r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 3d0727e32cd103ddd4b73f28c81758aa
197a7bf43d63723fc532c23c6dced68d5cc36652
d3f75d03561d6a47d19370292e821a86e58381466f0c69386a21175de55882ff
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "D3F75D03561D6A47D19370292E821A86E58381466F0C69386A21175DE55882FF"
Last-Modified: Fri, 11 Nov 2022 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6258
Expires: Sat, 12 Nov 2022 06:31:43 GMT
Date: Sat, 12 Nov 2022 04:47:25 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 5076aaa9f4ccd602540286ce0590cb9a
bbf7936a8413a564478971d9e19beb6338cbc869
00e3b967c579b0ccf709b78d497a43d95646b16eb50925fef1e2694c58f290b2
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "00E3B967C579B0CCF709B78D497A43D95646B16EB50925FEF1E2694C58F290B2"
Last-Modified: Fri, 11 Nov 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8573
Expires: Sat, 12 Nov 2022 07:10:18 GMT
Date: Sat, 12 Nov 2022 04:47:25 GMT
Connection: keep-alive
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 4edf853c470fcec0ab277c78527f3c2d
de93530ce15337e671c488d9fe05e7091d4956f0
b9d7976b398b1243ff8a571ddd3975d3a1317d69101061bdb1a755b3b56620e6
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3333
Cache-Control: max-age=110375
Content-Type: application/ocsp-response
Date: Sat, 12 Nov 2022 04:47:25 GMT
Etag: "636e247f-1d7"
Expires: Sun, 13 Nov 2022 11:27:00 GMT
Last-Modified: Fri, 11 Nov 2022 10:31:27 GMT
Server: ECS (ska/F707)
X-Cache: HIT
Content-Length: 471
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-11-19-18-50-54.chain
34.160.144.191200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-11-19-18-50-54.chain
IP 34.160.144.191:0
File type PEM certificate\012- , ASCII text
Hash 67d5a988edcda47bc3b3b3f65d32b4b6
d4f0e0da8b3690cc7da925026d3414b68c7d954f
55e4848e3ec682e808ce7ee70950f86179c43af4f81926d826a95edfda395a78
GET /chains/remote-settings.content-signature.mozilla.org-2022-11-19-18-50-54.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: F4Fvb50WUzFHho6L6Sr6e0aXR/t5iBh6VmWaXafqQMwWshgqJcK8imFuM9bhffYvdp+eHfkvsGcvTlXLdnnBBA==
x-amz-request-id: CN2RPPFXNJ5GX20P
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Sat, 12 Nov 2022 03:50:05 GMT
age: 3440
last-modified: Fri, 30 Sep 2022 18:50:55 GMT
etag: "67d5a988edcda47bc3b3b3f65d32b4b6"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
firefox.settings.services.mozilla.com/v1/
34.102.187.140200 OK 939 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/
IP 34.102.187.140:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash 4736bac84ca28f2b1e961159fb4ea098
1319612979f53896fcfeacd4215c2715d4951e4c
5e81213e111ddf68c7f884f72b4e06fc4dc95eb902c3cf0762236b2418840dba
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Alert, Retry-After, Content-Length, Backoff, Content-Type
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Sat, 12 Nov 2022 04:44:00 GMT
cache-control: public,max-age=3600
content-type: application/json
age: 205
alt-svc: clear
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Sat, 12 Nov 2022 04:47:25 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
34.102.187.140200 OK 329 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 34.102.187.140:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Length, Cache-Control, Pragma, Retry-After, ETag, Alert, Expires, Backoff, Content-Type, Last-Modified
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Sat, 12 Nov 2022 04:24:58 GMT
cache-control: public,max-age=3600
age: 1348
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
alt-svc: clear
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash f7ff606fbc8634c858bbc04b69f55cf6
2441de2cba649239efd0dae7a878d7ef2245c0b4
95154e0dbb7e827b8f893cc141f986c29634ead618256470d753429aa65a0548
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6028
Cache-Control: max-age=107994
Content-Type: application/ocsp-response
Date: Sat, 12 Nov 2022 04:47:26 GMT
Etag: "636e10ac-1d7"
Expires: Sun, 13 Nov 2022 10:47:20 GMT
Last-Modified: Fri, 11 Nov 2022 09:06:52 GMT
Server: ECS (ska/F707)
X-Cache: HIT
Content-Length: 471
push.services.mozilla.com/
54.191.210.155101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 54.191.210.155:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: O3W54UGytRozK2ALC9/f0Q==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: IDfhBQAONMndYuqhYcj+xN7N1CE=
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash fb29db48daab83bcaed56b72093619cc
e0e0a09d729ffb1c41411419768896f1e1eb3346
08e24124f809f1ab7e6960355efcb419e13dd5fb6063c31caf04e11ebdb7a5cf
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "08E24124F809F1AB7E6960355EFCB419E13DD5FB6063C31CAF04E11EBDB7A5CF"
Last-Modified: Fri, 11 Nov 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11392
Expires: Sat, 12 Nov 2022 07:57:19 GMT
Date: Sat, 12 Nov 2022 04:47:27 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash fb29db48daab83bcaed56b72093619cc
e0e0a09d729ffb1c41411419768896f1e1eb3346
08e24124f809f1ab7e6960355efcb419e13dd5fb6063c31caf04e11ebdb7a5cf
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "08E24124F809F1AB7E6960355EFCB419E13DD5FB6063C31CAF04E11EBDB7A5CF"
Last-Modified: Fri, 11 Nov 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11392
Expires: Sat, 12 Nov 2022 07:57:19 GMT
Date: Sat, 12 Nov 2022 04:47:27 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash fb29db48daab83bcaed56b72093619cc
e0e0a09d729ffb1c41411419768896f1e1eb3346
08e24124f809f1ab7e6960355efcb419e13dd5fb6063c31caf04e11ebdb7a5cf
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "08E24124F809F1AB7E6960355EFCB419E13DD5FB6063C31CAF04E11EBDB7A5CF"
Last-Modified: Fri, 11 Nov 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11392
Expires: Sat, 12 Nov 2022 07:57:19 GMT
Date: Sat, 12 Nov 2022 04:47:27 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash fb29db48daab83bcaed56b72093619cc
e0e0a09d729ffb1c41411419768896f1e1eb3346
08e24124f809f1ab7e6960355efcb419e13dd5fb6063c31caf04e11ebdb7a5cf
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "08E24124F809F1AB7E6960355EFCB419E13DD5FB6063C31CAF04E11EBDB7A5CF"
Last-Modified: Fri, 11 Nov 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11392
Expires: Sat, 12 Nov 2022 07:57:19 GMT
Date: Sat, 12 Nov 2022 04:47:27 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash fb29db48daab83bcaed56b72093619cc
e0e0a09d729ffb1c41411419768896f1e1eb3346
08e24124f809f1ab7e6960355efcb419e13dd5fb6063c31caf04e11ebdb7a5cf
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "08E24124F809F1AB7E6960355EFCB419E13DD5FB6063C31CAF04E11EBDB7A5CF"
Last-Modified: Fri, 11 Nov 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11392
Expires: Sat, 12 Nov 2022 07:57:19 GMT
Date: Sat, 12 Nov 2022 04:47:27 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F84f5d648-d178-4f63-98ef-7a2f4504174e.jpeg
34.120.237.76200 OK 7.5 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F84f5d648-d178-4f63-98ef-7a2f4504174e.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 93d01c3c2422df3f7994d3496069dc37
96a4243e7f538fdd4e0aec4f39b058a08a4898e9
1fbc7efb3dfb058984abf1fbe60021212ff1bca8e366f03b1752c615e5249e55
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F84f5d648-d178-4f63-98ef-7a2f4504174e.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7493
x-amzn-requestid: 077e815e-bbfc-472c-9d22-a9f0e7cda511
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: bdNDhGYvIAMFygQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-636ec216-3a8a5a6f41b8ade53ff48dce;Sampled=0
x-amzn-remapped-date: Fri, 11 Nov 2022 21:43:50 GMT
x-amz-cf-pop: YVR50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: 4OOiKELCGHOkACWtRl9DqyfkKqKzqa1FwNJKQ5aOq2Ivb6pDfPYLWw==
via: 1.1 feda34dcbf6a00e232656b7983c2c7f0.cloudfront.net (CloudFront), 1.1 28390a4d24ed4fdccd685d99cd06cf4e.cloudfront.net (CloudFront), 1.1 google
date: Fri, 11 Nov 2022 22:00:55 GMT
age: 24392
etag: "96a4243e7f538fdd4e0aec4f39b058a08a4898e9"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe5720fc8-63c5-4f5e-bb64-33809e0069fe.jpeg
34.120.237.76200 OK 9.0 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe5720fc8-63c5-4f5e-bb64-33809e0069fe.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash f09e254cd6f2e29b3bf198cc5d58a46f
fa34520e849bf746ff43aec3d28beb9e4be44f4d
2e29eace95fd8cb5b6d77df880d2044ecab4206cba47931c3a95e77c1b4e9d9a
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe5720fc8-63c5-4f5e-bb64-33809e0069fe.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8953
x-amzn-requestid: 2a2d20f4-3aa5-475e-8ec2-fc569766335e
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: bdMhQGAhIAMFrjw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-636ec13b-26dc0259793ec94814f3d41a;Sampled=0
x-amzn-remapped-date: Fri, 11 Nov 2022 21:40:11 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: OKFzEoCVITStAPxYzhksarrlTkVeATx6AzBnEK32WLFaOeEIwLMu_Q==
via: 1.1 41e349e25dc4bc856d0e5d2c162428a0.cloudfront.net (CloudFront), 1.1 5fe5f2a3903f1378941d92eceaf3fa16.cloudfront.net (CloudFront), 1.1 google
date: Fri, 11 Nov 2022 21:45:12 GMT
etag: "fa34520e849bf746ff43aec3d28beb9e4be44f4d"
content-type: image/jpeg
age: 25335
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe6fac57d-aa5c-42c2-904b-58aa73c59975.jpeg
34.120.237.76200 OK 4.3 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe6fac57d-aa5c-42c2-904b-58aa73c59975.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 701700f42e1b0e528a63c3bd2a4c54e7
a3af603900538ea10e094981d298a0b37d0ab896
c84ac2d3524eb950a433aa01e1226d995d87948452e4e135a4661094923ca465
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe6fac57d-aa5c-42c2-904b-58aa73c59975.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 4268
x-amzn-requestid: 19d2f4e7-b6c1-4093-b54c-70a9a476ad89
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: bdMhSEwYIAMFg7Q=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-636ec13b-6e2f5a6147153e5c32cc4499;Sampled=0
x-amzn-remapped-date: Fri, 11 Nov 2022 21:40:11 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: 1tbxcsSYcJuquYxeYfqcwaQaHpWmL9jwX31h1ZIyXO6i5A8gIbFQmA==
via: 1.1 c34da255183aa208dd1c722ff211f9b2.cloudfront.net (CloudFront), 1.1 ead78c395f4bede3ec6cd7ea180e3d3a.cloudfront.net (CloudFront), 1.1 google
date: Fri, 11 Nov 2022 21:45:12 GMT
etag: "a3af603900538ea10e094981d298a0b37d0ab896"
content-type: image/jpeg
age: 25335
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F60d4e929-d0bb-41b7-bdcd-0e67258b428a.webp
34.120.237.76200 OK 9.0 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F60d4e929-d0bb-41b7-bdcd-0e67258b428a.webp
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 516f1bfefb1c1a737ea2441f85343b32
0cc22d7bf9092fb30f31e2ca8f242c197b891669
733824d4f6f7c5b54ce4e02ecaf152cfc1e10f3f6a801d7e2c55a02460e40087
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F60d4e929-d0bb-41b7-bdcd-0e67258b428a.webp HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 9012
x-amzn-requestid: 83eac9e7-5387-4e11-9769-182fa3f7fffb
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: bdNC6FxzoAMF80w=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-636ec212-5ca277b90a5a9a4c437edc1e;Sampled=0
x-amzn-remapped-date: Fri, 11 Nov 2022 21:43:46 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: PrJoEROPymrtc0egNlWRoOMjohiCo3zReD01qAHwByaSiXarfRS0XQ==
via: 1.1 26ca01ec7377e425b59b6a08cb1ec342.cloudfront.net (CloudFront), 1.1 6396e88c437c096ef98930ce29f731a2.cloudfront.net (CloudFront), 1.1 google
date: Fri, 11 Nov 2022 22:00:43 GMT
age: 24404
etag: "0cc22d7bf9092fb30f31e2ca8f242c197b891669"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4af930b9-b854-4316-8425-07c6aa06477a.jpeg
34.120.237.76200 OK 12 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4af930b9-b854-4316-8425-07c6aa06477a.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash cd5bdc050716bb76afe8090fc81617e7
5109c156b180727767fc03c411190ccc0d3fb5fc
9b13e7838946c6654dda17886c2ca8d42de934acb93f4bddb1008dfa1bd1ea99
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4af930b9-b854-4316-8425-07c6aa06477a.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 11715
x-amzn-requestid: 20e508bd-6568-4225-9bee-c683a49d44f6
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: bdMhUHkpIAMFfJg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-636ec13b-7dc726b94a37fc667e2e6646;Sampled=0
x-amzn-remapped-date: Fri, 11 Nov 2022 21:40:11 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: X3SUo1LP97TxraRav0ftskBhzWkTJInHaS44PW26yloF-dgD-bHBuA==
via: 1.1 da5952aa802df39905ceb16592e9698a.cloudfront.net (CloudFront), 1.1 d01e7742f82df0bbc1fb681d709ed69c.cloudfront.net (CloudFront), 1.1 google
date: Fri, 11 Nov 2022 21:45:12 GMT
etag: "5109c156b180727767fc03c411190ccc0d3fb5fc"
content-type: image/jpeg
age: 25335
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc1f07200-a0e4-465e-bc11-b3424eba7096.jpeg
34.120.237.76200 OK 10 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc1f07200-a0e4-465e-bc11-b3424eba7096.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash bb7a3aa9e5cea21f0871115448cc9c77
3749f05591d2477f6001e7f5165d62f1590f1095
e4b8e2a5980c674b4e06e90c67e84125515a93716b8d4ff5b659d8d47d0b2f16
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc1f07200-a0e4-465e-bc11-b3424eba7096.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 10456
x-amzn-requestid: cc1c934a-b8ce-4e29-b310-86b66d95e899
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: bdMi0FjXoAMFrNQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-636ec145-10f3b3337c0f36dc332c14ab;Sampled=0
x-amzn-remapped-date: Fri, 11 Nov 2022 21:40:21 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: 4gTzTudW36C5kDgQwnhj7wQlWkR2HbN7RZ09hOuTu-uBGM4ey_0Nug==
via: 1.1 1cc6ed0d2d3dd9529ce544f9dfe61a52.cloudfront.net (CloudFront), 1.1 ead78c395f4bede3ec6cd7ea180e3d3a.cloudfront.net (CloudFront), 1.1 google
date: Fri, 11 Nov 2022 22:24:15 GMT
etag: "3749f05591d2477f6001e7f5165d62f1590f1095"
content-type: image/jpeg
age: 22992
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
cdn.tsyndicate.com/sdk/v1/bi.js
8.254.252.211200 OK 3.3 kB URL HTTP/1.1 cdn.tsyndicate.com/sdk/v1/bi.js
IP 8.254.252.211:0
File type C source, ASCII text, with very long lines (7738)
Hash 5aeb7a05ea5e045c01ea950119cc59ec
f67d9780bf337f85d3e1edd4db32a1a0b39eee00
3c21c1d6f1ed0813bbcf9510c45a68dab51ab206ba2b710e795865fe7b9a9bf8
GET /sdk/v1/bi.js HTTP/1.1
Host: cdn.tsyndicate.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://adultyiffyporn.gaysmills.gigixo.com/
HTTP/1.1 200 OK
Date: Wed, 02 Nov 2022 13:06:57 GMT
Content-Type: application/javascript
Content-Length: 3312
Connection: keep-alive
Last-Modified: Wed, 02 Nov 2022 12:54:39 GMT
Server: nginx
X-Robots-Tag: noindex, nofollow
Content-Encoding: gzip
Vary: Accept-Encoding
ETag: W/"6362688f-1e83"
Age: 834033
Accept-Ranges: bytes
ocsp.digicert.com/
93.184.220.29200 OK 279 B IP 93.184.220.29:0
Hash 8cc49d9ae01c2191254808e4639cb186
959f94f6522b041fb0247ddf9fbf779623108444
e0549a3b21a7ce29d448ccff3ad8e829b21a5f8bf249a00664c3f196c0dc3097
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 2918
Cache-Control: max-age=97346
Content-Type: application/ocsp-response
Date: Sat, 12 Nov 2022 04:47:30 GMT
Etag: "636df33e-117"
Expires: Sun, 13 Nov 2022 07:49:56 GMT
Last-Modified: Fri, 11 Nov 2022 07:01:18 GMT
Server: ECS (ska/F707)
X-Cache: HIT
Content-Length: 279
ocsp.digicert.com/
93.184.220.29200 OK 279 B IP 93.184.220.29:0
Hash 8cc49d9ae01c2191254808e4639cb186
959f94f6522b041fb0247ddf9fbf779623108444
e0549a3b21a7ce29d448ccff3ad8e829b21a5f8bf249a00664c3f196c0dc3097
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 2918
Cache-Control: max-age=97346
Content-Type: application/ocsp-response
Date: Sat, 12 Nov 2022 04:47:30 GMT
Etag: "636df33e-117"
Expires: Sun, 13 Nov 2022 07:49:56 GMT
Last-Modified: Fri, 11 Nov 2022 07:01:18 GMT
Server: ECS (ska/F707)
X-Cache: HIT
Content-Length: 279
ocsp.digicert.com/
93.184.220.29200 OK 279 B IP 93.184.220.29:0
Hash 8cc49d9ae01c2191254808e4639cb186
959f94f6522b041fb0247ddf9fbf779623108444
e0549a3b21a7ce29d448ccff3ad8e829b21a5f8bf249a00664c3f196c0dc3097
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5331
Cache-Control: max-age=99758
Content-Type: application/ocsp-response
Date: Sat, 12 Nov 2022 04:47:30 GMT
Etag: "636df33e-117"
Expires: Sun, 13 Nov 2022 08:30:08 GMT
Last-Modified: Fri, 11 Nov 2022 07:01:18 GMT
Server: ECS (ska/F70D)
X-Cache: HIT
Content-Length: 279
go.eabids.com/adspace/5589988.js
217.22.19.194200 OK 206 B URL HTTP/1.1 go.eabids.com/adspace/5589988.js
IP 217.22.19.194:0
File type ASCII text, with no line terminators
Hash 443e17bfed01bc37391ac4c1c55f195c
f4e15a60ade84f98923c2c83d3164f4d7911175f
95d20775e0a74d907099c1b165e202297719bd603c14a6046a03956d168c5761
GET /adspace/5589988.js HTTP/1.1
Host: go.eabids.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://adultyiffyporn.gaysmills.gigixo.com/
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 12 Nov 2022 04:47:30 GMT
Content-Type: application/javascript; charset=utf-8
Content-Length: 206
Connection: keep-alive
Content-Encoding: gzip
Expires: Mon, 03 Jul 2001 06:00:00 GMT
Last-Modified: Sat, 12 11 2022 04:47:30 GMT
Cache-Control: no-store, no-cache, must-revalidate, max-age=0,post-check=0, pre-check=0
Pragma: no-cache
X-Backend-Server: nl2-web-203
ocsp.digicert.com/
93.184.220.29200 OK 279 B IP 93.184.220.29:0
Hash 8cc49d9ae01c2191254808e4639cb186
959f94f6522b041fb0247ddf9fbf779623108444
e0549a3b21a7ce29d448ccff3ad8e829b21a5f8bf249a00664c3f196c0dc3097
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 2918
Cache-Control: max-age=97346
Content-Type: application/ocsp-response
Date: Sat, 12 Nov 2022 04:47:30 GMT
Etag: "636df33e-117"
Expires: Sun, 13 Nov 2022 07:49:56 GMT
Last-Modified: Fri, 11 Nov 2022 07:01:18 GMT
Server: ECS (ska/F707)
X-Cache: HIT
Content-Length: 279
cdn.tubecorp.com/b/loader.js?v=3
45.133.44.24200 OK 831 B URL HTTP/1.1 cdn.tubecorp.com/b/loader.js?v=3
IP 45.133.44.24:0
ASN #39572 DataWeb Global Group B.V.
File type ASCII text, with very long lines (1745), with no line terminators
Hash 8143f2c692706afd858455911eb34152
0e9051df8fcf7a51281db01a28185679f5c32c81
03959f368154cb76dbd9d598d9a7efde0005a1f5fb62d5cd60d6e874bbb7abce
GET /b/loader.js?v=3 HTTP/1.1
Host: cdn.tubecorp.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://adultyiffyporn.gaysmills.gigixo.com/
HTTP/1.1 200 OK
Date: Sat, 12 Nov 2022 04:47:30 GMT
Content-Type: application/javascript; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Server: nginx/1.20.1
Last-Modified: Wed, 14 Oct 2020 08:55:58 GMT
ETag: W/"5f86bd1e-6d1"
Cache-Control: max-age=3600
X-Request-ID: c0e6e05964784853ea736c38cff5dcf6
Content-Encoding: gzip
Expires: Sat, 12 Nov 2022 05:47:30 GMT
X-Proxy-Cache: HIT
Access-Control-Allow-Origin: *
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash 4b46bbcd35c85c4678b0e3e409bba3bc
bb0705335e28414345ad5fcdd61104cf2fbbbbc4
6c3df7e6d0a8491fe24c03df2ccba059ba2f84155a680a4a22f217d3870cff95
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 12 Nov 2022 04:47:30 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash e7dc2623cb841be51d3e8857e015d8e1
cbfdb2a7b965598de893fef89d47e17763501acf
df1fc0809a603469e6abcf1f07a13d792550d68c862f80e38c00e47e9b233a5b
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 12 Nov 2022 04:47:30 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ajax.googleapis.com/ajax/libs/jquery/2.1.4/jquery.min.js
172.217.21.170200 OK 30 kB URL HTTP/2 ajax.googleapis.com/ajax/libs/jquery/2.1.4/jquery.min.js
IP 172.217.21.170:0
File type ASCII text, with very long lines (32025)
Hash 83b3b5729cdff3976db52c51831e96b8
d23dc823e37f58e5366340be755730f3fa9a850d
675fa88b39008a09994460a93b310a7d4593735009a9b24b6f176c347ad12421
GET /ajax/libs/jquery/2.1.4/jquery.min.js HTTP/1.1
Host: ajax.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://adultyiffyporn.gaysmills.gigixo.com
Connection: keep-alive
Referer: http://adultyiffyporn.gaysmills.gigixo.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="hosted-libraries-pushers"
report-to: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
timing-allow-origin: *
content-length: 29725
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Sat, 05 Nov 2022 16:58:49 GMT
expires: Sun, 05 Nov 2023 16:58:49 GMT
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
last-modified: Tue, 03 Mar 2020 19:15:00 GMT
content-type: text/javascript; charset=UTF-8
age: 560921
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
www.googletagmanager.com/gtag/js?id=UA-98275526-8
142.250.74.168200 OK 44 kB URL HTTP/2 www.googletagmanager.com/gtag/js?id=UA-98275526-8
IP 142.250.74.168:0
File type ASCII text, with very long lines (1921)
Hash 8d171373a33cdc83e5420f02a88c8be7
638f3a8245ce00ff134669ac110e4e37d37d6a9d
7c38b6051f46c26700e18af97786c9a7eb91d9d788f87fbf406a5f0061e86881
GET /gtag/js?id=UA-98275526-8 HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://adultyiffyporn.gaysmills.gigixo.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Sat, 12 Nov 2022 04:47:30 GMT
expires: Sat, 12 Nov 2022 04:47:30 GMT
cache-control: private, max-age=900
last-modified: Sat, 12 Nov 2022 03:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 43606
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 279 B IP 93.184.220.29:0
Hash 8cc49d9ae01c2191254808e4639cb186
959f94f6522b041fb0247ddf9fbf779623108444
e0549a3b21a7ce29d448ccff3ad8e829b21a5f8bf249a00664c3f196c0dc3097
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 2918
Cache-Control: max-age=97346
Content-Type: application/ocsp-response
Date: Sat, 12 Nov 2022 04:47:30 GMT
Etag: "636df33e-117"
Expires: Sun, 13 Nov 2022 07:49:56 GMT
Last-Modified: Fri, 11 Nov 2022 07:01:18 GMT
Server: ECS (ska/F707)
X-Cache: HIT
Content-Length: 279
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash 4b46bbcd35c85c4678b0e3e409bba3bc
bb0705335e28414345ad5fcdd61104cf2fbbbbc4
6c3df7e6d0a8491fe24c03df2ccba059ba2f84155a680a4a22f217d3870cff95
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 12 Nov 2022 04:47:30 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash e7dc2623cb841be51d3e8857e015d8e1
cbfdb2a7b965598de893fef89d47e17763501acf
df1fc0809a603469e6abcf1f07a13d792550d68c862f80e38c00e47e9b233a5b
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 12 Nov 2022 04:47:30 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash e3f9965225cba49c71506d7dee4c1647
d1d30248236cfe679fa182860d69634d30f5b0ca
8a2641a2fa1026f8893b4acf7f7c78c633a1408779f3063c87ad292729300d97
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 12 Nov 2022 04:47:30 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
fonts.gstatic.com/s/opensans/v34/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2
216.58.207.195200 OK 45 kB URL HTTP/2 fonts.gstatic.com/s/opensans/v34/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2
IP 216.58.207.195:0
File type Web Open Font Format (Version 2), TrueType, length 44856, version 1.0\012- data
Hash 565ce506190ad3af920b40baf1794cec
ad3cba5d06100e09449a864d3b5e58403b478b3d
8778e9af2422858d7052ff9a0f3c12c08ae976bdd6e0316db144cd5579cd97db
GET /s/opensans/v34/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://adultyiffyporn.gaysmills.gigixo.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 44856
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 10 Nov 2022 05:42:51 GMT
expires: Fri, 10 Nov 2023 05:42:51 GMT
cache-control: public, max-age=31536000
age: 169479
last-modified: Mon, 15 Aug 2022 18:20:18 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash e3f9965225cba49c71506d7dee4c1647
d1d30248236cfe679fa182860d69634d30f5b0ca
8a2641a2fa1026f8893b4acf7f7c78c633a1408779f3063c87ad292729300d97
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 12 Nov 2022 04:47:30 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
adultyiffyporn.gaysmills.gigixo.com/api2/2b24d434ea.php
51.79.221.186200 OK 1.4 kB URL HTTP/1.1 adultyiffyporn.gaysmills.gigixo.com/api2/2b24d434ea.php
IP 51.79.221.186:0
File type ASCII text, with very long lines (9748), with no line terminators
Hash 6b70116d3509bb30eb918f704dd7f79e
8ae2f7861b0790d7d132c91379221ac86192ef47
ef04bc3e2234d6fccf6e6a60a9e1ad7671ffdb3b4e81705713b9f233ff989ba4
GET /api2/2b24d434ea.php HTTP/1.1
Host: adultyiffyporn.gaysmills.gigixo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://adultyiffyporn.gaysmills.gigixo.com/?daisy=20
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 12 Nov 2022 04:39:23 GMT
Content-Type: application/javascript
Content-Length: 1392
Connection: keep-alive
X-Powered-By: PHP/7.4.30
Vary: Accept-Encoding
Content-Encoding: gzip
X-Frontend: un-f1
X-Backend: core3
X-Backend2: core3
cdn.tsyndicate.com/sdk/v1/bi.js
8.254.252.211304 Not Modified 0 B URL HTTP/1.1 cdn.tsyndicate.com/sdk/v1/bi.js
IP 8.254.252.211:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /sdk/v1/bi.js HTTP/1.1
Host: cdn.tsyndicate.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://adultyiffyporn.gaysmills.gigixo.com/
If-Modified-Since: Wed, 02 Nov 2022 12:54:39 GMT
If-None-Match: W/"6362688f-1e83"
HTTP/1.1 304 Not Modified
Date: Wed, 02 Nov 2022 13:06:57 GMT
Connection: keep-alive
Last-Modified: Wed, 02 Nov 2022 12:54:39 GMT
Server: nginx
X-Robots-Tag: noindex, nofollow
Vary: Accept-Encoding
ETag: W/"6362688f-1e83"
Age: 834033
go.eabids.com/banner.go?spaceid=5589988
217.22.19.194200 OK 1.7 kB URL HTTP/1.1 go.eabids.com/banner.go?spaceid=5589988
IP 217.22.19.194:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (1703), with no line terminators
Hash de6c070118a7679a11bfdd9fe95bd3ad
4a0a8daf1cc4c5280512b902d73ec10e4d284505
43a466252e18fe66966db138e837e0960d7337c3a982bc60038dba4dfb13ccb3
GET /banner.go?spaceid=5589988 HTTP/1.1
Host: go.eabids.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://adultyiffyporn.gaysmills.gigixo.com/
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 12 Nov 2022 04:47:30 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 1703
Connection: keep-alive
Expires: Mon, 03 Jul 2001 06:00:00 GMT
Last-Modified: Sat, 12 11 2022 04:47:30 GMT
Cache-Control: no-store, no-cache, must-revalidate, max-age=0,post-check=0, pre-check=0
Pragma: no-cache
X-Backend-Server: nl2-web-203
cdn.tsyndicate.com/sdk/v1/bi.js
8.254.252.211304 Not Modified 0 B URL HTTP/1.1 cdn.tsyndicate.com/sdk/v1/bi.js
IP 8.254.252.211:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /sdk/v1/bi.js HTTP/1.1
Host: cdn.tsyndicate.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://adultyiffyporn.gaysmills.gigixo.com/
If-Modified-Since: Wed, 02 Nov 2022 12:54:39 GMT
If-None-Match: W/"6362688f-1e83"
HTTP/1.1 304 Not Modified
Date: Wed, 02 Nov 2022 13:06:57 GMT
Connection: keep-alive
Last-Modified: Wed, 02 Nov 2022 12:54:39 GMT
Server: nginx
X-Robots-Tag: noindex, nofollow
Vary: Accept-Encoding
ETag: W/"6362688f-1e83"
Age: 834033
kindly-face.pro/ceDM9.6_bE2O5/lbSFWfQl9fNNDxI/2_NczwMb4MNDgJ
188.72.219.36301 Moved Permanently 162 B URL HTTP/1.1 kindly-face.pro/ceDM9.6_bE2O5/lbSFWfQl9fNNDxI/2_NczwMb4MNDgJ
IP 188.72.219.36:0
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash 4f8e702cc244ec5d4de32740c0ecbd97
3adb1f02d5b6054de0046e367c1d687b6cdf7aff
9e17cb15dd75bbbd5dbb984eda674863c3b10ab72613cf8a39a00c3e11a8492a
GET /ceDM9.6_bE2O5/lbSFWfQl9fNNDxI/2_NczwMb4MNDgJ HTTP/1.1
Host: kindly-face.pro
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://adultyiffyporn.gaysmills.gigixo.com/
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 12 Nov 2022 04:47:30 GMT
Content-Type: text/html
Content-Length: 162
Connection: keep-alive
Location: https://kindly-face.pro/ceDM9.6_bE2O5/lbSFWfQl9fNNDxI/2_NczwMb4MNDgJ
Expires: Thu, 31 Dec 2037 23:55:55 GMT
Cache-Control: max-age=315360000
X-Content-Type-Options: nosniff
cdn.tubecorp.com/i/b.html?spot=3725&src=1013599720&pid=17794&width=300&height=250&spaceid=859
45.133.44.24200 OK 181 B URL HTTP/1.1 cdn.tubecorp.com/i/b.html?spot=3725&src=1013599720&pid=17794&width=300&height=250&spaceid=859
IP 45.133.44.24:0
ASN #39572 DataWeb Global Group B.V.
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash 81aec7550d11fe54b500ea3850f95567
15d56988d343393c038d830ccdaf2d1c69664e5f
04952bb41a8bb460d8a30d9a9c2f1d1d65f86b75fcf7f104365f805e343d1ed2
GET /i/b.html?spot=3725&src=1013599720&pid=17794&width=300&height=250&spaceid=859 HTTP/1.1
Host: cdn.tubecorp.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://adultyiffyporn.gaysmills.gigixo.com/
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Date: Sat, 12 Nov 2022 04:47:30 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Server: nginx/1.20.1
Last-Modified: Sat, 20 Nov 2021 06:50:54 GMT
ETag: W/"df-5d132d02c9e77"
X-Request-ID: 4edced9b69487cb04c16d368ab2b1c90
Content-Encoding: gzip
Expires: Sat, 12 Nov 2022 05:47:30 GMT
Cache-Control: max-age=3600
X-Proxy-Cache: HIT
Access-Control-Allow-Origin: *
biptolyla.com/aOWFZ.y/Qr2m9ckEZhTz9j6hbf2L5flPSPWdQe9fNYDxEs2BN-DGUFwFOSCJ0/0WMXTDYk0/NiTtAb5vJ/nZBE1zcJ2nh/aWb/2X5glSSMW/QG9mNKDAEb2/N/D/UjwOOzCU0z0YMJTZYw0NN/TXAL5S
188.72.219.36301 Moved Permanently 162 B URL HTTP/1.1 biptolyla.com/aOWFZ.y/Qr2m9ckEZhTz9j6hbf2L5flPSPWdQe9fNYDxEs2BN-DGUFwFOSCJ0/0WMXTDYk0/NiTtAb5vJ/nZBE1zcJ2nh/aWb/2X5glSSMW/QG9mNKDAEb2/N/D/UjwOOzCU0z0YMJTZYw0NN/TXAL5S
IP 188.72.219.36:0
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash 4f8e702cc244ec5d4de32740c0ecbd97
3adb1f02d5b6054de0046e367c1d687b6cdf7aff
9e17cb15dd75bbbd5dbb984eda674863c3b10ab72613cf8a39a00c3e11a8492a
GET /aOWFZ.y/Qr2m9ckEZhTz9j6hbf2L5flPSPWdQe9fNYDxEs2BN-DGUFwFOSCJ0/0WMXTDYk0/NiTtAb5vJ/nZBE1zcJ2nh/aWb/2X5glSSMW/QG9mNKDAEb2/N/D/UjwOOzCU0z0YMJTZYw0NN/TXAL5S HTTP/1.1
Host: biptolyla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://adultyiffyporn.gaysmills.gigixo.com/
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 12 Nov 2022 04:47:30 GMT
Content-Type: text/html
Content-Length: 162
Connection: keep-alive
Location: https://biptolyla.com/aOWFZ.y/Qr2m9ckEZhTz9j6hbf2L5flPSPWdQe9fNYDxEs2BN-DGUFwFOSCJ0/0WMXTDYk0/NiTtAb5vJ/nZBE1zcJ2nh/aWb/2X5glSSMW/QG9mNKDAEb2/N/D/UjwOOzCU0z0YMJTZYw0NN/TXAL5S
Expires: Thu, 31 Dec 2037 23:55:55 GMT
Cache-Control: max-age=315360000
X-Content-Type-Options: nosniff
biptolyla.com/auW.ZNyzQu2r9FkyZnT/9U6gbE2C5mlFS/WvQT9RNPDlE/4OMrjrk/0HN/Cc0N0/MLT/g/yNOkTTQK1ZJPnEB-1KcV2-hiaRbO2/5/lGS/WeQs9iNIDeEZ4rMtjTkS0/NVCI0R0UMWT/gwy/OlTQQ/1R
188.72.219.36301 Moved Permanently 162 B URL HTTP/1.1 biptolyla.com/auW.ZNyzQu2r9FkyZnT/9U6gbE2C5mlFS/WvQT9RNPDlE/4OMrjrk/0HN/Cc0N0/MLT/g/yNOkTTQK1ZJPnEB-1KcV2-hiaRbO2/5/lGS/WeQs9iNIDeEZ4rMtjTkS0/NVCI0R0UMWT/gwy/OlTQQ/1R
IP 188.72.219.36:0
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash 4f8e702cc244ec5d4de32740c0ecbd97
3adb1f02d5b6054de0046e367c1d687b6cdf7aff
9e17cb15dd75bbbd5dbb984eda674863c3b10ab72613cf8a39a00c3e11a8492a
GET /auW.ZNyzQu2r9FkyZnT/9U6gbE2C5mlFS/WvQT9RNPDlE/4OMrjrk/0HN/Cc0N0/MLT/g/yNOkTTQK1ZJPnEB-1KcV2-hiaRbO2/5/lGS/WeQs9iNIDeEZ4rMtjTkS0/NVCI0R0UMWT/gwy/OlTQQ/1R HTTP/1.1
Host: biptolyla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://adultyiffyporn.gaysmills.gigixo.com/
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 12 Nov 2022 04:47:30 GMT
Content-Type: text/html
Content-Length: 162
Connection: keep-alive
Location: https://biptolyla.com/auW.ZNyzQu2r9FkyZnT/9U6gbE2C5mlFS/WvQT9RNPDlE/4OMrjrk/0HN/Cc0N0/MLT/g/yNOkTTQK1ZJPnEB-1KcV2-hiaRbO2/5/lGS/WeQs9iNIDeEZ4rMtjTkS0/NVCI0R0UMWT/gwy/OlTQQ/1R
Expires: Thu, 31 Dec 2037 23:55:55 GMT
Cache-Control: max-age=315360000
X-Content-Type-Options: nosniff
cdn.tubecorp.com/i/b.html?spot=3725&src=1013599720&pid=17794&width=300&height=250&spaceid=859
45.133.44.24200 OK 181 B URL HTTP/1.1 cdn.tubecorp.com/i/b.html?spot=3725&src=1013599720&pid=17794&width=300&height=250&spaceid=859
IP 45.133.44.24:0
ASN #39572 DataWeb Global Group B.V.
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash 81aec7550d11fe54b500ea3850f95567
15d56988d343393c038d830ccdaf2d1c69664e5f
04952bb41a8bb460d8a30d9a9c2f1d1d65f86b75fcf7f104365f805e343d1ed2
GET /i/b.html?spot=3725&src=1013599720&pid=17794&width=300&height=250&spaceid=859 HTTP/1.1
Host: cdn.tubecorp.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://adultyiffyporn.gaysmills.gigixo.com/
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Date: Sat, 12 Nov 2022 04:47:30 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Server: nginx/1.20.1
Last-Modified: Sat, 20 Nov 2021 06:50:54 GMT
ETag: W/"df-5d132d02c9e77"
X-Request-ID: 4edced9b69487cb04c16d368ab2b1c90
Content-Encoding: gzip
Expires: Sat, 12 Nov 2022 05:47:30 GMT
Cache-Control: max-age=3600
X-Proxy-Cache: HIT
Access-Control-Allow-Origin: *
go.eabids.com/banner.go?spaceid=5675443&keywords=&maincat=
217.22.19.194200 OK 592 B URL HTTP/1.1 go.eabids.com/banner.go?spaceid=5675443&keywords=&maincat=
IP 217.22.19.194:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (592), with no line terminators
Hash 91857635f04924687c887978b28d3dd7
985b14a36eb1d1d465eb8acae84c1ba41b434b44
83f209478c7154dc6cf0dab4ecd5a0f7f1f63ae892e207d9710b96b910525cb1
GET /banner.go?spaceid=5675443&keywords=&maincat= HTTP/1.1
Host: go.eabids.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://adultyiffyporn.gaysmills.gigixo.com/
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 12 Nov 2022 04:47:30 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 592
Connection: keep-alive
Expires: Mon, 03 Jul 2001 06:00:00 GMT
Last-Modified: Sat, 12 11 2022 04:47:30 GMT
Cache-Control: no-store, no-cache, must-revalidate, max-age=0,post-check=0, pre-check=0
Pragma: no-cache
X-Backend-Server: nl2-web-201
go.eabids.com/banner.go?spaceid=5675443&keywords=&maincat=
217.22.19.194200 OK 592 B URL HTTP/1.1 go.eabids.com/banner.go?spaceid=5675443&keywords=&maincat=
IP 217.22.19.194:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (592), with no line terminators
Hash 91857635f04924687c887978b28d3dd7
985b14a36eb1d1d465eb8acae84c1ba41b434b44
83f209478c7154dc6cf0dab4ecd5a0f7f1f63ae892e207d9710b96b910525cb1
GET /banner.go?spaceid=5675443&keywords=&maincat= HTTP/1.1
Host: go.eabids.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://adultyiffyporn.gaysmills.gigixo.com/
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 12 Nov 2022 04:47:30 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 592
Connection: keep-alive
Expires: Mon, 03 Jul 2001 06:00:00 GMT
Last-Modified: Sat, 12 11 2022 04:47:30 GMT
Cache-Control: no-store, no-cache, must-revalidate, max-age=0,post-check=0, pre-check=0
Pragma: no-cache
X-Backend-Server: nl2-web-201
cdn.tubecorp.com/b/tcbanner.js?v=9
45.133.44.24200 OK 18 kB URL HTTP/1.1 cdn.tubecorp.com/b/tcbanner.js?v=9
IP 45.133.44.24:0
ASN #39572 DataWeb Global Group B.V.
File type Unicode text, UTF-8 text, with very long lines (50685), with no line terminators
Hash cdf1ca2de3be908c01fc475c284bd396
41d93ac6b9d836e4ee2317d00b977bc4edd6a294
14b531a858232cd186a0a4c7070ddde07e950a8e7adf0940835f6adf86600590
GET /b/tcbanner.js?v=9 HTTP/1.1
Host: cdn.tubecorp.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://adultyiffyporn.gaysmills.gigixo.com/
HTTP/1.1 200 OK
Date: Sat, 12 Nov 2022 04:47:30 GMT
Content-Type: application/javascript; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Server: nginx/1.20.1
Last-Modified: Sat, 20 Nov 2021 06:50:35 GMT
ETag: W/"61989abb-c604"
Cache-Control: max-age=3600
X-Request-ID: eb03ce2295c7cf6145769d1f48d5ab66
Content-Encoding: gzip
Expires: Sat, 12 Nov 2022 05:47:30 GMT
X-Proxy-Cache: HIT
Access-Control-Allow-Origin: *
maxcdn.bootstrapcdn.com/bootswatch/3.3.7/fonts/glyphicons-halflings-regular.woff2
104.18.11.207200 OK 18 kB URL HTTP/2 maxcdn.bootstrapcdn.com/bootswatch/3.3.7/fonts/glyphicons-halflings-regular.woff2
IP 104.18.11.207:0
File type Web Open Font Format (Version 2), TrueType, length 18028, version 1.589\012- data
Hash 448c34a56d699c29117adc64c43affeb
ca35b697d99cae4d1b60f2d60fcd37771987eb07
fe185d11a49676890d47bb783312a0cda5a44c4039214094e7957b4c040ef11c
GET /bootswatch/3.3.7/fonts/glyphicons-halflings-regular.woff2 HTTP/1.1
Host: maxcdn.bootstrapcdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://adultyiffyporn.gaysmills.gigixo.com
Connection: keep-alive
Referer: https://maxcdn.bootstrapcdn.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sat, 12 Nov 2022 04:47:30 GMT
content-type: font/woff2
content-length: 18028
cdn-pullzone: 252412
cdn-uid: b1941f61-b576-4f40-80de-5677acb38f74
cdn-requestcountrycode: DE
access-control-allow-origin: *
cache-control: public, max-age=31919000
etag: "448c34a56d699c29117adc64c43affeb"
last-modified: Mon, 25 Jan 2021 22:04:28 GMT
cdn-cachedat: 11/11/2022 02:42:57
cdn-proxyver: 1.03
cdn-requestpullcode: 200
cdn-requestpullsuccess: True
cdn-edgestorageid: 1048
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
cdn-status: 200
cdn-requestid: cecf7beda27d590947a2b81f4ff835ba
cdn-cache: HIT
cf-cache-status: MISS
accept-ranges: bytes
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
server: cloudflare
cf-ray: 768ca1499dbe0b65-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
go.eabids.com/banner.go?spaceid=5675443&keywords=&maincat=
217.22.19.194200 OK 592 B URL HTTP/1.1 go.eabids.com/banner.go?spaceid=5675443&keywords=&maincat=
IP 217.22.19.194:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (592), with no line terminators
Hash 91857635f04924687c887978b28d3dd7
985b14a36eb1d1d465eb8acae84c1ba41b434b44
83f209478c7154dc6cf0dab4ecd5a0f7f1f63ae892e207d9710b96b910525cb1
GET /banner.go?spaceid=5675443&keywords=&maincat= HTTP/1.1
Host: go.eabids.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://adultyiffyporn.gaysmills.gigixo.com/
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 12 Nov 2022 04:47:30 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 592
Connection: keep-alive
Expires: Mon, 03 Jul 2001 06:00:00 GMT
Last-Modified: Sat, 12 11 2022 04:47:30 GMT
Cache-Control: no-store, no-cache, must-revalidate, max-age=0,post-check=0, pre-check=0
Pragma: no-cache
X-Backend-Server: nl2-web-201
go.eabids.com/banner.go?spaceid=2194679&keywords=&maincat=
217.22.19.194200 OK 1.6 kB URL HTTP/1.1 go.eabids.com/banner.go?spaceid=2194679&keywords=&maincat=
IP 217.22.19.194:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (1639), with no line terminators
Hash f84aea784be4382c3574a6a8ec7c5a1a
d9a948d57f09d6c4351b8416af2cf6e4713b4900
74652bae866388f4ef664b0bc732891406d0da24d97f9c2367f3c3b104b68539
GET /banner.go?spaceid=2194679&keywords=&maincat= HTTP/1.1
Host: go.eabids.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://adultyiffyporn.gaysmills.gigixo.com/
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 12 Nov 2022 04:47:30 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 1639
Connection: keep-alive
Expires: Mon, 03 Jul 2001 06:00:00 GMT
Last-Modified: Sat, 12 11 2022 04:47:30 GMT
Cache-Control: no-store, no-cache, must-revalidate, max-age=0,post-check=0, pre-check=0
Pragma: no-cache
X-Backend-Server: nl2-web-203
go.eabids.com/banner.go?spaceid=5675442&keywords=&maincat=
217.22.19.194200 OK 604 B URL HTTP/1.1 go.eabids.com/banner.go?spaceid=5675442&keywords=&maincat=
IP 217.22.19.194:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (604), with no line terminators
Hash 470e43cd91fd0b0e53b2b74dcea74363
b48c409da78cc21a6e3d2760ee73a44e747a433c
b06ba9964d78391d3e5b6c67bc24e643bc28e0fbb753a14e62890a186e2f611c
GET /banner.go?spaceid=5675442&keywords=&maincat= HTTP/1.1
Host: go.eabids.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://adultyiffyporn.gaysmills.gigixo.com/
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 12 Nov 2022 04:47:30 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 604
Connection: keep-alive
Expires: Mon, 03 Jul 2001 06:00:00 GMT
Last-Modified: Sat, 12 11 2022 04:47:30 GMT
Cache-Control: no-store, no-cache, must-revalidate, max-age=0,post-check=0, pre-check=0
Pragma: no-cache
X-Backend-Server: nl2-web-205
go.eabids.com/banner.go?spaceid=5675445&keywords=&maincat=
217.22.19.194200 OK 1.7 kB URL HTTP/1.1 go.eabids.com/banner.go?spaceid=5675445&keywords=&maincat=
IP 217.22.19.194:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (1651), with no line terminators
Hash e4c0abadc4527d953a45705c09cef5a7
1527ac28dcedc3e1c96e984a2e04386d00e671b6
7272bd015307940d0cd79f638937410715e994d578136a8eb935f54820fd3377
GET /banner.go?spaceid=5675445&keywords=&maincat= HTTP/1.1
Host: go.eabids.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://adultyiffyporn.gaysmills.gigixo.com/
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 12 Nov 2022 04:47:30 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 1651
Connection: keep-alive
Expires: Mon, 03 Jul 2001 06:00:00 GMT
Last-Modified: Sat, 12 11 2022 04:47:30 GMT
Cache-Control: no-store, no-cache, must-revalidate, max-age=0,post-check=0, pre-check=0
Pragma: no-cache
X-Backend-Server: nl2-web-200
cdn.tubecorp.com/b/tcbanner.js?v=21
45.133.44.24200 OK 18 kB URL HTTP/1.1 cdn.tubecorp.com/b/tcbanner.js?v=21
IP 45.133.44.24:0
ASN #39572 DataWeb Global Group B.V.
File type Unicode text, UTF-8 text, with very long lines (50685), with no line terminators
Hash cdf1ca2de3be908c01fc475c284bd396
41d93ac6b9d836e4ee2317d00b977bc4edd6a294
14b531a858232cd186a0a4c7070ddde07e950a8e7adf0940835f6adf86600590
GET /b/tcbanner.js?v=21 HTTP/1.1
Host: cdn.tubecorp.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://cdn.tubecorp.com/i/b.html?spot=3725&src=1013599720&pid=17794&width=300&height=250&spaceid=859
HTTP/1.1 200 OK
Date: Sat, 12 Nov 2022 04:47:30 GMT
Content-Type: application/javascript; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Server: nginx/1.20.1
Last-Modified: Sat, 20 Nov 2021 06:50:35 GMT
ETag: W/"61989abb-c604"
Cache-Control: max-age=3600
X-Request-ID: eb03ce2295c7cf6145769d1f48d5ab66
Content-Encoding: gzip
Expires: Sat, 12 Nov 2022 05:47:30 GMT
X-Proxy-Cache: HIT
Access-Control-Allow-Origin: *
tsyndicate.com/iframes2/663422ed4341433597d6546506d00321.html?keywords=Hot,sexy,tubes,stars,female,cock,tease,teases,kitty,fat,scanned,toom,kley,find,downloads,margaret,gay,gallerey,actresses,fucking,japanese,ebony,granny,nude,kasey,motorola,porn,free,iphon,amateur,fbvrtwgb,missy,russian,suprised,biting,forbidden,horny,bad,dancingqueen,her,french,watch,cell,hamster,family,solo,ottawa,time,sire,recurring,online,magicmovies,monster,india,tuttifrutti,thin,radili,hentia,andriod,babes,date,torrents,sisters,biggest,leg,amature,teensex,art,were,margera,facebook,jewish,experimental,anderson,dicks,culo,tape,downloadable,furry,who,guys,hanson,stocking,web,prostata,goes,starts,blonde,lesbian,hairy,deuxma,star,fingers,evanssx,rosie,coughlan,with,thick,animation,ebonyfox,teenage,just,massage,stars,female,cock,tease,teases,kitty,fat,scanned,toom,kley,find,downloads,margaret,gay,gallerey,actresses,fucking,japanese,ebony,granny,nude,kasey,motorola,porn,free,iphon,amateur,f&adb=0&clientjs=1&w=1280&h=1024&tz=0
136.243.75.209200 OK 2.7 kB URL HTTP/1.1 tsyndicate.com/iframes2/663422ed4341433597d6546506d00321.html?keywords=Hot,sexy,tubes,stars,female,cock,tease,teases,kitty,fat,scanned,toom,kley,find,downloads,margaret,gay,gallerey,actresses,fucking,japanese,ebony,granny,nude,kasey,motorola,porn,free,iphon,amateur,fbvrtwgb,missy,russian,suprised,biting,forbidden,horny,bad,dancingqueen,her,french,watch,cell,hamster,family,solo,ottawa,time,sire,recurring,online,magicmovies,monster,india,tuttifrutti,thin,radili,hentia,andriod,babes,date,torrents,sisters,biggest,leg,amature,teensex,art,were,margera,facebook,jewish,experimental,anderson,dicks,culo,tape,downloadable,furry,who,guys,hanson,stocking,web,prostata,goes,starts,blonde,lesbian,hairy,deuxma,star,fingers,evanssx,rosie,coughlan,with,thick,animation,ebonyfox,teenage,just,massage,stars,female,cock,tease,teases,kitty,fat,scanned,toom,kley,find,downloads,margaret,gay,gallerey,actresses,fucking,japanese,ebony,granny,nude,kasey,motorola,porn,free,iphon,amateur,f&adb=0&clientjs=1&w=1280&h=1024&tz=0
IP 136.243.75.209:0
ASN #24940 Hetzner Online GmbH
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (4336)
Hash 1f22319ffbac587e0e3ee8af3195b627
876e295e9a591e2b2c9727df4aa44e6b6c5b33c2
da9874eeb5dfcf2e34f794ef83b1ba6591796d01ae78339d94f4927b67f49cf8
GET /iframes2/663422ed4341433597d6546506d00321.html?keywords=Hot,sexy,tubes,stars,female,cock,tease,teases,kitty,fat,scanned,toom,kley,find,downloads,margaret,gay,gallerey,actresses,fucking,japanese,ebony,granny,nude,kasey,motorola,porn,free,iphon,amateur,fbvrtwgb,missy,russian,suprised,biting,forbidden,horny,bad,dancingqueen,her,french,watch,cell,hamster,family,solo,ottawa,time,sire,recurring,online,magicmovies,monster,india,tuttifrutti,thin,radili,hentia,andriod,babes,date,torrents,sisters,biggest,leg,amature,teensex,art,were,margera,facebook,jewish,experimental,anderson,dicks,culo,tape,downloadable,furry,who,guys,hanson,stocking,web,prostata,goes,starts,blonde,lesbian,hairy,deuxma,star,fingers,evanssx,rosie,coughlan,with,thick,animation,ebonyfox,teenage,just,massage,stars,female,cock,tease,teases,kitty,fat,scanned,toom,kley,find,downloads,margaret,gay,gallerey,actresses,fucking,japanese,ebony,granny,nude,kasey,motorola,porn,free,iphon,amateur,f&adb=0&clientjs=1&w=1280&h=1024&tz=0 HTTP/1.1
Host: tsyndicate.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://adultyiffyporn.gaysmills.gigixo.com/
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 12 Nov 2022 04:47:30 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Pragma: no-cache
Expires: 0
Vary: Accept-Encoding, *
X-Api-Version: 2
Link: <http://lcdn.tsyndicate.com/sdk/v1/b.b.js>; rel=preload; as=script
X-Request-Id: 0557ec298f428faa
Set-Cookie: ts_uid=0db30f2f-2096-4bc4-b430-76bd453a78c0; expires=Fri, 12 May 2023 04:47:30 GMT; domain=.tsyndicate.com; path=/; HttpOnly; secure; SameSite=None
Cache-Control: no-cache, no-store, no-transform, must-revalidate, no-transform
X-Robots-Tag: none, noindex, nofollow
Report-To: { "url": "https://pxl.tsyndicate.com/api/v1/heavy-ad/report", "max_age": 86401 }
Content-Encoding: gzip
static.eabids.com/data/bannerpools/112022/34098.jpg
217.22.19.195200 OK 33 kB URL HTTP/1.1 static.eabids.com/data/bannerpools/112022/34098.jpg
IP 217.22.19.195:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 160x600, components 3\012- data
Hash 2ec8ec7ae5d8641463df9425c44bc655
f7aaae0eb5573f8252de5f926d87dfcb30917dd1
7c9ff9937209d2bddd67ecba04e7a5065b622836cf67c67fc498b1feeb11f0aa
GET /data/bannerpools/112022/34098.jpg HTTP/1.1
Host: static.eabids.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://go.eabids.com/
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 12 Nov 2022 04:47:30 GMT
Content-Type: image/jpeg
Content-Length: 32936
Last-Modified: Thu, 28 Apr 2022 14:46:28 GMT
Connection: keep-alive
ETag: "626aa8c4-80a8"
Expires: Thu, 31 Dec 2037 23:55:55 GMT
Cache-Control: max-age=315360000
X-Backend-Server: nl2-static-223
Accept-Ranges: bytes
adsmediabox.com/jrt-yuvu.php?cid=2|160319|113814|no|114003|4330678|5675443|1|0|46|50304|,,,,,|4|0|0|1,6,24|0|0|en|1|1532635802|0
185.107.68.57301 Moved Permanently 169 B URL HTTP/1.1 adsmediabox.com/jrt-yuvu.php?cid=2|160319|113814|no|114003|4330678|5675443|1|0|46|50304|,,,,,|4|0|0|1,6,24|0|0|en|1|1532635802|0
IP 185.107.68.57:0
ASN #43350 NForce Entertainment B.V.
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash bd6987d71fad7058a993a9028dc40454
3ed872fa3a00837bb008ad9d201850e2ea57a79f
f0e759f444eb3a324b621f0548919424455e81441d42ea6bc6bcd2b24fce1b92
GET /jrt-yuvu.php?cid=2|160319|113814|no|114003|4330678|5675443|1|0|46|50304|,,,,,|4|0|0|1,6,24|0|0|en|1|1532635802|0 HTTP/1.1
Host: adsmediabox.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://go.eabids.com/
Upgrade-Insecure-Requests: 1
HTTP/1.1 301 Moved Permanently
Server: nginx/1.16.1
Date: Sat, 12 Nov 2022 04:47:31 GMT
Content-Type: text/html
Content-Length: 169
Connection: keep-alive
Location: https://adsmediabox.com/jrt-yuvu.php?cid=2|160319|113814|no|114003|4330678|5675443|1|0|46|50304|,,,,,|4|0|0|1,6,24|0|0|en|1|1532635802|0
tsyndicate.com/iframes2/663422ed4341433597d6546506d00321.html?keywords=Hot,sexy,tubes,stars,female,cock,tease,teases,kitty,fat,scanned,toom,kley,find,downloads,margaret,gay,gallerey,actresses,fucking,japanese,ebony,granny,nude,kasey,motorola,porn,free,iphon,amateur,fbvrtwgb,missy,russian,suprised,biting,forbidden,horny,bad,dancingqueen,her,french,watch,cell,hamster,family,solo,ottawa,time,sire,recurring,online,magicmovies,monster,india,tuttifrutti,thin,radili,hentia,andriod,babes,date,torrents,sisters,biggest,leg,amature,teensex,art,were,margera,facebook,jewish,experimental,anderson,dicks,culo,tape,downloadable,furry,who,guys,hanson,stocking,web,prostata,goes,starts,blonde,lesbian,hairy,deuxma,star,fingers,evanssx,rosie,coughlan,with,thick,animation,ebonyfox,teenage,just,massage,stars,female,cock,tease,teases,kitty,fat,scanned,toom,kley,find,downloads,margaret,gay,gallerey,actresses,fucking,japanese,ebony,granny,nude,kasey,motorola,porn,free,iphon,amateur,f&adb=0&clientjs=1&w=1280&h=1024&tz=0
136.243.75.209200 OK 2.7 kB URL HTTP/1.1 tsyndicate.com/iframes2/663422ed4341433597d6546506d00321.html?keywords=Hot,sexy,tubes,stars,female,cock,tease,teases,kitty,fat,scanned,toom,kley,find,downloads,margaret,gay,gallerey,actresses,fucking,japanese,ebony,granny,nude,kasey,motorola,porn,free,iphon,amateur,fbvrtwgb,missy,russian,suprised,biting,forbidden,horny,bad,dancingqueen,her,french,watch,cell,hamster,family,solo,ottawa,time,sire,recurring,online,magicmovies,monster,india,tuttifrutti,thin,radili,hentia,andriod,babes,date,torrents,sisters,biggest,leg,amature,teensex,art,were,margera,facebook,jewish,experimental,anderson,dicks,culo,tape,downloadable,furry,who,guys,hanson,stocking,web,prostata,goes,starts,blonde,lesbian,hairy,deuxma,star,fingers,evanssx,rosie,coughlan,with,thick,animation,ebonyfox,teenage,just,massage,stars,female,cock,tease,teases,kitty,fat,scanned,toom,kley,find,downloads,margaret,gay,gallerey,actresses,fucking,japanese,ebony,granny,nude,kasey,motorola,porn,free,iphon,amateur,f&adb=0&clientjs=1&w=1280&h=1024&tz=0
IP 136.243.75.209:0
ASN #24940 Hetzner Online GmbH
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (4300)
Hash 72300b78cf4846147d32c50b6f2db594
0820a303fe0426c4ce0436422430bb66efaa1378
fdfc82686b89dc7a393c3b3f67a36f761d67ecd6886a8938d0143dec15f50846
GET /iframes2/663422ed4341433597d6546506d00321.html?keywords=Hot,sexy,tubes,stars,female,cock,tease,teases,kitty,fat,scanned,toom,kley,find,downloads,margaret,gay,gallerey,actresses,fucking,japanese,ebony,granny,nude,kasey,motorola,porn,free,iphon,amateur,fbvrtwgb,missy,russian,suprised,biting,forbidden,horny,bad,dancingqueen,her,french,watch,cell,hamster,family,solo,ottawa,time,sire,recurring,online,magicmovies,monster,india,tuttifrutti,thin,radili,hentia,andriod,babes,date,torrents,sisters,biggest,leg,amature,teensex,art,were,margera,facebook,jewish,experimental,anderson,dicks,culo,tape,downloadable,furry,who,guys,hanson,stocking,web,prostata,goes,starts,blonde,lesbian,hairy,deuxma,star,fingers,evanssx,rosie,coughlan,with,thick,animation,ebonyfox,teenage,just,massage,stars,female,cock,tease,teases,kitty,fat,scanned,toom,kley,find,downloads,margaret,gay,gallerey,actresses,fucking,japanese,ebony,granny,nude,kasey,motorola,porn,free,iphon,amateur,f&adb=0&clientjs=1&w=1280&h=1024&tz=0 HTTP/1.1
Host: tsyndicate.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://adultyiffyporn.gaysmills.gigixo.com/
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 12 Nov 2022 04:47:31 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Pragma: no-cache
Expires: 0
Vary: Accept-Encoding, *
X-Api-Version: 2
Link: <http://lcdn.tsyndicate.com/sdk/v1/b.b.js>; rel=preload; as=script
X-Request-Id: 758171d1b1b86699
Set-Cookie: ts_uid=3dd5fa85-92d6-45af-9af6-bf689077c230; expires=Fri, 12 May 2023 04:47:31 GMT; domain=.tsyndicate.com; path=/; HttpOnly; secure; SameSite=None
Cache-Control: no-cache, no-store, no-transform, must-revalidate, no-transform
X-Robots-Tag: none, noindex, nofollow
Report-To: { "url": "https://pxl.tsyndicate.com/api/v1/heavy-ad/report", "max_age": 86401 }
Content-Encoding: gzip
kindly-face.pro/ceDM9.6_bE2O5/lbSFWfQl9fNNDxI/2_NczwMb4MNDgJ
188.72.219.36200 OK 0 B URL HTTP/2 kindly-face.pro/ceDM9.6_bE2O5/lbSFWfQl9fNNDxI/2_NczwMb4MNDgJ
IP 188.72.219.36:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /ceDM9.6_bE2O5/lbSFWfQl9fNNDxI/2_NczwMb4MNDgJ HTTP/1.1
Host: kindly-face.pro
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://adultyiffyporn.gaysmills.gigixo.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Sat, 12 Nov 2022 04:47:30 GMT
content-type: application/javascript
content-length: 0
accept-ch: Sec-CH-UA-Platform-Version, Sec-CH-UA-Platform
expires: Mon, 26 Jul 2011 05:00:00 GMT
cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
pragma: no-cache
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-headers: Content-Type
x-content-type-options: nosniff
X-Firefox-Spdy: h2
www.highperformancedisplayformat.com/c515a1f4fc3a36b04275034bdcef5c99/invoke.js
192.243.59.20403 Forbidden 0 B URL HTTP/1.1 www.highperformancedisplayformat.com/c515a1f4fc3a36b04275034bdcef5c99/invoke.js
IP 192.243.59.20:0
ASN #39572 DataWeb Global Group B.V.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /c515a1f4fc3a36b04275034bdcef5c99/invoke.js HTTP/1.1
Host: www.highperformancedisplayformat.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://adultyiffyporn.gaysmills.gigixo.com/
HTTP/1.1 403 Forbidden
Server: nginx/1.17.9
Date: Sat, 12 Nov 2022 04:47:30 GMT
Content-Type: application/javascript
Content-Length: 0
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
tsyndicate.com/iframes2/9d1e13394347478aa7505e5c4801aade.html?keywords=Hot,sexy,tubes,stars,female,cock,tease,teases,kitty,fat,scanned,toom,kley,find,downloads,margaret,gay,gallerey,actresses,fucking,japanese,ebony,granny,nude,kasey,motorola,porn,free,iphon,amateur,fbvrtwgb,missy,russian,suprised,biting,forbidden,horny,bad,dancingqueen,her,french,watch,cell,hamster,family,solo,ottawa,time,sire,recurring,online,magicmovies,monster,india,tuttifrutti,thin,radili,hentia,andriod,babes,date,torrents,sisters,biggest,leg,amature,teensex,art,were,margera,facebook,jewish,experimental,anderson,dicks,culo,tape,downloadable,furry,who,guys,hanson,stocking,web,prostata,goes,starts,blonde,lesbian,hairy,deuxma,star,fingers,evanssx,rosie,coughlan,with,thick,animation,ebonyfox,teenage,just,massage,stars,female,cock,tease,teases,kitty,fat,scanned,toom,kley,find,downloads,margaret,gay,gallerey,actresses,fucking,japanese,ebony,granny,nude,kasey,motorola,porn,free,iphon,amateur,f&adb=0&clientjs=1&w=1280&h=1024&tz=0
136.243.75.209200 OK 2.8 kB URL HTTP/1.1 tsyndicate.com/iframes2/9d1e13394347478aa7505e5c4801aade.html?keywords=Hot,sexy,tubes,stars,female,cock,tease,teases,kitty,fat,scanned,toom,kley,find,downloads,margaret,gay,gallerey,actresses,fucking,japanese,ebony,granny,nude,kasey,motorola,porn,free,iphon,amateur,fbvrtwgb,missy,russian,suprised,biting,forbidden,horny,bad,dancingqueen,her,french,watch,cell,hamster,family,solo,ottawa,time,sire,recurring,online,magicmovies,monster,india,tuttifrutti,thin,radili,hentia,andriod,babes,date,torrents,sisters,biggest,leg,amature,teensex,art,were,margera,facebook,jewish,experimental,anderson,dicks,culo,tape,downloadable,furry,who,guys,hanson,stocking,web,prostata,goes,starts,blonde,lesbian,hairy,deuxma,star,fingers,evanssx,rosie,coughlan,with,thick,animation,ebonyfox,teenage,just,massage,stars,female,cock,tease,teases,kitty,fat,scanned,toom,kley,find,downloads,margaret,gay,gallerey,actresses,fucking,japanese,ebony,granny,nude,kasey,motorola,porn,free,iphon,amateur,f&adb=0&clientjs=1&w=1280&h=1024&tz=0
IP 136.243.75.209:0
ASN #24940 Hetzner Online GmbH
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (4412)
Hash fd45531ae1962d955e3da060c7a6a313
9261880759d7a1459a91b8a36864e84e9504e949
c3c1a375e295b239daf60d2f870ac693eb054775a4ae098cad8ffdc77ced3025
GET /iframes2/9d1e13394347478aa7505e5c4801aade.html?keywords=Hot,sexy,tubes,stars,female,cock,tease,teases,kitty,fat,scanned,toom,kley,find,downloads,margaret,gay,gallerey,actresses,fucking,japanese,ebony,granny,nude,kasey,motorola,porn,free,iphon,amateur,fbvrtwgb,missy,russian,suprised,biting,forbidden,horny,bad,dancingqueen,her,french,watch,cell,hamster,family,solo,ottawa,time,sire,recurring,online,magicmovies,monster,india,tuttifrutti,thin,radili,hentia,andriod,babes,date,torrents,sisters,biggest,leg,amature,teensex,art,were,margera,facebook,jewish,experimental,anderson,dicks,culo,tape,downloadable,furry,who,guys,hanson,stocking,web,prostata,goes,starts,blonde,lesbian,hairy,deuxma,star,fingers,evanssx,rosie,coughlan,with,thick,animation,ebonyfox,teenage,just,massage,stars,female,cock,tease,teases,kitty,fat,scanned,toom,kley,find,downloads,margaret,gay,gallerey,actresses,fucking,japanese,ebony,granny,nude,kasey,motorola,porn,free,iphon,amateur,f&adb=0&clientjs=1&w=1280&h=1024&tz=0 HTTP/1.1
Host: tsyndicate.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://adultyiffyporn.gaysmills.gigixo.com/
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 12 Nov 2022 04:47:31 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Pragma: no-cache
Expires: 0
Vary: Accept-Encoding, *
X-Api-Version: 2
Link: <http://lcdn.tsyndicate.com/sdk/v1/b.b.js>; rel=preload; as=script
X-Request-Id: 59d2704d6244f951
Set-Cookie: ts_uid=80b750c8-1148-4aa4-a42f-1ac0426e8fcb; expires=Fri, 12 May 2023 04:47:31 GMT; domain=.tsyndicate.com; path=/; HttpOnly; secure; SameSite=None
Cache-Control: no-cache, no-store, no-transform, must-revalidate, no-transform
X-Robots-Tag: none, noindex, nofollow
Report-To: { "url": "https://pxl.tsyndicate.com/api/v1/heavy-ad/report", "max_age": 86401 }
Content-Encoding: gzip
lcdn.tsyndicate.com/sdk/v1/b.b.js
8.247.219.121200 OK 2.8 kB URL HTTP/1.1 lcdn.tsyndicate.com/sdk/v1/b.b.js
IP 8.247.219.121:0
File type ASCII text, with very long lines (2590)
Hash 01c3ce239d639853ba1e41661c115938
704741ca41e890a26eef6190c2d61131ff294f56
9aabcddb7b91826c4b8bf721d77fa448ceba501616a38c6fe0d6c4f11091ed47
GET /sdk/v1/b.b.js HTTP/1.1
Host: lcdn.tsyndicate.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://tsyndicate.com/
HTTP/1.1 200 OK
Date: Tue, 08 Mar 2022 10:11:03 GMT
Content-Type: application/javascript
Content-Length: 2808
Connection: keep-alive
Last-Modified: Tue, 22 Feb 2022 13:07:15 GMT
Server: nginx
X-Robots-Tag: noindex, nofollow
Content-Encoding: gzip
Vary: Accept-Encoding
ETag: W/"6214e003-1eb1"
Age: 21494188
Accept-Ranges: bytes
biptolyla.com/aOWFZ.y/Qr2m9ckEZhTz9j6hbf2L5flPSPWdQe9fNYDxEs2BN-DGUFwFOSCJ0/0WMXTDYk0/NiTtAb5vJ/nZBE1zcJ2nh/aWb/2X5glSSMW/QG9mNKDAEb2/N/D/UjwOOzCU0z0YMJTZYw0NN/TXAL5S
188.72.219.36200 OK 5.8 kB URL HTTP/2 biptolyla.com/aOWFZ.y/Qr2m9ckEZhTz9j6hbf2L5flPSPWdQe9fNYDxEs2BN-DGUFwFOSCJ0/0WMXTDYk0/NiTtAb5vJ/nZBE1zcJ2nh/aWb/2X5glSSMW/QG9mNKDAEb2/N/D/UjwOOzCU0z0YMJTZYw0NN/TXAL5S
IP 188.72.219.36:0
File type ASCII text, with very long lines (2401)
Hash 72b4e86b06d704fc46931d104c551bad
d1896a22ce4e75b14a36145e2c2e65ab39babf9e
b70d5fb7720e6c4baded4847dad9d0367b0ef6556b20c3d69a2a64b3f92366e8
GET /aOWFZ.y/Qr2m9ckEZhTz9j6hbf2L5flPSPWdQe9fNYDxEs2BN-DGUFwFOSCJ0/0WMXTDYk0/NiTtAb5vJ/nZBE1zcJ2nh/aWb/2X5glSSMW/QG9mNKDAEb2/N/D/UjwOOzCU0z0YMJTZYw0NN/TXAL5S HTTP/1.1
Host: biptolyla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://adultyiffyporn.gaysmills.gigixo.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Sat, 12 Nov 2022 04:47:31 GMT
content-type: application/javascript
vary: Accept-Encoding
expires: Mon, 26 Jul 2011 05:00:00 GMT
cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
pragma: no-cache
accept-ch: Sec-CH-UA-Platform-Version, Sec-CH-UA-Platform
x-content-type-options: nosniff
content-encoding: br
X-Firefox-Spdy: h2
adultyiffyporn.gaysmills.gigixo.com/s3/wc_oct20/0003.gif
51.79.221.186200 OK 48 kB URL HTTP/1.1 adultyiffyporn.gaysmills.gigixo.com/s3/wc_oct20/0003.gif
IP 51.79.221.186:0
File type GIF image data, version 89a, 300 x 250\012- data
Hash 47abfabf0713117b5d55b5853b499c2c
b564f788076c9956ca9038a5ca1711991064909e
63d07e26344dc8067c60d3edea27097c17f955593712a1260c6d69667e41b302
GET /s3/wc_oct20/0003.gif HTTP/1.1
Host: adultyiffyporn.gaysmills.gigixo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://adultyiffyporn.gaysmills.gigixo.com/?daisy=20
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 12 Nov 2022 04:39:23 GMT
Content-Type: image/gif
Content-Length: 47642
Connection: keep-alive
Last-Modified: Fri, 09 Oct 2020 20:06:16 GMT
ETag: "5f80c2b8-ba1a"
X-Cluster: web-cdn2
X-Cache: HIT
CF-Cache-Status: MISS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=7r8wZvVmxTPn0fQ4IcikFf73A8INyw%2B7jD7fAlfCbedJk7qEj%2FFu4aIgkP7NHzAmEc7fVRWN6Nqiku8Rxg%2Fll4JQuspRyVgIjXIXvEGMvpOx8OuddNc4qtmYQU0dlFI%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
CF-RAY: 768c8f035fd32ea4-SIN
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Cache-Status: HIT
Cache-Control: max-age=14400, max-age=31536000
Accept-Ranges: bytes
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash c53677a1e024d9ba53d4766f4430a9eb
36e9fe6134b0cdfc1aac2f537d0bb3c8d38608ad
43f642f7ffbe659fc4c236ab94e64a09e8db98bc8272221020baa72ea16fa827
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "43F642F7FFBE659FC4C236AB94E64A09E8DB98BC8272221020BAA72EA16FA827"
Last-Modified: Thu, 10 Nov 2022 10:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6759
Expires: Sat, 12 Nov 2022 06:40:10 GMT
Date: Sat, 12 Nov 2022 04:47:31 GMT
Connection: keep-alive
cdn.tsyndicate.com/sdk/v1/bi.js
8.254.252.211304 Not Modified 0 B URL HTTP/1.1 cdn.tsyndicate.com/sdk/v1/bi.js
IP 8.254.252.211:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /sdk/v1/bi.js HTTP/1.1
Host: cdn.tsyndicate.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://adultyiffyporn.gaysmills.gigixo.com/
If-Modified-Since: Wed, 02 Nov 2022 12:54:39 GMT
If-None-Match: W/"6362688f-1e83"
HTTP/1.1 304 Not Modified
Date: Wed, 02 Nov 2022 13:06:57 GMT
Connection: keep-alive
Last-Modified: Wed, 02 Nov 2022 12:54:39 GMT
Server: nginx
X-Robots-Tag: noindex, nofollow
Vary: Accept-Encoding
ETag: W/"6362688f-1e83"
Age: 834034
biptolyla.com/auW.ZNyzQu2r9FkyZnT/9U6gbE2C5mlFS/WvQT9RNPDlE/4OMrjrk/0HN/Cc0N0/MLT/g/yNOkTTQK1ZJPnEB-1KcV2-hiaRbO2/5/lGS/WeQs9iNIDeEZ4rMtjTkS0/NVCI0R0UMWT/gwy/OlTQQ/1R
188.72.219.36200 OK 30 kB URL HTTP/2 biptolyla.com/auW.ZNyzQu2r9FkyZnT/9U6gbE2C5mlFS/WvQT9RNPDlE/4OMrjrk/0HN/Cc0N0/MLT/g/yNOkTTQK1ZJPnEB-1KcV2-hiaRbO2/5/lGS/WeQs9iNIDeEZ4rMtjTkS0/NVCI0R0UMWT/gwy/OlTQQ/1R
IP 188.72.219.36:0
File type ASCII text, with very long lines (2401)
Hash 2c0075cc681bd649b29a70ce50172181
a7ecf795b4e51f2f02f491461285363950f8fc88
d591d271c7df08fcb87cfd4ef89bc9a0939a2a20ea94202673f879f8f1bfb96f
GET /auW.ZNyzQu2r9FkyZnT/9U6gbE2C5mlFS/WvQT9RNPDlE/4OMrjrk/0HN/Cc0N0/MLT/g/yNOkTTQK1ZJPnEB-1KcV2-hiaRbO2/5/lGS/WeQs9iNIDeEZ4rMtjTkS0/NVCI0R0UMWT/gwy/OlTQQ/1R HTTP/1.1
Host: biptolyla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://adultyiffyporn.gaysmills.gigixo.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Sat, 12 Nov 2022 04:47:31 GMT
content-type: application/javascript
vary: Accept-Encoding
expires: Mon, 26 Jul 2011 05:00:00 GMT
cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
pragma: no-cache
accept-ch: Sec-CH-UA-Platform-Version, Sec-CH-UA-Platform
x-content-type-options: nosniff
content-encoding: br
X-Firefox-Spdy: h2
go.eabids.com/banner.go?spaceid=5675445&keywords=&maincat=
217.22.19.194200 OK 680 B URL HTTP/1.1 go.eabids.com/banner.go?spaceid=5675445&keywords=&maincat=
IP 217.22.19.194:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (680), with no line terminators
Hash 333f07c9740d7ea4fec7117de0e3032a
9acc999a9e813f6545605c8f772054e52222b50d
74fd44d70e0f4c573b0fccc11979a3101408dd19008a30bf7bd0d628d062b446
GET /banner.go?spaceid=5675445&keywords=&maincat= HTTP/1.1
Host: go.eabids.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://adultyiffyporn.gaysmills.gigixo.com/
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 12 Nov 2022 04:47:31 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 680
Connection: keep-alive
Expires: Mon, 03 Jul 2001 06:00:00 GMT
Last-Modified: Sat, 12 11 2022 04:47:31 GMT
Cache-Control: no-store, no-cache, must-revalidate, max-age=0,post-check=0, pre-check=0
Pragma: no-cache
X-Backend-Server: nl2-web-203
static.eabids.com/data/bannerpools/112022/33934.gif
217.22.19.195200 OK 19 kB URL HTTP/1.1 static.eabids.com/data/bannerpools/112022/33934.gif
IP 217.22.19.195:0
File type GIF image data, version 89a, 300 x 250\012- data
Hash 051a74f97159f02bf9e4afd2c411034c
44b6f927879e86fc7f47f0636b5c6aa307e321b2
18805a7cd0dacce7bf54a604fc8d9093d9dbe413bfb9d9688414df2adbe3f0b4
GET /data/bannerpools/112022/33934.gif HTTP/1.1
Host: static.eabids.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://go.eabids.com/
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 12 Nov 2022 04:47:31 GMT
Content-Type: image/gif
Content-Length: 18574
Last-Modified: Thu, 28 Apr 2022 14:46:24 GMT
Connection: keep-alive
ETag: "626aa8c0-488e"
Expires: Thu, 31 Dec 2037 23:55:55 GMT
Cache-Control: max-age=315360000
X-Backend-Server: nl2-static-223
Accept-Ranges: bytes
adsmediabox.com/jrt-yuvu.php?cid=2|160319|113814|no|114003|4330678|5675443|1|0|46|50304|,,,,,|4|0|0|1,6,24|0|0|en|1|1532635802|0
185.107.68.57200 OK 1.3 kB URL HTTP/1.1 adsmediabox.com/jrt-yuvu.php?cid=2|160319|113814|no|114003|4330678|5675443|1|0|46|50304|,,,,,|4|0|0|1,6,24|0|0|en|1|1532635802|0
IP 185.107.68.57:0
ASN #43350 NForce Entertainment B.V.
