xfantazy.com/video/5fc582e7b181c14a07fdad7e
104.26.1.188302 Found 0 B URL HTTP/1.1 xfantazy.com/video/5fc582e7b181c14a07fdad7e
IP 104.26.1.188:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /video/5fc582e7b181c14a07fdad7e HTTP/1.1
Host: xfantazy.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 302 Found
Date: Sat, 03 Sep 2022 17:58:13 GMT
Content-Length: 0
Connection: keep-alive
location: https://xfantazy.com/video/5fc582e7b181c14a07fdad7e
cache-control: no-cache
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=dU5lmvs%2BuSkCNy7HOJBIPOhXyC5CLmHY3ETwLYeyczYGSZ%2BTFVh4Ih5fnVIQh8mJ9xvI05XAQADEtwOYc7FRQprZsY3q0TWjqu3%2FziWzZK3GV6QXl00kqhJz9MqV0w%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 74505f4c8fb9b515-OSL
alt-svc: h2=":443"; ma=60
firefox.settings.services.mozilla.com/v1/
143.204.55.36200 OK 939 B URL HTTP/1.1 firefox.settings.services.mozilla.com/v1/
IP 143.204.55.36:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash b593eb39329cfe060d55be5e4a5405e2
78e46c1028e9f94f8569303ad2d90d7df13a059a
08a810103557efe55ca4425ff0cf82593f1f54633df899127eaec9bee05d4d04
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 939
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Retry-After, Alert, Content-Length, Content-Type, Backoff
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Date: Sat, 03 Sep 2022 17:43:07 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
X-Cache: Hit from cloudfront
Via: 1.1 9dd61138197a68f8d69f12574aab6930.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: f-CwMLqbUgZfAEkwHmA0YdnoZEzC-V9nG2zFVNKwcCLFC2U7nRjXMA==
Age: 906
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash bcdebf7a2bad5db595e8a0c1abb2ddcb
249dda2fa5e37b8a8f3a8c797193bf0874b6eedc
9b43ec48b16f96449208a0094c4d660806a2a2d344b5862dbff4c393bf3f9f9f
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "9B43EC48B16F96449208A0094C4D660806A2A2D344B5862DBFF4C393BF3F9F9F"
Last-Modified: Thu, 01 Sep 2022 11:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=13347
Expires: Sat, 03 Sep 2022 21:40:40 GMT
Date: Sat, 03 Sep 2022 17:58:13 GMT
Connection: keep-alive
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-10-09-23-18-04.chain
143.204.55.49200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-10-09-23-18-04.chain
IP 143.204.55.49:0
File type PEM certificate\012- , ASCII text
Hash 742edb4038f38bc533514982f3d2e861
cc3a20c8dc2a8c632ef9387a2744253f1e3fdef1
b6bfa49d3d135035701231db2fffc0c0643444394009a94c6a1b4d829d6b8345
GET /chains/remote-settings.content-signature.mozilla.org-2022-10-09-23-18-04.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: binary/octet-stream
content-length: 5348
last-modified: Sat, 20 Aug 2022 23:18:05 GMT
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
date: Sat, 03 Sep 2022 01:15:18 GMT
etag: "742edb4038f38bc533514982f3d2e861"
x-cache: Hit from cloudfront
via: 1.1 8e6dce34fd223e0c9d89fd938d1784a2.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: -Xj_r92pm1jkG1ZKOTpUXGmNqSqjFkZ3xEhA04fPZiVA43fXkjjcvg==
age: 60176
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Sat, 03 Sep 2022 17:58:13 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash 20cc30f2a41f9c5e824ea46460548950
c153b447d44cbbe8f30d7f490605d1a430af20a1
0f8bb96e7dfd8a6bb3d7eae1a958195cb8ca9f20e0ad8cd952c34267ff0625f3
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 03 Sep 2022 17:58:14 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
xfantazy.com/_next/static/chunks/69.b3ff95d1d1b8e7cf25a2.js
104.26.0.188200 OK 1.2 kB URL HTTP/2 xfantazy.com/_next/static/chunks/69.b3ff95d1d1b8e7cf25a2.js
IP 104.26.0.188:0
File type ASCII text, with very long lines (1564), with no line terminators
Hash 754923db85d1d0cc3d73e0ea692c4c65
afca17b521b05d2a531349def032f95e080d14b0
3f181ae9e60105cabb8afcaf4f159386bdf3684bb1798de5f20fb1119bd9f67d
GET /_next/static/chunks/69.b3ff95d1d1b8e7cf25a2.js HTTP/1.1
Host: xfantazy.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/video/5fc582e7b181c14a07fdad7e
Cookie: visitorId=78ob34gxsz5rp4xq8niyu; experiment-popup-payment-7=0; experiment-save-to-button-2=0
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sat, 03 Sep 2022 17:58:14 GMT
content-type: application/javascript; charset=UTF-8
vary: Origin, Accept-Encoding
cache-control: public, max-age=31536000, immutable
last-modified: Fri, 11 Jun 2021 14:19:48 GMT
etag: W/"61c-179fb7179e1"
cf-cache-status: HIT
age: 28684962
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=kUeWKF3yaVTeSMQIR1BT5%2FlnrotwSpORiUbOunYA8d18%2BNYjw1SzS6JCtwS%2FKxHm73UykWHoaUu3R%2FO4GfcTqkV%2BneMYc1PhzACr8ZwqkJbKiQIQIgcl%2F1KT52UG8g%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 74505f51fdefb524-OSL
content-encoding: br
X-Firefox-Spdy: h2
ocsp.sectigo.com/
172.64.155.188200 OK 472 B IP 172.64.155.188:0
Hash c8992582996fa78ca6044536891df4af
47c3c05a957a3f8a0d125f1cc1903d52bb5ff5ae
173b9e140765564f07c9956157c75de4e117da5ebdeba621b8058de06470b21c
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sat, 03 Sep 2022 17:58:14 GMT
Content-Type: application/ocsp-response
Content-Length: 472
Connection: keep-alive
Last-Modified: Sat, 03 Sep 2022 03:14:20 GMT
Expires: Sat, 10 Sep 2022 03:14:19 GMT
Etag: "47c3c05a957a3f8a0d125f1cc1903d52bb5ff5ae"
Cache-Control: max-age=551164,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb1
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 74505f52cc1d0b65-OSL
xfantazy.com/_next/static/chunks/47.6c9a4510342e4dd3af77.js
104.26.0.188200 OK 1.3 kB URL HTTP/2 xfantazy.com/_next/static/chunks/47.6c9a4510342e4dd3af77.js
IP 104.26.0.188:0
File type ASCII text, with very long lines (1568), with no line terminators
Hash fbe93b229683780df854b7af607bfc70
0c4320bd6a6c1d35c0918d3a3eeb9ab92beac09a
63f2911e6057a4f7eecf58d0d3008f1cc4ae8afe2bf8f5cbe2761663bad403b1
GET /_next/static/chunks/47.6c9a4510342e4dd3af77.js HTTP/1.1
Host: xfantazy.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/video/5fc582e7b181c14a07fdad7e
Cookie: visitorId=78ob34gxsz5rp4xq8niyu; experiment-popup-payment-7=0; experiment-save-to-button-2=0
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sat, 03 Sep 2022 17:58:14 GMT
content-type: application/javascript; charset=UTF-8
vary: Origin, Accept-Encoding
cache-control: public, max-age=31536000, immutable
last-modified: Mon, 06 Jun 2022 14:51:13 GMT
etag: W/"620-181397f9e59"
cf-cache-status: HIT
age: 7669055
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=bS%2Frer5WFIDYW2y4ycYeWQFVPg5tnYtrzQ039DCwaCOglICiuaDjtQDqewjI7%2FG71s6wna0AjL0FAiyi5RS7by%2BbRb4PVRxbO%2Bym0%2FFCNER%2FSQyZd3lD1swmO%2BOmpg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 74505f51ede1b524-OSL
content-encoding: br
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash 9439a7cde73fea464c1463febdda0556
6a0030d4f26b2e9658700708c82e7ce6120ce93c
c3a5a489f4ef8c8cce54dbd819c5cf573740317ea3718ccd6804a03374739199
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 03 Sep 2022 17:58:14 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
static-cache.k2s.cc/thumbnail/IO7AtH_0n63o-D3B-Q/w320h240/0.jpeg
188.72.235.185200 OK 12 kB URL HTTP/2 static-cache.k2s.cc/thumbnail/IO7AtH_0n63o-D3B-Q/w320h240/0.jpeg
IP 188.72.235.185:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v80), quality = 80", baseline, precision 8, 320x240, components 3\012- data
Hash a177496d4fc05a3945a0388c467a42e3
0585ae7565cedb41c60970e3a3b942f7ff6b983c
c411265cacd5375c9e168c25a982e958a96e0261e8d4b86e097101673fc2137c
GET /thumbnail/IO7AtH_0n63o-D3B-Q/w320h240/0.jpeg HTTP/1.1
Host: static-cache.k2s.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: openresty
date: Sat, 03 Sep 2022 17:58:14 GMT
content-type: image/jpeg
content-length: 12028
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
access-control-allow-origin: *
x-cache-status: HIT
X-Firefox-Spdy: h2
static-cache.k2s.cc/thumbnail/J-ibvnD1m6zqq2iQ_g/w320h240/0.jpeg
188.72.235.185200 OK 12 kB URL HTTP/2 static-cache.k2s.cc/thumbnail/J-ibvnD1m6zqq2iQ_g/w320h240/0.jpeg
IP 188.72.235.185:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v80), quality = 80", baseline, precision 8, 320x240, components 3\012- data
Hash 44dda25ede482ff89be22ef60e59d5f8
0d18faffada7eeef728ce387282d29b432b41fd0
fbd04c2536abfd09b0a4cabbd309207cf919a3ffeafd3fb9a4e4a6cea43907b3
GET /thumbnail/J-ibvnD1m6zqq2iQ_g/w320h240/0.jpeg HTTP/1.1
Host: static-cache.k2s.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: openresty
date: Sat, 03 Sep 2022 17:58:14 GMT
content-type: image/jpeg
content-length: 12291
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
access-control-allow-origin: *
x-cache-status: HIT
X-Firefox-Spdy: h2
static-cache.k2s.cc/thumbnail/IeiWtXeiwq268WnGrQ/w320h240/0.jpeg
188.72.235.185200 OK 14 kB URL HTTP/2 static-cache.k2s.cc/thumbnail/IeiWtXeiwq268WnGrQ/w320h240/0.jpeg
IP 188.72.235.185:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v80), quality = 80", baseline, precision 8, 320x240, components 3\012- data
Hash 9399e14388de9b7ab8949e46e8f3efa3
0951ca83d4ff90ec57f5626f453ad5c085df0420
d0665782ccb2a6b313891d536719084ae87ae13885acdf2bb92a795a71dcd384
GET /thumbnail/IeiWtXeiwq268WnGrQ/w320h240/0.jpeg HTTP/1.1
Host: static-cache.k2s.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: openresty
date: Sat, 03 Sep 2022 17:58:14 GMT
content-type: image/jpeg
content-length: 13925
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
access-control-allow-origin: *
x-cache-status: HIT
X-Firefox-Spdy: h2
static-cache.k2s.cc/thumbnail/d-WU6X-jm_-4_jSW-Q/w320h240/0.jpeg
188.72.235.185200 OK 11 kB URL HTTP/2 static-cache.k2s.cc/thumbnail/d-WU6X-jm_-4_jSW-Q/w320h240/0.jpeg
IP 188.72.235.185:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v80), quality = 80", baseline, precision 8, 320x240, components 3\012- data
Hash d45a3f7f988b4b5959853aabcbcd2759
108c505528e1a840afe739d23502b7f6ff9051c7
af2cd756d7e99762c889b599e9c9aadca23edde71f184e4d665be8638044c79c
GET /thumbnail/d-WU6X-jm_-4_jSW-Q/w320h240/0.jpeg HTTP/1.1
Host: static-cache.k2s.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: openresty
date: Sat, 03 Sep 2022 17:58:14 GMT
content-type: image/jpeg
content-length: 10605
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
access-control-allow-origin: *
x-cache-status: HIT
X-Firefox-Spdy: h2
xfantazy.com/video/5fc582e7b181c14a07fdad7e
104.26.0.188200 OK 424 kB URL HTTP/2 xfantazy.com/video/5fc582e7b181c14a07fdad7e
IP 104.26.0.188:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (18552)
Size 424 kB (424544 bytes)
Hash 7896b6c2b032e8d72f9eb8734e38e71d
438983c12c077eac19d03b013758a5c3a29d7475
e1b14953bfbc7c0bf025cefc0e42c3fadffbcf83ee10903abf4dc1f0711e5a40
GET /video/5fc582e7b181c14a07fdad7e HTTP/1.1
Host: xfantazy.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/2 200 OK
date: Sat, 03 Sep 2022 17:58:13 GMT
content-type: text/html; charset=utf-8
vary: Origin
set-cookie: visitorId=78ob34gxsz5rp4xq8niyu; Domain=xfantazy.com; Path=/; Expires=Fri, 03 Sep 2032 17:58:13 GMT; HttpOnly
experiment-popup-payment-7=0; Path=/; Expires=Sat, 10 Sep 2022 17:58:13 GMT
experiment-save-to-button-2=0; Path=/; Expires=Sat, 10 Sep 2022 17:58:13 GMT
x-powered-by: Next.js
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=KgmLoCndYxuI%2FrZNK6Salr%2FPcy2E2Yt59UBDpY0mkt%2FNi%2FD%2FMOBaAuAgA8xpKncycDCb2pol4J55Akh3uG7OPRe70xwZOPNAC%2F6Wy6LxmdSkaY76mgfFbFq1vlsNVA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 74505f4e5914b524-OSL
content-encoding: br
X-Firefox-Spdy: h2
www.googletagmanager.com/gtm.js?id=GTM-PLKQLTX
142.250.74.72200 OK 53 kB URL HTTP/2 www.googletagmanager.com/gtm.js?id=GTM-PLKQLTX
IP 142.250.74.72:0
File type ASCII text, with very long lines (15971)
Hash d72a098ea4c463bf0ad594e73b55aba1
8bb2ef933c64e07638166af44707d4a96277b383
569a6126e6a1134b898b9cf49e3970ac7125c611033333a8b24e4ae2702d8042
GET /gtm.js?id=GTM-PLKQLTX HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Sat, 03 Sep 2022 17:58:14 GMT
expires: Sat, 03 Sep 2022 17:58:14 GMT
cache-control: private, max-age=900
last-modified: Sat, 03 Sep 2022 15:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 52684
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash 7ce90d6fafa13d92fcf445b688f0389f
480461a46fc291cbcdf6218c7743779d7e862788
dd33483769f6c715aeb257c2955147c1a5a47b0af1684190247701465af8af6c
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 03 Sep 2022 17:58:14 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2
142.250.74.163200 OK 16 kB URL HTTP/2 fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2
IP 142.250.74.163:0
File type Web Open Font Format (Version 2), TrueType, length 15744, version 1.0\012- data
Hash 15d9f621c3bd1599f0169dcf0bd5e63e
7ca9c5967f3bb8bffeab24b639b49c1e7d03fa52
f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615
GET /s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://xfantazy.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15744
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 31 Aug 2022 19:34:08 GMT
expires: Thu, 31 Aug 2023 19:34:08 GMT
cache-control: public, max-age=31536000
age: 253446
last-modified: Wed, 11 May 2022 19:24:48 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash 7ce90d6fafa13d92fcf445b688f0389f
480461a46fc291cbcdf6218c7743779d7e862788
dd33483769f6c715aeb257c2955147c1a5a47b0af1684190247701465af8af6c
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 03 Sep 2022 17:58:14 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash 7ce90d6fafa13d92fcf445b688f0389f
480461a46fc291cbcdf6218c7743779d7e862788
dd33483769f6c715aeb257c2955147c1a5a47b0af1684190247701465af8af6c
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 03 Sep 2022 17:58:14 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash b69e4ee589f24deef7c8a3004daae9d1
e96ab184083a5084569b86b8846a6fa0c3b6af9a
7560417294eeb0f5c955d68bcc9b9eae40d69d1ff4b717a115ca1c614b1f4a17
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 03 Sep 2022 17:58:14 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
xfantazy.com/_next/static/runtime/webpack-f4d22593ad73f080a168.js
104.26.0.188200 OK 5.4 kB URL HTTP/2 xfantazy.com/_next/static/runtime/webpack-f4d22593ad73f080a168.js
IP 104.26.0.188:0
File type ASCII text, with very long lines (12210), with no line terminators
Hash ae3ba643e616f9cfb373b346a4176074
f15a6a1834bd30b079bab0601f7045519b6d42a3
d1b581e7e2096a900268c4c64ea674f12f940320aec448588fb5728d425cda0c
GET /_next/static/runtime/webpack-f4d22593ad73f080a168.js HTTP/1.1
Host: xfantazy.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/video/5fc582e7b181c14a07fdad7e
Cookie: visitorId=78ob34gxsz5rp4xq8niyu; experiment-popup-payment-7=0; experiment-save-to-button-2=0
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sat, 03 Sep 2022 17:58:14 GMT
content-type: application/javascript; charset=UTF-8
vary: Origin, Accept-Encoding
cache-control: public, max-age=31536000, immutable
last-modified: Fri, 05 Aug 2022 08:42:28 GMT
etag: W/"2fb2-1826d2b92c0"
cf-cache-status: HIT
age: 2538835
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=aVrZCz6WpygskZmFJgeaOWmpQ4EmE8u0mG%2BUIIa73LyAZ9ymMpYfvA0MQZKwEIz9VRxq6dYP90CR8l7KJUrxIzayk2pmN0bHFtFLUSdVxaFDMkbPcS86nWoAC7StZQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 74505f51fdf0b524-OSL
content-encoding: br
X-Firefox-Spdy: h2
xfantazy.com/_next/static/runtime/main-8daa673a54696bb62abb.js
104.26.0.188200 OK 26 kB URL HTTP/2 xfantazy.com/_next/static/runtime/main-8daa673a54696bb62abb.js
IP 104.26.0.188:0
File type ASCII text, with very long lines (65536), with no line terminators
Hash b874e5b225887e9edd611f4982a6adfa
ab9d173eea7e07a8cf80eb365a9f289b87d434b1
e9eb460597a577a30cb661969c2bd42637418446a6360a682ebe46127c1f1925
GET /_next/static/runtime/main-8daa673a54696bb62abb.js HTTP/1.1
Host: xfantazy.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/video/5fc582e7b181c14a07fdad7e
Cookie: visitorId=78ob34gxsz5rp4xq8niyu; experiment-popup-payment-7=0; experiment-save-to-button-2=0
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sat, 03 Sep 2022 17:58:14 GMT
content-type: application/javascript; charset=UTF-8
vary: Origin, Accept-Encoding
cache-control: public, max-age=31536000, immutable
last-modified: Fri, 11 Jun 2021 14:19:48 GMT
etag: W/"11cd7-179fb717a09"
cf-cache-status: HIT
age: 28684961
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=i2FSkcvzejWcPWax6NP1wmME50x2RrVNH0Xa%2BGAFPZn0V%2FmNOup%2Byds3SADl2uPFp8NtrmqStIrCq3qGd9TCXH8PeNIVmYsGCIuDIGsLUUTJBLbyp%2FDZUkf2bRqKsQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 74505f51fdf2b524-OSL
content-encoding: br
X-Firefox-Spdy: h2
fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmEU9fBBc4.woff2
142.250.74.163200 OK 16 kB URL HTTP/2 fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmEU9fBBc4.woff2
IP 142.250.74.163:0
File type Web Open Font Format (Version 2), TrueType, length 15920, version 1.0\012- data
Hash 3a44e06eb954b96aa043227f3534189d
23cef6993ddb2b2979e8e7647fc3763694e2ba7d
b019538234514166ec7665359d097403358f8a4c991901983922fb4d56989f1e
GET /s/roboto/v30/KFOlCnqEu92Fr1MmEU9fBBc4.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://xfantazy.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15920
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Sat, 03 Sep 2022 02:02:22 GMT
expires: Sun, 03 Sep 2023 02:02:22 GMT
cache-control: public, max-age=31536000
age: 57352
last-modified: Wed, 11 May 2022 19:24:45 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2
142.250.74.163200 OK 16 kB URL HTTP/2 fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2
IP 142.250.74.163:0
File type Web Open Font Format (Version 2), TrueType, length 15860, version 1.0\012- data
Hash e9f5aaf547f165386cd313b995dddd8e
acdef5603c2387b0e5bffd744b679a24a8bc1968
f5aebdfea35d1e7656ef4acc5db1f243209755ae3300943ef8fc6280f363c860
GET /s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://xfantazy.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15860
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 31 Aug 2022 19:34:08 GMT
expires: Thu, 31 Aug 2023 19:34:08 GMT
cache-control: public, max-age=31536000
age: 253446
last-modified: Wed, 11 May 2022 19:24:42 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
static-cache.k2s.cc/thumbnail/3a44af549e112/main/0.jpeg
188.72.235.185404 Not Found 581 B URL HTTP/2 static-cache.k2s.cc/thumbnail/3a44af549e112/main/0.jpeg
IP 188.72.235.185:0
Hash a27abd9ec94a0839cf7d16e2470577e5
8bc747540b04cb77b41575075985192d1478a5b3
f6fda6351c5c677afb2d9ac60f7681b7b637e640c7b02feca86ed0d319a5d41b
GET /thumbnail/3a44af549e112/main/0.jpeg HTTP/1.1
Host: static-cache.k2s.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 404 Not Found
server: openresty
date: Sat, 03 Sep 2022 17:58:14 GMT
content-type: application/json
access-control-allow-origin: *
X-Firefox-Spdy: h2
xfantazy.com/static/xf-small.png
104.26.0.188200 OK 1.2 kB URL HTTP/2 xfantazy.com/static/xf-small.png
IP 104.26.0.188:0
File type PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced\012- data
Hash 73788af337ff4a5e7c8d8ea19dba155f
e0bd72878475603f40ebd05077c626816ed3285c
be4a320fd44fdaaced2a2056ff7a4c0765a6ed0996c9b4c94a0cb2458967e8df
GET /static/xf-small.png HTTP/1.1
Host: xfantazy.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/video/5fc582e7b181c14a07fdad7e
Cookie: visitorId=78ob34gxsz5rp4xq8niyu; experiment-popup-payment-7=0; experiment-save-to-button-2=0
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sat, 03 Sep 2022 17:58:14 GMT
content-type: image/png
content-length: 1153
vary: Origin, Accept-Encoding
cache-control: public, max-age=14400
last-modified: Fri, 05 Aug 2022 08:39:19 GMT
etag: W/"481-1826d28b1ec"
cf-cache-status: HIT
age: 2891
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=auJmSCtOIxsoFlJQ0IAQLxxPXySWG%2B%2BGsfoknJZFBW4EnlO0SEYyzFnraFxkjJQ8Zyb1ExeZw92DjRd0aRMjC%2FB1Zz0fpXab%2Bc1tBLQsC8%2BZklpG343AADR7jNsPIQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 74505f54899ab524-OSL
X-Firefox-Spdy: h2
push.services.mozilla.com/
34.212.166.60101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 34.212.166.60:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: PNdoFuH5O5qYCIgupaDlSg==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: 9VPNOo/x3fNVqUGJ1lpqP5lNrHY=
cdn.jsdelivr.net/npm/yandex-metrica-watch/tag.js
151.101.85.229200 OK 83 kB URL HTTP/2 cdn.jsdelivr.net/npm/yandex-metrica-watch/tag.js
IP 151.101.85.229:0
File type Unicode text, UTF-8 (with BOM) text, with very long lines (681)
Hash 5e95fd71c0607321599b2ed694f30adc
15e75c6e8fd13c12afb93e659206ec28893f7d17
eb5c363392c61c58e2ab8088a17da732d4c552a8a063e8276082192d5aa81a77
GET /npm/yandex-metrica-watch/tag.js HTTP/1.1
Host: cdn.jsdelivr.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
access-control-allow-origin: *
access-control-expose-headers: *
timing-allow-origin: *
cache-control: public, max-age=604800, s-maxage=43200
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/javascript; charset=utf-8
x-jsd-version: 1.242.0
x-jsd-version-type: version
etag: W/"3364d-8zUodyTu6b7iC+HzYMc9hdc5tyQ"
content-encoding: gzip
accept-ranges: bytes
date: Sat, 03 Sep 2022 17:58:14 GMT
age: 31663
x-served-by: cache-fra19171-FRA, cache-bma1661-BMA
x-cache: HIT, HIT
vary: Accept-Encoding
content-length: 83361
X-Firefox-Spdy: h2
ocsp.globalsign.com/ca/gsatlasr3dvtlsca2022q1
104.18.21.226200 OK 1.5 kB URL HTTP/1.1 ocsp.globalsign.com/ca/gsatlasr3dvtlsca2022q1
IP 104.18.21.226:0
Hash 0044404981768b7b7a8df58b2209572c
bb96d0afa5e895d1af090b26246671a068d8e1f4
71c639eb3086976b4fd41a6fd005429fb63597b712922f1801c62c17bf02f3a4
POST /ca/gsatlasr3dvtlsca2022q1 HTTP/1.1
Host: ocsp.globalsign.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sat, 03 Sep 2022 17:58:14 GMT
Content-Type: application/ocsp-response
Transfer-Encoding: chunked
Connection: keep-alive
Etag: "1268284441A7C0B1F9CDF1D5AC694C61FD512F33"
Expires: Sun, 04 Sep 2022 04:00:00 GMT
Last-Modified: Sat, 03 Sep 2022 16:00:00 UTC
Cache-Control: s-maxage=3600, public, no-transform, must-revalidate
CF-Cache-Status: HIT
Age: 2976
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 74505f55db67fab8-OSL
www.google-analytics.com/analytics.js
142.250.74.174200 OK 20 kB URL HTTP/2 www.google-analytics.com/analytics.js
IP 142.250.74.174:0
File type ASCII text, with very long lines (1325)
Hash 56f5d7f608e25d64207135f045f988cb
901eb59372ae330ae85e1384da93479b21ae1082
1910daea79e5a9d04829a91e432dfa56f45a80a3e14a8cf667fec73af9fd3d29
GET /analytics.js HTTP/1.1
Host: www.google-analytics.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 20006
date: Sat, 03 Sep 2022 16:41:12 GMT
expires: Sat, 03 Sep 2022 18:41:12 GMT
cache-control: public, max-age=7200
age: 4622
last-modified: Wed, 13 Apr 2022 21:02:38 GMT
content-type: text/javascript
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
xfantazy.com/_next/static/chunks/styles.77acb212b856be16971e.js
104.26.0.188200 OK 69 B URL HTTP/2 xfantazy.com/_next/static/chunks/styles.77acb212b856be16971e.js
IP 104.26.0.188:0
File type ASCII text, with no line terminators
Hash b538c227613edeab9c999e2dbaac87a3
62d70c28e89564b710be0821fb78b72e328d54c3
f4d4478f6c8d6589e6338822542e37c07a6462d7ca9584947c7845c94009e440
GET /_next/static/chunks/styles.77acb212b856be16971e.js HTTP/1.1
Host: xfantazy.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/video/5fc582e7b181c14a07fdad7e
Cookie: visitorId=78ob34gxsz5rp4xq8niyu; experiment-popup-payment-7=0; experiment-save-to-button-2=0; safeMode=0; advancedOptions=0; viewedVideoCounter=0
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sat, 03 Sep 2022 17:58:14 GMT
content-type: application/javascript; charset=UTF-8
vary: Origin, Accept-Encoding
cache-control: public, max-age=31536000, immutable
last-modified: Fri, 11 Jun 2021 14:19:05 GMT
etag: W/"55-179fb70cfea"
cf-cache-status: HIT
age: 28684714
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=DofbN59MgnhnZvmlC%2BDG%2F9ez%2FQK0MvtS0UkzpMchuSw6Zl4zgvvXcCPMfe%2FeLIpDEaUH3jOMrkAZkwEZjWcnenJxzCCO0sLySSZZ3BVgq4KWUEWR1tolUxuScCqxmg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 74505f569c41b524-OSL
content-encoding: br
X-Firefox-Spdy: h2
xfantazy.com/_next/static/css/styles.f80584c6.chunk.css
104.26.0.188200 OK 50 kB URL HTTP/2 xfantazy.com/_next/static/css/styles.f80584c6.chunk.css
IP 104.26.0.188:0
File type ASCII text, with very long lines (24334)
Hash 442fe15d10a493f054ba0231bf19d7df
546536633bd3813b996931873d6edd352e3db9c6
22b7e0afc860158a90f90dfa8fc9e8057e7f454d01e44459c40a68f773617544
GET /_next/static/css/styles.f80584c6.chunk.css HTTP/1.1
Host: xfantazy.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/video/5fc582e7b181c14a07fdad7e
Cookie: visitorId=78ob34gxsz5rp4xq8niyu; experiment-popup-payment-7=0; experiment-save-to-button-2=0; safeMode=0; advancedOptions=0; viewedVideoCounter=0
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sat, 03 Sep 2022 17:58:14 GMT
content-type: text/css; charset=UTF-8
vary: Origin, Accept-Encoding
cache-control: public, max-age=14400
last-modified: Fri, 05 Aug 2022 08:42:36 GMT
etag: W/"2fd40-1826d2bb0c7"
cf-cache-status: REVALIDATED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=5goKBX53hyMmg6cJiqU2Nck5tOqWN45qse55DdMsgcVIKxrI2cRAj91tODKdacPUhh%2Bs4DZ5OJUAkswYcYKhSt5df89KBlLfqp7xy0lOH9g%2B16pOUqIbyr2UgEobIA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 74505f569c3db524-OSL
content-encoding: br
X-Firefox-Spdy: h2
xfantazy.com/_next/static/chunks/242.e6062ff562716b6e41db.js
104.26.0.188200 OK 72 kB URL HTTP/2 xfantazy.com/_next/static/chunks/242.e6062ff562716b6e41db.js
IP 104.26.0.188:0
File type ASCII text, with very long lines (65536), with no line terminators
Hash eb0ddbe56dccb64c7d6ac8dc02227c4f
015c08dee0dbfa8cee9b50c91a547d9796518e25
402a67035e51cddc0c1212e2cdab9110f83d2723467679c44aecee48c6d094d9
GET /_next/static/chunks/242.e6062ff562716b6e41db.js HTTP/1.1
Host: xfantazy.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/video/5fc582e7b181c14a07fdad7e
Cookie: visitorId=78ob34gxsz5rp4xq8niyu; experiment-popup-payment-7=0; experiment-save-to-button-2=0; safeMode=0; advancedOptions=0; viewedVideoCounter=0
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sat, 03 Sep 2022 17:58:14 GMT
content-type: application/javascript; charset=UTF-8
vary: Origin, Accept-Encoding
cache-control: public, max-age=31536000, immutable
last-modified: Tue, 28 Jun 2022 10:55:52 GMT
etag: W/"26cdb-181a9f40d06"
cf-cache-status: HIT
age: 5814024
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=t3qAXZa%2BRfTGk2MmB1ThOBQJlI3yfOXDwjCisLeafnexrc2TQV2xAUx7HcZIhn%2BRYCDoAS4F2PFNMPw2PHc2YLe3DxmkPDx5%2BPqeZmhLitEbxMNhEb5GugzeX724mA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 74505f56ac45b524-OSL
content-encoding: br
X-Firefox-Spdy: h2
xfantazy.com/_next/static/chunks/51.21792104df3f91cda445.js
104.26.0.188200 OK 1.6 kB URL HTTP/2 xfantazy.com/_next/static/chunks/51.21792104df3f91cda445.js
IP 104.26.0.188:0
File type ASCII text, with very long lines (3301), with no line terminators
Hash 4973591acd0442614083d61ad71de2f6
a050ff8c14f9ab93bc380d45ed83fd5ca9203d39
dd568b1a5d115abf90f2daa5b4652d5ace1048c64033529e882a4268ac1b426f
GET /_next/static/chunks/51.21792104df3f91cda445.js HTTP/1.1
Host: xfantazy.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/video/5fc582e7b181c14a07fdad7e
Cookie: visitorId=78ob34gxsz5rp4xq8niyu; experiment-popup-payment-7=0; experiment-save-to-button-2=0; safeMode=0; advancedOptions=0; viewedVideoCounter=0
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sat, 03 Sep 2022 17:58:14 GMT
content-type: application/javascript; charset=UTF-8
vary: Origin, Accept-Encoding
cache-control: public, max-age=31536000, immutable
last-modified: Mon, 06 Jun 2022 14:51:13 GMT
etag: W/"ce5-181397f9e59"
cf-cache-status: HIT
age: 7674143
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=FKLLj2qt0%2BiniyZNKXMOMyOTHEM74KqcRflJJ7dxAf6Qh%2FAdXN70A3tMyxzF0341eX0APYtJOCq3QvOh7e%2FWd1wNot934mB0NyI4Q75rIzkCDpv7YiAopVANTz39%2BQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 74505f578d6eb524-OSL
content-encoding: br
X-Firefox-Spdy: h2
xfantazy.com/_next/static/oDS-1OtrlAeeVjTgw5hAY/pages/index.js
104.26.0.188200 OK 4.1 kB URL HTTP/2 xfantazy.com/_next/static/oDS-1OtrlAeeVjTgw5hAY/pages/index.js
IP 104.26.0.188:0
File type ASCII text, with very long lines (695), with no line terminators
Hash 7c1865c3daad497ea4c2cc57e75b4cad
64d45f5fcb959ca9e8c5a2aa29908e8217a048ee
504256eb99dd86a52e301183285d54b83b88b80c129596b2e4cafb2ace3df29c
GET /_next/static/oDS-1OtrlAeeVjTgw5hAY/pages/index.js HTTP/1.1
Host: xfantazy.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/video/5fc582e7b181c14a07fdad7e
Cookie: visitorId=78ob34gxsz5rp4xq8niyu; experiment-popup-payment-7=0; experiment-save-to-button-2=0; safeMode=0; advancedOptions=0; viewedVideoCounter=0; adScript2Groups=push1-push1%2Cpush2-push2%2Cpop-desk%2CTest-Code%20; k2sAccessToken=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiI1YjM5Y2ZjY2ZjNGUwNzFjNzE4MWQ0ZmQiLCJhdWQiOiJjbGllbnQiLCJ0eXBlIjoiYWNjZXNzVG9rZW4iLCJpc3MiOiJrMnMiLCJjSWQiOiI1YjM5Y2ZjY2ZjNGUwNzFjNzE4MWQ0ZmQiLCJqdGkiOiIxY2UwOGExOTY4OTE3IiwiaWF0IjoxNjYyMjI3ODk1LCJleHAiOjE2NjI4MzI2OTV9.UTINzAj0N3Nse5Mz7oKZzku6CT3UeokVAG-QtTCa40k; k2sRefreshToken=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiI1YjM5Y2ZjY2ZjNGUwNzFjNzE4MWQ0ZmQiLCJhdWQiOiJjbGllbnQiLCJ0eXBlIjoicmVmcmVzaFRva2VuIiwiaXNzIjoiazJzIiwiY0lkIjoiNWIzOWNmY2NmYzRlMDcxYzcxODFkNGZkIiwianRpIjoiOGVlYmIxYjkyY2Y5MiIsImlhdCI6MTY2MjIyNzg5NSwiZXhwIjoxNjY0ODE5ODk1fQ.vrujbak3g8m4yFP-aNsDWhExZw0vILECIV7Jhy3Boco
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sat, 03 Sep 2022 17:58:15 GMT
content-type: application/javascript; charset=UTF-8
vary: Origin, Accept-Encoding
cache-control: public, max-age=31536000, immutable
last-modified: Fri, 05 Aug 2022 08:43:45 GMT
etag: W/"2b7-1826d2cbfb8"
cf-cache-status: HIT
age: 2538361
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=XE3z835arIhKqLgc0AS4irUOHWoQiqXRIvR8KPlnDZyLvCx%2Ba4kSZQy56VaTl1FW53dA3ICjaO2k4eZr%2BPRM9pAjUKxQKHXHxHJYM9yoLoCbBGtCKmgNyVYYu8gzng%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 74505f596fbab524-OSL
content-encoding: br
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash 0fb935f05e6aaba744f686e2bb3928f9
5b8211247e237b44ddd5bc3df47063bfcac84b0e
a998f91aa98aee49510e973a892dd630395bb1af087c7dbc77b61d29bef2bf68
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 03 Sep 2022 17:58:15 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash ba9263af16f3a86a0e217b8190e6ca4d
66fb647949b84d6d9b1eb9008cad9787987c7d64
b69c0cc122ef29722dbd7da5da2a9e46d7b7bb439de9b0614c4dde6e3e5335ee
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "B69C0CC122EF29722DBD7DA5DA2A9E46D7B7BB439DE9B0614C4DDE6E3E5335EE"
Last-Modified: Thu, 01 Sep 2022 19:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7084
Expires: Sat, 03 Sep 2022 19:56:19 GMT
Date: Sat, 03 Sep 2022 17:58:15 GMT
Connection: keep-alive
xfantazy.com/_next/static/oDS-1OtrlAeeVjTgw5hAY/pages/top.js
104.26.0.188200 OK 681 B URL HTTP/2 xfantazy.com/_next/static/oDS-1OtrlAeeVjTgw5hAY/pages/top.js
IP 104.26.0.188:0
File type ASCII text, with very long lines (1410), with no line terminators
Hash 3e03209aa96c5fcd35ba34ba00bacddc
cf2909c741c35f17b4372d9ff015fefcc820ec98
a207885a1fda7132f08ada12648c1f4ffe5c2bc9761911ce871d7b32a2f6f19b
GET /_next/static/oDS-1OtrlAeeVjTgw5hAY/pages/top.js HTTP/1.1
Host: xfantazy.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/video/5fc582e7b181c14a07fdad7e
Cookie: visitorId=78ob34gxsz5rp4xq8niyu; experiment-popup-payment-7=0; experiment-save-to-button-2=0; safeMode=0; advancedOptions=0; viewedVideoCounter=0; adScript2Groups=push1-push1%2Cpush2-push2%2Cpop-desk%2CTest-Code%20; k2sAccessToken=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiI1YjM5Y2ZjY2ZjNGUwNzFjNzE4MWQ0ZmQiLCJhdWQiOiJjbGllbnQiLCJ0eXBlIjoiYWNjZXNzVG9rZW4iLCJpc3MiOiJrMnMiLCJjSWQiOiI1YjM5Y2ZjY2ZjNGUwNzFjNzE4MWQ0ZmQiLCJqdGkiOiIxY2UwOGExOTY4OTE3IiwiaWF0IjoxNjYyMjI3ODk1LCJleHAiOjE2NjI4MzI2OTV9.UTINzAj0N3Nse5Mz7oKZzku6CT3UeokVAG-QtTCa40k; k2sRefreshToken=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiI1YjM5Y2ZjY2ZjNGUwNzFjNzE4MWQ0ZmQiLCJhdWQiOiJjbGllbnQiLCJ0eXBlIjoicmVmcmVzaFRva2VuIiwiaXNzIjoiazJzIiwiY0lkIjoiNWIzOWNmY2NmYzRlMDcxYzcxODFkNGZkIiwianRpIjoiOGVlYmIxYjkyY2Y5MiIsImlhdCI6MTY2MjIyNzg5NSwiZXhwIjoxNjY0ODE5ODk1fQ.vrujbak3g8m4yFP-aNsDWhExZw0vILECIV7Jhy3Boco
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sat, 03 Sep 2022 17:58:15 GMT
content-type: application/javascript; charset=UTF-8
vary: Origin, Accept-Encoding
cache-control: public, max-age=31536000, immutable
last-modified: Fri, 05 Aug 2022 08:43:46 GMT
etag: W/"582-1826d2cc2d4"
cf-cache-status: HIT
age: 2538195
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=MZXaorxVVg%2BwSz47jHDFhVsBzLuNTx77cPufyreeisgVt7YrI%2FjNQjrKf%2BRvvz22pxY%2B7da9CUwtV7W8FjRg79iPv5Ue1ydkz9BZuuygQarMKDhOW2Q%2F3UlmAOub%2FQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 74505f596fceb524-OSL
content-encoding: br
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash 0fb935f05e6aaba744f686e2bb3928f9
5b8211247e237b44ddd5bc3df47063bfcac84b0e
a998f91aa98aee49510e973a892dd630395bb1af087c7dbc77b61d29bef2bf68
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 03 Sep 2022 17:58:15 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
xfantazy.com/_next/static/oDS-1OtrlAeeVjTgw5hAY/pages/login.js
104.26.0.188200 OK 115 kB URL HTTP/2 xfantazy.com/_next/static/oDS-1OtrlAeeVjTgw5hAY/pages/login.js
IP 104.26.0.188:0
File type ASCII text, with very long lines (2981), with no line terminators
Size 115 kB (114803 bytes)
Hash 7a12c1ab14b8db891085c158095e88a9
1e13043c911568780b65e70e0b294b731ba6ac1c
91d2c4b778a9b807f332e98587347876bace260bf735e94160342daf00bd731d
GET /_next/static/oDS-1OtrlAeeVjTgw5hAY/pages/login.js HTTP/1.1
Host: xfantazy.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/video/5fc582e7b181c14a07fdad7e
Cookie: visitorId=78ob34gxsz5rp4xq8niyu; experiment-popup-payment-7=0; experiment-save-to-button-2=0; safeMode=0; advancedOptions=0; viewedVideoCounter=0; adScript2Groups=push1-push1%2Cpush2-push2%2Cpop-desk%2CTest-Code%20; k2sAccessToken=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiI1YjM5Y2ZjY2ZjNGUwNzFjNzE4MWQ0ZmQiLCJhdWQiOiJjbGllbnQiLCJ0eXBlIjoiYWNjZXNzVG9rZW4iLCJpc3MiOiJrMnMiLCJjSWQiOiI1YjM5Y2ZjY2ZjNGUwNzFjNzE4MWQ0ZmQiLCJqdGkiOiIxY2UwOGExOTY4OTE3IiwiaWF0IjoxNjYyMjI3ODk1LCJleHAiOjE2NjI4MzI2OTV9.UTINzAj0N3Nse5Mz7oKZzku6CT3UeokVAG-QtTCa40k; k2sRefreshToken=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiI1YjM5Y2ZjY2ZjNGUwNzFjNzE4MWQ0ZmQiLCJhdWQiOiJjbGllbnQiLCJ0eXBlIjoicmVmcmVzaFRva2VuIiwiaXNzIjoiazJzIiwiY0lkIjoiNWIzOWNmY2NmYzRlMDcxYzcxODFkNGZkIiwianRpIjoiOGVlYmIxYjkyY2Y5MiIsImlhdCI6MTY2MjIyNzg5NSwiZXhwIjoxNjY0ODE5ODk1fQ.vrujbak3g8m4yFP-aNsDWhExZw0vILECIV7Jhy3Boco
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sat, 03 Sep 2022 17:58:15 GMT
content-type: application/javascript; charset=UTF-8
vary: Origin, Accept-Encoding
cache-control: public, max-age=31536000, immutable
last-modified: Fri, 05 Aug 2022 08:43:45 GMT
etag: W/"ba5-1826d2cbfb8"
cf-cache-status: HIT
age: 2537910
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=actFIFJvwQZ%2BmjArjXy8SY5y4lbNSyN4WfMJzZ3D%2F5eG7TLXY9vofunqbRLKFUTJMLacIjyxVTHpyvpa%2B5aXUg8NsJpHFAAGIv1ODD%2F2wrWLNETraq5ePhaM9eT1Rw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 74505f596fbeb524-OSL
content-encoding: br
X-Firefox-Spdy: h2
ocsp.globalsign.com/gseccovsslca2018
104.18.21.226200 OK 939 B URL HTTP/1.1 ocsp.globalsign.com/gseccovsslca2018
IP 104.18.21.226:0
Hash 405581b334d7f542dcffce9d4e2937fd
2c0920c1b9bcf58412c2c9e6d8ad7e16ae74b710
bf227d4ca5b763c597a512bba69a9e068874cfa8fc4b9ad9abac8b0ec9ce7018
POST /gseccovsslca2018 HTTP/1.1
Host: ocsp.globalsign.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 79
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sat, 03 Sep 2022 17:58:15 GMT
Content-Type: application/ocsp-response
Content-Length: 939
Connection: keep-alive
Expires: Wed, 07 Sep 2022 14:45:08 GMT
ETag: "2c0920c1b9bcf58412c2c9e6d8ad7e16ae74b710"
Last-Modified: Sat, 03 Sep 2022 14:45:09 GMT
Cache-Control: public, no-transform, must-revalidate, s-maxage=3600
CF-Cache-Status: HIT
Age: 791
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 74505f5bdf59fab8-OSL
xfantazy.com/_next/static/chunks/70.aeba4e9e28ccf1bae13a.js
104.26.0.188200 OK 14 kB URL HTTP/2 xfantazy.com/_next/static/chunks/70.aeba4e9e28ccf1bae13a.js
IP 104.26.0.188:0
File type ASCII text, with very long lines (1389), with no line terminators
Hash 71e1ce49cfa488b4dcc3a8a37e7b0211
e1d84e9f47e995a5cf07edebda8411cd00d77107
1f3725fe6f4d62747f660c24841fe5571273d38927377be7f4276dc9b07278e3
GET /_next/static/chunks/70.aeba4e9e28ccf1bae13a.js HTTP/1.1
Host: xfantazy.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/video/5fc582e7b181c14a07fdad7e
Cookie: visitorId=78ob34gxsz5rp4xq8niyu; experiment-popup-payment-7=0; experiment-save-to-button-2=0; safeMode=0; advancedOptions=0; viewedVideoCounter=0
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sat, 03 Sep 2022 17:58:14 GMT
content-type: application/javascript; charset=UTF-8
vary: Origin, Accept-Encoding
cache-control: public, max-age=31536000, immutable
last-modified: Mon, 06 Jun 2022 14:51:13 GMT
etag: W/"56d-181397f9e5d"
cf-cache-status: HIT
age: 7674157
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=AoQnQEltkKed%2BBxCRfnsCJjZ7TofIq5qHd14SFj7LbUQf8cgkuCQqFZEnB9APnGTJHvS%2FUTJZw4%2FWMAp3iBbeRBPK89CZW7dmqYMWsXwpbkMv%2BNyzWIAO%2FQq4u8YUg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 74505f578d73b524-OSL
content-encoding: br
X-Firefox-Spdy: h2
ofghaidarium.xyz/VEd6TTR7eBk+CQUpFntXZRUDHHFtBSAFRBkWSg9AMCxDBmc5Hlw5XTB6Q3sFbXJMa0Q9I0d+BnI0DixAITRHfBI9KRwiCXIxR30abGlDYwRyMkd8EiA3GyoJZWEKOUA4ekt7AmZ1SHoMbXRLeQA
104.21.34.91204 No Content 0 B URL HTTP/2 ofghaidarium.xyz/VEd6TTR7eBk+CQUpFntXZRUDHHFtBSAFRBkWSg9AMCxDBmc5Hlw5XTB6Q3sFbXJMa0Q9I0d+BnI0DixAITRHfBI9KRwiCXIxR30abGlDYwRyMkd8EiA3GyoJZWEKOUA4ekt7AmZ1SHoMbXRLeQA
IP 104.21.34.91:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /VEd6TTR7eBk+CQUpFntXZRUDHHFtBSAFRBkWSg9AMCxDBmc5Hlw5XTB6Q3sFbXJMa0Q9I0d+BnI0DixAITRHfBI9KRwiCXIxR30abGlDYwRyMkd8EiA3GyoJZWEKOUA4ekt7AmZ1SHoMbXRLeQA HTTP/1.1
Host: ofghaidarium.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 204 No Content
date: Sat, 03 Sep 2022 17:58:15 GMT
access-control-allow-origin: *
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=0FoNq7XwO%2F3Bv6USzcd2826XBT%2B75dI5b2N3ppndeNQdZ88%2FfGlzSt9D427wQGTUdo81PxviMv%2FORwtnxcKRVGi4lxgk6nWx16TCz7dvaKDzSmzn3VFHSfcQRUpEgxTv5nbo"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 74505f5c58651bfa-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ofghaidarium.xyz/TnFqeDhhTgkLBRs2IwFaCT8ALXkAFTxKah8wLC5pFx0jPW8iJEwMUSpMU04KfkBYXkgnFVdJAGgCHhlMOwJXSR4nHwwXBWgHV0kWfl9bVgpoBFdJHjoBCx8Ff1caDEwiTFtODnxDWE8Ad0JbTgg
104.21.34.91204 No Content 0 B URL HTTP/2 ofghaidarium.xyz/TnFqeDhhTgkLBRs2IwFaCT8ALXkAFTxKah8wLC5pFx0jPW8iJEwMUSpMU04KfkBYXkgnFVdJAGgCHhlMOwJXSR4nHwwXBWgHV0kWfl9bVgpoBFdJHjoBCx8Ff1caDEwiTFtODnxDWE8Ad0JbTgg
IP 104.21.34.91:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /TnFqeDhhTgkLBRs2IwFaCT8ALXkAFTxKah8wLC5pFx0jPW8iJEwMUSpMU04KfkBYXkgnFVdJAGgCHhlMOwJXSR4nHwwXBWgHV0kWfl9bVgpoBFdJHjoBCx8Ff1caDEwiTFtODnxDWE8Ad0JbTgg HTTP/1.1
Host: ofghaidarium.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 204 No Content
date: Sat, 03 Sep 2022 17:58:15 GMT
access-control-allow-origin: *
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=bL%2FPnEfrecg164eTrSX5UPjIObZwQKvibHyRXwAAXINZUMeE35%2BT5xtPk7OpzolbpPsgldSu5HNouYUK3c4bbQYhcWVkSYKocp4Cqif02C5kkvBpQEd2D%2Bl0u8vZfiAt8nUF"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 74505f5c58661bfa-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
amwoukrks.autos/QVFyaHMgMxEFTCBsEE4GMz1PTUEHdEAuF3BoQBpGLWlKHwEvNkVGEC0+BwwVMz4cHF0vNAZNQQcFIQMDKAY1MQMLAAVNQQMGJlwZAzwkDhUJJRAKJQMiOyo2chI2GEACKSsHNBI6ATgweTQ5KSIjADZcBAM8JD8RAgg2JhQHYhApEHMTKgxEExUZKzgJNSUOGwhnODkfLRQLOQYDK0Y4OQJpNQ4bDCMWH0tyGTElHgU7HiwWACkqDB8bJxcuOTYZHBxEE2MBAxFyOSEmMnk6IhADeAc6BwoWPEZdFQlkOgkKEycXLjowFDVRRghjNDkpCSE+DiUTZz45XiJmNjslNwQwXSYkPwY7Egc1RA1DJSAkAQQrFDZYMgsFOCASKBMIDjY5PiMsSnIEBU4ZMj4cGE4oHzw7EA81OzwRJxI
54.230.111.86200 OK 1.2 kB URL HTTP/2 amwoukrks.autos/QVFyaHMgMxEFTCBsEE4GMz1PTUEHdEAuF3BoQBpGLWlKHwEvNkVGEC0+BwwVMz4cHF0vNAZNQQcFIQMDKAY1MQMLAAVNQQMGJlwZAzwkDhUJJRAKJQMiOyo2chI2GEACKSsHNBI6ATgweTQ5KSIjADZcBAM8JD8RAgg2JhQHYhApEHMTKgxEExUZKzgJNSUOGwhnODkfLRQLOQYDK0Y4OQJpNQ4bDCMWH0tyGTElHgU7HiwWACkqDB8bJxcuOTYZHBxEE2MBAxFyOSEmMnk6IhADeAc6BwoWPEZdFQlkOgkKEycXLjowFDVRRghjNDkpCSE+DiUTZz45XiJmNjslNwQwXSYkPwY7Egc1RA1DJSAkAQQrFDZYMgsFOCASKBMIDjY5PiMsSnIEBU4ZMj4cGE4oHzw7EA81OzwRJxI
IP 54.230.111.86:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (3017), with no line terminators
Hash 9c3774dbb07b0b9262d78f6bd2181361
e779beaaf88ac2306caaeaa13daff93d56afce50
e699a8880d4df82cf0dbb5f120884f36cd6221d0d185751f5a6683edcd797d5d
GET /QVFyaHMgMxEFTCBsEE4GMz1PTUEHdEAuF3BoQBpGLWlKHwEvNkVGEC0+BwwVMz4cHF0vNAZNQQcFIQMDKAY1MQMLAAVNQQMGJlwZAzwkDhUJJRAKJQMiOyo2chI2GEACKSsHNBI6ATgweTQ5KSIjADZcBAM8JD8RAgg2JhQHYhApEHMTKgxEExUZKzgJNSUOGwhnODkfLRQLOQYDK0Y4OQJpNQ4bDCMWH0tyGTElHgU7HiwWACkqDB8bJxcuOTYZHBxEE2MBAxFyOSEmMnk6IhADeAc6BwoWPEZdFQlkOgkKEycXLjowFDVRRghjNDkpCSE+DiUTZz45XiJmNjslNwQwXSYkPwY7Egc1RA1DJSAkAQQrFDZYMgsFOCASKBMIDjY5PiMsSnIEBU4ZMj4cGE4oHzw7EA81OzwRJxI HTTP/1.1
Host: amwoukrks.autos
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/html
content-length: 1172
date: Sat, 03 Sep 2022 17:58:15 GMT
server: openresty/1.17.8.2
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
content-encoding: gzip
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
x-cache: Miss from cloudfront
via: 1.1 0c35b89cb607eddb1b7cc5d6ada865d6.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: 8rBq7z-Mt1wVn-qNaH_dZWGvxaV6-iI0UQvC0ZAFtYEeJvswEd6vXA==
X-Firefox-Spdy: h2
ofghaidarium.xyz/eGQ5TGlXW1o/VCtUb309SiIOKiw6XWwUJw8wcTQwHld3Cg0UKR84ABxZAHpYQVEPahkRAAR/W14XTS0dDRcEfllIUx8lBx4LBH1PDlkJYlFWXRd8Tw1ZCGodCAVecVheFE04BUVVD3pbSlYOdFBLVQ10
104.21.34.91204 No Content 0 B URL HTTP/2 ofghaidarium.xyz/eGQ5TGlXW1o/VCtUb309SiIOKiw6XWwUJw8wcTQwHld3Cg0UKR84ABxZAHpYQVEPahkRAAR/W14XTS0dDRcEfllIUx8lBx4LBH1PDlkJYlFWXRd8Tw1ZCGodCAVecVheFE04BUVVD3pbSlYOdFBLVQ10
