xfantazy.com/video/601edb27d7357618a3cf5cec
302 Found 0 B URL HTTP/1.1 xfantazy.com/video/601edb27d7357618a3cf5cec
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /video/601edb27d7357618a3cf5cec HTTP/1.1
Host: xfantazy.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 302 Found
Date: Mon, 06 Feb 2023 05:33:45 GMT
Content-Length: 0
Connection: keep-alive
location: https://xfantazy.com/video/601edb27d7357618a3cf5cec
cache-control: no-cache
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2F%2B7CHlDNoJkQaoAk9Ikp6QCMlZrUeBIOLrkxAzDjKxLJdS2Bjb6%2BqLoOG%2F1rWJE7FsW8n9GxN9bL2viMEuMq%2B1YAfZvhofLnQ91phc0Sh%2Bthdof73qcUBJQS2aLNcag%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 795183487b7006a6-LHR
alt-svc: h2=":443"; ma=60
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash c21ba65e44ac95470c314e068e49a9eb
17a13b13738993d889d4afa3d848dc63bf6eba64
9bd0795b30e84ce63b6e2a365ca91bbffc395dd955e112152066c31e63a4ab66
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "9BD0795B30E84CE63B6E2A365CA91BBFFC395DD955E112152066C31E63A4AB66"
Last-Modified: Sat, 04 Feb 2023 11:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5897
Expires: Mon, 06 Feb 2023 07:12:02 GMT
Date: Mon, 06 Feb 2023 05:33:45 GMT
Connection: keep-alive
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 507011ccb9124dcd57e84a90a0965cc4
1a6575d0ac979c7184490cc9836ac4812ad2afd1
01626c18e1e68507aa33ef7448dbc3311901ab6f29adc2f51d449409b0680dce
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "01626C18E1E68507AA33EF7448DBC3311901AB6F29ADC2F51D449409B0680DCE"
Last-Modified: Sun, 05 Feb 2023 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2696
Expires: Mon, 06 Feb 2023 06:18:41 GMT
Date: Mon, 06 Feb 2023 05:33:45 GMT
Connection: keep-alive
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash fb7b6b46e708ad73eaaa3c21e74569ae
950663c025acad81556af5aa3022ecc9d55097fe
763f58b9fb838378c92033b59907b036f4c33081f5103d9bcc2ca2a8de500d64
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "763F58B9FB838378C92033B59907B036F4C33081F5103D9BCC2CA2A8DE500D64"
Last-Modified: Sat, 04 Feb 2023 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=13537
Expires: Mon, 06 Feb 2023 09:19:22 GMT
Date: Mon, 06 Feb 2023 05:33:45 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/
200 OK 939 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/
IP
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash 30db107dcf4380cef05efea409c2e6a3
96e6a306fbc07299aba64e5c14e2bfca35872fa9
b64051a4a8e346e3c72b2aef77f360a5736ab5e16711d8e0bae3876feaa15b6e
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Type, Alert, Retry-After, Content-Length, Backoff
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Mon, 06 Feb 2023 04:34:01 GMT
content-type: application/json
age: 3584
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain
200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain
IP
File type PEM certificate\012- , ASCII text
Hash 7b922915ebf1fa3639b333f994c74f24
144a3f80b98fd0652d4614f24cf6cbbee40f8938
adbb3e06df0e870f5c7a9cb81e8979d4e92735853d75c9b779c06470d4db5d9c
GET /chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: N4xkuD+A/hxsNTSCsAusEsD71Rh2md+pGShTzlllSLKsKAkFVkDw3K3kXpRNEeVH2Nkg8uF9sKRyiz/uxbOZ1A==
x-amz-request-id: RMTWNCDZ9G8BYSP5
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Mon, 06 Feb 2023 05:24:49 GMT
age: 536
last-modified: Mon, 09 Jan 2023 18:04:21 GMT
etag: "7b922915ebf1fa3639b333f994c74f24"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
ocsp.pki.goog/s/gts1p5/VPvL6SobR40
200 OK 471 B URL HTTP/1.1 ocsp.pki.goog/s/gts1p5/VPvL6SobR40
IP
Hash f01de4c7e48742a80ac40af5b651bffc
ae839d5f8761e9cf710830569762830ff6a39e01
f9a0131b3708f9ac76cac73bd877132e8efd72ebb531763a8fdb156ab9fa55b8
POST /s/gts1p5/VPvL6SobR40 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 06 Feb 2023 05:33:46 GMT
Cache-Control: public, max-age=14400
Server: scaffolding on HTTPServer2
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
contile.services.mozilla.com/v1/tiles
200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Mon, 06 Feb 2023 05:33:46 GMT
content-type: application/json
content-length: 12
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-allow-credentials: true
access-control-expose-headers: content-type
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
200 OK 329 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Expires, Content-Type, ETag, Last-Modified, Alert, Retry-After, Content-Length, Cache-Control, Pragma, Backoff
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Mon, 06 Feb 2023 05:07:20 GMT
age: 1586
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash dedf9c519ac38c4bece9c5bc895787d7
4911175c3f8a435978c5301c33c7a99a5e00a1d5
bddd7e3a4939f863642a7c5348c1c8b9bc569b35c10a27f4cf5ec71f7e6b9698
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "BDDD7E3A4939F863642A7C5348C1C8B9BC569B35C10A27F4CF5EC71F7E6B9698"
Last-Modified: Fri, 03 Feb 2023 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3392
Expires: Mon, 06 Feb 2023 06:30:18 GMT
Date: Mon, 06 Feb 2023 05:33:46 GMT
Connection: keep-alive
ocsp.pki.goog/s/gts1p5/VPvL6SobR40
200 OK 471 B URL HTTP/1.1 ocsp.pki.goog/s/gts1p5/VPvL6SobR40
IP
Hash 2d64f21258b6ee87e5d1728da79a3c67
b7442b2a550563a3745669cd820f99eced7e979a
f5994dc4a5c03f732fea703881be1842be1d9fd87f1bef091b3e418b0b315d63
POST /s/gts1p5/VPvL6SobR40 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 06 Feb 2023 05:33:46 GMT
Cache-Control: public, max-age=14400
Server: scaffolding on HTTPServer2
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
200 OK 471 B IP
Hash 26a15a1b880ec1026360b696b1c27074
fd35f80a1cf599da2a8e68a44477465a580440a5
a6d5caec988319523c120bc435a4ff0200b7ead114db10db19a09caeace978f7
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 06 Feb 2023 05:33:46 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
200 OK 472 B IP
Hash e914fb7456042eeb781ec3caf563d4b9
15dae41d85a50f4985c1583d6afdac47da478c13
2f1c735e033ea901b594da676a7208de01463362dc572e9d57485d8dac0a67f4
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 06 Feb 2023 05:33:46 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
xfantazy.com/_next/static/runtime/main-8daa673a54696bb62abb.js
200 OK 26 kB URL HTTP/2 xfantazy.com/_next/static/runtime/main-8daa673a54696bb62abb.js
IP
File type ASCII text, with very long lines (65536), with no line terminators
Hash 2b8937ce9049adb85a3126de1dd72c19
ffd4e0620737be580fd7efc6592310b317e978e5
7fca11c5606b5f14189eb96abc02233b48f7dba9f7c114686c8c02d3cdb9f627
GET /_next/static/runtime/main-8daa673a54696bb62abb.js HTTP/1.1
Host: xfantazy.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/video/601edb27d7357618a3cf5cec
Cookie: visitorId=csen51g57oaf7d37cztu0c; experiment-popup-payment-7=0; experiment-save-to-button-2=0
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Mon, 06 Feb 2023 05:33:46 GMT
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=31536000, immutable
cf-bgj: minify
etag: W/"11cd7-18350162aec"
last-modified: Sun, 18 Sep 2022 10:12:53 GMT
vary: Origin, Accept-Encoding
cf-cache-status: HIT
age: 5443895
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=mkNnQJ99UpkEvPy7nF6%2Baw4UbSXAU5T374curSkT6XWxiIguG5xkOqy9PRfT%2B6SQp31%2FVolcsK4iScPs9m9fb7eGLDk%2FG7w%2BI7gE2prBWkOK%2BEtLvsEWpGNmQCpB2Ng%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7951834f2bd523ca-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
xfantazy.com/_next/static/chunks/16.2fcecc4fbe403da70f1d.js
200 OK 6.7 kB URL HTTP/2 xfantazy.com/_next/static/chunks/16.2fcecc4fbe403da70f1d.js
IP
File type ASCII text, with very long lines (20298), with no line terminators
Hash e83bd3581d7db3e4f86f68367227753a
2f9798eaf1509aa68a791aae1aa0d55f33f7396d
11e165b461ab390a1f2467facd4e8ddc7ef892245e59acc2054a8e6272e4b7f8
GET /_next/static/chunks/16.2fcecc4fbe403da70f1d.js HTTP/1.1
Host: xfantazy.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/video/601edb27d7357618a3cf5cec
Cookie: visitorId=csen51g57oaf7d37cztu0c; experiment-popup-payment-7=0; experiment-save-to-button-2=0
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Mon, 06 Feb 2023 05:33:46 GMT
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=31536000, immutable
cf-bgj: minify
etag: W/"4f4a-183501634e6"
last-modified: Sun, 18 Sep 2022 10:12:56 GMT
vary: Origin, Accept-Encoding
cf-cache-status: HIT
age: 5443881
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=P3mHh8Ps01quC7fKA5ykVnisLWMHxoPJp%2FRQCcShK4eHC8tRAebh5aTcTSSh4Up2NOpZ3XBZwTAN6wb5QxacESCnOxWkIIRcWD5ekWZcAJId3c3%2BBTJ0OeN4q3kapBE%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7951834f1bcd23ca-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.sectigo.com/
200 OK 472 B IP
Hash 4fb1bbcedf6b3659d27f416c89a13da9
c8fdb87b425d19f9d8ae3b487bf20bc2a9589542
4d1b277ae39ba973e45b4c7e7be903500f3e2492e1f746bb45e8c5ad137efda3
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Mon, 06 Feb 2023 05:33:46 GMT
Content-Type: application/ocsp-response
Content-Length: 472
Connection: keep-alive
Last-Modified: Sat, 04 Feb 2023 03:14:21 GMT
Expires: Sat, 11 Feb 2023 03:14:20 GMT
Etag: "c8fdb87b425d19f9d8ae3b487bf20bc2a9589542"
Cache-Control: max-age=423033,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb2
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 7951834f9adeb4eb-OSL
ocsp.sectigo.com/
200 OK 472 B IP
Hash 4fb1bbcedf6b3659d27f416c89a13da9
c8fdb87b425d19f9d8ae3b487bf20bc2a9589542
4d1b277ae39ba973e45b4c7e7be903500f3e2492e1f746bb45e8c5ad137efda3
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Mon, 06 Feb 2023 05:33:46 GMT
Content-Type: application/ocsp-response
Content-Length: 472
Connection: keep-alive
Last-Modified: Sat, 04 Feb 2023 03:14:21 GMT
Expires: Sat, 11 Feb 2023 03:14:20 GMT
Etag: "c8fdb87b425d19f9d8ae3b487bf20bc2a9589542"
Cache-Control: max-age=423033,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb2
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 7951834f9990b506-OSL
cdn.ampproject.org/v0/amp-analytics-0.1.js
200 OK 32 kB URL HTTP/2 cdn.ampproject.org/v0/amp-analytics-0.1.js
IP
File type ASCII text, with very long lines (65534)
Hash 9941a422eb81519e61ddeea269c358ee
28d49584462b3a58698e03a268280336be71c674
0c077e7ecd5c5011164a8fd0408221266063667c54ac227d4827d1ebf1356bde
GET /v0/amp-analytics-0.1.js HTTP/1.1
Host: cdn.ampproject.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: br
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
timing-allow-origin: *
content-length: 31946
date: Mon, 06 Feb 2023 05:33:46 GMT
expires: Mon, 06 Feb 2023 05:33:46 GMT
cache-control: private, max-age=604800, stale-while-revalidate=604800
etag: "5023241975e48b39"
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
fonts.googleapis.com/css?family=Roboto:100,300,400,500,700&display=swap
200 OK 1.3 kB URL HTTP/2 fonts.googleapis.com/css?family=Roboto:100,300,400,500,700&display=swap
IP
Hash 5c799a0c539417f0448545e716800ead
7055a7e4be096e7dbcfaa10af2a21de56aaac48c
352e6fead3746c2de9377034d182215fe6a937320c470d833522f1d87963f19c
GET /css?family=Roboto:100,300,400,500,700&display=swap HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Mon, 06 Feb 2023 05:33:46 GMT
date: Mon, 06 Feb 2023 05:33:46 GMT
cache-control: private, max-age=86400
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
xfantazy.com/_next/static/chunks/47.6c9a4510342e4dd3af77.js
200 OK 1.3 kB URL HTTP/2 xfantazy.com/_next/static/chunks/47.6c9a4510342e4dd3af77.js
IP
File type ASCII text, with very long lines (1568), with no line terminators
Hash b41f4a66b1e540733bdc56646703a5dc
471fdd55a552bad77de3637c7915cb0ca4b58071
0ea4bfc9b260378fdda78eaf5d0525199d36b4ed2683a2e619be2725733570a6
GET /_next/static/chunks/47.6c9a4510342e4dd3af77.js HTTP/1.1
Host: xfantazy.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/video/601edb27d7357618a3cf5cec
Cookie: visitorId=csen51g57oaf7d37cztu0c; experiment-popup-payment-7=0; experiment-save-to-button-2=0
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Mon, 06 Feb 2023 05:33:46 GMT
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=31536000, immutable
cf-bgj: minify
etag: W/"620-183501656fb"
last-modified: Sun, 18 Sep 2022 10:13:04 GMT
vary: Origin, Accept-Encoding
cf-cache-status: HIT
age: 5443882
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=nmZir1yJZX5RpaALS2J4xIbdjn0gVh1wNp82gCpcuVNPCZCTgKvYJYsWkHNFhC50Pyg7QFyw0QaGLJKZGgYq44xSx%2BGED6HEBcAuo7x0p2sl%2B6fd0yTLMTlSi5h1VUU%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7951834f1bcf23ca-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
static-cache.k2s.cc/thumbnail/dbyQvCChy6e4_zmTqw/w320h240/0.jpeg
200 OK 12 kB URL HTTP/2 static-cache.k2s.cc/thumbnail/dbyQvCChy6e4_zmTqw/w320h240/0.jpeg
IP
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v80), quality = 80", baseline, precision 8, 320x240, components 3\012- data
Hash 58a77211f09e762ddd753e454698d4a1
dc4415e598c00783ab4f08ba1cd5b729c4fdd060
f464e5ad4b2cba8ad4f9368d9982219764f0ff36fe7734ea64ed1fef07e3db9c
GET /thumbnail/dbyQvCChy6e4_zmTqw/w320h240/0.jpeg HTTP/1.1
Host: static-cache.k2s.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: openresty
date: Mon, 06 Feb 2023 05:33:46 GMT
content-type: image/jpeg
content-length: 12322
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
access-control-allow-origin: *
x-cache-status: HIT
X-Firefox-Spdy: h2
static-cache.k2s.cc/thumbnail/LbzCuiemm6fp-zvG-Q/w320h240/0.jpeg
200 OK 12 kB URL HTTP/2 static-cache.k2s.cc/thumbnail/LbzCuiemm6fp-zvG-Q/w320h240/0.jpeg
IP
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v80), quality = 80", baseline, precision 8, 320x240, components 3\012- data
Hash 119c3d0bf7c6147e0b454a098ca0cbac
48e4b7690e749701efd6c43794566c039455dd9d
97355f44db3f72032611f328130bc6d702b1e92aaa05c983a4c774a230b3780c
GET /thumbnail/LbzCuiemm6fp-zvG-Q/w320h240/0.jpeg HTTP/1.1
Host: static-cache.k2s.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: openresty
date: Mon, 06 Feb 2023 05:33:46 GMT
content-type: image/jpeg
content-length: 12209
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
access-control-allow-origin: *
x-cache-status: HIT
X-Firefox-Spdy: h2
static-cache.k2s.cc/thumbnail/IuzC6CTyzqborjzG-A/w320h240/0.jpeg
200 OK 12 kB URL HTTP/2 static-cache.k2s.cc/thumbnail/IuzC6CTyzqborjzG-A/w320h240/0.jpeg
IP
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v80), quality = 80", baseline, precision 8, 320x240, components 3\012- data
Hash c3b071a6d45aab88890ddc714c925c15
a4644d9ecc1216edfc733418a421efb6bca4912e
2692b3369b6be0ea779b4bf7389eee7fbc6ef54d6f24e976a3ca26901742afe5
GET /thumbnail/IuzC6CTyzqborjzG-A/w320h240/0.jpeg HTTP/1.1
Host: static-cache.k2s.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: openresty
date: Mon, 06 Feb 2023 05:33:46 GMT
content-type: image/jpeg
content-length: 11671
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
access-control-allow-origin: *
x-cache-status: HIT
X-Firefox-Spdy: h2
static-cache.k2s.cc/thumbnail/LO7Fun6nm__s_T_E-w/w320h240/0.jpeg
200 OK 14 kB URL HTTP/2 static-cache.k2s.cc/thumbnail/LO7Fun6nm__s_T_E-w/w320h240/0.jpeg
IP
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v80), quality = 80", baseline, precision 8, 320x240, components 3\012- data
Hash 3df1644d79efa512e6ea278542b613e4
8922648fe1e892de5e810829878aedf200b44f32
ccda2c7cebc2eda8827c47c79f5ad67e0e76f5d79effde200ba456ed51935298
GET /thumbnail/LO7Fun6nm__s_T_E-w/w320h240/0.jpeg HTTP/1.1
Host: static-cache.k2s.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: openresty
date: Mon, 06 Feb 2023 05:33:46 GMT
content-type: image/jpeg
content-length: 13869
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
access-control-allow-origin: *
x-cache-status: HIT
X-Firefox-Spdy: h2
push.services.mozilla.com/
101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: oSmzcnnUfLrSmWp4dXF8sw==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: eu7VcbfBU67AOW0Mx8R9ZnCe+Vs=
ocsp.pki.goog/gts1c3
200 OK 471 B IP
Hash 836bc62dbb011b6180fc7209d0061736
74e6f18561a7006a3afb6ab03559eec239ce4b36
90b197384670fdb210d364f91b423fd383d25838e38a494158a8185bef0061f0
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 06 Feb 2023 05:33:46 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
200 OK 471 B IP
Hash 836bc62dbb011b6180fc7209d0061736
74e6f18561a7006a3afb6ab03559eec239ce4b36
90b197384670fdb210d364f91b423fd383d25838e38a494158a8185bef0061f0
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 06 Feb 2023 05:33:46 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
200 OK 471 B IP
Hash 836bc62dbb011b6180fc7209d0061736
74e6f18561a7006a3afb6ab03559eec239ce4b36
90b197384670fdb210d364f91b423fd383d25838e38a494158a8185bef0061f0
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 06 Feb 2023 05:33:46 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
xfantazy.com/_next/static/runtime/webpack-f6e00aacd372b5a1ee4b.js
200 OK 21 kB URL HTTP/2 xfantazy.com/_next/static/runtime/webpack-f6e00aacd372b5a1ee4b.js
IP
File type ASCII text, with very long lines (12210), with no line terminators
Hash 5eb6fc015b818903d7938e9d80b298d1
da8dbf203a377c2d73d4eac770ac8e56b2037496
423e23a9309e1efcd1492416934a51dfa63e3ee0cd658897552fea7ae9fe9286
GET /_next/static/runtime/webpack-f6e00aacd372b5a1ee4b.js HTTP/1.1
Host: xfantazy.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/video/601edb27d7357618a3cf5cec
Cookie: visitorId=csen51g57oaf7d37cztu0c; experiment-popup-payment-7=0; experiment-save-to-button-2=0
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Mon, 06 Feb 2023 05:33:46 GMT
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=31536000, immutable
cf-bgj: minify
etag: W/"2fb2-185ecc5d3f1"
last-modified: Thu, 26 Jan 2023 06:31:05 GMT
vary: Origin, Accept-Encoding
cf-cache-status: HIT
age: 946893
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=1q28zcANgd0RQoFHw%2FcKoklZqfHz5Ullhn2OQghlO3TMf6JA%2FftTS17Zh9dRXDGGs5Q%2F7mVRaWdcha1mc%2B6EAkgeFdUsq%2BA8sqYN9ytWh%2By0dyuKDR5UVtfHR6MhCL0%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7951834f2bd223ca-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
xfantazy.com/_next/static/chunks/59.edff5ae0d8d83054b552.js
200 OK 17 kB URL HTTP/2 xfantazy.com/_next/static/chunks/59.edff5ae0d8d83054b552.js
IP
File type ASCII text, with very long lines (3211), with no line terminators
Hash ebbb8007f0b69de96e1574bccc77ef67
c5e1bcbb9861645d96a983abd0d57699cee77955
b16e18f7bbe35ddcd88349b65332214006d07c32558205f2039113d50b100b50
GET /_next/static/chunks/59.edff5ae0d8d83054b552.js HTTP/1.1
Host: xfantazy.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/video/601edb27d7357618a3cf5cec
Cookie: visitorId=csen51g57oaf7d37cztu0c; experiment-popup-payment-7=0; experiment-save-to-button-2=0
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Mon, 06 Feb 2023 05:33:46 GMT
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=31536000, immutable
cf-bgj: minify
etag: W/"c8b-18350162908"
last-modified: Sun, 18 Sep 2022 10:12:53 GMT
vary: Origin, Accept-Encoding
cf-cache-status: HIT
age: 5443882
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=duNcANPLZi%2BWpJgx1y6OTL4yqfvvXwfSf8KBib61PHN904MbMZa%2BV7l%2BzVkO1%2Fw9CHdzgQsyaifMaBqx6m9M55rGHPoHtWFUDcaOt4Qn%2FnvmACeppvXlIcTrsYZ5mOA%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7951834f1bce23ca-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmEU9fBBc4.woff2
200 OK 16 kB URL HTTP/2 fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmEU9fBBc4.woff2
IP
File type Web Open Font Format (Version 2), TrueType, length 15920, version 1.0\012- data
Hash 3a44e06eb954b96aa043227f3534189d
23cef6993ddb2b2979e8e7647fc3763694e2ba7d
b019538234514166ec7665359d097403358f8a4c991901983922fb4d56989f1e
GET /s/roboto/v30/KFOlCnqEu92Fr1MmEU9fBBc4.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://xfantazy.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15920
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 01 Feb 2023 07:51:59 GMT
expires: Thu, 01 Feb 2024 07:51:59 GMT
cache-control: public, max-age=31536000
age: 423708
last-modified: Wed, 11 May 2022 19:24:45 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
200 OK 471 B IP
Hash 836bc62dbb011b6180fc7209d0061736
74e6f18561a7006a3afb6ab03559eec239ce4b36
90b197384670fdb210d364f91b423fd383d25838e38a494158a8185bef0061f0
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 06 Feb 2023 05:33:47 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
200 OK 14 kB IP
Hash 1d224e71a7ae1b299971d1493b1c5138
b244b2dc16eb79f14404307b4bb97e33b51613c2
10bfb978ffd9e21f9b3554660cab6f0ee664abfb2d88327faeb1fd30e25b0b16
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 06 Feb 2023 05:33:47 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.googletagmanager.com/gtm.js?id=GTM-PLKQLTX
200 OK 66 kB URL HTTP/2 www.googletagmanager.com/gtm.js?id=GTM-PLKQLTX
IP
File type ASCII text, with very long lines (38842), with no line terminators
Hash ad91e5c7650f3f28d8fd4a2f197ef1bb
c8a90ca8ab9fe170a37397ddd96509e2467c9ce7
13fd2b8f0e6f75c2f8bb0b1e42e134c90d1c914bc27091f926199ebae23bf901
GET /gtm.js?id=GTM-PLKQLTX HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Mon, 06 Feb 2023 05:33:47 GMT
expires: Mon, 06 Feb 2023 05:33:47 GMT
cache-control: private, max-age=900
last-modified: Mon, 06 Feb 2023 03:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 54690
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
200 OK 15 kB IP
Hash 42d8eb87fbd502eb5b9ff0df1015cb60
4cc5d4fc25e5989b2904197f53767fd492097642
c8976930cd8fc61341fe04eeb6f3833b5e250008126df7144c62d48fbb0589dd
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 06 Feb 2023 05:33:47 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
cdn.jsdelivr.net/npm/yandex-metrica-watch/tag.js
200 OK 89 kB URL HTTP/2 cdn.jsdelivr.net/npm/yandex-metrica-watch/tag.js
IP
Hash 37b7df341cfba9fce67a4a56564b5ee3
05461e7a579d65d0ea9a0e16b86066efe6b5ff25
f5662ad9ded2dd44a71101012870549b9da7dbd2e989a014e94e6b1bc7a669ba
GET /npm/yandex-metrica-watch/tag.js HTTP/1.1
Host: cdn.jsdelivr.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: *
timing-allow-origin: *
cache-control: public, max-age=604800, s-maxage=43200
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/javascript; charset=utf-8
x-jsd-version: 1.257.0
x-jsd-version-type: version
etag: W/"34e3a-eIUrj6hD3pmnKAQZCp7YaNtM0Rc"
content-encoding: gzip
accept-ranges: bytes
date: Mon, 06 Feb 2023 05:33:47 GMT
age: 14232
x-served-by: cache-fra-eddf8230060-FRA, cache-bma1640-BMA
x-cache: HIT, HIT
vary: Accept-Encoding
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 85751
X-Firefox-Spdy: h2
static-cache.k2s.cc/thumbnail/e89a6959482a5/main/0.jpeg
200 OK 1.5 kB URL HTTP/2 static-cache.k2s.cc/thumbnail/e89a6959482a5/main/0.jpeg
IP
Hash 67069edb6f9875a2edb004f41353e51f
4ea5fe72cbbe75fd8b47718d9dc66e2416d88820
5d029a10d7efa523d53fb58467d7972b6c9199e2351152028f7fd25ba41d168f
GET /thumbnail/e89a6959482a5/main/0.jpeg HTTP/1.1
Host: static-cache.k2s.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: openresty
date: Mon, 06 Feb 2023 05:33:46 GMT
content-type: image/jpeg
content-length: 61673
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
access-control-allow-origin: *
x-cache-status: HIT
X-Firefox-Spdy: h2
r3.o.lencr.org/
200 OK 1.7 kB IP
ASN #20940 Akamai International B.V.
Hash 593814d849c44ab9faa3d76f452960db
ddbeddf1b58b1c5ba0ce4f0d373b76cb900249a9
c143563669defd5d6907b32adfe973740ea04b163e4aa7971f5cd4d758e88cc2
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "317A76FF6592A38B35393849B048D2C1A8D4B169344DDD1274F048E1CB8630BE"
Last-Modified: Sat, 04 Feb 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8892
Expires: Mon, 06 Feb 2023 08:01:59 GMT
Date: Mon, 06 Feb 2023 05:33:47 GMT
Connection: keep-alive
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 4e795574d4dbd03f989b2bf4067bdd05
32386ce77d2846bac4bda67863ed71c66760b82a
68a0796b971493f5fdf99551d58215f80e9afb9b5382ebbc743c7648889395e5
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "68A0796B971493F5FDF99551D58215F80E9AFB9B5382EBBC743C7648889395E5"
Last-Modified: Sat, 04 Feb 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8707
Expires: Mon, 06 Feb 2023 07:58:54 GMT
Date: Mon, 06 Feb 2023 05:33:47 GMT
Connection: keep-alive
ocsp.globalsign.com/gseccovsslca2018
200 OK 939 B URL HTTP/1.1 ocsp.globalsign.com/gseccovsslca2018
IP
Hash 2c480db66ecd94df99efb9d9a52c8283
8e463237295a0b0dbb402e5b6c77f7607a6f0db6
f09f13d45a0188a549d088e363c3660cf911dda28bc6a50986f9cc537ba38f4a
POST /gseccovsslca2018 HTTP/1.1
Host: ocsp.globalsign.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 79
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Connection: keep-alive
Content-Length: 939
Server: nginx
Content-Type: application/ocsp-response
Expires: Fri, 10 Feb 2023 04:41:09 GMT
ETag: "8e463237295a0b0dbb402e5b6c77f7607a6f0db6"
Last-Modified: Mon, 06 Feb 2023 04:41:10 GMT
Cache-Control: public, no-transform, must-revalidate, s-maxage=3600
Via: 1.1 varnish, 1.1 varnish
Accept-Ranges: bytes
Date: Mon, 06 Feb 2023 05:33:48 GMT
Age: 158
X-Served-By: cache-qpg1244-QPG, cache-bma1628-BMA
X-Cache: HIT, HIT
X-Cache-Hits: 7, 1
X-Timer: S1675661628.046380,VS0,VE1
skiingsettling.com/21/fe/39/21fe3950f412e026c33f1b6cee613eba.js
200 OK 13 kB URL HTTP/1.1 skiingsettling.com/21/fe/39/21fe3950f412e026c33f1b6cee613eba.js
IP
ASN #39572 DataWeb Global Group B.V.
File type ASCII text, with very long lines (37182), with no line terminators
Hash 7aaa7728502ce31a4e0346df0c0d5087
6fdd2b26a53769110426fe6eadf16d32c6d0c2a4
2746711235cc299e4ceb5a6753b0cdc56158156de5f5de6fcc2c27ea611f17ee
Analyzer Verdict Alert fortinet Malware
quad9 Sinkholed
GET /21/fe/39/21fe3950f412e026c33f1b6cee613eba.js HTTP/1.1
Host: skiingsettling.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Mon, 06 Feb 2023 05:33:48 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 701ceedef1591209173c4a47ef267d46
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 1b25bf82638deaab60981e1315ee0849
e3bd912fd1a890e64ee6746a78a674db7ff77039
a99b0dfa9ca7176b21cc2d65963a1b6eb6d534b3767d02ef06cc207a63331ebf
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "A99B0DFA9CA7176B21CC2D65963A1B6EB6D534B3767D02EF06CC207A63331EBF"
Last-Modified: Sat, 04 Feb 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7761
Expires: Mon, 06 Feb 2023 07:43:09 GMT
Date: Mon, 06 Feb 2023 05:33:48 GMT
Connection: keep-alive
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 1b25bf82638deaab60981e1315ee0849
e3bd912fd1a890e64ee6746a78a674db7ff77039
a99b0dfa9ca7176b21cc2d65963a1b6eb6d534b3767d02ef06cc207a63331ebf
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "A99B0DFA9CA7176B21CC2D65963A1B6EB6D534B3767D02EF06CC207A63331EBF"
Last-Modified: Sat, 04 Feb 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7761
Expires: Mon, 06 Feb 2023 07:43:09 GMT
Date: Mon, 06 Feb 2023 05:33:48 GMT
Connection: keep-alive
exploredefinitely.com/a2/f9/90/a2f990f10476061c719d1c1aa3a2ecd2.js
200 OK 13 kB URL HTTP/1.1 exploredefinitely.com/a2/f9/90/a2f990f10476061c719d1c1aa3a2ecd2.js
IP
ASN #39572 DataWeb Global Group B.V.
File type ASCII text, with very long lines (37185), with no line terminators
Hash c35ebedf1d06c01f5c3a9655110aea5d
6c53b97f23c06c39b1855e93a37c768ce04949f3
fd2e19d7a9cd7d5335d7c8da06a282fea57763571c3aaeeec8a7460467ea0373
GET /a2/f9/90/a2f990f10476061c719d1c1aa3a2ecd2.js HTTP/1.1
Host: exploredefinitely.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.17.9
Date: Mon, 06 Feb 2023 05:33:47 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 991ddbeb65f5b9553c790813f55b9153
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F028c7ce9-e4c6-4453-bc20-0c0fefbadfec.jpeg
200 OK 12 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F028c7ce9-e4c6-4453-bc20-0c0fefbadfec.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash b08a4dc42d2e08b2b18c9545ce9a2fdb
b688557ebba4b3c987275761e9a1f5993ad3d8a5
641402fb9282208b33877e4812cb9392b035dba85fcb3a344a2a1072d5a69f28
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F028c7ce9-e4c6-4453-bc20-0c0fefbadfec.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 11630
x-amzn-requestid: 3912e3f9-44a5-405c-9edb-d8409faa0b04
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: f4pkUHUoIAMFzcg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63e022e8-03e547e96b085d9e29a1852b;Sampled=0
x-amzn-remapped-date: Sun, 05 Feb 2023 21:43:04 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: Vrf1axqufJTrf057F6nY_97NtiM_Wt0tZXpTGN42rvAOV7a4CPe1ig==
via: 1.1 41e349e25dc4bc856d0e5d2c162428a0.cloudfront.net (CloudFront), 1.1 32c16f33c8f5601364fa8229b0d74dc2.cloudfront.net (CloudFront), 1.1 google
date: Sun, 05 Feb 2023 21:56:35 GMT
age: 27433
etag: "b688557ebba4b3c987275761e9a1f5993ad3d8a5"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
mc.yandex.ru/watch/49415098/1?wmode=7&page-url=https%3A%2F%2Fxfantazy.com%2Fvideo%2F601edb27d7357618a3cf5cec&charset=utf-8&browser-info=pv%3A1%3Avf%3A14qzoz81s4a176hik6jd9j%3Afp%3A1343%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A960%3Acn%3A1%3Adp%3A0%3Als%3A1186222245565%3Ahid%3A560667781%3Az%3A0%3Ai%3A20230206053431%3Aet%3A1675661672%3Ac%3A1%3Arn%3A303953145%3Arqn%3A1%3Au%3A1675661672838653380%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ads%3A1%2C147%2C468%2C14%2C317%2C0%2C%2C364%2C11%2C%2C%2C%2C1339%3Aco%3A0%3Ans%3A1675661669173%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1675661672%3At%3AAlice%20Chen%2033%20Learn%20To%20Cum%20In%20Chinese%20on%20toys%20-%20XFantazy.com&t=gdpr%2814%29clc%280-0-0%29rqnt%281%29aw%281%29fip%281%29ti%282%29
200 OK 419 B URL HTTP/2 mc.yandex.ru/watch/49415098/1?wmode=7&page-url=https%3A%2F%2Fxfantazy.com%2Fvideo%2F601edb27d7357618a3cf5cec&charset=utf-8&browser-info=pv%3A1%3Avf%3A14qzoz81s4a176hik6jd9j%3Afp%3A1343%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A960%3Acn%3A1%3Adp%3A0%3Als%3A1186222245565%3Ahid%3A560667781%3Az%3A0%3Ai%3A20230206053431%3Aet%3A1675661672%3Ac%3A1%3Arn%3A303953145%3Arqn%3A1%3Au%3A1675661672838653380%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ads%3A1%2C147%2C468%2C14%2C317%2C0%2C%2C364%2C11%2C%2C%2C%2C1339%3Aco%3A0%3Ans%3A1675661669173%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1675661672%3At%3AAlice%20Chen%2033%20Learn%20To%20Cum%20In%20Chinese%20on%20toys%20-%20XFantazy.com&t=gdpr%2814%29clc%280-0-0%29rqnt%281%29aw%281%29fip%281%29ti%282%29
IP
File type JSON data\012- , ASCII text, with very long lines (419), with no line terminators
Hash 7ef1da55ae0cf327ea0f14587f314e19
4f0c9087d6d1c1a1fe116dc707917c998d53c228
422819cc8e3331c6ff1b47a78a2e4b6f2ccd300771196f2964bb3227d2385cfa
GET /watch/49415098/1?wmode=7&page-url=https%3A%2F%2Fxfantazy.com%2Fvideo%2F601edb27d7357618a3cf5cec&charset=utf-8&browser-info=pv%3A1%3Avf%3A14qzoz81s4a176hik6jd9j%3Afp%3A1343%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A960%3Acn%3A1%3Adp%3A0%3Als%3A1186222245565%3Ahid%3A560667781%3Az%3A0%3Ai%3A20230206053431%3Aet%3A1675661672%3Ac%3A1%3Arn%3A303953145%3Arqn%3A1%3Au%3A1675661672838653380%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ads%3A1%2C147%2C468%2C14%2C317%2C0%2C%2C364%2C11%2C%2C%2C%2C1339%3Aco%3A0%3Ans%3A1675661669173%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1675661672%3At%3AAlice%20Chen%2033%20Learn%20To%20Cum%20In%20Chinese%20on%20toys%20-%20XFantazy.com&t=gdpr%2814%29clc%280-0-0%29rqnt%281%29aw%281%29fip%281%29ti%282%29 HTTP/1.1
Host: mc.yandex.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://xfantazy.com
Referer: https://xfantazy.com/
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-length: 419
date: Mon, 06 Feb 2023 05:33:48 GMT
x-content-type-options: nosniff
access-control-allow-origin: https://xfantazy.com
access-control-allow-credentials: true
pragma: no-cache
x-xss-protection: 1; mode=block
expires: Mon, 06-Feb-2023 05:33:48 GMT
last-modified: Mon, 06-Feb-2023 05:33:48 GMT
accept-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
content-type: application/json; charset=utf-8
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe482817c-a09c-4952-a819-3ff2f99810ae.jpeg
200 OK 8.0 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe482817c-a09c-4952-a819-3ff2f99810ae.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 336b665bfad04ec8ed14b01bbf17566d
92102d4c75d2c7efd8197be88e3cb467d2682190
1e21687a242c058a3b442909b168c5e706175b1e93e51cfce691c6f033f795d7
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe482817c-a09c-4952-a819-3ff2f99810ae.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8039
x-amzn-requestid: b36a6062-0676-4abc-820c-959bc02810f5
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: f4pkoECwIAMF4hQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63e022ea-52faddc079b7107004e8cfea;Sampled=0
x-amzn-remapped-date: Sun, 05 Feb 2023 21:43:06 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: MOgI0aopvRaUSJ-YFH6QFNpGxhUNlpnLk7VeCeOsmcrGTUYIESN2Hg==
via: 1.1 a20e81b65d2465c729ce2f6bfe539dd0.cloudfront.net (CloudFront), 1.1 5565a51537c689d1d16f6b4d41f40082.cloudfront.net (CloudFront), 1.1 google
date: Sun, 05 Feb 2023 22:13:33 GMT
age: 26415
etag: "92102d4c75d2c7efd8197be88e3cb467d2682190"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3482c5eb-0e83-4722-a14e-ee2eefae5e03.jpeg
200 OK 6.8 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3482c5eb-0e83-4722-a14e-ee2eefae5e03.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 5eb98d203ce09cf8d1964decb2e44058
004d35f6af8f06b453a4c047e202fddbd410aaf4
80232fe0b4ce7393653076fc39d2d315274e8c17f76a4f754576f4a8a1b3baef
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3482c5eb-0e83-4722-a14e-ee2eefae5e03.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 6779
x-amzn-requestid: e2a59d9f-577d-4071-8d40-80e54051fc18
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fzVx6FjwoAMFyNw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63de033f-1fcd55e1413543440d46307c;Sampled=0
x-amzn-remapped-date: Sat, 04 Feb 2023 07:03:27 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: Q7yMHmaEpwLuUNkDG-InGzSE6Lsl-4BJAfAliwalUwb57vEF9Vtixg==
via: 1.1 5a1753718d8b33365e5f693dd338c510.cloudfront.net (CloudFront), 1.1 591683988172c7980c4ebb318cbf18a8.cloudfront.net (CloudFront), 1.1 google
date: Sun, 05 Feb 2023 07:09:02 GMT
age: 80686
etag: "004d35f6af8f06b453a4c047e202fddbd410aaf4"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F7f49c6ce-40f8-40bf-9423-2de34118bace.jpeg
200 OK 9.0 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F7f49c6ce-40f8-40bf-9423-2de34118bace.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 714723c38877e0d1655c7118a88ec064
809a42ce7c76cea0ce16af8172d852723c3a5f02
6bad7253694d155de31a8f5a3c635545a39aac340ca49d1bc10efb6739d4a356
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F7f49c6ce-40f8-40bf-9423-2de34118bace.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8981
x-amzn-requestid: 0054e925-c381-4737-bd92-32b2af3a604e
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: f4oiQHRFoAMFw6w=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63e02141-45ea5ee33d07326c593d21d3;Sampled=0
x-amzn-remapped-date: Sun, 05 Feb 2023 21:36:01 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: WPChtMRjKafjMFkXCam-m5lHQ-4E-UZ5VwnfjrBKaz6nuOh70Fkunw==
via: 1.1 23206a1c229d8877bdd053c4b05f9d12.cloudfront.net (CloudFront), 1.1 d8792dbd3191bbe722eba5b536b979c8.cloudfront.net (CloudFront), 1.1 google
date: Sun, 05 Feb 2023 22:02:46 GMT
age: 27062
etag: "809a42ce7c76cea0ce16af8172d852723c3a5f02"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd4c26323-ca84-49c2-9f28-1ea4944d5cd9.jpeg
200 OK 8.5 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd4c26323-ca84-49c2-9f28-1ea4944d5cd9.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 929818fabd5a6ee5200499ca445d121e
3951cfa614e0a8674b730c4850f6483e35f73f6a
9f56ead2f8c136f6d6906fbb8a0ee5e0fd879e8ed104512ed4edf3ba3ece6917
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd4c26323-ca84-49c2-9f28-1ea4944d5cd9.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8481
x-amzn-requestid: 77c27205-9d32-42d4-b2c4-e5c3941bbe72
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: f4pcuG8VoAMFTaQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63e022b7-76fae5a943c7a1d242f7a758;Sampled=0
x-amzn-remapped-date: Sun, 05 Feb 2023 21:42:15 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: RDlRiO7e6e283A5DEKRr8kz-S9t9vlt8bzxhc_sfN3R16BygeOovhA==
via: 1.1 26ca01ec7377e425b59b6a08cb1ec342.cloudfront.net (CloudFront), 1.1 3cd7af07832481c336aa1c93c9b4a6fe.cloudfront.net (CloudFront), 1.1 google
date: Sun, 05 Feb 2023 22:02:40 GMT
age: 27068
etag: "3951cfa614e0a8674b730c4850f6483e35f73f6a"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3288563a-8f6e-4597-833f-b5512e91e772.png
200 OK 13 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3288563a-8f6e-4597-833f-b5512e91e772.png
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash a24cf7b2db6d65c3fe5daf78b3309ced
a3653a9a7baea412808dd91572ff21e1a505c26f
f55ee98bab5ce53d6acc1cac7f54f089b42d5f2ffbe750d869c4f4a7bc26f715
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3288563a-8f6e-4597-833f-b5512e91e772.png HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 13230
x-amzn-requestid: 8171829a-cf6d-4c33-99a1-f3cef7cd4475
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: f4oiTH8GoAMFYLA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63e02141-1597a0f06ef3db2534a101aa;Sampled=0
x-amzn-remapped-date: Sun, 05 Feb 2023 21:36:01 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: Nvfp0sEYw5bxnFHisq80WCXh6T-LdFlPqs95tyX2epjMfhM_hjUj0A==
via: 1.1 26ca01ec7377e425b59b6a08cb1ec342.cloudfront.net (CloudFront), 1.1 b2f9564ebf9c745cc2ceae96d434977e.cloudfront.net (CloudFront), 1.1 google
date: Sun, 05 Feb 2023 21:50:03 GMT
age: 27825
etag: "a3653a9a7baea412808dd91572ff21e1a505c26f"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
e1.o.lencr.org/
200 OK 346 B IP
ASN #20940 Akamai International B.V.
Hash bfea74a6190e45e6b339a9ed62e59fd1
52a5787e4375d9012a8653c14cd5c66d68909ffb
f1251329302001bd0d2de99dfe1100887ff6a7b69de4ad2b9a2a718efe6c91d1
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 346
ETag: "F1251329302001BD0D2DE99DFE1100887FF6A7B69DE4AD2B9A2A718EFE6C91D1"
Last-Modified: Sat, 04 Feb 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3674
Expires: Mon, 06 Feb 2023 06:35:02 GMT
Date: Mon, 06 Feb 2023 05:33:48 GMT
Connection: keep-alive
ocsp.sca1b.amazontrust.com/
200 OK 471 B URL HTTP/1.1 ocsp.sca1b.amazontrust.com/
IP
Hash 2b9fa7773944abe31f5a0d2c89fcf83f
dd497be3ec7fff255da6600a2d92c45d0f4b9a50
68342c1715a25165c46c7832671ce7d31cc3afeda203b110c999875bb79ba116
POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=121537
Date: Mon, 06 Feb 2023 05:33:48 GMT
Etag: "63dfaf99-1d7"
Expires: Tue, 07 Feb 2023 15:19:25 GMT
Last-Modified: Sun, 05 Feb 2023 13:31:05 GMT
Server: ECS (bsa/EB19)
X-Cache: Miss from cloudfront
Via: 1.1 2afd697fc5d0058ea30d6c4b939e714c.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: oquyLPCXevpt52N3kS0jS2DquTe0-veDoCb62if91H9hilJSXylTFw==
Age: 6500
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 8137f1d72b1382207ea43cbac07e3ccd
a84f90d7e9f809eb94a91a6d797adb6c85c8577e
5a5bb4a953b87c20a45add1ca8e079ceff7595b2d734bd6ae029334a4f1c5427
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "5A5BB4A953B87C20A45ADD1CA8E079CEFF7595B2D734BD6AE029334A4F1C5427"
Last-Modified: Mon, 06 Feb 2023 01:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5973
Expires: Mon, 06 Feb 2023 07:13:21 GMT
Date: Mon, 06 Feb 2023 05:33:48 GMT
Connection: keep-alive
simplewebanalysis.com/stats
200 OK 40 B URL HTTP/2 simplewebanalysis.com/stats
IP
File type ASCII text, with no line terminators
Hash 5cfff2eba624ce82b3fee983f4c974d9
6682a254942952a158aeb8e55eba0c4b84b4b98a
5dc46d4aa2cdfb688964bf71f0910872ffcd6a19f770bd379c539536bc6e87c1
GET /stats HTTP/1.1
Host: simplewebanalysis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://xfantazy.com
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Mon, 06 Feb 2023 05:33:48 GMT
content-type: text/html; charset=UTF-8
content-length: 40
server: fasthttp
access-control-allow-origin: https://xfantazy.com
access-control-allow-credentials: true
set-cookie: uid_id2=65532b96-075e-46f7-b8fa-4dc1bc141102:2:1; expires=Thu, 03 Feb 2033 05:33:48 GMT; secure; SameSite=None
X-Firefox-Spdy: h2
ocsp.sca1b.amazontrust.com/
200 OK 471 B URL HTTP/1.1 ocsp.sca1b.amazontrust.com/
IP
Hash 2b9fa7773944abe31f5a0d2c89fcf83f
dd497be3ec7fff255da6600a2d92c45d0f4b9a50
68342c1715a25165c46c7832671ce7d31cc3afeda203b110c999875bb79ba116
POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: 'max-age=158059'
Date: Mon, 06 Feb 2023 05:33:48 GMT
Last-Modified: Mon, 06 Feb 2023 05:25:50 GMT
Server: ECS (nyb/1D1F)
X-Cache: Miss from cloudfront
Via: 1.1 dbfaae0db03f11cf713bbcbdb25be4a2.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: LW0qjtIJsOk4q_v9st9_wTY8PdnFoiQ-i-aWahaDS3M7vE99zVNwcQ==
Age: 479
simplewebanalysis.com/stats
200 OK 40 B URL HTTP/2 simplewebanalysis.com/stats
IP
File type ASCII text, with no line terminators
Hash c7105d6cb6dacb33e177bac628f4311d
215baf9f5dbca87c5a55fda2d6fdcf4501fa193a
5de9d48cbd79aa93a892550cc48e2da7cdd31681706f055b763d2bc14acd4338
GET /stats HTTP/1.1
Host: simplewebanalysis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://xfantazy.com
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Mon, 06 Feb 2023 05:33:48 GMT
content-type: text/html; charset=UTF-8
content-length: 40
server: fasthttp
access-control-allow-origin: https://xfantazy.com
access-control-allow-credentials: true
set-cookie: uid_id2=36f4333f-010e-485a-9c6a-07ce48f83409:3:1; expires=Thu, 03 Feb 2033 05:33:48 GMT; secure; SameSite=None
X-Firefox-Spdy: h2
e1.o.lencr.org/
200 OK 346 B IP
ASN #20940 Akamai International B.V.
