xxxfree.watch/veronica-leal-wet-and-horny/
104.21.72.141301 Moved Permanently 0 B URL HTTP/1.1 xxxfree.watch/veronica-leal-wet-and-horny/
IP 104.21.72.141:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /veronica-leal-wet-and-horny/ HTTP/1.1
Host: xxxfree.watch
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 301 Moved Permanently
Date: Fri, 16 Sep 2022 15:59:19 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: max-age=3600
Expires: Fri, 16 Sep 2022 16:59:19 GMT
Location: https://xxxfree.watch/veronica-leal-wet-and-horny/
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=rV8zRkxu8Is7eP4ITVjvIRAj%2Bkkjm8G5xLyrptObyzHi8qQyR3PGw%2FHqaUBzRRKf3N3aj9RhejxEsqylfL6uzvn%2B%2FBjdCqnN8Nwk2gnokiQPgmwK0dTJ%2FOJZQ71bp63B"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 74bacf04ac02b4f4-OSL
alt-svc: h2=":443"; ma=60
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash b0d651d83075c7a68e3c6a9204226150
294785e3f3a67cdd5f1a530b83a2cbd2c2cc0665
17cbb43fd6662576ba3fe8e06cf44247c903c1313cc419053599c41e286a2442
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "17CBB43FD6662576BA3FE8E06CF44247C903C1313CC419053599C41E286A2442"
Last-Modified: Thu, 15 Sep 2022 18:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=13017
Expires: Fri, 16 Sep 2022 19:36:16 GMT
Date: Fri, 16 Sep 2022 15:59:19 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/
143.204.55.27200 OK 939 B URL HTTP/1.1 firefox.settings.services.mozilla.com/v1/
IP 143.204.55.27:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash 99b7d23c1748d0526782b9ff9ea45f09
eadd801a3ba2aa00632c6fb52e1f9125bd6d5b4f
48f81668f76955320480b484138aebdad5d03c471036b4449c737aca1ecab08e
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 939
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Content-Type, Content-Length, Backoff, Retry-After, Alert
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Date: Fri, 16 Sep 2022 15:10:50 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
X-Cache: Hit from cloudfront
Via: 1.1 185768229530368be94556dcab1c486a.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: 3ZMfvs18ouNpX9jdiNkmMvPs9ornavG01lXoF-YdxVvAXflCkhPDtQ==
Age: 2910
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-10-09-23-18-04.chain
143.204.55.110200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-10-09-23-18-04.chain
IP 143.204.55.110:0
File type PEM certificate\012- , ASCII text
Hash 742edb4038f38bc533514982f3d2e861
cc3a20c8dc2a8c632ef9387a2744253f1e3fdef1
b6bfa49d3d135035701231db2fffc0c0643444394009a94c6a1b4d829d6b8345
GET /chains/remote-settings.content-signature.mozilla.org-2022-10-09-23-18-04.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: binary/octet-stream
content-length: 5348
last-modified: Sat, 20 Aug 2022 23:18:05 GMT
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
date: Fri, 16 Sep 2022 04:35:16 GMT
etag: "742edb4038f38bc533514982f3d2e861"
x-cache: Hit from cloudfront
via: 1.1 9ede9483eb891e14681c7c693b47c862.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: KsljaxIe4O-MfQSRYS1XuZKvgEGe5rdziGPvaKJI9eyXbB9xRqe8oA==
age: 41045
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Fri, 16 Sep 2022 15:59:20 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
vjs.zencdn.net/7.8.4/video-js.css?ver=7.8.4
151.101.86.217200 OK 11 kB URL HTTP/2 vjs.zencdn.net/7.8.4/video-js.css?ver=7.8.4
IP 151.101.86.217:0
File type Unicode text, UTF-8 text, with very long lines (5844)
Hash 9f703c1d1b064f5e72d8dba3484e868f
008cc8c438c57c51cc20bb4cb3e6452a287aaa8f
a1a9f6ebf0e40976737eeb1b6c544d462e5e444fcc8f59ab044833e2737c05e0
GET /7.8.4/video-js.css?ver=7.8.4 HTTP/1.1
Host: vjs.zencdn.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xxxfree.watch/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
last-modified: Wed, 08 Jul 2020 20:29:36 GMT
etag: "397a94bb87dfd0a64ba4d3d502912e4a"
cache-control: public, max-age=31536000
content-type: text/css; charset=utf-8
content-encoding: gzip
date: Fri, 16 Sep 2022 15:59:20 GMT
x-served-by: cache-bma1648-BMA
x-cache: HIT
x-cache-hits: 12220
vary: Accept-Encoding
access-control-allow-origin: *
timing-allow-origin: *
content-length: 10738
X-Firefox-Spdy: h2
a.realsrv.com/nativeads-v2.js
205.185.216.42200 OK 16 kB URL HTTP/1.1 a.realsrv.com/nativeads-v2.js
IP 205.185.216.42:0
File type C source, ASCII text, with very long lines (58917), with no line terminators
Hash 4fed24b05715a4123ff52b5bc128522b
6a3a08eb3da52fb6e303b9f1a33a56db987df4aa
f1bf20f90647fd8743e606ed47ea1ee6c191b93f54860e0b86597761b1b520c1
GET /nativeads-v2.js HTTP/1.1
Host: a.realsrv.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xxxfree.watch/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Date: Fri, 16 Sep 2022 15:59:20 GMT
Connection: Keep-Alive
Content-Encoding: gzip
Content-Length: 16534
Content-Type: application/javascript
Accept-Ranges: bytes
Cache-Control: max-age=10800
Server: nginx
etag: W/"24dfeeaabc29e5aaefc73f319e2"
X-HW: 1663343960.dop069.sk1.t,1663343960.cds243.sk1.shn,1663343960.cds243.sk1.c
Access-Control-Allow-Origin: *, *
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 750 B IP 142.250.74.3:0
File type gzip compressed data, from Unix\012- data
Hash 0c3463b28f92eb49538a99747431c929
e01bc109fe3a8d986fe44133dbbd912e44d6c2b1
6f41a763f2a7c0ef47641e7d518c7d7ac44f91f36563c7797598ea09b308a339
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 16 Sep 2022 15:59:20 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
vjs.zencdn.net/7.8.4/video.min.js?ver=7.8.4
151.101.86.217200 OK 139 kB URL HTTP/2 vjs.zencdn.net/7.8.4/video.min.js?ver=7.8.4
IP 151.101.86.217:0
File type Unicode text, UTF-8 text, with very long lines (45362)
Size 139 kB (139307 bytes)
Hash 62c1afff76ac7a673f537be0120a7ebd
97ddf6a072f381f59e098a7f93c1c4855edd0ec8
7770c06faeee3a1ce7c479c09bc2a1760100b1483945e1c5c4d2f788231ff142
GET /7.8.4/video.min.js?ver=7.8.4 HTTP/1.1
Host: vjs.zencdn.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xxxfree.watch/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
last-modified: Wed, 08 Jul 2020 20:29:39 GMT
etag: "102cc1896541330762962b95fcb31f95"
cache-control: public, max-age=31536000
content-type: application/javascript; charset=utf-8
content-encoding: gzip
date: Fri, 16 Sep 2022 15:59:20 GMT
x-served-by: cache-bma1648-BMA
x-cache: HIT
x-cache-hits: 4
vary: Accept-Encoding
access-control-allow-origin: *
timing-allow-origin: *
content-length: 139307
X-Firefox-Spdy: h2
www.googletagmanager.com/gtag/js?id=UA-62001516-1
142.250.74.72200 OK 42 kB URL HTTP/2 www.googletagmanager.com/gtag/js?id=UA-62001516-1
IP 142.250.74.72:0
File type ASCII text, with very long lines (1720)
Hash 4cab97f53e457e0fe241105fce83db89
8d1c16f89672ef18d5fa002b633a9dbbc79295b7
bb428f34b4282fb542fc8a50e2568be51184e914c9eabfebd53fe9ae2d3f1a97
GET /gtag/js?id=UA-62001516-1 HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xxxfree.watch/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Fri, 16 Sep 2022 15:59:20 GMT
expires: Fri, 16 Sep 2022 15:59:20 GMT
cache-control: private, max-age=900
last-modified: Fri, 16 Sep 2022 15:43:32 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 42351
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
a.realsrv.com/iframe.php?idzone=4673696&size=300x100
205.185.216.42200 OK 7.6 kB URL HTTP/1.1 a.realsrv.com/iframe.php?idzone=4673696&size=300x100
IP 205.185.216.42:0
File type ASCII text, with very long lines (24063)
Hash ef253c97feafd1df060799daf83e4d99
d847cb394ac6d202617831ec48ccb57b4f7a2dc5
f5df3fb20fa27e8eb7f86c22ecc0588238d3d5c3f7b5c57050c76618ae9ecad4
GET /iframe.php?idzone=4673696&size=300x100 HTTP/1.1
Host: a.realsrv.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xxxfree.watch/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Date: Fri, 16 Sep 2022 15:59:20 GMT
Connection: Keep-Alive
Content-Encoding: gzip
Content-Length: 1347
Content-Type: text/html; charset=UTF-8
Accept-Ranges: bytes
Server: nginx
Cache-Control: max-age=10800
X-HW: 1663343960.dop069.sk1.t,1663343960.cds243.sk1.shn,1663343960.dop069.sk1.t,1663343960.cds235.sk1.c
Access-Control-Allow-Origin: *, *
a.realsrv.com/iframe.php?idzone=4673696&size=300x100
205.185.216.42200 OK 1.3 kB URL HTTP/1.1 a.realsrv.com/iframe.php?idzone=4673696&size=300x100
IP 205.185.216.42:0
File type HTML document, ASCII text
Hash e4a1a0deb57f90b0b0c87a482048851f
edff78483fd9937e8bdcb4463fec3dbfaa2de066
c9f9cca6f2a03fd01d3a40415893806ed15b3bc072837198e443877c67af27c8
GET /iframe.php?idzone=4673696&size=300x100 HTTP/1.1
Host: a.realsrv.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xxxfree.watch/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Date: Fri, 16 Sep 2022 15:59:20 GMT
Connection: Keep-Alive
Content-Encoding: gzip
Content-Length: 1347
Content-Type: text/html; charset=UTF-8
Accept-Ranges: bytes
Server: nginx
Cache-Control: max-age=10800
X-HW: 1663343960.dop069.sk1.t,1663343960.cds243.sk1.shn,1663343960.dop069.sk1.t,1663343960.cds235.sk1.c
Access-Control-Allow-Origin: *, *
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 7.3 kB IP 142.250.74.3:0
File type gzip compressed data, from Unix\012- data
Hash 7ad7b1e14558cf1c10fb41f33ae48685
42ebeb039cb30a0920e04abc5782780daafa33be
28c987aa66cf1c57a0e582201b1c78c2b68bf658e197c703a0bb59b569989189
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 16 Sep 2022 15:59:20 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
e1.o.lencr.org/
23.36.77.32200 OK 5.4 kB IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
File type gzip compressed data, from Unix\012- data
Hash 05d51a3d6f3591d4aabf38a7818cb7e0
a4de68306c47eaaf7d5b8594405d6b8eab810b77
6073c491ca49d63058d1af0cdc9c51c4d44625450781dea81a9705c85daf6f2b
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "C34EBB8D47E39C773E4A7B9317D548B04731D6D13A3B3FA80265EA3C265BA05E"
Last-Modified: Fri, 16 Sep 2022 04:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3165
Expires: Fri, 16 Sep 2022 16:52:05 GMT
Date: Fri, 16 Sep 2022 15:59:20 GMT
Connection: keep-alive
a.realsrv.com/ad-provider.js
205.185.216.42200 OK 24 kB URL HTTP/1.1 a.realsrv.com/ad-provider.js
IP 205.185.216.42:0
File type ASCII text, with very long lines (65536), with no line terminators
Hash 46504668ecf4671f582f5ba93a2f3c6b
8b165c478da3dd4fd4df3b40745733049b5acb0c
5230c0e2745fedbf038f97e374a5b6ea033434301aa86ec545eae37b29350799
GET /ad-provider.js HTTP/1.1
Host: a.realsrv.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://a.realsrv.com/iframe.php?idzone=4673696&size=300x100
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Fri, 16 Sep 2022 15:59:20 GMT
Connection: Keep-Alive
Content-Encoding: gzip
Content-Length: 23726
Content-Type: application/javascript
Accept-Ranges: bytes
Cache-Control: max-age=10800
Server: nginx
etag: W/"2bf044048f482551901a41a7444"
X-HW: 1663343960.dop069.sk1.t,1663343960.cds243.sk1.shn,1663343960.dop069.sk1.t,1663343960.cds207.sk1.c
Access-Control-Allow-Origin: *, *
a.realsrv.com/iframe.php?idzone=4672840&size=300x250
205.185.216.42200 OK 1.3 kB URL HTTP/1.1 a.realsrv.com/iframe.php?idzone=4672840&size=300x250
IP 205.185.216.42:0
File type HTML document, ASCII text
Hash 2cbeb5c7ec92a5a82e6a2e67357f5ab5
e0c43290d166eb31012d76fed55b2c972a24f0ea
f0be57483b108bae49fcbee4659816b1784d73eb002037b53806588223ed79fe
GET /iframe.php?idzone=4672840&size=300x250 HTTP/1.1
Host: a.realsrv.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xxxfree.watch/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Date: Fri, 16 Sep 2022 15:59:20 GMT
Connection: Keep-Alive
Content-Encoding: gzip
Content-Length: 1347
Content-Type: text/html; charset=UTF-8
Accept-Ranges: bytes
Server: nginx
Cache-Control: max-age=10800
X-HW: 1663343960.dop069.sk1.t,1663343960.cds243.sk1.shn,1663343960.dop069.sk1.t,1663343960.cds015.sk1.c
Access-Control-Allow-Origin: *, *
dood.wf/e/uizsyl8a50rnovipbranyfgxppxbxo9l
104.26.8.113302 Found 0 B URL HTTP/2 dood.wf/e/uizsyl8a50rnovipbranyfgxppxbxo9l
IP 104.26.8.113:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /e/uizsyl8a50rnovipbranyfgxppxbxo9l HTTP/1.1
Host: dood.wf
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xxxfree.watch/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
date: Fri, 16 Sep 2022 15:59:20 GMT
content-length: 0
set-cookie: lang=1; domain=.dood.wf; path=/
referer=; domain=.dood.wf; path=/; expires=Fri, 16-Sep-2022 16:00:20 GMT
location: /e/m95t1lcruw8jqz5moug12eizyohrt6f
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=xStUjG79qKokku2Jn2BtJ2dAXx1gKlRPbXEYqBokBNwmFPHPubMEXZ9012AzcGkl09UZmcKKcd5IUbL%2FXspI%2F%2FiLJKNN67s4j5Eaad%2Biuv26h1voiLGj%2FNM%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 74bacf092a11b51e-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
syndication.realsrv.com/splash.php?native-settings=1&idzone=4673694&cookieconsent=true&p=https%3A%2F%2Fxxxfree.watch%2Fveronica-leal-wet-and-horny%2F
95.211.229.247200 OK 6.4 kB URL HTTP/1.1 syndication.realsrv.com/splash.php?native-settings=1&idzone=4673694&cookieconsent=true&p=https%3A%2F%2Fxxxfree.watch%2Fveronica-leal-wet-and-horny%2F
IP 95.211.229.247:0
ASN #60781 LeaseWeb Netherlands B.V.
File type JSON data\012- , ASCII text, with very long lines (12404), with no line terminators
Hash 315a59ad205d8b30a01c837b707c34bd
3e3c937e456d468f4e756d6d80d4fe9d32ba47fe
ec9b1f0b2eeaa05570c0518f61c191323369e9c83188570a68a661e3581c78be
GET /splash.php?native-settings=1&idzone=4673694&cookieconsent=true&p=https%3A%2F%2Fxxxfree.watch%2Fveronica-leal-wet-and-horny%2F HTTP/1.1
Host: syndication.realsrv.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://xxxfree.watch
Connection: keep-alive
Referer: https://xxxfree.watch/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 16 Sep 2022 15:59:20 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Origin: https://xxxfree.watch
Access-Control-Allow-Credentials: true
Set-Cookie: __uvt=a%3A1%3A%7Bi%3A0%3Bs%3A33%3A%2263249d588cfdd1.960736232737785141%22%3B%7D; expires=Sun, 15 Sep 2024 15:59:20 GMT; path=; domain=.realsrv.com; Secure; SameSite=none
impressions=mxmssbsanxgxaraaxosbageicxbmsboenxgxaasscslaegeialeblerenxgxarmeomobrgeimxmbasacnxgxaraaoasaageicxbmsbcenxgxaasselablgeialeblecenxgxaralsbsaxgeimxmbasmbnxgxaraaolroageioslmrxbrnxgxaasollmeageicxbmsbocnxgxaassommxageimsclxcabnxgxaramcssbcgeicxbmsbxcnxgxaassxeacageialbserxenxgxaasxeeeeageioslmrxlrnxgxaasscslaegeimscamxrbnxgxaramxrbclgeimsclxreenxgxaramcssbcgeimxmssbrenxgxaramcsmccgeicraxcrebnxgxarmcrsxcxgeislsarosxnxgxaaolmooxmgeicmexsleonxgxarabcxolegeioslmrxbmnxgxaasxeeeeageirsxcecsenxgxarabbcraxgeialbserebnxgxaasoxaxrbgeioslmroemnxgxaasxereregeicmexsblcnxgxarmrcmolageiaaoboxbonxgxaralmcosrgeiamxmbxbonxgxaralsbsolgeimscamxccnxgxaralsbsaxgeiaaoabboonxgxarmeomobrgeislsaroornxgxaaobbmllageimooxbxeanxgxarmescrbbgeirsxcecsbnxgxarmelblebgeicmexslxcnxgxarmcbccrbgeicraxcrocnxgxarmsoerxxgeicraxcclanxgxarmxmcmmcgeicmexslecnxgxarmsembabgeicraxcreanxgxarmaarabageirsxcecccnxgxarmoocmexgeicraxcrxanxgxarmarlrxmgeialbserxonxgxaaoobreargeimcelelronxgxarbsrmlaageirsxcecxanxgxarbccmbcsgeirbabxabbnxgxaaoleroccgeicmeecrxcnxgxarmbexrmogeicmeecclonxgxarmorasemgeialbsereanxgxaaxsosbblgeicmexslxonxgxarmcxcaregeicaxsscmbnxgxaasxeeeeageicmeexcaenxgxarmcxsxcageimcelelrcnxgxaasxeeeeageimcelelcenxgxarmcxsxcageimcoexclonxgxarmcxsxcageialbserecnxgxaaocxaaalgeicmeeccbcnxgxarmcarxemgeicmexsblenxgxarmarlrxmgeimcoexaabnxgxaaeosmmecgeimcoexasbnxgxaaeosmmecgeicmeecrecnxgxarmrxsamageicraxcroonxgxarmrasloageicmexrxxonxgxarmaarabageimcoexaxonxgxarbblarblgeicaormbbenxgxarlexsrrageimcebllronxgxarmarlrxmgeirbabxalenxgxarmabbsmmgeicraxcroenxgxarmbexrmogeirsxcecsonxgxarmbrrcsegeimcoexxlonxgxarbsasblxgeimcoexasanxgxaaoecxelogeiroeaablbnxgxarlrlxmeegeimcoexarenxgxarlcbxlxageimcoexabbnxgxarbxeocasgeimcoexrlonxgxarbblarblgeimooxbelbnxgxarbexxealgeirsxcecebnxgxarbsasblxgeimcoexrlcnxgxarlcbxlxageimcoexaaanxgxarlcbxlxageirsxcecxenxgxarbxxxolxgeiraaoxbbcnxgxarbellsrxgeimcelelcanxgxaaxarbxxegeioslmrxlsnxgxaasoxbeaegeicaormbmanxgxaaxxlcxbmgeicaormlxcnxgxarbobbbbmgeicaormbbanxgxaaeoxexsxgeicaormlxanxgxaaoaaxmbcgeimcelelranxgxarbsrmlaageimcersrocnxgxarbsasblxgeimcoexaxcnxgxarbcslxbcgeisaeeasslnxgxaaoomsarogeimcersxbenxgxaaxacacesgeimcersxacnxgxarbroammrgeicaormloenxgxaaeoxexsxgeimcersoeenxgxarbroammrgeimcelelaanxgxaasxeeeeageimcelelbenxgxarbrboxregeimcoexaxbnxgxaaoecxelogeimcoexamenxgxarbblarblgeimcoexabanxgxarbblarblgeimcoexacanxgxarbblarblgeimcoexaoonxgxarblslrsxgeimcclsxbcnxgxaaeosmmecgeimcclsoeonxgxaaoblaceageicaormleanxgxaaxxemrecgeimcclsebcnxgxarlexorssgeimcclsxmenxgxaaeoaolesgeimcclossbnxgxaasxeeeeageimcclsxlenxgxaasxeeeeageimcclsxsonxgxaaexxllbrgeimcclsxxcnxgxaaosrmroegeimcclsxlanxgxaaemmeambgeimcclsxscnxgxaasescsrmgeicaormbmbnxgxaaemaolsbgeimcclselcnxgxarleomllegeimccloscenxgxaaorormsbgeimcclsxaanxgxarlesreebgeimcclselanxgxaaebsleobgeimcclsebbnxgxarlcbxlxageicaormbmcnxgxarloeaexageicaormlxonxgxarlmbxoosgeiclsmrrrenxgxarloalasrgeiclsmarcanxgxarloalasrgeiclsmrbronxgxarloalasrgeimcclsxronxgxaasescsrmgeimcclsxmanxgxaaexxsoasgeimcclossanxgxaasscslaegeimcclsxaonxgxaasoxbeaegeimcoexasonxgxarlcbxlxageimcclsxabnxgxarlreooaageimcclosscnxgxaaoxbsallgeimcclsxlbnxgxaaomexxrcgeimcclsxbbnxgxarlalasssgeicaormbbonxgxaaeoxexsxgeimcclsxcanxgxaaxxcmeaegeimcclsxmbnxgxaaeebrxsegeimcclsxxonxgxaaxobsolageimcclsxsbnxgxaasscslaegeimcclsxcbnxgxaaexxllbrgeimcclsxmonxgxaaexoembogeimcclsxconxgxaaomcaobegeimcclselenxgxaaesmsscageimcclsxmcnxgxaaeosmmecgeimcoexacbnxgxaaoecxelogeimcclsxbanxgxaaeoaolesgeimcclsebanxgxaaesobbblgeimcclsxxanxgxaaesalmmsgeimcclsxacnxgxaaxlcabocgeimcoexcccnxgxaaecebcslgeimcclsxocnxgxaaesmsscageimcclsxbenxgxaaesalmlageimcclsxsenxgxaaeassbmlgeimcclsxrenxgxaaesmsscageimcclosccnxgxaaobxmbecgeimcclsxobnxgxaaorocbaogeimcelelsanxgxaaecebcslgeimcelelmanxgxaaecebcslgeimcclsxlonxgxaaoxbsallgeimcclsxlcnxgxaaolmecsogeimcclosconxgxaasoxbeaegeimrerbboanxgxaaemsosmogeicaormlxenxgxaaoamecaegeicaormbbcnxgxaaoamecaegeimrscomecnxgxaaxeeaxaegeimcclsxsanxgxaaosrmxxbgeimcrxsbobnxgxaaosxbcmogeimcoexsacnxgxaaxxcmeaegeimrscomeenxgxaaxsbxmrcgeimrcrbrxenxgxaaxrxelsbgeimcersxlbnxgxaaxacacesgeimcelelrenxgxaaxarbxxegeimrerbbsbnxgxaaoxasxrcgeimrerbbccnxgxaaoeemarogeimrerbmlenxgxaaxlocooageimccloscanxgxaaomcaobegeimrerbmlanxgxaaoeemarogeiclsmrbocnxgxaaooxbxsrgeiclsmrrccnxgxaaooxbxsrgeiclsmrmocnxgxaaooxbxsrgeiccmblmmonxgxaaseclebbgeiccmblmmbnxgxaasscslaegeiccmblmmanxgxaaseabxoageimcoexaebnxgxaaosrmxxbgeimcclsxoanxgxaaosrmroegeircsxcxscnxgxaasebaeebgeiccmblmmcnxgxaasoxaxrbgeimreaobscnxgxaaoroaslegeimreaobeanxgxaaoroaslegeimreaoboonxgxaaoroaslegeimrerbbxenxgxaaoaxomcxgeimcclsoeenxgxaasescsrmgeimcxlllscnxgxaasxeeeeageimcelelbonxgxaasxeeeeageiclsmrbxbnxgxaasxclseageiclsmrbrcnxgxaasxclseageiclsmrboonxgxaasxclseageimrxrxsaenxegxaasoaebrmgxcceimrrcrrloncgxaasoaebrmgxcceimxlbmoobnogxaasoaebrmgxcceimxlbmosenogxaasoaebrmgxcceimrmlbocanxgxaasoambecgxcceimrmcxbconogxaasoambecgxcceimrmlbcbensgxaasoambecgxcceimrrascaonxgxaasomomlcgxcceimcssmlronsgxaasomomlcgxcceimxlbmosonogxaasomsmsmgxcceimrrascacnxgxaasomsmsmgxcceimrrascaenxgxaasomsmccgxcceimrrascmcnxgxaasomcoesgxcceimcssmlrensgxaasomcoesgxcceimrbxcrbonxgxaasombbbcgxcceimexexabbnxgxaasobesergxcceimcoaxmxoncgxaasobcelxgxcceimeembesonxgxaasobcelxgxcceimrsreaabnsgxaasolorssgxcceimrsreamansgxaasoloasegxcceimeroeesbnsgxaasolomxegxcceimeroeecenxgxaasolomxegxcceimroacsmanogxaasolsbmlgxcceimroacsbensgxaasolsbmlgxcceimrsreambnsgxaasolclblgxcceimrsreamonxgxaasolalslgxcceimrsreabensgxaasolalslgxcceixaoossalnxgxaasolmarxgxcceicloaxxacnxgxaasolmlelgxcceimeembescnxgxaasolmlelgxcceimxlbmoscnogxaasolmlelgxcceimrsreamcnsgxaasollaexgxcceimrrascmanxgxaasollmeagxcceimsacexoonxgxaasollmeagxcceimxlbmxbbnxgxaasollmeagxcceimxeoxsbenxgxaasollmeagxcceimxlbalsbnxgxaasollmeagxcceimocolroanxgxaasollmemgxcceimrbxcrmbnxgxaasseebssgxcceimrmxraocnogxaasseebssgxcceimrrcrrlensgxaasseebssgxcceimememsecnxgxaassexxcrgxcceimrracoranxgxaassexxcagxcceimrrasxmcnxgxaasseocregxcceimeembecenxgxaasseocregxcceimeembeconxgxaasseocregxcceimrracorcnxgxaassesrregxcceimrracorbnxgxaassesrrxgxcceimrrascmonxgxaassembosgxcceialbbebsbnxgxaassembosgxcceimramxoxenxgxaasselccmgxcceimcssmlrcnsgxaasselablgxcceimxcbrxccnxgxaasselablgxcceimxeoxsacnxgxaasselablgxcceimxxerrecnxgxaasselablgxcceialoxxalenogxaasselablgxcceialaroxrcnxgxaasselalegxcceimxcbrxlcnxgxaassxeacagxcceimxxerrxenxgxaassxeacagxcceialbbebsanxgxaassxeacagxcceimemlxbocnxgxaassxeacagxcceimxxerrebnxgxaassxeacagxcceialbbebrenxgxaassxeacagxcceimrracoaenxgxaassxeacmgxcceimcoaxmxcnsgxaassxsambgxcceimclsaoxbnsgxaassxsambgxcceimrmoxooonxgxaassxclxxgxcceiceecmorsnxgxaassocbcegxcceimxcbrxlonxgxaassommxagxcceimrrascabnxgxaassommxagxcceimrrasxbonxgxaassseobmgxcceimrmxraoanxgxaassseobmgxcceimrmxraoonxgxaassseobmgxcceimrrcrrbanxgxaassseobmgxcceimxlbmoconxgxaassseobmgxcceixaoosscrnxgxaassscsmsgxcceimrcscrsanxgxaassscsmsgxcceicmarxbbonxgxaassscsmsgxcceimrxccosanxgxaassscsmsgxcceimrsreamensgxaasssrrelgxcceimxxerreanxgxaasscslaegxcceimrmxraobnxgxaasscslaegcbeimxlbmosanxgxaasscslaegxcce; expires=Sat, 17 Sep 2022 15:59:20 GMT; path=/; domain=.realsrv.com; Secure; SameSite=none
c-tag=%7B%22tag-banner%22%3A%22v3%7C%7CNOR%7C4673694%7C71105506%7C0%7C%7C508%7C41%7C3%7C15%7C0%7C0%7C0%7C25344%7C0%7C0%7C0%7C1%7C0%7C0%7C0%7C0%7C1%7C0%7C0%7C1%7C%7Cdac09874d1ad80c1d7e8c170ae781d71%7C0%7Cxxxfree.watch%7C%7C%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7Cok%22%7D; expires=Sat, 17 Sep 2022 15:59:20 GMT; path=/; domain=.realsrv.com; Secure; SameSite=none
c-tag=%7B%22tag-banner%22%3A%22v3%7C%7CNOR%7C4673694%7C44789778%7C0%7C%7C508%7C41%7C3%7C15%7C0%7C0%7C0%7C25344%7C0%7C0%7C0%7C1%7C0%7C0%7C0%7C0%7C1%7C0%7C0%7C1%7C%7Cdac09874d1ad80c1d7e8c170ae781d71%7C0%7Cxxxfree.watch%7C%7C%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7Cok%22%7D; expires=Sat, 17 Sep 2022 15:59:20 GMT; path=/; domain=.realsrv.com; Secure; SameSite=none
c-tag=%7B%22tag-banner%22%3A%22v3%7C%7CNOR%7C4673694%7C75715628%7C0%7C%7C508%7C41%7C3%7C15%7C0%7C0%7C0%7C25344%7C0%7C0%7C0%7C1%7C0%7C0%7C0%7C0%7C1%7C0%7C0%7C1%7C%7Cdac09874d1ad80c1d7e8c170ae781d71%7C0%7Cxxxfree.watch%7C%7C%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7Cok%22%7D; expires=Sat, 17 Sep 2022 15:59:20 GMT; path=/; domain=.realsrv.com; Secure; SameSite=none
c-tag=%7B%22tag-banner%22%3A%22v3%7C%7CNOR%7C4673694%7C71987236%7C100644%7C%7C508%7C41%7C3%7C15%7C0%7C0%7C0%7C25344%7C0%7C0%7C0%7C1%7C0%7C0%7C0%7C0%7C1%7C0%7C0%7C1%7C%7Cdac09874d1ad80c1d7e8c170ae781d71%7C0%7Cxxxfree.watch%7C%7C%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7Cok%22%7D; expires=Sat, 17 Sep 2022 15:59:20 GMT; path=/; domain=.realsrv.com; Secure; SameSite=none
c-tag=%7B%22tag-banner%22%3A%22v3%7C%7CNOR%7C4673694%7C41873820%7C0%7C%7C508%7C41%7C3%7C15%7C0%7C0%7C0%7C25344%7C0%7C0%7C0%7C1%7C0%7C0%7C0%7C0%7C1%7C0%7C0%7C1%7C%7Cdac09874d1ad80c1d7e8c170ae781d71%7C0%7Cxxxfree.watch%7C%7C%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7Cok%22%7D; expires=Sat, 17 Sep 2022 15:59:20 GMT; path=/; domain=.realsrv.com; Secure; SameSite=none
c-tag=%7B%22tag-banner%22%3A%22v3%7C%7CNOR%7C4673694%7C23975195%7C0%7C%7C508%7C41%7C3%7C15%7C0%7C0%7C0%7C25344%7C0%7C0%7C0%7C1%7C0%7C0%7C0%7C0%7C1%7C0%7C0%7C1%7C%7Cdac09874d1ad80c1d7e8c170ae781d71%7C0%7Cxxxfree.watch%7C%7C%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7Cok%22%7D; expires=Sat, 17 Sep 2022 15:59:20 GMT; path=/; domain=.realsrv.com; Secure; SameSite=none
c-tag=%7B%22tag-banner%22%3A%22v3%7C%7CNOR%7C4673694%7C74492336%7C0%7C%7C508%7C41%7C3%7C15%7C0%7C0%7C0%7C25344%7C0%7C0%7C0%7C1%7C0%7C0%7C0%7C0%7C1%7C0%7C0%7C1%7C%7Cdac09874d1ad80c1d7e8c170ae781d71%7C0%7Cxxxfree.watch%7C%7C%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7Cok%22%7D; expires=Sat, 17 Sep 2022 15:59:20 GMT; path=/; domain=.realsrv.com; Secure; SameSite=none
c-tag=%7B%22tag-banner%22%3A%22v3%7C%7CNOR%7C4673694%7C74493138%7C0%7C%7C508%7C41%7C3%7C15%7C0%7C0%7C0%7C25344%7C0%7C0%7C0%7C1%7C0%7C0%7C0%7C0%7C1%7C0%7C0%7C1%7C%7Cdac09874d1ad80c1d7e8c170ae781d71%7C0%7Cxxxfree.watch%7C%7C%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7Cok%22%7D; expires=Sat, 17 Sep 2022 15:59:20 GMT; path=/; domain=.realsrv.com; Secure; SameSite=none
X-Robots-Tag: noindex, follow
Content-Encoding: gzip
e1.o.lencr.org/
23.36.77.32200 OK 345 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 48a15862a82bbcf019bd8f5b19f4f01e
ca78c3bdf5112c971201d26938f91ec6aa3f0f99
c34ebb8d47e39c773e4a7b9317d548b04731d6d13a3b3fa80265ea3c265ba05e
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "C34EBB8D47E39C773E4A7B9317D548B04731D6D13A3B3FA80265EA3C265BA05E"
Last-Modified: Fri, 16 Sep 2022 04:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3165
Expires: Fri, 16 Sep 2022 16:52:05 GMT
Date: Fri, 16 Sep 2022 15:59:20 GMT
Connection: keep-alive
syndication.realsrv.com/splash.php?native-settings=1&idzone=4673694&cookieconsent=true&p=https%3A%2F%2Fxxxfree.watch%2Fveronica-leal-wet-and-horny%2F
95.211.229.247200 OK 6.8 kB URL HTTP/1.1 syndication.realsrv.com/splash.php?native-settings=1&idzone=4673694&cookieconsent=true&p=https%3A%2F%2Fxxxfree.watch%2Fveronica-leal-wet-and-horny%2F
IP 95.211.229.247:0
ASN #60781 LeaseWeb Netherlands B.V.
