Overview

URLxfantazy.com/video/6051542a4ce90e0b3a572b0b?
IP 172.64.163.22 (United States)
ASN#13335 CLOUDFLARENET
UserAgentMozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Referer
Report completed2022-11-25 04:34:43 UTC
StatusLoading report..
IDS alerts0
Blocklist alert27
urlquery alerts No alerts detected
Tags None

Domain Summary (68)

Fully Qualifying Domain Name Rank First Seen Last Seen IP Comment
static.adxadserv.com (1) 128146 2018-06-23 22:08:40 UTC 2020-05-04 07:41:25 UTC 185.76.9.19
a.realsrv.com (2) 10080 No data No data 185.76.9.22
video.ktkjmp.com (1) 23778 2020-10-02 08:52:19 UTC 2022-01-31 09:33:25 UTC 104.18.51.106
bam.nr-data.net (2) 630 2015-02-10 00:06:27 UTC 2022-05-19 12:27:58 UTC 162.247.241.14
contile.services.mozilla.com (1) 1114 2021-05-27 18:32:35 UTC 2022-11-24 05:30:55 UTC 34.117.237.239
d192r5l88wrng7.cloudfront.net (4) 0 2022-10-25 19:02:47 UTC 2022-11-24 21:28:15 UTC 54.230.245.16 Unknown ranking
engingsecondu.com (6) 0 2022-11-16 09:50:10 UTC 2022-11-24 10:31:20 UTC 104.21.55.224 Unknown ranking
pogothere.xyz (2) 0 2022-09-04 19:11:25 UTC 2022-11-24 10:31:20 UTC 172.64.173.27 Unknown ranking
a.naturalhealthsource.club (11) 0 No data No data 135.181.208.216 Unknown ranking
ocsp.sca1b.amazontrust.com (2) 1015 2017-03-03 15:20:51 UTC 2019-03-27 04:05:54 UTC 143.204.42.156
s3t3d2y8.afcdn.net (5) 0 No data No data 185.76.9.14 Unknown ranking
ocsp.digicert.com (20) 86 2012-05-21 07:02:23 UTC 2020-05-02 20:58:10 UTC 93.184.220.29
www.googletagmanager.com (1) 75 2013-05-22 02:07:37 UTC 2022-11-24 08:35:27 UTC 142.250.74.168
cdn.barscreative1.com (2) 25648 2021-09-16 11:14:42 UTC 2022-07-13 08:11:12 UTC 45.133.44.4
cdn.tsyndicate.com (1) 16265 2017-07-04 06:00:09 UTC 2020-06-25 11:21:39 UTC 8.247.218.249
static.serve-servee.com (1) 0 2022-06-18 03:19:30 UTC 2022-11-24 17:21:26 UTC 172.64.111.7 Unknown ranking
analitits.com (1) 186712 2016-06-11 18:10:30 UTC 2022-11-24 12:22:53 UTC 31.220.24.19
static-cache.k2s.cc (12) 182663 2018-09-13 10:35:33 UTC 2022-11-24 18:56:20 UTC 188.72.235.185
skiingsettling.com (1) 0 2022-10-31 06:14:55 UTC 2022-11-24 09:03:56 UTC 192.243.61.227 Unknown ranking
e1.o.lencr.org (15) 6159 No data No data 23.36.76.226
pemainedperio.com (5) 0 2022-11-24 18:00:28 UTC 2022-11-24 18:53:15 UTC 54.230.111.124 Unknown ranking
ads.adxadserv.com (1) 113382 2018-07-07 20:22:47 UTC 2020-03-27 08:32:20 UTC 185.98.53.2
xfantazy.com (15) 167260 2020-04-20 06:55:54 UTC 2022-11-24 17:15:35 UTC 172.64.163.22
r3.o.lencr.org (20) 344 No data No data 23.36.77.32
tsyndicate.com (1) 13042 2017-03-16 09:04:54 UTC 2022-11-24 12:12:51 UTC 148.251.152.17
ocsp.pki.goog (14) 175 2018-07-01 06:43:07 UTC 2020-05-02 20:58:16 UTC 142.250.74.35
creative.xlirdr.com (1) 0 2021-07-02 10:31:16 UTC 2021-07-03 00:00:33 UTC 104.18.59.150 Unknown ranking
adxadserv.com (4) 85319 2018-06-28 23:50:00 UTC 2022-11-24 12:23:04 UTC 185.98.53.29
lcdn.tsyndicate.com (5) 12634 No data No data 8.247.219.121
www.google-analytics.com (1) 40 2012-10-03 01:04:21 UTC 2022-11-24 10:18:11 UTC 142.250.74.174
cdn.jsdelivr.net (1) 439 2012-09-30 00:15:09 UTC 2020-08-10 12:12:39 UTC 151.101.85.229
i.jads.co (1) 46788 No data No data 69.16.175.10
lightssyrupdecree.com (5) 0 2022-11-12 08:15:02 UTC 2022-11-24 17:05:32 UTC 173.233.137.60 Unknown ranking
reproductiontape.com (10) 0 2022-11-11 10:42:27 UTC 2022-11-24 14:08:06 UTC 173.233.137.36 Unknown ranking
unseenreport.com (4) 0 2022-03-30 14:33:17 UTC 2022-11-24 08:25:28 UTC 192.243.61.227 Unknown ranking
roomimg.stream.highwebmedia.com (3) 23037 2016-09-05 17:03:58 UTC 2022-11-24 08:24:44 UTC 104.19.241.83
firefox.settings.services.mozilla.com (2) 867 2020-06-04 20:08:41 UTC 2022-11-24 05:36:55 UTC 34.102.187.140
exploredefinitely.com (1) 0 2021-06-24 18:01:35 UTC 2022-11-24 21:28:15 UTC 173.233.137.60 Unknown ranking
go.xlirdr.com (1) 0 2021-07-02 10:51:47 UTC 2021-07-03 00:01:21 UTC 104.18.59.150 Unknown ranking
cams.gratis (1) 594857 2018-10-14 16:39:32 UTC 2022-11-24 21:07:43 UTC 172.64.135.7
img.strpst.com (1) 12993 2021-06-03 08:45:56 UTC 2022-01-31 08:38:04 UTC 104.18.63.124
mc.yandex.ru (11) 2672 2012-05-21 09:38:30 UTC 2022-11-24 11:15:18 UTC 77.88.21.119
go.xlivrdr.com (1) 0 2021-07-02 10:51:24 UTC 2021-07-03 00:01:21 UTC 104.18.59.150 Unknown ranking
cdn.creative-bars1.com (7) 0 2022-11-15 16:46:22 UTC 2022-11-24 09:25:02 UTC 172.64.109.13 Unknown ranking
syndication.realsrv.com (10) 9112 No data No data 95.211.229.248
static-assets.highwebmedia.com (4) 16059 2021-01-19 21:46:26 UTC 2022-11-24 11:48:29 UTC 104.16.94.42
content-signature-2.cdn.mozilla.net (1) 1152 No data No data 34.160.144.191
img-getpocket.cdn.mozilla.net (4) 1631 2018-06-21 23:36:00 UTC 2020-02-19 04:43:25 UTC 34.120.237.76
ifknittedhurtful.com (1) 0 2022-11-10 10:19:37 UTC 2022-11-24 16:45:35 UTC 192.243.59.13 Unknown ranking
yearbookhobblespinal.com (1) 0 2022-11-10 10:22:18 UTC 2022-11-24 11:37:59 UTC 173.233.137.36 Unknown ranking
accounts.google.com (2) 81 2016-09-05 09:39:47 UTC 2022-11-24 11:10:26 UTC 216.58.207.237
cdn.cloudimagesb.com (2) 23099 2022-10-07 08:01:31 UTC 2022-10-08 10:27:40 UTC 45.133.44.10
xml.serve-servee.com (1) 0 2022-06-18 07:06:23 UTC 2022-11-24 17:21:22 UTC 172.64.111.7 Unknown ranking
poweredby.jads.co (2) 30525 2019-12-04 10:34:12 UTC 2022-11-24 14:31:08 UTC 185.94.236.253
ocsp.globalsign.com (1) 2075 2012-07-20 17:46:16 UTC 2020-05-02 20:58:10 UTC 104.18.21.226
simplewebanalysis.com (2) 0 2022-02-25 04:06:25 UTC 2022-11-24 10:12:21 UTC 18.185.190.54 Unknown ranking
chaturbate.com (2) 6807 2012-05-22 23:11:36 UTC 2022-11-24 08:26:53 UTC 104.18.101.40
friendshipmale.com (1) 0 2022-10-21 12:15:25 UTC 2022-11-24 12:00:08 UTC 172.64.202.23 Unknown ranking
media.aso1.net (1) 123434 2018-09-12 09:13:52 UTC 2022-11-24 21:28:17 UTC 104.21.234.223
pxl.tsyndicate.com (3) 14763 2017-07-05 13:51:06 UTC 2022-11-24 10:47:35 UTC 136.243.51.205
ocsp.sectigo.com (10) 487 2019-11-29 11:50:24 UTC 2021-09-17 20:05:40 UTC 172.64.155.188
fonts.gstatic.com (3) 0 2014-09-09 00:40:21 UTC 2022-11-24 11:09:52 UTC 216.58.207.195 Domain (gstatic.com) ranked at: 540
js-agent.newrelic.com (1) 378 2018-06-22 04:15:37 UTC 2020-05-01 11:44:04 UTC 151.101.86.137
www.facebook.com (1) 99 2012-05-21 00:23:41 UTC 2021-06-08 06:38:51 UTC 157.240.200.35
xfantazy.com (15) 167260 2020-04-20 06:55:54 UTC 2022-11-24 17:15:35 UTC 172.64.162.22
push.services.mozilla.com (1) 2140 2014-10-24 08:27:06 UTC 2020-05-03 10:09:39 UTC 54.189.139.67
stats.g.doubleclick.net (1) 96 2013-06-10 20:21:11 UTC 2022-11-24 08:34:31 UTC 142.251.1.154
fonts.googleapis.com (1) 8877 2013-06-10 20:14:26 UTC 2022-11-24 11:11:51 UTC 142.250.74.10

Network Intrusion Detection Systemsinfo

Suricata /w Emerging Threats Pro
 No alerts detected

Blocklists

OpenPhish
 No alerts detected

PhishTank
 No alerts detected

Fortinet's Web Filter
Scan Date Severity Indicator Comment
2022-11-25 2 reproductiontape.com/01/f7/5a/01f75a95a38a8db0a8e82d995253a076.js Malware
2022-11-25 2 reproductiontape.com/sbar.json?key=21fe3950f412e026c33f1b6cee613eba Malware
2022-11-25 2 reproductiontape.com/ren.gif?sid=H4sIAAAAAAAC%2F1RSz2sbRxSeTVwoDYW25NJDg25t (...) Malware
2022-11-25 2 cdn.barscreative1.com/sb/au/e6/d7/97/e6d797a3a7be0e7ec1877d1b33146dfa/16577 (...) Phishing
2022-11-25 2 cdn.barscreative1.com/sb/au/b6/cf/48/b6cf48ca3e8ab4bdbcfaa2279b0fb2bc/16137 (...) Phishing

mnemonic secure dns
 No alerts detected

Quad9 DNS
Scan Date Severity Indicator Comment
2022-11-24 2 skiingsettling.com Sinkholed
2022-11-24 2 lightssyrupdecree.com Sinkholed
2022-11-25 2 reproductiontape.com Sinkholed
2022-11-24 2 lightssyrupdecree.com Sinkholed
2022-11-25 2 reproductiontape.com Sinkholed
2022-11-24 2 lightssyrupdecree.com Sinkholed
2022-11-25 2 reproductiontape.com Sinkholed
2022-11-24 2 ifknittedhurtful.com Sinkholed
2022-11-25 2 yearbookhobblespinal.com Sinkholed
2022-11-25 2 reproductiontape.com Sinkholed
2022-11-25 2 reproductiontape.com Sinkholed
2022-11-25 2 reproductiontape.com Sinkholed
2022-11-25 2 reproductiontape.com Sinkholed
2022-11-25 2 reproductiontape.com Sinkholed
2022-11-25 2 reproductiontape.com Sinkholed
2022-11-24 2 lightssyrupdecree.com Sinkholed
2022-11-24 2 lightssyrupdecree.com Sinkholed
2022-11-25 2 reproductiontape.com Sinkholed
2022-11-25 2 unseenreport.com Sinkholed
2022-11-25 2 unseenreport.com Sinkholed
2022-11-25 2 unseenreport.com Sinkholed
2022-11-25 2 unseenreport.com Sinkholed


Files

No files detected

Recent reports on same IP/ASN/Domain/Screenshot

Last 5 reports on IP: 172.64.163.22
Date UQ / IDS / BL URL IP
2023-01-15 16:50:30 +0000 0 - 7 - 24 xfantazy.com/video/618647d3248b9003ff8116ba 172.64.163.22
2022-12-27 05:49:05 +0000 0 - 2 - 24 xfantazy.com/tag/bondageliberation 172.64.163.22
2022-12-20 19:49:59 +0000 0 - 3 - 15 xfantazy.com/video/62b0468413dbbc05e42a40cf 172.64.163.22
2022-12-20 12:49:57 +0000 0 - 3 - 22 xfantazy.com/video/6256b6895a615f1d0cf9c694 172.64.163.22
2022-11-29 21:55:40 +0000 0 - 0 - 35 xfantazy.com/video/5edc59d923629346a514272b 172.64.163.22


Last 5 reports on ASN: CLOUDFLARENET
Date UQ / IDS / BL URL IP
2023-02-04 02:17:20 +0000 0 - 0 - 2 push2.asiapushstan4.click/index.php 172.67.186.157
2023-02-04 02:15:27 +0000 0 - 1 - 1 d7ba15d3.cruel.ru.com/ 104.26.12.4
2023-02-04 02:14:13 +0000 0 - 3 - 0 postgolflilaput.ml/ 104.21.95.235
2023-02-04 02:12:43 +0000 0 - 0 - 2 we-meet-today.com/?sub1=63ddbf02fb5eb5000125a (...) 104.21.81.54
2023-02-04 02:11:13 +0000 0 - 0 - 2 gopalayurvediccenter.com/wp-content/NETFLIX/a (...) 188.114.96.1


Last 5 reports on domain: xfantazy.com
Date UQ / IDS / BL URL IP
2023-02-03 02:45:39 +0000 0 - 2 - 25 xfantazy.com/video/603ced975ec2cb18b80961dc 172.64.204.27
2023-02-02 10:21:15 +0000 0 - 3 - 26 xfantazy.com/video/62379c1c76373a1d22aeaaeb 172.64.204.27
2023-01-30 05:57:17 +0000 0 - 2 - 23 xfantazy.com/video/60e796b1fc8074710cdd5c72 172.64.96.10
2023-01-28 18:06:59 +0000 0 - 3 - 28 xfantazy.com/video/61ffb4cb0712281d196d7936 172.64.96.10
2023-01-26 23:56:12 +0000 0 - 2 - 0 xfantazy.com/video/61f0361efe3794103180c226/amp 172.64.142.8


No other reports with similar screenshot

JavaScript

Executed Scripts (111)

Executed Evals (1)
#1 JavaScript::Eval (size: 125) - SHA256: 920d80e57685294073e6844ab22908618709844b22774b5e6c29e260c3a62799
(function() {
    try {
        return document.getElementsByTagName("video")["fluid-videoplayer"] ? "ready" : "null"
    } catch (a) {
        return "null"
    }
})();

Executed Writes (12)
#1 JavaScript::Write (size: 8490) - SHA256: 7fabd3cd7d802021df00e0014b4259008f3478a4c825d7e503420ff6a40a04c5
< !DOCTYPE html > < html > < head > < meta charset = "UTF-8" > < meta http - equiv = "X-UA-Compatible"
content = "ie=edge" > < meta name = "viewport"
content = "width=device-width, user-scalable=no, initial-scale=1.0, maximum-scale=1.0, minimum-scale=1.0" > < style type = "text/css" > * , body, html {
    margin: 0;padding: 0;border: none;
}
body, html {
    width: 100 % ;height: 100 % ;
}
iframe[seamless] {
    background - color: transparent;
    border: 0 px none transparent;
    padding: 0 px;
    overflow: hidden;
    margin: 0;
} < /style></head > < body > < script src = "//lcdn.tsyndicate.com/sdk/v1/b.b.js" > < /script><script type="text/javascript
">function openLink(e) {this.elmHref = e.href, this.elm = e, this.init()}openLink.prototype = {init: function() {var e = this;this.addEvent("
click ", this.elm, function(t) {var n = t || window.event;n.preventDefault ? n.preventDefault() : n.returnValue = !1, window.open(e.elmHref + e.getPositionCursor(n), "
_blank ")})},getPositionCursor: function(e) {var t = document.documentElement,n = e.pageX || e.clientX + (t.scrollLeft ? t.scrollLeft : document.body.scrollLeft),o = e.pageY || e.clientY + (t.scrollTop ? t.scrollTop : document.body.scrollTop);return " & x = " + n + " & y = " + o},addEvent: function(e, t, n) {if (t.addEventListener) t.addEventListener(e, n, !1);else if (t.attachEvent) return t.attachEvent("
on " + e, n)}};var t = new Date();var d = new PrivacyModeDetector();var count = 0;var processed = 0;var delta;function l(turl, r, cid, s, p, w, cl) {if (!r && window['BackUpCampaignBanner']) {BackUpCampaignBanner();return;}delta = new Date() - t;setTimeout(insertPixel, 1000);d.report(insertPixel);function insertPixel(priv) {if (processed >= count) return false;var qPixel = document.createElement("
script ");var pm = priv === undefined ? '' : '&priv=' + priv;qPixel.src = turl + (turl.match(/&$/) ? '' : '&') + 'r=' + r + '&d=' + delta + pm + (turl.match(/&w=/) ? '' : '&w=' + (w ? 't' : 'f'));document.body.appendChild(qPixel);processed++;}if (cl) { new trackIFrameClick({id:'ts_t_'+cid, params:['s='+s,'p='+p,'t=' + (w ? 't' : 'f')]}); }};</script>