Hash bfea74a6190e45e6b339a9ed62e59fd1
52a5787e4375d9012a8653c14cd5c66d68909ffb
f1251329302001bd0d2de99dfe1100887ff6a7b69de4ad2b9a2a718efe6c91d1
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 346
ETag: "F1251329302001BD0D2DE99DFE1100887FF6A7B69DE4AD2B9A2A718EFE6C91D1"
Last-Modified: Sat, 04 Feb 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3674
Expires: Mon, 06 Feb 2023 06:35:02 GMT
Date: Mon, 06 Feb 2023 05:33:48 GMT
Connection: keep-alive
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 29afa6e0646329b484cb20667ef8fd2f
a08a380c73bdbb7f4df888ed4e3cf767198410ab
12ad88e9066b0e595664a95cdfdd333bcb818a87bc561102dea682f249242b2d
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "12AD88E9066B0E595664A95CDFDD333BCB818A87BC561102DEA682F249242B2D"
Last-Modified: Sun, 05 Feb 2023 07:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5975
Expires: Mon, 06 Feb 2023 07:13:23 GMT
Date: Mon, 06 Feb 2023 05:33:48 GMT
Connection: keep-alive
mc.yandex.ru/watch/49415098/1?page-url=https%3A%2F%2Fxfantazy.com%2Fvideo%2F601edb27d7357618a3cf5cec&charset=utf-8&hittoken=1675661628_fbea76d3929791eaa32e06a6349827cbf3e158fc32fabaa8647177f4d214624f&browser-info=pa%3A1%3Aar%3A1%3Avf%3A14qzoz81s4a176hik6jd9j%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A960%3Acn%3A1%3Adp%3A0%3Als%3A1186222245565%3Ahid%3A560667781%3Az%3A0%3Ai%3A20230206053432%3Aet%3A1675661672%3Ac%3A1%3Arn%3A353652899%3Arqn%3A3%3Au%3A1675661672838653380%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Aco%3A0%3Ans%3A1675661669173%3Ast%3A1675661672&t=gdpr(14)mc(p-3)clc(0-0-0)rqnt(3)aw(1)ti(2)
200 OK 43 B URL HTTP/2 mc.yandex.ru/watch/49415098/1?page-url=https%3A%2F%2Fxfantazy.com%2Fvideo%2F601edb27d7357618a3cf5cec&charset=utf-8&hittoken=1675661628_fbea76d3929791eaa32e06a6349827cbf3e158fc32fabaa8647177f4d214624f&browser-info=pa%3A1%3Aar%3A1%3Avf%3A14qzoz81s4a176hik6jd9j%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A960%3Acn%3A1%3Adp%3A0%3Als%3A1186222245565%3Ahid%3A560667781%3Az%3A0%3Ai%3A20230206053432%3Aet%3A1675661672%3Ac%3A1%3Arn%3A353652899%3Arqn%3A3%3Au%3A1675661672838653380%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Aco%3A0%3Ans%3A1675661669173%3Ast%3A1675661672&t=gdpr(14)mc(p-3)clc(0-0-0)rqnt(3)aw(1)ti(2)
IP
File type GIF image data, version 89a, 1 x 1\012- data
Hash df3e567d6f16d040326c7a0ea29a4f41
ea7df583983133b62712b5e73bffbcd45cc53736
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
POST /watch/49415098/1?page-url=https%3A%2F%2Fxfantazy.com%2Fvideo%2F601edb27d7357618a3cf5cec&charset=utf-8&hittoken=1675661628_fbea76d3929791eaa32e06a6349827cbf3e158fc32fabaa8647177f4d214624f&browser-info=pa%3A1%3Aar%3A1%3Avf%3A14qzoz81s4a176hik6jd9j%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A960%3Acn%3A1%3Adp%3A0%3Als%3A1186222245565%3Ahid%3A560667781%3Az%3A0%3Ai%3A20230206053432%3Aet%3A1675661672%3Ac%3A1%3Arn%3A353652899%3Arqn%3A3%3Au%3A1675661672838653380%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Aco%3A0%3Ans%3A1675661669173%3Ast%3A1675661672&t=gdpr(14)mc(p-3)clc(0-0-0)rqnt(3)aw(1)ti(2) HTTP/1.1
Host: mc.yandex.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Content-Length: 52
Origin: https://xfantazy.com
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-length: 43
date: Mon, 06 Feb 2023 05:33:48 GMT
access-control-allow-origin: https://xfantazy.com
access-control-allow-credentials: true
pragma: no-cache
x-xss-protection: 1; mode=block
expires: Mon, 06-Feb-2023 05:33:48 GMT
last-modified: Mon, 06-Feb-2023 05:33:48 GMT
accept-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
content-type: image/gif
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
mc.yandex.ru/watch/49415098/1?page-url=https%3A%2F%2Fxfantazy.com%2Fvideo%2F601edb27d7357618a3cf5cec&charset=utf-8&hittoken=1675661628_fbea76d3929791eaa32e06a6349827cbf3e158fc32fabaa8647177f4d214624f&browser-info=pa%3A1%3Aar%3A1%3Avf%3A14qzoz81s4a176hik6jd9j%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A960%3Acn%3A1%3Adp%3A0%3Als%3A1186222245565%3Ahid%3A560667781%3Az%3A0%3Ai%3A20230206053432%3Aet%3A1675661672%3Ac%3A1%3Arn%3A54024133%3Arqn%3A2%3Au%3A1675661672838653380%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Aco%3A0%3Ans%3A1675661669173%3Ast%3A1675661672&t=gdpr(14)mc(p-3)clc(0-0-0)rqnt(2)aw(1)ti(2)
200 OK 43 B URL HTTP/2 mc.yandex.ru/watch/49415098/1?page-url=https%3A%2F%2Fxfantazy.com%2Fvideo%2F601edb27d7357618a3cf5cec&charset=utf-8&hittoken=1675661628_fbea76d3929791eaa32e06a6349827cbf3e158fc32fabaa8647177f4d214624f&browser-info=pa%3A1%3Aar%3A1%3Avf%3A14qzoz81s4a176hik6jd9j%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A960%3Acn%3A1%3Adp%3A0%3Als%3A1186222245565%3Ahid%3A560667781%3Az%3A0%3Ai%3A20230206053432%3Aet%3A1675661672%3Ac%3A1%3Arn%3A54024133%3Arqn%3A2%3Au%3A1675661672838653380%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Aco%3A0%3Ans%3A1675661669173%3Ast%3A1675661672&t=gdpr(14)mc(p-3)clc(0-0-0)rqnt(2)aw(1)ti(2)
IP
File type GIF image data, version 89a, 1 x 1\012- data
Hash df3e567d6f16d040326c7a0ea29a4f41
ea7df583983133b62712b5e73bffbcd45cc53736
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
POST /watch/49415098/1?page-url=https%3A%2F%2Fxfantazy.com%2Fvideo%2F601edb27d7357618a3cf5cec&charset=utf-8&hittoken=1675661628_fbea76d3929791eaa32e06a6349827cbf3e158fc32fabaa8647177f4d214624f&browser-info=pa%3A1%3Aar%3A1%3Avf%3A14qzoz81s4a176hik6jd9j%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A960%3Acn%3A1%3Adp%3A0%3Als%3A1186222245565%3Ahid%3A560667781%3Az%3A0%3Ai%3A20230206053432%3Aet%3A1675661672%3Ac%3A1%3Arn%3A54024133%3Arqn%3A2%3Au%3A1675661672838653380%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Aco%3A0%3Ans%3A1675661669173%3Ast%3A1675661672&t=gdpr(14)mc(p-3)clc(0-0-0)rqnt(2)aw(1)ti(2) HTTP/1.1
Host: mc.yandex.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Content-Length: 45
Origin: https://xfantazy.com
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-length: 43
date: Mon, 06 Feb 2023 05:33:48 GMT
access-control-allow-origin: https://xfantazy.com
access-control-allow-credentials: true
pragma: no-cache
x-xss-protection: 1; mode=block
expires: Mon, 06-Feb-2023 05:33:48 GMT
last-modified: Mon, 06-Feb-2023 05:33:48 GMT
accept-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
content-type: image/gif
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
mc.yandex.ru/watch/49415098/1?page-url=https%3A%2F%2Fxfantazy.com%2Fvideo%2F601edb27d7357618a3cf5cec&charset=utf-8&hittoken=1675661628_fbea76d3929791eaa32e06a6349827cbf3e158fc32fabaa8647177f4d214624f&browser-info=pa%3A1%3Aar%3A1%3Avf%3A14qzoz81s4a176hik6jd9j%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A960%3Acn%3A1%3Adp%3A0%3Als%3A1186222245565%3Ahid%3A560667781%3Az%3A0%3Ai%3A20230206053432%3Aet%3A1675661672%3Ac%3A1%3Arn%3A689827151%3Arqn%3A4%3Au%3A1675661672838653380%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Aco%3A0%3Ans%3A1675661669173%3Ast%3A1675661672&t=gdpr(14)mc(p-3)clc(0-0-0)rqnt(4)aw(1)ti(2)
200 OK 43 B URL HTTP/2 mc.yandex.ru/watch/49415098/1?page-url=https%3A%2F%2Fxfantazy.com%2Fvideo%2F601edb27d7357618a3cf5cec&charset=utf-8&hittoken=1675661628_fbea76d3929791eaa32e06a6349827cbf3e158fc32fabaa8647177f4d214624f&browser-info=pa%3A1%3Aar%3A1%3Avf%3A14qzoz81s4a176hik6jd9j%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A960%3Acn%3A1%3Adp%3A0%3Als%3A1186222245565%3Ahid%3A560667781%3Az%3A0%3Ai%3A20230206053432%3Aet%3A1675661672%3Ac%3A1%3Arn%3A689827151%3Arqn%3A4%3Au%3A1675661672838653380%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Aco%3A0%3Ans%3A1675661669173%3Ast%3A1675661672&t=gdpr(14)mc(p-3)clc(0-0-0)rqnt(4)aw(1)ti(2)
IP
File type GIF image data, version 89a, 1 x 1\012- data
Hash df3e567d6f16d040326c7a0ea29a4f41
ea7df583983133b62712b5e73bffbcd45cc53736
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
POST /watch/49415098/1?page-url=https%3A%2F%2Fxfantazy.com%2Fvideo%2F601edb27d7357618a3cf5cec&charset=utf-8&hittoken=1675661628_fbea76d3929791eaa32e06a6349827cbf3e158fc32fabaa8647177f4d214624f&browser-info=pa%3A1%3Aar%3A1%3Avf%3A14qzoz81s4a176hik6jd9j%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A960%3Acn%3A1%3Adp%3A0%3Als%3A1186222245565%3Ahid%3A560667781%3Az%3A0%3Ai%3A20230206053432%3Aet%3A1675661672%3Ac%3A1%3Arn%3A689827151%3Arqn%3A4%3Au%3A1675661672838653380%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Aco%3A0%3Ans%3A1675661669173%3Ast%3A1675661672&t=gdpr(14)mc(p-3)clc(0-0-0)rqnt(4)aw(1)ti(2) HTTP/1.1
Host: mc.yandex.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Content-Length: 108
Origin: https://xfantazy.com
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-length: 43
date: Mon, 06 Feb 2023 05:33:48 GMT
access-control-allow-origin: https://xfantazy.com
access-control-allow-credentials: true
pragma: no-cache
x-xss-protection: 1; mode=block
expires: Mon, 06-Feb-2023 05:33:48 GMT
last-modified: Mon, 06-Feb-2023 05:33:48 GMT
accept-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
content-type: image/gif
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
irritateinformantmeddle.com/01/f7/5a/01f75a95a38a8db0a8e82d995253a076.js
200 OK 29 kB URL HTTP/1.1 irritateinformantmeddle.com/01/f7/5a/01f75a95a38a8db0a8e82d995253a076.js
IP
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (65536), with no line terminators
Hash 3ee45b5bdbe2b1a2ae77fbe9b4f4e24a
020c9eae7998212a8b41e6e45e520ca5d09f4a5b
859e5d04d8fa5f7d1c58f4c1e4ad299405f1e3947a6f469d64c2a596602e9f59
GET /01/f7/5a/01f75a95a38a8db0a8e82d995253a076.js HTTP/1.1
Host: irritateinformantmeddle.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Mon, 06 Feb 2023 05:33:48 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 4ebfb03723cf6e5f85105c72909f6aa7
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
simplewebanalysis.com/stats
200 OK 40 B URL HTTP/2 simplewebanalysis.com/stats
IP
File type ASCII text, with no line terminators
Hash c7105d6cb6dacb33e177bac628f4311d
215baf9f5dbca87c5a55fda2d6fdcf4501fa193a
5de9d48cbd79aa93a892550cc48e2da7cdd31681706f055b763d2bc14acd4338
GET /stats HTTP/1.1
Host: simplewebanalysis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://xfantazy.com
Connection: keep-alive
Referer: https://xfantazy.com/
Cookie: uid_id2=36f4333f-010e-485a-9c6a-07ce48f83409:3:1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Mon, 06 Feb 2023 05:33:48 GMT
content-type: text/html; charset=UTF-8
content-length: 40
server: fasthttp
access-control-allow-origin: https://xfantazy.com
access-control-allow-credentials: true
X-Firefox-Spdy: h2
indignationmapprohibited.com/4d/0a/fc/4d0afc2425eea6b0cd5a468c9f8a69ed.js
200 OK 29 kB URL HTTP/1.1 indignationmapprohibited.com/4d/0a/fc/4d0afc2425eea6b0cd5a468c9f8a69ed.js
IP
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (65536), with no line terminators
Hash cf1ead1015ee91282205ca91148cd161
3fb3e9d2f4677ac98eec5a9b0de4c42c533b4a4b
fa85e74a1591f42db33d234c16a5a7bb2d22ba6a10fe96398e3136d86f039481
Analyzer Verdict Alert quad9 Sinkholed
GET /4d/0a/fc/4d0afc2425eea6b0cd5a468c9f8a69ed.js HTTP/1.1
Host: indignationmapprohibited.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Mon, 06 Feb 2023 05:33:48 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 057012c3bcc7c2b2e12c766de37fd018
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash e56fd27f876b200a107ea3c9f9807bd4
4ed5a722b7f4e3c67df4dd15c2fc9e884239607b
900741d426e4b3479108b0db782f5e212f6e509d54e292c9d0e48aa08cf98f68
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "900741D426E4B3479108B0DB782F5E212F6E509D54E292C9D0E48AA08CF98F68"
Last-Modified: Sat, 04 Feb 2023 01:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5985
Expires: Mon, 06 Feb 2023 07:13:33 GMT
Date: Mon, 06 Feb 2023 05:33:48 GMT
Connection: keep-alive
irritateinformantmeddle.com/sbar.json?key=21fe3950f412e026c33f1b6cee613eba
200 OK 4.1 kB URL HTTP/1.1 irritateinformantmeddle.com/sbar.json?key=21fe3950f412e026c33f1b6cee613eba
IP
File type JSON data\012- , ASCII text, with very long lines (5653), with no line terminators
Hash 464f9292443b9734958a11be39cf346e
09d1ecd6d24b71e6fc0296db9521a61afbd65413
f908855706dee4d5ef959874cecb2282157d155694ead272fdaafb8c892215ff
GET /sbar.json?key=21fe3950f412e026c33f1b6cee613eba HTTP/1.1
Host: irritateinformantmeddle.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://xfantazy.com
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Mon, 06 Feb 2023 05:33:48 GMT
Content-Type: text/plain; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: https://xfantazy.com
Access-Control-Allow-Origin: https://xfantazy.com
Access-Control-Allow-Credentials: true
Set-Cookie: u_pl=17661735; expires=Tue, 07 Feb 2023 05:33:48 GMT; secure; SameSite=None
pdhtkv=true; expires=Tue, 07 Feb 2023 05:33:48 GMT; secure; SameSite=None
uncs=1; expires=Tue, 07 Feb 2023 05:33:48 GMT; secure; SameSite=None
pdhtkv29=true; expires=Tue, 07 Feb 2023 05:33:48 GMT; secure; SameSite=None
uncs29=1; expires=Tue, 07 Feb 2023 05:33:48 GMT; secure; SameSite=None
slec21fe3950f412e026c33f1b6cee613eba=[3870584]; expires=Mon, 06 Feb 2023 05:33:53 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: ab05621d3d29ebf6a91b650e813e4b9c
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
indignationmapprohibited.com/pixel/purst?dl=0&th=0&sc=0&rs=3107&rd=3107&fd=543&bv=22.10.v.10&tmpl=136
200 OK 0 B URL HTTP/1.1 indignationmapprohibited.com/pixel/purst?dl=0&th=0&sc=0&rs=3107&rd=3107&fd=543&bv=22.10.v.10&tmpl=136
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /pixel/purst?dl=0&th=0&sc=0&rs=3107&rd=3107&fd=543&bv=22.10.v.10&tmpl=136 HTTP/1.1
Host: indignationmapprohibited.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Mon, 06 Feb 2023 05:33:48 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
indignationmapprohibited.com/sbar.json?key=a2f990f10476061c719d1c1aa3a2ecd2&uuid=36f4333f-010e-485a-9c6a-07ce48f83409%3A3%3A1
200 OK 4.1 kB URL HTTP/1.1 indignationmapprohibited.com/sbar.json?key=a2f990f10476061c719d1c1aa3a2ecd2&uuid=36f4333f-010e-485a-9c6a-07ce48f83409%3A3%3A1
IP
File type JSON data\012- , ASCII text, with very long lines (5743), with no line terminators
Hash d9bbb1c2b62b8e57bc8a8b7b370af9a5
c5fa7f42bb4d2632c8d5be65ac4debb2cac09389
060978e39fd26b95b28c2ab1be463584ec141006a3a3441b93badba224815664
Analyzer Verdict Alert quad9 Sinkholed
GET /sbar.json?key=a2f990f10476061c719d1c1aa3a2ecd2&uuid=36f4333f-010e-485a-9c6a-07ce48f83409%3A3%3A1 HTTP/1.1
Host: indignationmapprohibited.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://xfantazy.com
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Mon, 06 Feb 2023 05:33:48 GMT
Content-Type: text/plain; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: https://xfantazy.com
Access-Control-Allow-Origin: https://xfantazy.com
Access-Control-Allow-Credentials: true
Set-Cookie: u_pl=15600826; expires=Tue, 07 Feb 2023 05:33:48 GMT; secure; SameSite=None
uid_id2=36f4333f-010e-485a-9c6a-07ce48f83409:3:1; expires=Mon, 13 Feb 2023 05:33:48 GMT; secure; SameSite=None
pdhtkv=true; expires=Tue, 07 Feb 2023 05:33:48 GMT; secure; SameSite=None
uncs=1; expires=Tue, 07 Feb 2023 05:33:48 GMT; secure; SameSite=None
pdhtkv29=true; expires=Tue, 07 Feb 2023 05:33:48 GMT; secure; SameSite=None
uncs29=1; expires=Tue, 07 Feb 2023 05:33:48 GMT; secure; SameSite=None
sleca2f990f10476061c719d1c1aa3a2ecd2=[3870583]; expires=Mon, 06 Feb 2023 05:33:53 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 03b25921ae4a3ce66c6c7ddecfd55c70
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 5fc2e5e3dacb5f1694d1a313e41dfeff
a2b4b4257d0b674a067709e7fb363aaefb49b527
9bbe470357f73baef6b70ea5c067c0f513822d705a2b7b1c5c5b3711b90dfd11
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "9BBE470357F73BAEF6B70EA5C067C0F513822D705A2B7B1C5C5B3711B90DFD11"
Last-Modified: Sun, 05 Feb 2023 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4526
Expires: Mon, 06 Feb 2023 06:49:15 GMT
Date: Mon, 06 Feb 2023 05:33:49 GMT
Connection: keep-alive
innocenceexpeditionsensation.com/pixel/purst?dl=0&th=0&sc=0&rs=3007&rd=3007&fd=537&bv=22.10.v.10&tmpl=136
200 OK 0 B URL HTTP/1.1 innocenceexpeditionsensation.com/pixel/purst?dl=0&th=0&sc=0&rs=3007&rd=3007&fd=537&bv=22.10.v.10&tmpl=136
IP
ASN #39572 DataWeb Global Group B.V.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /pixel/purst?dl=0&th=0&sc=0&rs=3007&rd=3007&fd=537&bv=22.10.v.10&tmpl=136 HTTP/1.1
Host: innocenceexpeditionsensation.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Mon, 06 Feb 2023 05:33:49 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
irritateinformantmeddle.com/ren.gif?sid=H4sIAAAAAAAC%2F1RSz2skxRev3t0vfHERf%2BDFgzo3FWTSPT2TZIwQjGskuGbj7krQW%2F3qmTI1XU1V1%2FQkF8MuyB4nN4%2BdzyQbdBdx8eJlYZl4kZxsD5KDwf9B8CwzGRh9UPXeq8%2BD%2Bnzee18f%2BgsSwtPzrU%2FMntKaLrTqYe2tbZUKU7ja5t1aFNbDldq2ShebK7XB5LL9d6OwVQ%2Ffrn0k%2BY5ZaIRRGEZhVFtXViZmsDBFobLH7ajeDuvNRj1qNTGw%2F82dD%2BBoANG%2FIC9Diep%2F3V%2BeQPEx0t4PN6TbyU32zoc9r2luLPri5LN0JzVFit48TGyAJD2ZVcO4ipBvrsCkJzMFMP2jiQIwVZHg9wgsPZnRBOsfXzJlGjIFE9dR9MeQegxFx%2BDmPpT4lQBcYPMW0t7DTWMLunuJ0glakWt%2F%2FwVVVOTaH68g7X2%2FptWgdsdonyuTOgySEmowhuqMkflT5HsBVHEKnt%2BDEgRpr4QS5VS1UmOoZAwth6AugJ8cFcAnAXwWoCfOa7TVTsJwKWFJHC83OedxzHlreVG0RNxcTkJ4PqE1RJ4NwfUQ3O4js%2FvYUQcVIfeOYP0zuG4JJwK4vCLBp%2FvoixKFJCgcQUEJCkVQ5ARFvzwW2jVc%2BVBo51k0842Zj8uRyTuH9NjkHZmSw%2ByCvDRpSvD8V29iR57XGlEi43YrTJpRQ4aNRR7HScQWuZSLUSwZhVMllLsy1bunKvJ66zoyVZH%2Frz4Do6dw%2BhRcvQjqXwMtRkuNELQ7ai6H2Et%2FSmnuLdVdSXXedcZbLutcewZhSmT5NeS7waG%2BIK9OB7XywgCSn63%2BGE8N3JbIbIkv1c8EHf1gdNsU5Oi2KRx5civLVU%2Ft0ckQ7%2BQ0l1e%2F%2B1juFsaKjRtu%2BO37fAJMwsd3pctv0lSotOPIozUlhLTrxnJJnm64bcm2vOuueZv67ObWB%2BsbvcxK55RJx6CqIuR8A1xV5LmnX0wX9I1Hn0PZMawv0fNnZGZQ5hQ824fL5vydIbB6XsOyAIUvR7bB5o9aEWg5zykr4f6Vs3l86B6gYwPQ%2FP50Lfu2RF%2BXoHoI56%2BO8syerf42%2B5zpYMS0DY6YtvrgsrlOnddkKwkTGTYkS9osWaKhaCfNNqPtSC6xFo2Qu4r%2FefDePwAAAP%2F%2FAQAA%2F%2F%2FpAgRNeAQAAA%3D%3D
200 OK 7 B URL HTTP/1.1 irritateinformantmeddle.com/ren.gif?sid=H4sIAAAAAAAC%2F1RSz2skxRev3t0vfHERf%2BDFgzo3FWTSPT2TZIwQjGskuGbj7krQW%2F3qmTI1XU1V1%2FQkF8MuyB4nN4%2BdzyQbdBdx8eJlYZl4kZxsD5KDwf9B8CwzGRh9UPXeq8%2BD%2Bnzee18f%2BgsSwtPzrU%2FMntKaLrTqYe2tbZUKU7ja5t1aFNbDldq2ShebK7XB5LL9d6OwVQ%2Ffrn0k%2BY5ZaIRRGEZhVFtXViZmsDBFobLH7ajeDuvNRj1qNTGw%2F82dD%2BBoANG%2FIC9Diep%2F3V%2BeQPEx0t4PN6TbyU32zoc9r2luLPri5LN0JzVFit48TGyAJD2ZVcO4ipBvrsCkJzMFMP2jiQIwVZHg9wgsPZnRBOsfXzJlGjIFE9dR9MeQegxFx%2BDmPpT4lQBcYPMW0t7DTWMLunuJ0glakWt%2F%2FwVVVOTaH68g7X2%2FptWgdsdonyuTOgySEmowhuqMkflT5HsBVHEKnt%2BDEgRpr4QS5VS1UmOoZAwth6AugJ8cFcAnAXwWoCfOa7TVTsJwKWFJHC83OedxzHlreVG0RNxcTkJ4PqE1RJ4NwfUQ3O4js%2FvYUQcVIfeOYP0zuG4JJwK4vCLBp%2FvoixKFJCgcQUEJCkVQ5ARFvzwW2jVc%2BVBo51k0842Zj8uRyTuH9NjkHZmSw%2ByCvDRpSvD8V29iR57XGlEi43YrTJpRQ4aNRR7HScQWuZSLUSwZhVMllLsy1bunKvJ66zoyVZH%2Frz4Do6dw%2BhRcvQjqXwMtRkuNELQ7ai6H2Et%2FSmnuLdVdSXXedcZbLutcewZhSmT5NeS7waG%2BIK9OB7XywgCSn63%2BGE8N3JbIbIkv1c8EHf1gdNsU5Oi2KRx5civLVU%2Ft0ckQ7%2BQ0l1e%2F%2B1juFsaKjRtu%2BO37fAJMwsd3pctv0lSotOPIozUlhLTrxnJJnm64bcm2vOuueZv67ObWB%2BsbvcxK55RJx6CqIuR8A1xV5LmnX0wX9I1Hn0PZMawv0fNnZGZQ5hQ824fL5vydIbB6XsOyAIUvR7bB5o9aEWg5zykr4f6Vs3l86B6gYwPQ%2FP50Lfu2RF%2BXoHoI56%2BO8syerf42%2B5zpYMS0DY6YtvrgsrlOnddkKwkTGTYkS9osWaKhaCfNNqPtSC6xFo2Qu4r%2FefDePwAAAP%2F%2FAQAA%2F%2F%2FpAgRNeAQAAA%3D%3D
IP
File type ASCII text, with no line terminators
Hash 132d6af1b46048b45cf86cdee7991d31
eb7007d03d59b65bc6da7e098c4d38fc6dfb6285
ab852e838deccd742a03ca81d4a8d75cf1a00b327db3eaf46bd7da6b6db9384c
GET /ren.gif?sid=H4sIAAAAAAAC%2F1RSz2skxRev3t0vfHERf%2BDFgzo3FWTSPT2TZIwQjGskuGbj7krQW%2F3qmTI1XU1V1%2FQkF8MuyB4nN4%2BdzyQbdBdx8eJlYZl4kZxsD5KDwf9B8CwzGRh9UPXeq8%2BD%2Bnzee18f%2BgsSwtPzrU%2FMntKaLrTqYe2tbZUKU7ja5t1aFNbDldq2ShebK7XB5LL9d6OwVQ%2Ffrn0k%2BY5ZaIRRGEZhVFtXViZmsDBFobLH7ajeDuvNRj1qNTGw%2F82dD%2BBoANG%2FIC9Diep%2F3V%2BeQPEx0t4PN6TbyU32zoc9r2luLPri5LN0JzVFit48TGyAJD2ZVcO4ipBvrsCkJzMFMP2jiQIwVZHg9wgsPZnRBOsfXzJlGjIFE9dR9MeQegxFx%2BDmPpT4lQBcYPMW0t7DTWMLunuJ0glakWt%2F%2FwVVVOTaH68g7X2%2FptWgdsdonyuTOgySEmowhuqMkflT5HsBVHEKnt%2BDEgRpr4QS5VS1UmOoZAwth6AugJ8cFcAnAXwWoCfOa7TVTsJwKWFJHC83OedxzHlreVG0RNxcTkJ4PqE1RJ4NwfUQ3O4js%2FvYUQcVIfeOYP0zuG4JJwK4vCLBp%2FvoixKFJCgcQUEJCkVQ5ARFvzwW2jVc%2BVBo51k0842Zj8uRyTuH9NjkHZmSw%2ByCvDRpSvD8V29iR57XGlEi43YrTJpRQ4aNRR7HScQWuZSLUSwZhVMllLsy1bunKvJ66zoyVZH%2Frz4Do6dw%2BhRcvQjqXwMtRkuNELQ7ai6H2Et%2FSmnuLdVdSXXedcZbLutcewZhSmT5NeS7waG%2BIK9OB7XywgCSn63%2BGE8N3JbIbIkv1c8EHf1gdNsU5Oi2KRx5civLVU%2Ft0ckQ7%2BQ0l1e%2F%2B1juFsaKjRtu%2BO37fAJMwsd3pctv0lSotOPIozUlhLTrxnJJnm64bcm2vOuueZv67ObWB%2BsbvcxK55RJx6CqIuR8A1xV5LmnX0wX9I1Hn0PZMawv0fNnZGZQ5hQ824fL5vydIbB6XsOyAIUvR7bB5o9aEWg5zykr4f6Vs3l86B6gYwPQ%2FP50Lfu2RF%2BXoHoI56%2BO8syerf42%2B5zpYMS0DY6YtvrgsrlOnddkKwkTGTYkS9osWaKhaCfNNqPtSC6xFo2Qu4r%2FefDePwAAAP%2F%2FAQAA%2F%2F%2FpAgRNeAQAAA%3D%3D HTTP/1.1
Host: irritateinformantmeddle.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Cookie: u_pl=17661735; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Mon, 06 Feb 2023 05:33:49 GMT
Content-Type: image/gif
Content-Length: 7
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: cf4d44bf7358582aea9a3c848f0da155
Strict-Transport-Security: max-age=0; includeSubdomains
mc.yandex.ru/metrika/advert.gif
200 OK 43 B URL HTTP/2 mc.yandex.ru/metrika/advert.gif
IP
File type GIF image data, version 89a, 1 x 1\012- data
Hash df3e567d6f16d040326c7a0ea29a4f41
ea7df583983133b62712b5e73bffbcd45cc53736
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
GET /metrika/advert.gif HTTP/1.1
Host: mc.yandex.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-length: 43
date: Mon, 06 Feb 2023 05:33:49 GMT
access-control-allow-origin: *
etag: "63c93a4b-2b"
expires: Mon, 06 Feb 2023 06:33:49 GMT
accept-ranges: bytes
last-modified: Thu, 19 Jan 2023 15:40:43 GMT
accept-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
cache-control: max-age=3600
content-type: image/gif
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
www.google-analytics.com/analytics.js
200 OK 20 kB URL HTTP/2 www.google-analytics.com/analytics.js
IP
File type ASCII text, with very long lines (1490)
Hash ca7fbbfd120e3e329633044190bbf134
d17f81e03dd827554ddd207ea081fb46b3415445
847004cefb32f85a9cc16b0b1eb77529ff5753680c145bfcb23f651d214737db
GET /analytics.js HTTP/1.1
Host: www.google-analytics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 20085
date: Mon, 06 Feb 2023 03:45:20 GMT
expires: Mon, 06 Feb 2023 05:45:20 GMT
cache-control: public, max-age=7200
age: 6509
last-modified: Tue, 10 Jan 2023 21:29:14 GMT
content-type: text/javascript
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
200 OK 472 B IP
Hash 7afb8eb5dcbd727fb69c14bfabe20e72
d4b1cc1973e4200a371f0aa8c5ec8232d780a77b
ca0a46edfe267973b60ff163d696fe7c0e862e56ee3f90f098bf309f276c987f
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 06 Feb 2023 05:33:49 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j99&tid=UA-121614197-2&cid=1936592839.1675661673&jid=1183965068&gjid=1313676467&_gid=254829927.1675661673&_u=YGBAiEABBAAAAEAAI~&z=1020923373
200 OK 1 B URL HTTP/2 stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j99&tid=UA-121614197-2&cid=1936592839.1675661673&jid=1183965068&gjid=1313676467&_gid=254829927.1675661673&_u=YGBAiEABBAAAAEAAI~&z=1020923373
IP
File type very short file (no magic)
Hash c4ca4238a0b923820dcc509a6f75849b
356a192b7913b04c54574d18c28d46e6395428ab
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
POST /j/collect?t=dc&aip=1&_r=3&v=1&_v=j99&tid=UA-121614197-2&cid=1936592839.1675661673&jid=1183965068&gjid=1313676467&_gid=254829927.1675661673&_u=YGBAiEABBAAAAEAAI~&z=1020923373 HTTP/1.1
Host: stats.g.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 0
Origin: https://xfantazy.com
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: https://xfantazy.com
strict-transport-security: max-age=10886400; includeSubDomains; preload
date: Mon, 06 Feb 2023 05:33:49 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
last-modified: Sun, 17 May 1998 03:00:00 GMT
access-control-allow-credentials: true
x-content-type-options: nosniff
content-type: text/plain
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 1
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
indignationmapprohibited.com/ren.gif?sid=H4sIAAAAAAAC%2F1RSzWsk1Rd9Nclv81Pwg9mIiL1woWA6r7qqP8oIg3GMBMdMmBmJuHv13qvOM9X1ivequjoNQpgBmWVn57JyOpmgE8TBnTAgHTeSle1CemEQ%2FwA3glulOw2td1H3njoX3rnn3s%2BP8ktCkbPJ9oe6r%2BKYrdartPL6jkqELmxl617FpVW6VtlRScNfq%2FSmH9N9y6X1Kn2j8r7ke3q1Rl1KXepWNpSRke6tzlio9CxwqwGt%2BrWqW%2FfRM%2F%2FFNndgmQPRvSQvQonx%2F3Z%2FfALFR0g639yUdi%2FT6ZvvdfKYZdqgK04%2FSvYSXSToLMrIOIiS03k3tB0T8sU16OR0PgF093g6AUI1Js4vLsLkdC4TYffkSmkYQyYIxTMouiPIeATFRuD6AZT4iQBcYOs2ks6jLW0Ktn%2FFsik7Jst%2F%2FQlVjMnyr9eRdL5ej1WvclfHeaZ0YtGLSqjeCKo9QpqfI%2Bs7UMU5eHYfShAknRJKTF7zGpHveV60Ql0qV%2FxWna0EvMFWaJNLvxW1PJ8GM2uUGkFFI8RyAGaXkFsHuXKQRw7y1EFHTCqsHkSUNqMw8ryWzzn3PM7rrYaoC89vRRQ5n2ofIEsH4PEA3BwgNQfYU4djQu4fw%2BTfw%2B6WsMKBzQi6okQhCQpLUDCCQhEUGUHRLU9EbGu2fCRim4fuPNfm2SuHOmsfsROdtWVCjtJL8sLMtT%2Be%2FQ57clJhtSgIaORSv9mgDZc33UC43GXMYzXJRQ1WlVD2Gph10Fdjcv3l35FOV%2FnZ3wjZOWx8Dq6eB8tfASuGzRoF2x36LYp%2BctaLWJKx%2Fn6V6w6ELpFmy8j2naP4krw007H2XAHJL258680C3JRITYlP1Q8E7fjh8I4uyPEdXVjy5HaaqY7qs%2Blm72Ysk0tffSD3C23E5k07%2BPIdPiWm5dk9abNbLBEqaVvyeF0JIc2GNlySp5t2R4bbud1dz02Sp7e2393Y7KRGWqt0MgJTY0Imm%2BBqTP7%2F9JPZ1b76%2BGMoM4LJS3TyCzIPKH0Onh7Apgv9VhOYeNETpg6KvByaWrj4GSuCWC4wC0vYf%2BFwUR%2FZh2gbByx7MLvVrinRjUuweACbLw2z1Fzc%2BHn%2BeBg7wzA2znEYm%2FjwylyrJhVZj2gkaU2GURBGTUZFEPlByAJXNsM6c5HZMf%2Ft8O1%2FAAAA%2F%2F8BAAD%2F%2F2WKjWiNBAAA
200 OK 7 B URL HTTP/1.1 indignationmapprohibited.com/ren.gif?sid=H4sIAAAAAAAC%2F1RSzWsk1Rd9Nclv81Pwg9mIiL1woWA6r7qqP8oIg3GMBMdMmBmJuHv13qvOM9X1ivequjoNQpgBmWVn57JyOpmgE8TBnTAgHTeSle1CemEQ%2FwA3glulOw2td1H3njoX3rnn3s%2BP8ktCkbPJ9oe6r%2BKYrdartPL6jkqELmxl617FpVW6VtlRScNfq%2FSmH9N9y6X1Kn2j8r7ke3q1Rl1KXepWNpSRke6tzlio9CxwqwGt%2BrWqW%2FfRM%2F%2FFNndgmQPRvSQvQonx%2F3Z%2FfALFR0g639yUdi%2FT6ZvvdfKYZdqgK04%2FSvYSXSToLMrIOIiS03k3tB0T8sU16OR0PgF093g6AUI1Js4vLsLkdC4TYffkSmkYQyYIxTMouiPIeATFRuD6AZT4iQBcYOs2ks6jLW0Ktn%2FFsik7Jst%2F%2FQlVjMnyr9eRdL5ej1WvclfHeaZ0YtGLSqjeCKo9QpqfI%2Bs7UMU5eHYfShAknRJKTF7zGpHveV60Ql0qV%2FxWna0EvMFWaJNLvxW1PJ8GM2uUGkFFI8RyAGaXkFsHuXKQRw7y1EFHTCqsHkSUNqMw8ryWzzn3PM7rrYaoC89vRRQ5n2ofIEsH4PEA3BwgNQfYU4djQu4fw%2BTfw%2B6WsMKBzQi6okQhCQpLUDCCQhEUGUHRLU9EbGu2fCRim4fuPNfm2SuHOmsfsROdtWVCjtJL8sLMtT%2Be%2FQ57clJhtSgIaORSv9mgDZc33UC43GXMYzXJRQ1WlVD2Gph10Fdjcv3l35FOV%2FnZ3wjZOWx8Dq6eB8tfASuGzRoF2x36LYp%2BctaLWJKx%2Fn6V6w6ELpFmy8j2naP4krw007H2XAHJL258680C3JRITYlP1Q8E7fjh8I4uyPEdXVjy5HaaqY7qs%2Blm72Ysk0tffSD3C23E5k07%2BPIdPiWm5dk9abNbLBEqaVvyeF0JIc2GNlySp5t2R4bbud1dz02Sp7e2393Y7KRGWqt0MgJTY0Imm%2BBqTP7%2F9JPZ1b76%2BGMoM4LJS3TyCzIPKH0Onh7Apgv9VhOYeNETpg6KvByaWrj4GSuCWC4wC0vYf%2BFwUR%2FZh2gbByx7MLvVrinRjUuweACbLw2z1Fzc%2BHn%2BeBg7wzA2znEYm%2FjwylyrJhVZj2gkaU2GURBGTUZFEPlByAJXNsM6c5HZMf%2Ft8O1%2FAAAA%2F%2F8BAAD%2F%2F2WKjWiNBAAA
IP
File type ASCII text, with no line terminators
Hash 132d6af1b46048b45cf86cdee7991d31
eb7007d03d59b65bc6da7e098c4d38fc6dfb6285
ab852e838deccd742a03ca81d4a8d75cf1a00b327db3eaf46bd7da6b6db9384c
Analyzer Verdict Alert quad9 Sinkholed
GET /ren.gif?sid=H4sIAAAAAAAC%2F1RSzWsk1Rd9Nclv81Pwg9mIiL1woWA6r7qqP8oIg3GMBMdMmBmJuHv13qvOM9X1ivequjoNQpgBmWVn57JyOpmgE8TBnTAgHTeSle1CemEQ%2FwA3glulOw2td1H3njoX3rnn3s%2BP8ktCkbPJ9oe6r%2BKYrdartPL6jkqELmxl617FpVW6VtlRScNfq%2FSmH9N9y6X1Kn2j8r7ke3q1Rl1KXepWNpSRke6tzlio9CxwqwGt%2BrWqW%2FfRM%2F%2FFNndgmQPRvSQvQonx%2F3Z%2FfALFR0g639yUdi%2FT6ZvvdfKYZdqgK04%2FSvYSXSToLMrIOIiS03k3tB0T8sU16OR0PgF093g6AUI1Js4vLsLkdC4TYffkSmkYQyYIxTMouiPIeATFRuD6AZT4iQBcYOs2ks6jLW0Ktn%2FFsik7Jst%2F%2FQlVjMnyr9eRdL5ej1WvclfHeaZ0YtGLSqjeCKo9QpqfI%2Bs7UMU5eHYfShAknRJKTF7zGpHveV60Ql0qV%2FxWna0EvMFWaJNLvxW1PJ8GM2uUGkFFI8RyAGaXkFsHuXKQRw7y1EFHTCqsHkSUNqMw8ryWzzn3PM7rrYaoC89vRRQ5n2ofIEsH4PEA3BwgNQfYU4djQu4fw%2BTfw%2B6WsMKBzQi6okQhCQpLUDCCQhEUGUHRLU9EbGu2fCRim4fuPNfm2SuHOmsfsROdtWVCjtJL8sLMtT%2Be%2FQ57clJhtSgIaORSv9mgDZc33UC43GXMYzXJRQ1WlVD2Gph10Fdjcv3l35FOV%2FnZ3wjZOWx8Dq6eB8tfASuGzRoF2x36LYp%2BctaLWJKx%2Fn6V6w6ELpFmy8j2naP4krw007H2XAHJL258680C3JRITYlP1Q8E7fjh8I4uyPEdXVjy5HaaqY7qs%2Blm72Ysk0tffSD3C23E5k07%2BPIdPiWm5dk9abNbLBEqaVvyeF0JIc2GNlySp5t2R4bbud1dz02Sp7e2393Y7KRGWqt0MgJTY0Imm%2BBqTP7%2F9JPZ1b76%2BGMoM4LJS3TyCzIPKH0Onh7Apgv9VhOYeNETpg6KvByaWrj4GSuCWC4wC0vYf%2BFwUR%2FZh2gbByx7MLvVrinRjUuweACbLw2z1Fzc%2BHn%2BeBg7wzA2znEYm%2FjwylyrJhVZj2gkaU2GURBGTUZFEPlByAJXNsM6c5HZMf%2Ft8O1%2FAAAA%2F%2F8BAAD%2F%2F2WKjWiNBAAA HTTP/1.1
Host: indignationmapprohibited.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Cookie: u_pl=15600826; uid_id2=36f4333f-010e-485a-9c6a-07ce48f83409:3:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Mon, 06 Feb 2023 05:33:49 GMT
Content-Type: image/gif
Content-Length: 7
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 828a94feb8b67d8b575308d21c69238c
Strict-Transport-Security: max-age=0; includeSubdomains
d3t87ooo0697p8.cloudfront.net/?oootd=971975
200 OK 114 kB URL HTTP/2 d3t87ooo0697p8.cloudfront.net/?oootd=971975
IP
File type Unicode text, UTF-8 text, with very long lines (15955)
Size 114 kB (113864 bytes)
Hash 10bac2749d1a67b8a9efe7d362ab3333
2f2147ab6a4d70878e8044c3c60ac042416212b0
7fc5be781da79965cc4118561881966102a6c1ecab6d9224e80119a5f6f0cc7a
GET /?oootd=971975 HTTP/1.1
Host: d3t87ooo0697p8.cloudfront.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-length: 113864
date: Mon, 06 Feb 2023 05:33:49 GMT
access-control-allow-origin: *
cache-control: no-store, no-cache, proxy-revalidate, must-revalidate, private, no-transform
content-encoding: gzip
pragma: no-cache
x-cache: Miss from cloudfront
via: 1.1 bcd5dadccb0831729969c938747ff79a.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: 9nNSEmuc7iq-C6a72Tkmo2WW0ZqFFkN4iis08BKVJR7-tr1WAprz8A==
X-Firefox-Spdy: h2
mc.yandex.ru/watch/49415098?wmode=7&page-url=https%3A%2F%2Fxfantazy.com%2Fvideo%2F601edb27d7357618a3cf5cec&charset=utf-8&browser-info=pv%3A1%3Avf%3A14qzoz81s4a176hik6jd9j%3Afp%3A1343%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A960%3Acn%3A1%3Adp%3A0%3Als%3A1186222245565%3Ahid%3A560667781%3Az%3A0%3Ai%3A20230206053431%3Aet%3A1675661672%3Ac%3A1%3Arn%3A303953145%3Arqn%3A1%3Au%3A1675661672838653380%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ads%3A1%2C147%2C468%2C14%2C317%2C0%2C%2C364%2C11%2C%2C%2C%2C1339%3Aco%3A0%3Ans%3A1675661669173%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1675661672%3At%3AAlice%20Chen%2033%20Learn%20To%20Cum%20In%20Chinese%20on%20toys%20-%20XFantazy.com&t=gdpr(14)clc(0-0-0)rqnt(1)aw(1)fip(1)ti(2)
302 Found 345 B URL HTTP/2 mc.yandex.ru/watch/49415098?wmode=7&page-url=https%3A%2F%2Fxfantazy.com%2Fvideo%2F601edb27d7357618a3cf5cec&charset=utf-8&browser-info=pv%3A1%3Avf%3A14qzoz81s4a176hik6jd9j%3Afp%3A1343%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A960%3Acn%3A1%3Adp%3A0%3Als%3A1186222245565%3Ahid%3A560667781%3Az%3A0%3Ai%3A20230206053431%3Aet%3A1675661672%3Ac%3A1%3Arn%3A303953145%3Arqn%3A1%3Au%3A1675661672838653380%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ads%3A1%2C147%2C468%2C14%2C317%2C0%2C%2C364%2C11%2C%2C%2C%2C1339%3Aco%3A0%3Ans%3A1675661669173%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1675661672%3At%3AAlice%20Chen%2033%20Learn%20To%20Cum%20In%20Chinese%20on%20toys%20-%20XFantazy.com&t=gdpr(14)clc(0-0-0)rqnt(1)aw(1)fip(1)ti(2)
IP
Hash 6eac904305f0af9ac8425ba6638af743
6cc700dcc996020985e64492e8d9df7c498d861b
97a04042d25ff5aba9e8e6b99828405fc609275c375530f777a4a5d57e4cede3
GET /watch/49415098?wmode=7&page-url=https%3A%2F%2Fxfantazy.com%2Fvideo%2F601edb27d7357618a3cf5cec&charset=utf-8&browser-info=pv%3A1%3Avf%3A14qzoz81s4a176hik6jd9j%3Afp%3A1343%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A960%3Acn%3A1%3Adp%3A0%3Als%3A1186222245565%3Ahid%3A560667781%3Az%3A0%3Ai%3A20230206053431%3Aet%3A1675661672%3Ac%3A1%3Arn%3A303953145%3Arqn%3A1%3Au%3A1675661672838653380%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ads%3A1%2C147%2C468%2C14%2C317%2C0%2C%2C364%2C11%2C%2C%2C%2C1339%3Aco%3A0%3Ans%3A1675661669173%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1675661672%3At%3AAlice%20Chen%2033%20Learn%20To%20Cum%20In%20Chinese%20on%20toys%20-%20XFantazy.com&t=gdpr(14)clc(0-0-0)rqnt(1)aw(1)fip(1)ti(2) HTTP/1.1
Host: mc.yandex.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://xfantazy.com
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
location: /watch/49415098/1?wmode=7&page-url=https%3A%2F%2Fxfantazy.com%2Fvideo%2F601edb27d7357618a3cf5cec&charset=utf-8&browser-info=pv%3A1%3Avf%3A14qzoz81s4a176hik6jd9j%3Afp%3A1343%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A960%3Acn%3A1%3Adp%3A0%3Als%3A1186222245565%3Ahid%3A560667781%3Az%3A0%3Ai%3A20230206053431%3Aet%3A1675661672%3Ac%3A1%3Arn%3A303953145%3Arqn%3A1%3Au%3A1675661672838653380%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ads%3A1%2C147%2C468%2C14%2C317%2C0%2C%2C364%2C11%2C%2C%2C%2C1339%3Aco%3A0%3Ans%3A1675661669173%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1675661672%3At%3AAlice%20Chen%2033%20Learn%20To%20Cum%20In%20Chinese%20on%20toys%20-%20XFantazy.com&t=gdpr%2814%29clc%280-0-0%29rqnt%281%29aw%281%29fip%281%29ti%282%29
date: Mon, 06 Feb 2023 05:33:48 GMT
access-control-allow-origin: https://xfantazy.com
set-cookie: yabs-sid=694006781675661628; Path=/; SameSite=None; Secure
i=aAoa8r1Cbpe540qvPJd0PN6JEkJccG+R3hIGZqmV+UMidBVnDOjG4CpIWVLTta5Bphw4xa9mRlDuzwPHak/Qgg/6dqw=; Expires=Thu, 03-Feb-2033 05:33:47 GMT; Domain=.yandex.ru; Path=/; Secure; HttpOnly; SameSite=None
yandexuid=7623904211675661628; Expires=Tue, 06-Feb-2024 05:33:48 GMT; Domain=.yandex.ru; Path=/; SameSite=None; Secure
yuidss=7623904211675661628; Expires=Tue, 06-Feb-2024 05:33:48 GMT; Domain=.yandex.ru; Path=/; SameSite=None; Secure
ymex=1707197628.yc.1675661628#1707197628.yrts.1675661628#1707197628.yrtsi.1675661628; Expires=Tue, 06-Feb-2024 05:33:48 GMT; Domain=.yandex.ru; Path=/; SameSite=None; Secure
access-control-allow-credentials: true
pragma: no-cache
x-xss-protection: 1; mode=block
expires: Mon, 06-Feb-2023 05:33:48 GMT
last-modified: Mon, 06-Feb-2023 05:33:48 GMT
accept-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
200 OK 472 B IP
Hash 7afb8eb5dcbd727fb69c14bfabe20e72
d4b1cc1973e4200a371f0aa8c5ec8232d780a77b
ca0a46edfe267973b60ff163d696fe7c0e862e56ee3f90f098bf309f276c987f
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 06 Feb 2023 05:33:49 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
cdn.creative-bars1.com/sb/chat/mob/ssp/v2/new/3/css/style.css
200 OK 7.0 kB URL HTTP/2 cdn.creative-bars1.com/sb/chat/mob/ssp/v2/new/3/css/style.css
IP
Hash 2766380e0abea2a26ad41161a97d318b
12d2adb07d3ea33ec827f4411cf0ab5f56ac128f
6c094ff6aa706369cca525e0ee7753e9e249f07687fb5986c8f89293716d9a29
GET /sb/chat/mob/ssp/v2/new/3/css/style.css HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://xfantazy.com
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Mon, 06 Feb 2023 05:33:49 GMT
content-type: text/css
last-modified: Wed, 13 Jul 2022 12:13:55 GMT
etag: W/"62ceb703-1229"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 7141342
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=lk5INPjZk0u3SZQ2XZ6h4epJfbfXaCfjrnKZj6%2B9lY9YIzJzkeOUUIWztoKRPBrqkowZ0LNAJhivFNIv2JrxTeayvI8O1GFjUP04AXycFg%2FjTJnwNYUfrdD2Syqw8mbt3Q%2BeYt5D1HZO"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7951835f58d78871-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
e1.o.lencr.org/
200 OK 345 B IP
ASN #20940 Akamai International B.V.
Hash 6eac904305f0af9ac8425ba6638af743
6cc700dcc996020985e64492e8d9df7c498d861b
97a04042d25ff5aba9e8e6b99828405fc609275c375530f777a4a5d57e4cede3
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "97A04042D25FF5ABA9E8E6B99828405FC609275C375530F777A4A5D57E4CEDE3"
Last-Modified: Sat, 04 Feb 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=15607
Expires: Mon, 06 Feb 2023 09:53:56 GMT
Date: Mon, 06 Feb 2023 05:33:49 GMT
Connection: keep-alive
e1.o.lencr.org/
200 OK 345 B IP
ASN #20940 Akamai International B.V.
Hash 89a100ea773a6223d24ca5e2df477ef8
4d64028b8df107e2ee97314fd77c1508e1556d16
064ead0181ad64406bc6506f73730f522e9d4c35f1f304f3d6ca5e3ef4a342ab
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "064EAD0181AD64406BC6506F73730F522E9D4C35F1F304F3D6CA5E3EF4A342AB"
Last-Modified: Sat, 04 Feb 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9881
Expires: Mon, 06 Feb 2023 08:18:30 GMT
Date: Mon, 06 Feb 2023 05:33:49 GMT
Connection: keep-alive
ocsp.pki.goog/s/gts1p5/spQREFBZBnc
200 OK 472 B URL HTTP/1.1 ocsp.pki.goog/s/gts1p5/spQREFBZBnc
IP
Hash 370f83d62f446e388fc388bbaed2eed2
310b53f696e3b177d709b4245c42b362edc0ea75
b0b98a11d34e77a44c2edd57c51dee9896fa341f64aa249f0c8405139d087f35
POST /s/gts1p5/spQREFBZBnc HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 06 Feb 2023 05:33:49 GMT
Cache-Control: public, max-age=14400
Server: scaffolding on HTTPServer2
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 9c5cd500f3412d0bb91099f1046874e6
8e2a5b67289ca10a9b5a7f1dcc200d4ee1a748e9
af33d47f4cac0f71eedcdc9ea9f1bf5b71b4b2b8284c5e8a7a73f2aba2373d8c
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "AF33D47F4CAC0F71EEDCDC9EA9F1BF5B71B4B2B8284C5E8A7A73F2ABA2373D8C"
Last-Modified: Sun, 05 Feb 2023 13:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=15722
Expires: Mon, 06 Feb 2023 09:55:51 GMT
Date: Mon, 06 Feb 2023 05:33:49 GMT
Connection: keep-alive
ocsp.pki.goog/s/gts1p5/spQREFBZBnc
200 OK 472 B URL HTTP/1.1 ocsp.pki.goog/s/gts1p5/spQREFBZBnc
IP
Hash 370f83d62f446e388fc388bbaed2eed2
310b53f696e3b177d709b4245c42b362edc0ea75
b0b98a11d34e77a44c2edd57c51dee9896fa341f64aa249f0c8405139d087f35
POST /s/gts1p5/spQREFBZBnc HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 06 Feb 2023 05:33:49 GMT
Cache-Control: public, max-age=14400
Server: scaffolding on HTTPServer2
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
mc.yandex.ru/watch/49415098/1?page-url=https%3A%2F%2Fxfantazy.com%2Fvideo%2F601edb27d7357618a3cf5cec&charset=utf-8&hittoken=1675661628_fbea76d3929791eaa32e06a6349827cbf3e158fc32fabaa8647177f4d214624f&browser-info=pa%3A1%3Aar%3A1%3Avf%3A14qzoz81s4a176hik6jd9j%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A960%3Acn%3A1%3Adp%3A0%3Als%3A1186222245565%3Ahid%3A560667781%3Az%3A0%3Ai%3A20230206053432%3Aet%3A1675661673%3Ac%3A1%3Arn%3A547673287%3Arqn%3A6%3Au%3A1675661672838653380%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Aco%3A0%3Aeu%3A1%3Ans%3A1675661669173%3Aadb%3A2%3Ast%3A1675661673&t=gdpr(14)mc(p-3-h-1)clc(0-0-0)rqnt(6)aw(1)ti(2)
200 OK 43 B URL HTTP/2 mc.yandex.ru/watch/49415098/1?page-url=https%3A%2F%2Fxfantazy.com%2Fvideo%2F601edb27d7357618a3cf5cec&charset=utf-8&hittoken=1675661628_fbea76d3929791eaa32e06a6349827cbf3e158fc32fabaa8647177f4d214624f&browser-info=pa%3A1%3Aar%3A1%3Avf%3A14qzoz81s4a176hik6jd9j%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A960%3Acn%3A1%3Adp%3A0%3Als%3A1186222245565%3Ahid%3A560667781%3Az%3A0%3Ai%3A20230206053432%3Aet%3A1675661673%3Ac%3A1%3Arn%3A547673287%3Arqn%3A6%3Au%3A1675661672838653380%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Aco%3A0%3Aeu%3A1%3Ans%3A1675661669173%3Aadb%3A2%3Ast%3A1675661673&t=gdpr(14)mc(p-3-h-1)clc(0-0-0)rqnt(6)aw(1)ti(2)
IP
File type GIF image data, version 89a, 1 x 1\012- data
Hash df3e567d6f16d040326c7a0ea29a4f41
ea7df583983133b62712b5e73bffbcd45cc53736
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
POST /watch/49415098/1?page-url=https%3A%2F%2Fxfantazy.com%2Fvideo%2F601edb27d7357618a3cf5cec&charset=utf-8&hittoken=1675661628_fbea76d3929791eaa32e06a6349827cbf3e158fc32fabaa8647177f4d214624f&browser-info=pa%3A1%3Aar%3A1%3Avf%3A14qzoz81s4a176hik6jd9j%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A960%3Acn%3A1%3Adp%3A0%3Als%3A1186222245565%3Ahid%3A560667781%3Az%3A0%3Ai%3A20230206053432%3Aet%3A1675661673%3Ac%3A1%3Arn%3A547673287%3Arqn%3A6%3Au%3A1675661672838653380%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Aco%3A0%3Aeu%3A1%3Ans%3A1675661669173%3Aadb%3A2%3Ast%3A1675661673&t=gdpr(14)mc(p-3-h-1)clc(0-0-0)rqnt(6)aw(1)ti(2) HTTP/1.1
Host: mc.yandex.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Content-Length: 39
Origin: https://xfantazy.com
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-length: 43
date: Mon, 06 Feb 2023 05:33:49 GMT
access-control-allow-origin: https://xfantazy.com
access-control-allow-credentials: true
pragma: no-cache
x-xss-protection: 1; mode=block
expires: Mon, 06-Feb-2023 05:33:49 GMT
last-modified: Mon, 06-Feb-2023 05:33:49 GMT
accept-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
content-type: image/gif
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
ocsp.pki.goog/s/gts1p5/spQREFBZBnc
200 OK 472 B URL HTTP/1.1 ocsp.pki.goog/s/gts1p5/spQREFBZBnc
IP
Hash 370f83d62f446e388fc388bbaed2eed2
310b53f696e3b177d709b4245c42b362edc0ea75
b0b98a11d34e77a44c2edd57c51dee9896fa341f64aa249f0c8405139d087f35
POST /s/gts1p5/spQREFBZBnc HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 06 Feb 2023 05:33:49 GMT
Cache-Control: public, max-age=14400
Server: scaffolding on HTTPServer2
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
mc.yandex.ru/watch/49415098/1?page-url=https%3A%2F%2Fxfantazy.com%2Fvideo%2F601edb27d7357618a3cf5cec&charset=utf-8&hittoken=1675661628_fbea76d3929791eaa32e06a6349827cbf3e158fc32fabaa8647177f4d214624f&browser-info=pv%3A1%3Aar%3A1%3Avf%3A14qzoz81s4a176hik6jd9j%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A960%3Acn%3A1%3Adp%3A0%3Als%3A1186222245565%3Ahid%3A560667781%3Az%3A0%3Ai%3A20230206053432%3Aet%3A1675661673%3Ac%3A1%3Arn%3A108342326%3Arqn%3A5%3Au%3A1675661672838653380%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Aco%3A0%3Aeu%3A1%3Ans%3A1675661669173%3Aadb%3A2%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1675661673%3At%3AAlice%20Chen%2033%20Learn%20To%20Cum%20In%20Chinese%20on%20toys%20-%20XFantazy.com&t=gdpr%2814%29mc%28p-3%29clc%280-0-0%29rqnt%285%29aw%281%29fip%281%29ti%282%29
200 OK 1.2 kB URL HTTP/2 mc.yandex.ru/watch/49415098/1?page-url=https%3A%2F%2Fxfantazy.com%2Fvideo%2F601edb27d7357618a3cf5cec&charset=utf-8&hittoken=1675661628_fbea76d3929791eaa32e06a6349827cbf3e158fc32fabaa8647177f4d214624f&browser-info=pv%3A1%3Aar%3A1%3Avf%3A14qzoz81s4a176hik6jd9j%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A960%3Acn%3A1%3Adp%3A0%3Als%3A1186222245565%3Ahid%3A560667781%3Az%3A0%3Ai%3A20230206053432%3Aet%3A1675661673%3Ac%3A1%3Arn%3A108342326%3Arqn%3A5%3Au%3A1675661672838653380%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Aco%3A0%3Aeu%3A1%3Ans%3A1675661669173%3Aadb%3A2%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1675661673%3At%3AAlice%20Chen%2033%20Learn%20To%20Cum%20In%20Chinese%20on%20toys%20-%20XFantazy.com&t=gdpr%2814%29mc%28p-3%29clc%280-0-0%29rqnt%285%29aw%281%29fip%281%29ti%282%29
IP
Hash da704e7f82111661e056986f61636c45
d81383a8d8b13aa6727dd692336888e0b99759ae
8684cd89085c0da0dfab6b12a17ef185c4354cad23c80f4a5679b74469ec7c69
GET /watch/49415098/1?page-url=https%3A%2F%2Fxfantazy.com%2Fvideo%2F601edb27d7357618a3cf5cec&charset=utf-8&hittoken=1675661628_fbea76d3929791eaa32e06a6349827cbf3e158fc32fabaa8647177f4d214624f&browser-info=pv%3A1%3Aar%3A1%3Avf%3A14qzoz81s4a176hik6jd9j%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A960%3Acn%3A1%3Adp%3A0%3Als%3A1186222245565%3Ahid%3A560667781%3Az%3A0%3Ai%3A20230206053432%3Aet%3A1675661673%3Ac%3A1%3Arn%3A108342326%3Arqn%3A5%3Au%3A1675661672838653380%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Aco%3A0%3Aeu%3A1%3Ans%3A1675661669173%3Aadb%3A2%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1675661673%3At%3AAlice%20Chen%2033%20Learn%20To%20Cum%20In%20Chinese%20on%20toys%20-%20XFantazy.com&t=gdpr%2814%29mc%28p-3%29clc%280-0-0%29rqnt%285%29aw%281%29fip%281%29ti%282%29 HTTP/1.1
Host: mc.yandex.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://xfantazy.com
Referer: https://xfantazy.com/
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-length: 43
date: Mon, 06 Feb 2023 05:33:49 GMT
access-control-allow-origin: https://xfantazy.com
access-control-allow-credentials: true
pragma: no-cache
x-xss-protection: 1; mode=block
expires: Mon, 06-Feb-2023 05:33:49 GMT
last-modified: Mon, 06-Feb-2023 05:33:49 GMT
accept-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
content-type: image/gif
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
tomladvert.com/eTkyRzAYW1EqDxgEUGFFC1UPYgI/HAABVEpNCnBfFlYCcQlOSQppUxVWRyNWC1ZcMx4XXEZiAj99YRFAO11qEkE3agoTYxMJSA1lEXRUKkRNaFkFRjR9eyZ3A1VcCVoaaXYtekt7ShZpMEF7CnQ4cAcdRzxpfhBUAWxKLF83emgOZQBOAg5bEXxQPUMVfwIvCR99ZwF3EHNcCXIKa34DRxZ+SgZEH31jEmM6aAMISA5jeBNEEmtICQgdcXQWYkpVSwlYDlt+E2VLe14FBxhQCgVlMU1DJHUvW1cfCQB3AwUHGFNrJHdKAEcddSAKUABYAX1nCQkfCh8OAyxxRjZ9DndjIlgNTmASchdYXy9hKwpZfno7YFcNXkBDf3dUTFgBAXYrcV41ajxddAtKNEN3BX0UcF8VeDQKWjZUP010JUlAAWAGFhNKXSlARE5wPXcRDkAmYQBqSz57Gg
200 OK 1.9 kB URL HTTP/2 tomladvert.com/eTkyRzAYW1EqDxgEUGFFC1UPYgI/HAABVEpNCnBfFlYCcQlOSQppUxVWRyNWC1ZcMx4XXEZiAj99YRFAO11qEkE3agoTYxMJSA1lEXRUKkRNaFkFRjR9eyZ3A1VcCVoaaXYtekt7ShZpMEF7CnQ4cAcdRzxpfhBUAWxKLF83emgOZQBOAg5bEXxQPUMVfwIvCR99ZwF3EHNcCXIKa34DRxZ+SgZEH31jEmM6aAMISA5jeBNEEmtICQgdcXQWYkpVSwlYDlt+E2VLe14FBxhQCgVlMU1DJHUvW1cfCQB3AwUHGFNrJHdKAEcddSAKUABYAX1nCQkfCh8OAyxxRjZ9DndjIlgNTmASchdYXy9hKwpZfno7YFcNXkBDf3dUTFgBAXYrcV41ajxddAtKNEN3BX0UcF8VeDQKWjZUP010JUlAAWAGFhNKXSlARE5wPXcRDkAmYQBqSz57Gg
IP
File type ASCII text, with very long lines (3048)
Hash 41b43eaf49c86bc5e19b73f5b6c0ac1b
9f7e7378c897654e3c64d28282660c1e6c37531e
819ab7ca79905428ec3f220cf24fd7eb913a6231e82c9684f232608a3ab8b17d
GET /eTkyRzAYW1EqDxgEUGFFC1UPYgI/HAABVEpNCnBfFlYCcQlOSQppUxVWRyNWC1ZcMx4XXEZiAj99YRFAO11qEkE3agoTYxMJSA1lEXRUKkRNaFkFRjR9eyZ3A1VcCVoaaXYtekt7ShZpMEF7CnQ4cAcdRzxpfhBUAWxKLF83emgOZQBOAg5bEXxQPUMVfwIvCR99ZwF3EHNcCXIKa34DRxZ+SgZEH31jEmM6aAMISA5jeBNEEmtICQgdcXQWYkpVSwlYDlt+E2VLe14FBxhQCgVlMU1DJHUvW1cfCQB3AwUHGFNrJHdKAEcddSAKUABYAX1nCQkfCh8OAyxxRjZ9DndjIlgNTmASchdYXy9hKwpZfno7YFcNXkBDf3dUTFgBAXYrcV41ajxddAtKNEN3BX0UcF8VeDQKWjZUP010JUlAAWAGFhNKXSlARE5wPXcRDkAmYQBqSz57Gg HTTP/1.1
Host: tomladvert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/html
content-length: 1198
date: Mon, 06 Feb 2023 05:33:49 GMT
server: openresty/1.17.8.2
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
content-encoding: gzip
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
x-cache: Miss from cloudfront
via: 1.1 80d21802b1b80c40e55ccf83433b8eac.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: QCLspVSohSye4pcXa9u7wx36VnnyLBkOcMT2QNA7h012IXNxajkhoQ==
X-Firefox-Spdy: h2
tomladvert.com/Q3dQVHQiFTM5SyJKMnIBMRttcUYFUmISEHADaGMbLBhgYk10B2h6Fy8YJTASMRg+IFotEiRxRgUeNQNBMSUUHRUCJgU9MBJHGBBHKDsEOEUlFCcSEgE1NyYsAhsEBBo7GhcsGxE+Y2UkC0dgIycBRgQDRgkSFxU1DhICBRcCNjhhNXJPABANGicEARMmPQFsIQIlFSAsKyIAABoZRwQRNiEuARY+ER8nICwBRxIcMCAvA2VABToSMDgbGyBkPAYbHAM1Gi8DZUAgOwYsJBQcZWcXBQ8zAw40MgQBABo1ODA4Gx87LTJzGCYDGhI/BmVBAC4BFj4AJn1gGhQlChgjEj4RByJ6FTQVOgkvYGFGAh9oHDMQMQUSHBk4NDomCi88YQUCG2g2Ii0idj4HLBkgaSF7IzIgDiQ4ZiU
200 OK 1.2 kB URL HTTP/2 tomladvert.com/Q3dQVHQiFTM5SyJKMnIBMRttcUYFUmISEHADaGMbLBhgYk10B2h6Fy8YJTASMRg+IFotEiRxRgUeNQNBMSUUHRUCJgU9MBJHGBBHKDsEOEUlFCcSEgE1NyYsAhsEBBo7GhcsGxE+Y2UkC0dgIycBRgQDRgkSFxU1DhICBRcCNjhhNXJPABANGicEARMmPQFsIQIlFSAsKyIAABoZRwQRNiEuARY+ER8nICwBRxIcMCAvA2VABToSMDgbGyBkPAYbHAM1Gi8DZUAgOwYsJBQcZWcXBQ8zAw40MgQBABo1ODA4Gx87LTJzGCYDGhI/BmVBAC4BFj4AJn1gGhQlChgjEj4RByJ6FTQVOgkvYGFGAh9oHDMQMQUSHBk4NDomCi88YQUCG2g2Ii0idj4HLBkgaSF7IzIgDiQ4ZiU
IP
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (3016), with no line terminators
Hash 8d8e6e37916027c0fe90574a4d23a439
635c1d38ab0f1f47fd4cf47199a3335849ae4746
6ad5b484881b6750b1f511209bd379c96147b2120cc35923f24d58624c3425f4
GET /Q3dQVHQiFTM5SyJKMnIBMRttcUYFUmISEHADaGMbLBhgYk10B2h6Fy8YJTASMRg+IFotEiRxRgUeNQNBMSUUHRUCJgU9MBJHGBBHKDsEOEUlFCcSEgE1NyYsAhsEBBo7GhcsGxE+Y2UkC0dgIycBRgQDRgkSFxU1DhICBRcCNjhhNXJPABANGicEARMmPQFsIQIlFSAsKyIAABoZRwQRNiEuARY+ER8nICwBRxIcMCAvA2VABToSMDgbGyBkPAYbHAM1Gi8DZUAgOwYsJBQcZWcXBQ8zAw40MgQBABo1ODA4Gx87LTJzGCYDGhI/BmVBAC4BFj4AJn1gGhQlChgjEj4RByJ6FTQVOgkvYGFGAh9oHDMQMQUSHBk4NDomCi88YQUCG2g2Ii0idj4HLBkgaSF7IzIgDiQ4ZiU HTTP/1.1
Host: tomladvert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: text/html
content-length: 1169
date: Mon, 06 Feb 2023 05:33:49 GMT
server: openresty/1.17.8.2
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
content-encoding: gzip
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
x-cache: Miss from cloudfront
via: 1.1 80d21802b1b80c40e55ccf83433b8eac.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: CYKgh0RyyI39FKLr2AJA0NXd027yaYfS3moFHjzYGG_Czf5FSW5CDw==
X-Firefox-Spdy: h2
tomladvert.com/VlNVNlU3MTZbajduNxAgJD9oE2cQdmdwMWUnbQE6OTxlAGxhI20YNjo8IFIzJDw7Qns4NiETZxA3A0wxFDcRVWUBEG1lFhUdMHwAPRwMZwMuAQR4LQ4HHFQCBTAefywyNBFhAywbMndlEwcAeQBkPB1sLT4EGmAXbgY5f2AAGy1wEAIJAX9lPRc2YxguFGROJAEpBGABPwU3eRQMFBpkEGYVBFljARcmUgIsJwJsEAwrDF45LgYEYDseKQxSAgIdDHgyNQAPZzYgEhd8ORRgF3MSATAGVT8PAA9nNmQbA1o9F2EHfjEOGhNVBCERDE4fLx09fDkUKXh7FhM+BwQ2EwIWUwQyPABnAzgGFmcNDhcyZTYsGhNsIgwrB3cPOBE4ZBIUKRNTGC4VB3kQbzgHWBM7EWZkNBRgE3UzEwZzXCY5PSULNwUED2RnPGQ2
200 OK 1.2 kB URL HTTP/2 tomladvert.com/VlNVNlU3MTZbajduNxAgJD9oE2cQdmdwMWUnbQE6OTxlAGxhI20YNjo8IFIzJDw7Qns4NiETZxA3A0wxFDcRVWUBEG1lFhUdMHwAPRwMZwMuAQR4LQ4HHFQCBTAefywyNBFhAywbMndlEwcAeQBkPB1sLT4EGmAXbgY5f2AAGy1wEAIJAX9lPRc2YxguFGROJAEpBGABPwU3eRQMFBpkEGYVBFljARcmUgIsJwJsEAwrDF45LgYEYDseKQxSAgIdDHgyNQAPZzYgEhd8ORRgF3MSATAGVT8PAA9nNmQbA1o9F2EHfjEOGhNVBCERDE4fLx09fDkUKXh7FhM+BwQ2EwIWUwQyPABnAzgGFmcNDhcyZTYsGhNsIgwrB3cPOBE4ZBIUKRNTGC4VB3kQbzgHWBM7EWZkNBRgE3UzEwZzXCY5PSULNwUED2RnPGQ2
IP
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (3035), with no line terminators
Hash 796f18e60bb6e7f6b740cfa09837f276
9748c45d051ff82b479e56b57721e09d00dff10a
7875dba22a39983e7354b4579b50c82184ec98004814a6de8a8b5a8d3eebfc92
GET /VlNVNlU3MTZbajduNxAgJD9oE2cQdmdwMWUnbQE6OTxlAGxhI20YNjo8IFIzJDw7Qns4NiETZxA3A0wxFDcRVWUBEG1lFhUdMHwAPRwMZwMuAQR4LQ4HHFQCBTAefywyNBFhAywbMndlEwcAeQBkPB1sLT4EGmAXbgY5f2AAGy1wEAIJAX9lPRc2YxguFGROJAEpBGABPwU3eRQMFBpkEGYVBFljARcmUgIsJwJsEAwrDF45LgYEYDseKQxSAgIdDHgyNQAPZzYgEhd8ORRgF3MSATAGVT8PAA9nNmQbA1o9F2EHfjEOGhNVBCERDE4fLx09fDkUKXh7FhM+BwQ2EwIWUwQyPABnAzgGFmcNDhcyZTYsGhNsIgwrB3cPOBE4ZBIUKRNTGC4VB3kQbzgHWBM7EWZkNBRgE3UzEwZzXCY5PSULNwUED2RnPGQ2 HTTP/1.1
Host: tomladvert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: text/html
content-length: 1185
date: Mon, 06 Feb 2023 05:33:49 GMT
server: openresty/1.17.8.2
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
content-encoding: gzip
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
x-cache: Miss from cloudfront
via: 1.1 80d21802b1b80c40e55ccf83433b8eac.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: onubU8Qc8_Mr2GVpLvbZhVTrM9E5donQk2JJ2KrLz-gaS6U84tCFng==
X-Firefox-Spdy: h2
ocsp.pki.goog/s/gts1p5/spQREFBZBnc
200 OK 472 B URL HTTP/1.1 ocsp.pki.goog/s/gts1p5/spQREFBZBnc
IP
Hash 370f83d62f446e388fc388bbaed2eed2
310b53f696e3b177d709b4245c42b362edc0ea75
b0b98a11d34e77a44c2edd57c51dee9896fa341f64aa249f0c8405139d087f35
POST /s/gts1p5/spQREFBZBnc HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 06 Feb 2023 05:33:49 GMT
Cache-Control: public, max-age=14400
Server: scaffolding on HTTPServer2
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
cdn.cloudimagesb.com/si/4f/21/b6/4f21b6f8926b18cc8cec37ffa47004e5/1671506253.png
200 OK 80 kB URL HTTP/2 cdn.cloudimagesb.com/si/4f/21/b6/4f21b6f8926b18cc8cec37ffa47004e5/1671506253.png
IP
ASN #39572 DataWeb Global Group B.V.
