjvxYfEEnUdveWAANpM2XR8BDptB3fR1qga9pRo%2BeZnkFA%2FFBoDhHh9nNpbi0BGr1QLOLKLL2ExykoFXKM8FYbji1n2rVGSOAJfWIKM9go7C1MKlRg0w%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
set-cookie: _cfuvid=nEn5G7s.pJDSdqhfy63XX1jt.aDKCqswI2uhIPQ_A7E-1675525323151-0-604800000; path=/; domain=.highwebmedia.com; HttpOnly; Secure; SameSite=None
server: cloudflare
cf-ray: 794483959cf3b517-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
a.adtng.com/get/10010248?time=1592494928726&atc=425995&apb=YZlUlfkODalTHxzXK4KRFUxSvDeE9aGlwh6KkcRKu3IdL10jpYSQaoX3F6M6U1rz84UfTSId2qQOx-s-yJCvj5V3pCpYNG8YeGlPfxuo42oO-Fp3QnsY_gUIDRUi
66.254.114.171200 OK 0 B URL HTTP/2 a.adtng.com/get/10010248?time=1592494928726&atc=425995&apb=YZlUlfkODalTHxzXK4KRFUxSvDeE9aGlwh6KkcRKu3IdL10jpYSQaoX3F6M6U1rz84UfTSId2qQOx-s-yJCvj5V3pCpYNG8YeGlPfxuo42oO-Fp3QnsY_gUIDRUi
IP 66.254.114.171:0
GET /get/10010248?time=1592494928726&atc=425995&apb=YZlUlfkODalTHxzXK4KRFUxSvDeE9aGlwh6KkcRKu3IdL10jpYSQaoX3F6M6U1rz84UfTSId2qQOx-s-yJCvj5V3pCpYNG8YeGlPfxuo42oO-Fp3QnsY_gUIDRUi HTTP/1.1
Host: a.adtng.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://a.naturalhealthsource.club/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: openresty
date: Sat, 04 Feb 2023 15:42:02 GMT
content-type: text/html
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-headers: Accept,Authorization,Cache-Control,Content-Type,DNT,If-Modified-Since,Keep-Alive,Origin,User-Agent,X-Requested-With
content-encoding: gzip
set-cookie: adtool_guid=Ch5KGmPefMpSUz8yv1wpAg==; expires=Thu, 31-Dec-37 23:55:55 GMT; path=/; Secure; HTTPOnly; SameSite=None;
RNLBSERVERID=ded7077; path=/; HttpOnly; Secure; SameSite=None
accept-ch: Sec-CH-UA,Sec-CH-UA-Arch,Sec-CH-UA-Full-Version,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version
x-request-id: 63DE7CCA-42FE72AB01BB7E1A-3EA0BDD
X-Firefox-Spdy: h2
static-assets.highwebmedia.com/cachebust/129-react-839eb3d82e529c7a8058.js
104.16.93.42200 OK 0 B URL HTTP/2 static-assets.highwebmedia.com/cachebust/129-react-839eb3d82e529c7a8058.js
IP 104.16.93.42:0
GET /cachebust/129-react-839eb3d82e529c7a8058.js HTTP/1.1
Host: static-assets.highwebmedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://chaturbate.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sat, 04 Feb 2023 15:42:03 GMT
content-type: application/javascript
cache-control: public, max-age=2592000
cf-bgj: minify
cf-polished: origSize=50502
etag: W/"7e83fb279c733323ac8538db356504fe"
last-modified: Fri, 03 Feb 2023 01:47:49 GMT
x-amz-id-2: a4+jbgT88oB25XSzEMvNb+QHu+bFpPgxRM8VVBhfUoUDswfU4g7bgDnTArXzYo8JXClsImlz7Ug=
x-amz-meta-s3cmd-attrs: md5:7e83fb279c733323ac8538db356504fe
x-amz-request-id: 8ZDGM0NFWWPM9Q4X
cf-cache-status: HIT
age: 136294