< script type = "text/javascript" > function u82a0172e(r) {
    l('//pxl.tsyndicate.com/api/v1/p/p.js?p=APeIQFMmDJkycuaI0BGjBgsRYcbQWRjjIZ0zC0XgkBEGRowbMsq0sBEyTAsaMmTkaJHjxg2RMGrcoBEmhwwYZG5EFPEwTJ0xGWvSsIGDDA0YLRrmIHNShhiRYoiOORlmxo0ZY3DYnAHjBk-IZOwslBFDBo4ZD-HUEUNRpceecOAsxDETrYg5cCbqOGqjRowcdtvg1cvXb8uHY9rI3QsYBgy7Bs1QfCjGjZuFM2LEwOGXxsM2bjDqUFnjcVrQovvSqCiijhw2mK227PuwjoyMaOjQgTNHx4sXbfCccdEmDJ40Z8K0Ke5izJs2L26KqbF0DEwaZm6crFFDTIswYczUSFpjDA3AOMKIIWvjxxjlcNKQ6XGe62MudRzLsDFGzhf5PWS2WWf46cdfGHT0EAQZdbBBBwhHlOEGQmGwUSAM-80RQw8t5XBhhmnQUUYVUjDRAx5mhOEGHWHokUdzz31owxwhlvHffHTRMIOMZcDxXA979PhcHzIahNcbdNxIHwx9_bVjfhjaEAaHGMpoBhtv3KHkHldmeSORUO43BhtpjLGGklAMIYQeS5hxRwtlZEEFDFMw4QQTUHyxxn5yWBFHE-_NMEUOT6QxhxIzuAHHGnSoYYMcOMRBRRlYXGFGHG9AEYcQVUABRxZEiKEFFi2QkYYeayz6xgxS3KDHGDXgEccRR8gxxRJ0QIGFDG4s8QQbNCRBhxZBTIHHFVS00AYdWp5RRRJESFFFGl-R8VxQLriBoGsVElQhHWjM8YZr1jXHxlpfvafXFpl1kZYcQDEEk0MiiCGZDjC48JYIY8DRxhdwwLtQvo5x9pAcdizW0ENl9NvGwPqyVkcd1OrAbw5iwBBRDuONAcMYNpxkxlPf3TCGd2JkPAYZmZXRVxi3PZTGYiLkEIMLOeSLkgsN0fCVfzNnZDPOOsvAcw0-1xZGRk28oUcabLARxgs16AsCClek4Ya1d8wBghNUgBADwTuAkLUbNtBQNh5pl40wQzHpmwKEDa_xRnQeOTZ2DCAYkYYcZZjxBh4vjF01DOnGK4ITT3z1hn9jKM74V2woXoQT1ZZhxxeAw8aQTDecRZRjB59x2Wg10PXQQZuLIcdcOKyu-RdtvEHGWDjYwBoZcryB2UNvKLTXu4PnsZBnIpCRx-l0yFFHGQcHjptuvPn2QhjZbitHtwU5GO648JZh7lovfHVHRmXhgPhDaKCPYdJ3IZxR7yzS8XgLdbgRYgspuUDGGGWpluIO8oX_BdAiD2OIDWwAmNLQJXYioEMbbqNABs7AgaGLUk_IwLky4OULCKLIAhsIgwf2RAx6SV7gfOKgr8ChcgNDjGhg0AcFBAQ%3D&s=8fcce5aba100c1e67dbe4cf4e7ee70d3aa679fa7072900a21eb9a895fccc353f1669350878&w=t', r, '82a0172e', '8fcce5aba100c1e67dbe4cf4e7ee70d3aa679fa7072900a21eb9a895fccc353f1669350878', 'APeIQFMmDJkycuaI0BGjBgsRYcbQWRjjIZ0zC0XgkBEGRowbMsq0sBEyTAsaMmTkaJHjxg2RMGrcoBEmhwwYZG5EFPEwTJ0xGWvSsIGDDA0YLRrmIHNShhiRYoiOORlmxo0ZY3DYnAHjBk-IZOwslBFDBo4ZD-HUEUNRpceecOAsxDETrYg5cCbqOGqjRowcdtvg1cvXb8uHY9rI3QsYBgy7Bs1QfCjGjZuFM2LEwOGXxsM2bjDqUFnjcVrQovvSqCiijhw2mK227PuwjoyMaOjQgTNHx4sXbfCccdEmDJ40Z8K0Ke5izJs2L26KqbF0DEwaZm6crFFDTIswYczUSFpjDA3AOMKIIWvjxxjlcNKQ6XGe62MudRzLsDFGzhf5PWS2WWf46cdfGHT0EAQZdbBBBwhHlOEGQmGwUSAM-80RQw8t5XBhhmnQUUYVUjDRAx5mhOEGHWHokUdzz31owxwhlvHffHTRMIOMZcDxXA979PhcHzIahNcbdNxIHwx9_bVjfhjaEAaHGMpoBhtv3KHkHldmeSORUO43BhtpjLGGklAMIYQeS5hxRwtlZEEFDFMw4QQTUHyxxn5yWBFHE-_NMEUOT6QxhxIzuAHHGnSoYYMcOMRBRRlYXGFGHG9AEYcQVUABRxZEiKEFFi2QkYYeayz6xgxS3KDHGDXgEccRR8gxxRJ0QIGFDG4s8QQbNCRBhxZBTIHHFVS00AYdWp5RRRJESFFFGl-R8VxQLriBoGsVElQhHWjM8YZr1jXHxlpfvafXFpl1kZYcQDEEk0MiiCGZDjC48JYIY8DRxhdwwLtQvo5x9pAcdizW0ENl9NvGwPqyVkcd1OrAbw5iwBBRDuONAcMYNpxkxlPf3TCGd2JkPAYZmZXRVxi3PZTGYiLkEIMLOeSLkgsN0fCVfzNnZDPOOsvAcw0-1xZGRk28oUcabLARxgs16AsCClek4Ya1d8wBghNUgBADwTuAkLUbNtBQNh5pl40wQzHpmwKEDa_xRnQeOTZ2DCAYkYYcZZjxBh4vjF01DOnGK4ITT3z1hn9jKM74V2woXoQT1ZZhxxeAw8aQTDecRZRjB59x2Wg10PXQQZuLIcdcOKyu-RdtvEHGWDjYwBoZcryB2UNvKLTXu4PnsZBnIpCRx-l0yFFHGQcHjptuvPn2QhjZbitHtwU5GO648JZh7lovfHVHRmXhgPhDaKCPYdJ3IZxR7yzS8XgLdbgRYgspuUDGGGWpluIO8oX_BdAiD2OIDWwAmNLQJXYioEMbbqNABs7AgaGLUk_IwLky4OULCKLIAhsIgwf2RAx6SV7gfOKgr8ChcgNDjGhg0AcFBAQ=', true, false)
};
count++; < /script><noscript><img src="/ / pxl.tsyndicate.com / api / v1 / p / p.js ? p = APeIQFMmDJkycuaI0BGjBgsRYcbQWRjjIZ0zC0XgkBEGRowbMsq0sBEyTAsaMmTkaJHjxg2RMGrcoBEmhwwYZG5EFPEwTJ0xGWvSsIGDDA0YLRrmIHNShhiRYoiOORlmxo0ZY3DYnAHjBk - IZOwslBFDBo4ZD - HUEUNRpceecOAsxDETrYg5cCbqOGqjRowcdtvg1cvXb8uHY9rI3QsYBgy7Bs1QfCjGjZuFM2LEwOGXxsM2bjDqUFnjcVrQovvSqCiijhw2mK227PuwjoyMaOjQgTNHx4sXbfCccdEmDJ40Z8K0Ke5izJs2L26KqbF0DEwaZm6crFFDTIswYczUSFpjDA3AOMKIIWvjxxjlcNKQ6XGe62MudRzLsDFGzhf5PWS2WWf46cdfGHT0EAQZdbBBBwhHlOEGQmGwUSAM - 80 RQw8t5XBhhmnQUUYVUjDRAx5mhOEGHWHokUdzz31owxwhlvHffHTRMIOMZcDxXA979PhcHzIahNcbdNxIHwx9_bVjfhjaEAaHGMpoBhtv3KHkHldmeSORUO43BhtpjLGGklAMIYQeS5hxRwtlZEEFDFMw4QQTUHyxxn5yWBFHE - _NMEUOT6QxhxIzuAHHGnSoYYMcOMRBRRlYXGFGHG9AEYcQVUABRxZEiKEFFi2QkYYeayz6xgxS3KDHGDXgEccRR8gxxRJ0QIGFDG4s8QQbNCRBhxZBTIHHFVS00AYdWp5RRRJESFFFGl - R8VxQLriBoGsVElQhHWjM8YZr1jXHxlpfvafXFpl1kZYcQDEEk0MiiCGZDjC48JYIY8DRxhdwwLtQvo5x9pAcdizW0ENl9NvGwPqyVkcd1OrAbw5iwBBRDuONAcMYNpxkxlPf3TCGd2JkPAYZmZXRVxi3PZTGYiLkEIMLOeSLkgsN0fCVfzNnZDPOOsvAcw0 - 1 xZGRk28oUcabLARxgs16AsCClek4Ya1d8wBghNUgBADwTuAkLUbNtBQNh5pl40wQzHpmwKEDa_xRnQeOTZ2DCAYkYYcZZjxBh4vjF01DOnGK4ITT3z1hn9jKM74V2woXoQT1ZZhxxeAw8aQTDecRZRjB59x2Wg10PXQQZuLIcdcOKyu - RdtvEHGWDjYwBoZcryB2UNvKLTXu4PnsZBnIpCRx - l0yFFHGQcHjptuvPn2QhjZbitHtwU5GO648JZh7lovfHVHRmXhgPhDaKCPYdJ3IZxR7yzS8XgLdbgRYgspuUDGGGWpluIO8oX_BdAiD2OIDWwAmNLQJXYioEMbbqNABs7AgaGLUk_IwLky4OULCKLIAhsIgwf2RAx6SV7gfOKgr8ChcgNDjGhg0AcFBAQ % 3 D & r = 1 & s = 8 fcce5aba100c1e67dbe4cf4e7ee70d3aa679fa7072900a21eb9a895fccc353f1669350878 & w = t "></noscript> < div style = "width:300px;height:250px;float:left" > < a href = "//tsyndicate.com/do2/click?c=APeIQFMmDJkycuaI0BGjBgsRYcbQWSjjIZ0zC0XgkBEGRowbMsq0sBEyTAsaMmTkaJHjxg2RMGrcoBEmhwwYZG5EFPEwTJ0xGWvSsIGDDA0YLRrmIHNShhiRYoiOORlmxo0ZY3DYnAHjBk-IZOxQjCEDx4yHcOqIWUg2h8eecOAsxDHzrIg5cCbqOGqjRowcdtvg1cvXb8uHY9rI3QsYBgy7Bs2wfSjGjZuFM2LEwOGXxsM2bjDqUFnjMVrQovvSiPGwjhw2mK227NtaRkY0dOjAmaPjxYs2eM64aBMGT5ozYdoQdzHmTZsXN8XUWDoGJg0zN07WqCGmRZgwZmokrTGGBmAcYcTIiGHjx5jkcNKQ6WGe62MudRzLsDFGzhf5PWS2WWf46cdfGHT0EAQZdbBBBwhHlOEGQmGwUSAM-80RQw8t5XBhhmnQUUYVUjDRAx5mhOEGHWHokQdzzn1owxwhlvHffHTRMIOMZcDhXA979OhcHzIahNcbdNxIHwx9_bVjfhjaEAaHGMpoBhtv3KHkHldmeSORUO43BhtpjLGGklekdAcWZpThRBlt3JCHEC1QAUURVAxRgxxVTMFEGVMQQYMcSkjR5hJWZPEEFkpMQUYeMVwRxBxmJHGDHnHIEMQMajARRhZojDFHEy0IUZ4ZZzhBxRlfKJHDE0mUQQMaQtBwgxBqqCEEEnaAZkUQS4hxxhjEwoBFHGwgIcYXZ1SRBBFSVJHGV2Q4F5QLbiDoWoUEVUgHGnO84Vp1zLGh1lfv6bVFZl2gJQdQDMHkkAhiSKYDDC68JcIYcLTxBRzvLoSvY5w9JIcdizX0UBn8tiFwvqyJUEcd0-qwbw5iwBBRDuKNAcMYNpxkxlPe3TBGd2JkPAYZmZXRVxi2PZTGYiLkEIMLbrmAkgsN0fCVfzNnZDPO-O7c81d1hJFRE2_okQYbbITxQg35goDCFWm4Ue0dc4CgKggxDLwDCFi7YQMNY-Nx9tgHMxRTvilAyPAab0DnkWNhxwCCEWnIUYYZb-DxQthUw4AuvCI48cRXb_hHbEaKf8UG4kU4QW0ZdnzhN2wMyXSDWUQ5ZvAZl41WA10PHZS5GHLMhUPqmH_RxhtkUISDDRGTIccbmD30hkJ7uRt4Hgt5JsKjpdMhRx1lGPz3bbnt1tsLYWCrrRzcFuQguOK-W0a5ar3w1R0ZkYWD4Q-hUT6GPj80x8EZ7c4iHY23UIcbIbaQkgtkjEEWtYg7yBf69z-LOIwhNrABYEpDl9eJgA5tsA0CFTgDBn4uSj0hg-bKgJcvIIgtCVwgDBrYEzHo5Xh_84mDvgKHyQkMMaKBQR8UEBA%3D&s=045912253f749cb52bfa8cfbe7790339762c327c7233a7c6ca4e4844d9e7d6161669350878"
id = "v82a0172e"
target = "_blank" > < video playsinline preload autoplay loop muted poster = "https://lcdn.tsyndicate.com/images/c/9/d31d344234514c2ab939845e768879fc00c705/main.jpg"
width = "300"
height = "250"
onloadstart = "u82a0172e(1)"
onerror = "u82a0172e(0)" > < source src = "https://lcdn.tsyndicate.com/images/c/9/d31d344234514c2ab939845e768879fc00c705/main.mp4"
type = "video/mp4" > < /video></a > < script > new openLink(document.getElementById('v82a0172e')); < /script></div >

< /body></html >
#2 JavaScript::Write (size: 247) - SHA256: 5dfb479f3f624925ecab5e143b028a0ae8bb6ff3c555faff0a5831e8fa105c44
< script async type = "application/javascript"
src = "https://a.realsrv.com/ad-provider.js" > < /script> < ins class = "adsbyexoclick"
data - keywords = ""
data - zoneid = "4786598" > < /ins> < script > (AdProvider = window.AdProvider || []).push({
    "serve": {}
}); < /script>
#3 JavaScript::Write (size: 247) - SHA256: 69984ec6754fbc302d4482c2b176db1f5607f0cf9a1374288a190f67c26ff64b
< script async type = "application/javascript"
src = "https://a.realsrv.com/ad-provider.js" > < /script> < ins class = "adsbyexoclick"
data - keywords = ""
data - zoneid = "4786600" > < /ins> < script > (AdProvider = window.AdProvider || []).push({
    "serve": {}
}); < /script>
#4 JavaScript::Write (size: 8309) - SHA256: 705c4eabc61f32fb8e57d5d4a0765370028c8c4bcb8b448e2cb8e6a805f9f511
< !DOCTYPE html > < html > < head > < meta charset = "UTF-8" > < meta http - equiv = "X-UA-Compatible"
content = "ie=edge" > < meta name = "viewport"
content = "width=device-width, user-scalable=no, initial-scale=1.0, maximum-scale=1.0, minimum-scale=1.0" > < style type = "text/css" > * , body, html {
    margin: 0;padding: 0;border: none;
}
body, html {
    width: 100 % ;height: 100 % ;
}
iframe[seamless] {
    background - color: transparent;
    border: 0 px none transparent;
    padding: 0 px;
    overflow: hidden;
    margin: 0;
} < /style></head > < body > < script src = "//lcdn.tsyndicate.com/sdk/v1/b.b.js" > < /script><script type="text/javascript
">function openLink(e) {this.elmHref = e.href, this.elm = e, this.init()}openLink.prototype = {init: function() {var e = this;this.addEvent("
click ", this.elm, function(t) {var n = t || window.event;n.preventDefault ? n.preventDefault() : n.returnValue = !1, window.open(e.elmHref + e.getPositionCursor(n), "
_blank ")})},getPositionCursor: function(e) {var t = document.documentElement,n = e.pageX || e.clientX + (t.scrollLeft ? t.scrollLeft : document.body.scrollLeft),o = e.pageY || e.clientY + (t.scrollTop ? t.scrollTop : document.body.scrollTop);return " & x = " + n + " & y = " + o},addEvent: function(e, t, n) {if (t.addEventListener) t.addEventListener(e, n, !1);else if (t.attachEvent) return t.attachEvent("
on " + e, n)}};var t = new Date();var d = new PrivacyModeDetector();var count = 0;var processed = 0;var delta;function l(turl, r, cid, s, p, w, cl) {if (!r && window['BackUpCampaignBanner']) {BackUpCampaignBanner();return;}delta = new Date() - t;setTimeout(insertPixel, 1000);d.report(insertPixel);function insertPixel(priv) {if (processed >= count) return false;var qPixel = document.createElement("
script ");var pm = priv === undefined ? '' : '&priv=' + priv;qPixel.src = turl + (turl.match(/&$/) ? '' : '&') + 'r=' + r + '&d=' + delta + pm + (turl.match(/&w=/) ? '' : '&w=' + (w ? 't' : 'f'));document.body.appendChild(qPixel);processed++;}if (cl) { new trackIFrameClick({id:'ts_t_'+cid, params:['s='+s,'p='+p,'t=' + (w ? 't' : 'f')]}); }};</script>




< script type = "text/javascript" > function ub64cb4ff(r) {
    l('//pxl.tsyndicate.com/api/v1/p/p.js?p=APeIQFMmDJkycuaI0BGjBgsRYcbQWRjjIZ0zC0WIsUFjjBgaZsy0sDHjRo4WNGTcKNNCDIwYMFqYmSEDJI4YY8bgMFNDxMMwdcZkDJODhg0cZGjEbJiDDEoZYlhuxDEGZZiSM3TmkDEDxg2fEMnYWSgjhgwcMx7CqSOGoowcL3_CgbMQxw0aaUXMgTNRh1IbNWLkyNtmb9-_gXPceDimDV2_g2HAyGvQDMWHYty4WTgjRgwcgReLaOMGo463NSarJW0aMI2KIurIYcO5pOKjD-vIyIiGDh04c3S8eNEGzxkXbcLgSXMmTJvkLsa8afNCBgwxNZqOYQkD5A2UNWqIaREmDM8WDcfQGIwjjJiyNn6McQ4nDZke67tO5lJHsgwbY8jxhX09dPZZaPz5B2AYdPQQBBl1sEEHCEeU4QZCYbCRIAz_zRFDD4rlsGGHadBRRhVSMNEDHmaE4QYdYeiRR3TTjWjDHCWWMeB9duFlYxlwTNfDHkBO14eNBu31Bh074gcDYILNgCSIHNpoBhtv3NHkHldmueOR_XEIIBtpjLFGk3G0UMUVZVCRhxpylKkFFFSYkUQYWpZxwxVzRUGEE3UwQUMcMMwhxxBhnFEGFm-4MYYWVdRRBRRstJGGG3lYkcMZZNxRgxxr5LBEE0UkEYMUZSzBBhlUXCESFEnYkEcVVhixBh1a1OCEHXi04AYNVzQxxRFCDLEEHI6VIcUXZ1SRBBFSVJEGWGRMN5QLbjAoW4YEZUgHGnO8Idt20bHBFljz9bVFZ12oJYdQDHHnkEaW6QCDC3GJMAayX8Dx7kL3SgbaQ3LY8VhDD5WxbxsA4wtbHXVMq4O-ObgUUQ41tDAGDGPYgJIZUZF3g0ctuTQGGZ2VAVgYuz2UxmMi5BCDC3C5kJILDdEAloAvZyQzzffenDNYdYSRURNv6JEGG2yE8UIN-IKAwhWXVnvHHCA4QQUIMOG7AwhUu8HR13iMDULBDMEANQwpUKjwGm9U95JkMMUAghFpyFGGGW_g8QJMa6MLrwhOPAHWGwLmlFHhYLExeBFOUFuGHV_oTRtDNdxwA1pHSUbwGZudVoNdDx1EuRhy1IVD6ZN_0cYbZJCFgw2wkSHHG5w99IZCfrnbdx4L0VB6HqHTIUcdZRC8N2--ASfcC2Fgq60c3BYkIbjivltGuWy9ANYdGZmFAwxgoRE-hzo_ZOhYE98OIx2It1CHGyW2IIMMLpAxhlnUDn7QF_rjn0UYxhAb2GAwqbHL6kRAhzbspoAHnEECN8eheRmkcmXYyxcYRBEDIhAGCvyJGPoigoO0KEITUYvjAMYY08CgDwoICA%3D%3D&s=6fda5a126382ea329ddb5c29f5e451d2e0b5573e6c2c99e8725cbaf98a1c6b431669350878&w=t', r, 'b64cb4ff', '6fda5a126382ea329ddb5c29f5e451d2e0b5573e6c2c99e8725cbaf98a1c6b431669350878', 'APeIQFMmDJkycuaI0BGjBgsRYcbQWRjjIZ0zC0WIsUFjjBgaZsy0sDHjRo4WNGTcKNNCDIwYMFqYmSEDJI4YY8bgMFNDxMMwdcZkDJODhg0cZGjEbJiDDEoZYlhuxDEGZZiSM3TmkDEDxg2fEMnYWSgjhgwcMx7CqSOGoowcL3_CgbMQxw0aaUXMgTNRh1IbNWLkyNtmb9-_gXPceDimDV2_g2HAyGvQDMWHYty4WTgjRgwcgReLaOMGo463NSarJW0aMI2KIurIYcO5pOKjD-vIyIiGDh04c3S8eNEGzxkXbcLgSXMmTJvkLsa8afNCBgwxNZqOYQkD5A2UNWqIaREmDM8WDcfQGIwjjJiyNn6McQ4nDZke67tO5lJHsgwbY8jxhX09dPZZaPz5B2AYdPQQBBl1sEEHCEeU4QZCYbCRIAz_zRFDD4rlsGGHadBRRhVSMNEDHmaE4QYdYeiRR3TTjWjDHCWWMeB9duFlYxlwTNfDHkBO14eNBu31Bh074gcDYILNgCSIHNpoBhtv3NHkHldmueOR_XEIIBtpjLFGk3G0UMUVZVCRhxpylKkFFFSYkUQYWpZxwxVzRUGEE3UwQUMcMMwhxxBhnFEGFm-4MYYWVdRRBRRstJGGG3lYkcMZZNxRgxxr5LBEE0UkEYMUZSzBBhlUXCESFEnYkEcVVhixBh1a1OCEHXi04AYNVzQxxRFCDLEEHI6VIcUXZ1SRBBFSVJEGWGRMN5QLbjAoW4YEZUgHGnO8Idt20bHBFljz9bVFZ12oJYdQDHHnkEaW6QCDC3GJMAayX8Dx7kL3SgbaQ3LY8VhDD5WxbxsA4wtbHXVMq4O-ObgUUQ41tDAGDGPYgJIZUZF3g0ctuTQGGZ2VAVgYuz2UxmMi5BCDC3C5kJILDdEAloAvZyQzzffenDNYdYSRURNv6JEGG2yE8UIN-IKAwhWXVnvHHCA4QQUIMOG7AwhUu8HR13iMDULBDMEANQwpUKjwGm9U95JkMMUAghFpyFGGGW_g8QJMa6MLrwhOPAHWGwLmlFHhYLExeBFOUFuGHV_oTRtDNdxwA1pHSUbwGZudVoNdDx1EuRhy1IVD6ZN_0cYbZJCFgw2wkSHHG5w99IZCfrnbdx4L0VB6HqHTIUcdZRC8N2--ASfcC2Fgq60c3BYkIbjivltGuWy9ANYdGZmFAwxgoRE-hzo_ZOhYE98OIx2It1CHGyW2IIMMLpAxhlnUDn7QF_rjn0UYxhAb2GAwqbHL6kRAhzbspoAHnEECN8eheRmkcmXYyxcYRBEDIhAGCvyJGPoigoO0KEITUYvjAMYY08CgDwoICA==', true, false)
};
count++; < /script><noscript><img src="/ / pxl.tsyndicate.com / api / v1 / p / p.js ? p = APeIQFMmDJkycuaI0BGjBgsRYcbQWRjjIZ0zC0WIsUFjjBgaZsy0sDHjRo4WNGTcKNNCDIwYMFqYmSEDJI4YY8bgMFNDxMMwdcZkDJODhg0cZGjEbJiDDEoZYlhuxDEGZZiSM3TmkDEDxg2fEMnYWSgjhgwcMx7CqSOGoowcL3_CgbMQxw0aaUXMgTNRh1IbNWLkyNtmb9 - _gXPceDimDV2_g2HAyGvQDMWHYty4WTgjRgwcgReLaOMGo463NSarJW0aMI2KIurIYcO5pOKjD - vIyIiGDh04c3S8eNEGzxkXbcLgSXMmTJvkLsa8afNCBgwxNZqOYQkD5A2UNWqIaREmDM8WDcfQGIwjjJiyNn6McQ4nDZke67tO5lJHsgwbY8jxhX09dPZZaPz5B2AYdPQQBBl1sEEHCEeU4QZCYbCRIAz_zRFDD4rlsGGHadBRRhVSMNEDHmaE4QYdYeiRR3TTjWjDHCWWMeB9duFlYxlwTNfDHkBO14eNBu31Bh074gcDYILNgCSIHNpoBhtv3NHkHldmueOR_XEIIBtpjLFGk3G0UMUVZVCRhxpylKkFFFSYkUQYWpZxwxVzRUGEE3UwQUMcMMwhxxBhnFEGFm - 4 MYYWVdRRBRRstJGGG3lYkcMZZNxRgxxr5LBEE0UkEYMUZSzBBhlUXCESFEnYkEcVVhixBh1a1OCEHXi04AYNVzQxxRFCDLEEHI6VIcUXZ1SRBBFSVJEGWGRMN5QLbjAoW4YEZUgHGnO8Idt20bHBFljz9bVFZ12oJYdQDHHnkEaW6QCDC3GJMAayX8Dx7kL3SgbaQ3LY8VhDD5WxbxsA4wtbHXVMq4O - ObgUUQ41tDAGDGPYgJIZUZF3g0ctuTQGGZ2VAVgYuz2UxmMi5BCDC3C5kJILDdEAloAvZyQzzffenDNYdYSRURNv6JEGG2yE8UIN - IKAwhWXVnvHHCA4QQUIMOG7AwhUu8HR13iMDULBDMEANQwpUKjwGm9U95JkMMUAghFpyFGGGW_g8QJMa6MLrwhOPAHWGwLmlFHhYLExeBFOUFuGHV_oTRtDNdxwA1pHSUbwGZudVoNdDx1EuRhy1IVD6ZN_0cYbZJCFgw2wkSHHG5w99IZCfrnbdx4L0VB6HqHTIUcdZRC8N2--ASfcC2Fgq60c3BYkIbjivltGuWy9ANYdGZmFAwxgoRE - hzo_ZOhYE98OIx2It1CHGyW2IIMMLpAxhlnUDn7QF_rjn0UYxhAb2GAwqbHL6kRAhzbspoAHnEECN8eheRmkcmXYyxcYRBEDIhAGCvyJGPoigoO0KEITUYvjAMYY08CgDwoICA % 3 D % 3 D & r = 1 & s = 6 fda5a126382ea329ddb5c29f5e451d2e0b5573e6c2c99e8725cbaf98a1c6b431669350878 & w = t "></noscript> < div style = "width:300px;height:250px;float:left" > < a href = "//tsyndicate.com/do2/click?c=APeIQFMmDJkycuaI0BGjBgsRYcbQWSjjIZ0zC0WIsUFjjBgaZsy0sDHjRo4WNGTcKNNCDIwYMFqYmSEDJI4YY8bgMFNDxMMwdcZkDJODhg0cZGjEbJiDDEoZYlhuxDEGZZiSM3TmkDEDxg2fEMnYoRhDBo4ZD-HUEbOwbI6XP-HAWYjjBg20IubAmahDqY0aMXLgbaOXr1_AOW48HNNmbl_BMGDgNWim7UMxbtwsnBEjBg7AikW0cYNRh4wcNSSnHV36L40YD-vIYbO5ZOKjsWVkREOHDpw5Ol68aIPnjIs2YfCkOROmDXIXY960eSEDhpgaTcewhAHyBsoaNcS0CBOGZ4uGY2gIxhFGjIwYNn6MaQ4nDZke6rtK5lInsgwbY8jxhX09cOYZaPz5B2AYdPQQBBl1sEEHCEeU4QZCYbCRIAz_zRFDD4nlsGGHadBRRhVSMNEDHmaE4QYdYeiRB3TSjWjDHCWWMeB9dd1lYxlwSNfDHkBK14eNBun1Bh074gfDX4HNgCSIHNpoBhtv3NHkHldmueOR_XEIIBtpjLFGk0PccccRJhphhRIyRCHDEEbEocYXWWSBlBR30HBHDHXYIYcVLUgRhBx1KNFGHkpYUUUZd4RxQxpCfBFEEjgGUcUVeMhxhxNotJCFGXPC8AQWSDABxRg5BCGFGmc8MYMcV7D5xRxDJIUGGTPMcIQQSWhBpmxwfLEGFl-cUUUSREhRRRpgkSHdUC64waBsGRKUIR1ozPGGbNpBx8ZaYM3H1xacdZGWHEIxtJ1DGlWmAwwuwCXCGHC08QUc7C5Eb2SfPSSHHY419FAZ-Lbhb72wiVBHHdDqcG8OLkWEWgtjwDCGDSiZEdV4N3jUkktj8BpDGX-FodtDaTgmQg4xuPCWCym50BANYAnYckYwy0xvzTeDVUcYGTXxhh5psMFGGC_UUC8IKFyRhhvS3jEHCE5QAQJM9e4AgtRucOQ1HmKDMDBDMDgNQwoUIrzGG9S9FBlMMYBgRBpylGHGG3i8AJPa5bYrghNPgPWGgDllRDhYbAhehBPRlmHHF3nTxlANN9xw1lGRCXyGZqbVUNdDB00uhhx04UC65F-08QYZFOFgQ8NkyPHGZg-9oVBf6_Kdx0I0kJ4H6HQgWobAeu_W22_BvRBGtdfKkW1BEnb7LbtliLvWC2DdkVFZOMAAFhrfc4jzQ3MMnJHtMNJxeAt1uFFiCzLI4AIZY5QVreAHfYG__hZRGENsYAPBpKYuqhMBHdqgmwEWcAYH1JyYfkIGypVBL19gUFsIaEAYIPAnYuCLCA7SoghNJC2N89diSgODPiggIA%3D%3D&s=21c4ecbd3f2420178e6167c0ab4f82bf676b4b71ed3bd34a3a7748a465e0b2961669350878"
id = "ib64cb4ff"
target = "_blank"
rel = "nofollow noopener" > < img src = "https://lcdn.tsyndicate.com/images/f/9/c6542954e657f07ad90fa19d17c7da6431db37.gif"
width = "300"
height = "250"
onload = "ub64cb4ff(1)"
onerror = "ub64cb4ff(0)" / > < /a><script>new openLink(document.getElementById('ib64cb4ff'));</script > < /div>


