fr.hentai-img.com/
0 B IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: fr.hentai-img.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 301 Moved Permanently
Date: Tue, 05 Dec 2023 16:33:12 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: max-age=3600
Expires: Tue, 05 Dec 2023 17:33:12 GMT
Location: https://fr.hentai-img.com/
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=koJ1G04u0o0sanPCoxHto%2FhFNaaOMBYVVcDl9TDhkpDk3M96CbwK88Pcjk6HFgjRLGcUzW%2B3KHBlwlE605Rbkf1UJck%2FPNptMReL%2Bv19EjYGk6qGg4abZD8XFz6NAZ2uTSy9tw%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 830db0835fac742b-LHR
alt-svc: h2=":443"; ma=60
static.hentai-img.com/img/common/flag/fr.gif
525 B URL static.hentai-img.com/img/common/flag/fr.gif
IP
File type GIF image data, version 87a, 50 x 33\012- data
Hash 751bfc9753e8ec32b2af6273c44025ce
513a7ace4670aedc494fafda5a04a6f5f101a60b
7679445cf6d488364207be74a6d2c971fc10fede333050fc6745bf07fe236b59
GET /img/common/flag/fr.gif HTTP/1.1
Host: static.hentai-img.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://fr.hentai-img.com/
Cookie: adsense=pc-ca-ipp%3D1701793995
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Tue, 05 Dec 2023 16:33:17 GMT
content-type: image/gif
content-length: 525
last-modified: Sat, 18 Nov 2023 03:31:42 GMT
etag: "6558301e-20d"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-cache: HIT
cf-cache-status: HIT
age: 572496
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=P4JCQgv0Ltxt8Gj4k60ZhSoFjB39yfciRjLUNkZM6xFaWx36%2FP51f3GnHhBau%2FMARjpr6sGbW5KO1F%2B0rgSztA7aKIh%2BxpKfzU31KvzLBy19dswvdTEkm2o2CQlGzO%2F4YcGaC4Is%2F2c%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 830db0a55a4188bc-LHR
alt-svc: h3=":443"; ma=86400
static.hentai-img.com/img/common/flag/th.gif
489 B URL static.hentai-img.com/img/common/flag/th.gif
IP
File type GIF image data, version 87a, 50 x 33\012- data
Hash dade310281854f06b5d86e2bda6a195a
b1ef80054727ee2e6bb6f5064ebe967df29140a5
3a8f0d75a21c4ee76195ec2b853f843f4f3e3448302b09d3e7f3571f0d432e60
GET /img/common/flag/th.gif HTTP/1.1
Host: static.hentai-img.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://fr.hentai-img.com/
Cookie: adsense=pc-ca-ipp%3D1701793995
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Tue, 05 Dec 2023 16:33:17 GMT
content-type: image/gif
content-length: 489
last-modified: Sat, 18 Nov 2023 03:31:42 GMT
etag: "6558301e-1e9"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-cache: HIT
cf-cache-status: HIT
age: 633044
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=bsaeaLSV2kn0v3kuP%2FaaxyWiXMiDShbvf1tF9W3UHIC6fC4Ohu4EvM4l4buBGDMeRDHl1B7dXJPjXS96m9g07bW6OhpNIr1cDofwfCSiXSldmf4fMU0%2BxO0rXxDhMJ1YJ1hW2wgG0mI%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 830db0a55a4d88bc-LHR
alt-svc: h3=":443"; ma=86400
static.hentai-img.com/img/common/flag/vi.gif
200 OK 764 B URL GET HTTP/3 static.hentai-img.com/img/common/flag/vi.gif
IP
Requested by https://fr.hentai-img.com/image/-ntr-/page/6/
Certificate IssuerGoogle Trust Services LLC
Subjecthentai-img.com
Fingerprint0C:0F:5D:D5:C9:A9:F5:C7:7D:41:9B:02:8F:21:4E:22:66:97:A6:23
ValiditySat, 21 Oct 2023 10:38:53 GMT - Fri, 19 Jan 2024 10:38:52 GMT
File type GIF image data, version 87a, 50 x 33\012- data
Hash 3fc67b59f6f19a304a8a127ae2d17283
868c45630f4965cec1cea642f532919eaaea9004
d78e3064389010227967d2d01aa8e16cacfff71d93274d51178cb60f3a930503
GET /img/common/flag/vi.gif HTTP/1.1
Host: static.hentai-img.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://fr.hentai-img.com/
Cookie: adsense=pc-ca-ipp%3D1701793995
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Tue, 05 Dec 2023 16:33:17 GMT
content-type: image/gif
content-length: 764
last-modified: Sat, 18 Nov 2023 03:31:42 GMT
etag: "6558301e-2fc"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-cache: HIT
cf-cache-status: HIT
age: 388713
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2FKVUIw%2FPnqqG0cE13a4lUyrglEY8a0%2F8k9OCKU72yNCq3eJEkDMnRxHRWsO60X0zFFZOaYwIPURPd8D%2BlQp8mXKB%2BKsxZyFIJ56Cd6Ar95v2IrGoIGBqfDWe8Mym12qHSHKNJDyZGVQ%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 830db0a55a5388bc-LHR
alt-svc: h3=":443"; ma=86400
static.hentai-img.com/img/common/flag/ja.gif
474 B URL static.hentai-img.com/img/common/flag/ja.gif
IP
File type GIF image data, version 87a, 50 x 33\012- data
Hash fc232c3a98b41d61cdecfe025b2d44d8
b5aa1202d489ce8e6ca37dac67baf495d5dd4c07
5a728d100e5b50ce85986a7408725740db27682433c29c221dc2764480eb2078
GET /img/common/flag/ja.gif HTTP/1.1
Host: static.hentai-img.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://fr.hentai-img.com/
Cookie: adsense=pc-ca-ipp%3D1701793995
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Tue, 05 Dec 2023 16:33:17 GMT
content-type: image/gif
content-length: 474
last-modified: Sat, 18 Nov 2023 03:31:42 GMT
etag: "6558301e-1da"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-cache: HIT
cf-cache-status: HIT
age: 469070
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=tf14gvKoXnZyWIqNONlfYdA%2BZw%2B725t828vum4m9OMZnmKVvNYjqZ%2Be7jr0jz%2Bao9XkcPTPpGldq%2B9XI7yTfkIcjGMt%2BJXn5nR9ZILvhJsmJRL7F91Af%2FJoTWG3LORKjovvEPb%2Byaas%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 830db0a55a3a88bc-LHR
alt-svc: h3=":443"; ma=86400
static.hentai-img.com/img/common/flag/en.gif
1.4 kB URL static.hentai-img.com/img/common/flag/en.gif
IP
File type GIF image data, version 87a, 50 x 26\012- data
Hash 614f51d8a552e93ab1a8d34e693b69f4
0ad32db920908f958f6c07167896091e44d5edee
eb820f959f75beecebc6e1319c2c774a830c8622a80048de1b0ba0ef2b2e2b25
GET /img/common/flag/en.gif HTTP/1.1
Host: static.hentai-img.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://fr.hentai-img.com/
Cookie: adsense=pc-ca-ipp%3D1701793995
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Tue, 05 Dec 2023 16:33:17 GMT
content-type: image/gif
content-length: 1393
last-modified: Sat, 18 Nov 2023 03:31:42 GMT
etag: "6558301e-571"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-cache: HIT
cf-cache-status: HIT
age: 469070
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=EdhZ5fEG9YncSkjjmaDCcSt3P6O8vaVQHSywZLDGZ6rwXlnEnMV%2FSh7xM9dKUTwyZGYyZET62nJz1SStuiIbtRHITls8JYk%2BlU3giDrhylom8extbwdUJ86dhGzuR6kYKZ%2Bgn8B%2Brys%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 830db0a55a3e88bc-LHR
alt-svc: h3=":443"; ma=86400
static.hentai-img.com/img/common/flag/de.gif
315 B URL static.hentai-img.com/img/common/flag/de.gif
IP
File type GIF image data, version 87a, 50 x 30\012- data
Hash b5f1834976932223f4eceb4ebe1263bc
75f99653385ba646f06441b8794e0c5bb6f9ec71
1555657d93aaab5a01449521300b72822b3db46909d84285d102725c45de3234
GET /img/common/flag/de.gif HTTP/1.1
Host: static.hentai-img.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://fr.hentai-img.com/
Cookie: adsense=pc-ca-ipp%3D1701793995
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Tue, 05 Dec 2023 16:33:17 GMT
content-type: image/gif
content-length: 315
last-modified: Sat, 18 Nov 2023 03:31:42 GMT
etag: "6558301e-13b"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-cache: HIT
cf-cache-status: HIT
age: 481087
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=v0BdOLSO0KipG5xcWTkicPJBJ0LAvAmEXx37NDvyk02RHNYoqiXOrAeFR64MK1LnrGK0YLePZY%2FIvddeinAC5qIpKQXEBYM7M0yFu4Sss5g0ABkv9%2FaEIqJZ2Tg%2FtZKfhTWx1f747%2Bs%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 830db0a55a4388bc-LHR
alt-svc: h3=":443"; ma=86400
static.hentai-img.com/img/common/flag/ru.gif
468 B URL static.hentai-img.com/img/common/flag/ru.gif
IP
File type GIF image data, version 87a, 50 x 33\012- data
Hash f4ceb928d7944860271f172b9a5a2df0
92b056a3c2426d7aef8b740ed2725b6f4fd52f40
6ca184b5dd2ff659ee4e354c3c2bc57b0ba45fb9f2e6c86cbc922f681d45fc16
GET /img/common/flag/ru.gif HTTP/1.1
Host: static.hentai-img.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://fr.hentai-img.com/
Cookie: adsense=pc-ca-ipp%3D1701793995
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Tue, 05 Dec 2023 16:33:17 GMT
content-type: image/gif
content-length: 468
last-modified: Sat, 18 Nov 2023 03:31:42 GMT
etag: "6558301e-1d4"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-cache: HIT
cf-cache-status: HIT
age: 637019
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=pjVye1O9jAosWM6D%2FD3ogpgH9wamHY5pbmnKn9yzXZdwBvZgkWut57DAC4qAGnkhcKowCjT0OjfOPIGxihpq3DnV1mlehGwgkjSeuO%2BG9eFdeP%2BNY%2F00Var3%2F7HvMhm9VYfiEeANwgY%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 830db0a55a4588bc-LHR
alt-svc: h3=":443"; ma=86400
static.hentai-img.com/img/common/flag/zh.gif
743 B URL static.hentai-img.com/img/common/flag/zh.gif
IP
File type GIF image data, version 87a, 50 x 33\012- data
Hash 5763f939a9e7b54e13997f2d74265e56
eebd3d13ce05866893a86f0a08c5426e8b5f5187
605bc30e975b4b4ea8ca03b3d423d55d9a582a7894bd47107db58e887a95211d
GET /img/common/flag/zh.gif HTTP/1.1
Host: static.hentai-img.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://fr.hentai-img.com/
Cookie: adsense=pc-ca-ipp%3D1701793995
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Tue, 05 Dec 2023 16:33:17 GMT
content-type: image/gif
content-length: 743
last-modified: Sat, 18 Nov 2023 03:31:42 GMT
etag: "6558301e-2e7"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-cache: HIT
cf-cache-status: HIT
age: 489085
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=lLBVSqsGBM6%2F03ZAvS3FMad4uDuEnEsT5uhnluityNLp0hGx0haQRspI4iPcBw1E1eJISIbXtJNZgr9fgL%2BgqDQbpZFuNJ%2F1JI7jeob%2FzLKnVlCRZuM1iUvaEHfrS6Rp8Xv8%2FGzp%2Bd0%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 830db0a55a4688bc-LHR
alt-svc: h3=":443"; ma=86400
static.hentai-img.com/img/common/flag/ko.gif
1.3 kB URL static.hentai-img.com/img/common/flag/ko.gif
IP
File type GIF image data, version 87a, 50 x 33\012- data
Hash 3db4f525bfa45626a782be27c91435e9
3734ee66a9cd2a9ece15561dd05f9c5aabafd702
621054d86125ef3c436d6126e7be35f29ea4349cda904516ed1259b73c9cd1d8
GET /img/common/flag/ko.gif HTTP/1.1
Host: static.hentai-img.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://fr.hentai-img.com/
Cookie: adsense=pc-ca-ipp%3D1701793995
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Tue, 05 Dec 2023 16:33:17 GMT
content-type: image/gif
content-length: 1335
last-modified: Fri, 25 Nov 2022 08:27:22 GMT
etag: "63807c6a-537"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-cache: HIT
cf-cache-status: HIT
age: 1149936
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=UVw4V%2BYySMXFaz7ffEj1theniFWb%2Bq87uPhq2VzPvFrjT5vdFEqqtI%2Fj5G1zVDs6xiP2%2FNHbqObqQBpeaxPhs5ROpPhQTMU5uFgrH1tIWzZ%2FQ0wC6ry%2F61CAfHgIJlfNW6CBLuKZaf4%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 830db0a55a4788bc-LHR
alt-svc: h3=":443"; ma=86400
static.hentai-img.com/img/common/flag/es.gif
200 OK 1.3 kB URL GET HTTP/3 static.hentai-img.com/img/common/flag/es.gif
IP
Requested by https://fr.hentai-img.com/image/-ntr-/page/6/
Certificate IssuerGoogle Trust Services LLC
Subjecthentai-img.com
Fingerprint0C:0F:5D:D5:C9:A9:F5:C7:7D:41:9B:02:8F:21:4E:22:66:97:A6:23
ValiditySat, 21 Oct 2023 10:38:53 GMT - Fri, 19 Jan 2024 10:38:52 GMT
File type GIF image data, version 87a, 50 x 33\012- data
Hash b78318d1bbe6b11d049e3491a7066ba7
9f2ff64dc88431ee0e7fce5ebd1ba25aa923407b
bf158833191c774ea8b2aeaab4e7ae605537ebe32fe79323139b47808ab84ace
GET /img/common/flag/es.gif HTTP/1.1
Host: static.hentai-img.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://fr.hentai-img.com/
Cookie: adsense=pc-ca-ipp%3D1701793995
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Tue, 05 Dec 2023 16:33:17 GMT
content-type: image/gif
content-length: 1335
last-modified: Fri, 25 Nov 2022 08:27:22 GMT
etag: "63807c6a-537"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-cache: HIT
cf-cache-status: HIT
age: 1933763
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Ekq3dMvbTsnO44Vi5QFt9vZomrNrYTC5Ta0ZmJ%2F9iRMZ4OwB%2FkXVHSasQ85tqn06xnmOD9F9Xoc1apP%2Fs0ws5U4TANr1QkgY2yTe0w%2FDnZTI6xXFe4LR8qi%2B4Xc5LT8XKiTaRqLfBr8%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 830db0a55a4988bc-LHR
alt-svc: h3=":443"; ma=86400
static.hentai-img.com/img/common/flag/id.gif
200 OK 303 B URL GET HTTP/3 static.hentai-img.com/img/common/flag/id.gif
IP
Requested by https://fr.hentai-img.com/image/-ntr-/page/6/
Certificate IssuerGoogle Trust Services LLC
Subjecthentai-img.com
Fingerprint0C:0F:5D:D5:C9:A9:F5:C7:7D:41:9B:02:8F:21:4E:22:66:97:A6:23
ValiditySat, 21 Oct 2023 10:38:53 GMT - Fri, 19 Jan 2024 10:38:52 GMT
File type GIF image data, version 87a, 50 x 33\012- data
Hash 87e8ae0f9d667be54bb35cc6d95f5dce
cf7cc9f3f5caa7495d41cc5a45a2e754181847f7
a74faa32d47b6edffdddcd50c26e9678f4867b7cfa314c4ab0d0130a50513c1e
GET /img/common/flag/id.gif HTTP/1.1
Host: static.hentai-img.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://fr.hentai-img.com/
Cookie: adsense=pc-ca-ipp%3D1701793995
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Tue, 05 Dec 2023 16:33:17 GMT
content-type: image/gif
content-length: 303
last-modified: Sat, 18 Nov 2023 03:31:42 GMT
etag: "6558301e-12f"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-cache: HIT
cf-cache-status: HIT
age: 642718
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=z1qliI3NlWZ3LfPm986xGBzZeumzb%2B8SSx78gEFefn27nP7dxFkfoNga8ELsV2l1zkOKvhBxhHniGTo9UvMM160AJrLw8YQDTzaGJQMgIzDqg4yb2rL5bO4CNhO6lzXaU92wT0bbH%2BM%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 830db0a55a4a88bc-LHR
alt-svc: h3=":443"; ma=86400
static.hentai-img.com/img/common/social/google_plus.png
966 B URL static.hentai-img.com/img/common/social/google_plus.png
IP
File type PNG image data, 64 x 64, 8-bit colormap, non-interlaced\012- data
Hash 9eba4fde04295dbb4fe02beb5e72f2b0
90f4570d583a97bf2893d1bfa293daefae6084bb
4e3100d1d100105cfd2fadc475c9d3a5d82cff77acf877a1e7d8cca502fc35a6
GET /img/common/social/google_plus.png HTTP/1.1
Host: static.hentai-img.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://fr.hentai-img.com/
Cookie: adsense=pc-ca-ipp%3D1701793995
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Tue, 05 Dec 2023 16:33:17 GMT
content-type: image/png
content-length: 966
last-modified: Sat, 18 Nov 2023 03:31:42 GMT
etag: "6558301e-3c6"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-cache: HIT
cf-cache-status: HIT
age: 481350
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=P9H1RqreWA6WcdlZ5Axqt2%2BErIDXZkh0CWRGJbcl670fE6OjBkkLLhdnL%2FuxMC70zTzTr8ab0xNJq3ZrNp9KjOuthy7HzdZ0PUp%2FIlpkdHrTNo%2Fx65uDHztk2h2K3ydLQSAT7f2TzuM%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 830db0a56a5b88bc-LHR
alt-svc: h3=":443"; ma=86400
static.hentai-img.com/img/common/social/google.jpg
2.9 kB URL static.hentai-img.com/img/common/social/google.jpg
IP
File type JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 64x64, components 3\012- data
Hash d03da4d5a755fafa79537809171d7745
a7d6e98bdce5e7d001806d64e1f7b9740ce56b41
3e434c6b6bf79dd1df0166a0acfd4faeab551cdc02e240e76bb82e9aaaef97c1
GET /img/common/social/google.jpg HTTP/1.1
Host: static.hentai-img.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://fr.hentai-img.com/
Cookie: adsense=pc-ca-ipp%3D1701793995
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Tue, 05 Dec 2023 16:33:17 GMT
content-type: image/jpeg
content-length: 2860
last-modified: Sat, 18 Nov 2023 03:31:42 GMT
etag: "6558301e-b2c"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-cache: HIT
cf-cache-status: HIT
age: 469070
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=l9CrLRf46ikq%2BNhSVvKIXrl6M2OJ5Qt%2BCBd3l6pN0wpDzQKwElaPTt%2Fq6UQujkMLOYBxOD2dsiJTdHzOAgrE8lViiJYFraDM3jqqy21GUUXIjYhwO9ChcCQsh%2FaKc%2FW96wDE1kjNzEg%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 830db0a56a6188bc-LHR
alt-svc: h3=":443"; ma=86400
static.hentai-img.com/img/common/social/twitter.jpg
3.1 kB URL static.hentai-img.com/img/common/social/twitter.jpg
IP
File type JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 64x64, components 3\012- data
Hash 332ba12ef50c10ec47fc6fe788ed76cf
e5c36d02a2058526f9b50ed511f729daa23664cc
e4e2dc43599b41d04804f3b10a393dad8416f66a2c4c5924cf1c61730d63dfed
GET /img/common/social/twitter.jpg HTTP/1.1
Host: static.hentai-img.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://fr.hentai-img.com/
Cookie: adsense=pc-ca-ipp%3D1701793995
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Tue, 05 Dec 2023 16:33:17 GMT
content-type: image/jpeg
content-length: 3070
last-modified: Fri, 25 Nov 2022 08:27:22 GMT
etag: "63807c6a-bfe"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-cache: HIT
cf-cache-status: HIT
age: 2038460
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=JfrkKjWNrwUOmaGw0h%2FxvL4aXrXB9qn89r9cXEybywHRFLYk9B8F3UYQx%2FpR633cieN0vlfRKdOmL8rNsNJP%2B4KqYHtJGcKHsiVdq%2FMsVUHOapZ2mumBKW25%2BSvjjYAoa21PYwkziuo%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 830db0a56a6788bc-LHR
alt-svc: h3=":443"; ma=86400
static.hentai-img.com/img/common/social/facebook.jpg
2.1 kB URL static.hentai-img.com/img/common/social/facebook.jpg
IP
File type JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 64x64, components 3\012- data
Hash 40d8a992e98bb81a3ae223545c985fa4
167a554092a8b3f93659dbcd4b8995668f0e4b86
86551a71ce56e419e94306144f91bd0200d6ca73b7b933e88be448b1f2ea251a
GET /img/common/social/facebook.jpg HTTP/1.1
Host: static.hentai-img.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://fr.hentai-img.com/
Cookie: adsense=pc-ca-ipp%3D1701793995
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Tue, 05 Dec 2023 16:33:17 GMT
content-type: image/jpeg
content-length: 2086
last-modified: Sat, 18 Nov 2023 03:31:42 GMT
etag: "6558301e-826"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-cache: HIT
cf-cache-status: HIT
age: 572496
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=XUN5W5h4ZANeb2XSArV%2BlruhduBED9tqMbeBn7KViXdyHyGxpJXOHqHP%2F%2Bbj2zzp6KBnuhlwpi4qZFsG5Q7PXYSDP3Ue%2Bm7HOgrJmz8XkyMHtUfMcSEGqPduXnpEMrm9sOBrU6bhirU%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 830db0a57a7088bc-LHR
alt-svc: h3=":443"; ma=86400
static.hentai-img.com/img/common/social/reddit.png
542 B URL static.hentai-img.com/img/common/social/reddit.png
IP
File type PNG image data, 64 x 64, 8-bit colormap, non-interlaced\012- data
Hash 3713e686f6104795b2f9ce1e249313d6
c4ab6171292d3aeef618c614677a167f230b6ffd
ed28fead9654b1ec127f76da970b98bdaa954061a0a2a1121179debff9a0d153
GET /img/common/social/reddit.png HTTP/1.1
Host: static.hentai-img.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://fr.hentai-img.com/
Cookie: adsense=pc-ca-ipp%3D1701793995
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Tue, 05 Dec 2023 16:33:17 GMT
content-type: image/png
content-length: 542
last-modified: Fri, 25 Nov 2022 08:27:22 GMT
etag: "63807c6a-21e"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-cache: HIT
cf-cache-status: HIT
age: 1299531
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=jfPkedk4U8V2EExiZ7J0OvxDj%2FPcRdiHl5AoyQzSM0NdSmJ6Rv7kCQ%2FiE8v9YDRqP%2FsBpLOQTroZiKfUYdCPwL4PFfJjVr%2FUapptmyg0Wrxfego6M5INYdr9L8PSRYugPkj9PL3mAtE%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 830db0a57a7688bc-LHR
alt-svc: h3=":443"; ma=86400
static.hentai-img.com/img/common/social/tumblr.jpg
200 OK 2.4 kB URL GET HTTP/3 static.hentai-img.com/img/common/social/tumblr.jpg
IP
Requested by https://fr.hentai-img.com/image/-ntr-/page/6/
Certificate IssuerGoogle Trust Services LLC
Subjecthentai-img.com
Fingerprint0C:0F:5D:D5:C9:A9:F5:C7:7D:41:9B:02:8F:21:4E:22:66:97:A6:23
ValiditySat, 21 Oct 2023 10:38:53 GMT - Fri, 19 Jan 2024 10:38:52 GMT
File type JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 64x64, components 3\012- data
Hash 5b33546756b674ce2be373044f24c0cf
68dcc328753f7872624504268fcd7334b71c9f76
c1a52b3dc3cf5ea00542ea76f1295b55c7d01d0660e04587d0de18e86cdbb2c7
GET /img/common/social/tumblr.jpg HTTP/1.1
Host: static.hentai-img.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://fr.hentai-img.com/
Cookie: adsense=pc-ca-ipp%3D1701793995
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Tue, 05 Dec 2023 16:33:17 GMT
content-type: image/jpeg
content-length: 2407
last-modified: Sat, 18 Nov 2023 03:31:42 GMT
etag: "6558301e-967"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-cache: HIT
cf-cache-status: HIT
age: 648181
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=OoMfZNtHyI1aw1aiJJfdI4Z86VzM41ug8QH4L4ODEK4s8PityUcT%2BcLU8vpfz0SZc1Ic9lxZzbXniaS15DZzRXSb5wpLs%2BRbavqXOdOvZPILTUtxIekn9lIwUrKbwcHBtuaW3W6Fp3Q%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 830db0a57a7988bc-LHR
alt-svc: h3=":443"; ma=86400
static.hentai-img.com/img/common/social/pinterest.png
200 OK 458 B URL GET HTTP/3 static.hentai-img.com/img/common/social/pinterest.png
IP
Requested by https://fr.hentai-img.com/image/-ntr-/page/6/
Certificate IssuerGoogle Trust Services LLC
Subjecthentai-img.com
Fingerprint0C:0F:5D:D5:C9:A9:F5:C7:7D:41:9B:02:8F:21:4E:22:66:97:A6:23
ValiditySat, 21 Oct 2023 10:38:53 GMT - Fri, 19 Jan 2024 10:38:52 GMT
File type PNG image data, 64 x 64, 8-bit colormap, non-interlaced\012- data
Hash 648994670c62d7a329042748a4bee30d
8227437266c5cab384f53caa32d1b387a77049fa
7d2b7976f2ee424f2a5c3efd727ce68d9d30400bfaaf44bf7a5348c914cf244c
GET /img/common/social/pinterest.png HTTP/1.1
Host: static.hentai-img.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://fr.hentai-img.com/
Cookie: adsense=pc-ca-ipp%3D1701793995
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Tue, 05 Dec 2023 16:33:17 GMT
content-type: image/png
content-length: 458
last-modified: Sat, 18 Nov 2023 03:31:42 GMT
etag: "6558301e-1ca"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-cache: HIT
cf-cache-status: HIT
age: 384049
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=fEgZ1Zvp6MMUkvXhXMB7bNwm%2F0rNWOMXqk0EtkL4B3HdxqWLVpMZKj0ZmrOwSQDo0x64VSEMtoHP8jVIx6YEven8IZSPIVBwbacLkYW9to0HsH6K2oONZmxBfKu7W5y9Xgs%2BviGCAVc%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 830db0a57a8d88bc-LHR
alt-svc: h3=":443"; ma=86400
static.hentai-img.com/img/common/social/vk_com.png
964 B URL static.hentai-img.com/img/common/social/vk_com.png
IP
File type PNG image data, 64 x 64, 8-bit colormap, non-interlaced\012- data
Hash 25e01617b3bdb03a8254a51c52183e09
bed65c5f27acec7a2043c225b4c5e52c031354fb
5e117a1e8a53399ae27ab8aac45f2b8b4daa7f9d208726f29d8eef7c3fe85b3f
GET /img/common/social/vk_com.png HTTP/1.1
Host: static.hentai-img.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://fr.hentai-img.com/
Cookie: adsense=pc-ca-ipp%3D1701793995
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Tue, 05 Dec 2023 16:33:17 GMT
content-type: image/png
content-length: 964
last-modified: Fri, 25 Nov 2022 08:27:22 GMT
etag: "63807c6a-3c4"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-cache: HIT
cf-cache-status: HIT
age: 2205877
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=65w7FDBfJbKXeJ8y8vgXDBNeUDDhM%2BOgBW3CV1h2ZvlqkY%2B946toovT9PnVE6MteLkmtFx5YWZ5LUtQJ5tSAlWcNilDbt02eOR1YoyHQps4VoVBB8H3Y5otzevNygy4f02qPLSaZ5s8%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 830db0a58a8f88bc-LHR
alt-svc: h3=":443"; ma=86400
static.hentai-img.com/img/common/social/line.png
825 B URL static.hentai-img.com/img/common/social/line.png
IP
File type PNG image data, 64 x 64, 8-bit colormap, non-interlaced\012- data
Hash 299510f9cfb5a76a1ec5174cfb6ae795
0fc4e218da4019ee2b75a6639f981ca1a31187f9
eb1d6f5b8b6289ab1b326d7b116311fd37f4eb296ded36090f333bccb55bde5b
GET /img/common/social/line.png HTTP/1.1
Host: static.hentai-img.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://fr.hentai-img.com/
Cookie: adsense=pc-ca-ipp%3D1701793995
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Tue, 05 Dec 2023 16:33:17 GMT
content-type: image/png
content-length: 825
last-modified: Fri, 25 Nov 2022 08:27:22 GMT
etag: "63807c6a-339"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-cache: HIT
cf-cache-status: HIT
age: 2126204
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=rTN2EwFHMadVHS50T3mzdI%2BDElY740Nir53pxzF4aHzGCHoNBYAJIKwC%2FcmHDjLKFwou6XoGsukgCG3He6eGz8al97UiJqXNm%2Bb7TiQ7TqE25r7nqk5cLV8K6Y9lNEeQZwlwgepC2PI%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 830db0a58a9188bc-LHR
alt-svc: h3=":443"; ma=86400
static.hentai-img.com/img/common/social/hatena.png
501 B URL static.hentai-img.com/img/common/social/hatena.png
IP
File type PNG image data, 64 x 64, 8-bit colormap, non-interlaced\012- data
Hash ab83b4b896bf57fb195debbc7149971f
3c479cb275572b7e29b82100099d7b8a074b689e
d0ba5d480ebfe557338e123f161e74ebbe5f75fa67acfb00196daf8b74e6aa58
GET /img/common/social/hatena.png HTTP/1.1
Host: static.hentai-img.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://fr.hentai-img.com/
Cookie: adsense=pc-ca-ipp%3D1701793995
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Tue, 05 Dec 2023 16:33:17 GMT
content-type: image/png
content-length: 501
last-modified: Fri, 25 Nov 2022 08:27:22 GMT
etag: "63807c6a-1f5"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-cache: HIT
cf-cache-status: HIT
age: 2903768
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=1t9dvJPgAkZxhj6QCdMuLdOpL8EPt3IPwKOK2d%2BtJf7U74nez5wanwPLzJMNZxMqTTH6K91RB0BYIZjBiCTX1xHfl8kEnLZurDj1fpHRKkOVetjibrDc7phWNTIPIfKEiW4Y2MFWOY4%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 830db0a58a9f88bc-LHR
alt-svc: h3=":443"; ma=86400
static.hentai-img.com/img/common/social/pocket.png
1.1 kB URL static.hentai-img.com/img/common/social/pocket.png
IP
File type PNG image data, 64 x 64, 8-bit colormap, non-interlaced\012- data
Hash 34177c970f2a37a384e877bd07489116
a4b1dc3ae3e2b369bebaeb9a741821bfc2f68a26
57e48d9c3c98955c1d34b7968870bbdef6845441f4e7707c6bef7c4f0bda8e36
GET /img/common/social/pocket.png HTTP/1.1
Host: static.hentai-img.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://fr.hentai-img.com/
Cookie: adsense=pc-ca-ipp%3D1701793995
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Tue, 05 Dec 2023 16:33:17 GMT
content-type: image/png
content-length: 1113
last-modified: Fri, 25 Nov 2022 08:27:22 GMT
etag: "63807c6a-459"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-cache: HIT
cf-cache-status: HIT
age: 2883306
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=7vAtJ3HNUqrnQvaFy08InASOQ3AYbkvlMe4Urxwrozi9zOlLJABkEvJ3vh0u0rI3UUnhrlyCVBiIPdVJyUu9Cq%2BHTlMQHTx5MRGKvZodvwhM3xm97wLmiN7fL8ZQCcgc4KC9dpFUG2g%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 830db0a5aad988bc-LHR
alt-svc: h3=":443"; ma=86400
static.hentai-img.com/img/common/social/mixi.png
822 B URL static.hentai-img.com/img/common/social/mixi.png
IP
File type PNG image data, 64 x 64, 8-bit colormap, non-interlaced\012- data
Hash b95efd042485932bebbd64b36e04239d
05bf771f9bc32761964c9142b5a02146ba00834a
ca1d5623931e628fcbb100eea0802c8819ba74d650f7e20eb8f5ebacb4985c72
GET /img/common/social/mixi.png HTTP/1.1
Host: static.hentai-img.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://fr.hentai-img.com/
Cookie: adsense=pc-ca-ipp%3D1701793995
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Tue, 05 Dec 2023 16:33:17 GMT
content-type: image/png
content-length: 822
last-modified: Sat, 18 Nov 2023 03:31:42 GMT
etag: "6558301e-336"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-cache: HIT
cf-cache-status: HIT
age: 634680
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=kwLMpGwR7YM19qInjV27%2FL%2FOD60QKPAVYBMc54gkt%2BH6Eakm65fuJG%2BD7qndzJIantlfWu28wFkkjusodlpPrPd6eLGweQAZ0bCEMZG7tnubZkM6I0EH48XJamDd2viCSayrbBXYMdo%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 830db0a5aade88bc-LHR
alt-svc: h3=":443"; ma=86400
static.hentai-img.com/img/common/social/stumble_upon.jpg
200 OK 5.3 kB URL GET HTTP/3 static.hentai-img.com/img/common/social/stumble_upon.jpg
IP
Requested by https://fr.hentai-img.com/image/-ntr-/page/6/
Certificate IssuerGoogle Trust Services LLC
Subjecthentai-img.com
Fingerprint0C:0F:5D:D5:C9:A9:F5:C7:7D:41:9B:02:8F:21:4E:22:66:97:A6:23
ValiditySat, 21 Oct 2023 10:38:53 GMT - Fri, 19 Jan 2024 10:38:52 GMT
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=5], baseline, precision 8, 64x64, components 3\012- data
Hash 75356d971865d18f361c31b8082bb4fc
c7a9fb21644661b3ecc6a7bb514818fca505b799
3cfcbf3045b013f60c81448975b83ac34e391e3b887a421ab765d9b36ae51350
GET /img/common/social/stumble_upon.jpg HTTP/1.1
Host: static.hentai-img.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://fr.hentai-img.com/
Cookie: adsense=pc-ca-ipp%3D1701793995
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Tue, 05 Dec 2023 16:33:17 GMT
content-type: image/jpeg
content-length: 5308
last-modified: Fri, 25 Nov 2022 08:27:22 GMT
etag: "63807c6a-14bc"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-cache: HIT
cf-cache-status: HIT
age: 2376123
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=TFGyigY%2B9uW%2FPAO9EZl%2BSfoTSjQ8lJOGrXHrl%2BpEAFQ59RMWHilueH9mGRBeXOZUB0jmuSh7NbGaVIytTuI%2BW8u6y1RIKSgqalRUo3SUAF3Q6Taq5Wf3Mp7s0MixBZGJ3JitiI1CY6U%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 830db0a5aadf88bc-LHR
alt-svc: h3=":443"; ma=86400
poweredby.jads.co/js/jads.js
301 Moved Permanently 178 B URL GET HTTP/1.1 poweredby.jads.co/js/jads.js
IP
Requested by https://fr.hentai-img.com/image/-ntr-/page/6/
Certificate IssuerSectigo Limited
Subject*.jads.co
Fingerprint9E:B2:20:AC:19:4B:72:8F:12:D9:D6:5A:6A:B5:BE:EE:46:13:48:EB
ValidityMon, 26 Dec 2022 00:00:00 GMT - Fri, 26 Jan 2024 23:59:59 GMT
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash cd2e0e43980a00fb6a2742d3afd803b8
81ffbd1712afe8cdf138b570c0fc9934742c33c1
bd9df047d51943acc4bc6cf55d88edb5b6785a53337ee2a0f74dd521aedde87d
GET /js/jads.js HTTP/1.1
Host: poweredby.jads.co
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://fr.hentai-img.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Tue, 05 Dec 2023 16:33:17 GMT
Content-Type: text/html
Content-Length: 178
Connection: keep-alive
Location: jads2.js
static.hentai-img.com/js/pc/default/init.js?t=20170430
1.8 kB URL static.hentai-img.com/js/pc/default/init.js?t=20170430
IP
Hash bdcf1b85c383e21e8200c806447402f3
a09f26d588d18aaf3ebf37177270e74255a61f10
8bc58db2b1a5ef5f7564afb9b7a0ded88c285b383534a51072eb2b076633e8f9
GET /js/pc/default/init.js?t=20170430 HTTP/1.1
Host: static.hentai-img.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://fr.hentai-img.com/
Cookie: adsense=pc-ca-ipp%3D1701793995
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Tue, 05 Dec 2023 16:33:17 GMT
content-type: application/javascript
last-modified: Fri, 16 Jun 2023 07:58:42 GMT
etag: W/"648c1632-53"
access-control-allow-origin: *
access-control-allow-methods: POST, GET, OPTIONS
access-control-allow-headers: Origin, Authorization, Accept
access-control-allow-credentials: true
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-cache: HIT
cf-cache-status: HIT
age: 2038461
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=W%2FAZKissfpAlk6wouieP7fjxkw8jsUQhnLodJ8U8PaC1%2FkMJ5qE%2FmR%2Brv7qBIsbkk0L38m5y0TWUEHL96UYYuY40NYhKQkYkSDgmiRt9e4jtI8ITEvWWzBE5q54IwUT1VY5yze1rMx0%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 830db0a5bafb88bc-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400
poweredby.jads.co/js/jads.js
301 Moved Permanently 178 B URL GET HTTP/1.1 poweredby.jads.co/js/jads.js
IP
Requested by https://fr.hentai-img.com/image/-ntr-/page/6/
Certificate IssuerSectigo Limited
Subject*.jads.co
Fingerprint9E:B2:20:AC:19:4B:72:8F:12:D9:D6:5A:6A:B5:BE:EE:46:13:48:EB
ValidityMon, 26 Dec 2022 00:00:00 GMT - Fri, 26 Jan 2024 23:59:59 GMT
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash cd2e0e43980a00fb6a2742d3afd803b8
81ffbd1712afe8cdf138b570c0fc9934742c33c1
bd9df047d51943acc4bc6cf55d88edb5b6785a53337ee2a0f74dd521aedde87d
GET /js/jads.js HTTP/1.1
Host: poweredby.jads.co
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://fr.hentai-img.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Tue, 05 Dec 2023 16:33:18 GMT
Content-Type: text/html
Content-Length: 178
Connection: keep-alive
Location: jads2.js
static.hentai-img.com/img/common/loading.gif
8.2 kB URL static.hentai-img.com/img/common/loading.gif
IP
File type GIF image data, version 89a, 48 x 48\012- data
Hash 97d6004d640bff4ccb7dbc19c8210e2c
0e993fb7dc31da3437cc9f4c934d3b4a7fa7dccf
7690561960d2b4bb48e5e19c0cfa6b84fa1d9f967eca9686c6e8ebeb73df0852
GET /img/common/loading.gif HTTP/1.1
Host: static.hentai-img.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://fr.hentai-img.com/
Cookie: adsense=pc-ca-ipp%3D1701793995
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Tue, 05 Dec 2023 16:33:18 GMT
content-type: image/gif
content-length: 8167
last-modified: Fri, 16 Jun 2023 07:58:42 GMT
etag: "648c1632-1fe7"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-cache: HIT
cf-cache-status: HIT
age: 2202361
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=GyXLPr4y4yNzUyos5R9hKKVZ1mgpAMZvwWOP%2F%2FUj7Y1J5kPQJ0F20RnIte8GMybdJ1geP%2BW1hTddwJibDpu7aE8bRgb5Wd8sXba%2FThLZBjyWK5VRvKtqAS1zUS3fi%2BkQw3j%2BYy3I9ZM%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 830db0a85f9988bc-LHR
alt-svc: h3=":443"; ma=86400
go.eabids.com/loadeactrl.go?pid=136058&spaceid=8003903&ctrlid=791765
44 kB URL go.eabids.com/loadeactrl.go?pid=136058&spaceid=8003903&ctrlid=791765
IP
File type ASCII text, with very long lines (65536), with no line terminators
Hash 8029189e497fdea0688491728c3e2237
f0ffe6d5bd69dd54dcb543478397dec6d5c1319c
6e7a96639523aca5b9d3629b9e9308222ca06bd60256bf542601f425604b7b67
GET /loadeactrl.go?pid=136058&spaceid=8003903&ctrlid=791765 HTTP/1.1
Host: go.eabids.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://fr.hentai-img.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Tue, 05 Dec 2023 16:33:18 GMT
content-type: application/javascript
content-length: 44146
content-encoding: gzip
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version-List, Sec-CH-UA-WoW64, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version-List, Sec-CH-UA-WoW64
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-platform=*, ch-ua-platform-version=*
access-control-allow-origin: *
access-control-allow-methods: POST, GET, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token,X-CSRFToken, Authorization
expires: Mon, 03 Jul 2001 06:00:00 GMT
last-modified: Janon, 05 12 2023 16:33:18 GMT
cache-control: no-store, no-cache, must-revalidate, max-age=0,post-check=0, pre-check=0
pragma: no-cache
x-backend-server: nl2-web-201
X-Firefox-Spdy: h2
poweredby.jads.co/js/jads2.js
200 OK 1.7 kB URL GET HTTP/1.1 poweredby.jads.co/js/jads2.js
IP
Requested by https://fr.hentai-img.com/image/-ntr-/page/6/
Certificate IssuerSectigo Limited
Subject*.jads.co
Fingerprint9E:B2:20:AC:19:4B:72:8F:12:D9:D6:5A:6A:B5:BE:EE:46:13:48:EB
ValidityMon, 26 Dec 2022 00:00:00 GMT - Fri, 26 Jan 2024 23:59:59 GMT
File type ASCII text, with very long lines (3758), with no line terminators
Hash bc8141c4650030c41f6a98026b12ce80
af5618f7e467a207d4c64627be580283ab5640cd
5ad0b5133e45b32908a388c8c6dcfca2c23d1d9d3e2ed6a839a742bab1ffde51
GET /js/jads2.js HTTP/1.1
Host: poweredby.jads.co
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://fr.hentai-img.com/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Tue, 05 Dec 2023 16:33:18 GMT
Content-Type: application/x-javascript
Last-Modified: Wed, 20 Sep 2023 21:26:09 GMT
Transfer-Encoding: chunked
Connection: close
ETag: W/"650b6371-eae"
Content-Encoding: gzip
static.hentai-img.com/js/common/jquery.lazyload.min.js
73 kB URL static.hentai-img.com/js/common/jquery.lazyload.min.js
IP
File type ASCII text, with very long lines (3309)
Hash 5c01d7aff077b4ed0804b71c2e3ab4a1
56b4c94cff0d5fdfca579eac85da28a767607644
80351098c2478918bb80008d7836499305bf6f4d4b2abf742b8823255bbb0d8e
GET /js/common/jquery.lazyload.min.js HTTP/1.1
Host: static.hentai-img.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://fr.hentai-img.com/
Cookie: adsense=pc-ca-ipp%3D1701793995
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Tue, 05 Dec 2023 16:33:17 GMT
content-type: application/javascript
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
last-modified: Fri, 16 Jun 2023 07:58:42 GMT
etag: W/"648c1632-d35"
access-control-allow-origin: *
access-control-allow-methods: POST, GET, OPTIONS
access-control-allow-headers: Origin, Authorization, Accept
access-control-allow-credentials: true
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-cache: HIT
cf-cache-status: HIT
age: 2378903
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=h5AaAtkbzfYTJsHZpiSM%2Bqo0EEcJ%2FtFDLqaqxI29KPbN%2BWjo34MciQR6HA4NfsgERNnYyy7hw1ltqmWc%2B6MKKrLR1%2FBkBxwp%2BvLNqkbf%2FuALKNUhxGFwpHbPloqnmGH1gYiu5mRGh%2BY%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 830db0a5baf588bc-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400
static.hentai-img.com/css/common/awesome/fonts/fontawesome-webfont.woff?v=4.7.0
1.1 kB URL static.hentai-img.com/css/common/awesome/fonts/fontawesome-webfont.woff?v=4.7.0
IP
Hash 88dc85067acab2b6e4f9e93bb78ab6f1
05e9955d51591edd7bdc0eef3c745c82575189e7
1ffeae948046ae83bd08264db4b184ebd17132012102d01e338010a62f5f8c6e
GET /css/common/awesome/fonts/fontawesome-webfont.woff?v=4.7.0 HTTP/1.1
Host: static.hentai-img.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://fr.hentai-img.com
DNT: 1
Connection: keep-alive
Referer: https://static.hentai-img.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 404 Not Found
date: Tue, 05 Dec 2023 16:33:18 GMT
content-type: text/html
cache-control: max-age=31536000
cf-cache-status: HIT
age: 57
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ZiyokgMVI3Y8f%2F5XdwECgPm6YLjbm24I2MiM9od%2BITg4CbK6UK5pV7aIC4C8Z80sJiBLRDMV33mJdDSqy5KdQG5%2F15TWX3HIVaEceK4OfFMxrgcuKKEHmTx11Ui0W0tqvZOrPRkmJKY%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 830db0a87ff388bc-LHR
alt-svc: h3=":443"; ma=86400
lby2kd27c.com/lv/esnk/1863026/code.js
200 OK 40 kB URL GET HTTP/2 lby2kd27c.com/lv/esnk/1863026/code.js
IP
Requested by https://fr.hentai-img.com/image/-ntr-/page/6/
Certificate IssuerBuypass AS-983163327
Subject
Fingerprint18:D4:50:75:16:D3:07:57:A9:86:F3:0E:99:AF:B9:B5:11:0D:0D:A4
ValiditySat, 28 Oct 2023 13:43:07 GMT - Wed, 24 Apr 2024 21:59:00 GMT
File type ASCII text, with very long lines (65107)
Hash 2e89244566181913a3f3cc1468126d62
54cdaee3a1d10eb0554c3a50ed9af373ee9f7078
ae0eaad81c577154c1b11027c643c6e71c281b45c79f868ba04369eb8b1feee9
GET /lv/esnk/1863026/code.js HTTP/1.1
Host: lby2kd27c.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://fr.hentai-img.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Tue, 05 Dec 2023 16:33:18 GMT
content-type: application/javascript
last-modified: Tue, 28 Nov 2023 11:34:35 GMT
vary: Accept-Encoding
etag: W/"6565d04b-1929a"
x-js-ab2: current
timing-allow-origin: *
accept-ch: sec-ch-ua-wow64,sec-ch-ua-full-version-list,sec-ch-ua,sec-ch-ua-platform,sec-ch-ua-mobile,sec-ch-ua-full-version,sec-ch-ua-platform-version,sec-ch-ua-arch,sec-ch-ua-bitness,sec-ch-ua-model,sec-ch-width,sec-ch-viewport-width,sec-ch-viewport-height,sec-ch-dpr,sec-ch-device-memory,sec-ch-rtt,sec-ch-prefers-color-scheme,sec-ch-prefers-reduced-motion,sec-ch-prefers-reduced-transparency,sec-ch-prefers-contrast,sec-ch-forced-colors,sec-ch-prefers-reduced-data
content-encoding: gzip
X-Firefox-Spdy: h2
stealcurtainsdeeprooted.com/f325dc2bdcd9ba00a1c3fc7fb719f96a/invoke.js
9.3 kB URL stealcurtainsdeeprooted.com/f325dc2bdcd9ba00a1c3fc7fb719f96a/invoke.js
IP
ASN #39572 DataWeb Global Group B.V.
File type Unicode text, UTF-8 text, with very long lines (25079), with no line terminators
Hash c093389b6fc0941ea7d5a6d3ba0699b9
baca4c66d947d47feb59df842379297a2cfde5a0
88645b763e0ea9abaef4395e1011a9ae7c39dc605231e0fd8c0f159657ce086b
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /f325dc2bdcd9ba00a1c3fc7fb719f96a/invoke.js HTTP/1.1
Host: stealcurtainsdeeprooted.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://fr.hentai-img.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Tue, 05 Dec 2023 16:33:18 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 580d7a0c5eb3e92da0bfe44b64d748d7
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
stealcurtainsdeeprooted.com/f325dc2bdcd9ba00a1c3fc7fb719f96a/invoke.js
9.3 kB URL stealcurtainsdeeprooted.com/f325dc2bdcd9ba00a1c3fc7fb719f96a/invoke.js
IP
ASN #39572 DataWeb Global Group B.V.
File type Unicode text, UTF-8 text, with very long lines (25083), with no line terminators
Hash b326e93794d9f0b31c32922f3af6cb1e
685752ae615a991a3ef8f714c43dc1263cd7c148
5c79b397f25e6ff89d46892644aaaed3bcc92b5177f2d05f8f46cd7afe696666
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /f325dc2bdcd9ba00a1c3fc7fb719f96a/invoke.js HTTP/1.1
Host: stealcurtainsdeeprooted.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://fr.hentai-img.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Tue, 05 Dec 2023 16:33:18 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: a13e4a26a1120bfe7fb5adb12168d73e
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
static.hentai-img.com/css/pc/style.min.css?t=20160213_01
15 kB URL static.hentai-img.com/css/pc/style.min.css?t=20160213_01
IP
File type Unicode text, UTF-8 text, with very long lines (22479), with no line terminators
Hash 85caf6f75762ceb350dd303f5cca904a
66a93e0d0664460f738a2409bd6bb75486de949b
9e5529c82499ab89351adeccca36a4edfaba8c27463ad056f3a8228816d3e708
GET /css/pc/style.min.css?t=20160213_01 HTTP/1.1
Host: static.hentai-img.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://fr.hentai-img.com/
Cookie: adsense=pc-ca-ipp%3D1701793995
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Tue, 05 Dec 2023 16:33:17 GMT
content-type: text/css
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
last-modified: Fri, 16 Jun 2023 07:58:42 GMT
etag: W/"648c1632-57f1"
access-control-allow-origin: *
access-control-allow-methods: POST, GET, OPTIONS
access-control-allow-headers: Origin, Authorization, Accept
access-control-allow-credentials: true
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-cache: HIT
cf-cache-status: HIT
age: 2124777
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ot%2FyywvVx%2BYOiPUHdfwaXj%2F97r%2F1uQWlZU9axqPtI4aKlZV7vRmf94AeqvFRZ4zHU6HJvMDB%2BODkJnJFXW%2FGuu7eEtvBBaNC15EdEtReu8im1FXBdEhtSfiAigj7O7Kyeq0G6cI3Jc0%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 830db0a55a3488bc-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400
stealcurtainsdeeprooted.com/5e6875da5961e81ed9244698fd54f94d/invoke.js
200 OK 11 kB URL GET HTTP/1.1 stealcurtainsdeeprooted.com/5e6875da5961e81ed9244698fd54f94d/invoke.js
IP
ASN #39572 DataWeb Global Group B.V.
Requested by https://fr.hentai-img.com/image/-ntr-/page/6/
Certificate IssuerLet's Encrypt
Subjectstealcurtainsdeeprooted.com
FingerprintD2:80:AC:40:05:55:8B:BC:9B:C8:7C:26:56:42:AF:54:04:5F:9B:61
ValidityMon, 30 Oct 2023 06:01:37 GMT - Sun, 28 Jan 2024 06:01:36 GMT
File type exported SGML document, ASCII text, with very long lines (29627), with no line terminators
Hash 98be10887a6a9281db7a8ce7679deed3
64320508ab0b212484117acdf8febb08281e2a31
e1b69f8321e8bf8b43f2476c43e31a2794563bc353f07cd2ed0d0abba962d9aa
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /5e6875da5961e81ed9244698fd54f94d/invoke.js HTTP/1.1
Host: stealcurtainsdeeprooted.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://fr.hentai-img.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Tue, 05 Dec 2023 16:33:18 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 1808073a8d1563899a722afa5e57c562
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
stealcurtainsdeeprooted.com/05/56/52/055652d312c99a6037d12337a6a1a7a4.js
23 kB URL stealcurtainsdeeprooted.com/05/56/52/055652d312c99a6037d12337a6a1a7a4.js
IP
ASN #39572 DataWeb Global Group B.V.
File type ASCII text, with very long lines (59227)
Hash 41c73bf10592c74d5725fab0102ab3d2
ff1b1a60ac8b0cde828b0d516020daf4f4f4376c
ef7d7422927b8f3c29350e6a9ae414cbb08b91cb48fd64a285466346b0449889
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /05/56/52/055652d312c99a6037d12337a6a1a7a4.js HTTP/1.1
Host: stealcurtainsdeeprooted.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://fr.hentai-img.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Tue, 05 Dec 2023 16:33:18 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Set-Cookie: 4b4e7ab587d59b22ad7bcd2439afc363_AN-1159_layer=0; expires=Sat, 09 Dec 2023 20:33:18 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: aa957da562470347557c960328f8e803
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
stealcurtainsdeeprooted.com/a7/bf/87/a7bf874835d806f885e035b6acb3f0eb.js
15 kB URL stealcurtainsdeeprooted.com/a7/bf/87/a7bf874835d806f885e035b6acb3f0eb.js
IP
ASN #39572 DataWeb Global Group B.V.
File type ASCII text, with very long lines (42826), with no line terminators
Hash ae9c318c6f70549d407f594d1a78ed87
78a150ca4d95767fa4b63549bad919fff5f0116c
90b88d684229b93b10d46e9335a0b881c74f455c02fba81e19a3cdc4fd362be9
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /a7/bf/87/a7bf874835d806f885e035b6acb3f0eb.js HTTP/1.1
Host: stealcurtainsdeeprooted.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://fr.hentai-img.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Tue, 05 Dec 2023 16:33:18 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 3a9567ed8f6047c36801db306f7be9eb
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
static12.hentai-img.com/upload/20210405/701/717721/p=700/51.jpg
660 kB URL static12.hentai-img.com/upload/20210405/701/717721/p=700/51.jpg
IP
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 700x988, components 3\012- data
Size 660 kB (660469 bytes)
Hash 11bf1152f9dc5bbfb57c42ae86bf98bc
cc0baf50611ac0284c869d024e797b2637e5b4cf
9cb94808463e70f82590e6bc444a446fd5bf4b63e834a947284bcd9ad719d3f9
GET /upload/20210405/701/717721/p=700/51.jpg HTTP/1.1
Host: static12.hentai-img.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://fr.hentai-img.com/
Cookie: adsense=pc-ca-ipp%3D1701793995
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Tue, 05 Dec 2023 16:33:18 GMT
content-type: image/jpeg
content-length: 660469
last-modified: Mon, 05 Apr 2021 09:02:45 GMT
etag: "606ad235-5997d"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-cache: MISS
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2FyburQb8XuyRjKwEhlhOOuO3%2Bn01%2BZlPpo5dqqFjrV3QvyqMzFjLE%2FSARCXb14hqRubzVhAeKXu47IRdfVJBykvcO8Z5jD%2B145Q2vQ6Ti1DsCoT9oipXx2zNohUlHa6M0y%2BO%2FNq2UZ1a8Q%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 830db0a55a5188bc-LHR
alt-svc: h3=":443"; ma=86400
www.googletagmanager.com/gtag/js?id=G-1PLLYQLZ1L&l=dataLayer&cx=c
90 kB URL www.googletagmanager.com/gtag/js?id=G-1PLLYQLZ1L&l=dataLayer&cx=c
IP
File type ASCII text, with very long lines (5955)
Hash c6f6205d3e5984feaef98b0270ad461f
bc454e6d4296d233a6450bdb4e6d2682aadc0240
f2e8edb09c598589d81627e265908012ed76a4afee568c1c6aaeff3d11324913
GET /gtag/js?id=G-1PLLYQLZ1L&l=dataLayer&cx=c HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://fr.hentai-img.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Tue, 05 Dec 2023 16:33:19 GMT
expires: Tue, 05 Dec 2023 16:33:19 GMT
cache-control: private, max-age=900
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 89531
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
stealcurtainsdeeprooted.com/7fd078e363f567e6039e684e541f9020/invoke.js
11 kB URL stealcurtainsdeeprooted.com/7fd078e363f567e6039e684e541f9020/invoke.js
IP
ASN #39572 DataWeb Global Group B.V.
File type exported SGML document, ASCII text, with very long lines (29615), with no line terminators
Hash 76abe12aebed0963c51802094b3ee304
3871b2e7dda302a076106339a1bb882c6866c50a
a455caa80c64884423f61b8bbf70a5265a5853d13711c18c165c2df114f63f61
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /7fd078e363f567e6039e684e541f9020/invoke.js HTTP/1.1
Host: stealcurtainsdeeprooted.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://fr.hentai-img.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Tue, 05 Dec 2023 16:33:19 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 7f87efcd18922dc911f931a657461659
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
poweredby.jads.co/js/jads.js
301 Moved Permanently 178 B URL GET HTTP/1.1 poweredby.jads.co/js/jads.js
IP
Requested by https://fr.hentai-img.com/image/-ntr-/page/6/
Certificate IssuerSectigo Limited
Subject*.jads.co
Fingerprint9E:B2:20:AC:19:4B:72:8F:12:D9:D6:5A:6A:B5:BE:EE:46:13:48:EB
ValidityMon, 26 Dec 2022 00:00:00 GMT - Fri, 26 Jan 2024 23:59:59 GMT
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash cd2e0e43980a00fb6a2742d3afd803b8
81ffbd1712afe8cdf138b570c0fc9934742c33c1
bd9df047d51943acc4bc6cf55d88edb5b6785a53337ee2a0f74dd521aedde87d
GET /js/jads.js HTTP/1.1
Host: poweredby.jads.co
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://fr.hentai-img.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Tue, 05 Dec 2023 16:33:19 GMT
Content-Type: text/html
Content-Length: 178
Connection: keep-alive
Location: jads2.js
ocsp.r2m03.amazontrust.com/
471 B URL ocsp.r2m03.amazontrust.com/
IP
Hash 1bfba60a71cfc2840a9d32837d6e0007
a0b0d4b59cdb00e6b087cad1a6c4b08aa7459fc9
7e592639e95cbc324b3017f1a6aa171657ee61fa9e4eea956c1b719cebd1f44d
POST / HTTP/1.1
Host: ocsp.r2m03.amazontrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=7200
Date: Tue, 05 Dec 2023 16:33:19 GMT
Last-Modified: Tue, 05 Dec 2023 16:25:09 GMT
Server: ECAcc (ska/F7B0)
X-Cache: Miss from cloudfront
Via: 1.1 6480520a5e02f3163410e3134bd77baa.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: F0lBqPySc-USeY_yquAw341oSIe-7dT66gsqr2Gi1stO-ZfmZDTdIQ==
Age: 490
ocsp.r2m03.amazontrust.com/
471 B URL ocsp.r2m03.amazontrust.com/
IP
Hash 24a776b1f2e9d3fff472472cff5e9b16
38a6b9ce7b18c9204f5ace875325ca74c863d1a9
108f3caa2c7db8c122fcea5f02f4f0f1e058d4da8e913dc2b4e8ace4e5a50e81
POST / HTTP/1.1
Host: ocsp.r2m03.amazontrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=7200
Date: Tue, 05 Dec 2023 16:33:19 GMT
Last-Modified: Tue, 05 Dec 2023 14:48:29 GMT
Server: ECAcc (ska/F6CC)
X-Cache: Miss from cloudfront
Via: 1.1 e49f22f18c16784c0f42291e768d1daa.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: 7hQb2tgwHjDhSBXboyL1E797UZ14NLCMsf5rYNoGnAo-uiJBcRRPnA==
Age: 6290
proftrafficcounter.com/stats
40 B URL proftrafficcounter.com/stats
IP
File type ASCII text, with no line terminators
Hash 57b3e6a8894d29e38d3efb1b386ad693
d948acc2342ff62bdbdc0aee8cb0879b3bcf3200
a97200214f0d8f0538079cd9de6d5998c13fa2e291f557b2af2276a0d0205501
GET /stats HTTP/1.1
Host: proftrafficcounter.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://fr.hentai-img.com
DNT: 1
Connection: keep-alive
Referer: https://fr.hentai-img.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Tue, 05 Dec 2023 16:33:19 GMT
content-type: text/html; charset=UTF-8
content-length: 40
server: fasthttp
access-control-allow-origin: https://fr.hentai-img.com
vary: Origin
access-control-allow-credentials: true
set-cookie: uid_id2=feadb36a-2a38-4f02-83da-5a7ea4cf746c:3:1; expires=Fri, 02 Dec 2033 16:33:19 GMT; secure; SameSite=None
X-Firefox-Spdy: h2
cdn.tsyndicate.com/sdk/v1/bi.js
200 OK 3.1 kB URL GET HTTP/2 cdn.tsyndicate.com/sdk/v1/bi.js
IP
Requested by https://fr.hentai-img.com/image/-ntr-/page/6/
Certificate IssuerSectigo Limited
Subjectcdn.tsyndicate.com
FingerprintB6:87:8F:D6:E3:48:CF:61:4E:55:B9:6B:66:FC:B2:13:7F:A0:0D:BA
ValidityWed, 14 Jun 2023 00:00:00 GMT - Sun, 14 Jul 2024 23:59:59 GMT
File type C source, ASCII text, with very long lines (7708)
Hash 132db549c9f97232cccb62af9f2156b9
27a33f324e81bb08d48875a20ef18d1f22d90af9
566f0492535dba4934209ea2b08a9ee357f4c7febf4defc717e0cb1d789bb0e5
GET /sdk/v1/bi.js HTTP/1.1
Host: cdn.tsyndicate.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://fr.hentai-img.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Tue, 05 Dec 2023 16:33:19 GMT
content-type: application/javascript
content-length: 3084
server: nginx
last-modified: Mon, 02 Oct 2023 10:01:05 GMT
x-robots-tag: noindex, nofollow
vary: Accept-Encoding
etag: W/"651a94e1-1e65"
content-encoding: gzip
age: 5284362
accept-ranges: bytes
X-Firefox-Spdy: h2
proftrafficcounter.com/stats
40 B URL proftrafficcounter.com/stats
IP
File type ASCII text, with no line terminators
Hash 40cc7905c406acea034bd7e3e822fb20
9048a390d2141e4d37b8f09635b7108fc5f98fc0
080aa15eb42734a4f23403a65f0344f9b9cb196a5d1de07c1a79349170041096
GET /stats HTTP/1.1
Host: proftrafficcounter.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://fr.hentai-img.com
DNT: 1
Connection: keep-alive
Referer: https://fr.hentai-img.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Tue, 05 Dec 2023 16:33:19 GMT
content-type: text/html; charset=UTF-8
content-length: 40
server: fasthttp
access-control-allow-origin: https://fr.hentai-img.com
vary: Origin
access-control-allow-credentials: true
set-cookie: uid_id2=842f221f-517e-4d2b-8d21-796a6e1e14ba:2:1; expires=Fri, 02 Dec 2033 16:33:19 GMT; secure; SameSite=None
X-Firefox-Spdy: h2
proftrafficcounter.com/stats
40 B URL proftrafficcounter.com/stats
IP
File type ASCII text, with no line terminators
Hash 72752ac3f94b7a8b515370c1c444103f
3a6131f56802cb3825f27605a9e3c34081f1ee6b
5ee8919aaf3c8bcebaa7d9652b7dca8d8d94f7605bb2ddf57a0f7497f722ab10
GET /stats HTTP/1.1
Host: proftrafficcounter.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://fr.hentai-img.com
DNT: 1
Connection: keep-alive
Referer: https://fr.hentai-img.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Tue, 05 Dec 2023 16:33:19 GMT
content-type: text/html; charset=UTF-8
content-length: 40
server: fasthttp
access-control-allow-origin: https://fr.hentai-img.com
vary: Origin
access-control-allow-credentials: true
set-cookie: uid_id2=8325fdb6-4dc6-407a-8a3e-13c934c97f16:3:1; expires=Fri, 02 Dec 2033 16:33:19 GMT; secure; SameSite=None
X-Firefox-Spdy: h2
static12.hentai-img.com/upload/20210405/701/717721/p=700/52.jpg
467 kB URL static12.hentai-img.com/upload/20210405/701/717721/p=700/52.jpg
IP
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 700x988, components 3\012- data
Size 467 kB (466564 bytes)
Hash 6081c4572e34ff023c055310ffbfa07e
2d84eaacc64a4790c941502dbf90a23bbb4c5a4a
38f044dfd75d36190206fae0bbae941949117cdf920b2c077228812daf2308b2
GET /upload/20210405/701/717721/p=700/52.jpg HTTP/1.1
Host: static12.hentai-img.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://fr.hentai-img.com/
Cookie: adsense=pc-ca-ipp%3D1701793995
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Tue, 05 Dec 2023 16:33:18 GMT
content-type: image/jpeg
content-length: 466564
last-modified: Mon, 05 Apr 2021 09:02:41 GMT
etag: "606ad231-3a9a1"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-cache: MISS
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Li2XLLvF1LhFgD3%2FzAHKc7X4Z850IJsWaiQxiz9mf9MsYADslR77ERsHz8e5miq8n7Fr2AXzbKul1GLOe1Hmvm7nXImsneJx3cEdR1GFPf1nCugGMSK8BwQEPJ9LzZNAGS75IEEurnU2cQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 830db0a7ce5888bc-LHR
alt-svc: h3=":443"; ma=86400
static12.hentai-img.com/upload/20210405/701/717721/p=700/53.jpg
405 kB URL static12.hentai-img.com/upload/20210405/701/717721/p=700/53.jpg
IP
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 700x988, components 3\012- data
Size 405 kB (405147 bytes)
Hash 744bbd07ec993f65e4121a70fce221ef
74937fd4eb926c2c88918b476c0a979727837d6a
c8a0960f657747c067b41b13f1bd50d75bbb3db3a70f8ea867af6c572b65d87e
GET /upload/20210405/701/717721/p=700/53.jpg HTTP/1.1
Host: static12.hentai-img.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://fr.hentai-img.com/
Cookie: adsense=pc-ca-ipp%3D1701793995
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Tue, 05 Dec 2023 16:33:18 GMT
content-type: image/jpeg
content-length: 405147
last-modified: Mon, 05 Apr 2021 09:02:28 GMT
etag: "606ad224-34d80"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-cache: MISS
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=MijBZ%2BxgN7rxsu2MaNmJeL4XtyxZHJix%2F9ylYMmnM0o22WZIGY9VSNuewqYkjIctpVPO%2BVgPTDwsmBUVYBfiRFsQaNKQPaLnBpbELDqj9lp7LPVOTHBPwM9uUt2s1WQF244vbtcYBciITg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 830db0a7ce6088bc-LHR
alt-svc: h3=":443"; ma=86400
poweredby.jads.co/js/jads.js
301 Moved Permanently 178 B URL GET HTTP/1.1 poweredby.jads.co/js/jads.js
IP
Requested by https://fr.hentai-img.com/image/-ntr-/page/6/
Certificate IssuerSectigo Limited
Subject*.jads.co
Fingerprint9E:B2:20:AC:19:4B:72:8F:12:D9:D6:5A:6A:B5:BE:EE:46:13:48:EB
ValidityMon, 26 Dec 2022 00:00:00 GMT - Fri, 26 Jan 2024 23:59:59 GMT
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash cd2e0e43980a00fb6a2742d3afd803b8
81ffbd1712afe8cdf138b570c0fc9934742c33c1
bd9df047d51943acc4bc6cf55d88edb5b6785a53337ee2a0f74dd521aedde87d
GET /js/jads.js HTTP/1.1
Host: poweredby.jads.co
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://fr.hentai-img.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Tue, 05 Dec 2023 16:33:19 GMT
Content-Type: text/html
Content-Length: 178
Connection: keep-alive
Location: jads2.js
lby2kd27c.com/lv/esnk/1863026/code.js
200 OK 39 kB URL GET HTTP/2 lby2kd27c.com/lv/esnk/1863026/code.js
IP
Requested by https://fr.hentai-img.com/image/-ntr-/page/6/
Certificate IssuerBuypass AS-983163327
Subject
Fingerprint18:D4:50:75:16:D3:07:57:A9:86:F3:0E:99:AF:B9:B5:11:0D:0D:A4
ValiditySat, 28 Oct 2023 13:43:07 GMT - Wed, 24 Apr 2024 21:59:00 GMT
File type gzip compressed data, max speed, from Unix\012- data
Hash 51d1dcba40065f4b634e1697ddb7012d
635d022aec4cba9bafc162418cd1b8f4140503e4
5dd4d8b829791a98348e72ee36865575942b5861ee78a353cebea7317d6f71bb
GET /lv/esnk/1863026/code.js HTTP/1.1
Host: lby2kd27c.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://fr.hentai-img.com/
Cookie: CHCK=1; UID=2312051133e07181d8e1cf45dd8fd216ffe5
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 05 Dec 2023 16:33:19 GMT
content-type: application/javascript
last-modified: Tue, 28 Nov 2023 11:34:35 GMT
vary: Accept-Encoding
etag: W/"6565d04b-1929a"
x-js-ab2: current
timing-allow-origin: *
accept-ch: sec-ch-ua-wow64,sec-ch-ua-full-version-list,sec-ch-ua,sec-ch-ua-platform,sec-ch-ua-mobile,sec-ch-ua-full-version,sec-ch-ua-platform-version,sec-ch-ua-arch,sec-ch-ua-bitness,sec-ch-ua-model,sec-ch-width,sec-ch-viewport-width,sec-ch-viewport-height,sec-ch-dpr,sec-ch-device-memory,sec-ch-rtt,sec-ch-prefers-color-scheme,sec-ch-prefers-reduced-motion,sec-ch-prefers-reduced-transparency,sec-ch-prefers-contrast,sec-ch-forced-colors,sec-ch-prefers-reduced-data
content-encoding: gzip
X-Firefox-Spdy: h2
static12.hentai-img.com/upload/20210405/701/717721/p=700/54.jpg
451 kB URL static12.hentai-img.com/upload/20210405/701/717721/p=700/54.jpg
IP
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 700x988, components 3\012- data
Size 451 kB (450736 bytes)
Hash 4ad4dfa5515554c2a2ed2f16ce7cc57f
41d0efcab3447b766a5950c752a2d31b93d78588
97b298341ef5bbb49ca17bba31cf1add35d5f2920db6753d1b3776c29f1aa5bd
GET /upload/20210405/701/717721/p=700/54.jpg HTTP/1.1
Host: static12.hentai-img.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://fr.hentai-img.com/
Cookie: adsense=pc-ca-ipp%3D1701793995
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Tue, 05 Dec 2023 16:33:18 GMT
content-type: image/jpeg
content-length: 450736
last-modified: Mon, 05 Apr 2021 09:02:26 GMT
etag: "606ad222-397e1"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-cache: MISS
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=zrL6DvdJFQfDMqxo%2FKJAy%2BL%2BDTSFm5raRD000MJqriy1V8nDliqWZw4WFUzQgxVngVHtAyxHvLz0h6OlOalXNCA2K0kXpIVLajMGGije1iVpBCQwEzwE8ucd%2B98XECujNfdPBxqSkDSpUA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 830db0a7ce6d88bc-LHR
alt-svc: h3=":443"; ma=86400
stealcurtainsdeeprooted.com/5e6875da5961e81ed9244698fd54f94d/invoke.js
200 OK 11 kB URL GET HTTP/1.1 stealcurtainsdeeprooted.com/5e6875da5961e81ed9244698fd54f94d/invoke.js
IP
ASN #39572 DataWeb Global Group B.V.