File type JSON data\012- , ASCII text, with very long lines (13231), with no line terminators
Hash 44f60092b1d0e66c003777a3e2243aee
a45a969a3478e66048a045696c82cf1bd7a35f77
8fc5e726d017f2b90591f0fe3ba0eefa7560b46434d144caeb7956802c9f617f
GET /splash.php?native-settings=1&idzone=4673694&cookieconsent=true&p=https%3A%2F%2Fxxxfree.watch%2Fveronica-leal-wet-and-horny%2F HTTP/1.1
Host: syndication.realsrv.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://xxxfree.watch
Connection: keep-alive
Referer: https://xxxfree.watch/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 16 Sep 2022 15:59:20 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Origin: https://xxxfree.watch
Access-Control-Allow-Credentials: true
Set-Cookie: __uvt=a%3A1%3A%7Bi%3A0%3Bs%3A33%3A%2263249d589e07b3.171422852176376877%22%3B%7D; expires=Sun, 15 Sep 2024 15:59:20 GMT; path=; domain=.realsrv.com; Secure; SameSite=none
impressions=mxmssbsanxgxaraaxosbageicxbmsboenxgxaasscslaegeialeblerenxgxarmeomobrgeimxmbasacnxgxaraaoasaageicxbmsbcenxgxaasselablgeialeblecenxgxaralsbsaxgeimxmbasmbnxgxaraaolroageioslmrxbrnxgxaasscslaegeicxbmsbocnxgxaassommxageimsclxcabnxgxaramcssbcgeicxbmsbxcnxgxaasscslaegeialbserxenxgxaasxeeeeageioslmrxlrnxgxaasscslaegeimscamxrbnxgxaramxrbclgeimsclxreenxgxaramcssbcgeimxmssbrenxgxaramcsmccgeicraxcrebnxgxarmcrsxcxgeislsarosxnxgxaaolmooxmgeicmexsleonxgxarabcxolegeioslmrxbmnxgxaasxeeeeageirsxcecsenxgxarabbcraxgeialbserebnxgxaasoxaxrbgeioslmroemnxgxaasxereregeicmexsblcnxgxarmrcmolageiaaoboxbonxgxaralmcosrgeiamxmbxbonxgxaralsbsolgeimscamxccnxgxaralsbsaxgeiaaoabboonxgxarmeomobrgeislsaroornxgxaaobbmllageimooxbxeanxgxarmescrbbgeirsxcecsbnxgxarmelblebgeicmexslxcnxgxarmcbccrbgeicraxcrocnxgxarmsoerxxgeicraxcclanxgxarmxmcmmcgeicmexslecnxgxarmsembabgeicraxcreanxgxarmaarabageirsxcecccnxgxarmoocmexgeicraxcrxanxgxarmarlrxmgeialbserxonxgxaaoobreargeimcelelronxgxarbsrmlaageirsxcecxanxgxarbccmbcsgeirbabxabbnxgxaaoleroccgeicmeecrxcnxgxarmbexrmogeicmeecclonxgxarmorasemgeialbsereanxgxaaxsosbblgeicmexslxonxgxarmcxcaregeicaxsscmbnxgxaasxeeeeageicmeexcaenxgxarmcxsxcageimcelelrcnxgxaasxeeeeageimcelelcenxgxarmcxsxcageimcoexclonxgxarmcxsxcageialbserecnxgxaaocxaaalgeicmeeccbcnxgxarmcarxemgeicmexsblenxgxarmarlrxmgeimcoexaabnxgxaaeosmmecgeimcoexasbnxgxaaeosmmecgeicmeecrecnxgxarmrxsamageicraxcroonxgxarmrasloageicmexrxxonxgxarmaarabageimcoexaxonxgxarbblarblgeicaormbbenxgxarlexsrrageimcebllronxgxarmarlrxmgeirbabxalenxgxarmabbsmmgeicraxcroenxgxarmbexrmogeirsxcecsonxgxarmbrrcsegeimcoexxlonxgxarbsasblxgeimcoexasanxgxaaoecxelogeiroeaablbnxgxarlrlxmeegeimcoexarenxgxarlcbxlxageimcoexabbnxgxarbxeocasgeimcoexrlonxgxarbblarblgeimooxbelbnxgxarbexxealgeirsxcecebnxgxarbsasblxgeimcoexrlcnxgxarlcbxlxageimcoexaaanxgxarlcbxlxageirsxcecxenxgxarbxxxolxgeiraaoxbbcnxgxarbellsrxgeimcelelcanxgxaaxarbxxegeioslmrxlsnxgxaasoxbeaegeicaormbmanxgxaaxxlcxbmgeicaormlxcnxgxarbobbbbmgeicaormbbanxgxaaeoxexsxgeicaormlxanxgxaaoaaxmbcgeimcelelranxgxarbsrmlaageimcersrocnxgxarbsasblxgeimcoexaxcnxgxarbcslxbcgeisaeeasslnxgxaaoomsarogeimcersxbenxgxaaxacacesgeimcersxacnxgxarbroammrgeicaormloenxgxaaeoxexsxgeimcersoeenxgxarbroammrgeimcelelaanxgxaasxeeeeageimcelelbenxgxarbrboxregeimcoexaxbnxgxaaoecxelogeimcoexamenxgxarbblarblgeimcoexabanxgxarbblarblgeimcoexacanxgxarbblarblgeimcoexaoonxgxarblslrsxgeimcclsxbcnxgxaaeosmmecgeimcclsoeonxgxaaoblaceageicaormleanxgxaaxxemrecgeimcclsebcnxgxarlexorssgeimcclsxmenxgxaaeoaolesgeimcclossbnxgxaasxeeeeageimcclsxlenxgxaasxeeeeageimcclsxsonxgxaaexxllbrgeimcclsxxcnxgxaaosrmroegeimcclsxlanxgxaaemmeambgeimcclsxscnxgxaasescsrmgeicaormbmbnxgxaaemaolsbgeimcclselcnxgxarleomllegeimccloscenxgxaaorormsbgeimcclsxaanxgxarlesreebgeimcclselanxgxaaebsleobgeimcclsebbnxgxarlcbxlxageicaormbmcnxgxarloeaexageicaormlxonxgxarlmbxoosgeiclsmrrrenxgxarloalasrgeiclsmarcanxgxarloalasrgeiclsmrbronxgxarloalasrgeimcclsxronxgxaasescsrmgeimcclsxmanxgxaaexxsoasgeimcclossanxgxaasscslaegeimcclsxaonxgxaasoxbeaegeimcoexasonxgxarlcbxlxageimcclsxabnxgxarlreooaageimcclosscnxgxaaoxbsallgeimcclsxlbnxgxaaomexxrcgeimcclsxbbnxgxarlalasssgeicaormbbonxgxaaeoxexsxgeimcclsxcanxgxaaxxcmeaegeimcclsxmbnxgxaaeebrxsegeimcclsxxonxgxaaxobsolageimcclsxsbnxgxaasscslaegeimcclsxcbnxgxaaexxllbrgeimcclsxmonxgxaaexoembogeimcclsxconxgxaaomcaobegeimcclselenxgxaaesmsscageimcclsxmcnxgxaaeosmmecgeimcoexacbnxgxaaoecxelogeimcclsxbanxgxaaeoaolesgeimcclsebanxgxaaesobbblgeimcclsxxanxgxaaesalmmsgeimcclsxacnxgxaaxlcabocgeimcoexcccnxgxaaecebcslgeimcclsxocnxgxaaesmsscageimcclsxbenxgxaaesalmlageimcclsxsenxgxaaeassbmlgeimcclsxrenxgxaaesmsscageimcclosccnxgxaaobxmbecgeimcclsxobnxgxaaorocbaogeimcelelsanxgxaaecebcslgeimcelelmanxgxaaecebcslgeimcclsxlonxgxaaoxbsallgeimcclsxlcnxgxaasscslaegeimcclosconxgxaasoxbeaegeimrerbboanxgxaaemsosmogeicaormlxenxgxaaoamecaegeicaormbbcnxgxaaoamecaegeimrscomecnxgxaaxeeaxaegeimcclsxsanxgxaaosrmxxbgeimcrxsbobnxgxaaosxbcmogeimcoexsacnxgxaaxxcmeaegeimrscomeenxgxaaxsbxmrcgeimrcrbrxenxgxaaxrxelsbgeimcersxlbnxgxaaxacacesgeimcelelrenxgxaaxarbxxegeimrerbbsbnxgxaaoxasxrcgeimrerbbccnxgxaaoeemarogeimrerbmlenxgxaaxlocooageimccloscanxgxaaomcaobegeimrerbmlanxgxaaoeemarogeiclsmrbocnxgxaaooxbxsrgeiclsmrrccnxgxaaooxbxsrgeiclsmrmocnxgxaaooxbxsrgeiccmblmmonxgxaaseclebbgeiccmblmmbnxgxaasscslaegeiccmblmmanxgxaaseabxoageimcoexaebnxgxaaosrmxxbgeimcclsxoanxgxaaosrmroegeircsxcxscnxgxaasebaeebgeiccmblmmcnxgxaasoxaxrbgeimreaobscnxgxaaoroaslegeimreaobeanxgxaaoroaslegeimreaoboonxgxaaoroaslegeimrerbbxenxgxaaoaxomcxgeimcclsoeenxgxaasescsrmgeimcxlllscnxgxaasxeeeeageimcelelbonxgxaasxeeeeageiclsmrbxbnxgxaasxclseageiclsmrbrcnxgxaasxclseageiclsmrboonxgxaasxclseageimrxrxsaenxegxaasoaebrmgxcceimrrcrrloncgxaasoaebrmgxcceimxlbmoobnogxaasoaebrmgxcceimxlbmosenogxaasoaebrmgxcceimrmlbocanxgxaasoambecgxcceimrmcxbconogxaasoambecgxcceimrmlbcbensgxaasoambecgxcceimrrascaonxgxaasomomlcgxcceimcssmlronsgxaasomomlcgxcceimxlbmosonogxaasomsmsmgxcceimrrascacnxgxaasomsmsmgxcceimrrascaenxgxaasomsmccgxcceimrrascmcnxgxaasomcoesgxcceimcssmlrensgxaasomcoesgxcceimrbxcrbonxgxaasombbbcgxcceimexexabbnxgxaasobesergxcceimcoaxmxoncgxaasobcelxgxcceimeembesonxgxaasobcelxgxcceimrsreaabnsgxaasolorssgxcceimrsreamansgxaasoloasegxcceimeroeesbnsgxaasolomxegxcceimeroeecenxgxaasolomxegxcceimroacsmanogxaasolsbmlgxcceimroacsbensgxaasolsbmlgxcceimrsreambnsgxaasolclblgxcceimrsreamonxgxaasolalslgxcceimrsreabensgxaasolalslgxcceixaoossalnxgxaasolmarxgxcceicloaxxacnxgxaasolmlelgxcceimeembescnxgxaasolmlelgxcceimxlbmoscnogxaasolmlelgxcceimrsreamcnsgxaasollaexgxcceimrrascmanxgxaasollmeagxcceimsacexoonxgxaasollmeagxcceimxlbmxbbnxgxaasollmeagxcceimxeoxsbenogxaasollmeagxcceimxlbalsbnxgxaasollmeagxcceimocolroanxgxaasollmemgxcceimrbxcrmbnxgxaasseebssgxcceimrmxraocnogxaasseebssgxcceimrrcrrlencgxaasseebssgxcceimememsecnxgxaassexxcrgxcceimrracoranxgxaassexxcagxcceimrrasxmcnxgxaasseocregxcceimeembecenxgxaasseocregxcceimeembeconxgxaasseocregxcceimrracorcnxgxaassesrregxcceimrracorbnxgxaassesrrxgxcceimrrascmonxgxaassembosgxcceialbbebsbnxgxaassembosgxcceimramxoxenxgxaasselccmgxcceimcssmlrcnsgxaasselablgxcceimxcbrxccnxgxaasselablgxcceimxeoxsacnxgxaasselablgxcceimxxerrecnxgxaasselablgxcceialoxxalenogxaasselablgxcceialaroxrcnxgxaasselalegxcceimxcbrxlcnxgxaassxeacagxcceimxxerrxenxgxaassxeacagxcceialbbebsanxgxaassxeacagxcceimemlxbocnxgxaassxeacagxcceimxxerrebnxgxaassxeacagxcceialbbebrenxgxaassxeacagxcceimrracoaenxgxaassxeacmgxcceimcoaxmxcnsgxaassxsambgxcceimclsaoxbnsgxaassxsambgxcceimrmoxooonxgxaassxclxxgxcceiceecmorsnxgxaassocbcegxcceimxcbrxlonxgxaassommxagxcceimrrascabnxgxaassommxagxcceimrrasxbonxgxaassseobmgxcceimrmxraoanxgxaassseobmgxcceimrmxraoonxgxaassseobmgxcceimrrcrrbanxgxaassseobmgxcceimxlbmoconxgxaassseobmgxcceixaoosscrnxgxaassscsmsgxcceimrcscrsanxgxaassscsmsgxcceicmarxbbonxgxaassscsmsgxcceimrxccosanxgxaassscsmsgxcceimrsreamensgxaasssrrelgxcceimxxerreanxgxaasscslaegxcceimrmxraobnxgxaasscslaegcbeimxlbmosanogxaasscslaegxcce; expires=Sat, 17 Sep 2022 15:59:20 GMT; path=/; domain=.realsrv.com; Secure; SameSite=none
c-tag=%7B%22tag-banner%22%3A%22v3%7C%7CNOR%7C4673694%7C44789778%7C0%7C%7C508%7C41%7C3%7C15%7C0%7C0%7C0%7C25344%7C0%7C0%7C0%7C1%7C0%7C0%7C0%7C0%7C1%7C0%7C0%7C1%7C%7Cdac09874d1ad80c1d7e8c170ae781d71%7C0%7Cxxxfree.watch%7C%7C%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7Cok%22%7D; expires=Sat, 17 Sep 2022 15:59:20 GMT; path=/; domain=.realsrv.com; Secure; SameSite=none
c-tag=%7B%22tag-banner%22%3A%22v3%7C%7CNOR%7C4673694%7C71021380%7C110382%7C%7C508%7C41%7C3%7C15%7C0%7C0%7C0%7C25344%7C0%7C0%7C0%7C1%7C0%7C0%7C0%7C0%7C1%7C0%7C0%7C1%7C%7Cdac09874d1ad80c1d7e8c170ae781d71%7C0%7Cxxxfree.watch%7C%7C%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7Cok%22%7D; expires=Sat, 17 Sep 2022 15:59:20 GMT; path=/; domain=.realsrv.com; Secure; SameSite=none
c-tag=%7B%22tag-banner%22%3A%22v3%7C%7CNOR%7C4673694%7C75545590%7C0%7C%7C508%7C41%7C3%7C15%7C0%7C0%7C0%7C25344%7C0%7C0%7C0%7C1%7C0%7C0%7C0%7C0%7C1%7C0%7C0%7C1%7C%7Cdac09874d1ad80c1d7e8c170ae781d71%7C0%7Cxxxfree.watch%7C%7C%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7Cok%22%7D; expires=Sat, 17 Sep 2022 15:59:20 GMT; path=/; domain=.realsrv.com; Secure; SameSite=none
c-tag=%7B%22tag-banner%22%3A%22v3%7C%7CNOR%7C4673694%7C71987236%7C100644%7C%7C508%7C41%7C3%7C15%7C0%7C0%7C0%7C25344%7C0%7C0%7C0%7C1%7C0%7C0%7C0%7C0%7C1%7C0%7C0%7C1%7C%7Cdac09874d1ad80c1d7e8c170ae781d71%7C0%7Cxxxfree.watch%7C%7C%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7Cok%22%7D; expires=Sat, 17 Sep 2022 15:59:20 GMT; path=/; domain=.realsrv.com; Secure; SameSite=none
c-tag=%7B%22tag-banner%22%3A%22v3%7C%7CNOR%7C4673694%7C41873814%7C0%7C%7C508%7C41%7C3%7C15%7C0%7C0%7C0%7C25344%7C0%7C0%7C0%7C1%7C0%7C0%7C0%7C0%7C1%7C0%7C0%7C1%7C%7Cdac09874d1ad80c1d7e8c170ae781d71%7C0%7Cxxxfree.watch%7C%7C%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7Cok%22%7D; expires=Sat, 17 Sep 2022 15:59:20 GMT; path=/; domain=.realsrv.com; Secure; SameSite=none
c-tag=%7B%22tag-banner%22%3A%22v3%7C%7CNOR%7C4673694%7C23975185%7C0%7C%7C508%7C41%7C3%7C15%7C0%7C0%7C0%7C25344%7C0%7C0%7C0%7C1%7C0%7C0%7C0%7C0%7C1%7C0%7C0%7C1%7C%7Cdac09874d1ad80c1d7e8c170ae781d71%7C0%7Cxxxfree.watch%7C%7C%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7Cok%22%7D; expires=Sat, 17 Sep 2022 15:59:20 GMT; path=/; domain=.realsrv.com; Secure; SameSite=none
c-tag=%7B%22tag-banner%22%3A%22v3%7C%7CNOR%7C4673694%7C74492336%7C0%7C%7C508%7C41%7C3%7C15%7C0%7C0%7C0%7C25344%7C0%7C0%7C0%7C1%7C0%7C0%7C0%7C0%7C1%7C0%7C0%7C1%7C%7Cdac09874d1ad80c1d7e8c170ae781d71%7C0%7Cxxxfree.watch%7C%7C%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7Cok%22%7D; expires=Sat, 17 Sep 2022 15:59:20 GMT; path=/; domain=.realsrv.com; Secure; SameSite=none
c-tag=%7B%22tag-banner%22%3A%22v3%7C%7CNOR%7C4673694%7C74493194%7C0%7C%7C508%7C41%7C3%7C15%7C0%7C0%7C0%7C25344%7C0%7C0%7C0%7C1%7C0%7C0%7C0%7C0%7C1%7C0%7C0%7C1%7C%7Cdac09874d1ad80c1d7e8c170ae781d71%7C0%7Cxxxfree.watch%7C%7C%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7Cok%22%7D; expires=Sat, 17 Sep 2022 15:59:20 GMT; path=/; domain=.realsrv.com; Secure; SameSite=none
X-Robots-Tag: noindex, follow
Content-Encoding: gzip
syndication.realsrv.com/v1/api.php
95.211.229.247200 OK 2.6 kB URL HTTP/1.1 syndication.realsrv.com/v1/api.php
IP 95.211.229.247:0
ASN #60781 LeaseWeb Netherlands B.V.
File type JSON data\012- , ASCII text, with very long lines (5999), with no line terminators
Hash 7190dbae967cfad8823e13e55d4b4646
c90914db7a166ba33b4f6317e68bff59836de4f9
5c85b1fedea743df8a77f9460e16c67a92458234b2ec61e4316fd17345af0f64
POST /v1/api.php HTTP/1.1
Host: syndication.realsrv.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 278
Origin: https://a.realsrv.com
Connection: keep-alive
Referer: https://a.realsrv.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 16 Sep 2022 15:59:20 GMT
Content-Type: application/json
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Origin: https://a.realsrv.com
Access-Control-Allow-Headers: Authorization, Content-Type
Access-Control-Request-Method: POST
Access-Control-Allow-Credentials: true
X-Robots-Tag: noindex, follow
Content-Encoding: gzip
syndication.realsrv.com/splash.php?native-settings=1&idzone=4713906&cookieconsent=true&p=https%3A%2F%2Fxxxfree.watch%2Fveronica-leal-wet-and-horny%2F
95.211.229.247200 OK 4.1 kB URL HTTP/1.1 syndication.realsrv.com/splash.php?native-settings=1&idzone=4713906&cookieconsent=true&p=https%3A%2F%2Fxxxfree.watch%2Fveronica-leal-wet-and-horny%2F
IP 95.211.229.247:0
ASN #60781 LeaseWeb Netherlands B.V.
File type JSON data\012- , ASCII text, with very long lines (7759), with no line terminators
Hash dfe0b21f4c6864acc6be5ed10469a337
b24aa0b1ac9a61ec6ee60b022d73c8bce030d503
1bc760af9157d9e0ff7cc0ef0038cef34e3f1baafde95db9cda034c88b80782b
GET /splash.php?native-settings=1&idzone=4713906&cookieconsent=true&p=https%3A%2F%2Fxxxfree.watch%2Fveronica-leal-wet-and-horny%2F HTTP/1.1
Host: syndication.realsrv.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://xxxfree.watch
Connection: keep-alive
Referer: https://xxxfree.watch/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 16 Sep 2022 15:59:20 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Origin: https://xxxfree.watch
Access-Control-Allow-Credentials: true
Set-Cookie: __uvt=a%3A1%3A%7Bi%3A0%3Bs%3A33%3A%2263249d58b40811.021823492722942363%22%3B%7D; expires=Sun, 15 Sep 2024 15:59:20 GMT; path=; domain=.realsrv.com; Secure; SameSite=none
impressions=mxmssbsanxgxaraaxosbageicxbmsboenxgxaasscslaegeialeblerenxgxarmeomobrgeimxmbasacnxgxaraaoasaageicxbmsbcenxgxaasselablgeialeblecenxgxaralsbsaxgeimxmbasmbnxgxaraaolroageioslmrxbrnxgxaasscslaegeicxbmsbocnxgxaasscslaegeimsclxcabnxgxaramcssbcgeicxbmsbxcnxgxaasscslaegeialbserxenxgxaasxeeeeageioslmrxlrnxgxaasscslaegeimscamxrbnxgxaramxrbclgeimsclxreenxgxaramcssbcgeimxmssbrenxgxaramcsmccgeicraxcrebnxgxarmcrsxcxgeislsarosxnxgxaaolmooxmgeicmexsleonxgxarabcxolegeioslmrxbmnxgxaasxeeeeageirsxcecsenxgxarabbcraxgeialbserebnxgxaasoxaxrbgeioslmroemnxgxaasxereregeicmexsblcnxgxarmrcmolageiaaoboxbonxgxaralmcosrgeiamxmbxbonxgxaralsbsolgeimscamxccnxgxaralsbsaxgeiaaoabboonxgxarmeomobrgeislsaroornxgxaaobbmllageimooxbxeanxgxarmescrbbgeirsxcecsbnxgxarmelblebgeicmexslxcnxgxarmcbccrbgeicraxcrocnxgxarmsoerxxgeicraxcclanxgxarmxmcmmcgeicmexslecnxgxarmsembabgeicraxcreanxgxarmaarabageirsxcecccnxgxarmoocmexgeicraxcrxanxgxarmarlrxmgeialbserxonxgxaaoobreargeimcelelronxgxarbsrmlaageirsxcecxanxgxarbccmbcsgeirbabxabbnxgxaaoleroccgeicmeecrxcnxgxarmbexrmogeicmeecclonxgxarmorasemgeialbsereanxgxaaxsosbblgeicmexslxonxgxarmcxcaregeicaxsscmbnxgxaasxeeeeageicmeexcaenxgxarmcxsxcageimcelelrcnxgxaasxeeeeageimcelelcenxgxarmcxsxcageimcoexclonxgxarmcxsxcageialbserecnxgxaaocxaaalgeicmeeccbcnxgxarmcarxemgeicmexsblenxgxarmarlrxmgeimcoexaabnxgxaaeosmmecgeimcoexasbnxgxaaeosmmecgeicmeecrecnxgxarmrxsamageicraxcroonxgxarmrasloageicmexrxxonxgxarmaarabageimcoexaxonxgxarbblarblgeicaormbbenxgxarlexsrrageimcebllronxgxarmarlrxmgeirbabxalenxgxarmabbsmmgeicraxcroenxgxarmbexrmogeirsxcecsonxgxarmbrrcsegeimcoexxlonxgxarbsasblxgeimcoexasanxgxaaoecxelogeiroeaablbnxgxarlrlxmeegeimcoexarenxgxarlcbxlxageimcoexabbnxgxarbxeocasgeimcoexrlonxgxarbblarblgeimooxbelbnxgxarbexxealgeirsxcecebnxgxarbsasblxgeimcoexrlcnxgxarlcbxlxageimcoexaaanxgxarlcbxlxageirsxcecxenxgxarbxxxolxgeiraaoxbbcnxgxarbellsrxgeimcelelcanxgxaaxarbxxegeioslmrxlsnxgxaasoxbeaegeicaormbmanxgxaaxxlcxbmgeicaormlxcnxgxarbobbbbmgeicaormbbanxgxaaeoxexsxgeicaormlxanxgxaaoaaxmbcgeimcelelranxgxarbsrmlaageimcersrocnxgxarbsasblxgeimcoexaxcnxgxarbcslxbcgeisaeeasslnxgxaaoomsarogeimcersxbenxgxaaxacacesgeimcersxacnxgxarbroammrgeicaormloenxgxaaeoxexsxgeimcersoeenxgxarbroammrgeimcelelaanxgxaasxeeeeageimcelelbenxgxarbrboxregeimcoexaxbnxgxaaoecxelogeimcoexamenxgxarbblarblgeimcoexabanxgxarbblarblgeimcoexacanxgxarbblarblgeimcoexaoonxgxarblslrsxgeimcclsxbcnxgxaaeosmmecgeimcclsoeonxgxaaoblaceageicaormleanxgxaaxxemrecgeimcclsebcnxgxarlexorssgeimcclsxmenxgxaaeoaolesgeimcclossbnxgxaasxeeeeageimcclsxlenxgxaasxeeeeageimcclsxsonxgxaaexxllbrgeimcclsxxcnxgxaaosrmroegeimcclsxlanxgxaaemmeambgeimcclsxscnxgxaasescsrmgeicaormbmbnxgxaaemaolsbgeimcclselcnxgxarleomllegeimccloscenxgxaaorormsbgeimcclsxaanxgxarlesreebgeimcclselanxgxaaebsleobgeimcclsebbnxgxarlcbxlxageicaormbmcnxgxarloeaexageicaormlxonxgxarlmbxoosgeiclsmrrrenxgxarloalasrgeiclsmarcanxgxarloalasrgeiclsmrbronxgxarloalasrgeimcclsxronxgxaasescsrmgeimcclsxmanxgxaaexxsoasgeimcclossanxgxaasscslaegeimcclsxaonxgxaasoxbeaegeimcoexasonxgxarlcbxlxageimcclsxabnxgxarlreooaageimcclosscnxgxaaoxbsallgeimcclsxlbnxgxaaomexxrcgeimcclsxbbnxgxarlalasssgeicaormbbonxgxaaeoxexsxgeimcclsxcanxgxaaxxcmeaegeimcclsxmbnxgxaaeebrxsegeimcclsxxonxgxaaxobsolageimcclsxsbnxgxaasscslaegeimcclsxcbnxgxaaexxllbrgeimcclsxmonxgxaaexoembogeimcclsxconxgxaaomcaobegeimcclselenxgxaaesmsscageimcclsxmcnxgxaaeosmmecgeimcoexacbnxgxaaoecxelogeimcclsxbanxgxaaeoaolesgeimcclsebanxgxaaesobbblgeimcclsxxanxgxaaesalmmsgeimcclsxacnxgxaaxlcabocgeimcoexcccnxgxaaecebcslgeimcclsxocnxgxaaesmsscageimcclsxbenxgxaaesalmlageimcclsxsenxgxaaeassbmlgeimcclsxrenxgxaaesmsscageimcclosccnxgxaaobxmbecgeimcclsxobnxgxaaorocbaogeimcelelsanxgxaaecebcslgeimcelelmanxgxaaecebcslgeimcclsxlonxgxaaoxbsallgeimcclsxlcnxgxaasscslaegeimcclosconxgxaasoxbeaegeimrerbboanxgxaaemsosmogeicaormlxenxgxaaoamecaegeicaormbbcnxgxaaoamecaegeimrscomecnxgxaaxeeaxaegeimcclsxsanxgxaaosrmxxbgeimcrxsbobnxgxaaosxbcmogeimcoexsacnxgxaaxxcmeaegeimrscomeenxgxaaxsbxmrcgeimrcrbrxenxgxaaxrxelsbgeimcersxlbnxgxaaxacacesgeimcelelrenxgxaaxarbxxegeimrerbbsbnxgxaaoxasxrcgeimrerbbccnxgxaaoeemarogeimrerbmlenxgxaaxlocooageimccloscanxgxaaomcaobegeimrerbmlanxgxaaoeemarogeiclsmrbocnxgxaaooxbxsrgeiclsmrrccnxgxaaooxbxsrgeiclsmrmocnxgxaaooxbxsrgeiccmblmmonxgxaaseclebbgeiccmblmmbnxgxaasscslaegeiccmblmmanxgxaaseabxoageimcoexaebnxgxaaosrmxxbgeimcclsxoanxgxaaosrmroegeircsxcxscnxgxaasebaeebgeiccmblmmcnxgxaasoxaxrbgeimreaobscnxgxaaoroaslegeimreaobeanxgxaaoroaslegeimreaoboonxgxaaoroaslegeimrerbbxenxgxaaoaxomcxgeimcclsoeenxgxaasescsrmgeimcxlllscnxgxaasxeeeeageimcelelbonxgxaasxeeeeageiclsmrbxbnxgxaasxclseageiclsmrbrcnxgxaasxclseageiclsmrboonxgxaasxclseageimrxrxsaenxegxaasoaebrmgxcceimrrcrrloncgxaasoaebrmgxcceimxlbmoobnogxaasoaebrmgxcceimxlbmosenogxaasoaebrmgxcceimrmlbocanxgxaasoambecgxcceimrmcxbconogxaasoambecgxcceimrmlbcbensgxaasoambecgxcceimrrascaonxgxaasomomlcgxcceimcssmlronsgxaasomomlcgxcceimxlbmosonogxaasomsmsmgxcceimrrascacnxgxaasomsmsmgxcceimrrascaenxgxaasomsmccgxcceimrrascmcnxgxaasomcoesgxcceimcssmlrensgxaasomcoesgxcceimrbxcrbonxgxaasombbbcgxcceimexexabbnxgxaasobesergxcceimcoaxmxoncgxaasobcelxgxcceimeembesonxgxaasobcelxgxcceimrsreaabnsgxaasolorssgxcceimrsreamansgxaasoloasegxcceimeroeesbnsgxaasolomxegxcceimeroeecenxgxaasolomxegxcceimroacsmanogxaasolsbmlgxcceimroacsbensgxaasolsbmlgxcceimrsreambnsgxaasolclblgxcceimrsreamonxgxaasolalslgxcceimrsreabensgxaasolalslgxcceixaoossalnxgxaasolmarxgxcceicloaxxacnxgxaasolmlelgxcceimeembescnxgxaasolmlelgxcceimxlbmoscnogxaasolmlelgxcceimrsreamcnsgxaasollaexgxcceimrrascmanxgxaasollmeagxcceimsacexoonxgxaasollmeagxcceimxlbmxbbnxgxaasollmeagxcceimxeoxsbensgxaasollmeagxcceimxlbalsbnxgxaasollmeagxcceimocolroanxgxaasollmemgxcceimrbxcrmbnxgxaasseebssgxcceimrmxraocnogxaasseebssgxcceimrrcrrlenrgxaasseebssgxcceimememsecnxgxaassexxcrgxcceimrracoranxgxaassexxcagxcceimrrasxmcnxgxaasseocregxcceimeembecenxgxaasseocregxcceimeembeconxgxaasseocregxcceimrracorcnxgxaassesrregxcceimrracorbnxgxaassesrrxgxcceimrrascmonxgxaassembosgxcceialbbebsbnxgxaassembosgxcceimramxoxenxgxaasselccmgxcceimcssmlrcnsgxaasselablgxcceimxcbrxccnxgxaasselablgxcceimxeoxsacnxgxaasselablgxcceimxxerrecnxgxaasselablgxcceialoxxalenogxaasselablgxcceialaroxrcnxgxaasselalegxcceimxcbrxlcnxgxaassxeacagxcceimxxerrxenxgxaassxeacagxcceialbbebsanxgxaassxeacagxcceimemlxbocnxgxaassxeacagxcceimxxerrebnxgxaassxeacagxcceialbbebrenxgxaassxeacagxcceimrracoaenxgxaassxeacmgxcceimcoaxmxcnsgxaassxsambgxcceimclsaoxbnsgxaassxsambgxcceimrmoxooonxgxaassxclxxgxcceiceecmorsnxgxaassocbcegxcceimxcbrxlonxgxaassommxagxcceimrrascabnxgxaassommxagxcceimrrasxbonxgxaassseobmgxcceimrmxraoanxgxaassseobmgxcceimrmxraoonxgxaassseobmgxcceimrrcrrbanxgxaassseobmgxcceimxlbmoconogxaassseobmgxcceixaoosscrnxgxaassscsmsgxcceimrcscrsanxgxaassscsmsgxcceicmarxbbonxgxaassscsmsgxcceimrxccosanxgxaassscsmsgxcceimrsreamensgxaasssrrelgxcceimxxerreanxgxaasscslaegxcceimrmxraobnxgxaasscslaegcbeimxlbmosanogxaasscslaegxcce; expires=Sat, 17 Sep 2022 15:59:20 GMT; path=/; domain=.realsrv.com; Secure; SameSite=none
c-tag=%7B%22tag-banner%22%3A%22v3%7C%7CNOR%7C4713906%7C41873824%7C0%7C%7C508%7C41%7C3%7C15%7C0%7C0%7C0%7C25344%7C0%7C0%7C0%7C1%7C0%7C0%7C0%7C0%7C1%7C0%7C0%7C1%7C%7Cdac09874d1ad80c1d7e8c170ae781d71%7C0%7Cxxxfree.watch%7C%7C%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7Cok%22%7D; expires=Sat, 17 Sep 2022 15:59:20 GMT; path=/; domain=.realsrv.com; Secure; SameSite=none
c-tag=%7B%22tag-banner%22%3A%22v3%7C%7CNOR%7C4713906%7C71987242%7C100644%7C%7C508%7C41%7C3%7C15%7C0%7C0%7C0%7C25344%7C0%7C0%7C0%7C1%7C0%7C0%7C0%7C0%7C1%7C0%7C0%7C1%7C%7Cdac09874d1ad80c1d7e8c170ae781d71%7C0%7Cxxxfree.watch%7C%7C%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7Cok%22%7D; expires=Sat, 17 Sep 2022 15:59:20 GMT; path=/; domain=.realsrv.com; Secure; SameSite=none
c-tag=%7B%22tag-banner%22%3A%22v3%7C%7CNOR%7C4713906%7C75545590%7C0%7C%7C508%7C41%7C3%7C15%7C0%7C0%7C0%7C25344%7C0%7C0%7C0%7C1%7C0%7C0%7C0%7C0%7C1%7C0%7C0%7C1%7C%7Cdac09874d1ad80c1d7e8c170ae781d71%7C0%7Cxxxfree.watch%7C%7C%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7Cok%22%7D; expires=Sat, 17 Sep 2022 15:59:20 GMT; path=/; domain=.realsrv.com; Secure; SameSite=none
c-tag=%7B%22tag-banner%22%3A%22v3%7C%7CNOR%7C4713906%7C71021380%7C110382%7C%7C508%7C41%7C3%7C15%7C0%7C0%7C0%7C25344%7C0%7C0%7C0%7C1%7C0%7C0%7C0%7C0%7C1%7C0%7C0%7C1%7C%7Cdac09874d1ad80c1d7e8c170ae781d71%7C0%7Cxxxfree.watch%7C%7C%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7Cok%22%7D; expires=Sat, 17 Sep 2022 15:59:20 GMT; path=/; domain=.realsrv.com; Secure; SameSite=none
X-Robots-Tag: noindex, follow
Content-Encoding: gzip
syndication.realsrv.com/v1/api.php
95.211.229.247200 OK 2.6 kB URL HTTP/1.1 syndication.realsrv.com/v1/api.php
IP 95.211.229.247:0
ASN #60781 LeaseWeb Netherlands B.V.
