xfantazy.com/video/62b0468413dbbc05e42a40cf
172.64.163.22302 Found 0 B URL HTTP/1.1 xfantazy.com/video/62b0468413dbbc05e42a40cf
IP 172.64.163.22:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /video/62b0468413dbbc05e42a40cf HTTP/1.1
Host: xfantazy.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 302 Found
Date: Tue, 20 Dec 2022 19:49:47 GMT
Content-Length: 0
Connection: keep-alive
location: https://xfantazy.com/video/62b0468413dbbc05e42a40cf
cache-control: no-cache
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=5kaf5TwbTLec9jlS0F7K3rYOK%2B%2BYmq%2BIdc%2F1VDSEvKIOpWeLI4t4hz90145G5oFLLLyvhYZGFjRxGq5tez2VR%2Bq6KMETiXCWPl6INahTbwxnw5uz9FCfof%2BHoYdooPU%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 77cae7398f367324-LHR
alt-svc: h2=":443"; ma=60
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 048cda18c6dbe7c4e4b106f5e1104b0a
1bd6f3367ccf446263b00ad8c1ece15a4164730b
66a680d9b8e454db94e14d2c4a466891e538b2d83ccee0dc65be62163992b4e0
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "66A680D9B8E454DB94E14D2C4A466891E538B2D83CCEE0DC65BE62163992B4E0"
Last-Modified: Tue, 20 Dec 2022 04:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8403
Expires: Tue, 20 Dec 2022 22:09:50 GMT
Date: Tue, 20 Dec 2022 19:49:47 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 04c14564c7083355371e41c5a09acada
ea488e34661be5420c798c7e26f193b4dee7bb37
d7e5c37d8e6cbed236670d050f84f288539642f7a41a54b0abd39357f7c42232
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "D7E5C37D8E6CBED236670D050F84F288539642F7A41A54B0ABD39357F7C42232"
Last-Modified: Tue, 20 Dec 2022 04:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5580
Expires: Tue, 20 Dec 2022 21:22:47 GMT
Date: Tue, 20 Dec 2022 19:49:47 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/
35.241.9.150200 OK 939 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash b44c4b5daa307a355e7bab1c83c1ca82
dbd14cd873f1dd4502f277b3f51cb7bc8da0c080
fd4604461cfa002c8a261bb14eb8dda56817db231b9012b2eb38d6dbc2674df5
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Backoff, Content-Length, Alert, Retry-After, Content-Type
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Tue, 20 Dec 2022 19:34:29 GMT
content-type: application/json
age: 918
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash cf03270e3476f7482a2cc7ddc6a9e857
ab70d5ee87b01e0601f8e518bf36f97c8ceeba9a
43a4e796860a1481636dac103488cadc68c261d13cfe835d273efc368e569f97
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "43A4E796860A1481636DAC103488CADC68C261D13CFE835D273EFC368E569F97"
Last-Modified: Sun, 18 Dec 2022 23:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5430
Expires: Tue, 20 Dec 2022 21:20:17 GMT
Date: Tue, 20 Dec 2022 19:49:47 GMT
Connection: keep-alive
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-01-19-10-06-33.chain
34.160.144.191200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-01-19-10-06-33.chain
IP 34.160.144.191:0
File type PEM certificate\012- , ASCII text
Hash 53341dea33f4f3d9b4966f80589f429a
20f7b07c686c986d2ed1e3e9ad1bb2aef8edaf0d
651683e52cdbc96b289f8f123155f0b96d9f67432689e89156fa56f5a346c6a0
GET /chains/remote-settings.content-signature.mozilla.org-2023-01-19-10-06-33.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: grGNnfDnWXUn6Q7S723Y9jsgb9r4B2Wp+7iggMmNfu4x4GJx5Ymlslt8Yob6DnEDiTal6QBttM8=
x-amz-request-id: VXW6V9Z9R9S73CQ7
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Tue, 20 Dec 2022 18:55:05 GMT
age: 3282
last-modified: Wed, 30 Nov 2022 10:06:34 GMT
etag: "53341dea33f4f3d9b4966f80589f429a"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
ocsp.pki.goog/s/gts1p5/HHuh0f0kcFg
142.250.74.131200 OK 472 B URL HTTP/1.1 ocsp.pki.goog/s/gts1p5/HHuh0f0kcFg
IP 142.250.74.131:0
Hash e3715bdd64875e442cef8ea3b5da358f
bb3e88b4e6cd713322f0a4d96fe6aff22f288aad
eacc62afdf9220af36d75eb434e57b4e4b9c4d87f43809d6c0f4d87836d2106b
POST /s/gts1p5/HHuh0f0kcFg HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 20 Dec 2022 19:49:47 GMT
Cache-Control: public, max-age=14400
Server: scaffolding on HTTPServer2
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Tue, 20 Dec 2022 19:49:47 GMT
content-type: application/json
content-length: 12
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-expose-headers: content-type
access-control-allow-credentials: true
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
35.241.9.150200 OK 329 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Backoff, Content-Length, Last-Modified, Retry-After, Content-Type, Alert, Pragma, ETag, Cache-Control, Expires
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Tue, 20 Dec 2022 19:33:24 GMT
age: 983
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
xfantazy.com/video/62b0468413dbbc05e42a40cf
172.64.162.22200 OK 25 kB URL HTTP/2 xfantazy.com/video/62b0468413dbbc05e42a40cf
IP 172.64.162.22:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (16321)
Hash e3aa4b0abdef15498be5d8fb775cf200
a9f9323c86c7ae501c9e5e5012149794a46bab36
b414f05b88cec2a704bb98e2dd1b03f6e1dc04e6e89341448abbfd338eeb156b
GET /video/62b0468413dbbc05e42a40cf HTTP/1.1
Host: xfantazy.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/2 200 OK
date: Tue, 20 Dec 2022 19:49:47 GMT
content-type: text/html; charset=utf-8
vary: Origin
set-cookie: visitorId=n911w4w633owt6udelmtyj; Domain=xfantazy.com; Path=/; Expires=Mon, 20 Dec 2032 19:49:47 GMT; HttpOnly
experiment-popup-payment-7=0; Path=/; Expires=Tue, 27 Dec 2022 19:49:47 GMT
experiment-save-to-button-2=0; Path=/; Expires=Tue, 27 Dec 2022 19:49:47 GMT
x-powered-by: Next.js
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=GybEpLQ19dj6ineb6yHx%2FcSqtIzLXQvWdaVCCdQftsyfeZ3JYBTVooPs6yixojj3VsgLCGiVxiXjdjlB5OS97kj5NhPhGQWo8beHvrELg2NNaZ8%2BcxzwBsZylnGTBuE%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 77cae73baa9923e8-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.pki.goog/s/gts1p5/HHuh0f0kcFg
142.250.74.131200 OK 472 B URL HTTP/1.1 ocsp.pki.goog/s/gts1p5/HHuh0f0kcFg
IP 142.250.74.131:0
Hash e3715bdd64875e442cef8ea3b5da358f
bb3e88b4e6cd713322f0a4d96fe6aff22f288aad
eacc62afdf9220af36d75eb434e57b4e4b9c4d87f43809d6c0f4d87836d2106b
POST /s/gts1p5/HHuh0f0kcFg HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 20 Dec 2022 19:49:48 GMT
Cache-Control: public, max-age=14400
Server: scaffolding on HTTPServer2
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 9d5518b05926e5fc608ad00c4abf3e01
273178a68589773d7c28a2360e64685937a5caa6
c0401c937edee3f05e3e41ab2b09af061962bcfa8471f2d0a0d91c3fe732843d
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 20 Dec 2022 19:49:48 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
xfantazy.com/_next/static/runtime/webpack-f4d22593ad73f080a168.js
172.64.162.22200 OK 5.4 kB URL HTTP/2 xfantazy.com/_next/static/runtime/webpack-f4d22593ad73f080a168.js
IP 172.64.162.22:0
File type ASCII text, with very long lines (12210), with no line terminators
Hash fc0d6651cdfc10d1a412379e448f26ac
bd3a0b29e6cc2fe332ab7735e8f3df7377343876
cca5087cb0597d14b9ba62278e78e48b673cd2eb5e12510cb07c8a34465a47d9
GET /_next/static/runtime/webpack-f4d22593ad73f080a168.js HTTP/1.1
Host: xfantazy.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/video/62b0468413dbbc05e42a40cf
Cookie: visitorId=n911w4w633owt6udelmtyj; experiment-popup-payment-7=0; experiment-save-to-button-2=0
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Tue, 20 Dec 2022 19:49:48 GMT
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=31536000, immutable
cf-bgj: minify
etag: W/"2fb2-183501634e2"
last-modified: Sun, 18 Sep 2022 10:12:56 GMT
vary: Origin, Accept-Encoding
cf-cache-status: HIT
age: 1348057
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=nFWF5iT6cSG%2FsSGj4y41lXa4OzU5PFGoFPmKkdsh95UVwKJnlIeRNAoBfU%2BH3jqs14zsH33j5hgbVYpnah6ZDEd7bX9%2FyiMrLYqdeUoR1Vs6FZKoJv3bAKwAvfNl2BE%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 77cae73f68d323e8-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
fonts.googleapis.com/css?family=Roboto:100,300,400,500,700&display=swap
142.250.74.74200 OK 1.3 kB URL HTTP/2 fonts.googleapis.com/css?family=Roboto:100,300,400,500,700&display=swap
IP 142.250.74.74:0
Hash 9a9f305a113ff5522db1c2650f467c04
1b88837334459d7b5e57f1bbd03ceb9449e6116b
26108e69e492b4639a0061c80001c43555bd602c70ec5b63bb384b55d9456aba
GET /css?family=Roboto:100,300,400,500,700&display=swap HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Tue, 20 Dec 2022 19:49:48 GMT
date: Tue, 20 Dec 2022 19:49:48 GMT
cache-control: private, max-age=86400
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash c92a63593449265941bccd2401ec3927
09bd5c279a11c5067d75300053d70e4e678d7140
a137e34a2d19637a6fe63ba801ce97be1ded72584f8a90798b4c0910526a4429
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 20 Dec 2022 19:49:48 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
static-cache.k2s.cc/thumbnail/I77Gu3Snza66_zyfqg/w320h240/0.jpeg
188.72.235.185200 OK 9.9 kB URL HTTP/2 static-cache.k2s.cc/thumbnail/I77Gu3Snza66_zyfqg/w320h240/0.jpeg
IP 188.72.235.185:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v80), quality = 80", baseline, precision 8, 320x240, components 3\012- data
Hash d007cecc2efb5e635d1a00a74f9a5381
6dad22c6ef739f5a07175311e19c36f453a67799
7808d8a08ae6b113a37caf77d5f88fa1702d73e59217339a57f081e43bf8d0ac
GET /thumbnail/I77Gu3Snza66_zyfqg/w320h240/0.jpeg HTTP/1.1
Host: static-cache.k2s.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: openresty
date: Tue, 20 Dec 2022 19:49:48 GMT
content-type: image/jpeg
content-length: 9882
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
access-control-allow-origin: *
x-cache-status: HIT
X-Firefox-Spdy: h2
static-cache.k2s.cc/thumbnail/LOnCuSOkmfvprjWQ_w/w320h240/0.jpeg
188.72.235.185200 OK 11 kB URL HTTP/2 static-cache.k2s.cc/thumbnail/LOnCuSOkmfvprjWQ_w/w320h240/0.jpeg
IP 188.72.235.185:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v80), quality = 80", baseline, precision 8, 320x240, components 3\012- data
Hash 55b2f3e78f4f4715dcd8ef10b1d173f2
c2ccc2a9c02e64ed4b056095e5b7c864627c8a0c
70a077339f05985c266636b7a65bc6e7d6e6b3119b0397b613442ec7b7989187
GET /thumbnail/LOnCuSOkmfvprjWQ_w/w320h240/0.jpeg HTTP/1.1
Host: static-cache.k2s.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: openresty
date: Tue, 20 Dec 2022 19:49:48 GMT
content-type: image/jpeg
content-length: 11337
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
access-control-allow-origin: *
x-cache-status: HIT
X-Firefox-Spdy: h2
static-cache.k2s.cc/thumbnail/IOibuX-iwqa_qWjD-g/w320h240/0.jpeg
188.72.235.185200 OK 13 kB URL HTTP/2 static-cache.k2s.cc/thumbnail/IOibuX-iwqa_qWjD-g/w320h240/0.jpeg
IP 188.72.235.185:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v80), quality = 80", baseline, precision 8, 320x240, components 3\012- data
Hash a7dda418c5bb9e3bc48005fd9fd6b4b3
b94ba89c87bdf1cf63627a1cd159acb123a8c40e
bfc951e9f53c92d8024d3035722685de826e132e931bb4733928626f725e4ee6
GET /thumbnail/IOibuX-iwqa_qWjD-g/w320h240/0.jpeg HTTP/1.1
Host: static-cache.k2s.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: openresty
date: Tue, 20 Dec 2022 19:49:48 GMT
content-type: image/jpeg
content-length: 12842
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
access-control-allow-origin: *
x-cache-status: HIT
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash eadadfec0a65bce69128230cfa49f936
1ae7fbb4969315fc2d13cf0a63d1909c499147db
bbd8831dd832214747d09faca8a7092b1e72dbaec35ee513bf6663caaea3e488
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 20 Dec 2022 19:49:48 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
static-cache.k2s.cc/thumbnail/JezF7n6mw6y4_j-W_Q/w320h240/0.jpeg
188.72.235.185200 OK 14 kB URL HTTP/2 static-cache.k2s.cc/thumbnail/JezF7n6mw6y4_j-W_Q/w320h240/0.jpeg
IP 188.72.235.185:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v80), quality = 80", baseline, precision 8, 320x240, components 3\012- data
Hash 5c186172f0d01775124c3b017c031d57
fb745739d7b0b69a53bb73aad36c0e7b38c3996d
8b92e57e49c8c2d5817af260b08b0c30b3d2a095bc4c71f26f8d93cd85ef5c36
GET /thumbnail/JezF7n6mw6y4_j-W_Q/w320h240/0.jpeg HTTP/1.1
Host: static-cache.k2s.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: openresty
date: Tue, 20 Dec 2022 19:49:48 GMT
content-type: image/jpeg
content-length: 14426
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
access-control-allow-origin: *
x-cache-status: HIT
X-Firefox-Spdy: h2
push.services.mozilla.com/
54.149.219.22101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 54.149.219.22:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: 0rDI4wLiL7qg1Fj4q+mUdQ==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: HXmvmkwYQBP+Jh6UZcY6xgB//w8=
www.googletagmanager.com/gtm.js?id=GTM-PLKQLTX
172.217.21.168200 OK 54 kB URL HTTP/2 www.googletagmanager.com/gtm.js?id=GTM-PLKQLTX
IP 172.217.21.168:0
File type ASCII text, with very long lines (15971)
Hash 5ab45a2d4d584b52ef250fe82c6e3c1b
bcacda1b6a4882248fd131920fb2789dec8ac3de
0d22fab877e79d975f8496d2baeddc8b68e278254a641f8928ff629c6c51e905
GET /gtm.js?id=GTM-PLKQLTX HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Tue, 20 Dec 2022 19:49:48 GMT
expires: Tue, 20 Dec 2022 19:49:48 GMT
cache-control: private, max-age=900
last-modified: Tue, 20 Dec 2022 18:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 54310
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash eadadfec0a65bce69128230cfa49f936
1ae7fbb4969315fc2d13cf0a63d1909c499147db
bbd8831dd832214747d09faca8a7092b1e72dbaec35ee513bf6663caaea3e488
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 20 Dec 2022 19:49:48 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
xfantazy.com/_next/static/runtime/main-8daa673a54696bb62abb.js
172.64.162.22200 OK 41 kB URL HTTP/2 xfantazy.com/_next/static/runtime/main-8daa673a54696bb62abb.js
IP 172.64.162.22:0
File type ASCII text, with very long lines (65536), with no line terminators
Hash 012233ec39054cfb617829f3fb6b9505
1eff0f6900ac1eb24f9326246f8d81f1e3302bc7
6f14e46d0ad58011e9b99502aa3ea2c42123d571f1c5300e14b36aee162c362a
GET /_next/static/runtime/main-8daa673a54696bb62abb.js HTTP/1.1
Host: xfantazy.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/video/62b0468413dbbc05e42a40cf
Cookie: visitorId=n911w4w633owt6udelmtyj; experiment-popup-payment-7=0; experiment-save-to-button-2=0
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Tue, 20 Dec 2022 19:49:48 GMT
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=31536000, immutable
cf-bgj: minify
etag: W/"11cd7-18350162aec"
last-modified: Sun, 18 Sep 2022 10:12:53 GMT
vary: Origin, Accept-Encoding
cf-cache-status: HIT
age: 1348057
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2BeFDO1jkV%2BA%2BKtiwz4iLySpWOraC3OflYgqzjL267br4roMV52nHQW3xo1GMtmDZvVSjPKSISbpIupXxYvu4wNl1CChZI9myzTCY0wT2WEfNY2jmZh%2F0nEEE%2BVJ%2Fl%2BQ%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 77cae73f893f23e8-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
xfantazy.com/_next/static/jHZyLbKEM9kba_Tjd8V5n/pages/video.js
172.64.162.22200 OK 24 kB URL HTTP/2 xfantazy.com/_next/static/jHZyLbKEM9kba_Tjd8V5n/pages/video.js
IP 172.64.162.22:0
File type ASCII text, with very long lines (22910), with no line terminators
Hash 9baa8b2ebafc292110823198a7864908
89e441297ff8c38ef62cd5e8f7841b8ab3347e41
129bbae441e24fe196652b4a44968708e362b34bacde1bd7c95d3c769caa20a5
GET /_next/static/jHZyLbKEM9kba_Tjd8V5n/pages/video.js HTTP/1.1
Host: xfantazy.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/video/62b0468413dbbc05e42a40cf
Cookie: visitorId=n911w4w633owt6udelmtyj; experiment-popup-payment-7=0; experiment-save-to-button-2=0
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Tue, 20 Dec 2022 19:49:48 GMT
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=31536000, immutable
cf-bgj: minify
etag: W/"597e-1852f08d136"
last-modified: Tue, 20 Dec 2022 10:16:25 GMT
vary: Origin, Accept-Encoding
cf-cache-status: HIT
age: 34306
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=hBOaryIAjdAqzS5DTtHSw%2FCgIc7DJSvxHdY4%2BczNbRR8WM1fD6DHtk6iNQgEm4gqRaB%2FTEOw1B4jLnWHp7TdlMJtk6sIcJ0MrEsFi7lbnqjwCfkEg%2FIt7b3UoswOaX0%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 77cae73f589323e8-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash c92a63593449265941bccd2401ec3927
09bd5c279a11c5067d75300053d70e4e678d7140
a137e34a2d19637a6fe63ba801ce97be1ded72584f8a90798b4c0910526a4429
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 20 Dec 2022 19:49:48 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
xfantazy.com/_next/static/chunks/47.6c9a4510342e4dd3af77.js
172.64.162.22200 OK 1.3 kB URL HTTP/2 xfantazy.com/_next/static/chunks/47.6c9a4510342e4dd3af77.js
IP 172.64.162.22:0
File type ASCII text, with very long lines (1568), with no line terminators
Hash 800fe25d4a0e8805f79c1872a68fb429
5f7dff2f4b357363bd35764adb096682d6ebf16b
06f278fe842926ffb69efdd7641e6897cf5548e1410baeb2da1f2d66f6ea09d5
GET /_next/static/chunks/47.6c9a4510342e4dd3af77.js HTTP/1.1
Host: xfantazy.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/video/62b0468413dbbc05e42a40cf
Cookie: visitorId=n911w4w633owt6udelmtyj; experiment-popup-payment-7=0; experiment-save-to-button-2=0
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Tue, 20 Dec 2022 19:49:48 GMT
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=31536000, immutable
cf-bgj: minify
etag: W/"620-183501656fb"
last-modified: Sun, 18 Sep 2022 10:13:04 GMT
vary: Origin, Accept-Encoding
cf-cache-status: HIT
age: 1348044
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=o3QBOKup5DUUzq8fZr9h770gUzK9ITEBQm5v69NkZBQJ2xvas0zWfC4mstNFuI65gMXZ9O0fzwI3AoQFsQtIyYUb1TNfluokEV6lhFD%2FcoVLgtHBif%2B2bV4QKFLSy50%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 77cae73f68cd23e8-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.sectigo.com/
104.18.32.68200 OK 472 B IP 104.18.32.68:0
Hash 5fc469a669e2d045ca7b765022999bb3
fad4bbea6f454b6f4d39f4f185b7d95598d50fb4
373374dac5aceeecf467565c57b09187b053a658835c26905495261ea03fff4c
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Tue, 20 Dec 2022 19:49:48 GMT
Content-Type: application/ocsp-response
Content-Length: 472
Connection: keep-alive
Last-Modified: Tue, 20 Dec 2022 15:14:19 GMT
Expires: Tue, 27 Dec 2022 15:14:18 GMT
Etag: "fad4bbea6f454b6f4d39f4f185b7d95598d50fb4"
Cache-Control: max-age=587669,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb2
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 77cae73fcd320afa-OSL
fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2
216.58.207.227200 OK 16 kB URL HTTP/2 fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2
IP 216.58.207.227:0
File type Web Open Font Format (Version 2), TrueType, length 15860, version 1.0\012- data
Hash e9f5aaf547f165386cd313b995dddd8e
acdef5603c2387b0e5bffd744b679a24a8bc1968
f5aebdfea35d1e7656ef4acc5db1f243209755ae3300943ef8fc6280f363c860
GET /s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://xfantazy.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15860
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Fri, 16 Dec 2022 13:33:13 GMT
expires: Sat, 16 Dec 2023 13:33:13 GMT
cache-control: public, max-age=31536000
age: 368195
last-modified: Wed, 11 May 2022 19:24:42 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.sectigo.com/
104.18.32.68200 OK 472 B IP 104.18.32.68:0
Hash 5fc469a669e2d045ca7b765022999bb3
fad4bbea6f454b6f4d39f4f185b7d95598d50fb4
373374dac5aceeecf467565c57b09187b053a658835c26905495261ea03fff4c
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Tue, 20 Dec 2022 19:49:48 GMT
Content-Type: application/ocsp-response
Content-Length: 472
Connection: keep-alive
Last-Modified: Tue, 20 Dec 2022 15:14:19 GMT
Expires: Tue, 27 Dec 2022 15:14:18 GMT
Etag: "fad4bbea6f454b6f4d39f4f185b7d95598d50fb4"
Cache-Control: max-age=587669,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb2
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 77cae73fcb7cb51e-OSL
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash eadadfec0a65bce69128230cfa49f936
1ae7fbb4969315fc2d13cf0a63d1909c499147db
bbd8831dd832214747d09faca8a7092b1e72dbaec35ee513bf6663caaea3e488
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 20 Dec 2022 19:49:48 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.google-analytics.com/analytics.js
142.250.74.46200 OK 20 kB URL HTTP/2 www.google-analytics.com/analytics.js
IP 142.250.74.46:0
File type ASCII text, with very long lines (1325)
Hash 47e6f374ca946fddd5b59871b325736c
baa9282efc8785e84d247c3bff518eaa45f101c4
16580b5c87c58e5702e411f1888fdef511094e4cd6d62bb47d16291ffb25985e
GET /analytics.js HTTP/1.1
Host: www.google-analytics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 20039
date: Tue, 20 Dec 2022 19:34:02 GMT
expires: Tue, 20 Dec 2022 21:34:02 GMT
cache-control: public, max-age=7200
age: 946
last-modified: Tue, 27 Sep 2022 22:01:05 GMT
content-type: text/javascript
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
cdn.jsdelivr.net/npm/yandex-metrica-watch/tag.js
151.101.65.229200 OK 86 kB URL HTTP/2 cdn.jsdelivr.net/npm/yandex-metrica-watch/tag.js
IP 151.101.65.229:0
File type Unicode text, UTF-8 (with BOM) text, with very long lines (659)
Hash 7361fe1ebbacfbaa1f6e3e2dbd0f09b5
351da1406a2047451e59680a52aa4a06bdbe5962
55a823d8bc416e4ddf6ac9991271aca78c67ed91f3ad10f6a97c2e6a24fe3cb2
GET /npm/yandex-metrica-watch/tag.js HTTP/1.1
Host: cdn.jsdelivr.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: *
timing-allow-origin: *
cache-control: public, max-age=604800, s-maxage=43200
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/javascript; charset=utf-8
x-jsd-version: 1.254.0
x-jsd-version-type: version
etag: W/"34e26-KgwGOkpaxk/k0H371fENiT+/i4k"
content-encoding: gzip
accept-ranges: bytes
date: Tue, 20 Dec 2022 19:49:48 GMT
age: 5093
x-served-by: cache-fra-eddf8230060-FRA, cache-bma1670-BMA
x-cache: HIT, HIT
vary: Accept-Encoding
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 85699
X-Firefox-Spdy: h2
ocsp.globalsign.com/ca/gsatlasr3dvtlsca2022q1
104.18.21.226200 OK 1.5 kB URL HTTP/1.1 ocsp.globalsign.com/ca/gsatlasr3dvtlsca2022q1
IP 104.18.21.226:0
Hash 6dfce7135b86be79c5c4eca0e2fdd238
c0400327e934f88e310f710527b3994647f09f7b
22308cb032461e6a5eb9688373e120f2783733978081db82bed8d4439fb5a43e
POST /ca/gsatlasr3dvtlsca2022q1 HTTP/1.1
Host: ocsp.globalsign.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Tue, 20 Dec 2022 19:49:48 GMT
Content-Type: application/ocsp-response
Transfer-Encoding: chunked
Connection: keep-alive
Etag: "BC3A00E6F0D799AC192C68E469E00EB22F998D81"
Expires: Wed, 21 Dec 2022 07:00:00 GMT
Last-Modified: Tue, 20 Dec 2022 19:00:00 UTC
Cache-Control: s-maxage=3600, public, no-transform, must-revalidate
CF-Cache-Status: HIT
Age: 1402
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 77cae743bf1d0b41-OSL
ocsp.globalsign.com/gseccovsslca2018
104.18.21.226200 OK 2.7 kB URL HTTP/1.1 ocsp.globalsign.com/gseccovsslca2018
IP 104.18.21.226:0
Hash 693c0397a0deed12dd81b33222d605af
c7510f795f1a651a95a9542c3ab42d29683707d8
ec213a577f5f5197d16ac888cc3a765fbd664682efca4689af31d7b5aff75f60
POST /gseccovsslca2018 HTTP/1.1
Host: ocsp.globalsign.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 79
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Tue, 20 Dec 2022 19:49:49 GMT
Content-Type: application/ocsp-response
Content-Length: 937
Connection: keep-alive
Expires: Sat, 24 Dec 2022 15:51:47 GMT
ETag: "ef8235d4945886927f16954809281d6637b9aba7"
Last-Modified: Tue, 20 Dec 2022 15:51:48 GMT
Cache-Control: public, no-transform, must-revalidate, s-maxage=3600
CF-Cache-Status: HIT
Age: 2955
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 77cae74749ef0b41-OSL
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash a263ec78522f331877b8f7d44b6f9946
36bcfc29e161f373ee2c5efe79e7c668bf0c7e3e
8a306d02861db113d5b42d19f948bb9be5afb901be157f06b44fb57dd036b2a4
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "8A306D02861DB113D5B42D19F948BB9BE5AFB901BE157F06B44FB57DD036B2A4"
Last-Modified: Sun, 18 Dec 2022 19:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2906
Expires: Tue, 20 Dec 2022 20:38:15 GMT
Date: Tue, 20 Dec 2022 19:49:49 GMT
Connection: keep-alive
mc.yandex.ru/watch/49415098/1?wmode=7&page-url=https%3A%2F%2Fxfantazy.com%2Fvideo%2F62b0468413dbbc05e42a40cf&charset=utf-8&browser-info=pv%3A1%3Avf%3A14qzoz81s4a176hik6jd9j%3Afp%3A1327%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A951%3Acn%3A1%3Adp%3A0%3Als%3A594744706275%3Ahid%3A523738448%3Az%3A0%3Ai%3A20221220194956%3Aet%3A1671565797%3Ac%3A1%3Arn%3A424804259%3Arqn%3A1%3Au%3A1671565797558804053%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ads%3A1%2C153%2C446%2C23%2C278%2C0%2C%2C231%2C8%2C%2C%2C%2C1320%3Aco%3A0%3Ans%3A1671565794371%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1671565797%3At%3ALoverachelle2%20-%20Solo%2C%20Big%20Ass%2C%20%2C%20Big%20Butt%2C%20Girl%20%28Full%20HD%29%20-%20XFantazy.com&t=gdpr%2814%29clc%280-0-0%29rqnt%281%29aw%281%29fip%281%29ti%282%29
93.158.134.119200 OK 419 B URL HTTP/2 mc.yandex.ru/watch/49415098/1?wmode=7&page-url=https%3A%2F%2Fxfantazy.com%2Fvideo%2F62b0468413dbbc05e42a40cf&charset=utf-8&browser-info=pv%3A1%3Avf%3A14qzoz81s4a176hik6jd9j%3Afp%3A1327%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A951%3Acn%3A1%3Adp%3A0%3Als%3A594744706275%3Ahid%3A523738448%3Az%3A0%3Ai%3A20221220194956%3Aet%3A1671565797%3Ac%3A1%3Arn%3A424804259%3Arqn%3A1%3Au%3A1671565797558804053%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ads%3A1%2C153%2C446%2C23%2C278%2C0%2C%2C231%2C8%2C%2C%2C%2C1320%3Aco%3A0%3Ans%3A1671565794371%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1671565797%3At%3ALoverachelle2%20-%20Solo%2C%20Big%20Ass%2C%20%2C%20Big%20Butt%2C%20Girl%20%28Full%20HD%29%20-%20XFantazy.com&t=gdpr%2814%29clc%280-0-0%29rqnt%281%29aw%281%29fip%281%29ti%282%29
IP 93.158.134.119:0
File type JSON data\012- , ASCII text, with very long lines (419), with no line terminators
Hash 4b2508a4b1eba1a787cc718c8033cdb3
e0866c3b7ff93a77d227b5b373b2a6fc71b29470
2c39bbf0596de02d51f87fe931eac2ef086e0c75c080fbaa8a9a41add8ffde95
GET /watch/49415098/1?wmode=7&page-url=https%3A%2F%2Fxfantazy.com%2Fvideo%2F62b0468413dbbc05e42a40cf&charset=utf-8&browser-info=pv%3A1%3Avf%3A14qzoz81s4a176hik6jd9j%3Afp%3A1327%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A951%3Acn%3A1%3Adp%3A0%3Als%3A594744706275%3Ahid%3A523738448%3Az%3A0%3Ai%3A20221220194956%3Aet%3A1671565797%3Ac%3A1%3Arn%3A424804259%3Arqn%3A1%3Au%3A1671565797558804053%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ads%3A1%2C153%2C446%2C23%2C278%2C0%2C%2C231%2C8%2C%2C%2C%2C1320%3Aco%3A0%3Ans%3A1671565794371%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1671565797%3At%3ALoverachelle2%20-%20Solo%2C%20Big%20Ass%2C%20%2C%20Big%20Butt%2C%20Girl%20%28Full%20HD%29%20-%20XFantazy.com&t=gdpr%2814%29clc%280-0-0%29rqnt%281%29aw%281%29fip%281%29ti%282%29 HTTP/1.1
Host: mc.yandex.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://xfantazy.com
Referer: https://xfantazy.com/
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-length: 419
date: Tue, 20 Dec 2022 19:49:49 GMT
x-content-type-options: nosniff
access-control-allow-origin: https://xfantazy.com
access-control-allow-credentials: true
pragma: no-cache
x-xss-protection: 1; mode=block
expires: Tue, 20-Dec-2022 19:49:49 GMT
last-modified: Tue, 20-Dec-2022 19:49:49 GMT
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
content-type: application/json; charset=utf-8
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash a56fe40bb830b8df51463b9c483dee3a
200bc2f67c554cca774ea56f3d2e013c24498994
fcfe9d888f89d7414707a896de77760c83a5c56f8ee380661ef21f4bf80e269c
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "FCFE9D888F89D7414707A896DE77760C83A5C56F8EE380661EF21F4BF80E269C"
Last-Modified: Tue, 20 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5663
Expires: Tue, 20 Dec 2022 21:24:12 GMT
Date: Tue, 20 Dec 2022 19:49:49 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 746409a88b1342fe7b570306c302c71e
e08a7bf55e08a498f2eed6a35b90107fc0bdb303
9352308fd047bafceddfaf2a9a6eab650593f16ff5632330a4bf745750704650
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "9352308FD047BAFCEDDFAF2A9A6EAB650593F16FF5632330A4BF745750704650"
Last-Modified: Tue, 20 Dec 2022 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7408
Expires: Tue, 20 Dec 2022 21:53:17 GMT
Date: Tue, 20 Dec 2022 19:49:49 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 746409a88b1342fe7b570306c302c71e
e08a7bf55e08a498f2eed6a35b90107fc0bdb303
9352308fd047bafceddfaf2a9a6eab650593f16ff5632330a4bf745750704650
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "9352308FD047BAFCEDDFAF2A9A6EAB650593F16FF5632330A4BF745750704650"
Last-Modified: Tue, 20 Dec 2022 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7408
Expires: Tue, 20 Dec 2022 21:53:17 GMT
Date: Tue, 20 Dec 2022 19:49:49 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 746409a88b1342fe7b570306c302c71e
e08a7bf55e08a498f2eed6a35b90107fc0bdb303
9352308fd047bafceddfaf2a9a6eab650593f16ff5632330a4bf745750704650
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "9352308FD047BAFCEDDFAF2A9A6EAB650593F16FF5632330A4BF745750704650"
Last-Modified: Tue, 20 Dec 2022 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7408
Expires: Tue, 20 Dec 2022 21:53:17 GMT
Date: Tue, 20 Dec 2022 19:49:49 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1e977b0b-6e7d-42dd-9743-5064708ab1e0.jpeg
34.120.237.76200 OK 7.9 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1e977b0b-6e7d-42dd-9743-5064708ab1e0.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash b5da803c751be159f0f5b3c2f65bd2b6
39139480cfc2ed0781b51745bfaabed4490aa0db
920ee464843101c638327866fbfcc9c7f00fc19b7cdbc8948fbe53d2b6fb4ed3
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1e977b0b-6e7d-42dd-9743-5064708ab1e0.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7876
x-amzn-requestid: 668c95f2-a1b1-4abd-9f4e-23d05c4998a5
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: da270EFlIAMFR5A=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63a10518-56d6db4f4cff1b4e08b87046;Sampled=0
x-amzn-remapped-date: Tue, 20 Dec 2022 00:43:04 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C3
x-cache: Hit from cloudfront
x-amz-cf-id: Hy6G0TSJc89Fyo8X3mLQ4nY4Y-2Xva9gqcLLAZH_T61Kk-6cMmhqQQ==
via: 1.1 5ab5dc09da67e3ea794ec8a82992cc88.cloudfront.net (CloudFront), 1.1 cca7d60248a961ff8fc8c5640024b652.cloudfront.net (CloudFront), 1.1 google
date: Tue, 20 Dec 2022 01:08:39 GMT
age: 67270
etag: "39139480cfc2ed0781b51745bfaabed4490aa0db"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe2ded193-0301-4ad3-a888-72c52212ad95.jpeg
34.120.237.76200 OK 5.2 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe2ded193-0301-4ad3-a888-72c52212ad95.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash bfd0e913579b4ff2f511223d70cb01fb
497e0ffef816e100e6ddc221ec17d5f389c1142a
bee68ae1a938a5111a32dab4ec4f6964994e6c39143eac9ab94d6c5e29999372
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe2ded193-0301-4ad3-a888-72c52212ad95.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 5185
x-amzn-requestid: 3087af97-3f2d-4848-b297-eba8d84f10c5
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: dT10YHv8oAMF2sg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-639e3682-7527022d4bd9c15518fe75cc;Sampled=0
x-amzn-remapped-date: Sat, 17 Dec 2022 21:37:06 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: KyEMrUTeuVTPJ3EIkrH1DLYqa4bHK7fe6dApTAFP4XY0G4airnflGA==
via: 1.1 98e601970ea59f4d5f56a752787ff9fc.cloudfront.net (CloudFront), 1.1 fda3b2797d2719576f6b916583a28e52.cloudfront.net (CloudFront), 1.1 google
date: Mon, 19 Dec 2022 21:37:07 GMT
age: 79962
etag: "497e0ffef816e100e6ddc221ec17d5f389c1142a"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb2f35059-99cc-477d-9e68-c3a035d125df.jpeg
34.120.237.76200 OK 9.3 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb2f35059-99cc-477d-9e68-c3a035d125df.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash bba7c67bdc57d1fe2870ebd4ee9fd5c9
127850560e258665ca8074757c1b66f680d2bd78
9edd765e65644edfe4221352225cb89ebe98fa451d9528b8b614d594a20e100d
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb2f35059-99cc-477d-9e68-c3a035d125df.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 9265
x-amzn-requestid: d84f905b-7faf-409a-b188-4b8cf06b9e4f
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: da4KJGx9oAMFrQg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63a1070d-43152d9651bcb4a15ffe1cfa;Sampled=0
x-amzn-remapped-date: Tue, 20 Dec 2022 00:51:25 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C3
x-cache: Miss from cloudfront
x-amz-cf-id: uGYoskcC2ev3JFxsBZGglmBiCCWmjo5Xg2zqe5925zArdzRk5QtuTQ==
via: 1.1 030fe0607711293dda988e571617a9f2.cloudfront.net (CloudFront), 1.1 c5c7edc18be1805f007e0576da02e554.cloudfront.net (CloudFront), 1.1 google
date: Tue, 20 Dec 2022 01:24:18 GMT
age: 66331
etag: "127850560e258665ca8074757c1b66f680d2bd78"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe7b99ff1-3a90-4792-98d7-d8a29855c0b3.jpeg
34.120.237.76200 OK 9.6 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe7b99ff1-3a90-4792-98d7-d8a29855c0b3.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 49a98c00b1949e152b5f31c588a76a63
1315068dfd111f24e39d14434c719ef10328bfbf
6f67099495261e1114eeca46d2afd3c0bc6921fbc20a6e3e78c4af5d1c9edbc2
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe7b99ff1-3a90-4792-98d7-d8a29855c0b3.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 9593
x-amzn-requestid: 3a50abdf-4974-4f53-bdc6-5c15a84fea65
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: da6rNHYQoAMFdzg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63a10b14-40a012f068ef226f07b54875;Sampled=0
x-amzn-remapped-date: Tue, 20 Dec 2022 01:08:36 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C3
x-cache: Hit from cloudfront
x-amz-cf-id: _0MpwiIILMLLAXutPvNrycEQypsLabZiiSEUKOWJnGWz5Q4gYsxcow==
via: 1.1 d1151317ba32afe0e6370fd69fed222e.cloudfront.net (CloudFront), 1.1 446e26a256db1310ae719d818e420898.cloudfront.net (CloudFront), 1.1 google
date: Tue, 20 Dec 2022 01:33:12 GMT
age: 65797
etag: "1315068dfd111f24e39d14434c719ef10328bfbf"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F82b028aa-d0e3-4082-a385-1385bc5c6e06.jpeg
34.120.237.76200 OK 9.2 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F82b028aa-d0e3-4082-a385-1385bc5c6e06.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 045f016fb66e6e0d1da1fb742d9b19a7
8f98bf2cedfccfce71464a733e2fd37482fd71c2
593cf38d1c2c315ff23fcda60e41141caa0266874f36a0c517554ca01ea51f12
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F82b028aa-d0e3-4082-a385-1385bc5c6e06.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 9216
x-amzn-requestid: 460a95bf-5724-4bea-b6c1-f6ce263da5e7
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: dabq8FXboAMFwCQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63a0d979-70340469247cdcf952a98c3e;Sampled=0
x-amzn-remapped-date: Mon, 19 Dec 2022 21:36:57 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C3
x-cache: Hit from cloudfront
x-amz-cf-id: 7yYJKslDn22-iL_OH_VIiZdrTMJ-9c-DyORpGZ4d2MZLDoX5PpekRw==
via: 1.1 f13aef0c4b52f6f681401f232d03eb68.cloudfront.net (CloudFront), 1.1 446e26a256db1310ae719d818e420898.cloudfront.net (CloudFront), 1.1 google
date: Mon, 19 Dec 2022 21:48:32 GMT
age: 79277
etag: "8f98bf2cedfccfce71464a733e2fd37482fd71c2"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4d762722-a130-4c65-99b1-2f6fb91155e5.jpeg
34.120.237.76200 OK 8.5 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4d762722-a130-4c65-99b1-2f6fb91155e5.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash c7ac0b5738bab6b4ed770c26ca922250
e56fd4ee2f5354a54a6271db2be528f98eecd3d7
5997d5be6bbeb189ef08af2f6c6dd5bb0cfa70ad7b40daab8712efe5adc2c6e1
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4d762722-a130-4c65-99b1-2f6fb91155e5.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8450
x-amzn-requestid: a9f11c68-8327-46ba-9075-e316a2f9fdbb
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: dabr3FoSIAMFdtQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63a0d97e-61b788f5675fe0e815e1e967;Sampled=0
x-amzn-remapped-date: Mon, 19 Dec 2022 21:37:02 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C3
x-cache: Hit from cloudfront
x-amz-cf-id: EFtrPmVeBdwlINxF0wQq0671EksYsi6nsyFd5E4SCSH4_bQyGaNQHQ==
via: 1.1 28a7186077f9b5270d98dd053f31303e.cloudfront.net (CloudFront), 1.1 a06140ffee86972bad90c57fc682df36.cloudfront.net (CloudFront), 1.1 google
date: Mon, 19 Dec 2022 21:48:36 GMT
age: 79273
etag: "e56fd4ee2f5354a54a6271db2be528f98eecd3d7"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
exploredefinitely.com/a2/f9/90/a2f990f10476061c719d1c1aa3a2ecd2.js
173.233.137.36200 OK 13 kB URL HTTP/1.1 exploredefinitely.com/a2/f9/90/a2f990f10476061c719d1c1aa3a2ecd2.js
IP 173.233.137.36:0
File type ASCII text, with very long lines (37173), with no line terminators
Hash 65e41f4ec8284211311320f7608da53c
9265b91c134534a636a290116e1524a90b1a3cd4
8fe806fab5d71cae920e2545edb39e76141cbbbd10e502806c65ad1b63250558
GET /a2/f9/90/a2f990f10476061c719d1c1aa3a2ecd2.js HTTP/1.1
Host: exploredefinitely.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Tue, 20 Dec 2022 19:49:49 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: c54b55aad560295b5590d795f9a3e363
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
e1.o.lencr.org/
23.36.77.32200 OK 344 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 437842742f8b45e90ce947a3ad72e00f
9411d1a55f400af3fedc2020ab405fe9159d20d7
57fbdc61d28655e9f33f6ad08baafc9920e1a0f262581b21d357184a20480425
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 344
ETag: "57FBDC61D28655E9F33F6AD08BAAFC9920E1A0F262581B21D357184A20480425"
Last-Modified: Tue, 20 Dec 2022 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6208
Expires: Tue, 20 Dec 2022 21:33:17 GMT
Date: Tue, 20 Dec 2022 19:49:49 GMT
Connection: keep-alive
skiingsettling.com/21/fe/39/21fe3950f412e026c33f1b6cee613eba.js
192.243.61.227200 OK 13 kB URL HTTP/1.1 skiingsettling.com/21/fe/39/21fe3950f412e026c33f1b6cee613eba.js
IP 192.243.61.227:0
ASN #39572 DataWeb Global Group B.V.