IP 104.21.34.91:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /eGQ5TGlXW1o/VCtUb309SiIOKiw6XWwUJw8wcTQwHld3Cg0UKR84ABxZAHpYQVEPahkRAAR/W14XTS0dDRcEfllIUx8lBx4LBH1PDlkJYlFWXRd8Tw1ZCGodCAVecVheFE04BUVVD3pbSlYOdFBLVQ10 HTTP/1.1
Host: ofghaidarium.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 204 No Content
date: Sat, 03 Sep 2022 17:58:15 GMT
access-control-allow-origin: *
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=bFxTxMByigjtrqawEFhOgrjDdu33svnQ7UiVYcYTRsI4IoeCY7C2QkPIBsSfdNSWcTxcbcsRJqsdTF1MhVerIcDmWbJC1er5FipeoY%2BYNBfu0%2BjZL%2BKhGtadrozh1trF2rod"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 74505f5c686c1bfa-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
amwoukrks.autos/dW1RMXUUDzJcShRQMxcABwFsFEczSGN3EURUY0NAGVVpRgcbCmYfFhkCJFUTBwI/RVsbCCUURzMfA3U7ICAZUhstKSFmJjEvMHw0RCIyVjMeLARnHCI+NVcyITweeBsnLDIDFiI1YXggLTk1ST0CWQd4MBo5NGA7DDUTaAQjKjpmMBwdAFAkMz8bZxZHKQR/HCcHBH8yHBkbYSMCDxtjLxgJOnsENF4UcidHFR1rJDM+NQIzDSw6UhoiByF3MUcoE2swHT0yXA0cLxd7RhY1FHInDzcXUiQ4XzdgI0MsFwQdNDoDaTAcCQh+DSMrEFYzHiwEVUU0AHxgNyADCHU4GQYXeCMgWgJ3P0cJBgEyIjUAZzwkXBYXHwYCP0FIAylmBiE3AmRhGxYsOXs
54.230.111.86200 OK 1.2 kB URL HTTP/2 amwoukrks.autos/dW1RMXUUDzJcShRQMxcABwFsFEczSGN3EURUY0NAGVVpRgcbCmYfFhkCJFUTBwI/RVsbCCUURzMfA3U7ICAZUhstKSFmJjEvMHw0RCIyVjMeLARnHCI+NVcyITweeBsnLDIDFiI1YXggLTk1ST0CWQd4MBo5NGA7DDUTaAQjKjpmMBwdAFAkMz8bZxZHKQR/HCcHBH8yHBkbYSMCDxtjLxgJOnsENF4UcidHFR1rJDM+NQIzDSw6UhoiByF3MUcoE2swHT0yXA0cLxd7RhY1FHInDzcXUiQ4XzdgI0MsFwQdNDoDaTAcCQh+DSMrEFYzHiwEVUU0AHxgNyADCHU4GQYXeCMgWgJ3P0cJBgEyIjUAZzwkXBYXHwYCP0FIAylmBiE3AmRhGxYsOXs
IP 54.230.111.86:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (3001), with no line terminators
Hash 969823854b4564a1bd6c5e2bb55b5dbf
255391f07b90d7e80633c8d21992b46ff4ab7cb9
65aa5c8986967917a8b4fc083ff7354b4546cc37b45f3ec48c2f62015f4eff14
GET /dW1RMXUUDzJcShRQMxcABwFsFEczSGN3EURUY0NAGVVpRgcbCmYfFhkCJFUTBwI/RVsbCCUURzMfA3U7ICAZUhstKSFmJjEvMHw0RCIyVjMeLARnHCI+NVcyITweeBsnLDIDFiI1YXggLTk1ST0CWQd4MBo5NGA7DDUTaAQjKjpmMBwdAFAkMz8bZxZHKQR/HCcHBH8yHBkbYSMCDxtjLxgJOnsENF4UcidHFR1rJDM+NQIzDSw6UhoiByF3MUcoE2swHT0yXA0cLxd7RhY1FHInDzcXUiQ4XzdgI0MsFwQdNDoDaTAcCQh+DSMrEFYzHiwEVUU0AHxgNyADCHU4GQYXeCMgWgJ3P0cJBgEyIjUAZzwkXBYXHwYCP0FIAylmBiE3AmRhGxYsOXs HTTP/1.1
Host: amwoukrks.autos
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: text/html
content-length: 1159
date: Sat, 03 Sep 2022 17:58:15 GMT
server: openresty/1.17.8.2
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
content-encoding: gzip
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
x-cache: Miss from cloudfront
via: 1.1 0c35b89cb607eddb1b7cc5d6ada865d6.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: S9tMOCMFXxcRftcSR29WrqPgENsY-Ll4wOt6lEyly6f9sFRVahc8wQ==
X-Firefox-Spdy: h2
static-cache.k2s.cc/thumbnail/3a44af549e112/main/0.jpeg
188.72.235.185404 Not Found 529 B URL HTTP/2 static-cache.k2s.cc/thumbnail/3a44af549e112/main/0.jpeg
IP 188.72.235.185:0
File type JSON data\012- , ASCII text, with very long lines (529), with no line terminators
Hash ab3121ca914031073b42abf764ea33c4
6e22c08647cf2225fbfc523b4ba032fc463979de
1ab2138460737dd9fed575e8996272f532d71e4df23995dfff8ac6eeecf9a2e5
GET /thumbnail/3a44af549e112/main/0.jpeg HTTP/1.1
Host: static-cache.k2s.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 404 Not Found
server: openresty
date: Sat, 03 Sep 2022 17:58:15 GMT
content-type: application/json
access-control-allow-origin: *
X-Firefox-Spdy: h2
amwoukrks.autos/MldCZkxTNSELc1NqIEA5QDt/Q350cnAgKANucBR5Xm96ET5cMHVIL144NwIqQDgsEmJcMjZDfnQbDTIKSBgFHi1qP3MDGQJmGyA7ZAEGEQJ2FBQBKmUgAD4NWTwPLX0HMRpUCVkzJTx0YRNyLApeMBokfHseACcKZAEDVxRkPHYDD2QzETIrXhwVIBlgFRQBKmAGDD4ORQUUIxlzBxUgI2MPAAovdCAYPBlkBSclGncWFDAOZRQrCQF6Zw8CFFU8GCU7XjMKJwVKHxRSBmoFMjELZxIXNx1VAgM3L0ETLgEvcz0HAhRVOwYkHgMxJyckdBEuER10Em8jBXFmOjULdDMIJX9WFQEgfHgWFy8FagU1Ih0DYwQ1fWMBFB4dURY4Mw5lPyEkGmdmECUNFD0xCSJCahoAf1QHFSgmdy4MVzZT
54.230.111.86200 OK 1.2 kB URL HTTP/2 amwoukrks.autos/MldCZkxTNSELc1NqIEA5QDt/Q350cnAgKANucBR5Xm96ET5cMHVIL144NwIqQDgsEmJcMjZDfnQbDTIKSBgFHi1qP3MDGQJmGyA7ZAEGEQJ2FBQBKmUgAD4NWTwPLX0HMRpUCVkzJTx0YRNyLApeMBokfHseACcKZAEDVxRkPHYDD2QzETIrXhwVIBlgFRQBKmAGDD4ORQUUIxlzBxUgI2MPAAovdCAYPBlkBSclGncWFDAOZRQrCQF6Zw8CFFU8GCU7XjMKJwVKHxRSBmoFMjELZxIXNx1VAgM3L0ETLgEvcz0HAhRVOwYkHgMxJyckdBEuER10Em8jBXFmOjULdDMIJX9WFQEgfHgWFy8FagU1Ih0DYwQ1fWMBFB4dURY4Mw5lPyEkGmdmECUNFD0xCSJCahoAf1QHFSgmdy4MVzZT
IP 54.230.111.86:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (3023), with no line terminators
Hash 49609d2c41cd7ad9057b3cbe256684c6
b98e3dedb394c205e24f78d86c9116c45ff4e98f
dec8b7eb0c9ef7e35861f11028a531e867d65903104f9b925ab0fbf3200207ad
GET /MldCZkxTNSELc1NqIEA5QDt/Q350cnAgKANucBR5Xm96ET5cMHVIL144NwIqQDgsEmJcMjZDfnQbDTIKSBgFHi1qP3MDGQJmGyA7ZAEGEQJ2FBQBKmUgAD4NWTwPLX0HMRpUCVkzJTx0YRNyLApeMBokfHseACcKZAEDVxRkPHYDD2QzETIrXhwVIBlgFRQBKmAGDD4ORQUUIxlzBxUgI2MPAAovdCAYPBlkBSclGncWFDAOZRQrCQF6Zw8CFFU8GCU7XjMKJwVKHxRSBmoFMjELZxIXNx1VAgM3L0ETLgEvcz0HAhRVOwYkHgMxJyckdBEuER10Em8jBXFmOjULdDMIJX9WFQEgfHgWFy8FagU1Ih0DYwQ1fWMBFB4dURY4Mw5lPyEkGmdmECUNFD0xCSJCahoAf1QHFSgmdy4MVzZT HTTP/1.1
Host: amwoukrks.autos
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: text/html
content-length: 1176
date: Sat, 03 Sep 2022 17:58:15 GMT
server: openresty/1.17.8.2
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
content-encoding: gzip
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
x-cache: Miss from cloudfront
via: 1.1 0c35b89cb607eddb1b7cc5d6ada865d6.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: anG6LAJ0nbkE5Kn-UpJKfWc2BrRcf2zFvLde_9vE0YVOwrr3nimgUQ==
X-Firefox-Spdy: h2
ofghaidarium.xyz/eHZsekJXSQ8JfzUbKjYQMC8nLHE2RD4rBCkQAjgBOiA+ACQtFUoOKxxLVUxwSEdYXDIRElFLZAsCDQ43C0tdXCsWEANHZA5LXVRxTFheQmxIUBlHc14CHBslRUdKCjYMGlFLdE5EXkh1QE9fSHJB
104.21.34.91204 No Content 0 B URL HTTP/2 ofghaidarium.xyz/eHZsekJXSQ8JfzUbKjYQMC8nLHE2RD4rBCkQAjgBOiA+ACQtFUoOKxxLVUxwSEdYXDIRElFLZAsCDQ43C0tdXCsWEANHZA5LXVRxTFheQmxIUBlHc14CHBslRUdKCjYMGlFLdE5EXkh1QE9fSHJB
IP 104.21.34.91:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /eHZsekJXSQ8JfzUbKjYQMC8nLHE2RD4rBCkQAjgBOiA+ACQtFUoOKxxLVUxwSEdYXDIRElFLZAsCDQ43C0tdXCsWEANHZA5LXVRxTFheQmxIUBlHc14CHBslRUdKCjYMGlFLdE5EXkh1QE9fSHJB HTTP/1.1
Host: ofghaidarium.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 204 No Content
date: Sat, 03 Sep 2022 17:58:15 GMT
access-control-allow-origin: *
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=n6%2BmjkinV6JrdSTEfM8b1bDBT3GU0Huu25MEO5mCW2FpEMkxoopLRKZdG9AzfhlDRCdhg1QSGFj8o%2FF%2BRxbxuSpWOjRIxU5ACjaFtm4t9AGD1hqz3M0bEwpdhycXibB4IPR3"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 74505f5cc8c61bfa-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.sca1b.amazontrust.com/
143.204.42.88200 OK 471 B URL HTTP/1.1 ocsp.sca1b.amazontrust.com/
IP 143.204.42.88:0
Hash 3840b1ebbc204f9d2f97b6781372e244
bc1d407bfd79feecfea0ff010ba424925b9100d0
6848704f8c8ca675a45adacf231487421c2edcd9f5fb136398c3b3b64067e027
POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: 'max-age=158059'
Date: Sat, 03 Sep 2022 17:58:15 GMT
Last-Modified: Sat, 03 Sep 2022 16:25:23 GMT
Server: ECS (nyb/1D29)
X-Cache: Miss from cloudfront
Via: 1.1 2afd697fc5d0058ea30d6c4b939e714c.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: dQOilN9QEGdfBPZ_mWzTBxRDWotqdsY1AyLhJe5ynC0CQWWbcUXQ2Q==
Age: 5572
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash b15f3f14bd92b7a544ec2347e6810c7b
dd55fd8396d796082edabb5ab6e2d7fb3b51b731
87c27c4b0288f31faa405ba5247767d1f299938551bd284212ee487dbb0deb63
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "87C27C4B0288F31FAA405BA5247767D1F299938551BD284212EE487DBB0DEB63"
Last-Modified: Fri, 02 Sep 2022 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3503
Expires: Sat, 03 Sep 2022 18:56:39 GMT
Date: Sat, 03 Sep 2022 17:58:16 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash b15f3f14bd92b7a544ec2347e6810c7b
dd55fd8396d796082edabb5ab6e2d7fb3b51b731
87c27c4b0288f31faa405ba5247767d1f299938551bd284212ee487dbb0deb63
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "87C27C4B0288F31FAA405BA5247767D1F299938551BD284212EE487DBB0DEB63"
Last-Modified: Fri, 02 Sep 2022 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3503
Expires: Sat, 03 Sep 2022 18:56:39 GMT
Date: Sat, 03 Sep 2022 17:58:16 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash b15f3f14bd92b7a544ec2347e6810c7b
dd55fd8396d796082edabb5ab6e2d7fb3b51b731
87c27c4b0288f31faa405ba5247767d1f299938551bd284212ee487dbb0deb63
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "87C27C4B0288F31FAA405BA5247767D1F299938551BD284212EE487DBB0DEB63"
Last-Modified: Fri, 02 Sep 2022 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3503
Expires: Sat, 03 Sep 2022 18:56:39 GMT
Date: Sat, 03 Sep 2022 17:58:16 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash b15f3f14bd92b7a544ec2347e6810c7b
dd55fd8396d796082edabb5ab6e2d7fb3b51b731
87c27c4b0288f31faa405ba5247767d1f299938551bd284212ee487dbb0deb63
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "87C27C4B0288F31FAA405BA5247767D1F299938551BD284212EE487DBB0DEB63"
Last-Modified: Fri, 02 Sep 2022 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3503
Expires: Sat, 03 Sep 2022 18:56:39 GMT
Date: Sat, 03 Sep 2022 17:58:16 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash b15f3f14bd92b7a544ec2347e6810c7b
dd55fd8396d796082edabb5ab6e2d7fb3b51b731
87c27c4b0288f31faa405ba5247767d1f299938551bd284212ee487dbb0deb63
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "87C27C4B0288F31FAA405BA5247767D1F299938551BD284212EE487DBB0DEB63"
Last-Modified: Fri, 02 Sep 2022 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3503
Expires: Sat, 03 Sep 2022 18:56:39 GMT
Date: Sat, 03 Sep 2022 17:58:16 GMT
Connection: keep-alive
d192r5l88wrng7.cloudfront.net/TSkpiWGYpJQw+WT4jBmVffHtbbVBsIBE3CDp3CxYoGSksPC8eKAQbQD4wBmVWbCYDNgF3bAc2BXd7RDkCKHdWfhI6JQllEyQuBz4PJC8GfhMrdw83HCMmDjlDeAxXdlZveFJwHnt7R2skb3hSNA8kPxp9VHoyWm45fH5HayRveFIqEG95I2FQZHpLfVR6LQ-c7DSVvUB5UentSaFd6e0dqViwjED0AJTJHaiBzfExoQD93Uw
54.230.245.4200 OK 328 B URL HTTP/2 d192r5l88wrng7.cloudfront.net/TSkpiWGYpJQw+WT4jBmVffHtbbVBsIBE3CDp3CxYoGSksPC8eKAQbQD4wBmVWbCYDNgF3bAc2BXd7RDkCKHdWfhI6JQllEyQuBz4PJC8GfhMrdw83HCMmDjlDeAxXdlZveFJwHnt7R2skb3hSNA8kPxp9VHoyWm45fH5HayRveFIqEG95I2FQZHpLfVR6LQ-c7DSVvUB5UentSaFd6e0dqViwjED0AJTJHaiBzfExoQD93Uw
IP 54.230.245.4:0
File type ASCII text, with very long lines (404), with no line terminators
Hash d4d1808d0138e73947f19b6cd6413bb9
4e1b674d2b422287c86fa5c0af00bbd874d70021
17c01808ea8ca569e188613e2bde19da355ebcb2fa8ecc5af4b155a82c502821
GET /TSkpiWGYpJQw+WT4jBmVffHtbbVBsIBE3CDp3CxYoGSksPC8eKAQbQD4wBmVWbCYDNgF3bAc2BXd7RDkCKHdWfhI6JQllEyQuBz4PJC8GfhMrdw83HCMmDjlDeAxXdlZveFJwHnt7R2skb3hSNA8kPxp9VHoyWm45fH5HayRveFIqEG95I2FQZHpLfVR6LQ-c7DSVvUB5UentSaFd6e0dqViwjED0AJTJHaiBzfExoQD93Uw HTTP/1.1
Host: d192r5l88wrng7.cloudfront.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://amwoukrks.autos/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-length: 328
date: Sat, 03 Sep 2022 17:58:16 GMT
access-control-allow-origin: *
cache-control: max-age=31556926
content-encoding: gzip
x-cache: Miss from cloudfront
via: 1.1 b053873243f91b1bb6dc406ce0c67db4.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: U-fY_otNuQxQS-OqeuN9CIxWawvj1NxGn7kuMnZeyS1cEe6tFBJJ3Q==
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F7e53e5b7-d429-4f33-bd77-ce946421df55.jpeg
34.120.237.76200 OK 5.0 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F7e53e5b7-d429-4f33-bd77-ce946421df55.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 60769237af4f32c663d494d91a672d08
31305131f340191799484f212e15513bd1204e88
6df36e459f3a2d0271732b645009b116e6671363f6c3050d22bbfe2d911a77bd
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F7e53e5b7-d429-4f33-bd77-ce946421df55.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 4994
x-amzn-requestid: de39357f-d378-4bb8-b4d9-7dd4f82fbb58
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Xgj-kEHvoAMFyBA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6309b390-119fa01e254e89cb39a1b794;Sampled=0
x-amzn-remapped-date: Sat, 27 Aug 2022 06:02:56 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: V6_bFwCNNOb2sZgOQJ8NekZD0pbYwclTg17YlQjCIdKFKGuzfDR0nQ==
via: 1.1 a4fe306096165bb1e86e69365dc8fac2.cloudfront.net (CloudFront), 1.1 567b44ed19c8caed2570b7bcd8c70034.cloudfront.net (CloudFront), 1.1 google
date: Sat, 03 Sep 2022 03:42:03 GMT
age: 51373
etag: "31305131f340191799484f212e15513bd1204e88"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
simplewebanalysis.com/stats
18.192.162.188200 OK 40 B URL HTTP/2 simplewebanalysis.com/stats
IP 18.192.162.188:0
File type ASCII text, with no line terminators
Hash 5722e941d4bc588ac3786ece425d93b8
2c254d8dcfb3e7eda1c51514d21d64709432e883
834320ce7630c7309b3ba6f0f424da3ce2f14d4893280f6c21037a791f65f528
GET /stats HTTP/1.1
Host: simplewebanalysis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://xfantazy.com
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 03 Sep 2022 17:58:16 GMT
content-type: text/html; charset=UTF-8
content-length: 40
server: fasthttp
access-control-allow-origin: https://xfantazy.com
access-control-allow-credentials: true
set-cookie: uid_id2=39ac5163-3130-4767-87ec-8fbb1b1d5db7:1:1; expires=Tue, 31 Aug 2032 17:58:16 GMT; secure; SameSite=None
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fcb6f5d90-39e2-4288-8685-adf2348d38e8.jpeg
34.120.237.76200 OK 14 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fcb6f5d90-39e2-4288-8685-adf2348d38e8.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash d78cbff83c152b84864606781a29563d
8bdbc6e135be6e582d0e23754399422e3792777b
3c385de9ade05e1652ccc386e73aaccc4c223a07b81af4c5fdf3f73a166909f7
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fcb6f5d90-39e2-4288-8685-adf2348d38e8.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 14061
x-amzn-requestid: db7b338c-4fb1-46c0-827a-87e43ceacb90
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: XjB_aFGyoAMFbeg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-630ab062-060509a31e21bd514f736d49;Sampled=0
x-amzn-remapped-date: Sun, 28 Aug 2022 00:01:38 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: p_pP4bQ_t2iBcAl5CetPTBaNmV8E_Br_0Mn5qIlGeC8JCmILxA_l6A==
via: 1.1 26ca01ec7377e425b59b6a08cb1ec342.cloudfront.net (CloudFront), 1.1 5954c6394458ffb44c970b3819d7ff2a.cloudfront.net (CloudFront), 1.1 google
date: Sat, 03 Sep 2022 10:54:15 GMT
age: 25441
etag: "8bdbc6e135be6e582d0e23754399422e3792777b"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff7d7b349-4711-4e66-bc42-888934e385a2.jpeg
34.120.237.76200 OK 7.5 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff7d7b349-4711-4e66-bc42-888934e385a2.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 23b580e2b673257d24b9c2e80c4c48ce
f3a3d835a37f9b23e7458f9b7bc721bc415b61cc
c0e3559fde3dd08cdbd360f39dddcc98dd7c1b3aebd0861cc07105872a116d11
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff7d7b349-4711-4e66-bc42-888934e385a2.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7501
x-amzn-requestid: bf297fc4-9164-45ee-bfab-06761a52e3ba
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: X2eMJEP1IAMFdpA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6312771a-6b3e6416133d67a83d8a1469;Sampled=0
x-amzn-remapped-date: Fri, 02 Sep 2022 21:35:22 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: datd5eYK6nOAUdEpy_y4gcqsVmCqjP4qhzTnlJ9pSrquoYk2PPugTA==
via: 1.1 eece508272520f70691e4eebdc5a6dea.cloudfront.net (CloudFront), 1.1 01147dcc35d57fc0238a3c1700c13f16.cloudfront.net (CloudFront), 1.1 google
date: Fri, 02 Sep 2022 21:49:54 GMT
age: 72502
etag: "f3a3d835a37f9b23e7458f9b7bc721bc415b61cc"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F7c0ef483-e545-4a1f-b9b9-88778330d881.jpeg
34.120.237.76200 OK 10 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F7c0ef483-e545-4a1f-b9b9-88778330d881.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 955f2a35bd6b3802670e7fa8a7cda833
4c70d27f7c51b7fcae1d8a883bfc2e67a551ae6c
2fb517039f0704d2f6fe2fa78eae47c71c645add1c2276f8726248184ae45760
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F7c0ef483-e545-4a1f-b9b9-88778330d881.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 10435
x-amzn-requestid: 813ec4ca-243d-46cb-a6a6-8ec58e5dd9f8
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: XzLjdHwnIAMFhzA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63112615-4733cfb83cf0e8734abc5716;Sampled=0
x-amzn-remapped-date: Thu, 01 Sep 2022 21:37:25 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: n6DJbsUGTdXT42cNLTDq6Uz28H2SDhwq6drdKP4axAHsBz471X7r_g==
via: 1.1 56c69262ecfa7873b40572ba8a323242.cloudfront.net (CloudFront), 1.1 89791e6b21b9a30cc51cac1bc51cf098.cloudfront.net (CloudFront), 1.1 google
date: Fri, 02 Sep 2022 21:37:26 GMT
age: 73250
etag: "4c70d27f7c51b7fcae1d8a883bfc2e67a551ae6c"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc55d0c73-4085-42ac-acb4-1ae9b2ffb393.jpeg
34.120.237.76200 OK 7.0 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc55d0c73-4085-42ac-acb4-1ae9b2ffb393.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash c199f7fc2a2857dec134bfdb2673e28c
af3989072b658e2de119d006ae4ca1703468913d
e57411ba0221f6ffa7baf7c374ec790959a66d6a683fad40883ef01cf67e35c3
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc55d0c73-4085-42ac-acb4-1ae9b2ffb393.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 6976
x-amzn-requestid: da379546-9525-4e13-b9f0-a6446839df66
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: X2eNeG7kIAMF4-Q=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63127722-37399f67565b06e7111095cd;Sampled=0
x-amzn-remapped-date: Fri, 02 Sep 2022 21:35:30 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: alcmiW5Cb3Z96RJNXfz4F54HNERbyV71Q8hqVuNEOTUc48kItzlfHQ==
via: 1.1 da5952aa802df39905ceb16592e9698a.cloudfront.net (CloudFront), 1.1 cd64decb1403270c914848213601a674.cloudfront.net (CloudFront), 1.1 google
date: Fri, 02 Sep 2022 21:49:53 GMT
age: 72503
etag: "af3989072b658e2de119d006ae4ca1703468913d"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
d192r5l88wrng7.cloudfront.net/rRDNUMHcnXDpWSDBaMA1OcgFkAUViWSdfGTQOInRAc2cWX0IUXTdxHw4VIEoTeQNyXBYqVGkWEipQaQFRJVc2DUNiRjUNGitJPVwbJRZmdkJqA3ECR2xLZQFSd3FxAkcoWjpFD2EBZEhPcmxiBFJ3cXECRzZFcQM2fQV6AF5hAWRXEidYOxVFAgFkAUd0Am-QBUnYDMlkFIVU7SFJ2dW0GWXQVIQ1G
54.230.245.4200 OK 189 B URL HTTP/2 d192r5l88wrng7.cloudfront.net/rRDNUMHcnXDpWSDBaMA1OcgFkAUViWSdfGTQOInRAc2cWX0IUXTdxHw4VIEoTeQNyXBYqVGkWEipQaQFRJVc2DUNiRjUNGitJPVwbJRZmdkJqA3ECR2xLZQFSd3FxAkcoWjpFD2EBZEhPcmxiBFJ3cXECRzZFcQM2fQV6AF5hAWRXEidYOxVFAgFkAUd0Am-QBUnYDMlkFIVU7SFJ2dW0GWXQVIQ1G
IP 54.230.245.4:0
File type ASCII text, with no line terminators
Hash 9dbf27360d0ded976f145caf4cd473ef
aaa2007b10f712913bef7d2634edd9b7c7288e9e
0a8588c0babc1eaa8365e2158cb058114df0528514c41bfa86773df77b75d107
GET /rRDNUMHcnXDpWSDBaMA1OcgFkAUViWSdfGTQOInRAc2cWX0IUXTdxHw4VIEoTeQNyXBYqVGkWEipQaQFRJVc2DUNiRjUNGitJPVwbJRZmdkJqA3ECR2xLZQFSd3FxAkcoWjpFD2EBZEhPcmxiBFJ3cXECRzZFcQM2fQV6AF5hAWRXEidYOxVFAgFkAUd0Am-QBUnYDMlkFIVU7SFJ2dW0GWXQVIQ1G HTTP/1.1
Host: d192r5l88wrng7.cloudfront.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://amwoukrks.autos/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-length: 189
date: Sat, 03 Sep 2022 17:58:16 GMT
access-control-allow-origin: *
cache-control: max-age=31556926
content-encoding: gzip
x-cache: Miss from cloudfront
via: 1.1 b053873243f91b1bb6dc406ce0c67db4.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: T8U7Y6NSGgTsQegtwr4JkLaQbjIVNsDFlINPD5l0E6GqDNoS0rmbhw==
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa2e13cf1-38c2-4f82-a50c-b409a24f3af6.jpeg
34.120.237.76200 OK 8.0 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa2e13cf1-38c2-4f82-a50c-b409a24f3af6.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash f4cb62c7c522b71c62a97630d8330ef5
950611314b81428b3d80ff8659272cc800cf48b6
3fd0bbf8a1fe8776136d611d6b99b909b71e6af3a13f8794338af2f0026b59ff
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa2e13cf1-38c2-4f82-a50c-b409a24f3af6.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7975
x-amzn-requestid: 5ed9a360-5a7f-427a-a750-bd8f25214909
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: XwpOBEpjIAMFzXQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63102259-4b9d2f6e61cc186f78718168;Sampled=0
x-amzn-remapped-date: Thu, 01 Sep 2022 03:09:13 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: BU7CFrnTBhvyqoRVp1t-e_ZErBnJA9l4qGkmxOQd10W48IzyIFGFZw==
via: 1.1 cd48ffda04934d18865e47e99ea080bc.cloudfront.net (CloudFront), 1.1 001e7070d795018d01b93988b9723742.cloudfront.net (CloudFront), 1.1 google
date: Sat, 03 Sep 2022 03:46:11 GMT
age: 51125
etag: "950611314b81428b3d80ff8659272cc800cf48b6"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
d192r5l88wrng7.cloudfront.net/LOTFzOGxaXh1eU01YFwVVDwNDCVgfWwBXAkkMK15fX2EkdgZ8SD0JFlgXB0IIBAFVVA1XVk4eCVdSTglKWFURBVgfRQNXBwRVEUAPWFoQXBlcFwZZUVReCVEAVVBWCioMH0MdXgkZCwldHAIxHV4JXRpWGUEUQQgUAQcsDlgcAjEdXglDBR1feAhFFlwQFE-EIC1xSGFdJC3dBCF0JAUIIXRwDQ14FS1QVVxQcAzUBWhcBVU1RCA
54.230.245.4200 OK 592 B URL HTTP/2 d192r5l88wrng7.cloudfront.net/LOTFzOGxaXh1eU01YFwVVDwNDCVgfWwBXAkkMK15fX2EkdgZ8SD0JFlgXB0IIBAFVVA1XVk4eCVdSTglKWFURBVgfRQNXBwRVEUAPWFoQXBlcFwZZUVReCVEAVVBWCioMH0MdXgkZCwldHAIxHV4JXRpWGUEUQQgUAQcsDlgcAjEdXglDBR1feAhFFlwQFE-EIC1xSGFdJC3dBCF0JAUIIXRwDQ14FS1QVVxQcAzUBWhcBVU1RCA
IP 54.230.245.4:0
File type ASCII text, with very long lines (822), with no line terminators
Hash df064c2ebe4c7a73c6068e12e67b95bf
0d74548ff2175017bdbf92a4751af5b82a6a6999
a960a3ea7fdbb7677357064bce3f9b226482a7b06f6a3051a428376e5a82ba50
GET /LOTFzOGxaXh1eU01YFwVVDwNDCVgfWwBXAkkMK15fX2EkdgZ8SD0JFlgXB0IIBAFVVA1XVk4eCVdSTglKWFURBVgfRQNXBwRVEUAPWFoQXBlcFwZZUVReCVEAVVBWCioMH0MdXgkZCwldHAIxHV4JXRpWGUEUQQgUAQcsDlgcAjEdXglDBR1feAhFFlwQFE-EIC1xSGFdJC3dBCF0JAUIIXRwDQ14FS1QVVxQcAzUBWhcBVU1RCA HTTP/1.1
Host: d192r5l88wrng7.cloudfront.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://amwoukrks.autos/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-length: 592
date: Sat, 03 Sep 2022 17:58:16 GMT
access-control-allow-origin: *
cache-control: max-age=31556926
content-encoding: gzip
x-cache: Miss from cloudfront
via: 1.1 b053873243f91b1bb6dc406ce0c67db4.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: 8FovJ2kI6sITMU_PSpIx1cJMTgHoHaQ8CYilD0eBzX0GDPZHxTgdTA==
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash f6417326e426426e280fef8a58363dc6
648c16f787a7510e4ece32c6cae2fdb875c0d12c
d354e8a4ffe12c5326ce0a33fa83cd57e1524a13d7644afc54a02a5bff6bedfc
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "D354E8A4FFE12C5326CE0A33FA83CD57E1524A13D7644AFC54A02A5BFF6BEDFC"
Last-Modified: Fri, 02 Sep 2022 14:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4044
Expires: Sat, 03 Sep 2022 19:05:40 GMT
Date: Sat, 03 Sep 2022 17:58:16 GMT
Connection: keep-alive
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 3f40932022c00daae8bb8e8d21e65641
bcac67288cb0c77ea071070ed836a650be4a7752
0c6eccb2f2a91f6b4269eaa57efa9f929358dfa51a27e6cc38379e807d2120d1
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4952
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Sat, 03 Sep 2022 17:58:16 GMT
Last-Modified: Sat, 03 Sep 2022 16:35:44 GMT
Server: ECS (ska/F716)
X-Cache: HIT
Content-Length: 471
mc.yandex.ru/metrika/advert.gif
77.88.21.119200 OK 43 B URL HTTP/2 mc.yandex.ru/metrika/advert.gif
IP 77.88.21.119:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash df3e567d6f16d040326c7a0ea29a4f41
ea7df583983133b62712b5e73bffbcd45cc53736
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
GET /metrika/advert.gif HTTP/1.1
Host: mc.yandex.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-length: 43
date: Sat, 03 Sep 2022 17:58:16 GMT
access-control-allow-origin: *
etag: "6312122a-2b"
expires: Sat, 03 Sep 2022 18:58:16 GMT
accept-ranges: bytes
last-modified: Fri, 02 Sep 2022 17:24:42 GMT
cache-control: max-age=3600
content-type: image/gif
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash 4d6c49cdfc9ba8e2c35c0864cdd02a9a
ea1b2234ca6f8e87594c1cd3329d61ccf1e6c8a2
662b1013ed12b05bebf54a1cb3040105777d022f0768b3e3fe532b1d8239bfbe
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 03 Sep 2022 17:58:16 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
creepingbrings.com/sfp.js
104.21.234.232200 OK 24 kB URL HTTP/2 creepingbrings.com/sfp.js
IP 104.21.234.232:0
File type Unicode text, UTF-8 text, with very long lines (65529), with no line terminators
Hash d86546630e87f2a828991dce19469691
49eec40f1aec6c5cdb2d8b0a61421856f7c63288
7eb1b0602f7d9606bee73afa6e474f82bd672369a607e11437d1215a1511ef14
GET /sfp.js HTTP/1.1
Host: creepingbrings.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 03 Sep 2022 17:58:16 GMT
content-type: application/javascript; charset=utf-8
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
access-control-allow-origin: *
expires: Thu, 01 Jan 1970 00:00:01 GMT
cache-control: max-age=14400
x-request-id: 325543720bae933cea5fc8fdb7f88b8c
strict-transport-security: max-age=0; includeSubdomains
cf-cache-status: EXPIRED
last-modified: Sat, 03 Sep 2022 17:58:15 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=wiaS9inXAK3phEY2k2uk5drIMR%2BpnfygNWMoPNaSXULouaAAZpJZsc0AZYlRhyXV%2BtcDoCmfzJU%2Fy%2BwTeSnA2OlSOgTQ9K4Xg0B1we4uv1zu7ztRTfEKvdS%2FOUcWun8KvmVBY9M%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 74505f5d5eb7773b-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
amwoukrks.autos/utx?cb=mGUHQobZOWJj&top=xfantazy.com&tid=961956
54.230.111.86204 No Content 0 B URL HTTP/2 amwoukrks.autos/utx?cb=mGUHQobZOWJj&top=xfantazy.com&tid=961956
IP 54.230.111.86:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /utx?cb=mGUHQobZOWJj&top=xfantazy.com&tid=961956 HTTP/1.1
Host: amwoukrks.autos
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://xfantazy.com
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 204 No Content
date: Sat, 03 Sep 2022 17:58:16 GMT
server: openresty/1.17.8.2
access-control-allow-credentials: true
access-control-allow-origin: https://xfantazy.com
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
set-cookie: ut=x; Expires=Sat, 03 Sep 2022 17:59:16 GMT; Max-Age=60
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
x-cache: Miss from cloudfront
via: 1.1 0c35b89cb607eddb1b7cc5d6ada865d6.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: OZowwT3LwI5K7Ua4_NvVEGR4kL2WYXkiS0n9Ka3Tr9CWrCTsRpXEig==
X-Firefox-Spdy: h2
amwoukrks.autos/utx?cb=dM8rFR0tmvPQ&top=xfantazy.com&tid=962014
54.230.111.86204 No Content 0 B URL HTTP/2 amwoukrks.autos/utx?cb=dM8rFR0tmvPQ&top=xfantazy.com&tid=962014
IP 54.230.111.86:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /utx?cb=dM8rFR0tmvPQ&top=xfantazy.com&tid=962014 HTTP/1.1
Host: amwoukrks.autos
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://xfantazy.com
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 204 No Content
date: Sat, 03 Sep 2022 17:58:16 GMT
server: openresty/1.17.8.2
access-control-allow-credentials: true
access-control-allow-origin: https://xfantazy.com
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
set-cookie: ut=x; Expires=Sat, 03 Sep 2022 17:59:16 GMT; Max-Age=60
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
x-cache: Miss from cloudfront
via: 1.1 0c35b89cb607eddb1b7cc5d6ada865d6.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: yRH_YUhT3xv-isw8Cl7WNdiN_ZkLose6igq6NVhxpnUUekG-1Yxf5Q==
X-Firefox-Spdy: h2
accounts.google.com/ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&uilel=3&hl=en&service=youtube
216.58.207.237302 Found 395 B URL HTTP/2 accounts.google.com/ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&uilel=3&hl=en&service=youtube
IP 216.58.207.237:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (383)
Hash 9e4f920ecb78f1c11005621bc1fb2738
d9dcbd6d8d624b48c07f77b4d845356045ac7534
ccc13d153998f93beacffcd082e173d23a43cb7ffb3353acf108cb0dd6eef0f2
GET /ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&uilel=3&hl=en&service=youtube HTTP/1.1
Host: accounts.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
content-type: text/html; charset=UTF-8
x-frame-options: DENY
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Sat, 03 Sep 2022 17:58:16 GMT
location: https://accounts.google.com/v3/signin/identifier?dsh=S621337808%3A1662227896350545&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&hl=en&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&ifkv=AQN2RmVHuq6N999ZAbEW4yDZpN1ZqhWBNvATBtiwCPimaSYifS5Lx16VOkmAUhuMJazs-v6X1tz9CQ
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-opener-policy-report-only: same-origin; report-to="coop_gse_qebhlk"
content-security-policy: require-trusted-types-for 'script';report-uri /cspreport, script-src 'nonce-yOZqhi5LQQ61NwcrGqsyrA' 'unsafe-inline' 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /cspreport
report-to: {"group":"coop_gse_qebhlk","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gse_qebhlk"}]}
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 395
server: GSE
set-cookie: __Host-GAPS=1:y3tiXXAuGAQCh5G12QAuPbt6bxvCww:wJa9XmEjDzn_zn8E;Path=/;Expires=Mon, 02-Sep-2024 17:58:16 GMT;Secure;HttpOnly;Priority=HIGH
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
accounts.google.com/ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&uilel=3&hl=en&service=mail
216.58.207.237302 Found 391 B URL HTTP/2 accounts.google.com/ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&uilel=3&hl=en&service=mail
IP 216.58.207.237:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (379)
Hash 60c39862d27a03eb4d508f50a92099d8
4b0502023fa255ad4e72e94056f2aed6edeb9734
86ee89e6976643a3af3cbc032ca627d8a3547e17e849fc8f1b96eb61d2e9b603
GET /ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&uilel=3&hl=en&service=mail HTTP/1.1
Host: accounts.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
content-type: text/html; charset=UTF-8
x-frame-options: DENY
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Sat, 03 Sep 2022 17:58:16 GMT
location: https://accounts.google.com/v3/signin/identifier?dsh=S923606146%3A1662227896395556&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&hl=en&passive=true&service=mail&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&ifkv=AQN2RmXkHtOWLeY1DNxDgthS2mMBWBcv4ACqy2vtalRpOsSH5ry84lr3G-iaUW8zX3uh8mXUXQ1aIQ
strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: require-trusted-types-for 'script';report-uri /cspreport, script-src 'nonce-KnCLZg_v3I2iczz1LN19WQ' 'unsafe-inline' 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /cspreport
cross-origin-opener-policy-report-only: same-origin; report-to="coop_gse_qebhlk"
report-to: {"group":"coop_gse_qebhlk","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gse_qebhlk"}]}
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 391
server: GSE
set-cookie: __Host-GAPS=1:BTJ85SxmRsWgS74XhJENVzR9hcosXw:AJTjaaKMAaTbMPqB;Path=/;Expires=Mon, 02-Sep-2024 17:58:16 GMT;Secure;HttpOnly;Priority=HIGH
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash 51df98c169fb7de773301d014bcea4b8
9bdf9bdb9b5eee378e9ac4ec68ca07c665ae4819
c8336f3a2e16c9390b610c612ce9be7c19286f04a6328a29200cbf65db5801c8
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 03 Sep 2022 17:58:16 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 3f40932022c00daae8bb8e8d21e65641
bcac67288cb0c77ea071070ed836a650be4a7752
0c6eccb2f2a91f6b4269eaa57efa9f929358dfa51a27e6cc38379e807d2120d1
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4952
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Sat, 03 Sep 2022 17:58:16 GMT
Last-Modified: Sat, 03 Sep 2022 16:35:44 GMT
Server: ECS (ska/F716)
X-Cache: HIT
Content-Length: 471
www.facebook.com/login.php?next=https%3A%2F%2Fwww.facebook.com%2Ffavicon.ico%3F_rdr%3Dp
31.13.72.36200 OK 29 kB URL HTTP/2 www.facebook.com/login.php?next=https%3A%2F%2Fwww.facebook.com%2Ffavicon.ico%3F_rdr%3Dp
IP 31.13.72.36:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (32016)
Hash 1cbc84f59f16b0797ee2353aa36ba524
eb096112e7bf9710e1cdffa120aab6aa458c8f2c
e2bba4e711839254728729e8e039beead7725eaad1396fc289f463f120531c3f
GET /login.php?next=https%3A%2F%2Fwww.facebook.com%2Ffavicon.ico%3F_rdr%3Dp HTTP/1.1
Host: www.facebook.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-encoding: br
pragma: no-cache
cache-control: private, no-cache, no-store, must-revalidate
expires: Sat, 01 Jan 2000 00:00:00 GMT
content-security-policy-report-only: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* wss://*.fbcdn.net attachment.fbsbx.com blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ *.fbsbx.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster: *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: *.fbcdn.net;worker-src blob: *.facebook.com data:;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
content-security-policy: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* wss://*.fbcdn.net attachment.fbsbx.com blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ *.fbsbx.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster: *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: *.fbcdn.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
report-to: {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown"}]}
x-frame-options: DENY
x-content-type-options: nosniff
x-xss-protection: 0
cross-origin-opener-policy: same-origin-allow-popups
vary: Sec-Fetch-Site, Sec-Fetch-Mode, Accept-Encoding
strict-transport-security: max-age=15552000; preload
content-type: text/html; charset="utf-8"
x-fb-debug: H+WzR16OvSHTvGiVmwohy/d+9ajjBQs6B9lt6aERzdWWG7NowKd9z4b5SgLjgXGKJAyAWfNY4yGLd2mBjRSmVQ==
date: Sat, 03 Sep 2022 17:58:16 GMT
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
mc.yandex.ru/watch/49415098/1?page-url=https%3A%2F%2Fxfantazy.com%2Fvideo%2F5fc582e7b181c14a07fdad7e&charset=utf-8&hittoken=1662227895_537bb468a04ea65f69c5c7e4bb02dfce231d0fff41df6920c4f587d0de8aacc8&browser-info=pa%3A1%3Aar%3A1%3Agdpr%3A14%3Avf%3A2ofv6mafcjh9urjbet5rlk%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A882%3Acn%3A1%3Adp%3A0%3Als%3A350668067412%3Ahid%3A539577197%3Az%3A0%3Ai%3A20220903175813%3Aet%3A1662227894%3Ac%3A1%3Arn%3A809520273%3Arqn%3A2%3Au%3A1662227893623708635%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Aeu%3A1%3Ans%3A1662227890488%3Awv%3A2%3Aco%3A0%3Aadb%3A2%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1662227894&t=gdpr(14)mc(p-7-h-1)clc(0-0-0)aw(1)rqnt(2)fip(1)rqnl(1)ti(2)
77.88.21.119200 OK 43 B URL HTTP/2 mc.yandex.ru/watch/49415098/1?page-url=https%3A%2F%2Fxfantazy.com%2Fvideo%2F5fc582e7b181c14a07fdad7e&charset=utf-8&hittoken=1662227895_537bb468a04ea65f69c5c7e4bb02dfce231d0fff41df6920c4f587d0de8aacc8&browser-info=pa%3A1%3Aar%3A1%3Agdpr%3A14%3Avf%3A2ofv6mafcjh9urjbet5rlk%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A882%3Acn%3A1%3Adp%3A0%3Als%3A350668067412%3Ahid%3A539577197%3Az%3A0%3Ai%3A20220903175813%3Aet%3A1662227894%3Ac%3A1%3Arn%3A809520273%3Arqn%3A2%3Au%3A1662227893623708635%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Aeu%3A1%3Ans%3A1662227890488%3Awv%3A2%3Aco%3A0%3Aadb%3A2%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1662227894&t=gdpr(14)mc(p-7-h-1)clc(0-0-0)aw(1)rqnt(2)fip(1)rqnl(1)ti(2)
IP 77.88.21.119:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash df3e567d6f16d040326c7a0ea29a4f41
ea7df583983133b62712b5e73bffbcd45cc53736
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
POST /watch/49415098/1?page-url=https%3A%2F%2Fxfantazy.com%2Fvideo%2F5fc582e7b181c14a07fdad7e&charset=utf-8&hittoken=1662227895_537bb468a04ea65f69c5c7e4bb02dfce231d0fff41df6920c4f587d0de8aacc8&browser-info=pa%3A1%3Aar%3A1%3Agdpr%3A14%3Avf%3A2ofv6mafcjh9urjbet5rlk%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A882%3Acn%3A1%3Adp%3A0%3Als%3A350668067412%3Ahid%3A539577197%3Az%3A0%3Ai%3A20220903175813%3Aet%3A1662227894%3Ac%3A1%3Arn%3A809520273%3Arqn%3A2%3Au%3A1662227893623708635%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Aeu%3A1%3Ans%3A1662227890488%3Awv%3A2%3Aco%3A0%3Aadb%3A2%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1662227894&t=gdpr(14)mc(p-7-h-1)clc(0-0-0)aw(1)rqnt(2)fip(1)rqnl(1)ti(2) HTTP/1.1
Host: mc.yandex.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Content-Length: 45
Origin: https://xfantazy.com
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-length: 43
date: Sat, 03 Sep 2022 17:58:16 GMT
access-control-allow-origin: https://xfantazy.com
access-control-allow-credentials: true
pragma: no-cache
x-xss-protection: 1; mode=block
expires: Sat, 03-Sep-2022 17:58:16 GMT
last-modified: Sat, 03-Sep-2022 17:58:16 GMT
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
content-type: image/gif
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
freychang.fun/
104.21.45.207200 OK 71 B IP 104.21.45.207:0
File type ASCII text, with no line terminators
Hash ae97957af7b06fbc57c55232c739dccc
ec469ca8aebe707f92f669e38b524acd620e6381
cfa68f97de1b71ce5a4b13b9db3cf0e363ebe684f18f3e743f03c7aa4c0557fe
Analyzer Verdict Alert quad9 Sinkholed
GET / HTTP/1.1
Host: freychang.fun
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://xfantazy.com/
Origin: https://xfantazy.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 03 Sep 2022 17:58:16 GMT
content-type: text/plain
set-cookie: csu=1507349768652275@1@1662227896; Max-Age=31104000; Secure; SameSite=None
access-control-allow-origin: https://xfantazy.com
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-headers: X-Requested-With, content-type
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=DF3psWvdof7VzeW0DNHfboO2OZo5JCgeXccFzBZCbtgCc5QDzd4LD8IZTE4ctXJRzB8CRF3ItY2TSJw6Q47LQs8X%2F06ejXQhq3Zt135CWn7m5Z%2BM0EFUVfI50tpdZ4KW"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 74505f5fda24b4e8-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
mc.yandex.ru/watch/49415098/1?page-url=https%3A%2F%2Fxfantazy.com%2Fvideo%2F5fc582e7b181c14a07fdad7e&charset=utf-8&hittoken=1662227895_537bb468a04ea65f69c5c7e4bb02dfce231d0fff41df6920c4f587d0de8aacc8&browser-info=pa%3A1%3Aar%3A1%3Agdpr%3A14%3Avf%3A2ofv6mafcjh9urjbet5rlk%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A882%3Acn%3A1%3Adp%3A0%3Als%3A350668067412%3Ahid%3A539577197%3Az%3A0%3Ai%3A20220903175813%3Aet%3A1662227894%3Ac%3A1%3Arn%3A359553759%3Arqn%3A6%3Au%3A1662227893623708635%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Aeu%3A1%3Ans%3A1662227890488%3Awv%3A2%3Aco%3A0%3Aadb%3A2%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1662227894&t=gdpr(14)mc(p-7-h-1)clc(0-0-0)aw(1)rqnt(6)fip(1)rqnl(1)ti(2)
77.88.21.119200 OK 43 B URL HTTP/2 mc.yandex.ru/watch/49415098/1?page-url=https%3A%2F%2Fxfantazy.com%2Fvideo%2F5fc582e7b181c14a07fdad7e&charset=utf-8&hittoken=1662227895_537bb468a04ea65f69c5c7e4bb02dfce231d0fff41df6920c4f587d0de8aacc8&browser-info=pa%3A1%3Aar%3A1%3Agdpr%3A14%3Avf%3A2ofv6mafcjh9urjbet5rlk%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A882%3Acn%3A1%3Adp%3A0%3Als%3A350668067412%3Ahid%3A539577197%3Az%3A0%3Ai%3A20220903175813%3Aet%3A1662227894%3Ac%3A1%3Arn%3A359553759%3Arqn%3A6%3Au%3A1662227893623708635%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Aeu%3A1%3Ans%3A1662227890488%3Awv%3A2%3Aco%3A0%3Aadb%3A2%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1662227894&t=gdpr(14)mc(p-7-h-1)clc(0-0-0)aw(1)rqnt(6)fip(1)rqnl(1)ti(2)
IP 77.88.21.119:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash df3e567d6f16d040326c7a0ea29a4f41
ea7df583983133b62712b5e73bffbcd45cc53736
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
POST /watch/49415098/1?page-url=https%3A%2F%2Fxfantazy.com%2Fvideo%2F5fc582e7b181c14a07fdad7e&charset=utf-8&hittoken=1662227895_537bb468a04ea65f69c5c7e4bb02dfce231d0fff41df6920c4f587d0de8aacc8&browser-info=pa%3A1%3Aar%3A1%3Agdpr%3A14%3Avf%3A2ofv6mafcjh9urjbet5rlk%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A882%3Acn%3A1%3Adp%3A0%3Als%3A350668067412%3Ahid%3A539577197%3Az%3A0%3Ai%3A20220903175813%3Aet%3A1662227894%3Ac%3A1%3Arn%3A359553759%3Arqn%3A6%3Au%3A1662227893623708635%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Aeu%3A1%3Ans%3A1662227890488%3Awv%3A2%3Aco%3A0%3Aadb%3A2%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1662227894&t=gdpr(14)mc(p-7-h-1)clc(0-0-0)aw(1)rqnt(6)fip(1)rqnl(1)ti(2) HTTP/1.1
Host: mc.yandex.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Content-Length: 99
Origin: https://xfantazy.com
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-length: 43
date: Sat, 03 Sep 2022 17:58:16 GMT
access-control-allow-origin: https://xfantazy.com
access-control-allow-credentials: true
pragma: no-cache
x-xss-protection: 1; mode=block
expires: Sat, 03-Sep-2022 17:58:16 GMT
last-modified: Sat, 03-Sep-2022 17:58:16 GMT
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
content-type: image/gif
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
freychang.fun/asd100.bin
104.21.45.207200 OK 102 kB IP 104.21.45.207:0
Size 102 kB (102443 bytes)
Hash 3bb3e134e15f9db8ca962e65622030b4
d70eb42555f0467b7eba8cc18b91d25b7fced587
13b834de9ab04e04f4b7414cc74d68ff04b9f3797cb58784641bb192094697eb
Analyzer Verdict Alert quad9 Sinkholed
GET /asd100.bin HTTP/1.1
Host: freychang.fun
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://xfantazy.com/
Origin: https://xfantazy.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sat, 03 Sep 2022 17:58:16 GMT
content-type: binary/octet-stream
access-control-allow-origin: https://xfantazy.com
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-headers: X-Requested-With, content-type
cache-control: max-age=14400
cf-cache-status: HIT
age: 1946
last-modified: Sat, 03 Sep 2022 17:25:50 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=WUdMGod4RdF1aZ%2FENlBwncjtVrJvz%2FdJSTZvBLXHEp6Vr%2FzL7Wd98TO6P0buevOwI21EnbTWT7aARfo9j2Xa8Xa3GifiFnddTh3pTimppORUqoY5pzMTdbRGD1Udvyed"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 74505f5fda1eb4e8-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
unwillingsnick.com/4d/0a/fc/4d0afc2425eea6b0cd5a468c9f8a69ed.js
192.243.61.227200 OK 29 kB URL HTTP/1.1 unwillingsnick.com/4d/0a/fc/4d0afc2425eea6b0cd5a468c9f8a69ed.js
IP 192.243.61.227:0
ASN #39572 DataWeb Global Group B.V.