File type JSON data\012- , ASCII text, with very long lines (5991), with no line terminators
Hash a464fcc9db4d9476428fb04cbe8e3c6d
4d23229d5e75b0203719c554c5a4bd7dc07e2ea3
b66a44b55e81c4b18cf86b8e4638071b1d29f9a8b7ffcf1af944049fed7a7f00
POST /v1/api.php HTTP/1.1
Host: syndication.realsrv.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 278
Origin: https://a.realsrv.com
Connection: keep-alive
Referer: https://a.realsrv.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 16 Sep 2022 15:59:20 GMT
Content-Type: application/json
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Origin: https://a.realsrv.com
Access-Control-Allow-Headers: Authorization, Content-Type
Access-Control-Request-Method: POST
Access-Control-Allow-Credentials: true
X-Robots-Tag: noindex, follow
Content-Encoding: gzip
syndication.realsrv.com/splash.php?native-settings=1&idzone=4713906&cookieconsent=true&p=https%3A%2F%2Fxxxfree.watch%2Fveronica-leal-wet-and-horny%2F
95.211.229.247200 OK 4.3 kB URL HTTP/1.1 syndication.realsrv.com/splash.php?native-settings=1&idzone=4713906&cookieconsent=true&p=https%3A%2F%2Fxxxfree.watch%2Fveronica-leal-wet-and-horny%2F
IP 95.211.229.247:0
ASN #60781 LeaseWeb Netherlands B.V.
File type JSON data\012- , ASCII text, with very long lines (8144), with no line terminators
Hash e221082c110b313a28c099e69bcd6d35
47bdfeef094138c4dd778687e94dcca7d82f4a78
3e1c379bef93a82dfacce30f96b88d419a7d4066a50ff7132c738fcad77f6e47
GET /splash.php?native-settings=1&idzone=4713906&cookieconsent=true&p=https%3A%2F%2Fxxxfree.watch%2Fveronica-leal-wet-and-horny%2F HTTP/1.1
Host: syndication.realsrv.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://xxxfree.watch
Connection: keep-alive
Referer: https://xxxfree.watch/
Cookie: __uvt=a%3A1%3A%7Bi%3A0%3Bs%3A33%3A%2263249d588cfdd1.960736232737785141%22%3B%7D; c-tag=%7B%22tag-banner%22%3A%22v3%7C%7CNOR%7C4673694%7C74493138%7C0%7C%7C508%7C41%7C3%7C15%7C0%7C0%7C0%7C25344%7C0%7C0%7C0%7C1%7C0%7C0%7C0%7C0%7C1%7C0%7C0%7C1%7C%7Cdac09874d1ad80c1d7e8c170ae781d71%7C0%7Cxxxfree.watch%7C%7C%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7Cok%22%7D
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 16 Sep 2022 15:59:20 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Origin: https://xxxfree.watch
Access-Control-Allow-Credentials: true
Set-Cookie: __uvt=a%3A1%3A%7Bi%3A0%3Bs%3A33%3A%2263249d588cfdd1.960736232737785141%22%3B%7D; expires=Sun, 15 Sep 2024 15:59:20 GMT; path=; domain=.realsrv.com; Secure; SameSite=none
impressions=mxmssbsanxgxaraaxosbageicxbmsboenxgxaasscslaegeialeblerenxgxarmeomobrgeimxmbasacnxgxaraaoasaageicxbmsbcenxgxaasselablgeialeblecenxgxaralsbsaxgeimxmbasmbnxgxaraaolroageioslmrxbrnxgxaasscslaegeicxbmsbocnxgxaasscslaegeimsclxcabnxgxaramcssbcgeicxbmsbxcnxgxaasscslaegeialbserxenxgxaasxeeeeageioslmrxlrnxgxaasscslaegeimscamxrbnxgxaramxrbclgeimsclxreenxgxaramcssbcgeimxmssbrenxgxaramcsmccgeicraxcrebnxgxarmcrsxcxgeislsarosxnxgxaaolmooxmgeicmexsleonxgxarabcxolegeioslmrxbmnxgxaasxeeeeageirsxcecsenxgxarabbcraxgeialbserebnxgxaasoxaxrbgeioslmroemnxgxaasxereregeicmexsblcnxgxarmrcmolageiaaoboxbonxgxaralmcosrgeiamxmbxbonxgxaralsbsolgeimscamxccnxgxaralsbsaxgeiaaoabboonxgxarmeomobrgeislsaroornxgxaaobbmllageimooxbxeanxgxarmescrbbgeirsxcecsbnxgxarmelblebgeicmexslxcnxgxarmcbccrbgeicraxcrocnxgxarmsoerxxgeicraxcclanxgxarmxmcmmcgeicmexslecnxgxarmsembabgeicraxcreanxgxarmaarabageirsxcecccnxgxarmoocmexgeicraxcrxanxgxarmarlrxmgeialbserxonxgxaaoobreargeimcelelronxgxarbsrmlaageirsxcecxanxgxarbccmbcsgeirbabxabbnxgxaaoleroccgeicmeecrxcnxgxarmbexrmogeicmeecclonxgxarmorasemgeialbsereanxgxaaxsosbblgeicmexslxonxgxarmcxcaregeicaxsscmbnxgxaasxeeeeageicmeexcaenxgxarmcxsxcageimcelelrcnxgxaasxeeeeageimcelelcenxgxarmcxsxcageimcoexclonxgxarmcxsxcageialbserecnxgxaaocxaaalgeicmeeccbcnxgxarmcarxemgeicmexsblenxgxarmarlrxmgeimcoexaabnxgxaaeosmmecgeimcoexasbnxgxaaeosmmecgeicmeecrecnxgxarmrxsamageicraxcroonxgxarmrasloageicmexrxxonxgxarmaarabageimcoexaxonxgxarbblarblgeicaormbbenxgxarlexsrrageimcebllronxgxarmarlrxmgeirbabxalenxgxarmabbsmmgeicraxcroenxgxarmbexrmogeirsxcecsonxgxarmbrrcsegeimcoexxlonxgxarbsasblxgeimcoexasanxgxaaoecxelogeiroeaablbnxgxarlrlxmeegeimcoexarenxgxarlcbxlxageimcoexabbnxgxarbxeocasgeimcoexrlonxgxarbblarblgeimooxbelbnxgxarbexxealgeirsxcecebnxgxarbsasblxgeimcoexrlcnxgxarlcbxlxageimcoexaaanxgxarlcbxlxageirsxcecxenxgxarbxxxolxgeiraaoxbbcnxgxarbellsrxgeimcelelcanxgxaaxarbxxegeioslmrxlsnxgxaasoxbeaegeicaormbmanxgxaaxxlcxbmgeicaormlxcnxgxarbobbbbmgeicaormbbanxgxaaeoxexsxgeicaormlxanxgxaaoaaxmbcgeimcelelranxgxarbsrmlaageimcersrocnxgxarbsasblxgeimcoexaxcnxgxarbcslxbcgeisaeeasslnxgxaaoomsarogeimcersxbenxgxaaxacacesgeimcersxacnxgxarbroammrgeicaormloenxgxaaeoxexsxgeimcersoeenxgxarbroammrgeimcelelaanxgxaasxeeeeageimcelelbenxgxarbrboxregeimcoexaxbnxgxaaoecxelogeimcoexamenxgxarbblarblgeimcoexabanxgxarbblarblgeimcoexacanxgxarbblarblgeimcoexaoonxgxarblslrsxgeimcclsxbcnxgxaaeosmmecgeimcclsoeonxgxaaoblaceageicaormleanxgxaaxxemrecgeimcclsebcnxgxarlexorssgeimcclsxmenxgxaaeoaolesgeimcclossbnxgxaasxeeeeageimcclsxlenxgxaasxeeeeageimcclsxsonxgxaaexxllbrgeimcclsxxcnxgxaaosrmroegeimcclsxlanxgxaaemmeambgeimcclsxscnxgxaasescsrmgeicaormbmbnxgxaaemaolsbgeimcclselcnxgxarleomllegeimccloscenxgxaaorormsbgeimcclsxaanxgxarlesreebgeimcclselanxgxaaebsleobgeimcclsebbnxgxarlcbxlxageicaormbmcnxgxarloeaexageicaormlxonxgxarlmbxoosgeiclsmrrrenxgxarloalasrgeiclsmarcanxgxarloalasrgeiclsmrbronxgxarloalasrgeimcclsxronxgxaasescsrmgeimcclsxmanxgxaaexxsoasgeimcclossanxgxaasscslaegeimcclsxaonxgxaasoxbeaegeimcoexasonxgxarlcbxlxageimcclsxabnxgxarlreooaageimcclosscnxgxaaoxbsallgeimcclsxlbnxgxaaomexxrcgeimcclsxbbnxgxarlalasssgeicaormbbonxgxaaeoxexsxgeimcclsxcanxgxaaxxcmeaegeimcclsxmbnxgxaaeebrxsegeimcclsxxonxgxaaxobsolageimcclsxsbnxgxaasscslaegeimcclsxcbnxgxaaexxllbrgeimcclsxmonxgxaaexoembogeimcclsxconxgxaaomcaobegeimcclselenxgxaaesmsscageimcclsxmcnxgxaaeosmmecgeimcoexacbnxgxaaoecxelogeimcclsxbanxgxaaeoaolesgeimcclsebanxgxaaesobbblgeimcclsxxanxgxaaesalmmsgeimcclsxacnxgxaaxlcabocgeimcoexcccnxgxaaecebcslgeimcclsxocnxgxaaesmsscageimcclsxbenxgxaaesalmlageimcclsxsenxgxaaeassbmlgeimcclsxrenxgxaaesmsscageimcclosccnxgxaaobxmbecgeimcclsxobnxgxaaorocbaogeimcelelsanxgxaaecebcslgeimcelelmanxgxaaecebcslgeimcclsxlonxgxaaoxbsallgeimcclsxlcnxgxaasscslaegeimcclosconxgxaasoxbeaegeimrerbboanxgxaaemsosmogeicaormlxenxgxaaoamecaegeicaormbbcnxgxaaoamecaegeimrscomecnxgxaaxeeaxaegeimcclsxsanxgxaaosrmxxbgeimcrxsbobnxgxaaosxbcmogeimcoexsacnxgxaaxxcmeaegeimrscomeenxgxaaxsbxmrcgeimrcrbrxenxgxaaxrxelsbgeimcersxlbnxgxaaxacacesgeimcelelrenxgxaaxarbxxegeimrerbbsbnxgxaaoxasxrcgeimrerbbccnxgxaaoeemarogeimrerbmlenxgxaaxlocooageimccloscanxgxaaomcaobegeimrerbmlanxgxaaoeemarogeiclsmrbocnxgxaaooxbxsrgeiclsmrrccnxgxaaooxbxsrgeiclsmrmocnxgxaaooxbxsrgeiccmblmmonxgxaaseclebbgeiccmblmmbnxgxaasscslaegeiccmblmmanxgxaaseabxoageimcoexaebnxgxaaosrmxxbgeimcclsxoanxgxaaosrmroegeircsxcxscnxgxaasebaeebgeiccmblmmcnxgxaasoxaxrbgeimreaobscnxgxaaoroaslegeimreaobeanxgxaaoroaslegeimreaoboonxgxaaoroaslegeimrerbbxenxgxaaoaxomcxgeimcclsoeenxgxaasescsrmgeimcxlllscnxgxaasxeeeeageimcelelbonxgxaasxeeeeageiclsmrbxbnxgxaasxclseageiclsmrbrcnxgxaasxclseageiclsmrboonxgxaasxclseageimrxrxsaenxegxaasoaebrmgxcceimrrcrrloncgxaasoaebrmgxcceimxlbmoobnogxaasoaebrmgxcceimxlbmosenogxaasoaebrmgxcceimrmlbocanxgxaasoambecgxcceimrmcxbconogxaasoambecgxcceimrmlbcbensgxaasoambecgxcceimrrascaonxgxaasomomlcgxcceimcssmlronsgxaasomomlcgxcceimxlbmosonogxaasomsmsmgxcceimrrascacnxgxaasomsmsmgxcceimrrascaenxgxaasomsmccgxcceimrrascmcnxgxaasomcoesgxcceimcssmlrensgxaasomcoesgxcceimrbxcrbonxgxaasombbbcgxcceimexexabbnxgxaasobesergxcceimcoaxmxoncgxaasobcelxgxcceimeembesonxgxaasobcelxgxcceimrsreaabnsgxaasolorssgxcceimrsreamansgxaasoloasegxcceimeroeesbnsgxaasolomxegxcceimeroeecenxgxaasolomxegxcceimroacsmanogxaasolsbmlgxcceimroacsbensgxaasolsbmlgxcceimrsreambnsgxaasolclblgxcceimrsreamonxgxaasolalslgxcceimrsreabensgxaasolalslgxcceixaoossalnxgxaasolmarxgxcceicloaxxacnxgxaasolmlelgxcceimeembescnxgxaasolmlelgxcceimxlbmoscnogxaasolmlelgxcceimrsreamcnsgxaasollaexgxcceimrrascmanxgxaasollmeagxcceimsacexoonxgxaasollmeagxcceimxlbmxbbnxgxaasollmeagxcceimxeoxsbensgxaasollmeagxcceimxlbalsbnxgxaasollmeagxcceimocolroanxgxaasollmemgxcceimrbxcrmbnxgxaasseebssgxcceimrmxraocnogxaasseebssgxcceimrrcrrlenrgxaasseebssgxcceimememsecnxgxaassexxcrgxcceimrracoranxgxaassexxcagxcceimrrasxmcnxgxaasseocregxcceimeembecenxgxaasseocregxcceimeembeconxgxaasseocregxcceimrracorcnxgxaassesrregxcceimrracorbnxgxaassesrrxgxcceimrrascmonxgxaassembosgxcceialbbebsbnxgxaassembosgxcceimramxoxenxgxaasselccmgxcceimcssmlrcnsgxaasselablgxcceimxcbrxccnxgxaasselablgxcceimxeoxsacnxgxaasselablgxcceimxxerrecnxgxaasselablgxcceialoxxalenogxaasselablgxcceialaroxrcnxgxaasselalegxcceimxcbrxlcnxgxaassxeacagxcceimxxerrxenxgxaassxeacagxcceialbbebsanxgxaassxeacagxcceimemlxbocnxgxaassxeacagxcceimxxerrebnxgxaassxeacagxcceialbbebrenxgxaassxeacagxcceimrracoaenxgxaassxeacmgxcceimcoaxmxcnsgxaassxsambgxcceimclsaoxbnsgxaassxsambgxcceimrmoxooonxgxaassxclxxgxcceiceecmorsnxgxaassocbcegxcceimxcbrxlonxgxaassommxagxcceimrrascabnxgxaassommxagxcceimrrasxbonxgxaassseobmgxcceimrmxraoanxgxaassseobmgxcceimrmxraoonxgxaassseobmgxcceimrrcrrbanxgxaassseobmgxcceimxlbmoconogxaassseobmgxcceixaoosscrnxgxaassscsmsgxcceimrcscrsanxgxaassscsmsgxcceicmarxbbonxgxaassscsmsgxcceimrxccosanxgxaassscsmsgxcceimrsreamensgxaasssrrelgxcceimxxerreanxgxaasscslaegxcceimrmxraobnxgxaasscslaegcbeimxlbmosanogxaasscslaegxcce; expires=Sat, 17 Sep 2022 15:59:20 GMT; path=/; domain=.realsrv.com; Secure; SameSite=none
c-tag=%7B%22tag-banner%22%3A%22v3%7C%7CNOR%7C4713906%7C41873824%7C0%7C%7C508%7C41%7C3%7C15%7C0%7C0%7C0%7C25344%7C0%7C0%7C0%7C1%7C0%7C0%7C0%7C0%7C1%7C0%7C0%7C1%7C63249d588cfdd1.960736232737785141%7Cdac09874d1ad80c1d7e8c170ae781d71%7C0%7Cxxxfree.watch%7C%7C%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7Cok%22%7D; expires=Sat, 17 Sep 2022 15:59:20 GMT; path=/; domain=.realsrv.com; Secure; SameSite=none
c-tag=%7B%22tag-banner%22%3A%22v3%7C%7CNOR%7C4713906%7C71987242%7C100644%7C%7C508%7C41%7C3%7C15%7C0%7C0%7C0%7C25344%7C0%7C0%7C0%7C1%7C0%7C0%7C0%7C0%7C1%7C0%7C0%7C1%7C63249d588cfdd1.960736232737785141%7Cdac09874d1ad80c1d7e8c170ae781d71%7C0%7Cxxxfree.watch%7C%7C%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7Cok%22%7D; expires=Sat, 17 Sep 2022 15:59:20 GMT; path=/; domain=.realsrv.com; Secure; SameSite=none
c-tag=%7B%22tag-banner%22%3A%22v3%7C%7CNOR%7C4713906%7C75545590%7C0%7C%7C508%7C41%7C3%7C15%7C0%7C0%7C0%7C25344%7C0%7C0%7C0%7C1%7C0%7C0%7C0%7C0%7C1%7C0%7C0%7C1%7C63249d588cfdd1.960736232737785141%7Cdac09874d1ad80c1d7e8c170ae781d71%7C0%7Cxxxfree.watch%7C%7C%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7Cok%22%7D; expires=Sat, 17 Sep 2022 15:59:20 GMT; path=/; domain=.realsrv.com; Secure; SameSite=none
c-tag=%7B%22tag-banner%22%3A%22v3%7C%7CNOR%7C4713906%7C71021380%7C110382%7C%7C508%7C41%7C3%7C15%7C0%7C0%7C0%7C25344%7C0%7C0%7C0%7C1%7C0%7C0%7C0%7C0%7C1%7C0%7C0%7C1%7C63249d588cfdd1.960736232737785141%7Cdac09874d1ad80c1d7e8c170ae781d71%7C0%7Cxxxfree.watch%7C%7C%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7Cok%22%7D; expires=Sat, 17 Sep 2022 15:59:20 GMT; path=/; domain=.realsrv.com; Secure; SameSite=none
X-Robots-Tag: noindex, follow
Content-Encoding: gzip
6.adsco.re/
104.17.167.186200 OK 0 B IP 104.17.167.186:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: 6.adsco.re
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://xxxfree.watch
Connection: keep-alive
Referer: https://xxxfree.watch/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 16 Sep 2022 15:59:20 GMT
content-type: text/plain;charset=UTF-8
content-length: 0
access-control-allow-origin: https://xxxfree.watch
cache-control: private, max-age=10
access-control-allow-headers: Content-Type
access-control-allow-methods: GET, HEAD, OPTIONS
access-control-max-age: 2592000
vary: Accept-Encoding
server: cloudflare
cf-ray: 74bacf0bd89db4e8-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash e0cbb0aeb22e05e54eaad5ccd99a0996
696aa2dbc2c91fff7d245c3dd9b8c66b156a5692
74be35b0f4e89b25ce0658fa47d8498d9e9970bfbea826fc897e987d7322c267
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "74BE35B0F4E89B25CE0658FA47D8498D9E9970BFBEA826FC897E987D7322C267"
Last-Modified: Thu, 15 Sep 2022 22:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=19399
Expires: Fri, 16 Sep 2022 21:22:40 GMT
Date: Fri, 16 Sep 2022 15:59:21 GMT
Connection: keep-alive
1facmloy9twq.l4.adsco.re/
185.200.118.90200 OK 593 B URL HTTP/1.1 1facmloy9twq.l4.adsco.re/
IP 185.200.118.90:0
Hash c43dd939cdd0cafb63d1a8e5564ece57
57e56c94e87c15c3404b36e61f358e7af1a5d9a5
13d1e974405204e8ad21b74eaceaaf33561beed37b5301c694f4cbb615bcb64d
POST / HTTP/1.1
Host: 1facmloy9twq.l4.adsco.re
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 0
Origin: https://xxxfree.watch
Connection: keep-alive
Referer: https://xxxfree.watch/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Date: Fri, 16 Sep 2022 15:59:21 GMT
Content-Type: text/html
Content-Length: 0
Last-Modified: Tue, 31 Jul 2018 22:16:15 GMT
Connection: close
ETag: "5b60dfaf-0"
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range
Access-Control-Expose-Headers: Content-Length,Content-Range
Accept-Ranges: bytes
4.adsco.re/
162.252.214.5200 OK 31 kB IP 162.252.214.5:0
File type ASCII text, with very long lines (65447)
Hash a595022cbc074dd73671226f6d1a0f6c
94a17c5dd502fcdd4517c1fd8330395bf3730e67
f8652cdf6919558644365808a4434a2be6131c4c74e31379d854cd1bb62bbda1
GET / HTTP/1.1
Host: 4.adsco.re
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://xxxfree.watch
Connection: keep-alive
Referer: https://xxxfree.watch/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Date: Fri, 16 Sep 2022 15:59:21 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Methods: GET, HEAD, OPTIONS
Access-Control-Allow-Headers: Content-Type
Access-Control-Allow-Origin: https://xxxfree.watch
Access-Control-Max-Age: 2592000
Cache-Control: private, max-age=5
Content-Encoding: gzip
syndication.realsrv.com/v1/api.php
95.211.229.247200 OK 1.0 kB URL HTTP/1.1 syndication.realsrv.com/v1/api.php
IP 95.211.229.247:0
ASN #60781 LeaseWeb Netherlands B.V.