File type ASCII text, with very long lines (37143), with no line terminators
Hash 3a22e840cd28f4aa791180c93efc4054
655f3352896f78e40cf8e32f62e1d75824b7ee5f
f4084e82a56ee99ae9995175f3d4f6e75682871bf6f6e8a88e82e9c12b10a911
Analyzer Verdict Alert quad9 Sinkholed
GET /21/fe/39/21fe3950f412e026c33f1b6cee613eba.js HTTP/1.1
Host: skiingsettling.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Tue, 20 Dec 2022 19:49:49 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 4769e574233ede8a8bf956638fe31ad7
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
mc.yandex.ru/watch/49415098/1?page-url=https%3A%2F%2Fxfantazy.com%2Fvideo%2F62b0468413dbbc05e42a40cf&charset=utf-8&hittoken=1671565789_ab9e7a08f4f94617bd4389f9b32e2420f6fa721a266e776f19de9fc30ac06a90&browser-info=pa%3A1%3Aar%3A1%3Avf%3A14qzoz81s4a176hik6jd9j%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A951%3Acn%3A1%3Adp%3A0%3Als%3A594744706275%3Ahid%3A523738448%3Az%3A0%3Ai%3A20221220194957%3Aet%3A1671565797%3Ac%3A1%3Arn%3A726883533%3Arqn%3A2%3Au%3A1671565797558804053%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Aco%3A0%3Ans%3A1671565794371%3Ast%3A1671565797&t=gdpr(14)mc(p-6)clc(0-0-0)rqnt(2)aw(1)ti(2)
93.158.134.119200 OK 43 B URL HTTP/2 mc.yandex.ru/watch/49415098/1?page-url=https%3A%2F%2Fxfantazy.com%2Fvideo%2F62b0468413dbbc05e42a40cf&charset=utf-8&hittoken=1671565789_ab9e7a08f4f94617bd4389f9b32e2420f6fa721a266e776f19de9fc30ac06a90&browser-info=pa%3A1%3Aar%3A1%3Avf%3A14qzoz81s4a176hik6jd9j%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A951%3Acn%3A1%3Adp%3A0%3Als%3A594744706275%3Ahid%3A523738448%3Az%3A0%3Ai%3A20221220194957%3Aet%3A1671565797%3Ac%3A1%3Arn%3A726883533%3Arqn%3A2%3Au%3A1671565797558804053%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Aco%3A0%3Ans%3A1671565794371%3Ast%3A1671565797&t=gdpr(14)mc(p-6)clc(0-0-0)rqnt(2)aw(1)ti(2)
IP 93.158.134.119:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash df3e567d6f16d040326c7a0ea29a4f41
ea7df583983133b62712b5e73bffbcd45cc53736
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
POST /watch/49415098/1?page-url=https%3A%2F%2Fxfantazy.com%2Fvideo%2F62b0468413dbbc05e42a40cf&charset=utf-8&hittoken=1671565789_ab9e7a08f4f94617bd4389f9b32e2420f6fa721a266e776f19de9fc30ac06a90&browser-info=pa%3A1%3Aar%3A1%3Avf%3A14qzoz81s4a176hik6jd9j%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A951%3Acn%3A1%3Adp%3A0%3Als%3A594744706275%3Ahid%3A523738448%3Az%3A0%3Ai%3A20221220194957%3Aet%3A1671565797%3Ac%3A1%3Arn%3A726883533%3Arqn%3A2%3Au%3A1671565797558804053%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Aco%3A0%3Ans%3A1671565794371%3Ast%3A1671565797&t=gdpr(14)mc(p-6)clc(0-0-0)rqnt(2)aw(1)ti(2) HTTP/1.1
Host: mc.yandex.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Content-Length: 45
Origin: https://xfantazy.com
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-length: 43
date: Tue, 20 Dec 2022 19:49:49 GMT
access-control-allow-origin: https://xfantazy.com
access-control-allow-credentials: true
pragma: no-cache
x-xss-protection: 1; mode=block
expires: Tue, 20-Dec-2022 19:49:49 GMT
last-modified: Tue, 20-Dec-2022 19:49:49 GMT
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
content-type: image/gif
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
mc.yandex.ru/watch/49415098/1?page-url=https%3A%2F%2Fxfantazy.com%2Fvideo%2F62b0468413dbbc05e42a40cf&charset=utf-8&hittoken=1671565789_ab9e7a08f4f94617bd4389f9b32e2420f6fa721a266e776f19de9fc30ac06a90&browser-info=pa%3A1%3Aar%3A1%3Avf%3A14qzoz81s4a176hik6jd9j%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A951%3Acn%3A1%3Adp%3A0%3Als%3A594744706275%3Ahid%3A523738448%3Az%3A0%3Ai%3A20221220194957%3Aet%3A1671565797%3Ac%3A1%3Arn%3A384986292%3Arqn%3A5%3Au%3A1671565797558804053%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Aco%3A0%3Ans%3A1671565794371%3Anp%3ATGludXggeDg2XzY0%3Ast%3A1671565797&t=gdpr(14)mc(p-6)clc(0-0-0)rqnt(5)aw(1)ti(2)
93.158.134.119200 OK 43 B URL HTTP/2 mc.yandex.ru/watch/49415098/1?page-url=https%3A%2F%2Fxfantazy.com%2Fvideo%2F62b0468413dbbc05e42a40cf&charset=utf-8&hittoken=1671565789_ab9e7a08f4f94617bd4389f9b32e2420f6fa721a266e776f19de9fc30ac06a90&browser-info=pa%3A1%3Aar%3A1%3Avf%3A14qzoz81s4a176hik6jd9j%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A951%3Acn%3A1%3Adp%3A0%3Als%3A594744706275%3Ahid%3A523738448%3Az%3A0%3Ai%3A20221220194957%3Aet%3A1671565797%3Ac%3A1%3Arn%3A384986292%3Arqn%3A5%3Au%3A1671565797558804053%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Aco%3A0%3Ans%3A1671565794371%3Anp%3ATGludXggeDg2XzY0%3Ast%3A1671565797&t=gdpr(14)mc(p-6)clc(0-0-0)rqnt(5)aw(1)ti(2)
IP 93.158.134.119:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash df3e567d6f16d040326c7a0ea29a4f41
ea7df583983133b62712b5e73bffbcd45cc53736
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
POST /watch/49415098/1?page-url=https%3A%2F%2Fxfantazy.com%2Fvideo%2F62b0468413dbbc05e42a40cf&charset=utf-8&hittoken=1671565789_ab9e7a08f4f94617bd4389f9b32e2420f6fa721a266e776f19de9fc30ac06a90&browser-info=pa%3A1%3Aar%3A1%3Avf%3A14qzoz81s4a176hik6jd9j%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A951%3Acn%3A1%3Adp%3A0%3Als%3A594744706275%3Ahid%3A523738448%3Az%3A0%3Ai%3A20221220194957%3Aet%3A1671565797%3Ac%3A1%3Arn%3A384986292%3Arqn%3A5%3Au%3A1671565797558804053%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Aco%3A0%3Ans%3A1671565794371%3Anp%3ATGludXggeDg2XzY0%3Ast%3A1671565797&t=gdpr(14)mc(p-6)clc(0-0-0)rqnt(5)aw(1)ti(2) HTTP/1.1
Host: mc.yandex.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Content-Length: 98
Origin: https://xfantazy.com
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-length: 43
date: Tue, 20 Dec 2022 19:49:49 GMT
access-control-allow-origin: https://xfantazy.com
access-control-allow-credentials: true
pragma: no-cache
x-xss-protection: 1; mode=block
expires: Tue, 20-Dec-2022 19:49:49 GMT
last-modified: Tue, 20-Dec-2022 19:49:49 GMT
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
content-type: image/gif
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
mc.yandex.ru/watch/49415098/1?page-url=https%3A%2F%2Fxfantazy.com%2Fvideo%2F62b0468413dbbc05e42a40cf&charset=utf-8&hittoken=1671565789_ab9e7a08f4f94617bd4389f9b32e2420f6fa721a266e776f19de9fc30ac06a90&browser-info=pa%3A1%3Aar%3A1%3Avf%3A14qzoz81s4a176hik6jd9j%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A951%3Acn%3A1%3Adp%3A0%3Als%3A594744706275%3Ahid%3A523738448%3Az%3A0%3Ai%3A20221220194957%3Aet%3A1671565797%3Ac%3A1%3Arn%3A1043097261%3Arqn%3A4%3Au%3A1671565797558804053%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Aco%3A0%3Ans%3A1671565794371%3Ast%3A1671565797&t=gdpr(14)mc(p-6)clc(0-0-0)rqnt(4)aw(1)ti(2)
93.158.134.119200 OK 43 B URL HTTP/2 mc.yandex.ru/watch/49415098/1?page-url=https%3A%2F%2Fxfantazy.com%2Fvideo%2F62b0468413dbbc05e42a40cf&charset=utf-8&hittoken=1671565789_ab9e7a08f4f94617bd4389f9b32e2420f6fa721a266e776f19de9fc30ac06a90&browser-info=pa%3A1%3Aar%3A1%3Avf%3A14qzoz81s4a176hik6jd9j%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A951%3Acn%3A1%3Adp%3A0%3Als%3A594744706275%3Ahid%3A523738448%3Az%3A0%3Ai%3A20221220194957%3Aet%3A1671565797%3Ac%3A1%3Arn%3A1043097261%3Arqn%3A4%3Au%3A1671565797558804053%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Aco%3A0%3Ans%3A1671565794371%3Ast%3A1671565797&t=gdpr(14)mc(p-6)clc(0-0-0)rqnt(4)aw(1)ti(2)
IP 93.158.134.119:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash df3e567d6f16d040326c7a0ea29a4f41
ea7df583983133b62712b5e73bffbcd45cc53736
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
POST /watch/49415098/1?page-url=https%3A%2F%2Fxfantazy.com%2Fvideo%2F62b0468413dbbc05e42a40cf&charset=utf-8&hittoken=1671565789_ab9e7a08f4f94617bd4389f9b32e2420f6fa721a266e776f19de9fc30ac06a90&browser-info=pa%3A1%3Aar%3A1%3Avf%3A14qzoz81s4a176hik6jd9j%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A951%3Acn%3A1%3Adp%3A0%3Als%3A594744706275%3Ahid%3A523738448%3Az%3A0%3Ai%3A20221220194957%3Aet%3A1671565797%3Ac%3A1%3Arn%3A1043097261%3Arqn%3A4%3Au%3A1671565797558804053%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Aco%3A0%3Ans%3A1671565794371%3Ast%3A1671565797&t=gdpr(14)mc(p-6)clc(0-0-0)rqnt(4)aw(1)ti(2) HTTP/1.1
Host: mc.yandex.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Content-Length: 122
Origin: https://xfantazy.com
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-length: 43
date: Tue, 20 Dec 2022 19:49:49 GMT
access-control-allow-origin: https://xfantazy.com
access-control-allow-credentials: true
pragma: no-cache
x-xss-protection: 1; mode=block
expires: Tue, 20-Dec-2022 19:49:49 GMT
last-modified: Tue, 20-Dec-2022 19:49:49 GMT
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
content-type: image/gif
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
mc.yandex.ru/watch/49415098/1?page-url=https%3A%2F%2Fxfantazy.com%2Fvideo%2F62b0468413dbbc05e42a40cf&charset=utf-8&hittoken=1671565789_ab9e7a08f4f94617bd4389f9b32e2420f6fa721a266e776f19de9fc30ac06a90&browser-info=pa%3A1%3Aar%3A1%3Avf%3A14qzoz81s4a176hik6jd9j%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A951%3Acn%3A1%3Adp%3A0%3Als%3A594744706275%3Ahid%3A523738448%3Az%3A0%3Ai%3A20221220194957%3Aet%3A1671565797%3Ac%3A1%3Arn%3A475707431%3Arqn%3A3%3Au%3A1671565797558804053%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Aco%3A0%3Ans%3A1671565794371%3Ast%3A1671565797&t=gdpr(14)mc(p-6)clc(0-0-0)rqnt(3)aw(1)ti(2)
93.158.134.119200 OK 43 B URL HTTP/2 mc.yandex.ru/watch/49415098/1?page-url=https%3A%2F%2Fxfantazy.com%2Fvideo%2F62b0468413dbbc05e42a40cf&charset=utf-8&hittoken=1671565789_ab9e7a08f4f94617bd4389f9b32e2420f6fa721a266e776f19de9fc30ac06a90&browser-info=pa%3A1%3Aar%3A1%3Avf%3A14qzoz81s4a176hik6jd9j%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A951%3Acn%3A1%3Adp%3A0%3Als%3A594744706275%3Ahid%3A523738448%3Az%3A0%3Ai%3A20221220194957%3Aet%3A1671565797%3Ac%3A1%3Arn%3A475707431%3Arqn%3A3%3Au%3A1671565797558804053%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Aco%3A0%3Ans%3A1671565794371%3Ast%3A1671565797&t=gdpr(14)mc(p-6)clc(0-0-0)rqnt(3)aw(1)ti(2)
IP 93.158.134.119:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash df3e567d6f16d040326c7a0ea29a4f41
ea7df583983133b62712b5e73bffbcd45cc53736
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
POST /watch/49415098/1?page-url=https%3A%2F%2Fxfantazy.com%2Fvideo%2F62b0468413dbbc05e42a40cf&charset=utf-8&hittoken=1671565789_ab9e7a08f4f94617bd4389f9b32e2420f6fa721a266e776f19de9fc30ac06a90&browser-info=pa%3A1%3Aar%3A1%3Avf%3A14qzoz81s4a176hik6jd9j%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A951%3Acn%3A1%3Adp%3A0%3Als%3A594744706275%3Ahid%3A523738448%3Az%3A0%3Ai%3A20221220194957%3Aet%3A1671565797%3Ac%3A1%3Arn%3A475707431%3Arqn%3A3%3Au%3A1671565797558804053%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Aco%3A0%3Ans%3A1671565794371%3Ast%3A1671565797&t=gdpr(14)mc(p-6)clc(0-0-0)rqnt(3)aw(1)ti(2) HTTP/1.1
Host: mc.yandex.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Content-Length: 52
Origin: https://xfantazy.com
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-length: 43
date: Tue, 20 Dec 2022 19:49:49 GMT
access-control-allow-origin: https://xfantazy.com
access-control-allow-credentials: true
pragma: no-cache
x-xss-protection: 1; mode=block
expires: Tue, 20-Dec-2022 19:49:49 GMT
last-modified: Tue, 20-Dec-2022 19:49:49 GMT
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
content-type: image/gif
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
mc.yandex.ru/watch/49415098/1?page-url=https%3A%2F%2Fxfantazy.com%2Fvideo%2F62b0468413dbbc05e42a40cf&charset=utf-8&hittoken=1671565789_ab9e7a08f4f94617bd4389f9b32e2420f6fa721a266e776f19de9fc30ac06a90&browser-info=pa%3A1%3Aar%3A1%3Avf%3A14qzoz81s4a176hik6jd9j%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A951%3Acn%3A1%3Adp%3A0%3Als%3A594744706275%3Ahid%3A523738448%3Az%3A0%3Ai%3A20221220194957%3Aet%3A1671565797%3Ac%3A1%3Arn%3A306292572%3Arqn%3A6%3Au%3A1671565797558804053%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Aco%3A0%3Ans%3A1671565794371%3Ast%3A1671565797&t=gdpr(14)mc(p-6)clc(0-0-0)rqnt(6)aw(1)ti(2)
93.158.134.119200 OK 43 B URL HTTP/2 mc.yandex.ru/watch/49415098/1?page-url=https%3A%2F%2Fxfantazy.com%2Fvideo%2F62b0468413dbbc05e42a40cf&charset=utf-8&hittoken=1671565789_ab9e7a08f4f94617bd4389f9b32e2420f6fa721a266e776f19de9fc30ac06a90&browser-info=pa%3A1%3Aar%3A1%3Avf%3A14qzoz81s4a176hik6jd9j%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A951%3Acn%3A1%3Adp%3A0%3Als%3A594744706275%3Ahid%3A523738448%3Az%3A0%3Ai%3A20221220194957%3Aet%3A1671565797%3Ac%3A1%3Arn%3A306292572%3Arqn%3A6%3Au%3A1671565797558804053%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Aco%3A0%3Ans%3A1671565794371%3Ast%3A1671565797&t=gdpr(14)mc(p-6)clc(0-0-0)rqnt(6)aw(1)ti(2)
IP 93.158.134.119:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash df3e567d6f16d040326c7a0ea29a4f41
ea7df583983133b62712b5e73bffbcd45cc53736
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
POST /watch/49415098/1?page-url=https%3A%2F%2Fxfantazy.com%2Fvideo%2F62b0468413dbbc05e42a40cf&charset=utf-8&hittoken=1671565789_ab9e7a08f4f94617bd4389f9b32e2420f6fa721a266e776f19de9fc30ac06a90&browser-info=pa%3A1%3Aar%3A1%3Avf%3A14qzoz81s4a176hik6jd9j%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A951%3Acn%3A1%3Adp%3A0%3Als%3A594744706275%3Ahid%3A523738448%3Az%3A0%3Ai%3A20221220194957%3Aet%3A1671565797%3Ac%3A1%3Arn%3A306292572%3Arqn%3A6%3Au%3A1671565797558804053%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Aco%3A0%3Ans%3A1671565794371%3Ast%3A1671565797&t=gdpr(14)mc(p-6)clc(0-0-0)rqnt(6)aw(1)ti(2) HTTP/1.1
Host: mc.yandex.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Content-Length: 99
Origin: https://xfantazy.com
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-length: 43
date: Tue, 20 Dec 2022 19:49:49 GMT
access-control-allow-origin: https://xfantazy.com
access-control-allow-credentials: true
pragma: no-cache
x-xss-protection: 1; mode=block
expires: Tue, 20-Dec-2022 19:49:49 GMT
last-modified: Tue, 20-Dec-2022 19:49:49 GMT
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
content-type: image/gif
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash a549d0976b275d0cc76b6d9cc4e46b66
0b567314200077ab1330029f16bb145218a73e68
ce855b1e8322b8464acac100b26e0f87a2342caef775eb93997bc3a3af88c65c
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "CE855B1E8322B8464ACAC100B26E0F87A2342CAEF775EB93997BC3A3AF88C65C"
Last-Modified: Tue, 20 Dec 2022 07:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7053
Expires: Tue, 20 Dec 2022 21:47:22 GMT
Date: Tue, 20 Dec 2022 19:49:49 GMT
Connection: keep-alive
mc.yandex.ru/watch/49415098/1?page-url=https%3A%2F%2Fxfantazy.com%2Fvideo%2F62b0468413dbbc05e42a40cf&charset=utf-8&hittoken=1671565789_ab9e7a08f4f94617bd4389f9b32e2420f6fa721a266e776f19de9fc30ac06a90&browser-info=pa%3A1%3Aar%3A1%3Avf%3A14qzoz81s4a176hik6jd9j%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A951%3Acn%3A1%3Adp%3A0%3Als%3A594744706275%3Ahid%3A523738448%3Az%3A0%3Ai%3A20221220194957%3Aet%3A1671565797%3Ac%3A1%3Arn%3A955004320%3Arqn%3A7%3Au%3A1671565797558804053%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Aco%3A0%3Ans%3A1671565794371%3Anp%3ATGludXggeDg2XzY0%3Ast%3A1671565797&t=gdpr(14)mc(p-6)clc(0-0-0)rqnt(7)aw(1)ti(2)
93.158.134.119200 OK 43 B URL HTTP/2 mc.yandex.ru/watch/49415098/1?page-url=https%3A%2F%2Fxfantazy.com%2Fvideo%2F62b0468413dbbc05e42a40cf&charset=utf-8&hittoken=1671565789_ab9e7a08f4f94617bd4389f9b32e2420f6fa721a266e776f19de9fc30ac06a90&browser-info=pa%3A1%3Aar%3A1%3Avf%3A14qzoz81s4a176hik6jd9j%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A951%3Acn%3A1%3Adp%3A0%3Als%3A594744706275%3Ahid%3A523738448%3Az%3A0%3Ai%3A20221220194957%3Aet%3A1671565797%3Ac%3A1%3Arn%3A955004320%3Arqn%3A7%3Au%3A1671565797558804053%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Aco%3A0%3Ans%3A1671565794371%3Anp%3ATGludXggeDg2XzY0%3Ast%3A1671565797&t=gdpr(14)mc(p-6)clc(0-0-0)rqnt(7)aw(1)ti(2)
IP 93.158.134.119:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash df3e567d6f16d040326c7a0ea29a4f41
ea7df583983133b62712b5e73bffbcd45cc53736
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
POST /watch/49415098/1?page-url=https%3A%2F%2Fxfantazy.com%2Fvideo%2F62b0468413dbbc05e42a40cf&charset=utf-8&hittoken=1671565789_ab9e7a08f4f94617bd4389f9b32e2420f6fa721a266e776f19de9fc30ac06a90&browser-info=pa%3A1%3Aar%3A1%3Avf%3A14qzoz81s4a176hik6jd9j%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A951%3Acn%3A1%3Adp%3A0%3Als%3A594744706275%3Ahid%3A523738448%3Az%3A0%3Ai%3A20221220194957%3Aet%3A1671565797%3Ac%3A1%3Arn%3A955004320%3Arqn%3A7%3Au%3A1671565797558804053%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Aco%3A0%3Ans%3A1671565794371%3Anp%3ATGludXggeDg2XzY0%3Ast%3A1671565797&t=gdpr(14)mc(p-6)clc(0-0-0)rqnt(7)aw(1)ti(2) HTTP/1.1
Host: mc.yandex.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Content-Length: 98
Origin: https://xfantazy.com
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-length: 43
date: Tue, 20 Dec 2022 19:49:49 GMT
access-control-allow-origin: https://xfantazy.com
access-control-allow-credentials: true
pragma: no-cache
x-xss-protection: 1; mode=block
expires: Tue, 20-Dec-2022 19:49:49 GMT
last-modified: Tue, 20-Dec-2022 19:49:49 GMT
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
content-type: image/gif
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
ocsp.sca1b.amazontrust.com/
143.204.42.158200 OK 471 B URL HTTP/1.1 ocsp.sca1b.amazontrust.com/
IP 143.204.42.158:0
Hash 502a26f4fe5f556433adb9ed93ee7807
aa3edc436f00a8ffa84047e331d3a3ad2426372e
ec7f3dd2c9b4e2002fa5a999824ba674cb833a0964afc5525af8d554853599b7
POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=154810
Date: Tue, 20 Dec 2022 19:49:49 GMT
Etag: "63a1b91b-1d7"
Expires: Thu, 22 Dec 2022 14:49:59 GMT
Last-Modified: Tue, 20 Dec 2022 13:31:07 GMT
Server: ECS (nyb/1D27)
X-Cache: Miss from cloudfront
Via: 1.1 410f51195842d9b592b15d6588c36654.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: idKrd3P8MRTsk0PZmXabPItq-Eu0YipRYXs9CktFKxM0rT6JaRv45Q==
Age: 4732
simplewebanalysis.com/stats
3.71.139.39200 OK 40 B URL HTTP/2 simplewebanalysis.com/stats
IP 3.71.139.39:0
File type ASCII text, with no line terminators
Hash e472e2ce5cdb0a527096f3eda5beee08
55188f6dac02829e148b870aa17737fb559c6b0f
d7ff86032645d82d5f019cc14991d5a40ee3cf61c08f6a94c06b890a7c0634e9
GET /stats HTTP/1.1
Host: simplewebanalysis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://xfantazy.com
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Tue, 20 Dec 2022 19:49:49 GMT
content-type: text/html; charset=UTF-8
content-length: 40
server: fasthttp
access-control-allow-origin: https://xfantazy.com
access-control-allow-credentials: true
set-cookie: uid_id2=c8cb6601-adde-4b76-959d-d1191ba42faa:3:1; expires=Fri, 17 Dec 2032 19:49:49 GMT; secure; SameSite=None
X-Firefox-Spdy: h2
e1.o.lencr.org/
23.36.77.32200 OK 344 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 437842742f8b45e90ce947a3ad72e00f
9411d1a55f400af3fedc2020ab405fe9159d20d7
57fbdc61d28655e9f33f6ad08baafc9920e1a0f262581b21d357184a20480425
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 344
ETag: "57FBDC61D28655E9F33F6AD08BAAFC9920E1A0F262581B21D357184A20480425"
Last-Modified: Tue, 20 Dec 2022 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6208
Expires: Tue, 20 Dec 2022 21:33:17 GMT
Date: Tue, 20 Dec 2022 19:49:49 GMT
Connection: keep-alive
simplewebanalysis.com/stats
3.71.139.39200 OK 40 B URL HTTP/2 simplewebanalysis.com/stats
IP 3.71.139.39:0
File type ASCII text, with no line terminators
Hash aa1f601ee56b847a5875363196020768
deb65068301da4298d9a4769df52f973c45049ba
05081fafd23568cac48c4956130c4601b9a8be4adda8f2bc4aee8edf77efd482
GET /stats HTTP/1.1
Host: simplewebanalysis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://xfantazy.com
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Tue, 20 Dec 2022 19:49:49 GMT
content-type: text/html; charset=UTF-8
content-length: 40
server: fasthttp
access-control-allow-origin: https://xfantazy.com
access-control-allow-credentials: true
set-cookie: uid_id2=27a4c2bf-d80a-480d-bf88-2bc1a0499786:1:1; expires=Fri, 17 Dec 2032 19:49:49 GMT; secure; SameSite=None
X-Firefox-Spdy: h2
sponsorlustrestories.com/4d/0a/fc/4d0afc2425eea6b0cd5a468c9f8a69ed.js
173.233.137.52200 OK 29 kB URL HTTP/1.1 sponsorlustrestories.com/4d/0a/fc/4d0afc2425eea6b0cd5a468c9f8a69ed.js
IP 173.233.137.52:0
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (65536), with no line terminators
Hash 4b4f32501a7192f05865049f43c45f54
63768a35c1aadad5d8f3f564a77e4fe372366c66
b3fde255999cdb28806877113d435aabfe03cadac0612104765aa67e35a2f79d
Analyzer Verdict Alert quad9 Sinkholed
GET /4d/0a/fc/4d0afc2425eea6b0cd5a468c9f8a69ed.js HTTP/1.1
Host: sponsorlustrestories.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Tue, 20 Dec 2022 19:49:50 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 1ef2dc1b500d79a3a990c727a185ab1e
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 7290550935732ce5dcb7d8095865100a
a850cfa883f5873bde3a49bf1a707abf76bbda56
5f5ea8316b8f0d406438a393ee48306636df0dccadcab16942ae1b4de920db80
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "5F5EA8316B8F0D406438A393EE48306636DF0DCCADCAB16942AE1B4DE920DB80"
Last-Modified: Tue, 20 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2274
Expires: Tue, 20 Dec 2022 20:27:44 GMT
Date: Tue, 20 Dec 2022 19:49:50 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 30122411155084a21622f13ae9ef2724
679ee3e033ffe426c96d95a4c10fd40bf3e775a8
a79858aa7a6c5884ec843f6b7519f311be1c951440568d2483bac8938423e95b
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "A79858AA7A6C5884EC843F6B7519F311BE1C951440568D2483BAC8938423E95B"
Last-Modified: Tue, 20 Dec 2022 13:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12628
Expires: Tue, 20 Dec 2022 23:20:18 GMT
Date: Tue, 20 Dec 2022 19:49:50 GMT
Connection: keep-alive
sponsorlustrestories.com/sbar.json?key=a2f990f10476061c719d1c1aa3a2ecd2&uuid=c8cb6601-adde-4b76-959d-d1191ba42faa%3A3%3A1
173.233.137.52200 OK 4.9 kB URL HTTP/1.1 sponsorlustrestories.com/sbar.json?key=a2f990f10476061c719d1c1aa3a2ecd2&uuid=c8cb6601-adde-4b76-959d-d1191ba42faa%3A3%3A1
IP 173.233.137.52:0
File type JSON data\012- , Unicode text, UTF-8 text, with very long lines (7051), with no line terminators
Hash e80f95c19ff207772a76db17eb4292f9
438d3d02846394df137570c0ab2bf6b02c98f8f3
f046eaf4a9636f4d17d2e058aaa59ea7ede8756e1b26b493501d349fbae3782f
Analyzer Verdict Alert quad9 Sinkholed
GET /sbar.json?key=a2f990f10476061c719d1c1aa3a2ecd2&uuid=c8cb6601-adde-4b76-959d-d1191ba42faa%3A3%3A1 HTTP/1.1
Host: sponsorlustrestories.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://xfantazy.com
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Tue, 20 Dec 2022 19:49:50 GMT
Content-Type: text/plain; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: https://xfantazy.com
Access-Control-Allow-Origin: https://xfantazy.com
Access-Control-Allow-Credentials: true
Set-Cookie: u_pl=15600826; expires=Wed, 21 Dec 2022 19:49:50 GMT; secure; SameSite=None
uid_id2=c8cb6601-adde-4b76-959d-d1191ba42faa:3:1; expires=Tue, 27 Dec 2022 19:49:50 GMT; secure; SameSite=None
pdhtkv=true; expires=Wed, 21 Dec 2022 19:49:50 GMT; secure; SameSite=None
uncs=1; expires=Wed, 21 Dec 2022 19:49:50 GMT; secure; SameSite=None
pdhtkv29=true; expires=Wed, 21 Dec 2022 19:49:50 GMT; secure; SameSite=None
uncs29=1; expires=Wed, 21 Dec 2022 19:49:50 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 89edf4f49d04d4b66906ad52232f04ed
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
kinripen.com/pixel/purst?dl=0&th=0&sc=0&rs=3154&rd=3154&fd=526&bv=22.10.v.10&tmpl=136
173.233.137.52200 OK 0 B URL HTTP/1.1 kinripen.com/pixel/purst?dl=0&th=0&sc=0&rs=3154&rd=3154&fd=526&bv=22.10.v.10&tmpl=136
IP 173.233.137.52:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /pixel/purst?dl=0&th=0&sc=0&rs=3154&rd=3154&fd=526&bv=22.10.v.10&tmpl=136 HTTP/1.1
Host: kinripen.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Tue, 20 Dec 2022 19:49:50 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
repentbits.com/01/f7/5a/01f75a95a38a8db0a8e82d995253a076.js
173.233.139.164200 OK 29 kB URL HTTP/1.1 repentbits.com/01/f7/5a/01f75a95a38a8db0a8e82d995253a076.js
IP 173.233.139.164:0
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (65536), with no line terminators
Hash 5a0b8740c2c5ef030dbb1e859e3aa2ff
e11cc4da359c4dd1fd17f024c94b7ebd49fda54c
179429cc1dd7fc32eb6cb93aa694a37a6af2c1420f2b8058da8a605dbed439b9
Analyzer Verdict Alert quad9 Sinkholed
GET /01/f7/5a/01f75a95a38a8db0a8e82d995253a076.js HTTP/1.1
Host: repentbits.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Tue, 20 Dec 2022 19:49:50 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 07c00aeb92be8d658075c68dbaf9e216
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
sponsorlustrestories.com/ren.gif?sid=H4sIAAAAAAAC%2F6xUXWhcRRSe21ao%2BNdKX1SEC1dKBbOZe%2Fcvt6XENEnj0jQJSaTQlzJ3Zu5munN%2FuDN372ZFKK1IH1PxwTdvzqaN1dLaB0H8AdkoInnq9kG2YEDfFUEQfVJ2E6k%2BCD54HuZ8h2%2BG850f5s31dAdhSEl%2F4WzUFlKS0XIBm8fOiZBFmTLnlk0bF%2FAJ85wIK6UTZmtwJM3jNi4X8IvmDKeNaNTBNsY2ts3TIuF%2B1BodsiDiW65dcHGh5BTscglayT9jlRqgiAGsuYOeBsF6j6x8cxcE7UIYfDjFVUNH8UvTQSqJjhJoss1Xw0YYZSEED6GfGOCHm3u3IVI9hN7ZB1G4uVcBRM2NQQXgiR4yvrXBCzf3ZILXvL6r1JPAQ%2FDYY5A1u8BlFwTpAo2ugGD3EABlMDcPYXBjLkoysrrLkgHbQwd%2B%2FQVE1kMHvjsCYXD7lBQtcymSqRZRqKDl5yBaXRD1LsTpFui2ASLbAqovg2AIwiAHwfov0DHqVSrYHiGM8ZGSV62MuGWXjTDbdm2PlByfkGFrhOiC8Lsg%2BRoQtR9SZUAqDEh9A9LYgID1TVJ2fYyrvucXi2MlSmmxSGl5rMLKrFga8zGkdKB9DXS8BlSuAU0uQZxcgoa41kPo8gYk6RegVnJQzAClETRZDhlHkCkEGUGQCQSZRpA18%2BtMKkflN5hUqWfveWfPF%2FNOpOvr5Hqk6zxE6%2FEOOjzs2k%2BPfwIN3jeJ47su9m1cqlZwxaZV22U2tQkpEodT5oASOQi1D4gyoC166MhzP0A8GOXrf4BHtkDJLaDiEJD0eSBZp%2BpgICud0hiGdnir5ZNQk%2FZqgUYBsCiHWB8AvWqsyx30zFBH8dEfgdPtlw8%2B8TtdOPYAaJJDnORwUXyJoC6vdhajDG0sRplCd%2BdjLQLRJoPJLmmiOXr%2FDF%2FNooTVptTazQk6IAbw1jJXepaETIR1hT44JRjjyekooRx9XlPnuLeQqpVTaRKm8ezC5OlaECdcKRGFXSDiXus8UNFDBz%2F9bbizzy4VQSRbkKT9qRWt4%2BOjo1QK2ijEVDYKIQn4bjyuONEnixUXO85RwgT7C4uTZ6rMKU6RZul87QKGIN0e%2F%2Bh%2B6asHF6dARF2g8RvvWVZtcn7OsvqL%2F5JCr6SBFxIh%2F2uaoyKo65OCRuFNy1quLc9OW9ZnNZORuskTU642GpyROg9NJkLz53ff%2BviOZU1NL00u1haWa0Mp5pImiTZVLKTk2gw4M22MsTk3f8b0ojBVdyxrdmJxZvpC7ezEzLRl9V%2F5v8SDirfRnoGKECTyYezFBmRp3kkcb3scnvx60jw0AVL00ImnMpB8e%2Fzt9vczt4%2B8BsTLQfG%2FPXyI19VVqCcGEH1l%2BAU0kxyaMgci10Cl%2Bzs6TrbH7xeHBp40Op5MjA1PJvLa7s4q0Td52cc%2Bxw73fNfzqwQz1y%2B5HnFtXvXKxAatehQO7%2FwJAAD%2F%2FwEAAP%2F%2FoOQ26%2BQFAAA%3D
173.233.137.52200 OK 7 B URL HTTP/1.1 sponsorlustrestories.com/ren.gif?sid=H4sIAAAAAAAC%2F6xUXWhcRRSe21ao%2BNdKX1SEC1dKBbOZe%2Fcvt6XENEnj0jQJSaTQlzJ3Zu5munN%2FuDN372ZFKK1IH1PxwTdvzqaN1dLaB0H8AdkoInnq9kG2YEDfFUEQfVJ2E6k%2BCD54HuZ8h2%2BG850f5s31dAdhSEl%2F4WzUFlKS0XIBm8fOiZBFmTLnlk0bF%2FAJ85wIK6UTZmtwJM3jNi4X8IvmDKeNaNTBNsY2ts3TIuF%2B1BodsiDiW65dcHGh5BTscglayT9jlRqgiAGsuYOeBsF6j6x8cxcE7UIYfDjFVUNH8UvTQSqJjhJoss1Xw0YYZSEED6GfGOCHm3u3IVI9hN7ZB1G4uVcBRM2NQQXgiR4yvrXBCzf3ZILXvL6r1JPAQ%2FDYY5A1u8BlFwTpAo2ugGD3EABlMDcPYXBjLkoysrrLkgHbQwd%2B%2FQVE1kMHvjsCYXD7lBQtcymSqRZRqKDl5yBaXRD1LsTpFui2ASLbAqovg2AIwiAHwfov0DHqVSrYHiGM8ZGSV62MuGWXjTDbdm2PlByfkGFrhOiC8Lsg%2BRoQtR9SZUAqDEh9A9LYgID1TVJ2fYyrvucXi2MlSmmxSGl5rMLKrFga8zGkdKB9DXS8BlSuAU0uQZxcgoa41kPo8gYk6RegVnJQzAClETRZDhlHkCkEGUGQCQSZRpA18%2BtMKkflN5hUqWfveWfPF%2FNOpOvr5Hqk6zxE6%2FEOOjzs2k%2BPfwIN3jeJ47su9m1cqlZwxaZV22U2tQkpEodT5oASOQi1D4gyoC166MhzP0A8GOXrf4BHtkDJLaDiEJD0eSBZp%2BpgICud0hiGdnir5ZNQk%2FZqgUYBsCiHWB8AvWqsyx30zFBH8dEfgdPtlw8%2B8TtdOPYAaJJDnORwUXyJoC6vdhajDG0sRplCd%2BdjLQLRJoPJLmmiOXr%2FDF%2FNooTVptTazQk6IAbw1jJXepaETIR1hT44JRjjyekooRx9XlPnuLeQqpVTaRKm8ezC5OlaECdcKRGFXSDiXus8UNFDBz%2F9bbizzy4VQSRbkKT9qRWt4%2BOjo1QK2ijEVDYKIQn4bjyuONEnixUXO85RwgT7C4uTZ6rMKU6RZul87QKGIN0e%2F%2Bh%2B6asHF6dARF2g8RvvWVZtcn7OsvqL%2F5JCr6SBFxIh%2F2uaoyKo65OCRuFNy1quLc9OW9ZnNZORuskTU642GpyROg9NJkLz53ff%2BviOZU1NL00u1haWa0Mp5pImiTZVLKTk2gw4M22MsTk3f8b0ojBVdyxrdmJxZvpC7ezEzLRl9V%2F5v8SDirfRnoGKECTyYezFBmRp3kkcb3scnvx60jw0AVL00ImnMpB8e%2Fzt9vczt4%2B8BsTLQfG%2FPXyI19VVqCcGEH1l%2BAU0kxyaMgci10Cl%2Bzs6TrbH7xeHBp40Op5MjA1PJvLa7s4q0Td52cc%2Bxw73fNfzqwQz1y%2B5HnFtXvXKxAatehQO7%2FwJAAD%2F%2FwEAAP%2F%2FoOQ26%2BQFAAA%3D
IP 173.233.137.52:0
File type ASCII text, with no line terminators
Hash 132d6af1b46048b45cf86cdee7991d31
eb7007d03d59b65bc6da7e098c4d38fc6dfb6285
ab852e838deccd742a03ca81d4a8d75cf1a00b327db3eaf46bd7da6b6db9384c
Analyzer Verdict Alert quad9 Sinkholed
GET /ren.gif?sid=H4sIAAAAAAAC%2F6xUXWhcRRSe21ao%2BNdKX1SEC1dKBbOZe%2Fcvt6XENEnj0jQJSaTQlzJ3Zu5munN%2FuDN372ZFKK1IH1PxwTdvzqaN1dLaB0H8AdkoInnq9kG2YEDfFUEQfVJ2E6k%2BCD54HuZ8h2%2BG850f5s31dAdhSEl%2F4WzUFlKS0XIBm8fOiZBFmTLnlk0bF%2FAJ85wIK6UTZmtwJM3jNi4X8IvmDKeNaNTBNsY2ts3TIuF%2B1BodsiDiW65dcHGh5BTscglayT9jlRqgiAGsuYOeBsF6j6x8cxcE7UIYfDjFVUNH8UvTQSqJjhJoss1Xw0YYZSEED6GfGOCHm3u3IVI9hN7ZB1G4uVcBRM2NQQXgiR4yvrXBCzf3ZILXvL6r1JPAQ%2FDYY5A1u8BlFwTpAo2ugGD3EABlMDcPYXBjLkoysrrLkgHbQwd%2B%2FQVE1kMHvjsCYXD7lBQtcymSqRZRqKDl5yBaXRD1LsTpFui2ASLbAqovg2AIwiAHwfov0DHqVSrYHiGM8ZGSV62MuGWXjTDbdm2PlByfkGFrhOiC8Lsg%2BRoQtR9SZUAqDEh9A9LYgID1TVJ2fYyrvucXi2MlSmmxSGl5rMLKrFga8zGkdKB9DXS8BlSuAU0uQZxcgoa41kPo8gYk6RegVnJQzAClETRZDhlHkCkEGUGQCQSZRpA18%2BtMKkflN5hUqWfveWfPF%2FNOpOvr5Hqk6zxE6%2FEOOjzs2k%2BPfwIN3jeJ47su9m1cqlZwxaZV22U2tQkpEodT5oASOQi1D4gyoC166MhzP0A8GOXrf4BHtkDJLaDiEJD0eSBZp%2BpgICud0hiGdnir5ZNQk%2FZqgUYBsCiHWB8AvWqsyx30zFBH8dEfgdPtlw8%2B8TtdOPYAaJJDnORwUXyJoC6vdhajDG0sRplCd%2BdjLQLRJoPJLmmiOXr%2FDF%2FNooTVptTazQk6IAbw1jJXepaETIR1hT44JRjjyekooRx9XlPnuLeQqpVTaRKm8ezC5OlaECdcKRGFXSDiXus8UNFDBz%2F9bbizzy4VQSRbkKT9qRWt4%2BOjo1QK2ijEVDYKIQn4bjyuONEnixUXO85RwgT7C4uTZ6rMKU6RZul87QKGIN0e%2F%2Bh%2B6asHF6dARF2g8RvvWVZtcn7OsvqL%2F5JCr6SBFxIh%2F2uaoyKo65OCRuFNy1quLc9OW9ZnNZORuskTU642GpyROg9NJkLz53ff%2BviOZU1NL00u1haWa0Mp5pImiTZVLKTk2gw4M22MsTk3f8b0ojBVdyxrdmJxZvpC7ezEzLRl9V%2F5v8SDirfRnoGKECTyYezFBmRp3kkcb3scnvx60jw0AVL00ImnMpB8e%2Fzt9vczt4%2B8BsTLQfG%2FPXyI19VVqCcGEH1l%2BAU0kxyaMgci10Cl%2Bzs6TrbH7xeHBp40Op5MjA1PJvLa7s4q0Td52cc%2Bxw73fNfzqwQz1y%2B5HnFtXvXKxAatehQO7%2FwJAAD%2F%2FwEAAP%2F%2FoOQ26%2BQFAAA%3D HTTP/1.1
Host: sponsorlustrestories.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Cookie: u_pl=15600826; uid_id2=c8cb6601-adde-4b76-959d-d1191ba42faa:3:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Tue, 20 Dec 2022 19:49:50 GMT
Content-Type: image/gif
Content-Length: 7
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 0092514c50510562224badf803b067df
Strict-Transport-Security: max-age=0; includeSubdomains
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 91c73ec56d1a54a21d0f236f65d6a34a
c5fa91186ffb20e04f40bc3eff3553b461258d69
035c37aebb2136ee7828c50798fe559d40d216b07f43cb454a6f9090f90fd4c7
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "035C37AEBB2136EE7828C50798FE559D40D216B07F43CB454A6F9090F90FD4C7"
Last-Modified: Tue, 20 Dec 2022 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5722
Expires: Tue, 20 Dec 2022 21:25:12 GMT
Date: Tue, 20 Dec 2022 19:49:50 GMT
Connection: keep-alive
repentbits.com/pixel/purst?dl=0&th=0&sc=0&rs=3621&rd=3621&fd=813&bv=22.10.v.10&tmpl=136
173.233.139.164200 OK 0 B URL HTTP/1.1 repentbits.com/pixel/purst?dl=0&th=0&sc=0&rs=3621&rd=3621&fd=813&bv=22.10.v.10&tmpl=136
IP 173.233.139.164:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /pixel/purst?dl=0&th=0&sc=0&rs=3621&rd=3621&fd=813&bv=22.10.v.10&tmpl=136 HTTP/1.1
Host: repentbits.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Tue, 20 Dec 2022 19:49:50 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
friendshipmale.com/sfp.js
172.64.109.35200 OK 28 kB URL HTTP/2 friendshipmale.com/sfp.js
IP 172.64.109.35:0
File type Unicode text, UTF-8 text, with very long lines (65529), with no line terminators
Hash b6d45b350d59a9904d9a070838aacbf3
859d13350e29c00422fdb80d10b58af8416ff819
7f2a71e943d094465f99cb5e0fda552329b9f0819d9388a54008ff34f8b781f1
GET /sfp.js HTTP/1.1
Host: friendshipmale.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Tue, 20 Dec 2022 19:49:49 GMT
content-type: application/javascript; charset=utf-8
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
access-control-allow-origin: *
expires: Thu, 01 Jan 1970 00:00:01 GMT
cache-control: max-age=14400
x-request-id: 3760361ef1bf1981861a5c4d07b86ae8
strict-transport-security: max-age=0; includeSubdomains
cf-cache-status: EXPIRED
last-modified: Tue, 20 Dec 2022 19:49:49 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ToMT2amd60bsrlXCx9CIF6bD9K9aPxKVLRnX6O8bAXAhdsAy9Xn9yLn87zsHbJGe8C5in94Ch1h%2Fp6pvXCzL2J5%2F5lvb45Yo8Y0%2BZvZcjjp8r9Rop26nQZQzH1kSMBoebVWUEBw%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 77cae749daa20662-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
repentbits.com/sbar.json?key=21fe3950f412e026c33f1b6cee613eba&uuid=27a4c2bf-d80a-480d-bf88-2bc1a0499786%3A1%3A1
173.233.139.164200 OK 4.7 kB URL HTTP/1.1 repentbits.com/sbar.json?key=21fe3950f412e026c33f1b6cee613eba&uuid=27a4c2bf-d80a-480d-bf88-2bc1a0499786%3A1%3A1
IP 173.233.139.164:0
File type JSON data\012- , Unicode text, UTF-8 text, with very long lines (7143), with no line terminators
Hash 2248e8fc00d5923abe4aee9b590e8536
13aca33ebc666413731cbc7cec777779dba1043f
9bf6e8f6a1f03aa89015d74190808b92b04e74ad1a3bc24ba95eb0db2a2a2621
Analyzer Verdict Alert quad9 Sinkholed
GET /sbar.json?key=21fe3950f412e026c33f1b6cee613eba&uuid=27a4c2bf-d80a-480d-bf88-2bc1a0499786%3A1%3A1 HTTP/1.1
Host: repentbits.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://xfantazy.com
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Tue, 20 Dec 2022 19:49:50 GMT
Content-Type: text/plain; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: https://xfantazy.com
Access-Control-Allow-Origin: https://xfantazy.com
Access-Control-Allow-Credentials: true
Set-Cookie: u_pl=17661735; expires=Wed, 21 Dec 2022 19:49:50 GMT; secure; SameSite=None
uid_id2=27a4c2bf-d80a-480d-bf88-2bc1a0499786:1:1; expires=Tue, 27 Dec 2022 19:49:50 GMT; secure; SameSite=None
pdhtkv=true; expires=Wed, 21 Dec 2022 19:49:50 GMT; secure; SameSite=None
uncs=1; expires=Wed, 21 Dec 2022 19:49:50 GMT; secure; SameSite=None
pdhtkv29=true; expires=Wed, 21 Dec 2022 19:49:50 GMT; secure; SameSite=None
uncs29=1; expires=Wed, 21 Dec 2022 19:49:50 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 557c822cc833fad5445058af5d57d582
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
cdn.creative-bars1.com/sb/interstitial/rtb/default/3/img/close.png
172.64.109.13200 OK 49 kB URL HTTP/2 cdn.creative-bars1.com/sb/interstitial/rtb/default/3/img/close.png
IP 172.64.109.13:0
File type PNG image data, 2063 x 2063, 8-bit/color RGBA, non-interlaced\012- data
Hash c468e1d251e84cbbd9fd43f1bf756866
29512569a2da569797a545eb36c6176d6285a8da
b0da14eff7c6fe39d973148b55c51ee6ce3948e76e488c401eb6dca5dfbd1cd8
GET /sb/interstitial/rtb/default/3/img/close.png HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Tue, 20 Dec 2022 19:49:50 GMT
content-type: image/png
content-length: 48623
last-modified: Wed, 23 Jun 2021 13:33:23 GMT
etag: "60d33823-bdef"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 1346766
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=8reCLhrZ6NHPAfNG1qQPlf20%2B%2Bz3qjbk6BRKSpHE6UJFgw%2B%2FltjyStlz7FBwMzJFwYkm90kTlSMm%2F55uOaO5TLCOXcOEBOJ7W3piIHF3Ylbcd9DqfgKHVxP7Rwlj%2FVjG2kIwnYHU%2FjUE"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 77cae7517fdf23e4-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
e1.o.lencr.org/
23.36.77.32200 OK 345 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 6d55e24cd1b960ef0f4eb4ffd3dc939e
a64c90751e696e4fe05a7b2d43eca9e3635f72fc
a9c3675f2fe60b0483e1fb8ec012e02e879b7562904909af60660d1990028fd9
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "A9C3675F2FE60B0483E1FB8EC012E02E879B7562904909AF60660D1990028FD9"
Last-Modified: Tue, 20 Dec 2022 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=17277
Expires: Wed, 21 Dec 2022 00:37:48 GMT
Date: Tue, 20 Dec 2022 19:49:51 GMT
Connection: keep-alive
cdn.creative-bars1.com/sb/interstitial/rtb/default/3/css/animate.css
172.64.109.13200 OK 4.9 kB URL HTTP/2 cdn.creative-bars1.com/sb/interstitial/rtb/default/3/css/animate.css
IP 172.64.109.13:0
Hash 61855a8c3552b95c1485f3e4b31b18f2
7c6af9a2d594bffc30cfdafbdfe7f3ff2f9f4c12
6a81511fba44103cb083c2dc119fa881f1d717b2c1e0952491075946f7e03b1d
GET /sb/interstitial/rtb/default/3/css/animate.css HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://xfantazy.com
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Tue, 20 Dec 2022 19:49:50 GMT
content-type: text/css
last-modified: Wed, 23 Jun 2021 13:33:20 GMT
etag: W/"60d33820-13591"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 1342315
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Ogo7rNSJ0CzuI%2BSGymeRUAoMCQB1zGGd5OvvD1waV7IGSbxjptRqHVRZfgyfhYi%2BcdjlX1IrA6Gw3veNZ5NDmpOOEOYmKgD1QK8YCqUsXU7Tp7rtFqdpyH2bFO79lQgbMYhIMe0%2BSaMR"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 77cae7515fa723e4-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
a.naturalhealthsource.club/api/spots/391865?host=xfantazy.com&ev=197&wh=939&ww=1280&uuid=
135.181.208.216200 OK 567 B URL HTTP/2 a.naturalhealthsource.club/api/spots/391865?host=xfantazy.com&ev=197&wh=939&ww=1280&uuid=
IP 135.181.208.216:0
ASN #24940 Hetzner Online GmbH
Hash 0827cf587bb7bf4fcb7a8eb319baca1b
d2c386ce2ee6324a26f0587efe1a0d8c92a13d1b
ca77a4cecf50f7d39d4b7262c824a924d8dd9c7895e9eae71b77c157c2ecaa26
GET /api/spots/391865?host=xfantazy.com&ev=197&wh=939&ww=1280&uuid= HTTP/1.1
Host: a.naturalhealthsource.club
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 20 Dec 2022 19:49:50 GMT
content-type: text/javascript; charset=utf-8
vary: Accept-Encoding
set-cookie: nauid=eiltJCdfI2I9Da33tFah; Path=/; Expires=Wed, 11 Nov 2037 11:11:11 GMT; Secure; SameSite=None
cache-control: private
content-encoding: gzip
X-Firefox-Spdy: h2
cdn.barscreative1.com/sb/interstitial/rtb/default/3/index.html
45.133.44.3200 OK 1.1 kB URL HTTP/2 cdn.barscreative1.com/sb/interstitial/rtb/default/3/index.html
IP 45.133.44.3:0
ASN #39572 DataWeb Global Group B.V.