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (388)
Hash 07996c0cf2631a9a46d6d71c56fb2ad0
cd0d2d722e66f8d0c2488ec5c53101a722f0306d
7ef768f7fbec1d12ac2d903235ddd56f05ef9832868b52b72c7a63966fef603d
GET /jrt-yuvu.php?cid=2|160319|113814|no|114003|4330678|5675443|1|0|46|50304|,,,,,|4|0|0|1,6,24|0|0|en|1|1532635802|0 HTTP/1.1
Host: adsmediabox.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://go.eabids.com/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.16.1
Date: Sat, 12 Nov 2022 04:47:31 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Content-Encoding: gzip
adultyiffyporn.gaysmills.gigixo.com/viewImage3?data=0c101014175e4b4b07000a0d4a140b160a140d07174a070b094b55565c544b554b5556544b5c5d575454575d544b5c5d575454575d543b5454553b525101504a0e1403
51.79.221.186200 167 B URL HTTP/1.1 adultyiffyporn.gaysmills.gigixo.com/viewImage3?data=0c101014175e4b4b07000a0d4a140b160a140d07174a070b094b55565c544b554b5556544b5c5d575454575d544b5c5d575454575d543b5454553b525101504a0e1403
IP 51.79.221.186:0
File type PNG image data, 1 x 1, 8-bit/color RGBA, non-interlaced\012- data
Hash 353b078eb77e5ee068e83b7503f3c75b
d0b2207fea4313a3ea391b94880f1d01e5ab1c89
297488a03131e435cb999248b75ed4ac78ae3bbf4c3366d8d57c821b2548dd8d
GET /viewImage3?data=0c101014175e4b4b07000a0d4a140b160a140d07174a070b094b55565c544b554b5556544b5c5d575454575d544b5c5d575454575d543b5454553b525101504a0e1403 HTTP/1.1
Host: adultyiffyporn.gaysmills.gigixo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://adultyiffyporn.gaysmills.gigixo.com/?daisy=20
HTTP/1.1 200
Server: nginx
Date: Sat, 12 Nov 2022 04:39:24 GMT
Transfer-Encoding: chunked
Connection: keep-alive
adsmediabox.com/jrt-yuvu.php?cid=2|160319|113814|no|114003|4330678|5675443|1|0|46|50304|,,,,,|4|0|0|1,6,24|0|0|en|1|1532635802|0
185.107.68.57200 OK 1.3 kB URL HTTP/1.1 adsmediabox.com/jrt-yuvu.php?cid=2|160319|113814|no|114003|4330678|5675443|1|0|46|50304|,,,,,|4|0|0|1,6,24|0|0|en|1|1532635802|0
IP 185.107.68.57:0
ASN #43350 NForce Entertainment B.V.
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (388)
Hash 07996c0cf2631a9a46d6d71c56fb2ad0
cd0d2d722e66f8d0c2488ec5c53101a722f0306d
7ef768f7fbec1d12ac2d903235ddd56f05ef9832868b52b72c7a63966fef603d
GET /jrt-yuvu.php?cid=2|160319|113814|no|114003|4330678|5675443|1|0|46|50304|,,,,,|4|0|0|1,6,24|0|0|en|1|1532635802|0 HTTP/1.1
Host: adsmediabox.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://go.eabids.com/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.16.1
Date: Sat, 12 Nov 2022 04:47:31 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Content-Encoding: gzip
adsmediabox.com/jrt-yuvu.php?cid=2|160319|5711849|no|114003|4330678|5675442|1|0|46|50304|,,,,,|4|0|0|3,4,6,11,12,14,30|0|0|en|1|1532635802|0
185.107.68.57301 Moved Permanently 169 B URL HTTP/1.1 adsmediabox.com/jrt-yuvu.php?cid=2|160319|5711849|no|114003|4330678|5675442|1|0|46|50304|,,,,,|4|0|0|3,4,6,11,12,14,30|0|0|en|1|1532635802|0
IP 185.107.68.57:0
ASN #43350 NForce Entertainment B.V.
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash bd6987d71fad7058a993a9028dc40454
3ed872fa3a00837bb008ad9d201850e2ea57a79f
f0e759f444eb3a324b621f0548919424455e81441d42ea6bc6bcd2b24fce1b92
GET /jrt-yuvu.php?cid=2|160319|5711849|no|114003|4330678|5675442|1|0|46|50304|,,,,,|4|0|0|3,4,6,11,12,14,30|0|0|en|1|1532635802|0 HTTP/1.1
Host: adsmediabox.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://go.eabids.com/
Upgrade-Insecure-Requests: 1
HTTP/1.1 301 Moved Permanently
Server: nginx/1.16.1
Date: Sat, 12 Nov 2022 04:47:31 GMT
Content-Type: text/html
Content-Length: 169
Connection: keep-alive
Location: https://adsmediabox.com/jrt-yuvu.php?cid=2|160319|5711849|no|114003|4330678|5675442|1|0|46|50304|,,,,,|4|0|0|3,4,6,11,12,14,30|0|0|en|1|1532635802|0
adsmediabox.com/jrt-yuvu.php?cid=2|160319|113814|no|114003|4330678|5675443|1|0|46|50304|,,,,,|4|0|0|1,6,24|0|0|en|1|1532635802|0
185.107.68.57200 OK 1.3 kB URL HTTP/1.1 adsmediabox.com/jrt-yuvu.php?cid=2|160319|113814|no|114003|4330678|5675443|1|0|46|50304|,,,,,|4|0|0|1,6,24|0|0|en|1|1532635802|0
IP 185.107.68.57:0
ASN #43350 NForce Entertainment B.V.
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (388)
Hash 07996c0cf2631a9a46d6d71c56fb2ad0
cd0d2d722e66f8d0c2488ec5c53101a722f0306d
7ef768f7fbec1d12ac2d903235ddd56f05ef9832868b52b72c7a63966fef603d
GET /jrt-yuvu.php?cid=2|160319|113814|no|114003|4330678|5675443|1|0|46|50304|,,,,,|4|0|0|1,6,24|0|0|en|1|1532635802|0 HTTP/1.1
Host: adsmediabox.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://go.eabids.com/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.16.1
Date: Sat, 12 Nov 2022 04:47:31 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Content-Encoding: gzip
adsmediabox.com/jrt-yuvu.php?cid=2|160319|5711849|no|114003|4330678|5675442|1|0|46|50304|,,,,,|4|0|0|3,4,6,11,12,14,30|0|0|en|1|1532635802|0
185.107.68.57200 OK 1.3 kB URL HTTP/1.1 adsmediabox.com/jrt-yuvu.php?cid=2|160319|5711849|no|114003|4330678|5675442|1|0|46|50304|,,,,,|4|0|0|3,4,6,11,12,14,30|0|0|en|1|1532635802|0
IP 185.107.68.57:0
ASN #43350 NForce Entertainment B.V.
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (388)
Hash c931530f7907dead2406cdd059995763
60d325d4251eed4e3fb182246fbff648abaed411
92f59a86b91ee9fcd69f7538939d43d56fa85a77de8264d8eeec5add50e02a74
GET /jrt-yuvu.php?cid=2|160319|5711849|no|114003|4330678|5675442|1|0|46|50304|,,,,,|4|0|0|3,4,6,11,12,14,30|0|0|en|1|1532635802|0 HTTP/1.1
Host: adsmediabox.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://go.eabids.com/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.16.1
Date: Sat, 12 Nov 2022 04:47:31 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Content-Encoding: gzip
go.eabids.com/banner.go?spaceid=5675443&keywords=&maincat=
217.22.19.194200 OK 592 B URL HTTP/1.1 go.eabids.com/banner.go?spaceid=5675443&keywords=&maincat=
IP 217.22.19.194:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (592), with no line terminators
Hash 91857635f04924687c887978b28d3dd7
985b14a36eb1d1d465eb8acae84c1ba41b434b44
83f209478c7154dc6cf0dab4ecd5a0f7f1f63ae892e207d9710b96b910525cb1
GET /banner.go?spaceid=5675443&keywords=&maincat= HTTP/1.1
Host: go.eabids.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://adultyiffyporn.gaysmills.gigixo.com/
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 12 Nov 2022 04:47:31 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 592
Connection: keep-alive
Expires: Mon, 03 Jul 2001 06:00:00 GMT
Last-Modified: Sat, 12 11 2022 04:47:31 GMT
Cache-Control: no-store, no-cache, must-revalidate, max-age=0,post-check=0, pre-check=0
Pragma: no-cache
X-Backend-Server: nl2-web-200
lcdn.tsyndicate.com/sdk/v1/b.b.js
8.247.219.121304 Not Modified 0 B URL HTTP/1.1 lcdn.tsyndicate.com/sdk/v1/b.b.js
IP 8.247.219.121:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /sdk/v1/b.b.js HTTP/1.1
Host: lcdn.tsyndicate.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://tsyndicate.com/
If-Modified-Since: Tue, 22 Feb 2022 13:07:15 GMT
If-None-Match: W/"6214e003-1eb1"
HTTP/1.1 304 Not Modified
Date: Tue, 08 Mar 2022 10:11:03 GMT
Connection: keep-alive
Last-Modified: Tue, 22 Feb 2022 13:07:15 GMT
Server: nginx
X-Robots-Tag: noindex, nofollow
Vary: Accept-Encoding
ETag: W/"6214e003-1eb1"
Age: 21494188
adultyiffyporn.gaysmills.gigixo.com/s3/ad_amt1_v-01/942.jpg
51.79.221.186200 OK 25 kB URL HTTP/1.1 adultyiffyporn.gaysmills.gigixo.com/s3/ad_amt1_v-01/942.jpg
IP 51.79.221.186:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 78x600, components 3\012- data
Hash 6c7df57583c4aad4872e01bd5419cb15
c386fcb2f401132290816f495a8a3b921037101a
c4fa6195cdb9ac428107b992388c7d57a3cb5be70380c7bb6f841f30ad98a046
GET /s3/ad_amt1_v-01/942.jpg HTTP/1.1
Host: adultyiffyporn.gaysmills.gigixo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://adultyiffyporn.gaysmills.gigixo.com/?daisy=20
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 12 Nov 2022 04:39:23 GMT
Content-Type: image/jpeg
Content-Length: 25378
Connection: keep-alive
Last-Modified: Wed, 31 Mar 2021 20:30:41 GMT
ETag: "6064dbf1-6322"
X-Cluster: web-cdn2
X-Cache: HIT
CF-Cache-Status: MISS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=UWCC9hNqNmTNCKgoud6xGLHypDF7%2FB3HV%2BZhwo8jrODYdV%2BEFVWVMpmNgonZx0xPJXIp3iU8a5W9%2FHazAhH2Pu1losHepMAxPBkpXR5yy41tAGrwdYm%2BjEO%2F81S7XUE%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
CF-RAY: 768ca1480d9c4733-SIN
alt-svc: h2=":443"; ma=60
X-Cache-Status: MISS
Cache-Control: max-age=14400, max-age=31536000
Accept-Ranges: bytes
www.effectivedisplayformat.com/3cb5727a16a2f566d5a822edf1d58427/invoke.js
173.233.137.52403 Forbidden 153 B URL HTTP/1.1 www.effectivedisplayformat.com/3cb5727a16a2f566d5a822edf1d58427/invoke.js
IP 173.233.137.52:0
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash 7e09e1576f6291c0085891265eb7a40d
14793915a06e324494165d445126eb727738b98b
a10c78f20e4d34574116b0ed5722cd3b1e4912b4e1daf61b1c0b8ad88ba47c18
GET /3cb5727a16a2f566d5a822edf1d58427/invoke.js HTTP/1.1
Host: www.effectivedisplayformat.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://adultyiffyporn.gaysmills.gigixo.com/
HTTP/1.1 403 Forbidden
Server: nginx/1.19.5
Date: Sat, 12 Nov 2022 04:47:31 GMT
Content-Type: text/html
Content-Length: 153
Connection: keep-alive
lcdn.tsyndicate.com/sdk/v1/b.b.js
8.247.219.121304 Not Modified 0 B URL HTTP/1.1 lcdn.tsyndicate.com/sdk/v1/b.b.js
IP 8.247.219.121:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /sdk/v1/b.b.js HTTP/1.1
Host: lcdn.tsyndicate.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://tsyndicate.com/
If-Modified-Since: Tue, 22 Feb 2022 13:07:15 GMT
If-None-Match: W/"6214e003-1eb1"
HTTP/1.1 304 Not Modified
Date: Tue, 08 Mar 2022 10:11:03 GMT
Connection: keep-alive
Last-Modified: Tue, 22 Feb 2022 13:07:15 GMT
Server: nginx
X-Robots-Tag: noindex, nofollow
Vary: Accept-Encoding
ETag: W/"6214e003-1eb1"
Age: 21494188
go.xxxijmp.com/smartpop/c3fa347280578e90a9e8ab1e6280c0e361524d151dcbfe6bb5b723fee947ce88?userId=ed4e3449202a44afa8131507a9d12a1c962321860e4bfcc2aa1b33a18897b60e&sourceId=226439&memberId=Y_Zc07lut86ysyEREKgenpxAtio7J4ZurAiuooIZKEv4xLH-AcDOXCLPVyShY1ghFe7Ev8TV1x1yQrv_nPKjxXCEvd8BZVUr4ZQwXkI_gUIDRUi&p1=3844240
104.18.51.106301 Moved Permanently 0 B URL HTTP/1.1 go.xxxijmp.com/smartpop/c3fa347280578e90a9e8ab1e6280c0e361524d151dcbfe6bb5b723fee947ce88?userId=ed4e3449202a44afa8131507a9d12a1c962321860e4bfcc2aa1b33a18897b60e&sourceId=226439&memberId=Y_Zc07lut86ysyEREKgenpxAtio7J4ZurAiuooIZKEv4xLH-AcDOXCLPVyShY1ghFe7Ev8TV1x1yQrv_nPKjxXCEvd8BZVUr4ZQwXkI_gUIDRUi&p1=3844240
IP 104.18.51.106:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /smartpop/c3fa347280578e90a9e8ab1e6280c0e361524d151dcbfe6bb5b723fee947ce88?userId=ed4e3449202a44afa8131507a9d12a1c962321860e4bfcc2aa1b33a18897b60e&sourceId=226439&memberId=Y_Zc07lut86ysyEREKgenpxAtio7J4ZurAiuooIZKEv4xLH-AcDOXCLPVyShY1ghFe7Ev8TV1x1yQrv_nPKjxXCEvd8BZVUr4ZQwXkI_gUIDRUi&p1=3844240 HTTP/1.1
Host: go.xxxijmp.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://tsyndicate.com/
Upgrade-Insecure-Requests: 1
HTTP/1.1 301 Moved Permanently
Date: Sat, 12 Nov 2022 04:47:31 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: max-age=3600
Expires: Sat, 12 Nov 2022 05:47:31 GMT
Location: https://go.xxxijmp.com/smartpop/c3fa347280578e90a9e8ab1e6280c0e361524d151dcbfe6bb5b723fee947ce88?userId=ed4e3449202a44afa8131507a9d12a1c962321860e4bfcc2aa1b33a18897b60e&sourceId=226439&memberId=Y_Zc07lut86ysyEREKgenpxAtio7J4ZurAiuooIZKEv4xLH-AcDOXCLPVyShY1ghFe7Ev8TV1x1yQrv_nPKjxXCEvd8BZVUr4ZQwXkI_gUIDRUi&p1=3844240
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 768ca14d2d190b06-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
biptolyla.com/adW.ZeyfPg3_Bi1jck2lh-anbo2p5ql_SsWtQu9vN-DxEy4zMAj_kC0DNECF0-0HMITJgKy_OMTNQO1PJ-nRpSvTbUm_VWJXZYDZ0-0bMcTdgey_OgThQi0jL-TlQmxnOoD_Iq5rNsDtU-?iframeId=nswhex
188.72.219.36200 OK 723 B URL HTTP/2 biptolyla.com/adW.ZeyfPg3_Bi1jck2lh-anbo2p5ql_SsWtQu9vN-DxEy4zMAj_kC0DNECF0-0HMITJgKy_OMTNQO1PJ-nRpSvTbUm_VWJXZYDZ0-0bMcTdgey_OgThQi0jL-TlQmxnOoD_Iq5rNsDtU-?iframeId=nswhex
IP 188.72.219.36:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (592)
Hash 4049be3e1b40929d332832297e538118
a2ed7f006d7cfe34a309b3c0fc02a0585b882bc2
60507fd5ef088a3f6e9467af64d1edbcc62835be2475996d7f8738e99c3f897d
GET /adW.ZeyfPg3_Bi1jck2lh-anbo2p5ql_SsWtQu9vN-DxEy4zMAj_kC0DNECF0-0HMITJgKy_OMTNQO1PJ-nRpSvTbUm_VWJXZYDZ0-0bMcTdgey_OgThQi0jL-TlQmxnOoD_Iq5rNsDtU-?iframeId=nswhex HTTP/1.1
Host: biptolyla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://adultyiffyporn.gaysmills.gigixo.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 12 Nov 2022 04:47:31 GMT
content-type: text/html;charset=UTF-8
vary: Accept-Encoding
expires: Mon, 26 Jul 2011 05:00:00 GMT
cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
pragma: no-cache
accept-ch: Sec-CH-UA-Platform-Version, Sec-CH-UA-Platform
p3p: CP="CUR ADM OUR NOR STA NID"
last-modified: Sat, 12 Nov 2022 04:47:31 GMT
set-cookie: kadCCap=212269:1:1667199062;218693:1:1667677974;219484:1:1667715065;219047:1:1667194435;220335:1:1668062440; max-age=1699764451; path=/
kadACap=346327:1:1668159823;446013:1:1668228435; max-age=1699764451; path=/
kadASCap=446013:1:1668228435;346327:1:1668159823; path=/
kadRPixJ=bnVsbA==; max-age=1699764451; path=/
kadUnP3=CAIQz7K4mwYaDQjzwZkBEAEYz7K4mwYaDQicl/4BEAEY08q8mwYiCggBEAEY08q8mwYiCggDEAEYz7K4mwYqDAiMvRIQARjPsribBioMCJ78JBABGNPKvJsG; max-age=1699764451; path=/
x-content-type-options: nosniff
content-encoding: br
X-Firefox-Spdy: h2
tsyndicate.com/iframes2/6a91f85098294907941c239ca45e3b90.html?keywords=Hot,sexy,tubes,stars,female,cock,tease,teases,kitty,fat,scanned,toom,kley,find,downloads,margaret,gay,gallerey,actresses,fucking,japanese,ebony,granny,nude,kasey,motorola,porn,free,iphon,amateur,fbvrtwgb,missy,russian,suprised,biting,forbidden,horny,bad,dancingqueen,her,french,watch,cell,hamster,family,solo,ottawa,time,sire,recurring,online,magicmovies,monster,india,tuttifrutti,thin,radili,hentia,andriod,babes,date,torrents,sisters,biggest,leg,amature,teensex,art,were,margera,facebook,jewish,experimental,anderson,dicks,culo,tape,downloadable,furry,who,guys,hanson,stocking,web,prostata,goes,starts,blonde,lesbian,hairy,deuxma,star,fingers,evanssx,rosie,coughlan,with,thick,animation,ebonyfox,teenage,just,massage,stars,female,cock,tease,teases,kitty,fat,scanned,toom,kley,find,downloads,margaret,gay,gallerey,actresses,fucking,japanese,ebony,granny,nude,kasey,motorola,porn,free,iphon,amateur,f&adb=0&clientjs=1&w=1280&h=1024&tz=0
136.243.75.209200 OK 1.2 kB URL HTTP/1.1 tsyndicate.com/iframes2/6a91f85098294907941c239ca45e3b90.html?keywords=Hot,sexy,tubes,stars,female,cock,tease,teases,kitty,fat,scanned,toom,kley,find,downloads,margaret,gay,gallerey,actresses,fucking,japanese,ebony,granny,nude,kasey,motorola,porn,free,iphon,amateur,fbvrtwgb,missy,russian,suprised,biting,forbidden,horny,bad,dancingqueen,her,french,watch,cell,hamster,family,solo,ottawa,time,sire,recurring,online,magicmovies,monster,india,tuttifrutti,thin,radili,hentia,andriod,babes,date,torrents,sisters,biggest,leg,amature,teensex,art,were,margera,facebook,jewish,experimental,anderson,dicks,culo,tape,downloadable,furry,who,guys,hanson,stocking,web,prostata,goes,starts,blonde,lesbian,hairy,deuxma,star,fingers,evanssx,rosie,coughlan,with,thick,animation,ebonyfox,teenage,just,massage,stars,female,cock,tease,teases,kitty,fat,scanned,toom,kley,find,downloads,margaret,gay,gallerey,actresses,fucking,japanese,ebony,granny,nude,kasey,motorola,porn,free,iphon,amateur,f&adb=0&clientjs=1&w=1280&h=1024&tz=0
IP 136.243.75.209:0
ASN #24940 Hetzner Online GmbH
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (2029)
Hash f52f417eab671263260fb239deb27273
342223f95efe028892c439b15f9e2a8d6100263c
19b3088928254b01263117aa6d79a645be2d2cb401ad9f730356b256cc1717ed
GET /iframes2/6a91f85098294907941c239ca45e3b90.html?keywords=Hot,sexy,tubes,stars,female,cock,tease,teases,kitty,fat,scanned,toom,kley,find,downloads,margaret,gay,gallerey,actresses,fucking,japanese,ebony,granny,nude,kasey,motorola,porn,free,iphon,amateur,fbvrtwgb,missy,russian,suprised,biting,forbidden,horny,bad,dancingqueen,her,french,watch,cell,hamster,family,solo,ottawa,time,sire,recurring,online,magicmovies,monster,india,tuttifrutti,thin,radili,hentia,andriod,babes,date,torrents,sisters,biggest,leg,amature,teensex,art,were,margera,facebook,jewish,experimental,anderson,dicks,culo,tape,downloadable,furry,who,guys,hanson,stocking,web,prostata,goes,starts,blonde,lesbian,hairy,deuxma,star,fingers,evanssx,rosie,coughlan,with,thick,animation,ebonyfox,teenage,just,massage,stars,female,cock,tease,teases,kitty,fat,scanned,toom,kley,find,downloads,margaret,gay,gallerey,actresses,fucking,japanese,ebony,granny,nude,kasey,motorola,porn,free,iphon,amateur,f&adb=0&clientjs=1&w=1280&h=1024&tz=0 HTTP/1.1
Host: tsyndicate.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://adultyiffyporn.gaysmills.gigixo.com/
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 12 Nov 2022 04:47:31 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Pragma: no-cache
Expires: 0
Vary: Accept-Encoding, *
X-Api-Version: 2
Link: <http://lcdn.tsyndicate.com/sdk/v1/b.b.js>; rel=preload; as=script
X-Request-Id: b4e585e2753ad15d
Cache-Control: no-cache, no-store, no-transform, must-revalidate, no-transform
X-Robots-Tag: none, noindex, nofollow
Report-To: { "url": "https://pxl.tsyndicate.com/api/v1/heavy-ad/report", "max_age": 86401 }
Content-Encoding: gzip
go.xxxijmp.com/smartpop/c3fa347280578e90a9e8ab1e6280c0e361524d151dcbfe6bb5b723fee947ce88?userId=ed4e3449202a44afa8131507a9d12a1c962321860e4bfcc2aa1b33a18897b60e&sourceId=349000&memberId=SOP7eT1CeFglSrkkuUhTPNc9N0l3Nrb3QO_2nTcWK7a-9e9CuZwiS-RZAFJu6kVdDqM6osvdb1VMXFygt-q8LGu8QNcTR5tKmFU0wdz2_gUIDRUi&p1=3684770&tag=men%2C-men
104.18.51.106301 Moved Permanently 0 B URL HTTP/1.1 go.xxxijmp.com/smartpop/c3fa347280578e90a9e8ab1e6280c0e361524d151dcbfe6bb5b723fee947ce88?userId=ed4e3449202a44afa8131507a9d12a1c962321860e4bfcc2aa1b33a18897b60e&sourceId=349000&memberId=SOP7eT1CeFglSrkkuUhTPNc9N0l3Nrb3QO_2nTcWK7a-9e9CuZwiS-RZAFJu6kVdDqM6osvdb1VMXFygt-q8LGu8QNcTR5tKmFU0wdz2_gUIDRUi&p1=3684770&tag=men%2C-men
IP 104.18.51.106:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /smartpop/c3fa347280578e90a9e8ab1e6280c0e361524d151dcbfe6bb5b723fee947ce88?userId=ed4e3449202a44afa8131507a9d12a1c962321860e4bfcc2aa1b33a18897b60e&sourceId=349000&memberId=SOP7eT1CeFglSrkkuUhTPNc9N0l3Nrb3QO_2nTcWK7a-9e9CuZwiS-RZAFJu6kVdDqM6osvdb1VMXFygt-q8LGu8QNcTR5tKmFU0wdz2_gUIDRUi&p1=3684770&tag=men%2C-men HTTP/1.1
Host: go.xxxijmp.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://tsyndicate.com/
Upgrade-Insecure-Requests: 1
HTTP/1.1 301 Moved Permanently
Date: Sat, 12 Nov 2022 04:47:31 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: max-age=3600
Expires: Sat, 12 Nov 2022 05:47:31 GMT
Location: https://go.xxxijmp.com/smartpop/c3fa347280578e90a9e8ab1e6280c0e361524d151dcbfe6bb5b723fee947ce88?userId=ed4e3449202a44afa8131507a9d12a1c962321860e4bfcc2aa1b33a18897b60e&sourceId=349000&memberId=SOP7eT1CeFglSrkkuUhTPNc9N0l3Nrb3QO_2nTcWK7a-9e9CuZwiS-RZAFJu6kVdDqM6osvdb1VMXFygt-q8LGu8QNcTR5tKmFU0wdz2_gUIDRUi&p1=3684770&tag=men%2C-men
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 768ca14dad2f0b06-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
chaturbate.com/in/?tour=dTm0&campaign=Q2cRU&track=e.iframe.NO&disable_sound=1&mobileRedirect=auto&embed_video_only=1&id=2|164978|449252|no|94553|40900043|5675445|1|0|46|50304|,,,,,|4|0|0|21,4,25|0|0|en|1|1532635802|0
104.18.100.40301 Moved Permanently 0 B URL HTTP/1.1 chaturbate.com/in/?tour=dTm0&campaign=Q2cRU&track=e.iframe.NO&disable_sound=1&mobileRedirect=auto&embed_video_only=1&id=2|164978|449252|no|94553|40900043|5675445|1|0|46|50304|,,,,,|4|0|0|21,4,25|0|0|en|1|1532635802|0
IP 104.18.100.40:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /in/?tour=dTm0&campaign=Q2cRU&track=e.iframe.NO&disable_sound=1&mobileRedirect=auto&embed_video_only=1&id=2|164978|449252|no|94553|40900043|5675445|1|0|46|50304|,,,,,|4|0|0|21,4,25|0|0|en|1|1532635802|0 HTTP/1.1
Host: chaturbate.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://go.eabids.com/
Upgrade-Insecure-Requests: 1
HTTP/1.1 301 Moved Permanently
Date: Sat, 12 Nov 2022 04:47:31 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: private
Location: https://chaturbate.com:443/in/?tour=dTm0&campaign=Q2cRU&track=e.iframe.NO&disable_sound=1&mobileRedirect=auto&embed_video_only=1&id=2|164978|449252|no|94553|40900043|5675445|1|0|46|50304|,,,,,|4|0|0|21,4,25|0|0|en|1|1532635802|0
CF-Cache-Status: DYNAMIC
Set-Cookie: __cf_bm=UeqNBLuwlj57lcQbjD9xPXp9qrR77wwn96YX6kSZQkY-1668228451-0-AVSJ4hLHZRg0Sxe57WoWK7cubFf/rnoS3mc5VElFBTGH0fDBIt26ibPecc1e3UrOLZNoKNr5W2ITTJpLBWIbvz8=; path=/; expires=Sat, 12-Nov-22 05:17:31 GMT; domain=.chaturbate.com; HttpOnly; SameSite=None
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=m6zfCLTxfJKjUkUyyFdoJWzoWrEeSdeIoCFGx%2FwV337YYGeo0eheKnDIUaLWMs7mVMbH%2FAApcYfyOwHhXu5vP%2BxwsPo%2FJOdJ2puhMWSwZt9uSQmlwC74Er8Ll6W%2Bn0j9"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 768ca14d9f4eb4fd-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 9152ecd4828f15144e9e1c0a4c87e67d
f6ce9e21763ccaa3a6972ca0f14709fec3fbb003
79626bb6ea9b4e4c7d3f2c3061173eac938f2e23efbdff0fc8b75a9689adf194
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "79626BB6EA9B4E4C7D3F2C3061173EAC938F2E23EFBDFF0FC8B75A9689ADF194"
Last-Modified: Thu, 10 Nov 2022 15:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9746
Expires: Sat, 12 Nov 2022 07:29:57 GMT
Date: Sat, 12 Nov 2022 04:47:31 GMT
Connection: keep-alive
go.xxxijmp.com/smartpop/c3fa347280578e90a9e8ab1e6280c0e361524d151dcbfe6bb5b723fee947ce88?userId=ed4e3449202a44afa8131507a9d12a1c962321860e4bfcc2aa1b33a18897b60e&sourceId=226439&memberId=CQH4nqNrZ0ibpkWNRIKNCRvvVhchTLAnWpl0RQ9pu5KS_GNq1CCf3p9QgLfYLdYszcBsvlRg_MvZ83o2_18iboq_kfyLwdPGXcsYQb4_gUIDRUi&p1=3844240
104.18.51.106302 Found 0 B URL HTTP/2 go.xxxijmp.com/smartpop/c3fa347280578e90a9e8ab1e6280c0e361524d151dcbfe6bb5b723fee947ce88?userId=ed4e3449202a44afa8131507a9d12a1c962321860e4bfcc2aa1b33a18897b60e&sourceId=226439&memberId=CQH4nqNrZ0ibpkWNRIKNCRvvVhchTLAnWpl0RQ9pu5KS_GNq1CCf3p9QgLfYLdYszcBsvlRg_MvZ83o2_18iboq_kfyLwdPGXcsYQb4_gUIDRUi&p1=3844240
IP 104.18.51.106:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /smartpop/c3fa347280578e90a9e8ab1e6280c0e361524d151dcbfe6bb5b723fee947ce88?userId=ed4e3449202a44afa8131507a9d12a1c962321860e4bfcc2aa1b33a18897b60e&sourceId=226439&memberId=CQH4nqNrZ0ibpkWNRIKNCRvvVhchTLAnWpl0RQ9pu5KS_GNq1CCf3p9QgLfYLdYszcBsvlRg_MvZ83o2_18iboq_kfyLwdPGXcsYQb4_gUIDRUi&p1=3844240 HTTP/1.1
Host: go.xxxijmp.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://tsyndicate.com/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 302 Found
date: Sat, 12 Nov 2022 04:47:31 GMT
content-length: 0
location: https://creative.xxxvjmp.com/widgets/v4/Universal?autoplay=firstThumb&autoplayForce=1&campaignId=c3fa347280578e90a9e8ab1e6280c0e361524d151dcbfe6bb5b723fee947ce88&campaignType=smartpop&creativeId=2c48f02b7b59f2305b4d9b63921786738d15ee3d046b229cd0dcf46146f982e5&iterationId=275152&kbLimit=3000&masterSmartpopId=1605&memberId=CQH4nqNrZ0ibpkWNRIKNCRvvVhchTLAnWpl0RQ9pu5KS_GNq1CCf3p9QgLfYLdYszcBsvlRg_MvZ83o2_18iboq_kfyLwdPGXcsYQb4_gUIDRUi&p1=3844240&quality=optimal&ruleId=3&smartpopId=1547&sourceId=226439&userId=ed4e3449202a44afa8131507a9d12a1c962321860e4bfcc2aa1b33a18897b60e&variationId=28764
access-control-allow-credentials: true
access-control-allow-headers: Content-Type, Content-Length, Accept-Encoding, x-requested-with
cf-cache-status: DYNAMIC
set-cookie: _var=808613.28764; Path=/; HttpOnly; SameSite=Strict
__cflb=02DiuDfsBaY2bRYJiCeSRSGTzNwtDfLbs3tmykEbAuYgc; SameSite=None; Secure; path=/; expires=Sun, 13-Nov-22 03:47:31 GMT; HttpOnly
server: cloudflare
cf-ray: 768ca14daa65b511-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
lcdn.tsyndicate.com/sdk/v1/b.b.js
8.247.219.121304 Not Modified 0 B URL HTTP/1.1 lcdn.tsyndicate.com/sdk/v1/b.b.js
IP 8.247.219.121:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /sdk/v1/b.b.js HTTP/1.1
Host: lcdn.tsyndicate.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://tsyndicate.com/
If-Modified-Since: Tue, 22 Feb 2022 13:07:15 GMT
If-None-Match: W/"6214e003-1eb1"
HTTP/1.1 304 Not Modified
Date: Tue, 08 Mar 2022 10:11:03 GMT
Connection: keep-alive
Last-Modified: Tue, 22 Feb 2022 13:07:15 GMT
Server: nginx
X-Robots-Tag: noindex, nofollow
Vary: Accept-Encoding
ETag: W/"6214e003-1eb1"
Age: 21494188
go.xxxijmp.com/smartpop/c3fa347280578e90a9e8ab1e6280c0e361524d151dcbfe6bb5b723fee947ce88?userId=ed4e3449202a44afa8131507a9d12a1c962321860e4bfcc2aa1b33a18897b60e&sourceId=226439&memberId=Y_Zc07lut86ysyEREKgenpxAtio7J4ZurAiuooIZKEv4xLH-AcDOXCLPVyShY1ghFe7Ev8TV1x1yQrv_nPKjxXCEvd8BZVUr4ZQwXkI_gUIDRUi&p1=3844240
104.18.51.106302 Found 0 B URL HTTP/2 go.xxxijmp.com/smartpop/c3fa347280578e90a9e8ab1e6280c0e361524d151dcbfe6bb5b723fee947ce88?userId=ed4e3449202a44afa8131507a9d12a1c962321860e4bfcc2aa1b33a18897b60e&sourceId=226439&memberId=Y_Zc07lut86ysyEREKgenpxAtio7J4ZurAiuooIZKEv4xLH-AcDOXCLPVyShY1ghFe7Ev8TV1x1yQrv_nPKjxXCEvd8BZVUr4ZQwXkI_gUIDRUi&p1=3844240
IP 104.18.51.106:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /smartpop/c3fa347280578e90a9e8ab1e6280c0e361524d151dcbfe6bb5b723fee947ce88?userId=ed4e3449202a44afa8131507a9d12a1c962321860e4bfcc2aa1b33a18897b60e&sourceId=226439&memberId=Y_Zc07lut86ysyEREKgenpxAtio7J4ZurAiuooIZKEv4xLH-AcDOXCLPVyShY1ghFe7Ev8TV1x1yQrv_nPKjxXCEvd8BZVUr4ZQwXkI_gUIDRUi&p1=3844240 HTTP/1.1
Host: go.xxxijmp.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://tsyndicate.com/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
date: Sat, 12 Nov 2022 04:47:31 GMT
content-length: 0
location: https://creative.xxxvjmp.com/widgets/v4/Universal?autoplay=firstThumb&autoplayForce=1&campaignId=c3fa347280578e90a9e8ab1e6280c0e361524d151dcbfe6bb5b723fee947ce88&campaignType=smartpop&creativeId=2c48f02b7b59f2305b4d9b63921786738d15ee3d046b229cd0dcf46146f982e5&iterationId=275152&kbLimit=3000&masterSmartpopId=1605&memberId=Y_Zc07lut86ysyEREKgenpxAtio7J4ZurAiuooIZKEv4xLH-AcDOXCLPVyShY1ghFe7Ev8TV1x1yQrv_nPKjxXCEvd8BZVUr4ZQwXkI_gUIDRUi&p1=3844240&quality=optimal&ruleId=3&smartpopId=1547&sourceId=226439&userId=ed4e3449202a44afa8131507a9d12a1c962321860e4bfcc2aa1b33a18897b60e&variationId=28764
access-control-allow-credentials: true
access-control-allow-headers: Content-Type, Content-Length, Accept-Encoding, x-requested-with
cf-cache-status: DYNAMIC
set-cookie: _var=808613.28764; Path=/; HttpOnly; SameSite=Strict
__cflb=02DiuDfsBaY2bRYJiCg3Rc4wrBy1LXpo8seX2Nkvxyv9r; SameSite=None; Secure; path=/; expires=Sun, 13-Nov-22 03:47:31 GMT; HttpOnly
server: cloudflare
cf-ray: 768ca14daa64b511-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 36be0767f70fd60e9c469279583f59e9
62e29146eafd0f3bfc06b5235144221397cbc52a
960b026beb7ec3e1a1167335518760ed44332118dcc4c4633d9c940f85f0f067
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "960B026BEB7EC3E1A1167335518760ED44332118DCC4C4633D9C940F85F0F067"
Last-Modified: Thu, 10 Nov 2022 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6402
Expires: Sat, 12 Nov 2022 06:34:13 GMT
Date: Sat, 12 Nov 2022 04:47:31 GMT
Connection: keep-alive
www.highperformancedisplayformat.com/c515a1f4fc3a36b04275034bdcef5c99/invoke.js
192.243.59.20403 Forbidden 0 B URL HTTP/1.1 www.highperformancedisplayformat.com/c515a1f4fc3a36b04275034bdcef5c99/invoke.js
IP 192.243.59.20:0
ASN #39572 DataWeb Global Group B.V.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /c515a1f4fc3a36b04275034bdcef5c99/invoke.js HTTP/1.1
Host: www.highperformancedisplayformat.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://adultyiffyporn.gaysmills.gigixo.com/
HTTP/1.1 403 Forbidden
Server: nginx/1.17.9
Date: Sat, 12 Nov 2022 04:47:31 GMT
Content-Type: application/javascript
Content-Length: 0
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
adsmediabox.com/jrt-yuvu.php?cid=2|160319|113814|no|114003|4330678|5675443|1|0|46|50304|,,,,,|4|0|0|1,6,24|0|0|en|1|1532635802|0
185.107.68.57200 OK 1.3 kB URL HTTP/1.1 adsmediabox.com/jrt-yuvu.php?cid=2|160319|113814|no|114003|4330678|5675443|1|0|46|50304|,,,,,|4|0|0|1,6,24|0|0|en|1|1532635802|0
IP 185.107.68.57:0
ASN #43350 NForce Entertainment B.V.
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (388)
Hash 07996c0cf2631a9a46d6d71c56fb2ad0
cd0d2d722e66f8d0c2488ec5c53101a722f0306d
7ef768f7fbec1d12ac2d903235ddd56f05ef9832868b52b72c7a63966fef603d
GET /jrt-yuvu.php?cid=2|160319|113814|no|114003|4330678|5675443|1|0|46|50304|,,,,,|4|0|0|1,6,24|0|0|en|1|1532635802|0 HTTP/1.1
Host: adsmediabox.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://go.eabids.com/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.16.1
Date: Sat, 12 Nov 2022 04:47:31 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Content-Encoding: gzip
lcdn.tsyndicate.com/error/banner.html
8.247.219.121200 OK 355 B URL HTTP/1.1 lcdn.tsyndicate.com/error/banner.html
IP 8.247.219.121:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text
Hash 8b1f15be621db10926fe9a4cf5e065a7
cbf25705dce9a6cdc92fca1b42924c31a4325b09
0a9c708f0537719d5a20bfaa8343363a0283320fb1776657d913a6a4f2030287
GET /error/banner.html HTTP/1.1
Host: lcdn.tsyndicate.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://tsyndicate.com/
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Date: Fri, 02 Sep 2022 00:07:36 GMT
Content-Type: text/html
Content-Length: 355
Connection: keep-alive
Last-Modified: Thu, 28 Jul 2022 14:10:05 GMT
Server: nginx
X-Robots-Tag: noindex, nofollow
Content-Encoding: gzip
Vary: Accept-Encoding
ETag: W/"62e298bd-297"
Age: 6151195
Accept-Ranges: bytes
cdn.tsyndicate.com/sdk/v1/bi.js
8.254.252.211304 Not Modified 0 B URL HTTP/1.1 cdn.tsyndicate.com/sdk/v1/bi.js
IP 8.254.252.211:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /sdk/v1/bi.js HTTP/1.1
Host: cdn.tsyndicate.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://adultyiffyporn.gaysmills.gigixo.com/
If-Modified-Since: Wed, 02 Nov 2022 12:54:39 GMT
If-None-Match: W/"6362688f-1e83"
HTTP/1.1 304 Not Modified
Date: Wed, 02 Nov 2022 13:06:57 GMT
Connection: keep-alive
Last-Modified: Wed, 02 Nov 2022 12:54:39 GMT
Server: nginx
X-Robots-Tag: noindex, nofollow
Vary: Accept-Encoding
ETag: W/"6362688f-1e83"
Age: 834034
go.xxxijmp.com/smartpop/c3fa347280578e90a9e8ab1e6280c0e361524d151dcbfe6bb5b723fee947ce88?userId=ed4e3449202a44afa8131507a9d12a1c962321860e4bfcc2aa1b33a18897b60e&sourceId=349000&memberId=SOP7eT1CeFglSrkkuUhTPNc9N0l3Nrb3QO_2nTcWK7a-9e9CuZwiS-RZAFJu6kVdDqM6osvdb1VMXFygt-q8LGu8QNcTR5tKmFU0wdz2_gUIDRUi&p1=3684770&tag=men%2C-men
104.18.51.106302 Found 0 B URL HTTP/2 go.xxxijmp.com/smartpop/c3fa347280578e90a9e8ab1e6280c0e361524d151dcbfe6bb5b723fee947ce88?userId=ed4e3449202a44afa8131507a9d12a1c962321860e4bfcc2aa1b33a18897b60e&sourceId=349000&memberId=SOP7eT1CeFglSrkkuUhTPNc9N0l3Nrb3QO_2nTcWK7a-9e9CuZwiS-RZAFJu6kVdDqM6osvdb1VMXFygt-q8LGu8QNcTR5tKmFU0wdz2_gUIDRUi&p1=3684770&tag=men%2C-men
IP 104.18.51.106:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /smartpop/c3fa347280578e90a9e8ab1e6280c0e361524d151dcbfe6bb5b723fee947ce88?userId=ed4e3449202a44afa8131507a9d12a1c962321860e4bfcc2aa1b33a18897b60e&sourceId=349000&memberId=SOP7eT1CeFglSrkkuUhTPNc9N0l3Nrb3QO_2nTcWK7a-9e9CuZwiS-RZAFJu6kVdDqM6osvdb1VMXFygt-q8LGu8QNcTR5tKmFU0wdz2_gUIDRUi&p1=3684770&tag=men%2C-men HTTP/1.1
Host: go.xxxijmp.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://tsyndicate.com/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 302 Found
date: Sat, 12 Nov 2022 04:47:31 GMT
content-length: 0
location: https://creative.xxxvjmp.com/widgets/v4/Universal?autoplay=firstThumb&autoplayForce=1&campaignId=c3fa347280578e90a9e8ab1e6280c0e361524d151dcbfe6bb5b723fee947ce88&campaignType=smartpop&creativeId=2c48f02b7b59f2305b4d9b63921786738d15ee3d046b229cd0dcf46146f982e5&iterationId=275152&kbLimit=3000&masterSmartpopId=1605&memberId=SOP7eT1CeFglSrkkuUhTPNc9N0l3Nrb3QO_2nTcWK7a-9e9CuZwiS-RZAFJu6kVdDqM6osvdb1VMXFygt-q8LGu8QNcTR5tKmFU0wdz2_gUIDRUi&p1=3684770&quality=optimal&ruleId=3&smartpopId=1547&sourceId=349000&tag=men%2C-men&userId=ed4e3449202a44afa8131507a9d12a1c962321860e4bfcc2aa1b33a18897b60e&variationId=28764
access-control-allow-credentials: true
access-control-allow-headers: Content-Type, Content-Length, Accept-Encoding, x-requested-with
cf-cache-status: DYNAMIC
set-cookie: _var=808613.28764; Path=/; HttpOnly; SameSite=Strict
__cflb=0H28uukSkGJRy5UBr1MAvzNuwf2BatFpBRKXMwDjXpQ; SameSite=None; Secure; path=/; expires=Sun, 13-Nov-22 03:47:31 GMT; HttpOnly
server: cloudflare
cf-ray: 768ca14dfa98b511-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
go.eabids.com/conversion.go?cid=2|160319|113814|no|114003|4330678|5675443|1|0|46|50304|,,,,,|4|0|0|1,6,24|0|0|en|1|1532635802|0&conv_type=a&output=js
217.22.19.194200 OK 0 B URL HTTP/2 go.eabids.com/conversion.go?cid=2|160319|113814|no|114003|4330678|5675443|1|0|46|50304|,,,,,|4|0|0|1,6,24|0|0|en|1|1532635802|0&conv_type=a&output=js
IP 217.22.19.194:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /conversion.go?cid=2|160319|113814|no|114003|4330678|5675443|1|0|46|50304|,,,,,|4|0|0|1,6,24|0|0|en|1|1532635802|0&conv_type=a&output=js HTTP/1.1
Host: go.eabids.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://adsmediabox.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Sat, 12 Nov 2022 04:47:31 GMT
content-type: application/javascript; charset=utf-8
content-length: 0
x-backend-server: nl2-web-205
X-Firefox-Spdy: h2
ads.eabids.com/adspace/3909011.js
217.22.19.194200 OK 207 B URL HTTP/2 ads.eabids.com/adspace/3909011.js
IP 217.22.19.194:0
File type ASCII text, with no line terminators
Hash 5b17ee22a70cf6add432c95a55c7e4e9
bf22476cb97fd0e479dbb125ba417187da09b5f0
1ef51e40bd976233b565cbc14966d39e801fe728bf5099afce1df9f3de4a3c2e
GET /adspace/3909011.js HTTP/1.1
Host: ads.eabids.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://adsmediabox.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Sat, 12 Nov 2022 04:47:31 GMT
content-type: application/javascript; charset=utf-8
content-length: 207
content-encoding: gzip
expires: Mon, 03 Jul 2001 06:00:00 GMT
last-modified: Sat, 12 11 2022 04:47:31 GMT
cache-control: no-store, no-cache, must-revalidate, max-age=0,post-check=0, pre-check=0
pragma: no-cache
x-backend-server: nl2-web-201
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 313 B IP 93.184.220.29:0
Hash 566cbfb367eb18abee45dd9e9ed63a93
db4f404cb6ce2e1783caba24c970cb938ffb760f
f6043ac5a5434e85d51ee2372a595201d8e63066c4ee5b7ef6a4935fdca225a7
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6529
Cache-Control: max-age=162833
Content-Type: application/ocsp-response
Date: Sat, 12 Nov 2022 04:47:31 GMT
Etag: "636ee4f3-139"
Expires: Mon, 14 Nov 2022 02:01:24 GMT
Last-Modified: Sat, 12 Nov 2022 00:12:35 GMT
Server: ECS (ska/F707)
X-Cache: HIT
Content-Length: 313
go.eabids.com/banner.go?spaceid=5675445&keywords=&maincat=
217.22.19.194200 OK 593 B URL HTTP/1.1 go.eabids.com/banner.go?spaceid=5675445&keywords=&maincat=
IP 217.22.19.194:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (593), with no line terminators
Hash 1f6cb597b88e4516d225fb49a16bcda9
1ef584fc5c3850fda1a784599d1c95b48eeb3218
f411a85ba626eb537c4db9f5c58e194fcc5b393ccc9bb96727b062a65951544d
GET /banner.go?spaceid=5675445&keywords=&maincat= HTTP/1.1
Host: go.eabids.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://adultyiffyporn.gaysmills.gigixo.com/
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 12 Nov 2022 04:47:31 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 593
Connection: keep-alive
Expires: Mon, 03 Jul 2001 06:00:00 GMT
Last-Modified: Sat, 12 11 2022 04:47:31 GMT
Cache-Control: no-store, no-cache, must-revalidate, max-age=0,post-check=0, pre-check=0
Pragma: no-cache
X-Backend-Server: nl2-web-200
go.eabids.com/conversion.go?cid=2|160319|5711849|no|114003|4330678|5675442|1|0|46|50304|,,,,,|4|0|0|3,4,6,11,12,14,30|0|0|en|1|1532635802|0&conv_type=a&output=js
217.22.19.194200 OK 0 B URL HTTP/2 go.eabids.com/conversion.go?cid=2|160319|5711849|no|114003|4330678|5675442|1|0|46|50304|,,,,,|4|0|0|3,4,6,11,12,14,30|0|0|en|1|1532635802|0&conv_type=a&output=js
IP 217.22.19.194:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /conversion.go?cid=2|160319|5711849|no|114003|4330678|5675442|1|0|46|50304|,,,,,|4|0|0|3,4,6,11,12,14,30|0|0|en|1|1532635802|0&conv_type=a&output=js HTTP/1.1
Host: go.eabids.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://adsmediabox.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Sat, 12 Nov 2022 04:47:31 GMT
content-type: application/javascript; charset=utf-8
content-length: 0
x-backend-server: nl2-web-205
X-Firefox-Spdy: h2
go.eabids.com/conversion.go?cid=2|160319|113814|no|114003|4330678|5675443|1|0|46|50304|,,,,,|4|0|0|1,6,24|0|0|en|1|1532635802|0&conv_type=a&output=js
217.22.19.194200 OK 0 B URL HTTP/2 go.eabids.com/conversion.go?cid=2|160319|113814|no|114003|4330678|5675443|1|0|46|50304|,,,,,|4|0|0|1,6,24|0|0|en|1|1532635802|0&conv_type=a&output=js
IP 217.22.19.194:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /conversion.go?cid=2|160319|113814|no|114003|4330678|5675443|1|0|46|50304|,,,,,|4|0|0|1,6,24|0|0|en|1|1532635802|0&conv_type=a&output=js HTTP/1.1
Host: go.eabids.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://adsmediabox.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 12 Nov 2022 04:47:31 GMT
content-type: application/javascript; charset=utf-8
content-length: 0
x-backend-server: nl2-web-205
X-Firefox-Spdy: h2
ads.eabids.com/adspace/3909011.js
217.22.19.194200 OK 207 B URL HTTP/2 ads.eabids.com/adspace/3909011.js
IP 217.22.19.194:0
File type ASCII text, with no line terminators
Hash 5b17ee22a70cf6add432c95a55c7e4e9
bf22476cb97fd0e479dbb125ba417187da09b5f0
1ef51e40bd976233b565cbc14966d39e801fe728bf5099afce1df9f3de4a3c2e
GET /adspace/3909011.js HTTP/1.1
Host: ads.eabids.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://adsmediabox.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 12 Nov 2022 04:47:31 GMT
content-type: application/javascript; charset=utf-8
content-length: 207
content-encoding: gzip
expires: Mon, 03 Jul 2001 06:00:00 GMT
last-modified: Sat, 12 11 2022 04:47:31 GMT
cache-control: no-store, no-cache, must-revalidate, max-age=0,post-check=0, pre-check=0
pragma: no-cache
x-backend-server: nl2-web-201
X-Firefox-Spdy: h2
ads.eabids.com/adspace/3909011.js
217.22.19.194200 OK 207 B URL HTTP/2 ads.eabids.com/adspace/3909011.js
IP 217.22.19.194:0
File type ASCII text, with no line terminators
Hash 5b17ee22a70cf6add432c95a55c7e4e9
bf22476cb97fd0e479dbb125ba417187da09b5f0
1ef51e40bd976233b565cbc14966d39e801fe728bf5099afce1df9f3de4a3c2e
GET /adspace/3909011.js HTTP/1.1
Host: ads.eabids.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://adsmediabox.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 12 Nov 2022 04:47:31 GMT
content-type: application/javascript; charset=utf-8
content-length: 207
content-encoding: gzip
expires: Mon, 03 Jul 2001 06:00:00 GMT
last-modified: Sat, 12 11 2022 04:47:31 GMT
cache-control: no-store, no-cache, must-revalidate, max-age=0,post-check=0, pre-check=0
pragma: no-cache
x-backend-server: nl2-web-201
X-Firefox-Spdy: h2
ads.eabids.com/adspace/3909011.js
217.22.19.194200 OK 207 B URL HTTP/2 ads.eabids.com/adspace/3909011.js
IP 217.22.19.194:0
File type ASCII text, with no line terminators
Hash 5b17ee22a70cf6add432c95a55c7e4e9
bf22476cb97fd0e479dbb125ba417187da09b5f0
1ef51e40bd976233b565cbc14966d39e801fe728bf5099afce1df9f3de4a3c2e
GET /adspace/3909011.js HTTP/1.1
Host: ads.eabids.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://adsmediabox.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 12 Nov 2022 04:47:31 GMT
content-type: application/javascript; charset=utf-8
content-length: 207
content-encoding: gzip
expires: Mon, 03 Jul 2001 06:00:00 GMT
last-modified: Sat, 12 11 2022 04:47:31 GMT
cache-control: no-store, no-cache, must-revalidate, max-age=0,post-check=0, pre-check=0
pragma: no-cache
x-backend-server: nl2-web-201
X-Firefox-Spdy: h2
go.eabids.com/banner.go?spaceid=5675443&keywords=&maincat=
217.22.19.194200 OK 592 B URL HTTP/1.1 go.eabids.com/banner.go?spaceid=5675443&keywords=&maincat=
IP 217.22.19.194:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (592), with no line terminators
Hash 91857635f04924687c887978b28d3dd7
985b14a36eb1d1d465eb8acae84c1ba41b434b44
83f209478c7154dc6cf0dab4ecd5a0f7f1f63ae892e207d9710b96b910525cb1
GET /banner.go?spaceid=5675443&keywords=&maincat= HTTP/1.1
Host: go.eabids.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://adultyiffyporn.gaysmills.gigixo.com/
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 12 Nov 2022 04:47:31 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 592
Connection: keep-alive
Expires: Mon, 03 Jul 2001 06:00:00 GMT
Last-Modified: Sat, 12 11 2022 04:47:31 GMT
Cache-Control: no-store, no-cache, must-revalidate, max-age=0,post-check=0, pre-check=0
Pragma: no-cache
X-Backend-Server: nl2-web-205
go.eabids.com/conversion.go?cid=2|160319|113814|no|114003|4330678|5675443|1|0|46|50304|,,,,,|4|0|0|1,6,24|0|0|en|1|1532635802|0&conv_type=a&output=js
217.22.19.194200 OK 0 B URL HTTP/2 go.eabids.com/conversion.go?cid=2|160319|113814|no|114003|4330678|5675443|1|0|46|50304|,,,,,|4|0|0|1,6,24|0|0|en|1|1532635802|0&conv_type=a&output=js
IP 217.22.19.194:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /conversion.go?cid=2|160319|113814|no|114003|4330678|5675443|1|0|46|50304|,,,,,|4|0|0|1,6,24|0|0|en|1|1532635802|0&conv_type=a&output=js HTTP/1.1
Host: go.eabids.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://adsmediabox.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 12 Nov 2022 04:47:31 GMT
content-type: application/javascript; charset=utf-8
content-length: 0
x-backend-server: nl2-web-205
X-Firefox-Spdy: h2
cdn.tsyndicate.com/sdk/v1/backup.banner.js
8.254.252.211200 OK 1.2 kB URL HTTP/1.1 cdn.tsyndicate.com/sdk/v1/backup.banner.js
IP 8.254.252.211:0
File type ASCII text, with very long lines (563)
Hash cd6adf45bdb6a23355b90a3c40c5c038
79d5b15bce4833a9bb4640bd4129f36e7d3cc773
f976d17e20c78a3484fd7f0b226f365af988e0c41c7bd9a5371aa24451e38b25
GET /sdk/v1/backup.banner.js HTTP/1.1
Host: cdn.tsyndicate.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://lcdn.tsyndicate.com/
HTTP/1.1 200 OK
Date: Wed, 02 Nov 2022 13:07:01 GMT
Content-Type: application/javascript
Content-Length: 1197
Connection: keep-alive
Last-Modified: Wed, 02 Nov 2022 12:53:52 GMT
Server: nginx
X-Robots-Tag: noindex, nofollow
Content-Encoding: gzip
Vary: Accept-Encoding
ETag: W/"63626860-b48"
Age: 834030
Accept-Ranges: bytes
adsmediabox.com/tr.php?utm_source=yuvu&utm_campaign=jrt&utm_medium=frm
185.107.68.57200 OK 369 B URL HTTP/1.1 adsmediabox.com/tr.php?utm_source=yuvu&utm_campaign=jrt&utm_medium=frm
IP 185.107.68.57:0
ASN #43350 NForce Entertainment B.V.
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash d8e5575db4702ec004608c6a9cdcb338
de6374ce22647186ddf4631043ebc55717e5c4bb
19ff55edf06bf16eac0dcc558ecb8b70543accba451b98630d9755cf6f9fa16f
GET /tr.php?utm_source=yuvu&utm_campaign=jrt&utm_medium=frm HTTP/1.1
Host: adsmediabox.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://adsmediabox.com/jrt-yuvu.php?cid=2|160319|113814|no|114003|4330678|5675443|1|0|46|50304|,,,,,|4|0|0|1,6,24|0|0|en|1|1532635802|0
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx/1.16.1
Date: Sat, 12 Nov 2022 04:47:31 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Content-Encoding: gzip
www.highperformancedisplayformat.com/c515a1f4fc3a36b04275034bdcef5c99/invoke.js
192.243.59.20403 Forbidden 0 B URL HTTP/1.1 www.highperformancedisplayformat.com/c515a1f4fc3a36b04275034bdcef5c99/invoke.js
IP 192.243.59.20:0
ASN #39572 DataWeb Global Group B.V.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /c515a1f4fc3a36b04275034bdcef5c99/invoke.js HTTP/1.1
Host: www.highperformancedisplayformat.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://adultyiffyporn.gaysmills.gigixo.com/
HTTP/1.1 403 Forbidden
Server: nginx/1.17.9
Date: Sat, 12 Nov 2022 04:47:31 GMT
Content-Type: application/javascript
Content-Length: 0
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
adsmediabox.com/yuvu.php?utm_source=ja&utm_medium=imp&utm_campaign=555555&t=166822845&sid=555555&cid=2|160319|113814|no|114003|4330678|5675443|1|0|46|50304|,,,,,|4|0|0|1,6,24|0|0|en|1|1532635802|0
185.107.68.57200 OK 703 B URL HTTP/1.1 adsmediabox.com/yuvu.php?utm_source=ja&utm_medium=imp&utm_campaign=555555&t=166822845&sid=555555&cid=2|160319|113814|no|114003|4330678|5675443|1|0|46|50304|,,,,,|4|0|0|1,6,24|0|0|en|1|1532635802|0
IP 185.107.68.57:0
ASN #43350 NForce Entertainment B.V.
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (328)
Hash 47e3210b012cb85a827beab76a357075
ecc5ac4dab16dc820ba3dc224e11a1a8dcd57c24
6dc2b80d512e9f6dcac288d587f7ae21afbac1d0caa7de74aa2aace1958162b7
GET /yuvu.php?utm_source=ja&utm_medium=imp&utm_campaign=555555&t=166822845&sid=555555&cid=2|160319|113814|no|114003|4330678|5675443|1|0|46|50304|,,,,,|4|0|0|1,6,24|0|0|en|1|1532635802|0 HTTP/1.1
Host: adsmediabox.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://adsmediabox.com/jrt-yuvu.php?cid=2|160319|113814|no|114003|4330678|5675443|1|0|46|50304|,,,,,|4|0|0|1,6,24|0|0|en|1|1532635802|0
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx/1.16.1
Date: Sat, 12 Nov 2022 04:47:31 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: __t15re=1; expires=Sun, 13-Nov-2022 04:47:31 GMT; Max-Age=86400; path=/
Content-Encoding: gzip
go.eabids.com/conversion.go?cid=2|160319|113814|no|114003|4330678|5675443|1|0|46|50304|,,,,,|4|0|0|1,6,24|0|0|en|1|1532635802|0&conv_type=a&output=js
217.22.19.194200 OK 0 B URL HTTP/2 go.eabids.com/conversion.go?cid=2|160319|113814|no|114003|4330678|5675443|1|0|46|50304|,,,,,|4|0|0|1,6,24|0|0|en|1|1532635802|0&conv_type=a&output=js
IP 217.22.19.194:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /conversion.go?cid=2|160319|113814|no|114003|4330678|5675443|1|0|46|50304|,,,,,|4|0|0|1,6,24|0|0|en|1|1532635802|0&conv_type=a&output=js HTTP/1.1
Host: go.eabids.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://adsmediabox.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 12 Nov 2022 04:47:31 GMT
content-type: application/javascript; charset=utf-8
content-length: 0
x-backend-server: nl2-web-205
X-Firefox-Spdy: h2
ads.eabids.com/adspace/3909011.js
217.22.19.194200 OK 207 B URL HTTP/2 ads.eabids.com/adspace/3909011.js
IP 217.22.19.194:0
File type ASCII text, with no line terminators
Hash 5b17ee22a70cf6add432c95a55c7e4e9
bf22476cb97fd0e479dbb125ba417187da09b5f0
1ef51e40bd976233b565cbc14966d39e801fe728bf5099afce1df9f3de4a3c2e
GET /adspace/3909011.js HTTP/1.1
Host: ads.eabids.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://adsmediabox.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 12 Nov 2022 04:47:31 GMT
content-type: application/javascript; charset=utf-8
content-length: 207
content-encoding: gzip
expires: Mon, 03 Jul 2001 06:00:00 GMT
last-modified: Sat, 12 11 2022 04:47:31 GMT
cache-control: no-store, no-cache, must-revalidate, max-age=0,post-check=0, pre-check=0
pragma: no-cache
x-backend-server: nl2-web-201
X-Firefox-Spdy: h2
tsyndicate.com/iframes2/6a91f85098294907941c239ca45e3b90.html?keywords=Hot,sexy,tubes,stars,female,cock,tease,teases,kitty,fat,scanned,toom,kley,find,downloads,margaret,gay,gallerey,actresses,fucking,japanese,ebony,granny,nude,kasey,motorola,porn,free,iphon,amateur,fbvrtwgb,missy,russian,suprised,biting,forbidden,horny,bad,dancingqueen,her,french,watch,cell,hamster,family,solo,ottawa,time,sire,recurring,online,magicmovies,monster,india,tuttifrutti,thin,radili,hentia,andriod,babes,date,torrents,sisters,biggest,leg,amature,teensex,art,were,margera,facebook,jewish,experimental,anderson,dicks,culo,tape,downloadable,furry,who,guys,hanson,stocking,web,prostata,goes,starts,blonde,lesbian,hairy,deuxma,star,fingers,evanssx,rosie,coughlan,with,thick,animation,ebonyfox,teenage,just,massage,stars,female,cock,tease,teases,kitty,fat,scanned,toom,kley,find,downloads,margaret,gay,gallerey,actresses,fucking,japanese,ebony,granny,nude,kasey,motorola,porn,free,iphon,amateur,f&adb=0&clientjs=1&w=1280&h=1024&tz=0
136.243.75.209200 OK 1.2 kB URL HTTP/1.1 tsyndicate.com/iframes2/6a91f85098294907941c239ca45e3b90.html?keywords=Hot,sexy,tubes,stars,female,cock,tease,teases,kitty,fat,scanned,toom,kley,find,downloads,margaret,gay,gallerey,actresses,fucking,japanese,ebony,granny,nude,kasey,motorola,porn,free,iphon,amateur,fbvrtwgb,missy,russian,suprised,biting,forbidden,horny,bad,dancingqueen,her,french,watch,cell,hamster,family,solo,ottawa,time,sire,recurring,online,magicmovies,monster,india,tuttifrutti,thin,radili,hentia,andriod,babes,date,torrents,sisters,biggest,leg,amature,teensex,art,were,margera,facebook,jewish,experimental,anderson,dicks,culo,tape,downloadable,furry,who,guys,hanson,stocking,web,prostata,goes,starts,blonde,lesbian,hairy,deuxma,star,fingers,evanssx,rosie,coughlan,with,thick,animation,ebonyfox,teenage,just,massage,stars,female,cock,tease,teases,kitty,fat,scanned,toom,kley,find,downloads,margaret,gay,gallerey,actresses,fucking,japanese,ebony,granny,nude,kasey,motorola,porn,free,iphon,amateur,f&adb=0&clientjs=1&w=1280&h=1024&tz=0
IP 136.243.75.209:0
ASN #24940 Hetzner Online GmbH
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (2029)
Hash f52f417eab671263260fb239deb27273
342223f95efe028892c439b15f9e2a8d6100263c
19b3088928254b01263117aa6d79a645be2d2cb401ad9f730356b256cc1717ed
GET /iframes2/6a91f85098294907941c239ca45e3b90.html?keywords=Hot,sexy,tubes,stars,female,cock,tease,teases,kitty,fat,scanned,toom,kley,find,downloads,margaret,gay,gallerey,actresses,fucking,japanese,ebony,granny,nude,kasey,motorola,porn,free,iphon,amateur,fbvrtwgb,missy,russian,suprised,biting,forbidden,horny,bad,dancingqueen,her,french,watch,cell,hamster,family,solo,ottawa,time,sire,recurring,online,magicmovies,monster,india,tuttifrutti,thin,radili,hentia,andriod,babes,date,torrents,sisters,biggest,leg,amature,teensex,art,were,margera,facebook,jewish,experimental,anderson,dicks,culo,tape,downloadable,furry,who,guys,hanson,stocking,web,prostata,goes,starts,blonde,lesbian,hairy,deuxma,star,fingers,evanssx,rosie,coughlan,with,thick,animation,ebonyfox,teenage,just,massage,stars,female,cock,tease,teases,kitty,fat,scanned,toom,kley,find,downloads,margaret,gay,gallerey,actresses,fucking,japanese,ebony,granny,nude,kasey,motorola,porn,free,iphon,amateur,f&adb=0&clientjs=1&w=1280&h=1024&tz=0 HTTP/1.1
Host: tsyndicate.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://adultyiffyporn.gaysmills.gigixo.com/
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 12 Nov 2022 04:47:31 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Pragma: no-cache
Expires: 0
Vary: Accept-Encoding, *
X-Api-Version: 2
Link: <http://lcdn.tsyndicate.com/sdk/v1/b.b.js>; rel=preload; as=script
X-Request-Id: 6bc3914a8fb424f8
Cache-Control: no-cache, no-store, no-transform, must-revalidate, no-transform
X-Robots-Tag: none, noindex, nofollow
Report-To: { "url": "https://pxl.tsyndicate.com/api/v1/heavy-ad/report", "max_age": 86401 }
Content-Encoding: gzip
go.eabids.com/banner.go?spaceid=5675442&keywords=&maincat=
217.22.19.194200 OK 1.7 kB URL HTTP/1.1 go.eabids.com/banner.go?spaceid=5675442&keywords=&maincat=
IP 217.22.19.194:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (1688), with no line terminators
Hash 23d81dcf5c7f8046b23bfd5539e4cdfe
971152dd1a193762706551499b3e452d9cec3f9b
282bf5ca80b8259c58483aed2b1479cac6bc25c86b69fd6c845ab270983fe118
GET /banner.go?spaceid=5675442&keywords=&maincat= HTTP/1.1
Host: go.eabids.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://adultyiffyporn.gaysmills.gigixo.com/
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 12 Nov 2022 04:47:31 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 1688
Connection: keep-alive
Expires: Mon, 03 Jul 2001 06:00:00 GMT
Last-Modified: Sat, 12 11 2022 04:47:31 GMT
Cache-Control: no-store, no-cache, must-revalidate, max-age=0,post-check=0, pre-check=0
Pragma: no-cache
X-Backend-Server: nl2-web-203
biptolyla.com/auW.ZNyzQu2r9FkyZnT/9U6gbE2C5mlFS/WvQT9RNPDlE/4OMrjrk/0HN/Cc0N0/MLT/g/yNOkTTQK1ZJPnEB-1KcV2-hiaRbO2/5/lGS/WeQs9iNIDeEZ4rMtjTkS0/NVCI0R0UMWT/gwy/OlTQQ/1R
188.72.219.36200 OK 5.7 kB URL HTTP/2 biptolyla.com/auW.ZNyzQu2r9FkyZnT/9U6gbE2C5mlFS/WvQT9RNPDlE/4OMrjrk/0HN/Cc0N0/MLT/g/yNOkTTQK1ZJPnEB-1KcV2-hiaRbO2/5/lGS/WeQs9iNIDeEZ4rMtjTkS0/NVCI0R0UMWT/gwy/OlTQQ/1R
IP 188.72.219.36:0
File type ASCII text, with very long lines (2401)
Hash 505dff205d11db8f4ab11de9589ecf46
50d8af012c1fef11f772cbd44cc5e17985e39746
792f4a093578d064736db843d3a64990d87c914cb94b19496a28365d502824b5
GET /auW.ZNyzQu2r9FkyZnT/9U6gbE2C5mlFS/WvQT9RNPDlE/4OMrjrk/0HN/Cc0N0/MLT/g/yNOkTTQK1ZJPnEB-1KcV2-hiaRbO2/5/lGS/WeQs9iNIDeEZ4rMtjTkS0/NVCI0R0UMWT/gwy/OlTQQ/1R HTTP/1.1
Host: biptolyla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://adultyiffyporn.gaysmills.gigixo.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 12 Nov 2022 04:47:31 GMT
content-type: application/javascript
vary: Accept-Encoding
expires: Mon, 26 Jul 2011 05:00:00 GMT
cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
pragma: no-cache
accept-ch: Sec-CH-UA-Platform-Version, Sec-CH-UA-Platform
x-content-type-options: nosniff
content-encoding: br
X-Firefox-Spdy: h2
adsmediabox.com/yuvu.php?utm_source=ja&utm_medium=imp&utm_campaign=555555&t=166822845&sid=555555&cid=2|160319|5711849|no|114003|4330678|5675442|1|0|46|50304|,,,,,|4|0|0|3,4,6,11,12,14,30|0|0|en|1|1532635802|0
185.107.68.57200 OK 715 B URL HTTP/1.1 adsmediabox.com/yuvu.php?utm_source=ja&utm_medium=imp&utm_campaign=555555&t=166822845&sid=555555&cid=2|160319|5711849|no|114003|4330678|5675442|1|0|46|50304|,,,,,|4|0|0|3,4,6,11,12,14,30|0|0|en|1|1532635802|0
IP 185.107.68.57:0
ASN #43350 NForce Entertainment B.V.
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (328)
Hash a3d09eff8f2ece4f2d37392250b08516
42de2ecbb236ea1e2d68140b32f6db2aed97ea4e
9b021d867d16fcb66355fd992c1e096ccc4450d217bb90435acbfc7aa96c5b43
GET /yuvu.php?utm_source=ja&utm_medium=imp&utm_campaign=555555&t=166822845&sid=555555&cid=2|160319|5711849|no|114003|4330678|5675442|1|0|46|50304|,,,,,|4|0|0|3,4,6,11,12,14,30|0|0|en|1|1532635802|0 HTTP/1.1
Host: adsmediabox.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://adsmediabox.com/jrt-yuvu.php?cid=2|160319|5711849|no|114003|4330678|5675442|1|0|46|50304|,,,,,|4|0|0|3,4,6,11,12,14,30|0|0|en|1|1532635802|0
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx/1.16.1
Date: Sat, 12 Nov 2022 04:47:31 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: __t15re=1; expires=Sun, 13-Nov-2022 04:47:31 GMT; Max-Age=86400; path=/
Content-Encoding: gzip
syndication.realsrv.com/ads-iframe-display.php?idzone=4211484&type=300x250&p=http%3A//adultyiffyporn.gaysmills.gigixo.com/&dt=1668228451055&sub=&tags=&cookieconsent=true&screen_resolution=1280x1024&el=%22
95.211.229.247200 OK 1.4 kB URL HTTP/1.1 syndication.realsrv.com/ads-iframe-display.php?idzone=4211484&type=300x250&p=http%3A//adultyiffyporn.gaysmills.gigixo.com/&dt=1668228451055&sub=&tags=&cookieconsent=true&screen_resolution=1280x1024&el=%22
IP 95.211.229.247:0
ASN #60781 LeaseWeb Netherlands B.V.