File type JSON data\012- , ASCII text, with very long lines (1369), with no line terminators
Hash e07ab3e999e19858fc50cea83b9addaa
6eb2185c94bc3b5ac07e324911b6803260bc8c74
daf9dc4af53c714311e1764425f0a7b59f2984700d8ac7ce80867661ef3b2234
POST /v1/api.php HTTP/1.1
Host: syndication.realsrv.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 278
Origin: https://a.realsrv.com
Connection: keep-alive
Referer: https://a.realsrv.com/
Cookie: __uvt=a%3A1%3A%7Bi%3A0%3Bs%3A33%3A%2263249d588cfdd1.960736232737785141%22%3B%7D; c-tag=%7B%22tag-banner%22%3A%22v3%7C%7CNOR%7C4713906%7C71021380%7C110382%7C%7C508%7C41%7C3%7C15%7C0%7C0%7C0%7C25344%7C0%7C0%7C0%7C1%7C0%7C0%7C0%7C0%7C1%7C0%7C0%7C1%7C63249d588cfdd1.960736232737785141%7Cdac09874d1ad80c1d7e8c170ae781d71%7C0%7Cxxxfree.watch%7C%7C%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7Cok%22%7D
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 16 Sep 2022 15:59:21 GMT
Content-Type: application/json
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Origin: https://a.realsrv.com
Access-Control-Allow-Headers: Authorization, Content-Type
Access-Control-Request-Method: POST
Access-Control-Allow-Credentials: true
X-Robots-Tag: noindex, follow
Content-Encoding: gzip
www.google-analytics.com/analytics.js
142.250.74.174200 OK 20 kB URL HTTP/2 www.google-analytics.com/analytics.js
IP 142.250.74.174:0
File type ASCII text, with very long lines (1325)
Hash 56f5d7f608e25d64207135f045f988cb
901eb59372ae330ae85e1384da93479b21ae1082
1910daea79e5a9d04829a91e432dfa56f45a80a3e14a8cf667fec73af9fd3d29
GET /analytics.js HTTP/1.1
Host: www.google-analytics.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xxxfree.watch/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 20006
date: Fri, 16 Sep 2022 14:41:12 GMT
expires: Fri, 16 Sep 2022 16:41:12 GMT
cache-control: public, max-age=7200
age: 4689
last-modified: Wed, 13 Apr 2022 21:02:38 GMT
content-type: text/javascript
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 50bce4aed8c2aeecb33b6baa72ae9604
4cec437019d211c267c7ac6d1ff5cfa39c2a44df
0479fce5e832c8a214ca28391571c265070861caaff6d6589614fc6b2d2ec418
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "0479FCE5E832C8A214CA28391571C265070861CAAFF6D6589614FC6B2D2EC418"
Last-Modified: Wed, 14 Sep 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12021
Expires: Fri, 16 Sep 2022 19:19:42 GMT
Date: Fri, 16 Sep 2022 15:59:21 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
143.204.55.27200 OK 329 B URL HTTP/1.1 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 143.204.55.27:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 329
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: ETag, Expires, Content-Length, Cache-Control, Pragma, Content-Type, Alert, Backoff, Last-Modified, Retry-After
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Last-Modified: Fri, 25 Mar 2022 17:45:46 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
Date: Fri, 16 Sep 2022 15:03:22 GMT
Cache-Control: max-age=3600
Expires: Fri, 16 Sep 2022 15:21:09 GMT
ETag: "1648230346554"
X-Cache: Hit from cloudfront
Via: 1.1 9dd61138197a68f8d69f12574aab6930.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: m3ZsoDzydkt1GAkswnkghJHbYqSBCjsvbyksd7_cpXjTBEFLPfX35Q==
Age: 3359
s10.histats.com/js15_as.js
46.105.201.240200 OK 4.4 kB URL HTTP/2 s10.histats.com/js15_as.js
IP 46.105.201.240:0
File type HTML document, ASCII text, with very long lines (11440), with no line terminators
Hash ed192092c129db6123a3397855f42619
067e9b8e26cf6246eb84c6b9cf3da0c192ce7b3e
998fff486a7fb38b6ed445edc36c9b317b70950cd39efcf4012ca641312fcee1
GET /js15_as.js HTTP/1.1
Host: s10.histats.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xxxfree.watch/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 16 Sep 2022 15:57:25 GMT
etag: "-375139978"
last-modified: Thu, 16 Apr 2020 10:44:16 GMT
x-request-id: 125078022
content-type: text/javascript
content-encoding: br
x-cdn-pop: rbx1
x-cdn-pop-ip: 51.254.41.128/25
x-cacheable: Matched cache
accept-ranges: bytes
content-length: 4364
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 6f555fb25dd889c5fb6fce0b3db0f1e3
58dc6a5721cd7e8131ab55924602343d34e3b19f
ed17139eedd8a96418c6731b8446ac226a1815fd5e228d0a23357642c5bd5fda
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "ED17139EEDD8A96418C6731B8446AC226A1815FD5E228D0A23357642C5BD5FDA"
Last-Modified: Thu, 15 Sep 2022 22:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=14332
Expires: Fri, 16 Sep 2022 19:58:13 GMT
Date: Fri, 16 Sep 2022 15:59:21 GMT
Connection: keep-alive
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 3db421016cf0e3ad25f324cf0faf0fac
b15909de1105d4d2fb5be5b3920c454daf022445
914b15f28636e0a5e851540ffb0625ecd09d0546b2f1f7af90b267ceebcf1d5d
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5616
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Fri, 16 Sep 2022 15:59:21 GMT
Last-Modified: Fri, 16 Sep 2022 14:25:45 GMT
Server: ECS (ska/F719)
X-Cache: HIT
Content-Length: 471
wysyshypti.pro/crD.9/6/bD2_5BlYSgWSQs9JNlDoEQzrN/TukQ2/MZCQ0p0oMrTIMz1/OYTEY-xw
88.85.94.231200 OK 15 kB URL HTTP/2 wysyshypti.pro/crD.9/6/bD2_5BlYSgWSQs9JNlDoEQzrN/TukQ2/MZCQ0p0oMrTIMz1/OYTEY-xw
IP 88.85.94.231:0
File type Unicode text, UTF-8 text, with very long lines (5600)
Hash 838dec807a67f8b3253d31856c8af9e3
bbc0f8670bfb937b9174d3501bc433f4334f25ec
49650354a4eb64d794fd4bda74796b6248a3bf2645699775e1093f68da5ae6de
GET /crD.9/6/bD2_5BlYSgWSQs9JNlDoEQzrN/TukQ2/MZCQ0p0oMrTIMz1/OYTEY-xw HTTP/1.1
Host: wysyshypti.pro
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xxxfree.watch/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Fri, 16 Sep 2022 15:59:20 GMT
content-type: application/javascript
vary: Accept-Encoding
expires: Mon, 26 Jul 2011 05:00:00 GMT
cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
pragma: no-cache
accept-ch: Sec-CH-UA-Platform-Version, Sec-CH-UA-Platform
last-modified: Fri, 16 Sep 2022 15:59:20 GMT
access-control-allow-credentials: true
access-control-allow-headers: Content-Type
access-control-allow-methods: GET
access-control-allow-origin: *
set-cookie: kadSlcJ=eyJ0aW1lU3RhbXAiOjE2NjMyODI3MTIsInpvbmVzIjp7IjQxMzU5NjAiOls0MTM1OTYwLDEsMTY2MzM0Mzk2MF0sIjQxNDE4NjYiOls0MTQxODY2LDEsMTY2MzMxODI4N10sIjQzODM2MDAiOls0MzgzNjAwLDEsMTY2MzI4MjcxMl19fQ==; max-age=1694879960; path=/
x-content-type-options: nosniff
content-encoding: br
X-Firefox-Spdy: h2
ocsp.sectigo.com/
104.18.32.68200 OK 281 B IP 104.18.32.68:0
Hash cf7a3181b9cc901ede60a6d67b89d8c7
2ae4317f2969e67d6f390a33930280b87477d0e6
d83a21098962fa0f74b43236bc13c64b05358f27bfddf06b8e87e50db6769ca7
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 16 Sep 2022 15:59:21 GMT
Content-Type: application/ocsp-response
Content-Length: 281
Connection: keep-alive
Last-Modified: Fri, 16 Sep 2022 13:05:14 GMT
Expires: Fri, 23 Sep 2022 13:05:13 GMT
Etag: "2ae4317f2969e67d6f390a33930280b87477d0e6"
Cache-Control: max-age=593751,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb3
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 74bacf0ecf6c0b61-OSL
h4ahsm.cfeucdn.com/video_short.mp4
84.16.243.193206 Partial Content 3.1 kB URL HTTP/1.1 h4ahsm.cfeucdn.com/video_short.mp4
IP 84.16.243.193:0
ASN #28753 Leaseweb Deutschland GmbH
File type ISO Media, MP4 Base Media v1 [ISO 14496-12:2003]\012- data
Hash 639ec085afd48ff720cb1716bb09c075
04789db6677b1e59ae5b2c8c3b565f7ad8bf5c52
7e3c990c8c3e6ad1a07710e7032c1ff22975d6322937e80b0446a07de1b227cb
GET /video_short.mp4 HTTP/1.1
Host: h4ahsm.cfeucdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: video/webm,video/ogg,video/*;q=0.9,application/ogg;q=0.7,audio/*;q=0.6,*/*;q=0.5
Accept-Language: en-US,en;q=0.5
Range: bytes=0-
Origin: https://woffxxx.com
Connection: keep-alive
Referer: https://woffxxx.com/
Sec-Fetch-Dest: video
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 206 Partial Content
Date: Fri, 16 Sep 2022 15:59:20 GMT
Content-Type: video/mp4
Content-Length: 3078
Last-Modified: Sat, 03 Apr 2021 21:17:34 GMT
Connection: keep-alive
Keep-Alive: timeout=60
ETag: "6068db6e-c06"
server: YouTube Frontend Proxy
Expires: Sun, 16 Oct 2022 15:59:20 GMT
Cache-Control: max-age=2592000
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Origin,Range
Access-Control-Expose-Headers: Content-Range,Content-Length,ETag
Content-Range: bytes 0-3077/3078
adsco.re/p
162.252.214.5200 OK 171 B IP 162.252.214.5:0
File type ASCII text, with no line terminators
Hash 1effbbafb0c5c948a125fa2ea3459880
d89c130c47689ba593c04ba509ef2398c2c2881a
758859aefd8251b2c49351793bc9daab1bf2a16da96a2e3cc4441b3bd7e3e763
POST /p HTTP/1.1
Host: adsco.re
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Length: 1830
Origin: https://xxxfree.watch
Connection: keep-alive
Referer: https://xxxfree.watch/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Date: Fri, 16 Sep 2022 15:59:21 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
AS-P-1: OK lon123
AS-P-2: OK
AS-P-3: OK
Access-Control-Max-Age: 2592000
Cache-Control: no-transform
Access-Control-Allow-Origin: https://xxxfree.watch
Access-Control-Allow-Credentials: true
Content-Encoding: gzip
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash dcbf489b3a2c71923ec8ffb658f28d3c
1fbc27381f0c42466d8c90778e031c3a99e207a6
3363aff4ab489b54607dbe29a480b99b16e0ea7f237e7ae11e0252dbb1ec00ed
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "3363AFF4AB489B54607DBE29A480B99B16E0EA7F237E7AE11E0252DBB1EC00ED"
Last-Modified: Thu, 15 Sep 2022 22:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=14790
Expires: Fri, 16 Sep 2022 20:05:51 GMT
Date: Fri, 16 Sep 2022 15:59:21 GMT
Connection: keep-alive
push.services.mozilla.com/
54.148.228.45101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 54.148.228.45:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: akse/uVNt38wNzHOiMaAbg==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: 6KMntWmLfwbZVg49SLR3UyAWlvw=
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash a9d32112b411ef598acca64be6b61917
6bf4a9860fb1c16597670cef3c661c0972d352ac
9a14413138782145730015025fea415423b6a7244b1b4753787240c299170e73
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "9A14413138782145730015025FEA415423B6A7244B1B4753787240C299170E73"
Last-Modified: Thu, 15 Sep 2022 19:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2900
Expires: Fri, 16 Sep 2022 16:47:41 GMT
Date: Fri, 16 Sep 2022 15:59:21 GMT
Connection: keep-alive
cdnjs.cloudflare.com/ajax/libs/jquery/3.5.1/jquery.min.js
104.17.25.14200 OK 28 kB URL HTTP/2 cdnjs.cloudflare.com/ajax/libs/jquery/3.5.1/jquery.min.js
IP 104.17.25.14:0
File type ASCII text, with very long lines (65451)
Hash 4b5f47439b640180cc3450f7de05d0d8
5a0dc9bcab80ddc409dd35fcb00a88fe6846fee2
1f85e8b327f42c17c025d69849914068536d9aa95412fe473ae90ffb2f4ebd82
GET /ajax/libs/jquery/3.5.1/jquery.min.js HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://dood.wf/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 16 Sep 2022 15:59:21 GMT
content-type: application/javascript; charset=utf-8
content-length: 27958
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "5eb09ed3-15d84"
last-modified: Mon, 04 May 2020 23:01:39 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
cf-cache-status: HIT
age: 8787665
expires: Wed, 06 Sep 2023 15:59:21 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=v6oHEEeqH0%2FT%2BOVbMbBCqmHH7CPYkjH90cQON0eealkzPD6Dv6RkQbxNhDVP9tCK5wfUiqmwya9CZAMHVLEuXsTNu2uz81xDCH4NJGLTvpBulx4zKnO3GBaAHwPMNkucI%2B4nJCMW"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 74bacf123ddc0b31-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
unpkg.com/progressbar.js@1.1.0/dist/progressbar.min.js
104.16.123.175200 OK 11 kB URL HTTP/2 unpkg.com/progressbar.js@1.1.0/dist/progressbar.min.js
IP 104.16.123.175:0
File type ASCII text, with very long lines (29325)
Hash 9e0f40c794b1e52920362c7a9ec15c29
255f233cd674e5fb0b55d19c71f69a684ebc6d6e
82850317137a7b4fad17a9090d8fb6b471c7c0bb92f911d0779e1c86cd58a3bc
GET /progressbar.js@1.1.0/dist/progressbar.min.js HTTP/1.1
Host: unpkg.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://woffxxx.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Fri, 16 Sep 2022 15:59:20 GMT
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
last-modified: Sat, 26 Oct 1985 08:15:00 GMT
etag: W/"7315-VGu3QlAvqjb4wruVTC8CgYdmBAQ"
via: 1.1 fly.io
fly-request-id: 01F3YGTHVETVB9B7TG2TW5GR8F
cf-cache-status: HIT
age: 12654724
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
server: cloudflare
cf-ray: 74bacf0a1963b500-OSL
content-encoding: br
X-Firefox-Spdy: h2
watchxxxfree.xyz/wp-content/uploads/2019/03/logo2015-1-1.png
104.21.73.245301 Moved Permanently 471 B URL HTTP/2 watchxxxfree.xyz/wp-content/uploads/2019/03/logo2015-1-1.png
IP 104.21.73.245:0
Hash 91dad4479f7dcb623266cf0dcfef5875
9fcf1f0e16c17a43021ab8fb01089d2d9c9f1d3a
0dc4f9c3ecdccb7e1b7a651c72ee63acc06482b362f060547534c3196e561412
GET /wp-content/uploads/2019/03/logo2015-1-1.png HTTP/1.1
Host: watchxxxfree.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xxxfree.watch/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 301 Moved Permanently
date: Fri, 16 Sep 2022 15:59:21 GMT
location: https://xxxfree.watch/wp-content/uploads/2019/03/logo2015-1-1.png
cache-control: max-age=3600
expires: Fri, 16 Sep 2022 16:59:21 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=yTBznalzjxwFXFFAD2rWcN4iN7TaMPw5HNgP5HIjz0KU5pHbPJUbpjSuUBhEAe76OZFfF2GSPC30za%2BuewuxBUasHsRNsu%2B8CYVqbLIK4XnrL%2FeSCZ4P2w7R8VAu%2FrC%2FEKc0"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 74bacf0d0f61b505-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
www.kinogogly.pro/afd951/4f8a112651cb.js
67.216.91.5200 OK 106 kB URL HTTP/2 www.kinogogly.pro/afd951/4f8a112651cb.js
IP 67.216.91.5:0
File type ASCII text, with very long lines (65536), with no line terminators
Size 106 kB (106341 bytes)
Hash 044e80e33c077f8751a9a32ed1b20904
1d56828ffb5f14457ab67c58ffa86b55fd9fc646
bf9295f040ae59240a06ffaab01c2355060041b5e65ac3bc8e3e2e53dbc2d6eb
GET /afd951/4f8a112651cb.js HTTP/1.1
Host: www.kinogogly.pro
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-type: text/plain
Origin: https://xxxfree.watch
Connection: keep-alive
Referer: https://xxxfree.watch/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: ucdn/1.22.0
date: Fri, 16 Sep 2022 15:59:21 GMT
content-type: application/javascript
vary: Accept-Encoding
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-headers: Content-Type
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315356439, public
x-ureq-id: XDrrrzssYKy7XniAYHDaCxO/1BtQYlPAo1HVcwFLMsqzmAdmqk/B6ooG0EIWoxnf5jngzO4v15H/4XOXMHf5kCW9G0bgBQkxYucKEX6fKtb2yoUxnJLMA+vaS5pzPbmM
x-served-from: l1
x-vhostid: 247, 20902
content-encoding: br
X-Firefox-Spdy: h2
alleviatepracticableaddicted.com/a6/b0/b8/a6b0b8925d9b3a4154c035c24b4ed97e.js
192.243.59.13200 OK 11 kB URL HTTP/1.1 alleviatepracticableaddicted.com/a6/b0/b8/a6b0b8925d9b3a4154c035c24b4ed97e.js
IP 192.243.59.13:0
ASN #39572 DataWeb Global Group B.V.
File type ASCII text, with very long lines (32114), with no line terminators
Hash ceaa717593115cb025e12bdf1c2bb0c8
4e9cecc26c51848b9b55331411c473c479c613f6
212dbbb9d2cbbe70f0328a220a18092b687b472e083a7c46bdd835a017fdfcea
Analyzer Verdict Alert quad9 Sinkholed
GET /a6/b0/b8/a6b0b8925d9b3a4154c035c24b4ed97e.js HTTP/1.1
Host: alleviatepracticableaddicted.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://woffxxx.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.17.6
Date: Fri, 16 Sep 2022 15:59:21 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA-Full-Version-ListSec-CH-UA-MobileSec-CH-UA-Platform,Sec-CH-UA-Mobile,Sec-CH-UA-Platform,Sec-CH-UA-PlatformSec-CH-UA-ModelSec-CH-UA-Mobile,Sec-CH-UA-PlatformSec-CH-UA-Platform-Version,Sec-CH-UASec-CH-UA-MobileSec-CH-UA-Platform,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 6500d836447baf9a4dfa51a69123e0c5
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
www.google.com/recaptcha/api.js?render=explicit
142.250.74.164200 OK 557 B URL HTTP/2 www.google.com/recaptcha/api.js?render=explicit
IP 142.250.74.164:0
File type ASCII text, with very long lines (852), with no line terminators
Hash 9ad685e3d01b0036bb8f8e30b595319f
f0b09266e6afa82a0e5a55ac54fa457852fc7ba2
43b843f3e3769414de1b6c92b9df34844f3e40fd235165a24a66276c4d96f03c
GET /recaptcha/api.js?render=explicit HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://dood.wf/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
expires: Fri, 16 Sep 2022 15:59:22 GMT
date: Fri, 16 Sep 2022 15:59:22 GMT
cache-control: private, max-age=300
content-type: text/javascript; charset=UTF-8
cross-origin-resource-policy: cross-origin
content-encoding: gzip
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
content-security-policy: frame-ancestors 'self'
x-xss-protection: 1; mode=block
content-length: 557
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
e1.o.lencr.org/
23.36.77.32200 OK 344 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 447d83f23a0fe3e5c6f9b80878eecade
89918b89af9e7919867d47999a9e7184a366882d
8c0b5a55c41b9cc624c3f4fc3a039911e59074ae334be89134475dff84de3b49
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 344
ETag: "8C0B5A55C41B9CC624C3F4FC3A039911E59074AE334BE89134475DFF84DE3B49"
Last-Modified: Fri, 16 Sep 2022 04:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2671
Expires: Fri, 16 Sep 2022 16:43:53 GMT
Date: Fri, 16 Sep 2022 15:59:22 GMT
Connection: keep-alive
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 14 kB IP 142.250.74.3:0
Hash de703e04a26a6f7f8b141e84a2754cb7
d372a18e69b55510d7c3f1b91436fc9a503a11d4
41055c052d4cb76235ce46836328c77c731353510bd575101a223d6fe9ffbe61
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 16 Sep 2022 15:59:22 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash 7df27d4646e6e1cd358f0997ad604ea9
bf0c3feb55312e00ed8aa718458cc1e932903ac2
ba7ebd5b66156d280c46a2e492c5830f67e114711498b405b4e57ee1f45f4905
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 16 Sep 2022 15:59:22 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
wysyshypti.pro/crD.9/6/bD2_5BlYSgWSQs9JNlDoEQzrN/TukQ2/MZCQ0p0oMrTIMz1/OYTEY-xw
88.85.94.231200 OK 15 kB URL HTTP/2 wysyshypti.pro/crD.9/6/bD2_5BlYSgWSQs9JNlDoEQzrN/TukQ2/MZCQ0p0oMrTIMz1/OYTEY-xw
IP 88.85.94.231:0
File type Unicode text, UTF-8 text, with very long lines (5600)
Hash 10a7791f64df55a4e8eb1f008267c371
206e9053a2bac50e04f7611256b38b71b3669a1a
260ac4741c659ba29914263e1200ac74981b4b934895f556c9b20da2cd477827
GET /crD.9/6/bD2_5BlYSgWSQs9JNlDoEQzrN/TukQ2/MZCQ0p0oMrTIMz1/OYTEY-xw HTTP/1.1
Host: wysyshypti.pro
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xxxfree.watch/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 16 Sep 2022 15:59:20 GMT
content-type: application/javascript
vary: Accept-Encoding
cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
pragma: no-cache
accept-ch: Sec-CH-UA-Platform-Version, Sec-CH-UA-Platform
expires: Mon, 26 Jul 2011 05:00:00 GMT
access-control-allow-methods: GET
last-modified: Fri, 16 Sep 2022 15:59:20 GMT
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Content-Type
set-cookie: kadSlcJ=eyJ0aW1lU3RhbXAiOjE2NjMyODI3MTIsInpvbmVzIjp7IjQxMzU5NjAiOls0MTM1OTYwLDIsMTY2MzM0Mzk2MF0sIjQxNDE4NjYiOls0MTQxODY2LDEsMTY2MzMxODI4N10sIjQzODM2MDAiOls0MzgzNjAwLDEsMTY2MzI4MjcxMl19fQ==; max-age=1694879960; path=/
x-content-type-options: nosniff
content-encoding: br
X-Firefox-Spdy: h2
www.gstatic.com/recaptcha/releases/zmiYzsHi8INTJBWt2QZC9aM5/recaptcha__en.js
142.250.74.163200 OK 158 kB URL HTTP/2 www.gstatic.com/recaptcha/releases/zmiYzsHi8INTJBWt2QZC9aM5/recaptcha__en.js
IP 142.250.74.163:0
File type ASCII text, with very long lines (581)
Size 158 kB (157726 bytes)
Hash 6519c7c04cf32a57b1c5ee45a73c233e
4939bb921988e9eb13780cc2244f3099776e9bfb
8352dd4e3e0fe82562cdc280c020fc31d2c6d054f7ead441a3b18de8ef04401b
GET /recaptcha/releases/zmiYzsHi8INTJBWt2QZC9aM5/recaptcha__en.js HTTP/1.1
Host: www.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://dood.wf
Connection: keep-alive
Referer: https://dood.wf/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-length: 157726
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 14 Sep 2022 05:37:29 GMT
expires: Thu, 14 Sep 2023 05:37:29 GMT
cache-control: public, max-age=31536000
last-modified: Wed, 14 Sep 2022 00:24:01 GMT
content-type: text/javascript
age: 210113
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash 7df27d4646e6e1cd358f0997ad604ea9
bf0c3feb55312e00ed8aa718458cc1e932903ac2
ba7ebd5b66156d280c46a2e492c5830f67e114711498b405b4e57ee1f45f4905
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 16 Sep 2022 15:59:22 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.sca1b.amazontrust.com/
143.204.42.88200 OK 471 B URL HTTP/1.1 ocsp.sca1b.amazontrust.com/
IP 143.204.42.88:0
Hash cdebb5e2394519b3778aa97339ca1de0
7d3ce86549e158949ceece206ccf9621d3d8a3e7
abb37d3fd277d1eecda6546df7c1efe89369db5cae7cad694e4fdca0a41c9a5b
POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: 'max-age=158059'
Date: Fri, 16 Sep 2022 15:59:22 GMT
Last-Modified: Fri, 16 Sep 2022 14:37:24 GMT
Server: ECS (nyb/1D0B)
X-Cache: Miss from cloudfront
Via: 1.1 8e6dce34fd223e0c9d89fd938d1784a2.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: 6LN_KeMhrrv4DvtFVgJqgUIBtGujPm1JaVpqTVkGUG4dYeLzEfTmVA==
Age: 4919
simplewebanalysis.com/stats
35.158.39.64200 OK 40 B URL HTTP/2 simplewebanalysis.com/stats
IP 35.158.39.64:0
File type ASCII text, with no line terminators
Hash c406354ea4a585e48d18bea7e8d65d7f
f4c7ec2b0a15fb6ca435f2ee33b9fc5864d61e83
36dc711beee08f0ccc8ca50fadd865bfa2eb601bb68599c28e46b2c7ef344cd3
GET /stats HTTP/1.1
Host: simplewebanalysis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://woffxxx.com
Connection: keep-alive
Referer: https://woffxxx.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 16 Sep 2022 15:59:22 GMT
content-type: text/html; charset=UTF-8
content-length: 40
server: fasthttp
access-control-allow-origin: https://woffxxx.com
access-control-allow-credentials: true
set-cookie: uid_id2=2cc256e3-2ebb-47c0-a1a7-8d608945ba66:1:1; expires=Mon, 13 Sep 2032 15:59:22 GMT; secure; SameSite=None
X-Firefox-Spdy: h2
s4.histats.com/stats/0.php?2972094&@f16&@g1&@h1&@i1&@j1663343944994&@k0&@l1&@mVeronica%20Leal%20-%20Wet%20and%20Horny%20-%20WatchXXXFree%20Porn%20Tube&@n0&@o1000&@q0&@r0&@s0&@ten-US&@u1280&@b1:147505238&@b3:1663343945&@b4:js15_as.js&@b5:0&@a-_0.2.1&@vhttps%3A%2F%2Fxxxfree.watch%2Fveronica-leal-wet-and-horny%2F&@w
192.99.0.58200 OK 50 B URL HTTP/1.1 s4.histats.com/stats/0.php?2972094&@f16&@g1&@h1&@i1&@j1663343944994&@k0&@l1&@mVeronica%20Leal%20-%20Wet%20and%20Horny%20-%20WatchXXXFree%20Porn%20Tube&@n0&@o1000&@q0&@r0&@s0&@ten-US&@u1280&@b1:147505238&@b3:1663343945&@b4:js15_as.js&@b5:0&@a-_0.2.1&@vhttps%3A%2F%2Fxxxfree.watch%2Fveronica-leal-wet-and-horny%2F&@w
IP 192.99.0.58:0
File type ASCII text, with no line terminators
Hash c937ed13c5c280fbd0f62dc007613f35
2cb1cd3dc391a2708eee54e5f50a1640e6ab5c3b
b30c30aa64c9e40561ae45774ecce369fa4780ddc0d6bbd8a8422f884af9828b
GET /stats/0.php?2972094&@f16&@g1&@h1&@i1&@j1663343944994&@k0&@l1&@mVeronica%20Leal%20-%20Wet%20and%20Horny%20-%20WatchXXXFree%20Porn%20Tube&@n0&@o1000&@q0&@r0&@s0&@ten-US&@u1280&@b1:147505238&@b3:1663343945&@b4:js15_as.js&@b5:0&@a-_0.2.1&@vhttps%3A%2F%2Fxxxfree.watch%2Fveronica-leal-wet-and-horny%2F&@w HTTP/1.1
Host: s4.histats.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xxxfree.watch/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Date: Fri, 16 Sep 2022 15:59:22 GMT
Content-Type: text/html;charset=UTF-8
Content-Length: 50
Connection: close
ocsp.digicert.com/
93.184.220.29200 OK 278 B IP 93.184.220.29:0
Hash ef045330284c32127a05307b5d5b14fd
6720eba0edf0a8a730d300c7ab96631dca76c111
392042ddc64786a51f107d92ac0d97989f97c11b0b7159497b9fc8d0b0be4742
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6165
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Fri, 16 Sep 2022 15:59:22 GMT
Last-Modified: Fri, 16 Sep 2022 14:16:38 GMT
Server: ECS (ska/F719)
X-Cache: HIT
Content-Length: 278
ocsp.digicert.com/
93.184.220.29200 OK 278 B IP 93.184.220.29:0
Hash ef045330284c32127a05307b5d5b14fd
6720eba0edf0a8a730d300c7ab96631dca76c111
392042ddc64786a51f107d92ac0d97989f97c11b0b7159497b9fc8d0b0be4742
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6165
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Fri, 16 Sep 2022 15:59:22 GMT
Last-Modified: Fri, 16 Sep 2022 14:16:38 GMT
Server: ECS (ska/F719)
X-Cache: HIT
Content-Length: 278
ocsp.digicert.com/
93.184.220.29200 OK 278 B IP 93.184.220.29:0
Hash ef045330284c32127a05307b5d5b14fd
6720eba0edf0a8a730d300c7ab96631dca76c111
392042ddc64786a51f107d92ac0d97989f97c11b0b7159497b9fc8d0b0be4742
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3389
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Fri, 16 Sep 2022 15:59:22 GMT
Last-Modified: Fri, 16 Sep 2022 15:02:53 GMT
Server: ECS (ska/F712)
X-Cache: HIT
Content-Length: 278
zap.buzz/vqlWwD8
104.21.53.136302 Found 560 B IP 104.21.53.136:0
Hash 2dedafbaf22d9aed5163d40303fadb1a
94e26f536fed382fc14155e523e5eb8999f065d0
48535eaf838d8c71db38fa8dd8be9d0789a110a39365df8ef690713faa964dcc
GET /vqlWwD8 HTTP/1.1
Host: zap.buzz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
date: Fri, 16 Sep 2022 15:59:22 GMT
content-type: text/html; charset=utf-8
location: https://q.xmlrtb.com/r?fid=k2mHN2AHw88
vary: Cookie
set-cookie: session=eyJfcGVybWFuZW50Ijp0cnVlfQ.YySdWg.ISHLYVw7sON5n3PwcQKr1f9L0Wc; Expires=Fri, 16 Sep 2022 16:29:22 GMT; HttpOnly; Path=/
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=8Ldh7ja8qMuRu2zxFJ%2FFA%2F9pjZMsU7HVwVW8M6yGYOOGojKMxKz%2By7jchp3ZN8F%2Fh9CgA9%2FBiEPaPYrbEsRcpSt71E9j1JsxdXtfLIimU1F66DR%2BfFmLGiQHzA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 74bacf145b9bb52d-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 3f4ade9d9f40e6368e1b9b8badd1cc54
a0b49d7decec0ba76289b889d15d4c7e7e3f4103
f39d34cc00e36ed0b102355931c8856e1a7d4328701ff32cac5786c2ca9cba00
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "F39D34CC00E36ED0B102355931C8856E1A7D4328701FF32CAC5786C2CA9CBA00"
Last-Modified: Wed, 14 Sep 2022 13:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=13871
Expires: Fri, 16 Sep 2022 19:50:33 GMT
Date: Fri, 16 Sep 2022 15:59:22 GMT
Connection: keep-alive
ocsp.sectigo.com/
104.18.32.68200 OK 472 B IP 104.18.32.68:0
Hash 8d1ebb113bbbe520edafc87dfe95477d
ec1f93d4cf4693b467b421870df24f920f2a7726
2f0a3230db1b139114699c2210e0323baa5d2dcdcdbef181a7ef14d7b9421654
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 16 Sep 2022 15:59:22 GMT
Content-Type: application/ocsp-response
Content-Length: 472
Connection: keep-alive
Last-Modified: Tue, 13 Sep 2022 17:05:31 GMT
Expires: Tue, 20 Sep 2022 17:05:30 GMT
Etag: "ec1f93d4cf4693b467b421870df24f920f2a7726"
Cache-Control: max-age=348967,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb1
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 74bacf162f140b61-OSL
reapinject.com/0a/6e/9a/0a6e9a96058c7f39edbf4999920d05a3.js
192.243.59.20200 OK 29 kB URL HTTP/1.1 reapinject.com/0a/6e/9a/0a6e9a96058c7f39edbf4999920d05a3.js
IP 192.243.59.20:0
ASN #39572 DataWeb Global Group B.V.
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (65536), with no line terminators
Hash 497daff5d48669cb829f78dfa05e2af3
d323f4ba4b6f2c197ed63f34230d121b6177b1f9
ae0f61a91fda786c772b2161eafa81a089004a552e5dfab773d36394d8183af8
Analyzer Verdict Alert quad9 Sinkholed
GET /0a/6e/9a/0a6e9a96058c7f39edbf4999920d05a3.js HTTP/1.1
Host: reapinject.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://woffxxx.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.17.9
Date: Fri, 16 Sep 2022 15:59:22 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA-Full-Version-ListSec-CH-UA-MobileSec-CH-UA-Platform,Sec-CH-UA-Mobile,Sec-CH-UA-Platform,Sec-CH-UA-PlatformSec-CH-UA-ModelSec-CH-UA-Mobile,Sec-CH-UA-PlatformSec-CH-UA-Platform-Version,Sec-CH-UASec-CH-UA-MobileSec-CH-UA-Platform,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 435af5861470461220c5a623992f361f
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
simplewebanalysis.com/stats
35.158.39.64200 OK 40 B URL HTTP/2 simplewebanalysis.com/stats
IP 35.158.39.64:0
File type ASCII text, with no line terminators
Hash c406354ea4a585e48d18bea7e8d65d7f
f4c7ec2b0a15fb6ca435f2ee33b9fc5864d61e83
36dc711beee08f0ccc8ca50fadd865bfa2eb601bb68599c28e46b2c7ef344cd3
GET /stats HTTP/1.1
Host: simplewebanalysis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://woffxxx.com
Connection: keep-alive
Referer: https://woffxxx.com/
Cookie: uid_id2=2cc256e3-2ebb-47c0-a1a7-8d608945ba66:1:1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Fri, 16 Sep 2022 15:59:22 GMT
content-type: text/html; charset=UTF-8
content-length: 40
server: fasthttp
access-control-allow-origin: https://woffxxx.com
access-control-allow-credentials: true
X-Firefox-Spdy: h2
e1.o.lencr.org/
23.36.77.32200 OK 345 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 4f1279d861b2cb6f3c18f0ce4de4982d
044a5b0ba123756d3fe7fd880d43b7f8b308546b
803ad388b1ab775256ca84493cc1d2786f5c9c368092efbcff089d3e4bf6725f
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "803AD388B1AB775256CA84493CC1D2786F5C9C368092EFBCFF089D3E4BF6725F"
Last-Modified: Fri, 16 Sep 2022 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=18374
Expires: Fri, 16 Sep 2022 21:05:36 GMT
Date: Fri, 16 Sep 2022 15:59:22 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 4abe181b1d086cd7e122d7de32f63fb6
e3482d4df0d59c247109ff7fb97f20ec6f142c4d
63c277b85854c244e38f5b3e60a073eb15962a0784ba1b726353e3ec0c3e9e02
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "63C277B85854C244E38F5B3E60A073EB15962A0784BA1B726353E3EC0C3E9E02"
Last-Modified: Thu, 15 Sep 2022 22:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=15746
Expires: Fri, 16 Sep 2022 20:21:48 GMT
Date: Fri, 16 Sep 2022 15:59:22 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 4abe181b1d086cd7e122d7de32f63fb6
e3482d4df0d59c247109ff7fb97f20ec6f142c4d
63c277b85854c244e38f5b3e60a073eb15962a0784ba1b726353e3ec0c3e9e02
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "63C277B85854C244E38F5B3E60A073EB15962A0784BA1B726353E3EC0C3E9E02"
Last-Modified: Thu, 15 Sep 2022 22:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=15745
Expires: Fri, 16 Sep 2022 20:21:48 GMT
Date: Fri, 16 Sep 2022 15:59:23 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 4abe181b1d086cd7e122d7de32f63fb6
e3482d4df0d59c247109ff7fb97f20ec6f142c4d
63c277b85854c244e38f5b3e60a073eb15962a0784ba1b726353e3ec0c3e9e02
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "63C277B85854C244E38F5B3E60A073EB15962A0784BA1B726353E3EC0C3E9E02"
Last-Modified: Thu, 15 Sep 2022 22:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=15745
Expires: Fri, 16 Sep 2022 20:21:48 GMT
Date: Fri, 16 Sep 2022 15:59:23 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fee084149-a07d-4141-a484-d9f352209914.jpeg
34.120.237.76200 OK 9.9 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fee084149-a07d-4141-a484-d9f352209914.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash e6d17788c7d2a1a91e68eff48df14bd1
8e1090346d90bc69e7a95384e6a7a01154e31567
1e1eefa02e4c55e73be87a309ad5c2335856125cb678cff6ebc42c5ff73a0e2b
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fee084149-a07d-4141-a484-d9f352209914.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 9904
x-amzn-requestid: a23cb4b3-db6e-48ae-90b1-3ecf6478bf52
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YhVDpH_CIAMFl4w=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63239bb0-15869210609a18587467d1e2;Sampled=0
x-amzn-remapped-date: Thu, 15 Sep 2022 21:40:00 GMT
x-amz-cf-pop: SEA19-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: JyXQcHKFIksMgLMROqOfV1ZqdFKSp3QSIlGmXuDR6h88o9J6s-mgkw==
via: 1.1 1002c05e647d0804e83147cdd205d14a.cloudfront.net (CloudFront), 1.1 9c675215120a4ade8754c4357ef2f3ea.cloudfront.net (CloudFront), 1.1 google
date: Thu, 15 Sep 2022 22:14:32 GMT
age: 63891
etag: "8e1090346d90bc69e7a95384e6a7a01154e31567"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F855bc857-3105-4de6-b3a8-0eb895422ea5.png
34.120.237.76200 OK 14 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F855bc857-3105-4de6-b3a8-0eb895422ea5.png
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 512280055633fcce9abc7d11a9816a24
de5c3e010fca76659455a144875a52c25fa72bdd
435eadb36830928b20d4cf8ead62134b75bd0ed3228489d9fdee66450bcbeaed
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F855bc857-3105-4de6-b3a8-0eb895422ea5.png HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 13536
x-amzn-requestid: 5533b257-1558-472b-aeb9-8207a78e1110
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YhVDzFa4IAMF9Rg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63239bb1-05d0dfde7a488ed97d2a40d5;Sampled=0
x-amzn-remapped-date: Thu, 15 Sep 2022 21:40:01 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: aCCBUNe1NErAN4RiVGCdh-sBxSnMm-XfcFzE-h8IcCq6W1Om-UX45g==
via: 1.1 d1151317ba32afe0e6370fd69fed222e.cloudfront.net (CloudFront), 1.1 9c675215120a4ade8754c4357ef2f3ea.cloudfront.net (CloudFront), 1.1 google
date: Thu, 15 Sep 2022 21:45:46 GMT
age: 65617
etag: "de5c3e010fca76659455a144875a52c25fa72bdd"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4a73e855-9877-4793-b59a-30b8e5a96117.png
34.120.237.76200 OK 8.4 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4a73e855-9877-4793-b59a-30b8e5a96117.png
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash b7d4ee58e0f26ec6817dbab72aa7db6d
b6e634ef27eba9da38c6472565e0fdca6898e4f0
07db05a6ee70a699164ad55da47bfca58e6639956e256d902cbe0388cd7995c6
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4a73e855-9877-4793-b59a-30b8e5a96117.png HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8435
x-amzn-requestid: f6efd924-4f54-41a6-8771-087803b5b8ac
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YhU0-EJaoAMFvtQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63239b52-37c21ee857fe27d104b70337;Sampled=0
x-amzn-remapped-date: Thu, 15 Sep 2022 21:38:26 GMT
x-amz-cf-pop: SFO5-P2, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: hhh1q_MrZVAaRWwmc1IuJbL3KhhwwHQgceaL15okbg4NvKJlWfUjyA==
via: 1.1 773ca14e6bd4bf9244988cb69fc9dca8.cloudfront.net (CloudFront), 1.1 73cb83fe6699afc2791b5c690c1ff8c6.cloudfront.net (CloudFront), 1.1 google
date: Thu, 15 Sep 2022 22:02:34 GMT
age: 64609
etag: "b6e634ef27eba9da38c6472565e0fdca6898e4f0"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc7e55a42-9f36-46db-9415-ab10753c0fb8.jpeg
34.120.237.76200 OK 10 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc7e55a42-9f36-46db-9415-ab10753c0fb8.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 3a4ed510756efe784c4ca84c61c4b5ba
10262867cfb19d3ba8f618e235d1a98531048f34
b5ba0de5ce381579e49e3e3c23244048fc8aac693ce0c977560f28b9a51f6a0b
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc7e55a42-9f36-46db-9415-ab10753c0fb8.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 10163
x-amzn-requestid: 7c849e5d-468e-4f6a-ad44-c7995bfa81bb
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YYvuGFU5oAMF_Og=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63202cc0-5376d2432c79a3146b6c29f4;Sampled=0
x-amzn-remapped-date: Tue, 13 Sep 2022 07:09:52 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: J5lOTqdLhgg3Hzfw3b86ScfLkODllGEA_y9xUSxBxBCS4sI5nAWKZQ==
via: 1.1 1b0911478686968732f973d6e5e31d10.cloudfront.net (CloudFront), 1.1 e80693c02cfdfd081110512210d57840.cloudfront.net (CloudFront), 1.1 google
date: Thu, 15 Sep 2022 23:35:10 GMT
age: 59053
etag: "10262867cfb19d3ba8f618e235d1a98531048f34"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F45619ede-b86e-4373-9398-fec60bb9e862.jpeg
34.120.237.76200 OK 12 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F45619ede-b86e-4373-9398-fec60bb9e862.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash f876cdc19dca10c62d83d19303512c7f
9f812c7bc1b42b0cea3e42694e7d1f6738789770
c647aac44ba9eb501eb7def781ca0168b4eb71a716283cc6f4e6782939a396cc
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F45619ede-b86e-4373-9398-fec60bb9e862.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 12123
x-amzn-requestid: b04ac3c4-b4d8-4094-8b7d-bd229bb7d577
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Yb2GvFnEoAMF-Gw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63216a2a-4e5927ac3f1d0b215ce5a8dc;Sampled=0
x-amzn-remapped-date: Wed, 14 Sep 2022 05:44:10 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: 1W0Ito5yNmHNxtYBj5jOJQ3Z2OP_Shvhpj94YUDwLHQKzt-zgqjI8A==
via: 1.1 ddd913fbbe7367d44af4ac06097e7a2a.cloudfront.net (CloudFront), 1.1 f9d716a351f14a0ac1fac2449734849a.cloudfront.net (CloudFront), 1.1 google
date: Fri, 16 Sep 2022 03:12:38 GMT
age: 46005
etag: "9f812c7bc1b42b0cea3e42694e7d1f6738789770"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fed934f67-48ba-4d22-a8f8-4f5f7a10a9f9.jpeg
34.120.237.76200 OK 12 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fed934f67-48ba-4d22-a8f8-4f5f7a10a9f9.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash da1bd18c37b83b0ef4641036dc208eec
abb5c719ec9341c6d4146297a2a1eca171df9c81
0085a66912a814c619a1257545d36610c7109ba32f1b097176102d3d3db2c8d0
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fed934f67-48ba-4d22-a8f8-4f5f7a10a9f9.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 12425
x-amzn-requestid: 96b5f0d2-1327-4180-9d48-f915630c3de2
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YhVDqHyooAMFqyg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63239bb0-7d89d2d7024f6a821a62c948;Sampled=0
x-amzn-remapped-date: Thu, 15 Sep 2022 21:40:00 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: dxJEH4Jh8lAZ0T28BZnFLhWczwZ7oOaspCmR-SWudP32cF3BQc6wmw==
via: 1.1 d1151317ba32afe0e6370fd69fed222e.cloudfront.net (CloudFront), 1.1 5397b304713f6301c7c94ac084b6ed08.cloudfront.net (CloudFront), 1.1 google
date: Thu, 15 Sep 2022 21:56:40 GMT
age: 64963
etag: "abb5c719ec9341c6d4146297a2a1eca171df9c81"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
reapinject.com/sbar.json?key=a6b0b8925d9b3a4154c035c24b4ed97e
192.243.59.20200 OK 2.6 kB URL HTTP/1.1 reapinject.com/sbar.json?key=a6b0b8925d9b3a4154c035c24b4ed97e
IP 192.243.59.20:0
ASN #39572 DataWeb Global Group B.V.