Requested by https://fr.hentai-img.com/image/-ntr-/page/6/
Certificate IssuerLet's Encrypt
Subjectstealcurtainsdeeprooted.com
FingerprintD2:80:AC:40:05:55:8B:BC:9B:C8:7C:26:56:42:AF:54:04:5F:9B:61
ValidityMon, 30 Oct 2023 06:01:37 GMT - Sun, 28 Jan 2024 06:01:36 GMT
File type exported SGML document, ASCII text, with very long lines (29645), with no line terminators
Hash cb25b6a0c7aede2f38e4402df4a0abea
3c5c7d9f34b36fc7a203e3714ce48c226bdb3f2e
e8a42c14126da130e83af6c4f66e5399ec5784e1590521b02be5a662f53756f8
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /5e6875da5961e81ed9244698fd54f94d/invoke.js HTTP/1.1
Host: stealcurtainsdeeprooted.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://fr.hentai-img.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Tue, 05 Dec 2023 16:33:19 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 187565e010de3cb71463ca598f56c948
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
fixedencampment.com/pixel/nvwbdp?key=f325dc2bdcd9ba00a1c3fc7fb719f96a
0 B URL fixedencampment.com/pixel/nvwbdp?key=f325dc2bdcd9ba00a1c3fc7fb719f96a
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /pixel/nvwbdp?key=f325dc2bdcd9ba00a1c3fc7fb719f96a HTTP/1.1
Host: fixedencampment.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://fr.hentai-img.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Tue, 05 Dec 2023 16:33:19 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
poweredby.jads.co/js/jads.js
301 Moved Permanently 178 B URL GET HTTP/1.1 poweredby.jads.co/js/jads.js
IP
Requested by https://fr.hentai-img.com/image/-ntr-/page/6/
Certificate IssuerSectigo Limited
Subject*.jads.co
Fingerprint9E:B2:20:AC:19:4B:72:8F:12:D9:D6:5A:6A:B5:BE:EE:46:13:48:EB
ValidityMon, 26 Dec 2022 00:00:00 GMT - Fri, 26 Jan 2024 23:59:59 GMT
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash cd2e0e43980a00fb6a2742d3afd803b8
81ffbd1712afe8cdf138b570c0fc9934742c33c1
bd9df047d51943acc4bc6cf55d88edb5b6785a53337ee2a0f74dd521aedde87d
GET /js/jads.js HTTP/1.1
Host: poweredby.jads.co
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://fr.hentai-img.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Tue, 05 Dec 2023 16:33:19 GMT
Content-Type: text/html
Content-Length: 178
Connection: keep-alive
Location: jads2.js
poweredby.jads.co/js/jads.js
301 Moved Permanently 178 B URL GET HTTP/1.1 poweredby.jads.co/js/jads.js
IP
Requested by https://fr.hentai-img.com/image/-ntr-/page/6/
Certificate IssuerSectigo Limited
Subject*.jads.co
Fingerprint9E:B2:20:AC:19:4B:72:8F:12:D9:D6:5A:6A:B5:BE:EE:46:13:48:EB
ValidityMon, 26 Dec 2022 00:00:00 GMT - Fri, 26 Jan 2024 23:59:59 GMT
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash cd2e0e43980a00fb6a2742d3afd803b8
81ffbd1712afe8cdf138b570c0fc9934742c33c1
bd9df047d51943acc4bc6cf55d88edb5b6785a53337ee2a0f74dd521aedde87d
GET /js/jads.js HTTP/1.1
Host: poweredby.jads.co
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://fr.hentai-img.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Tue, 05 Dec 2023 16:33:19 GMT
Content-Type: text/html
Content-Length: 178
Connection: keep-alive
Location: jads2.js
poweredby.jads.co/js/jads2.js
200 OK 1.7 kB URL GET HTTP/1.1 poweredby.jads.co/js/jads2.js
IP
Requested by https://fr.hentai-img.com/image/-ntr-/page/6/
Certificate IssuerSectigo Limited
Subject*.jads.co
Fingerprint9E:B2:20:AC:19:4B:72:8F:12:D9:D6:5A:6A:B5:BE:EE:46:13:48:EB
ValidityMon, 26 Dec 2022 00:00:00 GMT - Fri, 26 Jan 2024 23:59:59 GMT
File type ASCII text, with very long lines (3758), with no line terminators
Hash bc8141c4650030c41f6a98026b12ce80
af5618f7e467a207d4c64627be580283ab5640cd
5ad0b5133e45b32908a388c8c6dcfca2c23d1d9d3e2ed6a839a742bab1ffde51
GET /js/jads2.js HTTP/1.1
Host: poweredby.jads.co
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://fr.hentai-img.com/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Tue, 05 Dec 2023 16:33:19 GMT
Content-Type: application/x-javascript
Last-Modified: Wed, 20 Sep 2023 21:26:09 GMT
Transfer-Encoding: chunked
Connection: close
ETag: W/"650b6371-eae"
Content-Encoding: gzip
poweredby.jads.co/js/jads.js
301 Moved Permanently 178 B URL GET HTTP/1.1 poweredby.jads.co/js/jads.js
IP
Requested by https://fr.hentai-img.com/image/-ntr-/page/6/
Certificate IssuerSectigo Limited
Subject*.jads.co
Fingerprint9E:B2:20:AC:19:4B:72:8F:12:D9:D6:5A:6A:B5:BE:EE:46:13:48:EB
ValidityMon, 26 Dec 2022 00:00:00 GMT - Fri, 26 Jan 2024 23:59:59 GMT
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash cd2e0e43980a00fb6a2742d3afd803b8
81ffbd1712afe8cdf138b570c0fc9934742c33c1
bd9df047d51943acc4bc6cf55d88edb5b6785a53337ee2a0f74dd521aedde87d
GET /js/jads.js HTTP/1.1
Host: poweredby.jads.co
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://fr.hentai-img.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Tue, 05 Dec 2023 16:33:19 GMT
Content-Type: text/html
Content-Length: 178
Connection: keep-alive
Location: jads2.js
poweredby.jads.co/js/jads2.js
200 OK 1.7 kB URL GET HTTP/1.1 poweredby.jads.co/js/jads2.js
IP
Requested by https://fr.hentai-img.com/image/-ntr-/page/6/
Certificate IssuerSectigo Limited
Subject*.jads.co
Fingerprint9E:B2:20:AC:19:4B:72:8F:12:D9:D6:5A:6A:B5:BE:EE:46:13:48:EB
ValidityMon, 26 Dec 2022 00:00:00 GMT - Fri, 26 Jan 2024 23:59:59 GMT
File type ASCII text, with very long lines (3758), with no line terminators
Hash bc8141c4650030c41f6a98026b12ce80
af5618f7e467a207d4c64627be580283ab5640cd
5ad0b5133e45b32908a388c8c6dcfca2c23d1d9d3e2ed6a839a742bab1ffde51
GET /js/jads2.js HTTP/1.1
Host: poweredby.jads.co
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://fr.hentai-img.com/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Tue, 05 Dec 2023 16:33:19 GMT
Content-Type: application/x-javascript
Last-Modified: Wed, 20 Sep 2023 21:26:09 GMT
Transfer-Encoding: chunked
Connection: close
ETag: W/"650b6371-eae"
Content-Encoding: gzip
petideadeference.com/pixel/nvwbdp?key=f325dc2bdcd9ba00a1c3fc7fb719f96a
200 OK 0 B URL GET HTTP/1.1 petideadeference.com/pixel/nvwbdp?key=f325dc2bdcd9ba00a1c3fc7fb719f96a
IP
ASN #39572 DataWeb Global Group B.V.
Requested by https://fr.hentai-img.com/image/-ntr-/page/6/
Certificate IssuerLet's Encrypt
Subjectpetideadeference.com
Fingerprint0A:DC:88:39:2C:53:13:CB:4D:70:A4:F2:8C:77:74:6F:03:CA:00:58
ValidityTue, 28 Nov 2023 07:56:10 GMT - Mon, 26 Feb 2024 07:56:09 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /pixel/nvwbdp?key=f325dc2bdcd9ba00a1c3fc7fb719f96a HTTP/1.1
Host: petideadeference.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://fr.hentai-img.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Tue, 05 Dec 2023 16:33:19 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
fixedencampment.com/ntv.json?key=f325dc2bdcd9ba00a1c3fc7fb719f96a&vstc=4
17 kB URL fixedencampment.com/ntv.json?key=f325dc2bdcd9ba00a1c3fc7fb719f96a&vstc=4
IP
File type JSON data\012- , Unicode text, UTF-8 text, with very long lines (17054), with no line terminators
Hash 05609c7095a7ed6d5a73f5e49772b115
578722b26d6e32244a0d6cabc8148cddb37ae34f
7546cba6a7ef77c530f4bcb4dbf0387a42a3fedb860e01fa76a5d7420adea502
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /ntv.json?key=f325dc2bdcd9ba00a1c3fc7fb719f96a&vstc=4 HTTP/1.1
Host: fixedencampment.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://fr.hentai-img.com
DNT: 1
Connection: keep-alive
Referer: https://fr.hentai-img.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Tue, 05 Dec 2023 16:33:19 GMT
Content-Type: application/json
Content-Length: 17055
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: https://fr.hentai-img.com
Access-Control-Allow-Origin: https://fr.hentai-img.com
Access-Control-Allow-Credentials: true
Set-Cookie: u_pl=16443288; expires=Wed, 06 Dec 2023 16:33:19 GMT; secure; SameSite=None
pdhtkv=true; expires=Wed, 06 Dec 2023 16:33:19 GMT; secure; SameSite=None
uncs=1; expires=Wed, 06 Dec 2023 16:33:19 GMT; secure; SameSite=None
pdhtkv49=true; expires=Wed, 06 Dec 2023 16:33:19 GMT; secure; SameSite=None
uncs49=1; expires=Wed, 06 Dec 2023 16:33:19 GMT; secure; SameSite=None
nlecf325dc2bdcd9ba00a1c3fc7fb719f96a=[2229213,3637745,2229212,2229215]; expires=Tue, 05 Dec 2023 16:33:24 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: cdcc1e8d30f7bdca7f05e58707bc0af2
Strict-Transport-Security: max-age=0; includeSubdomains
poweredby.jads.co/js/jads.js
301 Moved Permanently 178 B URL GET HTTP/1.1 poweredby.jads.co/js/jads.js
IP
Requested by https://fr.hentai-img.com/image/-ntr-/page/6/
Certificate IssuerSectigo Limited
Subject*.jads.co
Fingerprint9E:B2:20:AC:19:4B:72:8F:12:D9:D6:5A:6A:B5:BE:EE:46:13:48:EB
ValidityMon, 26 Dec 2022 00:00:00 GMT - Fri, 26 Jan 2024 23:59:59 GMT
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash cd2e0e43980a00fb6a2742d3afd803b8
81ffbd1712afe8cdf138b570c0fc9934742c33c1
bd9df047d51943acc4bc6cf55d88edb5b6785a53337ee2a0f74dd521aedde87d
GET /js/jads.js HTTP/1.1
Host: poweredby.jads.co
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://fr.hentai-img.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Tue, 05 Dec 2023 16:33:20 GMT
Content-Type: text/html
Content-Length: 178
Connection: keep-alive
Location: jads2.js
poweredby.jads.co/js/jads.js
301 Moved Permanently 178 B URL GET HTTP/1.1 poweredby.jads.co/js/jads.js
IP
Requested by https://fr.hentai-img.com/image/-ntr-/page/6/
Certificate IssuerSectigo Limited
Subject*.jads.co
Fingerprint9E:B2:20:AC:19:4B:72:8F:12:D9:D6:5A:6A:B5:BE:EE:46:13:48:EB
ValidityMon, 26 Dec 2022 00:00:00 GMT - Fri, 26 Jan 2024 23:59:59 GMT
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash cd2e0e43980a00fb6a2742d3afd803b8
81ffbd1712afe8cdf138b570c0fc9934742c33c1
bd9df047d51943acc4bc6cf55d88edb5b6785a53337ee2a0f74dd521aedde87d
GET /js/jads.js HTTP/1.1
Host: poweredby.jads.co
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://fr.hentai-img.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Tue, 05 Dec 2023 16:33:20 GMT
Content-Type: text/html
Content-Length: 178
Connection: keep-alive
Location: jads2.js
poweredby.jads.co/js/jads.js
301 Moved Permanently 178 B URL GET HTTP/1.1 poweredby.jads.co/js/jads.js
IP
Requested by https://fr.hentai-img.com/image/-ntr-/page/6/
Certificate IssuerSectigo Limited
Subject*.jads.co
Fingerprint9E:B2:20:AC:19:4B:72:8F:12:D9:D6:5A:6A:B5:BE:EE:46:13:48:EB
ValidityMon, 26 Dec 2022 00:00:00 GMT - Fri, 26 Jan 2024 23:59:59 GMT
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash cd2e0e43980a00fb6a2742d3afd803b8
81ffbd1712afe8cdf138b570c0fc9934742c33c1
bd9df047d51943acc4bc6cf55d88edb5b6785a53337ee2a0f74dd521aedde87d
GET /js/jads.js HTTP/1.1
Host: poweredby.jads.co
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://fr.hentai-img.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Tue, 05 Dec 2023 16:33:20 GMT
Content-Type: text/html
Content-Length: 178
Connection: keep-alive
Location: jads2.js
region1.analytics.google.com/g/collect?v=2&tid=G-1PLLYQLZ1L>m=45je3bt0v874625503z8831581666&_p=1701794003406&_gaz=1&gcd=11l1l1l1l1&dma_cps=sypham&dma=1&cid=1152631006.1701794005&ul=en-us&sr=1280x1024&_s=1&sid=1701794005&sct=1&seg=0&dl=https%3A%2F%2Ffr.hentai-img.com%2Fimage%2F-ntr-%2Fpage%2F6%2F&dt=%E2%9D%A4%EF%B8%8F%20NTR%20%E2%9D%A4%EF%B8%8F%20-%206%20-%20Hentai%20Image&en=page_view&_fv=1&_nsi=1&_ss=1&ep.useAmpClientId=true&tfd=10268
0 B URL region1.analytics.google.com/g/collect?v=2&tid=G-1PLLYQLZ1L>m=45je3bt0v874625503z8831581666&_p=1701794003406&_gaz=1&gcd=11l1l1l1l1&dma_cps=sypham&dma=1&cid=1152631006.1701794005&ul=en-us&sr=1280x1024&_s=1&sid=1701794005&sct=1&seg=0&dl=https%3A%2F%2Ffr.hentai-img.com%2Fimage%2F-ntr-%2Fpage%2F6%2F&dt=%E2%9D%A4%EF%B8%8F%20NTR%20%E2%9D%A4%EF%B8%8F%20-%206%20-%20Hentai%20Image&en=page_view&_fv=1&_nsi=1&_ss=1&ep.useAmpClientId=true&tfd=10268
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /g/collect?v=2&tid=G-1PLLYQLZ1L>m=45je3bt0v874625503z8831581666&_p=1701794003406&_gaz=1&gcd=11l1l1l1l1&dma_cps=sypham&dma=1&cid=1152631006.1701794005&ul=en-us&sr=1280x1024&_s=1&sid=1701794005&sct=1&seg=0&dl=https%3A%2F%2Ffr.hentai-img.com%2Fimage%2F-ntr-%2Fpage%2F6%2F&dt=%E2%9D%A4%EF%B8%8F%20NTR%20%E2%9D%A4%EF%B8%8F%20-%206%20-%20Hentai%20Image&en=page_view&_fv=1&_nsi=1&_ss=1&ep.useAmpClientId=true&tfd=10268 HTTP/1.1
Host: region1.analytics.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://fr.hentai-img.com
DNT: 1
Connection: keep-alive
Referer: https://fr.hentai-img.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0
HTTP/2 204 No Content
access-control-allow-origin: https://fr.hentai-img.com
date: Tue, 05 Dec 2023 16:33:20 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
content-type: text/plain
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
lby2kd27c.com/get/1863026?zoneid=1863026&jp=_clb1v1sifmg93m8i258uu3&nojs=0&abvar=0&febuild=1.0.179&t=0&wcks=1&wgl=0&cnvs=1&os=0&ss=1&ls=1&bb=0&plu=PDF%20Viewer::Chrome%20PDF%20Viewer::Chromium%20PDF%20Viewer::Microsoft%20Edge%20PDF%20Viewer::WebKit%20built-in%20PDF&lang=en-US&pf=Linux%20x86_64&cd=24&ix=0&x=1280&y=1024&md=0&afid=8274303096470016&eclog=0&sp=1&im=1&freq=0
1.6 kB URL lby2kd27c.com/get/1863026?zoneid=1863026&jp=_clb1v1sifmg93m8i258uu3&nojs=0&abvar=0&febuild=1.0.179&t=0&wcks=1&wgl=0&cnvs=1&os=0&ss=1&ls=1&bb=0&plu=PDF%20Viewer::Chrome%20PDF%20Viewer::Chromium%20PDF%20Viewer::Microsoft%20Edge%20PDF%20Viewer::WebKit%20built-in%20PDF&lang=en-US&pf=Linux%20x86_64&cd=24&ix=0&x=1280&y=1024&md=0&afid=8274303096470016&eclog=0&sp=1&im=1&freq=0
IP
Certificate IssuerBuypass AS-983163327
Subject
Fingerprint18:D4:50:75:16:D3:07:57:A9:86:F3:0E:99:AF:B9:B5:11:0D:0D:A4
ValiditySat, 28 Oct 2023 13:43:07 GMT - Wed, 24 Apr 2024 21:59:00 GMT
File type gzip compressed data, from Unix\012- data
Hash 31a0cdbe31f9e50fa2f36f0b1cb1cbab
b6bf75f84785e08a8a931d4b8876df53499064f7
95bf767fc7d993bd20ff97becfdb9c820064f235eaf662ab832b458050cdd62e
GET /get/1863026?zoneid=1863026&jp=_clb1v1sifmg93m8i258uu3&nojs=0&abvar=0&febuild=1.0.179&t=0&wcks=1&wgl=0&cnvs=1&os=0&ss=1&ls=1&bb=0&plu=PDF%20Viewer::Chrome%20PDF%20Viewer::Chromium%20PDF%20Viewer::Microsoft%20Edge%20PDF%20Viewer::WebKit%20built-in%20PDF&lang=en-US&pf=Linux%20x86_64&cd=24&ix=0&x=1280&y=1024&md=0&afid=8274303096470016&eclog=0&sp=1&im=1&freq=0 HTTP/1.1
Host: lby2kd27c.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://fr.hentai-img.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 05 Dec 2023 16:33:18 GMT
content-type: text/javascript; charset=utf-8
vary: Accept-Encoding
x-route-id: config
set-cookie: CHCK=1; Path=/; Expires=Tue, 07 Jan 2025 16:33:18 GMT; Secure; SameSite=None
UID=2312051133e07181d8e1cf45dd8fd216ffe5; Path=/; Expires=Tue, 07 Jan 2025 16:33:18 GMT; Secure; SameSite=None
content-encoding: gzip
timing-allow-origin: *
accept-ch: sec-ch-ua-wow64,sec-ch-ua-full-version-list,sec-ch-ua,sec-ch-ua-platform,sec-ch-ua-mobile,sec-ch-ua-full-version,sec-ch-ua-platform-version,sec-ch-ua-arch,sec-ch-ua-bitness,sec-ch-ua-model,sec-ch-width,sec-ch-viewport-width,sec-ch-viewport-height,sec-ch-dpr,sec-ch-device-memory,sec-ch-rtt,sec-ch-prefers-color-scheme,sec-ch-prefers-reduced-motion,sec-ch-prefers-reduced-transparency,sec-ch-prefers-contrast,sec-ch-forced-colors,sec-ch-prefers-reduced-data
X-Firefox-Spdy: h2
static12.hentai-img.com/upload/20210405/701/717721/p=700/55.jpg
674 kB URL static12.hentai-img.com/upload/20210405/701/717721/p=700/55.jpg
IP
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 700x989, components 3\012- data
Size 674 kB (674102 bytes)
Hash e9b26269eb4f6bafca7e0d50c68c3201
cba02a0b4d70c176273aa17584f993ba3ce4b7e1
b61c6d3801df9920ca5d39557f213858cf24e869285baa05d49fecf93e021f9f
GET /upload/20210405/701/717721/p=700/55.jpg HTTP/1.1
Host: static12.hentai-img.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://fr.hentai-img.com/
Cookie: adsense=pc-ca-ipp%3D1701793995
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Tue, 05 Dec 2023 16:33:18 GMT
content-type: image/jpeg
content-length: 674102
last-modified: Mon, 05 Apr 2021 09:02:22 GMT
etag: "606ad21e-5f67e"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-cache: MISS
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=PjF3TEMQHY6SgaK1aakHsa8Vu%2F9VyrjlZFxt%2FL387rvlv8G%2BO9Bb4sIpSFOLq3lHxMJVPnIyyuct%2FPaiX5UVcJtpm8EmsxQqU44%2Fb%2BfLQEYMySnB3hZOc8agL3mhWixJ%2B%2BFbRTRTUSwwqA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 830db0a7ce7688bc-LHR
alt-svc: h3=":443"; ma=86400
prematuresam.com/watch.1114194874284.js?key=5e6875da5961e81ed9244698fd54f94d&kw=%5B%22%E2%9D%A4%EF%B8%8F%22%2C%22ntr%22%2C%22%E2%9D%A4%EF%B8%8F%22%2C%22-%22%2C%226%22%2C%22-%22%2C%22hentai%22%2C%22image%22%5D&refer=https%3A%2F%2Ffr.hentai-img.com%2Fimage%2F-ntr-%2Fpage%2F6%2F&tz=0&dev=e&res=14.3095&uuid=842f221f-517e-4d2b-8d21-796a6e1e14ba%3A2%3A1
0 B URL prematuresam.com/watch.1114194874284.js?key=5e6875da5961e81ed9244698fd54f94d&kw=%5B%22%E2%9D%A4%EF%B8%8F%22%2C%22ntr%22%2C%22%E2%9D%A4%EF%B8%8F%22%2C%22-%22%2C%226%22%2C%22-%22%2C%22hentai%22%2C%22image%22%5D&refer=https%3A%2F%2Ffr.hentai-img.com%2Fimage%2F-ntr-%2Fpage%2F6%2F&tz=0&dev=e&res=14.3095&uuid=842f221f-517e-4d2b-8d21-796a6e1e14ba%3A2%3A1
IP
ASN #39572 DataWeb Global Group B.V.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /watch.1114194874284.js?key=5e6875da5961e81ed9244698fd54f94d&kw=%5B%22%E2%9D%A4%EF%B8%8F%22%2C%22ntr%22%2C%22%E2%9D%A4%EF%B8%8F%22%2C%22-%22%2C%226%22%2C%22-%22%2C%22hentai%22%2C%22image%22%5D&refer=https%3A%2F%2Ffr.hentai-img.com%2Fimage%2F-ntr-%2Fpage%2F6%2F&tz=0&dev=e&res=14.3095&uuid=842f221f-517e-4d2b-8d21-796a6e1e14ba%3A2%3A1 HTTP/1.1
Host: prematuresam.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://fr.hentai-img.com
DNT: 1
Connection: keep-alive
Referer: https://fr.hentai-img.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 307 Temporary Redirect
Server: nginx/1.19.5
Date: Tue, 05 Dec 2023 16:33:20 GMT
Content-Type: text/html
Content-Length: 0
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: https://fr.hentai-img.com
Access-Control-Allow-Origin: https://fr.hentai-img.com
Access-Control-Allow-Credentials: true
Location: https://prematuresam.com/watch.1114194874284.js?key=5e6875da5961e81ed9244698fd54f94d&kw=%5B%22%E2%9D%A4%EF%B8%8F%22%2C%22ntr%22%2C%22%E2%9D%A4%EF%B8%8F%22%2C%22-%22%2C%226%22%2C%22-%22%2C%22hentai%22%2C%22image%22%5D&refer=https%3A%2F%2Ffr.hentai-img.com%2Fimage%2F-ntr-%2Fpage%2F6%2F&tz=0&dev=e&res=14.3095&uuid=842f221f-517e-4d2b-8d21-796a6e1e14ba%3A2%3A1&shu=02847b13c983dcbb7e4377e4971ef06ca0b360c50fda6f7c1bb5453fb8ce0ce2b4233165bcec3ef347366df19b5e63d80063b43803c5f8c2a29d528e948390a3e2863932f677592f5d1345db3d24dce7bc2f44e0260183300072e07dd460&pst=1701794060&rmtc=t
Set-Cookie: u_pl=15475157; expires=Wed, 06 Dec 2023 16:33:20 GMT; secure; SameSite=None
ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoxNTQ3NTE1NywiayI6IjVlNjg3NWRhNTk2MWU4MWVkOTI0NDY5OGZkNTRmOTRkIiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjoxMzI2ODE1LCJwaWQiOjE0MjQ1NiwiYW4iOnRydWUsImxhbiI6dHJ1ZSwiY2lkIjoxNiwiYWlkIjo1LCJwdCI6NCwicGsiOiJrc2UzM3pwZyIsImNwa3MiOnsiMjgiOiJkNzljZmZkM2EwZDU5ZjYxMWI3NDJmNGQxZjY2NTg5YSJ9LCJ0IjoxfSwidSI6eyJ1IjoxLCJhdSI6MSwiZCI6eyJpZCI6OTA3NTM0NTcsImlkcyI6IiIsImljIjpmYWxzZSwibiI6IkRlc2t0b3AsRW11bGF0b3IiLCJ2IjoiVW5rbm93biIsIm0iOiJVbmtub3duIiwiZiI6MSwiZm4iOiJEZXNrdG9wIiwib2lkIjozODkxNCwib24iOiJXaW5kb3dzIiwib3YiOiIxMC4wIiwiYmlkIjoxMjA2MjUsImJuIjoiRmlyZWZveCIsImJ2IjoiMTA1LjAiLCJ3diI6ZmFsc2UsImUiOnRydWUsImFiIjpmYWxzZX0sImMiOnsiaWQiOjE2MiwiYyI6Ik5PIiwibiI6Ik5vcndheSJ9LCJhIjpmYWxzZSwiY3IiOnsibiI6IkJsaXggU29sdXRpb25zIn0sInhmIjoiIiwiaXhmIjpmYWxzZSwiaWd4ZiI6ZmFsc2UsInVwIjp0cnVlLCJyIjoiaHR0cHM6Ly9mci5oZW50YWktaW1nLmNvbS9pbWFnZS8tbnRyLS9wYWdlLzYvIiwiYXIiOltdfX0.ZlCYnvKYVuhWBSKco6hC2E6E-H_W-Z3YTKxM13nv7i0; expires=Tue, 05 Dec 2023 16:34:20 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: d34138cbe322598c8dd4776fd902f5b4
Strict-Transport-Security: max-age=0; includeSubdomains
forklacy.com/watch.783951738308.js?key=7fd078e363f567e6039e684e541f9020&kw=%5B%22%E2%9D%A4%EF%B8%8F%22%2C%22ntr%22%2C%22%E2%9D%A4%EF%B8%8F%22%2C%22-%22%2C%226%22%2C%22-%22%2C%22hentai%22%2C%22image%22%5D&refer=https%3A%2F%2Ffr.hentai-img.com%2Fimage%2F-ntr-%2Fpage%2F6%2F&tz=0&dev=e&res=14.3095&uuid=8325fdb6-4dc6-407a-8a3e-13c934c97f16%3A3%3A1
307 Temporary Redirect 0 B URL GET HTTP/1.1 forklacy.com/watch.783951738308.js?key=7fd078e363f567e6039e684e541f9020&kw=%5B%22%E2%9D%A4%EF%B8%8F%22%2C%22ntr%22%2C%22%E2%9D%A4%EF%B8%8F%22%2C%22-%22%2C%226%22%2C%22-%22%2C%22hentai%22%2C%22image%22%5D&refer=https%3A%2F%2Ffr.hentai-img.com%2Fimage%2F-ntr-%2Fpage%2F6%2F&tz=0&dev=e&res=14.3095&uuid=8325fdb6-4dc6-407a-8a3e-13c934c97f16%3A3%3A1
IP
ASN #39572 DataWeb Global Group B.V.
Requested by https://fr.hentai-img.com/image/-ntr-/page/6/
Certificate IssuerLet's Encrypt
Subjectforklacy.com
FingerprintEC:85:C1:DF:A4:84:6D:18:50:A5:AE:F6:0A:77:C6:D4:F8:27:67:1F
ValidityTue, 28 Nov 2023 10:42:01 GMT - Mon, 26 Feb 2024 10:42:00 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /watch.783951738308.js?key=7fd078e363f567e6039e684e541f9020&kw=%5B%22%E2%9D%A4%EF%B8%8F%22%2C%22ntr%22%2C%22%E2%9D%A4%EF%B8%8F%22%2C%22-%22%2C%226%22%2C%22-%22%2C%22hentai%22%2C%22image%22%5D&refer=https%3A%2F%2Ffr.hentai-img.com%2Fimage%2F-ntr-%2Fpage%2F6%2F&tz=0&dev=e&res=14.3095&uuid=8325fdb6-4dc6-407a-8a3e-13c934c97f16%3A3%3A1 HTTP/1.1
Host: forklacy.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://fr.hentai-img.com
DNT: 1
Connection: keep-alive
Referer: https://fr.hentai-img.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 307 Temporary Redirect
Server: nginx/1.21.6
Date: Tue, 05 Dec 2023 16:33:20 GMT
Content-Type: text/html
Content-Length: 0
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: https://fr.hentai-img.com
Access-Control-Allow-Origin: https://fr.hentai-img.com
Access-Control-Allow-Credentials: true
Location: https://forklacy.com/watch.783951738308.js?key=7fd078e363f567e6039e684e541f9020&kw=%5B%22%E2%9D%A4%EF%B8%8F%22%2C%22ntr%22%2C%22%E2%9D%A4%EF%B8%8F%22%2C%22-%22%2C%226%22%2C%22-%22%2C%22hentai%22%2C%22image%22%5D&refer=https%3A%2F%2Ffr.hentai-img.com%2Fimage%2F-ntr-%2Fpage%2F6%2F&tz=0&dev=e&res=14.3095&uuid=8325fdb6-4dc6-407a-8a3e-13c934c97f16%3A3%3A1&shu=b3b27d495def941c0d9b07eb295c273670e96e672081ed6423297fd27d57b3d52748d1a021cdc48cadca93ed0be08bc20c7260b72ddb79a23d921d321d8a08eb9f0d59654fec3550923824ad4ee1a572cadcd2e82c8ff6b9e16fcc604a6b87&pst=1701794060&rmtc=t
Set-Cookie: u_pl=16448109; expires=Wed, 06 Dec 2023 16:33:20 GMT; secure; SameSite=None
ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoxNjQ0ODEwOSwiayI6IjdmZDA3OGUzNjNmNTY3ZTYwMzllNjg0ZTU0MWY5MDIwIiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjoxMzI2ODE1LCJwaWQiOjE0MjQ1NiwiYW4iOnRydWUsImxhbiI6dHJ1ZSwiY2lkIjoxNiwiYWlkIjoyNSwicHQiOjQsInBrIjoiY2NtaHRmcGdwIiwiY3BrcyI6eyIyOSI6IjI3ZDBhN2M0ODhjNTBmMmU5ZjU4N2Y3N2VjMDI3Y2ExIn0sInQiOjF9LCJ1Ijp7InUiOjEsImF1IjoxLCJkIjp7ImlkIjo5MDc1MzQ1NywiaWRzIjoiIiwiaWMiOmZhbHNlLCJuIjoiRGVza3RvcCxFbXVsYXRvciIsInYiOiJVbmtub3duIiwibSI6IlVua25vd24iLCJmIjoxLCJmbiI6IkRlc2t0b3AiLCJvaWQiOjM4OTE0LCJvbiI6IldpbmRvd3MiLCJvdiI6IjEwLjAiLCJiaWQiOjEyMDYyNSwiYm4iOiJGaXJlZm94IiwiYnYiOiIxMDUuMCIsInd2IjpmYWxzZSwiZSI6dHJ1ZSwiYWIiOmZhbHNlfSwiYyI6eyJpZCI6MTYyLCJjIjoiTk8iLCJuIjoiTm9yd2F5In0sImEiOmZhbHNlLCJjciI6eyJuIjoiQmxpeCBTb2x1dGlvbnMifSwieGYiOiIiLCJpeGYiOmZhbHNlLCJpZ3hmIjpmYWxzZSwidXAiOnRydWUsInIiOiJodHRwczovL2ZyLmhlbnRhaS1pbWcuY29tL2ltYWdlLy1udHItL3BhZ2UvNi8iLCJhciI6W119fQ.EVUbUHq67m6gmuc1Ig3l63n84Lhy6tquNPRgbdb4lTo; expires=Tue, 05 Dec 2023 16:34:20 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 6257d02944a328e4bf9d26082f514244
Strict-Transport-Security: max-age=0; includeSubdomains
static12.hentai-img.com/upload/20210405/701/717721/p=700/56.jpg
525 kB URL static12.hentai-img.com/upload/20210405/701/717721/p=700/56.jpg
IP
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 700x989, components 3\012- data
Size 525 kB (525308 bytes)
Hash 29a23dc146575ca1d8125c637f76eeb5
68586d3e4c7d8b700da5b005eccdef77763f3086
271652cba7b6906ff439b961637ac145fe3d451b0c9c25b439280cb85f2c308b
GET /upload/20210405/701/717721/p=700/56.jpg HTTP/1.1
Host: static12.hentai-img.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://fr.hentai-img.com/
Cookie: adsense=pc-ca-ipp%3D1701793995
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Tue, 05 Dec 2023 16:33:18 GMT
content-type: image/jpeg
content-length: 525308
last-modified: Mon, 05 Apr 2021 09:02:36 GMT
etag: "606ad22c-44609"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-cache: MISS
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=rsdeREFQ1C95fVxBB17HVISqLMQ8PsDVZRGEk8TiIiM584qhOnGfG2d8X3PqnDOl4Th5JT4UXFmr%2FgzJuQ%2FRTPYsbfuidatCVClC2GVqPoJXCa90SLmlX1%2F9gz5v0NSG6%2F4eNqiiioubHA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 830db0a85f7e88bc-LHR
alt-svc: h3=":443"; ma=86400
landmarkfootnotary.com/watch.1013712431799.js?key=5e6875da5961e81ed9244698fd54f94d&kw=%5B%22%E2%9D%A4%EF%B8%8F%22%2C%22ntr%22%2C%22%E2%9D%A4%EF%B8%8F%22%2C%22-%22%2C%226%22%2C%22-%22%2C%22hentai%22%2C%22image%22%5D&refer=https%3A%2F%2Ffr.hentai-img.com%2Fimage%2F-ntr-%2Fpage%2F6%2F&tz=0&dev=e&res=14.3095&uuid=8325fdb6-4dc6-407a-8a3e-13c934c97f16%3A3%3A1
0 B URL landmarkfootnotary.com/watch.1013712431799.js?key=5e6875da5961e81ed9244698fd54f94d&kw=%5B%22%E2%9D%A4%EF%B8%8F%22%2C%22ntr%22%2C%22%E2%9D%A4%EF%B8%8F%22%2C%22-%22%2C%226%22%2C%22-%22%2C%22hentai%22%2C%22image%22%5D&refer=https%3A%2F%2Ffr.hentai-img.com%2Fimage%2F-ntr-%2Fpage%2F6%2F&tz=0&dev=e&res=14.3095&uuid=8325fdb6-4dc6-407a-8a3e-13c934c97f16%3A3%3A1
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /watch.1013712431799.js?key=5e6875da5961e81ed9244698fd54f94d&kw=%5B%22%E2%9D%A4%EF%B8%8F%22%2C%22ntr%22%2C%22%E2%9D%A4%EF%B8%8F%22%2C%22-%22%2C%226%22%2C%22-%22%2C%22hentai%22%2C%22image%22%5D&refer=https%3A%2F%2Ffr.hentai-img.com%2Fimage%2F-ntr-%2Fpage%2F6%2F&tz=0&dev=e&res=14.3095&uuid=8325fdb6-4dc6-407a-8a3e-13c934c97f16%3A3%3A1 HTTP/1.1
Host: landmarkfootnotary.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://fr.hentai-img.com
DNT: 1
Connection: keep-alive
Referer: https://fr.hentai-img.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 307 Temporary Redirect
Server: nginx/1.21.6
Date: Tue, 05 Dec 2023 16:33:20 GMT
Content-Type: text/html
Content-Length: 0
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: https://fr.hentai-img.com
Access-Control-Allow-Origin: https://fr.hentai-img.com
Access-Control-Allow-Credentials: true
Location: https://landmarkfootnotary.com/watch.1013712431799.js?key=5e6875da5961e81ed9244698fd54f94d&kw=%5B%22%E2%9D%A4%EF%B8%8F%22%2C%22ntr%22%2C%22%E2%9D%A4%EF%B8%8F%22%2C%22-%22%2C%226%22%2C%22-%22%2C%22hentai%22%2C%22image%22%5D&refer=https%3A%2F%2Ffr.hentai-img.com%2Fimage%2F-ntr-%2Fpage%2F6%2F&tz=0&dev=e&res=14.3095&uuid=8325fdb6-4dc6-407a-8a3e-13c934c97f16%3A3%3A1&shu=478f7c68f3917308a2a607cc3384db4fe7da6e86b3ce349b117b7cc8e345d8656a4504f67f839aaec4145bc78930c82f8fc516e30c2a6984fb839abf24ba05083110ecbf028b8ae07e2383f60ea62c11b94589772efe78a0c5c268a06ed3354c&pst=1701794060&rmtc=t
Set-Cookie: u_pl=15475157; expires=Wed, 06 Dec 2023 16:33:20 GMT; secure; SameSite=None
ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoxNTQ3NTE1NywiayI6IjVlNjg3NWRhNTk2MWU4MWVkOTI0NDY5OGZkNTRmOTRkIiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjoxMzI2ODE1LCJwaWQiOjE0MjQ1NiwiYW4iOnRydWUsImxhbiI6dHJ1ZSwiY2lkIjoxNiwiYWlkIjo1LCJwdCI6NCwicGsiOiJrc2UzM3pwZyIsImNwa3MiOnsiMjgiOiJkNzljZmZkM2EwZDU5ZjYxMWI3NDJmNGQxZjY2NTg5YSJ9LCJ0IjoxfSwidSI6eyJ1IjoxLCJhdSI6MSwiZCI6eyJpZCI6OTA3NTM0NTcsImlkcyI6IiIsImljIjpmYWxzZSwibiI6IkRlc2t0b3AsRW11bGF0b3IiLCJ2IjoiVW5rbm93biIsIm0iOiJVbmtub3duIiwiZiI6MSwiZm4iOiJEZXNrdG9wIiwib2lkIjozODkxNCwib24iOiJXaW5kb3dzIiwib3YiOiIxMC4wIiwiYmlkIjoxMjA2MjUsImJuIjoiRmlyZWZveCIsImJ2IjoiMTA1LjAiLCJ3diI6ZmFsc2UsImUiOnRydWUsImFiIjpmYWxzZX0sImMiOnsiaWQiOjE2MiwiYyI6Ik5PIiwibiI6Ik5vcndheSJ9LCJhIjpmYWxzZSwiY3IiOnsibiI6IkJsaXggU29sdXRpb25zIn0sInhmIjoiIiwiaXhmIjpmYWxzZSwiaWd4ZiI6ZmFsc2UsInVwIjp0cnVlLCJyIjoiaHR0cHM6Ly9mci5oZW50YWktaW1nLmNvbS9pbWFnZS8tbnRyLS9wYWdlLzYvIiwiYXIiOltdfX0.ZlCYnvKYVuhWBSKco6hC2E6E-H_W-Z3YTKxM13nv7i0; expires=Tue, 05 Dec 2023 16:34:20 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: cb4d42b4c0e7f9debb640418f5007bab
Strict-Transport-Security: max-age=0; includeSubdomains
cdn.tsyndicate.com/sdk/v1/bi.js
200 OK 3.1 kB URL GET HTTP/2 cdn.tsyndicate.com/sdk/v1/bi.js
IP
Requested by https://fr.hentai-img.com/image/-ntr-/page/6/
Certificate IssuerSectigo Limited
Subjectcdn.tsyndicate.com
FingerprintB6:87:8F:D6:E3:48:CF:61:4E:55:B9:6B:66:FC:B2:13:7F:A0:0D:BA
ValidityWed, 14 Jun 2023 00:00:00 GMT - Sun, 14 Jul 2024 23:59:59 GMT
File type C source, ASCII text, with very long lines (7708)
Hash 132db549c9f97232cccb62af9f2156b9
27a33f324e81bb08d48875a20ef18d1f22d90af9
566f0492535dba4934209ea2b08a9ee357f4c7febf4defc717e0cb1d789bb0e5
GET /sdk/v1/bi.js HTTP/1.1
Host: cdn.tsyndicate.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://fr.hentai-img.com/
Cookie: ts_uid=3ae539e5-1caa-4d4f-b769-a0fc7d9fd7f7
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Tue, 05 Dec 2023 16:33:20 GMT
content-type: application/javascript
content-length: 3084
server: nginx
last-modified: Mon, 02 Oct 2023 10:01:05 GMT
x-robots-tag: noindex, nofollow
vary: Accept-Encoding
etag: W/"651a94e1-1e65"
content-encoding: gzip
age: 5284363
accept-ranges: bytes
X-Firefox-Spdy: h2
go.eabids.com/eactrl.go
2.3 kB IP
File type JSON data\012- , ASCII text, with very long lines (3880), with no line terminators
Hash 77dbddcdd89f9e719691f006c6037a72
fb10bfdb5608e2853746051ca0f35086cbf5937d
40bd61103366e21375be17dab201b24553d41b07498b51680b82765aa5cb1a0d
POST /eactrl.go HTTP/1.1
Host: go.eabids.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-type: application/x-www-form-urlencoded
Content-Length: 1078
Origin: https://fr.hentai-img.com
DNT: 1
Connection: keep-alive
Referer: https://fr.hentai-img.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Tue, 05 Dec 2023 16:33:20 GMT
content-type: application/json;charset=utf-8
content-length: 2280
content-encoding: gzip
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version-List, Sec-CH-UA-WoW64
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-platform=*, ch-ua-platform-version=*
access-control-allow-origin: https://fr.hentai-img.com
access-control-allow-methods: POST, GET, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token,X-CSRFToken, Authorization
access-control-allow-credentials: true
expires: Mon, 03 Jul 2001 06:00:00 GMT
last-modified: Janon, 05 12 2023 16:33:20 GMT
cache-control: no-store, no-cache, must-revalidate, max-age=0,post-check=0, pre-check=0
pragma: no-cache
x-backend-server: nl2-web-202
X-Firefox-Spdy: h2
static12.hentai-img.com/upload/20210405/701/717721/p=700/57.jpg
374 kB URL static12.hentai-img.com/upload/20210405/701/717721/p=700/57.jpg
IP
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 700x494, components 3\012- data
Size 374 kB (374316 bytes)
Hash 1a92765d38d15728b4173f21cca17564
116b5c213158786ef38b5899a9b3022b6d3d9a3b
3d4077cc438a79e15a1bc8d0db04c36d38a35e804961e0bb0edc36f78abff3a2
GET /upload/20210405/701/717721/p=700/57.jpg HTTP/1.1
Host: static12.hentai-img.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://fr.hentai-img.com/
Cookie: adsense=pc-ca-ipp%3D1701793995
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Tue, 05 Dec 2023 16:33:18 GMT
content-type: image/jpeg
content-length: 374316
last-modified: Mon, 05 Apr 2021 09:02:23 GMT
etag: "606ad21f-366be"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-cache: MISS
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=7dbD9rtx0K8lA7KqX8%2Fj75jSMcgjdTJfQIKEUbqIrl3ZbevEM0kR8%2BdtrK%2BVuqMHJRyVtSfPK7di4RYdz6aVh%2FRAxtfHphWpNRZ26sSOmIJfgAq0vTA7HRaDNeG0lwGIe6IStT%2F4eiUGVg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 830db0a85f8388bc-LHR
alt-svc: h3=":443"; ma=86400
static12.hentai-img.com/upload/20210405/701/717721/p=700/58.jpg
200 OK 285 kB URL GET HTTP/3 static12.hentai-img.com/upload/20210405/701/717721/p=700/58.jpg
IP
Requested by https://fr.hentai-img.com/image/-ntr-/page/6/
Certificate IssuerGoogle Trust Services LLC
Subjecthentai-img.com
Fingerprint0C:0F:5D:D5:C9:A9:F5:C7:7D:41:9B:02:8F:21:4E:22:66:97:A6:23
ValiditySat, 21 Oct 2023 10:38:53 GMT - Fri, 19 Jan 2024 10:38:52 GMT
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 700x494, components 3\012- data
Size 285 kB (284772 bytes)
Hash 1904d53c5ba98983867f8375e5141342
defcf42bc4b611fe46588fad39525a978ec9eaf0
ded2b37249c6bc8c3ffcbf05e30bbbcbe4081f62574489149b1cba73548b40c6
GET /upload/20210405/701/717721/p=700/58.jpg HTTP/1.1
Host: static12.hentai-img.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://fr.hentai-img.com/
Cookie: adsense=pc-ca-ipp%3D1701793995
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Tue, 05 Dec 2023 16:33:19 GMT
content-type: image/jpeg
content-length: 284772
last-modified: Mon, 05 Apr 2021 09:02:19 GMT
etag: "606ad21b-23d3e"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-cache: MISS
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=BA7OU48EIVAW1%2F5akMDgAWx4GcwcNXZl0mxAZYtPTlhMFWsn2%2Ff9KcM%2BcURPqX%2Fy9JrN2hSOzL9tyPLQjQASZZ%2FJuNtV456QFFGOW87F7XdUx2HT25Nfjit88G9476HSvnD4%2FlwoHLRlzA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 830db0a85f8588bc-LHR
alt-svc: h3=":443"; ma=86400
prematuresam.com/watch.1114194874284.js?key=5e6875da5961e81ed9244698fd54f94d&kw=%5B%22%E2%9D%A4%EF%B8%8F%22%2C%22ntr%22%2C%22%E2%9D%A4%EF%B8%8F%22%2C%22-%22%2C%226%22%2C%22-%22%2C%22hentai%22%2C%22image%22%5D&refer=https%3A%2F%2Ffr.hentai-img.com%2Fimage%2F-ntr-%2Fpage%2F6%2F&tz=0&dev=e&res=14.3095&uuid=842f221f-517e-4d2b-8d21-796a6e1e14ba%3A2%3A1&shu=02847b13c983dcbb7e4377e4971ef06ca0b360c50fda6f7c1bb5453fb8ce0ce2b4233165bcec3ef347366df19b5e63d80063b43803c5f8c2a29d528e948390a3e2863932f677592f5d1345db3d24dce7bc2f44e0260183300072e07dd460&pst=1701794060&rmtc=t
2.4 kB URL prematuresam.com/watch.1114194874284.js?key=5e6875da5961e81ed9244698fd54f94d&kw=%5B%22%E2%9D%A4%EF%B8%8F%22%2C%22ntr%22%2C%22%E2%9D%A4%EF%B8%8F%22%2C%22-%22%2C%226%22%2C%22-%22%2C%22hentai%22%2C%22image%22%5D&refer=https%3A%2F%2Ffr.hentai-img.com%2Fimage%2F-ntr-%2Fpage%2F6%2F&tz=0&dev=e&res=14.3095&uuid=842f221f-517e-4d2b-8d21-796a6e1e14ba%3A2%3A1&shu=02847b13c983dcbb7e4377e4971ef06ca0b360c50fda6f7c1bb5453fb8ce0ce2b4233165bcec3ef347366df19b5e63d80063b43803c5f8c2a29d528e948390a3e2863932f677592f5d1345db3d24dce7bc2f44e0260183300072e07dd460&pst=1701794060&rmtc=t
IP
ASN #39572 DataWeb Global Group B.V.