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (1208)
Hash 3f20aa2c9c3a6d41cba83330e3cba7b3
eb8a93ca757d26b9622efc4e78b121d34b279127
a293488d54647e053664e73f3b62d86ca8aaa514c58fddc7ea03a7251a60fde9
GET /ads-iframe-display.php?idzone=4211484&type=300x250&p=http%3A//adultyiffyporn.gaysmills.gigixo.com/&dt=1668228451055&sub=&tags=&cookieconsent=true&screen_resolution=1280x1024&el=%22 HTTP/1.1
Host: syndication.realsrv.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://biptolyla.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 12 Nov 2022 04:47:31 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-cache, must-revalidate
Pragma: no-cache
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Set-Cookie: __uvt=a%3A1%3A%7Bi%3A0%3Bs%3A33%3A%22636f2563a4f4d5.034120211088011654%22%3B%7D; expires=Mon, 11 Nov 2024 04:47:31 GMT; path=; domain=.realsrv.com; Secure; SameSite=none
impressions=cmmsxrbonxgxaambboecmgeicmmsxaeenxgxaamaxcmxogeimacslbecnxgxaaabssxamgeislsaroornxgxaamblrmrbgeicxbmsbxcnxgxaaboebxemgeioslmrxlrnxgxaabeooxlageiccmmlmlcnxgxaamllsrcageialbsereanxgxaamllsrcageioslmrxbrnxgxaaboebxemgeicxbmsbcenxgxaabxsomclgeioslmrxlsnxgxaabeolsbcgeicxbmsbocnxgxaaboocxmogeicxbmsboenxgxaaboebxemgeiclsmarcanxgxaaallsxlcgeiclsmrrmanxgxaaallsxlcgeirbabxabbnxgxaambsrbelgeiccmmlleanxgxaameaxobogeimcrxsbcenxgxaameollsmgeimreaoboenxgxaameollsmgeimcclosscnxgxaaboxobmbgeimacslbeenxgxaamecsolcgeioslmroemnxgxaabxsomclgeioslmrxbmnxgxaabxoobsageicaxsscmbnxgxaamalsseageicaormlxonxgxaamealeoegeicaormbmcnxgxaamealeoegeimcclsxscnxgxaamsmxlcageimccloscanxgxaaboebxemgeimreaomxenxgxaamelbbsbgeimreaobscnxgxaamelbbsbgeimcclosconxgxaamxcrescgeimcclsoeonxgxaamxaacblgeimacslbeonxgxaaboocxmogeimcclsxsanxgxaamsmxlcageimcclsxlbnxgxaamssmcolgeimaecseaonxgxaamssmcolgeimaecsxeonxgxaamssmcolgeimaecseronxgxaamssmcolgeimrblelrenxgxaamssmcolgeiccmmllebnxgxaaboxobmbgeimcclsxlonxgxaamcsebsxgeimcclsoeenxgxaamcrclalgeimcclsxsbnxgxaamcrclalgeimcclossbnxgxaammemsrlgeimcclsxlcnxgxaamrscxmxgeimaecseranxgxaamrsseregeimcclosccnxgxaamrscxmxgeicaormlxcnxgxaabxlrcrxgeicaormbmbnxgxaabxlrcrxgeiclsmrbsenxgxaamaxcsxcgeialbserebnxgxaabeooxlageimcclsxconxgxaaboebxemgeimcclsxmenxgxaaboebxemgeialbserxonxgxaamammmlcgeimccloscenxgxaamabsxrmgeimcclsxxonxgxaamabbxbageimcclsxbcnxgxaammclslageicaormlxanxgxaammacmrxgeimcclsxaonxgxaambmrobegeimrblxxxbnxgxaambboecmgeimrblxelcnxgxaambboecmgeimrblxxrbnxgxaambboecmgeialbserxenxgxaabeexbbogeimacslbeanxgxaabesecoogeimxlbalcenogxaabxcososgxcceimemlxbocnxgxaabxcososgxcceimxlbmxlenogxaabxcososgxcceimclsaoxbnrgxaabxcoscogxcceimarmaaaonxgxaabxcoscogxcceimcoaxmxcncgxaabxcrramgxcceimrxmbarenxgxaabxcrramgxcceimclxlloanxgxaabxclexxgxcceimrxccosenogxaabxclexxgxcceimxlbmxlonogxaabxclexogxcceimrsreabenogxaabxmxblxgxcceimxlbmoscnogxaabxmlmalgxcceimaoobrbcnsgxaabxbelrxgxcceiceecmorsnxgxaabxbelrxgxcceimaoobrbancgxaabxbelrxgxcceimxlbmosansgxaabxbxoebgxcceimxlbmoconogxaabxbxoelgxcceialaroxrcnxgxaabxbomxrgxcceimexexabbnxgxaabxbomxrgxcceimxxrecsanxgxaabxbolsbgxcceialbbebsanxgxaabxblxaxgxcceimaoolcoenxgxaabxblxabgxcceimcoaxmxoncgxaabxlebsegxcceixaoossalnxgxaabxlebsegxcceimaslbxccnogxaabxlososgxcceimxeemlxenogxaabxlososgxcceixaoosscrnxgxaabxlososgxcceimeembesonxgxaabxlrxorgxcceimaslbxcanogxaabxlrxorgxcceimcssmlronsgxaabxlrxorgxcceimxlbmxlcnogxaabxlrxorgxcceimxlbalsbnogxaabxlrxorgxcceimsacexoonxgxaabxlrxorgxcceimcssmlrensgxaabxlrxorgxcceimcssmlrcnsgxaabxlrcrxgxcceimsleoaronxgxaabxlrbxlgxcceimemlxmcbnxgxaabxlrbxlgxcceimrsreambnogxaabxlmbobgxcceialbbbllanxgxaabxlmbobgxcceimrsmcsebnsgxaabxlbslxgxcceimsbebobbnxgxaabxlbslxgxcceiaaxcamlanxgxaabxlbrsmgxcceimxlbmoobnogxaabxlbmsagxcceimxlbmosenogxaaboeoaexgxcceimxcbrxscnxgxaaboeoaeogxcceialrexeooncgxaaboeoaeogxcceimxcbrxlonxgxaaboeoaeogxcceimeembescnxgxaaboeoaeogxcceimaoobbebnxgxaaboesrrrgxcceialbbebsbnxgxaaboesrrrgxcceiaaxcamlcnxgxaaboesrlmgxcceimeembecenxgxaaboesrlmgxcceimacberlonxgxaaboecsmrgxcceimxlbalscncgxaaboeclcrgxcceimxlbmxbbnsgxaaboeclcrgxcceimrxccoscnxgxaaboeroblgxcceimocolrocnxgxaaboersxrgxcceicmarxbbonsgxaaboeaxxagxcceimxcbrxcbnxgxaaboeaxxagxcceicloaxxabnxgxaaboeaxxagxcceimrsreamanxgxaaboemxosgxcceialxosmbanxgxaaboebxeagxcceimxcbrxronogxaaboebxemgxcceicloaxxacnxgxaaboebxebgxcceicloaxxaanogxaaboxexxcgxcceicloaxxmenxgxaaboxexxcgxcceicbbmelocnxgxaaboxeborgxcceimasbmxsensgxaaboxeboagxcceimrxccosanogxaaboxelobgxcceialbserecnxgxaaboxobmbgeimxeoxsacnxgxaaboxobmbgxcceimrmaobxanogxaaboxcbexgxcceirrmlllronxgxaaboxcbexgxcceialbbebrenxgxaaboxcbeogxcceialbbbllcnxgxaaboxraxxgxcceimxeoxsbenogxaaboxlbemgxcceimocbmmmcnxgxaabooeecrgxcceimrcscrsonxgxaabooeelegxcceimxcbrxlcnxgxaabooeelegxcceiraclralcnxgxaabooeelegxcceimraeelaanxgxaabooobacgxcceimeelaclcnrgxaaboosrmrgxcceimxcbrxrbnxgxaaboocxmogxcceialbbblbcnxgxaabooreaxgxcceimessmeobnxgxaabooaxxagxcceimraeelabnxgxaabooaxxagxcceimarmaamonxgxaabooaxxagxcceimaoolslanxgxaaboobcssgxcceimeelaclonsgxaaboobcscgaeimeelaclanxgxaaboobcrxgae; expires=Sun, 13 Nov 2022 04:47:31 GMT; path=/; domain=.realsrv.com; Secure; SameSite=none
X-Robots-Tag: noindex, follow
Content-Encoding: gzip
syndication.realsrv.com/ads-iframe-display.php?idzone=4207634&type=300x250&p=http%3A//adultyiffyporn.gaysmills.gigixo.com/&dt=1668228451047&sub=&tags=&cookieconsent=true&screen_resolution=1280x1024&el=%22
95.211.229.247200 OK 836 B URL HTTP/1.1 syndication.realsrv.com/ads-iframe-display.php?idzone=4207634&type=300x250&p=http%3A//adultyiffyporn.gaysmills.gigixo.com/&dt=1668228451047&sub=&tags=&cookieconsent=true&screen_resolution=1280x1024&el=%22
IP 95.211.229.247:0
ASN #60781 LeaseWeb Netherlands B.V.
File type HTML document text\012- HTML document, ASCII text, with very long lines (1714), with no line terminators
Hash 132665b8b85683a78bd6ca295f43b292
949bfe45a63a025ff51cf7640741609a54010c12
280756ee8fb93d987c7120ccfe7924fa41a43ac736771c231bd926a485f29059
GET /ads-iframe-display.php?idzone=4207634&type=300x250&p=http%3A//adultyiffyporn.gaysmills.gigixo.com/&dt=1668228451047&sub=&tags=&cookieconsent=true&screen_resolution=1280x1024&el=%22 HTTP/1.1
Host: syndication.realsrv.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://biptolyla.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 12 Nov 2022 04:47:31 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-cache, must-revalidate
Pragma: no-cache
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Set-Cookie: __uvt=a%3A1%3A%7Bi%3A0%3Bs%3A31%3A%22636f2563a80674.2191300497970390%22%3B%7D; expires=Mon, 11 Nov 2024 04:47:31 GMT; path=; domain=.realsrv.com; Secure; SameSite=none
impressions=cmmsxrbonxgxaambboecmgeicmmsxaeenxgxaamaxcmxogeimacslbecnxgxaaabssxamgeislsaroornxgxaamblrmrbgeicxbmsbxcnxgxaaboebxemgeioslmrxlrnxgxaabeooxlageiccmmlmlcnxgxaamllsrcageialbsereanxgxaamllsrcageioslmrxbrnxgxaaboebxemgeicxbmsbcenxgxaabxsomclgeioslmrxlsnxgxaabeolsbcgeicxbmsbocnxgxaaboocxmogeicxbmsboenxgxaaboebxemgeiclsmarcanxgxaaallsxlcgeiclsmrrmanxgxaaallsxlcgeirbabxabbnxgxaambsrbelgeiccmmlleanxgxaameaxobogeimcrxsbcenxgxaameollsmgeimreaoboenxgxaameollsmgeimcclosscnxgxaaboxobmbgeimacslbeenxgxaamecsolcgeioslmroemnxgxaabxsomclgeioslmrxbmnxgxaabxoobsageicaxsscmbnxgxaamalsseageicaormlxonxgxaamealeoegeicaormbmcnxgxaamealeoegeimcclsxscnxgxaamsmxlcageimccloscanxgxaaboebxemgeimreaomxenxgxaamelbbsbgeimreaobscnxgxaamelbbsbgeimcclosconxgxaamxcrescgeimcclsoeonxgxaamxaacblgeimacslbeonxgxaaboocxmogeimcclsxsanxgxaamsmxlcageimcclsxlbnxgxaamssmcolgeimaecseaonxgxaamssmcolgeimaecsxeonxgxaamssmcolgeimaecseronxgxaamssmcolgeimrblelrenxgxaamssmcolgeiccmmllebnxgxaaboxobmbgeimcclsxlonxgxaamcsebsxgeimcclsoeenxgxaamcrclalgeimcclsxsbnxgxaamcrclalgeimcclossbnxgxaammemsrlgeimcclsxlcnxgxaamrscxmxgeimaecseranxgxaamrsseregeimcclosccnxgxaamrscxmxgeicaormlxcnxgxaabxlrcrxgeicaormbmbnxgxaabxlrcrxgeiclsmrbsenxgxaamaxcsxcgeialbserebnxgxaabeooxlageimcclsxconxgxaaboebxemgeimcclsxmenxgxaaboebxemgeialbserxonxgxaamammmlcgeimccloscenxgxaamabsxrmgeimcclsxxonxgxaamabbxbageimcclsxbcnxgxaammclslageicaormlxanxgxaammacmrxgeimcclsxaonxgxaambmrobegeimrblxxxbnxgxaambboecmgeimrblxelcnxgxaambboecmgeimrblxxrbnxgxaambboecmgeialbserxenxgxaabeexbbogeimacslbeanxgxaabesecoogeimxlbalcenogxaabxcososgxcceimemlxbocnxgxaabxcososgxcceimxlbmxlenogxaabxcososgxcceimclsaoxbnrgxaabxcoscogxcceimarmaaaonxgxaabxcoscogxcceimcoaxmxcncgxaabxcrramgxcceimrxmbarenxgxaabxcrramgxcceimclxlloanxgxaabxclexxgxcceimrxccosenogxaabxclexxgxcceimxlbmxlonogxaabxclexogxcceimrsreabenogxaabxmxblxgxcceimxlbmoscnogxaabxmlmalgxcceimaoobrbcnsgxaabxbelrxgxcceiceecmorsnxgxaabxbelrxgxcceimaoobrbancgxaabxbelrxgxcceimxlbmosansgxaabxbxoebgxcceimxlbmoconogxaabxbxoelgxcceialaroxrcnxgxaabxbomxrgxcceimexexabbnxgxaabxbomxrgxcceimxxrecsanxgxaabxbolsbgxcceialbbebsanxgxaabxblxaxgxcceimaoolcoenxgxaabxblxabgxcceimcoaxmxoncgxaabxlebsegxcceixaoossalnxgxaabxlebsegxcceimaslbxccnogxaabxlososgxcceimxeemlxenogxaabxlososgxcceixaoosscrnxgxaabxlososgxcceimeembesonxgxaabxlrxorgxcceimaslbxcanogxaabxlrxorgxcceimcssmlronsgxaabxlrxorgxcceimxlbmxlcnogxaabxlrxorgxcceimxlbalsbnogxaabxlrxorgxcceimsacexoonxgxaabxlrxorgxcceimcssmlrensgxaabxlrxorgxcceimcssmlrcnsgxaabxlrcrxgxcceimsleoaronxgxaabxlrbxlgxcceimemlxmcbnxgxaabxlrbxlgxcceimrsreambnogxaabxlmbobgxcceialbbbllanxgxaabxlmbobgxcceimrsmcsebnsgxaabxlbslxgxcceimsbebobbnxgxaabxlbslxgxcceiaaxcamlanxgxaabxlbrsmgxcceimxlbmoobnogxaabxlbmsagxcceimxlbmosenogxaaboeoaexgxcceimxcbrxscnxgxaaboeoaeogxcceialrexeooncgxaaboeoaeogxcceimxcbrxlonxgxaaboeoaeogxcceimeembescnxgxaaboeoaeogxcceimaoobbebnxgxaaboesrrrgxcceialbbebsbnxgxaaboesrrrgxcceiaaxcamlcnxgxaaboesrlmgxcceimeembecenxgxaaboesrlmgxcceimacberlonxgxaaboecsmrgxcceimxlbalscncgxaaboeclcrgxcceimxlbmxbbnsgxaaboeclcrgxcceimrxccoscnxgxaaboeroblgxcceimocolrocnxgxaaboersxrgxcceicmarxbbonsgxaaboeaxxagxcceimxcbrxcbnxgxaaboeaxxagxcceicloaxxabnxgxaaboeaxxagxcceimrsreamanxgxaaboemxosgxcceialxosmbanxgxaaboebxeagxcceimxcbrxronogxaaboebxemgxcceicloaxxacnxgxaaboebxebgxcceicloaxxaanogxaaboxexxcgxcceicloaxxmenxgxaaboxexxcgxcceicbbmelocnxgxaaboxeborgxcceimasbmxsensgxaaboxeboagxcceimrxccosanogxaaboxelobgxcceialbserecnxgxaaboxobmbgeimxeoxsacnxgxaaboxobmbgxcceimrmaobxanogxaaboxcbexgxcceirrmlllronxgxaaboxcbexgxcceialbbebrenxgxaaboxcbeogxcceialbbbllcnxgxaaboxraxxgxcceimxeoxsbenogxaaboxlbemgxcceimocbmmmcnxgxaabooeecrgxcceimrcscrsonxgxaabooeelegxcceimxcbrxlcnxgxaabooeelegxcceiraclralcnxgxaabooeelegxcceimraeelaanxgxaabooobacgxcceimeelaclcnrgxaaboosrmrgxcceimxcbrxrbnxgxaaboocxmogxcceialbbblbcnxgxaabooreaxgxcceimessmeobnxgxaabooaxxagxcceimraeelabnxgxaabooaxxagxcceimarmaamonxgxaabooaxxagxcceimaoolslanxgxaaboobcssgxcceimeelaclonsgxaaboobcscgaeimcrxeobenxgxaaboobcrxgxcce; expires=Sun, 13 Nov 2022 04:47:31 GMT; path=/; domain=.realsrv.com; Secure; SameSite=none
X-Robots-Tag: noindex, follow
Content-Encoding: gzip
adsmediabox.com/yuvu.php?utm_source=ja&utm_medium=imp&utm_campaign=555555&t=166822845&sid=555555&cid=2|160319|113814|no|114003|4330678|5675443|1|0|46|50304|,,,,,|4|0|0|1,6,24|0|0|en|1|1532635802|0
185.107.68.57200 OK 703 B URL HTTP/1.1 adsmediabox.com/yuvu.php?utm_source=ja&utm_medium=imp&utm_campaign=555555&t=166822845&sid=555555&cid=2|160319|113814|no|114003|4330678|5675443|1|0|46|50304|,,,,,|4|0|0|1,6,24|0|0|en|1|1532635802|0
IP 185.107.68.57:0
ASN #43350 NForce Entertainment B.V.
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (328)
Hash 47e3210b012cb85a827beab76a357075
ecc5ac4dab16dc820ba3dc224e11a1a8dcd57c24
6dc2b80d512e9f6dcac288d587f7ae21afbac1d0caa7de74aa2aace1958162b7
GET /yuvu.php?utm_source=ja&utm_medium=imp&utm_campaign=555555&t=166822845&sid=555555&cid=2|160319|113814|no|114003|4330678|5675443|1|0|46|50304|,,,,,|4|0|0|1,6,24|0|0|en|1|1532635802|0 HTTP/1.1
Host: adsmediabox.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://adsmediabox.com/jrt-yuvu.php?cid=2|160319|113814|no|114003|4330678|5675443|1|0|46|50304|,,,,,|4|0|0|1,6,24|0|0|en|1|1532635802|0
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx/1.16.1
Date: Sat, 12 Nov 2022 04:47:31 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: __t15re=1; expires=Sun, 13-Nov-2022 04:47:31 GMT; Max-Age=86400; path=/
Content-Encoding: gzip
adsmediabox.com/yuvu.php?utm_source=ja&utm_medium=imp&utm_campaign=555555&t=166822845&sid=555555&cid=2|160319|113814|no|114003|4330678|5675443|1|0|46|50304|,,,,,|4|0|0|1,6,24|0|0|en|1|1532635802|0
185.107.68.57200 OK 703 B URL HTTP/1.1 adsmediabox.com/yuvu.php?utm_source=ja&utm_medium=imp&utm_campaign=555555&t=166822845&sid=555555&cid=2|160319|113814|no|114003|4330678|5675443|1|0|46|50304|,,,,,|4|0|0|1,6,24|0|0|en|1|1532635802|0
IP 185.107.68.57:0
ASN #43350 NForce Entertainment B.V.
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (328)
Hash 47e3210b012cb85a827beab76a357075
ecc5ac4dab16dc820ba3dc224e11a1a8dcd57c24
6dc2b80d512e9f6dcac288d587f7ae21afbac1d0caa7de74aa2aace1958162b7
GET /yuvu.php?utm_source=ja&utm_medium=imp&utm_campaign=555555&t=166822845&sid=555555&cid=2|160319|113814|no|114003|4330678|5675443|1|0|46|50304|,,,,,|4|0|0|1,6,24|0|0|en|1|1532635802|0 HTTP/1.1
Host: adsmediabox.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://adsmediabox.com/jrt-yuvu.php?cid=2|160319|113814|no|114003|4330678|5675443|1|0|46|50304|,,,,,|4|0|0|1,6,24|0|0|en|1|1532635802|0
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx/1.16.1
Date: Sat, 12 Nov 2022 04:47:31 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: __t15re=1; expires=Sun, 13-Nov-2022 04:47:31 GMT; Max-Age=86400; path=/
Content-Encoding: gzip
creative.xxxvjmp.com/widgets/v4/Universal?autoplay=firstThumb&autoplayForce=1&campaignId=c3fa347280578e90a9e8ab1e6280c0e361524d151dcbfe6bb5b723fee947ce88&campaignType=smartpop&creativeId=2c48f02b7b59f2305b4d9b63921786738d15ee3d046b229cd0dcf46146f982e5&iterationId=275152&kbLimit=3000&masterSmartpopId=1605&memberId=CQH4nqNrZ0ibpkWNRIKNCRvvVhchTLAnWpl0RQ9pu5KS_GNq1CCf3p9QgLfYLdYszcBsvlRg_MvZ83o2_18iboq_kfyLwdPGXcsYQb4_gUIDRUi&p1=3844240&quality=optimal&ruleId=3&smartpopId=1547&sourceId=226439&userId=ed4e3449202a44afa8131507a9d12a1c962321860e4bfcc2aa1b33a18897b60e&variationId=28764
104.18.51.106200 OK 103 kB URL HTTP/2 creative.xxxvjmp.com/widgets/v4/Universal?autoplay=firstThumb&autoplayForce=1&campaignId=c3fa347280578e90a9e8ab1e6280c0e361524d151dcbfe6bb5b723fee947ce88&campaignType=smartpop&creativeId=2c48f02b7b59f2305b4d9b63921786738d15ee3d046b229cd0dcf46146f982e5&iterationId=275152&kbLimit=3000&masterSmartpopId=1605&memberId=CQH4nqNrZ0ibpkWNRIKNCRvvVhchTLAnWpl0RQ9pu5KS_GNq1CCf3p9QgLfYLdYszcBsvlRg_MvZ83o2_18iboq_kfyLwdPGXcsYQb4_gUIDRUi&p1=3844240&quality=optimal&ruleId=3&smartpopId=1547&sourceId=226439&userId=ed4e3449202a44afa8131507a9d12a1c962321860e4bfcc2aa1b33a18897b60e&variationId=28764
IP 104.18.51.106:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size 103 kB (102697 bytes)
Hash e489d160a5402ddd7fb1d0d7c3eaebd3
3a057d567d9bb321014a81f2096fe4fc21b2bad1
12200db9911532f7616892e39762ef50d974174f05006f7ba67e059645c3b081
GET /widgets/v4/Universal?autoplay=firstThumb&autoplayForce=1&campaignId=c3fa347280578e90a9e8ab1e6280c0e361524d151dcbfe6bb5b723fee947ce88&campaignType=smartpop&creativeId=2c48f02b7b59f2305b4d9b63921786738d15ee3d046b229cd0dcf46146f982e5&iterationId=275152&kbLimit=3000&masterSmartpopId=1605&memberId=CQH4nqNrZ0ibpkWNRIKNCRvvVhchTLAnWpl0RQ9pu5KS_GNq1CCf3p9QgLfYLdYszcBsvlRg_MvZ83o2_18iboq_kfyLwdPGXcsYQb4_gUIDRUi&p1=3844240&quality=optimal&ruleId=3&smartpopId=1547&sourceId=226439&userId=ed4e3449202a44afa8131507a9d12a1c962321860e4bfcc2aa1b33a18897b60e&variationId=28764 HTTP/1.1
Host: creative.xxxvjmp.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://tsyndicate.com/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 12 Nov 2022 04:47:31 GMT
content-type: text/html
last-modified: Fri, 11 Nov 2022 08:45:05 GMT
expires: Sat, 12 Nov 2022 04:47:39 GMT
cache-control: max-age=10
strict-transport-security: max-age=15768000
pragma: public
report-to: { "endpoints":[{ "url": "https://go.stripchat.com/report" }], "group": "default", "max_age": 1048576 }
cf-cache-status: HIT
set-cookie: __cflb=0H28uukSkGJRy5UBr1MAvzNuwf2BatFpBRKXMwDjXpQ; SameSite=None; Secure; path=/; expires=Sun, 13-Nov-22 03:47:31 GMT; HttpOnly
vary: Accept-Encoding
server: cloudflare
cf-ray: 768ca14e788b0b69-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
rtbrennab.com/banner/in/show/?mid=1753938461&pid=0&site=5422&sc=NO&usage_type=DCH&subid=1134153787&sid=0&cid=0&price=0&is_cpm=0&cpm=0&ecpm=0&crid=&crtid=&tcid=0&out_id=&ver=&ver_c=&refdom=adultyiffyporn.gaysmills.gigixo.com&hostname=auc-banner-hz-6&site_id=0&spot_id=0&utm_source=tcban_s&utm_medium=5422&utm_campaign=17794&utm_content=&expiration_timestamp=0&created_at=0000-00-00&is_native=0&auction_queue=0&pop_winurl=&ip=91.90.42.154&testab=&px_id=0&adblock=0&auction_host=&mm=&yc=&render_type=&campaign_type=&uniq=&exp=&resp_type=default&iabcat=&min_cpm=0.0001&placement_type_id=&skin_test=&verify_hash=&score=95&ml=&tag_ab=&ttl=&space_id=1010&banner_width=160&banner_height=600&accel=0&gyr=0&iabcat=&url=https%3A%2F%2Fbtds.zog.link%2Fin%2F912%2F%3Fsid%3D0%26source%3D1134153787%26idzone%3D3902650%26w%3D160%26h%3D600%26mo%3D%26ve%3D%26site_id%3D5422%26utm1%3Dtcban_s%26utm2%3D5422%26utm3%3D17794%26utm4%3D%26ad_tags%3D%26spot_id%3D0%26p%3Dhttp%253A%252F%252Fadultyiffyporn.gaysmills.gigixo.com%252F%253Fdaisy%253D20%26katds_labels%3D%26btype%3D0%26score%3D95%26bf%3D0.0001&pr=&bid_crid=&bid_cid=&is_iframe=0&ad_tags=&stratagem=&ssp=3758
159.69.163.6302 Found 0 B URL HTTP/2 rtbrennab.com/banner/in/show/?mid=1753938461&pid=0&site=5422&sc=NO&usage_type=DCH&subid=1134153787&sid=0&cid=0&price=0&is_cpm=0&cpm=0&ecpm=0&crid=&crtid=&tcid=0&out_id=&ver=&ver_c=&refdom=adultyiffyporn.gaysmills.gigixo.com&hostname=auc-banner-hz-6&site_id=0&spot_id=0&utm_source=tcban_s&utm_medium=5422&utm_campaign=17794&utm_content=&expiration_timestamp=0&created_at=0000-00-00&is_native=0&auction_queue=0&pop_winurl=&ip=91.90.42.154&testab=&px_id=0&adblock=0&auction_host=&mm=&yc=&render_type=&campaign_type=&uniq=&exp=&resp_type=default&iabcat=&min_cpm=0.0001&placement_type_id=&skin_test=&verify_hash=&score=95&ml=&tag_ab=&ttl=&space_id=1010&banner_width=160&banner_height=600&accel=0&gyr=0&iabcat=&url=https%3A%2F%2Fbtds.zog.link%2Fin%2F912%2F%3Fsid%3D0%26source%3D1134153787%26idzone%3D3902650%26w%3D160%26h%3D600%26mo%3D%26ve%3D%26site_id%3D5422%26utm1%3Dtcban_s%26utm2%3D5422%26utm3%3D17794%26utm4%3D%26ad_tags%3D%26spot_id%3D0%26p%3Dhttp%253A%252F%252Fadultyiffyporn.gaysmills.gigixo.com%252F%253Fdaisy%253D20%26katds_labels%3D%26btype%3D0%26score%3D95%26bf%3D0.0001&pr=&bid_crid=&bid_cid=&is_iframe=0&ad_tags=&stratagem=&ssp=3758
IP 159.69.163.6:0
ASN #24940 Hetzner Online GmbH
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /banner/in/show/?mid=1753938461&pid=0&site=5422&sc=NO&usage_type=DCH&subid=1134153787&sid=0&cid=0&price=0&is_cpm=0&cpm=0&ecpm=0&crid=&crtid=&tcid=0&out_id=&ver=&ver_c=&refdom=adultyiffyporn.gaysmills.gigixo.com&hostname=auc-banner-hz-6&site_id=0&spot_id=0&utm_source=tcban_s&utm_medium=5422&utm_campaign=17794&utm_content=&expiration_timestamp=0&created_at=0000-00-00&is_native=0&auction_queue=0&pop_winurl=&ip=91.90.42.154&testab=&px_id=0&adblock=0&auction_host=&mm=&yc=&render_type=&campaign_type=&uniq=&exp=&resp_type=default&iabcat=&min_cpm=0.0001&placement_type_id=&skin_test=&verify_hash=&score=95&ml=&tag_ab=&ttl=&space_id=1010&banner_width=160&banner_height=600&accel=0&gyr=0&iabcat=&url=https%3A%2F%2Fbtds.zog.link%2Fin%2F912%2F%3Fsid%3D0%26source%3D1134153787%26idzone%3D3902650%26w%3D160%26h%3D600%26mo%3D%26ve%3D%26site_id%3D5422%26utm1%3Dtcban_s%26utm2%3D5422%26utm3%3D17794%26utm4%3D%26ad_tags%3D%26spot_id%3D0%26p%3Dhttp%253A%252F%252Fadultyiffyporn.gaysmills.gigixo.com%252F%253Fdaisy%253D20%26katds_labels%3D%26btype%3D0%26score%3D95%26bf%3D0.0001&pr=&bid_crid=&bid_cid=&is_iframe=0&ad_tags=&stratagem=&ssp=3758 HTTP/1.1
Host: rtbrennab.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://rtbbnr.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 302 Found
server: nginx/1.18.0
date: Sat, 12 Nov 2022 04:47:31 GMT
content-length: 0
vary: Origin
cache-control: no-transform, no-cache, no-store, must-revalidate
pragma: no-cache
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: *
location: https://btds.zog.link/in/912/?sid=0&source=1134153787&idzone=3902650&w=160&h=600&mo=&ve=&site_id=5422&utm1=tcban_s&utm2=5422&utm3=17794&utm4=&ad_tags=&spot_id=0&p=http%3A%2F%2Fadultyiffyporn.gaysmills.gigixo.com%2F%3Fdaisy%3D20&katds_labels=&btype=0&score=95&bf=0.0001
X-Firefox-Spdy: h2
adsmediabox.com/tr.php?utm_source=yuvu&utm_campaign=jrt&utm_medium=frm
185.107.68.57200 OK 369 B URL HTTP/1.1 adsmediabox.com/tr.php?utm_source=yuvu&utm_campaign=jrt&utm_medium=frm
IP 185.107.68.57:0
ASN #43350 NForce Entertainment B.V.
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash d8e5575db4702ec004608c6a9cdcb338
de6374ce22647186ddf4631043ebc55717e5c4bb
19ff55edf06bf16eac0dcc558ecb8b70543accba451b98630d9755cf6f9fa16f
GET /tr.php?utm_source=yuvu&utm_campaign=jrt&utm_medium=frm HTTP/1.1
Host: adsmediabox.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://adsmediabox.com/jrt-yuvu.php?cid=2|160319|113814|no|114003|4330678|5675443|1|0|46|50304|,,,,,|4|0|0|1,6,24|0|0|en|1|1532635802|0
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx/1.16.1
Date: Sat, 12 Nov 2022 04:47:31 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Content-Encoding: gzip
rtbrennab.com/banner/in/show/?mid=113967132&pid=0&site=3725&sc=NO&usage_type=DCH&subid=1013599720&sid=0&cid=0&price=0&is_cpm=0&cpm=0&ecpm=0&crid=&crtid=&tcid=0&out_id=&ver=&ver_c=&refdom=adultyiffyporn.gaysmills.gigixo.com&hostname=auc-banner-hz-5&site_id=0&spot_id=0&utm_source=tcban_i&utm_medium=3725&utm_campaign=17794&utm_content=&expiration_timestamp=0&created_at=0000-00-00&is_native=0&auction_queue=0&pop_winurl=&ip=91.90.42.154&testab=&px_id=0&adblock=0&auction_host=&mm=&yc=&render_type=&campaign_type=&uniq=&exp=&resp_type=default&iabcat=&min_cpm=0.0001&placement_type_id=&skin_test=&verify_hash=&score=95&ml=&tag_ab=&ttl=&space_id=859&banner_width=300&banner_height=250&accel=0&gyr=0&iabcat=&url=https%3A%2F%2Fbtds.zog.link%2Fin%2F912%2F%3Fsid%3D0%26source%3D1013599720%26idzone%3D3830819%26w%3D300%26h%3D250%26mo%3D%26ve%3D%26site_id%3D3725%26utm1%3Dtcban_i%26utm2%3D3725%26utm3%3D17794%26utm4%3D%26ad_tags%3D%26spot_id%3D0%26p%3Dhttp%253A%252F%252Fadultyiffyporn.gaysmills.gigixo.com%252F%26katds_labels%3D%26btype%3D0%26score%3D95%26bf%3D0.0001&pr=&bid_crid=&bid_cid=&is_iframe=0&ad_tags=&stratagem=&ssp=3758
159.69.163.6302 Found 0 B URL HTTP/2 rtbrennab.com/banner/in/show/?mid=113967132&pid=0&site=3725&sc=NO&usage_type=DCH&subid=1013599720&sid=0&cid=0&price=0&is_cpm=0&cpm=0&ecpm=0&crid=&crtid=&tcid=0&out_id=&ver=&ver_c=&refdom=adultyiffyporn.gaysmills.gigixo.com&hostname=auc-banner-hz-5&site_id=0&spot_id=0&utm_source=tcban_i&utm_medium=3725&utm_campaign=17794&utm_content=&expiration_timestamp=0&created_at=0000-00-00&is_native=0&auction_queue=0&pop_winurl=&ip=91.90.42.154&testab=&px_id=0&adblock=0&auction_host=&mm=&yc=&render_type=&campaign_type=&uniq=&exp=&resp_type=default&iabcat=&min_cpm=0.0001&placement_type_id=&skin_test=&verify_hash=&score=95&ml=&tag_ab=&ttl=&space_id=859&banner_width=300&banner_height=250&accel=0&gyr=0&iabcat=&url=https%3A%2F%2Fbtds.zog.link%2Fin%2F912%2F%3Fsid%3D0%26source%3D1013599720%26idzone%3D3830819%26w%3D300%26h%3D250%26mo%3D%26ve%3D%26site_id%3D3725%26utm1%3Dtcban_i%26utm2%3D3725%26utm3%3D17794%26utm4%3D%26ad_tags%3D%26spot_id%3D0%26p%3Dhttp%253A%252F%252Fadultyiffyporn.gaysmills.gigixo.com%252F%26katds_labels%3D%26btype%3D0%26score%3D95%26bf%3D0.0001&pr=&bid_crid=&bid_cid=&is_iframe=0&ad_tags=&stratagem=&ssp=3758
IP 159.69.163.6:0
ASN #24940 Hetzner Online GmbH
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /banner/in/show/?mid=113967132&pid=0&site=3725&sc=NO&usage_type=DCH&subid=1013599720&sid=0&cid=0&price=0&is_cpm=0&cpm=0&ecpm=0&crid=&crtid=&tcid=0&out_id=&ver=&ver_c=&refdom=adultyiffyporn.gaysmills.gigixo.com&hostname=auc-banner-hz-5&site_id=0&spot_id=0&utm_source=tcban_i&utm_medium=3725&utm_campaign=17794&utm_content=&expiration_timestamp=0&created_at=0000-00-00&is_native=0&auction_queue=0&pop_winurl=&ip=91.90.42.154&testab=&px_id=0&adblock=0&auction_host=&mm=&yc=&render_type=&campaign_type=&uniq=&exp=&resp_type=default&iabcat=&min_cpm=0.0001&placement_type_id=&skin_test=&verify_hash=&score=95&ml=&tag_ab=&ttl=&space_id=859&banner_width=300&banner_height=250&accel=0&gyr=0&iabcat=&url=https%3A%2F%2Fbtds.zog.link%2Fin%2F912%2F%3Fsid%3D0%26source%3D1013599720%26idzone%3D3830819%26w%3D300%26h%3D250%26mo%3D%26ve%3D%26site_id%3D3725%26utm1%3Dtcban_i%26utm2%3D3725%26utm3%3D17794%26utm4%3D%26ad_tags%3D%26spot_id%3D0%26p%3Dhttp%253A%252F%252Fadultyiffyporn.gaysmills.gigixo.com%252F%26katds_labels%3D%26btype%3D0%26score%3D95%26bf%3D0.0001&pr=&bid_crid=&bid_cid=&is_iframe=0&ad_tags=&stratagem=&ssp=3758 HTTP/1.1
Host: rtbrennab.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://rtbbnr.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 302 Found
server: nginx/1.18.0
date: Sat, 12 Nov 2022 04:47:31 GMT
content-length: 0
vary: Origin
cache-control: no-transform, no-cache, no-store, must-revalidate
pragma: no-cache
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: *
location: https://btds.zog.link/in/912/?sid=0&source=1013599720&idzone=3830819&w=300&h=250&mo=&ve=&site_id=3725&utm1=tcban_i&utm2=3725&utm3=17794&utm4=&ad_tags=&spot_id=0&p=http%3A%2F%2Fadultyiffyporn.gaysmills.gigixo.com%2F&katds_labels=&btype=0&score=95&bf=0.0001
X-Firefox-Spdy: h2
adsmediabox.com/tr.php?utm_source=yuvu&utm_campaign=jrt&utm_medium=frm
185.107.68.57200 OK 369 B URL HTTP/1.1 adsmediabox.com/tr.php?utm_source=yuvu&utm_campaign=jrt&utm_medium=frm
IP 185.107.68.57:0
ASN #43350 NForce Entertainment B.V.
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash d8e5575db4702ec004608c6a9cdcb338
de6374ce22647186ddf4631043ebc55717e5c4bb
19ff55edf06bf16eac0dcc558ecb8b70543accba451b98630d9755cf6f9fa16f
GET /tr.php?utm_source=yuvu&utm_campaign=jrt&utm_medium=frm HTTP/1.1
Host: adsmediabox.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://adsmediabox.com/jrt-yuvu.php?cid=2|160319|113814|no|114003|4330678|5675443|1|0|46|50304|,,,,,|4|0|0|1,6,24|0|0|en|1|1532635802|0
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx/1.16.1
Date: Sat, 12 Nov 2022 04:47:31 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Content-Encoding: gzip
creative.xxxvjmp.com/widgets/v4/Universal?autoplay=firstThumb&autoplayForce=1&campaignId=c3fa347280578e90a9e8ab1e6280c0e361524d151dcbfe6bb5b723fee947ce88&campaignType=smartpop&creativeId=2c48f02b7b59f2305b4d9b63921786738d15ee3d046b229cd0dcf46146f982e5&iterationId=275152&kbLimit=3000&masterSmartpopId=1605&memberId=Y_Zc07lut86ysyEREKgenpxAtio7J4ZurAiuooIZKEv4xLH-AcDOXCLPVyShY1ghFe7Ev8TV1x1yQrv_nPKjxXCEvd8BZVUr4ZQwXkI_gUIDRUi&p1=3844240&quality=optimal&ruleId=3&smartpopId=1547&sourceId=226439&userId=ed4e3449202a44afa8131507a9d12a1c962321860e4bfcc2aa1b33a18897b60e&variationId=28764
104.18.51.106200 OK 1.0 kB URL HTTP/2 creative.xxxvjmp.com/widgets/v4/Universal?autoplay=firstThumb&autoplayForce=1&campaignId=c3fa347280578e90a9e8ab1e6280c0e361524d151dcbfe6bb5b723fee947ce88&campaignType=smartpop&creativeId=2c48f02b7b59f2305b4d9b63921786738d15ee3d046b229cd0dcf46146f982e5&iterationId=275152&kbLimit=3000&masterSmartpopId=1605&memberId=Y_Zc07lut86ysyEREKgenpxAtio7J4ZurAiuooIZKEv4xLH-AcDOXCLPVyShY1ghFe7Ev8TV1x1yQrv_nPKjxXCEvd8BZVUr4ZQwXkI_gUIDRUi&p1=3844240&quality=optimal&ruleId=3&smartpopId=1547&sourceId=226439&userId=ed4e3449202a44afa8131507a9d12a1c962321860e4bfcc2aa1b33a18897b60e&variationId=28764
IP 104.18.51.106:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash 3dd4e1e8bc28f0cdb7b73e2ee5a18e84
dfdd9a97d51ed651cf07ec7d18f3f45715aedc6e
9608430c194fc460557f9c9d6fdf10a206db41a181d2d51d486370a35640faa2
GET /widgets/v4/Universal?autoplay=firstThumb&autoplayForce=1&campaignId=c3fa347280578e90a9e8ab1e6280c0e361524d151dcbfe6bb5b723fee947ce88&campaignType=smartpop&creativeId=2c48f02b7b59f2305b4d9b63921786738d15ee3d046b229cd0dcf46146f982e5&iterationId=275152&kbLimit=3000&masterSmartpopId=1605&memberId=Y_Zc07lut86ysyEREKgenpxAtio7J4ZurAiuooIZKEv4xLH-AcDOXCLPVyShY1ghFe7Ev8TV1x1yQrv_nPKjxXCEvd8BZVUr4ZQwXkI_gUIDRUi&p1=3844240&quality=optimal&ruleId=3&smartpopId=1547&sourceId=226439&userId=ed4e3449202a44afa8131507a9d12a1c962321860e4bfcc2aa1b33a18897b60e&variationId=28764 HTTP/1.1
Host: creative.xxxvjmp.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://tsyndicate.com/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 12 Nov 2022 04:47:31 GMT
content-type: text/html
last-modified: Fri, 11 Nov 2022 08:45:05 GMT
expires: Sat, 12 Nov 2022 04:47:39 GMT
cache-control: max-age=10
strict-transport-security: max-age=15768000
pragma: public
report-to: { "endpoints":[{ "url": "https://go.stripchat.com/report" }], "group": "default", "max_age": 1048576 }
cf-cache-status: HIT
set-cookie: __cflb=0H28uukSkGJRy5UBr1MAvzNuwf2BatFpBRKXMwDjXpQ; SameSite=None; Secure; path=/; expires=Sun, 13-Nov-22 03:47:31 GMT; HttpOnly
vary: Accept-Encoding
server: cloudflare
cf-ray: 768ca14e68870b69-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
adsmediabox.com/tr.php?utm_source=yuvu&utm_campaign=jrt&utm_medium=frm
185.107.68.57200 OK 369 B URL HTTP/1.1 adsmediabox.com/tr.php?utm_source=yuvu&utm_campaign=jrt&utm_medium=frm
IP 185.107.68.57:0
ASN #43350 NForce Entertainment B.V.
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash d8e5575db4702ec004608c6a9cdcb338
de6374ce22647186ddf4631043ebc55717e5c4bb
19ff55edf06bf16eac0dcc558ecb8b70543accba451b98630d9755cf6f9fa16f
GET /tr.php?utm_source=yuvu&utm_campaign=jrt&utm_medium=frm HTTP/1.1
Host: adsmediabox.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://adsmediabox.com/jrt-yuvu.php?cid=2|160319|113814|no|114003|4330678|5675443|1|0|46|50304|,,,,,|4|0|0|1,6,24|0|0|en|1|1532635802|0
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx/1.16.1
Date: Sat, 12 Nov 2022 04:47:31 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Content-Encoding: gzip
ocsp.digicert.com/
93.184.220.29200 OK 313 B IP 93.184.220.29:0
Hash 566cbfb367eb18abee45dd9e9ed63a93
db4f404cb6ce2e1783caba24c970cb938ffb760f
f6043ac5a5434e85d51ee2372a595201d8e63066c4ee5b7ef6a4935fdca225a7
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6529
Cache-Control: max-age=162833
Content-Type: application/ocsp-response
Date: Sat, 12 Nov 2022 04:47:31 GMT
Etag: "636ee4f3-139"
Expires: Mon, 14 Nov 2022 02:01:24 GMT
Last-Modified: Sat, 12 Nov 2022 00:12:35 GMT
Server: ECS (ska/F707)
X-Cache: HIT
Content-Length: 313
adsmediabox.com/jrt-yuvu.php?cid=2|160319|449252|no|114003|4330678|5675445|1|0|46|50304|,,,,,|4|0|0|21,4,25|0|0|en|1|1532635802|0
185.107.68.57301 Moved Permanently 169 B URL HTTP/1.1 adsmediabox.com/jrt-yuvu.php?cid=2|160319|449252|no|114003|4330678|5675445|1|0|46|50304|,,,,,|4|0|0|21,4,25|0|0|en|1|1532635802|0
IP 185.107.68.57:0
ASN #43350 NForce Entertainment B.V.
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash bd6987d71fad7058a993a9028dc40454
3ed872fa3a00837bb008ad9d201850e2ea57a79f
f0e759f444eb3a324b621f0548919424455e81441d42ea6bc6bcd2b24fce1b92
GET /jrt-yuvu.php?cid=2|160319|449252|no|114003|4330678|5675445|1|0|46|50304|,,,,,|4|0|0|21,4,25|0|0|en|1|1532635802|0 HTTP/1.1
Host: adsmediabox.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://go.eabids.com/
Upgrade-Insecure-Requests: 1
HTTP/1.1 301 Moved Permanently
Server: nginx/1.16.1
Date: Sat, 12 Nov 2022 04:47:31 GMT
Content-Type: text/html
Content-Length: 169
Connection: keep-alive
Location: https://adsmediabox.com/jrt-yuvu.php?cid=2|160319|449252|no|114003|4330678|5675445|1|0|46|50304|,,,,,|4|0|0|21,4,25|0|0|en|1|1532635802|0
pxl.tsyndicate.com/api/v1/backup.gif?t=banner&tct=adult
136.243.134.97200 OK 35 B URL HTTP/1.1 pxl.tsyndicate.com/api/v1/backup.gif?t=banner&tct=adult
IP 136.243.134.97:0
ASN #24940 Hetzner Online GmbH
File type GIF image data, version 89a, 1 x 1\012- data
Hash c2196de8ba412c60c22ab491af7b1409
5fbd472222feb8a22cf5b8aa5dc5b8e13af88e2b
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992
GET /api/v1/backup.gif?t=banner&tct=adult HTTP/1.1
Host: pxl.tsyndicate.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://lcdn.tsyndicate.com/
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 12 Nov 2022 04:47:31 GMT
Content-Type: text/plain; charset=utf-8
Content-Length: 35
Connection: keep-alive
X-Robots-Tag: noindex, nofollow
tsyndicate.com/iframes2/e5937915a343437993bcb6ac18eb41d4.html?
136.243.75.209200 OK 2.7 kB URL HTTP/1.1 tsyndicate.com/iframes2/e5937915a343437993bcb6ac18eb41d4.html?
IP 136.243.75.209:0
ASN #24940 Hetzner Online GmbH
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (4368)
Hash e867a944d6f380d6661cfdb4392b629b
8a81c3f89676ef45e63cd61461e10fc09756ac3a
2f7690e5a337308069ec41d22a3a1a0b4f85858f9cb6b607923dec844dc0f6b8
GET /iframes2/e5937915a343437993bcb6ac18eb41d4.html? HTTP/1.1
Host: tsyndicate.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://adultyiffyporn.gaysmills.gigixo.com/
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 12 Nov 2022 04:47:31 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Pragma: no-cache
Expires: 0
Vary: Accept-Encoding, *
X-Api-Version: 2
Link: <http://lcdn.tsyndicate.com/sdk/v1/b.b.js>; rel=preload; as=script
X-Request-Id: 78099aa36f367ebf
Set-Cookie: ts_uid=41f6364c-e3ee-44b1-995b-7cf443e95dca; expires=Fri, 12 May 2023 04:47:31 GMT; domain=.tsyndicate.com; path=/; HttpOnly; secure; SameSite=None
bfq=APeIECNCx5YZMGbcmEGDRhcWIsYU3BLjoYgyE2PYsIFjRgwaOGpU7KMg; expires=Sun, 13 Nov 2022 04:47:31 GMT; domain=.tsyndicate.com; path=/; secure; SameSite=None
Cache-Control: no-cache, no-store, no-transform, must-revalidate, no-transform
X-Robots-Tag: none, noindex, nofollow
Report-To: { "url": "https://pxl.tsyndicate.com/api/v1/heavy-ad/report", "max_age": 86401 }
Content-Encoding: gzip
go.eabids.com/banner.go?spaceid=5675443&keywords=&maincat=
217.22.19.194200 OK 1.6 kB URL HTTP/1.1 go.eabids.com/banner.go?spaceid=5675443&keywords=&maincat=
IP 217.22.19.194:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (1607), with no line terminators
Hash c83fa9fa9a4d848a8b37c19fcf8a1bf0
b8d2edc9aa16c65f7a612a0f561bba1ee184bca9
a52bad847ff069463afd5f19e8b42ec9b1fb359ab73bed29dc8bde1e680ca835
GET /banner.go?spaceid=5675443&keywords=&maincat= HTTP/1.1
Host: go.eabids.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://adultyiffyporn.gaysmills.gigixo.com/
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 12 Nov 2022 04:47:31 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 1607
Connection: keep-alive
Expires: Mon, 03 Jul 2001 06:00:00 GMT
Last-Modified: Sat, 12 11 2022 04:47:31 GMT
Cache-Control: no-store, no-cache, must-revalidate, max-age=0,post-check=0, pre-check=0
Pragma: no-cache
X-Backend-Server: nl2-web-203
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash e28613335be2f6edec3a6024c61f9d0b
f55a5d93d3145bb69f1b5c1ef84f1f8d82edf98f
a4337f13a68c0797e88a906d8624e70547ca48d98eca62111488f0c1eedba019
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "A4337F13A68C0797E88A906D8624E70547CA48D98ECA62111488F0C1EEDBA019"
Last-Modified: Thu, 10 Nov 2022 16:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7472
Expires: Sat, 12 Nov 2022 06:52:03 GMT
Date: Sat, 12 Nov 2022 04:47:31 GMT
Connection: keep-alive
adultyiffyporn.gaysmills.gigixo.com/s3/ad_vc_gam2/banner-00637.gif
51.79.221.186200 OK 418 kB URL HTTP/1.1 adultyiffyporn.gaysmills.gigixo.com/s3/ad_vc_gam2/banner-00637.gif
IP 51.79.221.186:0
File type GIF image data, version 89a, 160 x 600\012- data
Size 418 kB (417676 bytes)
Hash c008926bbc5c752230e28919993dbb71
273fd175b399a9657b6075cc1932519bf799aca2
906edaad3c7c6bfd3cc47d9c15edc4d354dfe1d985942ef2583306032980de75
GET /s3/ad_vc_gam2/banner-00637.gif HTTP/1.1
Host: adultyiffyporn.gaysmills.gigixo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://adultyiffyporn.gaysmills.gigixo.com/?daisy=20
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 12 Nov 2022 04:39:24 GMT
Content-Type: image/gif
Content-Length: 417676
Connection: keep-alive
Last-Modified: Tue, 04 May 2021 06:55:38 GMT
ETag: "6090efea-65f8c"
X-Cluster: web-cdn2
X-Cache: HIT
CF-Cache-Status: MISS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=1lg4aGsdUrajpDWjFrn2TmhMZFaMigPEXHKz2k0YwK9oHK7PGrZrZla5yOFu3dOJpMAbjs0%2BpEbdvsAa4QA96X%2BfiysNMP75vLdB9WeomPom06slF95pPrSsnRdb5wQ%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
CF-RAY: 768c6548fe31462b-SIN
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Cache-Status: HIT
Cache-Control: max-age=14400, max-age=31536000
Accept-Ranges: bytes
adultyiffyporn.gaysmills.gigixo.com/s3/ad_tf1/4879.jpg
51.79.221.186200 OK 54 kB URL HTTP/1.1 adultyiffyporn.gaysmills.gigixo.com/s3/ad_tf1/4879.jpg
IP 51.79.221.186:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 100x968, components 3\012- data
Hash df3332b6c13f07450ce29974df5e53bd
ff0450c0e4cbb05ff1200414f29aaebf8b2105a1
db23f69817ea1c6c55dfacf00f0cc37d1afa0e738c56dae643a4cf38b718923e
GET /s3/ad_tf1/4879.jpg HTTP/1.1
Host: adultyiffyporn.gaysmills.gigixo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://adultyiffyporn.gaysmills.gigixo.com/?daisy=20
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 12 Nov 2022 04:39:24 GMT
Content-Type: image/jpeg
Content-Length: 53667
Connection: keep-alive
Last-Modified: Tue, 20 Apr 2021 20:23:28 GMT
ETag: "607f3840-d1a3"
X-Cluster: web-cdn2
X-Cache: MISS
CF-Cache-Status: MISS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Gg2I%2FsBwMs5lUKBsW4hFZIJaPH7dBfubcIQl6zr2dUaTIu%2BknQHvq1QQpfU%2Fd7jU6CPK2xyKAeT5s3QNkFkYadxWHeSeE%2Fxjw4HZqYugw%2Bwf1O8K8Za9aTTRtVydnmU%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
CF-RAY: 768ca147eead6ca2-SIN
alt-svc: h2=":443"; ma=60
X-Cache-Status: MISS
Cache-Control: max-age=14400, max-age=31536000
Accept-Ranges: bytes
www.highperformancedisplayformat.com/c515a1f4fc3a36b04275034bdcef5c99/invoke.js
192.243.59.20403 Forbidden 0 B URL HTTP/1.1 www.highperformancedisplayformat.com/c515a1f4fc3a36b04275034bdcef5c99/invoke.js
IP 192.243.59.20:0
ASN #39572 DataWeb Global Group B.V.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /c515a1f4fc3a36b04275034bdcef5c99/invoke.js HTTP/1.1
Host: www.highperformancedisplayformat.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://adultyiffyporn.gaysmills.gigixo.com/
HTTP/1.1 403 Forbidden
Server: nginx/1.17.9
Date: Sat, 12 Nov 2022 04:47:31 GMT
Content-Type: application/javascript
Content-Length: 0
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
adsmediabox.com/jrt-yuvu.php?cid=2|160319|449252|no|114003|4330678|5675445|1|0|46|50304|,,,,,|4|0|0|21,4,25|0|0|en|1|1532635802|0
185.107.68.57200 OK 1.3 kB URL HTTP/1.1 adsmediabox.com/jrt-yuvu.php?cid=2|160319|449252|no|114003|4330678|5675445|1|0|46|50304|,,,,,|4|0|0|21,4,25|0|0|en|1|1532635802|0
IP 185.107.68.57:0
ASN #43350 NForce Entertainment B.V.
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (388)
Hash aec43b295f21b8f57899835d8e64b42d
5c0f2597bae5e7357b038b3935214eeb5f8f4aea
88ff081d75f29e25db41d87c514097a27ded756d6002bc2f6081f0fe7d31c701
GET /jrt-yuvu.php?cid=2|160319|449252|no|114003|4330678|5675445|1|0|46|50304|,,,,,|4|0|0|21,4,25|0|0|en|1|1532635802|0 HTTP/1.1
Host: adsmediabox.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://go.eabids.com/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.16.1
Date: Sat, 12 Nov 2022 04:47:31 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Content-Encoding: gzip
rtbrennab.com/banner/in/show/?mid=707954086&pid=0&site=3725&sc=NO&usage_type=DCH&subid=1013599720&sid=0&cid=10461&price=0&is_cpm=1&cpm=0.0085&ecpm=0.006758350000000001&crid=&crtid=d41d8cd98f00b204e9800998ecf8427e&tcid=0&out_id=&ver=&ver_c=&refdom=adultyiffyporn.gaysmills.gigixo.com&hostname=auc-banner-hz-6&site_id=0&spot_id=0&utm_source=tcban_i&utm_medium=3725&utm_campaign=17794&utm_content=&expiration_timestamp=0&created_at=0000-00-00&is_native=6&auction_queue=0&pop_winurl=&ip=91.90.42.154&testab=&px_id=0&adblock=0&auction_host=&mm=&yc=&render_type=&campaign_type=&uniq=&exp=&resp_type=a2&iabcat=&min_cpm=0.00012577034335303736&placement_type_id=0&skin_test=&verify_hash=&score=95&ml=&tag_ab=&ttl=&space_id=859&banner_width=300&banner_height=250&accel=0&gyr=0&iabcat=&url=https%3A%2F%2Fpreroll.hostave3.net%2Fnotifications%2Fzeropixel.png&pr=&bid_crid=&bid_cid=&is_iframe=0&ad_tags=&stratagem=&ssp=3758
159.69.163.6302 Found 0 B URL HTTP/2 rtbrennab.com/banner/in/show/?mid=707954086&pid=0&site=3725&sc=NO&usage_type=DCH&subid=1013599720&sid=0&cid=10461&price=0&is_cpm=1&cpm=0.0085&ecpm=0.006758350000000001&crid=&crtid=d41d8cd98f00b204e9800998ecf8427e&tcid=0&out_id=&ver=&ver_c=&refdom=adultyiffyporn.gaysmills.gigixo.com&hostname=auc-banner-hz-6&site_id=0&spot_id=0&utm_source=tcban_i&utm_medium=3725&utm_campaign=17794&utm_content=&expiration_timestamp=0&created_at=0000-00-00&is_native=6&auction_queue=0&pop_winurl=&ip=91.90.42.154&testab=&px_id=0&adblock=0&auction_host=&mm=&yc=&render_type=&campaign_type=&uniq=&exp=&resp_type=a2&iabcat=&min_cpm=0.00012577034335303736&placement_type_id=0&skin_test=&verify_hash=&score=95&ml=&tag_ab=&ttl=&space_id=859&banner_width=300&banner_height=250&accel=0&gyr=0&iabcat=&url=https%3A%2F%2Fpreroll.hostave3.net%2Fnotifications%2Fzeropixel.png&pr=&bid_crid=&bid_cid=&is_iframe=0&ad_tags=&stratagem=&ssp=3758
IP 159.69.163.6:0
ASN #24940 Hetzner Online GmbH
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /banner/in/show/?mid=707954086&pid=0&site=3725&sc=NO&usage_type=DCH&subid=1013599720&sid=0&cid=10461&price=0&is_cpm=1&cpm=0.0085&ecpm=0.006758350000000001&crid=&crtid=d41d8cd98f00b204e9800998ecf8427e&tcid=0&out_id=&ver=&ver_c=&refdom=adultyiffyporn.gaysmills.gigixo.com&hostname=auc-banner-hz-6&site_id=0&spot_id=0&utm_source=tcban_i&utm_medium=3725&utm_campaign=17794&utm_content=&expiration_timestamp=0&created_at=0000-00-00&is_native=6&auction_queue=0&pop_winurl=&ip=91.90.42.154&testab=&px_id=0&adblock=0&auction_host=&mm=&yc=&render_type=&campaign_type=&uniq=&exp=&resp_type=a2&iabcat=&min_cpm=0.00012577034335303736&placement_type_id=0&skin_test=&verify_hash=&score=95&ml=&tag_ab=&ttl=&space_id=859&banner_width=300&banner_height=250&accel=0&gyr=0&iabcat=&url=https%3A%2F%2Fpreroll.hostave3.net%2Fnotifications%2Fzeropixel.png&pr=&bid_crid=&bid_cid=&is_iframe=0&ad_tags=&stratagem=&ssp=3758 HTTP/1.1
Host: rtbrennab.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://rtbbnr.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 302 Found
server: nginx/1.18.0
date: Sat, 12 Nov 2022 04:47:31 GMT
content-length: 0
vary: Origin
cache-control: no-transform, no-cache, no-store, must-revalidate
pragma: no-cache
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: *
location: https://preroll.hostave3.net/notifications/zeropixel.png
X-Firefox-Spdy: h2
tsyndicate.com/iframes2/e5937915a343437993bcb6ac18eb41d4.html?