File type JSON data\012- , Unicode text, UTF-8 text, with very long lines (5882), with no line terminators
Hash d90fe2d0b039a03de76319ab744c0d79
89ae4b8bc4df490aac7703acee8893803ce4ec52
527cb4550e777e05aad3d1a66725f894136af164a3f530e8d76d24a8deae0abd
Analyzer Verdict Alert quad9 Sinkholed
GET /sbar.json?key=a6b0b8925d9b3a4154c035c24b4ed97e HTTP/1.1
Host: reapinject.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://woffxxx.com
Connection: keep-alive
Referer: https://woffxxx.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.17.9
Date: Fri, 16 Sep 2022 15:59:23 GMT
Content-Type: text/plain; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA-Full-Version-ListSec-CH-UA-MobileSec-CH-UA-Platform,Sec-CH-UA-Mobile,Sec-CH-UA-Platform,Sec-CH-UA-PlatformSec-CH-UA-ModelSec-CH-UA-Mobile,Sec-CH-UA-PlatformSec-CH-UA-Platform-Version,Sec-CH-UASec-CH-UA-MobileSec-CH-UA-Platform,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: https://woffxxx.com
Access-Control-Allow-Origin: https://woffxxx.com
Access-Control-Allow-Credentials: true
Set-Cookie: u_pl=17334956; expires=Sat, 17 Sep 2022 15:59:22 GMT; secure; SameSite=None
pdhtkv=true; expires=Sat, 17 Sep 2022 15:59:23 GMT; secure; SameSite=None
uncs=1; expires=Sat, 17 Sep 2022 15:59:23 GMT; secure; SameSite=None
pdhtkv29=true; expires=Sat, 17 Sep 2022 15:59:23 GMT; secure; SameSite=None
uncs29=1; expires=Sat, 17 Sep 2022 15:59:23 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 67a6b50b6562ce8be8387e45117848a5
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
e1.o.lencr.org/
23.36.77.32200 OK 345 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 4f1279d861b2cb6f3c18f0ce4de4982d
044a5b0ba123756d3fe7fd880d43b7f8b308546b
803ad388b1ab775256ca84493cc1d2786f5c9c368092efbcff089d3e4bf6725f
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "803AD388B1AB775256CA84493CC1D2786F5C9C368092EFBCFF089D3E4BF6725F"
Last-Modified: Fri, 16 Sep 2022 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=18373
Expires: Fri, 16 Sep 2022 21:05:36 GMT
Date: Fri, 16 Sep 2022 15:59:23 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 59f0062e9d0312510214b0a8a99295f4
a0d79c23535a1fe22ddd63ee155a0d5277eb30d5
e16f659f72a6960d6a8588720021bbb3beda2301a3d1b38f613a42efb4c5e2e7
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "E16F659F72A6960D6A8588720021BBB3BEDA2301A3D1B38F613A42EFB4C5E2E7"
Last-Modified: Thu, 15 Sep 2022 19:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9983
Expires: Fri, 16 Sep 2022 18:45:46 GMT
Date: Fri, 16 Sep 2022 15:59:23 GMT
Connection: keep-alive
ocsp.sectigo.com/
104.18.32.68200 OK 471 B IP 104.18.32.68:0
Hash 4cf5db6e7017458da5580cbba187fc8a
9479d93e3ffb53b4b5214bf77197a09800de44a6
cee51f9d6d9b0d23eaa07a2a41ecc92d0ff99d29979e287ea32ac7a475742eb9
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 16 Sep 2022 15:59:23 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Tue, 13 Sep 2022 19:32:31 GMT
Expires: Tue, 20 Sep 2022 19:32:30 GMT
Etag: "9479d93e3ffb53b4b5214bf77197a09800de44a6"
Cache-Control: max-age=357786,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb3
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 74bacf1b5c7e0b61-OSL
sagedeportflorist.com/pixel/purst?dl=0&th=0&sc=0&rs=2476&rd=2476&fd=843&bv=22.8.v.2&tmpl=136
173.233.137.44200 OK 0 B URL HTTP/1.1 sagedeportflorist.com/pixel/purst?dl=0&th=0&sc=0&rs=2476&rd=2476&fd=843&bv=22.8.v.2&tmpl=136
IP 173.233.137.44:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /pixel/purst?dl=0&th=0&sc=0&rs=2476&rd=2476&fd=843&bv=22.8.v.2&tmpl=136 HTTP/1.1
Host: sagedeportflorist.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://woffxxx.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Fri, 16 Sep 2022 15:59:23 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
click.clkepd.com/click?i=Pmyk1cqDgsY_0
198.134.116.30302 Found 0 B URL HTTP/1.1 click.clkepd.com/click?i=Pmyk1cqDgsY_0
IP 198.134.116.30:0
ASN #27257 WEBAIR-INTERNET
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /click?i=Pmyk1cqDgsY_0 HTTP/1.1
Host: click.clkepd.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 302 Found
Server: nginx
Date: Fri, 16 Sep 2022 15:59:23 GMT
Content-Length: 0
Connection: keep-alive
Cache-Control: no-store
Age: 0
Location: https://www.forza.idescargarapk.com/get.php?code=TkdXUDhMNFpITTFjUXB5YWpsN01TZz09&clickid=px6u-qekmHM&campaignid=934057&siteid=435706.460400&publishid=435706&country=no&os=Linux&browser=FIREFOX_96.0&referrer=&device=Desktop&carrier=Blix+Solutions&connection=&bid=0.0002
Pragma: no-cache
sagedeportflorist.com/pixel/pure
173.233.137.44204 No Content 0 B URL HTTP/1.1 sagedeportflorist.com/pixel/pure
IP 173.233.137.44:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
OPTIONS /pixel/pure HTTP/1.1
Host: sagedeportflorist.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: https://woffxxx.com/
Origin: https://woffxxx.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 204 No Content
Server: nginx/1.19.5
Date: Fri, 16 Sep 2022 15:59:24 GMT
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Allow-Credentials: true
Access-Control-Max-Age: 1728000
Content-Type: text/plain; charset=utf-8
Content-Length: 0
q.xmlrtb.com/r?fid=k2mHN2AHw88
104.21.14.245302 Found 0 B URL HTTP/2 q.xmlrtb.com/r?fid=k2mHN2AHw88
IP 104.21.14.245:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /r?fid=k2mHN2AHw88 HTTP/1.1
Host: q.xmlrtb.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
date: Fri, 16 Sep 2022 15:59:24 GMT
location: https://c.xmlrtb.com/cf?id=16023349933928499806&sid=k2mHN2AHw88&subid=0000&fid=18350&redir=1
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=oZsVKYjqjnjb7iVzPEGVEo7bMBT6FVKHlDxF0xM4x9YJLddEkzH1HlnYhg1tnho1uA2vWU%2BdjYDK2y%2BWDwLh3ygRdYbUIMzeRuQ2LeJ7Qcv0BYVY05meYanT2Fclwy0%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 74bacf14db1fb523-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
www.forza.idescargarapk.com/get.php?code=TkdXUDhMNFpITTFjUXB5YWpsN01TZz09&clickid=px6u-qekmHM&campaignid=934057&siteid=435706.460400&publishid=435706&country=no&os=Linux&browser=FIREFOX_96.0&referrer=&device=Desktop&carrier=Blix+Solutions&connection=&bid=0.0002
50.31.176.38200 OK 579 B URL HTTP/2 www.forza.idescargarapk.com/get.php?code=TkdXUDhMNFpITTFjUXB5YWpsN01TZz09&clickid=px6u-qekmHM&campaignid=934057&siteid=435706.460400&publishid=435706&country=no&os=Linux&browser=FIREFOX_96.0&referrer=&device=Desktop&carrier=Blix+Solutions&connection=&bid=0.0002
IP 50.31.176.38:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with CRLF line terminators
Hash 393bc6c2f0944bf0ded46985870f5945
36bd89eef2f19068ffcfa397bc16253f4592d476
7008a19cfdcfec9227332fe9cfc9343b5e64a270bec8250397b15565d453b56f
GET /get.php?code=TkdXUDhMNFpITTFjUXB5YWpsN01TZz09&clickid=px6u-qekmHM&campaignid=934057&siteid=435706.460400&publishid=435706&country=no&os=Linux&browser=FIREFOX_96.0&referrer=&device=Desktop&carrier=Blix+Solutions&connection=&bid=0.0002 HTTP/1.1
Host: www.forza.idescargarapk.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
set-cookie: PHPSESSID=e0f6b8f214c42e46a5034e95b69b094f; path=/; secure
expires: Tue, 03 Jul 2001 06:00:00 GMT
last-modified: Fri, 16 Sep 2022 15:59:22 GMT
cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
pragma: no-cache
content-type: text/html; charset=UTF-8
content-length: 579
content-encoding: br
vary: Accept-Encoding,User-Agent
date: Fri, 16 Sep 2022 15:59:22 GMT
alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
X-Firefox-Spdy: h2
xml.poprtb.com/redirect?feed=457657&auth=p12tC3&pubid=152420
174.137.133.17302 Found 0 B URL HTTP/1.1 xml.poprtb.com/redirect?feed=457657&auth=p12tC3&pubid=152420
IP 174.137.133.17:0
ASN #27257 WEBAIR-INTERNET
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /redirect?feed=457657&auth=p12tC3&pubid=152420 HTTP/1.1
Host: xml.poprtb.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 302 Found
Server: nginx
Date: Fri, 16 Sep 2022 15:59:24 GMT
Content-Length: 0
Connection: keep-alive
Cache-Control: no-store
Age: 0
Location: https://eastfeukufu.xyz/redirect?tid=926093&subid=435706.464414
Pragma: no-cache
www.forza.idescargarapk.com/ts_pro/go_pro.php?link=hentai-zero.com&code=be00a0dacdb84e5d9cd1ea2c2a8f2a2d&zone_mame=xmlppc_1
50.31.176.38200 OK 1.8 kB URL HTTP/2 www.forza.idescargarapk.com/ts_pro/go_pro.php?link=hentai-zero.com&code=be00a0dacdb84e5d9cd1ea2c2a8f2a2d&zone_mame=xmlppc_1
IP 50.31.176.38:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (1273), with CRLF line terminators
Hash 6331a4a056bbb3c9f657ec05c56b121b
2c89ca316eba39ac96106fbd11c84cc0b4950d0a
9e4f86790dd572aae0e6633b157b319aa29453c6cc833f353ba56714dade7f62
GET /ts_pro/go_pro.php?link=hentai-zero.com&code=be00a0dacdb84e5d9cd1ea2c2a8f2a2d&zone_mame=xmlppc_1 HTTP/1.1
Host: www.forza.idescargarapk.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
expires: Tue, 03 Jul 2001 06:00:00 GMT
last-modified: Fri, 16 Sep 2022 15:59:22 GMT
cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
pragma: no-cache
content-type: text/html; charset=UTF-8
content-length: 1791
content-encoding: br
vary: Accept-Encoding,User-Agent
date: Fri, 16 Sep 2022 15:59:22 GMT
X-Firefox-Spdy: h2
ocsp.sca1b.amazontrust.com/
143.204.42.88200 OK 471 B URL HTTP/1.1 ocsp.sca1b.amazontrust.com/
IP 143.204.42.88:0
Hash ae34f34e48bf5612476cf70cd062c10f
94f5f718bacfc7824b025cd244eb770523bd3b52
988d0e4818c11a4ff648b66d54fa39b25b8444e312a75929c20014fdf963458e
POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: 'max-age=158059'
Date: Fri, 16 Sep 2022 15:59:24 GMT
Last-Modified: Fri, 16 Sep 2022 15:08:16 GMT
Server: ECS (dcb/7F83)
X-Cache: Miss from cloudfront
Via: 1.1 8e6dce34fd223e0c9d89fd938d1784a2.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: 1T1t2Z5JJZhqwqCR9NaaU__yqpj081E9qnC-HxeKpU13DM2VIoVPfA==
Age: 3068
ocsp.sca1b.amazontrust.com/
143.204.42.88200 OK 471 B URL HTTP/1.1 ocsp.sca1b.amazontrust.com/
IP 143.204.42.88:0
Hash 2c86f9f8550dfee43fafac4cb8208a14
990ac3937df0f84e3d280c3d61a6434f7bcadee0
e3122debd9c11174b4e261d62724230da29513c80a266fa801f5c6a5e6e798a6
POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: 'max-age=158059'
Date: Fri, 16 Sep 2022 15:59:24 GMT
Last-Modified: Fri, 16 Sep 2022 14:49:11 GMT
Server: ECS (nyb/1D27)
X-Cache: Miss from cloudfront
Via: 1.1 6a757ab2991da716151f94ca00b38098.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: rDOFcCMIiC14lytyJkFditJ_zh2k38fhE0Mb300TzLasOC7OikKLGg==
Age: 4213
c.xmlrtb.com/cf?id=16023349933928499806&sid=k2mHN2AHw88&subid=0000&fid=18350&redir=1
104.21.14.245302 Found 0 B URL HTTP/2 c.xmlrtb.com/cf?id=16023349933928499806&sid=k2mHN2AHw88&subid=0000&fid=18350&redir=1
IP 104.21.14.245:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /cf?id=16023349933928499806&sid=k2mHN2AHw88&subid=0000&fid=18350&redir=1 HTTP/1.1
Host: c.xmlrtb.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 302 Found
date: Fri, 16 Sep 2022 15:59:24 GMT
location: http://c.srvpcn.com/click?id=cci9qmgeea9c5hnfj81g&e=7927a2a3-6a74-42f0-9c78-11b042e8a32f&px=34
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2FDXaCUIqHoQwk5UT4uxrG36Wk65%2B74OFw%2FLVTeHGftIVWHJuB5bjWHQErT9FzCvQcs7OIwK38W2ZLMiwDH3s%2B5X6fSQ2fQbESgFUoqzsivR%2BpBtTlSSqMn17LWYDLmo%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 74bacf200a7cb523-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
syndication.realsrv.com/cimp.php?t=api&data=H4sIAAAAAAAAAz1O20oFMQz8FX9gS5ImaXvefVU44Ad0e7ooeBBW0X2Yj7db0IRkJhcmERJZqCzsD8wXKxchFA6FgkpgUzw9X6GM4zi2vffwU7/aK1ScrEBEk2cU8xgF6il6cRhlaCocCyGZqdkgbIig4WJR9WSBKLmxR6cUVWKGEx5frjMYPOaiGO+M4nwCStDB6ThlKPZbzWtKuXclI7lxS7IpU7tp6+u5iBr2Xt8/9+/QPu7z+rzrWcZY/hrDF54wjDDZ27bXewf+N9QnpKnL0Hxmq1pbr5UoJi5dvdjGXdu6tW7E9At+7tE2XQEAAA==
95.211.229.247200 OK 20 B URL HTTP/1.1 syndication.realsrv.com/cimp.php?t=api&data=H4sIAAAAAAAAAz1O20oFMQz8FX9gS5ImaXvefVU44Ad0e7ooeBBW0X2Yj7db0IRkJhcmERJZqCzsD8wXKxchFA6FgkpgUzw9X6GM4zi2vffwU7/aK1ScrEBEk2cU8xgF6il6cRhlaCocCyGZqdkgbIig4WJR9WSBKLmxR6cUVWKGEx5frjMYPOaiGO+M4nwCStDB6ThlKPZbzWtKuXclI7lxS7IpU7tp6+u5iBr2Xt8/9+/QPu7z+rzrWcZY/hrDF54wjDDZ27bXewf+N9QnpKnL0Hxmq1pbr5UoJi5dvdjGXdu6tW7E9At+7tE2XQEAAA==
IP 95.211.229.247:0
ASN #60781 LeaseWeb Netherlands B.V.
Hash a4745abc5e7fdb89cc6df3069f3c6e69
74789f7ddbebd5b7323f6f8174005b4bf8c1f1ed
d1111b245f685176180e6f1631e6dc49badf6672368e9ce260c71355165effdf
GET /cimp.php?t=api&data=H4sIAAAAAAAAAz1O20oFMQz8FX9gS5ImaXvefVU44Ad0e7ooeBBW0X2Yj7db0IRkJhcmERJZqCzsD8wXKxchFA6FgkpgUzw9X6GM4zi2vffwU7/aK1ScrEBEk2cU8xgF6il6cRhlaCocCyGZqdkgbIig4WJR9WSBKLmxR6cUVWKGEx5frjMYPOaiGO+M4nwCStDB6ThlKPZbzWtKuXclI7lxS7IpU7tp6+u5iBr2Xt8/9+/QPu7z+rzrWcZY/hrDF54wjDDZ27bXewf+N9QnpKnL0Hxmq1pbr5UoJi5dvdjGXdu6tW7E9At+7tE2XQEAAA== HTTP/1.1
Host: syndication.realsrv.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://a.realsrv.com
Connection: keep-alive
Referer: https://a.realsrv.com/
Cookie: __uvt=a%3A1%3A%7Bi%3A0%3Bs%3A33%3A%2263249d58b40811.021823492722942363%22%3B%7D; c-tag=%7B%22tag-banner%22%3A%22v3%7C%7CNOR%7C4713906%7C71021380%7C110382%7C%7C508%7C41%7C3%7C15%7C0%7C0%7C0%7C25344%7C0%7C0%7C0%7C1%7C0%7C0%7C0%7C0%7C1%7C0%7C0%7C1%7C%7Cdac09874d1ad80c1d7e8c170ae781d71%7C0%7Cxxxfree.watch%7C%7C%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7Cok%22%7D
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 16 Sep 2022 15:59:24 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Origin: https://a.realsrv.com
Access-Control-Allow-Credentials: true
Set-Cookie: __uvt=a%3A1%3A%7Bi%3A0%3Bs%3A33%3A%2263249d58b40811.021823492722942363%22%3B%7D; expires=Sun, 15 Sep 2024 15:59:24 GMT; path=; domain=.realsrv.com; Secure; SameSite=none
__upt=%7B%22v%22%3A1%2C%22id%22%3A%2263249d58b40811.021823492722942363%22%2C%22pcma%22%3A%22%22%2C%22acma%22%3A%22508.0199%22%7D; expires=Sun, 15 Sep 2024 15:59:24 GMT; path=/; domain=.realsrv.com; Secure; SameSite=none
X-Robots-Tag: noindex, follow
Content-Encoding: gzip
s3t3d2y8.afcdn.net/library/426059/92e59db01bab4ccef95c39151c1eb005d1b46f74.jpg
185.76.9.25200 OK 23 kB URL HTTP/2 s3t3d2y8.afcdn.net/library/426059/92e59db01bab4ccef95c39151c1eb005d1b46f74.jpg
IP 185.76.9.25:0
ASN #60068 Datacamp Limited
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 90", baseline, precision 8, 300x300, components 3\012- data
Hash c3b3b95cf884ba7772fd959b5c5f59ca
92e59db01bab4ccef95c39151c1eb005d1b46f74
aea1774dd5b3d0009fda044cf41f8cd8a1507e0b161b21eb6f18660e93a75766
GET /library/426059/92e59db01bab4ccef95c39151c1eb005d1b46f74.jpg HTTP/1.1
Host: s3t3d2y8.afcdn.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://a.realsrv.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 16 Sep 2022 15:59:24 GMT
content-type: image/jpeg
content-length: 22657
last-modified: Tue, 21 Jun 2022 13:52:47 GMT
etag: "62b1cd2f-5881"
expires: Sat, 09 Sep 2023 19:15:02 GMT
cache-control: max-age=31536000
access-control-allow-origin: *
x-cache-op: HIT
x-accel-expires: @1694532603
server: CDN77-Turbo
x-77-nzt: AblMCRR3lJf/4UwFAA
x-77-nzt-ray: NfwGZZtg01Y
x-cache: HIT
x-age: 347361
x-77-pop: stockholmSE
x-77-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
eastfeukufu.xyz/redirect?tid=926093&subid=435706.464414
54.230.111.128302 Found 0 B URL HTTP/2 eastfeukufu.xyz/redirect?tid=926093&subid=435706.464414
IP 54.230.111.128:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /redirect?tid=926093&subid=435706.464414 HTTP/1.1
Host: eastfeukufu.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
content-type: text/plain
content-length: 0
location: http://xml.blueparrot.media/click?i=x7LIDaUFYmg_0
date: Fri, 16 Sep 2022 15:59:24 GMT
server: openresty/1.17.8.2
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
set-cookie: csu=e8b33690-2457-4857-ad89-1c7def9c0b60
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
x-cache: Miss from cloudfront
via: 1.1 0e39dca74306d7aab723ed3d73dbfbb4.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: 2qI1IpjemwIdXtZsm0_CqgxJrYNPKA9qhKVAYDRb203GGvCiSBFmLQ==
X-Firefox-Spdy: h2
syndication.realsrv.com/cimp.php?t=api&data=H4sIAAAAAAAAAz1OW04FMQjdihuYBiiPcv/91eQmLqDT24km3piMRueDxdtpopwABzgBCIgW8AX1AfEifiEIx+SQmBIKx9PzNRjjOI5t7z391K/2GkwK4kHEpiVcNGcKVsvqGgIl2ByzQ5gIiwyCEjlggCQznywBmBQdQnV3AgqFeHy5TsfAMSeO8c4ozieCIXhwOM41kPutltWs9M4gQDdsRhsjtBu3vp7CqGnv9f1z/07t4z6vz7tqMsb01xhYcKZhEJO9bXu994h/BetMNvdicJnRspC7QRFn8HVj24Sp4mrsru0X+pYnqV0BAAA=
95.211.229.247200 OK 20 B URL HTTP/1.1 syndication.realsrv.com/cimp.php?t=api&data=H4sIAAAAAAAAAz1OW04FMQjdihuYBiiPcv/91eQmLqDT24km3piMRueDxdtpopwABzgBCIgW8AX1AfEifiEIx+SQmBIKx9PzNRjjOI5t7z391K/2GkwK4kHEpiVcNGcKVsvqGgIl2ByzQ5gIiwyCEjlggCQznywBmBQdQnV3AgqFeHy5TsfAMSeO8c4ozieCIXhwOM41kPutltWs9M4gQDdsRhsjtBu3vp7CqGnv9f1z/07t4z6vz7tqMsb01xhYcKZhEJO9bXu994h/BetMNvdicJnRspC7QRFn8HVj24Sp4mrsru0X+pYnqV0BAAA=
IP 95.211.229.247:0
ASN #60781 LeaseWeb Netherlands B.V.
Hash a4745abc5e7fdb89cc6df3069f3c6e69
74789f7ddbebd5b7323f6f8174005b4bf8c1f1ed
d1111b245f685176180e6f1631e6dc49badf6672368e9ce260c71355165effdf
GET /cimp.php?t=api&data=H4sIAAAAAAAAAz1OW04FMQjdihuYBiiPcv/91eQmLqDT24km3piMRueDxdtpopwABzgBCIgW8AX1AfEifiEIx+SQmBIKx9PzNRjjOI5t7z391K/2GkwK4kHEpiVcNGcKVsvqGgIl2ByzQ5gIiwyCEjlggCQznywBmBQdQnV3AgqFeHy5TsfAMSeO8c4ozieCIXhwOM41kPutltWs9M4gQDdsRhsjtBu3vp7CqGnv9f1z/07t4z6vz7tqMsb01xhYcKZhEJO9bXu994h/BetMNvdicJnRspC7QRFn8HVj24Sp4mrsru0X+pYnqV0BAAA= HTTP/1.1
Host: syndication.realsrv.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://a.realsrv.com
Connection: keep-alive
Referer: https://a.realsrv.com/
Cookie: __uvt=a%3A1%3A%7Bi%3A0%3Bs%3A33%3A%2263249d58b40811.021823492722942363%22%3B%7D; c-tag=%7B%22tag-banner%22%3A%22v3%7C%7CNOR%7C4713906%7C71021380%7C110382%7C%7C508%7C41%7C3%7C15%7C0%7C0%7C0%7C25344%7C0%7C0%7C0%7C1%7C0%7C0%7C0%7C0%7C1%7C0%7C0%7C1%7C%7Cdac09874d1ad80c1d7e8c170ae781d71%7C0%7Cxxxfree.watch%7C%7C%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7Cok%22%7D; __upt=%7B%22v%22%3A1%2C%22id%22%3A%2263249d58b40811.021823492722942363%22%2C%22pcma%22%3A%22%22%2C%22acma%22%3A%22508.0199%22%7D
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 16 Sep 2022 15:59:24 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Origin: https://a.realsrv.com
Access-Control-Allow-Credentials: true
Set-Cookie: __uvt=a%3A1%3A%7Bi%3A0%3Bs%3A33%3A%2263249d58b40811.021823492722942363%22%3B%7D; expires=Sun, 15 Sep 2024 15:59:24 GMT; path=; domain=.realsrv.com; Secure; SameSite=none
__upt=%7B%22v%22%3A1%2C%22id%22%3A%2263249d58b40811.021823492722942363%22%2C%22pcma%22%3A%22%22%2C%22acma%22%3A%22508.029701%22%7D; expires=Sun, 15 Sep 2024 15:59:24 GMT; path=/; domain=.realsrv.com; Secure; SameSite=none
X-Robots-Tag: noindex, follow
Content-Encoding: gzip
tsyndicate.com/api/v1/direct/be00a0dacdb84e5d9cd1ea2c2a8f2a2d?domain=hentai-zero.com&rnd=0.8636229401248839&x=1038&y=501&w=1280&h=1024&tz=&tz=0&adb=0&priv=0&categories=russian,Hentai,jav,anyone,porn,xxx,tube,fast,free,Videos,clips,hentai,vidio,tushy,Japones
136.243.69.157302 Found 0 B URL HTTP/2 tsyndicate.com/api/v1/direct/be00a0dacdb84e5d9cd1ea2c2a8f2a2d?domain=hentai-zero.com&rnd=0.8636229401248839&x=1038&y=501&w=1280&h=1024&tz=&tz=0&adb=0&priv=0&categories=russian,Hentai,jav,anyone,porn,xxx,tube,fast,free,Videos,clips,hentai,vidio,tushy,Japones
IP 136.243.69.157:0
ASN #24940 Hetzner Online GmbH
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /api/v1/direct/be00a0dacdb84e5d9cd1ea2c2a8f2a2d?domain=hentai-zero.com&rnd=0.8636229401248839&x=1038&y=501&w=1280&h=1024&tz=&tz=0&adb=0&priv=0&categories=russian,Hentai,jav,anyone,porn,xxx,tube,fast,free,Videos,clips,hentai,vidio,tushy,Japones HTTP/1.1
Host: tsyndicate.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 302 Found
server: nginx
date: Fri, 16 Sep 2022 15:59:24 GMT
content-length: 0
pragma: no-cache
expires: 0
vary: *
x-api-version: 2
location: https://track.trackingtraffo.com/pop/imp?auth=d12jux&c=gkvDPvj7qf_nCvz4tWrmOwRBjrzilEkOD3eEn8xEeQaYLpqqDAJ5BcRn3F8P425jadXNsybWhqI3czG0tvvvb8i1LGm69b3VamQS38GLTyDCIa_7EpKDDX1hi4ghIKDxWHy7kSljMfk6aARdDOGmdcjFzhBltg_8-8sXgBC43xsgn-D8U6cp5vQk3hHK-6Qbg4sW82ZSUhVZTx5RAoTFGk1qrovncX4tUoG3lhTPOgDWzSkpMyFPJMs9zURDIclsrGGQVPnDM3ji3sejKubQCVt6MVk6uiPimssPjX6tD1CwrHAyl4AHpyfWXj7gUhG6ogcyX1pqaG-fMZnimBHORiBos0U-sxN5BcnxvI5m35qSkkucEfzeai3wKVZrqIy4bnDXdu5WQrxPFNoPjlzx3c-OFo24x45beiRicUhgRya5Sj-TqOPiRLiQCTzRhMf5kgFQCtEKowUNl5xAp1AX3x4d2lVlTLJzwb-4JYJF-eAxFypmSaGYU0MsN9H6AHkv_8SNT0DQ6WFW_QWu9aJnsKKeurp23V7aMxV88fTx4xykMUUX2LvCN6MifRP7bLpH2MO4iOW0AD3Cl58K_-fjeDrzZuuR_cgnHHo0calLtJGor_7TC0LbC_iWeQH3B2EtWEyAnZ6b4F4e8BEsXURxpEZw6BL5ddDuCTQrVj4uqlpgh5xnOdPxWYNT7xOyEDOMxLrR2RvVRJDKj5GnT4M4f6jzXDHLdxdvDFhNQ1HAxzk
x-request-id: c8795edf50c5c5f5
set-cookie: ts_uid=378fc1a3-8faf-45e4-83f5-244b6a16e3fb; expires=Thu, 16 Mar 2023 15:59:24 GMT; domain=.tsyndicate.com; path=/; HttpOnly; secure; SameSite=None
cache-control: no-cache, no-store, no-transform, must-revalidate, no-transform
x-robots-tag: none, noindex, nofollow
report-to: { "url": "https://pxl.tsyndicate.com/api/v1/heavy-ad/report", "max_age": 86401 }
X-Firefox-Spdy: h2
addresseepaper.com/sfp.js
104.21.234.254200 OK 24 kB URL HTTP/2 addresseepaper.com/sfp.js
IP 104.21.234.254:0
File type Unicode text, UTF-8 text, with very long lines (65529), with no line terminators
Hash 08d9a9888a2f6b6f250f98492dc79a35
c2ecdd5f5a1b56ede1ffe17abc243ff3f72ea1b9
8d1bd3b3703ffef096cdb919d2867a19214f2fa7b68acbde63740aee4504a7c3
GET /sfp.js HTTP/1.1
Host: addresseepaper.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://woffxxx.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 16 Sep 2022 15:59:23 GMT
content-type: application/javascript; charset=utf-8
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
access-control-allow-origin: *
expires: Thu, 01 Jan 1970 00:00:01 GMT
cache-control: max-age=14400
x-request-id: 14a4f8af03da05ee12a0abd90a0284e3
strict-transport-security: max-age=0; includeSubdomains
cf-cache-status: EXPIRED
last-modified: Fri, 16 Sep 2022 15:59:22 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=8qrUNgzKUFFfw19dFuW7PgBc8P9YSYL%2BXSomFgjoeIkljmZbHmoeLVk3U1klywIRjdCw9fS4zJhqJeiE%2B%2BOEh3IFE%2Fj2nPK3C0G%2FcfHvZY2VRhtyygtIOYeWRKwEBWJQ6APOtbg%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 74bacf188c35770d-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
syndication.realsrv.com/cimp.php?t=api&data=H4sIAAAAAAAAA01PQU7EMAz8Ch9oZDu2k+wZriAt2gd0k1QgsVqpIOhhHk9aLngOHluj8VhIZKIysT8wn6ychFE4FAoqgU3x/HKGMrZtW9bew8/8Vd8Q3UkcIpo8o5jHKFBPkpVglBETW3SGFyMmzmBDBA2IRdWdBaKYbEgIT5czLq+PY1dKEjCYEIk2MRrDngBC0MFpOzyaCPWr58VTltj6tdYWc9ZqOpd+CDGHtc8fn+t3qPfbmHXERCbX/XSyoZEj0B8mPtoowsHel3W+deCfZkc6vEdC1b01b03Nu0iORmSLpjr3bFJofJ79F9Pwgu9fAQAA
95.211.229.247200 OK 20 B URL HTTP/1.1 syndication.realsrv.com/cimp.php?t=api&data=H4sIAAAAAAAAA01PQU7EMAz8Ch9oZDu2k+wZriAt2gd0k1QgsVqpIOhhHk9aLngOHluj8VhIZKIysT8wn6ychFE4FAoqgU3x/HKGMrZtW9bew8/8Vd8Q3UkcIpo8o5jHKFBPkpVglBETW3SGFyMmzmBDBA2IRdWdBaKYbEgIT5czLq+PY1dKEjCYEIk2MRrDngBC0MFpOzyaCPWr58VTltj6tdYWc9ZqOpd+CDGHtc8fn+t3qPfbmHXERCbX/XSyoZEj0B8mPtoowsHel3W+deCfZkc6vEdC1b01b03Nu0iORmSLpjr3bFJofJ79F9Pwgu9fAQAA
IP 95.211.229.247:0
ASN #60781 LeaseWeb Netherlands B.V.