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (65536), with no line terminators
Hash 8c42282d82cfcf4fecbdc4134516f039
76e341c8ae481eeec5f8218a5c883a056651cc5c
a5319244ac342b9537402b3e25dde24c5b74eca35ad19694f0121a93050c2be2
Analyzer Verdict Alert quad9 Sinkholed
GET /4d/0a/fc/4d0afc2425eea6b0cd5a468c9f8a69ed.js HTTP/1.1
Host: unwillingsnick.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.22.0
Date: Sat, 03 Sep 2022 17:58:16 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA-Full-Version-ListSec-CH-UA-MobileSec-CH-UA-Platform,Sec-CH-UA-Mobile,Sec-CH-UA-Platform,Sec-CH-UA-PlatformSec-CH-UA-ModelSec-CH-UA-Mobile,Sec-CH-UA-PlatformSec-CH-UA-Platform-Version,Sec-CH-UASec-CH-UA-MobileSec-CH-UA-Platform,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: a8ec173b11dff9448441d6c7c37a6ff9
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
mc.yandex.ru/watch/49415098/1?page-url=https%3A%2F%2Fxfantazy.com%2Fvideo%2F5fc582e7b181c14a07fdad7e&charset=utf-8&hittoken=1662227895_537bb468a04ea65f69c5c7e4bb02dfce231d0fff41df6920c4f587d0de8aacc8&browser-info=pa%3A1%3Aar%3A1%3Agdpr%3A14%3Avf%3A2ofv6mafcjh9urjbet5rlk%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A882%3Acn%3A1%3Adp%3A0%3Als%3A350668067412%3Ahid%3A539577197%3Az%3A0%3Ai%3A20220903175813%3Aet%3A1662227894%3Ac%3A1%3Arn%3A804454021%3Arqn%3A7%3Au%3A1662227893623708635%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Aeu%3A1%3Ans%3A1662227890488%3Awv%3A2%3Aco%3A0%3Aadb%3A2%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1662227894&t=gdpr(14)mc(p-7-h-1)clc(0-0-0)aw(1)rqnt(7)fip(1)rqnl(1)ti(2)
77.88.21.119200 OK 43 B URL HTTP/2 mc.yandex.ru/watch/49415098/1?page-url=https%3A%2F%2Fxfantazy.com%2Fvideo%2F5fc582e7b181c14a07fdad7e&charset=utf-8&hittoken=1662227895_537bb468a04ea65f69c5c7e4bb02dfce231d0fff41df6920c4f587d0de8aacc8&browser-info=pa%3A1%3Aar%3A1%3Agdpr%3A14%3Avf%3A2ofv6mafcjh9urjbet5rlk%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A882%3Acn%3A1%3Adp%3A0%3Als%3A350668067412%3Ahid%3A539577197%3Az%3A0%3Ai%3A20220903175813%3Aet%3A1662227894%3Ac%3A1%3Arn%3A804454021%3Arqn%3A7%3Au%3A1662227893623708635%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Aeu%3A1%3Ans%3A1662227890488%3Awv%3A2%3Aco%3A0%3Aadb%3A2%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1662227894&t=gdpr(14)mc(p-7-h-1)clc(0-0-0)aw(1)rqnt(7)fip(1)rqnl(1)ti(2)
IP 77.88.21.119:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash df3e567d6f16d040326c7a0ea29a4f41
ea7df583983133b62712b5e73bffbcd45cc53736
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
POST /watch/49415098/1?page-url=https%3A%2F%2Fxfantazy.com%2Fvideo%2F5fc582e7b181c14a07fdad7e&charset=utf-8&hittoken=1662227895_537bb468a04ea65f69c5c7e4bb02dfce231d0fff41df6920c4f587d0de8aacc8&browser-info=pa%3A1%3Aar%3A1%3Agdpr%3A14%3Avf%3A2ofv6mafcjh9urjbet5rlk%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A882%3Acn%3A1%3Adp%3A0%3Als%3A350668067412%3Ahid%3A539577197%3Az%3A0%3Ai%3A20220903175813%3Aet%3A1662227894%3Ac%3A1%3Arn%3A804454021%3Arqn%3A7%3Au%3A1662227893623708635%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Aeu%3A1%3Ans%3A1662227890488%3Awv%3A2%3Aco%3A0%3Aadb%3A2%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1662227894&t=gdpr(14)mc(p-7-h-1)clc(0-0-0)aw(1)rqnt(7)fip(1)rqnl(1)ti(2) HTTP/1.1
Host: mc.yandex.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Content-Length: 98
Origin: https://xfantazy.com
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-length: 43
date: Sat, 03 Sep 2022 17:58:16 GMT
access-control-allow-origin: https://xfantazy.com
access-control-allow-credentials: true
pragma: no-cache
x-xss-protection: 1; mode=block
expires: Sat, 03-Sep-2022 17:58:16 GMT
last-modified: Sat, 03-Sep-2022 17:58:16 GMT
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
content-type: image/gif
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
mc.yandex.ru/watch/49415098/1?page-url=https%3A%2F%2Fxfantazy.com%2Fvideo%2F5fc582e7b181c14a07fdad7e&charset=utf-8&hittoken=1662227895_537bb468a04ea65f69c5c7e4bb02dfce231d0fff41df6920c4f587d0de8aacc8&browser-info=pa%3A1%3Aar%3A1%3Agdpr%3A14%3Avf%3A2ofv6mafcjh9urjbet5rlk%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A882%3Acn%3A1%3Adp%3A0%3Als%3A350668067412%3Ahid%3A539577197%3Az%3A0%3Ai%3A20220903175813%3Aet%3A1662227894%3Ac%3A1%3Arn%3A280287241%3Arqn%3A9%3Au%3A1662227893623708635%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Aeu%3A1%3Ans%3A1662227890488%3Awv%3A2%3Aco%3A0%3Aadb%3A2%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1662227894&t=gdpr(14)mc(p-7-h-1)clc(0-0-0)aw(1)rqnt(9)fip(1)rqnl(1)ti(2)
77.88.21.119200 OK 43 B URL HTTP/2 mc.yandex.ru/watch/49415098/1?page-url=https%3A%2F%2Fxfantazy.com%2Fvideo%2F5fc582e7b181c14a07fdad7e&charset=utf-8&hittoken=1662227895_537bb468a04ea65f69c5c7e4bb02dfce231d0fff41df6920c4f587d0de8aacc8&browser-info=pa%3A1%3Aar%3A1%3Agdpr%3A14%3Avf%3A2ofv6mafcjh9urjbet5rlk%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A882%3Acn%3A1%3Adp%3A0%3Als%3A350668067412%3Ahid%3A539577197%3Az%3A0%3Ai%3A20220903175813%3Aet%3A1662227894%3Ac%3A1%3Arn%3A280287241%3Arqn%3A9%3Au%3A1662227893623708635%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Aeu%3A1%3Ans%3A1662227890488%3Awv%3A2%3Aco%3A0%3Aadb%3A2%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1662227894&t=gdpr(14)mc(p-7-h-1)clc(0-0-0)aw(1)rqnt(9)fip(1)rqnl(1)ti(2)
IP 77.88.21.119:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash df3e567d6f16d040326c7a0ea29a4f41
ea7df583983133b62712b5e73bffbcd45cc53736
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
POST /watch/49415098/1?page-url=https%3A%2F%2Fxfantazy.com%2Fvideo%2F5fc582e7b181c14a07fdad7e&charset=utf-8&hittoken=1662227895_537bb468a04ea65f69c5c7e4bb02dfce231d0fff41df6920c4f587d0de8aacc8&browser-info=pa%3A1%3Aar%3A1%3Agdpr%3A14%3Avf%3A2ofv6mafcjh9urjbet5rlk%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A882%3Acn%3A1%3Adp%3A0%3Als%3A350668067412%3Ahid%3A539577197%3Az%3A0%3Ai%3A20220903175813%3Aet%3A1662227894%3Ac%3A1%3Arn%3A280287241%3Arqn%3A9%3Au%3A1662227893623708635%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Aeu%3A1%3Ans%3A1662227890488%3Awv%3A2%3Aco%3A0%3Aadb%3A2%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1662227894&t=gdpr(14)mc(p-7-h-1)clc(0-0-0)aw(1)rqnt(9)fip(1)rqnl(1)ti(2) HTTP/1.1
Host: mc.yandex.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Content-Length: 39
Origin: https://xfantazy.com
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-length: 43
date: Sat, 03 Sep 2022 17:58:16 GMT
access-control-allow-origin: https://xfantazy.com
access-control-allow-credentials: true
pragma: no-cache
x-xss-protection: 1; mode=block
expires: Sat, 03-Sep-2022 17:58:16 GMT
last-modified: Sat, 03-Sep-2022 17:58:16 GMT
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
content-type: image/gif
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
mc.yandex.ru/watch/49415098/1?page-url=https%3A%2F%2Fxfantazy.com%2Fvideo%2F5fc582e7b181c14a07fdad7e&charset=utf-8&hittoken=1662227895_537bb468a04ea65f69c5c7e4bb02dfce231d0fff41df6920c4f587d0de8aacc8&browser-info=pv%3A1%3Aar%3A1%3Agdpr%3A14%3Avf%3A2ofv6mafcjh9urjbet5rlk%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A882%3Acn%3A1%3Adp%3A0%3Als%3A350668067412%3Ahid%3A539577197%3Az%3A0%3Ai%3A20220903175813%3Aet%3A1662227894%3Ac%3A1%3Arn%3A1051444136%3Arqn%3A8%3Au%3A1662227893623708635%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Aeu%3A1%3Ans%3A1662227890488%3Awv%3A2%3Aco%3A0%3Aadb%3A2%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1662227894%3At%3A%EF%BB%BFDenis%20and%20Rosa%20Backdoor%20Lesbians_%5BLovely-Teen.Me%5D%20-%20XFantazy.com&t=gdpr%2814%29mc%28p-7-h-1%29clc%280-0-0%29aw%281%29rqnt%288%29fip%281%29rqnl%281%29ti%282%29
77.88.21.119200 OK 43 B URL HTTP/2 mc.yandex.ru/watch/49415098/1?page-url=https%3A%2F%2Fxfantazy.com%2Fvideo%2F5fc582e7b181c14a07fdad7e&charset=utf-8&hittoken=1662227895_537bb468a04ea65f69c5c7e4bb02dfce231d0fff41df6920c4f587d0de8aacc8&browser-info=pv%3A1%3Aar%3A1%3Agdpr%3A14%3Avf%3A2ofv6mafcjh9urjbet5rlk%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A882%3Acn%3A1%3Adp%3A0%3Als%3A350668067412%3Ahid%3A539577197%3Az%3A0%3Ai%3A20220903175813%3Aet%3A1662227894%3Ac%3A1%3Arn%3A1051444136%3Arqn%3A8%3Au%3A1662227893623708635%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Aeu%3A1%3Ans%3A1662227890488%3Awv%3A2%3Aco%3A0%3Aadb%3A2%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1662227894%3At%3A%EF%BB%BFDenis%20and%20Rosa%20Backdoor%20Lesbians_%5BLovely-Teen.Me%5D%20-%20XFantazy.com&t=gdpr%2814%29mc%28p-7-h-1%29clc%280-0-0%29aw%281%29rqnt%288%29fip%281%29rqnl%281%29ti%282%29
IP 77.88.21.119:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash df3e567d6f16d040326c7a0ea29a4f41
ea7df583983133b62712b5e73bffbcd45cc53736
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
GET /watch/49415098/1?page-url=https%3A%2F%2Fxfantazy.com%2Fvideo%2F5fc582e7b181c14a07fdad7e&charset=utf-8&hittoken=1662227895_537bb468a04ea65f69c5c7e4bb02dfce231d0fff41df6920c4f587d0de8aacc8&browser-info=pv%3A1%3Aar%3A1%3Agdpr%3A14%3Avf%3A2ofv6mafcjh9urjbet5rlk%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A882%3Acn%3A1%3Adp%3A0%3Als%3A350668067412%3Ahid%3A539577197%3Az%3A0%3Ai%3A20220903175813%3Aet%3A1662227894%3Ac%3A1%3Arn%3A1051444136%3Arqn%3A8%3Au%3A1662227893623708635%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Aeu%3A1%3Ans%3A1662227890488%3Awv%3A2%3Aco%3A0%3Aadb%3A2%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1662227894%3At%3A%EF%BB%BFDenis%20and%20Rosa%20Backdoor%20Lesbians_%5BLovely-Teen.Me%5D%20-%20XFantazy.com&t=gdpr%2814%29mc%28p-7-h-1%29clc%280-0-0%29aw%281%29rqnt%288%29fip%281%29rqnl%281%29ti%282%29 HTTP/1.1
Host: mc.yandex.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://xfantazy.com
Referer: https://xfantazy.com/
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-length: 43
date: Sat, 03 Sep 2022 17:58:16 GMT
access-control-allow-origin: https://xfantazy.com
access-control-allow-credentials: true
pragma: no-cache
x-xss-protection: 1; mode=block
expires: Sat, 03-Sep-2022 17:58:16 GMT
last-modified: Sat, 03-Sep-2022 17:58:16 GMT
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
content-type: image/gif
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
e1.o.lencr.org/
23.36.77.32200 OK 345 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash ce8cea2f2f024a4eee0401aac681c7bd
97f6e25c4054d46f61b1a183cf7efcdbf4982298
c6edcb641cb643133eb1aa66d52742ee22817b88899de4edbea6053e317e2ac8
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "C6EDCB641CB643133EB1AA66D52742EE22817B88899DE4EDBEA6053E317E2AC8"
Last-Modified: Fri, 02 Sep 2022 22:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5746
Expires: Sat, 03 Sep 2022 19:34:02 GMT
Date: Sat, 03 Sep 2022 17:58:16 GMT
Connection: keep-alive
e1.o.lencr.org/
23.36.77.32200 OK 345 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash ce8cea2f2f024a4eee0401aac681c7bd
97f6e25c4054d46f61b1a183cf7efcdbf4982298
c6edcb641cb643133eb1aa66d52742ee22817b88899de4edbea6053e317e2ac8
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "C6EDCB641CB643133EB1AA66D52742EE22817B88899DE4EDBEA6053E317E2AC8"
Last-Modified: Fri, 02 Sep 2022 22:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5745
Expires: Sat, 03 Sep 2022 19:34:02 GMT
Date: Sat, 03 Sep 2022 17:58:17 GMT
Connection: keep-alive
unwillingsnick.com/sbar.json?key=a2f990f10476061c719d1c1aa3a2ecd2
192.243.61.227200 OK 4.3 kB URL HTTP/1.1 unwillingsnick.com/sbar.json?key=a2f990f10476061c719d1c1aa3a2ecd2
IP 192.243.61.227:0
ASN #39572 DataWeb Global Group B.V.
File type JSON data\012- , ASCII text, with very long lines (6202), with no line terminators
Hash b1dac5c59c45e4c56c3b3d312cbd655b
193699dcbf9307c153ebc1efa9b7b697239eaad5
f356ebebdab31a2fa8a1d6e953d56fdf41912d845bba8c2968f44af1f4dac724
Analyzer Verdict Alert quad9 Sinkholed
GET /sbar.json?key=a2f990f10476061c719d1c1aa3a2ecd2 HTTP/1.1
Host: unwillingsnick.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://xfantazy.com
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.22.0
Date: Sat, 03 Sep 2022 17:58:17 GMT
Content-Type: text/plain; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA-Full-Version-ListSec-CH-UA-MobileSec-CH-UA-Platform,Sec-CH-UA-Mobile,Sec-CH-UA-Platform,Sec-CH-UA-PlatformSec-CH-UA-ModelSec-CH-UA-Mobile,Sec-CH-UA-PlatformSec-CH-UA-Platform-Version,Sec-CH-UASec-CH-UA-MobileSec-CH-UA-Platform,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: https://xfantazy.com
Access-Control-Allow-Origin: https://xfantazy.com
Access-Control-Allow-Credentials: true
Set-Cookie: u_pl=15600826; expires=Sun, 04 Sep 2022 17:58:16 GMT; secure; SameSite=None
pdhtkv=true; expires=Sun, 04 Sep 2022 17:58:17 GMT; secure; SameSite=None
uncs=1; expires=Sun, 04 Sep 2022 17:58:17 GMT; secure; SameSite=None
pdhtkv29=true; expires=Sun, 04 Sep 2022 17:58:17 GMT; secure; SameSite=None
uncs29=1; expires=Sun, 04 Sep 2022 17:58:17 GMT; secure; SameSite=None
sleca2f990f10476061c719d1c1aa3a2ecd2=[3485039]; expires=Sat, 03 Sep 2022 17:58:22 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 161c4b1b07ecaf33c15c765a54f67d73
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
mc.yandex.ru/watch/49415098?page-url=https%3A%2F%2Fxfantazy.com%2Fvideo%2F5fc582e7b181c14a07fdad7e&charset=utf-8&hittoken=1662227895_537bb468a04ea65f69c5c7e4bb02dfce231d0fff41df6920c4f587d0de8aacc8&browser-info=pv%3A1%3Aar%3A1%3Agdpr%3A14%3Avf%3A2ofv6mafcjh9urjbet5rlk%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A882%3Acn%3A1%3Adp%3A0%3Als%3A350668067412%3Ahid%3A539577197%3Az%3A0%3Ai%3A20220903175813%3Aet%3A1662227894%3Ac%3A1%3Arn%3A1051444136%3Arqn%3A8%3Au%3A1662227893623708635%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Aeu%3A1%3Ans%3A1662227890488%3Awv%3A2%3Aco%3A0%3Aadb%3A2%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1662227894%3At%3A%EF%BB%BFDenis%20and%20Rosa%20Backdoor%20Lesbians_%5BLovely-Teen.Me%5D%20-%20XFantazy.com&t=gdpr(14)mc(p-7-h-1)clc(0-0-0)aw(1)rqnt(8)fip(1)rqnl(1)ti(2)
77.88.21.119302 Found 1.3 kB URL HTTP/2 mc.yandex.ru/watch/49415098?page-url=https%3A%2F%2Fxfantazy.com%2Fvideo%2F5fc582e7b181c14a07fdad7e&charset=utf-8&hittoken=1662227895_537bb468a04ea65f69c5c7e4bb02dfce231d0fff41df6920c4f587d0de8aacc8&browser-info=pv%3A1%3Aar%3A1%3Agdpr%3A14%3Avf%3A2ofv6mafcjh9urjbet5rlk%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A882%3Acn%3A1%3Adp%3A0%3Als%3A350668067412%3Ahid%3A539577197%3Az%3A0%3Ai%3A20220903175813%3Aet%3A1662227894%3Ac%3A1%3Arn%3A1051444136%3Arqn%3A8%3Au%3A1662227893623708635%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Aeu%3A1%3Ans%3A1662227890488%3Awv%3A2%3Aco%3A0%3Aadb%3A2%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1662227894%3At%3A%EF%BB%BFDenis%20and%20Rosa%20Backdoor%20Lesbians_%5BLovely-Teen.Me%5D%20-%20XFantazy.com&t=gdpr(14)mc(p-7-h-1)clc(0-0-0)aw(1)rqnt(8)fip(1)rqnl(1)ti(2)
IP 77.88.21.119:0
File type gzip compressed data, max compression\012- data
Hash 15b4f75c2201d9276d7561b9d788c547
bfcfbb503423f86def631683134914faec161989
4fa5b0e125631b6beed24c1d2d0a1a793520ce772a04c2af2e55b77ebe5b64f8
GET /watch/49415098?page-url=https%3A%2F%2Fxfantazy.com%2Fvideo%2F5fc582e7b181c14a07fdad7e&charset=utf-8&hittoken=1662227895_537bb468a04ea65f69c5c7e4bb02dfce231d0fff41df6920c4f587d0de8aacc8&browser-info=pv%3A1%3Aar%3A1%3Agdpr%3A14%3Avf%3A2ofv6mafcjh9urjbet5rlk%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A882%3Acn%3A1%3Adp%3A0%3Als%3A350668067412%3Ahid%3A539577197%3Az%3A0%3Ai%3A20220903175813%3Aet%3A1662227894%3Ac%3A1%3Arn%3A1051444136%3Arqn%3A8%3Au%3A1662227893623708635%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Aeu%3A1%3Ans%3A1662227890488%3Awv%3A2%3Aco%3A0%3Aadb%3A2%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1662227894%3At%3A%EF%BB%BFDenis%20and%20Rosa%20Backdoor%20Lesbians_%5BLovely-Teen.Me%5D%20-%20XFantazy.com&t=gdpr(14)mc(p-7-h-1)clc(0-0-0)aw(1)rqnt(8)fip(1)rqnl(1)ti(2) HTTP/1.1
Host: mc.yandex.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://xfantazy.com
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 302 Found
location: /watch/49415098/1?page-url=https%3A%2F%2Fxfantazy.com%2Fvideo%2F5fc582e7b181c14a07fdad7e&charset=utf-8&hittoken=1662227895_537bb468a04ea65f69c5c7e4bb02dfce231d0fff41df6920c4f587d0de8aacc8&browser-info=pv%3A1%3Aar%3A1%3Agdpr%3A14%3Avf%3A2ofv6mafcjh9urjbet5rlk%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A882%3Acn%3A1%3Adp%3A0%3Als%3A350668067412%3Ahid%3A539577197%3Az%3A0%3Ai%3A20220903175813%3Aet%3A1662227894%3Ac%3A1%3Arn%3A1051444136%3Arqn%3A8%3Au%3A1662227893623708635%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Aeu%3A1%3Ans%3A1662227890488%3Awv%3A2%3Aco%3A0%3Aadb%3A2%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1662227894%3At%3A%EF%BB%BFDenis%20and%20Rosa%20Backdoor%20Lesbians_%5BLovely-Teen.Me%5D%20-%20XFantazy.com&t=gdpr%2814%29mc%28p-7-h-1%29clc%280-0-0%29aw%281%29rqnt%288%29fip%281%29rqnl%281%29ti%282%29
date: Sat, 03 Sep 2022 17:58:16 GMT
access-control-allow-origin: https://xfantazy.com
set-cookie: yandexuid=9245796681662227896; Expires=Sun, 03-Sep-2023 17:58:16 GMT; Domain=.yandex.ru; Path=/; SameSite=None; Secure
yuidss=9245796681662227896; Expires=Sun, 03-Sep-2023 17:58:16 GMT; Domain=.yandex.ru; Path=/; SameSite=None; Secure
yabs-sid=2671461471662227896; Path=/; SameSite=None; Secure
i=Rkjv/nmIonOM+XHHdFo+LRIzeRZyOGpjnYSqdp8QGh65HUdBZY5xsNbqYdscJb9gR/ZgHDP4qlUZYL5NrELec3hxgxE=; Expires=Tue, 31-Aug-2032 17:58:15 GMT; Domain=.yandex.ru; Path=/; Secure; HttpOnly; SameSite=None
ymex=1693763896.yrts.1662227896#1693763896.yrtsi.1662227896; Expires=Sun, 03-Sep-2023 17:58:16 GMT; Domain=.yandex.ru; Path=/; SameSite=None; Secure
access-control-allow-credentials: true
pragma: no-cache
x-xss-protection: 1; mode=block
expires: Sat, 03-Sep-2022 17:58:16 GMT
last-modified: Sat, 03-Sep-2022 17:58:16 GMT
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash b3d9673638e783f2bb2527f622d1f969
b27b514905d42b817b2c9ff5f119e1c14551ac45
bfbf63c5a64a90588fe96288dca89317003fbeb6d3a4713c9e739836add9c465
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "BFBF63C5A64A90588FE96288DCA89317003FBEB6D3A4713C9E739836ADD9C465"
Last-Modified: Sat, 03 Sep 2022 04:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6814
Expires: Sat, 03 Sep 2022 19:51:51 GMT
Date: Sat, 03 Sep 2022 17:58:17 GMT
Connection: keep-alive
unwillingsnick.com/ren.gif?sid=H4sIAAAAAAAC%2F1RSQWgkRRSt3o0HUUTdXGRR5qigk%2B6eSU%2FGPQTjmjUYN%2BuuojeprqqZlKnuaqq6picjQthV2YswexCvnTfJBjUselQwyGTFQ0DYEcEIRvTg0YPCXpWZDRv80Pz%2F%2B73De%2B%2FXh5vuiPhw9PD8q7onlaIzs1W%2F8vRbQXCusixT161056K3o%2Fq5iuk834yq%2FjOVC4Kt6ZnQD3w%2F8IPKojSipbszYxAy220G1aZfrYfVYLaOrvn%2Fbp0HSz3wzhF5HJKPpm5705BsiDT54rywa7nOnn0pcYrm2qDDd95I11JdpEhOxpbx0Ep3jtnQ9s7iHnS6PZEL3blPjOWIeN%2FvIU53jkUi7mxNdMYKIkXMH0LRGUKoISQdgulrkPwOARjHxRWkyc2L2hR0%2FR5Kx%2BiITN39B7IYkalfp5EmtxaU7FauaOVyqVOLbquE7A4h20Nkbh957xRksQ%2BWX4XkP5CZu8tIk60VqzQkLyfepRxCtoZQog9qPbjxJz24lgeXeUj4YYUFQdDwOaP%2BXJOxGm%2BIOOJ%2BQButgAZ%2BNAfHxvL6yLM%2BmOqDmQ1kZgNr8saIkKtbMO5b2NUSlnuw%2BYh4r22gw0sUgqCwBAUlKCRBkRMUnXKbKxva8iZX1sXBcQ%2BPe60c6Ly9Sbd13hYp2cyOyGOTcP56%2BGusicMKDVvNpt8K%2FHoj8qOANYImD1hAaY2GgvEQVpaQ9tTEb0%2BOyPTZP5CND%2Fbev4jpPqzaB5OPgronQYtBI%2FRBVwf1OR%2B9dLfbomlOe%2BtVphNwXSLLp5Cve5vqiDwx0TH7nIZgB%2FPfPfLTBz%2F%2F7cBMicyUeEfeJmir64PLuiBbl3VhyZcrWS4T2aPjA17JaS4e%2BOwVsV5ow5fO2%2F6nL7AxMB53Xxc2X6Ypl2nbks8XJOfCLGrDBPlmyb4p4kvOri44k7ps%2BdKLi0tJZoS1UqdD0LG1My%2BDyRF5cEFM3ubZvT8hzRDGlUjcATkuSL0Plm3AZgfz7%2Fd%2Bv3Br%2Bl1YfRpGnXDizEPhyoEJ45OfShIocbLTuIQVB%2FO%2FpJ98tPLbOcTifiCb9jra5inQ%2FBrSpETHlOioElT1Yd3pQZ6Zg%2Fkfa5NCrLxBrIy3FSujbtwL18rDSqNW82nUnA0aDSoacT2ca0UBpzSsR2EU0RpyO2JnPv7qPwAAAP%2F%2FAQAA%2F%2F%2BbTzO%2FZgQAAA%3D%3D
192.243.61.227200 OK 7 B URL HTTP/1.1 unwillingsnick.com/ren.gif?sid=H4sIAAAAAAAC%2F1RSQWgkRRSt3o0HUUTdXGRR5qigk%2B6eSU%2FGPQTjmjUYN%2BuuojeprqqZlKnuaqq6picjQthV2YswexCvnTfJBjUselQwyGTFQ0DYEcEIRvTg0YPCXpWZDRv80Pz%2F%2B73De%2B%2FXh5vuiPhw9PD8q7onlaIzs1W%2F8vRbQXCusixT161056K3o%2Fq5iuk834yq%2FjOVC4Kt6ZnQD3w%2F8IPKojSipbszYxAy220G1aZfrYfVYLaOrvn%2Fbp0HSz3wzhF5HJKPpm5705BsiDT54rywa7nOnn0pcYrm2qDDd95I11JdpEhOxpbx0Ep3jtnQ9s7iHnS6PZEL3blPjOWIeN%2FvIU53jkUi7mxNdMYKIkXMH0LRGUKoISQdgulrkPwOARjHxRWkyc2L2hR0%2FR5Kx%2BiITN39B7IYkalfp5EmtxaU7FauaOVyqVOLbquE7A4h20Nkbh957xRksQ%2BWX4XkP5CZu8tIk60VqzQkLyfepRxCtoZQog9qPbjxJz24lgeXeUj4YYUFQdDwOaP%2BXJOxGm%2BIOOJ%2BQButgAZ%2BNAfHxvL6yLM%2BmOqDmQ1kZgNr8saIkKtbMO5b2NUSlnuw%2BYh4r22gw0sUgqCwBAUlKCRBkRMUnXKbKxva8iZX1sXBcQ%2BPe60c6Ly9Sbd13hYp2cyOyGOTcP56%2BGusicMKDVvNpt8K%2FHoj8qOANYImD1hAaY2GgvEQVpaQ9tTEb0%2BOyPTZP5CND%2Fbev4jpPqzaB5OPgronQYtBI%2FRBVwf1OR%2B9dLfbomlOe%2BtVphNwXSLLp5Cve5vqiDwx0TH7nIZgB%2FPfPfLTBz%2F%2F7cBMicyUeEfeJmir64PLuiBbl3VhyZcrWS4T2aPjA17JaS4e%2BOwVsV5ow5fO2%2F6nL7AxMB53Xxc2X6Ypl2nbks8XJOfCLGrDBPlmyb4p4kvOri44k7ps%2BdKLi0tJZoS1UqdD0LG1My%2BDyRF5cEFM3ubZvT8hzRDGlUjcATkuSL0Plm3AZgfz7%2Fd%2Bv3Br%2Bl1YfRpGnXDizEPhyoEJ45OfShIocbLTuIQVB%2FO%2FpJ98tPLbOcTifiCb9jra5inQ%2FBrSpETHlOioElT1Yd3pQZ6Zg%2Fkfa5NCrLxBrIy3FSujbtwL18rDSqNW82nUnA0aDSoacT2ca0UBpzSsR2EU0RpyO2JnPv7qPwAAAP%2F%2FAQAA%2F%2F%2BbTzO%2FZgQAAA%3D%3D
IP 192.243.61.227:0
ASN #39572 DataWeb Global Group B.V.
File type ASCII text, with no line terminators
Hash 132d6af1b46048b45cf86cdee7991d31
eb7007d03d59b65bc6da7e098c4d38fc6dfb6285
ab852e838deccd742a03ca81d4a8d75cf1a00b327db3eaf46bd7da6b6db9384c
Analyzer Verdict Alert quad9 Sinkholed
GET /ren.gif?sid=H4sIAAAAAAAC%2F1RSQWgkRRSt3o0HUUTdXGRR5qigk%2B6eSU%2FGPQTjmjUYN%2BuuojeprqqZlKnuaqq6picjQthV2YswexCvnTfJBjUselQwyGTFQ0DYEcEIRvTg0YPCXpWZDRv80Pz%2F%2B73De%2B%2FXh5vuiPhw9PD8q7onlaIzs1W%2F8vRbQXCusixT161056K3o%2Fq5iuk834yq%2FjOVC4Kt6ZnQD3w%2F8IPKojSipbszYxAy220G1aZfrYfVYLaOrvn%2Fbp0HSz3wzhF5HJKPpm5705BsiDT54rywa7nOnn0pcYrm2qDDd95I11JdpEhOxpbx0Ep3jtnQ9s7iHnS6PZEL3blPjOWIeN%2FvIU53jkUi7mxNdMYKIkXMH0LRGUKoISQdgulrkPwOARjHxRWkyc2L2hR0%2FR5Kx%2BiITN39B7IYkalfp5EmtxaU7FauaOVyqVOLbquE7A4h20Nkbh957xRksQ%2BWX4XkP5CZu8tIk60VqzQkLyfepRxCtoZQog9qPbjxJz24lgeXeUj4YYUFQdDwOaP%2BXJOxGm%2BIOOJ%2BQButgAZ%2BNAfHxvL6yLM%2BmOqDmQ1kZgNr8saIkKtbMO5b2NUSlnuw%2BYh4r22gw0sUgqCwBAUlKCRBkRMUnXKbKxva8iZX1sXBcQ%2BPe60c6Ly9Sbd13hYp2cyOyGOTcP56%2BGusicMKDVvNpt8K%2FHoj8qOANYImD1hAaY2GgvEQVpaQ9tTEb0%2BOyPTZP5CND%2Fbev4jpPqzaB5OPgronQYtBI%2FRBVwf1OR%2B9dLfbomlOe%2BtVphNwXSLLp5Cve5vqiDwx0TH7nIZgB%2FPfPfLTBz%2F%2F7cBMicyUeEfeJmir64PLuiBbl3VhyZcrWS4T2aPjA17JaS4e%2BOwVsV5ow5fO2%2F6nL7AxMB53Xxc2X6Ypl2nbks8XJOfCLGrDBPlmyb4p4kvOri44k7ps%2BdKLi0tJZoS1UqdD0LG1My%2BDyRF5cEFM3ubZvT8hzRDGlUjcATkuSL0Plm3AZgfz7%2Fd%2Bv3Br%2Bl1YfRpGnXDizEPhyoEJ45OfShIocbLTuIQVB%2FO%2FpJ98tPLbOcTifiCb9jra5inQ%2FBrSpETHlOioElT1Yd3pQZ6Zg%2Fkfa5NCrLxBrIy3FSujbtwL18rDSqNW82nUnA0aDSoacT2ca0UBpzSsR2EU0RpyO2JnPv7qPwAAAP%2F%2FAQAA%2F%2F%2BbTzO%2FZgQAAA%3D%3D HTTP/1.1
Host: unwillingsnick.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Cookie: u_pl=15600826; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1; sleca2f990f10476061c719d1c1aa3a2ecd2=[3485039]
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.22.0
Date: Sat, 03 Sep 2022 17:58:17 GMT
Content-Type: image/gif
Content-Length: 7
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA-Full-Version-ListSec-CH-UA-MobileSec-CH-UA-Platform,Sec-CH-UA-Mobile,Sec-CH-UA-Platform,Sec-CH-UA-PlatformSec-CH-UA-ModelSec-CH-UA-Mobile,Sec-CH-UA-PlatformSec-CH-UA-Platform-Version,Sec-CH-UASec-CH-UA-MobileSec-CH-UA-Platform,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: ab04ed94bd560ea5d36bcc379feceedd
Strict-Transport-Security: max-age=0; includeSubdomains
mc.yandex.ru/watch/49415098?wmode=7&page-url=https%3A%2F%2Fxfantazy.com%2Fvideo%2F5fc582e7b181c14a07fdad7e&charset=utf-8&browser-info=pv%3A1%3Agdpr%3A14%3Avf%3A2ofv6mafcjh9urjbet5rlk%3Afp%3A1373%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A882%3Acn%3A1%3Adp%3A0%3Als%3A350668067412%3Ahid%3A539577197%3Az%3A0%3Ai%3A20220903175812%3Aet%3A1662227893%3Ac%3A1%3Arn%3A1051401788%3Arqn%3A1%3Au%3A1662227893623708635%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Ans%3A1662227890488%3Ads%3A0%2C32%2C463%2C0%2C389%2C0%2C%2C305%2C14%2C%2C%2C%2C1394%3Awv%3A2%3Aco%3A0%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1662227893%3At%3A%EF%BB%BFDenis%20and%20Rosa%20Backdoor%20Lesbians_%5BLovely-Teen.Me%5D%20-%20XFantazy.com&t=gdpr(14)clc(0-0-0)aw(1)rqnt(1)fip(1)rqnl(1)ti(2)
77.88.21.119302 Found 345 B URL HTTP/2 mc.yandex.ru/watch/49415098?wmode=7&page-url=https%3A%2F%2Fxfantazy.com%2Fvideo%2F5fc582e7b181c14a07fdad7e&charset=utf-8&browser-info=pv%3A1%3Agdpr%3A14%3Avf%3A2ofv6mafcjh9urjbet5rlk%3Afp%3A1373%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A882%3Acn%3A1%3Adp%3A0%3Als%3A350668067412%3Ahid%3A539577197%3Az%3A0%3Ai%3A20220903175812%3Aet%3A1662227893%3Ac%3A1%3Arn%3A1051401788%3Arqn%3A1%3Au%3A1662227893623708635%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Ans%3A1662227890488%3Ads%3A0%2C32%2C463%2C0%2C389%2C0%2C%2C305%2C14%2C%2C%2C%2C1394%3Awv%3A2%3Aco%3A0%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1662227893%3At%3A%EF%BB%BFDenis%20and%20Rosa%20Backdoor%20Lesbians_%5BLovely-Teen.Me%5D%20-%20XFantazy.com&t=gdpr(14)clc(0-0-0)aw(1)rqnt(1)fip(1)rqnl(1)ti(2)
IP 77.88.21.119:0
Hash e857a483284f02670459d0e33a32b429
9311218df7c90ce9e6c325955555c1f9f3d0f6d6
1cfad5b31797b523124803475f8287f629c20379925967e633cbaa04b09892a9
GET /watch/49415098?wmode=7&page-url=https%3A%2F%2Fxfantazy.com%2Fvideo%2F5fc582e7b181c14a07fdad7e&charset=utf-8&browser-info=pv%3A1%3Agdpr%3A14%3Avf%3A2ofv6mafcjh9urjbet5rlk%3Afp%3A1373%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A882%3Acn%3A1%3Adp%3A0%3Als%3A350668067412%3Ahid%3A539577197%3Az%3A0%3Ai%3A20220903175812%3Aet%3A1662227893%3Ac%3A1%3Arn%3A1051401788%3Arqn%3A1%3Au%3A1662227893623708635%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Ans%3A1662227890488%3Ads%3A0%2C32%2C463%2C0%2C389%2C0%2C%2C305%2C14%2C%2C%2C%2C1394%3Awv%3A2%3Aco%3A0%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1662227893%3At%3A%EF%BB%BFDenis%20and%20Rosa%20Backdoor%20Lesbians_%5BLovely-Teen.Me%5D%20-%20XFantazy.com&t=gdpr(14)clc(0-0-0)aw(1)rqnt(1)fip(1)rqnl(1)ti(2) HTTP/1.1
Host: mc.yandex.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://xfantazy.com
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
location: /watch/49415098/1?wmode=7&page-url=https%3A%2F%2Fxfantazy.com%2Fvideo%2F5fc582e7b181c14a07fdad7e&charset=utf-8&browser-info=pv%3A1%3Agdpr%3A14%3Avf%3A2ofv6mafcjh9urjbet5rlk%3Afp%3A1373%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A882%3Acn%3A1%3Adp%3A0%3Als%3A350668067412%3Ahid%3A539577197%3Az%3A0%3Ai%3A20220903175812%3Aet%3A1662227893%3Ac%3A1%3Arn%3A1051401788%3Arqn%3A1%3Au%3A1662227893623708635%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Ans%3A1662227890488%3Ads%3A0%2C32%2C463%2C0%2C389%2C0%2C%2C305%2C14%2C%2C%2C%2C1394%3Awv%3A2%3Aco%3A0%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1662227893%3At%3A%EF%BB%BFDenis%20and%20Rosa%20Backdoor%20Lesbians_%5BLovely-Teen.Me%5D%20-%20XFantazy.com&t=gdpr%2814%29clc%280-0-0%29aw%281%29rqnt%281%29fip%281%29rqnl%281%29ti%282%29
date: Sat, 03 Sep 2022 17:58:15 GMT
access-control-allow-origin: https://xfantazy.com
set-cookie: yandexuid=1711791321662227895; Expires=Sun, 03-Sep-2023 17:58:15 GMT; Domain=.yandex.ru; Path=/; SameSite=None; Secure
yuidss=1711791321662227895; Expires=Sun, 03-Sep-2023 17:58:15 GMT; Domain=.yandex.ru; Path=/; SameSite=None; Secure
yabs-sid=1087027871662227895; Path=/; SameSite=None; Secure
i=a845gDkhdl/9y8nu2I53lGIp+BfOYX3hN23Wg9wSnivod62Okh8WHHTXYRVHdCglfGfmfYEBr0UA+tGwUlKIhsm/aK8=; Expires=Tue, 31-Aug-2032 17:58:12 GMT; Domain=.yandex.ru; Path=/; Secure; HttpOnly; SameSite=None
ymex=1693763895.yrts.1662227895#1693763895.yrtsi.1662227895; Expires=Sun, 03-Sep-2023 17:58:15 GMT; Domain=.yandex.ru; Path=/; SameSite=None; Secure
access-control-allow-credentials: true
pragma: no-cache
x-xss-protection: 1; mode=block
expires: Sat, 03-Sep-2022 17:58:15 GMT
last-modified: Sat, 03-Sep-2022 17:58:15 GMT
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
e1.o.lencr.org/
23.36.77.32200 OK 345 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash e857a483284f02670459d0e33a32b429
9311218df7c90ce9e6c325955555c1f9f3d0f6d6
1cfad5b31797b523124803475f8287f629c20379925967e633cbaa04b09892a9
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "1CFAD5B31797B523124803475F8287F629C20379925967E633CBAA04B09892A9"
Last-Modified: Fri, 02 Sep 2022 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3684
Expires: Sat, 03 Sep 2022 18:59:41 GMT
Date: Sat, 03 Sep 2022 17:58:17 GMT
Connection: keep-alive
cdn.barscreative1.com/sb/au/18/52/6a/18526a6becad408914fcf53d946360f0/1651134763.html
45.133.44.4200 OK 2.4 kB URL HTTP/2 cdn.barscreative1.com/sb/au/18/52/6a/18526a6becad408914fcf53d946360f0/1651134763.html
IP 45.133.44.4:0
ASN #39572 DataWeb Global Group B.V.