< /body></html >
#5 JavaScript::Write (size: 46) - SHA256: de73a926a8381f11229c3f788149919c2b1e9620adcdf9c657c1df31971b423f
< ins class = "aso-zone"
data - zone = "87882" > < /ins>
#6 JavaScript::Write (size: 46) - SHA256: b7c224bd318e210fb3724a686d2e6fdff03e16ced4163e2e207bd2468a998f0a
< ins class = "aso-zone"
data - zone = "87884" > < /ins>
#7 JavaScript::Write (size: 731) - SHA256: 873c68a39794c6ab36e4ea21c71618e1e7d12767ac2cf722994533fe17228b55
< !DOCTYPE html > < html > < head > < title > < /title><style>html,body{margin:0;padding:0;height:100%;width:100%;}</style > < /head><body><script type="application/javascript
" src="
https: //a.realsrv.com/video-slider.js"></script>
    < script type = "application/javascript" >
    var adConfig = {
        "idzone": 4822350,
        "frequency_period": 0,
        "close_after": 0,
        "on_complete": "repeat",
        "branding_enabled": 1,
        "screen_density": 25,
        "cta_enabled": 1
    };
ExoVideoSlider.init(adConfig); < /script> < script async type = "application/javascript"
src = "https://a.realsrv.com/ad-provider.js" > < /script>  < ins class = "adsbyexoclick"
data - zoneid = "4847716" > < /ins>  < script > (AdProvider = window.AdProvider || []).push({
    "serve": {}
}); < /script></body > < /html>
#8 JavaScript::Write (size: 484) - SHA256: 17d94e96963dd14c2da602a6073d5af159c974cddf5e1526eaaf2725ec1bf6df
< !DOCTYPE html > < html > < head > < title > < /title><style>html,body{margin:0;padding:0;height:100%;width:100%;}</style > < /head><body><!-- JuicyAds v3.0 --> < script type = "text/javascript"
data - cfasync = "false"
async src = "https://poweredby.jads.co/js/jads.js" > < /script> < ins id = "969388"
data - width = "908"
data - height = "258" > < /ins> < script type = "text/javascript"
data - cfasync = "false"
async > (adsbyjuicy = window.adsbyjuicy || []).push({
    'adzone': 969388
}); < /script>
<!--JuicyAds END--></body></html>
#9 JavaScript::Write (size: 8261) - SHA256: 692535f2f230ac98666e2b219c1eb82c87e18292c95bea8ac190d570fa128ddc
< !DOCTYPE html > < html > < head > < meta charset = "UTF-8" > < meta http - equiv = "X-UA-Compatible"
content = "ie=edge" > < meta name = "viewport"
content = "width=device-width, user-scalable=no, initial-scale=1.0, maximum-scale=1.0, minimum-scale=1.0" > < style type = "text/css" > * , body, html {
    margin: 0;padding: 0;border: none;
}
body, html {
    width: 100 % ;height: 100 % ;
}
iframe[seamless] {
    background - color: transparent;
    border: 0 px none transparent;
    padding: 0 px;
    overflow: hidden;
    margin: 0;
} < /style></head > < body > < script src = "//lcdn.tsyndicate.com/sdk/v1/b.b.js" > < /script><script type="text/javascript
">function openLink(e) {this.elmHref = e.href, this.elm = e, this.init()}openLink.prototype = {init: function() {var e = this;this.addEvent("
click ", this.elm, function(t) {var n = t || window.event;n.preventDefault ? n.preventDefault() : n.returnValue = !1, window.open(e.elmHref + e.getPositionCursor(n), "
_blank ")})},getPositionCursor: function(e) {var t = document.documentElement,n = e.pageX || e.clientX + (t.scrollLeft ? t.scrollLeft : document.body.scrollLeft),o = e.pageY || e.clientY + (t.scrollTop ? t.scrollTop : document.body.scrollTop);return " & x = " + n + " & y = " + o},addEvent: function(e, t, n) {if (t.addEventListener) t.addEventListener(e, n, !1);else if (t.attachEvent) return t.attachEvent("
on " + e, n)}};var t = new Date();var d = new PrivacyModeDetector();var count = 0;var processed = 0;var delta;function l(turl, r, cid, s, p, w, cl) {if (!r && window['BackUpCampaignBanner']) {BackUpCampaignBanner();return;}delta = new Date() - t;setTimeout(insertPixel, 1000);d.report(insertPixel);function insertPixel(priv) {if (processed >= count) return false;var qPixel = document.createElement("
script ");var pm = priv === undefined ? '' : '&priv=' + priv;qPixel.src = turl + (turl.match(/&$/) ? '' : '&') + 'r=' + r + '&d=' + delta + pm + (turl.match(/&w=/) ? '' : '&w=' + (w ? 't' : 'f'));document.body.appendChild(qPixel);processed++;}if (cl) { new trackIFrameClick({id:'ts_t_'+cid, params:['s='+s,'p='+p,'t=' + (w ? 't' : 'f')]}); }};</script>




< script type = "text/javascript" > function u3697e945(r) {
    l('//pxl.tsyndicate.com/api/v1/p/p.js?p=APeIQFMmDJkycuaI0BGjBgsRYcbQWRjjIZ0zC0XMsJHjRpkcNGq0kFGDDI4WNGbkINNCjEuRNmKMkZGjRgwYM2CEFPEwTJ0xGcOAtIGDDA0YLRquRClDTJmWRMegDDPjxowxOHLIyHmDJ0QydhbKiCEDx4yHcOqIoUgTRkWIcOAsxHEj5cM5cCbqOGrDZo6zItrg1cvX742HY9rI3fsXBs6eZMxQfCjGjZuFM2LEwGHzcGA3GHXQrPFYBJw2oBf2pfG2jhw2mKt2JPqwjoyMaOjQgTNHx4sXbfCccdEmDJ40Z8K0Ke5izJs2L2TAEFNj5ZinOs3cQFmjhpgWYcKYEdlwDI2_OMKIGWvjxxjlcNKQ6XE-J04udRzLsDFGzhf5PWS2WWf46cdfGHT0EAQZdbBBBwhHlOEGQmGwUSAM-80RQw8d5XBhhmnQUUYVUjDRAx5mhOEGHWHokUdzz31owxwhlvHffHSlJGMZcDzXwx48PteHjAbh9QYdN9IHQ18x_EUkhxjKaAYbb9yR5B5TVnnjkPlhyB8baYyxRpJ1RGGGFWfU8IYca5ChRxVQQDGDGWIgMQcUdMSAhBZF4EGGFnOcQYQcNtCwhBbnrTGFFUnIcIcbQjyBxA1nGHGDGlYMMUYNV6whBxN41JHSF2SckUQTN1BRxhJFtPGGDE3IEIUQSOTBhh41EKHFFUeYgUUUYWBBhRZT4EDFEFgw8cUZVSRBhBRVpOEVGc8F5YIbCLpWIUEV0oHGHG-4dl1zbKjl1Xt6bZFZF2jJARRD2DkkghiS6QCDC24hdtoXcLi70L2OcfaQHHYs1tBDZYxx2r_4tlaHtDqIMEYOYsAQUU0tjAHDGDagROdTYdwwxncubUxGZmX0FcZtD6WxmAg5xOBCDvfSIIMLDdHglX8uZxTzzDXfnLNXdYSRURNv6JEGG2yE8UIN-IKAwhVpuEHtHXOA4AQVINyE7w4gUO1GoWDjQTYIBDMEA9QwpABhwmu8EZ1bjt0UAwhGpCFHGWa8gccLN7F97rsiOPGEV2t-MQbhhnvFBuFFODFtGXZ8sTdsDNVwww1mEeXYwGdcJloNdD10UOViyDEXDqZT_oWrZIiFQ0ymy_EGZg-9odBe7fqdx0I0mJ6H6HTIUUcZA_ONm268-fZCGNdmK8e2BTn4bbjulkGuWi94dUdGZOEAg1dogI-hzncRnJHtLNKxZgt1uBHiSDeTMQZZ0xJ-EKn3sywCHW2giA04MgPS0IV1_2vDbRgywL8YkHNegozlyoCXLyBIgAR8IALVoxcRHCRFDZoIWh73L8SEBgZ9UEBAAA%3D%3D&s=6ddccb6c2f23f79339310b6cd5ff705c343af8109f842e6f2591ed74e685bc5a1669350878&w=t', r, '3697e945', '6ddccb6c2f23f79339310b6cd5ff705c343af8109f842e6f2591ed74e685bc5a1669350878', 'APeIQFMmDJkycuaI0BGjBgsRYcbQWRjjIZ0zC0XMsJHjRpkcNGq0kFGDDI4WNGbkINNCjEuRNmKMkZGjRgwYM2CEFPEwTJ0xGcOAtIGDDA0YLRquRClDTJmWRMegDDPjxowxOHLIyHmDJ0QydhbKiCEDx4yHcOqIoUgTRkWIcOAsxHEj5cM5cCbqOGrDZo6zItrg1cvX742HY9rI3fsXBs6eZMxQfCjGjZuFM2LEwGHzcGA3GHXQrPFYBJw2oBf2pfG2jhw2mKt2JPqwjoyMaOjQgTNHx4sXbfCccdEmDJ40Z8K0Ke5izJs2L2TAEFNj5ZinOs3cQFmjhpgWYcKYEdlwDI2_OMKIGWvjxxjlcNKQ6XE-J04udRzLsDFGzhf5PWS2WWf46cdfGHT0EAQZdbBBBwhHlOEGQmGwUSAM-80RQw8d5XBhhmnQUUYVUjDRAx5mhOEGHWHokUdzz31owxwhlvHffHSlJGMZcDzXwx48PteHjAbh9QYdN9IHQ18x_EUkhxjKaAYbb9yR5B5TVnnjkPlhyB8baYyxRpJ1RGGGFWfU8IYca5ChRxVQQDGDGWIgMQcUdMSAhBZF4EGGFnOcQYQcNtCwhBbnrTGFFUnIcIcbQjyBxA1nGHGDGlYMMUYNV6whBxN41JHSF2SckUQTN1BRxhJFtPGGDE3IEIUQSOTBhh41EKHFFUeYgUUUYWBBhRZT4EDFEFgw8cUZVSRBhBRVpOEVGc8F5YIbCLpWIUEV0oHGHG-4dl1zbKjl1Xt6bZFZF2jJARRD2DkkghiS6QCDC24hdtoXcLi70L2OcfaQHHYs1tBDZYxx2r_4tlaHtDqIMEYOYsAQUU0tjAHDGDagROdTYdwwxncubUxGZmX0FcZtD6WxmAg5xOBCDvfSIIMLDdHglX8uZxTzzDXfnLNXdYSRURNv6JEGG2yE8UIN-IKAwhVpuEHtHXOA4AQVINyE7w4gUO1GoWDjQTYIBDMEA9QwpABhwmu8EZ1bjt0UAwhGpCFHGWa8gccLN7F97rsiOPGEV2t-MQbhhnvFBuFFODFtGXZ8sTdsDNVwww1mEeXYwGdcJloNdD10UOViyDEXDqZT_oWrZIiFQ0ymy_EGZg-9odBe7fqdx0I0mJ6H6HTIUUcZA_ONm268-fZCGNdmK8e2BTn4bbjulkGuWi94dUdGZOEAg1dogI-hzncRnJHtLNKxZgt1uBHiSDeTMQZZ0xJ-EKn3sywCHW2giA04MgPS0IV1_2vDbRgywL8YkHNegozlyoCXLyBIgAR8IALVoxcRHCRFDZoIWh73L8SEBgZ9UEBAAA==', true, false)
};
count++; < /script><noscript><img src="/ / pxl.tsyndicate.com / api / v1 / p / p.js ? p = APeIQFMmDJkycuaI0BGjBgsRYcbQWRjjIZ0zC0XMsJHjRpkcNGq0kFGDDI4WNGbkINNCjEuRNmKMkZGjRgwYM2CEFPEwTJ0xGcOAtIGDDA0YLRquRClDTJmWRMegDDPjxowxOHLIyHmDJ0QydhbKiCEDx4yHcOqIoUgTRkWIcOAsxHEj5cM5cCbqOGrDZo6zItrg1cvX742HY9rI3fsXBs6eZMxQfCjGjZuFM2LEwGHzcGA3GHXQrPFYBJw2oBf2pfG2jhw2mKt2JPqwjoyMaOjQgTNHx4sXbfCccdEmDJ40Z8K0Ke5izJs2L2TAEFNj5ZinOs3cQFmjhpgWYcKYEdlwDI2_OMKIGWvjxxjlcNKQ6XE - J04udRzLsDFGzhf5PWS2WWf46cdfGHT0EAQZdbBBBwhHlOEGQmGwUSAM - 80 RQw8d5XBhhmnQUUYVUjDRAx5mhOEGHWHokUdzz31owxwhlvHffHSlJGMZcDzXwx48PteHjAbh9QYdN9IHQ18x_EUkhxjKaAYbb9yR5B5TVnnjkPlhyB8baYyxRpJ1RGGGFWfU8IYca5ChRxVQQDGDGWIgMQcUdMSAhBZF4EGGFnOcQYQcNtCwhBbnrTGFFUnIcIcbQjyBxA1nGHGDGlYMMUYNV6whBxN41JHSF2SckUQTN1BRxhJFtPGGDE3IEIUQSOTBhh41EKHFFUeYgUUUYWBBhRZT4EDFEFgw8cUZVSRBhBRVpOEVGc8F5YIbCLpWIUEV0oHGHG - 4 dl1zbKjl1Xt6bZFZF2jJARRD2DkkghiS6QCDC24hdtoXcLi70L2OcfaQHHYs1tBDZYxx2r_4tlaHtDqIMEYOYsAQUU0tjAHDGDagROdTYdwwxncubUxGZmX0FcZtD6WxmAg5xOBCDvfSIIMLDdHglX8uZxTzzDXfnLNXdYSRURNv6JEGG2yE8UIN - IKAwhVpuEHtHXOA4AQVINyE7w4gUO1GoWDjQTYIBDMEA9QwpABhwmu8EZ1bjt0UAwhGpCFHGWa8gccLN7F97rsiOPGEV2t - MQbhhnvFBuFFODFtGXZ8sTdsDNVwww1mEeXYwGdcJloNdD10UOViyDEXDqZT_oWrZIiFQ0ymy_EGZg - 9 odBe7fqdx0I0mJ6H6HTIUUcZA_ONm268 - fZCGNdmK8e2BTn4bbjulkGuWi94dUdGZOEAg1dogI - hzncRnJHtLNKxZgt1uBHiSDeTMQZZ0xJ - EKn3sywCHW2giA04MgPS0IV1_2vDbRgywL8YkHNegozlyoCXLyBIgAR8IALVoxcRHCRFDZoIWh73L8SEBgZ9UEBAAA % 3 D % 3 D & r = 1 & s = 6 ddccb6c2f23f79339310b6cd5ff705c343af8109f842e6f2591ed74e685bc5a1669350878 & w = t "></noscript> < div style = "width:300px;height:250px;float:left" > < a href = "//tsyndicate.com/do2/click?c=APeIQFMmDJkycuaI0BGjBgsRYcbQWSjjIZ0zC0XMsJHjRpkcNGq0kFGDDI4WNGbkINNCjEuRNmKMkZGjRgwYM2CEFPEwTJ0xGcOAtIGDDA0YLRquRClDTJmWRMegDDPjxowxOHLIyHmDJ0QydijGkIFjxkM4dcQsHJsDRoyecOAsxHEj5cM5cCbqOGrDZg6zItrg1cvX742HY9rI3fsXBs6eZMysfSjGjZuFM2LEwGHzcGA3GHXQrPFYBJw2oBf2pfFWRB05bDBX7Uj0YR0ZGdHQoQNnjo4XL9rgOeOiTRg8ac6EaWPcxZg3bV7IgCGmxsoxT3WauYGyRg0xLcKEMSOy4Rgaf3GEESMjho0fY5bDSUOmB_qcOLnUcSzDxhg5X9DXQ2abdaYff_6FQUcPQZBRBxt0gHBEGW4gFAYbB8LQ3xwx9NBRDhlumAYdZVQhBRM94GFGGG7QEYYeeTgHXYg2zDFiGQHWR1dKNJYBB3Q97OEjdH3QaBBeb9CRo30w9BXDX0Z6qCGNZrDxxh1L7lHllTkWuZ-G_rGRxhhrLInFDGzcYAQRR7SAxhtrMAHFcmeskUYMThQxRxYxFEEHG2yoQUNvcsDmhA1vOCFREk3cMAcWUyzBRBFvyEFFHmlcgcQaWeDwhR5M0LGEFlG0EAUWMaRRRRloKNHGHXKkaoYZdwRRRhxLyGDFDC1UYYUYULQAXRJayJFEEF-cUUUSREhRRRpekQFdUC64oeBrFxJ0IR1ozPHGa9g5x0ZaXsWn1xaZdXGWHEAxlJ1DIoghmQ4wuOAWYqd9AQe7C9XrGGcPyWHHYg09VMYYp_Vrb2t11AGtDiKMkYMYMERUUwtjwDCGDSiZ4VR4N4wBnksak5FZGX2FgdtDaSwmQg4xuNCWCzTI4EJDNHgFYMsZwSxzvTXfXEPOtoWRURNv6JEGoGG8UIO9IKBwRRpuSHvHHCA4QQUIN9m7AwhTu2EDDV_jMfbXAjMEw9MwpCDhwWu8IZ1bjt0UAwhGpCFHGWa8gccLN7FdbrsiOPGEV5V-MQbhhnvFBuFFOBFtGXZ8sXdsDNVwww1lEeVYwGdcJloNdD10UOViyDEXDqZT_kUbb5BBEQ4xmS7HG5g99IZCe63rdx4L0WB6HqLTIUcdZQTMd2679fbbC2FUe60c2RYEYbffsluGuGm94NUdGY2FAwxeoRG-hkSLMIfAGd3uIh2VtlCHGyOOZDMZY4wVLeEHfYG__hZpw1pswJEZkIYurBMBHdqAG4YQ8C8H5ByYIGO5MuDlCwoaYAEjmMD16EUEB1nRgyZylsf1CzGhgUEfFBAQ&s=18e451437a31d3caa6a92466a7b8fd5a5a474a2fd8d4ba71122db96fe2d633de1669350878"
id = "i3697e945"
target = "_blank"
rel = "nofollow noopener" > < img src = "https://lcdn.tsyndicate.com/images/f/9/c6542954e657f07ad90fa19d17c7da6431db37.gif"
width = "300"
height = "250"
onload = "u3697e945(1)"
onerror = "u3697e945(0)" / > < /a><script>new openLink(document.getElementById('i3697e945'));</script > < /div>