File type HTML document text\012- HTML document, ASCII text, with very long lines (3131)
Hash 23c1cb7b4e0f5770888b44a9403fe7fe
eefa174f2dbe287109966fe84a25214a9f613ae9
1f6edd98e0975058755e3365b1e830bcb9a3d9dc90be0d678e2579cf59a671e3
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /watch.1114194874284.js?key=5e6875da5961e81ed9244698fd54f94d&kw=%5B%22%E2%9D%A4%EF%B8%8F%22%2C%22ntr%22%2C%22%E2%9D%A4%EF%B8%8F%22%2C%22-%22%2C%226%22%2C%22-%22%2C%22hentai%22%2C%22image%22%5D&refer=https%3A%2F%2Ffr.hentai-img.com%2Fimage%2F-ntr-%2Fpage%2F6%2F&tz=0&dev=e&res=14.3095&uuid=842f221f-517e-4d2b-8d21-796a6e1e14ba%3A2%3A1&shu=02847b13c983dcbb7e4377e4971ef06ca0b360c50fda6f7c1bb5453fb8ce0ce2b4233165bcec3ef347366df19b5e63d80063b43803c5f8c2a29d528e948390a3e2863932f677592f5d1345db3d24dce7bc2f44e0260183300072e07dd460&pst=1701794060&rmtc=t HTTP/1.1
Host: prematuresam.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://fr.hentai-img.com
Referer: https://fr.hentai-img.com/
DNT: 1
Connection: keep-alive
Cookie: u_pl=15475157; ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoxNTQ3NTE1NywiayI6IjVlNjg3NWRhNTk2MWU4MWVkOTI0NDY5OGZkNTRmOTRkIiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjoxMzI2ODE1LCJwaWQiOjE0MjQ1NiwiYW4iOnRydWUsImxhbiI6dHJ1ZSwiY2lkIjoxNiwiYWlkIjo1LCJwdCI6NCwicGsiOiJrc2UzM3pwZyIsImNwa3MiOnsiMjgiOiJkNzljZmZkM2EwZDU5ZjYxMWI3NDJmNGQxZjY2NTg5YSJ9LCJ0IjoxfSwidSI6eyJ1IjoxLCJhdSI6MSwiZCI6eyJpZCI6OTA3NTM0NTcsImlkcyI6IiIsImljIjpmYWxzZSwibiI6IkRlc2t0b3AsRW11bGF0b3IiLCJ2IjoiVW5rbm93biIsIm0iOiJVbmtub3duIiwiZiI6MSwiZm4iOiJEZXNrdG9wIiwib2lkIjozODkxNCwib24iOiJXaW5kb3dzIiwib3YiOiIxMC4wIiwiYmlkIjoxMjA2MjUsImJuIjoiRmlyZWZveCIsImJ2IjoiMTA1LjAiLCJ3diI6ZmFsc2UsImUiOnRydWUsImFiIjpmYWxzZX0sImMiOnsiaWQiOjE2MiwiYyI6Ik5PIiwibiI6Ik5vcndheSJ9LCJhIjpmYWxzZSwiY3IiOnsibiI6IkJsaXggU29sdXRpb25zIn0sInhmIjoiIiwiaXhmIjpmYWxzZSwiaWd4ZiI6ZmFsc2UsInVwIjp0cnVlLCJyIjoiaHR0cHM6Ly9mci5oZW50YWktaW1nLmNvbS9pbWFnZS8tbnRyLS9wYWdlLzYvIiwiYXIiOltdfX0.ZlCYnvKYVuhWBSKco6hC2E6E-H_W-Z3YTKxM13nv7i0
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Tue, 05 Dec 2023 16:33:20 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: https://fr.hentai-img.com
Access-Control-Allow-Origin: https://fr.hentai-img.com
Access-Control-Allow-Credentials: true
Set-Cookie: uid_id2=842f221f-517e-4d2b-8d21-796a6e1e14ba:2:1; expires=Tue, 12 Dec 2023 16:33:20 GMT; secure; SameSite=None
iprcb94d3acb73f4d777f399538f8c295e63=3569681; expires=Tue, 05 Dec 2023 20:33:20 GMT; secure; SameSite=None
pdhtkv=true; expires=Wed, 06 Dec 2023 16:33:20 GMT; secure; SameSite=None
uncs=1; expires=Wed, 06 Dec 2023 16:33:20 GMT; secure; SameSite=None
pdhtkv5=true; expires=Wed, 06 Dec 2023 16:33:20 GMT; secure; SameSite=None
uncs5=1; expires=Wed, 06 Dec 2023 16:33:20 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: c03fc6acf0cff04dbf0ee207592515e5
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
static12.hentai-img.com/upload/20210405/701/717721/p=700/59.jpg
530 kB URL static12.hentai-img.com/upload/20210405/701/717721/p=700/59.jpg
IP
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 700x991, components 3\012- data
Size 530 kB (530355 bytes)
Hash e6d197345718becb8d16151c584a5f92
9640a66660c89630a89ac88900bd1f03dbf20943
973955afcae5a83b5a86eb50ee238ffd869866a92ada9c030748bb4596279772
GET /upload/20210405/701/717721/p=700/59.jpg HTTP/1.1
Host: static12.hentai-img.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://fr.hentai-img.com/
Cookie: adsense=pc-ca-ipp%3D1701793995
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Tue, 05 Dec 2023 16:33:18 GMT
content-type: image/jpeg
content-length: 530355
last-modified: Mon, 05 Apr 2021 09:02:37 GMT
etag: "606ad22d-4598b"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-cache: MISS
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ieLteLdJA4klDZuQEh%2B3cNYMRUWtc7wAokf1Eb4j%2FmXhNJgMygOZBvTztPPBzNhA1zgknpH9nwOcodY1acFuJ1h6sU9h%2BmBmoVUzr%2BxdlkIuhnhYkEuxH9LqLyvumOmVnDJujiEhsdtMvA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 830db0a85f8888bc-LHR
alt-svc: h3=":443"; ma=86400
porn-images-xxx.com/api/w/?m=html&search_type=merge&language=fr&count=4&domain=porn-images-xxx.com&tag[]=sword-art-online
200 OK 2.5 kB URL POST HTTP/2 porn-images-xxx.com/api/w/?m=html&search_type=merge&language=fr&count=4&domain=porn-images-xxx.com&tag[]=sword-art-online
IP
Requested by https://fr.hentai-img.com/image/-ntr-/page/6/
Certificate IssuerGoogle Trust Services LLC
Subjectporn-images-xxx.com
Fingerprint76:46:DD:F2:82:63:A1:33:0D:3C:22:7C:5E:ED:06:C0:4F:2F:D0:91
ValiditySat, 21 Oct 2023 01:21:33 GMT - Fri, 19 Jan 2024 01:21:32 GMT
Hash e53f7abb7b1ef5030e3ce763d69da441
4e8bd137ce1ec00945ff4f6c16d3b7c4dfcf9e07
e65bda1dfcb60529796075328856f7738c8759646e20838da54901ea42e3a9ab
POST /api/w/?m=html&search_type=merge&language=fr&count=4&domain=porn-images-xxx.com&tag[]=sword-art-online HTTP/1.1
Host: porn-images-xxx.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html, */*; q=0.01
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://fr.hentai-img.com
DNT: 1
Connection: keep-alive
Referer: https://fr.hentai-img.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Content-Length: 0
HTTP/2 200 OK
date: Tue, 05 Dec 2023 16:33:20 GMT
content-type: text/plain; charset=utf-8
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, User-Agent
access-control-allow-origin: *
fastcgi-cache: HIT
x-frame-options: SAMEORIGIN, SAMEORIGIN
x-cache: HIT
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=BrjLibmF1jOwWG6ZP7WRWZNe6%2BhC9AUz4eqat%2Fz78vpA6NOsdphIpLGTvLWKQZDbqBJQeDfx7fxpxs%2B9r7Pr0aMRJjmZpl2eiUAbyFLY8WnB19J5QfwLHGgjLbS0ke5d%2BV6hx3L7"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 830db0b7df0763c7-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
static12.hentai-img.com/upload/20210405/701/717721/p=700/60.jpg
489 kB URL static12.hentai-img.com/upload/20210405/701/717721/p=700/60.jpg
IP
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 700x991, components 3\012- data
Size 489 kB (488683 bytes)
Hash c9c953f25e83ecf3ed4f214153b34d78
3b2cd5b46238468af9f357b4637ee564e85f9c21
37f9067e984292c4217102912ef198b21b90534797414c5b93ffe7b9cfb1cea6
GET /upload/20210405/701/717721/p=700/60.jpg HTTP/1.1
Host: static12.hentai-img.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://fr.hentai-img.com/
Cookie: adsense=pc-ca-ipp%3D1701793995
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Tue, 05 Dec 2023 16:33:19 GMT
content-type: image/jpeg
content-length: 488683
last-modified: Mon, 05 Apr 2021 09:02:16 GMT
etag: "606ad218-3d4cd"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-cache: MISS
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=58%2BVLvtPosXwpLUz7Eku14FNFGrRSdEGGTm42oBRkSPBm0L1x2TRZy4TQegl%2Fd1kS805Vq3Pvpubsqkke3e6RlfmYNmei6lw%2FGJlKoy5sTh%2FPP3BbxOPIn%2FJJ%2BL8ah9v2iVn6x8XFRTj5A%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 830db0a85f9488bc-LHR
alt-svc: h3=":443"; ma=86400
fixedencampment.com/ren.gif?sid=H4sIAAAAAAAC%2F1RSz2tcVRS%2BLx1BdFOlG8HF4EIU6uS9%2BZHJWLAYayQYk9hWsr6%2F3uSa%2B9593PvevElWqUXpcgQX1dXLN0mDMRT7BygycVOCSmYjAZsuxaUIRVzJTAdGD9xzvnO%2Fs%2Fi%2Bc%2B9nu9k5CZDRs7UPzLbSms42Kn75tXUVC5O78srNcuBX%2FCvldRXP1a%2BUu6NkO28GfqPiv15%2BT%2FJNM1v1A98P%2FKC8qKwMTXd2zEIlR62g0vIr9WolaNTRtf%2FvXebBUQ%2Bic05ehBLDZzYePoDiA8TRt9ek20xNcvndKNM0NRYdcfBRvBmbPEY0haH1EMYHk2kYNyTk7gxMfDBxANPZGzkAU0Pi%2FRqAxQcTmWCd%2FadKmYaMwcTzyDsDSD2AogNwcxtKnBKAC6ysIo7urRib062nLB2xQ1J68hdUPiSlR5cQR%2FcXtOqWbxidpcrEDt2wgOoOoNoDJNkx0m0PKj8GTz%2BBEj%2BT2SfLiKO9VacNlCjG7pUaQIUDaNkDdR6y0VEestBDlniIxFmZNlqh7zdDFtZq83XOea3GeWN%2BTjRErT4f%2Bsj4SF4PadID1z1wu4PE7mBTfX5KDmGzH%2BA2CjjhwaVD4n24g44okEuC3BHklCBXBHlKkHeKfaFd1RX3hHYZCya1Oqm1om%2FS9i7dN2lbxgTU9naTc%2FLCeD3%2F%2FH4Xm%2FKsHNaqDcGrTHDRYtT3acBrIW%2BGrBm0wtYchVMFlJsZO95WQ3LprcdI1JDMXO6C0WM4fQyuLoJmAWjeb1Z90I1%2Bfd7Hdnx%2FQ8YpVW%2BoqF3hJoIwBZK0hHTL29Xn5KWxklcuPILkJ1cPXz56Nnj1D3BbILEFPlY%2FErT1nf51k5O96yZ35MFqkqpIbdPRI95IaSovHL4vt3JjxdI11%2Fv6bT4iRvDopnTpMo2FituOfLOghJB20VguyXdLbl2ytcxtLGQ2zpLltXcWl6LESueUiQeg6nT1b3A1JKVb34%2B%2F58WfPoWyA9isQJSdkElAmWPwZAcumap3hsDq6QxLPORZ0bdVNr3UikDLaU9ZAfefnk3xrruDti2BprcRRwU6tkBHF6C6B5c9108Te3L14Zej%2BApMl%2FpM29Ie01Z%2FMV7tkDRv%2FTlCv43SYzh1VpaN0A%2BlX5UsbLGwSX3RCustRluBbLIGDZC6oTRrv%2FwLAAD%2F%2FwEAAP%2F%2FzSKFwYUEAAA%3D
200 OK 7 B URL GET HTTP/1.1 fixedencampment.com/ren.gif?sid=H4sIAAAAAAAC%2F1RSz2tcVRS%2BLx1BdFOlG8HF4EIU6uS9%2BZHJWLAYayQYk9hWsr6%2F3uSa%2B9593PvevElWqUXpcgQX1dXLN0mDMRT7BygycVOCSmYjAZsuxaUIRVzJTAdGD9xzvnO%2Fs%2Fi%2Bc%2B9nu9k5CZDRs7UPzLbSms42Kn75tXUVC5O78srNcuBX%2FCvldRXP1a%2BUu6NkO28GfqPiv15%2BT%2FJNM1v1A98P%2FKC8qKwMTXd2zEIlR62g0vIr9WolaNTRtf%2FvXebBUQ%2Bic05ehBLDZzYePoDiA8TRt9ek20xNcvndKNM0NRYdcfBRvBmbPEY0haH1EMYHk2kYNyTk7gxMfDBxANPZGzkAU0Pi%2FRqAxQcTmWCd%2FadKmYaMwcTzyDsDSD2AogNwcxtKnBKAC6ysIo7urRib062nLB2xQ1J68hdUPiSlR5cQR%2FcXtOqWbxidpcrEDt2wgOoOoNoDJNkx0m0PKj8GTz%2BBEj%2BT2SfLiKO9VacNlCjG7pUaQIUDaNkDdR6y0VEestBDlniIxFmZNlqh7zdDFtZq83XOea3GeWN%2BTjRErT4f%2Bsj4SF4PadID1z1wu4PE7mBTfX5KDmGzH%2BA2CjjhwaVD4n24g44okEuC3BHklCBXBHlKkHeKfaFd1RX3hHYZCya1Oqm1om%2FS9i7dN2lbxgTU9naTc%2FLCeD3%2F%2FH4Xm%2FKsHNaqDcGrTHDRYtT3acBrIW%2BGrBm0wtYchVMFlJsZO95WQ3LprcdI1JDMXO6C0WM4fQyuLoJmAWjeb1Z90I1%2Bfd7Hdnx%2FQ8YpVW%2BoqF3hJoIwBZK0hHTL29Xn5KWxklcuPILkJ1cPXz56Nnj1D3BbILEFPlY%2FErT1nf51k5O96yZ35MFqkqpIbdPRI95IaSovHL4vt3JjxdI11%2Fv6bT4iRvDopnTpMo2FituOfLOghJB20VguyXdLbl2ytcxtLGQ2zpLltXcWl6LESueUiQeg6nT1b3A1JKVb34%2B%2F58WfPoWyA9isQJSdkElAmWPwZAcumap3hsDq6QxLPORZ0bdVNr3UikDLaU9ZAfefnk3xrruDti2BprcRRwU6tkBHF6C6B5c9108Te3L14Zej%2BApMl%2FpM29Ie01Z%2FMV7tkDRv%2FTlCv43SYzh1VpaN0A%2BlX5UsbLGwSX3RCustRluBbLIGDZC6oTRrv%2FwLAAD%2F%2FwEAAP%2F%2FzSKFwYUEAAA%3D
IP
Requested by https://fr.hentai-img.com/image/-ntr-/page/6/
Certificate IssuerLet's Encrypt
Subjectfixedencampment.com
Fingerprint69:01:89:A0:02:2B:E6:FC:72:F8:53:1D:E8:B8:52:AB:EB:5F:A9:A7
ValidityTue, 28 Nov 2023 07:58:26 GMT - Mon, 26 Feb 2024 07:58:25 GMT
File type ASCII text, with no line terminators
Hash 132d6af1b46048b45cf86cdee7991d31
eb7007d03d59b65bc6da7e098c4d38fc6dfb6285
ab852e838deccd742a03ca81d4a8d75cf1a00b327db3eaf46bd7da6b6db9384c
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /ren.gif?sid=H4sIAAAAAAAC%2F1RSz2tcVRS%2BLx1BdFOlG8HF4EIU6uS9%2BZHJWLAYayQYk9hWsr6%2F3uSa%2B9593PvevElWqUXpcgQX1dXLN0mDMRT7BygycVOCSmYjAZsuxaUIRVzJTAdGD9xzvnO%2Fs%2Fi%2Bc%2B9nu9k5CZDRs7UPzLbSms42Kn75tXUVC5O78srNcuBX%2FCvldRXP1a%2BUu6NkO28GfqPiv15%2BT%2FJNM1v1A98P%2FKC8qKwMTXd2zEIlR62g0vIr9WolaNTRtf%2FvXebBUQ%2Bic05ehBLDZzYePoDiA8TRt9ek20xNcvndKNM0NRYdcfBRvBmbPEY0haH1EMYHk2kYNyTk7gxMfDBxANPZGzkAU0Pi%2FRqAxQcTmWCd%2FadKmYaMwcTzyDsDSD2AogNwcxtKnBKAC6ysIo7urRib062nLB2xQ1J68hdUPiSlR5cQR%2FcXtOqWbxidpcrEDt2wgOoOoNoDJNkx0m0PKj8GTz%2BBEj%2BT2SfLiKO9VacNlCjG7pUaQIUDaNkDdR6y0VEestBDlniIxFmZNlqh7zdDFtZq83XOea3GeWN%2BTjRErT4f%2Bsj4SF4PadID1z1wu4PE7mBTfX5KDmGzH%2BA2CjjhwaVD4n24g44okEuC3BHklCBXBHlKkHeKfaFd1RX3hHYZCya1Oqm1om%2FS9i7dN2lbxgTU9naTc%2FLCeD3%2F%2FH4Xm%2FKsHNaqDcGrTHDRYtT3acBrIW%2BGrBm0wtYchVMFlJsZO95WQ3LprcdI1JDMXO6C0WM4fQyuLoJmAWjeb1Z90I1%2Bfd7Hdnx%2FQ8YpVW%2BoqF3hJoIwBZK0hHTL29Xn5KWxklcuPILkJ1cPXz56Nnj1D3BbILEFPlY%2FErT1nf51k5O96yZ35MFqkqpIbdPRI95IaSovHL4vt3JjxdI11%2Fv6bT4iRvDopnTpMo2FituOfLOghJB20VguyXdLbl2ytcxtLGQ2zpLltXcWl6LESueUiQeg6nT1b3A1JKVb34%2B%2F58WfPoWyA9isQJSdkElAmWPwZAcumap3hsDq6QxLPORZ0bdVNr3UikDLaU9ZAfefnk3xrruDti2BprcRRwU6tkBHF6C6B5c9108Te3L14Zej%2BApMl%2FpM29Ie01Z%2FMV7tkDRv%2FTlCv43SYzh1VpaN0A%2BlX5UsbLGwSX3RCustRluBbLIGDZC6oTRrv%2FwLAAD%2F%2FwEAAP%2F%2FzSKFwYUEAAA%3D HTTP/1.1
Host: fixedencampment.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://fr.hentai-img.com/
Cookie: u_pl=16443288; pdhtkv=true; uncs=1; pdhtkv49=true; uncs49=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Tue, 05 Dec 2023 16:33:21 GMT
Content-Type: image/gif
Content-Length: 7
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 709ec881ed0617695c18b76338e1b636
Strict-Transport-Security: max-age=0; includeSubdomains
cdn.pncloudfl.com/pn/771/38f/dd1/77138fdd1d545086a0c1027397abff5386d69511.png
37 kB URL cdn.pncloudfl.com/pn/771/38f/dd1/77138fdd1d545086a0c1027397abff5386d69511.png
IP
File type RIFF (little-endian) data, Web/P image\012- data
Hash e9ad6bd1a9585d2f28cc7132f4c95f07
d68e920569c6787539ff7590752c1f9c767e479c
156c091955e8468b84db9a4aee4c93c67210de02d0c7bd2cc25af7356c44671a
GET /pn/771/38f/dd1/77138fdd1d545086a0c1027397abff5386d69511.png HTTP/1.1
Host: cdn.pncloudfl.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://fr.hentai-img.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Tue, 05 Dec 2023 16:33:21 GMT
content-type: image/webp
content-length: 37002
access-control-allow-headers: Content-Type,X-Requested-With,X-Auth-Token,X-Openstack-Request-Id,X-Container-Meta-type,X-Container-Meta-Temp-URL-Key,Authorization
access-control-allow-methods: HEAD,GET,POST,PUT,PATCH,DELETE,OPTIONS
access-control-expose-headers: X-Container-Meta-Temp-Url-Key,X-Container-Bytes-Used,Last-Modified,X-Timestamp
cache-control: max-age=172800
cf-bgj: imgq:100,h2pri
cf-polished: origFmt=png, origSize=58985
content-disposition: inline; filename="77138fdd1d545086a0c1027397abff5386d69511.webp"
etag: 7508a15a95e574e91207072b2827ffa5
expires: Wed, 06 Dec 2023 02:10:23 GMT
last-modified: Mon, 23 Dec 2019 09:02:36 GMT
vary: Accept
x-openstack-request-id: tx8f7edd86663544e2b0038-0061b08dff
x-proxy-cache: REVALIDATED
x-timestamp: 1577091755.57147
x-trans-id: tx8f7edd86663544e2b0038-0061b08dff
cf-cache-status: HIT
age: 138178
accept-ranges: bytes
access-control-allow-origin: *
server: cloudflare
cf-ray: 830db0bb78280b31-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
cdn.tsyndicate.com/sdk/v1/bi.js
200 OK 3.1 kB URL GET HTTP/2 cdn.tsyndicate.com/sdk/v1/bi.js
IP
Requested by https://fr.hentai-img.com/image/-ntr-/page/6/
Certificate IssuerSectigo Limited
Subjectcdn.tsyndicate.com
FingerprintB6:87:8F:D6:E3:48:CF:61:4E:55:B9:6B:66:FC:B2:13:7F:A0:0D:BA
ValidityWed, 14 Jun 2023 00:00:00 GMT - Sun, 14 Jul 2024 23:59:59 GMT
File type C source, ASCII text, with very long lines (7708)
Hash 132db549c9f97232cccb62af9f2156b9
27a33f324e81bb08d48875a20ef18d1f22d90af9
566f0492535dba4934209ea2b08a9ee357f4c7febf4defc717e0cb1d789bb0e5
GET /sdk/v1/bi.js HTTP/1.1
Host: cdn.tsyndicate.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://fr.hentai-img.com/
Cookie: ts_uid=3ae539e5-1caa-4d4f-b769-a0fc7d9fd7f7
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Tue, 05 Dec 2023 16:33:21 GMT
content-type: application/javascript
content-length: 3084
server: nginx
last-modified: Mon, 02 Oct 2023 10:01:05 GMT
x-robots-tag: noindex, nofollow
vary: Accept-Encoding
etag: W/"651a94e1-1e65"
content-encoding: gzip
age: 5284364
accept-ranges: bytes
X-Firefox-Spdy: h2
cdn.pncloudfl.com/pn/3b7/b37/780/3b7b377805a2acf2a282ad9d65db5d44a0b37bfe.png
33 kB URL cdn.pncloudfl.com/pn/3b7/b37/780/3b7b377805a2acf2a282ad9d65db5d44a0b37bfe.png
IP
File type RIFF (little-endian) data, Web/P image\012- data
Hash dfb7448dd345978be40cfe35c0a70eff
1bee1099368968e911e90c2b41c877b6573d7494
02735307ab84f70a3f1fca3c1c63a539c34a4b65aca69fbb9ccf096cccd30580
GET /pn/3b7/b37/780/3b7b377805a2acf2a282ad9d65db5d44a0b37bfe.png HTTP/1.1
Host: cdn.pncloudfl.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://fr.hentai-img.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Tue, 05 Dec 2023 16:33:21 GMT
content-type: image/webp
content-length: 33048
access-control-allow-headers: Content-Type,X-Requested-With,X-Auth-Token,X-Openstack-Request-Id,X-Container-Meta-type,X-Container-Meta-Temp-URL-Key,Authorization
access-control-allow-methods: HEAD,GET,POST,PUT,PATCH,DELETE,OPTIONS
access-control-expose-headers: X-Container-Meta-Temp-Url-Key,X-Container-Bytes-Used,Last-Modified,X-Timestamp
cache-control: max-age=172800
cf-bgj: imgq:100,h2pri
cf-polished: origFmt=png, origSize=59338
content-disposition: inline; filename="3b7b377805a2acf2a282ad9d65db5d44a0b37bfe.webp"
etag: 573af6f886d499660f1ad0320e30fd8c
expires: Wed, 06 Dec 2023 06:46:11 GMT
last-modified: Fri, 27 Oct 2023 12:07:15 GMT
vary: Accept
x-openstack-request-id: tx315f9bf9165d47448b5e6-00653ba8fb
x-proxy-cache: HIT
x-timestamp: 1698408434.45358
x-trans-id: tx315f9bf9165d47448b5e6-00653ba8fb
cf-cache-status: HIT
age: 121630
accept-ranges: bytes
access-control-allow-origin: *
server: cloudflare
cf-ray: 830db0bb983d0b31-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
cdn.pncloudfl.com/pn/159/4e9/574/1594e95742a74b4d78cb97059ff18a3f1cdbc0cb.png
48 kB URL cdn.pncloudfl.com/pn/159/4e9/574/1594e95742a74b4d78cb97059ff18a3f1cdbc0cb.png
IP
File type RIFF (little-endian) data, Web/P image\012- data
Hash faa49393df3208c063f655607da54633
3de75eda9ed337e13622611cdda3d5bf615b311f
5b8090f769afc76f83e8635a46499a1e467be6c44aee86f5f53b7ca51baa53de
GET /pn/159/4e9/574/1594e95742a74b4d78cb97059ff18a3f1cdbc0cb.png HTTP/1.1
Host: cdn.pncloudfl.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://fr.hentai-img.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Tue, 05 Dec 2023 16:33:21 GMT
content-type: image/webp
content-length: 47678
access-control-allow-headers: Content-Type,X-Requested-With,X-Auth-Token,X-Openstack-Request-Id,X-Container-Meta-type,X-Container-Meta-Temp-URL-Key,Authorization
access-control-allow-methods: HEAD,GET,POST,PUT,PATCH,DELETE,OPTIONS
access-control-expose-headers: X-Container-Meta-Temp-Url-Key,X-Container-Bytes-Used,Last-Modified,X-Timestamp
cache-control: max-age=172800
cf-bgj: imgq:100,h2pri
cf-polished: origFmt=png, origSize=74321
content-disposition: inline; filename="1594e95742a74b4d78cb97059ff18a3f1cdbc0cb.webp"
etag: e7242897f9459085037ffcbcd74c060f
expires: Wed, 06 Dec 2023 09:20:14 GMT
last-modified: Mon, 23 Dec 2019 09:01:22 GMT
vary: Accept
x-openstack-request-id: tx6522abc861fc4738a75fe-0061b0bcf9
x-proxy-cache: HIT
x-timestamp: 1577091681.42646
x-trans-id: tx6522abc861fc4738a75fe-0061b0bcf9
cf-cache-status: HIT
age: 112387
accept-ranges: bytes
access-control-allow-origin: *
server: cloudflare
cf-ray: 830db0bb98490b31-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
banquetunarmedgrater.com/advertisers.js
0 B URL banquetunarmedgrater.com/advertisers.js
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /advertisers.js HTTP/1.1
Host: banquetunarmedgrater.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://fr.hentai-img.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Tue, 05 Dec 2023 16:33:21 GMT
content-type: application/javascript
content-length: 0
expires: Thu, 01 Jan 1970 00:00:01 GMT
cache-control: max-age=172800
x-request-id: 6815b1ca8fd683ba25af78d6674b74ff
strict-transport-security: max-age=0; includeSubdomains
cf-cache-status: EXPIRED
last-modified: Tue, 05 Dec 2023 16:33:20 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=bvGsBrYs3cFwut7on4Z64M38LARQDV3If0Ha49NKuVjaHDzImKbNRBd5nQclhTYGF%2FltiE0MX0CX9M4vmBeFTHKhiZoWAN0VJf1UtnMkT7RS1FB3woewlIGhWvkM%2BAXGjC1nxp1qudS8uOU%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 830db0baff57b524-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
fixedencampment.com/impr.gif?sid=H4sIAAAAAAAC%2F1RSz2skRRSuzo7gr4PKXgSFwYPswjrpnh87My4YjDESjEncXcnFS3VV9UyZ6q6mqnt6klN0QfbmCB5WT51vkg3GsLh%2FgCAdL0tAyVwk4GaP4lHEPXiSmR2IPqj3vlffO3zfq%2Fp8Jz0jHlJ6uvaB3pJK0dlGxS1fWpcR15ktr9wse27FvVZel9HV%2BrVyf5xM703PbVTcy%2BX3BNvQs1XXc13P9cqL0ohA92cnLGR82PYqbbdSr1a8Rh198%2F%2Fepg4sdcB7Z%2BQlSD56qvvgPiQrEIXfLwi7kej4yrthqmiiDXp8%2F6NoI9JZhPAcBsZBEO1Pp6HtiJA7M9DR%2FtQBdG937AC%2BHBHnVw9%2BtD%2BVCb%2B390SpryAi%2BPw5ZL0CQhWQtADTtyD5CQEYx8oqovDuijYZ3XzC0jE7IqXHf0FmI1J6eBFReG9eyX75hlZpInVk0Q9yyH4B2SkQp0dIthzI7Ags%2BQyS%2F0xmHy8jCndXrdKQPJ%2B4l7KADAooMQC1DtLxkQ7SwEEaOwj5aZk22oHrNgM%2FqNVadcZYrcZYo3WVN3it3gpcpGwsb4AkHoCpAZjZRmy2sSG%2FPCEHMOmPsN0cljuwyYg4H26jx3NkgiCzBBklyCRBlhBkvXyPK1u1%2BV2ubOp701qd1lo%2B1Elnh%2B7ppCMiAmoGO%2FEZeXGynn9%2Bv4MNcVoOatUGZ1WfM972qetSj9UC1gz8ptcO2lcprMwh7czE8ZYckYtvPUIsR2TmSh8%2BPYJVR2DyBdDUA82GzaoL2h3WWy62ontdESVUviHDToXpEFzniJMSkk1nR52RlydKmp%2F%2BCcGO5w4v%2FV188fFlMJMjNjk%2BkT8RdNTt4XWdkd3rOrPk%2FmqcyFBu0fEj3khoIi4cvC82M2340oIdfPs2GxNjeHhT2GSZRlxGHUu%2Bm5ecC7OoDRPkhyW7Lvy11HbnUxOl8fLaO4tLYWyEtVJHBag8eb4AkyPyzPHC5Hu%2ButiFNAVMmiNMj8k0IPURWLwNGx%2FPHbxy%2BLT3%2Bh%2BwmsCo8xk%2FnkGW5kNT9c8vlSRQ4rynfg77n94%2Fxzv2NjqmBJrcQhTm6JkcPZWDqgFs%2Buwwic3x3IOvx%2FENfFUa%2BsqUdn1l1Fcj8tqFh5P9jtFv4%2FQIVp6WG15dtPxWk3HuC8a9ZrXWqrlulfN6sy28NhI7Enrtl38BAAD%2F%2FwEAAP%2F%2FLTd8s4UEAAA%3D
200 OK 7 B URL GET HTTP/1.1 fixedencampment.com/impr.gif?sid=H4sIAAAAAAAC%2F1RSz2skRRSuzo7gr4PKXgSFwYPswjrpnh87My4YjDESjEncXcnFS3VV9UyZ6q6mqnt6klN0QfbmCB5WT51vkg3GsLh%2FgCAdL0tAyVwk4GaP4lHEPXiSmR2IPqj3vlffO3zfq%2Fp8Jz0jHlJ6uvaB3pJK0dlGxS1fWpcR15ktr9wse27FvVZel9HV%2BrVyf5xM703PbVTcy%2BX3BNvQs1XXc13P9cqL0ohA92cnLGR82PYqbbdSr1a8Rh198%2F%2Fepg4sdcB7Z%2BQlSD56qvvgPiQrEIXfLwi7kej4yrthqmiiDXp8%2F6NoI9JZhPAcBsZBEO1Pp6HtiJA7M9DR%2FtQBdG937AC%2BHBHnVw9%2BtD%2BVCb%2B390SpryAi%2BPw5ZL0CQhWQtADTtyD5CQEYx8oqovDuijYZ3XzC0jE7IqXHf0FmI1J6eBFReG9eyX75hlZpInVk0Q9yyH4B2SkQp0dIthzI7Ags%2BQyS%2F0xmHy8jCndXrdKQPJ%2B4l7KADAooMQC1DtLxkQ7SwEEaOwj5aZk22oHrNgM%2FqNVadcZYrcZYo3WVN3it3gpcpGwsb4AkHoCpAZjZRmy2sSG%2FPCEHMOmPsN0cljuwyYg4H26jx3NkgiCzBBklyCRBlhBkvXyPK1u1%2BV2ubOp701qd1lo%2B1Elnh%2B7ppCMiAmoGO%2FEZeXGynn9%2Bv4MNcVoOatUGZ1WfM972qetSj9UC1gz8ptcO2lcprMwh7czE8ZYckYtvPUIsR2TmSh8%2BPYJVR2DyBdDUA82GzaoL2h3WWy62ontdESVUviHDToXpEFzniJMSkk1nR52RlydKmp%2F%2BCcGO5w4v%2FV188fFlMJMjNjk%2BkT8RdNTt4XWdkd3rOrPk%2FmqcyFBu0fEj3khoIi4cvC82M2340oIdfPs2GxNjeHhT2GSZRlxGHUu%2Bm5ecC7OoDRPkhyW7Lvy11HbnUxOl8fLaO4tLYWyEtVJHBag8eb4AkyPyzPHC5Hu%2ButiFNAVMmiNMj8k0IPURWLwNGx%2FPHbxy%2BLT3%2Bh%2BwmsCo8xk%2FnkGW5kNT9c8vlSRQ4rynfg77n94%2Fxzv2NjqmBJrcQhTm6JkcPZWDqgFs%2Buwwic3x3IOvx%2FENfFUa%2BsqUdn1l1Fcj8tqFh5P9jtFv4%2FQIVp6WG15dtPxWk3HuC8a9ZrXWqrlulfN6sy28NhI7Enrtl38BAAD%2F%2FwEAAP%2F%2FLTd8s4UEAAA%3D
IP
Requested by https://fr.hentai-img.com/image/-ntr-/page/6/
Certificate IssuerLet's Encrypt
Subjectfixedencampment.com
Fingerprint69:01:89:A0:02:2B:E6:FC:72:F8:53:1D:E8:B8:52:AB:EB:5F:A9:A7
ValidityTue, 28 Nov 2023 07:58:26 GMT - Mon, 26 Feb 2024 07:58:25 GMT
File type ASCII text, with no line terminators
Hash 132d6af1b46048b45cf86cdee7991d31
eb7007d03d59b65bc6da7e098c4d38fc6dfb6285
ab852e838deccd742a03ca81d4a8d75cf1a00b327db3eaf46bd7da6b6db9384c
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /impr.gif?sid=H4sIAAAAAAAC%2F1RSz2skRRSuzo7gr4PKXgSFwYPswjrpnh87My4YjDESjEncXcnFS3VV9UyZ6q6mqnt6klN0QfbmCB5WT51vkg3GsLh%2FgCAdL0tAyVwk4GaP4lHEPXiSmR2IPqj3vlffO3zfq%2Fp8Jz0jHlJ6uvaB3pJK0dlGxS1fWpcR15ktr9wse27FvVZel9HV%2BrVyf5xM703PbVTcy%2BX3BNvQs1XXc13P9cqL0ohA92cnLGR82PYqbbdSr1a8Rh198%2F%2Fepg4sdcB7Z%2BQlSD56qvvgPiQrEIXfLwi7kej4yrthqmiiDXp8%2F6NoI9JZhPAcBsZBEO1Pp6HtiJA7M9DR%2FtQBdG937AC%2BHBHnVw9%2BtD%2BVCb%2B390SpryAi%2BPw5ZL0CQhWQtADTtyD5CQEYx8oqovDuijYZ3XzC0jE7IqXHf0FmI1J6eBFReG9eyX75hlZpInVk0Q9yyH4B2SkQp0dIthzI7Ags%2BQyS%2F0xmHy8jCndXrdKQPJ%2B4l7KADAooMQC1DtLxkQ7SwEEaOwj5aZk22oHrNgM%2FqNVadcZYrcZYo3WVN3it3gpcpGwsb4AkHoCpAZjZRmy2sSG%2FPCEHMOmPsN0cljuwyYg4H26jx3NkgiCzBBklyCRBlhBkvXyPK1u1%2BV2ubOp701qd1lo%2B1Elnh%2B7ppCMiAmoGO%2FEZeXGynn9%2Bv4MNcVoOatUGZ1WfM972qetSj9UC1gz8ptcO2lcprMwh7czE8ZYckYtvPUIsR2TmSh8%2BPYJVR2DyBdDUA82GzaoL2h3WWy62ontdESVUviHDToXpEFzniJMSkk1nR52RlydKmp%2F%2BCcGO5w4v%2FV188fFlMJMjNjk%2BkT8RdNTt4XWdkd3rOrPk%2FmqcyFBu0fEj3khoIi4cvC82M2340oIdfPs2GxNjeHhT2GSZRlxGHUu%2Bm5ecC7OoDRPkhyW7Lvy11HbnUxOl8fLaO4tLYWyEtVJHBag8eb4AkyPyzPHC5Hu%2ButiFNAVMmiNMj8k0IPURWLwNGx%2FPHbxy%2BLT3%2Bh%2BwmsCo8xk%2FnkGW5kNT9c8vlSRQ4rynfg77n94%2Fxzv2NjqmBJrcQhTm6JkcPZWDqgFs%2Buwwic3x3IOvx%2FENfFUa%2BsqUdn1l1Fcj8tqFh5P9jtFv4%2FQIVp6WG15dtPxWk3HuC8a9ZrXWqrlulfN6sy28NhI7Enrtl38BAAD%2F%2FwEAAP%2F%2FLTd8s4UEAAA%3D HTTP/1.1
Host: fixedencampment.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://fr.hentai-img.com/
Cookie: u_pl=16443288; pdhtkv=true; uncs=1; pdhtkv49=true; uncs49=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Tue, 05 Dec 2023 16:33:21 GMT
Content-Type: image/gif
Content-Length: 7
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 103095ac4d5bd52b059ad543eb228078
Strict-Transport-Security: max-age=0; includeSubdomains
prerogativeslob.com/pixel/purst?dl=0&th=0&sc=0&rs=9638&rd=9638&fd=1270&bv=23.12.v.2&tmpl=70
0 B URL prerogativeslob.com/pixel/purst?dl=0&th=0&sc=0&rs=9638&rd=9638&fd=1270&bv=23.12.v.2&tmpl=70
IP
ASN #39572 DataWeb Global Group B.V.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /pixel/purst?dl=0&th=0&sc=0&rs=9638&rd=9638&fd=1270&bv=23.12.v.2&tmpl=70 HTTP/1.1
Host: prerogativeslob.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://fr.hentai-img.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Tue, 05 Dec 2023 16:33:21 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
fixedencampment.com/65/aa/28/65aa283021630dfd9030555c4c61a78c.js
200 OK 23 kB URL GET HTTP/1.1 fixedencampment.com/65/aa/28/65aa283021630dfd9030555c4c61a78c.js
IP
Requested by https://fr.hentai-img.com/image/-ntr-/page/6/
Certificate IssuerLet's Encrypt
Subjectfixedencampment.com
Fingerprint69:01:89:A0:02:2B:E6:FC:72:F8:53:1D:E8:B8:52:AB:EB:5F:A9:A7
ValidityTue, 28 Nov 2023 07:58:26 GMT - Mon, 26 Feb 2024 07:58:25 GMT
File type ASCII text, with very long lines (59523)
Hash 136968f5ecd14860432a61d8cb7ce060
84c77a14c14b6ce274a6a4944fa201b99fb1cfd0
2cbc866b6168b00f9ce0e8ede5b892257dde5164c85ed210d07b36dda458953d
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /65/aa/28/65aa283021630dfd9030555c4c61a78c.js HTTP/1.1
Host: fixedencampment.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://fr.hentai-img.com/
Cookie: u_pl=16443288; pdhtkv=true; uncs=1; pdhtkv49=true; uncs49=1
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Tue, 05 Dec 2023 16:33:21 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Set-Cookie: 4b4e7ab587d59b22ad7bcd2439afc363_AN-1159_new=0; expires=Sat, 09 Dec 2023 20:33:21 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 4ec915071a8170e2f63a728d2daf2f3c
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
fixedencampment.com/ren.gif?sid=H4sIAAAAAAAC%2F1RSz2tcVRS%2BLx3BXwuVbgSFwYW0UCfvzY9OxoLFWiPF2sS2ko2b%2B%2BvNXHPfu49735s3ySpakO4cwUV19fJN0mAMxf4Bgry4KQEls5GATZfiUsQuXMlMB6IH7jnfud9ZfN%2B59%2FPN7JgEyOjR8gdmXWlN51s1v3pmRcXC5K567WY18Gv%2BheqKis83L1QHk2T7bwZ%2Bq%2Bafrb4n%2BaqZr%2FuB7wd%2BUF1UVoZmMD9loZK9TlDr%2BLVmvRa0mhjY%2F%2Fcu8%2BCoB9E%2FJi9BifFTvQf3oXiJOPr%2BsnSrqUnOvRtlmqbGoi92PopXY5PHiE5gaD2E8c5sGsaNCbkzBxPvzBzA9LcmDsDUmHi%2FBmDxzkwmWH%2F7iVKmIWMw8RzyfgmpSyhagptbUOKQAFzg2hLi6O41Y3O69oSlE3ZMKo%2F%2FgsrHpPLwNOLo3iWtBtUbRmepMrHDICygBiVUt0SS7SNd96DyffD0MyjxM5l%2FfBVxtLXktIESxdS9UiVUWELLIajzkE2O8pCFHrLEQySOqrTVCX2%2FHbKw0Vhocs4bDc5bC%2BdFSzSaC6GPjE%2FkDZEmQ3A9BLcbSOwGVtWXh2QXNvsRrlfACQ8uHRPvww30RYFcEuSOIKcEuSLIU4K8X2wL7equuCu0y1gwq%2FVZbRQjk3Y36bZJuzImoHa4mRyTF6fr%2Bef3O1iVR9WwUW8JXmeCiw6jvk8D3gh5O2TtoBN2zlM4VUC5uanjdTUmp996hESNydy5ARjdh9P74OoF0CwAzUftug%2FaGzUXfKzH93oyTql6Q0XdGjcRhCmQpBWka96mPiYvT5W0P%2F0Tkh9c3Dvzd%2FnFx2fBbYHEFvhE%2FUTQ1bdH101Otq6b3JH7S0mqIrVOJ494I6WpPLX7vlzLjRVXLrvht2%2FzCTGBezelS6%2FSWKi468h3l5QQ0i4ayyX54YpbkWw5c71LmY2z5OryO4tXosRK55SJS1B1%2BHwJrsbkmYPL0%2B%2F56mIPypawWYEoOyCzgDL74MkGXHJwcfeVvaeD1%2F%2BAMwRWn8ywZA55VoxsnZ1cakWg5UlPWQH3n56d4E13G11bAU1vIY4K9G2Bvi5A9RAue3aUJvbg4oOvJ%2FENmK6MmLaVLaat%2FmpMXjv1cLrfCfptkh7BqaOqbIV%2BKP26ZGGHhW3qi07Y7DDaCWSbtWiA1I2lWf7lXwAAAP%2F%2FAQAA%2F%2F85P%2FJVhQQAAA%3D%3D
7 B URL fixedencampment.com/ren.gif?sid=H4sIAAAAAAAC%2F1RSz2tcVRS%2BLx3BXwuVbgSFwYW0UCfvzY9OxoLFWiPF2sS2ko2b%2B%2BvNXHPfu49735s3ySpakO4cwUV19fJN0mAMxf4Bgry4KQEls5GATZfiUsQuXMlMB6IH7jnfud9ZfN%2B59%2FPN7JgEyOjR8gdmXWlN51s1v3pmRcXC5K567WY18Gv%2BheqKis83L1QHk2T7bwZ%2Bq%2Bafrb4n%2BaqZr%2FuB7wd%2BUF1UVoZmMD9loZK9TlDr%2BLVmvRa0mhjY%2F%2Fcu8%2BCoB9E%2FJi9BifFTvQf3oXiJOPr%2BsnSrqUnOvRtlmqbGoi92PopXY5PHiE5gaD2E8c5sGsaNCbkzBxPvzBzA9LcmDsDUmHi%2FBmDxzkwmWH%2F7iVKmIWMw8RzyfgmpSyhagptbUOKQAFzg2hLi6O41Y3O69oSlE3ZMKo%2F%2FgsrHpPLwNOLo3iWtBtUbRmepMrHDICygBiVUt0SS7SNd96DyffD0MyjxM5l%2FfBVxtLXktIESxdS9UiVUWELLIajzkE2O8pCFHrLEQySOqrTVCX2%2FHbKw0Vhocs4bDc5bC%2BdFSzSaC6GPjE%2FkDZEmQ3A9BLcbSOwGVtWXh2QXNvsRrlfACQ8uHRPvww30RYFcEuSOIKcEuSLIU4K8X2wL7equuCu0y1gwq%2FVZbRQjk3Y36bZJuzImoHa4mRyTF6fr%2Bef3O1iVR9WwUW8JXmeCiw6jvk8D3gh5O2TtoBN2zlM4VUC5uanjdTUmp996hESNydy5ARjdh9P74OoF0CwAzUftug%2FaGzUXfKzH93oyTql6Q0XdGjcRhCmQpBWka96mPiYvT5W0P%2F0Tkh9c3Dvzd%2FnFx2fBbYHEFvhE%2FUTQ1bdH101Otq6b3JH7S0mqIrVOJ494I6WpPLX7vlzLjRVXLrvht2%2FzCTGBezelS6%2FSWKi468h3l5QQ0i4ayyX54YpbkWw5c71LmY2z5OryO4tXosRK55SJS1B1%2BHwJrsbkmYPL0%2B%2F56mIPypawWYEoOyCzgDL74MkGXHJwcfeVvaeD1%2F%2BAMwRWn8ywZA55VoxsnZ1cakWg5UlPWQH3n56d4E13G11bAU1vIY4K9G2Bvi5A9RAue3aUJvbg4oOvJ%2FENmK6MmLaVLaat%2FmpMXjv1cLrfCfptkh7BqaOqbIV%2BKP26ZGGHhW3qi07Y7DDaCWSbtWiA1I2lWf7lXwAAAP%2F%2FAQAA%2F%2F85P%2FJVhQQAAA%3D%3D
IP
File type ASCII text, with no line terminators
Hash 132d6af1b46048b45cf86cdee7991d31
eb7007d03d59b65bc6da7e098c4d38fc6dfb6285
ab852e838deccd742a03ca81d4a8d75cf1a00b327db3eaf46bd7da6b6db9384c
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /ren.gif?sid=H4sIAAAAAAAC%2F1RSz2tcVRS%2BLx3BXwuVbgSFwYW0UCfvzY9OxoLFWiPF2sS2ko2b%2B%2BvNXHPfu49735s3ySpakO4cwUV19fJN0mAMxf4Bgry4KQEls5GATZfiUsQuXMlMB6IH7jnfud9ZfN%2B59%2FPN7JgEyOjR8gdmXWlN51s1v3pmRcXC5K567WY18Gv%2BheqKis83L1QHk2T7bwZ%2Bq%2Bafrb4n%2BaqZr%2FuB7wd%2BUF1UVoZmMD9loZK9TlDr%2BLVmvRa0mhjY%2F%2Fcu8%2BCoB9E%2FJi9BifFTvQf3oXiJOPr%2BsnSrqUnOvRtlmqbGoi92PopXY5PHiE5gaD2E8c5sGsaNCbkzBxPvzBzA9LcmDsDUmHi%2FBmDxzkwmWH%2F7iVKmIWMw8RzyfgmpSyhagptbUOKQAFzg2hLi6O41Y3O69oSlE3ZMKo%2F%2FgsrHpPLwNOLo3iWtBtUbRmepMrHDICygBiVUt0SS7SNd96DyffD0MyjxM5l%2FfBVxtLXktIESxdS9UiVUWELLIajzkE2O8pCFHrLEQySOqrTVCX2%2FHbKw0Vhocs4bDc5bC%2BdFSzSaC6GPjE%2FkDZEmQ3A9BLcbSOwGVtWXh2QXNvsRrlfACQ8uHRPvww30RYFcEuSOIKcEuSLIU4K8X2wL7equuCu0y1gwq%2FVZbRQjk3Y36bZJuzImoHa4mRyTF6fr%2Bef3O1iVR9WwUW8JXmeCiw6jvk8D3gh5O2TtoBN2zlM4VUC5uanjdTUmp996hESNydy5ARjdh9P74OoF0CwAzUftug%2FaGzUXfKzH93oyTql6Q0XdGjcRhCmQpBWka96mPiYvT5W0P%2F0Tkh9c3Dvzd%2FnFx2fBbYHEFvhE%2FUTQ1bdH101Otq6b3JH7S0mqIrVOJ494I6WpPLX7vlzLjRVXLrvht2%2FzCTGBezelS6%2FSWKi468h3l5QQ0i4ayyX54YpbkWw5c71LmY2z5OryO4tXosRK55SJS1B1%2BHwJrsbkmYPL0%2B%2F56mIPypawWYEoOyCzgDL74MkGXHJwcfeVvaeD1%2F%2BAMwRWn8ywZA55VoxsnZ1cakWg5UlPWQH3n56d4E13G11bAU1vIY4K9G2Bvi5A9RAue3aUJvbg4oOvJ%2FENmK6MmLaVLaat%2FmpMXjv1cLrfCfptkh7BqaOqbIV%2BKP26ZGGHhW3qi07Y7DDaCWSbtWiA1I2lWf7lXwAAAP%2F%2FAQAA%2F%2F85P%2FJVhQQAAA%3D%3D HTTP/1.1
Host: fixedencampment.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://fr.hentai-img.com/
Cookie: u_pl=16443288; pdhtkv=true; uncs=1; pdhtkv49=true; uncs49=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Tue, 05 Dec 2023 16:33:21 GMT
Content-Type: image/gif
Content-Length: 7
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: f2cc8011c20e5cfa2f55152582c33e56
Strict-Transport-Security: max-age=0; includeSubdomains
landmarkfootnotary.com/watch.1013712431799.js?key=5e6875da5961e81ed9244698fd54f94d&kw=%5B%22%E2%9D%A4%EF%B8%8F%22%2C%22ntr%22%2C%22%E2%9D%A4%EF%B8%8F%22%2C%22-%22%2C%226%22%2C%22-%22%2C%22hentai%22%2C%22image%22%5D&refer=https%3A%2F%2Ffr.hentai-img.com%2Fimage%2F-ntr-%2Fpage%2F6%2F&tz=0&dev=e&res=14.3095&uuid=8325fdb6-4dc6-407a-8a3e-13c934c97f16%3A3%3A1&shu=478f7c68f3917308a2a607cc3384db4fe7da6e86b3ce349b117b7cc8e345d8656a4504f67f839aaec4145bc78930c82f8fc516e30c2a6984fb839abf24ba05083110ecbf028b8ae07e2383f60ea62c11b94589772efe78a0c5c268a06ed3354c&pst=1701794060&rmtc=t
2.1 kB URL landmarkfootnotary.com/watch.1013712431799.js?key=5e6875da5961e81ed9244698fd54f94d&kw=%5B%22%E2%9D%A4%EF%B8%8F%22%2C%22ntr%22%2C%22%E2%9D%A4%EF%B8%8F%22%2C%22-%22%2C%226%22%2C%22-%22%2C%22hentai%22%2C%22image%22%5D&refer=https%3A%2F%2Ffr.hentai-img.com%2Fimage%2F-ntr-%2Fpage%2F6%2F&tz=0&dev=e&res=14.3095&uuid=8325fdb6-4dc6-407a-8a3e-13c934c97f16%3A3%3A1&shu=478f7c68f3917308a2a607cc3384db4fe7da6e86b3ce349b117b7cc8e345d8656a4504f67f839aaec4145bc78930c82f8fc516e30c2a6984fb839abf24ba05083110ecbf028b8ae07e2383f60ea62c11b94589772efe78a0c5c268a06ed3354c&pst=1701794060&rmtc=t
IP
File type HTML document, ASCII text, with very long lines (2583)
Hash d407a8119798a7756ee796a144b8078d
8d2a3f8106ba13ed05d3251f40bc6cd38a6eb3f2
57b695576abf42d11df401a53742123239169e7028351e426e3aaeca63c25adb
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /watch.1013712431799.js?key=5e6875da5961e81ed9244698fd54f94d&kw=%5B%22%E2%9D%A4%EF%B8%8F%22%2C%22ntr%22%2C%22%E2%9D%A4%EF%B8%8F%22%2C%22-%22%2C%226%22%2C%22-%22%2C%22hentai%22%2C%22image%22%5D&refer=https%3A%2F%2Ffr.hentai-img.com%2Fimage%2F-ntr-%2Fpage%2F6%2F&tz=0&dev=e&res=14.3095&uuid=8325fdb6-4dc6-407a-8a3e-13c934c97f16%3A3%3A1&shu=478f7c68f3917308a2a607cc3384db4fe7da6e86b3ce349b117b7cc8e345d8656a4504f67f839aaec4145bc78930c82f8fc516e30c2a6984fb839abf24ba05083110ecbf028b8ae07e2383f60ea62c11b94589772efe78a0c5c268a06ed3354c&pst=1701794060&rmtc=t HTTP/1.1
Host: landmarkfootnotary.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://fr.hentai-img.com
Referer: https://fr.hentai-img.com/
DNT: 1
Connection: keep-alive
Cookie: u_pl=15475157; ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoxNTQ3NTE1NywiayI6IjVlNjg3NWRhNTk2MWU4MWVkOTI0NDY5OGZkNTRmOTRkIiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjoxMzI2ODE1LCJwaWQiOjE0MjQ1NiwiYW4iOnRydWUsImxhbiI6dHJ1ZSwiY2lkIjoxNiwiYWlkIjo1LCJwdCI6NCwicGsiOiJrc2UzM3pwZyIsImNwa3MiOnsiMjgiOiJkNzljZmZkM2EwZDU5ZjYxMWI3NDJmNGQxZjY2NTg5YSJ9LCJ0IjoxfSwidSI6eyJ1IjoxLCJhdSI6MSwiZCI6eyJpZCI6OTA3NTM0NTcsImlkcyI6IiIsImljIjpmYWxzZSwibiI6IkRlc2t0b3AsRW11bGF0b3IiLCJ2IjoiVW5rbm93biIsIm0iOiJVbmtub3duIiwiZiI6MSwiZm4iOiJEZXNrdG9wIiwib2lkIjozODkxNCwib24iOiJXaW5kb3dzIiwib3YiOiIxMC4wIiwiYmlkIjoxMjA2MjUsImJuIjoiRmlyZWZveCIsImJ2IjoiMTA1LjAiLCJ3diI6ZmFsc2UsImUiOnRydWUsImFiIjpmYWxzZX0sImMiOnsiaWQiOjE2MiwiYyI6Ik5PIiwibiI6Ik5vcndheSJ9LCJhIjpmYWxzZSwiY3IiOnsibiI6IkJsaXggU29sdXRpb25zIn0sInhmIjoiIiwiaXhmIjpmYWxzZSwiaWd4ZiI6ZmFsc2UsInVwIjp0cnVlLCJyIjoiaHR0cHM6Ly9mci5oZW50YWktaW1nLmNvbS9pbWFnZS8tbnRyLS9wYWdlLzYvIiwiYXIiOltdfX0.ZlCYnvKYVuhWBSKco6hC2E6E-H_W-Z3YTKxM13nv7i0
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Tue, 05 Dec 2023 16:33:21 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: https://fr.hentai-img.com
Access-Control-Allow-Origin: https://fr.hentai-img.com
Access-Control-Allow-Credentials: true
Set-Cookie: uid_id2=8325fdb6-4dc6-407a-8a3e-13c934c97f16:3:1; expires=Tue, 12 Dec 2023 16:33:21 GMT; secure; SameSite=None
pdhtkv=true; expires=Wed, 06 Dec 2023 16:33:21 GMT; secure; SameSite=None
uncs=1; expires=Wed, 06 Dec 2023 16:33:21 GMT; secure; SameSite=None
pdhtkv5=true; expires=Wed, 06 Dec 2023 16:33:21 GMT; secure; SameSite=None
uncs5=1; expires=Wed, 06 Dec 2023 16:33:21 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: ee5b46f98d6673afe6b019d7d99447f7
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
fixedencampment.com/ren.gif?sid=H4sIAAAAAAAC%2F1RSzWtcVRy9rxlBdFOlG8HF4EIU6uS9%2BchkLFiMNRKMSWwrWd%2BvN7nmvncf9743b5JVakW6HMFFdfVyJmkwhmL%2FAEUmbkpQyWwkYNOluBShiCuZ6cDoD%2B7v457f4pxz72e72TkJkNGztQ%2FMttKazjYqfvm1dRULk7vyys1y4Ff8K%2BV1Fc%2FVr5S7o2Q7bwZ%2Bo%2BK%2FXn5P8k0zW%2FUD3w%2F8oLyorAxNd3aMQiVHraDS8iv1aiVo1NG1%2F59d5sFRD6JzTl6EEsNnNh4%2BgOIDxNG316TbTE1y%2Bd0o0zQ1Fh1x8FG8GZs8RjRtQ%2BshjA8m2zBuSMjdCzDxwUQBTGdvpABMDYn3awAWH0xognX2nzJlGjIGE88j7wwg9QCKDsDNbShxSgAusLKKOLq3YmxOt56idIQOSenJX1D5kJQeXUIc3V%2FQqlu%2BYXSWKhM7dMMCqjuAag%2BQZMdItz2o%2FBg8%2FQRK%2FExmnywjjvZWnTZQohirV2oAFQ6gZQ%2FUechGR3nIQg9Z4iESZ2XaaIW%2B3wxZWKvN1znntRrnjfk50RC1%2BnzoI%2BMjej2kSQ9c98DtDhK7g031%2BSk5hM1%2BgNso4IQHlw6J9%2BEOOqJALglyR5BTglwR5ClB3in2hXZVV9wT2mUsmNTqpNaKvknbu3TfpG0ZE1Db203OyQtje%2F75%2FS425Vk5rFUbgleZ4KLFqO%2FTgNdC3gxZM2iFrTkKpwood2GseFsNyaW3HiNRQ3LhcheMHsPpY3B1ETQLQPN%2Bs%2BqDbvTr8z624%2FsbMk6pekNF7Qo3EYQpkKQlpFverj4nL42ZvDLzGyQ%2FuXr48tGzwat%2FgNsCiS3wsfqRoK3v9K%2BbnOxdN7kjD1aTVEVqm44e8UZKUzlz%2BL7cyo0VS9dc7%2Bu3%2BQgYtUc3pUuXaSxU3HbkmwUlhLSLxnJJvlty65KtZW5jIbNxliyvvbO4FCVWOqdMPABVp6t%2Fg6shKd36fvw9L%2F70KZQdwGYFouyETALKHIMnO3DJlL0zBFZPd1gygzwr%2BrbKppdaEWg5nSkr4P4zs2m%2F6%2B6gbUug6W3EUYGOLdDRBajuwWXP9dPEnlx9%2BOUovgLTpT7TtrTHtNVfjKx9NCTNW3%2BOTR6lx3DqrCwboR9KvypZ2GJhk%2FqiFdZbjLYC2WQNGiB1Q2nWfvkXAAD%2F%2FwEAAP%2F%2FLMfhs4UEAAA%3D
7 B URL fixedencampment.com/ren.gif?sid=H4sIAAAAAAAC%2F1RSzWtcVRy9rxlBdFOlG8HF4EIU6uS9%2BchkLFiMNRKMSWwrWd%2BvN7nmvncf9743b5JVakW6HMFFdfVyJmkwhmL%2FAEUmbkpQyWwkYNOluBShiCuZ6cDoD%2B7v457f4pxz72e72TkJkNGztQ%2FMttKazjYqfvm1dRULk7vyys1y4Ff8K%2BV1Fc%2FVr5S7o2Q7bwZ%2Bo%2BK%2FXn5P8k0zW%2FUD3w%2F8oLyorAxNd3aMQiVHraDS8iv1aiVo1NG1%2F59d5sFRD6JzTl6EEsNnNh4%2BgOIDxNG316TbTE1y%2Bd0o0zQ1Fh1x8FG8GZs8RjRtQ%2BshjA8m2zBuSMjdCzDxwUQBTGdvpABMDYn3awAWH0xognX2nzJlGjIGE88j7wwg9QCKDsDNbShxSgAusLKKOLq3YmxOt56idIQOSenJX1D5kJQeXUIc3V%2FQqlu%2BYXSWKhM7dMMCqjuAag%2BQZMdItz2o%2FBg8%2FQRK%2FExmnywjjvZWnTZQohirV2oAFQ6gZQ%2FUechGR3nIQg9Z4iESZ2XaaIW%2B3wxZWKvN1znntRrnjfk50RC1%2BnzoI%2BMjej2kSQ9c98DtDhK7g031%2BSk5hM1%2BgNso4IQHlw6J9%2BEOOqJALglyR5BTglwR5ClB3in2hXZVV9wT2mUsmNTqpNaKvknbu3TfpG0ZE1Db203OyQtje%2F75%2FS425Vk5rFUbgleZ4KLFqO%2FTgNdC3gxZM2iFrTkKpwood2GseFsNyaW3HiNRQ3LhcheMHsPpY3B1ETQLQPN%2Bs%2BqDbvTr8z624%2FsbMk6pekNF7Qo3EYQpkKQlpFverj4nL42ZvDLzGyQ%2FuXr48tGzwat%2FgNsCiS3wsfqRoK3v9K%2BbnOxdN7kjD1aTVEVqm44e8UZKUzlz%2BL7cyo0VS9dc7%2Bu3%2BQgYtUc3pUuXaSxU3HbkmwUlhLSLxnJJvlty65KtZW5jIbNxliyvvbO4FCVWOqdMPABVp6t%2Fg6shKd36fvw9L%2F70KZQdwGYFouyETALKHIMnO3DJlL0zBFZPd1gygzwr%2BrbKppdaEWg5nSkr4P4zs2m%2F6%2B6gbUug6W3EUYGOLdDRBajuwWXP9dPEnlx9%2BOUovgLTpT7TtrTHtNVfjKx9NCTNW3%2BOTR6lx3DqrCwboR9KvypZ2GJhk%2FqiFdZbjLYC2WQNGiB1Q2nWfvkXAAD%2F%2FwEAAP%2F%2FLMfhs4UEAAA%3D
IP
File type ASCII text, with no line terminators
Hash 132d6af1b46048b45cf86cdee7991d31
eb7007d03d59b65bc6da7e098c4d38fc6dfb6285
ab852e838deccd742a03ca81d4a8d75cf1a00b327db3eaf46bd7da6b6db9384c
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /ren.gif?sid=H4sIAAAAAAAC%2F1RSzWtcVRy9rxlBdFOlG8HF4EIU6uS9%2BchkLFiMNRKMSWwrWd%2BvN7nmvncf9743b5JVakW6HMFFdfVyJmkwhmL%2FAEUmbkpQyWwkYNOluBShiCuZ6cDoD%2B7v457f4pxz72e72TkJkNGztQ%2FMttKazjYqfvm1dRULk7vyys1y4Ff8K%2BV1Fc%2FVr5S7o2Q7bwZ%2Bo%2BK%2FXn5P8k0zW%2FUD3w%2F8oLyorAxNd3aMQiVHraDS8iv1aiVo1NG1%2F59d5sFRD6JzTl6EEsNnNh4%2BgOIDxNG316TbTE1y%2Bd0o0zQ1Fh1x8FG8GZs8RjRtQ%2BshjA8m2zBuSMjdCzDxwUQBTGdvpABMDYn3awAWH0xognX2nzJlGjIGE88j7wwg9QCKDsDNbShxSgAusLKKOLq3YmxOt56idIQOSenJX1D5kJQeXUIc3V%2FQqlu%2BYXSWKhM7dMMCqjuAag%2BQZMdItz2o%2FBg8%2FQRK%2FExmnywjjvZWnTZQohirV2oAFQ6gZQ%2FUechGR3nIQg9Z4iESZ2XaaIW%2B3wxZWKvN1znntRrnjfk50RC1%2BnzoI%2BMjej2kSQ9c98DtDhK7g031%2BSk5hM1%2BgNso4IQHlw6J9%2BEOOqJALglyR5BTglwR5ClB3in2hXZVV9wT2mUsmNTqpNaKvknbu3TfpG0ZE1Db203OyQtje%2F75%2FS425Vk5rFUbgleZ4KLFqO%2FTgNdC3gxZM2iFrTkKpwood2GseFsNyaW3HiNRQ3LhcheMHsPpY3B1ETQLQPN%2Bs%2BqDbvTr8z624%2FsbMk6pekNF7Qo3EYQpkKQlpFverj4nL42ZvDLzGyQ%2FuXr48tGzwat%2FgNsCiS3wsfqRoK3v9K%2BbnOxdN7kjD1aTVEVqm44e8UZKUzlz%2BL7cyo0VS9dc7%2Bu3%2BQgYtUc3pUuXaSxU3HbkmwUlhLSLxnJJvlty65KtZW5jIbNxliyvvbO4FCVWOqdMPABVp6t%2Fg6shKd36fvw9L%2F70KZQdwGYFouyETALKHIMnO3DJlL0zBFZPd1gygzwr%2BrbKppdaEWg5nSkr4P4zs2m%2F6%2B6gbUug6W3EUYGOLdDRBajuwWXP9dPEnlx9%2BOUovgLTpT7TtrTHtNVfjKx9NCTNW3%2BOTR6lx3DqrCwboR9KvypZ2GJhk%2FqiFdZbjLYC2WQNGiB1Q2nWfvkXAAD%2F%2FwEAAP%2F%2FLMfhs4UEAAA%3D HTTP/1.1
Host: fixedencampment.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://fr.hentai-img.com/
Cookie: u_pl=16443288; pdhtkv=true; uncs=1; pdhtkv49=true; uncs49=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Tue, 05 Dec 2023 16:33:21 GMT
Content-Type: image/gif
Content-Length: 7
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: e8ad8ea63cc3e70ad18bfeefcccb8a8c
Strict-Transport-Security: max-age=0; includeSubdomains
poweredby.jads.co/adshow.php?adzone=681607
200 OK 1.7 kB URL GET HTTP/1.1 poweredby.jads.co/adshow.php?adzone=681607
IP
Requested by https://fr.hentai-img.com/image/-ntr-/page/6/
Certificate IssuerSectigo Limited
Subject*.jads.co
Fingerprint9E:B2:20:AC:19:4B:72:8F:12:D9:D6:5A:6A:B5:BE:EE:46:13:48:EB
ValidityMon, 26 Dec 2022 00:00:00 GMT - Fri, 26 Jan 2024 23:59:59 GMT
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with very long lines (423), with CRLF, LF line terminators
Hash d6d8349e2385687a2b5be942c056da5d
f17d20b280b2565b1aa3720b697282a40a537eec
2d736a5823b1bb5c0bb28c93f305af8646932dd2fe6051c405fe59ec8b26b20c
GET /adshow.php?adzone=681607 HTTP/1.1
Host: poweredby.jads.co
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://fr.hentai-img.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Tue, 05 Dec 2023 16:33:21 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: close
X-Powered-By: PHP/5.6.40
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CUR OUR IND STA"
Set-Cookie: surferid=cb22148bbe4e5686ada44e2cb8e72f9a; expires=Wed, 04-Dec-2024 16:33:18 GMT; Max-Age=31536000; path=/; SameSite=None; Secure; domain=.jads.co
imps30553=1; expires=Wed, 06-Dec-2023 16:33:21 GMT; Max-Age=86400; path=/; SameSite=None; Secure; domain=.jads.co
juicy_data_1=YToxOntpOjcxMzIzMztpOjE3MDIwNTMxOTg7fQ%3D%3D; expires=Fri, 08-Dec-2023 16:33:18 GMT; Max-Age=259197; path=/; SameSite=None; Secure; domain=jads.co
juicy_data=YToxOntzOjEyOiJqdWljeV9kYXRhXzEiO3M6MToiMSI7fQ%3D%3D; expires=Fri, 08-Dec-2023 16:33:18 GMT; Max-Age=259197; path=/; SameSite=None; Secure; domain=jads.co
Content-Encoding: gzip
poweredby.jads.co/adshow.php?adzone=681607
200 OK 1.7 kB URL GET HTTP/1.1 poweredby.jads.co/adshow.php?adzone=681607
IP
Requested by https://fr.hentai-img.com/image/-ntr-/page/6/
Certificate IssuerSectigo Limited
Subject*.jads.co
Fingerprint9E:B2:20:AC:19:4B:72:8F:12:D9:D6:5A:6A:B5:BE:EE:46:13:48:EB
ValidityMon, 26 Dec 2022 00:00:00 GMT - Fri, 26 Jan 2024 23:59:59 GMT
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with very long lines (423), with CRLF, LF line terminators
Hash 078d6ef599b7beddef6b3c11c52aac8e
ff2de323560d97d75d41749354656340eecd8f0d
d152b2daa426909dfd83f6d693ccb0bd500809f7f895ac975210db36ce69474e
GET /adshow.php?adzone=681607 HTTP/1.1
Host: poweredby.jads.co
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://fr.hentai-img.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Tue, 05 Dec 2023 16:33:21 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: close
X-Powered-By: PHP/5.6.40
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CUR OUR IND STA"
Set-Cookie: surferid=fe7ba1ce5f9429be939bebe21f1d12d1; expires=Wed, 04-Dec-2024 16:33:20 GMT; Max-Age=31536000; path=/; SameSite=None; Secure; domain=.jads.co
imps30553=1; expires=Wed, 06-Dec-2023 16:33:21 GMT; Max-Age=86400; path=/; SameSite=None; Secure; domain=.jads.co
juicy_data_1=YToxOntpOjcxMzIzMztpOjE3MDIwNTMyMDA7fQ%3D%3D; expires=Fri, 08-Dec-2023 16:33:20 GMT; Max-Age=259199; path=/; SameSite=None; Secure; domain=jads.co
juicy_data=YToxOntzOjEyOiJqdWljeV9kYXRhXzEiO3M6MToiMSI7fQ%3D%3D; expires=Fri, 08-Dec-2023 16:33:20 GMT; Max-Age=259199; path=/; SameSite=None; Secure; domain=jads.co
Content-Encoding: gzip
poweredby.jads.co/adshow.php?adzone=681607
200 OK 1.8 kB URL GET HTTP/1.1 poweredby.jads.co/adshow.php?adzone=681607
IP
Requested by https://fr.hentai-img.com/image/-ntr-/page/6/
Certificate IssuerSectigo Limited
Subject*.jads.co
Fingerprint9E:B2:20:AC:19:4B:72:8F:12:D9:D6:5A:6A:B5:BE:EE:46:13:48:EB
ValidityMon, 26 Dec 2022 00:00:00 GMT - Fri, 26 Jan 2024 23:59:59 GMT
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (1626), with CRLF, LF line terminators
Hash cc65568db9dbf2fc21a43fccc6e54070
2be19ee5c8c1ac234be60e83c333d9c8d9675921
f96195b2f529ede26682e70b5f32c9e62cecf287d98cc61e656c92a236c740d4
GET /adshow.php?adzone=681607 HTTP/1.1
Host: poweredby.jads.co
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://fr.hentai-img.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Tue, 05 Dec 2023 16:33:21 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: close
X-Powered-By: PHP/5.6.40
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CUR OUR IND STA"
Set-Cookie: surferid=fe7ba1ce5f9429be939bebe21f1d12d1; expires=Wed, 04-Dec-2024 16:33:20 GMT; Max-Age=31536000; path=/; SameSite=None; Secure; domain=.jads.co
imps30553=1; expires=Wed, 06-Dec-2023 16:33:21 GMT; Max-Age=86400; path=/; SameSite=None; Secure; domain=.jads.co
juicy_data_1=YToxOntpOjcxMzIzMztpOjE3MDIwNTMyMDA7fQ%3D%3D; expires=Fri, 08-Dec-2023 16:33:20 GMT; Max-Age=259199; path=/; SameSite=None; Secure; domain=jads.co
juicy_data=YToxOntzOjEyOiJqdWljeV9kYXRhXzEiO3M6MToiMSI7fQ%3D%3D; expires=Fri, 08-Dec-2023 16:33:20 GMT; Max-Age=259199; path=/; SameSite=None; Secure; domain=jads.co
Content-Encoding: gzip
cdn.cloudimagesb.com/cti/29/eb/08/29eb08c32bad57ff8c8e14af3a16e9c1/1628586955.jpg
200 OK 23 kB URL GET HTTP/2 cdn.cloudimagesb.com/cti/29/eb/08/29eb08c32bad57ff8c8e14af3a16e9c1/1628586955.jpg
IP
ASN #39572 DataWeb Global Group B.V.
