xfantazy.com/video/6256b6895a615f1d0cf9c694
172.64.162.22302 Found 0 B URL HTTP/1.1 xfantazy.com/video/6256b6895a615f1d0cf9c694
IP 172.64.162.22:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /video/6256b6895a615f1d0cf9c694 HTTP/1.1
Host: xfantazy.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 302 Found
Date: Tue, 20 Dec 2022 12:49:43 GMT
Content-Length: 0
Connection: keep-alive
location: https://xfantazy.com/video/6256b6895a615f1d0cf9c694
cache-control: no-cache
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=GGdPWTcC4loHScnGLm0KfS%2BwEDLmABkPzpWLIQISbxH2rBjytzGnF8TxMDuJigX87%2Blp4z5P%2FrUfvshkMV4EDn10JsK%2F19tg%2BUyeAmy4XSJddL5Ky3snhk9Q4b6PeYA%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 77c87fe99adf770d-LHR
alt-svc: h2=":443"; ma=60
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 2039a1dda99e075b82840608771d2326
e89713a35b312f3b87fbeaad98f03fddecbf77ce
aae78c754635e9833fa6c231d775bddc82add02f9ce3197a0b260a0806e708c3
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "AAE78C754635E9833FA6C231D775BDDC82ADD02F9CE3197A0B260A0806E708C3"
Last-Modified: Sat, 17 Dec 2022 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3505
Expires: Tue, 20 Dec 2022 13:48:09 GMT
Date: Tue, 20 Dec 2022 12:49:44 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 4cbb89840b57466fcbc0b31305c9dc47
c2c08a7a243a3f7972e8068c448488cac6d2519f
5f871ffd142470f132fed1c93f5f1a7fe6a5ecc3b4311d3d47555fce1d9a35f1
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "5F871FFD142470F132FED1C93F5F1A7FE6A5ECC3B4311D3D47555FCE1D9A35F1"
Last-Modified: Sat, 17 Dec 2022 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2686
Expires: Tue, 20 Dec 2022 13:34:30 GMT
Date: Tue, 20 Dec 2022 12:49:44 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/
35.241.9.150200 OK 939 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash dcd75ca6daca51c5e39d431468511793
07f76d3bf23d65c9110d810fa71a994e39e085d3
73672a816da4450fe2c938b08d7ae002d9ca29fdcbd3e29cc97084d826f8b459
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Length, Alert, Content-Type, Retry-After, Backoff
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Tue, 20 Dec 2022 12:45:46 GMT
content-type: application/json
age: 238
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash cf03270e3476f7482a2cc7ddc6a9e857
ab70d5ee87b01e0601f8e518bf36f97c8ceeba9a
43a4e796860a1481636dac103488cadc68c261d13cfe835d273efc368e569f97
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "43A4E796860A1481636DAC103488CADC68C261D13CFE835D273EFC368E569F97"
Last-Modified: Sun, 18 Dec 2022 23:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3625
Expires: Tue, 20 Dec 2022 13:50:09 GMT
Date: Tue, 20 Dec 2022 12:49:44 GMT
Connection: keep-alive
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-01-19-10-06-33.chain
34.160.144.191200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-01-19-10-06-33.chain
IP 34.160.144.191:0
File type PEM certificate\012- , ASCII text
Hash 53341dea33f4f3d9b4966f80589f429a
20f7b07c686c986d2ed1e3e9ad1bb2aef8edaf0d
651683e52cdbc96b289f8f123155f0b96d9f67432689e89156fa56f5a346c6a0
GET /chains/remote-settings.content-signature.mozilla.org-2023-01-19-10-06-33.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: Ic8M9DmHxLUJh8edNyCvM6d2LLOhrdFrc2/reTX+/tXfOdg1OdnLN99GbLuFUDFuGeBqU7Fb1cU=
x-amz-request-id: 7R9G6E6HK6EAPSB2
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Tue, 20 Dec 2022 11:54:58 GMT
age: 3286
last-modified: Wed, 30 Nov 2022 10:06:34 GMT
etag: "53341dea33f4f3d9b4966f80589f429a"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
ocsp.pki.goog/s/gts1p5/HHuh0f0kcFg
142.250.74.131200 OK 472 B URL HTTP/1.1 ocsp.pki.goog/s/gts1p5/HHuh0f0kcFg
IP 142.250.74.131:0
Hash e3715bdd64875e442cef8ea3b5da358f
bb3e88b4e6cd713322f0a4d96fe6aff22f288aad
eacc62afdf9220af36d75eb434e57b4e4b9c4d87f43809d6c0f4d87836d2106b
POST /s/gts1p5/HHuh0f0kcFg HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 20 Dec 2022 12:49:44 GMT
Cache-Control: public, max-age=14400
Server: scaffolding on HTTPServer2
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Tue, 20 Dec 2022 12:49:44 GMT
content-type: application/json
content-length: 12
access-control-expose-headers: content-type
access-control-allow-credentials: true
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
35.241.9.150200 OK 329 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Length, ETag, Pragma, Last-Modified, Expires, Alert, Content-Type, Retry-After, Cache-Control, Backoff
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Tue, 20 Dec 2022 12:33:24 GMT
age: 980
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
ocsp.pki.goog/s/gts1p5/HHuh0f0kcFg
142.250.74.131200 OK 472 B URL HTTP/1.1 ocsp.pki.goog/s/gts1p5/HHuh0f0kcFg
IP 142.250.74.131:0
Hash e3715bdd64875e442cef8ea3b5da358f
bb3e88b4e6cd713322f0a4d96fe6aff22f288aad
eacc62afdf9220af36d75eb434e57b4e4b9c4d87f43809d6c0f4d87836d2106b
POST /s/gts1p5/HHuh0f0kcFg HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 20 Dec 2022 12:49:44 GMT
Cache-Control: public, max-age=14400
Server: scaffolding on HTTPServer2
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash d0c2b6760f2b58f445446dd2276d5af4
aeedf417b1ebde86ce837ca02ba934abb938b1a4
8fe72d0ce839150559da5ddf46bf87d26b6b9cbe34d09641b29a53be24997c81
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 2806
Cache-Control: max-age=162233
Content-Type: application/ocsp-response
Date: Tue, 20 Dec 2022 12:49:44 GMT
Etag: "63a17b2b-1d7"
Expires: Thu, 22 Dec 2022 09:53:37 GMT
Last-Modified: Tue, 20 Dec 2022 09:06:51 GMT
Server: ECS (ska/F70D)
X-Cache: HIT
Content-Length: 471
xfantazy.com/_next/static/chunks/7.38d845e9473548212694.js
172.64.163.22200 OK 11 kB URL HTTP/2 xfantazy.com/_next/static/chunks/7.38d845e9473548212694.js
IP 172.64.163.22:0
File type ASCII text, with very long lines (38842), with no line terminators
Hash 8c4aa6678bebfb6ebb657cbeb01ccb20
776356400df2838ad4435a9f55e4421197b43e1a
80b5443889ba44a28b0ab3db85873a3ae356c9fb37958d121d2b218632fc66b1
GET /_next/static/chunks/7.38d845e9473548212694.js HTTP/1.1
Host: xfantazy.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/video/6256b6895a615f1d0cf9c694
Cookie: visitorId=nz72bnqk6kyzzq5g65x; experiment-popup-payment-7=0; experiment-save-to-button-2=0
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Tue, 20 Dec 2022 12:49:44 GMT
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=31536000, immutable
cf-bgj: minify
etag: W/"97ba-183501634e2"
last-modified: Sun, 18 Sep 2022 10:12:56 GMT
vary: Origin, Accept-Encoding
cf-cache-status: HIT
age: 4771549
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=0m9sm3oUsSR8jMTkL6JJ%2Bs2X%2FwvbqPbp2qlro44H%2Bx9FU1KVuTfMeXYDmLJnLjgK6EcQwKB4O9Lp2TcS7KlhdsQp7khxYNFKCJh6RiIeUUqVjbvoIqnWkwN0JSn8Y2Y%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 77c87fef9d414077-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.sectigo.com/
104.18.32.68200 OK 472 B IP 104.18.32.68:0
Hash 00c846ea88f523c353a850bc8a1de52e
040b4a138c17214bf6707bb2390ba97aec59d5c4
56ccf4c9f3ba8bfc5d6a1cc2bbaf0177d491efa75ece800440afb321d7e3add5
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Tue, 20 Dec 2022 12:49:45 GMT
Content-Type: application/ocsp-response
Content-Length: 472
Connection: keep-alive
Last-Modified: Sat, 17 Dec 2022 03:14:18 GMT
Expires: Sat, 24 Dec 2022 03:14:17 GMT
Etag: "040b4a138c17214bf6707bb2390ba97aec59d5c4"
Cache-Control: max-age=310471,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb2
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 77c87ff04f400b06-OSL
ocsp.sectigo.com/
104.18.32.68200 OK 472 B IP 104.18.32.68:0
Hash 00c846ea88f523c353a850bc8a1de52e
040b4a138c17214bf6707bb2390ba97aec59d5c4
56ccf4c9f3ba8bfc5d6a1cc2bbaf0177d491efa75ece800440afb321d7e3add5
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Tue, 20 Dec 2022 12:49:45 GMT
Content-Type: application/ocsp-response
Content-Length: 472
Connection: keep-alive
Last-Modified: Sat, 17 Dec 2022 03:14:18 GMT
Expires: Sat, 24 Dec 2022 03:14:17 GMT
Etag: "040b4a138c17214bf6707bb2390ba97aec59d5c4"
Cache-Control: max-age=310471,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb2
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 77c87ff04a93b4fd-OSL
xfantazy.com/_next/static/runtime/webpack-f4d22593ad73f080a168.js
172.64.163.22200 OK 5.4 kB URL HTTP/2 xfantazy.com/_next/static/runtime/webpack-f4d22593ad73f080a168.js
IP 172.64.163.22:0
File type ASCII text, with very long lines (12210), with no line terminators
Hash 7186cfcd2d0885f2ea1d01a3d6c96ab9
7d5c2be08f7f34085307a12f3383bf7c68a5f045
fb56579f75bf775ae07a9bbf5962b27ff89144dd1276ed96d8e2eba25bd980ca
GET /_next/static/runtime/webpack-f4d22593ad73f080a168.js HTTP/1.1
Host: xfantazy.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/video/6256b6895a615f1d0cf9c694
Cookie: visitorId=nz72bnqk6kyzzq5g65x; experiment-popup-payment-7=0; experiment-save-to-button-2=0
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Tue, 20 Dec 2022 12:49:44 GMT
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=31536000, immutable
cf-bgj: minify
etag: W/"2fb2-1826d2b9f14"
last-modified: Fri, 05 Aug 2022 08:42:31 GMT
vary: Origin, Accept-Encoding
cf-cache-status: HIT
age: 11851539
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Q5%2F4cgsaqo0c2q2xu7%2FRfPrZyRm211l9IqSfSJEEIPBwuNLZ1OYlxjYjL8aOWhWTK4CV%2FKSkPb69awfQlbS9FJg%2F6zhgBOvve0Hf2Fj3WoZk12V7WlKQiAFjpc2y4h8%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 77c87fefad4c4077-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 0dc23a845daadd984dd46924d80efb81
8b6ac466ee633c3a3a2eff65bd60dcb6097e5c75
3f3ebc1214709374a862beef3041aec51861f5fa7377f12710853bf31c772c58
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 20 Dec 2022 12:49:45 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
static-cache.k2s.cc/thumbnail/cemSv3Wgyf--rjiQ9w/w320h240/0.jpeg
188.72.235.185200 OK 12 kB URL HTTP/2 static-cache.k2s.cc/thumbnail/cemSv3Wgyf--rjiQ9w/w320h240/0.jpeg
IP 188.72.235.185:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v80), quality = 80", baseline, precision 8, 320x240, components 3\012- data
Hash 359b0f1afa742ee58a10c9eff8d7f1be
35683089e9d62111c54bd57b7f817cb01a1fb594
dd48e95b7a8a501882f3daffd9906475055f1d6a8b67b52545037664464a80c1
GET /thumbnail/cemSv3Wgyf--rjiQ9w/w320h240/0.jpeg HTTP/1.1
Host: static-cache.k2s.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: openresty
date: Tue, 20 Dec 2022 12:49:45 GMT
content-type: image/jpeg
content-length: 11890
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
access-control-allow-origin: *
x-cache-status: HIT
X-Firefox-Spdy: h2
xfantazy.com/_next/static/chunks/16.2fcecc4fbe403da70f1d.js
172.64.163.22200 OK 6.7 kB URL HTTP/2 xfantazy.com/_next/static/chunks/16.2fcecc4fbe403da70f1d.js
IP 172.64.163.22:0
File type ASCII text, with very long lines (20298), with no line terminators
Hash da7229c32995e1e7fb28578606cb1128
747c65ce5a253ddbba2bf63b1b6c70516868e283
804c5d19cb8b6020c2f3c71783fcfa03a467b174b03b5d42f2e319fedecdc388
GET /_next/static/chunks/16.2fcecc4fbe403da70f1d.js HTTP/1.1
Host: xfantazy.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/video/6256b6895a615f1d0cf9c694
Cookie: visitorId=nz72bnqk6kyzzq5g65x; experiment-popup-payment-7=0; experiment-save-to-button-2=0
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Tue, 20 Dec 2022 12:49:44 GMT
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=31536000, immutable
cf-bgj: minify
etag: W/"4f4a-183501608ac"
last-modified: Sun, 18 Sep 2022 10:12:44 GMT
vary: Origin, Accept-Encoding
cf-cache-status: HIT
age: 4864029
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2BScuo2ItDMYGrpPoKF832z9YMEumDcJDsZWPGyWMjre9Dqt7Z%2F9QKtMsf8pypZlHXlXs716T3ZXQ0ZwxglafjI9N7xa76mQ%2FDoJaflkjIOxBlcd5szRvDw0%2BtLBtWGw%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 77c87fef9d434077-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
static-cache.k2s.cc/thumbnail/LeuVtHL0w__t_TWUrA/w320h240/0.jpeg
188.72.235.185200 OK 8.8 kB URL HTTP/2 static-cache.k2s.cc/thumbnail/LeuVtHL0w__t_TWUrA/w320h240/0.jpeg
IP 188.72.235.185:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v80), quality = 80", baseline, precision 8, 320x240, components 3\012- data
Hash 17c6382b50b2c08bd78602ab7d0eda2c
6b003690388bdd767eaccf2de82bd89f5f176dcd
dd4bef1c655963bd9a89d0b67d237ec080aff1205eac11c23b80938ebf4ac3fc
GET /thumbnail/LeuVtHL0w__t_TWUrA/w320h240/0.jpeg HTTP/1.1
Host: static-cache.k2s.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: openresty
date: Tue, 20 Dec 2022 12:49:45 GMT
content-type: image/jpeg
content-length: 8831
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
access-control-allow-origin: *
x-cache-status: HIT
X-Firefox-Spdy: h2
static-cache.k2s.cc/thumbnail/JOjGtCP0yvrpqzmW_A/w320h240/0.jpeg
188.72.235.185200 OK 9.7 kB URL HTTP/2 static-cache.k2s.cc/thumbnail/JOjGtCP0yvrpqzmW_A/w320h240/0.jpeg
IP 188.72.235.185:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v80), quality = 80", baseline, precision 8, 320x240, components 3\012- data
Hash dc831c24f1ac426dca67c926065cf2f8
9a49fcf6dc332afc225991f702b969013d243099
de79d5f4ea610e08071755688abb31fef6eb78a421b12ee8df6376d6d10982c4
GET /thumbnail/JOjGtCP0yvrpqzmW_A/w320h240/0.jpeg HTTP/1.1
Host: static-cache.k2s.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: openresty
date: Tue, 20 Dec 2022 12:49:45 GMT
content-type: image/jpeg
content-length: 9655
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
access-control-allow-origin: *
x-cache-status: HIT
X-Firefox-Spdy: h2
static-cache.k2s.cc/thumbnail/JrmT7HKhm67u-T3FrQ/w320h240/0.jpeg
188.72.235.185200 OK 11 kB URL HTTP/2 static-cache.k2s.cc/thumbnail/JrmT7HKhm67u-T3FrQ/w320h240/0.jpeg
IP 188.72.235.185:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v80), quality = 80", baseline, precision 8, 320x240, components 3\012- data
Hash f10444d72b01477749664030d94d4879
ade52f00310617704b6ea6e37199bfbd253f32af
0ec22777bd0d259944a3232b9ad24984d9e1a4b0a617e415f4dfd435e3ef633b
GET /thumbnail/JrmT7HKhm67u-T3FrQ/w320h240/0.jpeg HTTP/1.1
Host: static-cache.k2s.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: openresty
date: Tue, 20 Dec 2022 12:49:45 GMT
content-type: image/jpeg
content-length: 10856
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
access-control-allow-origin: *
x-cache-status: HIT
X-Firefox-Spdy: h2
xfantazy.com/_next/static/chunks/59.edff5ae0d8d83054b552.js
172.64.163.22200 OK 56 kB URL HTTP/2 xfantazy.com/_next/static/chunks/59.edff5ae0d8d83054b552.js
IP 172.64.163.22:0
File type ASCII text, with very long lines (3211), with no line terminators
Hash 1f40ad714531b73ab0a4984119996e30
31bd56c8ee80948f50f66a83ea40bab0ef5afaaa
b72552f14b06dea5cffd0634be5f3bd346d64387d75fbf43f1a2f038a6934c57
GET /_next/static/chunks/59.edff5ae0d8d83054b552.js HTTP/1.1
Host: xfantazy.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/video/6256b6895a615f1d0cf9c694
Cookie: visitorId=nz72bnqk6kyzzq5g65x; experiment-popup-payment-7=0; experiment-save-to-button-2=0
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Tue, 20 Dec 2022 12:49:44 GMT
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=31536000, immutable
cf-bgj: minify
etag: W/"c8b-1835015f172"
last-modified: Sun, 18 Sep 2022 10:12:38 GMT
vary: Origin, Accept-Encoding
cf-cache-status: HIT
age: 6461687
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=i8RxvnO%2B%2F3%2FFmfl4FlMJqE1B7uVq%2BmUCUAn%2B9WCnS%2BBI3upgAKxVpB0ANPXe7RnBeFdGprILzGp0c8BEIxXN5%2B9fEvL6LLcvr%2BPCJbP2TraRKqr8DGWUJyy1hQJtZwM%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 77c87fef9d454077-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
push.services.mozilla.com/
35.160.97.225101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 35.160.97.225:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: hAbaDjYMf/OUBoe852yvbw==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: kIIpjNzgMoaPlvEKKjzVnusl5Z8=
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash 33b3e9caf6728c5b916ec1ffee5ce0b3
06dccffaf379bc6709ca42d408ae530d8a14ef83
2ed45ebc478006d7657cd42f5779635c871a5919efa7a6d7ed3a3fa344089360
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 20 Dec 2022 12:49:45 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.sectigo.com/
104.18.32.68200 OK 472 B IP 104.18.32.68:0
Hash 00c846ea88f523c353a850bc8a1de52e
040b4a138c17214bf6707bb2390ba97aec59d5c4
56ccf4c9f3ba8bfc5d6a1cc2bbaf0177d491efa75ece800440afb321d7e3add5
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Tue, 20 Dec 2022 12:49:45 GMT
Content-Type: application/ocsp-response
Content-Length: 472
Connection: keep-alive
Last-Modified: Sat, 17 Dec 2022 03:14:18 GMT
Expires: Sat, 24 Dec 2022 03:14:17 GMT
Etag: "040b4a138c17214bf6707bb2390ba97aec59d5c4"
Cache-Control: max-age=310471,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb1
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 77c87ff04aedb50f-OSL
xfantazy.com/_next/static/runtime/main-8daa673a54696bb62abb.js
172.64.163.22200 OK 26 kB URL HTTP/2 xfantazy.com/_next/static/runtime/main-8daa673a54696bb62abb.js
IP 172.64.163.22:0
File type ASCII text, with very long lines (65536), with no line terminators
Hash 7b92e452444115fa01f31876f7b7050f
41716228b04eee830c9bb22ae5d237f32e6a9e8f
52c5279d3f1ea9afbf43747d90b44545d43e0a96263af4b8b46091a2767646f9
GET /_next/static/runtime/main-8daa673a54696bb62abb.js HTTP/1.1
Host: xfantazy.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/video/6256b6895a615f1d0cf9c694
Cookie: visitorId=nz72bnqk6kyzzq5g65x; experiment-popup-payment-7=0; experiment-save-to-button-2=0
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Tue, 20 Dec 2022 12:49:44 GMT
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=31536000, immutable
cf-bgj: minify
etag: W/"11cd7-18350163506"
last-modified: Sun, 18 Sep 2022 10:12:56 GMT
vary: Origin, Accept-Encoding
cf-cache-status: HIT
age: 4771591
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=D754GDchi5kaKL65fuwpeyZ0mssU4nHM934kSGc%2BJxp35QNB7kShRQ7XE4PP9JHm%2BtXzysgroT2ZZSwf72GANEzUuNzV5zwBLedr3QHfrUgfYPTB6OynWOQ9gLBkAEo%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 77c87fefad514077-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2
216.58.207.227200 OK 16 kB URL HTTP/2 fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2
IP 216.58.207.227:0
File type Web Open Font Format (Version 2), TrueType, length 15744, version 1.0\012- data
Hash 15d9f621c3bd1599f0169dcf0bd5e63e
7ca9c5967f3bb8bffeab24b639b49c1e7d03fa52
f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615
GET /s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://xfantazy.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15744
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 14 Dec 2022 19:33:54 GMT
expires: Thu, 14 Dec 2023 19:33:54 GMT
cache-control: public, max-age=31536000
age: 494151
last-modified: Wed, 11 May 2022 19:24:48 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash 384a2b2f97397ee2741922068da5bdcd
256bcaf0f153a739623feb917ad1c8745b7a3651
541c129fcb8391e0516ad5f1ee19da5c060ce54cabedfdc7cb65d2af2b4410e0
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 20 Dec 2022 12:49:45 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash 384a2b2f97397ee2741922068da5bdcd
256bcaf0f153a739623feb917ad1c8745b7a3651
541c129fcb8391e0516ad5f1ee19da5c060ce54cabedfdc7cb65d2af2b4410e0
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 20 Dec 2022 12:49:45 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2
216.58.207.227200 OK 16 kB URL HTTP/2 fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2
IP 216.58.207.227:0
File type Web Open Font Format (Version 2), TrueType, length 15860, version 1.0\012- data
Hash e9f5aaf547f165386cd313b995dddd8e
acdef5603c2387b0e5bffd744b679a24a8bc1968
f5aebdfea35d1e7656ef4acc5db1f243209755ae3300943ef8fc6280f363c860
GET /s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://xfantazy.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15860
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Fri, 16 Dec 2022 13:33:13 GMT
expires: Sat, 16 Dec 2023 13:33:13 GMT
cache-control: public, max-age=31536000
age: 342992
last-modified: Wed, 11 May 2022 19:24:42 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
xfantazy.com/static/logo-tv-light.svg
172.64.163.22200 OK 17 kB URL HTTP/2 xfantazy.com/static/logo-tv-light.svg
IP 172.64.163.22:0
File type SVG Scalable Vector Graphics image\012- , ASCII text, with very long lines (1395)
Hash d8b7f8399318a3856341440526bb1971
40afbaf7f3836eaa28d986e05bd15dc857c26af2
662c030a340f3adff08a43494fbacb0df4a906527f48b56ffaf1cc89fd9321a0
GET /static/logo-tv-light.svg HTTP/1.1
Host: xfantazy.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/video/6256b6895a615f1d0cf9c694
Cookie: visitorId=nz72bnqk6kyzzq5g65x; experiment-popup-payment-7=0; experiment-save-to-button-2=0
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Tue, 20 Dec 2022 12:49:44 GMT
content-type: image/svg+xml
vary: Origin, Accept-Encoding
cache-control: public, max-age=14400
last-modified: Tue, 20 Dec 2022 10:11:39 GMT
etag: W/"101b-1852f0476b0"
cf-cache-status: HIT
age: 7177
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=JOEbY6uFu03KDJEVZPfXuEoNoq7EQK%2B6wDITRhXG33MScnZlKwdGgm0pOHYesGb1JBtxa5gHxFGOLEJdtJ77YQvth%2FNSlfkoIiptgVbmgLk6lW6QhSscJqPp1sNx6hY%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 77c87fefad534077-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash 384a2b2f97397ee2741922068da5bdcd
256bcaf0f153a739623feb917ad1c8745b7a3651
541c129fcb8391e0516ad5f1ee19da5c060ce54cabedfdc7cb65d2af2b4410e0
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 20 Dec 2022 12:49:45 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.digicert.com/
93.184.220.29200 OK 279 B IP 93.184.220.29:0
Hash d79460b86f2af4927a302abe7dda00e6
76e886ec1301da11c715a5e1dec4cbc0d460ae39
443f21cb040063ad7df73b19098fbe5d7b8802fa8c44162e095268a8dd53440e
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 1836
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Tue, 20 Dec 2022 12:49:45 GMT
Last-Modified: Tue, 20 Dec 2022 12:19:09 GMT
Server: ECS (ska/F70D)
X-Cache: HIT
Content-Length: 279
cdn.jsdelivr.net/npm/yandex-metrica-watch/tag.js
104.16.88.20200 OK 87 kB URL HTTP/2 cdn.jsdelivr.net/npm/yandex-metrica-watch/tag.js
IP 104.16.88.20:0
File type Unicode text, UTF-8 (with BOM) text, with very long lines (659)
Hash 9000c822add5a298e46125e600061419
04e8e7673d8b7db6b73751869c8ac5ad0279426a
93a85bf2a19ae9f0f716c92aef601fa8edc2f28960718bc16a9d43b725e7c46c
GET /npm/yandex-metrica-watch/tag.js HTTP/1.1
Host: cdn.jsdelivr.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Tue, 20 Dec 2022 12:49:45 GMT
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: *
timing-allow-origin: *
cache-control: public, max-age=604800, s-maxage=43200
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-jsd-version: 1.254.0
x-jsd-version-type: version
etag: W/"34e26-KgwGOkpaxk/k0H371fENiT+/i4k"
x-served-by: cache-fra-eddf8230060-FRA, cache-yyz4551-YYZ
x-cache: HIT, HIT
vary: Accept-Encoding
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cf-cache-status: HIT
age: 2195
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=qnk2GbadWS5%2FFq3jIu5QGGGPsmsgTmaENPRESxoWerrY6dD8D4pOymMhvuttqNcJQxwUxbisp6o15h5o4ZwCHOAHMaGBXAjruTbY6cbowL0XqZ7GXanf35sH5waF6AJ7RMs%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 77c87ff43d0e0b31-OSL
content-encoding: br
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash a263ec78522f331877b8f7d44b6f9946
36bcfc29e161f373ee2c5efe79e7c668bf0c7e3e
8a306d02861db113d5b42d19f948bb9be5afb901be157f06b44fb57dd036b2a4
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "8A306D02861DB113D5B42D19F948BB9BE5AFB901BE157F06B44FB57DD036B2A4"
Last-Modified: Sun, 18 Dec 2022 19:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=14925
Expires: Tue, 20 Dec 2022 16:58:31 GMT
Date: Tue, 20 Dec 2022 12:49:46 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 1.4 kB IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash ca24ae8bc9f144d93521cab0753745dd
414b4afec2dec893f443d8922aa080368d42d6a7
8738d90f26f01d3e80809f8c391249e2b6aa14581f81aaa2acb81529fa63778c
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "48501D71FB5753EA4C342E9AE7CD39310BA27D7E3899E07C8E2429E6471DAA04"
Last-Modified: Tue, 20 Dec 2022 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7441
Expires: Tue, 20 Dec 2022 14:53:47 GMT
Date: Tue, 20 Dec 2022 12:49:46 GMT
Connection: keep-alive
xfantazy.com/_next/static/jHZyLbKEM9kba_Tjd8V5n/pages/_app.js
172.64.163.22200 OK 39 kB URL HTTP/2 xfantazy.com/_next/static/jHZyLbKEM9kba_Tjd8V5n/pages/_app.js
IP 172.64.163.22:0
File type ASCII text, with very long lines (65536), with no line terminators
Hash 3ae60f410f63195311d5eb37fa9e5af7
c5f8279fdeea37a8a450128f352b419fa992f7cb
c3563250d5933f4352303ea1a25d1489a76a7a0dbf9b189675546ccd9c1f7100
GET /_next/static/jHZyLbKEM9kba_Tjd8V5n/pages/_app.js HTTP/1.1
Host: xfantazy.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/video/6256b6895a615f1d0cf9c694
Cookie: visitorId=nz72bnqk6kyzzq5g65x; experiment-popup-payment-7=0; experiment-save-to-button-2=0
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Tue, 20 Dec 2022 12:49:44 GMT
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=31536000, immutable
cf-bgj: minify
etag: W/"20e2f-1852f08cf96"
last-modified: Tue, 20 Dec 2022 10:16:24 GMT
vary: Origin, Accept-Encoding
cf-cache-status: HIT
age: 9109
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=0PbsDuGusaZrtcfiD10ZccIrkRZ%2BrG6wYvh9XsrlnzL7sQbZIHqj0GKaMaidLWMXkRtXIDM0IPxstLzI%2FGuwNHg7lDizuk4lYoAYsrRwc6Qw3ZFQwmtVPswnG58yKN4%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 77c87fef8d3d4077-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash db151f8790fc80bb535b13560972296a
768a8261c1529ccdd5f7ecd2f3b4e65d8e6fa0d1
36b57f1a1229e6700cef5491018a90ec4fe375a4c7bb8e3c7ac8a4cf2ad73d5a
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "36B57F1A1229E6700CEF5491018A90EC4FE375A4C7BB8E3C7AC8A4CF2AD73D5A"
Last-Modified: Tue, 20 Dec 2022 04:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2176
Expires: Tue, 20 Dec 2022 13:26:02 GMT
Date: Tue, 20 Dec 2022 12:49:46 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash db151f8790fc80bb535b13560972296a
768a8261c1529ccdd5f7ecd2f3b4e65d8e6fa0d1
36b57f1a1229e6700cef5491018a90ec4fe375a4c7bb8e3c7ac8a4cf2ad73d5a
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "36B57F1A1229E6700CEF5491018A90EC4FE375A4C7BB8E3C7AC8A4CF2AD73D5A"
Last-Modified: Tue, 20 Dec 2022 04:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2176
Expires: Tue, 20 Dec 2022 13:26:02 GMT
Date: Tue, 20 Dec 2022 12:49:46 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash db151f8790fc80bb535b13560972296a
768a8261c1529ccdd5f7ecd2f3b4e65d8e6fa0d1
36b57f1a1229e6700cef5491018a90ec4fe375a4c7bb8e3c7ac8a4cf2ad73d5a
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "36B57F1A1229E6700CEF5491018A90EC4FE375A4C7BB8E3C7AC8A4CF2AD73D5A"
Last-Modified: Tue, 20 Dec 2022 04:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2176
Expires: Tue, 20 Dec 2022 13:26:02 GMT
Date: Tue, 20 Dec 2022 12:49:46 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash db151f8790fc80bb535b13560972296a
768a8261c1529ccdd5f7ecd2f3b4e65d8e6fa0d1
36b57f1a1229e6700cef5491018a90ec4fe375a4c7bb8e3c7ac8a4cf2ad73d5a
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "36B57F1A1229E6700CEF5491018A90EC4FE375A4C7BB8E3C7AC8A4CF2AD73D5A"
Last-Modified: Tue, 20 Dec 2022 04:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2176
Expires: Tue, 20 Dec 2022 13:26:02 GMT
Date: Tue, 20 Dec 2022 12:49:46 GMT
Connection: keep-alive
mc.yandex.ru/watch/49415098?wmode=7&page-url=https%3A%2F%2Fxfantazy.com%2Fvideo%2F6256b6895a615f1d0cf9c694&charset=utf-8&browser-info=pv%3A1%3Avf%3A14qzoz81s4a176hik6jd9j%3Afp%3A1381%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A951%3Acn%3A1%3Adp%3A0%3Als%3A714245273165%3Ahid%3A768118441%3Az%3A0%3Ai%3A20221220124946%3Aet%3A1671540586%3Ac%3A1%3Arn%3A331154173%3Arqn%3A1%3Au%3A1671540586810168765%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ads%3A1%2C109%2C451%2C0%2C356%2C0%2C%2C293%2C7%2C%2C%2C%2C1404%3Aco%3A0%3Ans%3A1671540583952%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1671540586%3At%3Afree%20porn%20video%2028%20Alina%20Lopez%20in%20All%20About%20Alina%20-%20teen%20-%20teen%20-%20XFantazy.com&t=gdpr(14)clc(0-0-0)rqnt(1)aw(1)fip(1)ti(2)
87.250.251.119302 Found 4.2 kB URL HTTP/2 mc.yandex.ru/watch/49415098?wmode=7&page-url=https%3A%2F%2Fxfantazy.com%2Fvideo%2F6256b6895a615f1d0cf9c694&charset=utf-8&browser-info=pv%3A1%3Avf%3A14qzoz81s4a176hik6jd9j%3Afp%3A1381%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A951%3Acn%3A1%3Adp%3A0%3Als%3A714245273165%3Ahid%3A768118441%3Az%3A0%3Ai%3A20221220124946%3Aet%3A1671540586%3Ac%3A1%3Arn%3A331154173%3Arqn%3A1%3Au%3A1671540586810168765%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ads%3A1%2C109%2C451%2C0%2C356%2C0%2C%2C293%2C7%2C%2C%2C%2C1404%3Aco%3A0%3Ans%3A1671540583952%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1671540586%3At%3Afree%20porn%20video%2028%20Alina%20Lopez%20in%20All%20About%20Alina%20-%20teen%20-%20teen%20-%20XFantazy.com&t=gdpr(14)clc(0-0-0)rqnt(1)aw(1)fip(1)ti(2)
IP 87.250.251.119:0
Hash 95124dfe5796740cb30df1b960d358ba
5a217fcd415592dfc5dbce2ccb72dbc0fbe2f4a7
7aa89b715514f80013cbdf79ad18160bc91d95080cbe254e819f897e4b41c3a1
GET /watch/49415098?wmode=7&page-url=https%3A%2F%2Fxfantazy.com%2Fvideo%2F6256b6895a615f1d0cf9c694&charset=utf-8&browser-info=pv%3A1%3Avf%3A14qzoz81s4a176hik6jd9j%3Afp%3A1381%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A951%3Acn%3A1%3Adp%3A0%3Als%3A714245273165%3Ahid%3A768118441%3Az%3A0%3Ai%3A20221220124946%3Aet%3A1671540586%3Ac%3A1%3Arn%3A331154173%3Arqn%3A1%3Au%3A1671540586810168765%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ads%3A1%2C109%2C451%2C0%2C356%2C0%2C%2C293%2C7%2C%2C%2C%2C1404%3Aco%3A0%3Ans%3A1671540583952%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1671540586%3At%3Afree%20porn%20video%2028%20Alina%20Lopez%20in%20All%20About%20Alina%20-%20teen%20-%20teen%20-%20XFantazy.com&t=gdpr(14)clc(0-0-0)rqnt(1)aw(1)fip(1)ti(2) HTTP/1.1
Host: mc.yandex.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://xfantazy.com
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
location: /watch/49415098/1?wmode=7&page-url=https%3A%2F%2Fxfantazy.com%2Fvideo%2F6256b6895a615f1d0cf9c694&charset=utf-8&browser-info=pv%3A1%3Avf%3A14qzoz81s4a176hik6jd9j%3Afp%3A1381%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A951%3Acn%3A1%3Adp%3A0%3Als%3A714245273165%3Ahid%3A768118441%3Az%3A0%3Ai%3A20221220124946%3Aet%3A1671540586%3Ac%3A1%3Arn%3A331154173%3Arqn%3A1%3Au%3A1671540586810168765%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ads%3A1%2C109%2C451%2C0%2C356%2C0%2C%2C293%2C7%2C%2C%2C%2C1404%3Aco%3A0%3Ans%3A1671540583952%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1671540586%3At%3Afree%20porn%20video%2028%20Alina%20Lopez%20in%20All%20About%20Alina%20-%20teen%20-%20teen%20-%20XFantazy.com&t=gdpr%2814%29clc%280-0-0%29rqnt%281%29aw%281%29fip%281%29ti%282%29
date: Tue, 20 Dec 2022 12:49:46 GMT
access-control-allow-origin: https://xfantazy.com
set-cookie: yabs-sid=1873378771671540586; Path=/; SameSite=None; Secure
i=NmTGWMbcp/iY3LxSjTnV+kGiRWj4K5AZqHSK3nBkIetN0rPim/K0BC1rI+vhEadr2YOPCLcDIB14GzzWArXgkFM5Aqg=; Expires=Fri, 17-Dec-2032 12:49:41 GMT; Domain=.yandex.ru; Path=/; Secure; HttpOnly; SameSite=None
yandexuid=1601420371671540586; Expires=Wed, 20-Dec-2023 12:49:46 GMT; Domain=.yandex.ru; Path=/; SameSite=None; Secure
yuidss=1601420371671540586; Expires=Wed, 20-Dec-2023 12:49:46 GMT; Domain=.yandex.ru; Path=/; SameSite=None; Secure
ymex=1703076586.yc.1671540586#1703076586.yrts.1671540586#1703076586.yrtsi.1671540586; Expires=Wed, 20-Dec-2023 12:49:46 GMT; Domain=.yandex.ru; Path=/; SameSite=None; Secure
access-control-allow-credentials: true
pragma: no-cache
x-xss-protection: 1; mode=block
expires: Tue, 20-Dec-2022 12:49:46 GMT
last-modified: Tue, 20-Dec-2022 12:49:46 GMT
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
mc.yandex.ru/watch/49415098/1?wmode=7&page-url=https%3A%2F%2Fxfantazy.com%2Fvideo%2F6256b6895a615f1d0cf9c694&charset=utf-8&browser-info=pv%3A1%3Avf%3A14qzoz81s4a176hik6jd9j%3Afp%3A1381%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A951%3Acn%3A1%3Adp%3A0%3Als%3A714245273165%3Ahid%3A768118441%3Az%3A0%3Ai%3A20221220124946%3Aet%3A1671540586%3Ac%3A1%3Arn%3A331154173%3Arqn%3A1%3Au%3A1671540586810168765%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ads%3A1%2C109%2C451%2C0%2C356%2C0%2C%2C293%2C7%2C%2C%2C%2C1404%3Aco%3A0%3Ans%3A1671540583952%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1671540586%3At%3Afree%20porn%20video%2028%20Alina%20Lopez%20in%20All%20About%20Alina%20-%20teen%20-%20teen%20-%20XFantazy.com&t=gdpr%2814%29clc%280-0-0%29rqnt%281%29aw%281%29fip%281%29ti%282%29
87.250.251.119200 OK 419 B URL HTTP/2 mc.yandex.ru/watch/49415098/1?wmode=7&page-url=https%3A%2F%2Fxfantazy.com%2Fvideo%2F6256b6895a615f1d0cf9c694&charset=utf-8&browser-info=pv%3A1%3Avf%3A14qzoz81s4a176hik6jd9j%3Afp%3A1381%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A951%3Acn%3A1%3Adp%3A0%3Als%3A714245273165%3Ahid%3A768118441%3Az%3A0%3Ai%3A20221220124946%3Aet%3A1671540586%3Ac%3A1%3Arn%3A331154173%3Arqn%3A1%3Au%3A1671540586810168765%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ads%3A1%2C109%2C451%2C0%2C356%2C0%2C%2C293%2C7%2C%2C%2C%2C1404%3Aco%3A0%3Ans%3A1671540583952%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1671540586%3At%3Afree%20porn%20video%2028%20Alina%20Lopez%20in%20All%20About%20Alina%20-%20teen%20-%20teen%20-%20XFantazy.com&t=gdpr%2814%29clc%280-0-0%29rqnt%281%29aw%281%29fip%281%29ti%282%29
IP 87.250.251.119:0
File type JSON data\012- , ASCII text, with very long lines (419), with no line terminators
Hash 650b0e1fcc015c8d5d080f10d516de50
0f0701526364039738c3f10b4b4987eb8a41362e
c9a29b78b83a76501bc0c776a05f3679f49c0e2a36495754bac5665e7a191d17
GET /watch/49415098/1?wmode=7&page-url=https%3A%2F%2Fxfantazy.com%2Fvideo%2F6256b6895a615f1d0cf9c694&charset=utf-8&browser-info=pv%3A1%3Avf%3A14qzoz81s4a176hik6jd9j%3Afp%3A1381%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A951%3Acn%3A1%3Adp%3A0%3Als%3A714245273165%3Ahid%3A768118441%3Az%3A0%3Ai%3A20221220124946%3Aet%3A1671540586%3Ac%3A1%3Arn%3A331154173%3Arqn%3A1%3Au%3A1671540586810168765%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ads%3A1%2C109%2C451%2C0%2C356%2C0%2C%2C293%2C7%2C%2C%2C%2C1404%3Aco%3A0%3Ans%3A1671540583952%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1671540586%3At%3Afree%20porn%20video%2028%20Alina%20Lopez%20in%20All%20About%20Alina%20-%20teen%20-%20teen%20-%20XFantazy.com&t=gdpr%2814%29clc%280-0-0%29rqnt%281%29aw%281%29fip%281%29ti%282%29 HTTP/1.1
Host: mc.yandex.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://xfantazy.com
Referer: https://xfantazy.com/
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-length: 419
date: Tue, 20 Dec 2022 12:49:46 GMT
x-content-type-options: nosniff
access-control-allow-origin: https://xfantazy.com
access-control-allow-credentials: true
pragma: no-cache
x-xss-protection: 1; mode=block
expires: Tue, 20-Dec-2022 12:49:46 GMT
last-modified: Tue, 20-Dec-2022 12:49:46 GMT
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
content-type: application/json; charset=utf-8
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4d762722-a130-4c65-99b1-2f6fb91155e5.jpeg
34.120.237.76200 OK 8.5 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4d762722-a130-4c65-99b1-2f6fb91155e5.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash c7ac0b5738bab6b4ed770c26ca922250
e56fd4ee2f5354a54a6271db2be528f98eecd3d7
5997d5be6bbeb189ef08af2f6c6dd5bb0cfa70ad7b40daab8712efe5adc2c6e1
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4d762722-a130-4c65-99b1-2f6fb91155e5.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8450
x-amzn-requestid: a9f11c68-8327-46ba-9075-e316a2f9fdbb
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: dabr3FoSIAMFdtQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63a0d97e-61b788f5675fe0e815e1e967;Sampled=0
x-amzn-remapped-date: Mon, 19 Dec 2022 21:37:02 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C3
x-cache: Hit from cloudfront
x-amz-cf-id: EFtrPmVeBdwlINxF0wQq0671EksYsi6nsyFd5E4SCSH4_bQyGaNQHQ==
via: 1.1 28a7186077f9b5270d98dd053f31303e.cloudfront.net (CloudFront), 1.1 a06140ffee86972bad90c57fc682df36.cloudfront.net (CloudFront), 1.1 google
date: Mon, 19 Dec 2022 21:48:36 GMT
age: 54070
etag: "e56fd4ee2f5354a54a6271db2be528f98eecd3d7"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe2ded193-0301-4ad3-a888-72c52212ad95.jpeg
34.120.237.76200 OK 5.2 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe2ded193-0301-4ad3-a888-72c52212ad95.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash bfd0e913579b4ff2f511223d70cb01fb
497e0ffef816e100e6ddc221ec17d5f389c1142a
bee68ae1a938a5111a32dab4ec4f6964994e6c39143eac9ab94d6c5e29999372
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe2ded193-0301-4ad3-a888-72c52212ad95.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 5185
x-amzn-requestid: 3087af97-3f2d-4848-b297-eba8d84f10c5
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: dT10YHv8oAMF2sg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-639e3682-7527022d4bd9c15518fe75cc;Sampled=0
x-amzn-remapped-date: Sat, 17 Dec 2022 21:37:06 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: KyEMrUTeuVTPJ3EIkrH1DLYqa4bHK7fe6dApTAFP4XY0G4airnflGA==
via: 1.1 98e601970ea59f4d5f56a752787ff9fc.cloudfront.net (CloudFront), 1.1 fda3b2797d2719576f6b916583a28e52.cloudfront.net (CloudFront), 1.1 google
date: Mon, 19 Dec 2022 21:37:07 GMT
age: 54759
etag: "497e0ffef816e100e6ddc221ec17d5f389c1142a"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F82b028aa-d0e3-4082-a385-1385bc5c6e06.jpeg
34.120.237.76200 OK 9.2 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F82b028aa-d0e3-4082-a385-1385bc5c6e06.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 045f016fb66e6e0d1da1fb742d9b19a7
8f98bf2cedfccfce71464a733e2fd37482fd71c2
593cf38d1c2c315ff23fcda60e41141caa0266874f36a0c517554ca01ea51f12
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F82b028aa-d0e3-4082-a385-1385bc5c6e06.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 9216
x-amzn-requestid: 460a95bf-5724-4bea-b6c1-f6ce263da5e7
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: dabq8FXboAMFwCQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63a0d979-70340469247cdcf952a98c3e;Sampled=0
x-amzn-remapped-date: Mon, 19 Dec 2022 21:36:57 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C3
x-cache: Hit from cloudfront
x-amz-cf-id: 7yYJKslDn22-iL_OH_VIiZdrTMJ-9c-DyORpGZ4d2MZLDoX5PpekRw==
via: 1.1 f13aef0c4b52f6f681401f232d03eb68.cloudfront.net (CloudFront), 1.1 446e26a256db1310ae719d818e420898.cloudfront.net (CloudFront), 1.1 google
date: Mon, 19 Dec 2022 21:48:32 GMT
age: 54074
etag: "8f98bf2cedfccfce71464a733e2fd37482fd71c2"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe7b99ff1-3a90-4792-98d7-d8a29855c0b3.jpeg
34.120.237.76200 OK 9.6 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe7b99ff1-3a90-4792-98d7-d8a29855c0b3.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 49a98c00b1949e152b5f31c588a76a63
1315068dfd111f24e39d14434c719ef10328bfbf
6f67099495261e1114eeca46d2afd3c0bc6921fbc20a6e3e78c4af5d1c9edbc2
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe7b99ff1-3a90-4792-98d7-d8a29855c0b3.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 9593
x-amzn-requestid: 3a50abdf-4974-4f53-bdc6-5c15a84fea65
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: da6rNHYQoAMFdzg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63a10b14-40a012f068ef226f07b54875;Sampled=0
x-amzn-remapped-date: Tue, 20 Dec 2022 01:08:36 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C3
x-cache: Hit from cloudfront
x-amz-cf-id: _0MpwiIILMLLAXutPvNrycEQypsLabZiiSEUKOWJnGWz5Q4gYsxcow==
via: 1.1 d1151317ba32afe0e6370fd69fed222e.cloudfront.net (CloudFront), 1.1 446e26a256db1310ae719d818e420898.cloudfront.net (CloudFront), 1.1 google
date: Tue, 20 Dec 2022 01:33:12 GMT
age: 40594
etag: "1315068dfd111f24e39d14434c719ef10328bfbf"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F32317940-ae19-4605-9c38-d5a5b6285d7c.jpeg
34.120.237.76200 OK 8.2 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F32317940-ae19-4605-9c38-d5a5b6285d7c.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash f99b0b02f5f097b2c6ab2f1dc5a398b0
c7e06d6c394bb9b0ad768017af7479e909628263
36d003689047f2b21f29eedffd989acb3906b666ea0773ec889ac67b33bd11b4
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F32317940-ae19-4605-9c38-d5a5b6285d7c.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8200
x-amzn-requestid: 59110600-74a3-4fec-9c5b-190a36d9af4e
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: dabr2F_mIAMF0AQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63a0d97e-7953e2774dafb8e67e9f64d8;Sampled=0
x-amzn-remapped-date: Mon, 19 Dec 2022 21:37:02 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C3
x-cache: Hit from cloudfront
x-amz-cf-id: 8nf3qASeJrA0qII3rtWQcXtLM7IZBrK03mvKM9bjvMkHPxnT_jfXTQ==
via: 1.1 112c6b3f9aea37a6cb00b7d933e5af6e.cloudfront.net (CloudFront), 1.1 82893cc36087a50f9a150a621d10e740.cloudfront.net (CloudFront), 1.1 google
date: Mon, 19 Dec 2022 21:46:22 GMT
age: 54204
etag: "c7e06d6c394bb9b0ad768017af7479e909628263"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1e977b0b-6e7d-42dd-9743-5064708ab1e0.jpeg
34.120.237.76200 OK 7.9 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1e977b0b-6e7d-42dd-9743-5064708ab1e0.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash b5da803c751be159f0f5b3c2f65bd2b6
39139480cfc2ed0781b51745bfaabed4490aa0db
920ee464843101c638327866fbfcc9c7f00fc19b7cdbc8948fbe53d2b6fb4ed3
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1e977b0b-6e7d-42dd-9743-5064708ab1e0.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7876
x-amzn-requestid: 668c95f2-a1b1-4abd-9f4e-23d05c4998a5
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: da270EFlIAMFR5A=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63a10518-56d6db4f4cff1b4e08b87046;Sampled=0
x-amzn-remapped-date: Tue, 20 Dec 2022 00:43:04 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C3
x-cache: Hit from cloudfront
x-amz-cf-id: Hy6G0TSJc89Fyo8X3mLQ4nY4Y-2Xva9gqcLLAZH_T61Kk-6cMmhqQQ==
via: 1.1 5ab5dc09da67e3ea794ec8a82992cc88.cloudfront.net (CloudFront), 1.1 cca7d60248a961ff8fc8c5640024b652.cloudfront.net (CloudFront), 1.1 google
date: Tue, 20 Dec 2022 01:08:39 GMT
age: 42067
etag: "39139480cfc2ed0781b51745bfaabed4490aa0db"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
xfantazy.com/_next/static/chunks/69.b3ff95d1d1b8e7cf25a2.js
172.64.163.22200 OK 14 kB URL HTTP/2 xfantazy.com/_next/static/chunks/69.b3ff95d1d1b8e7cf25a2.js
IP 172.64.163.22:0
File type ASCII text, with very long lines (1564), with no line terminators
Hash 2ef53a7f1f8a493b2da0d3bb9bd145d9
f24bb66a2b0f8f6fa2a87a363cac6a9cc4fad8f0
34363090c9ce1128341de7783b3b9c23f0181a4f6eb9b3dbd5f8449b12b03c7a
GET /_next/static/chunks/69.b3ff95d1d1b8e7cf25a2.js HTTP/1.1
Host: xfantazy.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/video/6256b6895a615f1d0cf9c694
Cookie: visitorId=nz72bnqk6kyzzq5g65x; experiment-popup-payment-7=0; experiment-save-to-button-2=0
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Tue, 20 Dec 2022 12:49:44 GMT
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=31536000, immutable
cf-bgj: minify
etag: W/"61c-1835015f17e"
last-modified: Sun, 18 Sep 2022 10:12:38 GMT
vary: Origin, Accept-Encoding
cf-cache-status: HIT
age: 4771578
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=jriUr4odVIGZcVrUx4Ra0qRL%2FNjP60x4BMfRpfhhirRAk8abHWJtzsxjw5F43wGMLHgW22irR9KCBT%2BMaSrp6j6It%2BFTVOIorook9ukzjSjxWOMGPlktajGSq3oPgH0%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 77c87fef9d484077-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
e1.o.lencr.org/
95.101.11.115200 OK 344 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash 794910540ee145fd481e25ac9e6b0f66
2f3bfdd29b6de02318151552bdc6108f879aef88
d3cddb0dcb0447473e98705457d39cd2787572757f1a83183b42d94ffe5ff396
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 344
ETag: "D3CDDB0DCB0447473E98705457D39CD2787572757F1A83183B42D94FFE5FF396"
Last-Modified: Tue, 20 Dec 2022 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=13309
Expires: Tue, 20 Dec 2022 16:31:35 GMT
Date: Tue, 20 Dec 2022 12:49:46 GMT
Connection: keep-alive
static-cache.k2s.cc/thumbnail/7b427b84fcab3/main/0.jpeg
188.72.235.185200 OK 55 kB URL HTTP/2 static-cache.k2s.cc/thumbnail/7b427b84fcab3/main/0.jpeg
IP 188.72.235.185:0
File type JPEG image data, JFIF standard 1.02, aspect ratio, density 1x1, segment length 16, comment: "Lavc58.35.100", baseline, precision 8, 1280x720, components 3\012- data
Hash 71a1cc5befcf8ed20d88ebebe39a642a
0060550b8f4709fbe1638268a0b29741a5c55f53
75769a46888ef23e220e09aebdafd27f1a03639925d4ec37cc86f7e20969327e
GET /thumbnail/7b427b84fcab3/main/0.jpeg HTTP/1.1
Host: static-cache.k2s.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: openresty
date: Tue, 20 Dec 2022 12:49:46 GMT
content-type: image/jpeg
content-length: 55292
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
access-control-allow-origin: *
x-cache-status: MISS
X-Firefox-Spdy: h2
skiingsettling.com/21/fe/39/21fe3950f412e026c33f1b6cee613eba.js
192.243.59.13200 OK 14 kB URL HTTP/1.1 skiingsettling.com/21/fe/39/21fe3950f412e026c33f1b6cee613eba.js
IP 192.243.59.13:0
ASN #39572 DataWeb Global Group B.V.