< /body></html >
#10 JavaScript::Write (size: 264) - SHA256: f3320d7a93b4107b884eba8624ede6ddd50f11586e46787b216f1eaa5cd7e0ae
< center > < script async type = "application/javascript"
src = "https://a.realsrv.com/ad-provider.js" > < /script> < ins class = "adsbyexoclick"
data - keywords = ""
data - zoneid = "4786594" > < /ins> < script > (AdProvider = window.AdProvider || []).push({
    "serve": {}
}); < /script></center >
#11 JavaScript::Write (size: 275) - SHA256: cbc71a4cb9daeaddc65be3f883d53fcc2cecee43aef8609f87eaf7503f999352
< center > < iframe src = "https://media.aso1.net/js/ifr.html#id=87884"
width = "970"
height = "250"
align = "center"
frameborder = "0"
hspace = "0"
vspace = "0"
marginheight = "0"
marginwidth = "0"
scrolling = "no"
style = "width:970px; height:250px; overflow:hidden; border:none;" > < /iframe></center >
#12 JavaScript::Write (size: 1056) - SHA256: f16ae4f9310cc2dce19f79a05e9f41df29cb00dd9728a1c2663108d654534890
< center > < div id = "ts_ad_native_atxjr" > < /div> < script src = "//cdn.tsyndicate.com/sdk/v1/master.spot.js" > < /script> < script >
    TsMasterSpot({
        "containerId": "ts_ad_native_atxjr",
        "spot": "WF8qxoGQpTQRg0uYg8RBqicfsIjfiOk4",
        "nativeSettings": {
            "cols": 5,
            "rows": 1,
            "titlePosition": "none",
            "adsByPosition": "none",
            "type": "label-under",
            "styles": {
                "container": {
                    "width": "100%"
                },
                "thumb": {
                    "border-radius": "4px"
                },
                "label": {
                    "height": "80px",
                    "background": "rgba(255,255,255,0.65)"
                },
                "headlineLink": {
                    "padding-top": "5px",
                    "font-size": "12px",
                    "font-weight": "bold",
                    "min-height": "45px"
                },
                "brandnameLink": {
                    "color": "#444"
                }
            }
        }
    }); < /script></center >


HTTP Transactions (263)


Request Response
                                        
                                            GET /video/6051542a4ce90e0b3a572b0b? HTTP/1.1 
Host: xfantazy.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1

search
                                         172.64.163.22
HTTP/1.1 302 Found
                                        
Date: Fri, 25 Nov 2022 04:34:31 GMT
Content-Length: 0
Connection: keep-alive
location: https://xfantazy.com/video/6051542a4ce90e0b3a572b0b?
cache-control: no-cache
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=iamgM%2BDj5YbVSNUFanrBUihLbjclqOYREKbihfqSgEURdlln0dTtp396eRaPvr1D4C6QdKziDo6A8o8ON%2F1p8YTBMbjxxq7J4ju8S%2BUITtZvRuyISlSoeKELgOkyKeA%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 76f7ac226c9672ae-LHR
alt-svc: h2=":443"; ma=60

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "12AF026999398F4976749E320667D43DA3F99B7A2E8254ACA7A410A964A106AA"
Last-Modified: Thu, 24 Nov 2022 06:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11884
Expires: Fri, 25 Nov 2022 07:52:35 GMT
Date: Fri, 25 Nov 2022 04:34:31 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: ocsp.digicert.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         93.184.220.29
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Accept-Ranges: bytes
Age: 611
Cache-Control: 'max-age=158059'
Date: Fri, 25 Nov 2022 04:34:31 GMT
Last-Modified: Fri, 25 Nov 2022 04:24:20 GMT
Server: ECS (ska/F714)
X-Cache: HIT
Content-Length: 471

                                        
                                            GET /v1/ HTTP/1.1 
Host: firefox.settings.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.102.187.140
HTTP/2 200 OK
content-type: application/json
                                        
access-control-allow-origin: *
access-control-expose-headers: Content-Type, Retry-After, Content-Length, Alert, Backoff
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Fri, 25 Nov 2022 04:19:03 GMT
cache-control: public,max-age=3600
age: 928
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Size:   939
Md5:    567df7db606cf5d0871aa5bc9311b6da
Sha1:   4263faac7cbab2fcaf6661911dcad5091c06be17
Sha256: e9650e1fdc46fc8678708ddcc37ab369c7a6d50489a004be896f20c7a3a644b0
                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "C9951A909F354174F0075A01C01C3C3AA6960983040E328BFBBBEA81AEB405C2"
Last-Modified: Thu, 24 Nov 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=13742
Expires: Fri, 25 Nov 2022 08:23:33 GMT
Date: Fri, 25 Nov 2022 04:34:31 GMT
Connection: keep-alive

                                        
                                            GET /chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain HTTP/1.1 
Host: content-signature-2.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         34.160.144.191
HTTP/2 200 OK
content-type: binary/octet-stream
                                        
x-amz-id-2: FojPZJYaxcWy7aWW2Zzo2GhLheewgsHHpN55eyIN0iypZ/3RX5oOmseF1tvVmdzHAVf6RHb7zGQ=
x-amz-request-id: J3KJ3ARVZWVE4G1J
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Fri, 25 Nov 2022 03:43:41 GMT
age: 3050
last-modified: Thu, 10 Nov 2022 09:21:27 GMT
etag: "9ebddc2b260d081ebbefee47c037cb28"
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  PEM certificate\012- , ASCII text
Size:   5348
Md5:    9ebddc2b260d081ebbefee47c037cb28
Sha1:   492bad62a7ca6a74738921ef5ae6f0be5edebf39
Sha256: 74bbb7cba16f7d084a08a0907d47d7496e5c148f904707ec6950f8f6a61027e5
                                        
                                            POST /s/gts1p5/PrU7zFTubJs HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         142.250.74.35
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Fri, 25 Nov 2022 04:34:31 GMT
Cache-Control: public, max-age=14400
Server: scaffolding on HTTPServer2
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            GET /v1/tiles HTTP/1.1 
Host: contile.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.117.237.239
HTTP/2 200 OK
content-type: application/json
                                        
server: nginx
date: Fri, 25 Nov 2022 04:34:31 GMT
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with no line terminators
Size:   12
Md5:    23e88fb7b99543fb33315b29b1fad9d6
Sha1:   a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
Sha256: 7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
                                        
                                            POST /s/gts1p5/PrU7zFTubJs HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         142.250.74.35
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Fri, 25 Nov 2022 04:34:32 GMT
Cache-Control: public, max-age=14400
Server: scaffolding on HTTPServer2
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         142.250.74.35
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Fri, 25 Nov 2022 04:34:32 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1 
Host: firefox.settings.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.102.187.140
HTTP/2 200 OK
content-type: application/json
                                        
access-control-allow-origin: *
access-control-expose-headers: Backoff, Pragma, Alert, Content-Type, ETag, Retry-After, Last-Modified, Content-Length, Cache-Control, Expires
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Fri, 25 Nov 2022 04:08:53 GMT
cache-control: public,max-age=3600
age: 1539
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Size:   329
Md5:    0333b0655111aa68de771adfcc4db243
Sha1:   63f295a144ac87a7c8e23417626724eeca68a7eb
Sha256: 60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         142.250.74.35
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Fri, 25 Nov 2022 04:34:32 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            POST / HTTP/1.1 
Host: ocsp.sectigo.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         172.64.155.188
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Fri, 25 Nov 2022 04:34:32 GMT
Content-Length: 472
Connection: keep-alive
Last-Modified: Tue, 22 Nov 2022 15:14:19 GMT
Expires: Tue, 29 Nov 2022 15:14:18 GMT
Etag: "80f500c9cc1b84c3b799fc6f055ac1701464a2cc"
Cache-Control: max-age=383385,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb1
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 76f7ac27c8ff0b3d-OSL

                                        
                                            GET /_next/static/chunks/commons.9b890646c0aa33eb63fe.js HTTP/1.1 
Host: xfantazy.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/video/6051542a4ce90e0b3a572b0b?
Cookie: visitorId=aunxcne9m2bdujejini09; experiment-popup-payment-7=0; experiment-save-to-button-2=0
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         172.64.162.22
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
                                        
date: Fri, 25 Nov 2022 04:34:32 GMT
cache-control: public, max-age=31536000, immutable
cf-bgj: minify
cf-polished: origSize=1388386
etag: W/"152f62-1826d2b9f14"
last-modified: Fri, 05 Aug 2022 08:42:31 GMT
vary: Origin, Accept-Encoding
cf-cache-status: HIT
age: 9661826
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ETWYRcnmHZ40OUlOIaiDBXbfLN1VotDFcJEatl5pnkHMQex8x89MQRSNxiqXYR%2FKd4Tp5Ta7uJzqPOEVx4V5hDkPZaLzBe6uNWJC28uBZhLTsbSSmYYVEM6U5OZvaCw%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 76f7ac270d0875db-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (65536), with no line terminators
Size:   400695
Md5:    578813045c70d47798ef07e6a4bbd139
Sha1:   2df333c3a2f7ad554669f86eb392699fb88c3bff
Sha256: b9112b8100670f1963c4a6c71f692fdb94405695f7773b12bb18555390aa02b2
                                        
                                            GET /thumbnail/d7nAvXbzw6e9-DvE_w/w320h240/0.jpeg HTTP/1.1 
Host: static-cache.k2s.cc
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

search
                                         188.72.235.185
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: openresty
date: Fri, 25 Nov 2022 04:34:32 GMT
content-length: 10663
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
access-control-allow-origin: *
x-cache-status: HIT
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v80), quality = 80", baseline, precision 8, 320x240, components 3\012- data
Size:   10663
Md5:    125a4edcf33be62b9e9e7b19bad888db
Sha1:   43027be2f9a90fa08be93b3f8ff8f7446b2863b6
Sha256: 8b5427269ecdb82208e60b8aef37b87238ea7ff55e3ac272b86d2f01ed7af8c3
                                        
                                            GET /thumbnail/J-ub7HHwya7lrD2Wqw/w320h240/0.jpeg HTTP/1.1 
Host: static-cache.k2s.cc
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

search
                                         188.72.235.185
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: openresty
date: Fri, 25 Nov 2022 04:34:32 GMT
content-length: 8546
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
access-control-allow-origin: *
x-cache-status: HIT
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v80), quality = 80", baseline, precision 8, 320x240, components 3\012- data
Size:   8546
Md5:    98820ad936b52a2b8c6b63d974812a30
Sha1:   e2e7bb461a9c3fe4ea8cac668b612fedad208c76
Sha256: 423bf00686050fc5923adc3d55cf5adff63dee08aa5aff13b1de4880296b17eb
                                        
                                            GET /thumbnail/JOyRu36kn_3p_jvC_Q/w320h240/0.jpeg HTTP/1.1 
Host: static-cache.k2s.cc
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

search
                                         188.72.235.185
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: openresty
date: Fri, 25 Nov 2022 04:34:32 GMT
content-length: 13048
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
access-control-allow-origin: *
x-cache-status: HIT
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v80), quality = 80", baseline, precision 8, 320x240, components 3\012- data
Size:   13048
Md5:    d1125deed4e2e12de538306048958066
Sha1:   71a3b41b7f8261310c90232733e7d5d0bef47fb5
Sha256: 68d017adc263b0e6f17e6f28267b28c43163ed226e1e1c714e477547a581673b
                                        
                                            GET /thumbnail/IeiT6CKmm6e6_mnCrQ/w320h240/0.jpeg HTTP/1.1 
Host: static-cache.k2s.cc
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

search
                                         188.72.235.185
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: openresty
date: Fri, 25 Nov 2022 04:34:32 GMT
content-length: 14116
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
access-control-allow-origin: *
x-cache-status: HIT
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v80), quality = 80", baseline, precision 8, 320x240, components 3\012- data
Size:   14116
Md5:    be81a13d6635a5820793ab78dddfac41
Sha1:   9e35426095a3635b3a57ffdc7649edeb5088572f
Sha256: 8d763c5b9254996d169a5ee95034f6aeb78929a3ef9294457d723bdcdc471bf5
                                        
                                            GET /_next/static/chunks/16.2fcecc4fbe403da70f1d.js HTTP/1.1 
Host: xfantazy.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/video/6051542a4ce90e0b3a572b0b?
Cookie: visitorId=aunxcne9m2bdujejini09; experiment-popup-payment-7=0; experiment-save-to-button-2=0
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         172.64.162.22
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
                                        
date: Fri, 25 Nov 2022 04:34:32 GMT
cache-control: public, max-age=31536000, immutable
cf-bgj: minify
etag: W/"4f4a-1835015f16a"
last-modified: Sun, 18 Sep 2022 10:12:38 GMT
vary: Origin, Accept-Encoding
cf-cache-status: HIT
age: 2581860
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=zSq24LC3Am7AMOhprB5Jn3PsKnX2i05dE4I6maKtT2puDZcZggMnIfAn7bXhXno4%2FO4s0QMsy0oCFINP%2B4LAoYbhsfW5kkaBRr9gbBO1aBy9670ekQLO6arBArchSnc%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 76f7ac270d0b75db-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (20298), with no line terminators
Size:   6720
Md5:    0e418dfd11118e1c9ef27d8a7b48b306
Sha1:   7f12af27027f53af47171735aac4d4b9c3c5e990
Sha256: d5c2aac37d0c38d3d48963974720d811bc61e371a56f72d182d4dfbd54572c58
                                        
                                            POST / HTTP/1.1 
Host: ocsp.sectigo.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         172.64.155.188
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Fri, 25 Nov 2022 04:34:32 GMT
Content-Length: 472
Connection: keep-alive
Last-Modified: Tue, 22 Nov 2022 15:14:19 GMT
Expires: Tue, 29 Nov 2022 15:14:18 GMT
Etag: "80f500c9cc1b84c3b799fc6f055ac1701464a2cc"
Cache-Control: max-age=383385,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb5
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 76f7ac27cb86b521-OSL

                                        
                                            POST / HTTP/1.1 
Host: ocsp.sectigo.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         172.64.155.188
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Fri, 25 Nov 2022 04:34:32 GMT
Content-Length: 472
Connection: keep-alive
Last-Modified: Tue, 22 Nov 2022 15:14:19 GMT
Expires: Tue, 29 Nov 2022 15:14:18 GMT
Etag: "80f500c9cc1b84c3b799fc6f055ac1701464a2cc"
Cache-Control: max-age=383385,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb3
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 76f7ac27b89eb517-OSL

                                        
                                            GET /_next/static/CQQjK-JMZPEm6YR1Hp7eX/pages/video.js HTTP/1.1 
Host: xfantazy.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/video/6051542a4ce90e0b3a572b0b?
Cookie: visitorId=aunxcne9m2bdujejini09; experiment-popup-payment-7=0; experiment-save-to-button-2=0
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         172.64.162.22
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
                                        
date: Fri, 25 Nov 2022 04:34:32 GMT
cache-control: public, max-age=31536000, immutable
cf-bgj: minify
etag: W/"597e-18350160ab4"
last-modified: Sun, 18 Sep 2022 10:12:45 GMT
vary: Origin, Accept-Encoding
cf-cache-status: HIT
age: 5854655
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2FJMVkbfqpcofwntnoiOm7cqTJS2V9ZgFugbOBCiBQ%2Fq%2FtFrqzhxGsLtRE6ehSNj5GkVwfWdjEv%2B1mILV%2F99w0HFcYPbO7D41lG%2Bo1BvL1hNFkBSz0vdTuEbrPY%2BCh7w%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 76f7ac270d0675db-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (22910), with no line terminators
Size:   44736
Md5:    40254749abd5e34659c73bf59a587410
Sha1:   67cd2a00f59e1f6115d3966a2b0e226f784afe9a
Sha256: b88960ad56998e6ca92c48bbe51213ca266f116698a4963eed62208e5ba701be
                                        
                                            GET /gtm.js?id=GTM-PLKQLTX HTTP/1.1 
Host: www.googletagmanager.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         142.250.74.168
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
                                        
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Fri, 25 Nov 2022 04:34:32 GMT
expires: Fri, 25 Nov 2022 04:34:32 GMT
cache-control: private, max-age=900
last-modified: Fri, 25 Nov 2022 03:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 54293
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (15971)
Size:   54293
Md5:    97caec1a07b0d07a0f7ca5cbfd4f1fcb
Sha1:   02dbb9d226967b9aae872b15f1e9181d2d525027
Sha256: 0d39286e9dcb4b14a2223f034a07aa354e10e7e228798e5e12afbd549fa91ec0
                                        
                                            POST / HTTP/1.1 
Host: ocsp.sectigo.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         172.64.155.188
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Fri, 25 Nov 2022 04:34:32 GMT
Content-Length: 472
Connection: keep-alive
Last-Modified: Tue, 22 Nov 2022 15:14:19 GMT
Expires: Tue, 29 Nov 2022 15:14:18 GMT
Etag: "80f500c9cc1b84c3b799fc6f055ac1701464a2cc"
Cache-Control: max-age=383385,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb4
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 76f7ac27bb21b51d-OSL

                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         142.250.74.35
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Fri, 25 Nov 2022 04:34:32 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         142.250.74.35
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Fri, 25 Nov 2022 04:34:32 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         142.250.74.35
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Fri, 25 Nov 2022 04:34:32 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            GET /_next/static/chunks/7.38d845e9473548212694.js HTTP/1.1 
Host: xfantazy.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/video/6051542a4ce90e0b3a572b0b?
Cookie: visitorId=aunxcne9m2bdujejini09; experiment-popup-payment-7=0; experiment-save-to-button-2=0
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         172.64.162.22
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
                                        
date: Fri, 25 Nov 2022 04:34:32 GMT
cache-control: public, max-age=31536000, immutable
cf-bgj: minify
etag: W/"97ba-183501608ac"
last-modified: Sun, 18 Sep 2022 10:12:44 GMT
vary: Origin, Accept-Encoding
cf-cache-status: HIT
age: 2581816
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=mItFbtmEHzrC5DzvqFWqpMpFh1wii%2BqNmHrWT2%2BcSdKPUp2IbMKDmjaExgQxLCSw9GS1BavoIKoSiATe5xxRHXmiOPPa%2BIL%2F%2FRr9zrHL6DSTyPWwy8F8vZ7MlMDVGCc%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 76f7ac270d0975db-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (38842), with no line terminators
Size:   26507
Md5:    619d28de9fa9c57889ba72380f7ccdb8
Sha1:   ead1f9e4a1285f965b582a120386715054fdb01a
Sha256: d09b3a73f03420a8bdcdb51604bd183e06dc180d32f4663852bd0bd7a5873a39
                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         142.250.74.35
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Fri, 25 Nov 2022 04:34:32 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            GET /s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2 HTTP/1.1 
Host: fonts.gstatic.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://xfantazy.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         216.58.207.195
HTTP/2 200 OK
content-type: font/woff2
                                        