Hash e0e06adf15bde93eb3fda66828baf7c4
e81efca1f658737e0ce13ab3cfd9065409568ea0
3ea0162237a7a86f558cd0e232c5ce65784c92e37c928c39f9c32d2d66b8d9da
Analyzer Verdict Alert fortinet Phishing
GET /sb/au/18/52/6a/18526a6becad408914fcf53d946360f0/1651134763.html HTTP/1.1
Host: cdn.barscreative1.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://xfantazy.com
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 03 Sep 2022 17:58:17 GMT
content-type: text/html; charset=utf-8
server: nginx/1.17.6
last-modified: Sat, 07 May 2022 03:21:27 GMT
etag: W/"6275e5b7-616"
cache-control: max-age=3600
access-control-allow-origin: *
access-control-expose-headers: Date
content-encoding: gzip
expires: Sat, 03 Sep 2022 18:58:17 GMT
x-proxy-cache: HIT
X-Firefox-Spdy: h2
unwillingsnick.com/pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.barscreative1.com%2Fsb%2Fau%2F18%2F52%2F6a%2F18526a6becad408914fcf53d946360f0%2F1651134763.html&l=1558&fd=134
192.243.61.227200 OK 0 B URL HTTP/1.1 unwillingsnick.com/pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.barscreative1.com%2Fsb%2Fau%2F18%2F52%2F6a%2F18526a6becad408914fcf53d946360f0%2F1651134763.html&l=1558&fd=134
IP 192.243.61.227:0
ASN #39572 DataWeb Global Group B.V.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.barscreative1.com%2Fsb%2Fau%2F18%2F52%2F6a%2F18526a6becad408914fcf53d946360f0%2F1651134763.html&l=1558&fd=134 HTTP/1.1
Host: unwillingsnick.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Cookie: u_pl=15600826; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1; sleca2f990f10476061c719d1c1aa3a2ecd2=[3485039]
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.22.0
Date: Sat, 03 Sep 2022 17:58:17 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
decencyjessiebloom.com/pixel/purst?dl=0&th=0&sc=0&rs=3587&rd=3587&fd=839&bv=22.8.v.2&tmpl=136
209.192.156.116200 OK 0 B URL HTTP/1.1 decencyjessiebloom.com/pixel/purst?dl=0&th=0&sc=0&rs=3587&rd=3587&fd=839&bv=22.8.v.2&tmpl=136
IP 209.192.156.116:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /pixel/purst?dl=0&th=0&sc=0&rs=3587&rd=3587&fd=839&bv=22.8.v.2&tmpl=136 HTTP/1.1
Host: decencyjessiebloom.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Sat, 03 Sep 2022 17:58:17 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
amwoukrks.autos/floater?cs=bU13S3NddEJ5Q1V4TnhKWXtHckE&abt=0&red=1&sm=83&k=xfantazy%20denis%20rosa%20backdoor%20lesbians%20lovely%20teen&v=0.8.9.0&sts=0&prn=1&emb=0&tid=961956&fs=1&t=600&m=1&ns=1&ndp=1&asi=1&ref=https%3A%2F%2Fxfantazy.com%2Fvideo%2F5fc582e7b181c14a07fdad7e&jst=4&enr=0&lcua=mozilla%2F5.0%20(x11%3B%20linux%20x86_64%3B%20rv%3A96.0)%20gecko%2F20100101%20firefox%2F96.0&tzd=0&uloc=&if=0&aa=td1_oi3_&_c9le=1662227893978&crc=1
54.230.111.86200 OK 1.2 kB URL HTTP/2 amwoukrks.autos/floater?cs=bU13S3NddEJ5Q1V4TnhKWXtHckE&abt=0&red=1&sm=83&k=xfantazy%20denis%20rosa%20backdoor%20lesbians%20lovely%20teen&v=0.8.9.0&sts=0&prn=1&emb=0&tid=961956&fs=1&t=600&m=1&ns=1&ndp=1&asi=1&ref=https%3A%2F%2Fxfantazy.com%2Fvideo%2F5fc582e7b181c14a07fdad7e&jst=4&enr=0&lcua=mozilla%2F5.0%20(x11%3B%20linux%20x86_64%3B%20rv%3A96.0)%20gecko%2F20100101%20firefox%2F96.0&tzd=0&uloc=&if=0&aa=td1_oi3_&_c9le=1662227893978&crc=1
IP 54.230.111.86:0
File type ASCII text, with very long lines (1890), with no line terminators
Hash 5b1ae96a9ebc2a151d1e7114625be519
b3fa7f4ef40e1620016ec658fb98a1eff045d3a5
dc546ba05c198b4149516a542f1b3d41d52442fab80f71a8e5e5852186e6507d
GET /floater?cs=bU13S3NddEJ5Q1V4TnhKWXtHckE&abt=0&red=1&sm=83&k=xfantazy%20denis%20rosa%20backdoor%20lesbians%20lovely%20teen&v=0.8.9.0&sts=0&prn=1&emb=0&tid=961956&fs=1&t=600&m=1&ns=1&ndp=1&asi=1&ref=https%3A%2F%2Fxfantazy.com%2Fvideo%2F5fc582e7b181c14a07fdad7e&jst=4&enr=0&lcua=mozilla%2F5.0%20(x11%3B%20linux%20x86_64%3B%20rv%3A96.0)%20gecko%2F20100101%20firefox%2F96.0&tzd=0&uloc=&if=0&aa=td1_oi3_&_c9le=1662227893978&crc=1 HTTP/1.1
Host: amwoukrks.autos
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://xfantazy.com
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: text/plain
content-length: 1200
date: Sat, 03 Sep 2022 17:58:17 GMT
server: openresty/1.17.8.2
access-control-allow-credentials: true
access-control-allow-origin: https://xfantazy.com
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
set-cookie: csu=9b2771c7-5fde-47a5-bd5c-2c6d430b2b8e
content-encoding: gzip
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
x-cache: Miss from cloudfront
via: 1.1 0c35b89cb607eddb1b7cc5d6ada865d6.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: dis7HEtUxNwqGSiQCkmZWLrcCM7r_C5cm3McV02uR6QwSiCbXRL-1Q==
X-Firefox-Spdy: h2
static-cache.k2s.cc/thumbnail/cryRuySkyPrk8Dyerg/w320h240/0.jpeg
188.72.235.185200 OK 16 kB URL HTTP/2 static-cache.k2s.cc/thumbnail/cryRuySkyPrk8Dyerg/w320h240/0.jpeg
IP 188.72.235.185:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v80), quality = 80", baseline, precision 8, 320x240, components 3\012- data
Hash ee89e1f3ce43179798a2f3a45985eb08
27848dc47265db5a641e7688e0c5f1e29381143d
1613c1e941917c95fe8276ec61a3878a46228f65a4f93791c60dde0b6b8b6b19
GET /thumbnail/cryRuySkyPrk8Dyerg/w320h240/0.jpeg HTTP/1.1
Host: static-cache.k2s.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: openresty
date: Sat, 03 Sep 2022 17:58:17 GMT
content-type: image/jpeg
content-length: 15886
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
access-control-allow-origin: *
x-cache-status: HIT
X-Firefox-Spdy: h2
static-cache.k2s.cc/thumbnail/cOqSunT0ma_q_m_C_w/w320h240/0.jpeg
188.72.235.185200 OK 15 kB URL HTTP/2 static-cache.k2s.cc/thumbnail/cOqSunT0ma_q_m_C_w/w320h240/0.jpeg
IP 188.72.235.185:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v80), quality = 80", baseline, precision 8, 320x240, components 3\012- data
Hash cd18b1809a1a5383cc9b888044ee0974
fa8612451e61ec1540f8fa2061bd547ae839880f
74edff77387f4252ca8dfbbc563d437f41072d30d060c139b25a33756f17ae9c
GET /thumbnail/cOqSunT0ma_q_m_C_w/w320h240/0.jpeg HTTP/1.1
Host: static-cache.k2s.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: openresty
date: Sat, 03 Sep 2022 17:58:17 GMT
content-type: image/jpeg
content-length: 14575
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
access-control-allow-origin: *
x-cache-status: HIT
X-Firefox-Spdy: h2
static-cache.k2s.cc/thumbnail/LOyWvHelyqvp_TmS9w/w320h240/0.jpeg
188.72.235.185200 OK 11 kB URL HTTP/2 static-cache.k2s.cc/thumbnail/LOyWvHelyqvp_TmS9w/w320h240/0.jpeg
IP 188.72.235.185:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v80), quality = 80", baseline, precision 8, 320x240, components 3\012- data
Hash 4339da44d0bafb09b811822420978a33
b524cbdff7086a9a90bb286f82dba53f7b073678
f690a0baa5abd3ab010f021b5d231c32cc0977f5c1843a6e97ece6c9d58f71bd
GET /thumbnail/LOyWvHelyqvp_TmS9w/w320h240/0.jpeg HTTP/1.1
Host: static-cache.k2s.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: openresty
date: Sat, 03 Sep 2022 17:58:17 GMT
content-type: image/jpeg
content-length: 10933
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
access-control-allow-origin: *
x-cache-status: HIT
X-Firefox-Spdy: h2
static-cache.k2s.cc/thumbnail/crjB6yWjma7r-jqe-g/w320h240/0.jpeg
188.72.235.185200 OK 14 kB URL HTTP/2 static-cache.k2s.cc/thumbnail/crjB6yWjma7r-jqe-g/w320h240/0.jpeg
IP 188.72.235.185:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v80), quality = 80", baseline, precision 8, 320x240, components 3\012- data
Hash 573cd310cb037ea9413256b7419fe41f
5131787e3578101e40dfb9495f9cbb9827f677aa
01c5b64629678a022ff858bce1ce3a7a72a1d1cbeacc35bdcae3d0b18d195b03
GET /thumbnail/crjB6yWjma7r-jqe-g/w320h240/0.jpeg HTTP/1.1
Host: static-cache.k2s.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: openresty
date: Sat, 03 Sep 2022 17:58:17 GMT
content-type: image/jpeg
content-length: 14395
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
access-control-allow-origin: *
x-cache-status: HIT
X-Firefox-Spdy: h2
static-cache.k2s.cc/thumbnail/LeXA6HShyabq_GmW9w/w320h240/0.jpeg
188.72.235.185200 OK 10 kB URL HTTP/2 static-cache.k2s.cc/thumbnail/LeXA6HShyabq_GmW9w/w320h240/0.jpeg
IP 188.72.235.185:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v80), quality = 80", baseline, precision 8, 320x240, components 3\012- data
Hash 075231b57a83d1c1135447e2dedb9a8d
1a2bbdf871f239d8fb7aeb5353b64e840ddf2126
c55c708567d833f8be34a28a4a58878f854d21a4cc6bad8411e0120921e3e0d4
GET /thumbnail/LeXA6HShyabq_GmW9w/w320h240/0.jpeg HTTP/1.1
Host: static-cache.k2s.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: openresty
date: Sat, 03 Sep 2022 17:58:17 GMT
content-type: image/jpeg
content-length: 10049
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
access-control-allow-origin: *
x-cache-status: HIT
X-Firefox-Spdy: h2
static-cache.k2s.cc/thumbnail/JenHun_1y6bk_W3F-A/w320h240/0.jpeg
188.72.235.185200 OK 13 kB URL HTTP/2 static-cache.k2s.cc/thumbnail/JenHun_1y6bk_W3F-A/w320h240/0.jpeg
IP 188.72.235.185:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v80), quality = 80", baseline, precision 8, 320x240, components 3\012- data
Hash cbf6d6d34c8b98e6fa00b548a3ba5148
7256737c2f3ca8d8338ddf5a974f8fb18141457d
a72804c0fcda7c7064e538f40265249ec8afcbe14ab9e9931b41b24851faf18a
GET /thumbnail/JenHun_1y6bk_W3F-A/w320h240/0.jpeg HTTP/1.1
Host: static-cache.k2s.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: openresty
date: Sat, 03 Sep 2022 17:58:17 GMT
content-type: image/jpeg
content-length: 13041
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
access-control-allow-origin: *
x-cache-status: HIT
X-Firefox-Spdy: h2
static-cache.k2s.cc/thumbnail/de2X7yL3zK2_8DqS-Q/w320h240/0.jpeg
188.72.235.185200 OK 14 kB URL HTTP/2 static-cache.k2s.cc/thumbnail/de2X7yL3zK2_8DqS-Q/w320h240/0.jpeg
IP 188.72.235.185:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v80), quality = 80", baseline, precision 8, 320x240, components 3\012- data
Hash 68fe668efdb7d69a8cabf0e679852aea
312f2fec96d3fcc03b09f0c916eb09727bcf89b8
43a6f445be54bfc0861a7d62ba5eb044c9e3127ddb5fa283e6b7e6afcbbd89cb
GET /thumbnail/de2X7yL3zK2_8DqS-Q/w320h240/0.jpeg HTTP/1.1
Host: static-cache.k2s.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: openresty
date: Sat, 03 Sep 2022 17:58:17 GMT
content-type: image/jpeg
content-length: 13959
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
access-control-allow-origin: *
x-cache-status: HIT
X-Firefox-Spdy: h2
static-cache.k2s.cc/thumbnail/cu-T6HDwnvi4rGmfrg/w320h240/0.jpeg
188.72.235.185200 OK 11 kB URL HTTP/2 static-cache.k2s.cc/thumbnail/cu-T6HDwnvi4rGmfrg/w320h240/0.jpeg
IP 188.72.235.185:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v80), quality = 80", baseline, precision 8, 320x240, components 3\012- data
Hash 1a7b24a14b3acbe8715e0ab2682624d8
f7426e2527bc18ac3a87ad156318e30c7082ea5a
f3647a34ca43440bed5b39ff4b3822d091314f8b9f05c88781326d48f4d1079d
GET /thumbnail/cu-T6HDwnvi4rGmfrg/w320h240/0.jpeg HTTP/1.1
Host: static-cache.k2s.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: openresty
date: Sat, 03 Sep 2022 17:58:17 GMT
content-type: image/jpeg
content-length: 11270
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
access-control-allow-origin: *
x-cache-status: HIT
X-Firefox-Spdy: h2
static-cache.k2s.cc/thumbnail/cbiRuXP0w6zk_2iT_g/w320h240/0.jpeg
188.72.235.185200 OK 18 kB URL HTTP/2 static-cache.k2s.cc/thumbnail/cbiRuXP0w6zk_2iT_g/w320h240/0.jpeg
IP 188.72.235.185:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v80), quality = 80", baseline, precision 8, 320x240, components 3\012- data
Hash 1c637bb0ab238a3c4ddb505439446e45
236f37e917acd9782dcc4982c9198e2e5215b2b3
218099ac353d55b92750506e11063e97c6226fe0b4eff31a67a64ffac4001329
GET /thumbnail/cbiRuXP0w6zk_2iT_g/w320h240/0.jpeg HTTP/1.1
Host: static-cache.k2s.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: openresty
date: Sat, 03 Sep 2022 17:58:17 GMT
content-type: image/jpeg
content-length: 18029
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
access-control-allow-origin: *
x-cache-status: HIT
X-Firefox-Spdy: h2
a.focusde.info/api/spots/391865?host=xfantazy.com&ev=196&wh=939&ww=1280
135.181.208.216200 OK 505 B URL HTTP/2 a.focusde.info/api/spots/391865?host=xfantazy.com&ev=196&wh=939&ww=1280
IP 135.181.208.216:0
ASN #24940 Hetzner Online GmbH
File type ASCII text, with very long lines (654)
Hash 60213100e66ef8798114adffc5d5f0e9
7d8d05e98ef42d9b0a807f7d7016fbd92e3815e8
1c86fb7aefa9e085d6927314b03cd4db91d54b4290cca2cd51c049ceb31b5905
GET /api/spots/391865?host=xfantazy.com&ev=196&wh=939&ww=1280 HTTP/1.1
Host: a.focusde.info
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Cookie: nauid=qs7lgpgvDBTpKIgYPNRB
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 03 Sep 2022 17:58:17 GMT
content-type: text/javascript; charset=utf-8
vary: Accept-Encoding
cache-control: private
content-encoding: gzip
X-Firefox-Spdy: h2
unwillingsnick.com/pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.sb4you1.com%2Fsb%2Fssp%2Futility%2Flive-message%2F3-2%2Fcss%2Fstyle.css&l=8924&fd=44
192.243.61.227200 OK 0 B URL HTTP/1.1 unwillingsnick.com/pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.sb4you1.com%2Fsb%2Fssp%2Futility%2Flive-message%2F3-2%2Fcss%2Fstyle.css&l=8924&fd=44
IP 192.243.61.227:0
ASN #39572 DataWeb Global Group B.V.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.sb4you1.com%2Fsb%2Fssp%2Futility%2Flive-message%2F3-2%2Fcss%2Fstyle.css&l=8924&fd=44 HTTP/1.1
Host: unwillingsnick.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Cookie: u_pl=15600826; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1; sleca2f990f10476061c719d1c1aa3a2ecd2=[3485039]
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.22.0
Date: Sat, 03 Sep 2022 17:58:17 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
unwillingsnick.com/pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.sb4you1.com%2Fsb%2Fssp%2Futility%2Flive-message%2F3-2%2Fcss%2Fanimate.css&l=79249&fd=48
192.243.61.227200 OK 0 B URL HTTP/1.1 unwillingsnick.com/pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.sb4you1.com%2Fsb%2Fssp%2Futility%2Flive-message%2F3-2%2Fcss%2Fanimate.css&l=79249&fd=48
IP 192.243.61.227:0
ASN #39572 DataWeb Global Group B.V.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.sb4you1.com%2Fsb%2Fssp%2Futility%2Flive-message%2F3-2%2Fcss%2Fanimate.css&l=79249&fd=48 HTTP/1.1
Host: unwillingsnick.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Cookie: u_pl=15600826; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1; sleca2f990f10476061c719d1c1aa3a2ecd2=[3485039]
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.22.0
Date: Sat, 03 Sep 2022 17:58:17 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 4d7a3de385d7a3a4019f9ba636c51955
119a9baddd3baac8041dd83ad386cbbb62346d4b
9b6e9cf70930f53fcac6543955a52baf9f2bbf4065edd3e04cd696e31dcc67a7
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "9B6E9CF70930F53FCAC6543955A52BAF9F2BBF4065EDD3E04CD696E31DCC67A7"
Last-Modified: Fri, 02 Sep 2022 04:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11004
Expires: Sat, 03 Sep 2022 21:01:41 GMT
Date: Sat, 03 Sep 2022 17:58:17 GMT
Connection: keep-alive
media.aso1.net/js/ifr.html
104.21.234.154200 OK 1.2 kB URL HTTP/2 media.aso1.net/js/ifr.html
IP 104.21.234.154:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash 72509e6363dc0fdd52a0715c43c97190
d37f22547e0a235bfbc2c1b05a8f3badfba51628
7a6ab075d4b2ed32775da6d6832fa6267742c9e2e81704c401c3f5eaee1d264c
GET /js/ifr.html HTTP/1.1
Host: media.aso1.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sat, 03 Sep 2022 17:58:17 GMT
content-type: text/html
last-modified: Mon, 29 Aug 2022 13:18:49 GMT
etag: W/"630cbcb9-6ea"
expires: Fri, 02 Sep 2022 06:53:13 GMT
cache-control: max-age=259200
x-robots-tag: noindex, nofollow, noarchive, noimageindex
cf-cache-status: HIT
age: 309944
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=78bwif33nPkhq6ch527l96A%2BZv3apWrcUWj1XqpxFesROyxudpXezvDgdJ%2BYvfHDgtrxwVR1vcnsoFaYfN%2F2f2KPq9j6P2rmEtxQufCA3iVlMA6FRIsTB%2FF924h7mQiofw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 74505f68da20dd1f-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
cdn.sb4you1.com/sb/ssp/utility/live-message/3-2/css/animate.css
172.67.183.56200 OK 8.8 kB URL HTTP/2 cdn.sb4you1.com/sb/ssp/utility/live-message/3-2/css/animate.css
IP 172.67.183.56:0
Hash 32022883e20f3f477ac9fd8072936aba
5e322166bf00398c42e3c87e302c55e847fc2e1a
29436381e65ea468ae758e5d38fa7e78eead6a882c153aba9579195b90188873
GET /sb/ssp/utility/live-message/3-2/css/animate.css HTTP/1.1
Host: cdn.sb4you1.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://xfantazy.com
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 03 Sep 2022 17:58:17 GMT
content-type: text/css
last-modified: Thu, 28 Apr 2022 08:29:13 GMT
etag: W/"626a5059-13591"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 2706793
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=QPj6FupsDrOaZ73fsuOOUWNdb7WhiQiwhDm3NZ8k%2Fvva6zAYwYhaiaLU7f1i%2BDsLcJt%2Frq%2FVZrEdVEGKdFyE3RlUmjwqyPVz1n%2B%2BQCWap1Hl6uyh3ZFlAw9g6oPdtvAmQAs%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 74505f66fa6b0b41-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
cdn.cloudimagesb.com/si/25/f8/67/25f8672a8dede505f1d482a0fae4ce30/1655369803.jpg
45.133.44.9200 OK 11 kB URL HTTP/2 cdn.cloudimagesb.com/si/25/f8/67/25f8672a8dede505f1d482a0fae4ce30/1655369803.jpg
IP 45.133.44.9:0
ASN #39572 DataWeb Global Group B.V.
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 192x192, components 3\012- data
Hash fdd0d70787cbe32ddf0f337191cd073e
c69ec6c3647241c0fecb67eba56195414120253b
e2014a64037f30864207347c73f351be90f4cf3b5abaed05f86252d9007cb40d
GET /si/25/f8/67/25f8672a8dede505f1d482a0fae4ce30/1655369803.jpg HTTP/1.1
Host: cdn.cloudimagesb.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 03 Sep 2022 17:58:17 GMT
content-type: image/jpeg
content-length: 11257
server: nginx/1.17.6
last-modified: Thu, 16 Jun 2022 08:56:51 GMT
etag: "62aaf053-2bf9"
expires: Mon, 05 Sep 2022 17:58:17 GMT
cache-control: max-age=172800
x-proxy-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
a.focusde.info/api/spots/391866?host=xfantazy.com&ev=196&wh=939&ww=1280
135.181.208.216200 OK 12 kB URL HTTP/2 a.focusde.info/api/spots/391866?host=xfantazy.com&ev=196&wh=939&ww=1280
IP 135.181.208.216:0
ASN #24940 Hetzner Online GmbH
Hash 386abc9fde640c5f2ecd1f061ac9da86
deafb2025c7d6ef46f0773288fb1e6de754d2409
626be625694d5f08e240a5ae2456292dc2e535821addc93afaec5c0beba3ca97
GET /api/spots/391866?host=xfantazy.com&ev=196&wh=939&ww=1280 HTTP/1.1
Host: a.focusde.info
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Cookie: nauid=qs7lgpgvDBTpKIgYPNRB
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 03 Sep 2022 17:58:17 GMT
content-type: text/javascript; charset=utf-8
vary: Accept-Encoding
cache-control: private
content-encoding: gzip
X-Firefox-Spdy: h2
unwillingsnick.com/pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.sb4you1.com%2Fsb%2Fssp%2Futility%2Flive-message%2F3-2%2Fjs%2Fscript.js&l=1173&fd=13
192.243.61.227200 OK 0 B URL HTTP/1.1 unwillingsnick.com/pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.sb4you1.com%2Fsb%2Fssp%2Futility%2Flive-message%2F3-2%2Fjs%2Fscript.js&l=1173&fd=13
IP 192.243.61.227:0
ASN #39572 DataWeb Global Group B.V.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.sb4you1.com%2Fsb%2Fssp%2Futility%2Flive-message%2F3-2%2Fjs%2Fscript.js&l=1173&fd=13 HTTP/1.1
Host: unwillingsnick.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Cookie: u_pl=15600826; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1; sleca2f990f10476061c719d1c1aa3a2ecd2=[3485039]
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.22.0
Date: Sat, 03 Sep 2022 17:58:18 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
a.bestcontentfood.top/warp/4788749?r=7161
104.21.52.148200 OK 1.8 kB URL HTTP/2 a.bestcontentfood.top/warp/4788749?r=7161
IP 104.21.52.148:0
File type ASCII text, with very long lines (4181), with no line terminators
Hash 2d54695179dc83669833af8920d3032f
370aaba114ee985f21da1aa903d6ce55753c7ba7
ab9d52c7ff60bdd92dd7cb191224304f8bc3cfc2c6d6cecab18687c2927c0075
Analyzer Verdict Alert fortinet Phishing
GET /warp/4788749?r=7161 HTTP/1.1
Host: a.bestcontentfood.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://a.focusde.info/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 03 Sep 2022 17:58:18 GMT
content-type: application/javascript; charset=UTF-8
referer: b.bestcontentfood.top
cache-control: public, max-age=900
etag: W/"b5bfe5efa4321a0b085300dd0d4edb9f"
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=vKmn16gZsCwT3D8du8L7Ts694wyUe0BstDsK99SoNKzma%2FYTha09Z2yftebivAaXT3n1VVgM0qzCMLGbVeIrRanJyj6qh1ZfwfVR9ED%2B4QQkWQr1sdnUto0JFZg9lODoZhSis9POd6c%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 74505f6a4e8eb517-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
a.bestcontentfood.top/warp/4787908?r=98900
104.21.52.148200 OK 34 kB URL HTTP/2 a.bestcontentfood.top/warp/4787908?r=98900
IP 104.21.52.148:0
File type ASCII text, with very long lines (65451)
Hash ffae5327c57f884b777d4f079e70639b
e4be9e507e3e6c9e4629c8d9e360c841739cd540
80c1280616bc9fa2f110327a03aaf6759033eb95c64c037274d403b02deb47c6
Analyzer Verdict Alert fortinet Phishing
GET /warp/4787908?r=98900 HTTP/1.1
Host: a.bestcontentfood.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://a.focusde.info/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 03 Sep 2022 17:58:18 GMT
content-type: application/javascript; charset=UTF-8
referer: b.bestcontentfood.top
cache-control: public, max-age=900
etag: W/"b5bfe5efa4321a0b085300dd0d4edb9f"
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=CLRNuhti7auSmeXDPk%2FaLdbmLtsZm7IW4ChGAmnr7P5ZK01yVwopA%2BZFtrnikCcvIc300vbkiRRew5zs%2FytYzc3CoRHlNZIQWZuFNEMC4fjdrbZBzO3IHl3y%2FTvdRwfuKSubVnTX0FY%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 74505f6a5e9bb517-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
a.bestcontentfood.top/warp/4788750?r=41074
104.21.52.148200 OK 1.8 kB URL HTTP/2 a.bestcontentfood.top/warp/4788750?r=41074
IP 104.21.52.148:0
File type ASCII text, with very long lines (4181), with no line terminators
Hash e0ec313ee2e4edc1faec21dcfad245db
5917ef818723818bf90bd0cc41d9174344142aeb
e03fa830fa2584b64f36c5e90b9c0b21e6a25b90620d87999fcbfcf5fb3d6c42
Analyzer Verdict Alert fortinet Phishing
GET /warp/4788750?r=41074 HTTP/1.1
Host: a.bestcontentfood.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://a.focusde.info/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 03 Sep 2022 17:58:18 GMT
content-type: application/javascript; charset=UTF-8
referer: b.bestcontentfood.top
cache-control: public, max-age=900
etag: W/"b5bfe5efa4321a0b085300dd0d4edb9f"
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=hjAVoDYvRuXFiuNGetr83dwZnpIpV6jq02nfAX3Umhbd%2FqL71in8x3lleatyA9ViwIGn3%2BnkwRx%2BuS66vT1CSQARtCUVoTRMk%2BAMekVwFNImfKFb7NAeX%2FC9iDdH9w6nzkFRhO8KAis%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 74505f6a5ea0b517-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
cdn.tubecorp.com/i/b.html?spot=4511&src=2045230537&pid=19775&width=300&height=250&spaceid=859
45.133.44.25200 OK 2.6 kB URL HTTP/2 cdn.tubecorp.com/i/b.html?spot=4511&src=2045230537&pid=19775&width=300&height=250&spaceid=859
IP 45.133.44.25:0
ASN #39572 DataWeb Global Group B.V.
Hash a6661776d2f4cbf17e175989740cacdd
216957c8aae73d35163f7ae96cdccdea034514fd
c40b1433123b7364acd68fe133bcba8d63751ae1ca3b006cf7888ba498d4b061
GET /i/b.html?spot=4511&src=2045230537&pid=19775&width=300&height=250&spaceid=859 HTTP/1.1
Host: cdn.tubecorp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://a.focusde.info/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 03 Sep 2022 17:58:17 GMT
content-type: text/html; charset=UTF-8
server: nginx/1.20.1
last-modified: Sat, 20 Nov 2021 06:50:54 GMT
etag: W/"df-5d132d02c9e77"
x-request-id: 6abbfcba916360f3e54990a6a877f067
content-encoding: gzip
expires: Sat, 03 Sep 2022 18:58:17 GMT
cache-control: max-age=3600
x-proxy-cache: HIT
access-control-allow-origin: *
X-Firefox-Spdy: h2
a.focusde.info/api/spots/312874?p=1&s1=%subid1%&kw=
135.181.208.216200 OK 3.5 kB URL HTTP/2 a.focusde.info/api/spots/312874?p=1&s1=%subid1%&kw=
IP 135.181.208.216:0
ASN #24940 Hetzner Online GmbH
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- assembler source, ASCII text, with very long lines (712)
Hash 25b1531fa831eba9b732a706713b85de
4cf1d6eacb862505bde5ce0e1a5c9236612fd024
5078096dfe5cfdf0bef4b30807a02d21ab8d70d25d0ca631506f6658c9b41fe0
GET /api/spots/312874?p=1&s1=%subid1%&kw= HTTP/1.1
Host: a.focusde.info
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 03 Sep 2022 17:58:17 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
set-cookie: nauid=qKSE9oCtW7oWI9GZV2H8; Path=/; Expires=Wed, 11 Nov 2037 11:11:11 GMT; Secure; SameSite=None
cache-control: private
content-encoding: gzip
X-Firefox-Spdy: h2
cdn.tsyndicate.com/sdk/v1/master.spot.js
8.248.225.238200 OK 13 kB URL HTTP/2 cdn.tsyndicate.com/sdk/v1/master.spot.js
IP 8.248.225.238:0
File type ASCII text, with very long lines (28232)
Hash 4520e83afc590988f95a471da9bcd876
e8a542d49dd03c3a275698a6ea6d8b128059c26e
2a617aaacef5473d6a1dc19c828d085a570bcb56e8e2787d3f6f425e0fdd3792
GET /sdk/v1/master.spot.js HTTP/1.1
Host: cdn.tsyndicate.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://a.focusde.info/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 03 Sep 2022 17:58:18 GMT
content-type: application/javascript
content-length: 12719
last-modified: Thu, 14 Jul 2022 11:59:44 GMT
server: nginx
x-robots-tag: noindex, nofollow
content-encoding: gzip
vary: Accept-Encoding
etag: W/"62d00530-887a"
age: 4426277
accept-ranges: bytes
X-Firefox-Spdy: h2
cdn.tsyndicate.com/sdk/v1/video.instant.message.js
8.248.225.238200 OK 5.1 kB URL HTTP/2 cdn.tsyndicate.com/sdk/v1/video.instant.message.js
IP 8.248.225.238:0
Hash 484c11a95bd394fc9c5fa0d907679eda
e3511c918762bf81027c72b5e8b7beb32bb75850
a421f4f1b960d21dc634e3111b5484ac277a1fade3cf7160fa4e2821495bcd97
GET /sdk/v1/video.instant.message.js HTTP/1.1
Host: cdn.tsyndicate.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://media.aso1.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sat, 03 Sep 2022 17:58:18 GMT
content-type: application/javascript
content-length: 3512
last-modified: Thu, 21 Jul 2022 11:18:31 GMT
server: nginx
x-robots-tag: noindex, nofollow
content-encoding: gzip
vary: Accept-Encoding
etag: W/"62d93607-21d4"
age: 3824507
accept-ranges: bytes
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 9ab2b6e010253ecfb6029dd3c5060f46
b5f3a67d21e8b6ea0ebbf605d2187350f043b654
15ad9ca32ba14ff1f47ebdb9a10fc7ef75bb4af54fc7d2ae02c06ae6e7192703
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "15AD9CA32BA14FF1F47EBDB9A10FC7EF75BB4AF54FC7D2AE02C06AE6E7192703"
Last-Modified: Thu, 01 Sep 2022 04:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6971
Expires: Sat, 03 Sep 2022 19:54:29 GMT
Date: Sat, 03 Sep 2022 17:58:18 GMT
Connection: keep-alive
ocsp.sectigo.com/
172.64.155.188200 OK 472 B IP 172.64.155.188:0
Hash 0990eb9ff79276276adb65436bf6741e
167bc93278ced6a1166bdfe8f184d36ec1de8381
fa5626743e5d3c507924471084c73aaab785757dc014b5ea458580746be5bff3
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sat, 03 Sep 2022 17:58:18 GMT
Content-Type: application/ocsp-response
Content-Length: 472
Connection: keep-alive
Last-Modified: Fri, 02 Sep 2022 20:27:02 GMT
Expires: Fri, 09 Sep 2022 20:27:01 GMT
Etag: "167bc93278ced6a1166bdfe8f184d36ec1de8381"
Cache-Control: max-age=526722,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb2
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 74505f6e9b481bfa-OSL
cdn.tsyndicate.com/sdk/v1/n.css
8.248.225.238200 OK 19 kB URL HTTP/2 cdn.tsyndicate.com/sdk/v1/n.css
IP 8.248.225.238:0
File type ASCII text, with very long lines (19411), with no line terminators
Hash f0c8bad08999a9d413b61c81c0e2a606
ebb86ba43d0f2386f2f3cdbb57f4746a1d8bcaf5
79ebc0f15cd767ec1f7e624730bedc0fdac746e41dbb8b2fbf1a1d1ec3b6877d
GET /sdk/v1/n.css HTTP/1.1
Host: cdn.tsyndicate.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://a.focusde.info/
Cookie: ts_uid=97ba94ef-5402-428c-8e7a-17f3dde0586f; bfq=APeIECNCxxYZN2zQsDFjRhcWIsYU3BLjoYgyE2PYsCFjRgwaMnLg6NJH
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sat, 03 Sep 2022 17:58:18 GMT
content-type: text/css
content-length: 19411
etag: "62d93607-4bd3"
last-modified: Thu, 21 Jul 2022 11:18:31 GMT
server: nginx
x-robots-tag: noindex, nofollow
age: 3824518
accept-ranges: bytes
X-Firefox-Spdy: h2
poweredby.jads.co/js/jads.js
185.94.236.246301 Moved Permanently 178 B URL HTTP/1.1 poweredby.jads.co/js/jads.js
IP 185.94.236.246:0
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash cd2e0e43980a00fb6a2742d3afd803b8
81ffbd1712afe8cdf138b570c0fc9934742c33c1
bd9df047d51943acc4bc6cf55d88edb5b6785a53337ee2a0f74dd521aedde87d
GET /js/jads.js HTTP/1.1
Host: poweredby.jads.co
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://media.aso1.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 03 Sep 2022 17:58:18 GMT
Content-Type: text/html
Content-Length: 178
Connection: keep-alive
Location: jads2.js
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash e45547b1abe99e83dc3f95a96abfdd90
1c651f6f6e05ce416151e7c56a5778171666b74b
21b9ea1f732109234b738a4a82f7eac08c3dc2f4beeca1598bc1fe3b5f87e36d
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "21B9EA1F732109234B738A4A82F7EAC08C3DC2F4BEECA1598BC1FE3B5F87E36D"
Last-Modified: Thu, 01 Sep 2022 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5981
Expires: Sat, 03 Sep 2022 19:37:59 GMT
Date: Sat, 03 Sep 2022 17:58:18 GMT
Connection: keep-alive
ocsp.sectigo.com/
172.64.155.188200 OK 472 B IP 172.64.155.188:0
Hash 6974f1f6cbc2108e5de0646e66bcac14
c4bb058f22e2194f42d8b8910ee5eadd2c8c674c
201f676ea4a98f2b98a0d893a3b28fe7b6f8a6da88a8b01edb255b17591bfd10
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sat, 03 Sep 2022 17:58:18 GMT
Content-Type: application/ocsp-response
Content-Length: 472
Connection: keep-alive
Last-Modified: Sat, 03 Sep 2022 15:56:20 GMT
Expires: Sat, 10 Sep 2022 15:56:19 GMT
Etag: "c4bb058f22e2194f42d8b8910ee5eadd2c8c674c"
Cache-Control: max-age=596880,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb6
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 74505f7028e5b518-OSL
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 1de3896a28991c624beec79af2f6544e
5ad4c2c6f0bce2e3c222f48790d64ff2d083fa17
3e9ee1d3e96d8b88b5f757321b9c3d801ee2a0f40c0642634f6c48720b548f0c
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "3E9EE1D3E96D8B88B5F757321B9C3D801EE2A0F40C0642634F6C48720B548F0C"
Last-Modified: Fri, 02 Sep 2022 10:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5638
Expires: Sat, 03 Sep 2022 19:32:16 GMT
Date: Sat, 03 Sep 2022 17:58:18 GMT
Connection: keep-alive
lcdn.tsyndicate.com/sdk/v1/b.b.js
8.248.225.238200 OK 2.8 kB URL HTTP/2 lcdn.tsyndicate.com/sdk/v1/b.b.js
IP 8.248.225.238:0
File type ASCII text, with very long lines (2590)
Hash 01c3ce239d639853ba1e41661c115938
704741ca41e890a26eef6190c2d61131ff294f56
9aabcddb7b91826c4b8bf721d77fa448ceba501616a38c6fe0d6c4f11091ed47
GET /sdk/v1/b.b.js HTTP/1.1
Host: lcdn.tsyndicate.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://tsyndicate.com/
Cookie: ts_uid=83ae6d5c-bba7-42a1-afbc-39462126dfe4; bfq=APeIECNCxxYZN2zQsDFjRhcWIsYU3BLjoYgyE2PYsCFjRgwaMnLg6NJH
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
HTTP/2 200 OK
date: Sat, 03 Sep 2022 17:58:18 GMT
content-type: application/javascript
content-length: 2808
last-modified: Tue, 22 Feb 2022 13:07:15 GMT
server: nginx
x-robots-tag: noindex, nofollow
content-encoding: gzip
vary: Accept-Encoding
etag: W/"6214e003-1eb1"
age: 15493635
accept-ranges: bytes
X-Firefox-Spdy: h2
poweredby.jads.co/js/jads2.js
185.94.236.246200 OK 1.7 kB URL HTTP/1.1 poweredby.jads.co/js/jads2.js
IP 185.94.236.246:0
File type ASCII text, with very long lines (3758), with no line terminators
Hash 558e1b61fc513016183a3812938e79fb
5f72ea61a2aad8f7a0956321d3fd8524db70eddf
a79f8c0aabfc2d1d45e4df2a86ca9172d292b08987f7a9d5c10bd10abf3aef54
GET /js/jads2.js HTTP/1.1
Host: poweredby.jads.co
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://media.aso1.net/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 03 Sep 2022 17:58:18 GMT
Content-Type: application/x-javascript
Last-Modified: Mon, 11 Jul 2022 00:36:11 GMT
Transfer-Encoding: chunked
Connection: close
ETag: W/"62cb707b-eae"
Content-Encoding: gzip
cdn.adx1.com/964ea29fa8c906c50a6ce6278bed628d.png
149.11.201.98200 OK 19 kB URL HTTP/2 cdn.adx1.com/964ea29fa8c906c50a6ce6278bed628d.png
IP 149.11.201.98:0
File type PNG image data, 192 x 192, 8-bit colormap, non-interlaced\012- data
Hash 749dc1a761b4cadc07648fe3ed87796a
0023796a9b6c8ec9c554b3aac96f99753568a6c1
d865312aaaacbcb21bf9525e62c3c93e889c543a2976e786772369981d9500c0
GET /964ea29fa8c906c50a6ce6278bed628d.png HTTP/1.1
Host: cdn.adx1.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: openresty/1.15.8.3
date: Sat, 03 Sep 2022 17:58:18 GMT
content-type: image/png
content-length: 19427
last-modified: Tue, 21 Jun 2022 21:25:16 GMT
etag: "62b2373c-4be3"
expires: Thu, 15 Sep 2022 10:53:38 GMT
cache-control: max-age=1209600
accept-ranges: bytes
X-Firefox-Spdy: h2
rtbrennab.com/banner/in/show/?mid=1270276935&pid=0&site=4511&sc=NO&usage_type=DCH&subid=2045230537&sid=0&cid=12774&price=0&is_cpm=1&cpm=0.0048&ecpm=0.0048&crid=&crtid=d41d8cd98f00b204e9800998ecf8427e&tcid=0&out_id=&ver=&ver_c=&refdom=a.focusde.info&hostname=auc-banner-hz-0&site_id=0&spot_id=0&utm_source=tcban_i&utm_medium=4511&utm_campaign=19775&utm_content=&expirationTimestamp=0&created_at=0000-00-00&is_native=6&auction_queue=0&pop_winurl=&ip=91.90.42.154&testab=&px_id=0&adblock=0&auction_host=&mm=&yc=&render_type=&campaign_type=&uniq=&exp=&resp_type=iframeAd&iabcat=&min_cpm=0.0001&placement_type_id=-1&skin_test=&verify_hash=&score=1&ml=&ttl=&space_id=859&banner_width=300&banner_height=250&accel=0&gyr=0&iabcat=&url=%2F%2Fin16.zog.link%2Fin%2Ftishow%2F%3Fkatds_ep%3DES3Yy321zjS-Lu9xvmMcZHwnTt7tduNO5ej8nOjp0oKU9nqpqvuR29Ta3HGhRpq92_3tBuM2TVz0narsA0iGCC5sYk3PJeqpu4rBfVm99Eb-GuZS8SFlG9jVtS555gS1kvFmecypcrrLB17fnTtE5SKYZF2SxUgb6Rj2dxFf5RYME3JWAtEn9Wpnoh5mnyDxYwLW-SRmsP8K_hkxPmfgvly5fF8aewUUT6MrLxrbJvR3k7e14eYKXnCZ7AaCCnuGjBUGkY0aauJ5mNz-_20dCvddTCqgtZRfvVhUUX8I9za8s8khhW3EqosQ0oCwkIELnyq83awCae-2K0G79KzLsGtVg25n4gwwo79ToaDdsQPExER8amd6w_QTNo2IufXSWa7lkmZ2DOj4wGxBHu66duMBJY6A0o2KfBjqxxOiSQlwJB3hryJD8MtrOZqhnuVEyHpGS_SoLHGqjWg77MZcxriTDQ2fWK6ojTOvzqndJi43xP_M8VTxxds4szGJbpE9AwKnVwFV7OL_ggcG511iZ_yDfSS8FhpcK6bTbYZKAxgmyx14oYUCukh_Jd96SNHbnEU2tGB-CPww4YDycI_BW8zzjSQ5bI0R0cVkT4dMwiL08b6rH63W4whu7CEy70713SL8TsVBeXQe7qnqutEZq0HW-HVyl9rnxB8ozqNU6Ns84DemF7rchEwLEnYUkAKwVSP-GJ0DVdPXzeuCDrA2WL7C2flkBuP7GsKR0C4mmw6hXy9UZuKY1V1n8J_RwxyKb5i1-h54Yzmg-tRyCtzRKk9ezV6Vve79s6eCKZKLCtvyodFXPhHrPD5Iw9_4ry1oNG9O0XMd2CctRoNLoqxgD5Q_zgRzt8e88kOVa5oHDGQ5d-eEoxV0WPemliqoJBzVCXTcVFIb_SxfBm1WV3A_kWZp3viLhy_DCGl0RcfpFT9fOj7Au-Pz4LUR1FgODeSYiFMP06CgX92DGaBhRdY7qbUHOeU_nLo8swUj-vZaMRzBeE0EG2IiowHWdxvmV1I_tQhn_DPhC1MX9mzPKg55sL58OBPi_iPCL7K7ubRdQ04GJWbFjVb2X81tqd0LGeTjkvunOZ0rTT9aBr1aCJhHQOZ5GnDsfdqU-9fLFduEYpkdj4ShH4pVTMarAM-c3CGcT7a2E3C4C0oLOcWEtQ1cWKOMAKr_IBOjh_Ne3ZoQ7ruxvX-NTGIE7i_JzKyWyY1GaZ-KUexAJ_czK_xmTgDVaFlcWAqetVspDr2v7F9elUsnZRb-xk78LDQIgl9FIGzLkcCv6GsKCbrwZ7T3Uskh8JdfZL2QNhBm_hNcIG27PUJlfKnpwqM_43kEcaatrIoeJrnZtWX2_j47e8Hjvgrg4XPWdLQJZ43wqtXWdUHqZ2qRBgDpMrWKPP76jg-N8B8jIGSbLx7Xj2PqygGPw-IdSsyZfWhT66x_iHsXwe1YvJPIOj_lZvEhhvUqDGHcP1vuaGIkd8UubYqM4aOSwXkDkLKZQDNK65UMkKrPx-_XjRlJCGhT--kycnLaL_uHRzcEPt4uhX7km9e63n-CN-ubD58LmSeT9uT8W8ZI2JoiVvbt_1HE_GHO9ItpHgbHBMcNeeA1brwsJFK_21nwF8M7I_XHu8ttURaneEBjhk9DvZxqsnCJiSoxkTp4hhC1M7t6JpbgIkk6p6bkAVM_pGa-IFWLCMKn7K7DKSkE73GZx_0tUxUhO0GbZugli4d8gPC9BWymKN133aXflS6OKXP3P-2-4cnqGzIgSGW3xEwXa5Ja0fS9GiXNnpRKOLDa0kiGabXdGfpeZu_EnWBBRm3vIq-8S-GvtoHerHnLwi7CUYoeh5wPcQwaTJF_1S1pXzXsn3OBkWYH7vJ5kCwGcXK3P-be07zJZw3Rl7h5DKgPQwnnoHgWytfhDaKOeKiuAgv_iWKR4Ge9DNG4GF4AR0adb8CWhWxWdVdk6Mhl-oW-FBL5xAZuLgcV1hiURLpH6YR4zHKmN5TSoDW3SC0hJE71zcqw9kBIdXJTEgG8RSdCrXV_LVX62XzNsJsHc38j7IbmGKt2PZNr93Jfe7f8m8Y%26sp%3D0.0048&pr=&bid_crid=&bid_cid=&is_iframe=0&ad_tags=&stratagem=