Requested by https://fr.hentai-img.com/image/-ntr-/page/6/
Certificate IssuerLet's Encrypt
Subjectcdn.cloudimagesb.com
Fingerprint71:EC:C0:22:20:76:60:90:92:4C:5C:F3:AD:17:3C:41:B5:00:25:AF
ValidityThu, 23 Nov 2023 05:00:53 GMT - Wed, 21 Feb 2024 05:00:52 GMT
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 320x240, components 3\012- data
Hash 4452445afb73fab8af9ff308eb667024
130401c47d822426e1cce9981c30d775cba1b576
923b0ac505decd181f473f1fa460f21590777993c3581723f127b032d8c45bdd
GET /cti/29/eb/08/29eb08c32bad57ff8c8e14af3a16e9c1/1628586955.jpg HTTP/1.1
Host: cdn.cloudimagesb.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://fr.hentai-img.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Tue, 05 Dec 2023 16:33:21 GMT
content-type: image/jpeg
content-length: 22987
server: nginx/1.21.6
last-modified: Tue, 10 Aug 2021 09:16:05 GMT
etag: "611243d5-59cb"
expires: Thu, 07 Dec 2023 16:33:21 GMT
cache-control: max-age=172800
x-proxy-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
lby2kd27c.com/get/1863026?zoneid=1863026&jp=_cln7x069vf2dea32i3ex0j&nojs=0&abvar=0&febuild=1.0.179&t=0&wcks=1&wgl=0&cnvs=1&os=0&ss=1&ls=1&bb=0&plu=PDF%20Viewer::Chrome%20PDF%20Viewer::Chromium%20PDF%20Viewer::Microsoft%20Edge%20PDF%20Viewer::WebKit%20built-in%20PDF&lang=en-US&pf=Linux%20x86_64&cd=24&ix=0&x=1280&y=1024&md=0&afid=1518903655466496&eclog=0&sp=1&im=1&freq=1
3.2 kB URL lby2kd27c.com/get/1863026?zoneid=1863026&jp=_cln7x069vf2dea32i3ex0j&nojs=0&abvar=0&febuild=1.0.179&t=0&wcks=1&wgl=0&cnvs=1&os=0&ss=1&ls=1&bb=0&plu=PDF%20Viewer::Chrome%20PDF%20Viewer::Chromium%20PDF%20Viewer::Microsoft%20Edge%20PDF%20Viewer::WebKit%20built-in%20PDF&lang=en-US&pf=Linux%20x86_64&cd=24&ix=0&x=1280&y=1024&md=0&afid=1518903655466496&eclog=0&sp=1&im=1&freq=1
IP
Certificate IssuerBuypass AS-983163327
Subject
Fingerprint18:D4:50:75:16:D3:07:57:A9:86:F3:0E:99:AF:B9:B5:11:0D:0D:A4
ValiditySat, 28 Oct 2023 13:43:07 GMT - Wed, 24 Apr 2024 21:59:00 GMT
File type ASCII text, with very long lines (9065), with no line terminators
Hash b32c4ed6169a145b816b91f228809f6b
48ea980f4740feedd1480ca5ced50cf05198c65b
578ea347cb220e5544a11c8a95a3c2e2557a9c224ab3f62c7dcd75633b0bc54c
GET /get/1863026?zoneid=1863026&jp=_cln7x069vf2dea32i3ex0j&nojs=0&abvar=0&febuild=1.0.179&t=0&wcks=1&wgl=0&cnvs=1&os=0&ss=1&ls=1&bb=0&plu=PDF%20Viewer::Chrome%20PDF%20Viewer::Chromium%20PDF%20Viewer::Microsoft%20Edge%20PDF%20Viewer::WebKit%20built-in%20PDF&lang=en-US&pf=Linux%20x86_64&cd=24&ix=0&x=1280&y=1024&md=0&afid=1518903655466496&eclog=0&sp=1&im=1&freq=1 HTTP/1.1
Host: lby2kd27c.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://fr.hentai-img.com/
Cookie: CHCK=1; UID=2312051133e07181d8e1cf45dd8fd216ffe5
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 05 Dec 2023 16:33:19 GMT
content-type: text/javascript; charset=utf-8
vary: Accept-Encoding
x-route-id: config
set-cookie: CHCK=1; Path=/; Expires=Tue, 07 Jan 2025 16:33:19 GMT; Secure; SameSite=None
content-encoding: gzip
timing-allow-origin: *
accept-ch: sec-ch-ua-wow64,sec-ch-ua-full-version-list,sec-ch-ua,sec-ch-ua-platform,sec-ch-ua-mobile,sec-ch-ua-full-version,sec-ch-ua-platform-version,sec-ch-ua-arch,sec-ch-ua-bitness,sec-ch-ua-model,sec-ch-width,sec-ch-viewport-width,sec-ch-viewport-height,sec-ch-dpr,sec-ch-device-memory,sec-ch-rtt,sec-ch-prefers-color-scheme,sec-ch-prefers-reduced-motion,sec-ch-prefers-reduced-transparency,sec-ch-prefers-contrast,sec-ch-forced-colors,sec-ch-prefers-reduced-data
X-Firefox-Spdy: h2
12ezo5v60.com/get/1989865?zoneid=1989865&jp=_clhr1v7lbq8o0x3tl6qd2g&nojs=0&abvar=0&febuild=1.0.179&t=0&wcks=1&wgl=0&cnvs=1&os=0&ss=1&ls=1&bb=0&plu=PDF%20Viewer::Chrome%20PDF%20Viewer::Chromium%20PDF%20Viewer::Microsoft%20Edge%20PDF%20Viewer::WebKit%20built-in%20PDF&lang=en-US&pf=Linux%20x86_64&cd=24&ix=0&x=1280&y=1024&md=0&afid=674478725400064&eclog=0&sp=1&im=1&freq=0
6.4 kB URL 12ezo5v60.com/get/1989865?zoneid=1989865&jp=_clhr1v7lbq8o0x3tl6qd2g&nojs=0&abvar=0&febuild=1.0.179&t=0&wcks=1&wgl=0&cnvs=1&os=0&ss=1&ls=1&bb=0&plu=PDF%20Viewer::Chrome%20PDF%20Viewer::Chromium%20PDF%20Viewer::Microsoft%20Edge%20PDF%20Viewer::WebKit%20built-in%20PDF&lang=en-US&pf=Linux%20x86_64&cd=24&ix=0&x=1280&y=1024&md=0&afid=674478725400064&eclog=0&sp=1&im=1&freq=0
IP
File type gzip compressed data, from Unix\012- data
Hash 8fe5b57b39c19bc7833a195976166dfa
fd6768ca77ed81fe3cb12983bde3ebfee169187e
19cae44784731f806918923f26066d9b3c3f7baa1cda39a0a4e67e74ee41f00d
GET /get/1989865?zoneid=1989865&jp=_clhr1v7lbq8o0x3tl6qd2g&nojs=0&abvar=0&febuild=1.0.179&t=0&wcks=1&wgl=0&cnvs=1&os=0&ss=1&ls=1&bb=0&plu=PDF%20Viewer::Chrome%20PDF%20Viewer::Chromium%20PDF%20Viewer::Microsoft%20Edge%20PDF%20Viewer::WebKit%20built-in%20PDF&lang=en-US&pf=Linux%20x86_64&cd=24&ix=0&x=1280&y=1024&md=0&afid=674478725400064&eclog=0&sp=1&im=1&freq=0 HTTP/1.1
Host: 12ezo5v60.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://fr.hentai-img.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 05 Dec 2023 16:33:20 GMT
content-type: text/javascript; charset=utf-8
vary: Accept-Encoding
x-route-id: config
set-cookie: CHCK=1; Path=/; Expires=Tue, 07 Jan 2025 16:33:20 GMT; Secure; SameSite=None
UID=23120511331970d6c04e1445c9b921ba0ca8; Path=/; Expires=Tue, 07 Jan 2025 16:33:20 GMT; Secure; SameSite=None
content-encoding: gzip
timing-allow-origin: *
accept-ch: sec-ch-ua-wow64,sec-ch-ua-full-version-list,sec-ch-ua,sec-ch-ua-platform,sec-ch-ua-mobile,sec-ch-ua-full-version,sec-ch-ua-platform-version,sec-ch-ua-arch,sec-ch-ua-bitness,sec-ch-ua-model,sec-ch-width,sec-ch-viewport-width,sec-ch-viewport-height,sec-ch-dpr,sec-ch-device-memory,sec-ch-rtt,sec-ch-prefers-color-scheme,sec-ch-prefers-reduced-motion,sec-ch-prefers-reduced-transparency,sec-ch-prefers-contrast,sec-ch-forced-colors,sec-ch-prefers-reduced-data
X-Firefox-Spdy: h2
poweredby.jads.co/js/jads2.js
200 OK 1.7 kB URL GET HTTP/1.1 poweredby.jads.co/js/jads2.js
IP
Requested by https://fr.hentai-img.com/image/-ntr-/page/6/
Certificate IssuerSectigo Limited
Subject*.jads.co
Fingerprint9E:B2:20:AC:19:4B:72:8F:12:D9:D6:5A:6A:B5:BE:EE:46:13:48:EB
ValidityMon, 26 Dec 2022 00:00:00 GMT - Fri, 26 Jan 2024 23:59:59 GMT
File type ASCII text, with very long lines (3758), with no line terminators
Hash bc8141c4650030c41f6a98026b12ce80
af5618f7e467a207d4c64627be580283ab5640cd
5ad0b5133e45b32908a388c8c6dcfca2c23d1d9d3e2ed6a839a742bab1ffde51
GET /js/jads2.js HTTP/1.1
Host: poweredby.jads.co
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://fr.hentai-img.com/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Tue, 05 Dec 2023 16:33:21 GMT
Content-Type: application/x-javascript
Last-Modified: Wed, 20 Sep 2023 21:26:09 GMT
Transfer-Encoding: chunked
Connection: close
ETag: W/"650b6371-eae"
Content-Encoding: gzip
poweredby.jads.co/js/jads2.js
200 OK 1.7 kB URL GET HTTP/1.1 poweredby.jads.co/js/jads2.js
IP
Requested by https://fr.hentai-img.com/image/-ntr-/page/6/
Certificate IssuerSectigo Limited
Subject*.jads.co
Fingerprint9E:B2:20:AC:19:4B:72:8F:12:D9:D6:5A:6A:B5:BE:EE:46:13:48:EB
ValidityMon, 26 Dec 2022 00:00:00 GMT - Fri, 26 Jan 2024 23:59:59 GMT
File type ASCII text, with very long lines (3758), with no line terminators
Hash bc8141c4650030c41f6a98026b12ce80
af5618f7e467a207d4c64627be580283ab5640cd
5ad0b5133e45b32908a388c8c6dcfca2c23d1d9d3e2ed6a839a742bab1ffde51
GET /js/jads2.js HTTP/1.1
Host: poweredby.jads.co
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://fr.hentai-img.com/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Tue, 05 Dec 2023 16:33:21 GMT
Content-Type: application/x-javascript
Last-Modified: Wed, 20 Sep 2023 21:26:09 GMT
Transfer-Encoding: chunked
Connection: close
ETag: W/"650b6371-eae"
Content-Encoding: gzip
cdn.cloudimagesb.com/cti/4e/61/98/4e619871efbab123abb0e0121e08e11d/1628586907.jpg
23 kB URL cdn.cloudimagesb.com/cti/4e/61/98/4e619871efbab123abb0e0121e08e11d/1628586907.jpg
IP
ASN #39572 DataWeb Global Group B.V.
Certificate IssuerLet's Encrypt
Subjectcdn.cloudimagesb.com
Fingerprint71:EC:C0:22:20:76:60:90:92:4C:5C:F3:AD:17:3C:41:B5:00:25:AF
ValidityThu, 23 Nov 2023 05:00:53 GMT - Wed, 21 Feb 2024 05:00:52 GMT
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 320x240, components 3\012- data
Hash c6f19781c79ff746b99178f813cfbff2
5c307e43c63001535aa3a3683777dbb1a7f0775b
816b5a5d078f27271fa2d7c210d708f386a6f9fbd9242531b07f0b051382870d
GET /cti/4e/61/98/4e619871efbab123abb0e0121e08e11d/1628586907.jpg HTTP/1.1
Host: cdn.cloudimagesb.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://fr.hentai-img.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Tue, 05 Dec 2023 16:33:21 GMT
content-type: image/jpeg
content-length: 22883
server: nginx/1.21.6
last-modified: Tue, 10 Aug 2021 09:15:16 GMT
etag: "611243a4-5963"
expires: Thu, 07 Dec 2023 16:33:21 GMT
cache-control: max-age=172800
x-proxy-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
friendshipmale.com/sfp.js
57 kB URL friendshipmale.com/sfp.js
IP
File type Unicode text, UTF-8 text, with very long lines (65529), with no line terminators
Hash 924e967bca1d599992556a8d139b1c5a
222b09dbf164ddc03d39100fd0524a22018d28b2
ac84c2f8288b59f8e04ba77287ce696052bfeee0d462a566d94dc305df646c95
GET /sfp.js HTTP/1.1
Host: friendshipmale.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://fr.hentai-img.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Tue, 05 Dec 2023 16:33:20 GMT
content-type: application/javascript; charset=utf-8
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
access-control-allow-origin: *
expires: Thu, 01 Jan 1970 00:00:01 GMT
cache-control: max-age=14400
x-request-id: 7b468ba873dca14f4a4bb0d4136c7e59
strict-transport-security: max-age=0; includeSubdomains
cf-cache-status: EXPIRED
last-modified: Tue, 05 Dec 2023 16:33:20 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2FUPMXxK%2FmULsgih%2BCaVCuH2FebkRdqq%2FuEA9a8k8I7Y3tzwxOFcDFBpSXWbbhgP9Cf0JtxXqMi0fo2UxbvoLBsiqFssFYAOzCmJ0RLQ1ZPwWb9RNzzp30Nl5j7FnK3Ao42jwuzo%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 830db0b62fb777b1-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
cdn.cloudimagesb.com/si/b9/5d/e2/b95de288caeec55111c172964c8a9c84/1662036680.jpg
21 kB URL cdn.cloudimagesb.com/si/b9/5d/e2/b95de288caeec55111c172964c8a9c84/1662036680.jpg
IP
ASN #39572 DataWeb Global Group B.V.
Certificate IssuerLet's Encrypt
Subjectcdn.cloudimagesb.com
Fingerprint71:EC:C0:22:20:76:60:90:92:4C:5C:F3:AD:17:3C:41:B5:00:25:AF
ValidityThu, 23 Nov 2023 05:00:53 GMT - Wed, 21 Feb 2024 05:00:52 GMT
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 320x240, components 3\012- data
Hash 8f4953c1b8baece7bb7d226247561ce2
da5d440970606602026d7900a55ae2fd27a3f170
8fd9df7d8e48ff2519631e82e01519d4f1c65abd41ec977c18abb58df9832919
GET /si/b9/5d/e2/b95de288caeec55111c172964c8a9c84/1662036680.jpg HTTP/1.1
Host: cdn.cloudimagesb.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://fr.hentai-img.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Tue, 05 Dec 2023 16:33:21 GMT
content-type: image/jpeg
content-length: 20566
server: nginx/1.21.6
last-modified: Thu, 01 Sep 2022 12:51:28 GMT
etag: "6310aad0-5056"
expires: Thu, 07 Dec 2023 16:33:21 GMT
cache-control: max-age=172800
x-proxy-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
cdn.cloudimagesb.com/cti/bb/16/b7/bb16b71b76fc43a6abd135721b32a822/1658915518.png
145 kB URL cdn.cloudimagesb.com/cti/bb/16/b7/bb16b71b76fc43a6abd135721b32a822/1658915518.png
IP
ASN #39572 DataWeb Global Group B.V.
Certificate IssuerLet's Encrypt
Subjectcdn.cloudimagesb.com
Fingerprint71:EC:C0:22:20:76:60:90:92:4C:5C:F3:AD:17:3C:41:B5:00:25:AF
ValidityThu, 23 Nov 2023 05:00:53 GMT - Wed, 21 Feb 2024 05:00:52 GMT
File type PNG image data, 300 x 250, 8-bit/color RGBA, non-interlaced\012- data
Size 145 kB (145012 bytes)
Hash 620dee7dda3ab0a55fef5e66735e48e1
c03458e7950bed758e4352ec7a78bb434a3164b1
8552142726040854ba6a1d57037aa513e8cb424e3e5b96f017fb742f7c9255c3
GET /cti/bb/16/b7/bb16b71b76fc43a6abd135721b32a822/1658915518.png HTTP/1.1
Host: cdn.cloudimagesb.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Tue, 05 Dec 2023 16:33:21 GMT
content-type: image/png
content-length: 145012
server: nginx/1.21.6
last-modified: Wed, 27 Jul 2022 09:52:06 GMT
etag: "62e10ac6-23674"
expires: Thu, 07 Dec 2023 16:33:21 GMT
cache-control: max-age=172800
x-proxy-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
fixedencampment.com/impr.gif?sid=H4sIAAAAAAAC%2F1RSz2skRRit3h1B9LLKXgQPgwdRWCfd82NnxgUX1zUSjEncXcm5uqp6Uqa6qqnqnp7klHVB9ziCh9VT502ywRgW9w9QZOJlCSqZiwTc7FE8irCIJ5nJwOgH3d%2F76n2H917Vp9vZKQmQ0ZOVD8ymVIrONSp%2B%2BbVVqbnJXXnpVjnwK%2F6V8qrUl%2BtXyr3xz3bfDPxGxX%2B9%2FJ5g62au6ge%2BH%2FhBeV5aEZne3ISFTA7aQaXtV%2BrVStCoo2f%2FP7vMg6MeePeUvAjJR8%2BsPXoIyYbQ8bfXhVtPTXLp3ThTNDUWXb73kV7XJteIZzCyHiK9N92GcSNC7p2D0XtTBzDdnbEDhHJEvF8DhHpvKhNhd%2FdMaaggNEL%2BPPLuEEINIekQzNyB5McEYBxLy9Dx%2FSVjc7pxxtIxOyKlp39B5iNSenwROn5wTcle%2BaZRWSqNduhFBWRvCNkZIskOkW56kPkhWPoJJP%2BZzD1dhI53lp0ykLyYuJdyCBkNoUQf1HnIxp%2F0kEUessRDzE%2FKtNGOfL8ZhVGt1qozxmo1xhqty7zBa%2FVW5CNjY3l9pEkfTPXB7BYSu4V1%2Bfkx2YfNfoBbK%2BC4B5eOiPfhFrq8QC4IckeQU4JcEuQpQd4tdrlyVVfc58plYTDt1WmvFQOTdrbprkk7QhNQ299OTskLk3j%2B%2Bf0e1sVJOapVG5xVQ854O6S%2BTwNWi1gzCptBO2pfpnCygHTnJo435YhcfOsJEjki5y71ENJDOHUIJi%2BAZgFoPmhWfdC1Qb3lY1M%2FWBM6pfINGXcqzMTgpkCSlpBueNvqlLw0UfLK%2BScQ7Ojq%2FssHzwav%2FgFmCyS2wMfyR4KOuju4YXKyc8PkjjxcTlIZy006vsSbKU3F%2Bf33xUZuLF%2B47vpfv83GxBge3BIuXaSaS91x5JtrknNh541lgny34FZFuJK5tWuZ1VmyuPLO%2FEKcWOGcNHoIKo%2BX%2FwaTI1K6%2Ff3keV746TNIO4TNCsTZEZkWpDkES7bgkpl6Zwismu2ESQl5VgxsNZwdKkmgxGymYQH3nzmc4W13Fx1bAk3vQMcFurZAVxWgqg%2BXPTdIE3t09dGX4%2FoKoSoNQmVLO6Gy6otxtI9HpHn7zzH67SxpJ0%2FKjaAuWmGryTgPBeNBs1pr1Xy%2Fynm92RZBG6kbCbPyy78AAAD%2F%2FwEAAP%2F%2F%2Brc4YYUEAAA%3D
200 OK 7 B URL GET HTTP/1.1 fixedencampment.com/impr.gif?sid=H4sIAAAAAAAC%2F1RSz2skRRit3h1B9LLKXgQPgwdRWCfd82NnxgUX1zUSjEncXcm5uqp6Uqa6qqnqnp7klHVB9ziCh9VT502ywRgW9w9QZOJlCSqZiwTc7FE8irCIJ5nJwOgH3d%2F76n2H917Vp9vZKQmQ0ZOVD8ymVIrONSp%2B%2BbVVqbnJXXnpVjnwK%2F6V8qrUl%2BtXyr3xz3bfDPxGxX%2B9%2FJ5g62au6ge%2BH%2FhBeV5aEZne3ISFTA7aQaXtV%2BrVStCoo2f%2FP7vMg6MeePeUvAjJR8%2BsPXoIyYbQ8bfXhVtPTXLp3ThTNDUWXb73kV7XJteIZzCyHiK9N92GcSNC7p2D0XtTBzDdnbEDhHJEvF8DhHpvKhNhd%2FdMaaggNEL%2BPPLuEEINIekQzNyB5McEYBxLy9Dx%2FSVjc7pxxtIxOyKlp39B5iNSenwROn5wTcle%2BaZRWSqNduhFBWRvCNkZIskOkW56kPkhWPoJJP%2BZzD1dhI53lp0ykLyYuJdyCBkNoUQf1HnIxp%2F0kEUessRDzE%2FKtNGOfL8ZhVGt1qozxmo1xhqty7zBa%2FVW5CNjY3l9pEkfTPXB7BYSu4V1%2Bfkx2YfNfoBbK%2BC4B5eOiPfhFrq8QC4IckeQU4JcEuQpQd4tdrlyVVfc58plYTDt1WmvFQOTdrbprkk7QhNQ299OTskLk3j%2B%2Bf0e1sVJOapVG5xVQ854O6S%2BTwNWi1gzCptBO2pfpnCygHTnJo435YhcfOsJEjki5y71ENJDOHUIJi%2BAZgFoPmhWfdC1Qb3lY1M%2FWBM6pfINGXcqzMTgpkCSlpBueNvqlLw0UfLK%2BScQ7Ojq%2FssHzwav%2FgFmCyS2wMfyR4KOuju4YXKyc8PkjjxcTlIZy006vsSbKU3F%2Bf33xUZuLF%2B47vpfv83GxBge3BIuXaSaS91x5JtrknNh541lgny34FZFuJK5tWuZ1VmyuPLO%2FEKcWOGcNHoIKo%2BX%2FwaTI1K6%2Ff3keV746TNIO4TNCsTZEZkWpDkES7bgkpl6Zwismu2ESQl5VgxsNZwdKkmgxGymYQH3nzmc4W13Fx1bAk3vQMcFurZAVxWgqg%2BXPTdIE3t09dGX4%2FoKoSoNQmVLO6Gy6otxtI9HpHn7zzH67SxpJ0%2FKjaAuWmGryTgPBeNBs1pr1Xy%2Fynm92RZBG6kbCbPyy78AAAD%2F%2FwEAAP%2F%2F%2Brc4YYUEAAA%3D
IP
ASN #39572 DataWeb Global Group B.V.
Requested by https://fr.hentai-img.com/image/-ntr-/page/6/
Certificate IssuerLet's Encrypt
Subjectfixedencampment.com
Fingerprint69:01:89:A0:02:2B:E6:FC:72:F8:53:1D:E8:B8:52:AB:EB:5F:A9:A7
ValidityTue, 28 Nov 2023 07:58:26 GMT - Mon, 26 Feb 2024 07:58:25 GMT
File type ASCII text, with no line terminators
Hash 132d6af1b46048b45cf86cdee7991d31
eb7007d03d59b65bc6da7e098c4d38fc6dfb6285
ab852e838deccd742a03ca81d4a8d75cf1a00b327db3eaf46bd7da6b6db9384c
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /impr.gif?sid=H4sIAAAAAAAC%2F1RSz2skRRit3h1B9LLKXgQPgwdRWCfd82NnxgUX1zUSjEncXcm5uqp6Uqa6qqnqnp7klHVB9ziCh9VT502ywRgW9w9QZOJlCSqZiwTc7FE8irCIJ5nJwOgH3d%2F76n2H917Vp9vZKQmQ0ZOVD8ymVIrONSp%2B%2BbVVqbnJXXnpVjnwK%2F6V8qrUl%2BtXyr3xz3bfDPxGxX%2B9%2FJ5g62au6ge%2BH%2FhBeV5aEZne3ISFTA7aQaXtV%2BrVStCoo2f%2FP7vMg6MeePeUvAjJR8%2BsPXoIyYbQ8bfXhVtPTXLp3ThTNDUWXb73kV7XJteIZzCyHiK9N92GcSNC7p2D0XtTBzDdnbEDhHJEvF8DhHpvKhNhd%2FdMaaggNEL%2BPPLuEEINIekQzNyB5McEYBxLy9Dx%2FSVjc7pxxtIxOyKlp39B5iNSenwROn5wTcle%2BaZRWSqNduhFBWRvCNkZIskOkW56kPkhWPoJJP%2BZzD1dhI53lp0ykLyYuJdyCBkNoUQf1HnIxp%2F0kEUessRDzE%2FKtNGOfL8ZhVGt1qozxmo1xhqty7zBa%2FVW5CNjY3l9pEkfTPXB7BYSu4V1%2Bfkx2YfNfoBbK%2BC4B5eOiPfhFrq8QC4IckeQU4JcEuQpQd4tdrlyVVfc58plYTDt1WmvFQOTdrbprkk7QhNQ299OTskLk3j%2B%2Bf0e1sVJOapVG5xVQ854O6S%2BTwNWi1gzCptBO2pfpnCygHTnJo435YhcfOsJEjki5y71ENJDOHUIJi%2BAZgFoPmhWfdC1Qb3lY1M%2FWBM6pfINGXcqzMTgpkCSlpBueNvqlLw0UfLK%2BScQ7Ojq%2FssHzwav%2FgFmCyS2wMfyR4KOuju4YXKyc8PkjjxcTlIZy006vsSbKU3F%2Bf33xUZuLF%2B47vpfv83GxBge3BIuXaSaS91x5JtrknNh541lgny34FZFuJK5tWuZ1VmyuPLO%2FEKcWOGcNHoIKo%2BX%2FwaTI1K6%2Ff3keV746TNIO4TNCsTZEZkWpDkES7bgkpl6Zwismu2ESQl5VgxsNZwdKkmgxGymYQH3nzmc4W13Fx1bAk3vQMcFurZAVxWgqg%2BXPTdIE3t09dGX4%2FoKoSoNQmVLO6Gy6otxtI9HpHn7zzH67SxpJ0%2FKjaAuWmGryTgPBeNBs1pr1Xy%2Fynm92RZBG6kbCbPyy78AAAD%2F%2FwEAAP%2F%2F%2Brc4YYUEAAA%3D HTTP/1.1
Host: fixedencampment.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://fr.hentai-img.com/
Cookie: u_pl=16443288; pdhtkv=true; uncs=1; pdhtkv49=true; uncs49=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Tue, 05 Dec 2023 16:33:21 GMT
Content-Type: image/gif
Content-Length: 7
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 57c6b44a87402c6ca90fa77b345958d8
Strict-Transport-Security: max-age=0; includeSubdomains
fixedencampment.com/impr.gif?sid=H4sIAAAAAAAC%2F1RSz2tcRRyf164geqnSi%2BBh8SAKdfPe%2FujuWrAYayQYk9hWcp43M28zZt7MY%2Ba9fZucUivS4woeqqeXzyYNxlDsH6DIxksJKtmLBGx6FI8iFPEku11Y%2FcJ8f8zne%2Fh8PjOf7WRnJEBGT1c%2FMFtSKTrXqPjl19ak5iZ35eWb5cCv%2BFfKa1Jfrl8p98bJdt8M%2FEbFf738nmAbZq7qB74f%2BEF5QVoRmd7cBIVMDttBpe1X6tVK0KijZ%2F8%2Fu8yDox5494y8CMlHz6w%2FfADJhtDxt9eE20hNcundOFM0NRZdvv%2BR3tAm14hnbWQ9RHp%2Fug3jRoTcPQej96cKYLq7YwUI5Yh4vwYI9f6UJsLu3lOmoYLQCPnzyLtDCDWEpEMwcxuSnxCAcSyvQMf3lo3N6eZTlI7RESk9%2BQsyH5HSo4vQ8f15JXvlG0ZlqTTaoRcVkL0hZGeIJDtCuuVB5kdg6SeQ%2FGcy92QJOt5dccpA8mKiXsohZDSEEn1Q5yEbH%2BkhizxkiYeYn5Zpox35fjMKo1qtVWeM1WqMNVqXeYPX6q3IR8bG9PpIkz6Y6oPZbSR2Gxvy8xNyAJv9ALdewHEPLh0R78NtdHmBXBDkjiCnBLkkyFOCvFvsceWqrrjHlcvCYFqr01orBibt7NA9k3aEJqC2v5OckRcm9vzz%2B11siNNyVKs2OKuGnPF2SH2fBqwWsWYUNoN21L5M4WQB6c5NFG%2FJEbn41mMkckTOXeohpEdw6ghMXgDNAtB80Kz6oOuDesvHlr6%2FLnRK5Rsy7lSYicFNgSQtId30dtQZeWnC5JXzv0Gw46sHLx8%2BG7z6B5gtkNgCH8sfCTrqzuC6ycnudZM78mAlSWUst%2Bj4EW%2BkNBXnD94Xm7mxfPGa63%2F9NhsD4%2FbwpnDpEtVc6o4j38xLzoVdMJYJ8t2iWxPhaubW5zOrs2Rp9Z2FxTixwjlp9BBUnqz8DSZHpHTr%2B8n3vPDTp5B2CJsViLNjMg1IcwSWbMMlM%2FbOEFg12wmT88izYmCr4exSSQIlZjMNC7j%2FzOGs33F30LEl0PQ2dFygawt0VQGq%2BnDZc4M0scdXH345jq8QqtIgVLa0Gyqrvhhb%2B2hEmrf%2BnJg8To%2Fh5Gm5EdRFK2w1GeehYDxoVmutmu9XOa832yJoI3UjYVZ%2F%2BRcAAP%2F%2FAQAA%2F%2F84z29VhQQAAA%3D%3D
7 B URL fixedencampment.com/impr.gif?sid=H4sIAAAAAAAC%2F1RSz2tcRRyf164geqnSi%2BBh8SAKdfPe%2FujuWrAYayQYk9hWcp43M28zZt7MY%2Ba9fZucUivS4woeqqeXzyYNxlDsH6DIxksJKtmLBGx6FI8iFPEku11Y%2FcJ8f8zne%2Fh8PjOf7WRnJEBGT1c%2FMFtSKTrXqPjl19ak5iZ35eWb5cCv%2BFfKa1Jfrl8p98bJdt8M%2FEbFf738nmAbZq7qB74f%2BEF5QVoRmd7cBIVMDttBpe1X6tVK0KijZ%2F8%2Fu8yDox5494y8CMlHz6w%2FfADJhtDxt9eE20hNcundOFM0NRZdvv%2BR3tAm14hnbWQ9RHp%2Fug3jRoTcPQej96cKYLq7YwUI5Yh4vwYI9f6UJsLu3lOmoYLQCPnzyLtDCDWEpEMwcxuSnxCAcSyvQMf3lo3N6eZTlI7RESk9%2BQsyH5HSo4vQ8f15JXvlG0ZlqTTaoRcVkL0hZGeIJDtCuuVB5kdg6SeQ%2FGcy92QJOt5dccpA8mKiXsohZDSEEn1Q5yEbH%2BkhizxkiYeYn5Zpox35fjMKo1qtVWeM1WqMNVqXeYPX6q3IR8bG9PpIkz6Y6oPZbSR2Gxvy8xNyAJv9ALdewHEPLh0R78NtdHmBXBDkjiCnBLkkyFOCvFvsceWqrrjHlcvCYFqr01orBibt7NA9k3aEJqC2v5OckRcm9vzz%2B11siNNyVKs2OKuGnPF2SH2fBqwWsWYUNoN21L5M4WQB6c5NFG%2FJEbn41mMkckTOXeohpEdw6ghMXgDNAtB80Kz6oOuDesvHlr6%2FLnRK5Rsy7lSYicFNgSQtId30dtQZeWnC5JXzv0Gw46sHLx8%2BG7z6B5gtkNgCH8sfCTrqzuC6ycnudZM78mAlSWUst%2Bj4EW%2BkNBXnD94Xm7mxfPGa63%2F9NhsD4%2FbwpnDpEtVc6o4j38xLzoVdMJYJ8t2iWxPhaubW5zOrs2Rp9Z2FxTixwjlp9BBUnqz8DSZHpHTr%2B8n3vPDTp5B2CJsViLNjMg1IcwSWbMMlM%2FbOEFg12wmT88izYmCr4exSSQIlZjMNC7j%2FzOGs33F30LEl0PQ2dFygawt0VQGq%2BnDZc4M0scdXH345jq8QqtIgVLa0Gyqrvhhb%2B2hEmrf%2BnJg8To%2Fh5Gm5EdRFK2w1GeehYDxoVmutmu9XOa832yJoI3UjYVZ%2F%2BRcAAP%2F%2FAQAA%2F%2F84z29VhQQAAA%3D%3D
IP
ASN #39572 DataWeb Global Group B.V.
File type ASCII text, with no line terminators
Hash 132d6af1b46048b45cf86cdee7991d31
eb7007d03d59b65bc6da7e098c4d38fc6dfb6285
ab852e838deccd742a03ca81d4a8d75cf1a00b327db3eaf46bd7da6b6db9384c
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /impr.gif?sid=H4sIAAAAAAAC%2F1RSz2tcRRyf164geqnSi%2BBh8SAKdfPe%2FujuWrAYayQYk9hWcp43M28zZt7MY%2Ba9fZucUivS4woeqqeXzyYNxlDsH6DIxksJKtmLBGx6FI8iFPEku11Y%2FcJ8f8zne%2Fh8PjOf7WRnJEBGT1c%2FMFtSKTrXqPjl19ak5iZ35eWb5cCv%2BFfKa1Jfrl8p98bJdt8M%2FEbFf738nmAbZq7qB74f%2BEF5QVoRmd7cBIVMDttBpe1X6tVK0KijZ%2F8%2Fu8yDox5494y8CMlHz6w%2FfADJhtDxt9eE20hNcundOFM0NRZdvv%2BR3tAm14hnbWQ9RHp%2Fug3jRoTcPQej96cKYLq7YwUI5Yh4vwYI9f6UJsLu3lOmoYLQCPnzyLtDCDWEpEMwcxuSnxCAcSyvQMf3lo3N6eZTlI7RESk9%2BQsyH5HSo4vQ8f15JXvlG0ZlqTTaoRcVkL0hZGeIJDtCuuVB5kdg6SeQ%2FGcy92QJOt5dccpA8mKiXsohZDSEEn1Q5yEbH%2BkhizxkiYeYn5Zpox35fjMKo1qtVWeM1WqMNVqXeYPX6q3IR8bG9PpIkz6Y6oPZbSR2Gxvy8xNyAJv9ALdewHEPLh0R78NtdHmBXBDkjiCnBLkkyFOCvFvsceWqrrjHlcvCYFqr01orBibt7NA9k3aEJqC2v5OckRcm9vzz%2B11siNNyVKs2OKuGnPF2SH2fBqwWsWYUNoN21L5M4WQB6c5NFG%2FJEbn41mMkckTOXeohpEdw6ghMXgDNAtB80Kz6oOuDesvHlr6%2FLnRK5Rsy7lSYicFNgSQtId30dtQZeWnC5JXzv0Gw46sHLx8%2BG7z6B5gtkNgCH8sfCTrqzuC6ycnudZM78mAlSWUst%2Bj4EW%2BkNBXnD94Xm7mxfPGa63%2F9NhsD4%2FbwpnDpEtVc6o4j38xLzoVdMJYJ8t2iWxPhaubW5zOrs2Rp9Z2FxTixwjlp9BBUnqz8DSZHpHTr%2B8n3vPDTp5B2CJsViLNjMg1IcwSWbMMlM%2FbOEFg12wmT88izYmCr4exSSQIlZjMNC7j%2FzOGs33F30LEl0PQ2dFygawt0VQGq%2BnDZc4M0scdXH345jq8QqtIgVLa0Gyqrvhhb%2B2hEmrf%2BnJg8To%2Fh5Gm5EdRFK2w1GeehYDxoVmutmu9XOa832yJoI3UjYVZ%2F%2BRcAAP%2F%2FAQAA%2F%2F84z29VhQQAAA%3D%3D HTTP/1.1
Host: fixedencampment.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://fr.hentai-img.com/
Cookie: u_pl=16443288; pdhtkv=true; uncs=1; pdhtkv49=true; uncs49=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Tue, 05 Dec 2023 16:33:21 GMT
Content-Type: image/gif
Content-Length: 7
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 359e03fe83fa852f22ae3c5deb3c36f0
Strict-Transport-Security: max-age=0; includeSubdomains
fixedencampment.com/impr.gif?sid=H4sIAAAAAAAC%2F1RSz2skRRSu3h1B9LLKXgQPgwdRWCfd82NnxgUX4xoJxiTuruRcXVU9KVNd1VR1T09yyrooexzBw%2Bqp802ywRgW9w9QZOJlCSqZiwTc7FE8irCIJ5nZgdEH9d736nuH73tVn%2B1kZyRARk9XPzBbUik616j45dfWpOYmd%2BXlm%2BXAr%2FhXymtSX65fKffGyXbfDPxGxX%2B9%2FJ5gG2au6ge%2BH%2FhBeUFaEZne3ISFTA7bQaXtV%2BrVStCoo2f%2F37vMg6MeePeMvAjJR8%2BsP3wAyYbQ8bfXhNtITXLp3ThTNDUWXb7%2Fkd7QJteIZzCyHiK9P52GcSNC7p6D0ftTBzDd3bEDhHJEvF8DhHp%2FKhNhd%2B%2Bp0lBBaIT8eeTdIYQaQtIhmLkNyU8IwDiWV6Dje8vG5nTzKUvH7IiUnvwFmY9I6dFF6Pj%2BvJK98g2jslQa7dCLCsjeELIzRJIdId3yIPMjsPQTSP4zmXuyBB3vrjhlIHkxcS%2FlEDIaQok%2BqPOQjY%2F0kEUessRDzE%2FLtNGOfL8ZhVGt1qozxmo1xhqty7zBa%2FVW5CNjY3l9pEkfTPXB7DYSu40N%2BfkJOYDNfoBbL%2BC4B5eOiPfhNrq8QC4IckeQU4JcEuQpQd4t9rhyVVfc48plYTCt1WmtFQOTdnbonkk7QhNQ299JzsgLk%2FX88%2FtdbIjTclSrNjirhpzxdkh9nwasFrFmFDaDdtS%2BTOFkAenOTRxvyRG5%2BNZjJHJEzl3qIaRHcOoITF4AzQLQfNCs%2BqDrg3rLx5a%2Bvy50SuUbMu5UmInBTYEkLSHd9HbUGXlpouSV848g2PHVg5cPnw1e%2FQPMFkhsgY%2FljwQddWdw3eRk97rJHXmwkqQyllt0%2FIg3UpqK8wfvi83cWL54zfW%2FfpuNiTE8vClcukQ1l7rjyDfzknNhF4xlgny36NZEuJq59fnM6ixZWn1nYTFOrHBOGj0ElScrf4PJESnd%2Bn7yPS%2F89CmkHcJmBeLsmEwD0hyBJdtwyUy9MwRWzWbCxEOeFQNbDWeXShIoMetpWMD9pw9neMfdQceWQNPb0HGBri3QVQWo6sNlzw3SxB5fffjlOL5CqEqDUNnSbqis%2BmKy2hFp3vpzjH4bp8dw8rTcCOqiFbaajPNQMB40q7VWzfernNebbRG0kbqRMKu%2F%2FAsAAP%2F%2FAQAA%2F%2F%2FZKgsnhQQAAA%3D%3D
200 OK 7 B URL GET HTTP/1.1 fixedencampment.com/impr.gif?sid=H4sIAAAAAAAC%2F1RSz2skRRSu3h1B9LLKXgQPgwdRWCfd82NnxgUX4xoJxiTuruRcXVU9KVNd1VR1T09yyrooexzBw%2Bqp802ywRgW9w9QZOJlCSqZiwTc7FE8irCIJ5nZgdEH9d736nuH73tVn%2B1kZyRARk9XPzBbUik616j45dfWpOYmd%2BXlm%2BXAr%2FhXymtSX65fKffGyXbfDPxGxX%2B9%2FJ5gG2au6ge%2BH%2FhBeUFaEZne3ISFTA7bQaXtV%2BrVStCoo2f%2F37vMg6MeePeMvAjJR8%2BsP3wAyYbQ8bfXhNtITXLp3ThTNDUWXb7%2Fkd7QJteIZzCyHiK9P52GcSNC7p6D0ftTBzDd3bEDhHJEvF8DhHp%2FKhNhd%2B%2Bp0lBBaIT8eeTdIYQaQtIhmLkNyU8IwDiWV6Dje8vG5nTzKUvH7IiUnvwFmY9I6dFF6Pj%2BvJK98g2jslQa7dCLCsjeELIzRJIdId3yIPMjsPQTSP4zmXuyBB3vrjhlIHkxcS%2FlEDIaQok%2BqPOQjY%2F0kEUessRDzE%2FLtNGOfL8ZhVGt1qozxmo1xhqty7zBa%2FVW5CNjY3l9pEkfTPXB7DYSu40N%2BfkJOYDNfoBbL%2BC4B5eOiPfhNrq8QC4IckeQU4JcEuQpQd4t9rhyVVfc48plYTCt1WmtFQOTdnbonkk7QhNQ299JzsgLk%2FX88%2FtdbIjTclSrNjirhpzxdkh9nwasFrFmFDaDdtS%2BTOFkAenOTRxvyRG5%2BNZjJHJEzl3qIaRHcOoITF4AzQLQfNCs%2BqDrg3rLx5a%2Bvy50SuUbMu5UmInBTYEkLSHd9HbUGXlpouSV848g2PHVg5cPnw1e%2FQPMFkhsgY%2FljwQddWdw3eRk97rJHXmwkqQyllt0%2FIg3UpqK8wfvi83cWL54zfW%2FfpuNiTE8vClcukQ1l7rjyDfzknNhF4xlgny36NZEuJq59fnM6ixZWn1nYTFOrHBOGj0ElScrf4PJESnd%2Bn7yPS%2F89CmkHcJmBeLsmEwD0hyBJdtwyUy9MwRWzWbCxEOeFQNbDWeXShIoMetpWMD9pw9neMfdQceWQNPb0HGBri3QVQWo6sNlzw3SxB5fffjlOL5CqEqDUNnSbqis%2BmKy2hFp3vpzjH4bp8dw8rTcCOqiFbaajPNQMB40q7VWzfernNebbRG0kbqRMKu%2F%2FAsAAP%2F%2FAQAA%2F%2F%2FZKgsnhQQAAA%3D%3D
IP
ASN #39572 DataWeb Global Group B.V.
Requested by https://fr.hentai-img.com/image/-ntr-/page/6/
Certificate IssuerLet's Encrypt
Subjectfixedencampment.com
Fingerprint69:01:89:A0:02:2B:E6:FC:72:F8:53:1D:E8:B8:52:AB:EB:5F:A9:A7
ValidityTue, 28 Nov 2023 07:58:26 GMT - Mon, 26 Feb 2024 07:58:25 GMT
File type ASCII text, with no line terminators
Hash 132d6af1b46048b45cf86cdee7991d31
eb7007d03d59b65bc6da7e098c4d38fc6dfb6285
ab852e838deccd742a03ca81d4a8d75cf1a00b327db3eaf46bd7da6b6db9384c
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /impr.gif?sid=H4sIAAAAAAAC%2F1RSz2skRRSu3h1B9LLKXgQPgwdRWCfd82NnxgUX4xoJxiTuruRcXVU9KVNd1VR1T09yyrooexzBw%2Bqp802ywRgW9w9QZOJlCSqZiwTc7FE8irCIJ5nZgdEH9d736nuH73tVn%2B1kZyRARk9XPzBbUik616j45dfWpOYmd%2BXlm%2BXAr%2FhXymtSX65fKffGyXbfDPxGxX%2B9%2FJ5gG2au6ge%2BH%2FhBeUFaEZne3ISFTA7bQaXtV%2BrVStCoo2f%2F37vMg6MeePeMvAjJR8%2BsP3wAyYbQ8bfXhNtITXLp3ThTNDUWXb7%2Fkd7QJteIZzCyHiK9P52GcSNC7p6D0ftTBzDd3bEDhHJEvF8DhHp%2FKhNhd%2B%2Bp0lBBaIT8eeTdIYQaQtIhmLkNyU8IwDiWV6Dje8vG5nTzKUvH7IiUnvwFmY9I6dFF6Pj%2BvJK98g2jslQa7dCLCsjeELIzRJIdId3yIPMjsPQTSP4zmXuyBB3vrjhlIHkxcS%2FlEDIaQok%2BqPOQjY%2F0kEUessRDzE%2FLtNGOfL8ZhVGt1qozxmo1xhqty7zBa%2FVW5CNjY3l9pEkfTPXB7DYSu40N%2BfkJOYDNfoBbL%2BC4B5eOiPfhNrq8QC4IckeQU4JcEuQpQd4t9rhyVVfc48plYTCt1WmtFQOTdnbonkk7QhNQ299JzsgLk%2FX88%2FtdbIjTclSrNjirhpzxdkh9nwasFrFmFDaDdtS%2BTOFkAenOTRxvyRG5%2BNZjJHJEzl3qIaRHcOoITF4AzQLQfNCs%2BqDrg3rLx5a%2Bvy50SuUbMu5UmInBTYEkLSHd9HbUGXlpouSV848g2PHVg5cPnw1e%2FQPMFkhsgY%2FljwQddWdw3eRk97rJHXmwkqQyllt0%2FIg3UpqK8wfvi83cWL54zfW%2FfpuNiTE8vClcukQ1l7rjyDfzknNhF4xlgny36NZEuJq59fnM6ixZWn1nYTFOrHBOGj0ElScrf4PJESnd%2Bn7yPS%2F89CmkHcJmBeLsmEwD0hyBJdtwyUy9MwRWzWbCxEOeFQNbDWeXShIoMetpWMD9pw9neMfdQceWQNPb0HGBri3QVQWo6sNlzw3SxB5fffjlOL5CqEqDUNnSbqis%2BmKy2hFp3vpzjH4bp8dw8rTcCOqiFbaajPNQMB40q7VWzfernNebbRG0kbqRMKu%2F%2FAsAAP%2F%2FAQAA%2F%2F%2FZKgsnhQQAAA%3D%3D HTTP/1.1
Host: fixedencampment.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://fr.hentai-img.com/
Cookie: u_pl=16443288; pdhtkv=true; uncs=1; pdhtkv49=true; uncs49=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Tue, 05 Dec 2023 16:33:21 GMT
Content-Type: image/gif
Content-Length: 7
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 67540ac64691a8330c3124c5285e905f
Strict-Transport-Security: max-age=0; includeSubdomains
fixedencampment.com/ren.gif?sid=H4sIAAAAAAAC%2F1RSz2skRRit3h1B9LLKXgQPgwdRWCfd8yOTccHFuEaCMYm7KznXr56Uqe5qqrqnJzllXdA9juBh9dR5k2wwhsX9AxSZeFmCSuYiATd7FI8iLOJJZjIw%2BkH397563%2BG9V%2FXpTnZGAmT0dPUDs6W0pjONil9%2BbU3FwuSuvHyrHPgV%2F2p5TcWz9avl7uhnO28GfqPiv15%2BT%2FINM1P1A98P%2FKC8oKwMTXdmzEIlh62g0vIr9WolaNTRtf%2BfXebBUQ%2Bic0ZehBLDZ9YfPYTiA8TRt9el20hNcuXdKNM0NRYdsf9RvBGbPEY0haH1EMb7k20YNyTk3gWYeH%2FiAKazO3IApobE%2BzUAi%2FcnMsE6e%2BdKmYaMwcTzyDsDSD2AogNwcwdKnBCACyyvII7uLxub081zlo7YISk9%2FQsqH5LS48uIowfzWnXLN43OUmVih25YQHUHUO0BkuwI6ZYHlR%2BBp59AiZ%2FJzNMlxNHuitMGShRj90oNoMIBtOyBOg%2FZ6FMestBDlniIxGmZNlqh7zdDFtZqc3XOea3GeWNuVjRErT4X%2Bsj4SF4PadID1z1wu43EbmNDfX5CDmCzH%2BDWCzjhwaVD4n24jY4okEuC3BHklCBXBHlKkHeKPaFd1RX3hXYZCya9Oum1om%2FS9g7dM2lbxgTU9naSM%2FLCOJ5%2Ffr%2BHDXlaDmvVhuBVJrhoMer7NOC1kDdD1gxaYWuWwqkCyl0YO95SQ3L5rSdI1JBcuNIFo0dw%2BghcXQLNAtC836z6oOv9%2BpyPrfjBuoxTqt5QUbvCTQRhCiRpCemmt6PPyEtjJa9cfALJj68dvHz4bPDqH%2BC2QGILfKx%2BJGjru%2F0bJie7N0zuyMOVJFWR2qKjS7yZ0lRePHhfbubGisXrrvf123xEjODhLenSJRoLFbcd%2BWZeCSHtgrFcku8W3Zpkq5lbn89snCVLq%2B8sLEaJlc4pEw9A1cnK3%2BBqSEq3vx8%2Fz0s%2FfQZlB7BZgSg7JpOCMkfgyTZcMlXvDIHV0x2WlJBnRd9W2fRQKwItpzNlBdx%2FZjbFO%2B4u2rYEmt5BHBXo2AIdXYDqHlz2XD9N7PG1R1%2BO6iswXeozbUu7TFv9xSjax0PSvP3nCP12nrRTp2XZCP1Q%2BlXJwhYLm9QXrbDeYrQVyCZr0ACpG0qz%2Bsu%2FAAAA%2F%2F8BAAD%2F%2F%2B6%2FtoeFBAAA
7 B URL fixedencampment.com/ren.gif?sid=H4sIAAAAAAAC%2F1RSz2skRRit3h1B9LLKXgQPgwdRWCfd8yOTccHFuEaCMYm7KznXr56Uqe5qqrqnJzllXdA9juBh9dR5k2wwhsX9AxSZeFmCSuYiATd7FI8iLOJJZjIw%2BkH397563%2BG9V%2FXpTnZGAmT0dPUDs6W0pjONil9%2BbU3FwuSuvHyrHPgV%2F2p5TcWz9avl7uhnO28GfqPiv15%2BT%2FINM1P1A98P%2FKC8oKwMTXdmzEIlh62g0vIr9WolaNTRtf%2BfXebBUQ%2Bic0ZehBLDZ9YfPYTiA8TRt9el20hNcuXdKNM0NRYdsf9RvBGbPEY0haH1EMb7k20YNyTk3gWYeH%2FiAKazO3IApobE%2BzUAi%2FcnMsE6e%2BdKmYaMwcTzyDsDSD2AogNwcwdKnBCACyyvII7uLxub081zlo7YISk9%2FQsqH5LS48uIowfzWnXLN43OUmVih25YQHUHUO0BkuwI6ZYHlR%2BBp59AiZ%2FJzNMlxNHuitMGShRj90oNoMIBtOyBOg%2FZ6FMestBDlniIxGmZNlqh7zdDFtZqc3XOea3GeWNuVjRErT4X%2Bsj4SF4PadID1z1wu43EbmNDfX5CDmCzH%2BDWCzjhwaVD4n24jY4okEuC3BHklCBXBHlKkHeKPaFd1RX3hXYZCya9Oum1om%2FS9g7dM2lbxgTU9naSM%2FLCOJ5%2Ffr%2BHDXlaDmvVhuBVJrhoMer7NOC1kDdD1gxaYWuWwqkCyl0YO95SQ3L5rSdI1JBcuNIFo0dw%2BghcXQLNAtC836z6oOv9%2BpyPrfjBuoxTqt5QUbvCTQRhCiRpCemmt6PPyEtjJa9cfALJj68dvHz4bPDqH%2BC2QGILfKx%2BJGjru%2F0bJie7N0zuyMOVJFWR2qKjS7yZ0lRePHhfbubGisXrrvf123xEjODhLenSJRoLFbcd%2BWZeCSHtgrFcku8W3Zpkq5lbn89snCVLq%2B8sLEaJlc4pEw9A1cnK3%2BBqSEq3vx8%2Fz0s%2FfQZlB7BZgSg7JpOCMkfgyTZcMlXvDIHV0x2WlJBnRd9W2fRQKwItpzNlBdx%2FZjbFO%2B4u2rYEmt5BHBXo2AIdXYDqHlz2XD9N7PG1R1%2BO6iswXeozbUu7TFv9xSjax0PSvP3nCP12nrRTp2XZCP1Q%2BlXJwhYLm9QXrbDeYrQVyCZr0ACpG0qz%2Bsu%2FAAAA%2F%2F8BAAD%2F%2F%2B6%2FtoeFBAAA
IP
ASN #39572 DataWeb Global Group B.V.
File type ASCII text, with no line terminators
Hash 132d6af1b46048b45cf86cdee7991d31
eb7007d03d59b65bc6da7e098c4d38fc6dfb6285
ab852e838deccd742a03ca81d4a8d75cf1a00b327db3eaf46bd7da6b6db9384c
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /ren.gif?sid=H4sIAAAAAAAC%2F1RSz2skRRit3h1B9LLKXgQPgwdRWCfd8yOTccHFuEaCMYm7KznXr56Uqe5qqrqnJzllXdA9juBh9dR5k2wwhsX9AxSZeFmCSuYiATd7FI8iLOJJZjIw%2BkH397563%2BG9V%2FXpTnZGAmT0dPUDs6W0pjONil9%2BbU3FwuSuvHyrHPgV%2F2p5TcWz9avl7uhnO28GfqPiv15%2BT%2FINM1P1A98P%2FKC8oKwMTXdmzEIlh62g0vIr9WolaNTRtf%2BfXebBUQ%2Bic0ZehBLDZ9YfPYTiA8TRt9el20hNcuXdKNM0NRYdsf9RvBGbPEY0haH1EMb7k20YNyTk3gWYeH%2FiAKazO3IApobE%2BzUAi%2FcnMsE6e%2BdKmYaMwcTzyDsDSD2AogNwcwdKnBCACyyvII7uLxub081zlo7YISk9%2FQsqH5LS48uIowfzWnXLN43OUmVih25YQHUHUO0BkuwI6ZYHlR%2BBp59AiZ%2FJzNMlxNHuitMGShRj90oNoMIBtOyBOg%2FZ6FMestBDlniIxGmZNlqh7zdDFtZqc3XOea3GeWNuVjRErT4X%2Bsj4SF4PadID1z1wu43EbmNDfX5CDmCzH%2BDWCzjhwaVD4n24jY4okEuC3BHklCBXBHlKkHeKPaFd1RX3hXYZCya9Oum1om%2FS9g7dM2lbxgTU9naSM%2FLCOJ5%2Ffr%2BHDXlaDmvVhuBVJrhoMer7NOC1kDdD1gxaYWuWwqkCyl0YO95SQ3L5rSdI1JBcuNIFo0dw%2BghcXQLNAtC836z6oOv9%2BpyPrfjBuoxTqt5QUbvCTQRhCiRpCemmt6PPyEtjJa9cfALJj68dvHz4bPDqH%2BC2QGILfKx%2BJGjru%2F0bJie7N0zuyMOVJFWR2qKjS7yZ0lRePHhfbubGisXrrvf123xEjODhLenSJRoLFbcd%2BWZeCSHtgrFcku8W3Zpkq5lbn89snCVLq%2B8sLEaJlc4pEw9A1cnK3%2BBqSEq3vx8%2Fz0s%2FfQZlB7BZgSg7JpOCMkfgyTZcMlXvDIHV0x2WlJBnRd9W2fRQKwItpzNlBdx%2FZjbFO%2B4u2rYEmt5BHBXo2AIdXYDqHlz2XD9N7PG1R1%2BO6iswXeozbUu7TFv9xSjax0PSvP3nCP12nrRTp2XZCP1Q%2BlXJwhYLm9QXrbDeYrQVyCZr0ACpG0qz%2Bsu%2FAAAA%2F%2F8BAAD%2F%2F%2B6%2FtoeFBAAA HTTP/1.1
Host: fixedencampment.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://fr.hentai-img.com/
Cookie: u_pl=16443288; pdhtkv=true; uncs=1; pdhtkv49=true; uncs49=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Tue, 05 Dec 2023 16:33:21 GMT
Content-Type: image/gif
Content-Length: 7
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: f35a3c00fe36afd24b75b9cacbe311d7
Strict-Transport-Security: max-age=0; includeSubdomains
static.hentai-img.com/css/common/awesome/fonts/fontawesome-webfont.ttf?v=4.7.0
185 kB URL static.hentai-img.com/css/common/awesome/fonts/fontawesome-webfont.ttf?v=4.7.0
IP
File type HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with CRLF line terminators
Size 185 kB (185289 bytes)
Hash 370e16c3b7dba286cff055f93b9a94d8
65f3537c3c798f7da146c55aef536f7b5d0cb943
d465172175d35d493fb1633e237700022bd849fa123164790b168b8318acb090
GET /css/common/awesome/fonts/fontawesome-webfont.ttf?v=4.7.0 HTTP/1.1
Host: static.hentai-img.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://fr.hentai-img.com
DNT: 1
Connection: keep-alive
Referer: https://static.hentai-img.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 404 Not Found
date: Tue, 05 Dec 2023 16:33:18 GMT
content-type: text/html
cache-control: max-age=31536000
cf-cache-status: HIT
age: 56
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=DY%2BEZg%2BLMyi2eH%2FZlIQsTLHjgsnb1GSxY1I4BpBC8nYirQSYeHUwsKbcVT20R%2BKT45cHzfTlf3J148oRMaylIBNDG0SPGWCg1SphUUjNJ%2F3J4NHBlQ0hRyJ4CVQCgZ5BrCb%2FqCLT6Aw%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 830db0ab2c1c88bc-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400
poweredby.jads.co/js/jads2.js
200 OK 1.7 kB URL GET HTTP/1.1 poweredby.jads.co/js/jads2.js
IP
Requested by https://fr.hentai-img.com/image/-ntr-/page/6/
Certificate IssuerSectigo Limited
Subject*.jads.co
Fingerprint9E:B2:20:AC:19:4B:72:8F:12:D9:D6:5A:6A:B5:BE:EE:46:13:48:EB
ValidityMon, 26 Dec 2022 00:00:00 GMT - Fri, 26 Jan 2024 23:59:59 GMT
File type ASCII text, with very long lines (3758), with no line terminators
Hash bc8141c4650030c41f6a98026b12ce80
af5618f7e467a207d4c64627be580283ab5640cd
5ad0b5133e45b32908a388c8c6dcfca2c23d1d9d3e2ed6a839a742bab1ffde51
GET /js/jads2.js HTTP/1.1
Host: poweredby.jads.co
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://fr.hentai-img.com/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Tue, 05 Dec 2023 16:33:21 GMT
Content-Type: application/x-javascript
Last-Modified: Wed, 20 Sep 2023 21:26:09 GMT
Transfer-Encoding: chunked
Connection: close
ETag: W/"650b6371-eae"
Content-Encoding: gzip
static.eabids.com/data/bannerpools/112022/34512.gif
200 OK 18 kB URL GET HTTP/2 static.eabids.com/data/bannerpools/112022/34512.gif
IP
Requested by https://fr.hentai-img.com/image/-ntr-/page/6/
Certificate IssuerLet's Encrypt
Subjectstatic.eabids.com
FingerprintE9:DD:1B:37:D8:1B:5D:D5:D9:23:EC:67:54:40:A0:7E:A7:02:D3:7F
ValidityThu, 05 Oct 2023 21:00:19 GMT - Wed, 03 Jan 2024 21:00:18 GMT
File type GIF image data, version 89a, 728 x 120\012- data
Hash 0449e5bc03ecf6f1c6620b9c9f3b975e
ff9561dcc0f9d775bfb2714249a9cad7c4fd476e
8becdf579d9dab0bbe69c75e155f4f684d64379f486194b7dcc4dcf2d4a60d82
GET /data/bannerpools/112022/34512.gif HTTP/1.1
Host: static.eabids.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://fr.hentai-img.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Tue, 05 Dec 2023 16:33:21 GMT
content-type: image/gif
content-length: 17643
last-modified: Thu, 28 Apr 2022 13:46:05 GMT
etag: "626a9a9d-44eb"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-backend-server: nl2-static-221
accept-ranges: bytes
X-Firefox-Spdy: h2
poweredby.jads.co/js/jads2.js
200 OK 1.7 kB URL GET HTTP/1.1 poweredby.jads.co/js/jads2.js
IP
Requested by https://fr.hentai-img.com/image/-ntr-/page/6/
Certificate IssuerSectigo Limited
Subject*.jads.co
Fingerprint9E:B2:20:AC:19:4B:72:8F:12:D9:D6:5A:6A:B5:BE:EE:46:13:48:EB
ValidityMon, 26 Dec 2022 00:00:00 GMT - Fri, 26 Jan 2024 23:59:59 GMT
File type ASCII text, with very long lines (3758), with no line terminators
Hash bc8141c4650030c41f6a98026b12ce80
af5618f7e467a207d4c64627be580283ab5640cd
5ad0b5133e45b32908a388c8c6dcfca2c23d1d9d3e2ed6a839a742bab1ffde51
GET /js/jads2.js HTTP/1.1
Host: poweredby.jads.co
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://fr.hentai-img.com/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Tue, 05 Dec 2023 16:33:21 GMT
Content-Type: application/x-javascript
Last-Modified: Wed, 20 Sep 2023 21:26:09 GMT
Transfer-Encoding: chunked
Connection: close
ETag: W/"650b6371-eae"
Content-Encoding: gzip
poweredby.jads.co/js/jads2.js
200 OK 1.7 kB URL GET HTTP/1.1 poweredby.jads.co/js/jads2.js
IP
Requested by https://fr.hentai-img.com/image/-ntr-/page/6/
Certificate IssuerSectigo Limited
Subject*.jads.co
Fingerprint9E:B2:20:AC:19:4B:72:8F:12:D9:D6:5A:6A:B5:BE:EE:46:13:48:EB
ValidityMon, 26 Dec 2022 00:00:00 GMT - Fri, 26 Jan 2024 23:59:59 GMT
File type ASCII text, with very long lines (3758), with no line terminators
Hash bc8141c4650030c41f6a98026b12ce80
af5618f7e467a207d4c64627be580283ab5640cd
5ad0b5133e45b32908a388c8c6dcfca2c23d1d9d3e2ed6a839a742bab1ffde51
GET /js/jads2.js HTTP/1.1
Host: poweredby.jads.co
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://fr.hentai-img.com/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Tue, 05 Dec 2023 16:33:21 GMT
Content-Type: application/x-javascript
Last-Modified: Wed, 20 Sep 2023 21:26:09 GMT
Transfer-Encoding: chunked
Connection: close
ETag: W/"650b6371-eae"
Content-Encoding: gzip
cdn.cloudimagesb.com/bi/55/e7/b7/55e7b7bf9ef370379f58afe9ee34889d/1682513195.gif
69 kB URL cdn.cloudimagesb.com/bi/55/e7/b7/55e7b7bf9ef370379f58afe9ee34889d/1682513195.gif
IP
ASN #39572 DataWeb Global Group B.V.