File type PNG image data, 192 x 192, 8-bit/color RGBA, non-interlaced\012- data
Hash 422ab27df20d8765e0fcd3aa74306f6b
3b69a90b3d1a5bd964280b7bad97c2a5baaa6951
9f2c6b29335b1545ddfa2f7e84286472468f737e1d73f6f0562babac6e3afa5a
GET /si/4f/21/b6/4f21b6f8926b18cc8cec37ffa47004e5/1671506253.png HTTP/1.1
Host: cdn.cloudimagesb.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Mon, 06 Feb 2023 05:33:49 GMT
content-type: image/png
content-length: 79704
server: nginx/1.17.6
last-modified: Tue, 20 Dec 2022 03:17:41 GMT
etag: "63a12955-13758"
expires: Wed, 08 Feb 2023 05:33:49 GMT
cache-control: max-age=172800
x-proxy-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
a.naturalhealthsource.club/api/spots/289411?host=xfantazy.com&ev=204&wh=939&ww=1280&uuid=
200 OK 0 B URL HTTP/2 a.naturalhealthsource.club/api/spots/289411?host=xfantazy.com&ev=204&wh=939&ww=1280&uuid=
IP
ASN #24940 Hetzner Online GmbH
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /api/spots/289411?host=xfantazy.com&ev=204&wh=939&ww=1280&uuid= HTTP/1.1
Host: a.naturalhealthsource.club
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Mon, 06 Feb 2023 05:33:49 GMT
content-length: 0
set-cookie: nauid=rEsMAsSkYTwyv1ps1u8f; Path=/; Expires=Wed, 11 Nov 2037 11:11:11 GMT; Secure; SameSite=None
cache-control: private
X-Firefox-Spdy: h2
e1.o.lencr.org/
200 OK 345 B IP
ASN #20940 Akamai International B.V.
Hash 89a100ea773a6223d24ca5e2df477ef8
4d64028b8df107e2ee97314fd77c1508e1556d16
064ead0181ad64406bc6506f73730f522e9d4c35f1f304f3d6ca5e3ef4a342ab
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "064EAD0181AD64406BC6506F73730F522E9D4C35F1F304F3D6CA5E3EF4A342AB"
Last-Modified: Sat, 04 Feb 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9881
Expires: Mon, 06 Feb 2023 08:18:30 GMT
Date: Mon, 06 Feb 2023 05:33:49 GMT
Connection: keep-alive
a.naturalhealthsource.club/api/spots/380873?host=xfantazy.com&ev=204&wh=939&ww=1280&uuid=
200 OK 0 B URL HTTP/2 a.naturalhealthsource.club/api/spots/380873?host=xfantazy.com&ev=204&wh=939&ww=1280&uuid=
IP
ASN #24940 Hetzner Online GmbH
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /api/spots/380873?host=xfantazy.com&ev=204&wh=939&ww=1280&uuid= HTTP/1.1
Host: a.naturalhealthsource.club
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Mon, 06 Feb 2023 05:33:49 GMT
content-length: 0
set-cookie: nauid=twDdxOxdLbQs4xZ6iVEN; Path=/; Expires=Wed, 11 Nov 2037 11:11:11 GMT; Secure; SameSite=None
cache-control: private
X-Firefox-Spdy: h2
a.naturalhealthsource.club/api/spots/406858?host=xfantazy.com&ev=204&wh=939&ww=1280&uuid=
200 OK 0 B URL HTTP/2 a.naturalhealthsource.club/api/spots/406858?host=xfantazy.com&ev=204&wh=939&ww=1280&uuid=
IP
ASN #24940 Hetzner Online GmbH
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /api/spots/406858?host=xfantazy.com&ev=204&wh=939&ww=1280&uuid= HTTP/1.1
Host: a.naturalhealthsource.club
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Mon, 06 Feb 2023 05:33:49 GMT
content-length: 0
set-cookie: nauid=tXE2jfv7A2gsQkeMUqSj; Path=/; Expires=Wed, 11 Nov 2037 11:11:11 GMT; Secure; SameSite=None
cache-control: private
X-Firefox-Spdy: h2
a.naturalhealthsource.club/api/spots/391860?host=xfantazy.com&ev=204&wh=939&ww=1280&uuid=
200 OK 0 B URL HTTP/2 a.naturalhealthsource.club/api/spots/391860?host=xfantazy.com&ev=204&wh=939&ww=1280&uuid=
IP
ASN #24940 Hetzner Online GmbH
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /api/spots/391860?host=xfantazy.com&ev=204&wh=939&ww=1280&uuid= HTTP/1.1
Host: a.naturalhealthsource.club
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Mon, 06 Feb 2023 05:33:49 GMT
content-length: 0
set-cookie: nauid=KvXNypSNdxFKThmzsNz3; Path=/; Expires=Wed, 11 Nov 2037 11:11:11 GMT; Secure; SameSite=None
cache-control: private
X-Firefox-Spdy: h2
cdn.cloudimagesb.com/si/59/92/d7/5992d7e81c8c076d0f9c30e952fcb498/1671506223.png
200 OK 78 kB URL HTTP/2 cdn.cloudimagesb.com/si/59/92/d7/5992d7e81c8c076d0f9c30e952fcb498/1671506223.png
IP
ASN #39572 DataWeb Global Group B.V.
File type PNG image data, 192 x 192, 8-bit/color RGBA, non-interlaced\012- data
Hash da6e8937f3fcec61da25fb1ea7f619e8
c1f12b107da32a253a8cd69ded672148eeda5743
29b3dcf70160206a05807816cf001886c4715a0fa27bf39170909041a50a2c6e
GET /si/59/92/d7/5992d7e81c8c076d0f9c30e952fcb498/1671506223.png HTTP/1.1
Host: cdn.cloudimagesb.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Mon, 06 Feb 2023 05:33:49 GMT
content-type: image/png
content-length: 78410
server: nginx/1.17.6
last-modified: Tue, 20 Dec 2022 03:17:11 GMT
etag: "63a12937-1324a"
expires: Wed, 08 Feb 2023 05:33:49 GMT
cache-control: max-age=172800
x-proxy-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
dtoottuleringwe.xyz/M3lZZHIcRjoXT1YsFxw8XxESBxliPQAxMEsrCD4BYDEDLjYBCn8QG1dEYFJAA0htQgJaHWRVVEANOBAHQERoQhtdHzZZVEVEaEpBB1dqVVwBXyxZQxUNKQUVDkh/FAZHFWRVRARMb1JDBU5rXUoG
204 No Content 0 B URL HTTP/2 dtoottuleringwe.xyz/M3lZZHIcRjoXT1YsFxw8XxESBxliPQAxMEsrCD4BYDEDLjYBCn8QG1dEYFJAA0htQgJaHWRVVEANOBAHQERoQhtdHzZZVEVEaEpBB1dqVVwBXyxZQxUNKQUVDkh/FAZHFWRVRARMb1JDBU5rXUoG
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /M3lZZHIcRjoXT1YsFxw8XxESBxliPQAxMEsrCD4BYDEDLjYBCn8QG1dEYFJAA0htQgJaHWRVVEANOBAHQERoQhtdHzZZVEVEaEpBB1dqVVwBXyxZQxUNKQUVDkh/FAZHFWRVRARMb1JDBU5rXUoG HTTP/1.1
Host: dtoottuleringwe.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 204 No Content
date: Mon, 06 Feb 2023 05:33:49 GMT
access-control-allow-origin: *
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=5t3e8OjPC3W87ggErTZT6pZ3K9WcNTsnthxzHr%2BgK0QsztHz1zuFhiYknWLQRtma7WQXkNP2vVHZTY1ibs44ZQlNWDKg6xdKrjXs%2FGJZK3XGk2D2RAtaT2TJqRwyfKvFJ5SUXcqZ"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 795183605fed0b02-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
dtoottuleringwe.xyz/RFhTVUdrZzAmehBqNw8VdihqDSpxLwsNIxwBGxsiIGkVJCMoaHUhLiBlamJ2fW9mczctPG5mdWIrJzQzMStuZ3d0b3U8KSI3bmRhMmVje35qaX1lYTFlYnMzNDk0aHZiKCchK3lpZWJycm5iY3B2YWBt
204 No Content 0 B URL HTTP/2 dtoottuleringwe.xyz/RFhTVUdrZzAmehBqNw8VdihqDSpxLwsNIxwBGxsiIGkVJCMoaHUhLiBlamJ2fW9mczctPG5mdWIrJzQzMStuZ3d0b3U8KSI3bmRhMmVje35qaX1lYTFlYnMzNDk0aHZiKCchK3lpZWJycm5iY3B2YWBt
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /RFhTVUdrZzAmehBqNw8VdihqDSpxLwsNIxwBGxsiIGkVJCMoaHUhLiBlamJ2fW9mczctPG5mdWIrJzQzMStuZ3d0b3U8KSI3bmRhMmVje35qaX1lYTFlYnMzNDk0aHZiKCchK3lpZWJycm5iY3B2YWBt HTTP/1.1
Host: dtoottuleringwe.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 204 No Content
date: Mon, 06 Feb 2023 05:33:49 GMT
access-control-allow-origin: *
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Tkxdi8uzIQMO52RpdBgNF4qpjPkcDSojhFFpNjsGw3y9jP%2FzwxwRzqHvgouvc1Hy2%2BIS1kfH4sU6%2F8fACRUADqANwzdQBgsFDR7EG5BHtmetLZ%2FksGueLiC8ruOXKjsNMLjBHvrQ"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 795183605fea0b02-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
cdn.creative-bars1.com/sb/chat/mob/ssp/v2/new/3/css/animate.css
200 OK 4.9 kB URL HTTP/2 cdn.creative-bars1.com/sb/chat/mob/ssp/v2/new/3/css/animate.css
IP
Hash 3674a1cb86daab116b5846fd66b927bd
67879f775f61d0ee60c4e603e1c26c356e50fa30
110f259337068c4c1543bdf6c90cc8f59f3cd9895a83c3c4171f988af2d3e070
GET /sb/chat/mob/ssp/v2/new/3/css/animate.css HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://xfantazy.com
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Mon, 06 Feb 2023 05:33:49 GMT
content-type: text/css
last-modified: Wed, 13 Jul 2022 12:13:56 GMT
etag: W/"62ceb704-135d1"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 7141342
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=31efN3QsaYOUqtrw8pgF9udJLX4QcDVMSU6vhcNlzhGasjuRVvevB0w2YDTKvqlGiEAaqIphbwUFn4H9DFyiXtnVCWvM%2FUgPn98X7fr0yKwBKgaL8kq8AZ66LGMIgSsoyx1gv0pnUbO%2B"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7951835f58d68871-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
dtoottuleringwe.xyz/Ymp4NW9NVRtGUgY/KQQ4NDAwUz4oHyFgXlIuPwQGNjIxcg4lL15BBgZXQQJeW11NEx8LDkUGXUQZDFQbFxlFBEkLBB5aUkQcRQVBW0RJG19EH0UESRYaGVJSU0wIQRsOV0kDWFdcTgRZVVhBBlo
204 No Content 0 B URL HTTP/2 dtoottuleringwe.xyz/Ymp4NW9NVRtGUgY/KQQ4NDAwUz4oHyFgXlIuPwQGNjIxcg4lL15BBgZXQQJeW11NEx8LDkUGXUQZDFQbFxlFBEkLBB5aUkQcRQVBW0RJG19EH0UESRYaGVJSU0wIQRsOV0kDWFdcTgRZVVhBBlo
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /Ymp4NW9NVRtGUgY/KQQ4NDAwUz4oHyFgXlIuPwQGNjIxcg4lL15BBgZXQQJeW11NEx8LDkUGXUQZDFQbFxlFBEkLBB5aUkQcRQVBW0RJG19EH0UESRYaGVJSU0wIQRsOV0kDWFdcTgRZVVhBBlo HTTP/1.1
Host: dtoottuleringwe.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 204 No Content
date: Mon, 06 Feb 2023 05:33:49 GMT
access-control-allow-origin: *
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=TZmvGvK6W8bS8myON7nTIsezdavxFutcOP2yVhv7Ti8g%2BUeaVzkQL3vSjE84kZANbO%2FA9Ex9nVI0lx4mjYJ90xDjy5wpcknGgMNc5FhmGSocNj5Kjx7wno8jk6x%2FUalFHHWXikuo"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 79518360e81f0b02-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
cdn.creative-bars1.com/sb/chat/mob/ssp/v2/new/3/js/script.js
200 OK 512 B URL HTTP/2 cdn.creative-bars1.com/sb/chat/mob/ssp/v2/new/3/js/script.js
IP
Hash d83c772821e736c5ecb30c0e0ccd41cf
e98ca9e3c0b0ebafe403f06a0b3f1e0116227ff7
4711bf63d7e47afce0e2720f8d27c358b0fd2d7030e53c987c68988505801de8
GET /sb/chat/mob/ssp/v2/new/3/js/script.js HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://xfantazy.com
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Mon, 06 Feb 2023 05:33:49 GMT
content-type: application/javascript
last-modified: Wed, 13 Jul 2022 12:13:56 GMT
etag: W/"62ceb704-17f"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 7141341
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=tuTpsbv8hFj1wgAoTO9WtVbvYbHmu0EN7juAc21kHbplcg6gqJD2jCu5sWqJnmGawi5w9UEHIi%2BzNxMe5223Wz9vesOpxNV85L32UwCU%2BdenkmitKJ42KWYkTZIuUIkR6B3PoauOCK%2F%2B"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7951836049b38871-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.digicert.com/
200 OK 471 B IP
Hash 1c08839b04520623798a6d3752711147
535035b7350cf8a4324eb69ffda7dfaaa1a29918
5ddf0cfbfe95f4690768f8ca167dcdd47f0fa7c6d076cbee0bdb225bba697429
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4797
Cache-Control: max-age=146115
Content-Type: application/ocsp-response
Date: Mon, 06 Feb 2023 05:33:49 GMT
Etag: "63e01643-1d7"
Expires: Tue, 07 Feb 2023 22:09:04 GMT
Last-Modified: Sun, 05 Feb 2023 20:49:07 GMT
Server: ECS (ska/F704)
X-Cache: HIT
Content-Length: 471
ocsp.pki.goog/gts1c3
200 OK 471 B IP
Hash e11dcc5ae62e80e09454f987c9fc4d3b
e6ce4f8560d4b052dca404233a2d89c7461403db
8d96a6a878fa54929ee16347f98ef4569fd956f4dc0f969ba0c602f8ded9cda5
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 06 Feb 2023 05:33:49 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
d3t87ooo0697p8.cloudfront.net/dVzdBdDc0WC8SCCNeJUkOYQVxRQNxXTIbWScKIydgDWVzHgA0ETUOU2oHZxhWOVB8UlI5VHxFETZTI0kDcUMxG1xqWzQVTiVbOAZGORE0FQo6WDsdWztWZEZxYhlxUQVnHzYdWTNYNgcSZQcvABJlB3BEGWcScjYSZQc2HVlhA2RHdXIFcQwBYxJyNhJlBz-MCEmR2cEQCeQdoUQVnUCQXXDgSczIFZwZxRAZnBmRGBzFeMxFROE9kRnFmB3RaB3FCfEU
200 OK 575 B URL HTTP/2 d3t87ooo0697p8.cloudfront.net/dVzdBdDc0WC8SCCNeJUkOYQVxRQNxXTIbWScKIydgDWVzHgA0ETUOU2oHZxhWOVB8UlI5VHxFETZTI0kDcUMxG1xqWzQVTiVbOAZGORE0FQo6WDsdWztWZEZxYhlxUQVnHzYdWTNYNgcSZQcvABJlB3BEGWcScjYSZQc2HVlhA2RHdXIFcQwBYxJyNhJlBz-MCEmR2cEQCeQdoUQVnUCQXXDgSczIFZwZxRAZnBmRGBzFeMxFROE9kRnFmB3RaB3FCfEU
IP
File type ASCII text, with very long lines (817), with no line terminators
Hash 14bb99389fe0246d98bc71b0aff4ffbf
30d111617f905471037a71e7e26673f7671c1ac1
324d02b14a5df536dd28bb39080038bf86cc2ce6e2bda92df8ccd9e44ae46bee
GET /dVzdBdDc0WC8SCCNeJUkOYQVxRQNxXTIbWScKIydgDWVzHgA0ETUOU2oHZxhWOVB8UlI5VHxFETZTI0kDcUMxG1xqWzQVTiVbOAZGORE0FQo6WDsdWztWZEZxYhlxUQVnHzYdWTNYNgcSZQcvABJlB3BEGWcScjYSZQc2HVlhA2RHdXIFcQwBYxJyNhJlBz-MCEmR2cEQCeQdoUQVnUCQXXDgSczIFZwZxRAZnBmRGBzFeMxFROE9kRnFmB3RaB3FCfEU HTTP/1.1
Host: d3t87ooo0697p8.cloudfront.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://tomladvert.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-length: 575
date: Mon, 06 Feb 2023 05:33:49 GMT
access-control-allow-origin: *
cache-control: max-age=31556926
content-encoding: gzip
x-cache: Miss from cloudfront
via: 1.1 bcd5dadccb0831729969c938747ff79a.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: pdYwDHlMRCDgMKp6o5W9AZwN6hQ9myjHnaMW40FtkSDucD5eh3hQ5Q==
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
200 OK 471 B IP
Hash e11dcc5ae62e80e09454f987c9fc4d3b
e6ce4f8560d4b052dca404233a2d89c7461403db
8d96a6a878fa54929ee16347f98ef4569fd956f4dc0f969ba0c602f8ded9cda5
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 06 Feb 2023 05:33:49 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/s/gts1p5/spQREFBZBnc
200 OK 472 B URL HTTP/1.1 ocsp.pki.goog/s/gts1p5/spQREFBZBnc
IP
Hash 370f83d62f446e388fc388bbaed2eed2
310b53f696e3b177d709b4245c42b362edc0ea75
b0b98a11d34e77a44c2edd57c51dee9896fa341f64aa249f0c8405139d087f35
POST /s/gts1p5/spQREFBZBnc HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 06 Feb 2023 05:33:49 GMT
Cache-Control: public, max-age=14400
Server: scaffolding on HTTPServer2
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
d3t87ooo0697p8.cloudfront.net/ieW5rRDIaAQUiDQ0HD3kLTl1fcwFfBBgrXAlTPnxmGxoRI31PH00wSB1TW2JeGAAMeRQcAAh5A18PDyYPTUgeJQ8UAREtXhUPTnZ0TEBbYQBJRhwtXB0BHDcXS14FMBdLXlp0HElLWAYXS14cLVxPWk53cFxcWzwETUtYBhdLXhkyF0ovWnQHV15CYQBJCQ-4nWRZLWQIASV9bdANJX052Ah8HGSFUFhZOdnRIXl5qAl8bVnU
200 OK 187 B URL HTTP/2 d3t87ooo0697p8.cloudfront.net/ieW5rRDIaAQUiDQ0HD3kLTl1fcwFfBBgrXAlTPnxmGxoRI31PH00wSB1TW2JeGAAMeRQcAAh5A18PDyYPTUgeJQ8UAREtXhUPTnZ0TEBbYQBJRhwtXB0BHDcXS14FMBdLXlp0HElLWAYXS14cLVxPWk53cFxcWzwETUtYBhdLXhkyF0ovWnQHV15CYQBJCQ-4nWRZLWQIASV9bdANJX052Ah8HGSFUFhZOdnRIXl5qAl8bVnU
IP
File type ASCII text, with no line terminators
Hash 936ec47fa4186f75140ac1fb02ae5d7f
9a52689bbda45d4da4a0d824f9a09e3525611940
629a68295b9129a4726e19ffad7988a11857b5a58dbfe839b0e370c60726d370
GET /ieW5rRDIaAQUiDQ0HD3kLTl1fcwFfBBgrXAlTPnxmGxoRI31PH00wSB1TW2JeGAAMeRQcAAh5A18PDyYPTUgeJQ8UAREtXhUPTnZ0TEBbYQBJRhwtXB0BHDcXS14FMBdLXlp0HElLWAYXS14cLVxPWk53cFxcWzwETUtYBhdLXhkyF0ovWnQHV15CYQBJCQ-4nWRZLWQIASV9bdANJX052Ah8HGSFUFhZOdnRIXl5qAl8bVnU HTTP/1.1
Host: d3t87ooo0697p8.cloudfront.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://tomladvert.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-length: 187
date: Mon, 06 Feb 2023 05:33:49 GMT
access-control-allow-origin: *
cache-control: max-age=31556926
content-encoding: gzip
x-cache: Miss from cloudfront
via: 1.1 bcd5dadccb0831729969c938747ff79a.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: 6qQFw54pfNDm7D2n1bchLt4To3ZhugYNFrBMTL2JKZBx53236TGC-A==
X-Firefox-Spdy: h2
accounts.google.com/ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&uilel=3&hl=en&service=mail
302 Found 397 B URL HTTP/2 accounts.google.com/ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&uilel=3&hl=en&service=mail
IP
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (381)
Hash 32ffaa15d5746d6dbafab152e27dee23
915fba8eaeff2c33174d2a0ed6c6149d48eb23ee
dcb07a58cd8a68fff6a45dd30a8cd94c95958c264353446e375a078fa74d47a5
GET /ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&uilel=3&hl=en&service=mail HTTP/1.1
Host: accounts.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
content-type: text/html; charset=UTF-8
x-frame-options: DENY
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Mon, 06 Feb 2023 05:33:49 GMT
location: https://accounts.google.com/v3/signin/identifier?dsh=S-1576737526%3A1675661629783263&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&hl=en&passive=true&service=mail&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&ifkv=AWnogHfqq6G-FR5KzZCfCmJ-rjH0q8BAijRR4oj-z_YZB5nPc5ffzI6JCSweEzY-j3ulfmL_Iy5_FA
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-opener-policy-report-only: same-origin; report-to="coop_gse_qebhlk"
report-to: {"group":"coop_gse_qebhlk","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gse_qebhlk"}]}
content-security-policy: require-trusted-types-for 'script';report-uri /cspreport, script-src 'nonce-ky7vqSZuohkOhnYhf_8-AA' 'unsafe-inline' 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /cspreport
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 397
server: GSE
set-cookie: __Host-GAPS=1:e3eg63Y3FIhwQ03WQK2WXK341oKgRg:xl2hpCm-Vsm2xOiK;Path=/;Expires=Wed, 05-Feb-2025 05:33:49 GMT;Secure;HttpOnly;Priority=HIGH
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
tomladvert.com/utx?cb=kFyw24omT3XZ&top=xfantazy.com&tid=962014
204 No Content 0 B URL HTTP/2 tomladvert.com/utx?cb=kFyw24omT3XZ&top=xfantazy.com&tid=962014
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /utx?cb=kFyw24omT3XZ&top=xfantazy.com&tid=962014 HTTP/1.1
Host: tomladvert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://xfantazy.com
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 204 No Content
date: Mon, 06 Feb 2023 05:33:49 GMT
server: openresty/1.17.8.2
access-control-allow-credentials: true
access-control-allow-origin: https://xfantazy.com
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
set-cookie: ut=x; Expires=Mon, 06 Feb 2023 05:34:49 GMT; Max-Age=60
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
x-cache: Miss from cloudfront
via: 1.1 80d21802b1b80c40e55ccf83433b8eac.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: Hx47TCR_hSd5GhnvxT-9doSbz21GuZUu3NZYuo9K9TUM4X1CaBYU2g==
X-Firefox-Spdy: h2
tomladvert.com/utx?cb=JFkKyiRc9VC0&top=xfantazy.com&tid=971975
204 No Content 0 B URL HTTP/2 tomladvert.com/utx?cb=JFkKyiRc9VC0&top=xfantazy.com&tid=971975
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /utx?cb=JFkKyiRc9VC0&top=xfantazy.com&tid=971975 HTTP/1.1
Host: tomladvert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://xfantazy.com
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 204 No Content
date: Mon, 06 Feb 2023 05:33:49 GMT
server: openresty/1.17.8.2
access-control-allow-credentials: true
access-control-allow-origin: https://xfantazy.com
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
set-cookie: ut=x; Expires=Mon, 06 Feb 2023 05:34:49 GMT; Max-Age=60
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
x-cache: Miss from cloudfront
via: 1.1 80d21802b1b80c40e55ccf83433b8eac.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: OilI0QScVP0OlmdZt15HFZKwKJd1sePck-KZwiX5V1O_FcKgRqBWng==
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
200 OK 472 B IP
Hash 2183fdf183ed33f2cd4342abd7bcadbe
007fe0bb01b7d77fbaaff5346fd7582041c978c8
8f0381d12ab5a76be5137b365e811e75db681eb0f6ad04d7ce28ad73101c33d5
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 06 Feb 2023 05:33:49 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
cdn.creative-bars1.com/sb/chat/mob/ssp/v2/new/3/css/style.css
200 OK 104 kB URL HTTP/2 cdn.creative-bars1.com/sb/chat/mob/ssp/v2/new/3/css/style.css
IP
Size 104 kB (103826 bytes)
Hash 50f5c84c8957e45dcf802604b1e96a79
6ec507606abb369cd57e14304910db29ea1da503
19d53ed398292f2ce613501a9cd9b1019535b84c3b91fc870018dfe2f219f13d
GET /sb/chat/mob/ssp/v2/new/3/css/style.css HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://xfantazy.com
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Mon, 06 Feb 2023 05:33:49 GMT
content-type: text/css
last-modified: Wed, 13 Jul 2022 12:13:55 GMT
etag: W/"62ceb703-1229"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 7141342
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=yj3zpuNFkIgDitpsVRE4uS2LVRAZe1n5H9lLQxFpmPAM4ky1PeTSrah86MNH%2B17uLhTF8LEDuUdnogVEwJka3pjiOmzUKCcFcFdcOhEQt7H9QipShfFnRHzuuowybY5RtDGb%2FvKo5Bjj"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7951835f68eb8871-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.digicert.com/
200 OK 471 B IP
Hash 1c08839b04520623798a6d3752711147
535035b7350cf8a4324eb69ffda7dfaaa1a29918
5ddf0cfbfe95f4690768f8ca167dcdd47f0fa7c6d076cbee0bdb225bba697429
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4797
Cache-Control: max-age=146115
Content-Type: application/ocsp-response
Date: Mon, 06 Feb 2023 05:33:49 GMT
Etag: "63e01643-1d7"
Expires: Tue, 07 Feb 2023 22:09:04 GMT
Last-Modified: Sun, 05 Feb 2023 20:49:07 GMT
Server: ECS (ska/F704)
X-Cache: HIT
Content-Length: 471
static-cache.k2s.cc/thumbnail/J-6UtSOima3q_DXDrA/w320h240/0.jpeg
200 OK 8.2 kB URL HTTP/2 static-cache.k2s.cc/thumbnail/J-6UtSOima3q_DXDrA/w320h240/0.jpeg
IP
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v80), quality = 80", baseline, precision 8, 320x240, components 3\012- data
Hash 123155fcaddc366e69843a4d8e24007c
7f95c63ae4b9cc4a92c1f21cea5a94a6debfe791
58bd5997b6146446e6c6471a7c139f09cdcc3071bde19a9602fa5765321eb52e
GET /thumbnail/J-6UtSOima3q_DXDrA/w320h240/0.jpeg HTTP/1.1
Host: static-cache.k2s.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: openresty
date: Mon, 06 Feb 2023 05:33:50 GMT
content-type: image/jpeg
content-length: 8160
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
access-control-allow-origin: *
x-cache-status: HIT
X-Firefox-Spdy: h2
static-cache.k2s.cc/thumbnail/ceTAvXCjw_vuqzmf-g/w320h240/0.jpeg
200 OK 15 kB URL HTTP/2 static-cache.k2s.cc/thumbnail/ceTAvXCjw_vuqzmf-g/w320h240/0.jpeg
IP
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v80), quality = 80", baseline, precision 8, 320x240, components 3\012- data
Hash 7b502ca26a854418ff52913369af1b00
992ece53803c6781592d415e7792608aba4b801b
4d62e1e5410c287f4eff42c10b5e439639bb5a42c82caa0021264984ad9848c9
GET /thumbnail/ceTAvXCjw_vuqzmf-g/w320h240/0.jpeg HTTP/1.1
Host: static-cache.k2s.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: openresty
date: Mon, 06 Feb 2023 05:33:50 GMT
content-type: image/jpeg
content-length: 14659
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
access-control-allow-origin: *
x-cache-status: HIT
X-Firefox-Spdy: h2
static-cache.k2s.cc/thumbnail/J7_A7nehz67orDSTqg/w320h240/0.jpeg
200 OK 8.5 kB URL HTTP/2 static-cache.k2s.cc/thumbnail/J7_A7nehz67orDSTqg/w320h240/0.jpeg
IP
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v80), quality = 80", baseline, precision 8, 320x240, components 3\012- data
Hash 8d12779a162660f5d6b2a9786080ebc4
07bc38b12ca3dbb78d3521724b64bff63cf063a4
f8bc6c7621439d0e556030acdca60b5fb155a5016b6edcdff5632f2f4f8435c2
GET /thumbnail/J7_A7nehz67orDSTqg/w320h240/0.jpeg HTTP/1.1
Host: static-cache.k2s.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: openresty
date: Mon, 06 Feb 2023 05:33:50 GMT
content-type: image/jpeg
content-length: 8478
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
access-control-allow-origin: *
x-cache-status: HIT
X-Firefox-Spdy: h2
static-cache.k2s.cc/thumbnail/LL6XvCWnyv3tqTmQ9w/w320h240/0.jpeg
200 OK 10 kB URL HTTP/2 static-cache.k2s.cc/thumbnail/LL6XvCWnyv3tqTmQ9w/w320h240/0.jpeg
IP
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v80), quality = 80", baseline, precision 8, 320x240, components 3\012- data
Hash 646ac9afdaf8eb42833017d39ec69732
612428a86e57ee1758432a4309ad5ed61aa6fc7a
1075bcc132354d5205f59969b3bed31afa67ed03ebb88a3ba2c3a70cd1fa6ea8
GET /thumbnail/LL6XvCWnyv3tqTmQ9w/w320h240/0.jpeg HTTP/1.1
Host: static-cache.k2s.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: openresty
date: Mon, 06 Feb 2023 05:33:50 GMT
content-type: image/jpeg
content-length: 10040
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
access-control-allow-origin: *
x-cache-status: HIT
X-Firefox-Spdy: h2
static-cache.k2s.cc/thumbnail/ce2bvyWgmKi_8DiR_w/w320h240/0.jpeg
200 OK 9.0 kB URL HTTP/2 static-cache.k2s.cc/thumbnail/ce2bvyWgmKi_8DiR_w/w320h240/0.jpeg
IP
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v80), quality = 80", baseline, precision 8, 320x240, components 3\012- data
Hash 02a09f6d90d46ea9dc21e8f649bed013
d338d0a6fef9c48264bf53cc2fd454af7038ef67
8f9338ebb4299ef871cc20d511646ba916e10d12e1f532661a4e9be2515013eb
GET /thumbnail/ce2bvyWgmKi_8DiR_w/w320h240/0.jpeg HTTP/1.1
Host: static-cache.k2s.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: openresty
date: Mon, 06 Feb 2023 05:33:50 GMT
content-type: image/jpeg
content-length: 8974
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
access-control-allow-origin: *
x-cache-status: HIT
X-Firefox-Spdy: h2
static-cache.k2s.cc/thumbnail/J--S6yT3nP3tqjjB_w/w320h240/0.jpeg
200 OK 9.9 kB URL HTTP/2 static-cache.k2s.cc/thumbnail/J--S6yT3nP3tqjjB_w/w320h240/0.jpeg
IP
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v80), quality = 80", baseline, precision 8, 320x240, components 3\012- data
Hash 7029c24d69d581bddca6c25416e2135a
e8e42aae89e3c3e7cca149e3fd1fa36eb6b7a963
8fe3ee55d040d39ef5ecb4c6727c274e657db1cf7d7a63b294d64afe8e5cf995
GET /thumbnail/J--S6yT3nP3tqjjB_w/w320h240/0.jpeg HTTP/1.1
Host: static-cache.k2s.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: openresty
date: Mon, 06 Feb 2023 05:33:50 GMT
content-type: image/jpeg
content-length: 9850
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
access-control-allow-origin: *
x-cache-status: HIT
X-Firefox-Spdy: h2
cdn.creative-bars1.com/sb/chat/mob/ssp/v2/new/3/css/animate.css
200 OK 117 kB URL HTTP/2 cdn.creative-bars1.com/sb/chat/mob/ssp/v2/new/3/css/animate.css
IP
Size 117 kB (117292 bytes)
Hash 45719f49524a6e806676037544e33d60
f209c5c6fca00e1105600698a93229682251a65f
10bb893c518db14254fcf4dc78ca22c3299266d5eb98d7d379bd08aef04d8b76
GET /sb/chat/mob/ssp/v2/new/3/css/animate.css HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://xfantazy.com
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Mon, 06 Feb 2023 05:33:49 GMT
content-type: text/css
last-modified: Wed, 13 Jul 2022 12:13:56 GMT
etag: W/"62ceb704-135d1"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 7141342
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=4bHIAJU5P0TahB%2F0hTGwtThmD9Ewe0%2BncF7%2FXzbOlOLigZQ9K1XtpSN1AU8lx19fOAlJWQnFawh0Xb1d5UugfMaNVmsnZ2H%2Fr83%2FBchgyghl8EG3U%2FesMaFUOCAxPTW7nOenlx7z4JUD"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7951835f68ed8871-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
cdn.creative-bars1.com/sb/chat/mob/ssp/v2/new/3/js/jquery.min.js
200 OK 41 kB URL HTTP/2 cdn.creative-bars1.com/sb/chat/mob/ssp/v2/new/3/js/jquery.min.js
IP
File type ASCII text, with very long lines (65451)
Hash 9113599f517acd9db83a6198783024d2
46c1849701d034460dff69a040a42e3b8bda3d90
46d2c2467f657cd5bc738425892b9fba3abe39bfb27bf7d52cd273d092174b34
GET /sb/chat/mob/ssp/v2/new/3/js/jquery.min.js HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Mon, 06 Feb 2023 05:33:49 GMT
content-type: application/javascript
last-modified: Wed, 13 Jul 2022 12:13:58 GMT
etag: W/"62ceb706-15d94"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 7141346
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=mmZ94viqTNoU1AJmlIN%2FUzvBZw6%2BJaBHfDWTvsG3%2BxicnEsaxT7Xh73DUn0h1n9cKd6baKC4rhxDgNPfsZjvqSBpKweE8oN%2BicH8EwSxqSNhozClzhmFZ0Z2wuWkaJHSAOici6RDRkAU"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7951835f991a8871-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
static-cache.k2s.cc/thumbnail/JLjC6SelmKe--GjF9w/w320h240/0.jpeg
200 OK 9.3 kB URL HTTP/2 static-cache.k2s.cc/thumbnail/JLjC6SelmKe--GjF9w/w320h240/0.jpeg
IP
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v80), quality = 80", baseline, precision 8, 320x240, components 3\012- data
Hash 4c41a9313f417899f27a4399aea9c546
6a53ab246003468e474e5e2264231f3a3b18b73d
cff8fa3e2a7b0b2748376df5a9639e26e940354cf6f502027b6c349388cb2f30
GET /thumbnail/JLjC6SelmKe--GjF9w/w320h240/0.jpeg HTTP/1.1
Host: static-cache.k2s.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: openresty
date: Mon, 06 Feb 2023 05:33:50 GMT
content-type: image/jpeg
content-length: 9298
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
access-control-allow-origin: *
x-cache-status: HIT
X-Firefox-Spdy: h2
a.naturalhealthsource.club/api/spots/312874?p=1&s1=%subid1%&kw=
200 OK 3.9 kB URL HTTP/2 a.naturalhealthsource.club/api/spots/312874?p=1&s1=%subid1%&kw=
IP
ASN #24940 Hetzner Online GmbH
Hash e877e82e6e03ee96f31c3562b69a414b
7ff04bd22c9fc5644525e0b93e374670913c9ecc
591ae1dcc22809b629ab9c7b74118ccc111e8a9c670321e38af12557776560a4
GET /api/spots/312874?p=1&s1=%subid1%&kw= HTTP/1.1
Host: a.naturalhealthsource.club
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Cookie: nauid=KvXNypSNdxFKThmzsNz3
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Mon, 06 Feb 2023 05:33:50 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
cache-control: private
content-encoding: gzip
X-Firefox-Spdy: h2
tomladvert.com/floater?cs=cWFTcXBDWGRGR0lRakVESVdgQEc&abt=0&red=1&sm=83&k=xfantazy%20alice%20chen%20learn%20chinese%20toys&v=0.9.1.0&sts=0&prn=1&emb=0&tid=971975&rxy=1280_1024&u=997988722145462&agec=1675661629&fs=1&t=600&m=1&ns=1&ndp=1&asi=1&mbkb=189.75332068311195&ref=https%3A%2F%2Fxfantazy.com%2Fvideo%2F601edb27d7357618a3cf5cec&jst=4&enr=0&lcua=mozilla%2F5.0%20(windows%20nt%2010.0%3B%20win64%3B%20x64%3B%20rv%3A105.0)%20gecko%2F20100101%20firefox%2F105.0&tzd=0&uloc=&if=0&aa=oi3_&_8HGR=1675661673662&crc=1
200 OK 2.3 kB URL HTTP/2 tomladvert.com/floater?cs=cWFTcXBDWGRGR0lRakVESVdgQEc&abt=0&red=1&sm=83&k=xfantazy%20alice%20chen%20learn%20chinese%20toys&v=0.9.1.0&sts=0&prn=1&emb=0&tid=971975&rxy=1280_1024&u=997988722145462&agec=1675661629&fs=1&t=600&m=1&ns=1&ndp=1&asi=1&mbkb=189.75332068311195&ref=https%3A%2F%2Fxfantazy.com%2Fvideo%2F601edb27d7357618a3cf5cec&jst=4&enr=0&lcua=mozilla%2F5.0%20(windows%20nt%2010.0%3B%20win64%3B%20x64%3B%20rv%3A105.0)%20gecko%2F20100101%20firefox%2F105.0&tzd=0&uloc=&if=0&aa=oi3_&_8HGR=1675661673662&crc=1
IP
File type ASCII text, with very long lines (3335), with no line terminators
Hash 5cdc53299ddbea30578086b44a12a4ac
d401edd31b3cd34b6666fcd72dbd0e674f08e0e6
9a21813fc2df4df1917f5813bbe869a8e43464da61463ff63b0c9c2968effa48
GET /floater?cs=cWFTcXBDWGRGR0lRakVESVdgQEc&abt=0&red=1&sm=83&k=xfantazy%20alice%20chen%20learn%20chinese%20toys&v=0.9.1.0&sts=0&prn=1&emb=0&tid=971975&rxy=1280_1024&u=997988722145462&agec=1675661629&fs=1&t=600&m=1&ns=1&ndp=1&asi=1&mbkb=189.75332068311195&ref=https%3A%2F%2Fxfantazy.com%2Fvideo%2F601edb27d7357618a3cf5cec&jst=4&enr=0&lcua=mozilla%2F5.0%20(windows%20nt%2010.0%3B%20win64%3B%20x64%3B%20rv%3A105.0)%20gecko%2F20100101%20firefox%2F105.0&tzd=0&uloc=&if=0&aa=oi3_&_8HGR=1675661673662&crc=1 HTTP/1.1
Host: tomladvert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://xfantazy.com
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: text/plain
content-length: 2280
date: Mon, 06 Feb 2023 05:33:50 GMT
server: openresty/1.17.8.2
access-control-allow-credentials: true
access-control-allow-origin: https://xfantazy.com
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
set-cookie: csu=401e9753-170b-4d3d-8eb2-34e0384416a1
csu=997988722145462
content-encoding: gzip
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
x-cache: Miss from cloudfront
via: 1.1 80d21802b1b80c40e55ccf83433b8eac.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: oWbT-PQfby_VlKUHQelwY0BsO0OFjKg1PqCgi6Q_fuK4spRfHjXKTA==
X-Firefox-Spdy: h2
ads.adxadserv.com/ad?spotid=636bc5d561d6e27071201a23&type=300x250&output=html
200 OK 45 kB URL HTTP/2 ads.adxadserv.com/ad?spotid=636bc5d561d6e27071201a23&type=300x250&output=html
IP
ASN #39572 DataWeb Global Group B.V.
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=4, xresolution=62, yresolution=70, resolutionunit=3, software=paint.net 4.3.11], baseline, precision 8, 950x150, components 3\012- data
Hash 5fd346fcb69e035418d85c43937ded42
11273ce469a323398f452520a64ae205d743ec4b
9ea3f1e06e4194dd902289419ffb30884bffbc776a08e4fd5ce6fe2cb55f854b
GET /ad?spotid=636bc5d561d6e27071201a23&type=300x250&output=html HTTP/1.1
Host: ads.adxadserv.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Mon, 06 Feb 2023 05:33:50 GMT
content-type: text/html; charset=utf-8
content-length: 1631
cache-control: no-cache
X-Firefox-Spdy: h2
accounts.google.com/v3/signin/identifier?dsh=S-1576737526%3A1675661629783263&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&hl=en&passive=true&service=mail&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&ifkv=AWnogHfqq6G-FR5KzZCfCmJ-rjH0q8BAijRR4oj-z_YZB5nPc5ffzI6JCSweEzY-j3ulfmL_Iy5_FA
403 Forbidden 7.6 kB URL HTTP/2 accounts.google.com/v3/signin/identifier?dsh=S-1576737526%3A1675661629783263&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&hl=en&passive=true&service=mail&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&ifkv=AWnogHfqq6G-FR5KzZCfCmJ-rjH0q8BAijRR4oj-z_YZB5nPc5ffzI6JCSweEzY-j3ulfmL_Iy5_FA
IP
Hash 4c42a4f37a49257ef284f31156764501
cd09cc6a821b6049f009344bd66370d0cf308b37
1978727809b99b2f607fed209cdf890ed77be44247b68a9163de30f35f7681d3
GET /v3/signin/identifier?dsh=S-1576737526%3A1675661629783263&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&hl=en&passive=true&service=mail&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&ifkv=AWnogHfqq6G-FR5KzZCfCmJ-rjH0q8BAijRR4oj-z_YZB5nPc5ffzI6JCSweEzY-j3ulfmL_Iy5_FA HTTP/1.1
Host: accounts.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://xfantazy.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 403 Forbidden
content-type: text/html; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Mon, 06 Feb 2023 05:33:49 GMT
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
strict-transport-security: max-age=31536000; includeSubDomains
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
content-security-policy: script-src 'nonce-W0amuLhCRor-gO3b51Rxug' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /v3/signin/_/AccountsSignInUi/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /v3/signin/_/AccountsSignInUi/cspreport/allowlist, require-trusted-types-for 'script';report-uri /v3/signin/_/AccountsSignInUi/cspreport
cross-origin-opener-policy-report-only: same-origin; report-to="AccountsSignInUi"
report-to: {"group":"AccountsSignInUi","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/AccountsSignInUi/external"}]}
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-platform=*, ch-ua-platform-version=*
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
a.naturalhealthsource.club/api/spots/303891?p=1&s1=%subid1%&kw=
200 OK 3.4 kB URL HTTP/2 a.naturalhealthsource.club/api/spots/303891?p=1&s1=%subid1%&kw=
IP
ASN #24940 Hetzner Online GmbH
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- assembler source, ASCII text, with very long lines (712)
Hash e988cafd4954664d822956348072ee9d
528eae9b73f57f086b281350b8cc6a56f2e9658a
06416c281ca0803ab84fdb9e7a4e836238a241c22fd87197bb9f751d21d5e104
GET /api/spots/303891?p=1&s1=%subid1%&kw= HTTP/1.1
Host: a.naturalhealthsource.club
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Cookie: nauid=KvXNypSNdxFKThmzsNz3
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Mon, 06 Feb 2023 05:33:50 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
cache-control: private
content-encoding: gzip
X-Firefox-Spdy: h2
a.realsrv.com/nativeads-v2.js
200 OK 15 kB URL HTTP/2 a.realsrv.com/nativeads-v2.js
IP
ASN #60068 Datacamp Limited
Hash 705f1553704edc3b5b7f0c876011b858
914eda9c37c3188e73a889b606ac4c037d800a20
fe12a0732b60fb8c2fffafb5d331eba1ebeb4d8880b60eef5f4b4834e2ff9b21
GET /nativeads-v2.js HTTP/1.1
Host: a.realsrv.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://a.naturalhealthsource.club/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Mon, 06 Feb 2023 05:33:50 GMT
content-type: application/javascript
etag: W/"21b43fd9d304f2027f605b8ad4d"
expires: Thu, 02 Feb 2023 18:45:37 GMT
cache-control: max-age=10800
access-control-allow-origin: *
x-cache-op: HIT
x-accel-expires: @1675666030
server: CDN77-Turbo
x-77-nzt: AblMCRTvZoL/ABkAAA
x-77-nzt-ray: af58563057a7f6b93e91e06361a2ca1a
x-cache: HIT
x-age: 6400
x-77-pop: stockholmSE
x-77-cache: HIT
content-encoding: gzip
X-Firefox-Spdy: h2
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash c73d70ab785d304ea35d776d78db89b7
5b17eaccf642f69fa88ea00a4e741289e5fa400d
7165fe1c724f11b553728182797e0ab6b820ec250f3a753228f91e6c2e5b66c7
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "7165FE1C724F11B553728182797E0AB6B820EC250F3A753228F91E6C2E5B66C7"
Last-Modified: Sun, 05 Feb 2023 15:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4391
Expires: Mon, 06 Feb 2023 06:47:01 GMT
Date: Mon, 06 Feb 2023 05:33:50 GMT
Connection: keep-alive
a.realsrv.com/iframe.php?idzone=4786600&size=300x250
200 OK 687 B URL HTTP/2 a.realsrv.com/iframe.php?idzone=4786600&size=300x250
IP
ASN #60068 Datacamp Limited
Hash e6733909b668f25bc038b75fc0a3396e
ba4285805b2b3764b88c3b9f8e22edcddf2a8ea2
af16a85863b77b3336c47dd0d06664fdd3971f93115736987079d98c240d6147
GET /iframe.php?idzone=4786600&size=300x250 HTTP/1.1
Host: a.realsrv.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://a.naturalhealthsource.club/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Mon, 06 Feb 2023 05:33:50 GMT
content-type: text/html; charset=UTF-8
expires: Mon, 06 Feb 2023 07:18:05 GMT
cache-control: max-age=10800
access-control-allow-origin: *
x-cache-op: HIT
x-accel-expires: @1675669189
server: CDN77-Turbo
x-77-nzt: AblMCRSF3sH/qQwAAA
x-77-nzt-ray: af58563057a7f6b93e91e063dd3a361a
x-cache: HIT
x-age: 3241
x-77-pop: stockholmSE
x-77-cache: HIT
content-encoding: gzip
X-Firefox-Spdy: h2
mc.yandex.ru/watch/49415098?page-url=https%3A%2F%2Fxfantazy.com%2Fvideo%2F601edb27d7357618a3cf5cec&charset=utf-8&hittoken=1675661628_fbea76d3929791eaa32e06a6349827cbf3e158fc32fabaa8647177f4d214624f&browser-info=pv%3A1%3Aar%3A1%3Avf%3A14qzoz81s4a176hik6jd9j%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A960%3Acn%3A1%3Adp%3A0%3Als%3A1186222245565%3Ahid%3A560667781%3Az%3A0%3Ai%3A20230206053432%3Aet%3A1675661673%3Ac%3A1%3Arn%3A108342326%3Arqn%3A5%3Au%3A1675661672838653380%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Aco%3A0%3Aeu%3A1%3Ans%3A1675661669173%3Aadb%3A2%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1675661673%3At%3AAlice%20Chen%2033%20Learn%20To%20Cum%20In%20Chinese%20on%20toys%20-%20XFantazy.com&t=gdpr(14)mc(p-3)clc(0-0-0)rqnt(5)aw(1)fip(1)ti(2)
302 Found 7 B URL HTTP/2 mc.yandex.ru/watch/49415098?page-url=https%3A%2F%2Fxfantazy.com%2Fvideo%2F601edb27d7357618a3cf5cec&charset=utf-8&hittoken=1675661628_fbea76d3929791eaa32e06a6349827cbf3e158fc32fabaa8647177f4d214624f&browser-info=pv%3A1%3Aar%3A1%3Avf%3A14qzoz81s4a176hik6jd9j%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A960%3Acn%3A1%3Adp%3A0%3Als%3A1186222245565%3Ahid%3A560667781%3Az%3A0%3Ai%3A20230206053432%3Aet%3A1675661673%3Ac%3A1%3Arn%3A108342326%3Arqn%3A5%3Au%3A1675661672838653380%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Aco%3A0%3Aeu%3A1%3Ans%3A1675661669173%3Aadb%3A2%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1675661673%3At%3AAlice%20Chen%2033%20Learn%20To%20Cum%20In%20Chinese%20on%20toys%20-%20XFantazy.com&t=gdpr(14)mc(p-3)clc(0-0-0)rqnt(5)aw(1)fip(1)ti(2)
IP
File type ASCII text, with no line terminators
Hash 132d6af1b46048b45cf86cdee7991d31
eb7007d03d59b65bc6da7e098c4d38fc6dfb6285
ab852e838deccd742a03ca81d4a8d75cf1a00b327db3eaf46bd7da6b6db9384c
GET /watch/49415098?page-url=https%3A%2F%2Fxfantazy.com%2Fvideo%2F601edb27d7357618a3cf5cec&charset=utf-8&hittoken=1675661628_fbea76d3929791eaa32e06a6349827cbf3e158fc32fabaa8647177f4d214624f&browser-info=pv%3A1%3Aar%3A1%3Avf%3A14qzoz81s4a176hik6jd9j%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A960%3Acn%3A1%3Adp%3A0%3Als%3A1186222245565%3Ahid%3A560667781%3Az%3A0%3Ai%3A20230206053432%3Aet%3A1675661673%3Ac%3A1%3Arn%3A108342326%3Arqn%3A5%3Au%3A1675661672838653380%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Aco%3A0%3Aeu%3A1%3Ans%3A1675661669173%3Aadb%3A2%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1675661673%3At%3AAlice%20Chen%2033%20Learn%20To%20Cum%20In%20Chinese%20on%20toys%20-%20XFantazy.com&t=gdpr(14)mc(p-3)clc(0-0-0)rqnt(5)aw(1)fip(1)ti(2) HTTP/1.1
Host: mc.yandex.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://xfantazy.com
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 302 Found
location: /watch/49415098/1?page-url=https%3A%2F%2Fxfantazy.com%2Fvideo%2F601edb27d7357618a3cf5cec&charset=utf-8&hittoken=1675661628_fbea76d3929791eaa32e06a6349827cbf3e158fc32fabaa8647177f4d214624f&browser-info=pv%3A1%3Aar%3A1%3Avf%3A14qzoz81s4a176hik6jd9j%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A960%3Acn%3A1%3Adp%3A0%3Als%3A1186222245565%3Ahid%3A560667781%3Az%3A0%3Ai%3A20230206053432%3Aet%3A1675661673%3Ac%3A1%3Arn%3A108342326%3Arqn%3A5%3Au%3A1675661672838653380%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Aco%3A0%3Aeu%3A1%3Ans%3A1675661669173%3Aadb%3A2%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1675661673%3At%3AAlice%20Chen%2033%20Learn%20To%20Cum%20In%20Chinese%20on%20toys%20-%20XFantazy.com&t=gdpr%2814%29mc%28p-3%29clc%280-0-0%29rqnt%285%29aw%281%29fip%281%29ti%282%29
date: Mon, 06 Feb 2023 05:33:49 GMT
access-control-allow-origin: https://xfantazy.com
set-cookie: yabs-sid=2538080111675661629; Path=/; SameSite=None; Secure
i=7V+f+UpJPtY7h17WsFI/CZ0zrp3t9YwCqfMJWPwYopyqNVWrartmprms1wh4iYpTFfx6YvCNcTx2nqSXXR7wWqGD0+Y=; Expires=Thu, 03-Feb-2033 05:33:47 GMT; Domain=.yandex.ru; Path=/; Secure; HttpOnly; SameSite=None
yandexuid=5837030571675661629; Expires=Tue, 06-Feb-2024 05:33:49 GMT; Domain=.yandex.ru; Path=/; SameSite=None; Secure
yuidss=5837030571675661629; Expires=Tue, 06-Feb-2024 05:33:49 GMT; Domain=.yandex.ru; Path=/; SameSite=None; Secure
ymex=1707197629.yc.1675661629#1707197629.yrts.1675661629#1707197629.yrtsi.1675661629; Expires=Tue, 06-Feb-2024 05:33:49 GMT; Domain=.yandex.ru; Path=/; SameSite=None; Secure
access-control-allow-credentials: true
pragma: no-cache
x-xss-protection: 1; mode=block
expires: Mon, 06-Feb-2023 05:33:49 GMT
last-modified: Mon, 06-Feb-2023 05:33:49 GMT
accept-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
a.realsrv.com/iframe.php?idzone=4891810&size=300x250
200 OK 185 B URL HTTP/2 a.realsrv.com/iframe.php?idzone=4891810&size=300x250
IP
ASN #60068 Datacamp Limited
File type HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash 48562785c6aaab005739c7b85874cd57
3970d1674013773ff1a932b24980bd7647cbd4f9
d5ba524edb1887dc7ed9532b102cdded31a2a77d040bd3f55d3907afd7379ac5
GET /iframe.php?idzone=4891810&size=300x250 HTTP/1.1
Host: a.realsrv.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://a.naturalhealthsource.club/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Mon, 06 Feb 2023 05:33:50 GMT
content-type: text/html; charset=UTF-8
expires: Mon, 06 Feb 2023 07:06:32 GMT
cache-control: max-age=10800
access-control-allow-origin: *
x-cache-op: HIT
x-accel-expires: @1675669126
server: CDN77-Turbo
x-77-nzt: AblMCRQghOr/6AwAAA
x-77-nzt-ray: af58563057a7f6b93e91e063cd0cfb19
x-cache: HIT
x-age: 3304
x-77-pop: stockholmSE
x-77-cache: HIT
content-encoding: gzip
X-Firefox-Spdy: h2
syndication.realsrv.com/splash.php?native-settings=1&idzone=4891816&cookieconsent=true&&p=https%3A%2F%2Fxfantazy.com%2F&max=1&loaded=0
200 OK 1.3 kB URL HTTP/1.1 syndication.realsrv.com/splash.php?native-settings=1&idzone=4891816&cookieconsent=true&&p=https%3A%2F%2Fxfantazy.com%2F&max=1&loaded=0
IP
ASN #60781 LeaseWeb Netherlands B.V.