Hash f090fed145c684db94ee5adb2a44e60d
fe39a682b502609d6f942ecfac746dc52c20b4b8
ad1b12f8a706285459310a509b2f45e7e11c7accc31bb9407c090dd677d165fb
GET /sb/interstitial/rtb/default/3/index.html HTTP/1.1
Host: cdn.barscreative1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://xfantazy.com
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Tue, 20 Dec 2022 19:49:50 GMT
content-type: text/html; charset=utf-8
server: nginx/1.17.6
last-modified: Sat, 07 May 2022 03:21:27 GMT
etag: W/"6275e5b7-525"
cache-control: max-age=3600
access-control-allow-origin: *
access-control-expose-headers: Date
content-encoding: gzip
expires: Tue, 20 Dec 2022 20:49:50 GMT
x-proxy-cache: HIT
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 9280942f48b6d8af0882ac1f9a684dae
1998f517eb03d75b98b81b8fcc3de69b57faaad9
43e916ba35470cee4a823db0332214b20948fedd09350f83aa0376d902a4926b
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 20 Dec 2022 19:49:51 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
a.naturalhealthsource.club/api/spots/391868?host=xfantazy.com&ev=197&wh=939&ww=1280&uuid=
135.181.208.216200 OK 536 B URL HTTP/2 a.naturalhealthsource.club/api/spots/391868?host=xfantazy.com&ev=197&wh=939&ww=1280&uuid=
IP 135.181.208.216:0
ASN #24940 Hetzner Online GmbH
Hash c6923e758e1178a1318a18bc77297ff7
4dfe9f13ed208dbe2339275cdbc294d08114e37f
f6718309959385f845db68b2aa1518d3bd416bad98030db51bf492c57b8ef7be
GET /api/spots/391868?host=xfantazy.com&ev=197&wh=939&ww=1280&uuid= HTTP/1.1
Host: a.naturalhealthsource.club
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 20 Dec 2022 19:49:50 GMT
content-type: text/javascript; charset=utf-8
vary: Accept-Encoding
set-cookie: nauid=9OhGMPFV0Y2ECATb2TOw; Path=/; Expires=Wed, 11 Nov 2037 11:11:11 GMT; Secure; SameSite=None
cache-control: private
content-encoding: gzip
X-Firefox-Spdy: h2
click.pclk.name/thumbnail?seat=369022&adid=369022&i=K7d23Dav4ZI_0&imgt=icon
173.239.53.24302 Found 0 B URL HTTP/1.1 click.pclk.name/thumbnail?seat=369022&adid=369022&i=K7d23Dav4ZI_0&imgt=icon
IP 173.239.53.24:0
ASN #27257 WEBAIR-INTERNET
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /thumbnail?seat=369022&adid=369022&i=K7d23Dav4ZI_0&imgt=icon HTTP/1.1
Host: click.pclk.name
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
HTTP/1.1 302 Found
Cache-Control: no-store
Content-Length: 0
Age: 0
Connection: keep-alive
Location: https://us.doctorpost.net/metrics/save.img?event=impressions&bid-id=v2-1671565790265-7-8077-1178228-6277d85a-4a0c-f8a6-299a-6014260c161c&img=https%3A%2F%2Ftrack.trackingtraffo.com%2Fpush%2Fic%3Fauth%3Dpz6u78%26c%3Dnnc6u3oLhM1yDLMzdOaVSPtVxEcuE4i2SSdFm50wMxlqZ8e3hjD-tR3oLqtv0soSum44KKUKFTOW0CziXh_ybXMFZy4VlBZX-ebR77-jBBSqn5cbTmSjPbnUn6C6vDr2eaXZwiHrZOHbDaZ4XSi940Xpr1PdrNhQhoFOw5_R9DMczPBuftWyLbvrbr7qs7dAfKpy0ESFmioFA9IozYcMKfTz0Q-DKh5igy35TPy8CwCFkj0q72G63NXiDEdlLEppeQFuI9IWrr4420l4fsBERYRaffvWK3xA19epF7he__Vl0E_wfXUF5p1bYLVTjazynR1G7G1ob8Dw0sSXQhjgvHDUWPw2Lb_2ChHRJMHYcU_mxA7NLqk71dMF-VDtuZa-gyKZoXtP1OBcP8rSW37YORg2x5CM5Ssl-NYyOufT6DOIcoTWx9HIJRvHU1WTyP4b5en3wcSMqUTAIVC2O2Yss0H4Sk2UvYiINh_OmbXdBIcetJUjBR0qmYdAWVz8JvRv0n9x75qg7BFIPPaytq0VLGDY-zFwwMuQKsZhh7rrQE3eNMO8ZNlbEHCvdFoXyyPAFabPXonnJpvBSqTtqdmi79WVsPLQEJ3r9URrm5Z1xxXCdf8J
Pragma: no-cache
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 9280942f48b6d8af0882ac1f9a684dae
1998f517eb03d75b98b81b8fcc3de69b57faaad9
43e916ba35470cee4a823db0332214b20948fedd09350f83aa0376d902a4926b
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 20 Dec 2022 19:49:51 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
cdn.creative-bars1.com/sb/interstitial/rtb/default/3/js/jquery-3.2.1.min.js
172.64.109.13200 OK 151 kB URL HTTP/2 cdn.creative-bars1.com/sb/interstitial/rtb/default/3/js/jquery-3.2.1.min.js
IP 172.64.109.13:0
File type ASCII text, with very long lines (745)
Size 151 kB (150689 bytes)
Hash 5f1c3578ec103694f01dca00226b4c88
a327c3ec99e54c34ae34fcb9f43fed2429a87666
0a6670f51a0514e99b5e82ecf6fff796e194a8988772125c5eb116667b4af9f0
GET /sb/interstitial/rtb/default/3/js/jquery-3.2.1.min.js HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://xfantazy.com
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Tue, 20 Dec 2022 19:49:50 GMT
content-type: application/javascript
last-modified: Wed, 23 Jun 2021 13:33:25 GMT
etag: W/"60d33825-1fa27"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 1342315
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=g2Gj7UUjBoqHUVXdIBZve3et2VpTINVdD8VW6tmB9BAKSe6GiBD7pGc2cyPBPp%2FW8dhrpewv%2Fhf8MjvQr3Txi9Tdjpe%2BhK%2Fk10nqwdabEfYrjbhd1FsFek2ftc7dxt0IYzsYwdvZC6rc"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 77cae7515fae23e4-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
sponsorlustrestories.com/pixel/sbs?c=1
173.233.137.52200 OK 0 B URL HTTP/1.1 sponsorlustrestories.com/pixel/sbs?c=1
IP 173.233.137.52:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /pixel/sbs?c=1 HTTP/1.1
Host: sponsorlustrestories.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Cookie: u_pl=15600826; uid_id2=c8cb6601-adde-4b76-959d-d1191ba42faa:3:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Tue, 20 Dec 2022 19:49:51 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
sponsorlustrestories.com/impr.gif?sid=H4sIAAAAAAAC%2F6xUS2hdRRie01ao%2BGqlGxXhwJFSwdycx322lJgmabw0TUISKXRT5szMuZneOQ9m5txzExFKK9JlKi7cefLftLFaWrsQxAfIjSKSVW8XcgsGdK8IguhKuTeR6kJw4b%2BY%2F%2Fv5Zvi%2F%2F8G8uZ7uIBtS3J8%2FG69yIfBoqWCbx87xiMaZMmeXTMcu2CfMczwqF0%2BY7cEhW8cdu1SwXzSnGWnGo67t2LZjO%2BZpLlkQt0eHLPDkVs0p1OxC0S04pSK05T9jlRqgsAG0tYOeBk57jyx%2Fcxc46UIUfjjJVFPHyUtTYSqwjiW06OarUTOKswjChzCQBgTR5t5tiFUPoXf2QRxt7lUAcWtjUAH4vIeMbx3wo809meC3ru8q9QWwCHz6GGStLjDRBY67QOIrwOk9BEAozM5BFN6YjWWGV3ZZPGB76MCvvwDPeujAd0cgCm%2BfErxtLsYi1TyOFLSDHHi7C7zRhSTdAr1qAM%2B2gOjLwCmCKMyB0%2F4LpEr8ctl2RjClbKToV8ojtVKNjlDHqTk%2BLroBxsPWcN4FHnRBsDXAaj%2BkyoCUG5AGBqSJASHtm7hUC2y7EviB51WLhBDPI6RULdMS9YrVwIaUDLSvgU7WgIg1IPISJPISNPm1HkKXN0CmX4BazkFRA5RG0KI5ZAxBphBkGEHGEWQaQdbKr1OhXJXfoEKlvrPn3T3v5Z1YN9bx9Vg3WITWkx10eNi1nx7%2FBJqsb2I3qNXswLGLlbJddkjFqVGHOBh72GWEuqB4DlztA6wMWOU9dOS5HyAZjPL1P8DHW6DEFhB%2BCHD6POCsU3FtwMudYtWG1ehWO8CRxqsrBRKHQOMcEn0A9IqxLnbQM0Md3qM%2FAiPbLx984ncyf%2BwBEJlDInO4yL9E0BBXOwtxhjYW4kyhu3OJ5iFfxYPJLmqsGXr%2FDFvJYknrk2rt5jgZEAN4a4kpPYMjyqOGQh%2Bc4pQyeTqWhKHP6%2Boc8%2BdTtXwqlVGazMxPnK6HiWRK8TjqAub32ueB8B46%2BOlvw519dtEDLrdApv3JZa2T46OjRHDSLCRENAsRDtluPKYY1ie9cs123aOYcvoX5ifPVKjrTeJW8Xz9gg1huj320f3iVw8uTgKPu0CSN96zrPrE3Kxl9Rf%2BJYVeTkM%2Fwlz81zRHedjQJzmJo5uWtVRfmpmyrM%2FqJsUNk0lTrDSbjOIGi0zKI%2FPnd9%2F6%2BI5lTU4tTizU55fqQynmosZSmyrhQjBthoyajm3b5uzcGdOPo1TdsayZ8YXpqQv1s%2BPTU5bVf%2BX%2FEg8q2UZ7BipGIMXD2E8MyNK8I11%2Fewye%2FHrCPDQOgvfQiacyEGx77O3V76dvH3kNsJ%2BDYn97%2BBCvq6vQkAZgfWX4BbRkDi2RAxZroNL9HZ3I7bH73tDAF0bHF9LY8IUU13Z3VvG%2BWXKKrOpXK4RSnxHqVFyv6tm2S2mxUmNODbTqETi88ycAAAD%2F%2FwEAAP%2F%2FtOy4DeQFAAA%3D
173.233.137.52200 OK 7 B URL HTTP/1.1 sponsorlustrestories.com/impr.gif?sid=H4sIAAAAAAAC%2F6xUS2hdRRie01ao%2BGqlGxXhwJFSwdycx322lJgmabw0TUISKXRT5szMuZneOQ9m5txzExFKK9JlKi7cefLftLFaWrsQxAfIjSKSVW8XcgsGdK8IguhKuTeR6kJw4b%2BY%2F%2Fv5Zvi%2F%2F8G8uZ7uIBtS3J8%2FG69yIfBoqWCbx87xiMaZMmeXTMcu2CfMczwqF0%2BY7cEhW8cdu1SwXzSnGWnGo67t2LZjO%2BZpLlkQt0eHLPDkVs0p1OxC0S04pSK05T9jlRqgsAG0tYOeBk57jyx%2Fcxc46UIUfjjJVFPHyUtTYSqwjiW06OarUTOKswjChzCQBgTR5t5tiFUPoXf2QRxt7lUAcWtjUAH4vIeMbx3wo809meC3ru8q9QWwCHz6GGStLjDRBY67QOIrwOk9BEAozM5BFN6YjWWGV3ZZPGB76MCvvwDPeujAd0cgCm%2BfErxtLsYi1TyOFLSDHHi7C7zRhSTdAr1qAM%2B2gOjLwCmCKMyB0%2F4LpEr8ctl2RjClbKToV8ojtVKNjlDHqTk%2BLroBxsPWcN4FHnRBsDXAaj%2BkyoCUG5AGBqSJASHtm7hUC2y7EviB51WLhBDPI6RULdMS9YrVwIaUDLSvgU7WgIg1IPISJPISNPm1HkKXN0CmX4BazkFRA5RG0KI5ZAxBphBkGEHGEWQaQdbKr1OhXJXfoEKlvrPn3T3v5Z1YN9bx9Vg3WITWkx10eNi1nx7%2FBJqsb2I3qNXswLGLlbJddkjFqVGHOBh72GWEuqB4DlztA6wMWOU9dOS5HyAZjPL1P8DHW6DEFhB%2BCHD6POCsU3FtwMudYtWG1ehWO8CRxqsrBRKHQOMcEn0A9IqxLnbQM0Md3qM%2FAiPbLx984ncyf%2BwBEJlDInO4yL9E0BBXOwtxhjYW4kyhu3OJ5iFfxYPJLmqsGXr%2FDFvJYknrk2rt5jgZEAN4a4kpPYMjyqOGQh%2Bc4pQyeTqWhKHP6%2Boc8%2BdTtXwqlVGazMxPnK6HiWRK8TjqAub32ueB8B46%2BOlvw519dtEDLrdApv3JZa2T46OjRHDSLCRENAsRDtluPKYY1ie9cs123aOYcvoX5ifPVKjrTeJW8Xz9gg1huj320f3iVw8uTgKPu0CSN96zrPrE3Kxl9Rf%2BJYVeTkM%2Fwlz81zRHedjQJzmJo5uWtVRfmpmyrM%2FqJsUNk0lTrDSbjOIGi0zKI%2FPnd9%2F6%2BI5lTU4tTizU55fqQynmosZSmyrhQjBthoyajm3b5uzcGdOPo1TdsayZ8YXpqQv1s%2BPTU5bVf%2BX%2FEg8q2UZ7BipGIMXD2E8MyNK8I11%2Fewye%2FHrCPDQOgvfQiacyEGx77O3V76dvH3kNsJ%2BDYn97%2BBCvq6vQkAZgfWX4BbRkDi2RAxZroNL9HZ3I7bH73tDAF0bHF9LY8IUU13Z3VvG%2BWXKKrOpXK4RSnxHqVFyv6tm2S2mxUmNODbTqETi88ycAAAD%2F%2FwEAAP%2F%2FtOy4DeQFAAA%3D
IP 173.233.137.52:0
File type ASCII text, with no line terminators
Hash 132d6af1b46048b45cf86cdee7991d31
eb7007d03d59b65bc6da7e098c4d38fc6dfb6285
ab852e838deccd742a03ca81d4a8d75cf1a00b327db3eaf46bd7da6b6db9384c
Analyzer Verdict Alert quad9 Sinkholed
GET /impr.gif?sid=H4sIAAAAAAAC%2F6xUS2hdRRie01ao%2BGqlGxXhwJFSwdycx322lJgmabw0TUISKXRT5szMuZneOQ9m5txzExFKK9JlKi7cefLftLFaWrsQxAfIjSKSVW8XcgsGdK8IguhKuTeR6kJw4b%2BY%2F%2Fv5Zvi%2F%2F8G8uZ7uIBtS3J8%2FG69yIfBoqWCbx87xiMaZMmeXTMcu2CfMczwqF0%2BY7cEhW8cdu1SwXzSnGWnGo67t2LZjO%2BZpLlkQt0eHLPDkVs0p1OxC0S04pSK05T9jlRqgsAG0tYOeBk57jyx%2Fcxc46UIUfjjJVFPHyUtTYSqwjiW06OarUTOKswjChzCQBgTR5t5tiFUPoXf2QRxt7lUAcWtjUAH4vIeMbx3wo809meC3ru8q9QWwCHz6GGStLjDRBY67QOIrwOk9BEAozM5BFN6YjWWGV3ZZPGB76MCvvwDPeujAd0cgCm%2BfErxtLsYi1TyOFLSDHHi7C7zRhSTdAr1qAM%2B2gOjLwCmCKMyB0%2F4LpEr8ctl2RjClbKToV8ojtVKNjlDHqTk%2BLroBxsPWcN4FHnRBsDXAaj%2BkyoCUG5AGBqSJASHtm7hUC2y7EviB51WLhBDPI6RULdMS9YrVwIaUDLSvgU7WgIg1IPISJPISNPm1HkKXN0CmX4BazkFRA5RG0KI5ZAxBphBkGEHGEWQaQdbKr1OhXJXfoEKlvrPn3T3v5Z1YN9bx9Vg3WITWkx10eNi1nx7%2FBJqsb2I3qNXswLGLlbJddkjFqVGHOBh72GWEuqB4DlztA6wMWOU9dOS5HyAZjPL1P8DHW6DEFhB%2BCHD6POCsU3FtwMudYtWG1ehWO8CRxqsrBRKHQOMcEn0A9IqxLnbQM0Md3qM%2FAiPbLx984ncyf%2BwBEJlDInO4yL9E0BBXOwtxhjYW4kyhu3OJ5iFfxYPJLmqsGXr%2FDFvJYknrk2rt5jgZEAN4a4kpPYMjyqOGQh%2Bc4pQyeTqWhKHP6%2Boc8%2BdTtXwqlVGazMxPnK6HiWRK8TjqAub32ueB8B46%2BOlvw519dtEDLrdApv3JZa2T46OjRHDSLCRENAsRDtluPKYY1ie9cs123aOYcvoX5ifPVKjrTeJW8Xz9gg1huj320f3iVw8uTgKPu0CSN96zrPrE3Kxl9Rf%2BJYVeTkM%2Fwlz81zRHedjQJzmJo5uWtVRfmpmyrM%2FqJsUNk0lTrDSbjOIGi0zKI%2FPnd9%2F6%2BI5lTU4tTizU55fqQynmosZSmyrhQjBthoyajm3b5uzcGdOPo1TdsayZ8YXpqQv1s%2BPTU5bVf%2BX%2FEg8q2UZ7BipGIMXD2E8MyNK8I11%2Fewye%2FHrCPDQOgvfQiacyEGx77O3V76dvH3kNsJ%2BDYn97%2BBCvq6vQkAZgfWX4BbRkDi2RAxZroNL9HZ3I7bH73tDAF0bHF9LY8IUU13Z3VvG%2BWXKKrOpXK4RSnxHqVFyv6tm2S2mxUmNODbTqETi88ycAAAD%2F%2FwEAAP%2F%2FtOy4DeQFAAA%3D HTTP/1.1
Host: sponsorlustrestories.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Cookie: u_pl=15600826; uid_id2=c8cb6601-adde-4b76-959d-d1191ba42faa:3:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Tue, 20 Dec 2022 19:49:51 GMT
Content-Type: image/gif
Content-Length: 7
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 3dac29eb473a41397085ef7d82f5938c
Strict-Transport-Security: max-age=0; includeSubdomains
click.pclk.name/thumbnail?seat=369022&adid=369022&i=dWAe9HkDQDQ_0&imgt=icon
173.239.53.24302 Found 0 B URL HTTP/1.1 click.pclk.name/thumbnail?seat=369022&adid=369022&i=dWAe9HkDQDQ_0&imgt=icon
IP 173.239.53.24:0
ASN #27257 WEBAIR-INTERNET
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /thumbnail?seat=369022&adid=369022&i=dWAe9HkDQDQ_0&imgt=icon HTTP/1.1
Host: click.pclk.name
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
HTTP/1.1 302 Found
Cache-Control: no-store
Content-Length: 0
Age: 0
Connection: keep-alive
Location: https://us.doctorpost.net/metrics/save.img?event=impressions&bid-id=v2-1671565790687-7-8077-1178228-b9cdd0ab-9dea-1545-e2b7-a36c3c900042&img=https%3A%2F%2Ftrack.trackingtraffo.com%2Fpush%2Fic%3Fauth%3Dpz6u78%26c%3DB_ANSo3ojJy5i1TAzClNAuzBzuneDoiqnJGqwBr4C-SjroHekbEDw5c_G7CogU2CXUEAJ4aBPBMjbPdgxQD7gxkP-hbCphhkhb92ydegzA5Bmy1ntPele9ACfXSSbTnXgSn5KMyiEQ67NtfQq2H209Z2SyLn28wWon7VL5irjOoMMCFi7HXSN6xVvFqd0WeLD-7AvQpd6hsqCOyxpsK61AD8Ug8QncRNXnI7faOizf7gJ3RUexkDA07k64gG9prrflvNFl1mXXSQKWypjkf6_f9ciHZOgzaLHE1UmT7WxqNRMMtfIR5ksGKq3fvzu2rCIPK1DAFRWgTI9BPg_Wv3Zb4iHl7PI8uS23lUr_glFNNRVeX2XFf8M_sWZT96Sy1tqiqkidsh2NhjKHYqRJq2DcGjiBjyI3IMuun89Rf4mMaPDG2d986qOx6PM0TBznxWaiSqaTKzqiTQPkfyWPeZQC6F3rARomeqvggyVegOFYCIhuKE70e93Vq1tkeWVXMR5qq7pdMhyjrzK9jMxj7u_ho1DVMZknM1yNz7LMljtbepdbm_EkFiGN8ushuF4UbBsByevjNozIx2ZAVtPWEa_VRz0okVXsZHJcf5EkN3B4cN4rIv
Pragma: no-cache
ocsp.pki.goog/s/gts1p5/lwa0GjFbdPI
142.250.74.131200 OK 471 B URL HTTP/1.1 ocsp.pki.goog/s/gts1p5/lwa0GjFbdPI
IP 142.250.74.131:0
Hash a9c02346ebe8d87ebe2289b21e4ef086
ccb5a9707317a03e0aedfa858531af2e1aaf1623
98778a6bdf0dff5d55964fdaa7fe8a46d75b556964523014c2c83dc0d1bcd154
POST /s/gts1p5/lwa0GjFbdPI HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 20 Dec 2022 19:49:51 GMT
Cache-Control: public, max-age=14400
Server: scaffolding on HTTPServer2
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/s/gts1p5/lwa0GjFbdPI
142.250.74.131200 OK 471 B URL HTTP/1.1 ocsp.pki.goog/s/gts1p5/lwa0GjFbdPI
IP 142.250.74.131:0
Hash a9c02346ebe8d87ebe2289b21e4ef086
ccb5a9707317a03e0aedfa858531af2e1aaf1623
98778a6bdf0dff5d55964fdaa7fe8a46d75b556964523014c2c83dc0d1bcd154
POST /s/gts1p5/lwa0GjFbdPI HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 20 Dec 2022 19:49:51 GMT
Cache-Control: public, max-age=14400
Server: scaffolding on HTTPServer2
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
mc.yandex.ru/watch/49415098/1?page-url=https%3A%2F%2Fxfantazy.com%2Fvideo%2F62b0468413dbbc05e42a40cf&charset=utf-8&hittoken=1671565789_ab9e7a08f4f94617bd4389f9b32e2420f6fa721a266e776f19de9fc30ac06a90&browser-info=pa%3A1%3Aar%3A1%3Avf%3A14qzoz81s4a176hik6jd9j%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A951%3Acn%3A1%3Adp%3A0%3Als%3A594744706275%3Ahid%3A523738448%3Az%3A0%3Ai%3A20221220194958%3Aet%3A1671565799%3Ac%3A1%3Arn%3A565146795%3Arqn%3A9%3Au%3A1671565797558804053%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Aco%3A0%3Aeu%3A1%3Ans%3A1671565794371%3Aadb%3A2%3Ast%3A1671565799&t=gdpr(14)mc(p-6-h-1)clc(0-0-0)rqnt(9)aw(1)ecs(1)ti(2)
93.158.134.119200 OK 43 B URL HTTP/2 mc.yandex.ru/watch/49415098/1?page-url=https%3A%2F%2Fxfantazy.com%2Fvideo%2F62b0468413dbbc05e42a40cf&charset=utf-8&hittoken=1671565789_ab9e7a08f4f94617bd4389f9b32e2420f6fa721a266e776f19de9fc30ac06a90&browser-info=pa%3A1%3Aar%3A1%3Avf%3A14qzoz81s4a176hik6jd9j%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A951%3Acn%3A1%3Adp%3A0%3Als%3A594744706275%3Ahid%3A523738448%3Az%3A0%3Ai%3A20221220194958%3Aet%3A1671565799%3Ac%3A1%3Arn%3A565146795%3Arqn%3A9%3Au%3A1671565797558804053%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Aco%3A0%3Aeu%3A1%3Ans%3A1671565794371%3Aadb%3A2%3Ast%3A1671565799&t=gdpr(14)mc(p-6-h-1)clc(0-0-0)rqnt(9)aw(1)ecs(1)ti(2)
IP 93.158.134.119:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash df3e567d6f16d040326c7a0ea29a4f41
ea7df583983133b62712b5e73bffbcd45cc53736
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
POST /watch/49415098/1?page-url=https%3A%2F%2Fxfantazy.com%2Fvideo%2F62b0468413dbbc05e42a40cf&charset=utf-8&hittoken=1671565789_ab9e7a08f4f94617bd4389f9b32e2420f6fa721a266e776f19de9fc30ac06a90&browser-info=pa%3A1%3Aar%3A1%3Avf%3A14qzoz81s4a176hik6jd9j%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A951%3Acn%3A1%3Adp%3A0%3Als%3A594744706275%3Ahid%3A523738448%3Az%3A0%3Ai%3A20221220194958%3Aet%3A1671565799%3Ac%3A1%3Arn%3A565146795%3Arqn%3A9%3Au%3A1671565797558804053%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Aco%3A0%3Aeu%3A1%3Ans%3A1671565794371%3Aadb%3A2%3Ast%3A1671565799&t=gdpr(14)mc(p-6-h-1)clc(0-0-0)rqnt(9)aw(1)ecs(1)ti(2) HTTP/1.1
Host: mc.yandex.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Content-Length: 39
Origin: https://xfantazy.com
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-length: 43
date: Tue, 20 Dec 2022 19:49:51 GMT
access-control-allow-origin: https://xfantazy.com
access-control-allow-credentials: true
pragma: no-cache
x-xss-protection: 1; mode=block
expires: Tue, 20-Dec-2022 19:49:51 GMT
last-modified: Tue, 20-Dec-2022 19:49:51 GMT
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
content-type: image/gif
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
parrecleftne.xyz/azYzRjQKVFArCwoLUWBBGVoOYwYtEwEAUFhCC3FbBFkDcA1cRgtoVwdZRiJSGVldMhoFU0djBi1jaQFcL1VfD3wpTwMTVjl3cQwEUkRmd1hdZGQidypcciJkKWRlDGY+XmYuXxF7AR9FJm5lE34DAn4gXyEGcAdfH3Bkf3cvZQMUVlpgfA9cMkFkEEwHdFoPeCoFBw5kKnd9DGYYDnIXTAd0SQhuKWVED3scUXYPWA9ReioFH2ddImM8cUAAexxZfgp1Pl5iEEQRfnAcdjxYfQJtAEZqHF8uZ2IQRBF0ZzV/M1hXHm04bH0lYSJHZipMBmdhBHY8WB4LdSFzdSR1AHhaE2ExTGR1UDxhcBdsJmcLDm4Ad2YQWANPYit+PWF7DGwycGIJfwx3AAdTCAFldHUCYWsIfA1wYQl6AA9ZYF4YWV02CQ1RQHBFG3cHCG1d
108.157.214.119200 OK 1.2 kB URL HTTP/2 parrecleftne.xyz/azYzRjQKVFArCwoLUWBBGVoOYwYtEwEAUFhCC3FbBFkDcA1cRgtoVwdZRiJSGVldMhoFU0djBi1jaQFcL1VfD3wpTwMTVjl3cQwEUkRmd1hdZGQidypcciJkKWRlDGY+XmYuXxF7AR9FJm5lE34DAn4gXyEGcAdfH3Bkf3cvZQMUVlpgfA9cMkFkEEwHdFoPeCoFBw5kKnd9DGYYDnIXTAd0SQhuKWVED3scUXYPWA9ReioFH2ddImM8cUAAexxZfgp1Pl5iEEQRfnAcdjxYfQJtAEZqHF8uZ2IQRBF0ZzV/M1hXHm04bH0lYSJHZipMBmdhBHY8WB4LdSFzdSR1AHhaE2ExTGR1UDxhcBdsJmcLDm4Ad2YQWANPYit+PWF7DGwycGIJfwx3AAdTCAFldHUCYWsIfA1wYQl6AA9ZYF4YWV02CQ1RQHBFG3cHCG1d
IP 108.157.214.119:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (3038), with no line terminators
Hash 3114e5cbd74ef9fda89570cbb9f5724f
33f560c61afc851d444c66afc30e8009091c8a95
29a8bd9375ac4db8ea92bf016cc7de55cd7fbb797302d9e44fc5bd05c7161af0
GET /azYzRjQKVFArCwoLUWBBGVoOYwYtEwEAUFhCC3FbBFkDcA1cRgtoVwdZRiJSGVldMhoFU0djBi1jaQFcL1VfD3wpTwMTVjl3cQwEUkRmd1hdZGQidypcciJkKWRlDGY+XmYuXxF7AR9FJm5lE34DAn4gXyEGcAdfH3Bkf3cvZQMUVlpgfA9cMkFkEEwHdFoPeCoFBw5kKnd9DGYYDnIXTAd0SQhuKWVED3scUXYPWA9ReioFH2ddImM8cUAAexxZfgp1Pl5iEEQRfnAcdjxYfQJtAEZqHF8uZ2IQRBF0ZzV/M1hXHm04bH0lYSJHZipMBmdhBHY8WB4LdSFzdSR1AHhaE2ExTGR1UDxhcBdsJmcLDm4Ad2YQWANPYit+PWF7DGwycGIJfwx3AAdTCAFldHUCYWsIfA1wYQl6AA9ZYF4YWV02CQ1RQHBFG3cHCG1d HTTP/1.1
Host: parrecleftne.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/html
content-length: 1189
date: Tue, 20 Dec 2022 19:49:51 GMT
server: openresty/1.17.8.2
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
content-encoding: gzip
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
x-cache: Miss from cloudfront
via: 1.1 0078c2805bf98a4574ea5eee972aa9f6.cloudfront.net (CloudFront)
x-amz-cf-pop: ARN56-P1
x-amz-cf-id: Jv3fj5AmFAbYcOCjaosPVNNaHMntrMwKxj0WeUscybXNYXhga_40Zg==
X-Firefox-Spdy: h2
mc.yandex.ru/watch/49415098/1?page-url=https%3A%2F%2Fxfantazy.com%2Fvideo%2F62b0468413dbbc05e42a40cf&charset=utf-8&hittoken=1671565789_ab9e7a08f4f94617bd4389f9b32e2420f6fa721a266e776f19de9fc30ac06a90&browser-info=pv%3A1%3Aar%3A1%3Avf%3A14qzoz81s4a176hik6jd9j%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A951%3Acn%3A1%3Adp%3A0%3Als%3A594744706275%3Ahid%3A523738448%3Az%3A0%3Ai%3A20221220194958%3Aet%3A1671565799%3Ac%3A1%3Arn%3A2940018%3Arqn%3A8%3Au%3A1671565797558804053%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Aco%3A0%3Aeu%3A1%3Ans%3A1671565794371%3Aadb%3A2%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1671565799%3At%3ALoverachelle2%20-%20Solo%2C%20Big%20Ass%2C%20%2C%20Big%20Butt%2C%20Girl%20%28Full%20HD%29%20-%20XFantazy.com&t=gdpr%2814%29mc%28p-6%29clc%280-0-0%29rqnt%288%29aw%281%29ecs%281%29fip%281%29ti%282%29
93.158.134.119200 OK 43 B URL HTTP/2 mc.yandex.ru/watch/49415098/1?page-url=https%3A%2F%2Fxfantazy.com%2Fvideo%2F62b0468413dbbc05e42a40cf&charset=utf-8&hittoken=1671565789_ab9e7a08f4f94617bd4389f9b32e2420f6fa721a266e776f19de9fc30ac06a90&browser-info=pv%3A1%3Aar%3A1%3Avf%3A14qzoz81s4a176hik6jd9j%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A951%3Acn%3A1%3Adp%3A0%3Als%3A594744706275%3Ahid%3A523738448%3Az%3A0%3Ai%3A20221220194958%3Aet%3A1671565799%3Ac%3A1%3Arn%3A2940018%3Arqn%3A8%3Au%3A1671565797558804053%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Aco%3A0%3Aeu%3A1%3Ans%3A1671565794371%3Aadb%3A2%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1671565799%3At%3ALoverachelle2%20-%20Solo%2C%20Big%20Ass%2C%20%2C%20Big%20Butt%2C%20Girl%20%28Full%20HD%29%20-%20XFantazy.com&t=gdpr%2814%29mc%28p-6%29clc%280-0-0%29rqnt%288%29aw%281%29ecs%281%29fip%281%29ti%282%29
IP 93.158.134.119:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash df3e567d6f16d040326c7a0ea29a4f41
ea7df583983133b62712b5e73bffbcd45cc53736
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
GET /watch/49415098/1?page-url=https%3A%2F%2Fxfantazy.com%2Fvideo%2F62b0468413dbbc05e42a40cf&charset=utf-8&hittoken=1671565789_ab9e7a08f4f94617bd4389f9b32e2420f6fa721a266e776f19de9fc30ac06a90&browser-info=pv%3A1%3Aar%3A1%3Avf%3A14qzoz81s4a176hik6jd9j%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A951%3Acn%3A1%3Adp%3A0%3Als%3A594744706275%3Ahid%3A523738448%3Az%3A0%3Ai%3A20221220194958%3Aet%3A1671565799%3Ac%3A1%3Arn%3A2940018%3Arqn%3A8%3Au%3A1671565797558804053%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Aco%3A0%3Aeu%3A1%3Ans%3A1671565794371%3Aadb%3A2%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1671565799%3At%3ALoverachelle2%20-%20Solo%2C%20Big%20Ass%2C%20%2C%20Big%20Butt%2C%20Girl%20%28Full%20HD%29%20-%20XFantazy.com&t=gdpr%2814%29mc%28p-6%29clc%280-0-0%29rqnt%288%29aw%281%29ecs%281%29fip%281%29ti%282%29 HTTP/1.1
Host: mc.yandex.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://xfantazy.com
Referer: https://xfantazy.com/
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-length: 43
date: Tue, 20 Dec 2022 19:49:51 GMT
access-control-allow-origin: https://xfantazy.com
access-control-allow-credentials: true
pragma: no-cache
x-xss-protection: 1; mode=block
expires: Tue, 20-Dec-2022 19:49:51 GMT
last-modified: Tue, 20-Dec-2022 19:49:51 GMT
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
content-type: image/gif
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
parrecleftne.xyz/M3I1RjFSEFYrDlJPV2BEQR4IYwN1VwcAVQAGDXFeXB0FcAgEAg1oUl8dQCJXQR1bMh9dF0FjA3UIbDx3RTxwNXBrFXMVVXEWbAVGXwtjF39VMG0qd2QKTSR7YT94AEZyEXIeCVIRTAsCYgtBMXpaNAAJSXpXBwB2ZSRmBHYDImAHd2cWXhBkciRRdGRbEXoTcl8XdxNdcTlZc1JyNwEvdQJCegNpWB53A3R2EFkDc2FCeC91ZSd0F0tbNXR3CFIiBR91awVjcWViNH4ERl81dHcIdztSdnlkCnNyeGEgUQR1fSR3E157MWAfdWtCbH9jVDtABGlHJX13HAsWVyp0cTFzA15wNAANc1RDZwdnBzdQd3hxKl0ABGZDVgFjWkZzHllQIFAVZHIqQgBdZgpWJ3JrHRMsQlwcRXtJByVPCER0GmE0dXcTdw5l
108.157.214.119200 OK 1.2 kB URL HTTP/2 parrecleftne.xyz/M3I1RjFSEFYrDlJPV2BEQR4IYwN1VwcAVQAGDXFeXB0FcAgEAg1oUl8dQCJXQR1bMh9dF0FjA3UIbDx3RTxwNXBrFXMVVXEWbAVGXwtjF39VMG0qd2QKTSR7YT94AEZyEXIeCVIRTAsCYgtBMXpaNAAJSXpXBwB2ZSRmBHYDImAHd2cWXhBkciRRdGRbEXoTcl8XdxNdcTlZc1JyNwEvdQJCegNpWB53A3R2EFkDc2FCeC91ZSd0F0tbNXR3CFIiBR91awVjcWViNH4ERl81dHcIdztSdnlkCnNyeGEgUQR1fSR3E157MWAfdWtCbH9jVDtABGlHJX13HAsWVyp0cTFzA15wNAANc1RDZwdnBzdQd3hxKl0ABGZDVgFjWkZzHllQIFAVZHIqQgBdZgpWJ3JrHRMsQlwcRXtJByVPCER0GmE0dXcTdw5l
IP 108.157.214.119:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (3030), with no line terminators
Hash 06cc64f4e122b766655b0be085bdaa34
bd7474b512b036a1f9723f1d8ec70a72b1701582
e86747f3357f90af6475f66e8e17ddfe1ce9e4d03286b7c1ccbd4c02d8c6b359
GET /M3I1RjFSEFYrDlJPV2BEQR4IYwN1VwcAVQAGDXFeXB0FcAgEAg1oUl8dQCJXQR1bMh9dF0FjA3UIbDx3RTxwNXBrFXMVVXEWbAVGXwtjF39VMG0qd2QKTSR7YT94AEZyEXIeCVIRTAsCYgtBMXpaNAAJSXpXBwB2ZSRmBHYDImAHd2cWXhBkciRRdGRbEXoTcl8XdxNdcTlZc1JyNwEvdQJCegNpWB53A3R2EFkDc2FCeC91ZSd0F0tbNXR3CFIiBR91awVjcWViNH4ERl81dHcIdztSdnlkCnNyeGEgUQR1fSR3E157MWAfdWtCbH9jVDtABGlHJX13HAsWVyp0cTFzA15wNAANc1RDZwdnBzdQd3hxKl0ABGZDVgFjWkZzHllQIFAVZHIqQgBdZgpWJ3JrHRMsQlwcRXtJByVPCER0GmE0dXcTdw5l HTTP/1.1
Host: parrecleftne.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: text/html
content-length: 1177
date: Tue, 20 Dec 2022 19:49:51 GMT
server: openresty/1.17.8.2
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
content-encoding: gzip
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
x-cache: Miss from cloudfront
via: 1.1 0078c2805bf98a4574ea5eee972aa9f6.cloudfront.net (CloudFront)
x-amz-cf-pop: ARN56-P1
x-amz-cf-id: N14j-z2IOyDtI8Ru3qx42Rkn1oLRZH1-F9qBf3E0pWVsdshWtKJHrQ==
X-Firefox-Spdy: h2
xfantazy.com/_next/static/jHZyLbKEM9kba_Tjd8V5n/pages/_app.js
172.64.162.22200 OK 0 B URL HTTP/2 xfantazy.com/_next/static/jHZyLbKEM9kba_Tjd8V5n/pages/_app.js
IP 172.64.162.22:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /_next/static/jHZyLbKEM9kba_Tjd8V5n/pages/_app.js HTTP/1.1
Host: xfantazy.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/video/62b0468413dbbc05e42a40cf
Cookie: visitorId=n911w4w633owt6udelmtyj; experiment-popup-payment-7=0; experiment-save-to-button-2=0
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Tue, 20 Dec 2022 19:49:48 GMT
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=31536000, immutable
cf-bgj: minify
etag: W/"20e2f-1852f08cf96"
last-modified: Tue, 20 Dec 2022 10:16:24 GMT
vary: Origin, Accept-Encoding
cf-cache-status: HIT
age: 34299
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=YVrkl58OUxyYzTJT5V%2BlZsx7%2BjipVHNRmFlSjQApzkIZdLb3Vjr9CxBeGe3wagK5x%2FWnhIWCso2AFPZQsF1Iza%2FFs0e3N2FfTce747V6zsicL%2FclDCk9qIMNKAGehRQ%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 77cae73f589923e8-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ndblowthroug.info/TjV4MFVhChtDaC9jEEAMI1EcaQMmZy4BJThiSUANFnIUVgAIeF5EPCoIQQZnfgRMFiUnUUUBcz1BGUQgPQhJFjwgUxcNczgISR5mehtLAXt8Ew0NZGhBCFEycwReQCE6WUUBY3kETQZgeQxACWJ3
104.21.2.112204 No Content 0 B URL HTTP/2 ndblowthroug.info/TjV4MFVhChtDaC9jEEAMI1EcaQMmZy4BJThiSUANFnIUVgAIeF5EPCoIQQZnfgRMFiUnUUUBcz1BGUQgPQhJFjwgUxcNczgISR5mehtLAXt8Ew0NZGhBCFEycwReQCE6WUUBY3kETQZgeQxACWJ3
IP 104.21.2.112:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /TjV4MFVhChtDaC9jEEAMI1EcaQMmZy4BJThiSUANFnIUVgAIeF5EPCoIQQZnfgRMFiUnUUUBcz1BGUQgPQhJFjwgUxcNczgISR5mehtLAXt8Ew0NZGhBCFEycwReQCE6WUUBY3kETQZgeQxACWJ3 HTTP/1.1
Host: ndblowthroug.info
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 204 No Content
date: Tue, 20 Dec 2022 19:49:51 GMT
access-control-allow-origin: *
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=W4HdYHoXv6C3C1He9KJRjHMRKGhLuaeKU%2FDTGWmUZKyJwHpaZYdKttJrlIxrsYii7V8JSfO04YkfNIT7Jnv4x1S%2Fa%2BxvHPRKbzCoJIpvtn4iNRSA%2FvxqwJymmeH2kNRHDHPeIg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 77cae755adce1c06-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash da362ec1e2f93636113155c10a21619a
78166c5b8d1d94373dffacde64ff9c675e2fddef
80525a9ed48a9684a6558be11feb06020a7900110960585c6c405ff37e08072c
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "80525A9ED48A9684A6558BE11FEB06020A7900110960585C6C405FF37E08072C"
Last-Modified: Tue, 20 Dec 2022 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=13346
Expires: Tue, 20 Dec 2022 23:32:17 GMT
Date: Tue, 20 Dec 2022 19:49:51 GMT
Connection: keep-alive
parrecleftne.xyz/YU9qcTAALQkcDwByCFdFEyNXVAInalg3VFI7UkZfDiBaRwlWP1JfUw0gHxVWEyAEBR4PKh5UAicfOyREKR0+JFkrDAEbcwsaAzgDBgIOQlxSKys3XigbOwBnGwlYO2g3OC4IVwwJAUlJIggvCWQYGVgVAi8VIzJlBiooPFsrHDhFciYsGzhJAgYOJgAbATweQQUlWhxoCBoQP3NQAiQldgkCLCMIKyYNVAInFylBXisiKzlyUnoaFWIjNQ9DCBgXKUlGKgsgNmopI1k6ACckDylUUQ09SAc4ITBCaikjWTxcFjkMKX4GDQ0/RQUXPD9UUnYDFV4FJA8pHQJ8O0NiVQ0EIHYFCDxCUiMNEBRJICg8GF8KFgQVSgJ8HkNUMBkdFAM7KChCdRUDABVhKzY7VAInFisSeAQhDgZ3UgkePF4GCkwbQw4hGkxSUQokElEyNRky
108.157.214.119200 OK 1.2 kB URL HTTP/2 parrecleftne.xyz/YU9qcTAALQkcDwByCFdFEyNXVAInalg3VFI7UkZfDiBaRwlWP1JfUw0gHxVWEyAEBR4PKh5UAicfOyREKR0+JFkrDAEbcwsaAzgDBgIOQlxSKys3XigbOwBnGwlYO2g3OC4IVwwJAUlJIggvCWQYGVgVAi8VIzJlBiooPFsrHDhFciYsGzhJAgYOJgAbATweQQUlWhxoCBoQP3NQAiQldgkCLCMIKyYNVAInFylBXisiKzlyUnoaFWIjNQ9DCBgXKUlGKgsgNmopI1k6ACckDylUUQ09SAc4ITBCaikjWTxcFjkMKX4GDQ0/RQUXPD9UUnYDFV4FJA8pHQJ8O0NiVQ0EIHYFCDxCUiMNEBRJICg8GF8KFgQVSgJ8HkNUMBkdFAM7KChCdRUDABVhKzY7VAInFisSeAQhDgZ3UgkePF4GCkwbQw4hGkxSUQokElEyNRky
IP 108.157.214.119:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (3037), with no line terminators
Hash f0f61832a0e0b82c2f8004f419b393a2
74b9dfaa01eb74799cecc41b3ceb3da68b019b57
6ea126812b5715549cf67cccdd45f86eeb11a18c7640dc694225e96455452151
GET /YU9qcTAALQkcDwByCFdFEyNXVAInalg3VFI7UkZfDiBaRwlWP1JfUw0gHxVWEyAEBR4PKh5UAicfOyREKR0+JFkrDAEbcwsaAzgDBgIOQlxSKys3XigbOwBnGwlYO2g3OC4IVwwJAUlJIggvCWQYGVgVAi8VIzJlBiooPFsrHDhFciYsGzhJAgYOJgAbATweQQUlWhxoCBoQP3NQAiQldgkCLCMIKyYNVAInFylBXisiKzlyUnoaFWIjNQ9DCBgXKUlGKgsgNmopI1k6ACckDylUUQ09SAc4ITBCaikjWTxcFjkMKX4GDQ0/RQUXPD9UUnYDFV4FJA8pHQJ8O0NiVQ0EIHYFCDxCUiMNEBRJICg8GF8KFgQVSgJ8HkNUMBkdFAM7KChCdRUDABVhKzY7VAInFisSeAQhDgZ3UgkePF4GCkwbQw4hGkxSUQokElEyNRky HTTP/1.1
Host: parrecleftne.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: text/html
content-length: 1186
date: Tue, 20 Dec 2022 19:49:51 GMT
server: openresty/1.17.8.2
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
content-encoding: gzip
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
x-cache: Miss from cloudfront
via: 1.1 0078c2805bf98a4574ea5eee972aa9f6.cloudfront.net (CloudFront)
x-amz-cf-pop: ARN56-P1
x-amz-cf-id: TTC8plkyEnZ7sQTAmvKMMb8yGa2ewmKSbNj4Dfd5oUfPnkqe31fGmw==
X-Firefox-Spdy: h2
repentbits.com/impr.gif?sid=H4sIAAAAAAAC%2F6xUX2gcVRe%2F06%2FfxwdFsVIQBcvgarVgNndmdpPdlhDTJk2XpkmaRAIilDv33tm97p0%2F3HtnJ4kPllalCELqk29OTtLG2tJaqNgHhbLxQclTV0T2wYAPPokgCD6K7CZSfRB88MLM%2BR1%2BM5zf75zDfXst3UEYUtKdPRuvCCnJYLmI7RcWRcTiTNvTC7aDi%2Fi4vSiiodJxe6n3Uq1jDi4X8VF7ktNmPOhiB2MHO%2FYpoXgQLw32WRDJzapTrOJiyS065RIsqb%2FmOrVAEwtYawc9DoJ1%2Ftv46g4I2oYo%2FHic66aJkxcnwlQSEytosc2Xo2YUZxGED2GgLAiizb2vIdYdhN7fB3G0uecA4tZGzwH4ooOsbx3wo809meC3ru4q9SXwCHx2ALJWG7hsgyBtoPElEOwBAqAMpmcgCq9Nxyojy7ss6bEdtP%2FXX0BkHbT%2Fu0MQhbdOSLFkz8cyNSKONCwFOYilNoh6G5J0C8yKBSLbAmougmAIojAHwbrPusOkRF0%2FGGAVTAZKFcwG%2FKBSGXB96hBcqlaHK0P91gjRBhG0QfJVINqCtPcIC9LAgjSxIGRdm5SrAcbDgR94XqVEKfU8SsuVIVZmXqkSYEhpT%2FsqmGQVqFwFqi5Aoi5AU1zpIHRxA1R6H3QjB80s0AZBi%2BWQcQSZRpARBJlAkBkEWSu%2FyqR2dX6NSZ36zl5096KXr8emvkauxqbOI7SW7KCDva5Zj7zxPDR513adgHvVMg5KjsuxO0Q9L3D8Icr5kONxn4AWOQi9r%2B91RXTQ4fIBSEQH%2FX%2F0PvhkC7TcAioeA5I%2BDSRbH3YxkMZ6qYJhJboXEZMqIhucSNPQcaooL1KZ%2BsDiHBKzH8yytSZ30JP9Sbo%2F%2FQacbr%2F0vxvvvPrD3eeAqhwSlcNr4gsEdXl5fS7O0MZcnGl0ZyYxIhQrpDfleUMMRx%2Bd4ctZrFhtXK9eH6M9ogdvLnBtpkjERFTX6MYJwRhXp2JFOfq8phe5P5vqxolURWkyNXvyVC1MFNdaxFEbiHiw9ArQntlPrvf396mxd0GoLVBpd7xhTHJscJBKQZvFhMpmMSIh381HNSdmxBuqYtc9Qphgf2AxwhbHePV0c%2Fzc%2BLnzGMJ0e%2FTuyveTtw69DiJuA03e%2FLBQqJ2cmS4UunN%2FU8I00tCPiJD%2FtMwREdbNiKBxdL1QWKgtTE0UCp%2FVbEbqNle2XG42OSN1HtlMRPbPH7x373ahMD4xf3KuNrtQ60ux5w1RxtaJkJIbO%2BTMdjDG9vTMGduPo1TfLhSmxuYmJ87Xzo5NThQK3dP%2FlnjQyTbaO6BjBEo%2BzP3EgizN15Xrb4%2FCM988cfjopyBFBx0beRQk3x798tyPbx2%2BNwfEz0HzP%2F34EK%2Fpy1BXFhBzqX8dtFQOLZkDkaug0%2F%2Bsm0Rtj37t9Q%2F40lr3pbI2fKnkld2d1aJrl50Sr%2FiVYcqYzylzhl2v4mHsMlYarnKnCkZ3KBzc%2BR0AAP%2F%2FAQAA%2F%2F%2BXsOeV8AUAAA%3D%3D
173.233.139.164200 OK 7 B URL HTTP/1.1 repentbits.com/impr.gif?sid=H4sIAAAAAAAC%2F6xUX2gcVRe%2F06%2FfxwdFsVIQBcvgarVgNndmdpPdlhDTJk2XpkmaRAIilDv33tm97p0%2F3HtnJ4kPllalCELqk29OTtLG2tJaqNgHhbLxQclTV0T2wYAPPokgCD6K7CZSfRB88MLM%2BR1%2BM5zf75zDfXst3UEYUtKdPRuvCCnJYLmI7RcWRcTiTNvTC7aDi%2Fi4vSiiodJxe6n3Uq1jDi4X8VF7ktNmPOhiB2MHO%2FYpoXgQLw32WRDJzapTrOJiyS065RIsqb%2FmOrVAEwtYawc9DoJ1%2Ftv46g4I2oYo%2FHic66aJkxcnwlQSEytosc2Xo2YUZxGED2GgLAiizb2vIdYdhN7fB3G0uecA4tZGzwH4ooOsbx3wo809meC3ru4q9SXwCHx2ALJWG7hsgyBtoPElEOwBAqAMpmcgCq9Nxyojy7ss6bEdtP%2FXX0BkHbT%2Fu0MQhbdOSLFkz8cyNSKONCwFOYilNoh6G5J0C8yKBSLbAmougmAIojAHwbrPusOkRF0%2FGGAVTAZKFcwG%2FKBSGXB96hBcqlaHK0P91gjRBhG0QfJVINqCtPcIC9LAgjSxIGRdm5SrAcbDgR94XqVEKfU8SsuVIVZmXqkSYEhpT%2FsqmGQVqFwFqi5Aoi5AU1zpIHRxA1R6H3QjB80s0AZBi%2BWQcQSZRpARBJlAkBkEWSu%2FyqR2dX6NSZ36zl5096KXr8emvkauxqbOI7SW7KCDva5Zj7zxPDR513adgHvVMg5KjsuxO0Q9L3D8Icr5kONxn4AWOQi9r%2B91RXTQ4fIBSEQH%2FX%2F0PvhkC7TcAioeA5I%2BDSRbH3YxkMZ6qYJhJboXEZMqIhucSNPQcaooL1KZ%2BsDiHBKzH8yytSZ30JP9Sbo%2F%2FQacbr%2F0vxvvvPrD3eeAqhwSlcNr4gsEdXl5fS7O0MZcnGl0ZyYxIhQrpDfleUMMRx%2Bd4ctZrFhtXK9eH6M9ogdvLnBtpkjERFTX6MYJwRhXp2JFOfq8phe5P5vqxolURWkyNXvyVC1MFNdaxFEbiHiw9ArQntlPrvf396mxd0GoLVBpd7xhTHJscJBKQZvFhMpmMSIh381HNSdmxBuqYtc9Qphgf2AxwhbHePV0c%2Fzc%2BLnzGMJ0e%2FTuyveTtw69DiJuA03e%2FLBQqJ2cmS4UunN%2FU8I00tCPiJD%2FtMwREdbNiKBxdL1QWKgtTE0UCp%2FVbEbqNle2XG42OSN1HtlMRPbPH7x373ahMD4xf3KuNrtQ60ux5w1RxtaJkJIbO%2BTMdjDG9vTMGduPo1TfLhSmxuYmJ87Xzo5NThQK3dP%2FlnjQyTbaO6BjBEo%2BzP3EgizN15Xrb4%2FCM988cfjopyBFBx0beRQk3x798tyPbx2%2BNwfEz0HzP%2F34EK%2Fpy1BXFhBzqX8dtFQOLZkDkaug0%2F%2Bsm0Rtj37t9Q%2F40lr3pbI2fKnkld2d1aJrl50Sr%2FiVYcqYzylzhl2v4mHsMlYarnKnCkZ3KBzc%2BR0AAP%2F%2FAQAA%2F%2F%2BXsOeV8AUAAA%3D%3D
IP 173.233.139.164:0
File type ASCII text, with no line terminators
Hash 132d6af1b46048b45cf86cdee7991d31
eb7007d03d59b65bc6da7e098c4d38fc6dfb6285
ab852e838deccd742a03ca81d4a8d75cf1a00b327db3eaf46bd7da6b6db9384c
Analyzer Verdict Alert quad9 Sinkholed
GET /impr.gif?sid=H4sIAAAAAAAC%2F6xUX2gcVRe%2F06%2FfxwdFsVIQBcvgarVgNndmdpPdlhDTJk2XpkmaRAIilDv33tm97p0%2F3HtnJ4kPllalCELqk29OTtLG2tJaqNgHhbLxQclTV0T2wYAPPokgCD6K7CZSfRB88MLM%2BR1%2BM5zf75zDfXst3UEYUtKdPRuvCCnJYLmI7RcWRcTiTNvTC7aDi%2Fi4vSiiodJxe6n3Uq1jDi4X8VF7ktNmPOhiB2MHO%2FYpoXgQLw32WRDJzapTrOJiyS065RIsqb%2FmOrVAEwtYawc9DoJ1%2Ftv46g4I2oYo%2FHic66aJkxcnwlQSEytosc2Xo2YUZxGED2GgLAiizb2vIdYdhN7fB3G0uecA4tZGzwH4ooOsbx3wo809meC3ru4q9SXwCHx2ALJWG7hsgyBtoPElEOwBAqAMpmcgCq9Nxyojy7ss6bEdtP%2FXX0BkHbT%2Fu0MQhbdOSLFkz8cyNSKONCwFOYilNoh6G5J0C8yKBSLbAmougmAIojAHwbrPusOkRF0%2FGGAVTAZKFcwG%2FKBSGXB96hBcqlaHK0P91gjRBhG0QfJVINqCtPcIC9LAgjSxIGRdm5SrAcbDgR94XqVEKfU8SsuVIVZmXqkSYEhpT%2FsqmGQVqFwFqi5Aoi5AU1zpIHRxA1R6H3QjB80s0AZBi%2BWQcQSZRpARBJlAkBkEWSu%2FyqR2dX6NSZ36zl5096KXr8emvkauxqbOI7SW7KCDva5Zj7zxPDR513adgHvVMg5KjsuxO0Q9L3D8Icr5kONxn4AWOQi9r%2B91RXTQ4fIBSEQH%2FX%2F0PvhkC7TcAioeA5I%2BDSRbH3YxkMZ6qYJhJboXEZMqIhucSNPQcaooL1KZ%2BsDiHBKzH8yytSZ30JP9Sbo%2F%2FQacbr%2F0vxvvvPrD3eeAqhwSlcNr4gsEdXl5fS7O0MZcnGl0ZyYxIhQrpDfleUMMRx%2Bd4ctZrFhtXK9eH6M9ogdvLnBtpkjERFTX6MYJwRhXp2JFOfq8phe5P5vqxolURWkyNXvyVC1MFNdaxFEbiHiw9ArQntlPrvf396mxd0GoLVBpd7xhTHJscJBKQZvFhMpmMSIh381HNSdmxBuqYtc9Qphgf2AxwhbHePV0c%2Fzc%2BLnzGMJ0e%2FTuyveTtw69DiJuA03e%2FLBQqJ2cmS4UunN%2FU8I00tCPiJD%2FtMwREdbNiKBxdL1QWKgtTE0UCp%2FVbEbqNle2XG42OSN1HtlMRPbPH7x373ahMD4xf3KuNrtQ60ux5w1RxtaJkJIbO%2BTMdjDG9vTMGduPo1TfLhSmxuYmJ87Xzo5NThQK3dP%2FlnjQyTbaO6BjBEo%2BzP3EgizN15Xrb4%2FCM988cfjopyBFBx0beRQk3x798tyPbx2%2BNwfEz0HzP%2F34EK%2Fpy1BXFhBzqX8dtFQOLZkDkaug0%2F%2Bsm0Rtj37t9Q%2F40lr3pbI2fKnkld2d1aJrl50Sr%2FiVYcqYzylzhl2v4mHsMlYarnKnCkZ3KBzc%2BR0AAP%2F%2FAQAA%2F%2F%2BXsOeV8AUAAA%3D%3D HTTP/1.1
Host: repentbits.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Cookie: u_pl=17661735; uid_id2=27a4c2bf-d80a-480d-bf88-2bc1a0499786:1:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Tue, 20 Dec 2022 19:49:51 GMT
Content-Type: image/gif
Content-Length: 7
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: c2b38f8749e41b027ae269edf4addd55
Strict-Transport-Security: max-age=0; includeSubdomains
repentbits.com/pixel/sbs?c=1
173.233.139.164200 OK 0 B URL HTTP/1.1 repentbits.com/pixel/sbs?c=1
IP 173.233.139.164:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /pixel/sbs?c=1 HTTP/1.1
Host: repentbits.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Cookie: u_pl=17661735; uid_id2=27a4c2bf-d80a-480d-bf88-2bc1a0499786:1:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Tue, 20 Dec 2022 19:49:51 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
ocsp.pki.goog/s/gts1p5/lwa0GjFbdPI
142.250.74.131200 OK 471 B URL HTTP/1.1 ocsp.pki.goog/s/gts1p5/lwa0GjFbdPI
IP 142.250.74.131:0
Hash a9c02346ebe8d87ebe2289b21e4ef086
ccb5a9707317a03e0aedfa858531af2e1aaf1623
98778a6bdf0dff5d55964fdaa7fe8a46d75b556964523014c2c83dc0d1bcd154
POST /s/gts1p5/lwa0GjFbdPI HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 20 Dec 2022 19:49:51 GMT
Cache-Control: public, max-age=14400
Server: scaffolding on HTTPServer2
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ndblowthroug.info/VTVTaG16CjAbUAJjCQE5OFElMjsDAwYvXDhgCxg7NHIZMAg5cHUcBDEIal9cbAJmTh08UW5bX3NGJwkZIEZuWUs8WzUHUHNDblhDbRtiXUNlEyZVXHNBIwkKaAR1GBkhWW5ZW2IEZl5YYgxrUFVj
104.21.2.112204 No Content 0 B URL HTTP/2 ndblowthroug.info/VTVTaG16CjAbUAJjCQE5OFElMjsDAwYvXDhgCxg7NHIZMAg5cHUcBDEIal9cbAJmTh08UW5bX3NGJwkZIEZuWUs8WzUHUHNDblhDbRtiXUNlEyZVXHNBIwkKaAR1GBkhWW5ZW2IEZl5YYgxrUFVj
IP 104.21.2.112:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /VTVTaG16CjAbUAJjCQE5OFElMjsDAwYvXDhgCxg7NHIZMAg5cHUcBDEIal9cbAJmTh08UW5bX3NGJwkZIEZuWUs8WzUHUHNDblhDbRtiXUNlEyZVXHNBIwkKaAR1GBkhWW5ZW2IEZl5YYgxrUFVj HTTP/1.1
Host: ndblowthroug.info