Certificate IssuerLet's Encrypt
Subjectcdn.cloudimagesb.com
Fingerprint71:EC:C0:22:20:76:60:90:92:4C:5C:F3:AD:17:3C:41:B5:00:25:AF
ValidityThu, 23 Nov 2023 05:00:53 GMT - Wed, 21 Feb 2024 05:00:52 GMT
File type GIF image data, version 89a, 300 x 250\012- data
Hash 8da7999d2d8323a86ce9b7c4a60c2532
105f51a54d08d729aef6841b42e730ac81dd569c
e6a9ebb6d6f54889e03595906ef4d38c6b30fae0b9fdc9ba53885c5ee8cdf701
GET /bi/55/e7/b7/55e7b7bf9ef370379f58afe9ee34889d/1682513195.gif HTTP/1.1
Host: cdn.cloudimagesb.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Tue, 05 Dec 2023 16:33:21 GMT
content-type: image/gif
content-length: 69110
server: nginx/1.21.6
last-modified: Wed, 26 Apr 2023 12:46:44 GMT
etag: "64491d34-10df6"
expires: Thu, 07 Dec 2023 16:33:21 GMT
cache-control: max-age=172800
x-proxy-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
poweredby.jads.co/js/jads2.js
200 OK 1.7 kB URL GET HTTP/1.1 poweredby.jads.co/js/jads2.js
IP
Requested by https://fr.hentai-img.com/image/-ntr-/page/6/
Certificate IssuerSectigo Limited
Subject*.jads.co
Fingerprint9E:B2:20:AC:19:4B:72:8F:12:D9:D6:5A:6A:B5:BE:EE:46:13:48:EB
ValidityMon, 26 Dec 2022 00:00:00 GMT - Fri, 26 Jan 2024 23:59:59 GMT
File type ASCII text, with very long lines (3758), with no line terminators
Hash bc8141c4650030c41f6a98026b12ce80
af5618f7e467a207d4c64627be580283ab5640cd
5ad0b5133e45b32908a388c8c6dcfca2c23d1d9d3e2ed6a839a742bab1ffde51
GET /js/jads2.js HTTP/1.1
Host: poweredby.jads.co
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://fr.hentai-img.com/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Tue, 05 Dec 2023 16:33:22 GMT
Content-Type: application/x-javascript
Last-Modified: Wed, 20 Sep 2023 21:26:09 GMT
Transfer-Encoding: chunked
Connection: close
ETag: W/"650b6371-eae"
Content-Encoding: gzip
poweredby.jads.co/adshow.php?adzone=681607
200 OK 1.7 kB URL GET HTTP/1.1 poweredby.jads.co/adshow.php?adzone=681607
IP
Requested by https://fr.hentai-img.com/image/-ntr-/page/6/
Certificate IssuerSectigo Limited
Subject*.jads.co
Fingerprint9E:B2:20:AC:19:4B:72:8F:12:D9:D6:5A:6A:B5:BE:EE:46:13:48:EB
ValidityMon, 26 Dec 2022 00:00:00 GMT - Fri, 26 Jan 2024 23:59:59 GMT
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with very long lines (423), with CRLF, LF line terminators
Hash 0bddeb8dd2f8f918ec04ff0619f6938b
87bbcc8338c84f20591d00b6d78123af3f21b9d5
b126480a4ffbb1f1fd858250c14ec296935540ec8933aeb90d25d98e99087990
GET /adshow.php?adzone=681607 HTTP/1.1
Host: poweredby.jads.co
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://fr.hentai-img.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Tue, 05 Dec 2023 16:33:22 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: close
X-Powered-By: PHP/5.6.40
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CUR OUR IND STA"
Set-Cookie: surferid=0967ca38fe05b367a3922976fea84dce; expires=Wed, 04-Dec-2024 16:33:22 GMT; Max-Age=31536000; path=/; SameSite=None; Secure; domain=.jads.co
imps30553=1; expires=Wed, 06-Dec-2023 16:33:22 GMT; Max-Age=86400; path=/; SameSite=None; Secure; domain=.jads.co
juicy_data_1=YToxOntpOjcxMzIzMztpOjE3MDIwNTMyMDI7fQ%3D%3D; expires=Fri, 08-Dec-2023 16:33:22 GMT; Max-Age=259200; path=/; SameSite=None; Secure; domain=jads.co
juicy_data=YToxOntzOjEyOiJqdWljeV9kYXRhXzEiO3M6MToiMSI7fQ%3D%3D; expires=Fri, 08-Dec-2023 16:33:22 GMT; Max-Age=259200; path=/; SameSite=None; Secure; domain=jads.co
Content-Encoding: gzip
lcdn.tsyndicate.com/sdk/v1/b.b.js
200 OK 2.6 kB URL GET HTTP/2 lcdn.tsyndicate.com/sdk/v1/b.b.js
IP
Requested by https://tsyndicate.com/iframes2/449e4fe3501746fda88f88df1f88ddf7.html?keywords=%E2%9D%A4%EF%B8%8F%20NTR%20%E2%9D%A4%EF%B8%8F%20-%206&subid=1863026-2407948-32-30-0-windows-windows%2B10-no&adb=0&clientjs=1&w=1280&h=1024&tz=0
Certificate IssuerSectigo Limited
Subjectlcdn.tsyndicate.com
FingerprintAA:DB:E6:65:05:5A:83:46:D1:77:83:25:84:3D:B2:B5:F5:99:97:00
ValidityWed, 08 Mar 2023 00:00:00 GMT - Sun, 07 Apr 2024 23:59:59 GMT
File type ASCII text, with very long lines (2590)
Hash b0a8eae036a72f605538b002e33f7023
5916ea9eeb0b676d6f44637601c40d0dc69542d1
7b9affd37cf01ac1a4c5f4a4ccb1936f0412ff771fb24e36a55682d2bf0ac554
GET /sdk/v1/b.b.js HTTP/1.1
Host: lcdn.tsyndicate.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://tsyndicate.com/
Cookie: ts_uid=3ae539e5-1caa-4d4f-b769-a0fc7d9fd7f7
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Tue, 05 Dec 2023 16:33:22 GMT
content-type: application/javascript
content-length: 2640
server: nginx
last-modified: Tue, 25 Jul 2023 12:28:26 GMT
x-robots-tag: noindex, nofollow
vary: Accept-Encoding
etag: W/"64bfbfea-1f37"
content-encoding: gzip
age: 10782590
accept-ranges: bytes
X-Firefox-Spdy: h2
poweredby.jads.co/adshow.php?adzone=681607
200 OK 1.8 kB URL GET HTTP/1.1 poweredby.jads.co/adshow.php?adzone=681607
IP
Requested by https://fr.hentai-img.com/image/-ntr-/page/6/
Certificate IssuerSectigo Limited
Subject*.jads.co
Fingerprint9E:B2:20:AC:19:4B:72:8F:12:D9:D6:5A:6A:B5:BE:EE:46:13:48:EB
ValidityMon, 26 Dec 2022 00:00:00 GMT - Fri, 26 Jan 2024 23:59:59 GMT
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (1626), with CRLF, LF line terminators
Hash 875e595ea367ea4956abf472cb8160b6
1a48b81e5dea53999e85988fb2e42dc5c1edcd6f
4dc1966225e7a04ff5a4719e73ea45684a972a961e66744443faae1096e857b2
GET /adshow.php?adzone=681607 HTTP/1.1
Host: poweredby.jads.co
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://fr.hentai-img.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Tue, 05 Dec 2023 16:33:22 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: close
X-Powered-By: PHP/5.6.40
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CUR OUR IND STA"
Set-Cookie: surferid=0967ca38fe05b367a3922976fea84dce; expires=Wed, 04-Dec-2024 16:33:22 GMT; Max-Age=31536000; path=/; SameSite=None; Secure; domain=.jads.co
imps30553=1; expires=Wed, 06-Dec-2023 16:33:22 GMT; Max-Age=86400; path=/; SameSite=None; Secure; domain=.jads.co
juicy_data_1=YToxOntpOjcxMzIzMztpOjE3MDIwNTMyMDI7fQ%3D%3D; expires=Fri, 08-Dec-2023 16:33:22 GMT; Max-Age=259200; path=/; SameSite=None; Secure; domain=jads.co
juicy_data=YToxOntzOjEyOiJqdWljeV9kYXRhXzEiO3M6MToiMSI7fQ%3D%3D; expires=Fri, 08-Dec-2023 16:33:22 GMT; Max-Age=259200; path=/; SameSite=None; Secure; domain=jads.co
Content-Encoding: gzip
lby2kd27c.com/get/1863026?zoneid=1863026&jp=_cls3cc0r3zmril9qy68cwq&nojs=0&abvar=0&febuild=1.0.179&t=0&wcks=1&wgl=0&cnvs=1&os=0&ss=1&ls=1&bb=0&plu=PDF%20Viewer::Chrome%20PDF%20Viewer::Chromium%20PDF%20Viewer::Microsoft%20Edge%20PDF%20Viewer::WebKit%20built-in%20PDF&lang=en-US&pf=Linux%20x86_64&cd=24&ix=0&x=1280&y=1024&md=0&afid=1518903655583744&eclog=0&sp=1&im=1&freq=1
1.9 kB URL lby2kd27c.com/get/1863026?zoneid=1863026&jp=_cls3cc0r3zmril9qy68cwq&nojs=0&abvar=0&febuild=1.0.179&t=0&wcks=1&wgl=0&cnvs=1&os=0&ss=1&ls=1&bb=0&plu=PDF%20Viewer::Chrome%20PDF%20Viewer::Chromium%20PDF%20Viewer::Microsoft%20Edge%20PDF%20Viewer::WebKit%20built-in%20PDF&lang=en-US&pf=Linux%20x86_64&cd=24&ix=0&x=1280&y=1024&md=0&afid=1518903655583744&eclog=0&sp=1&im=1&freq=1
IP
Certificate IssuerBuypass AS-983163327
Subject
Fingerprint18:D4:50:75:16:D3:07:57:A9:86:F3:0E:99:AF:B9:B5:11:0D:0D:A4
ValiditySat, 28 Oct 2023 13:43:07 GMT - Wed, 24 Apr 2024 21:59:00 GMT
File type gzip compressed data, from Unix\012- data
Hash b1f3efa7c7b3a258ae413ba595992d32
89ec2fe2134bf2ef14a63906a8ab898ccc33c2c6
b563b48bfc661dd930dadc2710c0f7e5087dbefe620a4f359856f65fd80022e3
GET /get/1863026?zoneid=1863026&jp=_cls3cc0r3zmril9qy68cwq&nojs=0&abvar=0&febuild=1.0.179&t=0&wcks=1&wgl=0&cnvs=1&os=0&ss=1&ls=1&bb=0&plu=PDF%20Viewer::Chrome%20PDF%20Viewer::Chromium%20PDF%20Viewer::Microsoft%20Edge%20PDF%20Viewer::WebKit%20built-in%20PDF&lang=en-US&pf=Linux%20x86_64&cd=24&ix=0&x=1280&y=1024&md=0&afid=1518903655583744&eclog=0&sp=1&im=1&freq=1 HTTP/1.1
Host: lby2kd27c.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://fr.hentai-img.com/
Cookie: CHCK=1; UID=2312051133e07181d8e1cf45dd8fd216ffe5
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 05 Dec 2023 16:33:20 GMT
content-type: text/javascript; charset=utf-8
vary: Accept-Encoding
x-route-id: config
set-cookie: CHCK=1; Path=/; Expires=Tue, 07 Jan 2025 16:33:20 GMT; Secure; SameSite=None
content-encoding: gzip
timing-allow-origin: *
accept-ch: sec-ch-ua-wow64,sec-ch-ua-full-version-list,sec-ch-ua,sec-ch-ua-platform,sec-ch-ua-mobile,sec-ch-ua-full-version,sec-ch-ua-platform-version,sec-ch-ua-arch,sec-ch-ua-bitness,sec-ch-ua-model,sec-ch-width,sec-ch-viewport-width,sec-ch-viewport-height,sec-ch-dpr,sec-ch-device-memory,sec-ch-rtt,sec-ch-prefers-color-scheme,sec-ch-prefers-reduced-motion,sec-ch-prefers-reduced-transparency,sec-ch-prefers-contrast,sec-ch-forced-colors,sec-ch-prefers-reduced-data
X-Firefox-Spdy: h2
lcdn.tsyndicate.com/sdk/v1/b.b.js
200 OK 2.6 kB URL GET HTTP/2 lcdn.tsyndicate.com/sdk/v1/b.b.js
IP
Requested by https://tsyndicate.com/iframes2/449e4fe3501746fda88f88df1f88ddf7.html?keywords=%E2%9D%A4%EF%B8%8F%20NTR%20%E2%9D%A4%EF%B8%8F%20-%206&subid=1863026-2407948-32-30-0-windows-windows%2B10-no&adb=0&clientjs=1&w=1280&h=1024&tz=0
Certificate IssuerSectigo Limited
Subjectlcdn.tsyndicate.com
FingerprintAA:DB:E6:65:05:5A:83:46:D1:77:83:25:84:3D:B2:B5:F5:99:97:00
ValidityWed, 08 Mar 2023 00:00:00 GMT - Sun, 07 Apr 2024 23:59:59 GMT
File type ASCII text, with very long lines (2590)
Hash b0a8eae036a72f605538b002e33f7023
5916ea9eeb0b676d6f44637601c40d0dc69542d1
7b9affd37cf01ac1a4c5f4a4ccb1936f0412ff771fb24e36a55682d2bf0ac554
GET /sdk/v1/b.b.js HTTP/1.1
Host: lcdn.tsyndicate.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://tsyndicate.com/
Cookie: ts_uid=3ae539e5-1caa-4d4f-b769-a0fc7d9fd7f7
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Tue, 05 Dec 2023 16:33:22 GMT
content-type: application/javascript
content-length: 2640
server: nginx
last-modified: Tue, 25 Jul 2023 12:28:26 GMT
x-robots-tag: noindex, nofollow
vary: Accept-Encoding
etag: W/"64bfbfea-1f37"
content-encoding: gzip
age: 10782590
accept-ranges: bytes
X-Firefox-Spdy: h2
sensualtestresume.com/sbar.json?key=a7bf874835d806f885e035b6acb3f0eb&uuid=8325fdb6-4dc6-407a-8a3e-13c934c97f16%3A3%3A1
4.5 kB URL sensualtestresume.com/sbar.json?key=a7bf874835d806f885e035b6acb3f0eb&uuid=8325fdb6-4dc6-407a-8a3e-13c934c97f16%3A3%3A1
IP
ASN #39572 DataWeb Global Group B.V.
File type JSON data\012- , Unicode text, UTF-8 text, with very long lines (7832), with no line terminators
Hash e28104ac08fe7b79d8fbb429859f85e4
79471f06e6152686663d9cd845de6ce0ef2592de
82f2ef647ae45f8b6a3e73e0b4035a8aa6ec09166c53d81a93dd2f7556173e73
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /sbar.json?key=a7bf874835d806f885e035b6acb3f0eb&uuid=8325fdb6-4dc6-407a-8a3e-13c934c97f16%3A3%3A1 HTTP/1.1
Host: sensualtestresume.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://fr.hentai-img.com
DNT: 1
Connection: keep-alive
Referer: https://fr.hentai-img.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Tue, 05 Dec 2023 16:33:22 GMT
Content-Type: text/plain; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: https://fr.hentai-img.com
Access-Control-Allow-Origin: https://fr.hentai-img.com
Access-Control-Allow-Credentials: true
Set-Cookie: u_pl=16484303; expires=Wed, 06 Dec 2023 16:33:21 GMT; secure; SameSite=None
uid_id2=8325fdb6-4dc6-407a-8a3e-13c934c97f16:3:1; expires=Tue, 12 Dec 2023 16:33:21 GMT; secure; SameSite=None
pdhtkv=true; expires=Wed, 06 Dec 2023 16:33:22 GMT; secure; SameSite=None
uncs=1; expires=Wed, 06 Dec 2023 16:33:22 GMT; secure; SameSite=None
pdhtkv29=true; expires=Wed, 06 Dec 2023 16:33:22 GMT; secure; SameSite=None
uncs29=1; expires=Wed, 06 Dec 2023 16:33:22 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 4ad44b6bba16f3a6c5bd514b1922a7d5
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
lcdn.tsyndicate.com/sdk/v1/b.b.js
200 OK 2.6 kB URL GET HTTP/2 lcdn.tsyndicate.com/sdk/v1/b.b.js
IP
Requested by https://tsyndicate.com/iframes2/449e4fe3501746fda88f88df1f88ddf7.html?keywords=%E2%9D%A4%EF%B8%8F%20NTR%20%E2%9D%A4%EF%B8%8F%20-%206&subid=1863026-2407948-32-30-0-windows-windows%2B10-no&adb=0&clientjs=1&w=1280&h=1024&tz=0
Certificate IssuerSectigo Limited
Subjectlcdn.tsyndicate.com
FingerprintAA:DB:E6:65:05:5A:83:46:D1:77:83:25:84:3D:B2:B5:F5:99:97:00
ValidityWed, 08 Mar 2023 00:00:00 GMT - Sun, 07 Apr 2024 23:59:59 GMT
File type ASCII text, with very long lines (2590)
Hash b0a8eae036a72f605538b002e33f7023
5916ea9eeb0b676d6f44637601c40d0dc69542d1
7b9affd37cf01ac1a4c5f4a4ccb1936f0412ff771fb24e36a55682d2bf0ac554
GET /sdk/v1/b.b.js HTTP/1.1
Host: lcdn.tsyndicate.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://tsyndicate.com/
Cookie: ts_uid=3ae539e5-1caa-4d4f-b769-a0fc7d9fd7f7
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Tue, 05 Dec 2023 16:33:22 GMT
content-type: application/javascript
content-length: 2640
server: nginx
last-modified: Tue, 25 Jul 2023 12:28:26 GMT
x-robots-tag: noindex, nofollow
vary: Accept-Encoding
etag: W/"64bfbfea-1f37"
content-encoding: gzip
age: 10782590
accept-ranges: bytes
X-Firefox-Spdy: h2
archaicin.com/pixel/purst?dl=0&th=0&sc=0&rs=12196&rd=12196&fd=703&bv=23.12.v.1&tmpl=136
0 B URL archaicin.com/pixel/purst?dl=0&th=0&sc=0&rs=12196&rd=12196&fd=703&bv=23.12.v.1&tmpl=136
IP
ASN #39572 DataWeb Global Group B.V.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /pixel/purst?dl=0&th=0&sc=0&rs=12196&rd=12196&fd=703&bv=23.12.v.1&tmpl=136 HTTP/1.1
Host: archaicin.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://fr.hentai-img.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Tue, 05 Dec 2023 16:33:22 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
i.jads.co/network/user22416/30553-1544525888-0100799001544525888.png
200 OK 60 kB URL GET HTTP/1.1 i.jads.co/network/user22416/30553-1544525888-0100799001544525888.png
IP
Requested by https://poweredby.jads.co/adshow.php?adzone=681607
Certificate IssuerSectigo Limited
Subject*.jads.co
Fingerprint9E:B2:20:AC:19:4B:72:8F:12:D9:D6:5A:6A:B5:BE:EE:46:13:48:EB
ValidityMon, 26 Dec 2022 00:00:00 GMT - Fri, 26 Jan 2024 23:59:59 GMT
File type PNG image data, 300 x 250, 8-bit/color RGBA, non-interlaced\012- data
Hash eef1c64ef9fc090e6e69a494e3799f21
aa78cbfe45395398eaa598f101e775f7c1e7912d
f95f832186fa40bceb4ea76af521bdf040c6e5cac6e54a48c0f10ef93dd35b7c
GET /network/user22416/30553-1544525888-0100799001544525888.png HTTP/1.1
Host: i.jads.co
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://poweredby.jads.co/
Cookie: surferid=0967ca38fe05b367a3922976fea84dce; imps30553=1; juicy_data_1=YToxOntpOjcxMzIzMztpOjE3MDIwNTMyMDI7fQ%3D%3D; juicy_data=YToxOntzOjEyOiJqdWljeV9kYXRhXzEiO3M6MToiMSI7fQ%3D%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Tue, 05 Dec 2023 16:33:22 GMT
Connection: Keep-Alive
ETag: "1544525888"
Cache-Control: max-age=22518107
Content-Length: 59543
Content-Type: image/png
Last-Modified: Tue, 11 Dec 2018 10:58:08 GMT
Accept-Ranges: bytes
X-HW: 1701794002.dop209.sk1.t,1701794002.cds249.sk1.shn,1701794002.dop209.sk1.t,1701794002.cds222.sk1.c
i.jads.co/network/user22416/30553-1544525888-0100799001544525888.png
200 OK 60 kB URL GET HTTP/1.1 i.jads.co/network/user22416/30553-1544525888-0100799001544525888.png
IP
Requested by https://poweredby.jads.co/adshow.php?adzone=681607
Certificate IssuerSectigo Limited
Subject*.jads.co
Fingerprint9E:B2:20:AC:19:4B:72:8F:12:D9:D6:5A:6A:B5:BE:EE:46:13:48:EB
ValidityMon, 26 Dec 2022 00:00:00 GMT - Fri, 26 Jan 2024 23:59:59 GMT
File type PNG image data, 300 x 250, 8-bit/color RGBA, non-interlaced\012- data
Hash eef1c64ef9fc090e6e69a494e3799f21
aa78cbfe45395398eaa598f101e775f7c1e7912d
f95f832186fa40bceb4ea76af521bdf040c6e5cac6e54a48c0f10ef93dd35b7c
GET /network/user22416/30553-1544525888-0100799001544525888.png HTTP/1.1
Host: i.jads.co
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://poweredby.jads.co/
Cookie: surferid=0967ca38fe05b367a3922976fea84dce; imps30553=1; juicy_data_1=YToxOntpOjcxMzIzMztpOjE3MDIwNTMyMDI7fQ%3D%3D; juicy_data=YToxOntzOjEyOiJqdWljeV9kYXRhXzEiO3M6MToiMSI7fQ%3D%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Tue, 05 Dec 2023 16:33:22 GMT
Connection: Keep-Alive
ETag: "1544525888"
Cache-Control: max-age=22518107
Content-Length: 59543
Content-Type: image/png
Last-Modified: Tue, 11 Dec 2018 10:58:08 GMT
Accept-Ranges: bytes
X-HW: 1701794002.dop202.sk1.t,1701794002.cds220.sk1.shn,1701794002.dop202.sk1.t,1701794002.cds222.sk1.c
i.jads.co/1x1.gif
28 kB IP
Certificate IssuerSectigo Limited
Subject*.jads.co
Fingerprint9E:B2:20:AC:19:4B:72:8F:12:D9:D6:5A:6A:B5:BE:EE:46:13:48:EB
ValidityMon, 26 Dec 2022 00:00:00 GMT - Fri, 26 Jan 2024 23:59:59 GMT
File type JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 250x250, components 3\012- data
Hash 2acfb73fd2df022a7dad5595adef5bda
939b803ea641bd427b7599f92a816262e7a5bf48
3d4610a2ab69d08e54685d0d3cfcf03ec663bacff8cc89a1e0a2904a7769e641
GET /1x1.gif HTTP/1.1
Host: i.jads.co
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://poweredby.jads.co/
Cookie: surferid=0967ca38fe05b367a3922976fea84dce; imps30553=1; juicy_data_1=YToxOntpOjcxMzIzMztpOjE3MDIwNTMyMDI7fQ%3D%3D; juicy_data=YToxOntzOjEyOiJqdWljeV9kYXRhXzEiO3M6MToiMSI7fQ%3D%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Tue, 05 Dec 2023 16:33:22 GMT
Connection: Keep-Alive
ETag: "1478208967"
Cache-Control: max-age=18483694
Content-Length: 27460
Content-Type: image/jpeg
Last-Modified: Thu, 03 Nov 2016 21:36:07 GMT
Accept-Ranges: bytes
X-HW: 1701794002.dop216.sk1.t,1701794002.cds209.sk1.shn,1701794002.cds209.sk1.c
i.jads.co/network/user22416/30553-1544525888-0100799001544525888.png
200 OK 60 kB URL GET HTTP/1.1 i.jads.co/network/user22416/30553-1544525888-0100799001544525888.png
IP
Requested by https://poweredby.jads.co/adshow.php?adzone=681607
Certificate IssuerSectigo Limited
Subject*.jads.co
Fingerprint9E:B2:20:AC:19:4B:72:8F:12:D9:D6:5A:6A:B5:BE:EE:46:13:48:EB
ValidityMon, 26 Dec 2022 00:00:00 GMT - Fri, 26 Jan 2024 23:59:59 GMT
File type PNG image data, 300 x 250, 8-bit/color RGBA, non-interlaced\012- data
Hash eef1c64ef9fc090e6e69a494e3799f21
aa78cbfe45395398eaa598f101e775f7c1e7912d
f95f832186fa40bceb4ea76af521bdf040c6e5cac6e54a48c0f10ef93dd35b7c
GET /network/user22416/30553-1544525888-0100799001544525888.png HTTP/1.1
Host: i.jads.co
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://poweredby.jads.co/
Cookie: surferid=0967ca38fe05b367a3922976fea84dce; imps30553=1; juicy_data_1=YToxOntpOjcxMzIzMztpOjE3MDIwNTMyMDI7fQ%3D%3D; juicy_data=YToxOntzOjEyOiJqdWljeV9kYXRhXzEiO3M6MToiMSI7fQ%3D%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Tue, 05 Dec 2023 16:33:22 GMT
Connection: Keep-Alive
ETag: "1544525888"
Cache-Control: max-age=22518107
Content-Length: 59543
Content-Type: image/png
Last-Modified: Tue, 11 Dec 2018 10:58:08 GMT
Accept-Ranges: bytes
X-HW: 1701794002.dop229.sk1.t,1701794002.cds251.sk1.shn,1701794002.dop229.sk1.t,1701794002.cds222.sk1.c
go.eabids.com/banner.go?spaceid=5218418
1.3 kB URL go.eabids.com/banner.go?spaceid=5218418
IP
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (1262), with no line terminators
Hash 1d1cf310221040721ba4c75e4e784b35
98f08bf01177f3964e846ba58e4d95e3c4a9b0a6
342eaa867bfe94d3b12a69558d2393c455056d61230df015bc56da8477a32f65
GET /banner.go?spaceid=5218418 HTTP/1.1
Host: go.eabids.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://go.goaserv.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 05 Dec 2023 16:33:22 GMT
content-type: text/html; charset=utf-8
content-length: 1262
expires: Mon, 03 Jul 2001 06:00:00 GMT
last-modified: Janon, 05 12 2023 16:33:22 GMT
cache-control: no-store, no-cache, must-revalidate, max-age=0,post-check=0, pre-check=0
pragma: no-cache
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version-List, Sec-CH-UA-WoW64
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-platform=*, ch-ua-platform-version=*
x-backend-server: nl2-web-201
X-Firefox-Spdy: h2
go.xlivrdr.com/smartpop/128029786fbed96fe880330bb083ecce41e122ba08e2711908bc9493ef368344?userId=ed4e3449202a44afa8131507a9d12a1c962321860e4bfcc2aa1b33a18897b60e&sourceId=271333&memberId=KkpdgH06qm87DdDQ4QntZdIFHTIq8ytA-IOuqM5IJwTA1_9yWpwj3y-5oxvWu2dZx3xlyk8arcoD8e-n-m8xYP5FOIkf6J9irQdWwNeoVjDfxEY_gUIDRUi&p1=3803312&buttonColor=%23930606&liveBadgeColor=%23ff0707
0 B URL GET go.xlivrdr.com/smartpop/128029786fbed96fe880330bb083ecce41e122ba08e2711908bc9493ef368344?userId=ed4e3449202a44afa8131507a9d12a1c962321860e4bfcc2aa1b33a18897b60e&sourceId=271333&memberId=KkpdgH06qm87DdDQ4QntZdIFHTIq8ytA-IOuqM5IJwTA1_9yWpwj3y-5oxvWu2dZx3xlyk8arcoD8e-n-m8xYP5FOIkf6J9irQdWwNeoVjDfxEY_gUIDRUi&p1=3803312&buttonColor=%23930606&liveBadgeColor=%23ff0707
IP
Requested by https://tsyndicate.com/iframes2/449e4fe3501746fda88f88df1f88ddf7.html?keywords=%E2%9D%A4%EF%B8%8F%20NTR%20%E2%9D%A4%EF%B8%8F%20-%206&subid=1863026-2407948-32-30-0-windows-windows%2B10-no&adb=0&clientjs=1&w=1280&h=1024&tz=0
Certificate IssuerCloudflare, Inc.
Subjectxlivrdr.com
FingerprintDA:D9:AC:E4:B1:E8:44:C4:D9:A4:0E:1B:DF:33:4B:24:74:45:7D:0E
ValidityWed, 03 May 2023 00:00:00 GMT - Wed, 01 May 2024 23:59:59 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /smartpop/128029786fbed96fe880330bb083ecce41e122ba08e2711908bc9493ef368344?userId=ed4e3449202a44afa8131507a9d12a1c962321860e4bfcc2aa1b33a18897b60e&sourceId=271333&memberId=KkpdgH06qm87DdDQ4QntZdIFHTIq8ytA-IOuqM5IJwTA1_9yWpwj3y-5oxvWu2dZx3xlyk8arcoD8e-n-m8xYP5FOIkf6J9irQdWwNeoVjDfxEY_gUIDRUi&p1=3803312&buttonColor=%23930606&liveBadgeColor=%23ff0707 HTTP/1.1
Host: go.xlivrdr.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://tsyndicate.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 302 Found
date: Tue, 05 Dec 2023 16:33:22 GMT
content-length: 0
location: https://creative.fxmnba.com/widgets/v4/Universal?action=sbSignupWithModel&buttonColor=%23930606&campaignId=128029786fbed96fe880330bb083ecce41e122ba08e2711908bc9493ef368344&campaignType=smartpop&creativeId=d61a8beea3946d486612a3452b3d53ba84299ee51efd9260534d85230347af08&iterationId=765913&liveBadgeColor=%23ff0707&masterSmartpopId=1914&memberId=KkpdgH06qm87DdDQ4QntZdIFHTIq8ytA-IOuqM5IJwTA1_9yWpwj3y-5oxvWu2dZx3xlyk8arcoD8e-n-m8xYP5FOIkf6J9irQdWwNeoVjDfxEY_gUIDRUi&mlView=1&p1=3803312&quality=240p&ruleId=17&smartpopId=1548&sourceId=271333&usePreroll=0&userId=ed4e3449202a44afa8131507a9d12a1c962321860e4bfcc2aa1b33a18897b60e&variationId=32246&webp=1
access-control-allow-credentials: true
access-control-allow-headers: Content-Type, Content-Length, Accept-Encoding, x-requested-with
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Bitness, Sec-CH-UA-Wow64
cf-cache-status: DYNAMIC
set-cookie: _var=808614.32246_OWQzYzU1NjU=; Path=/; Expires=Thu, 04 Jan 2024 16:33:22 GMT; HttpOnly; SameSite=Strict
__cflb=0H28upDCGznfDm9XVE9SipefN9YVHPpU35DYBUNm19e; SameSite=None; Secure; path=/; expires=Wed, 06-Dec-23 16:33:22 GMT; HttpOnly
server: cloudflare
cf-ray: 830db0c32cbcb503-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
fr.hentai-img.com/favicon.ico
200 OK 43 B URL GET HTTP/3 fr.hentai-img.com/favicon.ico
IP
Requested by https://fr.hentai-img.com/image/-ntr-/page/6/
Certificate IssuerGoogle Trust Services LLC
Subjecthentai-img.com
Fingerprint0C:0F:5D:D5:C9:A9:F5:C7:7D:41:9B:02:8F:21:4E:22:66:97:A6:23
ValiditySat, 21 Oct 2023 10:38:53 GMT - Fri, 19 Jan 2024 10:38:52 GMT
File type GIF image data, version 89a, 1 x 1\012- data
Hash ad4b0f606e0f8465bc4c4c170b37e1a3
50b30fd5f87c85fe5cba2635cb83316ca71250d7
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
GET /favicon.ico HTTP/1.1
Host: fr.hentai-img.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://fr.hentai-img.com/image/-ntr-/page/6/
Cookie: previous_detail=717721; adsense=pc-ca-ipp%3D1701793995; pvcla=1; bnState_1863026={"impressions":3,"delayStarted":0}; _ga_1PLLYQLZ1L=GS1.1.1701794005.1.0.1701794005.60.0.0; _ga=GA1.1.1152631006.1701794005; dom3ic8zudi28v8lr6fgphwffqoz0j6c=8325fdb6-4dc6-407a-8a3e-13c934c97f16%3A3%3A1; pp_main_055652d312c99a6037d12337a6a1a7a4=1; pnState_1989865={"impressions":0,"delayStarted":1701794006491,"page":"/image/-ntr-/page/6/"}; sb_main_a7bf874835d806f885e035b6acb3f0eb=1; sb_count_a7bf874835d806f885e035b6acb3f0eb=1; m5a4xojbcp2nx3gptmm633qal3gzmadn=fixedencampment.com; pp_main_65aa283021630dfd9030555c4c61a78c=1; pbpr0tpuw4isk85t8yg3jb2lj5vqf=sensualtestresume.com
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Tue, 05 Dec 2023 16:33:22 GMT
content-type: image/gif
content-length: 43
last-modified: Mon, 28 Sep 1970 06:00:00 GMT
cache-control: max-age=31536000
cf-cache-status: HIT
age: 589
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=vwHIPo8v5TZo4ycmvatRGlkBPSSqC6syM8K%2Fz%2BWZYNOgSMb1hsLdo5uOosu6Mg41Segq0hG1vw062Ek%2BFJeHguilfLxLRHw5PhMsdsjWmCjps4aKEQFRPk0JLomiYtP%2FtvF%2BSQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 830db0c3491d88bc-LHR
alt-svc: h3=":443"; ma=86400
go.xlivrdr.com/smartpop/128029786fbed96fe880330bb083ecce41e122ba08e2711908bc9493ef368344?userId=ed4e3449202a44afa8131507a9d12a1c962321860e4bfcc2aa1b33a18897b60e&sourceId=271333&memberId=K6YNDI7X5gYHxE_6IHqQ2o7-5M49y_O0830F3tx6my9JmSjNxjkh8ZD5GTOL6Owk2lhvXGnIx67OtM2JrZwhsUDWTxd0axM7aKaG93gtpSy-JEM_gUIDRUi&p1=3803312&buttonColor=%23930606&liveBadgeColor=%23ff0707
0 B URL go.xlivrdr.com/smartpop/128029786fbed96fe880330bb083ecce41e122ba08e2711908bc9493ef368344?userId=ed4e3449202a44afa8131507a9d12a1c962321860e4bfcc2aa1b33a18897b60e&sourceId=271333&memberId=K6YNDI7X5gYHxE_6IHqQ2o7-5M49y_O0830F3tx6my9JmSjNxjkh8ZD5GTOL6Owk2lhvXGnIx67OtM2JrZwhsUDWTxd0axM7aKaG93gtpSy-JEM_gUIDRUi&p1=3803312&buttonColor=%23930606&liveBadgeColor=%23ff0707
IP
Certificate IssuerCloudflare, Inc.
Subjectxlivrdr.com
FingerprintDA:D9:AC:E4:B1:E8:44:C4:D9:A4:0E:1B:DF:33:4B:24:74:45:7D:0E
ValidityWed, 03 May 2023 00:00:00 GMT - Wed, 01 May 2024 23:59:59 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /smartpop/128029786fbed96fe880330bb083ecce41e122ba08e2711908bc9493ef368344?userId=ed4e3449202a44afa8131507a9d12a1c962321860e4bfcc2aa1b33a18897b60e&sourceId=271333&memberId=K6YNDI7X5gYHxE_6IHqQ2o7-5M49y_O0830F3tx6my9JmSjNxjkh8ZD5GTOL6Owk2lhvXGnIx67OtM2JrZwhsUDWTxd0axM7aKaG93gtpSy-JEM_gUIDRUi&p1=3803312&buttonColor=%23930606&liveBadgeColor=%23ff0707 HTTP/1.1
Host: go.xlivrdr.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://tsyndicate.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 302 Found
date: Tue, 05 Dec 2023 16:33:22 GMT
content-length: 0
location: https://creative.fxmnba.com/widgets/v4/Universal?action=sbSignupWithModel&buttonColor=%23930606&campaignId=128029786fbed96fe880330bb083ecce41e122ba08e2711908bc9493ef368344&campaignType=smartpop&creativeId=d61a8beea3946d486612a3452b3d53ba84299ee51efd9260534d85230347af08&iterationId=765913&liveBadgeColor=%23ff0707&masterSmartpopId=1914&memberId=K6YNDI7X5gYHxE_6IHqQ2o7-5M49y_O0830F3tx6my9JmSjNxjkh8ZD5GTOL6Owk2lhvXGnIx67OtM2JrZwhsUDWTxd0axM7aKaG93gtpSy-JEM_gUIDRUi&mlView=1&p1=3803312&quality=240p&ruleId=17&smartpopId=1548&sourceId=271333&usePreroll=0&userId=ed4e3449202a44afa8131507a9d12a1c962321860e4bfcc2aa1b33a18897b60e&variationId=32246&webp=1
access-control-allow-credentials: true
access-control-allow-headers: Content-Type, Content-Length, Accept-Encoding, x-requested-with
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Bitness, Sec-CH-UA-Wow64
cf-cache-status: DYNAMIC
set-cookie: _var=808614.32246_OWQzYzU1NjU=; Path=/; Expires=Thu, 04 Jan 2024 16:33:22 GMT; HttpOnly; SameSite=Strict
__cflb=02DiuDFRFiBZBvMSLtrsn3TfoaR3cJpttPNewknRGvr68; SameSite=None; Secure; path=/; expires=Wed, 06-Dec-23 16:33:22 GMT; HttpOnly
server: cloudflare
cf-ray: 830db0c33cdab503-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
go.xlivrdr.com/smartpop/128029786fbed96fe880330bb083ecce41e122ba08e2711908bc9493ef368344?userId=ed4e3449202a44afa8131507a9d12a1c962321860e4bfcc2aa1b33a18897b60e&sourceId=271333&memberId=zW3mM2jYhlYD3m_Yhh5ia7VThUZtOkWbqYZpYz6niavDwOJLc2jKfAayaGx2Qb-lX9hz2fL-TZBYqsBUTBFY-rON2JX6VuzIQPwtWMuUSXAP9is_gUIDRUi&p1=3803312&buttonColor=%23930606&liveBadgeColor=%23ff0707
0 B URL GET go.xlivrdr.com/smartpop/128029786fbed96fe880330bb083ecce41e122ba08e2711908bc9493ef368344?userId=ed4e3449202a44afa8131507a9d12a1c962321860e4bfcc2aa1b33a18897b60e&sourceId=271333&memberId=zW3mM2jYhlYD3m_Yhh5ia7VThUZtOkWbqYZpYz6niavDwOJLc2jKfAayaGx2Qb-lX9hz2fL-TZBYqsBUTBFY-rON2JX6VuzIQPwtWMuUSXAP9is_gUIDRUi&p1=3803312&buttonColor=%23930606&liveBadgeColor=%23ff0707
IP
Requested by https://tsyndicate.com/iframes2/449e4fe3501746fda88f88df1f88ddf7.html?keywords=%E2%9D%A4%EF%B8%8F%20NTR%20%E2%9D%A4%EF%B8%8F%20-%206&subid=1863026-2407948-32-30-0-windows-windows%2B10-no&adb=0&clientjs=1&w=1280&h=1024&tz=0
Certificate IssuerCloudflare, Inc.
Subjectxlivrdr.com
FingerprintDA:D9:AC:E4:B1:E8:44:C4:D9:A4:0E:1B:DF:33:4B:24:74:45:7D:0E
ValidityWed, 03 May 2023 00:00:00 GMT - Wed, 01 May 2024 23:59:59 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /smartpop/128029786fbed96fe880330bb083ecce41e122ba08e2711908bc9493ef368344?userId=ed4e3449202a44afa8131507a9d12a1c962321860e4bfcc2aa1b33a18897b60e&sourceId=271333&memberId=zW3mM2jYhlYD3m_Yhh5ia7VThUZtOkWbqYZpYz6niavDwOJLc2jKfAayaGx2Qb-lX9hz2fL-TZBYqsBUTBFY-rON2JX6VuzIQPwtWMuUSXAP9is_gUIDRUi&p1=3803312&buttonColor=%23930606&liveBadgeColor=%23ff0707 HTTP/1.1
Host: go.xlivrdr.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://tsyndicate.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 302 Found
date: Tue, 05 Dec 2023 16:33:22 GMT
content-length: 0
location: https://creative.fxmnba.com/widgets/v4/Universal?action=sbSignupWithModel&buttonColor=%23930606&campaignId=128029786fbed96fe880330bb083ecce41e122ba08e2711908bc9493ef368344&campaignType=smartpop&creativeId=d61a8beea3946d486612a3452b3d53ba84299ee51efd9260534d85230347af08&iterationId=765913&liveBadgeColor=%23ff0707&masterSmartpopId=1914&memberId=zW3mM2jYhlYD3m_Yhh5ia7VThUZtOkWbqYZpYz6niavDwOJLc2jKfAayaGx2Qb-lX9hz2fL-TZBYqsBUTBFY-rON2JX6VuzIQPwtWMuUSXAP9is_gUIDRUi&mlView=1&p1=3803312&quality=240p&ruleId=17&smartpopId=1548&sourceId=271333&usePreroll=0&userId=ed4e3449202a44afa8131507a9d12a1c962321860e4bfcc2aa1b33a18897b60e&variationId=32246&webp=1
access-control-allow-credentials: true
access-control-allow-headers: Content-Type, Content-Length, Accept-Encoding, x-requested-with
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Bitness, Sec-CH-UA-Wow64
cf-cache-status: DYNAMIC
set-cookie: _var=808614.32246_OWQzYzU1NjU=; Path=/; Expires=Thu, 04 Jan 2024 16:33:22 GMT; HttpOnly; SameSite=Strict
__cflb=0H28upDCGznfDm9XVDQgYY38nUsBbmdTrqUX3CaEqNC; SameSite=None; Secure; path=/; expires=Wed, 06-Dec-23 16:33:22 GMT; HttpOnly
server: cloudflare
cf-ray: 830db0c34cf5b503-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
poweredby.jads.co/adshow.php?adzone=818858
200 OK 1.8 kB URL GET HTTP/1.1 poweredby.jads.co/adshow.php?adzone=818858
IP
Requested by https://fr.hentai-img.com/image/-ntr-/page/6/
Certificate IssuerSectigo Limited
Subject*.jads.co
Fingerprint9E:B2:20:AC:19:4B:72:8F:12:D9:D6:5A:6A:B5:BE:EE:46:13:48:EB
ValidityMon, 26 Dec 2022 00:00:00 GMT - Fri, 26 Jan 2024 23:59:59 GMT
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with very long lines (1626), with CRLF, LF line terminators
Hash 9efb7fc53fec92bd387a442b4cb9189d
5b24a5dc8e5f938c35a34d9589cdc141a081109c
dcc05718396ec06fbf315e75883286e29bda4bcb3e61caa5990918c8da01be02
GET /adshow.php?adzone=818858 HTTP/1.1
Host: poweredby.jads.co
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://fr.hentai-img.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Tue, 05 Dec 2023 16:33:22 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: close
X-Powered-By: PHP/5.6.40
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CUR OUR IND STA"
Set-Cookie: surferid=fe7ba1ce5f9429be939bebe21f1d12d1; expires=Wed, 04-Dec-2024 16:33:20 GMT; Max-Age=31536000; path=/; SameSite=None; Secure; domain=.jads.co
juicy_data_1=YTowOnt9; expires=Fri, 08-Dec-2023 16:33:20 GMT; Max-Age=259198; path=/; SameSite=None; Secure; domain=jads.co
juicy_data=YToxOntzOjEyOiJqdWljeV9kYXRhXzEiO3M6MToiMSI7fQ%3D%3D; expires=Fri, 08-Dec-2023 16:33:20 GMT; Max-Age=259198; path=/; SameSite=None; Secure; domain=jads.co
Content-Encoding: gzip
poweredby.jads.co/adshow.php?adzone=818858
200 OK 1.7 kB URL GET HTTP/1.1 poweredby.jads.co/adshow.php?adzone=818858
IP
Requested by https://fr.hentai-img.com/image/-ntr-/page/6/
Certificate IssuerSectigo Limited
Subject*.jads.co
Fingerprint9E:B2:20:AC:19:4B:72:8F:12:D9:D6:5A:6A:B5:BE:EE:46:13:48:EB
ValidityMon, 26 Dec 2022 00:00:00 GMT - Fri, 26 Jan 2024 23:59:59 GMT
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with very long lines (400), with CRLF, LF line terminators
Hash 813aa556d3f8812c76a5fcf739aa2088
b38754047b4fce24fc6bfd32cef96f6bfaeee3bb
d68f4ce06daa4ece7dcb165cbdca5a00e72c31b3407b2deb9e13b7b1cdedf8cb
GET /adshow.php?adzone=818858 HTTP/1.1
Host: poweredby.jads.co
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://fr.hentai-img.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Tue, 05 Dec 2023 16:33:22 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: close
X-Powered-By: PHP/5.6.40
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CUR OUR IND STA"
Set-Cookie: surferid=0967ca38fe05b367a3922976fea84dce; expires=Wed, 04-Dec-2024 16:33:22 GMT; Max-Age=31536000; path=/; SameSite=None; Secure; domain=.jads.co
juicy_data_1=YTowOnt9; expires=Fri, 08-Dec-2023 16:33:22 GMT; Max-Age=259200; path=/; SameSite=None; Secure; domain=jads.co
juicy_data=YToxOntzOjEyOiJqdWljeV9kYXRhXzEiO3M6MToiMSI7fQ%3D%3D; expires=Fri, 08-Dec-2023 16:33:22 GMT; Max-Age=259200; path=/; SameSite=None; Secure; domain=jads.co
Content-Encoding: gzip
poweredby.jads.co/adshow.php?adzone=818858
200 OK 1.7 kB URL GET HTTP/1.1 poweredby.jads.co/adshow.php?adzone=818858
IP
Requested by https://fr.hentai-img.com/image/-ntr-/page/6/
Certificate IssuerSectigo Limited
Subject*.jads.co
Fingerprint9E:B2:20:AC:19:4B:72:8F:12:D9:D6:5A:6A:B5:BE:EE:46:13:48:EB
ValidityMon, 26 Dec 2022 00:00:00 GMT - Fri, 26 Jan 2024 23:59:59 GMT
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with very long lines (400), with CRLF, LF line terminators
Hash c80323d49a66965cd7cf7319623b2e4a
4db0c8d81dd16a9cefe57ce075307927fad84384
aee61ba429d931c40c5a0b71a86814a40f9893f735e10955b23f77aeca4e388a
GET /adshow.php?adzone=818858 HTTP/1.1
Host: poweredby.jads.co
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://fr.hentai-img.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Tue, 05 Dec 2023 16:33:22 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: close
X-Powered-By: PHP/5.6.40
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CUR OUR IND STA"
Set-Cookie: surferid=0967ca38fe05b367a3922976fea84dce; expires=Wed, 04-Dec-2024 16:33:22 GMT; Max-Age=31536000; path=/; SameSite=None; Secure; domain=.jads.co
juicy_data_1=YTowOnt9; expires=Fri, 08-Dec-2023 16:33:22 GMT; Max-Age=259200; path=/; SameSite=None; Secure; domain=jads.co
juicy_data=YToxOntzOjEyOiJqdWljeV9kYXRhXzEiO3M6MToiMSI7fQ%3D%3D; expires=Fri, 08-Dec-2023 16:33:22 GMT; Max-Age=259200; path=/; SameSite=None; Secure; domain=jads.co
Content-Encoding: gzip
i.jads.co/network/user22416/30553-1544525888-0100799001544525888.png
200 OK 60 kB URL GET HTTP/1.1 i.jads.co/network/user22416/30553-1544525888-0100799001544525888.png
IP
Requested by https://poweredby.jads.co/adshow.php?adzone=681607
Certificate IssuerSectigo Limited
Subject*.jads.co
Fingerprint9E:B2:20:AC:19:4B:72:8F:12:D9:D6:5A:6A:B5:BE:EE:46:13:48:EB
ValidityMon, 26 Dec 2022 00:00:00 GMT - Fri, 26 Jan 2024 23:59:59 GMT
File type PNG image data, 300 x 250, 8-bit/color RGBA, non-interlaced\012- data
Hash eef1c64ef9fc090e6e69a494e3799f21
aa78cbfe45395398eaa598f101e775f7c1e7912d
f95f832186fa40bceb4ea76af521bdf040c6e5cac6e54a48c0f10ef93dd35b7c
GET /network/user22416/30553-1544525888-0100799001544525888.png HTTP/1.1
Host: i.jads.co
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://poweredby.jads.co/
Cookie: surferid=0967ca38fe05b367a3922976fea84dce; imps30553=1; juicy_data_1=YToxOntpOjcxMzIzMztpOjE3MDIwNTMyMDI7fQ%3D%3D; juicy_data=YToxOntzOjEyOiJqdWljeV9kYXRhXzEiO3M6MToiMSI7fQ%3D%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Tue, 05 Dec 2023 16:33:22 GMT
Connection: Keep-Alive
ETag: "1544525888"
Cache-Control: max-age=22518107
Content-Length: 59543
Content-Type: image/png
Last-Modified: Tue, 11 Dec 2018 10:58:08 GMT
Accept-Ranges: bytes
X-HW: 1701794002.dop209.sk1.t,1701794002.cds249.sk1.shn,1701794002.dop209.sk1.t,1701794002.cds222.sk1.c
www.google.no/ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-1PLLYQLZ1L&cid=1152631006.1701794005>m=45je3bt0v874625503z8831581666&aip=1&dma=1&dma_cps=sypham&gcd=11l1l1l1l1&z=1961073573
42 B URL www.google.no/ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-1PLLYQLZ1L&cid=1152631006.1701794005>m=45je3bt0v874625503z8831581666&aip=1&dma=1&dma_cps=sypham&gcd=11l1l1l1l1&z=1961073573
IP
File type GIF image data, version 89a, 1 x 1\012- data
Hash d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
GET /ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-1PLLYQLZ1L&cid=1152631006.1701794005>m=45je3bt0v874625503z8831581666&aip=1&dma=1&dma_cps=sypham&gcd=11l1l1l1l1&z=1961073573 HTTP/1.1
Host: www.google.no
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://fr.hentai-img.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Tue, 05 Dec 2023 16:33:22 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
i.jads.co/network/user22416/30553-1544525888-0100799001544525888.png
200 OK 60 kB URL GET HTTP/1.1 i.jads.co/network/user22416/30553-1544525888-0100799001544525888.png
IP
Requested by https://poweredby.jads.co/adshow.php?adzone=681607
Certificate IssuerSectigo Limited
Subject*.jads.co
Fingerprint9E:B2:20:AC:19:4B:72:8F:12:D9:D6:5A:6A:B5:BE:EE:46:13:48:EB
ValidityMon, 26 Dec 2022 00:00:00 GMT - Fri, 26 Jan 2024 23:59:59 GMT
File type PNG image data, 300 x 250, 8-bit/color RGBA, non-interlaced\012- data
Hash eef1c64ef9fc090e6e69a494e3799f21
aa78cbfe45395398eaa598f101e775f7c1e7912d
f95f832186fa40bceb4ea76af521bdf040c6e5cac6e54a48c0f10ef93dd35b7c
GET /network/user22416/30553-1544525888-0100799001544525888.png HTTP/1.1
Host: i.jads.co
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://poweredby.jads.co/
Cookie: surferid=0967ca38fe05b367a3922976fea84dce; imps30553=1; juicy_data_1=YTowOnt9; juicy_data=YToxOntzOjEyOiJqdWljeV9kYXRhXzEiO3M6MToiMSI7fQ%3D%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Tue, 05 Dec 2023 16:33:22 GMT
Connection: Keep-Alive
ETag: "1544525888"
Cache-Control: max-age=22518107
Content-Length: 59543
Content-Type: image/png
Last-Modified: Tue, 11 Dec 2018 10:58:08 GMT
Accept-Ranges: bytes
X-HW: 1701794002.dop202.sk1.t,1701794002.cds220.sk1.shn,1701794002.dop202.sk1.t,1701794002.cds222.sk1.c
hentai-img.com/api/w/?m=external_recommend&search_type=merge&language=fr&count=4&domain=hentai-video-xxx.com&tag[]=sword-art-online&time=4536b692e24b459f85296d6adc0fb142
544 B URL hentai-img.com/api/w/?m=external_recommend&search_type=merge&language=fr&count=4&domain=hentai-video-xxx.com&tag[]=sword-art-online&time=4536b692e24b459f85296d6adc0fb142
IP
File type HTML document, ASCII text
Hash 43809aa376d7cd1d7fed82cfa5bcc624
1db4cd2812e85b4d3ca95b0fc4126d938b525880
cd21d8f96abc4c6e04de0501e1d05e18978227440310bd409901308665263640
POST /api/w/?m=external_recommend&search_type=merge&language=fr&count=4&domain=hentai-video-xxx.com&tag[]=sword-art-online&time=4536b692e24b459f85296d6adc0fb142 HTTP/1.1
Host: hentai-img.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html, */*; q=0.01
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://fr.hentai-img.com
DNT: 1
Connection: keep-alive
Referer: https://fr.hentai-img.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
Content-Length: 0
HTTP/2 200 OK
date: Tue, 05 Dec 2023 16:33:20 GMT
content-type: text/html; charset=utf-8
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, User-Agent
link: <https://hentai-video-xxx.com/ranking/>; rel="canonical"
access-control-allow-origin: *
fastcgi-cache: MISS
x-frame-options: SAMEORIGIN, SAMEORIGIN
x-cache: HIT
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=PP%2FQc%2FaXIP06XIIJjX7PEO4tdT9AzIFZxf96K61Hg4cQ7svDIYDGil62w799eHL0Evkw0kifboayEAE4h1kR4OfmbzdUFtSLZGzQXL%2BioSEroQ2FjNkiyZEtXzp7e5E2Fg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 830db0b79c2248bc-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
i.jads.co/1x1.gif
28 kB IP
Certificate IssuerSectigo Limited
Subject*.jads.co
Fingerprint9E:B2:20:AC:19:4B:72:8F:12:D9:D6:5A:6A:B5:BE:EE:46:13:48:EB
ValidityMon, 26 Dec 2022 00:00:00 GMT - Fri, 26 Jan 2024 23:59:59 GMT
File type JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 250x250, components 3\012- data
Hash 2acfb73fd2df022a7dad5595adef5bda
939b803ea641bd427b7599f92a816262e7a5bf48
3d4610a2ab69d08e54685d0d3cfcf03ec663bacff8cc89a1e0a2904a7769e641
GET /1x1.gif HTTP/1.1
Host: i.jads.co
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://poweredby.jads.co/
Cookie: surferid=0967ca38fe05b367a3922976fea84dce; imps30553=1; juicy_data_1=YTowOnt9; juicy_data=YToxOntzOjEyOiJqdWljeV9kYXRhXzEiO3M6MToiMSI7fQ%3D%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Tue, 05 Dec 2023 16:33:22 GMT
Connection: Keep-Alive
ETag: "1478208967"
Cache-Control: max-age=18483694
Content-Length: 27460
Content-Type: image/jpeg
Last-Modified: Thu, 03 Nov 2016 21:36:07 GMT
Accept-Ranges: bytes
X-HW: 1701794002.dop229.sk1.t,1701794002.cds251.sk1.shn,1701794002.dop229.sk1.t,1701794002.cds217.sk1.c
poweredby.jads.co/adshow.php?adzone=681608
1.6 kB URL poweredby.jads.co/adshow.php?adzone=681608
IP
Certificate IssuerSectigo Limited
Subject*.jads.co
Fingerprint9E:B2:20:AC:19:4B:72:8F:12:D9:D6:5A:6A:B5:BE:EE:46:13:48:EB
ValidityMon, 26 Dec 2022 00:00:00 GMT - Fri, 26 Jan 2024 23:59:59 GMT
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with very long lines (368), with CRLF, LF line terminators
Hash 6fc6fedbaebcbd975010ecf0d4895645
e78be7287b69d7726d3f5740c19b95326bcf54b1
d300d9f6d30287f8165d52ee146672fa8ade2fa8e761c9d511cdc0af0136b12b
GET /adshow.php?adzone=681608 HTTP/1.1
Host: poweredby.jads.co
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://fr.hentai-img.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Tue, 05 Dec 2023 16:33:22 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: close
X-Powered-By: PHP/5.6.40
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CUR OUR IND STA"
Set-Cookie: surferid=0967ca38fe05b367a3922976fea84dce; expires=Wed, 04-Dec-2024 16:33:22 GMT; Max-Age=31536000; path=/; SameSite=None; Secure; domain=.jads.co
juicy_data_1=YTowOnt9; expires=Fri, 08-Dec-2023 16:33:22 GMT; Max-Age=259200; path=/; SameSite=None; Secure; domain=jads.co
juicy_data=YToxOntzOjEyOiJqdWljeV9kYXRhXzEiO3M6MToiMSI7fQ%3D%3D; expires=Fri, 08-Dec-2023 16:33:22 GMT; Max-Age=259200; path=/; SameSite=None; Secure; domain=jads.co
Content-Encoding: gzip
12ezo5v60.com/chicken.gif?z=1989865&pb=575542c1f120b86d47bd68fde8d460b61701801200&psp=LO5Wp3BJmG_lJN1fHJ_0XV9XNIqu8n6suhRNX1Se5jUEL1fBe2xr95qusB3Tv6397jpDHfdH0QzM7miHHgcM-s8vNU0rQp98tApV6FyYn4054uMWv3FFf9ux9nXO7vC0g8M-1unsA9zsbHrYfe0Vx8-qP-ajzprFLOjzYe3Cz0_DfN2_lvF9-dh1n8q6c-jM9_gU2V4X8Z3LryhWddr2fSsngNuEQCOVynpyexX5l1Fn0IY9aNnoiOBUgV-fel-QP26oat6T5sBtnBe79wTxFINpWjd_MSLoO6HT6ZAPgjwD-brcxd5Ld0MNAfpIk8s1EDeH3FbCCFbHZpW2eZAerLgUi-KQqXXmArJ9CkURTLrUDv_ubdF8SP_wVGzDi6pbVzj3WKSfjVLmJrZKed1sF9ehR4hd60acYFnPPBY2ykp0d3nCAd5gTSVclDyMhiRp_fDcTM1_4qYDEZFg4tpMbpLa_-JRup3Y1piFUb-VA0PdHYk-3B0eHREfJ-TFC4mZ6r189Kfg0NUfisoNH2EQFKZzozwRbO-_YRQJg7rSnkEqah-McSCVQ8K9iIOmKgyEos1Peh56_PEfT9r0xVod0H9y0s5y12ptIHfohXm4L4z2Gy3ObES_XHB6592LDY4ERoaW0N-L7bGue0nbuFXM-7PH6URt3dhvcdx3qLuR7NghX-pD2PR56DnLxO17lbx5Db0XLDGdPoCJlnt9e42nvRML-vMOZm_f4CztTz87Yzm4IcjX_HgDlj4v7Q7nXmrncxKfqfK9LCiOy9EFLxIijSY-Lhd_lHqi3g6kfc5rFlr_Nc71xFkG8bY6JaLB6jphE-_vsK2xEmDMM5boZ8FLu1KIVVM3dglljXAZkPTGonXaPJxz-dWN44G5FePOAaiDjtRMZxJSH5XsdtV6iJbeObahkfEYG3f8zY2KW3MPIQIOzs6aFw7p8orD1ic2LLpqyleU36OrNHTcRtDotGRKmqtmGgdwIoLVKFrqDaajC5BjFtpgtqB26yT5DEyfKekUcs9rM71K6kM1mq4kpYuQ3eoY0JHpWgMJ8sO-u5GkwEBoA6FMQkPO550kTWZgyPQfSKZR4bR-9yogCpvFkujIM7FL_ucr5AVQ1HD81Lmbi7msF5_Kw7I0ghxvuE-9j3chj3bEki1gYMdWrvCdy_oBXoBuoavnN7Sh3kwRNS6Lmyuy-rF4FQHA_sFl7YN0lI8TKEk_voKblu4FXXkQaosmOLHTXqyjdGFv67bx__5FStrRYnYUv5LU51ILIW-qOEeBaieCvhakU0eCcGVTq_0EkCOeCe7NjFTHPaFJS60WgZp6AcmBXf6TKJvBIiD23pmG7gJ1pwz7tCsqgRw89I_XrbJsubPH3kGXN_KiDDt4vnbmA6vXZYyDqO6SH4XOmbXgJaHN8Nt93vurTBepRYD6ZVDKQ0ACf9TwZP9DhM3CGDwus8ERQJxfHYmYbXkw1jZJuO6-u5xvu6CJLWrSWX-gWBMLJCA9Vp1qsHiEeSd5jSwGs_KaAQnkrCkEjqfCroZxcpUG1vuJT4v-3WJdiTVhARTHWNb2_ht9th37g2WfyAfB&im=1&freq=0&nojs=0&abvar=0&febuild=1.0.179&t=0&wcks=1&wgl=0&cnvs=1&os=0&ss=1&ls=1&bb=0&plu=PDF%20Viewer::Chrome%20PDF%20Viewer::Chromium%20PDF%20Viewer::Microsoft%20Edge%20PDF%20Viewer::WebKit%20built-in%20PDF&lang=en-US&pf=Linux%20x86_64&cd=24&ix=0&x=1280&y=1024&md=0&afid=674478725400064&eclog=0&sp=1&im=1
43 B URL 12ezo5v60.com/chicken.gif?z=1989865&pb=575542c1f120b86d47bd68fde8d460b61701801200&psp=LO5Wp3BJmG_lJN1fHJ_0XV9XNIqu8n6suhRNX1Se5jUEL1fBe2xr95qusB3Tv6397jpDHfdH0QzM7miHHgcM-s8vNU0rQp98tApV6FyYn4054uMWv3FFf9ux9nXO7vC0g8M-1unsA9zsbHrYfe0Vx8-qP-ajzprFLOjzYe3Cz0_DfN2_lvF9-dh1n8q6c-jM9_gU2V4X8Z3LryhWddr2fSsngNuEQCOVynpyexX5l1Fn0IY9aNnoiOBUgV-fel-QP26oat6T5sBtnBe79wTxFINpWjd_MSLoO6HT6ZAPgjwD-brcxd5Ld0MNAfpIk8s1EDeH3FbCCFbHZpW2eZAerLgUi-KQqXXmArJ9CkURTLrUDv_ubdF8SP_wVGzDi6pbVzj3WKSfjVLmJrZKed1sF9ehR4hd60acYFnPPBY2ykp0d3nCAd5gTSVclDyMhiRp_fDcTM1_4qYDEZFg4tpMbpLa_-JRup3Y1piFUb-VA0PdHYk-3B0eHREfJ-TFC4mZ6r189Kfg0NUfisoNH2EQFKZzozwRbO-_YRQJg7rSnkEqah-McSCVQ8K9iIOmKgyEos1Peh56_PEfT9r0xVod0H9y0s5y12ptIHfohXm4L4z2Gy3ObES_XHB6592LDY4ERoaW0N-L7bGue0nbuFXM-7PH6URt3dhvcdx3qLuR7NghX-pD2PR56DnLxO17lbx5Db0XLDGdPoCJlnt9e42nvRML-vMOZm_f4CztTz87Yzm4IcjX_HgDlj4v7Q7nXmrncxKfqfK9LCiOy9EFLxIijSY-Lhd_lHqi3g6kfc5rFlr_Nc71xFkG8bY6JaLB6jphE-_vsK2xEmDMM5boZ8FLu1KIVVM3dglljXAZkPTGonXaPJxz-dWN44G5FePOAaiDjtRMZxJSH5XsdtV6iJbeObahkfEYG3f8zY2KW3MPIQIOzs6aFw7p8orD1ic2LLpqyleU36OrNHTcRtDotGRKmqtmGgdwIoLVKFrqDaajC5BjFtpgtqB26yT5DEyfKekUcs9rM71K6kM1mq4kpYuQ3eoY0JHpWgMJ8sO-u5GkwEBoA6FMQkPO550kTWZgyPQfSKZR4bR-9yogCpvFkujIM7FL_ucr5AVQ1HD81Lmbi7msF5_Kw7I0ghxvuE-9j3chj3bEki1gYMdWrvCdy_oBXoBuoavnN7Sh3kwRNS6Lmyuy-rF4FQHA_sFl7YN0lI8TKEk_voKblu4FXXkQaosmOLHTXqyjdGFv67bx__5FStrRYnYUv5LU51ILIW-qOEeBaieCvhakU0eCcGVTq_0EkCOeCe7NjFTHPaFJS60WgZp6AcmBXf6TKJvBIiD23pmG7gJ1pwz7tCsqgRw89I_XrbJsubPH3kGXN_KiDDt4vnbmA6vXZYyDqO6SH4XOmbXgJaHN8Nt93vurTBepRYD6ZVDKQ0ACf9TwZP9DhM3CGDwus8ERQJxfHYmYbXkw1jZJuO6-u5xvu6CJLWrSWX-gWBMLJCA9Vp1qsHiEeSd5jSwGs_KaAQnkrCkEjqfCroZxcpUG1vuJT4v-3WJdiTVhARTHWNb2_ht9th37g2WfyAfB&im=1&freq=0&nojs=0&abvar=0&febuild=1.0.179&t=0&wcks=1&wgl=0&cnvs=1&os=0&ss=1&ls=1&bb=0&plu=PDF%20Viewer::Chrome%20PDF%20Viewer::Chromium%20PDF%20Viewer::Microsoft%20Edge%20PDF%20Viewer::WebKit%20built-in%20PDF&lang=en-US&pf=Linux%20x86_64&cd=24&ix=0&x=1280&y=1024&md=0&afid=674478725400064&eclog=0&sp=1&im=1
IP
File type GIF image data, version 89a, 1 x 1\012- data
Hash 28e463819a210071de3b45ebe7633613
6dccd571828ec0912629119cf7eabfea9f33ddbc
44251f61629e2bfeead421241a917f43ad047af351659f01cd8fd937f0417f84
GET /chicken.gif?z=1989865&pb=575542c1f120b86d47bd68fde8d460b61701801200&psp=LO5Wp3BJmG_lJN1fHJ_0XV9XNIqu8n6suhRNX1Se5jUEL1fBe2xr95qusB3Tv6397jpDHfdH0QzM7miHHgcM-s8vNU0rQp98tApV6FyYn4054uMWv3FFf9ux9nXO7vC0g8M-1unsA9zsbHrYfe0Vx8-qP-ajzprFLOjzYe3Cz0_DfN2_lvF9-dh1n8q6c-jM9_gU2V4X8Z3LryhWddr2fSsngNuEQCOVynpyexX5l1Fn0IY9aNnoiOBUgV-fel-QP26oat6T5sBtnBe79wTxFINpWjd_MSLoO6HT6ZAPgjwD-brcxd5Ld0MNAfpIk8s1EDeH3FbCCFbHZpW2eZAerLgUi-KQqXXmArJ9CkURTLrUDv_ubdF8SP_wVGzDi6pbVzj3WKSfjVLmJrZKed1sF9ehR4hd60acYFnPPBY2ykp0d3nCAd5gTSVclDyMhiRp_fDcTM1_4qYDEZFg4tpMbpLa_-JRup3Y1piFUb-VA0PdHYk-3B0eHREfJ-TFC4mZ6r189Kfg0NUfisoNH2EQFKZzozwRbO-_YRQJg7rSnkEqah-McSCVQ8K9iIOmKgyEos1Peh56_PEfT9r0xVod0H9y0s5y12ptIHfohXm4L4z2Gy3ObES_XHB6592LDY4ERoaW0N-L7bGue0nbuFXM-7PH6URt3dhvcdx3qLuR7NghX-pD2PR56DnLxO17lbx5Db0XLDGdPoCJlnt9e42nvRML-vMOZm_f4CztTz87Yzm4IcjX_HgDlj4v7Q7nXmrncxKfqfK9LCiOy9EFLxIijSY-Lhd_lHqi3g6kfc5rFlr_Nc71xFkG8bY6JaLB6jphE-_vsK2xEmDMM5boZ8FLu1KIVVM3dglljXAZkPTGonXaPJxz-dWN44G5FePOAaiDjtRMZxJSH5XsdtV6iJbeObahkfEYG3f8zY2KW3MPIQIOzs6aFw7p8orD1ic2LLpqyleU36OrNHTcRtDotGRKmqtmGgdwIoLVKFrqDaajC5BjFtpgtqB26yT5DEyfKekUcs9rM71K6kM1mq4kpYuQ3eoY0JHpWgMJ8sO-u5GkwEBoA6FMQkPO550kTWZgyPQfSKZR4bR-9yogCpvFkujIM7FL_ucr5AVQ1HD81Lmbi7msF5_Kw7I0ghxvuE-9j3chj3bEki1gYMdWrvCdy_oBXoBuoavnN7Sh3kwRNS6Lmyuy-rF4FQHA_sFl7YN0lI8TKEk_voKblu4FXXkQaosmOLHTXqyjdGFv67bx__5FStrRYnYUv5LU51ILIW-qOEeBaieCvhakU0eCcGVTq_0EkCOeCe7NjFTHPaFJS60WgZp6AcmBXf6TKJvBIiD23pmG7gJ1pwz7tCsqgRw89I_XrbJsubPH3kGXN_KiDDt4vnbmA6vXZYyDqO6SH4XOmbXgJaHN8Nt93vurTBepRYD6ZVDKQ0ACf9TwZP9DhM3CGDwus8ERQJxfHYmYbXkw1jZJuO6-u5xvu6CJLWrSWX-gWBMLJCA9Vp1qsHiEeSd5jSwGs_KaAQnkrCkEjqfCroZxcpUG1vuJT4v-3WJdiTVhARTHWNb2_ht9th37g2WfyAfB&im=1&freq=0&nojs=0&abvar=0&febuild=1.0.179&t=0&wcks=1&wgl=0&cnvs=1&os=0&ss=1&ls=1&bb=0&plu=PDF%20Viewer::Chrome%20PDF%20Viewer::Chromium%20PDF%20Viewer::Microsoft%20Edge%20PDF%20Viewer::WebKit%20built-in%20PDF&lang=en-US&pf=Linux%20x86_64&cd=24&ix=0&x=1280&y=1024&md=0&afid=674478725400064&eclog=0&sp=1&im=1 HTTP/1.1
Host: 12ezo5v60.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: CHCK=1; UID=23120511331970d6c04e1445c9b921ba0ca8
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 05 Dec 2023 16:33:22 GMT
content-type: image/gif
content-length: 43
x-route-id: stats.impression
timing-allow-origin: *
accept-ch: sec-ch-ua-wow64,sec-ch-ua-full-version-list,sec-ch-ua,sec-ch-ua-platform,sec-ch-ua-mobile,sec-ch-ua-full-version,sec-ch-ua-platform-version,sec-ch-ua-arch,sec-ch-ua-bitness,sec-ch-ua-model,sec-ch-width,sec-ch-viewport-width,sec-ch-viewport-height,sec-ch-dpr,sec-ch-device-memory,sec-ch-rtt,sec-ch-prefers-color-scheme,sec-ch-prefers-reduced-motion,sec-ch-prefers-reduced-transparency,sec-ch-prefers-contrast,sec-ch-forced-colors,sec-ch-prefers-reduced-data
X-Firefox-Spdy: h2
i.jads.co/1x1.gif
28 kB IP
Certificate IssuerSectigo Limited
Subject*.jads.co
Fingerprint9E:B2:20:AC:19:4B:72:8F:12:D9:D6:5A:6A:B5:BE:EE:46:13:48:EB
ValidityMon, 26 Dec 2022 00:00:00 GMT - Fri, 26 Jan 2024 23:59:59 GMT
File type JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 250x250, components 3\012- data
Hash 2acfb73fd2df022a7dad5595adef5bda
939b803ea641bd427b7599f92a816262e7a5bf48
3d4610a2ab69d08e54685d0d3cfcf03ec663bacff8cc89a1e0a2904a7769e641
GET /1x1.gif HTTP/1.1
Host: i.jads.co
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://poweredby.jads.co/
Cookie: surferid=0967ca38fe05b367a3922976fea84dce; imps30553=1; juicy_data_1=YTowOnt9; juicy_data=YToxOntzOjEyOiJqdWljeV9kYXRhXzEiO3M6MToiMSI7fQ%3D%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Tue, 05 Dec 2023 16:33:22 GMT
Connection: Keep-Alive
ETag: "1478208967"
Cache-Control: max-age=18483694
Content-Length: 27460
Content-Type: image/jpeg
Last-Modified: Thu, 03 Nov 2016 21:36:07 GMT
Accept-Ranges: bytes
X-HW: 1701794002.dop209.sk1.t,1701794002.cds249.sk1.shn,1701794002.dop209.sk1.t,1701794002.cds217.sk1.c
ocsp.usertrust.com/
471 B IP
Hash b42e15c00ad94993236972470d8ee2ba
3b1a79a0ae163539e8886205af1a85ea46f855c3
bc096b9fa18be87c57f0037a0289a4bc7b623f031612389d4c6757d2d05287ee
POST / HTTP/1.1
Host: ocsp.usertrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Tue, 05 Dec 2023 16:33:23 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Tue, 05 Dec 2023 14:55:07 GMT
Expires: Tue, 12 Dec 2023 14:55:06 GMT
Etag: "3b1a79a0ae163539e8886205af1a85ea46f855c3"
Cache-Control: max-age=602885,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb5
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: HIT
Age: 1526
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 830db0c7fa48b503-OSL
i.jads.co/ads/user57648/ad1496647-1580450297.gif
332 kB URL i.jads.co/ads/user57648/ad1496647-1580450297.gif
IP
Certificate IssuerSectigo Limited
Subject*.jads.co
Fingerprint9E:B2:20:AC:19:4B:72:8F:12:D9:D6:5A:6A:B5:BE:EE:46:13:48:EB
ValidityMon, 26 Dec 2022 00:00:00 GMT - Fri, 26 Jan 2024 23:59:59 GMT
File type GIF image data, version 89a, 160 x 600\012- data
Size 332 kB (332111 bytes)
Hash 2ebbf23f9a6a6463e84a19194a8a82ce
c9fb0c201a3087841a2fe922fa05b7c2f50bccb6
58b7d97529777bf6f4066963840faae9379ebbc7fc9b28586a52302583efa364
GET /ads/user57648/ad1496647-1580450297.gif HTTP/1.1
Host: i.jads.co
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://poweredby.jads.co/
Cookie: surferid=0967ca38fe05b367a3922976fea84dce; imps30553=1; juicy_data_1=YTowOnt9; juicy_data=YToxOntzOjEyOiJqdWljeV9kYXRhXzEiO3M6MToiMSI7fQ%3D%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Tue, 05 Dec 2023 16:33:23 GMT
Connection: Keep-Alive
ETag: "1580450298"
Cache-Control: max-age=22516031
Content-Length: 332111
Content-Type: image/gif
Last-Modified: Fri, 31 Jan 2020 05:58:18 GMT
Accept-Ranges: bytes
X-HW: 1701794002.dop202.sk1.t,1701794002.cds220.sk1.shn,1701794003.dop202.sk1.t,1701794003.cds238.sk1.c
static.eabids.com/data/bannerpools/112022/33917.jpg
73 kB URL static.eabids.com/data/bannerpools/112022/33917.jpg
IP
Certificate IssuerLet's Encrypt
Subjectstatic.eabids.com
FingerprintE9:DD:1B:37:D8:1B:5D:D5:D9:23:EC:67:54:40:A0:7E:A7:02:D3:7F
ValidityThu, 05 Oct 2023 21:00:19 GMT - Wed, 03 Jan 2024 21:00:18 GMT
File type JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 300x250, components 3\012- data
Hash 7878e459e3a341049fb57b8637109839
7daa564cfe7d1b477ab10b7f000c9f895c39c93e
bcb79d540ab4c28441231cb3361d5abe00192dc661eba30ad9d9cd482ac08fc8
GET /data/bannerpools/112022/33917.jpg HTTP/1.1
Host: static.eabids.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://go.eabids.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 05 Dec 2023 16:33:23 GMT
content-type: image/jpeg
content-length: 72951
last-modified: Thu, 28 Apr 2022 13:46:07 GMT
etag: "626a9a9f-11cf7"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-backend-server: nl2-static-221
accept-ranges: bytes
X-Firefox-Spdy: h2
r.trackwilltrk.com/s1/9b7f1a3f-a560-43f5-96f0-409a96741233?externalId={extPlaceholder}&cost={costPlaceholder}&cv1={dynamicCON}&cv2=NO&cv3=121604&cv4=218716&cv5=818858&cv6=
1.1 kB URL GET r.trackwilltrk.com/s1/9b7f1a3f-a560-43f5-96f0-409a96741233?externalId={extPlaceholder}&cost={costPlaceholder}&cv1={dynamicCON}&cv2=NO&cv3=121604&cv4=218716&cv5=818858&cv6=
IP
ASN #39572 DataWeb Global Group B.V.