File type JSON data\012- , ASCII text, with very long lines (2763), with no line terminators
Hash 341416db758b4b51bd9badbbc54300fc
501809697acc923c85e7630aa19ad38f530eff1f
1b83de2280212e9d9ed004252245f568a528a4070cc0359baecd9aef267a13ad
GET /splash.php?native-settings=1&idzone=4891816&cookieconsent=true&&p=https%3A%2F%2Fxfantazy.com%2F&max=1&loaded=0 HTTP/1.1
Host: syndication.realsrv.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://a.naturalhealthsource.club
Connection: keep-alive
Referer: https://a.naturalhealthsource.club/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Mon, 06 Feb 2023 05:33:50 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Origin: https://a.naturalhealthsource.club
Access-Control-Allow-Credentials: true
Set-Cookie: __uvt=a%3A1%3A%7Bi%3A0%3Bs%3A33%3A%2263e0913e9792c6.898464592129772643%22%3B%7D; expires=Wed, 05 Feb 2025 05:33:50 GMT; path=; domain=.realsrv.com; Secure; SameSite=none
impressions=oslmrxbrnxgxamrrlbbcegeicxbmsbcenxgxamrrlbbcegeimmccrbebnxgxamcbexxbmgeioslmrxbmnxgxamrroelrxgeicxbmsbocnxgxamrroelrxgeimmccrlaonxgxamrcremlrgeimmccrlacnxgxamcmlarclgeicxbmsboenxgxamraobssmgeioslmrxlrnxgxamslescrogeimmccrbxenxgxamrescroogeislsaroornxgxamccolacbgeioslmroemnxgxamrrobxcageioslmrxlsnxgxamraobrssgeicmmsxrbonxgxamsoeamlmgeimmccrlaenxgxamrsxxxmrgeimmccrbeanxgxamcssabxegeicaocmrmanxgxamolcrcergeimcclsxronxgxamsscrmclgeimcclsxmenxgxamrceerargeialbserebnxgxamccrrssogeimcclsxaonxgxamsxsxllxgeicxbmsbxcnxgxamrrrsbaageimrblxebenxgxamselmborgeimcclsxconxgxamrcraoxsgeirbabxabbnxgxamrescroogeimcclsxacnxgxamsscrmclgeicmmsxaeenxgxamcmrmsrmgeialbsereanxgxamsoeabscgeicaxsscmbnxgxamsosomemgeimcclosconxgxamrrlbbcegeimcclsoeonxgxamrcraoxsgeimcclsxlcnxgxamrrxsoaageimcclossbnxgxamcscxaesgeimcclsxscnxgxamsmoooeegeimcclsxlenxgxamcbrorxbgeimaecseaenxgxamrcremlrgeimaecsxcbnxgxamsmoooeegeimcclsxoanxgxamclrbcelgeimcclsxlbnxgxamcrbalrageimccloscanxgxamrrobxcageiclsmrbsonxgxamsmmrbmbgeiclsmarsenxgxamsmmrbmbgeiccmmllebnxgxamclarlmmgeimcclsxsbnxgxamrroelrxgeiclsmrbxonxgxamsbebceegeiclsmrbxcnxgxamsbebceegeiclsmarscnxgxamsbebceegeiccmmlmlcnxgxamsbebceegeiclsmarrenxgxamsbebceegeicaormbaonxgxamsbxxbsrgeicaormlrenxgxamcememscgeimcclsxlonxgxamcsmlmxcgeimrblelronxgxamsbremaegeimaecsxobnxgxamsbremaegeiclsmrbrcnxgxamsbroemmgeiclsmrraanxgxamclsslaegeiclsmrmxbnxgxamsbroemmgeimccloscenxgxamrcraoxsgeimcclsxxonxgxamslescrogeimrblelxbnxgxamslescrogeimcclsoeenxgxamclrbcelgeimrblelmonxgxamcxcrasxgeimrbleloenxgxamcxcrasxgeiclsmrrmanxgxamcxabcxbgeiclsmrbeonxgxamcxabcxbgeiclsmrrcenxgxamcxabcxbgeiclsmrmxanxgxamcxabcxbgeiclsmrbxenxgxamcxabcxbgeiclsmaroonxgxamcxabcxbgeialbserxenxgxamcosraregeimcclsxsenxgxamrcraoxsgeimcclsxlanxgxamcblrlbcgeiccmmlleanxgxamccrrssogeicaormlabnxgxamcrllsmageicaormlconxgxamcrllsmageiclsmarsonxgxamclsslaegeiclsmrmlbnxgxamclsslaegeiclsmrmocnxgxamclsslaegeiccmmllecnxgxamclsslaegeimcclsxcanxgxamrceerscgeimrblelcenxgxamclrbcelgeimaecsxrcnxgxamclrbcelgeialbserxonxgxamclarlmmgeimcclosscnxgxamrceerscgeimaecobronxgxamrescroogeimaecobeenxgxamrescroogeimcclosccnxgxamrescroogeimaecoboonxgxamrescroogeimrblxelenxgxamrescroogeimaecsxccnxgxamrcremlrgeimlxbaxlonxgxamrcraoxsgeimlxbaxbanxgxamrcaxocmgeimlxbaxbonxgxamrroelrxgeimlxbaxlanxgxamrrobxcageimlxbaxlcnxgxamraobrssgeimlxbaxbcnxgxamrrrsbaageimmcoaalonxgxamrrmmrssgxcceialrexexbnxgxamrrmbceogxcceimblelambnxgxamrrmlssmgxcceimbbcemoancgxamrrboamagxcceialrexeoonxgxamrrbsasegxcceimclsaoxbncgxamrrbsasegxcceimaoobbebnxgxamrrlbxebgxcceimsacexoonxgxamrrlbbcegxcceimlxbaxlenxgxamrrlbbcegeimbbcemobncgxamrrlbbcxgxcceixaoossalnxgxamrrlbbcxgxcceimrxccosonxgxamrrlbbcxgxcceixaoosscrnxgxamrrlblbegxcceimrxccoscnxgxamrrlblbegxcceimbmlselonxgxamraeaoemgxcceimblrcsobnxgxamraebeblgxcceimeembesonxgxamraebeblgxcceimeembecenxgxamraebeblgxcceimxlbmxlcnogxamraebeblgxcceimboslabcnxgxamraebeblgxcceimlxasascnxgxamraxxxecgxcceimxlbmoscnogxamraxroxrgxcceimeembescnsgxamraxroxrgxcceimcssmlrcnsgxamraxlalegxcceimcssmlrenbgxamraoebllgxcceimlxocxobnogxamraoxmbmgxcceimxlbmosonogxamraoxmbmgxcceimlxmrlxenxgxamraoxmbmgxcceimxlbmosanogxamraoxmbmgxcceimxlbmosenogxamraoxmbmgxcceimbscxmxanxgxamraoxmbmgxcceimbscxmobnxgxamraobssmgxcceimxeoxsacnxgxamraobssmgxcceicmarxbbonogxamraobssmgxcceimxlbalscnxgxamraobrssgxcceiallxlmscnxgxamrasoexmgxcceimcssmlronagxamrasoexmgxcceimocbmmaanxgxamrasoexmgxcceimocbmmmenxgxamrasoexmgxcceiocmlslsmnxgxamrasormegxcceimbclraronogxamrassecagxcceimxlbalsbnxgxamrassblsgxcceiceecmorsnxgxamrasmemegxcceimxlbmoconmgxamrasmemegxcceimaooloranxgxamracemrsgxcceimxxerrxenxgxamraaxasegxcce; expires=Tue, 07 Feb 2023 05:33:50 GMT; path=/; domain=.realsrv.com; Secure; SameSite=none
c-tag=%7B%22tag-banner%22%3A%22v3%7C%7CNOR%7C4891816%7C71105510%7C0%7C%7C508%7C41%7C3%7C40%7C0%7C0%7C0%7C25344%7C0%7C0%7C0%7C1%7C0%7C0%7C0%7C0%7C1%7C0%7C0%7C1%7C%7C1cffa26cab9227e1600343a9ffbf0de2%7C0%7Cxfantazy.com%7C%7C%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7Cok%22%7D; expires=Tue, 07 Feb 2023 05:33:50 GMT; path=/; domain=.realsrv.com; Secure; SameSite=none
X-Robots-Tag: noindex, follow
Content-Encoding: gzip
a.naturalhealthsource.club/api/spots/312875?p=1&s1=%subid1%&kw=
200 OK 4.7 kB URL HTTP/2 a.naturalhealthsource.club/api/spots/312875?p=1&s1=%subid1%&kw=
IP
ASN #24940 Hetzner Online GmbH
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- assembler source, ASCII text, with very long lines (2771)
Hash ce2992b55c65dca516e7ae1c8fda433b
71cd1f575a76d493faf9adaa34372e9d8100fae0
5c0ca8da8c4c26c814c1ff91b44aa3d76ca0ed4dc07d083a647908e500852699
GET /api/spots/312875?p=1&s1=%subid1%&kw= HTTP/1.1
Host: a.naturalhealthsource.club
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Cookie: nauid=KvXNypSNdxFKThmzsNz3
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Mon, 06 Feb 2023 05:33:50 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
cache-control: private
content-encoding: gzip
X-Firefox-Spdy: h2
cdn.tubecorp.com/i/b.html?spot=4700&src=101329735&pid=19775&width=300&height=250&spaceid=859
200 OK 3.9 kB URL HTTP/2 cdn.tubecorp.com/i/b.html?spot=4700&src=101329735&pid=19775&width=300&height=250&spaceid=859
IP
ASN #39572 DataWeb Global Group B.V.
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (5920), with CRLF, LF line terminators
Hash 17d2e041f1d92fdcea80c099b33a3dca
a9c49cf7fee90c10083a546e83aaa52e3e6b99f8
7f2d9d7504e8d564e2bf1f79a4db93df0bab8bed3acaa268907572bbab7fb282
GET /i/b.html?spot=4700&src=101329735&pid=19775&width=300&height=250&spaceid=859 HTTP/1.1
Host: cdn.tubecorp.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://a.naturalhealthsource.club/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Mon, 06 Feb 2023 05:33:50 GMT
content-type: text/html; charset=UTF-8
server: nginx/1.20.1
last-modified: Sat, 20 Nov 2021 06:50:54 GMT
etag: W/"df-5d132d021cf80"
x-request-id: 00e6adac7db5841b1a68de91ee82f473
content-encoding: gzip
expires: Mon, 06 Feb 2023 06:33:50 GMT
cache-control: max-age=3600
x-proxy-cache: REVALIDATED
access-control-allow-origin: *
X-Firefox-Spdy: h2
syndication.realsrv.com/v1/api.php
200 OK 1.3 kB URL HTTP/1.1 syndication.realsrv.com/v1/api.php
IP
ASN #60781 LeaseWeb Netherlands B.V.
File type JSON data\012- , ASCII text, with very long lines (1753), with no line terminators
Hash f46fff6fba6d0138f77c877d42002041
29917f7025569538b097e5a79e44876dc6e19099
d15d47c09a72266d6e89b8af665854cb1e57faa22485f95642f496dd6e6f9158
POST /v1/api.php HTTP/1.1
Host: syndication.realsrv.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 312
Origin: https://a.realsrv.com
Connection: keep-alive
Referer: https://a.realsrv.com/
Cookie: __uvt=a%3A1%3A%7Bi%3A0%3Bs%3A33%3A%2263e0913e97bfe2.524013583961040162%22%3B%7D; impressions=oslmrxbrnxgxamrrlbbcegeicxbmsbcenxgxamrrlbbcegeimmccrbebnxgxamcbexxbmgeioslmrxbmnxgxamrroelrxgeicxbmsbocnxgxamrroelrxgeimmccrlaonxgxamrcremlrgeimmccrlacnxgxamcmlarclgeicxbmsboenxgxamraobssmgeioslmrxlrnxgxamslescrogeimmccrbxenxgxamrescroogeislsaroornxgxamccolacbgeioslmroemnxgxamrrobxcageioslmrxlsnxgxamraobrssgeicmmsxrbonxgxamsoeamlmgeimmccrlaenxgxamrsxxxmrgeimmccrbeanxgxamcssabxegeicaocmrmanxgxamolcrcergeimcclsxronxgxamsscrmclgeimcclsxmenxgxamrceerargeialbserebnxgxamccrrssogeimcclsxaonxgxamsxsxllxgeicxbmsbxcnxgxamrrrsbaageimrblxebenxgxamselmborgeimcclsxconxgxamrcraoxsgeirbabxabbnxgxamrescroogeimcclsxacnxgxamsscrmclgeicmmsxaeenxgxamcmrmsrmgeialbsereanxgxamsoeabscgeicaxsscmbnxgxamsosomemgeimcclosconxgxamrrlbbcegeimcclsoeonxgxamrcraoxsgeimcclsxlcnxgxamrrxsoaageimcclossbnxgxamcscxaesgeimcclsxscnxgxamsmoooeegeimcclsxlenxgxamcbrorxbgeimaecseaenxgxamrcremlrgeimaecsxcbnxgxamsmoooeegeimcclsxoanxgxamclrbcelgeimcclsxlbnxgxamcrbalrageimccloscanxgxamrrobxcageiclsmrbsonxgxamsmmrbmbgeiclsmarsenxgxamsmmrbmbgeiccmmllebnxgxamclarlmmgeimcclsxsbnxgxamrroelrxgeiclsmrbxonxgxamsbebceegeiclsmrbxcnxgxamsbebceegeiclsmarscnxgxamsbebceegeiccmmlmlcnxgxamsbebceegeiclsmarrenxgxamsbebceegeicaormbaonxgxamsbxxbsrgeicaormlrenxgxamcememscgeimcclsxlonxgxamcsmlmxcgeimrblelronxgxamsbremaegeimaecsxobnxgxamsbremaegeiclsmrbrcnxgxamsbroemmgeiclsmrraanxgxamclsslaegeiclsmrmxbnxgxamsbroemmgeimccloscenxgxamrcraoxsgeimcclsxxonxgxamslescrogeimrblelxbnxgxamslescrogeimcclsoeenxgxamclrbcelgeimrblelmonxgxamcxcrasxgeimrbleloenxgxamcxcrasxgeiclsmrrmanxgxamcxabcxbgeiclsmrbeonxgxamcxabcxbgeiclsmrrcenxgxamcxabcxbgeiclsmrmxanxgxamcxabcxbgeiclsmrbxenxgxamcxabcxbgeiclsmaroonxgxamcxabcxbgeialbserxenxgxamcosraregeimcclsxsenxgxamrcraoxsgeimcclsxlanxgxamcblrlbcgeiccmmlleanxgxamccrrssogeicaormlabnxgxamcrllsmageicaormlconxgxamcrllsmageiclsmarsonxgxamclsslaegeiclsmrmlbnxgxamclsslaegeiclsmrmocnxgxamclsslaegeiccmmllecnxgxamclsslaegeimcclsxcanxgxamrceerscgeimrblelcenxgxamclrbcelgeimaecsxrcnxgxamclrbcelgeialbserxonxgxamclarlmmgeimcclosscnxgxamrceerscgeimaecobronxgxamrescroogeimaecobeenxgxamrescroogeimcclosccnxgxamrescroogeimaecoboonxgxamrescroogeimrblxelenxgxamrescroogeimaecsxccnxgxamrcremlrgeimlxbaxlonxgxamrcraoxsgeimlxbaxbanxgxamrcaxocmgeimlxbaxbonxgxamrroelrxgeimlxbaxlanxgxamrrobxcageimlxbaxlcnxgxamraobrssgeimlxbaxbcnxgxamrrrsbaageimmcoaalonxgxamrrmmrssgxcceialrexexbnxgxamrrmbceogxcceimblelambnxgxamrrmlssmgxcceimbbcemoancgxamrrboamagxcceialrexeoonxgxamrrbsasegxcceimclsaoxbncgxamrrbsasegxcceimaoobbebnxgxamrrlbxebgxcceimsacexoonxgxamrrlbbcegxcceimlxbaxlenxgxamrrlbbcegeimbbcemobncgxamrrlbbcxgxcceixaoossalnxgxamrrlbbcxgxcceimrxccosonxgxamrrlbbcxgxcceixaoosscrnxgxamrrlblbegxcceimrxccoscnxgxamrrlblbegxcceimbmlselonxgxamraeaoemgxcceimblrcsobnxgxamraebeblgxcceimeembesonxgxamraebeblgxcceimeembecenxgxamraebeblgxcceimxlbmxlcnogxamraebeblgxcceimboslabcnxgxamraebeblgxcceimlxasascnxgxamraxxxecgxcceimxlbmoscnogxamraxroxrgxcceimeembescnsgxamraxroxrgxcceimcssmlrcnsgxamraxlalegxcceimcssmlrenbgxamraoebllgxcceimlxocxobnogxamraoxmbmgxcceimxlbmosonogxamraoxmbmgxcceimlxmrlxenxgxamraoxmbmgxcceimxlbmosanogxamraoxmbmgxcceimxlbmosenogxamraoxmbmgxcceimbscxmxanxgxamraoxmbmgxcceimbscxmobnxgxamraobssmgxcceimxeoxsacnxgxamraobssmgxcceicmarxbbonogxamraobssmgxcceimxlbalscnxgxamraobrssgxcceiallxlmscnxgxamrasoexmgxcceimcssmlronagxamrasoexmgxcceimocbmmaanxgxamrasoexmgxcceimocbmmmenxgxamrasoexmgxcceiocmlslsmnxgxamrasormegxcceimbclraronogxamrassecagxcceimxlbalsbnxgxamrassblsgxcceiceecmorsnxgxamrasmemegxcceimxlbmoconmgxamrasmemegxcceimaooloranxgxamracemrsgxcceimxxerrxenxgxamraaxasegxcce; c-tag=%7B%22tag-banner%22%3A%22v3%7C%7CNOR%7C4891814%7C71105510%7C0%7C%7C508%7C41%7C3%7C40%7C0%7C0%7C0%7C25344%7C0%7C0%7C0%7C1%7C0%7C0%7C0%7C0%7C1%7C0%7C0%7C1%7C%7C1cffa26cab9227e1600343a9ffbf0de2%7C0%7Cxfantazy.com%7C%7C%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7Cok%22%7D
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
HTTP/1.1 200 OK
Server: nginx
Date: Mon, 06 Feb 2023 05:33:50 GMT
Content-Type: application/json
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Origin: https://a.realsrv.com
Access-Control-Allow-Headers: Authorization, Content-Type
Access-Control-Request-Method: POST
Access-Control-Allow-Credentials: true
X-Robots-Tag: noindex, follow
Content-Encoding: gzip
syndication.realsrv.com/splash.php?native-settings=1&idzone=4891814&cookieconsent=true&&p=https%3A%2F%2Fxfantazy.com%2F&max=3&loaded=1
200 OK 3.1 kB URL HTTP/1.1 syndication.realsrv.com/splash.php?native-settings=1&idzone=4891814&cookieconsent=true&&p=https%3A%2F%2Fxfantazy.com%2F&max=3&loaded=1
IP
ASN #60781 LeaseWeb Netherlands B.V.
File type JSON data\012- , ASCII text, with very long lines (5919), with no line terminators
Hash bc900de3d13978af100a1625de9496c3
b925f72b3fdabe5345490a20213f1258b7023bf9
27d3fc1b3d5eb425e1b9acab3ea10d4001258a8970a8908404df748cf5474b90
GET /splash.php?native-settings=1&idzone=4891814&cookieconsent=true&&p=https%3A%2F%2Fxfantazy.com%2F&max=3&loaded=1 HTTP/1.1
Host: syndication.realsrv.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://a.naturalhealthsource.club
Connection: keep-alive
Referer: https://a.naturalhealthsource.club/
Cookie: __uvt=a%3A1%3A%7Bi%3A0%3Bs%3A33%3A%2263e0913e97bfe2.524013583961040162%22%3B%7D; impressions=oslmrxbrnxgxamrrlbbcegeicxbmsbcenxgxamrrlbbcegeimmccrbebnxgxamcbexxbmgeioslmrxbmnxgxamrroelrxgeicxbmsbocnxgxamrroelrxgeimmccrlaonxgxamrcremlrgeimmccrlacnxgxamcmlarclgeicxbmsboenxgxamraobssmgeioslmrxlrnxgxamslescrogeimmccrbxenxgxamrescroogeislsaroornxgxamccolacbgeioslmroemnxgxamrrobxcageioslmrxlsnxgxamraobrssgeicmmsxrbonxgxamsoeamlmgeimmccrlaenxgxamrsxxxmrgeimmccrbeanxgxamcssabxegeicaocmrmanxgxamolcrcergeimcclsxronxgxamsscrmclgeimcclsxmenxgxamrceerargeialbserebnxgxamccrrssogeimcclsxaonxgxamsxsxllxgeicxbmsbxcnxgxamrrrsbaageimrblxebenxgxamselmborgeimcclsxconxgxamrcraoxsgeirbabxabbnxgxamrescroogeimcclsxacnxgxamsscrmclgeicmmsxaeenxgxamcmrmsrmgeialbsereanxgxamsoeabscgeicaxsscmbnxgxamsosomemgeimcclosconxgxamrrlbbcegeimcclsoeonxgxamrcraoxsgeimcclsxlcnxgxamrrxsoaageimcclossbnxgxamcscxaesgeimcclsxscnxgxamsmoooeegeimcclsxlenxgxamcbrorxbgeimaecseaenxgxamrcremlrgeimaecsxcbnxgxamsmoooeegeimcclsxoanxgxamclrbcelgeimcclsxlbnxgxamcrbalrageimccloscanxgxamrrobxcageiclsmrbsonxgxamsmmrbmbgeiclsmarsenxgxamsmmrbmbgeiccmmllebnxgxamclarlmmgeimcclsxsbnxgxamrroelrxgeiclsmrbxonxgxamsbebceegeiclsmrbxcnxgxamsbebceegeiclsmarscnxgxamsbebceegeiccmmlmlcnxgxamsbebceegeiclsmarrenxgxamsbebceegeicaormbaonxgxamsbxxbsrgeicaormlrenxgxamcememscgeimcclsxlonxgxamcsmlmxcgeimrblelronxgxamsbremaegeimaecsxobnxgxamsbremaegeiclsmrbrcnxgxamsbroemmgeiclsmrraanxgxamclsslaegeiclsmrmxbnxgxamsbroemmgeimccloscenxgxamrcraoxsgeimcclsxxonxgxamslescrogeimrblelxbnxgxamslescrogeimcclsoeenxgxamclrbcelgeimrblelmonxgxamcxcrasxgeimrbleloenxgxamcxcrasxgeiclsmrrmanxgxamcxabcxbgeiclsmrbeonxgxamcxabcxbgeiclsmrrcenxgxamcxabcxbgeiclsmrmxanxgxamcxabcxbgeiclsmrbxenxgxamcxabcxbgeiclsmaroonxgxamcxabcxbgeialbserxenxgxamcosraregeimcclsxsenxgxamrcraoxsgeimcclsxlanxgxamcblrlbcgeiccmmlleanxgxamccrrssogeicaormlabnxgxamcrllsmageicaormlconxgxamcrllsmageiclsmarsonxgxamclsslaegeiclsmrmlbnxgxamclsslaegeiclsmrmocnxgxamclsslaegeiccmmllecnxgxamclsslaegeimcclsxcanxgxamrceerscgeimrblelcenxgxamclrbcelgeimaecsxrcnxgxamclrbcelgeialbserxonxgxamclarlmmgeimcclosscnxgxamrceerscgeimaecobronxgxamrescroogeimaecobeenxgxamrescroogeimcclosccnxgxamrescroogeimaecoboonxgxamrescroogeimrblxelenxgxamrescroogeimaecsxccnxgxamrcremlrgeimlxbaxlonxgxamrcraoxsgeimlxbaxbanxgxamrcaxocmgeimlxbaxbonxgxamrroelrxgeimlxbaxlanxgxamrrobxcageimlxbaxlcnxgxamraobrssgeimlxbaxbcnxgxamrrrsbaageimmcoaalonxgxamrrmmrssgxcceialrexexbnxgxamrrmbceogxcceimblelambnxgxamrrmlssmgxcceimbbcemoancgxamrrboamagxcceialrexeoonxgxamrrbsasegxcceimclsaoxbncgxamrrbsasegxcceimaoobbebnxgxamrrlbxebgxcceimsacexoonxgxamrrlbbcegxcceimlxbaxlenxgxamrrlbbcegeimbbcemobncgxamrrlbbcxgxcceixaoossalnxgxamrrlbbcxgxcceimrxccosonxgxamrrlbbcxgxcceixaoosscrnxgxamrrlblbegxcceimrxccoscnxgxamrrlblbegxcceimbmlselonxgxamraeaoemgxcceimblrcsobnxgxamraebeblgxcceimeembesonxgxamraebeblgxcceimeembecenxgxamraebeblgxcceimxlbmxlcnogxamraebeblgxcceimboslabcnxgxamraebeblgxcceimlxasascnxgxamraxxxecgxcceimxlbmoscnogxamraxroxrgxcceimeembescnsgxamraxroxrgxcceimcssmlrcnsgxamraxlalegxcceimcssmlrenbgxamraoebllgxcceimlxocxobnogxamraoxmbmgxcceimxlbmosonogxamraoxmbmgxcceimlxmrlxenxgxamraoxmbmgxcceimxlbmosanogxamraoxmbmgxcceimxlbmosenogxamraoxmbmgxcceimbscxmxanxgxamraoxmbmgxcceimbscxmobnxgxamraobssmgxcceimxeoxsacnxgxamraobssmgxcceicmarxbbonogxamraobssmgxcceimxlbalscnxgxamraobrssgxcceiallxlmscnxgxamrasoexmgxcceimcssmlronagxamrasoexmgxcceimocbmmaanxgxamrasoexmgxcceimocbmmmenxgxamrasoexmgxcceiocmlslsmnxgxamrasormegxcceimbclraronogxamrassecagxcceimxlbalsbnxgxamrassblsgxcceiceecmorsnxgxamrasmemegxcceimxlbmoconmgxamrasmemegxcceimaooloranxgxamracemrsgxcceimxxerrxenxgxamraaxasegxcce; c-tag=%7B%22tag-banner%22%3A%22v3%7C%7CNOR%7C4891814%7C71105510%7C0%7C%7C508%7C41%7C3%7C40%7C0%7C0%7C0%7C25344%7C0%7C0%7C0%7C1%7C0%7C0%7C0%7C0%7C1%7C0%7C0%7C1%7C%7C1cffa26cab9227e1600343a9ffbf0de2%7C0%7Cxfantazy.com%7C%7C%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7Cok%22%7D
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Mon, 06 Feb 2023 05:33:50 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Origin: https://a.naturalhealthsource.club
Access-Control-Allow-Credentials: true
Set-Cookie: __uvt=a%3A1%3A%7Bi%3A0%3Bs%3A33%3A%2263e0913e97bfe2.524013583961040162%22%3B%7D; expires=Wed, 05 Feb 2025 05:33:50 GMT; path=; domain=.realsrv.com; Secure; SameSite=none
impressions=oslmrxbrnxgxamrrlbbcegeicxbmsbcenxgxamrrlbbcegeimmccrbebnxgxamcbexxbmgeioslmrxbmnxgxamrroelrxgeicxbmsbocnxgxamrroelrxgeimmccrlaonxgxamrcremlrgeimmccrlacnxgxamcmlarclgeicxbmsboenxgxamraobssmgeioslmrxlrnxgxamslescrogeimmccrbxenxgxamrescroogeislsaroornxgxamccolacbgeioslmroemnxgxamrrobxcageioslmrxlsnxgxamraobrssgeicmmsxrbonxgxamsoeamlmgeimmccrlaenxgxamrsxxxmrgeimmccrbeanxgxamraaxasegeicaocmrmanxgxamolcrcergeimcclsxronxgxamsscrmclgeimcclsxmenxgxamrceerargeialbserebnxgxamraaxasegeimcclsxaonxgxamsxsxllxgeicxbmsbxcnxgxamrrrsbaageimrblxebenxgxamselmborgeimcclsxconxgxamrcraoxsgeirbabxabbnxgxamrescroogeimcclsxacnxgxamsscrmclgeicmmsxaeenxgxamcmrmsrmgeialbsereanxgxamsoeabscgeicaxsscmbnxgxamsosomemgeimcclosconxgxamrrlbbcegeimcclsoeonxgxamrcraoxsgeimcclsxlcnxgxamrrxsoaageimcclossbnxgxamcscxaesgeimcclsxscnxgxamsmoooeegeimcclsxlenxgxamcbrorxbgeimaecseaenxgxamrcremlrgeimaecsxcbnxgxamsmoooeegeimcclsxoanxgxamclrbcelgeimcclsxlbnxgxamcrbalrageimccloscanxgxamrrobxcageiclsmrbsonxgxamsmmrbmbgeiclsmarsenxgxamsmmrbmbgeiccmmllebnxgxamclarlmmgeimcclsxsbnxgxamrroelrxgeiclsmrbxonxgxamsbebceegeiclsmrbxcnxgxamsbebceegeiclsmarscnxgxamsbebceegeiccmmlmlcnxgxamsbebceegeiclsmarrenxgxamsbebceegeicaormbaonxgxamsbxxbsrgeicaormlrenxgxamcememscgeimcclsxlonxgxamcsmlmxcgeimrblelronxgxamsbremaegeimaecsxobnxgxamsbremaegeiclsmrbrcnxgxamsbroemmgeiclsmrraanxgxamclsslaegeiclsmrmxbnxgxamsbroemmgeimccloscenxgxamrcraoxsgeimcclsxxonxgxamslescrogeimrblelxbnxgxamslescrogeimcclsoeenxgxamclrbcelgeimrblelmonxgxamcxcrasxgeimrbleloenxgxamcxcrasxgeiclsmrrmanxgxamcxabcxbgeiclsmrbeonxgxamcxabcxbgeiclsmrrcenxgxamcxabcxbgeiclsmrmxanxgxamcxabcxbgeiclsmrbxenxgxamcxabcxbgeiclsmaroonxgxamcxabcxbgeialbserxenxgxamcosraregeimcclsxsenxgxamrcraoxsgeimcclsxlanxgxamcblrlbcgeiccmmlleanxgxamccrrssogeicaormlabnxgxamcrllsmageicaormlconxgxamcrllsmageiclsmarsonxgxamclsslaegeiclsmrmlbnxgxamclsslaegeiclsmrmocnxgxamclsslaegeiccmmllecnxgxamclsslaegeimcclsxcanxgxamrceerscgeimrblelcenxgxamclrbcelgeimaecsxrcnxgxamclrbcelgeialbserxonxgxamclarlmmgeimcclosscnxgxamrceerscgeimaecobronxgxamrescroogeimaecobeenxgxamrescroogeimcclosccnxgxamrescroogeimaecoboonxgxamrescroogeimrblxelenxgxamrescroogeimaecsxccnxgxamrcremlrgeimlxbaxlonxgxamrcraoxsgeimlxbaxbanxgxamrcaxocmgeimlxbaxbonxgxamraaxasegeimlxbaxlanxgxamrrobxcageimlxbaxlcnxgxamraobrssgeimlxbaxbcnxgxamrrrsbaageimmcoaalonxgxamrrmmrssgxcceialrexexbnxgxamrrmbceogxcceimblelambnxgxamrrmlssmgxcceimbbcemoancgxamrrboamagxcceialrexeoonxgxamrrbsasegxcceimclsaoxbncgxamrrbsasegxcceimaoobbebnxgxamrrlbxebgxcceimsacexoonxgxamrrlbbcegxcceimlxbaxlenxgxamrrlbbcegeimbbcemobncgxamrrlbbcxgxcceixaoossalnxgxamrrlbbcxgxcceimrxccosonxgxamrrlbbcxgxcceixaoosscrnxgxamrrlblbegxcceimrxccoscnxgxamrrlblbegxcceimbmlselonxgxamraeaoemgxcceimblrcsobnxgxamraebeblgxcceimeembesonxgxamraebeblgxcceimeembecenxgxamraebeblgxcceimxlbmxlcnogxamraebeblgxcceimboslabcnxgxamraebeblgxcceimlxasascnxgxamraxxxecgxcceimxlbmoscnogxamraxroxrgxcceimeembescnsgxamraxroxrgxcceimcssmlrcnsgxamraxlalegxcceimcssmlrenbgxamraoebllgxcceimlxocxobnogxamraoxmbmgxcceimxlbmosonogxamraoxmbmgxcceimlxmrlxenxgxamraoxmbmgxcceimxlbmosanogxamraoxmbmgxcceimxlbmosenogxamraoxmbmgxcceimbscxmxanxgxamraoxmbmgxcceimbscxmobnxgxamraobssmgxcceimxeoxsacnxgxamraobssmgxcceicmarxbbonogxamraobssmgxcceimxlbalscnxgxamraobrssgxcceiallxlmscnxgxamrasoexmgxcceimcssmlronagxamrasoexmgxcceimocbmmaanxgxamrasoexmgxcceimocbmmmenxgxamrasoexmgxcceiocmlslsmnxgxamrasormegxcceimbclraronogxamrassecagxcceimxlbalsbnxgxamrassblsgxcceiceecmorsnxgxamrasmemegxcceimxlbmoconmgxamrasmemegxcceimaooloranxgxamracemrsgxcceimxxerrxenxgxamraaxasegxcceimxxerreanxgxamraaxasegxcce; expires=Tue, 07 Feb 2023 05:33:50 GMT; path=/; domain=.realsrv.com; Secure; SameSite=none
c-tag=%7B%22tag-banner%22%3A%22v3%7C%7CNOR%7C4891814%7C71105506%7C0%7C%7C508%7C41%7C3%7C40%7C0%7C0%7C0%7C25344%7C0%7C0%7C0%7C1%7C0%7C0%7C0%7C0%7C1%7C0%7C0%7C1%7C63e0913e97bfe2.524013583961040162%7C1cffa26cab9227e1600343a9ffbf0de2%7C0%7Cxfantazy.com%7C%7C%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7Cok%22%7D; expires=Tue, 07 Feb 2023 05:33:50 GMT; path=/; domain=.realsrv.com; Secure; SameSite=none
c-tag=%7B%22tag-banner%22%3A%22v3%7C%7CNOR%7C4891814%7C79186182%7C0%7C%7C508%7C41%7C3%7C40%7C0%7C0%7C0%7C25344%7C0%7C0%7C0%7C1%7C0%7C0%7C0%7C0%7C1%7C0%7C0%7C1%7C63e0913e97bfe2.524013583961040162%7C1cffa26cab9227e1600343a9ffbf0de2%7C0%7Cxfantazy.com%7C%7C%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7Cok%22%7D; expires=Tue, 07 Feb 2023 05:33:50 GMT; path=/; domain=.realsrv.com; Secure; SameSite=none
c-tag=%7B%22tag-banner%22%3A%22v3%7C%7CNOR%7C4891814%7C69830508%7C0%7C%7C508%7C41%7C3%7C40%7C0%7C0%7C0%7C25344%7C0%7C0%7C0%7C1%7C0%7C0%7C0%7C0%7C1%7C0%7C0%7C1%7C63e0913e97bfe2.524013583961040162%7C1cffa26cab9227e1600343a9ffbf0de2%7C0%7Cxfantazy.com%7C%7C%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7Cok%22%7D; expires=Tue, 07 Feb 2023 05:33:50 GMT; path=/; domain=.realsrv.com; Secure; SameSite=none
X-Robots-Tag: noindex, follow
Content-Encoding: gzip
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 82d4cd75b5f78fa430c52f966c17f5e6
87ff62d3fa3478bb14091f1451b5c914549bfd3e
2d81207474e9c7b4aecbb13fb3442ae08cf1524ed79f9caaae41668c941f48c2
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "2D81207474E9C7B4AECBB13FB3442AE08CF1524ED79F9CAAAE41668C941F48C2"
Last-Modified: Sat, 04 Feb 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8408
Expires: Mon, 06 Feb 2023 07:53:58 GMT
Date: Mon, 06 Feb 2023 05:33:50 GMT
Connection: keep-alive
syndication.realsrv.com/cimp.php?t=api&data=H4sIAAAAAAAAA02PS2oDMRBEr5ILWPRXUnudbBNw8AGkGQ0O2DGM7eBFHz4aLUK6aKoQovREQLwD2kF8Adgz7xXcMBgEoYAq/v5xcEH/LvfHWs6nVs730+36WKcWpvOjuiTVmFxjFItuCYCjSzbMEF0huxCbbJ6iYs7kAs4OXaQssqUAgOwZ/O148OPnaz8xNHJ0cgZ4UofCQeIELj3DEzxyA0NulurSKChJb9HMFhF6jOQ6z7EqtdLqTEs2mwmxQJ5iSyowb0Vewto/dVt/wnS9DK5BpKzjffjTDof1AR/pa1nLpbn/u7MpjVp2FNmwfWpoXFuxuS5SCYr1VQPEnLRh/QUThHLHgwEAAA==
200 OK 20 B URL HTTP/1.1 syndication.realsrv.com/cimp.php?t=api&data=H4sIAAAAAAAAA02PS2oDMRBEr5ILWPRXUnudbBNw8AGkGQ0O2DGM7eBFHz4aLUK6aKoQovREQLwD2kF8Adgz7xXcMBgEoYAq/v5xcEH/LvfHWs6nVs730+36WKcWpvOjuiTVmFxjFItuCYCjSzbMEF0huxCbbJ6iYs7kAs4OXaQssqUAgOwZ/O148OPnaz8xNHJ0cgZ4UofCQeIELj3DEzxyA0NulurSKChJb9HMFhF6jOQ6z7EqtdLqTEs2mwmxQJ5iSyowb0Vewto/dVt/wnS9DK5BpKzjffjTDof1AR/pa1nLpbn/u7MpjVp2FNmwfWpoXFuxuS5SCYr1VQPEnLRh/QUThHLHgwEAAA==
IP
ASN #60781 LeaseWeb Netherlands B.V.
Hash a4745abc5e7fdb89cc6df3069f3c6e69
74789f7ddbebd5b7323f6f8174005b4bf8c1f1ed
d1111b245f685176180e6f1631e6dc49badf6672368e9ce260c71355165effdf
GET /cimp.php?t=api&data=H4sIAAAAAAAAA02PS2oDMRBEr5ILWPRXUnudbBNw8AGkGQ0O2DGM7eBFHz4aLUK6aKoQovREQLwD2kF8Adgz7xXcMBgEoYAq/v5xcEH/LvfHWs6nVs730+36WKcWpvOjuiTVmFxjFItuCYCjSzbMEF0huxCbbJ6iYs7kAs4OXaQssqUAgOwZ/O148OPnaz8xNHJ0cgZ4UofCQeIELj3DEzxyA0NulurSKChJb9HMFhF6jOQ6z7EqtdLqTEs2mwmxQJ5iSyowb0Vewto/dVt/wnS9DK5BpKzjffjTDof1AR/pa1nLpbn/u7MpjVp2FNmwfWpoXFuxuS5SCYr1VQPEnLRh/QUThHLHgwEAAA== HTTP/1.1
Host: syndication.realsrv.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://a.realsrv.com
Connection: keep-alive
Referer: https://a.realsrv.com/
Cookie: __uvt=a%3A1%3A%7Bi%3A0%3Bs%3A33%3A%2263e0913e97bfe2.524013583961040162%22%3B%7D; impressions=oslmrxbrnxgxamrrlbbcegeicxbmsbcenxgxamrrlbbcegeimmccrbebnxgxamcbexxbmgeioslmrxbmnxgxamrroelrxgeicxbmsbocnxgxamrroelrxgeimmccrlaonxgxamrcremlrgeimmccrlacnxgxamcmlarclgeicxbmsboenxgxamraobssmgeioslmrxlrnxgxamslescrogeimmccrbxenxgxamrescroogeislsaroornxgxamccolacbgeioslmroemnxgxamrrobxcageioslmrxlsnxgxamraobrssgeicmmsxrbonxgxamsoeamlmgeimmccrlaenxgxamrsxxxmrgeimmccrbeanxgxamraaxasegeicaocmrmanxgxamolcrcergeimcclsxronxgxamsscrmclgeimcclsxmenxgxamrceerargeialbserebnxgxamraaxasegeimcclsxaonxgxamsxsxllxgeicxbmsbxcnxgxamrrrsbaageimrblxebenxgxamselmborgeimcclsxconxgxamrcraoxsgeirbabxabbnxgxamrescroogeimcclsxacnxgxamsscrmclgeicmmsxaeenxgxamcmrmsrmgeialbsereanxgxamsoeabscgeicaxsscmbnxgxamsosomemgeimcclosconxgxamrrlbbcegeimcclsoeonxgxamrcraoxsgeimcclsxlcnxgxamrrxsoaageimcclossbnxgxamcscxaesgeimcclsxscnxgxamsmoooeegeimcclsxlenxgxamcbrorxbgeimaecseaenxgxamrcremlrgeimaecsxcbnxgxamsmoooeegeimcclsxoanxgxamclrbcelgeimcclsxlbnxgxamcrbalrageimccloscanxgxamrrobxcageiclsmrbsonxgxamsmmrbmbgeiclsmarsenxgxamsmmrbmbgeiccmmllebnxgxamclarlmmgeimcclsxsbnxgxamrroelrxgeiclsmrbxonxgxamsbebceegeiclsmrbxcnxgxamsbebceegeiclsmarscnxgxamsbebceegeiccmmlmlcnxgxamsbebceegeiclsmarrenxgxamsbebceegeicaormbaonxgxamsbxxbsrgeicaormlrenxgxamcememscgeimcclsxlonxgxamcsmlmxcgeimrblelronxgxamsbremaegeimaecsxobnxgxamsbremaegeiclsmrbrcnxgxamsbroemmgeiclsmrraanxgxamclsslaegeiclsmrmxbnxgxamsbroemmgeimccloscenxgxamrcraoxsgeimcclsxxonxgxamslescrogeimrblelxbnxgxamslescrogeimcclsoeenxgxamclrbcelgeimrblelmonxgxamcxcrasxgeimrbleloenxgxamcxcrasxgeiclsmrrmanxgxamcxabcxbgeiclsmrbeonxgxamcxabcxbgeiclsmrrcenxgxamcxabcxbgeiclsmrmxanxgxamcxabcxbgeiclsmrbxenxgxamcxabcxbgeiclsmaroonxgxamcxabcxbgeialbserxenxgxamcosraregeimcclsxsenxgxamrcraoxsgeimcclsxlanxgxamcblrlbcgeiccmmlleanxgxamccrrssogeicaormlabnxgxamcrllsmageicaormlconxgxamcrllsmageiclsmarsonxgxamclsslaegeiclsmrmlbnxgxamclsslaegeiclsmrmocnxgxamclsslaegeiccmmllecnxgxamclsslaegeimcclsxcanxgxamrceerscgeimrblelcenxgxamclrbcelgeimaecsxrcnxgxamclrbcelgeialbserxonxgxamclarlmmgeimcclosscnxgxamrceerscgeimaecobronxgxamrescroogeimaecobeenxgxamrescroogeimcclosccnxgxamrescroogeimaecoboonxgxamrescroogeimrblxelenxgxamrescroogeimaecsxccnxgxamrcremlrgeimlxbaxlonxgxamrcraoxsgeimlxbaxbanxgxamrcaxocmgeimlxbaxbonxgxamraaxasegeimlxbaxlanxgxamrrobxcageimlxbaxlcnxgxamraobrssgeimlxbaxbcnxgxamrrrsbaageimmcoaalonxgxamrrmmrssgxcceialrexexbnxgxamrrmbceogxcceimblelambnxgxamrrmlssmgxcceimbbcemoancgxamrrboamagxcceialrexeoonxgxamrrbsasegxcceimclsaoxbncgxamrrbsasegxcceimaoobbebnxgxamrrlbxebgxcceimsacexoonxgxamrrlbbcegxcceimlxbaxlenxgxamrrlbbcegeimbbcemobncgxamrrlbbcxgxcceixaoossalnxgxamrrlbbcxgxcceimrxccosonxgxamrrlbbcxgxcceixaoosscrnxgxamrrlblbegxcceimrxccoscnxgxamrrlblbegxcceimbmlselonxgxamraeaoemgxcceimblrcsobnxgxamraebeblgxcceimeembesonxgxamraebeblgxcceimeembecenxgxamraebeblgxcceimxlbmxlcnogxamraebeblgxcceimboslabcnxgxamraebeblgxcceimlxasascnxgxamraxxxecgxcceimxlbmoscnogxamraxroxrgxcceimeembescnsgxamraxroxrgxcceimcssmlrcnsgxamraxlalegxcceimcssmlrenbgxamraoebllgxcceimlxocxobnogxamraoxmbmgxcceimxlbmosonogxamraoxmbmgxcceimlxmrlxenxgxamraoxmbmgxcceimxlbmosanogxamraoxmbmgxcceimxlbmosenogxamraoxmbmgxcceimbscxmxanxgxamraoxmbmgxcceimbscxmobnxgxamraobssmgxcceimxeoxsacnxgxamraobssmgxcceicmarxbbonogxamraobssmgxcceimxlbalscnxgxamraobrssgxcceiallxlmscnxgxamrasoexmgxcceimcssmlronagxamrasoexmgxcceimocbmmaanxgxamrasoexmgxcceimocbmmmenxgxamrasoexmgxcceiocmlslsmnxgxamrasormegxcceimbclraronogxamrassecagxcceimxlbalsbnxgxamrassblsgxcceiceecmorsnxgxamrasmemegxcceimxlbmoconmgxamrasmemegxcceimaooloranxgxamracemrsgxcceimxxerrxenxgxamraaxasegxcceimxxerreanxgxamraaxasegxcce; c-tag=%7B%22tag-banner%22%3A%22v3%7C%7CNOR%7C4891814%7C69830508%7C0%7C%7C508%7C41%7C3%7C40%7C0%7C0%7C0%7C25344%7C0%7C0%7C0%7C1%7C0%7C0%7C0%7C0%7C1%7C0%7C0%7C1%7C63e0913e97bfe2.524013583961040162%7C1cffa26cab9227e1600343a9ffbf0de2%7C0%7Cxfantazy.com%7C%7C%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7Cok%22%7D
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
HTTP/1.1 200 OK
Server: nginx
Date: Mon, 06 Feb 2023 05:33:50 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Origin: https://a.realsrv.com
Access-Control-Allow-Credentials: true
Set-Cookie: __upt=%7B%22v%22%3A1%2C%22id%22%3A%2263e0913e97bfe2.524013583961040162%22%2C%22pcma%22%3A%22%22%2C%22acma%22%3A%22508.0199%22%7D; expires=Wed, 05 Feb 2025 05:33:50 GMT; path=/; domain=.realsrv.com; Secure; SameSite=none
X-Robots-Tag: noindex, follow
Content-Encoding: gzip
js.wpadmngr.com/npc/sdk/wp-banners.js
200 OK 0 B URL HTTP/2 js.wpadmngr.com/npc/sdk/wp-banners.js
IP
ASN #39572 DataWeb Global Group B.V.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /npc/sdk/wp-banners.js HTTP/1.1
Host: js.wpadmngr.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://a.naturalhealthsource.club/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Mon, 06 Feb 2023 05:33:50 GMT
content-type: application/javascript; charset=utf-8
content-length: 0
server: nginx/1.18.0
last-modified: Fri, 20 Aug 2021 15:14:31 GMT
etag: "611fc6d7-0"
expires: Mon, 06 Feb 2023 05:38:50 GMT
cache-control: max-age=300
x-proxy-cache: HIT
access-control-allow-origin: *
accept-ranges: bytes
X-Firefox-Spdy: h2
syndication.realsrv.com/v1/api.php
200 OK 1.3 kB URL HTTP/1.1 syndication.realsrv.com/v1/api.php
IP
ASN #60781 LeaseWeb Netherlands B.V.
File type JSON data\012- , ASCII text, with very long lines (1749), with no line terminators
Hash 529c89bbd3bd82c561a7f5a89dd7b5f3
14daf65cd73ff3c018cbfd3e123b891fb68adaf1
287213e17c8cde7ec192549211bcb4784d738e9f0285f8e5a3c545f83432f53d
POST /v1/api.php HTTP/1.1
Host: syndication.realsrv.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 312
Origin: https://a.realsrv.com
Connection: keep-alive
Referer: https://a.realsrv.com/
Cookie: __uvt=a%3A1%3A%7Bi%3A0%3Bs%3A33%3A%2263e0913e97bfe2.524013583961040162%22%3B%7D; impressions=oslmrxbrnxgxamrrlbbcegeicxbmsbcenxgxamrrlbbcegeimmccrbebnxgxamcbexxbmgeioslmrxbmnxgxamrroelrxgeicxbmsbocnxgxamrroelrxgeimmccrlaonxgxamrcremlrgeimmccrlacnxgxamcmlarclgeicxbmsboenxgxamraobssmgeioslmrxlrnxgxamslescrogeimmccrbxenxgxamrescroogeislsaroornxgxamccolacbgeioslmroemnxgxamrrobxcageioslmrxlsnxgxamraobrssgeicmmsxrbonxgxamsoeamlmgeimmccrlaenxgxamrsxxxmrgeimmccrbeanxgxamcssabxegeicaocmrmanxgxamolcrcergeimcclsxronxgxamsscrmclgeimcclsxmenxgxamrceerargeialbserebnxgxamccrrssogeimcclsxaonxgxamsxsxllxgeicxbmsbxcnxgxamrrrsbaageimrblxebenxgxamselmborgeimcclsxconxgxamrcraoxsgeirbabxabbnxgxamrescroogeimcclsxacnxgxamsscrmclgeicmmsxaeenxgxamcmrmsrmgeialbsereanxgxamsoeabscgeicaxsscmbnxgxamsosomemgeimcclosconxgxamrrlbbcegeimcclsoeonxgxamrcraoxsgeimcclsxlcnxgxamrrxsoaageimcclossbnxgxamcscxaesgeimcclsxscnxgxamsmoooeegeimcclsxlenxgxamcbrorxbgeimaecseaenxgxamrcremlrgeimaecsxcbnxgxamsmoooeegeimcclsxoanxgxamclrbcelgeimcclsxlbnxgxamcrbalrageimccloscanxgxamrrobxcageiclsmrbsonxgxamsmmrbmbgeiclsmarsenxgxamsmmrbmbgeiccmmllebnxgxamclarlmmgeimcclsxsbnxgxamrroelrxgeiclsmrbxonxgxamsbebceegeiclsmrbxcnxgxamsbebceegeiclsmarscnxgxamsbebceegeiccmmlmlcnxgxamsbebceegeiclsmarrenxgxamsbebceegeicaormbaonxgxamsbxxbsrgeicaormlrenxgxamcememscgeimcclsxlonxgxamcsmlmxcgeimrblelronxgxamsbremaegeimaecsxobnxgxamsbremaegeiclsmrbrcnxgxamsbroemmgeiclsmrraanxgxamclsslaegeiclsmrmxbnxgxamsbroemmgeimccloscenxgxamrcraoxsgeimcclsxxonxgxamslescrogeimrblelxbnxgxamslescrogeimcclsoeenxgxamclrbcelgeimrblelmonxgxamcxcrasxgeimrbleloenxgxamcxcrasxgeiclsmrrmanxgxamcxabcxbgeiclsmrbeonxgxamcxabcxbgeiclsmrrcenxgxamcxabcxbgeiclsmrmxanxgxamcxabcxbgeiclsmrbxenxgxamcxabcxbgeiclsmaroonxgxamcxabcxbgeialbserxenxgxamcosraregeimcclsxsenxgxamrcraoxsgeimcclsxlanxgxamcblrlbcgeiccmmlleanxgxamccrrssogeicaormlabnxgxamcrllsmageicaormlconxgxamcrllsmageiclsmarsonxgxamclsslaegeiclsmrmlbnxgxamclsslaegeiclsmrmocnxgxamclsslaegeiccmmllecnxgxamclsslaegeimcclsxcanxgxamrceerscgeimrblelcenxgxamclrbcelgeimaecsxrcnxgxamclrbcelgeialbserxonxgxamclarlmmgeimcclosscnxgxamrceerscgeimaecobronxgxamrescroogeimaecobeenxgxamrescroogeimcclosccnxgxamrescroogeimaecoboonxgxamrescroogeimrblxelenxgxamrescroogeimaecsxccnxgxamrcremlrgeimlxbaxlonxgxamrcraoxsgeimlxbaxbanxgxamrcaxocmgeimlxbaxbonxgxamrroelrxgeimlxbaxlanxgxamrrobxcageimlxbaxlcnxgxamraobrssgeimlxbaxbcnxgxamrrrsbaageimmcoaalonxgxamrrmmrssgxcceialrexexbnxgxamrrmbceogxcceimblelambnxgxamrrmlssmgxcceimbbcemoancgxamrrboamagxcceialrexeoonxgxamrrbsasegxcceimclsaoxbncgxamrrbsasegxcceimaoobbebnxgxamrrlbxebgxcceimsacexoonxgxamrrlbbcegxcceimlxbaxlenxgxamrrlbbcegeimbbcemobncgxamrrlbbcxgxcceixaoossalnxgxamrrlbbcxgxcceimrxccosonxgxamrrlbbcxgxcceixaoosscrnxgxamrrlblbegxcceimrxccoscnxgxamrrlblbegxcceimbmlselonxgxamraeaoemgxcceimblrcsobnxgxamraebeblgxcceimeembesonxgxamraebeblgxcceimeembecenxgxamraebeblgxcceimxlbmxlcnogxamraebeblgxcceimboslabcnxgxamraebeblgxcceimlxasascnxgxamraxxxecgxcceimxlbmoscnogxamraxroxrgxcceimeembescnsgxamraxroxrgxcceimcssmlrcnsgxamraxlalegxcceimcssmlrenbgxamraoebllgxcceimlxocxobnogxamraoxmbmgxcceimxlbmosonogxamraoxmbmgxcceimlxmrlxenxgxamraoxmbmgxcceimxlbmosanogxamraoxmbmgxcceimxlbmosenogxamraoxmbmgxcceimbscxmxanxgxamraoxmbmgxcceimbscxmobnxgxamraobssmgxcceimxeoxsacnxgxamraobssmgxcceicmarxbbonogxamraobssmgxcceimxlbalscnxgxamraobrssgxcceiallxlmscnxgxamrasoexmgxcceimcssmlronagxamrasoexmgxcceimocbmmaanxgxamrasoexmgxcceimocbmmmenxgxamrasoexmgxcceiocmlslsmnxgxamrasormegxcceimbclraronogxamrassecagxcceimxlbalsbnxgxamrassblsgxcceiceecmorsnxgxamrasmemegxcceimxlbmoconmgxamrasmemegxcceimaooloranxgxamracemrsgxcceimxxerrxenxgxamraaxasegxcce; c-tag=%7B%22tag-banner%22%3A%22v3%7C%7CNOR%7C4891814%7C71105510%7C0%7C%7C508%7C41%7C3%7C40%7C0%7C0%7C0%7C25344%7C0%7C0%7C0%7C1%7C0%7C0%7C0%7C0%7C1%7C0%7C0%7C1%7C%7C1cffa26cab9227e1600343a9ffbf0de2%7C0%7Cxfantazy.com%7C%7C%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7Cok%22%7D
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
HTTP/1.1 200 OK
Server: nginx
Date: Mon, 06 Feb 2023 05:33:50 GMT
Content-Type: application/json
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Origin: https://a.realsrv.com
Access-Control-Allow-Headers: Authorization, Content-Type
Access-Control-Request-Method: POST
Access-Control-Allow-Credentials: true
X-Robots-Tag: noindex, follow
Content-Encoding: gzip
syndication.realsrv.com/v1/api.php
200 OK 1.3 kB URL HTTP/1.1 syndication.realsrv.com/v1/api.php
IP
ASN #60781 LeaseWeb Netherlands B.V.