136.243.75.209200 OK 2.8 kB URL HTTP/1.1 tsyndicate.com/iframes2/e5937915a343437993bcb6ac18eb41d4.html?
IP 136.243.75.209:0
ASN #24940 Hetzner Online GmbH
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (4388)
Hash a67305cd3154538434f05f15ce921e87
6521dedff1c1cdae3d67f9370881b6089d1b9aeb
3df147cd77c30867b015f83b2529b996268dae99cf685b16c65ecc5c9d37fb6b
GET /iframes2/e5937915a343437993bcb6ac18eb41d4.html? HTTP/1.1
Host: tsyndicate.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://adultyiffyporn.gaysmills.gigixo.com/
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 12 Nov 2022 04:47:31 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Pragma: no-cache
Expires: 0
Vary: Accept-Encoding, *
X-Api-Version: 2
Link: <http://lcdn.tsyndicate.com/sdk/v1/b.b.js>; rel=preload; as=script
X-Request-Id: bcafd05c0dc1c6ef
Set-Cookie: ts_uid=8901a310-c833-411e-9fd0-8613e18f17e9; expires=Fri, 12 May 2023 04:47:31 GMT; domain=.tsyndicate.com; path=/; HttpOnly; secure; SameSite=None
bfq=APeIECNCx5YZMGbcmEGDRhcWIsYU3BLjoYgyE2PYsIFjRgwaOGpU7KMg; expires=Sun, 13 Nov 2022 04:47:31 GMT; domain=.tsyndicate.com; path=/; secure; SameSite=None
Cache-Control: no-cache, no-store, no-transform, must-revalidate, no-transform
X-Robots-Tag: none, noindex, nofollow
Report-To: { "url": "https://pxl.tsyndicate.com/api/v1/heavy-ad/report", "max_age": 86401 }
Content-Encoding: gzip
lcdn.tsyndicate.com/sdk/v1/b.b.js
8.247.219.121304 Not Modified 0 B URL HTTP/1.1 lcdn.tsyndicate.com/sdk/v1/b.b.js
IP 8.247.219.121:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /sdk/v1/b.b.js HTTP/1.1
Host: lcdn.tsyndicate.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://tsyndicate.com/
If-Modified-Since: Tue, 22 Feb 2022 13:07:15 GMT
If-None-Match: W/"6214e003-1eb1"
HTTP/1.1 304 Not Modified
Date: Tue, 08 Mar 2022 10:11:03 GMT
Connection: keep-alive
Last-Modified: Tue, 22 Feb 2022 13:07:15 GMT
Server: nginx
X-Robots-Tag: noindex, nofollow
Vary: Accept-Encoding
ETag: W/"6214e003-1eb1"
Age: 21494188
rtbrennab.com/banner/in/show/?mid=623389841&pid=0&site=3725&sc=NO&usage_type=DCH&subid=1013599720&sid=0&cid=10461&price=0&is_cpm=1&cpm=0.0085&ecpm=0.006758350000000001&crid=&crtid=d41d8cd98f00b204e9800998ecf8427e&tcid=0&out_id=&ver=&ver_c=&refdom=adultyiffyporn.gaysmills.gigixo.com&hostname=auc-banner-hz-8&site_id=0&spot_id=0&utm_source=tcban_i&utm_medium=3725&utm_campaign=17794&utm_content=&expiration_timestamp=0&created_at=0000-00-00&is_native=6&auction_queue=0&pop_winurl=&ip=91.90.42.154&testab=&px_id=0&adblock=0&auction_host=&mm=&yc=&render_type=&campaign_type=&uniq=&exp=&resp_type=a2&iabcat=&min_cpm=0.00012577034335303736&placement_type_id=0&skin_test=&verify_hash=&score=95&ml=&tag_ab=&ttl=&space_id=859&banner_width=300&banner_height=250&accel=0&gyr=0&iabcat=&url=https%3A%2F%2Fpreroll.hostave3.net%2Fnotifications%2Fzeropixel.png&pr=&bid_crid=&bid_cid=&is_iframe=0&ad_tags=&stratagem=&ssp=3758
159.69.163.6302 Found 0 B URL HTTP/2 rtbrennab.com/banner/in/show/?mid=623389841&pid=0&site=3725&sc=NO&usage_type=DCH&subid=1013599720&sid=0&cid=10461&price=0&is_cpm=1&cpm=0.0085&ecpm=0.006758350000000001&crid=&crtid=d41d8cd98f00b204e9800998ecf8427e&tcid=0&out_id=&ver=&ver_c=&refdom=adultyiffyporn.gaysmills.gigixo.com&hostname=auc-banner-hz-8&site_id=0&spot_id=0&utm_source=tcban_i&utm_medium=3725&utm_campaign=17794&utm_content=&expiration_timestamp=0&created_at=0000-00-00&is_native=6&auction_queue=0&pop_winurl=&ip=91.90.42.154&testab=&px_id=0&adblock=0&auction_host=&mm=&yc=&render_type=&campaign_type=&uniq=&exp=&resp_type=a2&iabcat=&min_cpm=0.00012577034335303736&placement_type_id=0&skin_test=&verify_hash=&score=95&ml=&tag_ab=&ttl=&space_id=859&banner_width=300&banner_height=250&accel=0&gyr=0&iabcat=&url=https%3A%2F%2Fpreroll.hostave3.net%2Fnotifications%2Fzeropixel.png&pr=&bid_crid=&bid_cid=&is_iframe=0&ad_tags=&stratagem=&ssp=3758
IP 159.69.163.6:0
ASN #24940 Hetzner Online GmbH
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /banner/in/show/?mid=623389841&pid=0&site=3725&sc=NO&usage_type=DCH&subid=1013599720&sid=0&cid=10461&price=0&is_cpm=1&cpm=0.0085&ecpm=0.006758350000000001&crid=&crtid=d41d8cd98f00b204e9800998ecf8427e&tcid=0&out_id=&ver=&ver_c=&refdom=adultyiffyporn.gaysmills.gigixo.com&hostname=auc-banner-hz-8&site_id=0&spot_id=0&utm_source=tcban_i&utm_medium=3725&utm_campaign=17794&utm_content=&expiration_timestamp=0&created_at=0000-00-00&is_native=6&auction_queue=0&pop_winurl=&ip=91.90.42.154&testab=&px_id=0&adblock=0&auction_host=&mm=&yc=&render_type=&campaign_type=&uniq=&exp=&resp_type=a2&iabcat=&min_cpm=0.00012577034335303736&placement_type_id=0&skin_test=&verify_hash=&score=95&ml=&tag_ab=&ttl=&space_id=859&banner_width=300&banner_height=250&accel=0&gyr=0&iabcat=&url=https%3A%2F%2Fpreroll.hostave3.net%2Fnotifications%2Fzeropixel.png&pr=&bid_crid=&bid_cid=&is_iframe=0&ad_tags=&stratagem=&ssp=3758 HTTP/1.1
Host: rtbrennab.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://rtbbnr.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 302 Found
server: nginx/1.18.0
date: Sat, 12 Nov 2022 04:47:31 GMT
content-length: 0
vary: Origin
cache-control: no-transform, no-cache, no-store, must-revalidate
pragma: no-cache
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: *
location: https://preroll.hostave3.net/notifications/zeropixel.png
X-Firefox-Spdy: h2
btds.zog.link/in/912/?sid=0&source=1013599720&idzone=3830819&w=300&h=250&mo=&ve=&site_id=3725&utm1=tcban_i&utm2=3725&utm3=17794&utm4=&ad_tags=&spot_id=0&p=http%3A%2F%2Fadultyiffyporn.gaysmills.gigixo.com%2F&katds_labels=&btype=0&score=95&bf=0.0001
109.206.191.198302 Found 0 B URL HTTP/2 btds.zog.link/in/912/?sid=0&source=1013599720&idzone=3830819&w=300&h=250&mo=&ve=&site_id=3725&utm1=tcban_i&utm2=3725&utm3=17794&utm4=&ad_tags=&spot_id=0&p=http%3A%2F%2Fadultyiffyporn.gaysmills.gigixo.com%2F&katds_labels=&btype=0&score=95&bf=0.0001
IP 109.206.191.198:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /in/912/?sid=0&source=1013599720&idzone=3830819&w=300&h=250&mo=&ve=&site_id=3725&utm1=tcban_i&utm2=3725&utm3=17794&utm4=&ad_tags=&spot_id=0&p=http%3A%2F%2Fadultyiffyporn.gaysmills.gigixo.com%2F&katds_labels=&btype=0&score=95&bf=0.0001 HTTP/1.1
Host: btds.zog.link
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://rtbbnr.com/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 302 Found
server: nginx/1.20.1
date: Sat, 12 Nov 2022 04:47:32 GMT
content-type: text/html; charset=UTF-8
content-length: 0
location: https://tsyndicate.com/iframes2/5175584365de453a9d644d6cd6cd219e.html?subid=1013599720&categories={{ad_tags}}
vary: *
cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
set-cookie: 912.0=1; expires=Sun, 13 Nov 2022 04:47:31 GMT; path=/; secure; SameSite=None
X-Firefox-Spdy: h2
btds.zog.link/in/912/?sid=0&source=1134153787&idzone=3902650&w=160&h=600&mo=&ve=&site_id=5422&utm1=tcban_s&utm2=5422&utm3=17794&utm4=&ad_tags=&spot_id=0&p=http%3A%2F%2Fadultyiffyporn.gaysmills.gigixo.com%2F%3Fdaisy%3D20&katds_labels=&btype=0&score=95&bf=0.0001
109.206.191.198302 Found 0 B URL HTTP/2 btds.zog.link/in/912/?sid=0&source=1134153787&idzone=3902650&w=160&h=600&mo=&ve=&site_id=5422&utm1=tcban_s&utm2=5422&utm3=17794&utm4=&ad_tags=&spot_id=0&p=http%3A%2F%2Fadultyiffyporn.gaysmills.gigixo.com%2F%3Fdaisy%3D20&katds_labels=&btype=0&score=95&bf=0.0001
IP 109.206.191.198:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /in/912/?sid=0&source=1134153787&idzone=3902650&w=160&h=600&mo=&ve=&site_id=5422&utm1=tcban_s&utm2=5422&utm3=17794&utm4=&ad_tags=&spot_id=0&p=http%3A%2F%2Fadultyiffyporn.gaysmills.gigixo.com%2F%3Fdaisy%3D20&katds_labels=&btype=0&score=95&bf=0.0001 HTTP/1.1
Host: btds.zog.link
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://rtbbnr.com/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
server: nginx/1.20.1
date: Sat, 12 Nov 2022 04:47:32 GMT
content-type: text/html; charset=UTF-8
content-length: 0
location: https://12007250.pix-cdn.org/a/pjexo.html?idzone=3902650&w=160&h=600&ad_sub=&ad_tags=
vary: *
cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
set-cookie: 912.0=1; expires=Sun, 13 Nov 2022 04:47:31 GMT; path=/; secure; SameSite=None
X-Firefox-Spdy: h2
go.eabids.com/conversion.go?cid=2|160319|113814|no|114003|4330678|5675443|1|0|46|50304|,,,,,|4|0|0|1,6,24|0|0|en|1|1532635802|0&conv_type=c&output=js
217.22.19.194200 OK 0 B URL HTTP/2 go.eabids.com/conversion.go?cid=2|160319|113814|no|114003|4330678|5675443|1|0|46|50304|,,,,,|4|0|0|1,6,24|0|0|en|1|1532635802|0&conv_type=c&output=js
IP 217.22.19.194:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /conversion.go?cid=2|160319|113814|no|114003|4330678|5675443|1|0|46|50304|,,,,,|4|0|0|1,6,24|0|0|en|1|1532635802|0&conv_type=c&output=js HTTP/1.1
Host: go.eabids.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://adsmediabox.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 12 Nov 2022 04:47:32 GMT
content-type: application/javascript; charset=utf-8
content-length: 0
x-backend-server: nl2-web-205
X-Firefox-Spdy: h2
chaturbate.com/in/?tour=dTm0&campaign=Q2cRU&track=e.iframe.NO&disable_sound=1&mobileRedirect=auto&embed_video_only=1&id=2|164978|449252|no|94553|40900043|5675445|1|0|46|50304|,,,,,|4|0|0|21,4,25|0|0|en|1|1532635802|0
104.18.100.40302 Found 44 kB URL HTTP/2 chaturbate.com/in/?tour=dTm0&campaign=Q2cRU&track=e.iframe.NO&disable_sound=1&mobileRedirect=auto&embed_video_only=1&id=2|164978|449252|no|94553|40900043|5675445|1|0|46|50304|,,,,,|4|0|0|21,4,25|0|0|en|1|1532635802|0
IP 104.18.100.40:0
Hash 9e3582a910624e0b8ca0a248fbd36e1d
0cba3a20ad006b79b196ae562df76b4db6a727df
6fe431de3e0d9babedfa5a97f7ece835b341c34d970d15509d640de98b55d902
GET /in/?tour=dTm0&campaign=Q2cRU&track=e.iframe.NO&disable_sound=1&mobileRedirect=auto&embed_video_only=1&id=2|164978|449252|no|94553|40900043|5675445|1|0|46|50304|,,,,,|4|0|0|21,4,25|0|0|en|1|1532635802|0 HTTP/1.1
Host: chaturbate.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://go.eabids.com/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
date: Sat, 12 Nov 2022 04:47:31 GMT
content-type: text/html; charset=utf-8
location: /topembed/?join_overlay=1&tour=dTm0&campaign=Q2cRU&disable_sound=1&mobileRedirect=auto&embed_video_only=1&id=2%7C164978%7C449252%7Cno%7C94553%7C40900043%7C5675445%7C1%7C0%7C46%7C50304%7C%2C%2C%2C%2C%2C%7C4%7C0%7C0%7C21%2C4%2C25%7C0%7C0%7Cen%7C1%7C1532635802%7C0
p3p: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"
vary: Accept-Language, Cookie
content-language: en
content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.mmcdn.com https://*.highwebmedia.com https://*.chaturbate.com https://chaturbate.com https://ajax.googleapis.com https://js-agent.newrelic.com https://cdnjs.cloudflare.com https://www.google-analytics.com https://www.google.com/recaptcha/ https://www.google.com/cv/ https://www.gstatic.com/recaptcha/ https://www.gstatic.com/cv/ https://www.gstatic.com/eureka/ https://www.gstatic.com/cast/ https://*.nr-data.net https://certify-js.alexametrics.com https://player.vimeo.com/api/player.js http://static.hotjar.com https://static.hotjar.com https://script.hotjar.com ; style-src 'self' data: 'unsafe-inline' https://*.highwebmedia.com https://cdnjs.cloudflare.com https://fonts.googleapis.com ; img-src 'self' data: https://*.mmcdn.com https://*.highwebmedia.com https://*.stream.highwebmedia.com https://*.chaturbate.com https://chaturbate.com https://www.google-analytics.com https://static-pub.highwebmedia.com https://s3pv.highwebmedia.com https://cbphotovideo.s3.amazonaws.com https://cbphotovideo-eu.s3.amazonaws.com https://static-pub.highwebmedia.com.s3.amazonaws.com https://wowdvr.s3.amazonaws.com https://cbvideoupload.s3.amazonaws.com https://cdnjs.cloudflare.com https://www.gstatic.com https://*.nr-data.net https://certify.alexametrics.com https://stats.g.doubleclick.net https://cbgames.s3.amazonaws.com https://player.vimeo.com https://script.hotjar.com http://script.hotjar.com ; font-src 'self' data: https://*.mmcdn.com https://*.highwebmedia.com https://cdnjs.cloudflare.com https://fonts.gstatic.com http://script.hotjar.com https://script.hotjar.com ; connect-src 'self' blob: blob https://*.mmcdn.com wss://*.mmcdn.com wss://*.mmcdn.com:8443 https://*.highwebmedia.com wss://*.highwebmedia.com wss://*.highwebmedia.com:8443 https://*.nr-data.net https://*.chaturbate.com https://chaturbate.com https://www.google-analytics.com https://cbvideoupload.s3-accelerate.amazonaws.com https://stats.g.doubleclick.net https://internet-up.ably-realtime.com https://static-pub.highwebmedia.com https://s3pv.highwebmedia.com https://cbphotovideo.s3.amazonaws.com https://cbphotovideo-eu.s3.amazonaws.com https://static-pub.highwebmedia.com.s3.amazonaws.com https://wowdvr.s3.amazonaws.com https://cbvideoupload.s3.amazonaws.com https://tls-use1.fpapi.io https://use1.fptls.com https://eun1.fptls.com https://aps1.fptls.com http://*.hotjar.com:* https://*.hotjar.com:* https://vc.hotjar.io:* https://surveystats.hotjar.io wss://*.hotjar.com ; media-src 'self' https://*.mmcdn.com https://*.highwebmedia.com https://*.chaturbate.com https://chaturbate.com mediasource: blob: data: https://static-pub.highwebmedia.com https://s3pv.highwebmedia.com https://cbphotovideo.s3.amazonaws.com https://cbphotovideo-eu.s3.amazonaws.com https://static-pub.highwebmedia.com.s3.amazonaws.com https://wowdvr.s3.amazonaws.com https://cbvideoupload.s3.amazonaws.com; object-src 'self' https://*.mmcdn.com https://*.highwebmedia.com https://download.macromedia.com https://static-pub.highwebmedia.com https://s3pv.highwebmedia.com https://cbphotovideo.s3.amazonaws.com https://cbphotovideo-eu.s3.amazonaws.com https://static-pub.highwebmedia.com.s3.amazonaws.com https://wowdvr.s3.amazonaws.com https://cbvideoupload.s3.amazonaws.com ; frame-src 'self' https://*.mmcdn.com https://*.chaturbate.com https://chaturbate.com https://*.highwebmedia.com https://adserver.exoticads.com https://www.google.com/recaptcha/ https://*.wnu.com https://wnu.com https://checkout.2000charge.com https://www.sofort.com https://*.girogate.de https://player.vimeo.com https://vars.hotjar.com ; child-src 'self' blob: blob ; worker-src 'self' blob: blob ; form-action 'self' https://*.chaturbate.com https://chaturbate.com https://*.stream.highwebmedia.com https://www.coinpayments.net https://*.wnu.com https://wnu.com https://devportal.cb.dev https://*.web.amer-1.jumio.ai https://smartpay.coinsmart.com ; manifest-src 'self' https://*.mmcdn.com https://*.highwebmedia.com ; report-uri https://report-uri.mmcdn.com/r/t/csp/enforce;
report-to: {"group":"default","max_age":2592000,"endpoints":[{"url":"https://report-uri.mmcdn.com/a/t/g"}],"include_subdomains":true}
nel: {"report_to":"default","max_age":2592000,"include_subdomains":true}
x-frame-options: DENY
cache-control: no-cache
x-content-type-options: nosniff
x-xss-protection: 1; mode=block; report=https://report-uri.highwebmedia.com/r/t/xss/enforce
referrer-policy: strict-origin-when-cross-origin
via: 1.1 google
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cf-cache-status: DYNAMIC
set-cookie: u_dTm0=1; expires=Thu, 17-Nov-2022 04:47:31 GMT; Max-Age=432000; Path=/
us_dTm0=1; Path=/
affkey="eJwdjE0KgCAQRq8is47RZukhiqIOYP6UhCjmLrp7jMv3Pt73QgMtwG1JwSDApsK4kF135lZvZo8xVJM8TjPbyu5qrWgpz4zeHNE9aHOSvJoQelMzKSI2/ZNG+H5veR1Y"; Domain=.chaturbate.com; expires=Mon, 12-Dec-2022 04:47:31 GMT; Max-Age=2592000; Path=/
fromaffiliate=1; Domain=.chaturbate.com; Path=/
noads=1; expires=Sat, 12-Nov-2022 10:47:31 GMT; Max-Age=21600; Path=/
sbr=sec:sbr11cc7e8c-8c28-4dc8-b71d-c37c3fc1dd56:1otiQV:lH3_Q4Bk7V1L-FfutO2n2q7Mpe0; Domain=.chaturbate.com; expires=Thu, 07-Aug-2025 04:47:31 GMT; HttpOnly; Max-Age=86313600; Path=/; Secure
__cf_bm=3I1lTnFsql4lz4ScDVDPm0REPCAn9_Zl0Vx628KN4oA-1668228451-0-Ac2oPlOb2ZCGsW/+J26iblWF/Y/FsI83ou+0bGhW5Y6zTs5melKeyzZo2CeY7+MF8vEcT+7lpz2A81qv4pkbDcQ=; path=/; expires=Sat, 12-Nov-22 05:17:31 GMT; domain=.chaturbate.com; HttpOnly; Secure; SameSite=None
strict-transport-security: max-age=31536000; includeSubDomains; preload
server: cloudflare
cf-ray: 768ca14e7833b529-OSL
X-Firefox-Spdy: h2
go.eabids.com/conversion.go?cid=2|160319|5711849|no|114003|4330678|5675442|1|0|46|50304|,,,,,|4|0|0|3,4,6,11,12,14,30|0|0|en|1|1532635802|0&conv_type=c&output=js
217.22.19.194200 OK 0 B URL HTTP/2 go.eabids.com/conversion.go?cid=2|160319|5711849|no|114003|4330678|5675442|1|0|46|50304|,,,,,|4|0|0|3,4,6,11,12,14,30|0|0|en|1|1532635802|0&conv_type=c&output=js
IP 217.22.19.194:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /conversion.go?cid=2|160319|5711849|no|114003|4330678|5675442|1|0|46|50304|,,,,,|4|0|0|3,4,6,11,12,14,30|0|0|en|1|1532635802|0&conv_type=c&output=js HTTP/1.1
Host: go.eabids.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://adsmediabox.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 12 Nov 2022 04:47:32 GMT
content-type: application/javascript; charset=utf-8
content-length: 0
x-backend-server: nl2-web-205
X-Firefox-Spdy: h2
go.eabids.com/conversion.go?cid=2|160319|113814|no|114003|4330678|5675443|1|0|46|50304|,,,,,|4|0|0|1,6,24|0|0|en|1|1532635802|0&conv_type=c&output=js
217.22.19.194200 OK 0 B URL HTTP/2 go.eabids.com/conversion.go?cid=2|160319|113814|no|114003|4330678|5675443|1|0|46|50304|,,,,,|4|0|0|1,6,24|0|0|en|1|1532635802|0&conv_type=c&output=js
IP 217.22.19.194:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /conversion.go?cid=2|160319|113814|no|114003|4330678|5675443|1|0|46|50304|,,,,,|4|0|0|1,6,24|0|0|en|1|1532635802|0&conv_type=c&output=js HTTP/1.1
Host: go.eabids.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://adsmediabox.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 12 Nov 2022 04:47:32 GMT
content-type: application/javascript; charset=utf-8
content-length: 0
x-backend-server: nl2-web-205
X-Firefox-Spdy: h2
pxl.tsyndicate.com/api/v1/p/p.gif?p=APeIQFMmDJkycuaI0HGDhYgwY-gsjOGQzpmFD3OMmTFGRhgYLW7MMBOjBY0YNcK0yFHDjMqDOGzAmCEmBs0ZMEQ4nCMmDRmFOraIiAHDZo0cOW7IyNnF4Rg3QGsQdRimzhiMN2DcYEkDRkydInqSwZiGTpk2X2KANWhnoQ0aNRzCqSNmYY0ZNWRQhQNnok28O-FI1DHDRg64MuKKKIOHzpc5gjEa1PPGTZkvOI6CHdOmrw4aNGbIkJGDKhkzEx2KceNmoYyYMWnoFdHGzcXPXXHMhlP7doysMGw4rCOHzcIZRkmXFlFHBkY0dOjAmaPjxYs5jPO0KVOGTp3pLt7IOXN9jgs4aOD8IFLGTpoxZXqwn7OGzhs4XOrAgCHDxpAwnYWRxhluJEFED6CJRlp--_U3xRvEwddDEVgwyJ8NQoTBGkI9xGBhf068R5B8YdCRhm0f2kBFGON11-EXhR2WVw0pBkGGEeK1UWIPGW4oR4pDvDEHHT3AkCIUcrx34hlNvHEQGz0MAUUTKRLBRJFAVkZFHnDEFwQTTGRZhxt0yJFHD048kSIVckC0BocogUXGG21IRkYdbNCRRxpmmMGleG64cEYYeczRRhpssGHeGQOmgccbLoxB52YlLrQFck2JAIccV-kQQxktwKCYGKjpAIML-yk2Bm9fbNrpqftl5pAcdniGkkNlrFqnqahSxFwdaWCUk0NpeCZCDjG4kMOpsrmAEg1g1REGRk3qgSgbYbxQA6ogoHDFiXPeMQcITlABAlGo7gDCt268pS4e7oJAq6eiopoCCEfkusYbLyxFVFFFgWBEGnKUYcYbeLxA1LbDijBGpyKkCZZ4XzyMkcQOsQFxEU7I2d4XBRvnaQ033IBDYTjsNyuBrtWAQ0MiHGTHF2LIsRAOODgk8xdtOOlaTL6SIccbxzkk5EI0yDU0HnkgPavBz0UHR3UvGISnnnz6CQegghJq6LWLNvpopHS-ANYctGI0NB0litfCmGW1IJULZIxxg5wQH_RF3XdXtGsMNtig22tw-UpHG855GvjgOBR-FAymgVwGZF9UqrjgozUuFa4zh8EGQnQAdWkNmYYhxmAxG1xVnmDBofFCkDt8Gwx9KBAQ&r=1&s=6c3aa0f7f4f3ec60842352d6326a6e5c08bcf48c8b576cb0270d9070a3b09be81668228451&w=t
136.243.134.97200 OK 35 B URL HTTP/2 pxl.tsyndicate.com/api/v1/p/p.gif?p=APeIQFMmDJkycuaI0HGDhYgwY-gsjOGQzpmFD3OMmTFGRhgYLW7MMBOjBY0YNcK0yFHDjMqDOGzAmCEmBs0ZMEQ4nCMmDRmFOraIiAHDZo0cOW7IyNnF4Rg3QGsQdRimzhiMN2DcYEkDRkydInqSwZiGTpk2X2KANWhnoQ0aNRzCqSNmYY0ZNWRQhQNnok28O-FI1DHDRg64MuKKKIOHzpc5gjEa1PPGTZkvOI6CHdOmrw4aNGbIkJGDKhkzEx2KceNmoYyYMWnoFdHGzcXPXXHMhlP7doysMGw4rCOHzcIZRkmXFlFHBkY0dOjAmaPjxYs5jPO0KVOGTp3pLt7IOXN9jgs4aOD8IFLGTpoxZXqwn7OGzhs4XOrAgCHDxpAwnYWRxhluJEFED6CJRlp--_U3xRvEwddDEVgwyJ8NQoTBGkI9xGBhf068R5B8YdCRhm0f2kBFGON11-EXhR2WVw0pBkGGEeK1UWIPGW4oR4pDvDEHHT3AkCIUcrx34hlNvHEQGz0MAUUTKRLBRJFAVkZFHnDEFwQTTGRZhxt0yJFHD048kSIVckC0BocogUXGG21IRkYdbNCRRxpmmMGleG64cEYYeczRRhpssGHeGQOmgccbLoxB52YlLrQFck2JAIccV-kQQxktwKCYGKjpAIML-yk2Bm9fbNrpqftl5pAcdniGkkNlrFqnqahSxFwdaWCUk0NpeCZCDjG4kMOpsrmAEg1g1REGRk3qgSgbYbxQA6ogoHDFiXPeMQcITlABAlGo7gDCt268pS4e7oJAq6eiopoCCEfkusYbLyxFVFFFgWBEGnKUYcYbeLxA1LbDijBGpyKkCZZ4XzyMkcQOsQFxEU7I2d4XBRvnaQ033IBDYTjsNyuBrtWAQ0MiHGTHF2LIsRAOODgk8xdtOOlaTL6SIccbxzkk5EI0yDU0HnkgPavBz0UHR3UvGISnnnz6CQegghJq6LWLNvpopHS-ANYctGI0NB0litfCmGW1IJULZIxxg5wQH_RF3XdXtGsMNtig22tw-UpHG855GvjgOBR-FAymgVwGZF9UqrjgozUuFa4zh8EGQnQAdWkNmYYhxmAxG1xVnmDBofFCkDt8Gwx9KBAQ&r=1&s=6c3aa0f7f4f3ec60842352d6326a6e5c08bcf48c8b576cb0270d9070a3b09be81668228451&w=t
IP 136.243.134.97:0
ASN #24940 Hetzner Online GmbH
File type GIF image data, version 89a, 1 x 1\012- data
Hash c2196de8ba412c60c22ab491af7b1409
5fbd472222feb8a22cf5b8aa5dc5b8e13af88e2b
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992
GET /api/v1/p/p.gif?p=APeIQFMmDJkycuaI0HGDhYgwY-gsjOGQzpmFD3OMmTFGRhgYLW7MMBOjBY0YNcK0yFHDjMqDOGzAmCEmBs0ZMEQ4nCMmDRmFOraIiAHDZo0cOW7IyNnF4Rg3QGsQdRimzhiMN2DcYEkDRkydInqSwZiGTpk2X2KANWhnoQ0aNRzCqSNmYY0ZNWRQhQNnok28O-FI1DHDRg64MuKKKIOHzpc5gjEa1PPGTZkvOI6CHdOmrw4aNGbIkJGDKhkzEx2KceNmoYyYMWnoFdHGzcXPXXHMhlP7doysMGw4rCOHzcIZRkmXFlFHBkY0dOjAmaPjxYs5jPO0KVOGTp3pLt7IOXN9jgs4aOD8IFLGTpoxZXqwn7OGzhs4XOrAgCHDxpAwnYWRxhluJEFED6CJRlp--_U3xRvEwddDEVgwyJ8NQoTBGkI9xGBhf068R5B8YdCRhm0f2kBFGON11-EXhR2WVw0pBkGGEeK1UWIPGW4oR4pDvDEHHT3AkCIUcrx34hlNvHEQGz0MAUUTKRLBRJFAVkZFHnDEFwQTTGRZhxt0yJFHD048kSIVckC0BocogUXGG21IRkYdbNCRRxpmmMGleG64cEYYeczRRhpssGHeGQOmgccbLoxB52YlLrQFck2JAIccV-kQQxktwKCYGKjpAIML-yk2Bm9fbNrpqftl5pAcdniGkkNlrFqnqahSxFwdaWCUk0NpeCZCDjG4kMOpsrmAEg1g1REGRk3qgSgbYbxQA6ogoHDFiXPeMQcITlABAlGo7gDCt268pS4e7oJAq6eiopoCCEfkusYbLyxFVFFFgWBEGnKUYcYbeLxA1LbDijBGpyKkCZZ4XzyMkcQOsQFxEU7I2d4XBRvnaQ033IBDYTjsNyuBrtWAQ0MiHGTHF2LIsRAOODgk8xdtOOlaTL6SIccbxzkk5EI0yDU0HnkgPavBz0UHR3UvGISnnnz6CQegghJq6LWLNvpopHS-ANYctGI0NB0litfCmGW1IJULZIxxg5wQH_RF3XdXtGsMNtig22tw-UpHG855GvjgOBR-FAymgVwGZF9UqrjgozUuFa4zh8EGQnQAdWkNmYYhxmAxG1xVnmDBofFCkDt8Gwx9KBAQ&r=1&s=6c3aa0f7f4f3ec60842352d6326a6e5c08bcf48c8b576cb0270d9070a3b09be81668228451&w=t HTTP/1.1
Host: pxl.tsyndicate.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://rtbbnr.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Sat, 12 Nov 2022 04:47:32 GMT
content-type: text/plain; charset=utf-8
content-length: 35
x-robots-tag: noindex, nofollow
X-Firefox-Spdy: h2
pxl.tsyndicate.com/api/v1/p/p.gif?p=APeIQFMmDJkycuaI0HGDhYgwY-gsjOGQzpmFIsTYGBODDJkYY1rMIEPjRgsaYcKIaZGDBo0ZLcTQEJPDDAwzYsTEiDFDhMM5YtKQUahji4gYMHjWyJHjhgwYIro4HOOGaA2kDsPUGYPRhowZM3DkwEEjhs-MQjGmoVOmzRezWcnYWWiDRg2HcOqIWVhjRg0ZWeHAmcjT7084EnXMsNHy710RZfDQ-TIHMUaDet64KfMFx9KzY9oM1uFyhgwZOeKamehQjBs3C2XgsDGbBmARbdxcJE0DBo7bcHLvjnEDBgwbDuvIYbNwhlLUqUXUkYERDR06cOboePFiTuQ8bcqUoVMnu4s3cs50n-MCDho4P4iUsZNmTJke8uesofMGDpc6xslgwxBhiBZGGme4kQQRPZR2Wg7_BWjDFG8oZ18PRWARIQwCChHGawj1EMOGAjpRH0H4hUFHGrqRaAMVYaQ3nohfLNaYDDW4GAQZRqDXhoo9eAiiHC4O8cYcdPQAg4tQyFEfi2c08cZBbPQwBBRNuEgEE0oWqRkVecBxXxBMMOFlHW7QIUcePTjxhItUyAHRGiHGUMNZZLzRxmVk1MEGHXmkYYYZYaLnhgtnhJHHHG2kwQYb7J2BYBp4vOHCGHqCpuJCWzgnlQhwyMGVDjGU0QIMj4mxmg4wuGDcY2ME90Woo7ZqnGcOyWHHaHY6VEase7LqKkXS1ZEGRlA5lMZoIuQQgws5tGqbC3bScFYdYWAkpR6OshHGCzW4CgIKV7CY5x1zgOAEFSAg5eoOIJTrRl3w4kEvCLqSiqqrKYBwxK9rvPHCU0gllRQIRqQhRxlmvIHHC0iFm6wIY4wqgptnofdFxRhh7BAbFhfhBJ7zfbEwc6TWcMMNOCyGg3G5JhhbDTg0JMJBdnwhhhwL4YCDQzh_0caUsc1GLBlyvNGcQ0cuRANeSeORh9O5MlzddXBs94JBfgIqKKFwGIqooox2G-mklV6q5wtnzaErRknToSJ6LaC5Vgs2zOACGWPcgKfFB33Bt98VBRuDDbSdRtZVhVNHKuK_yWaXnTTHZXIZlX2x6eOJS844ZDmHwQZCdBDVaQ2fqpTYzQxr9edZcIC8EAxT7QZDHwoEBA%3D%3D&r=1&s=d4f6e84032a56c1c44b9cb53c785aece2c3f05c6d28ff0d6c76bcfe470afa5f01668228451&w=t
136.243.134.97200 OK 35 B URL HTTP/2 pxl.tsyndicate.com/api/v1/p/p.gif?p=APeIQFMmDJkycuaI0HGDhYgwY-gsjOGQzpmFIsTYGBODDJkYY1rMIEPjRgsaYcKIaZGDBo0ZLcTQEJPDDAwzYsTEiDFDhMM5YtKQUahji4gYMHjWyJHjhgwYIro4HOOGaA2kDsPUGYPRhowZM3DkwEEjhs-MQjGmoVOmzRezWcnYWWiDRg2HcOqIWVhjRg0ZWeHAmcjT7084EnXMsNHy710RZfDQ-TIHMUaDet64KfMFx9KzY9oM1uFyhgwZOeKamehQjBs3C2XgsDGbBmARbdxcJE0DBo7bcHLvjnEDBgwbDuvIYbNwhlLUqUXUkYERDR06cOboePFiTuQ8bcqUoVMnu4s3cs50n-MCDho4P4iUsZNmTJke8uesofMGDpc6xslgwxBhiBZGGme4kQQRPZR2Wg7_BWjDFG8oZ18PRWARIQwCChHGawj1EMOGAjpRH0H4hUFHGrqRaAMVYaQ3nohfLNaYDDW4GAQZRqDXhoo9eAiiHC4O8cYcdPQAg4tQyFEfi2c08cZBbPQwBBRNuEgEE0oWqRkVecBxXxBMMOFlHW7QIUcePTjxhItUyAHRGiHGUMNZZLzRxmVk1MEGHXmkYYYZYaLnhgtnhJHHHG2kwQYb7J2BYBp4vOHCGHqCpuJCWzgnlQhwyMGVDjGU0QIMj4mxmg4wuGDcY2ME90Woo7ZqnGcOyWHHaHY6VEase7LqKkXS1ZEGRlA5lMZoIuQQgws5tGqbC3bScFYdYWAkpR6OshHGCzW4CgIKV7CY5x1zgOAEFSAg5eoOIJTrRl3w4kEvCLqSiqqrKYBwxK9rvPHCU0gllRQIRqQhRxlmvIHHC0iFm6wIY4wqgptnofdFxRhh7BAbFhfhBJ7zfbEwc6TWcMMNOCyGg3G5JhhbDTg0JMJBdnwhhhwL4YCDQzh_0caUsc1GLBlyvNGcQ0cuRANeSeORh9O5MlzddXBs94JBfgIqKKFwGIqooox2G-mklV6q5wtnzaErRknToSJ6LaC5Vgs2zOACGWPcgKfFB33Bt98VBRuDDbSdRtZVhVNHKuK_yWaXnTTHZXIZlX2x6eOJS844ZDmHwQZCdBDVaQ2fqpTYzQxr9edZcIC8EAxT7QZDHwoEBA%3D%3D&r=1&s=d4f6e84032a56c1c44b9cb53c785aece2c3f05c6d28ff0d6c76bcfe470afa5f01668228451&w=t
IP 136.243.134.97:0
ASN #24940 Hetzner Online GmbH
File type GIF image data, version 89a, 1 x 1\012- data
Hash c2196de8ba412c60c22ab491af7b1409
5fbd472222feb8a22cf5b8aa5dc5b8e13af88e2b
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992
GET /api/v1/p/p.gif?p=APeIQFMmDJkycuaI0HGDhYgwY-gsjOGQzpmFIsTYGBODDJkYY1rMIEPjRgsaYcKIaZGDBo0ZLcTQEJPDDAwzYsTEiDFDhMM5YtKQUahji4gYMHjWyJHjhgwYIro4HOOGaA2kDsPUGYPRhowZM3DkwEEjhs-MQjGmoVOmzRezWcnYWWiDRg2HcOqIWVhjRg0ZWeHAmcjT7084EnXMsNHy710RZfDQ-TIHMUaDet64KfMFx9KzY9oM1uFyhgwZOeKamehQjBs3C2XgsDGbBmARbdxcJE0DBo7bcHLvjnEDBgwbDuvIYbNwhlLUqUXUkYERDR06cOboePFiTuQ8bcqUoVMnu4s3cs50n-MCDho4P4iUsZNmTJke8uesofMGDpc6xslgwxBhiBZGGme4kQQRPZR2Wg7_BWjDFG8oZ18PRWARIQwCChHGawj1EMOGAjpRH0H4hUFHGrqRaAMVYaQ3nohfLNaYDDW4GAQZRqDXhoo9eAiiHC4O8cYcdPQAg4tQyFEfi2c08cZBbPQwBBRNuEgEE0oWqRkVecBxXxBMMOFlHW7QIUcePTjxhItUyAHRGiHGUMNZZLzRxmVk1MEGHXmkYYYZYaLnhgtnhJHHHG2kwQYb7J2BYBp4vOHCGHqCpuJCWzgnlQhwyMGVDjGU0QIMj4mxmg4wuGDcY2ME90Woo7ZqnGcOyWHHaHY6VEase7LqKkXS1ZEGRlA5lMZoIuQQgws5tGqbC3bScFYdYWAkpR6OshHGCzW4CgIKV7CY5x1zgOAEFSAg5eoOIJTrRl3w4kEvCLqSiqqrKYBwxK9rvPHCU0gllRQIRqQhRxlmvIHHC0iFm6wIY4wqgptnofdFxRhh7BAbFhfhBJ7zfbEwc6TWcMMNOCyGg3G5JhhbDTg0JMJBdnwhhhwL4YCDQzh_0caUsc1GLBlyvNGcQ0cuRANeSeORh9O5MlzddXBs94JBfgIqKKFwGIqooox2G-mklV6q5wtnzaErRknToSJ6LaC5Vgs2zOACGWPcgKfFB33Bt98VBRuDDbSdRtZVhVNHKuK_yWaXnTTHZXIZlX2x6eOJS844ZDmHwQZCdBDVaQ2fqpTYzQxr9edZcIC8EAxT7QZDHwoEBA%3D%3D&r=1&s=d4f6e84032a56c1c44b9cb53c785aece2c3f05c6d28ff0d6c76bcfe470afa5f01668228451&w=t HTTP/1.1
Host: pxl.tsyndicate.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://rtbbnr.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 12 Nov 2022 04:47:32 GMT
content-type: text/plain; charset=utf-8
content-length: 35
x-robots-tag: noindex, nofollow
X-Firefox-Spdy: h2
go.eabids.com/conversion.go?cid=2|160319|113814|no|114003|4330678|5675443|1|0|46|50304|,,,,,|4|0|0|1,6,24|0|0|en|1|1532635802|0&conv_type=c&output=js
217.22.19.194200 OK 0 B URL HTTP/2 go.eabids.com/conversion.go?cid=2|160319|113814|no|114003|4330678|5675443|1|0|46|50304|,,,,,|4|0|0|1,6,24|0|0|en|1|1532635802|0&conv_type=c&output=js
IP 217.22.19.194:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /conversion.go?cid=2|160319|113814|no|114003|4330678|5675443|1|0|46|50304|,,,,,|4|0|0|1,6,24|0|0|en|1|1532635802|0&conv_type=c&output=js HTTP/1.1
Host: go.eabids.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://adsmediabox.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 12 Nov 2022 04:47:32 GMT
content-type: application/javascript; charset=utf-8
content-length: 0
x-backend-server: nl2-web-205
X-Firefox-Spdy: h2
static.eabids.com/data/bannerpools/119449/56522.jpg
217.22.19.195200 OK 18 kB URL HTTP/1.1 static.eabids.com/data/bannerpools/119449/56522.jpg
IP 217.22.19.195:0
File type JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 300x250, components 3\012- data
Hash fadaabe87d4b889fcf6d100dc1a090b8
f6739e89b6aa45fcdedd8e050007491383000b97
687a51899e6168f321636ea155552474844ad29968a0e7333cc56dc57da4e17b
GET /data/bannerpools/119449/56522.jpg HTTP/1.1
Host: static.eabids.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://go.eabids.com/
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 12 Nov 2022 04:47:32 GMT
Content-Type: image/jpeg
Content-Length: 18228
Last-Modified: Thu, 28 Apr 2022 14:31:40 GMT
Connection: keep-alive
ETag: "626aa54c-4734"
Expires: Thu, 31 Dec 2037 23:55:55 GMT
Cache-Control: max-age=315360000
X-Backend-Server: nl2-static-223
Accept-Ranges: bytes
lcdn.tsyndicate.com/sdk/v1/b.b.js
8.247.219.121304 Not Modified 0 B URL HTTP/1.1 lcdn.tsyndicate.com/sdk/v1/b.b.js
IP 8.247.219.121:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /sdk/v1/b.b.js HTTP/1.1
Host: lcdn.tsyndicate.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://tsyndicate.com/
If-Modified-Since: Tue, 22 Feb 2022 13:07:15 GMT
If-None-Match: W/"6214e003-1eb1"
HTTP/1.1 304 Not Modified
Date: Tue, 08 Mar 2022 10:11:03 GMT
Connection: keep-alive
Last-Modified: Tue, 22 Feb 2022 13:07:15 GMT
Server: nginx
X-Robots-Tag: noindex, nofollow
Vary: Accept-Encoding
ETag: W/"6214e003-1eb1"
Age: 21494189
go.eabids.com/conversion.go?cid=2|160319|113814|no|114003|4330678|5675443|1|0|46|50304|,,,,,|4|0|0|1,6,24|0|0|en|1|1532635802|0&conv_type=c&output=js
217.22.19.194200 OK 0 B URL HTTP/2 go.eabids.com/conversion.go?cid=2|160319|113814|no|114003|4330678|5675443|1|0|46|50304|,,,,,|4|0|0|1,6,24|0|0|en|1|1532635802|0&conv_type=c&output=js
IP 217.22.19.194:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /conversion.go?cid=2|160319|113814|no|114003|4330678|5675443|1|0|46|50304|,,,,,|4|0|0|1,6,24|0|0|en|1|1532635802|0&conv_type=c&output=js HTTP/1.1
Host: go.eabids.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://adsmediabox.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 12 Nov 2022 04:47:32 GMT
content-type: application/javascript; charset=utf-8
content-length: 0
x-backend-server: nl2-web-205
X-Firefox-Spdy: h2
s3t3d2y8.afcdn.net/library/343282/44d2b0d716c41704972b1e033532acdd08a35ae1.webp
185.76.9.16200 OK 11 kB URL HTTP/2 s3t3d2y8.afcdn.net/library/343282/44d2b0d716c41704972b1e033532acdd08a35ae1.webp
IP 185.76.9.16:0
ASN #60068 Datacamp Limited
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 300x250, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash 1a5b99d59e4454acd6318034dbba1e40
44d2b0d716c41704972b1e033532acdd08a35ae1
e094ffde2b6dd7ea9a164adcf421522f8d8dad2152f704c902bf5f6574f4e8f6
GET /library/343282/44d2b0d716c41704972b1e033532acdd08a35ae1.webp HTTP/1.1
Host: s3t3d2y8.afcdn.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://syndication.realsrv.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 12 Nov 2022 04:47:32 GMT
content-type: image/webp
content-length: 11348
last-modified: Sat, 23 Jul 2022 12:15:13 GMT
etag: "62dbe651-2c54"
expires: Sun, 23 Jul 2023 13:06:42 GMT
cache-control: max-age=31536000
access-control-allow-origin: *
x-cache-op: HIT
x-accel-expires: @1690117860
server: CDN77-Turbo
x-robots-tag: noindex, follow
x-77-nzt: AblMCQ3KJpn/ADKTAA
x-77-nzt-ray: ffffffffc77199b364256f63169c210f
x-cache: HIT
x-age: 9646592
x-77-pop: stockholmSE
x-77-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
a.realsrv.com/ads.js
185.76.9.21200 OK 1.3 kB IP 185.76.9.21:0
ASN #60068 Datacamp Limited
File type ASCII text, with very long lines (2475), with no line terminators
Hash e7af90f28dcb46cdf74a64ad1f3fc97f
0e314b4e1d3811250d836edfa810302c675e9a0b
a899965d7659b6c654732ecb91d4f8474829585d99b2e12d76a9ebc66c228c09
GET /ads.js HTTP/1.1
Host: a.realsrv.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://biptolyla.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 12 Nov 2022 04:47:31 GMT
content-type: application/javascript
etag: W/"f4fddb85b686269b678e3caf766"
expires: Thu, 10 Nov 2022 18:38:42 GMT
cache-control: max-age=10800
access-control-allow-origin: *
x-cache-op: HIT
x-accel-expires: @1668235323
server: CDN77-Turbo
x-77-nzt: AblMCRQU9xX/WA8AAA
x-77-nzt-ray: ffffffff6091899e63256f6347944020
x-cache: HIT
x-age: 3928
x-77-pop: stockholmSE
x-77-cache: HIT
content-encoding: br
X-Firefox-Spdy: h2
s3t3d2y8.afcdn.net/library/428515/ede74c7bceaa7703fd30a60d5d9f04ca5eac5716.mp4
185.76.9.16206 Partial Content 33 kB URL HTTP/2 s3t3d2y8.afcdn.net/library/428515/ede74c7bceaa7703fd30a60d5d9f04ca5eac5716.mp4
IP 185.76.9.16:0
ASN #60068 Datacamp Limited
File type ISO Media, MP4 Base Media v1 [ISO 14496-12:2003]\012- data
Hash 1413cd1c8cc4a6653851bdfc54fdb32f
ede74c7bceaa7703fd30a60d5d9f04ca5eac5716
41f006ad3d3978487383e7cdf609bbd8041bb1fd2af17b81874d80eaad003235
GET /library/428515/ede74c7bceaa7703fd30a60d5d9f04ca5eac5716.mp4 HTTP/1.1
Host: s3t3d2y8.afcdn.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: video/webm,video/ogg,video/*;q=0.9,application/ogg;q=0.7,audio/*;q=0.6,*/*;q=0.5
Accept-Language: en-US,en;q=0.5
Range: bytes=0-
Connection: keep-alive
Referer: https://syndication.realsrv.com/
Sec-Fetch-Dest: video
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 206 Partial Content
date: Sat, 12 Nov 2022 04:47:32 GMT
content-type: video/mp4
content-length: 33263
last-modified: Fri, 31 Dec 2021 10:19:17 GMT
etag: "61ced925-81ef"
expires: Fri, 30 Jun 2023 11:26:36 GMT
cache-control: max-age=31536000
access-control-allow-origin: *
x-cache-op: HIT
x-accel-expires: @1688195204
server: CDN77-Turbo
x-robots-tag: noindex, follow
x-77-nzt: AblMCQ1Lz2f/YIiwAA
x-77-nzt-ray: ffffffffc77199b364256f63d6b8ef0f
x-cache: HIT
x-age: 11569248
x-77-pop: stockholmSE
x-77-cache: HIT
content-range: bytes 0-33262/33263
X-Firefox-Spdy: h2
ocsp.sectigo.com/
172.64.155.188200 OK 472 B IP 172.64.155.188:0
Hash db9bfc4917df5c2004319eb2ccf91eb3
5a1644f754e862c047a4dcec5b112b310ca2e709
21f48350ba948a14d2ee1f7eee49442faf7120784c20f161762433a106fad6b3
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sat, 12 Nov 2022 04:47:32 GMT
Content-Type: application/ocsp-response
Content-Length: 472
Connection: keep-alive
Last-Modified: Wed, 09 Nov 2022 03:56:30 GMT
Expires: Wed, 16 Nov 2022 03:56:29 GMT
Etag: "5a1644f754e862c047a4dcec5b112b310ca2e709"
Cache-Control: max-age=341936,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb5
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 768ca1523997b529-OSL
lcdn.tsyndicate.com/images/7/b/f0c150057ad2f54d8958b330d404556e4e605a.png
8.247.219.121200 OK 18 kB URL HTTP/2 lcdn.tsyndicate.com/images/7/b/f0c150057ad2f54d8958b330d404556e4e605a.png
IP 8.247.219.121:0
File type PNG image data, 300 x 250, 8-bit/color RGBA, non-interlaced\012- data
Hash f0b41328d01337c57fe07340a1a8a786
c8785ca6e740b868114125b1e2eeca96e992bc6a
dd74ebacdf272f21a95dc7114315665e2bef84f0bffe95768b81bf294c1efd08
GET /images/7/b/f0c150057ad2f54d8958b330d404556e4e605a.png HTTP/1.1
Host: lcdn.tsyndicate.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://rtbbnr.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 12 Nov 2022 04:47:32 GMT
content-type: image/png
content-length: 17996
last-modified: Fri, 22 Jul 2022 12:28:19 GMT
server: nginx
x-robots-tag: noindex, nofollow
content-encoding: gzip
vary: Accept-Encoding
etag: W/"62da97e3-4d10"
age: 2685112
accept-ranges: bytes
X-Firefox-Spdy: h2
tsyndicate.com/iframes2/e5937915a343437993bcb6ac18eb41d4.html?
136.243.75.209200 OK 2.8 kB URL HTTP/1.1 tsyndicate.com/iframes2/e5937915a343437993bcb6ac18eb41d4.html?
IP 136.243.75.209:0
ASN #24940 Hetzner Online GmbH
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (4380)
Hash d393fe78bbda711e0bfc5a2744137042
5a1748c548fc6087503c02c31c3faae9b474b7f4
2a26e8e30d3d45f894b7ffaa912e8f52bb4d56252ac338004fb78d4d096be6ec
GET /iframes2/e5937915a343437993bcb6ac18eb41d4.html? HTTP/1.1
Host: tsyndicate.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://adultyiffyporn.gaysmills.gigixo.com/
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 12 Nov 2022 04:47:32 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Pragma: no-cache
Expires: 0
Vary: Accept-Encoding, *
X-Api-Version: 2
Link: <http://lcdn.tsyndicate.com/sdk/v1/b.b.js>; rel=preload; as=script
X-Request-Id: 79bd94ccec29a3f4
Set-Cookie: ts_uid=2dd90063-1d12-4be5-944f-76a5de74604b; expires=Fri, 12 May 2023 04:47:32 GMT; domain=.tsyndicate.com; path=/; HttpOnly; secure; SameSite=None
bfq=APeIECNCx5YZMGbcmEGDRhcWIsYU3BLjoYgyE2PYsIFjRgwaOGrI6NJH; expires=Sun, 13 Nov 2022 04:47:32 GMT; domain=.tsyndicate.com; path=/; secure; SameSite=None
Cache-Control: no-cache, no-store, no-transform, must-revalidate, no-transform
X-Robots-Tag: none, noindex, nofollow
Report-To: { "url": "https://pxl.tsyndicate.com/api/v1/heavy-ad/report", "max_age": 86401 }
Content-Encoding: gzip
adultyiffyporn.gaysmills.gigixo.com/s3/ad_tf1/4216.jpg
51.79.221.186200 OK 50 kB URL HTTP/1.1 adultyiffyporn.gaysmills.gigixo.com/s3/ad_tf1/4216.jpg
IP 51.79.221.186:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 100x957, components 3\012- data
Hash da4747361182933f630836a8d42a5336
6c00038a2bb2ccf5ae7836a0cc0d1f1afb66a286
36342e2c2ecfab8e73e5f082dd9b05290aac02b7c088954e4514b6ec7d248cc4
GET /s3/ad_tf1/4216.jpg HTTP/1.1
Host: adultyiffyporn.gaysmills.gigixo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://adultyiffyporn.gaysmills.gigixo.com/?daisy=20
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 12 Nov 2022 04:39:24 GMT
Content-Type: image/jpeg
Content-Length: 49697
Connection: keep-alive
Last-Modified: Tue, 20 Apr 2021 20:23:27 GMT
ETag: "607f383f-c221"
X-Cluster: web-cdn2
X-Cache: HIT
CF-Cache-Status: MISS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=IUnkx5no439LL641laftc6zaQ2%2FIYMBmi4%2B%2FEFJJsf0VmBaVey6PSc2etP8wsPAAFzgd86ydlUF6C9N9xmUL0TAjJAcKxA86VIH6iT67qCyI%2F7G2ro31VQeOuNiVoik%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
CF-RAY: 768ca14c7f9e4c2f-SIN
alt-svc: h2=":443"; ma=60
X-Cache-Status: MISS
Cache-Control: max-age=14400, max-age=31536000
Accept-Ranges: bytes
www.highperformancedisplayformat.com/11115435c35e6b966b90a5f936e0edcc/invoke.js
192.243.59.20403 Forbidden 0 B URL HTTP/1.1 www.highperformancedisplayformat.com/11115435c35e6b966b90a5f936e0edcc/invoke.js
IP 192.243.59.20:0
ASN #39572 DataWeb Global Group B.V.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /11115435c35e6b966b90a5f936e0edcc/invoke.js HTTP/1.1
Host: www.highperformancedisplayformat.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://adultyiffyporn.gaysmills.gigixo.com/
HTTP/1.1 403 Forbidden
Server: nginx/1.17.9
Date: Sat, 12 Nov 2022 04:47:32 GMT
Content-Type: application/javascript
Content-Length: 0
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
syndication.realsrv.com/ads-iframe-display.php?idzone=4211576&type=300x250&p=http%3A//adultyiffyporn.gaysmills.gigixo.com/&dt=1668228451869&sub=&tags=&cookieconsent=true&screen_resolution=1280x1024&el=%22
95.211.229.247200 OK 880 B URL HTTP/1.1 syndication.realsrv.com/ads-iframe-display.php?idzone=4211576&type=300x250&p=http%3A//adultyiffyporn.gaysmills.gigixo.com/&dt=1668228451869&sub=&tags=&cookieconsent=true&screen_resolution=1280x1024&el=%22
IP 95.211.229.247:0
ASN #60781 LeaseWeb Netherlands B.V.
File type HTML document text\012- HTML document, ASCII text, with very long lines (1826), with no line terminators
Hash 149999c4bfcf3950e5cdae5fc658f729
3024fb8d71d3ad8d471d70cc090350fd7d146e08
dea2ee001091c438eaca3ae8c08b98fab04ea566e93d3e5aac002d63097d78ae
GET /ads-iframe-display.php?idzone=4211576&type=300x250&p=http%3A//adultyiffyporn.gaysmills.gigixo.com/&dt=1668228451869&sub=&tags=&cookieconsent=true&screen_resolution=1280x1024&el=%22 HTTP/1.1
Host: syndication.realsrv.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://biptolyla.com/
Cookie: __uvt=a%3A1%3A%7Bi%3A0%3Bs%3A31%3A%22636f2563a80674.2191300497970390%22%3B%7D; impressions=cmmsxrbonxgxaambboecmgeicmmsxaeenxgxaamaxcmxogeimacslbecnxgxaaabssxamgeislsaroornxgxaamblrmrbgeicxbmsbxcnxgxaaboebxemgeioslmrxlrnxgxaabeooxlageiccmmlmlcnxgxaamllsrcageialbsereanxgxaamllsrcageioslmrxbrnxgxaaboebxemgeicxbmsbcenxgxaabxsomclgeioslmrxlsnxgxaabeolsbcgeicxbmsbocnxgxaaboocxmogeicxbmsboenxgxaaboebxemgeiclsmarcanxgxaaallsxlcgeiclsmrrmanxgxaaallsxlcgeirbabxabbnxgxaambsrbelgeiccmmlleanxgxaameaxobogeimcrxsbcenxgxaameollsmgeimreaoboenxgxaameollsmgeimcclosscnxgxaaboxobmbgeimacslbeenxgxaamecsolcgeioslmroemnxgxaabxsomclgeioslmrxbmnxgxaabxoobsageicaxsscmbnxgxaamalsseageicaormlxonxgxaamealeoegeicaormbmcnxgxaamealeoegeimcclsxscnxgxaamsmxlcageimccloscanxgxaaboebxemgeimreaomxenxgxaamelbbsbgeimreaobscnxgxaamelbbsbgeimcclosconxgxaamxcrescgeimcclsoeonxgxaamxaacblgeimacslbeonxgxaaboocxmogeimcclsxsanxgxaamsmxlcageimcclsxlbnxgxaamssmcolgeimaecseaonxgxaamssmcolgeimaecsxeonxgxaamssmcolgeimaecseronxgxaamssmcolgeimrblelrenxgxaamssmcolgeiccmmllebnxgxaaboxobmbgeimcclsxlonxgxaamcsebsxgeimcclsoeenxgxaamcrclalgeimcclsxsbnxgxaamcrclalgeimcclossbnxgxaammemsrlgeimcclsxlcnxgxaamrscxmxgeimaecseranxgxaamrsseregeimcclosccnxgxaamrscxmxgeicaormlxcnxgxaabxlrcrxgeicaormbmbnxgxaabxlrcrxgeiclsmrbsenxgxaamaxcsxcgeialbserebnxgxaabeooxlageimcclsxconxgxaaboebxemgeimcclsxmenxgxaaboebxemgeialbserxonxgxaamammmlcgeimccloscenxgxaamabsxrmgeimcclsxxonxgxaamabbxbageimcclsxbcnxgxaammclslageicaormlxanxgxaammacmrxgeimcclsxaonxgxaambmrobegeimrblxxxbnxgxaambboecmgeimrblxelcnxgxaambboecmgeimrblxxrbnxgxaambboecmgeialbserxenxgxaabeexbbogeimacslbeanxgxaabesecoogeimxlbalcenogxaabxcososgxcceimemlxbocnxgxaabxcososgxcceimxlbmxlenogxaabxcososgxcceimclsaoxbnrgxaabxcoscogxcceimarmaaaonxgxaabxcoscogxcceimcoaxmxcncgxaabxcrramgxcceimrxmbarenxgxaabxcrramgxcceimclxlloanxgxaabxclexxgxcceimrxccosenogxaabxclexxgxcceimxlbmxlonogxaabxclexogxcceimrsreabenogxaabxmxblxgxcceimxlbmoscnogxaabxmlmalgxcceimaoobrbcnsgxaabxbelrxgxcceiceecmorsnxgxaabxbelrxgxcceimaoobrbancgxaabxbelrxgxcceimxlbmosansgxaabxbxoebgxcceimxlbmoconogxaabxbxoelgxcceialaroxrcnxgxaabxbomxrgxcceimexexabbnxgxaabxbomxrgxcceimxxrecsanxgxaabxbolsbgxcceialbbebsanxgxaabxblxaxgxcceimaoolcoenxgxaabxblxabgxcceimcoaxmxoncgxaabxlebsegxcceixaoossalnxgxaabxlebsegxcceimaslbxccnogxaabxlososgxcceimxeemlxenogxaabxlososgxcceixaoosscrnxgxaabxlososgxcceimeembesonxgxaabxlrxorgxcceimaslbxcanogxaabxlrxorgxcceimcssmlronsgxaabxlrxorgxcceimxlbmxlcnogxaabxlrxorgxcceimxlbalsbnogxaabxlrxorgxcceimsacexoonxgxaabxlrxorgxcceimcssmlrensgxaabxlrxorgxcceimcssmlrcnsgxaabxlrcrxgxcceimsleoaronxgxaabxlrbxlgxcceimemlxmcbnxgxaabxlrbxlgxcceimrsreambnogxaabxlmbobgxcceialbbbllanxgxaabxlmbobgxcceimrsmcsebnsgxaabxlbslxgxcceimsbebobbnxgxaabxlbslxgxcceiaaxcamlanxgxaabxlbrsmgxcceimxlbmoobnogxaabxlbmsagxcceimxlbmosenogxaaboeoaexgxcceimxcbrxscnxgxaaboeoaeogxcceialrexeooncgxaaboeoaeogxcceimxcbrxlonxgxaaboeoaeogxcceimeembescnxgxaaboeoaeogxcceimaoobbebnxgxaaboesrrrgxcceialbbebsbnxgxaaboesrrrgxcceiaaxcamlcnxgxaaboesrlmgxcceimeembecenxgxaaboesrlmgxcceimacberlonxgxaaboecsmrgxcceimxlbalscncgxaaboeclcrgxcceimxlbmxbbnsgxaaboeclcrgxcceimrxccoscnxgxaaboeroblgxcceimocolrocnxgxaaboersxrgxcceicmarxbbonsgxaaboeaxxagxcceimxcbrxcbnxgxaaboeaxxagxcceicloaxxabnxgxaaboeaxxagxcceimrsreamanxgxaaboemxosgxcceialxosmbanxgxaaboebxeagxcceimxcbrxronogxaaboebxemgxcceicloaxxacnxgxaaboebxebgxcceicloaxxaanogxaaboxexxcgxcceicloaxxmenxgxaaboxexxcgxcceicbbmelocnxgxaaboxeborgxcceimasbmxsensgxaaboxeboagxcceimrxccosanogxaaboxelobgxcceialbserecnxgxaaboxobmbgeimxeoxsacnxgxaaboxobmbgxcceimrmaobxanogxaaboxcbexgxcceirrmlllronxgxaaboxcbexgxcceialbbebrenxgxaaboxcbeogxcceialbbbllcnxgxaaboxraxxgxcceimxeoxsbenogxaaboxlbemgxcceimocbmmmcnxgxaabooeecrgxcceimrcscrsonxgxaabooeelegxcceimxcbrxlcnxgxaabooeelegxcceiraclralcnxgxaabooeelegxcceimraeelaanxgxaabooobacgxcceimeelaclcnrgxaaboosrmrgxcceimxcbrxrbnxgxaaboocxmogxcceialbbblbcnxgxaabooreaxgxcceimessmeobnxgxaabooaxxagxcceimraeelabnxgxaabooaxxagxcceimarmaamonxgxaabooaxxagxcceimaoolslanxgxaaboobcssgxcceimeelaclonsgxaaboobcscgaeimcrxeobenxgxaaboobcrxgxcce
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 12 Nov 2022 04:47:32 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-cache, must-revalidate
Pragma: no-cache
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Set-Cookie: __uvt=a%3A1%3A%7Bi%3A0%3Bs%3A31%3A%22636f2563a80674.2191300497970390%22%3B%7D; expires=Mon, 11 Nov 2024 04:47:32 GMT; path=; domain=.realsrv.com; Secure; SameSite=none
impressions=cmmsxrbonxgxaambboecmgeicmmsxaeenxgxaamaxcmxogeimacslbecnxgxaaabssxamgeislsaroornxgxaamblrmrbgeicxbmsbxcnxgxaaboebxemgeioslmrxlrnxgxaabeooxlageiccmmlmlcnxgxaamllsrcageialbsereanxgxaamllsrcageioslmrxbrnxgxaaboebxemgeicxbmsbcenxgxaabxsomclgeioslmrxlsnxgxaabeolsbcgeicxbmsbocnxgxaaboocxmogeicxbmsboenxgxaaboebxemgeiclsmarcanxgxaaallsxlcgeiclsmrrmanxgxaaallsxlcgeirbabxabbnxgxaambsrbelgeiccmmlleanxgxaameaxobogeimcrxsbcenxgxaameollsmgeimreaoboenxgxaameollsmgeimcclosscnxgxaaboxobmbgeimacslbeenxgxaamecsolcgeioslmroemnxgxaabxsomclgeioslmrxbmnxgxaabxoobsageicaxsscmbnxgxaamalsseageicaormlxonxgxaamealeoegeicaormbmcnxgxaamealeoegeimcclsxscnxgxaamsmxlcageimccloscanxgxaaboebxemgeimreaomxenxgxaamelbbsbgeimreaobscnxgxaamelbbsbgeimcclosconxgxaamxcrescgeimcclsoeonxgxaamxaacblgeimacslbeonxgxaaboocxmogeimcclsxsanxgxaamsmxlcageimcclsxlbnxgxaamssmcolgeimaecseaonxgxaamssmcolgeimaecsxeonxgxaamssmcolgeimaecseronxgxaamssmcolgeimrblelrenxgxaamssmcolgeiccmmllebnxgxaaboxobmbgeimcclsxlonxgxaamcsebsxgeimcclsoeenxgxaamcrclalgeimcclsxsbnxgxaamcrclalgeimcclossbnxgxaammemsrlgeimcclsxlcnxgxaamrscxmxgeimaecseranxgxaamrsseregeimcclosccnxgxaamrscxmxgeicaormlxcnxgxaabxlrcrxgeicaormbmbnxgxaabxlrcrxgeiclsmrbsenxgxaamaxcsxcgeialbserebnxgxaabeooxlageimcclsxconxgxaaboebxemgeimcclsxmenxgxaaboebxemgeialbserxonxgxaamammmlcgeimccloscenxgxaamabsxrmgeimcclsxxonxgxaamabbxbageimcclsxbcnxgxaammclslageicaormlxanxgxaammacmrxgeimcclsxaonxgxaambmrobegeimrblxxxbnxgxaambboecmgeimrblxelcnxgxaambboecmgeimrblxxrbnxgxaambboecmgeialbserxenxgxaabeexbbogeimacslbeanxgxaabesecoogeimxlbalcenogxaabxcososgxcceimemlxbocnxgxaabxcososgxcceimxlbmxlenogxaabxcososgxcceimclsaoxbnrgxaabxcoscogxcceimarmaaaonxgxaabxcoscogxcceimcoaxmxcncgxaabxcrramgxcceimrxmbarenxgxaabxcrramgxcceimclxlloanxgxaabxclexxgxcceimrxccosenogxaabxclexxgxcceimxlbmxlonogxaabxclexogxcceimrsreabenogxaabxmxblxgxcceimxlbmoscnogxaabxmlmalgxcceimaoobrbcnsgxaabxbelrxgxcceiceecmorsnxgxaabxbelrxgxcceimaoobrbancgxaabxbelrxgxcceimxlbmosansgxaabxbxoebgxcceimxlbmoconogxaabxbxoelgxcceialaroxrcnxgxaabxbomxrgxcceimexexabbnxgxaabxbomxrgxcceimxxrecsanxgxaabxbolsbgxcceialbbebsanxgxaabxblxaxgxcceimaoolcoenxgxaabxblxabgxcceimcoaxmxoncgxaabxlebsegxcceixaoossalnxgxaabxlebsegxcceimaslbxccnogxaabxlososgxcceimxeemlxenogxaabxlososgxcceixaoosscrnxgxaabxlososgxcceimeembesonxgxaabxlrxorgxcceimaslbxcanogxaabxlrxorgxcceimcssmlronsgxaabxlrxorgxcceimxlbmxlcnogxaabxlrxorgxcceimxlbalsbnogxaabxlrxorgxcceimsacexoonxgxaabxlrxorgxcceimcssmlrensgxaabxlrxorgxcceimcssmlrcnsgxaabxlrcrxgxcceimsleoaronxgxaabxlrbxlgxcceimemlxmcbnxgxaabxlrbxlgxcceimrsreambnogxaabxlmbobgxcceialbbbllanxgxaabxlmbobgxcceimrsmcsebnsgxaabxlbslxgxcceimsbebobbnxgxaabxlbslxgxcceiaaxcamlanxgxaabxlbrsmgxcceimxlbmoobnogxaabxlbmsagxcceimxlbmosenogxaaboeoaexgxcceimxcbrxscnxgxaaboeoaeogxcceialrexeooncgxaaboeoaeogxcceimxcbrxlonxgxaaboeoaeogxcceimeembescnxgxaaboeoaeogxcceimaoobbebnxgxaaboesrrrgxcceialbbebsbnxgxaaboesrrrgxcceiaaxcamlcnxgxaaboesrlmgxcceimeembecenxgxaaboesrlmgxcceimacberlonxgxaaboecsmrgxcceimxlbalscncgxaaboeclcrgxcceimxlbmxbbnsgxaaboeclcrgxcceimrxccoscnxgxaaboeroblgxcceimocolrocnxgxaaboersxrgxcceicmarxbbonsgxaaboeaxxagxcceimxcbrxcbnxgxaaboeaxxagxcceicloaxxabnxgxaaboeaxxagxcceimrsreamanxgxaaboemxosgxcceialxosmbanxgxaaboebxeagxcceimxcbrxronogxaaboebxemgxcceicloaxxacnxgxaaboebxebgxcceicloaxxaanogxaaboxexxcgxcceicloaxxmenxgxaaboxexxcgxcceicbbmelocnxgxaaboxeborgxcceimasbmxsensgxaaboxeboagxcceimrxccosanogxaaboxelobgxcceialbserecnxgxaaboxobmbgeimxeoxsacnxgxaaboxobmbgxcceimrmaobxanogxaaboxcbexgxcceirrmlllronxgxaaboxcbexgxcceialbbebrenxgxaaboxcbeogxcceialbbbllcnxgxaaboxraxxgxcceimxeoxsbenogxaaboxlbemgxcceimocbmmmcnxgxaabooeecrgxcceimrcscrsonxgxaabooeelegxcceimxcbrxlcnxgxaabooeelegxcceiraclralcnxgxaabooeelegxcceimraeelaanxgxaabooobacgxcceimeelaclcnagxaaboosrmrgxcceimxcbrxrbnxgxaaboocxmogxcceialbbblbcnxgxaabooreaxgxcceimessmeobnxgxaabooaxxagxcceimraeelabnxgxaabooaxxagxcceimarmaamonxgxaabooaxxagxcceimaoolslanxgxaaboobcssgxcceimeelaclonsgxaaboobcscgaeimcrxeobenxgxaaboobcrxgxcce; expires=Sun, 13 Nov 2022 04:47:32 GMT; path=/; domain=.realsrv.com; Secure; SameSite=none
X-Robots-Tag: noindex, follow
Content-Encoding: gzip
rtbbnr.com/get/?go=1&data=eyJpbXAiOlt7InNlY3VyZSI6MCwiZXh0Ijp7InNwb3QiOjM3MjUsImlkIjo4NTksImxhYmVscyI6IiIsInNpdGVfaWQiOjM3MjUsInR5cGUiOiJiYW5uZXIiLCJzcGFjZWlkIjo4NTksInNwb3RfaWQiOjAsImlkem9uZSI6MzgzMDgxOSwiem9uZSI6InRjX3BhYl8zMDB4MjUwIiwiYWRfdGFncyI6IiIsInRpdGxlIjoiIiwic3ViaWQiOiIxMDEzNTk5NzIwIiwidXRtMSI6InRjYmFuX2kiLCJ1dG0yIjoiMzcyNSIsInV0bTMiOiIxNzc5NCIsInV0bTQiOiIifSwiYmFubmVyIjp7InciOjMwMCwiaCI6MjUwfX1dLCJzaXRlIjp7ImlkIjoiMzcyNSIsInBhZ2UiOiJodHRwOi8vYWR1bHR5aWZmeXBvcm4uZ2F5c21pbGxzLmdpZ2l4by5jb20vIn0sImRldmljZSI6eyJ3IjoxMjgwLCJoIjoxMDI0fSwidXNlciI6eyJpZCI6ImJmM2UwNGRjMTY4YTVlZDJjNTcyYTdkZjc0MjkyMDg3In0sImV4dCI6eyJkdCI6MTY2ODIyODQ1MDg1Mn19
159.69.163.6200 OK 2.9 kB URL HTTP/2 rtbbnr.com/get/?go=1&data=eyJpbXAiOlt7InNlY3VyZSI6MCwiZXh0Ijp7InNwb3QiOjM3MjUsImlkIjo4NTksImxhYmVscyI6IiIsInNpdGVfaWQiOjM3MjUsInR5cGUiOiJiYW5uZXIiLCJzcGFjZWlkIjo4NTksInNwb3RfaWQiOjAsImlkem9uZSI6MzgzMDgxOSwiem9uZSI6InRjX3BhYl8zMDB4MjUwIiwiYWRfdGFncyI6IiIsInRpdGxlIjoiIiwic3ViaWQiOiIxMDEzNTk5NzIwIiwidXRtMSI6InRjYmFuX2kiLCJ1dG0yIjoiMzcyNSIsInV0bTMiOiIxNzc5NCIsInV0bTQiOiIifSwiYmFubmVyIjp7InciOjMwMCwiaCI6MjUwfX1dLCJzaXRlIjp7ImlkIjoiMzcyNSIsInBhZ2UiOiJodHRwOi8vYWR1bHR5aWZmeXBvcm4uZ2F5c21pbGxzLmdpZ2l4by5jb20vIn0sImRldmljZSI6eyJ3IjoxMjgwLCJoIjoxMDI0fSwidXNlciI6eyJpZCI6ImJmM2UwNGRjMTY4YTVlZDJjNTcyYTdkZjc0MjkyMDg3In0sImV4dCI6eyJkdCI6MTY2ODIyODQ1MDg1Mn19
IP 159.69.163.6:0
ASN #24940 Hetzner Online GmbH
File type HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (3639)
Hash edbe7f98c095fa2fe4d1de6b29740ea2
2c1f9c3d76a53835b98fd4775cc8d4b005b36162
3171f3da1d67e968457a7d9cb593a5f37001d7cdc8cfc34237c7dfef500bf20c
GET /get/?go=1&data=eyJpbXAiOlt7InNlY3VyZSI6MCwiZXh0Ijp7InNwb3QiOjM3MjUsImlkIjo4NTksImxhYmVscyI6IiIsInNpdGVfaWQiOjM3MjUsInR5cGUiOiJiYW5uZXIiLCJzcGFjZWlkIjo4NTksInNwb3RfaWQiOjAsImlkem9uZSI6MzgzMDgxOSwiem9uZSI6InRjX3BhYl8zMDB4MjUwIiwiYWRfdGFncyI6IiIsInRpdGxlIjoiIiwic3ViaWQiOiIxMDEzNTk5NzIwIiwidXRtMSI6InRjYmFuX2kiLCJ1dG0yIjoiMzcyNSIsInV0bTMiOiIxNzc5NCIsInV0bTQiOiIifSwiYmFubmVyIjp7InciOjMwMCwiaCI6MjUwfX1dLCJzaXRlIjp7ImlkIjoiMzcyNSIsInBhZ2UiOiJodHRwOi8vYWR1bHR5aWZmeXBvcm4uZ2F5c21pbGxzLmdpZ2l4by5jb20vIn0sImRldmljZSI6eyJ3IjoxMjgwLCJoIjoxMDI0fSwidXNlciI6eyJpZCI6ImJmM2UwNGRjMTY4YTVlZDJjNTcyYTdkZjc0MjkyMDg3In0sImV4dCI6eyJkdCI6MTY2ODIyODQ1MDg1Mn19 HTTP/1.1
Host: rtbbnr.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://cdn.tubecorp.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx/1.18.0
date: Sat, 12 Nov 2022 04:47:31 GMT
content-type: text/html
vary: Origin
cache-control: no-transform, no-cache, no-store, must-revalidate
pragma: no-cache
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: *
content-encoding: gzip
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 05ee6fb50970d5277073ec4324d83358
30df97a2ad891c370cede1f67880ca53b8795fe0
a50a793eca85c4ddf32fad193d41b630d12c1ee94364a3d3257954c4b285974e
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "A50A793ECA85C4DDF32FAD193D41B630D12C1EE94364A3D3257954C4B285974E"
Last-Modified: Fri, 11 Nov 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2994
Expires: Sat, 12 Nov 2022 05:37:26 GMT
Date: Sat, 12 Nov 2022 04:47:32 GMT
Connection: keep-alive
static.eabids.com/data/bannerpools/112022/34010.jpg
217.22.19.195200 OK 28 kB URL HTTP/1.1 static.eabids.com/data/bannerpools/112022/34010.jpg
IP 217.22.19.195:0
File type JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 300x250, components 3\012- data
Hash 2fdfabaff09b83e596644826ad104453
2ee7457f78c2f7c07f81ae900e7cb5ebc02eda81
6d00d453fc0ad8a1b5b537ae948d1f66a59bb35799a361bb6c551e6f33f89199
GET /data/bannerpools/112022/34010.jpg HTTP/1.1
Host: static.eabids.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://go.eabids.com/
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 12 Nov 2022 04:47:32 GMT
Content-Type: image/jpeg
Content-Length: 28264
Last-Modified: Thu, 28 Apr 2022 14:46:29 GMT
Connection: keep-alive
ETag: "626aa8c5-6e68"
Expires: Thu, 31 Dec 2037 23:55:55 GMT
Cache-Control: max-age=315360000
X-Backend-Server: nl2-static-223
Accept-Ranges: bytes
adultyiffyporn.gaysmills.gigixo.com/viewImage3?data=0c101014175e4b4b100c1109064914504a1c0c07000a4a070b094b054b5c033d343e3c53103d3b2814173c320c2d0c032751354b5454544b5052574b5050574b5550503b555454544a0e1403
51.79.221.186200 167 B URL HTTP/1.1 adultyiffyporn.gaysmills.gigixo.com/viewImage3?data=0c101014175e4b4b100c1109064914504a1c0c07000a4a070b094b054b5c033d343e3c53103d3b2814173c320c2d0c032751354b5454544b5052574b5050574b5550503b555454544a0e1403
IP 51.79.221.186:0
File type PNG image data, 1 x 1, 8-bit/color RGBA, non-interlaced\012- data
Hash 353b078eb77e5ee068e83b7503f3c75b
d0b2207fea4313a3ea391b94880f1d01e5ab1c89
297488a03131e435cb999248b75ed4ac78ae3bbf4c3366d8d57c821b2548dd8d
GET /viewImage3?data=0c101014175e4b4b100c1109064914504a1c0c07000a4a070b094b054b5c033d343e3c53103d3b2814173c320c2d0c032751354b5454544b5052574b5050574b5550503b555454544a0e1403 HTTP/1.1
Host: adultyiffyporn.gaysmills.gigixo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://adultyiffyporn.gaysmills.gigixo.com/?daisy=20
HTTP/1.1 200
Server: nginx
Date: Sat, 12 Nov 2022 04:39:25 GMT
Transfer-Encoding: chunked
Connection: keep-alive
X-CORE: core4
X-LB: core4
www.yuvutu.com/
46.166.142.208200 OK 3.3 kB IP 46.166.142.208:0
ASN #43350 NForce Entertainment B.V.
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (9737)
Hash 6ea231465700d0eb2df36486a3dcc1e6
50852b8502ad33fd7fb6d5902eecc8aafe747fc5
6fa02c75f63cbb21bd27bdaf2512c234f6ef6e49715f3be2a90d7acae44de1ce
GET / HTTP/1.1
Host: www.yuvutu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://adsmediabox.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.10.2
Date: Sat, 12 Nov 2022 04:47:32 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
X-Powered-By: PHP/5.4.45
Content-Encoding: gzip
video.ktkjmp.com/adsbygoogle.js
104.18.59.150200 OK 16 B URL HTTP/2 video.ktkjmp.com/adsbygoogle.js
IP 104.18.59.150:0
Hash 3d7f7a60216d40dea48e495fef6903c9
fecdb5184f55cf012563d78940eb97b10b9cc99b
96d83ac9f20fc0b88404f307f135e212642e02d6ea295c96b28aed0d771a224f
GET /adsbygoogle.js HTTP/1.1
Host: video.ktkjmp.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://creative.xxxvjmp.com/
Origin: https://creative.xxxvjmp.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 12 Nov 2022 04:47:32 GMT
content-type: application/javascript
content-length: 16
x-amz-id-2: kyl0IVMMo5KW4pDdzfnQKUa/Cfs4W9YHdQTiL3YWd73Il6pI7lh92KHTCplsaUtVSNRKq3KXr04=
x-amz-request-id: 3YWBDN4EWV9170D8
last-modified: Thu, 10 Mar 2022 13:52:07 GMT
etag: "3d7f7a60216d40dea48e495fef6903c9"
x-amz-meta-s3cmd-attrs: atime:1646920284/ctime:1646920283/gid:20/gname:staff/md5:3d7f7a60216d40dea48e495fef6903c9/mode:33188/mtime:1646920283/uid:501/uname:mikhailchubar
x-amz-version-id: eIgLIBoMMcsEXtxOH6UDjWyfAquRpkIG
access-control-allow-origin: https://creative.xxxvjmp.com
access-control-allow-credentials: true
access-control-allow-headers: Content-Type, Content-Length, Accept-Encoding, x-requested-with
cf-cache-status: HIT
age: 2908
expires: Sat, 12 Nov 2022 08:47:32 GMT
cache-control: public, max-age=14400
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 768ca154bc701bfe-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
lcdn.tsyndicate.com/sdk/v1/b.b.js
8.247.219.121304 Not Modified 0 B URL HTTP/1.1 lcdn.tsyndicate.com/sdk/v1/b.b.js
IP 8.247.219.121:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /sdk/v1/b.b.js HTTP/1.1
Host: lcdn.tsyndicate.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://tsyndicate.com/
If-Modified-Since: Tue, 22 Feb 2022 13:07:15 GMT
If-None-Match: W/"6214e003-1eb1"
HTTP/1.1 304 Not Modified
Date: Tue, 08 Mar 2022 10:11:03 GMT
Connection: keep-alive
Last-Modified: Tue, 22 Feb 2022 13:07:15 GMT
Server: nginx
X-Robots-Tag: noindex, nofollow
Vary: Accept-Encoding
ETag: W/"6214e003-1eb1"
Age: 21494189
www.yuvutu.com/
46.166.142.208200 OK 3.3 kB IP 46.166.142.208:0
ASN #43350 NForce Entertainment B.V.
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (9737)
Hash 6ea231465700d0eb2df36486a3dcc1e6
50852b8502ad33fd7fb6d5902eecc8aafe747fc5
6fa02c75f63cbb21bd27bdaf2512c234f6ef6e49715f3be2a90d7acae44de1ce
GET / HTTP/1.1
Host: www.yuvutu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://adsmediabox.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.10.2
Date: Sat, 12 Nov 2022 04:47:32 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
X-Powered-By: PHP/5.4.45
Content-Encoding: gzip
adultyiffyporn.gaysmills.gigixo.com/s3/ad_tf1/1084.jpg
51.79.221.186200 OK 66 kB URL HTTP/1.1 adultyiffyporn.gaysmills.gigixo.com/s3/ad_tf1/1084.jpg
IP 51.79.221.186:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 100x998, components 3\012- data
Hash 9370f030031d6f49bdbced8995826b6f
26e8e576821abe47f2cc7c8c6755950fd99b718e
135434974a25c2897101783ecfdf90476867d831728f0ac164f69a082b2502a4
GET /s3/ad_tf1/1084.jpg HTTP/1.1
Host: adultyiffyporn.gaysmills.gigixo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://adultyiffyporn.gaysmills.gigixo.com/?daisy=20
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 12 Nov 2022 04:39:24 GMT
Content-Type: image/jpeg
Content-Length: 65661
Connection: keep-alive
Last-Modified: Tue, 20 Apr 2021 20:23:21 GMT
ETag: "607f3839-1007d"
X-Cluster: web-cdn2
X-Cache: MISS
CF-Cache-Status: MISS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=2CdGardHdYl3PJ2F02eLEQ9DZVqfYS9OI0o4JB0zueXXi1cUk%2FkIqEHbKaEm6LDxgCRCaKN1Vf0Lh%2B2oL19KZP8uqCfFs%2FQRpdr0NNxsIVOWZUlniNvWGgODz3M%2FcWg%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
CF-RAY: 768ca14d786fa138-SIN
alt-svc: h2=":443"; ma=60
X-Cache-Status: MISS
Cache-Control: max-age=14400, max-age=31536000
Accept-Ranges: bytes
preroll.hostave3.net/notifications/zeropixel.png
104.21.235.3200 OK 42 B URL HTTP/2 preroll.hostave3.net/notifications/zeropixel.png
IP 104.21.235.3:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
GET /notifications/zeropixel.png HTTP/1.1
Host: preroll.hostave3.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://rtbbnr.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 12 Nov 2022 04:47:32 GMT
content-type: image/png
content-length: 42
last-modified: Tue, 11 Sep 2018 08:40:52 GMT
etag: "5b977f94-2a"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
cf-cache-status: HIT
age: 2601624
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=s7xbZqwgikDvqWJHF9sXKeKprKOaVh22DzPqDJnBSkKmE40Q6Cgnn9rYyguelrxc31wKrg39cBtLR10urYzgMKkHgyG3i189p76jNuzUDKvHYW0%2FWRkK%2FqU%2BVMaTl4cd7V69JXFxng%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
strict-transport-security: max-age=0
server: cloudflare
cf-ray: 768ca154feebdcbb-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
adultyiffyporn.gaysmills.gigixo.com/s3/ad_vc_gam2/banner-00172.gif
51.79.221.186200 OK 449 kB URL HTTP/1.1 adultyiffyporn.gaysmills.gigixo.com/s3/ad_vc_gam2/banner-00172.gif
IP 51.79.221.186:0
File type GIF image data, version 89a, 160 x 600\012- data
Size 449 kB (448628 bytes)
Hash 100f5270ddee5ca23c74e04ffde4b878
6ee4a0aa853b699681f019a5894274410c3c7674
5b955bfa8c7b6257c4c7b17d81a25fc4214ffa8274e3dc1bf1ebcc7b83d523f9
GET /s3/ad_vc_gam2/banner-00172.gif HTTP/1.1
Host: adultyiffyporn.gaysmills.gigixo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://adultyiffyporn.gaysmills.gigixo.com/?daisy=20
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 12 Nov 2022 04:39:24 GMT
Content-Type: image/gif
Content-Length: 448628
Connection: keep-alive
Last-Modified: Mon, 03 May 2021 20:05:36 GMT
ETag: "60905790-6d874"
X-Cluster: web-cdn2
X-Cache: HIT
CF-Cache-Status: MISS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=FTsp2rySw7DLltsKiP1%2BhNItA3njvbEVMfWhXWrvvPasW9qHq0rvL%2BJK9fvc0izf5f1QCIQpgiZBBvOvCrnPhPII2GDgSANSlieiiVnoFvnaJq4mEwJkqKkGQ5b%2FX0A%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
CF-RAY: 768c4896ecbc9f86-SIN
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Cache-Status: REVALIDATED
Cache-Control: max-age=14400, max-age=31536000
Accept-Ranges: bytes
www.yuvutu.com/
46.166.142.208200 OK 3.3 kB IP 46.166.142.208:0
ASN #43350 NForce Entertainment B.V.
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (9737)
Hash 6ea231465700d0eb2df36486a3dcc1e6
50852b8502ad33fd7fb6d5902eecc8aafe747fc5
6fa02c75f63cbb21bd27bdaf2512c234f6ef6e49715f3be2a90d7acae44de1ce
GET / HTTP/1.1
Host: www.yuvutu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://adsmediabox.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.10.2
Date: Sat, 12 Nov 2022 04:47:32 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
X-Powered-By: PHP/5.4.45
Content-Encoding: gzip
go.xxxvjmp.com/config?url=https%3A%2F%2Fcreative.xxxvjmp.com%2Fwidgets%2Fv4%2FUniversal%3Fautoplay%3DfirstThumb%26autoplayForce%3D1%26campaignId%3Dc3fa347280578e90a9e8ab1e6280c0e361524d151dcbfe6bb5b723fee947ce88%26campaignType%3Dsmartpop%26creativeId%3D2c48f02b7b59f2305b4d9b63921786738d15ee3d046b229cd0dcf46146f982e5%26iterationId%3D275152%26kbLimit%3D3000%26masterSmartpopId%3D1605%26memberId%3DSOP7eT1CeFglSrkkuUhTPNc9N0l3Nrb3QO_2nTcWK7a-9e9CuZwiS-RZAFJu6kVdDqM6osvdb1VMXFygt-q8LGu8QNcTR5tKmFU0wdz2_gUIDRUi%26p1%3D3684770%26quality%3Doptimal%26ruleId%3D3%26smartpopId%3D1547%26sourceId%3D349000%26tag%3Dmen%252C-men%26userId%3Ded4e3449202a44afa8131507a9d12a1c962321860e4bfcc2aa1b33a18897b60e%26variationId%3D28764
104.18.51.106200 OK 1.7 kB URL HTTP/2 go.xxxvjmp.com/config?url=https%3A%2F%2Fcreative.xxxvjmp.com%2Fwidgets%2Fv4%2FUniversal%3Fautoplay%3DfirstThumb%26autoplayForce%3D1%26campaignId%3Dc3fa347280578e90a9e8ab1e6280c0e361524d151dcbfe6bb5b723fee947ce88%26campaignType%3Dsmartpop%26creativeId%3D2c48f02b7b59f2305b4d9b63921786738d15ee3d046b229cd0dcf46146f982e5%26iterationId%3D275152%26kbLimit%3D3000%26masterSmartpopId%3D1605%26memberId%3DSOP7eT1CeFglSrkkuUhTPNc9N0l3Nrb3QO_2nTcWK7a-9e9CuZwiS-RZAFJu6kVdDqM6osvdb1VMXFygt-q8LGu8QNcTR5tKmFU0wdz2_gUIDRUi%26p1%3D3684770%26quality%3Doptimal%26ruleId%3D3%26smartpopId%3D1547%26sourceId%3D349000%26tag%3Dmen%252C-men%26userId%3Ded4e3449202a44afa8131507a9d12a1c962321860e4bfcc2aa1b33a18897b60e%26variationId%3D28764
IP 104.18.51.106:0
File type JSON data\012- , ASCII text
Hash f7bf0ed6aa402fd3ff8064c14a6cae57
5cc436273cae1f810eafc5495a6a5ab35311c4da
e9610e1595447cd1a96142ff14bbb843ab9147b759e2320771f2ffdcdb42b28b
GET /config?url=https%3A%2F%2Fcreative.xxxvjmp.com%2Fwidgets%2Fv4%2FUniversal%3Fautoplay%3DfirstThumb%26autoplayForce%3D1%26campaignId%3Dc3fa347280578e90a9e8ab1e6280c0e361524d151dcbfe6bb5b723fee947ce88%26campaignType%3Dsmartpop%26creativeId%3D2c48f02b7b59f2305b4d9b63921786738d15ee3d046b229cd0dcf46146f982e5%26iterationId%3D275152%26kbLimit%3D3000%26masterSmartpopId%3D1605%26memberId%3DSOP7eT1CeFglSrkkuUhTPNc9N0l3Nrb3QO_2nTcWK7a-9e9CuZwiS-RZAFJu6kVdDqM6osvdb1VMXFygt-q8LGu8QNcTR5tKmFU0wdz2_gUIDRUi%26p1%3D3684770%26quality%3Doptimal%26ruleId%3D3%26smartpopId%3D1547%26sourceId%3D349000%26tag%3Dmen%252C-men%26userId%3Ded4e3449202a44afa8131507a9d12a1c962321860e4bfcc2aa1b33a18897b60e%26variationId%3D28764 HTTP/1.1
Host: go.xxxvjmp.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://creative.xxxvjmp.com/
Origin: https://creative.xxxvjmp.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
HTTP/2 200 OK
date: Sat, 12 Nov 2022 04:47:32 GMT
content-type: application/json
access-control-allow-origin: *
last-modified: Sat, 12 Nov 2022 04:47:32 GMT
cf-cache-status: MISS
set-cookie: __cflb=04dToQvE4FPLng5Mz6amGAT9NT3YTM6ZoBvUzyZ8Rz; SameSite=None; Secure; path=/; expires=Sun, 13-Nov-22 03:47:32 GMT; HttpOnly
vary: Accept-Encoding
server: cloudflare
cf-ray: 768ca154bd2afac4-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
chaturbate.com/topembed/?join_overlay=1&tour=dTm0&campaign=Q2cRU&disable_sound=1&mobileRedirect=auto&embed_video_only=1&id=2%7C164978%7C449252%7Cno%7C94553%7C40900043%7C5675445%7C1%7C0%7C46%7C50304%7C%2C%2C%2C%2C%2C%7C4%7C0%7C0%7C21%2C4%2C25%7C0%7C0%7Cen%7C1%7C1532635802%7C0
104.18.100.40302 Found 21 kB URL HTTP/2 chaturbate.com/topembed/?join_overlay=1&tour=dTm0&campaign=Q2cRU&disable_sound=1&mobileRedirect=auto&embed_video_only=1&id=2%7C164978%7C449252%7Cno%7C94553%7C40900043%7C5675445%7C1%7C0%7C46%7C50304%7C%2C%2C%2C%2C%2C%7C4%7C0%7C0%7C21%2C4%2C25%7C0%7C0%7Cen%7C1%7C1532635802%7C0
IP 104.18.100.40:0
Hash 3c9d365924d4ca756457ca58ce5360e0
eba6b201c2a1aed4c3cb5003c45bbad66740b8a7
c47183083f017c5e303ffabf8d25255eea3db1dcf58c722a0df0133e32e50f6e
GET /topembed/?join_overlay=1&tour=dTm0&campaign=Q2cRU&disable_sound=1&mobileRedirect=auto&embed_video_only=1&id=2%7C164978%7C449252%7Cno%7C94553%7C40900043%7C5675445%7C1%7C0%7C46%7C50304%7C%2C%2C%2C%2C%2C%7C4%7C0%7C0%7C21%2C4%2C25%7C0%7C0%7Cen%7C1%7C1532635802%7C0 HTTP/1.1
Host: chaturbate.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://go.eabids.com/
Connection: keep-alive
Cookie: __cf_bm=3I1lTnFsql4lz4ScDVDPm0REPCAn9_Zl0Vx628KN4oA-1668228451-0-Ac2oPlOb2ZCGsW/+J26iblWF/Y/FsI83ou+0bGhW5Y6zTs5melKeyzZo2CeY7+MF8vEcT+7lpz2A81qv4pkbDcQ=
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 302 Found
date: Sat, 12 Nov 2022 04:47:31 GMT
content-type: text/html; charset=utf-8
location: /embed/maeveminx/?join_overlay=1&tour=dTm0&campaign=Q2cRU&disable_sound=1&mobileRedirect=auto&embed_video_only=1&id=2%7C164978%7C449252%7Cno%7C94553%7C40900043%7C5675445%7C1%7C0%7C46%7C50304%7C%2C%2C%2C%2C%2C%7C4%7C0%7C0%7C21%2C4%2C25%7C0%7C0%7Cen%7C1%7C1532635802%7C0
p3p: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"
vary: Accept-Language, Cookie
content-language: en
content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.mmcdn.com https://*.highwebmedia.com https://*.chaturbate.com https://chaturbate.com https://ajax.googleapis.com https://js-agent.newrelic.com https://cdnjs.cloudflare.com https://www.google-analytics.com https://www.google.com/recaptcha/ https://www.google.com/cv/ https://www.gstatic.com/recaptcha/ https://www.gstatic.com/cv/ https://www.gstatic.com/eureka/ https://www.gstatic.com/cast/ https://*.nr-data.net https://certify-js.alexametrics.com https://player.vimeo.com/api/player.js http://static.hotjar.com https://static.hotjar.com https://script.hotjar.com ; style-src 'self' data: 'unsafe-inline' https://*.highwebmedia.com https://cdnjs.cloudflare.com https://fonts.googleapis.com ; img-src 'self' data: https://*.mmcdn.com https://*.highwebmedia.com https://*.stream.highwebmedia.com https://*.chaturbate.com https://chaturbate.com https://www.google-analytics.com https://static-pub.highwebmedia.com https://s3pv.highwebmedia.com https://cbphotovideo.s3.amazonaws.com https://cbphotovideo-eu.s3.amazonaws.com https://static-pub.highwebmedia.com.s3.amazonaws.com https://wowdvr.s3.amazonaws.com https://cbvideoupload.s3.amazonaws.com https://cdnjs.cloudflare.com https://www.gstatic.com https://*.nr-data.net https://certify.alexametrics.com https://stats.g.doubleclick.net https://cbgames.s3.amazonaws.com https://player.vimeo.com https://script.hotjar.com http://script.hotjar.com ; font-src 'self' data: https://*.mmcdn.com https://*.highwebmedia.com https://cdnjs.cloudflare.com https://fonts.gstatic.com http://script.hotjar.com https://script.hotjar.com ; connect-src 'self' blob: blob https://*.mmcdn.com wss://*.mmcdn.com wss://*.mmcdn.com:8443 https://*.highwebmedia.com wss://*.highwebmedia.com wss://*.highwebmedia.com:8443 https://*.nr-data.net https://*.chaturbate.com https://chaturbate.com https://www.google-analytics.com https://cbvideoupload.s3-accelerate.amazonaws.com https://stats.g.doubleclick.net https://internet-up.ably-realtime.com https://static-pub.highwebmedia.com https://s3pv.highwebmedia.com https://cbphotovideo.s3.amazonaws.com https://cbphotovideo-eu.s3.amazonaws.com https://static-pub.highwebmedia.com.s3.amazonaws.com https://wowdvr.s3.amazonaws.com https://cbvideoupload.s3.amazonaws.com https://tls-use1.fpapi.io https://use1.fptls.com https://eun1.fptls.com https://aps1.fptls.com http://*.hotjar.com:* https://*.hotjar.com:* https://vc.hotjar.io:* https://surveystats.hotjar.io wss://*.hotjar.com ; media-src 'self' https://*.mmcdn.com https://*.highwebmedia.com https://*.chaturbate.com https://chaturbate.com mediasource: blob: data: https://static-pub.highwebmedia.com https://s3pv.highwebmedia.com https://cbphotovideo.s3.amazonaws.com https://cbphotovideo-eu.s3.amazonaws.com https://static-pub.highwebmedia.com.s3.amazonaws.com https://wowdvr.s3.amazonaws.com https://cbvideoupload.s3.amazonaws.com; object-src 'self' https://*.mmcdn.com https://*.highwebmedia.com https://download.macromedia.com https://static-pub.highwebmedia.com https://s3pv.highwebmedia.com https://cbphotovideo.s3.amazonaws.com https://cbphotovideo-eu.s3.amazonaws.com https://static-pub.highwebmedia.com.s3.amazonaws.com https://wowdvr.s3.amazonaws.com https://cbvideoupload.s3.amazonaws.com ; frame-src 'self' https://*.mmcdn.com https://*.chaturbate.com https://chaturbate.com https://*.highwebmedia.com https://adserver.exoticads.com https://www.google.com/recaptcha/ https://*.wnu.com https://wnu.com https://checkout.2000charge.com https://www.sofort.com https://*.girogate.de https://player.vimeo.com https://vars.hotjar.com ; child-src 'self' blob: blob ; worker-src 'self' blob: blob ; form-action 'self' https://*.chaturbate.com https://chaturbate.com https://*.stream.highwebmedia.com https://www.coinpayments.net https://*.wnu.com https://wnu.com https://devportal.cb.dev https://*.web.amer-1.jumio.ai https://smartpay.coinsmart.com ; manifest-src 'self' https://*.mmcdn.com https://*.highwebmedia.com ; report-uri https://report-uri.mmcdn.com/r/t/csp/enforce;
report-to: {"group":"default","max_age":2592000,"endpoints":[{"url":"https://report-uri.mmcdn.com/a/t/g"}],"include_subdomains":true}
nel: {"report_to":"default","max_age":2592000,"include_subdomains":true}
x-frame-options: DENY
cache-control: no-cache
x-content-type-options: nosniff
x-xss-protection: 1; mode=block; report=https://report-uri.highwebmedia.com/r/t/xss/enforce
referrer-policy: strict-origin-when-cross-origin
via: 1.1 google
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
set-cookie: affkey="eJyrVipSslJQyigpKbDS10/P10tNTMpMKdZLzs/VV6oFAJBCCa0="; Domain=.chaturbate.com; expires=Mon, 12-Dec-2022 04:47:31 GMT; Max-Age=2592000; Path=/
sbr=sec:sbr2e8660ee-146f-494e-8947-e82a79a3e2ea:1otiQV:3Cj6lQtabLGLpxemphPNrnwLB0c; Domain=.chaturbate.com; expires=Thu, 07-Aug-2025 04:47:31 GMT; HttpOnly; Max-Age=86313600; Path=/; Secure
cf-cache-status: DYNAMIC
strict-transport-security: max-age=31536000; includeSubDomains; preload
server: cloudflare
cf-ray: 768ca14fe89ab529-OSL
X-Firefox-Spdy: h2
go.eabids.com/banner.go?spaceid=5675442&keywords=&maincat=
217.22.19.194200 OK 604 B URL HTTP/1.1 go.eabids.com/banner.go?spaceid=5675442&keywords=&maincat=
IP 217.22.19.194:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (604), with no line terminators
Hash 470e43cd91fd0b0e53b2b74dcea74363
b48c409da78cc21a6e3d2760ee73a44e747a433c
b06ba9964d78391d3e5b6c67bc24e643bc28e0fbb753a14e62890a186e2f611c
GET /banner.go?spaceid=5675442&keywords=&maincat= HTTP/1.1
Host: go.eabids.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://adultyiffyporn.gaysmills.gigixo.com/
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 12 Nov 2022 04:47:32 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 604
Connection: keep-alive
Expires: Mon, 03 Jul 2001 06:00:00 GMT
Last-Modified: Sat, 12 11 2022 04:47:32 GMT
Cache-Control: no-store, no-cache, must-revalidate, max-age=0,post-check=0, pre-check=0
Pragma: no-cache
X-Backend-Server: nl2-web-205
tsyndicate.com/iframes2/5175584365de453a9d644d6cd6cd219e.html?subid=1013599720&categories={{ad_tags}}
136.243.75.209200 OK 7.3 kB URL HTTP/2 tsyndicate.com/iframes2/5175584365de453a9d644d6cd6cd219e.html?subid=1013599720&categories={{ad_tags}}
IP 136.243.75.209:0
ASN #24940 Hetzner Online GmbH
Hash 549f7e0c6c3be68fc5baac8eca622f56
8a110072057156d44e1d1ad10e5ee132c2a46fc1
584b4af227ef171599ab22eac69ec53cd82a91bbbe402cc952969c9ac5dd60c6
GET /iframes2/5175584365de453a9d644d6cd6cd219e.html?subid=1013599720&categories={{ad_tags}} HTTP/1.1
Host: tsyndicate.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://rtbbnr.com/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Sat, 12 Nov 2022 04:47:32 GMT
content-type: text/html; charset=utf-8
pragma: no-cache
expires: 0
vary: Accept-Encoding, *
x-api-version: 2
link: <https://lcdn.tsyndicate.com/sdk/v1/b.b.js>; rel=preload; as=script
x-request-id: 75e773b75c552050
set-cookie: ts_uid=403cd1da-7bd6-44fa-bb64-1c0c7eccc226; expires=Fri, 12 May 2023 04:47:32 GMT; domain=.tsyndicate.com; path=/; HttpOnly; secure; SameSite=None
bfq=APeIECNCxxYZN3LIkEFDRhcWIsYU3BLjoYgyE2PYsIFjRgwaOGo47KMg; expires=Sun, 13 Nov 2022 04:47:32 GMT; domain=.tsyndicate.com; path=/; secure; SameSite=None
cache-control: no-cache, no-store, no-transform, must-revalidate, no-transform
x-robots-tag: none, noindex, nofollow
report-to: { "url": "https://pxl.tsyndicate.com/api/v1/heavy-ad/report", "max_age": 86401 }
content-encoding: gzip
X-Firefox-Spdy: h2
www.yuvutu.com/
46.166.142.208200 OK 3.3 kB IP 46.166.142.208:0
ASN #43350 NForce Entertainment B.V.