Hash fea353deba78b386da1880eccb322cf8
0e97f1a9f05894c1ef75c3563173ed8758c46822
3a906cc6609f6a0d976a769dde72c97051269e15b808ae15652aed57272b8fe8
Analyzer Verdict Alert quad9 Sinkholed
GET /21/fe/39/21fe3950f412e026c33f1b6cee613eba.js HTTP/1.1
Host: skiingsettling.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.17.6
Date: Tue, 20 Dec 2022 12:49:46 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 15ee1f8dc951dfe4aef2aff229621970
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
ocsp.sca1b.amazontrust.com/
143.204.42.158200 OK 471 B URL HTTP/1.1 ocsp.sca1b.amazontrust.com/
IP 143.204.42.158:0
Hash 2655315483003e08f7c61b613e2aa395
6391557df683e7c0b7631f924c34c1f3e3341f90
486740d98108e5829d14028ccde50a090a8cb4f2336633fe98908726708f679f
POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: 'max-age=158059'
Date: Tue, 20 Dec 2022 12:49:46 GMT
Last-Modified: Tue, 20 Dec 2022 11:09:15 GMT
Server: ECS (nyb/1D35)
X-Cache: Miss from cloudfront
Via: 1.1 9dd61138197a68f8d69f12574aab6930.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: q7DU9eqT9PG9yHe7RIWca5pS4_3PdcTf2gJEotQH3AKhZKZ-wiEc9g==
Age: 6031
simplewebanalysis.com/stats
18.195.193.92200 OK 40 B URL HTTP/2 simplewebanalysis.com/stats
IP 18.195.193.92:0
File type ASCII text, with no line terminators
Hash fc09511c9c861ce8879b853d47749aa3
9e5437a45a38d8597e1b6c24c6fea95bba061720
ade2ea7e5e6d9bf69ed1ac870cc09181c92f90cff1632167ef0b6049b6c3e302
GET /stats HTTP/1.1
Host: simplewebanalysis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://xfantazy.com
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Tue, 20 Dec 2022 12:49:46 GMT
content-type: text/html; charset=UTF-8
content-length: 40
server: fasthttp
access-control-allow-origin: https://xfantazy.com
access-control-allow-credentials: true
set-cookie: uid_id2=65782ba5-1458-4762-b993-c2593eacb39c:1:1; expires=Fri, 17 Dec 2032 12:49:46 GMT; secure; SameSite=None
X-Firefox-Spdy: h2
simplewebanalysis.com/stats
18.195.193.92200 OK 40 B URL HTTP/2 simplewebanalysis.com/stats
IP 18.195.193.92:0
File type ASCII text, with no line terminators
Hash 4608cc174fe66a63b9146142cb7f77ce
1873407cad5c3225fcd373f1332b9f3e34dba6e9
dae4b81d3a1c5d9a580a6ed9a86fb62ef4f7644e31e746d806cc948036710d9c
GET /stats HTTP/1.1
Host: simplewebanalysis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://xfantazy.com
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Tue, 20 Dec 2022 12:49:46 GMT
content-type: text/html; charset=UTF-8
content-length: 40
server: fasthttp
access-control-allow-origin: https://xfantazy.com
access-control-allow-credentials: true
set-cookie: uid_id2=77f35611-a6e1-48d8-868b-c1dc3813e167:2:1; expires=Fri, 17 Dec 2032 12:49:46 GMT; secure; SameSite=None
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash d76c378bae9db9c77c834ced1e583846
df356e5ea1097ebae3d043597c70f0700145eb7a
a51191a33bf66f302ea545405a1baa8c812a5b22a8c0c51587dfe579e03d9c01
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "A51191A33BF66F302EA545405A1BAA8C812A5B22A8C0C51587DFE579E03D9C01"
Last-Modified: Sun, 18 Dec 2022 03:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5643
Expires: Tue, 20 Dec 2022 14:23:49 GMT
Date: Tue, 20 Dec 2022 12:49:46 GMT
Connection: keep-alive
e1.o.lencr.org/
95.101.11.115200 OK 344 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash 794910540ee145fd481e25ac9e6b0f66
2f3bfdd29b6de02318151552bdc6108f879aef88
d3cddb0dcb0447473e98705457d39cd2787572757f1a83183b42d94ffe5ff396
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 344
ETag: "D3CDDB0DCB0447473E98705457D39CD2787572757F1A83183B42D94FFE5FF396"
Last-Modified: Tue, 20 Dec 2022 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=13309
Expires: Tue, 20 Dec 2022 16:31:35 GMT
Date: Tue, 20 Dec 2022 12:49:46 GMT
Connection: keep-alive
mc.yandex.ru/watch/49415098/1?page-url=https%3A%2F%2Fxfantazy.com%2Fvideo%2F6256b6895a615f1d0cf9c694&charset=utf-8&hittoken=1671540586_c5882cbf6aa2edc4a53c40f149293d768e3d9a8e7bd142b5a8353d6f13bf35b9&browser-info=pa%3A1%3Aar%3A1%3Avf%3A14qzoz81s4a176hik6jd9j%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A951%3Acn%3A1%3Adp%3A0%3Als%3A714245273165%3Ahid%3A768118441%3Az%3A0%3Ai%3A20221220124946%3Aet%3A1671540587%3Ac%3A1%3Arn%3A355757049%3Arqn%3A2%3Au%3A1671540586810168765%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Aco%3A0%3Ans%3A1671540583952%3Anp%3ATGludXggeDg2XzY0%3Ast%3A1671540587&t=gdpr(14)mc(p-6)clc(0-0-0)rqnt(2)aw(1)ti(2)
87.250.251.119200 OK 43 B URL HTTP/2 mc.yandex.ru/watch/49415098/1?page-url=https%3A%2F%2Fxfantazy.com%2Fvideo%2F6256b6895a615f1d0cf9c694&charset=utf-8&hittoken=1671540586_c5882cbf6aa2edc4a53c40f149293d768e3d9a8e7bd142b5a8353d6f13bf35b9&browser-info=pa%3A1%3Aar%3A1%3Avf%3A14qzoz81s4a176hik6jd9j%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A951%3Acn%3A1%3Adp%3A0%3Als%3A714245273165%3Ahid%3A768118441%3Az%3A0%3Ai%3A20221220124946%3Aet%3A1671540587%3Ac%3A1%3Arn%3A355757049%3Arqn%3A2%3Au%3A1671540586810168765%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Aco%3A0%3Ans%3A1671540583952%3Anp%3ATGludXggeDg2XzY0%3Ast%3A1671540587&t=gdpr(14)mc(p-6)clc(0-0-0)rqnt(2)aw(1)ti(2)
IP 87.250.251.119:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash df3e567d6f16d040326c7a0ea29a4f41
ea7df583983133b62712b5e73bffbcd45cc53736
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
POST /watch/49415098/1?page-url=https%3A%2F%2Fxfantazy.com%2Fvideo%2F6256b6895a615f1d0cf9c694&charset=utf-8&hittoken=1671540586_c5882cbf6aa2edc4a53c40f149293d768e3d9a8e7bd142b5a8353d6f13bf35b9&browser-info=pa%3A1%3Aar%3A1%3Avf%3A14qzoz81s4a176hik6jd9j%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A951%3Acn%3A1%3Adp%3A0%3Als%3A714245273165%3Ahid%3A768118441%3Az%3A0%3Ai%3A20221220124946%3Aet%3A1671540587%3Ac%3A1%3Arn%3A355757049%3Arqn%3A2%3Au%3A1671540586810168765%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Aco%3A0%3Ans%3A1671540583952%3Anp%3ATGludXggeDg2XzY0%3Ast%3A1671540587&t=gdpr(14)mc(p-6)clc(0-0-0)rqnt(2)aw(1)ti(2) HTTP/1.1
Host: mc.yandex.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Content-Length: 45
Origin: https://xfantazy.com
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-length: 43
date: Tue, 20 Dec 2022 12:49:46 GMT
access-control-allow-origin: https://xfantazy.com
access-control-allow-credentials: true
pragma: no-cache
x-xss-protection: 1; mode=block
expires: Tue, 20-Dec-2022 12:49:46 GMT
last-modified: Tue, 20-Dec-2022 12:49:46 GMT
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
content-type: image/gif
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
mc.yandex.ru/watch/49415098/1?page-url=https%3A%2F%2Fxfantazy.com%2Fvideo%2F6256b6895a615f1d0cf9c694&charset=utf-8&hittoken=1671540586_c5882cbf6aa2edc4a53c40f149293d768e3d9a8e7bd142b5a8353d6f13bf35b9&browser-info=pa%3A1%3Aar%3A1%3Avf%3A14qzoz81s4a176hik6jd9j%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A951%3Acn%3A1%3Adp%3A0%3Als%3A714245273165%3Ahid%3A768118441%3Az%3A0%3Ai%3A20221220124946%3Aet%3A1671540587%3Ac%3A1%3Arn%3A988996421%3Arqn%3A4%3Au%3A1671540586810168765%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Aco%3A0%3Ans%3A1671540583952%3Ast%3A1671540587&t=gdpr(14)mc(p-6)clc(0-0-0)rqnt(4)aw(1)ti(2)
87.250.251.119200 OK 43 B URL HTTP/2 mc.yandex.ru/watch/49415098/1?page-url=https%3A%2F%2Fxfantazy.com%2Fvideo%2F6256b6895a615f1d0cf9c694&charset=utf-8&hittoken=1671540586_c5882cbf6aa2edc4a53c40f149293d768e3d9a8e7bd142b5a8353d6f13bf35b9&browser-info=pa%3A1%3Aar%3A1%3Avf%3A14qzoz81s4a176hik6jd9j%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A951%3Acn%3A1%3Adp%3A0%3Als%3A714245273165%3Ahid%3A768118441%3Az%3A0%3Ai%3A20221220124946%3Aet%3A1671540587%3Ac%3A1%3Arn%3A988996421%3Arqn%3A4%3Au%3A1671540586810168765%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Aco%3A0%3Ans%3A1671540583952%3Ast%3A1671540587&t=gdpr(14)mc(p-6)clc(0-0-0)rqnt(4)aw(1)ti(2)
IP 87.250.251.119:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash df3e567d6f16d040326c7a0ea29a4f41
ea7df583983133b62712b5e73bffbcd45cc53736
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
POST /watch/49415098/1?page-url=https%3A%2F%2Fxfantazy.com%2Fvideo%2F6256b6895a615f1d0cf9c694&charset=utf-8&hittoken=1671540586_c5882cbf6aa2edc4a53c40f149293d768e3d9a8e7bd142b5a8353d6f13bf35b9&browser-info=pa%3A1%3Aar%3A1%3Avf%3A14qzoz81s4a176hik6jd9j%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A951%3Acn%3A1%3Adp%3A0%3Als%3A714245273165%3Ahid%3A768118441%3Az%3A0%3Ai%3A20221220124946%3Aet%3A1671540587%3Ac%3A1%3Arn%3A988996421%3Arqn%3A4%3Au%3A1671540586810168765%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Aco%3A0%3Ans%3A1671540583952%3Ast%3A1671540587&t=gdpr(14)mc(p-6)clc(0-0-0)rqnt(4)aw(1)ti(2) HTTP/1.1
Host: mc.yandex.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Content-Length: 122
Origin: https://xfantazy.com
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-length: 43
date: Tue, 20 Dec 2022 12:49:46 GMT
access-control-allow-origin: https://xfantazy.com
access-control-allow-credentials: true
pragma: no-cache
x-xss-protection: 1; mode=block
expires: Tue, 20-Dec-2022 12:49:46 GMT
last-modified: Tue, 20-Dec-2022 12:49:46 GMT
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
content-type: image/gif
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
mc.yandex.ru/watch/49415098/1?page-url=https%3A%2F%2Fxfantazy.com%2Fvideo%2F6256b6895a615f1d0cf9c694&charset=utf-8&hittoken=1671540586_c5882cbf6aa2edc4a53c40f149293d768e3d9a8e7bd142b5a8353d6f13bf35b9&browser-info=pa%3A1%3Aar%3A1%3Avf%3A14qzoz81s4a176hik6jd9j%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A951%3Acn%3A1%3Adp%3A0%3Als%3A714245273165%3Ahid%3A768118441%3Az%3A0%3Ai%3A20221220124946%3Aet%3A1671540587%3Ac%3A1%3Arn%3A791908752%3Arqn%3A3%3Au%3A1671540586810168765%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Aco%3A0%3Ans%3A1671540583952%3Ast%3A1671540587&t=gdpr(14)mc(p-6)clc(0-0-0)rqnt(3)aw(1)ti(2)
87.250.251.119200 OK 43 B URL HTTP/2 mc.yandex.ru/watch/49415098/1?page-url=https%3A%2F%2Fxfantazy.com%2Fvideo%2F6256b6895a615f1d0cf9c694&charset=utf-8&hittoken=1671540586_c5882cbf6aa2edc4a53c40f149293d768e3d9a8e7bd142b5a8353d6f13bf35b9&browser-info=pa%3A1%3Aar%3A1%3Avf%3A14qzoz81s4a176hik6jd9j%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A951%3Acn%3A1%3Adp%3A0%3Als%3A714245273165%3Ahid%3A768118441%3Az%3A0%3Ai%3A20221220124946%3Aet%3A1671540587%3Ac%3A1%3Arn%3A791908752%3Arqn%3A3%3Au%3A1671540586810168765%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Aco%3A0%3Ans%3A1671540583952%3Ast%3A1671540587&t=gdpr(14)mc(p-6)clc(0-0-0)rqnt(3)aw(1)ti(2)
IP 87.250.251.119:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash df3e567d6f16d040326c7a0ea29a4f41
ea7df583983133b62712b5e73bffbcd45cc53736
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
POST /watch/49415098/1?page-url=https%3A%2F%2Fxfantazy.com%2Fvideo%2F6256b6895a615f1d0cf9c694&charset=utf-8&hittoken=1671540586_c5882cbf6aa2edc4a53c40f149293d768e3d9a8e7bd142b5a8353d6f13bf35b9&browser-info=pa%3A1%3Aar%3A1%3Avf%3A14qzoz81s4a176hik6jd9j%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A951%3Acn%3A1%3Adp%3A0%3Als%3A714245273165%3Ahid%3A768118441%3Az%3A0%3Ai%3A20221220124946%3Aet%3A1671540587%3Ac%3A1%3Arn%3A791908752%3Arqn%3A3%3Au%3A1671540586810168765%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Aco%3A0%3Ans%3A1671540583952%3Ast%3A1671540587&t=gdpr(14)mc(p-6)clc(0-0-0)rqnt(3)aw(1)ti(2) HTTP/1.1
Host: mc.yandex.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Content-Length: 52
Origin: https://xfantazy.com
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-length: 43
date: Tue, 20 Dec 2022 12:49:46 GMT
access-control-allow-origin: https://xfantazy.com
access-control-allow-credentials: true
pragma: no-cache
x-xss-protection: 1; mode=block
expires: Tue, 20-Dec-2022 12:49:46 GMT
last-modified: Tue, 20-Dec-2022 12:49:46 GMT
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
content-type: image/gif
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
mc.yandex.ru/watch/49415098/1?page-url=https%3A%2F%2Fxfantazy.com%2Fvideo%2F6256b6895a615f1d0cf9c694&charset=utf-8&hittoken=1671540586_c5882cbf6aa2edc4a53c40f149293d768e3d9a8e7bd142b5a8353d6f13bf35b9&browser-info=pa%3A1%3Aar%3A1%3Avf%3A14qzoz81s4a176hik6jd9j%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A951%3Acn%3A1%3Adp%3A0%3Als%3A714245273165%3Ahid%3A768118441%3Az%3A0%3Ai%3A20221220124946%3Aet%3A1671540587%3Ac%3A1%3Arn%3A855644131%3Arqn%3A6%3Au%3A1671540586810168765%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Aco%3A0%3Ans%3A1671540583952%3Ast%3A1671540587&t=gdpr(14)mc(p-6)clc(0-0-0)rqnt(6)aw(1)ti(2)
87.250.251.119200 OK 43 B URL HTTP/2 mc.yandex.ru/watch/49415098/1?page-url=https%3A%2F%2Fxfantazy.com%2Fvideo%2F6256b6895a615f1d0cf9c694&charset=utf-8&hittoken=1671540586_c5882cbf6aa2edc4a53c40f149293d768e3d9a8e7bd142b5a8353d6f13bf35b9&browser-info=pa%3A1%3Aar%3A1%3Avf%3A14qzoz81s4a176hik6jd9j%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A951%3Acn%3A1%3Adp%3A0%3Als%3A714245273165%3Ahid%3A768118441%3Az%3A0%3Ai%3A20221220124946%3Aet%3A1671540587%3Ac%3A1%3Arn%3A855644131%3Arqn%3A6%3Au%3A1671540586810168765%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Aco%3A0%3Ans%3A1671540583952%3Ast%3A1671540587&t=gdpr(14)mc(p-6)clc(0-0-0)rqnt(6)aw(1)ti(2)
IP 87.250.251.119:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash df3e567d6f16d040326c7a0ea29a4f41
ea7df583983133b62712b5e73bffbcd45cc53736
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
POST /watch/49415098/1?page-url=https%3A%2F%2Fxfantazy.com%2Fvideo%2F6256b6895a615f1d0cf9c694&charset=utf-8&hittoken=1671540586_c5882cbf6aa2edc4a53c40f149293d768e3d9a8e7bd142b5a8353d6f13bf35b9&browser-info=pa%3A1%3Aar%3A1%3Avf%3A14qzoz81s4a176hik6jd9j%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A951%3Acn%3A1%3Adp%3A0%3Als%3A714245273165%3Ahid%3A768118441%3Az%3A0%3Ai%3A20221220124946%3Aet%3A1671540587%3Ac%3A1%3Arn%3A855644131%3Arqn%3A6%3Au%3A1671540586810168765%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Aco%3A0%3Ans%3A1671540583952%3Ast%3A1671540587&t=gdpr(14)mc(p-6)clc(0-0-0)rqnt(6)aw(1)ti(2) HTTP/1.1
Host: mc.yandex.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Content-Length: 99
Origin: https://xfantazy.com
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-length: 43
date: Tue, 20 Dec 2022 12:49:46 GMT
access-control-allow-origin: https://xfantazy.com
access-control-allow-credentials: true
pragma: no-cache
x-xss-protection: 1; mode=block
expires: Tue, 20-Dec-2022 12:49:46 GMT
last-modified: Tue, 20-Dec-2022 12:49:46 GMT
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
content-type: image/gif
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
mc.yandex.ru/watch/49415098/1?page-url=https%3A%2F%2Fxfantazy.com%2Fvideo%2F6256b6895a615f1d0cf9c694&charset=utf-8&hittoken=1671540586_c5882cbf6aa2edc4a53c40f149293d768e3d9a8e7bd142b5a8353d6f13bf35b9&browser-info=pa%3A1%3Aar%3A1%3Avf%3A14qzoz81s4a176hik6jd9j%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A951%3Acn%3A1%3Adp%3A0%3Als%3A714245273165%3Ahid%3A768118441%3Az%3A0%3Ai%3A20221220124946%3Aet%3A1671540587%3Ac%3A1%3Arn%3A941333860%3Arqn%3A5%3Au%3A1671540586810168765%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Aco%3A0%3Ans%3A1671540583952%3Ast%3A1671540587&t=gdpr(14)mc(p-6)clc(0-0-0)rqnt(5)aw(1)ti(2)
87.250.251.119200 OK 43 B URL HTTP/2 mc.yandex.ru/watch/49415098/1?page-url=https%3A%2F%2Fxfantazy.com%2Fvideo%2F6256b6895a615f1d0cf9c694&charset=utf-8&hittoken=1671540586_c5882cbf6aa2edc4a53c40f149293d768e3d9a8e7bd142b5a8353d6f13bf35b9&browser-info=pa%3A1%3Aar%3A1%3Avf%3A14qzoz81s4a176hik6jd9j%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A951%3Acn%3A1%3Adp%3A0%3Als%3A714245273165%3Ahid%3A768118441%3Az%3A0%3Ai%3A20221220124946%3Aet%3A1671540587%3Ac%3A1%3Arn%3A941333860%3Arqn%3A5%3Au%3A1671540586810168765%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Aco%3A0%3Ans%3A1671540583952%3Ast%3A1671540587&t=gdpr(14)mc(p-6)clc(0-0-0)rqnt(5)aw(1)ti(2)
IP 87.250.251.119:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash df3e567d6f16d040326c7a0ea29a4f41
ea7df583983133b62712b5e73bffbcd45cc53736
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
POST /watch/49415098/1?page-url=https%3A%2F%2Fxfantazy.com%2Fvideo%2F6256b6895a615f1d0cf9c694&charset=utf-8&hittoken=1671540586_c5882cbf6aa2edc4a53c40f149293d768e3d9a8e7bd142b5a8353d6f13bf35b9&browser-info=pa%3A1%3Aar%3A1%3Avf%3A14qzoz81s4a176hik6jd9j%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A951%3Acn%3A1%3Adp%3A0%3Als%3A714245273165%3Ahid%3A768118441%3Az%3A0%3Ai%3A20221220124946%3Aet%3A1671540587%3Ac%3A1%3Arn%3A941333860%3Arqn%3A5%3Au%3A1671540586810168765%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Aco%3A0%3Ans%3A1671540583952%3Ast%3A1671540587&t=gdpr(14)mc(p-6)clc(0-0-0)rqnt(5)aw(1)ti(2) HTTP/1.1
Host: mc.yandex.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Content-Length: 98
Origin: https://xfantazy.com
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-length: 43
date: Tue, 20 Dec 2022 12:49:46 GMT
access-control-allow-origin: https://xfantazy.com
access-control-allow-credentials: true
pragma: no-cache
x-xss-protection: 1; mode=block
expires: Tue, 20-Dec-2022 12:49:46 GMT
last-modified: Tue, 20-Dec-2022 12:49:46 GMT
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
content-type: image/gif
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
mc.yandex.ru/watch/49415098/1?page-url=https%3A%2F%2Fxfantazy.com%2Fvideo%2F6256b6895a615f1d0cf9c694&charset=utf-8&hittoken=1671540586_c5882cbf6aa2edc4a53c40f149293d768e3d9a8e7bd142b5a8353d6f13bf35b9&browser-info=pa%3A1%3Aar%3A1%3Avf%3A14qzoz81s4a176hik6jd9j%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A951%3Acn%3A1%3Adp%3A0%3Als%3A714245273165%3Ahid%3A768118441%3Az%3A0%3Ai%3A20221220124946%3Aet%3A1671540587%3Ac%3A1%3Arn%3A939942251%3Arqn%3A7%3Au%3A1671540586810168765%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Aco%3A0%3Ans%3A1671540583952%3Ast%3A1671540587&t=gdpr(14)mc(p-6)clc(0-0-0)rqnt(7)aw(1)ti(2)
87.250.251.119200 OK 43 B URL HTTP/2 mc.yandex.ru/watch/49415098/1?page-url=https%3A%2F%2Fxfantazy.com%2Fvideo%2F6256b6895a615f1d0cf9c694&charset=utf-8&hittoken=1671540586_c5882cbf6aa2edc4a53c40f149293d768e3d9a8e7bd142b5a8353d6f13bf35b9&browser-info=pa%3A1%3Aar%3A1%3Avf%3A14qzoz81s4a176hik6jd9j%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A951%3Acn%3A1%3Adp%3A0%3Als%3A714245273165%3Ahid%3A768118441%3Az%3A0%3Ai%3A20221220124946%3Aet%3A1671540587%3Ac%3A1%3Arn%3A939942251%3Arqn%3A7%3Au%3A1671540586810168765%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Aco%3A0%3Ans%3A1671540583952%3Ast%3A1671540587&t=gdpr(14)mc(p-6)clc(0-0-0)rqnt(7)aw(1)ti(2)
IP 87.250.251.119:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash df3e567d6f16d040326c7a0ea29a4f41
ea7df583983133b62712b5e73bffbcd45cc53736
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
POST /watch/49415098/1?page-url=https%3A%2F%2Fxfantazy.com%2Fvideo%2F6256b6895a615f1d0cf9c694&charset=utf-8&hittoken=1671540586_c5882cbf6aa2edc4a53c40f149293d768e3d9a8e7bd142b5a8353d6f13bf35b9&browser-info=pa%3A1%3Aar%3A1%3Avf%3A14qzoz81s4a176hik6jd9j%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A951%3Acn%3A1%3Adp%3A0%3Als%3A714245273165%3Ahid%3A768118441%3Az%3A0%3Ai%3A20221220124946%3Aet%3A1671540587%3Ac%3A1%3Arn%3A939942251%3Arqn%3A7%3Au%3A1671540586810168765%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Aco%3A0%3Ans%3A1671540583952%3Ast%3A1671540587&t=gdpr(14)mc(p-6)clc(0-0-0)rqnt(7)aw(1)ti(2) HTTP/1.1
Host: mc.yandex.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Content-Length: 98
Origin: https://xfantazy.com
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-length: 43
date: Tue, 20 Dec 2022 12:49:46 GMT
access-control-allow-origin: https://xfantazy.com
access-control-allow-credentials: true
pragma: no-cache
x-xss-protection: 1; mode=block
expires: Tue, 20-Dec-2022 12:49:46 GMT
last-modified: Tue, 20-Dec-2022 12:49:46 GMT
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
content-type: image/gif
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash c9ea95cf0acd17636fb6cf26105dda10
74f896b326fbfbda7e44214ef02941f2911b5167
438e8661fb77572c5400eff32a7a6f472e89c4f5b3f04e5a9ef7b5a6fd37ec5f
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "438E8661FB77572C5400EFF32A7A6F472E89C4F5B3F04E5A9EF7B5A6FD37EC5F"
Last-Modified: Sun, 18 Dec 2022 13:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4468
Expires: Tue, 20 Dec 2022 14:04:14 GMT
Date: Tue, 20 Dec 2022 12:49:46 GMT
Connection: keep-alive
spinalmultiple.com/4d/0a/fc/4d0afc2425eea6b0cd5a468c9f8a69ed.js
192.243.59.13200 OK 29 kB URL HTTP/1.1 spinalmultiple.com/4d/0a/fc/4d0afc2425eea6b0cd5a468c9f8a69ed.js
IP 192.243.59.13:0
ASN #39572 DataWeb Global Group B.V.
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (65536), with no line terminators
Hash 313f53800a4170ac47d9b004ea287961
86e3aa3e69097f4e64e644335ee9c15c6f1b16e8
fe007b38ed381c52084155024321e8ee1fb42087c6236e5a1faca65cc08ba09f
Analyzer Verdict Alert quad9 Sinkholed
GET /4d/0a/fc/4d0afc2425eea6b0cd5a468c9f8a69ed.js HTTP/1.1
Host: spinalmultiple.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.17.6
Date: Tue, 20 Dec 2022 12:49:46 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: cfdb67bbe11c8c708dd9172cb6b0ca9e
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
officialbanisters.com/01/f7/5a/01f75a95a38a8db0a8e82d995253a076.js
192.243.59.13200 OK 29 kB URL HTTP/1.1 officialbanisters.com/01/f7/5a/01f75a95a38a8db0a8e82d995253a076.js
IP 192.243.59.13:0
ASN #39572 DataWeb Global Group B.V.
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (65536), with no line terminators
Hash 5cac8c8a2c06d0231c9d428bc7ca87a1
329cf64419d7b33efccc479064513dd0e25ae3aa
dc54f4ef83dc560ec127d7cda4a73cad9259a75d88cc3bbaf80bd0d38968b785
Analyzer Verdict Alert quad9 Sinkholed
GET /01/f7/5a/01f75a95a38a8db0a8e82d995253a076.js HTTP/1.1
Host: officialbanisters.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.17.6
Date: Tue, 20 Dec 2022 12:49:47 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 67fe315b55d04ed44467a653f82bc14d
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash afa1b11750253c267e2a55384874b04e
276a69c6fc23d3526bc2386c46756baf5adc3ee5
1bf2a99d5b7213c90184d4316d776a340580815b28da51762614d7e5188060e4
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "1BF2A99D5B7213C90184D4316D776A340580815B28DA51762614D7E5188060E4"
Last-Modified: Mon, 19 Dec 2022 13:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4526
Expires: Tue, 20 Dec 2022 14:05:13 GMT
Date: Tue, 20 Dec 2022 12:49:47 GMT
Connection: keep-alive
spinalmultiple.com/sbar.json?key=a2f990f10476061c719d1c1aa3a2ecd2&uuid=77f35611-a6e1-48d8-868b-c1dc3813e167%3A2%3A1
192.243.59.13200 OK 3.0 kB URL HTTP/1.1 spinalmultiple.com/sbar.json?key=a2f990f10476061c719d1c1aa3a2ecd2&uuid=77f35611-a6e1-48d8-868b-c1dc3813e167%3A2%3A1
IP 192.243.59.13:0
ASN #39572 DataWeb Global Group B.V.
File type JSON data\012- , Unicode text, UTF-8 text, with very long lines (7261), with no line terminators
Hash 374c0670925ab75ab7bef9973fbe5023
80917e0674f474dc08e6c465e30736963192ebc7
92adbbfe794f14efb8e4789f7e885a6a46b35bb47b8655c1b383c3e99dbc8601
Analyzer Verdict Alert quad9 Sinkholed
GET /sbar.json?key=a2f990f10476061c719d1c1aa3a2ecd2&uuid=77f35611-a6e1-48d8-868b-c1dc3813e167%3A2%3A1 HTTP/1.1
Host: spinalmultiple.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://xfantazy.com
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.17.6
Date: Tue, 20 Dec 2022 12:49:47 GMT
Content-Type: text/plain; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: https://xfantazy.com
Access-Control-Allow-Origin: https://xfantazy.com
Access-Control-Allow-Credentials: true
Set-Cookie: u_pl=15600826; expires=Wed, 21 Dec 2022 12:49:47 GMT; secure; SameSite=None
uid_id2=77f35611-a6e1-48d8-868b-c1dc3813e167:2:1; expires=Tue, 27 Dec 2022 12:49:47 GMT; secure; SameSite=None
pdhtkv=true; expires=Wed, 21 Dec 2022 12:49:47 GMT; secure; SameSite=None
uncs=1; expires=Wed, 21 Dec 2022 12:49:47 GMT; secure; SameSite=None
pdhtkv29=true; expires=Wed, 21 Dec 2022 12:49:47 GMT; secure; SameSite=None
uncs29=1; expires=Wed, 21 Dec 2022 12:49:47 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 63d5af18cd892644a464244f6243083f
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
sponsorlustrestories.com/pixel/purst?dl=0&th=0&sc=0&rs=3172&rd=3172&fd=600&bv=22.10.v.10&tmpl=136
173.233.137.60200 OK 0 B URL HTTP/1.1 sponsorlustrestories.com/pixel/purst?dl=0&th=0&sc=0&rs=3172&rd=3172&fd=600&bv=22.10.v.10&tmpl=136
IP 173.233.137.60:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /pixel/purst?dl=0&th=0&sc=0&rs=3172&rd=3172&fd=600&bv=22.10.v.10&tmpl=136 HTTP/1.1
Host: sponsorlustrestories.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Tue, 20 Dec 2022 12:49:47 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 91c73ec56d1a54a21d0f236f65d6a34a
c5fa91186ffb20e04f40bc3eff3553b461258d69
035c37aebb2136ee7828c50798fe559d40d216b07f43cb454a6f9090f90fd4c7
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "035C37AEBB2136EE7828C50798FE559D40D216B07F43CB454A6F9090F90FD4C7"
Last-Modified: Tue, 20 Dec 2022 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11479
Expires: Tue, 20 Dec 2022 16:01:06 GMT
Date: Tue, 20 Dec 2022 12:49:47 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 4cfb6638c0636d316dcabaa995fdbd47
0a001b9f80f24e0f8f728084d4354fc9e6d27985
abe78ccc427e7ab71dd02e1cb74831713198547562c38a32efc99cf56204214c
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "ABE78CCC427E7AB71DD02E1CB74831713198547562C38A32EFC99CF56204214C"
Last-Modified: Sun, 18 Dec 2022 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=17658
Expires: Tue, 20 Dec 2022 17:44:05 GMT
Date: Tue, 20 Dec 2022 12:49:47 GMT
Connection: keep-alive
spinalmultiple.com/ren.gif?sid=H4sIAAAAAAAC%2F6xS32sc1Re%2Fk2%2B%2FX%2FiiD1aKIFIcWCkVzGZmZ3%2B2lJA2abo0TWISKfpS7tx7Z3PdO%2FeOc%2B%2FsbFaE0or0QSEVQd%2BcnKSN1f6wb1YUZCMFCRS6PsiCBvQPkILQR5XdRKoPgg%2Behzmfw2cu5%2FM557y1luwgBxLcnz%2BjOlwIPFbKO%2Fbhs1xSlWp7dsl2nbxz1D7LZbl41G4PPnHriOuU8s7z9jQjTTVWcFzHcR3XPsljFqj22JAFHl2vufmaky8W8m6pCO34r7VOLNDYAtraQU8Cp73%2FLn9zGzjpggw%2FnWS6aVT0wlSYCGxUDC26%2BZJsSpVKCB%2FBILYgkJt7f4PSPYQ%2BGAElN%2FccgGptDByAz3vI%2Bs4FX27uyQS%2FdWVXqS%2BASfDpY5C2usBEFzjuAlEXgdP7CIBQmJ0DGV6dVXGKV3ZZPGB7aN%2FDX4CnPbTvhwMgw5vHBW%2Fbi0okhiupoR1kwNtd4I0uRMkWmI4FPN0CYi4Ap%2FfQ2MMZkOHGnBYKOO0%2FV6kEXqnsuqO4zNzRYpVWR6vlqj9KXEq8qusxt1wZjojzLvCgC4KtAtYjkGgLEm5BEliQRBaEtG%2FjUi1wnErgB55XLRJCPI%2BQUrVMS9QrVgMHEjLwsAomWgUiVoHE5yGKz0OTX%2B4hdGED4uQr0MsZaGqBNghaNIOUIUg1ghQjSDmC1CBIW9kVKnRBZ1ep0Inv7uXCXvaydWUaa%2FiKMg0m0Vq0g%2FYPp%2Ffz459Dk%2FVtXAhqNSdwnWKl7JRdUnFr1CUuxh4uMEILoHkGXI8A1hZ0eA8deOYniAYrfeM38PEWaLEFhD8BODkIOF2vFBzAy%2BvFqgMdeb0dYGlwZyVPVAhUZRCZfWBWrDWxg54e6qhM3ANGtse%2FH7nxMv91DUicQRRn8Cr%2FGkFDXFpfUCnaWFCpRrfnIsND3sGDDS8abBj6%2BDRbSVVM65N69doEGRADeH2JaTODJeWyodEnxzmlLD6pYsLQl3V9lvnziV4%2BnsQyiWbmT5ysh1HMtOZKdgHz%2B%2B1XgPAe%2Bv%2BdG8PbPfhsDXi8BXHSn1w2JjoyNkYEJ818REQzL3HIdutxzbA55pVrTqFwCFNO%2F8D8WGcGB1XvNU%2B%2BOHXOgTDZHn977O77h6%2FuB666QKI3P8rl6ifmZnO5%2FsLftDDLSehLzMU%2FbXOIhw1zjBMlr%2BVyS%2FWlmalc7ou6TXHDZrEtVppNRnGDSZtyaT%2F48N3PbuVyk1OLJxbq80v1oRR70eDY2DriQjBjh4zaruM49uzcadtXMtG3crmZiYXpqXP1MxPTU7lc%2F9S%2FJR50tI32ArRCEItHtR9ZkCbZelzwt8ezU089%2BN87d0DwHjpyV4Ng2%2BPvdX6cvnngdcB%2BBpr96eEjvKYvQSO2AJuLIMMMWnEGLZEBFqugk%2F%2BsmyjeHv%2FWGwb4wlr3RWxt%2BCIWl3dvVvO%2BzUqBEzCnwPyg5gcV7NBaUKz5uOayil%2FCLhjdI2u3mr8DAAD%2F%2FwEAAP%2F%2Fv23QQuwFAAA%3D
192.243.59.13200 OK 7 B URL HTTP/1.1 spinalmultiple.com/ren.gif?sid=H4sIAAAAAAAC%2F6xS32sc1Re%2Fk2%2B%2FX%2FiiD1aKIFIcWCkVzGZmZ3%2B2lJA2abo0TWISKfpS7tx7Z3PdO%2FeOc%2B%2FsbFaE0or0QSEVQd%2BcnKSN1f6wb1YUZCMFCRS6PsiCBvQPkILQR5XdRKoPgg%2Behzmfw2cu5%2FM557y1luwgBxLcnz%2BjOlwIPFbKO%2Fbhs1xSlWp7dsl2nbxz1D7LZbl41G4PPnHriOuU8s7z9jQjTTVWcFzHcR3XPsljFqj22JAFHl2vufmaky8W8m6pCO34r7VOLNDYAtraQU8Cp73%2FLn9zGzjpggw%2FnWS6aVT0wlSYCGxUDC26%2BZJsSpVKCB%2FBILYgkJt7f4PSPYQ%2BGAElN%2FccgGptDByAz3vI%2Bs4FX27uyQS%2FdWVXqS%2BASfDpY5C2usBEFzjuAlEXgdP7CIBQmJ0DGV6dVXGKV3ZZPGB7aN%2FDX4CnPbTvhwMgw5vHBW%2Fbi0okhiupoR1kwNtd4I0uRMkWmI4FPN0CYi4Ap%2FfQ2MMZkOHGnBYKOO0%2FV6kEXqnsuqO4zNzRYpVWR6vlqj9KXEq8qusxt1wZjojzLvCgC4KtAtYjkGgLEm5BEliQRBaEtG%2FjUi1wnErgB55XLRJCPI%2BQUrVMS9QrVgMHEjLwsAomWgUiVoHE5yGKz0OTX%2B4hdGED4uQr0MsZaGqBNghaNIOUIUg1ghQjSDmC1CBIW9kVKnRBZ1ep0Inv7uXCXvaydWUaa%2FiKMg0m0Vq0g%2FYPp%2Ffz459Dk%2FVtXAhqNSdwnWKl7JRdUnFr1CUuxh4uMEILoHkGXI8A1hZ0eA8deOYniAYrfeM38PEWaLEFhD8BODkIOF2vFBzAy%2BvFqgMdeb0dYGlwZyVPVAhUZRCZfWBWrDWxg54e6qhM3ANGtse%2FH7nxMv91DUicQRRn8Cr%2FGkFDXFpfUCnaWFCpRrfnIsND3sGDDS8abBj6%2BDRbSVVM65N69doEGRADeH2JaTODJeWyodEnxzmlLD6pYsLQl3V9lvnziV4%2BnsQyiWbmT5ysh1HMtOZKdgHz%2B%2B1XgPAe%2Bv%2BdG8PbPfhsDXi8BXHSn1w2JjoyNkYEJ818REQzL3HIdutxzbA55pVrTqFwCFNO%2F8D8WGcGB1XvNU%2B%2BOHXOgTDZHn977O77h6%2FuB666QKI3P8rl6ifmZnO5%2FsLftDDLSehLzMU%2FbXOIhw1zjBMlr%2BVyS%2FWlmalc7ou6TXHDZrEtVppNRnGDSZtyaT%2F48N3PbuVyk1OLJxbq80v1oRR70eDY2DriQjBjh4zaruM49uzcadtXMtG3crmZiYXpqXP1MxPTU7lc%2F9S%2FJR50tI32ArRCEItHtR9ZkCbZelzwt8ezU089%2BN87d0DwHjpyV4Ng2%2BPvdX6cvnngdcB%2BBpr96eEjvKYvQSO2AJuLIMMMWnEGLZEBFqugk%2F%2BsmyjeHv%2FWGwb4wlr3RWxt%2BCIWl3dvVvO%2BzUqBEzCnwPyg5gcV7NBaUKz5uOayil%2FCLhjdI2u3mr8DAAD%2F%2FwEAAP%2F%2Fv23QQuwFAAA%3D
IP 192.243.59.13:0
ASN #39572 DataWeb Global Group B.V.
File type ASCII text, with no line terminators
Hash 132d6af1b46048b45cf86cdee7991d31
eb7007d03d59b65bc6da7e098c4d38fc6dfb6285
ab852e838deccd742a03ca81d4a8d75cf1a00b327db3eaf46bd7da6b6db9384c
Analyzer Verdict Alert quad9 Sinkholed
GET /ren.gif?sid=H4sIAAAAAAAC%2F6xS32sc1Re%2Fk2%2B%2FX%2FiiD1aKIFIcWCkVzGZmZ3%2B2lJA2abo0TWISKfpS7tx7Z3PdO%2FeOc%2B%2FsbFaE0or0QSEVQd%2BcnKSN1f6wb1YUZCMFCRS6PsiCBvQPkILQR5XdRKoPgg%2Behzmfw2cu5%2FM557y1luwgBxLcnz%2BjOlwIPFbKO%2Fbhs1xSlWp7dsl2nbxz1D7LZbl41G4PPnHriOuU8s7z9jQjTTVWcFzHcR3XPsljFqj22JAFHl2vufmaky8W8m6pCO34r7VOLNDYAtraQU8Cp73%2FLn9zGzjpggw%2FnWS6aVT0wlSYCGxUDC26%2BZJsSpVKCB%2FBILYgkJt7f4PSPYQ%2BGAElN%2FccgGptDByAz3vI%2Bs4FX27uyQS%2FdWVXqS%2BASfDpY5C2usBEFzjuAlEXgdP7CIBQmJ0DGV6dVXGKV3ZZPGB7aN%2FDX4CnPbTvhwMgw5vHBW%2Fbi0okhiupoR1kwNtd4I0uRMkWmI4FPN0CYi4Ap%2FfQ2MMZkOHGnBYKOO0%2FV6kEXqnsuqO4zNzRYpVWR6vlqj9KXEq8qusxt1wZjojzLvCgC4KtAtYjkGgLEm5BEliQRBaEtG%2FjUi1wnErgB55XLRJCPI%2BQUrVMS9QrVgMHEjLwsAomWgUiVoHE5yGKz0OTX%2B4hdGED4uQr0MsZaGqBNghaNIOUIUg1ghQjSDmC1CBIW9kVKnRBZ1ep0Inv7uXCXvaydWUaa%2FiKMg0m0Vq0g%2FYPp%2Ffz459Dk%2FVtXAhqNSdwnWKl7JRdUnFr1CUuxh4uMEILoHkGXI8A1hZ0eA8deOYniAYrfeM38PEWaLEFhD8BODkIOF2vFBzAy%2BvFqgMdeb0dYGlwZyVPVAhUZRCZfWBWrDWxg54e6qhM3ANGtse%2FH7nxMv91DUicQRRn8Cr%2FGkFDXFpfUCnaWFCpRrfnIsND3sGDDS8abBj6%2BDRbSVVM65N69doEGRADeH2JaTODJeWyodEnxzmlLD6pYsLQl3V9lvnziV4%2BnsQyiWbmT5ysh1HMtOZKdgHz%2B%2B1XgPAe%2Bv%2BdG8PbPfhsDXi8BXHSn1w2JjoyNkYEJ818REQzL3HIdutxzbA55pVrTqFwCFNO%2F8D8WGcGB1XvNU%2B%2BOHXOgTDZHn977O77h6%2FuB666QKI3P8rl6ifmZnO5%2FsLftDDLSehLzMU%2FbXOIhw1zjBMlr%2BVyS%2FWlmalc7ou6TXHDZrEtVppNRnGDSZtyaT%2F48N3PbuVyk1OLJxbq80v1oRR70eDY2DriQjBjh4zaruM49uzcadtXMtG3crmZiYXpqXP1MxPTU7lc%2F9S%2FJR50tI32ArRCEItHtR9ZkCbZelzwt8ezU089%2BN87d0DwHjpyV4Ng2%2BPvdX6cvnngdcB%2BBpr96eEjvKYvQSO2AJuLIMMMWnEGLZEBFqugk%2F%2BsmyjeHv%2FWGwb4wlr3RWxt%2BCIWl3dvVvO%2BzUqBEzCnwPyg5gcV7NBaUKz5uOayil%2FCLhjdI2u3mr8DAAD%2F%2FwEAAP%2F%2Fv23QQuwFAAA%3D HTTP/1.1
Host: spinalmultiple.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Cookie: u_pl=15600826; uid_id2=77f35611-a6e1-48d8-868b-c1dc3813e167:2:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.17.6
Date: Tue, 20 Dec 2022 12:49:47 GMT
Content-Type: image/gif
Content-Length: 7
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: dff073dc5f8e2eeb48f04b5ddc429503
Strict-Transport-Security: max-age=0; includeSubdomains
officialbanisters.com/sbar.json?key=21fe3950f412e026c33f1b6cee613eba&uuid=65782ba5-1458-4762-b993-c2593eacb39c%3A1%3A1
192.243.59.13200 OK 5.1 kB URL HTTP/1.1 officialbanisters.com/sbar.json?key=21fe3950f412e026c33f1b6cee613eba&uuid=65782ba5-1458-4762-b993-c2593eacb39c%3A1%3A1
IP 192.243.59.13:0
ASN #39572 DataWeb Global Group B.V.
File type JSON data\012- , Unicode text, UTF-8 text, with very long lines (7163), with no line terminators
Hash 5431d260acd7e5664e6c4f162f81d866
2eafa536d17478cc9ae4f06518196f1b6f141fd1
859c149ac9a1c2ae3384b99cc544b524bb4fad976d1925d845aaa8f9d01c707b
Analyzer Verdict Alert quad9 Sinkholed
GET /sbar.json?key=21fe3950f412e026c33f1b6cee613eba&uuid=65782ba5-1458-4762-b993-c2593eacb39c%3A1%3A1 HTTP/1.1
Host: officialbanisters.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://xfantazy.com
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.17.6
Date: Tue, 20 Dec 2022 12:49:47 GMT
Content-Type: text/plain; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: https://xfantazy.com
Access-Control-Allow-Origin: https://xfantazy.com
Access-Control-Allow-Credentials: true
Set-Cookie: u_pl=17661735; expires=Wed, 21 Dec 2022 12:49:47 GMT; secure; SameSite=None
uid_id2=65782ba5-1458-4762-b993-c2593eacb39c:1:1; expires=Tue, 27 Dec 2022 12:49:47 GMT; secure; SameSite=None
pdhtkv=true; expires=Wed, 21 Dec 2022 12:49:47 GMT; secure; SameSite=None
uncs=1; expires=Wed, 21 Dec 2022 12:49:47 GMT; secure; SameSite=None
pdhtkv29=true; expires=Wed, 21 Dec 2022 12:49:47 GMT; secure; SameSite=None
uncs29=1; expires=Wed, 21 Dec 2022 12:49:47 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 9e58d64ced4cae0c39e2f51f0e0aac87
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
e1.o.lencr.org/
95.101.11.115200 OK 344 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash b38adceee348afba68fa7f50a19d7df9
95f6a0e95e6fad7ace85be916fb18e7b4327dc44
caadb9f9378977efc7bf8a3eaa604a54bb0ca3c0c4421921d06bf04075b72306
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 344
ETag: "CAADB9F9378977EFC7BF8A3EAA604A54BB0CA3C0C4421921D06BF04075B72306"
Last-Modified: Tue, 20 Dec 2022 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2136
Expires: Tue, 20 Dec 2022 13:25:23 GMT
Date: Tue, 20 Dec 2022 12:49:47 GMT
Connection: keep-alive
e1.o.lencr.org/
95.101.11.115200 OK 344 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash b38adceee348afba68fa7f50a19d7df9
95f6a0e95e6fad7ace85be916fb18e7b4327dc44
caadb9f9378977efc7bf8a3eaa604a54bb0ca3c0c4421921d06bf04075b72306
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 344
ETag: "CAADB9F9378977EFC7BF8A3EAA604A54BB0CA3C0C4421921D06BF04075B72306"
Last-Modified: Tue, 20 Dec 2022 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2136
Expires: Tue, 20 Dec 2022 13:25:23 GMT
Date: Tue, 20 Dec 2022 12:49:47 GMT
Connection: keep-alive
cdn.barscreative1.com//sb/notifications/rtb/social/facebook/1-1/index.html
45.133.44.3200 OK 450 B URL HTTP/2 cdn.barscreative1.com//sb/notifications/rtb/social/facebook/1-1/index.html
IP 45.133.44.3:0
ASN #39572 DataWeb Global Group B.V.
File type HTML document text\012- HTML document, ASCII text
Hash d3506e229b3620b6eae2ec731cc3729e
fc3a7801f37059abd78e356f45f3ab61330415d4
cd3dff631bbb5398c0765b02427df391cd00c5e0d1f5d23f985a467af7a0ff6a
GET //sb/notifications/rtb/social/facebook/1-1/index.html HTTP/1.1
Host: cdn.barscreative1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://xfantazy.com
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Tue, 20 Dec 2022 12:49:47 GMT
content-type: text/html; charset=utf-8
server: nginx/1.17.6
last-modified: Tue, 24 May 2022 12:11:15 GMT
etag: W/"628ccb63-4c6"
cache-control: max-age=3600
access-control-allow-origin: *
access-control-expose-headers: Date
content-encoding: gzip
expires: Tue, 20 Dec 2022 13:49:47 GMT
x-proxy-cache: HIT
X-Firefox-Spdy: h2
preoccupycommittee.com/pixel/purst?dl=0&th=0&sc=0&rs=3379&rd=3379&fd=616&bv=22.10.v.10&tmpl=136
192.243.59.12200 OK 0 B URL HTTP/1.1 preoccupycommittee.com/pixel/purst?dl=0&th=0&sc=0&rs=3379&rd=3379&fd=616&bv=22.10.v.10&tmpl=136
IP 192.243.59.12:0
ASN #39572 DataWeb Global Group B.V.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /pixel/purst?dl=0&th=0&sc=0&rs=3379&rd=3379&fd=616&bv=22.10.v.10&tmpl=136 HTTP/1.1
Host: preoccupycommittee.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.17.6
Date: Tue, 20 Dec 2022 12:49:47 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
e1.o.lencr.org/
95.101.11.115200 OK 1.0 kB IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
File type gzip compressed data, max compression\012- data
Hash 906936bab67b469fc7af6aa0179c3493
9d22dd19f0a72218e4d24dc9bcde0d6964bad022
e9b594b252cfd98231ce92d0201f2174ce2e831e1db19661deff2a8fc4dae343
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 344
ETag: "CAADB9F9378977EFC7BF8A3EAA604A54BB0CA3C0C4421921D06BF04075B72306"
Last-Modified: Tue, 20 Dec 2022 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7488
Expires: Tue, 20 Dec 2022 14:54:35 GMT
Date: Tue, 20 Dec 2022 12:49:47 GMT
Connection: keep-alive
mc.yandex.ru/metrika/advert.gif
87.250.251.119200 OK 43 B URL HTTP/2 mc.yandex.ru/metrika/advert.gif
IP 87.250.251.119:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash df3e567d6f16d040326c7a0ea29a4f41
ea7df583983133b62712b5e73bffbcd45cc53736
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
GET /metrika/advert.gif HTTP/1.1
Host: mc.yandex.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-length: 43
date: Tue, 20 Dec 2022 12:49:47 GMT
access-control-allow-origin: *
etag: "63a043d3-2b"
expires: Tue, 20 Dec 2022 13:49:47 GMT
accept-ranges: bytes
last-modified: Mon, 19 Dec 2022 13:58:27 GMT
cache-control: max-age=3600
content-type: image/gif
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
www.google-analytics.com/analytics.js
142.250.74.46200 OK 20 kB URL HTTP/2 www.google-analytics.com/analytics.js
IP 142.250.74.46:0
File type ASCII text, with very long lines (1325)
Hash 47e6f374ca946fddd5b59871b325736c
baa9282efc8785e84d247c3bff518eaa45f101c4
16580b5c87c58e5702e411f1888fdef511094e4cd6d62bb47d16291ffb25985e
GET /analytics.js HTTP/1.1
Host: www.google-analytics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 20039
date: Tue, 20 Dec 2022 11:34:02 GMT
expires: Tue, 20 Dec 2022 13:34:02 GMT
cache-control: public, max-age=7200
age: 4545
last-modified: Tue, 27 Sep 2022 22:01:05 GMT
content-type: text/javascript
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
officialbanisters.com/ren.gif?sid=H4sIAAAAAAAC%2F5RS0WscVRe%2F068ffFA%2Bvk%2FxRcEydkWtNJuZnZ1kN6XEtE3L0jSJSaTgS7n3zp3d696ZO9x7Z2cTHxpblT6mRVAE6eQkaawW2z4U%2BiKUjQ9qQOz6IIs0%2F4AIBaG%2Bym4CVcEHD8ycc%2Fjde%2B7vd855fzXdQQ6kuDd7Vi5xIfCwX3TsV87xOJCZtqcXbNcpOkftczweKR%2B12%2F2fao25jl90DtunGW3K4ZLjOo7ruPYprlgo28MDFHhys%2BoWq06xXCq6fhna6s%2B5Ti3Q2IKgtYOeBh50%2F9345g5w2oE4un2S6aaRyZHJKBXYSAWtYPONuBnLLIboSRgqC8J4c%2B80SN1F6KN9IOPNPQUgW%2Bt9BUB4F1k%2FukDizT2aQFobu0yJABYDCQ5A1uoAEx3guANUXgIePEAANIDpGYij69NSZXhxF8V9tIv2P%2F4VeNZF%2Bx8%2BA3H0xXHB2%2Fa8FKnhMtbQDnPg7Q7wegeSdAvMkgU82wJqLgIPvkPDj6cgjtZntJDAg96LI%2F5opUSwP%2BSW%2FcpQeXSkNESqVW%2BIlvyqxzAlXpUOWsR5B3jYAcFWAGsL0v7HLUhDC9LEgijo2divho4zGpLQ8yplSqnnUepXRgI%2F8MqV0IGU9jWsgElWgIoVoGoZErUMTX6li9DFdVDpfdCNHHRggTYIWkEOGUOQaQQZRpBxBJlBkLXyjUDoks6vB0KnxN3zpT3v5WvS1FfxhjR1FqPVZAc91e%2Be9d8LL0OT9eySGzKv6jth2S0xpzRCPS90yQhlbMT1GMGgeQ5c7xtoXeJddNA%2FAAnvov%2BM3weCt0CLLaD8%2F4DT5wFna6MlB3BjrVxxYCm%2BF2OTKiwaDAvT0DJVlBWpSAkEMofE7AezaK2KHfTsYKLVt68Co9uvvfD9J4fs7AJQlUOicniLf4WgLi6vzckMrc%2FJTKM7M4nhEV%2FC%2FWnPG2wY%2BuwMW8ykCmon9cqNCdoH%2BuHNBabNFI4DHtc1%2Bvw4DwKmTklFGfqyps8xMpvqxvFUxWkyNXviVC1KFNOay7gDmD9ovwm0L%2Fbu%2BmCPn5t4B7jaApX2jjSMScaGh6ngtFlMqGgWYxyx3XycH9Nzk%2B7oqxO0XamcdyBKt8e%2Fvbt84Rf7MHDZAZq8%2B2mhUDsxM10o9Mb%2BppRppBGJMRd%2FLfcSj%2BrmGKcyvlEoLNQWpiYLhd7wo2sfbCzwQBNWVyzWzNiGC5IGY7brOI49PXPGDqWyA1a3H137ePlWoXBycv7EXG12oTagcWi%2BuRgHA3xrww63NuwWE00ZaUNknOpH167evlUoTE3MnZ48Xzs7cbr%2FqPNPqYNOttGegZYIlHiSk8SCLM3XVIlsj2%2F85H34EP0GgnfR2LH%2FgWDb41%2B%2F%2FvN7B%2B%2FNASY5aPaHi0%2FiVX0Z6soCbC5BHOXQUjm0RA5YrIBO%2F7VmErU9%2FoM3MCDCWiNCWetEKHFldwM179nMD52QOSVGwioJR7ETVMNyleCqy0aJj10wuktXbzV%2FBwAA%2F%2F8BAAD%2F%2Fy3LlfvGBQAA
192.243.59.13200 OK 7 B URL HTTP/1.1 officialbanisters.com/ren.gif?sid=H4sIAAAAAAAC%2F5RS0WscVRe%2F068ffFA%2Bvk%2FxRcEydkWtNJuZnZ1kN6XEtE3L0jSJSaTgS7n3zp3d696ZO9x7Z2cTHxpblT6mRVAE6eQkaawW2z4U%2BiKUjQ9qQOz6IIs0%2F4AIBaG%2Bym4CVcEHD8ycc%2Fjde%2B7vd855fzXdQQ6kuDd7Vi5xIfCwX3TsV87xOJCZtqcXbNcpOkftczweKR%2B12%2F2fao25jl90DtunGW3K4ZLjOo7ruPYprlgo28MDFHhys%2BoWq06xXCq6fhna6s%2B5Ti3Q2IKgtYOeBh50%2F9345g5w2oE4un2S6aaRyZHJKBXYSAWtYPONuBnLLIboSRgqC8J4c%2B80SN1F6KN9IOPNPQUgW%2Bt9BUB4F1k%2FukDizT2aQFobu0yJABYDCQ5A1uoAEx3guANUXgIePEAANIDpGYij69NSZXhxF8V9tIv2P%2F4VeNZF%2Bx8%2BA3H0xXHB2%2Fa8FKnhMtbQDnPg7Q7wegeSdAvMkgU82wJqLgIPvkPDj6cgjtZntJDAg96LI%2F5opUSwP%2BSW%2FcpQeXSkNESqVW%2BIlvyqxzAlXpUOWsR5B3jYAcFWAGsL0v7HLUhDC9LEgijo2divho4zGpLQ8yplSqnnUepXRgI%2F8MqV0IGU9jWsgElWgIoVoGoZErUMTX6li9DFdVDpfdCNHHRggTYIWkEOGUOQaQQZRpBxBJlBkLXyjUDoks6vB0KnxN3zpT3v5WvS1FfxhjR1FqPVZAc91e%2Be9d8LL0OT9eySGzKv6jth2S0xpzRCPS90yQhlbMT1GMGgeQ5c7xtoXeJddNA%2FAAnvov%2BM3weCt0CLLaD8%2F4DT5wFna6MlB3BjrVxxYCm%2BF2OTKiwaDAvT0DJVlBWpSAkEMofE7AezaK2KHfTsYKLVt68Co9uvvfD9J4fs7AJQlUOicniLf4WgLi6vzckMrc%2FJTKM7M4nhEV%2FC%2FWnPG2wY%2BuwMW8ykCmon9cqNCdoH%2BuHNBabNFI4DHtc1%2Bvw4DwKmTklFGfqyps8xMpvqxvFUxWkyNXviVC1KFNOay7gDmD9ovwm0L%2Fbu%2BmCPn5t4B7jaApX2jjSMScaGh6ngtFlMqGgWYxyx3XycH9Nzk%2B7oqxO0XamcdyBKt8e%2Fvbt84Rf7MHDZAZq8%2B2mhUDsxM10o9Mb%2BppRppBGJMRd%2FLfcSj%2BrmGKcyvlEoLNQWpiYLhd7wo2sfbCzwQBNWVyzWzNiGC5IGY7brOI49PXPGDqWyA1a3H137ePlWoXBycv7EXG12oTagcWi%2BuRgHA3xrww63NuwWE00ZaUNknOpH167evlUoTE3MnZ48Xzs7cbr%2FqPNPqYNOttGegZYIlHiSk8SCLM3XVIlsj2%2F85H34EP0GgnfR2LH%2FgWDb41%2B%2F%2FvN7B%2B%2FNASY5aPaHi0%2FiVX0Z6soCbC5BHOXQUjm0RA5YrIBO%2F7VmErU9%2FoM3MCDCWiNCWetEKHFldwM179nMD52QOSVGwioJR7ETVMNyleCqy0aJj10wuktXbzV%2FBwAA%2F%2F8BAAD%2F%2Fy3LlfvGBQAA
IP 192.243.59.13:0
ASN #39572 DataWeb Global Group B.V.
File type ASCII text, with no line terminators
Hash 132d6af1b46048b45cf86cdee7991d31
eb7007d03d59b65bc6da7e098c4d38fc6dfb6285
ab852e838deccd742a03ca81d4a8d75cf1a00b327db3eaf46bd7da6b6db9384c
Analyzer Verdict Alert quad9 Sinkholed
GET /ren.gif?sid=H4sIAAAAAAAC%2F5RS0WscVRe%2F068ffFA%2Bvk%2FxRcEydkWtNJuZnZ1kN6XEtE3L0jSJSaTgS7n3zp3d696ZO9x7Z2cTHxpblT6mRVAE6eQkaawW2z4U%2BiKUjQ9qQOz6IIs0%2F4AIBaG%2Bym4CVcEHD8ycc%2Fjde%2B7vd855fzXdQQ6kuDd7Vi5xIfCwX3TsV87xOJCZtqcXbNcpOkftczweKR%2B12%2F2fao25jl90DtunGW3K4ZLjOo7ruPYprlgo28MDFHhys%2BoWq06xXCq6fhna6s%2B5Ti3Q2IKgtYOeBh50%2F9345g5w2oE4un2S6aaRyZHJKBXYSAWtYPONuBnLLIboSRgqC8J4c%2B80SN1F6KN9IOPNPQUgW%2Bt9BUB4F1k%2FukDizT2aQFobu0yJABYDCQ5A1uoAEx3guANUXgIePEAANIDpGYij69NSZXhxF8V9tIv2P%2F4VeNZF%2Bx8%2BA3H0xXHB2%2Fa8FKnhMtbQDnPg7Q7wegeSdAvMkgU82wJqLgIPvkPDj6cgjtZntJDAg96LI%2F5opUSwP%2BSW%2FcpQeXSkNESqVW%2BIlvyqxzAlXpUOWsR5B3jYAcFWAGsL0v7HLUhDC9LEgijo2divho4zGpLQ8yplSqnnUepXRgI%2F8MqV0IGU9jWsgElWgIoVoGoZErUMTX6li9DFdVDpfdCNHHRggTYIWkEOGUOQaQQZRpBxBJlBkLXyjUDoks6vB0KnxN3zpT3v5WvS1FfxhjR1FqPVZAc91e%2Be9d8LL0OT9eySGzKv6jth2S0xpzRCPS90yQhlbMT1GMGgeQ5c7xtoXeJddNA%2FAAnvov%2BM3weCt0CLLaD8%2F4DT5wFna6MlB3BjrVxxYCm%2BF2OTKiwaDAvT0DJVlBWpSAkEMofE7AezaK2KHfTsYKLVt68Co9uvvfD9J4fs7AJQlUOicniLf4WgLi6vzckMrc%2FJTKM7M4nhEV%2FC%2FWnPG2wY%2BuwMW8ykCmon9cqNCdoH%2BuHNBabNFI4DHtc1%2Bvw4DwKmTklFGfqyps8xMpvqxvFUxWkyNXviVC1KFNOay7gDmD9ovwm0L%2Fbu%2BmCPn5t4B7jaApX2jjSMScaGh6ngtFlMqGgWYxyx3XycH9Nzk%2B7oqxO0XamcdyBKt8e%2Fvbt84Rf7MHDZAZq8%2B2mhUDsxM10o9Mb%2BppRppBGJMRd%2FLfcSj%2BrmGKcyvlEoLNQWpiYLhd7wo2sfbCzwQBNWVyzWzNiGC5IGY7brOI49PXPGDqWyA1a3H137ePlWoXBycv7EXG12oTagcWi%2BuRgHA3xrww63NuwWE00ZaUNknOpH167evlUoTE3MnZ48Xzs7cbr%2FqPNPqYNOttGegZYIlHiSk8SCLM3XVIlsj2%2F85H34EP0GgnfR2LH%2FgWDb41%2B%2F%2FvN7B%2B%2FNASY5aPaHi0%2FiVX0Z6soCbC5BHOXQUjm0RA5YrIBO%2F7VmErU9%2FoM3MCDCWiNCWetEKHFldwM179nMD52QOSVGwioJR7ETVMNyleCqy0aJj10wuktXbzV%2FBwAA%2F%2F8BAAD%2F%2Fy3LlfvGBQAA HTTP/1.1
Host: officialbanisters.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Cookie: u_pl=17661735; uid_id2=65782ba5-1458-4762-b993-c2593eacb39c:1:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.17.6
Date: Tue, 20 Dec 2022 12:49:47 GMT
Content-Type: image/gif
Content-Length: 7
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 2dcdbdc6af981253005ce105f01befac
Strict-Transport-Security: max-age=0; includeSubdomains
cdn.creative-bars1.com/sb/notifications/rtb/social/facebook/1-1/js/script.js
172.64.109.13200 OK 322 B URL HTTP/2 cdn.creative-bars1.com/sb/notifications/rtb/social/facebook/1-1/js/script.js
IP 172.64.109.13:0
Hash a4d3eb992070312910755e522bc3882a
c3d783a43dfb4424225f4a266d6af86450644ced
bb91467c8b11fa5dd1e19d4cfb00f4dddbd54fedac0c03be0dd1ec6ab8338aa8
GET /sb/notifications/rtb/social/facebook/1-1/js/script.js HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://xfantazy.com
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Tue, 20 Dec 2022 12:49:47 GMT
content-type: application/javascript
last-modified: Tue, 24 May 2022 12:11:21 GMT
etag: W/"628ccb69-322"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 3013335
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=pFUQJ%2BkaTyZl7v1HvuSDOflja%2Fkz6vIHgUWmxPPFJcY606hQyNBc2E7Vy3FiYQa7pq%2BswFWCgDixy0fXr0IFfEonhCTJ6K%2BaMO6V1fRC3k6vur5AUYoFIhiN0wzL7EweDbCtrfTKYp7B"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 77c880011f960662-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
d3t87ooo0697p8.cloudfront.net/?oootd=971975
143.204.42.94200 OK 113 kB URL HTTP/2 d3t87ooo0697p8.cloudfront.net/?oootd=971975
IP 143.204.42.94:0
File type Unicode text, UTF-8 text, with very long lines (15952)
Size 113 kB (113140 bytes)
Hash 4084f11cedfdb47d7c0531b2e440a326
b25b1de9cf0a334253f2ee125eb9fa8500be3378
d3f593949a196e3e2288ea8f1cd3d1a71c91fbba5c54eeabf40fe8aa5a3fef50
GET /?oootd=971975 HTTP/1.1
Host: d3t87ooo0697p8.cloudfront.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-length: 113140
date: Tue, 20 Dec 2022 12:49:47 GMT
access-control-allow-origin: *
cache-control: no-store, no-cache, proxy-revalidate, must-revalidate, private, no-transform
content-encoding: gzip
pragma: no-cache
x-cache: Miss from cloudfront
via: 1.1 f66e3db0f0449307dba3fbf72bbf3bac.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: cAllnIOcWLLHiJjbfirrpLpOvv4MjiW-uCju3EJfgXbWkk3nhEg8eA==
X-Firefox-Spdy: h2
cdn.barscreative1.com/sb/notifications/rtb/android/2/index.html
45.133.44.3200 OK 448 B URL HTTP/2 cdn.barscreative1.com/sb/notifications/rtb/android/2/index.html
IP 45.133.44.3:0
ASN #39572 DataWeb Global Group B.V.