Hash a4745abc5e7fdb89cc6df3069f3c6e69
74789f7ddbebd5b7323f6f8174005b4bf8c1f1ed
d1111b245f685176180e6f1631e6dc49badf6672368e9ce260c71355165effdf
GET /cimp.php?t=api&data=H4sIAAAAAAAAA01PQU7EMAz8Ch9oZDu2k+wZriAt2gd0k1QgsVqpIOhhHk9aLngOHluj8VhIZKIysT8wn6ychFE4FAoqgU3x/HKGMrZtW9bew8/8Vd8Q3UkcIpo8o5jHKFBPkpVglBETW3SGFyMmzmBDBA2IRdWdBaKYbEgIT5czLq+PY1dKEjCYEIk2MRrDngBC0MFpOzyaCPWr58VTltj6tdYWc9ZqOpd+CDGHtc8fn+t3qPfbmHXERCbX/XSyoZEj0B8mPtoowsHel3W+deCfZkc6vEdC1b01b03Nu0iORmSLpjr3bFJofJ79F9Pwgu9fAQAA HTTP/1.1
Host: syndication.realsrv.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://a.realsrv.com
Connection: keep-alive
Referer: https://a.realsrv.com/
Cookie: __uvt=a%3A1%3A%7Bi%3A0%3Bs%3A33%3A%2263249d58b40811.021823492722942363%22%3B%7D; c-tag=%7B%22tag-banner%22%3A%22v3%7C%7CNOR%7C4713906%7C71021380%7C110382%7C%7C508%7C41%7C3%7C15%7C0%7C0%7C0%7C25344%7C0%7C0%7C0%7C1%7C0%7C0%7C0%7C0%7C1%7C0%7C0%7C1%7C%7Cdac09874d1ad80c1d7e8c170ae781d71%7C0%7Cxxxfree.watch%7C%7C%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7Cok%22%7D; __upt=%7B%22v%22%3A1%2C%22id%22%3A%2263249d58b40811.021823492722942363%22%2C%22pcma%22%3A%22%22%2C%22acma%22%3A%22508.029701%22%7D
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 16 Sep 2022 15:59:25 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Origin: https://a.realsrv.com
Access-Control-Allow-Credentials: true
Set-Cookie: __uvt=a%3A1%3A%7Bi%3A0%3Bs%3A33%3A%2263249d58b40811.021823492722942363%22%3B%7D; expires=Sun, 15 Sep 2024 15:59:25 GMT; path=; domain=.realsrv.com; Secure; SameSite=none
__upt=%7B%22v%22%3A1%2C%22id%22%3A%2263249d58b40811.021823492722942363%22%2C%22pcma%22%3A%22%22%2C%22acma%22%3A%22508.03940399%22%7D; expires=Sun, 15 Sep 2024 15:59:25 GMT; path=/; domain=.realsrv.com; Secure; SameSite=none
X-Robots-Tag: noindex, follow
Content-Encoding: gzip
s3t3d2y8.afcdn.net/library/366026/43c35669aea6adb2d7b41a79dbb407a74156e5f1.mp4
185.76.9.25206 Partial Content 10 kB URL HTTP/2 s3t3d2y8.afcdn.net/library/366026/43c35669aea6adb2d7b41a79dbb407a74156e5f1.mp4
IP 185.76.9.25:0
ASN #60068 Datacamp Limited
File type ISO Media, MP4 Base Media v1 [ISO 14496-12:2003]\012- data
Hash 7784b86108b5501c39660e5c19e3bf06
43c35669aea6adb2d7b41a79dbb407a74156e5f1
20cb3b5dc47db843f30bbe415f7f6423cda6e6a7abd839b93c89ad85260b3ecc
GET /library/366026/43c35669aea6adb2d7b41a79dbb407a74156e5f1.mp4 HTTP/1.1
Host: s3t3d2y8.afcdn.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: video/webm,video/ogg,video/*;q=0.9,application/ogg;q=0.7,audio/*;q=0.6,*/*;q=0.5
Accept-Language: en-US,en;q=0.5
Range: bytes=0-
Connection: keep-alive
Referer: https://a.realsrv.com/
Sec-Fetch-Dest: video
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 206 Partial Content
date: Fri, 16 Sep 2022 15:59:25 GMT
content-type: video/mp4
content-length: 10177
last-modified: Mon, 14 Sep 2020 14:01:58 GMT
etag: "5f5f77d6-27c1"
expires: Fri, 30 Jun 2023 12:55:30 GMT
cache-control: max-age=31536000
access-control-allow-origin: *
x-cache-op: HIT
x-accel-expires: @1688195340
server: CDN77-Turbo
x-77-nzt: AblMCRSHVDj/0f9lAA
x-77-nzt-ray: dV7s3gUI2t4
x-cache: HIT
x-age: 6684625
x-77-pop: stockholmSE
x-77-cache: HIT
content-range: bytes 0-10176/10177
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 45b27ff1d036b6ed864e2e0a1ba8c5a6
0070895526b70f1cf594c300f6f3e79b9ba852cb
0ed37622d10fda1d49b93464abf5af24ce545e020a510981c2ea6dabee70fcbd
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "0ED37622D10FDA1D49B93464ABF5AF24CE545E020A510981C2EA6DABEE70FCBD"
Last-Modified: Wed, 14 Sep 2022 07:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5889
Expires: Fri, 16 Sep 2022 17:37:34 GMT
Date: Fri, 16 Sep 2022 15:59:25 GMT
Connection: keep-alive
ocsp.sectigo.com/
104.18.32.68200 OK 472 B IP 104.18.32.68:0
Hash eace21dd6622c22018398b8cbd30cfe1
96ad76d831c4f6b48cf9fae28bb63ee830521c83
fe7eebd26c8ce231bbe519bb27b76db93e20e080359a374fb3a433141011d7f6
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 16 Sep 2022 15:59:25 GMT
Content-Type: application/ocsp-response
Content-Length: 472
Connection: keep-alive
Last-Modified: Thu, 15 Sep 2022 00:04:36 GMT
Expires: Thu, 22 Sep 2022 00:04:35 GMT
Etag: "96ad76d831c4f6b48cf9fae28bb63ee830521c83"
Cache-Control: max-age=460509,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb6
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 74bacf2708e00b61-OSL
track.trackingtraffo.com/pop/imp?auth=d12jux&c=gkvDPvj7qf_nCvz4tWrmOwRBjrzilEkOD3eEn8xEeQaYLpqqDAJ5BcRn3F8P425jadXNsybWhqI3czG0tvvvb8i1LGm69b3VamQS38GLTyDCIa_7EpKDDX1hi4ghIKDxWHy7kSljMfk6aARdDOGmdcjFzhBltg_8-8sXgBC43xsgn-D8U6cp5vQk3hHK-6Qbg4sW82ZSUhVZTx5RAoTFGk1qrovncX4tUoG3lhTPOgDWzSkpMyFPJMs9zURDIclsrGGQVPnDM3ji3sejKubQCVt6MVk6uiPimssPjX6tD1CwrHAyl4AHpyfWXj7gUhG6ogcyX1pqaG-fMZnimBHORiBos0U-sxN5BcnxvI5m35qSkkucEfzeai3wKVZrqIy4bnDXdu5WQrxPFNoPjlzx3c-OFo24x45beiRicUhgRya5Sj-TqOPiRLiQCTzRhMf5kgFQCtEKowUNl5xAp1AX3x4d2lVlTLJzwb-4JYJF-eAxFypmSaGYU0MsN9H6AHkv_8SNT0DQ6WFW_QWu9aJnsKKeurp23V7aMxV88fTx4xykMUUX2LvCN6MifRP7bLpH2MO4iOW0AD3Cl58K_-fjeDrzZuuR_cgnHHo0calLtJGor_7TC0LbC_iWeQH3B2EtWEyAnZ6b4F4e8BEsXURxpEZw6BL5ddDuCTQrVj4uqlpgh5xnOdPxWYNT7xOyEDOMxLrR2RvVRJDKj5GnT4M4f6jzXDHLdxdvDFhNQ1HAxzk
88.214.195.156302 Found 0 B URL HTTP/1.1 track.trackingtraffo.com/pop/imp?auth=d12jux&c=gkvDPvj7qf_nCvz4tWrmOwRBjrzilEkOD3eEn8xEeQaYLpqqDAJ5BcRn3F8P425jadXNsybWhqI3czG0tvvvb8i1LGm69b3VamQS38GLTyDCIa_7EpKDDX1hi4ghIKDxWHy7kSljMfk6aARdDOGmdcjFzhBltg_8-8sXgBC43xsgn-D8U6cp5vQk3hHK-6Qbg4sW82ZSUhVZTx5RAoTFGk1qrovncX4tUoG3lhTPOgDWzSkpMyFPJMs9zURDIclsrGGQVPnDM3ji3sejKubQCVt6MVk6uiPimssPjX6tD1CwrHAyl4AHpyfWXj7gUhG6ogcyX1pqaG-fMZnimBHORiBos0U-sxN5BcnxvI5m35qSkkucEfzeai3wKVZrqIy4bnDXdu5WQrxPFNoPjlzx3c-OFo24x45beiRicUhgRya5Sj-TqOPiRLiQCTzRhMf5kgFQCtEKowUNl5xAp1AX3x4d2lVlTLJzwb-4JYJF-eAxFypmSaGYU0MsN9H6AHkv_8SNT0DQ6WFW_QWu9aJnsKKeurp23V7aMxV88fTx4xykMUUX2LvCN6MifRP7bLpH2MO4iOW0AD3Cl58K_-fjeDrzZuuR_cgnHHo0calLtJGor_7TC0LbC_iWeQH3B2EtWEyAnZ6b4F4e8BEsXURxpEZw6BL5ddDuCTQrVj4uqlpgh5xnOdPxWYNT7xOyEDOMxLrR2RvVRJDKj5GnT4M4f6jzXDHLdxdvDFhNQ1HAxzk
IP 88.214.195.156:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /pop/imp?auth=d12jux&c=gkvDPvj7qf_nCvz4tWrmOwRBjrzilEkOD3eEn8xEeQaYLpqqDAJ5BcRn3F8P425jadXNsybWhqI3czG0tvvvb8i1LGm69b3VamQS38GLTyDCIa_7EpKDDX1hi4ghIKDxWHy7kSljMfk6aARdDOGmdcjFzhBltg_8-8sXgBC43xsgn-D8U6cp5vQk3hHK-6Qbg4sW82ZSUhVZTx5RAoTFGk1qrovncX4tUoG3lhTPOgDWzSkpMyFPJMs9zURDIclsrGGQVPnDM3ji3sejKubQCVt6MVk6uiPimssPjX6tD1CwrHAyl4AHpyfWXj7gUhG6ogcyX1pqaG-fMZnimBHORiBos0U-sxN5BcnxvI5m35qSkkucEfzeai3wKVZrqIy4bnDXdu5WQrxPFNoPjlzx3c-OFo24x45beiRicUhgRya5Sj-TqOPiRLiQCTzRhMf5kgFQCtEKowUNl5xAp1AX3x4d2lVlTLJzwb-4JYJF-eAxFypmSaGYU0MsN9H6AHkv_8SNT0DQ6WFW_QWu9aJnsKKeurp23V7aMxV88fTx4xykMUUX2LvCN6MifRP7bLpH2MO4iOW0AD3Cl58K_-fjeDrzZuuR_cgnHHo0calLtJGor_7TC0LbC_iWeQH3B2EtWEyAnZ6b4F4e8BEsXURxpEZw6BL5ddDuCTQrVj4uqlpgh5xnOdPxWYNT7xOyEDOMxLrR2RvVRJDKj5GnT4M4f6jzXDHLdxdvDFhNQ1HAxzk HTTP/1.1
Host: track.trackingtraffo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 302 Found
Server: nginx/1.18.0 (Ubuntu)
Date: Fri, 16 Sep 2022 15:59:25 GMT
Content-Length: 0
Connection: keep-alive
Location: https://newbinotracs.com/click.php?key=2luo9plrxh2k2ej2k2ph&clickid=3e0dfd12-e237-463f-9d37-32222447b5ef&cost=0.0055&PUB_ID=20&SUB_ID=4160754&KEYWORD=Cartoon,Japan&SUBSCRIBER_AGE=0&SUBSCRIBER_DATE=2022-09-16&BID_PUB=0.0055&CR_ID=36502&PUB_NAME=TrafficStars-pop
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash 848674a3bc6b0d4d6cba22b140c574bc
ec95f08f3a5b022c3753f78e30f71d03e2895d78
069aaae82ec20e5bbcc694f9603bded464798891e5e2abc27baadeace22f6a05
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 16 Sep 2022 15:59:25 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j96&tid=UA-62001516-1&cid=1646857409.1663343945&jid=325465747&gjid=897312036&_gid=282552671.1663343945&_u=YEBAAUAAAAAAAC~&z=1255530535
142.251.1.154200 OK 1 B URL HTTP/2 stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j96&tid=UA-62001516-1&cid=1646857409.1663343945&jid=325465747&gjid=897312036&_gid=282552671.1663343945&_u=YEBAAUAAAAAAAC~&z=1255530535
IP 142.251.1.154:0
File type very short file (no magic)
Hash c4ca4238a0b923820dcc509a6f75849b
356a192b7913b04c54574d18c28d46e6395428ab
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
POST /j/collect?t=dc&aip=1&_r=3&v=1&_v=j96&tid=UA-62001516-1&cid=1646857409.1663343945&jid=325465747&gjid=897312036&_gid=282552671.1663343945&_u=YEBAAUAAAAAAAC~&z=1255530535 HTTP/1.1
Host: stats.g.doubleclick.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 0
Origin: https://xxxfree.watch
Connection: keep-alive
Referer: https://xxxfree.watch/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: https://xxxfree.watch
strict-transport-security: max-age=10886400; includeSubDomains; preload
date: Fri, 16 Sep 2022 15:59:25 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
last-modified: Sun, 17 May 1998 03:00:00 GMT
access-control-allow-credentials: true
x-content-type-options: nosniff
content-type: text/plain
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 1
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
xml.blueparrot.media/click?i=x7LIDaUFYmg_0
174.137.133.18302 Found 0 B URL HTTP/1.1 xml.blueparrot.media/click?i=x7LIDaUFYmg_0
IP 174.137.133.18:0
ASN #27257 WEBAIR-INTERNET
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /click?i=x7LIDaUFYmg_0 HTTP/1.1
Host: xml.blueparrot.media
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 302 Found
Server: nginx
Date: Fri, 16 Sep 2022 15:59:25 GMT
Content-Length: 0
Connection: keep-alive
Cache-Control: no-store
Age: 0
Location: https://popmyads.com/serve/22236/66660/szqpmqqoapdpgpq/aHR0cDovL3lvZmF1cmxzLmNvbQ==
Pragma: no-cache
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash 848674a3bc6b0d4d6cba22b140c574bc
ec95f08f3a5b022c3753f78e30f71d03e2895d78
069aaae82ec20e5bbcc694f9603bded464798891e5e2abc27baadeace22f6a05
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 16 Sep 2022 15:59:25 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.sectigo.com/
104.18.32.68200 OK 472 B IP 104.18.32.68:0
Hash 9dae7cc3d94bf19161f804f97c313079
f932fdd235568df010e39f12f562fc6724e09f4d
ab93765de76e9e66485d29c487301175c605ff6e03a72c5ce2b57e48e8304938
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 16 Sep 2022 15:59:25 GMT
Content-Type: application/ocsp-response
Content-Length: 472
Connection: keep-alive
Last-Modified: Wed, 14 Sep 2022 18:57:13 GMT
Expires: Wed, 21 Sep 2022 18:57:12 GMT
Etag: "f932fdd235568df010e39f12f562fc6724e09f4d"
Cache-Control: max-age=442066,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb3
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 74bacf290af80b61-OSL
sagedeportflorist.com/pixel/pure
173.233.137.44200 OK 0 B URL HTTP/1.1 sagedeportflorist.com/pixel/pure
IP 173.233.137.44:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
POST /pixel/pure HTTP/1.1
Host: sagedeportflorist.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Content-Length: 73
Origin: https://woffxxx.com
Connection: keep-alive
Referer: https://woffxxx.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Fri, 16 Sep 2022 15:59:25 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
reapinject.com/ren.gif?sid=H4sIAAAAAAAC%2F1RSz2tcVRS%2Br42ouFHpRrAyCxcKOnlvfk%2BzCMYYCaZNbRUFEb2%2FZnLNnXdf73133iSr0IJ0I4wrQSi%2BfJM0RoNU9y0yKbiYVcZVQOPKP0AEVy5kpqHBA5dzzv2%2BxXe%2Bcz7f9ickhKfHi5fNptKazlaLYeGVD6NorrCiYt8r9Bq1T2qVuYLtXmrWiuGrhbclXzezpTAKwyiMCkvKypbpzU5AqOSgGRWbYbFSKkbVCnr2%2F73zARwNILon5HkoMZ55GFyA4kPEnXuL0q2nJnntrY7XNDUWXbH3frwemyxG56xs2QCteO%2BUDeOOlh7AxLtTuTDdx0SmxiT45QFYvHcqEqy7M9XJNGQMJp5B1h1C6iEUHYKbW1DiiABc4Moq4s7dK8ZmdOMRSifomMz88zdUNiYzv19A3PlhQate4brRPlUmdui1cqjeEKo9ROIPkW6eg8oOwdObUIIg7uRQIp%2FOrNQQqjWEln1QF8BPngrgWwF8EqAjjgs8iqJ6KDgNG03Oy6IuWU2EEa23IhqFtQY8n8jqI0364LoPbreQ2C2sqz6s%2FxluLYcTAVw6JsG7W%2BiKHJkkyBxBRgkyRZClBFk33xXalVx%2BV2jnWXSaS6e5nA9M2t6muyZty5hsJyfkuYkfwVM3D7Aujwu0xkLWaJaqosnKtBJVKzwsV3mpwipSNOsSTuVQ7tx01E01Ji%2FeLyJRY%2FLkx7%2BB0UM4fQiungX1F0GzQb0Ugq4NKo0Qm%2FEBFV6nr6%2FduFFMDYTJkaQzSDeCbX1CXpjupT76E5KP5g%2FuHH99aX8Z3OZIbI7P1EOCtr49uGYysnPNZI78uJqkqqM26WRn11Oayie%2Be0duZMaK5UXX33%2BDT4BJefCedOkKjYWK2458v6CEkHbJWC7J%2FWX3gWRXvVtb8Db2ycrVN5eWO4mVzikTD0HV0fy34GpMnj75ZnqMF3v3oOwQ1ufo%2BBE5DSgzBE%2B24JLR%2FKfs8viv%2FX%2FhzHlYfcZhSYDM5wNbYmefWhFoedZTlsPJ0fxP8VdfrP4xByYf27HtbqNtXwJNb01vsGtzdHUOqvtw%2FvwgTexo%2FtfyNMB0MGDaBjtMW%2F3lI2udOi7Uy%2BWQ1prVqF6nss4qpUarFglKS5VaqVajZaRuzF%2B%2B89F%2FAAAA%2F%2F8BAAD%2F%2F6ZgJKtXBAAA
192.243.59.20200 OK 7 B URL HTTP/1.1 reapinject.com/ren.gif?sid=H4sIAAAAAAAC%2F1RSz2tcVRS%2Br42ouFHpRrAyCxcKOnlvfk%2BzCMYYCaZNbRUFEb2%2FZnLNnXdf73133iSr0IJ0I4wrQSi%2BfJM0RoNU9y0yKbiYVcZVQOPKP0AEVy5kpqHBA5dzzv2%2BxXe%2Bcz7f9ickhKfHi5fNptKazlaLYeGVD6NorrCiYt8r9Bq1T2qVuYLtXmrWiuGrhbclXzezpTAKwyiMCkvKypbpzU5AqOSgGRWbYbFSKkbVCnr2%2F73zARwNILon5HkoMZ55GFyA4kPEnXuL0q2nJnntrY7XNDUWXbH3frwemyxG56xs2QCteO%2BUDeOOlh7AxLtTuTDdx0SmxiT45QFYvHcqEqy7M9XJNGQMJp5B1h1C6iEUHYKbW1DiiABc4Moq4s7dK8ZmdOMRSifomMz88zdUNiYzv19A3PlhQate4brRPlUmdui1cqjeEKo9ROIPkW6eg8oOwdObUIIg7uRQIp%2FOrNQQqjWEln1QF8BPngrgWwF8EqAjjgs8iqJ6KDgNG03Oy6IuWU2EEa23IhqFtQY8n8jqI0364LoPbreQ2C2sqz6s%2FxluLYcTAVw6JsG7W%2BiKHJkkyBxBRgkyRZClBFk33xXalVx%2BV2jnWXSaS6e5nA9M2t6muyZty5hsJyfkuYkfwVM3D7Aujwu0xkLWaJaqosnKtBJVKzwsV3mpwipSNOsSTuVQ7tx01E01Ji%2FeLyJRY%2FLkx7%2BB0UM4fQiungX1F0GzQb0Ugq4NKo0Qm%2FEBFV6nr6%2FduFFMDYTJkaQzSDeCbX1CXpjupT76E5KP5g%2FuHH99aX8Z3OZIbI7P1EOCtr49uGYysnPNZI78uJqkqqM26WRn11Oayie%2Be0duZMaK5UXX33%2BDT4BJefCedOkKjYWK2458v6CEkHbJWC7J%2FWX3gWRXvVtb8Db2ycrVN5eWO4mVzikTD0HV0fy34GpMnj75ZnqMF3v3oOwQ1ufo%2BBE5DSgzBE%2B24JLR%2FKfs8viv%2FX%2FhzHlYfcZhSYDM5wNbYmefWhFoedZTlsPJ0fxP8VdfrP4xByYf27HtbqNtXwJNb01vsGtzdHUOqvtw%2FvwgTexo%2FtfyNMB0MGDaBjtMW%2F3lI2udOi7Uy%2BWQ1prVqF6nss4qpUarFglKS5VaqVajZaRuzF%2B%2B89F%2FAAAA%2F%2F8BAAD%2F%2F6ZgJKtXBAAA
IP 192.243.59.20:0
ASN #39572 DataWeb Global Group B.V.