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 204 No Content
date: Tue, 20 Dec 2022 19:49:51 GMT
access-control-allow-origin: *
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=rzvbUDpkMIzQ7RewYXr%2FkAN%2B8P37SsBq9peTHSL8ylOSUZnIzpnAZnIUHBzjVaiqUArdgih8VCAzQCeGrLR5lX6hFkXt7hRYRfxg26S%2F85OYcfI7PhK7gqA0xakZIhz%2BkqMsBg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 77cae755fe231c06-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.pki.goog/s/gts1p5/lwa0GjFbdPI
142.250.74.131200 OK 471 B URL HTTP/1.1 ocsp.pki.goog/s/gts1p5/lwa0GjFbdPI
IP 142.250.74.131:0
Hash a9c02346ebe8d87ebe2289b21e4ef086
ccb5a9707317a03e0aedfa858531af2e1aaf1623
98778a6bdf0dff5d55964fdaa7fe8a46d75b556964523014c2c83dc0d1bcd154
POST /s/gts1p5/lwa0GjFbdPI HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 20 Dec 2022 19:49:51 GMT
Cache-Control: public, max-age=14400
Server: scaffolding on HTTPServer2
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
a.naturalhealthsource.club/api/spots/406857?host=xfantazy.com&ev=197&wh=939&ww=1280&uuid=
135.181.208.216200 OK 569 B URL HTTP/2 a.naturalhealthsource.club/api/spots/406857?host=xfantazy.com&ev=197&wh=939&ww=1280&uuid=
IP 135.181.208.216:0
ASN #24940 Hetzner Online GmbH
Hash 46ba2b3bcf169cdec3b4b9c4b2be189a
f5e277e31a18b3ff107eaa1e91f5b39d6c93b658
8ecf2931734c8a9b53a1f2e8124613b579292f32d74f197fb3ad827646214cd6
GET /api/spots/406857?host=xfantazy.com&ev=197&wh=939&ww=1280&uuid= HTTP/1.1
Host: a.naturalhealthsource.club
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 20 Dec 2022 19:49:50 GMT
content-type: text/javascript; charset=utf-8
vary: Accept-Encoding
set-cookie: nauid=KKqVNswtrJnOI8zEHm35; Path=/; Expires=Wed, 11 Nov 2037 11:11:11 GMT; Secure; SameSite=None
cache-control: private
content-encoding: gzip
X-Firefox-Spdy: h2
ndblowthroug.info/TkxLcFZhcygDay0nEQUYCzgOFAAlDS01DHwUGjJjH38BEhcGfG0EPypxckdnd3t+ViYnKHZDZGg/PxEiOz92QmZ+e20ZOCgjdkFwOHF7Xm5gfX5eZmg5dkFwOjwqF2t/ajsEIiJxekZhf3l9RWF3dHNJZA
104.21.2.112204 No Content 0 B URL HTTP/2 ndblowthroug.info/TkxLcFZhcygDay0nEQUYCzgOFAAlDS01DHwUGjJjH38BEhcGfG0EPypxckdnd3t+ViYnKHZDZGg/PxEiOz92QmZ+e20ZOCgjdkFwOHF7Xm5gfX5eZmg5dkFwOjwqF2t/ajsEIiJxekZhf3l9RWF3dHNJZA
IP 104.21.2.112:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /TkxLcFZhcygDay0nEQUYCzgOFAAlDS01DHwUGjJjH38BEhcGfG0EPypxckdnd3t+ViYnKHZDZGg/PxEiOz92QmZ+e20ZOCgjdkFwOHF7Xm5gfX5eZmg5dkFwOjwqF2t/ajsEIiJxekZhf3l9RWF3dHNJZA HTTP/1.1
Host: ndblowthroug.info
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 204 No Content
date: Tue, 20 Dec 2022 19:49:51 GMT
access-control-allow-origin: *
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Y2MO%2FH7INgtq9X3I8O%2FpMckHtRcbRJWW1M16Odg6%2Fm7IsnP5uT9fxXT1njieJldjAjvUwk8cVMbAyoJLAHSvzElHHTibaagW5lXYTQrayrY%2FWSbhKMQ5x9ylgmer818Ebtrheg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 77cae756becd1c06-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
d3t87ooo0697p8.cloudfront.net/UZGhDclIHBy0UbRABJ09rU1l6RWdCAjAdPBRVJRUhUhkzM2YqMXVUJh4MfkJ0CAktFW9CDS0Rb1VOIhYwWVxlBiILA34HPAANJRs8AQxlBzNZBSwIOwgEIldgIl1tQndWWGsFOwoMLAUhQVpzHCZBWnNDYkpYZkEQQVpzBTsKXndXYSZNcUIqUlxmQRBBWn-MAJEFbAkNiUUZzW3dWWCQXMQ8HZkAUVlhyQmJVWHJXYFQOKgA3Agc7V2AiWXNHfFRONk9j
143.204.42.2200 OK 327 B URL HTTP/2 d3t87ooo0697p8.cloudfront.net/UZGhDclIHBy0UbRABJ09rU1l6RWdCAjAdPBRVJRUhUhkzM2YqMXVUJh4MfkJ0CAktFW9CDS0Rb1VOIhYwWVxlBiILA34HPAANJRs8AQxlBzNZBSwIOwgEIldgIl1tQndWWGsFOwoMLAUhQVpzHCZBWnNDYkpYZkEQQVpzBTsKXndXYSZNcUIqUlxmQRBBWn-MAJEFbAkNiUUZzW3dWWCQXMQ8HZkAUVlhyQmJVWHJXYFQOKgA3Agc7V2AiWXNHfFRONk9j
IP 143.204.42.2:0
File type ASCII text, with very long lines (415), with no line terminators
Hash b8d0fe92bd19bb77fa4b66e8aea059b1
771098eff0dbe72828c971b47a352ae2970df911
ff5a418d6d44b8956357643d011d9cadd918ad3bb4cffb7a31b0b99d48bc243a
GET /UZGhDclIHBy0UbRABJ09rU1l6RWdCAjAdPBRVJRUhUhkzM2YqMXVUJh4MfkJ0CAktFW9CDS0Rb1VOIhYwWVxlBiILA34HPAANJRs8AQxlBzNZBSwIOwgEIldgIl1tQndWWGsFOwoMLAUhQVpzHCZBWnNDYkpYZkEQQVpzBTsKXndXYSZNcUIqUlxmQRBBWn-MAJEFbAkNiUUZzW3dWWCQXMQ8HZkAUVlhyQmJVWHJXYFQOKgA3Agc7V2AiWXNHfFRONk9j HTTP/1.1
Host: d3t87ooo0697p8.cloudfront.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://parrecleftne.xyz/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-length: 327
date: Tue, 20 Dec 2022 19:49:51 GMT
access-control-allow-origin: *
cache-control: max-age=31556926
content-encoding: gzip
x-cache: Miss from cloudfront
via: 1.1 6480520a5e02f3163410e3134bd77baa.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: V-9F4BGkzaTPAIbELRk64govz4PijaWFwZ1HedrPjyP2EXuxD0yk2g==
X-Firefox-Spdy: h2
d3t87ooo0697p8.cloudfront.net/zYzFvNEsAXgFSdBdYCwlyVQNfBXlFWxxbJRMMFwAcGX8acyM3QytwKiF5OxI/GVVSBG0PUAFTdkVUAVd2UhcOUCleBUlBKl5cAE4iD10OEXklBEEEblEBR0MiDVUAQzhGA19aP0YDXwV7TQFKBwlGA19DIg0HWxF4IRRdBDNVBUoHCUYDX0Y9RgIuBXtWH1-8dblEBCFEoCF5KBg1RAV4Ee1IBXhF5U1cGRi4FXhcReSUAXwFlUxcaCXo
143.204.42.2200 OK 192 B URL HTTP/2 d3t87ooo0697p8.cloudfront.net/zYzFvNEsAXgFSdBdYCwlyVQNfBXlFWxxbJRMMFwAcGX8acyM3QytwKiF5OxI/GVVSBG0PUAFTdkVUAVd2UhcOUCleBUlBKl5cAE4iD10OEXklBEEEblEBR0MiDVUAQzhGA19aP0YDXwV7TQFKBwlGA19DIg0HWxF4IRRdBDNVBUoHCUYDX0Y9RgIuBXtWH1-8dblEBCFEoCF5KBg1RAV4Ee1IBXhF5U1cGRi4FXhcReSUAXwFlUxcaCXo
IP 143.204.42.2:0
File type ASCII text, with no line terminators
Hash 6fb9f07c8133a08dc74e657016e25f55
508042c3d3a934d19f9da36d7e7affa5f56db506
1f348c420c520855b19e5a88b1a87f33a8af5b129fd902f338d5841afa853355
GET /zYzFvNEsAXgFSdBdYCwlyVQNfBXlFWxxbJRMMFwAcGX8acyM3QytwKiF5OxI/GVVSBG0PUAFTdkVUAVd2UhcOUCleBUlBKl5cAE4iD10OEXklBEEEblEBR0MiDVUAQzhGA19aP0YDXwV7TQFKBwlGA19DIg0HWxF4IRRdBDNVBUoHCUYDX0Y9RgIuBXtWH1-8dblEBCFEoCF5KBg1RAV4Ee1IBXhF5U1cGRi4FXhcReSUAXwFlUxcaCXo HTTP/1.1
Host: d3t87ooo0697p8.cloudfront.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://parrecleftne.xyz/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-length: 192
date: Tue, 20 Dec 2022 19:49:51 GMT
access-control-allow-origin: *
cache-control: max-age=31556926
content-encoding: gzip
x-cache: Miss from cloudfront
via: 1.1 6480520a5e02f3163410e3134bd77baa.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: EgU4XRFiXijuOZ1ZAz6CmsCGdUbjuSAxHEMQUsUQTwdQF4cOydq8DA==
X-Firefox-Spdy: h2
d3t87ooo0697p8.cloudfront.net/PQUtHRTUiJCkjCjUiI3gMd3l3dAFnITQqWzF2JXVwDygmFk8yCGExTyV2d2NZICUgeBMkJSR4BGcqIycIdW0zNVoqdj0mXiUzNC1MNTFhMFR8Jig/XC0nJmAHB35pdRBze28yXC8vKDJGZHl3K0FkeXd0BW97YnZ3ZHl3MlwvfXNgBgNudXVNd39idndkeX-c3Q2R4BnQFdGV3bBBzeyAgViokYndzc3t2dQVwe3ZgB3EtLjdQJyQ/YAcHendwG3FtMngE
143.204.42.2200 OK 572 B URL HTTP/2 d3t87ooo0697p8.cloudfront.net/PQUtHRTUiJCkjCjUiI3gMd3l3dAFnITQqWzF2JXVwDygmFk8yCGExTyV2d2NZICUgeBMkJSR4BGcqIycIdW0zNVoqdj0mXiUzNC1MNTFhMFR8Jig/XC0nJmAHB35pdRBze28yXC8vKDJGZHl3K0FkeXd0BW97YnZ3ZHl3MlwvfXNgBgNudXVNd39idndkeX-c3Q2R4BnQFdGV3bBBzeyAgViokYndzc3t2dQVwe3ZgB3EtLjdQJyQ/YAcHendwG3FtMngE
IP 143.204.42.2:0
File type ASCII text, with very long lines (822), with no line terminators
Hash 48a948e9e9c8dde1083a80f0c530dfea
7d9d144ab9bc79570f6bdde6ed75180ce0cfed70
a6911c301a7528b3230eaaf0cd95054c030912fca48aeebd853e2abd519b563f
GET /PQUtHRTUiJCkjCjUiI3gMd3l3dAFnITQqWzF2JXVwDygmFk8yCGExTyV2d2NZICUgeBMkJSR4BGcqIycIdW0zNVoqdj0mXiUzNC1MNTFhMFR8Jig/XC0nJmAHB35pdRBze28yXC8vKDJGZHl3K0FkeXd0BW97YnZ3ZHl3MlwvfXNgBgNudXVNd39idndkeX-c3Q2R4BnQFdGV3bBBzeyAgViokYndzc3t2dQVwe3ZgB3EtLjdQJyQ/YAcHendwG3FtMngE HTTP/1.1
Host: d3t87ooo0697p8.cloudfront.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://parrecleftne.xyz/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-length: 572
date: Tue, 20 Dec 2022 19:49:51 GMT
access-control-allow-origin: *
cache-control: max-age=31556926
content-encoding: gzip
x-cache: Miss from cloudfront
via: 1.1 6480520a5e02f3163410e3134bd77baa.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: OvedFomu93FEYzU6G-z45GesXs9K55ZgM3fP6ztnkQLB8dn4epO9ow==
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash bb120a816fcf4f6afe7a3aeab18e7bbd
1f15e81595a0b524a2401d5566beaa0b8d4f61e6
cca2f14595c5ba6446c4e522883036fa07e31599909870ad42bc678587b1a91d
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5431
Cache-Control: max-age=149346
Content-Type: application/ocsp-response
Date: Tue, 20 Dec 2022 19:49:51 GMT
Etag: "63a1a10a-1d7"
Expires: Thu, 22 Dec 2022 13:18:57 GMT
Last-Modified: Tue, 20 Dec 2022 11:48:26 GMT
Server: ECS (ska/F714)
X-Cache: HIT
Content-Length: 471
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash a3f2bfb91d87077af1739a4e6743af16
2653762e39f4b63c21a2701526ee0ddf48d75687
f320fc73334a2740aff36d8145d4193488f02a452100981657b82753f6904de3
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 20 Dec 2022 19:49:51 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash a3f2bfb91d87077af1739a4e6743af16
2653762e39f4b63c21a2701526ee0ddf48d75687
f320fc73334a2740aff36d8145d4193488f02a452100981657b82753f6904de3
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 20 Dec 2022 19:49:51 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
xfantazy.com/_next/static/chunks/16.2fcecc4fbe403da70f1d.js
172.64.162.22200 OK 45 kB URL HTTP/2 xfantazy.com/_next/static/chunks/16.2fcecc4fbe403da70f1d.js
IP 172.64.162.22:0
File type ASCII text, with very long lines (20298), with no line terminators
Hash 22cc1c8814fa5f63dc6e81b40db5193e
44b193049d69027dbcce71d8f42f4e285c93540f
4f4a1e3ee588663fab29ac27badc5c4647491834674f3f62aafa2567fdba5759
GET /_next/static/chunks/16.2fcecc4fbe403da70f1d.js HTTP/1.1
Host: xfantazy.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/video/62b0468413dbbc05e42a40cf
Cookie: visitorId=n911w4w633owt6udelmtyj; experiment-popup-payment-7=0; experiment-save-to-button-2=0
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Tue, 20 Dec 2022 19:49:48 GMT
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=31536000, immutable
cf-bgj: minify
etag: W/"4f4a-183501634e6"
last-modified: Sun, 18 Sep 2022 10:12:56 GMT
vary: Origin, Accept-Encoding
cf-cache-status: HIT
age: 1348043
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=SlwI%2FSbRzTxQsvOUZ3Cgt9UCwW3fdlkwrisoHVNEyxck%2Bf1PFtgu3%2FYyYsr%2B0sE4guWqBkWi2YK%2FxiBBZLzvxHCI%2FRZx3kdRqy4bENqy7V3o%2FTGo4UWNHf0Gh7Bhi8c%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 77cae73f68b823e8-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
accounts.google.com/ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&uilel=3&hl=en&service=mail
216.58.207.237302 Found 396 B URL HTTP/2 accounts.google.com/ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&uilel=3&hl=en&service=mail
IP 216.58.207.237:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (380)
Hash e0e9c518d3a5a487cb728df787f8d9e6
b22dd9345d97c981da7ba20c7eeeee70bf8e26ab
569cfa45c79220825ab79739200523987b3f8764b8122d34cddce61baf518244
GET /ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&uilel=3&hl=en&service=mail HTTP/1.1
Host: accounts.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
content-type: text/html; charset=UTF-8
x-frame-options: DENY
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Tue, 20 Dec 2022 19:49:51 GMT
location: https://accounts.google.com/v3/signin/identifier?dsh=S-402228998%3A1671565791993527&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&hl=en&passive=true&service=mail&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&ifkv=AeAAQh47tBJAZG-3DDw798JUL9LQXM19VWNbzva4CanU31FvdlmF_P2OMLbpMJmqCN2qO3kSvpGn0g
strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: require-trusted-types-for 'script';report-uri /cspreport, script-src 'nonce--B1aNzQmDWffo8yIOoNdow' 'unsafe-inline' 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /cspreport
report-to: {"group":"coop_gse_qebhlk","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gse_qebhlk"}]}
cross-origin-opener-policy-report-only: same-origin; report-to="coop_gse_qebhlk"
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 396
server: GSE
set-cookie: __Host-GAPS=1:6IBat44atZiEeCpIK74_zqmBqzLDgw:oKFT6XadIijF6FqB;Path=/;Expires=Thu, 19-Dec-2024 19:49:51 GMT;Secure;HttpOnly;Priority=HIGH
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
accounts.google.com/ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&uilel=3&hl=en&service=youtube
216.58.207.237302 Found 397 B URL HTTP/2 accounts.google.com/ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&uilel=3&hl=en&service=youtube
IP 216.58.207.237:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (383)
Hash e424b032ff6aee06114fb7460dd033e5
836bf1ed742e136c513a5fb0133817fa51961049
156eced7cbddd9d1eecd417f1fce1d59bd9e1a7d15defd4a6c36c2014fbaf07e
GET /ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&uilel=3&hl=en&service=youtube HTTP/1.1
Host: accounts.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
content-type: text/html; charset=UTF-8
x-frame-options: DENY
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Tue, 20 Dec 2022 19:49:52 GMT
location: https://accounts.google.com/v3/signin/identifier?dsh=S-1778148800%3A1671565792001000&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&hl=en&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&ifkv=AeAAQh7WvKuGaNIONqwUFZKVQ1o14gYtoGUcaJ73nzzjGKtT1zBthggXZbQaRUS8na3KDAXS2-Z5
strict-transport-security: max-age=31536000; includeSubDomains
report-to: {"group":"coop_gse_qebhlk","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gse_qebhlk"}]}
content-security-policy: require-trusted-types-for 'script';report-uri /cspreport, script-src 'nonce-ss7-SbWID2MlMsw6TL6IQw' 'unsafe-inline' 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /cspreport
cross-origin-opener-policy-report-only: same-origin; report-to="coop_gse_qebhlk"
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 397
server: GSE
set-cookie: __Host-GAPS=1:fq20xKIVwRZnrp3_oHXTW0TS8ezEBg:vve6gdLM1P855iGF;Path=/;Expires=Thu, 19-Dec-2024 19:49:51 GMT;Secure;HttpOnly;Priority=HIGH
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
parrecleftne.xyz/utx?cb=J5ULN7FBzJsa&top=xfantazy.com&tid=971975
108.157.214.119204 No Content 0 B URL HTTP/2 parrecleftne.xyz/utx?cb=J5ULN7FBzJsa&top=xfantazy.com&tid=971975
IP 108.157.214.119:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /utx?cb=J5ULN7FBzJsa&top=xfantazy.com&tid=971975 HTTP/1.1
Host: parrecleftne.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://xfantazy.com
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 204 No Content
date: Tue, 20 Dec 2022 19:49:51 GMT
server: openresty/1.17.8.2
access-control-allow-credentials: true
access-control-allow-origin: https://xfantazy.com
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
set-cookie: ut=x; Expires=Tue, 20 Dec 2022 19:50:51 GMT; Max-Age=60
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
x-cache: Miss from cloudfront
via: 1.1 0078c2805bf98a4574ea5eee972aa9f6.cloudfront.net (CloudFront)
x-amz-cf-pop: ARN56-P1
x-amz-cf-id: QbvIuAfryyIk1cqYR08YnOCWuVCVSsYqJUuvhReDmSWHPIYP5Eo4gA==
X-Firefox-Spdy: h2
parrecleftne.xyz/utx?cb=6xXvNZuBRmul&top=xfantazy.com&tid=962014
108.157.214.119204 No Content 0 B URL HTTP/2 parrecleftne.xyz/utx?cb=6xXvNZuBRmul&top=xfantazy.com&tid=962014
IP 108.157.214.119:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /utx?cb=6xXvNZuBRmul&top=xfantazy.com&tid=962014 HTTP/1.1
Host: parrecleftne.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://xfantazy.com
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 204 No Content
date: Tue, 20 Dec 2022 19:49:51 GMT
server: openresty/1.17.8.2
access-control-allow-credentials: true
access-control-allow-origin: https://xfantazy.com
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
set-cookie: ut=x; Expires=Tue, 20 Dec 2022 19:50:51 GMT; Max-Age=60
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
x-cache: Miss from cloudfront
via: 1.1 0078c2805bf98a4574ea5eee972aa9f6.cloudfront.net (CloudFront)
x-amz-cf-pop: ARN56-P1
x-amz-cf-id: SdzPM9ILuOhQMZPYd0nODF_H5ycgN7AxesjKhQ6ISRiNPhzmSs9asg==
X-Firefox-Spdy: h2
us.doctorpost.net/metrics/save.img?event=impressions&bid-id=v2-1671565790265-7-8077-1178228-6277d85a-4a0c-f8a6-299a-6014260c161c&img=https%3A%2F%2Ftrack.trackingtraffo.com%2Fpush%2Fic%3Fauth%3Dpz6u78%26c%3Dnnc6u3oLhM1yDLMzdOaVSPtVxEcuE4i2SSdFm50wMxlqZ8e3hjD-tR3oLqtv0soSum44KKUKFTOW0CziXh_ybXMFZy4VlBZX-ebR77-jBBSqn5cbTmSjPbnUn6C6vDr2eaXZwiHrZOHbDaZ4XSi940Xpr1PdrNhQhoFOw5_R9DMczPBuftWyLbvrbr7qs7dAfKpy0ESFmioFA9IozYcMKfTz0Q-DKh5igy35TPy8CwCFkj0q72G63NXiDEdlLEppeQFuI9IWrr4420l4fsBERYRaffvWK3xA19epF7he__Vl0E_wfXUF5p1bYLVTjazynR1G7G1ob8Dw0sSXQhjgvHDUWPw2Lb_2ChHRJMHYcU_mxA7NLqk71dMF-VDtuZa-gyKZoXtP1OBcP8rSW37YORg2x5CM5Ssl-NYyOufT6DOIcoTWx9HIJRvHU1WTyP4b5en3wcSMqUTAIVC2O2Yss0H4Sk2UvYiINh_OmbXdBIcetJUjBR0qmYdAWVz8JvRv0n9x75qg7BFIPPaytq0VLGDY-zFwwMuQKsZhh7rrQE3eNMO8ZNlbEHCvdFoXyyPAFabPXonnJpvBSqTtqdmi79WVsPLQEJ3r9URrm5Z1xxXCdf8J
38.100.129.136302 Found 0 B URL HTTP/2 us.doctorpost.net/metrics/save.img?event=impressions&bid-id=v2-1671565790265-7-8077-1178228-6277d85a-4a0c-f8a6-299a-6014260c161c&img=https%3A%2F%2Ftrack.trackingtraffo.com%2Fpush%2Fic%3Fauth%3Dpz6u78%26c%3Dnnc6u3oLhM1yDLMzdOaVSPtVxEcuE4i2SSdFm50wMxlqZ8e3hjD-tR3oLqtv0soSum44KKUKFTOW0CziXh_ybXMFZy4VlBZX-ebR77-jBBSqn5cbTmSjPbnUn6C6vDr2eaXZwiHrZOHbDaZ4XSi940Xpr1PdrNhQhoFOw5_R9DMczPBuftWyLbvrbr7qs7dAfKpy0ESFmioFA9IozYcMKfTz0Q-DKh5igy35TPy8CwCFkj0q72G63NXiDEdlLEppeQFuI9IWrr4420l4fsBERYRaffvWK3xA19epF7he__Vl0E_wfXUF5p1bYLVTjazynR1G7G1ob8Dw0sSXQhjgvHDUWPw2Lb_2ChHRJMHYcU_mxA7NLqk71dMF-VDtuZa-gyKZoXtP1OBcP8rSW37YORg2x5CM5Ssl-NYyOufT6DOIcoTWx9HIJRvHU1WTyP4b5en3wcSMqUTAIVC2O2Yss0H4Sk2UvYiINh_OmbXdBIcetJUjBR0qmYdAWVz8JvRv0n9x75qg7BFIPPaytq0VLGDY-zFwwMuQKsZhh7rrQE3eNMO8ZNlbEHCvdFoXyyPAFabPXonnJpvBSqTtqdmi79WVsPLQEJ3r9URrm5Z1xxXCdf8J
IP 38.100.129.136:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /metrics/save.img?event=impressions&bid-id=v2-1671565790265-7-8077-1178228-6277d85a-4a0c-f8a6-299a-6014260c161c&img=https%3A%2F%2Ftrack.trackingtraffo.com%2Fpush%2Fic%3Fauth%3Dpz6u78%26c%3Dnnc6u3oLhM1yDLMzdOaVSPtVxEcuE4i2SSdFm50wMxlqZ8e3hjD-tR3oLqtv0soSum44KKUKFTOW0CziXh_ybXMFZy4VlBZX-ebR77-jBBSqn5cbTmSjPbnUn6C6vDr2eaXZwiHrZOHbDaZ4XSi940Xpr1PdrNhQhoFOw5_R9DMczPBuftWyLbvrbr7qs7dAfKpy0ESFmioFA9IozYcMKfTz0Q-DKh5igy35TPy8CwCFkj0q72G63NXiDEdlLEppeQFuI9IWrr4420l4fsBERYRaffvWK3xA19epF7he__Vl0E_wfXUF5p1bYLVTjazynR1G7G1ob8Dw0sSXQhjgvHDUWPw2Lb_2ChHRJMHYcU_mxA7NLqk71dMF-VDtuZa-gyKZoXtP1OBcP8rSW37YORg2x5CM5Ssl-NYyOufT6DOIcoTWx9HIJRvHU1WTyP4b5en3wcSMqUTAIVC2O2Yss0H4Sk2UvYiINh_OmbXdBIcetJUjBR0qmYdAWVz8JvRv0n9x75qg7BFIPPaytq0VLGDY-zFwwMuQKsZhh7rrQE3eNMO8ZNlbEHCvdFoXyyPAFabPXonnJpvBSqTtqdmi79WVsPLQEJ3r9URrm5Z1xxXCdf8J HTTP/1.1
Host: us.doctorpost.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
server: openresty/1.15.8.3
date: Tue, 20 Dec 2022 19:49:51 GMT
content-length: 0
location: https://track.trackingtraffo.com/push/ic?auth=pz6u78&c=nnc6u3oLhM1yDLMzdOaVSPtVxEcuE4i2SSdFm50wMxlqZ8e3hjD-tR3oLqtv0soSum44KKUKFTOW0CziXh_ybXMFZy4VlBZX-ebR77-jBBSqn5cbTmSjPbnUn6C6vDr2eaXZwiHrZOHbDaZ4XSi940Xpr1PdrNhQhoFOw5_R9DMczPBuftWyLbvrbr7qs7dAfKpy0ESFmioFA9IozYcMKfTz0Q-DKh5igy35TPy8CwCFkj0q72G63NXiDEdlLEppeQFuI9IWrr4420l4fsBERYRaffvWK3xA19epF7he__Vl0E_wfXUF5p1bYLVTjazynR1G7G1ob8Dw0sSXQhjgvHDUWPw2Lb_2ChHRJMHYcU_mxA7NLqk71dMF-VDtuZa-gyKZoXtP1OBcP8rSW37YORg2x5CM5Ssl-NYyOufT6DOIcoTWx9HIJRvHU1WTyP4b5en3wcSMqUTAIVC2O2Yss0H4Sk2UvYiINh_OmbXdBIcetJUjBR0qmYdAWVz8JvRv0n9x75qg7BFIPPaytq0VLGDY-zFwwMuQKsZhh7rrQE3eNMO8ZNlbEHCvdFoXyyPAFabPXonnJpvBSqTtqdmi79WVsPLQEJ3r9URrm5Z1xxXCdf8J
X-Firefox-Spdy: h2
us.doctorpost.net/metrics/save.img?event=impressions&bid-id=v2-1671565790687-7-8077-1178228-b9cdd0ab-9dea-1545-e2b7-a36c3c900042&img=https%3A%2F%2Ftrack.trackingtraffo.com%2Fpush%2Fic%3Fauth%3Dpz6u78%26c%3DB_ANSo3ojJy5i1TAzClNAuzBzuneDoiqnJGqwBr4C-SjroHekbEDw5c_G7CogU2CXUEAJ4aBPBMjbPdgxQD7gxkP-hbCphhkhb92ydegzA5Bmy1ntPele9ACfXSSbTnXgSn5KMyiEQ67NtfQq2H209Z2SyLn28wWon7VL5irjOoMMCFi7HXSN6xVvFqd0WeLD-7AvQpd6hsqCOyxpsK61AD8Ug8QncRNXnI7faOizf7gJ3RUexkDA07k64gG9prrflvNFl1mXXSQKWypjkf6_f9ciHZOgzaLHE1UmT7WxqNRMMtfIR5ksGKq3fvzu2rCIPK1DAFRWgTI9BPg_Wv3Zb4iHl7PI8uS23lUr_glFNNRVeX2XFf8M_sWZT96Sy1tqiqkidsh2NhjKHYqRJq2DcGjiBjyI3IMuun89Rf4mMaPDG2d986qOx6PM0TBznxWaiSqaTKzqiTQPkfyWPeZQC6F3rARomeqvggyVegOFYCIhuKE70e93Vq1tkeWVXMR5qq7pdMhyjrzK9jMxj7u_ho1DVMZknM1yNz7LMljtbepdbm_EkFiGN8ushuF4UbBsByevjNozIx2ZAVtPWEa_VRz0okVXsZHJcf5EkN3B4cN4rIv
38.100.129.136302 Found 0 B URL HTTP/2 us.doctorpost.net/metrics/save.img?event=impressions&bid-id=v2-1671565790687-7-8077-1178228-b9cdd0ab-9dea-1545-e2b7-a36c3c900042&img=https%3A%2F%2Ftrack.trackingtraffo.com%2Fpush%2Fic%3Fauth%3Dpz6u78%26c%3DB_ANSo3ojJy5i1TAzClNAuzBzuneDoiqnJGqwBr4C-SjroHekbEDw5c_G7CogU2CXUEAJ4aBPBMjbPdgxQD7gxkP-hbCphhkhb92ydegzA5Bmy1ntPele9ACfXSSbTnXgSn5KMyiEQ67NtfQq2H209Z2SyLn28wWon7VL5irjOoMMCFi7HXSN6xVvFqd0WeLD-7AvQpd6hsqCOyxpsK61AD8Ug8QncRNXnI7faOizf7gJ3RUexkDA07k64gG9prrflvNFl1mXXSQKWypjkf6_f9ciHZOgzaLHE1UmT7WxqNRMMtfIR5ksGKq3fvzu2rCIPK1DAFRWgTI9BPg_Wv3Zb4iHl7PI8uS23lUr_glFNNRVeX2XFf8M_sWZT96Sy1tqiqkidsh2NhjKHYqRJq2DcGjiBjyI3IMuun89Rf4mMaPDG2d986qOx6PM0TBznxWaiSqaTKzqiTQPkfyWPeZQC6F3rARomeqvggyVegOFYCIhuKE70e93Vq1tkeWVXMR5qq7pdMhyjrzK9jMxj7u_ho1DVMZknM1yNz7LMljtbepdbm_EkFiGN8ushuF4UbBsByevjNozIx2ZAVtPWEa_VRz0okVXsZHJcf5EkN3B4cN4rIv
IP 38.100.129.136:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /metrics/save.img?event=impressions&bid-id=v2-1671565790687-7-8077-1178228-b9cdd0ab-9dea-1545-e2b7-a36c3c900042&img=https%3A%2F%2Ftrack.trackingtraffo.com%2Fpush%2Fic%3Fauth%3Dpz6u78%26c%3DB_ANSo3ojJy5i1TAzClNAuzBzuneDoiqnJGqwBr4C-SjroHekbEDw5c_G7CogU2CXUEAJ4aBPBMjbPdgxQD7gxkP-hbCphhkhb92ydegzA5Bmy1ntPele9ACfXSSbTnXgSn5KMyiEQ67NtfQq2H209Z2SyLn28wWon7VL5irjOoMMCFi7HXSN6xVvFqd0WeLD-7AvQpd6hsqCOyxpsK61AD8Ug8QncRNXnI7faOizf7gJ3RUexkDA07k64gG9prrflvNFl1mXXSQKWypjkf6_f9ciHZOgzaLHE1UmT7WxqNRMMtfIR5ksGKq3fvzu2rCIPK1DAFRWgTI9BPg_Wv3Zb4iHl7PI8uS23lUr_glFNNRVeX2XFf8M_sWZT96Sy1tqiqkidsh2NhjKHYqRJq2DcGjiBjyI3IMuun89Rf4mMaPDG2d986qOx6PM0TBznxWaiSqaTKzqiTQPkfyWPeZQC6F3rARomeqvggyVegOFYCIhuKE70e93Vq1tkeWVXMR5qq7pdMhyjrzK9jMxj7u_ho1DVMZknM1yNz7LMljtbepdbm_EkFiGN8ushuF4UbBsByevjNozIx2ZAVtPWEa_VRz0okVXsZHJcf5EkN3B4cN4rIv HTTP/1.1
Host: us.doctorpost.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
server: openresty/1.15.8.3
date: Tue, 20 Dec 2022 19:49:51 GMT
content-length: 0
location: https://track.trackingtraffo.com/push/ic?auth=pz6u78&c=B_ANSo3ojJy5i1TAzClNAuzBzuneDoiqnJGqwBr4C-SjroHekbEDw5c_G7CogU2CXUEAJ4aBPBMjbPdgxQD7gxkP-hbCphhkhb92ydegzA5Bmy1ntPele9ACfXSSbTnXgSn5KMyiEQ67NtfQq2H209Z2SyLn28wWon7VL5irjOoMMCFi7HXSN6xVvFqd0WeLD-7AvQpd6hsqCOyxpsK61AD8Ug8QncRNXnI7faOizf7gJ3RUexkDA07k64gG9prrflvNFl1mXXSQKWypjkf6_f9ciHZOgzaLHE1UmT7WxqNRMMtfIR5ksGKq3fvzu2rCIPK1DAFRWgTI9BPg_Wv3Zb4iHl7PI8uS23lUr_glFNNRVeX2XFf8M_sWZT96Sy1tqiqkidsh2NhjKHYqRJq2DcGjiBjyI3IMuun89Rf4mMaPDG2d986qOx6PM0TBznxWaiSqaTKzqiTQPkfyWPeZQC6F3rARomeqvggyVegOFYCIhuKE70e93Vq1tkeWVXMR5qq7pdMhyjrzK9jMxj7u_ho1DVMZknM1yNz7LMljtbepdbm_EkFiGN8ushuF4UbBsByevjNozIx2ZAVtPWEa_VRz0okVXsZHJcf5EkN3B4cN4rIv
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 97216d9347c0d3c1bab297df919688d5
61eca83749fd58d5ce753bf65419435d522c2ce5
7277b81f23f6516aa706c00202e0705421837431095d5b1f7fb0f283ab5736ff
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 20 Dec 2022 19:49:52 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
e1.o.lencr.org/
23.36.77.32200 OK 346 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 74b964efe850b3fe69f1286d15aad337
56dccbf88769a3297ba5e105053b54bddc58ffcf
ea02e75c95915ed16c0cc8627e9589a6dae8dbcbd7f1de42df0f307420e824ca
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 346
ETag: "EA02E75C95915ED16C0CC8627E9589A6DAE8DBCBD7F1DE42DF0F307420E824CA"
Last-Modified: Tue, 20 Dec 2022 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4282
Expires: Tue, 20 Dec 2022 21:01:14 GMT
Date: Tue, 20 Dec 2022 19:49:52 GMT
Connection: keep-alive
accounts.google.com/v3/signin/identifier?dsh=S-402228998%3A1671565791993527&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&hl=en&passive=true&service=mail&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&ifkv=AeAAQh47tBJAZG-3DDw798JUL9LQXM19VWNbzva4CanU31FvdlmF_P2OMLbpMJmqCN2qO3kSvpGn0g
216.58.207.237403 Forbidden 1.3 kB URL HTTP/2 accounts.google.com/v3/signin/identifier?dsh=S-402228998%3A1671565791993527&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&hl=en&passive=true&service=mail&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&ifkv=AeAAQh47tBJAZG-3DDw798JUL9LQXM19VWNbzva4CanU31FvdlmF_P2OMLbpMJmqCN2qO3kSvpGn0g
IP 216.58.207.237:0
Hash 43599bfda184121827fc9dab78b5c4d3
06401af107561b590bf26e88e4ce4449dac6d103
3c6eb565dd9790589305c4ecafce8ae488e198790f9fe53e44ee8ffb89fa7316
GET /v3/signin/identifier?dsh=S-402228998%3A1671565791993527&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&hl=en&passive=true&service=mail&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&ifkv=AeAAQh47tBJAZG-3DDw798JUL9LQXM19VWNbzva4CanU31FvdlmF_P2OMLbpMJmqCN2qO3kSvpGn0g HTTP/1.1
Host: accounts.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://xfantazy.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 403 Forbidden
content-type: text/html; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Tue, 20 Dec 2022 19:49:52 GMT
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
strict-transport-security: max-age=31536000; includeSubDomains
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-opener-policy-report-only: same-origin
content-security-policy: script-src 'nonce-4OTNKmJuKr5Z5dp1QRGV1w' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /v3/signin/_/AccountsSignInUi/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com;report-uri /v3/signin/_/AccountsSignInUi/cspreport/allowlist, require-trusted-types-for 'script';report-uri /v3/signin/_/AccountsSignInUi/cspreport
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-platform=*, ch-ua-platform-version=*
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
static-cache.k2s.cc/thumbnail/Je_G6Cenwqa-rTTCqw/w320h240/0.jpeg
188.72.235.185200 OK 11 kB URL HTTP/2 static-cache.k2s.cc/thumbnail/Je_G6Cenwqa-rTTCqw/w320h240/0.jpeg
IP 188.72.235.185:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v80), quality = 80", baseline, precision 8, 320x240, components 3\012- data
Hash 7a42da94f1e709f5cc2d03f7af60b7e9
c5a7949c147afb822304cc12457ba243acd43ec7
d4ef8e2e3516fc8760e15b0414c40494e3c3ea9f4073df62c1b620cfe0d0b92f
GET /thumbnail/Je_G6Cenwqa-rTTCqw/w320h240/0.jpeg HTTP/1.1
Host: static-cache.k2s.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: openresty
date: Tue, 20 Dec 2022 19:49:52 GMT
content-type: image/jpeg
content-length: 11361
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
access-control-allow-origin: *
x-cache-status: HIT
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 279 B IP 93.184.220.29:0
Hash 63299245995096f3c9188c7a26250368
e87fbb4af9edf926ba2bda31e5710dad28c5a9e1
dc953d5aaa381023c8ed518f9ef7c4ade9dfe67f75f15fec1ba7dc2a60a5466c
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4880
Cache-Control: max-age=135527
Content-Type: application/ocsp-response
Date: Tue, 20 Dec 2022 19:49:52 GMT
Etag: "63a16d37-117"
Expires: Thu, 22 Dec 2022 09:28:39 GMT
Last-Modified: Tue, 20 Dec 2022 08:07:19 GMT
Server: ECS (ska/F714)
X-Cache: HIT
Content-Length: 279
pogothere.xyz/asd100.bin
172.64.173.27200 OK 114 kB IP 172.64.173.27:0
Size 114 kB (114342 bytes)
Hash ba047696696d3f8aab571ce3d01f8240
21f49a093ea3f7a216e94e68f04b9904acf131f2
40d3d6fd15eaef671b30affa6dae5873833e28aa6c1e517eed7f14e992b21a5e
GET /asd100.bin HTTP/1.1
Host: pogothere.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://xfantazy.com/
Origin: https://xfantazy.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Tue, 20 Dec 2022 19:49:52 GMT
content-type: binary/octet-stream
access-control-allow-origin: https://xfantazy.com
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-headers: X-Requested-With, content-type
cache-control: max-age=14400
cf-cache-status: HIT
age: 67
last-modified: Tue, 20 Dec 2022 19:48:45 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=S07Wzz4J5qslt%2BTwlRnynPdAYG8hBnv0fhxRQU94vvdBo9sinddFi6YlInDED75%2B7Em5jhEZVRHL%2BrRsJn3p%2Fvq0xQFKsnue7A5L63%2BxXiwE5N8uXew0TCow1X7lvcYt"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 77cae75818b571d2-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
static-cache.k2s.cc/thumbnail/d7uStHevnKbu8T-XrA/w320h240/0.jpeg
188.72.235.185200 OK 15 kB URL HTTP/2 static-cache.k2s.cc/thumbnail/d7uStHevnKbu8T-XrA/w320h240/0.jpeg
IP 188.72.235.185:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v80), quality = 80", baseline, precision 8, 320x240, components 3\012- data
Hash 491c60aba80649b2d2edc06dae22d462
e620544c19165d43c3dbace381e70ace784eeb54
14f655f11a04135a0b4f3e6f1c22414cc090ee962a2d5d214b61bbb1c1e312fe
GET /thumbnail/d7uStHevnKbu8T-XrA/w320h240/0.jpeg HTTP/1.1
Host: static-cache.k2s.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: openresty
date: Tue, 20 Dec 2022 19:49:52 GMT
content-type: image/jpeg
content-length: 15015
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
access-control-allow-origin: *
x-cache-status: HIT
X-Firefox-Spdy: h2
static-cache.k2s.cc/thumbnail/cOrG7yLzyq698G-Q-A/w320h240/0.jpeg
188.72.235.185200 OK 20 kB URL HTTP/2 static-cache.k2s.cc/thumbnail/cOrG7yLzyq698G-Q-A/w320h240/0.jpeg
IP 188.72.235.185:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v80), quality = 80", baseline, precision 8, 320x240, components 3\012- data
Hash 27eb6dcd4075bc8b3f0b44f8b786be09
1c14941e14c09d4ac3498442cb1a32551a37673b
237aeb16ed0bd940e6178bc24166008226f161f202f3cbe9d2a82f38e5b270c1
GET /thumbnail/cOrG7yLzyq698G-Q-A/w320h240/0.jpeg HTTP/1.1
Host: static-cache.k2s.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: openresty
date: Tue, 20 Dec 2022 19:49:52 GMT
content-type: image/jpeg
content-length: 20371
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
access-control-allow-origin: *
x-cache-status: HIT
X-Firefox-Spdy: h2
static-cache.k2s.cc/thumbnail/JeSRtSD3wqjpq2ie-w/w320h240/0.jpeg
188.72.235.185200 OK 9.3 kB URL HTTP/2 static-cache.k2s.cc/thumbnail/JeSRtSD3wqjpq2ie-w/w320h240/0.jpeg
IP 188.72.235.185:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v80), quality = 80", baseline, precision 8, 320x240, components 3\012- data
Hash ddacf2db4e838d07c6dd6afef385df50
ea367bb00f452c6dfabf944aa8b69f589d2bb864
a22b4522df36334a4dab7adc4acaec97f62c1ba562c8948033270d9a1ba7069d
GET /thumbnail/JeSRtSD3wqjpq2ie-w/w320h240/0.jpeg HTTP/1.1
Host: static-cache.k2s.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: openresty
date: Tue, 20 Dec 2022 19:49:52 GMT
content-type: image/jpeg
content-length: 9293
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
access-control-allow-origin: *
x-cache-status: HIT
X-Firefox-Spdy: h2
pogothere.xyz/
172.64.173.27200 OK 8.2 kB IP 172.64.173.27:0
File type ASCII text, with no line terminators
Hash d3e1f43cc1e33969ade0079c5a3519f8
3afd27f459c6df6d7fe0922bdb42c11a0a2f54d2
a7a31b23e7e6b3159a5c263d61e3948718a682cca79e256e97188f6f354031ea
GET / HTTP/1.1
Host: pogothere.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://xfantazy.com/
Origin: https://xfantazy.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Tue, 20 Dec 2022 19:49:52 GMT
content-type: text/plain
set-cookie: csu=1849731236450974@1@1671565792; Max-Age=31104000; Secure; SameSite=None
access-control-allow-origin: https://xfantazy.com
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-headers: X-Requested-With, content-type
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=NpsPLuYZEPU1oIFGh2Lx4p8tq8%2BxJ8KLDaia4GmrMn8BVdodGnmG9QOtcZLC37IipsasB2fTK74JNAOOkkkfO4A5yWkWB5%2BTm%2Fs7f%2FLUEaosbsa%2B2XNKzlv%2Bk1MqEgPp"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 77cae75818b071d2-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
static-cache.k2s.cc/thumbnail/J7nAvXLzw6i__ziQ9w/w320h240/0.jpeg
188.72.235.185200 OK 10 kB URL HTTP/2 static-cache.k2s.cc/thumbnail/J7nAvXLzw6i__ziQ9w/w320h240/0.jpeg
IP 188.72.235.185:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v80), quality = 80", baseline, precision 8, 320x240, components 3\012- data
Hash 0026c1655ae174b012349c7232342404
37f62ba30d692ce8c7756c7dc23ef187a340145a
75854f6b1b04296fd4abd2f588396017081620d1f19e425425183faf237b5f3c
GET /thumbnail/J7nAvXLzw6i__ziQ9w/w320h240/0.jpeg HTTP/1.1
Host: static-cache.k2s.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: openresty
date: Tue, 20 Dec 2022 19:49:52 GMT
content-type: image/jpeg
content-length: 10154
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
access-control-allow-origin: *
x-cache-status: HIT
X-Firefox-Spdy: h2
www.facebook.com/login.php?next=https%3A%2F%2Fwww.facebook.com%2Ffavicon.ico%3F_rdr%3Dp
31.13.72.36200 OK 41 kB URL HTTP/2 www.facebook.com/login.php?next=https%3A%2F%2Fwww.facebook.com%2Ffavicon.ico%3F_rdr%3Dp
IP 31.13.72.36:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (30552)
Hash cc39d7b3c8dd0b6c5264678d6d14ccb0
ebb4be0356b3334ec3ec8470c9bd75f058b28aff
c9c1ba48ce1ad7f16e75e62fec10059024872cd70ee0f7d469b7983d96af86c3
GET /login.php?next=https%3A%2F%2Fwww.facebook.com%2Ffavicon.ico%3F_rdr%3Dp HTTP/1.1
Host: www.facebook.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-encoding: br
pragma: no-cache
cache-control: private, no-cache, no-store, must-revalidate
expires: Sat, 01 Jan 2000 00:00:00 GMT
content-security-policy-report-only: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* wss://*.fbcdn.net attachment.fbsbx.com blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ *.fbsbx.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster: *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: *.fbcdn.net;worker-src blob: *.facebook.com data:;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
content-security-policy: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* wss://*.fbcdn.net attachment.fbsbx.com blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ *.fbsbx.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster: *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: *.fbcdn.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
report-to: {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown"}]}
x-frame-options: DENY
x-content-type-options: nosniff
x-xss-protection: 0
cross-origin-opener-policy: same-origin-allow-popups
vary: Sec-Fetch-Site, Sec-Fetch-Mode, Accept-Encoding
strict-transport-security: max-age=15552000; preload
content-type: text/html; charset="utf-8"
x-fb-debug: 6KXA669ulaOESVo4k/vSNYHq3Ge2ARQvvmgd3/LZAbAjkMic5zipoK8I9cq93aqlSq5A0WS3UgWYr+S8PiXlHg==
date: Tue, 20 Dec 2022 19:49:52 GMT
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 672827275d58aecc79ae4bcc371cba0c
10a6612ed8a279be7ce06c3d5aaa82e61c52d0d0
d58e7d299ceadaa5f8c4e7dcf7ff0e4bcf3c6e2756104858364d31d56f397dc7
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "D58E7D299CEADAA5F8C4E7DCF7FF0E4BCF3C6E2756104858364D31D56F397DC7"
Last-Modified: Sun, 18 Dec 2022 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9525
Expires: Tue, 20 Dec 2022 22:28:37 GMT
Date: Tue, 20 Dec 2022 19:49:52 GMT
Connection: keep-alive
static-cache.k2s.cc/thumbnail/IOvFvnb3nv_tqz_E-w/w320h240/0.jpeg
188.72.235.185200 OK 15 kB URL HTTP/2 static-cache.k2s.cc/thumbnail/IOvFvnb3nv_tqz_E-w/w320h240/0.jpeg
IP 188.72.235.185:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v80), quality = 80", baseline, precision 8, 320x240, components 3\012- data
Hash 313fee413ab4b79403413505913cb64a
388aa578541ab49a711a82a6cb2e3a544cb22f05
6f282bcd98f266aab7ae381710e00cf3b110357141ced29516a1cf518adc2d20
GET /thumbnail/IOvFvnb3nv_tqz_E-w/w320h240/0.jpeg HTTP/1.1
Host: static-cache.k2s.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: openresty
date: Tue, 20 Dec 2022 19:49:52 GMT
content-type: image/jpeg
content-length: 15026
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
access-control-allow-origin: *
x-cache-status: HIT
X-Firefox-Spdy: h2
ads.adxadserv.com/ad?spotid=636bc5d561d6e27071201a23&type=300x250&output=html
185.98.53.2200 OK 45 kB URL HTTP/2 ads.adxadserv.com/ad?spotid=636bc5d561d6e27071201a23&type=300x250&output=html
IP 185.98.53.2:0
ASN #39572 DataWeb Global Group B.V.