File type HTML document text\012- HTML document, ASCII text
Hash 1ecd8afd2339351910f9bbdd847230cc
f1cc983189f25dc1e50ebbccd55a4b77dc2d0f29
946409c406dd70b5e40807daa844bb0fe4d1c71500c2a7940c3b0aeca5df92f1
GET /sb/notifications/rtb/android/2/index.html HTTP/1.1
Host: cdn.barscreative1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://xfantazy.com
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Tue, 20 Dec 2022 12:49:47 GMT
content-type: text/html; charset=utf-8
server: nginx/1.17.6
last-modified: Wed, 27 Jan 2021 16:11:22 GMT
etag: W/"601190aa-45c"
cache-control: max-age=3600
access-control-allow-origin: *
access-control-expose-headers: Date
content-encoding: gzip
expires: Tue, 20 Dec 2022 13:49:47 GMT
x-proxy-cache: HIT
X-Firefox-Spdy: h2
a.naturalhealthsource.club/api/spots/380873?host=xfantazy.com&ev=197&wh=939&ww=1280&uuid=
135.181.208.216200 OK 0 B URL HTTP/2 a.naturalhealthsource.club/api/spots/380873?host=xfantazy.com&ev=197&wh=939&ww=1280&uuid=
IP 135.181.208.216:0
ASN #24940 Hetzner Online GmbH
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /api/spots/380873?host=xfantazy.com&ev=197&wh=939&ww=1280&uuid= HTTP/1.1
Host: a.naturalhealthsource.club
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 20 Dec 2022 12:49:47 GMT
content-length: 0
set-cookie: nauid=KBU8bFxe1fukIRyrlO3X; Path=/; Expires=Wed, 11 Nov 2037 11:11:11 GMT; Secure; SameSite=None
cache-control: private
X-Firefox-Spdy: h2
a.naturalhealthsource.club/api/spots/391860?host=xfantazy.com&ev=197&wh=939&ww=1280&uuid=
135.181.208.216200 OK 0 B URL HTTP/2 a.naturalhealthsource.club/api/spots/391860?host=xfantazy.com&ev=197&wh=939&ww=1280&uuid=
IP 135.181.208.216:0
ASN #24940 Hetzner Online GmbH
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /api/spots/391860?host=xfantazy.com&ev=197&wh=939&ww=1280&uuid= HTTP/1.1
Host: a.naturalhealthsource.club
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 20 Dec 2022 12:49:47 GMT
content-length: 0
set-cookie: nauid=i7zOqBm5UkjTufgsKZAE; Path=/; Expires=Wed, 11 Nov 2037 11:11:11 GMT; Secure; SameSite=None
cache-control: private
X-Firefox-Spdy: h2
a.naturalhealthsource.club/api/spots/406858?host=xfantazy.com&ev=197&wh=939&ww=1280&uuid=
135.181.208.216200 OK 0 B URL HTTP/2 a.naturalhealthsource.club/api/spots/406858?host=xfantazy.com&ev=197&wh=939&ww=1280&uuid=
IP 135.181.208.216:0
ASN #24940 Hetzner Online GmbH
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /api/spots/406858?host=xfantazy.com&ev=197&wh=939&ww=1280&uuid= HTTP/1.1
Host: a.naturalhealthsource.club
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 20 Dec 2022 12:49:47 GMT
content-length: 0
set-cookie: nauid=3tLIHRTclgAdHpEtWJBv; Path=/; Expires=Wed, 11 Nov 2037 11:11:11 GMT; Secure; SameSite=None
cache-control: private
X-Firefox-Spdy: h2
click.pclk.name/thumbnail?seat=369022&adid=369022&i=zLaf83q3nQE_0&imgt=icon
173.239.53.24302 Found 0 B URL HTTP/1.1 click.pclk.name/thumbnail?seat=369022&adid=369022&i=zLaf83q3nQE_0&imgt=icon
IP 173.239.53.24:0
ASN #27257 WEBAIR-INTERNET
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /thumbnail?seat=369022&adid=369022&i=zLaf83q3nQE_0&imgt=icon HTTP/1.1
Host: click.pclk.name
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
HTTP/1.1 302 Found
Cache-Control: no-store
Content-Length: 0
Age: 0
Connection: keep-alive
Location: https://us.doctorpost.net/metrics/save.img?event=impressions&bid-id=v2-1671540587113-7-8077-1178228-cddf54be-1cf6-b707-2e8b-28eb8fd53ce9&img=https%3A%2F%2Ftrack.trackingtraffo.com%2Fpush%2Fic%3Fauth%3Dpz6u78%26c%3DXMveNk3mlZZKedims-_4GmCGdw5rPgB1coDfq4asUHxqKZk1PRHvlKfeXX6w7iIQJaUWKbK8TP4xACPjCiurh_4UjyHW1zM4Zf08sIcKAyzpXhUenM5TtUHlBALP00FOyCN9D6NRHv9V6fp6GRlOqnazp8k6gUAAmoBW4OmE9o6K8trv-ohxZsKARJQTFuHo2EtqSpFCSAwDzKUn6bXHyd7vCBVN7YsvPqoTziEFNNKnzHD-kffLcbdEXDYkuKwbeJQy5EResJxeXeB2DHuFKaOX7zPTsicR-JSiX916ZXHrEWRFhc_zxExjV-S_ICM6gBGupVS5t9oMlllQgPgQnN1aZN6LPT9iI4rB2g6QdGy9OVaq9LkfBy7LGTVEPoesxSy0BY3t0YKxK_1F8XyGjEj2ln3wwSB8KjbbcjfVqtTwcYCfFohnz9X3s21EOJCSo0aVo1BTRgxfdwzb2X8bDcw4XvmWSFO3hHzYhIn02ABu5NvwjqLPah__AKHSagaJOOVatkr0zSIf9JseCZIhdoFqpY9HEySnXuhRwjtWY_HFByc0b9J7bPB7M79JVqDG5qFWIcEVhBvSHj2cNHR_gApr4wG9BWRUijfnP41ETpi36OIz
Pragma: no-cache
officialbanisters.com/pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fnotifications%2Frtb%2Fsocial%2Ffacebook%2F1-1%2Fcss%2Fanimate.css&l=79245&fd=112
192.243.59.13200 OK 0 B URL HTTP/1.1 officialbanisters.com/pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fnotifications%2Frtb%2Fsocial%2Ffacebook%2F1-1%2Fcss%2Fanimate.css&l=79245&fd=112
IP 192.243.59.13:0
ASN #39572 DataWeb Global Group B.V.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fnotifications%2Frtb%2Fsocial%2Ffacebook%2F1-1%2Fcss%2Fanimate.css&l=79245&fd=112 HTTP/1.1
Host: officialbanisters.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Cookie: u_pl=17661735; uid_id2=65782ba5-1458-4762-b993-c2593eacb39c:1:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.17.6
Date: Tue, 20 Dec 2022 12:49:48 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
ocsp.pki.goog/s/gts1p5/lwa0GjFbdPI
142.250.74.131200 OK 471 B URL HTTP/1.1 ocsp.pki.goog/s/gts1p5/lwa0GjFbdPI
IP 142.250.74.131:0
Hash bd2f934775b77b34dc35c5af017a591b
7ea50708bb31bf8435db4dca1370e9a87f74e074
bd10f7f7220e1cc37f33b3b0474b41afa2613eaba20696099ba0366030895bc4
POST /s/gts1p5/lwa0GjFbdPI HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 20 Dec 2022 12:49:48 GMT
Cache-Control: public, max-age=14400
Server: scaffolding on HTTPServer2
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
mc.yandex.ru/watch/49415098/1?page-url=https%3A%2F%2Fxfantazy.com%2Fvideo%2F6256b6895a615f1d0cf9c694&charset=utf-8&hittoken=1671540586_c5882cbf6aa2edc4a53c40f149293d768e3d9a8e7bd142b5a8353d6f13bf35b9&browser-info=pa%3A1%3Aar%3A1%3Avf%3A14qzoz81s4a176hik6jd9j%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A951%3Acn%3A1%3Adp%3A0%3Als%3A714245273165%3Ahid%3A768118441%3Az%3A0%3Ai%3A20221220124948%3Aet%3A1671540588%3Ac%3A1%3Arn%3A63527385%3Arqn%3A9%3Au%3A1671540586810168765%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Aco%3A0%3Aeu%3A1%3Ans%3A1671540583952%3Aadb%3A2%3Ast%3A1671540588&t=gdpr(14)mc(p-6-h-1)clc(0-0-0)rqnt(9)aw(1)ecs(1)ti(2)
87.250.251.119200 OK 43 B URL HTTP/2 mc.yandex.ru/watch/49415098/1?page-url=https%3A%2F%2Fxfantazy.com%2Fvideo%2F6256b6895a615f1d0cf9c694&charset=utf-8&hittoken=1671540586_c5882cbf6aa2edc4a53c40f149293d768e3d9a8e7bd142b5a8353d6f13bf35b9&browser-info=pa%3A1%3Aar%3A1%3Avf%3A14qzoz81s4a176hik6jd9j%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A951%3Acn%3A1%3Adp%3A0%3Als%3A714245273165%3Ahid%3A768118441%3Az%3A0%3Ai%3A20221220124948%3Aet%3A1671540588%3Ac%3A1%3Arn%3A63527385%3Arqn%3A9%3Au%3A1671540586810168765%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Aco%3A0%3Aeu%3A1%3Ans%3A1671540583952%3Aadb%3A2%3Ast%3A1671540588&t=gdpr(14)mc(p-6-h-1)clc(0-0-0)rqnt(9)aw(1)ecs(1)ti(2)
IP 87.250.251.119:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash df3e567d6f16d040326c7a0ea29a4f41
ea7df583983133b62712b5e73bffbcd45cc53736
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
POST /watch/49415098/1?page-url=https%3A%2F%2Fxfantazy.com%2Fvideo%2F6256b6895a615f1d0cf9c694&charset=utf-8&hittoken=1671540586_c5882cbf6aa2edc4a53c40f149293d768e3d9a8e7bd142b5a8353d6f13bf35b9&browser-info=pa%3A1%3Aar%3A1%3Avf%3A14qzoz81s4a176hik6jd9j%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A951%3Acn%3A1%3Adp%3A0%3Als%3A714245273165%3Ahid%3A768118441%3Az%3A0%3Ai%3A20221220124948%3Aet%3A1671540588%3Ac%3A1%3Arn%3A63527385%3Arqn%3A9%3Au%3A1671540586810168765%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Aco%3A0%3Aeu%3A1%3Ans%3A1671540583952%3Aadb%3A2%3Ast%3A1671540588&t=gdpr(14)mc(p-6-h-1)clc(0-0-0)rqnt(9)aw(1)ecs(1)ti(2) HTTP/1.1
Host: mc.yandex.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Content-Length: 39
Origin: https://xfantazy.com
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-length: 43
date: Tue, 20 Dec 2022 12:49:48 GMT
access-control-allow-origin: https://xfantazy.com
access-control-allow-credentials: true
pragma: no-cache
x-xss-protection: 1; mode=block
expires: Tue, 20-Dec-2022 12:49:48 GMT
last-modified: Tue, 20-Dec-2022 12:49:48 GMT
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
content-type: image/gif
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
ocsp.pki.goog/s/gts1p5/lwa0GjFbdPI
142.250.74.131200 OK 471 B URL HTTP/1.1 ocsp.pki.goog/s/gts1p5/lwa0GjFbdPI
IP 142.250.74.131:0
Hash bd2f934775b77b34dc35c5af017a591b
7ea50708bb31bf8435db4dca1370e9a87f74e074
bd10f7f7220e1cc37f33b3b0474b41afa2613eaba20696099ba0366030895bc4
POST /s/gts1p5/lwa0GjFbdPI HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 20 Dec 2022 12:49:48 GMT
Cache-Control: public, max-age=14400
Server: scaffolding on HTTPServer2
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
mc.yandex.ru/watch/49415098?page-url=https%3A%2F%2Fxfantazy.com%2Fvideo%2F6256b6895a615f1d0cf9c694&charset=utf-8&hittoken=1671540586_c5882cbf6aa2edc4a53c40f149293d768e3d9a8e7bd142b5a8353d6f13bf35b9&browser-info=pv%3A1%3Aar%3A1%3Avf%3A14qzoz81s4a176hik6jd9j%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A951%3Acn%3A1%3Adp%3A0%3Als%3A714245273165%3Ahid%3A768118441%3Az%3A0%3Ai%3A20221220124948%3Aet%3A1671540588%3Ac%3A1%3Arn%3A613193664%3Arqn%3A8%3Au%3A1671540586810168765%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Aco%3A0%3Aeu%3A1%3Ans%3A1671540583952%3Aadb%3A2%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1671540588%3At%3Afree%20porn%20video%2028%20Alina%20Lopez%20in%20All%20About%20Alina%20-%20teen%20-%20teen%20-%20XFantazy.com&t=gdpr(14)mc(p-6)clc(0-0-0)rqnt(8)aw(1)ecs(1)fip(1)ti(2)
87.250.251.119302 Found 43 B URL HTTP/2 mc.yandex.ru/watch/49415098?page-url=https%3A%2F%2Fxfantazy.com%2Fvideo%2F6256b6895a615f1d0cf9c694&charset=utf-8&hittoken=1671540586_c5882cbf6aa2edc4a53c40f149293d768e3d9a8e7bd142b5a8353d6f13bf35b9&browser-info=pv%3A1%3Aar%3A1%3Avf%3A14qzoz81s4a176hik6jd9j%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A951%3Acn%3A1%3Adp%3A0%3Als%3A714245273165%3Ahid%3A768118441%3Az%3A0%3Ai%3A20221220124948%3Aet%3A1671540588%3Ac%3A1%3Arn%3A613193664%3Arqn%3A8%3Au%3A1671540586810168765%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Aco%3A0%3Aeu%3A1%3Ans%3A1671540583952%3Aadb%3A2%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1671540588%3At%3Afree%20porn%20video%2028%20Alina%20Lopez%20in%20All%20About%20Alina%20-%20teen%20-%20teen%20-%20XFantazy.com&t=gdpr(14)mc(p-6)clc(0-0-0)rqnt(8)aw(1)ecs(1)fip(1)ti(2)
IP 87.250.251.119:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash df3e567d6f16d040326c7a0ea29a4f41
ea7df583983133b62712b5e73bffbcd45cc53736
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
GET /watch/49415098?page-url=https%3A%2F%2Fxfantazy.com%2Fvideo%2F6256b6895a615f1d0cf9c694&charset=utf-8&hittoken=1671540586_c5882cbf6aa2edc4a53c40f149293d768e3d9a8e7bd142b5a8353d6f13bf35b9&browser-info=pv%3A1%3Aar%3A1%3Avf%3A14qzoz81s4a176hik6jd9j%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A951%3Acn%3A1%3Adp%3A0%3Als%3A714245273165%3Ahid%3A768118441%3Az%3A0%3Ai%3A20221220124948%3Aet%3A1671540588%3Ac%3A1%3Arn%3A613193664%3Arqn%3A8%3Au%3A1671540586810168765%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Aco%3A0%3Aeu%3A1%3Ans%3A1671540583952%3Aadb%3A2%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1671540588%3At%3Afree%20porn%20video%2028%20Alina%20Lopez%20in%20All%20About%20Alina%20-%20teen%20-%20teen%20-%20XFantazy.com&t=gdpr(14)mc(p-6)clc(0-0-0)rqnt(8)aw(1)ecs(1)fip(1)ti(2) HTTP/1.1
Host: mc.yandex.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://xfantazy.com
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 302 Found
location: /watch/49415098/1?page-url=https%3A%2F%2Fxfantazy.com%2Fvideo%2F6256b6895a615f1d0cf9c694&charset=utf-8&hittoken=1671540586_c5882cbf6aa2edc4a53c40f149293d768e3d9a8e7bd142b5a8353d6f13bf35b9&browser-info=pv%3A1%3Aar%3A1%3Avf%3A14qzoz81s4a176hik6jd9j%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A951%3Acn%3A1%3Adp%3A0%3Als%3A714245273165%3Ahid%3A768118441%3Az%3A0%3Ai%3A20221220124948%3Aet%3A1671540588%3Ac%3A1%3Arn%3A613193664%3Arqn%3A8%3Au%3A1671540586810168765%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Aco%3A0%3Aeu%3A1%3Ans%3A1671540583952%3Aadb%3A2%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1671540588%3At%3Afree%20porn%20video%2028%20Alina%20Lopez%20in%20All%20About%20Alina%20-%20teen%20-%20teen%20-%20XFantazy.com&t=gdpr%2814%29mc%28p-6%29clc%280-0-0%29rqnt%288%29aw%281%29ecs%281%29fip%281%29ti%282%29
date: Tue, 20 Dec 2022 12:49:48 GMT
access-control-allow-origin: https://xfantazy.com
set-cookie: yabs-sid=1470602791671540588; Path=/; SameSite=None; Secure
i=RiDfzQ8pjqfiexIHbkv7ZmlCIfmyIp+vHBsZ9Y10+codNUKa4TWgsOJl+bnHenSh+ZgorY+o0x1Ub/wa3BTDbvCygmo=; Expires=Fri, 17-Dec-2032 12:49:43 GMT; Domain=.yandex.ru; Path=/; Secure; HttpOnly; SameSite=None
yandexuid=6670119931671540588; Expires=Wed, 20-Dec-2023 12:49:48 GMT; Domain=.yandex.ru; Path=/; SameSite=None; Secure
yuidss=6670119931671540588; Expires=Wed, 20-Dec-2023 12:49:48 GMT; Domain=.yandex.ru; Path=/; SameSite=None; Secure
ymex=1703076588.yc.1671540588#1703076588.yrts.1671540588#1703076588.yrtsi.1671540588; Expires=Wed, 20-Dec-2023 12:49:48 GMT; Domain=.yandex.ru; Path=/; SameSite=None; Secure
access-control-allow-credentials: true
pragma: no-cache
x-xss-protection: 1; mode=block
expires: Tue, 20-Dec-2022 12:49:48 GMT
last-modified: Tue, 20-Dec-2022 12:49:48 GMT
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
ocsp.pki.goog/s/gts1p5/lwa0GjFbdPI
142.250.74.131200 OK 1.2 kB URL HTTP/1.1 ocsp.pki.goog/s/gts1p5/lwa0GjFbdPI
IP 142.250.74.131:0
Hash 37efca3b80c1fe8c62ff2c7291e9037b
1070892afe20e4ee872b69f95682c6235557fdff
cee56886f8c92000c54b3d25d39ba54453d54cb70a7472640699e85537d4a973
POST /s/gts1p5/lwa0GjFbdPI HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 20 Dec 2022 12:49:48 GMT
Cache-Control: public, max-age=14400
Server: scaffolding on HTTPServer2
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/s/gts1p5/lwa0GjFbdPI
142.250.74.131200 OK 471 B URL HTTP/1.1 ocsp.pki.goog/s/gts1p5/lwa0GjFbdPI
IP 142.250.74.131:0
Hash bd2f934775b77b34dc35c5af017a591b
7ea50708bb31bf8435db4dca1370e9a87f74e074
bd10f7f7220e1cc37f33b3b0474b41afa2613eaba20696099ba0366030895bc4
POST /s/gts1p5/lwa0GjFbdPI HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 20 Dec 2022 12:49:48 GMT
Cache-Control: public, max-age=14400
Server: scaffolding on HTTPServer2
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
officialbanisters.com/pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fnotifications%2Frtb%2Fsocial%2Ffacebook%2F1-1%2Fjs%2Fscript.js&l=802&fd=42
192.243.59.13200 OK 0 B URL HTTP/1.1 officialbanisters.com/pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fnotifications%2Frtb%2Fsocial%2Ffacebook%2F1-1%2Fjs%2Fscript.js&l=802&fd=42
IP 192.243.59.13:0
ASN #39572 DataWeb Global Group B.V.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fnotifications%2Frtb%2Fsocial%2Ffacebook%2F1-1%2Fjs%2Fscript.js&l=802&fd=42 HTTP/1.1
Host: officialbanisters.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Cookie: u_pl=17661735; uid_id2=65782ba5-1458-4762-b993-c2593eacb39c:1:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.17.6
Date: Tue, 20 Dec 2022 12:49:48 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
parrecleftne.xyz/NkhPcGpXKiwdVVd1LVYfRCRyVVhwbX02DgU8d0cFWSd/RlMBOHdeCVonOhQMRCchBERYLTtVWHAGHCcCBCt9ORt0MCgmMmJ4DTUBAyopHAZmGgkUHHcvGhMuciQZPTtvCQ0jJHEKJT0dYwkKNjhyeBw1AQMbLQc7bgAeJlpiIAIUK24aFSUofw8EQTx1Hh0pX3Qwfj8sTysCNRJjBAUHWmUeHRMFYBo8Ey11CQo3AnwAKglfchAZOhlhIxUSLGUJCDUCQR4AG1tzGTgHU2IdHTQ/BSQIIgZsGgxAW3MZNyUNdCMNODgFJz4lWnAbAiZfdR4jNSZiHWIiLnMMdj44YgIbFTwHER5AHkUfJCk/dDEgNC1gEh40W0YPHhwgAx8aKilkezspL3QnHjwrAhIMQA4BBCQULmB6Kyk/dxIpFSsQIjwfBEZ1CAUIegN/BTtPcDgG
54.230.111.73200 OK 1.2 kB URL HTTP/2 parrecleftne.xyz/NkhPcGpXKiwdVVd1LVYfRCRyVVhwbX02DgU8d0cFWSd/RlMBOHdeCVonOhQMRCchBERYLTtVWHAGHCcCBCt9ORt0MCgmMmJ4DTUBAyopHAZmGgkUHHcvGhMuciQZPTtvCQ0jJHEKJT0dYwkKNjhyeBw1AQMbLQc7bgAeJlpiIAIUK24aFSUofw8EQTx1Hh0pX3Qwfj8sTysCNRJjBAUHWmUeHRMFYBo8Ey11CQo3AnwAKglfchAZOhlhIxUSLGUJCDUCQR4AG1tzGTgHU2IdHTQ/BSQIIgZsGgxAW3MZNyUNdCMNODgFJz4lWnAbAiZfdR4jNSZiHWIiLnMMdj44YgIbFTwHER5AHkUfJCk/dDEgNC1gEh40W0YPHhwgAx8aKilkezspL3QnHjwrAhIMQA4BBCQULmB6Kyk/dxIpFSsQIjwfBEZ1CAUIegN/BTtPcDgG
IP 54.230.111.73:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (3041), with no line terminators
Hash 4ed0e72c3843b75374d334594268f6e1
c2160d531de103fb97990f803fa2d41253b84a18
16c137a61dda938b920f31ce271987e325c7a7e204441595641dc802d1b9b608
GET /NkhPcGpXKiwdVVd1LVYfRCRyVVhwbX02DgU8d0cFWSd/RlMBOHdeCVonOhQMRCchBERYLTtVWHAGHCcCBCt9ORt0MCgmMmJ4DTUBAyopHAZmGgkUHHcvGhMuciQZPTtvCQ0jJHEKJT0dYwkKNjhyeBw1AQMbLQc7bgAeJlpiIAIUK24aFSUofw8EQTx1Hh0pX3Qwfj8sTysCNRJjBAUHWmUeHRMFYBo8Ey11CQo3AnwAKglfchAZOhlhIxUSLGUJCDUCQR4AG1tzGTgHU2IdHTQ/BSQIIgZsGgxAW3MZNyUNdCMNODgFJz4lWnAbAiZfdR4jNSZiHWIiLnMMdj44YgIbFTwHER5AHkUfJCk/dDEgNC1gEh40W0YPHhwgAx8aKilkezspL3QnHjwrAhIMQA4BBCQULmB6Kyk/dxIpFSsQIjwfBEZ1CAUIegN/BTtPcDgG HTTP/1.1
Host: parrecleftne.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/html
content-length: 1193
date: Tue, 20 Dec 2022 12:49:48 GMT
server: openresty/1.17.8.2
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
content-encoding: gzip
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
x-cache: Miss from cloudfront
via: 1.1 227a1815a1677b9cf6dd587e443000b8.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: q62fs4-c5DsDlIJHg-qQbrNUxtk5Nzn7_K5nYJZl2BeL4KCxV7Ju8w==
X-Firefox-Spdy: h2
parrecleftne.xyz/dU9aWlkULTk3ZhRyOHwsByNnf2szamgcPUY7Ym02GiBqbGBCP2J0OhkgLz4/ByA0LncbKi5/azMHDDEpOiwfA2g/HBsNPCYGMBEyRGpoHAA9J39oGyQXCC0QMX88ERovfBYtHEYWIhM/MiEbHB00AjQ5G00VOxsITQI0PnxHDQwzNkYFGTYXLAsXMRUgfmk5GgY+HzQtHC0eKQsQNSk2FzckKxUwAT0LPRsfFRJvDxEIADMWJyQ1FzAgehtoFx4qMxscLH0IbD9FDTUANEx2FzcXHiowMQM+CBh/azcuahccFnwyf2s3DBIYMBd8aiMARx1sChgvJQALLVB9HAsRO3s/N3QRGT4dAAEEIhctOhhjYhcbHTc/akAOPmgDQi5qEGs4DBdiHyYObxc0AQwbHT1DKmtvaxYLYyAIJGkwKTYbP2c7KAR6AgszQxwcFw5DBgk
54.230.111.73200 OK 1.2 kB URL HTTP/2 parrecleftne.xyz/dU9aWlkULTk3ZhRyOHwsByNnf2szamgcPUY7Ym02GiBqbGBCP2J0OhkgLz4/ByA0LncbKi5/azMHDDEpOiwfA2g/HBsNPCYGMBEyRGpoHAA9J39oGyQXCC0QMX88ERovfBYtHEYWIhM/MiEbHB00AjQ5G00VOxsITQI0PnxHDQwzNkYFGTYXLAsXMRUgfmk5GgY+HzQtHC0eKQsQNSk2FzckKxUwAT0LPRsfFRJvDxEIADMWJyQ1FzAgehtoFx4qMxscLH0IbD9FDTUANEx2FzcXHiowMQM+CBh/azcuahccFnwyf2s3DBIYMBd8aiMARx1sChgvJQALLVB9HAsRO3s/N3QRGT4dAAEEIhctOhhjYhcbHTc/akAOPmgDQi5qEGs4DBdiHyYObxc0AQwbHT1DKmtvaxYLYyAIJGkwKTYbP2c7KAR6AgszQxwcFw5DBgk
IP 54.230.111.73:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (3028), with no line terminators
Hash 4ad31ba99766f086c004b39e604f7020
e20a489ba08036076ed726999c4e6783489ad79a
8d8f1d2a4d8a1fdd3fb0daffa6506874ff1fcb1282cbccf906f4224f04882b07
GET /dU9aWlkULTk3ZhRyOHwsByNnf2szamgcPUY7Ym02GiBqbGBCP2J0OhkgLz4/ByA0LncbKi5/azMHDDEpOiwfA2g/HBsNPCYGMBEyRGpoHAA9J39oGyQXCC0QMX88ERovfBYtHEYWIhM/MiEbHB00AjQ5G00VOxsITQI0PnxHDQwzNkYFGTYXLAsXMRUgfmk5GgY+HzQtHC0eKQsQNSk2FzckKxUwAT0LPRsfFRJvDxEIADMWJyQ1FzAgehtoFx4qMxscLH0IbD9FDTUANEx2FzcXHiowMQM+CBh/azcuahccFnwyf2s3DBIYMBd8aiMARx1sChgvJQALLVB9HAsRO3s/N3QRGT4dAAEEIhctOhhjYhcbHTc/akAOPmgDQi5qEGs4DBdiHyYObxc0AQwbHT1DKmtvaxYLYyAIJGkwKTYbP2c7KAR6AgszQxwcFw5DBgk HTTP/1.1
Host: parrecleftne.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: text/html
content-length: 1182
date: Tue, 20 Dec 2022 12:49:48 GMT
server: openresty/1.17.8.2
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
content-encoding: gzip
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
x-cache: Miss from cloudfront
via: 1.1 227a1815a1677b9cf6dd587e443000b8.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: cefRwaLvxTl2MnH5AZiLS_oy4L3gtHXJR107YmPvorDT5hQu5FimnQ==
X-Firefox-Spdy: h2
ndblowthroug.info/M3R2cWUcSxUCWFEzQyEqdTIjJlZEPiwdCWoQAR0OZDISRCFeMVAFDFdJT0ZUCkNDVxVaEEtCVxUHAhARRgdLQ1UDQ1AYC1UbS0BDRUlGX10dRUNfVRUBS0BDRwQXFlgCUgYFEV9JR0dSAkFCQVALTEZJUw
172.67.129.30204 No Content 0 B URL HTTP/2 ndblowthroug.info/M3R2cWUcSxUCWFEzQyEqdTIjJlZEPiwdCWoQAR0OZDISRCFeMVAFDFdJT0ZUCkNDVxVaEEtCVxUHAhARRgdLQ1UDQ1AYC1UbS0BDRUlGX10dRUNfVRUBS0BDRwQXFlgCUgYFEV9JR0dSAkFCQVALTEZJUw
IP 172.67.129.30:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /M3R2cWUcSxUCWFEzQyEqdTIjJlZEPiwdCWoQAR0OZDISRCFeMVAFDFdJT0ZUCkNDVxVaEEtCVxUHAhARRgdLQ1UDQ1AYC1UbS0BDRUlGX10dRUNfVRUBS0BDRwQXFlgCUgYFEV9JR0dSAkFCQVALTEZJUw HTTP/1.1
Host: ndblowthroug.info
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 204 No Content
date: Tue, 20 Dec 2022 12:49:48 GMT
access-control-allow-origin: *
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=uh7aJUacDC8jWnznu5Bip7HgkcbBQT07OxAUCQ5X4XmeY3FYgbt9X8HhsYWwFjnJcq45ovv1DwM5diB5A67zZjxBWzjwH7kRpb620TuG4lTALutK3UcaXAR6qqzrC0ngdMbgqg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 77c88003bac40b31-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
parrecleftne.xyz/S3g2dDYqGlUZCSpFVFJDORQLUQQNXQQyUngMDkNZJBcGQg98CA5aVScXQxBQORdYABglHUJRBA09YiJ8JDZdPUMbKWwlUB8TATB3P09TRnQSOgUuRAQ6Qi56D0lAN2B/H3ANURIbXj1uLzpOOXwlOl8gWiQSfw5gHT11F1wGLmM8bAgPBDdRP0pXDW8SL2UYQQAQWjx6IRtMMGA4AHgsZy8uBUxRGyp8EnoiPUwgZxo9UzxOEj0FNg8uEA8SeggTDzwGHRZQRn8MKVsQE3k+bxhdDBp+RQUcS2QaUHkxUCxPM09sHwYNOXEcURw9A0RTExxUEHEvXQQybyNVRjVseExiI2cRS29GfAk9BTYPBSkHIn0YMgUjWAkPUCN4EjpYOg8SSAYxVSILATNaBhN/HUYFOncmDhIUBi1VJgtYImcoXlwHWSUICxVeKSJMBHIbIg
54.230.111.73200 OK 1.2 kB URL HTTP/2 parrecleftne.xyz/S3g2dDYqGlUZCSpFVFJDORQLUQQNXQQyUngMDkNZJBcGQg98CA5aVScXQxBQORdYABglHUJRBA09YiJ8JDZdPUMbKWwlUB8TATB3P09TRnQSOgUuRAQ6Qi56D0lAN2B/H3ANURIbXj1uLzpOOXwlOl8gWiQSfw5gHT11F1wGLmM8bAgPBDdRP0pXDW8SL2UYQQAQWjx6IRtMMGA4AHgsZy8uBUxRGyp8EnoiPUwgZxo9UzxOEj0FNg8uEA8SeggTDzwGHRZQRn8MKVsQE3k+bxhdDBp+RQUcS2QaUHkxUCxPM09sHwYNOXEcURw9A0RTExxUEHEvXQQybyNVRjVseExiI2cRS29GfAk9BTYPBSkHIn0YMgUjWAkPUCN4EjpYOg8SSAYxVSILATNaBhN/HUYFOncmDhIUBi1VJgtYImcoXlwHWSUICxVeKSJMBHIbIg
IP 54.230.111.73:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (3035), with no line terminators
Hash 940c214fbc15b00ab51287a7d381c574
5608089ead146aed8e139d063022c8c788130f3e
3218042b9232c390fd08ef6e8dd18813c0d90c653515f4d8bd275587233cb01c
GET /S3g2dDYqGlUZCSpFVFJDORQLUQQNXQQyUngMDkNZJBcGQg98CA5aVScXQxBQORdYABglHUJRBA09YiJ8JDZdPUMbKWwlUB8TATB3P09TRnQSOgUuRAQ6Qi56D0lAN2B/H3ANURIbXj1uLzpOOXwlOl8gWiQSfw5gHT11F1wGLmM8bAgPBDdRP0pXDW8SL2UYQQAQWjx6IRtMMGA4AHgsZy8uBUxRGyp8EnoiPUwgZxo9UzxOEj0FNg8uEA8SeggTDzwGHRZQRn8MKVsQE3k+bxhdDBp+RQUcS2QaUHkxUCxPM09sHwYNOXEcURw9A0RTExxUEHEvXQQybyNVRjVseExiI2cRS29GfAk9BTYPBSkHIn0YMgUjWAkPUCN4EjpYOg8SSAYxVSILATNaBhN/HUYFOncmDhIUBi1VJgtYImcoXlwHWSUICxVeKSJMBHIbIg HTTP/1.1
Host: parrecleftne.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: text/html
content-length: 1187
date: Tue, 20 Dec 2022 12:49:48 GMT
server: openresty/1.17.8.2
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
content-encoding: gzip
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
x-cache: Miss from cloudfront
via: 1.1 227a1815a1677b9cf6dd587e443000b8.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: quOwK1o1M-4xnRNk81O53RwW01KPdqGOpIM0rJ8cunOr46zuKqn5Gw==
X-Firefox-Spdy: h2
officialbanisters.com/pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.barscreative1.com%2Fsb%2Fnotifications%2Frtb%2Fandroid%2F2%2Findex.html&l=1116&fd=38
192.243.59.13200 OK 0 B URL HTTP/1.1 officialbanisters.com/pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.barscreative1.com%2Fsb%2Fnotifications%2Frtb%2Fandroid%2F2%2Findex.html&l=1116&fd=38
IP 192.243.59.13:0
ASN #39572 DataWeb Global Group B.V.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.barscreative1.com%2Fsb%2Fnotifications%2Frtb%2Fandroid%2F2%2Findex.html&l=1116&fd=38 HTTP/1.1
Host: officialbanisters.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Cookie: u_pl=17661735; uid_id2=65782ba5-1458-4762-b993-c2593eacb39c:1:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.17.6
Date: Tue, 20 Dec 2022 12:49:48 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
a.naturalhealthsource.club/api/settings/289411
135.181.208.216200 OK 53 B URL HTTP/2 a.naturalhealthsource.club/api/settings/289411
IP 135.181.208.216:0
ASN #24940 Hetzner Online GmbH
File type JSON data\012- , ASCII text, with no line terminators
Hash 74c23c47d95b21ebd5c9d99d218acdb3
46380fd05437327dc917cbc3dade9d20d02b2601
a40005b2fb25878369adce9dee810f6ef75acc2790a850bbacd0f6a6aac1e3da
GET /api/settings/289411 HTTP/1.1
Host: a.naturalhealthsource.club
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://xfantazy.com/
Origin: https://xfantazy.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Tue, 20 Dec 2022 12:49:46 GMT
content-type: application/json
vary: Accept-Encoding
access-control-allow-origin: *
cache-control: private
content-encoding: gzip
X-Firefox-Spdy: h2
ndblowthroug.info/OXZCNDQWSSFHCWMYMnF6fxInYAdaMBtyenQQA2JdbB0MTXVUFWRAXV1LewMFAEF3EkRQEn8HBh8FNlVATAV/BRJQGCRbCR8AfwQaAVhzARoJUDcJBR8CMlVTBEdkREBNGn8FAg5HdwAEDE56BAwM
172.67.129.30204 No Content 0 B URL HTTP/2 ndblowthroug.info/OXZCNDQWSSFHCWMYMnF6fxInYAdaMBtyenQQA2JdbB0MTXVUFWRAXV1LewMFAEF3EkRQEn8HBh8FNlVATAV/BRJQGCRbCR8AfwQaAVhzARoJUDcJBR8CMlVTBEdkREBNGn8FAg5HdwAEDE56BAwM
IP 172.67.129.30:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /OXZCNDQWSSFHCWMYMnF6fxInYAdaMBtyenQQA2JdbB0MTXVUFWRAXV1LewMFAEF3EkRQEn8HBh8FNlVATAV/BRJQGCRbCR8AfwQaAVhzARoJUDcJBR8CMlVTBEdkREBNGn8FAg5HdwAEDE56BAwM HTTP/1.1
Host: ndblowthroug.info
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 204 No Content
date: Tue, 20 Dec 2022 12:49:48 GMT
access-control-allow-origin: *
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=hr40DDxGg7tL%2B0qCFFYIs9E6f3YYnO84Lxaph3osXxaHTxYBVOpATl1PWA8G87lO9yeBBFoSUPlY%2FXw2RWmeuLBbFvC6l88BzyOkwWumt11OHFQ9SztkF%2Bq0bWYcCCJgXH62%2BA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 77c880043b2d0b31-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ndblowthroug.info/cFRhUWJfawIiXycDJxM4HSwXB1E6AzYWCiMxNwc7EmU7YzQmAUclCxRpWGdQQGVVdxIZMFxgRAMgACUXA2lQdwseMg5sRAZpUH9RRHpSYExCchRsU1YgETAFTWVHIRYEOFxgVEdlVGVSRWxZYFFB
172.67.129.30204 No Content 0 B URL HTTP/2 ndblowthroug.info/cFRhUWJfawIiXycDJxM4HSwXB1E6AzYWCiMxNwc7EmU7YzQmAUclCxRpWGdQQGVVdxIZMFxgRAMgACUXA2lQdwseMg5sRAZpUH9RRHpSYExCchRsU1YgETAFTWVHIRYEOFxgVEdlVGVSRWxZYFFB
IP 172.67.129.30:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /cFRhUWJfawIiXycDJxM4HSwXB1E6AzYWCiMxNwc7EmU7YzQmAUclCxRpWGdQQGVVdxIZMFxgRAMgACUXA2lQdwseMg5sRAZpUH9RRHpSYExCchRsU1YgETAFTWVHIRYEOFxgVEdlVGVSRWxZYFFB HTTP/1.1
Host: ndblowthroug.info
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 204 No Content
date: Tue, 20 Dec 2022 12:49:48 GMT
access-control-allow-origin: *
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=awyHwWjTSpXdMEnC6V6zL2URgQ8Q3C57pxKP8c1VTCa6qT0%2FGhmYIk5jY716wP4Fooezw1WaG1dBugrkfcWhE9A1eIpKkzaO7QM%2FW9gHMtZ4DvxDJmWDsZ3vGxB0jw1J5eDg0Q%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 77c880043b2f0b31-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
cdn.creative-bars1.com/sb/notifications/rtb/android/2/img/close.svg
172.64.109.13200 OK 575 B URL HTTP/2 cdn.creative-bars1.com/sb/notifications/rtb/android/2/img/close.svg
IP 172.64.109.13:0
File type SVG Scalable Vector Graphics image\012- XML 1.0 document text\012- XML document text\012- exported SGML document, ASCII text
Hash d2cea77484381e5d11e3df8b69b0245f
dcd7eca145623980b721cb9e44659929a997e53a
5a9abdd3fd6c33f75e17483bc1afa61d82abb6b2f5131e8af0f83f9d572f8a47
GET /sb/notifications/rtb/android/2/img/close.svg HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Tue, 20 Dec 2022 12:49:48 GMT
content-type: image/svg+xml
last-modified: Wed, 27 Jan 2021 16:00:49 GMT
etag: W/"60118e31-4ff"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 3020320
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=nd1TgNd%2Fg0G5%2FByBZe8o4WPZvEjHnFXdsVaXeWTN14S5AgRLQcR%2BxbcpRizktspZX02W5WVyREwVUTx4j15FK%2FXYjiJwPZqMOa2pcn%2Bx8h1nHCHOw4ODdHQVcdz%2BSRqLQ09htRXJbRZC"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 77c880049a520662-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
d3t87ooo0697p8.cloudfront.net/NSWh2c2IqBxgVXT0BEk5bfllPRFdvAgUcDDlVMQYABSNGBjMwUAEFRD0SEk5SbwQXHQV0ThMdAXRZUBIGK1VCVRY5Bx1OFycMExULJw0SVRcoVRscGCAEGhJHey5DXVJsWkZbFSAGEhwVOk1EQww9TURDU3lGRlZRC01EQxUgBkBHR3oqU0FSMV5CVlELTU-RDED9NRTJTeV1YQ0tsWkYUByoDGVZQD1pGQlJ5WUZCR3tYEBoQLA4ZC0d7LkdDV2dYUAZfeA
143.204.42.94200 OK 328 B URL HTTP/2 d3t87ooo0697p8.cloudfront.net/NSWh2c2IqBxgVXT0BEk5bfllPRFdvAgUcDDlVMQYABSNGBjMwUAEFRD0SEk5SbwQXHQV0ThMdAXRZUBIGK1VCVRY5Bx1OFycMExULJw0SVRcoVRscGCAEGhJHey5DXVJsWkZbFSAGEhwVOk1EQww9TURDU3lGRlZRC01EQxUgBkBHR3oqU0FSMV5CVlELTU-RDED9NRTJTeV1YQ0tsWkYUByoDGVZQD1pGQlJ5WUZCR3tYEBoQLA4ZC0d7LkdDV2dYUAZfeA
IP 143.204.42.94:0
File type ASCII text, with very long lines (416), with no line terminators
Hash 5e643da7099c4e85893a2d83676ee467
14434a6e1cf9097140622c1125bca6197dd89496
92c1d8a284b6d5ba45f1dd37bea8968e93b9dc5d913551709781d61039d08942
GET /NSWh2c2IqBxgVXT0BEk5bfllPRFdvAgUcDDlVMQYABSNGBjMwUAEFRD0SEk5SbwQXHQV0ThMdAXRZUBIGK1VCVRY5Bx1OFycMExULJw0SVRcoVRscGCAEGhJHey5DXVJsWkZbFSAGEhwVOk1EQww9TURDU3lGRlZRC01EQxUgBkBHR3oqU0FSMV5CVlELTU-RDED9NRTJTeV1YQ0tsWkYUByoDGVZQD1pGQlJ5WUZCR3tYEBoQLA4ZC0d7LkdDV2dYUAZfeA HTTP/1.1
Host: d3t87ooo0697p8.cloudfront.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://parrecleftne.xyz/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-length: 328
date: Tue, 20 Dec 2022 12:49:48 GMT
access-control-allow-origin: *
cache-control: max-age=31556926
content-encoding: gzip
x-cache: Miss from cloudfront
via: 1.1 f66e3db0f0449307dba3fbf72bbf3bac.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: aRK-VWDfX1-TQV5niQiU4IDsQfaK-hXmLA1c5P6H1UfMH0D3mVNKmg==
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash f47f5a3b2c2c60219cc56d37b8a0e324
d4fbcecbf7f8636b158f189a833bb9f71fec70ba
ae8c47219ffa27ea633e4462d3162fcc41c62a910f32bbe2f58528c068a0ffde
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "AE8C47219FFA27EA633E4462D3162FCC41C62A910F32BBE2F58528C068A0FFDE"
Last-Modified: Sun, 18 Dec 2022 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4305
Expires: Tue, 20 Dec 2022 14:01:33 GMT
Date: Tue, 20 Dec 2022 12:49:48 GMT
Connection: keep-alive
cdn.creative-bars1.com/sb/notifications/rtb/android/2/js/script.js
172.64.109.13200 OK 376 B URL HTTP/2 cdn.creative-bars1.com/sb/notifications/rtb/android/2/js/script.js
IP 172.64.109.13:0
Hash 6f9125197bccac8189641c442c007e91
77f0d831fadf9233f618eeda6b9329adbd054057
30f68fdb5420d687ce8905b23de6e9266dd8be1d653a54fc5bf4d8527e60f1ec
GET /sb/notifications/rtb/android/2/js/script.js HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://xfantazy.com
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Tue, 20 Dec 2022 12:49:48 GMT
content-type: application/javascript
last-modified: Wed, 27 Jan 2021 16:00:51 GMT
etag: W/"60118e33-181"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 3020298
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Vyd451JjjusDzkZ%2FYE%2F6Ip%2BoGmQgoJlhFLWTsv6jdyAwfJFW9%2BS%2FuGBuf2j2Zv2fq19Xvo0MdgY9mfXfN1b%2FOVitfZrQ4zbFqBSfmOhcQk2kDzcpPycfE%2FTHFBUho3sACyFOnnIYNYZZ"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 77c88003e9c00662-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
officialbanisters.com/pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fnotifications%2Frtb%2Fandroid%2F2%2Fcss%2Fanimate.css&l=79249&fd=49
192.243.59.13200 OK 0 B URL HTTP/1.1 officialbanisters.com/pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fnotifications%2Frtb%2Fandroid%2F2%2Fcss%2Fanimate.css&l=79249&fd=49
IP 192.243.59.13:0
ASN #39572 DataWeb Global Group B.V.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fnotifications%2Frtb%2Fandroid%2F2%2Fcss%2Fanimate.css&l=79249&fd=49 HTTP/1.1
Host: officialbanisters.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Cookie: u_pl=17661735; uid_id2=65782ba5-1458-4762-b993-c2593eacb39c:1:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.17.6
Date: Tue, 20 Dec 2022 12:49:48 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
ocsp.pki.goog/s/gts1p5/lwa0GjFbdPI
142.250.74.131200 OK 471 B URL HTTP/1.1 ocsp.pki.goog/s/gts1p5/lwa0GjFbdPI
IP 142.250.74.131:0
Hash bd2f934775b77b34dc35c5af017a591b
7ea50708bb31bf8435db4dca1370e9a87f74e074
bd10f7f7220e1cc37f33b3b0474b41afa2613eaba20696099ba0366030895bc4
POST /s/gts1p5/lwa0GjFbdPI HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 20 Dec 2022 12:49:48 GMT
Cache-Control: public, max-age=14400
Server: scaffolding on HTTPServer2
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
officialbanisters.com/pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fnotifications%2Frtb%2Fandroid%2F2%2Fjs%2Fscript.js&l=385&fd=49
192.243.59.13200 OK 0 B URL HTTP/1.1 officialbanisters.com/pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fnotifications%2Frtb%2Fandroid%2F2%2Fjs%2Fscript.js&l=385&fd=49
IP 192.243.59.13:0
ASN #39572 DataWeb Global Group B.V.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fnotifications%2Frtb%2Fandroid%2F2%2Fjs%2Fscript.js&l=385&fd=49 HTTP/1.1
Host: officialbanisters.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Cookie: u_pl=17661735; uid_id2=65782ba5-1458-4762-b993-c2593eacb39c:1:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.17.6
Date: Tue, 20 Dec 2022 12:49:48 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash dc42e8888911b1f352cc281c26b44e1e
6b4d3cec2daaec21b6af172283cdfd398394c251
22d9f36ba4e1b3932f8e0a1349f144054e5b9765282a2083d96cc91760520923
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 1553
Cache-Control: max-age=113490
Content-Type: application/ocsp-response
Date: Tue, 20 Dec 2022 12:49:48 GMT
Etag: "63a0c1ad-1d7"
Expires: Wed, 21 Dec 2022 20:21:18 GMT
Last-Modified: Mon, 19 Dec 2022 19:55:25 GMT
Server: ECS (ska/F70D)
X-Cache: HIT
Content-Length: 471
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash e99faf4df0069144aaba9b139321ebe6
3ab4783867d28368fa8423ca0c5588bb2a9c5ea0
2df00d9bb365b23cf4c61bd3267b82ae1b614a4a23638d1a88e41c37d6eadb2e
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 20 Dec 2022 12:49:48 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash e99faf4df0069144aaba9b139321ebe6
3ab4783867d28368fa8423ca0c5588bb2a9c5ea0
2df00d9bb365b23cf4c61bd3267b82ae1b614a4a23638d1a88e41c37d6eadb2e
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 20 Dec 2022 12:49:48 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
d3t87ooo0697p8.cloudfront.net/ETVJoNkIuPQZQfTk7DAt7e2BYB3ZrOBtZLD1vCV4gFygYchIXdBxMJnBiTlojIzVVECcjMVUHZCw2Cgt2ayYYWSlwKhlHLjczDVsxNXQdV38gPRJfLiEzTQQEeHxYE3B9eh9fLCk9H0Vnf2IGQmd/YlkGbH13W3Rnf2IfXyx7Zk0FAGhgWE50eXdbdGd/Yh-pAZ34TWQZ3Y2JBE3B9NQ1VKSJ3WnBwfWNYBnN9Y00Ecis7GlMkIipNBAR8Yl0YcmsnVQc
143.204.42.94200 OK 572 B URL HTTP/2 d3t87ooo0697p8.cloudfront.net/ETVJoNkIuPQZQfTk7DAt7e2BYB3ZrOBtZLD1vCV4gFygYchIXdBxMJnBiTlojIzVVECcjMVUHZCw2Cgt2ayYYWSlwKhlHLjczDVsxNXQdV38gPRJfLiEzTQQEeHxYE3B9eh9fLCk9H0Vnf2IGQmd/YlkGbH13W3Rnf2IfXyx7Zk0FAGhgWE50eXdbdGd/Yh-pAZ34TWQZ3Y2JBE3B9NQ1VKSJ3WnBwfWNYBnN9Y00Ecis7GlMkIipNBAR8Yl0YcmsnVQc
IP 143.204.42.94:0
File type ASCII text, with very long lines (821), with no line terminators
Hash cc9976c87926b781d04df10fffa619da
46c23d475a68392d322bda0171405ebb4ca90aaf
a649f9d612bba65c54abdc30c10bcd14a349d2ad603d5e5cfae0b1a597578bd2
GET /ETVJoNkIuPQZQfTk7DAt7e2BYB3ZrOBtZLD1vCV4gFygYchIXdBxMJnBiTlojIzVVECcjMVUHZCw2Cgt2ayYYWSlwKhlHLjczDVsxNXQdV38gPRJfLiEzTQQEeHxYE3B9eh9fLCk9H0Vnf2IGQmd/YlkGbH13W3Rnf2IfXyx7Zk0FAGhgWE50eXdbdGd/Yh-pAZ34TWQZ3Y2JBE3B9NQ1VKSJ3WnBwfWNYBnN9Y00Ecis7GlMkIipNBAR8Yl0YcmsnVQc HTTP/1.1
Host: d3t87ooo0697p8.cloudfront.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://parrecleftne.xyz/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-length: 572
date: Tue, 20 Dec 2022 12:49:48 GMT
access-control-allow-origin: *
cache-control: max-age=31556926
content-encoding: gzip
x-cache: Miss from cloudfront
via: 1.1 f66e3db0f0449307dba3fbf72bbf3bac.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: Ckyhu1g1xyg-lhep3Ij-NNsZu9lfOC6Z8uANPU3DaP3mjnzUm7lQsw==
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 95181902ad63c207f21a6e84780a7cf6
c7c93eab9ab4e7fdba0c874ce3b9336cd2356646
3fea1d64a4b16da52435b3a9766c1db7b11dcf7cd063add81c9d47427e24db83
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 20 Dec 2022 12:49:48 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
cdn.creative-bars1.com/sb/notifications/rtb/android/2/css/style.css
172.64.109.13200 OK 996 B URL HTTP/2 cdn.creative-bars1.com/sb/notifications/rtb/android/2/css/style.css
IP 172.64.109.13:0
Hash 7ef198bfac97e2f1c9252918fb04b6a1
74e66228ce0ed3d59bdcd34d44fc4b1558971790
6990995f3ec839161583c862880d7cf82bc8badfb1f289334b85be6ab928a569
GET /sb/notifications/rtb/android/2/css/style.css HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://xfantazy.com
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Tue, 20 Dec 2022 12:49:48 GMT
content-type: text/css
last-modified: Wed, 27 Jan 2021 16:00:47 GMT
etag: W/"60118e2f-d20"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 3020298
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=agz1uixuorbtaePRkCl2moP9aUUXG7ns%2BP9mspDVWpYOzMnPDXFw1L8oBCW3FtjTCEN2DhZ3JhFaNU4ctwltVcThCYwcTVaUF6O%2FEMxvTRByufqB1%2BluloAdv1OnOWLmw00g3JMNian4"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 77c88003e9b10662-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
click.pclk.name/thumbnail?i=sRE17*Acx88_0&imgt=icon
173.239.53.24302 Found 0 B URL HTTP/1.1 click.pclk.name/thumbnail?i=sRE17*Acx88_0&imgt=icon
IP 173.239.53.24:0
ASN #27257 WEBAIR-INTERNET
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /thumbnail?i=sRE17*Acx88_0&imgt=icon HTTP/1.1
Host: click.pclk.name
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
HTTP/1.1 302 Found
Cache-Control: no-store
Content-Length: 0
Age: 0
Connection: keep-alive
Location: https://us.doctorpost.net/metrics/save.img?event=impressions&bid-id=v2-1671540587295-7-8077-1178228-9ec2e0e9-b107-0035-3dd9-e5a3901c08d8&img=https%3A%2F%2Ftrack.trackingtraffo.com%2Fpush%2Fic%3Fauth%3Dpz6u78%26c%3Dkm1AEJOSWBb_L8dO681U_hcsZIIA8IqwpIaRZfFxSF0fz19c1vv2iTP3V7CKD74IectZ29-Xb8I-0c95ejjDPuzh8dRBfDqESzsvp2Qu3PxAw-O23_lDLiLoumK3HfykY9q6sIDXl6f1mJ4PUXneQlSI2bgD3oI8tmVCRm_OLFoaXIDR6DfejQvQT1HaK-9ffbuZuUNPwL21nctW4D3MNTNfYJOmVf6IFQY12MjeImj1yqQlmt8FIYo_bwuDEtFTVLhyN5VDoG5d0EtHZ9dBfdEcKKSTlkNHQD_pK6gXQgrJYd2-OU6QFAy5dyPIMcYEgNbjUOp9UERLHPk9leLAwxnKz7Tp8gL4SOxx2Y5FKoTDJfxste5dQ9a3xqJzvkim1QjthVSNfC_XobWt2oTHsBldfovn-8wzfyOPaiwrLOn6lYIMbhxsqfiJlpqRYcdt0ssw4Saxy-QLJktnR9gEkzRpcmuFqZR6iNVAR8cIHZtzj3k5nNWiAfL-zecE5v78hjZm24az8aIkxhzPmMKpwu5ZTXHTD0fYw5fNb1NjnLD1zsAv9bSbAPENDgj7duzMgyi8LOoC5c-iTP_p2nNvIohuOkOhZX496muDg4RqZdoNfPmY
Pragma: no-cache
parrecleftne.xyz/utx?cb=BymZvgWBU30T&top=xfantazy.com&tid=971975
54.230.111.73204 No Content 0 B URL HTTP/2 parrecleftne.xyz/utx?cb=BymZvgWBU30T&top=xfantazy.com&tid=971975
IP 54.230.111.73:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /utx?cb=BymZvgWBU30T&top=xfantazy.com&tid=971975 HTTP/1.1
Host: parrecleftne.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://xfantazy.com
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 204 No Content
date: Tue, 20 Dec 2022 12:49:48 GMT
server: openresty/1.17.8.2
access-control-allow-credentials: true
access-control-allow-origin: https://xfantazy.com
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
set-cookie: ut=x; Expires=Tue, 20 Dec 2022 12:50:48 GMT; Max-Age=60
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
x-cache: Miss from cloudfront
via: 1.1 227a1815a1677b9cf6dd587e443000b8.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: ko0KDVypi4Yc2GpdllxL-J7GkBeh6qa4QuoHNgVV8yXnVNovGxWVHA==
X-Firefox-Spdy: h2
parrecleftne.xyz/utx?cb=uUYVqBze2EYK&top=xfantazy.com&tid=962014
54.230.111.73204 No Content 0 B URL HTTP/2 parrecleftne.xyz/utx?cb=uUYVqBze2EYK&top=xfantazy.com&tid=962014
IP 54.230.111.73:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /utx?cb=uUYVqBze2EYK&top=xfantazy.com&tid=962014 HTTP/1.1
Host: parrecleftne.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://xfantazy.com
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 204 No Content
date: Tue, 20 Dec 2022 12:49:48 GMT
server: openresty/1.17.8.2