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15860
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 23 Nov 2022 18:53:49 GMT
expires: Thu, 23 Nov 2023 18:53:49 GMT
cache-control: public, max-age=31536000
age: 121243
last-modified: Wed, 11 May 2022 19:24:42 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  Web Open Font Format (Version 2), TrueType, length 15860, version 1.0\012- data
Size:   15860
Md5:    e9f5aaf547f165386cd313b995dddd8e
Sha1:   acdef5603c2387b0e5bffd744b679a24a8bc1968
Sha256: f5aebdfea35d1e7656ef4acc5db1f243209755ae3300943ef8fc6280f363c860
                                        
                                            GET /s/roboto/v30/KFOlCnqEu92Fr1MmEU9fBBc4.woff2 HTTP/1.1 
Host: fonts.gstatic.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://xfantazy.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         216.58.207.195
HTTP/2 200 OK
content-type: font/woff2
                                        
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15920
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 23 Nov 2022 14:07:32 GMT
expires: Thu, 23 Nov 2023 14:07:32 GMT
cache-control: public, max-age=31536000
age: 138420
last-modified: Wed, 11 May 2022 19:24:45 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  Web Open Font Format (Version 2), TrueType, length 15920, version 1.0\012- data
Size:   15920
Md5:    3a44e06eb954b96aa043227f3534189d
Sha1:   23cef6993ddb2b2979e8e7647fc3763694e2ba7d
Sha256: b019538234514166ec7665359d097403358f8a4c991901983922fb4d56989f1e
                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         142.250.74.35
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Fri, 25 Nov 2022 04:34:32 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            GET / HTTP/1.1 
Host: push.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: 8SuSZ6MSSb335i+DymIAbA==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

search
                                         54.189.139.67
HTTP/1.1 101 Switching Protocols
                                        
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: WhZhQCHeW3rrYv9NiM059NAULJc=

                                        
                                            GET /analytics.js HTTP/1.1 
Host: www.google-analytics.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         142.250.74.174
HTTP/2 200 OK
content-type: text/javascript
                                        
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 20039
date: Fri, 25 Nov 2022 02:41:08 GMT
expires: Fri, 25 Nov 2022 04:41:08 GMT
cache-control: public, max-age=7200
age: 6804
last-modified: Tue, 27 Sep 2022 22:01:05 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (1325)
Size:   20039
Md5:    47e6f374ca946fddd5b59871b325736c
Sha1:   baa9282efc8785e84d247c3bff518eaa45f101c4
Sha256: 16580b5c87c58e5702e411f1888fdef511094e4cd6d62bb47d16291ffb25985e
                                        
                                            GET /npm/yandex-metrica-watch/tag.js HTTP/1.1 
Host: cdn.jsdelivr.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         151.101.85.229
HTTP/2 200 OK
content-type: application/javascript; charset=utf-8
                                        
access-control-allow-origin: *
access-control-expose-headers: *
timing-allow-origin: *
cache-control: public, max-age=604800, s-maxage=43200
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-jsd-version: 1.249.0
x-jsd-version-type: version
etag: W/"346a1-5pJjF6sMSAvD5NiPdWPuLzoQQcw"
content-encoding: gzip
accept-ranges: bytes
date: Fri, 25 Nov 2022 04:34:32 GMT
age: 36610
x-served-by: cache-fra-eddf8230060-FRA, cache-bma1682-BMA
x-cache: HIT, HIT
vary: Accept-Encoding
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 85108
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  Unicode text, UTF-8 (with BOM) text, with very long lines (587)
Size:   85108
Md5:    48c6510db10510d25a14e132b6c6bd1a
Sha1:   de1feca854233a18bd70d0484154bcacbd138c1d
Sha256: 73c6bbad275690c160ed6e68c4cd317e8c8bc46e3ca5a1445d6195bfa3ef100b
                                        
                                            POST /ca/gsatlasr3dvtlsca2022q1 HTTP/1.1 
Host: ocsp.globalsign.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         104.18.21.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Fri, 25 Nov 2022 04:34:32 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Etag: "018A3951B41DEF6AA2ED1611866A7E5A897CA95C"
Expires: Fri, 25 Nov 2022 15:00:00 GMT
Last-Modified: Fri, 25 Nov 2022 03:00:00 UTC
Cache-Control: s-maxage=3600, public, no-transform, must-revalidate
CF-Cache-Status: HIT
Age: 1984
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 76f7ac2b9f1ffac8-OSL


--- Additional Info ---
Magic:  data
Size:   16156
Md5:    90c2787d73615138c6abe3e2ca95dcdb
Sha1:   98eb8b73fad582e36a94b831d829fb6271bcd1d7
Sha256: a627e02a53ab4ad42a9f02d4705c81e37ac9040094e9bca71c1bd275865fb9a5
                                        
                                            GET /zRdVuw7.js HTTP/1.1 
Host: a.naturalhealthsource.club
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         135.181.208.216
HTTP/2 200 OK
content-type: application/javascript
                                        
server: nginx
date: Fri, 25 Nov 2022 04:34:33 GMT
last-modified: Sat, 22 Oct 2022 11:28:35 GMT
etag: W/"6353d3e3-1cfaf"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000, public
vary: Accept-Encoding, Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 a30105057fbcc8761b99df13f333a9ea.cloudfront.net (CloudFront)
x-amz-cf-pop: ARN54-C1
alt-svc: h3=":443"; ma=86400
x-amz-cf-id: 3dhIfSF4qVJIn0erZwVR93Bg4fc358zoUV_hJgeGJlX-w2eKgXtYuw==
age: 2570725
x-frame-options: DENY
x-content-type-options: nosniff
content-encoding: gzip
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  data
Size:   37172
Md5:    9d2fc4e98a8fcb01a3513c2b63d763ee
Sha1:   16d6c946c5ea6bf87c47c4ac4ea5a675208faba2
Sha256: c150c66fcb4046136dbe12330c525eaa6ec2630e5aeb33cd8f82ef326bbc5623
                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "2F2DAD5175C4AF75DE29B95E624718E6357D2F7C685C71AF04C2E89B87860AD7"
Last-Modified: Thu, 24 Nov 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=18524
Expires: Fri, 25 Nov 2022 09:43:17 GMT
Date: Fri, 25 Nov 2022 04:34:33 GMT
Connection: keep-alive


--- Additional Info ---
Magic:  data
Size:   1628
Md5:    d90c672eff33f4747f496caa2d4af6ff
Sha1:   8db2df92ad95e63d25af7aa3902cf29131625fa9
Sha256: d9a457f10f38f897731fe1c6cda956052be0e157745902f43f82ed2db038669e
                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "EAC3156A5E13751A4CF955318DA2DEDA872F12001D9D7928F0F386A5934D7AF3"
Last-Modified: Thu, 24 Nov 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=1283
Expires: Fri, 25 Nov 2022 04:55:56 GMT
Date: Fri, 25 Nov 2022 04:34:33 GMT
Connection: keep-alive


--- Additional Info ---
Magic:  data
Size:   4165
Md5:    37f079f5855e02d16cb6d537ca6d0d55
Sha1:   7b86de9e9f770744b0b80ae65f08eae2a5952c4d
Sha256: 17d8f5e3d61b280281d448cd7248ba5a7c74b49d5b912a3d212ca7a768c569db
                                        
                                            GET /watch/49415098/1?wmode=7&page-url=https%3A%2F%2Fxfantazy.com%2Fvideo%2F6051542a4ce90e0b3a572b0b%3F&charset=utf-8&browser-info=pv%3A1%3Agdpr%3A14%3Avf%3A15ly4knov7onia7cw1aby4%3Afp%3A1141%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A923%3Acn%3A1%3Adp%3A0%3Als%3A1311919842147%3Ahid%3A65875391%3Az%3A0%3Ai%3A20221125043432%3Aet%3A1669350873%3Ac%3A1%3Arn%3A944215714%3Arqn%3A1%3Au%3A1669350873358294287%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ads%3A0%2C94%2C267%2C0%2C356%2C0%2C%2C238%2C9%2C%2C%2C%2C1147%3Ans%3A1669350870843%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1669350873%3At%3Aonline%20xxx%20video%2032%20Pure%20Taboo%20-%20Gia%20Derza%20%7C%20art%20%7C%20hardcore%20porn%20hardcore%20sex%20reporter%20gif%20-%20XFantazy.com&t=gdpr%2814%29clc%280-0-0%29rqnt%281%29aw%281%29fip%281%29rqnl%281%29ti%282%29 HTTP/1.1 
Host: mc.yandex.ru
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://xfantazy.com
Referer: https://xfantazy.com/
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

search
                                         77.88.21.119
HTTP/2 200 OK
content-type: application/json; charset=utf-8
                                        
content-length: 419
date: Fri, 25 Nov 2022 04:34:33 GMT
x-content-type-options: nosniff
access-control-allow-origin: https://xfantazy.com
access-control-allow-credentials: true
pragma: no-cache
x-xss-protection: 1; mode=block
expires: Fri, 25-Nov-2022 04:34:33 GMT
last-modified: Fri, 25-Nov-2022 04:34:33 GMT
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with very long lines (419), with no line terminators
Size:   419
Md5:    5eeab3e669d4c5f05bb905422fb7635c
Sha1:   31d0f00129b49bcf3ab28a1db4a6d80a89c0e218
Sha256: 6e0a6ac8ed96b6e5af727d8d5dd279365a001c94c0f290a7434ed83b6db584e2
                                        
                                            GET /metrika/advert.gif HTTP/1.1 
Host: mc.yandex.ru
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

search
                                         77.88.21.119
HTTP/2 200 OK
content-type: image/gif
                                        
content-length: 43
date: Fri, 25 Nov 2022 04:34:33 GMT
access-control-allow-origin: *
etag: "637f41b2-2b"
expires: Fri, 25 Nov 2022 05:34:33 GMT
accept-ranges: bytes
last-modified: Thu, 24 Nov 2022 13:04:34 GMT
cache-control: max-age=3600
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  GIF image data, version 89a, 1 x 1\012- data
Size:   43
Md5:    df3e567d6f16d040326c7a0ea29a4f41
Sha1:   ea7df583983133b62712b5e73bffbcd45cc53736
Sha256: 548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
                                        
                                            GET /a2/f9/90/a2f990f10476061c719d1c1aa3a2ecd2.js HTTP/1.1 
Host: exploredefinitely.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         173.233.137.60
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
Server: nginx/1.19.5
Date: Fri, 25 Nov 2022 04:34:33 GMT
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 49020fe8fd88b73df80e1b44d41d7b52
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip


--- Additional Info ---
Magic:  ASCII text, with very long lines (37164), with no line terminators
Size:   13433
Md5:    e9be4af3a0cff955b5721db2a014262f
Sha1:   62ffd09e6353a6715b7adf3edf6b297ca6185fb0
Sha256: 9e8bdeff67ac9724f58ff8430bda2d96bf8964d590f6f1292506cd8b7b99ae46
                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         142.250.74.35
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Fri, 25 Nov 2022 04:34:33 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            POST /j/collect?t=dc&aip=1&_r=3&v=1&_v=j98&tid=UA-121614197-2&cid=114694667.1669350873&jid=265596840&gjid=1940512941&_gid=1045273581.1669350873&_u=YGBAiEABBAAAAEAAI~&z=156207599 HTTP/1.1 
Host: stats.g.doubleclick.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 0
Origin: https://xfantazy.com
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         142.251.1.154
HTTP/2 200 OK
content-type: text/plain
                                        
access-control-allow-origin: https://xfantazy.com
strict-transport-security: max-age=10886400; includeSubDomains; preload
date: Fri, 25 Nov 2022 04:34:33 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
last-modified: Sun, 17 May 1998 03:00:00 GMT
access-control-allow-credentials: true
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 1
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  very short file (no magic)
Size:   1
Md5:    c4ca4238a0b923820dcc509a6f75849b
Sha1:   356a192b7913b04c54574d18c28d46e6395428ab
Sha256: 6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
                                        
                                            GET /21/fe/39/21fe3950f412e026c33f1b6cee613eba.js HTTP/1.1 
Host: skiingsettling.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         192.243.61.227
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
Server: nginx/1.22.0
Date: Fri, 25 Nov 2022 04:34:33 GMT
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 380e14514ce9948de1708f5f0bd5b1d6
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip


--- Additional Info ---
Magic:  data
Size:   15048
Md5:    aaa60985f261abebc6ca3ae640bbb68b
Sha1:   7fdf5fb341305db68c4eb14966f744d9ec460bed
Sha256: 9263ff392990470cae15de0bf844593ec52641ec9307c097191af49b7d9bd891

Alerts:
  Blocklists:
    - quad9: Sinkholed
                                        
                                            POST / HTTP/1.1 
Host: e1.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.36.76.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 345
ETag: "3D745FBF6D7563DEEAC08EC38DE8DB388536FF113A89FD20E8E51D9FD6F200D1"
Last-Modified: Tue, 22 Nov 2022 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11865
Expires: Fri, 25 Nov 2022 07:52:18 GMT
Date: Fri, 25 Nov 2022 04:34:33 GMT
Connection: keep-alive

                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         142.250.74.35
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Fri, 25 Nov 2022 04:34:33 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "A8E7585E49B01A64520051F8D38F499C8CB82645E3D146E6CA34378EAC684E69"
Last-Modified: Wed, 23 Nov 2022 16:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4088
Expires: Fri, 25 Nov 2022 05:42:41 GMT
Date: Fri, 25 Nov 2022 04:34:33 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "A8E7585E49B01A64520051F8D38F499C8CB82645E3D146E6CA34378EAC684E69"
Last-Modified: Wed, 23 Nov 2022 16:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4088
Expires: Fri, 25 Nov 2022 05:42:41 GMT
Date: Fri, 25 Nov 2022 04:34:33 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "A8E7585E49B01A64520051F8D38F499C8CB82645E3D146E6CA34378EAC684E69"
Last-Modified: Wed, 23 Nov 2022 16:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4088
Expires: Fri, 25 Nov 2022 05:42:41 GMT
Date: Fri, 25 Nov 2022 04:34:33 GMT
Connection: keep-alive

                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F00e89fb5-5cb3-4f68-936b-5ee31d6061bc.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 8006
x-amzn-requestid: 78aab013-df11-464b-a1c7-ee41b7e77b40
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cIB-AHSrIAMFvKw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-637fe38c-4d795f410a57fc2c21d7075d;Sampled=0
x-amzn-remapped-date: Thu, 24 Nov 2022 21:35:08 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: q53jN1uOtSdeThbk2_0UF6Rl3g4_-_TW7uK1_6Z5oDwSTSRk8XRjyQ==
via: 1.1 da5952aa802df39905ceb16592e9698a.cloudfront.net (CloudFront), 1.1 112d82578d402a38d8d02e8b857617e0.cloudfront.net (CloudFront), 1.1 google
date: Thu, 24 Nov 2022 21:35:08 GMT
etag: "5d15fd672e968d59b541e4d5d0d01cd5e69f4075"
age: 25165
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   8006
Md5:    8b6ee13d43732f7c764a49500d092865
Sha1:   5d15fd672e968d59b541e4d5d0d01cd5e69f4075
Sha256: fc3623d527147e1c6aab399251ed8d527e6eefdee6ad7183f00df2613498bfe4
                                        
                                            GET /?rwlrd=961956 HTTP/1.1 
Host: d192r5l88wrng7.cloudfront.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         54.230.245.16
HTTP/2 200 OK
                                        
content-length: 112410
date: Fri, 25 Nov 2022 04:34:33 GMT
access-control-allow-origin: *
cache-control: no-store, no-cache, proxy-revalidate, must-revalidate, private, no-transform
content-encoding: gzip
pragma: no-cache
x-cache: Miss from cloudfront
via: 1.1 6a0f63864791329e89a4b233ec4c3a36.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: uYlJrV3etWzkxzC5EKn3zNrjWgnAHyZl2RkVXCYhWi4mH6Dx6PDyiQ==
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  data
Size:   112804
Md5:    54549123ccb5f3ce81037bddff2c4563
Sha1:   1ca7285a5d8bec106b0fb8822131ad7ffe379cec
Sha256: 57be907e23c38a73f4928e9b40e671ffc4ed77bdb0c24e75688db985e7415981
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F216636c8-4200-4f0d-83d2-8579be32f1ac.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 4270
x-amzn-requestid: 7327f8fb-804b-4d09-83dc-628e35ffa74b
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cIB8xFwXoAMFkqQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-637fe384-33f83cea2c585279140f4f59;Sampled=0
x-amzn-remapped-date: Thu, 24 Nov 2022 21:35:00 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: NLXTbS53l_c-lByM8Ym4_tfOlgP2lB-F1dYxOSfdeEfBSM41X0Cpug==
via: 1.1 e291f351a18746d40754b367095a2872.cloudfront.net (CloudFront), 1.1 d8792dbd3191bbe722eba5b536b979c8.cloudfront.net (CloudFront), 1.1 google
date: Thu, 24 Nov 2022 21:35:01 GMT
etag: "6217a262002244ef3f2e8034076a735cafd9888a"
age: 25172
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   4270
Md5:    648677a7e7bab1896a190d2e5fb7243c
Sha1:   6217a262002244ef3f2e8034076a735cafd9888a
Sha256: 72f2913f7c0770ebab0f2683bdc1ec5a5db8872e8f2c62a8fd5c9178b95dbb06
                                        
                                            POST / HTTP/1.1 
Host: ocsp.sca1b.amazontrust.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         143.204.42.156
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=124697
Date: Fri, 25 Nov 2022 04:34:33 GMT
Etag: "637f7219-1d7"
Expires: Sat, 26 Nov 2022 15:12:50 GMT
Last-Modified: Thu, 24 Nov 2022 13:31:05 GMT
Server: ECS (dcb/7EA6)
X-Cache: Miss from cloudfront
Via: 1.1 f46f7100ad6fc83a021f62212f945830.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: qG8UJ3aDlR7jn1ziPF0jBGqidMqKtqIARADeklLTf7nBlxuV6sD0oQ==
Age: 6105

                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F44e0daff-bc52-4621-aa2f-d9c59da29c1c.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 3955
x-amzn-requestid: 42c8d309-a8d2-47cc-8d97-c7fa3a63f8cd
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cCM9NGJHoAMF4sQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-637d8eba-2a06cda9346bd02c46955444;Sampled=0
x-amzn-remapped-date: Wed, 23 Nov 2022 03:08:42 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: 5MlzpHpq7auKLSAYikINuPAylXI11VJL3xxIJ9Dyub-7rjQaPfg0WQ==
via: 1.1 6ba2a21321beeef65404429d0a4b6380.cloudfront.net (CloudFront), 1.1 7e87179efaa9e3c316bd3d3a74cfded8.cloudfront.net (CloudFront), 1.1 google
date: Fri, 25 Nov 2022 02:07:28 GMT
age: 8825
etag: "74cb2ccd6ae38b171bfbe5a74f0eccb09aa3836b"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   3955
Md5:    4006a9037ab5f28dca62b0aa7a704c41
Sha1:   74cb2ccd6ae38b171bfbe5a74f0eccb09aa3836b
Sha256: 556ae6516a1f272a96569a3637858292731a34e82672b682f6e7442ca68f4b1d
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F7d60bb22-4a30-4570-8561-eb3a2833a058.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 8277
x-amzn-requestid: e84a5668-cd91-42af-b6de-5eb694ea56e6
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cIB-KFtmIAMF00Q=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-637fe38d-64513fb257d83b9847c82929;Sampled=0
x-amzn-remapped-date: Thu, 24 Nov 2022 21:35:09 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: rIKW7gaK37mlbk_TUo63AH9-XDOoF3Z-5mGaeOkzmESFLJ3GHz60lA==
via: 1.1 2dc111aa3ead15d061e41a423155a53a.cloudfront.net (CloudFront), 1.1 61bc723adb3b1884ed759711e84e13a8.cloudfront.net (CloudFront), 1.1 google
date: Thu, 24 Nov 2022 21:35:10 GMT
etag: "6a8504212141af411a18ce58960c8bb52e8116ac"
age: 25163
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   8277
Md5:    f59a591b222397ff0f01c22a0786e660
Sha1:   6a8504212141af411a18ce58960c8bb52e8116ac
Sha256: 624847cfdfcd770d2dee8a2b85f3c7c480cda58ba2aef1135184f3dffc30d1f1
                                        