File type JSON data\012- , ASCII text, with very long lines (1754), with no line terminators
Hash 58bb2fcd22a05ea111dbf3634cb288ee
2aecad658771d159ea6ad12f952b1e4fcd7a9689
4b7ac6e509f83ae31296bf05aaf31b98764ab5603fb6896457caf74631fc3018
POST /v1/api.php HTTP/1.1
Host: syndication.realsrv.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 312
Origin: https://a.realsrv.com
Connection: keep-alive
Referer: https://a.realsrv.com/
Cookie: __uvt=a%3A1%3A%7Bi%3A0%3Bs%3A33%3A%2263e0913e97bfe2.524013583961040162%22%3B%7D; impressions=oslmrxbrnxgxamrrlbbcegeicxbmsbcenxgxamrrlbbcegeimmccrbebnxgxamcbexxbmgeioslmrxbmnxgxamrroelrxgeicxbmsbocnxgxamrroelrxgeimmccrlaonxgxamrcremlrgeimmccrlacnxgxamcmlarclgeicxbmsboenxgxamraobssmgeioslmrxlrnxgxamslescrogeimmccrbxenxgxamrescroogeislsaroornxgxamccolacbgeioslmroemnxgxamrrobxcageioslmrxlsnxgxamraobrssgeicmmsxrbonxgxamsoeamlmgeimmccrlaenxgxamrsxxxmrgeimmccrbeanxgxamcssabxegeicaocmrmanxgxamolcrcergeimcclsxronxgxamsscrmclgeimcclsxmenxgxamrceerargeialbserebnxgxamccrrssogeimcclsxaonxgxamsxsxllxgeicxbmsbxcnxgxamrrrsbaageimrblxebenxgxamselmborgeimcclsxconxgxamrcraoxsgeirbabxabbnxgxamrescroogeimcclsxacnxgxamsscrmclgeicmmsxaeenxgxamcmrmsrmgeialbsereanxgxamsoeabscgeicaxsscmbnxgxamsosomemgeimcclosconxgxamrrlbbcegeimcclsoeonxgxamrcraoxsgeimcclsxlcnxgxamrrxsoaageimcclossbnxgxamcscxaesgeimcclsxscnxgxamsmoooeegeimcclsxlenxgxamcbrorxbgeimaecseaenxgxamrcremlrgeimaecsxcbnxgxamsmoooeegeimcclsxoanxgxamclrbcelgeimcclsxlbnxgxamcrbalrageimccloscanxgxamrrobxcageiclsmrbsonxgxamsmmrbmbgeiclsmarsenxgxamsmmrbmbgeiccmmllebnxgxamclarlmmgeimcclsxsbnxgxamrroelrxgeiclsmrbxonxgxamsbebceegeiclsmrbxcnxgxamsbebceegeiclsmarscnxgxamsbebceegeiccmmlmlcnxgxamsbebceegeiclsmarrenxgxamsbebceegeicaormbaonxgxamsbxxbsrgeicaormlrenxgxamcememscgeimcclsxlonxgxamcsmlmxcgeimrblelronxgxamsbremaegeimaecsxobnxgxamsbremaegeiclsmrbrcnxgxamsbroemmgeiclsmrraanxgxamclsslaegeiclsmrmxbnxgxamsbroemmgeimccloscenxgxamrcraoxsgeimcclsxxonxgxamslescrogeimrblelxbnxgxamslescrogeimcclsoeenxgxamclrbcelgeimrblelmonxgxamcxcrasxgeimrbleloenxgxamcxcrasxgeiclsmrrmanxgxamcxabcxbgeiclsmrbeonxgxamcxabcxbgeiclsmrrcenxgxamcxabcxbgeiclsmrmxanxgxamcxabcxbgeiclsmrbxenxgxamcxabcxbgeiclsmaroonxgxamcxabcxbgeialbserxenxgxamcosraregeimcclsxsenxgxamrcraoxsgeimcclsxlanxgxamcblrlbcgeiccmmlleanxgxamccrrssogeicaormlabnxgxamcrllsmageicaormlconxgxamcrllsmageiclsmarsonxgxamclsslaegeiclsmrmlbnxgxamclsslaegeiclsmrmocnxgxamclsslaegeiccmmllecnxgxamclsslaegeimcclsxcanxgxamrceerscgeimrblelcenxgxamclrbcelgeimaecsxrcnxgxamclrbcelgeialbserxonxgxamclarlmmgeimcclosscnxgxamrceerscgeimaecobronxgxamrescroogeimaecobeenxgxamrescroogeimcclosccnxgxamrescroogeimaecoboonxgxamrescroogeimrblxelenxgxamrescroogeimaecsxccnxgxamrcremlrgeimlxbaxlonxgxamrcraoxsgeimlxbaxbanxgxamrcaxocmgeimlxbaxbonxgxamrroelrxgeimlxbaxlanxgxamrrobxcageimlxbaxlcnxgxamraobrssgeimlxbaxbcnxgxamrrrsbaageimmcoaalonxgxamrrmmrssgxcceialrexexbnxgxamrrmbceogxcceimblelambnxgxamrrmlssmgxcceimbbcemoancgxamrrboamagxcceialrexeoonxgxamrrbsasegxcceimclsaoxbncgxamrrbsasegxcceimaoobbebnxgxamrrlbxebgxcceimsacexoonxgxamrrlbbcegxcceimlxbaxlenxgxamrrlbbcegeimbbcemobncgxamrrlbbcxgxcceixaoossalnxgxamrrlbbcxgxcceimrxccosonxgxamrrlbbcxgxcceixaoosscrnxgxamrrlblbegxcceimrxccoscnxgxamrrlblbegxcceimbmlselonxgxamraeaoemgxcceimblrcsobnxgxamraebeblgxcceimeembesonxgxamraebeblgxcceimeembecenxgxamraebeblgxcceimxlbmxlcnogxamraebeblgxcceimboslabcnxgxamraebeblgxcceimlxasascnxgxamraxxxecgxcceimxlbmoscnogxamraxroxrgxcceimeembescnsgxamraxroxrgxcceimcssmlrcnsgxamraxlalegxcceimcssmlrenbgxamraoebllgxcceimlxocxobnogxamraoxmbmgxcceimxlbmosonogxamraoxmbmgxcceimlxmrlxenxgxamraoxmbmgxcceimxlbmosanogxamraoxmbmgxcceimxlbmosenogxamraoxmbmgxcceimbscxmxanxgxamraoxmbmgxcceimbscxmobnxgxamraobssmgxcceimxeoxsacnxgxamraobssmgxcceicmarxbbonogxamraobssmgxcceimxlbalscnxgxamraobrssgxcceiallxlmscnxgxamrasoexmgxcceimcssmlronagxamrasoexmgxcceimocbmmaanxgxamrasoexmgxcceimocbmmmenxgxamrasoexmgxcceiocmlslsmnxgxamrasormegxcceimbclraronogxamrassecagxcceimxlbalsbnxgxamrassblsgxcceiceecmorsnxgxamrasmemegxcceimxlbmoconmgxamrasmemegxcceimaooloranxgxamracemrsgxcceimxxerrxenxgxamraaxasegxcce; c-tag=%7B%22tag-banner%22%3A%22v3%7C%7CNOR%7C4891814%7C71105510%7C0%7C%7C508%7C41%7C3%7C40%7C0%7C0%7C0%7C25344%7C0%7C0%7C0%7C1%7C0%7C0%7C0%7C0%7C1%7C0%7C0%7C1%7C%7C1cffa26cab9227e1600343a9ffbf0de2%7C0%7Cxfantazy.com%7C%7C%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7Cok%22%7D
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
HTTP/1.1 200 OK
Server: nginx
Date: Mon, 06 Feb 2023 05:33:51 GMT
Content-Type: application/json
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Origin: https://a.realsrv.com
Access-Control-Allow-Headers: Authorization, Content-Type
Access-Control-Request-Method: POST
Access-Control-Allow-Credentials: true
X-Robots-Tag: noindex, follow
Content-Encoding: gzip
a.realsrv.com/iframe.js?idzone=4891806
200 OK 1.1 kB URL HTTP/2 a.realsrv.com/iframe.js?idzone=4891806
IP
ASN #60068 Datacamp Limited
File type ASCII text, with very long lines (2192), with no line terminators
Hash 9ce4d1ac814810642f7353f94200b196
d00bf52dce835ccae58c2feb3e7afcb8e5e76e49
2a5df518653cc8dde66ea0a910368f3e914f04ef9776475ba038c6157cfaf813
GET /iframe.js?idzone=4891806 HTTP/1.1
Host: a.realsrv.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://a.realsrv.com/iframe.php?idzone=4891806&size=300x250
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Mon, 06 Feb 2023 05:33:50 GMT
content-type: application/javascript
etag: W/"e1170ad2e5b08a2147f6b2d4c54"
expires: Thu, 02 Feb 2023 18:45:39 GMT
cache-control: max-age=10800
access-control-allow-origin: *
x-cache-op: HIT
x-accel-expires: @1675670020
server: CDN77-Turbo
x-77-nzt: AblMCRRWzar/agkAAA
x-77-nzt-ray: af58563057a7f6b93e91e063df1fde28
x-cache: HIT
x-age: 2410
x-77-pop: stockholmSE
x-77-cache: HIT
content-encoding: gzip
X-Firefox-Spdy: h2
syndication.realsrv.com/cimp.php?t=api&data=H4sIAAAAAAAAA02PSWoDMRBFr5ILuPk1SvI62Sbg4AP0oMYBO4a2Hbyow0fdixD9RT0KqeqJwbID7+AvwF5kbxSFuoJOuSPTeP84hFJ89/fH0p9PtT/fT7frYxlrN54fQ2gy8xTmrsWjJEC8NbM7EIYcylJ0rcmNcuZQhARa2ER1pQ4gTh4Z8XY8xPHztfUKFQ4KDgGebGi8ugQjtDGeCJeKQlJLGubKnbGCxLIUJzR0jqK9p54nS3kaZKaJrE6VaMAwszXhNij6bmnfui0/3Xi9bGabk8u2Hn/Z0VbaQWz0NS/9pUb8u7MmbVPba9XVOjjVCqXMSXxIlWYzER4mSaNJ9fkX4paWP4QBAAA=
200 OK 20 B URL HTTP/1.1 syndication.realsrv.com/cimp.php?t=api&data=H4sIAAAAAAAAA02PSWoDMRBFr5ILuPk1SvI62Sbg4AP0oMYBO4a2Hbyow0fdixD9RT0KqeqJwbID7+AvwF5kbxSFuoJOuSPTeP84hFJ89/fH0p9PtT/fT7frYxlrN54fQ2gy8xTmrsWjJEC8NbM7EIYcylJ0rcmNcuZQhARa2ER1pQ4gTh4Z8XY8xPHztfUKFQ4KDgGebGi8ugQjtDGeCJeKQlJLGubKnbGCxLIUJzR0jqK9p54nS3kaZKaJrE6VaMAwszXhNij6bmnfui0/3Xi9bGabk8u2Hn/Z0VbaQWz0NS/9pUb8u7MmbVPba9XVOjjVCqXMSXxIlWYzER4mSaNJ9fkX4paWP4QBAAA=
IP
ASN #60781 LeaseWeb Netherlands B.V.
Hash a4745abc5e7fdb89cc6df3069f3c6e69
74789f7ddbebd5b7323f6f8174005b4bf8c1f1ed
d1111b245f685176180e6f1631e6dc49badf6672368e9ce260c71355165effdf
GET /cimp.php?t=api&data=H4sIAAAAAAAAA02PSWoDMRBFr5ILuPk1SvI62Sbg4AP0oMYBO4a2Hbyow0fdixD9RT0KqeqJwbID7+AvwF5kbxSFuoJOuSPTeP84hFJ89/fH0p9PtT/fT7frYxlrN54fQ2gy8xTmrsWjJEC8NbM7EIYcylJ0rcmNcuZQhARa2ER1pQ4gTh4Z8XY8xPHztfUKFQ4KDgGebGi8ugQjtDGeCJeKQlJLGubKnbGCxLIUJzR0jqK9p54nS3kaZKaJrE6VaMAwszXhNij6bmnfui0/3Xi9bGabk8u2Hn/Z0VbaQWz0NS/9pUb8u7MmbVPba9XVOjjVCqXMSXxIlWYzER4mSaNJ9fkX4paWP4QBAAA= HTTP/1.1
Host: syndication.realsrv.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://a.realsrv.com
Connection: keep-alive
Referer: https://a.realsrv.com/
Cookie: __uvt=a%3A1%3A%7Bi%3A0%3Bs%3A33%3A%2263e0913e97bfe2.524013583961040162%22%3B%7D; impressions=oslmrxbrnxgxamrrlbbcegeicxbmsbcenxgxamrrlbbcegeimmccrbebnxgxamcbexxbmgeioslmrxbmnxgxamrroelrxgeicxbmsbocnxgxamrroelrxgeimmccrlaonxgxamrcremlrgeimmccrlacnxgxamcmlarclgeicxbmsboenxgxamraobssmgeioslmrxlrnxgxamslescrogeimmccrbxenxgxamrescroogeislsaroornxgxamccolacbgeioslmroemnxgxamrrobxcageioslmrxlsnxgxamraobrssgeicmmsxrbonxgxamsoeamlmgeimmccrlaenxgxamrsxxxmrgeimmccrbeanxgxamraaxasegeicaocmrmanxgxamolcrcergeimcclsxronxgxamsscrmclgeimcclsxmenxgxamrceerargeialbserebnxgxamraaxasegeimcclsxaonxgxamsxsxllxgeicxbmsbxcnxgxamrrrsbaageimrblxebenxgxamselmborgeimcclsxconxgxamrcraoxsgeirbabxabbnxgxamrescroogeimcclsxacnxgxamsscrmclgeicmmsxaeenxgxamcmrmsrmgeialbsereanxgxamsoeabscgeicaxsscmbnxgxamsosomemgeimcclosconxgxamrrlbbcegeimcclsoeonxgxamrcraoxsgeimcclsxlcnxgxamrrxsoaageimcclossbnxgxamcscxaesgeimcclsxscnxgxamsmoooeegeimcclsxlenxgxamcbrorxbgeimaecseaenxgxamrcremlrgeimaecsxcbnxgxamsmoooeegeimcclsxoanxgxamclrbcelgeimcclsxlbnxgxamcrbalrageimccloscanxgxamrrobxcageiclsmrbsonxgxamsmmrbmbgeiclsmarsenxgxamsmmrbmbgeiccmmllebnxgxamclarlmmgeimcclsxsbnxgxamrroelrxgeiclsmrbxonxgxamsbebceegeiclsmrbxcnxgxamsbebceegeiclsmarscnxgxamsbebceegeiccmmlmlcnxgxamsbebceegeiclsmarrenxgxamsbebceegeicaormbaonxgxamsbxxbsrgeicaormlrenxgxamcememscgeimcclsxlonxgxamcsmlmxcgeimrblelronxgxamsbremaegeimaecsxobnxgxamsbremaegeiclsmrbrcnxgxamsbroemmgeiclsmrraanxgxamclsslaegeiclsmrmxbnxgxamsbroemmgeimccloscenxgxamrcraoxsgeimcclsxxonxgxamslescrogeimrblelxbnxgxamslescrogeimcclsoeenxgxamclrbcelgeimrblelmonxgxamcxcrasxgeimrbleloenxgxamcxcrasxgeiclsmrrmanxgxamcxabcxbgeiclsmrbeonxgxamcxabcxbgeiclsmrrcenxgxamcxabcxbgeiclsmrmxanxgxamcxabcxbgeiclsmrbxenxgxamcxabcxbgeiclsmaroonxgxamcxabcxbgeialbserxenxgxamcosraregeimcclsxsenxgxamrcraoxsgeimcclsxlanxgxamcblrlbcgeiccmmlleanxgxamccrrssogeicaormlabnxgxamcrllsmageicaormlconxgxamcrllsmageiclsmarsonxgxamclsslaegeiclsmrmlbnxgxamclsslaegeiclsmrmocnxgxamclsslaegeiccmmllecnxgxamclsslaegeimcclsxcanxgxamrceerscgeimrblelcenxgxamclrbcelgeimaecsxrcnxgxamclrbcelgeialbserxonxgxamclarlmmgeimcclosscnxgxamrceerscgeimaecobronxgxamrescroogeimaecobeenxgxamrescroogeimcclosccnxgxamrescroogeimaecoboonxgxamrescroogeimrblxelenxgxamrescroogeimaecsxccnxgxamrcremlrgeimlxbaxlonxgxamrcraoxsgeimlxbaxbanxgxamrcaxocmgeimlxbaxbonxgxamraaxasegeimlxbaxlanxgxamrrobxcageimlxbaxlcnxgxamraobrssgeimlxbaxbcnxgxamrrrsbaageimmcoaalonxgxamrrmmrssgxcceialrexexbnxgxamrrmbceogxcceimblelambnxgxamrrmlssmgxcceimbbcemoancgxamrrboamagxcceialrexeoonxgxamrrbsasegxcceimclsaoxbncgxamrrbsasegxcceimaoobbebnxgxamrrlbxebgxcceimsacexoonxgxamrrlbbcegxcceimlxbaxlenxgxamrrlbbcegeimbbcemobncgxamrrlbbcxgxcceixaoossalnxgxamrrlbbcxgxcceimrxccosonxgxamrrlbbcxgxcceixaoosscrnxgxamrrlblbegxcceimrxccoscnxgxamrrlblbegxcceimbmlselonxgxamraeaoemgxcceimblrcsobnxgxamraebeblgxcceimeembesonxgxamraebeblgxcceimeembecenxgxamraebeblgxcceimxlbmxlcnogxamraebeblgxcceimboslabcnxgxamraebeblgxcceimlxasascnxgxamraxxxecgxcceimxlbmoscnogxamraxroxrgxcceimeembescnsgxamraxroxrgxcceimcssmlrcnsgxamraxlalegxcceimcssmlrenbgxamraoebllgxcceimlxocxobnogxamraoxmbmgxcceimxlbmosonogxamraoxmbmgxcceimlxmrlxenxgxamraoxmbmgxcceimxlbmosanogxamraoxmbmgxcceimxlbmosenogxamraoxmbmgxcceimbscxmxanxgxamraoxmbmgxcceimbscxmobnxgxamraobssmgxcceimxeoxsacnxgxamraobssmgxcceicmarxbbonogxamraobssmgxcceimxlbalscnxgxamraobrssgxcceiallxlmscnxgxamrasoexmgxcceimcssmlronagxamrasoexmgxcceimocbmmaanxgxamrasoexmgxcceimocbmmmenxgxamrasoexmgxcceiocmlslsmnxgxamrasormegxcceimbclraronogxamrassecagxcceimxlbalsbnxgxamrassblsgxcceiceecmorsnxgxamrasmemegxcceimxlbmoconmgxamrasmemegxcceimaooloranxgxamracemrsgxcceimxxerrxenxgxamraaxasegxcceimxxerreanxgxamraaxasegxcce; c-tag=%7B%22tag-banner%22%3A%22v3%7C%7CNOR%7C4891814%7C69830508%7C0%7C%7C508%7C41%7C3%7C40%7C0%7C0%7C0%7C25344%7C0%7C0%7C0%7C1%7C0%7C0%7C0%7C0%7C1%7C0%7C0%7C1%7C63e0913e97bfe2.524013583961040162%7C1cffa26cab9227e1600343a9ffbf0de2%7C0%7Cxfantazy.com%7C%7C%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7Cok%22%7D; __upt=%7B%22v%22%3A1%2C%22id%22%3A%2263e0913e97bfe2.524013583961040162%22%2C%22pcma%22%3A%22%22%2C%22acma%22%3A%22508.029701%22%7D
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
HTTP/1.1 200 OK
Server: nginx
Date: Mon, 06 Feb 2023 05:33:51 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Origin: https://a.realsrv.com
Access-Control-Allow-Credentials: true
Set-Cookie: __upt=%7B%22v%22%3A1%2C%22id%22%3A%2263e0913e97bfe2.524013583961040162%22%2C%22pcma%22%3A%22%22%2C%22acma%22%3A%22508.03940399%22%7D; expires=Wed, 05 Feb 2025 05:33:51 GMT; path=/; domain=.realsrv.com; Secure; SameSite=none
X-Robots-Tag: noindex, follow
Content-Encoding: gzip
s3t3d2y8.afcdn.net/library/475567/1a4cdacc035d7940c3405b77a8aa4a08bf6ff2fb.mp4
206 Partial Content 72 kB URL HTTP/2 s3t3d2y8.afcdn.net/library/475567/1a4cdacc035d7940c3405b77a8aa4a08bf6ff2fb.mp4
IP
ASN #60068 Datacamp Limited
File type ISO Media, MP4 Base Media v1 [ISO 14496-12:2003]\012- data
Hash f9b9f7a17854c52409d44c2dadaf378d
1a4cdacc035d7940c3405b77a8aa4a08bf6ff2fb
0ca6f0f9f6c98b3116c97d377c877173b3dc4fefc0642cd61e7bb57183555b31
GET /library/475567/1a4cdacc035d7940c3405b77a8aa4a08bf6ff2fb.mp4 HTTP/1.1
Host: s3t3d2y8.afcdn.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: video/webm,video/ogg,video/*;q=0.9,application/ogg;q=0.7,audio/*;q=0.6,*/*;q=0.5
Accept-Language: en-US,en;q=0.5
Range: bytes=0-
Connection: keep-alive
Referer: https://a.realsrv.com/
Sec-Fetch-Dest: video
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 206 Partial Content
date: Mon, 06 Feb 2023 05:33:51 GMT
content-type: video/mp4
content-length: 72269
last-modified: Fri, 29 Jan 2021 09:40:16 GMT
etag: "6013d800-11a4d"
expires: Fri, 30 Jun 2023 15:16:38 GMT
cache-control: max-age=31536000
access-control-allow-origin: *
x-cache-op: HIT
x-accel-expires: @1688195255
server: CDN77-Turbo
x-robots-tag: noindex, follow
x-77-nzt: AblMCQ1aXYD/CPQhAQ
x-77-nzt-ray: c0a4cc28cb07c2c73f91e063ce647b07
x-cache: HIT
x-age: 19002376
x-77-pop: stockholmSE
x-77-cache: HIT
content-range: bytes 0-72268/72269
X-Firefox-Spdy: h2
fonts.gstatic.com/s/ubuntu/v20/4iCs6KVjbNBYlgoKfw72.woff2
200 OK 35 kB URL HTTP/2 fonts.gstatic.com/s/ubuntu/v20/4iCs6KVjbNBYlgoKfw72.woff2
IP
File type Web Open Font Format (Version 2), TrueType, length 34852, version 1.0\012- data
Hash 0e8eefb4549a2edf26c560cb9845952e
8d0b1718aacad934fd0043c87cbc54aa091396bf
7f653b3ce9d3277457fc6da4edb246ae2f6c913f088c42dcb8cd2e96267aa21a
GET /s/ubuntu/v20/4iCs6KVjbNBYlgoKfw72.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://ads.adxadserv.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 34852
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Mon, 06 Feb 2023 00:48:40 GMT
expires: Tue, 06 Feb 2024 00:48:40 GMT
cache-control: public, max-age=31536000
age: 17111
last-modified: Wed, 27 Apr 2022 16:31:23 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
a.naturalhealthsource.club/api/spots/303894?p=1&s1=%subid1%&kw=
200 OK 76 kB URL HTTP/2 a.naturalhealthsource.club/api/spots/303894?p=1&s1=%subid1%&kw=
IP
ASN #24940 Hetzner Online GmbH
Hash 3b61140c1678f187cda48a99547e625d
5688dd53243ae412a4e684f111cc8b9f8372132a
fefe8fbabf2749e85754297fd4b883902a7ac0078da2ee71ee45286ad831d488
GET /api/spots/303894?p=1&s1=%subid1%&kw= HTTP/1.1
Host: a.naturalhealthsource.club
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Cookie: nauid=KvXNypSNdxFKThmzsNz3
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Mon, 06 Feb 2023 05:33:50 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
cache-control: private
content-encoding: gzip
X-Firefox-Spdy: h2
s3t3d2y8.afcdn.net/library/759202/f72869e4bd197ef9893235f814688df859ec2897.webp
200 OK 6.6 kB URL HTTP/2 s3t3d2y8.afcdn.net/library/759202/f72869e4bd197ef9893235f814688df859ec2897.webp
IP
ASN #60068 Datacamp Limited
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 300x300, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash e02c2c5b08ffad9dbb8a645fbd759d7a
f72869e4bd197ef9893235f814688df859ec2897
736653c2e46389e17dfd30e6d9b43c7651e72789b37470c7aabbc1e8d6acccaf
GET /library/759202/f72869e4bd197ef9893235f814688df859ec2897.webp HTTP/1.1
Host: s3t3d2y8.afcdn.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://a.naturalhealthsource.club/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Mon, 06 Feb 2023 05:33:51 GMT
content-type: image/webp
content-length: 6562
last-modified: Thu, 04 Nov 2021 11:46:24 GMT
etag: "6183c810-19a2"
expires: Tue, 24 Oct 2023 14:40:02 GMT
cache-control: max-age=31536000
access-control-allow-origin: *
x-robots-tag: noindex, follow
x-cache-op: HIT
x-accel-expires: @1699449868
server: CDN77-Turbo
x-77-nzt: AblMCQ2eIw7/szh2AA
x-77-nzt-ray: c0a4cc28cb07c2c73f91e063d0aee207
x-cache: HIT
x-age: 7747763
x-77-pop: stockholmSE
x-77-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
s3t3d2y8.afcdn.net/library/428515/f4582915e9ac31378694e3acecf2ac76cbfd7ea0.webp
200 OK 6.9 kB URL HTTP/2 s3t3d2y8.afcdn.net/library/428515/f4582915e9ac31378694e3acecf2ac76cbfd7ea0.webp
IP
ASN #60068 Datacamp Limited
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 300x300, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash 4e0b4d226a16168e5113ff51b43c576a
f4582915e9ac31378694e3acecf2ac76cbfd7ea0
24dc5c7dfbe999f898ce02cfc6d94721a5a21f1500ef899f0ac0d426ec4b317b
GET /library/428515/f4582915e9ac31378694e3acecf2ac76cbfd7ea0.webp HTTP/1.1
Host: s3t3d2y8.afcdn.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://a.naturalhealthsource.club/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Mon, 06 Feb 2023 05:33:51 GMT
content-type: image/webp
content-length: 6892
last-modified: Thu, 04 Nov 2021 11:05:58 GMT
etag: "6183be96-1aec"
expires: Fri, 30 Jun 2023 15:13:02 GMT
cache-control: max-age=31536000
access-control-allow-origin: *
x-cache-op: HIT
x-accel-expires: @1688195267
server: CDN77-Turbo
x-robots-tag: noindex, follow
x-77-nzt: AblMCQ0Up/z//PMhAQ
x-77-nzt-ray: c0a4cc28cb07c2c73f91e063173ae607
x-cache: HIT
x-age: 19002364
x-77-pop: stockholmSE
x-77-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
s3t3d2y8.afcdn.net/library/358224/645954c6340a11acad16ac625690ab072306ce20.webp
200 OK 7.2 kB URL HTTP/2 s3t3d2y8.afcdn.net/library/358224/645954c6340a11acad16ac625690ab072306ce20.webp
IP
ASN #60068 Datacamp Limited
File type gzip compressed data, max compression\012- data
Hash 3e5571290a33c888df083187d85c135d
fb39695762f2fd8072ab01edb77bc553a5c3eaff
0cd147afe6c8809723c8eb6e64a6056a97aa091b4c1a8a5f8efe84def808c8ff
GET /library/358224/645954c6340a11acad16ac625690ab072306ce20.webp HTTP/1.1
Host: s3t3d2y8.afcdn.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://a.naturalhealthsource.club/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Mon, 06 Feb 2023 05:33:51 GMT
content-type: image/webp
content-length: 6704
last-modified: Mon, 23 Jan 2023 17:14:04 GMT
etag: "63cec05c-1a30"
expires: Wed, 24 Jan 2024 14:37:42 GMT
cache-control: max-age=31536000
access-control-allow-origin: *
x-robots-tag: noindex, follow
x-cache-op: HIT
x-accel-expires: @1706805899
server: CDN77-Turbo
x-77-nzt: AblMCQ3LQ5b/NPoFAA
x-77-nzt-ray: c0a4cc28cb07c2c73f91e06301ebf707
x-cache: HIT
x-age: 391732
x-77-pop: stockholmSE
x-77-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
s3t3d2y8.afcdn.net/library/759202/cd02c9fbef3622b4ead82aec2dc490e7f11c3e42.webp
200 OK 11 kB URL HTTP/2 s3t3d2y8.afcdn.net/library/759202/cd02c9fbef3622b4ead82aec2dc490e7f11c3e42.webp
IP
ASN #60068 Datacamp Limited
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 300x300, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash e013eb1fd6cafd3a64a5ff5865a61cc7
cd02c9fbef3622b4ead82aec2dc490e7f11c3e42
1bf220f6be4aaeeafc1a8078542d162682d8bb7be6f329829d7545659f843587
GET /library/759202/cd02c9fbef3622b4ead82aec2dc490e7f11c3e42.webp HTTP/1.1
Host: s3t3d2y8.afcdn.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://a.naturalhealthsource.club/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Mon, 06 Feb 2023 05:33:51 GMT
content-type: image/webp
content-length: 10906
last-modified: Thu, 04 Nov 2021 11:46:24 GMT
etag: "6183c810-2a9a"
expires: Wed, 25 Oct 2023 08:11:00 GMT
cache-control: max-age=31536000
access-control-allow-origin: *
x-robots-tag: noindex, follow
x-cache-op: HIT
x-accel-expires: @1699450226
server: CDN77-Turbo
x-77-nzt: AblMCQ3Qmtb/TTd2AA
x-77-nzt-ray: c0a4cc28cb07c2c73f91e063ec217c08
x-cache: HIT
x-age: 7747405
x-77-pop: stockholmSE
x-77-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
ocsp.digicert.com/
200 OK 279 B IP
Hash 7c6b2d43ac060649aaeab68d229fe829
dcae61162862c7fbff6295c6957aa4c9878fbded
c24553e307b512025b534e297ea68aeffb43cb5ce7f467edacf1eb913db5816c
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5496
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Mon, 06 Feb 2023 05:33:51 GMT
Last-Modified: Mon, 06 Feb 2023 04:02:15 GMT
Server: ECS (ska/F704)
X-Cache: HIT
Content-Length: 279
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 1a6be80975976fb330ff930d5c15ca8b
813e7cd6a5ab7f5f9bd3db940aebf6b9c28ee105
ede8dc96587825438b7aebf0e41ca71fe43b2221fcf9e20e49e8bc9e93c22230
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "EDE8DC96587825438B7AEBF0E41CA71FE43B2221FCF9E20E49E8BC9E93C22230"
Last-Modified: Sat, 04 Feb 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6763
Expires: Mon, 06 Feb 2023 07:26:34 GMT
Date: Mon, 06 Feb 2023 05:33:51 GMT
Connection: keep-alive
ocsp.digicert.com/
200 OK 279 B IP
Hash 7c6b2d43ac060649aaeab68d229fe829
dcae61162862c7fbff6295c6957aa4c9878fbded
c24553e307b512025b534e297ea68aeffb43cb5ce7f467edacf1eb913db5816c
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5496
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Mon, 06 Feb 2023 05:33:51 GMT
Last-Modified: Mon, 06 Feb 2023 04:02:15 GMT
Server: ECS (ska/F704)
X-Cache: HIT
Content-Length: 279
adxadserv.com/ascripts/pxl.js
200 OK 78 kB URL HTTP/1.1 adxadserv.com/ascripts/pxl.js
IP
ASN #39572 DataWeb Global Group B.V.
File type Unicode text, UTF-8 text, with very long lines (36114)
Hash 8348b78d100940ba1808a8e9b93f2e94
c2aa612dc3256c9f235dcfc6e330d0ecaf957768
9c983adf86ebc949957bdf55d524dfa278a79bea8d13f2efa9512c6dd37b86f5
GET /ascripts/pxl.js HTTP/1.1
Host: adxadserv.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ads.adxadserv.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
HTTP/1.1 200 OK
Server: nginx/1.20.1
Date: Mon, 06 Feb 2023 05:33:51 GMT
Content-Type: application/javascript
Content-Length: 77806
Connection: keep-alive
Last-Modified: Fri, 25 Sep 2020 09:55:25 GMT
ETag: "5f6dbe8d-12fee"
Expires: Mon, 06 Feb 2023 08:34:14 GMT
Cache-Control: max-age=86400, public
X-77-NZT: AblMCgEgZp//OScBAA
X-77-NZT-Ray: 382b0f1910ed975f3f91e0638d276011
X-Cache: HIT
X-Age: 75577
X-77-POP: amsterdamNL
X-77-Cache: HIT
Accept-Ranges: bytes
ocsp.digicert.com/
200 OK 2.4 kB IP
Hash 3f78a3994cc5391d200fe2aa84112bac
6f01616df280d3f5e981d61654fdc5bf99794e25
fc15b494d8c229268947c3904135e146d3304d6bbb573e52f4737d98e8f85113
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5957
Cache-Control: max-age=159486
Content-Type: application/ocsp-response
Date: Mon, 06 Feb 2023 05:33:51 GMT
Etag: "63e045f8-139"
Expires: Wed, 08 Feb 2023 01:51:57 GMT
Last-Modified: Mon, 06 Feb 2023 00:12:40 GMT
Server: ECS (ska/F704)
X-Cache: HIT
Content-Length: 313
a.naturalhealthsource.club/zRdVuw7.js
200 OK 55 kB URL HTTP/2 a.naturalhealthsource.club/zRdVuw7.js
IP
ASN #24940 Hetzner Online GmbH
Hash dfc1de05d0580f0afcfee46923696e31
ff2f895bb41f9651b70b9e49beb2953ce7c9ca6a
3cbf7287ef911dba0d798ac52a2fa5f8b4092b76cd48fadeb5bb022ea52a2ed2
Analyzer Verdict Alert fortinet Malware
GET /zRdVuw7.js HTTP/1.1
Host: a.naturalhealthsource.club
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Mon, 06 Feb 2023 05:33:47 GMT
content-type: application/javascript
last-modified: Thu, 02 Feb 2023 11:45:01 GMT
etag: W/"63dba23d-2a581"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000, public
vary: Accept-Encoding, Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 0d795eafd076030e534112fa223d138a.cloudfront.net (CloudFront)
x-amz-cf-pop: ARN54-C1
alt-svc: h3=":443"; ma=86400
x-amz-cf-id: SrI2BRjABKWOdt7VqFs61W-EHPLn6wYJvjf4JPAUBOfirt5z5wnQ5g==
age: 193
x-frame-options: DENY
x-content-type-options: nosniff
content-encoding: gzip
X-Firefox-Spdy: h2
a.realsrv.com/ad-provider.js
200 OK 89 kB URL HTTP/2 a.realsrv.com/ad-provider.js
IP
ASN #60068 Datacamp Limited
Hash c8b8ff0d01575730a18cd8e3476823cb
05d498638548efbf64470f9b78eef44bb0b692b2
86bfa6cc7e27d467881d0f70a887155f003c51f4138914ab5568eff7e7607bfd
GET /ad-provider.js HTTP/1.1
Host: a.realsrv.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://a.realsrv.com/iframe.php?idzone=4891806&size=300x250
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Mon, 06 Feb 2023 05:33:50 GMT
content-type: application/javascript
etag: W/"e2bbca1c479226a45392909d6a4"
expires: Thu, 02 Feb 2023 18:45:28 GMT
cache-control: max-age=10800
access-control-allow-origin: *
x-cache-op: HIT
x-accel-expires: @1675666028
server: CDN77-Turbo
x-77-nzt: AblMCRSr25z/AhkAAA
x-77-nzt-ray: af58563057a7f6b93e91e06329ae8626
x-cache: HIT
x-age: 6402
x-77-pop: stockholmSE
x-77-cache: HIT
content-encoding: gzip
X-Firefox-Spdy: h2
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 96bf883224af83c2b3fae693a1a365eb
ac0765a72b9a795b35aee592bd3b0b652ff6e167
5956f346e1833a9c6827520e562ffd139a8d8e453d99cae6de3b317253f5a53a
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "5956F346E1833A9C6827520E562FFD139A8D8E453D99CAE6DE3B317253F5A53A"
Last-Modified: Sun, 05 Feb 2023 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12680
Expires: Mon, 06 Feb 2023 09:05:11 GMT
Date: Mon, 06 Feb 2023 05:33:51 GMT
Connection: keep-alive
adxadserv.com/px/event/v1?e_t=pageview&url=https%253A%252F%252Fads.adxadserv.com%252Fad%253Fspotid%253D636bc5d561d6e27071201a23%2526type%253D300x250%2526output%253Dhtml&ref=https%253A%252F%252Fxfantazy.com%252F&d_r=1&d_s=1280x1024&d_w=300x250&t_s=1675661674118&t_i=1675661674703&u_tz=0&u_l=en-US&u_l2=&u_l3=&pv_uid=9b193981-71f7-4aea-8964-efba4a245905&nav_rc=0&nav_nt=NAVIGATE&p_nn=adxad-rtb&p_pt=IFRAME&imid=d5ea7f67-a5df-11ed-a8d4-52ca5d2668e1&spid=636bc5d561d6e27071201a23&fpid_sa=1675661674703&fpid=&feid_sa=1675661674703&sid_sa=1675661674703&feid=55117de1d4a4cff1d3cf3b2e53c2cd3d&sid=a6d7de58f4c03edb0f869911c744cedb&u_adb=0&vn=T-0.1.1&utm_typ=referral&utm_src=xfantazy.com&s_rst=1&e_d=%7B%22isResetRequired%22%3Atrue%7D&t_op=0.344
200 OK 0 B URL HTTP/1.1 adxadserv.com/px/event/v1?e_t=pageview&url=https%253A%252F%252Fads.adxadserv.com%252Fad%253Fspotid%253D636bc5d561d6e27071201a23%2526type%253D300x250%2526output%253Dhtml&ref=https%253A%252F%252Fxfantazy.com%252F&d_r=1&d_s=1280x1024&d_w=300x250&t_s=1675661674118&t_i=1675661674703&u_tz=0&u_l=en-US&u_l2=&u_l3=&pv_uid=9b193981-71f7-4aea-8964-efba4a245905&nav_rc=0&nav_nt=NAVIGATE&p_nn=adxad-rtb&p_pt=IFRAME&imid=d5ea7f67-a5df-11ed-a8d4-52ca5d2668e1&spid=636bc5d561d6e27071201a23&fpid_sa=1675661674703&fpid=&feid_sa=1675661674703&sid_sa=1675661674703&feid=55117de1d4a4cff1d3cf3b2e53c2cd3d&sid=a6d7de58f4c03edb0f869911c744cedb&u_adb=0&vn=T-0.1.1&utm_typ=referral&utm_src=xfantazy.com&s_rst=1&e_d=%7B%22isResetRequired%22%3Atrue%7D&t_op=0.344
IP
ASN #39572 DataWeb Global Group B.V.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /px/event/v1?e_t=pageview&url=https%253A%252F%252Fads.adxadserv.com%252Fad%253Fspotid%253D636bc5d561d6e27071201a23%2526type%253D300x250%2526output%253Dhtml&ref=https%253A%252F%252Fxfantazy.com%252F&d_r=1&d_s=1280x1024&d_w=300x250&t_s=1675661674118&t_i=1675661674703&u_tz=0&u_l=en-US&u_l2=&u_l3=&pv_uid=9b193981-71f7-4aea-8964-efba4a245905&nav_rc=0&nav_nt=NAVIGATE&p_nn=adxad-rtb&p_pt=IFRAME&imid=d5ea7f67-a5df-11ed-a8d4-52ca5d2668e1&spid=636bc5d561d6e27071201a23&fpid_sa=1675661674703&fpid=&feid_sa=1675661674703&sid_sa=1675661674703&feid=55117de1d4a4cff1d3cf3b2e53c2cd3d&sid=a6d7de58f4c03edb0f869911c744cedb&u_adb=0&vn=T-0.1.1&utm_typ=referral&utm_src=xfantazy.com&s_rst=1&e_d=%7B%22isResetRequired%22%3Atrue%7D&t_op=0.344 HTTP/1.1
Host: adxadserv.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ads.adxadserv.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
HTTP/1.1 200 OK
Server: nginx/1.20.1
Date: Mon, 06 Feb 2023 05:33:51 GMT
Content-Length: 0
Connection: keep-alive
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 7229503aaa15c07cf90c8bb32404dda7
17df85e6283bfe2b2adc8299dfc13fae82016618
db3637ab8eee1f75495fc1545273cdecb10e493b7e3d8cf98d88052413c2341d
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "DB3637AB8EEE1F75495FC1545273CDECB10E493B7E3D8CF98D88052413C2341D"
Last-Modified: Sun, 05 Feb 2023 15:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7856
Expires: Mon, 06 Feb 2023 07:44:47 GMT
Date: Mon, 06 Feb 2023 05:33:51 GMT
Connection: keep-alive
fp.metricswpsh.com/fp?tag_id=67059
204 No Content 0 B URL HTTP/1.1 fp.metricswpsh.com/fp?tag_id=67059
IP
ASN #24940 Hetzner Online GmbH
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
OPTIONS /fp?tag_id=67059 HTTP/1.1
Host: fp.metricswpsh.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: https://a.naturalhealthsource.club/
Origin: https://a.naturalhealthsource.club
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 204 No Content
Server: nginx/1.20.1
Date: Mon, 06 Feb 2023 05:33:51 GMT
Connection: keep-alive
Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: content-type
Access-Control-Allow-Methods: GET,HEAD,PUT,PATCH,POST,DELETE
Access-Control-Allow-Origin: https://a.naturalhealthsource.club
Vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
ocsp.digicert.com/
200 OK 313 B IP
Hash c2fb418871dd94b78b323d3e1f4ce083
28625d985ce3e14f0da52e2ceebfd1d47dcc02be
f048c2327df9ace61d7d91bf8eaffe8529799806dc436bf78e13005babfdd7ac
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5957
Cache-Control: max-age=159486
Content-Type: application/ocsp-response
Date: Mon, 06 Feb 2023 05:33:51 GMT
Etag: "63e045f8-139"
Expires: Wed, 08 Feb 2023 01:51:57 GMT
Last-Modified: Mon, 06 Feb 2023 00:12:40 GMT
Server: ECS (ska/F704)
X-Cache: HIT
Content-Length: 313
0d318b1de7.5eb6d14cbe.com/in/track?data=eyJ3bCI6MSwic3ViaWQiOjAsInVzZXJfaWQiOiI1MzE3MjUyMDc2NzgxNTUyMDAwIiwidGltZXpvbmUiOjAsInZlciI6IjMuMjIuMCIsInRhZ19pZCI6NjcwNTksInNjcmVlbl9yZXNvbHV0aW9uIjoiMTI4MHgxMDI0IiwiYWRibG9jayI6MCwidGltZXpvbmVfb2xzb24iOiJVVEMiLCJ1dG1fc291cmNlIjoiIiwidXRtX21lZGl1bSI6IiIsInV0bV9jYW1wYWlnbiI6IiIsInV0bV9jb250ZW50IjoiIiwibW0iOjAsImluaXRfc3RhcnRfbGF0ZW5jeSI6MC42NSwiaXNfdjIiOjAsImlzX3YyX2VtcHR5IjowLCJ1c2VyX2tleXdvcmRzIjoiIn0=
200 OK 0 B URL HTTP/2 0d318b1de7.5eb6d14cbe.com/in/track?data=eyJ3bCI6MSwic3ViaWQiOjAsInVzZXJfaWQiOiI1MzE3MjUyMDc2NzgxNTUyMDAwIiwidGltZXpvbmUiOjAsInZlciI6IjMuMjIuMCIsInRhZ19pZCI6NjcwNTksInNjcmVlbl9yZXNvbHV0aW9uIjoiMTI4MHgxMDI0IiwiYWRibG9jayI6MCwidGltZXpvbmVfb2xzb24iOiJVVEMiLCJ1dG1fc291cmNlIjoiIiwidXRtX21lZGl1bSI6IiIsInV0bV9jYW1wYWlnbiI6IiIsInV0bV9jb250ZW50IjoiIiwibW0iOjAsImluaXRfc3RhcnRfbGF0ZW5jeSI6MC42NSwiaXNfdjIiOjAsImlzX3YyX2VtcHR5IjowLCJ1c2VyX2tleXdvcmRzIjoiIn0=
IP
ASN #39572 DataWeb Global Group B.V.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /in/track?data=eyJ3bCI6MSwic3ViaWQiOjAsInVzZXJfaWQiOiI1MzE3MjUyMDc2NzgxNTUyMDAwIiwidGltZXpvbmUiOjAsInZlciI6IjMuMjIuMCIsInRhZ19pZCI6NjcwNTksInNjcmVlbl9yZXNvbHV0aW9uIjoiMTI4MHgxMDI0IiwiYWRibG9jayI6MCwidGltZXpvbmVfb2xzb24iOiJVVEMiLCJ1dG1fc291cmNlIjoiIiwidXRtX21lZGl1bSI6IiIsInV0bV9jYW1wYWlnbiI6IiIsInV0bV9jb250ZW50IjoiIiwibW0iOjAsImluaXRfc3RhcnRfbGF0ZW5jeSI6MC42NSwiaXNfdjIiOjAsImlzX3YyX2VtcHR5IjowLCJ1c2VyX2tleXdvcmRzIjoiIn0= HTTP/1.1
Host: 0d318b1de7.5eb6d14cbe.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://a.naturalhealthsource.club
Connection: keep-alive
Referer: https://a.naturalhealthsource.club/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Mon, 06 Feb 2023 05:33:51 GMT
content-length: 0
server: nginx/1.18.0
vary: Origin
cache-control: no-transform, no-cache, no-store, must-revalidate
pragma: no-cache
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: *
X-Firefox-Spdy: h2
0d318b1de7.5eb6d14cbe.com/in/track?data=eyJ3bCI6MSwic3ViaWQiOjAsInVzZXJfaWQiOiI1MzE3MjUyMDc2NzgxNTUyMDAwIiwidGltZXpvbmUiOjAsInZlciI6IjMuMjIuMCIsInRhZ19pZCI6NjcwNTksInNjcmVlbl9yZXNvbHV0aW9uIjoiMTI4MHgxMDI0IiwiYWRibG9jayI6MCwidGltZXpvbmVfb2xzb24iOiJVVEMiLCJ1dG1fc291cmNlIjoiIiwidXRtX21lZGl1bSI6IiIsInV0bV9jYW1wYWlnbiI6IiIsInV0bV9jb250ZW50IjoiIiwibW0iOjAsImluaXRfc3RhcnRfbGF0ZW5jeSI6MC41MywiaXNfdjIiOjAsImlzX3YyX2VtcHR5IjowLCJ1c2VyX2tleXdvcmRzIjoiIn0=
200 OK 0 B URL HTTP/2 0d318b1de7.5eb6d14cbe.com/in/track?data=eyJ3bCI6MSwic3ViaWQiOjAsInVzZXJfaWQiOiI1MzE3MjUyMDc2NzgxNTUyMDAwIiwidGltZXpvbmUiOjAsInZlciI6IjMuMjIuMCIsInRhZ19pZCI6NjcwNTksInNjcmVlbl9yZXNvbHV0aW9uIjoiMTI4MHgxMDI0IiwiYWRibG9jayI6MCwidGltZXpvbmVfb2xzb24iOiJVVEMiLCJ1dG1fc291cmNlIjoiIiwidXRtX21lZGl1bSI6IiIsInV0bV9jYW1wYWlnbiI6IiIsInV0bV9jb250ZW50IjoiIiwibW0iOjAsImluaXRfc3RhcnRfbGF0ZW5jeSI6MC41MywiaXNfdjIiOjAsImlzX3YyX2VtcHR5IjowLCJ1c2VyX2tleXdvcmRzIjoiIn0=
IP
ASN #39572 DataWeb Global Group B.V.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /in/track?data=eyJ3bCI6MSwic3ViaWQiOjAsInVzZXJfaWQiOiI1MzE3MjUyMDc2NzgxNTUyMDAwIiwidGltZXpvbmUiOjAsInZlciI6IjMuMjIuMCIsInRhZ19pZCI6NjcwNTksInNjcmVlbl9yZXNvbHV0aW9uIjoiMTI4MHgxMDI0IiwiYWRibG9jayI6MCwidGltZXpvbmVfb2xzb24iOiJVVEMiLCJ1dG1fc291cmNlIjoiIiwidXRtX21lZGl1bSI6IiIsInV0bV9jYW1wYWlnbiI6IiIsInV0bV9jb250ZW50IjoiIiwibW0iOjAsImluaXRfc3RhcnRfbGF0ZW5jeSI6MC41MywiaXNfdjIiOjAsImlzX3YyX2VtcHR5IjowLCJ1c2VyX2tleXdvcmRzIjoiIn0= HTTP/1.1
Host: 0d318b1de7.5eb6d14cbe.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://a.naturalhealthsource.club
Connection: keep-alive
Referer: https://a.naturalhealthsource.club/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Mon, 06 Feb 2023 05:33:51 GMT
content-length: 0
server: nginx/1.18.0
vary: Origin
cache-control: no-transform, no-cache, no-store, must-revalidate
pragma: no-cache
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: *
X-Firefox-Spdy: h2
ocsp.pki.goog/s/gts1p5/JOSWRLamYCo
200 OK 472 B URL HTTP/1.1 ocsp.pki.goog/s/gts1p5/JOSWRLamYCo
IP
Hash 90d37506e6a63a3f9602ecd70ef2fbbd
a3fc74289c97c2fd49d3e191fac209e7c865dc69
398d2d7b2633e90bd0f415e3c6f6d995e5ead58bd7b7241408e77e9d06ef2d71
POST /s/gts1p5/JOSWRLamYCo HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 06 Feb 2023 05:33:51 GMT
Cache-Control: public, max-age=14400
Server: scaffolding on HTTPServer2
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
fp.metricswpsh.com/fp?tag_id=67059
204 No Content 0 B URL HTTP/1.1 fp.metricswpsh.com/fp?tag_id=67059
IP
ASN #24940 Hetzner Online GmbH
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
OPTIONS /fp?tag_id=67059 HTTP/1.1
Host: fp.metricswpsh.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: https://a.naturalhealthsource.club/
Origin: https://a.naturalhealthsource.club
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 204 No Content
Server: nginx/1.20.1
Date: Mon, 06 Feb 2023 05:33:51 GMT
Connection: keep-alive
Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: content-type
Access-Control-Allow-Methods: GET,HEAD,PUT,PATCH,POST,DELETE
Access-Control-Allow-Origin: https://a.naturalhealthsource.club
Vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 28722a81dd6194f41bee4e8714bd4af3
181ca47fb7d681257ceae92c3af80ed0f8798088
13d9f4e4a5e2ea847b2593614f3c1cda45bfe22913b3f76dcbefddb50c94b532
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "13D9F4E4A5E2EA847B2593614F3C1CDA45BFE22913B3F76DCBEFDDB50C94B532"
Last-Modified: Sun, 05 Feb 2023 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=17424
Expires: Mon, 06 Feb 2023 10:24:15 GMT
Date: Mon, 06 Feb 2023 05:33:51 GMT
Connection: keep-alive
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 28722a81dd6194f41bee4e8714bd4af3
181ca47fb7d681257ceae92c3af80ed0f8798088
13d9f4e4a5e2ea847b2593614f3c1cda45bfe22913b3f76dcbefddb50c94b532
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "13D9F4E4A5E2EA847B2593614F3C1CDA45BFE22913B3F76DCBEFDDB50C94B532"
Last-Modified: Sun, 05 Feb 2023 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=17424
Expires: Mon, 06 Feb 2023 10:24:15 GMT
Date: Mon, 06 Feb 2023 05:33:51 GMT
Connection: keep-alive
fp.metricswpsh.com/fp?tag_id=67059
200 OK 27 B URL HTTP/1.1 fp.metricswpsh.com/fp?tag_id=67059
IP
ASN #24940 Hetzner Online GmbH
File type JSON data\012- , ASCII text
Hash 893fd00d21cb2eafe2596e686ceaa7fd
5264446ff184115148de18a8885471fc116dd20f
b00f2b2b4f9190facc972e354768684fdc04f94d78bd9fac3050911bca41183f
POST /fp?tag_id=67059 HTTP/1.1
Host: fp.metricswpsh.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json;charset=utf-8
Content-Length: 22287
Origin: https://a.naturalhealthsource.club
Connection: keep-alive
Referer: https://a.naturalhealthsource.club/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.20.1
Date: Mon, 06 Feb 2023 05:33:51 GMT
Content-Type: application/json; charset=UTF-8
Content-Length: 27
Connection: keep-alive
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: https://a.naturalhealthsource.club
Set-Cookie: id=6423745951022718708; Expires=Tue, 06 Feb 2024 05:33:51 GMT; Secure; SameSite=None
Vary: Origin
creative.xlirdr.com/widgets/v4/Universal/?actionButtonPlacement=bottom&buttonColor=&campaignId=banner2609start&creativeId=300x250&domain=stripchat&hideButtonOnSmallSpots=1&hideModelNameOnSmallSpots=0&hideTitleOnSmallSpots=1&isXhDesign=0&liveBadgeColor=%2324d7d7&modelsCountry=&modelsLanguage=&showButton=1&showLiveBadge=1&showModelName=1&showTitle=0&sound=off&sourceId=xfanta&tag=females&targetDomain=&thumbSizeKey=small&trackOff=1&userId=b47aedc2c088e2f21e0cc23e0318384c557941461efdbc48212e7282df45f2f4
200 OK 781 B URL HTTP/2 creative.xlirdr.com/widgets/v4/Universal/?actionButtonPlacement=bottom&buttonColor=&campaignId=banner2609start&creativeId=300x250&domain=stripchat&hideButtonOnSmallSpots=1&hideModelNameOnSmallSpots=0&hideTitleOnSmallSpots=1&isXhDesign=0&liveBadgeColor=%2324d7d7&modelsCountry=&modelsLanguage=&showButton=1&showLiveBadge=1&showModelName=1&showTitle=0&sound=off&sourceId=xfanta&tag=females&targetDomain=&thumbSizeKey=small&trackOff=1&userId=b47aedc2c088e2f21e0cc23e0318384c557941461efdbc48212e7282df45f2f4
IP
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash 9f08785c3808e004c1484e7f5f50a2a4
34b3e7bc42ce22c89cd8f30c897709f7fd922701
39690477f0f1d0445128ad2cd9da73058dd0cc21c3b21e200c266bcaa1428a4a
GET /widgets/v4/Universal/?actionButtonPlacement=bottom&buttonColor=&campaignId=banner2609start&creativeId=300x250&domain=stripchat&hideButtonOnSmallSpots=1&hideModelNameOnSmallSpots=0&hideTitleOnSmallSpots=1&isXhDesign=0&liveBadgeColor=%2324d7d7&modelsCountry=&modelsLanguage=&showButton=1&showLiveBadge=1&showModelName=1&showTitle=0&sound=off&sourceId=xfanta&tag=females&targetDomain=&thumbSizeKey=small&trackOff=1&userId=b47aedc2c088e2f21e0cc23e0318384c557941461efdbc48212e7282df45f2f4 HTTP/1.1
Host: creative.xlirdr.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://cams.gratis/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Mon, 06 Feb 2023 05:33:51 GMT
content-type: text/html
last-modified: Tue, 31 Jan 2023 09:49:21 GMT
expires: Mon, 06 Feb 2023 05:33:51 GMT
cache-control: max-age=10
strict-transport-security: max-age=15768000
pragma: public
report-to: { "endpoints":[{ "url": "https://go.stripchat.com/report" }], "group": "default", "max_age": 1048576 }
cf-cache-status: HIT
age: 8
vary: Accept-Encoding
server: cloudflare
cf-ray: 7951836ce986b4f3-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
rtbrennab.com/banner/in/show/?mid=2998328479824020488&pid=0&site=4700&sc=NO&usage_type=DCH&subid=101329735&sid=0&cid=10461&price=0&is_cpm=1&cpm=0.004&ecpm=0.0033296000000000003&crid=&crtid=d41d8cd98f00b204e9800998ecf8427e&tcid=0&out_id=&ver=&ver_c=&refdom=a.naturalhealthsource.club&hostname=auc-banner-hz-3&site_id=0&spot_id=0&utm_source=tcban_i&utm_medium=4700&utm_campaign=19775&utm_content=&expiration_timestamp=0&created_at=0000-00-00&is_native=6&auction_queue=0&pop_winurl=&ip=91.90.42.154&testab=&px_id=0&adblock=0&auction_host=&mm=&yc=&render_type=&campaign_type=&uniq=&exp=&resp_type=a2&iabcat=IAB24&min_cpm=0.0001201345506967804&placement_type_id=0&skin_test=&verify_hash=&score=1&ml=&tag_ab=&v2=0&ttl=&space_id=859&banner_width=300&banner_height=250&accel=0&gyr=0&iabcat=IAB24&url=https%3A%2F%2Fpreroll.hostave3.net%2Fnotifications%2Fzeropixel.png&pr=&bid_crid=&bid_cid=&is_iframe=0&ad_tags=&stratagem=&ssp=3758&refresh=0
302 Found 0 B URL HTTP/2 rtbrennab.com/banner/in/show/?mid=2998328479824020488&pid=0&site=4700&sc=NO&usage_type=DCH&subid=101329735&sid=0&cid=10461&price=0&is_cpm=1&cpm=0.004&ecpm=0.0033296000000000003&crid=&crtid=d41d8cd98f00b204e9800998ecf8427e&tcid=0&out_id=&ver=&ver_c=&refdom=a.naturalhealthsource.club&hostname=auc-banner-hz-3&site_id=0&spot_id=0&utm_source=tcban_i&utm_medium=4700&utm_campaign=19775&utm_content=&expiration_timestamp=0&created_at=0000-00-00&is_native=6&auction_queue=0&pop_winurl=&ip=91.90.42.154&testab=&px_id=0&adblock=0&auction_host=&mm=&yc=&render_type=&campaign_type=&uniq=&exp=&resp_type=a2&iabcat=IAB24&min_cpm=0.0001201345506967804&placement_type_id=0&skin_test=&verify_hash=&score=1&ml=&tag_ab=&v2=0&ttl=&space_id=859&banner_width=300&banner_height=250&accel=0&gyr=0&iabcat=IAB24&url=https%3A%2F%2Fpreroll.hostave3.net%2Fnotifications%2Fzeropixel.png&pr=&bid_crid=&bid_cid=&is_iframe=0&ad_tags=&stratagem=&ssp=3758&refresh=0