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=4, xresolution=62, yresolution=70, resolutionunit=3, software=paint.net 4.3.11], baseline, precision 8, 950x150, components 3\012- data
Hash f29bd07eab153cf0622d4cdf94efa354
190683e3093d2abad32a2b0455ec0285322a3f10
c5779d0508713040d25e0c2738dd0fcde30d4c0acd4b6d8396a4fd0d27f964bd
GET /ad?spotid=636bc5d561d6e27071201a23&type=300x250&output=html HTTP/1.1
Host: ads.adxadserv.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Tue, 20 Dec 2022 19:49:52 GMT
content-type: text/html; charset=utf-8
content-length: 1631
cache-control: no-cache
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 279 B IP 93.184.220.29:0
Hash 63299245995096f3c9188c7a26250368
e87fbb4af9edf926ba2bda31e5710dad28c5a9e1
dc953d5aaa381023c8ed518f9ef7c4ade9dfe67f75f15fec1ba7dc2a60a5466c
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4880
Cache-Control: max-age=135527
Content-Type: application/ocsp-response
Date: Tue, 20 Dec 2022 19:49:52 GMT
Etag: "63a16d37-117"
Expires: Thu, 22 Dec 2022 09:28:39 GMT
Last-Modified: Tue, 20 Dec 2022 08:07:19 GMT
Server: ECS (ska/F714)
X-Cache: HIT
Content-Length: 279
ocsp.sectigo.com/
104.18.32.68200 OK 471 B IP 104.18.32.68:0
Hash 707a75781f08409b53c43a85fe9245cb
fa131c04ec9a044ac06a8c75c8a2f2d992fe9da1
65a210bed290505cfe123e0a2210696a4662d382248ac39f254fb57e489870ed
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Tue, 20 Dec 2022 19:49:52 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Sat, 17 Dec 2022 18:28:16 GMT
Expires: Sat, 24 Dec 2022 18:28:15 GMT
Etag: "fa131c04ec9a044ac06a8c75c8a2f2d992fe9da1"
Cache-Control: max-age=340102,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb3
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 77cae75aae0eb51b-OSL
ocsp.sectigo.com/
104.18.32.68200 OK 471 B IP 104.18.32.68:0
Hash 707a75781f08409b53c43a85fe9245cb
fa131c04ec9a044ac06a8c75c8a2f2d992fe9da1
65a210bed290505cfe123e0a2210696a4662d382248ac39f254fb57e489870ed
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Tue, 20 Dec 2022 19:49:52 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Sat, 17 Dec 2022 18:28:16 GMT
Expires: Sat, 24 Dec 2022 18:28:15 GMT
Etag: "fa131c04ec9a044ac06a8c75c8a2f2d992fe9da1"
Cache-Control: max-age=340102,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb5
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 77cae75a9e6bb524-OSL
a.naturalhealthsource.club/api/spots/312875?p=1&s1=%subid1%&kw=
135.181.208.216200 OK 3.7 kB URL HTTP/2 a.naturalhealthsource.club/api/spots/312875?p=1&s1=%subid1%&kw=
IP 135.181.208.216:0
ASN #24940 Hetzner Online GmbH
Hash 489e2333ffa68eb8a18a71158db65675
b3b58c7b742ab6a75a0bf27cb1815e16435bada7
9d18080ea75a5cfce194e329899d99ad75e69499eaaaf4add4eddaac13888f6f
GET /api/spots/312875?p=1&s1=%subid1%&kw= HTTP/1.1
Host: a.naturalhealthsource.club
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Cookie: nauid=KKqVNswtrJnOI8zEHm35
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 20 Dec 2022 19:49:52 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
cache-control: private
content-encoding: gzip
X-Firefox-Spdy: h2
track.trackingtraffo.com/push/ic?auth=pz6u78&c=B_ANSo3ojJy5i1TAzClNAuzBzuneDoiqnJGqwBr4C-SjroHekbEDw5c_G7CogU2CXUEAJ4aBPBMjbPdgxQD7gxkP-hbCphhkhb92ydegzA5Bmy1ntPele9ACfXSSbTnXgSn5KMyiEQ67NtfQq2H209Z2SyLn28wWon7VL5irjOoMMCFi7HXSN6xVvFqd0WeLD-7AvQpd6hsqCOyxpsK61AD8Ug8QncRNXnI7faOizf7gJ3RUexkDA07k64gG9prrflvNFl1mXXSQKWypjkf6_f9ciHZOgzaLHE1UmT7WxqNRMMtfIR5ksGKq3fvzu2rCIPK1DAFRWgTI9BPg_Wv3Zb4iHl7PI8uS23lUr_glFNNRVeX2XFf8M_sWZT96Sy1tqiqkidsh2NhjKHYqRJq2DcGjiBjyI3IMuun89Rf4mMaPDG2d986qOx6PM0TBznxWaiSqaTKzqiTQPkfyWPeZQC6F3rARomeqvggyVegOFYCIhuKE70e93Vq1tkeWVXMR5qq7pdMhyjrzK9jMxj7u_ho1DVMZknM1yNz7LMljtbepdbm_EkFiGN8ushuF4UbBsByevjNozIx2ZAVtPWEa_VRz0okVXsZHJcf5EkN3B4cN4rIv
88.214.195.156302 Found 0 B URL HTTP/1.1 track.trackingtraffo.com/push/ic?auth=pz6u78&c=B_ANSo3ojJy5i1TAzClNAuzBzuneDoiqnJGqwBr4C-SjroHekbEDw5c_G7CogU2CXUEAJ4aBPBMjbPdgxQD7gxkP-hbCphhkhb92ydegzA5Bmy1ntPele9ACfXSSbTnXgSn5KMyiEQ67NtfQq2H209Z2SyLn28wWon7VL5irjOoMMCFi7HXSN6xVvFqd0WeLD-7AvQpd6hsqCOyxpsK61AD8Ug8QncRNXnI7faOizf7gJ3RUexkDA07k64gG9prrflvNFl1mXXSQKWypjkf6_f9ciHZOgzaLHE1UmT7WxqNRMMtfIR5ksGKq3fvzu2rCIPK1DAFRWgTI9BPg_Wv3Zb4iHl7PI8uS23lUr_glFNNRVeX2XFf8M_sWZT96Sy1tqiqkidsh2NhjKHYqRJq2DcGjiBjyI3IMuun89Rf4mMaPDG2d986qOx6PM0TBznxWaiSqaTKzqiTQPkfyWPeZQC6F3rARomeqvggyVegOFYCIhuKE70e93Vq1tkeWVXMR5qq7pdMhyjrzK9jMxj7u_ho1DVMZknM1yNz7LMljtbepdbm_EkFiGN8ushuF4UbBsByevjNozIx2ZAVtPWEa_VRz0okVXsZHJcf5EkN3B4cN4rIv
IP 88.214.195.156:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /push/ic?auth=pz6u78&c=B_ANSo3ojJy5i1TAzClNAuzBzuneDoiqnJGqwBr4C-SjroHekbEDw5c_G7CogU2CXUEAJ4aBPBMjbPdgxQD7gxkP-hbCphhkhb92ydegzA5Bmy1ntPele9ACfXSSbTnXgSn5KMyiEQ67NtfQq2H209Z2SyLn28wWon7VL5irjOoMMCFi7HXSN6xVvFqd0WeLD-7AvQpd6hsqCOyxpsK61AD8Ug8QncRNXnI7faOizf7gJ3RUexkDA07k64gG9prrflvNFl1mXXSQKWypjkf6_f9ciHZOgzaLHE1UmT7WxqNRMMtfIR5ksGKq3fvzu2rCIPK1DAFRWgTI9BPg_Wv3Zb4iHl7PI8uS23lUr_glFNNRVeX2XFf8M_sWZT96Sy1tqiqkidsh2NhjKHYqRJq2DcGjiBjyI3IMuun89Rf4mMaPDG2d986qOx6PM0TBznxWaiSqaTKzqiTQPkfyWPeZQC6F3rARomeqvggyVegOFYCIhuKE70e93Vq1tkeWVXMR5qq7pdMhyjrzK9jMxj7u_ho1DVMZknM1yNz7LMljtbepdbm_EkFiGN8ushuF4UbBsByevjNozIx2ZAVtPWEa_VRz0okVXsZHJcf5EkN3B4cN4rIv HTTP/1.1
Host: track.trackingtraffo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 302 Found
Server: nginx/1.18.0 (Ubuntu)
Date: Tue, 20 Dec 2022 19:49:52 GMT
Content-Length: 0
Connection: keep-alive
Cache-Control: no-cache, max-age=0, must-revalidate, proxy-revalidate, no-store
Pragma: no-cache
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Location: https://ads.trackingtraffo.com/creatives/k1qy286gxmd5g3dpr397nw5v/1659515047164-National Casino black.png
track.trackingtraffo.com/push/ic?auth=pz6u78&c=nnc6u3oLhM1yDLMzdOaVSPtVxEcuE4i2SSdFm50wMxlqZ8e3hjD-tR3oLqtv0soSum44KKUKFTOW0CziXh_ybXMFZy4VlBZX-ebR77-jBBSqn5cbTmSjPbnUn6C6vDr2eaXZwiHrZOHbDaZ4XSi940Xpr1PdrNhQhoFOw5_R9DMczPBuftWyLbvrbr7qs7dAfKpy0ESFmioFA9IozYcMKfTz0Q-DKh5igy35TPy8CwCFkj0q72G63NXiDEdlLEppeQFuI9IWrr4420l4fsBERYRaffvWK3xA19epF7he__Vl0E_wfXUF5p1bYLVTjazynR1G7G1ob8Dw0sSXQhjgvHDUWPw2Lb_2ChHRJMHYcU_mxA7NLqk71dMF-VDtuZa-gyKZoXtP1OBcP8rSW37YORg2x5CM5Ssl-NYyOufT6DOIcoTWx9HIJRvHU1WTyP4b5en3wcSMqUTAIVC2O2Yss0H4Sk2UvYiINh_OmbXdBIcetJUjBR0qmYdAWVz8JvRv0n9x75qg7BFIPPaytq0VLGDY-zFwwMuQKsZhh7rrQE3eNMO8ZNlbEHCvdFoXyyPAFabPXonnJpvBSqTtqdmi79WVsPLQEJ3r9URrm5Z1xxXCdf8J
88.214.195.156302 Found 0 B URL HTTP/1.1 track.trackingtraffo.com/push/ic?auth=pz6u78&c=nnc6u3oLhM1yDLMzdOaVSPtVxEcuE4i2SSdFm50wMxlqZ8e3hjD-tR3oLqtv0soSum44KKUKFTOW0CziXh_ybXMFZy4VlBZX-ebR77-jBBSqn5cbTmSjPbnUn6C6vDr2eaXZwiHrZOHbDaZ4XSi940Xpr1PdrNhQhoFOw5_R9DMczPBuftWyLbvrbr7qs7dAfKpy0ESFmioFA9IozYcMKfTz0Q-DKh5igy35TPy8CwCFkj0q72G63NXiDEdlLEppeQFuI9IWrr4420l4fsBERYRaffvWK3xA19epF7he__Vl0E_wfXUF5p1bYLVTjazynR1G7G1ob8Dw0sSXQhjgvHDUWPw2Lb_2ChHRJMHYcU_mxA7NLqk71dMF-VDtuZa-gyKZoXtP1OBcP8rSW37YORg2x5CM5Ssl-NYyOufT6DOIcoTWx9HIJRvHU1WTyP4b5en3wcSMqUTAIVC2O2Yss0H4Sk2UvYiINh_OmbXdBIcetJUjBR0qmYdAWVz8JvRv0n9x75qg7BFIPPaytq0VLGDY-zFwwMuQKsZhh7rrQE3eNMO8ZNlbEHCvdFoXyyPAFabPXonnJpvBSqTtqdmi79WVsPLQEJ3r9URrm5Z1xxXCdf8J
IP 88.214.195.156:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /push/ic?auth=pz6u78&c=nnc6u3oLhM1yDLMzdOaVSPtVxEcuE4i2SSdFm50wMxlqZ8e3hjD-tR3oLqtv0soSum44KKUKFTOW0CziXh_ybXMFZy4VlBZX-ebR77-jBBSqn5cbTmSjPbnUn6C6vDr2eaXZwiHrZOHbDaZ4XSi940Xpr1PdrNhQhoFOw5_R9DMczPBuftWyLbvrbr7qs7dAfKpy0ESFmioFA9IozYcMKfTz0Q-DKh5igy35TPy8CwCFkj0q72G63NXiDEdlLEppeQFuI9IWrr4420l4fsBERYRaffvWK3xA19epF7he__Vl0E_wfXUF5p1bYLVTjazynR1G7G1ob8Dw0sSXQhjgvHDUWPw2Lb_2ChHRJMHYcU_mxA7NLqk71dMF-VDtuZa-gyKZoXtP1OBcP8rSW37YORg2x5CM5Ssl-NYyOufT6DOIcoTWx9HIJRvHU1WTyP4b5en3wcSMqUTAIVC2O2Yss0H4Sk2UvYiINh_OmbXdBIcetJUjBR0qmYdAWVz8JvRv0n9x75qg7BFIPPaytq0VLGDY-zFwwMuQKsZhh7rrQE3eNMO8ZNlbEHCvdFoXyyPAFabPXonnJpvBSqTtqdmi79WVsPLQEJ3r9URrm5Z1xxXCdf8J HTTP/1.1
Host: track.trackingtraffo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 302 Found
Server: nginx/1.18.0 (Ubuntu)
Date: Tue, 20 Dec 2022 19:49:52 GMT
Content-Length: 0
Connection: keep-alive
Cache-Control: no-cache, max-age=0, must-revalidate, proxy-revalidate, no-store
Pragma: no-cache
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Location: https://ads.trackingtraffo.com/creatives/k1qy286gxmd5g3dpr397nw5v/1659515047164-National Casino black.png
a.realsrv.com/ad-provider.js
185.76.9.15200 OK 23 kB URL HTTP/2 a.realsrv.com/ad-provider.js
IP 185.76.9.15:0
ASN #60068 Datacamp Limited
Hash b5a8b2c4210207c1bde80984511f0a40
fd5fec7570a5855fcfed177cc33af3d7feb7029d
be855128227b02682750c31ff00ea74c7bbbe8ab06d717e14a63d18d3619db8e
GET /ad-provider.js HTTP/1.1
Host: a.realsrv.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://a.naturalhealthsource.club/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Tue, 20 Dec 2022 19:49:52 GMT
content-type: application/javascript
etag: W/"f26c91d131ffc1bbddb296d644e"
expires: Tue, 20 Dec 2022 20:56:37 GMT
cache-control: max-age=10800
access-control-allow-origin: *
x-cache-op: HIT
x-accel-expires: @1671569946
server: CDN77-Turbo
x-77-nzt: AblMCQ0oTtT/9hkAAA
x-77-nzt-ray: c0a4cc28933a6ed9e011a26365e34127
x-cache: HIT
x-age: 6646
x-77-pop: stockholmSE
x-77-cache: HIT
content-encoding: gzip
X-Firefox-Spdy: h2
pogothere.xyz/asd100.bin
172.64.173.27200 OK 103 kB IP 172.64.173.27:0
Size 103 kB (103063 bytes)
Hash 6bd5335c5ac7909908d58ad008e57aee
d46d5e988b06af93410f844f4782cabf690e577b
ffc702845251de4f5f06becd16aabaf737144ecd638102ff4759e09839b7fc65
GET /asd100.bin HTTP/1.1
Host: pogothere.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://xfantazy.com/
Origin: https://xfantazy.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Tue, 20 Dec 2022 19:49:52 GMT
content-type: binary/octet-stream
access-control-allow-origin: https://xfantazy.com
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-headers: X-Requested-With, content-type
cache-control: max-age=14400
cf-cache-status: HIT
age: 67
last-modified: Tue, 20 Dec 2022 19:48:45 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=xSKyyn4Ozc0CfFrcf6HOCX9VJXslFbdX9WP6IkWC6VJn3%2Fr6AC8GIjXCl2yEUBYcdTrdjvgvBxu8qI3OOdLhCxz8RSKlOMYWc%2FVCFgIgeW0VzD5bcRYjR18HHPWywqdZ"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 77cae75808a271d2-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
media.aso1.net/js/ifr.html
172.64.163.11200 OK 14 kB URL HTTP/2 media.aso1.net/js/ifr.html
IP 172.64.163.11:0
File type ASCII text, with no line terminators
Hash a2383dd3e4a28793da4fd089fba1f92b
020751b2f0ac27023bdd5789d04cf10fd10cb2fc
ff6d29f2d7a4eb45b8c4903c381f7a0e04a57baccd730494c20a22a09511e2ba
GET /js/ifr.html HTTP/1.1
Host: media.aso1.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Tue, 20 Dec 2022 19:49:52 GMT
content-type: text/html
last-modified: Wed, 07 Dec 2022 09:51:59 GMT
etag: W/"6390623f-6ff"
expires: Sat, 10 Dec 2022 15:05:05 GMT
cache-control: max-age=259200
x-robots-tag: noindex, nofollow, noarchive, noimageindex
cf-cache-status: HIT
age: 1140286
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=lY08OuPlWq9Fvjdt3%2BY5%2FBXulRd85%2BfR0ZBhjmK%2BCmsFuUgAB7L65F3cMAhRO36jE%2FE3jnnBarSCrNwmlYi8kWFGtmL9OYYujCHw%2FvBZ6ULQp7f91J%2BWasIuBdCjqX%2FoSA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 77cae75a7a1d407e-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 279 B IP 93.184.220.29:0
Hash 7ac57ecaac030d2dffdc202babb38d0f
e752c7ce17c9e360c1175148eb39f713c0f6244b
9277c88dafe51717225610f102e8b347b37173df8350435a939b47e50a0f7cc9
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6070
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Tue, 20 Dec 2022 19:49:52 GMT
Last-Modified: Tue, 20 Dec 2022 18:08:42 GMT
Server: ECS (ska/F714)
X-Cache: HIT
Content-Length: 279
syndication.realsrv.com/v1/api.php
95.211.229.245200 OK 1.1 kB URL HTTP/1.1 syndication.realsrv.com/v1/api.php
IP 95.211.229.245:0
ASN #60781 LeaseWeb Netherlands B.V.
File type JSON data\012- , ASCII text, with very long lines (1474), with no line terminators
Hash fed24560ccc45a16ed57c15460a7e6bb
4ab01d63ca0d29c3271d59a8b9a24bd778d71158
e726ea974347289289931c6330be9dce54ea9af80a0b2a85298b1a4de09025b8
POST /v1/api.php HTTP/1.1
Host: syndication.realsrv.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 335
Origin: https://a.naturalhealthsource.club
Connection: keep-alive
Referer: https://a.naturalhealthsource.club/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Tue, 20 Dec 2022 19:49:53 GMT
Content-Type: application/json
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Origin: https://a.naturalhealthsource.club
Access-Control-Allow-Headers: Authorization, Content-Type
Access-Control-Request-Method: POST
Access-Control-Allow-Credentials: true
Set-Cookie: __uvt=a%3A1%3A%7Bi%3A0%3Bs%3A32%3A%2263a211e0e937b2.02329568341064222%22%3B%7D; expires=Thu, 19-Dec-2024 19:49:53 GMT; Max-Age=63072000; path=/; domain=realsrv.com; secure; SameSite=None
X-Robots-Tag: noindex, follow
Content-Encoding: gzip
syndication.realsrv.com/v1/api.php
95.211.229.245200 OK 1.1 kB URL HTTP/1.1 syndication.realsrv.com/v1/api.php
IP 95.211.229.245:0
ASN #60781 LeaseWeb Netherlands B.V.
File type JSON data\012- , ASCII text, with very long lines (1479), with no line terminators
Hash 693c87a229b4162f6a5da835c7054ab8
8c56e9e2b3425af3b301080b46d99e59f20d6237
a12cc831440a1398e5ad72d7dc37065410f027d82d8f33bdc96929ceb72e94bf
POST /v1/api.php HTTP/1.1
Host: syndication.realsrv.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 335
Origin: https://a.naturalhealthsource.club
Connection: keep-alive
Referer: https://a.naturalhealthsource.club/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Tue, 20 Dec 2022 19:49:53 GMT
Content-Type: application/json
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Origin: https://a.naturalhealthsource.club
Access-Control-Allow-Headers: Authorization, Content-Type
Access-Control-Request-Method: POST
Access-Control-Allow-Credentials: true
Set-Cookie: __uvt=a%3A1%3A%7Bi%3A0%3Bs%3A33%3A%2263a211e10295f8.601170993702158149%22%3B%7D; expires=Thu, 19-Dec-2024 19:49:53 GMT; Max-Age=63072000; path=/; domain=realsrv.com; secure; SameSite=None
X-Robots-Tag: noindex, follow
Content-Encoding: gzip
a.naturalhealthsource.club/api/spots/312875?p=1&s1=%subid1%&kw=
135.181.208.216200 OK 3.8 kB URL HTTP/2 a.naturalhealthsource.club/api/spots/312875?p=1&s1=%subid1%&kw=
IP 135.181.208.216:0
ASN #24940 Hetzner Online GmbH
Hash 8eaf7bcbef5d3db2cf8b18092c19645f
17ec8603eaff4526a2974c4c26549e4ef3c8f317
b5a02941c27ae2f59f1860ee2f4d0b29cf5a51200c773929bda6664923760d9f
GET /api/spots/312875?p=1&s1=%subid1%&kw= HTTP/1.1
Host: a.naturalhealthsource.club
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Cookie: nauid=KKqVNswtrJnOI8zEHm35
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 20 Dec 2022 19:49:52 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
cache-control: private
content-encoding: gzip
X-Firefox-Spdy: h2
syndication.realsrv.com/v1/api.php
95.211.229.245200 OK 1.1 kB URL HTTP/1.1 syndication.realsrv.com/v1/api.php
IP 95.211.229.245:0
ASN #60781 LeaseWeb Netherlands B.V.
File type JSON data\012- , ASCII text, with very long lines (1473), with no line terminators
Hash a0f1c514cd320db995f41345bd8e6f57
0e3a14b6f7c885dd87150297243fbf002aa0a953
d1fdf46c27760a9165816b0d22bc6659f6eaed4e109bba1c8421c3e89cf40ca1
POST /v1/api.php HTTP/1.1
Host: syndication.realsrv.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 335
Origin: https://a.naturalhealthsource.club
Connection: keep-alive
Referer: https://a.naturalhealthsource.club/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Tue, 20 Dec 2022 19:49:53 GMT
Content-Type: application/json
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Origin: https://a.naturalhealthsource.club
Access-Control-Allow-Headers: Authorization, Content-Type
Access-Control-Request-Method: POST
Access-Control-Allow-Credentials: true
Set-Cookie: __uvt=a%3A1%3A%7Bi%3A0%3Bs%3A32%3A%2263a211e10890f8.16065888794117534%22%3B%7D; expires=Thu, 19-Dec-2024 19:49:53 GMT; Max-Age=63072000; path=/; domain=realsrv.com; secure; SameSite=None
X-Robots-Tag: noindex, follow
Content-Encoding: gzip
syndication.realsrv.com/cimp.php?t=api&data=H4sIAAAAAAAAA3WOTWoDMQyFr9ILxEiyZI+ybrYtpOQAtmeGLIYU8gMpvMPXM4XSTfUW+hBP0hMS2bHshF5Y9+p7i3AOTkElsCne3o9QxqXcH9eynKey3M+3z8e1TaEtjwpWIhtgKakneCaKCZqHZN6nNIAH48gZnERiTA4lRFCXWFRdKRCx5YiBcDgdcfp47TPXbGAIItFTjDqvWSAE7UzP9cSYpn6b1adUa/NcUk1jzqVonTvH1YgS/k1PPwpkztsz+tWOt9aLsFG5fV0a8Meyyralvqy6NpScecxVqc1ZC4vb7NLq3KZGrnH6BpUJ+oFxAQAA
95.211.229.245200 OK 20 B URL HTTP/1.1 syndication.realsrv.com/cimp.php?t=api&data=H4sIAAAAAAAAA3WOTWoDMQyFr9ILxEiyZI+ybrYtpOQAtmeGLIYU8gMpvMPXM4XSTfUW+hBP0hMS2bHshF5Y9+p7i3AOTkElsCne3o9QxqXcH9eynKey3M+3z8e1TaEtjwpWIhtgKakneCaKCZqHZN6nNIAH48gZnERiTA4lRFCXWFRdKRCx5YiBcDgdcfp47TPXbGAIItFTjDqvWSAE7UzP9cSYpn6b1adUa/NcUk1jzqVonTvH1YgS/k1PPwpkztsz+tWOt9aLsFG5fV0a8Meyyralvqy6NpScecxVqc1ZC4vb7NLq3KZGrnH6BpUJ+oFxAQAA
IP 95.211.229.245:0
ASN #60781 LeaseWeb Netherlands B.V.
Hash a4745abc5e7fdb89cc6df3069f3c6e69
74789f7ddbebd5b7323f6f8174005b4bf8c1f1ed
d1111b245f685176180e6f1631e6dc49badf6672368e9ce260c71355165effdf
GET /cimp.php?t=api&data=H4sIAAAAAAAAA3WOTWoDMQyFr9ILxEiyZI+ybrYtpOQAtmeGLIYU8gMpvMPXM4XSTfUW+hBP0hMS2bHshF5Y9+p7i3AOTkElsCne3o9QxqXcH9eynKey3M+3z8e1TaEtjwpWIhtgKakneCaKCZqHZN6nNIAH48gZnERiTA4lRFCXWFRdKRCx5YiBcDgdcfp47TPXbGAIItFTjDqvWSAE7UzP9cSYpn6b1adUa/NcUk1jzqVonTvH1YgS/k1PPwpkztsz+tWOt9aLsFG5fV0a8Meyyralvqy6NpScecxVqc1ZC4vb7NLq3KZGrnH6BpUJ+oFxAQAA HTTP/1.1
Host: syndication.realsrv.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://a.naturalhealthsource.club
Connection: keep-alive
Referer: https://a.naturalhealthsource.club/
Cookie: __uvt=a%3A1%3A%7Bi%3A0%3Bs%3A33%3A%2263a211e10295f8.601170993702158149%22%3B%7D
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Tue, 20 Dec 2022 19:49:53 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Origin: https://a.naturalhealthsource.club
Access-Control-Allow-Credentials: true
Set-Cookie: __upt=%7B%22v%22%3A1%2C%22id%22%3A%220%22%2C%22pcma%22%3A%22%22%2C%22acma%22%3A%22508.0199%22%7D; expires=Thu, 19 Dec 2024 19:49:53 GMT; path=/; domain=.realsrv.com; Secure; SameSite=none
X-Robots-Tag: noindex, follow
Content-Encoding: gzip
a.naturalhealthsource.club/api/spots/303891?p=1&s1=%subid1%&kw=
135.181.208.216200 OK 3.5 kB URL HTTP/2 a.naturalhealthsource.club/api/spots/303891?p=1&s1=%subid1%&kw=
IP 135.181.208.216:0
ASN #24940 Hetzner Online GmbH
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- assembler source, ASCII text, with very long lines (712)
Hash f0a94b8eeed266ae0663566fcc4adccc
01107bee68d5a93c943e4492153c33f67e2ef492
26f7a9d6b78d9f89bfd1c5af433c265e2dc2adeda669c62e19a724be181be30f
GET /api/spots/303891?p=1&s1=%subid1%&kw= HTTP/1.1
Host: a.naturalhealthsource.club
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Cookie: nauid=KKqVNswtrJnOI8zEHm35
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 20 Dec 2022 19:49:52 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
cache-control: private
content-encoding: gzip
X-Firefox-Spdy: h2
syndication.realsrv.com/cimp.php?t=api&data=H4sIAAAAAAAAA3WQS2oDQQxEr5ILuNG/p72Otwk4+ADdM2O8MA74Aw7U4dMzgZBNVAs9hFQSEhLZsGyEXti2VrauKJwKJZPEbnh738MYl3p/XOv5NNfz/XT7fFzHOY3nRwMbkQ/wCCuBkok0YHmIIILTAB6clTM4RFSjwAgK6hJXs4USEXtWDITdYY/Dx2uvFcsOhkCJnuLUebkFQrDO9Fwsppi7N1uZo7Wx5BotppxrtXbsrEsjavr3evpRolBbl9GvNrymHoSV6u3rMgJ/Whb5OsT9D7YkNBuDm9WqxfpPpiNpUXWaZBb1I38DqN6X9HEBAAA=
95.211.229.245200 OK 20 B URL HTTP/1.1 syndication.realsrv.com/cimp.php?t=api&data=H4sIAAAAAAAAA3WQS2oDQQxEr5ILuNG/p72Otwk4+ADdM2O8MA74Aw7U4dMzgZBNVAs9hFQSEhLZsGyEXti2VrauKJwKJZPEbnh738MYl3p/XOv5NNfz/XT7fFzHOY3nRwMbkQ/wCCuBkok0YHmIIILTAB6clTM4RFSjwAgK6hJXs4USEXtWDITdYY/Dx2uvFcsOhkCJnuLUebkFQrDO9Fwsppi7N1uZo7Wx5BotppxrtXbsrEsjavr3evpRolBbl9GvNrymHoSV6u3rMgJ/Whb5OsT9D7YkNBuDm9WqxfpPpiNpUXWaZBb1I38DqN6X9HEBAAA=
IP 95.211.229.245:0
ASN #60781 LeaseWeb Netherlands B.V.
Hash a4745abc5e7fdb89cc6df3069f3c6e69
74789f7ddbebd5b7323f6f8174005b4bf8c1f1ed
d1111b245f685176180e6f1631e6dc49badf6672368e9ce260c71355165effdf
GET /cimp.php?t=api&data=H4sIAAAAAAAAA3WQS2oDQQxEr5ILuNG/p72Otwk4+ADdM2O8MA74Aw7U4dMzgZBNVAs9hFQSEhLZsGyEXti2VrauKJwKJZPEbnh738MYl3p/XOv5NNfz/XT7fFzHOY3nRwMbkQ/wCCuBkok0YHmIIILTAB6clTM4RFSjwAgK6hJXs4USEXtWDITdYY/Dx2uvFcsOhkCJnuLUebkFQrDO9Fwsppi7N1uZo7Wx5BotppxrtXbsrEsjavr3evpRolBbl9GvNrymHoSV6u3rMgJ/Whb5OsT9D7YkNBuDm9WqxfpPpiNpUXWaZBb1I38DqN6X9HEBAAA= HTTP/1.1
Host: syndication.realsrv.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://a.naturalhealthsource.club
Connection: keep-alive
Referer: https://a.naturalhealthsource.club/
Cookie: __uvt=a%3A1%3A%7Bi%3A0%3Bs%3A33%3A%2263a211e10295f8.601170993702158149%22%3B%7D; __upt=%7B%22v%22%3A1%2C%22id%22%3A%220%22%2C%22pcma%22%3A%22%22%2C%22acma%22%3A%22508.0199%22%7D
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Tue, 20 Dec 2022 19:49:53 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Origin: https://a.naturalhealthsource.club
Access-Control-Allow-Credentials: true
Set-Cookie: __upt=%7B%22v%22%3A1%2C%22id%22%3A%220%22%2C%22pcma%22%3A%22%22%2C%22acma%22%3A%22508.029701%22%7D; expires=Thu, 19 Dec 2024 19:49:53 GMT; path=/; domain=.realsrv.com; Secure; SameSite=none
X-Robots-Tag: noindex, follow
Content-Encoding: gzip
syndication.realsrv.com/cimp.php?t=api&data=H4sIAAAAAAAAA3VPSWoDMRD8Sj5g0bvUPsfXBBz8AFkzgw/GAS/gQD8+0gRCLuk6VNFU9UJAtEHaELygbMW3yuGYHJJQQpV4e9+HYFzq/XGt59Ncz/fT7fNxbXNq58cxUAC0hJqJW3gGYAvJxdR7F0pgUWTMgUbEbB4CwQEdpCwyVALAYS0Qu8M+Dh+vveeSNTAoGOBJCl2PW4IgpGt4jhG2TJBz1mrM4JU9N5hFaDI1X3gZxqjp3+vhB6m/gOsy+MUGV+oFsap6+7q0iD+WAV1DPSwyKCjPxyxwrO6t5qJLrtNkzQpTm9ri32xqRzVxAQAA
95.211.229.245200 OK 20 B URL HTTP/1.1 syndication.realsrv.com/cimp.php?t=api&data=H4sIAAAAAAAAA3VPSWoDMRD8Sj5g0bvUPsfXBBz8AFkzgw/GAS/gQD8+0gRCLuk6VNFU9UJAtEHaELygbMW3yuGYHJJQQpV4e9+HYFzq/XGt59Ncz/fT7fNxbXNq58cxUAC0hJqJW3gGYAvJxdR7F0pgUWTMgUbEbB4CwQEdpCwyVALAYS0Qu8M+Dh+vveeSNTAoGOBJCl2PW4IgpGt4jhG2TJBz1mrM4JU9N5hFaDI1X3gZxqjp3+vhB6m/gOsy+MUGV+oFsap6+7q0iD+WAV1DPSwyKCjPxyxwrO6t5qJLrtNkzQpTm9ri32xqRzVxAQAA
IP 95.211.229.245:0
ASN #60781 LeaseWeb Netherlands B.V.
Hash a4745abc5e7fdb89cc6df3069f3c6e69
74789f7ddbebd5b7323f6f8174005b4bf8c1f1ed
d1111b245f685176180e6f1631e6dc49badf6672368e9ce260c71355165effdf
GET /cimp.php?t=api&data=H4sIAAAAAAAAA3VPSWoDMRD8Sj5g0bvUPsfXBBz8AFkzgw/GAS/gQD8+0gRCLuk6VNFU9UJAtEHaELygbMW3yuGYHJJQQpV4e9+HYFzq/XGt59Ncz/fT7fNxbXNq58cxUAC0hJqJW3gGYAvJxdR7F0pgUWTMgUbEbB4CwQEdpCwyVALAYS0Qu8M+Dh+vveeSNTAoGOBJCl2PW4IgpGt4jhG2TJBz1mrM4JU9N5hFaDI1X3gZxqjp3+vhB6m/gOsy+MUGV+oFsap6+7q0iD+WAV1DPSwyKCjPxyxwrO6t5qJLrtNkzQpTm9ri32xqRzVxAQAA HTTP/1.1
Host: syndication.realsrv.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://a.naturalhealthsource.club
Connection: keep-alive
Referer: https://a.naturalhealthsource.club/
Cookie: __uvt=a%3A1%3A%7Bi%3A0%3Bs%3A32%3A%2263a211e10890f8.16065888794117534%22%3B%7D; __upt=%7B%22v%22%3A1%2C%22id%22%3A%220%22%2C%22pcma%22%3A%22%22%2C%22acma%22%3A%22508.0199%22%7D
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Tue, 20 Dec 2022 19:49:53 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Origin: https://a.naturalhealthsource.club
Access-Control-Allow-Credentials: true
Set-Cookie: __upt=%7B%22v%22%3A1%2C%22id%22%3A%220%22%2C%22pcma%22%3A%22%22%2C%22acma%22%3A%22508.029701%22%7D; expires=Thu, 19 Dec 2024 19:49:53 GMT; path=/; domain=.realsrv.com; Secure; SameSite=none
X-Robots-Tag: noindex, follow
Content-Encoding: gzip
a.naturalhealthsource.club/api/spots/312873?p=1&s1=%subid1%&kw=
135.181.208.216200 OK 3.4 kB URL HTTP/2 a.naturalhealthsource.club/api/spots/312873?p=1&s1=%subid1%&kw=
IP 135.181.208.216:0
ASN #24940 Hetzner Online GmbH
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- assembler source, ASCII text, with very long lines (712)
Hash 41eff842db081a5959d6ee0278e7c1d9
3b32385a786fb1d226ae3f61c824f7fad41ff950
a1dacac5226696d49d419be5db3a8dd7464bee4b21de430f452d751ec2f2739d
GET /api/spots/312873?p=1&s1=%subid1%&kw= HTTP/1.1
Host: a.naturalhealthsource.club
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Cookie: nauid=KKqVNswtrJnOI8zEHm35
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 20 Dec 2022 19:49:52 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
cache-control: private
content-encoding: gzip
X-Firefox-Spdy: h2
fonts.gstatic.com/s/ubuntu/v20/4iCs6KVjbNBYlgoKfw72.woff2
216.58.207.227200 OK 35 kB URL HTTP/2 fonts.gstatic.com/s/ubuntu/v20/4iCs6KVjbNBYlgoKfw72.woff2
IP 216.58.207.227:0
File type Web Open Font Format (Version 2), TrueType, length 34852, version 1.0\012- data
Hash 0e8eefb4549a2edf26c560cb9845952e
8d0b1718aacad934fd0043c87cbc54aa091396bf
7f653b3ce9d3277457fc6da4edb246ae2f6c913f088c42dcb8cd2e96267aa21a
GET /s/ubuntu/v20/4iCs6KVjbNBYlgoKfw72.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://ads.adxadserv.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 34852
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Fri, 16 Dec 2022 13:33:12 GMT
expires: Sat, 16 Dec 2023 13:33:12 GMT
cache-control: public, max-age=31536000
age: 368201
last-modified: Wed, 27 Apr 2022 16:31:23 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
syndication.realsrv.com/v1/api.php
95.211.229.245200 OK 2.8 kB URL HTTP/1.1 syndication.realsrv.com/v1/api.php
IP 95.211.229.245:0
ASN #60781 LeaseWeb Netherlands B.V.
File type JSON data\012- , ASCII text, with very long lines (3675), with no line terminators
Hash 8c114dbb91f204820d022f8ae757ad89
bbd7cd4265cf7b2ac75cbe979b583e0bacc2f9f3
19e7af996e3e1e09a5a1dd2845dac2648f1de38e40210300fc752455ff89d0f9
POST /v1/api.php HTTP/1.1
Host: syndication.realsrv.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 335
Origin: https://a.naturalhealthsource.club
Connection: keep-alive
Referer: https://a.naturalhealthsource.club/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Tue, 20 Dec 2022 19:49:53 GMT
Content-Type: application/json
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Origin: https://a.naturalhealthsource.club
Access-Control-Allow-Headers: Authorization, Content-Type
Access-Control-Request-Method: POST
Access-Control-Allow-Credentials: true
Set-Cookie: __uvt=a%3A1%3A%7Bi%3A0%3Bs%3A32%3A%2263a211e10b0555.76638992844992361%22%3B%7D; expires=Thu, 19-Dec-2024 19:49:53 GMT; Max-Age=63072000; path=/; domain=realsrv.com; secure; SameSite=None
X-Robots-Tag: noindex, follow
Content-Encoding: gzip
ads.trackingtraffo.com/creatives/k1qy286gxmd5g3dpr397nw5v/1659515047164-National%20Casino%20black.png
142.132.194.196200 OK 4.5 kB URL HTTP/1.1 ads.trackingtraffo.com/creatives/k1qy286gxmd5g3dpr397nw5v/1659515047164-National%20Casino%20black.png
IP 142.132.194.196:0
ASN #24940 Hetzner Online GmbH
File type PNG image data, 192 x 192, 8-bit/color RGBA, non-interlaced\012- data
Hash 58be17b22d6e1178a54c92cf862c817e
b821bc2f016751647df49e49863077e927a70322
9cc4f3f40313b08baf54c956685ac7a21ac8a3573908b9763865c6f613ce1b5f
GET /creatives/k1qy286gxmd5g3dpr397nw5v/1659515047164-National%20Casino%20black.png HTTP/1.1
Host: ads.trackingtraffo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.18.0 (Ubuntu)
Date: Tue, 20 Dec 2022 19:49:53 GMT
Content-Type: image/png
Content-Length: 4456
Last-Modified: Wed, 03 Aug 2022 08:24:07 GMT
Connection: keep-alive
ETag: "62ea30a7-1168"
Accept-Ranges: bytes
syndication.realsrv.com/cimp.php?t=api&data=H4sIAAAAAAAAA3VU2a6qSBT9lX66b3hqZDjJTUdFREVRQaYXU0yCMokgYvj4xnPTSb90rdS0smrvVdmpQgAhDiIOgb8g+SbSN8WDBCcSmBA0gZQMO/04EDgUrGlrliURy5rkUbZ1EE2CrPUHEQgS4gfK80TiB0kAAPMDEUSeSmSgQBwophCMgQQqSoCHaCBgwAMYgSgm5LMaE41xhsXp+NPhACeAUjigQQLghSgYqY+PQSQjBwfw+hxnvuhLcRQH1KehxDOIfSwCPqQMkghj9hEObPK/zsEfTKDAf4Kif4kR3J/t2MDwQ7BHXwTD8B/JB/RHhQdIyMdi0jTV99dXU7PgNvkZ0+IyznFcToIy//JZUUT1l9/W2d+sbZLfJH/jtvtV1WkQ/YYT+iv4nWQGp4Lp2+s3aVDHd59Gdlng6TnGxvE2T5M7vN2XaqDLwqXcR4zzrySwsmcU96qmYGY6GRLViNsqKtJ93+P2dhmw1ml4ZByl6d3snqdZp+m9V/OWmqRAw3Q9X6mcn+oAqnLrtrREFq67VStvIuOy2N5s4hp1b1YpOJoz66of+coxE2zVoQc9rcw35hmVB2NRFAmgm3rVR0fBDVYawa+u1uOtxxAK1Q06TRGpLq1V1s/rY/3uBEJUI2/Kt6pH87thEwy6vgfbKuFOlmts6SljLk2Lx+EVbQQ73L07x3Krsxto9sy9cbV371AAmzI2Fn7RysuVc4j5pfbq5Rlyi7NzeBsW06/PoHhuETiZW8EQ/e1TaNrzQTMdqI8uE1Ou3THvrgQdtlYLxX9Z+0bpq+VyuVoxwuZzvpmTUOEKsCXSZX4UDsmZv6da4uW61R/beo6Fxe4ipsRSOeRv5OVerxcHGNxQ5NlMvby0az3zNvz0ksmZLKsia+XVcyyRT1dzM6psX+8PD2u1xmpmG1ptT0GWpgfnkfp7plid1W+Ck/Ku9qY3m2nhMxf3stOZ4z03glCUTHEfdQgeWoz3WXde1tZ7fHvF4jVXrG1mhsJ1J+rLLNaFfMMtCtc94uysyLdkWibrntfeXXqg61LOCq46KdWm3tpNauc1lLfnp6wsG47t/MurwvdglcvL5IKWJ9nhcgda912h75OwSxqKD3eTiaHNogvnBa/16L+83HB8y56Vp/FexckzZ+82EfRXnCdHpDPG6obNjGXICvKHLvbzGB7m9/3i2ap3F1CpIX0ypXalFfulJ0hvXXagaYn0ddr4j9eVJGrePRUwO2udmjMTVuf24ed0epUMZdcuBvz5jMKI8VIUhYSwiGCeUSpIkRhLEYv+AbLc4B38BAAA
95.211.229.245200 OK 20 B URL HTTP/1.1 syndication.realsrv.com/cimp.php?t=api&data=H4sIAAAAAAAAA3VU2a6qSBT9lX66b3hqZDjJTUdFREVRQaYXU0yCMokgYvj4xnPTSb90rdS0smrvVdmpQgAhDiIOgb8g+SbSN8WDBCcSmBA0gZQMO/04EDgUrGlrliURy5rkUbZ1EE2CrPUHEQgS4gfK80TiB0kAAPMDEUSeSmSgQBwophCMgQQqSoCHaCBgwAMYgSgm5LMaE41xhsXp+NPhACeAUjigQQLghSgYqY+PQSQjBwfw+hxnvuhLcRQH1KehxDOIfSwCPqQMkghj9hEObPK/zsEfTKDAf4Kif4kR3J/t2MDwQ7BHXwTD8B/JB/RHhQdIyMdi0jTV99dXU7PgNvkZ0+IyznFcToIy//JZUUT1l9/W2d+sbZLfJH/jtvtV1WkQ/YYT+iv4nWQGp4Lp2+s3aVDHd59Gdlng6TnGxvE2T5M7vN2XaqDLwqXcR4zzrySwsmcU96qmYGY6GRLViNsqKtJ93+P2dhmw1ml4ZByl6d3snqdZp+m9V/OWmqRAw3Q9X6mcn+oAqnLrtrREFq67VStvIuOy2N5s4hp1b1YpOJoz66of+coxE2zVoQc9rcw35hmVB2NRFAmgm3rVR0fBDVYawa+u1uOtxxAK1Q06TRGpLq1V1s/rY/3uBEJUI2/Kt6pH87thEwy6vgfbKuFOlmts6SljLk2Lx+EVbQQ73L07x3Krsxto9sy9cbV371AAmzI2Fn7RysuVc4j5pfbq5Rlyi7NzeBsW06/PoHhuETiZW8EQ/e1TaNrzQTMdqI8uE1Ou3THvrgQdtlYLxX9Z+0bpq+VyuVoxwuZzvpmTUOEKsCXSZX4UDsmZv6da4uW61R/beo6Fxe4ipsRSOeRv5OVerxcHGNxQ5NlMvby0az3zNvz0ksmZLKsia+XVcyyRT1dzM6psX+8PD2u1xmpmG1ptT0GWpgfnkfp7plid1W+Ck/Ku9qY3m2nhMxf3stOZ4z03glCUTHEfdQgeWoz3WXde1tZ7fHvF4jVXrG1mhsJ1J+rLLNaFfMMtCtc94uysyLdkWibrntfeXXqg61LOCq46KdWm3tpNauc1lLfnp6wsG47t/MurwvdglcvL5IKWJ9nhcgda912h75OwSxqKD3eTiaHNogvnBa/16L+83HB8y56Vp/FexckzZ+82EfRXnCdHpDPG6obNjGXICvKHLvbzGB7m9/3i2ap3F1CpIX0ypXalFfulJ0hvXXagaYn0ddr4j9eVJGrePRUwO2udmjMTVuf24ed0epUMZdcuBvz5jMKI8VIUhYSwiGCeUSpIkRhLEYv+AbLc4B38BAAA
IP 95.211.229.245:0
ASN #60781 LeaseWeb Netherlands B.V.
Hash a4745abc5e7fdb89cc6df3069f3c6e69
74789f7ddbebd5b7323f6f8174005b4bf8c1f1ed
d1111b245f685176180e6f1631e6dc49badf6672368e9ce260c71355165effdf
GET /cimp.php?t=api&data=H4sIAAAAAAAAA3VU2a6qSBT9lX66b3hqZDjJTUdFREVRQaYXU0yCMokgYvj4xnPTSb90rdS0smrvVdmpQgAhDiIOgb8g+SbSN8WDBCcSmBA0gZQMO/04EDgUrGlrliURy5rkUbZ1EE2CrPUHEQgS4gfK80TiB0kAAPMDEUSeSmSgQBwophCMgQQqSoCHaCBgwAMYgSgm5LMaE41xhsXp+NPhACeAUjigQQLghSgYqY+PQSQjBwfw+hxnvuhLcRQH1KehxDOIfSwCPqQMkghj9hEObPK/zsEfTKDAf4Kif4kR3J/t2MDwQ7BHXwTD8B/JB/RHhQdIyMdi0jTV99dXU7PgNvkZ0+IyznFcToIy//JZUUT1l9/W2d+sbZLfJH/jtvtV1WkQ/YYT+iv4nWQGp4Lp2+s3aVDHd59Gdlng6TnGxvE2T5M7vN2XaqDLwqXcR4zzrySwsmcU96qmYGY6GRLViNsqKtJ93+P2dhmw1ml4ZByl6d3snqdZp+m9V/OWmqRAw3Q9X6mcn+oAqnLrtrREFq67VStvIuOy2N5s4hp1b1YpOJoz66of+coxE2zVoQc9rcw35hmVB2NRFAmgm3rVR0fBDVYawa+u1uOtxxAK1Q06TRGpLq1V1s/rY/3uBEJUI2/Kt6pH87thEwy6vgfbKuFOlmts6SljLk2Lx+EVbQQ73L07x3Krsxto9sy9cbV371AAmzI2Fn7RysuVc4j5pfbq5Rlyi7NzeBsW06/PoHhuETiZW8EQ/e1TaNrzQTMdqI8uE1Ou3THvrgQdtlYLxX9Z+0bpq+VyuVoxwuZzvpmTUOEKsCXSZX4UDsmZv6da4uW61R/beo6Fxe4ipsRSOeRv5OVerxcHGNxQ5NlMvby0az3zNvz0ksmZLKsia+XVcyyRT1dzM6psX+8PD2u1xmpmG1ptT0GWpgfnkfp7plid1W+Ck/Ku9qY3m2nhMxf3stOZ4z03glCUTHEfdQgeWoz3WXde1tZ7fHvF4jVXrG1mhsJ1J+rLLNaFfMMtCtc94uysyLdkWibrntfeXXqg61LOCq46KdWm3tpNauc1lLfnp6wsG47t/MurwvdglcvL5IKWJ9nhcgda912h75OwSxqKD3eTiaHNogvnBa/16L+83HB8y56Vp/FexckzZ+82EfRXnCdHpDPG6obNjGXICvKHLvbzGB7m9/3i2ap3F1CpIX0ypXalFfulJ0hvXXagaYn0ddr4j9eVJGrePRUwO2udmjMTVuf24ed0epUMZdcuBvz5jMKI8VIUhYSwiGCeUSpIkRhLEYv+AbLc4B38BAAA HTTP/1.1
Host: syndication.realsrv.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://a.naturalhealthsource.club
Connection: keep-alive
Referer: https://a.naturalhealthsource.club/
Cookie: __uvt=a%3A1%3A%7Bi%3A0%3Bs%3A32%3A%2263a211e10b0555.76638992844992361%22%3B%7D; __upt=%7B%22v%22%3A1%2C%22id%22%3A%220%22%2C%22pcma%22%3A%22%22%2C%22acma%22%3A%22508.029701%22%7D
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Tue, 20 Dec 2022 19:49:53 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Origin: https://a.naturalhealthsource.club
Access-Control-Allow-Credentials: true
Set-Cookie: __upt=%7B%22v%22%3A1%2C%22id%22%3A%220%22%2C%22pcma%22%3A%22%22%2C%22acma%22%3A%22508.03940399%22%7D; expires=Thu, 19 Dec 2024 19:49:53 GMT; path=/; domain=.realsrv.com; Secure; SameSite=none
X-Robots-Tag: noindex, follow
Content-Encoding: gzip
s3t3d2y8.afcdn.net/library/140058/2070e64c383c389e7bdb22362555c34d8bc3db44.mp4
185.76.9.17206 Partial Content 37 kB URL HTTP/2 s3t3d2y8.afcdn.net/library/140058/2070e64c383c389e7bdb22362555c34d8bc3db44.mp4
IP 185.76.9.17:0
ASN #60068 Datacamp Limited
File type ISO Media, MP4 Base Media v1 [ISO 14496-12:2003]\012- data
Hash 7d71e6c04758f1fa0f5a74af70428e9c
2070e64c383c389e7bdb22362555c34d8bc3db44
f306367574976dfe7536c9ed175986feda46562d359afae4594eddbdd7555c44
GET /library/140058/2070e64c383c389e7bdb22362555c34d8bc3db44.mp4 HTTP/1.1
Host: s3t3d2y8.afcdn.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: video/webm,video/ogg,video/*;q=0.9,application/ogg;q=0.7,audio/*;q=0.6,*/*;q=0.5
Accept-Language: en-US,en;q=0.5
Range: bytes=0-
Connection: keep-alive
Referer: https://a.naturalhealthsource.club/
Sec-Fetch-Dest: video
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 206 Partial Content
date: Tue, 20 Dec 2022 19:49:53 GMT
content-type: video/mp4
content-length: 37279
last-modified: Thu, 26 Mar 2020 19:07:11 GMT
etag: "5e7cfd5f-919f"
expires: Fri, 30 Jun 2023 13:55:15 GMT
cache-control: max-age=31536000
access-control-allow-origin: *
x-cache-op: HIT
x-accel-expires: @1688195417
server: CDN77-Turbo
x-robots-tag: noindex, follow
x-77-nzt: AblMCQ0yBgf/CHTjAA
x-77-nzt-ray: c0a4cc284b3a74e2e111a26304ccbd16
x-cache: HIT
x-age: 14906376
x-77-pop: stockholmSE
x-77-cache: HIT
content-range: bytes 0-37278/37279
X-Firefox-Spdy: h2
s3t3d2y8.afcdn.net/library/140058/2070e64c383c389e7bdb22362555c34d8bc3db44.mp4
185.76.9.17206 Partial Content 37 kB URL HTTP/2 s3t3d2y8.afcdn.net/library/140058/2070e64c383c389e7bdb22362555c34d8bc3db44.mp4
IP 185.76.9.17:0
ASN #60068 Datacamp Limited
File type ISO Media, MP4 Base Media v1 [ISO 14496-12:2003]\012- data
Hash 7d71e6c04758f1fa0f5a74af70428e9c
2070e64c383c389e7bdb22362555c34d8bc3db44
f306367574976dfe7536c9ed175986feda46562d359afae4594eddbdd7555c44
GET /library/140058/2070e64c383c389e7bdb22362555c34d8bc3db44.mp4 HTTP/1.1
Host: s3t3d2y8.afcdn.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: video/webm,video/ogg,video/*;q=0.9,application/ogg;q=0.7,audio/*;q=0.6,*/*;q=0.5
Accept-Language: en-US,en;q=0.5
Range: bytes=0-
Connection: keep-alive
Referer: https://a.naturalhealthsource.club/
Sec-Fetch-Dest: video
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 206 Partial Content
date: Tue, 20 Dec 2022 19:49:53 GMT
content-type: video/mp4
content-length: 37279
last-modified: Thu, 26 Mar 2020 19:07:11 GMT
etag: "5e7cfd5f-919f"
expires: Fri, 30 Jun 2023 13:55:15 GMT
cache-control: max-age=31536000
access-control-allow-origin: *
x-cache-op: HIT
x-accel-expires: @1688195417
server: CDN77-Turbo
x-robots-tag: noindex, follow
x-77-nzt: AblMCQ1DY9z/CHTjAA
x-77-nzt-ray: c0a4cc284b3a74e2e111a263b867e416
x-cache: HIT
x-age: 14906376
x-77-pop: stockholmSE
x-77-cache: HIT
content-range: bytes 0-37278/37279
X-Firefox-Spdy: h2
s3t3d2y8.afcdn.net/library/140058/2070e64c383c389e7bdb22362555c34d8bc3db44.mp4
185.76.9.17206 Partial Content 37 kB URL HTTP/2 s3t3d2y8.afcdn.net/library/140058/2070e64c383c389e7bdb22362555c34d8bc3db44.mp4
IP 185.76.9.17:0
ASN #60068 Datacamp Limited
File type ISO Media, MP4 Base Media v1 [ISO 14496-12:2003]\012- data
Hash 7d71e6c04758f1fa0f5a74af70428e9c
2070e64c383c389e7bdb22362555c34d8bc3db44
f306367574976dfe7536c9ed175986feda46562d359afae4594eddbdd7555c44
GET /library/140058/2070e64c383c389e7bdb22362555c34d8bc3db44.mp4 HTTP/1.1
Host: s3t3d2y8.afcdn.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: video/webm,video/ogg,video/*;q=0.9,application/ogg;q=0.7,audio/*;q=0.6,*/*;q=0.5
Accept-Language: en-US,en;q=0.5
Range: bytes=0-
Connection: keep-alive
Referer: https://a.naturalhealthsource.club/
Sec-Fetch-Dest: video
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 206 Partial Content
date: Tue, 20 Dec 2022 19:49:53 GMT
content-type: video/mp4
content-length: 37279
last-modified: Thu, 26 Mar 2020 19:07:11 GMT
etag: "5e7cfd5f-919f"
expires: Fri, 30 Jun 2023 13:55:15 GMT
cache-control: max-age=31536000
access-control-allow-origin: *
x-cache-op: HIT
x-accel-expires: @1688195417
server: CDN77-Turbo
x-robots-tag: noindex, follow
x-77-nzt: AblMCQ1lbtH/CHTjAA
x-77-nzt-ray: c0a4cc284b3a74e2e111a26376d5f716
x-cache: HIT
x-age: 14906376
x-77-pop: stockholmSE
x-77-cache: HIT
content-range: bytes 0-37278/37279
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 280 B IP 93.184.220.29:0
Hash 3e13c8b97ac4f904f28d1c62bc7f0d3f
5c641941e14ff461aab9040a63f11634140dcaf7
6efefc52959ba0bee829e3e24afa2f21fd9245020d6429f499d5dde8dce2d0db
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6378
Cache-Control: max-age=125121
Content-Type: application/ocsp-response
Date: Tue, 20 Dec 2022 19:49:53 GMT
Etag: "63a13eb8-118"
Expires: Thu, 22 Dec 2022 06:35:14 GMT
Last-Modified: Tue, 20 Dec 2022 04:48:56 GMT
Server: ECS (ska/F714)
X-Cache: HIT
Content-Length: 280
syndication.realsrv.com/splash.php?idzone=4867726&cookieconsent=true
95.211.229.245200 OK 2.7 kB URL HTTP/1.1 syndication.realsrv.com/splash.php?idzone=4867726&cookieconsent=true
IP 95.211.229.245:0
ASN #60781 LeaseWeb Netherlands B.V.