162.55.139.130302 Found 0 B URL HTTP/2 rtbrennab.com/banner/in/show/?mid=1270276935&pid=0&site=4511&sc=NO&usage_type=DCH&subid=2045230537&sid=0&cid=12774&price=0&is_cpm=1&cpm=0.0048&ecpm=0.0048&crid=&crtid=d41d8cd98f00b204e9800998ecf8427e&tcid=0&out_id=&ver=&ver_c=&refdom=a.focusde.info&hostname=auc-banner-hz-0&site_id=0&spot_id=0&utm_source=tcban_i&utm_medium=4511&utm_campaign=19775&utm_content=&expirationTimestamp=0&created_at=0000-00-00&is_native=6&auction_queue=0&pop_winurl=&ip=91.90.42.154&testab=&px_id=0&adblock=0&auction_host=&mm=&yc=&render_type=&campaign_type=&uniq=&exp=&resp_type=iframeAd&iabcat=&min_cpm=0.0001&placement_type_id=-1&skin_test=&verify_hash=&score=1&ml=&ttl=&space_id=859&banner_width=300&banner_height=250&accel=0&gyr=0&iabcat=&url=%2F%2Fin16.zog.link%2Fin%2Ftishow%2F%3Fkatds_ep%3DES3Yy321zjS-Lu9xvmMcZHwnTt7tduNO5ej8nOjp0oKU9nqpqvuR29Ta3HGhRpq92_3tBuM2TVz0narsA0iGCC5sYk3PJeqpu4rBfVm99Eb-GuZS8SFlG9jVtS555gS1kvFmecypcrrLB17fnTtE5SKYZF2SxUgb6Rj2dxFf5RYME3JWAtEn9Wpnoh5mnyDxYwLW-SRmsP8K_hkxPmfgvly5fF8aewUUT6MrLxrbJvR3k7e14eYKXnCZ7AaCCnuGjBUGkY0aauJ5mNz-_20dCvddTCqgtZRfvVhUUX8I9za8s8khhW3EqosQ0oCwkIELnyq83awCae-2K0G79KzLsGtVg25n4gwwo79ToaDdsQPExER8amd6w_QTNo2IufXSWa7lkmZ2DOj4wGxBHu66duMBJY6A0o2KfBjqxxOiSQlwJB3hryJD8MtrOZqhnuVEyHpGS_SoLHGqjWg77MZcxriTDQ2fWK6ojTOvzqndJi43xP_M8VTxxds4szGJbpE9AwKnVwFV7OL_ggcG511iZ_yDfSS8FhpcK6bTbYZKAxgmyx14oYUCukh_Jd96SNHbnEU2tGB-CPww4YDycI_BW8zzjSQ5bI0R0cVkT4dMwiL08b6rH63W4whu7CEy70713SL8TsVBeXQe7qnqutEZq0HW-HVyl9rnxB8ozqNU6Ns84DemF7rchEwLEnYUkAKwVSP-GJ0DVdPXzeuCDrA2WL7C2flkBuP7GsKR0C4mmw6hXy9UZuKY1V1n8J_RwxyKb5i1-h54Yzmg-tRyCtzRKk9ezV6Vve79s6eCKZKLCtvyodFXPhHrPD5Iw9_4ry1oNG9O0XMd2CctRoNLoqxgD5Q_zgRzt8e88kOVa5oHDGQ5d-eEoxV0WPemliqoJBzVCXTcVFIb_SxfBm1WV3A_kWZp3viLhy_DCGl0RcfpFT9fOj7Au-Pz4LUR1FgODeSYiFMP06CgX92DGaBhRdY7qbUHOeU_nLo8swUj-vZaMRzBeE0EG2IiowHWdxvmV1I_tQhn_DPhC1MX9mzPKg55sL58OBPi_iPCL7K7ubRdQ04GJWbFjVb2X81tqd0LGeTjkvunOZ0rTT9aBr1aCJhHQOZ5GnDsfdqU-9fLFduEYpkdj4ShH4pVTMarAM-c3CGcT7a2E3C4C0oLOcWEtQ1cWKOMAKr_IBOjh_Ne3ZoQ7ruxvX-NTGIE7i_JzKyWyY1GaZ-KUexAJ_czK_xmTgDVaFlcWAqetVspDr2v7F9elUsnZRb-xk78LDQIgl9FIGzLkcCv6GsKCbrwZ7T3Uskh8JdfZL2QNhBm_hNcIG27PUJlfKnpwqM_43kEcaatrIoeJrnZtWX2_j47e8Hjvgrg4XPWdLQJZ43wqtXWdUHqZ2qRBgDpMrWKPP76jg-N8B8jIGSbLx7Xj2PqygGPw-IdSsyZfWhT66x_iHsXwe1YvJPIOj_lZvEhhvUqDGHcP1vuaGIkd8UubYqM4aOSwXkDkLKZQDNK65UMkKrPx-_XjRlJCGhT--kycnLaL_uHRzcEPt4uhX7km9e63n-CN-ubD58LmSeT9uT8W8ZI2JoiVvbt_1HE_GHO9ItpHgbHBMcNeeA1brwsJFK_21nwF8M7I_XHu8ttURaneEBjhk9DvZxqsnCJiSoxkTp4hhC1M7t6JpbgIkk6p6bkAVM_pGa-IFWLCMKn7K7DKSkE73GZx_0tUxUhO0GbZugli4d8gPC9BWymKN133aXflS6OKXP3P-2-4cnqGzIgSGW3xEwXa5Ja0fS9GiXNnpRKOLDa0kiGabXdGfpeZu_EnWBBRm3vIq-8S-GvtoHerHnLwi7CUYoeh5wPcQwaTJF_1S1pXzXsn3OBkWYH7vJ5kCwGcXK3P-be07zJZw3Rl7h5DKgPQwnnoHgWytfhDaKOeKiuAgv_iWKR4Ge9DNG4GF4AR0adb8CWhWxWdVdk6Mhl-oW-FBL5xAZuLgcV1hiURLpH6YR4zHKmN5TSoDW3SC0hJE71zcqw9kBIdXJTEgG8RSdCrXV_LVX62XzNsJsHc38j7IbmGKt2PZNr93Jfe7f8m8Y%26sp%3D0.0048&pr=&bid_crid=&bid_cid=&is_iframe=0&ad_tags=&stratagem=
IP 162.55.139.130:0
ASN #24940 Hetzner Online GmbH
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /banner/in/show/?mid=1270276935&pid=0&site=4511&sc=NO&usage_type=DCH&subid=2045230537&sid=0&cid=12774&price=0&is_cpm=1&cpm=0.0048&ecpm=0.0048&crid=&crtid=d41d8cd98f00b204e9800998ecf8427e&tcid=0&out_id=&ver=&ver_c=&refdom=a.focusde.info&hostname=auc-banner-hz-0&site_id=0&spot_id=0&utm_source=tcban_i&utm_medium=4511&utm_campaign=19775&utm_content=&expirationTimestamp=0&created_at=0000-00-00&is_native=6&auction_queue=0&pop_winurl=&ip=91.90.42.154&testab=&px_id=0&adblock=0&auction_host=&mm=&yc=&render_type=&campaign_type=&uniq=&exp=&resp_type=iframeAd&iabcat=&min_cpm=0.0001&placement_type_id=-1&skin_test=&verify_hash=&score=1&ml=&ttl=&space_id=859&banner_width=300&banner_height=250&accel=0&gyr=0&iabcat=&url=%2F%2Fin16.zog.link%2Fin%2Ftishow%2F%3Fkatds_ep%3DES3Yy321zjS-Lu9xvmMcZHwnTt7tduNO5ej8nOjp0oKU9nqpqvuR29Ta3HGhRpq92_3tBuM2TVz0narsA0iGCC5sYk3PJeqpu4rBfVm99Eb-GuZS8SFlG9jVtS555gS1kvFmecypcrrLB17fnTtE5SKYZF2SxUgb6Rj2dxFf5RYME3JWAtEn9Wpnoh5mnyDxYwLW-SRmsP8K_hkxPmfgvly5fF8aewUUT6MrLxrbJvR3k7e14eYKXnCZ7AaCCnuGjBUGkY0aauJ5mNz-_20dCvddTCqgtZRfvVhUUX8I9za8s8khhW3EqosQ0oCwkIELnyq83awCae-2K0G79KzLsGtVg25n4gwwo79ToaDdsQPExER8amd6w_QTNo2IufXSWa7lkmZ2DOj4wGxBHu66duMBJY6A0o2KfBjqxxOiSQlwJB3hryJD8MtrOZqhnuVEyHpGS_SoLHGqjWg77MZcxriTDQ2fWK6ojTOvzqndJi43xP_M8VTxxds4szGJbpE9AwKnVwFV7OL_ggcG511iZ_yDfSS8FhpcK6bTbYZKAxgmyx14oYUCukh_Jd96SNHbnEU2tGB-CPww4YDycI_BW8zzjSQ5bI0R0cVkT4dMwiL08b6rH63W4whu7CEy70713SL8TsVBeXQe7qnqutEZq0HW-HVyl9rnxB8ozqNU6Ns84DemF7rchEwLEnYUkAKwVSP-GJ0DVdPXzeuCDrA2WL7C2flkBuP7GsKR0C4mmw6hXy9UZuKY1V1n8J_RwxyKb5i1-h54Yzmg-tRyCtzRKk9ezV6Vve79s6eCKZKLCtvyodFXPhHrPD5Iw9_4ry1oNG9O0XMd2CctRoNLoqxgD5Q_zgRzt8e88kOVa5oHDGQ5d-eEoxV0WPemliqoJBzVCXTcVFIb_SxfBm1WV3A_kWZp3viLhy_DCGl0RcfpFT9fOj7Au-Pz4LUR1FgODeSYiFMP06CgX92DGaBhRdY7qbUHOeU_nLo8swUj-vZaMRzBeE0EG2IiowHWdxvmV1I_tQhn_DPhC1MX9mzPKg55sL58OBPi_iPCL7K7ubRdQ04GJWbFjVb2X81tqd0LGeTjkvunOZ0rTT9aBr1aCJhHQOZ5GnDsfdqU-9fLFduEYpkdj4ShH4pVTMarAM-c3CGcT7a2E3C4C0oLOcWEtQ1cWKOMAKr_IBOjh_Ne3ZoQ7ruxvX-NTGIE7i_JzKyWyY1GaZ-KUexAJ_czK_xmTgDVaFlcWAqetVspDr2v7F9elUsnZRb-xk78LDQIgl9FIGzLkcCv6GsKCbrwZ7T3Uskh8JdfZL2QNhBm_hNcIG27PUJlfKnpwqM_43kEcaatrIoeJrnZtWX2_j47e8Hjvgrg4XPWdLQJZ43wqtXWdUHqZ2qRBgDpMrWKPP76jg-N8B8jIGSbLx7Xj2PqygGPw-IdSsyZfWhT66x_iHsXwe1YvJPIOj_lZvEhhvUqDGHcP1vuaGIkd8UubYqM4aOSwXkDkLKZQDNK65UMkKrPx-_XjRlJCGhT--kycnLaL_uHRzcEPt4uhX7km9e63n-CN-ubD58LmSeT9uT8W8ZI2JoiVvbt_1HE_GHO9ItpHgbHBMcNeeA1brwsJFK_21nwF8M7I_XHu8ttURaneEBjhk9DvZxqsnCJiSoxkTp4hhC1M7t6JpbgIkk6p6bkAVM_pGa-IFWLCMKn7K7DKSkE73GZx_0tUxUhO0GbZugli4d8gPC9BWymKN133aXflS6OKXP3P-2-4cnqGzIgSGW3xEwXa5Ja0fS9GiXNnpRKOLDa0kiGabXdGfpeZu_EnWBBRm3vIq-8S-GvtoHerHnLwi7CUYoeh5wPcQwaTJF_1S1pXzXsn3OBkWYH7vJ5kCwGcXK3P-be07zJZw3Rl7h5DKgPQwnnoHgWytfhDaKOeKiuAgv_iWKR4Ge9DNG4GF4AR0adb8CWhWxWdVdk6Mhl-oW-FBL5xAZuLgcV1hiURLpH6YR4zHKmN5TSoDW3SC0hJE71zcqw9kBIdXJTEgG8RSdCrXV_LVX62XzNsJsHc38j7IbmGKt2PZNr93Jfe7f8m8Y%26sp%3D0.0048&pr=&bid_crid=&bid_cid=&is_iframe=0&ad_tags=&stratagem= HTTP/1.1
Host: rtbrennab.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://rtbbnr.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 302 Found
server: nginx/1.16.0
date: Sat, 03 Sep 2022 17:58:19 GMT
content-length: 0
vary: Origin
cache-control: no-transform, no-cache, no-store, must-revalidate
pragma: no-cache
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: *
location: //in16.zog.link/in/tishow/?katds_ep=ES3Yy321zjS-Lu9xvmMcZHwnTt7tduNO5ej8nOjp0oKU9nqpqvuR29Ta3HGhRpq92_3tBuM2TVz0narsA0iGCC5sYk3PJeqpu4rBfVm99Eb-GuZS8SFlG9jVtS555gS1kvFmecypcrrLB17fnTtE5SKYZF2SxUgb6Rj2dxFf5RYME3JWAtEn9Wpnoh5mnyDxYwLW-SRmsP8K_hkxPmfgvly5fF8aewUUT6MrLxrbJvR3k7e14eYKXnCZ7AaCCnuGjBUGkY0aauJ5mNz-_20dCvddTCqgtZRfvVhUUX8I9za8s8khhW3EqosQ0oCwkIELnyq83awCae-2K0G79KzLsGtVg25n4gwwo79ToaDdsQPExER8amd6w_QTNo2IufXSWa7lkmZ2DOj4wGxBHu66duMBJY6A0o2KfBjqxxOiSQlwJB3hryJD8MtrOZqhnuVEyHpGS_SoLHGqjWg77MZcxriTDQ2fWK6ojTOvzqndJi43xP_M8VTxxds4szGJbpE9AwKnVwFV7OL_ggcG511iZ_yDfSS8FhpcK6bTbYZKAxgmyx14oYUCukh_Jd96SNHbnEU2tGB-CPww4YDycI_BW8zzjSQ5bI0R0cVkT4dMwiL08b6rH63W4whu7CEy70713SL8TsVBeXQe7qnqutEZq0HW-HVyl9rnxB8ozqNU6Ns84DemF7rchEwLEnYUkAKwVSP-GJ0DVdPXzeuCDrA2WL7C2flkBuP7GsKR0C4mmw6hXy9UZuKY1V1n8J_RwxyKb5i1-h54Yzmg-tRyCtzRKk9ezV6Vve79s6eCKZKLCtvyodFXPhHrPD5Iw9_4ry1oNG9O0XMd2CctRoNLoqxgD5Q_zgRzt8e88kOVa5oHDGQ5d-eEoxV0WPemliqoJBzVCXTcVFIb_SxfBm1WV3A_kWZp3viLhy_DCGl0RcfpFT9fOj7Au-Pz4LUR1FgODeSYiFMP06CgX92DGaBhRdY7qbUHOeU_nLo8swUj-vZaMRzBeE0EG2IiowHWdxvmV1I_tQhn_DPhC1MX9mzPKg55sL58OBPi_iPCL7K7ubRdQ04GJWbFjVb2X81tqd0LGeTjkvunOZ0rTT9aBr1aCJhHQOZ5GnDsfdqU-9fLFduEYpkdj4ShH4pVTMarAM-c3CGcT7a2E3C4C0oLOcWEtQ1cWKOMAKr_IBOjh_Ne3ZoQ7ruxvX-NTGIE7i_JzKyWyY1GaZ-KUexAJ_czK_xmTgDVaFlcWAqetVspDr2v7F9elUsnZRb-xk78LDQIgl9FIGzLkcCv6GsKCbrwZ7T3Uskh8JdfZL2QNhBm_hNcIG27PUJlfKnpwqM_43kEcaatrIoeJrnZtWX2_j47e8Hjvgrg4XPWdLQJZ43wqtXWdUHqZ2qRBgDpMrWKPP76jg-N8B8jIGSbLx7Xj2PqygGPw-IdSsyZfWhT66x_iHsXwe1YvJPIOj_lZvEhhvUqDGHcP1vuaGIkd8UubYqM4aOSwXkDkLKZQDNK65UMkKrPx-_XjRlJCGhT--kycnLaL_uHRzcEPt4uhX7km9e63n-CN-ubD58LmSeT9uT8W8ZI2JoiVvbt_1HE_GHO9ItpHgbHBMcNeeA1brwsJFK_21nwF8M7I_XHu8ttURaneEBjhk9DvZxqsnCJiSoxkTp4hhC1M7t6JpbgIkk6p6bkAVM_pGa-IFWLCMKn7K7DKSkE73GZx_0tUxUhO0GbZugli4d8gPC9BWymKN133aXflS6OKXP3P-2-4cnqGzIgSGW3xEwXa5Ja0fS9GiXNnpRKOLDa0kiGabXdGfpeZu_EnWBBRm3vIq-8S-GvtoHerHnLwi7CUYoeh5wPcQwaTJF_1S1pXzXsn3OBkWYH7vJ5kCwGcXK3P-be07zJZw3Rl7h5DKgPQwnnoHgWytfhDaKOeKiuAgv_iWKR4Ge9DNG4GF4AR0adb8CWhWxWdVdk6Mhl-oW-FBL5xAZuLgcV1hiURLpH6YR4zHKmN5TSoDW3SC0hJE71zcqw9kBIdXJTEgG8RSdCrXV_LVX62XzNsJsHc38j7IbmGKt2PZNr93Jfe7f8m8Y&sp=0.0048
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 80a630aaca3318cb690ea7c1e68e1b73
280347dd4fb4f86a75cc4a83942a20fab0995d27
4e50347db408d4fa75bbd658ad8f32340ba08ab7af2c734d0b3b9c72a61e294e
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "4E50347DB408D4FA75BBD658AD8F32340BA08AB7AF2C734D0B3B9C72A61E294E"
Last-Modified: Sat, 03 Sep 2022 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11011
Expires: Sat, 03 Sep 2022 21:01:50 GMT
Date: Sat, 03 Sep 2022 17:58:19 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 80a630aaca3318cb690ea7c1e68e1b73
280347dd4fb4f86a75cc4a83942a20fab0995d27
4e50347db408d4fa75bbd658ad8f32340ba08ab7af2c734d0b3b9c72a61e294e
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "4E50347DB408D4FA75BBD658AD8F32340BA08AB7AF2C734D0B3B9C72A61E294E"
Last-Modified: Sat, 03 Sep 2022 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11011
Expires: Sat, 03 Sep 2022 21:01:50 GMT
Date: Sat, 03 Sep 2022 17:58:19 GMT
Connection: keep-alive
ocsp.sectigo.com/
172.64.155.188200 OK 472 B IP 172.64.155.188:0
Hash 6974f1f6cbc2108e5de0646e66bcac14
c4bb058f22e2194f42d8b8910ee5eadd2c8c674c
201f676ea4a98f2b98a0d893a3b28fe7b6f8a6da88a8b01edb255b17591bfd10
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sat, 03 Sep 2022 17:58:19 GMT
Content-Type: application/ocsp-response
Content-Length: 472
Connection: keep-alive
Last-Modified: Sat, 03 Sep 2022 15:56:20 GMT
Expires: Sat, 10 Sep 2022 15:56:19 GMT
Etag: "c4bb058f22e2194f42d8b8910ee5eadd2c8c674c"
Cache-Control: max-age=596879,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb1
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 74505f704a970b65-OSL
a.focusde.info/api/spots/391868?host=xfantazy.com&ev=196&wh=939&ww=1280
135.181.208.216200 OK 537 B URL HTTP/2 a.focusde.info/api/spots/391868?host=xfantazy.com&ev=196&wh=939&ww=1280
IP 135.181.208.216:0
ASN #24940 Hetzner Online GmbH
Hash 530fa31bddc91dd7e598af5a70e0f649
7575e87b2f655ab39041ea6f9f43d95472ec984f
e6f5ac11512fcf14eb852278093a16c65c8d16d5b248f1e4b954b82786473b1b
GET /api/spots/391868?host=xfantazy.com&ev=196&wh=939&ww=1280 HTTP/1.1
Host: a.focusde.info
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Cookie: nauid=qs7lgpgvDBTpKIgYPNRB
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 03 Sep 2022 17:58:17 GMT
content-type: text/javascript; charset=utf-8
vary: Accept-Encoding
cache-control: private
content-encoding: gzip
X-Firefox-Spdy: h2
lcdn.tsyndicate.com/images/d/a/8cda8d80a1d5024c843ae725bec44fc5a9effa/main.webp
8.248.225.238200 OK 7.6 kB URL HTTP/2 lcdn.tsyndicate.com/images/d/a/8cda8d80a1d5024c843ae725bec44fc5a9effa/main.webp
IP 8.248.225.238:0
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 300x250, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash e4f213e461314b76f502b7ffe3bf4d11
76bc4a3707dda7c958b790a945b90d7321f917c9
c0f38cacf0532542bdc6b7ead302d7134f92f4dc0437089b37b0118faa4f6c6f
GET /images/d/a/8cda8d80a1d5024c843ae725bec44fc5a9effa/main.webp HTTP/1.1
Host: lcdn.tsyndicate.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://a.focusde.info/
Cookie: ts_uid=97ba94ef-5402-428c-8e7a-17f3dde0586f; bfq=APeIECNCxxYZN2zQsDFjRhcWIsYU3BLjoYgyE2PYsCFjRgwaMnLg6NJH
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 03 Sep 2022 17:58:19 GMT
content-type: image/webp
content-length: 7553
last-modified: Fri, 21 Jan 2022 04:19:41 GMT
server: nginx
x-robots-tag: noindex, nofollow
content-encoding: gzip
vary: Accept-Encoding
etag: W/"61ea345d-1d6a"
age: 19471953
accept-ranges: bytes
X-Firefox-Spdy: h2
lcdn.tsyndicate.com/images/8/6/acaf6a36ca48c48cde831d128f7a20941343d6/main.webp
8.248.225.238200 OK 6.6 kB URL HTTP/2 lcdn.tsyndicate.com/images/8/6/acaf6a36ca48c48cde831d128f7a20941343d6/main.webp
IP 8.248.225.238:0
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 300x250, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash eb8a8385c7ce99f40f6c39232954e6a2
881c000d9e9bb91f5f6df304b52e282b94e74e83
d3846cdcccd80dbeca7f1c2cbcf1e31130f66ea2f9cb574bc02204002db1891b
GET /images/8/6/acaf6a36ca48c48cde831d128f7a20941343d6/main.webp HTTP/1.1
Host: lcdn.tsyndicate.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://a.focusde.info/
Cookie: ts_uid=97ba94ef-5402-428c-8e7a-17f3dde0586f; bfq=APeIECNCxxYZN2zQsDFjRhcWIsYU3BLjoYgyE2PYsCFjRgwaMnLg6NJH
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 03 Sep 2022 17:58:19 GMT
content-type: image/webp
content-length: 6585
last-modified: Fri, 21 Jan 2022 04:19:37 GMT
server: nginx
x-robots-tag: noindex, nofollow
content-encoding: gzip
vary: Accept-Encoding
etag: W/"61ea3459-19a2"
age: 19471953
accept-ranges: bytes
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash a6c2944bdec3b874ff02a5874f033edf
c28cf3be96b28c20202f9ade610bbc8c10dbab66
1f496909431e795ad27e68f3a796cf86a78b13541b05caf0f2d1d154c080da3c
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "1F496909431E795AD27E68F3A796CF86A78B13541B05CAF0F2D1D154C080DA3C"
Last-Modified: Fri, 02 Sep 2022 16:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4597
Expires: Sat, 03 Sep 2022 19:14:56 GMT
Date: Sat, 03 Sep 2022 17:58:19 GMT
Connection: keep-alive
ocsp.digicert.com/
93.184.220.29200 OK 312 B IP 93.184.220.29:0
Hash f35ef5eea84ffb5288d3e149350e6e0a
8951c215c9258ffaec25534b1a49e2b0f8743e50
bc08ef3fd1f09d9762e4528370eae2f9380a46f22aadf0bd6459b659d3f6fa2f
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6310
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Sat, 03 Sep 2022 17:58:19 GMT
Last-Modified: Sat, 03 Sep 2022 16:13:09 GMT
Server: ECS (ska/F716)
X-Cache: HIT
Content-Length: 312
in16.zog.link/in/tishow/?katds_ep=ES3Yy321zjS-Lu9xvmMcZHwnTt7tduNO5ej8nOjp0oKU9nqpqvuR29Ta3HGhRpq92_3tBuM2TVz0narsA0iGCC5sYk3PJeqpu4rBfVm99Eb-GuZS8SFlG9jVtS555gS1kvFmecypcrrLB17fnTtE5SKYZF2SxUgb6Rj2dxFf5RYME3JWAtEn9Wpnoh5mnyDxYwLW-SRmsP8K_hkxPmfgvly5fF8aewUUT6MrLxrbJvR3k7e14eYKXnCZ7AaCCnuGjBUGkY0aauJ5mNz-_20dCvddTCqgtZRfvVhUUX8I9za8s8khhW3EqosQ0oCwkIELnyq83awCae-2K0G79KzLsGtVg25n4gwwo79ToaDdsQPExER8amd6w_QTNo2IufXSWa7lkmZ2DOj4wGxBHu66duMBJY6A0o2KfBjqxxOiSQlwJB3hryJD8MtrOZqhnuVEyHpGS_SoLHGqjWg77MZcxriTDQ2fWK6ojTOvzqndJi43xP_M8VTxxds4szGJbpE9AwKnVwFV7OL_ggcG511iZ_yDfSS8FhpcK6bTbYZKAxgmyx14oYUCukh_Jd96SNHbnEU2tGB-CPww4YDycI_BW8zzjSQ5bI0R0cVkT4dMwiL08b6rH63W4whu7CEy70713SL8TsVBeXQe7qnqutEZq0HW-HVyl9rnxB8ozqNU6Ns84DemF7rchEwLEnYUkAKwVSP-GJ0DVdPXzeuCDrA2WL7C2flkBuP7GsKR0C4mmw6hXy9UZuKY1V1n8J_RwxyKb5i1-h54Yzmg-tRyCtzRKk9ezV6Vve79s6eCKZKLCtvyodFXPhHrPD5Iw9_4ry1oNG9O0XMd2CctRoNLoqxgD5Q_zgRzt8e88kOVa5oHDGQ5d-eEoxV0WPemliqoJBzVCXTcVFIb_SxfBm1WV3A_kWZp3viLhy_DCGl0RcfpFT9fOj7Au-Pz4LUR1FgODeSYiFMP06CgX92DGaBhRdY7qbUHOeU_nLo8swUj-vZaMRzBeE0EG2IiowHWdxvmV1I_tQhn_DPhC1MX9mzPKg55sL58OBPi_iPCL7K7ubRdQ04GJWbFjVb2X81tqd0LGeTjkvunOZ0rTT9aBr1aCJhHQOZ5GnDsfdqU-9fLFduEYpkdj4ShH4pVTMarAM-c3CGcT7a2E3C4C0oLOcWEtQ1cWKOMAKr_IBOjh_Ne3ZoQ7ruxvX-NTGIE7i_JzKyWyY1GaZ-KUexAJ_czK_xmTgDVaFlcWAqetVspDr2v7F9elUsnZRb-xk78LDQIgl9FIGzLkcCv6GsKCbrwZ7T3Uskh8JdfZL2QNhBm_hNcIG27PUJlfKnpwqM_43kEcaatrIoeJrnZtWX2_j47e8Hjvgrg4XPWdLQJZ43wqtXWdUHqZ2qRBgDpMrWKPP76jg-N8B8jIGSbLx7Xj2PqygGPw-IdSsyZfWhT66x_iHsXwe1YvJPIOj_lZvEhhvUqDGHcP1vuaGIkd8UubYqM4aOSwXkDkLKZQDNK65UMkKrPx-_XjRlJCGhT--kycnLaL_uHRzcEPt4uhX7km9e63n-CN-ubD58LmSeT9uT8W8ZI2JoiVvbt_1HE_GHO9ItpHgbHBMcNeeA1brwsJFK_21nwF8M7I_XHu8ttURaneEBjhk9DvZxqsnCJiSoxkTp4hhC1M7t6JpbgIkk6p6bkAVM_pGa-IFWLCMKn7K7DKSkE73GZx_0tUxUhO0GbZugli4d8gPC9BWymKN133aXflS6OKXP3P-2-4cnqGzIgSGW3xEwXa5Ja0fS9GiXNnpRKOLDa0kiGabXdGfpeZu_EnWBBRm3vIq-8S-GvtoHerHnLwi7CUYoeh5wPcQwaTJF_1S1pXzXsn3OBkWYH7vJ5kCwGcXK3P-be07zJZw3Rl7h5DKgPQwnnoHgWytfhDaKOeKiuAgv_iWKR4Ge9DNG4GF4AR0adb8CWhWxWdVdk6Mhl-oW-FBL5xAZuLgcV1hiURLpH6YR4zHKmN5TSoDW3SC0hJE71zcqw9kBIdXJTEgG8RSdCrXV_LVX62XzNsJsHc38j7IbmGKt2PZNr93Jfe7f8m8Y&sp=0.0048
109.206.181.2302 Found 0 B URL HTTP/2 in16.zog.link/in/tishow/?katds_ep=ES3Yy321zjS-Lu9xvmMcZHwnTt7tduNO5ej8nOjp0oKU9nqpqvuR29Ta3HGhRpq92_3tBuM2TVz0narsA0iGCC5sYk3PJeqpu4rBfVm99Eb-GuZS8SFlG9jVtS555gS1kvFmecypcrrLB17fnTtE5SKYZF2SxUgb6Rj2dxFf5RYME3JWAtEn9Wpnoh5mnyDxYwLW-SRmsP8K_hkxPmfgvly5fF8aewUUT6MrLxrbJvR3k7e14eYKXnCZ7AaCCnuGjBUGkY0aauJ5mNz-_20dCvddTCqgtZRfvVhUUX8I9za8s8khhW3EqosQ0oCwkIELnyq83awCae-2K0G79KzLsGtVg25n4gwwo79ToaDdsQPExER8amd6w_QTNo2IufXSWa7lkmZ2DOj4wGxBHu66duMBJY6A0o2KfBjqxxOiSQlwJB3hryJD8MtrOZqhnuVEyHpGS_SoLHGqjWg77MZcxriTDQ2fWK6ojTOvzqndJi43xP_M8VTxxds4szGJbpE9AwKnVwFV7OL_ggcG511iZ_yDfSS8FhpcK6bTbYZKAxgmyx14oYUCukh_Jd96SNHbnEU2tGB-CPww4YDycI_BW8zzjSQ5bI0R0cVkT4dMwiL08b6rH63W4whu7CEy70713SL8TsVBeXQe7qnqutEZq0HW-HVyl9rnxB8ozqNU6Ns84DemF7rchEwLEnYUkAKwVSP-GJ0DVdPXzeuCDrA2WL7C2flkBuP7GsKR0C4mmw6hXy9UZuKY1V1n8J_RwxyKb5i1-h54Yzmg-tRyCtzRKk9ezV6Vve79s6eCKZKLCtvyodFXPhHrPD5Iw9_4ry1oNG9O0XMd2CctRoNLoqxgD5Q_zgRzt8e88kOVa5oHDGQ5d-eEoxV0WPemliqoJBzVCXTcVFIb_SxfBm1WV3A_kWZp3viLhy_DCGl0RcfpFT9fOj7Au-Pz4LUR1FgODeSYiFMP06CgX92DGaBhRdY7qbUHOeU_nLo8swUj-vZaMRzBeE0EG2IiowHWdxvmV1I_tQhn_DPhC1MX9mzPKg55sL58OBPi_iPCL7K7ubRdQ04GJWbFjVb2X81tqd0LGeTjkvunOZ0rTT9aBr1aCJhHQOZ5GnDsfdqU-9fLFduEYpkdj4ShH4pVTMarAM-c3CGcT7a2E3C4C0oLOcWEtQ1cWKOMAKr_IBOjh_Ne3ZoQ7ruxvX-NTGIE7i_JzKyWyY1GaZ-KUexAJ_czK_xmTgDVaFlcWAqetVspDr2v7F9elUsnZRb-xk78LDQIgl9FIGzLkcCv6GsKCbrwZ7T3Uskh8JdfZL2QNhBm_hNcIG27PUJlfKnpwqM_43kEcaatrIoeJrnZtWX2_j47e8Hjvgrg4XPWdLQJZ43wqtXWdUHqZ2qRBgDpMrWKPP76jg-N8B8jIGSbLx7Xj2PqygGPw-IdSsyZfWhT66x_iHsXwe1YvJPIOj_lZvEhhvUqDGHcP1vuaGIkd8UubYqM4aOSwXkDkLKZQDNK65UMkKrPx-_XjRlJCGhT--kycnLaL_uHRzcEPt4uhX7km9e63n-CN-ubD58LmSeT9uT8W8ZI2JoiVvbt_1HE_GHO9ItpHgbHBMcNeeA1brwsJFK_21nwF8M7I_XHu8ttURaneEBjhk9DvZxqsnCJiSoxkTp4hhC1M7t6JpbgIkk6p6bkAVM_pGa-IFWLCMKn7K7DKSkE73GZx_0tUxUhO0GbZugli4d8gPC9BWymKN133aXflS6OKXP3P-2-4cnqGzIgSGW3xEwXa5Ja0fS9GiXNnpRKOLDa0kiGabXdGfpeZu_EnWBBRm3vIq-8S-GvtoHerHnLwi7CUYoeh5wPcQwaTJF_1S1pXzXsn3OBkWYH7vJ5kCwGcXK3P-be07zJZw3Rl7h5DKgPQwnnoHgWytfhDaKOeKiuAgv_iWKR4Ge9DNG4GF4AR0adb8CWhWxWdVdk6Mhl-oW-FBL5xAZuLgcV1hiURLpH6YR4zHKmN5TSoDW3SC0hJE71zcqw9kBIdXJTEgG8RSdCrXV_LVX62XzNsJsHc38j7IbmGKt2PZNr93Jfe7f8m8Y&sp=0.0048
IP 109.206.181.2:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /in/tishow/?katds_ep=ES3Yy321zjS-Lu9xvmMcZHwnTt7tduNO5ej8nOjp0oKU9nqpqvuR29Ta3HGhRpq92_3tBuM2TVz0narsA0iGCC5sYk3PJeqpu4rBfVm99Eb-GuZS8SFlG9jVtS555gS1kvFmecypcrrLB17fnTtE5SKYZF2SxUgb6Rj2dxFf5RYME3JWAtEn9Wpnoh5mnyDxYwLW-SRmsP8K_hkxPmfgvly5fF8aewUUT6MrLxrbJvR3k7e14eYKXnCZ7AaCCnuGjBUGkY0aauJ5mNz-_20dCvddTCqgtZRfvVhUUX8I9za8s8khhW3EqosQ0oCwkIELnyq83awCae-2K0G79KzLsGtVg25n4gwwo79ToaDdsQPExER8amd6w_QTNo2IufXSWa7lkmZ2DOj4wGxBHu66duMBJY6A0o2KfBjqxxOiSQlwJB3hryJD8MtrOZqhnuVEyHpGS_SoLHGqjWg77MZcxriTDQ2fWK6ojTOvzqndJi43xP_M8VTxxds4szGJbpE9AwKnVwFV7OL_ggcG511iZ_yDfSS8FhpcK6bTbYZKAxgmyx14oYUCukh_Jd96SNHbnEU2tGB-CPww4YDycI_BW8zzjSQ5bI0R0cVkT4dMwiL08b6rH63W4whu7CEy70713SL8TsVBeXQe7qnqutEZq0HW-HVyl9rnxB8ozqNU6Ns84DemF7rchEwLEnYUkAKwVSP-GJ0DVdPXzeuCDrA2WL7C2flkBuP7GsKR0C4mmw6hXy9UZuKY1V1n8J_RwxyKb5i1-h54Yzmg-tRyCtzRKk9ezV6Vve79s6eCKZKLCtvyodFXPhHrPD5Iw9_4ry1oNG9O0XMd2CctRoNLoqxgD5Q_zgRzt8e88kOVa5oHDGQ5d-eEoxV0WPemliqoJBzVCXTcVFIb_SxfBm1WV3A_kWZp3viLhy_DCGl0RcfpFT9fOj7Au-Pz4LUR1FgODeSYiFMP06CgX92DGaBhRdY7qbUHOeU_nLo8swUj-vZaMRzBeE0EG2IiowHWdxvmV1I_tQhn_DPhC1MX9mzPKg55sL58OBPi_iPCL7K7ubRdQ04GJWbFjVb2X81tqd0LGeTjkvunOZ0rTT9aBr1aCJhHQOZ5GnDsfdqU-9fLFduEYpkdj4ShH4pVTMarAM-c3CGcT7a2E3C4C0oLOcWEtQ1cWKOMAKr_IBOjh_Ne3ZoQ7ruxvX-NTGIE7i_JzKyWyY1GaZ-KUexAJ_czK_xmTgDVaFlcWAqetVspDr2v7F9elUsnZRb-xk78LDQIgl9FIGzLkcCv6GsKCbrwZ7T3Uskh8JdfZL2QNhBm_hNcIG27PUJlfKnpwqM_43kEcaatrIoeJrnZtWX2_j47e8Hjvgrg4XPWdLQJZ43wqtXWdUHqZ2qRBgDpMrWKPP76jg-N8B8jIGSbLx7Xj2PqygGPw-IdSsyZfWhT66x_iHsXwe1YvJPIOj_lZvEhhvUqDGHcP1vuaGIkd8UubYqM4aOSwXkDkLKZQDNK65UMkKrPx-_XjRlJCGhT--kycnLaL_uHRzcEPt4uhX7km9e63n-CN-ubD58LmSeT9uT8W8ZI2JoiVvbt_1HE_GHO9ItpHgbHBMcNeeA1brwsJFK_21nwF8M7I_XHu8ttURaneEBjhk9DvZxqsnCJiSoxkTp4hhC1M7t6JpbgIkk6p6bkAVM_pGa-IFWLCMKn7K7DKSkE73GZx_0tUxUhO0GbZugli4d8gPC9BWymKN133aXflS6OKXP3P-2-4cnqGzIgSGW3xEwXa5Ja0fS9GiXNnpRKOLDa0kiGabXdGfpeZu_EnWBBRm3vIq-8S-GvtoHerHnLwi7CUYoeh5wPcQwaTJF_1S1pXzXsn3OBkWYH7vJ5kCwGcXK3P-be07zJZw3Rl7h5DKgPQwnnoHgWytfhDaKOeKiuAgv_iWKR4Ge9DNG4GF4AR0adb8CWhWxWdVdk6Mhl-oW-FBL5xAZuLgcV1hiURLpH6YR4zHKmN5TSoDW3SC0hJE71zcqw9kBIdXJTEgG8RSdCrXV_LVX62XzNsJsHc38j7IbmGKt2PZNr93Jfe7f8m8Y&sp=0.0048 HTTP/1.1
Host: in16.zog.link
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://rtbbnr.com/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
server: nginx/1.20.1
date: Sat, 03 Sep 2022 17:58:19 GMT
content-length: 0
location: https://12112336.pix-cdn.org/m/p/0/11/11508/yPndOg0m.html?__OS_FAMILY__={{ __OS_FAMILY__ }}&__OS_TYPE__={{ __OS_TYPE__ }}&__GEOIP_COUNTRY_SHORT__={{ __GEOIP_COUNTRY_SHORT__ }}&__IP2L_MOBILE__={{ __IP2L_MOBILE__ }}&__BROWSER_FAMILY__={{ __BROWSER_FAMILY__ }}&OS_FAMILY=[OS_FAMILY]&OS_TYPE=[OS_TYPE]&COUNTRY_ISO_CODE=[COUNTRY_ISO_CODE]&MOBILE_BRAND=[MOBILE_BRAND]&BROWSER_FAMILY=[BROWSER_FAMILY]&DOMAIN=a.focusde.info&PRICE=0.0050&PRICING_MODEL=[PRICING_MODEL]&CAMPAIGN_ID=6435&CLICK_ID=03978282-6e28-4e66-aee3-d75ddfc387f1&id_zone=[idzone]&site={{ site }}&out_name=37319%7C4317%7Ccpm%7C0.0048%7C%24%200.0050&campaign_id=37319&price=0.0050&bidding_price=0.0048&pricebox_price=0.0200&pricing_model=cpm&click_id=03978282-6e28-4e66-aee3-d75ddfc387f1&priority=[PRIORITY]&ad_sub=173501021&utm1=tcb&utm2=878669509-100&utm3=249-6435-14933&utm4=0-10346131-0
vary: *
cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
set-cookie: 2325.0=1; expires=Sun, 04 Sep 2022 17:58:19 GMT; path=/; secure; SameSite=None
X-Firefox-Spdy: h2
unseenreport.com/pxf.gif?uuid=39ac5163-3130-4767-87ec-8fbb1b1d5db7&eb=da08d6844107154a138edda4653a0f4b&te=f6ce28b9ffd697cd2ee52a12f20448bb&ua=Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64%3B%20rv%3A96.0)%20Gecko%2F20100101%20Firefox%2F96.0&dev=r&res=13.31&b_frame=0&pk=a2f990f10476061c719d1c1aa3a2ecd2&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=17
192.243.61.227200 OK 1 B URL HTTP/1.1 unseenreport.com/pxf.gif?uuid=39ac5163-3130-4767-87ec-8fbb1b1d5db7&eb=da08d6844107154a138edda4653a0f4b&te=f6ce28b9ffd697cd2ee52a12f20448bb&ua=Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64%3B%20rv%3A96.0)%20Gecko%2F20100101%20Firefox%2F96.0&dev=r&res=13.31&b_frame=0&pk=a2f990f10476061c719d1c1aa3a2ecd2&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=17
IP 192.243.61.227:0
ASN #39572 DataWeb Global Group B.V.
File type very short file (no magic)
Hash 93b885adfe0da089cdf634904fd59f71
5ba93c9db0cff93f52b521d7420e43f6eda2784f
6e340b9cffb37a989ca544e6bb780a2c78901d3fb33738768511a30617afa01d
Analyzer Verdict Alert quad9 Sinkholed
GET /pxf.gif?uuid=39ac5163-3130-4767-87ec-8fbb1b1d5db7&eb=da08d6844107154a138edda4653a0f4b&te=f6ce28b9ffd697cd2ee52a12f20448bb&ua=Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64%3B%20rv%3A96.0)%20Gecko%2F20100101%20Firefox%2F96.0&dev=r&res=13.31&b_frame=0&pk=a2f990f10476061c719d1c1aa3a2ecd2&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=17 HTTP/1.1
Host: unseenreport.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.22.0
Date: Sat, 03 Sep 2022 17:58:19 GMT
Content-Type: image/gif
Content-Length: 1
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 75a1b921a96bc2d9c3a6f8dfc7dc29f1
Strict-Transport-Security: max-age=0; includeSubdomains
unseenreport.com/pxf.gif?uuid=39ac5163-3130-4767-87ec-8fbb1b1d5db7&eb=da08d6844107154a138edda4653a0f4b&te=f6ce28b9ffd697cd2ee52a12f20448bb&ua=Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64%3B%20rv%3A96.0)%20Gecko%2F20100101%20Firefox%2F96.0&dev=r&res=13.31&b_frame=0&pk=4d0afc2425eea6b0cd5a468c9f8a69ed&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=17
192.243.61.227200 OK 1 B URL HTTP/1.1 unseenreport.com/pxf.gif?uuid=39ac5163-3130-4767-87ec-8fbb1b1d5db7&eb=da08d6844107154a138edda4653a0f4b&te=f6ce28b9ffd697cd2ee52a12f20448bb&ua=Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64%3B%20rv%3A96.0)%20Gecko%2F20100101%20Firefox%2F96.0&dev=r&res=13.31&b_frame=0&pk=4d0afc2425eea6b0cd5a468c9f8a69ed&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=17
IP 192.243.61.227:0
ASN #39572 DataWeb Global Group B.V.
File type very short file (no magic)
Hash 93b885adfe0da089cdf634904fd59f71
5ba93c9db0cff93f52b521d7420e43f6eda2784f
6e340b9cffb37a989ca544e6bb780a2c78901d3fb33738768511a30617afa01d
Analyzer Verdict Alert quad9 Sinkholed
GET /pxf.gif?uuid=39ac5163-3130-4767-87ec-8fbb1b1d5db7&eb=da08d6844107154a138edda4653a0f4b&te=f6ce28b9ffd697cd2ee52a12f20448bb&ua=Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64%3B%20rv%3A96.0)%20Gecko%2F20100101%20Firefox%2F96.0&dev=r&res=13.31&b_frame=0&pk=4d0afc2425eea6b0cd5a468c9f8a69ed&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=17 HTTP/1.1
Host: unseenreport.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.22.0
Date: Sat, 03 Sep 2022 17:58:19 GMT
Content-Type: image/gif
Content-Length: 1
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 1638c6b9d969229a578b4f63021093f3
Strict-Transport-Security: max-age=0; includeSubdomains
hw-cdn2.adtng.com/delivery/intersection_observer/IntersectionObserver.js
209.197.3.25200 OK 17 kB URL HTTP/1.1 hw-cdn2.adtng.com/delivery/intersection_observer/IntersectionObserver.js
IP 209.197.3.25:0
File type ASCII text, with very long lines (16885), with no line terminators
Hash 48c80c7c28b5b00a8b4ff94a22b72fe3
d57303c2ad2fd5cedc5cb20f264a6965a7819cee
6e9be773031b3234fb9c2d6cf3d9740db1208f4351beca325ec34f76fd38f356
GET /delivery/intersection_observer/IntersectionObserver.js HTTP/1.1
Host: hw-cdn2.adtng.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://a.adtng.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
HTTP/1.1 200 OK
Date: Sat, 03 Sep 2022 17:58:19 GMT
Connection: Keep-Alive
ETag: "1649192094"
Content-Length: 16885
Content-Type: application/javascript
Last-Modified: Tue, 05 Apr 2022 20:54:54 GMT
Accept-Ranges: bytes
Cache-Control: max-age=10565963
X-HW: 1662227899.dop223.sk1.t,1662227899.cds229.sk1.shn,1662227899.cds229.sk1.c
Access-Control-Allow-Origin: *
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 5023bb62c9012dcbe73190b57fecebf4
67877b9650bb711fc32c29956359f70e694b5a92
92847ea5f7fb9edd05dd48f79cd7fa924b077d224374478a7ddf322b9ba8e0d2
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "92847EA5F7FB9EDD05DD48F79CD7FA924B077D224374478A7DDF322B9BA8E0D2"
Last-Modified: Fri, 02 Sep 2022 01:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6616
Expires: Sat, 03 Sep 2022 19:48:35 GMT
Date: Sat, 03 Sep 2022 17:58:19 GMT
Connection: keep-alive
hw-cdn2.ang-content.com/delivery/vortex/vortex-simple-1.0.0.js
205.185.208.20200 OK 5.0 kB URL HTTP/1.1 hw-cdn2.ang-content.com/delivery/vortex/vortex-simple-1.0.0.js
IP 205.185.208.20:0
File type ASCII text, with very long lines (5027), with no line terminators
Hash 5e5817bcf4c82c7c85d1d88636d221ce
b5c32cc6c931c33c1297884016e13d3b9a5bf261
6f0e50ac39121175ca0427c4e87cdfa2520b526c8497e23cffbca726eb6ca42c
GET /delivery/vortex/vortex-simple-1.0.0.js HTTP/1.1
Host: hw-cdn2.ang-content.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://a.adtng.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Date: Sat, 03 Sep 2022 17:58:19 GMT
Connection: Keep-Alive
ETag: "1541168231"
Content-Length: 5027
Content-Type: application/javascript
Last-Modified: Fri, 02 Nov 2018 14:17:11 GMT
Accept-Ranges: bytes
Cache-Control: max-age=10624026
X-HW: 1662227899.dop026.sk1.t,1662227899.cds255.sk1.shn,1662227899.dop026.sk1.t,1662227899.cds225.sk1.c
Access-Control-Allow-Origin: *
hw-cdn2.ang-content.com/a7/creatives/58/612/814876/1038915/1038915_logo.png
205.185.208.20200 OK 7.0 kB URL HTTP/1.1 hw-cdn2.ang-content.com/a7/creatives/58/612/814876/1038915/1038915_logo.png
IP 205.185.208.20:0
File type PNG image data, 300 x 250, 8-bit/color RGBA, interlaced\012- data
Hash ed891c20d297c02d5ada40960078f286
4fff42fbc07232007c0ec56fe65fc2bbbb816ab6
395551bf7839a467d340ea2fb2378df44e5b85e27fa9b7eca180d2e0c786446b
GET /a7/creatives/58/612/814876/1038915/1038915_logo.png HTTP/1.1
Host: hw-cdn2.ang-content.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://a.adtng.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Date: Sat, 03 Sep 2022 17:58:19 GMT
Connection: Keep-Alive
ETag: "1659360866"
Content-Length: 7022
Content-Type: image/png
Last-Modified: Mon, 01 Aug 2022 13:34:26 GMT
Accept-Ranges: bytes
Cache-Control: max-age=10695409
X-HW: 1662227899.dop018.sk1.t,1662227899.cds262.sk1.shn,1662227899.cds262.sk1.c
Access-Control-Allow-Origin: *
chaturbate.com/in/?track=adnium-900x250&tour=x1Rd&campaign=taOsB&c=1&p=0&gender=f
104.18.100.40302 Found 503 B URL HTTP/2 chaturbate.com/in/?track=adnium-900x250&tour=x1Rd&campaign=taOsB&c=1&p=0&gender=f
IP 104.18.100.40:0
Hash 6fa6c3d66db85b127fa2efeada921a74
9999294f2655574a6a3a42d954e246e65cea5518
da33ca3c48363c59b0ebcd1e5d587f0e65cb82f1f8c12b5e729ce4b369f5b271
GET /in/?track=adnium-900x250&tour=x1Rd&campaign=taOsB&c=1&p=0&gender=f HTTP/1.1
Host: chaturbate.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://camschat.net/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
date: Sat, 03 Sep 2022 17:58:19 GMT
content-type: text/html; charset=utf-8
location: /tours/3/?tour=x1Rd&campaign=taOsB&c=1&p=0&gender=f&disable_sound=0
p3p: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"
vary: Accept-Language, Cookie
content-language: en
content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.mmcdn.com https://*.highwebmedia.com https://*.chaturbate.com https://chaturbate.com https://ajax.googleapis.com https://js-agent.newrelic.com https://cdnjs.cloudflare.com https://www.google-analytics.com https://www.google.com/recaptcha/ https://www.google.com/cv/ https://www.gstatic.com/recaptcha/ https://www.gstatic.com/cv/ https://www.gstatic.com/eureka/ https://www.gstatic.com/cast/ https://*.nr-data.net https://certify-js.alexametrics.com https://player.vimeo.com/api/player.js http://static.hotjar.com https://static.hotjar.com https://script.hotjar.com ; style-src 'self' data: 'unsafe-inline' https://*.highwebmedia.com https://cdnjs.cloudflare.com https://fonts.googleapis.com ; img-src 'self' data: https://*.mmcdn.com https://*.highwebmedia.com https://*.stream.highwebmedia.com https://*.chaturbate.com https://chaturbate.com https://www.google-analytics.com https://static-pub.highwebmedia.com https://s3pv.highwebmedia.com https://cbphotovideo.s3.amazonaws.com https://cbphotovideo-eu.s3.amazonaws.com https://static-pub.highwebmedia.com.s3.amazonaws.com https://wowdvr.s3.amazonaws.com https://cbvideoupload.s3.amazonaws.com https://cdnjs.cloudflare.com https://www.gstatic.com https://*.nr-data.net https://certify.alexametrics.com https://stats.g.doubleclick.net https://cbgames.s3.amazonaws.com https://player.vimeo.com https://script.hotjar.com http://script.hotjar.com ; font-src 'self' data: https://*.mmcdn.com https://*.highwebmedia.com https://cdnjs.cloudflare.com https://fonts.gstatic.com http://script.hotjar.com https://script.hotjar.com ; connect-src 'self' blob: blob https://*.mmcdn.com wss://*.mmcdn.com wss://*.mmcdn.com:8443 https://*.highwebmedia.com wss://*.highwebmedia.com wss://*.highwebmedia.com:8443 https://*.nr-data.net https://*.chaturbate.com https://chaturbate.com https://www.google-analytics.com https://cbvideoupload.s3-accelerate.amazonaws.com https://stats.g.doubleclick.net https://internet-up.ably-realtime.com https://static-pub.highwebmedia.com https://s3pv.highwebmedia.com https://cbphotovideo.s3.amazonaws.com https://cbphotovideo-eu.s3.amazonaws.com https://static-pub.highwebmedia.com.s3.amazonaws.com https://wowdvr.s3.amazonaws.com https://cbvideoupload.s3.amazonaws.com https://tls-use1.fpapi.io http://*.hotjar.com:* https://*.hotjar.com:* https://vc.hotjar.io:* https://surveystats.hotjar.io wss://*.hotjar.com ; media-src 'self' https://*.mmcdn.com https://*.highwebmedia.com https://*.chaturbate.com https://chaturbate.com mediasource: blob: data: https://static-pub.highwebmedia.com https://s3pv.highwebmedia.com https://cbphotovideo.s3.amazonaws.com https://cbphotovideo-eu.s3.amazonaws.com https://static-pub.highwebmedia.com.s3.amazonaws.com https://wowdvr.s3.amazonaws.com https://cbvideoupload.s3.amazonaws.com; object-src 'self' https://*.mmcdn.com https://*.highwebmedia.com https://download.macromedia.com https://static-pub.highwebmedia.com https://s3pv.highwebmedia.com https://cbphotovideo.s3.amazonaws.com https://cbphotovideo-eu.s3.amazonaws.com https://static-pub.highwebmedia.com.s3.amazonaws.com https://wowdvr.s3.amazonaws.com https://cbvideoupload.s3.amazonaws.com ; frame-src 'self' https://*.mmcdn.com https://*.chaturbate.com https://chaturbate.com https://*.highwebmedia.com https://adserver.exoticads.com https://www.google.com/recaptcha/ https://*.wnu.com https://wnu.com https://checkout.2000charge.com https://www.sofort.com https://*.girogate.de https://player.vimeo.com https://vars.hotjar.com ; child-src 'self' blob: blob ; worker-src 'self' blob: blob ; form-action 'self' https://*.chaturbate.com https://chaturbate.com https://*.stream.highwebmedia.com https://www.coinpayments.net https://*.wnu.com https://wnu.com https://devportal.cb.dev https://*.web.amer-1.jumio.ai https://smartpay.coinsmart.com ; manifest-src 'self' https://*.mmcdn.com https://*.highwebmedia.com ; report-uri https://report-uri.mmcdn.com/r/t/csp/enforce;
report-to: {"group":"default","max_age":2592000,"endpoints":[{"url":"https://report-uri.mmcdn.com/a/t/g"}],"include_subdomains":true}
nel: {"report_to":"default","max_age":2592000,"include_subdomains":true}
x-frame-options: DENY
cache-control: no-cache
x-content-type-options: nosniff
x-xss-protection: 1; mode=block; report=https://report-uri.highwebmedia.com/r/t/xss/enforce
referrer-policy: strict-origin-when-cross-origin
via: 1.1 google
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cf-cache-status: DYNAMIC
set-cookie: u_x1Rd=1; expires=Thu, 08-Sep-2022 17:58:19 GMT; Max-Age=432000; Path=/
us_x1Rd=1; Path=/
affkey="eJwdjFsKgCAQAK8S+135gD7qswsE3WAzRREjdAMjuntsnzMD8wDB1EBV6w5tAyadjIRLmZkpR2bcj3ClbpSy6kFyyKw90VkmIQymYjxSf1gSXNE57ubebE4hWnb/WCt4PzeUIDE="; Domain=.chaturbate.com; expires=Mon, 03-Oct-2022 17:58:19 GMT; Max-Age=2592000; Path=/
fromaffiliate=1; Domain=.chaturbate.com; Path=/
noads=1; expires=Sat, 03-Sep-2022 23:58:19 GMT; Max-Age=21600; Path=/
stcki="pOtSwZ=0\054FqPd9a=0\0546pduSG=1\054aDBbcK=0\0548UAXRV=0"; expires=Mon, 03-Oct-2022 17:58:19 GMT; Max-Age=2592000; Path=/
sbr=sec:sbr4fac82fe-4058-4eae-a9de-e189af39ad21:1oUXPP:wy74r0zLEpsW0fiM39JE_Q_gHnQ; Domain=.chaturbate.com; expires=Thu, 29-May-2025 17:58:19 GMT; HttpOnly; Max-Age=86313600; Path=/; Secure
__cf_bm=bAxuhzJmW4DDtP4cu439IYsAVW.j_kBY0.7bQvgDsdw-1662227899-0-AdGoCH0E63oycXQS9gzzpvVKLD4S+fBV10oG44mPVR32eus7UVuGKHFHSfwTsUaZEsp5HX2llPtANrK7qANftgw=; path=/; expires=Sat, 03-Sep-22 18:28:19 GMT; domain=.chaturbate.com; HttpOnly; Secure; SameSite=None
strict-transport-security: max-age=31536000; includeSubDomains; preload
server: cloudflare
cf-ray: 74505f71ffbfb506-OSL
X-Firefox-Spdy: h2
a.adtng.com/get/10005363?time=1592491455431&atc=416763&apb=jJFJ_I2jUNaWf4I1DAfL4Of8jXhyKjreLV9Hbkte9_KCjMQBkq7vXx9enlMlrxzMkkXhXkWn4pJ-Du24BY1bQt8DvgFbB0YRJGqO5NHItc_bpQ_gUIDRUi
66.254.114.171200 OK 8.9 kB URL HTTP/2 a.adtng.com/get/10005363?time=1592491455431&atc=416763&apb=jJFJ_I2jUNaWf4I1DAfL4Of8jXhyKjreLV9Hbkte9_KCjMQBkq7vXx9enlMlrxzMkkXhXkWn4pJ-Du24BY1bQt8DvgFbB0YRJGqO5NHItc_bpQ_gUIDRUi
IP 66.254.114.171:0
Hash 00abb6b17252e53211c1a0e7f5e553bb
9d096ce4dc1b8e1cea2d8bd9a5bf05673746d84d
f7f4d7529002b0af5183291cb5d592cbd9d327f788b94546e228002fcb3ecf61
GET /get/10005363?time=1592491455431&atc=416763&apb=jJFJ_I2jUNaWf4I1DAfL4Of8jXhyKjreLV9Hbkte9_KCjMQBkq7vXx9enlMlrxzMkkXhXkWn4pJ-Du24BY1bQt8DvgFbB0YRJGqO5NHItc_bpQ_gUIDRUi HTTP/1.1
Host: a.adtng.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://tsyndicate.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: openresty
date: Sat, 03 Sep 2022 17:58:19 GMT
content-type: text/html
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-headers: Accept,Authorization,Cache-Control,Content-Type,DNT,If-Modified-Since,Keep-Alive,Origin,User-Agent,X-Requested-With
content-encoding: gzip
set-cookie: adtool_guid=Ch5KJmMTlbsgRSj8rEwIAg==; expires=Thu, 31-Dec-37 23:55:55 GMT; path=/; Secure; HTTPOnly; SameSite=None;
RNLBSERVERID=ded6742; path=/; HttpOnly; Secure; SameSite=None
x-request-id: 631395BB-42FE72AB01BB852C-16F73ABE
X-Firefox-Spdy: h2
pxl.tsyndicate.com/api/v1/p/p.gif?p=APeIQFMmDJkycuaI0BGjBgsRYcbQWRjjIZ0zC0XAwJHDhowbNMS04GhDZEgbM1qEEYOjTIsZYsjIoAGDxowwYW6IEfEwTJ0xGcnAiAHDhpkbLs3gkGGjBQ2bMVTWqEGmhZgaN3DYIHMDhhgzT3lCJGNnoY2OMh7CqbOToYwcQ3vCgbMQB8gZD-fAmaiDpo0aMTo-bKOXr1_AOW48HNOGbt-hMXDA6EnGjNm0IsS4cbOQKVwZMWwMdoNRx8cZZ9W2IW22Bo2KIurIYdO5I2AbimPLyIiGDh04c3S8eMEmjBsyaUi7ECMnjB49COe4KUPnzhs5a1yMedPmxY8wdOb0KJNHCZokat7gcaImy4wmRILMSdKmSZonaqrQcEIliZ4mVERRAxNDKFEHeuo5McQdaYyRRxI2PEGFfPRVcZ8aZ9AAXxPzuRHEhUXgYUYUPXBRBwwwMAXeGD3QFENkMJiIoopwiNHDDHoUUUYTWUhRRBRBxBCFGkckMUcLU8Bhhxs5LDFHDErcUAcUyX1xxRtGfJEHHFfAYUULMMCBhR1OhNHCFTSo0QYVSkTxBB0tsEkHDVpMIUMbbAxhx5wZsjGDFjHoocQMSTgpRB5iwMBEHWesQQcOR1gRxgxoNHHFGVqUcUMWWeTwxRlVJEGEFBaKBUcbFD30xqmpikAGdxmF4YIZb4xRxxwHuZAcrWKNAd5CW8wQQxdqyQGUDjC4gCJsXy2UbFwiyGGHYw09VEcdaWSUmBhh5EBDGWa04FqKTsmAwxgjaWpmDDeYMQMZB8FQg1aWPZSGYyLkEIMLcLlAgwwuNESDWHJ8ca-2-_b7b8CuiVVHGBk18YYeabBR3As1KAsCCli8uAMITCRXBx4g4KHVFzbQ8LG0OnSkbAogHFHGGGu88YIMQy07FAhGpCEHuOq94DIMvR4rghNPiHXdF2MYjbRYbBhdhBNiHWTHFz_TxhBWWaEm2WTRnsGZafPmZvUXzNWFw0Nnt_EGGZ1pBRsZcryxEF4ivKGQacWql8dCNDz0s2U6DOQbcMK9ICuttuJahq5u0PqCWHdkFIO5RD-EhuUpDpyXtBnVTQd417VQhxtpwImVC2SMcXnVRh_0ReuvW4QqQzZ4JMNHHK0tAh1t7Ia77rznYJdHlGFdhl5f_Dr87sX7XsbVYbCBUHjAzkADsRCJwZer4PrExkRqRd3qGKde3RwdadiNrAsc5TDVYqVd3ocCAQE%3D&r=1&s=fe37b3ce2b993572e88fa58a0523cc5d73884d718b22f15e0a4fb0f433531f5c1662227898&w=t&ir=900x765