IP
ASN #24940 Hetzner Online GmbH
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /banner/in/show/?mid=2998328479824020488&pid=0&site=4700&sc=NO&usage_type=DCH&subid=101329735&sid=0&cid=10461&price=0&is_cpm=1&cpm=0.004&ecpm=0.0033296000000000003&crid=&crtid=d41d8cd98f00b204e9800998ecf8427e&tcid=0&out_id=&ver=&ver_c=&refdom=a.naturalhealthsource.club&hostname=auc-banner-hz-3&site_id=0&spot_id=0&utm_source=tcban_i&utm_medium=4700&utm_campaign=19775&utm_content=&expiration_timestamp=0&created_at=0000-00-00&is_native=6&auction_queue=0&pop_winurl=&ip=91.90.42.154&testab=&px_id=0&adblock=0&auction_host=&mm=&yc=&render_type=&campaign_type=&uniq=&exp=&resp_type=a2&iabcat=IAB24&min_cpm=0.0001201345506967804&placement_type_id=0&skin_test=&verify_hash=&score=1&ml=&tag_ab=&v2=0&ttl=&space_id=859&banner_width=300&banner_height=250&accel=0&gyr=0&iabcat=IAB24&url=https%3A%2F%2Fpreroll.hostave3.net%2Fnotifications%2Fzeropixel.png&pr=&bid_crid=&bid_cid=&is_iframe=0&ad_tags=&stratagem=&ssp=3758&refresh=0 HTTP/1.1
Host: rtbrennab.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://rtbbnr.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 302 Found
server: nginx/1.18.0
date: Mon, 06 Feb 2023 05:33:51 GMT
content-length: 0
vary: Origin
cache-control: no-transform, no-cache, no-store, must-revalidate
pragma: no-cache
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: *
location: https://preroll.hostave3.net/notifications/zeropixel.png
X-Firefox-Spdy: h2
ocsp.pki.goog/s/gts1p5/JOSWRLamYCo
200 OK 472 B URL HTTP/1.1 ocsp.pki.goog/s/gts1p5/JOSWRLamYCo
IP
Hash 90d37506e6a63a3f9602ecd70ef2fbbd
a3fc74289c97c2fd49d3e191fac209e7c865dc69
398d2d7b2633e90bd0f415e3c6f6d995e5ead58bd7b7241408e77e9d06ef2d71
POST /s/gts1p5/JOSWRLamYCo HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 06 Feb 2023 05:33:51 GMT
Cache-Control: public, max-age=14400
Server: scaffolding on HTTPServer2
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/s/gts1p5/mT3XLqx3Te0
200 OK 471 B URL HTTP/1.1 ocsp.pki.goog/s/gts1p5/mT3XLqx3Te0
IP
Hash 4ac4a275aa6377696d4f1c1e5fc4457a
28c44ebd51c6a2b1ccab40928c6f59ecaadfb226
3458f9d59c3de3746a22c4b0aac0364d91234fb8e57a5391b842736c4be906b6
POST /s/gts1p5/mT3XLqx3Te0 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 06 Feb 2023 05:33:51 GMT
Cache-Control: public, max-age=14400
Server: scaffolding on HTTPServer2
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
pqjt9.top/images/campaigns/creativity-2308521-16693108308667.png
200 OK 25 kB URL HTTP/2 pqjt9.top/images/campaigns/creativity-2308521-16693108308667.png
IP
File type PNG image data, 192 x 192, 8-bit colormap, non-interlaced\012- data
Hash c168c6b74312da308388c450def122b4
99a9c781305e19ad2134e843d25a4730c5485737
0f3dddc67a27688b19dc772302fd59dfaed3f16312d3ea6e7e0d31d515a56297
GET /images/campaigns/creativity-2308521-16693108308667.png HTTP/1.1
Host: pqjt9.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Mon, 06 Feb 2023 05:33:51 GMT
content-type: image/png
content-length: 24894
cdn-pullzone: 283898
cdn-uid: 10270df6-3a78-4ee3-9e7e-62f57a8521e8
cdn-requestcountrycode: NO
cache-control: public, max-age=31919000
etag: "637fa96f-613e"
last-modified: Thu, 24 Nov 2022 17:27:11 GMT
cdn-proxyver: 1.03
cdn-requestpullsuccess: True
cdn-requestpullcode: 200
cdn-cachedat: 11/24/2022 17:34:52
cdn-edgestorageid: 860
cdn-status: 200
cdn-requestid: ba7ffc96d65650b78dcf276adfe789e6
cdn-cache: HIT
cf-cache-status: HIT
age: 13337
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=n8BARGQu3u0e2aruzZReGmBfhuNLDoRQ8eSMy1bd9%2BQLUb%2Fxb0AZl6UpD1az66pBx5GHpw33q5hFj7h2X7agQgKDipFmJhy%2BL8s4azpebaWG6QfCxK28Xu%2FO4tE%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7951836e8ba30b31-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 286c2fd6ad9872d4234acc65d6ec0d3b
ad147e69ed901ab381217a1c805f8b718aae75dc
9ef5463c03b5a690043b927666e019cb316c26c298b75644d061fa3627bcb10e
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "9EF5463C03B5A690043B927666E019CB316C26C298B75644D061FA3627BCB10E"
Last-Modified: Sun, 05 Feb 2023 16:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6422
Expires: Mon, 06 Feb 2023 07:20:53 GMT
Date: Mon, 06 Feb 2023 05:33:51 GMT
Connection: keep-alive
ocsp.digicert.com/
200 OK 279 B IP
Hash e01888744004fe45a3078f534cc57507
4cb90998ee5be1ddc3ee35e3ea2dd46090a17082
b2c97d8b264e3d31f2852ca38c39dc6fc5b96703dd2633a82195d6ca36d284da
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 2905
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Mon, 06 Feb 2023 05:33:51 GMT
Last-Modified: Mon, 06 Feb 2023 04:45:26 GMT
Server: ECS (ska/F704)
X-Cache: HIT
Content-Length: 279
fp.metricswpsh.com/fp?tag_id=67059
200 OK 27 B URL HTTP/1.1 fp.metricswpsh.com/fp?tag_id=67059
IP
ASN #24940 Hetzner Online GmbH
File type JSON data\012- , ASCII text
Hash 893fd00d21cb2eafe2596e686ceaa7fd
5264446ff184115148de18a8885471fc116dd20f
b00f2b2b4f9190facc972e354768684fdc04f94d78bd9fac3050911bca41183f
POST /fp?tag_id=67059 HTTP/1.1
Host: fp.metricswpsh.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json;charset=utf-8
Content-Length: 22286
Origin: https://a.naturalhealthsource.club
Connection: keep-alive
Referer: https://a.naturalhealthsource.club/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.20.1
Date: Mon, 06 Feb 2023 05:33:51 GMT
Content-Type: application/json; charset=UTF-8
Content-Length: 27
Connection: keep-alive
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: https://a.naturalhealthsource.club
Set-Cookie: id=164689216830224466; Expires=Tue, 06 Feb 2024 05:33:51 GMT; Secure; SameSite=None
Vary: Origin
video.ktkjmp.com/adsbygoogle.js
200 OK 16 B URL HTTP/2 video.ktkjmp.com/adsbygoogle.js
IP
Hash 3d7f7a60216d40dea48e495fef6903c9
fecdb5184f55cf012563d78940eb97b10b9cc99b
96d83ac9f20fc0b88404f307f135e212642e02d6ea295c96b28aed0d771a224f
GET /adsbygoogle.js HTTP/1.1
Host: video.ktkjmp.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://creative.xlirdr.com/
Origin: https://creative.xlirdr.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Mon, 06 Feb 2023 05:33:51 GMT
content-type: application/javascript
content-length: 16
x-amz-id-2: lcNIxMaAofF7Fv+CenZmpGJJrSUFrD74EH/RfdAjL9Jhx1+3B0JyXF3qWYdsiZqTewxi/ePstns=
x-amz-request-id: 3YWB4S6N4MZ3W6PX
last-modified: Thu, 10 Mar 2022 13:52:07 GMT
etag: "3d7f7a60216d40dea48e495fef6903c9"
x-amz-meta-s3cmd-attrs: atime:1646920284/ctime:1646920283/gid:20/gname:staff/md5:3d7f7a60216d40dea48e495fef6903c9/mode:33188/mtime:1646920283/uid:501/uname:mikhailchubar
x-amz-version-id: eIgLIBoMMcsEXtxOH6UDjWyfAquRpkIG
access-control-allow-origin: https://creative.xlirdr.com
access-control-allow-credentials: true
access-control-allow-headers: Content-Type, Content-Length, Accept-Encoding, x-requested-with
cf-cache-status: HIT
age: 3285
expires: Mon, 06 Feb 2023 09:33:51 GMT
cache-control: public, max-age=14400
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 7951836ec97bb4f1-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.digicert.com/
200 OK 279 B IP
Hash e01888744004fe45a3078f534cc57507
4cb90998ee5be1ddc3ee35e3ea2dd46090a17082
b2c97d8b264e3d31f2852ca38c39dc6fc5b96703dd2633a82195d6ca36d284da
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 2905
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Mon, 06 Feb 2023 05:33:51 GMT
Last-Modified: Mon, 06 Feb 2023 04:45:26 GMT
Server: ECS (ska/F704)
X-Cache: HIT
Content-Length: 279
pxl.tsyndicate.com/api/v1/p/p.gif?p=APeIQFMmDJkycuaI0HGDhYgwY-gsjOGQzpmFImyICYNjBowwMFrYCFODRgsaHsm0wFHmRo4WZGiQiQFjxhgyNWzIwCHC4Rwxacgo1LFFBM0YM2TkuDGjhoguDse4GVqDpsMwdcZgVJqj404aLnHIoAFDBgwaOHg6BEoGYxo6Zdp8idHzIRk7E23QMOsQTh0xC2s0lXEVDpyJSJv6hCNRxwwbOWjUkFHDYRk8dL7MYYzRoJ43bsp8wVEjR90xbQ7rqEqj9YyrZMxMXOvGzcKkNGzE2O2wjZuLjmF0tdHXN_AYN2DAIC6ijhw2t2ucTeywjgyMaOjQgTNHx4sXcuCQESNnDR4XY960eVGlTZk3UNwkeXPEiowwd9o4qaKHSRMoRmCBBw1mFIGDHFTgscQYNBAhQxJnxGFHEWnEEQccMdBxRw8vpOHGQXjE4AIcaMDxQ2h49BADF3UoJ4MNddAhl3tkpFFHGz2w5poLuOm2G4su2kCHHGGYYUYaY2j2hnNjlNGDHGQMuQaQZcEo4xdwzUFHUCrqhUNyVL4Yo1wGkffGGgj1QAWRRiI5BR1hJPSFDGFaSWZsb8jRRhh09OARDHhQBkOdYyrJpJO7zdBUnZ-F5idkklFW5xhsILkGl2OMkQQeekihRBQ5wCBGEVUM8cQVaMjwxQ1yaAGDFi3A8UYWdDgx5Bc21FAGFXDIMYMaOQghgxtIWDHFE3GswUYSMIxBBRZW0MGGkHKYQeASk9UxRxk0QHFFFFiMYUULOWSRRAsyvFFFGDHgUIQRepARhBRhPGHHDDkoccMUNTThxB13JCFHFV-cUUUSREhRRRp1kaFeZy64wadzYbBBUMV0oDHHknI0iR4bf53G50JbzBADVCL0qtVqZbSw3Fqy6QCDC8pVJsIYcMil8kIzK0eDQ3LYoRpfIpSBcxs80wyDzXXUwbAON9OQw1E5MVXGR5CNZcMMZtwgQwyTkSFDGQeZXFcaqokwtQuhurCXC2DTUFcdYWDUxBt6pMEGG2G8UAPNIKBwhYcO3zEHCE5QAQJNNO8AwuBu6OU4HpKDELQONP0NQwogHGH0Gm-8YBZNMBwFghFpyFGGGW_g8ULmNJ-2sghOPFFXnl9kilHtdbExexFONFyGHV-oDh3mNdxwQ0c24KAc0GfYpgNlXzp0EPHkLZSW9cN_0cYbbU2Pg27Wy_HGbQ69MdTPKZuPRx4Lsa96zANpx513L4QR8cREWlwQGxnb2KE-9pcX1GUOQcOI-eBEhzy1oA5ueEsLquICMozhBg2b3UG-YEEMVgRpmLPBDXKim61RRAQyuk4IR2iDEppMUYSxS_HKsJkvjGyFJIyBCS1DvIohhA5DKVkNUBYGMTRGBAcxA1YAWBc4-I5nUQEODPqggIAA&r=1&s=70de26e5674a66b2026d8d98ef823f37d3e08a4b5ebcb84fd3ed9b3f2ca2fa681675661631&w=t
200 OK 35 B URL HTTP/2 pxl.tsyndicate.com/api/v1/p/p.gif?p=APeIQFMmDJkycuaI0HGDhYgwY-gsjOGQzpmFImyICYNjBowwMFrYCFODRgsaHsm0wFHmRo4WZGiQiQFjxhgyNWzIwCHC4Rwxacgo1LFFBM0YM2TkuDGjhoguDse4GVqDpsMwdcZgVJqj404aLnHIoAFDBgwaOHg6BEoGYxo6Zdp8idHzIRk7E23QMOsQTh0xC2s0lXEVDpyJSJv6hCNRxwwbOWjUkFHDYRk8dL7MYYzRoJ43bsp8wVEjR90xbQ7rqEqj9YyrZMxMXOvGzcKkNGzE2O2wjZuLjmF0tdHXN_AYN2DAIC6ijhw2t2ucTeywjgyMaOjQgTNHx4sXcuCQESNnDR4XY960eVGlTZk3UNwkeXPEiowwd9o4qaKHSRMoRmCBBw1mFIGDHFTgscQYNBAhQxJnxGFHEWnEEQccMdBxRw8vpOHGQXjE4AIcaMDxQ2h49BADF3UoJ4MNddAhl3tkpFFHGz2w5poLuOm2G4su2kCHHGGYYUYaY2j2hnNjlNGDHGQMuQaQZcEo4xdwzUFHUCrqhUNyVL4Yo1wGkffGGgj1QAWRRiI5BR1hJPSFDGFaSWZsb8jRRhh09OARDHhQBkOdYyrJpJO7zdBUnZ-F5idkklFW5xhsILkGl2OMkQQeekihRBQ5wCBGEVUM8cQVaMjwxQ1yaAGDFi3A8UYWdDgx5Bc21FAGFXDIMYMaOQghgxtIWDHFE3GswUYSMIxBBRZW0MGGkHKYQeASk9UxRxk0QHFFFFiMYUULOWSRRAsyvFFFGDHgUIQRepARhBRhPGHHDDkoccMUNTThxB13JCFHFV-cUUUSREhRRRp1kaFeZy64wadzYbBBUMV0oDHHknI0iR4bf53G50JbzBADVCL0qtVqZbSw3Fqy6QCDC8pVJsIYcMil8kIzK0eDQ3LYoRpfIpSBcxs80wyDzXXUwbAON9OQw1E5MVXGR5CNZcMMZtwgQwyTkSFDGQeZXFcaqokwtQuhurCXC2DTUFcdYWDUxBt6pMEGG2G8UAPNIKBwhYcO3zEHCE5QAQJNNO8AwuBu6OU4HpKDELQONP0NQwogHGH0Gm-8YBZNMBwFghFpyFGGGW_g8ULmNJ-2sghOPFFXnl9kilHtdbExexFONFyGHV-oDh3mNdxwQ0c24KAc0GfYpgNlXzp0EPHkLZSW9cN_0cYbbU2Pg27Wy_HGbQ69MdTPKZuPRx4Lsa96zANpx513L4QR8cREWlwQGxnb2KE-9pcX1GUOQcOI-eBEhzy1oA5ueEsLquICMozhBg2b3UG-YEEMVgRpmLPBDXKim61RRAQyuk4IR2iDEppMUYSxS_HKsJkvjGyFJIyBCS1DvIohhA5DKVkNUBYGMTRGBAcxA1YAWBc4-I5nUQEODPqggIAA&r=1&s=70de26e5674a66b2026d8d98ef823f37d3e08a4b5ebcb84fd3ed9b3f2ca2fa681675661631&w=t
IP
ASN #24940 Hetzner Online GmbH
File type GIF image data, version 89a, 1 x 1\012- data
Hash c2196de8ba412c60c22ab491af7b1409
5fbd472222feb8a22cf5b8aa5dc5b8e13af88e2b
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992
GET /api/v1/p/p.gif?p=APeIQFMmDJkycuaI0HGDhYgwY-gsjOGQzpmFImyICYNjBowwMFrYCFODRgsaHsm0wFHmRo4WZGiQiQFjxhgyNWzIwCHC4Rwxacgo1LFFBM0YM2TkuDGjhoguDse4GVqDpsMwdcZgVJqj404aLnHIoAFDBgwaOHg6BEoGYxo6Zdp8idHzIRk7E23QMOsQTh0xC2s0lXEVDpyJSJv6hCNRxwwbOWjUkFHDYRk8dL7MYYzRoJ43bsp8wVEjR90xbQ7rqEqj9YyrZMxMXOvGzcKkNGzE2O2wjZuLjmF0tdHXN_AYN2DAIC6ijhw2t2ucTeywjgyMaOjQgTNHx4sXcuCQESNnDR4XY960eVGlTZk3UNwkeXPEiowwd9o4qaKHSRMoRmCBBw1mFIGDHFTgscQYNBAhQxJnxGFHEWnEEQccMdBxRw8vpOHGQXjE4AIcaMDxQ2h49BADF3UoJ4MNddAhl3tkpFFHGz2w5poLuOm2G4su2kCHHGGYYUYaY2j2hnNjlNGDHGQMuQaQZcEo4xdwzUFHUCrqhUNyVL4Yo1wGkffGGgj1QAWRRiI5BR1hJPSFDGFaSWZsb8jRRhh09OARDHhQBkOdYyrJpJO7zdBUnZ-F5idkklFW5xhsILkGl2OMkQQeekihRBQ5wCBGEVUM8cQVaMjwxQ1yaAGDFi3A8UYWdDgx5Bc21FAGFXDIMYMaOQghgxtIWDHFE3GswUYSMIxBBRZW0MGGkHKYQeASk9UxRxk0QHFFFFiMYUULOWSRRAsyvFFFGDHgUIQRepARhBRhPGHHDDkoccMUNTThxB13JCFHFV-cUUUSREhRRRp1kaFeZy64wadzYbBBUMV0oDHHknI0iR4bf53G50JbzBADVCL0qtVqZbSw3Fqy6QCDC8pVJsIYcMil8kIzK0eDQ3LYoRpfIpSBcxs80wyDzXXUwbAON9OQw1E5MVXGR5CNZcMMZtwgQwyTkSFDGQeZXFcaqokwtQuhurCXC2DTUFcdYWDUxBt6pMEGG2G8UAPNIKBwhYcO3zEHCE5QAQJNNO8AwuBu6OU4HpKDELQONP0NQwogHGH0Gm-8YBZNMBwFghFpyFGGGW_g8ULmNJ-2sghOPFFXnl9kilHtdbExexFONFyGHV-oDh3mNdxwQ0c24KAc0GfYpgNlXzp0EPHkLZSW9cN_0cYbbU2Pg27Wy_HGbQ69MdTPKZuPRx4Lsa96zANpx513L4QR8cREWlwQGxnb2KE-9pcX1GUOQcOI-eBEhzy1oA5ueEsLquICMozhBg2b3UG-YEEMVgRpmLPBDXKim61RRAQyuk4IR2iDEppMUYSxS_HKsJkvjGyFJIyBCS1DvIohhA5DKVkNUBYGMTRGBAcxA1YAWBc4-I5nUQEODPqggIAA&r=1&s=70de26e5674a66b2026d8d98ef823f37d3e08a4b5ebcb84fd3ed9b3f2ca2fa681675661631&w=t HTTP/1.1
Host: pxl.tsyndicate.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://rtbbnr.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Mon, 06 Feb 2023 05:33:51 GMT
content-type: text/plain; charset=utf-8
content-length: 35
x-robots-tag: noindex, nofollow
X-Firefox-Spdy: h2
8ffa747e3a.bc5ae89c44.com/health/
200 OK 0 B URL HTTP/2 8ffa747e3a.bc5ae89c44.com/health/
IP
ASN #24940 Hetzner Online GmbH
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /health/ HTTP/1.1
Host: 8ffa747e3a.bc5ae89c44.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://a.naturalhealthsource.club/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx/1.18.0
date: Mon, 06 Feb 2023 05:33:51 GMT
content-length: 0
vary: Origin
cache-control: no-transform, no-cache, no-store, must-revalidate
pragma: no-cache
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: *
X-Firefox-Spdy: h2
ocsp.digicert.com/
200 OK 280 B IP
Hash c2a90dfca977e8a6a65da817ed5bf0c6
625c80bfbd7fce0028c2853702d4ab038c2d0d28
605e986db07f5d8db18579253f7dbec7e5adfada13be750a5aa03b0bb20393d7
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 2441
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Mon, 06 Feb 2023 05:33:51 GMT
Last-Modified: Mon, 06 Feb 2023 04:53:10 GMT
Server: ECS (ska/F704)
X-Cache: HIT
Content-Length: 280
8ffa747e3a.bc5ae89c44.com/health/
200 OK 0 B URL HTTP/2 8ffa747e3a.bc5ae89c44.com/health/
IP
ASN #24940 Hetzner Online GmbH
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /health/ HTTP/1.1
Host: 8ffa747e3a.bc5ae89c44.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://a.naturalhealthsource.club/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx/1.18.0
date: Mon, 06 Feb 2023 05:33:51 GMT
content-length: 0
vary: Origin
cache-control: no-transform, no-cache, no-store, must-revalidate
pragma: no-cache
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: *
X-Firefox-Spdy: h2
unseenreport.com/pxf.gif?uuid=36f4333f-010e-485a-9c6a-07ce48f83409&eb=afa55bd8bbaeee6cbf2f0b21fb513961&te=9e4947f35751465411fd1a4f5c358c78&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&dev=e&res=14.1055&b_frame=0&pk=4d0afc2425eea6b0cd5a468c9f8a69ed&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=5
200 OK 1.8 kB URL HTTP/1.1 unseenreport.com/pxf.gif?uuid=36f4333f-010e-485a-9c6a-07ce48f83409&eb=afa55bd8bbaeee6cbf2f0b21fb513961&te=9e4947f35751465411fd1a4f5c358c78&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&dev=e&res=14.1055&b_frame=0&pk=4d0afc2425eea6b0cd5a468c9f8a69ed&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=5
IP
ASN #39572 DataWeb Global Group B.V.
Hash 969b0b26d541030d9e7c8185b88096d0
533f6b2b6f2ec09d73f23230bbea978068003790
0facf72766581815e7fae1207492071791f6826aba60ed6d17e805e3440c334c
Analyzer Verdict Alert quad9 Sinkholed
GET /pxf.gif?uuid=36f4333f-010e-485a-9c6a-07ce48f83409&eb=afa55bd8bbaeee6cbf2f0b21fb513961&te=9e4947f35751465411fd1a4f5c358c78&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&dev=e&res=14.1055&b_frame=0&pk=4d0afc2425eea6b0cd5a468c9f8a69ed&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=5 HTTP/1.1
Host: unseenreport.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.17.6
Date: Mon, 06 Feb 2023 05:33:51 GMT
Content-Type: image/gif
Content-Length: 1
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: dc7945add91ec410d2088385ff12499c
Strict-Transport-Security: max-age=0; includeSubdomains
preroll.hostave3.net/notifications/zeropixel.png
200 OK 42 B URL HTTP/2 preroll.hostave3.net/notifications/zeropixel.png
IP
File type GIF image data, version 89a, 1 x 1\012- data
Hash d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
GET /notifications/zeropixel.png HTTP/1.1
Host: preroll.hostave3.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://rtbbnr.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Mon, 06 Feb 2023 05:33:51 GMT
content-type: image/png
content-length: 42
last-modified: Tue, 11 Sep 2018 08:40:52 GMT
etag: "5b977f94-2a"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
cf-cache-status: HIT
age: 2328901
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=SODixILH%2BxlFTV%2FvCbPCD%2FH%2FcoASd09aElppmIiM%2B3l7K9DgOVBBS0Crxvt%2FqPQmoxhrgGW8xpMm%2F2QlMmiuX7yAJyDA8gw4spEEHhxC%2BQFjLI87iC3T43uEBx13OUrFJ1Io8FLRcA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
strict-transport-security: max-age=0
server: cloudflare
cf-ray: 7951836f79fc7759-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.sectigo.com/
200 OK 472 B IP
Hash 13bfcb9d7a1e5ff7c0d8844223135917
3cf66ccffc4c3abfbaeeea64a179aa85bbecf4c2
5d68b78683dfc4c09918ed99aea9493d2be77869d061e290df3912fb0ac1111f
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Mon, 06 Feb 2023 05:33:51 GMT
Content-Type: application/ocsp-response
Content-Length: 472
Connection: keep-alive
Last-Modified: Sat, 04 Feb 2023 15:56:19 GMT
Expires: Sat, 11 Feb 2023 15:56:18 GMT
Etag: "3cf66ccffc4c3abfbaeeea64a179aa85bbecf4c2"
Cache-Control: max-age=468746,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb1
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 7951836f6eed0b51-OSL
unseenreport.com/pxf.gif?uuid=36f4333f-010e-485a-9c6a-07ce48f83409&eb=afa55bd8bbaeee6cbf2f0b21fb513961&te=9e4947f35751465411fd1a4f5c358c78&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&dev=e&res=14.1055&b_frame=0&pk=01f75a95a38a8db0a8e82d995253a076&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=5
200 OK 1 B URL HTTP/1.1 unseenreport.com/pxf.gif?uuid=36f4333f-010e-485a-9c6a-07ce48f83409&eb=afa55bd8bbaeee6cbf2f0b21fb513961&te=9e4947f35751465411fd1a4f5c358c78&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&dev=e&res=14.1055&b_frame=0&pk=01f75a95a38a8db0a8e82d995253a076&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=5
IP
ASN #39572 DataWeb Global Group B.V.
File type very short file (no magic)
Hash 93b885adfe0da089cdf634904fd59f71
5ba93c9db0cff93f52b521d7420e43f6eda2784f
6e340b9cffb37a989ca544e6bb780a2c78901d3fb33738768511a30617afa01d
Analyzer Verdict Alert quad9 Sinkholed
GET /pxf.gif?uuid=36f4333f-010e-485a-9c6a-07ce48f83409&eb=afa55bd8bbaeee6cbf2f0b21fb513961&te=9e4947f35751465411fd1a4f5c358c78&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&dev=e&res=14.1055&b_frame=0&pk=01f75a95a38a8db0a8e82d995253a076&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=5 HTTP/1.1
Host: unseenreport.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.17.6
Date: Mon, 06 Feb 2023 05:33:51 GMT
Content-Type: image/gif
Content-Length: 1
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 022b02006efecdc36905e52db85eeebc
Strict-Transport-Security: max-age=0; includeSubdomains
ocsp.digicert.com/
200 OK 313 B IP
Hash cd28d536c22b2aef6fbfd722cda1d762
c493700637bb448671bbd6205f69d7999df04e8b
8055fa2a260afdf4d584d62e0724a0fa7139291810e954329c12d2030ee36d90
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6416
Cache-Control: max-age=150255
Content-Type: application/ocsp-response
Date: Mon, 06 Feb 2023 05:33:51 GMT
Etag: "63e0201e-139"
Expires: Tue, 07 Feb 2023 23:18:06 GMT
Last-Modified: Sun, 05 Feb 2023 21:31:10 GMT
Server: ECS (ska/F704)
X-Cache: HIT
Content-Length: 313
109d378489.9f84a22351.com/a783dbc9a0d6f61c5c2d8593b38666cc.js
200 OK 15 kB URL HTTP/2 109d378489.9f84a22351.com/a783dbc9a0d6f61c5c2d8593b38666cc.js
IP
ASN #39572 DataWeb Global Group B.V.
Hash 1b0a500e377b446880f14246740fdccc
e37eb5fe44c842865eeed5fb3c0ecb968b3ce894
fd148c075fe05b6a205ccf3a85144fcfdb6e401870c2a83eb9f45eda6dbba52c
Analyzer Verdict Alert quad9 Sinkholed
GET /a783dbc9a0d6f61c5c2d8593b38666cc.js HTTP/1.1
Host: 109d378489.9f84a22351.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://a.naturalhealthsource.club/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Mon, 06 Feb 2023 05:33:51 GMT
content-type: application/javascript; charset=utf-8
server: nginx/1.18.0
last-modified: Tue, 20 Dec 2022 14:01:44 GMT
etag: W/"63a1c048-b232"
content-encoding: gzip
expires: Mon, 06 Feb 2023 05:38:51 GMT
cache-control: max-age=300
x-proxy-cache: HIT
access-control-allow-origin: *
X-Firefox-Spdy: h2
unseenreport.com/pxf.gif?uuid=36f4333f-010e-485a-9c6a-07ce48f83409&eb=afa55bd8bbaeee6cbf2f0b21fb513961&te=9e4947f35751465411fd1a4f5c358c78&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&dev=e&res=14.1055&b_frame=0&pk=21fe3950f412e026c33f1b6cee613eba&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=5
200 OK 1 B URL HTTP/1.1 unseenreport.com/pxf.gif?uuid=36f4333f-010e-485a-9c6a-07ce48f83409&eb=afa55bd8bbaeee6cbf2f0b21fb513961&te=9e4947f35751465411fd1a4f5c358c78&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&dev=e&res=14.1055&b_frame=0&pk=21fe3950f412e026c33f1b6cee613eba&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=5
IP
ASN #39572 DataWeb Global Group B.V.
File type very short file (no magic)
Hash 93b885adfe0da089cdf634904fd59f71
5ba93c9db0cff93f52b521d7420e43f6eda2784f
6e340b9cffb37a989ca544e6bb780a2c78901d3fb33738768511a30617afa01d
Analyzer Verdict Alert quad9 Sinkholed
GET /pxf.gif?uuid=36f4333f-010e-485a-9c6a-07ce48f83409&eb=afa55bd8bbaeee6cbf2f0b21fb513961&te=9e4947f35751465411fd1a4f5c358c78&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&dev=e&res=14.1055&b_frame=0&pk=21fe3950f412e026c33f1b6cee613eba&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=5 HTTP/1.1
Host: unseenreport.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.17.6
Date: Mon, 06 Feb 2023 05:33:51 GMT
Content-Type: image/gif
Content-Length: 1
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: a7906a53bcda20f4aee955daa3aa3508
Strict-Transport-Security: max-age=0; includeSubdomains
ocsp.pki.goog/s/gts1p5/mT3XLqx3Te0
200 OK 471 B URL HTTP/1.1 ocsp.pki.goog/s/gts1p5/mT3XLqx3Te0
IP
Hash 4ac4a275aa6377696d4f1c1e5fc4457a
28c44ebd51c6a2b1ccab40928c6f59ecaadfb226
3458f9d59c3de3746a22c4b0aac0364d91234fb8e57a5391b842736c4be906b6
POST /s/gts1p5/mT3XLqx3Te0 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 06 Feb 2023 05:33:51 GMT
Cache-Control: public, max-age=14400
Server: scaffolding on HTTPServer2
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
lcdn.tsyndicate.com/images/0/3/fb916063b00432deb9e8cef541ea92949f58db.gif
200 OK 13 kB URL HTTP/2 lcdn.tsyndicate.com/images/0/3/fb916063b00432deb9e8cef541ea92949f58db.gif
IP
File type GIF image data, version 89a, 300 x 250\012- data
Hash a6ed4d38582a21cb06a70b799ebd2ef6
5145dea40545313946b015f656800c07efebb39a
a124054aba8a3562e895b7edcfaca11c2f4b703b4f527c1233b7e8e6a3dd5c6a
GET /images/0/3/fb916063b00432deb9e8cef541ea92949f58db.gif HTTP/1.1
Host: lcdn.tsyndicate.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://rtbbnr.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Mon, 06 Feb 2023 05:33:51 GMT
content-type: image/gif
content-length: 13309
etag: "63da1c24-33fd"
last-modified: Wed, 01 Feb 2023 08:00:36 GMT
server: nginx
x-robots-tag: noindex, nofollow
age: 423000
accept-ranges: bytes
X-Firefox-Spdy: h2
ocsp.digicert.com/
200 OK 313 B IP
Hash cd28d536c22b2aef6fbfd722cda1d762
c493700637bb448671bbd6205f69d7999df04e8b
8055fa2a260afdf4d584d62e0724a0fa7139291810e954329c12d2030ee36d90
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6416
Cache-Control: max-age=150255
Content-Type: application/ocsp-response
Date: Mon, 06 Feb 2023 05:33:51 GMT
Etag: "63e0201e-139"
Expires: Tue, 07 Feb 2023 23:18:06 GMT
Last-Modified: Sun, 05 Feb 2023 21:31:10 GMT
Server: ECS (ska/F704)
X-Cache: HIT
Content-Length: 313
ocsp.digicert.com/
200 OK 313 B IP
Hash cd28d536c22b2aef6fbfd722cda1d762
c493700637bb448671bbd6205f69d7999df04e8b
8055fa2a260afdf4d584d62e0724a0fa7139291810e954329c12d2030ee36d90
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6416
Cache-Control: max-age=150255
Content-Type: application/ocsp-response
Date: Mon, 06 Feb 2023 05:33:51 GMT
Etag: "63e0201e-139"
Expires: Tue, 07 Feb 2023 23:18:06 GMT
Last-Modified: Sun, 05 Feb 2023 21:31:10 GMT
Server: ECS (ska/F704)
X-Cache: HIT
Content-Length: 313
roomimg.stream.highwebmedia.com/riw/jennycutey.jpg?1675661610
200 OK 21 kB URL HTTP/2 roomimg.stream.highwebmedia.com/riw/jennycutey.jpg?1675661610
IP
File type JPEG image data, JFIF standard 1.02, aspect ratio, density 548x549, segment length 16, progressive, precision 8, 480x270, components 3\012- data
Hash c2c2ea6ad50458bd297528af915ee8d0
208ff2454a3a1d5e72318e379c5668297cb4393e
f8f7663cf87e1e0215d9a4302f58c0831d4b6128053df28a064ff96493115ad2
GET /riw/jennycutey.jpg?1675661610 HTTP/1.1
Host: roomimg.stream.highwebmedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://chaturbate.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Mon, 06 Feb 2023 05:33:52 GMT
content-type: image/jpeg
content-length: 21058
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
cache-control: public, max-age=30
cf-bgj: imgq:100,h2pri
cf-polished: origSize=21589
content-security-policy: default-src 'none'; img-src data:; style-src 'unsafe-inline'
referrer-policy: strict-origin-when-cross-origin
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
x-frame-options: DENY
x-xss-protection: 1; mode=block
cf-cache-status: HIT
age: 15
last-modified: Mon, 06 Feb 2023 05:33:37 GMT
expires: Mon, 06 Feb 2023 05:34:22 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ipc3VZJyt%2FC6IC7F%2BjQYnWytJglICCwvZml30a9hDbmKNt4GXJ63PPMSQWBtBWhflhNJn%2F1Lo8SX3SaNAoz9I7XgWg8k%2F7JDTAsx79oF0o3%2BTPUJyOQvbalnmnSVxuAm9WeiPxJR3Ya9iZP45GuQUfM%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
set-cookie: _cfuvid=v5a6JGPMI.x8LOidwRhEbSYUnZSI2lVNuRcVaHvyu0A-1675661632003-0-604800000; path=/; domain=.highwebmedia.com; HttpOnly; Secure; SameSite=None
server: cloudflare
cf-ray: 7951836ffa22b4f1-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
roomimg.stream.highwebmedia.com/riw/xoxosexxxc.jpg?1675661610
200 OK 7.9 kB URL HTTP/2 roomimg.stream.highwebmedia.com/riw/xoxosexxxc.jpg?1675661610
IP
File type JPEG image data, JFIF standard 1.02, aspect ratio, density 959x960, segment length 16, progressive, precision 8, 480x270, components 3\012- data
Hash da9daebd5760aae237303ffec5b831cf
596e95acf495e14115b1da8d4ca0a8faa1ddbe51
1e8f005fc0cd0d6bd2506cc8a612b77cb1d49a61edd3a012bd6d77b27b3594e5
GET /riw/xoxosexxxc.jpg?1675661610 HTTP/1.1
Host: roomimg.stream.highwebmedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://chaturbate.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Mon, 06 Feb 2023 05:33:52 GMT
content-type: image/jpeg
content-length: 7885
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
cache-control: public, max-age=30
cf-bgj: imgq:100,h2pri
cf-polished: origSize=7974
content-security-policy: default-src 'none'; img-src data:; style-src 'unsafe-inline'
referrer-policy: strict-origin-when-cross-origin
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
x-frame-options: DENY
x-xss-protection: 1; mode=block
cf-cache-status: HIT
age: 9
last-modified: Mon, 06 Feb 2023 05:33:43 GMT
expires: Mon, 06 Feb 2023 05:34:22 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=6%2BNOiFUPTOvZQkZMTI7gHkVGtemrPPlwB9vhMm1%2F3TcpPf%2F3FwrNVb%2FM%2B2hi8NZHEicFTHTF%2BXii4zcThOechtx%2FmWI17ppcH1NtGt954UQMaBHAoeBn6ZsLiynf9skarcirD1iOvyut8NAaluScMHk%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
set-cookie: _cfuvid=v5a6JGPMI.x8LOidwRhEbSYUnZSI2lVNuRcVaHvyu0A-1675661632003-0-604800000; path=/; domain=.highwebmedia.com; HttpOnly; Secure; SameSite=None
server: cloudflare
cf-ray: 7951836ffa23b4f1-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.digicert.com/
200 OK 280 B IP
Hash c2a90dfca977e8a6a65da817ed5bf0c6
625c80bfbd7fce0028c2853702d4ab038c2d0d28
605e986db07f5d8db18579253f7dbec7e5adfada13be750a5aa03b0bb20393d7
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 2004
Cache-Control: max-age=168511
Content-Type: application/ocsp-response
Date: Mon, 06 Feb 2023 05:33:52 GMT
Etag: "63e078ab-118"
Expires: Wed, 08 Feb 2023 04:22:23 GMT
Last-Modified: Mon, 06 Feb 2023 03:48:59 GMT
Server: ECS (ska/F70F)
X-Cache: HIT
Content-Length: 280
roomimg.stream.highwebmedia.com/riw/emilygrey_.jpg?1675661610
200 OK 21 kB URL HTTP/2 roomimg.stream.highwebmedia.com/riw/emilygrey_.jpg?1675661610
IP
File type JPEG image data, JFIF standard 1.02, aspect ratio, density 548x549, segment length 16, progressive, precision 8, 480x270, components 3\012- data
Hash 0c8c2ff7f874810bb9f8c4ab6df88e12
4bb23e8e57a55e267ccfc345d06a23ce646dc74a
8d03f5e4f98df0ba6cbef933c82a310e76bd6e2bfed3835c1baeddddd54449e2
GET /riw/emilygrey_.jpg?1675661610 HTTP/1.1
Host: roomimg.stream.highwebmedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://chaturbate.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Mon, 06 Feb 2023 05:33:52 GMT
content-type: image/jpeg
content-length: 21425
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
cache-control: public, max-age=30
cf-bgj: imgq:100,h2pri
cf-polished: origSize=21826
content-security-policy: default-src 'none'; img-src data:; style-src 'unsafe-inline'
referrer-policy: strict-origin-when-cross-origin
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
x-frame-options: DENY
x-xss-protection: 1; mode=block
cf-cache-status: HIT
age: 27
last-modified: Mon, 06 Feb 2023 05:33:25 GMT
expires: Mon, 06 Feb 2023 05:34:22 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=7Zp3nXzWWVE96JNo%2Fca5eSwVKyp8uIKJelgd99ZIvCBgg0G8QgM5H1uCP2zLoEGSdS%2By7jHqKtAMk91Xf6dLTzbcROHKjl9MK%2F77SkeRmfzUwXd7YbQGQs6yK4gpX%2FhWKEXI0Er9ugWBT6opOBDn8i0%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
set-cookie: _cfuvid=.h4CtOSoh_E5gR03ymQOPJMeOn5DbWNseAAnRA1ynCE-1675661632019-0-604800000; path=/; domain=.highwebmedia.com; HttpOnly; Secure; SameSite=None
server: cloudflare
cf-ray: 795183700a2db4f1-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.digicert.com/
200 OK 313 B IP
Hash cd28d536c22b2aef6fbfd722cda1d762
c493700637bb448671bbd6205f69d7999df04e8b
8055fa2a260afdf4d584d62e0724a0fa7139291810e954329c12d2030ee36d90
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6417
Cache-Control: max-age=150255
Content-Type: application/ocsp-response
Date: Mon, 06 Feb 2023 05:33:52 GMT
Etag: "63e0201e-139"
Expires: Tue, 07 Feb 2023 23:18:07 GMT
Last-Modified: Sun, 05 Feb 2023 21:31:10 GMT
Server: ECS (ska/F704)
X-Cache: HIT
Content-Length: 313
static-assets.highwebmedia.com/images/ico-cams.png?829027f88094
200 OK 549 B URL HTTP/2 static-assets.highwebmedia.com/images/ico-cams.png?829027f88094
IP
File type PNG image data, 13 x 15, 8-bit colormap, non-interlaced\012- data
Hash 4437b02e2efeaa0eb69858a7eb957af6
2dfa9c3fa2fc56c7504c043876eaad9526abed62
52dc5730b7afd3f35531dcca2bd7b9984f0271d15c8b449c4b1d425dddf12a33
GET /images/ico-cams.png?829027f88094 HTTP/1.1
Host: static-assets.highwebmedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://static-assets.highwebmedia.com/CACHE/css/output.86af60575b63.css
Cookie: _cfuvid=.h4CtOSoh_E5gR03ymQOPJMeOn5DbWNseAAnRA1ynCE-1675661632019-0-604800000
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Mon, 06 Feb 2023 05:33:52 GMT
content-type: image/png
content-length: 549
cache-control: public, max-age=2592000
cf-bgj: imgq:100,h2pri,csam-hash
cf-polished: origSize=1457
etag: "58ecd9d7af4908cce84eccd4cbd6f0d0"
last-modified: Tue, 19 Jan 2021 22:03:22 GMT
x-amz-id-2: uk+Y+mMt51OLA32rfvOrwKQRVhebnzwVD7WNGN89HYS/N/FIKgMltVMzadOcg1MyUuhiPycAlHk=
x-amz-meta-s3cmd-attrs: md5:58ecd9d7af4908cce84eccd4cbd6f0d0
x-amz-request-id: 2BDHEK7PHQPF17BP
cf-cache-status: HIT
age: 2076409
expires: Wed, 08 Mar 2023 05:33:52 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=W8d0ugkBwmGakhTGsFgPIpifrEjGa%2FLqsKqSlRIk%2FS2YmpDE8RysX6KFXndwlqmiTbVKMgqXMvSipl15DWIkFJ5S3iwc0PgRPDXXIVbMb968fxY8CY6RvB7xJwmatBnZzOWKthhESPC3QS7VlQpJLw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 795183704929b4f7-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.digicert.com/
200 OK 15 kB IP
Hash 81b9028dcd06cd0c0550f1eeabf4eaef
2fe8ecf2dfe70e0a80a57b903bd8d8e4e649f019
1053d7511b37203ea04d4680bd199fa51f968222b189a4be0257637cd9892b57
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5684
Cache-Control: max-age=93728
Content-Type: application/ocsp-response
Date: Mon, 06 Feb 2023 05:33:52 GMT
Etag: "63df462c-117"
Expires: Tue, 07 Feb 2023 07:36:00 GMT
Last-Modified: Sun, 05 Feb 2023 06:01:16 GMT
Server: ECS (ska/F704)
X-Cache: HIT
Content-Length: 279
img.strpst.com/thumbs/1675661521/93790528
200 OK 65 kB URL HTTP/2 img.strpst.com/thumbs/1675661521/93790528
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 0x0, segment length 16, progressive, precision 8, 640x360, components 3\012- data
Hash ff74b85664b60e06cfb9c059d9dc6889
63397870da542cca9fce60f8ad22da492ba3609f
6ee1b8d3228d88453048f6b734f83abb193a5e6543b7ad009c7bdd04371b9770
GET /thumbs/1675661521/93790528 HTTP/1.1
Host: img.strpst.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://creative.xlirdr.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Mon, 06 Feb 2023 05:33:52 GMT
content-type: image/jpeg
content-length: 65328
access-control-allow-credentials: true
access-control-allow-headers: *
access-control-allow-methods: GET
access-control-allow-origin: *
cf-bgj: imgq:100,h2pri
cf-polished: origSize=68409, status=webp_bigger
etag: "5b4379cd7347fc7a4bf288c81277c30f"
last-modified: Mon, 06 Feb 2023 05:31:33 GMT
cf-cache-status: HIT
age: 71
expires: Mon, 06 Feb 2023 06:03:52 GMT
cache-control: public, max-age=1800
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 79518370db8fb50f-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.digicert.com/
200 OK 279 B IP
Hash e3f21481d43b15f19a910e1eb87b9b4e
a6e11e8489fa82fc92f42d3a18b2e964ddd8baed
906abc41a074c30d3c16f875f7a7391e51495583af21e7a3e7a8d5f675505a5c
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5684
Cache-Control: max-age=93728
Content-Type: application/ocsp-response
Date: Mon, 06 Feb 2023 05:33:52 GMT
Etag: "63df462c-117"
Expires: Tue, 07 Feb 2023 07:36:00 GMT
Last-Modified: Sun, 05 Feb 2023 06:01:16 GMT
Server: ECS (ska/F704)
X-Cache: HIT
Content-Length: 279
js-agent.newrelic.com/692.215647de-1223.js
200 OK 1.1 kB URL HTTP/2 js-agent.newrelic.com/692.215647de-1223.js
IP
File type ASCII text, with very long lines (2024), with no line terminators
Hash 1dc08a1beb61f5f16d5972c0bee130e4
9f79e0cdf3d763c3caa0c0be870c86b2d64a8dc9
cdd769feea442da1672ab541a2d9846e1561520bb24484e8ee09d1d5d17570f0
GET /692.215647de-1223.js HTTP/1.1
Host: js-agent.newrelic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://chaturbate.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: 2yt9zIT4kPGAHbZR3GCMZ5QoLheWqVlcJX0f/njjzvUTTdDRBkBy06VpOX/u//lzjAgeAveu2U8=
x-amz-request-id: 29B921PPM35DC69W
last-modified: Fri, 27 Jan 2023 21:42:05 GMT
etag: "2a9c8457fef96067bf92a4ec54fb10b8"
x-amz-version-id: I.n_PBR7fU5g2cmlAwgMlzr4Oik5bP_f
content-type: application/javascript
server: AmazonS3
access-control-allow-origin: *
cache-control: public, max-age=7200, stale-if-error=604800
content-encoding: gzip
accept-ranges: bytes
date: Mon, 06 Feb 2023 05:33:52 GMT
via: 1.1 varnish
x-served-by: cache-bma1644-BMA
x-cache: HIT
x-cache-hits: 1745
x-timer: S1675661632.220385,VS0,VE0
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
content-length: 1087
X-Firefox-Spdy: h2
js-agent.newrelic.com/112.215647de-1223.js
200 OK 2.8 kB URL HTTP/2 js-agent.newrelic.com/112.215647de-1223.js
IP
File type ASCII text, with very long lines (7285), with no line terminators
Hash 51f26008d21e2bd91b8a9baa4c356ab9
59888996bcb03c11b1d2e61a868009e57846b8cb
feebd27b271ee3a7198d3dbc69610281a43503080d724ec0fcb7c4bfa13d42f6
GET /112.215647de-1223.js HTTP/1.1
Host: js-agent.newrelic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://chaturbate.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
x-amz-id-2: 89jhP8k1dPBysMYdCzqbzxQ1KxABx3MYRt9LPVpreRIcgdqnpH5bT0LvyouOsXZFM+UKIfDjy0I=
x-amz-request-id: 29BA48WT782NR5G3
last-modified: Fri, 27 Jan 2023 21:42:05 GMT
etag: "b225b095bddb200dcb67ba7625a14e0b"
x-amz-version-id: 9bSPwe8fMEYRcVSv2EMBWMHRAeUObfWk
content-type: application/javascript
server: AmazonS3
access-control-allow-origin: *
cache-control: public, max-age=7200, stale-if-error=604800
content-encoding: gzip
accept-ranges: bytes
date: Mon, 06 Feb 2023 05:33:52 GMT
via: 1.1 varnish
x-served-by: cache-bma1644-BMA
x-cache: HIT
x-cache-hits: 900
x-timer: S1675661632.223553,VS0,VE0
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
content-length: 2800
X-Firefox-Spdy: h2
js-agent.newrelic.com/817.215647de-1223.js
200 OK 1.0 kB URL HTTP/2 js-agent.newrelic.com/817.215647de-1223.js
IP
File type ASCII text, with very long lines (2422), with no line terminators
Hash f899718de7c8c66eeb4bbfa0c22acf5e
ec2a6857256c2ed00c401b4888ff36871baf6b43
809f4867eaf293e35d10315d6e65aa69289d7eee0ab7e8de437b18c2a06fed94
GET /817.215647de-1223.js HTTP/1.1
Host: js-agent.newrelic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://chaturbate.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
x-amz-id-2: sWkU684Mr3Z5/fJ2O0srvU3HupQDLlairtucn7ucXJIoplwlZJHmVmeQSK82HUlRykCYQPaNYBk=
x-amz-request-id: 29BE804GA0J43Q99
last-modified: Fri, 27 Jan 2023 21:42:05 GMT
etag: "a5dc24e5a104adfcf70621ff7fb620ff"
x-amz-version-id: fbj3lJUaysglBYTWHHCwffYncZ19MQ50
content-type: application/javascript
server: AmazonS3
access-control-allow-origin: *
cache-control: public, max-age=7200, stale-if-error=604800
content-encoding: gzip
accept-ranges: bytes
date: Mon, 06 Feb 2023 05:33:52 GMT
via: 1.1 varnish
x-served-by: cache-bma1644-BMA
x-cache: HIT
x-cache-hits: 533
x-timer: S1675661632.223643,VS0,VE0
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
content-length: 1044
X-Firefox-Spdy: h2
js-agent.newrelic.com/307.215647de-1223.js
200 OK 3.6 kB URL HTTP/2 js-agent.newrelic.com/307.215647de-1223.js
IP
File type ASCII text, with very long lines (9700), with no line terminators
Hash ee729b93fd1e54d7c6108a4a252b67a2
e87fca8b97e56a89980ad6eb488ef1ac50116366
b48a5e5b92d4d04becc06d85a678fffe33bf31611398c217ec232171f6d11f8f
GET /307.215647de-1223.js HTTP/1.1
Host: js-agent.newrelic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://chaturbate.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
x-amz-id-2: xbAyM3B6Z/Ooy6PMw2GgjfE/Ir1lbwXjKVU7JKeSJnjmMgE/GpUd1AOACsKLCPxaWbQWAHrYzE0=
x-amz-request-id: KRHE8V2CFA00B292
last-modified: Fri, 27 Jan 2023 21:42:05 GMT
etag: "cca13aa273adc25aced599968bea0601"
x-amz-version-id: ED2qEQGkNHGjLDyC2ELlsbsj8AXnsN9k
content-type: application/javascript
server: AmazonS3
access-control-allow-origin: *
cache-control: public, max-age=7200, stale-if-error=604800
content-encoding: gzip
accept-ranges: bytes
date: Mon, 06 Feb 2023 05:33:52 GMT
via: 1.1 varnish
x-served-by: cache-bma1644-BMA
x-cache: HIT
x-cache-hits: 543
x-timer: S1675661632.223755,VS0,VE0
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
content-length: 3648
X-Firefox-Spdy: h2
js-agent.newrelic.com/378.215647de-1223.js
200 OK 6.4 kB URL HTTP/2 js-agent.newrelic.com/378.215647de-1223.js
IP
File type ASCII text, with very long lines (17828), with no line terminators
Hash d58a3a565fc0bbaf659cdd5bf0c3cd4f
8cd110e6b7199e11de72368b73abb8a3afddfff8
bd6f2c9e271f74ce10d1ad05fdde0fa7bf0ffa34ea85f6076a58e50111df8de7
GET /378.215647de-1223.js HTTP/1.1
Host: js-agent.newrelic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://chaturbate.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
x-amz-id-2: jhmNL7TL7NMx1UoOR5WpT5kMljdWRrYGpnmm3iqO7tDQcfjU0mie9CCq0LQCgRqufry0GCFQmEg=
x-amz-request-id: 93FTN287CT7M20VW
last-modified: Fri, 27 Jan 2023 21:42:05 GMT
etag: "2705e6768fceda2e9c8355d65e268d7c"
x-amz-version-id: tRin0ET_go6ogNo.J2ffgT9M6xH6BEos
content-type: application/javascript
server: AmazonS3
access-control-allow-origin: *
cache-control: public, max-age=7200, stale-if-error=604800
content-encoding: gzip
accept-ranges: bytes
date: Mon, 06 Feb 2023 05:33:52 GMT
via: 1.1 varnish
x-served-by: cache-bma1644-BMA
x-cache: HIT
x-cache-hits: 365
x-timer: S1675661632.227395,VS0,VE0
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
content-length: 6410