File type ASCII text, with no line terminators
Hash 132d6af1b46048b45cf86cdee7991d31
eb7007d03d59b65bc6da7e098c4d38fc6dfb6285
ab852e838deccd742a03ca81d4a8d75cf1a00b327db3eaf46bd7da6b6db9384c
Analyzer Verdict Alert quad9 Sinkholed
GET /ren.gif?sid=H4sIAAAAAAAC%2F1RSz2tcVRS%2Br42ouFHpRrAyCxcKOnlvfk%2BzCMYYCaZNbRUFEb2%2FZnLNnXdf73133iSr0IJ0I4wrQSi%2BfJM0RoNU9y0yKbiYVcZVQOPKP0AEVy5kpqHBA5dzzv2%2BxXe%2Bcz7f9ickhKfHi5fNptKazlaLYeGVD6NorrCiYt8r9Bq1T2qVuYLtXmrWiuGrhbclXzezpTAKwyiMCkvKypbpzU5AqOSgGRWbYbFSKkbVCnr2%2F73zARwNILon5HkoMZ55GFyA4kPEnXuL0q2nJnntrY7XNDUWXbH3frwemyxG56xs2QCteO%2BUDeOOlh7AxLtTuTDdx0SmxiT45QFYvHcqEqy7M9XJNGQMJp5B1h1C6iEUHYKbW1DiiABc4Moq4s7dK8ZmdOMRSifomMz88zdUNiYzv19A3PlhQate4brRPlUmdui1cqjeEKo9ROIPkW6eg8oOwdObUIIg7uRQIp%2FOrNQQqjWEln1QF8BPngrgWwF8EqAjjgs8iqJ6KDgNG03Oy6IuWU2EEa23IhqFtQY8n8jqI0364LoPbreQ2C2sqz6s%2FxluLYcTAVw6JsG7W%2BiKHJkkyBxBRgkyRZClBFk33xXalVx%2BV2jnWXSaS6e5nA9M2t6muyZty5hsJyfkuYkfwVM3D7Aujwu0xkLWaJaqosnKtBJVKzwsV3mpwipSNOsSTuVQ7tx01E01Ji%2FeLyJRY%2FLkx7%2BB0UM4fQiungX1F0GzQb0Ugq4NKo0Qm%2FEBFV6nr6%2FduFFMDYTJkaQzSDeCbX1CXpjupT76E5KP5g%2FuHH99aX8Z3OZIbI7P1EOCtr49uGYysnPNZI78uJqkqqM26WRn11Oayie%2Be0duZMaK5UXX33%2BDT4BJefCedOkKjYWK2458v6CEkHbJWC7J%2FWX3gWRXvVtb8Db2ycrVN5eWO4mVzikTD0HV0fy34GpMnj75ZnqMF3v3oOwQ1ufo%2BBE5DSgzBE%2B24JLR%2FKfs8viv%2FX%2FhzHlYfcZhSYDM5wNbYmefWhFoedZTlsPJ0fxP8VdfrP4xByYf27HtbqNtXwJNb01vsGtzdHUOqvtw%2FvwgTexo%2FtfyNMB0MGDaBjtMW%2F3lI2udOi7Uy%2BWQ1prVqF6nss4qpUarFglKS5VaqVajZaRuzF%2B%2B89F%2FAAAA%2F%2F8BAAD%2F%2F6ZgJKtXBAAA HTTP/1.1
Host: reapinject.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://woffxxx.com/
Cookie: u_pl=17334956; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.17.9
Date: Fri, 16 Sep 2022 15:59:25 GMT
Content-Type: image/gif
Content-Length: 7
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA-Full-Version-ListSec-CH-UA-MobileSec-CH-UA-Platform,Sec-CH-UA-Mobile,Sec-CH-UA-Platform,Sec-CH-UA-PlatformSec-CH-UA-ModelSec-CH-UA-Mobile,Sec-CH-UA-PlatformSec-CH-UA-Platform-Version,Sec-CH-UASec-CH-UA-MobileSec-CH-UA-Platform,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: c78997ad9601410a41244dc7f352a46e
Strict-Transport-Security: max-age=0; includeSubdomains
cdn4ads.com/gnqZ.htm?_=BAYAYySdWQFjJJ1ZgAGBAsAAICOO4rM6daKatT9UHCnzQSlnplLQI7VZ65Brw-4MPcO-wQBHMEUCIQDlY3nCWUW2Eo8R-yTCYy8a-oiN0jpFzCWL56m4cse2xAIgHHwUAPOky6dezsZAFSxVYF3bp8a6haQXygOGlBYw4eM&v=4&mCBPdJMV=4129487&RSlwCXaH=&QUCovezP=0,0&iRlJCEKM=&TsfHUwqL=&s=1280,1024,1,1280,1024,0
216.59.63.128200 OK 806 B URL HTTP/2 cdn4ads.com/gnqZ.htm?_=BAYAYySdWQFjJJ1ZgAGBAsAAICOO4rM6daKatT9UHCnzQSlnplLQI7VZ65Brw-4MPcO-wQBHMEUCIQDlY3nCWUW2Eo8R-yTCYy8a-oiN0jpFzCWL56m4cse2xAIgHHwUAPOky6dezsZAFSxVYF3bp8a6haQXygOGlBYw4eM&v=4&mCBPdJMV=4129487&RSlwCXaH=&QUCovezP=0,0&iRlJCEKM=&TsfHUwqL=&s=1280,1024,1,1280,1024,0
IP 216.59.63.128:0
File type ASCII text, with very long lines (1130), with no line terminators
Hash 80c7b7a7e9a45f980fbca465eb305164
537cbc76d309d7a9b2dc167d854942a65ee3a2a2
49e9351d84ee02cb2ba830da8b77d9de1bb5ca930915d0b5ba266a3bf5fcde24
GET /gnqZ.htm?_=BAYAYySdWQFjJJ1ZgAGBAsAAICOO4rM6daKatT9UHCnzQSlnplLQI7VZ65Brw-4MPcO-wQBHMEUCIQDlY3nCWUW2Eo8R-yTCYy8a-oiN0jpFzCWL56m4cse2xAIgHHwUAPOky6dezsZAFSxVYF3bp8a6haQXygOGlBYw4eM&v=4&mCBPdJMV=4129487&RSlwCXaH=&QUCovezP=0,0&iRlJCEKM=&TsfHUwqL=&s=1280,1024,1,1280,1024,0 HTTP/1.1
Host: cdn4ads.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xxxfree.watch/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
asf: 6
cache-control: private, no-store, no-cache, must-revalidate, no-transform, max-age=0
pragma: no-cache
content-type: application/javascript; charset=utf-8
set-cookie: PP_CV=yes; expires=Fri, 16-Sep-2022 16:59:25 GMT; Max-Age=3600
fraudcheck=aa9abb0fb7453d2a0bf73e897af04b68; expires=Sun, 16-Oct-2022 15:59:25 GMT; Max-Age=2592000; path=/; domain=.popads.net
PopAds_CF_Pass=1; expires=Fri, 16-Sep-2022 21:59:25 GMT; Max-Age=21600
link: <https://free-cosmetics-online.com>;rel=preconnect
content-length: 806
content-encoding: br
vary: Accept-Encoding
date: Fri, 16 Sep 2022 15:59:25 GMT
X-Firefox-Spdy: h2
e1.o.lencr.org/
23.36.77.32200 OK 345 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 0ae9f3a7cab4e9ce01b416056ae68e7a
b5252177bb6afc0425f8eb3b051097b074743826
7387af4db0d1ffd93c602fe4787dd60c564244b23532ce59ddf721c7bc01fa32
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "7387AF4DB0D1FFD93C602FE4787DD60C564244B23532CE59DDF721C7BC01FA32"
Last-Modified: Fri, 16 Sep 2022 04:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2244
Expires: Fri, 16 Sep 2022 16:36:49 GMT
Date: Fri, 16 Sep 2022 15:59:25 GMT
Connection: keep-alive
newbinotracs.com/click.php?key=2luo9plrxh2k2ej2k2ph&clickid=3e0dfd12-e237-463f-9d37-32222447b5ef&cost=0.0055&PUB_ID=20&SUB_ID=4160754&KEYWORD=Cartoon,Japan&SUBSCRIBER_AGE=0&SUBSCRIBER_DATE=2022-09-16&BID_PUB=0.0055&CR_ID=36502&PUB_NAME=TrafficStars-pop
49.12.123.158302 Found 0 B URL HTTP/2 newbinotracs.com/click.php?key=2luo9plrxh2k2ej2k2ph&clickid=3e0dfd12-e237-463f-9d37-32222447b5ef&cost=0.0055&PUB_ID=20&SUB_ID=4160754&KEYWORD=Cartoon,Japan&SUBSCRIBER_AGE=0&SUBSCRIBER_DATE=2022-09-16&BID_PUB=0.0055&CR_ID=36502&PUB_NAME=TrafficStars-pop
IP 49.12.123.158:0
ASN #24940 Hetzner Online GmbH
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /click.php?key=2luo9plrxh2k2ej2k2ph&clickid=3e0dfd12-e237-463f-9d37-32222447b5ef&cost=0.0055&PUB_ID=20&SUB_ID=4160754&KEYWORD=Cartoon,Japan&SUBSCRIBER_AGE=0&SUBSCRIBER_DATE=2022-09-16&BID_PUB=0.0055&CR_ID=36502&PUB_NAME=TrafficStars-pop HTTP/1.1
Host: newbinotracs.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
server: nginx/1.18.0
date: Fri, 16 Sep 2022 15:59:25 GMT
content-type: text/html; charset=UTF-8
location: https://promo.20bet.partners/redirect.aspx?pid=176996&bid=1971&lpid=861&utm_source=retarget&utm_medium=Ubidex&utm_campaign=Ubidex-20bet-EU-NotReg-popFTDCasino&utm_term=Ubidex-20bet-EU-NotReg-pop-FTDCasino&subid=2f53ae8a7gxa6feb17
set-cookie: uclick=e8a7gxa6fe; expires=Sat, 17-Sep-2022 15:59:25 GMT; Max-Age=86400; path=/; secure; SameSite=none
uclickhash=e8a7gxa6fe-e8a7gxa6fe-qqxi-p28n-gx7v8n-qdfn0-qdxs3y-d2d690; expires=Sat, 17-Sep-2022 15:59:25 GMT; Max-Age=86400; path=/; secure; SameSite=none
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
free-cosmetics-online.com/favicon.ico
172.67.209.47404 Not Found 490 B URL HTTP/2 free-cosmetics-online.com/favicon.ico
IP 172.67.209.47:0
File type HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with CRLF line terminators
Hash 7c12bf472ee708671992356e1845f69b
d6cf5577bac723e94445e54ac013ffec41a64469
d8b2da11068c1022a6f366241ee735f2f407dfeeff8172bfab1b281ee080719d
GET /favicon.ico HTTP/1.1
Host: free-cosmetics-online.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 404 Not Found
date: Fri, 16 Sep 2022 15:59:25 GMT
content-type: text/html
vary: Accept-Encoding
cache-control: max-age=14400
cf-cache-status: HIT
age: 103
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ITndobk9MjDUSksTkkxdMfU%2FyiIvvHD9lwe50EwVl3eOp7ZZLd1sMdCeUgSDdLzUJT3J8HGdJaTDt6algG3237f6jlngH6e3fEQWH%2FspBWLJ3%2BhRwmmLTdPD9eLspoEAfnpMb9enC%2FmODXa0"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 74bacf2abf07b50f-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 847d29bb760811ad700ce63a3c592845
704b96448b68aba20616b06fad4dfb5a6a7c9642
fcbef2922db3fd0be2d3ee8887f11bb862d688f5501e1c2886cc4789da456870
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "FCBEF2922DB3FD0BE2D3EE8887F11BB862D688F5501E1C2886CC4789DA456870"
Last-Modified: Thu, 15 Sep 2022 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=17045
Expires: Fri, 16 Sep 2022 20:43:31 GMT
Date: Fri, 16 Sep 2022 15:59:26 GMT
Connection: keep-alive
e1.o.lencr.org/
23.36.77.32200 OK 344 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 1c5a90b907ba2e50b259b39b49caf6d3
287e01d274686c854e1174c2bbc33c8d57a5241e
78b8edd5748f0a5308279b2a084c87d90080829db82738205be3a1977337a0a9
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 344
ETag: "78B8EDD5748F0A5308279B2A084C87D90080829DB82738205BE3A1977337A0A9"
Last-Modified: Thu, 15 Sep 2022 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2493
Expires: Fri, 16 Sep 2022 16:40:59 GMT
Date: Fri, 16 Sep 2022 15:59:26 GMT
Connection: keep-alive
e1.o.lencr.org/
23.36.77.32200 OK 344 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 1c5a90b907ba2e50b259b39b49caf6d3
287e01d274686c854e1174c2bbc33c8d57a5241e
78b8edd5748f0a5308279b2a084c87d90080829db82738205be3a1977337a0a9
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 344
ETag: "78B8EDD5748F0A5308279B2A084C87D90080829DB82738205BE3A1977337A0A9"
Last-Modified: Thu, 15 Sep 2022 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2493
Expires: Fri, 16 Sep 2022 16:40:59 GMT
Date: Fri, 16 Sep 2022 15:59:26 GMT
Connection: keep-alive
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash a632243ed2c8463a8185bf597802cc6e
d521051336c856af4fcebcc7b48a9e334b4287fd
ec5478e16ae70e44fda9b8dec2543070b1c2b0037d9293e344a849a47d074959
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 1220
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Fri, 16 Sep 2022 15:59:26 GMT
Last-Modified: Fri, 16 Sep 2022 15:39:07 GMT
Server: ECS (ska/F719)
X-Cache: HIT
Content-Length: 471
cdn.sb4you1.com/sb/ssp/notifications/text_bubble/2/css/style.css
172.64.166.16200 OK 8.2 kB URL HTTP/2 cdn.sb4you1.com/sb/ssp/notifications/text_bubble/2/css/style.css
IP 172.64.166.16:0
Hash 5ec57b7b042b531312388007d9da8dba
53cf012f20d1294c2fe86a1337fc7195b4ceec90
a7c051d17cb6cd67b7d7c724f026ce868b1e6313635adce64200e7e5b36e3edf
GET /sb/ssp/notifications/text_bubble/2/css/style.css HTTP/1.1
Host: cdn.sb4you1.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://woffxxx.com
Connection: keep-alive
Referer: https://woffxxx.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 16 Sep 2022 15:59:26 GMT
content-type: text/css
last-modified: Tue, 12 Jul 2022 11:09:04 GMT
etag: W/"62cd5650-23e9"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 196390
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=tA3MPCbNehzFNkemz3ezZPPZp69wQMl3Wjnlw%2BAY2uSI%2BuXEWEjiWUmGVnKB8KFICVwcZDE6IEWIYxalybIM3AJI%2Bg9jGIOt%2FM3fZc9G0m1ove1rRltK12Ho9rdcWbCftSg%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 74bacf2c8b998873-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
cdn.sb4you1.com/sb/ssp/notifications/text_bubble/2/img/number.png
172.64.166.16200 OK 1.1 kB URL HTTP/2 cdn.sb4you1.com/sb/ssp/notifications/text_bubble/2/img/number.png
IP 172.64.166.16:0
File type PNG image data, 43 x 43, 8-bit/color RGBA, non-interlaced\012- data
Hash 9e4414e85c588bf7db195e49c02ab2bb
09254e79b255f1b2dfe45adbbe44583a4b433782
0b977ec6e7cf5d35df03cd3a8041f5f523f5d4059ac67c152c0a7b613e20b762
GET /sb/ssp/notifications/text_bubble/2/img/number.png HTTP/1.1
Host: cdn.sb4you1.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Fri, 16 Sep 2022 15:59:26 GMT
content-type: image/png
content-length: 1138
last-modified: Tue, 12 Jul 2022 10:56:23 GMT
etag: "62cd5357-472"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 198164
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=X6fTWSL0PhHJsulbMfY8G%2BSmGsx44ey869SLdQUJH2dwLbGBr0Wq2VuwhJTpI5t5Cq%2BZdCM01v3RpuKn%2Buyj2Os7eqZI8BH2ojAEGf0lfgQGcjU%2Fplc5yUwBpMa6V7oXxn8%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 74bacf2cec618873-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
www.cdn4ads.com/carto.min.js
185.76.9.26200 OK 9.8 kB URL HTTP/2 www.cdn4ads.com/carto.min.js
IP 185.76.9.26:0
ASN #60068 Datacamp Limited
File type HTML document, ASCII text, with very long lines (1568), with CRLF line terminators
Hash f7b75a1f07c2f3b7c699de03b530ae5b
401df1a5eada85e66dcc90f776ae73e377d56416
55722d54fd3b1ca6ccd5b5c115b79226b2a5450e95a373059db8ed9f14178594
GET /carto.min.js HTTP/1.1
Host: www.cdn4ads.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://xxxfree.watch
Connection: keep-alive
Referer: https://xxxfree.watch/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 16 Sep 2022 15:59:20 GMT
content-type: application/x-javascript
alt-svc: quic="185.76.9.20:443"; ma=2592000; v="44,43,39"
expires: Fri, 16 Sep 2022 20:38:34 GMT
access-control-allow-origin: *
link: <https://cdn4ads.com/>;rel=preconnect,<https://c.adsco.re/>;rel=preconnect,<https://adsco.re/>;rel=preconnect
cache-control: public, max-age=604800
x-accel-expires: @1663360714
server: CDN77-Turbo
x-77-nzt: AblMCRTD2W//DvkIAA
x-77-nzt-ray: LProsiImh9A
x-cache: HIT
x-age: 588046
x-77-pop: stockholmSE
x-77-cache: HIT
content-encoding: br
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash 4cc0aaf293fed6c16e1dde02c50c8f40
e94f11cd8fa955f28856a02aa7115aa5f3626d98
b1592dc8fc0d63052f66b7be9b5ff1f562f6fbd05f6365ce828758bfbb3f1a12
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 16 Sep 2022 15:59:26 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
cdn.sb4you1.com/sb/ssp/notifications/text_bubble/2/img/arrow.png
172.64.166.16200 OK 2.3 kB URL HTTP/2 cdn.sb4you1.com/sb/ssp/notifications/text_bubble/2/img/arrow.png
IP 172.64.166.16:0
File type PNG image data, 52 x 81, 8-bit/color RGBA, non-interlaced\012- data
Hash 41109abf05740798aa2e66a3e938c8de
706e93332bf4819e9f4059765340cf97981bd1fe
2fbf669490df5b04badb9886ca664dbd9a0d66e0ecdc951b822feb6089fac0ea
GET /sb/ssp/notifications/text_bubble/2/img/arrow.png HTTP/1.1
Host: cdn.sb4you1.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Fri, 16 Sep 2022 15:59:26 GMT
content-type: image/png
content-length: 2332
last-modified: Tue, 12 Jul 2022 10:56:23 GMT
etag: "62cd5357-91c"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 198164
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=8YQ8AhefAkUpRPAIqaFSlg2hDt8jEF6EGhgcqUAqfU1Q15cS3gAxCAmDOSlHhHR3OWuMhGRm0Ak%2BS6Eny85XBCUuRbrF%2FQU5dRoqdvC%2FePsYFax5OluzKfcWWFMntCAkDy0%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 74bacf2cec5e8873-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
cdn.sb4you1.com/sb/ssp/notifications/text_bubble/2/css/animate.css
172.64.166.16200 OK 5.4 kB URL HTTP/2 cdn.sb4you1.com/sb/ssp/notifications/text_bubble/2/css/animate.css
IP 172.64.166.16:0
Hash 78af443a71d3d515c921c70358f7fd11
18e53ff909626ee61877b330604b965519d478f5
d7b87bd1d0f5f5e4eb758d0f289ec7bcdc8a3bb13cfbbf4efe37a768366430dd
GET /sb/ssp/notifications/text_bubble/2/css/animate.css HTTP/1.1
Host: cdn.sb4you1.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://woffxxx.com
Connection: keep-alive
Referer: https://woffxxx.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 16 Sep 2022 15:59:26 GMT
content-type: text/css
last-modified: Tue, 12 Jul 2022 10:56:21 GMT
etag: W/"62cd5355-13591"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 196390
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=8f9pqh6KYmUJmvm16EXnPoAoRDEOUu%2BHpPb22RxIvlDuUUk0mnveu4VVPGf5G8KV4oYN3eNXb1OGEfp0W7eRbImRbQGPPGJtwUy1pYhTqirB%2FrSc5vIJ1qA8m9aVyqgA4nc%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 74bacf2c9bb98873-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash 7975b33417f675d21a178b997288d616
1d2e957c46d45d6cb2f44389f3dcc66c880b6065
daffff63daade8bb0c2fd63570229df8502c563dd079b4da4103f6ee89fa67e1
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 16 Sep 2022 15:59:26 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
unpkg.com/@silvermine/videojs-quality-selector@1.2.4/dist/js/silvermine-videojs-quality-selector.min.js
104.16.123.175200 OK 26 kB URL HTTP/2 unpkg.com/@silvermine/videojs-quality-selector@1.2.4/dist/js/silvermine-videojs-quality-selector.min.js
IP 104.16.123.175:0
File type ASCII text, with very long lines (23113)
Hash 1e99ed72a3d6e8deede2d05d4fd01d9a
3fdf848df95fb48f28e4f7610e639d07e9d9de55
dae472acbe5635459c54d1f3a820680ef1b0a8d87d2e7e20e1977c9754f551c1
GET /@silvermine/videojs-quality-selector@1.2.4/dist/js/silvermine-videojs-quality-selector.min.js HTTP/1.1
Host: unpkg.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://xxxfree.watch/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Fri, 16 Sep 2022 15:59:20 GMT
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
last-modified: Sat, 26 Oct 1985 08:15:00 GMT
etag: W/"5acc-q2POJTFsNAdkUTsA1IhV3IUmXP0"
via: 1.1 fly.io
fly-request-id: 01F3YGTF8JRQD6FT3WSZ9G9XWN
cf-cache-status: HIT
age: 12654728
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
server: cloudflare
cf-ray: 74bacf09181db500-OSL
content-encoding: br
X-Firefox-Spdy: h2
counter.yadro.ru/hit?rhttps%3A//xxxfree.watch/;s1280*1024*24;uhttps%3A//woffxxx.com/e/ZFYyVDFmdzE3RVFXY2NITGVRYjMvZz09%23iss%3DOTEuOTAuNDIuMTU0;0.47441167156161324
88.212.202.52200 OK 43 B URL HTTP/1.1 counter.yadro.ru/hit?rhttps%3A//xxxfree.watch/;s1280*1024*24;uhttps%3A//woffxxx.com/e/ZFYyVDFmdzE3RVFXY2NITGVRYjMvZz09%23iss%3DOTEuOTAuNDIuMTU0;0.47441167156161324
IP 88.212.202.52:0
ASN #39134 United Network LLC
File type GIF image data, version 89a, 1 x 1\012- data
Hash fc94fb0c3ed8a8f909dbc7630a0987ff
56d45f8a17f5078a20af9962c992ca4678450765
2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363
GET /hit?rhttps%3A//xxxfree.watch/;s1280*1024*24;uhttps%3A//woffxxx.com/e/ZFYyVDFmdzE3RVFXY2NITGVRYjMvZz09%23iss%3DOTEuOTAuNDIuMTU0;0.47441167156161324 HTTP/1.1
Host: counter.yadro.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://woffxxx.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.17.9
Date: Fri, 16 Sep 2022 15:59:26 GMT
Content-Type: image/gif
Content-Length: 43
Connection: keep-alive
Expires: Thu, 16 Sep 2021 03:22:20 GMT
Pragma: no-cache
Cache-control: no-cache
Access-Control-Allow-Origin: *
Strict-Transport-Security: max-age=86400
fonts.googleapis.com/css?family=Roboto:300,400,700&display=swap
142.250.74.10200 OK 1.6 kB URL HTTP/2 fonts.googleapis.com/css?family=Roboto:300,400,700&display=swap
IP 142.250.74.10:0
Hash c6bf1eeef70288c77710c1567e1b643e
1d4031b418fc1996896a4accf4157fca972bc820
821457a2771d7071eefa65c41a7934c86be2c7c7891be160f30df177faa78ef9
GET /css?family=Roboto:300,400,700&display=swap HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Fri, 16 Sep 2022 15:59:26 GMT
date: Fri, 16 Sep 2022 15:59:26 GMT
cache-control: private, max-age=86400
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
20media.world/casino?btag=655020_A3B44FE31AB84F42A8F7C8D1740FB484&utm_source=retarget&utm_medium=Ubidex&utm_campaign=Ubidex-20bet-EU-NotReg-popFTDCasino&utm_term=Ubidex-20bet-EU-NotReg-pop-FTDCasino&subid=2f53ae8a7gxa6feb17
172.67.68.125302 Found 270 B URL HTTP/2 20media.world/casino?btag=655020_A3B44FE31AB84F42A8F7C8D1740FB484&utm_source=retarget&utm_medium=Ubidex&utm_campaign=Ubidex-20bet-EU-NotReg-popFTDCasino&utm_term=Ubidex-20bet-EU-NotReg-pop-FTDCasino&subid=2f53ae8a7gxa6feb17
IP 172.67.68.125:0
File type HTML document, ASCII text
Hash 18e64a79f3a1582cbcf876a1a3961e4a
2257b57d88b4a626f6d2b71ee553e180b96b5bf6
28e5e1b9908a7ad2d3025343e1e26eab5e227d07976028d3814a299c909d30c5
GET /casino?btag=655020_A3B44FE31AB84F42A8F7C8D1740FB484&utm_source=retarget&utm_medium=Ubidex&utm_campaign=Ubidex-20bet-EU-NotReg-popFTDCasino&utm_term=Ubidex-20bet-EU-NotReg-pop-FTDCasino&subid=2f53ae8a7gxa6feb17 HTTP/1.1
Host: 20media.world
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
date: Fri, 16 Sep 2022 15:59:26 GMT
content-type: text/html; charset=UTF-8
location: https://app.adjust.com/js8txs6?btag=655020_A3B44FE31AB84F42A8F7C8D1740FB484&utm_source=retarget&utm_medium=Ubidex&utm_campaign=Ubidex-20bet-EU-NotReg-popFTDCasino&utm_term=Ubidex-20bet-EU-NotReg-pop-FTDCasino&subid=2f53ae8a7gxa6feb17&label=655020_A3B44FE31AB84F42A8F7C8D1740FB484&redirect=https%3A%2F%2F20bet.com%2Fcasino%3Fbtag%3D655020_A3B44FE31AB84F42A8F7C8D1740FB484%26utm_source%3Dretarget%26utm_medium%3DUbidex%26utm_campaign%3DUbidex-20bet-EU-NotReg-popFTDCasino%26utm_term%3DUbidex-20bet-EU-NotReg-pop-FTDCasino%26subid%3D2f53ae8a7gxa6feb17
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Authorization
access-control-expose-headers: Content-Length,Content-Range
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=44162yzPYgoGrNT30hNV0aCn73Wo3CK6cUYEP9kGs1WoOivcUXQ0Wo8frrHp%2FYjzNvKjArH1J7uWGL%2BpaFMXRipRIeZOgM1KAVvKm%2ByCB4Xo2djMU%2BOLfJntaApdsns%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 74bacf2b6ec2b503-OSL
X-Firefox-Spdy: h2
fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2
142.250.74.163200 OK 16 kB URL HTTP/2 fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2
IP 142.250.74.163:0
File type Web Open Font Format (Version 2), TrueType, length 15744, version 1.0\012- data
Hash 15d9f621c3bd1599f0169dcf0bd5e63e
7ca9c5967f3bb8bffeab24b639b49c1e7d03fa52
f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615
GET /s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://woffxxx.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15744
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 14 Sep 2022 19:34:08 GMT
expires: Thu, 14 Sep 2023 19:34:08 GMT
cache-control: public, max-age=31536000
age: 159918
last-modified: Wed, 11 May 2022 19:24:48 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
mc.yandex.ru/metrika/tag.js
77.88.21.119200 OK 72 kB URL HTTP/2 mc.yandex.ru/metrika/tag.js
IP 77.88.21.119:0
File type Unicode text, UTF-8 (with BOM) text, with very long lines (681)
Hash 034d4604beaddff5783b9878fadfaee6
64d5e1e0dbbbd62d6a64349dd964763b7ab4cbea
f8a957ee3468693f465da61d899438a2b674369b80c9d5c9ffff1111a7091290
GET /metrika/tag.js HTTP/1.1
Host: mc.yandex.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://woffxxx.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-length: 71985
date: Fri, 16 Sep 2022 15:59:26 GMT
access-control-allow-origin: *
etag: "6323e622-11931"
expires: Fri, 16 Sep 2022 16:59:26 GMT
last-modified: Fri, 16 Sep 2022 05:57:38 GMT
cache-control: max-age=3600
content-encoding: br
content-type: application/javascript
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
reapinject.com/pixel/sbs?c=1
192.243.59.20200 OK 0 B URL HTTP/1.1 reapinject.com/pixel/sbs?c=1
IP 192.243.59.20:0
ASN #39572 DataWeb Global Group B.V.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /pixel/sbs?c=1 HTTP/1.1
Host: reapinject.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://woffxxx.com/
Cookie: u_pl=17334956; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.17.9
Date: Fri, 16 Sep 2022 15:59:26 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
reapinject.com/impr.gif?sid=H4sIAAAAAAAC%2F1RSz2tcVRS%2Br42ouFHpRrAyCxcKOnlvfk%2BzCMYYCaZNbRUFEb2%2FZnLNnXdf73133iSr0IJ0I4wrQSi%2BfJM0RoNU9y0yKbiYVcZVQOPKP0AEVy5kpqHBA5dzzv2%2BxXe%2Bcz7f9ickhKfHi5fNptKazlaLYeGVD6NorrCiYt8r9Bq1T2qVuYLtXmrWiuGrhbclXzezpTAKwyiMCkvKypbpzU5AqOSgGRWbYbFSKkbVCnr2%2F73zARwNILon5HkoMZ55GFyA4kPEnXuL0q2nJnntrY7XNDUWXbH3frwemyxG56xs2QCteO%2BUDeOOlh7AxLtTuTDdx0SmxiT45QFYvHcqEqy7M9XJNGQMJp5B1h1C6iEUHYKbW1DiiABc4Moq4s7dK8ZmdOMRSifomMz88zdUNiYzv19A3PlhQate4brRPlUmdui1cqjeEKo9ROIPkW6eg8oOwdObUIIg7uRQIp%2FOrNQQqjWEln1QF8BPngrgWwF8EqAjjgs8iqJ6KDgNG03Oy6IuWU2EEa23IhqFtQY8n8jqI0364LoPbreQ2C2sqz6s%2FxluLYcTAVw6JsG7W%2BiKHJkkyBxBRgkyRZClBFk33xXalVx%2BV2jnWXSaS6e5nA9M2t6muyZty5hsJyfkuYkfwVM3D7Aujwu0xkLWaJaqosnKtBJVKzwsV3mpwipSNOsSTuVQ7tx01E01Ji%2FeLyJRY%2FLkx7%2BB0UM4fQiungX1F0GzQb0Ugq4NKo0Qm%2FEBFV6nr6%2FduFFMDYTJkaQzSDeCbX1CXpjupT76E5KP5g%2FuHH99aX8Z3OZIbI7P1EOCtr49uGYysnPNZI78uJqkqqM26WRn11Oayie%2Be0duZMaK5UXX33%2BDT4BJefCedOkKjYWK2458v6CEkHbJWC7J%2FWX3gWRXvVtb8Db2ycrVN5eWO4mVzikTD0HV0fy34GpMnj75ZnqMF3v3oOwQ1ufo%2BBE5DSgzBE%2B24JLR%2FKfs8viv%2FX%2FhzHlYfcZhSYDM5wNbYmefWhFoedZTlsPJ0fxP8VdfrP4xByYf27HtbqNtXwJNb01vsGtzdHUOqvtw%2FvwgTexo%2FtfyNMB0MGDaBjtMW%2F3lI2udOi6UQ1FnsiXrTFaqlZbkglWrLOQtzsqi0eBI3Zi%2FfOej%2FwAAAP%2F%2FAQAA%2F%2F8mtPFDVwQAAA%3D%3D
192.243.59.20200 OK 7 B URL HTTP/1.1 reapinject.com/impr.gif?sid=H4sIAAAAAAAC%2F1RSz2tcVRS%2Br42ouFHpRrAyCxcKOnlvfk%2BzCMYYCaZNbRUFEb2%2FZnLNnXdf73133iSr0IJ0I4wrQSi%2BfJM0RoNU9y0yKbiYVcZVQOPKP0AEVy5kpqHBA5dzzv2%2BxXe%2Bcz7f9ickhKfHi5fNptKazlaLYeGVD6NorrCiYt8r9Bq1T2qVuYLtXmrWiuGrhbclXzezpTAKwyiMCkvKypbpzU5AqOSgGRWbYbFSKkbVCnr2%2F73zARwNILon5HkoMZ55GFyA4kPEnXuL0q2nJnntrY7XNDUWXbH3frwemyxG56xs2QCteO%2BUDeOOlh7AxLtTuTDdx0SmxiT45QFYvHcqEqy7M9XJNGQMJp5B1h1C6iEUHYKbW1DiiABc4Moq4s7dK8ZmdOMRSifomMz88zdUNiYzv19A3PlhQate4brRPlUmdui1cqjeEKo9ROIPkW6eg8oOwdObUIIg7uRQIp%2FOrNQQqjWEln1QF8BPngrgWwF8EqAjjgs8iqJ6KDgNG03Oy6IuWU2EEa23IhqFtQY8n8jqI0364LoPbreQ2C2sqz6s%2FxluLYcTAVw6JsG7W%2BiKHJkkyBxBRgkyRZClBFk33xXalVx%2BV2jnWXSaS6e5nA9M2t6muyZty5hsJyfkuYkfwVM3D7Aujwu0xkLWaJaqosnKtBJVKzwsV3mpwipSNOsSTuVQ7tx01E01Ji%2FeLyJRY%2FLkx7%2BB0UM4fQiungX1F0GzQb0Ugq4NKo0Qm%2FEBFV6nr6%2FduFFMDYTJkaQzSDeCbX1CXpjupT76E5KP5g%2FuHH99aX8Z3OZIbI7P1EOCtr49uGYysnPNZI78uJqkqqM26WRn11Oayie%2Be0duZMaK5UXX33%2BDT4BJefCedOkKjYWK2458v6CEkHbJWC7J%2FWX3gWRXvVtb8Db2ycrVN5eWO4mVzikTD0HV0fy34GpMnj75ZnqMF3v3oOwQ1ufo%2BBE5DSgzBE%2B24JLR%2FKfs8viv%2FX%2FhzHlYfcZhSYDM5wNbYmefWhFoedZTlsPJ0fxP8VdfrP4xByYf27HtbqNtXwJNb01vsGtzdHUOqvtw%2FvwgTexo%2FtfyNMB0MGDaBjtMW%2F3lI2udOi6UQ1FnsiXrTFaqlZbkglWrLOQtzsqi0eBI3Zi%2FfOej%2FwAAAP%2F%2FAQAA%2F%2F8mtPFDVwQAAA%3D%3D
IP 192.243.59.20:0
ASN #39572 DataWeb Global Group B.V.