File type XML 1.0 document text\012- XML document, ASCII text, with very long lines (1558)
Hash b36b5e308200daa80cccaf6c8d3c4668
bf068223d376785c03c36f34ce4a7cabe315d964
e81718d6207fc940d33214985fe0dd24f71d1415bf12133b9b3de0bef8e9aef9
GET /splash.php?idzone=4867726&cookieconsent=true HTTP/1.1
Host: syndication.realsrv.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://media.aso1.net
Connection: keep-alive
Referer: https://media.aso1.net/
Cookie: __uvt=a%3A1%3A%7Bi%3A0%3Bs%3A32%3A%2263a211e10b0555.76638992844992361%22%3B%7D; __upt=%7B%22v%22%3A1%2C%22id%22%3A%220%22%2C%22pcma%22%3A%22%22%2C%22acma%22%3A%22508.029701%22%7D
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Tue, 20 Dec 2022 19:49:53 GMT
Content-Type: text/xml;charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: __uvt=a%3A1%3A%7Bi%3A0%3Bs%3A32%3A%2263a211e10b0555.76638992844992361%22%3B%7D; expires=Thu, 19 Dec 2024 19:49:53 GMT; path=; domain=.realsrv.com; Secure; SameSite=none
c-tag=%7B%22tag-video%22%3A%22v3%7C%7CNOR%7C4867726%7C77223010%7C0%7C%7C508%7C41%7C3%7C40%7C0%7C0%7C0%7C25344%7C0%7C0%7C0%7C1%7C0%7C0%7C0%7C0%7C1%7C0%7C0%7C1%7C63a211e10b0555.76638992844992361%7C%7C0%7Cmedia.aso1.net%7C%7C%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7Cok%22%7D; expires=Wed, 21 Dec 2022 19:49:53 GMT; path=/; domain=.realsrv.com; Secure; SameSite=none
Cache-Control: no-store
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: https://media.aso1.net
Access-Control-Allow-Credentials: true
X-Robots-Tag: noindex, follow
Content-Encoding: gzip
e1.o.lencr.org/
23.36.77.32200 OK 346 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash db5c7ab8770e7b801e901610e60ec04a
71dc368704d7f1ac07f9b0c4309953eb6d14f6d4
5d42b2c5f83a819c3bc546e04741075c1bd2aaaee22492a583ff4a971a41a8a8
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 346
ETag: "5D42B2C5F83A819C3BC546E04741075C1BD2AAAEE22492A583FF4A971A41A8A8"
Last-Modified: Mon, 19 Dec 2022 06:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4531
Expires: Tue, 20 Dec 2022 21:05:24 GMT
Date: Tue, 20 Dec 2022 19:49:53 GMT
Connection: keep-alive
track.trackingtraffo.com/banner/imp?auth=4mz3uw&price=${AUCTION_PRICE}&c=bLAHnO41kiGuEQZ30NtbaoC1rQtghU-jJ7-IvuB1m_mJi5SmE9GxzXAMQgseBGo2WM6lXEBRucm9uC8xOTWV4smi0eGz1zqXku53XCy3EzDtSwXgBw2du_08OKa_O0uCyS645t8UVQP-c7uwV4i5PNxaa0WaKkgI2lKV218ZvPv4nObMTUNlCyl1bZt19qKHjb2YVtbqbzM9Wxo9d3t2TKFB0dXEtKem-J2_WdJA5ewB2c6MLe-yEn9znAZCXHb8T7-3sqkNxsvn2gkkSy6U4_dYMiXMoOL3daK8h5mDc8uMIfcfwwlGYpBAd2d1tMIF9mAJ_3APxUwAnO9vEGGFC47-rj0UFubIvFWY45vme1_De9dicA90M1PtSYLoWAstalfk95WmCT0bLQLzR-CY5JkThbiFzqRc4Dw-yn0hxBQV-0quj0Rn4-I-PBw0Gmktq0J5wmWqnWAVUUiJhNvIa8RA67_6qcd2IGKTqoxq1cjk-Q7kZmZIKNzleWd9chuIDvpbbXa1Dn9NgbbY
88.214.195.156302 Found 0 B URL HTTP/1.1 track.trackingtraffo.com/banner/imp?auth=4mz3uw&price=${AUCTION_PRICE}&c=bLAHnO41kiGuEQZ30NtbaoC1rQtghU-jJ7-IvuB1m_mJi5SmE9GxzXAMQgseBGo2WM6lXEBRucm9uC8xOTWV4smi0eGz1zqXku53XCy3EzDtSwXgBw2du_08OKa_O0uCyS645t8UVQP-c7uwV4i5PNxaa0WaKkgI2lKV218ZvPv4nObMTUNlCyl1bZt19qKHjb2YVtbqbzM9Wxo9d3t2TKFB0dXEtKem-J2_WdJA5ewB2c6MLe-yEn9znAZCXHb8T7-3sqkNxsvn2gkkSy6U4_dYMiXMoOL3daK8h5mDc8uMIfcfwwlGYpBAd2d1tMIF9mAJ_3APxUwAnO9vEGGFC47-rj0UFubIvFWY45vme1_De9dicA90M1PtSYLoWAstalfk95WmCT0bLQLzR-CY5JkThbiFzqRc4Dw-yn0hxBQV-0quj0Rn4-I-PBw0Gmktq0J5wmWqnWAVUUiJhNvIa8RA67_6qcd2IGKTqoxq1cjk-Q7kZmZIKNzleWd9chuIDvpbbXa1Dn9NgbbY
IP 88.214.195.156:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /banner/imp?auth=4mz3uw&price=${AUCTION_PRICE}&c=bLAHnO41kiGuEQZ30NtbaoC1rQtghU-jJ7-IvuB1m_mJi5SmE9GxzXAMQgseBGo2WM6lXEBRucm9uC8xOTWV4smi0eGz1zqXku53XCy3EzDtSwXgBw2du_08OKa_O0uCyS645t8UVQP-c7uwV4i5PNxaa0WaKkgI2lKV218ZvPv4nObMTUNlCyl1bZt19qKHjb2YVtbqbzM9Wxo9d3t2TKFB0dXEtKem-J2_WdJA5ewB2c6MLe-yEn9znAZCXHb8T7-3sqkNxsvn2gkkSy6U4_dYMiXMoOL3daK8h5mDc8uMIfcfwwlGYpBAd2d1tMIF9mAJ_3APxUwAnO9vEGGFC47-rj0UFubIvFWY45vme1_De9dicA90M1PtSYLoWAstalfk95WmCT0bLQLzR-CY5JkThbiFzqRc4Dw-yn0hxBQV-0quj0Rn4-I-PBw0Gmktq0J5wmWqnWAVUUiJhNvIa8RA67_6qcd2IGKTqoxq1cjk-Q7kZmZIKNzleWd9chuIDvpbbXa1Dn9NgbbY HTTP/1.1
Host: track.trackingtraffo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://a.naturalhealthsource.club/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 302 Found
Server: nginx/1.18.0 (Ubuntu)
Date: Tue, 20 Dec 2022 19:49:53 GMT
Content-Length: 0
Connection: keep-alive
Cache-Control: no-cache, max-age=0, must-revalidate, proxy-revalidate, no-store
Pragma: no-cache
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Location: https://ads.trackingtraffo.com/creatives/k1qy286gxmd5g3dpr397nw5v/1655201260063-ftd_320x50.jpg
ocsp.digicert.com/
93.184.220.29200 OK 280 B IP 93.184.220.29:0
Hash 3e13c8b97ac4f904f28d1c62bc7f0d3f
5c641941e14ff461aab9040a63f11634140dcaf7
6efefc52959ba0bee829e3e24afa2f21fd9245020d6429f499d5dde8dce2d0db
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6378
Cache-Control: max-age=125121
Content-Type: application/ocsp-response
Date: Tue, 20 Dec 2022 19:49:53 GMT
Etag: "63a13eb8-118"
Expires: Thu, 22 Dec 2022 06:35:14 GMT
Last-Modified: Tue, 20 Dec 2022 04:48:56 GMT
Server: ECS (ska/F714)
X-Cache: HIT
Content-Length: 280
ads.trackingtraffo.com/creatives/k1qy286gxmd5g3dpr397nw5v/1655201177745-ftd_300x100.jpg
142.132.194.196200 OK 18 kB URL HTTP/1.1 ads.trackingtraffo.com/creatives/k1qy286gxmd5g3dpr397nw5v/1655201177745-ftd_300x100.jpg
IP 142.132.194.196:0
ASN #24940 Hetzner Online GmbH
File type JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 300x100, components 3\012- data
Hash 11b374b3e870bc38d97ca7ab176345a3
de0e6f64fff8dfd37f476ca7cbb610b85cf9d65b
49ac04ca7b8da620cee66543b3c411ca1beb969ab534ce3d08607a04baebdecd
GET /creatives/k1qy286gxmd5g3dpr397nw5v/1655201177745-ftd_300x100.jpg HTTP/1.1
Host: ads.trackingtraffo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://a.naturalhealthsource.club/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.18.0 (Ubuntu)
Date: Tue, 20 Dec 2022 19:49:53 GMT
Content-Type: image/jpeg
Content-Length: 17581
Last-Modified: Wed, 15 Jun 2022 16:53:45 GMT
Connection: keep-alive
ETag: "62aa0e99-44ad"
Accept-Ranges: bytes
parrecleftne.xyz/floater?cs=S0VNVjd9dnpiAH91fmIFenF4YgE&abt=0&red=1&sm=83&k=loverachelle2%20solo%20butt%20girl%20full%20xfantazy%20nasty%20stinky%20super%20when%20they%20even%20your%20their%20stink%20shit&v=0.8.15.0&sts=0&prn=1&emb=0&tid=971975&rxy=1280_1024&u=1162558465036030&agec=1671565792&fs=1&t=600&m=1&ns=1&ndp=1&asi=1&mbkb=109.05125408942203&ref=https%3A%2F%2Fxfantazy.com%2Fvideo%2F62b0468413dbbc05e42a40cf&jst=4&enr=0&lcua=mozilla%2F5.0%20(windows%20nt%2010.0%3B%20win64%3B%20x64%3B%20rv%3A105.0)%20gecko%2F20100101%20firefox%2F105.0&tzd=0&uloc=&if=0&aa=oi3_&_nPFN=1671565800479&crc=1
108.157.214.119200 OK 3.2 kB URL HTTP/2 parrecleftne.xyz/floater?cs=S0VNVjd9dnpiAH91fmIFenF4YgE&abt=0&red=1&sm=83&k=loverachelle2%20solo%20butt%20girl%20full%20xfantazy%20nasty%20stinky%20super%20when%20they%20even%20your%20their%20stink%20shit&v=0.8.15.0&sts=0&prn=1&emb=0&tid=971975&rxy=1280_1024&u=1162558465036030&agec=1671565792&fs=1&t=600&m=1&ns=1&ndp=1&asi=1&mbkb=109.05125408942203&ref=https%3A%2F%2Fxfantazy.com%2Fvideo%2F62b0468413dbbc05e42a40cf&jst=4&enr=0&lcua=mozilla%2F5.0%20(windows%20nt%2010.0%3B%20win64%3B%20x64%3B%20rv%3A105.0)%20gecko%2F20100101%20firefox%2F105.0&tzd=0&uloc=&if=0&aa=oi3_&_nPFN=1671565800479&crc=1
IP 108.157.214.119:0
File type ASCII text, with very long lines (4727), with no line terminators
Hash 82258084c38b7dd8aadaf22676612693
cca91dd30ee89141143a84887b03246ca40fb7aa
b05cc84de6dea57104fc11fde2b748abd75f657b2a92401ccbc79553b8d3339c
GET /floater?cs=S0VNVjd9dnpiAH91fmIFenF4YgE&abt=0&red=1&sm=83&k=loverachelle2%20solo%20butt%20girl%20full%20xfantazy%20nasty%20stinky%20super%20when%20they%20even%20your%20their%20stink%20shit&v=0.8.15.0&sts=0&prn=1&emb=0&tid=971975&rxy=1280_1024&u=1162558465036030&agec=1671565792&fs=1&t=600&m=1&ns=1&ndp=1&asi=1&mbkb=109.05125408942203&ref=https%3A%2F%2Fxfantazy.com%2Fvideo%2F62b0468413dbbc05e42a40cf&jst=4&enr=0&lcua=mozilla%2F5.0%20(windows%20nt%2010.0%3B%20win64%3B%20x64%3B%20rv%3A105.0)%20gecko%2F20100101%20firefox%2F105.0&tzd=0&uloc=&if=0&aa=oi3_&_nPFN=1671565800479&crc=1 HTTP/1.1
Host: parrecleftne.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://xfantazy.com
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: text/plain
content-length: 3219
date: Tue, 20 Dec 2022 19:49:53 GMT
server: openresty/1.17.8.2
access-control-allow-credentials: true
access-control-allow-origin: https://xfantazy.com
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
set-cookie: csu=f90e2ac9-a125-4c9a-b2e0-b267ee3ceb29
csu=1162558465036030
content-encoding: gzip
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
x-cache: Miss from cloudfront
via: 1.1 0078c2805bf98a4574ea5eee972aa9f6.cloudfront.net (CloudFront)
x-amz-cf-pop: ARN56-P1
x-amz-cf-id: pp-Tr7mT9grrmcCMJsgbQMrFHuBFDTopr8p90u9dutnblRv0ekYfrg==
X-Firefox-Spdy: h2
adxadserv.com/ascripts/pxl.js
185.98.53.29200 OK 78 kB URL HTTP/1.1 adxadserv.com/ascripts/pxl.js
IP 185.98.53.29:0
ASN #39572 DataWeb Global Group B.V.
File type Unicode text, UTF-8 text, with very long lines (36114)
Hash 8348b78d100940ba1808a8e9b93f2e94
c2aa612dc3256c9f235dcfc6e330d0ecaf957768
9c983adf86ebc949957bdf55d524dfa278a79bea8d13f2efa9512c6dd37b86f5
GET /ascripts/pxl.js HTTP/1.1
Host: adxadserv.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ads.adxadserv.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
HTTP/1.1 200 OK
Server: nginx/1.20.1
Date: Tue, 20 Dec 2022 19:49:53 GMT
Content-Type: application/javascript
Content-Length: 77806
Connection: keep-alive
Last-Modified: Fri, 25 Sep 2020 09:55:25 GMT
ETag: "5f6dbe8d-12fee"
Expires: Sun, 27 Nov 2022 08:33:17 GMT
Cache-Control: max-age=86400, public
X-77-NZT: AblMCgotJzX/eE4AAA
X-77-NZT-Ray: 2109d110219d24bde111a263652cb91c
X-Cache: HIT
X-Age: 20088
X-77-POP: amsterdamNL
X-77-Cache: HIT
Accept-Ranges: bytes
a.medfoodsafety.com/i?tid=cadf0980-e91d-4f59-9188-5afb99bab86d&cf=afgaefegic
172.64.205.2200 OK 60 B URL HTTP/2 a.medfoodsafety.com/i?tid=cadf0980-e91d-4f59-9188-5afb99bab86d&cf=afgaefegic
IP 172.64.205.2:0
File type ASCII text, with no line terminators
Hash cea81d6017b53c6c7bd076407db21a0a
063acf4f87ec5b0c7f9631779c264ee045945c52
1665c0045c0d9a05857431f46362283793d0b844d9e157692079bcbc69ff6154
GET /i?tid=cadf0980-e91d-4f59-9188-5afb99bab86d&cf=afgaefegic HTTP/1.1
Host: a.medfoodsafety.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://a.medfoodsafety.com/loader?a=4788752&v=2&t=30&s=4776911&p=8575&if=true
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Tue, 20 Dec 2022 19:49:53 GMT
content-type: image/gif
content-length: 60
cache-control: no-cache, no-store, must-revalidate
expires: Sat, 26 Jul 1997 05:00:00 GMT
last-modified: Sun, 17 May 1998 03:00:00 GMT
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=TPtXBYEc%2BKOyGAuPo1iMQ4sRp2Xco3A0o92rzVkAYdYqr%2FZRnftxYXr5%2BBIzlVEd%2FQDs2eSpZ65QbmsYWb6I35IN8%2FbYISjDMi2yUCxnFoY8CgWYBBhrgF5X80ADBB0PpXCNdDXa"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 77cae7610a5a71e7-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ads.trackingtraffo.com/creatives/k1qy286gxmd5g3dpr397nw5v/1655201260063-ftd_320x50.jpg
142.132.194.196200 OK 9.4 kB URL HTTP/1.1 ads.trackingtraffo.com/creatives/k1qy286gxmd5g3dpr397nw5v/1655201260063-ftd_320x50.jpg
IP 142.132.194.196:0
ASN #24940 Hetzner Online GmbH
File type JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 320x50, components 3\012- data
Hash 57d45aec56112840e21da34335e8dd21
67219adda61e8500f61a1cdd0f189283ec0f9677
4386f8070aca49757b6ee35f418a00c27ef085a01c0fc5b264b9f3e4af168d38
GET /creatives/k1qy286gxmd5g3dpr397nw5v/1655201260063-ftd_320x50.jpg HTTP/1.1
Host: ads.trackingtraffo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://a.naturalhealthsource.club/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.18.0 (Ubuntu)
Date: Tue, 20 Dec 2022 19:49:53 GMT
Content-Type: image/jpeg
Content-Length: 9427
Last-Modified: Wed, 15 Jun 2022 16:53:45 GMT
Connection: keep-alive
ETag: "62aa0e99-24d3"
Accept-Ranges: bytes
track.trackingtraffo.com/banner/imp?auth=dxxpue&price=1.000000&c=avvVBVKS3nvMk57plni34y64_DPuTTPsltBUg7vGIgM4QZHWbLuMinyXZScquN2QzQ3QSIRzuCWsCPdtJypaUxDFYEkUE0Pjp9RqV1vGYpdI5-JQYucMt5L1C6myHHMypoWwwHdKmCLQzhJacXoCWp0FLJASQH1DKc7dIfb3215jtgSWlhqUn4vYlCXR5r1wA2xtHSm_fvxGRwxZVDV00VOSCHfeUfRqeQerIekZPPX-4VRwuxewbM4ojCJPJeAG2FO-Hc62rhOeydK2WRoAEM-24zku3dc-ApYgl9fk91ZN4O_Mu3OLgn3kF4bp5BD5mUnveuh0aY2BviYZUMAEu3mkh4mvfWl9o_DBDdKDwY4hQ2RTr6iJtINkAQCApKfOgRwRELgIO9gxXxnuX2evbg
88.214.195.156200 OK 70 B URL HTTP/1.1 track.trackingtraffo.com/banner/imp?auth=dxxpue&price=1.000000&c=avvVBVKS3nvMk57plni34y64_DPuTTPsltBUg7vGIgM4QZHWbLuMinyXZScquN2QzQ3QSIRzuCWsCPdtJypaUxDFYEkUE0Pjp9RqV1vGYpdI5-JQYucMt5L1C6myHHMypoWwwHdKmCLQzhJacXoCWp0FLJASQH1DKc7dIfb3215jtgSWlhqUn4vYlCXR5r1wA2xtHSm_fvxGRwxZVDV00VOSCHfeUfRqeQerIekZPPX-4VRwuxewbM4ojCJPJeAG2FO-Hc62rhOeydK2WRoAEM-24zku3dc-ApYgl9fk91ZN4O_Mu3OLgn3kF4bp5BD5mUnveuh0aY2BviYZUMAEu3mkh4mvfWl9o_DBDdKDwY4hQ2RTr6iJtINkAQCApKfOgRwRELgIO9gxXxnuX2evbg
IP 88.214.195.156:0
File type PNG image data, 1 x 1, 8-bit/color RGBA, non-interlaced\012- data
Hash b357a19c87624c7c4d131aeeb4ae677f
c7a9c45fd419815a5ab1998503a9f03514c0e229
497790947d4666760ce38f3c00e852c71fdb66cae849bae8e9ede352719e1581
GET /banner/imp?auth=dxxpue&price=1.000000&c=avvVBVKS3nvMk57plni34y64_DPuTTPsltBUg7vGIgM4QZHWbLuMinyXZScquN2QzQ3QSIRzuCWsCPdtJypaUxDFYEkUE0Pjp9RqV1vGYpdI5-JQYucMt5L1C6myHHMypoWwwHdKmCLQzhJacXoCWp0FLJASQH1DKc7dIfb3215jtgSWlhqUn4vYlCXR5r1wA2xtHSm_fvxGRwxZVDV00VOSCHfeUfRqeQerIekZPPX-4VRwuxewbM4ojCJPJeAG2FO-Hc62rhOeydK2WRoAEM-24zku3dc-ApYgl9fk91ZN4O_Mu3OLgn3kF4bp5BD5mUnveuh0aY2BviYZUMAEu3mkh4mvfWl9o_DBDdKDwY4hQ2RTr6iJtINkAQCApKfOgRwRELgIO9gxXxnuX2evbg HTTP/1.1
Host: track.trackingtraffo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://a.naturalhealthsource.club/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.18.0 (Ubuntu)
Date: Tue, 20 Dec 2022 19:49:53 GMT
Content-Type: image/png
Content-Length: 70
Connection: keep-alive
Cache-Control: no-cache, max-age=0, must-revalidate, proxy-revalidate, no-store
Pragma: no-cache
Expires: Sat, 01 Jan 2000 00:00:00 GMT
syndication.realsrv.com/v1/api.php
95.211.229.245200 OK 2.5 kB URL HTTP/1.1 syndication.realsrv.com/v1/api.php
IP 95.211.229.245:0
ASN #60781 LeaseWeb Netherlands B.V.
File type JSON data\012- , ASCII text, with very long lines (5484), with no line terminators
Hash 2637b2aa1f4c2016d3c4a4a3d6f0527a
b6835dacd18fefff5a3381da1e56cf758e27cfd0
e89ed97621f01e79badf007f2cf04c1d52219be6a13315e6f0081146d9391900
POST /v1/api.php HTTP/1.1
Host: syndication.realsrv.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 284
Origin: https://media.aso1.net
Connection: keep-alive
Referer: https://media.aso1.net/
Cookie: __uvt=a%3A1%3A%7Bi%3A0%3Bs%3A32%3A%2263a211e10b0555.76638992844992361%22%3B%7D; __upt=%7B%22v%22%3A1%2C%22id%22%3A%220%22%2C%22pcma%22%3A%22%22%2C%22acma%22%3A%22508.03940399%22%7D
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Tue, 20 Dec 2022 19:49:53 GMT
Content-Type: application/json
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Origin: https://media.aso1.net
Access-Control-Allow-Headers: Authorization, Content-Type
Access-Control-Request-Method: POST
Access-Control-Allow-Credentials: true
X-Robots-Tag: noindex, follow
Content-Encoding: gzip
s3t3d2y8.afcdn.net/library/676799/5d2478ad32323b9e7f249a98729721f69b06b2ed.jpg
185.76.9.17200 OK 20 kB URL HTTP/2 s3t3d2y8.afcdn.net/library/676799/5d2478ad32323b9e7f249a98729721f69b06b2ed.jpg
IP 185.76.9.17:0
ASN #60068 Datacamp Limited
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 90", baseline, precision 8, 300x300, components 3\012- data
Hash 895906d769dc2c9e6d3158bb380724d7
5d2478ad32323b9e7f249a98729721f69b06b2ed
cb4ba11b8371cbad8c6c5d029fe70a28199340b9d3809c47a2333edf6b6255c6
GET /library/676799/5d2478ad32323b9e7f249a98729721f69b06b2ed.jpg HTTP/1.1
Host: s3t3d2y8.afcdn.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://media.aso1.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Tue, 20 Dec 2022 19:49:53 GMT
content-type: image/jpeg
content-length: 19814
last-modified: Tue, 13 Apr 2021 14:34:08 GMT
etag: "6075abe0-4d66"
expires: Fri, 30 Jun 2023 11:53:38 GMT
cache-control: max-age=31536000
access-control-allow-origin: *
x-cache-op: HIT
x-accel-expires: @1688195253
server: CDN77-Turbo
x-robots-tag: noindex, follow
x-77-nzt: AblMCQ2bEzj/rHTjAA
x-77-nzt-ray: c0a4cc284b3a74e2e111a263b08cd025
x-cache: HIT
x-age: 14906540
x-77-pop: stockholmSE
x-77-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
syndication.realsrv.com/cimp.php?t=api&data=H4sIAAAAAAAAAz1PS2oDMQy9Si8QI8n6OeuuW2jpATwTm2aRBDJZtKDD155A/ZD0sH5PBEQHpAPBC/KRy1FyFEwFElNC4Xh7/wjG+G7XRz1v7Z7W2yXU1EoJMwTCKMKYPdjVjDgEfBiZuodhcS0zCZEDBkgy82QJAFmQwyS+Pl93wwGCGH6unZQHhx8IzZUQG8ICIpJMNXsp5MzDZ8WwpffKitwWR4e1oimpdgVu1rrPOXFpp3NNdbthurbH+BDSDIEAOkUlJC1Twq70iQPuYTyIndXt97pG/Bc8rwnZuyiQx6kY0U4rdgPHVTq3kzRz85xz4yq05P4H2no+a3kBAAA=
95.211.229.245200 OK 20 B URL HTTP/1.1 syndication.realsrv.com/cimp.php?t=api&data=H4sIAAAAAAAAAz1PS2oDMQy9Si8QI8n6OeuuW2jpATwTm2aRBDJZtKDD155A/ZD0sH5PBEQHpAPBC/KRy1FyFEwFElNC4Xh7/wjG+G7XRz1v7Z7W2yXU1EoJMwTCKMKYPdjVjDgEfBiZuodhcS0zCZEDBkgy82QJAFmQwyS+Pl93wwGCGH6unZQHhx8IzZUQG8ICIpJMNXsp5MzDZ8WwpffKitwWR4e1oimpdgVu1rrPOXFpp3NNdbthurbH+BDSDIEAOkUlJC1Twq70iQPuYTyIndXt97pG/Bc8rwnZuyiQx6kY0U4rdgPHVTq3kzRz85xz4yq05P4H2no+a3kBAAA=
IP 95.211.229.245:0
ASN #60781 LeaseWeb Netherlands B.V.
Hash a4745abc5e7fdb89cc6df3069f3c6e69
74789f7ddbebd5b7323f6f8174005b4bf8c1f1ed
d1111b245f685176180e6f1631e6dc49badf6672368e9ce260c71355165effdf
GET /cimp.php?t=api&data=H4sIAAAAAAAAAz1PS2oDMQy9Si8QI8n6OeuuW2jpATwTm2aRBDJZtKDD155A/ZD0sH5PBEQHpAPBC/KRy1FyFEwFElNC4Xh7/wjG+G7XRz1v7Z7W2yXU1EoJMwTCKMKYPdjVjDgEfBiZuodhcS0zCZEDBkgy82QJAFmQwyS+Pl93wwGCGH6unZQHhx8IzZUQG8ICIpJMNXsp5MzDZ8WwpffKitwWR4e1oimpdgVu1rrPOXFpp3NNdbthurbH+BDSDIEAOkUlJC1Twq70iQPuYTyIndXt97pG/Bc8rwnZuyiQx6kY0U4rdgPHVTq3kzRz85xz4yq05P4H2no+a3kBAAA= HTTP/1.1
Host: syndication.realsrv.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://media.aso1.net
Connection: keep-alive
Referer: https://media.aso1.net/
Cookie: __uvt=a%3A1%3A%7Bi%3A0%3Bs%3A32%3A%2263a211e10b0555.76638992844992361%22%3B%7D; __upt=%7B%22v%22%3A1%2C%22id%22%3A%220%22%2C%22pcma%22%3A%22%22%2C%22acma%22%3A%22508.03940399%22%7D; c-tag=%7B%22tag-video%22%3A%22v3%7C%7CNOR%7C4867726%7C77223010%7C0%7C%7C508%7C41%7C3%7C40%7C0%7C0%7C0%7C25344%7C0%7C0%7C0%7C1%7C0%7C0%7C0%7C0%7C1%7C0%7C0%7C1%7C63a211e10b0555.76638992844992361%7C%7C0%7Cmedia.aso1.net%7C%7C%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7Cok%22%7D
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Tue, 20 Dec 2022 19:49:53 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Origin: https://media.aso1.net
Access-Control-Allow-Credentials: true
Set-Cookie: __upt=%7B%22v%22%3A1%2C%22id%22%3A%2263a211e10b0555.76638992844992361%22%2C%22pcma%22%3A%22%22%2C%22acma%22%3A%22508.0490099501%22%7D; expires=Thu, 19 Dec 2024 19:49:53 GMT; path=/; domain=.realsrv.com; Secure; SameSite=none
X-Robots-Tag: noindex, follow
Content-Encoding: gzip
ocsp.sectigo.com/
104.18.32.68200 OK 472 B IP 104.18.32.68:0
Hash 25b7e83103502e009c80045dc2e62928
e0e8e7c1083c12a4b45fec60a4ab2f2c099eb299
12c8526ca74aa36552414194fc590a51a21a0e6fbfc25a908e9f08188687d795
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Tue, 20 Dec 2022 19:49:53 GMT
Content-Type: application/ocsp-response
Content-Length: 472
Connection: keep-alive
Last-Modified: Tue, 20 Dec 2022 08:27:04 GMT
Expires: Tue, 27 Dec 2022 08:27:03 GMT
Etag: "e0e8e7c1083c12a4b45fec60a4ab2f2c099eb299"
Cache-Control: max-age=563229,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb1
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 77cae7612df5b51e-OSL
ocsp.sectigo.com/
104.18.32.68200 OK 472 B IP 104.18.32.68:0
Hash b4ee53fa3abc2578d94bf930d6ece687
1203b667067160738a88e32a14b3c7724e2d043d
034da19ca38d77fa9ed214d7ae3cb69b74f733124e9c92d2b08c412fa6a76cf0
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Tue, 20 Dec 2022 19:49:53 GMT
Content-Type: application/ocsp-response
Content-Length: 472
Connection: keep-alive
Last-Modified: Sat, 17 Dec 2022 15:56:21 GMT
Expires: Sat, 24 Dec 2022 15:56:20 GMT
Etag: "1203b667067160738a88e32a14b3c7724e2d043d"
Cache-Control: max-age=330986,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb5
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 77cae7623f0ab51b-OSL
lcdn.tsyndicate.com/sdk/v1/b.b.js
8.248.225.238200 OK 2.8 kB URL HTTP/2 lcdn.tsyndicate.com/sdk/v1/b.b.js
IP 8.248.225.238:0
File type ASCII text, with very long lines (2590)
Hash 01c3ce239d639853ba1e41661c115938
704741ca41e890a26eef6190c2d61131ff294f56
9aabcddb7b91826c4b8bf721d77fa448ceba501616a38c6fe0d6c4f11091ed47
GET /sdk/v1/b.b.js HTTP/1.1
Host: lcdn.tsyndicate.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://a.naturalhealthsource.club/
Cookie: ts_uid=e05f8223-8c4b-4510-9b77-5066ad3b33cd
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Tue, 20 Dec 2022 19:49:53 GMT
content-type: application/javascript
content-length: 2808
last-modified: Tue, 22 Feb 2022 13:07:15 GMT
server: nginx
x-robots-tag: noindex, nofollow
content-encoding: gzip
vary: Accept-Encoding
etag: W/"6214e003-1eb1"
age: 24831530
accept-ranges: bytes
X-Firefox-Spdy: h2
lcdn.tsyndicate.com/sdk/v1/b.b.js
8.248.225.238304 Not Modified 0 B URL HTTP/2 lcdn.tsyndicate.com/sdk/v1/b.b.js
IP 8.248.225.238:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /sdk/v1/b.b.js HTTP/1.1
Host: lcdn.tsyndicate.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://a.naturalhealthsource.club/
Cookie: ts_uid=e05f8223-8c4b-4510-9b77-5066ad3b33cd
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
If-Modified-Since: Tue, 22 Feb 2022 13:07:15 GMT
If-None-Match: W/"6214e003-1eb1"
TE: trailers
HTTP/2 304 Not Modified
date: Tue, 20 Dec 2022 19:49:53 GMT
last-modified: Tue, 22 Feb 2022 13:07:15 GMT
server: nginx
x-robots-tag: noindex, nofollow
vary: Accept-Encoding
etag: W/"6214e003-1eb1"
age: 24831530
X-Firefox-Spdy: h2
poweredby.jads.co/js/jads.js
185.94.237.101301 Moved Permanently 178 B URL HTTP/1.1 poweredby.jads.co/js/jads.js
IP 185.94.237.101:0
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash cd2e0e43980a00fb6a2742d3afd803b8
81ffbd1712afe8cdf138b570c0fc9934742c33c1
bd9df047d51943acc4bc6cf55d88edb5b6785a53337ee2a0f74dd521aedde87d
GET /js/jads.js HTTP/1.1
Host: poweredby.jads.co
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://media.aso1.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Tue, 20 Dec 2022 19:49:53 GMT
Content-Type: text/html
Content-Length: 178
Connection: keep-alive
Location: jads2.js
adxadserv.com/px/event/v1?e_t=pageview&url=https%253A%252F%252Fads.adxadserv.com%252Fad%253Fspotid%253D636bc5d561d6e27071201a23%2526type%253D300x250%2526output%253Dhtml&ref=https%253A%252F%252Fxfantazy.com%252F&d_r=1&d_s=1280x1024&d_w=300x250&t_s=1671565800044&t_i=1671565800617&u_tz=0&u_l=en-US&u_l2=&u_l3=&pv_uid=e3603086-52c9-4ee4-b646-e2d1094c782b&nav_rc=0&nav_nt=NAVIGATE&p_nn=adxad-rtb&p_pt=IFRAME&imid=7845c47c-809f-11ed-a8af-e2e38133f3a0&spid=636bc5d561d6e27071201a23&fpid_sa=1671565800617&fpid=&feid_sa=1671565800617&sid_sa=1671565800617&feid=12e206d0b7cd8c262418ac1af6d1d154&sid=ca70381f44ded0bf60c0cc9e03b5e774&u_adb=0&vn=T-0.1.1&utm_typ=referral&utm_src=xfantazy.com&s_rst=1&e_d=%7B%22isResetRequired%22%3Atrue%7D&t_op=0.418
185.98.53.29200 OK 0 B URL HTTP/1.1 adxadserv.com/px/event/v1?e_t=pageview&url=https%253A%252F%252Fads.adxadserv.com%252Fad%253Fspotid%253D636bc5d561d6e27071201a23%2526type%253D300x250%2526output%253Dhtml&ref=https%253A%252F%252Fxfantazy.com%252F&d_r=1&d_s=1280x1024&d_w=300x250&t_s=1671565800044&t_i=1671565800617&u_tz=0&u_l=en-US&u_l2=&u_l3=&pv_uid=e3603086-52c9-4ee4-b646-e2d1094c782b&nav_rc=0&nav_nt=NAVIGATE&p_nn=adxad-rtb&p_pt=IFRAME&imid=7845c47c-809f-11ed-a8af-e2e38133f3a0&spid=636bc5d561d6e27071201a23&fpid_sa=1671565800617&fpid=&feid_sa=1671565800617&sid_sa=1671565800617&feid=12e206d0b7cd8c262418ac1af6d1d154&sid=ca70381f44ded0bf60c0cc9e03b5e774&u_adb=0&vn=T-0.1.1&utm_typ=referral&utm_src=xfantazy.com&s_rst=1&e_d=%7B%22isResetRequired%22%3Atrue%7D&t_op=0.418
IP 185.98.53.29:0
ASN #39572 DataWeb Global Group B.V.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /px/event/v1?e_t=pageview&url=https%253A%252F%252Fads.adxadserv.com%252Fad%253Fspotid%253D636bc5d561d6e27071201a23%2526type%253D300x250%2526output%253Dhtml&ref=https%253A%252F%252Fxfantazy.com%252F&d_r=1&d_s=1280x1024&d_w=300x250&t_s=1671565800044&t_i=1671565800617&u_tz=0&u_l=en-US&u_l2=&u_l3=&pv_uid=e3603086-52c9-4ee4-b646-e2d1094c782b&nav_rc=0&nav_nt=NAVIGATE&p_nn=adxad-rtb&p_pt=IFRAME&imid=7845c47c-809f-11ed-a8af-e2e38133f3a0&spid=636bc5d561d6e27071201a23&fpid_sa=1671565800617&fpid=&feid_sa=1671565800617&sid_sa=1671565800617&feid=12e206d0b7cd8c262418ac1af6d1d154&sid=ca70381f44ded0bf60c0cc9e03b5e774&u_adb=0&vn=T-0.1.1&utm_typ=referral&utm_src=xfantazy.com&s_rst=1&e_d=%7B%22isResetRequired%22%3Atrue%7D&t_op=0.418 HTTP/1.1
Host: adxadserv.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ads.adxadserv.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
HTTP/1.1 200 OK
Server: nginx/1.20.1
Date: Tue, 20 Dec 2022 19:49:53 GMT
Content-Length: 0
Connection: keep-alive
go.xlirdr.com/i?campaignId=banner2609start&creativeId=300x250&modelsCountry=&modelsLanguage=&sourceId=xfanta&tag=females&targetDomain=&buttonColor=&hideModelNameOnSmallSpots=0&hideTitleOnSmallSpots=1&liveBadgeColor=%2324d7d7&showButton=1&showModelName=1&showTitle=0&showLiveBadge=1&isXhDesign=0&actionButtonPlacement=bottom&thumbSizeKey=small&hideButtonOnSmallSpots=1&userId=b47aedc2c088e2f21e0cc23e0318384c557941461efdbc48212e7282df45f2f4&landing=WidgetV4Universal
104.18.59.150302 Found 0 B URL HTTP/2 go.xlirdr.com/i?campaignId=banner2609start&creativeId=300x250&modelsCountry=&modelsLanguage=&sourceId=xfanta&tag=females&targetDomain=&buttonColor=&hideModelNameOnSmallSpots=0&hideTitleOnSmallSpots=1&liveBadgeColor=%2324d7d7&showButton=1&showModelName=1&showTitle=0&showLiveBadge=1&isXhDesign=0&actionButtonPlacement=bottom&thumbSizeKey=small&hideButtonOnSmallSpots=1&userId=b47aedc2c088e2f21e0cc23e0318384c557941461efdbc48212e7282df45f2f4&landing=WidgetV4Universal
IP 104.18.59.150:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /i?campaignId=banner2609start&creativeId=300x250&modelsCountry=&modelsLanguage=&sourceId=xfanta&tag=females&targetDomain=&buttonColor=&hideModelNameOnSmallSpots=0&hideTitleOnSmallSpots=1&liveBadgeColor=%2324d7d7&showButton=1&showModelName=1&showTitle=0&showLiveBadge=1&isXhDesign=0&actionButtonPlacement=bottom&thumbSizeKey=small&hideButtonOnSmallSpots=1&userId=b47aedc2c088e2f21e0cc23e0318384c557941461efdbc48212e7282df45f2f4&landing=WidgetV4Universal HTTP/1.1
Host: go.xlirdr.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://cams.gratis/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
date: Tue, 20 Dec 2022 19:49:53 GMT
content-length: 0
location: https://creative.xlirdr.com/widgets/v4/Universal/?actionButtonPlacement=bottom&buttonColor=&campaignId=banner2609start&creativeId=300x250&domain=stripchat&hideButtonOnSmallSpots=1&hideModelNameOnSmallSpots=0&hideTitleOnSmallSpots=1&isXhDesign=0&liveBadgeColor=%2324d7d7&modelsCountry=&modelsLanguage=&showButton=1&showLiveBadge=1&showModelName=1&showTitle=0&sound=off&sourceId=xfanta&tag=females&targetDomain=&thumbSizeKey=small&trackOff=1&userId=b47aedc2c088e2f21e0cc23e0318384c557941461efdbc48212e7282df45f2f4
access-control-allow-origin: *
cf-cache-status: DYNAMIC
set-cookie: __cflb=0H28uukSkGJRy5UBr1XYMARUwdYFVsfatJtNhtQa9qE; SameSite=None; Secure; path=/; expires=Wed, 21-Dec-22 18:49:53 GMT; HttpOnly
server: cloudflare
cf-ray: 77cae7629f13fab8-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 07a6388f202f4d4f3ae53eb422384751
b19333149bf7841bed24266801d522e67e0c7ac6
36abe155074ffbce81a7ae738dd205679b4857e45e49499ff4d33aee79e94d45
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "36ABE155074FFBCE81A7AE738DD205679B4857E45E49499FF4D33AEE79E94D45"
Last-Modified: Tue, 20 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4524
Expires: Tue, 20 Dec 2022 21:05:17 GMT
Date: Tue, 20 Dec 2022 19:49:53 GMT
Connection: keep-alive
cams.gratis/banner/300x250.php?site=xfanta
172.64.195.8200 OK 1.1 kB URL HTTP/2 cams.gratis/banner/300x250.php?site=xfanta
IP 172.64.195.8:0
File type HTML document text\012- HTML document, ASCII text, with very long lines (739)
Hash ac524cb9c8c5c40ffd7df6b7670b3af8
1331d7e86d42d649dbe25b1a04754f0d881ec6e1
1be936dbebbe27f00243d857a5832d7a28d1be79bb7cc5841e2897c904cf5bae
GET /banner/300x250.php?site=xfanta HTTP/1.1
Host: cams.gratis
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ads.adxadserv.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Tue, 20 Dec 2022 19:49:53 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding,User-Agent
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=y%2B88fUdR4r3o3u2StHTmeJhvfOCJZAGQiASNor9uzmGxknb%2BeIgQm%2FCgfxUWg5zBzI8FNSyP3jQFomSWfmkJDYIUZqnEIJjE3jI7UD7kcjVzMERkBm5INrphNdME4w%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 77cae7611a76240c-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 07a6388f202f4d4f3ae53eb422384751
b19333149bf7841bed24266801d522e67e0c7ac6
36abe155074ffbce81a7ae738dd205679b4857e45e49499ff4d33aee79e94d45
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "36ABE155074FFBCE81A7AE738DD205679B4857E45E49499FF4D33AEE79E94D45"
Last-Modified: Tue, 20 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4524
Expires: Tue, 20 Dec 2022 21:05:17 GMT
Date: Tue, 20 Dec 2022 19:49:53 GMT
Connection: keep-alive
ocsp.sectigo.com/
104.18.32.68200 OK 472 B IP 104.18.32.68:0
Hash b4ee53fa3abc2578d94bf930d6ece687
1203b667067160738a88e32a14b3c7724e2d043d
034da19ca38d77fa9ed214d7ae3cb69b74f733124e9c92d2b08c412fa6a76cf0
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Tue, 20 Dec 2022 19:49:53 GMT
Content-Type: application/ocsp-response
Content-Length: 472
Connection: keep-alive
Last-Modified: Sat, 17 Dec 2022 15:56:21 GMT
Expires: Sat, 24 Dec 2022 15:56:20 GMT
Etag: "1203b667067160738a88e32a14b3c7724e2d043d"
Cache-Control: max-age=330986,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb1
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 77cae76248dbb524-OSL
chaturbate.com/in/?track=xfanta&tour=x1Rd&campaign=NcAyU&c=3&p=0&gender=f
104.18.101.40302 Found 312 B URL HTTP/2 chaturbate.com/in/?track=xfanta&tour=x1Rd&campaign=NcAyU&c=3&p=0&gender=f
IP 104.18.101.40:0
Hash a6dd47b928713d1c812e145ac8b6e162
8de5e5f0aeda81ef2c2a8dc013b88f15c6f2b393
3d232eb450bbb31bbe54fd4ff6e858e704c232519e2d0508fce291a74c525a42
GET /in/?track=xfanta&tour=x1Rd&campaign=NcAyU&c=3&p=0&gender=f HTTP/1.1
Host: chaturbate.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://cams.gratis/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
date: Tue, 20 Dec 2022 19:49:53 GMT
content-type: text/html; charset=utf-8
location: /tours/3/?tour=x1Rd&campaign=NcAyU&c=3&p=0&gender=f&disable_sound=0
p3p: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"
vary: Accept-Language, Cookie
content-language: en
content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.mmcdn.com https://*.highwebmedia.com https://*.chaturbate.com https://chaturbate.com https://ajax.googleapis.com https://js-agent.newrelic.com https://cdnjs.cloudflare.com https://www.google-analytics.com https://www.google.com/recaptcha/ https://www.google.com/cv/ https://www.gstatic.com/recaptcha/ https://www.gstatic.com/cv/ https://www.gstatic.com/eureka/ https://www.gstatic.com/cast/ https://*.nr-data.net https://certify-js.alexametrics.com https://player.vimeo.com/api/player.js http://static.hotjar.com https://static.hotjar.com https://script.hotjar.com ; style-src 'self' data: 'unsafe-inline' https://*.highwebmedia.com https://cdnjs.cloudflare.com https://fonts.googleapis.com ; img-src 'self' data: https://*.mmcdn.com https://*.highwebmedia.com https://*.stream.highwebmedia.com https://*.chaturbate.com https://chaturbate.com https://www.google-analytics.com https://static-pub.highwebmedia.com https://s3pv.highwebmedia.com https://cbphotovideo.s3.amazonaws.com https://cbphotovideo-eu.s3.amazonaws.com https://static-pub.highwebmedia.com.s3.amazonaws.com https://wowdvr.s3.amazonaws.com https://cbvideoupload.s3.amazonaws.com https://cdnjs.cloudflare.com https://www.gstatic.com https://*.nr-data.net https://certify.alexametrics.com https://stats.g.doubleclick.net https://cbgames.s3.amazonaws.com https://player.vimeo.com https://script.hotjar.com http://script.hotjar.com ; font-src 'self' data: https://*.mmcdn.com https://*.highwebmedia.com https://cdnjs.cloudflare.com https://fonts.gstatic.com http://script.hotjar.com https://script.hotjar.com ; connect-src 'self' blob: blob https://*.mmcdn.com wss://*.mmcdn.com wss://*.mmcdn.com:8443 https://*.highwebmedia.com wss://*.highwebmedia.com wss://*.highwebmedia.com:8443 https://*.nr-data.net https://*.chaturbate.com https://chaturbate.com https://www.google-analytics.com https://cbvideoupload.s3-accelerate.amazonaws.com https://stats.g.doubleclick.net https://internet-up.ably-realtime.com https://static-pub.highwebmedia.com https://s3pv.highwebmedia.com https://cbphotovideo.s3.amazonaws.com https://cbphotovideo-eu.s3.amazonaws.com https://static-pub.highwebmedia.com.s3.amazonaws.com https://wowdvr.s3.amazonaws.com https://cbvideoupload.s3.amazonaws.com https://tls-use1.fpapi.io https://use1.fptls.com https://eun1.fptls.com https://aps1.fptls.com http://*.hotjar.com:* https://*.hotjar.com:* https://vc.hotjar.io:* https://surveystats.hotjar.io wss://*.hotjar.com ; media-src 'self' https://*.mmcdn.com https://*.highwebmedia.com https://*.chaturbate.com https://chaturbate.com mediasource: blob: data: https://static-pub.highwebmedia.com https://s3pv.highwebmedia.com https://cbphotovideo.s3.amazonaws.com https://cbphotovideo-eu.s3.amazonaws.com https://static-pub.highwebmedia.com.s3.amazonaws.com https://wowdvr.s3.amazonaws.com https://cbvideoupload.s3.amazonaws.com; object-src 'self' https://*.mmcdn.com https://*.highwebmedia.com https://download.macromedia.com https://static-pub.highwebmedia.com https://s3pv.highwebmedia.com https://cbphotovideo.s3.amazonaws.com https://cbphotovideo-eu.s3.amazonaws.com https://static-pub.highwebmedia.com.s3.amazonaws.com https://wowdvr.s3.amazonaws.com https://cbvideoupload.s3.amazonaws.com ; frame-src 'self' https://*.mmcdn.com https://*.chaturbate.com https://chaturbate.com https://*.highwebmedia.com https://adserver.exoticads.com https://www.google.com/recaptcha/ https://*.wnu.com https://wnu.com https://checkout.2000charge.com https://www.sofort.com https://*.girogate.de https://player.vimeo.com https://vars.hotjar.com ; child-src 'self' blob: blob ; worker-src 'self' blob: blob ; form-action 'self' https://*.chaturbate.com https://chaturbate.com https://*.stream.highwebmedia.com https://www.coinpayments.net https://*.wnu.com https://wnu.com https://devportal.cb.dev https://*.web.amer-1.jumio.ai https://smartpay.coinsmart.com ; manifest-src 'self' https://*.mmcdn.com https://*.highwebmedia.com ; report-uri https://report-uri.mmcdn.com/r/t/csp/enforce;
report-to: {"group":"default","max_age":2592000,"endpoints":[{"url":"https://report-uri.mmcdn.com/a/t/g"}],"include_subdomains":true}
nel: {"report_to":"default","max_age":2592000,"include_subdomains":true}
x-frame-options: DENY
cache-control: no-cache
x-content-type-options: nosniff
x-xss-protection: 1; mode=block; report=https://report-uri.highwebmedia.com/r/t/xss/enforce
referrer-policy: strict-origin-when-cross-origin
via: 1.1 google
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cf-cache-status: DYNAMIC
set-cookie: u_x1Rd=1; expires=Sun, 25-Dec-2022 19:49:53 GMT; Max-Age=432000; Path=/
us_x1Rd=1; Path=/
affkey="eJyrVipRslJQqjAMSlHSUVBKzi0Acf2SHStDQfySomywdFpiXkkiSKAIxM0oKSkottLXT07MLdZLL0osySzWB0kmpqWBpHMTKyoqclNTMhONDAwtQBJgQ40MlWoBzegfMA=="; Domain=.chaturbate.com; expires=Thu, 19-Jan-2023 19:49:53 GMT; Max-Age=2592000; Path=/
fromaffiliate=1; Domain=.chaturbate.com; Path=/
noads=1; expires=Wed, 21-Dec-2022 01:49:53 GMT; Max-Age=21600; Path=/
sbr=sec:sbr0e8e87d4-6367-4bd9-8beb-8340d8e2d624:1p7icb:3Cev0vcOnYNNZcqs8UtrsoTyhaY; Domain=.chaturbate.com; expires=Sun, 14-Sep-2025 19:49:53 GMT; HttpOnly; Max-Age=86313600; Path=/; Secure
__cf_bm=xlDOfkF2w_RDhk3TGwAFJqNKMj5rmNnv2pIZubLXLxA-1671565793-0-Ae1r5h6Q00ub4m0pznyaKIyZuJNop3xPLa6svcL7dD3G1LRQK74AzMJIzOD5gXdh9azlWDGCXTZloYchjH6NuIM=; path=/; expires=Tue, 20-Dec-22 20:19:53 GMT; domain=.chaturbate.com; HttpOnly; Secure; SameSite=None
strict-transport-security: max-age=31536000; includeSubDomains; preload
server: cloudflare
cf-ray: 77cae7626ffab506-OSL
X-Firefox-Spdy: h2
poweredby.jads.co/js/jads2.js
185.94.237.101200 OK 1.7 kB URL HTTP/1.1 poweredby.jads.co/js/jads2.js
IP 185.94.237.101:0
File type ASCII text, with very long lines (3758), with no line terminators
Hash 558e1b61fc513016183a3812938e79fb
5f72ea61a2aad8f7a0956321d3fd8524db70eddf
a79f8c0aabfc2d1d45e4df2a86ca9172d292b08987f7a9d5c10bd10abf3aef54
GET /js/jads2.js HTTP/1.1
Host: poweredby.jads.co
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://media.aso1.net/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Tue, 20 Dec 2022 19:49:53 GMT
Content-Type: application/x-javascript
Last-Modified: Mon, 21 Nov 2022 05:24:20 GMT
Transfer-Encoding: chunked
Connection: close
ETag: W/"637b0b84-eae"
Content-Encoding: gzip
unseenreport.com/pxf.gif?uuid=27a4c2bf-d80a-480d-bf88-2bc1a0499786&eb=afa55bd8bbaeee6cbf2f0b21fb513961&te=9e4947f35751465411fd1a4f5c358c78&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&dev=e&res=14.1055&b_frame=0&pk=4d0afc2425eea6b0cd5a468c9f8a69ed&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=19
192.243.61.225200 OK 1 B URL HTTP/1.1 unseenreport.com/pxf.gif?uuid=27a4c2bf-d80a-480d-bf88-2bc1a0499786&eb=afa55bd8bbaeee6cbf2f0b21fb513961&te=9e4947f35751465411fd1a4f5c358c78&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&dev=e&res=14.1055&b_frame=0&pk=4d0afc2425eea6b0cd5a468c9f8a69ed&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=19
IP 192.243.61.225:0
ASN #39572 DataWeb Global Group B.V.
File type very short file (no magic)
Hash 93b885adfe0da089cdf634904fd59f71
5ba93c9db0cff93f52b521d7420e43f6eda2784f
6e340b9cffb37a989ca544e6bb780a2c78901d3fb33738768511a30617afa01d
Analyzer Verdict Alert quad9 Sinkholed
GET /pxf.gif?uuid=27a4c2bf-d80a-480d-bf88-2bc1a0499786&eb=afa55bd8bbaeee6cbf2f0b21fb513961&te=9e4947f35751465411fd1a4f5c358c78&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&dev=e&res=14.1055&b_frame=0&pk=4d0afc2425eea6b0cd5a468c9f8a69ed&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=19 HTTP/1.1
Host: unseenreport.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Tue, 20 Dec 2022 19:49:53 GMT
Content-Type: image/gif
Content-Length: 1
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 6ab51206d54a26fca6a0e82d60fb6add
Strict-Transport-Security: max-age=0; includeSubdomains
a.realsrv.com/video-slider.js
185.76.9.15200 OK 13 kB URL HTTP/2 a.realsrv.com/video-slider.js
IP 185.76.9.15:0
ASN #60068 Datacamp Limited
Hash 851aeb8e47978f975dec1b21b4537771
de64e9a308af99e12a468a29c6699cd95c84938d
b48057f12f9b9ff1d93553a3fd4561d318adc7b302076b10a8ca39ebb9070f5e
GET /video-slider.js HTTP/1.1
Host: a.realsrv.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://media.aso1.net/
Cookie: __uvt=a%3A1%3A%7Bi%3A0%3Bs%3A32%3A%2263a211e10b0555.76638992844992361%22%3B%7D; __upt=%7B%22v%22%3A1%2C%22id%22%3A%220%22%2C%22pcma%22%3A%22%22%2C%22acma%22%3A%22508.029701%22%7D
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Tue, 20 Dec 2022 19:49:53 GMT
content-type: application/javascript
etag: W/"bfe8e0d358572ef0cbb85c26f8a"
expires: Tue, 20 Dec 2022 20:57:01 GMT
cache-control: max-age=10800
access-control-allow-origin: *
x-cache-op: HIT
x-accel-expires: @1671569946
server: CDN77-Turbo
x-77-nzt: AblMCQ086t//9xkAAA
x-77-nzt-ray: c0a4cc28933a6ed9e111a26346552913
x-cache: HIT
x-age: 6647
x-77-pop: stockholmSE
x-77-cache: HIT
content-encoding: gzip
X-Firefox-Spdy: h2
unseenreport.com/pxf.gif?uuid=27a4c2bf-d80a-480d-bf88-2bc1a0499786&eb=afa55bd8bbaeee6cbf2f0b21fb513961&te=9e4947f35751465411fd1a4f5c358c78&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&dev=e&res=14.1055&b_frame=0&pk=01f75a95a38a8db0a8e82d995253a076&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=19
192.243.61.225200 OK 1 B URL HTTP/1.1 unseenreport.com/pxf.gif?uuid=27a4c2bf-d80a-480d-bf88-2bc1a0499786&eb=afa55bd8bbaeee6cbf2f0b21fb513961&te=9e4947f35751465411fd1a4f5c358c78&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&dev=e&res=14.1055&b_frame=0&pk=01f75a95a38a8db0a8e82d995253a076&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=19
IP 192.243.61.225:0
ASN #39572 DataWeb Global Group B.V.
File type very short file (no magic)
Hash 93b885adfe0da089cdf634904fd59f71
5ba93c9db0cff93f52b521d7420e43f6eda2784f
6e340b9cffb37a989ca544e6bb780a2c78901d3fb33738768511a30617afa01d
Analyzer Verdict Alert quad9 Sinkholed
GET /pxf.gif?uuid=27a4c2bf-d80a-480d-bf88-2bc1a0499786&eb=afa55bd8bbaeee6cbf2f0b21fb513961&te=9e4947f35751465411fd1a4f5c358c78&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&dev=e&res=14.1055&b_frame=0&pk=01f75a95a38a8db0a8e82d995253a076&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=19 HTTP/1.1
Host: unseenreport.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Tue, 20 Dec 2022 19:49:53 GMT
Content-Type: image/gif
Content-Length: 1
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 72ef810655fba1502d7e12f4a7180996
Strict-Transport-Security: max-age=0; includeSubdomains
unseenreport.com/pxf.gif?uuid=27a4c2bf-d80a-480d-bf88-2bc1a0499786&eb=afa55bd8bbaeee6cbf2f0b21fb513961&te=9e4947f35751465411fd1a4f5c358c78&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&dev=e&res=14.1055&b_frame=0&pk=21fe3950f412e026c33f1b6cee613eba&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=19
192.243.61.225200 OK 1 B URL HTTP/1.1 unseenreport.com/pxf.gif?uuid=27a4c2bf-d80a-480d-bf88-2bc1a0499786&eb=afa55bd8bbaeee6cbf2f0b21fb513961&te=9e4947f35751465411fd1a4f5c358c78&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&dev=e&res=14.1055&b_frame=0&pk=21fe3950f412e026c33f1b6cee613eba&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=19
IP 192.243.61.225:0
ASN #39572 DataWeb Global Group B.V.