access-control-allow-credentials: true
access-control-allow-origin: https://xfantazy.com
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
set-cookie: ut=x; Expires=Tue, 20 Dec 2022 12:50:48 GMT; Max-Age=60
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
x-cache: Miss from cloudfront
via: 1.1 227a1815a1677b9cf6dd587e443000b8.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: qtvHAnuqBeN5-L-6MQF6OmJPYcYze6vkiRQWTpmXD4snLmefUO5I2w==
X-Firefox-Spdy: h2
accounts.google.com/ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&uilel=3&hl=en&service=mail
142.250.74.109302 Found 395 B URL HTTP/2 accounts.google.com/ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&uilel=3&hl=en&service=mail
IP 142.250.74.109:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (380)
Hash e86170582ce9c84b20d9196aad9cac91
78d092396a18dd84b782723ae7e56d399dc13a47
b53ad0b2ff62e3d2f2a04bcb3fd21237c045f90806c27416665c45f3cd4a2e62
GET /ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&uilel=3&hl=en&service=mail HTTP/1.1
Host: accounts.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
content-type: text/html; charset=UTF-8
x-frame-options: DENY
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Tue, 20 Dec 2022 12:49:48 GMT
location: https://accounts.google.com/v3/signin/identifier?dsh=S1393164377%3A1671540588523254&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&hl=en&passive=true&service=mail&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&ifkv=AeAAQh6RFhFTGOT9T61mx-E_68Fv-yC3ZG6TUJi5YtWl3wBsvg5pD7ND5z-26LcddP8dp87h-Uc5nA
strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: script-src 'nonce-LifvV6nzCVDZ47Sutn7XqA' 'unsafe-inline' 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /cspreport, require-trusted-types-for 'script';report-uri /cspreport
cross-origin-opener-policy-report-only: same-origin; report-to="coop_gse_qebhlk"
report-to: {"group":"coop_gse_qebhlk","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gse_qebhlk"}]}
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 395
server: GSE
set-cookie: __Host-GAPS=1:iZV_KBbtVM_vCPme347G35IyN2htYg:R0bA6ZwJSoC5RzB_;Path=/;Expires=Thu, 19-Dec-2024 12:49:48 GMT;Secure;HttpOnly;Priority=HIGH
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
accounts.google.com/ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&uilel=3&hl=en&service=youtube
142.250.74.109302 Found 396 B URL HTTP/2 accounts.google.com/ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&uilel=3&hl=en&service=youtube
IP 142.250.74.109:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (384)
Hash c9af3272572193cd9be71576a05c8f54
1d8ba7332e9078304e922d876d7e6286781198da
b420c3f66b1a3aa844253b598531fc82042fdbb92dc55e844c4004878bf3ca0c
GET /ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&uilel=3&hl=en&service=youtube HTTP/1.1
Host: accounts.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
content-type: text/html; charset=UTF-8
x-frame-options: DENY
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Tue, 20 Dec 2022 12:49:48 GMT
location: https://accounts.google.com/v3/signin/identifier?dsh=S1644684285%3A1671540588521892&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&hl=en&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&ifkv=AeAAQh74572kggftpAPBpu-8ogh2vtfgaMtSwcOlKEJUv9W0Oi56rF7lgTsFzzbEqBI-oLiDh7TURw
strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: require-trusted-types-for 'script';report-uri /cspreport, script-src 'nonce-8HkT-OER35JVKKswJZny8Q' 'unsafe-inline' 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /cspreport
report-to: {"group":"coop_gse_qebhlk","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gse_qebhlk"}]}
cross-origin-opener-policy-report-only: same-origin; report-to="coop_gse_qebhlk"
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 396
server: GSE
set-cookie: __Host-GAPS=1:nFANRGEXN_4z3EnyGaYcXsBnZm3H2A:UOj7vcYZyU330XYL;Path=/;Expires=Thu, 19-Dec-2024 12:49:48 GMT;Secure;HttpOnly;Priority=HIGH
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
e1.o.lencr.org/
95.101.11.115200 OK 346 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash 74b964efe850b3fe69f1286d15aad337
56dccbf88769a3297ba5e105053b54bddc58ffcf
ea02e75c95915ed16c0cc8627e9589a6dae8dbcbd7f1de42df0f307420e824ca
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 346
ETag: "EA02E75C95915ED16C0CC8627E9589A6DAE8DBCBD7F1DE42DF0F307420E824CA"
Last-Modified: Tue, 20 Dec 2022 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10026
Expires: Tue, 20 Dec 2022 15:36:54 GMT
Date: Tue, 20 Dec 2022 12:49:48 GMT
Connection: keep-alive
e1.o.lencr.org/
95.101.11.115200 OK 346 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash 74b964efe850b3fe69f1286d15aad337
56dccbf88769a3297ba5e105053b54bddc58ffcf
ea02e75c95915ed16c0cc8627e9589a6dae8dbcbd7f1de42df0f307420e824ca
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 346
ETag: "EA02E75C95915ED16C0CC8627E9589A6DAE8DBCBD7F1DE42DF0F307420E824CA"
Last-Modified: Tue, 20 Dec 2022 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10026
Expires: Tue, 20 Dec 2022 15:36:54 GMT
Date: Tue, 20 Dec 2022 12:49:48 GMT
Connection: keep-alive
e1.o.lencr.org/
95.101.11.115200 OK 346 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash 74b964efe850b3fe69f1286d15aad337
56dccbf88769a3297ba5e105053b54bddc58ffcf
ea02e75c95915ed16c0cc8627e9589a6dae8dbcbd7f1de42df0f307420e824ca
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 346
ETag: "EA02E75C95915ED16C0CC8627E9589A6DAE8DBCBD7F1DE42DF0F307420E824CA"
Last-Modified: Tue, 20 Dec 2022 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10026
Expires: Tue, 20 Dec 2022 15:36:54 GMT
Date: Tue, 20 Dec 2022 12:49:48 GMT
Connection: keep-alive
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 95181902ad63c207f21a6e84780a7cf6
c7c93eab9ab4e7fdba0c874ce3b9336cd2356646
3fea1d64a4b16da52435b3a9766c1db7b11dcf7cd063add81c9d47427e24db83
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 20 Dec 2022 12:49:48 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 4f05977a009dd740d1f82894bb649d6f
a6e1a419deff5fc86ffa4fc7991435ec1578233a
6cc36a336c232d9d1823ea0bec9acaf4744f0f1b9648cdd21ce44d294e9cb576
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 20 Dec 2022 12:49:48 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
us.doctorpost.net/metrics/save.img?event=impressions&bid-id=v2-1671540587113-7-8077-1178228-cddf54be-1cf6-b707-2e8b-28eb8fd53ce9&img=https%3A%2F%2Ftrack.trackingtraffo.com%2Fpush%2Fic%3Fauth%3Dpz6u78%26c%3DXMveNk3mlZZKedims-_4GmCGdw5rPgB1coDfq4asUHxqKZk1PRHvlKfeXX6w7iIQJaUWKbK8TP4xACPjCiurh_4UjyHW1zM4Zf08sIcKAyzpXhUenM5TtUHlBALP00FOyCN9D6NRHv9V6fp6GRlOqnazp8k6gUAAmoBW4OmE9o6K8trv-ohxZsKARJQTFuHo2EtqSpFCSAwDzKUn6bXHyd7vCBVN7YsvPqoTziEFNNKnzHD-kffLcbdEXDYkuKwbeJQy5EResJxeXeB2DHuFKaOX7zPTsicR-JSiX916ZXHrEWRFhc_zxExjV-S_ICM6gBGupVS5t9oMlllQgPgQnN1aZN6LPT9iI4rB2g6QdGy9OVaq9LkfBy7LGTVEPoesxSy0BY3t0YKxK_1F8XyGjEj2ln3wwSB8KjbbcjfVqtTwcYCfFohnz9X3s21EOJCSo0aVo1BTRgxfdwzb2X8bDcw4XvmWSFO3hHzYhIn02ABu5NvwjqLPah__AKHSagaJOOVatkr0zSIf9JseCZIhdoFqpY9HEySnXuhRwjtWY_HFByc0b9J7bPB7M79JVqDG5qFWIcEVhBvSHj2cNHR_gApr4wG9BWRUijfnP41ETpi36OIz
38.100.129.10302 Found 0 B URL HTTP/2 us.doctorpost.net/metrics/save.img?event=impressions&bid-id=v2-1671540587113-7-8077-1178228-cddf54be-1cf6-b707-2e8b-28eb8fd53ce9&img=https%3A%2F%2Ftrack.trackingtraffo.com%2Fpush%2Fic%3Fauth%3Dpz6u78%26c%3DXMveNk3mlZZKedims-_4GmCGdw5rPgB1coDfq4asUHxqKZk1PRHvlKfeXX6w7iIQJaUWKbK8TP4xACPjCiurh_4UjyHW1zM4Zf08sIcKAyzpXhUenM5TtUHlBALP00FOyCN9D6NRHv9V6fp6GRlOqnazp8k6gUAAmoBW4OmE9o6K8trv-ohxZsKARJQTFuHo2EtqSpFCSAwDzKUn6bXHyd7vCBVN7YsvPqoTziEFNNKnzHD-kffLcbdEXDYkuKwbeJQy5EResJxeXeB2DHuFKaOX7zPTsicR-JSiX916ZXHrEWRFhc_zxExjV-S_ICM6gBGupVS5t9oMlllQgPgQnN1aZN6LPT9iI4rB2g6QdGy9OVaq9LkfBy7LGTVEPoesxSy0BY3t0YKxK_1F8XyGjEj2ln3wwSB8KjbbcjfVqtTwcYCfFohnz9X3s21EOJCSo0aVo1BTRgxfdwzb2X8bDcw4XvmWSFO3hHzYhIn02ABu5NvwjqLPah__AKHSagaJOOVatkr0zSIf9JseCZIhdoFqpY9HEySnXuhRwjtWY_HFByc0b9J7bPB7M79JVqDG5qFWIcEVhBvSHj2cNHR_gApr4wG9BWRUijfnP41ETpi36OIz
IP 38.100.129.10:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /metrics/save.img?event=impressions&bid-id=v2-1671540587113-7-8077-1178228-cddf54be-1cf6-b707-2e8b-28eb8fd53ce9&img=https%3A%2F%2Ftrack.trackingtraffo.com%2Fpush%2Fic%3Fauth%3Dpz6u78%26c%3DXMveNk3mlZZKedims-_4GmCGdw5rPgB1coDfq4asUHxqKZk1PRHvlKfeXX6w7iIQJaUWKbK8TP4xACPjCiurh_4UjyHW1zM4Zf08sIcKAyzpXhUenM5TtUHlBALP00FOyCN9D6NRHv9V6fp6GRlOqnazp8k6gUAAmoBW4OmE9o6K8trv-ohxZsKARJQTFuHo2EtqSpFCSAwDzKUn6bXHyd7vCBVN7YsvPqoTziEFNNKnzHD-kffLcbdEXDYkuKwbeJQy5EResJxeXeB2DHuFKaOX7zPTsicR-JSiX916ZXHrEWRFhc_zxExjV-S_ICM6gBGupVS5t9oMlllQgPgQnN1aZN6LPT9iI4rB2g6QdGy9OVaq9LkfBy7LGTVEPoesxSy0BY3t0YKxK_1F8XyGjEj2ln3wwSB8KjbbcjfVqtTwcYCfFohnz9X3s21EOJCSo0aVo1BTRgxfdwzb2X8bDcw4XvmWSFO3hHzYhIn02ABu5NvwjqLPah__AKHSagaJOOVatkr0zSIf9JseCZIhdoFqpY9HEySnXuhRwjtWY_HFByc0b9J7bPB7M79JVqDG5qFWIcEVhBvSHj2cNHR_gApr4wG9BWRUijfnP41ETpi36OIz HTTP/1.1
Host: us.doctorpost.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
server: openresty/1.15.8.3
date: Tue, 20 Dec 2022 12:49:48 GMT
content-length: 0
location: https://track.trackingtraffo.com/push/ic?auth=pz6u78&c=XMveNk3mlZZKedims-_4GmCGdw5rPgB1coDfq4asUHxqKZk1PRHvlKfeXX6w7iIQJaUWKbK8TP4xACPjCiurh_4UjyHW1zM4Zf08sIcKAyzpXhUenM5TtUHlBALP00FOyCN9D6NRHv9V6fp6GRlOqnazp8k6gUAAmoBW4OmE9o6K8trv-ohxZsKARJQTFuHo2EtqSpFCSAwDzKUn6bXHyd7vCBVN7YsvPqoTziEFNNKnzHD-kffLcbdEXDYkuKwbeJQy5EResJxeXeB2DHuFKaOX7zPTsicR-JSiX916ZXHrEWRFhc_zxExjV-S_ICM6gBGupVS5t9oMlllQgPgQnN1aZN6LPT9iI4rB2g6QdGy9OVaq9LkfBy7LGTVEPoesxSy0BY3t0YKxK_1F8XyGjEj2ln3wwSB8KjbbcjfVqtTwcYCfFohnz9X3s21EOJCSo0aVo1BTRgxfdwzb2X8bDcw4XvmWSFO3hHzYhIn02ABu5NvwjqLPah__AKHSagaJOOVatkr0zSIf9JseCZIhdoFqpY9HEySnXuhRwjtWY_HFByc0b9J7bPB7M79JVqDG5qFWIcEVhBvSHj2cNHR_gApr4wG9BWRUijfnP41ETpi36OIz
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash dc42e8888911b1f352cc281c26b44e1e
6b4d3cec2daaec21b6af172283cdfd398394c251
22d9f36ba4e1b3932f8e0a1349f144054e5b9765282a2083d96cc91760520923
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 1553
Cache-Control: max-age=113490
Content-Type: application/ocsp-response
Date: Tue, 20 Dec 2022 12:49:48 GMT
Etag: "63a0c1ad-1d7"
Expires: Wed, 21 Dec 2022 20:21:18 GMT
Last-Modified: Mon, 19 Dec 2022 19:55:25 GMT
Server: ECS (ska/F70D)
X-Cache: HIT
Content-Length: 471
us.doctorpost.net/metrics/save.img?event=impressions&bid-id=v2-1671540587295-7-8077-1178228-9ec2e0e9-b107-0035-3dd9-e5a3901c08d8&img=https%3A%2F%2Ftrack.trackingtraffo.com%2Fpush%2Fic%3Fauth%3Dpz6u78%26c%3Dkm1AEJOSWBb_L8dO681U_hcsZIIA8IqwpIaRZfFxSF0fz19c1vv2iTP3V7CKD74IectZ29-Xb8I-0c95ejjDPuzh8dRBfDqESzsvp2Qu3PxAw-O23_lDLiLoumK3HfykY9q6sIDXl6f1mJ4PUXneQlSI2bgD3oI8tmVCRm_OLFoaXIDR6DfejQvQT1HaK-9ffbuZuUNPwL21nctW4D3MNTNfYJOmVf6IFQY12MjeImj1yqQlmt8FIYo_bwuDEtFTVLhyN5VDoG5d0EtHZ9dBfdEcKKSTlkNHQD_pK6gXQgrJYd2-OU6QFAy5dyPIMcYEgNbjUOp9UERLHPk9leLAwxnKz7Tp8gL4SOxx2Y5FKoTDJfxste5dQ9a3xqJzvkim1QjthVSNfC_XobWt2oTHsBldfovn-8wzfyOPaiwrLOn6lYIMbhxsqfiJlpqRYcdt0ssw4Saxy-QLJktnR9gEkzRpcmuFqZR6iNVAR8cIHZtzj3k5nNWiAfL-zecE5v78hjZm24az8aIkxhzPmMKpwu5ZTXHTD0fYw5fNb1NjnLD1zsAv9bSbAPENDgj7duzMgyi8LOoC5c-iTP_p2nNvIohuOkOhZX496muDg4RqZdoNfPmY
38.100.129.10302 Found 0 B URL HTTP/2 us.doctorpost.net/metrics/save.img?event=impressions&bid-id=v2-1671540587295-7-8077-1178228-9ec2e0e9-b107-0035-3dd9-e5a3901c08d8&img=https%3A%2F%2Ftrack.trackingtraffo.com%2Fpush%2Fic%3Fauth%3Dpz6u78%26c%3Dkm1AEJOSWBb_L8dO681U_hcsZIIA8IqwpIaRZfFxSF0fz19c1vv2iTP3V7CKD74IectZ29-Xb8I-0c95ejjDPuzh8dRBfDqESzsvp2Qu3PxAw-O23_lDLiLoumK3HfykY9q6sIDXl6f1mJ4PUXneQlSI2bgD3oI8tmVCRm_OLFoaXIDR6DfejQvQT1HaK-9ffbuZuUNPwL21nctW4D3MNTNfYJOmVf6IFQY12MjeImj1yqQlmt8FIYo_bwuDEtFTVLhyN5VDoG5d0EtHZ9dBfdEcKKSTlkNHQD_pK6gXQgrJYd2-OU6QFAy5dyPIMcYEgNbjUOp9UERLHPk9leLAwxnKz7Tp8gL4SOxx2Y5FKoTDJfxste5dQ9a3xqJzvkim1QjthVSNfC_XobWt2oTHsBldfovn-8wzfyOPaiwrLOn6lYIMbhxsqfiJlpqRYcdt0ssw4Saxy-QLJktnR9gEkzRpcmuFqZR6iNVAR8cIHZtzj3k5nNWiAfL-zecE5v78hjZm24az8aIkxhzPmMKpwu5ZTXHTD0fYw5fNb1NjnLD1zsAv9bSbAPENDgj7duzMgyi8LOoC5c-iTP_p2nNvIohuOkOhZX496muDg4RqZdoNfPmY
IP 38.100.129.10:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /metrics/save.img?event=impressions&bid-id=v2-1671540587295-7-8077-1178228-9ec2e0e9-b107-0035-3dd9-e5a3901c08d8&img=https%3A%2F%2Ftrack.trackingtraffo.com%2Fpush%2Fic%3Fauth%3Dpz6u78%26c%3Dkm1AEJOSWBb_L8dO681U_hcsZIIA8IqwpIaRZfFxSF0fz19c1vv2iTP3V7CKD74IectZ29-Xb8I-0c95ejjDPuzh8dRBfDqESzsvp2Qu3PxAw-O23_lDLiLoumK3HfykY9q6sIDXl6f1mJ4PUXneQlSI2bgD3oI8tmVCRm_OLFoaXIDR6DfejQvQT1HaK-9ffbuZuUNPwL21nctW4D3MNTNfYJOmVf6IFQY12MjeImj1yqQlmt8FIYo_bwuDEtFTVLhyN5VDoG5d0EtHZ9dBfdEcKKSTlkNHQD_pK6gXQgrJYd2-OU6QFAy5dyPIMcYEgNbjUOp9UERLHPk9leLAwxnKz7Tp8gL4SOxx2Y5FKoTDJfxste5dQ9a3xqJzvkim1QjthVSNfC_XobWt2oTHsBldfovn-8wzfyOPaiwrLOn6lYIMbhxsqfiJlpqRYcdt0ssw4Saxy-QLJktnR9gEkzRpcmuFqZR6iNVAR8cIHZtzj3k5nNWiAfL-zecE5v78hjZm24az8aIkxhzPmMKpwu5ZTXHTD0fYw5fNb1NjnLD1zsAv9bSbAPENDgj7duzMgyi8LOoC5c-iTP_p2nNvIohuOkOhZX496muDg4RqZdoNfPmY HTTP/1.1
Host: us.doctorpost.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 302 Found
server: openresty/1.15.8.3
date: Tue, 20 Dec 2022 12:49:48 GMT
content-length: 0
location: https://track.trackingtraffo.com/push/ic?auth=pz6u78&c=km1AEJOSWBb_L8dO681U_hcsZIIA8IqwpIaRZfFxSF0fz19c1vv2iTP3V7CKD74IectZ29-Xb8I-0c95ejjDPuzh8dRBfDqESzsvp2Qu3PxAw-O23_lDLiLoumK3HfykY9q6sIDXl6f1mJ4PUXneQlSI2bgD3oI8tmVCRm_OLFoaXIDR6DfejQvQT1HaK-9ffbuZuUNPwL21nctW4D3MNTNfYJOmVf6IFQY12MjeImj1yqQlmt8FIYo_bwuDEtFTVLhyN5VDoG5d0EtHZ9dBfdEcKKSTlkNHQD_pK6gXQgrJYd2-OU6QFAy5dyPIMcYEgNbjUOp9UERLHPk9leLAwxnKz7Tp8gL4SOxx2Y5FKoTDJfxste5dQ9a3xqJzvkim1QjthVSNfC_XobWt2oTHsBldfovn-8wzfyOPaiwrLOn6lYIMbhxsqfiJlpqRYcdt0ssw4Saxy-QLJktnR9gEkzRpcmuFqZR6iNVAR8cIHZtzj3k5nNWiAfL-zecE5v78hjZm24az8aIkxhzPmMKpwu5ZTXHTD0fYw5fNb1NjnLD1zsAv9bSbAPENDgj7duzMgyi8LOoC5c-iTP_p2nNvIohuOkOhZX496muDg4RqZdoNfPmY
X-Firefox-Spdy: h2
spinalmultiple.com/pixel/sbs?c=1
192.243.59.13200 OK 0 B URL HTTP/1.1 spinalmultiple.com/pixel/sbs?c=1
IP 192.243.59.13:0
ASN #39572 DataWeb Global Group B.V.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /pixel/sbs?c=1 HTTP/1.1
Host: spinalmultiple.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Cookie: u_pl=15600826; uid_id2=77f35611-a6e1-48d8-868b-c1dc3813e167:2:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.17.6
Date: Tue, 20 Dec 2022 12:49:48 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
spinalmultiple.com/impr.gif?sid=H4sIAAAAAAAC%2F6xS32sc1Re%2Fk2%2B%2FX%2FiiD1aKIFIcWCkVzGZmZ3%2B2lJA2abo0TWISKfpS7tx7Z3PdO%2FeOc%2B%2FsbFaE0or0QSEVQd%2BcnKSN1f6wb1YUZCMFCRS6PsiCBvQPkILQR5XdRKoPgg%2Behzmfw2cu5%2FM557y1luwgBxLcnz%2BjOlwIPFbKO%2Fbhs1xSlWp7dsl2nbxz1D7LZbl41G4PPnHriOuU8s7z9jQjTTVWcFzHcR3XPsljFqj22JAFHl2vufmaky8W8m6pCO34r7VOLNDYAtraQU8Cp73%2FLn9zGzjpggw%2FnWS6aVT0wlSYCGxUDC26%2BZJsSpVKCB%2FBILYgkJt7f4PSPYQ%2BGAElN%2FccgGptDByAz3vI%2Bs4FX27uyQS%2FdWVXqS%2BASfDpY5C2usBEFzjuAlEXgdP7CIBQmJ0DGV6dVXGKV3ZZPGB7aN%2FDX4CnPbTvhwMgw5vHBW%2Fbi0okhiupoR1kwNtd4I0uRMkWmI4FPN0CYi4Ap%2FfQ2MMZkOHGnBYKOO0%2FV6kEXqnsuqO4zNzRYpVWR6vlqj9KXEq8qusxt1wZjojzLvCgC4KtAtYjkGgLEm5BEliQRBaEtG%2FjUi1wnErgB55XLRJCPI%2BQUrVMS9QrVgMHEjLwsAomWgUiVoHE5yGKz0OTX%2B4hdGED4uQr0MsZaGqBNghaNIOUIUg1ghQjSDmC1CBIW9kVKnRBZ1ep0Inv7uXCXvaydWUaa%2FiKMg0m0Vq0g%2FYPp%2Ffz459Dk%2FVtXAhqNSdwnWKl7JRdUnFr1CUuxh4uMEILoHkGXI8A1hZ0eA8deOYniAYrfeM38PEWaLEFhD8BODkIOF2vFBzAy%2BvFqgMdeb0dYGlwZyVPVAhUZRCZfWBWrDWxg54e6qhM3ANGtse%2FH7nxMv91DUicQRRn8Cr%2FGkFDXFpfUCnaWFCpRrfnIsND3sGDDS8abBj6%2BDRbSVVM65N69doEGRADeH2JaTODJeWyodEnxzmlLD6pYsLQl3V9lvnziV4%2BnsQyiWbmT5ysh1HMtOZKdgHz%2B%2B1XgPAe%2Bv%2BdG8PbPfhsDXi8BXHSn1w2JjoyNkYEJ818REQzL3HIdutxzbA55pVrTqFwCFNO%2F8D8WGcGB1XvNU%2B%2BOHXOgTDZHn977O77h6%2FuB666QKI3P8rl6ifmZnO5%2FsLftDDLSehLzMU%2FbXOIhw1zjBMlr%2BVyS%2FWlmalc7ou6TXHDZrEtVppNRnGDSZtyaT%2F48N3PbuVyk1OLJxbq80v1oRR70eDY2DriQjBjh4zaruM49uzcadtXMtG3crmZiYXpqXP1MxPTU7lc%2F9S%2FJR50tI32ArRCEItHtR9ZkCbZelzwt8ezU089%2BN87d0DwHjpyV4Ng2%2BPvdX6cvnngdcB%2BBpr96eEjvKYvQSO2AJuLIMMMWnEGLZEBFqugk%2F%2BsmyjeHv%2FWGwb4wlr3RWxt%2BCIWl3dvVvO%2BXXKLrOpXK4RSnxHqVgpe1XOcAqXFSo25NTC6R9ZuNX8HAAD%2F%2FwEAAP%2F%2Fq2VepOwFAAA%3D
192.243.59.13200 OK 7 B URL HTTP/1.1 spinalmultiple.com/impr.gif?sid=H4sIAAAAAAAC%2F6xS32sc1Re%2Fk2%2B%2FX%2FiiD1aKIFIcWCkVzGZmZ3%2B2lJA2abo0TWISKfpS7tx7Z3PdO%2FeOc%2B%2FsbFaE0or0QSEVQd%2BcnKSN1f6wb1YUZCMFCRS6PsiCBvQPkILQR5XdRKoPgg%2Behzmfw2cu5%2FM557y1luwgBxLcnz%2BjOlwIPFbKO%2Fbhs1xSlWp7dsl2nbxz1D7LZbl41G4PPnHriOuU8s7z9jQjTTVWcFzHcR3XPsljFqj22JAFHl2vufmaky8W8m6pCO34r7VOLNDYAtraQU8Cp73%2FLn9zGzjpggw%2FnWS6aVT0wlSYCGxUDC26%2BZJsSpVKCB%2FBILYgkJt7f4PSPYQ%2BGAElN%2FccgGptDByAz3vI%2Bs4FX27uyQS%2FdWVXqS%2BASfDpY5C2usBEFzjuAlEXgdP7CIBQmJ0DGV6dVXGKV3ZZPGB7aN%2FDX4CnPbTvhwMgw5vHBW%2Fbi0okhiupoR1kwNtd4I0uRMkWmI4FPN0CYi4Ap%2FfQ2MMZkOHGnBYKOO0%2FV6kEXqnsuqO4zNzRYpVWR6vlqj9KXEq8qusxt1wZjojzLvCgC4KtAtYjkGgLEm5BEliQRBaEtG%2FjUi1wnErgB55XLRJCPI%2BQUrVMS9QrVgMHEjLwsAomWgUiVoHE5yGKz0OTX%2B4hdGED4uQr0MsZaGqBNghaNIOUIUg1ghQjSDmC1CBIW9kVKnRBZ1ep0Inv7uXCXvaydWUaa%2FiKMg0m0Vq0g%2FYPp%2Ffz459Dk%2FVtXAhqNSdwnWKl7JRdUnFr1CUuxh4uMEILoHkGXI8A1hZ0eA8deOYniAYrfeM38PEWaLEFhD8BODkIOF2vFBzAy%2BvFqgMdeb0dYGlwZyVPVAhUZRCZfWBWrDWxg54e6qhM3ANGtse%2FH7nxMv91DUicQRRn8Cr%2FGkFDXFpfUCnaWFCpRrfnIsND3sGDDS8abBj6%2BDRbSVVM65N69doEGRADeH2JaTODJeWyodEnxzmlLD6pYsLQl3V9lvnziV4%2BnsQyiWbmT5ysh1HMtOZKdgHz%2B%2B1XgPAe%2Bv%2BdG8PbPfhsDXi8BXHSn1w2JjoyNkYEJ818REQzL3HIdutxzbA55pVrTqFwCFNO%2F8D8WGcGB1XvNU%2B%2BOHXOgTDZHn977O77h6%2FuB666QKI3P8rl6ifmZnO5%2FsLftDDLSehLzMU%2FbXOIhw1zjBMlr%2BVyS%2FWlmalc7ou6TXHDZrEtVppNRnGDSZtyaT%2F48N3PbuVyk1OLJxbq80v1oRR70eDY2DriQjBjh4zaruM49uzcadtXMtG3crmZiYXpqXP1MxPTU7lc%2F9S%2FJR50tI32ArRCEItHtR9ZkCbZelzwt8ezU089%2BN87d0DwHjpyV4Ng2%2BPvdX6cvnngdcB%2BBpr96eEjvKYvQSO2AJuLIMMMWnEGLZEBFqugk%2F%2BsmyjeHv%2FWGwb4wlr3RWxt%2BCIWl3dvVvO%2BXXKLrOpXK4RSnxHqVgpe1XOcAqXFSo25NTC6R9ZuNX8HAAD%2F%2FwEAAP%2F%2Fq2VepOwFAAA%3D
IP 192.243.59.13:0
ASN #39572 DataWeb Global Group B.V.
File type ASCII text, with no line terminators
Hash 132d6af1b46048b45cf86cdee7991d31
eb7007d03d59b65bc6da7e098c4d38fc6dfb6285
ab852e838deccd742a03ca81d4a8d75cf1a00b327db3eaf46bd7da6b6db9384c
Analyzer Verdict Alert quad9 Sinkholed
GET /impr.gif?sid=H4sIAAAAAAAC%2F6xS32sc1Re%2Fk2%2B%2FX%2FiiD1aKIFIcWCkVzGZmZ3%2B2lJA2abo0TWISKfpS7tx7Z3PdO%2FeOc%2B%2FsbFaE0or0QSEVQd%2BcnKSN1f6wb1YUZCMFCRS6PsiCBvQPkILQR5XdRKoPgg%2Behzmfw2cu5%2FM557y1luwgBxLcnz%2BjOlwIPFbKO%2Fbhs1xSlWp7dsl2nbxz1D7LZbl41G4PPnHriOuU8s7z9jQjTTVWcFzHcR3XPsljFqj22JAFHl2vufmaky8W8m6pCO34r7VOLNDYAtraQU8Cp73%2FLn9zGzjpggw%2FnWS6aVT0wlSYCGxUDC26%2BZJsSpVKCB%2FBILYgkJt7f4PSPYQ%2BGAElN%2FccgGptDByAz3vI%2Bs4FX27uyQS%2FdWVXqS%2BASfDpY5C2usBEFzjuAlEXgdP7CIBQmJ0DGV6dVXGKV3ZZPGB7aN%2FDX4CnPbTvhwMgw5vHBW%2Fbi0okhiupoR1kwNtd4I0uRMkWmI4FPN0CYi4Ap%2FfQ2MMZkOHGnBYKOO0%2FV6kEXqnsuqO4zNzRYpVWR6vlqj9KXEq8qusxt1wZjojzLvCgC4KtAtYjkGgLEm5BEliQRBaEtG%2FjUi1wnErgB55XLRJCPI%2BQUrVMS9QrVgMHEjLwsAomWgUiVoHE5yGKz0OTX%2B4hdGED4uQr0MsZaGqBNghaNIOUIUg1ghQjSDmC1CBIW9kVKnRBZ1ep0Inv7uXCXvaydWUaa%2FiKMg0m0Vq0g%2FYPp%2Ffz459Dk%2FVtXAhqNSdwnWKl7JRdUnFr1CUuxh4uMEILoHkGXI8A1hZ0eA8deOYniAYrfeM38PEWaLEFhD8BODkIOF2vFBzAy%2BvFqgMdeb0dYGlwZyVPVAhUZRCZfWBWrDWxg54e6qhM3ANGtse%2FH7nxMv91DUicQRRn8Cr%2FGkFDXFpfUCnaWFCpRrfnIsND3sGDDS8abBj6%2BDRbSVVM65N69doEGRADeH2JaTODJeWyodEnxzmlLD6pYsLQl3V9lvnziV4%2BnsQyiWbmT5ysh1HMtOZKdgHz%2B%2B1XgPAe%2Bv%2BdG8PbPfhsDXi8BXHSn1w2JjoyNkYEJ818REQzL3HIdutxzbA55pVrTqFwCFNO%2F8D8WGcGB1XvNU%2B%2BOHXOgTDZHn977O77h6%2FuB666QKI3P8rl6ifmZnO5%2FsLftDDLSehLzMU%2FbXOIhw1zjBMlr%2BVyS%2FWlmalc7ou6TXHDZrEtVppNRnGDSZtyaT%2F48N3PbuVyk1OLJxbq80v1oRR70eDY2DriQjBjh4zaruM49uzcadtXMtG3crmZiYXpqXP1MxPTU7lc%2F9S%2FJR50tI32ArRCEItHtR9ZkCbZelzwt8ezU089%2BN87d0DwHjpyV4Ng2%2BPvdX6cvnngdcB%2BBpr96eEjvKYvQSO2AJuLIMMMWnEGLZEBFqugk%2F%2BsmyjeHv%2FWGwb4wlr3RWxt%2BCIWl3dvVvO%2BXXKLrOpXK4RSnxHqVgpe1XOcAqXFSo25NTC6R9ZuNX8HAAD%2F%2FwEAAP%2F%2Fq2VepOwFAAA%3D HTTP/1.1
Host: spinalmultiple.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Cookie: u_pl=15600826; uid_id2=77f35611-a6e1-48d8-868b-c1dc3813e167:2:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.17.6
Date: Tue, 20 Dec 2022 12:49:48 GMT
Content-Type: image/gif
Content-Length: 7
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 97781b800f070c250a4af9e67d1e0d57
Strict-Transport-Security: max-age=0; includeSubdomains
e1.o.lencr.org/
95.101.11.115200 OK 346 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash 74b964efe850b3fe69f1286d15aad337
56dccbf88769a3297ba5e105053b54bddc58ffcf
ea02e75c95915ed16c0cc8627e9589a6dae8dbcbd7f1de42df0f307420e824ca
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 346
ETag: "EA02E75C95915ED16C0CC8627E9589A6DAE8DBCBD7F1DE42DF0F307420E824CA"
Last-Modified: Tue, 20 Dec 2022 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10026
Expires: Tue, 20 Dec 2022 15:36:54 GMT
Date: Tue, 20 Dec 2022 12:49:48 GMT
Connection: keep-alive
officialbanisters.com/pixel/sbs?c=1
192.243.59.13200 OK 0 B URL HTTP/1.1 officialbanisters.com/pixel/sbs?c=1
IP 192.243.59.13:0
ASN #39572 DataWeb Global Group B.V.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /pixel/sbs?c=1 HTTP/1.1
Host: officialbanisters.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Cookie: u_pl=17661735; uid_id2=65782ba5-1458-4762-b993-c2593eacb39c:1:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.17.6
Date: Tue, 20 Dec 2022 12:49:48 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
officialbanisters.com/impr.gif?sid=H4sIAAAAAAAC%2F5RS0WscVRe%2F068ffFA%2Bvk%2FxRcEydkWtNJuZnd3sbkqJaZuWpWkSk0jBl3Ln3ju7170zd7j3zs4mPjS2Kn1Mi6AI0slJ0lgttn0o9EUouz6oAbHrgyzS%2FAMiFIT6KrsJVAUfPDBzzuF377m%2F3znn%2FbVkBzmQ4P7cWbnMhcCjpbxjv3KOR1Sm2p5ZtF0n7xy1z%2FForHjUbg9%2BqjXuOqW8c9g%2BzUhTjhYc13Fcx7VPccUC2R4dosDjm1U3X3XyxULeLRWhrf6c68QCjS2grR30NHDa%2B3fjmzvASQei8PZJpptGxkemwkRgIxW06NYbUTOSaQThkzBQFgTR1t5pkLqH0Ef7QEZbewpAtjYGCsDnPWT96IIfbe3RBL%2B1ucvUF8Ai8OkBSFsdYKIDHHeAyEvA6QMEQCjMzEIUXp%2BRKsVLuygeoD20%2F%2FGvwNMe2v%2FwGYjCL44L3rYXpEgMl5GGdpABb3eA1zsQJ10wyxbwtAvEXAROv0Ojj6chCjdmtZDAaf%2FFsVK5UvBxacQtliojxfJYYcSvVr0RUihVPYaJ71XJsEWcd4AHHRBsFbC2IBl83IIksCCJLQhp38alauA45cAPPK9SJIR4HiGlyhgtUa9YCRxIyEDDKph4FYhYBaJWIFYr0ORXeghd3ACV3AfdyEBTC7RB0KIZpAxBqhGkGEHKEaQGQdrKNqnQBZ1dp0InvrvnC3vey9alqa%2FhTWnqLEJr8Q56atA9678XXoYm69sFN2BeteQERbfAnMIY8bzA9ccIY2Oux3wMmmfA9b6h1mXeQwdLByDmPfSfifvg4y5o0QXC%2Fw84eR5wul4uOIAb68WKA8vRvQibRGHRYFiYhpaJIixPROIDlRnEZj%2BYJWtN7KBnhxOtvn0VGNl%2B7YXvPzlkpxeAqAxilcFb%2FCsEdXF5fV6maGNephrdmY0ND%2FkyHkx7wWDD0Gdn2FIqFa2d1Ks3JskAGIQ3F5k20ziiPKpr9PlxTilTp6QiDH1Z0%2BeYP5foxvFERUk8PXfiVC2MFdOay6gDmD9ovwlkIPbuxnCPn5t8B7jqgkr6RxrGxOOjo0Rw0szHRDTzEQ7Zbj7Bj%2Bn5Kbf86iRpVyrnHQiT7Ylv765c%2BMU%2BDFx2gMTvfprL1U7MzuRy%2FfG%2FKWUaSehHmIu%2FlnuJh3VzjBMZ3cjlFmuL01O5XH%2F00bUPNhc51T6rKxZpZmzDhZ%2FQcdt1HMeemT1jB1LZlNXtR9c%2BXrmVy52cWjgxX5tbrA1pHFpoLkV0iHc37aC7abeYaMpQG19GiX507ertW7nc9OT86anztbOTpwePOv%2BUOuh4G%2B0ZaIlAiSe5H1uQJtm6KvjbE5s%2FeR8%2BRL%2BB4D00fux%2FINj2xNev%2F%2FzewXvzgP0MNPvDxSfxmr4MdWUBNpcgCjNoqQxaIgMsVkEn%2F1o3sdqe%2BMEbGvjCWveFsjZ8ocSV3Q3UvG%2BX3CKr%2BJUyodRnhLrlglfxHKdAabFcZW4VjO6RtVvN3wEAAP%2F%2FAQAA%2F%2F85wxsdxgUAAA%3D%3D
192.243.59.13200 OK 7 B URL HTTP/1.1 officialbanisters.com/impr.gif?sid=H4sIAAAAAAAC%2F5RS0WscVRe%2F068ffFA%2Bvk%2FxRcEydkWtNJuZnd3sbkqJaZuWpWkSk0jBl3Ln3ju7170zd7j3zs4mPjS2Kn1Mi6AI0slJ0lgttn0o9EUouz6oAbHrgyzS%2FAMiFIT6KrsJVAUfPDBzzuF377m%2F3znn%2FbVkBzmQ4P7cWbnMhcCjpbxjv3KOR1Sm2p5ZtF0n7xy1z%2FForHjUbg9%2BqjXuOqW8c9g%2BzUhTjhYc13Fcx7VPccUC2R4dosDjm1U3X3XyxULeLRWhrf6c68QCjS2grR30NHDa%2B3fjmzvASQei8PZJpptGxkemwkRgIxW06NYbUTOSaQThkzBQFgTR1t5pkLqH0Ef7QEZbewpAtjYGCsDnPWT96IIfbe3RBL%2B1ucvUF8Ai8OkBSFsdYKIDHHeAyEvA6QMEQCjMzEIUXp%2BRKsVLuygeoD20%2F%2FGvwNMe2v%2FwGYjCL44L3rYXpEgMl5GGdpABb3eA1zsQJ10wyxbwtAvEXAROv0Ojj6chCjdmtZDAaf%2FFsVK5UvBxacQtliojxfJYYcSvVr0RUihVPYaJ71XJsEWcd4AHHRBsFbC2IBl83IIksCCJLQhp38alauA45cAPPK9SJIR4HiGlyhgtUa9YCRxIyEDDKph4FYhYBaJWIFYr0ORXeghd3ACV3AfdyEBTC7RB0KIZpAxBqhGkGEHKEaQGQdrKNqnQBZ1dp0InvrvnC3vey9alqa%2FhTWnqLEJr8Q56atA9678XXoYm69sFN2BeteQERbfAnMIY8bzA9ccIY2Oux3wMmmfA9b6h1mXeQwdLByDmPfSfifvg4y5o0QXC%2Fw84eR5wul4uOIAb68WKA8vRvQibRGHRYFiYhpaJIixPROIDlRnEZj%2BYJWtN7KBnhxOtvn0VGNl%2B7YXvPzlkpxeAqAxilcFb%2FCsEdXF5fV6maGNephrdmY0ND%2FkyHkx7wWDD0Gdn2FIqFa2d1Ks3JskAGIQ3F5k20ziiPKpr9PlxTilTp6QiDH1Z0%2BeYP5foxvFERUk8PXfiVC2MFdOay6gDmD9ovwlkIPbuxnCPn5t8B7jqgkr6RxrGxOOjo0Rw0szHRDTzEQ7Zbj7Bj%2Bn5Kbf86iRpVyrnHQiT7Ylv765c%2BMU%2BDFx2gMTvfprL1U7MzuRy%2FfG%2FKWUaSehHmIu%2FlnuJh3VzjBMZ3cjlFmuL01O5XH%2F00bUPNhc51T6rKxZpZmzDhZ%2FQcdt1HMeemT1jB1LZlNXtR9c%2BXrmVy52cWjgxX5tbrA1pHFpoLkV0iHc37aC7abeYaMpQG19GiX507ertW7nc9OT86anztbOTpwePOv%2BUOuh4G%2B0ZaIlAiSe5H1uQJtm6KvjbE5s%2FeR8%2BRL%2BB4D00fux%2FINj2xNev%2F%2FzewXvzgP0MNPvDxSfxmr4MdWUBNpcgCjNoqQxaIgMsVkEn%2F1o3sdqe%2BMEbGvjCWveFsjZ8ocSV3Q3UvG%2BX3CKr%2BJUyodRnhLrlglfxHKdAabFcZW4VjO6RtVvN3wEAAP%2F%2FAQAA%2F%2F85wxsdxgUAAA%3D%3D
IP 192.243.59.13:0
ASN #39572 DataWeb Global Group B.V.
File type ASCII text, with no line terminators
Hash 132d6af1b46048b45cf86cdee7991d31
eb7007d03d59b65bc6da7e098c4d38fc6dfb6285
ab852e838deccd742a03ca81d4a8d75cf1a00b327db3eaf46bd7da6b6db9384c
Analyzer Verdict Alert quad9 Sinkholed
GET /impr.gif?sid=H4sIAAAAAAAC%2F5RS0WscVRe%2F068ffFA%2Bvk%2FxRcEydkWtNJuZnd3sbkqJaZuWpWkSk0jBl3Ln3ju7170zd7j3zs4mPjS2Kn1Mi6AI0slJ0lgttn0o9EUouz6oAbHrgyzS%2FAMiFIT6KrsJVAUfPDBzzuF377m%2F3znn%2FbVkBzmQ4P7cWbnMhcCjpbxjv3KOR1Sm2p5ZtF0n7xy1z%2FForHjUbg9%2BqjXuOqW8c9g%2BzUhTjhYc13Fcx7VPccUC2R4dosDjm1U3X3XyxULeLRWhrf6c68QCjS2grR30NHDa%2B3fjmzvASQei8PZJpptGxkemwkRgIxW06NYbUTOSaQThkzBQFgTR1t5pkLqH0Ef7QEZbewpAtjYGCsDnPWT96IIfbe3RBL%2B1ucvUF8Ai8OkBSFsdYKIDHHeAyEvA6QMEQCjMzEIUXp%2BRKsVLuygeoD20%2F%2FGvwNMe2v%2FwGYjCL44L3rYXpEgMl5GGdpABb3eA1zsQJ10wyxbwtAvEXAROv0Ojj6chCjdmtZDAaf%2FFsVK5UvBxacQtliojxfJYYcSvVr0RUihVPYaJ71XJsEWcd4AHHRBsFbC2IBl83IIksCCJLQhp38alauA45cAPPK9SJIR4HiGlyhgtUa9YCRxIyEDDKph4FYhYBaJWIFYr0ORXeghd3ACV3AfdyEBTC7RB0KIZpAxBqhGkGEHKEaQGQdrKNqnQBZ1dp0InvrvnC3vey9alqa%2FhTWnqLEJr8Q56atA9678XXoYm69sFN2BeteQERbfAnMIY8bzA9ccIY2Oux3wMmmfA9b6h1mXeQwdLByDmPfSfifvg4y5o0QXC%2Fw84eR5wul4uOIAb68WKA8vRvQibRGHRYFiYhpaJIixPROIDlRnEZj%2BYJWtN7KBnhxOtvn0VGNl%2B7YXvPzlkpxeAqAxilcFb%2FCsEdXF5fV6maGNephrdmY0ND%2FkyHkx7wWDD0Gdn2FIqFa2d1Ks3JskAGIQ3F5k20ziiPKpr9PlxTilTp6QiDH1Z0%2BeYP5foxvFERUk8PXfiVC2MFdOay6gDmD9ovwlkIPbuxnCPn5t8B7jqgkr6RxrGxOOjo0Rw0szHRDTzEQ7Zbj7Bj%2Bn5Kbf86iRpVyrnHQiT7Ylv765c%2BMU%2BDFx2gMTvfprL1U7MzuRy%2FfG%2FKWUaSehHmIu%2FlnuJh3VzjBMZ3cjlFmuL01O5XH%2F00bUPNhc51T6rKxZpZmzDhZ%2FQcdt1HMeemT1jB1LZlNXtR9c%2BXrmVy52cWjgxX5tbrA1pHFpoLkV0iHc37aC7abeYaMpQG19GiX507ertW7nc9OT86anztbOTpwePOv%2BUOuh4G%2B0ZaIlAiSe5H1uQJtm6KvjbE5s%2FeR8%2BRL%2BB4D00fux%2FINj2xNev%2F%2FzewXvzgP0MNPvDxSfxmr4MdWUBNpcgCjNoqQxaIgMsVkEn%2F1o3sdqe%2BMEbGvjCWveFsjZ8ocSV3Q3UvG%2BX3CKr%2BJUyodRnhLrlglfxHKdAabFcZW4VjO6RtVvN3wEAAP%2F%2FAQAA%2F%2F85wxsdxgUAAA%3D%3D HTTP/1.1
Host: officialbanisters.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Cookie: u_pl=17661735; uid_id2=65782ba5-1458-4762-b993-c2593eacb39c:1:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.17.6
Date: Tue, 20 Dec 2022 12:49:48 GMT
Content-Type: image/gif
Content-Length: 7
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 3fa5a534c6c59450106894cc209fccab
Strict-Transport-Security: max-age=0; includeSubdomains
static-cache.k2s.cc/thumbnail/d-2buCKgnq66qz-W9w/w320h240/0.jpeg
188.72.235.185200 OK 8.8 kB URL HTTP/2 static-cache.k2s.cc/thumbnail/d-2buCKgnq66qz-W9w/w320h240/0.jpeg
IP 188.72.235.185:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v80), quality = 80", baseline, precision 8, 320x240, components 3\012- data
Hash 0296a6d9c94eab4ec626c2e3e9cf1947
5d3c5d88c3fd90d93ff3215edab541174651f916
273b6cb85d724f0c2e2ea96529bcdba216a80cc1c5f6ac1ca11086f2c98cafd3
GET /thumbnail/d-2buCKgnq66qz-W9w/w320h240/0.jpeg HTTP/1.1
Host: static-cache.k2s.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: openresty
date: Tue, 20 Dec 2022 12:49:48 GMT
content-type: image/jpeg
content-length: 8755
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
access-control-allow-origin: *
x-cache-status: HIT
X-Firefox-Spdy: h2
ocsp.sectigo.com/
104.18.32.68200 OK 471 B IP 104.18.32.68:0
Hash 707a75781f08409b53c43a85fe9245cb
fa131c04ec9a044ac06a8c75c8a2f2d992fe9da1
65a210bed290505cfe123e0a2210696a4662d382248ac39f254fb57e489870ed
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Tue, 20 Dec 2022 12:49:48 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Sat, 17 Dec 2022 18:28:16 GMT
Expires: Sat, 24 Dec 2022 18:28:15 GMT
Etag: "fa131c04ec9a044ac06a8c75c8a2f2d992fe9da1"
Cache-Control: max-age=365306,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb6
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 77c88008bc5d0b06-OSL
ocsp.sectigo.com/
104.18.32.68200 OK 471 B IP 104.18.32.68:0
Hash 707a75781f08409b53c43a85fe9245cb
fa131c04ec9a044ac06a8c75c8a2f2d992fe9da1
65a210bed290505cfe123e0a2210696a4662d382248ac39f254fb57e489870ed
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Tue, 20 Dec 2022 12:49:48 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Sat, 17 Dec 2022 18:28:16 GMT
Expires: Sat, 24 Dec 2022 18:28:15 GMT
Etag: "fa131c04ec9a044ac06a8c75c8a2f2d992fe9da1"
Cache-Control: max-age=365306,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb3
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 77c88008c987b4fd-OSL
static-cache.k2s.cc/thumbnail/I7yStXX1zKvl_T7Bqw/w320h240/0.jpeg
188.72.235.185200 OK 8.8 kB URL HTTP/2 static-cache.k2s.cc/thumbnail/I7yStXX1zKvl_T7Bqw/w320h240/0.jpeg
IP 188.72.235.185:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v80), quality = 80", baseline, precision 8, 320x240, components 3\012- data
Hash 774cb5417108ed048bb636113176fe72
6d40822054d9049e89f323293554072aa6b2afeb
3f640c57b6d2ee88d706671da446df2408418cdf6f5b55385d935fe69a40e716
GET /thumbnail/I7yStXX1zKvl_T7Bqw/w320h240/0.jpeg HTTP/1.1
Host: static-cache.k2s.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: openresty
date: Tue, 20 Dec 2022 12:49:48 GMT
content-type: image/jpeg
content-length: 8831
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
access-control-allow-origin: *
x-cache-status: HIT
X-Firefox-Spdy: h2
static-cache.k2s.cc/thumbnail/LL_BuSTywqzkqmiU_Q/w320h240/0.jpeg
188.72.235.185200 OK 13 kB URL HTTP/2 static-cache.k2s.cc/thumbnail/LL_BuSTywqzkqmiU_Q/w320h240/0.jpeg
IP 188.72.235.185:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v80), quality = 80", baseline, precision 8, 320x240, components 3\012- data
Hash 7203cf037c04e30821b32b5c27bd8c8d
953c7ce05eaac9f71d09a6374ff841cc2b82c592
3ad2d41f8554b4e53e2b184ce04cca11f35f91a052094eea74d8afcb17fb4c21
GET /thumbnail/LL_BuSTywqzkqmiU_Q/w320h240/0.jpeg HTTP/1.1
Host: static-cache.k2s.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: openresty
date: Tue, 20 Dec 2022 12:49:48 GMT
content-type: image/jpeg
content-length: 13380
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
access-control-allow-origin: *
x-cache-status: HIT
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 279 B IP 93.184.220.29:0
Hash 63299245995096f3c9188c7a26250368
e87fbb4af9edf926ba2bda31e5710dad28c5a9e1
dc953d5aaa381023c8ed518f9ef7c4ade9dfe67f75f15fec1ba7dc2a60a5466c
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4164
Cache-Control: max-age=160015
Content-Type: application/ocsp-response
Date: Tue, 20 Dec 2022 12:49:48 GMT
Etag: "63a16d37-117"
Expires: Thu, 22 Dec 2022 09:16:43 GMT
Last-Modified: Tue, 20 Dec 2022 08:07:19 GMT
Server: ECS (ska/F70D)
X-Cache: HIT
Content-Length: 279
static-cache.k2s.cc/thumbnail/dbmXu36mz_jr8W_G_A/w320h240/0.jpeg
188.72.235.185200 OK 14 kB URL HTTP/2 static-cache.k2s.cc/thumbnail/dbmXu36mz_jr8W_G_A/w320h240/0.jpeg
IP 188.72.235.185:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v80), quality = 80", baseline, precision 8, 320x240, components 3\012- data
Hash c7cf758aeb379883e5a778f2c1e2e7ac
40ac00e78729c709990b3b1c0de018baf5c4e2d6
972d64a9ebd39d4a513620528c4d53d765720eb7e076a0f341678e66e6d456a7
GET /thumbnail/dbmXu36mz_jr8W_G_A/w320h240/0.jpeg HTTP/1.1
Host: static-cache.k2s.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: openresty
date: Tue, 20 Dec 2022 12:49:48 GMT
content-type: image/jpeg
content-length: 13693
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
access-control-allow-origin: *
x-cache-status: HIT
X-Firefox-Spdy: h2
static-cache.k2s.cc/thumbnail/Le-bvCelnK26rG_Brg/w320h240/0.jpeg
188.72.235.185200 OK 9.3 kB URL HTTP/2 static-cache.k2s.cc/thumbnail/Le-bvCelnK26rG_Brg/w320h240/0.jpeg
IP 188.72.235.185:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v80), quality = 80", baseline, precision 8, 320x240, components 3\012- data
Hash 3b26e964344170d29a3debc2c5cd8fe2
2831dc7ea7cbd2653518cc52e06e923d721906a0
664216ef7451bbbe388e6401c65e6e4d29b841eb6caa51844d4fd89142612e33
GET /thumbnail/Le-bvCelnK26rG_Brg/w320h240/0.jpeg HTTP/1.1
Host: static-cache.k2s.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: openresty
date: Tue, 20 Dec 2022 12:49:48 GMT
content-type: image/jpeg
content-length: 9296
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
access-control-allow-origin: *
x-cache-status: HIT
X-Firefox-Spdy: h2
static-cache.k2s.cc/thumbnail/I7yX7HSkmajoqj-W-w/w320h240/0.jpeg
188.72.235.185200 OK 13 kB URL HTTP/2 static-cache.k2s.cc/thumbnail/I7yX7HSkmajoqj-W-w/w320h240/0.jpeg
IP 188.72.235.185:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v80), quality = 80", baseline, precision 8, 320x240, components 3\012- data
Hash 761816b4679d34917858a751d91ef6ba
3d9d60025ad0de1c071eb35c2199d05680624a7f
65cd8f23ed0adf617fa481a7fd97c5b694b86a35a74a631d4831e5164209d83b
GET /thumbnail/I7yX7HSkmajoqj-W-w/w320h240/0.jpeg HTTP/1.1
Host: static-cache.k2s.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: openresty
date: Tue, 20 Dec 2022 12:49:48 GMT
content-type: image/jpeg
content-length: 13203
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
access-control-allow-origin: *
x-cache-status: HIT
X-Firefox-Spdy: h2
xfantazy.com/_next/static/chunks/commons.9b890646c0aa33eb63fe.js
172.64.163.22200 OK 467 kB URL HTTP/2 xfantazy.com/_next/static/chunks/commons.9b890646c0aa33eb63fe.js
IP 172.64.163.22:0
File type ASCII text, with very long lines (65536), with no line terminators
Size 467 kB (466977 bytes)
Hash c4a5b564b051218a333276052bb5b13c
2c3323b904281c66f2b3d3de423cd4c543b4a371
7cf63014dfbc176558d383705541e3e664390f436bcb83a217acea282f1f72a3
GET /_next/static/chunks/commons.9b890646c0aa33eb63fe.js HTTP/1.1
Host: xfantazy.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/video/6256b6895a615f1d0cf9c694
Cookie: visitorId=nz72bnqk6kyzzq5g65x; experiment-popup-payment-7=0; experiment-save-to-button-2=0
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Tue, 20 Dec 2022 12:49:44 GMT
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=31536000, immutable
cf-bgj: minify
cf-polished: origSize=1388386
etag: W/"152f62-1826d2c11bc"
last-modified: Fri, 05 Aug 2022 08:43:00 GMT
vary: Origin, Accept-Encoding
cf-cache-status: HIT
age: 11851539
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=5oK1qeeEr%2FeRnB4hfCvbBv7ms%2FA%2FHowRnjni%2B4e%2B7CM3DHTdkOU9v%2BVfdXysPR5FE4Dd97cUAGTEgJaK7CHOI6CTtWNEz03ePew9eZTvrcy1NyTSRzN%2FJPndkrULokw%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 77c87fef9d404077-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
static-cache.k2s.cc/thumbnail/d7yWvSD3nKzs-z3C-g/w320h240/0.jpeg
188.72.235.185200 OK 12 kB URL HTTP/2 static-cache.k2s.cc/thumbnail/d7yWvSD3nKzs-z3C-g/w320h240/0.jpeg
IP 188.72.235.185:0
Hash 690e2d9d84487c2cc28b581c01066922
103233ba43bbe2f2888038e40c47796d37d41e72
a450f3bce10efa00be58e97d96f3aabaddecb8a5c0a61d318d899b48c608599d
GET /thumbnail/d7yWvSD3nKzs-z3C-g/w320h240/0.jpeg HTTP/1.1
Host: static-cache.k2s.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: openresty
date: Tue, 20 Dec 2022 12:49:48 GMT
content-type: image/jpeg
content-length: 10740
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
access-control-allow-origin: *
x-cache-status: HIT
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 279 B IP 93.184.220.29:0
Hash 63299245995096f3c9188c7a26250368
e87fbb4af9edf926ba2bda31e5710dad28c5a9e1
dc953d5aaa381023c8ed518f9ef7c4ade9dfe67f75f15fec1ba7dc2a60a5466c
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4165
Cache-Control: max-age=160015
Content-Type: application/ocsp-response
Date: Tue, 20 Dec 2022 12:49:49 GMT
Etag: "63a16d37-117"
Expires: Thu, 22 Dec 2022 09:16:44 GMT
Last-Modified: Tue, 20 Dec 2022 08:07:19 GMT
Server: ECS (ska/F70D)
X-Cache: HIT
Content-Length: 279
static-cache.k2s.cc/thumbnail/d-rFvXL3nvu--T6Xqg/w320h240/0.jpeg
188.72.235.185200 OK 10 kB URL HTTP/2 static-cache.k2s.cc/thumbnail/d-rFvXL3nvu--T6Xqg/w320h240/0.jpeg
IP 188.72.235.185:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v80), quality = 80", baseline, precision 8, 320x240, components 3\012- data
Hash 0523b3742efa4fcff2d7e84b42ef5fb9
a484b413d82069c02d6224eb05ddcea6ab2d0a2e
4c18d9ce2cf945bc892424bf88b867b2147ac6be0fcb1a9684afc283ce91a131
GET /thumbnail/d-rFvXL3nvu--T6Xqg/w320h240/0.jpeg HTTP/1.1
Host: static-cache.k2s.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: openresty
date: Tue, 20 Dec 2022 12:49:48 GMT
content-type: image/jpeg
content-length: 10261
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
access-control-allow-origin: *
x-cache-status: HIT
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash f690e6e937d9fe7b4a54995db8777b31
60dd21fc22f8c3ac31b94e373cf39fd13bbaeb6d
57cb321ed90b675196358c7cf0aa2e9daa9e2b8956f125b8b0e9b80df0574d5c
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "57CB321ED90B675196358C7CF0AA2E9DAA9E2B8956F125B8B0E9B80DF0574D5C"
Last-Modified: Sun, 18 Dec 2022 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=1495
Expires: Tue, 20 Dec 2022 13:14:44 GMT
Date: Tue, 20 Dec 2022 12:49:49 GMT
Connection: keep-alive
parrecleftne.xyz/floater?cs=ODBldmQABVZHUw0GXUdRDAlTQFQ&abt=0&red=1&sm=83&k=xfantazy%20free%20video%20lopez%20about%20porn%20alina%20teen&v=0.8.15.0&sts=0&prn=1&emb=0&tid=971975&rxy=1280_1024&fs=1&t=600&m=1&ns=1&ndp=1&asi=1&ref=https%3A%2F%2Fxfantazy.com%2Fvideo%2F6256b6895a615f1d0cf9c694&jst=4&enr=0&lcua=mozilla%2F5.0%20(windows%20nt%2010.0%3B%20win64%3B%20x64%3B%20rv%3A105.0)%20gecko%2F20100101%20firefox%2F105.0&tzd=0&uloc=&if=0&aa=oi3_&_0s6V=1671540588630&crc=1
54.230.111.73200 OK 2.4 kB URL HTTP/2 parrecleftne.xyz/floater?cs=ODBldmQABVZHUw0GXUdRDAlTQFQ&abt=0&red=1&sm=83&k=xfantazy%20free%20video%20lopez%20about%20porn%20alina%20teen&v=0.8.15.0&sts=0&prn=1&emb=0&tid=971975&rxy=1280_1024&fs=1&t=600&m=1&ns=1&ndp=1&asi=1&ref=https%3A%2F%2Fxfantazy.com%2Fvideo%2F6256b6895a615f1d0cf9c694&jst=4&enr=0&lcua=mozilla%2F5.0%20(windows%20nt%2010.0%3B%20win64%3B%20x64%3B%20rv%3A105.0)%20gecko%2F20100101%20firefox%2F105.0&tzd=0&uloc=&if=0&aa=oi3_&_0s6V=1671540588630&crc=1
IP 54.230.111.73:0
File type ASCII text, with very long lines (3475), with no line terminators
Hash 60c7a2e74c7d0076addcd04cc5147619
c6c3d7dbf7dfa5ba4a21ebfba4ce660d020f79a7
d8f082c8d65be6d7f451b2e13e80f0f5effb584f8a62674288afe2577bdadf15
GET /floater?cs=ODBldmQABVZHUw0GXUdRDAlTQFQ&abt=0&red=1&sm=83&k=xfantazy%20free%20video%20lopez%20about%20porn%20alina%20teen&v=0.8.15.0&sts=0&prn=1&emb=0&tid=971975&rxy=1280_1024&fs=1&t=600&m=1&ns=1&ndp=1&asi=1&ref=https%3A%2F%2Fxfantazy.com%2Fvideo%2F6256b6895a615f1d0cf9c694&jst=4&enr=0&lcua=mozilla%2F5.0%20(windows%20nt%2010.0%3B%20win64%3B%20x64%3B%20rv%3A105.0)%20gecko%2F20100101%20firefox%2F105.0&tzd=0&uloc=&if=0&aa=oi3_&_0s6V=1671540588630&crc=1 HTTP/1.1
Host: parrecleftne.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://xfantazy.com
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: text/plain
content-length: 2389
date: Tue, 20 Dec 2022 12:49:48 GMT
server: openresty/1.17.8.2
access-control-allow-credentials: true
access-control-allow-origin: https://xfantazy.com
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
set-cookie: csu=a81d945c-b782-42b4-abb6-bba21a05b990
content-encoding: gzip
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
x-cache: Miss from cloudfront
via: 1.1 227a1815a1677b9cf6dd587e443000b8.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: 6eUaRaTrD-bwYAp5nciAsYT7FAOyZHmft4I7QdO2EJgr_awcLSiZYA==
X-Firefox-Spdy: h2
ads.adxadserv.com/ad?spotid=636bc5d561d6e27071201a23&type=300x250&output=html
185.98.53.2200 OK 45 kB URL HTTP/2 ads.adxadserv.com/ad?spotid=636bc5d561d6e27071201a23&type=300x250&output=html
IP 185.98.53.2:0
ASN #39572 DataWeb Global Group B.V.