File type ASCII text, with no line terminators
Hash 132d6af1b46048b45cf86cdee7991d31
eb7007d03d59b65bc6da7e098c4d38fc6dfb6285
ab852e838deccd742a03ca81d4a8d75cf1a00b327db3eaf46bd7da6b6db9384c
Analyzer Verdict Alert quad9 Sinkholed
GET /impr.gif?sid=H4sIAAAAAAAC%2F1RSz2tcVRS%2Br42ouFHpRrAyCxcKOnlvfk%2BzCMYYCaZNbRUFEb2%2FZnLNnXdf73133iSr0IJ0I4wrQSi%2BfJM0RoNU9y0yKbiYVcZVQOPKP0AEVy5kpqHBA5dzzv2%2BxXe%2Bcz7f9ickhKfHi5fNptKazlaLYeGVD6NorrCiYt8r9Bq1T2qVuYLtXmrWiuGrhbclXzezpTAKwyiMCkvKypbpzU5AqOSgGRWbYbFSKkbVCnr2%2F73zARwNILon5HkoMZ55GFyA4kPEnXuL0q2nJnntrY7XNDUWXbH3frwemyxG56xs2QCteO%2BUDeOOlh7AxLtTuTDdx0SmxiT45QFYvHcqEqy7M9XJNGQMJp5B1h1C6iEUHYKbW1DiiABc4Moq4s7dK8ZmdOMRSifomMz88zdUNiYzv19A3PlhQate4brRPlUmdui1cqjeEKo9ROIPkW6eg8oOwdObUIIg7uRQIp%2FOrNQQqjWEln1QF8BPngrgWwF8EqAjjgs8iqJ6KDgNG03Oy6IuWU2EEa23IhqFtQY8n8jqI0364LoPbreQ2C2sqz6s%2FxluLYcTAVw6JsG7W%2BiKHJkkyBxBRgkyRZClBFk33xXalVx%2BV2jnWXSaS6e5nA9M2t6muyZty5hsJyfkuYkfwVM3D7Aujwu0xkLWaJaqosnKtBJVKzwsV3mpwipSNOsSTuVQ7tx01E01Ji%2FeLyJRY%2FLkx7%2BB0UM4fQiungX1F0GzQb0Ugq4NKo0Qm%2FEBFV6nr6%2FduFFMDYTJkaQzSDeCbX1CXpjupT76E5KP5g%2FuHH99aX8Z3OZIbI7P1EOCtr49uGYysnPNZI78uJqkqqM26WRn11Oayie%2Be0duZMaK5UXX33%2BDT4BJefCedOkKjYWK2458v6CEkHbJWC7J%2FWX3gWRXvVtb8Db2ycrVN5eWO4mVzikTD0HV0fy34GpMnj75ZnqMF3v3oOwQ1ufo%2BBE5DSgzBE%2B24JLR%2FKfs8viv%2FX%2FhzHlYfcZhSYDM5wNbYmefWhFoedZTlsPJ0fxP8VdfrP4xByYf27HtbqNtXwJNb01vsGtzdHUOqvtw%2FvwgTexo%2FtfyNMB0MGDaBjtMW%2F3lI2udOi6UQ1FnsiXrTFaqlZbkglWrLOQtzsqi0eBI3Zi%2FfOej%2FwAAAP%2F%2FAQAA%2F%2F8mtPFDVwQAAA%3D%3D HTTP/1.1
Host: reapinject.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://woffxxx.com/
Cookie: u_pl=17334956; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.17.9
Date: Fri, 16 Sep 2022 15:59:26 GMT
Content-Type: image/gif
Content-Length: 7
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA-Full-Version-ListSec-CH-UA-MobileSec-CH-UA-Platform,Sec-CH-UA-Mobile,Sec-CH-UA-Platform,Sec-CH-UA-PlatformSec-CH-UA-ModelSec-CH-UA-Mobile,Sec-CH-UA-PlatformSec-CH-UA-Platform-Version,Sec-CH-UASec-CH-UA-MobileSec-CH-UA-Platform,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 32a24dab3b8cfb853f33971f5f53a888
Strict-Transport-Security: max-age=0; includeSubdomains
mc.yandex.ru/metrika/advert.gif
77.88.21.119200 OK 43 B URL HTTP/2 mc.yandex.ru/metrika/advert.gif
IP 77.88.21.119:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash df3e567d6f16d040326c7a0ea29a4f41
ea7df583983133b62712b5e73bffbcd45cc53736
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
GET /metrika/advert.gif HTTP/1.1
Host: mc.yandex.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://woffxxx.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-length: 43
date: Fri, 16 Sep 2022 15:59:26 GMT
access-control-allow-origin: *
etag: "6323e622-2b"
expires: Fri, 16 Sep 2022 16:59:26 GMT
accept-ranges: bytes
last-modified: Fri, 16 Sep 2022 05:57:38 GMT
cache-control: max-age=3600
content-type: image/gif
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
mc.yandex.ru/watch/54046198?wmode=7&page-url=https%3A%2F%2Fwoffxxx.com%2Fe%2FZFYyVDFmdzE3RVFXY2NITGVRYjMvZz09%23iss%3DOTEuOTAuNDIuMTU0&page-ref=https%3A%2F%2Fxxxfree.watch%2F&charset=utf-8&browser-info=pv%3A1%3Agdpr%3A14%3Avf%3A2ofv6mafcjh9urjbdp7e2g%3Afp%3A230%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A882%3Acn%3A1%3Adp%3A0%3Als%3A260118333441%3Ahid%3A994751892%3Az%3A0%3Ai%3A20220916155910%3Aet%3A1663343951%3Arn%3A13734808%3Arqn%3A1%3Au%3A16633439511000986425%3Aw%3A884x500%3As%3A1280x1024x24%3Ask%3A1%3Aifr%3A1%3Ans%3A1663343944103%3Ads%3A0%2C0%2C0%2C%2C1%2C0%2C%2C663%2C2%2C%2C%2C%2C880%3Awv%3A2%3Aco%3A0%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-5cbccea2ed3dd5c7a75380ef1cbfadf6-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1663343951%3At%3AVideo%20player&t=gdpr(14)clc(0-0-0)aw(1)rqnt(1)fip(1)rqnl(1)ti(2)
77.88.21.119302 Found 419 B URL HTTP/2 mc.yandex.ru/watch/54046198?wmode=7&page-url=https%3A%2F%2Fwoffxxx.com%2Fe%2FZFYyVDFmdzE3RVFXY2NITGVRYjMvZz09%23iss%3DOTEuOTAuNDIuMTU0&page-ref=https%3A%2F%2Fxxxfree.watch%2F&charset=utf-8&browser-info=pv%3A1%3Agdpr%3A14%3Avf%3A2ofv6mafcjh9urjbdp7e2g%3Afp%3A230%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A882%3Acn%3A1%3Adp%3A0%3Als%3A260118333441%3Ahid%3A994751892%3Az%3A0%3Ai%3A20220916155910%3Aet%3A1663343951%3Arn%3A13734808%3Arqn%3A1%3Au%3A16633439511000986425%3Aw%3A884x500%3As%3A1280x1024x24%3Ask%3A1%3Aifr%3A1%3Ans%3A1663343944103%3Ads%3A0%2C0%2C0%2C%2C1%2C0%2C%2C663%2C2%2C%2C%2C%2C880%3Awv%3A2%3Aco%3A0%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-5cbccea2ed3dd5c7a75380ef1cbfadf6-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1663343951%3At%3AVideo%20player&t=gdpr(14)clc(0-0-0)aw(1)rqnt(1)fip(1)rqnl(1)ti(2)
IP 77.88.21.119:0
File type JSON data\012- , ASCII text, with very long lines (419), with no line terminators
Hash e87c882e7e5e0fdae695ff77c0abd24b
bc25de6b9128a394c1d6b5d3ab8d2b04f3a7bf72
20a5c0ccfd3039f512b330e88f4e142df2fe4f44026adb84b4ed695d656452ae
GET /watch/54046198?wmode=7&page-url=https%3A%2F%2Fwoffxxx.com%2Fe%2FZFYyVDFmdzE3RVFXY2NITGVRYjMvZz09%23iss%3DOTEuOTAuNDIuMTU0&page-ref=https%3A%2F%2Fxxxfree.watch%2F&charset=utf-8&browser-info=pv%3A1%3Agdpr%3A14%3Avf%3A2ofv6mafcjh9urjbdp7e2g%3Afp%3A230%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A882%3Acn%3A1%3Adp%3A0%3Als%3A260118333441%3Ahid%3A994751892%3Az%3A0%3Ai%3A20220916155910%3Aet%3A1663343951%3Arn%3A13734808%3Arqn%3A1%3Au%3A16633439511000986425%3Aw%3A884x500%3As%3A1280x1024x24%3Ask%3A1%3Aifr%3A1%3Ans%3A1663343944103%3Ads%3A0%2C0%2C0%2C%2C1%2C0%2C%2C663%2C2%2C%2C%2C%2C880%3Awv%3A2%3Aco%3A0%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-5cbccea2ed3dd5c7a75380ef1cbfadf6-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1663343951%3At%3AVideo%20player&t=gdpr(14)clc(0-0-0)aw(1)rqnt(1)fip(1)rqnl(1)ti(2) HTTP/1.1
Host: mc.yandex.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://woffxxx.com
Connection: keep-alive
Referer: https://woffxxx.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 302 Found
location: /watch/54046198/1?wmode=7&page-url=https%3A%2F%2Fwoffxxx.com%2Fe%2FZFYyVDFmdzE3RVFXY2NITGVRYjMvZz09%23iss%3DOTEuOTAuNDIuMTU0&page-ref=https%3A%2F%2Fxxxfree.watch%2F&charset=utf-8&browser-info=pv%3A1%3Agdpr%3A14%3Avf%3A2ofv6mafcjh9urjbdp7e2g%3Afp%3A230%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A882%3Acn%3A1%3Adp%3A0%3Als%3A260118333441%3Ahid%3A994751892%3Az%3A0%3Ai%3A20220916155910%3Aet%3A1663343951%3Arn%3A13734808%3Arqn%3A1%3Au%3A16633439511000986425%3Aw%3A884x500%3As%3A1280x1024x24%3Ask%3A1%3Aifr%3A1%3Ans%3A1663343944103%3Ads%3A0%2C0%2C0%2C%2C1%2C0%2C%2C663%2C2%2C%2C%2C%2C880%3Awv%3A2%3Aco%3A0%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-5cbccea2ed3dd5c7a75380ef1cbfadf6-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1663343951%3At%3AVideo%20player&t=gdpr%2814%29clc%280-0-0%29aw%281%29rqnt%281%29fip%281%29rqnl%281%29ti%282%29
date: Fri, 16 Sep 2022 15:59:26 GMT
access-control-allow-origin: https://woffxxx.com
set-cookie: yandexuid=925279081663343966; Expires=Sat, 16-Sep-2023 15:59:26 GMT; Domain=.yandex.ru; Path=/; SameSite=None; Secure
yuidss=925279081663343966; Expires=Sat, 16-Sep-2023 15:59:26 GMT; Domain=.yandex.ru; Path=/; SameSite=None; Secure
yabs-sid=1134438571663343966; Path=/; SameSite=None; Secure
i=EK6zDDg4+WxbOJQGHqOq/+v3IyZTFgEw8xCxhey/JePXTQZ7R+nCux0LCDnKvkYTWc7usq9mklONrd6fmdadi+rmjgg=; Expires=Mon, 13-Sep-2032 15:59:25 GMT; Domain=.yandex.ru; Path=/; Secure; HttpOnly; SameSite=None
ymex=1694879966.yrts.1663343966#1694879966.yrtsi.1663343966; Expires=Sat, 16-Sep-2023 15:59:26 GMT; Domain=.yandex.ru; Path=/; SameSite=None; Secure
access-control-allow-credentials: true
pragma: no-cache
x-xss-protection: 1; mode=block
expires: Fri, 16-Sep-2022 15:59:26 GMT
last-modified: Fri, 16-Sep-2022 15:59:26 GMT
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
20bet.com/casino?btag=655020_A3B44FE31AB84F42A8F7C8D1740FB484&utm_source=retarget&utm_medium=Ubidex&utm_campaign=Ubidex-20bet-EU-NotReg-popFTDCasino&utm_term=Ubidex-20bet-EU-NotReg-pop-FTDCasino&subid=2f53ae8a7gxa6feb17
172.67.15.187302 Found 17 kB URL HTTP/2 20bet.com/casino?btag=655020_A3B44FE31AB84F42A8F7C8D1740FB484&utm_source=retarget&utm_medium=Ubidex&utm_campaign=Ubidex-20bet-EU-NotReg-popFTDCasino&utm_term=Ubidex-20bet-EU-NotReg-pop-FTDCasino&subid=2f53ae8a7gxa6feb17
IP 172.67.15.187:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (511)
Hash 234b6dfac18a2898f468ec4b3abfeab4
daa215d12ffc448bbb62c74834a9bff6f25b1288
9bfbc51929c1a236d7ba9ee6c79d669b9e829a24aa89ad2d9e036ab92e56d740
GET /casino?btag=655020_A3B44FE31AB84F42A8F7C8D1740FB484&utm_source=retarget&utm_medium=Ubidex&utm_campaign=Ubidex-20bet-EU-NotReg-popFTDCasino&utm_term=Ubidex-20bet-EU-NotReg-pop-FTDCasino&subid=2f53ae8a7gxa6feb17 HTTP/1.1
Host: 20bet.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Cookie: btag=655020_A3B44FE31AB84F42A8F7C8D1740FB484; subid=2f53ae8a7gxa6feb17
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 302 Found
date: Fri, 16 Sep 2022 15:59:27 GMT
content-type: text/html; charset=UTF-8
x-powered-by: PHP/7.4.29
cache-control: no-cache, private
location: /en_ee/casino?btag=655020_A3B44FE31AB84F42A8F7C8D1740FB484&utm_source=retarget&utm_medium=Ubidex&utm_campaign=Ubidex-20bet-EU-NotReg-popFTDCasino&utm_term=Ubidex-20bet-EU-NotReg-pop-FTDCasino&subid=2f53ae8a7gxa6feb17
set-cookie: preferred-language=en_ee; path=/; secure; httponly; samesite=lax
btag=655020_A3B44FE31AB84F42A8F7C8D1740FB484; expires=Sun, 16-Oct-2022 00:00:00 GMT; Max-Age=2534433; path=/; secure; samesite=none
subid=2f53ae8a7gxa6feb17; expires=Sun, 16-Oct-2022 00:00:00 GMT; Max-Age=2534433; path=/; secure; samesite=none
utm_campaign=Ubidex-20bet-EU-NotReg-popFTDCasino; expires=Sun, 16-Oct-2022 00:00:00 GMT; Max-Age=2534433; path=/; secure; samesite=lax
utm_medium=Ubidex; expires=Sun, 16-Oct-2022 00:00:00 GMT; Max-Age=2534433; path=/; secure; samesite=lax
utm_source=retarget; expires=Sun, 16-Oct-2022 00:00:00 GMT; Max-Age=2534433; path=/; secure; samesite=lax
utm_term=Ubidex-20bet-EU-NotReg-pop-FTDCasino; expires=Sun, 16-Oct-2022 00:00:00 GMT; Max-Age=2534433; path=/; secure; samesite=lax
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Authorization
access-control-expose-headers: Content-Length,Content-Range
cf-cache-status: DYNAMIC
server: cloudflare
cf-ray: 74bacf30ea95b4e8-OSL
X-Firefox-Spdy: h2
simplewebanalysis.com/stats
35.158.39.64200 OK 40 B URL HTTP/2 simplewebanalysis.com/stats
IP 35.158.39.64:0
File type ASCII text, with no line terminators
Hash c406354ea4a585e48d18bea7e8d65d7f
f4c7ec2b0a15fb6ca435f2ee33b9fc5864d61e83
36dc711beee08f0ccc8ca50fadd865bfa2eb601bb68599c28e46b2c7ef344cd3
GET /stats HTTP/1.1
Host: simplewebanalysis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://woffxxx.com
Connection: keep-alive
Referer: https://woffxxx.com/
Cookie: uid_id2=2cc256e3-2ebb-47c0-a1a7-8d608945ba66:1:1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Fri, 16 Sep 2022 15:59:28 GMT
content-type: text/html; charset=UTF-8
content-length: 40
server: fasthttp
access-control-allow-origin: https://woffxxx.com
access-control-allow-credentials: true
X-Firefox-Spdy: h2
20bet.com/casino?btag=655020_A3B44FE31AB84F42A8F7C8D1740FB484&utm_source=retarget&utm_medium=Ubidex&utm_campaign=Ubidex-20bet-EU-NotReg-popFTDCasino&utm_term=Ubidex-20bet-EU-NotReg-pop-FTDCasino&subid=2f53ae8a7gxa6feb17
172.67.15.187302 Found 6.2 kB URL HTTP/2 20bet.com/casino?btag=655020_A3B44FE31AB84F42A8F7C8D1740FB484&utm_source=retarget&utm_medium=Ubidex&utm_campaign=Ubidex-20bet-EU-NotReg-popFTDCasino&utm_term=Ubidex-20bet-EU-NotReg-pop-FTDCasino&subid=2f53ae8a7gxa6feb17
IP 172.67.15.187:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (511)
Hash 081e3963bda406557ebb7ab3a689ecc8
a2bf04cce34e10fe40de5d04978c0490a276154e
f1c5f672ab033ea9d7a48ec39bb078b519a11016661c0fe921861aa9fc7809bb
GET /casino?btag=655020_A3B44FE31AB84F42A8F7C8D1740FB484&utm_source=retarget&utm_medium=Ubidex&utm_campaign=Ubidex-20bet-EU-NotReg-popFTDCasino&utm_term=Ubidex-20bet-EU-NotReg-pop-FTDCasino&subid=2f53ae8a7gxa6feb17 HTTP/1.1
Host: 20bet.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
date: Fri, 16 Sep 2022 15:59:26 GMT
content-type: text/html; charset=UTF-8
x-powered-by: PHP/7.4.29
cache-control: no-cache, private
location: /en_ee/casino?btag=655020_A3B44FE31AB84F42A8F7C8D1740FB484&utm_source=retarget&utm_medium=Ubidex&utm_campaign=Ubidex-20bet-EU-NotReg-popFTDCasino&utm_term=Ubidex-20bet-EU-NotReg-pop-FTDCasino&subid=2f53ae8a7gxa6feb17
set-cookie: preferred-language=en_ee; path=/; secure; httponly; samesite=lax
btag=655020_A3B44FE31AB84F42A8F7C8D1740FB484; expires=Sun, 16-Oct-2022 00:00:00 GMT; Max-Age=2534434; path=/; secure; samesite=none
subid=2f53ae8a7gxa6feb17; expires=Sun, 16-Oct-2022 00:00:00 GMT; Max-Age=2534434; path=/; secure; samesite=none
utm_campaign=Ubidex-20bet-EU-NotReg-popFTDCasino; expires=Sun, 16-Oct-2022 00:00:00 GMT; Max-Age=2534434; path=/; secure; samesite=lax
utm_medium=Ubidex; expires=Sun, 16-Oct-2022 00:00:00 GMT; Max-Age=2534434; path=/; secure; samesite=lax
utm_source=retarget; expires=Sun, 16-Oct-2022 00:00:00 GMT; Max-Age=2534434; path=/; secure; samesite=lax
utm_term=Ubidex-20bet-EU-NotReg-pop-FTDCasino; expires=Sun, 16-Oct-2022 00:00:00 GMT; Max-Age=2534434; path=/; secure; samesite=lax
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Authorization
access-control-expose-headers: Content-Length,Content-Range
cf-cache-status: DYNAMIC
server: cloudflare
cf-ray: 74bacf2f084ab4e8-OSL
X-Firefox-Spdy: h2
cdn-s13.cfeucdn.com/flv/api/files/thumbs_new/2022/09/16/1663288261byciv/1663288261byciv-640x480-1.jpg
50.7.214.74200 OK 56 kB URL HTTP/2 cdn-s13.cfeucdn.com/flv/api/files/thumbs_new/2022/09/16/1663288261byciv/1663288261byciv-640x480-1.jpg
IP 50.7.214.74:0
File type JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, progressive, precision 8, 1280x720, components 3\012- data
Hash 7a9d989e08092e9ba2068d9fefa92973
d0f11aec7c3d156c2bfcf05d6aa43609fa0685e2
51247951ce77e71fb4119aa14f94845c334bd6591e1d0914ce6a918e4d623c68
GET /flv/api/files/thumbs_new/2022/09/16/1663288261byciv/1663288261byciv-640x480-1.jpg HTTP/1.1
Host: cdn-s13.cfeucdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://woffxxx.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 16 Sep 2022 16:02:15 GMT
content-type: image/jpeg
content-length: 56237
last-modified: Fri, 16 Sep 2022 00:44:11 GMT
etag: "6323c6db-dbad"
server: cloudflare
expires: Sat, 23 Aug 2121 16:02:15 GMT
cache-control: max-age=3122064000, public
accept-ranges: bytes
X-Firefox-Spdy: h2
unpkg.com/jquery@2.2.4/dist/jquery.min.js
104.16.123.175200 OK 0 B URL HTTP/2 unpkg.com/jquery@2.2.4/dist/jquery.min.js
IP 104.16.123.175:0
GET /jquery@2.2.4/dist/jquery.min.js HTTP/1.1
Host: unpkg.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://woffxxx.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Fri, 16 Sep 2022 15:59:20 GMT
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
last-modified: Fri, 20 May 2016 17:24:42 GMT
etag: W/"14e4a-abtp4lyn1e8JNTF1hOYVPz/ZqIw"
via: 1.1 fly.io
fly-request-id: 01G754SVY4BFC19MXYRYRMED91-fra
cf-cache-status: HIT
age: 6387461
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
server: cloudflare
cf-ray: 74bacf0a1965b500-OSL
content-encoding: br
X-Firefox-Spdy: h2
cdn.sb4you1.com/sb/ssp/notifications/text_bubble/2/js/jquery.min.js
172.64.166.16200 OK 0 B URL HTTP/2 cdn.sb4you1.com/sb/ssp/notifications/text_bubble/2/js/jquery.min.js
IP 172.64.166.16:0
GET /sb/ssp/notifications/text_bubble/2/js/jquery.min.js HTTP/1.1
Host: cdn.sb4you1.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Fri, 16 Sep 2022 15:59:26 GMT
content-type: application/javascript
last-modified: Tue, 12 Jul 2022 10:56:19 GMT
etag: W/"62cd5353-15d94"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 198164
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=9TIjpjQc2ZjfVes7NgiXTmr5bkRocUzC2SSjgQu6H%2FodywLtVsShZ3Mz13GAnvi%2BsP4%2FXMbAix%2B9hJbQaTXn5RNmj8oo7nozN2XC3xSB%2BRCYtrdvvTh1iJU%2BcjhdOWndv%2BA%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 74bacf2cfc678873-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
unpkg.com/jquery.cookie@1.4.1/jquery.cookie.js
104.16.123.175200 OK 0 B URL HTTP/2 unpkg.com/jquery.cookie@1.4.1/jquery.cookie.js
IP 104.16.123.175:0
GET /jquery.cookie@1.4.1/jquery.cookie.js HTTP/1.1
Host: unpkg.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://woffxxx.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Fri, 16 Sep 2022 15:59:20 GMT
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
last-modified: Sun, 27 Apr 2014 20:04:54 GMT
etag: W/"c31-MeG8xM+AWiwv7iH0je0eWY9koqg"
via: 1.1 fly.io
fly-request-id: 01G75513388K1MR4R8RW1AYXTV-fra
cf-cache-status: HIT
age: 6387461
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
server: cloudflare
cf-ray: 74bacf0a196ab500-OSL
content-encoding: br
X-Firefox-Spdy: h2
zap.buzz/lxAR5ZJ
104.21.53.136302 Found 0 B IP 104.21.53.136:0
GET /lxAR5ZJ HTTP/1.1
Host: zap.buzz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
date: Fri, 16 Sep 2022 15:59:22 GMT
content-type: text/html; charset=utf-8
location: https://q.cachegorilla.com/r?fid=B79SGewuO6N
vary: Cookie
set-cookie: session=eyJfcGVybWFuZW50Ijp0cnVlfQ.YySdWg.ISHLYVw7sON5n3PwcQKr1f9L0Wc; Expires=Fri, 16 Sep 2022 16:29:22 GMT; HttpOnly; Path=/
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=RcZlYQ9pSX4O9musBgIiENU08RJpUOWY5O9LLNJkGwslUfF5IeqsPR%2Fmxd9OXJBSYwn8UIozKkOGRcmN7hSAiACgvARgX8JU4%2FH3PhMnbEniItaC9WQzDSLY2Q%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 74bacf146bc4b52d-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
popmyads.com/serve/22236/66660/szqpmqqoapdpgpq/aHR0cDovL3lvZmF1cmxzLmNvbQ==
172.67.141.89200 OK 0 B URL HTTP/2 popmyads.com/serve/22236/66660/szqpmqqoapdpgpq/aHR0cDovL3lvZmF1cmxzLmNvbQ==
IP 172.67.141.89:0
GET /serve/22236/66660/szqpmqqoapdpgpq/aHR0cDovL3lvZmF1cmxzLmNvbQ== HTTP/1.1
Host: popmyads.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 16 Sep 2022 15:59:25 GMT
content-type: text/html; charset=UTF-8
x-powered-by: PHP/7.1.33
x-frame-options: DENY
content-security-policy: frame-ancestors 'none'
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=WCv2xiHxyLVk2dNeEYAug%2FUvbdH7EPw9GAwVTVAzQdaTiB3Z%2F8SbSMf5YfqPXn5HZaVzXNp1oscR8BoqUYjDS3ZGdT1xDx%2FYNkSmBtiuxyIb1atjAS3ajjyDxWu8pD8%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 74bacf296d3fb509-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
cdn.sb4you1.com/sb/ssp/notifications/text_bubble/2/js/script.js
172.64.166.16200 OK 0 B URL HTTP/2 cdn.sb4you1.com/sb/ssp/notifications/text_bubble/2/js/script.js
IP 172.64.166.16:0
GET /sb/ssp/notifications/text_bubble/2/js/script.js HTTP/1.1
Host: cdn.sb4you1.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://woffxxx.com
Connection: keep-alive
Referer: https://woffxxx.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Fri, 16 Sep 2022 15:59:26 GMT
content-type: application/javascript
last-modified: Tue, 12 Jul 2022 10:56:18 GMT
etag: W/"62cd5352-37c"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 196389
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=wVqx91zOf0e8yLZKAirBqFwrIF3DRISeWjYUWGE6ibDQ45SQZ9SrzBLzloeurqTqtvkMoozswmEo2yHfG8NvjbU0hc%2BGUCfsjyal3HDJdGun1OfW2dFDQSdMsuEuW1Lkp70%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 74bacf2d6db78873-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
unpkg.com/@silvermine/videojs-quality-selector@1.2.4/dist/js/silvermine-videojs-quality-selector.min.js?ver=1.2.4
104.16.123.175302 Found 0 B URL HTTP/2 unpkg.com/@silvermine/videojs-quality-selector@1.2.4/dist/js/silvermine-videojs-quality-selector.min.js?ver=1.2.4
IP 104.16.123.175:0
GET /@silvermine/videojs-quality-selector@1.2.4/dist/js/silvermine-videojs-quality-selector.min.js?ver=1.2.4 HTTP/1.1
Host: unpkg.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xxxfree.watch/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
date: Fri, 16 Sep 2022 15:59:20 GMT
content-type: text/plain; charset=utf-8
access-control-allow-origin: *
location: /@silvermine/videojs-quality-selector@1.2.4/dist/js/silvermine-videojs-quality-selector.min.js
vary: Accept, Accept-Encoding
via: 1.1 fly.io
fly-request-id: 01GD3GCWM7HWCZV4JD635QGSVC-fra
cf-cache-status: HIT
age: 12
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
server: cloudflare
cf-ray: 74bacf07ce80b500-OSL
X-Firefox-Spdy: h2
www.kinogogly.pro/afd951/4f8a112651cb.js
67.216.91.5200 OK 0 B URL HTTP/2 www.kinogogly.pro/afd951/4f8a112651cb.js
IP 67.216.91.5:0
GET /afd951/4f8a112651cb.js HTTP/1.1
Host: www.kinogogly.pro
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-type: text/plain
Origin: https://xxxfree.watch
Connection: keep-alive
Referer: https://xxxfree.watch/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: ucdn/1.22.0
date: Fri, 16 Sep 2022 15:59:21 GMT
content-type: application/javascript
vary: Accept-Encoding
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-headers: Content-Type
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315356439, public
x-ureq-id: XDrrrzssYKy7XniAYHDaCxO/1BtQYlPAo1HVcwFLMsqzmAdmqk/B6ooG0EIWoxnf5jngzO4v15H/4XOXMHf5kCW9G0bgBQkxYucKEX6fKtb2yoUxnJLMA+vaS5pzPbmM
x-served-from: l1
x-vhostid: 247, 20850
content-encoding: br
X-Firefox-Spdy: h2
www.kinogogly.pro/afd951/4f8a112651cb.js
67.216.91.5200 OK 0 B URL HTTP/2 www.kinogogly.pro/afd951/4f8a112651cb.js
IP 67.216.91.5:0
GET /afd951/4f8a112651cb.js HTTP/1.1
Host: www.kinogogly.pro
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xxxfree.watch/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: ucdn/1.22.0
date: Fri, 16 Sep 2022 15:59:21 GMT
content-type: application/javascript
vary: Accept-Encoding
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-headers: Content-Type
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315356439, public
x-ureq-id: XDrrrzssYKy7XniAYHDaCxO/1BtQYlPAo1HVcwFLMsqzmAdmqk/B6ooG0EIWoxnf5jngzO4v15H/4XOXMHf5kCW9G0bgBQkxYucKEX6fKtb2yoUxnJLMA+vaS5pzPbmM
x-served-from: l1
x-vhostid: 247, 20832
content-encoding: br
X-Firefox-Spdy: h2
zap.buzz/Jr1zAzZ
104.21.53.136302 Found 0 B IP 104.21.53.136:0
GET /Jr1zAzZ HTTP/1.1
Host: zap.buzz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
date: Fri, 16 Sep 2022 15:59:22 GMT
content-type: text/html; charset=utf-8
location: https://xml.poprtb.com/redirect?feed=457657&auth=p12tC3&pubid=152420
vary: Cookie
set-cookie: session=eyJfcGVybWFuZW50Ijp0cnVlfQ.YySdWg.ISHLYVw7sON5n3PwcQKr1f9L0Wc; Expires=Fri, 16 Sep 2022 16:29:22 GMT; HttpOnly; Path=/
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=MAUAvQdcUIVRMRyLQ27aCbM7a5d1Vr92bgrUp8IRbp6i%2FrlGe4UkgDBoQrBUZZcuGBygaJTIuuSmBuVnlGYMYS4nhx3qYKAFTzr1v9FaOmH5sHDf5%2BMlhQGR%2BQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 74bacf147bd2b52d-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
q.cachegorilla.com/r?fid=B79SGewuO6N
104.21.51.225302 Found 0 B URL HTTP/2 q.cachegorilla.com/r?fid=B79SGewuO6N
IP 104.21.51.225:0
GET /r?fid=B79SGewuO6N HTTP/1.1
Host: q.cachegorilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
date: Fri, 16 Sep 2022 15:59:22 GMT
location: http://c.cachegorilla.com/cf?id=9287201342030046126&sid=B79SGewuO6N&subid=0000&fid=18979&redir=1
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=tcQn0t2YbnWnfbIGhCCxUjhEbA54ZAQpM9UmBactxfecgEDbT7iYptGMFTqMtHmj%2Fl2ojaVfPLgvqhfmSpqPBLMydbsGjZOxygu4LN5RKmz2HZhEsU1nZLxWYY6SSW1DvxC90d4%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 74bacf14ec00b524-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
cdn.barscreative1.com/sb/au/29/79/b6/2979b6cd81afad6251e222515b2d8311/1663145782.html
45.133.44.4200 OK 0 B URL HTTP/2 cdn.barscreative1.com/sb/au/29/79/b6/2979b6cd81afad6251e222515b2d8311/1663145782.html
IP 45.133.44.4:0
ASN #39572 DataWeb Global Group B.V.
Analyzer Verdict Alert fortinet Phishing
GET /sb/au/29/79/b6/2979b6cd81afad6251e222515b2d8311/1663145782.html HTTP/1.1
Host: cdn.barscreative1.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://woffxxx.com
Connection: keep-alive
Referer: https://woffxxx.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 16 Sep 2022 15:59:26 GMT
content-type: text/html; charset=utf-8
server: nginx/1.17.6
last-modified: Wed, 14 Sep 2022 08:56:26 GMT
etag: W/"6321973a-6ef"
cache-control: max-age=3600
access-control-allow-origin: *
access-control-expose-headers: Date
content-encoding: gzip
expires: Fri, 16 Sep 2022 16:59:26 GMT
x-proxy-cache: HIT
X-Firefox-Spdy: h2
xxxfree.watch/veronica-leal-wet-and-horny/
172.67.223.192200 OK 0 B URL HTTP/2 xxxfree.watch/veronica-leal-wet-and-horny/
IP 172.67.223.192:0
GET /veronica-leal-wet-and-horny/ HTTP/1.1
Host: xxxfree.watch
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/2 200 OK
date: Fri, 16 Sep 2022 15:59:20 GMT
content-type: text/html; charset=UTF-8
x-powered-by: PHP/7.4.30, PleskLin
last-modified: Fri, 16 Sep 2022 00:34:14 GMT
vary: Accept-Encoding
cache-control: max-age=0
expires: Fri, 16 Sep 2022 15:59:20 GMT
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=5Dm%2BhSlikEHEacHZayl5YiEg05x0I5H5x3eMfuKBQTOmt5uibcdfufo6S5UI%2BhfF6HSrULNYXZ%2FZwRLx0b%2FF6wSPu%2B0GdbVrQVLEf23SGb79VA78qakF6XByT%2Bi%2B5FJg"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 74bacf065819b523-OSL
content-encoding: gzip
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
creepingbrings.com/sfp.js
104.21.234.233200 OK 0 B URL HTTP/2 creepingbrings.com/sfp.js
IP 104.21.234.233:0
GET /sfp.js HTTP/1.1
Host: creepingbrings.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://woffxxx.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 16 Sep 2022 15:59:22 GMT
content-type: application/javascript; charset=utf-8
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
access-control-allow-origin: *
expires: Thu, 01 Jan 1970 00:00:01 GMT
cache-control: max-age=14400
x-request-id: be9d394cbbb1755e5bd3c9071cdde449
strict-transport-security: max-age=0; includeSubdomains
cf-cache-status: EXPIRED
last-modified: Fri, 16 Sep 2022 15:59:21 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=bP6iN3Q8rryottANfcMDr9%2BfziUnccSzzpskGHIRwSsRZgxkhTT%2F2c8XyaXZXTnGDfoTB%2Fm0eISAJV8xFH4cVrWC2eQmD%2BGrqIYDQgczpYYyHaxyNDXOFHB%2F%2F7lEBoxaJM66xQw%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 74bacf132deb776d-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
c.adsco.re/
104.17.167.186200 OK 0 B IP 104.17.167.186:0
GET / HTTP/1.1
Host: c.adsco.re
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xxxfree.watch/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 16 Sep 2022 15:59:20 GMT
content-type: text/html
cache-control: public, max-age=2678400
accept-ch: Sec-CH-UA, Sec-CH-UA-Mobile, Sec-CH-UA-Full-Version, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Device-Memory, Downlink, ECT, RTT, Width, Viewport-Width, DPR
permissions-policy: ch-ua=(self "https://adsco.re"),ch-ua-mobile=(self "https://adsco.re"),ch-ua-full-version=(self "https://adsco.re"),ch-ua-platform=(self "https://adsco.re"),ch-ua-platform-version=(self "https://adsco.re"),ch-ua-arch=(self "https://adsco.re"),ch-ua-model=(self "https://adsco.re"),ch-device-memory=(self "https://adsco.re"),ch-downlink=(self "https://adsco.re"),ch-ect=(self "https://adsco.re"),ch-rtt=(self "https://adsco.re"),ch-width=(self "https://adsco.re"),ch-viewport-width=(self "https://adsco.re"),ch-dpr=(self "https://adsco.re")
link: <//6.adsco.re/>;rel=prefetch;crossorigin;as=fetch,<//4.adsco.re/>;rel=prefetch;crossorigin;as=fetch,<//adsco.re/>;rel=preconnect
expires: Mon, 17 Oct 2022 15:59:20 GMT
etag: W/"11BCsVfRLqCHC9ZZvH4GUw=="
cf-cache-status: HIT
age: 64472
vary: Accept-Encoding
server: cloudflare
cf-ray: 74bacf0a6b9db4f7-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
woffxxx.com/e/ZFYyVDFmdzE3RVFXY2NITGVRYjMvZz09
172.67.183.166200 OK 0 B URL HTTP/2 woffxxx.com/e/ZFYyVDFmdzE3RVFXY2NITGVRYjMvZz09
IP 172.67.183.166:0
GET /e/ZFYyVDFmdzE3RVFXY2NITGVRYjMvZz09 HTTP/1.1
Host: woffxxx.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xxxfree.watch/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 16 Sep 2022 15:59:20 GMT
content-type: text/html; charset=utf-8
vary: Accept-Encoding
x-robots-tag: 'none, noindex, nofollow, noarchive, nosnippet, noodp, notranslate, noimageindex'
x-content-type-options: nosniff
x-xss-protection: 1; mode=block;
p3p: policyref="http://www.example.com/w3c/p3p.xml", CP="CURa ADMa DEVa CONo HISa OUR IND DSP ALL COR"
link: <//woffxxx.com>; rel=preconnect; crossorigin, <//global.stun.twilio.com>; rel=dns-prefetch; crossorigin, <//counter.yadro.ru>; rel=preconnect; crossorigin, <//imasdk.googleapis.com>; rel=preconnect; crossorigin, <//stun2.l.google.com>; rel=dns-prefetch; crossorigin, <//unpkg.com>; rel=preconnect; crossorigin, <//mc.yandex.ru>; rel=preconnect; crossorigin, <//cdn.jsdelivr.net>; rel=preconnect; crossorigin, <//signal.netu.tv>; rel=dns-prefetch; crossorigin,<//wss.commentsengine.com>; rel=dns-prefetch; crossorigin, <//www.gstatic.com>; rel=preconnect; crossorigin, <//imasdk.googleapis.com>; rel=preconnect; crossorigin, <//storage.googleapis.com>; rel=preconnect; crossorigin, <//www.google.com>; rel=preconnect; crossorigin,<//deliver.vkcdnservice.com>; rel=preconnect; crossorigin, <//deliver.vkcdnservice.com>; rel=preconnect; crossorigin,<//vkcdnservice.appspot.com.storage.googleapis.com>; rel=preconnect; crossorigin, <//www.google.com>; rel=preconnect; crossorigin, <//www.recaptcha.net>; rel=preconnect; crossorigin, <//cdnjs.cloudflare.com>; rel=preconnect; crossorigin
x-origin-location: player
cache-control: public, stale-if-error=30, max-age=30
x-cache-status-inferno: HIT
x-inferno-location: player
x-inferno-limit-req: PASSED
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=LrH2KDt9HG6YKdbOX%2BN3hRkQiwx%2Bauzrs78iIzVb1QXy%2FW45aRRzE0zwRPpADB0uJi9pQ6q1PgUqgc164j0EXM0123bhAz%2FqKpNjcKvc3JIXEtYJcbXm1bWvMZ8H2Q%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 74bacf08ff2eb506-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2