expires: Mon, 06 Mar 2023 15:42:03 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Wztv33xWqnTgSjkARHrw8HJ0PzQrdoxQOBZ84p7X5am%2BnpIacmjnsoLhe5YjSpnUQomUzSGYmHXgNMFCHSYaNNs3Jg6HZeF76DTbs1%2Bn%2FeuYK3ZPDuh3B4%2FdzpD4x2V06sgwwHmPs4DStg11EuYXng%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
set-cookie: _cfuvid=TeYal8NLVcrItIUDJhjU1teBt7H2ZsZNwiHeNtrxhSs-1675525323146-0-604800000; path=/; domain=.highwebmedia.com; HttpOnly; Secure; SameSite=None
server: cloudflare
cf-ray: 794483959cfcb517-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
static-assets.highwebmedia.com/jsi18n/en/djangojs.js?hash=4a56a61db688
104.16.93.42200 OK 0 B URL HTTP/2 static-assets.highwebmedia.com/jsi18n/en/djangojs.js?hash=4a56a61db688
IP 104.16.93.42:0
GET /jsi18n/en/djangojs.js?hash=4a56a61db688 HTTP/1.1
Host: static-assets.highwebmedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://chaturbate.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sat, 04 Feb 2023 15:42:03 GMT
content-type: application/javascript
cache-control: public, max-age=2592000
cf-bgj: minify
cf-polished: origSize=3271
etag: W/"32cad827f4958bb8450fc33065ba4b42"
last-modified: Thu, 28 Apr 2022 02:42:35 GMT
x-amz-id-2: w5MJevj/3sEzvkHbMQbBUgPRs1NXqAgikyNa8wy5rtflbSLBF3JIXHEcb764mi1JP7i/iB4y2Rf1noF8BAMU2H/pL/kWxNw5D5NmDZW1pak=
x-amz-meta-s3cmd-attrs: md5:32cad827f4958bb8450fc33065ba4b42
x-amz-request-id: HSN7XKAAZWP3K086
cf-cache-status: HIT
age: 133328
expires: Mon, 06 Mar 2023 15:42:03 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=cBzvsS2pkHitIPvXSH9t0OJl7jxeYVvtedkfW6Dynyf0SUDtdHDzhmrDL3zXLB0rs6TtTGoNQiu4WA6wHzZl2PY69jwKxRzBwmZ3rqg%2FNDa9PhX2SRZXf7YeLsIrX6ziGBNlAMoaF3j7DKxHJLJNzg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
set-cookie: _cfuvid=23QBh7qRpShHKvSsWaJqo_qq1wQs2ClYjFepVL5kbfw-1675525323149-0-604800000; path=/; domain=.highwebmedia.com; HttpOnly; Secure; SameSite=None
server: cloudflare
cf-ray: 794483959cf2b517-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
static-assets.highwebmedia.com/cachebust/825-react-bb8e2b5d8559102e7274.js
104.16.93.42200 OK 0 B URL HTTP/2 static-assets.highwebmedia.com/cachebust/825-react-bb8e2b5d8559102e7274.js
IP 104.16.93.42:0
GET /cachebust/825-react-bb8e2b5d8559102e7274.js HTTP/1.1
Host: static-assets.highwebmedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://chaturbate.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sat, 04 Feb 2023 15:42:03 GMT
content-type: application/javascript
cache-control: public, max-age=2592000
cf-bgj: minify
cf-polished: origSize=161808
etag: W/"7a130551f6e927ecc9daaab2d085fc21"
last-modified: Fri, 03 Feb 2023 01:47:49 GMT
x-amz-id-2: m26geDVZRxhFy0Qd/ImOpZZNsTEArJr8X5QBNJsWjUDPUxnCKgxago9I2SYbzspSbFfVNONjf3U=
x-amz-meta-s3cmd-attrs: md5:7a130551f6e927ecc9daaab2d085fc21
x-amz-request-id: 8ZDMJ16KJWKK3FPS
cf-cache-status: HIT
age: 136294