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=4, xresolution=62, yresolution=70, resolutionunit=3, software=paint.net 4.3.11], baseline, precision 8, 950x150, components 3\012- data
Hash 87520ab5875c2c5cdb971d8e6320ada7
fb36119a36f932b3f98363cdeabd8f10a532ae64
784ff5ba5abafe5206d80c7300205b451da051ad3bda2910ca2ab8734f0826f7
GET /ad?spotid=636bc5d561d6e27071201a23&type=300x250&output=html HTTP/1.1
Host: ads.adxadserv.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Tue, 20 Dec 2022 12:49:49 GMT
content-type: text/html; charset=utf-8
content-length: 1631
cache-control: no-cache
X-Firefox-Spdy: h2
a.naturalhealthsource.club/api/spots/303891?p=1&s1=%subid1%&kw=
135.181.208.216200 OK 3.8 kB URL HTTP/2 a.naturalhealthsource.club/api/spots/303891?p=1&s1=%subid1%&kw=
IP 135.181.208.216:0
ASN #24940 Hetzner Online GmbH
Hash 2ee86f624960870530387cc914a6d3d1
c1d16dedafe8ef04183cca2b37a2070af87323c4
b5205026fc2a90b1fc474ce2efdb5e4b2eee9e9a53c853529a20627dd92c994c
GET /api/spots/303891?p=1&s1=%subid1%&kw= HTTP/1.1
Host: a.naturalhealthsource.club
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Cookie: nauid=3tLIHRTclgAdHpEtWJBv
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 20 Dec 2022 12:49:48 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
cache-control: private
content-encoding: gzip
X-Firefox-Spdy: h2
track.trackingtraffo.com/push/ic?auth=pz6u78&c=km1AEJOSWBb_L8dO681U_hcsZIIA8IqwpIaRZfFxSF0fz19c1vv2iTP3V7CKD74IectZ29-Xb8I-0c95ejjDPuzh8dRBfDqESzsvp2Qu3PxAw-O23_lDLiLoumK3HfykY9q6sIDXl6f1mJ4PUXneQlSI2bgD3oI8tmVCRm_OLFoaXIDR6DfejQvQT1HaK-9ffbuZuUNPwL21nctW4D3MNTNfYJOmVf6IFQY12MjeImj1yqQlmt8FIYo_bwuDEtFTVLhyN5VDoG5d0EtHZ9dBfdEcKKSTlkNHQD_pK6gXQgrJYd2-OU6QFAy5dyPIMcYEgNbjUOp9UERLHPk9leLAwxnKz7Tp8gL4SOxx2Y5FKoTDJfxste5dQ9a3xqJzvkim1QjthVSNfC_XobWt2oTHsBldfovn-8wzfyOPaiwrLOn6lYIMbhxsqfiJlpqRYcdt0ssw4Saxy-QLJktnR9gEkzRpcmuFqZR6iNVAR8cIHZtzj3k5nNWiAfL-zecE5v78hjZm24az8aIkxhzPmMKpwu5ZTXHTD0fYw5fNb1NjnLD1zsAv9bSbAPENDgj7duzMgyi8LOoC5c-iTP_p2nNvIohuOkOhZX496muDg4RqZdoNfPmY
88.214.206.175302 Found 0 B URL HTTP/1.1 track.trackingtraffo.com/push/ic?auth=pz6u78&c=km1AEJOSWBb_L8dO681U_hcsZIIA8IqwpIaRZfFxSF0fz19c1vv2iTP3V7CKD74IectZ29-Xb8I-0c95ejjDPuzh8dRBfDqESzsvp2Qu3PxAw-O23_lDLiLoumK3HfykY9q6sIDXl6f1mJ4PUXneQlSI2bgD3oI8tmVCRm_OLFoaXIDR6DfejQvQT1HaK-9ffbuZuUNPwL21nctW4D3MNTNfYJOmVf6IFQY12MjeImj1yqQlmt8FIYo_bwuDEtFTVLhyN5VDoG5d0EtHZ9dBfdEcKKSTlkNHQD_pK6gXQgrJYd2-OU6QFAy5dyPIMcYEgNbjUOp9UERLHPk9leLAwxnKz7Tp8gL4SOxx2Y5FKoTDJfxste5dQ9a3xqJzvkim1QjthVSNfC_XobWt2oTHsBldfovn-8wzfyOPaiwrLOn6lYIMbhxsqfiJlpqRYcdt0ssw4Saxy-QLJktnR9gEkzRpcmuFqZR6iNVAR8cIHZtzj3k5nNWiAfL-zecE5v78hjZm24az8aIkxhzPmMKpwu5ZTXHTD0fYw5fNb1NjnLD1zsAv9bSbAPENDgj7duzMgyi8LOoC5c-iTP_p2nNvIohuOkOhZX496muDg4RqZdoNfPmY
IP 88.214.206.175:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /push/ic?auth=pz6u78&c=km1AEJOSWBb_L8dO681U_hcsZIIA8IqwpIaRZfFxSF0fz19c1vv2iTP3V7CKD74IectZ29-Xb8I-0c95ejjDPuzh8dRBfDqESzsvp2Qu3PxAw-O23_lDLiLoumK3HfykY9q6sIDXl6f1mJ4PUXneQlSI2bgD3oI8tmVCRm_OLFoaXIDR6DfejQvQT1HaK-9ffbuZuUNPwL21nctW4D3MNTNfYJOmVf6IFQY12MjeImj1yqQlmt8FIYo_bwuDEtFTVLhyN5VDoG5d0EtHZ9dBfdEcKKSTlkNHQD_pK6gXQgrJYd2-OU6QFAy5dyPIMcYEgNbjUOp9UERLHPk9leLAwxnKz7Tp8gL4SOxx2Y5FKoTDJfxste5dQ9a3xqJzvkim1QjthVSNfC_XobWt2oTHsBldfovn-8wzfyOPaiwrLOn6lYIMbhxsqfiJlpqRYcdt0ssw4Saxy-QLJktnR9gEkzRpcmuFqZR6iNVAR8cIHZtzj3k5nNWiAfL-zecE5v78hjZm24az8aIkxhzPmMKpwu5ZTXHTD0fYw5fNb1NjnLD1zsAv9bSbAPENDgj7duzMgyi8LOoC5c-iTP_p2nNvIohuOkOhZX496muDg4RqZdoNfPmY HTTP/1.1
Host: track.trackingtraffo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 302 Found
Server: nginx/1.18.0 (Ubuntu)
Date: Tue, 20 Dec 2022 12:49:49 GMT
Content-Length: 0
Connection: keep-alive
Cache-Control: no-cache, max-age=0, must-revalidate, proxy-revalidate, no-store
Pragma: no-cache
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Location: https://ads.trackingtraffo.com/creatives/k1qy286gxmd5g3dpr397nw5v/1659514995116-National Casino black.png
track.trackingtraffo.com/push/ic?auth=pz6u78&c=XMveNk3mlZZKedims-_4GmCGdw5rPgB1coDfq4asUHxqKZk1PRHvlKfeXX6w7iIQJaUWKbK8TP4xACPjCiurh_4UjyHW1zM4Zf08sIcKAyzpXhUenM5TtUHlBALP00FOyCN9D6NRHv9V6fp6GRlOqnazp8k6gUAAmoBW4OmE9o6K8trv-ohxZsKARJQTFuHo2EtqSpFCSAwDzKUn6bXHyd7vCBVN7YsvPqoTziEFNNKnzHD-kffLcbdEXDYkuKwbeJQy5EResJxeXeB2DHuFKaOX7zPTsicR-JSiX916ZXHrEWRFhc_zxExjV-S_ICM6gBGupVS5t9oMlllQgPgQnN1aZN6LPT9iI4rB2g6QdGy9OVaq9LkfBy7LGTVEPoesxSy0BY3t0YKxK_1F8XyGjEj2ln3wwSB8KjbbcjfVqtTwcYCfFohnz9X3s21EOJCSo0aVo1BTRgxfdwzb2X8bDcw4XvmWSFO3hHzYhIn02ABu5NvwjqLPah__AKHSagaJOOVatkr0zSIf9JseCZIhdoFqpY9HEySnXuhRwjtWY_HFByc0b9J7bPB7M79JVqDG5qFWIcEVhBvSHj2cNHR_gApr4wG9BWRUijfnP41ETpi36OIz
88.214.206.175302 Found 0 B URL HTTP/1.1 track.trackingtraffo.com/push/ic?auth=pz6u78&c=XMveNk3mlZZKedims-_4GmCGdw5rPgB1coDfq4asUHxqKZk1PRHvlKfeXX6w7iIQJaUWKbK8TP4xACPjCiurh_4UjyHW1zM4Zf08sIcKAyzpXhUenM5TtUHlBALP00FOyCN9D6NRHv9V6fp6GRlOqnazp8k6gUAAmoBW4OmE9o6K8trv-ohxZsKARJQTFuHo2EtqSpFCSAwDzKUn6bXHyd7vCBVN7YsvPqoTziEFNNKnzHD-kffLcbdEXDYkuKwbeJQy5EResJxeXeB2DHuFKaOX7zPTsicR-JSiX916ZXHrEWRFhc_zxExjV-S_ICM6gBGupVS5t9oMlllQgPgQnN1aZN6LPT9iI4rB2g6QdGy9OVaq9LkfBy7LGTVEPoesxSy0BY3t0YKxK_1F8XyGjEj2ln3wwSB8KjbbcjfVqtTwcYCfFohnz9X3s21EOJCSo0aVo1BTRgxfdwzb2X8bDcw4XvmWSFO3hHzYhIn02ABu5NvwjqLPah__AKHSagaJOOVatkr0zSIf9JseCZIhdoFqpY9HEySnXuhRwjtWY_HFByc0b9J7bPB7M79JVqDG5qFWIcEVhBvSHj2cNHR_gApr4wG9BWRUijfnP41ETpi36OIz
IP 88.214.206.175:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /push/ic?auth=pz6u78&c=XMveNk3mlZZKedims-_4GmCGdw5rPgB1coDfq4asUHxqKZk1PRHvlKfeXX6w7iIQJaUWKbK8TP4xACPjCiurh_4UjyHW1zM4Zf08sIcKAyzpXhUenM5TtUHlBALP00FOyCN9D6NRHv9V6fp6GRlOqnazp8k6gUAAmoBW4OmE9o6K8trv-ohxZsKARJQTFuHo2EtqSpFCSAwDzKUn6bXHyd7vCBVN7YsvPqoTziEFNNKnzHD-kffLcbdEXDYkuKwbeJQy5EResJxeXeB2DHuFKaOX7zPTsicR-JSiX916ZXHrEWRFhc_zxExjV-S_ICM6gBGupVS5t9oMlllQgPgQnN1aZN6LPT9iI4rB2g6QdGy9OVaq9LkfBy7LGTVEPoesxSy0BY3t0YKxK_1F8XyGjEj2ln3wwSB8KjbbcjfVqtTwcYCfFohnz9X3s21EOJCSo0aVo1BTRgxfdwzb2X8bDcw4XvmWSFO3hHzYhIn02ABu5NvwjqLPah__AKHSagaJOOVatkr0zSIf9JseCZIhdoFqpY9HEySnXuhRwjtWY_HFByc0b9J7bPB7M79JVqDG5qFWIcEVhBvSHj2cNHR_gApr4wG9BWRUijfnP41ETpi36OIz HTTP/1.1
Host: track.trackingtraffo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 302 Found
Server: nginx/1.18.0 (Ubuntu)
Date: Tue, 20 Dec 2022 12:49:49 GMT
Content-Length: 0
Connection: keep-alive
Cache-Control: no-cache, max-age=0, must-revalidate, proxy-revalidate, no-store
Pragma: no-cache
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Location: https://ads.trackingtraffo.com/creatives/k1qy286gxmd5g3dpr397nw5v/1659515047164-National Casino black.png
ocsp.digicert.com/
93.184.220.29200 OK 279 B IP 93.184.220.29:0
Hash 7ac57ecaac030d2dffdc202babb38d0f
e752c7ce17c9e360c1175148eb39f713c0f6244b
9277c88dafe51717225610f102e8b347b37173df8350435a939b47e50a0f7cc9
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 2388
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Tue, 20 Dec 2022 12:49:49 GMT
Last-Modified: Tue, 20 Dec 2022 12:10:01 GMT
Server: ECS (ska/F70D)
X-Cache: HIT
Content-Length: 279
ocsp.digicert.com/
93.184.220.29200 OK 279 B IP 93.184.220.29:0
Hash 7ac57ecaac030d2dffdc202babb38d0f
e752c7ce17c9e360c1175148eb39f713c0f6244b
9277c88dafe51717225610f102e8b347b37173df8350435a939b47e50a0f7cc9
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 2388
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Tue, 20 Dec 2022 12:49:49 GMT
Last-Modified: Tue, 20 Dec 2022 12:10:01 GMT
Server: ECS (ska/F70D)
X-Cache: HIT
Content-Length: 279
ads.trackingtraffo.com/creatives/k1qy286gxmd5g3dpr397nw5v/1659515047164-National%20Casino%20black.png
142.132.194.196200 OK 4.5 kB URL HTTP/1.1 ads.trackingtraffo.com/creatives/k1qy286gxmd5g3dpr397nw5v/1659515047164-National%20Casino%20black.png
IP 142.132.194.196:0
ASN #24940 Hetzner Online GmbH
File type PNG image data, 192 x 192, 8-bit/color RGBA, non-interlaced\012- data
Hash 58be17b22d6e1178a54c92cf862c817e
b821bc2f016751647df49e49863077e927a70322
9cc4f3f40313b08baf54c956685ac7a21ac8a3573908b9763865c6f613ce1b5f
GET /creatives/k1qy286gxmd5g3dpr397nw5v/1659515047164-National%20Casino%20black.png HTTP/1.1
Host: ads.trackingtraffo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.18.0 (Ubuntu)
Date: Tue, 20 Dec 2022 12:49:49 GMT
Content-Type: image/png
Content-Length: 4456
Last-Modified: Wed, 03 Aug 2022 08:24:07 GMT
Connection: keep-alive
ETag: "62ea30a7-1168"
Accept-Ranges: bytes
ads.trackingtraffo.com/creatives/k1qy286gxmd5g3dpr397nw5v/1659514995116-National%20Casino%20black.png
142.132.194.196200 OK 4.5 kB URL HTTP/1.1 ads.trackingtraffo.com/creatives/k1qy286gxmd5g3dpr397nw5v/1659514995116-National%20Casino%20black.png
IP 142.132.194.196:0
ASN #24940 Hetzner Online GmbH
File type PNG image data, 192 x 192, 8-bit/color RGBA, non-interlaced\012- data
Hash 58be17b22d6e1178a54c92cf862c817e
b821bc2f016751647df49e49863077e927a70322
9cc4f3f40313b08baf54c956685ac7a21ac8a3573908b9763865c6f613ce1b5f
GET /creatives/k1qy286gxmd5g3dpr397nw5v/1659514995116-National%20Casino%20black.png HTTP/1.1
Host: ads.trackingtraffo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.18.0 (Ubuntu)
Date: Tue, 20 Dec 2022 12:49:49 GMT
Content-Type: image/png
Content-Length: 4456
Last-Modified: Wed, 03 Aug 2022 08:23:15 GMT
Connection: keep-alive
ETag: "62ea3073-1168"
Accept-Ranges: bytes
syndication.realsrv.com/v1/api.php
95.211.229.248200 OK 1.1 kB URL HTTP/1.1 syndication.realsrv.com/v1/api.php
IP 95.211.229.248:0
ASN #60781 LeaseWeb Netherlands B.V.
File type JSON data\012- , ASCII text, with very long lines (1484), with no line terminators
Hash 91fa717dd5a92155f617ac97b9dffb5e
973cbadbd881efa5cb787304d0367ef92c24a632
6e99b3bc4a630c7440aa50355cc360a5d0711eeaef603c135bfa0be4d8b051b6
POST /v1/api.php HTTP/1.1
Host: syndication.realsrv.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 335
Origin: https://a.naturalhealthsource.club
Connection: keep-alive
Referer: https://a.naturalhealthsource.club/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Tue, 20 Dec 2022 12:49:49 GMT
Content-Type: application/json
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Origin: https://a.naturalhealthsource.club
Access-Control-Allow-Headers: Authorization, Content-Type
Access-Control-Request-Method: POST
Access-Control-Allow-Credentials: true
Set-Cookie: __uvt=a%3A1%3A%7Bi%3A0%3Bs%3A33%3A%2263a1af6d68e9c9.937753682961225317%22%3B%7D; expires=Thu, 19-Dec-2024 12:49:49 GMT; Max-Age=63072000; path=/; domain=realsrv.com; secure; SameSite=None
X-Robots-Tag: noindex, follow
Content-Encoding: gzip
syndication.realsrv.com/v1/api.php
95.211.229.248200 OK 1.0 kB URL HTTP/1.1 syndication.realsrv.com/v1/api.php
IP 95.211.229.248:0
ASN #60781 LeaseWeb Netherlands B.V.
File type JSON data\012- , ASCII text, with very long lines (1394), with no line terminators
Hash baab786cf58c0956b3134dfce86bc4cd
b1fb16349e15c1be00ca6f4d37cf118381cd747b
279cada0b6250639a178cf91d3166390025da12dbb16e24088f47d71144a96d8
POST /v1/api.php HTTP/1.1
Host: syndication.realsrv.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 335
Origin: https://a.naturalhealthsource.club
Connection: keep-alive
Referer: https://a.naturalhealthsource.club/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Tue, 20 Dec 2022 12:49:49 GMT
Content-Type: application/json
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Origin: https://a.naturalhealthsource.club
Access-Control-Allow-Headers: Authorization, Content-Type
Access-Control-Request-Method: POST
Access-Control-Allow-Credentials: true
Set-Cookie: __uvt=a%3A1%3A%7Bi%3A0%3Bs%3A33%3A%2263a1af6d5f4cb1.074972933810733816%22%3B%7D; expires=Thu, 19-Dec-2024 12:49:49 GMT; Max-Age=63072000; path=/; domain=realsrv.com; secure; SameSite=None
X-Robots-Tag: noindex, follow
Content-Encoding: gzip
syndication.realsrv.com/v1/api.php
95.211.229.248200 OK 1.0 kB URL HTTP/1.1 syndication.realsrv.com/v1/api.php
IP 95.211.229.248:0
ASN #60781 LeaseWeb Netherlands B.V.
File type JSON data\012- , ASCII text, with very long lines (1396), with no line terminators
Hash 6114ac878107020e85c97311ded9bc9b
3bc69ef25132416b451b1cc8852b196e94642403
3269cee6657e14b634e57b840a944d40eb05440019b6a5546e0cac93f51b2ba4
POST /v1/api.php HTTP/1.1
Host: syndication.realsrv.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 335
Origin: https://a.naturalhealthsource.club
Connection: keep-alive
Referer: https://a.naturalhealthsource.club/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Tue, 20 Dec 2022 12:49:49 GMT
Content-Type: application/json
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Origin: https://a.naturalhealthsource.club
Access-Control-Allow-Headers: Authorization, Content-Type
Access-Control-Request-Method: POST
Access-Control-Allow-Credentials: true
Set-Cookie: __uvt=a%3A1%3A%7Bi%3A0%3Bs%3A33%3A%2263a1af6d602f32.595951373512480554%22%3B%7D; expires=Thu, 19-Dec-2024 12:49:49 GMT; Max-Age=63072000; path=/; domain=realsrv.com; secure; SameSite=None
X-Robots-Tag: noindex, follow
Content-Encoding: gzip
syndication.realsrv.com/v1/api.php
95.211.229.248200 OK 950 B URL HTTP/1.1 syndication.realsrv.com/v1/api.php
IP 95.211.229.248:0
ASN #60781 LeaseWeb Netherlands B.V.
File type JSON data\012- , ASCII text, with very long lines (1296), with no line terminators
Hash f68594c4e7c151a46cc6a8641dded8a8
6c7ce5e900712c4fcd64f1f926aaed5d4e51af03
fc64edeeb56f848fa172caf39640f55a753b1a01f8d055c1174258c0e0066b00
POST /v1/api.php HTTP/1.1
Host: syndication.realsrv.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 335
Origin: https://a.naturalhealthsource.club
Connection: keep-alive
Referer: https://a.naturalhealthsource.club/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Tue, 20 Dec 2022 12:49:49 GMT
Content-Type: application/json
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Origin: https://a.naturalhealthsource.club
Access-Control-Allow-Headers: Authorization, Content-Type
Access-Control-Request-Method: POST
Access-Control-Allow-Credentials: true
Set-Cookie: __uvt=a%3A1%3A%7Bi%3A0%3Bs%3A33%3A%2263a1af6d628c56.965855083326876670%22%3B%7D; expires=Thu, 19-Dec-2024 12:49:49 GMT; Max-Age=63072000; path=/; domain=realsrv.com; secure; SameSite=None
X-Robots-Tag: noindex, follow
Content-Encoding: gzip
a.realsrv.com/ad-provider.js
185.76.9.21200 OK 23 kB URL HTTP/2 a.realsrv.com/ad-provider.js
IP 185.76.9.21:0
ASN #60068 Datacamp Limited
File type ASCII text, with very long lines (51260)
Hash 5742a98426f8f4d618efcc388d7d13f2
49569e84d1a12abb7cf052b03bb8f4d22c7b9698
adf93abdddcd3c689e37229f895a8511f5f3b0865eeb82e38a36a2c29b02d321
GET /ad-provider.js HTTP/1.1
Host: a.realsrv.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://a.naturalhealthsource.club/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Tue, 20 Dec 2022 12:49:49 GMT
content-type: application/javascript
etag: W/"f26c91d131ffc1bbddb296d644e"
expires: Tue, 13 Dec 2022 13:52:47 GMT
cache-control: max-age=10800
access-control-allow-origin: *
x-cache-op: HIT
x-accel-expires: @1671544548
server: CDN77-Turbo
x-77-nzt: AblMCRQBHV3/uRoAAA
x-77-nzt-ray: af5856302823ed166dafa1631c91ec09
x-cache: HIT
x-age: 6841
x-77-pop: stockholmSE
x-77-cache: HIT
content-encoding: gzip
X-Firefox-Spdy: h2
e1.o.lencr.org/
95.101.11.115200 OK 346 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash db5c7ab8770e7b801e901610e60ec04a
71dc368704d7f1ac07f9b0c4309953eb6d14f6d4
5d42b2c5f83a819c3bc546e04741075c1bd2aaaee22492a583ff4a971a41a8a8
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 346
ETag: "5D42B2C5F83A819C3BC546E04741075C1BD2AAAEE22492A583FF4A971A41A8A8"
Last-Modified: Mon, 19 Dec 2022 06:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6952
Expires: Tue, 20 Dec 2022 14:45:41 GMT
Date: Tue, 20 Dec 2022 12:49:49 GMT
Connection: keep-alive
syndication.realsrv.com/v1/api.php
95.211.229.248200 OK 1.0 kB URL HTTP/1.1 syndication.realsrv.com/v1/api.php
IP 95.211.229.248:0
ASN #60781 LeaseWeb Netherlands B.V.
File type JSON data\012- , ASCII text, with very long lines (1396), with no line terminators
Hash a29541a457f05d851ed5c929f2987186
520f77bf42491d0e1e97cca1863583000d15b6c2
07bc6f1f13059f8854eb3bfa13721f270bc01ffa249a7c53547abc8fff94d54f
POST /v1/api.php HTTP/1.1
Host: syndication.realsrv.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 335
Origin: https://a.naturalhealthsource.club
Connection: keep-alive
Referer: https://a.naturalhealthsource.club/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Tue, 20 Dec 2022 12:49:49 GMT
Content-Type: application/json
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Origin: https://a.naturalhealthsource.club
Access-Control-Allow-Headers: Authorization, Content-Type
Access-Control-Request-Method: POST
Access-Control-Allow-Credentials: true
Set-Cookie: __uvt=a%3A1%3A%7Bi%3A0%3Bs%3A33%3A%2263a1af6d6e7312.430497771156763475%22%3B%7D; expires=Thu, 19-Dec-2024 12:49:49 GMT; Max-Age=63072000; path=/; domain=realsrv.com; secure; SameSite=None
X-Robots-Tag: noindex, follow
Content-Encoding: gzip
syndication.realsrv.com/cimp.php?t=api&data=H4sIAAAAAAAAA3VQS2pDMQy8Si8QM5Ylf7puty2k5ACOY5NFSCEfSGEOX79XKN1UI9AgadAggcjGy0bwhPSsZSaLdwVOxXlTvr1vqZ7nertf6unY6+l2vH7eL627drrvGVRjirQYtUSWBIRITTlGgIZMzVGKKuckZQShgoGYEJvihTnAM4Ovuy13Hy+zUTQZPYUBeIhh8sUIBdTJ8Vj05g+95Z66NwtJqraaO0JLkuoYFpZFVvevdfzAwabz5Rh+sfFrmQGurF6/zo38s7I6WEWeXnUpVB0j6HzB4aDWIKN66WNfi7cio+k3iT0Nbm4BAAA=
95.211.229.248200 OK 20 B URL HTTP/1.1 syndication.realsrv.com/cimp.php?t=api&data=H4sIAAAAAAAAA3VQS2pDMQy8Si8QM5Ylf7puty2k5ACOY5NFSCEfSGEOX79XKN1UI9AgadAggcjGy0bwhPSsZSaLdwVOxXlTvr1vqZ7nertf6unY6+l2vH7eL627drrvGVRjirQYtUSWBIRITTlGgIZMzVGKKuckZQShgoGYEJvihTnAM4Ovuy13Hy+zUTQZPYUBeIhh8sUIBdTJ8Vj05g+95Z66NwtJqraaO0JLkuoYFpZFVvevdfzAwabz5Rh+sfFrmQGurF6/zo38s7I6WEWeXnUpVB0j6HzB4aDWIKN66WNfi7cio+k3iT0Nbm4BAAA=
IP 95.211.229.248:0
ASN #60781 LeaseWeb Netherlands B.V.
Hash a4745abc5e7fdb89cc6df3069f3c6e69
74789f7ddbebd5b7323f6f8174005b4bf8c1f1ed
d1111b245f685176180e6f1631e6dc49badf6672368e9ce260c71355165effdf
GET /cimp.php?t=api&data=H4sIAAAAAAAAA3VQS2pDMQy8Si8QM5Ylf7puty2k5ACOY5NFSCEfSGEOX79XKN1UI9AgadAggcjGy0bwhPSsZSaLdwVOxXlTvr1vqZ7nertf6unY6+l2vH7eL627drrvGVRjirQYtUSWBIRITTlGgIZMzVGKKuckZQShgoGYEJvihTnAM4Ovuy13Hy+zUTQZPYUBeIhh8sUIBdTJ8Vj05g+95Z66NwtJqraaO0JLkuoYFpZFVvevdfzAwabz5Rh+sfFrmQGurF6/zo38s7I6WEWeXnUpVB0j6HzB4aDWIKN66WNfi7cio+k3iT0Nbm4BAAA= HTTP/1.1
Host: syndication.realsrv.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://a.naturalhealthsource.club
Connection: keep-alive
Referer: https://a.naturalhealthsource.club/
Cookie: __uvt=a%3A1%3A%7Bi%3A0%3Bs%3A33%3A%2263a1af6d602f32.595951373512480554%22%3B%7D; __upt=%7B%22v%22%3A1%2C%22id%22%3A%220%22%2C%22pcma%22%3A%22%22%2C%22acma%22%3A%22508.0199%22%7D
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Tue, 20 Dec 2022 12:49:49 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Origin: https://a.naturalhealthsource.club
Access-Control-Allow-Credentials: true
Set-Cookie: __upt=%7B%22v%22%3A1%2C%22id%22%3A%220%22%2C%22pcma%22%3A%22%22%2C%22acma%22%3A%22508.029701%22%7D; expires=Thu, 19 Dec 2024 12:49:49 GMT; path=/; domain=.realsrv.com; Secure; SameSite=none
X-Robots-Tag: noindex, follow
Content-Encoding: gzip
syndication.realsrv.com/cimp.php?t=api&data=H4sIAAAAAAAAA3WOQWpDMQxEr9ILfCPJsmx33WxbSMkBbMcli5BCkg8pzOFr/0Lpph6DHpIGjZDIwrIIPVF81jw+MrtMTsVxULy+7aGMS7mv13I+9XK+n26f67V1185rhVe1aAhmmg05EnmDxmQhJwRK0GSSVTEmMZEXKMGDhiQM8yRHxEiE3WGPw/vLaGSNAQyBJ3pIoMEzCISgg+kx/UfrniNr7lZry7FYtWOMpWj9GOznIor7Nzr9yJGxbMfoVwtvZTzCRuX2dWnAn5WpsJkYrDoLWrOUtXEp2XcrIpFHsjBSFZbW6zcEiuw1bgEAAA==
95.211.229.248200 OK 20 B URL HTTP/1.1 syndication.realsrv.com/cimp.php?t=api&data=H4sIAAAAAAAAA3WOQWpDMQxEr9ILfCPJsmx33WxbSMkBbMcli5BCkg8pzOFr/0Lpph6DHpIGjZDIwrIIPVF81jw+MrtMTsVxULy+7aGMS7mv13I+9XK+n26f67V1185rhVe1aAhmmg05EnmDxmQhJwRK0GSSVTEmMZEXKMGDhiQM8yRHxEiE3WGPw/vLaGSNAQyBJ3pIoMEzCISgg+kx/UfrniNr7lZry7FYtWOMpWj9GOznIor7Nzr9yJGxbMfoVwtvZTzCRuX2dWnAn5WpsJkYrDoLWrOUtXEp2XcrIpFHsjBSFZbW6zcEiuw1bgEAAA==
IP 95.211.229.248:0
ASN #60781 LeaseWeb Netherlands B.V.
Hash a4745abc5e7fdb89cc6df3069f3c6e69
74789f7ddbebd5b7323f6f8174005b4bf8c1f1ed
d1111b245f685176180e6f1631e6dc49badf6672368e9ce260c71355165effdf
GET /cimp.php?t=api&data=H4sIAAAAAAAAA3WOQWpDMQxEr9ILfCPJsmx33WxbSMkBbMcli5BCkg8pzOFr/0Lpph6DHpIGjZDIwrIIPVF81jw+MrtMTsVxULy+7aGMS7mv13I+9XK+n26f67V1185rhVe1aAhmmg05EnmDxmQhJwRK0GSSVTEmMZEXKMGDhiQM8yRHxEiE3WGPw/vLaGSNAQyBJ3pIoMEzCISgg+kx/UfrniNr7lZry7FYtWOMpWj9GOznIor7Nzr9yJGxbMfoVwtvZTzCRuX2dWnAn5WpsJkYrDoLWrOUtXEp2XcrIpFHsjBSFZbW6zcEiuw1bgEAAA== HTTP/1.1
Host: syndication.realsrv.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://a.naturalhealthsource.club
Connection: keep-alive
Referer: https://a.naturalhealthsource.club/
Cookie: __uvt=a%3A1%3A%7Bi%3A0%3Bs%3A33%3A%2263a1af6d602f32.595951373512480554%22%3B%7D; __upt=%7B%22v%22%3A1%2C%22id%22%3A%220%22%2C%22pcma%22%3A%22%22%2C%22acma%22%3A%22508.0199%22%7D
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Tue, 20 Dec 2022 12:49:49 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Origin: https://a.naturalhealthsource.club
Access-Control-Allow-Credentials: true
Set-Cookie: __upt=%7B%22v%22%3A1%2C%22id%22%3A%220%22%2C%22pcma%22%3A%22%22%2C%22acma%22%3A%22508.029701%22%7D; expires=Thu, 19 Dec 2024 12:49:49 GMT; path=/; domain=.realsrv.com; Secure; SameSite=none
X-Robots-Tag: noindex, follow
Content-Encoding: gzip
syndication.realsrv.com/cimp.php?t=api&data=H4sIAAAAAAAAA3VPQWoDMQz8Sj+wZizLst17rykE+gCvY5NDSCHJQgp6fOUthV7qsZhBHg0ygWjxtBBekF652NXiXYFjcj6yHt6Pyl6v9bHd6uXc6+Vxvn9ut9Zdu2yrFkYRjSJsVBIQRDlliSVrhFX04iVrSjmwkD1Cg8JAMTBP5QBv4z6QeYSINUPfPo57efUOFqKkAXhShLXmUpqzsmk8Z5iME1JKsUoIKDWU1NCZ6SRRyghjGrW6f7+BHzhImKH02zAsfic70F3V+9e1qf6xTMR9yNZlnqSjlFVigqDn0daVm+SOTiPwkDraNwF7S2x6AQAA
95.211.229.248200 OK 486 B URL HTTP/1.1 syndication.realsrv.com/cimp.php?t=api&data=H4sIAAAAAAAAA3VPQWoDMQz8Sj+wZizLst17rykE+gCvY5NDSCHJQgp6fOUthV7qsZhBHg0ygWjxtBBekF652NXiXYFjcj6yHt6Pyl6v9bHd6uXc6+Vxvn9ut9Zdu2yrFkYRjSJsVBIQRDlliSVrhFX04iVrSjmwkD1Cg8JAMTBP5QBv4z6QeYSINUPfPo57efUOFqKkAXhShLXmUpqzsmk8Z5iME1JKsUoIKDWU1NCZ6SRRyghjGrW6f7+BHzhImKH02zAsfic70F3V+9e1qf6xTMR9yNZlnqSjlFVigqDn0daVm+SOTiPwkDraNwF7S2x6AQAA
IP 95.211.229.248:0
ASN #60781 LeaseWeb Netherlands B.V.
Hash 6704a4b1b6c6368520d71fbff9f11b48
50d75d0c1c2d0287f1e2efe9662f873ba382f13b
ccc6a9c902d019733643a4fd362ca7c8ab279ca1d00f4109eaee1a0958bad5c4
GET /cimp.php?t=api&data=H4sIAAAAAAAAA3VPQWoDMQz8Sj+wZizLst17rykE+gCvY5NDSCHJQgp6fOUthV7qsZhBHg0ygWjxtBBekF652NXiXYFjcj6yHt6Pyl6v9bHd6uXc6+Vxvn9ut9Zdu2yrFkYRjSJsVBIQRDlliSVrhFX04iVrSjmwkD1Cg8JAMTBP5QBv4z6QeYSINUPfPo57efUOFqKkAXhShLXmUpqzsmk8Z5iME1JKsUoIKDWU1NCZ6SRRyghjGrW6f7+BHzhImKH02zAsfic70F3V+9e1qf6xTMR9yNZlnqSjlFVigqDn0daVm+SOTiPwkDraNwF7S2x6AQAA HTTP/1.1
Host: syndication.realsrv.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://a.naturalhealthsource.club
Connection: keep-alive
Referer: https://a.naturalhealthsource.club/
Cookie: __uvt=a%3A1%3A%7Bi%3A0%3Bs%3A33%3A%2263a1af6d6e7312.430497771156763475%22%3B%7D; __upt=%7B%22v%22%3A1%2C%22id%22%3A%220%22%2C%22pcma%22%3A%22%22%2C%22acma%22%3A%22508.029701%22%7D
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Tue, 20 Dec 2022 12:49:49 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Origin: https://a.naturalhealthsource.club
Access-Control-Allow-Credentials: true
Set-Cookie: __upt=%7B%22v%22%3A1%2C%22id%22%3A%220%22%2C%22pcma%22%3A%22%22%2C%22acma%22%3A%22508.03940399%22%7D; expires=Thu, 19 Dec 2024 12:49:49 GMT; path=/; domain=.realsrv.com; Secure; SameSite=none
X-Robots-Tag: noindex, follow
Content-Encoding: gzip
a.naturalhealthsource.club/api/spots/312875?p=1&s1=%subid1%&kw=
135.181.208.216200 OK 5.3 kB URL HTTP/2 a.naturalhealthsource.club/api/spots/312875?p=1&s1=%subid1%&kw=
IP 135.181.208.216:0
ASN #24940 Hetzner Online GmbH
Hash ab1125a6f722ced768e66a1e857e7692
0ca7ff85f41d3f134ae79859001b732642370fbc
584033a5c83c19548168b0d96363874f993abfce0e8d5093dfd37b07e06e0fd7
GET /api/spots/312875?p=1&s1=%subid1%&kw= HTTP/1.1
Host: a.naturalhealthsource.club
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Cookie: nauid=3tLIHRTclgAdHpEtWJBv
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 20 Dec 2022 12:49:48 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
cache-control: private
content-encoding: gzip
X-Firefox-Spdy: h2
fonts.gstatic.com/s/ubuntu/v20/4iCs6KVjbNBYlgoKfw72.woff2
216.58.207.227200 OK 35 kB URL HTTP/2 fonts.gstatic.com/s/ubuntu/v20/4iCs6KVjbNBYlgoKfw72.woff2
IP 216.58.207.227:0
File type Web Open Font Format (Version 2), TrueType, length 34852, version 1.0\012- data
Hash 0e8eefb4549a2edf26c560cb9845952e
8d0b1718aacad934fd0043c87cbc54aa091396bf
7f653b3ce9d3277457fc6da4edb246ae2f6c913f088c42dcb8cd2e96267aa21a
GET /s/ubuntu/v20/4iCs6KVjbNBYlgoKfw72.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://ads.adxadserv.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 34852
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Fri, 16 Dec 2022 13:33:12 GMT
expires: Sat, 16 Dec 2023 13:33:12 GMT
cache-control: public, max-age=31536000
age: 342997
last-modified: Wed, 27 Apr 2022 16:31:23 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
s3t3d2y8.afcdn.net/library/94096/b15a72fe29458733313f17d030e1ffda076fde47.webp
185.76.9.24200 OK 8.3 kB URL HTTP/2 s3t3d2y8.afcdn.net/library/94096/b15a72fe29458733313f17d030e1ffda076fde47.webp
IP 185.76.9.24:0
ASN #60068 Datacamp Limited
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 300x250, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash 392041047a6213fc852e4cd908f25629
b15a72fe29458733313f17d030e1ffda076fde47
c0265c5cce9bb7704158086c21637991b8b893eb6aea3907ce0f2ed8ddbe60f0
GET /library/94096/b15a72fe29458733313f17d030e1ffda076fde47.webp HTTP/1.1
Host: s3t3d2y8.afcdn.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://a.naturalhealthsource.club/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Tue, 20 Dec 2022 12:49:49 GMT
content-type: image/webp
content-length: 8290
last-modified: Thu, 15 Dec 2022 11:02:01 GMT
etag: "639afea9-2062"
expires: Fri, 15 Dec 2023 11:19:35 GMT
cache-control: max-age=31536000
access-control-allow-origin: *
x-robots-tag: noindex, follow
x-cache-op: HIT
x-accel-expires: @1702642982
server: CDN77-Turbo
x-77-nzt: AblMCRSeudz/x50GAA
x-77-nzt-ray: af5856300d1b951e6dafa163a8bba72d
x-cache: HIT
x-age: 433607
x-77-pop: stockholmSE
x-77-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
s3t3d2y8.afcdn.net/library/317632/d27278d4027cb598ea03d712c1b1b6590b164c5e.mp4
185.76.9.24206 Partial Content 42 kB URL HTTP/2 s3t3d2y8.afcdn.net/library/317632/d27278d4027cb598ea03d712c1b1b6590b164c5e.mp4
IP 185.76.9.24:0
ASN #60068 Datacamp Limited
Hash 7a716c83041a0f81a368d3f8f615cbed
df7b52f6d72f71899f5ffd18fd609efec357336b
e2de892f65f728fdd36053cf947cfdf96bc41bcbdd960d7d0bb78beb967616fd
GET /library/317632/d27278d4027cb598ea03d712c1b1b6590b164c5e.mp4 HTTP/1.1
Host: s3t3d2y8.afcdn.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: video/webm,video/ogg,video/*;q=0.9,application/ogg;q=0.7,audio/*;q=0.6,*/*;q=0.5
Accept-Language: en-US,en;q=0.5
Range: bytes=0-
Connection: keep-alive
Referer: https://a.naturalhealthsource.club/
Sec-Fetch-Dest: video
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 206 Partial Content
date: Tue, 20 Dec 2022 12:49:49 GMT
content-type: video/mp4
content-length: 40959
last-modified: Thu, 28 Apr 2022 14:04:30 GMT
etag: "626a9eee-9fff"
expires: Sat, 25 Nov 2023 08:41:16 GMT
cache-control: max-age=31536000
access-control-allow-origin: *
x-robots-tag: noindex, follow
x-cache-op: HIT
x-accel-expires: @1700901778
server: CDN77-Turbo
x-77-nzt: AblMCRToudH/Wy8hAA
x-77-nzt-ray: af5856300d1b951e6dafa16338e8ab2d
x-cache: HIT
x-age: 2174811
x-77-pop: stockholmSE
x-77-cache: HIT
content-range: bytes 0-40958/40959
X-Firefox-Spdy: h2
s3t3d2y8.afcdn.net/library/344676/d9fc7882248dd45554c7b2784475f00936fb6e08.mp4
185.76.9.24206 Partial Content 35 kB URL HTTP/2 s3t3d2y8.afcdn.net/library/344676/d9fc7882248dd45554c7b2784475f00936fb6e08.mp4
IP 185.76.9.24:0
ASN #60068 Datacamp Limited
File type ISO Media, MP4 Base Media v1 [ISO 14496-12:2003]\012- data
Hash e24894a891e2d57101aaa6c4ef4fbcb3
d9fc7882248dd45554c7b2784475f00936fb6e08
43ff9fd4df1f7a7e2ecf405ea3ccd21311c5d22aca5bed221b1936d3741002fa
GET /library/344676/d9fc7882248dd45554c7b2784475f00936fb6e08.mp4 HTTP/1.1
Host: s3t3d2y8.afcdn.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: video/webm,video/ogg,video/*;q=0.9,application/ogg;q=0.7,audio/*;q=0.6,*/*;q=0.5
Accept-Language: en-US,en;q=0.5
Range: bytes=0-
Connection: keep-alive
Referer: https://a.naturalhealthsource.club/
Sec-Fetch-Dest: video
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 206 Partial Content
date: Tue, 20 Dec 2022 12:49:49 GMT
content-type: video/mp4
content-length: 34846
last-modified: Thu, 20 Jan 2022 15:19:55 GMT
etag: "61e97d9b-881e"
expires: Fri, 30 Jun 2023 12:01:37 GMT
cache-control: max-age=31536000
access-control-allow-origin: *
x-cache-op: HIT
x-accel-expires: @1688195243
server: CDN77-Turbo
x-robots-tag: noindex, follow
x-77-nzt: AblMCRQA/kD/QhLjAA
x-77-nzt-ray: af5856300d1b951e6dafa163941e092e
x-cache: HIT
x-age: 14881346
x-77-pop: stockholmSE
x-77-cache: HIT
content-range: bytes 0-34845/34846
X-Firefox-Spdy: h2
s3t3d2y8.afcdn.net/library/344676/d9fc7882248dd45554c7b2784475f00936fb6e08.mp4
185.76.9.24206 Partial Content 35 kB URL HTTP/2 s3t3d2y8.afcdn.net/library/344676/d9fc7882248dd45554c7b2784475f00936fb6e08.mp4
IP 185.76.9.24:0
ASN #60068 Datacamp Limited
File type ISO Media, MP4 Base Media v1 [ISO 14496-12:2003]\012- data
Hash e24894a891e2d57101aaa6c4ef4fbcb3
d9fc7882248dd45554c7b2784475f00936fb6e08
43ff9fd4df1f7a7e2ecf405ea3ccd21311c5d22aca5bed221b1936d3741002fa
GET /library/344676/d9fc7882248dd45554c7b2784475f00936fb6e08.mp4 HTTP/1.1
Host: s3t3d2y8.afcdn.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: video/webm,video/ogg,video/*;q=0.9,application/ogg;q=0.7,audio/*;q=0.6,*/*;q=0.5
Accept-Language: en-US,en;q=0.5
Range: bytes=0-
Connection: keep-alive
Referer: https://a.naturalhealthsource.club/
Sec-Fetch-Dest: video
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 206 Partial Content
date: Tue, 20 Dec 2022 12:49:49 GMT
content-type: video/mp4
content-length: 34846
last-modified: Thu, 20 Jan 2022 15:19:55 GMT
etag: "61e97d9b-881e"
expires: Fri, 30 Jun 2023 12:01:37 GMT
cache-control: max-age=31536000
access-control-allow-origin: *
x-cache-op: HIT
x-accel-expires: @1688195243
server: CDN77-Turbo
x-robots-tag: noindex, follow
x-77-nzt: AblMCRSyJFT/QhLjAA
x-77-nzt-ray: af5856300d1b951e6dafa1639a92202e
x-cache: HIT
x-age: 14881346
x-77-pop: stockholmSE
x-77-cache: HIT
content-range: bytes 0-34845/34846
X-Firefox-Spdy: h2
s3t3d2y8.afcdn.net/library/344676/d9fc7882248dd45554c7b2784475f00936fb6e08.mp4
185.76.9.24206 Partial Content 35 kB URL HTTP/2 s3t3d2y8.afcdn.net/library/344676/d9fc7882248dd45554c7b2784475f00936fb6e08.mp4
IP 185.76.9.24:0
ASN #60068 Datacamp Limited
File type ISO Media, MP4 Base Media v1 [ISO 14496-12:2003]\012- data
Hash e24894a891e2d57101aaa6c4ef4fbcb3
d9fc7882248dd45554c7b2784475f00936fb6e08
43ff9fd4df1f7a7e2ecf405ea3ccd21311c5d22aca5bed221b1936d3741002fa
GET /library/344676/d9fc7882248dd45554c7b2784475f00936fb6e08.mp4 HTTP/1.1
Host: s3t3d2y8.afcdn.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: video/webm,video/ogg,video/*;q=0.9,application/ogg;q=0.7,audio/*;q=0.6,*/*;q=0.5
Accept-Language: en-US,en;q=0.5
Range: bytes=0-
Connection: keep-alive
Referer: https://a.naturalhealthsource.club/
Sec-Fetch-Dest: video
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 206 Partial Content
date: Tue, 20 Dec 2022 12:49:49 GMT
content-type: video/mp4
content-length: 34846
last-modified: Thu, 20 Jan 2022 15:19:55 GMT
etag: "61e97d9b-881e"
expires: Fri, 30 Jun 2023 12:01:37 GMT
cache-control: max-age=31536000
access-control-allow-origin: *
x-cache-op: HIT
x-accel-expires: @1688195243
server: CDN77-Turbo
x-robots-tag: noindex, follow
x-77-nzt: AblMCRQtrXr/QhLjAA
x-77-nzt-ray: af5856300d1b951e6dafa163cc41c22f
x-cache: HIT
x-age: 14881346
x-77-pop: stockholmSE
x-77-cache: HIT
content-range: bytes 0-34845/34846
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 280 B IP 93.184.220.29:0
Hash 3e13c8b97ac4f904f28d1c62bc7f0d3f
5c641941e14ff461aab9040a63f11634140dcaf7
6efefc52959ba0bee829e3e24afa2f21fd9245020d6429f499d5dde8dce2d0db
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 2828
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Tue, 20 Dec 2022 12:49:49 GMT
Last-Modified: Tue, 20 Dec 2022 12:02:41 GMT
Server: ECS (ska/F70D)
X-Cache: HIT
Content-Length: 280
syndication.realsrv.com/splash.php?idzone=4867730&cookieconsent=true
95.211.229.248200 OK 2.6 kB URL HTTP/1.1 syndication.realsrv.com/splash.php?idzone=4867730&cookieconsent=true
IP 95.211.229.248:0
ASN #60781 LeaseWeb Netherlands B.V.
File type XML 1.0 document text\012- XML document, ASCII text, with very long lines (1554)
Hash 1d69e9db08a521e61c52c4fc192a8697
f5afc0df90af2fc918e2b3e4891d69c160829824
e8610d9bb7ffbf18a357f6d62f37114b72222932925ecfef6c38c173318babfa
GET /splash.php?idzone=4867730&cookieconsent=true HTTP/1.1
Host: syndication.realsrv.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://media.aso1.net
Connection: keep-alive
Referer: https://media.aso1.net/
Cookie: __uvt=a%3A1%3A%7Bi%3A0%3Bs%3A33%3A%2263a1af6d6e7312.430497771156763475%22%3B%7D; __upt=%7B%22v%22%3A1%2C%22id%22%3A%220%22%2C%22pcma%22%3A%22%22%2C%22acma%22%3A%22508.03940399%22%7D
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Tue, 20 Dec 2022 12:49:49 GMT
Content-Type: text/xml;charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: __uvt=a%3A1%3A%7Bi%3A0%3Bs%3A33%3A%2263a1af6d6e7312.430497771156763475%22%3B%7D; expires=Thu, 19 Dec 2024 12:49:49 GMT; path=; domain=.realsrv.com; Secure; SameSite=none
c-tag=%7B%22tag-video%22%3A%22v3%7C%7CNOR%7C4867730%7C59493762%7C0%7C%7C508%7C41%7C3%7C40%7C0%7C0%7C0%7C25344%7C0%7C0%7C0%7C1%7C0%7C0%7C0%7C0%7C1%7C0%7C0%7C1%7C63a1af6d6e7312.430497771156763475%7C%7C0%7Cmedia.aso1.net%7C%7C%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7Cok%22%7D; expires=Wed, 21 Dec 2022 12:49:49 GMT; path=/; domain=.realsrv.com; Secure; SameSite=none
Cache-Control: no-store
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: https://media.aso1.net
Access-Control-Allow-Credentials: true
X-Robots-Tag: noindex, follow
Content-Encoding: gzip
e1.o.lencr.org/
95.101.11.115200 OK 346 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash db5c7ab8770e7b801e901610e60ec04a
71dc368704d7f1ac07f9b0c4309953eb6d14f6d4
5d42b2c5f83a819c3bc546e04741075c1bd2aaaee22492a583ff4a971a41a8a8
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 346
ETag: "5D42B2C5F83A819C3BC546E04741075C1BD2AAAEE22492A583FF4A971A41A8A8"
Last-Modified: Mon, 19 Dec 2022 06:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6952
Expires: Tue, 20 Dec 2022 14:45:41 GMT
Date: Tue, 20 Dec 2022 12:49:49 GMT
Connection: keep-alive
ocsp.digicert.com/
93.184.220.29200 OK 279 B IP 93.184.220.29:0
Hash 33b45982c798d2300a75d6045fcb2876
44c9076bd6298bb7c0b1fc502c665ae210ebbfa9
82a29b3cd5bc45a365995266f7f57f3c3ef336c6eae978c6a850d8974396d380
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6593
Cache-Control: max-age=105539
Content-Type: application/ocsp-response
Date: Tue, 20 Dec 2022 12:49:49 GMT
Etag: "63a08eef-117"
Expires: Wed, 21 Dec 2022 18:08:48 GMT
Last-Modified: Mon, 19 Dec 2022 16:18:55 GMT
Server: ECS (ska/F70D)
X-Cache: HIT
Content-Length: 279
ocsp.digicert.com/
93.184.220.29200 OK 280 B IP 93.184.220.29:0
Hash 3e13c8b97ac4f904f28d1c62bc7f0d3f
5c641941e14ff461aab9040a63f11634140dcaf7
6efefc52959ba0bee829e3e24afa2f21fd9245020d6429f499d5dde8dce2d0db
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 2828
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Tue, 20 Dec 2022 12:49:49 GMT
Last-Modified: Tue, 20 Dec 2022 12:02:41 GMT
Server: ECS (ska/F70D)
X-Cache: HIT
Content-Length: 280
go.xlivrdr.com/smartpop/165aea9bcdd7aabac45f72d02f58fd24b8416bc57cfc540b1b4409ac823564af?userId=1f2ad638bb163e0f21b19d6cbbcd5805b56eb7b1ef21117b6157eaf2a11915c9&memberId=ooc4ASOptrssoldVdTdRZXO6VzqpbXUzOodTK6V0rpXT1UU0uldK6V0zpXSuldK6Z0rpXTOrozmz4r2r3somnjpolpusssmmqrsropsqc6V3..3eceZQzRg3M5zpXSuldK6V0rpXSulcH2A-&sourceId=4867730&p1=4581534&skipOffset=00:00:05
104.18.51.106302 Found 0 B URL HTTP/2 go.xlivrdr.com/smartpop/165aea9bcdd7aabac45f72d02f58fd24b8416bc57cfc540b1b4409ac823564af?userId=1f2ad638bb163e0f21b19d6cbbcd5805b56eb7b1ef21117b6157eaf2a11915c9&memberId=ooc4ASOptrssoldVdTdRZXO6VzqpbXUzOodTK6V0rpXT1UU0uldK6V0zpXSuldK6Z0rpXTOrozmz4r2r3somnjpolpusssmmqrsropsqc6V3..3eceZQzRg3M5zpXSuldK6V0rpXSulcH2A-&sourceId=4867730&p1=4581534&skipOffset=00:00:05
IP 104.18.51.106:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /smartpop/165aea9bcdd7aabac45f72d02f58fd24b8416bc57cfc540b1b4409ac823564af?userId=1f2ad638bb163e0f21b19d6cbbcd5805b56eb7b1ef21117b6157eaf2a11915c9&memberId=ooc4ASOptrssoldVdTdRZXO6VzqpbXUzOodTK6V0rpXT1UU0uldK6V0zpXSuldK6Z0rpXTOrozmz4r2r3somnjpolpusssmmqrsropsqc6V3..3eceZQzRg3M5zpXSuldK6V0rpXSulcH2A-&sourceId=4867730&p1=4581534&skipOffset=00:00:05 HTTP/1.1
Host: go.xlivrdr.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://media.aso1.net
Connection: keep-alive
Referer: https://media.aso1.net/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
date: Tue, 20 Dec 2022 12:49:49 GMT
content-length: 0
location: https://go.xlivrdr.com/api/models/vast?campaignId=165aea9bcdd7aabac45f72d02f58fd24b8416bc57cfc540b1b4409ac823564af&campaignType=smartpop&creativeId=b1e02e2720203f684f246d97afe36747c347d0383f37e85772df9f975015b451&duration=00%3A00%3A30&endpoint=room&iterationId=257107&masterSmartpopId=2683&memberId=ooc4ASOptrssoldVdTdRZXO6VzqpbXUzOodTK6V0rpXT1UU0uldK6V0zpXSuldK6Z0rpXTOrozmz4r2r3somnjpolpusssmmqrsropsqc6V3..3eceZQzRg3M5zpXSuldK6V0rpXSulcH2A-&p1=4581534&ruleId=157&skipOffset=00%3A00%3A05&smartpopId=3564&sourceId=4867730&tag=-girls%2Findian&userId=1f2ad638bb163e0f21b19d6cbbcd5805b56eb7b1ef21117b6157eaf2a11915c9&variationId=29475&videosList=oil-show11
access-control-allow-origin: https://media.aso1.net
access-control-allow-credentials: true
access-control-allow-headers: Content-Type, Content-Length, Accept-Encoding, x-requested-with
cf-cache-status: DYNAMIC
set-cookie: _var=7868025.29475; Path=/; HttpOnly; SameSite=Strict
__cflb=02DiuDfsBaY2bRYJiCeS4Kkib9dpHBnhb6whM7Ei8aDDe; SameSite=None; Secure; path=/; expires=Wed, 21-Dec-22 11:49:49 GMT; HttpOnly
server: cloudflare
cf-ray: 77c8800efc1db503-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
cams.gratis/banner/300x250.php?site=xfanta
172.64.195.8200 OK 896 B URL HTTP/2 cams.gratis/banner/300x250.php?site=xfanta
IP 172.64.195.8:0
File type HTML document text\012- HTML document, ASCII text, with very long lines (739)
Hash 90843de57834eed61bd208716e67f2ad
0ffc03bf82aa74185271c7eda010bc842229d27b
837faae4596c18472ef606def9040f1d557927dacc00cb574fd068dfcfc945de
GET /banner/300x250.php?site=xfanta HTTP/1.1
Host: cams.gratis
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ads.adxadserv.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Tue, 20 Dec 2022 12:49:49 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding,User-Agent
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=7g9%2FPBSVWmhmZVkLckVHFCW4MZG4e6lFTMFPzZe46SSxtCWB9vf2bMGUeA06BCvwnyd1aVZgnaKhQip6myI3Fybj0as4zGMFzCJlegk6%2F7UVbiIiTyvBYJnOspp0sg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 77c8800eaf3971a2-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
cams.gratis/banner/bg6.jpg
172.64.195.8200 OK 37 kB URL HTTP/2 cams.gratis/banner/bg6.jpg
IP 172.64.195.8:0
File type JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 405x252, components 3\012- data
Hash 7ee983f81d742869a176e874651c7231
3072b7ce2833a2611d679374493a5533bd1bd32e
ab168995f8ac84c48b20c8850d35aa43723211710953253ce75c1811bbb0ecbc
GET /banner/bg6.jpg HTTP/1.1
Host: cams.gratis
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://cams.gratis/banner/300x250.php?site=xfanta
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Tue, 20 Dec 2022 12:49:49 GMT
content-type: image/jpeg
content-length: 37209
last-modified: Tue, 18 Oct 2022 10:44:50 GMT
cache-control: max-age=2592000
expires: Tue, 27 Dec 2022 21:03:31 GMT
cf-cache-status: HIT
age: 1957578
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=u0UcCtzxPy0SBj%2B0u%2BnIetqbB70akxjRqWokywVE1Ehc3nNbiCCBaI7WHkRjmACmtQxtzr86Wyd46ti6YvfjMyu19RZGCJjF7la70rlfz%2BBnDyYtNy1jO51kMFX6Gw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 77c8800f2fa971a2-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
adxadserv.com/ascripts/pxl.js
185.98.53.29200 OK 78 kB URL HTTP/1.1 adxadserv.com/ascripts/pxl.js
IP 185.98.53.29:0
ASN #39572 DataWeb Global Group B.V.
File type Unicode text, UTF-8 text, with very long lines (36114)
Hash 8348b78d100940ba1808a8e9b93f2e94
c2aa612dc3256c9f235dcfc6e330d0ecaf957768
9c983adf86ebc949957bdf55d524dfa278a79bea8d13f2efa9512c6dd37b86f5
GET /ascripts/pxl.js HTTP/1.1
Host: adxadserv.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ads.adxadserv.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
HTTP/1.1 200 OK
Server: nginx/1.20.1
Date: Tue, 20 Dec 2022 12:49:49 GMT
Content-Type: application/javascript
Content-Length: 77806
Connection: keep-alive
Last-Modified: Fri, 25 Sep 2020 09:55:41 GMT
ETag: "5f6dbe9d-12fee"
Expires: Sat, 17 Dec 2022 08:33:23 GMT
Cache-Control: max-age=86400, public
X-77-NZT: AblMCgHIy2T/FjwAAA
X-77-NZT-Ray: 382b0f19a74959cb6dafa1631874d135
X-Cache: HIT
X-Age: 15382
X-77-POP: amsterdamNL
X-77-Cache: HIT
Accept-Ranges: bytes
a.medfoodsafety.com/i?tid=215bff09-9087-4c43-90d3-dc894dfce48f&cf=afgaed0ehi
172.64.205.2200 OK 60 B URL HTTP/2 a.medfoodsafety.com/i?tid=215bff09-9087-4c43-90d3-dc894dfce48f&cf=afgaed0ehi
IP 172.64.205.2:0
File type ASCII text, with no line terminators
Hash cea81d6017b53c6c7bd076407db21a0a
063acf4f87ec5b0c7f9631779c264ee045945c52
1665c0045c0d9a05857431f46362283793d0b844d9e157692079bcbc69ff6154
GET /i?tid=215bff09-9087-4c43-90d3-dc894dfce48f&cf=afgaed0ehi HTTP/1.1
Host: a.medfoodsafety.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://a.medfoodsafety.com/loader?a=4788752&v=2&t=30&s=4776911&p=8575&if=true
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Tue, 20 Dec 2022 12:49:49 GMT
content-type: image/gif
content-length: 60
cache-control: no-cache, no-store, must-revalidate
expires: Sat, 26 Jul 1997 05:00:00 GMT
last-modified: Sun, 17 May 1998 03:00:00 GMT
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=WvZVCfUXErRVFE7Mmd8KE2tuqkdOFjAW9AwLDQvODU%2BYgGQWXIsgJrOZuqq2mnKS%2FDJq4o%2BaDeXIiV2CTKND%2BqejpWrzwY6oV0Ah053EFsGln8elXIxl9Wb8XYpgXIWMEJ5ENFsC"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 77c8800e982c23cb-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
syndication.realsrv.com/v1/api.php
95.211.229.248200 OK 2.5 kB URL HTTP/1.1 syndication.realsrv.com/v1/api.php
IP 95.211.229.248:0
ASN #60781 LeaseWeb Netherlands B.V.