Requested by https://poweredby.jads.co/adshow.php?adzone=818858
Certificate IssuerLet's Encrypt
Subjectr.trackwilltrk.com
FingerprintA8:53:A6:ED:2C:DE:1B:AD:FC:D4:34:DD:83:A1:60:B4:8F:B1:28:DC
ValidityMon, 30 Oct 2023 07:27:38 GMT - Sun, 28 Jan 2024 07:27:37 GMT
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (386)
Hash 56b39c6650bd7e7a4aff5c9bd9b51e89
4cc63a653c55a40002f5df4baf362212d22fb077
a73d9e345c6f24347da2d71d08791c88ca3441627e5bedbff226f969e430141d
GET /s1/9b7f1a3f-a560-43f5-96f0-409a96741233?externalId={extPlaceholder}&cost={costPlaceholder}&cv1={dynamicCON}&cv2=NO&cv3=121604&cv4=218716&cv5=818858&cv6= HTTP/1.1
Host: r.trackwilltrk.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://poweredby.jads.co/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.20.1
Date: Tue, 05 Dec 2023 16:33:23 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: close
Set-Cookie: uid=ccehfBn-p; Path=/; Domain=trackwilltrk.com; Expires=Wed, 06 Dec 2023 16:33:23 GMT; HttpOnly
X-Request-Id: eafad8f1-80da-4b14-abeb-fe9ab541066c
Content-Encoding: gzip
r.trackwilltrk.com/s1/9b7f1a3f-a560-43f5-96f0-409a96741233?externalId={extPlaceholder}&cost={costPlaceholder}&cv1={dynamicCON}&cv2=NO&cv3=121604&cv4=218716&cv5=818858&cv6=
1.1 kB URL GET r.trackwilltrk.com/s1/9b7f1a3f-a560-43f5-96f0-409a96741233?externalId={extPlaceholder}&cost={costPlaceholder}&cv1={dynamicCON}&cv2=NO&cv3=121604&cv4=218716&cv5=818858&cv6=
IP
ASN #39572 DataWeb Global Group B.V.
Requested by https://poweredby.jads.co/adshow.php?adzone=818858
Certificate IssuerLet's Encrypt
Subjectr.trackwilltrk.com
FingerprintA8:53:A6:ED:2C:DE:1B:AD:FC:D4:34:DD:83:A1:60:B4:8F:B1:28:DC
ValidityMon, 30 Oct 2023 07:27:38 GMT - Sun, 28 Jan 2024 07:27:37 GMT
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (386)
Hash 56b39c6650bd7e7a4aff5c9bd9b51e89
4cc63a653c55a40002f5df4baf362212d22fb077
a73d9e345c6f24347da2d71d08791c88ca3441627e5bedbff226f969e430141d
GET /s1/9b7f1a3f-a560-43f5-96f0-409a96741233?externalId={extPlaceholder}&cost={costPlaceholder}&cv1={dynamicCON}&cv2=NO&cv3=121604&cv4=218716&cv5=818858&cv6= HTTP/1.1
Host: r.trackwilltrk.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://poweredby.jads.co/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.20.1
Date: Tue, 05 Dec 2023 16:33:23 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: close
Set-Cookie: uid=Hceh4oc-MY; Path=/; Domain=trackwilltrk.com; Expires=Wed, 06 Dec 2023 16:33:23 GMT; HttpOnly
X-Request-Id: 11b2da2b-a8aa-45bc-bbc3-9c1d917580f5
Content-Encoding: gzip
r.trackwilltrk.com/s1/9b7f1a3f-a560-43f5-96f0-409a96741233?externalId={extPlaceholder}&cost={costPlaceholder}&cv1={dynamicCON}&cv2=NO&cv3=121604&cv4=218716&cv5=818858&cv6=
1.1 kB URL GET r.trackwilltrk.com/s1/9b7f1a3f-a560-43f5-96f0-409a96741233?externalId={extPlaceholder}&cost={costPlaceholder}&cv1={dynamicCON}&cv2=NO&cv3=121604&cv4=218716&cv5=818858&cv6=
IP
ASN #39572 DataWeb Global Group B.V.
Requested by https://poweredby.jads.co/adshow.php?adzone=818858
Certificate IssuerLet's Encrypt
Subjectr.trackwilltrk.com
FingerprintA8:53:A6:ED:2C:DE:1B:AD:FC:D4:34:DD:83:A1:60:B4:8F:B1:28:DC
ValidityMon, 30 Oct 2023 07:27:38 GMT - Sun, 28 Jan 2024 07:27:37 GMT
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (386)
Hash 56b39c6650bd7e7a4aff5c9bd9b51e89
4cc63a653c55a40002f5df4baf362212d22fb077
a73d9e345c6f24347da2d71d08791c88ca3441627e5bedbff226f969e430141d
GET /s1/9b7f1a3f-a560-43f5-96f0-409a96741233?externalId={extPlaceholder}&cost={costPlaceholder}&cv1={dynamicCON}&cv2=NO&cv3=121604&cv4=218716&cv5=818858&cv6= HTTP/1.1
Host: r.trackwilltrk.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://poweredby.jads.co/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.20.1
Date: Tue, 05 Dec 2023 16:33:23 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: close
Set-Cookie: uid=nnAOfonzMH; Path=/; Domain=trackwilltrk.com; Expires=Wed, 06 Dec 2023 16:33:23 GMT; HttpOnly
X-Request-Id: 23b2b7de-0853-4caf-b88e-9789e8a3025f
Content-Encoding: gzip
cdn18685953.ahacdn.me/skins/webcam4.png
1.3 kB URL cdn18685953.ahacdn.me/skins/webcam4.png
IP
ASN #39572 DataWeb Global Group B.V.
File type PNG image data, 144 x 142, 8-bit/color RGBA, non-interlaced\012- data
Hash 00be7708797fa23e997643eebdd0e1dc
c32283451ff774f1d945a344b46afaf7e8cca400
011c0ba6c990319ddd1c670433ae0bfeaa379fbcac850acd3f32eb501905d435
GET /skins/webcam4.png HTTP/1.1
Host: cdn18685953.ahacdn.me
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://fr.hentai-img.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Tue, 05 Dec 2023 16:33:23 GMT
content-type: image/png
content-length: 1303
server: nginx/1.24.0
etag: 00be7708797fa23e997643eebdd0e1dc
last-modified: Thu, 03 Dec 2020 11:42:07 GMT
x-timestamp: 1606995726.49549
x-trans-id: txa8dd791a16be45c68ad0a-0065167b8d
x-openstack-request-id: txa8dd791a16be45c68ad0a-0065167b8d
access-control-allow-origin: *
access-control-allow-methods: HEAD,GET,POST,PUT,PATCH,DELETE,OPTIONS
access-control-allow-headers: Content-Type,X-Requested-With,X-Auth-Token,X-Openstack-Request-Id,X-Container-Meta-type,X-Container-Meta-Temp-URL-Key,Authorization
access-control-expose-headers: X-Container-Meta-Temp-Url-Key,X-Container-Bytes-Used,Last-Modified,X-Timestamp
expires: Thu, 07 Dec 2023 16:33:23 GMT
cache-control: max-age=172800
vary: Accept-Encoding
x-proxy-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
cdn.creative-bars1.com/sb/notifications/rtb/os-box/1-2/img/close.png
769 B URL cdn.creative-bars1.com/sb/notifications/rtb/os-box/1-2/img/close.png
IP
File type PNG image data, 23 x 23, 8-bit/color RGBA, non-interlaced\012- data
Hash 13b3b0cc6ce924780c0eec0b24c40c33
53b78225158a60f9327e135be26e365eb842f0df
7907c875d2dd81230f15826dffe1faa695cfb1f385adbb4d9480058d0d0112ad
GET /sb/notifications/rtb/os-box/1-2/img/close.png HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Tue, 05 Dec 2023 16:33:23 GMT
content-type: image/png
content-length: 769
last-modified: Wed, 30 Mar 2022 13:44:01 GMT
etag: "62445ea1-301"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 471641
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=yIYW67OaC4p0zPx41PSA0GmmuOk6%2F7khvGvE8b7OA4fT8AhAia389PBvom6%2FFSWOktgXBzklIT4mDfFxPYD%2Ftc50VKbZXrzKznV%2FSDlp7Zhdb9dQlpdQwDjAKsUt7a2f9CazrShWHeC0"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 830db0cacac8650f-LHR
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
12ezo5v60.com/chicken.gif?z=1989865&pb=575542c1f120b86d47bd68fde8d460b61701801200&psp=0-n6OUZxf1IODcDbtT_YntL4qFxR7U1poyvHH-vUmlFaUUckZiUYaPOGGWVliSlyW2kMAz1n2nK0UDa2HFXJ7pDwyU2tmFrTCDDuzjECj44QS80UmDC_NZisEty5m3xu6DoejZ57oQVBoHQ1SvP-qdsPC1-rlqVLAojXjjBdQws-fcYBwEGVaCzsNzAZn6MclkAoQ66Mmw8j5muKRoNe6N1zbWID13lfo-Ja4mqR7ToNb1NkICYTmEQMVuMiUq2NyaTHDERF83cf1kjGoDr9hWl5H9oO6lOkm_FAOP2Klw5MBbLAXgFTlUJeOWqdWqeQaRWvLTAQgClkXGVIEF5chLxfZ2Lhw9s8dv3Dg52gVLiglTFgSXwUUiQ2WgNPY46lAmHlTrKuhERmYaf-boMYf-WhbsrvR4BLih0UNHOYcoOgNVgTKyJi9mts537lUYi9m8kMOmDHWR9UQPtYtPmhwvmK7P4C_UcWKQ5Qs5Pb5qHqxjDaeO7-hIer7QRiyhFC7bE525sCo3Zq6MdSw8SjKUUsCLoUDW7RpOaX8uQoNWZnh7Gd9-9iNZFfBxWl6c8wFeN_MVIgxODM-AUM6fk4pTz2NPMa1YQjJnlEIfvYpy1WuelRnAZCyI2dzhQWMb8GVpO8KtHtTBxlAExg2EzzpPFiu4zCIrBXucAlkl7XwRKsUvPdM0p_B3tCniKs6DAMH8UIh5gylNvsf9bw3JCvZDDfuh2638gai4F-DGf2gLxFYwhpBzO_aDmCLI4-EWPhdLuCHK_wcOd9pFx3fUJhiHp9F42S232vf5m1H1h4jP4YSKgHPzjkMW9TcYQ4QUUXHWIkJyBocmzIwhA9JIoDRh7QLUJQJk0-Tdd70pRd8Zq4Dkhz2JEj1m4IUgrnksoUNBQwksdIcNY0KbUHHaFJJMe9vCN2zXSVnhOAFekAxRRt-WAB7GPtTuJkQA2jovjW35BXSQKQCfFligSR6-r2cULA7C7uRuH4A0Diz1Uh3Ibea5JA7uzwu7YoD-Wq9ttvXC5B93g6h0QdIze8_G-K8W-ITgzlWWyAeErCrEwot81sStU9E9gLaOSJGwEAwQ2XrkL9Xu_Oelb5py55gaFv_Qg_b1PkL7f8gw5y5rR5hNlmDR6bFIFc3sMi4T1ptTgu_qoMa1xJRKPUZ5vTx0zrA1Ms09PBb_GZHYHkFwolOi68UrzIOqr17WQL_VwSAnaFvxBZZzZE_9PmSG98tDcp4VJSLIogIcIQARZNykpDsBGb0UwGHCHEKxTQszZ7hXw9QXJx8lIpWTbCY14cqCXjbdN6zVlAnJEWjI5QU5qGnnzrW4WaGp_KSRaOVFt5-2V1s0SC2H7s9GgJkn1Y7af7fhWYx7ZXzvYY2hF7Ksu_ljnnp6E1JN23fpqqsdrdfIF77_xYcnh1KCR2EYM2Q2hQnGNBsALdWrtBW91yxiOizdacNn-6Ni9Amq8wyjCuFtjeBdR7jx2Zhhf5Ebg_dafB8gb_KjkuZ_2tDwe7WMX4_pE6aXJPA9HpMa0VWazGGQyzrd58GqaImiD2F9aDPQl7Fv0r4w8Hr7uR3qaThKQIzFt3&im=1&freq=0&nojs=0&abvar=0&febuild=1.0.179&t=0&wcks=1&wgl=0&cnvs=1&os=0&ss=1&ls=1&bb=0&plu=PDF%20Viewer::Chrome%20PDF%20Viewer::Chromium%20PDF%20Viewer::Microsoft%20Edge%20PDF%20Viewer::WebKit%20built-in%20PDF&lang=en-US&pf=Linux%20x86_64&cd=24&ix=0&x=1280&y=1024&md=0&afid=674478725400064&eclog=0&sp=1&im=1
43 B URL 12ezo5v60.com/chicken.gif?z=1989865&pb=575542c1f120b86d47bd68fde8d460b61701801200&psp=0-n6OUZxf1IODcDbtT_YntL4qFxR7U1poyvHH-vUmlFaUUckZiUYaPOGGWVliSlyW2kMAz1n2nK0UDa2HFXJ7pDwyU2tmFrTCDDuzjECj44QS80UmDC_NZisEty5m3xu6DoejZ57oQVBoHQ1SvP-qdsPC1-rlqVLAojXjjBdQws-fcYBwEGVaCzsNzAZn6MclkAoQ66Mmw8j5muKRoNe6N1zbWID13lfo-Ja4mqR7ToNb1NkICYTmEQMVuMiUq2NyaTHDERF83cf1kjGoDr9hWl5H9oO6lOkm_FAOP2Klw5MBbLAXgFTlUJeOWqdWqeQaRWvLTAQgClkXGVIEF5chLxfZ2Lhw9s8dv3Dg52gVLiglTFgSXwUUiQ2WgNPY46lAmHlTrKuhERmYaf-boMYf-WhbsrvR4BLih0UNHOYcoOgNVgTKyJi9mts537lUYi9m8kMOmDHWR9UQPtYtPmhwvmK7P4C_UcWKQ5Qs5Pb5qHqxjDaeO7-hIer7QRiyhFC7bE525sCo3Zq6MdSw8SjKUUsCLoUDW7RpOaX8uQoNWZnh7Gd9-9iNZFfBxWl6c8wFeN_MVIgxODM-AUM6fk4pTz2NPMa1YQjJnlEIfvYpy1WuelRnAZCyI2dzhQWMb8GVpO8KtHtTBxlAExg2EzzpPFiu4zCIrBXucAlkl7XwRKsUvPdM0p_B3tCniKs6DAMH8UIh5gylNvsf9bw3JCvZDDfuh2638gai4F-DGf2gLxFYwhpBzO_aDmCLI4-EWPhdLuCHK_wcOd9pFx3fUJhiHp9F42S232vf5m1H1h4jP4YSKgHPzjkMW9TcYQ4QUUXHWIkJyBocmzIwhA9JIoDRh7QLUJQJk0-Tdd70pRd8Zq4Dkhz2JEj1m4IUgrnksoUNBQwksdIcNY0KbUHHaFJJMe9vCN2zXSVnhOAFekAxRRt-WAB7GPtTuJkQA2jovjW35BXSQKQCfFligSR6-r2cULA7C7uRuH4A0Diz1Uh3Ibea5JA7uzwu7YoD-Wq9ttvXC5B93g6h0QdIze8_G-K8W-ITgzlWWyAeErCrEwot81sStU9E9gLaOSJGwEAwQ2XrkL9Xu_Oelb5py55gaFv_Qg_b1PkL7f8gw5y5rR5hNlmDR6bFIFc3sMi4T1ptTgu_qoMa1xJRKPUZ5vTx0zrA1Ms09PBb_GZHYHkFwolOi68UrzIOqr17WQL_VwSAnaFvxBZZzZE_9PmSG98tDcp4VJSLIogIcIQARZNykpDsBGb0UwGHCHEKxTQszZ7hXw9QXJx8lIpWTbCY14cqCXjbdN6zVlAnJEWjI5QU5qGnnzrW4WaGp_KSRaOVFt5-2V1s0SC2H7s9GgJkn1Y7af7fhWYx7ZXzvYY2hF7Ksu_ljnnp6E1JN23fpqqsdrdfIF77_xYcnh1KCR2EYM2Q2hQnGNBsALdWrtBW91yxiOizdacNn-6Ni9Amq8wyjCuFtjeBdR7jx2Zhhf5Ebg_dafB8gb_KjkuZ_2tDwe7WMX4_pE6aXJPA9HpMa0VWazGGQyzrd58GqaImiD2F9aDPQl7Fv0r4w8Hr7uR3qaThKQIzFt3&im=1&freq=0&nojs=0&abvar=0&febuild=1.0.179&t=0&wcks=1&wgl=0&cnvs=1&os=0&ss=1&ls=1&bb=0&plu=PDF%20Viewer::Chrome%20PDF%20Viewer::Chromium%20PDF%20Viewer::Microsoft%20Edge%20PDF%20Viewer::WebKit%20built-in%20PDF&lang=en-US&pf=Linux%20x86_64&cd=24&ix=0&x=1280&y=1024&md=0&afid=674478725400064&eclog=0&sp=1&im=1
IP
File type GIF image data, version 89a, 1 x 1\012- data
Hash 28e463819a210071de3b45ebe7633613
6dccd571828ec0912629119cf7eabfea9f33ddbc
44251f61629e2bfeead421241a917f43ad047af351659f01cd8fd937f0417f84
GET /chicken.gif?z=1989865&pb=575542c1f120b86d47bd68fde8d460b61701801200&psp=0-n6OUZxf1IODcDbtT_YntL4qFxR7U1poyvHH-vUmlFaUUckZiUYaPOGGWVliSlyW2kMAz1n2nK0UDa2HFXJ7pDwyU2tmFrTCDDuzjECj44QS80UmDC_NZisEty5m3xu6DoejZ57oQVBoHQ1SvP-qdsPC1-rlqVLAojXjjBdQws-fcYBwEGVaCzsNzAZn6MclkAoQ66Mmw8j5muKRoNe6N1zbWID13lfo-Ja4mqR7ToNb1NkICYTmEQMVuMiUq2NyaTHDERF83cf1kjGoDr9hWl5H9oO6lOkm_FAOP2Klw5MBbLAXgFTlUJeOWqdWqeQaRWvLTAQgClkXGVIEF5chLxfZ2Lhw9s8dv3Dg52gVLiglTFgSXwUUiQ2WgNPY46lAmHlTrKuhERmYaf-boMYf-WhbsrvR4BLih0UNHOYcoOgNVgTKyJi9mts537lUYi9m8kMOmDHWR9UQPtYtPmhwvmK7P4C_UcWKQ5Qs5Pb5qHqxjDaeO7-hIer7QRiyhFC7bE525sCo3Zq6MdSw8SjKUUsCLoUDW7RpOaX8uQoNWZnh7Gd9-9iNZFfBxWl6c8wFeN_MVIgxODM-AUM6fk4pTz2NPMa1YQjJnlEIfvYpy1WuelRnAZCyI2dzhQWMb8GVpO8KtHtTBxlAExg2EzzpPFiu4zCIrBXucAlkl7XwRKsUvPdM0p_B3tCniKs6DAMH8UIh5gylNvsf9bw3JCvZDDfuh2638gai4F-DGf2gLxFYwhpBzO_aDmCLI4-EWPhdLuCHK_wcOd9pFx3fUJhiHp9F42S232vf5m1H1h4jP4YSKgHPzjkMW9TcYQ4QUUXHWIkJyBocmzIwhA9JIoDRh7QLUJQJk0-Tdd70pRd8Zq4Dkhz2JEj1m4IUgrnksoUNBQwksdIcNY0KbUHHaFJJMe9vCN2zXSVnhOAFekAxRRt-WAB7GPtTuJkQA2jovjW35BXSQKQCfFligSR6-r2cULA7C7uRuH4A0Diz1Uh3Ibea5JA7uzwu7YoD-Wq9ttvXC5B93g6h0QdIze8_G-K8W-ITgzlWWyAeErCrEwot81sStU9E9gLaOSJGwEAwQ2XrkL9Xu_Oelb5py55gaFv_Qg_b1PkL7f8gw5y5rR5hNlmDR6bFIFc3sMi4T1ptTgu_qoMa1xJRKPUZ5vTx0zrA1Ms09PBb_GZHYHkFwolOi68UrzIOqr17WQL_VwSAnaFvxBZZzZE_9PmSG98tDcp4VJSLIogIcIQARZNykpDsBGb0UwGHCHEKxTQszZ7hXw9QXJx8lIpWTbCY14cqCXjbdN6zVlAnJEWjI5QU5qGnnzrW4WaGp_KSRaOVFt5-2V1s0SC2H7s9GgJkn1Y7af7fhWYx7ZXzvYY2hF7Ksu_ljnnp6E1JN23fpqqsdrdfIF77_xYcnh1KCR2EYM2Q2hQnGNBsALdWrtBW91yxiOizdacNn-6Ni9Amq8wyjCuFtjeBdR7jx2Zhhf5Ebg_dafB8gb_KjkuZ_2tDwe7WMX4_pE6aXJPA9HpMa0VWazGGQyzrd58GqaImiD2F9aDPQl7Fv0r4w8Hr7uR3qaThKQIzFt3&im=1&freq=0&nojs=0&abvar=0&febuild=1.0.179&t=0&wcks=1&wgl=0&cnvs=1&os=0&ss=1&ls=1&bb=0&plu=PDF%20Viewer::Chrome%20PDF%20Viewer::Chromium%20PDF%20Viewer::Microsoft%20Edge%20PDF%20Viewer::WebKit%20built-in%20PDF&lang=en-US&pf=Linux%20x86_64&cd=24&ix=0&x=1280&y=1024&md=0&afid=674478725400064&eclog=0&sp=1&im=1 HTTP/1.1
Host: 12ezo5v60.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: CHCK=1; UID=23120511331970d6c04e1445c9b921ba0ca8
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 05 Dec 2023 16:33:23 GMT
content-type: image/gif
content-length: 43
x-route-id: stats.impression
timing-allow-origin: *
accept-ch: sec-ch-ua-wow64,sec-ch-ua-full-version-list,sec-ch-ua,sec-ch-ua-platform,sec-ch-ua-mobile,sec-ch-ua-full-version,sec-ch-ua-platform-version,sec-ch-ua-arch,sec-ch-ua-bitness,sec-ch-ua-model,sec-ch-width,sec-ch-viewport-width,sec-ch-viewport-height,sec-ch-dpr,sec-ch-device-memory,sec-ch-rtt,sec-ch-prefers-color-scheme,sec-ch-prefers-reduced-motion,sec-ch-prefers-reduced-transparency,sec-ch-prefers-contrast,sec-ch-forced-colors,sec-ch-prefers-reduced-data
X-Firefox-Spdy: h2
us.histi.co/nty/metrics/save.img?event=impressions&bid-id=v2-1701794001960-7-8651-1297977-03c712a2-7578-894f-2473-b976f5ff0968&img=https%3A%2F%2Fcdn.amnew.net%2F8350ae74e66b0dfd639afdc09fcdda1f.jpeg
0 B URL us.histi.co/nty/metrics/save.img?event=impressions&bid-id=v2-1701794001960-7-8651-1297977-03c712a2-7578-894f-2473-b976f5ff0968&img=https%3A%2F%2Fcdn.amnew.net%2F8350ae74e66b0dfd639afdc09fcdda1f.jpeg
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /nty/metrics/save.img?event=impressions&bid-id=v2-1701794001960-7-8651-1297977-03c712a2-7578-894f-2473-b976f5ff0968&img=https%3A%2F%2Fcdn.amnew.net%2F8350ae74e66b0dfd639afdc09fcdda1f.jpeg HTTP/1.1
Host: us.histi.co
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 302 Found
server: openresty/1.21.4.1
date: Tue, 05 Dec 2023 16:33:24 GMT
content-length: 0
location: https://cdn.amnew.net/8350ae74e66b0dfd639afdc09fcdda1f.jpeg
X-Firefox-Spdy: h2
creative.fxmnba.com/widgets/v4/Universal/main.af7ca474e642b518be23.js
80 kB URL creative.fxmnba.com/widgets/v4/Universal/main.af7ca474e642b518be23.js
IP
File type Unicode text, UTF-8 text, with very long lines (32011), with LF, NEL line terminators
Hash c125e5d95f227b20668dcf21f8db60fa
bcdb1f728964d37c007515eba7a549164fd1951e
11d537b5f1c8f66d68b36f57f526f55f1e916d67a35c1944b8d559adc7723f8a
GET /widgets/v4/Universal/main.af7ca474e642b518be23.js HTTP/1.1
Host: creative.fxmnba.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://creative.fxmnba.com/widgets/v4/Universal?action=sbSignupWithModel&buttonColor=%23930606&campaignId=128029786fbed96fe880330bb083ecce41e122ba08e2711908bc9493ef368344&campaignType=smartpop&creativeId=d61a8beea3946d486612a3452b3d53ba84299ee51efd9260534d85230347af08&iterationId=765913&liveBadgeColor=%23ff0707&masterSmartpopId=1914&memberId=KkpdgH06qm87DdDQ4QntZdIFHTIq8ytA-IOuqM5IJwTA1_9yWpwj3y-5oxvWu2dZx3xlyk8arcoD8e-n-m8xYP5FOIkf6J9irQdWwNeoVjDfxEY_gUIDRUi&mlView=1&p1=3803312&quality=240p&ruleId=17&smartpopId=1548&sourceId=271333&usePreroll=0&userId=ed4e3449202a44afa8131507a9d12a1c962321860e4bfcc2aa1b33a18897b60e&variationId=32246&webp=1
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Tue, 05 Dec 2023 16:33:23 GMT
content-type: application/javascript; charset=utf-8
last-modified: Tue, 05 Dec 2023 10:59:44 GMT
etag: W/"656f02a0-44c9f"
expires: Tue, 05 Dec 2023 16:33:23 GMT
cache-control: max-age=10
pragma: public
cf-cache-status: HIT
age: 10
vary: Accept-Encoding
server: cloudflare
cf-ray: 830db0cc2c017127-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
pxl.tsyndicate.com/api/v1/p/p.js?p=APeIQFMmDJkycuaI0DEjBgsRYcbQWehQBJ0zC0XEyFEDhhkZZMa0oGFmTJiROQ62yHFjTI6VY0yKKXMjJRkyYUQ8nCMmDRmFOrZoxGFjBgwZNlrIoAGjJg0cLWbIiAqjRdU7adyQeXNnTgusWrnOWRGjqps3Iro8DFNnTEYyMOLCCFmmBQ6pdWnQhIqD44wWZnKECUPDho0yOMLUwKETIhk7FHHQyIHjIZw6YhbOuFsZIhw4mmVUnANnIkMcMGY0lPFwTBvQOmTciKF6xloyZig-FOPGDcUchQ2zFtHGDUYdtGXIgGG5-PGNqW08rBMjIxo6dODM0fHixZk3LvCwSWNHDhk5Lsa8afNiTpswcrK_gfMihgzUMlgSNTOTTA4bZiCGmmowiCEGDHeVEVMZNMRQhn0yiBEGgmXIFgN0OIjh0mQzlGHGDDbcRQMNP9QxB0JJkNFDGWToNcOIOSwnA2E0hGFGGDjQFkNHN4SRkn1hxOCSDTJIFQNRMDAoRkljzBikGKoFiUNfN4hhQ5Jc1BEXUnO8UYccY5SRYg8W1pbllja0UUYbM8kx5hI2ZOEEEUncgEUNZ2SBBB5FfGFDEkjEEYUMb9zQQg1NTJbHF08gaJQRM9CBR5p55KBEG1Oo4QQeaqyBBg5aEFHDEVQ8wYQNT9yxhgxsoGEHFke4kcSkNzxBRxMyKCGHFnegMUcVRFxBBR5whYFHEz0uEcYROcxwRnZT5NGCEkU08cUZVSRBhBRVpHHmUTbAEUMPm6W22rdIiVEHdm-4McQbbLwhRw8lFNksDFfagK4N49lRhhAGnVHGu_HOW-8MZpjRVFONbdVGRmagR5AbdISRRgtptHFGeus1ZpJpWzSklghLLgSDC3HV8JAcdsCG1HR1pJHRDGGUUcMMOdjcgpCDjdSiGS2IcYMNL01Y0g3-mUHGDWbc0FgasImQQwwu5HAyDTK4sCMNjcnxBdQZTV311Vlv3VgdOekgQhNv6JEGG2yE8UINKIOAwhVZbdUVCE5QAUJZKO8AAt5u2ECD4JMeDgLLyMFANwwpgHCEgmu88cJyZcFQVgwgGJGGHB6-gUd9jqPssVtqO_FEY_J-EVNGqjfGBuoiFOFEw2XY8QXobFBUww033BViXCuf4Vtsi93w0EG6iyHHQlMun_sXbbxBxkL32VDReWgx9NAbQNFgmRyi57GQyiKAnpva12W3XXcRuzBxxRdnvLF67DV2R0b2odYYGvw7Ctd2wrKMkK9idJBXC-rghjTQYSQ3cEFI7MO6ORQQOUW5UgxuMJkcLI92B_nCBGXQGDo8DDk30JxT4lIRE5IQhSoEDguJxhzH7K4MpPlCGEyzwRgyRXMPmV4Y2IAQOgAlZDQYWRjEYBoRHORGdWDDRCwzO5O15jgw6IMCAgI%3D&s=cd8435d7f2de6f0e419d02d70880fe26f84e1b16cdd92f281e52f5ffae124c291701794001&w=t&r=1&d=1755&priv=true
24 B URL pxl.tsyndicate.com/api/v1/p/p.js?p=APeIQFMmDJkycuaI0DEjBgsRYcbQWehQBJ0zC0XEyFEDhhkZZMa0oGFmTJiROQ62yHFjTI6VY0yKKXMjJRkyYUQ8nCMmDRmFOrZoxGFjBgwZNlrIoAGjJg0cLWbIiAqjRdU7adyQeXNnTgusWrnOWRGjqps3Iro8DFNnTEYyMOLCCFmmBQ6pdWnQhIqD44wWZnKECUPDho0yOMLUwKETIhk7FHHQyIHjIZw6YhbOuFsZIhw4mmVUnANnIkMcMGY0lPFwTBvQOmTciKF6xloyZig-FOPGDcUchQ2zFtHGDUYdtGXIgGG5-PGNqW08rBMjIxo6dODM0fHixZk3LvCwSWNHDhk5Lsa8afNiTpswcrK_gfMihgzUMlgSNTOTTA4bZiCGmmowiCEGDHeVEVMZNMRQhn0yiBEGgmXIFgN0OIjh0mQzlGHGDDbcRQMNP9QxB0JJkNFDGWToNcOIOSwnA2E0hGFGGDjQFkNHN4SRkn1hxOCSDTJIFQNRMDAoRkljzBikGKoFiUNfN4hhQ5Jc1BEXUnO8UYccY5SRYg8W1pbllja0UUYbM8kx5hI2ZOEEEUncgEUNZ2SBBB5FfGFDEkjEEYUMb9zQQg1NTJbHF08gaJQRM9CBR5p55KBEG1Oo4QQeaqyBBg5aEFHDEVQ8wYQNT9yxhgxsoGEHFke4kcSkNzxBRxMyKCGHFnegMUcVRFxBBR5whYFHEz0uEcYROcxwRnZT5NGCEkU08cUZVSRBhBRVpHHmUTbAEUMPm6W22rdIiVEHdm-4McQbbLwhRw8lFNksDFfagK4N49lRhhAGnVHGu_HOW-8MZpjRVFONbdVGRmagR5AbdISRRgtptHFGeus1ZpJpWzSklghLLgSDC3HV8JAcdsCG1HR1pJHRDGGUUcMMOdjcgpCDjdSiGS2IcYMNL01Y0g3-mUHGDWbc0FgasImQQwwu5HAyDTK4sCMNjcnxBdQZTV311Vlv3VgdOekgQhNv6JEGG2yE8UINKIOAwhVZbdUVCE5QAUJZKO8AAt5u2ECD4JMeDgLLyMFANwwpgHCEgmu88cJyZcFQVgwgGJGGHB6-gUd9jqPssVtqO_FEY_J-EVNGqjfGBuoiFOFEw2XY8QXobFBUww033BViXCuf4Vtsi93w0EG6iyHHQlMun_sXbbxBxkL32VDReWgx9NAbQNFgmRyi57GQyiKAnpva12W3XXcRuzBxxRdnvLF67DV2R0b2odYYGvw7Ctd2wrKMkK9idJBXC-rghjTQYSQ3cEFI7MO6ORQQOUW5UgxuMJkcLI92B_nCBGXQGDo8DDk30JxT4lIRE5IQhSoEDguJxhzH7K4MpPlCGEyzwRgyRXMPmV4Y2IAQOgAlZDQYWRjEYBoRHORGdWDDRCwzO5O15jgw6IMCAgI%3D&s=cd8435d7f2de6f0e419d02d70880fe26f84e1b16cdd92f281e52f5ffae124c291701794001&w=t&r=1&d=1755&priv=true
IP
ASN #24940 Hetzner Online GmbH
File type ASCII text, with no line terminators
Hash 0959ba36d476b6dc1994ba3c678b07c4
d30b94da72daa02766965206a85b7e0356375f5e
897410b87e27e3dfba3a7d6caab315a5e69cc941bb96d91fc74878a9b051843a
GET /api/v1/p/p.js?p=APeIQFMmDJkycuaI0DEjBgsRYcbQWehQBJ0zC0XEyFEDhhkZZMa0oGFmTJiROQ62yHFjTI6VY0yKKXMjJRkyYUQ8nCMmDRmFOrZoxGFjBgwZNlrIoAGjJg0cLWbIiAqjRdU7adyQeXNnTgusWrnOWRGjqps3Iro8DFNnTEYyMOLCCFmmBQ6pdWnQhIqD44wWZnKECUPDho0yOMLUwKETIhk7FHHQyIHjIZw6YhbOuFsZIhw4mmVUnANnIkMcMGY0lPFwTBvQOmTciKF6xloyZig-FOPGDcUchQ2zFtHGDUYdtGXIgGG5-PGNqW08rBMjIxo6dODM0fHixZk3LvCwSWNHDhk5Lsa8afNiTpswcrK_gfMihgzUMlgSNTOTTA4bZiCGmmowiCEGDHeVEVMZNMRQhn0yiBEGgmXIFgN0OIjh0mQzlGHGDDbcRQMNP9QxB0JJkNFDGWToNcOIOSwnA2E0hGFGGDjQFkNHN4SRkn1hxOCSDTJIFQNRMDAoRkljzBikGKoFiUNfN4hhQ5Jc1BEXUnO8UYccY5SRYg8W1pbllja0UUYbM8kx5hI2ZOEEEUncgEUNZ2SBBB5FfGFDEkjEEYUMb9zQQg1NTJbHF08gaJQRM9CBR5p55KBEG1Oo4QQeaqyBBg5aEFHDEVQ8wYQNT9yxhgxsoGEHFke4kcSkNzxBRxMyKCGHFnegMUcVRFxBBR5whYFHEz0uEcYROcxwRnZT5NGCEkU08cUZVSRBhBRVpHHmUTbAEUMPm6W22rdIiVEHdm-4McQbbLwhRw8lFNksDFfagK4N49lRhhAGnVHGu_HOW-8MZpjRVFONbdVGRmagR5AbdISRRgtptHFGeus1ZpJpWzSklghLLgSDC3HV8JAcdsCG1HR1pJHRDGGUUcMMOdjcgpCDjdSiGS2IcYMNL01Y0g3-mUHGDWbc0FgasImQQwwu5HAyDTK4sCMNjcnxBdQZTV311Vlv3VgdOekgQhNv6JEGG2yE8UINKIOAwhVZbdUVCE5QAUJZKO8AAt5u2ECD4JMeDgLLyMFANwwpgHCEgmu88cJyZcFQVgwgGJGGHB6-gUd9jqPssVtqO_FEY_J-EVNGqjfGBuoiFOFEw2XY8QXobFBUww033BViXCuf4Vtsi93w0EG6iyHHQlMun_sXbbxBxkL32VDReWgx9NAbQNFgmRyi57GQyiKAnpva12W3XXcRuzBxxRdnvLF67DV2R0b2odYYGvw7Ctd2wrKMkK9idJBXC-rghjTQYSQ3cEFI7MO6ORQQOUW5UgxuMJkcLI92B_nCBGXQGDo8DDk30JxT4lIRE5IQhSoEDguJxhzH7K4MpPlCGEyzwRgyRXMPmV4Y2IAQOgAlZDQYWRjEYBoRHORGdWDDRCwzO5O15jgw6IMCAgI%3D&s=cd8435d7f2de6f0e419d02d70880fe26f84e1b16cdd92f281e52f5ffae124c291701794001&w=t&r=1&d=1755&priv=true HTTP/1.1
Host: pxl.tsyndicate.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://tsyndicate.com/
Cookie: ts_uid=3ae539e5-1caa-4d4f-b769-a0fc7d9fd7f7
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Tue, 05 Dec 2023 16:33:24 GMT
content-type: text/plain; charset=utf-8
content-length: 24
x-robots-tag: noindex, nofollow
X-Firefox-Spdy: h2
video.ktkjmp.com/adsbygoogle.js
16 B URL video.ktkjmp.com/adsbygoogle.js
IP
Hash 3d7f7a60216d40dea48e495fef6903c9
fecdb5184f55cf012563d78940eb97b10b9cc99b
96d83ac9f20fc0b88404f307f135e212642e02d6ea295c96b28aed0d771a224f
GET /adsbygoogle.js HTTP/1.1
Host: video.ktkjmp.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://creative.fxmnba.com/
Origin: https://creative.fxmnba.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Tue, 05 Dec 2023 16:33:24 GMT
content-type: application/javascript
content-length: 16
x-amz-id-2: dEdxUPNeQd2x7nXk7wQjTm049kiBblue+idUQQ4zUyE0gMefrCpEYWmiGH2nvC08TFO/yDXCoHe2ueOkGHSa9w==
x-amz-request-id: BQ8FC22TSNZKMNPP
last-modified: Thu, 10 Mar 2022 13:52:07 GMT
etag: "3d7f7a60216d40dea48e495fef6903c9"
x-amz-meta-s3cmd-attrs: atime:1646920284/ctime:1646920283/gid:20/gname:staff/md5:3d7f7a60216d40dea48e495fef6903c9/mode:33188/mtime:1646920283/uid:501/uname:mikhailchubar
x-amz-version-id: eIgLIBoMMcsEXtxOH6UDjWyfAquRpkIG
access-control-allow-origin: https://creative.fxmnba.com
access-control-allow-credentials: true
access-control-allow-headers: Content-Type, Content-Length, Accept-Encoding, x-requested-with
cf-cache-status: HIT
age: 1414
expires: Tue, 05 Dec 2023 20:33:24 GMT
cache-control: public, max-age=14400
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 830db0cf3b5db4f7-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
video.ktkjmp.com/adsbygoogle.js
16 B URL video.ktkjmp.com/adsbygoogle.js
IP
Hash 3d7f7a60216d40dea48e495fef6903c9
fecdb5184f55cf012563d78940eb97b10b9cc99b
96d83ac9f20fc0b88404f307f135e212642e02d6ea295c96b28aed0d771a224f
GET /adsbygoogle.js HTTP/1.1
Host: video.ktkjmp.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://creative.fxmnba.com/
Origin: https://creative.fxmnba.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Tue, 05 Dec 2023 16:33:24 GMT
content-type: application/javascript
content-length: 16
x-amz-id-2: dEdxUPNeQd2x7nXk7wQjTm049kiBblue+idUQQ4zUyE0gMefrCpEYWmiGH2nvC08TFO/yDXCoHe2ueOkGHSa9w==
x-amz-request-id: BQ8FC22TSNZKMNPP
last-modified: Thu, 10 Mar 2022 13:52:07 GMT
etag: "3d7f7a60216d40dea48e495fef6903c9"
x-amz-meta-s3cmd-attrs: atime:1646920284/ctime:1646920283/gid:20/gname:staff/md5:3d7f7a60216d40dea48e495fef6903c9/mode:33188/mtime:1646920283/uid:501/uname:mikhailchubar
x-amz-version-id: eIgLIBoMMcsEXtxOH6UDjWyfAquRpkIG
access-control-allow-origin: https://creative.fxmnba.com
access-control-allow-credentials: true
access-control-allow-headers: Content-Type, Content-Length, Accept-Encoding, x-requested-with
cf-cache-status: HIT
age: 1414
expires: Tue, 05 Dec 2023 20:33:24 GMT
cache-control: public, max-age=14400
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 830db0cf3b59b4f7-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
pxl.tsyndicate.com/api/v1/p/p.js?p=APeIQFMmDJkycuaI0BGjBgsRYcbQWRjjIZ0zC0XUgCEDh40cYWS0kGFDxpgWNMyIodEih5kbZVrUMBMmDA0YYTjaIJNDxMM5YtKQUahji4gYHmfoHHnzRg4aOFrMEKm0BYwWd9K4IfPmzhysWrl6XRHjqps3Iro8DFNnTMYbMGbUICNGzFUaNMqwzEsmTAsccmO0KBmmzJgaYmbEkHEjjE-IZOxQxEEjB46HcOqIWTgD8GWIcOBwllFRxBw4E3V0jqtYxsMxbUTrYBxjhu21ZMxQfCjGjRuKT20Idy2ijRuMDKfKgIHZOPIYOeLaeFgnRkY0dOjAmaPjxYszb1zgYZPGjhwyclyMedPmxZw2YeRofwPnxWIcHHPc8KiyDE8bZpSBA362wVAXDIAZNoZeMZSxmAxi5IRDGbRBh6AYYzyVwwxlmDGDDYDh9UMdcyCUBBk9-JfXDHjlsJwMNtEQBk041NYQDI3lQMZiYcSQYUlTIWUDDHqJYcYYY8DYY2Iz9DigfmIMWQYXdcCg0xxv1CHHgif2QJttM1BpJUltlNGGGCaiqMcVM7TRhAxqZIEGG1kQ0eYXcqJRQxph3GAFFWhUoQUdT6xxhRhxZKEFHFnoYYMbfNpBxB1PKMFEkmosYUYQYeQRxhF4yBCFGC2wgUUOaOghgxlMtECFFkJkEcccQlRBhRBGZNGCHE84IYMSWNhgRR16JBEFFHfQcUUTdVQxBRZBQJFDGnN8cUYVSRAhRRVpiKkTHDH0sJpti3lLkhh1ZPeGG0O8wcYbcvRQggwzbAjDkDaYawN5dpQhhEFnlNHuu_HOO4MZZuCI42NctZGRGekR5AYdYaTRQhptnKEee4-NEUZqWyimlghGLgSDC1Y6JIIcdshGEnV1pJFRk2XUUG_NLfhYE0pkpNSCGDd81EJOR97Akxlk3PDSY2nIJkIOMbgQnQs0yOBCQzQ8JscXTWcEtdQnV311DVlT55gOIjTxhh5psMFGGC_UgDIIKFwRVldzgOAEFSCUhfIOINjthg00AI4H4YCzzBAMcsOQAghHGLbGGy8sVxYMZcUAghFpyNHhG3jYxzjKHbuFthNPPAbvF0hmhPpjbJguQhFOMFyGHV94zgZFNdyw34f4MbfyGb_NVgMONzx0EO5iyLHQgMrf_kUbb5CxUEc2lIYeWqo99AZRNGAmB-h5LKSy57qhjZ123HkHsQsSU2wxxhqv195jd2R0HwyPoaE_R2UzDcsyMj6K0QFeLagDpOiQsxu4gAxjWIzq5jBAHXjEKR3BQUeUJ7uDfAGCErSIwxgClxg45SZWEqEMKFLCE1oJc4DBTe7KcJovfIyFmHNhCkUgvTCwASF0IErIaDCyMIghNSI4CE3qwIaJYCZ2JnsNcmDQBwUEBA%3D%3D&s=a34b72100fd8380ae28df6f7d1ca84b37bc3f3f2d01fea59d6cbfae13e3048e51701794000&w=t&r=1&d=1884&priv=true
24 B URL pxl.tsyndicate.com/api/v1/p/p.js?p=APeIQFMmDJkycuaI0BGjBgsRYcbQWRjjIZ0zC0XUgCEDh40cYWS0kGFDxpgWNMyIodEih5kbZVrUMBMmDA0YYTjaIJNDxMM5YtKQUahji4gYHmfoHHnzRg4aOFrMEKm0BYwWd9K4IfPmzhysWrl6XRHjqps3Iro8DFNnTMYbMGbUICNGzFUaNMqwzEsmTAsccmO0KBmmzJgaYmbEkHEjjE-IZOxQxEEjB46HcOqIWTgD8GWIcOBwllFRxBw4E3V0jqtYxsMxbUTrYBxjhu21ZMxQfCjGjRuKT20Idy2ijRuMDKfKgIHZOPIYOeLaeFgnRkY0dOjAmaPjxYszb1zgYZPGjhwyclyMedPmxZw2YeRofwPnxWIcHHPc8KiyDE8bZpSBA362wVAXDIAZNoZeMZSxmAxi5IRDGbRBh6AYYzyVwwxlmDGDDYDh9UMdcyCUBBk9-JfXDHjlsJwMNtEQBk041NYQDI3lQMZiYcSQYUlTIWUDDHqJYcYYY8DYY2Iz9DigfmIMWQYXdcCg0xxv1CHHgif2QJttM1BpJUltlNGGGCaiqMcVM7TRhAxqZIEGG1kQ0eYXcqJRQxph3GAFFWhUoQUdT6xxhRhxZKEFHFnoYYMbfNpBxB1PKMFEkmosYUYQYeQRxhF4yBCFGC2wgUUOaOghgxlMtECFFkJkEcccQlRBhRBGZNGCHE84IYMSWNhgRR16JBEFFHfQcUUTdVQxBRZBQJFDGnN8cUYVSRAhRRVpiKkTHDH0sJpti3lLkhh1ZPeGG0O8wcYbcvRQggwzbAjDkDaYawN5dpQhhEFnlNHuu_HOO4MZZuCI42NctZGRGekR5AYdYaTRQhptnKEee4-NEUZqWyimlghGLgSDC1Y6JIIcdshGEnV1pJFRk2XUUG_NLfhYE0pkpNSCGDd81EJOR97Akxlk3PDSY2nIJkIOMbgQnQs0yOBCQzQ8JscXTWcEtdQnV311DVlT55gOIjTxhh5psMFGGC_UgDIIKFwRVldzgOAEFSCUhfIOINjthg00AI4H4YCzzBAMcsOQAghHGLbGGy8sVxYMZcUAghFpyNHhG3jYxzjKHbuFthNPPAbvF0hmhPpjbJguQhFOMFyGHV94zgZFNdyw34f4MbfyGb_NVgMONzx0EO5iyLHQgMrf_kUbb5CxUEc2lIYeWqo99AZRNGAmB-h5LKSy57qhjZ123HkHsQsSU2wxxhqv195jd2R0HwyPoaE_R2UzDcsyMj6K0QFeLagDpOiQsxu4gAxjWIzq5jBAHXjEKR3BQUeUJ7uDfAGCErSIwxgClxg45SZWEqEMKFLCE1oJc4DBTe7KcJovfIyFmHNhCkUgvTCwASF0IErIaDCyMIghNSI4CE3qwIaJYCZ2JnsNcmDQBwUEBA%3D%3D&s=a34b72100fd8380ae28df6f7d1ca84b37bc3f3f2d01fea59d6cbfae13e3048e51701794000&w=t&r=1&d=1884&priv=true
IP
ASN #24940 Hetzner Online GmbH
File type ASCII text, with no line terminators
Hash 0959ba36d476b6dc1994ba3c678b07c4
d30b94da72daa02766965206a85b7e0356375f5e
897410b87e27e3dfba3a7d6caab315a5e69cc941bb96d91fc74878a9b051843a
GET /api/v1/p/p.js?p=APeIQFMmDJkycuaI0BGjBgsRYcbQWRjjIZ0zC0XUgCEDh40cYWS0kGFDxpgWNMyIodEih5kbZVrUMBMmDA0YYTjaIJNDxMM5YtKQUahji4gYHmfoHHnzRg4aOFrMEKm0BYwWd9K4IfPmzhysWrl6XRHjqps3Iro8DFNnTMYbMGbUICNGzFUaNMqwzEsmTAsccmO0KBmmzJgaYmbEkHEjjE-IZOxQxEEjB46HcOqIWTgD8GWIcOBwllFRxBw4E3V0jqtYxsMxbUTrYBxjhu21ZMxQfCjGjRuKT20Idy2ijRuMDKfKgIHZOPIYOeLaeFgnRkY0dOjAmaPjxYszb1zgYZPGjhwyclyMedPmxZw2YeRofwPnxWIcHHPc8KiyDE8bZpSBA362wVAXDIAZNoZeMZSxmAxi5IRDGbRBh6AYYzyVwwxlmDGDDYDh9UMdcyCUBBk9-JfXDHjlsJwMNtEQBk041NYQDI3lQMZiYcSQYUlTIWUDDHqJYcYYY8DYY2Iz9DigfmIMWQYXdcCg0xxv1CHHgif2QJttM1BpJUltlNGGGCaiqMcVM7TRhAxqZIEGG1kQ0eYXcqJRQxph3GAFFWhUoQUdT6xxhRhxZKEFHFnoYYMbfNpBxB1PKMFEkmosYUYQYeQRxhF4yBCFGC2wgUUOaOghgxlMtECFFkJkEcccQlRBhRBGZNGCHE84IYMSWNhgRR16JBEFFHfQcUUTdVQxBRZBQJFDGnN8cUYVSRAhRRVpiKkTHDH0sJpti3lLkhh1ZPeGG0O8wcYbcvRQggwzbAjDkDaYawN5dpQhhEFnlNHuu_HOO4MZZuCI42NctZGRGekR5AYdYaTRQhptnKEee4-NEUZqWyimlghGLgSDC1Y6JIIcdshGEnV1pJFRk2XUUG_NLfhYE0pkpNSCGDd81EJOR97Akxlk3PDSY2nIJkIOMbgQnQs0yOBCQzQ8JscXTWcEtdQnV311DVlT55gOIjTxhh5psMFGGC_UgDIIKFwRVldzgOAEFSCUhfIOINjthg00AI4H4YCzzBAMcsOQAghHGLbGGy8sVxYMZcUAghFpyNHhG3jYxzjKHbuFthNPPAbvF0hmhPpjbJguQhFOMFyGHV94zgZFNdyw34f4MbfyGb_NVgMONzx0EO5iyLHQgMrf_kUbb5CxUEc2lIYeWqo99AZRNGAmB-h5LKSy57qhjZ123HkHsQsSU2wxxhqv195jd2R0HwyPoaE_R2UzDcsyMj6K0QFeLagDpOiQsxu4gAxjWIzq5jBAHXjEKR3BQUeUJ7uDfAGCErSIwxgClxg45SZWEqEMKFLCE1oJc4DBTe7KcJovfIyFmHNhCkUgvTCwASF0IErIaDCyMIghNSI4CE3qwIaJYCZ2JnsNcmDQBwUEBA%3D%3D&s=a34b72100fd8380ae28df6f7d1ca84b37bc3f3f2d01fea59d6cbfae13e3048e51701794000&w=t&r=1&d=1884&priv=true HTTP/1.1
Host: pxl.tsyndicate.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://tsyndicate.com/
Cookie: ts_uid=3ae539e5-1caa-4d4f-b769-a0fc7d9fd7f7
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 05 Dec 2023 16:33:24 GMT
content-type: text/plain; charset=utf-8
content-length: 24
x-robots-tag: noindex, nofollow
X-Firefox-Spdy: h2
pxl.tsyndicate.com/api/v1/p/p.js?p=APeIQFMmDJkycuaI0DEjBgsRYcbQWehQBJ0zC0XAOCgjB5kZZVrEwFFjRgsaMcTkaIGjTBkyLWCUiZGjTI4YH23iEPFwjpg0ZBTq2CJipI0ZMGTYaCGDBowbOWjgaDFDBlUYMVvcSeOGzJs7c7Ry9Qp2RQysbt6I6PIwTJ0xGWXcIGNj5AwzLcbQuCHmpAwxMVqIqbo0R80wEQ3OIINDDE-IZOxQxEEjB46HcOo4ZohjxmWIcOAsrFpxDpyJnGHMaCjj4Zg2onXIjbF6RlsyZig-FOPGDcWoNoK3FtHGDUYdtGXIgIG5-HGaqm08rBMjIxo6dODM0fHixZk3LvCwSWNHDhk5Lsa8afNiTpswcrK_gfMihgwcSXPcwGHDjJiXOfRXBg74rQaDGGLA0FkZY4xRBkozKSdGGAqWMRt0jY0RVQ4gmTGDDZ3RQMMPdcyBUBJk9PASDWXMIGIOy8kQhohhmBEGDrTFUMNTYXhkXxgxaGiDDKTxJxMNYpjRoIxADjYDkATqJ4YNMnFRBwxJ2TDHG3XI4SCKPcxWm5VYKtVGGW38JweYS6wBBxlnIAGDDXG0gcMNRJBBRBQ0ROEGHVqQkYQRSFCRRBw45EFHEC0k8UQdcTRRQxJK3EFFEDF8kUMeV8Bxhxoz5NFCDW_gYccVdchAhhZ4zCBeHmvgAJ96RLTUghst2IlHFlDUYMQTSaxhhg1K5JCGHFGQccUdTpTxhhVqEGEGHkVk8cUZVSRBhBRVpEFmlnDE0INnqrH2rVJi1IHdG24M8QYbb8jRQwlEcjjnnOfaMJ4dZQhh0BlluAuvvPTeZcZTTz3mVRsZmYEeQX-GkUYLabRxRnrrPTZGGKht0RBbIiS5EAwuYFnDQ3LYEZtS09WRRkZPllFSTTWItHEYJ5FBA15i3GDDShQqOVcOZpBxgxk3PJZGbCLc5EIOJNMggws60vCYHF8snZHTULsgNdU1WD1dGBk18YYeabDBRhgv1FAyCChcMdZXc4DgBBUgnFXyDiDI7YYNNPCNB-B8p4wcDG7DkAIIRzC4xhsvLHcWDGfFAIIRx5ZhRqn1IV6yxnDpIIITTzwW7xcNZkT6Y2yELkIRTihchh1fyFEGGxTVcMN-H-LHnAhynOGbbDXc-dBBtIshx0IEHj_7F228QcZC99V1vBxqMfTQG0LRgBn2eOSx0MnAa24ddtpx94LDLkBMh8QUW4wxe4_dkZF9-D2Gxv1JiS3CHCnLCPbeR4d4taAObkgDHagSAxeQYQz2MR0AJYMcGClIBjUIm_dE8MCMHOQLD4zgQ-jAMOTcgHJQcQrlRtgGGVDkhDFIIZbsA4Mc3KZ2ZTDNFzj2QhRGZYYPeV4Y2IAQOgjFYzQAWRjEgBoOas4tbJgIZlo3MtccBwZ9UEBAAA%3D%3D&s=890ed7e398bdaf4244d1de8e96313421d283d66a96e683e6df3f27d61ccf5f6f1701794001&w=t&r=1&d=2014&priv=true
24 B URL pxl.tsyndicate.com/api/v1/p/p.js?p=APeIQFMmDJkycuaI0DEjBgsRYcbQWehQBJ0zC0XAOCgjB5kZZVrEwFFjRgsaMcTkaIGjTBkyLWCUiZGjTI4YH23iEPFwjpg0ZBTq2CJipI0ZMGTYaCGDBowbOWjgaDFDBlUYMVvcSeOGzJs7c7Ry9Qp2RQysbt6I6PIwTJ0xGWXcIGNj5AwzLcbQuCHmpAwxMVqIqbo0R80wEQ3OIINDDE-IZOxQxEEjB46HcOo4ZohjxmWIcOAsrFpxDpyJnGHMaCjj4Zg2onXIjbF6RlsyZig-FOPGDcWoNoK3FtHGDUYdtGXIgIG5-HGaqm08rBMjIxo6dODM0fHixZk3LvCwSWNHDhk5Lsa8afNiTpswcrK_gfMihgwcSXPcwGHDjJiXOfRXBg74rQaDGGLA0FkZY4xRBkozKSdGGAqWMRt0jY0RVQ4gmTGDDZ3RQMMPdcyBUBJk9PASDWXMIGIOy8kQhohhmBEGDrTFUMNTYXhkXxgxaGiDDKTxJxMNYpjRoIxADjYDkATqJ4YNMnFRBwxJ2TDHG3XI4SCKPcxWm5VYKtVGGW38JweYS6wBBxlnIAGDDXG0gcMNRJBBRBQ0ROEGHVqQkYQRSFCRRBw45EFHEC0k8UQdcTRRQxJK3EFFEDF8kUMeV8Bxhxoz5NFCDW_gYccVdchAhhZ4zCBeHmvgAJ96RLTUghst2IlHFlDUYMQTSaxhhg1K5JCGHFGQccUdTpTxhhVqEGEGHkVk8cUZVSRBhBRVpEFmlnDE0INnqrH2rVJi1IHdG24M8QYbb8jRQwlEcjjnnOfaMJ4dZQhh0BlluAuvvPTeZcZTTz3mVRsZmYEeQX-GkUYLabRxRnrrPTZGGKht0RBbIiS5EAwuYFnDQ3LYEZtS09WRRkZPllFSTTWItHEYJ5FBA15i3GDDShQqOVcOZpBxgxk3PJZGbCLc5EIOJNMggws60vCYHF8snZHTULsgNdU1WD1dGBk18YYeabDBRhgv1FAyCChcMdZXc4DgBBUgnFXyDiDI7YYNNPCNB-B8p4wcDG7DkAIIRzC4xhsvLHcWDGfFAIIRx5ZhRqn1IV6yxnDpIIITTzwW7xcNZkT6Y2yELkIRTihchh1fyFEGGxTVcMN-H-LHnAhynOGbbDXc-dBBtIshx0IEHj_7F228QcZC99V1vBxqMfTQG0LRgBn2eOSx0MnAa24ddtpx94LDLkBMh8QUW4wxe4_dkZF9-D2Gxv1JiS3CHCnLCPbeR4d4taAObkgDHagSAxeQYQz2MR0AJYMcGClIBjUIm_dE8MCMHOQLD4zgQ-jAMOTcgHJQcQrlRtgGGVDkhDFIIZbsA4Mc3KZ2ZTDNFzj2QhRGZYYPeV4Y2IAQOgjFYzQAWRjEgBoOas4tbJgIZlo3MtccBwZ9UEBAAA%3D%3D&s=890ed7e398bdaf4244d1de8e96313421d283d66a96e683e6df3f27d61ccf5f6f1701794001&w=t&r=1&d=2014&priv=true
IP
ASN #24940 Hetzner Online GmbH
File type ASCII text, with no line terminators
Hash 0959ba36d476b6dc1994ba3c678b07c4
d30b94da72daa02766965206a85b7e0356375f5e
897410b87e27e3dfba3a7d6caab315a5e69cc941bb96d91fc74878a9b051843a
GET /api/v1/p/p.js?p=APeIQFMmDJkycuaI0DEjBgsRYcbQWehQBJ0zC0XAOCgjB5kZZVrEwFFjRgsaMcTkaIGjTBkyLWCUiZGjTI4YH23iEPFwjpg0ZBTq2CJipI0ZMGTYaCGDBowbOWjgaDFDBlUYMVvcSeOGzJs7c7Ry9Qp2RQysbt6I6PIwTJ0xGWXcIGNj5AwzLcbQuCHmpAwxMVqIqbo0R80wEQ3OIINDDE-IZOxQxEEjB46HcOo4ZohjxmWIcOAsrFpxDpyJnGHMaCjj4Zg2onXIjbF6RlsyZig-FOPGDcWoNoK3FtHGDUYdtGXIgIG5-HGaqm08rBMjIxo6dODM0fHixZk3LvCwSWNHDhk5Lsa8afNiTpswcrK_gfMihgwcSXPcwGHDjJiXOfRXBg74rQaDGGLA0FkZY4xRBkozKSdGGAqWMRt0jY0RVQ4gmTGDDZ3RQMMPdcyBUBJk9PASDWXMIGIOy8kQhohhmBEGDrTFUMNTYXhkXxgxaGiDDKTxJxMNYpjRoIxADjYDkATqJ4YNMnFRBwxJ2TDHG3XI4SCKPcxWm5VYKtVGGW38JweYS6wBBxlnIAGDDXG0gcMNRJBBRBQ0ROEGHVqQkYQRSFCRRBw45EFHEC0k8UQdcTRRQxJK3EFFEDF8kUMeV8Bxhxoz5NFCDW_gYccVdchAhhZ4zCBeHmvgAJ96RLTUghst2IlHFlDUYMQTSaxhhg1K5JCGHFGQccUdTpTxhhVqEGEGHkVk8cUZVSRBhBRVpEFmlnDE0INnqrH2rVJi1IHdG24M8QYbb8jRQwlEcjjnnOfaMJ4dZQhh0BlluAuvvPTeZcZTTz3mVRsZmYEeQX-GkUYLabRxRnrrPTZGGKht0RBbIiS5EAwuYFnDQ3LYEZtS09WRRkZPllFSTTWItHEYJ5FBA15i3GDDShQqOVcOZpBxgxk3PJZGbCLc5EIOJNMggws60vCYHF8snZHTULsgNdU1WD1dGBk18YYeabDBRhgv1FAyCChcMdZXc4DgBBUgnFXyDiDI7YYNNPCNB-B8p4wcDG7DkAIIRzC4xhsvLHcWDGfFAIIRx5ZhRqn1IV6yxnDpIIITTzwW7xcNZkT6Y2yELkIRTihchh1fyFEGGxTVcMN-H-LHnAhynOGbbDXc-dBBtIshx0IEHj_7F228QcZC99V1vBxqMfTQG0LRgBn2eOSx0MnAa24ddtpx94LDLkBMh8QUW4wxe4_dkZF9-D2Gxv1JiS3CHCnLCPbeR4d4taAObkgDHagSAxeQYQz2MR0AJYMcGClIBjUIm_dE8MCMHOQLD4zgQ-jAMOTcgHJQcQrlRtgGGVDkhDFIIZbsA4Mc3KZ2ZTDNFzj2QhRGZYYPeV4Y2IAQOgjFYzQAWRjEgBoOas4tbJgIZlo3MtccBwZ9UEBAAA%3D%3D&s=890ed7e398bdaf4244d1de8e96313421d283d66a96e683e6df3f27d61ccf5f6f1701794001&w=t&r=1&d=2014&priv=true HTTP/1.1
Host: pxl.tsyndicate.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://tsyndicate.com/
Cookie: ts_uid=3ae539e5-1caa-4d4f-b769-a0fc7d9fd7f7
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 05 Dec 2023 16:33:24 GMT
content-type: text/plain; charset=utf-8
content-length: 24
x-robots-tag: noindex, nofollow
X-Firefox-Spdy: h2
cdn.creative-bars1.com/sb/notifications/rtb/os-box/1-2/js/script.js
309 B URL cdn.creative-bars1.com/sb/notifications/rtb/os-box/1-2/js/script.js
IP
Hash bece5027730ac0fe0a0baa902fe7a119
412cf6dc58ad4fd81b08022a10837782d521fe91
b426eb82519f012d0271702d5f422b9b6b98a144fb01f28c5158e4b478492b03
GET /sb/notifications/rtb/os-box/1-2/js/script.js HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://fr.hentai-img.com
DNT: 1
Connection: keep-alive
Referer: https://fr.hentai-img.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Tue, 05 Dec 2023 16:33:24 GMT
content-type: application/javascript
last-modified: Wed, 30 Mar 2022 13:44:03 GMT
etag: W/"62445ea3-307"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=8cFQVzyh%2BB31QcK7ku%2ByA9YrKiDW98xIGQ82y050VKWYgU6%2FidBkgwJSMCPHGLTGUdGKYhnph7NFpWmPhO2Eg1DUwB53diVOPyN%2FZBC4dSVjr2xO9Z6tKQW2Kpg8nQ77j%2B9h3dSXFde1"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 830db0cd1f80650f-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
creative.fxmnba.com/widgets/v4/Universal/lang/en.json
94 B URL creative.fxmnba.com/widgets/v4/Universal/lang/en.json
IP
File type JSON data\012- , ASCII text
Hash 69a54638b649d7ce4748bd42c4b6dade
a2dfe9f8791952fbc5cc44d4757b031a6cee1731
0c25fbbff92c994866041b57d519aa22aa84d55b6b31bcf681dd5b74668cb750
GET /widgets/v4/Universal/lang/en.json HTTP/1.1
Host: creative.fxmnba.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://creative.fxmnba.com/widgets/v4/Universal?action=sbSignupWithModel&buttonColor=%23930606&campaignId=128029786fbed96fe880330bb083ecce41e122ba08e2711908bc9493ef368344&campaignType=smartpop&creativeId=d61a8beea3946d486612a3452b3d53ba84299ee51efd9260534d85230347af08&iterationId=765913&liveBadgeColor=%23ff0707&masterSmartpopId=1914&memberId=zW3mM2jYhlYD3m_Yhh5ia7VThUZtOkWbqYZpYz6niavDwOJLc2jKfAayaGx2Qb-lX9hz2fL-TZBYqsBUTBFY-rON2JX6VuzIQPwtWMuUSXAP9is_gUIDRUi&mlView=1&p1=3803312&quality=240p&ruleId=17&smartpopId=1548&sourceId=271333&usePreroll=0&userId=ed4e3449202a44afa8131507a9d12a1c962321860e4bfcc2aa1b33a18897b60e&variationId=32246&webp=1
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Tue, 05 Dec 2023 16:33:24 GMT
content-type: application/json
last-modified: Tue, 05 Dec 2023 10:58:14 GMT
etag: W/"656f0246-ac"
expires: Tue, 05 Dec 2023 16:33:25 GMT
cache-control: max-age=10
pragma: public
cf-cache-status: HIT
age: 5
vary: Accept-Encoding
server: cloudflare
cf-ray: 830db0cf1fae7127-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
go.fxmnba.com/config?url=https%3A%2F%2Fcreative.fxmnba.com%2Fwidgets%2Fv4%2FUniversal%3Faction%3DsbSignupWithModel%26buttonColor%3D%2523930606%26campaignId%3D128029786fbed96fe880330bb083ecce41e122ba08e2711908bc9493ef368344%26campaignType%3Dsmartpop%26creativeId%3Dd61a8beea3946d486612a3452b3d53ba84299ee51efd9260534d85230347af08%26iterationId%3D765913%26liveBadgeColor%3D%2523ff0707%26masterSmartpopId%3D1914%26memberId%3DKkpdgH06qm87DdDQ4QntZdIFHTIq8ytA-IOuqM5IJwTA1_9yWpwj3y-5oxvWu2dZx3xlyk8arcoD8e-n-m8xYP5FOIkf6J9irQdWwNeoVjDfxEY_gUIDRUi%26mlView%3D1%26p1%3D3803312%26quality%3D240p%26ruleId%3D17%26smartpopId%3D1548%26sourceId%3D271333%26usePreroll%3D0%26userId%3Ded4e3449202a44afa8131507a9d12a1c962321860e4bfcc2aa1b33a18897b60e%26variationId%3D32246%26webp%3D1
1.7 kB URL go.fxmnba.com/config?url=https%3A%2F%2Fcreative.fxmnba.com%2Fwidgets%2Fv4%2FUniversal%3Faction%3DsbSignupWithModel%26buttonColor%3D%2523930606%26campaignId%3D128029786fbed96fe880330bb083ecce41e122ba08e2711908bc9493ef368344%26campaignType%3Dsmartpop%26creativeId%3Dd61a8beea3946d486612a3452b3d53ba84299ee51efd9260534d85230347af08%26iterationId%3D765913%26liveBadgeColor%3D%2523ff0707%26masterSmartpopId%3D1914%26memberId%3DKkpdgH06qm87DdDQ4QntZdIFHTIq8ytA-IOuqM5IJwTA1_9yWpwj3y-5oxvWu2dZx3xlyk8arcoD8e-n-m8xYP5FOIkf6J9irQdWwNeoVjDfxEY_gUIDRUi%26mlView%3D1%26p1%3D3803312%26quality%3D240p%26ruleId%3D17%26smartpopId%3D1548%26sourceId%3D271333%26usePreroll%3D0%26userId%3Ded4e3449202a44afa8131507a9d12a1c962321860e4bfcc2aa1b33a18897b60e%26variationId%3D32246%26webp%3D1
IP
File type JSON data\012- , ASCII text
Hash d30d135855124ad1f1891f6ff7ec8297
dad2a372d502a64a0dff72b635c1a76ad064be2f
49f0742a432bae11559cb880a4408070c02910baa07e8c62c40333413aff9632
GET /config?url=https%3A%2F%2Fcreative.fxmnba.com%2Fwidgets%2Fv4%2FUniversal%3Faction%3DsbSignupWithModel%26buttonColor%3D%2523930606%26campaignId%3D128029786fbed96fe880330bb083ecce41e122ba08e2711908bc9493ef368344%26campaignType%3Dsmartpop%26creativeId%3Dd61a8beea3946d486612a3452b3d53ba84299ee51efd9260534d85230347af08%26iterationId%3D765913%26liveBadgeColor%3D%2523ff0707%26masterSmartpopId%3D1914%26memberId%3DKkpdgH06qm87DdDQ4QntZdIFHTIq8ytA-IOuqM5IJwTA1_9yWpwj3y-5oxvWu2dZx3xlyk8arcoD8e-n-m8xYP5FOIkf6J9irQdWwNeoVjDfxEY_gUIDRUi%26mlView%3D1%26p1%3D3803312%26quality%3D240p%26ruleId%3D17%26smartpopId%3D1548%26sourceId%3D271333%26usePreroll%3D0%26userId%3Ded4e3449202a44afa8131507a9d12a1c962321860e4bfcc2aa1b33a18897b60e%26variationId%3D32246%26webp%3D1 HTTP/1.1
Host: go.fxmnba.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://creative.fxmnba.com/
Origin: https://creative.fxmnba.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Tue, 05 Dec 2023 16:33:24 GMT
content-type: application/json
access-control-allow-origin: https://creative.fxmnba.com
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Bitness, Sec-CH-UA-Wow64
last-modified: Tue, 05 Dec 2023 16:33:24 GMT
cf-cache-status: MISS
set-cookie: __cflb=02DiuDFRFiBZBvMSLtrt9a1bWqoF8S1xaNic2LhHRSQXN; SameSite=None; Secure; path=/; expires=Wed, 06-Dec-23 16:33:24 GMT; HttpOnly
vary: Accept-Encoding
server: cloudflare
cf-ray: 830db0cf3fd07127-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
creative.bbrdbr.com/widgets/v4/Universal?tag=girls/asian&thumbsMargin=0&gridRows=1&gridColumns=1&sourceId=300cps2asgirl&creativeId=300cps2asgirl&responsive=0&hideButton=1&hideTitle=1&userId=ebe1e2aa04642c4dc9f7e9a5dfdb455c9ef1b6825ab8b9414a96e56e40140e75&autoplay=all&autoplayForce=1&showModal=signup&memberId={clickid}
350 B URL creative.bbrdbr.com/widgets/v4/Universal?tag=girls/asian&thumbsMargin=0&gridRows=1&gridColumns=1&sourceId=300cps2asgirl&creativeId=300cps2asgirl&responsive=0&hideButton=1&hideTitle=1&userId=ebe1e2aa04642c4dc9f7e9a5dfdb455c9ef1b6825ab8b9414a96e56e40140e75&autoplay=all&autoplayForce=1&showModal=signup&memberId={clickid}
IP
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash 5a7d6a3dcecc86c20df96ad76551eabe
22fb972b12c5d0417e9cc13bae81be9afa62157d
7338bffe285f0e5c3d6197ea825580d1c59b4210b028acce0c7872751fafdeb2
GET /widgets/v4/Universal?tag=girls/asian&thumbsMargin=0&gridRows=1&gridColumns=1&sourceId=300cps2asgirl&creativeId=300cps2asgirl&responsive=0&hideButton=1&hideTitle=1&userId=ebe1e2aa04642c4dc9f7e9a5dfdb455c9ef1b6825ab8b9414a96e56e40140e75&autoplay=all&autoplayForce=1&showModal=signup&memberId={clickid} HTTP/1.1
Host: creative.bbrdbr.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://r.trackwilltrk.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Tue, 05 Dec 2023 16:33:24 GMT
content-type: text/html
last-modified: Tue, 05 Dec 2023 10:58:14 GMT