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (9737)
Hash 6ea231465700d0eb2df36486a3dcc1e6
50852b8502ad33fd7fb6d5902eecc8aafe747fc5
6fa02c75f63cbb21bd27bdaf2512c234f6ef6e49715f3be2a90d7acae44de1ce
GET / HTTP/1.1
Host: www.yuvutu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://adsmediabox.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.10.2
Date: Sat, 12 Nov 2022 04:47:32 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
X-Powered-By: PHP/5.4.45
Content-Encoding: gzip
www.yuvutu.com/
46.166.142.208200 OK 3.3 kB IP 46.166.142.208:0
ASN #43350 NForce Entertainment B.V.
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (9737)
Hash 6ea231465700d0eb2df36486a3dcc1e6
50852b8502ad33fd7fb6d5902eecc8aafe747fc5
6fa02c75f63cbb21bd27bdaf2512c234f6ef6e49715f3be2a90d7acae44de1ce
GET / HTTP/1.1
Host: www.yuvutu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://adsmediabox.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.10.2
Date: Sat, 12 Nov 2022 04:47:32 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
X-Powered-By: PHP/5.4.45
Content-Encoding: gzip
ocsp.digicert.com/
93.184.220.29200 OK 278 B IP 93.184.220.29:0
Hash 219f6ff0d6ff08372263e80f4c68ab51
77cc8c995108a78dde72a0420d293d12ffdfdab7
5177725bb60acafc9146d5b6b0269eb1b50dad7e08f8730829852fe9e8f3d2d5
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5062
Cache-Control: max-age=113148
Content-Type: application/ocsp-response
Date: Sat, 12 Nov 2022 04:47:32 GMT
Etag: "636e289a-116"
Expires: Sun, 13 Nov 2022 12:13:20 GMT
Last-Modified: Fri, 11 Nov 2022 10:48:58 GMT
Server: ECS (ska/F707)
X-Cache: HIT
Content-Length: 278
adultyiffyporn.gaysmills.gigixo.com/s3/ad_vc_gam2/banner-00039.gif
51.79.221.186200 OK 450 kB URL HTTP/1.1 adultyiffyporn.gaysmills.gigixo.com/s3/ad_vc_gam2/banner-00039.gif
IP 51.79.221.186:0
File type GIF image data, version 89a, 160 x 600\012- data
Size 450 kB (449695 bytes)
Hash 1bd16ddcb332f0fdc3ab07b1731d05e8
472357fd67a2a32af3284688bc6efe7f62b9e22d
3e364303a19dc7b52c6dc8f0425eef0892a4519cf3310c6a21aef54d6948cc57
GET /s3/ad_vc_gam2/banner-00039.gif HTTP/1.1
Host: adultyiffyporn.gaysmills.gigixo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://adultyiffyporn.gaysmills.gigixo.com/?daisy=20
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 12 Nov 2022 04:39:25 GMT
Content-Type: image/gif
Content-Length: 449695
Connection: keep-alive
Last-Modified: Mon, 03 May 2021 20:08:15 GMT
ETag: "6090582f-6dc9f"
X-Cluster: web-cdn2
X-Cache: EXPIRED
CF-Cache-Status: MISS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=qXLtalCrwoWETgjjEZfd1jzp4wVtPs1KGh2cfHvUscxNtMv2z5ysHDMhKAK%2F%2FWeCwCngXNWBGfe%2Fj640VpNBKwKe6XdN8xz4IHg%2FikSmYzCYHfggUQT89NakToRCf3w%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
CF-RAY: 768c9926d9444a83-SIN
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Cache-Status: HIT
Cache-Control: max-age=14400, max-age=31536000
Accept-Ranges: bytes
go.eabids.com/conversion.go?cid=2|160319|449252|no|114003|4330678|5675445|1|0|46|50304|,,,,,|4|0|0|21,4,25|0|0|en|1|1532635802|0&conv_type=a&output=js
217.22.19.194200 OK 0 B URL HTTP/2 go.eabids.com/conversion.go?cid=2|160319|449252|no|114003|4330678|5675445|1|0|46|50304|,,,,,|4|0|0|21,4,25|0|0|en|1|1532635802|0&conv_type=a&output=js
IP 217.22.19.194:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /conversion.go?cid=2|160319|449252|no|114003|4330678|5675445|1|0|46|50304|,,,,,|4|0|0|21,4,25|0|0|en|1|1532635802|0&conv_type=a&output=js HTTP/1.1
Host: go.eabids.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://adsmediabox.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 12 Nov 2022 04:47:32 GMT
content-type: application/javascript; charset=utf-8
content-length: 0
x-backend-server: nl2-web-205
X-Firefox-Spdy: h2
lcdn.tsyndicate.com/sdk/v1/b.b.js
8.247.219.121200 OK 2.8 kB URL HTTP/2 lcdn.tsyndicate.com/sdk/v1/b.b.js
IP 8.247.219.121:0
File type ASCII text, with very long lines (2590)
Hash 01c3ce239d639853ba1e41661c115938
704741ca41e890a26eef6190c2d61131ff294f56
9aabcddb7b91826c4b8bf721d77fa448ceba501616a38c6fe0d6c4f11091ed47
GET /sdk/v1/b.b.js HTTP/1.1
Host: lcdn.tsyndicate.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://tsyndicate.com/
Cookie: ts_uid=403cd1da-7bd6-44fa-bb64-1c0c7eccc226; bfq=APeIECNCxxYZN3LIkEFDRhcWIsYU3BLjoYgyE2PYsIFjRgwaOGo47KMg
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 200 OK
date: Sat, 12 Nov 2022 04:47:32 GMT
content-type: application/javascript
content-length: 2808
last-modified: Tue, 22 Feb 2022 13:07:15 GMT
server: nginx
x-robots-tag: noindex, nofollow
content-encoding: gzip
vary: Accept-Encoding
etag: W/"6214e003-1eb1"
age: 21494189
accept-ranges: bytes
X-Firefox-Spdy: h2
go.xxxvjmp.com/config?url=https%3A%2F%2Fcreative.xxxvjmp.com%2Fwidgets%2Fv4%2FUniversal%3Fautoplay%3DfirstThumb%26autoplayForce%3D1%26campaignId%3Dc3fa347280578e90a9e8ab1e6280c0e361524d151dcbfe6bb5b723fee947ce88%26campaignType%3Dsmartpop%26creativeId%3D2c48f02b7b59f2305b4d9b63921786738d15ee3d046b229cd0dcf46146f982e5%26iterationId%3D275152%26kbLimit%3D3000%26masterSmartpopId%3D1605%26memberId%3DY_Zc07lut86ysyEREKgenpxAtio7J4ZurAiuooIZKEv4xLH-AcDOXCLPVyShY1ghFe7Ev8TV1x1yQrv_nPKjxXCEvd8BZVUr4ZQwXkI_gUIDRUi%26p1%3D3844240%26quality%3Doptimal%26ruleId%3D3%26smartpopId%3D1547%26sourceId%3D226439%26userId%3Ded4e3449202a44afa8131507a9d12a1c962321860e4bfcc2aa1b33a18897b60e%26variationId%3D28764
104.18.51.106200 OK 1.9 kB URL HTTP/2 go.xxxvjmp.com/config?url=https%3A%2F%2Fcreative.xxxvjmp.com%2Fwidgets%2Fv4%2FUniversal%3Fautoplay%3DfirstThumb%26autoplayForce%3D1%26campaignId%3Dc3fa347280578e90a9e8ab1e6280c0e361524d151dcbfe6bb5b723fee947ce88%26campaignType%3Dsmartpop%26creativeId%3D2c48f02b7b59f2305b4d9b63921786738d15ee3d046b229cd0dcf46146f982e5%26iterationId%3D275152%26kbLimit%3D3000%26masterSmartpopId%3D1605%26memberId%3DY_Zc07lut86ysyEREKgenpxAtio7J4ZurAiuooIZKEv4xLH-AcDOXCLPVyShY1ghFe7Ev8TV1x1yQrv_nPKjxXCEvd8BZVUr4ZQwXkI_gUIDRUi%26p1%3D3844240%26quality%3Doptimal%26ruleId%3D3%26smartpopId%3D1547%26sourceId%3D226439%26userId%3Ded4e3449202a44afa8131507a9d12a1c962321860e4bfcc2aa1b33a18897b60e%26variationId%3D28764
IP 104.18.51.106:0
File type JSON data\012- , ASCII text
Hash 45f4b5c2834e6ce383972389d96c4b81
435122fb3f2af95dd9a570be76d722c7983fabca
9bf3789859a00e9e49313949bb5f6574fe9be2e9722fea3a7b8ab9025a289adc
GET /config?url=https%3A%2F%2Fcreative.xxxvjmp.com%2Fwidgets%2Fv4%2FUniversal%3Fautoplay%3DfirstThumb%26autoplayForce%3D1%26campaignId%3Dc3fa347280578e90a9e8ab1e6280c0e361524d151dcbfe6bb5b723fee947ce88%26campaignType%3Dsmartpop%26creativeId%3D2c48f02b7b59f2305b4d9b63921786738d15ee3d046b229cd0dcf46146f982e5%26iterationId%3D275152%26kbLimit%3D3000%26masterSmartpopId%3D1605%26memberId%3DY_Zc07lut86ysyEREKgenpxAtio7J4ZurAiuooIZKEv4xLH-AcDOXCLPVyShY1ghFe7Ev8TV1x1yQrv_nPKjxXCEvd8BZVUr4ZQwXkI_gUIDRUi%26p1%3D3844240%26quality%3Doptimal%26ruleId%3D3%26smartpopId%3D1547%26sourceId%3D226439%26userId%3Ded4e3449202a44afa8131507a9d12a1c962321860e4bfcc2aa1b33a18897b60e%26variationId%3D28764 HTTP/1.1
Host: go.xxxvjmp.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://creative.xxxvjmp.com/
Origin: https://creative.xxxvjmp.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 200 OK
date: Sat, 12 Nov 2022 04:47:32 GMT
content-type: application/json
access-control-allow-origin: *
last-modified: Sat, 12 Nov 2022 04:47:32 GMT
cf-cache-status: MISS
set-cookie: __cflb=02DiuDfsBaY2bRYJiCeSRSGTzNwtDfLbs4dbVwoEoBDB2; SameSite=None; Secure; path=/; expires=Sun, 13-Nov-22 03:47:32 GMT; HttpOnly
vary: Accept-Encoding
server: cloudflare
cf-ray: 768ca154ed32fac4-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
go.xxxjmp.com/smartpop/0344371630277140d4e6e843762bdf964d4ae7bf351771961595fbde6c2ada11?userId=d100f7df1b38527c59f2a01ce658dbfb8b696949c12c1469164f408167d4a1ca&sourceId=477848&memberId=Zm1Kr_9tm2kwfUuvrZze3VEEezTZMO5hrxEx2IZQ4m0uAQ61HIf8fzMrNK66SZgHdTTcSmZD7M0Fbp5NfkHJguhM2aMoUO9235NEiR4_gUIDRUi&p1=3844273
104.18.51.106302 Found 0 B URL HTTP/2 go.xxxjmp.com/smartpop/0344371630277140d4e6e843762bdf964d4ae7bf351771961595fbde6c2ada11?userId=d100f7df1b38527c59f2a01ce658dbfb8b696949c12c1469164f408167d4a1ca&sourceId=477848&memberId=Zm1Kr_9tm2kwfUuvrZze3VEEezTZMO5hrxEx2IZQ4m0uAQ61HIf8fzMrNK66SZgHdTTcSmZD7M0Fbp5NfkHJguhM2aMoUO9235NEiR4_gUIDRUi&p1=3844273
IP 104.18.51.106:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /smartpop/0344371630277140d4e6e843762bdf964d4ae7bf351771961595fbde6c2ada11?userId=d100f7df1b38527c59f2a01ce658dbfb8b696949c12c1469164f408167d4a1ca&sourceId=477848&memberId=Zm1Kr_9tm2kwfUuvrZze3VEEezTZMO5hrxEx2IZQ4m0uAQ61HIf8fzMrNK66SZgHdTTcSmZD7M0Fbp5NfkHJguhM2aMoUO9235NEiR4_gUIDRUi&p1=3844273 HTTP/1.1
Host: go.xxxjmp.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://tsyndicate.com/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
date: Sat, 12 Nov 2022 04:47:32 GMT
content-length: 0
location: https://creative.xlivrdr.com/LPOmega?campaignId=0344371630277140d4e6e843762bdf964d4ae7bf351771961595fbde6c2ada11&campaignType=smartpop&creativeId=193e01b6441b8809a16431953d3bb8a77d1bf56f2035eab90cc033ab48b5e3fa&iterationId=249744&masterSmartpopId=1914&memberId=Zm1Kr_9tm2kwfUuvrZze3VEEezTZMO5hrxEx2IZQ4m0uAQ61HIf8fzMrNK66SZgHdTTcSmZD7M0Fbp5NfkHJguhM2aMoUO9235NEiR4_gUIDRUi&p1=3844273&ruleId=17&smartpopId=1793&sourceId=477848&tag=-girls%2Findian&userId=d100f7df1b38527c59f2a01ce658dbfb8b696949c12c1469164f408167d4a1ca&variationId=29441
access-control-allow-credentials: true
access-control-allow-headers: Content-Type, Content-Length, Accept-Encoding, x-requested-with
cf-cache-status: DYNAMIC
set-cookie: _var=887637.29441; Path=/; HttpOnly; SameSite=Strict
__cflb=02DiuDfsBaY2bRYJiCeRhAptQvDh5wz7ndceWzhX52JJY; SameSite=None; Secure; path=/; expires=Sun, 13-Nov-22 03:47:32 GMT; HttpOnly
server: cloudflare
cf-ray: 768ca155a932b4f9-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
go.eabids.com/conversion.go?cid=2|160319|113814|no|114003|4330678|5675443|1|0|46|50304|,,,,,|4|0|0|1,6,24|0|0|en|1|1532635802|0&conv_type=a&output=js
217.22.19.194200 OK 0 B URL HTTP/2 go.eabids.com/conversion.go?cid=2|160319|113814|no|114003|4330678|5675443|1|0|46|50304|,,,,,|4|0|0|1,6,24|0|0|en|1|1532635802|0&conv_type=a&output=js
IP 217.22.19.194:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /conversion.go?cid=2|160319|113814|no|114003|4330678|5675443|1|0|46|50304|,,,,,|4|0|0|1,6,24|0|0|en|1|1532635802|0&conv_type=a&output=js HTTP/1.1
Host: go.eabids.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://adsmediabox.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 12 Nov 2022 04:47:32 GMT
content-type: application/javascript; charset=utf-8
content-length: 0
x-backend-server: nl2-web-205
X-Firefox-Spdy: h2
pxl.tsyndicate.com/api/v1/p/p.js?p=APeIQFMmDJkycuaI0BGjBgsRYcbQWRjjIZ0zC0WIqYGjRo0ZMnK0CEOjZAsaMW7AaCHmBg0xLWKQoWFjRhgxMkGGEfEwTJ0xGXOYkTGmTA4yMlrIMFODxkkcOMiMvFFmTIsbOcZ8vEEmRxkZHnlCJGOHIg4aOXA8hFNHzEIbMVL2hAOH4owcNB7OgTNRxwwbZ2-ofDimTV2_aGEo7knGzEIZMx6KcePmMQ0ZNi47FNHGDUaGIGXAWNv5s42mFUXUiZERDR06cOboePHizBsXeHKnUWPYxZg3bV7MaRNGDuw3cF6MmWEmzAwaN2TggFHjBg6jMMJ4xXEzRhkb0mGMgVHmb0MZNMg0lDlGjJnvYja2hPzeKPSiUH_UmYMwCZkeZcxUXkk5iCYDSTSE0RwOMczQEAw3aKfegTGMkQN4IMWAgw3kvWTGGGMcGEYMYsxgk4Y45HCDGByWwUUdimE2xxt1yFGUfz08l4NiMLwYow1tlNGGGP39l4USaNgwhxx5CIEEDVdUoUQZYrBBAxNmFJFFGHjEIEUQNjxxhhViKFFYGmVYgYcV6uXwBBFukDGEHVIw4UYQVMgRRQt1NEXFDEYQkQMcULyhBBRhQPEFEU1oYccVUzzRhhNJzLGmE3IIQUYWcxwhgwxlwEHGDDDowYYVbAjxxRlVJEGEFFWk4SMMmMERQ46AQafSrJjREcYZPQTpRgkyDNGCsGKRAVxGBtXBBh15pGGGGXnA8YYcbrhwRhh5DJcGG2zMoW0aZ6SBx22_tSHWGGH0tcWnXUjmmA4wuABDanLYcRipD9VRRxoZTddSDeLhEFMMNBicIEkjXWZGTBHBcJkNZeDwoVsPpXGYCDnE4MKOLlzmQkM0iCXHFxoH5THIIpMsVh076SBCE2_o8S0bYbxQg70goHBFGnG-ccccIDhBBQgx1AvDDiD87EZmTOMBNQj5MkSdvSmAcERVa7zxgmhJ33svCEakIUcZZryBxwtJ7wzDukDJ7MQTYl37BYgZzS0WG3GLUIQTyZZhxxdns0FRddb9Nd1oIshxRmU6gIXDDQ8dNLgYciwEVeWCf9HGG2Q8tmFqZMjxxkKRifCGQjrkJQIcpuORx0Kunz3vQK_BMdsLzT4b7bTVXpvttt22cbO45ZZ7rm_AvSDWHRnFEJ5YaERPa8l65ZuR6b7ScS2fbqRBR0w3uEDGGNIn2_dBX5yfvkXqMmQDYJ-eVUNqdLQhA0Xz41A_DfeTmFrGQrgy7OUL7eIf_aQDwNR0LgxsQAgdWLeF58QLImLoiwgO0hxnTWQtfFsI48bwGRj0QQEBAQ%3D%3D&s=e5f3f9dc5efc9ed1cf264b872cde6cc6e5d02c934e3d3c1a10e9c8fff174cd9e1668228451&w=t&r=1&d=1310&priv=false
136.243.134.97200 OK 24 B URL HTTP/1.1 pxl.tsyndicate.com/api/v1/p/p.js?p=APeIQFMmDJkycuaI0BGjBgsRYcbQWRjjIZ0zC0WIqYGjRo0ZMnK0CEOjZAsaMW7AaCHmBg0xLWKQoWFjRhgxMkGGEfEwTJ0xGXOYkTGmTA4yMlrIMFODxkkcOMiMvFFmTIsbOcZ8vEEmRxkZHnlCJGOHIg4aOXA8hFNHzEIbMVL2hAOH4owcNB7OgTNRxwwbZ2-ofDimTV2_aGEo7knGzEIZMx6KcePmMQ0ZNi47FNHGDUaGIGXAWNv5s42mFUXUiZERDR06cOboePHizBsXeHKnUWPYxZg3bV7MaRNGDuw3cF6MmWEmzAwaN2TggFHjBg6jMMJ4xXEzRhkb0mGMgVHmb0MZNMg0lDlGjJnvYja2hPzeKPSiUH_UmYMwCZkeZcxUXkk5iCYDSTSE0RwOMczQEAw3aKfegTGMkQN4IMWAgw3kvWTGGGMcGEYMYsxgk4Y45HCDGByWwUUdimE2xxt1yFGUfz08l4NiMLwYow1tlNGGGP39l4USaNgwhxx5CIEEDVdUoUQZYrBBAxNmFJFFGHjEIEUQNjxxhhViKFFYGmVYgYcV6uXwBBFukDGEHVIw4UYQVMgRRQt1NEXFDEYQkQMcULyhBBRhQPEFEU1oYccVUzzRhhNJzLGmE3IIQUYWcxwhgwxlwEHGDDDowYYVbAjxxRlVJEGEFFWk4SMMmMERQ46AQafSrJjREcYZPQTpRgkyDNGCsGKRAVxGBtXBBh15pGGGGXnA8YYcbrhwRhh5DJcGG2zMoW0aZ6SBx22_tSHWGGH0tcWnXUjmmA4wuABDanLYcRipD9VRRxoZTddSDeLhEFMMNBicIEkjXWZGTBHBcJkNZeDwoVsPpXGYCDnE4MKOLlzmQkM0iCXHFxoH5THIIpMsVh076SBCE2_o8S0bYbxQg70goHBFGnG-ccccIDhBBQgx1AvDDiD87EZmTOMBNQj5MkSdvSmAcERVa7zxgmhJ33svCEakIUcZZryBxwtJ7wzDukDJ7MQTYl37BYgZzS0WG3GLUIQTyZZhxxdns0FRddb9Nd1oIshxRmU6gIXDDQ8dNLgYciwEVeWCf9HGG2Q8tmFqZMjxxkKRifCGQjrkJQIcpuORx0Kunz3vQK_BMdsLzT4b7bTVXpvttt22cbO45ZZ7rm_AvSDWHRnFEJ5YaERPa8l65ZuR6b7ScS2fbqRBR0w3uEDGGNIn2_dBX5yfvkXqMmQDYJ-eVUNqdLQhA0Xz41A_DfeTmFrGQrgy7OUL7eIf_aQDwNR0LgxsQAgdWLeF58QLImLoiwgO0hxnTWQtfFsI48bwGRj0QQEBAQ%3D%3D&s=e5f3f9dc5efc9ed1cf264b872cde6cc6e5d02c934e3d3c1a10e9c8fff174cd9e1668228451&w=t&r=1&d=1310&priv=false
IP 136.243.134.97:0
ASN #24940 Hetzner Online GmbH
File type ASCII text, with no line terminators
Hash 0959ba36d476b6dc1994ba3c678b07c4
d30b94da72daa02766965206a85b7e0356375f5e
897410b87e27e3dfba3a7d6caab315a5e69cc941bb96d91fc74878a9b051843a
GET /api/v1/p/p.js?p=APeIQFMmDJkycuaI0BGjBgsRYcbQWRjjIZ0zC0WIqYGjRo0ZMnK0CEOjZAsaMW7AaCHmBg0xLWKQoWFjRhgxMkGGEfEwTJ0xGXOYkTGmTA4yMlrIMFODxkkcOMiMvFFmTIsbOcZ8vEEmRxkZHnlCJGOHIg4aOXA8hFNHzEIbMVL2hAOH4owcNB7OgTNRxwwbZ2-ofDimTV2_aGEo7knGzEIZMx6KcePmMQ0ZNi47FNHGDUaGIGXAWNv5s42mFUXUiZERDR06cOboePHizBsXeHKnUWPYxZg3bV7MaRNGDuw3cF6MmWEmzAwaN2TggFHjBg6jMMJ4xXEzRhkb0mGMgVHmb0MZNMg0lDlGjJnvYja2hPzeKPSiUH_UmYMwCZkeZcxUXkk5iCYDSTSE0RwOMczQEAw3aKfegTGMkQN4IMWAgw3kvWTGGGMcGEYMYsxgk4Y45HCDGByWwUUdimE2xxt1yFGUfz08l4NiMLwYow1tlNGGGP39l4USaNgwhxx5CIEEDVdUoUQZYrBBAxNmFJFFGHjEIEUQNjxxhhViKFFYGmVYgYcV6uXwBBFukDGEHVIw4UYQVMgRRQt1NEXFDEYQkQMcULyhBBRhQPEFEU1oYccVUzzRhhNJzLGmE3IIQUYWcxwhgwxlwEHGDDDowYYVbAjxxRlVJEGEFFWk4SMMmMERQ46AQafSrJjREcYZPQTpRgkyDNGCsGKRAVxGBtXBBh15pGGGGXnA8YYcbrhwRhh5DJcGG2zMoW0aZ6SBx22_tSHWGGH0tcWnXUjmmA4wuABDanLYcRipD9VRRxoZTddSDeLhEFMMNBicIEkjXWZGTBHBcJkNZeDwoVsPpXGYCDnE4MKOLlzmQkM0iCXHFxoH5THIIpMsVh076SBCE2_o8S0bYbxQg70goHBFGnG-ccccIDhBBQgx1AvDDiD87EZmTOMBNQj5MkSdvSmAcERVa7zxgmhJ33svCEakIUcZZryBxwtJ7wzDukDJ7MQTYl37BYgZzS0WG3GLUIQTyZZhxxdns0FRddb9Nd1oIshxRmU6gIXDDQ8dNLgYciwEVeWCf9HGG2Q8tmFqZMjxxkKRifCGQjrkJQIcpuORx0Kunz3vQK_BMdsLzT4b7bTVXpvttt22cbO45ZZ7rm_AvSDWHRnFEJ5YaERPa8l65ZuR6b7ScS2fbqRBR0w3uEDGGNIn2_dBX5yfvkXqMmQDYJ-eVUNqdLQhA0Xz41A_DfeTmFrGQrgy7OUL7eIf_aQDwNR0LgxsQAgdWLeF58QLImLoiwgO0hxnTWQtfFsI48bwGRj0QQEBAQ%3D%3D&s=e5f3f9dc5efc9ed1cf264b872cde6cc6e5d02c934e3d3c1a10e9c8fff174cd9e1668228451&w=t&r=1&d=1310&priv=false HTTP/1.1
Host: pxl.tsyndicate.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://tsyndicate.com/
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 12 Nov 2022 04:47:32 GMT
Content-Type: text/plain; charset=utf-8
Content-Length: 24
Connection: keep-alive
X-Robots-Tag: noindex, nofollow
ocsp.digicert.com/
93.184.220.29200 OK 278 B IP 93.184.220.29:0
Hash 219f6ff0d6ff08372263e80f4c68ab51
77cc8c995108a78dde72a0420d293d12ffdfdab7
5177725bb60acafc9146d5b6b0269eb1b50dad7e08f8730829852fe9e8f3d2d5
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5062
Cache-Control: max-age=113148
Content-Type: application/ocsp-response
Date: Sat, 12 Nov 2022 04:47:32 GMT
Etag: "636e289a-116"
Expires: Sun, 13 Nov 2022 12:13:20 GMT
Last-Modified: Fri, 11 Nov 2022 10:48:58 GMT
Server: ECS (ska/F707)
X-Cache: HIT
Content-Length: 278
lcdn.tsyndicate.com/sdk/v1/b.b.js
8.247.219.121304 Not Modified 0 B URL HTTP/1.1 lcdn.tsyndicate.com/sdk/v1/b.b.js
IP 8.247.219.121:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /sdk/v1/b.b.js HTTP/1.1
Host: lcdn.tsyndicate.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://tsyndicate.com/
If-Modified-Since: Tue, 22 Feb 2022 13:07:15 GMT
If-None-Match: W/"6214e003-1eb1"
HTTP/1.1 304 Not Modified
Date: Tue, 08 Mar 2022 10:11:03 GMT
Connection: keep-alive
Last-Modified: Tue, 22 Feb 2022 13:07:15 GMT
Server: nginx
X-Robots-Tag: noindex, nofollow
Vary: Accept-Encoding
ETag: W/"6214e003-1eb1"
Age: 21494189
tsyndicate.com/iframes2/e5937915a343437993bcb6ac18eb41d4.html?
136.243.75.209200 OK 2.7 kB URL HTTP/1.1 tsyndicate.com/iframes2/e5937915a343437993bcb6ac18eb41d4.html?
IP 136.243.75.209:0
ASN #24940 Hetzner Online GmbH
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (4360)
Hash c0ac344943412d57f503cb368d26cdba
70110a1896a0c3e77210d541879556f2e39440f6
cea8a0b9c9eaba5dd32ce76cefcba00795422350214d537bd52b0a21789afa4b
GET /iframes2/e5937915a343437993bcb6ac18eb41d4.html? HTTP/1.1
Host: tsyndicate.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://adultyiffyporn.gaysmills.gigixo.com/
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 12 Nov 2022 04:47:32 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Pragma: no-cache
Expires: 0
Vary: Accept-Encoding, *
X-Api-Version: 2
Link: <http://lcdn.tsyndicate.com/sdk/v1/b.b.js>; rel=preload; as=script
X-Request-Id: 719c78a24caed621
Set-Cookie: ts_uid=0bd1dd3b-90be-4f77-a945-dfc17557cc19; expires=Fri, 12 May 2023 04:47:32 GMT; domain=.tsyndicate.com; path=/; HttpOnly; secure; SameSite=None
bfq=APeIECNCx5YZMGbcmEGDRhcWIsYU3BLjoYgyE2PYsIFjRgwaOGrI6NJH; expires=Sun, 13 Nov 2022 04:47:32 GMT; domain=.tsyndicate.com; path=/; secure; SameSite=None
Cache-Control: no-cache, no-store, no-transform, must-revalidate, no-transform
X-Robots-Tag: none, noindex, nofollow
Report-To: { "url": "https://pxl.tsyndicate.com/api/v1/heavy-ad/report", "max_age": 86401 }
Content-Encoding: gzip
www.google-analytics.com/analytics.js
142.250.74.174200 OK 20 kB URL HTTP/2 www.google-analytics.com/analytics.js
IP 142.250.74.174:0
File type ASCII text, with very long lines (1325)
Hash 47e6f374ca946fddd5b59871b325736c
baa9282efc8785e84d247c3bff518eaa45f101c4
16580b5c87c58e5702e411f1888fdef511094e4cd6d62bb47d16291ffb25985e
GET /analytics.js HTTP/1.1
Host: www.google-analytics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://adsmediabox.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 20039
date: Sat, 12 Nov 2022 04:41:09 GMT
expires: Sat, 12 Nov 2022 06:41:09 GMT
cache-control: public, max-age=7200
age: 383
last-modified: Tue, 27 Sep 2022 22:01:05 GMT
content-type: text/javascript
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
pxl.tsyndicate.com/api/v1/p/p.js?p=APeIQFMmDJkycuaI0BGjBgsRYcbQWRjjIZ0zC0XQwFFjTA0cZMi0MAMDh5kWNGrIEClmBpkbLVaaESOjJhkzOQyKeBimzpiMNsjYmFFGRssWN8jkKINyDNEWEW3IaCGmRhkbMGREJCPGRpmdEMnYoYiDRg4cD-HUEbPQRowYN3jCgUMRxo0YNh7OgTNRx4yyNGTQgPFwTBu6OmraoDEjB8-bbSuKEOPGDUUbWG3cmPGwjRuMDGfUJCwCjmfQNmrQkFwnRkY0dOjAmaPjxYszb1zg2Z1GzWEXY960eTGnTRg5st_AeeHUTJgZNG7IwAGjxg0cZXLACLMURxgxMa5OhzEGRpkZblXSINMwBpkxYsxcFVNVjPQZ8rNHH1MGB44fdcyBUBJk9FAGGTScR4NZMmQVxoJhOIdDDDM0ZBd37GkVwxg5SCVaDDhgVQYN8Y0xhlZhxNDSDCn6l8MNXZnHRR0wZGXDHG_UIQd_BPagGGM5zFijDDa0UUYbYgxYYAxVyIGGHjGEUQYaQdgxQxFzZNHhG0LcYMcSbGRxRg1kTCFEGEnAYIMVZ9hARBFt4CGEGVZUkcMMUaQhmhtfLBGHG3PcsMQVYlwRRJlR5HFHDGyEYQcRUNhJhA1pmFGHEUjgQQMcaGgRxBcznBHHEnmwcYcZd3zRBBZQ0PDFGVUkQYQUVaQhpI1wxNDDXwsKBgNYZAiXkUF1sEFHHpWakQccb8jhhgtnhJFHcWmwwcYc0KZxRhp45BZcG2CNEUZfW9zQxUPxLQSDCzBIJocdiM1AWh11pJERDFzJa4YMJzXYIUpijEEDVYzBgJQNYiBYA4vXlQdWGoiJkEMMLmjnQmAuNEQDWHJ8AXFGE1e8LsYag1VHGBk18YYe1Tb6Qg3sgoDCFWm4Eewdc4DgBBUgxLAuDDuAQLMbiwWNR9EgvMtQdeymAMIRZYyxxhsvNOhzu-2CYEQacpRhxht4vOAzzL8W9pMOIjjxBFjNfmFiRmqDxcbZIhThBLBl2PFF12xQZN116FFHmhxnWJbYR3GJcJDeYsixkH8PLf5FG2-QsdB0bkUuxxsLcSbCGwrpQENam-ORx0Kji9C1Ga_FBkdtLxBrLLJmKMuss9BKS6212G67bbfACfcCWHdkFMN4YKFhfFYb6_VuRpvTMW6zLdThRhp0oHSDC-8dDyzdB33RvQxg0QEuQ5jhUFNZNZBmPvno26D-dCnBcKdkBu1dxl5fjHuZ_Our30Py1j82IIQOodsCdM4FETH0RXFe64mxwAKHuamrMKCBQR8UEBA%3D&s=2fafadb352723b67b4f0b24af32b4f5e5cf559328f95554a2e2ec9117f87552f1668228450&w=t&r=1&d=1401&priv=false
136.243.134.97200 OK 24 B URL HTTP/1.1 pxl.tsyndicate.com/api/v1/p/p.js?p=APeIQFMmDJkycuaI0BGjBgsRYcbQWRjjIZ0zC0XQwFFjTA0cZMi0MAMDh5kWNGrIEClmBpkbLVaaESOjJhkzOQyKeBimzpiMNsjYmFFGRssWN8jkKINyDNEWEW3IaCGmRhkbMGREJCPGRpmdEMnYoYiDRg4cD-HUEbPQRowYN3jCgUMRxo0YNh7OgTNRx4yyNGTQgPFwTBu6OmraoDEjB8-bbSuKEOPGDUUbWG3cmPGwjRuMDGfUJCwCjmfQNmrQkFwnRkY0dOjAmaPjxYszb1zg2Z1GzWEXY960eTGnTRg5st_AeeHUTJgZNG7IwAGjxg0cZXLACLMURxgxMa5OhzEGRpkZblXSINMwBpkxYsxcFVNVjPQZ8rNHH1MGB44fdcyBUBJk9FAGGTScR4NZMmQVxoJhOIdDDDM0ZBd37GkVwxg5SCVaDDhgVQYN8Y0xhlZhxNDSDCn6l8MNXZnHRR0wZGXDHG_UIQd_BPagGGM5zFijDDa0UUYbYgxYYAxVyIGGHjGEUQYaQdgxQxFzZNHhG0LcYMcSbGRxRg1kTCFEGEnAYIMVZ9hARBFt4CGEGVZUkcMMUaQhmhtfLBGHG3PcsMQVYlwRRJlR5HFHDGyEYQcRUNhJhA1pmFGHEUjgQQMcaGgRxBcznBHHEnmwcYcZd3zRBBZQ0PDFGVUkQYQUVaQhpI1wxNDDXwsKBgNYZAiXkUF1sEFHHpWakQccb8jhhgtnhJFHcWmwwcYc0KZxRhp45BZcG2CNEUZfW9zQxUPxLQSDCzBIJocdiM1AWh11pJERDFzJa4YMJzXYIUpijEEDVYzBgJQNYiBYA4vXlQdWGoiJkEMMLmjnQmAuNEQDWHJ8AXFGE1e8LsYag1VHGBk18YYe1Tb6Qg3sgoDCFWm4Eewdc4DgBBUgxLAuDDuAQLMbiwWNR9EgvMtQdeymAMIRZYyxxhsvNOhzu-2CYEQacpRhxht4vOAzzL8W9pMOIjjxBFjNfmFiRmqDxcbZIhThBLBl2PFF12xQZN116FFHmhxnWJbYR3GJcJDeYsixkH8PLf5FG2-QsdB0bkUuxxsLcSbCGwrpQENam-ORx0Kji9C1Ga_FBkdtLxBrLLJmKMuss9BKS6212G67bbfACfcCWHdkFMN4YKFhfFYb6_VuRpvTMW6zLdThRhp0oHSDC-8dDyzdB33RvQxg0QEuQ5jhUFNZNZBmPvno26D-dCnBcKdkBu1dxl5fjHuZ_Our30Py1j82IIQOodsCdM4FETH0RXFe64mxwAKHuamrMKCBQR8UEBA%3D&s=2fafadb352723b67b4f0b24af32b4f5e5cf559328f95554a2e2ec9117f87552f1668228450&w=t&r=1&d=1401&priv=false
IP 136.243.134.97:0
ASN #24940 Hetzner Online GmbH
File type ASCII text, with no line terminators
Hash 0959ba36d476b6dc1994ba3c678b07c4
d30b94da72daa02766965206a85b7e0356375f5e
897410b87e27e3dfba3a7d6caab315a5e69cc941bb96d91fc74878a9b051843a
GET /api/v1/p/p.js?p=APeIQFMmDJkycuaI0BGjBgsRYcbQWRjjIZ0zC0XQwFFjTA0cZMi0MAMDh5kWNGrIEClmBpkbLVaaESOjJhkzOQyKeBimzpiMNsjYmFFGRssWN8jkKINyDNEWEW3IaCGmRhkbMGREJCPGRpmdEMnYoYiDRg4cD-HUEbPQRowYN3jCgUMRxo0YNh7OgTNRx4yyNGTQgPFwTBu6OmraoDEjB8-bbSuKEOPGDUUbWG3cmPGwjRuMDGfUJCwCjmfQNmrQkFwnRkY0dOjAmaPjxYszb1zg2Z1GzWEXY960eTGnTRg5st_AeeHUTJgZNG7IwAGjxg0cZXLACLMURxgxMa5OhzEGRpkZblXSINMwBpkxYsxcFVNVjPQZ8rNHH1MGB44fdcyBUBJk9FAGGTScR4NZMmQVxoJhOIdDDDM0ZBd37GkVwxg5SCVaDDhgVQYN8Y0xhlZhxNDSDCn6l8MNXZnHRR0wZGXDHG_UIQd_BPagGGM5zFijDDa0UUYbYgxYYAxVyIGGHjGEUQYaQdgxQxFzZNHhG0LcYMcSbGRxRg1kTCFEGEnAYIMVZ9hARBFt4CGEGVZUkcMMUaQhmhtfLBGHG3PcsMQVYlwRRJlR5HFHDGyEYQcRUNhJhA1pmFGHEUjgQQMcaGgRxBcznBHHEnmwcYcZd3zRBBZQ0PDFGVUkQYQUVaQhpI1wxNDDXwsKBgNYZAiXkUF1sEFHHpWakQccb8jhhgtnhJFHcWmwwcYc0KZxRhp45BZcG2CNEUZfW9zQxUPxLQSDCzBIJocdiM1AWh11pJERDFzJa4YMJzXYIUpijEEDVYzBgJQNYiBYA4vXlQdWGoiJkEMMLmjnQmAuNEQDWHJ8AXFGE1e8LsYag1VHGBk18YYe1Tb6Qg3sgoDCFWm4Eewdc4DgBBUgxLAuDDuAQLMbiwWNR9EgvMtQdeymAMIRZYyxxhsvNOhzu-2CYEQacpRhxht4vOAzzL8W9pMOIjjxBFjNfmFiRmqDxcbZIhThBLBl2PFF12xQZN116FFHmhxnWJbYR3GJcJDeYsixkH8PLf5FG2-QsdB0bkUuxxsLcSbCGwrpQENam-ORx0Kji9C1Ga_FBkdtLxBrLLJmKMuss9BKS6212G67bbfACfcCWHdkFMN4YKFhfFYb6_VuRpvTMW6zLdThRhp0oHSDC-8dDyzdB33RvQxg0QEuQ5jhUFNZNZBmPvno26D-dCnBcKdkBu1dxl5fjHuZ_Our30Py1j82IIQOodsCdM4FETH0RXFe64mxwAKHuamrMKCBQR8UEBA%3D&s=2fafadb352723b67b4f0b24af32b4f5e5cf559328f95554a2e2ec9117f87552f1668228450&w=t&r=1&d=1401&priv=false HTTP/1.1
Host: pxl.tsyndicate.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://tsyndicate.com/
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 12 Nov 2022 04:47:32 GMT
Content-Type: text/plain; charset=utf-8
Content-Length: 24
Connection: keep-alive
X-Robots-Tag: noindex, nofollow
pxl.tsyndicate.com/api/v1/p/p.js?p=APeIQFMmDJkycuaI0BGjBgsRYcbQWRjjIZ0zC0WUGSOjjBgyYWC0uHGDYwsaMWLkaJFDjBkzLVTiCBPSDIwcNnKEEfEwTJ0xGcngIInDBkmWM8zMODkjRwyWOExyFFOy4YyUM2zwhEjGDkUcNHLgeAinjpiFNlLe6AkHDkUYN2LYeDgHzkQdM8DSkEEDxsMxbdzqkCHDBo2mPcmYQVtRhBg3bijasAHD6IyHbdxgZDiDsF8RcDJvtlED5cM6MTKioUMHzhwdL16ceeMCj-00agK7GPOmzYs5bcLIaf0GzosxScPMoHFDBg4YNW7gKJMDRpgcZWaKiVHGhnMYY2CUydqQL5mGMciMcdldjJgaVGUkLUOd-ZjsOH7UmYMwCZkeZZBBw3g0hCUDDDKEUWAYZoSBQwxX1QDXdeclGMMYOMknQwxFiUeDS2NwRFMMYswwQxgc4pDDDWJQVgYXdcCAoA1zvFGHHPf51wNhhjUFo4yFtVFGG2L0918LeTQRxBlEJAGDFUJckYSUQlyohBNvvJEHHWzYgYQdWnyRBxoxLPGEFGzkocZIdzwRgx1mxNBGC1HccAYMbljnBBtkICGDG0ycoUYWYighBhYw3EGHGFqoEcQXUpDxxRCDHoGHGVQIsQQNVsiBxw1P2PHGDHZEEUcZUXxxRhVJECFFFWn8OCMcMfSQV4F8wbAVGb1lZFAdbNCRRxov5QHHG3K44cIZYeQBXBpssDHHsmmckQYetPHWxlZjhHHXFjd08ZBLC8HgAgyNyWGHYDN8VkcdaWQ0Axlk1NAgDjWwJAMZNpxUA4MsMdivSzaoCFdJ8un6UBqCieCUC9W5sJcLDdGwlRxfMJzRwxFPXPFWdeykgwhNvKEHtGyE8UIN54KAwhVpuMHrHXOA4AQVIMRgLgw7gACzG4b1jEfQIKjLEHTnpgDCERut8cYLB-qMLrogGJGGHGWY8QYeL-jMssIihJiRE09shewXYo9M9lZsADVyEU7sWoYdX2DNBkXRSZfVc5_JcUZkg9Uw1EMH0S2GHAvhMJYIhX_RxhtkLORcWoTL8cZCl4nwhkI60ECW5XjksZDnImC92MirtQbbC78GO2yxxya7bLPPRjuttdZiu1tvL2x1R0YxfLcVGsAjaDFd6mZkOR3eIttCHW6kQUcLErqgXvC7us14GV9cL8NWdGzL0GQ4EAZWDY2F__34BZtPA_oyLm5Q3WXU9YW3krXv3PuNzX0_GwihA-e2sBxxQUQMd9leg4A1EbK0rVx_2QwM-qCAgAA%3D&s=3fee602d2b2dfb17bd5e8ad02d41f740d97a97192ef45214d9aaee7c261797a11668228451&w=t&r=1&d=1378&priv=false
136.243.134.97200 OK 24 B URL HTTP/1.1 pxl.tsyndicate.com/api/v1/p/p.js?p=APeIQFMmDJkycuaI0BGjBgsRYcbQWRjjIZ0zC0WUGSOjjBgyYWC0uHGDYwsaMWLkaJFDjBkzLVTiCBPSDIwcNnKEEfEwTJ0xGcngIInDBkmWM8zMODkjRwyWOExyFFOy4YyUM2zwhEjGDkUcNHLgeAinjpiFNlLe6AkHDkUYN2LYeDgHzkQdM8DSkEEDxsMxbdzqkCHDBo2mPcmYQVtRhBg3bijasAHD6IyHbdxgZDiDsF8RcDJvtlED5cM6MTKioUMHzhwdL16ceeMCj-00agK7GPOmzYs5bcLIaf0GzosxScPMoHFDBg4YNW7gKJMDRpgcZWaKiVHGhnMYY2CUydqQL5mGMciMcdldjJgaVGUkLUOd-ZjsOH7UmYMwCZkeZZBBw3g0hCUDDDKEUWAYZoSBQwxX1QDXdeclGMMYOMknQwxFiUeDS2NwRFMMYswwQxgc4pDDDWJQVgYXdcCAoA1zvFGHHPf51wNhhjUFo4yFtVFGG2L0918LeTQRxBlEJAGDFUJckYSUQlyohBNvvJEHHWzYgYQdWnyRBxoxLPGEFGzkocZIdzwRgx1mxNBGC1HccAYMbljnBBtkICGDG0ycoUYWYighBhYw3EGHGFqoEcQXUpDxxRCDHoGHGVQIsQQNVsiBxw1P2PHGDHZEEUcZUXxxRhVJECFFFWn8OCMcMfSQV4F8wbAVGb1lZFAdbNCRRxov5QHHG3K44cIZYeQBXBpssDHHsmmckQYetPHWxlZjhHHXFjd08ZBLC8HgAgyNyWGHYDN8VkcdaWQ0Axlk1NAgDjWwJAMZNpxUA4MsMdivSzaoCFdJ8un6UBqCieCUC9W5sJcLDdGwlRxfMJzRwxFPXPFWdeykgwhNvKEHtGyE8UIN54KAwhVpuMHrHXOA4AQVIMRgLgw7gACzG4b1jEfQIKjLEHTnpgDCERut8cYLB-qMLrogGJGGHGWY8QYeL-jMssIihJiRE09shewXYo9M9lZsADVyEU7sWoYdX2DNBkXRSZfVc5_JcUZkg9Uw1EMH0S2GHAvhMJYIhX_RxhtkLORcWoTL8cZCl4nwhkI60ECW5XjksZDnImC92MirtQbbC78GO2yxxya7bLPPRjuttdZiu1tvL2x1R0YxfLcVGsAjaDFd6mZkOR3eIttCHW6kQUcLErqgXvC7us14GV9cL8NWdGzL0GQ4EAZWDY2F__34BZtPA_oyLm5Q3WXU9YW3krXv3PuNzX0_GwihA-e2sBxxQUQMd9leg4A1EbK0rVx_2QwM-qCAgAA%3D&s=3fee602d2b2dfb17bd5e8ad02d41f740d97a97192ef45214d9aaee7c261797a11668228451&w=t&r=1&d=1378&priv=false
IP 136.243.134.97:0
ASN #24940 Hetzner Online GmbH
File type ASCII text, with no line terminators
Hash 0959ba36d476b6dc1994ba3c678b07c4
d30b94da72daa02766965206a85b7e0356375f5e
897410b87e27e3dfba3a7d6caab315a5e69cc941bb96d91fc74878a9b051843a
GET /api/v1/p/p.js?p=APeIQFMmDJkycuaI0BGjBgsRYcbQWRjjIZ0zC0WUGSOjjBgyYWC0uHGDYwsaMWLkaJFDjBkzLVTiCBPSDIwcNnKEEfEwTJ0xGcngIInDBkmWM8zMODkjRwyWOExyFFOy4YyUM2zwhEjGDkUcNHLgeAinjpiFNlLe6AkHDkUYN2LYeDgHzkQdM8DSkEEDxsMxbdzqkCHDBo2mPcmYQVtRhBg3bijasAHD6IyHbdxgZDiDsF8RcDJvtlED5cM6MTKioUMHzhwdL16ceeMCj-00agK7GPOmzYs5bcLIaf0GzosxScPMoHFDBg4YNW7gKJMDRpgcZWaKiVHGhnMYY2CUydqQL5mGMciMcdldjJgaVGUkLUOd-ZjsOH7UmYMwCZkeZZBBw3g0hCUDDDKEUWAYZoSBQwxX1QDXdeclGMMYOMknQwxFiUeDS2NwRFMMYswwQxgc4pDDDWJQVgYXdcCAoA1zvFGHHPf51wNhhjUFo4yFtVFGG2L0918LeTQRxBlEJAGDFUJckYSUQlyohBNvvJEHHWzYgYQdWnyRBxoxLPGEFGzkocZIdzwRgx1mxNBGC1HccAYMbljnBBtkICGDG0ycoUYWYighBhYw3EGHGFqoEcQXUpDxxRCDHoGHGVQIsQQNVsiBxw1P2PHGDHZEEUcZUXxxRhVJECFFFWn8OCMcMfSQV4F8wbAVGb1lZFAdbNCRRxov5QHHG3K44cIZYeQBXBpssDHHsmmckQYetPHWxlZjhHHXFjd08ZBLC8HgAgyNyWGHYDN8VkcdaWQ0Axlk1NAgDjWwJAMZNpxUA4MsMdivSzaoCFdJ8un6UBqCieCUC9W5sJcLDdGwlRxfMJzRwxFPXPFWdeykgwhNvKEHtGyE8UIN54KAwhVpuMHrHXOA4AQVIMRgLgw7gACzG4b1jEfQIKjLEHTnpgDCERut8cYLB-qMLrogGJGGHGWY8QYeL-jMssIihJiRE09shewXYo9M9lZsADVyEU7sWoYdX2DNBkXRSZfVc5_JcUZkg9Uw1EMH0S2GHAvhMJYIhX_RxhtkLORcWoTL8cZCl4nwhkI60ECW5XjksZDnImC92MirtQbbC78GO2yxxya7bLPPRjuttdZiu1tvL2x1R0YxfLcVGsAjaDFd6mZkOR3eIttCHW6kQUcLErqgXvC7us14GV9cL8NWdGzL0GQ4EAZWDY2F__34BZtPA_oyLm5Q3WXU9YW3krXv3PuNzX0_GwihA-e2sBxxQUQMd9leg4A1EbK0rVx_2QwM-qCAgAA%3D&s=3fee602d2b2dfb17bd5e8ad02d41f740d97a97192ef45214d9aaee7c261797a11668228451&w=t&r=1&d=1378&priv=false HTTP/1.1
Host: pxl.tsyndicate.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://tsyndicate.com/
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 12 Nov 2022 04:47:32 GMT
Content-Type: text/plain; charset=utf-8
Content-Length: 24
Connection: keep-alive
X-Robots-Tag: noindex, nofollow
adultyiffyporn.gaysmills.gigixo.com/viewImage3?data=0c101014175e4b4b070d4a140c0a07000a4a070b094b140d07174b0508061109174b5455544b5653574b5454554b5550525656555651554b4c095901491d0505231505054d4c090c59353520303515153e3523032a511408054d0b160d030d0a05083b5550525656555651554a0e1403
51.79.221.186200 60 kB URL HTTP/1.1 adultyiffyporn.gaysmills.gigixo.com/viewImage3?data=0c101014175e4b4b070d4a140c0a07000a4a070b094b140d07174b0508061109174b5455544b5653574b5454554b5550525656555651554b4c095901491d0505231505054d4c090c59353520303515153e3523032a511408054d0b160d030d0a05083b5550525656555651554a0e1403
IP 51.79.221.186:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 575x383, components 3\012- data
Hash cd2418aea9f0c4825d356a918b192a12
148a99cc258117af1db4f3e17503ccb130bdd141
8ec163e2f495622425afa62323c5bf124056b56d8cd1258b640a87e21720719d
GET /viewImage3?data=0c101014175e4b4b070d4a140c0a07000a4a070b094b140d07174b0508061109174b5455544b5653574b5454554b5550525656555651554b4c095901491d0505231505054d4c090c59353520303515153e3523032a511408054d0b160d030d0a05083b5550525656555651554a0e1403 HTTP/1.1
Host: adultyiffyporn.gaysmills.gigixo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://adultyiffyporn.gaysmills.gigixo.com/?daisy=20
HTTP/1.1 200
Server: nginx
Date: Sat, 12 Nov 2022 04:39:25 GMT
Content-Length: 60283
Connection: keep-alive
Cache-Control: max-age=31418383
go.xxxjmp.com/smartpop/0344371630277140d4e6e843762bdf964d4ae7bf351771961595fbde6c2ada11?userId=d100f7df1b38527c59f2a01ce658dbfb8b696949c12c1469164f408167d4a1ca&sourceId=477848&memberId=3Q0z5P1jiZBRNWDa3h_cioxeGR85SzQIu8jv81QNhKtHOg7IGFHfvXLMACf8s_C_5KwI8PdV0fX1pmImY5aSSgaGCmgcK0tdhtpQsN8_gUIDRUi&p1=3844273
104.18.51.106301 Moved Permanently 0 B URL HTTP/1.1 go.xxxjmp.com/smartpop/0344371630277140d4e6e843762bdf964d4ae7bf351771961595fbde6c2ada11?userId=d100f7df1b38527c59f2a01ce658dbfb8b696949c12c1469164f408167d4a1ca&sourceId=477848&memberId=3Q0z5P1jiZBRNWDa3h_cioxeGR85SzQIu8jv81QNhKtHOg7IGFHfvXLMACf8s_C_5KwI8PdV0fX1pmImY5aSSgaGCmgcK0tdhtpQsN8_gUIDRUi&p1=3844273
IP 104.18.51.106:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /smartpop/0344371630277140d4e6e843762bdf964d4ae7bf351771961595fbde6c2ada11?userId=d100f7df1b38527c59f2a01ce658dbfb8b696949c12c1469164f408167d4a1ca&sourceId=477848&memberId=3Q0z5P1jiZBRNWDa3h_cioxeGR85SzQIu8jv81QNhKtHOg7IGFHfvXLMACf8s_C_5KwI8PdV0fX1pmImY5aSSgaGCmgcK0tdhtpQsN8_gUIDRUi&p1=3844273 HTTP/1.1
Host: go.xxxjmp.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://tsyndicate.com/
Upgrade-Insecure-Requests: 1
HTTP/1.1 301 Moved Permanently
Date: Sat, 12 Nov 2022 04:47:32 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: max-age=3600
Expires: Sat, 12 Nov 2022 05:47:32 GMT
Location: https://go.xxxjmp.com/smartpop/0344371630277140d4e6e843762bdf964d4ae7bf351771961595fbde6c2ada11?userId=d100f7df1b38527c59f2a01ce658dbfb8b696949c12c1469164f408167d4a1ca&sourceId=477848&memberId=3Q0z5P1jiZBRNWDa3h_cioxeGR85SzQIu8jv81QNhKtHOg7IGFHfvXLMACf8s_C_5KwI8PdV0fX1pmImY5aSSgaGCmgcK0tdhtpQsN8_gUIDRUi&p1=3844273
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 768ca156fcb50b45-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
s3t3d2y8.afcdn.net/library/428515/afaf6b58a8d6050615369f81598d4bd126bd021e.webp
185.76.9.16200 OK 13 kB URL HTTP/2 s3t3d2y8.afcdn.net/library/428515/afaf6b58a8d6050615369f81598d4bd126bd021e.webp
IP 185.76.9.16:0
ASN #60068 Datacamp Limited
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 300x250, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash 8da76954e810412b8ec5378d8480ab45
afaf6b58a8d6050615369f81598d4bd126bd021e
4f186cbdc1268f6ab21f0e5bc6dfa6dce0c52fb60dec007a79e2c41d41bc4293
GET /library/428515/afaf6b58a8d6050615369f81598d4bd126bd021e.webp HTTP/1.1
Host: s3t3d2y8.afcdn.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://syndication.realsrv.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sat, 12 Nov 2022 04:47:32 GMT
content-type: image/webp
content-length: 13180
last-modified: Fri, 31 Dec 2021 10:19:16 GMT
etag: "61ced924-337c"
expires: Fri, 30 Jun 2023 11:26:51 GMT
cache-control: max-age=31536000
access-control-allow-origin: *
x-cache-op: HIT
x-accel-expires: @1688195238
server: CDN77-Turbo
x-robots-tag: noindex, follow
x-77-nzt: AblMCQ22Nuz/PoiwAA
x-77-nzt-ray: ffffffffc77199b364256f6315ffaa3a
x-cache: HIT
x-age: 11569214
x-77-pop: stockholmSE
x-77-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
go.eabids.com/banner.go?spaceid=5675445&keywords=&maincat=
217.22.19.194200 OK 1.6 kB URL HTTP/1.1 go.eabids.com/banner.go?spaceid=5675445&keywords=&maincat=
IP 217.22.19.194:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (1608), with no line terminators
Hash 0b228c1fa89bef703a032b994c142a35
0570827b04dd68b65ce931d1dc5ac797238e75ae
e2ee26fba798eb75550f5c7353473b26491bfa11bb2368f9ffb54946d403b572
GET /banner.go?spaceid=5675445&keywords=&maincat= HTTP/1.1
Host: go.eabids.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://adultyiffyporn.gaysmills.gigixo.com/
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 12 Nov 2022 04:47:32 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 1608
Connection: keep-alive
Expires: Mon, 03 Jul 2001 06:00:00 GMT
Last-Modified: Sat, 12 11 2022 04:47:32 GMT
Cache-Control: no-store, no-cache, must-revalidate, max-age=0,post-check=0, pre-check=0
Pragma: no-cache
X-Backend-Server: nl2-web-203
pxl.tsyndicate.com/api/v1/elapsedtime?f=banner%20728x90&sc=9d1e13394347478aa7505e5c4801aade&hn=adultyiffyporn.gaysmills.gigixo.com&et=221
136.243.134.97200 OK 0 B URL HTTP/1.1 pxl.tsyndicate.com/api/v1/elapsedtime?f=banner%20728x90&sc=9d1e13394347478aa7505e5c4801aade&hn=adultyiffyporn.gaysmills.gigixo.com&et=221
IP 136.243.134.97:0
ASN #24940 Hetzner Online GmbH
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /api/v1/elapsedtime?f=banner%20728x90&sc=9d1e13394347478aa7505e5c4801aade&hn=adultyiffyporn.gaysmills.gigixo.com&et=221 HTTP/1.1
Host: pxl.tsyndicate.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://adultyiffyporn.gaysmills.gigixo.com/
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 12 Nov 2022 04:47:32 GMT
Content-Length: 0
Connection: keep-alive
X-Robots-Tag: noindex, nofollow
pxl.tsyndicate.com/api/v1/elapsedtime?f=banner%20250x150&sc=663422ed4341433597d6546506d00321&hn=adultyiffyporn.gaysmills.gigixo.com&et=112
136.243.134.97200 OK 0 B URL HTTP/1.1 pxl.tsyndicate.com/api/v1/elapsedtime?f=banner%20250x150&sc=663422ed4341433597d6546506d00321&hn=adultyiffyporn.gaysmills.gigixo.com&et=112
IP 136.243.134.97:0
ASN #24940 Hetzner Online GmbH
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /api/v1/elapsedtime?f=banner%20250x150&sc=663422ed4341433597d6546506d00321&hn=adultyiffyporn.gaysmills.gigixo.com&et=112 HTTP/1.1
Host: pxl.tsyndicate.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://adultyiffyporn.gaysmills.gigixo.com/
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 12 Nov 2022 04:47:32 GMT
Content-Length: 0
Connection: keep-alive
X-Robots-Tag: noindex, nofollow
adultyiffyporn.gaysmills.gigixo.com/s3/ad_oct20/0053.jpeg
51.79.221.186200 OK 32 kB URL HTTP/1.1 adultyiffyporn.gaysmills.gigixo.com/s3/ad_oct20/0053.jpeg
IP 51.79.221.186:0
File type JPEG image data, Exif standard: [TIFF image data, big-endian, direntries=12, height=180, bps=0, PhotometricIntepretation=RGB, orientation=upper-left, width=180], baseline, precision 8, 200x200, components 3\012- data
Hash d7a3cff5f8e997615ea74dcc43617270
9fce5e116eb670c2353e6ec2b6d9504798980112
5203b25cc943b0ddec3c56512beceae06e3efe89a8ac7f522c375dd03350e456
GET /s3/ad_oct20/0053.jpeg HTTP/1.1
Host: adultyiffyporn.gaysmills.gigixo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://adultyiffyporn.gaysmills.gigixo.com/?daisy=20
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 12 Nov 2022 04:39:25 GMT
Content-Type: image/jpeg
Content-Length: 31898
Connection: keep-alive
Last-Modified: Fri, 09 Oct 2020 20:39:23 GMT
ETag: "5f80ca7b-7c9a"
X-Cluster: web-cdn2
X-Cache: HIT
CF-Cache-Status: MISS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=f4A7MdJ3GTtkqR63qOudB6KxZqHIPl7x1KpU%2Fwx%2BL2oif%2FKOvv4UswERqoBnWLHq7X7pdcix8NtyDmyE6Wb7hefDcRwwzq3utov3Lm69g7XNa83LjBxteD41LX9pC%2FE%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
CF-RAY: 768a3140986e9fe9-SIN
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Cache-Status: HIT
Cache-Control: max-age=14400, max-age=31536000
Accept-Ranges: bytes
cdn.tsyndicate.com/sdk/v1/backup.banner.js
8.254.252.211304 Not Modified 0 B URL HTTP/1.1 cdn.tsyndicate.com/sdk/v1/backup.banner.js
IP 8.254.252.211:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /sdk/v1/backup.banner.js HTTP/1.1
Host: cdn.tsyndicate.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://lcdn.tsyndicate.com/
If-Modified-Since: Wed, 02 Nov 2022 12:53:52 GMT
If-None-Match: W/"63626860-b48"
HTTP/1.1 304 Not Modified
Date: Wed, 02 Nov 2022 13:07:01 GMT
Connection: keep-alive
Last-Modified: Wed, 02 Nov 2022 12:53:52 GMT
Server: nginx
X-Robots-Tag: noindex, nofollow
Vary: Accept-Encoding
ETag: W/"63626860-b48"
Age: 834032
adultyiffyporn.gaysmills.gigixo.com/viewImage3?data=0a110808
51.79.221.186200 167 B URL HTTP/1.1 adultyiffyporn.gaysmills.gigixo.com/viewImage3?data=0a110808
IP 51.79.221.186:0
File type PNG image data, 1 x 1, 8-bit/color RGBA, non-interlaced\012- data
Hash 353b078eb77e5ee068e83b7503f3c75b
d0b2207fea4313a3ea391b94880f1d01e5ab1c89
297488a03131e435cb999248b75ed4ac78ae3bbf4c3366d8d57c821b2548dd8d
GET /viewImage3?data=0a110808 HTTP/1.1
Host: adultyiffyporn.gaysmills.gigixo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://adultyiffyporn.gaysmills.gigixo.com/?daisy=20
HTTP/1.1 200
Server: nginx
Date: Sat, 12 Nov 2022 04:39:25 GMT
Transfer-Encoding: chunked
Connection: keep-alive
www.effectivedisplayformat.com/3cb5727a16a2f566d5a822edf1d58427/invoke.js
173.233.137.52403 Forbidden 153 B URL HTTP/1.1 www.effectivedisplayformat.com/3cb5727a16a2f566d5a822edf1d58427/invoke.js
IP 173.233.137.52:0
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash 7e09e1576f6291c0085891265eb7a40d
14793915a06e324494165d445126eb727738b98b
a10c78f20e4d34574116b0ed5722cd3b1e4912b4e1daf61b1c0b8ad88ba47c18
GET /3cb5727a16a2f566d5a822edf1d58427/invoke.js HTTP/1.1
Host: www.effectivedisplayformat.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://adultyiffyporn.gaysmills.gigixo.com/
HTTP/1.1 403 Forbidden
Server: nginx/1.19.5
Date: Sat, 12 Nov 2022 04:47:33 GMT
Content-Type: text/html
Content-Length: 153
Connection: keep-alive
ocsp.digicert.com/
93.184.220.29200 OK 313 B IP 93.184.220.29:0
Hash ebac39c68e1fda5fec55d1c63c364002
602272e9211c8f06bbbb1479883944e0647c686a
55167c3cfcdbd56ef039e125f5f1a1f99615421daeee396c15b350f23041b1be
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5653
Cache-Control: max-age=136072
Content-Type: application/ocsp-response
Date: Sat, 12 Nov 2022 04:47:33 GMT
Etag: "636e7fd8-139"
Expires: Sun, 13 Nov 2022 18:35:25 GMT
Last-Modified: Fri, 11 Nov 2022 17:01:12 GMT
Server: ECS (ska/F707)
X-Cache: HIT
Content-Length: 313
go.xxxjmp.com/smartpop/0344371630277140d4e6e843762bdf964d4ae7bf351771961595fbde6c2ada11?userId=d100f7df1b38527c59f2a01ce658dbfb8b696949c12c1469164f408167d4a1ca&sourceId=477848&memberId=1SHJSFchWrACIO_22dy6S3cYaLeYBBTvk-9cLZSzWwk0POIy56-5O02T8HpXjkCexgYDtGyBDjOxG8VVIgyZEZsE6K3DJK10eLCr8_U_gUIDRUi&p1=3844273
104.18.51.106301 Moved Permanently 0 B URL HTTP/1.1 go.xxxjmp.com/smartpop/0344371630277140d4e6e843762bdf964d4ae7bf351771961595fbde6c2ada11?userId=d100f7df1b38527c59f2a01ce658dbfb8b696949c12c1469164f408167d4a1ca&sourceId=477848&memberId=1SHJSFchWrACIO_22dy6S3cYaLeYBBTvk-9cLZSzWwk0POIy56-5O02T8HpXjkCexgYDtGyBDjOxG8VVIgyZEZsE6K3DJK10eLCr8_U_gUIDRUi&p1=3844273
IP 104.18.51.106:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /smartpop/0344371630277140d4e6e843762bdf964d4ae7bf351771961595fbde6c2ada11?userId=d100f7df1b38527c59f2a01ce658dbfb8b696949c12c1469164f408167d4a1ca&sourceId=477848&memberId=1SHJSFchWrACIO_22dy6S3cYaLeYBBTvk-9cLZSzWwk0POIy56-5O02T8HpXjkCexgYDtGyBDjOxG8VVIgyZEZsE6K3DJK10eLCr8_U_gUIDRUi&p1=3844273 HTTP/1.1
Host: go.xxxjmp.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://tsyndicate.com/
Upgrade-Insecure-Requests: 1
HTTP/1.1 301 Moved Permanently
Date: Sat, 12 Nov 2022 04:47:33 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: max-age=3600
Expires: Sat, 12 Nov 2022 05:47:33 GMT
Location: https://go.xxxjmp.com/smartpop/0344371630277140d4e6e843762bdf964d4ae7bf351771961595fbde6c2ada11?userId=d100f7df1b38527c59f2a01ce658dbfb8b696949c12c1469164f408167d4a1ca&sourceId=477848&memberId=1SHJSFchWrACIO_22dy6S3cYaLeYBBTvk-9cLZSzWwk0POIy56-5O02T8HpXjkCexgYDtGyBDjOxG8VVIgyZEZsE6K3DJK10eLCr8_U_gUIDRUi&p1=3844273
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 768ca1589d000b45-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
syndication.realsrv.com/ads-iframe-display.php?idzone=3902650&type=160x600&p=https%3A//rtbbnr.com/&dt=1668228452665&sub=&tags=&cookieconsent=true&screen_resolution=1280x1024&el=%22
95.211.229.247200 OK 52 B URL HTTP/1.1 syndication.realsrv.com/ads-iframe-display.php?idzone=3902650&type=160x600&p=https%3A//rtbbnr.com/&dt=1668228452665&sub=&tags=&cookieconsent=true&screen_resolution=1280x1024&el=%22
IP 95.211.229.247:0
ASN #60781 LeaseWeb Netherlands B.V.