File type JSON data\012- , ASCII text, with very long lines (5478), with no line terminators
Hash 84bc336b20efa65c0e524110343fce55
06d868b8a8e15e3d50f778b4590bf4e25fd514ff
572e6b161885195a51562819ec2755545a456e1768fbe848bd085af6b2bd636e
POST /v1/api.php HTTP/1.1
Host: syndication.realsrv.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 284
Origin: https://media.aso1.net
Connection: keep-alive
Referer: https://media.aso1.net/
Cookie: __uvt=a%3A1%3A%7Bi%3A0%3Bs%3A33%3A%2263a1af6d6e7312.430497771156763475%22%3B%7D; __upt=%7B%22v%22%3A1%2C%22id%22%3A%220%22%2C%22pcma%22%3A%22%22%2C%22acma%22%3A%22508.03940399%22%7D
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Tue, 20 Dec 2022 12:49:49 GMT
Content-Type: application/json
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Origin: https://media.aso1.net
Access-Control-Allow-Headers: Authorization, Content-Type
Access-Control-Request-Method: POST
Access-Control-Allow-Credentials: true
X-Robots-Tag: noindex, follow
Content-Encoding: gzip
static.adxadserv.com/css/wm.css
185.76.9.23200 OK 928 B URL HTTP/2 static.adxadserv.com/css/wm.css
IP 185.76.9.23:0
ASN #60068 Datacamp Limited
Hash 2e64c75640f8ec80becc70b5e083c04a
89f5729b841743be4ed3c8d3bf5dbc0e92a46e52
06bf160be7887880a1ff33cc6e997ced48209ac108f8398e7031e847fa2bd8b4
GET /css/wm.css HTTP/1.1
Host: static.adxadserv.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ads.adxadserv.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
HTTP/2 200 OK
date: Tue, 20 Dec 2022 12:49:49 GMT
content-type: text/css
last-modified: Mon, 03 Aug 2020 09:41:06 GMT
etag: W/"5f27dbb2-711"
x-accel-expires: @1671966480
server: CDN77-Turbo
x-77-nzt: AblMCRSkl/v/XVIJAA
x-77-nzt-ray: af5856301b1bba1b6dafa16334e6981e
x-cache: HIT
x-age: 610909
x-77-pop: stockholmSE
x-77-cache: HIT
content-encoding: gzip
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 3d46e7caaee1457eba0350f3a14695a6
fc5fea6c882466399109da36cf8bf327c2fa5549
0062b4f7584fed22f56424415b8a8b4f40d474b54b1d3c2b48680304207e9f04
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "0062B4F7584FED22F56424415B8A8B4F40D474B54B1D3C2B48680304207E9F04"
Last-Modified: Tue, 20 Dec 2022 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10245
Expires: Tue, 20 Dec 2022 15:40:35 GMT
Date: Tue, 20 Dec 2022 12:49:50 GMT
Connection: keep-alive
go.xlirdr.com/i?campaignId=banner2609start&creativeId=300x250&modelsCountry=&modelsLanguage=&sourceId=xfanta&tag=females&targetDomain=&buttonColor=&hideModelNameOnSmallSpots=0&hideTitleOnSmallSpots=1&liveBadgeColor=%2324d7d7&showButton=1&showModelName=1&showTitle=0&showLiveBadge=1&isXhDesign=0&actionButtonPlacement=bottom&thumbSizeKey=small&hideButtonOnSmallSpots=1&userId=b47aedc2c088e2f21e0cc23e0318384c557941461efdbc48212e7282df45f2f4&landing=WidgetV4Universal
104.18.51.106302 Found 1.2 kB URL HTTP/2 go.xlirdr.com/i?campaignId=banner2609start&creativeId=300x250&modelsCountry=&modelsLanguage=&sourceId=xfanta&tag=females&targetDomain=&buttonColor=&hideModelNameOnSmallSpots=0&hideTitleOnSmallSpots=1&liveBadgeColor=%2324d7d7&showButton=1&showModelName=1&showTitle=0&showLiveBadge=1&isXhDesign=0&actionButtonPlacement=bottom&thumbSizeKey=small&hideButtonOnSmallSpots=1&userId=b47aedc2c088e2f21e0cc23e0318384c557941461efdbc48212e7282df45f2f4&landing=WidgetV4Universal
IP 104.18.51.106:0
Hash 06859d2e48bdb8e5b84fb7251a6382ee
452ec96574cb9d943a977e17e1d41849943b0f97
77cf1148160e2d433ed7c872df6b6b1946f634f3ac59be8c9ec4efe3869c5a6c
GET /i?campaignId=banner2609start&creativeId=300x250&modelsCountry=&modelsLanguage=&sourceId=xfanta&tag=females&targetDomain=&buttonColor=&hideModelNameOnSmallSpots=0&hideTitleOnSmallSpots=1&liveBadgeColor=%2324d7d7&showButton=1&showModelName=1&showTitle=0&showLiveBadge=1&isXhDesign=0&actionButtonPlacement=bottom&thumbSizeKey=small&hideButtonOnSmallSpots=1&userId=b47aedc2c088e2f21e0cc23e0318384c557941461efdbc48212e7282df45f2f4&landing=WidgetV4Universal HTTP/1.1
Host: go.xlirdr.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://cams.gratis/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
date: Tue, 20 Dec 2022 12:49:50 GMT
content-length: 0
location: https://creative.xlirdr.com/widgets/v4/Universal/?actionButtonPlacement=bottom&buttonColor=&campaignId=banner2609start&creativeId=300x250&domain=stripchat&hideButtonOnSmallSpots=1&hideModelNameOnSmallSpots=0&hideTitleOnSmallSpots=1&isXhDesign=0&liveBadgeColor=%2324d7d7&modelsCountry=&modelsLanguage=&showButton=1&showLiveBadge=1&showModelName=1&showTitle=0&sound=off&sourceId=xfanta&tag=females&targetDomain=&thumbSizeKey=small&trackOff=1&userId=b47aedc2c088e2f21e0cc23e0318384c557941461efdbc48212e7282df45f2f4
access-control-allow-origin: *
cf-cache-status: DYNAMIC
set-cookie: __cflb=02DiuDfsBaY2bRYJiCfFHYpfgnRfzoh6LMhNTM2GiuzfN; SameSite=None; Secure; path=/; expires=Wed, 21-Dec-22 11:49:50 GMT; HttpOnly
server: cloudflare
cf-ray: 77c8800f5e0a0b55-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
a.medfoodsafety.com/loader?a=4788752&v=2&t=30&s=4776911&p=8575&if=true
172.64.205.2200 OK 23 kB URL HTTP/2 a.medfoodsafety.com/loader?a=4788752&v=2&t=30&s=4776911&p=8575&if=true
IP 172.64.205.2:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash 8c1575b6dd2c73ef06a60cef5275c1fc
8eea302f235fe84ac72b8709e909561aa7701d20
1089318ecfaae9916bf5bfa6910f0e243ad20f393c2d942cb5f2123f4d3c2790
GET /loader?a=4788752&v=2&t=30&s=4776911&p=8575&if=true HTTP/1.1
Host: a.medfoodsafety.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://a.naturalhealthsource.club/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Tue, 20 Dec 2022 12:49:49 GMT
content-type: text/html
cache-control: no-cache, no-store, must-revalidate
expires: Sat, 26 Jul 1997 05:00:00 GMT
last-modified: Sun, 17 May 1998 03:00:00 GMT
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2BL9IPdktorlWRKM7mFUlEAe1h0XY8R%2BgdtSkNCOIWjbFTPUh37r6gzyI%2FeDUOk9SVNl3z7BTVLNbu%2Fvvse9K7dVPY7MicFAwdkMmO2oG%2BbSv4TsieP6L1YoMtKEIEPQNIzUMKDaC"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 77c8800cfdc923cb-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
syndication.realsrv.com/cimp.php?t=api&data=H4sIAAAAAAAAAz1PQU4EMQz7Ch+YKknTpOXMGSQQD+jMtmKE2D3sIoHkx9POStRN64OT2EIiC8si9ED+qGVcFA6FgkrgpHh+eYUy9s/vj3a+1T2c2w3m5qXAnUkYRQsVg2Zzl4xEs8QtZziXPEqghAgakBRVJwtEzEOR8P72dBQPCGG8c+mkOjj9ECxWrt1O1jyyBI2kxcd2TsNJ1DHD196rGmtbM2faKruJWTfS5q3nOQhf7bTXUK8XPlIQklgkMJFNT4GlTKEcRu9Y+PjGIRysXn/PG/AvuIdBOroErCMpA+uarLD3njutPW+eesucWnbd1uj+B1tS4DJ4AQAA
95.211.229.248200 OK 20 B URL HTTP/1.1 syndication.realsrv.com/cimp.php?t=api&data=H4sIAAAAAAAAAz1PQU4EMQz7Ch+YKknTpOXMGSQQD+jMtmKE2D3sIoHkx9POStRN64OT2EIiC8si9ED+qGVcFA6FgkrgpHh+eYUy9s/vj3a+1T2c2w3m5qXAnUkYRQsVg2Zzl4xEs8QtZziXPEqghAgakBRVJwtEzEOR8P72dBQPCGG8c+mkOjj9ECxWrt1O1jyyBI2kxcd2TsNJ1DHD196rGmtbM2faKruJWTfS5q3nOQhf7bTXUK8XPlIQklgkMJFNT4GlTKEcRu9Y+PjGIRysXn/PG/AvuIdBOroErCMpA+uarLD3njutPW+eesucWnbd1uj+B1tS4DJ4AQAA
IP 95.211.229.248:0
ASN #60781 LeaseWeb Netherlands B.V.
Hash a4745abc5e7fdb89cc6df3069f3c6e69
74789f7ddbebd5b7323f6f8174005b4bf8c1f1ed
d1111b245f685176180e6f1631e6dc49badf6672368e9ce260c71355165effdf
GET /cimp.php?t=api&data=H4sIAAAAAAAAAz1PQU4EMQz7Ch+YKknTpOXMGSQQD+jMtmKE2D3sIoHkx9POStRN64OT2EIiC8si9ED+qGVcFA6FgkrgpHh+eYUy9s/vj3a+1T2c2w3m5qXAnUkYRQsVg2Zzl4xEs8QtZziXPEqghAgakBRVJwtEzEOR8P72dBQPCGG8c+mkOjj9ECxWrt1O1jyyBI2kxcd2TsNJ1DHD196rGmtbM2faKruJWTfS5q3nOQhf7bTXUK8XPlIQklgkMJFNT4GlTKEcRu9Y+PjGIRysXn/PG/AvuIdBOroErCMpA+uarLD3njutPW+eesucWnbd1uj+B1tS4DJ4AQAA HTTP/1.1
Host: syndication.realsrv.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://media.aso1.net
Connection: keep-alive
Referer: https://media.aso1.net/
Cookie: __uvt=a%3A1%3A%7Bi%3A0%3Bs%3A33%3A%2263a1af6d6e7312.430497771156763475%22%3B%7D; __upt=%7B%22v%22%3A1%2C%22id%22%3A%220%22%2C%22pcma%22%3A%22%22%2C%22acma%22%3A%22508.03940399%22%7D; c-tag=%7B%22tag-video%22%3A%22v3%7C%7CNOR%7C4867730%7C59493762%7C0%7C%7C508%7C41%7C3%7C40%7C0%7C0%7C0%7C25344%7C0%7C0%7C0%7C1%7C0%7C0%7C0%7C0%7C1%7C0%7C0%7C1%7C63a1af6d6e7312.430497771156763475%7C%7C0%7Cmedia.aso1.net%7C%7C%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7Cok%22%7D
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Tue, 20 Dec 2022 12:49:50 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Origin: https://media.aso1.net
Access-Control-Allow-Credentials: true
Set-Cookie: __upt=%7B%22v%22%3A1%2C%22id%22%3A%2263a1af6d6e7312.430497771156763475%22%2C%22pcma%22%3A%22%22%2C%22acma%22%3A%22508.0490099501%22%7D; expires=Thu, 19 Dec 2024 12:49:50 GMT; path=/; domain=.realsrv.com; Secure; SameSite=none
X-Robots-Tag: noindex, follow
Content-Encoding: gzip
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 80d2b07730ce3f394a81c27844edad3b
ba65c513c80e06ca53ec140e95819bd1b313ad9e
5100926ec6c1319803815458dcb5e5c6aebf5c9ab86c2d72f6a58955f94a0d9d
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "5100926EC6C1319803815458DCB5E5C6AEBF5C9AB86C2D72F6A58955F94A0D9D"
Last-Modified: Tue, 20 Dec 2022 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6812
Expires: Tue, 20 Dec 2022 14:43:22 GMT
Date: Tue, 20 Dec 2022 12:49:50 GMT
Connection: keep-alive
ocsp.sectigo.com/
104.18.32.68200 OK 472 B IP 104.18.32.68:0
Hash 25b7e83103502e009c80045dc2e62928
e0e8e7c1083c12a4b45fec60a4ab2f2c099eb299
12c8526ca74aa36552414194fc590a51a21a0e6fbfc25a908e9f08188687d795
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Tue, 20 Dec 2022 12:49:50 GMT
Content-Type: application/ocsp-response
Content-Length: 472
Connection: keep-alive
Last-Modified: Tue, 20 Dec 2022 08:27:04 GMT
Expires: Tue, 27 Dec 2022 08:27:03 GMT
Etag: "e0e8e7c1083c12a4b45fec60a4ab2f2c099eb299"
Cache-Control: max-age=588432,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb2
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 77c8800eacf4fabc-OSL
poweredby.jads.co/js/jads.js
185.94.236.244301 Moved Permanently 178 B URL HTTP/1.1 poweredby.jads.co/js/jads.js
IP 185.94.236.244:0
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash cd2e0e43980a00fb6a2742d3afd803b8
81ffbd1712afe8cdf138b570c0fc9934742c33c1
bd9df047d51943acc4bc6cf55d88edb5b6785a53337ee2a0f74dd521aedde87d
GET /js/jads.js HTTP/1.1
Host: poweredby.jads.co
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://media.aso1.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Tue, 20 Dec 2022 12:49:50 GMT
Content-Type: text/html
Content-Length: 178
Connection: keep-alive
Location: jads2.js
adxadserv.com/px/event/v1?e_t=pageview&url=https%253A%252F%252Fads.adxadserv.com%252Fad%253Fspotid%253D636bc5d561d6e27071201a23%2526type%253D300x250%2526output%253Dhtml&ref=https%253A%252F%252Fxfantazy.com%252F&d_r=1&d_s=1280x1024&d_w=300x250&t_s=1671540589394&t_i=1671540589807&u_tz=0&u_l=en-US&u_l2=&u_l3=&pv_uid=f5766b3a-9d91-42c3-9bc6-c8a27c653b5d&nav_rc=0&nav_nt=NAVIGATE&p_nn=adxad-rtb&p_pt=IFRAME&imid=c9e0f75d-8064-11ed-9e0d-52ca5d2668e1&spid=636bc5d561d6e27071201a23&fpid_sa=1671540589807&fpid=&feid_sa=1671540589807&sid_sa=1671540589807&feid=7da8a265ac744c880a27c907bacbdbaa&sid=d76575b0aa49066b3b66083033b9defa&u_adb=0&vn=T-0.1.1&utm_typ=referral&utm_src=xfantazy.com&s_rst=1&e_d=%7B%22isResetRequired%22%3Atrue%7D&t_op=0.392
185.98.53.29200 OK 0 B URL HTTP/1.1 adxadserv.com/px/event/v1?e_t=pageview&url=https%253A%252F%252Fads.adxadserv.com%252Fad%253Fspotid%253D636bc5d561d6e27071201a23%2526type%253D300x250%2526output%253Dhtml&ref=https%253A%252F%252Fxfantazy.com%252F&d_r=1&d_s=1280x1024&d_w=300x250&t_s=1671540589394&t_i=1671540589807&u_tz=0&u_l=en-US&u_l2=&u_l3=&pv_uid=f5766b3a-9d91-42c3-9bc6-c8a27c653b5d&nav_rc=0&nav_nt=NAVIGATE&p_nn=adxad-rtb&p_pt=IFRAME&imid=c9e0f75d-8064-11ed-9e0d-52ca5d2668e1&spid=636bc5d561d6e27071201a23&fpid_sa=1671540589807&fpid=&feid_sa=1671540589807&sid_sa=1671540589807&feid=7da8a265ac744c880a27c907bacbdbaa&sid=d76575b0aa49066b3b66083033b9defa&u_adb=0&vn=T-0.1.1&utm_typ=referral&utm_src=xfantazy.com&s_rst=1&e_d=%7B%22isResetRequired%22%3Atrue%7D&t_op=0.392
IP 185.98.53.29:0
ASN #39572 DataWeb Global Group B.V.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /px/event/v1?e_t=pageview&url=https%253A%252F%252Fads.adxadserv.com%252Fad%253Fspotid%253D636bc5d561d6e27071201a23%2526type%253D300x250%2526output%253Dhtml&ref=https%253A%252F%252Fxfantazy.com%252F&d_r=1&d_s=1280x1024&d_w=300x250&t_s=1671540589394&t_i=1671540589807&u_tz=0&u_l=en-US&u_l2=&u_l3=&pv_uid=f5766b3a-9d91-42c3-9bc6-c8a27c653b5d&nav_rc=0&nav_nt=NAVIGATE&p_nn=adxad-rtb&p_pt=IFRAME&imid=c9e0f75d-8064-11ed-9e0d-52ca5d2668e1&spid=636bc5d561d6e27071201a23&fpid_sa=1671540589807&fpid=&feid_sa=1671540589807&sid_sa=1671540589807&feid=7da8a265ac744c880a27c907bacbdbaa&sid=d76575b0aa49066b3b66083033b9defa&u_adb=0&vn=T-0.1.1&utm_typ=referral&utm_src=xfantazy.com&s_rst=1&e_d=%7B%22isResetRequired%22%3Atrue%7D&t_op=0.392 HTTP/1.1
Host: adxadserv.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ads.adxadserv.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
HTTP/1.1 200 OK
Server: nginx/1.20.1
Date: Tue, 20 Dec 2022 12:49:50 GMT
Content-Length: 0
Connection: keep-alive
poweredby.jads.co/js/jads2.js
185.94.236.244200 OK 1.7 kB URL HTTP/1.1 poweredby.jads.co/js/jads2.js
IP 185.94.236.244:0
Hash 1ba3c8854e45317be31203b355c08da9
585311bce6b6d413c1598263ec36483c63d544de
8531cfad2f6675764026f39aed17648218f35c5e8c6af58122e73a5ef1c866ff
GET /js/jads2.js HTTP/1.1
Host: poweredby.jads.co
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://media.aso1.net/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Tue, 20 Dec 2022 12:49:50 GMT
Content-Type: application/x-javascript
Last-Modified: Mon, 21 Nov 2022 05:24:20 GMT
Transfer-Encoding: chunked
Connection: close
ETag: W/"637b0b84-eae"
Content-Encoding: gzip
unseenreport.com/pxf.gif?uuid=65782ba5-1458-4762-b993-c2593eacb39c&eb=afa55bd8bbaeee6cbf2f0b21fb513961&te=9e4947f35751465411fd1a4f5c358c78&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&dev=e&res=14.1055&b_frame=0&pk=21fe3950f412e026c33f1b6cee613eba&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=12
192.243.61.227200 OK 1 B URL HTTP/1.1 unseenreport.com/pxf.gif?uuid=65782ba5-1458-4762-b993-c2593eacb39c&eb=afa55bd8bbaeee6cbf2f0b21fb513961&te=9e4947f35751465411fd1a4f5c358c78&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&dev=e&res=14.1055&b_frame=0&pk=21fe3950f412e026c33f1b6cee613eba&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=12
IP 192.243.61.227:0
ASN #39572 DataWeb Global Group B.V.
File type very short file (no magic)
Hash 93b885adfe0da089cdf634904fd59f71
5ba93c9db0cff93f52b521d7420e43f6eda2784f
6e340b9cffb37a989ca544e6bb780a2c78901d3fb33738768511a30617afa01d
Analyzer Verdict Alert quad9 Sinkholed
GET /pxf.gif?uuid=65782ba5-1458-4762-b993-c2593eacb39c&eb=afa55bd8bbaeee6cbf2f0b21fb513961&te=9e4947f35751465411fd1a4f5c358c78&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&dev=e&res=14.1055&b_frame=0&pk=21fe3950f412e026c33f1b6cee613eba&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=12 HTTP/1.1
Host: unseenreport.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Tue, 20 Dec 2022 12:49:50 GMT
Content-Type: image/gif
Content-Length: 1
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: d98c8ee73b7b0273f0bf4b427575f667
Strict-Transport-Security: max-age=0; includeSubdomains
unseenreport.com/pxf.gif?uuid=65782ba5-1458-4762-b993-c2593eacb39c&eb=afa55bd8bbaeee6cbf2f0b21fb513961&te=9e4947f35751465411fd1a4f5c358c78&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&dev=e&res=14.1055&b_frame=0&pk=4d0afc2425eea6b0cd5a468c9f8a69ed&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=12
192.243.61.227200 OK 1 B URL HTTP/1.1 unseenreport.com/pxf.gif?uuid=65782ba5-1458-4762-b993-c2593eacb39c&eb=afa55bd8bbaeee6cbf2f0b21fb513961&te=9e4947f35751465411fd1a4f5c358c78&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&dev=e&res=14.1055&b_frame=0&pk=4d0afc2425eea6b0cd5a468c9f8a69ed&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=12
IP 192.243.61.227:0
ASN #39572 DataWeb Global Group B.V.
File type very short file (no magic)
Hash 93b885adfe0da089cdf634904fd59f71
5ba93c9db0cff93f52b521d7420e43f6eda2784f
6e340b9cffb37a989ca544e6bb780a2c78901d3fb33738768511a30617afa01d
Analyzer Verdict Alert quad9 Sinkholed
GET /pxf.gif?uuid=65782ba5-1458-4762-b993-c2593eacb39c&eb=afa55bd8bbaeee6cbf2f0b21fb513961&te=9e4947f35751465411fd1a4f5c358c78&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&dev=e&res=14.1055&b_frame=0&pk=4d0afc2425eea6b0cd5a468c9f8a69ed&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=12 HTTP/1.1
Host: unseenreport.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Tue, 20 Dec 2022 12:49:50 GMT
Content-Type: image/gif
Content-Length: 1
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: dc82f967765ceda7136a150dd230140e
Strict-Transport-Security: max-age=0; includeSubdomains
unseenreport.com/pxf.gif?uuid=65782ba5-1458-4762-b993-c2593eacb39c&eb=afa55bd8bbaeee6cbf2f0b21fb513961&te=9e4947f35751465411fd1a4f5c358c78&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&dev=e&res=14.1055&b_frame=0&pk=a2f990f10476061c719d1c1aa3a2ecd2&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=12
192.243.61.227200 OK 1 B URL HTTP/1.1 unseenreport.com/pxf.gif?uuid=65782ba5-1458-4762-b993-c2593eacb39c&eb=afa55bd8bbaeee6cbf2f0b21fb513961&te=9e4947f35751465411fd1a4f5c358c78&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&dev=e&res=14.1055&b_frame=0&pk=a2f990f10476061c719d1c1aa3a2ecd2&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=12
IP 192.243.61.227:0
ASN #39572 DataWeb Global Group B.V.
File type very short file (no magic)
Hash 93b885adfe0da089cdf634904fd59f71
5ba93c9db0cff93f52b521d7420e43f6eda2784f
6e340b9cffb37a989ca544e6bb780a2c78901d3fb33738768511a30617afa01d
Analyzer Verdict Alert quad9 Sinkholed
GET /pxf.gif?uuid=65782ba5-1458-4762-b993-c2593eacb39c&eb=afa55bd8bbaeee6cbf2f0b21fb513961&te=9e4947f35751465411fd1a4f5c358c78&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&dev=e&res=14.1055&b_frame=0&pk=a2f990f10476061c719d1c1aa3a2ecd2&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=12 HTTP/1.1
Host: unseenreport.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Tue, 20 Dec 2022 12:49:50 GMT
Content-Type: image/gif
Content-Length: 1
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 7721fca25582e3e62a4aca8ba14689e8
Strict-Transport-Security: max-age=0; includeSubdomains
unseenreport.com/pxf.gif?uuid=65782ba5-1458-4762-b993-c2593eacb39c&eb=afa55bd8bbaeee6cbf2f0b21fb513961&te=9e4947f35751465411fd1a4f5c358c78&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&dev=e&res=14.1055&b_frame=0&pk=01f75a95a38a8db0a8e82d995253a076&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=12
192.243.61.227200 OK 1 B URL HTTP/1.1 unseenreport.com/pxf.gif?uuid=65782ba5-1458-4762-b993-c2593eacb39c&eb=afa55bd8bbaeee6cbf2f0b21fb513961&te=9e4947f35751465411fd1a4f5c358c78&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&dev=e&res=14.1055&b_frame=0&pk=01f75a95a38a8db0a8e82d995253a076&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=12
IP 192.243.61.227:0
ASN #39572 DataWeb Global Group B.V.
File type very short file (no magic)
Hash 93b885adfe0da089cdf634904fd59f71
5ba93c9db0cff93f52b521d7420e43f6eda2784f
6e340b9cffb37a989ca544e6bb780a2c78901d3fb33738768511a30617afa01d
Analyzer Verdict Alert quad9 Sinkholed
GET /pxf.gif?uuid=65782ba5-1458-4762-b993-c2593eacb39c&eb=afa55bd8bbaeee6cbf2f0b21fb513961&te=9e4947f35751465411fd1a4f5c358c78&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&dev=e&res=14.1055&b_frame=0&pk=01f75a95a38a8db0a8e82d995253a076&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=12 HTTP/1.1
Host: unseenreport.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Tue, 20 Dec 2022 12:49:50 GMT
Content-Type: image/gif
Content-Length: 1
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 52f9379f24bb484d407a6858fc2bcea4
Strict-Transport-Security: max-age=0; includeSubdomains
go.xlivrdr.com/api/models/vast?campaignId=165aea9bcdd7aabac45f72d02f58fd24b8416bc57cfc540b1b4409ac823564af&campaignType=smartpop&creativeId=b1e02e2720203f684f246d97afe36747c347d0383f37e85772df9f975015b451&duration=00%3A00%3A30&endpoint=room&iterationId=257107&masterSmartpopId=2683&memberId=ooc4ASOptrssoldVdTdRZXO6VzqpbXUzOodTK6V0rpXT1UU0uldK6V0zpXSuldK6Z0rpXTOrozmz4r2r3somnjpolpusssmmqrsropsqc6V3..3eceZQzRg3M5zpXSuldK6V0rpXSulcH2A-&p1=4581534&ruleId=157&skipOffset=00%3A00%3A05&smartpopId=3564&sourceId=4867730&tag=-girls%2Findian&userId=1f2ad638bb163e0f21b19d6cbbcd5805b56eb7b1ef21117b6157eaf2a11915c9&variationId=29475&videosList=oil-show11
104.18.51.106200 OK 80 kB URL HTTP/2 go.xlivrdr.com/api/models/vast?campaignId=165aea9bcdd7aabac45f72d02f58fd24b8416bc57cfc540b1b4409ac823564af&campaignType=smartpop&creativeId=b1e02e2720203f684f246d97afe36747c347d0383f37e85772df9f975015b451&duration=00%3A00%3A30&endpoint=room&iterationId=257107&masterSmartpopId=2683&memberId=ooc4ASOptrssoldVdTdRZXO6VzqpbXUzOodTK6V0rpXT1UU0uldK6V0zpXSuldK6Z0rpXTOrozmz4r2r3somnjpolpusssmmqrsropsqc6V3..3eceZQzRg3M5zpXSuldK6V0rpXSulcH2A-&p1=4581534&ruleId=157&skipOffset=00%3A00%3A05&smartpopId=3564&sourceId=4867730&tag=-girls%2Findian&userId=1f2ad638bb163e0f21b19d6cbbcd5805b56eb7b1ef21117b6157eaf2a11915c9&variationId=29475&videosList=oil-show11
IP 104.18.51.106:0
File type XML 1.0 document text\012- XML document, ASCII text, with very long lines (2142), with no line terminators
Hash 46f835add1bce7bab08fbdda3844cdc6
f9685bed4871162ea6b6aa7d1547caa408a16e00
63e8f2f9faad9c431badc312241fead1b88763d0db825f6afe1c99a960c8c6ce
GET /api/models/vast?campaignId=165aea9bcdd7aabac45f72d02f58fd24b8416bc57cfc540b1b4409ac823564af&campaignType=smartpop&creativeId=b1e02e2720203f684f246d97afe36747c347d0383f37e85772df9f975015b451&duration=00%3A00%3A30&endpoint=room&iterationId=257107&masterSmartpopId=2683&memberId=ooc4ASOptrssoldVdTdRZXO6VzqpbXUzOodTK6V0rpXT1UU0uldK6V0zpXSuldK6Z0rpXTOrozmz4r2r3somnjpolpusssmmqrsropsqc6V3..3eceZQzRg3M5zpXSuldK6V0rpXSulcH2A-&p1=4581534&ruleId=157&skipOffset=00%3A00%3A05&smartpopId=3564&sourceId=4867730&tag=-girls%2Findian&userId=1f2ad638bb163e0f21b19d6cbbcd5805b56eb7b1ef21117b6157eaf2a11915c9&variationId=29475&videosList=oil-show11 HTTP/1.1
Host: go.xlivrdr.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://media.aso1.net
Referer: https://media.aso1.net/
Connection: keep-alive
Cookie: __cflb=02DiuDfsBaY2bRYJiCeS4Kkib9dpHBnhb6whM7Ei8aDDe
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Tue, 20 Dec 2022 12:49:50 GMT
content-type: text/xml; charset=utf-8
access-control-allow-origin: https://media.aso1.net
access-control-allow-credentials: true
access-control-allow-headers: Content-Type, Content-Length, Accept-Encoding, x-requested-with
cf-cache-status: DYNAMIC
server: cloudflare
cf-ray: 77c8800f4c80b503-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
video.ktkjmp.com/adsbygoogle.js
104.18.51.106200 OK 16 B URL HTTP/2 video.ktkjmp.com/adsbygoogle.js
IP 104.18.51.106:0
Hash 3d7f7a60216d40dea48e495fef6903c9
fecdb5184f55cf012563d78940eb97b10b9cc99b
96d83ac9f20fc0b88404f307f135e212642e02d6ea295c96b28aed0d771a224f
GET /adsbygoogle.js HTTP/1.1
Host: video.ktkjmp.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://creative.xlirdr.com/
Origin: https://creative.xlirdr.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Tue, 20 Dec 2022 12:49:50 GMT
content-type: application/javascript
content-length: 16
x-amz-id-2: lcNIxMaAofF7Fv+CenZmpGJJrSUFrD74EH/RfdAjL9Jhx1+3B0JyXF3qWYdsiZqTewxi/ePstns=
x-amz-request-id: 3YWB4S6N4MZ3W6PX
last-modified: Thu, 10 Mar 2022 13:52:07 GMT
etag: "3d7f7a60216d40dea48e495fef6903c9"
x-amz-meta-s3cmd-attrs: atime:1646920284/ctime:1646920283/gid:20/gname:staff/md5:3d7f7a60216d40dea48e495fef6903c9/mode:33188/mtime:1646920283/uid:501/uname:mikhailchubar
x-amz-version-id: eIgLIBoMMcsEXtxOH6UDjWyfAquRpkIG
access-control-allow-origin: https://creative.xlirdr.com
access-control-allow-credentials: true
access-control-allow-headers: Content-Type, Content-Length, Accept-Encoding, x-requested-with
cf-cache-status: HIT
age: 1772
expires: Tue, 20 Dec 2022 16:49:50 GMT
cache-control: public, max-age=14400
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 77c880119d36b4f9-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
e1.o.lencr.org/
95.101.11.115200 OK 345 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash 35290e0754c3d221236554ac73589eaf
7712afd01802456a7b18088d492d3082c5909445
c744963366e2c6c94bd31be7df92407d45b10b140e5bf742c2fad4e0f3fee505
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "C744963366E2C6C94BD31BE7DF92407D45B10B140E5BF742C2FAD4E0F3FEE505"
Last-Modified: Tue, 20 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=18568
Expires: Tue, 20 Dec 2022 17:59:18 GMT
Date: Tue, 20 Dec 2022 12:49:50 GMT
Connection: keep-alive
k31u6.xyz/images/campaigns/creativity-2308521-16693108308667.png
188.114.96.1200 OK 25 kB URL HTTP/2 k31u6.xyz/images/campaigns/creativity-2308521-16693108308667.png
IP 188.114.96.1:0
File type PNG image data, 192 x 192, 8-bit colormap, non-interlaced\012- data
Hash c168c6b74312da308388c450def122b4
99a9c781305e19ad2134e843d25a4730c5485737
0f3dddc67a27688b19dc772302fd59dfaed3f16312d3ea6e7e0d31d515a56297
GET /images/campaigns/creativity-2308521-16693108308667.png HTTP/1.1
Host: k31u6.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Tue, 20 Dec 2022 12:49:50 GMT
content-type: image/png
content-length: 24894
cdn-pullzone: 283898
cdn-uid: 10270df6-3a78-4ee3-9e7e-62f57a8521e8
cdn-requestcountrycode: NO
cache-control: public, max-age=31919000
etag: "637fa96f-613e"
last-modified: Thu, 24 Nov 2022 17:27:11 GMT
cdn-proxyver: 1.03
cdn-requestpullsuccess: True
cdn-requestpullcode: 200
cdn-cachedat: 11/24/2022 17:34:52
cdn-edgestorageid: 860
cdn-status: 200
cdn-requestid: e149757b8c77ac005f22586586a3c7e3
cdn-cache: HIT
cf-cache-status: HIT
age: 2134519
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=CdZGz%2BKnyUIpSAFGL162cUTSBXgUVD70WDGggup69CVdHJ6KV8XmjMPEQ8NjKRH3%2Bjv9cMpqKS7%2Bv4p2f4qtsGvqP%2FDIEU6XfHUNqkcgXo3WPGNgf4SaGmxiLPk%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 77c88011bad7fab4-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
e1.o.lencr.org/
95.101.11.115200 OK 345 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash 35290e0754c3d221236554ac73589eaf
7712afd01802456a7b18088d492d3082c5909445
c744963366e2c6c94bd31be7df92407d45b10b140e5bf742c2fad4e0f3fee505
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "C744963366E2C6C94BD31BE7DF92407D45B10B140E5BF742C2FAD4E0F3FEE505"
Last-Modified: Tue, 20 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=18568
Expires: Tue, 20 Dec 2022 17:59:18 GMT
Date: Tue, 20 Dec 2022 12:49:50 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 30da3c089af947308936261479ff55d4
d3bd75f15aea7a4a6e26ba30ee19ad717d64ec4b
d7ed3290bf2c4784d2ddb229087ed80d5d83700e1345ae5942374430b0743edf
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "D7ED3290BF2C4784D2DDB229087ED80D5D83700E1345AE5942374430B0743EDF"
Last-Modified: Sat, 17 Dec 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3414
Expires: Tue, 20 Dec 2022 13:46:44 GMT
Date: Tue, 20 Dec 2022 12:49:50 GMT
Connection: keep-alive
roomimg.stream.highwebmedia.com/riw/heyhorny_cb.jpg?1671540570
104.19.242.83200 OK 13 kB URL HTTP/2 roomimg.stream.highwebmedia.com/riw/heyhorny_cb.jpg?1671540570
IP 104.19.242.83:0
Hash 31e0f168aa6547b984a19e956ca49de4
26ae1a43ae5453e7bdd92aaea44e680aa2592c56
0b21be9937ffdf92e4b389fa175c50a49bfd8637ef3e8d29fcf8fa3638a1a3ad
GET /riw/heyhorny_cb.jpg?1671540570 HTTP/1.1
Host: roomimg.stream.highwebmedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://chaturbate.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Tue, 20 Dec 2022 12:49:50 GMT
content-type: image/jpeg
content-length: 12573
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
cache-control: public, max-age=30
cf-bgj: imgq:100,h2pri
cf-polished: origSize=12622
content-security-policy: default-src 'none'; img-src data:; style-src 'unsafe-inline'
referrer-policy: strict-origin-when-cross-origin
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
x-frame-options: DENY
x-xss-protection: 1; mode=block
cf-cache-status: HIT
age: 20
last-modified: Tue, 20 Dec 2022 12:49:30 GMT
expires: Tue, 20 Dec 2022 12:50:20 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Osy2pH9N3NI%2BG5jH4YWfSNUcZYsejZeex080zIP%2FUXZMKMHtOILmvfWGWIQzG2Ds1ToKzUVmznT1%2BRXJWSlxkM0XpMgdj2ayWwnmm1kKGeafeF0ahnx6T%2Bp2TpMpWQDsZ0mNOaqpXzQwGFDxPnlfP7A%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
set-cookie: _cfuvid=mzrtcBLzKK2OV_3wLf3LI0dsO33OCkHQjrH87WH_pS8-1671540590531-0-604800000; path=/; domain=.highwebmedia.com; HttpOnly; Secure; SameSite=None
server: cloudflare
cf-ray: 77c88012ce9e1bfe-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
roomimg.stream.highwebmedia.com/riw/onlysophiaelizabeth.jpg?1671540570
104.19.242.83200 OK 8.6 kB URL HTTP/2 roomimg.stream.highwebmedia.com/riw/onlysophiaelizabeth.jpg?1671540570
IP 104.19.242.83:0
File type JPEG image data, JFIF standard 1.02, aspect ratio, density 959x960, segment length 16, comment: "Lavc58.91.100", baseline, precision 8, 480x270, components 3\012- data
Hash dcf1c58107539c960ab43343a8b90d24
bb5577e0c93527ce2906e7b595e1c0485eeb673e
44f2965c7f8aa6261c10f7e27afbe5c07baec05a7b2032dbd785535ca448e66a
GET /riw/onlysophiaelizabeth.jpg?1671540570 HTTP/1.1
Host: roomimg.stream.highwebmedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://chaturbate.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Tue, 20 Dec 2022 12:49:50 GMT
content-type: image/jpeg
content-length: 8576
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
cache-control: public, max-age=30
cf-bgj: imgq:100,h2pri
cf-polished: status=not_needed
content-security-policy: default-src 'none'; img-src data:; style-src 'unsafe-inline'
referrer-policy: strict-origin-when-cross-origin
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
x-frame-options: DENY
x-xss-protection: 1; mode=block
cf-cache-status: HIT
age: 27
last-modified: Tue, 20 Dec 2022 12:49:23 GMT
expires: Tue, 20 Dec 2022 12:50:20 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=W2akrH8rfpU0TqEr1azTFox%2FfaRSRqLcsr6sTgskxLbn%2FWLekogyi1P1GorFkKGo8VP%2FCuay9xV0qc%2F4fQrLv7v4D9DVI59AlGvgyisGiWhpITivnjm0TuOcWAtjeM3gmwOOW6pd7ekQZkAQDP0VTcM%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
set-cookie: _cfuvid=Rc2QMUqCluC2_WdboDdfISv.YFrwCFt59fLvHi49tj4-1671540590537-0-604800000; path=/; domain=.highwebmedia.com; HttpOnly; Secure; SameSite=None
server: cloudflare
cf-ray: 77c88012cea01bfe-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
roomimg.stream.highwebmedia.com/riw/cinacramby.jpg?1671540570
104.19.242.83200 OK 10 kB URL HTTP/2 roomimg.stream.highwebmedia.com/riw/cinacramby.jpg?1671540570
IP 104.19.242.83:0
File type JPEG image data, JFIF standard 1.02, aspect ratio, density 548x549, segment length 16, comment: "Lavc58.91.100", baseline, precision 8, 480x270, components 3\012- data
Hash de005fa020083714798da09087429c39
52c7746089d354b7eb7c986fcf979f6c087042a0
8ee8a02c5f8cfd256e76c3a383e4929d89ea95852208c3fb46fd7aa14da2f9f7
GET /riw/cinacramby.jpg?1671540570 HTTP/1.1
Host: roomimg.stream.highwebmedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://chaturbate.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Tue, 20 Dec 2022 12:49:50 GMT
content-type: image/jpeg
content-length: 10421
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
cache-control: public, max-age=30
cf-bgj: imgq:100,h2pri
cf-polished: status=not_needed
content-security-policy: default-src 'none'; img-src data:; style-src 'unsafe-inline'
referrer-policy: strict-origin-when-cross-origin
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
x-frame-options: DENY
x-xss-protection: 1; mode=block
cf-cache-status: HIT
age: 24
last-modified: Tue, 20 Dec 2022 12:49:26 GMT
expires: Tue, 20 Dec 2022 12:50:20 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=efLiQP%2BZIc8YANgkpwQHEIhECeB%2FbzyaXNnoU39d8tKFHMkSS%2Bm2uk5YJjiI6fU5yUEmow2bqpXrHjqtgvrMvHeaZLVRLSv%2BqhjIMzKr3FHdMqRx8SWoRs1E0Kttvg4Kgg5acVVihCCh3LcQJ1FS5PM%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
set-cookie: _cfuvid=vBsOvFdbLezUXJ4WVX.GcuPZx7ZcjdFmlUvJf3w7iGg-1671540590540-0-604800000; path=/; domain=.highwebmedia.com; HttpOnly; Secure; SameSite=None
server: cloudflare
cf-ray: 77c88012dea61bfe-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 279 B IP 93.184.220.29:0
Hash f9d2065802d04346e22f051de494cee5
bc070b13b9d0eaa3136745e12ab4e6919c4ab688
6b94c88f735536d288166efdeeb583fed5b20c1c72346aeabb544d4c25c15249
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5291
Cache-Control: max-age=153585
Content-Type: application/ocsp-response
Date: Tue, 20 Dec 2022 12:49:50 GMT
Etag: "63a14fb4-117"
Expires: Thu, 22 Dec 2022 07:29:35 GMT
Last-Modified: Tue, 20 Dec 2022 06:01:24 GMT
Server: ECS (ska/F70D)
X-Cache: HIT
Content-Length: 279
img.strpst.com/thumbs/1671540061/86342592
104.18.63.132200 OK 41 kB URL HTTP/2 img.strpst.com/thumbs/1671540061/86342592
IP 104.18.63.132:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 0x0, segment length 16, progressive, precision 8, 640x360, components 3\012- data
Hash f247bec25e0bf6ff71f3d002f3e2cc24
9ada6481f8b9cd8074982df5abc59a66905da95a
25eaa1ce811dc5b3e0f33af0b2ab8b3481eecd52faecaea9cb201cd1b9f82f61
GET /thumbs/1671540061/86342592 HTTP/1.1
Host: img.strpst.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://creative.xlirdr.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Tue, 20 Dec 2022 12:49:50 GMT
content-type: image/jpeg
content-length: 41242
access-control-allow-credentials: true
access-control-allow-headers: *
access-control-allow-methods: PUT, POST, GET, DELETE, OPTIONS
access-control-allow-origin: *
cf-bgj: imgq:100,h2pri
cf-polished: origSize=43207, status=webp_bigger
etag: "8f647be2b4a99e54c3835d1a9621a594"
last-modified: Tue, 20 Dec 2022 12:40:37 GMT
cf-cache-status: HIT
age: 476
expires: Tue, 20 Dec 2022 13:19:50 GMT
cache-control: public, max-age=1800
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 77c880130cc0b50c-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 279 B IP 93.184.220.29:0
Hash f9d2065802d04346e22f051de494cee5
bc070b13b9d0eaa3136745e12ab4e6919c4ab688
6b94c88f735536d288166efdeeb583fed5b20c1c72346aeabb544d4c25c15249
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5291
Cache-Control: max-age=153585
Content-Type: application/ocsp-response
Date: Tue, 20 Dec 2022 12:49:50 GMT
Etag: "63a14fb4-117"
Expires: Thu, 22 Dec 2022 07:29:35 GMT
Last-Modified: Tue, 20 Dec 2022 06:01:24 GMT
Server: ECS (ska/F70D)
X-Cache: HIT
Content-Length: 279
js-agent.newrelic.com/552.2d6a2503-1220.js
151.101.66.137200 OK 21 kB URL HTTP/2 js-agent.newrelic.com/552.2d6a2503-1220.js
IP 151.101.66.137:0
Hash bece0db40525b818bb971ef5131f353c
058ed5d3af3e13124b8421e5b0f0893969fa42b7
11d927bee62d27ddded8cc45f8bde3e521f129e81662347ec44bc1952acf188d
GET /552.2d6a2503-1220.js HTTP/1.1
Host: js-agent.newrelic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://chaturbate.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: Lx7LUNyC193WWpSv5hW/L7UEeNSlDwufm33KpA2sv5a1ht8efI/6s62/R2OVbNZKkoG/gUHXaFI=
x-amz-request-id: VK0V8BCV38T7WVVS
last-modified: Wed, 05 Oct 2022 14:53:43 GMT
etag: "777ac0df4dba632ad1b2955c88dd51ac"
x-amz-version-id: 7EjqUQ3uiXAFqO0VnIOp2ymSTJq3JZwD
content-type: application/javascript
server: AmazonS3
access-control-allow-origin: *
cache-control: public, max-age=7200, stale-if-error=604800
content-encoding: gzip
accept-ranges: bytes
date: Tue, 20 Dec 2022 12:49:50 GMT
via: 1.1 varnish
x-served-by: cache-bma1674-BMA
x-cache: HIT
x-cache-hits: 3142
x-timer: S1671540591.826904,VS0,VE0
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
content-length: 5890
X-Firefox-Spdy: h2
as.sexad.net/as/if?p=reseller&w=1&h=1&v=5106&adType=cats&adWidth=900&adHeight=75&niche=female&fontSize=15&font_color=%23fff&background_color=%23000000&hn=fap247.com&AFNO=1-286
216.127.52.249200 3.0 kB URL HTTP/1.1 as.sexad.net/as/if?p=reseller&w=1&h=1&v=5106&adType=cats&adWidth=900&adHeight=75&niche=female&fontSize=15&font_color=%23fff&background_color=%23000000&hn=fap247.com&AFNO=1-286
IP 216.127.52.249:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash 19eb0ce53d8cb086496fcddec967e9f8
36513e3c04c6e7387ff3e245cc81e266628be65c
c8ada284411aacada8ac8dc2a8871d173468b667a7f9fedf81f37bd783aff4af
GET /as/if?p=reseller&w=1&h=1&v=5106&adType=cats&adWidth=900&adHeight=75&niche=female&fontSize=15&font_color=%23fff&background_color=%23000000&hn=fap247.com&AFNO=1-286 HTTP/1.1
Host: as.sexad.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://camschat.net/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 200
Server: nginx/1.18.0
Date: Tue, 20 Dec 2022 12:49:50 GMT
Content-Type: text/html;charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: no-store
Access-Control-Allow-Origin: *
Set-Cookie: at11671540590937_0_5106_4398=0001000; expires=Thu, 19-Jan-2023 12:49:50 GMT; Max-Age=2592000; path=/as; secure; SameSite=None
iid=9487-1671540590; expires=Fri, 17-Dec-2032 12:49:50 GMT; Max-Age=315360000; path=/; secure; SameSite=None
P3P: policyref="/w3c/p3p.xml", CP="This is not our comprehensive privacy policy (P3P). For complete information, please see http://streamate.com/privacy.html"
Content-Encoding: gzip
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 2918874fa008c79035fedce39486ba93
5f6671420a2f76bd5ec5fa233b21ea28169bda2e
53e0126835bb8e11300a22f55b9da2e89d8d861f32c58b3a1ff67fde2a45af2c
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "53E0126835BB8E11300A22F55B9DA2E89D8D861F32C58B3A1FF67FDE2A45AF2C"
Last-Modified: Sat, 17 Dec 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2518
Expires: Tue, 20 Dec 2022 13:31:48 GMT
Date: Tue, 20 Dec 2022 12:49:50 GMT
Connection: keep-alive
js-agent.newrelic.com/768.2d6a2503-1220.js
151.101.66.137200 OK 2.2 kB URL HTTP/2 js-agent.newrelic.com/768.2d6a2503-1220.js
IP 151.101.66.137:0
File type ASCII text, with very long lines (5523)
Hash 98a96a3306b7723c0b8c4bff074cdd9f
e9070da7daa34fa2d8ac2e4ec00e3c499ea37516
a6079d50fa4c72b521fd865e67be080b5b21c336a71dbf7a1800a12ad42384f7
GET /768.2d6a2503-1220.js HTTP/1.1
Host: js-agent.newrelic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://chaturbate.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
x-amz-id-2: YghQGw//W98CcE+uLEc2bIpyY1zfBy1cvSl3ZbHItGIBbBbjBYrgjjDhKdNnyagoNGaVfLpI2xM=
x-amz-request-id: VK0XNZM280HMN60Q
last-modified: Wed, 05 Oct 2022 14:53:42 GMT
etag: "d6cc8b42eda6fd7734014b03b87b5787"
x-amz-version-id: 0CJw6LdyBdZcjhOiVrtC0pLcOFtA3d5G
content-type: application/javascript
server: AmazonS3
access-control-allow-origin: *
cache-control: public, max-age=7200, stale-if-error=604800
content-encoding: gzip
accept-ranges: bytes
date: Tue, 20 Dec 2022 12:49:50 GMT
via: 1.1 varnish
x-served-by: cache-bma1674-BMA
x-cache: HIT
x-cache-hits: 3123
x-timer: S1671540591.902053,VS0,VE0
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
content-length: 2225
X-Firefox-Spdy: h2
js-agent.newrelic.com/790.2d6a2503-1220.js
151.101.66.137200 OK 6.1 kB URL HTTP/2 js-agent.newrelic.com/790.2d6a2503-1220.js
IP 151.101.66.137:0
File type ASCII text, with very long lines (17591)
Hash b3193d37837e2f200e10db13deff83a9
d8577b8a972583e81cfd8e31436dcd039aa049b2
5ba2e421fa78af3094294f4f8e30ba63225537da3ad68e35fbab63b2d22a0288
GET /790.2d6a2503-1220.js HTTP/1.1
Host: js-agent.newrelic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://chaturbate.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
x-amz-id-2: veWtlyFq4FXZZ3C91QZ1ydEfJVdBNkWk12lPeQHXsOtJd4oL/94W2O+vIrequr5Q4TsFmN49oJA=
x-amz-request-id: VK0VJC72617ZJQFB
last-modified: Wed, 05 Oct 2022 14:53:43 GMT
etag: "af8c077a247e90dff929d7af81c94f57"
x-amz-version-id: TFyNie.wEelbO4xbna5bJ14MRDIkKCak
content-type: application/javascript
server: AmazonS3
access-control-allow-origin: *
cache-control: public, max-age=7200, stale-if-error=604800
content-encoding: gzip
accept-ranges: bytes
date: Tue, 20 Dec 2022 12:49:50 GMT
via: 1.1 varnish
x-served-by: cache-bma1674-BMA
x-cache: HIT
x-cache-hits: 1157
x-timer: S1671540591.919437,VS0,VE0
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
content-length: 6064
X-Firefox-Spdy: h2
js-agent.newrelic.com/290.2d6a2503-1220.js
151.101.66.137200 OK 3.4 kB URL HTTP/2 js-agent.newrelic.com/290.2d6a2503-1220.js
IP 151.101.66.137:0
File type ASCII text, with very long lines (8544)
Hash b9baa2cb6a3b1a3d0fda03cd7db51631
42d37467e05182e3cab2fcb54577dc462adcf50b
31a8b4d47298cae24c66e37256a51474ae88a745fdfec79f99b2d43608e6d822
GET /290.2d6a2503-1220.js HTTP/1.1
Host: js-agent.newrelic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://chaturbate.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
x-amz-id-2: fhmr6WetDM+g2i2QlvVMRpxUR5FtkKdG9L63CCQ3CSWsvtR6j++f9vvc73sttpIYqURa2xyYTRk=
x-amz-request-id: VK0ZFWF8T6343F8V
last-modified: Wed, 05 Oct 2022 14:53:42 GMT
etag: "13898fbb4d7a1f83fc6722c4c12faf40"
x-amz-version-id: C4hj6k9j4I7xXuTBZvcbX78Bf.Ep8KMk
content-type: application/javascript
server: AmazonS3
access-control-allow-origin: *
cache-control: public, max-age=7200, stale-if-error=604800
content-encoding: gzip
accept-ranges: bytes
date: Tue, 20 Dec 2022 12:49:50 GMT
via: 1.1 varnish
x-served-by: cache-bma1674-BMA
x-cache: HIT
x-cache-hits: 3120
x-timer: S1671540591.933449,VS0,VE0
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
content-length: 3424
X-Firefox-Spdy: h2
js-agent.newrelic.com/368.2d6a2503-1220.js
151.101.66.137200 OK 1.4 kB URL HTTP/2 js-agent.newrelic.com/368.2d6a2503-1220.js
IP 151.101.66.137:0
File type ASCII text, with very long lines (3382)
Hash fa50a55750d1d0978fca32be5dbc3988
a7f447621d48b3ecf7fc0192b515d506d3d1ad18
c621038fb07e536af8a1ec6d260853dfe69055dc2fb526700919c53b3b7e5f20
GET /368.2d6a2503-1220.js HTTP/1.1
Host: js-agent.newrelic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://chaturbate.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
x-amz-id-2: kwoAxcBtx2IMbi3IHVdur3TxF/StXF2YgQ/J5F/J0LqxQRcevbbS10v8PBtCq89jFlCdbzEZt0Y=
x-amz-request-id: VK0S7FDBAB0EX9VY
last-modified: Wed, 05 Oct 2022 14:53:42 GMT
etag: "16b4f3676c3859e1378a2ccdebbad675"
x-amz-version-id: zC.KoTaM7bjdFj.W4KQMilxtjXXSNPks
content-type: application/javascript
server: AmazonS3
access-control-allow-origin: *
cache-control: public, max-age=7200, stale-if-error=604800
content-encoding: gzip
accept-ranges: bytes
date: Tue, 20 Dec 2022 12:49:50 GMT
via: 1.1 varnish
x-served-by: cache-bma1674-BMA
x-cache: HIT
x-cache-hits: 3110
x-timer: S1671540591.933409,VS0,VE0
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
content-length: 1443
X-Firefox-Spdy: h2
js-agent.newrelic.com/775.2d6a2503-1220.js
151.101.66.137200 OK 632 B URL HTTP/2 js-agent.newrelic.com/775.2d6a2503-1220.js
IP 151.101.66.137:0
File type ASCII text, with very long lines (1169)
Hash 661520fd0dfebb919d68a69b60ca426f
b85ef80a0e0d95bf4904f9ce4fad56c49ae035be
ecd489671c6255fee8370fc1f8f4e99519ef8d4c4c0ab06640b0c021642e1db7
GET /775.2d6a2503-1220.js HTTP/1.1
Host: js-agent.newrelic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://chaturbate.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
x-amz-id-2: n5W3M8HU3EdwDhPARC2iiAf1as95kdLfrN2+qdL0W35SMVzIqjIlMR9W7ck8oTAzeIw6lrJi5fM=
x-amz-request-id: VK0MRM6MJ78HXF3Y
last-modified: Wed, 05 Oct 2022 14:53:42 GMT
etag: "1dfdb74c0491489bf04c6deadb56add2"
x-amz-version-id: y1AQ2bnjUbwuFOuSS5MP1vew1dGw.1iz
content-type: application/javascript
server: AmazonS3
access-control-allow-origin: *
cache-control: public, max-age=7200, stale-if-error=604800
content-encoding: gzip
accept-ranges: bytes
date: Tue, 20 Dec 2022 12:49:50 GMT
via: 1.1 varnish
x-served-by: cache-bma1674-BMA
x-cache: HIT
x-cache-hits: 3078
x-timer: S1671540591.933393,VS0,VE0
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
content-length: 632
X-Firefox-Spdy: h2
js-agent.newrelic.com/39.2d6a2503-1220.js
151.101.66.137200 OK 2.8 kB URL HTTP/2 js-agent.newrelic.com/39.2d6a2503-1220.js