File type very short file (no magic)
Hash 93b885adfe0da089cdf634904fd59f71
5ba93c9db0cff93f52b521d7420e43f6eda2784f
6e340b9cffb37a989ca544e6bb780a2c78901d3fb33738768511a30617afa01d
Analyzer Verdict Alert quad9 Sinkholed
GET /pxf.gif?uuid=27a4c2bf-d80a-480d-bf88-2bc1a0499786&eb=afa55bd8bbaeee6cbf2f0b21fb513961&te=9e4947f35751465411fd1a4f5c358c78&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&dev=e&res=14.1055&b_frame=0&pk=21fe3950f412e026c33f1b6cee613eba&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=19 HTTP/1.1
Host: unseenreport.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Tue, 20 Dec 2022 19:49:53 GMT
Content-Type: image/gif
Content-Length: 1
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 3857cffd903434a8a8b52268e07b3fdb
Strict-Transport-Security: max-age=0; includeSubdomains
tsyndicate.com/do2/9JvxcJ2c4YQVBcvNGGJkyPysxJOKRqaR/master?w=1280&h=1024&tz=0&count=2
136.243.130.121200 OK 159 kB URL HTTP/2 tsyndicate.com/do2/9JvxcJ2c4YQVBcvNGGJkyPysxJOKRqaR/master?w=1280&h=1024&tz=0&count=2
IP 136.243.130.121:0
ASN #24940 Hetzner Online GmbH
Size 159 kB (159048 bytes)
Hash 154077feb2b8b2cd4df2b8ba367eb07e
83199d480fb01f25c7fe6cd615fc8b6e668145ab
045b716262332e091ea762668ff12c001603bf011693a0bba326c391408fe537
GET /do2/9JvxcJ2c4YQVBcvNGGJkyPysxJOKRqaR/master?w=1280&h=1024&tz=0&count=2 HTTP/1.1
Host: tsyndicate.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://a.naturalhealthsource.club
Connection: keep-alive
Referer: https://a.naturalhealthsource.club/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Tue, 20 Dec 2022 19:49:53 GMT
content-type: application/json; charset=utf-8
access-control-allow-origin: https://a.naturalhealthsource.club
access-control-allow-methods: POST, GET, HEAD
access-control-allow-headers: Accept, X-Requested-With, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, X-Legacy
access-control-allow-credentials: true
pragma: no-cache
expires: 0
vary: Accept-Encoding, *
x-api-version: 2
link: <https://lcdn.tsyndicate.com/sdk/v1/b.b.js>; rel=preload; as=script, <https://lcdn.tsyndicate.com/sdk/v1/b.b.js>; rel=preload; as=script
x-request-id: 24389dfb421a3841
set-cookie: ts_uid=e05f8223-8c4b-4510-9b77-5066ad3b33cd; expires=Tue, 20 Jun 2023 19:49:53 GMT; domain=.tsyndicate.com; path=/; HttpOnly; secure; SameSite=None
cache-control: no-cache, no-store, no-transform, must-revalidate, no-transform
x-robots-tag: none, noindex, nofollow
report-to: { "url": "https://pxl.tsyndicate.com/api/v1/heavy-ad/report", "max_age": 86401 }
content-encoding: gzip
X-Firefox-Spdy: h2
hw-cdn2.adtng.com/delivery/intersection_observer/IntersectionObserver.js
209.197.3.25200 OK 96 kB URL HTTP/1.1 hw-cdn2.adtng.com/delivery/intersection_observer/IntersectionObserver.js
IP 209.197.3.25:0
Hash 03e8f8d3a67a6f50ab1cc399aa437a0f
a5cb2419ea8136735b09b6dc52781aa5a09deb3d
63d23ab90adfae76a342fcdf75db04c463d714f4b6c3523e9bd003cc4ce5d68d
GET /delivery/intersection_observer/IntersectionObserver.js HTTP/1.1
Host: hw-cdn2.adtng.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://a.adtng.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
HTTP/1.1 200 OK
Date: Tue, 20 Dec 2022 19:49:54 GMT
Connection: Keep-Alive
ETag: "1649192094"
Content-Length: 16885
Content-Type: application/javascript
Last-Modified: Tue, 05 Apr 2022 20:54:54 GMT
Accept-Ranges: bytes
Cache-Control: max-age=10721591
X-HW: 1671565794.dop020.sk1.t,1671565794.cds071.sk1.shn,1671565794.dop020.sk1.t,1671565794.cds228.sk1.c
Access-Control-Allow-Origin: *
a.adtng.com/get/10010242?time=1592492288727&atc=307327&apb=baF7jajdvy0eI7bY3CamspUkysYRVF7dwADe2w7NEdGCqJVivu_6HvInGkpGNMghe7L41h2VWX6RHtkd5TZDfnMgkhWCTP6X_BypfFhFvDRN5RHPGvwazQ97oKvIhY-o050_gUIDRUi
66.254.114.171200 OK 14 kB URL HTTP/2 a.adtng.com/get/10010242?time=1592492288727&atc=307327&apb=baF7jajdvy0eI7bY3CamspUkysYRVF7dwADe2w7NEdGCqJVivu_6HvInGkpGNMghe7L41h2VWX6RHtkd5TZDfnMgkhWCTP6X_BypfFhFvDRN5RHPGvwazQ97oKvIhY-o050_gUIDRUi
IP 66.254.114.171:0
Hash 5def854c150b0b4954384d9fb9942cc3
a9bfd9fa27136a553d8ca6ddb09995b5ca53e31a
df3f91915ff628c968fdf2380ef03c69bfc97f47d8605491afcfc63800b6e0ac
GET /get/10010242?time=1592492288727&atc=307327&apb=baF7jajdvy0eI7bY3CamspUkysYRVF7dwADe2w7NEdGCqJVivu_6HvInGkpGNMghe7L41h2VWX6RHtkd5TZDfnMgkhWCTP6X_BypfFhFvDRN5RHPGvwazQ97oKvIhY-o050_gUIDRUi HTTP/1.1
Host: a.adtng.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://a.naturalhealthsource.club/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: openresty
date: Tue, 20 Dec 2022 19:49:53 GMT
content-type: text/html
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-headers: Accept,Authorization,Cache-Control,Content-Type,DNT,If-Modified-Since,Keep-Alive,Origin,User-Agent,X-Requested-With
content-encoding: gzip
set-cookie: adtool_guid=Ch5KFmOiEeFepxvvvNzhAg==; expires=Thu, 31-Dec-37 23:55:55 GMT; path=/; Secure; HTTPOnly; SameSite=None;
RNLBSERVERID=ded7040; path=/; HttpOnly; Secure; SameSite=None
x-request-id: 63A211E1-42FE72AB01BBC869-31DC60E
X-Firefox-Spdy: h2
hw-cdn2.ang-content.com/a7/creatives/1/49/815053/1042364/1042364_logo.png
205.185.208.20200 OK 4.2 kB URL HTTP/1.1 hw-cdn2.ang-content.com/a7/creatives/1/49/815053/1042364/1042364_logo.png
IP 205.185.208.20:0
File type PNG image data, 300 x 100, 8-bit/color RGBA, non-interlaced\012- data
Hash 1220f7311cd96f340be4c4c608ca85a6
05adee9ec81da5f7ddc258b5a6f05a104f89c3ba
6cce250309d4470b025877494a01253e1d9d8da32fa5fc96ca2ce63683b2a084
GET /a7/creatives/1/49/815053/1042364/1042364_logo.png HTTP/1.1
Host: hw-cdn2.ang-content.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://a.adtng.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Date: Tue, 20 Dec 2022 19:49:54 GMT
Connection: Keep-Alive
ETag: "1663092513"
Content-Length: 4192
Content-Type: image/png
Last-Modified: Tue, 13 Sep 2022 18:08:33 GMT
Accept-Ranges: bytes
Cache-Control: max-age=10779049
X-HW: 1671565794.dop010.sk1.t,1671565794.cds255.sk1.shn,1671565794.dop010.sk1.t,1671565794.cds228.sk1.c
Access-Control-Allow-Origin: *
pxl.tsyndicate.com/api/v1/p/p.js?p=APeIQFMmDJkycuaI0BGjBgsRYcbQWRjjIZ0zC0XYIGNmxpgxN8y0EENjTI0WNMLYgDGyjI0bLcbgiGEGRhkZOWrckGFDxMMxbNIsvIFjxsMwdcZkNJOjYQwxYk7isEEjB0oYNcq0wIFjDJmtOcrQKBPjBtQZVH2KEJOGTMYbNmrAUGvQzkIZNWagfQinjhiKOGFUhAgHzkIcN2gYFTEHzkQdNGDYyCF5cZvGjyNPlmzjKMe7Nx62cYOR4Q0YkvmOLh2XxuA6MTKioUMHzhwdL14YnOOCjpyIa9KQ9h3GjJk3Lsa8afNijJyCdNLYKTPnxZoYcfLImHoGTxsyNc7MIANHzowcN9zcqWHnRYy4NWQILnsj8UkzdMh8mYEaTwzULqgBB0YPkbFcRmG44EYYdNTxGxsEhcEGHWjM8YaDY5SRHBt-qTUGgwttMUMMXfAlh1I6wOACaoOJYcZCKgr2ExxtfFEeiiri4JAIcthhGEM7ljEGjRQ9VEcdQukgQhlYmYGDDDLMsNUYNIiBUg3_tZCDGPW1IJcNNhg0gxh6eaVWGj-K0JQLlLlAgwwuNESDWnJ8gWZGa7b5Zpw1zGlkGBk18YYeabDBRhgv1LAiCChcIZyBd8wBghNUgPDfijuA4KgbVGWKR6cg9MgQViumAMIRQq7xxgvy_SeYYCAYkcZzx-HhHqlz_YSiCE48odYbdX6UUa9qsbFrEU6odZAdXzzHBkU6EYUWDqg9JMcZbtxVA2IFlsGsGHIchkO3zLbxhls6bGfDYGTI8cZCi72hEGQmvoFHHgvRYG0ZLyo5W2235Zbggg0-GOGEFV54ooZA-fWCWndkFMN2uQ4kMQwy-MlYjxm5SweDwLZQhxtp0NECxi6QMcbEyu560Bcqs2xRGxS91FBcN-SwGB1tyFDzDTfrpPN5ixnULHVwfAEiQzbXgLPOR4nxmAgHmYHUhGrBYSyMP5UGQx8KBAQ%3D&s=0ae17f02c0fa5f0b609e9d54a75fffdbe5f588ea8ee6d8867004f78e8dc14b3e1671565793&w=t&r=1&d=3&priv=false
94.130.164.161200 OK 24 B URL HTTP/2 pxl.tsyndicate.com/api/v1/p/p.js?p=APeIQFMmDJkycuaI0BGjBgsRYcbQWRjjIZ0zC0XYIGNmxpgxN8y0EENjTI0WNMLYgDGyjI0bLcbgiGEGRhkZOWrckGFDxMMxbNIsvIFjxsMwdcZkNJOjYQwxYk7isEEjB0oYNcq0wIFjDJmtOcrQKBPjBtQZVH2KEJOGTMYbNmrAUGvQzkIZNWagfQinjhiKOGFUhAgHzkIcN2gYFTEHzkQdNGDYyCF5cZvGjyNPlmzjKMe7Nx62cYOR4Q0YkvmOLh2XxuA6MTKioUMHzhwdL14YnOOCjpyIa9KQ9h3GjJk3Lsa8afNijJyCdNLYKTPnxZoYcfLImHoGTxsyNc7MIANHzowcN9zcqWHnRYy4NWQILnsj8UkzdMh8mYEaTwzULqgBB0YPkbFcRmG44EYYdNTxGxsEhcEGHWjM8YaDY5SRHBt-qTUGgwttMUMMXfAlh1I6wOACaoOJYcZCKgr2ExxtfFEeiiri4JAIcthhGEM7ljEGjRQ9VEcdQukgQhlYmYGDDDLMsNUYNIiBUg3_tZCDGPW1IJcNNhg0gxh6eaVWGj-K0JQLlLlAgwwuNESDWnJ8gWZGa7b5Zpw1zGlkGBk18YYeabDBRhgv1LAiCChcIZyBd8wBghNUgPDfijuA4KgbVGWKR6cg9MgQViumAMIRQq7xxgvy_SeYYCAYkcZzx-HhHqlz_YSiCE48odYbdX6UUa9qsbFrEU6odZAdXzzHBkU6EYUWDqg9JMcZbtxVA2IFlsGsGHIchkO3zLbxhls6bGfDYGTI8cZCi72hEGQmvoFHHgvRYG0ZLyo5W2235Zbggg0-GOGEFV54ooZA-fWCWndkFMN2uQ4kMQwy-MlYjxm5SweDwLZQhxtp0NECxi6QMcbEyu560Bcqs2xRGxS91FBcN-SwGB1tyFDzDTfrpPN5ixnULHVwfAEiQzbXgLPOR4nxmAgHmYHUhGrBYSyMP5UGQx8KBAQ%3D&s=0ae17f02c0fa5f0b609e9d54a75fffdbe5f588ea8ee6d8867004f78e8dc14b3e1671565793&w=t&r=1&d=3&priv=false
IP 94.130.164.161:0
ASN #24940 Hetzner Online GmbH
File type ASCII text, with no line terminators
Hash 0959ba36d476b6dc1994ba3c678b07c4
d30b94da72daa02766965206a85b7e0356375f5e
897410b87e27e3dfba3a7d6caab315a5e69cc941bb96d91fc74878a9b051843a
GET /api/v1/p/p.js?p=APeIQFMmDJkycuaI0BGjBgsRYcbQWRjjIZ0zC0XYIGNmxpgxN8y0EENjTI0WNMLYgDGyjI0bLcbgiGEGRhkZOWrckGFDxMMxbNIsvIFjxsMwdcZkNJOjYQwxYk7isEEjB0oYNcq0wIFjDJmtOcrQKBPjBtQZVH2KEJOGTMYbNmrAUGvQzkIZNWagfQinjhiKOGFUhAgHzkIcN2gYFTEHzkQdNGDYyCF5cZvGjyNPlmzjKMe7Nx62cYOR4Q0YkvmOLh2XxuA6MTKioUMHzhwdL14YnOOCjpyIa9KQ9h3GjJk3Lsa8afNijJyCdNLYKTPnxZoYcfLImHoGTxsyNc7MIANHzowcN9zcqWHnRYy4NWQILnsj8UkzdMh8mYEaTwzULqgBB0YPkbFcRmG44EYYdNTxGxsEhcEGHWjM8YaDY5SRHBt-qTUGgwttMUMMXfAlh1I6wOACaoOJYcZCKgr2ExxtfFEeiiri4JAIcthhGEM7ljEGjRQ9VEcdQukgQhlYmYGDDDLMsNUYNIiBUg3_tZCDGPW1IJcNNhg0gxh6eaVWGj-K0JQLlLlAgwwuNESDWnJ8gWZGa7b5Zpw1zGlkGBk18YYeabDBRhgv1LAiCChcIZyBd8wBghNUgPDfijuA4KgbVGWKR6cg9MgQViumAMIRQq7xxgvy_SeYYCAYkcZzx-HhHqlz_YSiCE48odYbdX6UUa9qsbFrEU6odZAdXzzHBkU6EYUWDqg9JMcZbtxVA2IFlsGsGHIchkO3zLbxhls6bGfDYGTI8cZCi72hEGQmvoFHHgvRYG0ZLyo5W2235Zbggg0-GOGEFV54ooZA-fWCWndkFMN2uQ4kMQwy-MlYjxm5SweDwLZQhxtp0NECxi6QMcbEyu560Bcqs2xRGxS91FBcN-SwGB1tyFDzDTfrpPN5ixnULHVwfAEiQzbXgLPOR4nxmAgHmYHUhGrBYSyMP5UGQx8KBAQ%3D&s=0ae17f02c0fa5f0b609e9d54a75fffdbe5f588ea8ee6d8867004f78e8dc14b3e1671565793&w=t&r=1&d=3&priv=false HTTP/1.1
Host: pxl.tsyndicate.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://a.naturalhealthsource.club/
Cookie: ts_uid=e05f8223-8c4b-4510-9b77-5066ad3b33cd
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Tue, 20 Dec 2022 19:49:54 GMT
content-type: text/plain; charset=utf-8
content-length: 24
x-robots-tag: noindex, nofollow
X-Firefox-Spdy: h2
video.ktkjmp.com/adsbygoogle.js
104.18.59.150200 OK 16 B URL HTTP/2 video.ktkjmp.com/adsbygoogle.js
IP 104.18.59.150:0
Hash 3d7f7a60216d40dea48e495fef6903c9
fecdb5184f55cf012563d78940eb97b10b9cc99b
96d83ac9f20fc0b88404f307f135e212642e02d6ea295c96b28aed0d771a224f
GET /adsbygoogle.js HTTP/1.1
Host: video.ktkjmp.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://creative.xlirdr.com/
Origin: https://creative.xlirdr.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Tue, 20 Dec 2022 19:49:54 GMT
content-type: application/javascript
content-length: 16
x-amz-id-2: lcNIxMaAofF7Fv+CenZmpGJJrSUFrD74EH/RfdAjL9Jhx1+3B0JyXF3qWYdsiZqTewxi/ePstns=
x-amz-request-id: 3YWB4S6N4MZ3W6PX
last-modified: Thu, 10 Mar 2022 13:52:07 GMT
etag: "3d7f7a60216d40dea48e495fef6903c9"
x-amz-meta-s3cmd-attrs: atime:1646920284/ctime:1646920283/gid:20/gname:staff/md5:3d7f7a60216d40dea48e495fef6903c9/mode:33188/mtime:1646920283/uid:501/uname:mikhailchubar
x-amz-version-id: eIgLIBoMMcsEXtxOH6UDjWyfAquRpkIG
access-control-allow-origin: https://creative.xlirdr.com
access-control-allow-credentials: true
access-control-allow-headers: Content-Type, Content-Length, Accept-Encoding, x-requested-with
cf-cache-status: HIT
age: 5371
expires: Tue, 20 Dec 2022 23:49:54 GMT
cache-control: public, max-age=14400
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 77cae765bf5eb50b-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
roomimg.stream.highwebmedia.com/riw/bailey_eilish.jpg?1671565770
104.19.241.83200 OK 11 kB URL HTTP/2 roomimg.stream.highwebmedia.com/riw/bailey_eilish.jpg?1671565770
IP 104.19.241.83:0
File type JPEG image data, JFIF standard 1.02, aspect ratio, density 548x549, segment length 16, comment: "Lavc58.91.100", baseline, precision 8, 480x270, components 3\012- data
Hash 7a2ca9d94e7b8073881d3a7c66e0649d
c9f632c5952959055cbe47c1bdf11b3cb9143004
25a72e968955453b382a041edee064d726ecc71488f0d5875eb216c7f351cc84
GET /riw/bailey_eilish.jpg?1671565770 HTTP/1.1
Host: roomimg.stream.highwebmedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://chaturbate.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Tue, 20 Dec 2022 19:49:54 GMT
content-type: image/jpeg
content-length: 11174
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
cache-control: public, max-age=30
cf-bgj: imgq:100,h2pri
cf-polished: status=not_needed
content-security-policy: default-src 'none'; img-src data:; style-src 'unsafe-inline'
referrer-policy: strict-origin-when-cross-origin
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
x-frame-options: DENY
x-xss-protection: 1; mode=block
cf-cache-status: HIT
age: 17
last-modified: Tue, 20 Dec 2022 19:49:37 GMT
expires: Tue, 20 Dec 2022 19:50:24 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=8pMklKd8LNU4dUGnIQxJDjd0vyB%2FZtT5T%2BdSf5uHgMTSvdOSCjoSY%2Bq0uUCMFcjakh1dPRk7HiJz8EazfDtWAoPG0gYwwGWQ1moGs0cczWYB9LrLL2IVwGES8Ne6%2FlRhZRjN%2FEkUTBScZq5Plm0J8fU%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
set-cookie: _cfuvid=qXmzqLJ8Gb0mv84ZlGi2L.cZOIzwmqF1Wf2baMHtmLg-1671565794223-0-604800000; path=/; domain=.highwebmedia.com; HttpOnly; Secure; SameSite=None
server: cloudflare
cf-ray: 77cae765dc0d0b65-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
roomimg.stream.highwebmedia.com/riw/aya_hitakayama.jpg?1671565770
104.19.241.83200 OK 14 kB URL HTTP/2 roomimg.stream.highwebmedia.com/riw/aya_hitakayama.jpg?1671565770
IP 104.19.241.83:0
File type JPEG image data, JFIF standard 1.02, aspect ratio, density 548x549, segment length 16, comment: "Lavc58.91.100", baseline, precision 8, 480x270, components 3\012- data
Hash 69e97b437eacb03aa08fd3cda1f723bd
27bbc76aaccf4552481a8712f6ded80e494b8719
dd41c245909a537a05ac7ec43eda80fe581be0f20d01531174cc9bc86c4b5235
GET /riw/aya_hitakayama.jpg?1671565770 HTTP/1.1
Host: roomimg.stream.highwebmedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://chaturbate.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Tue, 20 Dec 2022 19:49:54 GMT
content-type: image/jpeg
content-length: 14408
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
cache-control: public, max-age=30
cf-bgj: imgq:100,h2pri
cf-polished: status=not_needed
content-security-policy: default-src 'none'; img-src data:; style-src 'unsafe-inline'
referrer-policy: strict-origin-when-cross-origin
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
x-frame-options: DENY
x-xss-protection: 1; mode=block
cf-cache-status: HIT
age: 23
last-modified: Tue, 20 Dec 2022 19:49:31 GMT
expires: Tue, 20 Dec 2022 19:50:24 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=H4SVRQH8RCjN88OSXTstqFP1Ad949H%2F3jn4Hud2klLNuSMl7ebMDDyEfPWp4ewrXppomf73Gq5loKU%2FqHPFx19KJMQQu5sq288TK0bKc76DNofCcvO87RAh6ARBiCwvHczVdD11RnqsqtVpVZRObDBc%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
set-cookie: _cfuvid=za8kIdK2bChjAvvjLjHCH5Vc6FofH5DrxAOe2lyvhgY-1671565794224-0-604800000; path=/; domain=.highwebmedia.com; HttpOnly; Secure; SameSite=None
server: cloudflare
cf-ray: 77cae765dc0b0b65-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
roomimg.stream.highwebmedia.com/riw/mollyflwers.jpg?1671565770
104.19.241.83200 OK 14 kB URL HTTP/2 roomimg.stream.highwebmedia.com/riw/mollyflwers.jpg?1671565770
IP 104.19.241.83:0
File type JPEG image data, JFIF standard 1.02, aspect ratio, density 548x549, segment length 16, progressive, precision 8, 480x270, components 3\012- data
Hash 39578d6269b0cf1d32287e5cc54fd5f6
77647fc267d12d7388ca0336882eb129945546dc
5102f70299e8a3c0fd61a3ffcbf0048b038284ba3705b9f3fd949e5fe8365e92
GET /riw/mollyflwers.jpg?1671565770 HTTP/1.1
Host: roomimg.stream.highwebmedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://chaturbate.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Tue, 20 Dec 2022 19:49:54 GMT
content-type: image/jpeg
content-length: 13983
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
cache-control: public, max-age=30
cf-bgj: imgq:100,h2pri
cf-polished: origSize=14013
content-security-policy: default-src 'none'; img-src data:; style-src 'unsafe-inline'
referrer-policy: strict-origin-when-cross-origin
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
x-frame-options: DENY
x-xss-protection: 1; mode=block
cf-cache-status: HIT
age: 27
last-modified: Tue, 20 Dec 2022 19:49:27 GMT
expires: Tue, 20 Dec 2022 19:50:24 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=iVdJynXKZFEkUDk1hSnIMt6o%2F5hQFBsHoH9OaopGl7YSbEsu%2Fq5ianJ25v4R6wg1vetY7LpfwqsOslARqwUsH289YQ3KRcBRJWnZGjWbUaSK7Fhmz7GkcYJgtaMuBMitVONWzOZW9kucFhXndVYzZ6U%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
set-cookie: _cfuvid=gJAnAypcDvaOHOgOLzfthXsqigBzIRi3C2os4A6fVx8-1671565794227-0-604800000; path=/; domain=.highwebmedia.com; HttpOnly; Secure; SameSite=None
server: cloudflare
cf-ray: 77cae765dc0c0b65-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
pxl.tsyndicate.com/api/v1/p/p.js?p=APeIQFMmDJkycuaI0BGjBgsRYcbQWRjjIZ0zC0XcsEEjR40ZNcS0iBFDzJgWNEjiaCEmjA0yLQziiBEmxwwaYjzKEPEwTJ0xGc3kaFhSTI0WODjmQAmjRhmkOMbAxJGjDI0yMW6IETODI0-IZOwstJHDhoyHcOqIoSgjB4yKEOHAWYjjBo0ZD-fAmaiDBgyyf_GKaKOXr1_ANmw8HNNmro4ZMG7MkHGjJxkzCyk_FOPGTWYZMJLmODvYDUYdlLvmQNvG9NgaKR_WiZERDR06cOboePEijAuDdEy7GPOmzYszZei8iAHjLQwZNGT8oJOmTZkeDUd3lCEDR13KXOo0l2EjDJ0xPSBLBi_-eXk4YnooqTJFSRI0NNCsaSOECRI4SpyBnBE0vSFHDVHcYYYdMbhRxRhMyCGHGWVY4UQSOTQhhRlvdIfEDW40YYYNTiBBxxVBkKHGDU6scYYZdCTBhBkxlSFDG2cQ8YUMYhDhxBN_lVEEDlCsBAceZyzBhB424TFFDE9YQYMeRN7QwhBFyBBHDlUccYMecsiQhxp6kJFDFlmISQUNX5xRRRJESFFFGl_B0UZmD71hJ54ikFFcRr65YV4dcoTBBkGG0oHGHG8QOkYZw7Gh1ldjmLfQFjPE0AVacgDFEFph5NHGG2TQBcNmmOkAgwtvPSSHHY41JFsddOogQhlNmYEDdzMgNQZOKNXAXAs5iHGDlTX8VR4ZM3A1g1RfpeGYCEO54JYL0bnQEA1fyfGFtBlVe222235VRxgZNfGGHmmwwUYYL9TAKggoXJGGG37eMQcITlABAnOs7gCCvW5wJDAeBoPwKkNNsZoCCEeUMcYab7wAGnPOxQCCEWnIUQaHeCzXMAyUeirCj18Z-MUYJqP8EBsmF-HEVwfZ8YXHbFBUw7E4dIVDc66e4RlqNdT1UM1fiCEHXTgcXYbNo5aKWlJwkSHHGwsJ9oZCfXH6Bh55LESDqx_Xdltuu_XmgqB0EGooomwoyqijkI4hqRgvfHVHRjF0R_JDaPD9HLd5vZrR1XSYZ2ALdbiRBh0tPOcCGWP0TbPJB31BueUW3cmQDTc0ZMPONnW-0-eh1zD6DTbNUDpYN5eh1xeWoi466YKFIQZffX7sU9x1wrzQqSKMcRoMfSgQEA%3D%3D&s=b0682748eafbf17ec26a0ace46a7a60f229b3252d34ecb8e5c4b5fc29041222c1671565793&w=t&r=1&d=465&priv=false
94.130.164.161200 OK 24 B URL HTTP/2 pxl.tsyndicate.com/api/v1/p/p.js?p=APeIQFMmDJkycuaI0BGjBgsRYcbQWRjjIZ0zC0XcsEEjR40ZNcS0iBFDzJgWNEjiaCEmjA0yLQziiBEmxwwaYjzKEPEwTJ0xGc3kaFhSTI0WODjmQAmjRhmkOMbAxJGjDI0yMW6IETODI0-IZOwstJHDhoyHcOqIoSgjB4yKEOHAWYjjBo0ZD-fAmaiDBgyyf_GKaKOXr1_ANmw8HNNmro4ZMG7MkHGjJxkzCyk_FOPGTWYZMJLmODvYDUYdlLvmQNvG9NgaKR_WiZERDR06cOboePEijAuDdEy7GPOmzYszZei8iAHjLQwZNGT8oJOmTZkeDUd3lCEDR13KXOo0l2EjDJ0xPSBLBi_-eXk4YnooqTJFSRI0NNCsaSOECRI4SpyBnBE0vSFHDVHcYYYdMbhRxRhMyCGHGWVY4UQSOTQhhRlvdIfEDW40YYYNTiBBxxVBkKHGDU6scYYZdCTBhBkxlSFDG2cQ8YUMYhDhxBN_lVEEDlCsBAceZyzBhB424TFFDE9YQYMeRN7QwhBFyBBHDlUccYMecsiQhxp6kJFDFlmISQUNX5xRRRJESFFFGl_B0UZmD71hJ54ikFFcRr65YV4dcoTBBkGG0oHGHG8QOkYZw7Gh1ldjmLfQFjPE0AVacgDFEFph5NHGG2TQBcNmmOkAgwtvPSSHHY41JFsddOogQhlNmYEDdzMgNQZOKNXAXAs5iHGDlTX8VR4ZM3A1g1RfpeGYCEO54JYL0bnQEA1fyfGFtBlVe222235VRxgZNfGGHmmwwUYYL9TAKggoXJGGG37eMQcITlABAnOs7gCCvW5wJDAeBoPwKkNNsZoCCEeUMcYab7wAGnPOxQCCEWnIUQaHeCzXMAyUeirCj18Z-MUYJqP8EBsmF-HEVwfZ8YXHbFBUw7E4dIVDc66e4RlqNdT1UM1fiCEHXTgcXYbNo5aKWlJwkSHHGwsJ9oZCfXH6Bh55LESDqx_Xdltuu_XmgqB0EGooomwoyqijkI4hqRgvfHVHRjF0R_JDaPD9HLd5vZrR1XSYZ2ALdbiRBh0tPOcCGWP0TbPJB31BueUW3cmQDTc0ZMPONnW-0-eh1zD6DTbNUDpYN5eh1xeWoi466YKFIQZffX7sU9x1wrzQqSKMcRoMfSgQEA%3D%3D&s=b0682748eafbf17ec26a0ace46a7a60f229b3252d34ecb8e5c4b5fc29041222c1671565793&w=t&r=1&d=465&priv=false
IP 94.130.164.161:0
ASN #24940 Hetzner Online GmbH
File type ASCII text, with no line terminators
Hash 0959ba36d476b6dc1994ba3c678b07c4
d30b94da72daa02766965206a85b7e0356375f5e
897410b87e27e3dfba3a7d6caab315a5e69cc941bb96d91fc74878a9b051843a
GET /api/v1/p/p.js?p=APeIQFMmDJkycuaI0BGjBgsRYcbQWRjjIZ0zC0XcsEEjR40ZNcS0iBFDzJgWNEjiaCEmjA0yLQziiBEmxwwaYjzKEPEwTJ0xGc3kaFhSTI0WODjmQAmjRhmkOMbAxJGjDI0yMW6IETODI0-IZOwstJHDhoyHcOqIoSgjB4yKEOHAWYjjBo0ZD-fAmaiDBgyyf_GKaKOXr1_ANmw8HNNmro4ZMG7MkHGjJxkzCyk_FOPGTWYZMJLmODvYDUYdlLvmQNvG9NgaKR_WiZERDR06cOboePEijAuDdEy7GPOmzYszZei8iAHjLQwZNGT8oJOmTZkeDUd3lCEDR13KXOo0l2EjDJ0xPSBLBi_-eXk4YnooqTJFSRI0NNCsaSOECRI4SpyBnBE0vSFHDVHcYYYdMbhRxRhMyCGHGWVY4UQSOTQhhRlvdIfEDW40YYYNTiBBxxVBkKHGDU6scYYZdCTBhBkxlSFDG2cQ8YUMYhDhxBN_lVEEDlCsBAceZyzBhB424TFFDE9YQYMeRN7QwhBFyBBHDlUccYMecsiQhxp6kJFDFlmISQUNX5xRRRJESFFFGl_B0UZmD71hJ54ikFFcRr65YV4dcoTBBkGG0oHGHG8QOkYZw7Gh1ldjmLfQFjPE0AVacgDFEFph5NHGG2TQBcNmmOkAgwtvPSSHHY41JFsddOogQhlNmYEDdzMgNQZOKNXAXAs5iHGDlTX8VR4ZM3A1g1RfpeGYCEO54JYL0bnQEA1fyfGFtBlVe222235VRxgZNfGGHmmwwUYYL9TAKggoXJGGG37eMQcITlABAnOs7gCCvW5wJDAeBoPwKkNNsZoCCEeUMcYab7wAGnPOxQCCEWnIUQaHeCzXMAyUeirCj18Z-MUYJqP8EBsmF-HEVwfZ8YXHbFBUw7E4dIVDc66e4RlqNdT1UM1fiCEHXTgcXYbNo5aKWlJwkSHHGwsJ9oZCfXH6Bh55LESDqx_Xdltuu_XmgqB0EGooomwoyqijkI4hqRgvfHVHRjF0R_JDaPD9HLd5vZrR1XSYZ2ALdbiRBh0tPOcCGWP0TbPJB31BueUW3cmQDTc0ZMPONnW-0-eh1zD6DTbNUDpYN5eh1xeWoi466YKFIQZffX7sU9x1wrzQqSKMcRoMfSgQEA%3D%3D&s=b0682748eafbf17ec26a0ace46a7a60f229b3252d34ecb8e5c4b5fc29041222c1671565793&w=t&r=1&d=465&priv=false HTTP/1.1
Host: pxl.tsyndicate.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://a.naturalhealthsource.club/
Cookie: ts_uid=e05f8223-8c4b-4510-9b77-5066ad3b33cd
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 20 Dec 2022 19:49:54 GMT
content-type: text/plain; charset=utf-8
content-length: 24
x-robots-tag: noindex, nofollow
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 279 B IP 93.184.220.29:0
Hash f9d2065802d04346e22f051de494cee5
bc070b13b9d0eaa3136745e12ab4e6919c4ab688
6b94c88f735536d288166efdeeb583fed5b20c1c72346aeabb544d4c25c15249
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4164
Cache-Control: max-age=127254
Content-Type: application/ocsp-response
Date: Tue, 20 Dec 2022 19:49:54 GMT
Etag: "63a14fb4-117"
Expires: Thu, 22 Dec 2022 07:10:48 GMT
Last-Modified: Tue, 20 Dec 2022 06:01:24 GMT
Server: ECS (ska/F714)
X-Cache: HIT
Content-Length: 279
poweredby.jads.co/adshow.php?adzone=969388
185.94.237.101200 OK 1.5 kB URL HTTP/1.1 poweredby.jads.co/adshow.php?adzone=969388
IP 185.94.237.101:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with very long lines (401), with CRLF, LF line terminators
Hash 6d8eabec0a0da901a7d84bf6ad6850f0
afcef435b475e17a5281328d5ec059f453fdd36e
5e48ce700fdf0bfde713036d6e4145b61f2c2b2a35f5c53680afb787e57949cd
GET /adshow.php?adzone=969388 HTTP/1.1
Host: poweredby.jads.co
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://media.aso1.net/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Tue, 20 Dec 2022 19:49:54 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: close
X-Powered-By: PHP/5.6.40
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CUR OUR IND STA"
Set-Cookie: surferid=40972b9b9a3d00b4c3a4d3549e973002; expires=Wed, 20-Dec-2023 19:49:53 GMT; Max-Age=31536000; path=/; SameSite=None; Secure; domain=.jads.co
imps61=1; expires=Wed, 21-Dec-2022 19:49:54 GMT; Max-Age=86400; path=/; SameSite=None; Secure; domain=.jads.co
juicy_data_1=YToxOntpOjExOTY5NDI7aToxNjcxODI0OTkzO30%3D; expires=Fri, 23-Dec-2022 19:49:53 GMT; Max-Age=259199; path=/; SameSite=None; Secure; domain=jads.co
juicy_data=YToxOntzOjEyOiJqdWljeV9kYXRhXzEiO3M6MToiMSI7fQ%3D%3D; expires=Fri, 23-Dec-2022 19:49:53 GMT; Max-Age=259199; path=/; SameSite=None; Secure; domain=jads.co
Content-Encoding: gzip
static-assets.highwebmedia.com/CACHE/css/output.ef7436bc2788.css
104.16.93.42200 OK 31 kB URL HTTP/2 static-assets.highwebmedia.com/CACHE/css/output.ef7436bc2788.css
IP 104.16.93.42:0
File type ASCII text, with very long lines (24522), with no line terminators
Hash 54dff9205f86869d704f7c909f2331a8
d9524821014aa608fdcd842f941ce1446e9ba1e6
b0da95a046da92d9513ab458377c6e88185a0748ddcacf4466f29fbaa9bdf38d
GET /CACHE/css/output.ef7436bc2788.css HTTP/1.1
Host: static-assets.highwebmedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://chaturbate.com/
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Tue, 20 Dec 2022 19:49:54 GMT
content-type: text/css
cache-control: public, max-age=2592000
cf-bgj: minify
cf-polished: origSize=29618
etag: W/"ade681e2fa92be6f93f43294ddc58941"
last-modified: Thu, 17 Nov 2022 16:34:23 GMT
x-amz-id-2: azvjfLhsZQz0cag4muV1nCoqw4kMQf5PSauhF7VXnYrO6hWxTMgQHmT8X4/+31fVT28kfu+Uu6Q=
x-amz-meta-s3cmd-attrs: md5:ade681e2fa92be6f93f43294ddc58941
x-amz-request-id: X33R15MJ639RYB32
cf-cache-status: HIT
age: 270799
expires: Thu, 19 Jan 2023 19:49:54 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=58jAq8B%2FLAMgbFt0%2BkCPAmuKv1RPvL3e63ZsLz%2FUR5CVsPMpTnyJOQ%2B7fAyepo6vtN6adjpG0%2Fg4vtRWf4j4xtkOMyRGp5jtLhzHFXgTTf7qiKZPlBXDbGRfMlXhcq6jkM1oKjddJOC229mie81Mrg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
set-cookie: _cfuvid=UlHKy3F4KIJVixLU6KA8uJ4beJzp_cdF3PbX03bHxUo-1671565794219-0-604800000; path=/; domain=.highwebmedia.com; HttpOnly; Secure; SameSite=None
server: cloudflare
cf-ray: 77cae765c9011c12-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
mc.yandex.ru/watch/49415098?page-url=https%3A%2F%2Fxfantazy.com%2Fvideo%2F62b0468413dbbc05e42a40cf&charset=utf-8&hittoken=1671565789_ab9e7a08f4f94617bd4389f9b32e2420f6fa721a266e776f19de9fc30ac06a90&browser-info=pv%3A1%3Aar%3A1%3Avf%3A14qzoz81s4a176hik6jd9j%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A951%3Acn%3A1%3Adp%3A0%3Als%3A594744706275%3Ahid%3A523738448%3Az%3A0%3Ai%3A20221220194958%3Aet%3A1671565799%3Ac%3A1%3Arn%3A2940018%3Arqn%3A8%3Au%3A1671565797558804053%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Aco%3A0%3Aeu%3A1%3Ans%3A1671565794371%3Aadb%3A2%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1671565799%3At%3ALoverachelle2%20-%20Solo%2C%20Big%20Ass%2C%20%2C%20Big%20Butt%2C%20Girl%20(Full%20HD)%20-%20XFantazy.com&t=gdpr(14)mc(p-6)clc(0-0-0)rqnt(8)aw(1)ecs(1)fip(1)ti(2)
93.158.134.119302 Found 279 B URL HTTP/2 mc.yandex.ru/watch/49415098?page-url=https%3A%2F%2Fxfantazy.com%2Fvideo%2F62b0468413dbbc05e42a40cf&charset=utf-8&hittoken=1671565789_ab9e7a08f4f94617bd4389f9b32e2420f6fa721a266e776f19de9fc30ac06a90&browser-info=pv%3A1%3Aar%3A1%3Avf%3A14qzoz81s4a176hik6jd9j%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A951%3Acn%3A1%3Adp%3A0%3Als%3A594744706275%3Ahid%3A523738448%3Az%3A0%3Ai%3A20221220194958%3Aet%3A1671565799%3Ac%3A1%3Arn%3A2940018%3Arqn%3A8%3Au%3A1671565797558804053%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Aco%3A0%3Aeu%3A1%3Ans%3A1671565794371%3Aadb%3A2%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1671565799%3At%3ALoverachelle2%20-%20Solo%2C%20Big%20Ass%2C%20%2C%20Big%20Butt%2C%20Girl%20(Full%20HD)%20-%20XFantazy.com&t=gdpr(14)mc(p-6)clc(0-0-0)rqnt(8)aw(1)ecs(1)fip(1)ti(2)
IP 93.158.134.119:0
Hash f9d2065802d04346e22f051de494cee5
bc070b13b9d0eaa3136745e12ab4e6919c4ab688
6b94c88f735536d288166efdeeb583fed5b20c1c72346aeabb544d4c25c15249
GET /watch/49415098?page-url=https%3A%2F%2Fxfantazy.com%2Fvideo%2F62b0468413dbbc05e42a40cf&charset=utf-8&hittoken=1671565789_ab9e7a08f4f94617bd4389f9b32e2420f6fa721a266e776f19de9fc30ac06a90&browser-info=pv%3A1%3Aar%3A1%3Avf%3A14qzoz81s4a176hik6jd9j%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A951%3Acn%3A1%3Adp%3A0%3Als%3A594744706275%3Ahid%3A523738448%3Az%3A0%3Ai%3A20221220194958%3Aet%3A1671565799%3Ac%3A1%3Arn%3A2940018%3Arqn%3A8%3Au%3A1671565797558804053%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Aco%3A0%3Aeu%3A1%3Ans%3A1671565794371%3Aadb%3A2%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1671565799%3At%3ALoverachelle2%20-%20Solo%2C%20Big%20Ass%2C%20%2C%20Big%20Butt%2C%20Girl%20(Full%20HD)%20-%20XFantazy.com&t=gdpr(14)mc(p-6)clc(0-0-0)rqnt(8)aw(1)ecs(1)fip(1)ti(2) HTTP/1.1
Host: mc.yandex.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://xfantazy.com
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 302 Found
location: /watch/49415098/1?page-url=https%3A%2F%2Fxfantazy.com%2Fvideo%2F62b0468413dbbc05e42a40cf&charset=utf-8&hittoken=1671565789_ab9e7a08f4f94617bd4389f9b32e2420f6fa721a266e776f19de9fc30ac06a90&browser-info=pv%3A1%3Aar%3A1%3Avf%3A14qzoz81s4a176hik6jd9j%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A951%3Acn%3A1%3Adp%3A0%3Als%3A594744706275%3Ahid%3A523738448%3Az%3A0%3Ai%3A20221220194958%3Aet%3A1671565799%3Ac%3A1%3Arn%3A2940018%3Arqn%3A8%3Au%3A1671565797558804053%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Aco%3A0%3Aeu%3A1%3Ans%3A1671565794371%3Aadb%3A2%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1671565799%3At%3ALoverachelle2%20-%20Solo%2C%20Big%20Ass%2C%20%2C%20Big%20Butt%2C%20Girl%20%28Full%20HD%29%20-%20XFantazy.com&t=gdpr%2814%29mc%28p-6%29clc%280-0-0%29rqnt%288%29aw%281%29ecs%281%29fip%281%29ti%282%29
date: Tue, 20 Dec 2022 19:49:51 GMT
access-control-allow-origin: https://xfantazy.com
set-cookie: yabs-sid=1755015411671565791; Path=/; SameSite=None; Secure
i=/gzbjbwIE0IQCbb/EOowcgws/m3M64rxtkxsJ2N1a4aYOYMjfN+HBa0C+Sj0biPwhBR/CF9Rnk0Hg7SoDmwSup/GcnQ=; Expires=Fri, 17-Dec-2032 19:49:48 GMT; Domain=.yandex.ru; Path=/; Secure; HttpOnly; SameSite=None
yandexuid=3479515681671565791; Expires=Wed, 20-Dec-2023 19:49:51 GMT; Domain=.yandex.ru; Path=/; SameSite=None; Secure
yuidss=3479515681671565791; Expires=Wed, 20-Dec-2023 19:49:51 GMT; Domain=.yandex.ru; Path=/; SameSite=None; Secure
ymex=1703101791.yc.1671565791#1703101791.yrts.1671565791#1703101791.yrtsi.1671565791; Expires=Wed, 20-Dec-2023 19:49:51 GMT; Domain=.yandex.ru; Path=/; SameSite=None; Secure
access-control-allow-credentials: true
pragma: no-cache
x-xss-protection: 1; mode=block
expires: Tue, 20-Dec-2022 19:49:51 GMT
last-modified: Tue, 20-Dec-2022 19:49:51 GMT
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
js-agent.newrelic.com/552.2d6a2503-1220.js
151.101.66.137200 OK 5.9 kB URL HTTP/2 js-agent.newrelic.com/552.2d6a2503-1220.js
IP 151.101.66.137:0
File type ASCII text, with very long lines (21423)
Hash 097ef34c5f5d635a147bca3721bd605b
3b31ef3cfb1d62d9884d631ec2467b9d6b0d46e2
3e05d4e42c1e87b516b525574b20d2570dccc50d1bd1b2956d6421699aa19914
GET /552.2d6a2503-1220.js HTTP/1.1
Host: js-agent.newrelic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://chaturbate.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: Lx7LUNyC193WWpSv5hW/L7UEeNSlDwufm33KpA2sv5a1ht8efI/6s62/R2OVbNZKkoG/gUHXaFI=
x-amz-request-id: VK0V8BCV38T7WVVS
last-modified: Wed, 05 Oct 2022 14:53:43 GMT
etag: "777ac0df4dba632ad1b2955c88dd51ac"
x-amz-version-id: 7EjqUQ3uiXAFqO0VnIOp2ymSTJq3JZwD
content-type: application/javascript
server: AmazonS3
access-control-allow-origin: *
cache-control: public, max-age=7200, stale-if-error=604800
content-encoding: gzip
accept-ranges: bytes
date: Tue, 20 Dec 2022 19:49:54 GMT
via: 1.1 varnish
x-served-by: cache-bma1658-BMA
x-cache: HIT
x-cache-hits: 3008
x-timer: S1671565795.592586,VS0,VE0
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
content-length: 5890
X-Firefox-Spdy: h2
js-agent.newrelic.com/768.2d6a2503-1220.js
151.101.66.137200 OK 4.5 kB URL HTTP/2 js-agent.newrelic.com/768.2d6a2503-1220.js
IP 151.101.66.137:0
Hash 21d89f86b4fd4910b2a16fa2dd723321
31b836442aeba6a747e0d2656f119141acc3674e
aecb0230c59089ecec1c1093202e7fdfc85b2aca918bb4fb03e411862c44cd7c
GET /768.2d6a2503-1220.js HTTP/1.1
Host: js-agent.newrelic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://chaturbate.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
x-amz-id-2: YghQGw//W98CcE+uLEc2bIpyY1zfBy1cvSl3ZbHItGIBbBbjBYrgjjDhKdNnyagoNGaVfLpI2xM=
x-amz-request-id: VK0XNZM280HMN60Q
last-modified: Wed, 05 Oct 2022 14:53:42 GMT
etag: "d6cc8b42eda6fd7734014b03b87b5787"
x-amz-version-id: 0CJw6LdyBdZcjhOiVrtC0pLcOFtA3d5G
content-type: application/javascript
server: AmazonS3
access-control-allow-origin: *
cache-control: public, max-age=7200, stale-if-error=604800
content-encoding: gzip
accept-ranges: bytes
date: Tue, 20 Dec 2022 19:49:54 GMT
via: 1.1 varnish
x-served-by: cache-bma1658-BMA
x-cache: HIT
x-cache-hits: 3018
x-timer: S1671565795.692377,VS0,VE0
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
content-length: 2225
X-Firefox-Spdy: h2
js-agent.newrelic.com/790.2d6a2503-1220.js
151.101.66.137200 OK 6.1 kB URL HTTP/2 js-agent.newrelic.com/790.2d6a2503-1220.js
IP 151.101.66.137:0
File type ASCII text, with very long lines (17591)
Hash b3193d37837e2f200e10db13deff83a9
d8577b8a972583e81cfd8e31436dcd039aa049b2
5ba2e421fa78af3094294f4f8e30ba63225537da3ad68e35fbab63b2d22a0288
GET /790.2d6a2503-1220.js HTTP/1.1
Host: js-agent.newrelic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://chaturbate.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
x-amz-id-2: veWtlyFq4FXZZ3C91QZ1ydEfJVdBNkWk12lPeQHXsOtJd4oL/94W2O+vIrequr5Q4TsFmN49oJA=
x-amz-request-id: VK0VJC72617ZJQFB
last-modified: Wed, 05 Oct 2022 14:53:43 GMT
etag: "af8c077a247e90dff929d7af81c94f57"
x-amz-version-id: TFyNie.wEelbO4xbna5bJ14MRDIkKCak
content-type: application/javascript
server: AmazonS3
access-control-allow-origin: *
cache-control: public, max-age=7200, stale-if-error=604800
content-encoding: gzip
accept-ranges: bytes
date: Tue, 20 Dec 2022 19:49:54 GMT
via: 1.1 varnish
x-served-by: cache-bma1658-BMA
x-cache: HIT
x-cache-hits: 1105
x-timer: S1671565795.721380,VS0,VE0
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
content-length: 6064
X-Firefox-Spdy: h2
js-agent.newrelic.com/290.2d6a2503-1220.js
151.101.66.137200 OK 3.4 kB URL HTTP/2 js-agent.newrelic.com/290.2d6a2503-1220.js
IP 151.101.66.137:0
File type ASCII text, with very long lines (8544)
Hash b9baa2cb6a3b1a3d0fda03cd7db51631
42d37467e05182e3cab2fcb54577dc462adcf50b
31a8b4d47298cae24c66e37256a51474ae88a745fdfec79f99b2d43608e6d822
GET /290.2d6a2503-1220.js HTTP/1.1
Host: js-agent.newrelic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://chaturbate.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
x-amz-id-2: fhmr6WetDM+g2i2QlvVMRpxUR5FtkKdG9L63CCQ3CSWsvtR6j++f9vvc73sttpIYqURa2xyYTRk=
x-amz-request-id: VK0ZFWF8T6343F8V
last-modified: Wed, 05 Oct 2022 14:53:42 GMT
etag: "13898fbb4d7a1f83fc6722c4c12faf40"
x-amz-version-id: C4hj6k9j4I7xXuTBZvcbX78Bf.Ep8KMk
content-type: application/javascript
server: AmazonS3
access-control-allow-origin: *
cache-control: public, max-age=7200, stale-if-error=604800
content-encoding: gzip
accept-ranges: bytes
date: Tue, 20 Dec 2022 19:49:54 GMT
via: 1.1 varnish
x-served-by: cache-bma1658-BMA
x-cache: HIT
x-cache-hits: 3022
x-timer: S1671565795.721883,VS0,VE0
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
content-length: 3424
X-Firefox-Spdy: h2
js-agent.newrelic.com/368.2d6a2503-1220.js
151.101.66.137200 OK 1.4 kB URL HTTP/2 js-agent.newrelic.com/368.2d6a2503-1220.js
IP 151.101.66.137:0
File type ASCII text, with very long lines (3382)
Hash fa50a55750d1d0978fca32be5dbc3988
a7f447621d48b3ecf7fc0192b515d506d3d1ad18
c621038fb07e536af8a1ec6d260853dfe69055dc2fb526700919c53b3b7e5f20
GET /368.2d6a2503-1220.js HTTP/1.1
Host: js-agent.newrelic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://chaturbate.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
x-amz-id-2: kwoAxcBtx2IMbi3IHVdur3TxF/StXF2YgQ/J5F/J0LqxQRcevbbS10v8PBtCq89jFlCdbzEZt0Y=
x-amz-request-id: VK0S7FDBAB0EX9VY
last-modified: Wed, 05 Oct 2022 14:53:42 GMT
etag: "16b4f3676c3859e1378a2ccdebbad675"
x-amz-version-id: zC.KoTaM7bjdFj.W4KQMilxtjXXSNPks
content-type: application/javascript
server: AmazonS3
access-control-allow-origin: *
cache-control: public, max-age=7200, stale-if-error=604800
content-encoding: gzip
accept-ranges: bytes
date: Tue, 20 Dec 2022 19:49:54 GMT
via: 1.1 varnish
x-served-by: cache-bma1658-BMA
x-cache: HIT
x-cache-hits: 3014
x-timer: S1671565795.722050,VS0,VE0
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
content-length: 1443
X-Firefox-Spdy: h2
js-agent.newrelic.com/775.2d6a2503-1220.js
151.101.66.137200 OK 632 B URL HTTP/2 js-agent.newrelic.com/775.2d6a2503-1220.js
IP 151.101.66.137:0
File type ASCII text, with very long lines (1169)
Hash 661520fd0dfebb919d68a69b60ca426f
b85ef80a0e0d95bf4904f9ce4fad56c49ae035be
ecd489671c6255fee8370fc1f8f4e99519ef8d4c4c0ab06640b0c021642e1db7
GET /775.2d6a2503-1220.js HTTP/1.1
Host: js-agent.newrelic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://chaturbate.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
x-amz-id-2: n5W3M8HU3EdwDhPARC2iiAf1as95kdLfrN2+qdL0W35SMVzIqjIlMR9W7ck8oTAzeIw6lrJi5fM=
x-amz-request-id: VK0MRM6MJ78HXF3Y
last-modified: Wed, 05 Oct 2022 14:53:42 GMT
etag: "1dfdb74c0491489bf04c6deadb56add2"
x-amz-version-id: y1AQ2bnjUbwuFOuSS5MP1vew1dGw.1iz
content-type: application/javascript
server: AmazonS3
access-control-allow-origin: *
cache-control: public, max-age=7200, stale-if-error=604800
content-encoding: gzip
accept-ranges: bytes
date: Tue, 20 Dec 2022 19:49:54 GMT
via: 1.1 varnish
x-served-by: cache-bma1658-BMA
x-cache: HIT
x-cache-hits: 2998
x-timer: S1671565795.722279,VS0,VE0
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
content-length: 632
X-Firefox-Spdy: h2
js-agent.newrelic.com/39.2d6a2503-1220.js
151.101.66.137200 OK 2.8 kB URL HTTP/2 js-agent.newrelic.com/39.2d6a2503-1220.js
IP 151.101.66.137:0
File type ASCII text, with very long lines (7169)
Hash a0a406e7bdf3e14f047e46bcea27640c
c1fbc88d260f16a092c1b7b0e58e4291401478e8
2309d4e82574d5402ec3454a76051987336fe3b4e4d546f6565a3a443c6d4049
GET /39.2d6a2503-1220.js HTTP/1.1
Host: js-agent.newrelic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://chaturbate.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
x-amz-id-2: YVIhZ0s+kfqfyw3/OOPaabzaoXb/XwD4VELrgCLiMtI8cGCxgyDD6Y3bdLzWtK9lY7b2Y9dtVwM=
x-amz-request-id: VK0GJZ5NDAT42H61
last-modified: Wed, 05 Oct 2022 14:53:42 GMT
etag: "0448380a8f2cd0426bbdf04dd45b5408"
x-amz-version-id: rKoZQfJFmGD6aC9Xn3l7.fk4j9L96MM_
content-type: application/javascript
server: AmazonS3
access-control-allow-origin: *
cache-control: public, max-age=7200, stale-if-error=604800
content-encoding: gzip
accept-ranges: bytes
date: Tue, 20 Dec 2022 19:49:54 GMT
via: 1.1 varnish
x-served-by: cache-bma1658-BMA
x-cache: HIT
x-cache-hits: 1672
x-timer: S1671565795.722649,VS0,VE0
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
content-length: 2755
X-Firefox-Spdy: h2
js-agent.newrelic.com/0.2d6a2503-1220.js
151.101.66.137200 OK 19 kB URL HTTP/2 js-agent.newrelic.com/0.2d6a2503-1220.js
IP 151.101.66.137:0
Hash da6af8ca9b158294baff7551defcfe78
ac58317d03addb8f09e4ad7d9da9321a2f4bad41
2573c064245f874abaa6451147dd470f439b6c3da76c754cef2fa32696ca7808
GET /0.2d6a2503-1220.js HTTP/1.1
Host: js-agent.newrelic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://chaturbate.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
x-amz-id-2: yaLgSlI/o1YgPR64REKW7tJGngFFiymXOCq3qvC8FibvMh/NPjIov1s2Y43sA3Nk7dOb/Jeu8n0=
x-amz-request-id: VK0HGZZCMTDZKH5X
last-modified: Wed, 05 Oct 2022 14:53:42 GMT
etag: "cc9b3d207e9ea2c79974f46bf474e6dd"
x-amz-version-id: 5C7ygpPS6JvoVHQoGDIm5lCTgaPcqmFc
content-type: application/javascript
server: AmazonS3
access-control-allow-origin: *
cache-control: public, max-age=7200, stale-if-error=604800
content-encoding: gzip
accept-ranges: bytes
date: Tue, 20 Dec 2022 19:49:54 GMT
via: 1.1 varnish
x-served-by: cache-bma1658-BMA
x-cache: HIT
x-cache-hits: 1670