X-Firefox-Spdy: h2
js-agent.newrelic.com/785.215647de-1223.js
200 OK 2.1 kB URL HTTP/2 js-agent.newrelic.com/785.215647de-1223.js
IP
File type ASCII text, with very long lines (5141), with no line terminators
Hash 7fa55562924d9fae72bef9c581681545
2a9f69db97168913e41c20b42278f0b020f19e02
9ab186c1c3c7132d927edd774e14412550e0127ae67bcf04353f94ce22dd1b5f
GET /785.215647de-1223.js HTTP/1.1
Host: js-agent.newrelic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://chaturbate.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: +m4UupLkIm012wjkD0AOw3MWK5aT8Y0g0D4hdCiEX5xVgPPr8nsRchoPSx3Y9Rb4NP65eTC0O6I=
x-amz-request-id: 29B11CZV4JJHK42G
last-modified: Fri, 27 Jan 2023 21:42:05 GMT
etag: "85340359c90104ea511047eb2b57ebb5"
x-amz-version-id: 24gfKeCbKAAA6djjTUpWk6gRfGGq6MlZ
content-type: application/javascript
server: AmazonS3
access-control-allow-origin: *
cache-control: public, max-age=7200, stale-if-error=604800
content-encoding: gzip
accept-ranges: bytes
date: Mon, 06 Feb 2023 05:33:52 GMT
via: 1.1 varnish
x-served-by: cache-bma1644-BMA
x-cache: HIT
x-cache-hits: 1748
x-timer: S1675661632.233184,VS0,VE0
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
content-length: 2103
X-Firefox-Spdy: h2
js-agent.newrelic.com/960.215647de-1223.js
200 OK 2.2 kB URL HTTP/2 js-agent.newrelic.com/960.215647de-1223.js
IP
File type ASCII text, with very long lines (4860), with no line terminators
Hash e760ffc71afd5bd3c903e8f29818c668
11e73304cc011c73068a27c4ae873eb2adf85f7d
b3128fc00ad75d145325e82722ae64fb77919f398989850180eb5a821cbd4504
GET /960.215647de-1223.js HTTP/1.1
Host: js-agent.newrelic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://chaturbate.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: gNdtGXUJfleX+6Y/31csogbPXnzsvAdQ2x0ORpMeZLnvhbSRfapicWEnWrmVHTcguxNTc34ROLE=
x-amz-request-id: 29B7ET22KYPXWQTJ
last-modified: Fri, 27 Jan 2023 21:42:05 GMT
etag: "57e420fb6a7c52d0c27d5548fef4de16"
x-amz-version-id: iCdpSHjuiF_zf7kNvVpWKcwVkVeojeJa
content-type: application/javascript
server: AmazonS3
access-control-allow-origin: *
cache-control: public, max-age=7200, stale-if-error=604800
content-encoding: gzip
accept-ranges: bytes
date: Mon, 06 Feb 2023 05:33:52 GMT
via: 1.1 varnish
x-served-by: cache-bma1644-BMA
x-cache: HIT
x-cache-hits: 516
x-timer: S1675661632.236034,VS0,VE0
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
content-length: 2233
X-Firefox-Spdy: h2
js-agent.newrelic.com/779.215647de-1223.js
200 OK 3.5 kB URL HTTP/2 js-agent.newrelic.com/779.215647de-1223.js
IP
File type ASCII text, with very long lines (8307), with no line terminators
Hash 411c3ac790a3a8f8f71906adf57df690
ceef347ad1356a868f3c371ffc84c205958aed6d
59a8f0bcbad548fd487a595f4a2c3642268a19437d80096f1f0e3a67301132ac
GET /779.215647de-1223.js HTTP/1.1
Host: js-agent.newrelic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://chaturbate.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: oJiVqgUxxXTGlb3WHfPODQ+0hnRNaK4Wu3C5q0qzLW1Wy1zUCv3lJDvZMbOZXlmpWlVHYmT68X8=
x-amz-request-id: 29B6GFQJDW5ETZPK
last-modified: Fri, 27 Jan 2023 21:42:05 GMT
etag: "1f9dc6167676d6db728e844d20a97ad5"
x-amz-version-id: d0hMUd3mWD9ItciiSIXCSy8OWToOTtsf
content-type: application/javascript
server: AmazonS3
access-control-allow-origin: *
cache-control: public, max-age=7200, stale-if-error=604800
content-encoding: gzip
accept-ranges: bytes
date: Mon, 06 Feb 2023 05:33:52 GMT
via: 1.1 varnish
x-served-by: cache-bma1644-BMA
x-cache: HIT
x-cache-hits: 1759
x-timer: S1675661632.238605,VS0,VE0
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
content-length: 3516
X-Firefox-Spdy: h2
js-agent.newrelic.com/823.215647de-1223.js
200 OK 1.4 kB URL HTTP/2 js-agent.newrelic.com/823.215647de-1223.js
IP
File type ASCII text, with very long lines (3147), with no line terminators
Hash 87de67cddb1db12fc7ee256669fcd9ba
5c882b5cc4bff34d8f4c603d6077f424b442a0df
42e88e7da2ca5f5fbd6fb461147d562a317c22508508c937cc57ad65c04e5986
GET /823.215647de-1223.js HTTP/1.1
Host: js-agent.newrelic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://chaturbate.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: 5Fb4P8xJczd5vSJcDjiJeEIdldSbkECuaWyErtMTeAtEHKfdyrVuRuzSrltAg1+Dqn5ZyguqAlc=
x-amz-request-id: 29B2ND18W5AQM0T8
last-modified: Fri, 27 Jan 2023 21:42:05 GMT
etag: "ce7762cf4b6665f79c15503dbccd6c68"
x-amz-version-id: W2tA0gkaWp6JlPnYeFhc2plzNBl_myPN
content-type: application/javascript
server: AmazonS3
access-control-allow-origin: *
cache-control: public, max-age=7200, stale-if-error=604800
content-encoding: gzip
accept-ranges: bytes
date: Mon, 06 Feb 2023 05:33:52 GMT
via: 1.1 varnish
x-served-by: cache-bma1644-BMA
x-cache: HIT
x-cache-hits: 1759
x-timer: S1675661632.238998,VS0,VE0
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
content-length: 1365
X-Firefox-Spdy: h2
js-agent.newrelic.com/325.215647de-1223.js
200 OK 1.2 kB URL HTTP/2 js-agent.newrelic.com/325.215647de-1223.js
IP
Hash f45e3e13180656fe977a1dd5856777e6
2bc4beed2613ffb5ab3942103c43722a6e7c4248
a40796c2fe09c3d70d2b355af2bbfbeb1ec6a460e7b59f9fda09c470c69814bf
GET /325.215647de-1223.js HTTP/1.1
Host: js-agent.newrelic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://chaturbate.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: y2K+rpeLF3Ym/3l6sNpa29RWC/g7TNS9+AlxD2Yrljl995Eo6bNRqMUpU5PNsi1SzBJybaX6onw=
x-amz-request-id: 5D6X5R0HEXVCYE0Y
last-modified: Fri, 27 Jan 2023 21:42:05 GMT
etag: "8bfb1318203f2143642fa7f2620e90b9"
x-amz-version-id: TZXfN40R6cv9QsF3fTfxRxppzwQ_LugL
content-type: application/javascript
server: AmazonS3
access-control-allow-origin: *
cache-control: public, max-age=7200, stale-if-error=604800
content-encoding: gzip
accept-ranges: bytes
date: Mon, 06 Feb 2023 05:33:52 GMT
via: 1.1 varnish
x-served-by: cache-bma1644-BMA
x-cache: HIT
x-cache-hits: 1742
x-timer: S1675661632.240429,VS0,VE0
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
content-length: 560
X-Firefox-Spdy: h2
rtbrennab.com/banner/in/show/?mid=5952119873585024446&pid=0&site=297596&sc=NO&usage_type=DCH&subid=494419493&sid=0&cid=0&price=0&is_cpm=0&cpm=0&ecpm=0&crid=&crtid=&tcid=0&out_id=&ver=&ver_c=&refdom=xfantazy.com&hostname=auc-banner-hz-4&site_id=0&spot_id=297596&utm_source=&utm_medium=&utm_campaign=&utm_content=&expiration_timestamp=0&created_at=0000-00-00&is_native=0&auction_queue=0&pop_winurl=&ip=91.90.42.154&testab=&px_id=0&adblock=0&auction_host=&mm=&yc=&render_type=&campaign_type=&uniq=&exp=&resp_type=default&iabcat=IAB25&min_cpm=0.0001&placement_type_id=&skin_test=&verify_hash=&score=0&ml=&tag_ab=a&v2=0&ttl=&space_id=1496&banner_width=300&banner_height=250&accel=0&gyr=0&iabcat=IAB25&url=https%3A%2F%2Fbtds.zog.link%2Fin%2F912%2F%3Fsid%3D297596%26source%3D494419493%26idzone%3D0%26w%3D300%26h%3D250%26mo%3D%26ve%3D%26site_id%3D297596%26utm1%3D%26utm2%3D%26utm3%3D%26utm4%3D%26ad_tags%3D%2C%26spot_id%3D297596%26p%3Dhttps%253A%252F%252Fxfantazy.com%252F%26katds_labels%3D%26btype%3D0%26score%3D0%26bf%3D0.0001&pr=xfantazy.com&bid_crid=&bid_cid=&is_iframe=1&ad_tags=,&stratagem=nlabel-a&ssp=3758&refresh=1
302 Found 0 B URL HTTP/2 rtbrennab.com/banner/in/show/?mid=5952119873585024446&pid=0&site=297596&sc=NO&usage_type=DCH&subid=494419493&sid=0&cid=0&price=0&is_cpm=0&cpm=0&ecpm=0&crid=&crtid=&tcid=0&out_id=&ver=&ver_c=&refdom=xfantazy.com&hostname=auc-banner-hz-4&site_id=0&spot_id=297596&utm_source=&utm_medium=&utm_campaign=&utm_content=&expiration_timestamp=0&created_at=0000-00-00&is_native=0&auction_queue=0&pop_winurl=&ip=91.90.42.154&testab=&px_id=0&adblock=0&auction_host=&mm=&yc=&render_type=&campaign_type=&uniq=&exp=&resp_type=default&iabcat=IAB25&min_cpm=0.0001&placement_type_id=&skin_test=&verify_hash=&score=0&ml=&tag_ab=a&v2=0&ttl=&space_id=1496&banner_width=300&banner_height=250&accel=0&gyr=0&iabcat=IAB25&url=https%3A%2F%2Fbtds.zog.link%2Fin%2F912%2F%3Fsid%3D297596%26source%3D494419493%26idzone%3D0%26w%3D300%26h%3D250%26mo%3D%26ve%3D%26site_id%3D297596%26utm1%3D%26utm2%3D%26utm3%3D%26utm4%3D%26ad_tags%3D%2C%26spot_id%3D297596%26p%3Dhttps%253A%252F%252Fxfantazy.com%252F%26katds_labels%3D%26btype%3D0%26score%3D0%26bf%3D0.0001&pr=xfantazy.com&bid_crid=&bid_cid=&is_iframe=1&ad_tags=,&stratagem=nlabel-a&ssp=3758&refresh=1
IP
ASN #24940 Hetzner Online GmbH
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /banner/in/show/?mid=5952119873585024446&pid=0&site=297596&sc=NO&usage_type=DCH&subid=494419493&sid=0&cid=0&price=0&is_cpm=0&cpm=0&ecpm=0&crid=&crtid=&tcid=0&out_id=&ver=&ver_c=&refdom=xfantazy.com&hostname=auc-banner-hz-4&site_id=0&spot_id=297596&utm_source=&utm_medium=&utm_campaign=&utm_content=&expiration_timestamp=0&created_at=0000-00-00&is_native=0&auction_queue=0&pop_winurl=&ip=91.90.42.154&testab=&px_id=0&adblock=0&auction_host=&mm=&yc=&render_type=&campaign_type=&uniq=&exp=&resp_type=default&iabcat=IAB25&min_cpm=0.0001&placement_type_id=&skin_test=&verify_hash=&score=0&ml=&tag_ab=a&v2=0&ttl=&space_id=1496&banner_width=300&banner_height=250&accel=0&gyr=0&iabcat=IAB25&url=https%3A%2F%2Fbtds.zog.link%2Fin%2F912%2F%3Fsid%3D297596%26source%3D494419493%26idzone%3D0%26w%3D300%26h%3D250%26mo%3D%26ve%3D%26site_id%3D297596%26utm1%3D%26utm2%3D%26utm3%3D%26utm4%3D%26ad_tags%3D%2C%26spot_id%3D297596%26p%3Dhttps%253A%252F%252Fxfantazy.com%252F%26katds_labels%3D%26btype%3D0%26score%3D0%26bf%3D0.0001&pr=xfantazy.com&bid_crid=&bid_cid=&is_iframe=1&ad_tags=,&stratagem=nlabel-a&ssp=3758&refresh=1 HTTP/1.1
Host: rtbrennab.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://8ffa747e3a.bc5ae89c44.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 302 Found
server: nginx/1.18.0
date: Mon, 06 Feb 2023 05:33:52 GMT
content-length: 0
vary: Origin
cache-control: no-transform, no-cache, no-store, must-revalidate
pragma: no-cache
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: *
location: https://btds.zog.link/in/912/?sid=297596&source=494419493&idzone=0&w=300&h=250&mo=&ve=&site_id=297596&utm1=&utm2=&utm3=&utm4=&ad_tags=,&spot_id=297596&p=https%3A%2F%2Fxfantazy.com%2F&katds_labels=&btype=0&score=0&bf=0.0001
X-Firefox-Spdy: h2
rtbrennab.com/banner/in/show/?mid=2715792624170746970&pid=0&site=297604&sc=NO&usage_type=DCH&subid=1650136102&sid=0&cid=0&price=0&is_cpm=0&cpm=0&ecpm=0&crid=&crtid=&tcid=0&out_id=&ver=&ver_c=&refdom=xfantazy.com&hostname=auc-banner-hz-7&site_id=0&spot_id=297604&utm_source=&utm_medium=&utm_campaign=&utm_content=&expiration_timestamp=0&created_at=0000-00-00&is_native=0&auction_queue=0&pop_winurl=&ip=91.90.42.154&testab=&px_id=0&adblock=0&auction_host=&mm=&yc=&render_type=&campaign_type=&uniq=&exp=&resp_type=default&iabcat=IAB25&min_cpm=0.0001&placement_type_id=&skin_test=&verify_hash=&score=0&ml=&tag_ab=b&v2=0&ttl=&space_id=1018&banner_width=900&banner_height=250&accel=0&gyr=0&iabcat=IAB25&url=https%3A%2F%2Fbtds.zog.link%2Fin%2F912%2F%3Fsid%3D297604%26source%3D1650136102%26idzone%3D0%26w%3D900%26h%3D250%26mo%3D%26ve%3D%26site_id%3D297604%26utm1%3D%26utm2%3D%26utm3%3D%26utm4%3D%26ad_tags%3D%2C%26spot_id%3D297604%26p%3Dhttps%253A%252F%252Fxfantazy.com%252F%26katds_labels%3D%26btype%3D0%26score%3D0%26bf%3D0.0001&pr=xfantazy.com&bid_crid=&bid_cid=&is_iframe=1&ad_tags=,&stratagem=nlabel-a&ssp=3758&refresh=1
302 Found 0 B URL HTTP/2 rtbrennab.com/banner/in/show/?mid=2715792624170746970&pid=0&site=297604&sc=NO&usage_type=DCH&subid=1650136102&sid=0&cid=0&price=0&is_cpm=0&cpm=0&ecpm=0&crid=&crtid=&tcid=0&out_id=&ver=&ver_c=&refdom=xfantazy.com&hostname=auc-banner-hz-7&site_id=0&spot_id=297604&utm_source=&utm_medium=&utm_campaign=&utm_content=&expiration_timestamp=0&created_at=0000-00-00&is_native=0&auction_queue=0&pop_winurl=&ip=91.90.42.154&testab=&px_id=0&adblock=0&auction_host=&mm=&yc=&render_type=&campaign_type=&uniq=&exp=&resp_type=default&iabcat=IAB25&min_cpm=0.0001&placement_type_id=&skin_test=&verify_hash=&score=0&ml=&tag_ab=b&v2=0&ttl=&space_id=1018&banner_width=900&banner_height=250&accel=0&gyr=0&iabcat=IAB25&url=https%3A%2F%2Fbtds.zog.link%2Fin%2F912%2F%3Fsid%3D297604%26source%3D1650136102%26idzone%3D0%26w%3D900%26h%3D250%26mo%3D%26ve%3D%26site_id%3D297604%26utm1%3D%26utm2%3D%26utm3%3D%26utm4%3D%26ad_tags%3D%2C%26spot_id%3D297604%26p%3Dhttps%253A%252F%252Fxfantazy.com%252F%26katds_labels%3D%26btype%3D0%26score%3D0%26bf%3D0.0001&pr=xfantazy.com&bid_crid=&bid_cid=&is_iframe=1&ad_tags=,&stratagem=nlabel-a&ssp=3758&refresh=1
IP
ASN #24940 Hetzner Online GmbH
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /banner/in/show/?mid=2715792624170746970&pid=0&site=297604&sc=NO&usage_type=DCH&subid=1650136102&sid=0&cid=0&price=0&is_cpm=0&cpm=0&ecpm=0&crid=&crtid=&tcid=0&out_id=&ver=&ver_c=&refdom=xfantazy.com&hostname=auc-banner-hz-7&site_id=0&spot_id=297604&utm_source=&utm_medium=&utm_campaign=&utm_content=&expiration_timestamp=0&created_at=0000-00-00&is_native=0&auction_queue=0&pop_winurl=&ip=91.90.42.154&testab=&px_id=0&adblock=0&auction_host=&mm=&yc=&render_type=&campaign_type=&uniq=&exp=&resp_type=default&iabcat=IAB25&min_cpm=0.0001&placement_type_id=&skin_test=&verify_hash=&score=0&ml=&tag_ab=b&v2=0&ttl=&space_id=1018&banner_width=900&banner_height=250&accel=0&gyr=0&iabcat=IAB25&url=https%3A%2F%2Fbtds.zog.link%2Fin%2F912%2F%3Fsid%3D297604%26source%3D1650136102%26idzone%3D0%26w%3D900%26h%3D250%26mo%3D%26ve%3D%26site_id%3D297604%26utm1%3D%26utm2%3D%26utm3%3D%26utm4%3D%26ad_tags%3D%2C%26spot_id%3D297604%26p%3Dhttps%253A%252F%252Fxfantazy.com%252F%26katds_labels%3D%26btype%3D0%26score%3D0%26bf%3D0.0001&pr=xfantazy.com&bid_crid=&bid_cid=&is_iframe=1&ad_tags=,&stratagem=nlabel-a&ssp=3758&refresh=1 HTTP/1.1
Host: rtbrennab.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://8ffa747e3a.bc5ae89c44.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 302 Found
server: nginx/1.18.0
date: Mon, 06 Feb 2023 05:33:52 GMT
content-length: 0
vary: Origin
cache-control: no-transform, no-cache, no-store, must-revalidate
pragma: no-cache
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: *
location: https://btds.zog.link/in/912/?sid=297604&source=1650136102&idzone=0&w=900&h=250&mo=&ve=&site_id=297604&utm1=&utm2=&utm3=&utm4=&ad_tags=,&spot_id=297604&p=https%3A%2F%2Fxfantazy.com%2F&katds_labels=&btype=0&score=0&bf=0.0001
X-Firefox-Spdy: h2
bam.nr-data.net/1/6f524845d1?a=24279235&v=1223.PROD&to=MwYEbUdYXxJQWhULDApMIExbWkUIXldOFgwRERUXQ1BUFkIDFQ0WFlA%3D&rst=969&ck=0&s=92449a797cde392d&ref=https://chaturbate.com/tours/3/&ap=24&be=566&fe=250&dc=177&perf=%7B%22timing%22:%7B%22of%22:1675661674905,%22n%22:0,%22r%22:0,%22re%22:223,%22f%22:223,%22dn%22:223,%22dne%22:223,%22c%22:223,%22s%22:223,%22ce%22:223,%22rq%22:229,%22rp%22:438,%22rpe%22:438,%22dl%22:516,%22di%22:728,%22ds%22:743,%22de%22:753,%22dc%22:812,%22l%22:812,%22le%22:835%7D,%22navigation%22:%7B%22rc%22:1%7D%7D&fcp=729&at=H0ETGw9CExRCXBM9CgBBXAkZG0QSVEsPAw4BQVwbamZQD15XPj1BSEEVUFJXRBFuXQAWBkZZVhUXenc%2BY1gYQFlGVF8MBAECV1UNWAMAAgIFCRh4Yy8TFUMhJTshCU0XAwZYHRsiJDwmDBJ8TU1DABMDQwQCCBADFVNYXRJUG01AEQECCmZcSRNbEwBQTFpUTVILGwgEVRMVQwMNCw05X1lYVhITA0NAT0YBA0pBZlYUVEoSPQoUQVwbDAgfWAEXVVBNVVZSGxkbUwRCTT4FFgEQFWZSXF5DCxsvLUFIQQ9JalpeFF9NExtBXkEodhcVEwhBZgINFgoXFEBqWl4PV1AFBw0HBkQDFwAIQx0bCBI8CgYSTlpLWkMLGwMOChxNBVZYGx1DWEk%2BDREDAghQT1hFCF5XQ1hBJg8PQRVqXg1ETQgNDRdBShtcSW4IQklDWEEmDw9BFWpeDURNCA0NF0FKG1xJbgBCV0NYVlRQVg0ZG1gRblgSDDwLEQEbDxtzDVhBQTEMCBYSUFpXQkFwakNOQQ0TOVpaV18EUk0IDQ07Fx9JUBsLQ3JYAw4GSyc1dRcVEwhBZhQRBhY8EkBFXBNbE0sEEQoABghNXFhdQx0bEwcSEQYVTWpJUBVZG1tATBAME0tGFgJOExVDFQ87CwlKQRsLQ1JRABYWFgEHTVAXUg5cG01AEA0XA2ZcXRNbABVDEQoQBjldWlRQCF8bW0AADAISTEdbUBVUFwINDkZPREtQSEQEQk0%2BCgwXF0QDF1pZAEVMEwACEAZIWlpUE00TWxMNFBcGFGZcXRNbE1oCWgdVBgUMGA4DVwcUVQEFBk4HXwcOHFIDX1dTWwIGAlpRXRNNE0sEBAYWBhQbDxtZFUVJElhMSwAHVEYXVhNQTQgRTEZPREtQSEQEQk0%2BDwYQCwldFwMTJnRtQ05BFBoSUVpXbhdUSxILDApBXBsGFwZDHRsUAzwABhBQVlxuB1BUCA4aRllEdkFRVBMTFUMXAjsHA09cWlQ%2BRUARB0FeQQJcRlJFDkEbTUAWBTwJSmpfUAxYVRhAWUY0D1dRVkYSExVDFwI7DBVmQ1xDElhWD0BZRlJWGxkbRABuWxMNFBcGFGZTWFwIXUBDWEEiChRcU1ZJQx0bFAM8BhEJTkZcQz5HXBMRCgsNRAMXCAFUHwlDTkERAjlKQUtYD1YbW0AuCxkPVVlYHlQfCUFKNA0NAlZCShEvZRlQUk1UWEZuXFcHVQoZGVRXX0MUTw8IAVQfCUhCJAEADVYaCwFQAQlQUlJEJQ9LUF9eGR4IUVdNVEFKG1JQRT5SVgwPChBBXBsBWARXUA9QBgFSW14bGRtBAENYDBFBXkEdZRdNXhRDZUNYQzhBHghnXW1DHRk9QAAFDhZYXF5fPRMDQT5BKgAnQGBlE00RZUMBP0ZZRmUXCm1DHRk9QBM4QVwZaRsBPRMVQT5BAwYIXVBLbUMLGT1ABThBShlpG1UIQlgDDgY7EAlMW11tQwsZPUBTOEEbG0hE&jsonp=NREUM.setToken
200 OK 49 B URL HTTP/1.1 bam.nr-data.net/1/6f524845d1?a=24279235&v=1223.PROD&to=MwYEbUdYXxJQWhULDApMIExbWkUIXldOFgwRERUXQ1BUFkIDFQ0WFlA%3D&rst=969&ck=0&s=92449a797cde392d&ref=https://chaturbate.com/tours/3/&ap=24&be=566&fe=250&dc=177&perf=%7B%22timing%22:%7B%22of%22:1675661674905,%22n%22:0,%22r%22:0,%22re%22:223,%22f%22:223,%22dn%22:223,%22dne%22:223,%22c%22:223,%22s%22:223,%22ce%22:223,%22rq%22:229,%22rp%22:438,%22rpe%22:438,%22dl%22:516,%22di%22:728,%22ds%22:743,%22de%22:753,%22dc%22:812,%22l%22:812,%22le%22:835%7D,%22navigation%22:%7B%22rc%22:1%7D%7D&fcp=729&at=H0ETGw9CExRCXBM9CgBBXAkZG0QSVEsPAw4BQVwbamZQD15XPj1BSEEVUFJXRBFuXQAWBkZZVhUXenc%2BY1gYQFlGVF8MBAECV1UNWAMAAgIFCRh4Yy8TFUMhJTshCU0XAwZYHRsiJDwmDBJ8TU1DABMDQwQCCBADFVNYXRJUG01AEQECCmZcSRNbEwBQTFpUTVILGwgEVRMVQwMNCw05X1lYVhITA0NAT0YBA0pBZlYUVEoSPQoUQVwbDAgfWAEXVVBNVVZSGxkbUwRCTT4FFgEQFWZSXF5DCxsvLUFIQQ9JalpeFF9NExtBXkEodhcVEwhBZgINFgoXFEBqWl4PV1AFBw0HBkQDFwAIQx0bCBI8CgYSTlpLWkMLGwMOChxNBVZYGx1DWEk%2BDREDAghQT1hFCF5XQ1hBJg8PQRVqXg1ETQgNDRdBShtcSW4IQklDWEEmDw9BFWpeDURNCA0NF0FKG1xJbgBCV0NYVlRQVg0ZG1gRblgSDDwLEQEbDxtzDVhBQTEMCBYSUFpXQkFwakNOQQ0TOVpaV18EUk0IDQ07Fx9JUBsLQ3JYAw4GSyc1dRcVEwhBZhQRBhY8EkBFXBNbE0sEEQoABghNXFhdQx0bEwcSEQYVTWpJUBVZG1tATBAME0tGFgJOExVDFQ87CwlKQRsLQ1JRABYWFgEHTVAXUg5cG01AEA0XA2ZcXRNbABVDEQoQBjldWlRQCF8bW0AADAISTEdbUBVUFwINDkZPREtQSEQEQk0%2BCgwXF0QDF1pZAEVMEwACEAZIWlpUE00TWxMNFBcGFGZcXRNbE1oCWgdVBgUMGA4DVwcUVQEFBk4HXwcOHFIDX1dTWwIGAlpRXRNNE0sEBAYWBhQbDxtZFUVJElhMSwAHVEYXVhNQTQgRTEZPREtQSEQEQk0%2BDwYQCwldFwMTJnRtQ05BFBoSUVpXbhdUSxILDApBXBsGFwZDHRsUAzwABhBQVlxuB1BUCA4aRllEdkFRVBMTFUMXAjsHA09cWlQ%2BRUARB0FeQQJcRlJFDkEbTUAWBTwJSmpfUAxYVRhAWUY0D1dRVkYSExVDFwI7DBVmQ1xDElhWD0BZRlJWGxkbRABuWxMNFBcGFGZTWFwIXUBDWEEiChRcU1ZJQx0bFAM8BhEJTkZcQz5HXBMRCgsNRAMXCAFUHwlDTkERAjlKQUtYD1YbW0AuCxkPVVlYHlQfCUFKNA0NAlZCShEvZRlQUk1UWEZuXFcHVQoZGVRXX0MUTw8IAVQfCUhCJAEADVYaCwFQAQlQUlJEJQ9LUF9eGR4IUVdNVEFKG1JQRT5SVgwPChBBXBsBWARXUA9QBgFSW14bGRtBAENYDBFBXkEdZRdNXhRDZUNYQzhBHghnXW1DHRk9QAAFDhZYXF5fPRMDQT5BKgAnQGBlE00RZUMBP0ZZRmUXCm1DHRk9QBM4QVwZaRsBPRMVQT5BAwYIXVBLbUMLGT1ABThBShlpG1UIQlgDDgY7EAlMW11tQwsZPUBTOEEbG0hE&jsonp=NREUM.setToken
IP
File type ASCII text, with no line terminators
Hash ada33e5b8877e743ff658bf4bfa1867c
5a78662243dac43c0ee48bcb7e05a536b84c2e38
dac715f087720dd7ff7067f5d2ec1988851fa93140ae8a9cbfaa15659dd7fd82
GET /1/6f524845d1?a=24279235&v=1223.PROD&to=MwYEbUdYXxJQWhULDApMIExbWkUIXldOFgwRERUXQ1BUFkIDFQ0WFlA%3D&rst=969&ck=0&s=92449a797cde392d&ref=https://chaturbate.com/tours/3/&ap=24&be=566&fe=250&dc=177&perf=%7B%22timing%22:%7B%22of%22:1675661674905,%22n%22:0,%22r%22:0,%22re%22:223,%22f%22:223,%22dn%22:223,%22dne%22:223,%22c%22:223,%22s%22:223,%22ce%22:223,%22rq%22:229,%22rp%22:438,%22rpe%22:438,%22dl%22:516,%22di%22:728,%22ds%22:743,%22de%22:753,%22dc%22:812,%22l%22:812,%22le%22:835%7D,%22navigation%22:%7B%22rc%22:1%7D%7D&fcp=729&at=H0ETGw9CExRCXBM9CgBBXAkZG0QSVEsPAw4BQVwbamZQD15XPj1BSEEVUFJXRBFuXQAWBkZZVhUXenc%2BY1gYQFlGVF8MBAECV1UNWAMAAgIFCRh4Yy8TFUMhJTshCU0XAwZYHRsiJDwmDBJ8TU1DABMDQwQCCBADFVNYXRJUG01AEQECCmZcSRNbEwBQTFpUTVILGwgEVRMVQwMNCw05X1lYVhITA0NAT0YBA0pBZlYUVEoSPQoUQVwbDAgfWAEXVVBNVVZSGxkbUwRCTT4FFgEQFWZSXF5DCxsvLUFIQQ9JalpeFF9NExtBXkEodhcVEwhBZgINFgoXFEBqWl4PV1AFBw0HBkQDFwAIQx0bCBI8CgYSTlpLWkMLGwMOChxNBVZYGx1DWEk%2BDREDAghQT1hFCF5XQ1hBJg8PQRVqXg1ETQgNDRdBShtcSW4IQklDWEEmDw9BFWpeDURNCA0NF0FKG1xJbgBCV0NYVlRQVg0ZG1gRblgSDDwLEQEbDxtzDVhBQTEMCBYSUFpXQkFwakNOQQ0TOVpaV18EUk0IDQ07Fx9JUBsLQ3JYAw4GSyc1dRcVEwhBZhQRBhY8EkBFXBNbE0sEEQoABghNXFhdQx0bEwcSEQYVTWpJUBVZG1tATBAME0tGFgJOExVDFQ87CwlKQRsLQ1JRABYWFgEHTVAXUg5cG01AEA0XA2ZcXRNbABVDEQoQBjldWlRQCF8bW0AADAISTEdbUBVUFwINDkZPREtQSEQEQk0%2BCgwXF0QDF1pZAEVMEwACEAZIWlpUE00TWxMNFBcGFGZcXRNbE1oCWgdVBgUMGA4DVwcUVQEFBk4HXwcOHFIDX1dTWwIGAlpRXRNNE0sEBAYWBhQbDxtZFUVJElhMSwAHVEYXVhNQTQgRTEZPREtQSEQEQk0%2BDwYQCwldFwMTJnRtQ05BFBoSUVpXbhdUSxILDApBXBsGFwZDHRsUAzwABhBQVlxuB1BUCA4aRllEdkFRVBMTFUMXAjsHA09cWlQ%2BRUARB0FeQQJcRlJFDkEbTUAWBTwJSmpfUAxYVRhAWUY0D1dRVkYSExVDFwI7DBVmQ1xDElhWD0BZRlJWGxkbRABuWxMNFBcGFGZTWFwIXUBDWEEiChRcU1ZJQx0bFAM8BhEJTkZcQz5HXBMRCgsNRAMXCAFUHwlDTkERAjlKQUtYD1YbW0AuCxkPVVlYHlQfCUFKNA0NAlZCShEvZRlQUk1UWEZuXFcHVQoZGVRXX0MUTw8IAVQfCUhCJAEADVYaCwFQAQlQUlJEJQ9LUF9eGR4IUVdNVEFKG1JQRT5SVgwPChBBXBsBWARXUA9QBgFSW14bGRtBAENYDBFBXkEdZRdNXhRDZUNYQzhBHghnXW1DHRk9QAAFDhZYXF5fPRMDQT5BKgAnQGBlE00RZUMBP0ZZRmUXCm1DHRk9QBM4QVwZaRsBPRMVQT5BAwYIXVBLbUMLGT1ABThBShlpG1UIQlgDDgY7EAlMW11tQwsZPUBTOEEbG0hE&jsonp=NREUM.setToken HTTP/1.1
Host: bam.nr-data.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://chaturbate.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Connection: keep-alive
Content-Length: 49
content-type: text/javascript
access-control-allow-methods: GET, POST, PUT, HEAD, OPTIONS
access-control-allow-credentials: true
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
x-timer: S1675661632.370983,VS0,VE103
accept-ranges: bytes
date: Mon, 06 Feb 2023 05:33:52 GMT
via: 1.1 varnish
x-served-by: cache-bma1625-BMA
x-cache: MISS
x-cache-hits: 0
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash b400c2c20802db300f72333da4ffa8aa
935b74452ae52ed54ca87df749586b6a667eca4d
6224e48de708a4119b097cebca9656f6d91527aa84f8c5eef00b6210696c2d5a
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "6224E48DE708A4119B097CEBCA9656F6D91527AA84F8C5EEF00B6210696C2D5A"
Last-Modified: Fri, 03 Feb 2023 16:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9531
Expires: Mon, 06 Feb 2023 08:12:43 GMT
Date: Mon, 06 Feb 2023 05:33:52 GMT
Connection: keep-alive
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash b400c2c20802db300f72333da4ffa8aa
935b74452ae52ed54ca87df749586b6a667eca4d
6224e48de708a4119b097cebca9656f6d91527aa84f8c5eef00b6210696c2d5a
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "6224E48DE708A4119B097CEBCA9656F6D91527AA84F8C5EEF00B6210696C2D5A"
Last-Modified: Fri, 03 Feb 2023 16:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9531
Expires: Mon, 06 Feb 2023 08:12:43 GMT
Date: Mon, 06 Feb 2023 05:33:52 GMT
Connection: keep-alive
btds.zog.link/in/912/?sid=297604&source=1650136102&idzone=0&w=900&h=250&mo=&ve=&site_id=297604&utm1=&utm2=&utm3=&utm4=&ad_tags=,&spot_id=297604&p=https%3A%2F%2Fxfantazy.com%2F&katds_labels=&btype=0&score=0&bf=0.0001
302 Found 0 B URL HTTP/2 btds.zog.link/in/912/?sid=297604&source=1650136102&idzone=0&w=900&h=250&mo=&ve=&site_id=297604&utm1=&utm2=&utm3=&utm4=&ad_tags=,&spot_id=297604&p=https%3A%2F%2Fxfantazy.com%2F&katds_labels=&btype=0&score=0&bf=0.0001
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /in/912/?sid=297604&source=1650136102&idzone=0&w=900&h=250&mo=&ve=&site_id=297604&utm1=&utm2=&utm3=&utm4=&ad_tags=,&spot_id=297604&p=https%3A%2F%2Fxfantazy.com%2F&katds_labels=&btype=0&score=0&bf=0.0001 HTTP/1.1
Host: btds.zog.link
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://8ffa747e3a.bc5ae89c44.com/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
server: nginx/1.20.1
date: Mon, 06 Feb 2023 05:33:52 GMT
content-type: text/html; charset=UTF-8
content-length: 0
location: https://tsyndicate.com/iframes2/00394b71264946e5bf58746cefe5435f.html?subid=1650136102&categories=,
pragma: no-cache
vary: *
cache-control: no-cache, no-store, must-revalidate
set-cookie: 912.0=1; expires=Tue, 07 Feb 2023 05:33:52 GMT; path=/; secure; SameSite=None
X-Firefox-Spdy: h2
btds.zog.link/in/912/?sid=297596&source=494419493&idzone=0&w=300&h=250&mo=&ve=&site_id=297596&utm1=&utm2=&utm3=&utm4=&ad_tags=,&spot_id=297596&p=https%3A%2F%2Fxfantazy.com%2F&katds_labels=&btype=0&score=0&bf=0.0001
302 Found 0 B URL HTTP/2 btds.zog.link/in/912/?sid=297596&source=494419493&idzone=0&w=300&h=250&mo=&ve=&site_id=297596&utm1=&utm2=&utm3=&utm4=&ad_tags=,&spot_id=297596&p=https%3A%2F%2Fxfantazy.com%2F&katds_labels=&btype=0&score=0&bf=0.0001
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /in/912/?sid=297596&source=494419493&idzone=0&w=300&h=250&mo=&ve=&site_id=297596&utm1=&utm2=&utm3=&utm4=&ad_tags=,&spot_id=297596&p=https%3A%2F%2Fxfantazy.com%2F&katds_labels=&btype=0&score=0&bf=0.0001 HTTP/1.1
Host: btds.zog.link
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://8ffa747e3a.bc5ae89c44.com/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
server: nginx/1.20.1
date: Mon, 06 Feb 2023 05:33:52 GMT
content-type: text/html; charset=UTF-8
content-length: 0
location: https://tsyndicate.com/iframes2/00394b71264946e5bf58746cefe5435f.html?subid=494419493&categories=,
pragma: no-cache
vary: *
cache-control: no-cache, no-store, must-revalidate
set-cookie: 912.0=1; expires=Tue, 07 Feb 2023 05:33:52 GMT; path=/; secure; SameSite=None
X-Firefox-Spdy: h2
bam.nr-data.net/events/1/6f524845d1?a=24279235&v=1223.PROD&to=MwYEbUdYXxJQWhULDApMIExbWkUIXldOFgwRERUXQ1BUFkIDFQ0WFlA%3D&rst=1156&ck=0&s=92449a797cde392d&ref=https://chaturbate.com/tours/3/
200 OK 24 B URL HTTP/1.1 bam.nr-data.net/events/1/6f524845d1?a=24279235&v=1223.PROD&to=MwYEbUdYXxJQWhULDApMIExbWkUIXldOFgwRERUXQ1BUFkIDFQ0WFlA%3D&rst=1156&ck=0&s=92449a797cde392d&ref=https://chaturbate.com/tours/3/
IP
File type GIF image data, version 89a, 1 x 1\012- data
Hash bc32ed98d624acb4008f986349a20d26
2d3df8c11d2168ce2c27e0937421d11d85016361
0c9cf152a0ad00d4f102c93c613c104914be5517ac8f8e0831727f8bfbe8b300
POST /events/1/6f524845d1?a=24279235&v=1223.PROD&to=MwYEbUdYXxJQWhULDApMIExbWkUIXldOFgwRERUXQ1BUFkIDFQ0WFlA%3D&rst=1156&ck=0&s=92449a797cde392d&ref=https://chaturbate.com/tours/3/ HTTP/1.1
Host: bam.nr-data.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://chaturbate.com/
content-type: text/plain
Content-Length: 1680
Origin: https://chaturbate.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Connection: keep-alive
Content-Length: 24
content-type: image/gif
access-control-allow-methods: GET, POST, PUT, HEAD, OPTIONS
access-control-allow-credentials: true
access-control-allow-origin: https://chaturbate.com
x-timer: S1675661633.507650,VS0,VE102
accept-ranges: bytes
date: Mon, 06 Feb 2023 05:33:52 GMT
via: 1.1 varnish
x-served-by: cache-bma1625-BMA
x-cache: MISS
x-cache-hits: 0
btds.zog.link/in/va?spot_id=297596&view=1&tag_ab=a
200 OK 2 B URL HTTP/2 btds.zog.link/in/va?spot_id=297596&view=1&tag_ab=a
IP
File type JSON data\012- , ASCII text, with no line terminators
Hash 99914b932bd37a50b983c5e7c90ae93b
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
GET /in/va?spot_id=297596&view=1&tag_ab=a HTTP/1.1
Host: btds.zog.link
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://a.naturalhealthsource.club
Connection: keep-alive
Referer: https://a.naturalhealthsource.club/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx/1.20.1
date: Mon, 06 Feb 2023 05:33:52 GMT
content-type: application/json
content-length: 2
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
access-control-allow-origin: *
set-cookie: 1840.0=1; expires=Tue, 07 Feb 2023 05:33:52 GMT; path=/; secure; SameSite=None
X-Firefox-Spdy: h2
btds.zog.link/in/va?spot_id=297604&view=1&tag_ab=b
200 OK 2 B URL HTTP/2 btds.zog.link/in/va?spot_id=297604&view=1&tag_ab=b
IP
File type JSON data\012- , ASCII text, with no line terminators
Hash 99914b932bd37a50b983c5e7c90ae93b
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
GET /in/va?spot_id=297604&view=1&tag_ab=b HTTP/1.1
Host: btds.zog.link
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://a.naturalhealthsource.club
Connection: keep-alive
Referer: https://a.naturalhealthsource.club/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx/1.20.1
date: Mon, 06 Feb 2023 05:33:52 GMT
content-type: application/json
content-length: 2
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
access-control-allow-origin: *
set-cookie: 1840.0=1; expires=Tue, 07 Feb 2023 05:33:52 GMT; path=/; secure; SameSite=None
X-Firefox-Spdy: h2
tsyndicate.com/iframes2/00394b71264946e5bf58746cefe5435f.html?subid=494419493&categories=,
200 OK 6.5 kB URL HTTP/2 tsyndicate.com/iframes2/00394b71264946e5bf58746cefe5435f.html?subid=494419493&categories=,
IP
ASN #24940 Hetzner Online GmbH
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (4633)
Hash f23c26ee54bdf3cff16ca8407d1d0665
0aea2b5ec8fa2a256b88324f7649053ce1c46bd8
e3e73767222b1e537144508284d5d45b4093146b37f67a71c2cc0925b18e254b
GET /iframes2/00394b71264946e5bf58746cefe5435f.html?subid=494419493&categories=, HTTP/1.1
Host: tsyndicate.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://8ffa747e3a.bc5ae89c44.com/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Mon, 06 Feb 2023 05:33:52 GMT
content-type: text/html; charset=utf-8
pragma: no-cache
expires: 0
vary: Accept-Encoding, *
x-api-version: 2
link: <https://lcdn.tsyndicate.com/sdk/v1/b.b.js>; rel=preload; as=script
x-request-id: cfaac2b5256988be
set-cookie: ts_uid=8a324a40-8e39-49e2-807d-aa9025516ac9; expires=Sun, 06 Aug 2023 05:33:52 GMT; domain=.tsyndicate.com; path=/; HttpOnly; secure; SameSite=None
bfq=APeIECNCx5YZMmjYiBHDRhcWIsYU3BLjoYgyExveqHGDBg4YCLv0URAQ; expires=Tue, 07 Feb 2023 05:33:52 GMT; domain=.tsyndicate.com; path=/; secure; SameSite=None
cache-control: no-cache, no-store, no-transform, must-revalidate, no-transform
x-robots-tag: none, noindex, nofollow
report-to: { "url": "https://pxl.tsyndicate.com/api/v1/heavy-ad/report", "max_age": 86401 }
content-encoding: gzip
X-Firefox-Spdy: h2
lcdn.tsyndicate.com/images/c/c/663b449f41776fc6fe9f8b52ff94eca1de38f4/main.jpg
200 OK 10 kB URL HTTP/2 lcdn.tsyndicate.com/images/c/c/663b449f41776fc6fe9f8b52ff94eca1de38f4/main.jpg
IP
File type JPEG image data, baseline, precision 8, 300x250, components 3\012- data
Hash 9a9084e691c6e0194f2ad908d5c6419e
1cfe23e238f7e4d8b36c8c00b99183633327404b
92120ef7a6905e058fc7c6805bcc8b4c9ef3552d717e3031d4066cf48753bb13
GET /images/c/c/663b449f41776fc6fe9f8b52ff94eca1de38f4/main.jpg HTTP/1.1
Host: lcdn.tsyndicate.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://tsyndicate.com/
Cookie: ts_uid=8a324a40-8e39-49e2-807d-aa9025516ac9; bfq=APeIECNCx5YZMmjYiBHDRhcWIsYU3BLjoYgyExveqHGDBg4YCLv0URAQ
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 200 OK
date: Mon, 06 Feb 2023 05:33:52 GMT
content-type: image/jpeg
content-length: 9979
last-modified: Wed, 01 Feb 2023 08:00:37 GMT
server: nginx
x-robots-tag: noindex, nofollow
content-encoding: gzip
vary: Accept-Encoding
etag: W/"63da1c25-2803"
age: 423015
accept-ranges: bytes
X-Firefox-Spdy: h2
lcdn.tsyndicate.com/sdk/v1/b.b.js
304 Not Modified 0 B URL HTTP/2 lcdn.tsyndicate.com/sdk/v1/b.b.js
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /sdk/v1/b.b.js HTTP/1.1
Host: lcdn.tsyndicate.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://tsyndicate.com/
Cookie: ts_uid=4fd9e6bd-aa96-4c67-b8b9-63267e7f8907; bfq=APeIECNCx5YZMmjYiBHDRhcWIsYU3BLjoYgyExveqHGDBg4YCLv0URAQ
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
If-Modified-Since: Tue, 22 Feb 2022 13:07:15 GMT
If-None-Match: W/"6214e003-1eb1"
TE: trailers
HTTP/2 304 Not Modified
date: Mon, 06 Feb 2023 05:33:52 GMT
last-modified: Tue, 22 Feb 2022 13:07:15 GMT
server: nginx
x-robots-tag: noindex, nofollow
vary: Accept-Encoding
etag: W/"6214e003-1eb1"
age: 28927369
X-Firefox-Spdy: h2
tsyndicate.com/iframes2/00394b71264946e5bf58746cefe5435f.html?subid=1650136102&categories=,
200 OK 3.3 kB URL HTTP/2 tsyndicate.com/iframes2/00394b71264946e5bf58746cefe5435f.html?subid=1650136102&categories=,
IP
ASN #24940 Hetzner Online GmbH
Hash e19ea8de959505b06f1132fffe8abc9b
3187b1cf88266988ef6872b381d39320130bb121
e33868144ea1b407e42f10181155dccc706b8359eda98814851c4efe24a4b585
GET /iframes2/00394b71264946e5bf58746cefe5435f.html?subid=1650136102&categories=, HTTP/1.1
Host: tsyndicate.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://8ffa747e3a.bc5ae89c44.com/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Mon, 06 Feb 2023 05:33:52 GMT
content-type: text/html; charset=utf-8
pragma: no-cache
expires: 0
vary: Accept-Encoding, *
x-api-version: 2
link: <https://lcdn.tsyndicate.com/sdk/v1/b.b.js>; rel=preload; as=script
x-request-id: ad8ec8e92a86dd11
set-cookie: ts_uid=4fd9e6bd-aa96-4c67-b8b9-63267e7f8907; expires=Sun, 06 Aug 2023 05:33:52 GMT; domain=.tsyndicate.com; path=/; HttpOnly; secure; SameSite=None
cache-control: no-cache, no-store, no-transform, must-revalidate, no-transform
x-robots-tag: none, noindex, nofollow
report-to: { "url": "https://pxl.tsyndicate.com/api/v1/heavy-ad/report", "max_age": 86401 }
content-encoding: gzip
X-Firefox-Spdy: h2
pxl.tsyndicate.com/api/v1/p/p.js?p=APeIQFMmDJkycuaI0BGjBgsRYcbQWRjjIZ0zCyHOmCFGhhgxMFrYMDMjRwsaM2zUaJEjxg0zLcbcIDMDhhgcNUiGwSHi4Rwxacgo1LFFRAyVMGKkjAFDhoguD8ewSbPwBo4ZD8PUGZOxTA0YNca4NBnGhhgaJ2nUINMCRw4aNlrUrFFmRgwyN46GcfoQKJmMMWTQgAGjJ0QydhbKqLHRxkM4dcRQlJHjRlY4cCjGyJEDq4g5cCbqmHHDhtIbMrKSMUPxYRs3GBneIOxYBJzXsWPQiBEDx8M6MTKioUMHzhwdL14YnOOCjpyIa9LAdh7GjJk3Lsa8afNijJyCdNLYKTPnxZoYcfLIwGHjDJ42ZGqcmUEGjpySN9zcqWHnxdEaN-SVAw5K0bBeCzLAIEQRVHxhRBoJ0fFFTTDgsRgMXzjxhAtnpMHaQ2RslxEO1oVxAw031BWGC2KMUUMYZbg1Bg00ZCdiVGGItoVdUNkmB1c6wOACYTLc4JAIYrAW5JBgRXXbF_YBKYMLMhR5pBx2ZMZQDg-VMcZtirlg5G91UKWDCDSYQUYOZZjFVhhh5BAXDWPYcEMLN4lhkg0zyGBnGS-5BcMNhqWhpQgtuZCDkAa60BANhsnxhaEZJbqoC40-algdYWTUxBt6pMEGG2G8UMOQIKBwhXQh3jEHCE5QAQJTQ-4Awqpu2ECDrXjoaiuWDIE1ZAogHOHlGm-8kCBTSSUFwoPfXYeHf8IWFhWQImho2BuSjoGttg-xgW0RThh2kB1ffMcGRQBalRIOhD0kxxluKFYDDpaJcO4XYsixEA6-6VsGum288ZcO65kGohxvLOTZG0PR8BjDeOSxkMQiRCscccYh9wKJZpiIooosugijjDTayJ1hc2CZEcN05MhtC3W4kQYdLQzqAhli8aUvtgd9wXNghtHRBkV21mCDaXymJoLRTjGU9NJH9UlgvgalSx4cX-SItJFUN52VGKIJHHIdbEz0mLgLwRBVbDD0oUBA&s=7c1d1f2f65f85176d6376c6da66bb4dd9c560e828d6a591bac58a374693b99e21675661632&w=t&r=1&d=1&priv=false
200 OK 24 B URL HTTP/2 pxl.tsyndicate.com/api/v1/p/p.js?p=APeIQFMmDJkycuaI0BGjBgsRYcbQWRjjIZ0zCyHOmCFGhhgxMFrYMDMjRwsaM2zUaJEjxg0zLcbcIDMDhhgcNUiGwSHi4Rwxacgo1LFFRAyVMGKkjAFDhoguD8ewSbPwBo4ZD8PUGZOxTA0YNca4NBnGhhgaJ2nUINMCRw4aNlrUrFFmRgwyN46GcfoQKJmMMWTQgAGjJ0QydhbKqLHRxkM4dcRQlJHjRlY4cCjGyJEDq4g5cCbqmHHDhtIbMrKSMUPxYRs3GBneIOxYBJzXsWPQiBEDx8M6MTKioUMHzhwdL14YnOOCjpyIa9LAdh7GjJk3Lsa8afNijJyCdNLYKTPnxZoYcfLIwGHjDJ42ZGqcmUEGjpySN9zcqWHnxdEaN-SVAw5K0bBeCzLAIEQRVHxhRBoJ0fFFTTDgsRgMXzjxhAtnpMHaQ2RslxEO1oVxAw031BWGC2KMUUMYZbg1Bg00ZCdiVGGItoVdUNkmB1c6wOACYTLc4JAIYrAW5JBgRXXbF_YBKYMLMhR5pBx2ZMZQDg-VMcZtirlg5G91UKWDCDSYQUYOZZjFVhhh5BAXDWPYcEMLN4lhkg0zyGBnGS-5BcMNhqWhpQgtuZCDkAa60BANhsnxhaEZJbqoC40-algdYWTUxBt6pMEGG2G8UMOQIKBwhXQh3jEHCE5QAQJTQ-4Awqpu2ECDrXjoaiuWDIE1ZAogHOHlGm-8kCBTSSUFwoPfXYeHf8IWFhWQImho2BuSjoGttg-xgW0RThh2kB1ffMcGRQBalRIOhD0kxxluKFYDDpaJcO4XYsixEA6-6VsGum288ZcO65kGohxvLOTZG0PR8BjDeOSxkMQiRCscccYh9wKJZpiIooosugijjDTayJ1hc2CZEcN05MhtC3W4kQYdLQzqAhli8aUvtgd9wXNghtHRBkV21mCDaXymJoLRTjGU9NJH9UlgvgalSx4cX-SItJFUN52VGKIJHHIdbEz0mLgLwRBVbDD0oUBA&s=7c1d1f2f65f85176d6376c6da66bb4dd9c560e828d6a591bac58a374693b99e21675661632&w=t&r=1&d=1&priv=false
IP
ASN #24940 Hetzner Online GmbH
File type ASCII text, with no line terminators
Hash 0959ba36d476b6dc1994ba3c678b07c4
d30b94da72daa02766965206a85b7e0356375f5e
897410b87e27e3dfba3a7d6caab315a5e69cc941bb96d91fc74878a9b051843a
GET /api/v1/p/p.js?p=APeIQFMmDJkycuaI0BGjBgsRYcbQWRjjIZ0zCyHOmCFGhhgxMFrYMDMjRwsaM2zUaJEjxg0zLcbcIDMDhhgcNUiGwSHi4Rwxacgo1LFFRAyVMGKkjAFDhoguD8ewSbPwBo4ZD8PUGZOxTA0YNca4NBnGhhgaJ2nUINMCRw4aNlrUrFFmRgwyN46GcfoQKJmMMWTQgAGjJ0QydhbKqLHRxkM4dcRQlJHjRlY4cCjGyJEDq4g5cCbqmHHDhtIbMrKSMUPxYRs3GBneIOxYBJzXsWPQiBEDx8M6MTKioUMHzhwdL14YnOOCjpyIa9LAdh7GjJk3Lsa8afNijJyCdNLYKTPnxZoYcfLIwGHjDJ42ZGqcmUEGjpySN9zcqWHnxdEaN-SVAw5K0bBeCzLAIEQRVHxhRBoJ0fFFTTDgsRgMXzjxhAtnpMHaQ2RslxEO1oVxAw031BWGC2KMUUMYZbg1Bg00ZCdiVGGItoVdUNkmB1c6wOACYTLc4JAIYrAW5JBgRXXbF_YBKYMLMhR5pBx2ZMZQDg-VMcZtirlg5G91UKWDCDSYQUYOZZjFVhhh5BAXDWPYcEMLN4lhkg0zyGBnGS-5BcMNhqWhpQgtuZCDkAa60BANhsnxhaEZJbqoC40-algdYWTUxBt6pMEGG2G8UMOQIKBwhXQh3jEHCE5QAQJTQ-4Awqpu2ECDrXjoaiuWDIE1ZAogHOHlGm-8kCBTSSUFwoPfXYeHf8IWFhWQImho2BuSjoGttg-xgW0RThh2kB1ffMcGRQBalRIOhD0kxxluKFYDDpaJcO4XYsixEA6-6VsGum288ZcO65kGohxvLOTZG0PR8BjDeOSxkMQiRCscccYh9wKJZpiIooosugijjDTayJ1hc2CZEcN05MhtC3W4kQYdLQzqAhli8aUvtgd9wXNghtHRBkV21mCDaXymJoLRTjGU9NJH9UlgvgalSx4cX-SItJFUN52VGKIJHHIdbEz0mLgLwRBVbDD0oUBA&s=7c1d1f2f65f85176d6376c6da66bb4dd9c560e828d6a591bac58a374693b99e21675661632&w=t&r=1&d=1&priv=false HTTP/1.1
Host: pxl.tsyndicate.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://tsyndicate.com/
Cookie: ts_uid=4fd9e6bd-aa96-4c67-b8b9-63267e7f8907; bfq=APeIECNCx5YZMmjYiBHDRhcWIsYU3BLjoYgyExveqHGDBg4YCLv0URAQ
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Mon, 06 Feb 2023 05:33:52 GMT
content-type: text/plain; charset=utf-8
content-length: 24
x-robots-tag: noindex, nofollow
X-Firefox-Spdy: h2
ocsp.sectigo.com/
200 OK 471 B IP
Hash 50f52293e1b9386e2617ce890b226aa0
dfd88d17dfcc3fe0877f0eaa1dfa368625985b6a
3b2aef917a90a806f8ba3eb16a82beec567f146a22b1f2a1ae04d6e08cb2d202
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Mon, 06 Feb 2023 05:33:53 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Sat, 04 Feb 2023 18:28:18 GMT
Expires: Sat, 11 Feb 2023 18:28:17 GMT
Etag: "dfd88d17dfcc3fe0877f0eaa1dfa368625985b6a"
Cache-Control: max-age=477863,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb2
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 7951837629a80b51-OSL
ads.trackingtraffo.com/creatives/k1qy286gxmd5g3dpr397nw5v/1657719813428-20BET_First_300x250_NO.gif
200 OK 72 kB URL HTTP/1.1 ads.trackingtraffo.com/creatives/k1qy286gxmd5g3dpr397nw5v/1657719813428-20BET_First_300x250_NO.gif
IP
ASN #24940 Hetzner Online GmbH
File type GIF image data, version 89a, 300 x 250\012- data
Hash 65b724494cf4b18678dcb8c017fb551d
6111cfeae10d3ad110a38e21336890f6be2a6ace
614636de086b9b380dc1cf45be301822b00f5fac32a0cdc99519d5b7a2da25c7
GET /creatives/k1qy286gxmd5g3dpr397nw5v/1657719813428-20BET_First_300x250_NO.gif HTTP/1.1
Host: ads.trackingtraffo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://tsyndicate.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.18.0 (Ubuntu)
Date: Mon, 06 Feb 2023 05:33:53 GMT
Content-Type: image/gif
Content-Length: 71915
Last-Modified: Wed, 18 Jan 2023 15:38:33 GMT
Connection: keep-alive
ETag: "63c81279-118eb"
Accept-Ranges: bytes
track.trackingtraffo.com/banner/imp?auth=dxxpue&price=2.750000&c=hxNWFcq7df6Zl0c83_yZPZsE20eATTHDIQ3AcnHBSQZsWa0dKl-UmnXh7Zxeu-8SnWGTi8BmzNmpfioQYXSke5KywHXb8f0itG5hbqhSHdyXz04Iol_wCkVPuB2hR_57fJoDk4Wm4DtolOSvqXnEvxDnQ9g3vDKbc4hGZwfnLQpwO7AxSUZicYx0MTsFLeR9yVrKL9S4BRmIdxvRlU0CzaKxpGiLNIvNGz8g8KLgLZVA8bLiEUX_U3sRY3U5jIEEdWP_sOrmKrkDBfcTIUbDckpbUNmkemuWKYrJVKm4h5bTY6QZifqX6XyC_c5UiRHWaQQqT_2lSmp1Ar0m3mbNHWnmcYXe-NjuUPtdClQxhfWL5AnJ_F3bKLqOAMYp3bpAb_lex9fcJexSd0yE8dgNPA
200 OK 70 B URL HTTP/1.1 track.trackingtraffo.com/banner/imp?auth=dxxpue&price=2.750000&c=hxNWFcq7df6Zl0c83_yZPZsE20eATTHDIQ3AcnHBSQZsWa0dKl-UmnXh7Zxeu-8SnWGTi8BmzNmpfioQYXSke5KywHXb8f0itG5hbqhSHdyXz04Iol_wCkVPuB2hR_57fJoDk4Wm4DtolOSvqXnEvxDnQ9g3vDKbc4hGZwfnLQpwO7AxSUZicYx0MTsFLeR9yVrKL9S4BRmIdxvRlU0CzaKxpGiLNIvNGz8g8KLgLZVA8bLiEUX_U3sRY3U5jIEEdWP_sOrmKrkDBfcTIUbDckpbUNmkemuWKYrJVKm4h5bTY6QZifqX6XyC_c5UiRHWaQQqT_2lSmp1Ar0m3mbNHWnmcYXe-NjuUPtdClQxhfWL5AnJ_F3bKLqOAMYp3bpAb_lex9fcJexSd0yE8dgNPA
IP
File type PNG image data, 1 x 1, 8-bit/color RGBA, non-interlaced\012- data
Hash b357a19c87624c7c4d131aeeb4ae677f
c7a9c45fd419815a5ab1998503a9f03514c0e229
497790947d4666760ce38f3c00e852c71fdb66cae849bae8e9ede352719e1581
GET /banner/imp?auth=dxxpue&price=2.750000&c=hxNWFcq7df6Zl0c83_yZPZsE20eATTHDIQ3AcnHBSQZsWa0dKl-UmnXh7Zxeu-8SnWGTi8BmzNmpfioQYXSke5KywHXb8f0itG5hbqhSHdyXz04Iol_wCkVPuB2hR_57fJoDk4Wm4DtolOSvqXnEvxDnQ9g3vDKbc4hGZwfnLQpwO7AxSUZicYx0MTsFLeR9yVrKL9S4BRmIdxvRlU0CzaKxpGiLNIvNGz8g8KLgLZVA8bLiEUX_U3sRY3U5jIEEdWP_sOrmKrkDBfcTIUbDckpbUNmkemuWKYrJVKm4h5bTY6QZifqX6XyC_c5UiRHWaQQqT_2lSmp1Ar0m3mbNHWnmcYXe-NjuUPtdClQxhfWL5AnJ_F3bKLqOAMYp3bpAb_lex9fcJexSd0yE8dgNPA HTTP/1.1
Host: track.trackingtraffo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://tsyndicate.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.18.0 (Ubuntu)
Date: Mon, 06 Feb 2023 05:33:53 GMT
Content-Type: image/png
Content-Length: 70
Connection: keep-alive
Cache-Control: no-cache, max-age=0, must-revalidate, proxy-revalidate, no-store
Pragma: no-cache
Expires: Sat, 01 Jan 2000 00:00:00 GMT
cdn.barscreative1.com/sb/au/e6/d7/97/e6d797a3a7be0e7ec1877d1b33146dfa/1657714258.html
200 OK 0 B URL HTTP/2 cdn.barscreative1.com/sb/au/e6/d7/97/e6d797a3a7be0e7ec1877d1b33146dfa/1657714258.html
IP
ASN #39572 DataWeb Global Group B.V.