IP 151.101.66.137:0
File type ASCII text, with very long lines (7169)
Hash a0a406e7bdf3e14f047e46bcea27640c
c1fbc88d260f16a092c1b7b0e58e4291401478e8
2309d4e82574d5402ec3454a76051987336fe3b4e4d546f6565a3a443c6d4049
GET /39.2d6a2503-1220.js HTTP/1.1
Host: js-agent.newrelic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://chaturbate.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
x-amz-id-2: YVIhZ0s+kfqfyw3/OOPaabzaoXb/XwD4VELrgCLiMtI8cGCxgyDD6Y3bdLzWtK9lY7b2Y9dtVwM=
x-amz-request-id: VK0GJZ5NDAT42H61
last-modified: Wed, 05 Oct 2022 14:53:42 GMT
etag: "0448380a8f2cd0426bbdf04dd45b5408"
x-amz-version-id: rKoZQfJFmGD6aC9Xn3l7.fk4j9L96MM_
content-type: application/javascript
server: AmazonS3
access-control-allow-origin: *
cache-control: public, max-age=7200, stale-if-error=604800
content-encoding: gzip
accept-ranges: bytes
date: Tue, 20 Dec 2022 12:49:50 GMT
via: 1.1 varnish
x-served-by: cache-bma1674-BMA
x-cache: HIT
x-cache-hits: 1737
x-timer: S1671540591.933361,VS0,VE0
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
content-length: 2755
X-Firefox-Spdy: h2
js-agent.newrelic.com/0.2d6a2503-1220.js
151.101.66.137200 OK 2.3 kB URL HTTP/2 js-agent.newrelic.com/0.2d6a2503-1220.js
IP 151.101.66.137:0
File type ASCII text, with very long lines (5198)
Hash 852267b16c136b977ccd94900c6c6308
e013e1b2c6de5b625ebbfe2e7cf3cfb09cee6c16
9bb09a133a1b33e9cecb06aa44e1ea67b3ad4ea74df5c6a89b1580064364cced
GET /0.2d6a2503-1220.js HTTP/1.1
Host: js-agent.newrelic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://chaturbate.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
x-amz-id-2: yaLgSlI/o1YgPR64REKW7tJGngFFiymXOCq3qvC8FibvMh/NPjIov1s2Y43sA3Nk7dOb/Jeu8n0=
x-amz-request-id: VK0HGZZCMTDZKH5X
last-modified: Wed, 05 Oct 2022 14:53:42 GMT
etag: "cc9b3d207e9ea2c79974f46bf474e6dd"
x-amz-version-id: 5C7ygpPS6JvoVHQoGDIm5lCTgaPcqmFc
content-type: application/javascript
server: AmazonS3
access-control-allow-origin: *
cache-control: public, max-age=7200, stale-if-error=604800
content-encoding: gzip
accept-ranges: bytes
date: Tue, 20 Dec 2022 12:49:50 GMT
via: 1.1 varnish
x-served-by: cache-bma1674-BMA
x-cache: HIT
x-cache-hits: 1731
x-timer: S1671540591.933347,VS0,VE0
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
content-length: 2349
X-Firefox-Spdy: h2
js-agent.newrelic.com/571.2d6a2503-1220.js
151.101.66.137200 OK 1.1 kB URL HTTP/2 js-agent.newrelic.com/571.2d6a2503-1220.js
IP 151.101.66.137:0
File type ASCII text, with very long lines (2412)
Hash d392a55faa7a0a2a43781a495891c9aa
1998ba6f85354606c186fa1a29285676f0b596f0
33b4cb21373961aa88430ff72406d46e95ceddf50afc086598ea5bdc3a311815
GET /571.2d6a2503-1220.js HTTP/1.1
Host: js-agent.newrelic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://chaturbate.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
x-amz-id-2: Yb3onr5wgE7GyebmH4WnkKwnI2MQKfjQMqMso3BN0Y71/Vtt12keZBjkbAuB5UJTI/GRzVXSccI=
x-amz-request-id: VK0WTM9PM29FXD43
last-modified: Wed, 05 Oct 2022 14:53:42 GMT
etag: "04b00905b32fd8d29459545bc125cff6"
x-amz-version-id: ySPuP7kOqGri8HjzDqW2TYirQNYv9NMF
content-type: application/javascript
server: AmazonS3
access-control-allow-origin: *
cache-control: public, max-age=7200, stale-if-error=604800
content-encoding: gzip
accept-ranges: bytes
date: Tue, 20 Dec 2022 12:49:50 GMT
via: 1.1 varnish
x-served-by: cache-bma1674-BMA
x-cache: HIT
x-cache-hits: 1740
x-timer: S1671540591.934386,VS0,VE0
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
content-length: 1108
X-Firefox-Spdy: h2
js-agent.newrelic.com/820.2d6a2503-1220.js
151.101.66.137200 OK 3.0 kB URL HTTP/2 js-agent.newrelic.com/820.2d6a2503-1220.js
IP 151.101.66.137:0
File type ASCII text, with very long lines (7460)
Hash 7d1295a839190615b34d5a62acceee4f
eef26f5c6d2ae14cb81b3a9b669da224faceacd0
4d59d58f31b6638fbc3792a0b5fddca6e8eafc19a0c9e9aabadb5ad4d9197198
GET /820.2d6a2503-1220.js HTTP/1.1
Host: js-agent.newrelic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://chaturbate.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
x-amz-id-2: FgITvf3WklEMWkZwakon8gl0N9aTQ94pdNptn966xzqmGm/5HblQmQGcNcywcu4tvf5sbwoyl9E=
x-amz-request-id: VK0ZG74SYEQQ4TER
last-modified: Wed, 05 Oct 2022 14:53:42 GMT
etag: "897a1a72a47e4f4a24c05aec49af638f"
x-amz-version-id: P6j2S.7Iht6lmVHyZ_zkYmp136j6E8IA
content-type: application/javascript
server: AmazonS3
access-control-allow-origin: *
cache-control: public, max-age=7200, stale-if-error=604800
content-encoding: gzip
accept-ranges: bytes
date: Tue, 20 Dec 2022 12:49:50 GMT
via: 1.1 varnish
x-served-by: cache-bma1674-BMA
x-cache: HIT
x-cache-hits: 1740
x-timer: S1671540591.934363,VS0,VE0
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
content-length: 2979
X-Firefox-Spdy: h2
chaturbate.com/in/?track=xfanta&tour=x1Rd&campaign=NcAyU&c=3&p=0&gender=f
104.18.100.40302 Found 4.9 kB URL HTTP/2 chaturbate.com/in/?track=xfanta&tour=x1Rd&campaign=NcAyU&c=3&p=0&gender=f
IP 104.18.100.40:0
File type gzip compressed data, max speed, from Unix\012- data
Hash 82f91772450e77721ca3f96b82c50bec
447061d42d4e9b575fbf53b662b37c16da63dc32
b4ac3f7e9760b07fc5f6faed8dad82ca5717875cd38a957a5149b859f802438b
GET /in/?track=xfanta&tour=x1Rd&campaign=NcAyU&c=3&p=0&gender=f HTTP/1.1
Host: chaturbate.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://cams.gratis/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
date: Tue, 20 Dec 2022 12:49:50 GMT
content-type: text/html; charset=utf-8
location: /tours/3/?tour=x1Rd&campaign=NcAyU&c=3&p=0&gender=f&disable_sound=0
p3p: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"
vary: Accept-Language, Cookie
content-language: en
content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.mmcdn.com https://*.highwebmedia.com https://*.chaturbate.com https://chaturbate.com https://ajax.googleapis.com https://js-agent.newrelic.com https://cdnjs.cloudflare.com https://www.google-analytics.com https://www.google.com/recaptcha/ https://www.google.com/cv/ https://www.gstatic.com/recaptcha/ https://www.gstatic.com/cv/ https://www.gstatic.com/eureka/ https://www.gstatic.com/cast/ https://*.nr-data.net https://certify-js.alexametrics.com https://player.vimeo.com/api/player.js http://static.hotjar.com https://static.hotjar.com https://script.hotjar.com ; style-src 'self' data: 'unsafe-inline' https://*.highwebmedia.com https://cdnjs.cloudflare.com https://fonts.googleapis.com ; img-src 'self' data: https://*.mmcdn.com https://*.highwebmedia.com https://*.stream.highwebmedia.com https://*.chaturbate.com https://chaturbate.com https://www.google-analytics.com https://static-pub.highwebmedia.com https://s3pv.highwebmedia.com https://cbphotovideo.s3.amazonaws.com https://cbphotovideo-eu.s3.amazonaws.com https://static-pub.highwebmedia.com.s3.amazonaws.com https://wowdvr.s3.amazonaws.com https://cbvideoupload.s3.amazonaws.com https://cdnjs.cloudflare.com https://www.gstatic.com https://*.nr-data.net https://certify.alexametrics.com https://stats.g.doubleclick.net https://cbgames.s3.amazonaws.com https://player.vimeo.com https://script.hotjar.com http://script.hotjar.com ; font-src 'self' data: https://*.mmcdn.com https://*.highwebmedia.com https://cdnjs.cloudflare.com https://fonts.gstatic.com http://script.hotjar.com https://script.hotjar.com ; connect-src 'self' blob: blob https://*.mmcdn.com wss://*.mmcdn.com wss://*.mmcdn.com:8443 https://*.highwebmedia.com wss://*.highwebmedia.com wss://*.highwebmedia.com:8443 https://*.nr-data.net https://*.chaturbate.com https://chaturbate.com https://www.google-analytics.com https://cbvideoupload.s3-accelerate.amazonaws.com https://stats.g.doubleclick.net https://internet-up.ably-realtime.com https://static-pub.highwebmedia.com https://s3pv.highwebmedia.com https://cbphotovideo.s3.amazonaws.com https://cbphotovideo-eu.s3.amazonaws.com https://static-pub.highwebmedia.com.s3.amazonaws.com https://wowdvr.s3.amazonaws.com https://cbvideoupload.s3.amazonaws.com https://tls-use1.fpapi.io https://use1.fptls.com https://eun1.fptls.com https://aps1.fptls.com http://*.hotjar.com:* https://*.hotjar.com:* https://vc.hotjar.io:* https://surveystats.hotjar.io wss://*.hotjar.com ; media-src 'self' https://*.mmcdn.com https://*.highwebmedia.com https://*.chaturbate.com https://chaturbate.com mediasource: blob: data: https://static-pub.highwebmedia.com https://s3pv.highwebmedia.com https://cbphotovideo.s3.amazonaws.com https://cbphotovideo-eu.s3.amazonaws.com https://static-pub.highwebmedia.com.s3.amazonaws.com https://wowdvr.s3.amazonaws.com https://cbvideoupload.s3.amazonaws.com; object-src 'self' https://*.mmcdn.com https://*.highwebmedia.com https://download.macromedia.com https://static-pub.highwebmedia.com https://s3pv.highwebmedia.com https://cbphotovideo.s3.amazonaws.com https://cbphotovideo-eu.s3.amazonaws.com https://static-pub.highwebmedia.com.s3.amazonaws.com https://wowdvr.s3.amazonaws.com https://cbvideoupload.s3.amazonaws.com ; frame-src 'self' https://*.mmcdn.com https://*.chaturbate.com https://chaturbate.com https://*.highwebmedia.com https://adserver.exoticads.com https://www.google.com/recaptcha/ https://*.wnu.com https://wnu.com https://checkout.2000charge.com https://www.sofort.com https://*.girogate.de https://player.vimeo.com https://vars.hotjar.com ; child-src 'self' blob: blob ; worker-src 'self' blob: blob ; form-action 'self' https://*.chaturbate.com https://chaturbate.com https://*.stream.highwebmedia.com https://www.coinpayments.net https://*.wnu.com https://wnu.com https://devportal.cb.dev https://*.web.amer-1.jumio.ai https://smartpay.coinsmart.com ; manifest-src 'self' https://*.mmcdn.com https://*.highwebmedia.com ; report-uri https://report-uri.mmcdn.com/r/t/csp/enforce;
report-to: {"group":"default","max_age":2592000,"endpoints":[{"url":"https://report-uri.mmcdn.com/a/t/g"}],"include_subdomains":true}
nel: {"report_to":"default","max_age":2592000,"include_subdomains":true}
x-frame-options: DENY
cache-control: no-cache
x-content-type-options: nosniff
x-xss-protection: 1; mode=block; report=https://report-uri.highwebmedia.com/r/t/xss/enforce
referrer-policy: strict-origin-when-cross-origin
via: 1.1 google
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cf-cache-status: DYNAMIC
set-cookie: u_x1Rd=1; expires=Sun, 25-Dec-2022 12:49:50 GMT; Max-Age=432000; Path=/
us_x1Rd=1; Path=/
affkey="eJyrVipRslJQqjAMSlHSUVBKzi0Acf2SHStDQfySomywdFpiXkkiSKAIxM0oKSkottLXT07MLdZLL0osySzWB0kmpqWBpHMTKyoqclNTMhONDAwtQBJgQ40MlWoBzegfMA=="; Domain=.chaturbate.com; expires=Thu, 19-Jan-2023 12:49:50 GMT; Max-Age=2592000; Path=/
fromaffiliate=1; Domain=.chaturbate.com; Path=/
noads=1; expires=Tue, 20-Dec-2022 18:49:50 GMT; Max-Age=21600; Path=/
stcki="iuhY4r=0"; expires=Thu, 19-Jan-2023 12:49:50 GMT; Max-Age=2592000; Path=/
sbr=sec:sbra8d5b0d2-83f4-4464-99cf-a640e0b94eb0:1p7c46:kUvjGyxr03JZs4JsBZfszP7G1gY; Domain=.chaturbate.com; expires=Sun, 14-Sep-2025 12:49:50 GMT; HttpOnly; Max-Age=86313600; Path=/; Secure
__cf_bm=T8w9cp.KRhI0ABIxdGqVNdgRqFE9O56JEo9uNE2UK8A-1671540590-0-AStjBAOqgVpYWxV+tYbO8p7yjboSg25I5l+rQ3spa7KpmQSET7k7RxH+6rAw+qfmLcI+Vp5yv73JysCuuvb+2Zs=; path=/; expires=Tue, 20-Dec-22 13:19:50 GMT; domain=.chaturbate.com; HttpOnly; Secure; SameSite=None
strict-transport-security: max-age=31536000; includeSubDomains; preload
server: cloudflare
cf-ray: 77c8800f7d18b52d-OSL
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash aea9a73081348d55277e89fba6e312aa
c9045508a816b01224303bc9e58927ee9b08f999
f9b7cabb45c2ae849a861ba37ce2dc07012b2678cc58c81276539d84dacf012e
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6255
Cache-Control: max-age=127536
Content-Type: application/ocsp-response
Date: Tue, 20 Dec 2022 12:49:51 GMT
Etag: "63a0e630-1d7"
Expires: Thu, 22 Dec 2022 00:15:27 GMT
Last-Modified: Mon, 19 Dec 2022 22:31:12 GMT
Server: ECS (ska/F70D)
X-Cache: HIT
Content-Length: 471
poweredby.jads.co/adshow.php?adzone=969388
185.94.236.244200 OK 1.5 kB URL HTTP/1.1 poweredby.jads.co/adshow.php?adzone=969388
IP 185.94.236.244:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with very long lines (401), with CRLF, LF line terminators
Hash 7b4900c21803ed9fb9d0b044b0669f00
cc9975c674d67f2e349f8d15e2b2135dbdc78e71
cc8a6f2f9ae35902a31313e89741a9fad083325d0a5f6248c3b4d981453a2514
GET /adshow.php?adzone=969388 HTTP/1.1
Host: poweredby.jads.co
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://media.aso1.net/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Tue, 20 Dec 2022 12:49:51 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: close
X-Powered-By: PHP/5.6.40
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CUR OUR IND STA"
Set-Cookie: surferid=7c39afc59a0c41e6c745a3e5759cacdd; expires=Wed, 20-Dec-2023 12:49:50 GMT; Max-Age=31536000; path=/; SameSite=None; Secure; domain=.jads.co
imps61=1; expires=Wed, 21-Dec-2022 12:49:50 GMT; Max-Age=86400; path=/; SameSite=None; Secure; domain=.jads.co
juicy_data_1=YToxOntpOjExOTY5NDI7aToxNjcxNzk5NzkwO30%3D; expires=Fri, 23-Dec-2022 12:49:50 GMT; Max-Age=259200; path=/; SameSite=None; Secure; domain=jads.co
juicy_data=YToxOntzOjEyOiJqdWljeV9kYXRhXzEiO3M6MToiMSI7fQ%3D%3D; expires=Fri, 23-Dec-2022 12:49:50 GMT; Max-Age=259200; path=/; SameSite=None; Secure; domain=jads.co
Content-Encoding: gzip
code.jquery.com/jquery-2.1.3.min.js
69.16.175.42200 OK 30 kB URL HTTP/2 code.jquery.com/jquery-2.1.3.min.js
IP 69.16.175.42:0
File type ASCII text, with very long lines (32180)
Hash de4fdb8e2e5d9b9624bad7ed2b726525
053a31e8e83b261e3863c4f9e652caba910a2b89
f44c9556d0ecebc0716a7fce2899c0b40ed96394bebafb2937f4305bf3b118f3
GET /jquery-2.1.3.min.js HTTP/1.1
Host: code.jquery.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://as.sexad.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Tue, 20 Dec 2022 12:49:51 GMT
content-encoding: gzip
content-length: 29507
content-type: application/javascript; charset=utf-8
last-modified: Wed, 16 Feb 2022 10:50:39 GMT
accept-ranges: bytes
server: nginx
etag: W/"620cd6ff-14960"
cache-control: max-age=315360000, public
access-control-allow-origin: *
vary: Accept-Encoding
x-sp-metadata: HS256.CP/6hp0GEocBCiQwZmYxNGEzNC1jMWRmLTQ2NGYtYTZjNC04ODMwMjlhOGViNGQQ+OiCoKvU+wIaBgjv3oadBiIMOTEuOTAuNDIuMTU0KOSkAzADOARCFlRMU19BRVNfMTI4X0dDTV9TSEEyNTZaIGM3ZDJiNGM0ODRhNDEzZTE5MWRlNmFjZmYyZGIyMDA5GiwIARIkYzhmZDAwNmEtODcyNS00OWU3LTlhOGEtMmQ0YjBhOWM2ZjE3GMPmASIYCAISFGNkczIxNS5zazEuaHdjZG4ubmV0.DGTcMPS6ksROaXrPE35aDKCnWOvbh1FOYUveI2f9rPQ=
x-hw: 1671540591.dop023.sk1.t,1671540591.cds242.sk1.hn,1671540591.cds215.sk1.c
X-Firefox-Spdy: h2
bam.nr-data.net/1/6f524845d1?a=24279235&v=1220.PROD&to=MwYEbUdYXxJQWhULDApMIExbWkUIXldOFgwRERUXQ1BUFkIDFQ0WFlA%3D&rst=1151&ck=0&s=2c63f67a7c8be8fc&ref=https://chaturbate.com/tours/3/&ap=19&be=498&fe=334&dc=160&af=err,xhr,stn,ins,spa&perf=%7B%22timing%22:%7B%22of%22:1671540590061,%22n%22:0,%22r%22:0,%22re%22:232,%22f%22:232,%22dn%22:232,%22dne%22:232,%22c%22:232,%22s%22:232,%22ce%22:232,%22rq%22:237,%22rp%22:421,%22rpe%22:422,%22dl%22:473,%22di%22:656,%22ds%22:657,%22de%22:663,%22dc%22:831,%22l%22:831,%22le%22:836%7D,%22navigation%22:%7B%22rc%22:1%7D%7D&fcp=662&at=H0ETGw9CExRCXBM9CgBBXAkZG0QSVEsPAw4BQVwbamZQD15XPj1BSEEVUFJXRBFuXQAWBkZZVhUXenc%2BY1gYQFlGVFFaDQEBUAEBBQYBBlZUXRh4Yy8TFUMhJTshCU0XAwhTHRsiJDwmDBJ8TU1DABMDQwQCCBADFVNYXRJUG01AEQECCmZcSRNbEwBQTFpUTVILGwgEVRMVQwMNCw05X1lYVhITA0NAT0YBA0pBZlYUVEoSPQoUQVwbDAgfWAEXVVBNVVZSGxkbUwRCTT4FFgEQFWZSXF5DCxsvLUFIQQ9JalpeFF9NExtBXkEodhcVEwhBZgINFgoXFEBqWl4PV1AFBw0HBkQDFwwBQx0bCBI8CgYSTlpLWkMLGwMOChxNBVZYGx1DWEk%2BDREDAghQT1hFCF5XQ1hBJg8PQRVqXg1ETQgNDRdBShtcSW4IQklDWEEmDw9BFWpeDURNCA0NF0FKG1xJbgBCV0NYVlRQVg0ZG1gRblgSDDwLEQEbDxtzDVhBQTEMCBYSUFpXQkFwakNOQQ0TOVpaV18EUk0IDQ07Fx9JUBsLQ3JYAw4GSyc1dRcVEwhBZhQRBhY8EkBFXBNbE0sEEQoABghNXFhdQx0bEwcSEQYVTWpJUBVZG1tATBAME0tGFgJOExVDFQ87CwlKQRsLQ1JRABYWFgEHTVAXUg5cG01AEA0XA2ZcXRNbABVDEQoQBjldWlRQCF8bW0AADAISTEdbUBVUFwINDkZPREtQSEQEQk0%2BCgwXF0QDF1pZAEVMEwACEAZIWlpUE00TWxMNFBcGFGZcXRNbEwpXVlZSW1UMGFpTVFcUVQAHBU5fC1EJHFhVDVJbUlNUXw1UXBNNE0sEBAYWBhQbDxtZFUVJElhMSwAHVEYXVhNQTQgRTEZPREtQSEQEQk0%2BDwYQCwldFwMTJnRtQ05BFBoSUVpXbhdUSxILDApBXBsGFwZDHRsUAzwABhBQVlxuB1BUCA4aRllEdkFRVBMTFUMXAjsHA09cWlQ%2BRUARB0FeQQJcRlJFDkEbTUAWBTwJSmpfUAxYVRhAWUY0D1dRVkYSExVDFwI7DBVmQ1xDElhWD0BZRlJWGxkbRABuWxMNFBcGFGZTWFwIXUBDWEEiChRcU1ZJQx0bFAM8BhEJTkZcQz5HXBMRCgsNRAMXCAFUHwlDTkERAjlKQUtYD1YbW0AuCxkPVVlYHlQfCUFKNA0NAlZCShEvZRlQUk1UWEZuXFcHVQoZGVRXX0MUTw8IAVQfCUhCJAEADVYaCwFQAQlQUlJEJQ9LUF9eGR4IUVdNVEFKG1JQRT5SVgwPChBBXBsFXVdSAgFXW1FUAl8bGRtBAENYDBFBXkEdZRdNXhRDZUNYQzhBHghnXW1DHRk9QAAFDhZYXF5fPRMDQT5BKgAnQGBlE00RZUMBP0ZZRmUXCm1DHRk9QBM4QVwZaRsBPRMVQT5BAwYIXVBLbUMLGT1ABThBShlpG1UIQlgDDgY7EAlMW11tQwsZPUBTOEEbGxkbVA1YXggADwE8FUlZUEU%2BRVwSFhBGWUQZZWp9CEdcQUBPRgYKUFJQUw1UZhISDw0XOU1QSkUSblcSQFlGQxZMRlFuFFgZQ05BBQASUENcbhJBVQgWPBAGFU1GGwtDEWkyLgoSBkYbGRtQAkVQFwc8FxMKUEFmRQRCTRI9DRdBXBsVSUQSWWYUC0NGHhs%3D&jsonp=NREUM.setToken
162.247.241.14200 OK 72 B URL HTTP/1.1 bam.nr-data.net/1/6f524845d1?a=24279235&v=1220.PROD&to=MwYEbUdYXxJQWhULDApMIExbWkUIXldOFgwRERUXQ1BUFkIDFQ0WFlA%3D&rst=1151&ck=0&s=2c63f67a7c8be8fc&ref=https://chaturbate.com/tours/3/&ap=19&be=498&fe=334&dc=160&af=err,xhr,stn,ins,spa&perf=%7B%22timing%22:%7B%22of%22:1671540590061,%22n%22:0,%22r%22:0,%22re%22:232,%22f%22:232,%22dn%22:232,%22dne%22:232,%22c%22:232,%22s%22:232,%22ce%22:232,%22rq%22:237,%22rp%22:421,%22rpe%22:422,%22dl%22:473,%22di%22:656,%22ds%22:657,%22de%22:663,%22dc%22:831,%22l%22:831,%22le%22:836%7D,%22navigation%22:%7B%22rc%22:1%7D%7D&fcp=662&at=H0ETGw9CExRCXBM9CgBBXAkZG0QSVEsPAw4BQVwbamZQD15XPj1BSEEVUFJXRBFuXQAWBkZZVhUXenc%2BY1gYQFlGVFFaDQEBUAEBBQYBBlZUXRh4Yy8TFUMhJTshCU0XAwhTHRsiJDwmDBJ8TU1DABMDQwQCCBADFVNYXRJUG01AEQECCmZcSRNbEwBQTFpUTVILGwgEVRMVQwMNCw05X1lYVhITA0NAT0YBA0pBZlYUVEoSPQoUQVwbDAgfWAEXVVBNVVZSGxkbUwRCTT4FFgEQFWZSXF5DCxsvLUFIQQ9JalpeFF9NExtBXkEodhcVEwhBZgINFgoXFEBqWl4PV1AFBw0HBkQDFwwBQx0bCBI8CgYSTlpLWkMLGwMOChxNBVZYGx1DWEk%2BDREDAghQT1hFCF5XQ1hBJg8PQRVqXg1ETQgNDRdBShtcSW4IQklDWEEmDw9BFWpeDURNCA0NF0FKG1xJbgBCV0NYVlRQVg0ZG1gRblgSDDwLEQEbDxtzDVhBQTEMCBYSUFpXQkFwakNOQQ0TOVpaV18EUk0IDQ07Fx9JUBsLQ3JYAw4GSyc1dRcVEwhBZhQRBhY8EkBFXBNbE0sEEQoABghNXFhdQx0bEwcSEQYVTWpJUBVZG1tATBAME0tGFgJOExVDFQ87CwlKQRsLQ1JRABYWFgEHTVAXUg5cG01AEA0XA2ZcXRNbABVDEQoQBjldWlRQCF8bW0AADAISTEdbUBVUFwINDkZPREtQSEQEQk0%2BCgwXF0QDF1pZAEVMEwACEAZIWlpUE00TWxMNFBcGFGZcXRNbEwpXVlZSW1UMGFpTVFcUVQAHBU5fC1EJHFhVDVJbUlNUXw1UXBNNE0sEBAYWBhQbDxtZFUVJElhMSwAHVEYXVhNQTQgRTEZPREtQSEQEQk0%2BDwYQCwldFwMTJnRtQ05BFBoSUVpXbhdUSxILDApBXBsGFwZDHRsUAzwABhBQVlxuB1BUCA4aRllEdkFRVBMTFUMXAjsHA09cWlQ%2BRUARB0FeQQJcRlJFDkEbTUAWBTwJSmpfUAxYVRhAWUY0D1dRVkYSExVDFwI7DBVmQ1xDElhWD0BZRlJWGxkbRABuWxMNFBcGFGZTWFwIXUBDWEEiChRcU1ZJQx0bFAM8BhEJTkZcQz5HXBMRCgsNRAMXCAFUHwlDTkERAjlKQUtYD1YbW0AuCxkPVVlYHlQfCUFKNA0NAlZCShEvZRlQUk1UWEZuXFcHVQoZGVRXX0MUTw8IAVQfCUhCJAEADVYaCwFQAQlQUlJEJQ9LUF9eGR4IUVdNVEFKG1JQRT5SVgwPChBBXBsFXVdSAgFXW1FUAl8bGRtBAENYDBFBXkEdZRdNXhRDZUNYQzhBHghnXW1DHRk9QAAFDhZYXF5fPRMDQT5BKgAnQGBlE00RZUMBP0ZZRmUXCm1DHRk9QBM4QVwZaRsBPRMVQT5BAwYIXVBLbUMLGT1ABThBShlpG1UIQlgDDgY7EAlMW11tQwsZPUBTOEEbGxkbVA1YXggADwE8FUlZUEU%2BRVwSFhBGWUQZZWp9CEdcQUBPRgYKUFJQUw1UZhISDw0XOU1QSkUSblcSQFlGQxZMRlFuFFgZQ05BBQASUENcbhJBVQgWPBAGFU1GGwtDEWkyLgoSBkYbGRtQAkVQFwc8FxMKUEFmRQRCTRI9DRdBXBsVSUQSWWYUC0NGHhs%3D&jsonp=NREUM.setToken
IP 162.247.241.14:0
File type ASCII text, with no line terminators
Hash 107d93e382e2c9b00fbf9fb0edc65d86
77e750e3ebf9706f4f6dd253785602d70be17c6c
a1ee50b689ea433a0acdccbf4ee4629e9ea3f9c4bcdd21effb334359a2f9e937
GET /1/6f524845d1?a=24279235&v=1220.PROD&to=MwYEbUdYXxJQWhULDApMIExbWkUIXldOFgwRERUXQ1BUFkIDFQ0WFlA%3D&rst=1151&ck=0&s=2c63f67a7c8be8fc&ref=https://chaturbate.com/tours/3/&ap=19&be=498&fe=334&dc=160&af=err,xhr,stn,ins,spa&perf=%7B%22timing%22:%7B%22of%22:1671540590061,%22n%22:0,%22r%22:0,%22re%22:232,%22f%22:232,%22dn%22:232,%22dne%22:232,%22c%22:232,%22s%22:232,%22ce%22:232,%22rq%22:237,%22rp%22:421,%22rpe%22:422,%22dl%22:473,%22di%22:656,%22ds%22:657,%22de%22:663,%22dc%22:831,%22l%22:831,%22le%22:836%7D,%22navigation%22:%7B%22rc%22:1%7D%7D&fcp=662&at=H0ETGw9CExRCXBM9CgBBXAkZG0QSVEsPAw4BQVwbamZQD15XPj1BSEEVUFJXRBFuXQAWBkZZVhUXenc%2BY1gYQFlGVFFaDQEBUAEBBQYBBlZUXRh4Yy8TFUMhJTshCU0XAwhTHRsiJDwmDBJ8TU1DABMDQwQCCBADFVNYXRJUG01AEQECCmZcSRNbEwBQTFpUTVILGwgEVRMVQwMNCw05X1lYVhITA0NAT0YBA0pBZlYUVEoSPQoUQVwbDAgfWAEXVVBNVVZSGxkbUwRCTT4FFgEQFWZSXF5DCxsvLUFIQQ9JalpeFF9NExtBXkEodhcVEwhBZgINFgoXFEBqWl4PV1AFBw0HBkQDFwwBQx0bCBI8CgYSTlpLWkMLGwMOChxNBVZYGx1DWEk%2BDREDAghQT1hFCF5XQ1hBJg8PQRVqXg1ETQgNDRdBShtcSW4IQklDWEEmDw9BFWpeDURNCA0NF0FKG1xJbgBCV0NYVlRQVg0ZG1gRblgSDDwLEQEbDxtzDVhBQTEMCBYSUFpXQkFwakNOQQ0TOVpaV18EUk0IDQ07Fx9JUBsLQ3JYAw4GSyc1dRcVEwhBZhQRBhY8EkBFXBNbE0sEEQoABghNXFhdQx0bEwcSEQYVTWpJUBVZG1tATBAME0tGFgJOExVDFQ87CwlKQRsLQ1JRABYWFgEHTVAXUg5cG01AEA0XA2ZcXRNbABVDEQoQBjldWlRQCF8bW0AADAISTEdbUBVUFwINDkZPREtQSEQEQk0%2BCgwXF0QDF1pZAEVMEwACEAZIWlpUE00TWxMNFBcGFGZcXRNbEwpXVlZSW1UMGFpTVFcUVQAHBU5fC1EJHFhVDVJbUlNUXw1UXBNNE0sEBAYWBhQbDxtZFUVJElhMSwAHVEYXVhNQTQgRTEZPREtQSEQEQk0%2BDwYQCwldFwMTJnRtQ05BFBoSUVpXbhdUSxILDApBXBsGFwZDHRsUAzwABhBQVlxuB1BUCA4aRllEdkFRVBMTFUMXAjsHA09cWlQ%2BRUARB0FeQQJcRlJFDkEbTUAWBTwJSmpfUAxYVRhAWUY0D1dRVkYSExVDFwI7DBVmQ1xDElhWD0BZRlJWGxkbRABuWxMNFBcGFGZTWFwIXUBDWEEiChRcU1ZJQx0bFAM8BhEJTkZcQz5HXBMRCgsNRAMXCAFUHwlDTkERAjlKQUtYD1YbW0AuCxkPVVlYHlQfCUFKNA0NAlZCShEvZRlQUk1UWEZuXFcHVQoZGVRXX0MUTw8IAVQfCUhCJAEADVYaCwFQAQlQUlJEJQ9LUF9eGR4IUVdNVEFKG1JQRT5SVgwPChBBXBsFXVdSAgFXW1FUAl8bGRtBAENYDBFBXkEdZRdNXhRDZUNYQzhBHghnXW1DHRk9QAAFDhZYXF5fPRMDQT5BKgAnQGBlE00RZUMBP0ZZRmUXCm1DHRk9QBM4QVwZaRsBPRMVQT5BAwYIXVBLbUMLGT1ABThBShlpG1UIQlgDDgY7EAlMW11tQwsZPUBTOEEbGxkbVA1YXggADwE8FUlZUEU%2BRVwSFhBGWUQZZWp9CEdcQUBPRgYKUFJQUw1UZhISDw0XOU1QSkUSblcSQFlGQxZMRlFuFFgZQ05BBQASUENcbhJBVQgWPBAGFU1GGwtDEWkyLgoSBkYbGRtQAkVQFwc8FxMKUEFmRQRCTRI9DRdBXBsVSUQSWWYUC0NGHhs%3D&jsonp=NREUM.setToken HTTP/1.1
Host: bam.nr-data.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://chaturbate.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Date: Tue, 20 Dec 2022 12:49:51 GMT
Content-Type: text/javascript
Transfer-Encoding: chunked
Connection: keep-alive
CF-Ray: 77c88016bd82b505-OSL
Access-Control-Allow-Origin: *
CF-Cache-Status: DYNAMIC
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, PUT, HEAD, OPTIONS
Cross-Origin-Resource-Policy: cross-origin
Vary: Accept-Encoding
Server: cloudflare
Content-Encoding: gzip
m.sancdn.net/common/videojs/videojs.min-original-v2.css
69.16.175.10200 OK 12 kB URL HTTP/1.1 m.sancdn.net/common/videojs/videojs.min-original-v2.css
IP 69.16.175.10:0
File type ASCII text, with very long lines (11336)
Hash 4b6813504d31e3b11655aafacf165db4
96517f0033bd59f277cd2eefa7d088ae6ff82dad
063b4a568733054fea7f238a10b384170ce29c136d3194feed44d8c8b451f55d
GET /common/videojs/videojs.min-original-v2.css HTTP/1.1
Host: m.sancdn.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://as.sexad.net/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Date: Tue, 20 Dec 2022 12:49:51 GMT
Connection: Keep-Alive
ETag: "1385146323"
Cache-Control: max-age=86400
Content-Length: 11451
Content-Type: text/css
Last-Modified: Fri, 22 Nov 2013 18:52:03 GMT
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
X-HW: 1671540591.dop218.sk1.t,1671540591.cds016.sk1.shn,1671540591.cds016.sk1.c
bam.nr-data.net/1/6f524845d1?a=24279235&v=1220.PROD&to=MwYEbUdYXxJQWhULDApMIExbWkUIXldOFgwRERUXQ1BUFkIDFQ0WFlA%3D&rst=926&ck=0&s=2c63f67a7c8be8fc&ref=https://chaturbate.com/tours/3/&ap=23&be=472&fe=152&dc=104&af=err,xhr,stn,ins,spa&perf=%7B%22timing%22:%7B%22of%22:1671540590332,%22n%22:0,%22r%22:0,%22re%22:186,%22f%22:186,%22dn%22:186,%22dne%22:186,%22c%22:186,%22s%22:186,%22ce%22:186,%22rq%22:191,%22rp%22:372,%22rpe%22:384,%22dl%22:422,%22di%22:574,%22ds%22:576,%22de%22:582,%22dc%22:623,%22l%22:623,%22le%22:629%7D,%22navigation%22:%7B%22rc%22:1%7D%7D&at=H0ETGw9CExRCXBM9CgBBXAkZG0QSVEsPAw4BQVwbamZQD15XPj1BSEEVUFJXRBFuXQAWBkZZVhUXenc%2BY1gYQFlGVFFaDQEBUABfAwBQVAIADxh4Yy8TFUMhJTshCU0XAwhTHRsiJDwmDBJ8TU1DABMDQwQCCBADFVNYXRJUG01AEQECCmZcSRNbEwBQTFpUTVILGwgEVRMVQwMNCw05X1lYVhITA0NAT0YBA0pBZlYUVEoSPQoUQVwbDAgfWAEXVVBNVVZSGxkbUwRCTT4FFgEQFWZSXF5DCxsvLUFIQQ9JalpeFF9NExtBXkEodhcVEwhBZgINFgoXFEBqWl4PV1AFBw0HBkQDFwwBQx0bCBI8CgYSTlpLWkMLGwMOChxNBVZYGx1DWEk%2BDREDAghQT1hFCF5XQ1hBJg8PQRVqXg1ETQgNDRdBShtcSW4IQklDWEEmDw9BFWpeDURNCA0NF0FKG1xJbgBCV0NYVlRQVg0ZG1gRblgSDDwLEQEbDxtzDVhBQTEMCBYSUFpXQkFwakNOQQ0TOVpaV18EUk0IDQ07Fx9JUBsLQ3JYAw4GSyc1dRcVEwhBZhQRBhY8EkBFXBNbE0sEEQoABghNXFhdQx0bEwcSEQYVTWpJUBVZG1tATBAME0tGFgJOExVDFQ87CwlKQRsLQ1JRABYWFgEHTVAXUg5cG01AEA0XA2ZcXRNbABVDEQoQBjldWlRQCF8bW0AADAISTEdbUBVUFwINDkZPREtQSEQEQk0%2BCgwXF0QDF1pZAEVMEwACEAZIWlpUE00TWxMNFBcGFGZcXRNbEw0FVlFWAV8AGFsHWVMUVVMHBU4HCldcHFkHD1lRUFdRAglRXBNNE0sEBAYWBhQbDxtZFUVJElhMSwAHVEZaWQBFFw8HF0tBShtHXEAUVEoVPQ4BFw5WURsLQ3Z8NUBPRhMfTV1WXz5HXBMRCgsNRAMXCh9WExVDFwI7BwNPXFpUPldYDAsPHUFcG3pNWQRDG01AFgU8AlxDUFIEbk0YEgZGWURdUEpaFV5JQ05BEQI5VkZmVwBcUA0bQV5BMVBbXV4WQhtNQBYFPAlKak9UE0JQDgxBXkFXCRcVExRQZgMQDBMQA0tqX1AMWFUYQFlGJQ9LUF9eGRMVQxcCOwEUVkJKVBNuTwQQEA0MCBsPGwBRBBdRQE9GFgdmRk1DCF9eQ1hBKQwcUFlVUE4EF1FCSzMKCF1aTkJBf21BU1NKU10ZYlBfVwUCQRpVUFhGS0MDAFEEF1FLQyMGBVJaFgNRAAlRU1NVQyBQR1xXDkkWUFJWSlNEFRdeWBVuWg4PDg0XRAMXCVUHAgpZVFpWUwcAFxUTEVBLAA8QRllEQmkbRQ5ESz1AWUQ/REEEa1U9ExVBPkEHAgtJVFBWD20bW0I/RhcHdkZ7bUMdGT1AADhBXBlpGwA9ExVBPkEUP0QDFWUTUW0bTUI/RgQDV1FcQz0TA0E%2BQQI/RBUVZRMFWEoAAA8BPBVWQFdVPRMDQT5BVD9ERBcVEwRdUAYLAQgGOUpFVVgVbk0EERcXQVwbFWliLVhPBEJBSEEDVVxeWANdXD4REwgKEmZBXEIVQmYPEUFeQUZJQEpZPkRQQUBPRgIFTVxPVD5CSQ0LFzsXA0pBShNbExkxMS8NFQMZFxUTAFJNCBQGOxAWVVxNbhVUShURPAoQRAMXGUEUQlE%2BFwpEQRtE&jsonp=NREUM.setToken
162.247.241.14200 OK 77 B URL HTTP/1.1 bam.nr-data.net/1/6f524845d1?a=24279235&v=1220.PROD&to=MwYEbUdYXxJQWhULDApMIExbWkUIXldOFgwRERUXQ1BUFkIDFQ0WFlA%3D&rst=926&ck=0&s=2c63f67a7c8be8fc&ref=https://chaturbate.com/tours/3/&ap=23&be=472&fe=152&dc=104&af=err,xhr,stn,ins,spa&perf=%7B%22timing%22:%7B%22of%22:1671540590332,%22n%22:0,%22r%22:0,%22re%22:186,%22f%22:186,%22dn%22:186,%22dne%22:186,%22c%22:186,%22s%22:186,%22ce%22:186,%22rq%22:191,%22rp%22:372,%22rpe%22:384,%22dl%22:422,%22di%22:574,%22ds%22:576,%22de%22:582,%22dc%22:623,%22l%22:623,%22le%22:629%7D,%22navigation%22:%7B%22rc%22:1%7D%7D&at=H0ETGw9CExRCXBM9CgBBXAkZG0QSVEsPAw4BQVwbamZQD15XPj1BSEEVUFJXRBFuXQAWBkZZVhUXenc%2BY1gYQFlGVFFaDQEBUABfAwBQVAIADxh4Yy8TFUMhJTshCU0XAwhTHRsiJDwmDBJ8TU1DABMDQwQCCBADFVNYXRJUG01AEQECCmZcSRNbEwBQTFpUTVILGwgEVRMVQwMNCw05X1lYVhITA0NAT0YBA0pBZlYUVEoSPQoUQVwbDAgfWAEXVVBNVVZSGxkbUwRCTT4FFgEQFWZSXF5DCxsvLUFIQQ9JalpeFF9NExtBXkEodhcVEwhBZgINFgoXFEBqWl4PV1AFBw0HBkQDFwwBQx0bCBI8CgYSTlpLWkMLGwMOChxNBVZYGx1DWEk%2BDREDAghQT1hFCF5XQ1hBJg8PQRVqXg1ETQgNDRdBShtcSW4IQklDWEEmDw9BFWpeDURNCA0NF0FKG1xJbgBCV0NYVlRQVg0ZG1gRblgSDDwLEQEbDxtzDVhBQTEMCBYSUFpXQkFwakNOQQ0TOVpaV18EUk0IDQ07Fx9JUBsLQ3JYAw4GSyc1dRcVEwhBZhQRBhY8EkBFXBNbE0sEEQoABghNXFhdQx0bEwcSEQYVTWpJUBVZG1tATBAME0tGFgJOExVDFQ87CwlKQRsLQ1JRABYWFgEHTVAXUg5cG01AEA0XA2ZcXRNbABVDEQoQBjldWlRQCF8bW0AADAISTEdbUBVUFwINDkZPREtQSEQEQk0%2BCgwXF0QDF1pZAEVMEwACEAZIWlpUE00TWxMNFBcGFGZcXRNbEw0FVlFWAV8AGFsHWVMUVVMHBU4HCldcHFkHD1lRUFdRAglRXBNNE0sEBAYWBhQbDxtZFUVJElhMSwAHVEZaWQBFFw8HF0tBShtHXEAUVEoVPQ4BFw5WURsLQ3Z8NUBPRhMfTV1WXz5HXBMRCgsNRAMXCh9WExVDFwI7BwNPXFpUPldYDAsPHUFcG3pNWQRDG01AFgU8AlxDUFIEbk0YEgZGWURdUEpaFV5JQ05BEQI5VkZmVwBcUA0bQV5BMVBbXV4WQhtNQBYFPAlKak9UE0JQDgxBXkFXCRcVExRQZgMQDBMQA0tqX1AMWFUYQFlGJQ9LUF9eGRMVQxcCOwEUVkJKVBNuTwQQEA0MCBsPGwBRBBdRQE9GFgdmRk1DCF9eQ1hBKQwcUFlVUE4EF1FCSzMKCF1aTkJBf21BU1NKU10ZYlBfVwUCQRpVUFhGS0MDAFEEF1FLQyMGBVJaFgNRAAlRU1NVQyBQR1xXDkkWUFJWSlNEFRdeWBVuWg4PDg0XRAMXCVUHAgpZVFpWUwcAFxUTEVBLAA8QRllEQmkbRQ5ESz1AWUQ/REEEa1U9ExVBPkEHAgtJVFBWD20bW0I/RhcHdkZ7bUMdGT1AADhBXBlpGwA9ExVBPkEUP0QDFWUTUW0bTUI/RgQDV1FcQz0TA0E%2BQQI/RBUVZRMFWEoAAA8BPBVWQFdVPRMDQT5BVD9ERBcVEwRdUAYLAQgGOUpFVVgVbk0EERcXQVwbFWliLVhPBEJBSEEDVVxeWANdXD4REwgKEmZBXEIVQmYPEUFeQUZJQEpZPkRQQUBPRgIFTVxPVD5CSQ0LFzsXA0pBShNbExkxMS8NFQMZFxUTAFJNCBQGOxAWVVxNbhVUShURPAoQRAMXGUEUQlE%2BFwpEQRtE&jsonp=NREUM.setToken
IP 162.247.241.14:0
File type ASCII text, with no line terminators
Hash f1442f5831dbbe0210da2d7a4180d6b8
2ade23c6c7a001c66f0c0a9a101ec152747b434e
c6acf9fb2ecc1b144c51bd0337bbf1c26db3df2f649ac2da5c56db20d93eb3ef
GET /1/6f524845d1?a=24279235&v=1220.PROD&to=MwYEbUdYXxJQWhULDApMIExbWkUIXldOFgwRERUXQ1BUFkIDFQ0WFlA%3D&rst=926&ck=0&s=2c63f67a7c8be8fc&ref=https://chaturbate.com/tours/3/&ap=23&be=472&fe=152&dc=104&af=err,xhr,stn,ins,spa&perf=%7B%22timing%22:%7B%22of%22:1671540590332,%22n%22:0,%22r%22:0,%22re%22:186,%22f%22:186,%22dn%22:186,%22dne%22:186,%22c%22:186,%22s%22:186,%22ce%22:186,%22rq%22:191,%22rp%22:372,%22rpe%22:384,%22dl%22:422,%22di%22:574,%22ds%22:576,%22de%22:582,%22dc%22:623,%22l%22:623,%22le%22:629%7D,%22navigation%22:%7B%22rc%22:1%7D%7D&at=H0ETGw9CExRCXBM9CgBBXAkZG0QSVEsPAw4BQVwbamZQD15XPj1BSEEVUFJXRBFuXQAWBkZZVhUXenc%2BY1gYQFlGVFFaDQEBUABfAwBQVAIADxh4Yy8TFUMhJTshCU0XAwhTHRsiJDwmDBJ8TU1DABMDQwQCCBADFVNYXRJUG01AEQECCmZcSRNbEwBQTFpUTVILGwgEVRMVQwMNCw05X1lYVhITA0NAT0YBA0pBZlYUVEoSPQoUQVwbDAgfWAEXVVBNVVZSGxkbUwRCTT4FFgEQFWZSXF5DCxsvLUFIQQ9JalpeFF9NExtBXkEodhcVEwhBZgINFgoXFEBqWl4PV1AFBw0HBkQDFwwBQx0bCBI8CgYSTlpLWkMLGwMOChxNBVZYGx1DWEk%2BDREDAghQT1hFCF5XQ1hBJg8PQRVqXg1ETQgNDRdBShtcSW4IQklDWEEmDw9BFWpeDURNCA0NF0FKG1xJbgBCV0NYVlRQVg0ZG1gRblgSDDwLEQEbDxtzDVhBQTEMCBYSUFpXQkFwakNOQQ0TOVpaV18EUk0IDQ07Fx9JUBsLQ3JYAw4GSyc1dRcVEwhBZhQRBhY8EkBFXBNbE0sEEQoABghNXFhdQx0bEwcSEQYVTWpJUBVZG1tATBAME0tGFgJOExVDFQ87CwlKQRsLQ1JRABYWFgEHTVAXUg5cG01AEA0XA2ZcXRNbABVDEQoQBjldWlRQCF8bW0AADAISTEdbUBVUFwINDkZPREtQSEQEQk0%2BCgwXF0QDF1pZAEVMEwACEAZIWlpUE00TWxMNFBcGFGZcXRNbEw0FVlFWAV8AGFsHWVMUVVMHBU4HCldcHFkHD1lRUFdRAglRXBNNE0sEBAYWBhQbDxtZFUVJElhMSwAHVEZaWQBFFw8HF0tBShtHXEAUVEoVPQ4BFw5WURsLQ3Z8NUBPRhMfTV1WXz5HXBMRCgsNRAMXCh9WExVDFwI7BwNPXFpUPldYDAsPHUFcG3pNWQRDG01AFgU8AlxDUFIEbk0YEgZGWURdUEpaFV5JQ05BEQI5VkZmVwBcUA0bQV5BMVBbXV4WQhtNQBYFPAlKak9UE0JQDgxBXkFXCRcVExRQZgMQDBMQA0tqX1AMWFUYQFlGJQ9LUF9eGRMVQxcCOwEUVkJKVBNuTwQQEA0MCBsPGwBRBBdRQE9GFgdmRk1DCF9eQ1hBKQwcUFlVUE4EF1FCSzMKCF1aTkJBf21BU1NKU10ZYlBfVwUCQRpVUFhGS0MDAFEEF1FLQyMGBVJaFgNRAAlRU1NVQyBQR1xXDkkWUFJWSlNEFRdeWBVuWg4PDg0XRAMXCVUHAgpZVFpWUwcAFxUTEVBLAA8QRllEQmkbRQ5ESz1AWUQ/REEEa1U9ExVBPkEHAgtJVFBWD20bW0I/RhcHdkZ7bUMdGT1AADhBXBlpGwA9ExVBPkEUP0QDFWUTUW0bTUI/RgQDV1FcQz0TA0E%2BQQI/RBUVZRMFWEoAAA8BPBVWQFdVPRMDQT5BVD9ERBcVEwRdUAYLAQgGOUpFVVgVbk0EERcXQVwbFWliLVhPBEJBSEEDVVxeWANdXD4REwgKEmZBXEIVQmYPEUFeQUZJQEpZPkRQQUBPRgIFTVxPVD5CSQ0LFzsXA0pBShNbExkxMS8NFQMZFxUTAFJNCBQGOxAWVVxNbhVUShURPAoQRAMXGUEUQlE%2BFwpEQRtE&jsonp=NREUM.setToken HTTP/1.1
Host: bam.nr-data.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://chaturbate.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Date: Tue, 20 Dec 2022 12:49:51 GMT
Content-Type: text/javascript
Transfer-Encoding: chunked
Connection: keep-alive
CF-Ray: 77c88016cea70b61-OSL
Access-Control-Allow-Origin: *
CF-Cache-Status: DYNAMIC
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, PUT, HEAD, OPTIONS
Cross-Origin-Resource-Policy: cross-origin
Vary: Accept-Encoding
Server: cloudflare
Content-Encoding: gzip
m.sancdn.net/jquery-plugins/modernizr-2.6.2-respond-1.1.0.min.js
69.16.175.10200 OK 20 kB URL HTTP/1.1 m.sancdn.net/jquery-plugins/modernizr-2.6.2-respond-1.1.0.min.js
IP 69.16.175.10:0
File type HTML document, ASCII text, with very long lines (14756)
Hash 70d492eca4141bdd1452977dd893dd63
9cd9504b3afdeca86a03251591e1afab36ae2c57
ce0f70d9e807bb959717d8350c21a107f5b6b7221a774b6d1ed057219468a260
GET /jquery-plugins/modernizr-2.6.2-respond-1.1.0.min.js HTTP/1.1
Host: m.sancdn.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://as.sexad.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Date: Tue, 20 Dec 2022 12:49:51 GMT
Connection: Keep-Alive
ETag: "1367368554"
Cache-Control: max-age=86400
Content-Length: 19484
Content-Type: application/javascript
Last-Modified: Wed, 01 May 2013 00:35:54 GMT
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
X-HW: 1671540591.dop021.sk1.t,1671540591.cds204.sk1.shn,1671540591.dop021.sk1.t,1671540591.cds026.sk1.c
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash c020baf8db09ec4173b5e61b939ec0e3
90c73a768e755ce150a090c9d4b150d0b5e670e6
ce332f54fbfd379b7f005b28da55d0825ca4736e916ae7d676dcdf74c1d6ac45
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "CE332F54FBFD379B7F005B28DA55D0825CA4736E916AE7D676DCDF74C1D6AC45"
Last-Modified: Tue, 20 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=20209
Expires: Tue, 20 Dec 2022 18:26:40 GMT
Date: Tue, 20 Dec 2022 12:49:51 GMT
Connection: keep-alive
m.sancdn.net/common/fontawesome-430/font-awesome.min.css
69.16.175.10200 OK 24 kB URL HTTP/1.1 m.sancdn.net/common/fontawesome-430/font-awesome.min.css
IP 69.16.175.10:0
File type ASCII text, with very long lines (23523)
Hash 3738ef90dad175977dc8a695809bb71a
98aa676ba7987caa86d49ab1b71f73896d08ad13
c86f7b62a894d5799f1aa0a535efb34ed6f914447f901f1da50c837dee13fa72
GET /common/fontawesome-430/font-awesome.min.css HTTP/1.1
Host: m.sancdn.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://as.sexad.net/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Date: Tue, 20 Dec 2022 12:49:51 GMT
Connection: Keep-Alive
ETag: "1422564509"
Cache-Control: max-age=8442
Content-Length: 23685
Content-Type: text/css
Last-Modified: Thu, 29 Jan 2015 20:48:29 GMT
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
X-HW: 1671540591.dop207.sk1.t,1671540591.cds219.sk1.shn,1671540591.dop207.sk1.t,1671540591.cds233.sk1.c
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash c020baf8db09ec4173b5e61b939ec0e3
90c73a768e755ce150a090c9d4b150d0b5e670e6
ce332f54fbfd379b7f005b28da55d0825ca4736e916ae7d676dcdf74c1d6ac45
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "CE332F54FBFD379B7F005B28DA55D0825CA4736E916AE7D676DCDF74C1D6AC45"
Last-Modified: Tue, 20 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=20209
Expires: Tue, 20 Dec 2022 18:26:40 GMT
Date: Tue, 20 Dec 2022 12:49:51 GMT
Connection: keep-alive
pt-static4.ptwmstcnt.com/npe/_common/script/adblock/advertisement-v598559.js
93.93.51.200200 OK 21 B URL HTTP/2 pt-static4.ptwmstcnt.com/npe/_common/script/adblock/advertisement-v598559.js
IP 93.93.51.200:0
ASN #34655 DuoDecad IT Services Luxembourg S.a r.l.
File type ASCII text, with no line terminators
Hash 01c6e7ecb819ef28b0c9b962513a1596
1a49f493db7b91ed34a7040d36732352b9a5dc39
e97a9988dce8067f81f57557b349dd481e0335e75175179b6b01322be2ff13a5
GET /npe/_common/script/adblock/advertisement-v598559.js HTTP/1.1
Host: pt-static4.ptwmstcnt.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://pt.ctsdwm.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Tue, 20 Dec 2022 12:49:51 GMT
content-type: application/javascript
content-length: 21
last-modified: Mon, 19 Dec 2022 11:48:19 GMT
etag: "63a04f83-15"
access-control-allow-origin: *
server: unknown
x-cdn-node: sesto
x-cache-status: R-HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
www.facebook.com/login.php?next=https%3A%2F%2Fwww.facebook.com%2Ffavicon.ico%3F_rdr%3Dp
31.13.72.36200 OK 136 kB URL HTTP/2 www.facebook.com/login.php?next=https%3A%2F%2Fwww.facebook.com%2Ffavicon.ico%3F_rdr%3Dp
IP 31.13.72.36:0
Size 136 kB (135897 bytes)
Hash ee882593d9159a337bc2c988c032c4d1
5f838c9d940f54a72287947660a724de6b36191b
cc0d3cad6bf727a9c74df184a730fb2e9726347e7d1eb14359a58dac44d25c82
GET /login.php?next=https%3A%2F%2Fwww.facebook.com%2Ffavicon.ico%3F_rdr%3Dp HTTP/1.1
Host: www.facebook.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-encoding: br
pragma: no-cache
cache-control: private, no-cache, no-store, must-revalidate
expires: Sat, 01 Jan 2000 00:00:00 GMT
content-security-policy-report-only: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* wss://*.fbcdn.net attachment.fbsbx.com blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ *.fbsbx.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster: *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: *.fbcdn.net;worker-src blob: *.facebook.com data:;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
content-security-policy: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* wss://*.fbcdn.net attachment.fbsbx.com blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ *.fbsbx.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster: *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: *.fbcdn.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
report-to: {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown"}]}
x-frame-options: DENY
x-content-type-options: nosniff
x-xss-protection: 0
cross-origin-opener-policy: same-origin-allow-popups
vary: Sec-Fetch-Site, Sec-Fetch-Mode, Accept-Encoding
strict-transport-security: max-age=15552000; preload
content-type: text/html; charset="utf-8"
x-fb-debug: toPFwWxfFsEPMWghi3EOamW+uIIeDgGrQULbB9ge8LYzPBxj5K+G7GtJScs7dpc866neyt/OjZcCwYlKfGIzMw==
date: Tue, 20 Dec 2022 12:49:48 GMT
priority: u=3,i
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
as.sexad.net/px.gif?stno=3-937-fap247.com-0-5106-0-0-3003-4398-12&p=reseller&w=1&h=1&v=5106&adType=cats&adWidth=900&adHeight=75&niche=female&fontSize=15&font_color=%23fff&background_color=%23000000&hn=fap247.com&AFNO=1-286&cam=0&adv=0&ctry=NO&lang=en&dev=Other
216.127.52.249200 35 B URL HTTP/1.1 as.sexad.net/px.gif?stno=3-937-fap247.com-0-5106-0-0-3003-4398-12&p=reseller&w=1&h=1&v=5106&adType=cats&adWidth=900&adHeight=75&niche=female&fontSize=15&font_color=%23fff&background_color=%23000000&hn=fap247.com&AFNO=1-286&cam=0&adv=0&ctry=NO&lang=en&dev=Other
IP 216.127.52.249:0
File type GIF image data, version 87a, 1 x 1\012- data
Hash 729c3007a8ed0597531b0c76d54a94bb
90fe9b8a8142548fdfab29f59cb0a164a0eaef81
6a842ea462daca2a0b5a0f5f25bcfc8e0059ac811ca6c6a1bc54e4d9119621c3
GET /px.gif?stno=3-937-fap247.com-0-5106-0-0-3003-4398-12&p=reseller&w=1&h=1&v=5106&adType=cats&adWidth=900&adHeight=75&niche=female&fontSize=15&font_color=%23fff&background_color=%23000000&hn=fap247.com&AFNO=1-286&cam=0&adv=0&ctry=NO&lang=en&dev=Other HTTP/1.1
Host: as.sexad.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://as.sexad.net/as/if?p=reseller&w=1&h=1&v=5106&adType=cats&adWidth=900&adHeight=75&niche=female&fontSize=15&font_color=%23fff&background_color=%23000000&hn=fap247.com&AFNO=1-286
Cookie: iid=9574-1671540590
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200
Server: nginx/1.18.0
Date: Tue, 20 Dec 2022 12:49:51 GMT
Content-Type: image/gif
Content-Length: 35
Connection: keep-alive
Cache-Control: no-cache, no-store, must-revalidate, private, max-age=0
Access-Control-Allow-Origin: *
Set-Cookie: ust=1671540591; expires=Fri, 17-Dec-2032 12:49:51 GMT; Max-Age=315360000; path=/; secure; SameSite=None
P3P: policyref="/w3c/p3p.xml", CP="This is not our comprehensive privacy policy (P3P). For complete information, please see http://streamate.com/privacy.html"
as.sexad.net/px.gif?stno=3-937-fap247.com-0-5104-0-0-3001-5671-3&p=reseller&w=1&h=1&v=5104&noplaybtn=1&adHeight=175&adWidth=235&adType=live&autoplay=true&hn=fap247.com&AFNO=1-286&cam=0&adv=0&ctry=NO&lang=en&dev=Other
216.127.52.249200 35 B URL HTTP/1.1 as.sexad.net/px.gif?stno=3-937-fap247.com-0-5104-0-0-3001-5671-3&p=reseller&w=1&h=1&v=5104&noplaybtn=1&adHeight=175&adWidth=235&adType=live&autoplay=true&hn=fap247.com&AFNO=1-286&cam=0&adv=0&ctry=NO&lang=en&dev=Other
IP 216.127.52.249:0
File type GIF image data, version 87a, 1 x 1\012- data
Hash 729c3007a8ed0597531b0c76d54a94bb
90fe9b8a8142548fdfab29f59cb0a164a0eaef81
6a842ea462daca2a0b5a0f5f25bcfc8e0059ac811ca6c6a1bc54e4d9119621c3
GET /px.gif?stno=3-937-fap247.com-0-5104-0-0-3001-5671-3&p=reseller&w=1&h=1&v=5104&noplaybtn=1&adHeight=175&adWidth=235&adType=live&autoplay=true&hn=fap247.com&AFNO=1-286&cam=0&adv=0&ctry=NO&lang=en&dev=Other HTTP/1.1
Host: as.sexad.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://as.sexad.net/as/if?p=reseller&w=1&h=1&v=5104&noplaybtn=1&adHeight=175&adWidth=235&adType=live&autoplay=true&hn=fap247.com&AFNO=1-286
Cookie: iid=9574-1671540590
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200
Server: nginx/1.18.0
Date: Tue, 20 Dec 2022 12:49:51 GMT
Content-Type: image/gif
Content-Length: 35
Connection: keep-alive
Cache-Control: no-cache, no-store, must-revalidate, private, max-age=0
Access-Control-Allow-Origin: *
Set-Cookie: ust=1671540591; expires=Fri, 17-Dec-2032 12:49:51 GMT; Max-Age=315360000; path=/; secure; SameSite=None
P3P: policyref="/w3c/p3p.xml", CP="This is not our comprehensive privacy policy (P3P). For complete information, please see http://streamate.com/privacy.html"
m.sancdn.net/common/fontawesome-430/fontawesome-webfont.woff2?v=4.3.0
69.16.175.10200 OK 57 kB URL HTTP/1.1 m.sancdn.net/common/fontawesome-430/fontawesome-webfont.woff2?v=4.3.0
IP 69.16.175.10:0
File type Web Open Font Format (Version 2), TrueType, length 56780, version 4.197\012- data
Hash 97493d3f11c0a3bd5cbd959f5d19b699
1075231650f579955905bb2f6527148a8e2b4b16
aadc3580d2b64ff5a7e6f1425587db4e8b033efcbf8f5c332ca52a5ed580c87c
GET /common/fontawesome-430/fontawesome-webfont.woff2?v=4.3.0 HTTP/1.1
Host: m.sancdn.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://as.sexad.net
Connection: keep-alive
Referer: https://m.sancdn.net/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Date: Tue, 20 Dec 2022 12:49:51 GMT
Connection: Keep-Alive
ETag: "1422564509"
Cache-Control: max-age=86400
Content-Length: 56780
Content-Type: application/octet-stream
Last-Modified: Thu, 29 Jan 2015 20:48:29 GMT
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
X-HW: 1671540591.dop219.sk1.t,1671540591.cds231.sk1.shn,1671540591.dop219.sk1.t,1671540591.cds252.sk1.c
bam.nr-data.net/events/1/6f524845d1?a=24279235&v=1220.PROD&to=MwYEbUdYXxJQWhULDApMIExbWkUIXldOFgwRERUXQ1BUFkIDFQ0WFlA%3D&rst=1492&ck=0&s=2c63f67a7c8be8fc&ref=https://chaturbate.com/tours/3/
162.247.241.14200 OK 24 B URL HTTP/1.1 bam.nr-data.net/events/1/6f524845d1?a=24279235&v=1220.PROD&to=MwYEbUdYXxJQWhULDApMIExbWkUIXldOFgwRERUXQ1BUFkIDFQ0WFlA%3D&rst=1492&ck=0&s=2c63f67a7c8be8fc&ref=https://chaturbate.com/tours/3/
IP 162.247.241.14:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash bc32ed98d624acb4008f986349a20d26
2d3df8c11d2168ce2c27e0937421d11d85016361
0c9cf152a0ad00d4f102c93c613c104914be5517ac8f8e0831727f8bfbe8b300
POST /events/1/6f524845d1?a=24279235&v=1220.PROD&to=MwYEbUdYXxJQWhULDApMIExbWkUIXldOFgwRERUXQ1BUFkIDFQ0WFlA%3D&rst=1492&ck=0&s=2c63f67a7c8be8fc&ref=https://chaturbate.com/tours/3/ HTTP/1.1
Host: bam.nr-data.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://chaturbate.com/
content-type: text/plain
Content-Length: 1869
Origin: https://chaturbate.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Date: Tue, 20 Dec 2022 12:49:51 GMT
Content-Type: image/gif
Content-Length: 24
Connection: keep-alive
CF-Ray: 77c8801898210b61-OSL
Access-Control-Allow-Origin: https://chaturbate.com
CF-Cache-Status: DYNAMIC
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, PUT, HEAD, OPTIONS
Vary: Accept-Encoding
Server: cloudflare
pt-static1.ptwmstcnt.com/npe/image/smilies_ex.png
93.93.51.200200 OK 8.5 kB URL HTTP/2 pt-static1.ptwmstcnt.com/npe/image/smilies_ex.png
IP 93.93.51.200:0
ASN #34655 DuoDecad IT Services Luxembourg S.a r.l.
File type PNG image data, 536 x 138, 8-bit colormap, non-interlaced\012- data
Hash 53fc00ebf44066190d5faea2a7931e7c
21178ac1ffb10f958d26d17a0fe49d5d31a00720
63526a6642f64fadb44cd33d634bb626f8e96af3f850215cfdd78a9c609fc85c
GET /npe/image/smilies_ex.png HTTP/1.1
Host: pt-static1.ptwmstcnt.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://pt.ctsdwm.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Tue, 20 Dec 2022 12:49:51 GMT
content-type: image/png
content-length: 8533
last-modified: Tue, 22 Nov 2022 08:57:06 GMT
etag: "637c8ee2-2155"
access-control-allow-origin: *
server: unknown
x-cdn-node: sesto
x-cache-status: R-HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
galleryn12.awemdia.com/ff268cab8d9fbae1ed7506f97496274f15/544f83ca9658869aa8e0f646bad71ae6_glamour_896x504.jpg
93.93.51.190200 OK 57 kB URL HTTP/2 galleryn12.awemdia.com/ff268cab8d9fbae1ed7506f97496274f15/544f83ca9658869aa8e0f646bad71ae6_glamour_896x504.jpg
IP 93.93.51.190:0
ASN #34655 DuoDecad IT Services Luxembourg S.a r.l.