expires: Mon, 06 Mar 2023 15:42:03 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=gChVoO0Z%2FHhQyQCTq5tO63nwTQVMy0b%2B4XICJ1l6%2Fbf7S%2BOW2q0hTmxse3SPDaFrT7WN0Hiy58oOoKYlrH8EP24aNZBAQ%2FakKCFCNougITrA%2BPZHx%2BCDADnlYoCjBUd0YweocHBRbrHBls1Y0RjOHQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
set-cookie: _cfuvid=zFBSDGXa_9i3jOhbvnP0AvZnrVds7gPMHJgkn.dimLQ-1675525323145-0-604800000; path=/; domain=.highwebmedia.com; HttpOnly; Secure; SameSite=None
server: cloudflare
cf-ray: 794483959cfbb517-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
static-assets.highwebmedia.com/cachebust/chatembed-prod-4a56a61db688.js
104.16.93.42200 OK 0 B URL HTTP/2 static-assets.highwebmedia.com/cachebust/chatembed-prod-4a56a61db688.js
IP 104.16.93.42:0
GET /cachebust/chatembed-prod-4a56a61db688.js HTTP/1.1
Host: static-assets.highwebmedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://chaturbate.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sat, 04 Feb 2023 15:42:03 GMT
content-type: application/javascript
cache-control: public, max-age=2592000
cf-bgj: minify
cf-polished: origSize=995638
etag: W/"f95696bc929c896ca55898edf716cf66"
last-modified: Fri, 03 Feb 2023 02:37:20 GMT
x-amz-id-2: cLyZDB7sioU0R+6bG5B/o8MeJTyqmwr+xCj3YsDc3Le+u2PY/rL1XPTqmS6MIxOFpPrhwJeahko=
x-amz-meta-s3cmd-attrs: md5:f95696bc929c896ca55898edf716cf66
x-amz-request-id: W3PJ52FPEE9FW5Q4
cf-cache-status: HIT
age: 133305
expires: Mon, 06 Mar 2023 15:42:03 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2BfA2DHYgkrlmP3wxmw7%2BFWh6pPKNLP9OuziL240MpOVKBlrYoVSVNg7NSuq0CGPcTcNNw0yxOXuoYH8DHXzHrCM906dEh8TmLeFYdRRJyOxy9UOXCfg1EptKeXU%2FmPv95kRiUDHL56XHgc1tRpHg9w%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
set-cookie: _cfuvid=zQRvoRtu1PdfTxywsPaSsW8zHCe1PRgbwnGkiNh4Zn8-1675525323178-0-604800000; path=/; domain=.highwebmedia.com; HttpOnly; Secure; SameSite=None
server: cloudflare
cf-ray: 79448395cd47b517-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
cbjpeg.stream.highwebmedia.com/stream?room=claire_moulin&f=0.08317994270545459
131.153.88.93200 OK 0 B URL HTTP/2 cbjpeg.stream.highwebmedia.com/stream?room=claire_moulin&f=0.08317994270545459
IP 131.153.88.93:0
ASN #50389 Phoenix Nap, LLC.
GET /stream?room=claire_moulin&f=0.08317994270545459 HTTP/1.1
Host: cbjpeg.stream.highwebmedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://chaturbate.com/
Connection: keep-alive
Cookie: _cfuvid=zQRvoRtu1PdfTxywsPaSsW8zHCe1PRgbwnGkiNh4Zn8-1675525323178-0-604800000
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 04 Feb 2023 15:42:06 GMT
content-type: image/jpeg
content-length: 23727
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: default-src 'none'; img-src data:; style-src 'unsafe-inline'
cache-tag: cbjpeg
x-frame-options: DENY
X-Firefox-Spdy: h2