168.119.1.208200 OK 35 B URL HTTP/2 pxl.tsyndicate.com/api/v1/p/p.gif?p=APeIQFMmDJkycuaI0BGjBgsRYcbQWRjjIZ0zC0XAwJHDhowbNMS04GhDZEgbM1qEEYOjTIsZYsjIoAGDxowwYW6IEfEwTJ0xGcnAiAHDhpkbLs3gkGGjBQ2bMVTWqEGmhZgaN3DYIHMDhhgzT3lCJGNnoY2OMh7CqbOToYwcQ3vCgbMQB8gZD-fAmaiDpo0aMTo-bKOXr1_AOW48HNOGbt-hMXDA6EnGjNm0IsS4cbOQKVwZMWwMdoNRx8cZZ9W2IW22Bo2KIurIYdO5I2AbimPLyIiGDh04c3S8eMEmjBsyaUi7ECMnjB49COe4KUPnzhs5a1yMedPmxY8wdOb0KJNHCZokat7gcaImy4wmRILMSdKmSZonaqrQcEIliZ4mVERRAxNDKFEHeuo5McQdaYyRRxI2PEGFfPRVcZ8aZ9AAXxPzuRHEhUXgYUYUPXBRBwwwMAXeGD3QFENkMJiIoopwiNHDDHoUUUYTWUhRRBRBxBCFGkckMUcLU8Bhhxs5LDFHDErcUAcUyX1xxRtGfJEHHFfAYUULMMCBhR1OhNHCFTSo0QYVSkTxBB0tsEkHDVpMIUMbbAxhx5wZsjGDFjHoocQMSTgpRB5iwMBEHWesQQcOR1gRxgxoNHHFGVqUcUMWWeTwxRlVJEGEFBaKBUcbFD30xqmpikAGdxmF4YIZb4xRxxwHuZAcrWKNAd5CW8wQQxdqyQGUDjC4gCJsXy2UbFwiyGGHYw09VEcdaWSUmBhh5EBDGWa04FqKTsmAwxgjaWpmDDeYMQMZB8FQg1aWPZSGYyLkEIMLcLlAgwwuNESDWHJ8ca-2-_b7b8CuiVVHGBk18YYeabBR3As1KAsCCli8uAMITCRXBx4g4KHVFzbQ8LG0OnSkbAogHFHGGGu88YIMQy07FAhGpCEHuOq94DIMvR4rghNPiHXdF2MYjbRYbBhdhBNiHWTHFz_TxhBWWaEm2WTRnsGZafPmZvUXzNWFw0Nnt_EGGZ1pBRsZcryxEF4ivKGQacWql8dCNDz0s2U6DOQbcMK9ICuttuJahq5u0PqCWHdkFIO5RD-EhuUpDpyXtBnVTQd417VQhxtpwImVC2SMcXnVRh_0ReuvW4QqQzZ4JMNHHK0tAh1t7Ia77rznYJdHlGFdhl5f_Dr87sX7XsbVYbCBUHjAzkADsRCJwZer4PrExkRqRd3qGKde3RwdadiNrAsc5TDVYqVd3ocCAQE%3D&r=1&s=fe37b3ce2b993572e88fa58a0523cc5d73884d718b22f15e0a4fb0f433531f5c1662227898&w=t&ir=900x765
IP 168.119.1.208:0
ASN #24940 Hetzner Online GmbH
File type GIF image data, version 89a, 1 x 1\012- data
Hash c2196de8ba412c60c22ab491af7b1409
5fbd472222feb8a22cf5b8aa5dc5b8e13af88e2b
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992
GET /api/v1/p/p.gif?p=APeIQFMmDJkycuaI0BGjBgsRYcbQWRjjIZ0zC0XAwJHDhowbNMS04GhDZEgbM1qEEYOjTIsZYsjIoAGDxowwYW6IEfEwTJ0xGcnAiAHDhpkbLs3gkGGjBQ2bMVTWqEGmhZgaN3DYIHMDhhgzT3lCJGNnoY2OMh7CqbOToYwcQ3vCgbMQB8gZD-fAmaiDpo0aMTo-bKOXr1_AOW48HNOGbt-hMXDA6EnGjNm0IsS4cbOQKVwZMWwMdoNRx8cZZ9W2IW22Bo2KIurIYdO5I2AbimPLyIiGDh04c3S8eMEmjBsyaUi7ECMnjB49COe4KUPnzhs5a1yMedPmxY8wdOb0KJNHCZokat7gcaImy4wmRILMSdKmSZonaqrQcEIliZ4mVERRAxNDKFEHeuo5McQdaYyRRxI2PEGFfPRVcZ8aZ9AAXxPzuRHEhUXgYUYUPXBRBwwwMAXeGD3QFENkMJiIoopwiNHDDHoUUUYTWUhRRBRBxBCFGkckMUcLU8Bhhxs5LDFHDErcUAcUyX1xxRtGfJEHHFfAYUULMMCBhR1OhNHCFTSo0QYVSkTxBB0tsEkHDVpMIUMbbAxhx5wZsjGDFjHoocQMSTgpRB5iwMBEHWesQQcOR1gRxgxoNHHFGVqUcUMWWeTwxRlVJEGEFBaKBUcbFD30xqmpikAGdxmF4YIZb4xRxxwHuZAcrWKNAd5CW8wQQxdqyQGUDjC4gCJsXy2UbFwiyGGHYw09VEcdaWSUmBhh5EBDGWa04FqKTsmAwxgjaWpmDDeYMQMZB8FQg1aWPZSGYyLkEIMLcLlAgwwuNESDWHJ8ca-2-_b7b8CuiVVHGBk18YYeabBR3As1KAsCCli8uAMITCRXBx4g4KHVFzbQ8LG0OnSkbAogHFHGGGu88YIMQy07FAhGpCEHuOq94DIMvR4rghNPiHXdF2MYjbRYbBhdhBNiHWTHFz_TxhBWWaEm2WTRnsGZafPmZvUXzNWFw0Nnt_EGGZ1pBRsZcryxEF4ivKGQacWql8dCNDz0s2U6DOQbcMK9ICuttuJahq5u0PqCWHdkFIO5RD-EhuUpDpyXtBnVTQd417VQhxtpwImVC2SMcXnVRh_0ReuvW4QqQzZ4JMNHHK0tAh1t7Ia77rznYJdHlGFdhl5f_Dr87sX7XsbVYbCBUHjAzkADsRCJwZer4PrExkRqRd3qGKde3RwdadiNrAsc5TDVYqVd3ocCAQE%3D&r=1&s=fe37b3ce2b993572e88fa58a0523cc5d73884d718b22f15e0a4fb0f433531f5c1662227898&w=t&ir=900x765 HTTP/1.1
Host: pxl.tsyndicate.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://a.focusde.info/
Cookie: ts_uid=97ba94ef-5402-428c-8e7a-17f3dde0586f; bfq=APeIECNCxxYZN2zQsDFjRhcWIsYU3BLjoYgyE2PYsCFjRgwaMnLg6NJH
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Sat, 03 Sep 2022 17:58:19 GMT
content-type: text/plain; charset=utf-8
content-length: 35
x-robots-tag: noindex, nofollow
X-Firefox-Spdy: h2
camschat.net/900250/game.php
76.9.16.29200 OK 229 B URL HTTP/2 camschat.net/900250/game.php
IP 76.9.16.29:0
Hash 82370ce4255011f4742b54b79e104114
3472146d72de322be52e747019575d40b82eab4f
de5d89956a4fd715ff48a6cbe43b8fe82d055011a417d801adc22a38ba9279bb
GET /900250/game.php HTTP/1.1
Host: camschat.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://camschat.net/900250/adnium.php
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 03 Sep 2022 17:58:19 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
x-powered-by: PHP/7.4.29
content-encoding: gzip
X-Firefox-Spdy: h2
pxl.tsyndicate.com/api/v1/p/p.gif?p=APeIQFMmDJkycuaI0BGjBgsRYcbQWRjjIZ0zC0XgCDNDDA0bYmy0IDMDh4wWNG7cgNFCTMQaLWDImFHSRhgaY2DYuCHiYZg6YzKSgRFDp5kbZVqYMSmSBo0ZMVqEqVGDTMsaN3DYILNSjBmnPSGSsbPQRg4bMh7CqSOGoowcRH3CgbMQx42nD-fAmaiDhs4aMc4-bKOXr18bgHPceDimDd2-MmPggOGTjJmyaUWIceNmoQyzaGHQGOwGow4ZN2aYVdumdNkaNCqKqCOHjWfFMWTAyPGwjoyMaOjQgTNHx4sXbMK4IZOmtAsxcsLo0YNwjpsydO68kbPGxZg3bV78CENnTo8yeZSgSaLmDR4narLMaEIkyJwkbZqkeaKmCg0nVCShRxNURFEDE0MoUQd77jkxxB1pjJFHEjY8QYV9-FWxnxpn0EBfE_e5EcSGReBhRhQ9cFEHDDLZRMcYPfglg2QwqMjiZ2HAIUYPUcwxRhxn0JHDFGfEcYQVYQgBRxprrFFGDG_MAUUcawDIBgxl6HFEEmvg4caVU9iwRBlBvHHEEWSIocUVWJSBxBRZSDEGUFUgkcYXT7yxRhtp4EBHdF8IEUYYaiQRBQ1RjHEDHEOo8QUOavx3RhVZVGGHHTQUAUcUaNxBhwzlBfHFpEkQIYWGYcHRBkUPvaEqqyKQAV5GYbhgxhtzznGQC83dGtYY5C20BVRdqCVHUDrA4AKLsnm1kLJxiSCHHY811FsdaWSkmEs50FCGGS3AJhNKMuAwRgs4lHFDGC3EcIMZM5BxEAw1aHXZQ2k8JkIOMbgAlws0yOBCQzSEJccX-Wrb778BDwxbWHWEkVETb-iRBhvJvVDDsiCggEUMMewAAhPN1YEHCHho9YUNNIg8rQ5nLZsCCEeUMcYab7ygW1FEEQWCEWnI8a17L8QMw6_IiuDEE2Ft98UYSS8dFhtJF-FEWAfZ8YXQtjGEVVaqTUaZtGd0dlq9i8VahtbQ1YXDQ1l_0cYbZHimlWxkyPHGQjO0qtBpxrqXx0KjSfstcMIRZ9wLtd6a66695hzWHRnlNllYaFQuU8F5TZuR3nSQt10LdbiRBh3h3uACGWPkhnXSB33BuusWrcqQDWjJgBoOObwtAh1t_HZ77rv3foMNfYu1dRl6fRHs8LoX7_vazrOBUHnCzkBDsRCJwZfaZvzExkRqUe0ZY6pqHR0daeydrL9E4VD4GKbl1ocCAQE%3D&r=1&s=eda2e471a7eaf3f23e16bae8fed9b09a1f323083c3488c470311bb232c9b59071662227898&w=t&ir=900x765
168.119.1.208200 OK 35 B URL HTTP/2 pxl.tsyndicate.com/api/v1/p/p.gif?p=APeIQFMmDJkycuaI0BGjBgsRYcbQWRjjIZ0zC0XgCDNDDA0bYmy0IDMDh4wWNG7cgNFCTMQaLWDImFHSRhgaY2DYuCHiYZg6YzKSgRFDp5kbZVqYMSmSBo0ZMVqEqVGDTMsaN3DYILNSjBmnPSGSsbPQRg4bMh7CqSOGoowcRH3CgbMQx42nD-fAmaiDhs4aMc4-bKOXr18bgHPceDimDd2-MmPggOGTjJmyaUWIceNmoQyzaGHQGOwGow4ZN2aYVdumdNkaNCqKqCOHjWfFMWTAyPGwjoyMaOjQgTNHx4sXbMK4IZOmtAsxcsLo0YNwjpsydO68kbPGxZg3bV78CENnTo8yeZSgSaLmDR4narLMaEIkyJwkbZqkeaKmCg0nVCShRxNURFEDE0MoUQd77jkxxB1pjJFHEjY8QYV9-FWxnxpn0EBfE_e5EcSGReBhRhQ9cFEHDDLZRMcYPfglg2QwqMjiZ2HAIUYPUcwxRhxn0JHDFGfEcYQVYQgBRxprrFFGDG_MAUUcawDIBgxl6HFEEmvg4caVU9iwRBlBvHHEEWSIocUVWJSBxBRZSDEGUFUgkcYXT7yxRhtp4EBHdF8IEUYYaiQRBQ1RjHEDHEOo8QUOavx3RhVZVGGHHTQUAUcUaNxBhwzlBfHFpEkQIYWGYcHRBkUPvaEqqyKQAV5GYbhgxhtzznGQC83dGtYY5C20BVRdqCVHUDrA4AKLsnm1kLJxiSCHHY811FsdaWSkmEs50FCGGS3AJhNKMuAwRgs4lHFDGC3EcIMZM5BxEAw1aHXZQ2k8JkIOMbgAlws0yOBCQzSEJccX-Wrb778BDwxbWHWEkVETb-iRBhvJvVDDsiCggEUMMewAAhPN1YEHCHho9YUNNIg8rQ5nLZsCCEeUMcYab7ygW1FEEQWCEWnI8a17L8QMw6_IiuDEE2Ft98UYSS8dFhtJF-FEWAfZ8YXQtjGEVVaqTUaZtGd0dlq9i8VahtbQ1YXDQ1l_0cYbZHimlWxkyPHGQjO0qtBpxrqXx0KjSfstcMIRZ9wLtd6a66695hzWHRnlNllYaFQuU8F5TZuR3nSQt10LdbiRBh3h3uACGWPkhnXSB33BuusWrcqQDWjJgBoOObwtAh1t_HZ77rv3foMNfYu1dRl6fRHs8LoX7_vazrOBUHnCzkBDsRCJwZfaZvzExkRqUe0ZY6pqHR0daeydrL9E4VD4GKbl1ocCAQE%3D&r=1&s=eda2e471a7eaf3f23e16bae8fed9b09a1f323083c3488c470311bb232c9b59071662227898&w=t&ir=900x765
IP 168.119.1.208:0
ASN #24940 Hetzner Online GmbH
File type GIF image data, version 89a, 1 x 1\012- data
Hash c2196de8ba412c60c22ab491af7b1409
5fbd472222feb8a22cf5b8aa5dc5b8e13af88e2b
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992
GET /api/v1/p/p.gif?p=APeIQFMmDJkycuaI0BGjBgsRYcbQWRjjIZ0zC0XgCDNDDA0bYmy0IDMDh4wWNG7cgNFCTMQaLWDImFHSRhgaY2DYuCHiYZg6YzKSgRFDp5kbZVqYMSmSBo0ZMVqEqVGDTMsaN3DYILNSjBmnPSGSsbPQRg4bMh7CqSOGoowcRH3CgbMQx42nD-fAmaiDhs4aMc4-bKOXr18bgHPceDimDd2-MmPggOGTjJmyaUWIceNmoQyzaGHQGOwGow4ZN2aYVdumdNkaNCqKqCOHjWfFMWTAyPGwjoyMaOjQgTNHx4sXbMK4IZOmtAsxcsLo0YNwjpsydO68kbPGxZg3bV78CENnTo8yeZSgSaLmDR4narLMaEIkyJwkbZqkeaKmCg0nVCShRxNURFEDE0MoUQd77jkxxB1pjJFHEjY8QYV9-FWxnxpn0EBfE_e5EcSGReBhRhQ9cFEHDDLZRMcYPfglg2QwqMjiZ2HAIUYPUcwxRhxn0JHDFGfEcYQVYQgBRxprrFFGDG_MAUUcawDIBgxl6HFEEmvg4caVU9iwRBlBvHHEEWSIocUVWJSBxBRZSDEGUFUgkcYXT7yxRhtp4EBHdF8IEUYYaiQRBQ1RjHEDHEOo8QUOavx3RhVZVGGHHTQUAUcUaNxBhwzlBfHFpEkQIYWGYcHRBkUPvaEqqyKQAV5GYbhgxhtzznGQC83dGtYY5C20BVRdqCVHUDrA4AKLsnm1kLJxiSCHHY811FsdaWSkmEs50FCGGS3AJhNKMuAwRgs4lHFDGC3EcIMZM5BxEAw1aHXZQ2k8JkIOMbgAlws0yOBCQzSEJccX-Wrb778BDwxbWHWEkVETb-iRBhvJvVDDsiCggEUMMewAAhPN1YEHCHho9YUNNIg8rQ5nLZsCCEeUMcYab7ygW1FEEQWCEWnI8a17L8QMw6_IiuDEE2Ft98UYSS8dFhtJF-FEWAfZ8YXQtjGEVVaqTUaZtGd0dlq9i8VahtbQ1YXDQ1l_0cYbZHimlWxkyPHGQjO0qtBpxrqXx0KjSfstcMIRZ9wLtd6a66695hzWHRnlNllYaFQuU8F5TZuR3nSQt10LdbiRBh3h3uACGWPkhnXSB33BuusWrcqQDWjJgBoOObwtAh1t_HZ77rv3foMNfYu1dRl6fRHs8LoX7_vazrOBUHnCzkBDsRCJwZfaZvzExkRqUe0ZY6pqHR0daeydrL9E4VD4GKbl1ocCAQE%3D&r=1&s=eda2e471a7eaf3f23e16bae8fed9b09a1f323083c3488c470311bb232c9b59071662227898&w=t&ir=900x765 HTTP/1.1
Host: pxl.tsyndicate.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://a.focusde.info/
Cookie: ts_uid=97ba94ef-5402-428c-8e7a-17f3dde0586f; bfq=APeIECNCxxYZN2zQsDFjRhcWIsYU3BLjoYgyE2PYsCFjRgwaMnLg6NJH
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Sat, 03 Sep 2022 17:58:19 GMT
content-type: text/plain; charset=utf-8
content-length: 35
x-robots-tag: noindex, nofollow
X-Firefox-Spdy: h2
pxl.tsyndicate.com/api/v1/p/p.gif?p=APeIQFMmDJkycuaI0BGjBgsRYcbQWRjjIZ0zC0WMyREGxo0cNsK0sBFjDI0WNMSQudFCTI6DLWSUsTEGxhgyNWDMEDNGxMMwdXrqEEEGRgwYNszcKNPCDA4ZNlDSmBGjRZgaNci0rHEDh42VMMSYoUHDJ0QydhbaACnjIZw6YijKyGH0Jxw4C3HcmPpwDpyJOmggrRED5MM2fgELtkE4x42HY9rgDWw0RtefZMyobStCjBs3C6HSlRFjxmE3GHXIuDFjrds2qNXWoFFRRB05bEKDJGyDxsM6MjKioUMHzhwdL16wCeOGTBrULsTICaNHD8I5bsrQufNGzhoXY960efEjDJ05PcrkUYImiZo3eJyoyTKjCZEgc5K0aZLmiZoqNDhBRRJ6NEFFFDUwMYQSdbgHnxND3JHGGHkkYcMTVOCnXxX9qXEGDfY1kZ8bQXRYBB5mRNEDF3XAAANU5o3Rg2AxWIYDiy7CCIcYPdTQwnNEzJFFEXAY4UYebsBQhhNtIKFGDmOYUYMUZOBBlhAzrOGEFEPkEcUTUziBxRpxWJHEDEjdIAMWbLTh4xc0pPHFGjDQkYMRZhxRJw1FxsAGDlkq0cQSWIjRhBNfIEGEFVm8UUYaelRxxxlamPQFHEQgkcMVZdTxhRR6fHFGFUkQIQWHZsHRBkUPvaEqq0SJl1EYLpjxxhh1zHGQC8_ZatYY5i20BVVduCWHUDC44GJtYi2UbF0iyGHHZA39VkcaGTkmRhg50FCGGS3M9iJKMuAwRgs4lHGDSJaZMQMZB8FQg1eaPZTGZCLkEIMLdLlAgwwuNFTWQ3J8cW-2-_b7b8CzmVVHGBk18YYeabCx3As1KAsCCljUuAMITDxXBx4g4OHVF719LK0OICmbAghHlDHGGm-8IINRyxoFghFpyPEtfC-0DMOvQongxBNmdffFGEUfbRYbRRfhhFkH2fGFz7kxxFVXreHgIsFngKbavI8RVYbV0uWFw0NVf9HGG2SE5lVtZMjxxkKmifCGQqoZC18eC_kW7bfCEWccci_QaiuuupbBqxu2vmDWHRnFUO7QD6FR-YsDizCHtBnZTYd53bVQhxtp0BHuDS6QMYblVBd90Beuw27RqgzZYIMMvHeVw9oi0NFGcLnv3jsOv9-wO2ZXl-HXF8EWz_tqyAN_NvRsIHSesDPQUCxEYgBmthlAsTGRW1A7C5mqVk9HRxp365As8l0JPkZqlvehQEA%3D&r=1&s=9cc987e5fca848993eb72da87055784ee317e7d23fede70755d4a88c330eddf81662227898&w=t&ir=900x765
168.119.1.208200 OK 35 B URL HTTP/2 pxl.tsyndicate.com/api/v1/p/p.gif?p=APeIQFMmDJkycuaI0BGjBgsRYcbQWRjjIZ0zC0WMyREGxo0cNsK0sBFjDI0WNMSQudFCTI6DLWSUsTEGxhgyNWDMEDNGxMMwdXrqEEEGRgwYNszcKNPCDA4ZNlDSmBGjRZgaNci0rHEDh42VMMSYoUHDJ0QydhbaACnjIZw6YijKyGH0Jxw4C3HcmPpwDpyJOmggrRED5MM2fgELtkE4x42HY9rgDWw0RtefZMyobStCjBs3C6HSlRFjxmE3GHXIuDFjrds2qNXWoFFRRB05bEKDJGyDxsM6MjKioUMHzhwdL16wCeOGTBrULsTICaNHD8I5bsrQufNGzhoXY960efEjDJ05PcrkUYImiZo3eJyoyTKjCZEgc5K0aZLmiZoqNDhBRRJ6NEFFFDUwMYQSdbgHnxND3JHGGHkkYcMTVOCnXxX9qXEGDfY1kZ8bQXRYBB5mRNEDF3XAAANU5o3Rg2AxWIYDiy7CCIcYPdTQwnNEzJFFEXAY4UYebsBQhhNtIKFGDmOYUYMUZOBBlhAzrOGEFEPkEcUTUziBxRpxWJHEDEjdIAMWbLTh4xc0pPHFGjDQkYMRZhxRJw1FxsAGDlkq0cQSWIjRhBNfIEGEFVm8UUYaelRxxxlamPQFHEQgkcMVZdTxhRR6fHFGFUkQIQWHZsHRBkUPvaEqq0SJl1EYLpjxxhh1zHGQC8_ZatYY5i20BVVduCWHUDC44GJtYi2UbF0iyGHHZA39VkcaGTkmRhg50FCGGS3M9iJKMuAwRgs4lHGDSJaZMQMZB8FQg1eaPZTGZCLkEIMLdLlAgwwuNFTWQ3J8cW-2-_b7b8CzmVVHGBk18YYeabCx3As1KAsCCljUuAMITDxXBx4g4OHVF719LK0OICmbAghHlDHGGm-8IINRyxoFghFpyPEtfC-0DMOvQongxBNmdffFGEUfbRYbRRfhhFkH2fGFz7kxxFVXreHgIsFngKbavI8RVYbV0uWFw0NVf9HGG2SE5lVtZMjxxkKmifCGQqoZC18eC_kW7bfCEWccci_QaiuuupbBqxu2vmDWHRnFUO7QD6FR-YsDizCHtBnZTYd53bVQhxtp0BHuDS6QMYblVBd90Beuw27RqgzZYIMMvHeVw9oi0NFGcLnv3jsOv9-wO2ZXl-HXF8EWz_tqyAN_NvRsIHSesDPQUCxEYgBmthlAsTGRW1A7C5mqVk9HRxp365As8l0JPkZqlvehQEA%3D&r=1&s=9cc987e5fca848993eb72da87055784ee317e7d23fede70755d4a88c330eddf81662227898&w=t&ir=900x765
IP 168.119.1.208:0
ASN #24940 Hetzner Online GmbH
File type GIF image data, version 89a, 1 x 1\012- data
Hash c2196de8ba412c60c22ab491af7b1409
5fbd472222feb8a22cf5b8aa5dc5b8e13af88e2b
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992
GET /api/v1/p/p.gif?p=APeIQFMmDJkycuaI0BGjBgsRYcbQWRjjIZ0zC0WMyREGxo0cNsK0sBFjDI0WNMSQudFCTI6DLWSUsTEGxhgyNWDMEDNGxMMwdXrqEEEGRgwYNszcKNPCDA4ZNlDSmBGjRZgaNci0rHEDh42VMMSYoUHDJ0QydhbaACnjIZw6YijKyGH0Jxw4C3HcmPpwDpyJOmggrRED5MM2fgELtkE4x42HY9rgDWw0RtefZMyobStCjBs3C6HSlRFjxmE3GHXIuDFjrds2qNXWoFFRRB05bEKDJGyDxsM6MjKioUMHzhwdL16wCeOGTBrULsTICaNHD8I5bsrQufNGzhoXY960efEjDJ05PcrkUYImiZo3eJyoyTKjCZEgc5K0aZLmiZoqNDhBRRJ6NEFFFDUwMYQSdbgHnxND3JHGGHkkYcMTVOCnXxX9qXEGDfY1kZ8bQXRYBB5mRNEDF3XAAANU5o3Rg2AxWIYDiy7CCIcYPdTQwnNEzJFFEXAY4UYebsBQhhNtIKFGDmOYUYMUZOBBlhAzrOGEFEPkEcUTUziBxRpxWJHEDEjdIAMWbLTh4xc0pPHFGjDQkYMRZhxRJw1FxsAGDlkq0cQSWIjRhBNfIEGEFVm8UUYaelRxxxlamPQFHEQgkcMVZdTxhRR6fHFGFUkQIQWHZsHRBkUPvaEqq0SJl1EYLpjxxhh1zHGQC8_ZatYY5i20BVVduCWHUDC44GJtYi2UbF0iyGHHZA39VkcaGTkmRhg50FCGGS3M9iJKMuAwRgs4lHGDSJaZMQMZB8FQg1eaPZTGZCLkEIMLdLlAgwwuNFTWQ3J8cW-2-_b7b8CzmVVHGBk18YYeabCx3As1KAsCCljUuAMITDxXBx4g4OHVF719LK0OICmbAghHlDHGGm-8IINRyxoFghFpyPEtfC-0DMOvQongxBNmdffFGEUfbRYbRRfhhFkH2fGFz7kxxFVXreHgIsFngKbavI8RVYbV0uWFw0NVf9HGG2SE5lVtZMjxxkKmifCGQqoZC18eC_kW7bfCEWccci_QaiuuupbBqxu2vmDWHRnFUO7QD6FR-YsDizCHtBnZTYd53bVQhxtp0BHuDS6QMYblVBd90Beuw27RqgzZYIMMvHeVw9oi0NFGcLnv3jsOv9-wO2ZXl-HXF8EWz_tqyAN_NvRsIHSesDPQUCxEYgBmthlAsTGRW1A7C5mqVk9HRxp365As8l0JPkZqlvehQEA%3D&r=1&s=9cc987e5fca848993eb72da87055784ee317e7d23fede70755d4a88c330eddf81662227898&w=t&ir=900x765 HTTP/1.1
Host: pxl.tsyndicate.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://a.focusde.info/
Cookie: ts_uid=97ba94ef-5402-428c-8e7a-17f3dde0586f; bfq=APeIECNCxxYZN2zQsDFjRhcWIsYU3BLjoYgyE2PYsCFjRgwaMnLg6NJH
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Sat, 03 Sep 2022 17:58:19 GMT
content-type: text/plain; charset=utf-8
content-length: 35
x-robots-tag: noindex, nofollow
X-Firefox-Spdy: h2
pxl.tsyndicate.com/api/v1/p/p.js?p=APeIQFMmDJkycuaI0BGjBgsRYcbQWRjjIZ0zCyHCEFOGTEQzLcTUGDOjBQ0bZUDigBHDRosZMMzUyBEDx5gxZjyKeBimzpiMOGTcEENmxpgwLWQQdUlDxgykRHPIaFEjTE0YYcRkJUNjxk6IZOwstJHDhoyHcOqIWTgDh40aMHjCgcOWBo4bcUXMgTNRB42GM2aQfTimDV2_LW_YmMGTjBmKD8W4cbNQqI2TgR-2cYNRh1DBOdBu7vz278M6MTKioUMHzhwdL16EcWGQDmcXY960eXGmDJ0XMWAIryF4xg86adqU6dFQKg2aNGrU6BqDSx3hMmyEoTOmx18bimdYx64djpgeV2iEgXKHzBk6N244ifLlzpklV-TUiJOlyRsYaghxxQ1hoLHGDEwYMQMROVjRwht26FHHEmzMQcUTcdjhBg5xTBHHHUukwUQMOURBhBBIBJEEES3MMUcRT7wxgxVIBAjFFFrAwIQUTiyxRhYwlLiGE0K8qEcUehyBxRlmVCEDEThYEcQXZ1SxohRVpPEVHG1AJsIbXHpJhm4ZKUdGGrOFMccbMbjghm9fHdXXFjPE0AVacvykAwwuCFeRCGI8tmefMDgkwhhcfgFHngvxKRxLMODwkBx2HAbXQ2Ug2uWgj8rQ0ml1aKmDCDg8VYYNZIwUklY3mCSDVS2EYYYYY7yUw0meZudYGTR8lcZhItDkQg58NuVCQ71O-sWvGQlLrAvGIvtVHWFk5J8eabDBRhgv1NAnCChgEUMMO4DARBpu1IEHCHi49cVl5VKqQ1l9pgDCEZmu8cYLMkAKaQwgGJGGHCm9gccL9MIQp54iOPHEV2_I8cVNGTn8FRsMF-HEVwfZ8QXBbFBUQ3yl2rBSXnKcQZlnNdz1UMdfiCHHQjhIKgLMbbxBRmVu_UmGHG-w9dAbCnmGp8F5LETDpCmpxpprsL1gJpq0rdnmm799NQelGQFNx3YRt1CHG2nQYZK3ZIwRgwwcM3zQF2mv_RUdm7ZklgxC4ZCDzXSzzZANd-e9N143NPZxGXt9sR1FgOMtuM1leBwGGwjRUTSdNNwJkRh93ZxST2xMhBbGjRLWGQx9KBAQ&s=43d17f177f739af52481b7365efe4e50c50bc692f076fdf506ae246ddf225f191662227898&w=t&r=1&d=458&priv=false
168.119.1.208200 OK 24 B URL HTTP/2 pxl.tsyndicate.com/api/v1/p/p.js?p=APeIQFMmDJkycuaI0BGjBgsRYcbQWRjjIZ0zCyHCEFOGTEQzLcTUGDOjBQ0bZUDigBHDRosZMMzUyBEDx5gxZjyKeBimzpiMOGTcEENmxpgwLWQQdUlDxgykRHPIaFEjTE0YYcRkJUNjxk6IZOwstJHDhoyHcOqIWTgDh40aMHjCgcOWBo4bcUXMgTNRB42GM2aQfTimDV2_LW_YmMGTjBmKD8W4cbNQqI2TgR-2cYNRh1DBOdBu7vz278M6MTKioUMHzhwdL16EcWGQDmcXY960eXGmDJ0XMWAIryF4xg86adqU6dFQKg2aNGrU6BqDSx3hMmyEoTOmx18bimdYx64djpgeV2iEgXKHzBk6N244ifLlzpklV-TUiJOlyRsYaghxxQ1hoLHGDEwYMQMROVjRwht26FHHEmzMQcUTcdjhBg5xTBHHHUukwUQMOURBhBBIBJEEES3MMUcRT7wxgxVIBAjFFFrAwIQUTiyxRhYwlLiGE0K8qEcUehyBxRlmVCEDEThYEcQXZ1SxohRVpPEVHG1AJsIbXHpJhm4ZKUdGGrOFMccbMbjghm9fHdXXFjPE0AVacvykAwwuCFeRCGI8tmefMDgkwhhcfgFHngvxKRxLMODwkBx2HAbXQ2Ug2uWgj8rQ0ml1aKmDCDg8VYYNZIwUklY3mCSDVS2EYYYYY7yUw0meZudYGTR8lcZhItDkQg58NuVCQ71O-sWvGQlLrAvGIvtVHWFk5J8eabDBRhgv1NAnCChgEUMMO4DARBpu1IEHCHi49cVl5VKqQ1l9pgDCEZmu8cYLMkAKaQwgGJGGHCm9gccL9MIQp54iOPHEV2_I8cVNGTn8FRsMF-HEVwfZ8QXBbFBUQ3yl2rBSXnKcQZlnNdz1UMdfiCHHQjhIKgLMbbxBRmVu_UmGHG-w9dAbCnmGp8F5LETDpCmpxpprsL1gJpq0rdnmm799NQelGQFNx3YRt1CHG2nQYZK3ZIwRgwwcM3zQF2mv_RUdm7ZklgxC4ZCDzXSzzZANd-e9N143NPZxGXt9sR1FgOMtuM1leBwGGwjRUTSdNNwJkRh93ZxST2xMhBbGjRLWGQx9KBAQ&s=43d17f177f739af52481b7365efe4e50c50bc692f076fdf506ae246ddf225f191662227898&w=t&r=1&d=458&priv=false
IP 168.119.1.208:0
ASN #24940 Hetzner Online GmbH
File type ASCII text, with no line terminators
Hash 0959ba36d476b6dc1994ba3c678b07c4
d30b94da72daa02766965206a85b7e0356375f5e
897410b87e27e3dfba3a7d6caab315a5e69cc941bb96d91fc74878a9b051843a
GET /api/v1/p/p.js?p=APeIQFMmDJkycuaI0BGjBgsRYcbQWRjjIZ0zCyHCEFOGTEQzLcTUGDOjBQ0bZUDigBHDRosZMMzUyBEDx5gxZjyKeBimzpiMOGTcEENmxpgwLWQQdUlDxgykRHPIaFEjTE0YYcRkJUNjxk6IZOwstJHDhoyHcOqIWTgDh40aMHjCgcOWBo4bcUXMgTNRB42GM2aQfTimDV2_LW_YmMGTjBmKD8W4cbNQqI2TgR-2cYNRh1DBOdBu7vz278M6MTKioUMHzhwdL16EcWGQDmcXY960eXGmDJ0XMWAIryF4xg86adqU6dFQKg2aNGrU6BqDSx3hMmyEoTOmx18bimdYx64djpgeV2iEgXKHzBk6N244ifLlzpklV-TUiJOlyRsYaghxxQ1hoLHGDEwYMQMROVjRwht26FHHEmzMQcUTcdjhBg5xTBHHHUukwUQMOURBhBBIBJEEES3MMUcRT7wxgxVIBAjFFFrAwIQUTiyxRhYwlLiGE0K8qEcUehyBxRlmVCEDEThYEcQXZ1SxohRVpPEVHG1AJsIbXHpJhm4ZKUdGGrOFMccbMbjghm9fHdXXFjPE0AVacvykAwwuCFeRCGI8tmefMDgkwhhcfgFHngvxKRxLMODwkBx2HAbXQ2Ug2uWgj8rQ0ml1aKmDCDg8VYYNZIwUklY3mCSDVS2EYYYYY7yUw0meZudYGTR8lcZhItDkQg58NuVCQ71O-sWvGQlLrAvGIvtVHWFk5J8eabDBRhgv1NAnCChgEUMMO4DARBpu1IEHCHi49cVl5VKqQ1l9pgDCEZmu8cYLMkAKaQwgGJGGHCm9gccL9MIQp54iOPHEV2_I8cVNGTn8FRsMF-HEVwfZ8QXBbFBUQ3yl2rBSXnKcQZlnNdz1UMdfiCHHQjhIKgLMbbxBRmVu_UmGHG-w9dAbCnmGp8F5LETDpCmpxpprsL1gJpq0rdnmm799NQelGQFNx3YRt1CHG2nQYZK3ZIwRgwwcM3zQF2mv_RUdm7ZklgxC4ZCDzXSzzZANd-e9N143NPZxGXt9sR1FgOMtuM1leBwGGwjRUTSdNNwJkRh93ZxST2xMhBbGjRLWGQx9KBAQ&s=43d17f177f739af52481b7365efe4e50c50bc692f076fdf506ae246ddf225f191662227898&w=t&r=1&d=458&priv=false HTTP/1.1
Host: pxl.tsyndicate.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://tsyndicate.com/
Cookie: ts_uid=97ba94ef-5402-428c-8e7a-17f3dde0586f; bfq=APeIECNCxxYZN2zQsDFjRhcWIsYU3BLjoYgyE2PYsCFjRgwaMnLg6NJH
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 03 Sep 2022 17:58:19 GMT
content-type: text/plain; charset=utf-8
content-length: 24
x-robots-tag: noindex, nofollow
X-Firefox-Spdy: h2
lcdn.tsyndicate.com/images/6/6/cd907de984d192a8134a0c8b26c46cf524c97d/main.webp
8.248.225.238200 OK 9.1 kB URL HTTP/2 lcdn.tsyndicate.com/images/6/6/cd907de984d192a8134a0c8b26c46cf524c97d/main.webp
IP 8.248.225.238:0
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 300x250, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash fe64252f32515abe32da414586b81a96
3e11e507ab78c143b73838bd1bdde5d18852e185
5ff119a0be5692413ab4c285bbf79206669a019891cbaf9132e742845c1df9af
GET /images/6/6/cd907de984d192a8134a0c8b26c46cf524c97d/main.webp HTTP/1.1
Host: lcdn.tsyndicate.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://a.focusde.info/
Cookie: ts_uid=97ba94ef-5402-428c-8e7a-17f3dde0586f; bfq=APeIECNCxxYZN2zQsDFjRhcWIsYU3BLjoYgyE2PYsCFjRgwaMnLg6NJH
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 03 Sep 2022 17:58:19 GMT
content-type: image/webp
content-length: 9141
last-modified: Fri, 21 Jan 2022 04:19:33 GMT
server: nginx
x-robots-tag: noindex, nofollow
content-encoding: gzip
vary: Accept-Encoding
etag: W/"61ea3455-239e"
age: 19471948
accept-ranges: bytes
X-Firefox-Spdy: h2
cdn.tsyndicate.com/sdk/v1/video.instant.message.css
8.248.225.238200 OK 4.7 kB URL HTTP/2 cdn.tsyndicate.com/sdk/v1/video.instant.message.css
IP 8.248.225.238:0
File type ASCII text, with very long lines (4667), with no line terminators
Hash 9fba1a3e7202a1124dec5d68f4f07bd1
6d880383c56bbe8244e98f135c7e8ef76e65ebfb
857634cc0df9324a79abf3ae0dc675507c22f020260e3c6ba8b2f2d04c1d24ec
GET /sdk/v1/video.instant.message.css HTTP/1.1
Host: cdn.tsyndicate.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://media.aso1.net/
Cookie: ts_uid=97ba94ef-5402-428c-8e7a-17f3dde0586f; bfq=APeIECNCxxYZN2zQsDFjRhcWIsYU3BLjoYgyE2PYsCFjRgwaMnLg6NJH
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sat, 03 Sep 2022 17:58:19 GMT
content-type: text/css
content-length: 4667
etag: "62d93607-123b"
last-modified: Thu, 21 Jul 2022 11:18:31 GMT
server: nginx
x-robots-tag: noindex, nofollow
age: 3824518
accept-ranges: bytes
X-Firefox-Spdy: h2
in16.zog.link/in/show/?__OS_FAMILY__=%7B%7B%20__OS_FAMILY__%20%7D%7D&__OS_TYPE__=%7B%7B%20__OS_TYPE__%20%7D%7D&__GEOIP_COUNTRY_SHORT__=%7B%7B%20__GEOIP_COUNTRY_SHORT__%20%7D%7D&__IP2L_MOBILE__=%7B%7B%20__IP2L_MOBILE__%20%7D%7D&__BROWSER_FAMILY__=%7B%7B%20__BROWSER_FAMILY__%20%7D%7D&OS_FAMILY=%5BOS_FAMILY%5D&OS_TYPE=%5BOS_TYPE%5D&COUNTRY_ISO_CODE=%5BCOUNTRY_ISO_CODE%5D&MOBILE_BRAND=%5BMOBILE_BRAND%5D&BROWSER_FAMILY=%5BBROWSER_FAMILY%5D&DOMAIN=a.focusde.info&PRICE=0.0050&PRICING_MODEL=%5BPRICING_MODEL%5D&CAMPAIGN_ID=6435&CLICK_ID=03978282-6e28-4e66-aee3-d75ddfc387f1&id_zone=%5Bidzone%5D&site=%7B%7B%20site%20%7D%7D&out_name=37319%7C4317%7Ccpm%7C0.0048%7C%24%200.0050&campaign_id=37319&price=0.0050&bidding_price=0.0048&pricebox_price=0.0200&pricing_model=cpm&click_id=03978282-6e28-4e66-aee3-d75ddfc387f1&priority=%5BPRIORITY%5D&ad_sub=173501021&utm1=tcb&utm2=878669509-100&utm3=249-6435-14933&utm4=0-10346131-0&banner_id=4190&banner_creative_id=8920
109.206.181.2200 OK 2 B URL HTTP/2 in16.zog.link/in/show/?__OS_FAMILY__=%7B%7B%20__OS_FAMILY__%20%7D%7D&__OS_TYPE__=%7B%7B%20__OS_TYPE__%20%7D%7D&__GEOIP_COUNTRY_SHORT__=%7B%7B%20__GEOIP_COUNTRY_SHORT__%20%7D%7D&__IP2L_MOBILE__=%7B%7B%20__IP2L_MOBILE__%20%7D%7D&__BROWSER_FAMILY__=%7B%7B%20__BROWSER_FAMILY__%20%7D%7D&OS_FAMILY=%5BOS_FAMILY%5D&OS_TYPE=%5BOS_TYPE%5D&COUNTRY_ISO_CODE=%5BCOUNTRY_ISO_CODE%5D&MOBILE_BRAND=%5BMOBILE_BRAND%5D&BROWSER_FAMILY=%5BBROWSER_FAMILY%5D&DOMAIN=a.focusde.info&PRICE=0.0050&PRICING_MODEL=%5BPRICING_MODEL%5D&CAMPAIGN_ID=6435&CLICK_ID=03978282-6e28-4e66-aee3-d75ddfc387f1&id_zone=%5Bidzone%5D&site=%7B%7B%20site%20%7D%7D&out_name=37319%7C4317%7Ccpm%7C0.0048%7C%24%200.0050&campaign_id=37319&price=0.0050&bidding_price=0.0048&pricebox_price=0.0200&pricing_model=cpm&click_id=03978282-6e28-4e66-aee3-d75ddfc387f1&priority=%5BPRIORITY%5D&ad_sub=173501021&utm1=tcb&utm2=878669509-100&utm3=249-6435-14933&utm4=0-10346131-0&banner_id=4190&banner_creative_id=8920
IP 109.206.181.2:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 99914b932bd37a50b983c5e7c90ae93b
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
GET /in/show/?__OS_FAMILY__=%7B%7B%20__OS_FAMILY__%20%7D%7D&__OS_TYPE__=%7B%7B%20__OS_TYPE__%20%7D%7D&__GEOIP_COUNTRY_SHORT__=%7B%7B%20__GEOIP_COUNTRY_SHORT__%20%7D%7D&__IP2L_MOBILE__=%7B%7B%20__IP2L_MOBILE__%20%7D%7D&__BROWSER_FAMILY__=%7B%7B%20__BROWSER_FAMILY__%20%7D%7D&OS_FAMILY=%5BOS_FAMILY%5D&OS_TYPE=%5BOS_TYPE%5D&COUNTRY_ISO_CODE=%5BCOUNTRY_ISO_CODE%5D&MOBILE_BRAND=%5BMOBILE_BRAND%5D&BROWSER_FAMILY=%5BBROWSER_FAMILY%5D&DOMAIN=a.focusde.info&PRICE=0.0050&PRICING_MODEL=%5BPRICING_MODEL%5D&CAMPAIGN_ID=6435&CLICK_ID=03978282-6e28-4e66-aee3-d75ddfc387f1&id_zone=%5Bidzone%5D&site=%7B%7B%20site%20%7D%7D&out_name=37319%7C4317%7Ccpm%7C0.0048%7C%24%200.0050&campaign_id=37319&price=0.0050&bidding_price=0.0048&pricebox_price=0.0200&pricing_model=cpm&click_id=03978282-6e28-4e66-aee3-d75ddfc387f1&priority=%5BPRIORITY%5D&ad_sub=173501021&utm1=tcb&utm2=878669509-100&utm3=249-6435-14933&utm4=0-10346131-0&banner_id=4190&banner_creative_id=8920 HTTP/1.1
Host: in16.zog.link
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://12112336.pix-cdn.org
Connection: keep-alive
Referer: https://12112336.pix-cdn.org/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx/1.20.1
date: Sat, 03 Sep 2022 17:58:20 GMT
content-type: application/json
content-length: 2
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
access-control-allow-origin: https://12112336.pix-cdn.org
set-cookie: 770.0=1; expires=Sun, 04 Sep 2022 17:58:19 GMT; path=/; secure; SameSite=None
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 4e04691d51ec7c3d9fe32f6f8d8225bc
a04c688b44d4325a78e157fb7944311b20d558b3
6ceda78e6d1c40c39f3b6652a4eea01639b2deaf218de69016e407ce981c40f2
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "6CEDA78E6D1C40C39F3B6652A4EEA01639B2DEAF218DE69016E407CE981C40F2"
Last-Modified: Thu, 01 Sep 2022 10:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5954
Expires: Sat, 03 Sep 2022 19:37:33 GMT
Date: Sat, 03 Sep 2022 17:58:19 GMT
Connection: keep-alive
static-assets.highwebmedia.com/CACHE/css/output.b58b81ee448a.css
104.16.93.42200 OK 47 kB URL HTTP/2 static-assets.highwebmedia.com/CACHE/css/output.b58b81ee448a.css
IP 104.16.93.42:0
File type ASCII text, with very long lines (52962), with no line terminators
Hash 75ad62347533b84629343967d89896d8
e76e261fda8c10865f5f790138162131c750d111
8a9631e44251ec262347f6429b188871c34098ef5fa147af62aaefc7e3c4cc1a
GET /CACHE/css/output.b58b81ee448a.css HTTP/1.1
Host: static-assets.highwebmedia.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://chaturbate.com/
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 03 Sep 2022 17:58:19 GMT
content-type: text/css
cache-control: public, max-age=2592000
cf-bgj: minify
cf-polished: origSize=63822
etag: W/"c3fdd95cae57f9313b0d3ed8cf554d51"
last-modified: Thu, 01 Sep 2022 23:26:03 GMT
x-amz-id-2: fr1yko4z/v9+BX/DSjFkdytjkSfujKRNWb+420tBUkb0Vn/Wi8s6tkBg/7ga1SzX/q5eTCKepOgq6wLIfbHmoA==
x-amz-meta-s3cmd-attrs: md5:c3fdd95cae57f9313b0d3ed8cf554d51
x-amz-request-id: WQ99MTD0E25C2VMF
cf-cache-status: HIT
age: 152980
expires: Mon, 03 Oct 2022 17:58:19 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=2tb6bCd9SAJa5YGDsDe%2Bddtcg0yePfdzL%2BrsNjpNkIXiebf4ktocgO2PMA4nQqLDv9TaE%2FLajUId8j4e1MEYA9GAmAqKIFwapBKIDLSLgqv9G0P9Gp7dzPBPo1xUSOfQZkWqRZv0KVEBZgUQMiEwmw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
set-cookie: _cfuvid=xdo1bcIdQUIIuS6xtoroQSbr10XFNyC_nuWvhajmBME-1662227899737-0-604800000; path=/; domain=.highwebmedia.com; HttpOnly; Secure; SameSite=None
server: cloudflare
cf-ray: 74505f753fa3b518-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
chaturbate.com/tours/3/?tour=x1Rd&campaign=taOsB&c=1&p=0&gender=f&disable_sound=0
104.18.100.40200 OK 46 kB URL HTTP/2 chaturbate.com/tours/3/?tour=x1Rd&campaign=taOsB&c=1&p=0&gender=f&disable_sound=0
IP 104.18.100.40:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (31162)
Hash 74f54866253e68ed405caf064d43f9f8
dc2785b85a0080ff1acf0b96fe8867d7e0fe340b
79b15e3f44528991c338cca794e292f929365beb401402e01dbde62680c5d967
GET /tours/3/?tour=x1Rd&campaign=taOsB&c=1&p=0&gender=f&disable_sound=0 HTTP/1.1
Host: chaturbate.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://camschat.net/
Connection: keep-alive
Cookie: __cf_bm=bAxuhzJmW4DDtP4cu439IYsAVW.j_kBY0.7bQvgDsdw-1662227899-0-AdGoCH0E63oycXQS9gzzpvVKLD4S+fBV10oG44mPVR32eus7UVuGKHFHSfwTsUaZEsp5HX2llPtANrK7qANftgw=
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sat, 03 Sep 2022 17:58:19 GMT
content-type: text/html; charset=utf-8
vary: Accept-Encoding, Accept-Language, Cookie
p3p: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"
content-language: en
content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.mmcdn.com https://*.highwebmedia.com https://*.chaturbate.com https://chaturbate.com https://ajax.googleapis.com https://js-agent.newrelic.com https://cdnjs.cloudflare.com https://www.google-analytics.com https://www.google.com/recaptcha/ https://www.google.com/cv/ https://www.gstatic.com/recaptcha/ https://www.gstatic.com/cv/ https://www.gstatic.com/eureka/ https://www.gstatic.com/cast/ https://*.nr-data.net https://certify-js.alexametrics.com https://player.vimeo.com/api/player.js http://static.hotjar.com https://static.hotjar.com https://script.hotjar.com ; style-src 'self' data: 'unsafe-inline' https://*.highwebmedia.com https://cdnjs.cloudflare.com https://fonts.googleapis.com ; img-src 'self' data: https://*.mmcdn.com https://*.highwebmedia.com https://*.stream.highwebmedia.com https://*.chaturbate.com https://chaturbate.com https://www.google-analytics.com https://static-pub.highwebmedia.com https://s3pv.highwebmedia.com https://cbphotovideo.s3.amazonaws.com https://cbphotovideo-eu.s3.amazonaws.com https://static-pub.highwebmedia.com.s3.amazonaws.com https://wowdvr.s3.amazonaws.com https://cbvideoupload.s3.amazonaws.com https://cdnjs.cloudflare.com https://www.gstatic.com https://*.nr-data.net https://certify.alexametrics.com https://stats.g.doubleclick.net https://cbgames.s3.amazonaws.com https://player.vimeo.com https://script.hotjar.com http://script.hotjar.com ; font-src 'self' data: https://*.mmcdn.com https://*.highwebmedia.com https://cdnjs.cloudflare.com https://fonts.gstatic.com http://script.hotjar.com https://script.hotjar.com ; connect-src 'self' blob: blob https://*.mmcdn.com wss://*.mmcdn.com wss://*.mmcdn.com:8443 https://*.highwebmedia.com wss://*.highwebmedia.com wss://*.highwebmedia.com:8443 https://*.nr-data.net https://*.chaturbate.com https://chaturbate.com https://www.google-analytics.com https://cbvideoupload.s3-accelerate.amazonaws.com https://stats.g.doubleclick.net https://internet-up.ably-realtime.com https://static-pub.highwebmedia.com https://s3pv.highwebmedia.com https://cbphotovideo.s3.amazonaws.com https://cbphotovideo-eu.s3.amazonaws.com https://static-pub.highwebmedia.com.s3.amazonaws.com https://wowdvr.s3.amazonaws.com https://cbvideoupload.s3.amazonaws.com https://tls-use1.fpapi.io http://*.hotjar.com:* https://*.hotjar.com:* https://vc.hotjar.io:* https://surveystats.hotjar.io wss://*.hotjar.com ; media-src 'self' https://*.mmcdn.com https://*.highwebmedia.com https://*.chaturbate.com https://chaturbate.com mediasource: blob: data: https://static-pub.highwebmedia.com https://s3pv.highwebmedia.com https://cbphotovideo.s3.amazonaws.com https://cbphotovideo-eu.s3.amazonaws.com https://static-pub.highwebmedia.com.s3.amazonaws.com https://wowdvr.s3.amazonaws.com https://cbvideoupload.s3.amazonaws.com; object-src 'self' https://*.mmcdn.com https://*.highwebmedia.com https://download.macromedia.com https://static-pub.highwebmedia.com https://s3pv.highwebmedia.com https://cbphotovideo.s3.amazonaws.com https://cbphotovideo-eu.s3.amazonaws.com https://static-pub.highwebmedia.com.s3.amazonaws.com https://wowdvr.s3.amazonaws.com https://cbvideoupload.s3.amazonaws.com ; frame-src 'self' https://*.mmcdn.com https://*.chaturbate.com https://chaturbate.com https://*.highwebmedia.com https://adserver.exoticads.com https://www.google.com/recaptcha/ https://*.wnu.com https://wnu.com https://checkout.2000charge.com https://www.sofort.com https://*.girogate.de https://player.vimeo.com https://vars.hotjar.com ; child-src 'self' blob: blob ; worker-src 'self' blob: blob ; form-action 'self' https://*.chaturbate.com https://chaturbate.com https://*.stream.highwebmedia.com https://www.coinpayments.net https://*.wnu.com https://wnu.com https://devportal.cb.dev https://*.web.amer-1.jumio.ai https://smartpay.coinsmart.com ; manifest-src 'self' https://*.mmcdn.com https://*.highwebmedia.com ; report-uri https://report-uri.mmcdn.com/r/t/csp/enforce;
report-to: {"group":"default","max_age":2592000,"endpoints":[{"url":"https://report-uri.mmcdn.com/a/t/g"}],"include_subdomains":true}
nel: {"report_to":"default","max_age":2592000,"include_subdomains":true}
cache-control: no-cache
set-cookie: stcki="pOtSwZ=0\054FqPd9a=0\0546pduSG=0\054aDBbcK=1\0548UAXRV=1"; expires=Mon, 03-Oct-2022 17:58:19 GMT; Max-Age=2592000; Path=/
affkey="eJyrVipSslJQyigpKSi20tdPTswtTs5ILNHLSy3RV6oFAJUzCgA="; Domain=.chaturbate.com; expires=Mon, 03-Oct-2022 17:58:19 GMT; Max-Age=2592000; Path=/
sbr=sec:sbr6e6f743d-9481-40e8-bfae-2a4aeae7082b:1oUXPP:SdJ8hgIWK5EL6EQTyFDlJvmMlMI; Domain=.chaturbate.com; expires=Thu, 29-May-2025 17:58:19 GMT; HttpOnly; Max-Age=86313600; Path=/; Secure
x-content-type-options: nosniff
x-xss-protection: 1; mode=block; report=https://report-uri.highwebmedia.com/r/t/xss/enforce
referrer-policy: strict-origin-when-cross-origin
via: 1.1 google
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cf-cache-status: DYNAMIC
strict-transport-security: max-age=31536000; includeSubDomains; preload
server: cloudflare
cf-ray: 74505f731959b506-OSL
content-encoding: br
X-Firefox-Spdy: h2
pt.wmptctl.com/live-feed/fk/?c=object_container&site=wl3&cobrandId=240622&psid=cybermike&pstool=202_1&psprogram=cbrnd&campaign_id=118122&forcedPerformers%5B0%5D=&vp%5BshowChat%5D=false&vp%5BchatAutoHide%5D=false&vp%5BshowCallToAction%5D=false&vp%5BshowPerformerName%5D=false&vp%5BshowPerformerStatus%5D=false&filters=&subAffId=%7BSUBAFFID%7D&categoryName=girl&embedTool=1&origin=camschat.net
93.93.51.191200 OK 5.2 kB URL HTTP/2 pt.wmptctl.com/live-feed/fk/?c=object_container&site=wl3&cobrandId=240622&psid=cybermike&pstool=202_1&psprogram=cbrnd&campaign_id=118122&forcedPerformers%5B0%5D=&vp%5BshowChat%5D=false&vp%5BchatAutoHide%5D=false&vp%5BshowCallToAction%5D=false&vp%5BshowPerformerName%5D=false&vp%5BshowPerformerStatus%5D=false&filters=&subAffId=%7BSUBAFFID%7D&categoryName=girl&embedTool=1&origin=camschat.net
IP 93.93.51.191:0
ASN #34655 DuoDecad IT Services Luxembourg S.a r.l.
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with very long lines (2664)
Hash 3b18f4f433c6b67b37e43146f7be6145
622050efd7ff66a167246c3451b801b396245413
e5e745514744d83dba8973051e737f5184dd61edd1caefda0d0737ab35afcdb2
GET /live-feed/fk/?c=object_container&site=wl3&cobrandId=240622&psid=cybermike&pstool=202_1&psprogram=cbrnd&campaign_id=118122&forcedPerformers%5B0%5D=&vp%5BshowChat%5D=false&vp%5BchatAutoHide%5D=false&vp%5BshowCallToAction%5D=false&vp%5BshowPerformerName%5D=false&vp%5BshowPerformerStatus%5D=false&filters=&subAffId=%7BSUBAFFID%7D&categoryName=girl&embedTool=1&origin=camschat.net HTTP/1.1
Host: pt.wmptctl.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://camschat.net/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
cache-control: no-cache
date: Sat, 03 Sep 2022 17:58:19 GMT
server: unknown
set-cookie: psui=c11170dca089cc3d7eb6d01a7f1a1068; Path=/; Expires=Mon, 03-Oct-22 17:58:19 GMT; SameSite=None; Secure
content-encoding: gzip
X-Firefox-Spdy: h2
camschat.net/900250/cuntempire.webp
76.9.16.29200 OK 140 kB URL HTTP/2 camschat.net/900250/cuntempire.webp
IP 76.9.16.29:0
Size 140 kB (139699 bytes)
Hash ca88ac59e891aea67b6648ba6b45cc0d
a91bdef643f6e91b2b5668d5e9b62c5e66cbcfc4
674c0049687d7ed17c14fa6e4714720df5046f2f9867ed44e11d4d8753ed9d43
GET /900250/cuntempire.webp HTTP/1.1
Host: camschat.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://camschat.net/900250/game.php
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 03 Sep 2022 17:58:19 GMT
content-type: image/webp
last-modified: Mon, 12 Apr 2021 15:04:52 GMT
vary: Accept-Encoding
etag: W/"60746194-1dc40"
content-encoding: gzip
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash dad13fd31664e38313df71b932b0cd82
0d960e6c1dba6932e14462c23a795b3c72e88141
5f796d6bfabb1f9694047996a79d8f8f657b5f157e5d756c02f4d102171c18a4
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "5F796D6BFABB1F9694047996A79D8F8F657B5F157E5D756C02F4D102171C18A4"
Last-Modified: Thu, 01 Sep 2022 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3365
Expires: Sat, 03 Sep 2022 18:54:25 GMT
Date: Sat, 03 Sep 2022 17:58:20 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash dad13fd31664e38313df71b932b0cd82
0d960e6c1dba6932e14462c23a795b3c72e88141
5f796d6bfabb1f9694047996a79d8f8f657b5f157e5d756c02f4d102171c18a4
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "5F796D6BFABB1F9694047996A79D8F8F657B5F157E5D756C02F4D102171C18A4"
Last-Modified: Thu, 01 Sep 2022 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3365
Expires: Sat, 03 Sep 2022 18:54:25 GMT
Date: Sat, 03 Sep 2022 17:58:20 GMT
Connection: keep-alive
js-agent.newrelic.com/nr-spa-1216.min.js
151.101.86.137200 OK 18 kB URL HTTP/2 js-agent.newrelic.com/nr-spa-1216.min.js
IP 151.101.86.137:0
File type ASCII text, with very long lines (32010)
Hash 6561a2403142205f966207d61576f1a6
1310e72f494e12ab63a4280fc1600a2c89dc9bb8
0e496fcab0b9120938373e271fa6631b7da17adf33f8a490637467c170a3e37a
GET /nr-spa-1216.min.js HTTP/1.1
Host: js-agent.newrelic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://chaturbate.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: TAwVDFAylU9PwNPPW/eXC4UyIMC8EQ1d6JNW9Q+uXGnPmL1fuimq9M3lAe733gCMeKNDiCQX1YM=
x-amz-request-id: SYTECJR5CMD8NJ8E
last-modified: Thu, 14 Apr 2022 16:45:57 GMT
etag: "63e2df852d15ab21d7ff8fc4363222e8"
x-amz-version-id: UU.F5jvoumAjQChriwTQHbisCFw_OInU
content-type: application/javascript
server: AmazonS3
cache-control: public, max-age=7200, stale-if-error=604800
content-encoding: gzip
accept-ranges: bytes
date: Sat, 03 Sep 2022 17:58:20 GMT
via: 1.1 varnish
x-served-by: cache-bma1646-BMA
x-cache: HIT
x-cache-hits: 701
x-timer: S1662227900.142293,VS0,VE0
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
content-length: 18216
X-Firefox-Spdy: h2
pt-static2.ptlwmstc.com/npe/_common/script/adblock/advertisement-v885916.js
93.93.51.200200 OK 21 B URL HTTP/2 pt-static2.ptlwmstc.com/npe/_common/script/adblock/advertisement-v885916.js
IP 93.93.51.200:0
ASN #34655 DuoDecad IT Services Luxembourg S.a r.l.