Analyzer Verdict Alert fortinet Phishing
GET /sb/au/e6/d7/97/e6d797a3a7be0e7ec1877d1b33146dfa/1657714258.html HTTP/1.1
Host: cdn.barscreative1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://xfantazy.com
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Mon, 06 Feb 2023 05:33:49 GMT
content-type: text/html; charset=utf-8
server: nginx/1.17.6
last-modified: Wed, 13 Jul 2022 12:11:03 GMT
etag: W/"62ceb657-4a6"
cache-control: max-age=3600
access-control-allow-origin: *
access-control-expose-headers: Date
content-encoding: gzip
expires: Mon, 06 Feb 2023 06:33:49 GMT
x-proxy-cache: HIT
X-Firefox-Spdy: h2
a.naturalhealthsource.club/api/spots/420555?p=1&s1=%subid1%&kw=
200 OK 0 B URL HTTP/2 a.naturalhealthsource.club/api/spots/420555?p=1&s1=%subid1%&kw=
IP
ASN #24940 Hetzner Online GmbH
GET /api/spots/420555?p=1&s1=%subid1%&kw= HTTP/1.1
Host: a.naturalhealthsource.club
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Cookie: nauid=KvXNypSNdxFKThmzsNz3
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Mon, 06 Feb 2023 05:33:50 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
cache-control: private
content-encoding: gzip
X-Firefox-Spdy: h2
xfantazy.com/_next/static/chunks/9.be198c87e436634bf765.js
200 OK 0 B URL HTTP/2 xfantazy.com/_next/static/chunks/9.be198c87e436634bf765.js
IP
GET /_next/static/chunks/9.be198c87e436634bf765.js HTTP/1.1
Host: xfantazy.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/video/601edb27d7357618a3cf5cec
Cookie: visitorId=csen51g57oaf7d37cztu0c; experiment-popup-payment-7=0; experiment-save-to-button-2=0
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Mon, 06 Feb 2023 05:33:46 GMT
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=31536000, immutable
cf-bgj: minify
etag: W/"9c95-183501608ac"
last-modified: Sun, 18 Sep 2022 10:12:44 GMT
vary: Origin, Accept-Encoding
cf-cache-status: HIT
age: 5443882
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=FWuqco6OVtnLahFN0gbEwkN0BnwyF70VDGIsyls%2F4lM4v6Z1zBnYsbuaHK85TpWztutGN9ZASrRmUoypzHm67mKa9W%2F3gevIOkdeJFH0X6u9LnSJUcW%2FPGiRvVxDIDI%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7951834f1bcc23ca-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
a.realsrv.com/iframe.js?idzone=4891810
200 OK 0 B URL HTTP/2 a.realsrv.com/iframe.js?idzone=4891810
IP
ASN #60068 Datacamp Limited
GET /iframe.js?idzone=4891810 HTTP/1.1
Host: a.realsrv.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://a.realsrv.com/iframe.php?idzone=4891810&size=300x250
Cookie: __uvt=a%3A1%3A%7Bi%3A0%3Bs%3A33%3A%2263e0913e9792c6.898464592129772643%22%3B%7D; impressions=oslmrxbrnxgxamrrlbbcegeicxbmsbcenxgxamrrlbbcegeimmccrbebnxgxamcbexxbmgeioslmrxbmnxgxamrroelrxgeicxbmsbocnxgxamrroelrxgeimmccrlaonxgxamrcremlrgeimmccrlacnxgxamcmlarclgeicxbmsboenxgxamraobssmgeioslmrxlrnxgxamslescrogeimmccrbxenxgxamrescroogeislsaroornxgxamccolacbgeioslmroemnxgxamrrobxcageioslmrxlsnxgxamraobrssgeicmmsxrbonxgxamsoeamlmgeimmccrlaenxgxamrsxxxmrgeimmccrbeanxgxamcssabxegeicaocmrmanxgxamolcrcergeimcclsxronxgxamsscrmclgeimcclsxmenxgxamrceerargeialbserebnxgxamccrrssogeimcclsxaonxgxamsxsxllxgeicxbmsbxcnxgxamrrrsbaageimrblxebenxgxamselmborgeimcclsxconxgxamrcraoxsgeirbabxabbnxgxamrescroogeimcclsxacnxgxamsscrmclgeicmmsxaeenxgxamcmrmsrmgeialbsereanxgxamsoeabscgeicaxsscmbnxgxamsosomemgeimcclosconxgxamrrlbbcegeimcclsoeonxgxamrcraoxsgeimcclsxlcnxgxamrrxsoaageimcclossbnxgxamcscxaesgeimcclsxscnxgxamsmoooeegeimcclsxlenxgxamcbrorxbgeimaecseaenxgxamrcremlrgeimaecsxcbnxgxamsmoooeegeimcclsxoanxgxamclrbcelgeimcclsxlbnxgxamcrbalrageimccloscanxgxamrrobxcageiclsmrbsonxgxamsmmrbmbgeiclsmarsenxgxamsmmrbmbgeiccmmllebnxgxamclarlmmgeimcclsxsbnxgxamrroelrxgeiclsmrbxonxgxamsbebceegeiclsmrbxcnxgxamsbebceegeiclsmarscnxgxamsbebceegeiccmmlmlcnxgxamsbebceegeiclsmarrenxgxamsbebceegeicaormbaonxgxamsbxxbsrgeicaormlrenxgxamcememscgeimcclsxlonxgxamcsmlmxcgeimrblelronxgxamsbremaegeimaecsxobnxgxamsbremaegeiclsmrbrcnxgxamsbroemmgeiclsmrraanxgxamclsslaegeiclsmrmxbnxgxamsbroemmgeimccloscenxgxamrcraoxsgeimcclsxxonxgxamslescrogeimrblelxbnxgxamslescrogeimcclsoeenxgxamclrbcelgeimrblelmonxgxamcxcrasxgeimrbleloenxgxamcxcrasxgeiclsmrrmanxgxamcxabcxbgeiclsmrbeonxgxamcxabcxbgeiclsmrrcenxgxamcxabcxbgeiclsmrmxanxgxamcxabcxbgeiclsmrbxenxgxamcxabcxbgeiclsmaroonxgxamcxabcxbgeialbserxenxgxamcosraregeimcclsxsenxgxamrcraoxsgeimcclsxlanxgxamcblrlbcgeiccmmlleanxgxamccrrssogeicaormlabnxgxamcrllsmageicaormlconxgxamcrllsmageiclsmarsonxgxamclsslaegeiclsmrmlbnxgxamclsslaegeiclsmrmocnxgxamclsslaegeiccmmllecnxgxamclsslaegeimcclsxcanxgxamrceerscgeimrblelcenxgxamclrbcelgeimaecsxrcnxgxamclrbcelgeialbserxonxgxamclarlmmgeimcclosscnxgxamrceerscgeimaecobronxgxamrescroogeimaecobeenxgxamrescroogeimcclosccnxgxamrescroogeimaecoboonxgxamrescroogeimrblxelenxgxamrescroogeimaecsxccnxgxamrcremlrgeimlxbaxlonxgxamrcraoxsgeimlxbaxbanxgxamrcaxocmgeimlxbaxbonxgxamrroelrxgeimlxbaxlanxgxamrrobxcageimlxbaxlcnxgxamraobrssgeimlxbaxbcnxgxamrrrsbaageimmcoaalonxgxamrrmmrssgxcceialrexexbnxgxamrrmbceogxcceimblelambnxgxamrrmlssmgxcceimbbcemoancgxamrrboamagxcceialrexeoonxgxamrrbsasegxcceimclsaoxbncgxamrrbsasegxcceimaoobbebnxgxamrrlbxebgxcceimsacexoonxgxamrrlbbcegxcceimlxbaxlenxgxamrrlbbcegeimbbcemobncgxamrrlbbcxgxcceixaoossalnxgxamrrlbbcxgxcceimrxccosonxgxamrrlbbcxgxcceixaoosscrnxgxamrrlblbegxcceimrxccoscnxgxamrrlblbegxcceimbmlselonxgxamraeaoemgxcceimblrcsobnxgxamraebeblgxcceimeembesonxgxamraebeblgxcceimeembecenxgxamraebeblgxcceimxlbmxlcnogxamraebeblgxcceimboslabcnxgxamraebeblgxcceimlxasascnxgxamraxxxecgxcceimxlbmoscnogxamraxroxrgxcceimeembescnsgxamraxroxrgxcceimcssmlrcnsgxamraxlalegxcceimcssmlrenbgxamraoebllgxcceimlxocxobnogxamraoxmbmgxcceimxlbmosonogxamraoxmbmgxcceimlxmrlxenxgxamraoxmbmgxcceimxlbmosanogxamraoxmbmgxcceimxlbmosenogxamraoxmbmgxcceimbscxmxanxgxamraoxmbmgxcceimbscxmobnxgxamraobssmgxcceimxeoxsacnxgxamraobssmgxcceicmarxbbonogxamraobssmgxcceimxlbalscnxgxamraobrssgxcceiallxlmscnxgxamrasoexmgxcceimcssmlronagxamrasoexmgxcceimocbmmaanxgxamrasoexmgxcceimocbmmmenxgxamrasoexmgxcceiocmlslsmnxgxamrasormegxcceimbclraronogxamrassecagxcceimxlbalsbnxgxamrassblsgxcceiceecmorsnxgxamrasmemegxcceimxlbmoconmgxamrasmemegxcceimaooloranxgxamracemrsgxcceimxxerrxenxgxamraaxasegxcce; c-tag=%7B%22tag-banner%22%3A%22v3%7C%7CNOR%7C4891816%7C71105510%7C0%7C%7C508%7C41%7C3%7C40%7C0%7C0%7C0%7C25344%7C0%7C0%7C0%7C1%7C0%7C0%7C0%7C0%7C1%7C0%7C0%7C1%7C%7C1cffa26cab9227e1600343a9ffbf0de2%7C0%7Cxfantazy.com%7C%7C%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7Cok%22%7D
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Mon, 06 Feb 2023 05:33:50 GMT
content-type: application/javascript
etag: W/"d907adca85c6966b68c12420015"
expires: Thu, 02 Feb 2023 18:45:39 GMT
cache-control: max-age=10800
access-control-allow-origin: *
x-cache-op: HIT
x-accel-expires: @1675669126
server: CDN77-Turbo
x-77-nzt: AblMCRTc/0r/6AwAAA
x-77-nzt-ray: af58563057a7f6b93e91e06326346529
x-cache: HIT
x-age: 3304
x-77-pop: stockholmSE
x-77-cache: HIT
content-encoding: gzip
X-Firefox-Spdy: h2
rtbbnr.com/get/?go=1&data=eyJpbXAiOlt7InNlY3VyZSI6MSwiZXh0Ijp7InNwb3QiOjQ3MDAsImlkIjo4NTksImxhYmVscyI6IiIsInNpdGVfaWQiOjQ3MDAsInR5cGUiOiJiYW5uZXIiLCJzcGFjZWlkIjo4NTksInNwb3RfaWQiOjAsImlkem9uZSI6MzgzMDgxOSwiem9uZSI6InRjX3BhYl8zMDB4MjUwIiwiYWRfdGFncyI6IiIsInRpdGxlIjoiIiwic3ViaWQiOiIxMDEzMjk3MzUiLCJ1dG0xIjoidGNiYW5faSIsInV0bTIiOiI0NzAwIiwidXRtMyI6IjE5Nzc1IiwidXRtNCI6IiJ9LCJiYW5uZXIiOnsidyI6MzAwLCJoIjoyNTB9fV0sInNpdGUiOnsiaWQiOiI0NzAwIiwicGFnZSI6Imh0dHBzOi8vYS5uYXR1cmFsaGVhbHRoc291cmNlLmNsdWIvIn0sImRldmljZSI6eyJ3IjoxMjgwLCJoIjoxMDI0fSwidXNlciI6eyJpZCI6ImM0OTEwMTU2NzNlMGE2OTI0NjNmNzIxNTJkMmVkZTMxIn0sImV4dCI6eyJkdCI6MTY3NTY2MTY3NDcyM319
200 OK 0 B URL HTTP/2 rtbbnr.com/get/?go=1&data=eyJpbXAiOlt7InNlY3VyZSI6MSwiZXh0Ijp7InNwb3QiOjQ3MDAsImlkIjo4NTksImxhYmVscyI6IiIsInNpdGVfaWQiOjQ3MDAsInR5cGUiOiJiYW5uZXIiLCJzcGFjZWlkIjo4NTksInNwb3RfaWQiOjAsImlkem9uZSI6MzgzMDgxOSwiem9uZSI6InRjX3BhYl8zMDB4MjUwIiwiYWRfdGFncyI6IiIsInRpdGxlIjoiIiwic3ViaWQiOiIxMDEzMjk3MzUiLCJ1dG0xIjoidGNiYW5faSIsInV0bTIiOiI0NzAwIiwidXRtMyI6IjE5Nzc1IiwidXRtNCI6IiJ9LCJiYW5uZXIiOnsidyI6MzAwLCJoIjoyNTB9fV0sInNpdGUiOnsiaWQiOiI0NzAwIiwicGFnZSI6Imh0dHBzOi8vYS5uYXR1cmFsaGVhbHRoc291cmNlLmNsdWIvIn0sImRldmljZSI6eyJ3IjoxMjgwLCJoIjoxMDI0fSwidXNlciI6eyJpZCI6ImM0OTEwMTU2NzNlMGE2OTI0NjNmNzIxNTJkMmVkZTMxIn0sImV4dCI6eyJkdCI6MTY3NTY2MTY3NDcyM319
IP
ASN #24940 Hetzner Online GmbH
GET /get/?go=1&data=eyJpbXAiOlt7InNlY3VyZSI6MSwiZXh0Ijp7InNwb3QiOjQ3MDAsImlkIjo4NTksImxhYmVscyI6IiIsInNpdGVfaWQiOjQ3MDAsInR5cGUiOiJiYW5uZXIiLCJzcGFjZWlkIjo4NTksInNwb3RfaWQiOjAsImlkem9uZSI6MzgzMDgxOSwiem9uZSI6InRjX3BhYl8zMDB4MjUwIiwiYWRfdGFncyI6IiIsInRpdGxlIjoiIiwic3ViaWQiOiIxMDEzMjk3MzUiLCJ1dG0xIjoidGNiYW5faSIsInV0bTIiOiI0NzAwIiwidXRtMyI6IjE5Nzc1IiwidXRtNCI6IiJ9LCJiYW5uZXIiOnsidyI6MzAwLCJoIjoyNTB9fV0sInNpdGUiOnsiaWQiOiI0NzAwIiwicGFnZSI6Imh0dHBzOi8vYS5uYXR1cmFsaGVhbHRoc291cmNlLmNsdWIvIn0sImRldmljZSI6eyJ3IjoxMjgwLCJoIjoxMDI0fSwidXNlciI6eyJpZCI6ImM0OTEwMTU2NzNlMGE2OTI0NjNmNzIxNTJkMmVkZTMxIn0sImV4dCI6eyJkdCI6MTY3NTY2MTY3NDcyM319 HTTP/1.1
Host: rtbbnr.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://cdn.tubecorp.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx/1.18.0
date: Mon, 06 Feb 2023 05:33:51 GMT
content-type: text/html
vary: Origin
cache-control: no-transform, no-cache, no-store, must-revalidate
pragma: no-cache
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: *
content-encoding: gzip
X-Firefox-Spdy: h2
static-assets.highwebmedia.com/CACHE/js/output.6f6724a00cb8.js
200 OK 0 B URL HTTP/2 static-assets.highwebmedia.com/CACHE/js/output.6f6724a00cb8.js
IP
GET /CACHE/js/output.6f6724a00cb8.js HTTP/1.1
Host: static-assets.highwebmedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://chaturbate.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Mon, 06 Feb 2023 05:33:51 GMT
content-type: application/javascript
cache-control: public, max-age=2592000
cf-bgj: minify
etag: W/"a708027bfbbde438a72a93082d4bc4b5"
last-modified: Thu, 24 Jun 2021 21:24:05 GMT
x-amz-id-2: 8ewmTI2jy/M5oxfm1Zo8bv1SqrieGnfrMfmtZmR336jUoc4rRdbotq/wectU+HY8mdvt156QxDvmJAhJfohIWQ==
x-amz-meta-s3cmd-attrs: md5:a708027bfbbde438a72a93082d4bc4b5
x-amz-request-id: CHGKMTPSKZ4AFT0N
cf-cache-status: HIT
age: 1560386
expires: Wed, 08 Mar 2023 05:33:51 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=PpfTrdX90t88mC8SosfZPyMOL57%2Bx5%2F8RAp7VHlc9Kf19Yvx%2F76irBZWP0qkD8vVDzfdOGwrx6vXV5qztPv7BhKQk8V757ZUzKdsCMWn9FvXUHhshlJsupmDGlR8F96kc1iV%2FMnP17VmOKzD2T8EcA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
set-cookie: _cfuvid=bf2AC3KB0J2ATZpeDu98zTVEv2QAFJG0a3imtipgyKA-1675661631997-0-604800000; path=/; domain=.highwebmedia.com; HttpOnly; Secure; SameSite=None
server: cloudflare
cf-ray: 7951836fe8ddb4f7-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
static-assets.highwebmedia.com/images/ico-female.svg?818c9c4c368f
200 OK 0 B URL HTTP/2 static-assets.highwebmedia.com/images/ico-female.svg?818c9c4c368f
IP
GET /images/ico-female.svg?818c9c4c368f HTTP/1.1
Host: static-assets.highwebmedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://static-assets.highwebmedia.com/CACHE/css/output.86af60575b63.css
Cookie: _cfuvid=.h4CtOSoh_E5gR03ymQOPJMeOn5DbWNseAAnRA1ynCE-1675661632019-0-604800000
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Mon, 06 Feb 2023 05:33:52 GMT
content-type: image/svg+xml
x-amz-id-2: PjO0f4d9iBwsjngzx83Wl66WXhYi3jR3xzYwXeroJZIxUH9911T5KduqjqqqhqOl+3joEx2MR0o=
x-amz-request-id: 6PNDPE5TQ4REH75H
last-modified: Tue, 09 Mar 2021 22:37:01 GMT
etag: W/"304b64c8f4b6c7e0c36c86b419151c45"
x-amz-meta-s3cmd-attrs: md5:304b64c8f4b6c7e0c36c86b419151c45
cache-control: public, max-age=2592000
cf-cache-status: HIT
age: 226693
expires: Wed, 08 Mar 2023 05:33:52 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=MLRSJM%2B12JIn%2Bvn8lNB8wKGkLclKtCPc6PSKxuYx3Y3W6DTSUi7sLLc9bkUSd%2F5Xovxbb89WYKCexX4oemE87YXdrI7Q5qFVXLC94%2FMRp3FXXvtRYVv%2BE4IqBo8PDZ%2BWXHlKMjuz39hu5aLcEtLR1w%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 795183704925b4f7-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
xfantazy.com/_next/static/chunks/69.b3ff95d1d1b8e7cf25a2.js
200 OK 0 B URL HTTP/2 xfantazy.com/_next/static/chunks/69.b3ff95d1d1b8e7cf25a2.js
IP
GET /_next/static/chunks/69.b3ff95d1d1b8e7cf25a2.js HTTP/1.1
Host: xfantazy.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/video/601edb27d7357618a3cf5cec
Cookie: visitorId=csen51g57oaf7d37cztu0c; experiment-popup-payment-7=0; experiment-save-to-button-2=0
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Mon, 06 Feb 2023 05:33:46 GMT
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=31536000, immutable
cf-bgj: minify
etag: W/"61c-1835016290c"
last-modified: Sun, 18 Sep 2022 10:12:53 GMT
vary: Origin, Accept-Encoding
cf-cache-status: HIT
age: 5443882
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=vEk8kZeJyOqVxjQ4Ozr739yvHm4xD62%2BQQGanZLOYpwCmc6mNNTj3cXC1jUTO65SfvOL09ks3gcpBMtyFf42wLLN62zFTqGqDyhPjenda2zKXmlGjCx1fBdndi3eu0g%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7951834f1bd023ca-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
www.facebook.com/login.php?next=https%3A%2F%2Fwww.facebook.com%2Ffavicon.ico%3F_rdr%3Dp
200 OK 0 B URL HTTP/2 www.facebook.com/login.php?next=https%3A%2F%2Fwww.facebook.com%2Ffavicon.ico%3F_rdr%3Dp
IP
GET /login.php?next=https%3A%2F%2Fwww.facebook.com%2Ffavicon.ico%3F_rdr%3Dp HTTP/1.1
Host: www.facebook.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-encoding: br
pragma: no-cache
cache-control: private, no-cache, no-store, must-revalidate
expires: Sat, 01 Jan 2000 00:00:00 GMT
content-security-policy: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net 'unsafe-eval';script-src *.facebook.com *.fbcdn.net 'unsafe-inline' blob: data: 'self' 'unsafe-eval';style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* wss://*.fbcdn.net attachment.fbsbx.com blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ *.fbsbx.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster: *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: *.fbcdn.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
report-to: {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}, {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown"}]}
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
x-frame-options: DENY
x-content-type-options: nosniff
x-xss-protection: 0
cross-origin-opener-policy: same-origin-allow-popups
vary: Sec-Fetch-Site, Sec-Fetch-Mode, Accept-Encoding
strict-transport-security: max-age=15552000; preload
content-type: text/html; charset="utf-8"
x-fb-debug: v7m/lbuYUMjFtAn0I9TJ84uRpo9bE4xoD1m5wHBEFkDEaVoU/RlHz8Jr2yfCyS5LNJJ4LojPXCfi7bOsmSGI2Q==
date: Mon, 06 Feb 2023 05:33:49 GMT
priority: u=3,i
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
cams.gratis/banner/300x250.php?site=xfanta
200 OK 0 B URL HTTP/2 cams.gratis/banner/300x250.php?site=xfanta
IP
GET /banner/300x250.php?site=xfanta HTTP/1.1
Host: cams.gratis
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ads.adxadserv.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Mon, 06 Feb 2023 05:33:51 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding,User-Agent
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=8%2B4loPUCaWiC7lVfi%2BvGIVchU%2FO4FhlqwT9LqzYkEoceKfaIVQv%2F35MfrW9o9z5ev7Ka5s1v4ZelGuYRD9AMe2CvKTs7OkZZjYDAlKMRoPVOjY188jWospGhAcOT6Q%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7951836b1d0fe67c-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
creative.xlirdr.com/widgets/v4/Universal/main.33831b792a3809ba493a.css
200 OK 0 B URL HTTP/2 creative.xlirdr.com/widgets/v4/Universal/main.33831b792a3809ba493a.css
IP
GET /widgets/v4/Universal/main.33831b792a3809ba493a.css HTTP/1.1
Host: creative.xlirdr.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://creative.xlirdr.com/widgets/v4/Universal/?actionButtonPlacement=bottom&buttonColor=&campaignId=banner2609start&creativeId=300x250&domain=stripchat&hideButtonOnSmallSpots=1&hideModelNameOnSmallSpots=0&hideTitleOnSmallSpots=1&isXhDesign=0&liveBadgeColor=%2324d7d7&modelsCountry=&modelsLanguage=&showButton=1&showLiveBadge=1&showModelName=1&showTitle=0&sound=off&sourceId=xfanta&tag=females&targetDomain=&thumbSizeKey=small&trackOff=1&userId=b47aedc2c088e2f21e0cc23e0318384c557941461efdbc48212e7282df45f2f4
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Mon, 06 Feb 2023 05:33:51 GMT
content-type: text/css
last-modified: Tue, 31 Jan 2023 09:52:08 GMT
etag: W/"63d8e4c8-3403"
expires: Mon, 06 Feb 2023 05:33:53 GMT
cache-control: max-age=10
pragma: public
cf-cache-status: HIT
age: 3
vary: Accept-Encoding
server: cloudflare
cf-ray: 7951836d89d2b4f3-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
friendshipmale.com/sfp.js
200 OK 0 B URL HTTP/2 friendshipmale.com/sfp.js
IP
Analyzer Verdict Alert fortinet Malware
GET /sfp.js HTTP/1.1
Host: friendshipmale.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Mon, 06 Feb 2023 05:33:48 GMT
content-type: application/javascript; charset=utf-8
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
access-control-allow-origin: *
expires: Thu, 01 Jan 1970 00:00:01 GMT
cache-control: max-age=14400
x-request-id: 6ffb9dd9323faa361b7788f1bec6c0ac
strict-transport-security: max-age=0; includeSubdomains
cf-cache-status: EXPIRED
last-modified: Mon, 06 Feb 2023 05:33:47 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=r5lh5zUIgbHrnGdAA8tBiaD%2FFDahlmgX4zy77xKGigss3vOLaO0wTeoyhKMyxKE95zD0yO9hBy7Do8zRZ%2FmXLCQplXqcKHOsfLNVJeY3HeEvU6Mn8I%2Brn6KahdtYPa598NgJ1bw%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 795183588c3d8892-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
a.realsrv.com/build-iframe-js-url.js?idzone=4891810
200 OK 0 B URL HTTP/2 a.realsrv.com/build-iframe-js-url.js?idzone=4891810
IP
ASN #60068 Datacamp Limited
GET /build-iframe-js-url.js?idzone=4891810 HTTP/1.1
Host: a.realsrv.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://a.realsrv.com/iframe.php?idzone=4891810&size=300x250
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Mon, 06 Feb 2023 05:33:50 GMT
content-type: application/javascript
etag: W/"1789784d9721457eb3c560b1f16"
expires: Thu, 02 Feb 2023 18:45:39 GMT
cache-control: max-age=10800
access-control-allow-origin: *
x-cache-op: HIT
x-accel-expires: @1675669126
server: CDN77-Turbo
x-77-nzt: AblMCRR8wNT/6AwAAA
x-77-nzt-ray: af58563057a7f6b93e91e0636810a526
x-cache: HIT
x-age: 3304
x-77-pop: stockholmSE
x-77-cache: HIT
content-encoding: gzip
X-Firefox-Spdy: h2
109d378489.9f84a22351.com/1570ade5e4f35dcf7f071b420c1d05b2.js
200 OK 0 B URL HTTP/2 109d378489.9f84a22351.com/1570ade5e4f35dcf7f071b420c1d05b2.js
IP
ASN #39572 DataWeb Global Group B.V.
Analyzer Verdict Alert quad9 Sinkholed
GET /1570ade5e4f35dcf7f071b420c1d05b2.js HTTP/1.1
Host: 109d378489.9f84a22351.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://a.naturalhealthsource.club
Connection: keep-alive
Referer: https://a.naturalhealthsource.club/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Mon, 06 Feb 2023 05:33:50 GMT
content-type: application/javascript; charset=utf-8
server: nginx/1.18.0
last-modified: Thu, 02 Feb 2023 09:20:02 GMT
etag: W/"63db8042-18c39"
content-encoding: gzip
expires: Mon, 06 Feb 2023 05:38:50 GMT
cache-control: max-age=300
x-proxy-cache: HIT
access-control-allow-origin: *
X-Firefox-Spdy: h2
creative.xlirdr.com/widgets/v4/Universal/main.33831b792a3809ba493a.js
200 OK 0 B URL HTTP/2 creative.xlirdr.com/widgets/v4/Universal/main.33831b792a3809ba493a.js
IP
GET /widgets/v4/Universal/main.33831b792a3809ba493a.js HTTP/1.1
Host: creative.xlirdr.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://creative.xlirdr.com/widgets/v4/Universal/?actionButtonPlacement=bottom&buttonColor=&campaignId=banner2609start&creativeId=300x250&domain=stripchat&hideButtonOnSmallSpots=1&hideModelNameOnSmallSpots=0&hideTitleOnSmallSpots=1&isXhDesign=0&liveBadgeColor=%2324d7d7&modelsCountry=&modelsLanguage=&showButton=1&showLiveBadge=1&showModelName=1&showTitle=0&sound=off&sourceId=xfanta&tag=females&targetDomain=&thumbSizeKey=small&trackOff=1&userId=b47aedc2c088e2f21e0cc23e0318384c557941461efdbc48212e7282df45f2f4
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Mon, 06 Feb 2023 05:33:51 GMT
content-type: application/javascript; charset=utf-8
last-modified: Tue, 31 Jan 2023 09:52:08 GMT
etag: W/"63d8e4c8-42f63"
expires: Mon, 06 Feb 2023 05:33:53 GMT
cache-control: max-age=10
pragma: public
cf-cache-status: HIT
age: 3
vary: Accept-Encoding
server: cloudflare
cf-ray: 7951836d89d4b4f3-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
8ffa747e3a.bc5ae89c44.com/get/?go=1&data=eyJpbXAiOlt7InNlY3VyZSI6MSwiZXh0Ijp7InRhZ19hYiI6ImIiLCJtdWx0aSI6ZmFsc2UsInVzZXJfa2V5d29yZHMiOiIiLCJpZCI6MTAxOCwic3BhY2VpZCI6MTAxOCwidHlwZSI6InBvcCIsImlkem9uZSI6bnVsbCwiYWRfdGFncyI6IiwiLCJsYWJlbHMiOiIiLCJhbGxvd2VkX2xhYmVscyI6IiIsInRpdGxlIjoiIiwic3ViaWQiOiIxNjUwMTM2MTAyIiwicmVmcmVzaCI6MSwidXRtMSI6IiIsInV0bTIiOiIiLCJ1dG00IjoiIiwic3BvdF9pZCI6Mjk3NjA0LCJtdWx0aXBsZSI6ZmFsc2UsImlzX2lmcmFtZSI6dHJ1ZSwicmVmZG9tYWluIjoieGZhbnRhenkuY29tIiwicGwiOjMwMywic3RyYXRhZ2VtIjoibmxhYmVsLWEiLCJneXIiOjAsImFjY2VsIjowLCJzc3AiOjM3NTgsImJ0eXBlIjowLCJ2MiI6MCwicmNoYW5nZSI6ZmFsc2V9LCJiYW5uZXIiOnsidyI6OTAwLCJoIjoyNTB9fV0sInNpdGUiOnsiaWQiOiIyOTc2MDQiLCJjYXQiOlsiSUFCMjUiXSwicGFnZSI6Imh0dHBzOi8veGZhbnRhenkuY29tLyJ9LCJkZXZpY2UiOnsidyI6MTI4MCwiaCI6MTAyNH0sInVzZXIiOnsiaWQiOiJiMDE0MzUxOGU4NDFiMjQ3MGFmODRkODZlMWIwOWQzYiIsImZwIjpudWxsfSwiZXh0Ijp7ImR0IjoxNjc1NjYxNjc1NTE1fX0=
200 OK 0 B URL HTTP/2 8ffa747e3a.bc5ae89c44.com/get/?go=1&data=eyJpbXAiOlt7InNlY3VyZSI6MSwiZXh0Ijp7InRhZ19hYiI6ImIiLCJtdWx0aSI6ZmFsc2UsInVzZXJfa2V5d29yZHMiOiIiLCJpZCI6MTAxOCwic3BhY2VpZCI6MTAxOCwidHlwZSI6InBvcCIsImlkem9uZSI6bnVsbCwiYWRfdGFncyI6IiwiLCJsYWJlbHMiOiIiLCJhbGxvd2VkX2xhYmVscyI6IiIsInRpdGxlIjoiIiwic3ViaWQiOiIxNjUwMTM2MTAyIiwicmVmcmVzaCI6MSwidXRtMSI6IiIsInV0bTIiOiIiLCJ1dG00IjoiIiwic3BvdF9pZCI6Mjk3NjA0LCJtdWx0aXBsZSI6ZmFsc2UsImlzX2lmcmFtZSI6dHJ1ZSwicmVmZG9tYWluIjoieGZhbnRhenkuY29tIiwicGwiOjMwMywic3RyYXRhZ2VtIjoibmxhYmVsLWEiLCJneXIiOjAsImFjY2VsIjowLCJzc3AiOjM3NTgsImJ0eXBlIjowLCJ2MiI6MCwicmNoYW5nZSI6ZmFsc2V9LCJiYW5uZXIiOnsidyI6OTAwLCJoIjoyNTB9fV0sInNpdGUiOnsiaWQiOiIyOTc2MDQiLCJjYXQiOlsiSUFCMjUiXSwicGFnZSI6Imh0dHBzOi8veGZhbnRhenkuY29tLyJ9LCJkZXZpY2UiOnsidyI6MTI4MCwiaCI6MTAyNH0sInVzZXIiOnsiaWQiOiJiMDE0MzUxOGU4NDFiMjQ3MGFmODRkODZlMWIwOWQzYiIsImZwIjpudWxsfSwiZXh0Ijp7ImR0IjoxNjc1NjYxNjc1NTE1fX0=
IP
ASN #24940 Hetzner Online GmbH
GET /get/?go=1&data=eyJpbXAiOlt7InNlY3VyZSI6MSwiZXh0Ijp7InRhZ19hYiI6ImIiLCJtdWx0aSI6ZmFsc2UsInVzZXJfa2V5d29yZHMiOiIiLCJpZCI6MTAxOCwic3BhY2VpZCI6MTAxOCwidHlwZSI6InBvcCIsImlkem9uZSI6bnVsbCwiYWRfdGFncyI6IiwiLCJsYWJlbHMiOiIiLCJhbGxvd2VkX2xhYmVscyI6IiIsInRpdGxlIjoiIiwic3ViaWQiOiIxNjUwMTM2MTAyIiwicmVmcmVzaCI6MSwidXRtMSI6IiIsInV0bTIiOiIiLCJ1dG00IjoiIiwic3BvdF9pZCI6Mjk3NjA0LCJtdWx0aXBsZSI6ZmFsc2UsImlzX2lmcmFtZSI6dHJ1ZSwicmVmZG9tYWluIjoieGZhbnRhenkuY29tIiwicGwiOjMwMywic3RyYXRhZ2VtIjoibmxhYmVsLWEiLCJneXIiOjAsImFjY2VsIjowLCJzc3AiOjM3NTgsImJ0eXBlIjowLCJ2MiI6MCwicmNoYW5nZSI6ZmFsc2V9LCJiYW5uZXIiOnsidyI6OTAwLCJoIjoyNTB9fV0sInNpdGUiOnsiaWQiOiIyOTc2MDQiLCJjYXQiOlsiSUFCMjUiXSwicGFnZSI6Imh0dHBzOi8veGZhbnRhenkuY29tLyJ9LCJkZXZpY2UiOnsidyI6MTI4MCwiaCI6MTAyNH0sInVzZXIiOnsiaWQiOiJiMDE0MzUxOGU4NDFiMjQ3MGFmODRkODZlMWIwOWQzYiIsImZwIjpudWxsfSwiZXh0Ijp7ImR0IjoxNjc1NjYxNjc1NTE1fX0= HTTP/1.1
Host: 8ffa747e3a.bc5ae89c44.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://a.naturalhealthsource.club/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx/1.18.0
date: Mon, 06 Feb 2023 05:33:52 GMT
content-type: text/html
vary: Origin
cache-control: no-transform, no-cache, no-store, must-revalidate
pragma: no-cache
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: *
content-encoding: gzip
X-Firefox-Spdy: h2
xfantazy.com/video/601edb27d7357618a3cf5cec
200 OK 0 B URL HTTP/2 xfantazy.com/video/601edb27d7357618a3cf5cec
IP
GET /video/601edb27d7357618a3cf5cec HTTP/1.1
Host: xfantazy.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/2 200 OK
date: Mon, 06 Feb 2023 05:33:46 GMT
content-type: text/html; charset=utf-8
vary: Origin
set-cookie: visitorId=csen51g57oaf7d37cztu0c; Domain=xfantazy.com; Path=/; Expires=Sun, 06 Feb 2033 05:33:46 GMT; HttpOnly
experiment-popup-payment-7=0; Path=/; Expires=Mon, 13 Feb 2023 05:33:46 GMT
experiment-save-to-button-2=0; Path=/; Expires=Mon, 13 Feb 2023 05:33:46 GMT
x-powered-by: Next.js
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=MXbBZa8YAysX%2BscLf%2BODoftmnpt94mVgvZKqdtdLQQ4k%2FXWSuAZIYWrS4FcGJYg5s9NJqJJ2vbwbQq2eYG%2BWzktqD8rDpNje5360T3mm0OOQdmf5q5Qs4TG7gvXlVW4%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7951834b392a23ca-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
109d378489.9f84a22351.com/7121705192e9b3a4747c466e9dbef8e9/67059?version_name=b
200 OK 0 B URL HTTP/2 109d378489.9f84a22351.com/7121705192e9b3a4747c466e9dbef8e9/67059?version_name=b
IP
ASN #39572 DataWeb Global Group B.V.
Analyzer Verdict Alert quad9 Sinkholed
GET /7121705192e9b3a4747c466e9dbef8e9/67059?version_name=b HTTP/1.1
Host: 109d378489.9f84a22351.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://a.naturalhealthsource.club
Connection: keep-alive
Referer: https://a.naturalhealthsource.club/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Mon, 06 Feb 2023 05:33:50 GMT
content-type: application/json
server: nginx/1.18.0
cache-control: max-age=300
expires: Mon, 06 Feb 2023 05:38:50 GMT
x-proxy-cache: HIT
access-control-allow-origin: *
X-Firefox-Spdy: h2
js.cabnnr.com/banner-admanager/build.m.js
200 OK 0 B URL HTTP/2 js.cabnnr.com/banner-admanager/build.m.js
IP
ASN #39572 DataWeb Global Group B.V.
GET /banner-admanager/build.m.js HTTP/1.1
Host: js.cabnnr.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://a.naturalhealthsource.club/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Mon, 06 Feb 2023 05:33:51 GMT
content-type: application/javascript; charset=utf-8
server: nginx/1.18.0
last-modified: Fri, 27 Jan 2023 07:04:13 GMT
etag: W/"63d3776d-d174"
content-encoding: gzip
expires: Mon, 06 Feb 2023 05:38:51 GMT
cache-control: max-age=300
x-proxy-cache: HIT
access-control-allow-origin: *
X-Firefox-Spdy: h2
a.realsrv.com/iframe.js?idzone=4786600
200 OK 0 B URL HTTP/2 a.realsrv.com/iframe.js?idzone=4786600
IP
ASN #60068 Datacamp Limited
GET /iframe.js?idzone=4786600 HTTP/1.1
Host: a.realsrv.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://a.realsrv.com/iframe.php?idzone=4786600&size=300x250
Cookie: __uvt=a%3A1%3A%7Bi%3A0%3Bs%3A33%3A%2263e0913e97bfe2.524013583961040162%22%3B%7D; impressions=oslmrxbrnxgxamrrlbbcegeicxbmsbcenxgxamrrlbbcegeimmccrbebnxgxamcbexxbmgeioslmrxbmnxgxamrroelrxgeicxbmsbocnxgxamrroelrxgeimmccrlaonxgxamrcremlrgeimmccrlacnxgxamcmlarclgeicxbmsboenxgxamraobssmgeioslmrxlrnxgxamslescrogeimmccrbxenxgxamrescroogeislsaroornxgxamccolacbgeioslmroemnxgxamrrobxcageioslmrxlsnxgxamraobrssgeicmmsxrbonxgxamsoeamlmgeimmccrlaenxgxamrsxxxmrgeimmccrbeanxgxamcssabxegeicaocmrmanxgxamolcrcergeimcclsxronxgxamsscrmclgeimcclsxmenxgxamrceerargeialbserebnxgxamccrrssogeimcclsxaonxgxamsxsxllxgeicxbmsbxcnxgxamrrrsbaageimrblxebenxgxamselmborgeimcclsxconxgxamrcraoxsgeirbabxabbnxgxamrescroogeimcclsxacnxgxamsscrmclgeicmmsxaeenxgxamcmrmsrmgeialbsereanxgxamsoeabscgeicaxsscmbnxgxamsosomemgeimcclosconxgxamrrlbbcegeimcclsoeonxgxamrcraoxsgeimcclsxlcnxgxamrrxsoaageimcclossbnxgxamcscxaesgeimcclsxscnxgxamsmoooeegeimcclsxlenxgxamcbrorxbgeimaecseaenxgxamrcremlrgeimaecsxcbnxgxamsmoooeegeimcclsxoanxgxamclrbcelgeimcclsxlbnxgxamcrbalrageimccloscanxgxamrrobxcageiclsmrbsonxgxamsmmrbmbgeiclsmarsenxgxamsmmrbmbgeiccmmllebnxgxamclarlmmgeimcclsxsbnxgxamrroelrxgeiclsmrbxonxgxamsbebceegeiclsmrbxcnxgxamsbebceegeiclsmarscnxgxamsbebceegeiccmmlmlcnxgxamsbebceegeiclsmarrenxgxamsbebceegeicaormbaonxgxamsbxxbsrgeicaormlrenxgxamcememscgeimcclsxlonxgxamcsmlmxcgeimrblelronxgxamsbremaegeimaecsxobnxgxamsbremaegeiclsmrbrcnxgxamsbroemmgeiclsmrraanxgxamclsslaegeiclsmrmxbnxgxamsbroemmgeimccloscenxgxamrcraoxsgeimcclsxxonxgxamslescrogeimrblelxbnxgxamslescrogeimcclsoeenxgxamclrbcelgeimrblelmonxgxamcxcrasxgeimrbleloenxgxamcxcrasxgeiclsmrrmanxgxamcxabcxbgeiclsmrbeonxgxamcxabcxbgeiclsmrrcenxgxamcxabcxbgeiclsmrmxanxgxamcxabcxbgeiclsmrbxenxgxamcxabcxbgeiclsmaroonxgxamcxabcxbgeialbserxenxgxamcosraregeimcclsxsenxgxamrcraoxsgeimcclsxlanxgxamcblrlbcgeiccmmlleanxgxamccrrssogeicaormlabnxgxamcrllsmageicaormlconxgxamcrllsmageiclsmarsonxgxamclsslaegeiclsmrmlbnxgxamclsslaegeiclsmrmocnxgxamclsslaegeiccmmllecnxgxamclsslaegeimcclsxcanxgxamrceerscgeimrblelcenxgxamclrbcelgeimaecsxrcnxgxamclrbcelgeialbserxonxgxamclarlmmgeimcclosscnxgxamrceerscgeimaecobronxgxamrescroogeimaecobeenxgxamrescroogeimcclosccnxgxamrescroogeimaecoboonxgxamrescroogeimrblxelenxgxamrescroogeimaecsxccnxgxamrcremlrgeimlxbaxlonxgxamrcraoxsgeimlxbaxbanxgxamrcaxocmgeimlxbaxbonxgxamrroelrxgeimlxbaxlanxgxamrrobxcageimlxbaxlcnxgxamraobrssgeimlxbaxbcnxgxamrrrsbaageimmcoaalonxgxamrrmmrssgxcceialrexexbnxgxamrrmbceogxcceimblelambnxgxamrrmlssmgxcceimbbcemoancgxamrrboamagxcceialrexeoonxgxamrrbsasegxcceimclsaoxbncgxamrrbsasegxcceimaoobbebnxgxamrrlbxebgxcceimsacexoonxgxamrrlbbcegxcceimlxbaxlenxgxamrrlbbcegeimbbcemobncgxamrrlbbcxgxcceixaoossalnxgxamrrlbbcxgxcceimrxccosonxgxamrrlbbcxgxcceixaoosscrnxgxamrrlblbegxcceimrxccoscnxgxamrrlblbegxcceimbmlselonxgxamraeaoemgxcceimblrcsobnxgxamraebeblgxcceimeembesonxgxamraebeblgxcceimeembecenxgxamraebeblgxcceimxlbmxlcnogxamraebeblgxcceimboslabcnxgxamraebeblgxcceimlxasascnxgxamraxxxecgxcceimxlbmoscnogxamraxroxrgxcceimeembescnsgxamraxroxrgxcceimcssmlrcnsgxamraxlalegxcceimcssmlrenbgxamraoebllgxcceimlxocxobnogxamraoxmbmgxcceimxlbmosonogxamraoxmbmgxcceimlxmrlxenxgxamraoxmbmgxcceimxlbmosanogxamraoxmbmgxcceimxlbmosenogxamraoxmbmgxcceimbscxmxanxgxamraoxmbmgxcceimbscxmobnxgxamraobssmgxcceimxeoxsacnxgxamraobssmgxcceicmarxbbonogxamraobssmgxcceimxlbalscnxgxamraobrssgxcceiallxlmscnxgxamrasoexmgxcceimcssmlronagxamrasoexmgxcceimocbmmaanxgxamrasoexmgxcceimocbmmmenxgxamrasoexmgxcceiocmlslsmnxgxamrasormegxcceimbclraronogxamrassecagxcceimxlbalsbnxgxamrassblsgxcceiceecmorsnxgxamrasmemegxcceimxlbmoconmgxamrasmemegxcceimaooloranxgxamracemrsgxcceimxxerrxenxgxamraaxasegxcce; c-tag=%7B%22tag-banner%22%3A%22v3%7C%7CNOR%7C4891814%7C71105510%7C0%7C%7C508%7C41%7C3%7C40%7C0%7C0%7C0%7C25344%7C0%7C0%7C0%7C1%7C0%7C0%7C0%7C0%7C1%7C0%7C0%7C1%7C%7C1cffa26cab9227e1600343a9ffbf0de2%7C0%7Cxfantazy.com%7C%7C%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7Cok%22%7D
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Mon, 06 Feb 2023 05:33:50 GMT
content-type: application/javascript
etag: W/"724ab97fc38e9cf2e4a7f8a53ff"
expires: Thu, 02 Feb 2023 18:46:01 GMT
cache-control: max-age=10800
access-control-allow-origin: *
x-cache-op: HIT
x-accel-expires: @1675670020
server: CDN77-Turbo
x-77-nzt: AblMCRT+qTv/agkAAA
x-77-nzt-ray: af58563057a7f6b93e91e063dcc20d2a
x-cache: HIT
x-age: 2410
x-77-pop: stockholmSE
x-77-cache: HIT
content-encoding: gzip
X-Firefox-Spdy: h2
8ffa747e3a.bc5ae89c44.com/get/?go=1&data=eyJpbXAiOlt7InNlY3VyZSI6MSwiZXh0Ijp7InRhZ19hYiI6ImEiLCJtdWx0aSI6ZmFsc2UsInVzZXJfa2V5d29yZHMiOiIiLCJpZCI6MTQ5Niwic3BhY2VpZCI6MTQ5NiwidHlwZSI6InBvcCIsImlkem9uZSI6bnVsbCwiYWRfdGFncyI6IiwiLCJsYWJlbHMiOiIiLCJhbGxvd2VkX2xhYmVscyI6IiIsInRpdGxlIjoiIiwic3ViaWQiOiI0OTQ0MTk0OTMiLCJyZWZyZXNoIjoxLCJ1dG0xIjoiIiwidXRtMiI6IiIsInV0bTQiOiIiLCJzcG90X2lkIjoyOTc1OTYsIm11bHRpcGxlIjpmYWxzZSwiaXNfaWZyYW1lIjp0cnVlLCJyZWZkb21haW4iOiJ4ZmFudGF6eS5jb20iLCJwbCI6MjY5LCJzdHJhdGFnZW0iOiJubGFiZWwtYSIsImd5ciI6MCwiYWNjZWwiOjAsInNzcCI6Mzc1OCwiYnR5cGUiOjAsInYyIjowLCJyY2hhbmdlIjpmYWxzZX0sImJhbm5lciI6eyJ3IjozMDAsImgiOjI1MH19XSwic2l0ZSI6eyJpZCI6IjI5NzU5NiIsImNhdCI6WyJJQUIyNSJdLCJwYWdlIjoiaHR0cHM6Ly94ZmFudGF6eS5jb20vIn0sImRldmljZSI6eyJ3IjoxMjgwLCJoIjoxMDI0fSwidXNlciI6eyJpZCI6ImIwMTQzNTE4ZTg0MWIyNDcwYWY4NGQ4NmUxYjA5ZDNiIiwiZnAiOm51bGx9LCJleHQiOnsiZHQiOjE2NzU2NjE2NzU0NDJ9fQ==
200 OK 0 B URL HTTP/2 8ffa747e3a.bc5ae89c44.com/get/?go=1&data=eyJpbXAiOlt7InNlY3VyZSI6MSwiZXh0Ijp7InRhZ19hYiI6ImEiLCJtdWx0aSI6ZmFsc2UsInVzZXJfa2V5d29yZHMiOiIiLCJpZCI6MTQ5Niwic3BhY2VpZCI6MTQ5NiwidHlwZSI6InBvcCIsImlkem9uZSI6bnVsbCwiYWRfdGFncyI6IiwiLCJsYWJlbHMiOiIiLCJhbGxvd2VkX2xhYmVscyI6IiIsInRpdGxlIjoiIiwic3ViaWQiOiI0OTQ0MTk0OTMiLCJyZWZyZXNoIjoxLCJ1dG0xIjoiIiwidXRtMiI6IiIsInV0bTQiOiIiLCJzcG90X2lkIjoyOTc1OTYsIm11bHRpcGxlIjpmYWxzZSwiaXNfaWZyYW1lIjp0cnVlLCJyZWZkb21haW4iOiJ4ZmFudGF6eS5jb20iLCJwbCI6MjY5LCJzdHJhdGFnZW0iOiJubGFiZWwtYSIsImd5ciI6MCwiYWNjZWwiOjAsInNzcCI6Mzc1OCwiYnR5cGUiOjAsInYyIjowLCJyY2hhbmdlIjpmYWxzZX0sImJhbm5lciI6eyJ3IjozMDAsImgiOjI1MH19XSwic2l0ZSI6eyJpZCI6IjI5NzU5NiIsImNhdCI6WyJJQUIyNSJdLCJwYWdlIjoiaHR0cHM6Ly94ZmFudGF6eS5jb20vIn0sImRldmljZSI6eyJ3IjoxMjgwLCJoIjoxMDI0fSwidXNlciI6eyJpZCI6ImIwMTQzNTE4ZTg0MWIyNDcwYWY4NGQ4NmUxYjA5ZDNiIiwiZnAiOm51bGx9LCJleHQiOnsiZHQiOjE2NzU2NjE2NzU0NDJ9fQ==
IP
ASN #24940 Hetzner Online GmbH
GET /get/?go=1&data=eyJpbXAiOlt7InNlY3VyZSI6MSwiZXh0Ijp7InRhZ19hYiI6ImEiLCJtdWx0aSI6ZmFsc2UsInVzZXJfa2V5d29yZHMiOiIiLCJpZCI6MTQ5Niwic3BhY2VpZCI6MTQ5NiwidHlwZSI6InBvcCIsImlkem9uZSI6bnVsbCwiYWRfdGFncyI6IiwiLCJsYWJlbHMiOiIiLCJhbGxvd2VkX2xhYmVscyI6IiIsInRpdGxlIjoiIiwic3ViaWQiOiI0OTQ0MTk0OTMiLCJyZWZyZXNoIjoxLCJ1dG0xIjoiIiwidXRtMiI6IiIsInV0bTQiOiIiLCJzcG90X2lkIjoyOTc1OTYsIm11bHRpcGxlIjpmYWxzZSwiaXNfaWZyYW1lIjp0cnVlLCJyZWZkb21haW4iOiJ4ZmFudGF6eS5jb20iLCJwbCI6MjY5LCJzdHJhdGFnZW0iOiJubGFiZWwtYSIsImd5ciI6MCwiYWNjZWwiOjAsInNzcCI6Mzc1OCwiYnR5cGUiOjAsInYyIjowLCJyY2hhbmdlIjpmYWxzZX0sImJhbm5lciI6eyJ3IjozMDAsImgiOjI1MH19XSwic2l0ZSI6eyJpZCI6IjI5NzU5NiIsImNhdCI6WyJJQUIyNSJdLCJwYWdlIjoiaHR0cHM6Ly94ZmFudGF6eS5jb20vIn0sImRldmljZSI6eyJ3IjoxMjgwLCJoIjoxMDI0fSwidXNlciI6eyJpZCI6ImIwMTQzNTE4ZTg0MWIyNDcwYWY4NGQ4NmUxYjA5ZDNiIiwiZnAiOm51bGx9LCJleHQiOnsiZHQiOjE2NzU2NjE2NzU0NDJ9fQ== HTTP/1.1
Host: 8ffa747e3a.bc5ae89c44.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://a.naturalhealthsource.club/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx/1.18.0
date: Mon, 06 Feb 2023 05:33:52 GMT
content-type: text/html
vary: Origin
cache-control: no-transform, no-cache, no-store, must-revalidate
pragma: no-cache
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: *
content-encoding: gzip
X-Firefox-Spdy: h2
chaturbate.com/in/?track=xfanta&tour=x1Rd&campaign=NcAyU&c=3&p=0&gender=f
302 Found 0 B URL HTTP/2 chaturbate.com/in/?track=xfanta&tour=x1Rd&campaign=NcAyU&c=3&p=0&gender=f
IP
GET /in/?track=xfanta&tour=x1Rd&campaign=NcAyU&c=3&p=0&gender=f HTTP/1.1
Host: chaturbate.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://cams.gratis/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
date: Mon, 06 Feb 2023 05:33:51 GMT
content-type: text/html; charset=utf-8
location: /tours/3/?tour=x1Rd&campaign=NcAyU&c=3&p=0&gender=f&disable_sound=0
p3p: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"
vary: Accept-Language, Cookie
content-language: en
content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.mmcdn.com https://*.highwebmedia.com https://*.chaturbate.com https://chaturbate.com https://ajax.googleapis.com https://js-agent.newrelic.com https://cdnjs.cloudflare.com https://www.google-analytics.com https://www.google.com/recaptcha/ https://www.google.com/cv/ https://www.gstatic.com/recaptcha/ https://www.gstatic.com/cv/ https://www.gstatic.com/eureka/ https://www.gstatic.com/cast/ https://*.nr-data.net https://certify-js.alexametrics.com https://player.vimeo.com/api/player.js https://static.hotjar.com https://script.hotjar.com ; style-src 'self' data: 'unsafe-inline' https://*.highwebmedia.com https://cdnjs.cloudflare.com https://fonts.googleapis.com https://static.hotjar.com https://script.hotjar.com; img-src 'self' data: https://*.mmcdn.com https://*.highwebmedia.com https://*.stream.highwebmedia.com https://*.chaturbate.com https://chaturbate.com https://www.google-analytics.com https://static-pub.highwebmedia.com https://s3pv.highwebmedia.com https://cbphotovideo.s3.amazonaws.com https://cbphotovideo-eu.s3.amazonaws.com https://static-pub.highwebmedia.com.s3.amazonaws.com https://wowdvr.s3.amazonaws.com https://cbvideoupload.s3.amazonaws.com https://cdnjs.cloudflare.com https://www.gstatic.com https://*.nr-data.net https://certify.alexametrics.com https://stats.g.doubleclick.net https://cbgames.s3.amazonaws.com https://player.vimeo.com https://script.hotjar.com http://script.hotjar.com ; font-src 'self' data: https://*.mmcdn.com https://*.highwebmedia.com https://cdnjs.cloudflare.com https://fonts.gstatic.com http://script.hotjar.com https://script.hotjar.com ; connect-src 'self' blob: blob https://*.mmcdn.com wss://*.mmcdn.com wss://*.mmcdn.com:8443 https://*.highwebmedia.com wss://*.highwebmedia.com wss://*.highwebmedia.com:8443 https://*.nr-data.net https://*.chaturbate.com https://chaturbate.com https://www.google-analytics.com https://cbvideoupload.s3-accelerate.amazonaws.com https://stats.g.doubleclick.net https://internet-up.ably-realtime.com https://static-pub.highwebmedia.com https://s3pv.highwebmedia.com https://cbphotovideo.s3.amazonaws.com https://cbphotovideo-eu.s3.amazonaws.com https://static-pub.highwebmedia.com.s3.amazonaws.com https://wowdvr.s3.amazonaws.com https://cbvideoupload.s3.amazonaws.com https://tls-use1.fpapi.io https://use1.fptls.com https://eun1.fptls.com https://aps1.fptls.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com ; media-src 'self' https://*.mmcdn.com https://*.highwebmedia.com https://*.chaturbate.com https://chaturbate.com mediasource: blob: data: https://static-pub.highwebmedia.com https://s3pv.highwebmedia.com https://cbphotovideo.s3.amazonaws.com https://cbphotovideo-eu.s3.amazonaws.com https://static-pub.highwebmedia.com.s3.amazonaws.com https://wowdvr.s3.amazonaws.com https://cbvideoupload.s3.amazonaws.com; object-src 'self' https://*.mmcdn.com https://*.highwebmedia.com https://download.macromedia.com https://static-pub.highwebmedia.com https://s3pv.highwebmedia.com https://cbphotovideo.s3.amazonaws.com https://cbphotovideo-eu.s3.amazonaws.com https://static-pub.highwebmedia.com.s3.amazonaws.com https://wowdvr.s3.amazonaws.com https://cbvideoupload.s3.amazonaws.com ; frame-src 'self' https://*.mmcdn.com https://*.chaturbate.com https://chaturbate.com https://*.highwebmedia.com https://adserver.exoticads.com https://www.google.com/recaptcha/ https://*.wnu.com https://wnu.com https://checkout.2000charge.com https://www.sofort.com https://*.girogate.de https://player.vimeo.com https://vars.hotjar.com ; child-src 'self' blob: blob ; worker-src 'self' blob: blob ; form-action 'self' https://*.chaturbate.com https://chaturbate.com https://*.stream.highwebmedia.com https://*.wnu.com https://wnu.com https://devportal.cb.dev https://*.web.amer-1.jumio.ai https://smartpay.coinsmart.com https://secure.paygarden.com ; manifest-src 'self' https://*.mmcdn.com https://*.highwebmedia.com ; report-uri https://report-uri.mmcdn.com/r/t/csp/enforce;
report-to: {"group":"default","max_age":2592000,"endpoints":[{"url":"https://report-uri.mmcdn.com/a/t/g"}],"include_subdomains":true}
nel: {"report_to":"default","max_age":2592000,"include_subdomains":true}
x-frame-options: DENY
cache-control: no-cache
x-content-type-options: nosniff
x-xss-protection: 1; mode=block; report=https://report-uri.highwebmedia.com/r/t/xss/enforce
referrer-policy: strict-origin-when-cross-origin
via: 1.1 google
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cf-cache-status: DYNAMIC
set-cookie: u_x1Rd=1; expires=Sat, 11 Feb 2023 05:33:51 GMT; Max-Age=432000; Path=/
us_x1Rd=1; Path=/
affkey="eJyrVipRslJQqjAMSlHSUVBKzi0Acf2SHStDQfySomywdFpiXkkiSKAIxM0oKSkottLXT07MLdZLL0osySzWB0kmpqWBpHMTKyoqclNTMhONDAwtQBJgQ40MlWoBzegfMA=="; Domain=.chaturbate.com; expires=Wed, 08 Mar 2023 05:33:51 GMT; Max-Age=2592000; Path=/
fromaffiliate=1; Domain=.chaturbate.com; Path=/
noads=1; expires=Mon, 06 Feb 2023 11:33:51 GMT; Max-Age=21600; Path=/
sbr=sec:sbrf287e91a-5895-4f89-92bd-5675ff6a7059:1pOu8V:H-kxpefxHO3m-qKQkcfBbopx170; Domain=.chaturbate.com; expires=Sat, 01 Nov 2025 05:33:51 GMT; HttpOnly; Max-Age=86313600; Path=/; Secure
__cf_bm=XLXLy_bopuSIYyQZMdjcmAe4arQtEnVB2B30aS7TrPg-1675661631-0-AUvVEXZ4oxIdlrpBKCSqwCBO1w9IlQtqfqFfq5890YR85OcSs0dStZwTGOvvqfnIEP4GvgRI5AVhp92mXSno1zo=; path=/; expires=Mon, 06-Feb-23 06:03:51 GMT; domain=.chaturbate.com; HttpOnly; Secure; SameSite=None
strict-transport-security: max-age=31536000; includeSubDomains; preload
server: cloudflare
cf-ray: 7951836c2961fac0-OSL
X-Firefox-Spdy: h2
xfantazy.com/_next/static/EL4BCXkdtWPhg6C5p-CCd/pages/_app.js
200 OK 0 B URL HTTP/2 xfantazy.com/_next/static/EL4BCXkdtWPhg6C5p-CCd/pages/_app.js
IP
GET /_next/static/EL4BCXkdtWPhg6C5p-CCd/pages/_app.js HTTP/1.1
Host: xfantazy.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/video/601edb27d7357618a3cf5cec
Cookie: visitorId=csen51g57oaf7d37cztu0c; experiment-popup-payment-7=0; experiment-save-to-button-2=0
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Mon, 06 Feb 2023 05:33:46 GMT
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=31536000, immutable
cf-bgj: minify
etag: W/"20e2f-185ecc65286"
last-modified: Thu, 26 Jan 2023 06:31:38 GMT
vary: Origin, Accept-Encoding
cf-cache-status: HIT
age: 946868
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=wrz8QEJfRUtycNB5Yx9azKj4UkMYj%2Bw%2B8JEHlCuGZ6PSF2WWvNicYDVN9N8iyad8QZgh9nLC0gfYrLcIDQHkuLqIIsoZ8z80XpvqCtZEWtJAOURoObnkCDd3%2Bj6rYeg%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7951834f1bc723ca-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
a.naturalhealthsource.club/api/settings/289411
200 OK 0 B URL HTTP/2 a.naturalhealthsource.club/api/settings/289411
IP
ASN #24940 Hetzner Online GmbH
Analyzer Verdict Alert fortinet Malware
GET /api/settings/289411 HTTP/1.1
Host: a.naturalhealthsource.club
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://xfantazy.com/
Origin: https://xfantazy.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Mon, 06 Feb 2023 05:33:47 GMT
content-type: application/json
vary: Accept-Encoding
access-control-allow-origin: *
cache-control: private
content-encoding: gzip
X-Firefox-Spdy: h2
109d378489.9f84a22351.com/7121705192e9b3a4747c466e9dbef8e9/67059?version_name=a
200 OK 0 B URL HTTP/2 109d378489.9f84a22351.com/7121705192e9b3a4747c466e9dbef8e9/67059?version_name=a
IP
ASN #39572 DataWeb Global Group B.V.
Analyzer Verdict Alert quad9 Sinkholed
GET /7121705192e9b3a4747c466e9dbef8e9/67059?version_name=a HTTP/1.1
Host: 109d378489.9f84a22351.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://a.naturalhealthsource.club
Connection: keep-alive
Referer: https://a.naturalhealthsource.club/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Mon, 06 Feb 2023 05:33:50 GMT
content-type: application/json
server: nginx/1.18.0
cache-control: max-age=300
expires: Mon, 06 Feb 2023 05:38:50 GMT
x-proxy-cache: HIT
access-control-allow-origin: *
X-Firefox-Spdy: h2
xfantazy.com/_next/static/EL4BCXkdtWPhg6C5p-CCd/pages/video.js
200 OK 0 B URL HTTP/2 xfantazy.com/_next/static/EL4BCXkdtWPhg6C5p-CCd/pages/video.js
IP
GET /_next/static/EL4BCXkdtWPhg6C5p-CCd/pages/video.js HTTP/1.1
Host: xfantazy.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/video/601edb27d7357618a3cf5cec
Cookie: visitorId=csen51g57oaf7d37cztu0c; experiment-popup-payment-7=0; experiment-save-to-button-2=0
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Mon, 06 Feb 2023 05:33:46 GMT
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=31536000, immutable
cf-bgj: minify
etag: W/"597e-185ecc6528a"
last-modified: Thu, 26 Jan 2023 06:31:38 GMT
vary: Origin, Accept-Encoding
cf-cache-status: HIT
age: 946633
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=wqUCtJTnwkJztm1FKIiDXuJL60X8zvI1c5dEj3N84lYIIG%2FAHuzh6S8QkqOCyt6A4e8EnO70syY0fAx9us9qE%2B74C1p15tr694HULa5eujpo3WBOi5RsXXnR2o7AvfM%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7951834f1bc623ca-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
a.naturalhealthsource.club/api/spots/420556?p=1&s1=%subid1%&kw=
200 OK 0 B URL HTTP/2 a.naturalhealthsource.club/api/spots/420556?p=1&s1=%subid1%&kw=
IP
ASN #24940 Hetzner Online GmbH
GET /api/spots/420556?p=1&s1=%subid1%&kw= HTTP/1.1
Host: a.naturalhealthsource.club
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Cookie: nauid=KvXNypSNdxFKThmzsNz3
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Mon, 06 Feb 2023 05:33:50 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
cache-control: private
content-encoding: gzip
X-Firefox-Spdy: h2
172.64.163.22
185.98.53.29
23.36.77.32
93.158.134.119
88.214.205.55
159.69.163.6
104.18.100.40
31.13.72.36
135.181.208.216