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, progressive, precision 8, 896x504, components 3\012- data
Hash 36a1ee78f0594fbbdf3ae4b55109690b
a73aa10b48dab8b4772924649bd902333b8cf51b
1135d0fec1449ef0929b7ca6b1699bc487b0bd8af5592c23a35162ce99e63436
GET /ff268cab8d9fbae1ed7506f97496274f15/544f83ca9658869aa8e0f646bad71ae6_glamour_896x504.jpg HTTP/1.1
Host: galleryn12.awemdia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://pt.ctsdwm.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Tue, 20 Dec 2022 12:49:51 GMT
content-type: image/jpeg
content-length: 56609
last-modified: Mon, 07 Nov 2022 06:10:09 GMT
etag: "36a1ee78f0594fbbdf3ae4b55109690b"
access-control-allow-origin: *
x-content-type-options: nosniff
x-cache-source: Origin
x-cache-status: R-HIT
expires: Tue, 03 Jan 2023 12:49:51 GMT
server: unknown
x-cdn-node: sesto
cache-control: max-age=1209600
x-real-source: -
accept-ranges: bytes
X-Firefox-Spdy: h2
bam.nr-data.net/events/1/6f524845d1?a=24279235&v=1220.PROD&to=MwYEbUdYXxJQWhULDApMIExbWkUIXldOFgwRERUXQ1BUFkIDFQ0WFlA%3D&rst=1539&ck=0&s=2c63f67a7c8be8fc&ref=https://chaturbate.com/tours/3/
162.247.241.14200 OK 24 B URL HTTP/1.1 bam.nr-data.net/events/1/6f524845d1?a=24279235&v=1220.PROD&to=MwYEbUdYXxJQWhULDApMIExbWkUIXldOFgwRERUXQ1BUFkIDFQ0WFlA%3D&rst=1539&ck=0&s=2c63f67a7c8be8fc&ref=https://chaturbate.com/tours/3/
IP 162.247.241.14:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash bc32ed98d624acb4008f986349a20d26
2d3df8c11d2168ce2c27e0937421d11d85016361
0c9cf152a0ad00d4f102c93c613c104914be5517ac8f8e0831727f8bfbe8b300
POST /events/1/6f524845d1?a=24279235&v=1220.PROD&to=MwYEbUdYXxJQWhULDApMIExbWkUIXldOFgwRERUXQ1BUFkIDFQ0WFlA%3D&rst=1539&ck=0&s=2c63f67a7c8be8fc&ref=https://chaturbate.com/tours/3/ HTTP/1.1
Host: bam.nr-data.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://chaturbate.com/
content-type: text/plain
Content-Length: 1868
Origin: https://chaturbate.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Date: Tue, 20 Dec 2022 12:49:51 GMT
Content-Type: image/gif
Content-Length: 24
Connection: keep-alive
CF-Ray: 77c8801a7a020b61-OSL
Access-Control-Allow-Origin: https://chaturbate.com
CF-Cache-Status: DYNAMIC
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, PUT, HEAD, OPTIONS
Vary: Accept-Encoding
Server: cloudflare
galleryn12.awemdia.com/ff268cab8d9fbae1ed7506f97496274f13/39ad66d263cc3374e3b39e72d6a90cbe_glamour_896x504.jpg
93.93.51.190200 OK 65 kB URL HTTP/2 galleryn12.awemdia.com/ff268cab8d9fbae1ed7506f97496274f13/39ad66d263cc3374e3b39e72d6a90cbe_glamour_896x504.jpg
IP 93.93.51.190:0
ASN #34655 DuoDecad IT Services Luxembourg S.a r.l.
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, progressive, precision 8, 896x504, components 3\012- data
Hash ca23e1ab47733f97afb650fabd4bfd71
f4eb58169ae2b9068312fa137101cc66f658a159
f1ef03e5caf5079556aecb18d0e22076391d5ffec23b075c728d2332d6b4d3c9
GET /ff268cab8d9fbae1ed7506f97496274f13/39ad66d263cc3374e3b39e72d6a90cbe_glamour_896x504.jpg HTTP/1.1
Host: galleryn12.awemdia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://pt.ctsdwm.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Tue, 20 Dec 2022 12:49:51 GMT
content-type: image/jpeg
content-length: 65234
last-modified: Tue, 01 Nov 2022 06:55:08 GMT
etag: "ca23e1ab47733f97afb650fabd4bfd71"
access-control-allow-origin: *
x-content-type-options: nosniff
x-cache-source: Origin
x-cache-status: R-HIT
expires: Tue, 03 Jan 2023 12:49:51 GMT
server: unknown
x-cdn-node: sesto
cache-control: max-age=1209600
x-real-source: -
accept-ranges: bytes
X-Firefox-Spdy: h2
pt.ctsdwm.com/iMclp/6cq.gif?c=object_container&site=wl3&cobrandId=240622&psid=cybermike&pstool=202_1&psprogram=cbrnd&campaign_id=118122&vp%5BshowChat%5D=false&vp%5BchatAutoHide%5D=false&vp%5BshowCallToAction%5D=false&vp%5BshowPerformerName%5D=false&vp%5BshowPerformerStatus%5D=false&filters=&subAffId=%7BSUBAFFID%7D&categoryName=girl&embedTool=1&origin=camschat.net
93.93.51.191200 OK 43 B URL HTTP/2 pt.ctsdwm.com/iMclp/6cq.gif?c=object_container&site=wl3&cobrandId=240622&psid=cybermike&pstool=202_1&psprogram=cbrnd&campaign_id=118122&vp%5BshowChat%5D=false&vp%5BchatAutoHide%5D=false&vp%5BshowCallToAction%5D=false&vp%5BshowPerformerName%5D=false&vp%5BshowPerformerStatus%5D=false&filters=&subAffId=%7BSUBAFFID%7D&categoryName=girl&embedTool=1&origin=camschat.net
IP 93.93.51.191:0
ASN #34655 DuoDecad IT Services Luxembourg S.a r.l.
File type GIF image data, version 89a, 1 x 1\012- data
Hash ad4b0f606e0f8465bc4c4c170b37e1a3
50b30fd5f87c85fe5cba2635cb83316ca71250d7
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
GET /iMclp/6cq.gif?c=object_container&site=wl3&cobrandId=240622&psid=cybermike&pstool=202_1&psprogram=cbrnd&campaign_id=118122&vp%5BshowChat%5D=false&vp%5BchatAutoHide%5D=false&vp%5BshowCallToAction%5D=false&vp%5BshowPerformerName%5D=false&vp%5BshowPerformerStatus%5D=false&filters=&subAffId=%7BSUBAFFID%7D&categoryName=girl&embedTool=1&origin=camschat.net HTTP/1.1
Host: pt.ctsdwm.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://pt.ctsdwm.com/live-feed/fk/?c=object_container&site=wl3&cobrandId=240622&psid=cybermike&pstool=202_1&psprogram=cbrnd&campaign_id=118122&forcedPerformers%5B0%5D=&vp%5BshowChat%5D=false&vp%5BchatAutoHide%5D=false&vp%5BshowCallToAction%5D=false&vp%5BshowPerformerName%5D=false&vp%5BshowPerformerStatus%5D=false&filters=&subAffId=%7BSUBAFFID%7D&categoryName=girl&embedTool=1&origin=camschat.net
Cookie: psui=a59f007fbf3384ccc33cc586d5d348f0
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Tue, 20 Dec 2022 12:49:51 GMT
content-type: image/gif
content-length: 43
last-modified: Mon, 28 Sep 1970 06:00:00 GMT
server: unknown
set-cookie: psui=a59f007fbf3384ccc33cc586d5d348f0; Path=/; Expires=Thu, 19-Jan-23 12:49:51 GMT; SameSite=None; Secure
expires: Tue, 20 Dec 2022 12:49:50 GMT
cache-control: no-cache
access-control-allow-origin: *
X-Firefox-Spdy: h2
galleryn12.awemdia.com/ff268cab8d9fbae1ed7506f97496274f11/16b51c3ef220b7f8eaaf39723c8e0e2e_glamour_896x504.jpg
93.93.51.190200 OK 93 kB URL HTTP/2 galleryn12.awemdia.com/ff268cab8d9fbae1ed7506f97496274f11/16b51c3ef220b7f8eaaf39723c8e0e2e_glamour_896x504.jpg
IP 93.93.51.190:0
ASN #34655 DuoDecad IT Services Luxembourg S.a r.l.
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 72x72, segment length 16, progressive, precision 8, 896x504, components 3\012- data
Hash 8e130636837d818090d5e3d9b339e220
b24bfb3f490c404efe80e1c3a4734784d99b77df
25e96c353ffbcb336794d168e82c5d067293ce45b239d3e25f4d8510341ec775
GET /ff268cab8d9fbae1ed7506f97496274f11/16b51c3ef220b7f8eaaf39723c8e0e2e_glamour_896x504.jpg HTTP/1.1
Host: galleryn12.awemdia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://pt.ctsdwm.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Tue, 20 Dec 2022 12:49:51 GMT
content-type: image/jpeg
content-length: 93021
last-modified: Sun, 06 Nov 2022 14:28:21 GMT
etag: "8e130636837d818090d5e3d9b339e220"
access-control-allow-origin: *
x-content-type-options: nosniff
x-cache-source: Origin
x-cache-status: R-HIT
expires: Tue, 03 Jan 2023 12:49:51 GMT
server: unknown
x-cdn-node: sesto
cache-control: max-age=1209600
x-real-source: -
accept-ranges: bytes
X-Firefox-Spdy: h2
galleryn12.awemdia.com/ff268cab8d9fbae1ed7506f97496274f11/1738ba014206997b9e4c98d0d51631b8_glamour_896x504.jpg
93.93.51.190200 OK 69 kB URL HTTP/2 galleryn12.awemdia.com/ff268cab8d9fbae1ed7506f97496274f11/1738ba014206997b9e4c98d0d51631b8_glamour_896x504.jpg
IP 93.93.51.190:0
ASN #34655 DuoDecad IT Services Luxembourg S.a r.l.
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, progressive, precision 8, 896x504, components 3\012- data
Hash 9945db705adb5c67e2cb6b331709c30b
374af40a7ad095ca45427ab681b2d1098a26c3f3
c37af3b0b26a0222752c0b467573d709f63a6ea97dd07ee95ce43aa7964bb2da
GET /ff268cab8d9fbae1ed7506f97496274f11/1738ba014206997b9e4c98d0d51631b8_glamour_896x504.jpg HTTP/1.1
Host: galleryn12.awemdia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://pt.ctsdwm.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Tue, 20 Dec 2022 12:49:51 GMT
content-type: image/jpeg
content-length: 68655
last-modified: Mon, 12 Dec 2022 23:38:17 GMT
etag: "9945db705adb5c67e2cb6b331709c30b"
access-control-allow-origin: *
x-content-type-options: nosniff
x-cache-source: Origin
x-cache-status: R-HIT
expires: Tue, 03 Jan 2023 12:49:51 GMT
server: unknown
x-cdn-node: sesto
cache-control: max-age=1209600
x-real-source: -
accept-ranges: bytes
X-Firefox-Spdy: h2
galleryn12.awemdia.com/ff268cab8d9fbae1ed7506f97496274f1a/ab9106984b8ed9318efff41a7c018c25_glamour_896x504.jpg
93.93.51.190200 OK 45 kB URL HTTP/2 galleryn12.awemdia.com/ff268cab8d9fbae1ed7506f97496274f1a/ab9106984b8ed9318efff41a7c018c25_glamour_896x504.jpg
IP 93.93.51.190:0
ASN #34655 DuoDecad IT Services Luxembourg S.a r.l.
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, progressive, precision 8, 896x504, components 3\012- data
Hash 6a2863bce96a55169bc028f28960cbe2
fd3ee368c55051452fef748b3a5abc6c3a6dd9a1
1fae79b238c96f01f26907953b1bf7f4b011f253853a7bbf53e3647328a570df
GET /ff268cab8d9fbae1ed7506f97496274f1a/ab9106984b8ed9318efff41a7c018c25_glamour_896x504.jpg HTTP/1.1
Host: galleryn12.awemdia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://pt.ctsdwm.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Tue, 20 Dec 2022 12:49:52 GMT
content-type: image/jpeg
content-length: 45060
last-modified: Tue, 06 Sep 2022 21:44:44 GMT
etag: "6a2863bce96a55169bc028f28960cbe2"
access-control-allow-origin: *
x-content-type-options: nosniff
x-cache-source: Origin
x-cache-status: R-HIT
expires: Tue, 03 Jan 2023 12:49:52 GMT
server: unknown
x-cdn-node: sesto
cache-control: max-age=1209600
x-real-source: -
accept-ranges: bytes
X-Firefox-Spdy: h2
m1.nsimg.net//media/1/3/6/13651356.jpg
207.178.0.89200 OK 21 kB URL HTTP/1.1 m1.nsimg.net//media/1/3/6/13651356.jpg
IP 207.178.0.89:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 90", baseline, precision 8, 320x240, components 3\012- data
Hash 027c4886c7327d23f3ca4d4d8987741b
bd5f5bda68da6ce924d52c5b19ce8ef089a86162
66a5402313f14573f2721fd14ae2ed87f60a509efa231f5c2f2e4f06b8169aa0
GET //media/1/3/6/13651356.jpg HTTP/1.1
Host: m1.nsimg.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://as.sexad.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Tue, 20 Dec 2022 12:49:51 GMT
Content-Type: image/jpeg
Content-Length: 20615
Connection: keep-alive
Last-Modified: Sat, 17 Dec 2022 14:41:23 GMT
ETag: "639dd513-5087"
Expires: Wed, 20 Dec 2023 11:50:53 GMT
Cache-Control: max-age=31536000
X-Varnish: 540422082 540467446
Age: 3
Access-Control-Allow-Origin: *
Accept-Ranges: bytes
pt-static5.ptwmstcnt.com/npe/ba/elf/script/elf-v598559.js
93.93.51.200200 OK 189 kB URL HTTP/2 pt-static5.ptwmstcnt.com/npe/ba/elf/script/elf-v598559.js
IP 93.93.51.200:0
ASN #34655 DuoDecad IT Services Luxembourg S.a r.l.
Size 189 kB (188652 bytes)
Hash bd0e2b5416e3176344dc430a20c18f3f
11dfc988438adce37dd274c5ffa8784d4a64f64f
54cd80562b7d51abff3772d80aa851e55707b65cb64bac2b4f52b5505968ddce
GET /npe/ba/elf/script/elf-v598559.js HTTP/1.1
Host: pt-static5.ptwmstcnt.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://pt.ctsdwm.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Tue, 20 Dec 2022 12:49:52 GMT
content-type: application/javascript
last-modified: Mon, 19 Dec 2022 11:48:20 GMT
vary: Accept-Encoding, Accept-Encoding
etag: W/"63a04f84-8a531"
access-control-allow-origin: *
server: unknown
x-cdn-node: sesto
x-cache-status: R-HIT
content-encoding: gzip
X-Firefox-Spdy: h2
pt.ctsdwm.com/aRq7e/Jtl.gif?c=object_container&%3Bsite=wl3&%3BcobrandId=240622&%3Bpsid=cybermike&%3Bpstool=302_1&%3Bpsprogram=cbrnd&%3Bcampaign_id=118122&%3BforcedPerformers%5B0%5D=&%3Bvp%5BshowChat%5D=false&%3Bvp%5BchatAutoHide%5D=false&%3Bvp%5BshowCallToAction%5D=false&%3Bvp%5BshowPerformerName%5D=false&%3Bvp%5BshowPerformerStatus%5D=false&%3Bfilters=&%3BsubAffId=%7BSUBAFFID%7D&%3BcategoryName=girl&%3BembedTool=1&%3Borigin=camschat.net&%3Brrc=3
93.93.51.191200 OK 14 kB URL HTTP/2 pt.ctsdwm.com/aRq7e/Jtl.gif?c=object_container&%3Bsite=wl3&%3BcobrandId=240622&%3Bpsid=cybermike&%3Bpstool=302_1&%3Bpsprogram=cbrnd&%3Bcampaign_id=118122&%3BforcedPerformers%5B0%5D=&%3Bvp%5BshowChat%5D=false&%3Bvp%5BchatAutoHide%5D=false&%3Bvp%5BshowCallToAction%5D=false&%3Bvp%5BshowPerformerName%5D=false&%3Bvp%5BshowPerformerStatus%5D=false&%3Bfilters=&%3BsubAffId=%7BSUBAFFID%7D&%3BcategoryName=girl&%3BembedTool=1&%3Borigin=camschat.net&%3Brrc=3
IP 93.93.51.191:0
ASN #34655 DuoDecad IT Services Luxembourg S.a r.l.
Hash 47fece95d2bffca896c5e0b8d460ac13
abaf51bea44f9fc8c14008aa09487af1716f5f9d
42ab6432225c92a77e4dc578456ce8ef58e8147d3d2cb24afa9f310fd8b47332
GET /aRq7e/Jtl.gif?c=object_container&%3Bsite=wl3&%3BcobrandId=240622&%3Bpsid=cybermike&%3Bpstool=302_1&%3Bpsprogram=cbrnd&%3Bcampaign_id=118122&%3BforcedPerformers%5B0%5D=&%3Bvp%5BshowChat%5D=false&%3Bvp%5BchatAutoHide%5D=false&%3Bvp%5BshowCallToAction%5D=false&%3Bvp%5BshowPerformerName%5D=false&%3Bvp%5BshowPerformerStatus%5D=false&%3Bfilters=&%3BsubAffId=%7BSUBAFFID%7D&%3BcategoryName=girl&%3BembedTool=1&%3Borigin=camschat.net&%3Brrc=3 HTTP/1.1
Host: pt.ctsdwm.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://pt.ctsdwm.com/live-feed?c=object_container&site=wl3&cobrandId=240622&psid=cybermike&pstool=302_1&psprogram=cbrnd&campaign_id=118122&forcedPerformers%5B0%5D=&vp%5BshowChat%5D=false&vp%5BchatAutoHide%5D=false&vp%5BshowCallToAction%5D=false&vp%5BshowPerformerName%5D=false&vp%5BshowPerformerStatus%5D=false&filters=&subAffId=%7BSUBAFFID%7D&categoryName=girl&embedTool=1&origin=camschat.net&rrc=3
Cookie: psui=a59f007fbf3384ccc33cc586d5d348f0
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Tue, 20 Dec 2022 12:49:52 GMT
content-type: image/gif
content-length: 43
last-modified: Mon, 28 Sep 1970 06:00:00 GMT
server: unknown
set-cookie: psui=a59f007fbf3384ccc33cc586d5d348f0; Path=/; Expires=Thu, 19-Jan-23 12:49:52 GMT; SameSite=None; Secure
expires: Tue, 20 Dec 2022 12:49:51 GMT
cache-control: no-cache
access-control-allow-origin: *
X-Firefox-Spdy: h2
pt.ctsdwm.com/live-feed?c=object_container&site=wl3&cobrandId=240622&psid=cybermike&pstool=302_1&psprogram=cbrnd&campaign_id=118122&forcedPerformers%5B0%5D=&vp%5BshowChat%5D=false&vp%5BchatAutoHide%5D=false&vp%5BshowCallToAction%5D=false&vp%5BshowPerformerName%5D=false&vp%5BshowPerformerStatus%5D=false&filters=&subAffId=%7BSUBAFFID%7D&categoryName=girl&embedTool=1&origin=camschat.net&rrc=3
93.93.51.191200 OK 79 kB URL HTTP/2 pt.ctsdwm.com/live-feed?c=object_container&site=wl3&cobrandId=240622&psid=cybermike&pstool=302_1&psprogram=cbrnd&campaign_id=118122&forcedPerformers%5B0%5D=&vp%5BshowChat%5D=false&vp%5BchatAutoHide%5D=false&vp%5BshowCallToAction%5D=false&vp%5BshowPerformerName%5D=false&vp%5BshowPerformerStatus%5D=false&filters=&subAffId=%7BSUBAFFID%7D&categoryName=girl&embedTool=1&origin=camschat.net&rrc=3
IP 93.93.51.191:0
ASN #34655 DuoDecad IT Services Luxembourg S.a r.l.
Hash 1bdfc1ba32a85c472882f050f1ccb63f
fede71ebfcf8cca5df3b9999ba1a5df44f9d3f14
8b835ec76c51e02b4c7cfb60b87d74e5fa64ed70390d49f5c1751cc545f6629e
GET /live-feed?c=object_container&site=wl3&cobrandId=240622&psid=cybermike&pstool=302_1&psprogram=cbrnd&campaign_id=118122&forcedPerformers%5B0%5D=&vp%5BshowChat%5D=false&vp%5BchatAutoHide%5D=false&vp%5BshowCallToAction%5D=false&vp%5BshowPerformerName%5D=false&vp%5BshowPerformerStatus%5D=false&filters=&subAffId=%7BSUBAFFID%7D&categoryName=girl&embedTool=1&origin=camschat.net&rrc=3 HTTP/1.1
Host: pt.ctsdwm.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://pt.ctsdwm.com/live-feed/fk/?c=object_container&site=wl3&cobrandId=240622&psid=cybermike&pstool=202_1&psprogram=cbrnd&campaign_id=118122&forcedPerformers%5B0%5D=&vp%5BshowChat%5D=false&vp%5BchatAutoHide%5D=false&vp%5BshowCallToAction%5D=false&vp%5BshowPerformerName%5D=false&vp%5BshowPerformerStatus%5D=false&filters=&subAffId=%7BSUBAFFID%7D&categoryName=girl&embedTool=1&origin=camschat.net
Cookie: psui=a59f007fbf3384ccc33cc586d5d348f0
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
cache-control: no-cache
date: Tue, 20 Dec 2022 12:49:52 GMT
server: unknown
set-cookie: psui=a59f007fbf3384ccc33cc586d5d348f0; Path=/; Expires=Thu, 19-Jan-23 12:49:52 GMT; SameSite=None; Secure
content-encoding: gzip
X-Firefox-Spdy: h2
ocsp.sectigo.com/
104.18.32.68200 OK 472 B IP 104.18.32.68:0
Hash 22c93f581a172d3f7b4f7ab181d26206
4b0ce485e942434636c7003217d9ffa3f0433b25
e9e831b4a6e74224620c65d488000399a92ac27a2db0e5b3839cce427ebed917
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Tue, 20 Dec 2022 12:49:53 GMT
Content-Type: application/ocsp-response
Content-Length: 472
Connection: keep-alive
Last-Modified: Tue, 20 Dec 2022 07:51:01 GMT
Expires: Tue, 27 Dec 2022 07:51:00 GMT
Etag: "4b0ce485e942434636c7003217d9ffa3f0433b25"
Cache-Control: max-age=586266,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb2
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 77c880229bf8b50f-OSL
lsc-edge-95-128-120-32.dditscdn.com/memberChat/jasmin62f84553-3ffa-49e7-9c13-4b23ff940242d998cfe8f3350a8d6c7abefa1e302d05?token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJkb2NsZXIubHNjLmFwaSIsImF1ZCI6Ijk1LjEyOC4xMjAuMzIiLCJuaWNrIjoiNjJmODQ1NTMtM2ZmYS00OWU3LTljMTMtNGIyM2ZmOTQwMjQyIiwiaGFzaCI6ImQ5OThjZmU4ZjMzNTBhOGQ2YzdhYmVmYTFlMzAyZDA1IiwianRpIjoxNDM5ODAzNjY4NTQ3MjkzLCJpYXQiOjE2NzE1NDA1OTIsImV4cCI6MTY3MTU0MDY1Mn0.oEx-NbMVAexy_ecQONXEVR9Y0aWwQJ7MJI5JdCgYleE
95.128.120.32101 Switching Protocols 0 B URL HTTP/1.1 lsc-edge-95-128-120-32.dditscdn.com/memberChat/jasmin62f84553-3ffa-49e7-9c13-4b23ff940242d998cfe8f3350a8d6c7abefa1e302d05?token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJkb2NsZXIubHNjLmFwaSIsImF1ZCI6Ijk1LjEyOC4xMjAuMzIiLCJuaWNrIjoiNjJmODQ1NTMtM2ZmYS00OWU3LTljMTMtNGIyM2ZmOTQwMjQyIiwiaGFzaCI6ImQ5OThjZmU4ZjMzNTBhOGQ2YzdhYmVmYTFlMzAyZDA1IiwianRpIjoxNDM5ODAzNjY4NTQ3MjkzLCJpYXQiOjE2NzE1NDA1OTIsImV4cCI6MTY3MTU0MDY1Mn0.oEx-NbMVAexy_ecQONXEVR9Y0aWwQJ7MJI5JdCgYleE
IP 95.128.120.32:0
ASN #34655 DuoDecad IT Services Luxembourg S.a r.l.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /memberChat/jasmin62f84553-3ffa-49e7-9c13-4b23ff940242d998cfe8f3350a8d6c7abefa1e302d05?token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJkb2NsZXIubHNjLmFwaSIsImF1ZCI6Ijk1LjEyOC4xMjAuMzIiLCJuaWNrIjoiNjJmODQ1NTMtM2ZmYS00OWU3LTljMTMtNGIyM2ZmOTQwMjQyIiwiaGFzaCI6ImQ5OThjZmU4ZjMzNTBhOGQ2YzdhYmVmYTFlMzAyZDA1IiwianRpIjoxNDM5ODAzNjY4NTQ3MjkzLCJpYXQiOjE2NzE1NDA1OTIsImV4cCI6MTY3MTU0MDY1Mn0.oEx-NbMVAexy_ecQONXEVR9Y0aWwQJ7MJI5JdCgYleE HTTP/1.1
Host: lsc-edge-95-128-120-32.dditscdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: https://pt.ctsdwm.com
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: UPQ9Vsmg3barkcFbzps8nA==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Date: Tue, 20 Dec 2022 12:49:53 GMT
Connection: upgrade
Upgrade: websocket
Sec-WebSocket-Accept: 71tNQai3RWZp/NEOy4EqIZ5tD7A=
Server: unknown
xfantazy.com/_next/static/jHZyLbKEM9kba_Tjd8V5n/pages/video.js
172.64.163.22200 OK 0 B URL HTTP/2 xfantazy.com/_next/static/jHZyLbKEM9kba_Tjd8V5n/pages/video.js
IP 172.64.163.22:0
GET /_next/static/jHZyLbKEM9kba_Tjd8V5n/pages/video.js HTTP/1.1
Host: xfantazy.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/video/6256b6895a615f1d0cf9c694
Cookie: visitorId=nz72bnqk6kyzzq5g65x; experiment-popup-payment-7=0; experiment-save-to-button-2=0
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Tue, 20 Dec 2022 12:49:44 GMT
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=31536000, immutable
cf-bgj: minify
etag: W/"597e-1852f08d136"
last-modified: Tue, 20 Dec 2022 10:16:25 GMT
vary: Origin, Accept-Encoding
cf-cache-status: HIT
age: 9139
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=EjeGoD3uwGBlfmngepDJVqR1aHhggxGvyb2xJEsH5AnG1h7UZhYnW7KRxpdFkeTHvvSkjpQFK9oJfM6UsHiT6nve431FWzeDHTtMbw%2F%2FdMUFIKKkAiq1f1p1PMSF%2BzY%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 77c87fef8d384077-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
xfantazy.com/_next/static/chunks/9.be198c87e436634bf765.js
172.64.163.22200 OK 0 B URL HTTP/2 xfantazy.com/_next/static/chunks/9.be198c87e436634bf765.js
IP 172.64.163.22:0
GET /_next/static/chunks/9.be198c87e436634bf765.js HTTP/1.1
Host: xfantazy.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/video/6256b6895a615f1d0cf9c694
Cookie: visitorId=nz72bnqk6kyzzq5g65x; experiment-popup-payment-7=0; experiment-save-to-button-2=0
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Tue, 20 Dec 2022 12:49:44 GMT
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=31536000, immutable
cf-bgj: minify
etag: W/"9c95-18350162904"
last-modified: Sun, 18 Sep 2022 10:12:53 GMT
vary: Origin, Accept-Encoding
cf-cache-status: HIT
age: 6461687
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=lIbDaa9CZkh%2FxZK%2BUW%2B%2BWzssTrT9cUW8gf0uBZcqyOUXqXE5fUuhsfNZmjtFtRbj3mqG8D5FF%2BKyYqiUjIzG%2FcTJYWhCo%2Fnr2FIfVC%2Fh%2FLTEsfr%2BlhQ%2FVt3HofUeW1Q%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 77c87fef9d424077-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
xfantazy.com/_next/static/chunks/47.6c9a4510342e4dd3af77.js
172.64.163.22200 OK 0 B URL HTTP/2 xfantazy.com/_next/static/chunks/47.6c9a4510342e4dd3af77.js
IP 172.64.163.22:0
GET /_next/static/chunks/47.6c9a4510342e4dd3af77.js HTTP/1.1
Host: xfantazy.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/video/6256b6895a615f1d0cf9c694
Cookie: visitorId=nz72bnqk6kyzzq5g65x; experiment-popup-payment-7=0; experiment-save-to-button-2=0
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Tue, 20 Dec 2022 12:49:44 GMT
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=31536000, immutable
cf-bgj: minify
etag: W/"620-183501608b0"
last-modified: Sun, 18 Sep 2022 10:12:44 GMT
vary: Origin, Accept-Encoding
cf-cache-status: HIT
age: 3529953
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=e7FUXYSk9YQwr3VH4712Lkqsqtl5fbDPf49b2ur%2FUane0yQwTDsAmERkqz9%2F5xx9O7GY14dgQvjGb2svlnt4NguMrYAj6B3kPlajG5qCLh6k6FcD7v%2BLUhIUZ1EQEPc%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 77c87fef9d464077-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
a.realsrv.com/video-slider.js
185.76.9.21200 OK 0 B URL HTTP/2 a.realsrv.com/video-slider.js
IP 185.76.9.21:0
ASN #60068 Datacamp Limited
GET /video-slider.js HTTP/1.1
Host: a.realsrv.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://media.aso1.net/
Cookie: __uvt=a%3A1%3A%7Bi%3A0%3Bs%3A33%3A%2263a1af6d6e7312.430497771156763475%22%3B%7D; __upt=%7B%22v%22%3A1%2C%22id%22%3A%220%22%2C%22pcma%22%3A%22%22%2C%22acma%22%3A%22508.03940399%22%7D
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Tue, 20 Dec 2022 12:49:49 GMT
content-type: application/javascript
etag: W/"bfe8e0d358572ef0cbb85c26f8a"
expires: Tue, 13 Dec 2022 13:53:12 GMT
cache-control: max-age=10800
access-control-allow-origin: *
x-cache-op: HIT
x-accel-expires: @1671544551
server: CDN77-Turbo
x-77-nzt: AblMCRQoKOf/thoAAA
x-77-nzt-ray: af5856302823ed166dafa16321320b2b
x-cache: HIT
x-age: 6838
x-77-pop: stockholmSE
x-77-cache: HIT
content-encoding: gzip
X-Firefox-Spdy: h2
cdn.creative-bars1.com/sb/notifications/rtb/social/facebook/1-1/css/style.css
172.64.109.13200 OK 0 B URL HTTP/2 cdn.creative-bars1.com/sb/notifications/rtb/social/facebook/1-1/css/style.css
IP 172.64.109.13:0
GET /sb/notifications/rtb/social/facebook/1-1/css/style.css HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://xfantazy.com
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Tue, 20 Dec 2022 12:49:47 GMT
content-type: text/css
last-modified: Mon, 06 Jun 2022 09:53:30 GMT
etag: W/"629dce9a-1a2a"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 3013335
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=mf6osKwgCp4QmkCLEfQlxyl%2Br6zqBlX3X00zIHPBftyIlsa5egVq4fyjAsCQnVsRyf6pF7aajfXH8nzgUQjD9%2Bru060W7DtRIWnk7Oija9kamHO9k%2FGHPmAE40E7i5Ex2iKLA26w44qc"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 77c880005ef90662-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
pogothere.xyz/
172.64.172.27200 OK 0 B IP 172.64.172.27:0
GET / HTTP/1.1
Host: pogothere.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://xfantazy.com/
Origin: https://xfantazy.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Tue, 20 Dec 2022 12:49:48 GMT
content-type: text/plain
set-cookie: csu=1726968264502035@1@1671540588; Max-Age=31104000; Secure; SameSite=None
access-control-allow-origin: https://xfantazy.com
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-headers: X-Requested-With, content-type
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=vxp60%2Fse6Emxe6gXn2qd2mkfRgYEo26xXhd7uq3nmPJzR0JVVHoHH11IY73%2BsfJkfXy6TDqqXHAeiA%2BnPP567sFFVegNtYcjcmBh2nrGV4ip51PghHev95Bs5sqjfLdz"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 77c88006dab30706-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
awecre.com/embed/lf?c=object_container&site=wl3&cobrandId=240622&psid=cybermike&pstool=202_1&psprogram=cbrnd&campaign_id=118122&category=girl&forcedPerformers[]=&vp[showChat]=false&vp[chatAutoHide]=false&vp[showCallToAction]=false&vp[showPerformerName]=false&vp[showPerformerStatus]=false&filters=&ms_notrack=1&subAffId={SUBAFFID}
93.93.51.191200 OK 0 B URL HTTP/2 awecre.com/embed/lf?c=object_container&site=wl3&cobrandId=240622&psid=cybermike&pstool=202_1&psprogram=cbrnd&campaign_id=118122&category=girl&forcedPerformers[]=&vp[showChat]=false&vp[chatAutoHide]=false&vp[showCallToAction]=false&vp[showPerformerName]=false&vp[showPerformerStatus]=false&filters=&ms_notrack=1&subAffId={SUBAFFID}
IP 93.93.51.191:0
ASN #34655 DuoDecad IT Services Luxembourg S.a r.l.
GET /embed/lf?c=object_container&site=wl3&cobrandId=240622&psid=cybermike&pstool=202_1&psprogram=cbrnd&campaign_id=118122&category=girl&forcedPerformers[]=&vp[showChat]=false&vp[chatAutoHide]=false&vp[showCallToAction]=false&vp[showPerformerName]=false&vp[showPerformerStatus]=false&filters=&ms_notrack=1&subAffId={SUBAFFID} HTTP/1.1
Host: awecre.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://camschat.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript
cache-control: no-cache
date: Tue, 20 Dec 2022 12:49:50 GMT
server: unknown
set-cookie: psui=a59f007fbf3384ccc33cc586d5d348f0; Path=/; Expires=Thu, 19-Jan-23 12:49:50 GMT; SameSite=None; Secure
X-Firefox-Spdy: h2
fonts.googleapis.com/css?family=Roboto:100,300,400,500,700&display=swap
142.250.74.106200 OK 0 B URL HTTP/2 fonts.googleapis.com/css?family=Roboto:100,300,400,500,700&display=swap
IP 142.250.74.106:0
GET /css?family=Roboto:100,300,400,500,700&display=swap HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Tue, 20 Dec 2022 12:49:45 GMT
date: Tue, 20 Dec 2022 12:49:45 GMT
cache-control: private, max-age=86400
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
camschat.net/900250/awe900250.php
66.230.180.98200 OK 0 B URL HTTP/2 camschat.net/900250/awe900250.php
IP 66.230.180.98:0
GET /900250/awe900250.php HTTP/1.1
Host: camschat.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://camschat.net/900250/adnium.php
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 20 Dec 2022 12:49:50 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
x-powered-by: PHP/7.4.3
content-encoding: gzip
X-Firefox-Spdy: h2
cdn.creative-bars1.com/sb/notifications/rtb/social/facebook/1-1/css/animate.css
172.64.109.13200 OK 0 B URL HTTP/2 cdn.creative-bars1.com/sb/notifications/rtb/social/facebook/1-1/css/animate.css
IP 172.64.109.13:0
GET /sb/notifications/rtb/social/facebook/1-1/css/animate.css HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://xfantazy.com
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Tue, 20 Dec 2022 12:49:47 GMT
content-type: text/css
last-modified: Tue, 24 May 2022 12:11:15 GMT
etag: W/"628ccb63-1358d"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 1669087
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=JbP1mygdNP6uyZK%2B7sE7cyHxm4nv8x2Z%2BD8vcc5W78ylqGukGwQtxH1xY6QtNOAdEKeA9ft71wPAU3TGMt0hp0WLwb7pJ%2FRW4pEua1xwPxnhwtsB1ynbtk%2Buu1zzXA%2Fnkox%2F3n0f%2B%2Bz2"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 77c880005efd0662-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
chaturbate.com/tours/3/?tour=x1Rd&campaign=NcAyU&c=3&p=0&gender=f&disable_sound=0
104.18.100.40200 OK 0 B URL HTTP/2 chaturbate.com/tours/3/?tour=x1Rd&campaign=NcAyU&c=3&p=0&gender=f&disable_sound=0
IP 104.18.100.40:0
GET /tours/3/?tour=x1Rd&campaign=NcAyU&c=3&p=0&gender=f&disable_sound=0 HTTP/1.1
Host: chaturbate.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://cams.gratis/
Connection: keep-alive
Cookie: __cf_bm=T8w9cp.KRhI0ABIxdGqVNdgRqFE9O56JEo9uNE2UK8A-1671540590-0-AStjBAOqgVpYWxV+tYbO8p7yjboSg25I5l+rQ3spa7KpmQSET7k7RxH+6rAw+qfmLcI+Vp5yv73JysCuuvb+2Zs=
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Tue, 20 Dec 2022 12:49:50 GMT
content-type: text/html; charset=utf-8
vary: Accept-Encoding, Accept-Language, Cookie
p3p: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"
content-language: en
content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.mmcdn.com https://*.highwebmedia.com https://*.chaturbate.com https://chaturbate.com https://ajax.googleapis.com https://js-agent.newrelic.com https://cdnjs.cloudflare.com https://www.google-analytics.com https://www.google.com/recaptcha/ https://www.google.com/cv/ https://www.gstatic.com/recaptcha/ https://www.gstatic.com/cv/ https://www.gstatic.com/eureka/ https://www.gstatic.com/cast/ https://*.nr-data.net https://certify-js.alexametrics.com https://player.vimeo.com/api/player.js http://static.hotjar.com https://static.hotjar.com https://script.hotjar.com ; style-src 'self' data: 'unsafe-inline' https://*.highwebmedia.com https://cdnjs.cloudflare.com https://fonts.googleapis.com ; img-src 'self' data: https://*.mmcdn.com https://*.highwebmedia.com https://*.stream.highwebmedia.com https://*.chaturbate.com https://chaturbate.com https://www.google-analytics.com https://static-pub.highwebmedia.com https://s3pv.highwebmedia.com https://cbphotovideo.s3.amazonaws.com https://cbphotovideo-eu.s3.amazonaws.com https://static-pub.highwebmedia.com.s3.amazonaws.com https://wowdvr.s3.amazonaws.com https://cbvideoupload.s3.amazonaws.com https://cdnjs.cloudflare.com https://www.gstatic.com https://*.nr-data.net https://certify.alexametrics.com https://stats.g.doubleclick.net https://cbgames.s3.amazonaws.com https://player.vimeo.com https://script.hotjar.com http://script.hotjar.com ; font-src 'self' data: https://*.mmcdn.com https://*.highwebmedia.com https://cdnjs.cloudflare.com https://fonts.gstatic.com http://script.hotjar.com https://script.hotjar.com ; connect-src 'self' blob: blob https://*.mmcdn.com wss://*.mmcdn.com wss://*.mmcdn.com:8443 https://*.highwebmedia.com wss://*.highwebmedia.com wss://*.highwebmedia.com:8443 https://*.nr-data.net https://*.chaturbate.com https://chaturbate.com https://www.google-analytics.com https://cbvideoupload.s3-accelerate.amazonaws.com https://stats.g.doubleclick.net https://internet-up.ably-realtime.com https://static-pub.highwebmedia.com https://s3pv.highwebmedia.com https://cbphotovideo.s3.amazonaws.com https://cbphotovideo-eu.s3.amazonaws.com https://static-pub.highwebmedia.com.s3.amazonaws.com https://wowdvr.s3.amazonaws.com https://cbvideoupload.s3.amazonaws.com https://tls-use1.fpapi.io https://use1.fptls.com https://eun1.fptls.com https://aps1.fptls.com http://*.hotjar.com:* https://*.hotjar.com:* https://vc.hotjar.io:* https://surveystats.hotjar.io wss://*.hotjar.com ; media-src 'self' https://*.mmcdn.com https://*.highwebmedia.com https://*.chaturbate.com https://chaturbate.com mediasource: blob: data: https://static-pub.highwebmedia.com https://s3pv.highwebmedia.com https://cbphotovideo.s3.amazonaws.com https://cbphotovideo-eu.s3.amazonaws.com https://static-pub.highwebmedia.com.s3.amazonaws.com https://wowdvr.s3.amazonaws.com https://cbvideoupload.s3.amazonaws.com; object-src 'self' https://*.mmcdn.com https://*.highwebmedia.com https://download.macromedia.com https://static-pub.highwebmedia.com https://s3pv.highwebmedia.com https://cbphotovideo.s3.amazonaws.com https://cbphotovideo-eu.s3.amazonaws.com https://static-pub.highwebmedia.com.s3.amazonaws.com https://wowdvr.s3.amazonaws.com https://cbvideoupload.s3.amazonaws.com ; frame-src 'self' https://*.mmcdn.com https://*.chaturbate.com https://chaturbate.com https://*.highwebmedia.com https://adserver.exoticads.com https://www.google.com/recaptcha/ https://*.wnu.com https://wnu.com https://checkout.2000charge.com https://www.sofort.com https://*.girogate.de https://player.vimeo.com https://vars.hotjar.com ; child-src 'self' blob: blob ; worker-src 'self' blob: blob ; form-action 'self' https://*.chaturbate.com https://chaturbate.com https://*.stream.highwebmedia.com https://www.coinpayments.net https://*.wnu.com https://wnu.com https://devportal.cb.dev https://*.web.amer-1.jumio.ai https://smartpay.coinsmart.com ; manifest-src 'self' https://*.mmcdn.com https://*.highwebmedia.com ; report-uri https://report-uri.mmcdn.com/r/t/csp/enforce;
report-to: {"group":"default","max_age":2592000,"endpoints":[{"url":"https://report-uri.mmcdn.com/a/t/g"}],"include_subdomains":true}
nel: {"report_to":"default","max_age":2592000,"include_subdomains":true}
cache-control: no-cache
x-content-type-options: nosniff
x-xss-protection: 1; mode=block; report=https://report-uri.highwebmedia.com/r/t/xss/enforce
referrer-policy: strict-origin-when-cross-origin
via: 1.1 google
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
set-cookie: stcki="iuhY4r=1"; expires=Thu, 19-Jan-2023 12:49:50 GMT; Max-Age=2592000; Path=/
affkey="eJyrVipSslJQyigpKSi20tdPTswt1ksvSizJLNZXqgUAilAJow=="; Domain=.chaturbate.com; expires=Thu, 19-Jan-2023 12:49:50 GMT; Max-Age=2592000; Path=/
sbr=sec:sbr36456835-cb5f-4bda-92d0-9d43917794ae:1p7c46:QXN0vb0IfrKTRWYi5redTkhPFDk; Domain=.chaturbate.com; expires=Sun, 14-Sep-2025 12:49:50 GMT; HttpOnly; Max-Age=86313600; Path=/; Secure
cf-cache-status: DYNAMIC
strict-transport-security: max-age=31536000; includeSubDomains; preload
server: cloudflare
cf-ray: 77c880108ddbb52d-OSL
content-encoding: br
X-Firefox-Spdy: h2
a.naturalhealthsource.club/api/spots/312875?p=1&s1=%subid1%&kw=
135.181.208.216200 OK 0 B URL HTTP/2 a.naturalhealthsource.club/api/spots/312875?p=1&s1=%subid1%&kw=
IP 135.181.208.216:0
ASN #24940 Hetzner Online GmbH
GET /api/spots/312875?p=1&s1=%subid1%&kw= HTTP/1.1
Host: a.naturalhealthsource.club
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Cookie: nauid=3tLIHRTclgAdHpEtWJBv
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 20 Dec 2022 12:49:48 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
cache-control: private
content-encoding: gzip
X-Firefox-Spdy: h2
creative.xlirdr.com/widgets/v4/Universal/?actionButtonPlacement=bottom&buttonColor=&campaignId=banner2609start&creativeId=300x250&domain=stripchat&hideButtonOnSmallSpots=1&hideModelNameOnSmallSpots=0&hideTitleOnSmallSpots=1&isXhDesign=0&liveBadgeColor=%2324d7d7&modelsCountry=&modelsLanguage=&showButton=1&showLiveBadge=1&showModelName=1&showTitle=0&sound=off&sourceId=xfanta&tag=females&targetDomain=&thumbSizeKey=small&trackOff=1&userId=b47aedc2c088e2f21e0cc23e0318384c557941461efdbc48212e7282df45f2f4
104.18.51.106200 OK 0 B URL HTTP/2 creative.xlirdr.com/widgets/v4/Universal/?actionButtonPlacement=bottom&buttonColor=&campaignId=banner2609start&creativeId=300x250&domain=stripchat&hideButtonOnSmallSpots=1&hideModelNameOnSmallSpots=0&hideTitleOnSmallSpots=1&isXhDesign=0&liveBadgeColor=%2324d7d7&modelsCountry=&modelsLanguage=&showButton=1&showLiveBadge=1&showModelName=1&showTitle=0&sound=off&sourceId=xfanta&tag=females&targetDomain=&thumbSizeKey=small&trackOff=1&userId=b47aedc2c088e2f21e0cc23e0318384c557941461efdbc48212e7282df45f2f4
IP 104.18.51.106:0
GET /widgets/v4/Universal/?actionButtonPlacement=bottom&buttonColor=&campaignId=banner2609start&creativeId=300x250&domain=stripchat&hideButtonOnSmallSpots=1&hideModelNameOnSmallSpots=0&hideTitleOnSmallSpots=1&isXhDesign=0&liveBadgeColor=%2324d7d7&modelsCountry=&modelsLanguage=&showButton=1&showLiveBadge=1&showModelName=1&showTitle=0&sound=off&sourceId=xfanta&tag=females&targetDomain=&thumbSizeKey=small&trackOff=1&userId=b47aedc2c088e2f21e0cc23e0318384c557941461efdbc48212e7282df45f2f4 HTTP/1.1
Host: creative.xlirdr.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://cams.gratis/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Tue, 20 Dec 2022 12:49:50 GMT
content-type: text/html
last-modified: Tue, 20 Dec 2022 09:05:32 GMT
expires: Tue, 20 Dec 2022 12:49:43 GMT
cache-control: max-age=10
strict-transport-security: max-age=15768000
pragma: public
report-to: { "endpoints":[{ "url": "https://go.stripchat.com/report" }], "group": "default", "max_age": 1048576 }
cf-cache-status: HIT
age: 8
vary: Accept-Encoding
server: cloudflare
cf-ray: 77c8800fae5b0b55-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
camschat.net/900250/adnium.php
66.230.180.98200 OK 0 B URL HTTP/2 camschat.net/900250/adnium.php
IP 66.230.180.98:0
GET /900250/adnium.php HTTP/1.1
Host: camschat.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://a.medfoodsafety.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Tue, 20 Dec 2022 12:49:50 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
x-powered-by: PHP/7.4.3
content-encoding: gzip
X-Firefox-Spdy: h2
camschat.net/900250/cuntempire.webp
66.230.180.98200 OK 0 B URL HTTP/2 camschat.net/900250/cuntempire.webp
IP 66.230.180.98:0
GET /900250/cuntempire.webp HTTP/1.1
Host: camschat.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://camschat.net/900250/game.php
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 20 Dec 2022 12:49:50 GMT
content-type: image/webp
last-modified: Mon, 12 Apr 2021 15:04:52 GMT
vary: Accept-Encoding
etag: W/"60746194-1dc40"
content-encoding: gzip
X-Firefox-Spdy: h2
xfantazy.com/video/6256b6895a615f1d0cf9c694
172.64.163.22200 OK 0 B URL HTTP/2 xfantazy.com/video/6256b6895a615f1d0cf9c694
IP 172.64.163.22:0
GET /video/6256b6895a615f1d0cf9c694 HTTP/1.1
Host: xfantazy.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/2 200 OK
date: Tue, 20 Dec 2022 12:49:44 GMT
content-type: text/html; charset=utf-8
vary: Origin
set-cookie: visitorId=nz72bnqk6kyzzq5g65x; Domain=xfantazy.com; Path=/; Expires=Mon, 20 Dec 2032 12:49:44 GMT; HttpOnly
experiment-popup-payment-7=0; Path=/; Expires=Tue, 27 Dec 2022 12:49:44 GMT
experiment-save-to-button-2=0; Path=/; Expires=Tue, 27 Dec 2022 12:49:44 GMT
x-powered-by: Next.js
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=i47zJjS9zDsQpO9JTRSoDw9lnR0wwqqNSpWgvAXmGcxhPIRv63FEci89FwI2rhTsq1JeXkJHw6FlLNofzzx3s6UNPGC3A8BxN3FclViReo%2BNYGgkZ520Rd6IKT4QT%2B0%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 77c87febf9f44077-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
cdn.creative-bars1.com/sb/notifications/rtb/social/facebook/1-1/js/jquery-3.2.1.min.js
172.64.109.13200 OK 0 B URL HTTP/2 cdn.creative-bars1.com/sb/notifications/rtb/social/facebook/1-1/js/jquery-3.2.1.min.js
IP 172.64.109.13:0
GET /sb/notifications/rtb/social/facebook/1-1/js/jquery-3.2.1.min.js HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Tue, 20 Dec 2022 12:49:47 GMT
content-type: application/javascript
last-modified: Tue, 24 May 2022 12:11:21 GMT
etag: W/"628ccb69-1fa27"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 3020100
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=nOWFLkCQvRvmJvfanT4NVVDCzCEqvrsCkGlbnzzhQXxkua6Uru4ijmoO36GyaUU8ETfVFyDN%2BNu1GFMhgY10y41BtAV%2FLHL9EIw3L9WeTM8%2Bg56aPEpebW1BFvv7G053vHBaALa3VXjO"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 77c880009f350662-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
a.naturalhealthsource.club/api/spots/312873?p=1&s1=%subid1%&kw=
135.181.208.216200 OK 0 B URL HTTP/2 a.naturalhealthsource.club/api/spots/312873?p=1&s1=%subid1%&kw=
IP 135.181.208.216:0
ASN #24940 Hetzner Online GmbH
GET /api/spots/312873?p=1&s1=%subid1%&kw= HTTP/1.1
Host: a.naturalhealthsource.club
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Cookie: nauid=3tLIHRTclgAdHpEtWJBv
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 20 Dec 2022 12:49:48 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
cache-control: private
content-encoding: gzip
X-Firefox-Spdy: h2
a.naturalhealthsource.club/api/spots/303894?p=1&s1=%subid1%&kw=
135.181.208.216200 OK 0 B URL HTTP/2 a.naturalhealthsource.club/api/spots/303894?p=1&s1=%subid1%&kw=
IP 135.181.208.216:0
ASN #24940 Hetzner Online GmbH
GET /api/spots/303894?p=1&s1=%subid1%&kw= HTTP/1.1
Host: a.naturalhealthsource.club
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Cookie: nauid=3tLIHRTclgAdHpEtWJBv
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 20 Dec 2022 12:49:48 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
cache-control: private
content-encoding: gzip
X-Firefox-Spdy: h2
camschat.net/900250/game.php
66.230.180.98200 OK 0 B URL HTTP/2 camschat.net/900250/game.php
IP 66.230.180.98:0
GET /900250/game.php HTTP/1.1
Host: camschat.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://camschat.net/900250/adnium.php
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 20 Dec 2022 12:49:50 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
x-powered-by: PHP/7.4.3
content-encoding: gzip
X-Firefox-Spdy: h2
static-assets.highwebmedia.com/CACHE/css/output.ef7436bc2788.css
104.16.93.42200 OK 0 B URL HTTP/2 static-assets.highwebmedia.com/CACHE/css/output.ef7436bc2788.css
IP 104.16.93.42:0
GET /CACHE/css/output.ef7436bc2788.css HTTP/1.1
Host: static-assets.highwebmedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://chaturbate.com/
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Tue, 20 Dec 2022 12:49:50 GMT
content-type: text/css
cache-control: public, max-age=2592000
cf-bgj: minify
cf-polished: origSize=29618
etag: W/"ade681e2fa92be6f93f43294ddc58941"
last-modified: Thu, 17 Nov 2022 16:34:23 GMT
x-amz-id-2: azvjfLhsZQz0cag4muV1nCoqw4kMQf5PSauhF7VXnYrO6hWxTMgQHmT8X4/+31fVT28kfu+Uu6Q=
x-amz-meta-s3cmd-attrs: md5:ade681e2fa92be6f93f43294ddc58941
x-amz-request-id: X33R15MJ639RYB32
cf-cache-status: HIT
age: 245595
expires: Thu, 19 Jan 2023 12:49:50 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=cgCrcG5%2BXtomUQq3r3GcmmV50sAhv4Eds8xi6ZVVXk4gPXxz1I0tYhY06E7KVvxRsWQZkdEESncNpfv9giZSl2dFYIi9CBk8H0CncCkI0pum7GfZKUIOe39WQogJmG%2F8BCwoG7IDWb9avtcGdZ6e0A%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
set-cookie: _cfuvid=homw.LE_noUVeHxxw5b.NJ_fPBMfdvClzmcZ2qjOP68-1671540590520-0-604800000; path=/; domain=.highwebmedia.com; HttpOnly; Secure; SameSite=None
server: cloudflare
cf-ray: 77c88012b941b509-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
cdn.creative-bars1.com/sb/notifications/rtb/android/2/css/animate.css
172.64.109.13200 OK 0 B URL HTTP/2 cdn.creative-bars1.com/sb/notifications/rtb/android/2/css/animate.css
IP 172.64.109.13:0
GET /sb/notifications/rtb/android/2/css/animate.css HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://xfantazy.com
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Tue, 20 Dec 2022 12:49:48 GMT
content-type: text/css
last-modified: Wed, 27 Jan 2021 16:00:48 GMT
etag: W/"60118e30-13591"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 3020298
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=MOfQpqyYWzjrh9ukXZXFh17jZc0SZgS1pr1EIXsyPGo2drSSZ00Cb4R%2FalY0%2B9vuvmv9Go9H%2Bv9v%2FS6JnddEETlXB8ZKF0ov70ZpL32IdCIMf5DG7l3XIqrCOplm6SVlzSiFcSZ3cUVr"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 77c88003e9ad0662-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
pt-static4.ptwmstcnt.com/npe/ba/fklf/script/fk.lf-v598559.js
93.93.51.200200 OK 0 B URL HTTP/2 pt-static4.ptwmstcnt.com/npe/ba/fklf/script/fk.lf-v598559.js
IP 93.93.51.200:0
ASN #34655 DuoDecad IT Services Luxembourg S.a r.l.
GET /npe/ba/fklf/script/fk.lf-v598559.js HTTP/1.1
Host: pt-static4.ptwmstcnt.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://pt.ctsdwm.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Tue, 20 Dec 2022 12:49:51 GMT
content-type: application/javascript
last-modified: Mon, 19 Dec 2022 11:48:20 GMT
vary: Accept-Encoding, Accept-Encoding
etag: W/"63a04f84-504a8"
access-control-allow-origin: *
server: unknown
x-cdn-node: sesto
x-cache-status: R-HIT
content-encoding: gzip
X-Firefox-Spdy: h2
pogothere.xyz/asd100.bin
172.64.172.27200 OK 0 B IP 172.64.172.27:0
GET /asd100.bin HTTP/1.1
Host: pogothere.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://xfantazy.com/
Origin: https://xfantazy.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Tue, 20 Dec 2022 12:49:48 GMT
content-type: binary/octet-stream
access-control-allow-origin: https://xfantazy.com
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-headers: X-Requested-With, content-type
cache-control: max-age=14400
cf-cache-status: HIT
age: 2450
last-modified: Tue, 20 Dec 2022 12:08:58 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=1fyzyQ%2FBImK7aZ4OF4LNV4sKpPud3%2Bsz0cfIux3OtiWYvEWe6MSFix%2FGW20I4dwIE9CEJgwQnBwM7B%2BjRCvMwlNt3fw1ji4WRJ97J08q89dCIfnjBWIsmuFKI6u8mjfl"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 77c88006aa860706-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
a.naturalhealthsource.club/api/spots/312874?p=1&s1=%subid1%&kw=
135.181.208.216200 OK 0 B URL HTTP/2 a.naturalhealthsource.club/api/spots/312874?p=1&s1=%subid1%&kw=
IP 135.181.208.216:0
ASN #24940 Hetzner Online GmbH
GET /api/spots/312874?p=1&s1=%subid1%&kw= HTTP/1.1
Host: a.naturalhealthsource.club
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Cookie: nauid=3tLIHRTclgAdHpEtWJBv
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 20 Dec 2022 12:49:48 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
cache-control: private
content-encoding: gzip
X-Firefox-Spdy: h2
friendshipmale.com/sfp.js
172.64.108.35200 OK 0 B URL HTTP/2 friendshipmale.com/sfp.js
IP 172.64.108.35:0
GET /sfp.js HTTP/1.1
Host: friendshipmale.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Tue, 20 Dec 2022 12:49:46 GMT
content-type: application/javascript; charset=utf-8
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
access-control-allow-origin: *
expires: Thu, 01 Jan 1970 00:00:01 GMT
cache-control: max-age=14400
x-request-id: 0ffde923a30aa71f1fb6fad99d25336d
strict-transport-security: max-age=0; includeSubdomains
cf-cache-status: STALE
age: 0
last-modified: Tue, 20 Dec 2022 12:49:46 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=hpZlHRZ6OjhVvo57Rja8X1YVdbJQrz%2FTIWthhxgGvf6QRdCspwIai9lB8Msi8v4xeFJfREpfzovDkNu2Oqxlg7I423A5TgpniKYXAXFHo0XxA2%2FFHhcaPAZAgxVMPSmab4Za72M%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 77c87ff99d282405-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
pogothere.xyz/asd100.bin
172.64.172.27200 OK 0 B IP 172.64.172.27:0
GET /asd100.bin HTTP/1.1
Host: pogothere.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://xfantazy.com/
Origin: https://xfantazy.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Tue, 20 Dec 2022 12:49:48 GMT
content-type: binary/octet-stream
access-control-allow-origin: https://xfantazy.com
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-headers: X-Requested-With, content-type
cache-control: max-age=14400
cf-cache-status: HIT
age: 2450
last-modified: Tue, 20 Dec 2022 12:08:58 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=2gQgY95swFXCraxdC3mmYldZokgWDWRh0HSVvGFKW1vLjZlftkCEev4oSnnml1eKctdWNuiHbDYyZ8lqmrVVn3itL3vZX8V9%2F4eOczXMmcU1N8fy%2Fr8Jheoe7vKQkNK7"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 77c88006ca9d0706-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
pt.ctsdwm.com/live-feed/fk/?c=object_container&site=wl3&cobrandId=240622&psid=cybermike&pstool=202_1&psprogram=cbrnd&campaign_id=118122&forcedPerformers%5B0%5D=&vp%5BshowChat%5D=false&vp%5BchatAutoHide%5D=false&vp%5BshowCallToAction%5D=false&vp%5BshowPerformerName%5D=false&vp%5BshowPerformerStatus%5D=false&filters=&subAffId=%7BSUBAFFID%7D&categoryName=girl&embedTool=1&origin=camschat.net
93.93.51.191200 OK 0 B URL HTTP/2 pt.ctsdwm.com/live-feed/fk/?c=object_container&site=wl3&cobrandId=240622&psid=cybermike&pstool=202_1&psprogram=cbrnd&campaign_id=118122&forcedPerformers%5B0%5D=&vp%5BshowChat%5D=false&vp%5BchatAutoHide%5D=false&vp%5BshowCallToAction%5D=false&vp%5BshowPerformerName%5D=false&vp%5BshowPerformerStatus%5D=false&filters=&subAffId=%7BSUBAFFID%7D&categoryName=girl&embedTool=1&origin=camschat.net
IP 93.93.51.191:0
ASN #34655 DuoDecad IT Services Luxembourg S.a r.l.
GET /live-feed/fk/?c=object_container&site=wl3&cobrandId=240622&psid=cybermike&pstool=202_1&psprogram=cbrnd&campaign_id=118122&forcedPerformers%5B0%5D=&vp%5BshowChat%5D=false&vp%5BchatAutoHide%5D=false&vp%5BshowCallToAction%5D=false&vp%5BshowPerformerName%5D=false&vp%5BshowPerformerStatus%5D=false&filters=&subAffId=%7BSUBAFFID%7D&categoryName=girl&embedTool=1&origin=camschat.net HTTP/1.1
Host: pt.ctsdwm.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://camschat.net/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
cache-control: no-cache
date: Tue, 20 Dec 2022 12:49:51 GMT
server: unknown
set-cookie: psui=a59f007fbf3384ccc33cc586d5d348f0; Path=/; Expires=Thu, 19-Jan-23 12:49:51 GMT; SameSite=None; Secure
content-encoding: gzip
X-Firefox-Spdy: h2