File type ASCII text, with no line terminators
Hash 01c6e7ecb819ef28b0c9b962513a1596
1a49f493db7b91ed34a7040d36732352b9a5dc39
e97a9988dce8067f81f57557b349dd481e0335e75175179b6b01322be2ff13a5
GET /npe/_common/script/adblock/advertisement-v885916.js HTTP/1.1
Host: pt-static2.ptlwmstc.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://pt.wmptctl.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 03 Sep 2022 17:58:20 GMT
content-type: application/javascript
content-length: 21
last-modified: Fri, 02 Sep 2022 08:25:32 GMT
etag: "6311bdfc-15"
access-control-allow-origin: *
server: unknown
x-cdn-node: sesto
x-cache-status: R-HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
as.sexad.net/as/if?p=reseller&w=1&h=1&v=5106&adType=cats&adWidth=900&adHeight=75&niche=female&fontSize=15&font_color=%23fff&background_color=%23000000&hn=fap247.com&AFNO=1-286
216.127.52.242200 3.0 kB URL HTTP/1.1 as.sexad.net/as/if?p=reseller&w=1&h=1&v=5106&adType=cats&adWidth=900&adHeight=75&niche=female&fontSize=15&font_color=%23fff&background_color=%23000000&hn=fap247.com&AFNO=1-286
IP 216.127.52.242:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash d29d7425e04e0b9da7ebfcece07c005d
9f44f9b7b1792bf3f2a3dec0d55fec035eaa4852
5274a8e6fa7b053699cd2c6511bdc9a94fcf57846e370f225e51773a589d2783
GET /as/if?p=reseller&w=1&h=1&v=5106&adType=cats&adWidth=900&adHeight=75&niche=female&fontSize=15&font_color=%23fff&background_color=%23000000&hn=fap247.com&AFNO=1-286 HTTP/1.1
Host: as.sexad.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://camschat.net/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 200
Server: nginx/1.18.0
Date: Sat, 03 Sep 2022 17:58:20 GMT
Content-Type: text/html;charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: no-store
Access-Control-Allow-Origin: *
Set-Cookie: at11662227900937_0_5106_4398=0001000; expires=Mon, 03-Oct-2022 17:58:20 GMT; Max-Age=2592000; path=/as; secure; SameSite=None
iid=7156-1662227900; expires=Tue, 31-Aug-2032 17:58:20 GMT; Max-Age=315360000; path=/; secure; SameSite=None
P3P: policyref="/w3c/p3p.xml", CP="This is not our comprehensive privacy policy (P3P). For complete information, please see http://streamate.com/privacy.html"
Content-Encoding: gzip
as.sexad.net/as/if?p=reseller&w=1&h=1&v=5104&noplaybtn=1&adHeight=175&adWidth=235&adType=live&autoplay=true&hn=fap247.com&AFNO=1-286
216.127.52.242200 4.9 kB URL HTTP/1.1 as.sexad.net/as/if?p=reseller&w=1&h=1&v=5104&noplaybtn=1&adHeight=175&adWidth=235&adType=live&autoplay=true&hn=fap247.com&AFNO=1-286
IP 216.127.52.242:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with very long lines (627)
Hash 5afb2f70339718886d21bab406d8537e
25eb22ef58da58c9958702bd64a8d9e2ba171d10
3e9b98c2a576e4321361a463963f56a0a83965e1be3344e189238b27abda7b89
GET /as/if?p=reseller&w=1&h=1&v=5104&noplaybtn=1&adHeight=175&adWidth=235&adType=live&autoplay=true&hn=fap247.com&AFNO=1-286 HTTP/1.1
Host: as.sexad.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://camschat.net/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 200
Server: nginx/1.18.0
Date: Sat, 03 Sep 2022 17:58:20 GMT
Content-Type: text/html;charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: no-store
Access-Control-Allow-Origin: *
Set-Cookie: at11662227900937_0_5104_5671=0001000; expires=Mon, 03-Oct-2022 17:58:20 GMT; Max-Age=2592000; path=/as; secure; SameSite=None
iid=9572-1662227900; expires=Tue, 31-Aug-2032 17:58:20 GMT; Max-Age=315360000; path=/; secure; SameSite=None
P3P: policyref="/w3c/p3p.xml", CP="This is not our comprehensive privacy policy (P3P). For complete information, please see http://streamate.com/privacy.html"
Content-Encoding: gzip
pt-static1.ptlwmstc.com/npe/image/smilies_ex.png
93.93.51.200200 OK 8.5 kB URL HTTP/2 pt-static1.ptlwmstc.com/npe/image/smilies_ex.png
IP 93.93.51.200:0
ASN #34655 DuoDecad IT Services Luxembourg S.a r.l.
File type PNG image data, 536 x 138, 8-bit colormap, non-interlaced\012- data
Hash 53fc00ebf44066190d5faea2a7931e7c
21178ac1ffb10f958d26d17a0fe49d5d31a00720
63526a6642f64fadb44cd33d634bb626f8e96af3f850215cfdd78a9c609fc85c
GET /npe/image/smilies_ex.png HTTP/1.1
Host: pt-static1.ptlwmstc.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://pt.wmptctl.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sat, 03 Sep 2022 17:58:20 GMT
content-type: image/png
content-length: 8533
last-modified: Wed, 03 Aug 2022 06:46:21 GMT
etag: "62ea19bd-2155"
access-control-allow-origin: *
server: unknown
x-cdn-node: sesto
x-cache-status: R-HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
code.jquery.com/jquery-2.1.3.min.js
69.16.175.42200 OK 30 kB URL HTTP/2 code.jquery.com/jquery-2.1.3.min.js
IP 69.16.175.42:0
File type ASCII text, with very long lines (32180)
Hash de4fdb8e2e5d9b9624bad7ed2b726525
053a31e8e83b261e3863c4f9e652caba910a2b89
f44c9556d0ecebc0716a7fce2899c0b40ed96394bebafb2937f4305bf3b118f3
GET /jquery-2.1.3.min.js HTTP/1.1
Host: code.jquery.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://as.sexad.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 03 Sep 2022 17:58:20 GMT
content-encoding: gzip
content-length: 29507
content-type: application/javascript; charset=utf-8
last-modified: Wed, 16 Feb 2022 10:50:39 GMT
accept-ranges: bytes
server: nginx
etag: W/"620cd6ff-14960"
cache-control: max-age=315360000, public
access-control-allow-origin: *
vary: Accept-Encoding
x-hw: 1662227900.dop016.sk1.t,1662227900.cds225.sk1.hn,1662227900.cds215.sk1.c
X-Firefox-Spdy: h2
bam.nr-data.net/1/6f524845d1?a=24279235&v=1216.487a282&to=MwYEbUdYXxJQWhULDApMIExbWkUIXldOFgwRERUXQ1BUFkIDFQ0WFlA%3D&rst=1150&ck=1&ref=https://chaturbate.com/tours/3/&ap=46&be=536&fe=914&dc=685&af=err,xhr,stn,ins,spa&perf=%7B%22timing%22:%7B%22of%22:1662227896585,%22n%22:0,%22r%22:1,%22re%22:232,%22f%22:232,%22dn%22:232,%22dne%22:232,%22c%22:232,%22s%22:232,%22ce%22:232,%22rq%22:236,%22rp%22:437,%22rpe%22:451,%22dl%22:508,%22di%22:652,%22ds%22:684,%22de%22:686,%22dc%22:913,%22l%22:913,%22le%22:917%7D,%22navigation%22:%7B%22rc%22:1%7D%7D&at=H0ETGw9CExRCXBM9CgBBXAkZG0QSVEsPAw4BQVwbamZQD15XPj1BSEEVUFJXRBFuXQAWBkZZVhUXenc%2BY1gYQFlGVFIMBQxXVgIIWFdaBlZWDxh2Yi0TFUMhJTshCU0XAwhSHRsiJDwmDBJ8TU1DABMDQwQCCBADFVNYXRJUG01AEQECCmZcSRNbEwBQTFpUTVILGwgEVRMVQwMNCw05X1lYVhITA0NAT0YBA0pBZlYUVEoSPQoUQVwbDAgfWAEXVVBNVVZSGxkbUwRCTT4FFgEQFWZSXF5DCxsvLUFIQQ9JalpeFF9NExtBXkEodhcVEwhBZgINFgoXFEBqWl4PV1AFBw0HBkQDFwEBQx0bCBI8CgYSTlpLWkMLGwMOChxNBVZYGx1DWEk%2BDREDAghQT1hFCF5XQ1hBJg8PQRVqXg1ETQgNDRdBShtcSW4IQklDWEEmDw9BFWpeDURNCA0NF0FKG1xJbgBCV0NYVlRQVg0ZG1gRblgSDDwLEQEbDxtzDVhBQTEMCBYSUFpXQkFwakNOQQ0TOVpaV18EUk0IDQ07Fx9JUBsLQ3JYAw4GSyc1dRcVEwhBZhQRBhY8EkBFXBNbE0sEEQoABghNXFhdQx0bEwcSEQYVTWpJUBVZG1tATBAME0tGFgJOExVDFQ87CwlKQRsLQ1JRABYWFgEHTVAXUg5cG01AEA0XA2ZcXRNbABVDEQoQBjldWlRQCF8bW0AADAISTEdbUBVUFwINDkZPREtQSEQEQk0%2BCgwXF0QDF1pZAEVMEwACEAZIWlpUE00TWxMNFBcGFGZcXRNbEw8EVAVTV1VdGAAFWQAUVVIGXE4EX1RcHFNQDQAHAgFUVgEHWxNNE0sEBAYWBhQbDxtZFUVJElhMSwAHVEZaWQBFFw8HF0tBShtHXEAUVEoVPQ4BFw5WURsLQ3Z8NUBPRhMfTV1WXz5HXBMRCgsNRAMXCh9WExVDFwI7BwNPXFpUPldYDAsPHUFcG3pNWQRDG01AFgU8AlxDUFIEbk0YEgZGWURdUEpaFV5JQ05BEQI5VkZmVwBcUA0bQV5BKlBbTElDHRsUAzwLEDlPUEtCCF5XQ1hBRk9ETFRmUxNeThIHETsFB1RcVUhDCxsnCxEBBQlBFxUTFFBmAxAMExADS2pPVBNCUA4MQV5BXw8bCRNNE0wAPRAQEQ9XUhsLQ3xWGwsPCAJJDBsJEUlpCFBZQygKCExNGUlZB2ZXVlhEERADDA8fURgZJgcADwxJCwUIAVEACVBCJQ0RA19aQR5YBxdRQE9GBA9NalpeDFxQFUBZRgZSAAZaA1JTCFdbVkZPRElUS1AMQhtbQBg4QRJWQEttQwsZPUAbVTECZRcVET0TWgAPEwUKAVdpGwtBbRsVAywXITobGRltQ1JlQ1hDOEFXZRcVET0TST1AWUQ/RAlpGx1BbRsGBw0ABhRlFwMRPRNfPUBPRD9EXVxKUANdXD4RDBENAmUXAxE9Ewk9QB5GT0RcWVBWCFNVBD0QFA8PTWpNVBJFSkNYQUQhCkxHdVYIX3smQicXABBLdwgRJUJaFxAhVkMiSlZPQyMCGSURABIRJA0Va18yQUAyCkNGT0RcWVBWCFNVBD0QFA8PTWpNVBJFSj4MEEZZRBl3VUQTQ1wFLgwDCgh2Q1xDDVBAQTAGCgILXGZJSDJZVhYRQwAKFVpaT1QTSGYRAwQBQ0QVF1hSFVhPBD0QFA8PTWpNVBJFSkNYQUQhCkxHdVYIX3smQicXABBLdw0RM19qERswDENEFRdYUhVYTwQ9EBQPD01qTVQSRUo%2BDBBGWUQZd1VEE0NcBS4MAwoIdkNcQw1QQEEwBgoCC1xmSUgyWVYWEUMAChVaWk9UE0hmEQMEAUNEREg%3D&jsonp=NREUM.setToken
162.247.241.14200 OK 72 B URL HTTP/1.1 bam.nr-data.net/1/6f524845d1?a=24279235&v=1216.487a282&to=MwYEbUdYXxJQWhULDApMIExbWkUIXldOFgwRERUXQ1BUFkIDFQ0WFlA%3D&rst=1150&ck=1&ref=https://chaturbate.com/tours/3/&ap=46&be=536&fe=914&dc=685&af=err,xhr,stn,ins,spa&perf=%7B%22timing%22:%7B%22of%22:1662227896585,%22n%22:0,%22r%22:1,%22re%22:232,%22f%22:232,%22dn%22:232,%22dne%22:232,%22c%22:232,%22s%22:232,%22ce%22:232,%22rq%22:236,%22rp%22:437,%22rpe%22:451,%22dl%22:508,%22di%22:652,%22ds%22:684,%22de%22:686,%22dc%22:913,%22l%22:913,%22le%22:917%7D,%22navigation%22:%7B%22rc%22:1%7D%7D&at=H0ETGw9CExRCXBM9CgBBXAkZG0QSVEsPAw4BQVwbamZQD15XPj1BSEEVUFJXRBFuXQAWBkZZVhUXenc%2BY1gYQFlGVFIMBQxXVgIIWFdaBlZWDxh2Yi0TFUMhJTshCU0XAwhSHRsiJDwmDBJ8TU1DABMDQwQCCBADFVNYXRJUG01AEQECCmZcSRNbEwBQTFpUTVILGwgEVRMVQwMNCw05X1lYVhITA0NAT0YBA0pBZlYUVEoSPQoUQVwbDAgfWAEXVVBNVVZSGxkbUwRCTT4FFgEQFWZSXF5DCxsvLUFIQQ9JalpeFF9NExtBXkEodhcVEwhBZgINFgoXFEBqWl4PV1AFBw0HBkQDFwEBQx0bCBI8CgYSTlpLWkMLGwMOChxNBVZYGx1DWEk%2BDREDAghQT1hFCF5XQ1hBJg8PQRVqXg1ETQgNDRdBShtcSW4IQklDWEEmDw9BFWpeDURNCA0NF0FKG1xJbgBCV0NYVlRQVg0ZG1gRblgSDDwLEQEbDxtzDVhBQTEMCBYSUFpXQkFwakNOQQ0TOVpaV18EUk0IDQ07Fx9JUBsLQ3JYAw4GSyc1dRcVEwhBZhQRBhY8EkBFXBNbE0sEEQoABghNXFhdQx0bEwcSEQYVTWpJUBVZG1tATBAME0tGFgJOExVDFQ87CwlKQRsLQ1JRABYWFgEHTVAXUg5cG01AEA0XA2ZcXRNbABVDEQoQBjldWlRQCF8bW0AADAISTEdbUBVUFwINDkZPREtQSEQEQk0%2BCgwXF0QDF1pZAEVMEwACEAZIWlpUE00TWxMNFBcGFGZcXRNbEw8EVAVTV1VdGAAFWQAUVVIGXE4EX1RcHFNQDQAHAgFUVgEHWxNNE0sEBAYWBhQbDxtZFUVJElhMSwAHVEZaWQBFFw8HF0tBShtHXEAUVEoVPQ4BFw5WURsLQ3Z8NUBPRhMfTV1WXz5HXBMRCgsNRAMXCh9WExVDFwI7BwNPXFpUPldYDAsPHUFcG3pNWQRDG01AFgU8AlxDUFIEbk0YEgZGWURdUEpaFV5JQ05BEQI5VkZmVwBcUA0bQV5BKlBbTElDHRsUAzwLEDlPUEtCCF5XQ1hBRk9ETFRmUxNeThIHETsFB1RcVUhDCxsnCxEBBQlBFxUTFFBmAxAMExADS2pPVBNCUA4MQV5BXw8bCRNNE0wAPRAQEQ9XUhsLQ3xWGwsPCAJJDBsJEUlpCFBZQygKCExNGUlZB2ZXVlhEERADDA8fURgZJgcADwxJCwUIAVEACVBCJQ0RA19aQR5YBxdRQE9GBA9NalpeDFxQFUBZRgZSAAZaA1JTCFdbVkZPRElUS1AMQhtbQBg4QRJWQEttQwsZPUAbVTECZRcVET0TWgAPEwUKAVdpGwtBbRsVAywXITobGRltQ1JlQ1hDOEFXZRcVET0TST1AWUQ/RAlpGx1BbRsGBw0ABhRlFwMRPRNfPUBPRD9EXVxKUANdXD4RDBENAmUXAxE9Ewk9QB5GT0RcWVBWCFNVBD0QFA8PTWpNVBJFSkNYQUQhCkxHdVYIX3smQicXABBLdwgRJUJaFxAhVkMiSlZPQyMCGSURABIRJA0Va18yQUAyCkNGT0RcWVBWCFNVBD0QFA8PTWpNVBJFSj4MEEZZRBl3VUQTQ1wFLgwDCgh2Q1xDDVBAQTAGCgILXGZJSDJZVhYRQwAKFVpaT1QTSGYRAwQBQ0QVF1hSFVhPBD0QFA8PTWpNVBJFSkNYQUQhCkxHdVYIX3smQicXABBLdw0RM19qERswDENEFRdYUhVYTwQ9EBQPD01qTVQSRUo%2BDBBGWUQZd1VEE0NcBS4MAwoIdkNcQw1QQEEwBgoCC1xmSUgyWVYWEUMAChVaWk9UE0hmEQMEAUNEREg%3D&jsonp=NREUM.setToken
IP 162.247.241.14:0
File type ASCII text, with no line terminators
Hash 107d93e382e2c9b00fbf9fb0edc65d86
77e750e3ebf9706f4f6dd253785602d70be17c6c
a1ee50b689ea433a0acdccbf4ee4629e9ea3f9c4bcdd21effb334359a2f9e937
GET /1/6f524845d1?a=24279235&v=1216.487a282&to=MwYEbUdYXxJQWhULDApMIExbWkUIXldOFgwRERUXQ1BUFkIDFQ0WFlA%3D&rst=1150&ck=1&ref=https://chaturbate.com/tours/3/&ap=46&be=536&fe=914&dc=685&af=err,xhr,stn,ins,spa&perf=%7B%22timing%22:%7B%22of%22:1662227896585,%22n%22:0,%22r%22:1,%22re%22:232,%22f%22:232,%22dn%22:232,%22dne%22:232,%22c%22:232,%22s%22:232,%22ce%22:232,%22rq%22:236,%22rp%22:437,%22rpe%22:451,%22dl%22:508,%22di%22:652,%22ds%22:684,%22de%22:686,%22dc%22:913,%22l%22:913,%22le%22:917%7D,%22navigation%22:%7B%22rc%22:1%7D%7D&at=H0ETGw9CExRCXBM9CgBBXAkZG0QSVEsPAw4BQVwbamZQD15XPj1BSEEVUFJXRBFuXQAWBkZZVhUXenc%2BY1gYQFlGVFIMBQxXVgIIWFdaBlZWDxh2Yi0TFUMhJTshCU0XAwhSHRsiJDwmDBJ8TU1DABMDQwQCCBADFVNYXRJUG01AEQECCmZcSRNbEwBQTFpUTVILGwgEVRMVQwMNCw05X1lYVhITA0NAT0YBA0pBZlYUVEoSPQoUQVwbDAgfWAEXVVBNVVZSGxkbUwRCTT4FFgEQFWZSXF5DCxsvLUFIQQ9JalpeFF9NExtBXkEodhcVEwhBZgINFgoXFEBqWl4PV1AFBw0HBkQDFwEBQx0bCBI8CgYSTlpLWkMLGwMOChxNBVZYGx1DWEk%2BDREDAghQT1hFCF5XQ1hBJg8PQRVqXg1ETQgNDRdBShtcSW4IQklDWEEmDw9BFWpeDURNCA0NF0FKG1xJbgBCV0NYVlRQVg0ZG1gRblgSDDwLEQEbDxtzDVhBQTEMCBYSUFpXQkFwakNOQQ0TOVpaV18EUk0IDQ07Fx9JUBsLQ3JYAw4GSyc1dRcVEwhBZhQRBhY8EkBFXBNbE0sEEQoABghNXFhdQx0bEwcSEQYVTWpJUBVZG1tATBAME0tGFgJOExVDFQ87CwlKQRsLQ1JRABYWFgEHTVAXUg5cG01AEA0XA2ZcXRNbABVDEQoQBjldWlRQCF8bW0AADAISTEdbUBVUFwINDkZPREtQSEQEQk0%2BCgwXF0QDF1pZAEVMEwACEAZIWlpUE00TWxMNFBcGFGZcXRNbEw8EVAVTV1VdGAAFWQAUVVIGXE4EX1RcHFNQDQAHAgFUVgEHWxNNE0sEBAYWBhQbDxtZFUVJElhMSwAHVEZaWQBFFw8HF0tBShtHXEAUVEoVPQ4BFw5WURsLQ3Z8NUBPRhMfTV1WXz5HXBMRCgsNRAMXCh9WExVDFwI7BwNPXFpUPldYDAsPHUFcG3pNWQRDG01AFgU8AlxDUFIEbk0YEgZGWURdUEpaFV5JQ05BEQI5VkZmVwBcUA0bQV5BKlBbTElDHRsUAzwLEDlPUEtCCF5XQ1hBRk9ETFRmUxNeThIHETsFB1RcVUhDCxsnCxEBBQlBFxUTFFBmAxAMExADS2pPVBNCUA4MQV5BXw8bCRNNE0wAPRAQEQ9XUhsLQ3xWGwsPCAJJDBsJEUlpCFBZQygKCExNGUlZB2ZXVlhEERADDA8fURgZJgcADwxJCwUIAVEACVBCJQ0RA19aQR5YBxdRQE9GBA9NalpeDFxQFUBZRgZSAAZaA1JTCFdbVkZPRElUS1AMQhtbQBg4QRJWQEttQwsZPUAbVTECZRcVET0TWgAPEwUKAVdpGwtBbRsVAywXITobGRltQ1JlQ1hDOEFXZRcVET0TST1AWUQ/RAlpGx1BbRsGBw0ABhRlFwMRPRNfPUBPRD9EXVxKUANdXD4RDBENAmUXAxE9Ewk9QB5GT0RcWVBWCFNVBD0QFA8PTWpNVBJFSkNYQUQhCkxHdVYIX3smQicXABBLdwgRJUJaFxAhVkMiSlZPQyMCGSURABIRJA0Va18yQUAyCkNGT0RcWVBWCFNVBD0QFA8PTWpNVBJFSj4MEEZZRBl3VUQTQ1wFLgwDCgh2Q1xDDVBAQTAGCgILXGZJSDJZVhYRQwAKFVpaT1QTSGYRAwQBQ0QVF1hSFVhPBD0QFA8PTWpNVBJFSkNYQUQhCkxHdVYIX3smQicXABBLdw0RM19qERswDENEFRdYUhVYTwQ9EBQPD01qTVQSRUo%2BDBBGWUQZd1VEE0NcBS4MAwoIdkNcQw1QQEEwBgoCC1xmSUgyWVYWEUMAChVaWk9UE0hmEQMEAUNEREg%3D&jsonp=NREUM.setToken HTTP/1.1
Host: bam.nr-data.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://chaturbate.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Date: Sat, 03 Sep 2022 17:58:20 GMT
Content-Type: text/javascript
Transfer-Encoding: chunked
Connection: keep-alive
CF-Ray: 74505f7b098eb523-OSL
Access-Control-Allow-Origin: *
Set-Cookie: JSESSIONID=c7c9a5e6145c2ea1; Path=/; Domain=.nr-data.net; Secure; SameSite=None
CF-Cache-Status: DYNAMIC
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, PUT, HEAD, OPTIONS
Cross-Origin-Resource-Policy: cross-origin
Vary: Accept-Encoding
Server: cloudflare
Content-Encoding: gzip
poweredby.jads.co/adshow.php?adzone=969388
185.94.236.246200 OK 1.4 kB URL HTTP/1.1 poweredby.jads.co/adshow.php?adzone=969388
IP 185.94.236.246:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with CRLF, LF line terminators
Hash 12652f1fed36d1d9e3b171f604d72dcb
999432a1f65a3cc8d43f1f6002af60193eec9cfb
d3c0ec37d1d25a8b5e4512d3ae3c634fb5293154c5267227568ecf8de1a0faad
GET /adshow.php?adzone=969388 HTTP/1.1
Host: poweredby.jads.co
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://media.aso1.net/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 03 Sep 2022 17:58:20 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: close
X-Powered-By: PHP/5.6.40
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CUR OUR IND STA"
Set-Cookie: surferid=14d75b5684f8628a3ef5be39662fce8f; expires=Sun, 03-Sep-2023 17:58:19 GMT; Max-Age=31536000; path=/; SameSite=None; Secure; domain=.jads.co
juicy_data_1=YTowOnt9; expires=Tue, 06-Sep-2022 17:58:19 GMT; Max-Age=259200; path=/; SameSite=None; Secure; domain=jads.co
juicy_data=YToxOntzOjEyOiJqdWljeV9kYXRhXzEiO3M6MToiMSI7fQ%3D%3D; expires=Tue, 06-Sep-2022 17:58:19 GMT; Max-Age=259200; path=/; SameSite=None; Secure; domain=jads.co
Content-Encoding: gzip
m.sancdn.net/common/videojs/videojs.min-original-v2.css
69.16.175.42200 OK 16 kB URL HTTP/1.1 m.sancdn.net/common/videojs/videojs.min-original-v2.css
IP 69.16.175.42:0
Hash c876d665ca1b4f7ed345def9f3a2a7d8
d06424ad57b3088b828be5b5c8a760a1e1ff3aef
974d3f551139bb5bae848983284a6aa583b4aa5f9986461bba6310faf51aad11
GET /common/videojs/videojs.min-original-v2.css HTTP/1.1
Host: m.sancdn.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://as.sexad.net/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Date: Sat, 03 Sep 2022 17:58:20 GMT
Connection: Keep-Alive
ETag: "1385146323"
Cache-Control: max-age=86400
Content-Length: 11451
Content-Type: text/css
Last-Modified: Fri, 22 Nov 2013 18:52:03 GMT
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
X-HW: 1662227900.dop228.sk1.t,1662227900.cds023.sk1.shn,1662227900.dop228.sk1.t,1662227900.cds018.sk1.c
galleryn10.awemdia.com/ff268cab8d9fbae1ed7506f97496274f18/8ceb11366558c1fed8ad202d730a17a9_glamour_896x504.jpg
93.93.51.190200 OK 20 kB URL HTTP/2 galleryn10.awemdia.com/ff268cab8d9fbae1ed7506f97496274f18/8ceb11366558c1fed8ad202d730a17a9_glamour_896x504.jpg
IP 93.93.51.190:0
ASN #34655 DuoDecad IT Services Luxembourg S.a r.l.
File type HTML document, ASCII text, with very long lines (14756)
Hash 70d492eca4141bdd1452977dd893dd63
9cd9504b3afdeca86a03251591e1afab36ae2c57
ce0f70d9e807bb959717d8350c21a107f5b6b7221a774b6d1ed057219468a260
GET /ff268cab8d9fbae1ed7506f97496274f18/8ceb11366558c1fed8ad202d730a17a9_glamour_896x504.jpg HTTP/1.1
Host: galleryn10.awemdia.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://pt.wmptctl.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 03 Sep 2022 17:58:20 GMT
content-type: image/jpeg
content-length: 85832
last-modified: Tue, 09 Aug 2022 16:58:10 GMT
etag: "c7e1185a4b6f8ab05277eb2bea19fddb"
access-control-allow-origin: *
x-content-type-options: nosniff
x-cache-source: Origin
x-cache-status: R-HIT
expires: Sat, 17 Sep 2022 17:58:20 GMT
server: unknown
x-cdn-node: sesto
cache-control: max-age=1209600
x-real-source: -
accept-ranges: bytes
X-Firefox-Spdy: h2
m.sancdn.net/common/videojs/videojs-411.js
69.16.175.42200 OK 330 kB URL HTTP/1.1 m.sancdn.net/common/videojs/videojs-411.js
IP 69.16.175.42:0
Size 330 kB (329746 bytes)
Hash 326a93cefb9c65c675156c501bacbd8b
ec0dd79a6f84ede70c9e82199d9f50147e85f9d6
521ccf38ac94bdf6d36e6095b4a3458f736fb11b7081b912aa42c40476220bdf
GET /common/videojs/videojs-411.js HTTP/1.1
Host: m.sancdn.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://as.sexad.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Date: Sat, 03 Sep 2022 17:58:20 GMT
Connection: Keep-Alive
ETag: "1448403647"
Cache-Control: max-age=86400
Content-Length: 71023
Content-Type: application/javascript
Last-Modified: Tue, 24 Nov 2015 22:20:47 GMT
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
X-HW: 1662227900.dop022.sk1.t,1662227900.cds253.sk1.shn,1662227900.dop022.sk1.t,1662227900.cds205.sk1.c
xfantazy.com/_next/static/oDS-1OtrlAeeVjTgw5hAY/pages/video.js
104.26.0.188200 OK 32 kB URL HTTP/2 xfantazy.com/_next/static/oDS-1OtrlAeeVjTgw5hAY/pages/video.js
IP 104.26.0.188:0
File type ASCII text, with very long lines (22910), with no line terminators
Hash 250946bb613e9d7dc563278fb9cfaeed
eab1ceb7a837e959909ce8412716ea627bb8bf89
10ac0307cbf6e423a8a363de073fc9f28b647f3c44432a5f2dcc69a922391d9b
GET /_next/static/oDS-1OtrlAeeVjTgw5hAY/pages/video.js HTTP/1.1
Host: xfantazy.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/video/5fc582e7b181c14a07fdad7e
Cookie: visitorId=78ob34gxsz5rp4xq8niyu; experiment-popup-payment-7=0; experiment-save-to-button-2=0
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sat, 03 Sep 2022 17:58:14 GMT
content-type: application/javascript; charset=UTF-8
vary: Origin, Accept-Encoding
cache-control: public, max-age=31536000, immutable
last-modified: Fri, 05 Aug 2022 08:43:46 GMT
etag: W/"597e-1826d2cc2d4"
cf-cache-status: HIT
age: 2538332
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=VZJgjaEFuRAUm0he%2BYvoKS1Zr0mUAWXQnbYwLRny0LIBRlcYFPiFRdpWPKRSf7ZDw39eJQD5szni2ysCjXmhZt9OJCc5vjCA5KKS%2BjEWGFwGdXWmIo5JpJ%2BY8795xg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 74505f51edd4b524-OSL
content-encoding: br
X-Firefox-Spdy: h2
pt.wmptctl.com/onGbR/Oh6.gif?c=object_container&site=wl3&cobrandId=240622&psid=cybermike&pstool=202_1&psprogram=cbrnd&campaign_id=118122&vp%5BshowChat%5D=false&vp%5BchatAutoHide%5D=false&vp%5BshowCallToAction%5D=false&vp%5BshowPerformerName%5D=false&vp%5BshowPerformerStatus%5D=false&filters=&subAffId=%7BSUBAFFID%7D&categoryName=girl&embedTool=1&origin=camschat.net
93.93.51.191200 OK 75 kB URL HTTP/2 pt.wmptctl.com/onGbR/Oh6.gif?c=object_container&site=wl3&cobrandId=240622&psid=cybermike&pstool=202_1&psprogram=cbrnd&campaign_id=118122&vp%5BshowChat%5D=false&vp%5BchatAutoHide%5D=false&vp%5BshowCallToAction%5D=false&vp%5BshowPerformerName%5D=false&vp%5BshowPerformerStatus%5D=false&filters=&subAffId=%7BSUBAFFID%7D&categoryName=girl&embedTool=1&origin=camschat.net
IP 93.93.51.191:0
ASN #34655 DuoDecad IT Services Luxembourg S.a r.l.
Hash 146a84ee3ffec6e76d99ce8881b97c42
c1660f5547856a44dbbfe997f3d8295b0f9a9826
626bf5746412996b8c372820ce5458de26e98e3074897dfad8423868f00bedf3
GET /onGbR/Oh6.gif?c=object_container&site=wl3&cobrandId=240622&psid=cybermike&pstool=202_1&psprogram=cbrnd&campaign_id=118122&vp%5BshowChat%5D=false&vp%5BchatAutoHide%5D=false&vp%5BshowCallToAction%5D=false&vp%5BshowPerformerName%5D=false&vp%5BshowPerformerStatus%5D=false&filters=&subAffId=%7BSUBAFFID%7D&categoryName=girl&embedTool=1&origin=camschat.net HTTP/1.1
Host: pt.wmptctl.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://pt.wmptctl.com/live-feed/fk/?c=object_container&site=wl3&cobrandId=240622&psid=cybermike&pstool=202_1&psprogram=cbrnd&campaign_id=118122&forcedPerformers%5B0%5D=&vp%5BshowChat%5D=false&vp%5BchatAutoHide%5D=false&vp%5BshowCallToAction%5D=false&vp%5BshowPerformerName%5D=false&vp%5BshowPerformerStatus%5D=false&filters=&subAffId=%7BSUBAFFID%7D&categoryName=girl&embedTool=1&origin=camschat.net
Cookie: psui=c11170dca089cc3d7eb6d01a7f1a1068
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sat, 03 Sep 2022 17:58:20 GMT
content-type: image/gif
content-length: 43
last-modified: Mon, 28 Sep 1970 06:00:00 GMT
server: unknown
set-cookie: psui=c11170dca089cc3d7eb6d01a7f1a1068; Path=/; Expires=Mon, 03-Oct-22 17:58:20 GMT; SameSite=None; Secure
expires: Sat, 03 Sep 2022 17:58:19 GMT
cache-control: no-cache
access-control-allow-origin: *
X-Firefox-Spdy: h2
galleryn10.awemdia.com/ff268cab8d9fbae1ed7506f97496274f18/86e4ca17a162d74dbb469f921fd1100a_glamour_896x504.jpg
93.93.51.190200 OK 68 kB URL HTTP/2 galleryn10.awemdia.com/ff268cab8d9fbae1ed7506f97496274f18/86e4ca17a162d74dbb469f921fd1100a_glamour_896x504.jpg
IP 93.93.51.190:0
ASN #34655 DuoDecad IT Services Luxembourg S.a r.l.
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, progressive, precision 8, 896x504, components 3\012- data
Hash e923576de9b34e0396e1182399f198f5
e9f2212ea7dec6b17a2e2145eac483468e56960b
b797badd00806772941526bdf9c70fa735ba563da16057d8a6725303dee16067
GET /ff268cab8d9fbae1ed7506f97496274f18/86e4ca17a162d74dbb469f921fd1100a_glamour_896x504.jpg HTTP/1.1
Host: galleryn10.awemdia.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://pt.wmptctl.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sat, 03 Sep 2022 17:58:20 GMT
content-type: image/jpeg
content-length: 67817
last-modified: Sun, 28 Aug 2022 05:16:20 GMT
etag: "e923576de9b34e0396e1182399f198f5"
access-control-allow-origin: *
x-content-type-options: nosniff
x-cache-source: Origin
x-cache-status: R-HIT
expires: Sat, 17 Sep 2022 17:58:20 GMT
server: unknown
x-cdn-node: sesto
cache-control: max-age=1209600
x-real-source: -
accept-ranges: bytes
X-Firefox-Spdy: h2
galleryn10.awemdia.com/ff268cab8d9fbae1ed7506f97496274f18/8b4f441bfc02d4637b2f49bca2b53763_glamour_896x504.jpg
93.93.51.190200 OK 74 kB URL HTTP/2 galleryn10.awemdia.com/ff268cab8d9fbae1ed7506f97496274f18/8b4f441bfc02d4637b2f49bca2b53763_glamour_896x504.jpg
IP 93.93.51.190:0
ASN #34655 DuoDecad IT Services Luxembourg S.a r.l.
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, progressive, precision 8, 896x504, components 3\012- data
Hash 3e3d1891e20c4c30d0013b580557f624
b6af24c3c270ead6b5f0f9b6960ace09b652bf34
6a791c7ba0dc684cf726da3f2256c27193c27c6fe6b794a0d6040128a568084f
GET /ff268cab8d9fbae1ed7506f97496274f18/8b4f441bfc02d4637b2f49bca2b53763_glamour_896x504.jpg HTTP/1.1
Host: galleryn10.awemdia.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://pt.wmptctl.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sat, 03 Sep 2022 17:58:21 GMT
content-type: image/jpeg
content-length: 74424
last-modified: Thu, 14 Apr 2022 15:40:17 GMT
etag: "3e3d1891e20c4c30d0013b580557f624"
access-control-allow-origin: *
x-content-type-options: nosniff
x-cache-source: Origin
x-cache-status: R-HIT
expires: Sat, 17 Sep 2022 17:58:21 GMT
server: unknown
x-cdn-node: sesto
cache-control: max-age=1209600
x-real-source: -
accept-ranges: bytes
X-Firefox-Spdy: h2
as.sexad.net/px.gif?stno=3-937-fap247.com-0-5104-0-0-3001-5671-3&p=reseller&w=1&h=1&v=5104&noplaybtn=1&adHeight=175&adWidth=235&adType=live&autoplay=true&hn=fap247.com&AFNO=1-286&cam=0&adv=0&ctry=NO&lang=en&dev=Other
216.127.52.242200 35 B URL HTTP/1.1 as.sexad.net/px.gif?stno=3-937-fap247.com-0-5104-0-0-3001-5671-3&p=reseller&w=1&h=1&v=5104&noplaybtn=1&adHeight=175&adWidth=235&adType=live&autoplay=true&hn=fap247.com&AFNO=1-286&cam=0&adv=0&ctry=NO&lang=en&dev=Other
IP 216.127.52.242:0
File type GIF image data, version 87a, 1 x 1\012- data
Hash 729c3007a8ed0597531b0c76d54a94bb
90fe9b8a8142548fdfab29f59cb0a164a0eaef81
6a842ea462daca2a0b5a0f5f25bcfc8e0059ac811ca6c6a1bc54e4d9119621c3
GET /px.gif?stno=3-937-fap247.com-0-5104-0-0-3001-5671-3&p=reseller&w=1&h=1&v=5104&noplaybtn=1&adHeight=175&adWidth=235&adType=live&autoplay=true&hn=fap247.com&AFNO=1-286&cam=0&adv=0&ctry=NO&lang=en&dev=Other HTTP/1.1
Host: as.sexad.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://as.sexad.net/as/if?p=reseller&w=1&h=1&v=5104&noplaybtn=1&adHeight=175&adWidth=235&adType=live&autoplay=true&hn=fap247.com&AFNO=1-286
Cookie: iid=9572-1662227900
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200
Server: nginx/1.18.0
Date: Sat, 03 Sep 2022 17:58:21 GMT
Content-Type: image/gif
Content-Length: 35
Connection: keep-alive
Cache-Control: no-cache, no-store, must-revalidate, private, max-age=0
Access-Control-Allow-Origin: *
Set-Cookie: ust=1662227901; expires=Tue, 31-Aug-2032 17:58:21 GMT; Max-Age=315360000; path=/; secure; SameSite=None
P3P: policyref="/w3c/p3p.xml", CP="This is not our comprehensive privacy policy (P3P). For complete information, please see http://streamate.com/privacy.html"
as.sexad.net/px.gif?stno=3-937-fap247.com-0-5106-0-0-3003-4398-12&p=reseller&w=1&h=1&v=5106&adType=cats&adWidth=900&adHeight=75&niche=female&fontSize=15&font_color=%23fff&background_color=%23000000&hn=fap247.com&AFNO=1-286&cam=0&adv=0&ctry=NO&lang=en&dev=Other
216.127.52.242200 35 B URL HTTP/1.1 as.sexad.net/px.gif?stno=3-937-fap247.com-0-5106-0-0-3003-4398-12&p=reseller&w=1&h=1&v=5106&adType=cats&adWidth=900&adHeight=75&niche=female&fontSize=15&font_color=%23fff&background_color=%23000000&hn=fap247.com&AFNO=1-286&cam=0&adv=0&ctry=NO&lang=en&dev=Other
IP 216.127.52.242:0
File type GIF image data, version 87a, 1 x 1\012- data
Hash 729c3007a8ed0597531b0c76d54a94bb
90fe9b8a8142548fdfab29f59cb0a164a0eaef81
6a842ea462daca2a0b5a0f5f25bcfc8e0059ac811ca6c6a1bc54e4d9119621c3
GET /px.gif?stno=3-937-fap247.com-0-5106-0-0-3003-4398-12&p=reseller&w=1&h=1&v=5106&adType=cats&adWidth=900&adHeight=75&niche=female&fontSize=15&font_color=%23fff&background_color=%23000000&hn=fap247.com&AFNO=1-286&cam=0&adv=0&ctry=NO&lang=en&dev=Other HTTP/1.1
Host: as.sexad.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://as.sexad.net/as/if?p=reseller&w=1&h=1&v=5106&adType=cats&adWidth=900&adHeight=75&niche=female&fontSize=15&font_color=%23fff&background_color=%23000000&hn=fap247.com&AFNO=1-286
Cookie: iid=9572-1662227900
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200
Server: nginx/1.18.0
Date: Sat, 03 Sep 2022 17:58:21 GMT
Content-Type: image/gif
Content-Length: 35
Connection: keep-alive
Cache-Control: no-cache, no-store, must-revalidate, private, max-age=0
Access-Control-Allow-Origin: *
Set-Cookie: ust=1662227901; expires=Tue, 31-Aug-2032 17:58:21 GMT; Max-Age=315360000; path=/; secure; SameSite=None
P3P: policyref="/w3c/p3p.xml", CP="This is not our comprehensive privacy policy (P3P). For complete information, please see http://streamate.com/privacy.html"
bam.nr-data.net/events/1/6f524845d1?a=24279235&v=1216.487a282&to=MwYEbUdYXxJQWhULDApMIExbWkUIXldOFgwRERUXQ1BUFkIDFQ0WFlA%3D&rst=1828&ck=1&ref=https://chaturbate.com/tours/3/
162.247.241.14200 OK 24 B URL HTTP/1.1 bam.nr-data.net/events/1/6f524845d1?a=24279235&v=1216.487a282&to=MwYEbUdYXxJQWhULDApMIExbWkUIXldOFgwRERUXQ1BUFkIDFQ0WFlA%3D&rst=1828&ck=1&ref=https://chaturbate.com/tours/3/
IP 162.247.241.14:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash bc32ed98d624acb4008f986349a20d26
2d3df8c11d2168ce2c27e0937421d11d85016361
0c9cf152a0ad00d4f102c93c613c104914be5517ac8f8e0831727f8bfbe8b300
POST /events/1/6f524845d1?a=24279235&v=1216.487a282&to=MwYEbUdYXxJQWhULDApMIExbWkUIXldOFgwRERUXQ1BUFkIDFQ0WFlA%3D&rst=1828&ck=1&ref=https://chaturbate.com/tours/3/ HTTP/1.1
Host: bam.nr-data.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://chaturbate.com/
content-type: text/plain
Content-Length: 2181
Origin: https://chaturbate.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Date: Sat, 03 Sep 2022 17:58:21 GMT
Content-Type: image/gif
Content-Length: 24
Connection: keep-alive
CF-Ray: 74505f7d3c56b523-OSL
Access-Control-Allow-Origin: https://chaturbate.com
CF-Cache-Status: DYNAMIC
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, PUT, HEAD, OPTIONS
Vary: Accept-Encoding
Server: cloudflare
galleryn10.awemdia.com/ff268cab8d9fbae1ed7506f97496274f17/75cb8ee99562b261259b9dfad2733d70_glamour_896x504.jpg
93.93.51.190200 OK 87 kB URL HTTP/2 galleryn10.awemdia.com/ff268cab8d9fbae1ed7506f97496274f17/75cb8ee99562b261259b9dfad2733d70_glamour_896x504.jpg
IP 93.93.51.190:0
ASN #34655 DuoDecad IT Services Luxembourg S.a r.l.
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 72x72, segment length 16, progressive, precision 8, 896x504, components 3\012- data
Hash a950830ec79b651345034d32cffcc050
36bf6c61c7225f81b800fc5bb48e6aee2977bc61
c06c24bfde03cad4a7ec2a871af969db1007146c711e28823b4cb61238bd7076
GET /ff268cab8d9fbae1ed7506f97496274f17/75cb8ee99562b261259b9dfad2733d70_glamour_896x504.jpg HTTP/1.1
Host: galleryn10.awemdia.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://pt.wmptctl.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sat, 03 Sep 2022 17:58:21 GMT
content-type: image/jpeg
content-length: 86994
last-modified: Sat, 13 Aug 2022 12:28:18 GMT
etag: "a950830ec79b651345034d32cffcc050"
access-control-allow-origin: *
x-content-type-options: nosniff
x-cache-source: Origin
x-cache-status: R-HIT
expires: Sat, 17 Sep 2022 17:58:21 GMT
server: unknown
x-cdn-node: sesto
cache-control: max-age=1209600
x-real-source: -
accept-ranges: bytes
X-Firefox-Spdy: h2
galleryn10.awemdia.com/ff268cab8d9fbae1ed7506f97496274f1c/cb0ad4b5e4610eadce0c884b58b74316_glamour_896x504.jpg
93.93.51.190200 OK 56 kB URL HTTP/2 galleryn10.awemdia.com/ff268cab8d9fbae1ed7506f97496274f1c/cb0ad4b5e4610eadce0c884b58b74316_glamour_896x504.jpg
IP 93.93.51.190:0
ASN #34655 DuoDecad IT Services Luxembourg S.a r.l.
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, progressive, precision 8, 896x504, components 3\012- data
Hash 36cf7405698fdb894664ca9ecc199ec3
126042a7d15cdecf67c8ff35e69fd97b7fbf8d4c
fdc6a4e8726f50254e0f0b65a60cf29e62d624ae309536112208fd7554d54a54
GET /ff268cab8d9fbae1ed7506f97496274f1c/cb0ad4b5e4610eadce0c884b58b74316_glamour_896x504.jpg HTTP/1.1
Host: galleryn10.awemdia.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://pt.wmptctl.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sat, 03 Sep 2022 17:58:21 GMT
content-type: image/jpeg
content-length: 55737
last-modified: Wed, 31 Aug 2022 16:58:12 GMT
etag: "36cf7405698fdb894664ca9ecc199ec3"
access-control-allow-origin: *
x-content-type-options: nosniff
x-cache-source: Origin
x-cache-status: R-HIT
expires: Sat, 17 Sep 2022 17:58:21 GMT
server: unknown
x-cdn-node: sesto
cache-control: max-age=1209600
x-real-source: -
accept-ranges: bytes
X-Firefox-Spdy: h2
m.sancdn.net/common/fontawesome-430/fontawesome-webfont.woff2?v=4.3.0
69.16.175.42200 OK 57 kB URL HTTP/1.1 m.sancdn.net/common/fontawesome-430/fontawesome-webfont.woff2?v=4.3.0
IP 69.16.175.42:0
File type Web Open Font Format (Version 2), TrueType, length 56780, version 4.197\012- data
Hash 97493d3f11c0a3bd5cbd959f5d19b699
1075231650f579955905bb2f6527148a8e2b4b16
aadc3580d2b64ff5a7e6f1425587db4e8b033efcbf8f5c332ca52a5ed580c87c
GET /common/fontawesome-430/fontawesome-webfont.woff2?v=4.3.0 HTTP/1.1
Host: m.sancdn.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://as.sexad.net
Connection: keep-alive
Referer: https://m.sancdn.net/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Date: Sat, 03 Sep 2022 17:58:21 GMT
Connection: Keep-Alive
ETag: "1422564509"
Cache-Control: max-age=86400
Content-Length: 56780
Content-Type: application/octet-stream
Last-Modified: Thu, 29 Jan 2015 20:48:29 GMT
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
X-HW: 1662227901.dop207.sk1.t,1662227901.cds067.sk1.shn,1662227901.cds067.sk1.c
pt-static5.ptlwmstc.com/npe/ba/fklf/script/fk.lf-v885916.js
93.93.51.200200 OK 158 kB URL HTTP/2 pt-static5.ptlwmstc.com/npe/ba/fklf/script/fk.lf-v885916.js
IP 93.93.51.200:0
ASN #34655 DuoDecad IT Services Luxembourg S.a r.l.
Size 158 kB (158443 bytes)
Hash 584946f9400f676126047a4176b95e4b
8f45e29ad7794fb974b19f86751d124c841fae10
7e367c0059aacbc5903972d648dac511b232c4abf07f237845d56e4f9f58f658
GET /npe/ba/fklf/script/fk.lf-v885916.js HTTP/1.1
Host: pt-static5.ptlwmstc.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://pt.wmptctl.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 03 Sep 2022 17:58:20 GMT
content-type: application/javascript
last-modified: Fri, 02 Sep 2022 08:25:32 GMT
vary: Accept-Encoding, Accept-Encoding
etag: W/"6311bdfc-4f73c"
access-control-allow-origin: *
server: unknown
x-cdn-node: sesto
x-cache-status: R-HIT
content-encoding: gzip
X-Firefox-Spdy: h2
ocsp.usertrust.com/
104.18.32.68200 OK 472 B IP 104.18.32.68:0
Hash 0a006568d1ef25c27babb37533a3679a
8abb06ac5d1fdd0e743923b66ce95c1392de3850
11fc862ceb3d916ce645b705744169a2f1298b09a1a6345b0930531315f33590
POST / HTTP/1.1
Host: ocsp.usertrust.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sat, 03 Sep 2022 17:58:21 GMT
Content-Type: application/ocsp-response
Content-Length: 472
Connection: keep-alive
Last-Modified: Thu, 01 Sep 2022 20:56:05 GMT
Expires: Thu, 08 Sep 2022 20:56:04 GMT
Etag: "8abb06ac5d1fdd0e743923b66ce95c1392de3850"
Cache-Control: max-age=602813,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb3
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: HIT
Age: 1507
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 74505f80ae0a0b69-OSL
bcprm.com/promo.php?type=direct_link&v=2&c=401977&amute=1&page=popular_chat
185.75.252.140302 Found 58 kB URL HTTP/2 bcprm.com/promo.php?type=direct_link&v=2&c=401977&amute=1&page=popular_chat
IP 185.75.252.140:0
ASN #48684 Viking Host B.V.