                                            GET /stats HTTP/1.1 
Host: simplewebanalysis.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://xfantazy.com
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         18.185.190.54
HTTP/2 200 OK
content-type: text/html; charset=UTF-8
                                        
date: Fri, 25 Nov 2022 04:34:33 GMT
content-length: 40
server: fasthttp
access-control-allow-origin: https://xfantazy.com
access-control-allow-credentials: true
set-cookie: uid_id2=5ec3dee3-f9ea-424d-9c3b-07c9d3564787:2:1; expires=Mon, 22 Nov 2032 04:34:33 GMT; secure; SameSite=None
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with no line terminators
Size:   40
Md5:    e499c89a7ed56bbc9ed84e86f71c907b
Sha1:   bbd0ce2be91f544f014813c17379e9d26ed075aa
Sha256: e5c980cce45df1a35d4bdb8a268997c712386321634d49ef1a4c2faca9fa7350
                                        
                                            POST / HTTP/1.1 
Host: ocsp.sca1b.amazontrust.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         143.204.42.156
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=122578
Date: Fri, 25 Nov 2022 04:34:33 GMT
Etag: "637f7219-1d7"
Expires: Sat, 26 Nov 2022 14:37:31 GMT
Last-Modified: Thu, 24 Nov 2022 13:31:05 GMT
Server: ECS (bsa/EB20)
X-Cache: Miss from cloudfront
Via: 1.1 d4fd24ae65d4d2b97cfdea8d2f0c21a6.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: cV1v1JjbSH5QdNkhbTVkElB25wIOVU8255YJb-DoTmx_NAAwBn0V5Q==
Age: 3986

                                        
                                            GET /stats HTTP/1.1 
Host: simplewebanalysis.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://xfantazy.com
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         18.185.190.54
HTTP/2 200 OK
content-type: text/html; charset=UTF-8
                                        
date: Fri, 25 Nov 2022 04:34:34 GMT
content-length: 40
server: fasthttp
access-control-allow-origin: https://xfantazy.com
access-control-allow-credentials: true
set-cookie: uid_id2=d0595856-e3f8-48d6-a6d3-a9c57ab29ee2:2:1; expires=Mon, 22 Nov 2032 04:34:34 GMT; secure; SameSite=None
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with no line terminators
Size:   40
Md5:    639dac7fab97701f3d099ce28969563c
Sha1:   04ac4f5f541515e6aa88d95320e2d425f73730f7
Sha256: c861f1710e050ee6a555055b56422809892e238a2d47ded41f2087ee0395e970
                                        
                                            POST / HTTP/1.1 
Host: e1.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.36.76.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 345
ETag: "0AD073449CDC28013C246EF309C9C3792F582172D4686AF74F0B737CB68DF6F1"
Last-Modified: Wed, 23 Nov 2022 18:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=14758
Expires: Fri, 25 Nov 2022 08:40:32 GMT
Date: Fri, 25 Nov 2022 04:34:34 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: e1.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.36.76.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 345
ETag: "3D745FBF6D7563DEEAC08EC38DE8DB388536FF113A89FD20E8E51D9FD6F200D1"
Last-Modified: Tue, 22 Nov 2022 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11863
Expires: Fri, 25 Nov 2022 07:52:18 GMT
Date: Fri, 25 Nov 2022 04:34:35 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: e1.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.36.76.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 345
ETag: "0AD073449CDC28013C246EF309C9C3792F582172D4686AF74F0B737CB68DF6F1"
Last-Modified: Wed, 23 Nov 2022 18:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=14757
Expires: Fri, 25 Nov 2022 08:40:32 GMT
Date: Fri, 25 Nov 2022 04:34:35 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: e1.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.36.76.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 345
ETag: "0AD073449CDC28013C246EF309C9C3792F582172D4686AF74F0B737CB68DF6F1"
Last-Modified: Wed, 23 Nov 2022 18:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=14757
Expires: Fri, 25 Nov 2022 08:40:32 GMT
Date: Fri, 25 Nov 2022 04:34:35 GMT
Connection: keep-alive

                                        
                                            POST /watch/49415098/1?page-url=https%3A%2F%2Fxfantazy.com%2Fvideo%2F6051542a4ce90e0b3a572b0b%3F&charset=utf-8&hittoken=1669350873_73ef624b1d644b5e2cfedad7294766650f23c2227fe97e18941e4b5ad51202e4&browser-info=pa%3A1%3Aar%3A1%3Agdpr%3A14%3Avf%3A15ly4knov7onia7cw1aby4%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A923%3Acn%3A1%3Adp%3A0%3Als%3A1311919842147%3Ahid%3A65875391%3Az%3A0%3Ai%3A20221125043434%3Aet%3A1669350874%3Ac%3A1%3Arn%3A379714731%3Arqn%3A3%3Au%3A1669350873358294287%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ans%3A1669350870843%3Aadb%3A2%3Arqnl%3A1%3Ast%3A1669350874&t=gdpr(14)mc(p-7-h-1)clc(0-0-0)rqnt(3)aw(1)rqnl(1)ti(2) HTTP/1.1 
Host: mc.yandex.ru
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Content-Length: 52
Origin: https://xfantazy.com
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

search
                                         77.88.21.119
HTTP/2 200 OK
content-type: image/gif
                                        
content-length: 43
date: Fri, 25 Nov 2022 04:34:35 GMT
access-control-allow-origin: https://xfantazy.com
access-control-allow-credentials: true
pragma: no-cache
x-xss-protection: 1; mode=block
expires: Fri, 25-Nov-2022 04:34:35 GMT
last-modified: Fri, 25-Nov-2022 04:34:35 GMT
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  GIF image data, version 89a, 1 x 1\012- data
Size:   43
Md5:    df3e567d6f16d040326c7a0ea29a4f41
Sha1:   ea7df583983133b62712b5e73bffbcd45cc53736
Sha256: 548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
                                        
                                            POST /watch/49415098/1?page-url=https%3A%2F%2Fxfantazy.com%2Fvideo%2F6051542a4ce90e0b3a572b0b%3F&charset=utf-8&hittoken=1669350873_73ef624b1d644b5e2cfedad7294766650f23c2227fe97e18941e4b5ad51202e4&browser-info=pa%3A1%3Aar%3A1%3Agdpr%3A14%3Avf%3A15ly4knov7onia7cw1aby4%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A923%3Acn%3A1%3Adp%3A0%3Als%3A1311919842147%3Ahid%3A65875391%3Az%3A0%3Ai%3A20221125043434%3Aet%3A1669350874%3Ac%3A1%3Arn%3A73931272%3Arqn%3A2%3Au%3A1669350873358294287%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ans%3A1669350870843%3Aadb%3A2%3Arqnl%3A1%3Ast%3A1669350874&t=gdpr(14)mc(p-7-h-1)clc(0-0-0)rqnt(2)aw(1)rqnl(1)ti(2) HTTP/1.1 
Host: mc.yandex.ru
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Content-Length: 45
Origin: https://xfantazy.com
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

search
                                         77.88.21.119
HTTP/2 200 OK
content-type: image/gif
                                        
content-length: 43
date: Fri, 25 Nov 2022 04:34:35 GMT
access-control-allow-origin: https://xfantazy.com
access-control-allow-credentials: true
pragma: no-cache
x-xss-protection: 1; mode=block
expires: Fri, 25-Nov-2022 04:34:35 GMT
last-modified: Fri, 25-Nov-2022 04:34:35 GMT
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  GIF image data, version 89a, 1 x 1\012- data
Size:   43
Md5:    df3e567d6f16d040326c7a0ea29a4f41
Sha1:   ea7df583983133b62712b5e73bffbcd45cc53736
Sha256: 548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
                                        
                                            POST /watch/49415098/1?page-url=https%3A%2F%2Fxfantazy.com%2Fvideo%2F6051542a4ce90e0b3a572b0b%3F&charset=utf-8&hittoken=1669350873_73ef624b1d644b5e2cfedad7294766650f23c2227fe97e18941e4b5ad51202e4&browser-info=pa%3A1%3Aar%3A1%3Agdpr%3A14%3Avf%3A15ly4knov7onia7cw1aby4%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A923%3Acn%3A1%3Adp%3A0%3Als%3A1311919842147%3Ahid%3A65875391%3Az%3A0%3Ai%3A20221125043434%3Aet%3A1669350874%3Ac%3A1%3Arn%3A468123273%3Arqn%3A6%3Au%3A1669350873358294287%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ans%3A1669350870843%3Aadb%3A2%3Arqnl%3A1%3Ast%3A1669350874&t=gdpr(14)mc(p-7-h-1)clc(0-0-0)rqnt(6)aw(1)rqnl(1)ti(2) HTTP/1.1 
Host: mc.yandex.ru
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Content-Length: 99
Origin: https://xfantazy.com
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

search
                                         77.88.21.119
HTTP/2 200 OK
content-type: image/gif
                                        
content-length: 43
date: Fri, 25 Nov 2022 04:34:35 GMT
access-control-allow-origin: https://xfantazy.com
access-control-allow-credentials: true
pragma: no-cache
x-xss-protection: 1; mode=block
expires: Fri, 25-Nov-2022 04:34:35 GMT
last-modified: Fri, 25-Nov-2022 04:34:35 GMT
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  GIF image data, version 89a, 1 x 1\012- data
Size:   43
Md5:    df3e567d6f16d040326c7a0ea29a4f41
Sha1:   ea7df583983133b62712b5e73bffbcd45cc53736
Sha256: 548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
                                        
                                            GET /sfp.js HTTP/1.1 
Host: friendshipmale.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         172.64.202.23
HTTP/2 200 OK
content-type: application/javascript; charset=utf-8
                                        
date: Fri, 25 Nov 2022 04:34:33 GMT
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
access-control-allow-origin: *
expires: Thu, 01 Jan 1970 00:00:01 GMT
cache-control: max-age=14400
x-request-id: abee5be725b4c2dc8d34ca6b926cfd80
strict-transport-security: max-age=0; includeSubdomains
cf-cache-status: EXPIRED
last-modified: Fri, 25 Nov 2022 04:34:33 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=8xnuN%2FpeI23Bxoc3riqoxzEnfyflhgE0OJuXcUOba0evFFTmAJ3d3NFeWm2bllL4x3jyd8wS6kHUXdMnZpONJ1Zwg7kijZDy%2BCP5wZWmHhb4WczqTl0QdJeLlWEFmIYn8Yh0dpE%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 76f7ac31cbc60079-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  Unicode text, UTF-8 text, with very long lines (65529), with no line terminators
Size:   27162
Md5:    e7e03604b3ce4c388d505f30039573e3
Sha1:   c38b5b26be9648732efa959e9aa80858ceac27e7
Sha256: 6b029a6aabd032aa6389a5b91acb466611397e0ed4e2bf8891d5543db6e177df
                                        
                                            POST /watch/49415098/1?page-url=https%3A%2F%2Fxfantazy.com%2Fvideo%2F6051542a4ce90e0b3a572b0b%3F&charset=utf-8&hittoken=1669350873_73ef624b1d644b5e2cfedad7294766650f23c2227fe97e18941e4b5ad51202e4&browser-info=pa%3A1%3Aar%3A1%3Agdpr%3A14%3Avf%3A15ly4knov7onia7cw1aby4%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A923%3Acn%3A1%3Adp%3A0%3Als%3A1311919842147%3Ahid%3A65875391%3Az%3A0%3Ai%3A20221125043434%3Aet%3A1669350874%3Ac%3A1%3Arn%3A646817413%3Arqn%3A5%3Au%3A1669350873358294287%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ans%3A1669350870843%3Aadb%3A2%3Arqnl%3A1%3Ast%3A1669350874&t=gdpr(14)mc(p-7-h-1)clc(0-0-0)rqnt(5)aw(1)rqnl(1)ti(2) HTTP/1.1 
Host: mc.yandex.ru
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Content-Length: 98
Origin: https://xfantazy.com
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

search
                                         77.88.21.119
HTTP/2 200 OK
content-type: image/gif
                                        
content-length: 43
date: Fri, 25 Nov 2022 04:34:35 GMT
access-control-allow-origin: https://xfantazy.com
access-control-allow-credentials: true
pragma: no-cache
x-xss-protection: 1; mode=block
expires: Fri, 25-Nov-2022 04:34:35 GMT
last-modified: Fri, 25-Nov-2022 04:34:35 GMT
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  GIF image data, version 89a, 1 x 1\012- data
Size:   43
Md5:    df3e567d6f16d040326c7a0ea29a4f41
Sha1:   ea7df583983133b62712b5e73bffbcd45cc53736
Sha256: 548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
                                        
                                            POST / HTTP/1.1 
Host: e1.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.36.76.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 345
ETag: "0AD073449CDC28013C246EF309C9C3792F582172D4686AF74F0B737CB68DF6F1"
Last-Modified: Wed, 23 Nov 2022 18:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=14757
Expires: Fri, 25 Nov 2022 08:40:32 GMT
Date: Fri, 25 Nov 2022 04:34:35 GMT
Connection: keep-alive

                                        
                                            POST /watch/49415098/1?page-url=https%3A%2F%2Fxfantazy.com%2Fvideo%2F6051542a4ce90e0b3a572b0b%3F&charset=utf-8&hittoken=1669350873_73ef624b1d644b5e2cfedad7294766650f23c2227fe97e18941e4b5ad51202e4&browser-info=pa%3A1%3Aar%3A1%3Agdpr%3A14%3Avf%3A15ly4knov7onia7cw1aby4%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A923%3Acn%3A1%3Adp%3A0%3Als%3A1311919842147%3Ahid%3A65875391%3Az%3A0%3Ai%3A20221125043434%3Aet%3A1669350874%3Ac%3A1%3Arn%3A701626175%3Arqn%3A7%3Au%3A1669350873358294287%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ans%3A1669350870843%3Aadb%3A2%3Arqnl%3A1%3Ast%3A1669350874&t=gdpr(14)mc(p-7-h-1)clc(0-0-0)rqnt(7)aw(1)rqnl(1)ti(2) HTTP/1.1 
Host: mc.yandex.ru
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Content-Length: 98
Origin: https://xfantazy.com
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

search
                                         77.88.21.119
HTTP/2 200 OK
content-type: image/gif
                                        
content-length: 43
date: Fri, 25 Nov 2022 04:34:35 GMT
access-control-allow-origin: https://xfantazy.com
access-control-allow-credentials: true
pragma: no-cache
x-xss-protection: 1; mode=block
expires: Fri, 25-Nov-2022 04:34:35 GMT
last-modified: Fri, 25-Nov-2022 04:34:35 GMT
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  GIF image data, version 89a, 1 x 1\012- data
Size:   43
Md5:    df3e567d6f16d040326c7a0ea29a4f41
Sha1:   ea7df583983133b62712b5e73bffbcd45cc53736
Sha256: 548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
                                        
                                            POST /watch/49415098/1?page-url=https%3A%2F%2Fxfantazy.com%2Fvideo%2F6051542a4ce90e0b3a572b0b%3F&charset=utf-8&hittoken=1669350873_73ef624b1d644b5e2cfedad7294766650f23c2227fe97e18941e4b5ad51202e4&browser-info=pa%3A1%3Aar%3A1%3Agdpr%3A14%3Avf%3A15ly4knov7onia7cw1aby4%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A923%3Acn%3A1%3Adp%3A0%3Als%3A1311919842147%3Ahid%3A65875391%3Az%3A0%3Ai%3A20221125043434%3Aet%3A1669350874%3Ac%3A1%3Arn%3A15246786%3Arqn%3A9%3Au%3A1669350873358294287%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ans%3A1669350870843%3Anp%3ATGludXggeDg2XzY0%3Aadb%3A2%3Arqnl%3A1%3Ast%3A1669350874&t=gdpr(14)mc(p-7-h-1)clc(0-0-0)rqnt(9)aw(1)rqnl(1)ti(2) HTTP/1.1 
Host: mc.yandex.ru
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Content-Length: 39
Origin: https://xfantazy.com
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

search
                                         77.88.21.119
HTTP/2 200 OK
content-type: image/gif
                                        
content-length: 43
date: Fri, 25 Nov 2022 04:34:35 GMT
access-control-allow-origin: https://xfantazy.com
access-control-allow-credentials: true
pragma: no-cache
x-xss-protection: 1; mode=block
expires: Fri, 25-Nov-2022 04:34:35 GMT
last-modified: Fri, 25-Nov-2022 04:34:35 GMT
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  GIF image data, version 89a, 1 x 1\012- data
Size:   43
Md5:    df3e567d6f16d040326c7a0ea29a4f41
Sha1:   ea7df583983133b62712b5e73bffbcd45cc53736
Sha256: 548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
                                        
                                            GET /watch/49415098/1?page-url=https%3A%2F%2Fxfantazy.com%2Fvideo%2F6051542a4ce90e0b3a572b0b%3F&charset=utf-8&hittoken=1669350873_73ef624b1d644b5e2cfedad7294766650f23c2227fe97e18941e4b5ad51202e4&browser-info=pv%3A1%3Aar%3A1%3Agdpr%3A14%3Avf%3A15ly4knov7onia7cw1aby4%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A923%3Acn%3A1%3Adp%3A0%3Als%3A1311919842147%3Ahid%3A65875391%3Az%3A0%3Ai%3A20221125043434%3Aet%3A1669350874%3Ac%3A1%3Arn%3A700058684%3Arqn%3A8%3Au%3A1669350873358294287%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ans%3A1669350870843%3Aadb%3A2%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1669350874%3At%3Aonline%20xxx%20video%2032%20Pure%20Taboo%20-%20Gia%20Derza%20%7C%20art%20%7C%20hardcore%20porn%20hardcore%20sex%20reporter%20gif%20-%20XFantazy.com&t=gdpr%2814%29mc%28p-7-h-1%29clc%280-0-0%29rqnt%288%29aw%281%29fip%281%29rqnl%281%29ti%282%29 HTTP/1.1 
Host: mc.yandex.ru
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://xfantazy.com
Referer: https://xfantazy.com/
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

search
                                         77.88.21.119
HTTP/2 200 OK
content-type: image/gif
                                        
content-length: 43
date: Fri, 25 Nov 2022 04:34:35 GMT
access-control-allow-origin: https://xfantazy.com
access-control-allow-credentials: true
pragma: no-cache
x-xss-protection: 1; mode=block
expires: Fri, 25-Nov-2022 04:34:35 GMT
last-modified: Fri, 25-Nov-2022 04:34:35 GMT
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  GIF image data, version 89a, 1 x 1\012- data
Size:   43
Md5:    df3e567d6f16d040326c7a0ea29a4f41
Sha1:   ea7df583983133b62712b5e73bffbcd45cc53736
Sha256: 548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "3BCDE7EF68F8D91EA51C79994968AB6A41B5594055D71823CBF13EB16CDAD69C"
Last-Modified: Wed, 23 Nov 2022 19:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3846
Expires: Fri, 25 Nov 2022 05:38:41 GMT
Date: Fri, 25 Nov 2022 04:34:35 GMT
Connection: keep-alive

                                        
                                            GET /TGlkaGEtCwcFXi1UBk4UPgVZTVMKTFYuBX1QVhpUIFFcHxMiDlNGAiAGEQwHPgYKHE8iDBBNUwo9MD87DwhXLRQPOhMmNSYCNCINFiABWQV7MQ8MEwgtIS0pNlgGLggeKiYAFgAmNy1YHA4xBCc0GjUqUXwvKh8raVsiP1AvASYRFgE9IxslACgMJQcJKA4sGQIeMQUwKig3IS8qEVAOKh0kDykJdAYlBTApLCwpLQA7ITEoHQYOPAoBJTFaGS4/LFE2LQETMSg7IBAgIAYGMiAoCiszADQvBRQqOH0zCj8lAgYyICgvLicmMCgCUSslfCcTPxYgXjEFTCgwKVoJGQoMAyktLzEsNicvUDspBioyIFgbIzVcMgYOCAY2GA1BWicaByoKMBQRMwtReS0COSA+LjY5Ew89FCcwOx08Cw15DwI9IH8/DylHJhoLBhFxPStbKjYgNjgRFC4qDjc6LA HTTP/1.1 
Host: pemainedperio.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site

search
                                         54.230.111.124
HTTP/2 200 OK
content-type: text/html
                                        
content-length: 1201
date: Fri, 25 Nov 2022 04:34:35 GMT
server: openresty/1.17.8.2
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
content-encoding: gzip
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
x-cache: Miss from cloudfront
via: 1.1 db0992ba349fc51d5151ec8330e36c28.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: jCux9lQUXbNRNT7yYLHtgfuB7EcuqiTiSe7I-GhObvkL_dDZUPD8Jg==
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (3050), with no line terminators
Size:   1201
Md5:    cdadb0f273f45ac5b019f9cde9928bc1
Sha1:   f23e073711f971994cb5e1c18501e6a4f081f96d
Sha256: d13eed25596ed3cf52e8c4d7b3d03acf8ef2c809b8e98ad253b46aa62aaa6204
                                        