File type HTML document, ASCII text, with no line terminators
Hash c3743cf5e9e53705dc66056f1a34f6ec
740253d7fe753ab9b7d71e1832fd1af41c0677c1
c184a4ce5928e23f286176d3c76a8d5c12c67a8957554c92fb144b1cdd2fb17c
GET /ads-iframe-display.php?idzone=3902650&type=160x600&p=https%3A//rtbbnr.com/&dt=1668228452665&sub=&tags=&cookieconsent=true&screen_resolution=1280x1024&el=%22 HTTP/1.1
Host: syndication.realsrv.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://12007250.pix-cdn.org/
Cookie: __uvt=a%3A1%3A%7Bi%3A0%3Bs%3A31%3A%22636f2563a80674.2191300497970390%22%3B%7D; impressions=cmmsxrbonxgxaambboecmgeicmmsxaeenxgxaamaxcmxogeimacslbecnxgxaaabssxamgeislsaroornxgxaamblrmrbgeicxbmsbxcnxgxaaboebxemgeioslmrxlrnxgxaabeooxlageiccmmlmlcnxgxaamllsrcageialbsereanxgxaamllsrcageioslmrxbrnxgxaaboebxemgeicxbmsbcenxgxaabxsomclgeioslmrxlsnxgxaabeolsbcgeicxbmsbocnxgxaaboocxmogeicxbmsboenxgxaaboebxemgeiclsmarcanxgxaaallsxlcgeiclsmrrmanxgxaaallsxlcgeirbabxabbnxgxaambsrbelgeiccmmlleanxgxaameaxobogeimcrxsbcenxgxaameollsmgeimreaoboenxgxaameollsmgeimcclosscnxgxaaboxobmbgeimacslbeenxgxaamecsolcgeioslmroemnxgxaabxsomclgeioslmrxbmnxgxaabxoobsageicaxsscmbnxgxaamalsseageicaormlxonxgxaamealeoegeicaormbmcnxgxaamealeoegeimcclsxscnxgxaamsmxlcageimccloscanxgxaaboebxemgeimreaomxenxgxaamelbbsbgeimreaobscnxgxaamelbbsbgeimcclosconxgxaamxcrescgeimcclsoeonxgxaamxaacblgeimacslbeonxgxaaboocxmogeimcclsxsanxgxaamsmxlcageimcclsxlbnxgxaamssmcolgeimaecseaonxgxaamssmcolgeimaecsxeonxgxaamssmcolgeimaecseronxgxaamssmcolgeimrblelrenxgxaamssmcolgeiccmmllebnxgxaaboxobmbgeimcclsxlonxgxaamcsebsxgeimcclsoeenxgxaamcrclalgeimcclsxsbnxgxaamcrclalgeimcclossbnxgxaammemsrlgeimcclsxlcnxgxaamrscxmxgeimaecseranxgxaamrsseregeimcclosccnxgxaamrscxmxgeicaormlxcnxgxaabxlrcrxgeicaormbmbnxgxaabxlrcrxgeiclsmrbsenxgxaamaxcsxcgeialbserebnxgxaabeooxlageimcclsxconxgxaaboebxemgeimcclsxmenxgxaaboebxemgeialbserxonxgxaamammmlcgeimccloscenxgxaamabsxrmgeimcclsxxonxgxaamabbxbageimcclsxbcnxgxaammclslageicaormlxanxgxaammacmrxgeimcclsxaonxgxaambmrobegeimrblxxxbnxgxaambboecmgeimrblxelcnxgxaambboecmgeimrblxxrbnxgxaambboecmgeialbserxenxgxaabeexbbogeimacslbeanxgxaabesecoogeimxlbalcenogxaabxcososgxcceimemlxbocnxgxaabxcososgxcceimxlbmxlenogxaabxcososgxcceimclsaoxbnrgxaabxcoscogxcceimarmaaaonxgxaabxcoscogxcceimcoaxmxcncgxaabxcrramgxcceimrxmbarenxgxaabxcrramgxcceimclxlloanxgxaabxclexxgxcceimrxccosenogxaabxclexxgxcceimxlbmxlonogxaabxclexogxcceimrsreabenogxaabxmxblxgxcceimxlbmoscnogxaabxmlmalgxcceimaoobrbcnsgxaabxbelrxgxcceiceecmorsnxgxaabxbelrxgxcceimaoobrbancgxaabxbelrxgxcceimxlbmosansgxaabxbxoebgxcceimxlbmoconogxaabxbxoelgxcceialaroxrcnxgxaabxbomxrgxcceimexexabbnxgxaabxbomxrgxcceimxxrecsanxgxaabxbolsbgxcceialbbebsanxgxaabxblxaxgxcceimaoolcoenxgxaabxblxabgxcceimcoaxmxoncgxaabxlebsegxcceixaoossalnxgxaabxlebsegxcceimaslbxccnogxaabxlososgxcceimxeemlxenogxaabxlososgxcceixaoosscrnxgxaabxlososgxcceimeembesonxgxaabxlrxorgxcceimaslbxcanogxaabxlrxorgxcceimcssmlronsgxaabxlrxorgxcceimxlbmxlcnogxaabxlrxorgxcceimxlbalsbnogxaabxlrxorgxcceimsacexoonxgxaabxlrxorgxcceimcssmlrensgxaabxlrxorgxcceimcssmlrcnsgxaabxlrcrxgxcceimsleoaronxgxaabxlrbxlgxcceimemlxmcbnxgxaabxlrbxlgxcceimrsreambnogxaabxlmbobgxcceialbbbllanxgxaabxlmbobgxcceimrsmcsebnsgxaabxlbslxgxcceimsbebobbnxgxaabxlbslxgxcceiaaxcamlanxgxaabxlbrsmgxcceimxlbmoobnogxaabxlbmsagxcceimxlbmosenogxaaboeoaexgxcceimxcbrxscnxgxaaboeoaeogxcceialrexeooncgxaaboeoaeogxcceimxcbrxlonxgxaaboeoaeogxcceimeembescnxgxaaboeoaeogxcceimaoobbebnxgxaaboesrrrgxcceialbbebsbnxgxaaboesrrrgxcceiaaxcamlcnxgxaaboesrlmgxcceimeembecenxgxaaboesrlmgxcceimacberlonxgxaaboecsmrgxcceimxlbalscncgxaaboeclcrgxcceimxlbmxbbnsgxaaboeclcrgxcceimrxccoscnxgxaaboeroblgxcceimocolrocnxgxaaboersxrgxcceicmarxbbonsgxaaboeaxxagxcceimxcbrxcbnxgxaaboeaxxagxcceicloaxxabnxgxaaboeaxxagxcceimrsreamanxgxaaboemxosgxcceialxosmbanxgxaaboebxeagxcceimxcbrxronogxaaboebxemgxcceicloaxxacnxgxaaboebxebgxcceicloaxxaanogxaaboxexxcgxcceicloaxxmenxgxaaboxexxcgxcceicbbmelocnxgxaaboxeborgxcceimasbmxsensgxaaboxeboagxcceimrxccosanogxaaboxelobgxcceialbserecnxgxaaboxobmbgeimxeoxsacnxgxaaboxobmbgxcceimrmaobxanogxaaboxcbexgxcceirrmlllronxgxaaboxcbexgxcceialbbebrenxgxaaboxcbeogxcceialbbbllcnxgxaaboxraxxgxcceimxeoxsbenogxaaboxlbemgxcceimocbmmmcnxgxaabooeecrgxcceimrcscrsonxgxaabooeelegxcceimxcbrxlcnxgxaabooeelegxcceiraclralcnxgxaabooeelegxcceimraeelaanxgxaabooobacgxcceimeelaclcnagxaaboosrmrgxcceimxcbrxrbnxgxaaboocxmogxcceialbbblbcnxgxaabooreaxgxcceimessmeobnxgxaabooaxxagxcceimraeelabnxgxaabooaxxagxcceimarmaamonxgxaabooaxxagxcceimaoolslanxgxaaboobcssgxcceimeelaclonsgxaaboobcscgaeimcrxeobenxgxaaboobcrxgxcce
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 12 Nov 2022 04:47:33 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-cache, must-revalidate
Pragma: no-cache
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Set-Cookie: __uvt=a%3A1%3A%7Bi%3A0%3Bs%3A31%3A%22636f2563a80674.2191300497970390%22%3B%7D; expires=Mon, 11 Nov 2024 04:47:33 GMT; path=; domain=.realsrv.com; Secure; SameSite=none
X-Robots-Tag: noindex, follow
Content-Encoding: gzip
adultyiffyporn.gaysmills.gigixo.com/viewImage3?data=0c1010145e4b4b0d4a17011c114a070b094b17011c1149100c110906174b00564b565456545257535d4b575c49565c541c5551534a0e1403
51.79.221.186200 13 kB URL HTTP/1.1 adultyiffyporn.gaysmills.gigixo.com/viewImage3?data=0c1010145e4b4b0d4a17011c114a070b094b17011c1149100c110906174b00564b565456545257535d4b575c49565c541c5551534a0e1403
IP 51.79.221.186:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 280x157, components 3\012- data
Hash 654a33c1c416482715cb5f80eba2e847
c76e9bb0ba31d38eeb73a3872c1b76b9a9998d11
75a0f35ea453e477853b7a4ede0e65b81748435a6cdea2d7b348b91ea2cf9ae1
GET /viewImage3?data=0c1010145e4b4b0d4a17011c114a070b094b17011c1149100c110906174b00564b565456545257535d4b575c49565c541c5551534a0e1403 HTTP/1.1
Host: adultyiffyporn.gaysmills.gigixo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://adultyiffyporn.gaysmills.gigixo.com/?daisy=20
HTTP/1.1 200
Server: nginx
Date: Sat, 12 Nov 2022 04:39:26 GMT
Content-Length: 13282
Connection: keep-alive
Cache-Control: max-age=31418383
X-CORE: core4
X-LB: core4
static-assets.highwebmedia.com/CACHE/css/output.2c047fb506fb.css
104.16.93.42200 OK 35 kB URL HTTP/2 static-assets.highwebmedia.com/CACHE/css/output.2c047fb506fb.css
IP 104.16.93.42:0
File type Unicode text, UTF-8 text, with very long lines (65532), with no line terminators
Hash 35c08aa1daa5b8c880ffb6c623696731
370f8249e6d8dd8696c6ecfa6d3b96e323be7775
c4208685284d48ca662bc94bc5157bdd053cc476ca776936db362fa13ad3157b
GET /CACHE/css/output.2c047fb506fb.css HTTP/1.1
Host: static-assets.highwebmedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://chaturbate.com/
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 12 Nov 2022 04:47:32 GMT
content-type: text/css
cache-control: public, max-age=2592000
cf-bgj: minify
cf-polished: origSize=211900
etag: W/"ff9f91d57afaa73a269015f74465122c"
last-modified: Wed, 09 Nov 2022 01:49:01 GMT
x-amz-id-2: ACAiorFRKtezkjV+LGw1krbAy4g0iv1Il29japIbzuVGQxsNzF0LTOWAJTM0NqOSZR4cgHs+aqU=
x-amz-meta-s3cmd-attrs: md5:ff9f91d57afaa73a269015f74465122c
x-amz-request-id: K09HP3XAPXMZ57J4
cf-cache-status: HIT
age: 269778
expires: Mon, 12 Dec 2022 04:47:32 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=NRsh5V%2BzAat2aNhvCgBc389KNpa3ewshS57RUP4ga7TizUJ4NM%2Fv6DwWnGMqi0FWnq9MN%2Fc54pJTIIJZbRciXlijOW0u1dhY7ZHX1KkjuoAwNHXSU1SGmRpohLVKvYhjICRKbobdgrUzemM%2FYKB6yQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
set-cookie: _cfuvid=FJmpevN5Pgw.IwwuCIs1r11vFUjh4XyMQ6fMBaTW9dk-1668228452956-0-604800000; path=/; domain=.highwebmedia.com; HttpOnly; Secure; SameSite=None
server: cloudflare
cf-ray: 768ca156e9dd0b31-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
static-assets.highwebmedia.com/CACHE/js/output.21e4d7885076.js
104.16.93.42200 OK 41 kB URL HTTP/2 static-assets.highwebmedia.com/CACHE/js/output.21e4d7885076.js
IP 104.16.93.42:0
File type HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (32769)
Hash c88aeb7b525c7f8eacbddcbb2246fb7c
57ff3174cb6c5b6c08c25b8b50a7d7e8d5578eed
e4a6db935d36aed97e3698a184592d8ab7929c3098aafb36f165f288247ef2d4
GET /CACHE/js/output.21e4d7885076.js HTTP/1.1
Host: static-assets.highwebmedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://chaturbate.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 12 Nov 2022 04:47:32 GMT
content-type: application/javascript
cache-control: public, max-age=2592000
cf-bgj: minify
cf-polished: origSize=114830
etag: W/"b4ad9510a310ef8a83f71a5f317f091d"
last-modified: Wed, 02 Nov 2022 16:55:42 GMT
x-amz-id-2: PsN3iv65Njn7hNZwOdYd1oAvY+pAIQWUXN9tndhJWmeM1MvoPlyG8vIpgAHr+IS5kjdZ1+l3zUY=
x-amz-meta-s3cmd-attrs: md5:b4ad9510a310ef8a83f71a5f317f091d
x-amz-request-id: QXPZJGZRTB4AE79K
cf-cache-status: HIT
age: 820160
expires: Mon, 12 Dec 2022 04:47:32 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=9Ca7fvYBR9JnlYBzKeGml%2BpS8xGfdi%2FLFt8HISkjem%2BGmb6%2BmXFhzh4KcDf%2B7CQcAxSpVlxaVc0n7dfiAKK7WXzBfIE%2Brn%2FeGUbJiSsS9bXA83VROTBFlS1ykz%2FChZA3NyNYe4F%2BElSrQ6PFus%2FI2g%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
set-cookie: _cfuvid=_OGTTe9TcHgdzZE43AQ2iooCNaBeSRIuWPcjXxH3l4w-1668228452978-0-604800000; path=/; domain=.highwebmedia.com; HttpOnly; Secure; SameSite=None
server: cloudflare
cf-ray: 768ca1570a100b31-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
adsmediabox.com/jrt-yuvu.php?cid=2|160319|449252|no|114003|4330678|5675445|1|0|46|50304|,,,,,|4|0|0|21,4,25|0|0|en|1|1532635802|0
185.107.68.57200 OK 1.3 kB URL HTTP/1.1 adsmediabox.com/jrt-yuvu.php?cid=2|160319|449252|no|114003|4330678|5675445|1|0|46|50304|,,,,,|4|0|0|21,4,25|0|0|en|1|1532635802|0
IP 185.107.68.57:0
ASN #43350 NForce Entertainment B.V.
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (388)
Hash aec43b295f21b8f57899835d8e64b42d
5c0f2597bae5e7357b038b3935214eeb5f8f4aea
88ff081d75f29e25db41d87c514097a27ded756d6002bc2f6081f0fe7d31c701
GET /jrt-yuvu.php?cid=2|160319|449252|no|114003|4330678|5675445|1|0|46|50304|,,,,,|4|0|0|21,4,25|0|0|en|1|1532635802|0 HTTP/1.1
Host: adsmediabox.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://go.eabids.com/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.16.1
Date: Sat, 12 Nov 2022 04:47:33 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Content-Encoding: gzip
static-assets.highwebmedia.com/CACHE/js/output.90a7a6687776.js
104.16.93.42200 OK 42 kB URL HTTP/2 static-assets.highwebmedia.com/CACHE/js/output.90a7a6687776.js
IP 104.16.93.42:0
File type Unicode text, UTF-8 text, with very long lines (65529), with no line terminators
Hash e9916019afe64d5a8036bf839477424d
bdf9da2f35d87e5a3952026be521cc97d3c91898
eeccad6677625ae82934befd3132784e0f36a00eb6730c62073f37448fe9ea59
GET /CACHE/js/output.90a7a6687776.js HTTP/1.1
Host: static-assets.highwebmedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://chaturbate.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sat, 12 Nov 2022 04:47:32 GMT
content-type: application/javascript
cache-control: public, max-age=2592000
cf-bgj: minify
etag: W/"eba6018c1d2ab593c234e5750506e38a"
last-modified: Mon, 17 Oct 2022 21:37:31 GMT
x-amz-id-2: MuRi9INFlyZ8s0MfpOqtyosRRye3EDr/cdpWTRrQUKKo6PNFSGfohJwm10zs48bLswjVhUc8b0Z/eZ9oVm3U4Q==
x-amz-meta-s3cmd-attrs: md5:eba6018c1d2ab593c234e5750506e38a
x-amz-request-id: VR1ABN9AAN3FB4KK
cf-cache-status: HIT
age: 2185654
expires: Mon, 12 Dec 2022 04:47:32 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=XhRviq%2BMZh1GxfwDsZThrzgXFD2%2FOyNibl5Ie%2FtDWQo0OHnHNSj%2BnjNwM1eIErrvw%2FiBfVaSi7%2FfGReLU5x8QiIItbrvG5aDU2Yx5bAzrOEsulWiHNbPmtc0EG4h8u8OYgKUwQEhIYFQLiaGUBW%2FNw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
set-cookie: _cfuvid=fTGdEgIntSsr9ZHIYG..94OrIhymX46gdaLvK_JrkQQ-1668228452967-0-604800000; path=/; domain=.highwebmedia.com; HttpOnly; Secure; SameSite=None
server: cloudflare
cf-ray: 768ca156fa060b31-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
static-assets.highwebmedia.com/CACHE/js/output.caee332d326d.js
104.16.93.42200 OK 1.3 kB URL HTTP/2 static-assets.highwebmedia.com/CACHE/js/output.caee332d326d.js
IP 104.16.93.42:0
File type ASCII text, with very long lines (1105)
Hash 5d47ce12d0b3e434fc200f96bbd3b5af
d125b339aebbc8c13bce39650abbeb67305125c4
ba0e135110acbe69731c3a67ff380717c09a1ce80b42d3ca2b3682c874f2b5e4
GET /CACHE/js/output.caee332d326d.js HTTP/1.1
Host: static-assets.highwebmedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://chaturbate.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 12 Nov 2022 04:47:32 GMT
content-type: application/javascript
cache-control: public, max-age=2592000
cf-bgj: minify
etag: W/"b61e15511bf0db70d0d422e98c465403"
last-modified: Thu, 24 Jun 2021 21:24:08 GMT
x-amz-id-2: gAJe87IyJM0OkbaBgua73HTcoEANURYYk4wpsNNClr414DBIRL/v+K+9hxRFHrgcwnw38qlmXmM=
x-amz-meta-s3cmd-attrs: md5:b61e15511bf0db70d0d422e98c465403
x-amz-request-id: 2D5TZ021KE4200HB
cf-cache-status: HIT
age: 2186410
expires: Mon, 12 Dec 2022 04:47:32 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=nPI8kiE7aOoYLcS7bTa9LT43syWjJivvqpgDcUwMkY%2F%2Fz%2FI%2FsO0HgPTfBCrIpmTqNK69Pe%2BmwbfTxOLzkph3elLUDOxN7ilehHpdRvb%2BTOu1XZZ4WrJSeIX00KAPFlK2i4B6tKOB6OtnRu2RLxDAGA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
set-cookie: _cfuvid=D6LR8OvyNh31WlxSTVmLYa2EBaKRNg_q2thLpPz4Hpc-1668228452979-0-604800000; path=/; domain=.highwebmedia.com; HttpOnly; Secure; SameSite=None
server: cloudflare
cf-ray: 768ca1570a0f0b31-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
cdn.tsyndicate.com/sdk/v1/bi.js
8.254.252.211304 Not Modified 0 B URL HTTP/1.1 cdn.tsyndicate.com/sdk/v1/bi.js
IP 8.254.252.211:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /sdk/v1/bi.js HTTP/1.1
Host: cdn.tsyndicate.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://adultyiffyporn.gaysmills.gigixo.com/
If-Modified-Since: Wed, 02 Nov 2022 12:54:39 GMT
If-None-Match: W/"6362688f-1e83"
HTTP/1.1 304 Not Modified
Date: Wed, 02 Nov 2022 13:06:57 GMT
Connection: keep-alive
Last-Modified: Wed, 02 Nov 2022 12:54:39 GMT
Server: nginx
X-Robots-Tag: noindex, nofollow
Vary: Accept-Encoding
ETag: W/"6362688f-1e83"
Age: 834036
static-assets.highwebmedia.com/CACHE/js/output.9b823bb2f723.js
104.16.93.42200 OK 4.9 kB URL HTTP/2 static-assets.highwebmedia.com/CACHE/js/output.9b823bb2f723.js
IP 104.16.93.42:0
File type ASCII text, with very long lines (7845)
Hash 648965227c7ed12729509ac170b2bf82
2995427c95d881dc5e5f2367ce5207a677dc47c7
ba8b08c06504c5c0cc99be09b0ef8f548deb22557e280a24ad3942c3d78633e1
GET /CACHE/js/output.9b823bb2f723.js HTTP/1.1
Host: static-assets.highwebmedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://chaturbate.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 12 Nov 2022 04:47:32 GMT
content-type: application/javascript
cache-control: public, max-age=2592000
cf-bgj: minify
etag: W/"1360376b8f5657814f662391b765d655"
last-modified: Tue, 24 May 2022 17:14:17 GMT
x-amz-id-2: KTWJY/HCZAzfCN7zvoTtoCRDkjCDtsx43npe+RSp0Ebo2HF6WHgess4Ct9QL7Zi8XExzaRuhmCw=
x-amz-meta-s3cmd-attrs: md5:1360376b8f5657814f662391b765d655
x-amz-request-id: M1HHWCFNA8C6CV81
cf-cache-status: HIT
age: 710025
expires: Mon, 12 Dec 2022 04:47:32 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=gk00Cf86LVjqAVE%2FRNp%2BQFEVD2p0p64uaOvDtPDV80v066fxaYG1AZCg6pBJR%2FEeZkJFAKn%2BzLtw1zleO%2F%2Bfmg%2FSCs3HGDp%2Bnss7ZMqpBcVj1FqPGmfWk2NP8IRMHSM9Ry6YE3KFXfyne2Gxa%2BTtLw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
set-cookie: _cfuvid=bsGhtiAG8ZlMCbEjahSyea3jTy.OCVXgrYyYWrbmis4-1668228452990-0-604800000; path=/; domain=.highwebmedia.com; HttpOnly; Secure; SameSite=None
server: cloudflare
cf-ray: 768ca1572a110b31-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
lcdn.tsyndicate.com/sdk/v1/b.b.js
8.247.219.121304 Not Modified 0 B URL HTTP/1.1 lcdn.tsyndicate.com/sdk/v1/b.b.js
IP 8.247.219.121:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /sdk/v1/b.b.js HTTP/1.1
Host: lcdn.tsyndicate.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://tsyndicate.com/
If-Modified-Since: Tue, 22 Feb 2022 13:07:15 GMT
If-None-Match: W/"6214e003-1eb1"
HTTP/1.1 304 Not Modified
Date: Tue, 08 Mar 2022 10:11:03 GMT
Connection: keep-alive
Last-Modified: Tue, 22 Feb 2022 13:07:15 GMT
Server: nginx
X-Robots-Tag: noindex, nofollow
Vary: Accept-Encoding
ETag: W/"6214e003-1eb1"
Age: 21494190
static.eabids.com/data/bannerpools/94553/23667.gif
217.22.19.195200 OK 0 B URL HTTP/1.1 static.eabids.com/data/bannerpools/94553/23667.gif
IP 217.22.19.195:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /data/bannerpools/94553/23667.gif HTTP/1.1
Host: static.eabids.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://go.eabids.com/
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 12 Nov 2022 04:47:33 GMT
Content-Type: image/gif
Content-Length: 112131
Last-Modified: Thu, 28 Apr 2022 14:45:46 GMT
Connection: keep-alive
ETag: "626aa89a-1b603"
Expires: Thu, 31 Dec 2037 23:55:55 GMT
Cache-Control: max-age=315360000
X-Backend-Server: nl2-static-223
Accept-Ranges: bytes
pxl.tsyndicate.com/api/v1/backup.gif?t=banner&tct=adult
136.243.134.97200 OK 35 B URL HTTP/1.1 pxl.tsyndicate.com/api/v1/backup.gif?t=banner&tct=adult
IP 136.243.134.97:0
ASN #24940 Hetzner Online GmbH
File type GIF image data, version 89a, 1 x 1\012- data
Hash c2196de8ba412c60c22ab491af7b1409
5fbd472222feb8a22cf5b8aa5dc5b8e13af88e2b
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992
GET /api/v1/backup.gif?t=banner&tct=adult HTTP/1.1
Host: pxl.tsyndicate.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://lcdn.tsyndicate.com/
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 12 Nov 2022 04:47:33 GMT
Content-Type: text/plain; charset=utf-8
Content-Length: 35
Connection: keep-alive
X-Robots-Tag: noindex, nofollow
ads.eabids.com/banner.go?spaceid=3909011
217.22.19.194200 OK 1.6 kB URL HTTP/2 ads.eabids.com/banner.go?spaceid=3909011
IP 217.22.19.194:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (1626), with no line terminators
Hash aa20ebeb9b0f81179324da2e78d72b31
c415c1c533b91ad72831fc97557f88e77e7c006e
a526d7e610062e91fc3bd5c3cbb1351a7b6394e3f2fbe52a765b823c9a79c5e8
GET /banner.go?spaceid=3909011 HTTP/1.1
Host: ads.eabids.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://adsmediabox.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 12 Nov 2022 04:47:33 GMT
content-type: text/html; charset=utf-8
content-length: 1626
expires: Mon, 03 Jul 2001 06:00:00 GMT
last-modified: Sat, 12 11 2022 04:47:31 GMT
cache-control: no-store, no-cache, must-revalidate, max-age=0,post-check=0, pre-check=0
pragma: no-cache
x-backend-server: nl2-web-201
X-Firefox-Spdy: h2
adultyiffyporn.gaysmills.gigixo.com/s3/gam_oct20/0083.gif
51.79.221.186200 OK 358 kB URL HTTP/1.1 adultyiffyporn.gaysmills.gigixo.com/s3/gam_oct20/0083.gif
IP 51.79.221.186:0
File type GIF image data, version 89a, 300 x 250\012- data
Size 358 kB (358373 bytes)
Hash 53eb171d152f57109af32a012752acae
a7f175ab29f004ab51f848c128eb9cc9b2d5a12a
89a47f79f6d59893e810303e1eeebdbd09652a8c7419d7940f255215cc42bbf4
GET /s3/gam_oct20/0083.gif HTTP/1.1
Host: adultyiffyporn.gaysmills.gigixo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://adultyiffyporn.gaysmills.gigixo.com/?daisy=20
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 12 Nov 2022 04:39:25 GMT
Content-Type: image/gif
Content-Length: 358373
Connection: keep-alive
Last-Modified: Fri, 09 Oct 2020 20:18:27 GMT
ETag: "5f80c593-577e5"
X-Cluster: web-cdn2
X-Cache: HIT
CF-Cache-Status: MISS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=I%2B7%2B8TEzstfXhao5Ve4rorqjxoboDyuCj41TA7XAy7Q%2BRsDcFu%2BiAq8IbpRjpyCxMykzjl%2Bl%2BePahXnDu3kWaLn1ZXZFKuLla%2FvVsT9JPdiKSh4kiWbwwr2YcEu2s0E%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
CF-RAY: 768b32a0afe84c41-SIN
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Cache-Status: HIT
Cache-Control: max-age=14400, max-age=31536000
Accept-Ranges: bytes
adultyiffyporn.gaysmills.gigixo.com/s3/ad_tube/p1122.jpg
51.79.221.186200 OK 62 kB URL HTTP/1.1 adultyiffyporn.gaysmills.gigixo.com/s3/ad_tube/p1122.jpg
IP 51.79.221.186:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 320x386, components 3\012- data
Hash 96b249f8be68dca97f739a4e5b48f7c2
f6faf21b9c9c7b3f028c0cae3a380faf1c0e086e
b7eee5aedbbbbbc64dc6687c05a926c2997a5f90ae589934d495f0ed8583af7e
GET /s3/ad_tube/p1122.jpg HTTP/1.1
Host: adultyiffyporn.gaysmills.gigixo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://adultyiffyporn.gaysmills.gigixo.com/?daisy=20
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 12 Nov 2022 04:39:26 GMT
Content-Type: image/jpeg
Content-Length: 62209
Connection: keep-alive
Last-Modified: Sun, 10 Jan 2021 15:28:23 GMT
ETag: "5ffb1d17-f301"
X-Cluster: web-cdn2
X-Cache: HIT
CF-Cache-Status: MISS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=8kKqDloy5GXi9MbDAoUxgZ8clq28CnnpVQQ%2BNYK1LpVLtCXLuZTE02t6WXiWuMwoNy7%2Bn7d5njOXmBsCr64AVGNuQxtgzWiahOPCSH8yAo6Pg0pRAAg6wTDj%2BJ0ulYA%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
CF-RAY: 768ca155eea691c9-SIN
alt-svc: h2=":443"; ma=60
X-Cache-Status: MISS
Cache-Control: max-age=14400, max-age=31536000
Accept-Ranges: bytes
adultyiffyporn.gaysmills.gigixo.com/viewImage3?data=0c101014175e4b4b100c1109064914504a1c0c07000a4a070b094b054b201d521e1222490d30300c54150c54542a1621022e134b5454544b5053564b5255534b5156503b555454544a0e1403
51.79.221.186200 167 B URL HTTP/1.1 adultyiffyporn.gaysmills.gigixo.com/viewImage3?data=0c101014175e4b4b100c1109064914504a1c0c07000a4a070b094b054b201d521e1222490d30300c54150c54542a1621022e134b5454544b5053564b5255534b5156503b555454544a0e1403
IP 51.79.221.186:0
File type PNG image data, 1 x 1, 8-bit/color RGBA, non-interlaced\012- data
Hash 353b078eb77e5ee068e83b7503f3c75b
d0b2207fea4313a3ea391b94880f1d01e5ab1c89
297488a03131e435cb999248b75ed4ac78ae3bbf4c3366d8d57c821b2548dd8d
GET /viewImage3?data=0c101014175e4b4b100c1109064914504a1c0c07000a4a070b094b054b201d521e1222490d30300c54150c54542a1621022e134b5454544b5053564b5255534b5156503b555454544a0e1403 HTTP/1.1
Host: adultyiffyporn.gaysmills.gigixo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://adultyiffyporn.gaysmills.gigixo.com/?daisy=20
HTTP/1.1 200
Server: nginx
Date: Sat, 12 Nov 2022 04:39:26 GMT
Transfer-Encoding: chunked
Connection: keep-alive
ads.eabids.com/adspace/3909011.js
217.22.19.194200 OK 207 B URL HTTP/2 ads.eabids.com/adspace/3909011.js
IP 217.22.19.194:0
File type ASCII text, with no line terminators
Hash 5b17ee22a70cf6add432c95a55c7e4e9
bf22476cb97fd0e479dbb125ba417187da09b5f0
1ef51e40bd976233b565cbc14966d39e801fe728bf5099afce1df9f3de4a3c2e
GET /adspace/3909011.js HTTP/1.1
Host: ads.eabids.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://adsmediabox.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 12 Nov 2022 04:47:33 GMT
content-type: application/javascript; charset=utf-8
content-length: 207
content-encoding: gzip
expires: Mon, 03 Jul 2001 06:00:00 GMT
last-modified: Sat, 12 11 2022 04:47:33 GMT
cache-control: no-store, no-cache, must-revalidate, max-age=0,post-check=0, pre-check=0
pragma: no-cache
x-backend-server: nl2-web-201
X-Firefox-Spdy: h2
ads.eabids.com/adspace/3909011.js
217.22.19.194200 OK 207 B URL HTTP/2 ads.eabids.com/adspace/3909011.js
IP 217.22.19.194:0
File type ASCII text, with no line terminators
Hash 5b17ee22a70cf6add432c95a55c7e4e9
bf22476cb97fd0e479dbb125ba417187da09b5f0
1ef51e40bd976233b565cbc14966d39e801fe728bf5099afce1df9f3de4a3c2e
GET /adspace/3909011.js HTTP/1.1
Host: ads.eabids.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://adsmediabox.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 12 Nov 2022 04:47:33 GMT
content-type: application/javascript; charset=utf-8
content-length: 207
content-encoding: gzip
expires: Mon, 03 Jul 2001 06:00:00 GMT
last-modified: Sat, 12 11 2022 04:47:33 GMT
cache-control: no-store, no-cache, must-revalidate, max-age=0,post-check=0, pre-check=0
pragma: no-cache
x-backend-server: nl2-web-201
X-Firefox-Spdy: h2
static-assets.highwebmedia.com/CACHE/js/output.e1067846ea15.js
104.16.93.42200 OK 30 kB URL HTTP/2 static-assets.highwebmedia.com/CACHE/js/output.e1067846ea15.js
IP 104.16.93.42:0
File type ASCII text, with very long lines (1534)
Hash e1caecc7c6f9167f795409dba432066d
f465fed7e840069b5a6e9998e22b42b98ac1d3ca
5cc6ddcc0b5fc54f0939143e409f31aa2e104403bc89d6bb76a6c2ee1c75f3f8
GET /CACHE/js/output.e1067846ea15.js HTTP/1.1
Host: static-assets.highwebmedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://chaturbate.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sat, 12 Nov 2022 04:47:32 GMT
content-type: application/javascript
cache-control: public, max-age=2592000
cf-bgj: minify
cf-polished: origSize=108152
etag: W/"97a23c5e27826ee4bed1dbcfe0601da8"
last-modified: Thu, 24 Jun 2021 21:24:09 GMT
x-amz-id-2: gJdq637yDaGW5b/k/xLZcaVgKR2zPrz11wa1iwf3/kEEAF2JWIngCVC4T9LIrDSnBaklrTBcytM=
x-amz-meta-s3cmd-attrs: md5:97a23c5e27826ee4bed1dbcfe0601da8
x-amz-request-id: C8A0N4S7KE12CYZQ
cf-cache-status: HIT
age: 2186404
expires: Mon, 12 Dec 2022 04:47:32 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=0Vv6FluotA%2FoYwCZhJKMTpNX7oVnS3FUleEcMttoB1zxKfVOysy0jniOYAsqIqoEhTYIV0nreiMNaDBDgkv1W%2BPXvm1l8JQGerYGc6%2BDjmg2q58eA%2B4p8fqOsdpF7Z%2BUP9k0K5LuhQc1iKAAGkCehg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
set-cookie: _cfuvid=cMS2tFZnLwKj333ypfghBle_jJVCpc2SAl51Onj8Ums-1668228452964-0-604800000; path=/; domain=.highwebmedia.com; HttpOnly; Secure; SameSite=None
server: cloudflare
cf-ray: 768ca156fa040b31-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
static-assets.highwebmedia.com/CACHE/js/output.97a5db11ca63.js
104.16.93.42200 OK 237 kB URL HTTP/2 static-assets.highwebmedia.com/CACHE/js/output.97a5db11ca63.js
IP 104.16.93.42:0
File type Unicode text, UTF-8 text, with very long lines (65528), with no line terminators
Size 237 kB (237206 bytes)
Hash 6631989053b80158c116e78799d48a42
74d0daf3b4648b38818e451e61815df36b279cd5
af7eb22bc92d21b32068dcb7396d81642e2b4d4834d149157d7425efcfe7c33b
GET /CACHE/js/output.97a5db11ca63.js HTTP/1.1
Host: static-assets.highwebmedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://chaturbate.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sat, 12 Nov 2022 04:47:32 GMT
content-type: application/javascript
cache-control: public, max-age=2592000
cf-bgj: minify
cf-polished: origSize=827275
etag: W/"692ec922d2a39b4037073f70286968b3"
last-modified: Fri, 13 May 2022 09:09:46 GMT
x-amz-id-2: VZ8ol5gj9DR4cR1Ys+gd3EdgeEH8vduV/GWCX0hMYtqbtTyLc8wtgelbUHUwXR/km7ekid2PJdA=
x-amz-meta-s3cmd-attrs: md5:692ec922d2a39b4037073f70286968b3
x-amz-request-id: WKBNH94P832M1DR9
cf-cache-status: HIT
age: 242931
expires: Mon, 12 Dec 2022 04:47:32 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=mLlpqJxrHQSHy4VXpqPwvhLDOJUDmtZZTR7FuuFyyU8gSSUj8bZ%2F5GFgpYq9BmSWsNCPdjfVfu3KyQdJRzuwikLIswIj1wdgjYmlMij7zDAtuQ2M32ybbeCVEz3g9pFzXZBhq58LriIwDf8QAxp76A%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
set-cookie: _cfuvid=cMS2tFZnLwKj333ypfghBle_jJVCpc2SAl51Onj8Ums-1668228452964-0-604800000; path=/; domain=.highwebmedia.com; HttpOnly; Secure; SameSite=None
server: cloudflare
cf-ray: 768ca156fa050b31-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
adultyiffyporn.gaysmills.gigixo.com/viewImage3?data=0c101014175e4b4b100c11090649145c4a1c0c07000a4a070b094b054b2250543c013e33120d05551c013106122c3420002b254b5454544b5053564b5d5d524b51505c3b555454544a0e1403
51.79.221.186200 167 B URL HTTP/1.1 adultyiffyporn.gaysmills.gigixo.com/viewImage3?data=0c101014175e4b4b100c11090649145c4a1c0c07000a4a070b094b054b2250543c013e33120d05551c013106122c3420002b254b5454544b5053564b5d5d524b51505c3b555454544a0e1403
IP 51.79.221.186:0
File type PNG image data, 1 x 1, 8-bit/color RGBA, non-interlaced\012- data
Hash 353b078eb77e5ee068e83b7503f3c75b
d0b2207fea4313a3ea391b94880f1d01e5ab1c89
297488a03131e435cb999248b75ed4ac78ae3bbf4c3366d8d57c821b2548dd8d
GET /viewImage3?data=0c101014175e4b4b100c11090649145c4a1c0c07000a4a070b094b054b2250543c013e33120d05551c013106122c3420002b254b5454544b5053564b5d5d524b51505c3b555454544a0e1403 HTTP/1.1
Host: adultyiffyporn.gaysmills.gigixo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://adultyiffyporn.gaysmills.gigixo.com/?daisy=20
HTTP/1.1 200
Server: nginx
Date: Sat, 12 Nov 2022 04:39:26 GMT
Transfer-Encoding: chunked
Connection: keep-alive
creative.xlivrdr.com/LPOmega?campaignId=0344371630277140d4e6e843762bdf964d4ae7bf351771961595fbde6c2ada11&campaignType=smartpop&creativeId=193e01b6441b8809a16431953d3bb8a77d1bf56f2035eab90cc033ab48b5e3fa&iterationId=249744&masterSmartpopId=1914&memberId=Zm1Kr_9tm2kwfUuvrZze3VEEezTZMO5hrxEx2IZQ4m0uAQ61HIf8fzMrNK66SZgHdTTcSmZD7M0Fbp5NfkHJguhM2aMoUO9235NEiR4_gUIDRUi&p1=3844273&ruleId=17&smartpopId=1793&sourceId=477848&tag=-girls%2Findian&userId=d100f7df1b38527c59f2a01ce658dbfb8b696949c12c1469164f408167d4a1ca&variationId=29441
104.18.59.150200 OK 2.0 kB URL HTTP/2 creative.xlivrdr.com/LPOmega?campaignId=0344371630277140d4e6e843762bdf964d4ae7bf351771961595fbde6c2ada11&campaignType=smartpop&creativeId=193e01b6441b8809a16431953d3bb8a77d1bf56f2035eab90cc033ab48b5e3fa&iterationId=249744&masterSmartpopId=1914&memberId=Zm1Kr_9tm2kwfUuvrZze3VEEezTZMO5hrxEx2IZQ4m0uAQ61HIf8fzMrNK66SZgHdTTcSmZD7M0Fbp5NfkHJguhM2aMoUO9235NEiR4_gUIDRUi&p1=3844273&ruleId=17&smartpopId=1793&sourceId=477848&tag=-girls%2Findian&userId=d100f7df1b38527c59f2a01ce658dbfb8b696949c12c1469164f408167d4a1ca&variationId=29441
IP 104.18.59.150:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash a440334c7adeeec2419c59eb579c2973
a96845a966dbbebdb99c1de42b664e27b3ca79e5
6f3cdb513a60416a4de1a1a408cb973f6b41b286165571e8de4b7fa81263f662
GET /LPOmega?campaignId=0344371630277140d4e6e843762bdf964d4ae7bf351771961595fbde6c2ada11&campaignType=smartpop&creativeId=193e01b6441b8809a16431953d3bb8a77d1bf56f2035eab90cc033ab48b5e3fa&iterationId=249744&masterSmartpopId=1914&memberId=Zm1Kr_9tm2kwfUuvrZze3VEEezTZMO5hrxEx2IZQ4m0uAQ61HIf8fzMrNK66SZgHdTTcSmZD7M0Fbp5NfkHJguhM2aMoUO9235NEiR4_gUIDRUi&p1=3844273&ruleId=17&smartpopId=1793&sourceId=477848&tag=-girls%2Findian&userId=d100f7df1b38527c59f2a01ce658dbfb8b696949c12c1469164f408167d4a1ca&variationId=29441 HTTP/1.1
Host: creative.xlivrdr.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://tsyndicate.com/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 12 Nov 2022 04:47:32 GMT
content-type: text/html
last-modified: Fri, 11 Nov 2022 08:45:07 GMT
expires: Sat, 12 Nov 2022 04:47:30 GMT
cache-control: max-age=10
strict-transport-security: max-age=15768000
pragma: public
report-to: { "endpoints":[{ "url": "https://go.stripchat.com/report" }], "group": "default", "max_age": 1048576 }
cf-cache-status: HIT
age: 5
vary: Accept-Encoding
server: cloudflare
cf-ray: 768ca1563c7a0b59-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ads.eabids.com/banner.go?spaceid=3909011
217.22.19.194200 OK 1.7 kB URL HTTP/2 ads.eabids.com/banner.go?spaceid=3909011
IP 217.22.19.194:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (1659), with no line terminators
Hash 60fa4e047ed2d9c82a13f25392c2a93e
dfe293b545771dd2a39e5e3bd4bcf48cc72144bf
a7b80a72e2381b612faedda204008eb46f5694d32d32640ecb0371481571da01
GET /banner.go?spaceid=3909011 HTTP/1.1
Host: ads.eabids.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://adsmediabox.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 12 Nov 2022 04:47:33 GMT
content-type: text/html; charset=utf-8
content-length: 1659
expires: Mon, 03 Jul 2001 06:00:00 GMT
last-modified: Sat, 12 11 2022 04:47:33 GMT
cache-control: no-store, no-cache, must-revalidate, max-age=0,post-check=0, pre-check=0
pragma: no-cache
x-backend-server: nl2-web-201
X-Firefox-Spdy: h2
ads.eabids.com/banner.go?spaceid=3909011
217.22.19.194200 OK 1.7 kB URL HTTP/2 ads.eabids.com/banner.go?spaceid=3909011
IP 217.22.19.194:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (1659), with no line terminators
Hash 8ff2d81579fe839615b42df84401a4c0
1591cd3bbe4b52e51833ce0c282f9b4429decc62
ee1e6bd747426cd718fd01eb3d1efbb72969196befd6fff8b5e92fd5da747523
GET /banner.go?spaceid=3909011 HTTP/1.1
Host: ads.eabids.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://adsmediabox.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 12 Nov 2022 04:47:33 GMT
content-type: text/html; charset=utf-8
content-length: 1659
expires: Mon, 03 Jul 2001 06:00:00 GMT
last-modified: Sat, 12 11 2022 04:47:33 GMT
cache-control: no-store, no-cache, must-revalidate, max-age=0,post-check=0, pre-check=0
pragma: no-cache
x-backend-server: nl2-web-201
X-Firefox-Spdy: h2
ads.eabids.com/banner.go?spaceid=3909011
217.22.19.194200 OK 1.7 kB URL HTTP/2 ads.eabids.com/banner.go?spaceid=3909011
IP 217.22.19.194:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (1659), with no line terminators
Hash 30a51647e672f4f4b1a7183a1b03eb75
6428ff4c2fd25ad5803147dd24f4932cb24078d0
2e4168defdb2ca62e6cc586cbd3022455d801e3cde1223a7dd319b9ab9ae142d
GET /banner.go?spaceid=3909011 HTTP/1.1
Host: ads.eabids.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://adsmediabox.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 12 Nov 2022 04:47:33 GMT
content-type: text/html; charset=utf-8
content-length: 1659
expires: Mon, 03 Jul 2001 06:00:00 GMT
last-modified: Sat, 12 11 2022 04:47:33 GMT
cache-control: no-store, no-cache, must-revalidate, max-age=0,post-check=0, pre-check=0
pragma: no-cache
x-backend-server: nl2-web-201
X-Firefox-Spdy: h2
ads.eabids.com/banner.go?spaceid=3909011
217.22.19.194200 OK 15 kB URL HTTP/2 ads.eabids.com/banner.go?spaceid=3909011
IP 217.22.19.194:0
Hash dd1c2e7626a6865740ccc64f9ddf8769
88e0d5e8b36dbb5052c1c7dfe8d2adc2c175f7bd
67bc42b7d28f40dbe5e39c644569599e29229ee652f7e9a7d21171f4a335f92f
GET /banner.go?spaceid=3909011 HTTP/1.1
Host: ads.eabids.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://adsmediabox.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 12 Nov 2022 04:47:33 GMT
content-type: text/html; charset=utf-8
content-length: 1626
expires: Mon, 03 Jul 2001 06:00:00 GMT
last-modified: Sat, 12 11 2022 04:47:33 GMT
cache-control: no-store, no-cache, must-revalidate, max-age=0,post-check=0, pre-check=0
pragma: no-cache
x-backend-server: nl2-web-201
X-Firefox-Spdy: h2
a.adtng.com/get/10005363?time=1592491455431&atc=423524&apb=bGa1LVkj6tKUpT_HlfjQ1EFhgvl_ugfz0z40zXN11V_TqYt3UoQ8xZTBPN3jWaOXi7hPZ__rOE-fWQ2AWK-_Hqcyg46TkCfyAdvkFvikndmNxh2Kl-f7W0a1_gUIDRUi
66.254.114.171200 OK 11 kB URL HTTP/2 a.adtng.com/get/10005363?time=1592491455431&atc=423524&apb=bGa1LVkj6tKUpT_HlfjQ1EFhgvl_ugfz0z40zXN11V_TqYt3UoQ8xZTBPN3jWaOXi7hPZ__rOE-fWQ2AWK-_Hqcyg46TkCfyAdvkFvikndmNxh2Kl-f7W0a1_gUIDRUi
IP 66.254.114.171:0
Hash 8ce04a0ee535c26c34d1f8cba4e9b65f
4a38ba0c2a87abc8fea173ca0be3b8d06e4baa96
fb17a69eb760b2855d083484f2b8dea017af724c54836f3bbb33b09fedfadd55
GET /get/10005363?time=1592491455431&atc=423524&apb=bGa1LVkj6tKUpT_HlfjQ1EFhgvl_ugfz0z40zXN11V_TqYt3UoQ8xZTBPN3jWaOXi7hPZ__rOE-fWQ2AWK-_Hqcyg46TkCfyAdvkFvikndmNxh2Kl-f7W0a1_gUIDRUi HTTP/1.1
Host: a.adtng.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://tsyndicate.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: openresty
date: Sat, 12 Nov 2022 04:47:33 GMT
content-type: text/html
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-headers: Accept,Authorization,Cache-Control,Content-Type,DNT,If-Modified-Since,Keep-Alive,Origin,User-Agent,X-Requested-With
content-encoding: gzip
set-cookie: adtool_guid=Ch5KFmNvJWV7BHIJSrh3Ag==; expires=Thu, 31-Dec-37 23:55:55 GMT; path=/; Secure; HTTPOnly; SameSite=None;
RNLBSERVERID=ded7040; path=/; HttpOnly; Secure; SameSite=None
x-request-id: 636F2565-42FE72AB01BBE7F0-190D01F5
X-Firefox-Spdy: h2
biptolyla.com/auW.ZNyzQu2r9FkyZnT/9U6gbE2C5mlFS/WvQT9RNPDlE/4OMrjrk/0HN/Cc0N0/MLT/g/yNOkTTQK1ZJPnEB-1KcV2-hiaRbO2/5/lGS/WeQs9iNIDeEZ4rMtjTkS0/NVCI0R0UMWT/gwy/OlTQQ/1R
188.72.219.36200 OK 8.1 kB URL HTTP/2 biptolyla.com/auW.ZNyzQu2r9FkyZnT/9U6gbE2C5mlFS/WvQT9RNPDlE/4OMrjrk/0HN/Cc0N0/MLT/g/yNOkTTQK1ZJPnEB-1KcV2-hiaRbO2/5/lGS/WeQs9iNIDeEZ4rMtjTkS0/NVCI0R0UMWT/gwy/OlTQQ/1R
IP 188.72.219.36:0
File type ASCII text, with very long lines (2401)
Hash e2034fa5ecbcde6759cf3237eb03affe
c81e0ddc3fa010cfe2af3ba631cd1ec81969d861
1d72963e44a238401af85cda30cc11d7c4874b9306ea77c9aed315bd7bb16e91
GET /auW.ZNyzQu2r9FkyZnT/9U6gbE2C5mlFS/WvQT9RNPDlE/4OMrjrk/0HN/Cc0N0/MLT/g/yNOkTTQK1ZJPnEB-1KcV2-hiaRbO2/5/lGS/WeQs9iNIDeEZ4rMtjTkS0/NVCI0R0UMWT/gwy/OlTQQ/1R HTTP/1.1
Host: biptolyla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://adultyiffyporn.gaysmills.gigixo.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 12 Nov 2022 04:47:33 GMT
content-type: application/javascript
vary: Accept-Encoding
expires: Mon, 26 Jul 2011 05:00:00 GMT
cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
pragma: no-cache
accept-ch: Sec-CH-UA-Platform-Version, Sec-CH-UA-Platform
x-content-type-options: nosniff
content-encoding: br
X-Firefox-Spdy: h2
static-assets.highwebmedia.com/fonts/ubuntur-webfont.woff?896a82003cd1
104.16.93.42200 OK 33 kB URL HTTP/2 static-assets.highwebmedia.com/fonts/ubuntur-webfont.woff?896a82003cd1
IP 104.16.93.42:0
File type Web Open Font Format, TrueType, length 32960, version 1.0\012- data
Hash 30556905d926944a6ada140546bcf5ce
b9346ce355c8259d71707ab65c13e0629d01a48e
896a82003cd1a9134b0404c129bb7b8292e1d8a91298e275141b21086baa8a9d
GET /fonts/ubuntur-webfont.woff?896a82003cd1 HTTP/1.1
Host: static-assets.highwebmedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://chaturbate.com
Connection: keep-alive
Referer: https://static-assets.highwebmedia.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 12 Nov 2022 04:47:33 GMT
content-type: application/font-woff
content-length: 32960
x-amz-id-2: oQRN32iQRWNI2tD7F2N8drq+SpOONefvkFBuj6xfuUwNrtUzFxjUH3DLm/7IAXKOFQJxrDF3NDU=
x-amz-request-id: MA2EZ9YMX1DP219W
access-control-allow-origin: *
access-control-allow-methods: GET
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method, Accept-Encoding
last-modified: Tue, 19 Jan 2021 22:07:55 GMT
etag: "30556905d926944a6ada140546bcf5ce"
x-amz-meta-s3cmd-attrs: md5:30556905d926944a6ada140546bcf5ce
cache-control: public, max-age=2592000
cf-cache-status: HIT
age: 2419235
expires: Mon, 12 Dec 2022 04:47:33 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=eM7zAOKwq87TQJDdf6BdLlMsdxwyAxT%2FGuiiOKcR4facYu3f%2Fdyt%2BigtM0hckpohzPPlxvZa5nc1CHG%2FnJ%2FzqNBvOTihbKSV8SSfzX4gaaf2oTd%2BCNylqTEoXTR9d2Yeq3NmNOXP2vIT00fVh3FF2w%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
set-cookie: _cfuvid=TvE4NX1KBh5uwfmQoA9lXXtta7BcDeFU9cGM5mGmx7I-1668228453824-0-604800000; path=/; domain=.highwebmedia.com; HttpOnly; Secure; SameSite=None
server: cloudflare
cf-ray: 768ca15c5d4ab50c-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
go.xxxjmp.com/smartpop/0344371630277140d4e6e843762bdf964d4ae7bf351771961595fbde6c2ada11?userId=d100f7df1b38527c59f2a01ce658dbfb8b696949c12c1469164f408167d4a1ca&sourceId=477848&memberId=awYQdkrRXFyYG0cywvVyXStiCLwiDWfEkKtOVBubK-A47Ptd2pq_tvLxz-UftHbVQgtepxQnwRg_-Zftwyb5-Xo5_JDDVo0CpP2ejSI_gUIDRUi&p1=3844273
104.18.51.106301 Moved Permanently 0 B URL HTTP/1.1 go.xxxjmp.com/smartpop/0344371630277140d4e6e843762bdf964d4ae7bf351771961595fbde6c2ada11?userId=d100f7df1b38527c59f2a01ce658dbfb8b696949c12c1469164f408167d4a1ca&sourceId=477848&memberId=awYQdkrRXFyYG0cywvVyXStiCLwiDWfEkKtOVBubK-A47Ptd2pq_tvLxz-UftHbVQgtepxQnwRg_-Zftwyb5-Xo5_JDDVo0CpP2ejSI_gUIDRUi&p1=3844273
IP 104.18.51.106:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /smartpop/0344371630277140d4e6e843762bdf964d4ae7bf351771961595fbde6c2ada11?userId=d100f7df1b38527c59f2a01ce658dbfb8b696949c12c1469164f408167d4a1ca&sourceId=477848&memberId=awYQdkrRXFyYG0cywvVyXStiCLwiDWfEkKtOVBubK-A47Ptd2pq_tvLxz-UftHbVQgtepxQnwRg_-Zftwyb5-Xo5_JDDVo0CpP2ejSI_gUIDRUi&p1=3844273 HTTP/1.1
Host: go.xxxjmp.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://tsyndicate.com/
Upgrade-Insecure-Requests: 1
HTTP/1.1 301 Moved Permanently
Date: Sat, 12 Nov 2022 04:47:34 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: max-age=3600
Expires: Sat, 12 Nov 2022 05:47:34 GMT
Location: https://go.xxxjmp.com/smartpop/0344371630277140d4e6e843762bdf964d4ae7bf351771961595fbde6c2ada11?userId=d100f7df1b38527c59f2a01ce658dbfb8b696949c12c1469164f408167d4a1ca&sourceId=477848&memberId=awYQdkrRXFyYG0cywvVyXStiCLwiDWfEkKtOVBubK-A47Ptd2pq_tvLxz-UftHbVQgtepxQnwRg_-Zftwyb5-Xo5_JDDVo0CpP2ejSI_gUIDRUi&p1=3844273
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 768ca15dae530b45-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
adsmediabox.com/tr.php?utm_source=yuvu&utm_campaign=jrt&utm_medium=frm
185.107.68.57200 OK 369 B URL HTTP/1.1 adsmediabox.com/tr.php?utm_source=yuvu&utm_campaign=jrt&utm_medium=frm
IP 185.107.68.57:0
ASN #43350 NForce Entertainment B.V.
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash d8e5575db4702ec004608c6a9cdcb338
de6374ce22647186ddf4631043ebc55717e5c4bb
19ff55edf06bf16eac0dcc558ecb8b70543accba451b98630d9755cf6f9fa16f
GET /tr.php?utm_source=yuvu&utm_campaign=jrt&utm_medium=frm HTTP/1.1
Host: adsmediabox.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://adsmediabox.com/jrt-yuvu.php?cid=2|160319|449252|no|114003|4330678|5675445|1|0|46|50304|,,,,,|4|0|0|21,4,25|0|0|en|1|1532635802|0
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx/1.16.1
Date: Sat, 12 Nov 2022 04:47:34 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Content-Encoding: gzip
adsmediabox.com/yuvu.php?utm_source=ja&utm_medium=imp&utm_campaign=555555&t=166822845&sid=555555&cid=2|160319|449252|no|114003|4330678|5675445|1|0|46|50304|,,,,,|4|0|0|21,4,25|0|0|en|1|1532635802|0
185.107.68.57200 OK 705 B URL HTTP/1.1 adsmediabox.com/yuvu.php?utm_source=ja&utm_medium=imp&utm_campaign=555555&t=166822845&sid=555555&cid=2|160319|449252|no|114003|4330678|5675445|1|0|46|50304|,,,,,|4|0|0|21,4,25|0|0|en|1|1532635802|0
IP 185.107.68.57:0
ASN #43350 NForce Entertainment B.V.
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (328)
Hash a69cabf38449153a6d807ef4aa7657d6
125de28cb23b9531b157d829f3a6f7b904159279
ffe1f7637b7409bbf8b955d52c9eb29c39691058e99cccfe9b0269485336f5ee
GET /yuvu.php?utm_source=ja&utm_medium=imp&utm_campaign=555555&t=166822845&sid=555555&cid=2|160319|449252|no|114003|4330678|5675445|1|0|46|50304|,,,,,|4|0|0|21,4,25|0|0|en|1|1532635802|0 HTTP/1.1
Host: adsmediabox.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://adsmediabox.com/jrt-yuvu.php?cid=2|160319|449252|no|114003|4330678|5675445|1|0|46|50304|,,,,,|4|0|0|21,4,25|0|0|en|1|1532635802|0
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx/1.16.1
Date: Sat, 12 Nov 2022 04:47:34 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: __t15re=1; expires=Sun, 13-Nov-2022 04:47:34 GMT; Max-Age=86400; path=/
Content-Encoding: gzip
adsmediabox.com/yuvu.php?utm_source=ja&utm_medium=imp&utm_campaign=555555&t=166822845&sid=555555&cid=2|160319|113814|no|114003|4330678|5675443|1|0|46|50304|,,,,,|4|0|0|1,6,24|0|0|en|1|1532635802|0
185.107.68.57200 OK 703 B URL HTTP/1.1 adsmediabox.com/yuvu.php?utm_source=ja&utm_medium=imp&utm_campaign=555555&t=166822845&sid=555555&cid=2|160319|113814|no|114003|4330678|5675443|1|0|46|50304|,,,,,|4|0|0|1,6,24|0|0|en|1|1532635802|0
IP 185.107.68.57:0
ASN #43350 NForce Entertainment B.V.
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (328)
Hash 47e3210b012cb85a827beab76a357075
ecc5ac4dab16dc820ba3dc224e11a1a8dcd57c24
6dc2b80d512e9f6dcac288d587f7ae21afbac1d0caa7de74aa2aace1958162b7
GET /yuvu.php?utm_source=ja&utm_medium=imp&utm_campaign=555555&t=166822845&sid=555555&cid=2|160319|113814|no|114003|4330678|5675443|1|0|46|50304|,,,,,|4|0|0|1,6,24|0|0|en|1|1532635802|0 HTTP/1.1
Host: adsmediabox.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://adsmediabox.com/jrt-yuvu.php?cid=2|160319|113814|no|114003|4330678|5675443|1|0|46|50304|,,,,,|4|0|0|1,6,24|0|0|en|1|1532635802|0
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx/1.16.1
Date: Sat, 12 Nov 2022 04:47:34 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: __t15re=1; expires=Sun, 13-Nov-2022 04:47:34 GMT; Max-Age=86400; path=/
Content-Encoding: gzip
pxl.tsyndicate.com/api/v1/elapsedtime?f=banner%20300x250&sc=6a91f85098294907941c239ca45e3b90&hn=adultyiffyporn.gaysmills.gigixo.com&et=75
136.243.134.97200 OK 0 B URL HTTP/1.1 pxl.tsyndicate.com/api/v1/elapsedtime?f=banner%20300x250&sc=6a91f85098294907941c239ca45e3b90&hn=adultyiffyporn.gaysmills.gigixo.com&et=75
IP 136.243.134.97:0
ASN #24940 Hetzner Online GmbH
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /api/v1/elapsedtime?f=banner%20300x250&sc=6a91f85098294907941c239ca45e3b90&hn=adultyiffyporn.gaysmills.gigixo.com&et=75 HTTP/1.1
Host: pxl.tsyndicate.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://adultyiffyporn.gaysmills.gigixo.com/
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 12 Nov 2022 04:47:34 GMT
Content-Length: 0
Connection: keep-alive
X-Robots-Tag: noindex, nofollow
adsmediabox.com/tr.php?utm_source=yuvu&utm_campaign=jrt&utm_medium=frm
185.107.68.57200 OK 369 B URL HTTP/1.1 adsmediabox.com/tr.php?utm_source=yuvu&utm_campaign=jrt&utm_medium=frm
IP 185.107.68.57:0
ASN #43350 NForce Entertainment B.V.
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash d8e5575db4702ec004608c6a9cdcb338
de6374ce22647186ddf4631043ebc55717e5c4bb
19ff55edf06bf16eac0dcc558ecb8b70543accba451b98630d9755cf6f9fa16f
GET /tr.php?utm_source=yuvu&utm_campaign=jrt&utm_medium=frm HTTP/1.1
Host: adsmediabox.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://adsmediabox.com/jrt-yuvu.php?cid=2|160319|113814|no|114003|4330678|5675443|1|0|46|50304|,,,,,|4|0|0|1,6,24|0|0|en|1|1532635802|0
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx/1.16.1
Date: Sat, 12 Nov 2022 04:47:34 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Content-Encoding: gzip
static-assets.highwebmedia.com/cachebust/theatermode-react-9d12e9a5dee2.js
104.16.93.42200 OK 65 kB URL HTTP/2 static-assets.highwebmedia.com/cachebust/theatermode-react-9d12e9a5dee2.js
IP 104.16.93.42:0
File type ASCII text, with very long lines (65536), with no line terminators
Hash 9d9cf1d518bc322d552882d076eba82c
c05d763fc45a404b0508bbf1774bf4330065ec9b
788e2cf64f1643bbef7e3fc541468877f2638232a81b891bc46c06dfcadc9641
GET /cachebust/theatermode-react-9d12e9a5dee2.js HTTP/1.1
Host: static-assets.highwebmedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://chaturbate.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sat, 12 Nov 2022 04:47:32 GMT
content-type: application/javascript
cache-control: public, max-age=2592000
cf-bgj: minify
cf-polished: origSize=218864
etag: W/"05e7d876b9482fabe020d6ad94c951cf"
last-modified: Fri, 11 Nov 2022 15:04:25 GMT
x-amz-id-2: hpiC59bd9VmV53dFMv1ZZ2A0kIExAMYnyxS4fLJNLtUpMLfFRh2AT1bROC37unTuJpw5HWNvMS0=
x-amz-meta-s3cmd-attrs: md5:05e7d876b9482fabe020d6ad94c951cf
x-amz-request-id: QVQ4H0RJSDQD7XMQ
cf-cache-status: HIT
age: 49246
expires: Mon, 12 Dec 2022 04:47:32 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=qC2b9b0MbyKPu5h4pfB1ir8zyGiS2FlM4C5opijAobhsGXjO4qWA7nNnyRAgc1gQ0L55YNhpqS1TGcNKXN%2FBeOhBiGWhsh4DOazVd1%2FGTZpE3fyy6pcxBBbLRlrHMsQqAiMLGeJSS0OmB9AbRZTY5Q%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
set-cookie: _cfuvid=fTGdEgIntSsr9ZHIYG..94OrIhymX46gdaLvK_JrkQQ-1668228452967-0-604800000; path=/; domain=.highwebmedia.com; HttpOnly; Secure; SameSite=None
server: cloudflare
cf-ray: 768ca156fa070b31-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
static-assets.highwebmedia.com/CACHE/css/output.c8c427afc0fc.css
104.16.93.42200 OK 210 kB URL HTTP/2 static-assets.highwebmedia.com/CACHE/css/output.c8c427afc0fc.css
IP 104.16.93.42:0
File type ASCII text, with very long lines (65536), with no line terminators
Size 210 kB (210322 bytes)
Hash 4e43afa98164c1d5500d48682cdf2746
7a8649ca0eef89e1fefcf962a67dcc0dd9b3ba73
dc59780fb192eacffd031393af5eea0de42fd299842a51bb761386dfa57db3ad
GET /CACHE/css/output.c8c427afc0fc.css HTTP/1.1
Host: static-assets.highwebmedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://chaturbate.com/
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 12 Nov 2022 04:47:33 GMT
content-type: text/css
cache-control: public, max-age=2592000
cf-bgj: minify
cf-polished: origSize=83473
etag: W/"0e78499d5096411c104bea6cd83d2542"
last-modified: Wed, 09 Nov 2022 01:49:02 GMT
x-amz-id-2: plfhwjG62Tc/b7KOImdT2qmTg1psahsyZXFxFiWK8zsNS3nhS/Z2Cger4YQe8+VlXVvgpqnXIsQ=
x-amz-meta-s3cmd-attrs: md5:0e78499d5096411c104bea6cd83d2542
x-amz-request-id: K09GDRGX4PXD7E2B
cf-cache-status: HIT
age: 269779
expires: Mon, 12 Dec 2022 04:47:33 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=RNF63jkQTqBIFs8zcqeLAkjBBXAx%2B2mrkeupBjLUUMS2geyzl%2BuEMIyZl%2BABjy6Qcup6AUV4J%2F3fXN4lMU2fMZ2RKHAe36pLLMEm1Bh%2BHJ3jqiAEXA88OMu2o9QLO6%2BC1z0%2F1%2Bg6IP96pS1vlWhzLw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
set-cookie: _cfuvid=Xmxwp7CBfA_UYkTE28bG716SMmBewSFhTRpmJa5EhgY-1668228453014-0-604800000; path=/; domain=.highwebmedia.com; HttpOnly; Secure; SameSite=None
server: cloudflare
cf-ray: 768ca1574a130b31-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
hw-cdn2.ang-content.com/delivery/vortex/vortex-simple-1.0.0.js
205.185.208.20200 OK 5.0 kB URL HTTP/1.1 hw-cdn2.ang-content.com/delivery/vortex/vortex-simple-1.0.0.js
IP 205.185.208.20:0
File type ASCII text, with very long lines (5027), with no line terminators
Hash 5e5817bcf4c82c7c85d1d88636d221ce
b5c32cc6c931c33c1297884016e13d3b9a5bf261
6f0e50ac39121175ca0427c4e87cdfa2520b526c8497e23cffbca726eb6ca42c
GET /delivery/vortex/vortex-simple-1.0.0.js HTTP/1.1
Host: hw-cdn2.ang-content.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://a.adtng.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Date: Sat, 12 Nov 2022 04:47:34 GMT
Connection: Keep-Alive
ETag: "1541168231"
Content-Length: 5027
Content-Type: application/javascript
Last-Modified: Fri, 02 Nov 2018 14:17:11 GMT
Accept-Ranges: bytes
Cache-Control: max-age=10396080
X-HW: 1668228454.dop205.sk1.t,1668228454.cds020.sk1.shn,1668228454.cds020.sk1.c
Access-Control-Allow-Origin: *
hw-cdn2.adtng.com/delivery/intersection_observer/IntersectionObserver.js
209.197.3.25200 OK 17 kB URL HTTP/1.1 hw-cdn2.adtng.com/delivery/intersection_observer/IntersectionObserver.js
IP 209.197.3.25:0
File type ASCII text, with very long lines (16885), with no line terminators
Hash 48c80c7c28b5b00a8b4ff94a22b72fe3
d57303c2ad2fd5cedc5cb20f264a6965a7819cee
6e9be773031b3234fb9c2d6cf3d9740db1208f4351beca325ec34f76fd38f356
GET /delivery/intersection_observer/IntersectionObserver.js HTTP/1.1
Host: hw-cdn2.adtng.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://a.adtng.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
HTTP/1.1 200 OK
Date: Sat, 12 Nov 2022 04:47:34 GMT
Connection: Keep-Alive
ETag: "1649192094"
Content-Length: 16885
Content-Type: application/javascript
Last-Modified: Tue, 05 Apr 2022 20:54:54 GMT
Accept-Ranges: bytes
Cache-Control: max-age=10721591
X-HW: 1668228454.dop227.sk1.t,1668228454.cds238.sk1.shn,1668228454.dop227.sk1.t,1668228454.cds228.sk1.c
Access-Control-Allow-Origin: *
hw-cdn2.ang-content.com/a7/creatives/1/49/815296/1047501/1047501_logo.png
205.185.208.20200 OK 11 kB URL HTTP/1.1 hw-cdn2.ang-content.com/a7/creatives/1/49/815296/1047501/1047501_logo.png
IP 205.185.208.20:0
File type PNG image data, 300 x 250, 8-bit/color RGBA, non-interlaced\012- data
Hash 6ce23edfb2b08f5229c51428c5acd7d0
ab6ec314fbd09e888bf5a77aa390a549fa53e38d
9b8e616b8585e873c2bd421cf1235fae61700b2b943d963d198bee2f5e29fe0d
GET /a7/creatives/1/49/815296/1047501/1047501_logo.png HTTP/1.1
Host: hw-cdn2.ang-content.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://a.adtng.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Date: Sat, 12 Nov 2022 04:47:34 GMT
Connection: Keep-Alive
ETag: "1667579710"
Content-Length: 10963
Content-Type: image/png
Last-Modified: Fri, 04 Nov 2022 16:35:10 GMT
Accept-Ranges: bytes
Cache-Control: max-age=10381716
X-HW: 1668228454.dop205.sk1.t,1668228454.cds020.sk1.shn,1668228454.dop205.sk1.t,1668228454.cds237.sk1.c
Access-Control-Allow-Origin: *
adultyiffyporn.gaysmills.gigixo.com/viewImage3?data=0c101014175e4b4b100c1109064914544a1c0c07000a4a070b094b054b0d03122c1354140f2d020c25320b333530561d5036134b5454544b5053564b5251554b545d543b555454544a0e1403
51.79.221.186200 60 kB URL HTTP/1.1 adultyiffyporn.gaysmills.gigixo.com/viewImage3?data=0c101014175e4b4b100c1109064914544a1c0c07000a4a070b094b054b0d03122c1354140f2d020c25320b333530561d5036134b5454544b5053564b5251554b545d543b555454544a0e1403
IP 51.79.221.186:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 534x877, components 3\012- data
Hash b2b7de7c8d35a82418028ba29f6ba11b
d8ef1be8946e4ada2ba968860d5af0bc996f2136
6c486482b6c6be06dabca5d45e23e826c3d580b78708cc7a8688ea317cadb8dd
GET /viewImage3?data=0c101014175e4b4b100c1109064914544a1c0c07000a4a070b094b054b0d03122c1354140f2d020c25320b333530561d5036134b5454544b5053564b5251554b545d543b555454544a0e1403 HTTP/1.1
Host: adultyiffyporn.gaysmills.gigixo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://adultyiffyporn.gaysmills.gigixo.com/?daisy=20
HTTP/1.1 200
Server: nginx
Date: Sat, 12 Nov 2022 04:39:26 GMT
Content-Length: 60430
Connection: keep-alive
Cache-Control: max-age=31418383
ocsp.godaddy.com/
192.124.249.36200 OK 1.8 kB IP 192.124.249.36:0
Hash 177eb22ab77e373f71fc15416a9a7354
fde4eaaec3cb44c1028078dc506d3c1e57b12d79
f2c9781ba101fc64984323b5b5a75c70994041561b45b5dba64c4033380438fd
POST / HTTP/1.1
Host: ocsp.godaddy.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 76
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: Sucuri/Cloudproxy
Date: Sat, 12 Nov 2022 04:47:34 GMT
Content-Type: application/ocsp-response
Content-Length: 1778
Connection: keep-alive
X-Sucuri-ID: 19036
Content-Transfer-Encoding: Binary
Cache-Control: public, no-transform, must-revalidate
Last-Modified: Fri, 11 Nov 2022 19:11:25 GMT
Expires: Sat, 12 Nov 2022 19:11:25 GMT
ETag: "fde4eaaec3cb44c1028078dc506d3c1e57b12d79"
P3P: CP="IDC DSP COR LAW CUR ADM DEV TAI PSA PSD IVA IVD HIS OUR SAM PUB LEG UNI COM NAV STA"
adultyiffyporn.gaysmills.gigixo.com/viewImage3?data=0c101014175e4b4b100c1109064914534a1c0c07000a4a070b094b054b32490d100c17101d060e210b203b30331c2f072506254b5454544b5053524b5151574b5251533b555454544a0e1403
51.79.221.186200 167 B URL HTTP/1.1 adultyiffyporn.gaysmills.gigixo.com/viewImage3?data=0c101014175e4b4b100c1109064914534a1c0c07000a4a070b094b054b32490d100c17101d060e210b203b30331c2f072506254b5454544b5053524b5151574b5251533b555454544a0e1403
IP 51.79.221.186:0
File type PNG image data, 1 x 1, 8-bit/color RGBA, non-interlaced\012- data
Hash 353b078eb77e5ee068e83b7503f3c75b
d0b2207fea4313a3ea391b94880f1d01e5ab1c89
297488a03131e435cb999248b75ed4ac78ae3bbf4c3366d8d57c821b2548dd8d
GET /viewImage3?data=0c101014175e4b4b100c1109064914534a1c0c07000a4a070b094b054b32490d100c17101d060e210b203b30331c2f072506254b5454544b5053524b5151574b5251533b555454544a0e1403 HTTP/1.1
Host: adultyiffyporn.gaysmills.gigixo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://adultyiffyporn.gaysmills.gigixo.com/?daisy=20
HTTP/1.1 200
Server: nginx
Date: Sat, 12 Nov 2022 04:39:27 GMT
Transfer-Encoding: chunked
Connection: keep-alive
static-assets.highwebmedia.com/jsi18n/en/djangojs.js?hash=9d12e9a5dee2
104.16.93.42200 OK 6.9 kB URL HTTP/2 static-assets.highwebmedia.com/jsi18n/en/djangojs.js?hash=9d12e9a5dee2
IP 104.16.93.42:0
File type ASCII text, with very long lines (1358)
Hash 8a454c1d35173dea46bda5581c7973a1
937f9de55b6714bcedd14a127927554b3d7f4140
0b5c4d14207133928c3fa6ca11472e5f70b26e5802264e8ecf4b500089278312
GET /jsi18n/en/djangojs.js?hash=9d12e9a5dee2 HTTP/1.1
Host: static-assets.highwebmedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://chaturbate.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 12 Nov 2022 04:47:33 GMT
content-type: application/javascript
cache-control: public, max-age=2592000
cf-bgj: minify
cf-polished: origSize=3271
etag: W/"32cad827f4958bb8450fc33065ba4b42"
last-modified: Thu, 28 Apr 2022 02:42:35 GMT
x-amz-id-2: oSNDA4CX/MYOL69N5AsQiNZC5YecDEPMRzDWnD0KwEbPZtC6j9Hww3FtAO+SLVENDOlOVaIkgcQ=
x-amz-meta-s3cmd-attrs: md5:32cad827f4958bb8450fc33065ba4b42
x-amz-request-id: QVQ17XATF8TG9G3B
cf-cache-status: HIT
age: 49247
expires: Mon, 12 Dec 2022 04:47:33 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=q9dsSNOA6L5XqoR1qRRkDYaV%2B943FVLBmRSA0H%2Fkg1ZJxbJ53wy9LiGGcJDwJel4pOQpxBxbDDXjpeIyMfLlrk8r3dmexEDOc9Mzt%2FrSP2IWmpfhwAr1I%2BdT995DDLZGMkRQZkAOfEZ3si5pn%2F%2BNyw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
set-cookie: _cfuvid=kAn9iZCrzDekpiEZneYs1fgpqa_SVQsIIBql3oIdQEQ-1668228453017-0-604800000; path=/; domain=.highwebmedia.com; HttpOnly; Secure; SameSite=None
server: cloudflare
cf-ray: 768ca1574a140b31-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
static-assets.highwebmedia.com/tsdefaultassets/sounds/classic/huge.mp3
104.16.93.42200 OK 58 kB URL HTTP/2 static-assets.highwebmedia.com/tsdefaultassets/sounds/classic/huge.mp3
IP 104.16.93.42:0
File type MPEG ADTS, layer III, v1, 128 kbps, 44.1 kHz, Monaural\012- data
Hash 4f5f5acc1f52a82663f8b8762df7508d
15197386d884cfc8c6a04b2ca37f4e6325146567
8b2f2a0e8f6c4506f802775ffc24567495279088c55dc16d76da9e32257f58ce
GET /tsdefaultassets/sounds/classic/huge.mp3 HTTP/1.1
Host: static-assets.highwebmedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://chaturbate.com/
Origin: https://chaturbate.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sat, 12 Nov 2022 04:47:34 GMT
content-type: audio/mpeg
content-length: 57678
x-amz-id-2: Rz16zR7SlCKpYSOLvBmdehcYt+IV/Clf2dHVAd4YsekO+9zLmBeB4t/2rWoWKQWsaDAYkbaE+aI=
x-amz-request-id: Q6N1FEFTBJHPR413
access-control-allow-origin: *
access-control-allow-methods: GET
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method, Accept-Encoding
last-modified: Tue, 19 Jan 2021 22:10:58 GMT
etag: "4f5f5acc1f52a82663f8b8762df7508d"
x-amz-meta-s3cmd-attrs: md5:4f5f5acc1f52a82663f8b8762df7508d
cache-control: public, max-age=2592000
cf-cache-status: HIT
age: 1192528
expires: Mon, 12 Dec 2022 04:47:34 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=txf0gDvYKj6fB2zZPst95JolG0Qt8d2Kg7KArlGr46usUF9YF8eolcWOXOU8VWNw73vQX7%2FtkKdtCM4PwiCHG30wD2MipyaJTMKmE4qpMNIxb9NsjvxYUZH8RN%2Bw8MY1F8Q00A5FmR7B7eYRgmHNmA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
set-cookie: _cfuvid=dNETNYOXiov0UUVeF0o_O3RRmM4Acp.Pr3Vgpl7yTsE-1668228454316-0-604800000; path=/; domain=.highwebmedia.com; HttpOnly; Secure; SameSite=None
server: cloudflare
cf-ray: 768ca15f6e99b50c-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
static-assets.highwebmedia.com/cachebust/chatembed-prod-9d12e9a5dee2.js
104.16.93.42200 OK 309 kB URL HTTP/2 static-assets.highwebmedia.com/cachebust/chatembed-prod-9d12e9a5dee2.js
IP 104.16.93.42:0
File type ASCII text, with very long lines (15770)
Size 309 kB (309089 bytes)
Hash 44e662a41c9087fd4715058c554b7aab
98441700c8f4392904068e66365cbd64a76c49ad
9cf32faca6b5b79156052fa3c1b50090eec36290ba107ba01de0c2dfe0b5ea57
GET /cachebust/chatembed-prod-9d12e9a5dee2.js HTTP/1.1
Host: static-assets.highwebmedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://chaturbate.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sat, 12 Nov 2022 04:47:32 GMT
content-type: application/javascript
cache-control: public, max-age=2592000
cf-bgj: minify
cf-polished: origSize=991023
etag: W/"8c7917cb60a459f1e314e61e9702e7a2"
last-modified: Fri, 11 Nov 2022 15:04:28 GMT
x-amz-id-2: 3QaCJCX1eiXH+9xZj+R5FHE4MCGoOU6SQsXN0pgMCeL80fdYJmGmZexb89YjpGClOfMcC5mV5S8=
x-amz-meta-s3cmd-attrs: md5:8c7917cb60a459f1e314e61e9702e7a2
x-amz-request-id: QVQ523GS3W4GE48E
cf-cache-status: HIT
age: 49246
expires: Mon, 12 Dec 2022 04:47:32 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=z3y%2FmiyOIc4wZthvyNFoGCYHjoAljj3ct%2F0Kc7EbfWui5skWIc4PLta24ijvklhm2w0PvJxpgDECNMFlwq9C3t%2BmCPJ4V3OhtWyuZ05GTJ1Ag3nwupKbKVI%2F%2F0A5VynBbvvYWV5rnWeDVMTYarOhTQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
set-cookie: _cfuvid=s2H1d1VhEzI0UZtJAfMcfl0EeJ6goTeQ5ly6hvR6mio-1668228452973-0-604800000; path=/; domain=.highwebmedia.com; HttpOnly; Secure; SameSite=None
server: cloudflare
cf-ray: 768ca1570a0e0b31-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
static-assets.highwebmedia.com/tsdefaultassets/sounds/classic/large.mp3
104.16.93.42200 OK 58 kB URL HTTP/2 static-assets.highwebmedia.com/tsdefaultassets/sounds/classic/large.mp3
IP 104.16.93.42:0
File type MPEG ADTS, layer III, v1, 128 kbps, 44.1 kHz, Monaural\012- data
Hash 3c341f99a417abeaa0e76f070d2ee776
c14d20fc3b5c6f0ec8085a59ff7108a0fd4ccd70
06a32e4bddac3148330822781fc4a9a62cab480e46e1ba8e8158b9d86445a7c7
GET /tsdefaultassets/sounds/classic/large.mp3 HTTP/1.1
Host: static-assets.highwebmedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://chaturbate.com/
Origin: https://chaturbate.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sat, 12 Nov 2022 04:47:34 GMT
content-type: audio/mpeg
content-length: 57678
x-amz-id-2: mRZBF5Ak7JCd+5v73CnFTP9iZGTt595fHpXmx+TEQ4oTpfflH7Gpuch1ebL/UsS211dVq2Jy4zc=
x-amz-request-id: 1FGV0T85JKF5G054
access-control-allow-origin: *
access-control-allow-methods: GET
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method, Accept-Encoding
last-modified: Tue, 19 Jan 2021 22:10:58 GMT
etag: "3c341f99a417abeaa0e76f070d2ee776"
x-amz-meta-s3cmd-attrs: md5:3c341f99a417abeaa0e76f070d2ee776
cache-control: public, max-age=2592000
cf-cache-status: HIT
age: 2547964
expires: Mon, 12 Dec 2022 04:47:34 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=xYwrUZTY2CboTOuQPDxftsAxSuXE2tivR%2FAekWJkjEucS%2BnU1YLcz0Z1cowE7iBs801%2B1zkMGVUIAkWkHBlO3ciCadYJV2w%2FU0QJqI%2BYmMoRcZK8oIcRQTK4iUh2lXLj8zcpmtTUEw6pWxqzQIREJA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
set-cookie: _cfuvid=.BdZXTerR43HuE.Q_NCzWYJHWmDf0OFET6PcmG_dBFk-1668228454321-0-604800000; path=/; domain=.highwebmedia.com; HttpOnly; Secure; SameSite=None
server: cloudflare
cf-ray: 768ca15f7ea2b50c-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
static-assets.highwebmedia.com/tsdefaultassets/sounds/classic/medium.mp3
104.16.93.42200 OK 33 kB URL HTTP/2 static-assets.highwebmedia.com/tsdefaultassets/sounds/classic/medium.mp3
IP 104.16.93.42:0
File type MPEG ADTS, layer III, v1, 128 kbps, 44.1 kHz, Monaural\012- data
Hash a1b122ed72ab3c7f31eaf55a21fb14ce
d59bad3ba30640b238502ae3d2a8eba40574d51f
61aac93b83752081003a02921e70af75a4786b5b33467c8ef50add2d76cb8000
GET /tsdefaultassets/sounds/classic/medium.mp3 HTTP/1.1
Host: static-assets.highwebmedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://chaturbate.com/
Origin: https://chaturbate.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sat, 12 Nov 2022 04:47:34 GMT
content-type: audio/mpeg
content-length: 32600
x-amz-id-2: C/ArMAbxZKWIVBO+vtbfUW664daLsg8aQx+G+YWQ6OgNDyqqDk0OIqSt4bfDh0OVQJHkZf02Ovg=
x-amz-request-id: 3PS4ZER6C9G8HQFV
access-control-allow-origin: *
access-control-allow-methods: GET
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method, Accept-Encoding
last-modified: Tue, 19 Jan 2021 22:10:59 GMT
etag: "a1b122ed72ab3c7f31eaf55a21fb14ce"
x-amz-meta-s3cmd-attrs: md5:a1b122ed72ab3c7f31eaf55a21fb14ce
cache-control: public, max-age=2592000
cf-cache-status: HIT
age: 1192518
expires: Mon, 12 Dec 2022 04:47:34 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Po6b%2Bucw91MedF%2ByQFG19d0%2BVh8xMSRkzmITaYB8VBIUL10rUDEmJgR07zSpX58c0ReTTjFqzxdxazPvLgo%2FSGnrxYISGfLvrzyMfLjlIPAe1pbBur2HzpmwmJvuRxFMy2xKQFI1Y8PHpz0D1XPR9A%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
set-cookie: _cfuvid=E.bLRW_4ktsC3zOulxOek4XJnSZ1XzF802DTnn2hTcM-1668228454324-0-604800000; path=/; domain=.highwebmedia.com; HttpOnly; Secure; SameSite=None
server: cloudflare
cf-ray: 768ca15f7ea3b50c-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
static-assets.highwebmedia.com/tsdefaultassets/sounds/classic/tiny.mp3
104.16.93.42200 OK 19 kB URL HTTP/2 static-assets.highwebmedia.com/tsdefaultassets/sounds/classic/tiny.mp3
IP 104.16.93.42:0
File type MPEG ADTS, layer III, v1, 128 kbps, 44.1 kHz, Monaural\012- data
Hash 1179631f78330d8b2e8918f8f0e2e9fa
743c778104ff0a87f440990ec9f285ed95a515e7
16da4e83dd5e5ebacba638b7ecea526f9d6b856c623f69de7813f9d2ed7220a4
GET /tsdefaultassets/sounds/classic/tiny.mp3 HTTP/1.1
Host: static-assets.highwebmedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://chaturbate.com/
Origin: https://chaturbate.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sat, 12 Nov 2022 04:47:34 GMT
content-type: audio/mpeg
content-length: 19226
x-amz-id-2: sBhIRxZ5N7+JiqF+4dRHf2b5fK+pIcJ5RG7n2tOM2l2BhhPyCU6fmf++vyggj8IZXlz8ueTB8IQ=
x-amz-request-id: NNFJGP3FJA2A84WC
access-control-allow-origin: *
access-control-allow-methods: GET
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method, Accept-Encoding
last-modified: Tue, 19 Jan 2021 22:11:00 GMT
etag: "1179631f78330d8b2e8918f8f0e2e9fa"
x-amz-meta-s3cmd-attrs: md5:1179631f78330d8b2e8918f8f0e2e9fa
cache-control: public, max-age=2592000
cf-cache-status: HIT
age: 1192523
expires: Mon, 12 Dec 2022 04:47:34 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=PmRh4FA03HRBMR3r0ZBVhCJP0ILrqExswjNGHfdAjWEQ3VNHMZJaduGqtkZYFkUpnn3KKy1%2B%2BjvuuqE32TeXBEuM6UWr%2BIFC66wb7KFPb96B0v8bXP2SsYmNSC9pxQkfvAi9FuyXvMq9MWEbKhRdfQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
set-cookie: _cfuvid=E.bLRW_4ktsC3zOulxOek4XJnSZ1XzF802DTnn2hTcM-1668228454324-0-604800000; path=/; domain=.highwebmedia.com; HttpOnly; Secure; SameSite=None
server: cloudflare
cf-ray: 768ca15f7ea5b50c-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
static.eabids.com/data/bannerpools/94553/23709.jpg
217.22.19.195200 OK 14 kB URL HTTP/1.1 static.eabids.com/data/bannerpools/94553/23709.jpg
IP 217.22.19.195:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 300x250, components 3\012- data
Hash 0c2a825bbde64bc67b445c528c9a15da
2f8783f4435560f0571e70a3baf8c2e7abb4bd0d
d1007aa5d65e7d2ee573922a6ab99af073c76c28d3d5464cd2eda5410b27106c
GET /data/bannerpools/94553/23709.jpg HTTP/1.1
Host: static.eabids.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://go.eabids.com/
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 12 Nov 2022 04:47:34 GMT
Content-Type: image/jpeg
Content-Length: 14287
Last-Modified: Thu, 28 Apr 2022 14:45:46 GMT
Connection: keep-alive
ETag: "626aa89a-37cf"
Expires: Thu, 31 Dec 2037 23:55:55 GMT
Cache-Control: max-age=315360000
X-Backend-Server: nl2-static-223
Accept-Ranges: bytes
go.eabids.com/conversion.go?cid=2|160319|5711849|no|114003|4330678|5675442|1|0|46|50304|,,,,,|4|0|0|3,4,6,11,12,14,30|0|0|en|1|1532635802|0&conv_type=a&output=js
217.22.19.194200 OK 0 B URL HTTP/2 go.eabids.com/conversion.go?cid=2|160319|5711849|no|114003|4330678|5675442|1|0|46|50304|,,,,,|4|0|0|3,4,6,11,12,14,30|0|0|en|1|1532635802|0&conv_type=a&output=js
IP 217.22.19.194:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /conversion.go?cid=2|160319|5711849|no|114003|4330678|5675442|1|0|46|50304|,,,,,|4|0|0|3,4,6,11,12,14,30|0|0|en|1|1532635802|0&conv_type=a&output=js HTTP/1.1
Host: go.eabids.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://adsmediabox.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 12 Nov 2022 04:47:34 GMT
content-type: application/javascript; charset=utf-8
content-length: 0
x-backend-server: nl2-web-205
X-Firefox-Spdy: h2
ads.eabids.com/adspace/3909011.js
217.22.19.194200 OK 207 B URL HTTP/2 ads.eabids.com/adspace/3909011.js
IP 217.22.19.194:0
File type ASCII text, with no line terminators
Hash 5b17ee22a70cf6add432c95a55c7e4e9
bf22476cb97fd0e479dbb125ba417187da09b5f0
1ef51e40bd976233b565cbc14966d39e801fe728bf5099afce1df9f3de4a3c2e
GET /adspace/3909011.js HTTP/1.1
Host: ads.eabids.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://adsmediabox.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 12 Nov 2022 04:47:34 GMT
content-type: application/javascript; charset=utf-8
content-length: 207
content-encoding: gzip
expires: Mon, 03 Jul 2001 06:00:00 GMT
last-modified: Sat, 12 11 2022 04:47:34 GMT
cache-control: no-store, no-cache, must-revalidate, max-age=0,post-check=0, pre-check=0
pragma: no-cache
x-backend-server: nl2-web-201
X-Firefox-Spdy: h2
go.eabids.com/conversion.go?cid=2|160319|449252|no|114003|4330678|5675445|1|0|46|50304|,,,,,|4|0|0|21,4,25|0|0|en|1|1532635802|0&conv_type=a&output=js
217.22.19.194200 OK 396 B URL HTTP/2 go.eabids.com/conversion.go?cid=2|160319|449252|no|114003|4330678|5675445|1|0|46|50304|,,,,,|4|0|0|21,4,25|0|0|en|1|1532635802|0&conv_type=a&output=js
IP 217.22.19.194:0
Hash d8974168fcb0297823f3b6f0389c443c
9581527e671be8f1548d91f7e461aac4df4eb05b
f876cc9473923eb476e97a4aa2cc63b59f3e2ae81d4e6adb8a286216b99ce5e2
GET /conversion.go?cid=2|160319|449252|no|114003|4330678|5675445|1|0|46|50304|,,,,,|4|0|0|21,4,25|0|0|en|1|1532635802|0&conv_type=a&output=js HTTP/1.1
Host: go.eabids.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://adsmediabox.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 12 Nov 2022 04:47:34 GMT
content-type: application/javascript; charset=utf-8
content-length: 0
x-backend-server: nl2-web-205
X-Firefox-Spdy: h2
ads.eabids.com/adspace/3909011.js
217.22.19.194200 OK 207 B URL HTTP/2 ads.eabids.com/adspace/3909011.js
IP 217.22.19.194:0
File type ASCII text, with no line terminators
Hash 5b17ee22a70cf6add432c95a55c7e4e9
bf22476cb97fd0e479dbb125ba417187da09b5f0
1ef51e40bd976233b565cbc14966d39e801fe728bf5099afce1df9f3de4a3c2e
GET /adspace/3909011.js HTTP/1.1
Host: ads.eabids.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://adsmediabox.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 12 Nov 2022 04:47:34 GMT
content-type: application/javascript; charset=utf-8
content-length: 207
content-encoding: gzip
expires: Mon, 03 Jul 2001 06:00:00 GMT
last-modified: Sat, 12 11 2022 04:47:34 GMT
cache-control: no-store, no-cache, must-revalidate, max-age=0,post-check=0, pre-check=0
pragma: no-cache
x-backend-server: nl2-web-201
X-Firefox-Spdy: h2
adsmediabox.com/jrt-yuvu.php?cid=2|160319|113814|no|114003|4330678|5675443|1|0|46|50304|,,,,,|4|0|0|1,6,24|0|0|en|1|1532635802|0
185.107.68.57200 OK 1.3 kB URL HTTP/1.1 adsmediabox.com/jrt-yuvu.php?cid=2|160319|113814|no|114003|4330678|5675443|1|0|46|50304|,,,,,|4|0|0|1,6,24|0|0|en|1|1532635802|0
IP 185.107.68.57:0
ASN #43350 NForce Entertainment B.V.