expires: Tue, 05 Dec 2023 16:33:23 GMT
cache-control: max-age=10
strict-transport-security: max-age=15768000
pragma: public
report-to: { "endpoints":[{ "url": "https://go.stripchat.com/report" }], "group": "default", "max_age": 1048576 }
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Bitness, Sec-CH-UA-Wow64
cf-cache-status: HIT
age: 9
vary: Accept-Encoding
server: cloudflare
cf-ray: 830db0cd38e95697-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
go.fxmnba.com/config?url=https%3A%2F%2Fcreative.fxmnba.com%2Fwidgets%2Fv4%2FUniversal%3Faction%3DsbSignupWithModel%26buttonColor%3D%2523930606%26campaignId%3D128029786fbed96fe880330bb083ecce41e122ba08e2711908bc9493ef368344%26campaignType%3Dsmartpop%26creativeId%3Dd61a8beea3946d486612a3452b3d53ba84299ee51efd9260534d85230347af08%26iterationId%3D765913%26liveBadgeColor%3D%2523ff0707%26masterSmartpopId%3D1914%26memberId%3DK6YNDI7X5gYHxE_6IHqQ2o7-5M49y_O0830F3tx6my9JmSjNxjkh8ZD5GTOL6Owk2lhvXGnIx67OtM2JrZwhsUDWTxd0axM7aKaG93gtpSy-JEM_gUIDRUi%26mlView%3D1%26p1%3D3803312%26quality%3D240p%26ruleId%3D17%26smartpopId%3D1548%26sourceId%3D271333%26usePreroll%3D0%26userId%3Ded4e3449202a44afa8131507a9d12a1c962321860e4bfcc2aa1b33a18897b60e%26variationId%3D32246%26webp%3D1
82 kB URL go.fxmnba.com/config?url=https%3A%2F%2Fcreative.fxmnba.com%2Fwidgets%2Fv4%2FUniversal%3Faction%3DsbSignupWithModel%26buttonColor%3D%2523930606%26campaignId%3D128029786fbed96fe880330bb083ecce41e122ba08e2711908bc9493ef368344%26campaignType%3Dsmartpop%26creativeId%3Dd61a8beea3946d486612a3452b3d53ba84299ee51efd9260534d85230347af08%26iterationId%3D765913%26liveBadgeColor%3D%2523ff0707%26masterSmartpopId%3D1914%26memberId%3DK6YNDI7X5gYHxE_6IHqQ2o7-5M49y_O0830F3tx6my9JmSjNxjkh8ZD5GTOL6Owk2lhvXGnIx67OtM2JrZwhsUDWTxd0axM7aKaG93gtpSy-JEM_gUIDRUi%26mlView%3D1%26p1%3D3803312%26quality%3D240p%26ruleId%3D17%26smartpopId%3D1548%26sourceId%3D271333%26usePreroll%3D0%26userId%3Ded4e3449202a44afa8131507a9d12a1c962321860e4bfcc2aa1b33a18897b60e%26variationId%3D32246%26webp%3D1
IP
File type JSON data\012- , ASCII text
Hash 5e7b8919bc07625156c379c70088b580
37016b2cf132b3667a4986ae6977d1c33c988c39
8bbf345afff4249b7a6a52a523bd84af6034d33e17b59e6bae72b8059917e79b
GET /config?url=https%3A%2F%2Fcreative.fxmnba.com%2Fwidgets%2Fv4%2FUniversal%3Faction%3DsbSignupWithModel%26buttonColor%3D%2523930606%26campaignId%3D128029786fbed96fe880330bb083ecce41e122ba08e2711908bc9493ef368344%26campaignType%3Dsmartpop%26creativeId%3Dd61a8beea3946d486612a3452b3d53ba84299ee51efd9260534d85230347af08%26iterationId%3D765913%26liveBadgeColor%3D%2523ff0707%26masterSmartpopId%3D1914%26memberId%3DK6YNDI7X5gYHxE_6IHqQ2o7-5M49y_O0830F3tx6my9JmSjNxjkh8ZD5GTOL6Owk2lhvXGnIx67OtM2JrZwhsUDWTxd0axM7aKaG93gtpSy-JEM_gUIDRUi%26mlView%3D1%26p1%3D3803312%26quality%3D240p%26ruleId%3D17%26smartpopId%3D1548%26sourceId%3D271333%26usePreroll%3D0%26userId%3Ded4e3449202a44afa8131507a9d12a1c962321860e4bfcc2aa1b33a18897b60e%26variationId%3D32246%26webp%3D1 HTTP/1.1
Host: go.fxmnba.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://creative.fxmnba.com/
Origin: https://creative.fxmnba.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Tue, 05 Dec 2023 16:33:24 GMT
content-type: application/json
access-control-allow-origin: https://creative.fxmnba.com
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Bitness, Sec-CH-UA-Wow64
last-modified: Tue, 05 Dec 2023 16:33:24 GMT
cf-cache-status: MISS
set-cookie: __cflb=0H28upDCGznfDm9XVE9SipefN9YVHPpVWiFwJmdJL8U; SameSite=None; Secure; path=/; expires=Wed, 06-Dec-23 16:33:24 GMT; HttpOnly
vary: Accept-Encoding
server: cloudflare
cf-ray: 830db0ce0c7e56b5-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
go.fxmnba.com/api/models?quality=240p&webp=1&forceClient=1&stripcashR=0&limit=1&usePreroll=0
665 B URL go.fxmnba.com/api/models?quality=240p&webp=1&forceClient=1&stripcashR=0&limit=1&usePreroll=0
IP
File type JSON data\012- , ASCII text, with very long lines (1692), with no line terminators
Hash 90457797bda265b48a4eedb490567bc8
ba47ec5a85619bf10692acc114fe5aeddb83e16f
a8e1453335d2dcfd14c17752c5045a7026be8e2dccf3cab18b9f6892e8908987
GET /api/models?quality=240p&webp=1&forceClient=1&stripcashR=0&limit=1&usePreroll=0 HTTP/1.1
Host: go.fxmnba.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://creative.fxmnba.com/
Origin: https://creative.fxmnba.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Tue, 05 Dec 2023 16:33:24 GMT
content-type: application/json
access-control-allow-origin: https://creative.fxmnba.com
access-control-allow-credentials: true
vary: Origin, Accept-Encoding
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Bitness, Sec-CH-UA-Wow64
last-modified: Tue, 05 Dec 2023 16:33:04 GMT
cf-cache-status: HIT
age: 7
server: cloudflare
cf-ray: 830db0d0b97d7127-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
cdn.amnew.net/8350ae74e66b0dfd639afdc09fcdda1f.jpeg
44 kB URL cdn.amnew.net/8350ae74e66b0dfd639afdc09fcdda1f.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 192x192, components 3\012- data
Hash 8cae05cb6a34d6053a0959ad2aced54f
38316be90aaf728ae3bdf000aba1f41d33482750
158042983328442e28fbf9051842a12acc9b0de93fa0525170abce0efb43be35
GET /8350ae74e66b0dfd639afdc09fcdda1f.jpeg HTTP/1.1
Host: cdn.amnew.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: openresty/1.21.4.1
date: Tue, 05 Dec 2023 16:33:24 GMT
content-type: image/jpeg
content-length: 43756
last-modified: Tue, 05 Dec 2023 15:11:09 GMT
etag: "656f3d8d-aaec"
expires: Tue, 19 Dec 2023 15:11:39 GMT
cache-control: max-age=1209600
accept-ranges: bytes
X-Firefox-Spdy: h2
creative.bbrdbr.com/widgets/v4/Universal?tag=girls/asian&thumbsMargin=0&gridRows=1&gridColumns=1&sourceId=300cps2asgirl&creativeId=300cps2asgirl&responsive=0&hideButton=1&hideTitle=1&userId=ebe1e2aa04642c4dc9f7e9a5dfdb455c9ef1b6825ab8b9414a96e56e40140e75&autoplay=all&autoplayForce=1&showModal=signup&memberId={clickid}
314 B URL creative.bbrdbr.com/widgets/v4/Universal?tag=girls/asian&thumbsMargin=0&gridRows=1&gridColumns=1&sourceId=300cps2asgirl&creativeId=300cps2asgirl&responsive=0&hideButton=1&hideTitle=1&userId=ebe1e2aa04642c4dc9f7e9a5dfdb455c9ef1b6825ab8b9414a96e56e40140e75&autoplay=all&autoplayForce=1&showModal=signup&memberId={clickid}
IP
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash 5a7d6a3dcecc86c20df96ad76551eabe
22fb972b12c5d0417e9cc13bae81be9afa62157d
7338bffe285f0e5c3d6197ea825580d1c59b4210b028acce0c7872751fafdeb2
GET /widgets/v4/Universal?tag=girls/asian&thumbsMargin=0&gridRows=1&gridColumns=1&sourceId=300cps2asgirl&creativeId=300cps2asgirl&responsive=0&hideButton=1&hideTitle=1&userId=ebe1e2aa04642c4dc9f7e9a5dfdb455c9ef1b6825ab8b9414a96e56e40140e75&autoplay=all&autoplayForce=1&showModal=signup&memberId={clickid} HTTP/1.1
Host: creative.bbrdbr.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://r.trackwilltrk.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Tue, 05 Dec 2023 16:33:24 GMT
content-type: text/html
last-modified: Tue, 05 Dec 2023 10:58:14 GMT
expires: Tue, 05 Dec 2023 16:33:23 GMT
cache-control: max-age=10
strict-transport-security: max-age=15768000
pragma: public
report-to: { "endpoints":[{ "url": "https://go.stripchat.com/report" }], "group": "default", "max_age": 1048576 }
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Bitness, Sec-CH-UA-Wow64
cf-cache-status: HIT
age: 9
vary: Accept-Encoding
server: cloudflare
cf-ray: 830db0cd28d65697-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
creative.bbrdbr.com/widgets/v4/Universal?tag=girls/asian&thumbsMargin=0&gridRows=1&gridColumns=1&sourceId=300cps2asgirl&creativeId=300cps2asgirl&responsive=0&hideButton=1&hideTitle=1&userId=ebe1e2aa04642c4dc9f7e9a5dfdb455c9ef1b6825ab8b9414a96e56e40140e75&autoplay=all&autoplayForce=1&showModal=signup&memberId={clickid}
517 B URL creative.bbrdbr.com/widgets/v4/Universal?tag=girls/asian&thumbsMargin=0&gridRows=1&gridColumns=1&sourceId=300cps2asgirl&creativeId=300cps2asgirl&responsive=0&hideButton=1&hideTitle=1&userId=ebe1e2aa04642c4dc9f7e9a5dfdb455c9ef1b6825ab8b9414a96e56e40140e75&autoplay=all&autoplayForce=1&showModal=signup&memberId={clickid}
IP
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash 5a7d6a3dcecc86c20df96ad76551eabe
22fb972b12c5d0417e9cc13bae81be9afa62157d
7338bffe285f0e5c3d6197ea825580d1c59b4210b028acce0c7872751fafdeb2
GET /widgets/v4/Universal?tag=girls/asian&thumbsMargin=0&gridRows=1&gridColumns=1&sourceId=300cps2asgirl&creativeId=300cps2asgirl&responsive=0&hideButton=1&hideTitle=1&userId=ebe1e2aa04642c4dc9f7e9a5dfdb455c9ef1b6825ab8b9414a96e56e40140e75&autoplay=all&autoplayForce=1&showModal=signup&memberId={clickid} HTTP/1.1
Host: creative.bbrdbr.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://r.trackwilltrk.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Tue, 05 Dec 2023 16:33:24 GMT
content-type: text/html
last-modified: Tue, 05 Dec 2023 10:58:14 GMT
expires: Tue, 05 Dec 2023 16:33:23 GMT
cache-control: max-age=10
strict-transport-security: max-age=15768000
pragma: public
report-to: { "endpoints":[{ "url": "https://go.stripchat.com/report" }], "group": "default", "max_age": 1048576 }
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Bitness, Sec-CH-UA-Wow64
cf-cache-status: HIT
age: 9
vary: Accept-Encoding
server: cloudflare
cf-ray: 830db0cd28ca5697-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
go.fxmnba.com/api/models?quality=240p&webp=1&forceClient=1&stripcashR=0&limit=1&usePreroll=0
13 kB URL go.fxmnba.com/api/models?quality=240p&webp=1&forceClient=1&stripcashR=0&limit=1&usePreroll=0
IP
File type JSON data\012- , ASCII text, with very long lines (1692), with no line terminators
Hash 90457797bda265b48a4eedb490567bc8
ba47ec5a85619bf10692acc114fe5aeddb83e16f
a8e1453335d2dcfd14c17752c5045a7026be8e2dccf3cab18b9f6892e8908987
GET /api/models?quality=240p&webp=1&forceClient=1&stripcashR=0&limit=1&usePreroll=0 HTTP/1.1
Host: go.fxmnba.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://creative.fxmnba.com/
Origin: https://creative.fxmnba.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Tue, 05 Dec 2023 16:33:24 GMT
content-type: application/json
access-control-allow-origin: https://creative.fxmnba.com
access-control-allow-credentials: true
vary: Origin, Accept-Encoding
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Bitness, Sec-CH-UA-Wow64
last-modified: Tue, 05 Dec 2023 16:33:04 GMT
cf-cache-status: HIT
age: 7
server: cloudflare
cf-ray: 830db0d089517127-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
lby2kd27c.com/chicken.gif?z=1863026&pb=a98aae9bc536cd10696c969e5faeb6901701801199&psp=lQW2nZdsOCCwrm3FyrhwyZHZYlmPeiz5LdM90yJ1IzvZCNlf9uqTz4MjrnQQ-CDj-FOg-8WXbR5P17Tfa8yDS90VYI0TAr-ZAqdnqpsaqJKi-gYRKOmxcz-AIPJSxBOYqOv9ZfPOOcAR2Io-zPSCnmOxxlFw4p8q8mj2AzC0jdgzBaejGdMKqdFMJVa105GWmeMcu5NqXFv9YkBWTnqO3NYpyOKB0Asnw44EYnAaD2_ehApmoAcYJ-kt2gjhg6LNlXbU5JkIjER28dCnbu86r_weNjzUsgSWXFpT7n7IvVJVSo1iEEW5bVVH_mN9-pxG83kYO8WosqtgAK76MelSeyNCBChassGHcsdwLnGVi5eCLRV1RLlwJUHvJOpsiOW7fCw517yJ3z42WWGcAkkJxfozxUjyE9eNFBLfIAUR-azDItr2JBaTsWxjrwym2qqXPjZZUoJv-q86hbQwE3mFLc9GsopP2FuMtw--ANuZ-3i4JMaASnZeEzI1dTvyOH6HWRV7kX1QE_p9M2W-zJBuKbpNlm0hmlXSyT-4Bs546JXBc1NuUIgPbrqF3rM40xoKzOtkhYWyWIGagjTXgfQpNcbcAUs95QQ6Rs4U8Yk1wZ7yxVvs64vOOknpCMxiIIbXlHugaBQVt5ygNew1izQpw7MTivqYL2azuxDu0Mcyfy1-XgAZPl7zKWVP7ZdQrsZte1xwsbUiPl4VjBjl4G462ebIC8-Y5Pr7Mp8iOaFaw5WtyWDI5GyYwZ15s43UYDRVv8L3uU7TG-OSHX1_Vwr1h_3LnonDuWySUQsMOkBbS-hyyLvAeHi6i31Z0SLgvB4VT5hA7UC2AfqmKogPIMqx26RCHl3zbVIgj01CY09FY6ua7XheycrlVX1CYR6UHzeWlx0ezdYp4XtNlAetpfmx9sdal2eFeYuNVbN_z-CUJA8WVUCowfHqo49yU923_m0vzAjk6kgNX779RYmMB2UGCjwb0tDN_t1EsFhecaRT4WnvC5ToIXsjWF7O2X9634mIYfY=&im=1&freq=1&nojs=0&abvar=0&febuild=1.0.179&t=0&wcks=1&wgl=0&cnvs=1&os=0&ss=1&ls=1&bb=0&plu=PDF%20Viewer::Chrome%20PDF%20Viewer::Chromium%20PDF%20Viewer::Microsoft%20Edge%20PDF%20Viewer::WebKit%20built-in%20PDF&lang=en-US&pf=Linux%20x86_64&cd=24&ix=0&x=1280&y=1024&md=0&afid=1518903655466496&eclog=0&sp=1&im=1&pload=4357
43 B URL lby2kd27c.com/chicken.gif?z=1863026&pb=a98aae9bc536cd10696c969e5faeb6901701801199&psp=lQW2nZdsOCCwrm3FyrhwyZHZYlmPeiz5LdM90yJ1IzvZCNlf9uqTz4MjrnQQ-CDj-FOg-8WXbR5P17Tfa8yDS90VYI0TAr-ZAqdnqpsaqJKi-gYRKOmxcz-AIPJSxBOYqOv9ZfPOOcAR2Io-zPSCnmOxxlFw4p8q8mj2AzC0jdgzBaejGdMKqdFMJVa105GWmeMcu5NqXFv9YkBWTnqO3NYpyOKB0Asnw44EYnAaD2_ehApmoAcYJ-kt2gjhg6LNlXbU5JkIjER28dCnbu86r_weNjzUsgSWXFpT7n7IvVJVSo1iEEW5bVVH_mN9-pxG83kYO8WosqtgAK76MelSeyNCBChassGHcsdwLnGVi5eCLRV1RLlwJUHvJOpsiOW7fCw517yJ3z42WWGcAkkJxfozxUjyE9eNFBLfIAUR-azDItr2JBaTsWxjrwym2qqXPjZZUoJv-q86hbQwE3mFLc9GsopP2FuMtw--ANuZ-3i4JMaASnZeEzI1dTvyOH6HWRV7kX1QE_p9M2W-zJBuKbpNlm0hmlXSyT-4Bs546JXBc1NuUIgPbrqF3rM40xoKzOtkhYWyWIGagjTXgfQpNcbcAUs95QQ6Rs4U8Yk1wZ7yxVvs64vOOknpCMxiIIbXlHugaBQVt5ygNew1izQpw7MTivqYL2azuxDu0Mcyfy1-XgAZPl7zKWVP7ZdQrsZte1xwsbUiPl4VjBjl4G462ebIC8-Y5Pr7Mp8iOaFaw5WtyWDI5GyYwZ15s43UYDRVv8L3uU7TG-OSHX1_Vwr1h_3LnonDuWySUQsMOkBbS-hyyLvAeHi6i31Z0SLgvB4VT5hA7UC2AfqmKogPIMqx26RCHl3zbVIgj01CY09FY6ua7XheycrlVX1CYR6UHzeWlx0ezdYp4XtNlAetpfmx9sdal2eFeYuNVbN_z-CUJA8WVUCowfHqo49yU923_m0vzAjk6kgNX779RYmMB2UGCjwb0tDN_t1EsFhecaRT4WnvC5ToIXsjWF7O2X9634mIYfY=&im=1&freq=1&nojs=0&abvar=0&febuild=1.0.179&t=0&wcks=1&wgl=0&cnvs=1&os=0&ss=1&ls=1&bb=0&plu=PDF%20Viewer::Chrome%20PDF%20Viewer::Chromium%20PDF%20Viewer::Microsoft%20Edge%20PDF%20Viewer::WebKit%20built-in%20PDF&lang=en-US&pf=Linux%20x86_64&cd=24&ix=0&x=1280&y=1024&md=0&afid=1518903655466496&eclog=0&sp=1&im=1&pload=4357
IP
Certificate IssuerBuypass AS-983163327
Subject
Fingerprint18:D4:50:75:16:D3:07:57:A9:86:F3:0E:99:AF:B9:B5:11:0D:0D:A4
ValiditySat, 28 Oct 2023 13:43:07 GMT - Wed, 24 Apr 2024 21:59:00 GMT
File type GIF image data, version 89a, 1 x 1\012- data
Hash 28e463819a210071de3b45ebe7633613
6dccd571828ec0912629119cf7eabfea9f33ddbc
44251f61629e2bfeead421241a917f43ad047af351659f01cd8fd937f0417f84
GET /chicken.gif?z=1863026&pb=a98aae9bc536cd10696c969e5faeb6901701801199&psp=lQW2nZdsOCCwrm3FyrhwyZHZYlmPeiz5LdM90yJ1IzvZCNlf9uqTz4MjrnQQ-CDj-FOg-8WXbR5P17Tfa8yDS90VYI0TAr-ZAqdnqpsaqJKi-gYRKOmxcz-AIPJSxBOYqOv9ZfPOOcAR2Io-zPSCnmOxxlFw4p8q8mj2AzC0jdgzBaejGdMKqdFMJVa105GWmeMcu5NqXFv9YkBWTnqO3NYpyOKB0Asnw44EYnAaD2_ehApmoAcYJ-kt2gjhg6LNlXbU5JkIjER28dCnbu86r_weNjzUsgSWXFpT7n7IvVJVSo1iEEW5bVVH_mN9-pxG83kYO8WosqtgAK76MelSeyNCBChassGHcsdwLnGVi5eCLRV1RLlwJUHvJOpsiOW7fCw517yJ3z42WWGcAkkJxfozxUjyE9eNFBLfIAUR-azDItr2JBaTsWxjrwym2qqXPjZZUoJv-q86hbQwE3mFLc9GsopP2FuMtw--ANuZ-3i4JMaASnZeEzI1dTvyOH6HWRV7kX1QE_p9M2W-zJBuKbpNlm0hmlXSyT-4Bs546JXBc1NuUIgPbrqF3rM40xoKzOtkhYWyWIGagjTXgfQpNcbcAUs95QQ6Rs4U8Yk1wZ7yxVvs64vOOknpCMxiIIbXlHugaBQVt5ygNew1izQpw7MTivqYL2azuxDu0Mcyfy1-XgAZPl7zKWVP7ZdQrsZte1xwsbUiPl4VjBjl4G462ebIC8-Y5Pr7Mp8iOaFaw5WtyWDI5GyYwZ15s43UYDRVv8L3uU7TG-OSHX1_Vwr1h_3LnonDuWySUQsMOkBbS-hyyLvAeHi6i31Z0SLgvB4VT5hA7UC2AfqmKogPIMqx26RCHl3zbVIgj01CY09FY6ua7XheycrlVX1CYR6UHzeWlx0ezdYp4XtNlAetpfmx9sdal2eFeYuNVbN_z-CUJA8WVUCowfHqo49yU923_m0vzAjk6kgNX779RYmMB2UGCjwb0tDN_t1EsFhecaRT4WnvC5ToIXsjWF7O2X9634mIYfY=&im=1&freq=1&nojs=0&abvar=0&febuild=1.0.179&t=0&wcks=1&wgl=0&cnvs=1&os=0&ss=1&ls=1&bb=0&plu=PDF%20Viewer::Chrome%20PDF%20Viewer::Chromium%20PDF%20Viewer::Microsoft%20Edge%20PDF%20Viewer::WebKit%20built-in%20PDF&lang=en-US&pf=Linux%20x86_64&cd=24&ix=0&x=1280&y=1024&md=0&afid=1518903655466496&eclog=0&sp=1&im=1&pload=4357 HTTP/1.1
Host: lby2kd27c.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: CHCK=1; UID=2312051133e07181d8e1cf45dd8fd216ffe5
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 05 Dec 2023 16:33:24 GMT
content-type: image/gif
content-length: 43
x-route-id: stats.impression
timing-allow-origin: *
accept-ch: sec-ch-ua-wow64,sec-ch-ua-full-version-list,sec-ch-ua,sec-ch-ua-platform,sec-ch-ua-mobile,sec-ch-ua-full-version,sec-ch-ua-platform-version,sec-ch-ua-arch,sec-ch-ua-bitness,sec-ch-ua-model,sec-ch-width,sec-ch-viewport-width,sec-ch-viewport-height,sec-ch-dpr,sec-ch-device-memory,sec-ch-rtt,sec-ch-prefers-color-scheme,sec-ch-prefers-reduced-motion,sec-ch-prefers-reduced-transparency,sec-ch-prefers-contrast,sec-ch-forced-colors,sec-ch-prefers-reduced-data
X-Firefox-Spdy: h2
sensualtestresume.com/pixel/sbs?c=1
0 B URL sensualtestresume.com/pixel/sbs?c=1
IP
ASN #39572 DataWeb Global Group B.V.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /pixel/sbs?c=1 HTTP/1.1
Host: sensualtestresume.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://fr.hentai-img.com/
Cookie: u_pl=16484303; uid_id2=8325fdb6-4dc6-407a-8a3e-13c934c97f16:3:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Tue, 05 Dec 2023 16:33:24 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
video.ktkjmp.com/adsbygoogle.js
16 B URL video.ktkjmp.com/adsbygoogle.js
IP
Hash 3d7f7a60216d40dea48e495fef6903c9
fecdb5184f55cf012563d78940eb97b10b9cc99b
96d83ac9f20fc0b88404f307f135e212642e02d6ea295c96b28aed0d771a224f
GET /adsbygoogle.js HTTP/1.1
Host: video.ktkjmp.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://creative.bbrdbr.com/
Origin: https://creative.bbrdbr.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Tue, 05 Dec 2023 16:33:25 GMT
content-type: application/javascript
content-length: 16
x-amz-id-2: Uy+BI0f9xi3njNOl7P4PsULkPp0g6ssxBGHnYb4mQe+eet3x2+C470ZEAYzLvRraWhXf8LMEGWU=
x-amz-request-id: WWWZDEMQD0DJ51HX
last-modified: Thu, 10 Mar 2022 13:52:07 GMT
etag: "3d7f7a60216d40dea48e495fef6903c9"
x-amz-meta-s3cmd-attrs: atime:1646920284/ctime:1646920283/gid:20/gname:staff/md5:3d7f7a60216d40dea48e495fef6903c9/mode:33188/mtime:1646920283/uid:501/uname:mikhailchubar
x-amz-version-id: eIgLIBoMMcsEXtxOH6UDjWyfAquRpkIG
access-control-allow-origin: https://creative.bbrdbr.com
access-control-allow-credentials: true
access-control-allow-headers: Content-Type, Content-Length, Accept-Encoding, x-requested-with
cf-cache-status: HIT
age: 1424
expires: Tue, 05 Dec 2023 20:33:25 GMT
cache-control: public, max-age=14400
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 830db0d338355684-OSL
alt-svc: h3=":443"; ma=86400
fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2
16 kB URL fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2
IP
File type Web Open Font Format (Version 2), TrueType, length 15744, version 1.0\012- data
Hash 15d9f621c3bd1599f0169dcf0bd5e63e
7ca9c5967f3bb8bffeab24b639b49c1e7d03fa52
f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615
GET /s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://fr.hentai-img.com
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15744
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Mon, 04 Dec 2023 23:43:03 GMT
expires: Tue, 03 Dec 2024 23:43:03 GMT
cache-control: public, max-age=31536000
age: 60622
last-modified: Wed, 11 May 2022 19:24:48 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2
16 kB URL fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2
IP
File type Web Open Font Format (Version 2), TrueType, length 15860, version 1.0\012- data
Hash e9f5aaf547f165386cd313b995dddd8e
acdef5603c2387b0e5bffd744b679a24a8bc1968
f5aebdfea35d1e7656ef4acc5db1f243209755ae3300943ef8fc6280f363c860
GET /s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://fr.hentai-img.com
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15860
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 29 Nov 2023 21:52:12 GMT
expires: Thu, 28 Nov 2024 21:52:12 GMT
cache-control: public, max-age=31536000
age: 499273
last-modified: Wed, 11 May 2022 19:24:42 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
img.strpst.com/thumbs/1701793950/83599615_webp
12 kB URL img.strpst.com/thumbs/1701793950/83599615_webp
IP
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 640x360, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash df60cded58ee62c36a8f4ef0a4bf304f
d55c8062eec8cb49c219b85f901f05a88a8d1b4f
6868acd3d92ce92ca21e7d37111cf40a053192161b1a16e29796bcd1059371cc
GET /thumbs/1701793950/83599615_webp HTTP/1.1
Host: img.strpst.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://creative.fxmnba.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Tue, 05 Dec 2023 16:33:25 GMT
content-type: image/webp
content-length: 12348
etag: "df60cded58ee62c36a8f4ef0a4bf304f"
last-modified: Tue, 05 Dec 2023 16:31:16 GMT
cache-control: public, max-age=1800, s-maxage=1800
access-control-allow-origin: *
access-control-allow-methods: GET
cf-cache-status: HIT
age: 48
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 830db0d37a2356c6-OSL
alt-svc: h3=":443"; ma=86400
video.ktkjmp.com/adsbygoogle.js
16 B URL video.ktkjmp.com/adsbygoogle.js
IP
Hash 3d7f7a60216d40dea48e495fef6903c9
fecdb5184f55cf012563d78940eb97b10b9cc99b
96d83ac9f20fc0b88404f307f135e212642e02d6ea295c96b28aed0d771a224f
GET /adsbygoogle.js HTTP/1.1
Host: video.ktkjmp.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://creative.bbrdbr.com/
Origin: https://creative.bbrdbr.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Tue, 05 Dec 2023 16:33:25 GMT
content-type: application/javascript
content-length: 16
x-amz-id-2: Uy+BI0f9xi3njNOl7P4PsULkPp0g6ssxBGHnYb4mQe+eet3x2+C470ZEAYzLvRraWhXf8LMEGWU=
x-amz-request-id: WWWZDEMQD0DJ51HX
last-modified: Thu, 10 Mar 2022 13:52:07 GMT
etag: "3d7f7a60216d40dea48e495fef6903c9"
x-amz-meta-s3cmd-attrs: atime:1646920284/ctime:1646920283/gid:20/gname:staff/md5:3d7f7a60216d40dea48e495fef6903c9/mode:33188/mtime:1646920283/uid:501/uname:mikhailchubar
x-amz-version-id: eIgLIBoMMcsEXtxOH6UDjWyfAquRpkIG
access-control-allow-origin: https://creative.bbrdbr.com
access-control-allow-credentials: true
access-control-allow-headers: Content-Type, Content-Length, Accept-Encoding, x-requested-with
cf-cache-status: HIT
age: 1424
expires: Tue, 05 Dec 2023 20:33:25 GMT
cache-control: public, max-age=14400
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 830db0d3888b5684-OSL
alt-svc: h3=":443"; ma=86400
go.fxmnba.com/abc.gif?action=sbSignupWithModel&buttonColor=%23930606&campaignId=128029786fbed96fe880330bb083ecce41e122ba08e2711908bc9493ef368344&campaignType=smartpop&creativeId=d61a8beea3946d486612a3452b3d53ba84299ee51efd9260534d85230347af08&iterationId=765913&liveBadgeColor=%23ff0707&masterSmartpopId=1914&p1=3803312&quality=240p&ruleId=17&smartpopId=1548&sourceId=271333&userId=ed4e3449202a44afa8131507a9d12a1c962321860e4bfcc2aa1b33a18897b60e&variationId=32246&modelsLimit=1&actionButtonPlacement=bottom&thumbSizeKey=big&hideButtonOnSmallSpots=1&hideTitleOnSmallSpots=1&hideModelNameOnSmallSpots=1&language=en&thumbFit=cover&stripcashR=0&thumbType=default&kbLimit=0&modelsInWatchHistoryCount=-1&modelsInFavoritesCount=-1&userType=newuser&modelsCount=1&segment=hls-newAPI&landing=WidgetV4Universal&referrer=https%3A%2F%2Ftsyndicate.com%2F&i=0&ib=0&filtersMatch=0&m=%5B%7B%22type%22%3A%22navigation%22%2C%22startTime%22%3A0%2C%22duration%22%3A1894%7D%2C%7B%22type%22%3A%22resource%22%2C%22startTime%22%3A1440%2C%22duration%22%3A232%2C%22transferSize%22%3A80914%7D%5D&mh=-1210889938
103 B URL go.fxmnba.com/abc.gif?action=sbSignupWithModel&buttonColor=%23930606&campaignId=128029786fbed96fe880330bb083ecce41e122ba08e2711908bc9493ef368344&campaignType=smartpop&creativeId=d61a8beea3946d486612a3452b3d53ba84299ee51efd9260534d85230347af08&iterationId=765913&liveBadgeColor=%23ff0707&masterSmartpopId=1914&p1=3803312&quality=240p&ruleId=17&smartpopId=1548&sourceId=271333&userId=ed4e3449202a44afa8131507a9d12a1c962321860e4bfcc2aa1b33a18897b60e&variationId=32246&modelsLimit=1&actionButtonPlacement=bottom&thumbSizeKey=big&hideButtonOnSmallSpots=1&hideTitleOnSmallSpots=1&hideModelNameOnSmallSpots=1&language=en&thumbFit=cover&stripcashR=0&thumbType=default&kbLimit=0&modelsInWatchHistoryCount=-1&modelsInFavoritesCount=-1&userType=newuser&modelsCount=1&segment=hls-newAPI&landing=WidgetV4Universal&referrer=https%3A%2F%2Ftsyndicate.com%2F&i=0&ib=0&filtersMatch=0&m=%5B%7B%22type%22%3A%22navigation%22%2C%22startTime%22%3A0%2C%22duration%22%3A1894%7D%2C%7B%22type%22%3A%22resource%22%2C%22startTime%22%3A1440%2C%22duration%22%3A232%2C%22transferSize%22%3A80914%7D%5D&mh=-1210889938
IP
Hash 8c99886486b9a004383cb4df29011c43
d79ca4754481fc59598bc08fcdf354900918bffe
bda00b0f6892b1c6991e793b42654ad1807694e2ffabcbc4eb1399379737ef6c
GET /abc.gif?action=sbSignupWithModel&buttonColor=%23930606&campaignId=128029786fbed96fe880330bb083ecce41e122ba08e2711908bc9493ef368344&campaignType=smartpop&creativeId=d61a8beea3946d486612a3452b3d53ba84299ee51efd9260534d85230347af08&iterationId=765913&liveBadgeColor=%23ff0707&masterSmartpopId=1914&p1=3803312&quality=240p&ruleId=17&smartpopId=1548&sourceId=271333&userId=ed4e3449202a44afa8131507a9d12a1c962321860e4bfcc2aa1b33a18897b60e&variationId=32246&modelsLimit=1&actionButtonPlacement=bottom&thumbSizeKey=big&hideButtonOnSmallSpots=1&hideTitleOnSmallSpots=1&hideModelNameOnSmallSpots=1&language=en&thumbFit=cover&stripcashR=0&thumbType=default&kbLimit=0&modelsInWatchHistoryCount=-1&modelsInFavoritesCount=-1&userType=newuser&modelsCount=1&segment=hls-newAPI&landing=WidgetV4Universal&referrer=https%3A%2F%2Ftsyndicate.com%2F&i=0&ib=0&filtersMatch=0&m=%5B%7B%22type%22%3A%22navigation%22%2C%22startTime%22%3A0%2C%22duration%22%3A1894%7D%2C%7B%22type%22%3A%22resource%22%2C%22startTime%22%3A1440%2C%22duration%22%3A232%2C%22transferSize%22%3A80914%7D%5D&mh=-1210889938 HTTP/1.1
Host: go.fxmnba.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://creative.fxmnba.com/
Cookie: __cflb=02DiuDFRFiBZBvMSLtsgHAphT8dt9Y3eZy71xvX8zrDyE
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Tue, 05 Dec 2023 16:33:25 GMT
content-type: image/gif
content-length: 103
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Bitness, Sec-CH-UA-Wow64
cf-cache-status: DYNAMIC
server: cloudflare
cf-ray: 830db0d37cd87127-OSL
alt-svc: h3=":443"; ma=86400
video.ktkjmp.com/adsbygoogle.js
16 B URL video.ktkjmp.com/adsbygoogle.js
IP
Hash 3d7f7a60216d40dea48e495fef6903c9
fecdb5184f55cf012563d78940eb97b10b9cc99b
96d83ac9f20fc0b88404f307f135e212642e02d6ea295c96b28aed0d771a224f
GET /adsbygoogle.js HTTP/1.1
Host: video.ktkjmp.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://creative.bbrdbr.com/
Origin: https://creative.bbrdbr.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Tue, 05 Dec 2023 16:33:25 GMT
content-type: application/javascript
content-length: 16
x-amz-id-2: Uy+BI0f9xi3njNOl7P4PsULkPp0g6ssxBGHnYb4mQe+eet3x2+C470ZEAYzLvRraWhXf8LMEGWU=
x-amz-request-id: WWWZDEMQD0DJ51HX
last-modified: Thu, 10 Mar 2022 13:52:07 GMT
etag: "3d7f7a60216d40dea48e495fef6903c9"
x-amz-meta-s3cmd-attrs: atime:1646920284/ctime:1646920283/gid:20/gname:staff/md5:3d7f7a60216d40dea48e495fef6903c9/mode:33188/mtime:1646920283/uid:501/uname:mikhailchubar
x-amz-version-id: eIgLIBoMMcsEXtxOH6UDjWyfAquRpkIG
access-control-allow-origin: https://creative.bbrdbr.com
access-control-allow-credentials: true
access-control-allow-headers: Content-Type, Content-Length, Accept-Encoding, x-requested-with
cf-cache-status: HIT
age: 1424
expires: Tue, 05 Dec 2023 20:33:25 GMT
cache-control: public, max-age=14400
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 830db0d3989a5684-OSL
alt-svc: h3=":443"; ma=86400
img.strpst.com/thumbs/1701793950/83599615_webp
12 kB URL img.strpst.com/thumbs/1701793950/83599615_webp
IP
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 640x360, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash df60cded58ee62c36a8f4ef0a4bf304f
d55c8062eec8cb49c219b85f901f05a88a8d1b4f
6868acd3d92ce92ca21e7d37111cf40a053192161b1a16e29796bcd1059371cc
GET /thumbs/1701793950/83599615_webp HTTP/1.1
Host: img.strpst.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://creative.fxmnba.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Tue, 05 Dec 2023 16:33:25 GMT
content-type: image/webp
content-length: 12348
etag: "df60cded58ee62c36a8f4ef0a4bf304f"
last-modified: Tue, 05 Dec 2023 16:31:16 GMT
cache-control: public, max-age=1800, s-maxage=1800
access-control-allow-origin: *
access-control-allow-methods: GET
cf-cache-status: HIT
age: 48
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 830db0d3aa7e56c6-OSL
alt-svc: h3=":443"; ma=86400
go.fxmnba.com/abc.gif?action=sbSignupWithModel&buttonColor=%23930606&campaignId=128029786fbed96fe880330bb083ecce41e122ba08e2711908bc9493ef368344&campaignType=smartpop&creativeId=d61a8beea3946d486612a3452b3d53ba84299ee51efd9260534d85230347af08&iterationId=765913&liveBadgeColor=%23ff0707&masterSmartpopId=1914&p1=3803312&quality=240p&ruleId=17&smartpopId=1548&sourceId=271333&userId=ed4e3449202a44afa8131507a9d12a1c962321860e4bfcc2aa1b33a18897b60e&variationId=32246&modelsLimit=1&actionButtonPlacement=bottom&thumbSizeKey=big&hideButtonOnSmallSpots=1&hideTitleOnSmallSpots=1&hideModelNameOnSmallSpots=1&language=en&thumbFit=cover&stripcashR=0&thumbType=default&kbLimit=0&modelsInWatchHistoryCount=-1&modelsInFavoritesCount=-1&userType=newuser&modelsCount=1&segment=hls-newAPI&landing=WidgetV4Universal&referrer=https%3A%2F%2Ftsyndicate.com%2F&i=0&ib=0&filtersMatch=0&m=%5B%7B%22type%22%3A%22navigation%22%2C%22startTime%22%3A0%2C%22duration%22%3A1766%7D%2C%7B%22type%22%3A%22resource%22%2C%22startTime%22%3A1297%2C%22duration%22%3A250%2C%22transferSize%22%3A80914%7D%2C%7B%22type%22%3A%22first-contentful-paint%22%2C%22startTime%22%3A2316%2C%22duration%22%3A0%7D%5D&mh=1143803899
103 B URL go.fxmnba.com/abc.gif?action=sbSignupWithModel&buttonColor=%23930606&campaignId=128029786fbed96fe880330bb083ecce41e122ba08e2711908bc9493ef368344&campaignType=smartpop&creativeId=d61a8beea3946d486612a3452b3d53ba84299ee51efd9260534d85230347af08&iterationId=765913&liveBadgeColor=%23ff0707&masterSmartpopId=1914&p1=3803312&quality=240p&ruleId=17&smartpopId=1548&sourceId=271333&userId=ed4e3449202a44afa8131507a9d12a1c962321860e4bfcc2aa1b33a18897b60e&variationId=32246&modelsLimit=1&actionButtonPlacement=bottom&thumbSizeKey=big&hideButtonOnSmallSpots=1&hideTitleOnSmallSpots=1&hideModelNameOnSmallSpots=1&language=en&thumbFit=cover&stripcashR=0&thumbType=default&kbLimit=0&modelsInWatchHistoryCount=-1&modelsInFavoritesCount=-1&userType=newuser&modelsCount=1&segment=hls-newAPI&landing=WidgetV4Universal&referrer=https%3A%2F%2Ftsyndicate.com%2F&i=0&ib=0&filtersMatch=0&m=%5B%7B%22type%22%3A%22navigation%22%2C%22startTime%22%3A0%2C%22duration%22%3A1766%7D%2C%7B%22type%22%3A%22resource%22%2C%22startTime%22%3A1297%2C%22duration%22%3A250%2C%22transferSize%22%3A80914%7D%2C%7B%22type%22%3A%22first-contentful-paint%22%2C%22startTime%22%3A2316%2C%22duration%22%3A0%7D%5D&mh=1143803899
IP
Hash 8c99886486b9a004383cb4df29011c43
d79ca4754481fc59598bc08fcdf354900918bffe
bda00b0f6892b1c6991e793b42654ad1807694e2ffabcbc4eb1399379737ef6c
GET /abc.gif?action=sbSignupWithModel&buttonColor=%23930606&campaignId=128029786fbed96fe880330bb083ecce41e122ba08e2711908bc9493ef368344&campaignType=smartpop&creativeId=d61a8beea3946d486612a3452b3d53ba84299ee51efd9260534d85230347af08&iterationId=765913&liveBadgeColor=%23ff0707&masterSmartpopId=1914&p1=3803312&quality=240p&ruleId=17&smartpopId=1548&sourceId=271333&userId=ed4e3449202a44afa8131507a9d12a1c962321860e4bfcc2aa1b33a18897b60e&variationId=32246&modelsLimit=1&actionButtonPlacement=bottom&thumbSizeKey=big&hideButtonOnSmallSpots=1&hideTitleOnSmallSpots=1&hideModelNameOnSmallSpots=1&language=en&thumbFit=cover&stripcashR=0&thumbType=default&kbLimit=0&modelsInWatchHistoryCount=-1&modelsInFavoritesCount=-1&userType=newuser&modelsCount=1&segment=hls-newAPI&landing=WidgetV4Universal&referrer=https%3A%2F%2Ftsyndicate.com%2F&i=0&ib=0&filtersMatch=0&m=%5B%7B%22type%22%3A%22navigation%22%2C%22startTime%22%3A0%2C%22duration%22%3A1766%7D%2C%7B%22type%22%3A%22resource%22%2C%22startTime%22%3A1297%2C%22duration%22%3A250%2C%22transferSize%22%3A80914%7D%2C%7B%22type%22%3A%22first-contentful-paint%22%2C%22startTime%22%3A2316%2C%22duration%22%3A0%7D%5D&mh=1143803899 HTTP/1.1
Host: go.fxmnba.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://creative.fxmnba.com/
Cookie: __cflb=02DiuDFRFiBZBvMSLtsgHAphT8dt9Y3eZy71xvX8zrDyE
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Tue, 05 Dec 2023 16:33:25 GMT
content-type: image/gif
content-length: 103
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Bitness, Sec-CH-UA-Wow64
cf-cache-status: DYNAMIC
server: cloudflare
cf-ray: 830db0d3acfd7127-OSL
alt-svc: h3=":443"; ma=86400
go.xlivesex.com/checkUrl
15 B IP
File type JSON data\012- , ASCII text, with no line terminators
Hash 7fb97eb7c8636552ad068f6d56b5ea34
b69679936779fb02503bc0fe1374a737cc762ecb
e78008828abaa93c4462e326ef384dcda1443352a0f24bdeedada6a6fdbfd1d5
GET /checkUrl HTTP/1.1
Host: go.xlivesex.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en
Accept-Encoding: gzip, deflate, br
Referer: https://creative.fxmnba.com/
Origin: https://creative.fxmnba.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Tue, 05 Dec 2023 16:33:25 GMT
content-type: application/json
content-length: 15
access-control-allow-origin: https://creative.fxmnba.com
cf-cache-status: DYNAMIC
set-cookie: __cflb=0H28upDCGznfDm9XVEL2Ezfg4QRCzSiwHYKo15JQqEk; SameSite=None; Secure; path=/; expires=Wed, 06-Dec-23 16:33:25 GMT; HttpOnly
server: cloudflare
cf-ray: 830db0d42ffe1c02-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
go.bbrdbr.com/config?url=https%3A%2F%2Fcreative.bbrdbr.com%2Fwidgets%2Fv4%2FUniversal%3Ftag%3Dgirls%2Fasian%26thumbsMargin%3D0%26gridRows%3D1%26gridColumns%3D1%26sourceId%3D300cps2asgirl%26creativeId%3D300cps2asgirl%26responsive%3D0%26hideButton%3D1%26hideTitle%3D1%26userId%3Debe1e2aa04642c4dc9f7e9a5dfdb455c9ef1b6825ab8b9414a96e56e40140e75%26autoplay%3Dall%26autoplayForce%3D1%26showModal%3Dsignup%26memberId%3D%7Bclickid%7D
2.2 kB URL go.bbrdbr.com/config?url=https%3A%2F%2Fcreative.bbrdbr.com%2Fwidgets%2Fv4%2FUniversal%3Ftag%3Dgirls%2Fasian%26thumbsMargin%3D0%26gridRows%3D1%26gridColumns%3D1%26sourceId%3D300cps2asgirl%26creativeId%3D300cps2asgirl%26responsive%3D0%26hideButton%3D1%26hideTitle%3D1%26userId%3Debe1e2aa04642c4dc9f7e9a5dfdb455c9ef1b6825ab8b9414a96e56e40140e75%26autoplay%3Dall%26autoplayForce%3D1%26showModal%3Dsignup%26memberId%3D%7Bclickid%7D
IP
File type JSON data\012- , ASCII text
Hash 941e4b4795edc7ef42b5373a422b8edf
46545ef046abf540d50d007f11d5b749f30dca86
52597771fd17d3ca2d58f1d037a7746ab7a05870953b53f95fd09a475f0d3124
GET /config?url=https%3A%2F%2Fcreative.bbrdbr.com%2Fwidgets%2Fv4%2FUniversal%3Ftag%3Dgirls%2Fasian%26thumbsMargin%3D0%26gridRows%3D1%26gridColumns%3D1%26sourceId%3D300cps2asgirl%26creativeId%3D300cps2asgirl%26responsive%3D0%26hideButton%3D1%26hideTitle%3D1%26userId%3Debe1e2aa04642c4dc9f7e9a5dfdb455c9ef1b6825ab8b9414a96e56e40140e75%26autoplay%3Dall%26autoplayForce%3D1%26showModal%3Dsignup%26memberId%3D%7Bclickid%7D HTTP/1.1
Host: go.bbrdbr.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://creative.bbrdbr.com/
Origin: https://creative.bbrdbr.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Tue, 05 Dec 2023 16:33:25 GMT
content-type: application/json
access-control-allow-origin: https://creative.bbrdbr.com
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Bitness, Sec-CH-UA-Wow64
last-modified: Tue, 05 Dec 2023 16:14:16 GMT
cf-cache-status: HIT
age: 243
vary: Accept-Encoding
server: cloudflare
cf-ray: 830db0d3fde456b1-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
go.fxmnba.com/app/domain-checker/get-check
121 B URL go.fxmnba.com/app/domain-checker/get-check
IP
File type JSON data\012- , ASCII text
Hash 412369d698f706729a8d5caf90fcb5f3
8d8781d4f839cc457c77c0e7d5f5449d0d7bfa6a
83cbb5d1c35599663ca06bc70cf29a2161aae9b422d86cc2dc2149a0291243d5
GET /app/domain-checker/get-check HTTP/1.1
Host: go.fxmnba.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://creative.fxmnba.com/
Origin: https://creative.fxmnba.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Tue, 05 Dec 2023 16:33:25 GMT
content-type: application/json
access-control-allow-origin: https://creative.fxmnba.com
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Bitness, Sec-CH-UA-Wow64
cf-cache-status: DYNAMIC
set-cookie: __cflb=0H28upDCGznfDm9XVDQoiPUVymMcUWj9eZ1ntGxtEKN; SameSite=None; Secure; path=/; expires=Wed, 06-Dec-23 16:33:25 GMT; HttpOnly
server: cloudflare
cf-ray: 830db0d34c847127-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
xhlive.cam/checkUrl
15 B IP
File type JSON data\012- , ASCII text, with no line terminators
Hash 7fb97eb7c8636552ad068f6d56b5ea34
b69679936779fb02503bc0fe1374a737cc762ecb
e78008828abaa93c4462e326ef384dcda1443352a0f24bdeedada6a6fdbfd1d5
GET /checkUrl HTTP/1.1
Host: xhlive.cam
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en
Accept-Encoding: gzip, deflate, br
Referer: https://creative.fxmnba.com/
Origin: https://creative.fxmnba.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Tue, 05 Dec 2023 16:33:25 GMT
content-type: application/json
content-length: 15
access-control-allow-origin: https://creative.fxmnba.com
cf-cache-status: DYNAMIC
set-cookie: __cflb=0H28vf6sQBvhykduxUFAzhY1qJBuG8ykEKxniSAtX4x; SameSite=None; Secure; path=/; expires=Wed, 06-Dec-23 16:33:25 GMT; HttpOnly
server: cloudflare
cf-ray: 830db0d58b055697-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
go.fxmnba.com/app/domain-checker/check-result
0 B URL go.fxmnba.com/app/domain-checker/check-result
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /app/domain-checker/check-result HTTP/1.1
Host: go.fxmnba.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://creative.fxmnba.com/
Content-Type: text/plain;charset=UTF-8
Content-Length: 174
Origin: https://creative.fxmnba.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 204 No Content
date: Tue, 05 Dec 2023 16:33:25 GMT
access-control-allow-origin: https://creative.fxmnba.com
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Bitness, Sec-CH-UA-Wow64
cf-cache-status: DYNAMIC
set-cookie: __cflb=0H28upDCGznfDm9XVD3VBZigQJNzkRrRKdLiUiARqAC; SameSite=None; Secure; path=/; expires=Wed, 06-Dec-23 16:33:25 GMT; HttpOnly
server: cloudflare
cf-ray: 830db0d60fc97127-OSL
alt-svc: h3=":443"; ma=86400
go.fxmnba.com/app/domain-checker/check-result
0 B URL go.fxmnba.com/app/domain-checker/check-result
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /app/domain-checker/check-result HTTP/1.1
Host: go.fxmnba.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://creative.fxmnba.com/
Content-Type: text/plain;charset=UTF-8
Content-Length: 174
Origin: https://creative.fxmnba.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 204 No Content
date: Tue, 05 Dec 2023 16:33:25 GMT
access-control-allow-origin: https://creative.fxmnba.com
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Bitness, Sec-CH-UA-Wow64
cf-cache-status: DYNAMIC
set-cookie: __cflb=0H28upDCGznfDm9XVD3VBZigQJNzkRrRKdLiUiARqAC; SameSite=None; Secure; path=/; expires=Wed, 06-Dec-23 16:33:25 GMT; HttpOnly
server: cloudflare
cf-ray: 830db0d6380a7127-OSL
alt-svc: h3=":443"; ma=86400
img.strpst.com/thumbs/1701793980/61085928_webp
7.5 kB URL img.strpst.com/thumbs/1701793980/61085928_webp
IP
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 480x360, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash 3d06ecac9f225054e1d40c8079110c20
1e9654ba06c4b207153556665af4d7c7ca726831
7b5dcc0e848ab5ffa3c21d4e8b79844f95c3da8c9ddebe2a79785f84d6be0e5e
GET /thumbs/1701793980/61085928_webp HTTP/1.1
Host: img.strpst.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://creative.bbrdbr.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Tue, 05 Dec 2023 16:33:25 GMT
content-type: image/webp
content-length: 7514
etag: "3d06ecac9f225054e1d40c8079110c20"
last-modified: Tue, 05 Dec 2023 16:32:00 GMT
cache-control: public, max-age=1800, s-maxage=1800
access-control-allow-origin: *
access-control-allow-methods: GET
cf-cache-status: HIT
age: 16
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 830db0d69e3e56c6-OSL
alt-svc: h3=":443"; ma=86400
go.fxmnba.com/app/domain-checker/check-result
0 B URL go.fxmnba.com/app/domain-checker/check-result
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /app/domain-checker/check-result HTTP/1.1
Host: go.fxmnba.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://creative.fxmnba.com/
Content-Type: text/plain;charset=UTF-8
Content-Length: 174
Origin: https://creative.fxmnba.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 204 No Content
date: Tue, 05 Dec 2023 16:33:25 GMT
access-control-allow-origin: https://creative.fxmnba.com
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Bitness, Sec-CH-UA-Wow64
cf-cache-status: DYNAMIC
set-cookie: __cflb=0H28upDCGznfDm9XVE9CKHVnP1Wapb2NxLoVpeFDKkY; SameSite=None; Secure; path=/; expires=Wed, 06-Dec-23 16:33:25 GMT; HttpOnly
server: cloudflare
cf-ray: 830db0d688777127-OSL
alt-svc: h3=":443"; ma=86400
img.strpst.com/thumbs/1701793980/61085928_webp
7.5 kB URL img.strpst.com/thumbs/1701793980/61085928_webp
IP
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 480x360, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash 3d06ecac9f225054e1d40c8079110c20
1e9654ba06c4b207153556665af4d7c7ca726831
7b5dcc0e848ab5ffa3c21d4e8b79844f95c3da8c9ddebe2a79785f84d6be0e5e
GET /thumbs/1701793980/61085928_webp HTTP/1.1
Host: img.strpst.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://creative.bbrdbr.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Tue, 05 Dec 2023 16:33:25 GMT
content-type: image/webp
content-length: 7514
etag: "3d06ecac9f225054e1d40c8079110c20"
last-modified: Tue, 05 Dec 2023 16:32:00 GMT
cache-control: public, max-age=1800, s-maxage=1800
access-control-allow-origin: *
access-control-allow-methods: GET
cf-cache-status: HIT
age: 16
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 830db0d70ec956c6-OSL
alt-svc: h3=":443"; ma=86400
creative.bbrdbr.com/widgets/v4/Universal/lang/en.json