                                            GET /cUdkZ3YQJQcKSRB6BkEDAytZQkQ3YlYhEkB+VhVDHX9cEAQfIFNJFR0oEQMQAygKE1gfIhBCRDceBlcOOyYsIjs4PgcoIhk0CCsgJw4zP0NEEDEpPDstCy8+CX4cIDIwNTwlQkUKMD4SNT4iKDQjEgsDMBkfJR5GHwNUHzw6FAcrIjdyFSw3BhMxCR4HDzYlJTgUPTQxMAoDLDNAAy8/Gh8QIjUSFwAhATEwAgstHkkENwlDRAUDMT0XKQg9JyQBXAUwAj03CUNEDxwANBQpVSknGHYUAkcWDTM/HgIQHik9FykPBjRBN0FVMDIBCCUhHA1RNiAjIwIkW0UJIQAnGyUiCEUpHxxTITQBAQE+GQk1Vk4ADiYIIzIUKR8iJAoUAS4dIzxWTwAXIjE3Vy0XCBgBejU/LEIVFT4xAwQM HTTP/1.1 
Host: pemainedperio.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers

search
                                         54.230.111.124
HTTP/2 200 OK
content-type: text/html
                                        
content-length: 1173
date: Fri, 25 Nov 2022 04:34:35 GMT
server: openresty/1.17.8.2
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
content-encoding: gzip
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
x-cache: Miss from cloudfront
via: 1.1 db0992ba349fc51d5151ec8330e36c28.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: x6kzgJG8fXvja2Zhiqj0HVfhs7Ss8FGVj8COfJSp-V6ZHePFC0t8UQ==
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (3018), with no line terminators
Size:   1173
Md5:    527c16188e73dceab8a9f4b3b71edb8d
Sha1:   647f75fb9d5f3e167113e1cdac331e46946a17a2
Sha256: eafe788b69e0e60ba963388c84af9c11f93feb3f1a1913b88646dca9c42016c5
                                        
                                            GET /d21qTTQWDwkgCxZQCGtBBQFXaAYxSFgLUEZUWD8BG1VSOkYZCl1jVxsCHylSBQIEORoZCB5oBjE3DydmAA4veW4gFV4aVyZYDgtxRl4+DG42PDI9Vy8KJyt9NgIgBGYiVSIhDEA9OT5bNiszCHo1WSAcci4ELXxbLzk9KlIgBSQDUkYVPAt2PRc+JX0yLCkIZjQ8Oyl+JRkwD0MYGykYfiAvOXR8ID9SBn4PNzMIYiFVOgxyEjwtOX01Kw0Ffg8/OwVDFFQyOm42JQA9UjUGKA9SGzwvG2E6IDI6bjYvEy5hNgY4G1IjCjgcXzZfPgx2ITwdNVI1BkcMdzgrUgV5IitPf3YjFRoMYyAZIw92FDsmH3IVOz8EfSQsOA9lP1gmD3ExOwwIRCQqOwRGPysZBGIvGlIPYTUrMwhbJC8/fBFFK0wnRxgDGnBlEh8OJn86CDh5 HTTP/1.1 
Host: pemainedperio.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers

search
                                         54.230.111.124
HTTP/2 200 OK
content-type: text/html
                                        
content-length: 1188
date: Fri, 25 Nov 2022 04:34:35 GMT
server: openresty/1.17.8.2
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
content-encoding: gzip
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
x-cache: Miss from cloudfront
via: 1.1 db0992ba349fc51d5151ec8330e36c28.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: MOMBSX4Zy3kzRh1qkVtXwNTxyoLUEphIaIAu7zqX95KJPut1X7eFzg==
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (3037), with no line terminators
Size:   1188
Md5:    195f8264ece24c9d9efc5b7b15d56a33
Sha1:   2b20f6996527b9b885340ce8c085e68077e30ab5
Sha256: 2eb921476c542c3556c68943318362475181e27208b3e17e6ab919b0098c2ff8
                                        
                                            GET /QW1vUUxuUgwicSQqACgdFlQlCSsxXDlhfRUsJxcbEDtXECkHGkklJSVQVmd9eFhZdzwoCVJifmceGzA4NB5SYGooAwk+cWcbUmFieUNeY2JxSxpsfWcZHzArfFxJITg1AVJgendUXGR8eVpcZHpw HTTP/1.1 
Host: engingsecondu.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         104.21.55.224
HTTP/2 204 No Content
                                        
date: Fri, 25 Nov 2022 04:34:35 GMT
access-control-allow-origin: *
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=n6svrCzp5Fl7AEMCqzJiwmFO4v0c5c4DAKxcMv3L9Q926ylVFIZFrJ9Cw8BroO%2F4niKJO9NElCcO5DyaYuVehph3B0LPpWhrN6Ci2b5UW9WzxmWP9GXWpQzDKctDOBSZK8y12w%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 76f7ac3999f80b59-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

                                        
                                            GET /MVlUa3keZjcYRH8BJAQoWzIRPxVzaxU6O3UOOiI4dRxtChxGNnIfEFVkbV1ICGxiTQlYPWlYSxcqIAoNRCppWUkBbnICF1c2aVpfR2RkRUEfaGZFSRcsaVpfRSk1DEQAfyQfDV1kZV1PCGphW0EGamFdTQ HTTP/1.1 
Host: engingsecondu.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         104.21.55.224
HTTP/2 204 No Content
                                        
date: Fri, 25 Nov 2022 04:34:35 GMT
access-control-allow-origin: *
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=3%2Fz5xbGAGFUhnbiWc%2BFvt%2BbCJuQ8Wx6GSoc1XC4TL2JM%2F1IwRJS%2BE7Q5LyY8sLUdhmz813v9g%2Bt8%2FZjaK%2FpAsjaXjBiP63J9m%2F8oCUnFe9d5U0dWpLXmH1i%2FMsVNSDzVY0XgSA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 76f7ac3999fc0b59-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

                                        
                                            GET /OWVBcDQWWiIDCV0yCyVgUiMCJllrUiQlemoHCRgBaDMXGFFhBmcEXV1YeEYGCVR1VkRQAXxBEkoRIARBSlhwVl1XAy5NEk9YcF4HDUtyQRoIQzRNBR8RMRFTBFRnAEBNCXxBAg9cckUEAVJyRgUP HTTP/1.1 
Host: engingsecondu.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

search
                                         104.21.55.224
HTTP/2 204 No Content
                                        
date: Fri, 25 Nov 2022 04:34:35 GMT
access-control-allow-origin: *
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=B2Z4TI5hKGJxttNqE0miefwU5pzNc6InZyYIEOZez%2BCyC2uEJIJKFXhkE%2FcumRNNXs6WjHEElMFLMra4TmILQ8srBekpwcfMTnD54h7dNc2PPkcWXCIs9QUorRZN4x3Yh0wsVw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 76f7ac3999fa0b59-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

                                        
                                            GET /d2tTRDFYVDA3DC0GJwdjMQ8LHF89HAkCdxYPPXVaIj1idFUaPnUwWBNWanIDR1phYkEeD251CVEYJyVFAhhudRceBTUrDFEdbnUfR0VhagNRHm51FwMbMiMMRk0jMEUbVmJyB05YZnQJQFhmcwg HTTP/1.1 
Host: engingsecondu.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         104.21.55.224
HTTP/2 204 No Content
                                        
date: Fri, 25 Nov 2022 04:34:35 GMT
access-control-allow-origin: *
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=xwMuhjoxMttJLH5uYAE23UPTuzv6%2FGYR66IciqJUwCepkpZHjD1lJf%2B3UBamXGbi4RXjCdanTYKCQ84sNfaM4v7DpLlglxoi6JsRCj%2B5y0%2BtlNlqhSM7Tp3G7rgXb0wQBDpOeQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 76f7ac39a9fe0b59-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

                                        
                                            POST /TXlKdHRiRikHSQMUJjciCSgCLCw9Hg41OhwaDSU6CUgyAxYcGmwAHSlEc0JFdEx8UgQkHXdHRmsKPhUAOAp3RkR9TmwdGisWd0VSO0R6WkxjSHhaRGsMd0VSOQkrE0l8XzoAACFEe0JCdEp/REx6TXxCRA HTTP/1.1 
Host: engingsecondu.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://xfantazy.com
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0
TE: trailers

search
                                         104.21.55.224
HTTP/2 204 No Content
                                        
date: Fri, 25 Nov 2022 04:34:35 GMT
access-control-allow-origin: *
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Chcct3FWzZyQLeWIFpzwL5jKK4vT%2BO7M24NT3jGbbEz62fNOJdl7EWkpjXCGi%2BD4oWPkFgG0t2m87AevOYkjwoSLUZIry7L4qMvR1CpSjtsI3ClNsIeoloV9GK1WiFGU49%2FK%2BA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 76f7ac39ba010b59-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "AF1876E84A84E68805AB80ADFF1A3AFF55BE92C87AF888DDA8CB83B85FBB773D"
Last-Modified: Thu, 24 Nov 2022 13:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4059
Expires: Fri, 25 Nov 2022 05:42:14 GMT
Date: Fri, 25 Nov 2022 04:34:35 GMT
Connection: keep-alive

                                        
                                            GET /Yb0xJaHEMIycOThslLVVIWX55WUNJJjoHHx9xGDArXB44MTYdDyFOBRUodFhXAy0nD0xJKScLTF5qKAwTUnhvHRBSISYSGAMgKE1DKXlnWFRdfGEfGAEoJh8CSn55BgVKfnlZQUF8bFszSn55HxgBen1NQi1pe1gJWXhsWzNKfnkaB0p/CFlBWmJ5QVRdfC-4NEgQjbFo3XXx4WEFefHhNQ18qIBoUCSMxTUMpfXldX19qPFVA HTTP/1.1 
Host: d192r5l88wrng7.cloudfront.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://pemainedperio.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

search
                                         54.230.245.16
HTTP/2 200 OK
                                        
content-length: 186
date: Fri, 25 Nov 2022 04:34:35 GMT
access-control-allow-origin: *
cache-control: max-age=31556926
content-encoding: gzip
x-cache: Miss from cloudfront
via: 1.1 6a0f63864791329e89a4b233ec4c3a36.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: onngDEFOVnyzh3HeFQwRjGLtSsvhBEvpwrF3zZeTHBkBF_PyPMCPKA==
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with no line terminators
Size:   186
Md5:    e0a207ef3d36a204d24734ce085f1379
Sha1:   55ee3db01569c5e3825dfddb4f27f1f503bcacc7
Sha256: c825e813d8728f5c56841c931885d1513c0759ccca22ec0e46eac50fc5df89b1
                                        
                                            GET /TTWZCa3EuCSwNTjkPJlZIe1d7XkdrDDEEHz1bFiRCBhwLOSE9PgUlFxsQB00FNwJ/W1chBywMTGsDLAhMfEAjDxNwUmQfASINfx4fKQMkAh8oAmQeEHALLREYIQojTkMLU2xbVH9WahwYIwItHAJoVHIFBWhUclpBY1ZnWDNoVHIcGCNQdk5CD0NwWwl7Um-dYM2hUchkHaFUDWkF4SHJCVH9WJQ4SJglnWTd/VnNbQXxWc05DfQArGRQrCTpOQwtXcl5ffUA3VkA HTTP/1.1 
Host: d192r5l88wrng7.cloudfront.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://pemainedperio.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

search
                                         54.230.245.16
HTTP/2 200 OK
                                        
content-length: 332
date: Fri, 25 Nov 2022 04:34:35 GMT
access-control-allow-origin: *
cache-control: max-age=31556926
content-encoding: gzip
x-cache: Miss from cloudfront
via: 1.1 6a0f63864791329e89a4b233ec4c3a36.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: IHKXG9o0vD_5_Q_-ydZcD4juw8tqs-Zc-bCgHnbbzhSLuHj4VsuGTw==
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (420), with no line terminators
Size:   332
Md5:    85347d342ddde5b99d1afcc294044efe
Sha1:   fa6f007670660888936a584af2ad2db13d206015
Sha256: 1fd564326a17456dc0969331f842825e8c079a05958bcd1442fe17aef9825f9c
                                        
                                            GET /ZejRwcE4ZWx4WcQ5dFE13TAZAQXpcXgMfIAoJIRU8Hl87PSsoAFYENB4JQFYiG1oXTWgfWhNNf1xVFBJzThIEACERCQQdJRtZBwovCUJWBS9HWR8KJxZYEVV8PAFeQGtIBFgHJxRQHwc9XwZAHjpfBkBBflQEVUMMXwZABycUAkRVfTgRQkA2TABVQwxfBk-ACOF8HMUF+TxpAWWtIBBcVLRFbVUIISARBQH5LBEFVfEpSGQIrHFsIVXw8BUBFYEoSBU1/ HTTP/1.1 
Host: d192r5l88wrng7.cloudfront.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://pemainedperio.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

search
                                         54.230.245.16
HTTP/2 200 OK
                                        
content-length: 594
date: Fri, 25 Nov 2022 04:34:35 GMT
access-control-allow-origin: *
cache-control: max-age=31556926
content-encoding: gzip
x-cache: Miss from cloudfront
via: 1.1 6a0f63864791329e89a4b233ec4c3a36.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: WFm3n3Opnq6P2uLm3gOvCSRPBcWmfZFU1JxyPWP5MTu6-xfb5n8srA==
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (818), with no line terminators
Size:   594
Md5:    9ac2709f84aed4fe2a3bda8766c2c331
Sha1:   36950dd4b6e56da45f69a5460faa16aca8400d66
Sha256: beff21e9130511bff124036ac13b1797023608c1bd76663263b1b12ed9017656
                                        
                                            GET /api/spots/289411?host=xfantazy.com&ev=197&wh=939&ww=1280&uuid= HTTP/1.1 
Host: a.naturalhealthsource.club
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

search
                                         135.181.208.216
HTTP/2 200 OK
                                        
server: nginx
date: Fri, 25 Nov 2022 04:34:35 GMT
content-length: 0
set-cookie: nauid=rvtGXWtHTO1ozcgUayK0; Path=/; Expires=Wed, 11 Nov 2037 11:11:11 GMT; Secure; SameSite=None
cache-control: private
X-Firefox-Spdy: h2

                                        
                                            GET /api/spots/380873?host=xfantazy.com&ev=197&wh=939&ww=1280&uuid= HTTP/1.1 
Host: a.naturalhealthsource.club
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

search
                                         135.181.208.216
HTTP/2 200 OK
                                        
server: nginx
date: Fri, 25 Nov 2022 04:34:35 GMT
content-length: 0
set-cookie: nauid=ZMfKcJkOobCykmcyHSzJ; Path=/; Expires=Wed, 11 Nov 2037 11:11:11 GMT; Secure; SameSite=None
cache-control: private
X-Firefox-Spdy: h2

                                        
                                            GET /api/spots/391860?host=xfantazy.com&ev=197&wh=939&ww=1280&uuid= HTTP/1.1 
Host: a.naturalhealthsource.club
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

search
                                         135.181.208.216
HTTP/2 200 OK
                                        
server: nginx
date: Fri, 25 Nov 2022 04:34:35 GMT
content-length: 0
set-cookie: nauid=f53T3wN5IPdKkshJoJGX; Path=/; Expires=Wed, 11 Nov 2037 11:11:11 GMT; Secure; SameSite=None
cache-control: private
X-Firefox-Spdy: h2

                                        
                                            GET /api/spots/406858?host=xfantazy.com&ev=197&wh=939&ww=1280&uuid= HTTP/1.1 
Host: a.naturalhealthsource.club
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

search
                                         135.181.208.216
HTTP/2 200 OK
                                        
server: nginx
date: Fri, 25 Nov 2022 04:34:35 GMT
content-length: 0
set-cookie: nauid=KPnC3FUMOHbRfXMilo2d; Path=/; Expires=Wed, 11 Nov 2037 11:11:11 GMT; Secure; SameSite=None
cache-control: private
X-Firefox-Spdy: h2

                                        
                                            GET /4d/0a/fc/4d0afc2425eea6b0cd5a468c9f8a69ed.js HTTP/1.1 
Host: lightssyrupdecree.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         173.233.137.60
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
Server: nginx/1.19.5
Date: Fri, 25 Nov 2022 04:34:35 GMT
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 83783d652f08a8eb7b8e909576a54bcd
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (65536), with no line terminators
Size:   28771
Md5:    ea0d2ba24b25b72c55a3d5577127fe77
Sha1:   dc0b936b38b3dc581478914bec0a85e3e26e6fcf
Sha256: e469f151b684d830e941baddfab1a5c2f62375a83c8b278f92c020c8cecf0c44

Alerts:
  Blocklists:
    - quad9: Sinkholed
                                        
                                            GET /01/f7/5a/01f75a95a38a8db0a8e82d995253a076.js HTTP/1.1 
Host: reproductiontape.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         173.233.137.36
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
Server: nginx/1.19.5
Date: Fri, 25 Nov 2022 04:34:35 GMT
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: f99fd7e033cc8d03942239846df73487
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (65536), with no line terminators
Size:   28777
Md5:    3481dd7c44e9f372ff3822fd63755625
Sha1:   b2bdc7c5d59e24d27309f3802416325abf5836da
Sha256: 43726cc7718a282288aa1c1a3fc1fd470a962dd2ff8f6f48a4701ebce3842f09

Alerts:
  Blocklists:
    - fortinet: Malware
    - quad9: Sinkholed
                                        
                                            GET /sbar.json?key=a2f990f10476061c719d1c1aa3a2ecd2 HTTP/1.1 
Host: lightssyrupdecree.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://xfantazy.com
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         173.233.137.60
HTTP/1.1 200 OK
Content-Type: text/plain; charset=utf-8
                                        
Server: nginx/1.19.5
Date: Fri, 25 Nov 2022 04:34:35 GMT
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: https://xfantazy.com
Access-Control-Allow-Origin: https://xfantazy.com
Access-Control-Allow-Credentials: true
Set-Cookie: u_pl=15600826; expires=Sat, 26 Nov 2022 04:34:35 GMT; secure; SameSite=None pdhtkv=true; expires=Sat, 26 Nov 2022 04:34:35 GMT; secure; SameSite=None uncs=1; expires=Sat, 26 Nov 2022 04:34:35 GMT; secure; SameSite=None pdhtkv29=true; expires=Sat, 26 Nov 2022 04:34:35 GMT; secure; SameSite=None uncs29=1; expires=Sat, 26 Nov 2022 04:34:35 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 8cb757c829a10ad54057405ff40efbdf
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with very long lines (5664), with no line terminators
Size:   4030
Md5:    3749a813efb32386534fef5d8fa99559
Sha1:   4ea6adac0e1afbd81d37820206a305e46e2f6935
Sha256: 2afee4cb02d1537a8928efd0296eda571691f454197e2803268c35384fb72f4c

Alerts:
  Blocklists:
    - quad9: Sinkholed
                                        
                                            GET /sbar.json?key=21fe3950f412e026c33f1b6cee613eba HTTP/1.1 
Host: reproductiontape.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://xfantazy.com
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         173.233.137.36
HTTP/1.1 200 OK
Content-Type: text/plain; charset=utf-8
                                        
Server: nginx/1.19.5
Date: Fri, 25 Nov 2022 04:34:35 GMT
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: https://xfantazy.com
Access-Control-Allow-Origin: https://xfantazy.com
Access-Control-Allow-Credentials: true
Set-Cookie: u_pl=17661735; expires=Sat, 26 Nov 2022 04:34:35 GMT; secure; SameSite=None pdhtkv=true; expires=Sat, 26 Nov 2022 04:34:35 GMT; secure; SameSite=None uncs=1; expires=Sat, 26 Nov 2022 04:34:35 GMT; secure; SameSite=None pdhtkv29=true; expires=Sat, 26 Nov 2022 04:34:35 GMT; secure; SameSite=None uncs29=1; expires=Sat, 26 Nov 2022 04:34:35 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: b097bbd7c745279b6b0ca54d4dface58
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip


--- Additional Info ---
Magic:  JSON data\012- , Unicode text, UTF-8 text, with very long lines (6023), with no line terminators
Size:   4320
Md5:    1d299b19171bd800078c90e2b42c7c28
Sha1:   482786018cbd785f5819e86fd17b35cdb3a10a07
Sha256: 98831f01671627208e3276eaa4a1bec92b2315b88b8172704d918e71249b223a

Alerts:
  Blocklists:
    - fortinet: Malware
    - quad9: Sinkholed
                                        
                                            GET /ren.gif?sid=H4sIAAAAAAAC%2F1RSTWgkRRSu3o0X9aCyFxFljgoy6Z6fTMY9LMbdSDQmcXcl5%2Bqq6kk51VVNVff0ZEAIuyB7ktmbeup8k2xYDeJeBUEmXiQg2CISxBz05MWLsFdlJgPjPqh676vvHb7vvfp4PzsnPjJ6tvWeGUil6GKz6lde3Zaam9xVNm5XAr%2FqX61sS73UuFrpTy7beyPwm1X%2FtcrbgnXNYs0PfD%2Fwg8qqtCIy%2FcUpC5kct4Nq2682atWg2UDfPold5sFRD7x3Tl6A5OVTOz88gmRj6Pjr68J1U5O8fiPOFE2NRY8ffaC72uQa8byMrIdIH826YVxJyKeXYPTRzAFM72DiAKEsifdrgFAfzWQi7B1eKA0VhEbIn0HeG0OoMSQdg5m7kPwnAjCOjU3o%2BMGGsTndvWDphC3JwuN%2FIPOSLPx%2BBTr%2BakXJfuWWUVkqjXboRwVkfwzZGSPJTpAOPMj8BCy9A8l%2FJIuP16Hjg02nDCQvpu6lHENGYygxBHUessmRHrLIQ5Z4iPlZhTbbke%2B3ojCq15cbjLF6nbHm8hJv8npjOfKRsYm8IdJkCKaGYHYPid1DV94vCblzAJt9B7dTwHEPLi2J9%2F4eerxALghyR5BTglwS5ClB3isOuXI1VzzgymVhMMu1Wa4XI5N29umhSTtCk%2F3knDw%2FHc7fz36Drjir0FrUbvtR4DdaS%2F5SwFpBmwcsoLROa4LxGpwsIN2lqd%2BBLMmVl%2F5AMtnYR%2F8ipCdw6gRMPgeavQyaj1o1H3Rn1Fj2MdDH%2FYjqlA52q8zE4KZAki4g3fX21Tl5caqjffonBDu99vCzSXwOZgsktsCH8nuCjro3umlycnDT5I482kxSGcsBnSzwVkpTcfmLd8Vubixfu%2B6GD99kE2JSHt8WLl2nmkvdceTLFcm5sKvGMkG%2BXXPbItzK3M5KZnWWrG%2B9tboWJ1Y4J40eg8qSkE%2F%2BApMlebr7zvRzvvJLC9KOYbMCcXZKZgFpxmDJHlwy1%2B8MgVXznjDxkGfFyNbC%2BaOSBErMMQ0LuP%2FhcF7vu3voWA80vQsdF%2BjZAj1VgKohXHZ5lCb29NrP9WkgVN4oVNY7CJVV9y%2BG6%2BRZRTQjPxJ%2BTYRRO4xa1OftqNEOaTsQrbBJA6SuZHs3fvsPAAD%2F%2FwEAAP%2F%2FjXDSFHQEAAA%3D HTTP/1.1 
Host: lightssyrupdecree.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Cookie: u_pl=15600826; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         173.233.137.60
HTTP/1.1 200 OK
Content-Type: image/gif
                                        