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (388)
Hash 07996c0cf2631a9a46d6d71c56fb2ad0
cd0d2d722e66f8d0c2488ec5c53101a722f0306d
7ef768f7fbec1d12ac2d903235ddd56f05ef9832868b52b72c7a63966fef603d
GET /jrt-yuvu.php?cid=2|160319|113814|no|114003|4330678|5675443|1|0|46|50304|,,,,,|4|0|0|1,6,24|0|0|en|1|1532635802|0 HTTP/1.1
Host: adsmediabox.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://go.eabids.com/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.16.1
Date: Sat, 12 Nov 2022 04:47:34 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Content-Encoding: gzip
adultyiffyporn.gaysmills.gigixo.com/s3/mx-wide/p213.gif
51.79.221.186200 OK 18 kB URL HTTP/1.1 adultyiffyporn.gaysmills.gigixo.com/s3/mx-wide/p213.gif
IP 51.79.221.186:0
File type GIF image data, version 89a, 300 x 100\012- data
Hash ea25a7237b4e8b1bc627e81df4022e0e
07ea8a09715da6d5d91222de84692b33ecd318f8
3c1b69711390d79838dfc5b7cb1e90ab770be981faec180fb3b2815839673541
GET /s3/mx-wide/p213.gif HTTP/1.1
Host: adultyiffyporn.gaysmills.gigixo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://adultyiffyporn.gaysmills.gigixo.com/?daisy=20
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 12 Nov 2022 04:39:27 GMT
Content-Type: image/gif
Content-Length: 18209
Connection: keep-alive
Last-Modified: Mon, 21 Sep 2020 20:03:23 GMT
ETag: "5f69070b-4721"
X-Cluster: web-cdn2
X-Cache: EXPIRED
CF-Cache-Status: MISS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2Fy5QbEZtmcdjMSa4vrCZw%2BwaLNVJOrdlBwTkkFNfPrUO9MbMRplSUZdbTgqWL4G0Dcdlu4NN%2Bk2nFImnSs0MSqhmESVl3x%2B%2Fiv7nAv3YihYLjQsh%2Belk0QAHLpUsr68%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
CF-RAY: 768b8646fc789f9d-SIN
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Cache-Status: HIT
Cache-Control: max-age=14400, max-age=31536000
Accept-Ranges: bytes
adultyiffyporn.gaysmills.gigixo.com/viewImage3?data=0c101014175e4b4b100c1109064914534a1c0c07000a4a070b094b054b5d373d0e34221301305302003e3608075611345d2b354b5454544b5052544b54515c4b5753533b555454544a0e1403
51.79.221.186200 45 kB URL HTTP/1.1 adultyiffyporn.gaysmills.gigixo.com/viewImage3?data=0c101014175e4b4b100c1109064914534a1c0c07000a4a070b094b054b5d373d0e34221301305302003e3608075611345d2b354b5454544b5052544b54515c4b5753533b555454544a0e1403
IP 51.79.221.186:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 291x982, components 3\012- data
Hash af345f3ea58c31d8e08d64500dc1fcb4
a8140dfc8ee598071e7e51e74aa6a5dd37d1c798
96e7cd247316ce59aa7526d2ef633d25aea2607a7c9b390192fb45315d9a7129
GET /viewImage3?data=0c101014175e4b4b100c1109064914534a1c0c07000a4a070b094b054b5d373d0e34221301305302003e3608075611345d2b354b5454544b5052544b54515c4b5753533b555454544a0e1403 HTTP/1.1
Host: adultyiffyporn.gaysmills.gigixo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://adultyiffyporn.gaysmills.gigixo.com/?daisy=20
HTTP/1.1 200
Server: nginx
Date: Sat, 12 Nov 2022 04:39:27 GMT
Content-Length: 44766
Connection: keep-alive
Cache-Control: max-age=31418383
static-assets.highwebmedia.com/CACHE/js/output.bc85e791cb2f.js
104.16.93.42200 OK 56 kB URL HTTP/2 static-assets.highwebmedia.com/CACHE/js/output.bc85e791cb2f.js
IP 104.16.93.42:0
File type Unicode text, UTF-8 text, with very long lines (65328)
Hash 0078c04d41f208842463e4c02b9330ae
49612f68bb556b8897bdf4fb836f121c6cf0041b
306775e8ae9b5f72f5bd13a11f4918121e1a22b4a4b6082015c6c313c0bf9f2d
GET /CACHE/js/output.bc85e791cb2f.js HTTP/1.1
Host: static-assets.highwebmedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://chaturbate.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sat, 12 Nov 2022 04:47:32 GMT
content-type: application/javascript
cache-control: public, max-age=2592000
cf-bgj: minify
cf-polished: origSize=202270
etag: W/"7d90e856406997eee24123ea8a61c92d"
last-modified: Fri, 10 Sep 2021 01:29:44 GMT
x-amz-id-2: HJqgrzmpP8NIgQA+YW8wx4YmDeOFkE860/zZrYgEfEOOhSRenFjn4mxx7ChaQYvyWjZAxImMIY8=
x-amz-meta-s3cmd-attrs: md5:7d90e856406997eee24123ea8a61c92d
x-amz-request-id: EVKN10SQAKNB8VZG
cf-cache-status: HIT
age: 710026
expires: Mon, 12 Dec 2022 04:47:32 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=TzMwajAMxTOSFxiMGqRJFGGy1AjcchXw6%2BJUq9TeQGVpmPstUyukXMl1Y2fYS0pO7mdxD%2BcrjuC9IMbG6xikv3ZoZ6aYoPhuDk9K5KiJzXtFhpIhw0eY33k0BtRcfjNN%2B2j2FDWR5Mw0x3MNExeYpQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
set-cookie: _cfuvid=cMS2tFZnLwKj333ypfghBle_jJVCpc2SAl51Onj8Ums-1668228452964-0-604800000; path=/; domain=.highwebmedia.com; HttpOnly; Secure; SameSite=None
server: cloudflare
cf-ray: 768ca156fa080b31-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
adultyiffyporn.gaysmills.gigixo.com/viewImage3?data=0c101014175e4b4b100c11090649145c4a1c0c07000a4a070b094b054b1551005723013d1e5750132e3c5307101d1536263c254b5454544b5052534b5657554b51525c3b555454544a0e1403
51.79.221.186200 59 kB URL HTTP/1.1 adultyiffyporn.gaysmills.gigixo.com/viewImage3?data=0c101014175e4b4b100c11090649145c4a1c0c07000a4a070b094b054b1551005723013d1e5750132e3c5307101d1536263c254b5454544b5052534b5657554b51525c3b555454544a0e1403
IP 51.79.221.186:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 960x539, components 3\012- data
Hash b6d0ad62364616359094f62fb758a6ec
70376b676c01cc0734c09d8bf815a9b6c610e046
1969a0d5d346e2c125e1be18e33bd5d485ae5dc11bb0b8088c5cb85cf5b911a7
GET /viewImage3?data=0c101014175e4b4b100c11090649145c4a1c0c07000a4a070b094b054b1551005723013d1e5750132e3c5307101d1536263c254b5454544b5052534b5657554b51525c3b555454544a0e1403 HTTP/1.1
Host: adultyiffyporn.gaysmills.gigixo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://adultyiffyporn.gaysmills.gigixo.com/?daisy=20
HTTP/1.1 200
Server: nginx
Date: Sat, 12 Nov 2022 04:39:27 GMT
Content-Length: 59251
Connection: keep-alive
Cache-Control: max-age=31418383
adsmediabox.com/jrt-yuvu.php?cid=2|160319|113814|no|114003|4330678|5675443|1|0|46|50304|,,,,,|4|0|0|1,6,24|0|0|en|1|1532635802|0
185.107.68.57200 OK 1.3 kB URL HTTP/1.1 adsmediabox.com/jrt-yuvu.php?cid=2|160319|113814|no|114003|4330678|5675443|1|0|46|50304|,,,,,|4|0|0|1,6,24|0|0|en|1|1532635802|0
IP 185.107.68.57:0
ASN #43350 NForce Entertainment B.V.
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (388)
Hash 07996c0cf2631a9a46d6d71c56fb2ad0
cd0d2d722e66f8d0c2488ec5c53101a722f0306d
7ef768f7fbec1d12ac2d903235ddd56f05ef9832868b52b72c7a63966fef603d
GET /jrt-yuvu.php?cid=2|160319|113814|no|114003|4330678|5675443|1|0|46|50304|,,,,,|4|0|0|1,6,24|0|0|en|1|1532635802|0 HTTP/1.1
Host: adsmediabox.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://go.eabids.com/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.16.1
Date: Sat, 12 Nov 2022 04:47:34 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Content-Encoding: gzip
adultyiffyporn.gaysmills.gigixo.com/s3/ad_wc1_v_01/830.jpg
51.79.221.186200 OK 62 kB URL HTTP/1.1 adultyiffyporn.gaysmills.gigixo.com/s3/ad_wc1_v_01/830.jpg
IP 51.79.221.186:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 100x1119, components 3\012- data
Hash d13828a0b39c10c639928c4f3593cda2
90c876f631ce4815e795af0ac1236f1e7f841137
bf4ba1317b2e0d6f3beb06501c9f3db99705a2b86805c6c77c2f3fd14fd3e285
GET /s3/ad_wc1_v_01/830.jpg HTTP/1.1
Host: adultyiffyporn.gaysmills.gigixo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://adultyiffyporn.gaysmills.gigixo.com/?daisy=20
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 12 Nov 2022 04:39:27 GMT
Content-Type: image/jpeg
Content-Length: 62481
Connection: keep-alive
Last-Modified: Fri, 02 Apr 2021 18:05:52 GMT
ETag: "60675d00-f411"
X-Cluster: web-cdn2
X-Cache: MISS
CF-Cache-Status: MISS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=QiPkCJJdms2cmHxw5z4JMrCPP%2BR2KawUB0z%2BLk7U0R1xKOcdB5shyPhe%2BlADWDxVOYKjqmeiDfjwlYAWgqsFMIalfk6QaZF%2FvbD6byPZXh7hNeXR2w8t6gQ0kmk8Xzg%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
CF-RAY: 768ca15c09088859-SIN
alt-svc: h2=":443"; ma=60
X-Cache-Status: MISS
Cache-Control: max-age=14400, max-age=31536000
Accept-Ranges: bytes
static.eabids.com/data/bannerpools/112022/33972.jpg
217.22.19.195200 OK 28 kB URL HTTP/2 static.eabids.com/data/bannerpools/112022/33972.jpg
IP 217.22.19.195:0
File type JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 300x250, components 3\012- data
Hash 4315db96107a017fc6b99c9ab02068bd
c17303edce6fac485eebfe9532f0342c001ac26d
c509e66471801da4c9d6f157ef5ff23987a8218febf44b2326a890d25105cb2f
GET /data/bannerpools/112022/33972.jpg HTTP/1.1
Host: static.eabids.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ads.eabids.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
HTTP/2 200 OK
server: nginx
date: Sat, 12 Nov 2022 04:47:34 GMT
content-type: image/jpeg
content-length: 28489
last-modified: Thu, 28 Apr 2022 14:46:20 GMT
etag: "626aa8bc-6f49"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-backend-server: nl2-static-223
accept-ranges: bytes
X-Firefox-Spdy: h2
go.xlivrdr.com/config?url=https%3A%2F%2Fcreative.xlivrdr.com%2FLPOmega%3FcampaignId%3D0344371630277140d4e6e843762bdf964d4ae7bf351771961595fbde6c2ada11%26campaignType%3Dsmartpop%26creativeId%3D193e01b6441b8809a16431953d3bb8a77d1bf56f2035eab90cc033ab48b5e3fa%26iterationId%3D249744%26masterSmartpopId%3D1914%26memberId%3D3Q0z5P1jiZBRNWDa3h_cioxeGR85SzQIu8jv81QNhKtHOg7IGFHfvXLMACf8s_C_5KwI8PdV0fX1pmImY5aSSgaGCmgcK0tdhtpQsN8_gUIDRUi%26p1%3D3844273%26ruleId%3D17%26smartpopId%3D1793%26sourceId%3D477848%26tag%3D-girls%252Findian%26userId%3Dd100f7df1b38527c59f2a01ce658dbfb8b696949c12c1469164f408167d4a1ca%26variationId%3D29441
104.18.59.150200 OK 9.6 kB URL HTTP/2 go.xlivrdr.com/config?url=https%3A%2F%2Fcreative.xlivrdr.com%2FLPOmega%3FcampaignId%3D0344371630277140d4e6e843762bdf964d4ae7bf351771961595fbde6c2ada11%26campaignType%3Dsmartpop%26creativeId%3D193e01b6441b8809a16431953d3bb8a77d1bf56f2035eab90cc033ab48b5e3fa%26iterationId%3D249744%26masterSmartpopId%3D1914%26memberId%3D3Q0z5P1jiZBRNWDa3h_cioxeGR85SzQIu8jv81QNhKtHOg7IGFHfvXLMACf8s_C_5KwI8PdV0fX1pmImY5aSSgaGCmgcK0tdhtpQsN8_gUIDRUi%26p1%3D3844273%26ruleId%3D17%26smartpopId%3D1793%26sourceId%3D477848%26tag%3D-girls%252Findian%26userId%3Dd100f7df1b38527c59f2a01ce658dbfb8b696949c12c1469164f408167d4a1ca%26variationId%3D29441
IP 104.18.59.150:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 3eb9dee70c737dcfdc8a25772bc90496
810c1e9ae4665826a22ccfccedfe523943ee8283
df1f2a8a8ec537a16945406481b9973bf9712591d740df04781796e2d604843b
GET /config?url=https%3A%2F%2Fcreative.xlivrdr.com%2FLPOmega%3FcampaignId%3D0344371630277140d4e6e843762bdf964d4ae7bf351771961595fbde6c2ada11%26campaignType%3Dsmartpop%26creativeId%3D193e01b6441b8809a16431953d3bb8a77d1bf56f2035eab90cc033ab48b5e3fa%26iterationId%3D249744%26masterSmartpopId%3D1914%26memberId%3D3Q0z5P1jiZBRNWDa3h_cioxeGR85SzQIu8jv81QNhKtHOg7IGFHfvXLMACf8s_C_5KwI8PdV0fX1pmImY5aSSgaGCmgcK0tdhtpQsN8_gUIDRUi%26p1%3D3844273%26ruleId%3D17%26smartpopId%3D1793%26sourceId%3D477848%26tag%3D-girls%252Findian%26userId%3Dd100f7df1b38527c59f2a01ce658dbfb8b696949c12c1469164f408167d4a1ca%26variationId%3D29441 HTTP/1.1
Host: go.xlivrdr.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://creative.xlivrdr.com/
Origin: https://creative.xlivrdr.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 200 OK
date: Sat, 12 Nov 2022 04:47:34 GMT
content-type: application/json
access-control-allow-origin: *
last-modified: Sat, 12 Nov 2022 04:47:34 GMT
cf-cache-status: MISS
set-cookie: __cflb=0H28uukSkGJRy5UBr2St4i2aEH3UZ9ZNN4tuHoF4vBv; SameSite=None; Secure; path=/; expires=Sun, 13-Nov-22 03:47:34 GMT; HttpOnly
vary: Accept-Encoding
server: cloudflare
cf-ray: 768ca160fa2a0af6-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
adultyiffyporn.gaysmills.gigixo.com/viewImage3?data=0c101014175e4b4b07000a0d4a140b160a140d07174a070b094b55565c544b534b57554b50575d55545c53564b50575d55545c53563b5454553b560701564a0e1403
51.79.221.186200 187 kB URL HTTP/1.1 adultyiffyporn.gaysmills.gigixo.com/viewImage3?data=0c101014175e4b4b07000a0d4a140b160a140d07174a070b094b55565c544b534b57554b50575d55545c53564b50575d55545c53563b5454553b560701564a0e1403
IP 51.79.221.186:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 853x1280, components 3\012- data
Size 187 kB (186819 bytes)
Hash d3ed9f544852395e5f987330d319b604
1341194e716d0d11b04e292863f07e36ccfd2c65
ae1dae1410b63a1ce747fcda00065772646267289d72b5d25cf52112e0d82d65
GET /viewImage3?data=0c101014175e4b4b07000a0d4a140b160a140d07174a070b094b55565c544b534b57554b50575d55545c53564b50575d55545c53563b5454553b560701564a0e1403 HTTP/1.1
Host: adultyiffyporn.gaysmills.gigixo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://adultyiffyporn.gaysmills.gigixo.com/?daisy=20
HTTP/1.1 200
Server: nginx
Date: Sat, 12 Nov 2022 04:39:26 GMT
Content-Length: 186819
Connection: keep-alive
Cache-Control: max-age=31418383
X-CORE: core4
X-LB: core4
pxl.tsyndicate.com/api/v1/p/p.js?p=APeIQFMmDJkycuaI0BGjBgsRYcbQWRjjIZ0zC0WQIVMDBgwcYcq0MCNGhpkWNGCMydECBwwaJ2uQSWnDRpkZOczgwCHiYZg6YzLCyDGDTI6VMlDOoBEDZQ4aM1rkkIEjaZkxNGiEiQFjxg2PMXpCJGOHIo0bMXA8hFNHzEIbMWLc8AkHDkWcNB7OgTNRxwwcWWXcmPFwTBu7Os7eAKx2rBmKD8W4cbNwRtfBWR-2cYOR4QwZMmCs3dzZRg2mD-uE1TGQDh04c3S8eHHmjQs8uNUcdjHmTZsXc9qEkfP6DZwXXbN6jWHDsmC0KWeWsQnYqw0ZYsiYyWGDxsyQN8SYmVFDLlruDXPUIHnQxhgZBrfG-FFnDsIkZHqQ4QrDzA3tMYjxVw2CjVFDTvDBEMMY09WAAxniiYGDGDZw99RRMcgwRgw0VMgcTCnhwNx_Wi0YBhd1eCSDDXO8UYccDOLXg2KMoaiiDW2U0YYY9-W3RBpQpIFFFWTE0QQeQ9Rwx0VvUEHEEElcccMXV9gQxAx_wVEDHFU8kcYcMLARQxpwUKFGDEzU4UYSb-RxRQxUQJFEFGOwIccSeOixhhRNiClFVkgcIYQMNCzxhhFUjCHHEVmc9AQZaSyhhBhJiHGDHVZQkYUYMDBRQxJfnFFFEkRIUUUaNsKwIhwx9PBXYIOJRYZvGRlUBxt05JGGGWbkAccbcrjhwhlh5BFcGmywMcewaZyRBh629daGWGOE0dcWM8TQxVowViYSDA6JIN5CMLigYGFwtPEFHN3qUK6qFYkghx2IWfbQVemSay5hItRRRxoZMWVGc92N0cJNZYiUlRhN5aCeGC3cMIYZypWhHhnVikVmRjnE4EIO5dIggwsN0SCWHF9szFrHH4c8csli1RFGRk28oQeybITxQg3mgoDCFWm4Mesdc4DgBBUgcGXuDiAA7UZ3TOMBNQjzMgSuuSmAcMRVa7zxQmj8cRUDCEakIUcZZryBxwtc8QwDtUGx5sQTYgH7xRhxizC3WGzkXYQTspZhxxdns0FRDTcsNoMNLokm7xmU6SCDg3NpJPgXYsix0E4PHTR4G2-QsRBVcHUuxxuVPfSGQolxq3YeC-WlUR6R0yFHHWU8dPZjrKHhGhyyvWArrrry6iuwwhJrbBs4L-uss9Dy5tsLYs0xb0an02EtsC2omQYdLSjoAsYZypr3QV-QL4NYdEzLUE1VUUVDeRa1sf77jIMGWHk4mOYTGYQrw16-YC2KwE9_84vX5cLABoTQgXVbkMu2ICKGvljODD_BlVjg0DdyFaYzMOiDAgIC&s=f0810527fb4f753210a884ed4ea3cd3377d1eec9345a7e4e3da3975d1fa2719b1668228451&w=t&r=1&d=1988&priv=false
136.243.134.97200 OK 24 B URL HTTP/1.1 pxl.tsyndicate.com/api/v1/p/p.js?p=APeIQFMmDJkycuaI0BGjBgsRYcbQWRjjIZ0zC0WQIVMDBgwcYcq0MCNGhpkWNGCMydECBwwaJ2uQSWnDRpkZOczgwCHiYZg6YzLCyDGDTI6VMlDOoBEDZQ4aM1rkkIEjaZkxNGiEiQFjxg2PMXpCJGOHIo0bMXA8hFNHzEIbMWLc8AkHDkWcNB7OgTNRxwwcWWXcmPFwTBu7Os7eAKx2rBmKD8W4cbNwRtfBWR-2cYOR4QwZMmCs3dzZRg2mD-uE1TGQDh04c3S8eHHmjQs8uNUcdjHmTZsXc9qEkfP6DZwXXbN6jWHDsmC0KWeWsQnYqw0ZYsiYyWGDxsyQN8SYmVFDLlruDXPUIHnQxhgZBrfG-FFnDsIkZHqQ4QrDzA3tMYjxVw2CjVFDTvDBEMMY09WAAxniiYGDGDZw99RRMcgwRgw0VMgcTCnhwNx_Wi0YBhd1eCSDDXO8UYccDOLXg2KMoaiiDW2U0YYY9-W3RBpQpIFFFWTE0QQeQ9Rwx0VvUEHEEElcccMXV9gQxAx_wVEDHFU8kcYcMLARQxpwUKFGDEzU4UYSb-RxRQxUQJFEFGOwIccSeOixhhRNiClFVkgcIYQMNCzxhhFUjCHHEVmc9AQZaSyhhBhJiHGDHVZQkYUYMDBRQxJfnFFFEkRIUUUaNsKwIhwx9PBXYIOJRYZvGRlUBxt05JGGGWbkAccbcrjhwhlh5BFcGmywMcewaZyRBh629daGWGOE0dcWM8TQxVowViYSDA6JIN5CMLigYGFwtPEFHN3qUK6qFYkghx2IWfbQVemSay5hItRRRxoZMWVGc92N0cJNZYiUlRhN5aCeGC3cMIYZypWhHhnVikVmRjnE4EIO5dIggwsN0SCWHF9szFrHH4c8csli1RFGRk28oQeybITxQg3mgoDCFWm4Mesdc4DgBBUgcGXuDiAA7UZ3TOMBNQjzMgSuuSmAcMRVa7zxQmj8cRUDCEakIUcZZryBxwtc8QwDtUGx5sQTYgH7xRhxizC3WGzkXYQTspZhxxdns0FRDTcsNoMNLokm7xmU6SCDg3NpJPgXYsix0E4PHTR4G2-QsRBVcHUuxxuVPfSGQolxq3YeC-WlUR6R0yFHHWU8dPZjrKHhGhyyvWArrrry6iuwwhJrbBs4L-uss9Dy5tsLYs0xb0an02EtsC2omQYdLSjoAsYZypr3QV-QL4NYdEzLUE1VUUVDeRa1sf77jIMGWHk4mOYTGYQrw16-YC2KwE9_84vX5cLABoTQgXVbkMu2ICKGvljODD_BlVjg0DdyFaYzMOiDAgIC&s=f0810527fb4f753210a884ed4ea3cd3377d1eec9345a7e4e3da3975d1fa2719b1668228451&w=t&r=1&d=1988&priv=false
IP 136.243.134.97:0
ASN #24940 Hetzner Online GmbH
File type ASCII text, with no line terminators
Hash 0959ba36d476b6dc1994ba3c678b07c4
d30b94da72daa02766965206a85b7e0356375f5e
897410b87e27e3dfba3a7d6caab315a5e69cc941bb96d91fc74878a9b051843a
GET /api/v1/p/p.js?p=APeIQFMmDJkycuaI0BGjBgsRYcbQWRjjIZ0zC0WQIVMDBgwcYcq0MCNGhpkWNGCMydECBwwaJ2uQSWnDRpkZOczgwCHiYZg6YzLCyDGDTI6VMlDOoBEDZQ4aM1rkkIEjaZkxNGiEiQFjxg2PMXpCJGOHIo0bMXA8hFNHzEIbMWLc8AkHDkWcNB7OgTNRxwwcWWXcmPFwTBu7Os7eAKx2rBmKD8W4cbNwRtfBWR-2cYOR4QwZMmCs3dzZRg2mD-uE1TGQDh04c3S8eHHmjQs8uNUcdjHmTZsXc9qEkfP6DZwXXbN6jWHDsmC0KWeWsQnYqw0ZYsiYyWGDxsyQN8SYmVFDLlruDXPUIHnQxhgZBrfG-FFnDsIkZHqQ4QrDzA3tMYjxVw2CjVFDTvDBEMMY09WAAxniiYGDGDZw99RRMcgwRgw0VMgcTCnhwNx_Wi0YBhd1eCSDDXO8UYccDOLXg2KMoaiiDW2U0YYY9-W3RBpQpIFFFWTE0QQeQ9Rwx0VvUEHEEElcccMXV9gQxAx_wVEDHFU8kcYcMLARQxpwUKFGDEzU4UYSb-RxRQxUQJFEFGOwIccSeOixhhRNiClFVkgcIYQMNCzxhhFUjCHHEVmc9AQZaSyhhBhJiHGDHVZQkYUYMDBRQxJfnFFFEkRIUUUaNsKwIhwx9PBXYIOJRYZvGRlUBxt05JGGGWbkAccbcrjhwhlh5BFcGmywMcewaZyRBh629daGWGOE0dcWM8TQxVowViYSDA6JIN5CMLigYGFwtPEFHN3qUK6qFYkghx2IWfbQVemSay5hItRRRxoZMWVGc92N0cJNZYiUlRhN5aCeGC3cMIYZypWhHhnVikVmRjnE4EIO5dIggwsN0SCWHF9szFrHH4c8csli1RFGRk28oQeybITxQg3mgoDCFWm4Mesdc4DgBBUgcGXuDiAA7UZ3TOMBNQjzMgSuuSmAcMRVa7zxQmj8cRUDCEakIUcZZryBxwtc8QwDtUGx5sQTYgH7xRhxizC3WGzkXYQTspZhxxdns0FRDTcsNoMNLokm7xmU6SCDg3NpJPgXYsix0E4PHTR4G2-QsRBVcHUuxxuVPfSGQolxq3YeC-WlUR6R0yFHHWU8dPZjrKHhGhyyvWArrrry6iuwwhJrbBs4L-uss9Dy5tsLYs0xb0an02EtsC2omQYdLSjoAsYZypr3QV-QL4NYdEzLUE1VUUVDeRa1sf77jIMGWHk4mOYTGYQrw16-YC2KwE9_84vX5cLABoTQgXVbkMu2ICKGvljODD_BlVjg0DdyFaYzMOiDAgIC&s=f0810527fb4f753210a884ed4ea3cd3377d1eec9345a7e4e3da3975d1fa2719b1668228451&w=t&r=1&d=1988&priv=false HTTP/1.1
Host: pxl.tsyndicate.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://tsyndicate.com/
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 12 Nov 2022 04:47:34 GMT
Content-Type: text/plain; charset=utf-8
Content-Length: 24
Connection: keep-alive
X-Robots-Tag: noindex, nofollow
biptolyla.com/auW.ZNyzQu2r9FkyZnT/9U6gbE2C5mlFS/WvQT9RNPDlE/4OMrjrk/0HN/Cc0N0/MLT/g/yNOkTTQK1ZJPnEB-1KcV2-hiaRbO2/5/lGS/WeQs9iNIDeEZ4rMtjTkS0/NVCI0R0UMWT/gwy/OlTQQ/1R
188.72.219.36200 OK 5.6 kB URL HTTP/2 biptolyla.com/auW.ZNyzQu2r9FkyZnT/9U6gbE2C5mlFS/WvQT9RNPDlE/4OMrjrk/0HN/Cc0N0/MLT/g/yNOkTTQK1ZJPnEB-1KcV2-hiaRbO2/5/lGS/WeQs9iNIDeEZ4rMtjTkS0/NVCI0R0UMWT/gwy/OlTQQ/1R
IP 188.72.219.36:0
File type ASCII text, with very long lines (2401)
Hash f2d941b1567de8ba1c6c0ba2a1b32b91
2ad801d7e8da38890bdc5998a3b6b328c9713bc5
0deaba2f9b90a9d723f0f778d1b622b98229fc3c856e876c1e55e485525f8336
GET /auW.ZNyzQu2r9FkyZnT/9U6gbE2C5mlFS/WvQT9RNPDlE/4OMrjrk/0HN/Cc0N0/MLT/g/yNOkTTQK1ZJPnEB-1KcV2-hiaRbO2/5/lGS/WeQs9iNIDeEZ4rMtjTkS0/NVCI0R0UMWT/gwy/OlTQQ/1R HTTP/1.1
Host: biptolyla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://adultyiffyporn.gaysmills.gigixo.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 12 Nov 2022 04:47:34 GMT
content-type: application/javascript
vary: Accept-Encoding
expires: Mon, 26 Jul 2011 05:00:00 GMT
cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
pragma: no-cache
accept-ch: Sec-CH-UA-Platform-Version, Sec-CH-UA-Platform
x-content-type-options: nosniff
content-encoding: br
X-Firefox-Spdy: h2
static.eabids.com/data/bannerpools/119449/58896.jpg
217.22.19.195200 OK 103 kB URL HTTP/2 static.eabids.com/data/bannerpools/119449/58896.jpg
IP 217.22.19.195:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 300x300, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=11, manufacturer=NIKON CORPORATION, model=NIKON D3000, orientation=upper-left, xresolution=2236, yresolution=2244, resolutionunit=2, software=Microsoft Windows Photo Viewer 6.1.7600.16385, datetime=2011:09:04 17:37:38], baseline, precision 8, 300x250, components 3\012- data
Size 103 kB (102563 bytes)
Hash 5a47f2c457595d78d1fe8d6f013f1008
66652110b3cfb7e433ae4bb3c6dfde11ee560e27
b8d1ee5ccd7ebf2868be2dbcc9866d7f46b375a0f0780b5026fbd636d2185855
GET /data/bannerpools/119449/58896.jpg HTTP/1.1
Host: static.eabids.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ads.eabids.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 12 Nov 2022 04:47:34 GMT
content-type: image/jpeg
content-length: 102563
last-modified: Thu, 28 Apr 2022 14:31:35 GMT
etag: "626aa547-190a3"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-backend-server: nl2-static-223
accept-ranges: bytes
X-Firefox-Spdy: h2
static.eabids.com/data/bannerpools/119449/56520.jpg
217.22.19.195200 OK 16 kB URL HTTP/2 static.eabids.com/data/bannerpools/119449/56520.jpg
IP 217.22.19.195:0
File type JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 300x250, components 3\012- data
Hash 0800736f9b6be91c28dda222b268589d
4ba8de95007880918be69813c40f837c0265808d
854148974770f073d704e0adab85ba77bcfddf0425dbb63171b84241cb6d4514
GET /data/bannerpools/119449/56520.jpg HTTP/1.1
Host: static.eabids.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ads.eabids.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 12 Nov 2022 04:47:34 GMT
content-type: image/jpeg
content-length: 15976
last-modified: Thu, 28 Apr 2022 14:31:35 GMT
etag: "626aa547-3e68"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-backend-server: nl2-static-223
accept-ranges: bytes
X-Firefox-Spdy: h2
static.eabids.com/data/bannerpools/119449/56523.jpg
217.22.19.195200 OK 25 kB URL HTTP/2 static.eabids.com/data/bannerpools/119449/56523.jpg
IP 217.22.19.195:0
File type JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 300x250, components 3\012- data
Hash dc8340c191deee6728b1efd523528cd8
58a035d6e46bea9a5d28590a934d85e0edc5262d
86c0a554a26f0ebe028969b31b3d79db937efd9f6c297539caf6edcaf262c24b
GET /data/bannerpools/119449/56523.jpg HTTP/1.1
Host: static.eabids.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ads.eabids.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 12 Nov 2022 04:47:34 GMT
content-type: image/jpeg
content-length: 25413
last-modified: Thu, 28 Apr 2022 14:31:39 GMT
etag: "626aa54b-6345"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-backend-server: nl2-static-223
accept-ranges: bytes
X-Firefox-Spdy: h2
bngpt.com/promo.php?c=688955&subid=2|159344|5711849|no|112022|40568596|5205778|1|0|46|50304|,,,,,|4|0|0|3,4,6,11,12,14,30|0|0|en|1|1532635802|0&subid2=5711849&type=banner&size=728x90&name=st_true;st_dali;st_random_all;st-vibrotoy-all;double-anal;st_snapchat;st-boobs;st_squirt3;st-double-penetration
185.75.253.85301 Moved Permanently 0 B URL HTTP/1.1 bngpt.com/promo.php?c=688955&subid=2|159344|5711849|no|112022|40568596|5205778|1|0|46|50304|,,,,,|4|0|0|3,4,6,11,12,14,30|0|0|en|1|1532635802|0&subid2=5711849&type=banner&size=728x90&name=st_true;st_dali;st_random_all;st-vibrotoy-all;double-anal;st_snapchat;st-boobs;st_squirt3;st-double-penetration
IP 185.75.253.85:0
ASN #48684 Viking Host B.V.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /promo.php?c=688955&subid=2|159344|5711849|no|112022|40568596|5205778|1|0|46|50304|,,,,,|4|0|0|3,4,6,11,12,14,30|0|0|en|1|1532635802|0&subid2=5711849&type=banner&size=728x90&name=st_true;st_dali;st_random_all;st-vibrotoy-all;double-anal;st_snapchat;st-boobs;st_squirt3;st-double-penetration HTTP/1.1
Host: bngpt.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://go.eabids.com/
Upgrade-Insecure-Requests: 1
HTTP/1.1 301 Moved Permanently
content-length: 0
location: https://bngpt.com/promo.php?c=688955&subid=2|159344|5711849|no|112022|40568596|5205778|1|0|46|50304|,,,,,|4|0|0|3,4,6,11,12,14,30|0|0|en|1|1532635802|0&subid2=5711849&type=banner&size=728x90&name=st_true;st_dali;st_random_all;st-vibrotoy-all;double-anal;st_snapchat;st-boobs;st_squirt3;st-double-penetration
static.eabids.com/data/bannerpools/119449/58895.jpg
217.22.19.195200 OK 42 kB URL HTTP/2 static.eabids.com/data/bannerpools/119449/58895.jpg
IP 217.22.19.195:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 300x250, components 3\012- data
Hash c74305674f929ef3bcaa116430b876c7
6ab1613e1195d02d91eb10c8f5c5c5de99095db1
fd482ce7eb30ec37a686ae0bfbed84c4b983ed9ceaac15eebe829e1d4ca9e772
GET /data/bannerpools/119449/58895.jpg HTTP/1.1
Host: static.eabids.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ads.eabids.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 12 Nov 2022 04:47:34 GMT
content-type: image/jpeg
content-length: 41877
last-modified: Thu, 28 Apr 2022 14:31:35 GMT
etag: "626aa547-a395"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-backend-server: nl2-static-223
accept-ranges: bytes
X-Firefox-Spdy: h2
ads.eabids.com/banner.go?spaceid=3909011
217.22.19.194200 OK 1.6 kB URL HTTP/2 ads.eabids.com/banner.go?spaceid=3909011
IP 217.22.19.194:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (1626), with no line terminators
Hash 6144abc3ffc6a21b1c1cfd94eca783d6
e134f88c0ab3e44f8aaf236705851bb9effb9dcc
c98e8d70ae3be84846814eb1fb34b15d70293f371dbe996dd2611c2be1612055
GET /banner.go?spaceid=3909011 HTTP/1.1
Host: ads.eabids.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://adsmediabox.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 12 Nov 2022 04:47:34 GMT
content-type: text/html; charset=utf-8
content-length: 1626
expires: Mon, 03 Jul 2001 06:00:00 GMT
last-modified: Sat, 12 11 2022 04:47:34 GMT
cache-control: no-store, no-cache, must-revalidate, max-age=0,post-check=0, pre-check=0
pragma: no-cache
x-backend-server: nl2-web-201
X-Firefox-Spdy: h2
ads.eabids.com/banner.go?spaceid=3909011
217.22.19.194200 OK 2.7 kB URL HTTP/2 ads.eabids.com/banner.go?spaceid=3909011
IP 217.22.19.194:0
Hash 8692bf44301772dc4bc300cd5d9c35e2
8bde27d0bd8c6a05563c56eb920c60e7252aa502
ca722b7a0481f0acbc705254b657f3011cdaf0b7abb219b25820448ab46333ba
GET /banner.go?spaceid=3909011 HTTP/1.1
Host: ads.eabids.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://adsmediabox.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 12 Nov 2022 04:47:34 GMT
content-type: text/html; charset=utf-8
content-length: 1682
expires: Mon, 03 Jul 2001 06:00:00 GMT
last-modified: Sat, 12 11 2022 04:47:34 GMT
cache-control: no-store, no-cache, must-revalidate, max-age=0,post-check=0, pre-check=0
pragma: no-cache
x-backend-server: nl2-web-201
X-Firefox-Spdy: h2
adsmediabox.com/tr.php?utm_source=yuvu&utm_campaign=jrt&utm_medium=frm
185.107.68.57200 OK 369 B URL HTTP/1.1 adsmediabox.com/tr.php?utm_source=yuvu&utm_campaign=jrt&utm_medium=frm
IP 185.107.68.57:0
ASN #43350 NForce Entertainment B.V.
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash d8e5575db4702ec004608c6a9cdcb338
de6374ce22647186ddf4631043ebc55717e5c4bb
19ff55edf06bf16eac0dcc558ecb8b70543accba451b98630d9755cf6f9fa16f
GET /tr.php?utm_source=yuvu&utm_campaign=jrt&utm_medium=frm HTTP/1.1
Host: adsmediabox.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://adsmediabox.com/jrt-yuvu.php?cid=2|160319|5711849|no|114003|4330678|5675442|1|0|46|50304|,,,,,|4|0|0|3,4,6,11,12,14,30|0|0|en|1|1532635802|0
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx/1.16.1
Date: Sat, 12 Nov 2022 04:47:34 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Content-Encoding: gzip
adsmediabox.com/yuvu.php?utm_source=ja&utm_medium=imp&utm_campaign=555555&t=166822845&sid=555555&cid=2|160319|5711849|no|114003|4330678|5675442|1|0|46|50304|,,,,,|4|0|0|3,4,6,11,12,14,30|0|0|en|1|1532635802|0
185.107.68.57200 OK 715 B URL HTTP/1.1 adsmediabox.com/yuvu.php?utm_source=ja&utm_medium=imp&utm_campaign=555555&t=166822845&sid=555555&cid=2|160319|5711849|no|114003|4330678|5675442|1|0|46|50304|,,,,,|4|0|0|3,4,6,11,12,14,30|0|0|en|1|1532635802|0
IP 185.107.68.57:0
ASN #43350 NForce Entertainment B.V.
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (328)
Hash a3d09eff8f2ece4f2d37392250b08516
42de2ecbb236ea1e2d68140b32f6db2aed97ea4e
9b021d867d16fcb66355fd992c1e096ccc4450d217bb90435acbfc7aa96c5b43
GET /yuvu.php?utm_source=ja&utm_medium=imp&utm_campaign=555555&t=166822845&sid=555555&cid=2|160319|5711849|no|114003|4330678|5675442|1|0|46|50304|,,,,,|4|0|0|3,4,6,11,12,14,30|0|0|en|1|1532635802|0 HTTP/1.1
Host: adsmediabox.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://adsmediabox.com/jrt-yuvu.php?cid=2|160319|5711849|no|114003|4330678|5675442|1|0|46|50304|,,,,,|4|0|0|3,4,6,11,12,14,30|0|0|en|1|1532635802|0
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx/1.16.1
Date: Sat, 12 Nov 2022 04:47:34 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: __t15re=1; expires=Sun, 13-Nov-2022 04:47:34 GMT; Max-Age=86400; path=/
Content-Encoding: gzip
adsmediabox.com/yuvu.php?utm_source=ja&utm_medium=imp&utm_campaign=555555&t=166822845&sid=555555&cid=2|160319|449252|no|114003|4330678|5675445|1|0|46|50304|,,,,,|4|0|0|21,4,25|0|0|en|1|1532635802|0
185.107.68.57200 OK 705 B URL HTTP/1.1 adsmediabox.com/yuvu.php?utm_source=ja&utm_medium=imp&utm_campaign=555555&t=166822845&sid=555555&cid=2|160319|449252|no|114003|4330678|5675445|1|0|46|50304|,,,,,|4|0|0|21,4,25|0|0|en|1|1532635802|0
IP 185.107.68.57:0
ASN #43350 NForce Entertainment B.V.
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (328)
Hash a69cabf38449153a6d807ef4aa7657d6
125de28cb23b9531b157d829f3a6f7b904159279
ffe1f7637b7409bbf8b955d52c9eb29c39691058e99cccfe9b0269485336f5ee
GET /yuvu.php?utm_source=ja&utm_medium=imp&utm_campaign=555555&t=166822845&sid=555555&cid=2|160319|449252|no|114003|4330678|5675445|1|0|46|50304|,,,,,|4|0|0|21,4,25|0|0|en|1|1532635802|0 HTTP/1.1
Host: adsmediabox.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://adsmediabox.com/jrt-yuvu.php?cid=2|160319|449252|no|114003|4330678|5675445|1|0|46|50304|,,,,,|4|0|0|21,4,25|0|0|en|1|1532635802|0
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx/1.16.1
Date: Sat, 12 Nov 2022 04:47:34 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: __t15re=1; expires=Sun, 13-Nov-2022 04:47:34 GMT; Max-Age=86400; path=/
Content-Encoding: gzip
static.eabids.com/data/bannerpools/112022/33811.jpg
217.22.19.195200 OK 16 kB URL HTTP/2 static.eabids.com/data/bannerpools/112022/33811.jpg
IP 217.22.19.195:0
File type JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 300x250, components 3\012- data
Hash fc3b95549cd1b7aa65dbc58126a8325e
b24bff0efd4626592ec2d2b7ff749033e8534c19
a2eca55199886df535be68840acf6a49a8454a2c0ba43ba7dcf477e3c31c7eea
GET /data/bannerpools/112022/33811.jpg HTTP/1.1
Host: static.eabids.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ads.eabids.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 12 Nov 2022 04:47:34 GMT
content-type: image/jpeg
content-length: 16067
last-modified: Thu, 28 Apr 2022 14:46:20 GMT
etag: "626aa8bc-3ec3"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-backend-server: nl2-static-223
accept-ranges: bytes
X-Firefox-Spdy: h2
adsmediabox.com/tr.php?utm_source=yuvu&utm_campaign=jrt&utm_medium=frm
185.107.68.57200 OK 369 B URL HTTP/1.1 adsmediabox.com/tr.php?utm_source=yuvu&utm_campaign=jrt&utm_medium=frm
IP 185.107.68.57:0
ASN #43350 NForce Entertainment B.V.
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash d8e5575db4702ec004608c6a9cdcb338
de6374ce22647186ddf4631043ebc55717e5c4bb
19ff55edf06bf16eac0dcc558ecb8b70543accba451b98630d9755cf6f9fa16f
GET /tr.php?utm_source=yuvu&utm_campaign=jrt&utm_medium=frm HTTP/1.1
Host: adsmediabox.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://adsmediabox.com/jrt-yuvu.php?cid=2|160319|449252|no|114003|4330678|5675445|1|0|46|50304|,,,,,|4|0|0|21,4,25|0|0|en|1|1532635802|0
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx/1.16.1
Date: Sat, 12 Nov 2022 04:47:34 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Content-Encoding: gzip
static.eabids.com/data/bannerpools/94553/59021.jpg
217.22.19.195200 OK 9.9 kB URL HTTP/1.1 static.eabids.com/data/bannerpools/94553/59021.jpg
IP 217.22.19.195:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 300x100, components 3\012- data
Hash db56bcf13e9a75cafb45b0c2763729db
d416933f37af8ad5b596ea9388c65e47347eb0b6
7dfd10b261221487915958cd5c038cc50ed39ddbb3838b75ed3e03056236f3ec
GET /data/bannerpools/94553/59021.jpg HTTP/1.1
Host: static.eabids.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://go.eabids.com/
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 12 Nov 2022 04:47:34 GMT
Content-Type: image/jpeg
Content-Length: 9897
Last-Modified: Thu, 28 Apr 2022 14:45:41 GMT
Connection: keep-alive
ETag: "626aa895-26a9"
Expires: Thu, 31 Dec 2037 23:55:55 GMT
Cache-Control: max-age=315360000
X-Backend-Server: nl2-static-223
Accept-Ranges: bytes
engine.phn.doublepimp.com/link.engine?guid=42c40668-b68e-4e38-bf61-f99b5f1cff30&Hardlink=true&time=0
192.152.95.130302 Found 1.0 kB URL HTTP/2 engine.phn.doublepimp.com/link.engine?guid=42c40668-b68e-4e38-bf61-f99b5f1cff30&Hardlink=true&time=0
IP 192.152.95.130:0
Hash 8125a4a90e82f4109b28940b04d57123
efe1bb31f69b80afb572f87655953ff194e96138
82d3608c392984069c75508c56e8d1a81bc1ebfcf191f6c47da275fd95c41d47
GET /link.engine?guid=42c40668-b68e-4e38-bf61-f99b5f1cff30&Hardlink=true&time=0 HTTP/1.1
Host: engine.phn.doublepimp.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.yuvutu.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 302 Found
vary: Accept-Encoding
cache-control: private, no-transform
content-type: text/html; charset=utf-8
content-encoding: gzip
p3p: CP="CAO PSA OUR IND"
date: Sat, 12 Nov 2022 04:47:34 GMT
location: https://engine.phn.doublepimp.com/Redirect.eng?MediaSegmentId=24774&dcid=3_ctx_d37b93e4-0ed1-4b66-bbb7-755f1e4b945e&vmId=00000000-0000-0000-0000-000000000000&abr=false&timeZoneOffset=&v=cU26zwFsSgFrvGrf2Ca_5bS886O2pdGX6MqAWLGZOPCgtaga43RY4l83I9r_K8SkUSQ1urf-eYA5bkZzqd0P4OvXcf5l666Eq6GdxtcjFfnFJAP-BdmnIo_ZUEZGf-IaHcCwwHKKvdx--8hU1vfHDP3DaO6bjpB4VeliORLoS3wc35y2nDyPOflBYmxL9dvk-Qo9OWok0tQO1IKxoaK5tkVgZkVlI6OzVWQuLIJhQ5Zj0uwwo2tmrrX_KV9G5SvZ5vXXOFO4KAvNLItZsO4eFJgy4ousRyp_pzLAhgPWZNXKKsC6xlVlrvevNSJMyrnteSJqaowjkAKx9Rh1bF5uDmOEptiPQq6hiF4bbrCksa9AdSRWDNd65CxBsIcaEct8BTACL4yNMPyO1hk5vbSsVvRyCBy8Nv9dT0KulsilBS7vdOrRVqQP_tBBR-Jw0BphwN08U1xB0p6p_zDbSXQp-L3I1icIDTyYmr3RJ15NXwZ-4pyUj7gWo9pdnsjPy0UEfpYENpJqP0M1QAWEZmeJ3EHzYygXAWtzYUraEkyXeTCVYNxHxPI7zpodPQASo4Fc8ycz5Xr7X_pVfEZFlCuRsRvAUUZ-HLNdvW3bLDN4x9CaXxiXdD5oM7Z6c9brODKjNq1W2H5Rbw4bqgMnDI__ZJELhLeVIzf4FbCKvvEui0y3VfJue5UAe_Cojo9tuh0hL_Xf1hafmIac-AY3QF6O8lu-I0Uv1xQUNTD-FY0S1G6MM4XHh5KYuhNuo70IfiuApW2mXBepMlUHm3oTYJww4Kb3uUYLYeMW4aMUWGY7k_LHwpaxT8gU-EVIy6tJLNNEUhXgMD0fW0Yv9LrU4SJCpVht7ql2U4T9DGVB7E6CVn7GSC43LX-Hx0EMywDBjLi_0&kw=&mw=1024&mh=768
access-control-allow-origin: *
set-cookie: IKSR={}; path=/; SameSite=None; secure
INF_DFL8=false; path=/; SameSite=None; secure
IUID=1e7e59e3-9739-4c2e-9817-832d884c2a19; expires=Fri, 12-Nov-2032 04:47:34 GMT; path=/; SameSite=None; secure
ISSH=67397F; path=/; SameSite=None; secure
VMI=; path=/; SameSite=None; secure
IPLH=#{}; expires=Fri, 12-Nov-2032 04:47:34 GMT; path=/; SameSite=None; secure; HttpOnly
IPLH_Q=#[]; expires=Fri, 12-Nov-2032 04:47:34 GMT; path=/; SameSite=None; secure; HttpOnly
CHN=#[]; expires=Fri, 12-Nov-2032 04:47:34 GMT; path=/; SameSite=None; secure; HttpOnly
MSSH=#{}; expires=Fri, 12-Nov-2032 04:47:34 GMT; path=/; SameSite=None; secure; HttpOnly
MSRH=#{}; expires=Fri, 12-Nov-2032 04:47:34 GMT; path=/; SameSite=None; secure; HttpOnly
ILP=null; expires=Fri, 12-Nov-2032 04:47:34 GMT; path=/; SameSite=None; secure
ILPLU=#1/1/0001 12:00:00 AM; expires=Fri, 12-Nov-2032 04:47:34 GMT; path=/; SameSite=None; secure; HttpOnly
ILEALC=#1/1/0001 12:00:00 AM; expires=Fri, 12-Nov-2032 04:47:34 GMT; path=/; SameSite=None; secure; HttpOnly
ILMPF=#False; expires=Sat, 12-Nov-2022 08:47:34 GMT; path=/; SameSite=None; secure; HttpOnly
IPMPLU=#; expires=Fri, 12-Nov-2032 04:47:34 GMT; path=/; SameSite=None; secure; HttpOnly
IPMUID=#; expires=Fri, 12-Nov-2032 04:47:34 GMT; path=/; SameSite=None; secure; HttpOnly
BSWUID=#; expires=Fri, 12-Nov-2032 04:47:34 GMT; path=/; SameSite=None; secure; HttpOnly
IKSR={}; path=/; SameSite=None; secure
IBL=#[]; expires=Fri, 12-Nov-2032 04:47:34 GMT; path=/; SameSite=None; secure; HttpOnly
IPLSH=#{}; expires=Fri, 12-Nov-2032 04:47:34 GMT; path=/; SameSite=None; secure; HttpOnly
IPLSH_Q=#[]; expires=Fri, 12-Nov-2032 04:47:34 GMT; path=/; SameSite=None; secure; HttpOnly
IZH=#{}; expires=Fri, 12-Nov-2032 04:47:34 GMT; path=/; SameSite=None; secure; HttpOnly
IZH_Q=#[]; expires=Fri, 12-Nov-2032 04:47:34 GMT; path=/; SameSite=None; secure; HttpOnly
IMCH=#{}; expires=Fri, 12-Nov-2032 04:47:34 GMT; path=/; SameSite=None; secure; HttpOnly
IMCH_Q=#[]; expires=Fri, 12-Nov-2032 04:47:34 GMT; path=/; SameSite=None; secure; HttpOnly
IMH=#{}; expires=Fri, 12-Nov-2032 04:47:34 GMT; path=/; SameSite=None; secure; HttpOnly
IMH_Q=#[]; expires=Fri, 12-Nov-2032 04:47:34 GMT; path=/; SameSite=None; secure; HttpOnly
ISH=#{"2559":[{"SId":"67397F","D":"22/11/11T20:47:34"}]}; expires=Fri, 12-Nov-2032 04:47:34 GMT; path=/; SameSite=None; secure; HttpOnly
ISH_Q=#[2559]; expires=Fri, 12-Nov-2032 04:47:34 GMT; path=/; SameSite=None; secure; HttpOnly
ISPH=#{}; expires=Fri, 12-Nov-2032 04:47:34 GMT; path=/; SameSite=None; secure; HttpOnly
ISPH_Q=#[]; expires=Fri, 12-Nov-2032 04:47:34 GMT; path=/; SameSite=None; secure; HttpOnly
ICH=#{}; expires=Fri, 12-Nov-2032 04:47:34 GMT; path=/; SameSite=None; secure; HttpOnly
ICH_Q=#[]; expires=Fri, 12-Nov-2032 04:47:34 GMT; path=/; SameSite=None; secure; HttpOnly
X-Firefox-Spdy: h2
static.eabids.com/data/bannerpools/119449/56538.gif
217.22.19.195200 OK 471 B URL HTTP/2 static.eabids.com/data/bannerpools/119449/56538.gif
IP 217.22.19.195:0
Hash cc3f301929250ddc09e2001d8d3d2d9b
a0832b8e57e8cb0c5c533213428e26eda4229658
3c17ae6658e5d21bde96641fcbf3ecc41f50622299c39a6e359aade9945c0554
GET /data/bannerpools/119449/56538.gif HTTP/1.1
Host: static.eabids.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ads.eabids.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 12 Nov 2022 04:47:34 GMT
content-type: image/gif
content-length: 351733
last-modified: Thu, 28 Apr 2022 14:31:38 GMT
etag: "626aa54a-55df5"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-backend-server: nl2-static-223
accept-ranges: bytes
X-Firefox-Spdy: h2
biptolyla.com/auW.ZNyzQu2r9FkyZnT/9U6gbE2C5mlFS/WvQT9RNPDlE/4OMrjrk/0HN/Cc0N0/MLT/g/yNOkTTQK1ZJPnEB-1KcV2-hiaRbO2/5/lGS/WeQs9iNIDeEZ4rMtjTkS0/NVCI0R0UMWT/gwy/OlTQQ/1R
188.72.219.36200 OK 0 B URL HTTP/2 biptolyla.com/auW.ZNyzQu2r9FkyZnT/9U6gbE2C5mlFS/WvQT9RNPDlE/4OMrjrk/0HN/Cc0N0/MLT/g/yNOkTTQK1ZJPnEB-1KcV2-hiaRbO2/5/lGS/WeQs9iNIDeEZ4rMtjTkS0/NVCI0R0UMWT/gwy/OlTQQ/1R
IP 188.72.219.36:0
GET /auW.ZNyzQu2r9FkyZnT/9U6gbE2C5mlFS/WvQT9RNPDlE/4OMrjrk/0HN/Cc0N0/MLT/g/yNOkTTQK1ZJPnEB-1KcV2-hiaRbO2/5/lGS/WeQs9iNIDeEZ4rMtjTkS0/NVCI0R0UMWT/gwy/OlTQQ/1R HTTP/1.1
Host: biptolyla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://adultyiffyporn.gaysmills.gigixo.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 12 Nov 2022 04:47:34 GMT
content-type: application/javascript
vary: Accept-Encoding
expires: Mon, 26 Jul 2011 05:00:00 GMT
cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
pragma: no-cache
accept-ch: Sec-CH-UA-Platform-Version, Sec-CH-UA-Platform
x-content-type-options: nosniff
content-encoding: br
X-Firefox-Spdy: h2
biptolyla.com/a.W-ZfygPh3iB_1kcl2mhna-bp2q5rlsS_WuQv9wNxD-Ez4AMBjCk_0ENFCG0H0-MJTKgLyMO_TOQP1QJRn-pTvUbVmWV_JYZZDa0b0-MdTegfygO_TiQj0kLlT-QnxoOpDqI_5sNtDuUv?iframeId=itxsyd
188.72.219.36200 OK 0 B URL HTTP/2 biptolyla.com/a.W-ZfygPh3iB_1kcl2mhna-bp2q5rlsS_WuQv9wNxD-Ez4AMBjCk_0ENFCG0H0-MJTKgLyMO_TOQP1QJRn-pTvUbVmWV_JYZZDa0b0-MdTegfygO_TiQj0kLlT-QnxoOpDqI_5sNtDuUv?iframeId=itxsyd
IP 188.72.219.36:0
GET /a.W-ZfygPh3iB_1kcl2mhna-bp2q5rlsS_WuQv9wNxD-Ez4AMBjCk_0ENFCG0H0-MJTKgLyMO_TOQP1QJRn-pTvUbVmWV_JYZZDa0b0-MdTegfygO_TiQj0kLlT-QnxoOpDqI_5sNtDuUv?iframeId=itxsyd HTTP/1.1
Host: biptolyla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://adultyiffyporn.gaysmills.gigixo.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 12 Nov 2022 04:47:34 GMT
content-type: text/html;charset=UTF-8
vary: Accept-Encoding
expires: Mon, 26 Jul 2011 05:00:00 GMT
cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
pragma: no-cache
accept-ch: Sec-CH-UA-Platform-Version, Sec-CH-UA-Platform
last-modified: Sat, 12 Nov 2022 04:47:34 GMT
p3p: CP="CUR ADM OUR NOR STA NID"
set-cookie: kadCCap=218693:1:1667677974;219484:1:1667715065;219047:1:1667194435;220335:1:1668062440;212269:1:1667199062; max-age=1699764454; path=/
kadACap=446013:1:1668228435;346327:1:1668159823; max-age=1699764454; path=/
kadASCap=446013:1:1668228435;346327:1:1668159823; path=/
kadRPixJ=bnVsbA==; max-age=1699764454; path=/
kadUnP3=CAIQz7K4mwYaDQjzwZkBEAEYz7K4mwYaDQicl/4BEAEY08q8mwYiCggBEAEY08q8mwYiCggDEAEYz7K4mwYqDAiMvRIQARjPsribBioMCJ78JBABGNPKvJsG; max-age=1699764454; path=/
x-content-type-options: nosniff
content-encoding: br
X-Firefox-Spdy: h2
maxcdn.bootstrapcdn.com/bootstrap/3.3.6/js/bootstrap.min.js
104.18.11.207200 OK 0 B URL HTTP/2 maxcdn.bootstrapcdn.com/bootstrap/3.3.6/js/bootstrap.min.js
IP 104.18.11.207:0
GET /bootstrap/3.3.6/js/bootstrap.min.js HTTP/1.1
Host: maxcdn.bootstrapcdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://adultyiffyporn.gaysmills.gigixo.com
Connection: keep-alive
Referer: http://adultyiffyporn.gaysmills.gigixo.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 12 Nov 2022 04:47:30 GMT
content-type: application/javascript; charset=utf-8
vary: Accept-Encoding
cdn-pullzone: 252412
cdn-uid: b1941f61-b576-4f40-80de-5677acb38f74
cdn-requestcountrycode: DE
access-control-allow-origin: *
cache-control: public, max-age=31919000
etag: W/"c5b5b2fa19bd66ff23211d9f844e0131"
last-modified: Mon, 25 Jan 2021 22:03:59 GMT
cdn-cachedat: 08/20/2022 02:30:10
cdn-proxyver: 1.02
cdn-requestpullcode: 200
cdn-requestpullsuccess: True
cdn-edgestorageid: 874
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
cdn-status: 200
cdn-requestid: 5384400cc1682f0f115d88342da311b1
cdn-cache: HIT
cf-cache-status: MISS
strict-transport-security: max-age=31536000; includeSubDomains; preload
server: cloudflare
cf-ray: 768ca1458cdb0b65-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
maxcdn.bootstrapcdn.com/bootstrap/3.3.6/css/bootstrap.min.css
104.18.11.207200 OK 0 B URL HTTP/2 maxcdn.bootstrapcdn.com/bootstrap/3.3.6/css/bootstrap.min.css
IP 104.18.11.207:0
GET /bootstrap/3.3.6/css/bootstrap.min.css HTTP/1.1
Host: maxcdn.bootstrapcdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://adultyiffyporn.gaysmills.gigixo.com
Connection: keep-alive
Referer: http://adultyiffyporn.gaysmills.gigixo.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 12 Nov 2022 04:47:30 GMT
content-type: text/css; charset=utf-8
vary: Accept-Encoding
cdn-pullzone: 252412
cdn-uid: b1941f61-b576-4f40-80de-5677acb38f74
cdn-requestcountrycode: DE
access-control-allow-origin: *
cache-control: public, max-age=31919000
etag: W/"2f624089c65f12185e79925bc5a7fc42"
last-modified: Mon, 25 Jan 2021 22:03:59 GMT
cdn-cachedat: 08/20/2022 02:31:07
cdn-proxyver: 1.02
cdn-requestpullcode: 200
cdn-requestpullsuccess: True
cdn-edgestorageid: 601
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
cdn-status: 200
cdn-requestid: f6dba18720e55fa6ff08ac24549e6d35
cdn-cache: HIT
cf-cache-status: MISS
strict-transport-security: max-age=31536000; includeSubDomains; preload
server: cloudflare
cf-ray: 768ca1456ccc0b65-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
fonts.googleapis.com/css?family=Open+Sans:400,700
142.250.74.10200 OK 0 B URL HTTP/2 fonts.googleapis.com/css?family=Open+Sans:400,700
IP 142.250.74.10:0
GET /css?family=Open+Sans:400,700 HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://maxcdn.bootstrapcdn.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Sat, 12 Nov 2022 04:47:30 GMT
date: Sat, 12 Nov 2022 04:47:30 GMT
cache-control: private, max-age=86400
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
go.xxxvjmp.com/config?url=https%3A%2F%2Fcreative.xxxvjmp.com%2Fwidgets%2Fv4%2FUniversal%3Fautoplay%3DfirstThumb%26autoplayForce%3D1%26campaignId%3Dc3fa347280578e90a9e8ab1e6280c0e361524d151dcbfe6bb5b723fee947ce88%26campaignType%3Dsmartpop%26creativeId%3D2c48f02b7b59f2305b4d9b63921786738d15ee3d046b229cd0dcf46146f982e5%26iterationId%3D275152%26kbLimit%3D3000%26masterSmartpopId%3D1605%26memberId%3DCQH4nqNrZ0ibpkWNRIKNCRvvVhchTLAnWpl0RQ9pu5KS_GNq1CCf3p9QgLfYLdYszcBsvlRg_MvZ83o2_18iboq_kfyLwdPGXcsYQb4_gUIDRUi%26p1%3D3844240%26quality%3Doptimal%26ruleId%3D3%26smartpopId%3D1547%26sourceId%3D226439%26userId%3Ded4e3449202a44afa8131507a9d12a1c962321860e4bfcc2aa1b33a18897b60e%26variationId%3D28764
104.18.51.106200 OK 0 B URL HTTP/2 go.xxxvjmp.com/config?url=https%3A%2F%2Fcreative.xxxvjmp.com%2Fwidgets%2Fv4%2FUniversal%3Fautoplay%3DfirstThumb%26autoplayForce%3D1%26campaignId%3Dc3fa347280578e90a9e8ab1e6280c0e361524d151dcbfe6bb5b723fee947ce88%26campaignType%3Dsmartpop%26creativeId%3D2c48f02b7b59f2305b4d9b63921786738d15ee3d046b229cd0dcf46146f982e5%26iterationId%3D275152%26kbLimit%3D3000%26masterSmartpopId%3D1605%26memberId%3DCQH4nqNrZ0ibpkWNRIKNCRvvVhchTLAnWpl0RQ9pu5KS_GNq1CCf3p9QgLfYLdYszcBsvlRg_MvZ83o2_18iboq_kfyLwdPGXcsYQb4_gUIDRUi%26p1%3D3844240%26quality%3Doptimal%26ruleId%3D3%26smartpopId%3D1547%26sourceId%3D226439%26userId%3Ded4e3449202a44afa8131507a9d12a1c962321860e4bfcc2aa1b33a18897b60e%26variationId%3D28764
IP 104.18.51.106:0
GET /config?url=https%3A%2F%2Fcreative.xxxvjmp.com%2Fwidgets%2Fv4%2FUniversal%3Fautoplay%3DfirstThumb%26autoplayForce%3D1%26campaignId%3Dc3fa347280578e90a9e8ab1e6280c0e361524d151dcbfe6bb5b723fee947ce88%26campaignType%3Dsmartpop%26creativeId%3D2c48f02b7b59f2305b4d9b63921786738d15ee3d046b229cd0dcf46146f982e5%26iterationId%3D275152%26kbLimit%3D3000%26masterSmartpopId%3D1605%26memberId%3DCQH4nqNrZ0ibpkWNRIKNCRvvVhchTLAnWpl0RQ9pu5KS_GNq1CCf3p9QgLfYLdYszcBsvlRg_MvZ83o2_18iboq_kfyLwdPGXcsYQb4_gUIDRUi%26p1%3D3844240%26quality%3Doptimal%26ruleId%3D3%26smartpopId%3D1547%26sourceId%3D226439%26userId%3Ded4e3449202a44afa8131507a9d12a1c962321860e4bfcc2aa1b33a18897b60e%26variationId%3D28764 HTTP/1.1
Host: go.xxxvjmp.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://creative.xxxvjmp.com/
Origin: https://creative.xxxvjmp.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 200 OK
date: Sat, 12 Nov 2022 04:47:32 GMT
content-type: application/json
access-control-allow-origin: *
last-modified: Sat, 12 Nov 2022 04:47:32 GMT
cf-cache-status: MISS
set-cookie: __cflb=02DiuDfsBaY2bRYJiCeSRSGTzNwtDfLbs4dbVwoEoBDB2; SameSite=None; Secure; path=/; expires=Sun, 13-Nov-22 03:47:32 GMT; HttpOnly
vary: Accept-Encoding
server: cloudflare
cf-ray: 768ca154cd2dfac4-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
rtbbnr.com/get/?go=1&data=eyJpbXAiOlt7InNlY3VyZSI6MCwiZXh0Ijp7InNwb3QiOjE5MjksImlkIjoxMDEwLCJsYWJlbHMiOiIiLCJzaXRlX2lkIjoxOTI5LCJ0eXBlIjoiYmFubmVyIiwic3BhY2VpZCI6MTAxMCwic3BvdF9pZCI6MCwiaWR6b25lIjozOTAyNjUwLCJ6b25lIjoidGNfcGFiXzE2MHg2MDAiLCJhZF90YWdzIjoiIiwidGl0bGUiOiIiLCJzdWJpZCI6IjM1MzA4MjcwNyIsInV0bTEiOiJ0Y2Jhbl9pIiwidXRtMiI6IjE5MjkiLCJ1dG0zIjoiMTc3OTQiLCJ1dG00IjoiIn0sImJhbm5lciI6eyJ3IjoxNjAsImgiOjYwMH19XSwic2l0ZSI6eyJpZCI6IjE5MjkiLCJwYWdlIjoiaHR0cDovL2FkdWx0eWlmZnlwb3JuLmdheXNtaWxscy5naWdpeG8uY29tLyJ9LCJkZXZpY2UiOnsidyI6MTI4MCwiaCI6MTAyNH0sInVzZXIiOnsiaWQiOiJiZjNlMDRkYzE2OGE1ZWQyYzU3MmE3ZGY3NDI5MjA4NyJ9LCJleHQiOnsiZHQiOjE2NjgyMjg0NTQzMTV9fQ==
159.69.163.6200 OK 0 B URL HTTP/2 rtbbnr.com/get/?go=1&data=eyJpbXAiOlt7InNlY3VyZSI6MCwiZXh0Ijp7InNwb3QiOjE5MjksImlkIjoxMDEwLCJsYWJlbHMiOiIiLCJzaXRlX2lkIjoxOTI5LCJ0eXBlIjoiYmFubmVyIiwic3BhY2VpZCI6MTAxMCwic3BvdF9pZCI6MCwiaWR6b25lIjozOTAyNjUwLCJ6b25lIjoidGNfcGFiXzE2MHg2MDAiLCJhZF90YWdzIjoiIiwidGl0bGUiOiIiLCJzdWJpZCI6IjM1MzA4MjcwNyIsInV0bTEiOiJ0Y2Jhbl9pIiwidXRtMiI6IjE5MjkiLCJ1dG0zIjoiMTc3OTQiLCJ1dG00IjoiIn0sImJhbm5lciI6eyJ3IjoxNjAsImgiOjYwMH19XSwic2l0ZSI6eyJpZCI6IjE5MjkiLCJwYWdlIjoiaHR0cDovL2FkdWx0eWlmZnlwb3JuLmdheXNtaWxscy5naWdpeG8uY29tLyJ9LCJkZXZpY2UiOnsidyI6MTI4MCwiaCI6MTAyNH0sInVzZXIiOnsiaWQiOiJiZjNlMDRkYzE2OGE1ZWQyYzU3MmE3ZGY3NDI5MjA4NyJ9LCJleHQiOnsiZHQiOjE2NjgyMjg0NTQzMTV9fQ==
IP 159.69.163.6:0
ASN #24940 Hetzner Online GmbH
GET /get/?go=1&data=eyJpbXAiOlt7InNlY3VyZSI6MCwiZXh0Ijp7InNwb3QiOjE5MjksImlkIjoxMDEwLCJsYWJlbHMiOiIiLCJzaXRlX2lkIjoxOTI5LCJ0eXBlIjoiYmFubmVyIiwic3BhY2VpZCI6MTAxMCwic3BvdF9pZCI6MCwiaWR6b25lIjozOTAyNjUwLCJ6b25lIjoidGNfcGFiXzE2MHg2MDAiLCJhZF90YWdzIjoiIiwidGl0bGUiOiIiLCJzdWJpZCI6IjM1MzA4MjcwNyIsInV0bTEiOiJ0Y2Jhbl9pIiwidXRtMiI6IjE5MjkiLCJ1dG0zIjoiMTc3OTQiLCJ1dG00IjoiIn0sImJhbm5lciI6eyJ3IjoxNjAsImgiOjYwMH19XSwic2l0ZSI6eyJpZCI6IjE5MjkiLCJwYWdlIjoiaHR0cDovL2FkdWx0eWlmZnlwb3JuLmdheXNtaWxscy5naWdpeG8uY29tLyJ9LCJkZXZpY2UiOnsidyI6MTI4MCwiaCI6MTAyNH0sInVzZXIiOnsiaWQiOiJiZjNlMDRkYzE2OGE1ZWQyYzU3MmE3ZGY3NDI5MjA4NyJ9LCJleHQiOnsiZHQiOjE2NjgyMjg0NTQzMTV9fQ== HTTP/1.1
Host: rtbbnr.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://cdn.tubecorp.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx/1.18.0
date: Sat, 12 Nov 2022 04:47:34 GMT
content-type: text/html
vary: Origin
cache-control: no-transform, no-cache, no-store, must-revalidate
pragma: no-cache
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: *
content-encoding: gzip
X-Firefox-Spdy: h2
ads.realsrv.com/ads.js
185.76.9.21200 OK 0 B IP 185.76.9.21:0
ASN #60068 Datacamp Limited
GET /ads.js HTTP/1.1
Host: ads.realsrv.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://12007250.pix-cdn.org/
Cookie: __uvt=a%3A1%3A%7Bi%3A0%3Bs%3A31%3A%22636f2563a80674.2191300497970390%22%3B%7D; impressions=cmmsxrbonxgxaambboecmgeicmmsxaeenxgxaamaxcmxogeimacslbecnxgxaaabssxamgeislsaroornxgxaamblrmrbgeicxbmsbxcnxgxaaboebxemgeioslmrxlrnxgxaabeooxlageiccmmlmlcnxgxaamllsrcageialbsereanxgxaamllsrcageioslmrxbrnxgxaaboebxemgeicxbmsbcenxgxaabxsomclgeioslmrxlsnxgxaabeolsbcgeicxbmsbocnxgxaaboocxmogeicxbmsboenxgxaaboebxemgeiclsmarcanxgxaaallsxlcgeiclsmrrmanxgxaaallsxlcgeirbabxabbnxgxaambsrbelgeiccmmlleanxgxaameaxobogeimcrxsbcenxgxaameollsmgeimreaoboenxgxaameollsmgeimcclosscnxgxaaboxobmbgeimacslbeenxgxaamecsolcgeioslmroemnxgxaabxsomclgeioslmrxbmnxgxaabxoobsageicaxsscmbnxgxaamalsseageicaormlxonxgxaamealeoegeicaormbmcnxgxaamealeoegeimcclsxscnxgxaamsmxlcageimccloscanxgxaaboebxemgeimreaomxenxgxaamelbbsbgeimreaobscnxgxaamelbbsbgeimcclosconxgxaamxcrescgeimcclsoeonxgxaamxaacblgeimacslbeonxgxaaboocxmogeimcclsxsanxgxaamsmxlcageimcclsxlbnxgxaamssmcolgeimaecseaonxgxaamssmcolgeimaecsxeonxgxaamssmcolgeimaecseronxgxaamssmcolgeimrblelrenxgxaamssmcolgeiccmmllebnxgxaaboxobmbgeimcclsxlonxgxaamcsebsxgeimcclsoeenxgxaamcrclalgeimcclsxsbnxgxaamcrclalgeimcclossbnxgxaammemsrlgeimcclsxlcnxgxaamrscxmxgeimaecseranxgxaamrsseregeimcclosccnxgxaamrscxmxgeicaormlxcnxgxaabxlrcrxgeicaormbmbnxgxaabxlrcrxgeiclsmrbsenxgxaamaxcsxcgeialbserebnxgxaabeooxlageimcclsxconxgxaaboebxemgeimcclsxmenxgxaaboebxemgeialbserxonxgxaamammmlcgeimccloscenxgxaamabsxrmgeimcclsxxonxgxaamabbxbageimcclsxbcnxgxaammclslageicaormlxanxgxaammacmrxgeimcclsxaonxgxaambmrobegeimrblxxxbnxgxaambboecmgeimrblxelcnxgxaambboecmgeimrblxxrbnxgxaambboecmgeialbserxenxgxaabeexbbogeimacslbeanxgxaabesecoogeimxlbalcenogxaabxcososgxcceimemlxbocnxgxaabxcososgxcceimxlbmxlenogxaabxcososgxcceimclsaoxbnrgxaabxcoscogxcceimarmaaaonxgxaabxcoscogxcceimcoaxmxcncgxaabxcrramgxcceimrxmbarenxgxaabxcrramgxcceimclxlloanxgxaabxclexxgxcceimrxccosenogxaabxclexxgxcceimxlbmxlonogxaabxclexogxcceimrsreabenogxaabxmxblxgxcceimxlbmoscnogxaabxmlmalgxcceimaoobrbcnsgxaabxbelrxgxcceiceecmorsnxgxaabxbelrxgxcceimaoobrbancgxaabxbelrxgxcceimxlbmosansgxaabxbxoebgxcceimxlbmoconogxaabxbxoelgxcceialaroxrcnxgxaabxbomxrgxcceimexexabbnxgxaabxbomxrgxcceimxxrecsanxgxaabxbolsbgxcceialbbebsanxgxaabxblxaxgxcceimaoolcoenxgxaabxblxabgxcceimcoaxmxoncgxaabxlebsegxcceixaoossalnxgxaabxlebsegxcceimaslbxccnogxaabxlososgxcceimxeemlxenogxaabxlososgxcceixaoosscrnxgxaabxlososgxcceimeembesonxgxaabxlrxorgxcceimaslbxcanogxaabxlrxorgxcceimcssmlronsgxaabxlrxorgxcceimxlbmxlcnogxaabxlrxorgxcceimxlbalsbnogxaabxlrxorgxcceimsacexoonxgxaabxlrxorgxcceimcssmlrensgxaabxlrxorgxcceimcssmlrcnsgxaabxlrcrxgxcceimsleoaronxgxaabxlrbxlgxcceimemlxmcbnxgxaabxlrbxlgxcceimrsreambnogxaabxlmbobgxcceialbbbllanxgxaabxlmbobgxcceimrsmcsebnsgxaabxlbslxgxcceimsbebobbnxgxaabxlbslxgxcceiaaxcamlanxgxaabxlbrsmgxcceimxlbmoobnogxaabxlbmsagxcceimxlbmosenogxaaboeoaexgxcceimxcbrxscnxgxaaboeoaeogxcceialrexeooncgxaaboeoaeogxcceimxcbrxlonxgxaaboeoaeogxcceimeembescnxgxaaboeoaeogxcceimaoobbebnxgxaaboesrrrgxcceialbbebsbnxgxaaboesrrrgxcceiaaxcamlcnxgxaaboesrlmgxcceimeembecenxgxaaboesrlmgxcceimacberlonxgxaaboecsmrgxcceimxlbalscncgxaaboeclcrgxcceimxlbmxbbnsgxaaboeclcrgxcceimrxccoscnxgxaaboeroblgxcceimocolrocnxgxaaboersxrgxcceicmarxbbonsgxaaboeaxxagxcceimxcbrxcbnxgxaaboeaxxagxcceicloaxxabnxgxaaboeaxxagxcceimrsreamanxgxaaboemxosgxcceialxosmbanxgxaaboebxeagxcceimxcbrxronogxaaboebxemgxcceicloaxxacnxgxaaboebxebgxcceicloaxxaanogxaaboxexxcgxcceicloaxxmenxgxaaboxexxcgxcceicbbmelocnxgxaaboxeborgxcceimasbmxsensgxaaboxeboagxcceimrxccosanogxaaboxelobgxcceialbserecnxgxaaboxobmbgeimxeoxsacnxgxaaboxobmbgxcceimrmaobxanogxaaboxcbexgxcceirrmlllronxgxaaboxcbexgxcceialbbebrenxgxaaboxcbeogxcceialbbbllcnxgxaaboxraxxgxcceimxeoxsbenogxaaboxlbemgxcceimocbmmmcnxgxaabooeecrgxcceimrcscrsonxgxaabooeelegxcceimxcbrxlcnxgxaabooeelegxcceiraclralcnxgxaabooeelegxcceimraeelaanxgxaabooobacgxcceimeelaclcnagxaaboosrmrgxcceimxcbrxrbnxgxaaboocxmogxcceialbbblbcnxgxaabooreaxgxcceimessmeobnxgxaabooaxxagxcceimraeelabnxgxaabooaxxagxcceimarmaamonxgxaabooaxxagxcceimaoolslanxgxaaboobcssgxcceimeelaclonsgxaaboobcscgaeimcrxeobenxgxaaboobcrxgxcce
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sat, 12 Nov 2022 04:47:32 GMT
content-type: application/javascript
etag: W/"f4fddb85b686269b678e3caf766"
expires: Thu, 10 Nov 2022 18:38:42 GMT
cache-control: max-age=10800
access-control-allow-origin: *
x-cache-op: HIT
x-accel-expires: @1668235323
server: CDN77-Turbo
x-77-nzt: AblMCRR9WZ7/WQ8AAA
x-77-nzt-ray: ffffffff6091899e64256f63c04c7539
x-cache: HIT
x-age: 3929
x-77-pop: stockholmSE
x-77-cache: HIT
content-encoding: br
X-Firefox-Spdy: h2
adultyiffyporn.gaysmills.gigixo.com/s3/ad_tf1/5683.jpg
51.79.221.186200 OK 0 B URL HTTP/1.1 adultyiffyporn.gaysmills.gigixo.com/s3/ad_tf1/5683.jpg
IP 51.79.221.186:0
GET /s3/ad_tf1/5683.jpg HTTP/1.1
Host: adultyiffyporn.gaysmills.gigixo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://adultyiffyporn.gaysmills.gigixo.com/?daisy=20
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 12 Nov 2022 04:39:24 GMT
Content-Type: image/jpeg
Content-Length: 51126
Connection: keep-alive
Last-Modified: Tue, 20 Apr 2021 20:23:29 GMT
ETag: "607f3841-c7b6"
X-Cluster: web-cdn2
X-Cache: MISS
CF-Cache-Status: MISS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=hkYsgJMvCthGUi%2BJJ4660mwrFb6%2FVqoXSexRiBXhneeyOxny24uc4DxstLQmAgWT9u%2FB0wdn0Zoh4IcUFtbqLpTmDkMIrq0UQwWue6tTBwbYy8ouJ0ExP3l%2B%2BZDuPqA%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
CF-RAY: 768ca147e86e4973-SIN
alt-svc: h2=":443"; ma=60
X-Cache-Status: MISS
Cache-Control: max-age=14400, max-age=31536000
Accept-Ranges: bytes
adultyiffyporn.gaysmills.gigixo.com/s3/ad_vc_gam2/2%20(7).gif
51.79.221.186200 OK 0 B URL HTTP/1.1 adultyiffyporn.gaysmills.gigixo.com/s3/ad_vc_gam2/2%20(7).gif
IP 51.79.221.186:0
GET /s3/ad_vc_gam2/2%20(7).gif HTTP/1.1
Host: adultyiffyporn.gaysmills.gigixo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://adultyiffyporn.gaysmills.gigixo.com/?daisy=20
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 12 Nov 2022 04:39:27 GMT
Content-Type: image/gif
Content-Length: 148283
Connection: keep-alive
Last-Modified: Wed, 05 May 2021 20:18:31 GMT
ETag: "6092fd97-2433b"
X-Cluster: web-cdn2
X-Cache: HIT
CF-Cache-Status: MISS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=9gDRn2mi%2BmKKxzeE2kUk09K118j%2ByY8M6SBYoOweFcuWlYSotETbM8wPVh9cA2K5L%2Bb9DXk397Drxz%2BL%2BfzCVO5PUrRz3jhWjfmOmjY4eFfzhVihtGEHpBF9kRihRQI%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
CF-RAY: 768c0395bf9c8930-SIN
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Cache-Status: REVALIDATED
Cache-Control: max-age=14400, max-age=31536000
Accept-Ranges: bytes
rtbbnr.com/get/?go=1&data=eyJpbXAiOlt7InNlY3VyZSI6MCwiZXh0Ijp7InNwb3QiOjU0MjIsImlkIjoxMDEwLCJsYWJlbHMiOiIiLCJzaXRlX2lkIjo1NDIyLCJ0eXBlIjoiYmFubmVyIiwic3BhY2VpZCI6MTAxMCwic3BvdF9pZCI6MCwiaWR6b25lIjozOTAyNjUwLCJ6b25lIjoidGNfcGFiXzE2MHg2MDAiLCJhZF90YWdzIjoiIiwidGl0bGUiOiIiLCJzdWJpZCI6IjExMzQxNTM3ODciLCJ1dG0xIjoidGNiYW5fcyIsInV0bTIiOiI1NDIyIiwidXRtMyI6IjE3Nzk0IiwidXRtNCI6IiJ9LCJiYW5uZXIiOnsidyI6MTYwLCJoIjo2MDB9fV0sInNpdGUiOnsiaWQiOiI1NDIyIiwicGFnZSI6Imh0dHA6Ly9hZHVsdHlpZmZ5cG9ybi5nYXlzbWlsbHMuZ2lnaXhvLmNvbS8/ZGFpc3k9MjAifSwiZGV2aWNlIjp7InciOjEyODAsImgiOjEwMjR9LCJ1c2VyIjp7ImlkIjoiZjA0MGU2ODQ3NmJkNzhlNGUxNzQ4YjhiMWUzN2U0OGIifSwiZXh0Ijp7ImR0IjoxNjY4MjI4NDUwOTU1fX0=&back_url=https%3A%2F%2Fadultgalls.com%2F
159.69.163.6200 OK 0 B URL HTTP/2 rtbbnr.com/get/?go=1&data=eyJpbXAiOlt7InNlY3VyZSI6MCwiZXh0Ijp7InNwb3QiOjU0MjIsImlkIjoxMDEwLCJsYWJlbHMiOiIiLCJzaXRlX2lkIjo1NDIyLCJ0eXBlIjoiYmFubmVyIiwic3BhY2VpZCI6MTAxMCwic3BvdF9pZCI6MCwiaWR6b25lIjozOTAyNjUwLCJ6b25lIjoidGNfcGFiXzE2MHg2MDAiLCJhZF90YWdzIjoiIiwidGl0bGUiOiIiLCJzdWJpZCI6IjExMzQxNTM3ODciLCJ1dG0xIjoidGNiYW5fcyIsInV0bTIiOiI1NDIyIiwidXRtMyI6IjE3Nzk0IiwidXRtNCI6IiJ9LCJiYW5uZXIiOnsidyI6MTYwLCJoIjo2MDB9fV0sInNpdGUiOnsiaWQiOiI1NDIyIiwicGFnZSI6Imh0dHA6Ly9hZHVsdHlpZmZ5cG9ybi5nYXlzbWlsbHMuZ2lnaXhvLmNvbS8/ZGFpc3k9MjAifSwiZGV2aWNlIjp7InciOjEyODAsImgiOjEwMjR9LCJ1c2VyIjp7ImlkIjoiZjA0MGU2ODQ3NmJkNzhlNGUxNzQ4YjhiMWUzN2U0OGIifSwiZXh0Ijp7ImR0IjoxNjY4MjI4NDUwOTU1fX0=&back_url=https%3A%2F%2Fadultgalls.com%2F
IP 159.69.163.6:0
ASN #24940 Hetzner Online GmbH
GET /get/?go=1&data=eyJpbXAiOlt7InNlY3VyZSI6MCwiZXh0Ijp7InNwb3QiOjU0MjIsImlkIjoxMDEwLCJsYWJlbHMiOiIiLCJzaXRlX2lkIjo1NDIyLCJ0eXBlIjoiYmFubmVyIiwic3BhY2VpZCI6MTAxMCwic3BvdF9pZCI6MCwiaWR6b25lIjozOTAyNjUwLCJ6b25lIjoidGNfcGFiXzE2MHg2MDAiLCJhZF90YWdzIjoiIiwidGl0bGUiOiIiLCJzdWJpZCI6IjExMzQxNTM3ODciLCJ1dG0xIjoidGNiYW5fcyIsInV0bTIiOiI1NDIyIiwidXRtMyI6IjE3Nzk0IiwidXRtNCI6IiJ9LCJiYW5uZXIiOnsidyI6MTYwLCJoIjo2MDB9fV0sInNpdGUiOnsiaWQiOiI1NDIyIiwicGFnZSI6Imh0dHA6Ly9hZHVsdHlpZmZ5cG9ybi5nYXlzbWlsbHMuZ2lnaXhvLmNvbS8/ZGFpc3k9MjAifSwiZGV2aWNlIjp7InciOjEyODAsImgiOjEwMjR9LCJ1c2VyIjp7ImlkIjoiZjA0MGU2ODQ3NmJkNzhlNGUxNzQ4YjhiMWUzN2U0OGIifSwiZXh0Ijp7ImR0IjoxNjY4MjI4NDUwOTU1fX0=&back_url=https%3A%2F%2Fadultgalls.com%2F HTTP/1.1
Host: rtbbnr.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://adultyiffyporn.gaysmills.gigixo.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx/1.18.0
date: Sat, 12 Nov 2022 04:47:31 GMT
content-type: text/html
vary: Origin
cache-control: no-transform, no-cache, no-store, must-revalidate
pragma: no-cache
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: *
content-encoding: gzip
X-Firefox-Spdy: h2
creative.xxxvjmp.com/widgets/v4/Universal?autoplay=firstThumb&autoplayForce=1&campaignId=c3fa347280578e90a9e8ab1e6280c0e361524d151dcbfe6bb5b723fee947ce88&campaignType=smartpop&creativeId=2c48f02b7b59f2305b4d9b63921786738d15ee3d046b229cd0dcf46146f982e5&iterationId=275152&kbLimit=3000&masterSmartpopId=1605&memberId=SOP7eT1CeFglSrkkuUhTPNc9N0l3Nrb3QO_2nTcWK7a-9e9CuZwiS-RZAFJu6kVdDqM6osvdb1VMXFygt-q8LGu8QNcTR5tKmFU0wdz2_gUIDRUi&p1=3684770&quality=optimal&ruleId=3&smartpopId=1547&sourceId=349000&tag=men%2C-men&userId=ed4e3449202a44afa8131507a9d12a1c962321860e4bfcc2aa1b33a18897b60e&variationId=28764
104.18.51.106200 OK 0 B URL HTTP/2 creative.xxxvjmp.com/widgets/v4/Universal?autoplay=firstThumb&autoplayForce=1&campaignId=c3fa347280578e90a9e8ab1e6280c0e361524d151dcbfe6bb5b723fee947ce88&campaignType=smartpop&creativeId=2c48f02b7b59f2305b4d9b63921786738d15ee3d046b229cd0dcf46146f982e5&iterationId=275152&kbLimit=3000&masterSmartpopId=1605&memberId=SOP7eT1CeFglSrkkuUhTPNc9N0l3Nrb3QO_2nTcWK7a-9e9CuZwiS-RZAFJu6kVdDqM6osvdb1VMXFygt-q8LGu8QNcTR5tKmFU0wdz2_gUIDRUi&p1=3684770&quality=optimal&ruleId=3&smartpopId=1547&sourceId=349000&tag=men%2C-men&userId=ed4e3449202a44afa8131507a9d12a1c962321860e4bfcc2aa1b33a18897b60e&variationId=28764
IP 104.18.51.106:0
GET /widgets/v4/Universal?autoplay=firstThumb&autoplayForce=1&campaignId=c3fa347280578e90a9e8ab1e6280c0e361524d151dcbfe6bb5b723fee947ce88&campaignType=smartpop&creativeId=2c48f02b7b59f2305b4d9b63921786738d15ee3d046b229cd0dcf46146f982e5&iterationId=275152&kbLimit=3000&masterSmartpopId=1605&memberId=SOP7eT1CeFglSrkkuUhTPNc9N0l3Nrb3QO_2nTcWK7a-9e9CuZwiS-RZAFJu6kVdDqM6osvdb1VMXFygt-q8LGu8QNcTR5tKmFU0wdz2_gUIDRUi&p1=3684770&quality=optimal&ruleId=3&smartpopId=1547&sourceId=349000&tag=men%2C-men&userId=ed4e3449202a44afa8131507a9d12a1c962321860e4bfcc2aa1b33a18897b60e&variationId=28764 HTTP/1.1
Host: creative.xxxvjmp.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://tsyndicate.com/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sat, 12 Nov 2022 04:47:31 GMT
content-type: text/html
last-modified: Fri, 11 Nov 2022 08:45:05 GMT
expires: Sat, 12 Nov 2022 04:47:39 GMT
cache-control: max-age=10
strict-transport-security: max-age=15768000
pragma: public
report-to: { "endpoints":[{ "url": "https://go.stripchat.com/report" }], "group": "default", "max_age": 1048576 }
cf-cache-status: HIT
set-cookie: __cflb=04dToQvE4FPLng5Mz6amGAT9NT3YTM5pyfivMMHTwa; SameSite=None; Secure; path=/; expires=Sun, 13-Nov-22 03:47:31 GMT; HttpOnly
vary: Accept-Encoding
server: cloudflare
cf-ray: 768ca14e68880b69-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
adsmediabox.com/jrt-yuvu.php?cid=2|160319|113814|no|114003|4330678|5675443|1|0|46|50304|,,,,,|4|0|0|1,6,24|0|0|en|1|1532635802|0
185.107.68.57200 OK 0 B URL HTTP/1.1 adsmediabox.com/jrt-yuvu.php?cid=2|160319|113814|no|114003|4330678|5675443|1|0|46|50304|,,,,,|4|0|0|1,6,24|0|0|en|1|1532635802|0
IP 185.107.68.57:0
ASN #43350 NForce Entertainment B.V.