851 B URL creative.bbrdbr.com/widgets/v4/Universal/lang/en.json
IP
File type JSON data\012- , ASCII text
Hash 69a54638b649d7ce4748bd42c4b6dade
a2dfe9f8791952fbc5cc44d4757b031a6cee1731
0c25fbbff92c994866041b57d519aa22aa84d55b6b31bcf681dd5b74668cb750
GET /widgets/v4/Universal/lang/en.json HTTP/1.1
Host: creative.bbrdbr.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://creative.bbrdbr.com/widgets/v4/Universal?tag=girls/asian&thumbsMargin=0&gridRows=1&gridColumns=1&sourceId=300cps2asgirl&creativeId=300cps2asgirl&responsive=0&hideButton=1&hideTitle=1&userId=ebe1e2aa04642c4dc9f7e9a5dfdb455c9ef1b6825ab8b9414a96e56e40140e75&autoplay=all&autoplayForce=1&showModal=signup&memberId={clickid}
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Tue, 05 Dec 2023 16:33:25 GMT
content-type: application/json
last-modified: Tue, 05 Dec 2023 10:58:14 GMT
etag: W/"656f0246-ac"
expires: Tue, 05 Dec 2023 16:33:27 GMT
cache-control: max-age=10
pragma: public
cf-cache-status: HIT
age: 0
vary: Accept-Encoding
server: cloudflare
cf-ray: 830db0d388c256cb-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
go.bbrdbr.com/abc.gif?sourceId=300cps2asgirl&creativeId=300cps2asgirl&userId=ebe1e2aa04642c4dc9f7e9a5dfdb455c9ef1b6825ab8b9414a96e56e40140e75&modelsLimit=1&actionButtonPlacement=bottom&thumbSizeKey=big&hideButtonOnSmallSpots=1&hideTitleOnSmallSpots=1&hideModelNameOnSmallSpots=1&buttonColor=%23DC0C2C&liveBadgeColor=%2300bd8f&language=en&thumbFit=cover&quality=original&stripcashR=0&thumbType=default&kbLimit=0&modelsInWatchHistoryCount=-1&modelsInFavoritesCount=-1&userType=newuser&modelsCount=1&segment=hls-newAPI&landing=WidgetV4Universal&referrer=https%3A%2F%2Fr.trackwilltrk.com%2F&i=0&ib=0&filtersMatch=1&m=%5B%7B%22type%22%3A%22navigation%22%2C%22startTime%22%3A0%2C%22duration%22%3A1112%7D%2C%7B%22type%22%3A%22resource%22%2C%22startTime%22%3A731%2C%22duration%22%3A94%2C%22transferSize%22%3A80913%7D%5D&mh=-411800852
103 B URL go.bbrdbr.com/abc.gif?sourceId=300cps2asgirl&creativeId=300cps2asgirl&userId=ebe1e2aa04642c4dc9f7e9a5dfdb455c9ef1b6825ab8b9414a96e56e40140e75&modelsLimit=1&actionButtonPlacement=bottom&thumbSizeKey=big&hideButtonOnSmallSpots=1&hideTitleOnSmallSpots=1&hideModelNameOnSmallSpots=1&buttonColor=%23DC0C2C&liveBadgeColor=%2300bd8f&language=en&thumbFit=cover&quality=original&stripcashR=0&thumbType=default&kbLimit=0&modelsInWatchHistoryCount=-1&modelsInFavoritesCount=-1&userType=newuser&modelsCount=1&segment=hls-newAPI&landing=WidgetV4Universal&referrer=https%3A%2F%2Fr.trackwilltrk.com%2F&i=0&ib=0&filtersMatch=1&m=%5B%7B%22type%22%3A%22navigation%22%2C%22startTime%22%3A0%2C%22duration%22%3A1112%7D%2C%7B%22type%22%3A%22resource%22%2C%22startTime%22%3A731%2C%22duration%22%3A94%2C%22transferSize%22%3A80913%7D%5D&mh=-411800852
IP
Hash 8c99886486b9a004383cb4df29011c43
d79ca4754481fc59598bc08fcdf354900918bffe
bda00b0f6892b1c6991e793b42654ad1807694e2ffabcbc4eb1399379737ef6c
GET /abc.gif?sourceId=300cps2asgirl&creativeId=300cps2asgirl&userId=ebe1e2aa04642c4dc9f7e9a5dfdb455c9ef1b6825ab8b9414a96e56e40140e75&modelsLimit=1&actionButtonPlacement=bottom&thumbSizeKey=big&hideButtonOnSmallSpots=1&hideTitleOnSmallSpots=1&hideModelNameOnSmallSpots=1&buttonColor=%23DC0C2C&liveBadgeColor=%2300bd8f&language=en&thumbFit=cover&quality=original&stripcashR=0&thumbType=default&kbLimit=0&modelsInWatchHistoryCount=-1&modelsInFavoritesCount=-1&userType=newuser&modelsCount=1&segment=hls-newAPI&landing=WidgetV4Universal&referrer=https%3A%2F%2Fr.trackwilltrk.com%2F&i=0&ib=0&filtersMatch=1&m=%5B%7B%22type%22%3A%22navigation%22%2C%22startTime%22%3A0%2C%22duration%22%3A1112%7D%2C%7B%22type%22%3A%22resource%22%2C%22startTime%22%3A731%2C%22duration%22%3A94%2C%22transferSize%22%3A80913%7D%5D&mh=-411800852 HTTP/1.1
Host: go.bbrdbr.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://creative.bbrdbr.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Tue, 05 Dec 2023 16:33:25 GMT
content-type: image/gif
content-length: 103
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Bitness, Sec-CH-UA-Wow64
cf-cache-status: DYNAMIC
set-cookie: __cflb=02DiuDFRFiBZBvMSLtsgHAphT8dt9Y3eZyqqV85nd7tTe; SameSite=None; Secure; path=/; expires=Wed, 06-Dec-23 16:33:25 GMT; HttpOnly
server: cloudflare
cf-ray: 830db0d70cfd56cb-OSL
alt-svc: h3=":443"; ma=86400
img.strpst.com/thumbs/1701793980/61085928_webp
7.5 kB URL img.strpst.com/thumbs/1701793980/61085928_webp
IP
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 480x360, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash 3d06ecac9f225054e1d40c8079110c20
1e9654ba06c4b207153556665af4d7c7ca726831
7b5dcc0e848ab5ffa3c21d4e8b79844f95c3da8c9ddebe2a79785f84d6be0e5e
GET /thumbs/1701793980/61085928_webp HTTP/1.1
Host: img.strpst.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://creative.bbrdbr.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Tue, 05 Dec 2023 16:33:25 GMT
content-type: image/webp
content-length: 7514
etag: "3d06ecac9f225054e1d40c8079110c20"
last-modified: Tue, 05 Dec 2023 16:32:00 GMT
cache-control: public, max-age=1800, s-maxage=1800
access-control-allow-origin: *
access-control-allow-methods: GET
cf-cache-status: HIT
age: 16
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 830db0d7dfc556c6-OSL
alt-svc: h3=":443"; ma=86400
go.bbrdbr.com/abc.gif?sourceId=300cps2asgirl&creativeId=300cps2asgirl&userId=ebe1e2aa04642c4dc9f7e9a5dfdb455c9ef1b6825ab8b9414a96e56e40140e75&modelsLimit=1&actionButtonPlacement=bottom&thumbSizeKey=big&hideButtonOnSmallSpots=1&hideTitleOnSmallSpots=1&hideModelNameOnSmallSpots=1&buttonColor=%23DC0C2C&liveBadgeColor=%2300bd8f&language=en&thumbFit=cover&quality=original&stripcashR=0&thumbType=default&kbLimit=0&modelsInWatchHistoryCount=-1&modelsInFavoritesCount=-1&userType=newuser&modelsCount=1&segment=hls-newAPI&landing=WidgetV4Universal&referrer=https%3A%2F%2Fr.trackwilltrk.com%2F&i=0&ib=0&filtersMatch=1&m=%5B%7B%22type%22%3A%22navigation%22%2C%22startTime%22%3A0%2C%22duration%22%3A1147%7D%2C%7B%22type%22%3A%22resource%22%2C%22startTime%22%3A773%2C%22duration%22%3A88%2C%22transferSize%22%3A80913%7D%5D&mh=1496501639
103 B URL go.bbrdbr.com/abc.gif?sourceId=300cps2asgirl&creativeId=300cps2asgirl&userId=ebe1e2aa04642c4dc9f7e9a5dfdb455c9ef1b6825ab8b9414a96e56e40140e75&modelsLimit=1&actionButtonPlacement=bottom&thumbSizeKey=big&hideButtonOnSmallSpots=1&hideTitleOnSmallSpots=1&hideModelNameOnSmallSpots=1&buttonColor=%23DC0C2C&liveBadgeColor=%2300bd8f&language=en&thumbFit=cover&quality=original&stripcashR=0&thumbType=default&kbLimit=0&modelsInWatchHistoryCount=-1&modelsInFavoritesCount=-1&userType=newuser&modelsCount=1&segment=hls-newAPI&landing=WidgetV4Universal&referrer=https%3A%2F%2Fr.trackwilltrk.com%2F&i=0&ib=0&filtersMatch=1&m=%5B%7B%22type%22%3A%22navigation%22%2C%22startTime%22%3A0%2C%22duration%22%3A1147%7D%2C%7B%22type%22%3A%22resource%22%2C%22startTime%22%3A773%2C%22duration%22%3A88%2C%22transferSize%22%3A80913%7D%5D&mh=1496501639
IP
Hash 8c99886486b9a004383cb4df29011c43
d79ca4754481fc59598bc08fcdf354900918bffe
bda00b0f6892b1c6991e793b42654ad1807694e2ffabcbc4eb1399379737ef6c
GET /abc.gif?sourceId=300cps2asgirl&creativeId=300cps2asgirl&userId=ebe1e2aa04642c4dc9f7e9a5dfdb455c9ef1b6825ab8b9414a96e56e40140e75&modelsLimit=1&actionButtonPlacement=bottom&thumbSizeKey=big&hideButtonOnSmallSpots=1&hideTitleOnSmallSpots=1&hideModelNameOnSmallSpots=1&buttonColor=%23DC0C2C&liveBadgeColor=%2300bd8f&language=en&thumbFit=cover&quality=original&stripcashR=0&thumbType=default&kbLimit=0&modelsInWatchHistoryCount=-1&modelsInFavoritesCount=-1&userType=newuser&modelsCount=1&segment=hls-newAPI&landing=WidgetV4Universal&referrer=https%3A%2F%2Fr.trackwilltrk.com%2F&i=0&ib=0&filtersMatch=1&m=%5B%7B%22type%22%3A%22navigation%22%2C%22startTime%22%3A0%2C%22duration%22%3A1147%7D%2C%7B%22type%22%3A%22resource%22%2C%22startTime%22%3A773%2C%22duration%22%3A88%2C%22transferSize%22%3A80913%7D%5D&mh=1496501639 HTTP/1.1
Host: go.bbrdbr.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://creative.bbrdbr.com/
Cookie: __cflb=02DiuDFRFiBZBvMSLtsgHAphT8dt9Y3eZyqqV85nd7tTe
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Tue, 05 Dec 2023 16:33:25 GMT
content-type: image/gif
content-length: 103
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Bitness, Sec-CH-UA-Wow64
cf-cache-status: DYNAMIC
server: cloudflare
cf-ray: 830db0d7ede756cb-OSL
alt-svc: h3=":443"; ma=86400
xhamster.com/pwa/isXHamsterOk
14 B URL xhamster.com/pwa/isXHamsterOk
IP
File type JSON data\012- , ASCII text, with no line terminators
Hash 5adb849d1e5031fa27c14f861f6700da
a5b1658db04aa9183a780d00838f638c7936446a
c45272c1b33373d94fb6786698d5145ba0cb558fc7494d91cbbb380b4fc561a8
GET /pwa/isXHamsterOk HTTP/1.1
Host: xhamster.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en
Accept-Encoding: gzip, deflate, br
Referer: https://creative.bbrdbr.com/
Origin: https://creative.bbrdbr.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Tue, 05 Dec 2023 16:33:25 GMT
content-type: application/json
content-length: 14
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-methods: GET, HEAD, OPTIONS
access-control-allow-headers: *
cf-cache-status: HIT
age: 1045
last-modified: Tue, 05 Dec 2023 16:16:00 GMT
expires: Tue, 05 Dec 2023 18:33:25 GMT
cache-control: public, max-age=7200
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=DifxHUuYo72ZbRUV00djM5EncWV6lVOw9ZAnfPQAFXpnhN5%2B426IbnpqXaJJM2%2FjD5nfeWivadBfR4GGUaa7qB%2FXxa%2F1j1rZlntLeMhoOAXuJ%2Bt9iAaOfIhkQDViuQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 830db0d97c310b69-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
xham.live/checkUrl
15 B IP
File type JSON data\012- , ASCII text, with no line terminators
Hash 7fb97eb7c8636552ad068f6d56b5ea34
b69679936779fb02503bc0fe1374a737cc762ecb
e78008828abaa93c4462e326ef384dcda1443352a0f24bdeedada6a6fdbfd1d5
GET /checkUrl HTTP/1.1
Host: xham.live
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en
Accept-Encoding: gzip, deflate, br
Referer: https://creative.bbrdbr.com/
Origin: https://creative.bbrdbr.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Tue, 05 Dec 2023 16:33:26 GMT
content-type: application/json
content-length: 15
access-control-allow-origin: https://creative.bbrdbr.com
cf-cache-status: DYNAMIC
set-cookie: __cflb=0H28vf6sQBvhykduxUFAzhY1qJBuG8ykEKxniSAtX4x; SameSite=None; Secure; path=/; expires=Wed, 06-Dec-23 16:33:26 GMT; HttpOnly
server: cloudflare
cf-ray: 830db0d958fdb529-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
xhamsterlive.com/checkUrl
15 B URL xhamsterlive.com/checkUrl
IP
File type JSON data\012- , ASCII text, with no line terminators
Hash 7fb97eb7c8636552ad068f6d56b5ea34
b69679936779fb02503bc0fe1374a737cc762ecb
e78008828abaa93c4462e326ef384dcda1443352a0f24bdeedada6a6fdbfd1d5
GET /checkUrl HTTP/1.1
Host: xhamsterlive.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en
Accept-Encoding: gzip, deflate, br
Referer: https://creative.bbrdbr.com/
Origin: https://creative.bbrdbr.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Tue, 05 Dec 2023 16:33:26 GMT
content-type: application/json
content-length: 15
access-control-allow-origin: https://creative.bbrdbr.com
cf-cache-status: DYNAMIC
set-cookie: __cflb=02DiuFLvK1H1SdXppSzMhXCseYneqbHf2Knbaanovje7N; SameSite=None; Secure; path=/; expires=Wed, 06-Dec-23 15:33:26 GMT; HttpOnly
_cfuvid=nsEfZrUk5rXu53fbArhML8Tb6b3yoxon0tHkI0zMg_w-1701794006015-0-604800000; path=/; domain=.xhamsterlive.com; HttpOnly; Secure; SameSite=None
server: cloudflare
cf-ray: 830db0d96f0d5694-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
creative.bbrdbr.com/widgets/v4/Universal/vendors~hls.13f01a3a9d7e36c14415.js
54 kB URL creative.bbrdbr.com/widgets/v4/Universal/vendors~hls.13f01a3a9d7e36c14415.js
IP
File type ASCII text, with very long lines (45140)
Hash 4a1e862a348e6713dfcce18e9cda2f42
47bed78ef29844bec68da443a6b0add48936b61b
b3b83266dde6fa2870ddc1cc812233d8baa03727cd4d65733ed5ee7a4fbb4490
GET /widgets/v4/Universal/vendors~hls.13f01a3a9d7e36c14415.js HTTP/1.1
Host: creative.bbrdbr.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://creative.bbrdbr.com/widgets/v4/Universal?tag=girls/asian&thumbsMargin=0&gridRows=1&gridColumns=1&sourceId=300cps2asgirl&creativeId=300cps2asgirl&responsive=0&hideButton=1&hideTitle=1&userId=ebe1e2aa04642c4dc9f7e9a5dfdb455c9ef1b6825ab8b9414a96e56e40140e75&autoplay=all&autoplayForce=1&showModal=signup&memberId={clickid}
Cookie: __cflb=0H28upDCGznfDm9XVDEEFVkNrzLraWxf1iTAm6S73Gx
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Tue, 05 Dec 2023 16:33:26 GMT
content-type: application/javascript; charset=utf-8
last-modified: Tue, 05 Dec 2023 10:59:44 GMT
etag: W/"656f02a0-2b6c9"
expires: Tue, 05 Dec 2023 16:33:29 GMT
cache-control: max-age=10
pragma: public
cf-cache-status: HIT
age: 2
vary: Accept-Encoding
server: cloudflare
cf-ray: 830db0db19f756cb-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
go.bbrdbr.com/app/domain-checker/check-result
0 B URL go.bbrdbr.com/app/domain-checker/check-result
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /app/domain-checker/check-result HTTP/1.1
Host: go.bbrdbr.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://creative.bbrdbr.com/
Content-Type: text/plain;charset=UTF-8
Content-Length: 174
Origin: https://creative.bbrdbr.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 204 No Content
date: Tue, 05 Dec 2023 16:33:26 GMT
access-control-allow-origin: https://creative.bbrdbr.com
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Bitness, Sec-CH-UA-Wow64
cf-cache-status: DYNAMIC
set-cookie: __cflb=0H28upDCGznfDm9XVDQoiPUVymMcUWjAPNXzSvb9ton; SameSite=None; Secure; path=/; expires=Wed, 06-Dec-23 16:33:26 GMT; HttpOnly
server: cloudflare
cf-ray: 830db0db4a3956cb-OSL
alt-svc: h3=":443"; ma=86400
creative.bbrdbr.com/widgets/v4/Universal/hls.4cfa5b780bfed20a8b26.js
53 B URL creative.bbrdbr.com/widgets/v4/Universal/hls.4cfa5b780bfed20a8b26.js
IP
File type ASCII text, with no line terminators
Hash 22f22b49cc901aa95826401f7ce0930c
6471abdd35ab6d511b67d73ad1375f1ee0f255de
0fae8b03858a764bad3e9af19bfc924ead5b9e25c760432c19e91cba3dff1cf3
GET /widgets/v4/Universal/hls.4cfa5b780bfed20a8b26.js HTTP/1.1
Host: creative.bbrdbr.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://creative.bbrdbr.com/widgets/v4/Universal?tag=girls/asian&thumbsMargin=0&gridRows=1&gridColumns=1&sourceId=300cps2asgirl&creativeId=300cps2asgirl&responsive=0&hideButton=1&hideTitle=1&userId=ebe1e2aa04642c4dc9f7e9a5dfdb455c9ef1b6825ab8b9414a96e56e40140e75&autoplay=all&autoplayForce=1&showModal=signup&memberId={clickid}
Cookie: __cflb=0H28upDCGznfDm9XVDEEFVkNrzLraWxf1iTAm6S73Gx
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Tue, 05 Dec 2023 16:33:26 GMT
content-type: application/javascript; charset=utf-8
last-modified: Tue, 05 Dec 2023 10:59:44 GMT
etag: W/"656f02a0-3d"
expires: Tue, 05 Dec 2023 16:33:31 GMT
cache-control: max-age=10
pragma: public
cf-cache-status: HIT
age: 2
vary: Accept-Encoding
server: cloudflare
cf-ray: 830db0db1a0156cb-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
b-hls-01.doppiocdn.com/hls/61085928/61085928_480p_init_mRv4khkw4zOU446W.mp4
1.2 kB URL b-hls-01.doppiocdn.com/hls/61085928/61085928_480p_init_mRv4khkw4zOU446W.mp4
IP
File type ISO Media, MP4 Base Media v5 \012- data
Hash 0176da8be7310155f39881d022b0def9
dae9f8208ad0bc206cbf2f859d5ae00146d9edcd
b9db21026458ba0403b83247b6828a818e08da3bc86c068ce5bc1d20e3c746c5
GET /hls/61085928/61085928_480p_init_mRv4khkw4zOU446W.mp4 HTTP/1.1
Host: b-hls-01.doppiocdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://creative.bbrdbr.com
DNT: 1
Connection: keep-alive
Referer: https://creative.bbrdbr.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Tue, 05 Dec 2023 16:33:26 GMT
content-type: video/mp4
content-length: 1216
last-modified: Tue, 05 Dec 2023 16:31:08 GMT
etag: "656f504c-4c0"
cache-control: public, max-age=60, s-maxage=60
access-control-allow-origin: *
timing-allow-origin: *
cf-cache-status: HIT
age: 34
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 830db0dd194d56b1-OSL
alt-svc: h3=":443"; ma=86400
go.fxmnba.com/event/ml
2.4 kB IP
File type JSON data\012- , ASCII text
Hash 88c21d0a42ec9acb4bf66d63f18d4c17
acc7a42c00e5b6ce70fc13f0351fb498b3353e5e
4e61d4ae93f0778e2d933029f0680f410c4b9271b9504f53a4e35d886eb12c08
POST /event/ml HTTP/1.1
Host: go.fxmnba.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://creative.fxmnba.com/
Content-Type: text/plain;charset=UTF-8
Content-Length: 172
Origin: https://creative.fxmnba.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Tue, 05 Dec 2023 16:33:25 GMT
content-type: application/json
access-control-allow-origin: https://creative.fxmnba.com
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Bitness, Sec-CH-UA-Wow64
cf-cache-status: DYNAMIC
set-cookie: __cflb=0H28upDCGznfDm9XVDEEFVkNrzLraWxf1iTAm6S73Gx; SameSite=None; Secure; path=/; expires=Wed, 06-Dec-23 16:33:25 GMT; HttpOnly
server: cloudflare
cf-ray: 830db0d44dab7127-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
b-hls-01.doppiocdn.com/hls/61085928/61085928_480p_init_mRv4khkw4zOU446W.mp4
1.2 kB URL b-hls-01.doppiocdn.com/hls/61085928/61085928_480p_init_mRv4khkw4zOU446W.mp4
IP
File type ISO Media, MP4 Base Media v5 \012- data
Hash 0176da8be7310155f39881d022b0def9
dae9f8208ad0bc206cbf2f859d5ae00146d9edcd
b9db21026458ba0403b83247b6828a818e08da3bc86c068ce5bc1d20e3c746c5
GET /hls/61085928/61085928_480p_init_mRv4khkw4zOU446W.mp4 HTTP/1.1
Host: b-hls-01.doppiocdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://creative.bbrdbr.com
DNT: 1
Connection: keep-alive
Referer: https://creative.bbrdbr.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Tue, 05 Dec 2023 16:33:26 GMT
content-type: video/mp4
content-length: 1216
last-modified: Tue, 05 Dec 2023 16:31:08 GMT
etag: "656f504c-4c0"
cache-control: public, max-age=60, s-maxage=60
access-control-allow-origin: *
timing-allow-origin: *
cf-cache-status: HIT
age: 34
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 830db0dd59a456b1-OSL
alt-svc: h3=":443"; ma=86400
b-hls-01.doppiocdn.com/hls/61085928/61085928_480p_64_2cr3yIvzuaFLShYh_1701793998.mp4
311 kB URL b-hls-01.doppiocdn.com/hls/61085928/61085928_480p_64_2cr3yIvzuaFLShYh_1701793998.mp4
IP
Size 311 kB (311206 bytes)
Hash df56a45acba3af2cc3e7a4f8a796e302
a1991b40462375bbe4efad010a88e32667c2db71
5144a2d5bdd3daed06fab5f5972eb4518def526351452d515c140fcdf56152d3
GET /hls/61085928/61085928_480p_64_2cr3yIvzuaFLShYh_1701793998.mp4 HTTP/1.1
Host: b-hls-01.doppiocdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://creative.bbrdbr.com
DNT: 1
Connection: keep-alive
Referer: https://creative.bbrdbr.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Tue, 05 Dec 2023 16:33:26 GMT
content-type: video/mp4
content-length: 311206
last-modified: Tue, 05 Dec 2023 16:33:20 GMT
etag: "656f50d0-4bfa6"
cache-control: public, max-age=60, s-maxage=60
access-control-allow-origin: *
timing-allow-origin: *
cf-cache-status: HIT
age: 4
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 830db0dd89d956b1-OSL
alt-svc: h3=":443"; ma=86400
b-hls-01.doppiocdn.com/hls/61085928/61085928_480p_64_2cr3yIvzuaFLShYh_1701793998.mp4
311 kB URL b-hls-01.doppiocdn.com/hls/61085928/61085928_480p_64_2cr3yIvzuaFLShYh_1701793998.mp4
IP
Size 311 kB (311206 bytes)
Hash df56a45acba3af2cc3e7a4f8a796e302
a1991b40462375bbe4efad010a88e32667c2db71
5144a2d5bdd3daed06fab5f5972eb4518def526351452d515c140fcdf56152d3
GET /hls/61085928/61085928_480p_64_2cr3yIvzuaFLShYh_1701793998.mp4 HTTP/1.1
Host: b-hls-01.doppiocdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://creative.bbrdbr.com
DNT: 1
Connection: keep-alive
Referer: https://creative.bbrdbr.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Tue, 05 Dec 2023 16:33:26 GMT
content-type: video/mp4
content-length: 311206
last-modified: Tue, 05 Dec 2023 16:33:20 GMT
etag: "656f50d0-4bfa6"
cache-control: public, max-age=60, s-maxage=60
access-control-allow-origin: *
timing-allow-origin: *
cf-cache-status: HIT
age: 4
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 830db0dd89df56b1-OSL
alt-svc: h3=":443"; ma=86400
b-hls-01.doppiocdn.com/hls/61085928/61085928_480p_64_2cr3yIvzuaFLShYh_1701793998.mp4
311 kB URL b-hls-01.doppiocdn.com/hls/61085928/61085928_480p_64_2cr3yIvzuaFLShYh_1701793998.mp4
IP
Size 311 kB (311206 bytes)
Hash df56a45acba3af2cc3e7a4f8a796e302
a1991b40462375bbe4efad010a88e32667c2db71
5144a2d5bdd3daed06fab5f5972eb4518def526351452d515c140fcdf56152d3
GET /hls/61085928/61085928_480p_64_2cr3yIvzuaFLShYh_1701793998.mp4 HTTP/1.1
Host: b-hls-01.doppiocdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://creative.bbrdbr.com
DNT: 1
Connection: keep-alive
Referer: https://creative.bbrdbr.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Tue, 05 Dec 2023 16:33:26 GMT
content-type: video/mp4
content-length: 311206
last-modified: Tue, 05 Dec 2023 16:33:20 GMT
etag: "656f50d0-4bfa6"
cache-control: public, max-age=60, s-maxage=60
access-control-allow-origin: *
timing-allow-origin: *
cf-cache-status: HIT
age: 4
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 830db0ddea4856b1-OSL
alt-svc: h3=":443"; ma=86400
b-hls-01.doppiocdn.com/hls/61085928/61085928_480p_65_6oKapkvQQVvc9HtW_1701794000.mp4
320 kB URL b-hls-01.doppiocdn.com/hls/61085928/61085928_480p_65_6oKapkvQQVvc9HtW_1701794000.mp4
IP
Size 320 kB (320054 bytes)
Hash 3db35289d659e3fa7b5633bcecd77626
e429f4e2120f77ee142ba29854f022f7012684d6
1c5da591403aad84489741571991592de6d68d18254a56d5d3ce79f67de57691
GET /hls/61085928/61085928_480p_65_6oKapkvQQVvc9HtW_1701794000.mp4 HTTP/1.1
Host: b-hls-01.doppiocdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://creative.bbrdbr.com
DNT: 1
Connection: keep-alive
Referer: https://creative.bbrdbr.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Tue, 05 Dec 2023 16:33:26 GMT
content-type: video/mp4
content-length: 320054
last-modified: Tue, 05 Dec 2023 16:33:22 GMT
etag: "656f50d2-4e236"
cache-control: public, max-age=60, s-maxage=60
access-control-allow-origin: *
timing-allow-origin: *
cf-cache-status: HIT
age: 2
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 830db0deab1e56b1-OSL
alt-svc: h3=":443"; ma=86400
b-hls-01.doppiocdn.com/hls/61085928/61085928_480p_65_6oKapkvQQVvc9HtW_1701794000.mp4
320 kB URL b-hls-01.doppiocdn.com/hls/61085928/61085928_480p_65_6oKapkvQQVvc9HtW_1701794000.mp4
IP
Size 320 kB (320054 bytes)
Hash 3db35289d659e3fa7b5633bcecd77626
e429f4e2120f77ee142ba29854f022f7012684d6
1c5da591403aad84489741571991592de6d68d18254a56d5d3ce79f67de57691
GET /hls/61085928/61085928_480p_65_6oKapkvQQVvc9HtW_1701794000.mp4 HTTP/1.1
Host: b-hls-01.doppiocdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://creative.bbrdbr.com
DNT: 1
Connection: keep-alive
Referer: https://creative.bbrdbr.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Tue, 05 Dec 2023 16:33:26 GMT
content-type: video/mp4
content-length: 320054
last-modified: Tue, 05 Dec 2023 16:33:22 GMT
etag: "656f50d2-4e236"
cache-control: public, max-age=60, s-maxage=60
access-control-allow-origin: *
timing-allow-origin: *
cf-cache-status: HIT
age: 2
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 830db0df1bbd56b1-OSL
alt-svc: h3=":443"; ma=86400
b-hls-01.doppiocdn.com/hls/61085928/61085928_480p_65_6oKapkvQQVvc9HtW_1701794000.mp4
320 kB URL b-hls-01.doppiocdn.com/hls/61085928/61085928_480p_65_6oKapkvQQVvc9HtW_1701794000.mp4
IP
Size 320 kB (320054 bytes)
Hash 3db35289d659e3fa7b5633bcecd77626
e429f4e2120f77ee142ba29854f022f7012684d6
1c5da591403aad84489741571991592de6d68d18254a56d5d3ce79f67de57691
GET /hls/61085928/61085928_480p_65_6oKapkvQQVvc9HtW_1701794000.mp4 HTTP/1.1
Host: b-hls-01.doppiocdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://creative.bbrdbr.com
DNT: 1
Connection: keep-alive
Referer: https://creative.bbrdbr.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Tue, 05 Dec 2023 16:33:26 GMT
content-type: video/mp4
content-length: 320054
last-modified: Tue, 05 Dec 2023 16:33:22 GMT
etag: "656f50d2-4e236"
cache-control: public, max-age=60, s-maxage=60
access-control-allow-origin: *
timing-allow-origin: *
cf-cache-status: HIT
age: 2
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 830db0df3bdb56b1-OSL
alt-svc: h3=":443"; ma=86400
aus5.mozilla.org/update/3/GMP/111.0a1/20230218104546/Linux_x86_64-gcc3/null/default/Linux%205.15.0-76-generic%20(GTK%203.24.34%2Clibpulse%20not-available)/default/default/update.xml
5.8 kB URL aus5.mozilla.org/update/3/GMP/111.0a1/20230218104546/Linux_x86_64-gcc3/null/default/Linux%205.15.0-76-generic%20(GTK%203.24.34%2Clibpulse%20not-available)/default/default/update.xml
IP
File type gzip compressed data, max speed, from Unix\012- data
Hash 26f74a51f3a41ab81bb1600c4dff77f8
94f623e1202d4fe4243e01b574201944e21ac815
68c20496e6e0670329c0a07f07d26fa6c870903c3c5f0f5082d8f6a09373be62
GET /update/3/GMP/111.0a1/20230218104546/Linux_x86_64-gcc3/null/default/Linux%205.15.0-76-generic%20(GTK%203.24.34%2Clibpulse%20not-available)/default/default/update.xml HTTP/1.1
Host: aus5.mozilla.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Cache-Control: no-cache
Pragma: no-cache
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Tue, 05 Dec 2023 16:33:28 GMT
content-type: text/xml; charset=utf-8
vary: Accept-Encoding
cache-control: public, max-age=90
rule-id: unknown
rule-data-version: unknown
content-signature: x5u=https://content-signature-2.cdn.mozilla.net/chains/aus.content-signature.mozilla.org-2024-01-19-16-42-22.chain; p384ecdsa=uv8Ak2Y5bHDhGsGywUM3CpojQg6crEQQEs1nMrtvAK8OEPRQXtWhmax5GddUDUC5drYI8baEX5zlft13coJTtaljPdNDC3KIAm9qcUW3XUcOTsdunIq2ysrhA8jgfUFC
strict-transport-security: max-age=31536000;
x-content-type-options: nosniff
content-security-policy: default-src 'none'; frame-ancestors 'none'
x-proxy-cache-status: MISS
content-encoding: gzip
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
ciscobinary.openh264.org/openh264-linux64-2e1774ab6dc6c43debb0b5b628bdf122a391d521.zip
512 kB URL ciscobinary.openh264.org/openh264-linux64-2e1774ab6dc6c43debb0b5b628bdf122a391d521.zip
IP
ASN #1299 Telia Company AB
File type Zip archive data, at least v2.0 to extract, compression method=deflate\012- data
Size 512 kB (511815 bytes)
Hash 152eda253e242e18443ef3282495bc7c
ff0fa85565f21ec4931baad4573b4c0bd08c4019
8e03090fee16f6e0ee2e436af8e51d0c3deed6d9f0db80dec048e668fc009a48
GET /openh264-linux64-2e1774ab6dc6c43debb0b5b628bdf122a391d521.zip HTTP/1.1
Host: ciscobinary.openh264.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
HTTP/1.1 200 OK
Last-Modified: Thu, 16 Nov 2023 07:38:15 GMT
ETag: 152eda253e242e18443ef3282495bc7c
Content-Length: 511815
Accept-Ranges: bytes
X-Timestamp: 1700120294.87662
Content-Type: application/zip
X-Trans-Id: tx15b69f172b404fa58b2bb-006555fb11dfw1
Cache-Control: public, max-age=164108
Expires: Thu, 07 Dec 2023 14:08:36 GMT
Date: Tue, 05 Dec 2023 16:33:28 GMT
Connection: keep-alive
12ezo5v60.com/bultykh/ipp24/7/bazinga/1989865
49 kB URL 12ezo5v60.com/bultykh/ipp24/7/bazinga/1989865
IP
File type gzip compressed data, max speed, from Unix\012- data
Hash df974b9c07b9f396b7c4bbc412afc73c
59d66b3011446398bb8a86bb061b39c8aa673a18
4cbcbcb02352649b647581ae686e4904e21d21891ed5402c726f6eec3c88b605
GET /bultykh/ipp24/7/bazinga/1989865 HTTP/1.1
Host: 12ezo5v60.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://fr.hentai-img.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Tue, 05 Dec 2023 16:33:18 GMT
content-type: application/javascript
last-modified: Tue, 28 Nov 2023 11:34:35 GMT
vary: Accept-Encoding
etag: W/"6565d04b-23739"
x-js-ab2: current
timing-allow-origin: *
accept-ch: sec-ch-ua-wow64,sec-ch-ua-full-version-list,sec-ch-ua,sec-ch-ua-platform,sec-ch-ua-mobile,sec-ch-ua-full-version,sec-ch-ua-platform-version,sec-ch-ua-arch,sec-ch-ua-bitness,sec-ch-ua-model,sec-ch-width,sec-ch-viewport-width,sec-ch-viewport-height,sec-ch-dpr,sec-ch-device-memory,sec-ch-rtt,sec-ch-prefers-color-scheme,sec-ch-prefers-reduced-motion,sec-ch-prefers-reduced-transparency,sec-ch-prefers-contrast,sec-ch-forced-colors,sec-ch-prefers-reduced-data
content-encoding: gzip
X-Firefox-Spdy: h2
b-hls-01.doppiocdn.com/hls/61085928/61085928_480p.m3u8
59 kB URL b-hls-01.doppiocdn.com/hls/61085928/61085928_480p.m3u8
IP
Hash 5844bc3617e5a5811eedbdc2b6c62fe8
cad1fcdf3e4874f6df1de218c098a7aea754f707
2864a13c188bea563616211d61a3ddcfea6e06b473c9a5a681453b311b860f7c
GET /hls/61085928/61085928_480p.m3u8 HTTP/1.1
Host: b-hls-01.doppiocdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://creative.bbrdbr.com
DNT: 1
Connection: keep-alive
Referer: https://creative.bbrdbr.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Tue, 05 Dec 2023 16:33:28 GMT
content-type: application/vnd.apple.mpegurl
vary: Accept-Encoding
last-modified: Tue, 05 Dec 2023 16:33:28 GMT
x-proxy-cache: EXPIRED
cache-control: public, max-age=1, s-maxage=1
access-control-allow-origin: *
timing-allow-origin: *
cf-cache-status: HIT
age: 0
server: cloudflare
cf-ray: 830db0e9695d56b1-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
go.goaserv.com/banner.go?spaceid=157185
200 OK 499 B URL GET HTTP/2 go.goaserv.com/banner.go?spaceid=157185
IP
Requested by https://fr.hentai-img.com/image/-ntr-/page/6/
Certificate IssuerLet's Encrypt
Subjectgo.goaserv.com
Fingerprint98:58:AD:14:7B:1B:EB:92:6E:86:8A:F9:93:3B:84:7A:B5:8C:73:D5
ValidityThu, 05 Oct 2023 21:00:38 GMT - Wed, 03 Jan 2024 21:00:37 GMT
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (523), with no line terminators
Hash 70f153e27cbff91c878c6b057fc5c0af
db0ab0da448b7b237faef1183a1630f9032fab15
a1a17b9a3360d8f0dbcb76956170bb62d16a831f503bfcb599f388ec905274d9
GET /banner.go?spaceid=157185 HTTP/1.1
Host: go.goaserv.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://fr.hentai-img.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Tue, 05 Dec 2023 16:33:21 GMT
content-type: text/html; charset=utf-8
expires: Mon, 03 Jul 2001 06:00:00 GMT
last-modified: Janon, 05 12 2023 16:33:21 GMT
cache-control: no-store, no-cache, must-revalidate, max-age=0,post-check=0, pre-check=0
pragma: no-cache
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version-List, Sec-CH-UA-WoW64
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-platform=*, ch-ua-platform-version=*
x-backend-server: nl2-go-web-242
content-encoding: gzip
X-Firefox-Spdy: h2
forklacy.com/watch.783951738308.js?key=7fd078e363f567e6039e684e541f9020&kw=%5B%22%E2%9D%A4%EF%B8%8F%22%2C%22ntr%22%2C%22%E2%9D%A4%EF%B8%8F%22%2C%22-%22%2C%226%22%2C%22-%22%2C%22hentai%22%2C%22image%22%5D&refer=https%3A%2F%2Ffr.hentai-img.com%2Fimage%2F-ntr-%2Fpage%2F6%2F&tz=0&dev=e&res=14.3095&uuid=8325fdb6-4dc6-407a-8a3e-13c934c97f16%3A3%3A1&shu=b3b27d495def941c0d9b07eb295c273670e96e672081ed6423297fd27d57b3d52748d1a021cdc48cadca93ed0be08bc20c7260b72ddb79a23d921d321d8a08eb9f0d59654fec3550923824ad4ee1a572cadcd2e82c8ff6b9e16fcc604a6b87&pst=1701794060&rmtc=t
200 OK 4.0 kB URL GET HTTP/1.1 forklacy.com/watch.783951738308.js?key=7fd078e363f567e6039e684e541f9020&kw=%5B%22%E2%9D%A4%EF%B8%8F%22%2C%22ntr%22%2C%22%E2%9D%A4%EF%B8%8F%22%2C%22-%22%2C%226%22%2C%22-%22%2C%22hentai%22%2C%22image%22%5D&refer=https%3A%2F%2Ffr.hentai-img.com%2Fimage%2F-ntr-%2Fpage%2F6%2F&tz=0&dev=e&res=14.3095&uuid=8325fdb6-4dc6-407a-8a3e-13c934c97f16%3A3%3A1&shu=b3b27d495def941c0d9b07eb295c273670e96e672081ed6423297fd27d57b3d52748d1a021cdc48cadca93ed0be08bc20c7260b72ddb79a23d921d321d8a08eb9f0d59654fec3550923824ad4ee1a572cadcd2e82c8ff6b9e16fcc604a6b87&pst=1701794060&rmtc=t
IP
ASN #39572 DataWeb Global Group B.V.
Requested by https://fr.hentai-img.com/image/-ntr-/page/6/
Certificate IssuerLet's Encrypt
Subjectforklacy.com
FingerprintEC:85:C1:DF:A4:84:6D:18:50:A5:AE:F6:0A:77:C6:D4:F8:27:67:1F
ValidityTue, 28 Nov 2023 10:42:01 GMT - Mon, 26 Feb 2024 10:42:00 GMT
File type HTML document text\012- HTML document, ASCII text, with very long lines (4040), with no line terminators
Hash bc4289c3905d0519c1eb768e583419e3
1bee1057d9436725f39b4514502327cd4c79ed57
2aa46a5e28d4debc704f3110b654e759363ab30deaba5f140e99c15459b5b031
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /watch.783951738308.js?key=7fd078e363f567e6039e684e541f9020&kw=%5B%22%E2%9D%A4%EF%B8%8F%22%2C%22ntr%22%2C%22%E2%9D%A4%EF%B8%8F%22%2C%22-%22%2C%226%22%2C%22-%22%2C%22hentai%22%2C%22image%22%5D&refer=https%3A%2F%2Ffr.hentai-img.com%2Fimage%2F-ntr-%2Fpage%2F6%2F&tz=0&dev=e&res=14.3095&uuid=8325fdb6-4dc6-407a-8a3e-13c934c97f16%3A3%3A1&shu=b3b27d495def941c0d9b07eb295c273670e96e672081ed6423297fd27d57b3d52748d1a021cdc48cadca93ed0be08bc20c7260b72ddb79a23d921d321d8a08eb9f0d59654fec3550923824ad4ee1a572cadcd2e82c8ff6b9e16fcc604a6b87&pst=1701794060&rmtc=t HTTP/1.1
Host: forklacy.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://fr.hentai-img.com
Referer: https://fr.hentai-img.com/
DNT: 1
Connection: keep-alive
Cookie: u_pl=16448109; ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoxNjQ0ODEwOSwiayI6IjdmZDA3OGUzNjNmNTY3ZTYwMzllNjg0ZTU0MWY5MDIwIiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjoxMzI2ODE1LCJwaWQiOjE0MjQ1NiwiYW4iOnRydWUsImxhbiI6dHJ1ZSwiY2lkIjoxNiwiYWlkIjoyNSwicHQiOjQsInBrIjoiY2NtaHRmcGdwIiwiY3BrcyI6eyIyOSI6IjI3ZDBhN2M0ODhjNTBmMmU5ZjU4N2Y3N2VjMDI3Y2ExIn0sInQiOjF9LCJ1Ijp7InUiOjEsImF1IjoxLCJkIjp7ImlkIjo5MDc1MzQ1NywiaWRzIjoiIiwiaWMiOmZhbHNlLCJuIjoiRGVza3RvcCxFbXVsYXRvciIsInYiOiJVbmtub3duIiwibSI6IlVua25vd24iLCJmIjoxLCJmbiI6IkRlc2t0b3AiLCJvaWQiOjM4OTE0LCJvbiI6IldpbmRvd3MiLCJvdiI6IjEwLjAiLCJiaWQiOjEyMDYyNSwiYm4iOiJGaXJlZm94IiwiYnYiOiIxMDUuMCIsInd2IjpmYWxzZSwiZSI6dHJ1ZSwiYWIiOmZhbHNlfSwiYyI6eyJpZCI6MTYyLCJjIjoiTk8iLCJuIjoiTm9yd2F5In0sImEiOmZhbHNlLCJjciI6eyJuIjoiQmxpeCBTb2x1dGlvbnMifSwieGYiOiIiLCJpeGYiOmZhbHNlLCJpZ3hmIjpmYWxzZSwidXAiOnRydWUsInIiOiJodHRwczovL2ZyLmhlbnRhaS1pbWcuY29tL2ltYWdlLy1udHItL3BhZ2UvNi8iLCJhciI6W119fQ.EVUbUHq67m6gmuc1Ig3l63n84Lhy6tquNPRgbdb4lTo
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Tue, 05 Dec 2023 16:33:21 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: https://fr.hentai-img.com
Access-Control-Allow-Origin: https://fr.hentai-img.com
Access-Control-Allow-Credentials: true
Set-Cookie: uid_id2=8325fdb6-4dc6-407a-8a3e-13c934c97f16:3:1; expires=Tue, 12 Dec 2023 16:33:21 GMT; secure; SameSite=None
iprccc17ee48fa41d6d0f08e4cd13e8c5122=3569676; expires=Tue, 05 Dec 2023 20:33:21 GMT; secure; SameSite=None
pdhtkv=true; expires=Wed, 06 Dec 2023 16:33:21 GMT; secure; SameSite=None
uncs=1; expires=Wed, 06 Dec 2023 16:33:21 GMT; secure; SameSite=None
pdhtkv25=true; expires=Wed, 06 Dec 2023 16:33:21 GMT; secure; SameSite=None
uncs25=1; expires=Wed, 06 Dec 2023 16:33:21 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 71d0977b18997294adb306c6ce3a646a
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
creative.fxmnba.com/widgets/v4/Universal?action=sbSignupWithModel&buttonColor=%23930606&campaignId=128029786fbed96fe880330bb083ecce41e122ba08e2711908bc9493ef368344&campaignType=smartpop&creativeId=d61a8beea3946d486612a3452b3d53ba84299ee51efd9260534d85230347af08&iterationId=765913&liveBadgeColor=%23ff0707&masterSmartpopId=1914&memberId=K6YNDI7X5gYHxE_6IHqQ2o7-5M49y_O0830F3tx6my9JmSjNxjkh8ZD5GTOL6Owk2lhvXGnIx67OtM2JrZwhsUDWTxd0axM7aKaG93gtpSy-JEM_gUIDRUi&mlView=1&p1=3803312&quality=240p&ruleId=17&smartpopId=1548&sourceId=271333&usePreroll=0&userId=ed4e3449202a44afa8131507a9d12a1c962321860e4bfcc2aa1b33a18897b60e&variationId=32246&webp=1
811 B URL GET creative.fxmnba.com/widgets/v4/Universal?action=sbSignupWithModel&buttonColor=%23930606&campaignId=128029786fbed96fe880330bb083ecce41e122ba08e2711908bc9493ef368344&campaignType=smartpop&creativeId=d61a8beea3946d486612a3452b3d53ba84299ee51efd9260534d85230347af08&iterationId=765913&liveBadgeColor=%23ff0707&masterSmartpopId=1914&memberId=K6YNDI7X5gYHxE_6IHqQ2o7-5M49y_O0830F3tx6my9JmSjNxjkh8ZD5GTOL6Owk2lhvXGnIx67OtM2JrZwhsUDWTxd0axM7aKaG93gtpSy-JEM_gUIDRUi&mlView=1&p1=3803312&quality=240p&ruleId=17&smartpopId=1548&sourceId=271333&usePreroll=0&userId=ed4e3449202a44afa8131507a9d12a1c962321860e4bfcc2aa1b33a18897b60e&variationId=32246&webp=1
IP
Requested by https://tsyndicate.com/iframes2/449e4fe3501746fda88f88df1f88ddf7.html?keywords=%E2%9D%A4%EF%B8%8F%20NTR%20%E2%9D%A4%EF%B8%8F%20-%206&subid=1863026-2407948-32-30-0-windows-windows%2B10-no&adb=0&clientjs=1&w=1280&h=1024&tz=0
Certificate IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
Fingerprint11:C8:29:33:4C:A0:2A:F3:EF:92:BC:95:11:62:B8:7A:AD:73:70:42
ValiditySun, 26 Feb 2023 00:00:00 GMT - Sun, 25 Feb 2024 23:59:59 GMT
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (872), with no line terminators
Hash 1508368ec567cd06853cdc259448ba42
70e10e55e4dd745b14b67bbae46608a7914ba08e
41d36e18fd13233271ebc47fd2ddbb53792aa280cbce63af0b02d23c13d851ab
GET /widgets/v4/Universal?action=sbSignupWithModel&buttonColor=%23930606&campaignId=128029786fbed96fe880330bb083ecce41e122ba08e2711908bc9493ef368344&campaignType=smartpop&creativeId=d61a8beea3946d486612a3452b3d53ba84299ee51efd9260534d85230347af08&iterationId=765913&liveBadgeColor=%23ff0707&masterSmartpopId=1914&memberId=K6YNDI7X5gYHxE_6IHqQ2o7-5M49y_O0830F3tx6my9JmSjNxjkh8ZD5GTOL6Owk2lhvXGnIx67OtM2JrZwhsUDWTxd0axM7aKaG93gtpSy-JEM_gUIDRUi&mlView=1&p1=3803312&quality=240p&ruleId=17&smartpopId=1548&sourceId=271333&usePreroll=0&userId=ed4e3449202a44afa8131507a9d12a1c962321860e4bfcc2aa1b33a18897b60e&variationId=32246&webp=1 HTTP/1.1
Host: creative.fxmnba.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://tsyndicate.com/
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Tue, 05 Dec 2023 16:33:22 GMT
content-type: text/html
last-modified: Tue, 05 Dec 2023 10:58:14 GMT
expires: Tue, 05 Dec 2023 16:33:15 GMT
cache-control: max-age=10
strict-transport-security: max-age=15768000
pragma: public
report-to: { "endpoints":[{ "url": "https://go.stripchat.com/report" }], "group": "default", "max_age": 1048576 }
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Bitness, Sec-CH-UA-Wow64
cf-cache-status: HIT
age: 10
vary: Accept-Encoding
server: cloudflare
cf-ray: 830db0c5bb1fb4ff-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
creative.fxmnba.com/widgets/v4/Universal?action=sbSignupWithModel&buttonColor=%23930606&campaignId=128029786fbed96fe880330bb083ecce41e122ba08e2711908bc9493ef368344&campaignType=smartpop&creativeId=d61a8beea3946d486612a3452b3d53ba84299ee51efd9260534d85230347af08&iterationId=765913&liveBadgeColor=%23ff0707&masterSmartpopId=1914&memberId=KkpdgH06qm87DdDQ4QntZdIFHTIq8ytA-IOuqM5IJwTA1_9yWpwj3y-5oxvWu2dZx3xlyk8arcoD8e-n-m8xYP5FOIkf6J9irQdWwNeoVjDfxEY_gUIDRUi&mlView=1&p1=3803312&quality=240p&ruleId=17&smartpopId=1548&sourceId=271333&usePreroll=0&userId=ed4e3449202a44afa8131507a9d12a1c962321860e4bfcc2aa1b33a18897b60e&variationId=32246&webp=1
811 B URL GET creative.fxmnba.com/widgets/v4/Universal?action=sbSignupWithModel&buttonColor=%23930606&campaignId=128029786fbed96fe880330bb083ecce41e122ba08e2711908bc9493ef368344&campaignType=smartpop&creativeId=d61a8beea3946d486612a3452b3d53ba84299ee51efd9260534d85230347af08&iterationId=765913&liveBadgeColor=%23ff0707&masterSmartpopId=1914&memberId=KkpdgH06qm87DdDQ4QntZdIFHTIq8ytA-IOuqM5IJwTA1_9yWpwj3y-5oxvWu2dZx3xlyk8arcoD8e-n-m8xYP5FOIkf6J9irQdWwNeoVjDfxEY_gUIDRUi&mlView=1&p1=3803312&quality=240p&ruleId=17&smartpopId=1548&sourceId=271333&usePreroll=0&userId=ed4e3449202a44afa8131507a9d12a1c962321860e4bfcc2aa1b33a18897b60e&variationId=32246&webp=1
IP
Requested by https://tsyndicate.com/iframes2/449e4fe3501746fda88f88df1f88ddf7.html?keywords=%E2%9D%A4%EF%B8%8F%20NTR%20%E2%9D%A4%EF%B8%8F%20-%206&subid=1863026-2407948-32-30-0-windows-windows%2B10-no&adb=0&clientjs=1&w=1280&h=1024&tz=0
Certificate IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
Fingerprint11:C8:29:33:4C:A0:2A:F3:EF:92:BC:95:11:62:B8:7A:AD:73:70:42
ValiditySun, 26 Feb 2023 00:00:00 GMT - Sun, 25 Feb 2024 23:59:59 GMT
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (872), with no line terminators
Hash 1508368ec567cd06853cdc259448ba42
70e10e55e4dd745b14b67bbae46608a7914ba08e
41d36e18fd13233271ebc47fd2ddbb53792aa280cbce63af0b02d23c13d851ab
GET /widgets/v4/Universal?action=sbSignupWithModel&buttonColor=%23930606&campaignId=128029786fbed96fe880330bb083ecce41e122ba08e2711908bc9493ef368344&campaignType=smartpop&creativeId=d61a8beea3946d486612a3452b3d53ba84299ee51efd9260534d85230347af08&iterationId=765913&liveBadgeColor=%23ff0707&masterSmartpopId=1914&memberId=KkpdgH06qm87DdDQ4QntZdIFHTIq8ytA-IOuqM5IJwTA1_9yWpwj3y-5oxvWu2dZx3xlyk8arcoD8e-n-m8xYP5FOIkf6J9irQdWwNeoVjDfxEY_gUIDRUi&mlView=1&p1=3803312&quality=240p&ruleId=17&smartpopId=1548&sourceId=271333&usePreroll=0&userId=ed4e3449202a44afa8131507a9d12a1c962321860e4bfcc2aa1b33a18897b60e&variationId=32246&webp=1 HTTP/1.1
Host: creative.fxmnba.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://tsyndicate.com/
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Tue, 05 Dec 2023 16:33:22 GMT
content-type: text/html
last-modified: Tue, 05 Dec 2023 10:58:14 GMT
expires: Tue, 05 Dec 2023 16:33:15 GMT
cache-control: max-age=10
strict-transport-security: max-age=15768000
pragma: public
report-to: { "endpoints":[{ "url": "https://go.stripchat.com/report" }], "group": "default", "max_age": 1048576 }
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Bitness, Sec-CH-UA-Wow64
cf-cache-status: HIT
age: 10
vary: Accept-Encoding
server: cloudflare
cf-ray: 830db0c5db4bb4ff-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
172.64.194.36
104.18.51.106
185.94.236.247
18.184.210.76
212.117.190.202
62.115.252.113
0.0.0.0