x-timer: S1671565795.729002,VS0,VE0
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
content-length: 2349
X-Firefox-Spdy: h2
js-agent.newrelic.com/571.2d6a2503-1220.js
151.101.66.137200 OK 1.1 kB URL HTTP/2 js-agent.newrelic.com/571.2d6a2503-1220.js
IP 151.101.66.137:0
File type ASCII text, with very long lines (2412)
Hash d392a55faa7a0a2a43781a495891c9aa
1998ba6f85354606c186fa1a29285676f0b596f0
33b4cb21373961aa88430ff72406d46e95ceddf50afc086598ea5bdc3a311815
GET /571.2d6a2503-1220.js HTTP/1.1
Host: js-agent.newrelic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://chaturbate.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
x-amz-id-2: Yb3onr5wgE7GyebmH4WnkKwnI2MQKfjQMqMso3BN0Y71/Vtt12keZBjkbAuB5UJTI/GRzVXSccI=
x-amz-request-id: VK0WTM9PM29FXD43
last-modified: Wed, 05 Oct 2022 14:53:42 GMT
etag: "04b00905b32fd8d29459545bc125cff6"
x-amz-version-id: ySPuP7kOqGri8HjzDqW2TYirQNYv9NMF
content-type: application/javascript
server: AmazonS3
access-control-allow-origin: *
cache-control: public, max-age=7200, stale-if-error=604800
content-encoding: gzip
accept-ranges: bytes
date: Tue, 20 Dec 2022 19:49:54 GMT
via: 1.1 varnish
x-served-by: cache-bma1658-BMA
x-cache: HIT
x-cache-hits: 1665
x-timer: S1671565795.734491,VS0,VE0
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
content-length: 1108
X-Firefox-Spdy: h2
js-agent.newrelic.com/820.2d6a2503-1220.js
151.101.66.137200 OK 3.0 kB URL HTTP/2 js-agent.newrelic.com/820.2d6a2503-1220.js
IP 151.101.66.137:0
File type ASCII text, with very long lines (7460)
Hash 7d1295a839190615b34d5a62acceee4f
eef26f5c6d2ae14cb81b3a9b669da224faceacd0
4d59d58f31b6638fbc3792a0b5fddca6e8eafc19a0c9e9aabadb5ad4d9197198
GET /820.2d6a2503-1220.js HTTP/1.1
Host: js-agent.newrelic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://chaturbate.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
x-amz-id-2: FgITvf3WklEMWkZwakon8gl0N9aTQ94pdNptn966xzqmGm/5HblQmQGcNcywcu4tvf5sbwoyl9E=
x-amz-request-id: VK0ZG74SYEQQ4TER
last-modified: Wed, 05 Oct 2022 14:53:42 GMT
etag: "897a1a72a47e4f4a24c05aec49af638f"
x-amz-version-id: P6j2S.7Iht6lmVHyZ_zkYmp136j6E8IA
content-type: application/javascript
server: AmazonS3
access-control-allow-origin: *
cache-control: public, max-age=7200, stale-if-error=604800
content-encoding: gzip
accept-ranges: bytes
date: Tue, 20 Dec 2022 19:49:54 GMT
via: 1.1 varnish
x-served-by: cache-bma1658-BMA
x-cache: HIT
x-cache-hits: 1674
x-timer: S1671565795.734728,VS0,VE0
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
content-length: 2979
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash aea9a73081348d55277e89fba6e312aa
c9045508a816b01224303bc9e58927ee9b08f999
f9b7cabb45c2ae849a861ba37ce2dc07012b2678cc58c81276539d84dacf012e
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6380
Cache-Control: max-age=102458
Content-Type: application/ocsp-response
Date: Tue, 20 Dec 2022 19:49:54 GMT
Etag: "63a0e630-1d7"
Expires: Thu, 22 Dec 2022 00:17:32 GMT
Last-Modified: Mon, 19 Dec 2022 22:31:12 GMT
Server: ECS (ska/F714)
X-Cache: HIT
Content-Length: 471
labsliver.com/winnotice?sid=H4sIAAAAAAAC%2F1RTz4scxRevCfl%2BIdGDih5EwTl4UJBJ9%2FzY7TGHYBITFuNmSSJ7lOqq6t3ndlc1Vd3Ts3taFcSTDIjgsfaz2V2iUcw9ovR6kT1lLrJg9m8ICoIHQWYyZvRB1fvxeYdPvfepT3bKExag5Mcr75otSlN%2BrtcKmq%2Btkpamcs3lW80waAXnm6ukF7rnm8PJZQdvhkGvFbzevKrEhjnXDsIgCIOweYWsSszw3BQF5Xf7YasftLrtVtjrYmg9XNmA4w3IwQl7DiTH%2F1v%2F%2BR5I1NDZd5eV2yhM%2FsbbWZnywlgM5MF7ekObSiObh4ltINEHs24YN2bsy1Mw%2BmDGGmZwe8IaMY1Z45cQsT6YUUM82HvMLk6hNGL5FKpBDZXWIF5DmI9B8gEDhMTydehsf9nYim8%2BRvkEHbPTf%2FwOqsbs9MPnobNvL6Y0bN40aVmQ0Q7DxIOGNWitRl4eothioOoQovgIJBl05kHST19NVIOSGqkagTuGcnKIoUwaKPMGMnnc5L1%2BEgSLSZx0OlFXCNHpCNGLFmRPdrpREqAUE1ojFPkIIh1B2G3kdhsbNIItPwO5GiX3oNwjd%2Fv9xbC%2F2IMSRxf%2BuvTFh%2F9%2F9SE4HTeDTrfTF2GyIMN%2B3I2Vkt12HHfjSPZ4JBYn0zy6cPXPl87k9VmkxKD40Q%2BP2NTgtIcu%2Fa625GHVEZvZrpXF0YUnXeseTjK4gmEgPSrFUDmGijNUxFAVDNXA78nUtZ3fl6kr43Dm2zPf8bumWPN7plhTmu3kJ%2BzZ6U5%2BE%2B9jQx03OyEPO9FCoKKoI6OoF0YqUm0VBt0k7Ml%2BG47%2BmQC5U%2BCugS0asxd%2BfYR8Ihf5OWJ%2BCJceQtAz4OXL4JUHX%2FfY0h7SfJPy2KU0ULYlTIa8OINis7GTnrAXp0TOP739n9kK65Fbjw%2FoJ4a19NPdG6Zit2%2BYyrF71%2FOCMtriE%2BHcLHihTn%2F1jtqsjJVLl93ozltiAkzCu7eUK65xLUmvOfb1RZJS2SvGCsW%2BX3KrKl4p3frF0uoyv7Zy6cpSllvlHBldg9OD%2FD4EjdnZ%2B9n0S7xyx4BsDVt6ZOWTXYFMDZFvw%2BXzmjMMNp3ncc5QlX7XtuN5caKGdL508NjD%2FSuP5%2FGO%2BxGOPArH%2FgYAAP%2F%2FAQAA%2F%2F8czmhrfAQAAA%3D%3D&ap=${AUCTION_PRICE}&l=3869824&sub3=1671565793&pid=91283&sub2=icon&auid=03439c1f6d19b4beed42bb4b8d5a8c70&icon=https://cdn.cloudimagesb.com/cti/34/74/d7/3474d78aff0bf2df5207c5e1bcb89147/1591703087.jpg
172.67.207.58307 Temporary Redirect 0 B URL HTTP/2 labsliver.com/winnotice?sid=H4sIAAAAAAAC%2F1RTz4scxRevCfl%2BIdGDih5EwTl4UJBJ9%2FzY7TGHYBITFuNmSSJ7lOqq6t3ndlc1Vd3Ts3taFcSTDIjgsfaz2V2iUcw9ovR6kT1lLrJg9m8ICoIHQWYyZvRB1fvxeYdPvfepT3bKExag5Mcr75otSlN%2BrtcKmq%2Btkpamcs3lW80waAXnm6ukF7rnm8PJZQdvhkGvFbzevKrEhjnXDsIgCIOweYWsSszw3BQF5Xf7YasftLrtVtjrYmg9XNmA4w3IwQl7DiTH%2F1v%2F%2BR5I1NDZd5eV2yhM%2FsbbWZnywlgM5MF7ekObSiObh4ltINEHs24YN2bsy1Mw%2BmDGGmZwe8IaMY1Z45cQsT6YUUM82HvMLk6hNGL5FKpBDZXWIF5DmI9B8gEDhMTydehsf9nYim8%2BRvkEHbPTf%2FwOqsbs9MPnobNvL6Y0bN40aVmQ0Q7DxIOGNWitRl4eothioOoQovgIJBl05kHST19NVIOSGqkagTuGcnKIoUwaKPMGMnnc5L1%2BEgSLSZx0OlFXCNHpCNGLFmRPdrpREqAUE1ojFPkIIh1B2G3kdhsbNIItPwO5GiX3oNwjd%2Fv9xbC%2F2IMSRxf%2BuvTFh%2F9%2F9SE4HTeDTrfTF2GyIMN%2B3I2Vkt12HHfjSPZ4JBYn0zy6cPXPl87k9VmkxKD40Q%2BP2NTgtIcu%2Fa625GHVEZvZrpXF0YUnXeseTjK4gmEgPSrFUDmGijNUxFAVDNXA78nUtZ3fl6kr43Dm2zPf8bumWPN7plhTmu3kJ%2BzZ6U5%2BE%2B9jQx03OyEPO9FCoKKoI6OoF0YqUm0VBt0k7Ml%2BG47%2BmQC5U%2BCugS0asxd%2BfYR8Ihf5OWJ%2BCJceQtAz4OXL4JUHX%2FfY0h7SfJPy2KU0ULYlTIa8OINis7GTnrAXp0TOP739n9kK65Fbjw%2FoJ4a19NPdG6Zit2%2BYyrF71%2FOCMtriE%2BHcLHihTn%2F1jtqsjJVLl93ozltiAkzCu7eUK65xLUmvOfb1RZJS2SvGCsW%2BX3KrKl4p3frF0uoyv7Zy6cpSllvlHBldg9OD%2FD4EjdnZ%2B9n0S7xyx4BsDVt6ZOWTXYFMDZFvw%2BXzmjMMNp3ncc5QlX7XtuN5caKGdL508NjD%2FSuP5%2FGO%2BxGOPArH%2FgYAAP%2F%2FAQAA%2F%2F8czmhrfAQAAA%3D%3D&ap=${AUCTION_PRICE}&l=3869824&sub3=1671565793&pid=91283&sub2=icon&auid=03439c1f6d19b4beed42bb4b8d5a8c70&icon=https://cdn.cloudimagesb.com/cti/34/74/d7/3474d78aff0bf2df5207c5e1bcb89147/1591703087.jpg
IP 172.67.207.58:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /winnotice?sid=H4sIAAAAAAAC%2F1RTz4scxRevCfl%2BIdGDih5EwTl4UJBJ9%2FzY7TGHYBITFuNmSSJ7lOqq6t3ndlc1Vd3Ts3taFcSTDIjgsfaz2V2iUcw9ovR6kT1lLrJg9m8ICoIHQWYyZvRB1fvxeYdPvfepT3bKExag5Mcr75otSlN%2BrtcKmq%2Btkpamcs3lW80waAXnm6ukF7rnm8PJZQdvhkGvFbzevKrEhjnXDsIgCIOweYWsSszw3BQF5Xf7YasftLrtVtjrYmg9XNmA4w3IwQl7DiTH%2F1v%2F%2BR5I1NDZd5eV2yhM%2FsbbWZnywlgM5MF7ekObSiObh4ltINEHs24YN2bsy1Mw%2BmDGGmZwe8IaMY1Z45cQsT6YUUM82HvMLk6hNGL5FKpBDZXWIF5DmI9B8gEDhMTydehsf9nYim8%2BRvkEHbPTf%2FwOqsbs9MPnobNvL6Y0bN40aVmQ0Q7DxIOGNWitRl4eothioOoQovgIJBl05kHST19NVIOSGqkagTuGcnKIoUwaKPMGMnnc5L1%2BEgSLSZx0OlFXCNHpCNGLFmRPdrpREqAUE1ojFPkIIh1B2G3kdhsbNIItPwO5GiX3oNwjd%2Fv9xbC%2F2IMSRxf%2BuvTFh%2F9%2F9SE4HTeDTrfTF2GyIMN%2B3I2Vkt12HHfjSPZ4JBYn0zy6cPXPl87k9VmkxKD40Q%2BP2NTgtIcu%2Fa625GHVEZvZrpXF0YUnXeseTjK4gmEgPSrFUDmGijNUxFAVDNXA78nUtZ3fl6kr43Dm2zPf8bumWPN7plhTmu3kJ%2BzZ6U5%2BE%2B9jQx03OyEPO9FCoKKoI6OoF0YqUm0VBt0k7Ml%2BG47%2BmQC5U%2BCugS0asxd%2BfYR8Ihf5OWJ%2BCJceQtAz4OXL4JUHX%2FfY0h7SfJPy2KU0ULYlTIa8OINis7GTnrAXp0TOP739n9kK65Fbjw%2FoJ4a19NPdG6Zit2%2BYyrF71%2FOCMtriE%2BHcLHihTn%2F1jtqsjJVLl93ozltiAkzCu7eUK65xLUmvOfb1RZJS2SvGCsW%2BX3KrKl4p3frF0uoyv7Zy6cpSllvlHBldg9OD%2FD4EjdnZ%2B9n0S7xyx4BsDVt6ZOWTXYFMDZFvw%2BXzmjMMNp3ncc5QlX7XtuN5caKGdL508NjD%2FSuP5%2FGO%2BxGOPArH%2FgYAAP%2F%2FAQAA%2F%2F8czmhrfAQAAA%3D%3D&ap=${AUCTION_PRICE}&l=3869824&sub3=1671565793&pid=91283&sub2=icon&auid=03439c1f6d19b4beed42bb4b8d5a8c70&icon=https://cdn.cloudimagesb.com/cti/34/74/d7/3474d78aff0bf2df5207c5e1bcb89147/1591703087.jpg HTTP/1.1
Host: labsliver.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 307 Temporary Redirect
date: Tue, 20 Dec 2022 19:49:55 GMT
content-length: 0
location: https://cdn.cloudimagesb.com/cti/34/74/d7/3474d78aff0bf2df5207c5e1bcb89147/1591703087.jpg
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
accept-ch: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
expires: Thu, 01 Jan 1970 00:00:01 GMT
cache-control: no-cache
x-request-id: 300c2fd44ebed1c114549fb9d0de28fe
strict-transport-security: max-age=0; includeSubdomains
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=RKDryFpGh6Ybj0gQ1iZphhZ%2Fk2q0B2NQrLU8hHJMJ%2BMNrXuYkxBoQxJcX5AQ4VyQnwNELQK%2BLqt%2FJB%2FaRf2cl2mf8sQOgRu5DWkP38KTGWV1d%2BCLLXP%2FcS7vyJoevzaZ"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 77cae7699f98b51b-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
i.jads.co/network/user1037/1-1619547644-0086772001619547644.jpg
69.16.175.10200 OK 77 B URL HTTP/2 i.jads.co/network/user1037/1-1619547644-0086772001619547644.jpg
IP 69.16.175.10:0
File type gzip compressed data, from Unix\012- data
Hash f1442f5831dbbe0210da2d7a4180d6b8
2ade23c6c7a001c66f0c0a9a101ec152747b434e
c6acf9fb2ecc1b144c51bd0337bbf1c26db3df2f649ac2da5c56db20d93eb3ef
GET /network/user1037/1-1619547644-0086772001619547644.jpg HTTP/1.1
Host: i.jads.co
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://poweredby.jads.co/
Cookie: surferid=40972b9b9a3d00b4c3a4d3549e973002; imps61=1; juicy_data_1=YToxOntpOjExOTY5NDI7aToxNjcxODI0OTkzO30%3D; juicy_data=YToxOntzOjEyOiJqdWljeV9kYXRhXzEiO3M6MToiMSI7fQ%3D%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
HTTP/2 200 OK
date: Tue, 20 Dec 2022 19:49:54 GMT
etag: "1619547644"
cache-control: max-age=11076224
content-length: 111168
content-type: image/jpeg
last-modified: Tue, 27 Apr 2021 18:20:44 GMT
accept-ranges: bytes
x-sp-metadata: HS256.CPK/iJ0GEocBCiQ2OTE4MDdmMy1mNjgyLTQ0MjItYmQwNC0wODI0NjU1ZjM2MzYQ8LqN8Z697wIaBgjio4idBiIMOTEuOTAuNDIuMTU0KMSWATADOARCFlRMU19BRVNfMTI4X0dDTV9TSEEyNTZaIGM3ZDJiNGM0ODRhNDEzZTE5MWRlNmFjZmYyZGIyMDA5GiwIARIkMzc3MThjNmQtMDQwOS00NjM0LWEyNmEtNDNkNGRjNmUyNDMzGMDkBiIYCAISFGNkczIyOS5zazEuaHdjZG4ubmV0.PEjQE+imz3J9hO5Cx0IcSfxYirtgjMBeKqPf33j3ewE=
x-hw: 1671565794.dop230.sk1.t,1671565794.cds264.sk1.hn,1671565794.cds229.sk1.c
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash ab0a93bbc87b59f90512473dbdca6cc5
4b8924c9b41bcedb94a18330989c5324abd2092a
41fa5aecf990aa564c5be814aae91e38e552b9b3326a175343c09da1e956288f
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "41FA5AECF990AA564C5BE814AAE91E38E552B9B3326A175343C09DA1E956288F"
Last-Modified: Tue, 20 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8706
Expires: Tue, 20 Dec 2022 22:15:01 GMT
Date: Tue, 20 Dec 2022 19:49:55 GMT
Connection: keep-alive
cdn.cloudimagesb.com/cti/34/74/d7/3474d78aff0bf2df5207c5e1bcb89147/1591703087.jpg
45.133.44.10200 OK 33 kB URL HTTP/2 cdn.cloudimagesb.com/cti/34/74/d7/3474d78aff0bf2df5207c5e1bcb89147/1591703087.jpg
IP 45.133.44.10:0
ASN #39572 DataWeb Global Group B.V.
File type JPEG image data, Exif standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop CC 2019 (Windows), datetime=2020:05:18 19:19:17], baseline, precision 8, 200x200, components 3\012- data
Hash 70cf8250da1a25a7b445231428af7828
a849d338423d2919949340838c768bba90b9081c
b7060bc46dc459a00d4124523a26f0cbf31fba31d41fccae9f82bedaf22c1186
GET /cti/34/74/d7/3474d78aff0bf2df5207c5e1bcb89147/1591703087.jpg HTTP/1.1
Host: cdn.cloudimagesb.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Tue, 20 Dec 2022 19:49:55 GMT
content-type: image/jpeg
content-length: 33103
server: nginx/1.17.6
last-modified: Tue, 09 Jun 2020 11:44:50 GMT
etag: "5edf7632-814f"
expires: Thu, 22 Dec 2022 19:49:55 GMT
cache-control: max-age=172800
x-proxy-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
bam.nr-data.net/events/1/6f524845d1?a=24279235&v=1220.PROD&to=MwYEbUdYXxJQWhULDApMIExbWkUIXldOFgwRERUXQ1BUFkIDFQ0WFlA%3D&rst=1519&ck=0&s=95aa0a5843255425&ref=https://chaturbate.com/tours/3/
162.247.241.14200 OK 24 B URL HTTP/1.1 bam.nr-data.net/events/1/6f524845d1?a=24279235&v=1220.PROD&to=MwYEbUdYXxJQWhULDApMIExbWkUIXldOFgwRERUXQ1BUFkIDFQ0WFlA%3D&rst=1519&ck=0&s=95aa0a5843255425&ref=https://chaturbate.com/tours/3/
IP 162.247.241.14:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash bc32ed98d624acb4008f986349a20d26
2d3df8c11d2168ce2c27e0937421d11d85016361
0c9cf152a0ad00d4f102c93c613c104914be5517ac8f8e0831727f8bfbe8b300
POST /events/1/6f524845d1?a=24279235&v=1220.PROD&to=MwYEbUdYXxJQWhULDApMIExbWkUIXldOFgwRERUXQ1BUFkIDFQ0WFlA%3D&rst=1519&ck=0&s=95aa0a5843255425&ref=https://chaturbate.com/tours/3/ HTTP/1.1
Host: bam.nr-data.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://chaturbate.com/
content-type: text/plain
Content-Length: 1679
Origin: https://chaturbate.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Date: Tue, 20 Dec 2022 19:49:55 GMT
Content-Type: image/gif
Content-Length: 24
Connection: keep-alive
CF-Ray: 77cae76b5d5d0b39-OSL
Access-Control-Allow-Origin: https://chaturbate.com
CF-Cache-Status: DYNAMIC
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, PUT, HEAD, OPTIONS
Vary: Accept-Encoding
Server: cloudflare
static-assets.highwebmedia.com/CACHE/js/output.6f6724a00cb8.js
104.16.93.42200 OK 0 B URL HTTP/2 static-assets.highwebmedia.com/CACHE/js/output.6f6724a00cb8.js
IP 104.16.93.42:0
GET /CACHE/js/output.6f6724a00cb8.js HTTP/1.1
Host: static-assets.highwebmedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://chaturbate.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Tue, 20 Dec 2022 19:49:54 GMT
content-type: application/javascript
cache-control: public, max-age=2592000
cf-bgj: minify
etag: W/"a708027bfbbde438a72a93082d4bc4b5"
last-modified: Thu, 24 Jun 2021 21:24:05 GMT
x-amz-id-2: JSy2VAlm3gAahvlCm5/iqNOQuasckcIrq13CGup8iDmNjJ/I2mSXsAw6q4OzSeK3RH88h3oFZ3U=
x-amz-meta-s3cmd-attrs: md5:a708027bfbbde438a72a93082d4bc4b5
x-amz-request-id: 2D5V5B3Y2TWH6PZC
cf-cache-status: HIT
age: 339750
expires: Thu, 19 Jan 2023 19:49:54 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=IRA5Egiw%2Fz0MqdaXPaSBtw%2F4vlAYa5FAkY%2B6ZSHBMjYaKTZq%2F6wPitqjvKLKwflk9uBAhWkiiccv9ahfbzGJS8VsqM4UCLKro3rs4tYIv919ccZn%2BXDC3JxzG9eQLFXMF8f0CUnPkHxmwoJ4%2FpyKmQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
set-cookie: _cfuvid=4n2MULEwjYB7paDC6VxtLEw.SxJcnVULzuSXTJZC5DA-1671565794221-0-604800000; path=/; domain=.highwebmedia.com; HttpOnly; Secure; SameSite=None
server: cloudflare
cf-ray: 77cae765d9071c12-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
a.naturalhealthsource.club/api/spots/312874?p=1&s1=%subid1%&kw=
135.181.208.216200 OK 0 B URL HTTP/2 a.naturalhealthsource.club/api/spots/312874?p=1&s1=%subid1%&kw=
IP 135.181.208.216:0
ASN #24940 Hetzner Online GmbH
GET /api/spots/312874?p=1&s1=%subid1%&kw= HTTP/1.1
Host: a.naturalhealthsource.club
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Cookie: nauid=KKqVNswtrJnOI8zEHm35
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 20 Dec 2022 19:49:52 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
cache-control: private
content-encoding: gzip
X-Firefox-Spdy: h2
xfantazy.com/_next/static/chunks/59.edff5ae0d8d83054b552.js
172.64.162.22200 OK 0 B URL HTTP/2 xfantazy.com/_next/static/chunks/59.edff5ae0d8d83054b552.js
IP 172.64.162.22:0
GET /_next/static/chunks/59.edff5ae0d8d83054b552.js HTTP/1.1
Host: xfantazy.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/video/62b0468413dbbc05e42a40cf
Cookie: visitorId=n911w4w633owt6udelmtyj; experiment-popup-payment-7=0; experiment-save-to-button-2=0
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Tue, 20 Dec 2022 19:49:48 GMT
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=31536000, immutable
cf-bgj: minify
etag: W/"c8b-18350162908"
last-modified: Sun, 18 Sep 2022 10:12:53 GMT
vary: Origin, Accept-Encoding
cf-cache-status: HIT
age: 1348044
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=z1A%2BxpdOJbxn2VpUYoEvgGb%2FdQsvYeJEwdt7As0fAOgmEP62MsOdOKEg9b3UtldfXwvRnOk2ZLsrTOVTUZnHktp2Ywmd3%2Famc48vHR0modVK8oCnr1bjdfW4r73xZFM%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 77cae73f68cb23e8-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
static.adxadserv.com/css/wm.css
185.76.9.24200 OK 0 B URL HTTP/2 static.adxadserv.com/css/wm.css
IP 185.76.9.24:0
ASN #60068 Datacamp Limited
GET /css/wm.css HTTP/1.1
Host: static.adxadserv.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ads.adxadserv.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
HTTP/2 200 OK
date: Tue, 20 Dec 2022 19:49:52 GMT
content-type: text/css
last-modified: Mon, 03 Aug 2020 09:41:06 GMT
etag: W/"5f27dbb2-711"
x-accel-expires: @1671966480
server: CDN77-Turbo
x-77-nzt: AblMCRSdMYn/0LQJAA
x-77-nzt-ray: af585630b01dc7b5e011a26360adab37
x-cache: HIT
x-age: 636112
x-77-pop: stockholmSE
x-77-cache: HIT
content-encoding: gzip
X-Firefox-Spdy: h2
chaturbate.com/tours/3/?tour=x1Rd&campaign=NcAyU&c=3&p=0&gender=f&disable_sound=0
104.18.101.40200 OK 0 B URL HTTP/2 chaturbate.com/tours/3/?tour=x1Rd&campaign=NcAyU&c=3&p=0&gender=f&disable_sound=0
IP 104.18.101.40:0
GET /tours/3/?tour=x1Rd&campaign=NcAyU&c=3&p=0&gender=f&disable_sound=0 HTTP/1.1
Host: chaturbate.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://cams.gratis/
Connection: keep-alive
Cookie: __cf_bm=xlDOfkF2w_RDhk3TGwAFJqNKMj5rmNnv2pIZubLXLxA-1671565793-0-Ae1r5h6Q00ub4m0pznyaKIyZuJNop3xPLa6svcL7dD3G1LRQK74AzMJIzOD5gXdh9azlWDGCXTZloYchjH6NuIM=
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Tue, 20 Dec 2022 19:49:54 GMT
content-type: text/html; charset=utf-8
vary: Accept-Encoding, Accept-Language, Cookie
p3p: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"
content-language: en
content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.mmcdn.com https://*.highwebmedia.com https://*.chaturbate.com https://chaturbate.com https://ajax.googleapis.com https://js-agent.newrelic.com https://cdnjs.cloudflare.com https://www.google-analytics.com https://www.google.com/recaptcha/ https://www.google.com/cv/ https://www.gstatic.com/recaptcha/ https://www.gstatic.com/cv/ https://www.gstatic.com/eureka/ https://www.gstatic.com/cast/ https://*.nr-data.net https://certify-js.alexametrics.com https://player.vimeo.com/api/player.js http://static.hotjar.com https://static.hotjar.com https://script.hotjar.com ; style-src 'self' data: 'unsafe-inline' https://*.highwebmedia.com https://cdnjs.cloudflare.com https://fonts.googleapis.com ; img-src 'self' data: https://*.mmcdn.com https://*.highwebmedia.com https://*.stream.highwebmedia.com https://*.chaturbate.com https://chaturbate.com https://www.google-analytics.com https://static-pub.highwebmedia.com https://s3pv.highwebmedia.com https://cbphotovideo.s3.amazonaws.com https://cbphotovideo-eu.s3.amazonaws.com https://static-pub.highwebmedia.com.s3.amazonaws.com https://wowdvr.s3.amazonaws.com https://cbvideoupload.s3.amazonaws.com https://cdnjs.cloudflare.com https://www.gstatic.com https://*.nr-data.net https://certify.alexametrics.com https://stats.g.doubleclick.net https://cbgames.s3.amazonaws.com https://player.vimeo.com https://script.hotjar.com http://script.hotjar.com ; font-src 'self' data: https://*.mmcdn.com https://*.highwebmedia.com https://cdnjs.cloudflare.com https://fonts.gstatic.com http://script.hotjar.com https://script.hotjar.com ; connect-src 'self' blob: blob https://*.mmcdn.com wss://*.mmcdn.com wss://*.mmcdn.com:8443 https://*.highwebmedia.com wss://*.highwebmedia.com wss://*.highwebmedia.com:8443 https://*.nr-data.net https://*.chaturbate.com https://chaturbate.com https://www.google-analytics.com https://cbvideoupload.s3-accelerate.amazonaws.com https://stats.g.doubleclick.net https://internet-up.ably-realtime.com https://static-pub.highwebmedia.com https://s3pv.highwebmedia.com https://cbphotovideo.s3.amazonaws.com https://cbphotovideo-eu.s3.amazonaws.com https://static-pub.highwebmedia.com.s3.amazonaws.com https://wowdvr.s3.amazonaws.com https://cbvideoupload.s3.amazonaws.com https://tls-use1.fpapi.io https://use1.fptls.com https://eun1.fptls.com https://aps1.fptls.com http://*.hotjar.com:* https://*.hotjar.com:* https://vc.hotjar.io:* https://surveystats.hotjar.io wss://*.hotjar.com ; media-src 'self' https://*.mmcdn.com https://*.highwebmedia.com https://*.chaturbate.com https://chaturbate.com mediasource: blob: data: https://static-pub.highwebmedia.com https://s3pv.highwebmedia.com https://cbphotovideo.s3.amazonaws.com https://cbphotovideo-eu.s3.amazonaws.com https://static-pub.highwebmedia.com.s3.amazonaws.com https://wowdvr.s3.amazonaws.com https://cbvideoupload.s3.amazonaws.com; object-src 'self' https://*.mmcdn.com https://*.highwebmedia.com https://download.macromedia.com https://static-pub.highwebmedia.com https://s3pv.highwebmedia.com https://cbphotovideo.s3.amazonaws.com https://cbphotovideo-eu.s3.amazonaws.com https://static-pub.highwebmedia.com.s3.amazonaws.com https://wowdvr.s3.amazonaws.com https://cbvideoupload.s3.amazonaws.com ; frame-src 'self' https://*.mmcdn.com https://*.chaturbate.com https://chaturbate.com https://*.highwebmedia.com https://adserver.exoticads.com https://www.google.com/recaptcha/ https://*.wnu.com https://wnu.com https://checkout.2000charge.com https://www.sofort.com https://*.girogate.de https://player.vimeo.com https://vars.hotjar.com ; child-src 'self' blob: blob ; worker-src 'self' blob: blob ; form-action 'self' https://*.chaturbate.com https://chaturbate.com https://*.stream.highwebmedia.com https://www.coinpayments.net https://*.wnu.com https://wnu.com https://devportal.cb.dev https://*.web.amer-1.jumio.ai https://smartpay.coinsmart.com ; manifest-src 'self' https://*.mmcdn.com https://*.highwebmedia.com ; report-uri https://report-uri.mmcdn.com/r/t/csp/enforce;
report-to: {"group":"default","max_age":2592000,"endpoints":[{"url":"https://report-uri.mmcdn.com/a/t/g"}],"include_subdomains":true}
nel: {"report_to":"default","max_age":2592000,"include_subdomains":true}
cache-control: no-cache
x-content-type-options: nosniff
x-xss-protection: 1; mode=block; report=https://report-uri.highwebmedia.com/r/t/xss/enforce
referrer-policy: strict-origin-when-cross-origin
via: 1.1 google
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
set-cookie: affkey="eJyrVipSslJQyigpKSi20tdPTswt1ksvSizJLNZXqgUAilAJow=="; Domain=.chaturbate.com; expires=Thu, 19-Jan-2023 19:49:53 GMT; Max-Age=2592000; Path=/
sbr=sec:sbrb74c92a0-a455-492f-a8c1-2594f1ff76ee:1p7icb:Nimrk7vYBA5VaI11rqLDUUQtZP0; Domain=.chaturbate.com; expires=Sun, 14-Sep-2025 19:49:53 GMT; HttpOnly; Max-Age=86313600; Path=/; Secure
cf-cache-status: DYNAMIC
strict-transport-security: max-age=31536000; includeSubDomains; preload
server: cloudflare
cf-ray: 77cae763892db506-OSL
content-encoding: br
X-Firefox-Spdy: h2
u3y8v8u4.aucdn.net/library/802424/1d4c319e341549015c41b2a629ea01cf2e2ca657.mp4
185.76.9.17206 Partial Content 0 B URL HTTP/2 u3y8v8u4.aucdn.net/library/802424/1d4c319e341549015c41b2a629ea01cf2e2ca657.mp4
IP 185.76.9.17:0
ASN #60068 Datacamp Limited
GET /library/802424/1d4c319e341549015c41b2a629ea01cf2e2ca657.mp4 HTTP/1.1
Host: u3y8v8u4.aucdn.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: video/webm,video/ogg,video/*;q=0.9,application/ogg;q=0.7,audio/*;q=0.6,*/*;q=0.5
Accept-Language: en-US,en;q=0.5
Range: bytes=0-
Connection: keep-alive
Referer: https://media.aso1.net/
Sec-Fetch-Dest: video
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 206 Partial Content
date: Tue, 20 Dec 2022 19:49:53 GMT
content-type: video/mp4
content-length: 11481296
last-modified: Fri, 18 Nov 2022 08:36:01 GMT
etag: "637743f1-af30d0"
expires: Sat, 18 Nov 2023 08:53:06 GMT
cache-control: max-age=31536000
access-control-allow-origin: *
x-robots-tag: noindex, follow
x-cache-op: HIT
x-accel-expires: @1700298025
server: CDN77-Turbo
x-77-nzt: AblMCQ0ebtD/OMgqAA
x-77-nzt-ray: c0a4cc284b3a74e2e111a2633cc7c622
x-cache: HIT
x-age: 2803768
x-77-pop: stockholmSE
x-77-cache: HIT
content-range: bytes 0-11481295/11481296
X-Firefox-Spdy: h2
xfantazy.com/static/logo-tv-light.svg
172.64.162.22200 OK 0 B URL HTTP/2 xfantazy.com/static/logo-tv-light.svg
IP 172.64.162.22:0
GET /static/logo-tv-light.svg HTTP/1.1
Host: xfantazy.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/video/62b0468413dbbc05e42a40cf
Cookie: visitorId=n911w4w633owt6udelmtyj; experiment-popup-payment-7=0; experiment-save-to-button-2=0
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Tue, 20 Dec 2022 19:49:48 GMT
content-type: image/svg+xml
vary: Origin, Accept-Encoding
cache-control: public, max-age=14400
last-modified: Tue, 20 Dec 2022 10:11:39 GMT
etag: W/"101b-1852f0476b0"
cf-cache-status: EXPIRED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=vpM5u5D%2BvHLCjYfsiOoPcf2U%2BfWgXptAC657u4OmwN3SSaM9GnpSnqtSXeio3STxAusnBey6JturzznqIK9rVTAqxKSym%2F6E7UigGd60fc29RMFovyz2YTgYIm%2BVxEw%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 77cae73f894123e8-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
a.naturalhealthsource.club/api/spots/391866?host=xfantazy.com&ev=197&wh=939&ww=1280&uuid=
135.181.208.216200 OK 0 B URL HTTP/2 a.naturalhealthsource.club/api/spots/391866?host=xfantazy.com&ev=197&wh=939&ww=1280&uuid=
IP 135.181.208.216:0
ASN #24940 Hetzner Online GmbH
GET /api/spots/391866?host=xfantazy.com&ev=197&wh=939&ww=1280&uuid= HTTP/1.1
Host: a.naturalhealthsource.club
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 20 Dec 2022 19:49:50 GMT
content-type: text/javascript; charset=utf-8
vary: Accept-Encoding
set-cookie: nauid=camTvQQ2NGfc5hyUolqd; Path=/; Expires=Wed, 11 Nov 2037 11:11:11 GMT; Secure; SameSite=None
cache-control: private
content-encoding: gzip
X-Firefox-Spdy: h2
cdn.creative-bars1.com/sb/interstitial/rtb/default/3/css/style.css
172.64.109.13200 OK 0 B URL HTTP/2 cdn.creative-bars1.com/sb/interstitial/rtb/default/3/css/style.css
IP 172.64.109.13:0
GET /sb/interstitial/rtb/default/3/css/style.css HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://xfantazy.com
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Tue, 20 Dec 2022 19:49:50 GMT
content-type: text/css
last-modified: Wed, 23 Jun 2021 13:33:21 GMT
etag: W/"60d33821-14da"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 1342316
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=3qGQOb%2BDuzxPEHmHwj37Puj6Ui5SSXGn7f6sluIlPNy1IAWcApByHZPZWoOzQGuoqzhvOsblGortj9v30nDSAGwrAojfKAtqXwJoYK39do9vCqhvaGdAHKJuzMuBEwQYv3Yhl6TyiwsO"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 77cae7517fd123e4-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
a.naturalhealthsource.club/api/spots/303894?p=1&s1=%subid1%&kw=
135.181.208.216200 OK 0 B URL HTTP/2 a.naturalhealthsource.club/api/spots/303894?p=1&s1=%subid1%&kw=
IP 135.181.208.216:0
ASN #24940 Hetzner Online GmbH
GET /api/spots/303894?p=1&s1=%subid1%&kw= HTTP/1.1
Host: a.naturalhealthsource.club
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Cookie: nauid=KKqVNswtrJnOI8zEHm35
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 20 Dec 2022 19:49:52 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
cache-control: private
content-encoding: gzip
X-Firefox-Spdy: h2
xfantazy.com/_next/static/chunks/69.b3ff95d1d1b8e7cf25a2.js
172.64.162.22200 OK 0 B URL HTTP/2 xfantazy.com/_next/static/chunks/69.b3ff95d1d1b8e7cf25a2.js
IP 172.64.162.22:0
GET /_next/static/chunks/69.b3ff95d1d1b8e7cf25a2.js HTTP/1.1
Host: xfantazy.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/video/62b0468413dbbc05e42a40cf
Cookie: visitorId=n911w4w633owt6udelmtyj; experiment-popup-payment-7=0; experiment-save-to-button-2=0
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Tue, 20 Dec 2022 19:49:48 GMT
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=31536000, immutable
cf-bgj: minify
etag: W/"61c-1835016290c"
last-modified: Sun, 18 Sep 2022 10:12:53 GMT
vary: Origin, Accept-Encoding
cf-cache-status: HIT
age: 1348044
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Y0YFatMfqEhmflRxogTajxjkxYm16Dwz5x4TLyE0nBYaW8fpf0G2RJzNuMTZqLMxiGgpb9z%2BK7Ls7STnzDr5lkwGhtur2H6kkyBSzK3SzHvizIt75Aa08nHbJgRmPu4%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 77cae73f68cf23e8-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
xfantazy.com/_next/static/chunks/commons.9b890646c0aa33eb63fe.js
172.64.162.22200 OK 0 B URL HTTP/2 xfantazy.com/_next/static/chunks/commons.9b890646c0aa33eb63fe.js
IP 172.64.162.22:0
GET /_next/static/chunks/commons.9b890646c0aa33eb63fe.js HTTP/1.1
Host: xfantazy.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/video/62b0468413dbbc05e42a40cf
Cookie: visitorId=n911w4w633owt6udelmtyj; experiment-popup-payment-7=0; experiment-save-to-button-2=0
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Tue, 20 Dec 2022 19:49:48 GMT
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=31536000, immutable
cf-bgj: minify
cf-polished: origSize=1388386
etag: W/"152f62-183501656eb"
last-modified: Sun, 18 Sep 2022 10:13:04 GMT
vary: Origin, Accept-Encoding
cf-cache-status: HIT
age: 1348057
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=0mk60kSsOSxqh8tx8Nm9NXds1N%2FLmP1MbxSfM9I7NURoCha%2BhIOfOtwVIQLO205sMcLy%2BVOXrC3Gfo8Z1Fi6mPc8VZib2rqDdFG38%2B%2BDKhYrT036hzsUVtorLUhNLx0%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 77cae73f68a023e8-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
xfantazy.com/_next/static/chunks/7.38d845e9473548212694.js
172.64.162.22200 OK 0 B URL HTTP/2 xfantazy.com/_next/static/chunks/7.38d845e9473548212694.js
IP 172.64.162.22:0
GET /_next/static/chunks/7.38d845e9473548212694.js HTTP/1.1
Host: xfantazy.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/video/62b0468413dbbc05e42a40cf
Cookie: visitorId=n911w4w633owt6udelmtyj; experiment-popup-payment-7=0; experiment-save-to-button-2=0
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Tue, 20 Dec 2022 19:49:48 GMT
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=31536000, immutable
cf-bgj: minify
etag: W/"97ba-183501608ac"
last-modified: Sun, 18 Sep 2022 10:12:44 GMT
vary: Origin, Accept-Encoding
cf-cache-status: HIT
age: 1347987
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=TnNfGTB%2FZ5VjjuXXbbDpHSMkjfzCOIMf%2Bkf1wjJpAkXQ%2Fxpg3XbxuSzaGHR%2B3wnTg8zDM0UmRFjamlrNeOUXrjAmZd3ahfh7iP1lUOc054%2FFRA24Z%2BY7fj24pKcXIJ8%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 77cae73f68a523e8-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
accounts.google.com/v3/signin/identifier?dsh=S-1778148800%3A1671565792001000&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&hl=en&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&ifkv=AeAAQh7WvKuGaNIONqwUFZKVQ1o14gYtoGUcaJ73nzzjGKtT1zBthggXZbQaRUS8na3KDAXS2-Z5
216.58.207.237403 Forbidden 0 B URL HTTP/2 accounts.google.com/v3/signin/identifier?dsh=S-1778148800%3A1671565792001000&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&hl=en&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&ifkv=AeAAQh7WvKuGaNIONqwUFZKVQ1o14gYtoGUcaJ73nzzjGKtT1zBthggXZbQaRUS8na3KDAXS2-Z5
IP 216.58.207.237:0
GET /v3/signin/identifier?dsh=S-1778148800%3A1671565792001000&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&hl=en&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&ifkv=AeAAQh7WvKuGaNIONqwUFZKVQ1o14gYtoGUcaJ73nzzjGKtT1zBthggXZbQaRUS8na3KDAXS2-Z5 HTTP/1.1
Host: accounts.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://xfantazy.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 403 Forbidden
content-type: text/html; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Tue, 20 Dec 2022 19:49:52 GMT
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: require-trusted-types-for 'script';report-uri /v3/signin/_/AccountsSignInUi/cspreport, script-src 'nonce-wBuzFFk7sb7xYNdPlVah9A' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /v3/signin/_/AccountsSignInUi/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com;report-uri /v3/signin/_/AccountsSignInUi/cspreport/allowlist
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-platform=*, ch-ua-platform-version=*
cross-origin-opener-policy-report-only: same-origin
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
a.bestcontentfood.top/warp/4788752?r=74359
172.64.105.34200 OK 0 B URL HTTP/2 a.bestcontentfood.top/warp/4788752?r=74359
IP 172.64.105.34:0
GET /warp/4788752?r=74359 HTTP/1.1
Host: a.bestcontentfood.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://a.naturalhealthsource.club/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Tue, 20 Dec 2022 19:49:52 GMT
content-type: application/javascript; charset=UTF-8
referer: a.medfoodsafety.com
cache-control: public, max-age=900
etag: W/"b5bfe5efa4321a0b085300dd0d4edb9f"
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=jijhlAIGfDzoWELsvhuWlfO91X69bvaoGSFKYH5Q2KNpoR%2Bg92FdD%2FROn%2Bezn3XNpzc7hqDYsBgrxM0e1%2FoELcaqyPLTeGDYKoPqOUarhPtG9dJgEYTQAVfEktpvodTxbqmFgmn36lo%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 77cae75cbdd4777f-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
a.medfoodsafety.com/loader?a=4788752&v=2&t=30&s=4776911&p=8575&if=true
172.64.205.2200 OK 0 B URL HTTP/2 a.medfoodsafety.com/loader?a=4788752&v=2&t=30&s=4776911&p=8575&if=true
IP 172.64.205.2:0
GET /loader?a=4788752&v=2&t=30&s=4776911&p=8575&if=true HTTP/1.1
Host: a.medfoodsafety.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://a.naturalhealthsource.club/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Tue, 20 Dec 2022 19:49:53 GMT
content-type: text/html
cache-control: no-cache, no-store, must-revalidate
expires: Sat, 26 Jul 1997 05:00:00 GMT
last-modified: Sun, 17 May 1998 03:00:00 GMT
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=LgtyDPGn7DiohskgpR7vRYxaqQm30sZNMastU%2B9pZOab2D2a0NZY0RmMGkw%2B%2BxzfDh64DRJd1reet6raZYjygbWfg11v9HECggcRTGxV9E%2BGJ5u1FfreUoL1r1b6eMwlAJayowjF"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 77cae75f584871e7-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
mc.yandex.ru/watch/49415098?wmode=7&page-url=https%3A%2F%2Fxfantazy.com%2Fvideo%2F62b0468413dbbc05e42a40cf&charset=utf-8&browser-info=pv%3A1%3Avf%3A14qzoz81s4a176hik6jd9j%3Afp%3A1327%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A951%3Acn%3A1%3Adp%3A0%3Als%3A594744706275%3Ahid%3A523738448%3Az%3A0%3Ai%3A20221220194956%3Aet%3A1671565797%3Ac%3A1%3Arn%3A424804259%3Arqn%3A1%3Au%3A1671565797558804053%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ads%3A1%2C153%2C446%2C23%2C278%2C0%2C%2C231%2C8%2C%2C%2C%2C1320%3Aco%3A0%3Ans%3A1671565794371%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1671565797%3At%3ALoverachelle2%20-%20Solo%2C%20Big%20Ass%2C%20%2C%20Big%20Butt%2C%20Girl%20(Full%20HD)%20-%20XFantazy.com&t=gdpr(14)clc(0-0-0)rqnt(1)aw(1)fip(1)ti(2)
93.158.134.119302 Found 0 B URL HTTP/2 mc.yandex.ru/watch/49415098?wmode=7&page-url=https%3A%2F%2Fxfantazy.com%2Fvideo%2F62b0468413dbbc05e42a40cf&charset=utf-8&browser-info=pv%3A1%3Avf%3A14qzoz81s4a176hik6jd9j%3Afp%3A1327%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A951%3Acn%3A1%3Adp%3A0%3Als%3A594744706275%3Ahid%3A523738448%3Az%3A0%3Ai%3A20221220194956%3Aet%3A1671565797%3Ac%3A1%3Arn%3A424804259%3Arqn%3A1%3Au%3A1671565797558804053%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ads%3A1%2C153%2C446%2C23%2C278%2C0%2C%2C231%2C8%2C%2C%2C%2C1320%3Aco%3A0%3Ans%3A1671565794371%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1671565797%3At%3ALoverachelle2%20-%20Solo%2C%20Big%20Ass%2C%20%2C%20Big%20Butt%2C%20Girl%20(Full%20HD)%20-%20XFantazy.com&t=gdpr(14)clc(0-0-0)rqnt(1)aw(1)fip(1)ti(2)
IP 93.158.134.119:0
GET /watch/49415098?wmode=7&page-url=https%3A%2F%2Fxfantazy.com%2Fvideo%2F62b0468413dbbc05e42a40cf&charset=utf-8&browser-info=pv%3A1%3Avf%3A14qzoz81s4a176hik6jd9j%3Afp%3A1327%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A951%3Acn%3A1%3Adp%3A0%3Als%3A594744706275%3Ahid%3A523738448%3Az%3A0%3Ai%3A20221220194956%3Aet%3A1671565797%3Ac%3A1%3Arn%3A424804259%3Arqn%3A1%3Au%3A1671565797558804053%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ads%3A1%2C153%2C446%2C23%2C278%2C0%2C%2C231%2C8%2C%2C%2C%2C1320%3Aco%3A0%3Ans%3A1671565794371%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1671565797%3At%3ALoverachelle2%20-%20Solo%2C%20Big%20Ass%2C%20%2C%20Big%20Butt%2C%20Girl%20(Full%20HD)%20-%20XFantazy.com&t=gdpr(14)clc(0-0-0)rqnt(1)aw(1)fip(1)ti(2) HTTP/1.1
Host: mc.yandex.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://xfantazy.com
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
location: /watch/49415098/1?wmode=7&page-url=https%3A%2F%2Fxfantazy.com%2Fvideo%2F62b0468413dbbc05e42a40cf&charset=utf-8&browser-info=pv%3A1%3Avf%3A14qzoz81s4a176hik6jd9j%3Afp%3A1327%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A951%3Acn%3A1%3Adp%3A0%3Als%3A594744706275%3Ahid%3A523738448%3Az%3A0%3Ai%3A20221220194956%3Aet%3A1671565797%3Ac%3A1%3Arn%3A424804259%3Arqn%3A1%3Au%3A1671565797558804053%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ads%3A1%2C153%2C446%2C23%2C278%2C0%2C%2C231%2C8%2C%2C%2C%2C1320%3Aco%3A0%3Ans%3A1671565794371%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1671565797%3At%3ALoverachelle2%20-%20Solo%2C%20Big%20Ass%2C%20%2C%20Big%20Butt%2C%20Girl%20%28Full%20HD%29%20-%20XFantazy.com&t=gdpr%2814%29clc%280-0-0%29rqnt%281%29aw%281%29fip%281%29ti%282%29
date: Tue, 20 Dec 2022 19:49:49 GMT
access-control-allow-origin: https://xfantazy.com
set-cookie: yabs-sid=307740921671565789; Path=/; SameSite=None; Secure
i=PMd5niuRm+OcIz1l57LNjPha1/q1j5y3mQV1bMsW0WPQENdIhzoJ77QncADHja8fW+0KoyjcSQLeniOO/rN18oSxpwk=; Expires=Fri, 17-Dec-2032 19:49:45 GMT; Domain=.yandex.ru; Path=/; Secure; HttpOnly; SameSite=None
yandexuid=67453351671565789; Expires=Wed, 20-Dec-2023 19:49:49 GMT; Domain=.yandex.ru; Path=/; SameSite=None; Secure
yuidss=67453351671565789; Expires=Wed, 20-Dec-2023 19:49:49 GMT; Domain=.yandex.ru; Path=/; SameSite=None; Secure
ymex=1703101789.yc.1671565789#1703101789.yrts.1671565789#1703101789.yrtsi.1671565789; Expires=Wed, 20-Dec-2023 19:49:49 GMT; Domain=.yandex.ru; Path=/; SameSite=None; Secure
access-control-allow-credentials: true
pragma: no-cache
x-xss-protection: 1; mode=block
expires: Tue, 20-Dec-2022 19:49:49 GMT
last-modified: Tue, 20-Dec-2022 19:49:49 GMT
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
xfantazy.com/_next/static/chunks/9.be198c87e436634bf765.js
172.64.162.22200 OK 0 B URL HTTP/2 xfantazy.com/_next/static/chunks/9.be198c87e436634bf765.js
IP 172.64.162.22:0
GET /_next/static/chunks/9.be198c87e436634bf765.js HTTP/1.1
Host: xfantazy.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/video/62b0468413dbbc05e42a40cf
Cookie: visitorId=n911w4w633owt6udelmtyj; experiment-popup-payment-7=0; experiment-save-to-button-2=0
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Tue, 20 Dec 2022 19:49:48 GMT
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=31536000, immutable
cf-bgj: minify
etag: W/"9c95-183501608ac"
last-modified: Sun, 18 Sep 2022 10:12:44 GMT
vary: Origin, Accept-Encoding
cf-cache-status: HIT
age: 1348044
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=CqcP2iydh%2FcifG%2B1nLwidtJLnbsZ1cj0PQqIHcjz4Nqp6WmCzxFvFWpySPlb16BWvI0Xg%2BrDhrEteVHlgrLmKaQ4vQ%2FEXcBn1qF3axYxRRXQellyY1n4VxtxkdYx4H8%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 77cae73f68ab23e8-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2