GET /jrt-yuvu.php?cid=2|160319|113814|no|114003|4330678|5675443|1|0|46|50304|,,,,,|4|0|0|1,6,24|0|0|en|1|1532635802|0 HTTP/1.1
Host: adsmediabox.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://go.eabids.com/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.16.1
Date: Sat, 12 Nov 2022 04:47:32 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Content-Encoding: gzip
go.xlivrdr.com/config?url=https%3A%2F%2Fcreative.xlivrdr.com%2FLPOmega%3FcampaignId%3D0344371630277140d4e6e843762bdf964d4ae7bf351771961595fbde6c2ada11%26campaignType%3Dsmartpop%26creativeId%3D193e01b6441b8809a16431953d3bb8a77d1bf56f2035eab90cc033ab48b5e3fa%26iterationId%3D249744%26masterSmartpopId%3D1914%26memberId%3D1SHJSFchWrACIO_22dy6S3cYaLeYBBTvk-9cLZSzWwk0POIy56-5O02T8HpXjkCexgYDtGyBDjOxG8VVIgyZEZsE6K3DJK10eLCr8_U_gUIDRUi%26p1%3D3844273%26ruleId%3D17%26smartpopId%3D1793%26sourceId%3D477848%26tag%3D-girls%252Findian%26userId%3Dd100f7df1b38527c59f2a01ce658dbfb8b696949c12c1469164f408167d4a1ca%26variationId%3D29441
104.18.59.150200 OK 0 B URL HTTP/2 go.xlivrdr.com/config?url=https%3A%2F%2Fcreative.xlivrdr.com%2FLPOmega%3FcampaignId%3D0344371630277140d4e6e843762bdf964d4ae7bf351771961595fbde6c2ada11%26campaignType%3Dsmartpop%26creativeId%3D193e01b6441b8809a16431953d3bb8a77d1bf56f2035eab90cc033ab48b5e3fa%26iterationId%3D249744%26masterSmartpopId%3D1914%26memberId%3D1SHJSFchWrACIO_22dy6S3cYaLeYBBTvk-9cLZSzWwk0POIy56-5O02T8HpXjkCexgYDtGyBDjOxG8VVIgyZEZsE6K3DJK10eLCr8_U_gUIDRUi%26p1%3D3844273%26ruleId%3D17%26smartpopId%3D1793%26sourceId%3D477848%26tag%3D-girls%252Findian%26userId%3Dd100f7df1b38527c59f2a01ce658dbfb8b696949c12c1469164f408167d4a1ca%26variationId%3D29441
IP 104.18.59.150:0
GET /config?url=https%3A%2F%2Fcreative.xlivrdr.com%2FLPOmega%3FcampaignId%3D0344371630277140d4e6e843762bdf964d4ae7bf351771961595fbde6c2ada11%26campaignType%3Dsmartpop%26creativeId%3D193e01b6441b8809a16431953d3bb8a77d1bf56f2035eab90cc033ab48b5e3fa%26iterationId%3D249744%26masterSmartpopId%3D1914%26memberId%3D1SHJSFchWrACIO_22dy6S3cYaLeYBBTvk-9cLZSzWwk0POIy56-5O02T8HpXjkCexgYDtGyBDjOxG8VVIgyZEZsE6K3DJK10eLCr8_U_gUIDRUi%26p1%3D3844273%26ruleId%3D17%26smartpopId%3D1793%26sourceId%3D477848%26tag%3D-girls%252Findian%26userId%3Dd100f7df1b38527c59f2a01ce658dbfb8b696949c12c1469164f408167d4a1ca%26variationId%3D29441 HTTP/1.1
Host: go.xlivrdr.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://creative.xlivrdr.com/
Origin: https://creative.xlivrdr.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 200 OK
date: Sat, 12 Nov 2022 04:47:35 GMT
content-type: application/json
access-control-allow-origin: *
last-modified: Sat, 12 Nov 2022 04:47:35 GMT
cf-cache-status: MISS
set-cookie: __cflb=0H28uukSkGJRy5UBr2St4i2aEH3UZ9ZP6tR6rSsLagL; SameSite=None; Secure; path=/; expires=Sun, 13-Nov-22 03:47:35 GMT; HttpOnly
vary: Accept-Encoding
server: cloudflare
cf-ray: 768ca163cb740af6-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
adultyiffyporn.gaysmills.gigixo.com/?daisy=20
51.79.221.186200 OK 0 B URL HTTP/1.1 adultyiffyporn.gaysmills.gigixo.com/?daisy=20
IP 51.79.221.186:0
GET /?daisy=20 HTTP/1.1
Host: adultyiffyporn.gaysmills.gigixo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 12 Nov 2022 04:39:22 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
Vary: Accept-Encoding
Content-Encoding: gzip
engine.phn.doublepimp.com/link.engine?guid=42c40668-b68e-4e38-bf61-f99b5f1cff30&Hardlink=true&time=0
192.152.95.130302 Found 0 B URL HTTP/2 engine.phn.doublepimp.com/link.engine?guid=42c40668-b68e-4e38-bf61-f99b5f1cff30&Hardlink=true&time=0
IP 192.152.95.130:0
GET /link.engine?guid=42c40668-b68e-4e38-bf61-f99b5f1cff30&Hardlink=true&time=0 HTTP/1.1
Host: engine.phn.doublepimp.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.yuvutu.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 302 Found
vary: Accept-Encoding
cache-control: private, no-transform
content-type: text/html; charset=utf-8
content-encoding: gzip
p3p: CP="CAO PSA OUR IND"
date: Sat, 12 Nov 2022 04:47:34 GMT
location: https://engine.phn.doublepimp.com/Redirect.eng?MediaSegmentId=24774&dcid=3_ctx_4a33c20d-9bf2-4eb1-98b3-86c6b354fa91&vmId=00000000-0000-0000-0000-000000000000&abr=false&timeZoneOffset=&v=cU26zwFsSgFrvGrf2Ca_5bS886O2pdGX6MqAWLGZOPCgtaga43RY4l83I9r_K8SkUSQ1urf-eYA5bkZzqd0P4OvXcf5l666Eq6GdxtcjFfnFJAP-BdmnIo_ZUEZGf-IaHcCwwHKKvdx--8hU1vfHDP3DaO6bjpB4VeliORLoS3wc35y2nDyPOflBYmxL9dvk-Qo9OWok0tQO1IKxoaK5tkVgZkVlI6OzVWQuLIJhQ5Zj0uwwo2tmrrX_KV9G5SvZ5vXXOFO4KAvNLItZsO4eFJgy4ousRyp_pzLAhgPWZNXKKsC6xlVlrvevNSJMyrnteSJqaowjkAKx9Rh1bF5uDmOEptiPQq6hiF4bbrCksa9AdSRWDNd65CxBsIcaEct8BTACL4yNMPyO1hk5vbSsVvRyCBy8Nv9dT0KulsilBS7vdOrRVqQP_tBBR-Jw0BphwN08U1xB0p6p_zDbSXQp-L3I1icIDTyYmr3RJ15NXwZ-4pyUj7gWo9pdnsjPy0UEfpYENpJqP0M1QAWEZmeJ3EHzYygXAWtzYUraEkyXeTCVYNxHxPI7zpodPQASo4Fc8ycz5Xr7X_pVfEZFlCuRsRvAUUZ-HLNdvW3bLDN4x9CaXxiXdD5oM7Z6c9brODKjNq1W2H5Rbw4bqgMnDI__ZJELhLeVIzf4FbCKvvEui0y3VfJue5UAe_Cojo9tuh0hL_Xf1hafmIac-AY3QF6O8lu-I0Uv1xQUNTD-FY0S1G6MM4XHh5KYuhNuo70IfiuApW2mXBepMlUHm3oTYJww4Kb3uUYLYeMW4aMUWGY7k_LHwpaxT8gU-EVIy6tJLNNEUhXgMD0fW0Yv9LrU4SJCpVht7ql2U4T9DGVB7E6CVn7GSC43LX-Hx0EMywDBjLi_0&kw=&mw=1024&mh=768
access-control-allow-origin: *
set-cookie: IKSR={}; path=/; SameSite=None; secure
INF_DFL8=false; path=/; SameSite=None; secure
IUID=243ec480-ab78-426a-848d-f70444009adc; expires=Fri, 12-Nov-2032 04:47:34 GMT; path=/; SameSite=None; secure
ISSH=67397F; path=/; SameSite=None; secure
VMI=; path=/; SameSite=None; secure
IPLH=#{}; expires=Fri, 12-Nov-2032 04:47:34 GMT; path=/; SameSite=None; secure; HttpOnly
IPLH_Q=#[]; expires=Fri, 12-Nov-2032 04:47:34 GMT; path=/; SameSite=None; secure; HttpOnly
CHN=#[]; expires=Fri, 12-Nov-2032 04:47:34 GMT; path=/; SameSite=None; secure; HttpOnly
MSSH=#{}; expires=Fri, 12-Nov-2032 04:47:34 GMT; path=/; SameSite=None; secure; HttpOnly
MSRH=#{}; expires=Fri, 12-Nov-2032 04:47:34 GMT; path=/; SameSite=None; secure; HttpOnly
ILP=null; expires=Fri, 12-Nov-2032 04:47:34 GMT; path=/; SameSite=None; secure
ILPLU=#1/1/0001 12:00:00 AM; expires=Fri, 12-Nov-2032 04:47:34 GMT; path=/; SameSite=None; secure; HttpOnly
ILEALC=#1/1/0001 12:00:00 AM; expires=Fri, 12-Nov-2032 04:47:34 GMT; path=/; SameSite=None; secure; HttpOnly
ILMPF=#False; expires=Sat, 12-Nov-2022 08:47:34 GMT; path=/; SameSite=None; secure; HttpOnly
IPMPLU=#; expires=Fri, 12-Nov-2032 04:47:34 GMT; path=/; SameSite=None; secure; HttpOnly
IPMUID=#; expires=Fri, 12-Nov-2032 04:47:34 GMT; path=/; SameSite=None; secure; HttpOnly
BSWUID=#; expires=Fri, 12-Nov-2032 04:47:34 GMT; path=/; SameSite=None; secure; HttpOnly
IKSR={}; path=/; SameSite=None; secure
IBL=#[]; expires=Fri, 12-Nov-2032 04:47:34 GMT; path=/; SameSite=None; secure; HttpOnly
IPLSH=#{}; expires=Fri, 12-Nov-2032 04:47:34 GMT; path=/; SameSite=None; secure; HttpOnly
IPLSH_Q=#[]; expires=Fri, 12-Nov-2032 04:47:34 GMT; path=/; SameSite=None; secure; HttpOnly
IZH=#{}; expires=Fri, 12-Nov-2032 04:47:34 GMT; path=/; SameSite=None; secure; HttpOnly
IZH_Q=#[]; expires=Fri, 12-Nov-2032 04:47:34 GMT; path=/; SameSite=None; secure; HttpOnly
IMCH=#{}; expires=Fri, 12-Nov-2032 04:47:34 GMT; path=/; SameSite=None; secure; HttpOnly
IMCH_Q=#[]; expires=Fri, 12-Nov-2032 04:47:34 GMT; path=/; SameSite=None; secure; HttpOnly
IMH=#{}; expires=Fri, 12-Nov-2032 04:47:34 GMT; path=/; SameSite=None; secure; HttpOnly
IMH_Q=#[]; expires=Fri, 12-Nov-2032 04:47:34 GMT; path=/; SameSite=None; secure; HttpOnly
ISH=#{"2559":[{"SId":"67397F","D":"22/11/11T20:47:34"}]}; expires=Fri, 12-Nov-2032 04:47:34 GMT; path=/; SameSite=None; secure; HttpOnly
ISH_Q=#[2559]; expires=Fri, 12-Nov-2032 04:47:34 GMT; path=/; SameSite=None; secure; HttpOnly
ISPH=#{}; expires=Fri, 12-Nov-2032 04:47:34 GMT; path=/; SameSite=None; secure; HttpOnly
ISPH_Q=#[]; expires=Fri, 12-Nov-2032 04:47:34 GMT; path=/; SameSite=None; secure; HttpOnly
ICH=#{}; expires=Fri, 12-Nov-2032 04:47:34 GMT; path=/; SameSite=None; secure; HttpOnly
ICH_Q=#[]; expires=Fri, 12-Nov-2032 04:47:34 GMT; path=/; SameSite=None; secure; HttpOnly
X-Firefox-Spdy: h2
engine.phn.doublepimp.com/link.engine?guid=42c40668-b68e-4e38-bf61-f99b5f1cff30&Hardlink=true&time=0
192.152.95.130302 Found 0 B URL HTTP/2 engine.phn.doublepimp.com/link.engine?guid=42c40668-b68e-4e38-bf61-f99b5f1cff30&Hardlink=true&time=0
IP 192.152.95.130:0
GET /link.engine?guid=42c40668-b68e-4e38-bf61-f99b5f1cff30&Hardlink=true&time=0 HTTP/1.1
Host: engine.phn.doublepimp.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.yuvutu.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 302 Found
vary: Accept-Encoding
cache-control: private, no-transform
content-type: text/html; charset=utf-8
content-encoding: gzip
p3p: CP="CAO PSA OUR IND"
date: Sat, 12 Nov 2022 04:47:34 GMT
location: https://engine.phn.doublepimp.com/Redirect.eng?MediaSegmentId=24774&dcid=3_ctx_6b4e281c-00f1-493e-853c-1cdbd10fb462&vmId=00000000-0000-0000-0000-000000000000&abr=false&timeZoneOffset=&v=cU26zwFsSgFrvGrf2Ca_5bS886O2pdGX6MqAWLGZOPCgtaga43RY4l83I9r_K8SkUSQ1urf-eYA5bkZzqd0P4OvXcf5l666Eq6GdxtcjFfnFJAP-BdmnIo_ZUEZGf-IaHcCwwHKKvdx--8hU1vfHDP3DaO6bjpB4VeliORLoS3wc35y2nDyPOflBYmxL9dvk-Qo9OWok0tQO1IKxoaK5tkVgZkVlI6OzVWQuLIJhQ5Zj0uwwo2tmrrX_KV9G5SvZ5vXXOFO4KAvNLItZsO4eFJgy4ousRyp_pzLAhgPWZNXKKsC6xlVlrvevNSJMyrnteSJqaowjkAKx9Rh1bF5uDmOEptiPQq6hiF4bbrCksa9AdSRWDNd65CxBsIcaEct8BTACL4yNMPyO1hk5vbSsVvRyCBy8Nv9dT0KulsilBS7vdOrRVqQP_tBBR-Jw0BphwN08U1xB0p6p_zDbSXQp-L3I1icIDTyYmr3RJ15NXwZ-4pyUj7gWo9pdnsjPy0UEfpYENpJqP0M1QAWEZmeJ3EHzYygXAWtzYUraEkyXeTCVYNxHxPI7zpodPQASo4Fc8ycz5Xr7X_pVfEZFlCuRsRvAUUZ-HLNdvW3bLDN4x9CaXxiXdD5oM7Z6c9brODKjNq1W2H5Rbw4bqgMnDI__ZJELhLeVIzf4FbCKvvEui0y3VfJue5UAe_Cojo9tuh0hL_Xf1hafmIac-AY3QF6O8lu-I0Uv1xQUNTD-FY0S1G6MM4XHh5KYuhNuo70IfiuApW2mXBepMlUHm3oTYJww4Kb3uUYLYeMW4aMUWGY7k_LHwpaxT8gU-EVIy6tJLNNEUhXgMD0fW0Yv9LrU4SJCpVht7ql2U4T9DGVB7E6CVn7GSC43LX-Hx0EMywDBjLi_0&kw=&mw=1024&mh=768
access-control-allow-origin: *
set-cookie: IKSR={}; path=/; SameSite=None; secure
INF_DFL8=false; path=/; SameSite=None; secure
IUID=510da358-d0e2-4586-9d26-e7dc0d0a93cd; expires=Fri, 12-Nov-2032 04:47:34 GMT; path=/; SameSite=None; secure
ISSH=67397F; path=/; SameSite=None; secure
VMI=; path=/; SameSite=None; secure
IPLH=#{}; expires=Fri, 12-Nov-2032 04:47:34 GMT; path=/; SameSite=None; secure; HttpOnly
IPLH_Q=#[]; expires=Fri, 12-Nov-2032 04:47:34 GMT; path=/; SameSite=None; secure; HttpOnly
CHN=#[]; expires=Fri, 12-Nov-2032 04:47:34 GMT; path=/; SameSite=None; secure; HttpOnly
MSSH=#{}; expires=Fri, 12-Nov-2032 04:47:34 GMT; path=/; SameSite=None; secure; HttpOnly
MSRH=#{}; expires=Fri, 12-Nov-2032 04:47:34 GMT; path=/; SameSite=None; secure; HttpOnly
ILP=null; expires=Fri, 12-Nov-2032 04:47:34 GMT; path=/; SameSite=None; secure
ILPLU=#1/1/0001 12:00:00 AM; expires=Fri, 12-Nov-2032 04:47:34 GMT; path=/; SameSite=None; secure; HttpOnly
ILEALC=#1/1/0001 12:00:00 AM; expires=Fri, 12-Nov-2032 04:47:34 GMT; path=/; SameSite=None; secure; HttpOnly
ILMPF=#False; expires=Sat, 12-Nov-2022 08:47:34 GMT; path=/; SameSite=None; secure; HttpOnly
IPMPLU=#; expires=Fri, 12-Nov-2032 04:47:34 GMT; path=/; SameSite=None; secure; HttpOnly
IPMUID=#; expires=Fri, 12-Nov-2032 04:47:34 GMT; path=/; SameSite=None; secure; HttpOnly
BSWUID=#; expires=Fri, 12-Nov-2032 04:47:34 GMT; path=/; SameSite=None; secure; HttpOnly
IKSR={}; path=/; SameSite=None; secure
IBL=#[]; expires=Fri, 12-Nov-2032 04:47:34 GMT; path=/; SameSite=None; secure; HttpOnly
IPLSH=#{}; expires=Fri, 12-Nov-2032 04:47:34 GMT; path=/; SameSite=None; secure; HttpOnly
IPLSH_Q=#[]; expires=Fri, 12-Nov-2032 04:47:34 GMT; path=/; SameSite=None; secure; HttpOnly
IZH=#{}; expires=Fri, 12-Nov-2032 04:47:34 GMT; path=/; SameSite=None; secure; HttpOnly
IZH_Q=#[]; expires=Fri, 12-Nov-2032 04:47:34 GMT; path=/; SameSite=None; secure; HttpOnly
IMCH=#{}; expires=Fri, 12-Nov-2032 04:47:34 GMT; path=/; SameSite=None; secure; HttpOnly
IMCH_Q=#[]; expires=Fri, 12-Nov-2032 04:47:34 GMT; path=/; SameSite=None; secure; HttpOnly
IMH=#{}; expires=Fri, 12-Nov-2032 04:47:34 GMT; path=/; SameSite=None; secure; HttpOnly
IMH_Q=#[]; expires=Fri, 12-Nov-2032 04:47:34 GMT; path=/; SameSite=None; secure; HttpOnly
ISH=#{"2559":[{"SId":"67397F","D":"22/11/11T20:47:34"}]}; expires=Fri, 12-Nov-2032 04:47:34 GMT; path=/; SameSite=None; secure; HttpOnly
ISH_Q=#[2559]; expires=Fri, 12-Nov-2032 04:47:34 GMT; path=/; SameSite=None; secure; HttpOnly
ISPH=#{}; expires=Fri, 12-Nov-2032 04:47:34 GMT; path=/; SameSite=None; secure; HttpOnly
ISPH_Q=#[]; expires=Fri, 12-Nov-2032 04:47:34 GMT; path=/; SameSite=None; secure; HttpOnly
ICH=#{}; expires=Fri, 12-Nov-2032 04:47:34 GMT; path=/; SameSite=None; secure; HttpOnly
ICH_Q=#[]; expires=Fri, 12-Nov-2032 04:47:34 GMT; path=/; SameSite=None; secure; HttpOnly
X-Firefox-Spdy: h2
bngpt.com/promo.php?c=688955&subid=2|159344|5711849|no|112022|40568596|5205778|1|0|46|50304|,,,,,|4|0|0|3,4,6,11,12,14,30|0|0|en|1|1532635802|0&subid2=5711849&type=banner&size=728x90&name=st_true;st_dali;st_random_all;st-vibrotoy-all;double-anal;st_snapchat;st-boobs;st_squirt3;st-double-penetration
185.75.253.85200 OK 0 B URL HTTP/2 bngpt.com/promo.php?c=688955&subid=2|159344|5711849|no|112022|40568596|5205778|1|0|46|50304|,,,,,|4|0|0|3,4,6,11,12,14,30|0|0|en|1|1532635802|0&subid2=5711849&type=banner&size=728x90&name=st_true;st_dali;st_random_all;st-vibrotoy-all;double-anal;st_snapchat;st-boobs;st_squirt3;st-double-penetration
IP 185.75.253.85:0
ASN #48684 Viking Host B.V.
GET /promo.php?c=688955&subid=2|159344|5711849|no|112022|40568596|5205778|1|0|46|50304|,,,,,|4|0|0|3,4,6,11,12,14,30|0|0|en|1|1532635802|0&subid2=5711849&type=banner&size=728x90&name=st_true;st_dali;st_random_all;st-vibrotoy-all;double-anal;st_snapchat;st-boobs;st_squirt3;st-double-penetration HTTP/1.1
Host: bngpt.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://go.eabids.com/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Sat, 12 Nov 2022 04:47:35 GMT
content-type: text/html; charset=UTF-8
access-control-allow-origin:
expires: Sat, 12 Nov 2022 04:47:34 GMT
x-bcs: ded7724
strict-transport-security: max-age=0;
cache-control: no-cache, public
content-encoding: gzip
x-bc-bl: 105
X-Firefox-Spdy: h2
12007250.pix-cdn.org/a/pjexo.html?idzone=3902650&w=160&h=600&ad_sub=&ad_tags=
45.133.44.24200 OK 0 B URL HTTP/2 12007250.pix-cdn.org/a/pjexo.html?idzone=3902650&w=160&h=600&ad_sub=&ad_tags=
IP 45.133.44.24:0
ASN #39572 DataWeb Global Group B.V.
GET /a/pjexo.html?idzone=3902650&w=160&h=600&ad_sub=&ad_tags= HTTP/1.1
Host: 12007250.pix-cdn.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://rtbbnr.com/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 12 Nov 2022 04:47:32 GMT
content-type: text/html; charset=UTF-8
last-modified: Wed, 20 May 2020 13:08:32 GMT
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=kPbh%2FxCBFmqEl08sHdhmlQ8kGoKeNgQaVze7ntoBEo2qNrgXVpW3elJAI17KNteq5d6NvFL069Y0WSQ0f6%2FS2pN0FLqJTjFFuc9XJFrl%2FPFDMc6qn%2BLSJT7gbHq8"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-content-type-options: nosniff
server: cloudflare
cf-ray: 752345a2c96dcab1-HAM
content-encoding: gzip
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
expires: Sat, 12 Nov 2022 05:47:32 GMT
cache-control: max-age=3600
x-proxy-cache: HIT
access-control-allow-origin: *
X-Firefox-Spdy: h2
biptolyla.com/a.W-ZfygPh3iB_1kcl2mhna-bp2q5rlsS_WuQv9wNxD-Ez4AMBjCk_0ENFCG0H0-MJTKgLyMO_TOQP1QJRn-pTvUbVmWV_JYZZDa0b0-MdTegfygO_TiQj0kLlT-QnxoOpDqI_5sNtDuUv?iframeId=klachd
188.72.219.36200 OK 0 B URL HTTP/2 biptolyla.com/a.W-ZfygPh3iB_1kcl2mhna-bp2q5rlsS_WuQv9wNxD-Ez4AMBjCk_0ENFCG0H0-MJTKgLyMO_TOQP1QJRn-pTvUbVmWV_JYZZDa0b0-MdTegfygO_TiQj0kLlT-QnxoOpDqI_5sNtDuUv?iframeId=klachd
IP 188.72.219.36:0
GET /a.W-ZfygPh3iB_1kcl2mhna-bp2q5rlsS_WuQv9wNxD-Ez4AMBjCk_0ENFCG0H0-MJTKgLyMO_TOQP1QJRn-pTvUbVmWV_JYZZDa0b0-MdTegfygO_TiQj0kLlT-QnxoOpDqI_5sNtDuUv?iframeId=klachd HTTP/1.1
Host: biptolyla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://adultyiffyporn.gaysmills.gigixo.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 12 Nov 2022 04:47:34 GMT
content-type: text/html;charset=UTF-8
vary: Accept-Encoding
cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
pragma: no-cache
accept-ch: Sec-CH-UA-Platform-Version, Sec-CH-UA-Platform
expires: Mon, 26 Jul 2011 05:00:00 GMT
p3p: CP="CUR ADM OUR NOR STA NID"
last-modified: Sat, 12 Nov 2022 04:47:34 GMT
set-cookie: kadCCap=219047:1:1667194435;220335:1:1668062440;212269:1:1667199062;218693:1:1667677974;219484:1:1667715065; max-age=1699764454; path=/
kadACap=346327:1:1668159823;446013:1:1668228435; max-age=1699764454; path=/
kadASCap=446013:1:1668228435;346327:1:1668159823; path=/
kadRPixJ=bnVsbA==; max-age=1699764454; path=/
kadUnP3=CAIQz7K4mwYaDQjzwZkBEAEYz7K4mwYaDQicl/4BEAEY08q8mwYiCggDEAEYz7K4mwYiCggBEAEY08q8mwYqDAiMvRIQARjPsribBioMCJ78JBABGNPKvJsG; max-age=1699764454; path=/
x-content-type-options: nosniff
content-encoding: br
X-Firefox-Spdy: h2
engine.phn.doublepimp.com/link.engine?guid=42c40668-b68e-4e38-bf61-f99b5f1cff30&Hardlink=true&time=0
192.152.95.130302 Found 0 B URL HTTP/2 engine.phn.doublepimp.com/link.engine?guid=42c40668-b68e-4e38-bf61-f99b5f1cff30&Hardlink=true&time=0
IP 192.152.95.130:0
GET /link.engine?guid=42c40668-b68e-4e38-bf61-f99b5f1cff30&Hardlink=true&time=0 HTTP/1.1
Host: engine.phn.doublepimp.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.yuvutu.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
vary: Accept-Encoding
cache-control: private, no-transform
content-type: text/html; charset=utf-8
content-encoding: gzip
p3p: CP="CAO PSA OUR IND"
date: Sat, 12 Nov 2022 04:47:33 GMT
location: https://engine.phn.doublepimp.com/Redirect.eng?MediaSegmentId=24774&dcid=3_ctx_66821a9f-f37c-4974-8272-13e149b82b22&vmId=00000000-0000-0000-0000-000000000000&abr=false&timeZoneOffset=&v=cU26zwFsSgFrvGrf2Ca_5bS886O2pdGX6MqAWLGZOPCgtaga43RY4l83I9r_K8SkUSQ1urf-eYA5bkZzqd0P4OvXcf5l666Eq6GdxtcjFfnFJAP-BdmnIo_ZUEZGf-IaHcCwwHKKvdx--8hU1vfHDP3DaO6bjpB4VeliORLoS3wc35y2nDyPOflBYmxL9dvk-Qo9OWok0tQO1IKxoaK5tkVgZkVlI6OzVWQuLIJhQ5Zj0uwwo2tmrrX_KV9G5SvZ5vXXOFO4KAvNLItZsO4eFJgy4ousRyp_pzLAhgPWZNXKKsC6xlVlrvevNSJMyrnteSJqaowjkAKx9Rh1bF5uDmOEptiPQq6hiF4bbrCksa9AdSRWDNd65CxBsIcaEct8BTACL4yNMPyO1hk5vbSsVvRyCBy8Nv9dT0KulsilBS7vdOrRVqQP_tBBR-Jw0BphwN08U1xB0p6p_zDbSXQp-L3I1icIDTyYmr3RJ15NXwZ-4pyUj7gWo9pdnsjPy0UEfpYENpJqP0M1QAWEZmeJ3EHzYygXAWtzYUraEkyXeTCVYNxHxPI7zpodPQASo4Fc8ycz5Xr7X_pVfEZFlCuRsRvAUUZ-HLNdvW3bLDN4x9CaXxiXdD5oM7Z6c9brODKjNq1W2H5Rbw4bqgMnDI__ZJELhLeVIzf4FbCKvvEui0y3VfJue5UAe_Cojo9tuh0hL_Xf1hafmIac-AY3QF6O8lu-I0Uv1xQUNTD-FY0S1G6MM4XHh5KYuhNuo70IfiuApW2mXBepMlUHm3oTYJww4Kb3uUYLYeMW4aMUWGY7k_LHwpaxT8gU-EVIy6tJLNNEUhXgMD0fW0Yv9LrU4SJCpVht7ql2U4T9DGVB7E6CVn7GSC43LX-Hx0EMywDBjLi_0&kw=&mw=1024&mh=768
access-control-allow-origin: *
set-cookie: IKSR={}; path=/; SameSite=None; secure
INF_DFL8=false; path=/; SameSite=None; secure
IUID=a06ef972-6d95-401f-83b7-780f35b79c12; expires=Fri, 12-Nov-2032 04:47:34 GMT; path=/; SameSite=None; secure
ISSH=67397F; path=/; SameSite=None; secure
VMI=; path=/; SameSite=None; secure
IPLH=#{}; expires=Fri, 12-Nov-2032 04:47:34 GMT; path=/; SameSite=None; secure; HttpOnly
IPLH_Q=#[]; expires=Fri, 12-Nov-2032 04:47:34 GMT; path=/; SameSite=None; secure; HttpOnly
CHN=#[]; expires=Fri, 12-Nov-2032 04:47:34 GMT; path=/; SameSite=None; secure; HttpOnly
MSSH=#{}; expires=Fri, 12-Nov-2032 04:47:34 GMT; path=/; SameSite=None; secure; HttpOnly
MSRH=#{}; expires=Fri, 12-Nov-2032 04:47:34 GMT; path=/; SameSite=None; secure; HttpOnly
ILP=null; expires=Fri, 12-Nov-2032 04:47:34 GMT; path=/; SameSite=None; secure
ILPLU=#1/1/0001 12:00:00 AM; expires=Fri, 12-Nov-2032 04:47:34 GMT; path=/; SameSite=None; secure; HttpOnly
ILEALC=#1/1/0001 12:00:00 AM; expires=Fri, 12-Nov-2032 04:47:34 GMT; path=/; SameSite=None; secure; HttpOnly
ILMPF=#False; expires=Sat, 12-Nov-2022 08:47:34 GMT; path=/; SameSite=None; secure; HttpOnly
IPMPLU=#; expires=Fri, 12-Nov-2032 04:47:34 GMT; path=/; SameSite=None; secure; HttpOnly
IPMUID=#; expires=Fri, 12-Nov-2032 04:47:34 GMT; path=/; SameSite=None; secure; HttpOnly
BSWUID=#; expires=Fri, 12-Nov-2032 04:47:34 GMT; path=/; SameSite=None; secure; HttpOnly
IKSR={}; path=/; SameSite=None; secure
IBL=#[]; expires=Fri, 12-Nov-2032 04:47:34 GMT; path=/; SameSite=None; secure; HttpOnly
IPLSH=#{}; expires=Fri, 12-Nov-2032 04:47:34 GMT; path=/; SameSite=None; secure; HttpOnly
IPLSH_Q=#[]; expires=Fri, 12-Nov-2032 04:47:34 GMT; path=/; SameSite=None; secure; HttpOnly
IZH=#{}; expires=Fri, 12-Nov-2032 04:47:34 GMT; path=/; SameSite=None; secure; HttpOnly
IZH_Q=#[]; expires=Fri, 12-Nov-2032 04:47:34 GMT; path=/; SameSite=None; secure; HttpOnly
IMCH=#{}; expires=Fri, 12-Nov-2032 04:47:34 GMT; path=/; SameSite=None; secure; HttpOnly
IMCH_Q=#[]; expires=Fri, 12-Nov-2032 04:47:34 GMT; path=/; SameSite=None; secure; HttpOnly
IMH=#{}; expires=Fri, 12-Nov-2032 04:47:34 GMT; path=/; SameSite=None; secure; HttpOnly
IMH_Q=#[]; expires=Fri, 12-Nov-2032 04:47:34 GMT; path=/; SameSite=None; secure; HttpOnly
ISH=#{"2559":[{"SId":"67397F","D":"22/11/11T20:47:34"}]}; expires=Fri, 12-Nov-2032 04:47:34 GMT; path=/; SameSite=None; secure; HttpOnly
ISH_Q=#[2559]; expires=Fri, 12-Nov-2032 04:47:34 GMT; path=/; SameSite=None; secure; HttpOnly
ISPH=#{}; expires=Fri, 12-Nov-2032 04:47:34 GMT; path=/; SameSite=None; secure; HttpOnly
ISPH_Q=#[]; expires=Fri, 12-Nov-2032 04:47:34 GMT; path=/; SameSite=None; secure; HttpOnly
ICH=#{}; expires=Fri, 12-Nov-2032 04:47:34 GMT; path=/; SameSite=None; secure; HttpOnly
ICH_Q=#[]; expires=Fri, 12-Nov-2032 04:47:34 GMT; path=/; SameSite=None; secure; HttpOnly
X-Firefox-Spdy: h2
maxcdn.bootstrapcdn.com/font-awesome/4.5.0/css/font-awesome.min.css
104.18.11.207200 OK 0 B URL HTTP/2 maxcdn.bootstrapcdn.com/font-awesome/4.5.0/css/font-awesome.min.css
IP 104.18.11.207:0
GET /font-awesome/4.5.0/css/font-awesome.min.css HTTP/1.1
Host: maxcdn.bootstrapcdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://adultyiffyporn.gaysmills.gigixo.com
Connection: keep-alive
Referer: http://adultyiffyporn.gaysmills.gigixo.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 12 Nov 2022 04:47:30 GMT
content-type: text/css; charset=utf-8
vary: Accept-Encoding
cdn-pullzone: 252412
cdn-uid: b1941f61-b576-4f40-80de-5677acb38f74
cdn-requestcountrycode: DE
access-control-allow-origin: *
cache-control: public, max-age=31919000
etag: W/"4fbd15cb6047af93373f4f895639c8bf"
last-modified: Mon, 25 Jan 2021 22:04:54 GMT
cdn-cachedat: 11/11/2022 02:14:45
cdn-proxyver: 1.03
cdn-requestpullcode: 200
cdn-requestpullsuccess: True
cdn-edgestorageid: 1047
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
cdn-status: 200
cdn-requestid: 1b6018947f6eb5d2308462a78af13687
cdn-cache: HIT
cf-cache-status: MISS
strict-transport-security: max-age=31536000; includeSubDomains; preload
server: cloudflare
cf-ray: 768ca1458cd20b65-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
rtbbnr.com/get/?go=1&data=eyJpbXAiOlt7InNlY3VyZSI6MCwiZXh0Ijp7InNwb3QiOjM3MjUsImlkIjo4NTksImxhYmVscyI6IiIsInNpdGVfaWQiOjM3MjUsInR5cGUiOiJiYW5uZXIiLCJzcGFjZWlkIjo4NTksInNwb3RfaWQiOjAsImlkem9uZSI6MzgzMDgxOSwiem9uZSI6InRjX3BhYl8zMDB4MjUwIiwiYWRfdGFncyI6IiIsInRpdGxlIjoiIiwic3ViaWQiOiIxMDEzNTk5NzIwIiwidXRtMSI6InRjYmFuX2kiLCJ1dG0yIjoiMzcyNSIsInV0bTMiOiIxNzc5NCIsInV0bTQiOiIifSwiYmFubmVyIjp7InciOjMwMCwiaCI6MjUwfX1dLCJzaXRlIjp7ImlkIjoiMzcyNSIsInBhZ2UiOiJodHRwOi8vYWR1bHR5aWZmeXBvcm4uZ2F5c21pbGxzLmdpZ2l4by5jb20vIn0sImRldmljZSI6eyJ3IjoxMjgwLCJoIjoxMDI0fSwidXNlciI6eyJpZCI6ImJmM2UwNGRjMTY4YTVlZDJjNTcyYTdkZjc0MjkyMDg3In0sImV4dCI6eyJkdCI6MTY2ODIyODQ1MDk4NH19
159.69.163.6200 OK 0 B URL HTTP/2 rtbbnr.com/get/?go=1&data=eyJpbXAiOlt7InNlY3VyZSI6MCwiZXh0Ijp7InNwb3QiOjM3MjUsImlkIjo4NTksImxhYmVscyI6IiIsInNpdGVfaWQiOjM3MjUsInR5cGUiOiJiYW5uZXIiLCJzcGFjZWlkIjo4NTksInNwb3RfaWQiOjAsImlkem9uZSI6MzgzMDgxOSwiem9uZSI6InRjX3BhYl8zMDB4MjUwIiwiYWRfdGFncyI6IiIsInRpdGxlIjoiIiwic3ViaWQiOiIxMDEzNTk5NzIwIiwidXRtMSI6InRjYmFuX2kiLCJ1dG0yIjoiMzcyNSIsInV0bTMiOiIxNzc5NCIsInV0bTQiOiIifSwiYmFubmVyIjp7InciOjMwMCwiaCI6MjUwfX1dLCJzaXRlIjp7ImlkIjoiMzcyNSIsInBhZ2UiOiJodHRwOi8vYWR1bHR5aWZmeXBvcm4uZ2F5c21pbGxzLmdpZ2l4by5jb20vIn0sImRldmljZSI6eyJ3IjoxMjgwLCJoIjoxMDI0fSwidXNlciI6eyJpZCI6ImJmM2UwNGRjMTY4YTVlZDJjNTcyYTdkZjc0MjkyMDg3In0sImV4dCI6eyJkdCI6MTY2ODIyODQ1MDk4NH19
IP 159.69.163.6:0
ASN #24940 Hetzner Online GmbH
GET /get/?go=1&data=eyJpbXAiOlt7InNlY3VyZSI6MCwiZXh0Ijp7InNwb3QiOjM3MjUsImlkIjo4NTksImxhYmVscyI6IiIsInNpdGVfaWQiOjM3MjUsInR5cGUiOiJiYW5uZXIiLCJzcGFjZWlkIjo4NTksInNwb3RfaWQiOjAsImlkem9uZSI6MzgzMDgxOSwiem9uZSI6InRjX3BhYl8zMDB4MjUwIiwiYWRfdGFncyI6IiIsInRpdGxlIjoiIiwic3ViaWQiOiIxMDEzNTk5NzIwIiwidXRtMSI6InRjYmFuX2kiLCJ1dG0yIjoiMzcyNSIsInV0bTMiOiIxNzc5NCIsInV0bTQiOiIifSwiYmFubmVyIjp7InciOjMwMCwiaCI6MjUwfX1dLCJzaXRlIjp7ImlkIjoiMzcyNSIsInBhZ2UiOiJodHRwOi8vYWR1bHR5aWZmeXBvcm4uZ2F5c21pbGxzLmdpZ2l4by5jb20vIn0sImRldmljZSI6eyJ3IjoxMjgwLCJoIjoxMDI0fSwidXNlciI6eyJpZCI6ImJmM2UwNGRjMTY4YTVlZDJjNTcyYTdkZjc0MjkyMDg3In0sImV4dCI6eyJkdCI6MTY2ODIyODQ1MDk4NH19 HTTP/1.1
Host: rtbbnr.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://cdn.tubecorp.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx/1.18.0
date: Sat, 12 Nov 2022 04:47:31 GMT
content-type: text/html
vary: Origin
cache-control: no-transform, no-cache, no-store, must-revalidate
pragma: no-cache
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: *
content-encoding: gzip
X-Firefox-Spdy: h2
pxl.tsyndicate.com/api/v1/elapsedtime?f=banner%20300x250&sc=6a91f85098294907941c239ca45e3b90&hn=adultyiffyporn.gaysmills.gigixo.com&et=75
136.243.134.97200 OK 0 B URL HTTP/1.1 pxl.tsyndicate.com/api/v1/elapsedtime?f=banner%20300x250&sc=6a91f85098294907941c239ca45e3b90&hn=adultyiffyporn.gaysmills.gigixo.com&et=75
IP 136.243.134.97:0
ASN #24940 Hetzner Online GmbH
GET /api/v1/elapsedtime?f=banner%20300x250&sc=6a91f85098294907941c239ca45e3b90&hn=adultyiffyporn.gaysmills.gigixo.com&et=75 HTTP/1.1
Host: pxl.tsyndicate.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://adultyiffyporn.gaysmills.gigixo.com/
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 12 Nov 2022 04:47:32 GMT
Content-Length: 0
Connection: keep-alive
X-Robots-Tag: noindex, nofollow
engine.phn.doublepimp.com/link.engine?guid=42c40668-b68e-4e38-bf61-f99b5f1cff30&Hardlink=true&time=0
192.152.95.130302 Found 0 B URL HTTP/2 engine.phn.doublepimp.com/link.engine?guid=42c40668-b68e-4e38-bf61-f99b5f1cff30&Hardlink=true&time=0
IP 192.152.95.130:0
GET /link.engine?guid=42c40668-b68e-4e38-bf61-f99b5f1cff30&Hardlink=true&time=0 HTTP/1.1
Host: engine.phn.doublepimp.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.yuvutu.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 302 Found
vary: Accept-Encoding
cache-control: private, no-transform
content-type: text/html; charset=utf-8
content-encoding: gzip
p3p: CP="CAO PSA OUR IND"
date: Sat, 12 Nov 2022 04:47:34 GMT
location: https://engine.phn.doublepimp.com/Redirect.eng?MediaSegmentId=24774&dcid=3_ctx_bbbc5dcc-5fa9-4c81-9ce8-483cec4cdbe8&vmId=00000000-0000-0000-0000-000000000000&abr=false&timeZoneOffset=&v=cU26zwFsSgFrvGrf2Ca_5bS886O2pdGX6MqAWLGZOPCgtaga43RY4l83I9r_K8SkUSQ1urf-eYA5bkZzqd0P4OvXcf5l666Eq6GdxtcjFfnFJAP-BdmnIo_ZUEZGf-IaHcCwwHKKvdx--8hU1vfHDP3DaO6bjpB4VeliORLoS3wc35y2nDyPOflBYmxL9dvk-Qo9OWok0tQO1IKxoaK5tkVgZkVlI6OzVWQuLIJhQ5Zj0uwwo2tmrrX_KV9G5SvZ5vXXOFO4KAvNLItZsO4eFJgy4ousRyp_pzLAhgPWZNXKKsC6xlVlrvevNSJMyrnteSJqaowjkAKx9Rh1bF5uDmOEptiPQq6hiF4bbrCksa9AdSRWDNd65CxBsIcaEct8BTACL4yNMPyO1hk5vbSsVvRyCBy8Nv9dT0KulsilBS7vdOrRVqQP_tBBR-Jw0BphwN08U1xB0p6p_zDbSXQp-L3I1icIDTyYmr3RJ15NXwZ-4pyUj7gWo9pdnsjPy0UEfpYENpJqP0M1QAWEZmeJ3EHzYygXAWtzYUraEkyXeTCVYNxHxPI7zpodPQASo4Fc8ycz5Xr7X_pVfEZFlCuRsRvAUUZ-HLNdvW3bLDN4x9CaXxiXdD5oM7Z6c9brODKjNq1W2H5Rbw4bqgMnDI__ZJELhLeVIzf4FbCKvvEui0y3VfJue5UAe_Cojo9tuh0hL_Xf1hafmIac-AY3QF6O8lu-I0Uv1xQUNTD-FY0S1G6MM4XHh5KYuhNuo70IfiuApW2mXBepMlUHm3oTYJww4Kb3uUYLYeMW4aMUWGY7k_LHwpaxT8gU-EVIy6tJLNNEUhXgMD0fW0Yv9LrU4SJCpVht7ql2U4T9DGVB7E6CVn7GSC43LX-Hx0EMywDBjLi_0&kw=&mw=1024&mh=768
access-control-allow-origin: *
set-cookie: IKSR={}; path=/; SameSite=None; secure
INF_DFL8=false; path=/; SameSite=None; secure
IUID=8ccdf0f2-2b20-4f19-a58a-d7f183608895; expires=Fri, 12-Nov-2032 04:47:34 GMT; path=/; SameSite=None; secure
ISSH=67397F; path=/; SameSite=None; secure
VMI=; path=/; SameSite=None; secure
IPLH=#{}; expires=Fri, 12-Nov-2032 04:47:34 GMT; path=/; SameSite=None; secure; HttpOnly
IPLH_Q=#[]; expires=Fri, 12-Nov-2032 04:47:34 GMT; path=/; SameSite=None; secure; HttpOnly
CHN=#[]; expires=Fri, 12-Nov-2032 04:47:34 GMT; path=/; SameSite=None; secure; HttpOnly
MSSH=#{}; expires=Fri, 12-Nov-2032 04:47:34 GMT; path=/; SameSite=None; secure; HttpOnly
MSRH=#{}; expires=Fri, 12-Nov-2032 04:47:34 GMT; path=/; SameSite=None; secure; HttpOnly
ILP=null; expires=Fri, 12-Nov-2032 04:47:34 GMT; path=/; SameSite=None; secure
ILPLU=#1/1/0001 12:00:00 AM; expires=Fri, 12-Nov-2032 04:47:34 GMT; path=/; SameSite=None; secure; HttpOnly
ILEALC=#1/1/0001 12:00:00 AM; expires=Fri, 12-Nov-2032 04:47:34 GMT; path=/; SameSite=None; secure; HttpOnly
ILMPF=#False; expires=Sat, 12-Nov-2022 08:47:34 GMT; path=/; SameSite=None; secure; HttpOnly
IPMPLU=#; expires=Fri, 12-Nov-2032 04:47:34 GMT; path=/; SameSite=None; secure; HttpOnly
IPMUID=#; expires=Fri, 12-Nov-2032 04:47:34 GMT; path=/; SameSite=None; secure; HttpOnly
BSWUID=#; expires=Fri, 12-Nov-2032 04:47:34 GMT; path=/; SameSite=None; secure; HttpOnly
IKSR={}; path=/; SameSite=None; secure
IBL=#[]; expires=Fri, 12-Nov-2032 04:47:34 GMT; path=/; SameSite=None; secure; HttpOnly
IPLSH=#{}; expires=Fri, 12-Nov-2032 04:47:34 GMT; path=/; SameSite=None; secure; HttpOnly
IPLSH_Q=#[]; expires=Fri, 12-Nov-2032 04:47:34 GMT; path=/; SameSite=None; secure; HttpOnly
IZH=#{}; expires=Fri, 12-Nov-2032 04:47:34 GMT; path=/; SameSite=None; secure; HttpOnly
IZH_Q=#[]; expires=Fri, 12-Nov-2032 04:47:34 GMT; path=/; SameSite=None; secure; HttpOnly
IMCH=#{}; expires=Fri, 12-Nov-2032 04:47:34 GMT; path=/; SameSite=None; secure; HttpOnly
IMCH_Q=#[]; expires=Fri, 12-Nov-2032 04:47:34 GMT; path=/; SameSite=None; secure; HttpOnly
IMH=#{}; expires=Fri, 12-Nov-2032 04:47:34 GMT; path=/; SameSite=None; secure; HttpOnly
IMH_Q=#[]; expires=Fri, 12-Nov-2032 04:47:34 GMT; path=/; SameSite=None; secure; HttpOnly
ISH=#{"2559":[{"SId":"67397F","D":"22/11/11T20:47:34"}]}; expires=Fri, 12-Nov-2032 04:47:34 GMT; path=/; SameSite=None; secure; HttpOnly
ISH_Q=#[2559]; expires=Fri, 12-Nov-2032 04:47:34 GMT; path=/; SameSite=None; secure; HttpOnly
ISPH=#{}; expires=Fri, 12-Nov-2032 04:47:34 GMT; path=/; SameSite=None; secure; HttpOnly
ISPH_Q=#[]; expires=Fri, 12-Nov-2032 04:47:34 GMT; path=/; SameSite=None; secure; HttpOnly
ICH=#{}; expires=Fri, 12-Nov-2032 04:47:34 GMT; path=/; SameSite=None; secure; HttpOnly
ICH_Q=#[]; expires=Fri, 12-Nov-2032 04:47:34 GMT; path=/; SameSite=None; secure; HttpOnly
X-Firefox-Spdy: h2
biptolyla.com/aEW.ZFyGPH3-BJ1KcL2Mh_aObP2Q5Rl-STWUQV9WN_DYEZ4aMbj-kd0eNfCg0_0iMjTkgly-OnToQp1qJ_nsptvubvm-VxJyZzDA0_0CMDTEgFy-OHTIQJ0KL_TMQNxOOPD-IR5SNTDUU_?iframeId=bdiwaq
188.72.219.36200 OK 0 B URL HTTP/2 biptolyla.com/aEW.ZFyGPH3-BJ1KcL2Mh_aObP2Q5Rl-STWUQV9WN_DYEZ4aMbj-kd0eNfCg0_0iMjTkgly-OnToQp1qJ_nsptvubvm-VxJyZzDA0_0CMDTEgFy-OHTIQJ0KL_TMQNxOOPD-IR5SNTDUU_?iframeId=bdiwaq
IP 188.72.219.36:0
GET /aEW.ZFyGPH3-BJ1KcL2Mh_aObP2Q5Rl-STWUQV9WN_DYEZ4aMbj-kd0eNfCg0_0iMjTkgly-OnToQp1qJ_nsptvubvm-VxJyZzDA0_0CMDTEgFy-OHTIQJ0KL_TMQNxOOPD-IR5SNTDUU_?iframeId=bdiwaq HTTP/1.1
Host: biptolyla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://adultyiffyporn.gaysmills.gigixo.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 12 Nov 2022 04:47:34 GMT
content-type: text/html;charset=UTF-8
vary: Accept-Encoding
expires: Mon, 26 Jul 2011 05:00:00 GMT
cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
pragma: no-cache
accept-ch: Sec-CH-UA-Platform-Version, Sec-CH-UA-Platform
p3p: CP="CUR ADM OUR NOR STA NID"
last-modified: Sat, 12 Nov 2022 04:47:34 GMT
set-cookie: kadCCap=219047:1:1667194435;220335:1:1668062440;212269:1:1667199062;218693:1:1667677974;219484:1:1667715065; max-age=1699764454; path=/
kadACap=346327:1:1668159823;446013:1:1668228435; max-age=1699764454; path=/
kadASCap=346327:1:1668159823;446013:1:1668228435; path=/
kadRPixJ=bnVsbA==; max-age=1699764454; path=/
kadUnP3=CAIQz7K4mwYaDQicl/4BEAEY08q8mwYaDQjzwZkBEAEYz7K4mwYiCggBEAEY08q8mwYiCggDEAEYz7K4mwYqDAiMvRIQARjPsribBioMCJ78JBABGNPKvJsG; max-age=1699764454; path=/
x-content-type-options: nosniff
content-encoding: br
X-Firefox-Spdy: h2
biptolyla.com/aXWYZ_y.Pa3bBc1dc-2fhgahbi2_5kllSmWnQ-9pNqDrEs2_NuDvUwwxO-Cz0A0BMCT_YE0FNGTHA-5JJKnLpMv_bOmPVQJRZ-DT0U0VMWT_YY0ZNaTbA-4dLeTfQgx_NijjQk1lM-Dnko?iframeId=apfgem
188.72.219.36200 OK 0 B URL HTTP/2 biptolyla.com/aXWYZ_y.Pa3bBc1dc-2fhgahbi2_5kllSmWnQ-9pNqDrEs2_NuDvUwwxO-Cz0A0BMCT_YE0FNGTHA-5JJKnLpMv_bOmPVQJRZ-DT0U0VMWT_YY0ZNaTbA-4dLeTfQgx_NijjQk1lM-Dnko?iframeId=apfgem
IP 188.72.219.36:0
GET /aXWYZ_y.Pa3bBc1dc-2fhgahbi2_5kllSmWnQ-9pNqDrEs2_NuDvUwwxO-Cz0A0BMCT_YE0FNGTHA-5JJKnLpMv_bOmPVQJRZ-DT0U0VMWT_YY0ZNaTbA-4dLeTfQgx_NijjQk1lM-Dnko?iframeId=apfgem HTTP/1.1
Host: biptolyla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://adultyiffyporn.gaysmills.gigixo.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 12 Nov 2022 04:47:31 GMT
content-type: text/html;charset=UTF-8
vary: Accept-Encoding
expires: Mon, 26 Jul 2011 05:00:00 GMT
cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
pragma: no-cache
accept-ch: Sec-CH-UA-Platform-Version, Sec-CH-UA-Platform
p3p: CP="CUR ADM OUR NOR STA NID"
last-modified: Sat, 12 Nov 2022 04:47:31 GMT
set-cookie: kadCCap=219047:1:1667194435;220335:1:1668062440;212269:1:1667199062;218693:1:1667677974;219484:1:1667715065; max-age=1699764451; path=/
kadACap=346327:1:1668159823;446013:1:1668228435; max-age=1699764451; path=/
kadASCap=446013:1:1668228435;346327:1:1668159823; path=/
kadRPixJ=bnVsbA==; max-age=1699764451; path=/
kadUnP3=CAIQz7K4mwYaDQjzwZkBEAEYz7K4mwYaDQicl/4BEAEY08q8mwYiCggDEAEYz7K4mwYiCggBEAEY08q8mwYqDAiMvRIQARjPsribBioMCJ78JBABGNPKvJsG; max-age=1699764451; path=/
x-content-type-options: nosniff
content-encoding: br
X-Firefox-Spdy: h2
go.xlivrdr.com/config?url=https%3A%2F%2Fcreative.xlivrdr.com%2FLPOmega%3FcampaignId%3D0344371630277140d4e6e843762bdf964d4ae7bf351771961595fbde6c2ada11%26campaignType%3Dsmartpop%26creativeId%3D193e01b6441b8809a16431953d3bb8a77d1bf56f2035eab90cc033ab48b5e3fa%26iterationId%3D249744%26masterSmartpopId%3D1914%26memberId%3DZm1Kr_9tm2kwfUuvrZze3VEEezTZMO5hrxEx2IZQ4m0uAQ61HIf8fzMrNK66SZgHdTTcSmZD7M0Fbp5NfkHJguhM2aMoUO9235NEiR4_gUIDRUi%26p1%3D3844273%26ruleId%3D17%26smartpopId%3D1793%26sourceId%3D477848%26tag%3D-girls%252Findian%26userId%3Dd100f7df1b38527c59f2a01ce658dbfb8b696949c12c1469164f408167d4a1ca%26variationId%3D29441
104.18.59.150200 OK 0 B URL HTTP/2 go.xlivrdr.com/config?url=https%3A%2F%2Fcreative.xlivrdr.com%2FLPOmega%3FcampaignId%3D0344371630277140d4e6e843762bdf964d4ae7bf351771961595fbde6c2ada11%26campaignType%3Dsmartpop%26creativeId%3D193e01b6441b8809a16431953d3bb8a77d1bf56f2035eab90cc033ab48b5e3fa%26iterationId%3D249744%26masterSmartpopId%3D1914%26memberId%3DZm1Kr_9tm2kwfUuvrZze3VEEezTZMO5hrxEx2IZQ4m0uAQ61HIf8fzMrNK66SZgHdTTcSmZD7M0Fbp5NfkHJguhM2aMoUO9235NEiR4_gUIDRUi%26p1%3D3844273%26ruleId%3D17%26smartpopId%3D1793%26sourceId%3D477848%26tag%3D-girls%252Findian%26userId%3Dd100f7df1b38527c59f2a01ce658dbfb8b696949c12c1469164f408167d4a1ca%26variationId%3D29441
IP 104.18.59.150:0
GET /config?url=https%3A%2F%2Fcreative.xlivrdr.com%2FLPOmega%3FcampaignId%3D0344371630277140d4e6e843762bdf964d4ae7bf351771961595fbde6c2ada11%26campaignType%3Dsmartpop%26creativeId%3D193e01b6441b8809a16431953d3bb8a77d1bf56f2035eab90cc033ab48b5e3fa%26iterationId%3D249744%26masterSmartpopId%3D1914%26memberId%3DZm1Kr_9tm2kwfUuvrZze3VEEezTZMO5hrxEx2IZQ4m0uAQ61HIf8fzMrNK66SZgHdTTcSmZD7M0Fbp5NfkHJguhM2aMoUO9235NEiR4_gUIDRUi%26p1%3D3844273%26ruleId%3D17%26smartpopId%3D1793%26sourceId%3D477848%26tag%3D-girls%252Findian%26userId%3Dd100f7df1b38527c59f2a01ce658dbfb8b696949c12c1469164f408167d4a1ca%26variationId%3D29441 HTTP/1.1
Host: go.xlivrdr.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://creative.xlivrdr.com/
Origin: https://creative.xlivrdr.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
HTTP/2 200 OK
date: Sat, 12 Nov 2022 04:47:34 GMT
content-type: application/json
access-control-allow-origin: *
last-modified: Sat, 12 Nov 2022 04:47:34 GMT
cf-cache-status: MISS
set-cookie: __cflb=02DiuDfsBaY2bRYJiCeRhAptQvDh5wz7nf6HZPppKZdHN; SameSite=None; Secure; path=/; expires=Sun, 13-Nov-22 03:47:34 GMT; HttpOnly
vary: Accept-Encoding
server: cloudflare
cf-ray: 768ca15ec9bb0af6-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2