File type MPEG ADTS, layer III, v1, 128 kbps, 44.1 kHz, Monaural\012- data
Hash 4f5f5acc1f52a82663f8b8762df7508d
15197386d884cfc8c6a04b2ca37f4e6325146567
8b2f2a0e8f6c4506f802775ffc24567495279088c55dc16d76da9e32257f58ce
GET /promo.php?type=direct_link&v=2&c=401977&amute=1&page=popular_chat HTTP/1.1
Host: bcprm.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://poweredby.jads.co/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
server: nginx
date: Sat, 03 Sep 2022 17:58:22 GMT
content-type: text/html; charset=UTF-8
access-control-allow-origin:
location: https://bongacams.com/track?c=401977&ps=direct_link&amute=1&csurl=https://bongacams.com/popular-chat
expires: Sat, 03 Sep 2022 17:58:21 GMT
x-bcs: ded7013
strict-transport-security: max-age=0;
cache-control: no-cache, public
x-bc-bl: 103
X-Firefox-Spdy: h2
bongacams.com/track?c=401977&ps=direct_link&amute=1&csurl=https://bongacams.com/popular-chat
195.85.23.88302 Found 138 B URL HTTP/2 bongacams.com/track?c=401977&ps=direct_link&amute=1&csurl=https://bongacams.com/popular-chat
IP 195.85.23.88:0
ASN #209242 Cloudflare London, LLC
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash aff950cab4c0265e21d401db15f1026d
f03e18461817f7a6546c8bf8fa8d686d7e30aca0
753e0dd54f28c4f7009b9c0b18a68aed175416bd8b7d134858264586eaac56f0
GET /track?c=401977&ps=direct_link&amute=1&csurl=https://bongacams.com/popular-chat HTTP/1.1
Host: bongacams.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://poweredby.jads.co/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
date: Sat, 03 Sep 2022 17:58:21 GMT
content-type: text/html
content-length: 138
location: https://trkbng.com/hit.php?c=401977&ps=direct_link&amute=1&csurl=https://bongacams.com/popular-chat
x-bc: ded7848
x-zone: 5a-web44
cf-cache-status: DYNAMIC
set-cookie: __cf_bm=emhqDNvbOPgDi_VLPlFOKjdS20GqNf7lLKbmwNek4AU-1662227901-0-ASYdiwINDT41TKAMOdkCZz8CrAGHz5fhf5rAWun3EUKtVvC7JARO5ZReMn+CIxutqj0PZi4wvTtYraunS0UjYjo=; path=/; expires=Sat, 03-Sep-22 18:28:21 GMT; domain=.bongacams.com; HttpOnly; Secure; SameSite=None
server: cloudflare
cf-ray: 74505f817c891c16-OSL
X-Firefox-Spdy: h2
ocsp.usertrust.com/
104.18.32.68200 OK 471 B IP 104.18.32.68:0
Hash e07b71cb1f5ab34e715c3d0d0e04e5b5
9dd5b7ced9910b83e1df30291d707b5f17dbfaff
cdedeef07a0f603740b548e96947c70b6c7fe2849e32a45a8a68ae6907d0ed5d
POST / HTTP/1.1
Host: ocsp.usertrust.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sat, 03 Sep 2022 17:58:21 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Sat, 03 Sep 2022 15:56:35 GMT
Expires: Sat, 10 Sep 2022 15:56:34 GMT
Etag: "9dd5b7ced9910b83e1df30291d707b5f17dbfaff"
Cache-Control: max-age=603652,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb2
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: HIT
Age: 999
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 74505f823fd80b69-OSL
cbjpeg.stream.highwebmedia.com/stream?room=jenny_taborda&f=0.2690164240657602
131.153.88.90200 OK 271 kB URL HTTP/2 cbjpeg.stream.highwebmedia.com/stream?room=jenny_taborda&f=0.2690164240657602
IP 131.153.88.90:0
ASN #50389 Phoenix Nap, LLC.
Size 271 kB (271373 bytes)
Hash fa85d26a6ccd71be0c4717e9d7e10d32
ca88cd57a019f612117bb167b66284b8e3ee694f
4d92354b7fb11ef491163b1bcaaf128fb6d062a3a3a429df8026b4c9543d7263
GET /stream?room=jenny_taborda&f=0.2690164240657602 HTTP/1.1
Host: cbjpeg.stream.highwebmedia.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://chaturbate.com/
Connection: keep-alive
Cookie: _cfuvid=CmlUE8esRdw2mEe3I3n23N78ElHkbbH8_KNXfqpAoQ0-1662227900031-0-604800000
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Sat, 03 Sep 2022 17:58:21 GMT
content-type: image/jpeg
content-length: 34929
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: default-src 'none'; img-src data:; style-src 'unsafe-inline'
cache-tag: cbjpeg
x-frame-options: DENY
X-Firefox-Spdy: h2
cbjpeg.stream.highwebmedia.com/stream?room=jenny_taborda&f=0.2798269385569453
131.153.88.90200 OK 35 kB URL HTTP/2 cbjpeg.stream.highwebmedia.com/stream?room=jenny_taborda&f=0.2798269385569453
IP 131.153.88.90:0
ASN #50389 Phoenix Nap, LLC.
File type JPEG image data, JFIF standard 1.02, aspect ratio, density 1280x1281, segment length 16, comment: "Lavc58.91.100", baseline, precision 8, 854x480, components 3\012- data
Hash 368143daf57c865b22cc748116cdeac9
fa1da7809ff49aab5d478aae4abb6791a84b1f4a
5f5a3a90e6c48267ab452a194ce1e33d9e583fe805a82a61f058603239d86285
GET /stream?room=jenny_taborda&f=0.2798269385569453 HTTP/1.1
Host: cbjpeg.stream.highwebmedia.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://chaturbate.com/
Connection: keep-alive
Cookie: _cfuvid=CmlUE8esRdw2mEe3I3n23N78ElHkbbH8_KNXfqpAoQ0-1662227900031-0-604800000
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 03 Sep 2022 17:58:21 GMT
content-type: image/jpeg
content-length: 34929
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: default-src 'none'; img-src data:; style-src 'unsafe-inline'
cache-tag: cbjpeg
x-frame-options: DENY
X-Firefox-Spdy: h2
cbjpeg.stream.highwebmedia.com/stream?room=jenny_taborda&f=0.6164524129793856
131.153.88.90200 OK 57 kB URL HTTP/2 cbjpeg.stream.highwebmedia.com/stream?room=jenny_taborda&f=0.6164524129793856
IP 131.153.88.90:0
ASN #50389 Phoenix Nap, LLC.
Hash 19de5e8a9a308b39cedc1cb47528ba7b
328a6cd05f0ce4e14889baaf2c7a23f160a7aab0
7943a29ccb00e192ccfbe91196a99c19660a82e4f698afd0ecb79fab74906d9b
GET /stream?room=jenny_taborda&f=0.6164524129793856 HTTP/1.1
Host: cbjpeg.stream.highwebmedia.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://chaturbate.com/
Connection: keep-alive
Cookie: _cfuvid=CmlUE8esRdw2mEe3I3n23N78ElHkbbH8_KNXfqpAoQ0-1662227900031-0-604800000
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 03 Sep 2022 17:58:22 GMT
content-type: image/jpeg
content-length: 35246
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: default-src 'none'; img-src data:; style-src 'unsafe-inline'
cache-tag: cbjpeg
x-frame-options: DENY
X-Firefox-Spdy: h2
camschat.net/900250/awe900250.php
76.9.16.29200 OK 0 B URL HTTP/2 camschat.net/900250/awe900250.php
IP 76.9.16.29:0
GET /900250/awe900250.php HTTP/1.1
Host: camschat.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://camschat.net/900250/adnium.php
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 03 Sep 2022 17:58:19 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
x-powered-by: PHP/7.4.29
content-encoding: gzip
X-Firefox-Spdy: h2
pt.wmptctl.com/live-feed?c=object_container&site=wl3&cobrandId=240622&psid=cybermike&pstool=302_1&psprogram=cbrnd&campaign_id=118122&forcedPerformers%5B0%5D=&vp%5BshowChat%5D=false&vp%5BchatAutoHide%5D=false&vp%5BshowCallToAction%5D=false&vp%5BshowPerformerName%5D=false&vp%5BshowPerformerStatus%5D=false&filters=&subAffId=%7BSUBAFFID%7D&categoryName=girl&embedTool=1&origin=camschat.net&rrc=3
93.93.51.191200 OK 0 B URL HTTP/2 pt.wmptctl.com/live-feed?c=object_container&site=wl3&cobrandId=240622&psid=cybermike&pstool=302_1&psprogram=cbrnd&campaign_id=118122&forcedPerformers%5B0%5D=&vp%5BshowChat%5D=false&vp%5BchatAutoHide%5D=false&vp%5BshowCallToAction%5D=false&vp%5BshowPerformerName%5D=false&vp%5BshowPerformerStatus%5D=false&filters=&subAffId=%7BSUBAFFID%7D&categoryName=girl&embedTool=1&origin=camschat.net&rrc=3
IP 93.93.51.191:0
ASN #34655 DuoDecad IT Services Luxembourg S.a r.l.
GET /live-feed?c=object_container&site=wl3&cobrandId=240622&psid=cybermike&pstool=302_1&psprogram=cbrnd&campaign_id=118122&forcedPerformers%5B0%5D=&vp%5BshowChat%5D=false&vp%5BchatAutoHide%5D=false&vp%5BshowCallToAction%5D=false&vp%5BshowPerformerName%5D=false&vp%5BshowPerformerStatus%5D=false&filters=&subAffId=%7BSUBAFFID%7D&categoryName=girl&embedTool=1&origin=camschat.net&rrc=3 HTTP/1.1
Host: pt.wmptctl.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://pt.wmptctl.com/live-feed/fk/?c=object_container&site=wl3&cobrandId=240622&psid=cybermike&pstool=202_1&psprogram=cbrnd&campaign_id=118122&forcedPerformers%5B0%5D=&vp%5BshowChat%5D=false&vp%5BchatAutoHide%5D=false&vp%5BshowCallToAction%5D=false&vp%5BshowPerformerName%5D=false&vp%5BshowPerformerStatus%5D=false&filters=&subAffId=%7BSUBAFFID%7D&categoryName=girl&embedTool=1&origin=camschat.net
Cookie: psui=c11170dca089cc3d7eb6d01a7f1a1068
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
cache-control: no-cache
date: Sat, 03 Sep 2022 17:58:21 GMT
server: unknown
set-cookie: psui=c11170dca089cc3d7eb6d01a7f1a1068; Path=/; Expires=Mon, 03-Oct-22 17:58:21 GMT; SameSite=None; Secure
content-encoding: gzip
X-Firefox-Spdy: h2
xfantazy.com/_next/static/chunks/7.38d845e9473548212694.js
104.26.0.188200 OK 0 B URL HTTP/2 xfantazy.com/_next/static/chunks/7.38d845e9473548212694.js
IP 104.26.0.188:0
GET /_next/static/chunks/7.38d845e9473548212694.js HTTP/1.1
Host: xfantazy.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/video/5fc582e7b181c14a07fdad7e
Cookie: visitorId=78ob34gxsz5rp4xq8niyu; experiment-popup-payment-7=0; experiment-save-to-button-2=0
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sat, 03 Sep 2022 17:58:14 GMT
content-type: application/javascript; charset=UTF-8
vary: Origin, Accept-Encoding
cache-control: public, max-age=31536000, immutable
last-modified: Mon, 06 Jun 2022 14:51:13 GMT
etag: W/"97ba-181397f9e55"
cf-cache-status: HIT
age: 7668287
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=cxQlUsI6omO%2F9tTAxLgFc2h%2B72S7iEC6jefqwx7Yjk3Js2La3h%2FfrXrQfjBKiiBJlUVu2w1Uz3Ue9Wq6k6GXaLInRBXrOhzYGVXYj%2F6kXIwT5thz%2Bl0NCTyewvDzNQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 74505f51edd8b524-OSL
content-encoding: br
X-Firefox-Spdy: h2
xfantazy.com/_next/static/oDS-1OtrlAeeVjTgw5hAY/pages/category.js
104.26.0.188200 OK 0 B URL HTTP/2 xfantazy.com/_next/static/oDS-1OtrlAeeVjTgw5hAY/pages/category.js
IP 104.26.0.188:0
GET /_next/static/oDS-1OtrlAeeVjTgw5hAY/pages/category.js HTTP/1.1
Host: xfantazy.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/video/5fc582e7b181c14a07fdad7e
Cookie: visitorId=78ob34gxsz5rp4xq8niyu; experiment-popup-payment-7=0; experiment-save-to-button-2=0; safeMode=0; advancedOptions=0; viewedVideoCounter=0; adScript2Groups=push1-push1%2Cpush2-push2%2Cpop-desk%2CTest-Code%20; k2sAccessToken=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiI1YjM5Y2ZjY2ZjNGUwNzFjNzE4MWQ0ZmQiLCJhdWQiOiJjbGllbnQiLCJ0eXBlIjoiYWNjZXNzVG9rZW4iLCJpc3MiOiJrMnMiLCJjSWQiOiI1YjM5Y2ZjY2ZjNGUwNzFjNzE4MWQ0ZmQiLCJqdGkiOiIxY2UwOGExOTY4OTE3IiwiaWF0IjoxNjYyMjI3ODk1LCJleHAiOjE2NjI4MzI2OTV9.UTINzAj0N3Nse5Mz7oKZzku6CT3UeokVAG-QtTCa40k; k2sRefreshToken=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiI1YjM5Y2ZjY2ZjNGUwNzFjNzE4MWQ0ZmQiLCJhdWQiOiJjbGllbnQiLCJ0eXBlIjoicmVmcmVzaFRva2VuIiwiaXNzIjoiazJzIiwiY0lkIjoiNWIzOWNmY2NmYzRlMDcxYzcxODFkNGZkIiwianRpIjoiOGVlYmIxYjkyY2Y5MiIsImlhdCI6MTY2MjIyNzg5NSwiZXhwIjoxNjY0ODE5ODk1fQ.vrujbak3g8m4yFP-aNsDWhExZw0vILECIV7Jhy3Boco
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sat, 03 Sep 2022 17:58:15 GMT
content-type: application/javascript; charset=UTF-8
vary: Origin, Accept-Encoding
cache-control: public, max-age=31536000, immutable
last-modified: Fri, 05 Aug 2022 08:43:45 GMT
etag: W/"818-1826d2cbfb8"
cf-cache-status: HIT
age: 2538332
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=VnRL98RBHjMwhimgtT3kl3YUjWjNSuPmcf2bGmZ8zlpWQSIsYa1ixNb%2F%2FWuUQ%2BWmod%2BTE9Ko6%2Fte66cvxa4xImxn7eRR1qn1lhx%2BAogdDBUWYEYW%2BVClTrSQihXT%2Fg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 74505f598ff2b524-OSL
content-encoding: br
X-Firefox-Spdy: h2
a.focusde.info/api/spots/391867?host=xfantazy.com&ev=196&wh=939&ww=1280
135.181.208.216200 OK 0 B URL HTTP/2 a.focusde.info/api/spots/391867?host=xfantazy.com&ev=196&wh=939&ww=1280
IP 135.181.208.216:0
ASN #24940 Hetzner Online GmbH
GET /api/spots/391867?host=xfantazy.com&ev=196&wh=939&ww=1280 HTTP/1.1
Host: a.focusde.info
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Cookie: nauid=qs7lgpgvDBTpKIgYPNRB
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 03 Sep 2022 17:58:17 GMT
content-type: text/javascript; charset=utf-8
vary: Accept-Encoding
cache-control: private
content-encoding: gzip
X-Firefox-Spdy: h2
xfantazy.com/cdn-cgi/challenge-platform/h/g/scripts/alpha/invisible.js?ts=1662220800
104.26.0.188200 OK 0 B URL HTTP/2 xfantazy.com/cdn-cgi/challenge-platform/h/g/scripts/alpha/invisible.js?ts=1662220800
IP 104.26.0.188:0
GET /cdn-cgi/challenge-platform/h/g/scripts/alpha/invisible.js?ts=1662220800 HTTP/1.1
Host: xfantazy.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Cookie: visitorId=78ob34gxsz5rp4xq8niyu; experiment-popup-payment-7=0; experiment-save-to-button-2=0
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sat, 03 Sep 2022 17:58:14 GMT
content-type: application/javascript; charset=UTF-8
vary: accept-encoding
x-control-type-options: nosniff
cache-control: max-age=14400, public
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=wt2vD7XN98gub54RlTGvO%2Bd%2BFZdtv1fmE74A2%2B1mhxVx42RtDHgI5Pseauo2hJiucD5mWVh%2FE9y8jmE44UUZrrioscvnqZZaxMvS%2FNzTzzBVWcoQ9LgGsCSP2wqwTQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 74505f547988b524-OSL
content-encoding: br
X-Firefox-Spdy: h2
xfantazy.com/_next/static/chunks/59.edff5ae0d8d83054b552.js
104.26.0.188200 OK 0 B URL HTTP/2 xfantazy.com/_next/static/chunks/59.edff5ae0d8d83054b552.js
IP 104.26.0.188:0
GET /_next/static/chunks/59.edff5ae0d8d83054b552.js HTTP/1.1
Host: xfantazy.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/video/5fc582e7b181c14a07fdad7e
Cookie: visitorId=78ob34gxsz5rp4xq8niyu; experiment-popup-payment-7=0; experiment-save-to-button-2=0
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sat, 03 Sep 2022 17:58:14 GMT
content-type: application/javascript; charset=UTF-8
vary: Origin, Accept-Encoding
cache-control: public, max-age=31536000, immutable
last-modified: Fri, 11 Jun 2021 14:20:14 GMT
etag: W/"c8b-179fb71df0d"
cf-cache-status: HIT
age: 28684962
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=twzLNh9y3XT3l8QHz6L%2BkzKFhVipRzbyQLGNgzf9BPFY85gEQ62XHy%2F5acM8pEMzVn2zarhxrsf3VDH7HJW9Rhvmg%2FW6UWJyXP2oy4L5xfKJ2V2s9PvX7wdawSg%2BZg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 74505f51eddcb524-OSL
content-encoding: br
X-Firefox-Spdy: h2
rtbbnr.com/get/?go=1&data=eyJpbXAiOlt7InNlY3VyZSI6MSwiZXh0Ijp7InNwb3QiOjQ1MTEsImlkIjo4NTksImxhYmVscyI6IiIsInNpdGVfaWQiOjQ1MTEsInR5cGUiOiJiYW5uZXIiLCJzcGFjZWlkIjo4NTksInNwb3RfaWQiOjAsImlkem9uZSI6MzgzMDgxOSwiem9uZSI6InRjX3BhYl8zMDB4MjUwIiwiYWRfdGFncyI6IiIsInRpdGxlIjoiIiwic3ViaWQiOiIyMDQ1MjMwNTM3IiwidXRtMSI6InRjYmFuX2kiLCJ1dG0yIjoiNDUxMSIsInV0bTMiOiIxOTc3NSIsInV0bTQiOiIifSwiYmFubmVyIjp7InciOjMwMCwiaCI6MjUwfX1dLCJzaXRlIjp7ImlkIjoiNDUxMSIsInBhZ2UiOiJodHRwczovL2EuZm9jdXNkZS5pbmZvLyJ9LCJkZXZpY2UiOnsidyI6MTI4MCwiaCI6MTAyNH0sInVzZXIiOnsiaWQiOiI5YWI1YmE5ZGU4NWQxODgwMzE2NmY1MjRhNDg5YmJmZiJ9LCJleHQiOnsiZHQiOjE2NjIyMjc4OTU5NTZ9fQ==
162.55.139.130200 OK 0 B URL HTTP/2 rtbbnr.com/get/?go=1&data=eyJpbXAiOlt7InNlY3VyZSI6MSwiZXh0Ijp7InNwb3QiOjQ1MTEsImlkIjo4NTksImxhYmVscyI6IiIsInNpdGVfaWQiOjQ1MTEsInR5cGUiOiJiYW5uZXIiLCJzcGFjZWlkIjo4NTksInNwb3RfaWQiOjAsImlkem9uZSI6MzgzMDgxOSwiem9uZSI6InRjX3BhYl8zMDB4MjUwIiwiYWRfdGFncyI6IiIsInRpdGxlIjoiIiwic3ViaWQiOiIyMDQ1MjMwNTM3IiwidXRtMSI6InRjYmFuX2kiLCJ1dG0yIjoiNDUxMSIsInV0bTMiOiIxOTc3NSIsInV0bTQiOiIifSwiYmFubmVyIjp7InciOjMwMCwiaCI6MjUwfX1dLCJzaXRlIjp7ImlkIjoiNDUxMSIsInBhZ2UiOiJodHRwczovL2EuZm9jdXNkZS5pbmZvLyJ9LCJkZXZpY2UiOnsidyI6MTI4MCwiaCI6MTAyNH0sInVzZXIiOnsiaWQiOiI5YWI1YmE5ZGU4NWQxODgwMzE2NmY1MjRhNDg5YmJmZiJ9LCJleHQiOnsiZHQiOjE2NjIyMjc4OTU5NTZ9fQ==
IP 162.55.139.130:0
ASN #24940 Hetzner Online GmbH
GET /get/?go=1&data=eyJpbXAiOlt7InNlY3VyZSI6MSwiZXh0Ijp7InNwb3QiOjQ1MTEsImlkIjo4NTksImxhYmVscyI6IiIsInNpdGVfaWQiOjQ1MTEsInR5cGUiOiJiYW5uZXIiLCJzcGFjZWlkIjo4NTksInNwb3RfaWQiOjAsImlkem9uZSI6MzgzMDgxOSwiem9uZSI6InRjX3BhYl8zMDB4MjUwIiwiYWRfdGFncyI6IiIsInRpdGxlIjoiIiwic3ViaWQiOiIyMDQ1MjMwNTM3IiwidXRtMSI6InRjYmFuX2kiLCJ1dG0yIjoiNDUxMSIsInV0bTMiOiIxOTc3NSIsInV0bTQiOiIifSwiYmFubmVyIjp7InciOjMwMCwiaCI6MjUwfX1dLCJzaXRlIjp7ImlkIjoiNDUxMSIsInBhZ2UiOiJodHRwczovL2EuZm9jdXNkZS5pbmZvLyJ9LCJkZXZpY2UiOnsidyI6MTI4MCwiaCI6MTAyNH0sInVzZXIiOnsiaWQiOiI5YWI1YmE5ZGU4NWQxODgwMzE2NmY1MjRhNDg5YmJmZiJ9LCJleHQiOnsiZHQiOjE2NjIyMjc4OTU5NTZ9fQ== HTTP/1.1
Host: rtbbnr.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://cdn.tubecorp.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx/1.16.0
date: Sat, 03 Sep 2022 17:58:18 GMT
content-type: text/html
vary: Origin
cache-control: no-transform, no-cache, no-store, must-revalidate
pragma: no-cache
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: *
content-encoding: gzip
X-Firefox-Spdy: h2
xfantazy.com/static/logo-tv-light.svg
104.26.0.188200 OK 0 B URL HTTP/2 xfantazy.com/static/logo-tv-light.svg
IP 104.26.0.188:0
GET /static/logo-tv-light.svg HTTP/1.1
Host: xfantazy.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/video/5fc582e7b181c14a07fdad7e
Cookie: visitorId=78ob34gxsz5rp4xq8niyu; experiment-popup-payment-7=0; experiment-save-to-button-2=0
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sat, 03 Sep 2022 17:58:14 GMT
content-type: image/svg+xml
vary: Origin, Accept-Encoding
cache-control: public, max-age=14400
last-modified: Fri, 05 Aug 2022 08:39:17 GMT
etag: W/"101b-1826d28a7bb"
cf-cache-status: EXPIRED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=090Hev7UoGD63sLhlbVfbF611uKVIIlS93yayO32%2BlZX%2Bq6ORsY4dLR0mYnUalvfL78iLL64dQK9J3Mm6eChNAqKTMCnp3gTCJTtJAjXSzno8cHlPCQqCfIUF3KeIA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 74505f520dfcb524-OSL
content-encoding: br
X-Firefox-Spdy: h2
fonts.googleapis.com/css?family=Roboto:100,300,400,500,700&display=swap
142.250.74.10200 OK 0 B URL HTTP/2 fonts.googleapis.com/css?family=Roboto:100,300,400,500,700&display=swap
IP 142.250.74.10:0
GET /css?family=Roboto:100,300,400,500,700&display=swap HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Sat, 03 Sep 2022 17:58:14 GMT
date: Sat, 03 Sep 2022 17:58:14 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
xfantazy.com/_next/static/chunks/16.2fcecc4fbe403da70f1d.js
104.26.0.188200 OK 0 B URL HTTP/2 xfantazy.com/_next/static/chunks/16.2fcecc4fbe403da70f1d.js
IP 104.26.0.188:0
GET /_next/static/chunks/16.2fcecc4fbe403da70f1d.js HTTP/1.1
Host: xfantazy.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/video/5fc582e7b181c14a07fdad7e
Cookie: visitorId=78ob34gxsz5rp4xq8niyu; experiment-popup-payment-7=0; experiment-save-to-button-2=0
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sat, 03 Sep 2022 17:58:14 GMT
content-type: application/javascript; charset=UTF-8
vary: Origin, Accept-Encoding
cache-control: public, max-age=31536000, immutable
last-modified: Fri, 11 Jun 2021 14:18:49 GMT
etag: W/"4f4a-179fb7093d6"
cf-cache-status: HIT
age: 28684962
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=FEs%2Fn22JPO85DhfmjIKI5dvow2aVyfIXoRaAVh%2Bez4Ut0XbiBnnTK84c8cXHzMY0vw7GvTc%2F64uIh4EHuEjq576VtBTRnZmRDfscgfQq0b%2BZ25iiky%2B0y0J1K1hENg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 74505f51eddbb524-OSL
content-encoding: br
X-Firefox-Spdy: h2
tsyndicate.com/iframes2/81050e2dae874825b1263242bcb82944.html?
136.243.46.131200 OK 0 B URL HTTP/2 tsyndicate.com/iframes2/81050e2dae874825b1263242bcb82944.html?
IP 136.243.46.131:0
ASN #24940 Hetzner Online GmbH
GET /iframes2/81050e2dae874825b1263242bcb82944.html? HTTP/1.1
Host: tsyndicate.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://media.aso1.net/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 03 Sep 2022 17:58:18 GMT
content-type: text/html; charset=utf-8
pragma: no-cache
expires: 0
vary: Accept-Encoding, *
x-api-version: 2
link: <https://lcdn.tsyndicate.com/sdk/v1/b.b.js>; rel=preload; as=script
x-request-id: 23545073df6b8c28
set-cookie: ts_uid=83ae6d5c-bba7-42a1-afbc-39462126dfe4; expires=Fri, 03 Mar 2023 17:58:18 GMT; domain=.tsyndicate.com; path=/; HttpOnly; secure; SameSite=None
bfq=APeIECNCxxYZN2zQsDFjRhcWIsYU3BLjoYgyE2PYsCFjRgwaMnLg6NJH; expires=Sun, 04 Sep 2022 17:58:18 GMT; domain=.tsyndicate.com; path=/; secure; SameSite=None
cache-control: no-cache, no-store, no-transform, must-revalidate, no-transform
x-robots-tag: none, noindex, nofollow
report-to: { "url": "https://pxl.tsyndicate.com/api/v1/heavy-ad/report", "max_age": 86401 }
content-encoding: gzip
X-Firefox-Spdy: h2
tsyndicate.com/do2/WF8qxoGQpTQRg0uYg8RBqicfsIjfiOk4/master?w=1280&h=1024&tz=0&count=5
136.243.46.131200 OK 0 B URL HTTP/2 tsyndicate.com/do2/WF8qxoGQpTQRg0uYg8RBqicfsIjfiOk4/master?w=1280&h=1024&tz=0&count=5
IP 136.243.46.131:0
ASN #24940 Hetzner Online GmbH
GET /do2/WF8qxoGQpTQRg0uYg8RBqicfsIjfiOk4/master?w=1280&h=1024&tz=0&count=5 HTTP/1.1
Host: tsyndicate.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://a.focusde.info
Connection: keep-alive
Referer: https://a.focusde.info/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Sat, 03 Sep 2022 17:58:18 GMT
content-type: application/json; charset=utf-8
access-control-allow-origin: https://a.focusde.info
access-control-allow-methods: POST, GET, HEAD
access-control-allow-headers: Accept, X-Requested-With, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, X-Legacy
access-control-allow-credentials: true
pragma: no-cache
expires: 0
vary: Accept-Encoding, *
x-api-version: 2
x-request-id: 3e87e2ad2720e5fe
set-cookie: ts_uid=97ba94ef-5402-428c-8e7a-17f3dde0586f; expires=Fri, 03 Mar 2023 17:58:18 GMT; domain=.tsyndicate.com; path=/; HttpOnly; secure; SameSite=None
cache-control: no-cache, no-store, no-transform, must-revalidate, no-transform
x-robots-tag: none, noindex, nofollow
report-to: { "url": "https://pxl.tsyndicate.com/api/v1/heavy-ad/report", "max_age": 86401 }
content-encoding: gzip
X-Firefox-Spdy: h2
camschat.net/900250/adnium.php
76.9.16.29200 OK 0 B URL HTTP/2 camschat.net/900250/adnium.php
IP 76.9.16.29:0
GET /900250/adnium.php HTTP/1.1
Host: camschat.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://b.bestcontentfood.top/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Sat, 03 Sep 2022 17:58:19 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
x-powered-by: PHP/7.4.29
content-encoding: gzip
X-Firefox-Spdy: h2
12112336.pix-cdn.org/m/p/0/11/11508/yPndOg0m.html?__OS_FAMILY__={{%20__OS_FAMILY__%20}}&__OS_TYPE__={{%20__OS_TYPE__%20}}&__GEOIP_COUNTRY_SHORT__={{%20__GEOIP_COUNTRY_SHORT__%20}}&__IP2L_MOBILE__={{%20__IP2L_MOBILE__%20}}&__BROWSER_FAMILY__={{%20__BROWSER_FAMILY__%20}}&OS_FAMILY=[OS_FAMILY]&OS_TYPE=[OS_TYPE]&COUNTRY_ISO_CODE=[COUNTRY_ISO_CODE]&MOBILE_BRAND=[MOBILE_BRAND]&BROWSER_FAMILY=[BROWSER_FAMILY]&DOMAIN=a.focusde.info&PRICE=0.0050&PRICING_MODEL=[PRICING_MODEL]&CAMPAIGN_ID=6435&CLICK_ID=03978282-6e28-4e66-aee3-d75ddfc387f1&id_zone=[idzone]&site={{%20site%20}}&out_name=37319%7C4317%7Ccpm%7C0.0048%7C%24%200.0050&campaign_id=37319&price=0.0050&bidding_price=0.0048&pricebox_price=0.0200&pricing_model=cpm&click_id=03978282-6e28-4e66-aee3-d75ddfc387f1&priority=[PRIORITY]&ad_sub=173501021&utm1=tcb&utm2=878669509-100&utm3=249-6435-14933&utm4=0-10346131-0
45.133.44.24200 OK 0 B URL HTTP/2 12112336.pix-cdn.org/m/p/0/11/11508/yPndOg0m.html?__OS_FAMILY__={{%20__OS_FAMILY__%20}}&__OS_TYPE__={{%20__OS_TYPE__%20}}&__GEOIP_COUNTRY_SHORT__={{%20__GEOIP_COUNTRY_SHORT__%20}}&__IP2L_MOBILE__={{%20__IP2L_MOBILE__%20}}&__BROWSER_FAMILY__={{%20__BROWSER_FAMILY__%20}}&OS_FAMILY=[OS_FAMILY]&OS_TYPE=[OS_TYPE]&COUNTRY_ISO_CODE=[COUNTRY_ISO_CODE]&MOBILE_BRAND=[MOBILE_BRAND]&BROWSER_FAMILY=[BROWSER_FAMILY]&DOMAIN=a.focusde.info&PRICE=0.0050&PRICING_MODEL=[PRICING_MODEL]&CAMPAIGN_ID=6435&CLICK_ID=03978282-6e28-4e66-aee3-d75ddfc387f1&id_zone=[idzone]&site={{%20site%20}}&out_name=37319%7C4317%7Ccpm%7C0.0048%7C%24%200.0050&campaign_id=37319&price=0.0050&bidding_price=0.0048&pricebox_price=0.0200&pricing_model=cpm&click_id=03978282-6e28-4e66-aee3-d75ddfc387f1&priority=[PRIORITY]&ad_sub=173501021&utm1=tcb&utm2=878669509-100&utm3=249-6435-14933&utm4=0-10346131-0
IP 45.133.44.24:0
ASN #39572 DataWeb Global Group B.V.
GET /m/p/0/11/11508/yPndOg0m.html?__OS_FAMILY__={{%20__OS_FAMILY__%20}}&__OS_TYPE__={{%20__OS_TYPE__%20}}&__GEOIP_COUNTRY_SHORT__={{%20__GEOIP_COUNTRY_SHORT__%20}}&__IP2L_MOBILE__={{%20__IP2L_MOBILE__%20}}&__BROWSER_FAMILY__={{%20__BROWSER_FAMILY__%20}}&OS_FAMILY=[OS_FAMILY]&OS_TYPE=[OS_TYPE]&COUNTRY_ISO_CODE=[COUNTRY_ISO_CODE]&MOBILE_BRAND=[MOBILE_BRAND]&BROWSER_FAMILY=[BROWSER_FAMILY]&DOMAIN=a.focusde.info&PRICE=0.0050&PRICING_MODEL=[PRICING_MODEL]&CAMPAIGN_ID=6435&CLICK_ID=03978282-6e28-4e66-aee3-d75ddfc387f1&id_zone=[idzone]&site={{%20site%20}}&out_name=37319%7C4317%7Ccpm%7C0.0048%7C%24%200.0050&campaign_id=37319&price=0.0050&bidding_price=0.0048&pricebox_price=0.0200&pricing_model=cpm&click_id=03978282-6e28-4e66-aee3-d75ddfc387f1&priority=[PRIORITY]&ad_sub=173501021&utm1=tcb&utm2=878669509-100&utm3=249-6435-14933&utm4=0-10346131-0 HTTP/1.1
Host: 12112336.pix-cdn.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://rtbbnr.com/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 03 Sep 2022 17:58:19 GMT
content-type: text/html; charset=utf-8
server: nginx/1.12.2
last-modified: Wed, 02 Sep 2020 10:48:37 GMT
etag: W/"5f4f7885-7e9"
content-encoding: gzip
cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
expires: 0
x-proxy-cache: MISS
X-Firefox-Spdy: h2
trkbng.com/hit.php?c=401977&ps=direct_link&amute=1&csurl=https://bongacams.com/popular-chat
31.192.112.221302 Found 0 B URL HTTP/2 trkbng.com/hit.php?c=401977&ps=direct_link&amute=1&csurl=https://bongacams.com/popular-chat
IP 31.192.112.221:0
ASN #48684 Viking Host B.V.
GET /hit.php?c=401977&ps=direct_link&amute=1&csurl=https://bongacams.com/popular-chat HTTP/1.1
Host: trkbng.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://poweredby.jads.co/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
server: nginx
date: Sat, 03 Sep 2022 17:58:23 GMT
content-type: text/html; charset=UTF-8
access-control-allow-origin: *
set-cookie: BCH_H=2ffe6b2c6f3c2f86ca32363bef7521a8%7C2022-09-03; expires=Sun, 21-Aug-2072 17:58:23 GMT; Max-Age=1576800000; path=/; domain=.promo-bc.com
BCH_H=2ffe6b2c6f3c2f86ca32363bef7521a8%7C2022-09-03; expires=Sun, 21-Aug-2072 17:58:23 GMT; Max-Age=1576800000; path=/; domain=.bongacams.com
BCH_H=2ffe6b2c6f3c2f86ca32363bef7521a8%7C2022-09-03; expires=Sun, 21-Aug-2072 17:58:23 GMT; Max-Age=1576800000; path=/; domain=.bongocams.biz
BCH_H=2ffe6b2c6f3c2f86ca32363bef7521a8%7C2022-09-03; expires=Sun, 21-Aug-2072 17:58:23 GMT; Max-Age=1576800000; path=/; domain=.bongacams.org
BCH_H=2ffe6b2c6f3c2f86ca32363bef7521a8%7C2022-09-03; expires=Sun, 21-Aug-2072 17:58:23 GMT; Max-Age=1576800000; path=/; domain=.bongacams10.com
BCH_H=2ffe6b2c6f3c2f86ca32363bef7521a8%7C2022-09-03; expires=Sun, 21-Aug-2072 17:58:23 GMT; Max-Age=1576800000; path=/; domain=.bcmspt.com
BCH_H=2ffe6b2c6f3c2f86ca32363bef7521a8%7C2022-09-03; expires=Sun, 21-Aug-2072 17:58:23 GMT; Max-Age=1576800000; path=/; domain=.bngwlt.com
BCH_H=2ffe6b2c6f3c2f86ca32363bef7521a8%7C2022-09-03; expires=Sun, 21-Aug-2072 17:58:23 GMT; Max-Age=1576800000; path=/; domain=.bngpt.com
BCH_H=2ffe6b2c6f3c2f86ca32363bef7521a8%7C2022-09-03; expires=Sun, 21-Aug-2072 17:58:23 GMT; Max-Age=1576800000; path=/; domain=.bngpst.com
BCH_H=2ffe6b2c6f3c2f86ca32363bef7521a8%7C2022-09-03; expires=Sun, 21-Aug-2072 17:58:23 GMT; Max-Age=1576800000; path=/; domain=.bngprl.com
BCH_H=2ffe6b2c6f3c2f86ca32363bef7521a8%7C2022-09-03; expires=Sun, 21-Aug-2072 17:58:23 GMT; Max-Age=1576800000; path=/; domain=.bngpop.com
BCH_H=2ffe6b2c6f3c2f86ca32363bef7521a8%7C2022-09-03; expires=Sun, 21-Aug-2072 17:58:23 GMT; Max-Age=1576800000; path=/; domain=.bngosv.com
BCH_H=2ffe6b2c6f3c2f86ca32363bef7521a8%7C2022-09-03; expires=Sun, 21-Aug-2072 17:58:23 GMT; Max-Age=1576800000; path=/; domain=.bngvs.com
BCH_H=2ffe6b2c6f3c2f86ca32363bef7521a8%7C2022-09-03; expires=Sun, 21-Aug-2072 17:58:23 GMT; Max-Age=1576800000; path=/; domain=.bngdyn.com
BCH_H=2ffe6b2c6f3c2f86ca32363bef7521a8%7C2022-09-03; expires=Sun, 21-Aug-2072 17:58:23 GMT; Max-Age=1576800000; path=/; domain=.dynspt.com
BCH_H=2ffe6b2c6f3c2f86ca32363bef7521a8%7C2022-09-03; expires=Sun, 21-Aug-2072 17:58:23 GMT; Max-Age=1576800000; path=/; domain=.ecdyn.com
BCH_H=2ffe6b2c6f3c2f86ca32363bef7521a8%7C2022-09-03; expires=Sun, 21-Aug-2072 17:58:23 GMT; Max-Age=1576800000; path=/; domain=.trkbc.com
BCH_H=2ffe6b2c6f3c2f86ca32363bef7521a8%7C2022-09-03; expires=Sun, 21-Aug-2072 17:58:23 GMT; Max-Age=1576800000; path=/; domain=.trkbng.com
BCH_H=2ffe6b2c6f3c2f86ca32363bef7521a8%7C2022-09-03; expires=Sun, 21-Aug-2072 17:58:23 GMT; Max-Age=1576800000; path=/; domain=.bcprm.com
location: https://bongacams.com/popular-chat?bcs=aXNiZTJmZmU2YjJjNmYzYzJmODZjYTMyMzYzYmVmNzUyMWE4OjoxODk0MjA6Omh0dHBzOi8vcG93ZXJlZGJ5LmphZHMuY28vOjo6Ojo6NDAxOTc3OjowOjowOjowOjpkaXJlY3RfbGluazo6MDo6ZGVmYXVsdDo6MA~~&amute=1
expires: Sat, 03 Sep 2022 17:58:22 GMT
x-bcs: ded7013
strict-transport-security: max-age=0;
cache-control: no-cache, public
X-Firefox-Spdy: h2
xfantazy.com/_next/static/chunks/9.be198c87e436634bf765.js
104.26.0.188200 OK 0 B URL HTTP/2 xfantazy.com/_next/static/chunks/9.be198c87e436634bf765.js
IP 104.26.0.188:0
GET /_next/static/chunks/9.be198c87e436634bf765.js HTTP/1.1
Host: xfantazy.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/video/5fc582e7b181c14a07fdad7e
Cookie: visitorId=78ob34gxsz5rp4xq8niyu; experiment-popup-payment-7=0; experiment-save-to-button-2=0
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sat, 03 Sep 2022 17:58:14 GMT
content-type: application/javascript; charset=UTF-8
vary: Origin, Accept-Encoding
cache-control: public, max-age=31536000, immutable
last-modified: Mon, 06 Jun 2022 14:51:13 GMT
etag: W/"9c95-181397f9e55"
cf-cache-status: HIT
age: 7668653
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=egKR7B%2FbKM1%2F3CVuXcY3RnkLm1Vl1L4t8BxD8ARMPjrWYryZTs%2FgWAJXsMH5%2FzTaosl7sCunVoL4Iviw5zMsvtZG7qQhBfO1Wgyo8xnXEeynTSJ4E4JsJeCKR0ReNw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 74505f51edd9b524-OSL
content-encoding: br
X-Firefox-Spdy: h2
xfantazy.com/assets/fdm/red.jpg
104.26.0.188200 OK 0 B URL HTTP/2 xfantazy.com/assets/fdm/red.jpg
IP 104.26.0.188:0
GET /assets/fdm/red.jpg HTTP/1.1
Host: xfantazy.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/video/5fc582e7b181c14a07fdad7e
Cookie: visitorId=78ob34gxsz5rp4xq8niyu; experiment-popup-payment-7=0; experiment-save-to-button-2=0; safeMode=0; advancedOptions=0; viewedVideoCounter=0; adScript2Groups=push1-push1%2Cpush2-push2%2Cpop-desk%2CTest-Code%20; k2sAccessToken=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiI1YjM5Y2ZjY2ZjNGUwNzFjNzE4MWQ0ZmQiLCJhdWQiOiJjbGllbnQiLCJ0eXBlIjoiYWNjZXNzVG9rZW4iLCJpc3MiOiJrMnMiLCJjSWQiOiI1YjM5Y2ZjY2ZjNGUwNzFjNzE4MWQ0ZmQiLCJqdGkiOiIxY2UwOGExOTY4OTE3IiwiaWF0IjoxNjYyMjI3ODk1LCJleHAiOjE2NjI4MzI2OTV9.UTINzAj0N3Nse5Mz7oKZzku6CT3UeokVAG-QtTCa40k; k2sRefreshToken=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiI1YjM5Y2ZjY2ZjNGUwNzFjNzE4MWQ0ZmQiLCJhdWQiOiJjbGllbnQiLCJ0eXBlIjoicmVmcmVzaFRva2VuIiwiaXNzIjoiazJzIiwiY0lkIjoiNWIzOWNmY2NmYzRlMDcxYzcxODFkNGZkIiwianRpIjoiOGVlYmIxYjkyY2Y5MiIsImlhdCI6MTY2MjIyNzg5NSwiZXhwIjoxNjY0ODE5ODk1fQ.vrujbak3g8m4yFP-aNsDWhExZw0vILECIV7Jhy3Boco; _ga=GA1.2.1703567308.1662227893; _gid=GA1.2.964111207.1662227893; _dc_gtm_UA-121614197-2=1; _ym_uid=1662227893623708635; _ym_d=1662227893; visitorGetPop=no; _ym_isad=2; sb_page_a2f990f10476061c719d1c1aa3a2ecd2=1; sb_onpage_a2f990f10476061c719d1c1aa3a2ecd2=1; sb_main_a2f990f10476061c719d1c1aa3a2ecd2=1; sb_count_a2f990f10476061c719d1c1aa3a2ecd2=1; _ym_visorc=b; dom3ic8zudi28v8lr6fgphwffqoz0j6c=39ac5163-3130-4767-87ec-8fbb1b1d5db7%3A1%3A1; ppu_idelay_4d0afc2425eea6b0cd5a468c9f8a69ed=1; pbpr0tpuw4isk85t8yg3jb2lj5vqf=unwillingsnick.com
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sat, 03 Sep 2022 17:58:17 GMT
content-type: image/jpeg
cf-bgj: h2pri
vary: Origin, Accept-Encoding
cache-control: max-age=14400
cf-cache-status: HIT
age: 1574
last-modified: Sat, 03 Sep 2022 17:32:03 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=3YrMRKpV3oYcoFMjSmzAYz9cEj%2BXaZYSyzGBIR8b4HhU1hPaG%2F7wzbWTHGQeQDFob08qDUMI2xADK%2BVENh2SpLEEZ3txZiImwuUr8cQ7b4tgTYrlKTp%2B%2BommCHNEzA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 74505f67cd66b524-OSL
X-Firefox-Spdy: h2
a.focusde.info/api/spots/303894?p=1&s1=%subid1%&kw=
135.181.208.216200 OK 0 B URL HTTP/2 a.focusde.info/api/spots/303894?p=1&s1=%subid1%&kw=
IP 135.181.208.216:0
ASN #24940 Hetzner Online GmbH
GET /api/spots/303894?p=1&s1=%subid1%&kw= HTTP/1.1
Host: a.focusde.info
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Cookie: nauid=qs7lgpgvDBTpKIgYPNRB
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 03 Sep 2022 17:58:17 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
cache-control: private
content-encoding: gzip
X-Firefox-Spdy: h2
pt-static2.ptlwmstc.com/npe/ba/elf/css/elf-v885916.css
93.93.51.200200 OK 0 B URL HTTP/2 pt-static2.ptlwmstc.com/npe/ba/elf/css/elf-v885916.css
IP 93.93.51.200:0
ASN #34655 DuoDecad IT Services Luxembourg S.a r.l.
GET /npe/ba/elf/css/elf-v885916.css HTTP/1.1
Host: pt-static2.ptlwmstc.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://pt.wmptctl.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sat, 03 Sep 2022 17:58:22 GMT
content-type: text/css
last-modified: Fri, 02 Sep 2022 08:25:32 GMT
vary: Accept-Encoding, Accept-Encoding
etag: W/"6311bdfc-2e86"
access-control-allow-origin: *
server: unknown
x-cdn-node: sesto
x-cache-status: R-HIT
content-encoding: gzip
X-Firefox-Spdy: h2
tsyndicate.com/do2/b5346988f58b4a3986d63c85fcf561b2/vast?w=1280&h=1024&keywords=ifr&tz=0
136.243.46.131200 OK 0 B URL HTTP/2 tsyndicate.com/do2/b5346988f58b4a3986d63c85fcf561b2/vast?w=1280&h=1024&keywords=ifr&tz=0
IP 136.243.46.131:0
ASN #24940 Hetzner Online GmbH
GET /do2/b5346988f58b4a3986d63c85fcf561b2/vast?w=1280&h=1024&keywords=ifr&tz=0 HTTP/1.1
Host: tsyndicate.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://media.aso1.net
Connection: keep-alive
Referer: https://media.aso1.net/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Sat, 03 Sep 2022 17:58:19 GMT
content-type: application/xml; charset=utf-8
access-control-allow-origin: https://media.aso1.net
access-control-allow-methods: POST, GET, HEAD
access-control-allow-headers: Accept, X-Requested-With, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, X-Legacy
access-control-allow-credentials: true
pragma: no-cache
expires: 0
vary: Accept-Encoding, *
x-api-version: 2
x-vast: 3.0
x-request-id: ca5eed7e18412252
set-cookie: ts_uid=af3f542b-a19f-4605-bf2d-322621ba1088; expires=Fri, 03 Mar 2023 17:58:19 GMT; domain=.tsyndicate.com; path=/; HttpOnly; secure; SameSite=None
cache-control: no-cache, no-store, no-transform, must-revalidate, no-transform
x-robots-tag: none, noindex, nofollow
report-to: { "url": "https://pxl.tsyndicate.com/api/v1/heavy-ad/report", "max_age": 86401 }
content-encoding: gzip
X-Firefox-Spdy: h2
freychang.fun/asd100.bin
104.21.45.207200 OK 0 B IP 104.21.45.207:0
Analyzer Verdict Alert quad9 Sinkholed
GET /asd100.bin HTTP/1.1
Host: freychang.fun
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://xfantazy.com/
Origin: https://xfantazy.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sat, 03 Sep 2022 17:58:16 GMT
content-type: binary/octet-stream
access-control-allow-origin: https://xfantazy.com
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-headers: X-Requested-With, content-type
cache-control: max-age=14400
cf-cache-status: HIT
age: 1946
last-modified: Sat, 03 Sep 2022 17:25:50 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=0df2yTPUTHxidPOSiS9%2BVYIVD3fIRjvd8qWYUkqtYDJWzlF4%2BjqKIBL4YuAnWdw2hwN%2FyQ7rptISakm6kyTYhylcCiKJj6wljUzARcq0mULrgod5La1w9Be%2FeG%2BntzIM"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 74505f5fda18b4e8-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
addresseepaper.com/sfp.js
104.21.235.2200 OK 0 B URL HTTP/2 addresseepaper.com/sfp.js
IP 104.21.235.2:0
Analyzer Verdict Alert quad9 Sinkholed
GET /sfp.js HTTP/1.1
Host: addresseepaper.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 03 Sep 2022 17:58:16 GMT
content-type: application/javascript; charset=utf-8
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
access-control-allow-origin: *
expires: Thu, 01 Jan 1970 00:00:01 GMT
cache-control: max-age=14400
x-request-id: 115d833f3f73460340cb042507dc64cb
strict-transport-security: max-age=0; includeSubdomains
cf-cache-status: EXPIRED
last-modified: Sat, 03 Sep 2022 17:58:16 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=LAkLwI%2BbG%2BUaDWC63fBz0%2F0MgWbNtkdeyRbAibo%2FJRrV%2F0I8SPiWjEWPhKA1puz8ZnK1bTo%2BziZDXWQPz1mlY1F1petF6tCTnSqh6Wl4rgzwJYrigKjkMVtnhfVoiTBDDihYU74%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 74505f62bc3a7333-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
xfantazy.com/_next/static/oDS-1OtrlAeeVjTgw5hAY/pages/_app.js
104.26.0.188200 OK 0 B URL HTTP/2 xfantazy.com/_next/static/oDS-1OtrlAeeVjTgw5hAY/pages/_app.js
IP 104.26.0.188:0
GET /_next/static/oDS-1OtrlAeeVjTgw5hAY/pages/_app.js HTTP/1.1
Host: xfantazy.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/video/5fc582e7b181c14a07fdad7e
Cookie: visitorId=78ob34gxsz5rp4xq8niyu; experiment-popup-payment-7=0; experiment-save-to-button-2=0
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sat, 03 Sep 2022 17:58:14 GMT
content-type: application/javascript; charset=UTF-8
vary: Origin, Accept-Encoding
cache-control: public, max-age=31536000, immutable
last-modified: Fri, 05 Aug 2022 08:43:45 GMT
etag: W/"20e2f-1826d2cbfb8"
cf-cache-status: HIT
age: 2538753
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=pvAojclu4AI5HRNfhwLW4DugHA%2F2mdo1%2BEJiRbVb5GtsinjIIihwoLYEZj3IS9HqM4QdzvmbpSBdEOYoxdy1FKYnvmWQeWXArNrd6ARiVJYfIPmIHRNfkr0IPipekg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 74505f51edd6b524-OSL
content-encoding: br
X-Firefox-Spdy: h2
a.focusde.info/api/spots/303892?p=1&s1=%subid1%&kw=
135.181.208.216200 OK 0 B URL HTTP/2 a.focusde.info/api/spots/303892?p=1&s1=%subid1%&kw=
IP 135.181.208.216:0
ASN #24940 Hetzner Online GmbH
GET /api/spots/303892?p=1&s1=%subid1%&kw= HTTP/1.1
Host: a.focusde.info
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 03 Sep 2022 17:58:17 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
set-cookie: nauid=qs7lgpgvDBTpKIgYPNRB; Path=/; Expires=Wed, 11 Nov 2037 11:11:11 GMT; Secure; SameSite=None
cache-control: private
content-encoding: gzip
X-Firefox-Spdy: h2
media.aso1.net/js/ifr.html
104.21.234.154200 OK 0 B URL HTTP/2 media.aso1.net/js/ifr.html
IP 104.21.234.154:0
GET /js/ifr.html HTTP/1.1
Host: media.aso1.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 03 Sep 2022 17:58:17 GMT
content-type: text/html
last-modified: Mon, 29 Aug 2022 13:18:49 GMT
etag: W/"630cbcb9-6ea"
expires: Fri, 02 Sep 2022 06:53:13 GMT
cache-control: max-age=259200
x-robots-tag: noindex, nofollow, noarchive, noimageindex
cf-cache-status: HIT
age: 309944
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=R4UiKquknD6sx1BBzJTCqMj8ZJwAbh0BgpxR8uPFn4x0NHeMy42oRRUzf97nlN8lwg0bHkPrH3Qj5IEPEzErUoFthSaSirVSV3R8cQnV83NWmZHpAU5RTy4TgGDZdZ2nBQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 74505f6899b1dd1f-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
a.focusde.info/api/spots/382499?host=xfantazy.com&ev=196&wh=939&ww=1280
135.181.208.216200 OK 0 B URL HTTP/2 a.focusde.info/api/spots/382499?host=xfantazy.com&ev=196&wh=939&ww=1280
IP 135.181.208.216:0
ASN #24940 Hetzner Online GmbH
GET /api/spots/382499?host=xfantazy.com&ev=196&wh=939&ww=1280 HTTP/1.1
Host: a.focusde.info
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Cookie: nauid=qs7lgpgvDBTpKIgYPNRB
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 03 Sep 2022 17:58:17 GMT
content-type: text/javascript; charset=utf-8
vary: Accept-Encoding
cache-control: private
content-encoding: gzip
X-Firefox-Spdy: h2