Server: nginx/1.19.5
Date: Fri, 25 Nov 2022 04:34:35 GMT
Content-Length: 7
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: d897b9c35d32e58954ab55997b6896e4
Strict-Transport-Security: max-age=0; includeSubdomains


--- Additional Info ---
Magic:  ASCII text, with no line terminators
Size:   7
Md5:    132d6af1b46048b45cf86cdee7991d31
Sha1:   eb7007d03d59b65bc6da7e098c4d38fc6dfb6285
Sha256: ab852e838deccd742a03ca81d4a8d75cf1a00b327db3eaf46bd7da6b6db9384c

Alerts:
  Blocklists:
    - quad9: Sinkholed
                                        
                                            GET /ren.gif?sid=H4sIAAAAAAAC%2F1RSz2sbRxSeTVwoDYW25NJDg25toci7%2BmFbzcHUTRxMXdtNUnyemZ2Vph7NLDM7WlmXmgRKDj0otx7Xn%2By4P0JoTu2lEORcWkMh6qGYUkP%2BhkKgtyJZoObBzHvffO%2Fwfe%2FNV%2Fv%2BjITw9HTrU9OTStH5ejksvbctdWxyV9q4XYrCcni1tC31Qu1qqTu%2BbOfDKKyXw%2FdLNwTfMfOVMArDKIxKq9KKxHTnJyxk%2BrARlRthuVYpR%2FUauvZl7HwARwPEnTPyFmQ8eqX162NIPoRu%2F3hNuJ3MpB9cb3tFM2PRiY8%2B1zva5BrtWZnYAIk%2BmnbDuBEh31yA0UdTBzCdg7EDMDkiwZ8RmD6aygTrHJ4rZQpCg8WXkHeGEGoISYfg5i5k%2FIwAPMbGJnT7wYaxOd09Z%2BmYHZG5F%2F9A5iMy9%2Fdl6PajFSW7pVtG%2BUwa7dBNCsjuELI5ROqPkfUCyPwYPLsDGf9O5l%2BsQ7cPNp0ykHExcS%2FlEDIZQok%2BqAvgx0cG8EkAnwZox6clWm8kYbiYsKRaXapxzqtVzutLC3E9rtaWkhCej%2BX1kaV9cNUHt3tI7R525P0RIXcOYP0TuFYBFwdw2YgEn%2B2hExfIBUHuCHJKkEuCPCPIO8VhrFzFFQ9i5TyLprkyzdViYLLmPj00WVNosp%2BekTfHwwle%2F%2FJd7IjTUiVKRLVRD5NaVBFhZYFXq0nEFrgQC1FVMAonC0h3YeK3J0fkSv0SUjkiry4%2FAaPHcOoYXL4B6t8BzQeLlRC0NagthejpnzXNvKWqJajKWs54y0WZK88QmwJpNodsN9hXZ%2BTtycIaP30LwU%2BWf3t%2B49Hl3nNwWyC1Bb6QTwma6t7gpsnJwU2TO%2FJ4M81kW%2FboeJm3MpqJi99%2FInZzY%2BO1a67%2F3Ud8TIzLh7eFy9apjqVuOvLDioxjYVeN5YL8sua2BdvyrrXirfbp%2BtbHq2vt1ArnpNFDUPnMfQ0uR%2BQ1cTj5plee%2Fgtph7C%2BQNufkGlAmiF4ugeXztQ7Q2DVrIelAXJfDGyFzR6VJFBihikr4P6H2azed%2FfQtAFodhe6XaBjC3RUAar6cP7iIEvtyfIf1UmAqWDAlA0OmLLq%2FvlonTwtiXoSJiKsCJY0WLJIw7iR1BqMNiKxyOo0QuZGfO%2F6X%2F8BAAD%2F%2FwEAAP%2F%2FPkGSC34EAAA%3D HTTP/1.1 
Host: reproductiontape.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Cookie: u_pl=17661735; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         173.233.137.36
HTTP/1.1 200 OK
Content-Type: image/gif
                                        
Server: nginx/1.19.5
Date: Fri, 25 Nov 2022 04:34:35 GMT
Content-Length: 7
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 5eaa5a6a0316ecc9a9e7a58f5f0bc54e
Strict-Transport-Security: max-age=0; includeSubdomains


--- Additional Info ---
Magic:  ASCII text, with no line terminators
Size:   7
Md5:    132d6af1b46048b45cf86cdee7991d31
Sha1:   eb7007d03d59b65bc6da7e098c4d38fc6dfb6285
Sha256: ab852e838deccd742a03ca81d4a8d75cf1a00b327db3eaf46bd7da6b6db9384c

Alerts:
  Blocklists:
    - fortinet: Malware
    - quad9: Sinkholed
                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "906B12ECB187E42E1A0522AD8A6418B1901F7C87ADB31AFE4B602E3756ADE39F"
Last-Modified: Wed, 23 Nov 2022 16:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9333
Expires: Fri, 25 Nov 2022 07:10:09 GMT
Date: Fri, 25 Nov 2022 04:34:36 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "94A7BD6AC9BD7809AFD8615A15A598F0BD81C00D65739193A7D26A1E0B400B49"
Last-Modified: Wed, 23 Nov 2022 16:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2054
Expires: Fri, 25 Nov 2022 05:08:50 GMT
Date: Fri, 25 Nov 2022 04:34:36 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "9D1088838A00C0D99333FB0E41C67616E11F6DF0169D4337A38AC3384E66ACA4"
Last-Modified: Wed, 23 Nov 2022 22:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10886
Expires: Fri, 25 Nov 2022 07:36:02 GMT
Date: Fri, 25 Nov 2022 04:34:36 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "9D1088838A00C0D99333FB0E41C67616E11F6DF0169D4337A38AC3384E66ACA4"
Last-Modified: Wed, 23 Nov 2022 22:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10886
Expires: Fri, 25 Nov 2022 07:36:02 GMT
Date: Fri, 25 Nov 2022 04:34:36 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: e1.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.36.76.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 345
ETag: "EA0FD5B59BC464C03F64E107247D245F8B9E65B5AD6593400952E0F978BA5251"
Last-Modified: Thu, 24 Nov 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3366
Expires: Fri, 25 Nov 2022 05:30:42 GMT
Date: Fri, 25 Nov 2022 04:34:36 GMT
Connection: keep-alive

                                        
                                            GET /pixel/purst?dl=0&th=0&sc=0&rs=4173&rd=4173&fd=1719&bv=22.10.v.10&tmpl=136 HTTP/1.1 
Host: ifknittedhurtful.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         192.243.59.13
HTTP/1.1 200 OK
                                        
Server: nginx/1.17.6
Date: Fri, 25 Nov 2022 04:34:36 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range


--- Additional Info ---
Magic:  
Size:   0
Md5:    d41d8cd98f00b204e9800998ecf8427e
Sha1:   da39a3ee5e6b4b0d3255bfef95601890afd80709
Sha256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Alerts:
  Blocklists:
    - quad9: Sinkholed
                                        
                                            POST / HTTP/1.1 
Host: e1.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.36.76.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 345
ETag: "EA0FD5B59BC464C03F64E107247D245F8B9E65B5AD6593400952E0F978BA5251"
Last-Modified: Thu, 24 Nov 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3366
Expires: Fri, 25 Nov 2022 05:30:42 GMT
Date: Fri, 25 Nov 2022 04:34:36 GMT
Connection: keep-alive

                                        
                                            GET /sb/au/e6/d7/97/e6d797a3a7be0e7ec1877d1b33146dfa/1657714258.html HTTP/1.1 
Host: cdn.barscreative1.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://xfantazy.com
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         45.133.44.4
HTTP/2 200 OK
content-type: text/html; charset=utf-8
                                        
date: Fri, 25 Nov 2022 04:34:36 GMT
server: nginx/1.17.6
last-modified: Wed, 13 Jul 2022 12:11:03 GMT
etag: W/"62ceb657-4a6"
cache-control: max-age=3600
access-control-allow-origin: *
access-control-expose-headers: Date
content-encoding: gzip
expires: Fri, 25 Nov 2022 05:34:36 GMT
x-proxy-cache: HIT
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  HTML document, ASCII text
Size:   403
Md5:    7af11c609bc1cd0ba8692aac78ce0a48
Sha1:   93a7a4b2afc623533ffec6edf15adab365812b45
Sha256: eb5b706390e15df5ffe68b8eddf9c1448617ff910c0e49822c0c210c02bed8d8

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /pixel/purst?dl=0&th=0&sc=0&rs=4317&rd=4317&fd=1787&bv=22.10.v.10&tmpl=136 HTTP/1.1 
Host: yearbookhobblespinal.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         173.233.137.36
HTTP/1.1 200 OK
                                        
Server: nginx/1.19.5
Date: Fri, 25 Nov 2022 04:34:36 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range


--- Additional Info ---
Magic:  
Size:   0
Md5:    d41d8cd98f00b204e9800998ecf8427e
Sha1:   da39a3ee5e6b4b0d3255bfef95601890afd80709
Sha256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Alerts:
  Blocklists:
    - quad9: Sinkholed
                                        
                                            GET /sb/chat/mob/ssp/v2/new/3/img/close.png HTTP/1.1 
Host: cdn.creative-bars1.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

search
                                         172.64.109.13
HTTP/2 200 OK
content-type: image/png
                                        
date: Fri, 25 Nov 2022 04:34:36 GMT
content-length: 5982
last-modified: Tue, 05 Jul 2022 10:43:39 GMT
etag: "62c415db-175e"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 830616
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=rYtV%2BtcwRMcYtGCPPBwhwjpuNIE4PNszFeTJTPTlB6LR3puFWX06UKolIci6yl8NdPAxOtMQ6opZOeoE1LeBaKPwY7G9hKmkBfAV3FOv7ov4mvSxfIttYUXKluPUNcb2o0sCHJH1vduL"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 76f7ac4129cbd188-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  PNG image data, 522 x 391, 8-bit/color RGBA, non-interlaced\012- data
Size:   5982
Md5:    c489ce2c491a22ee37a55e26a92dfd73
Sha1:   2fa588ab09e94dd902e5bd24b48f98ad1949c9d6
Sha256: 1eed147c7d5de6291c25fbc5274830c12d5549262fb144271576d4e15966e5bd
                                        
                                            GET /pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.barscreative1.com%2Fsb%2Fau%2Fb6%2Fcf%2F48%2Fb6cf48ca3e8ab4bdbcfaa2279b0fb2bc%2F1613726822.html&l=1274&fd=386 HTTP/1.1 
Host: reproductiontape.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Cookie: u_pl=17661735; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         173.233.137.36
HTTP/1.1 200 OK
                                        
Server: nginx/1.19.5
Date: Fri, 25 Nov 2022 04:34:36 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range


--- Additional Info ---
Magic:  
Size:   0
Md5:    d41d8cd98f00b204e9800998ecf8427e
Sha1:   da39a3ee5e6b4b0d3255bfef95601890afd80709
Sha256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Alerts:
  Blocklists:
    - quad9: Sinkholed
                                        
                                            GET /sb/au/b6/cf/48/b6cf48ca3e8ab4bdbcfaa2279b0fb2bc/1613726822.html HTTP/1.1 
Host: cdn.barscreative1.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://xfantazy.com
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         45.133.44.4
HTTP/2 200 OK
content-type: text/html; charset=utf-8
                                        
date: Fri, 25 Nov 2022 04:34:36 GMT
server: nginx/1.17.6
last-modified: Fri, 19 Feb 2021 09:27:09 GMT
etag: W/"602f846d-4fa"
cache-control: max-age=3600
access-control-allow-origin: *
access-control-expose-headers: Date
content-encoding: gzip
expires: Fri, 25 Nov 2022 05:34:36 GMT
x-proxy-cache: HIT
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  data
Size:   2263
Md5:    9024cad659e2d201b2f906852993e4c5
Sha1:   03d55aab13011a102894cf8547ec7abed2dfb6e4
Sha256: 2b89a7f27d56abecf8a08b1a7205d4eb2caf9498d54a21b1aa63f24d611da5fd

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            POST / HTTP/1.1 
Host: e1.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.36.76.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 345
ETag: "EA0FD5B59BC464C03F64E107247D245F8B9E65B5AD6593400952E0F978BA5251"
Last-Modified: Thu, 24 Nov 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3366
Expires: Fri, 25 Nov 2022 05:30:42 GMT
Date: Fri, 25 Nov 2022 04:34:36 GMT
Connection: keep-alive

                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         142.250.74.35
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Fri, 25 Nov 2022 04:34:36 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         142.250.74.35
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Fri, 25 Nov 2022 04:34:36 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            POST / HTTP/1.1 
Host: ocsp.digicert.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         93.184.220.29
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Accept-Ranges: bytes
Age: 5019
Cache-Control: max-age=93334
Date: Fri, 25 Nov 2022 04:34:36 GMT
Etag: "637efbd7-1d7"
Expires: Sat, 26 Nov 2022 06:30:10 GMT
Last-Modified: Thu, 24 Nov 2022 05:06:31 GMT
Server: ECS (ska/F714)
X-Cache: HIT
Content-Length: 471

                                        
                                            POST / HTTP/1.1 
Host: e1.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.36.76.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 344
ETag: "6428E7F877DC58C23C7AC0D9597D40DB3548026B8E5AA5F5C58706841B45BD1C"
Last-Modified: Thu, 24 Nov 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4656
Expires: Fri, 25 Nov 2022 05:52:12 GMT
Date: Fri, 25 Nov 2022 04:34:36 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: e1.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.36.76.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 344
ETag: "6428E7F877DC58C23C7AC0D9597D40DB3548026B8E5AA5F5C58706841B45BD1C"
Last-Modified: Thu, 24 Nov 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4656
Expires: Fri, 25 Nov 2022 05:52:12 GMT
Date: Fri, 25 Nov 2022 04:34:36 GMT
Connection: keep-alive

                                        
                                            GET /utx?cb=q89Mg5l7GtyT&top=xfantazy.com&tid=961956 HTTP/1.1 
Host: pemainedperio.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://xfantazy.com
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

search
                                         54.230.111.124
HTTP/2 204 No Content
                                        
date: Fri, 25 Nov 2022 04:34:36 GMT
server: openresty/1.17.8.2
access-control-allow-credentials: true
access-control-allow-origin: https://xfantazy.com
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
set-cookie: ut=x; Expires=Fri, 25 Nov 2022 04:35:36 GMT; Max-Age=60
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
x-cache: Miss from cloudfront
via: 1.1 db0992ba349fc51d5151ec8330e36c28.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: 2l6NCM4iQCrTVYVhSDXzqHmU1vNTX2Bf7si1W_2YC-YtYAYRgrxOWw==
X-Firefox-Spdy: h2

                                        
                                            GET /ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&uilel=3&hl=en&service=mail HTTP/1.1 
Host: accounts.google.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         216.58.207.237
HTTP/2 302 Found
content-type: text/html; charset=UTF-8
                                        
x-frame-options: DENY
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Fri, 25 Nov 2022 04:34:36 GMT
location: https://accounts.google.com/v3/signin/identifier?dsh=S1762565696%3A1669350876466042&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&hl=en&passive=true&service=mail&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&ifkv=ARgdvAuKMlINnnegAqSXpfj8W88ojcwPz27-HzrCAie94nhNxLSE2E5j3VtvSDx3UTDPFROsC_90sw
strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: require-trusted-types-for 'script';report-uri /cspreport, script-src 'nonce-UaaWqGLSrrtZMDt2_VMGUQ' 'unsafe-inline' 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /cspreport
report-to: {"group":"coop_gse_qebhlk","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gse_qebhlk"}]}
cross-origin-opener-policy-report-only: same-origin; report-to="coop_gse_qebhlk"
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 392
server: GSE
set-cookie: __Host-GAPS=1:fNqUNbEuAWvsKZ_1pIhMTnTo1STK6g:_85rVteaVpIB6k0a;Path=/;Expires=Sun, 24-Nov-2024 04:34:36 GMT;Secure;HttpOnly;Priority=HIGH
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (380)
Size:   392
Md5:    bef9b31187c7c02e6af3f254a1d9c849
Sha1:   774aafcf706244abe3ce5b85e598960446443f9e
Sha256: c64725807d7f2be93eeeea16935fbce56991d078408786e19b351bcec84f5d37
                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "5A7EBB4A3BFC1046CD3C07CEF6BD550F3452C3CF4D48D48E6428473F2DE44C51"
Last-Modified: Wed, 23 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5889
Expires: Fri, 25 Nov 2022 06:12:45 GMT
Date: Fri, 25 Nov 2022 04:34:36 GMT
Connection: keep-alive

                                        
                                            GET /utx?cb=WecJwUDqzXJa&top=xfantazy.com&tid=962014 HTTP/1.1 
Host: pemainedperio.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://xfantazy.com
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

search
                                         54.230.111.124
HTTP/2 204 No Content
                                        
date: Fri, 25 Nov 2022 04:34:36 GMT
server: openresty/1.17.8.2
access-control-allow-credentials: true
access-control-allow-origin: https://xfantazy.com
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
set-cookie: ut=x; Expires=Fri, 25 Nov 2022 04:35:36 GMT; Max-Age=60
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
x-cache: Miss from cloudfront
via: 1.1 db0992ba349fc51d5151ec8330e36c28.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: OcyCLi_61ZVNhUTOHiVeYNjParJsLXIux4ui5rqTgkXbzCTGdQadog==
X-Firefox-Spdy: h2

                                        
                                            GET /pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fchat%2Fmob%2Fssp%2Fv2%2Fnew%2F3%2Fcss%2Fstyle.css&l=4649&fd=121 HTTP/1.1 
Host: reproductiontape.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Cookie: u_pl=17661735; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         173.233.137.36
HTTP/1.1 200 OK
                                        
Server: nginx/1.19.5
Date: Fri, 25 Nov 2022 04:34:36 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range


--- Additional Info ---
Magic:  
Size:   0
Md5:    d41d8cd98f00b204e9800998ecf8427e
Sha1:   da39a3ee5e6b4b0d3255bfef95601890afd80709
Sha256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Alerts:
  Blocklists:
    - quad9: Sinkholed
                                        
                                            GET /sb/ssp/utility/social-media/facebook/css/style.css HTTP/1.1 
Host: cdn.creative-bars1.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://xfantazy.com
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

search
                                         172.64.109.13
HTTP/2 200 OK
content-type: text/css
                                        
date: Fri, 25 Nov 2022 04:34:36 GMT
last-modified: Fri, 27 Aug 2021 12:19:14 GMT
etag: W/"6128d842-18be"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 830574
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=M0Mhwrv%2FnOa3JrAEWr9zitF5088VkjOhT92lWPakLx37eMmwnOsc6%2BW9r%2FeeATyMGHHvTpCNh2%2BkghGgdksL8g2cmfBUdlQORN14HglsoEHIufaL4Q0HGLWIjXnQbapnoYLwK%2BN85K4r"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 76f7ac40e982d188-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text
Size:   1482
Md5:    908dce303e802b45f99455bfa3c26ef2
Sha1:   2f064693d34a6eac3903455fc3de8477c4554e40
Sha256: 60eed66130c70fbeb214c6ab5a7f747cfaaad001a5f10d33d3da7d57f70d6f98
                                        
                                            POST / HTTP/1.1 
Host: e1.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.36.76.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 344
ETag: "6428E7F877DC58C23C7AC0D9597D40DB3548026B8E5AA5F5C58706841B45BD1C"
Last-Modified: Thu, 24 Nov 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4656
Expires: Fri, 25 Nov 2022 05:52:12 GMT
Date: Fri, 25 Nov 2022 04:34:36 GMT
Connection: keep-alive

                                        
                                            GET /si/e2/d0/7c/e2d07cfc54a4a2629ecb06a4ac9d023c/1658144633.jpg HTTP/1.1 
Host: cdn.cloudimagesb.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         45.133.44.10
HTTP/2 200 OK
content-type: image/jpeg
                                        
date: Fri, 25 Nov 2022 04:34:36 GMT
content-length: 12632
server: nginx/1.17.6
last-modified: Mon, 18 Jul 2022 11:44:01 GMT
etag: "62d54781-3158"
expires: Sun, 27 Nov 2022 04:34:36 GMT
cache-control: max-age=172800
x-proxy-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 192x192, components 3\012- data
Size:   12632
Md5:    9a26092fd440aa10142a9e87e8370c2c
Sha1:   b1c33219c136dc2ee76d081d02f0cb9c15032f41
Sha256: ef6e3d4a4df9d2c4f104857ab7b5b545e6f3e6c0dda989d6fcd0707513136445