xfantazy.com/video/6051542a4ce90e0b3a572b0b?
172.64.163.22302 Found 0 B URL HTTP/1.1 xfantazy.com/video/6051542a4ce90e0b3a572b0b?
IP 172.64.163.22:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /video/6051542a4ce90e0b3a572b0b? HTTP/1.1
Host: xfantazy.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 302 Found
Date: Fri, 25 Nov 2022 04:34:31 GMT
Content-Length: 0
Connection: keep-alive
location: https://xfantazy.com/video/6051542a4ce90e0b3a572b0b?
cache-control: no-cache
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=iamgM%2BDj5YbVSNUFanrBUihLbjclqOYREKbihfqSgEURdlln0dTtp396eRaPvr1D4C6QdKziDo6A8o8ON%2F1p8YTBMbjxxq7J4ju8S%2BUITtZvRuyISlSoeKELgOkyKeA%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 76f7ac226c9672ae-LHR
alt-svc: h2=":443"; ma=60
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 7c60904d097cde276e4e5632cef1b9f1
4f805026462589345d85e8df2d18eafba6237504
12af026999398f4976749e320667d43da3f99b7a2e8254aca7a410a964a106aa
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "12AF026999398F4976749E320667D43DA3F99B7A2E8254ACA7A410A964A106AA"
Last-Modified: Thu, 24 Nov 2022 06:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11884
Expires: Fri, 25 Nov 2022 07:52:35 GMT
Date: Fri, 25 Nov 2022 04:34:31 GMT
Connection: keep-alive
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash af40a2fcf8debb90c3608002da6c907a
3c75d6c0b557a3bd8d5db50155b8d896e852c145
555617a51ee3077552545a29a3baf0b43e8a82367e4c08110ee480ebedc8b523
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 611
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Fri, 25 Nov 2022 04:34:31 GMT
Last-Modified: Fri, 25 Nov 2022 04:24:20 GMT
Server: ECS (ska/F714)
X-Cache: HIT
Content-Length: 471
firefox.settings.services.mozilla.com/v1/
34.102.187.140200 OK 939 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/
IP 34.102.187.140:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash 567df7db606cf5d0871aa5bc9311b6da
4263faac7cbab2fcaf6661911dcad5091c06be17
e9650e1fdc46fc8678708ddcc37ab369c7a6d50489a004be896f20c7a3a644b0
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Type, Retry-After, Content-Length, Alert, Backoff
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Fri, 25 Nov 2022 04:19:03 GMT
cache-control: public,max-age=3600
content-type: application/json
age: 928
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 260e9998c20d831b66f1029c8f47aac9
716d630f647c54dc69a7f9c63a6cac294b3df7f7
c9951a909f354174f0075a01c01c3c3aa6960983040e328bfbbbea81aeb405c2
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C9951A909F354174F0075A01C01C3C3AA6960983040E328BFBBBEA81AEB405C2"
Last-Modified: Thu, 24 Nov 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=13742
Expires: Fri, 25 Nov 2022 08:23:33 GMT
Date: Fri, 25 Nov 2022 04:34:31 GMT
Connection: keep-alive
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain
34.160.144.191200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain
IP 34.160.144.191:0
File type PEM certificate\012- , ASCII text
Hash 9ebddc2b260d081ebbefee47c037cb28
492bad62a7ca6a74738921ef5ae6f0be5edebf39
74bbb7cba16f7d084a08a0907d47d7496e5c148f904707ec6950f8f6a61027e5
GET /chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: FojPZJYaxcWy7aWW2Zzo2GhLheewgsHHpN55eyIN0iypZ/3RX5oOmseF1tvVmdzHAVf6RHb7zGQ=
x-amz-request-id: J3KJ3ARVZWVE4G1J
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Fri, 25 Nov 2022 03:43:41 GMT
age: 3050
last-modified: Thu, 10 Nov 2022 09:21:27 GMT
etag: "9ebddc2b260d081ebbefee47c037cb28"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
ocsp.pki.goog/s/gts1p5/PrU7zFTubJs
142.250.74.35200 OK 471 B URL HTTP/1.1 ocsp.pki.goog/s/gts1p5/PrU7zFTubJs
IP 142.250.74.35:0
Hash 3ac1246514072e571a9b3c94399856fe
331c8c09341fb9e357468c68da18d3abd3f7af5a
8d07e5f85f8b1c4ddf314e2855f02bbbb384ce334d85ee1aa11c27d8dc54f4c7
POST /s/gts1p5/PrU7zFTubJs HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 25 Nov 2022 04:34:31 GMT
Cache-Control: public, max-age=14400
Server: scaffolding on HTTPServer2
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Fri, 25 Nov 2022 04:34:31 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
ocsp.pki.goog/s/gts1p5/PrU7zFTubJs
142.250.74.35200 OK 471 B URL HTTP/1.1 ocsp.pki.goog/s/gts1p5/PrU7zFTubJs
IP 142.250.74.35:0
Hash 3ac1246514072e571a9b3c94399856fe
331c8c09341fb9e357468c68da18d3abd3f7af5a
8d07e5f85f8b1c4ddf314e2855f02bbbb384ce334d85ee1aa11c27d8dc54f4c7
POST /s/gts1p5/PrU7zFTubJs HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 25 Nov 2022 04:34:32 GMT
Cache-Control: public, max-age=14400
Server: scaffolding on HTTPServer2
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.35200 OK 472 B IP 142.250.74.35:0
Hash b44543de9922ec7d97f2e0be1865553e
caef856450efd75de0cfae9402903b1f4bd6de4c
d251377b4bc11c32a847ce4dc5dfda92e56031617f5b3eeea54fdcd0945b3eb7
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 25 Nov 2022 04:34:32 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
34.102.187.140200 OK 329 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 34.102.187.140:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Backoff, Pragma, Alert, Content-Type, ETag, Retry-After, Last-Modified, Content-Length, Cache-Control, Expires
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Fri, 25 Nov 2022 04:08:53 GMT
cache-control: public,max-age=3600
age: 1539
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
alt-svc: clear
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.35200 OK 472 B IP 142.250.74.35:0
Hash b44543de9922ec7d97f2e0be1865553e
caef856450efd75de0cfae9402903b1f4bd6de4c
d251377b4bc11c32a847ce4dc5dfda92e56031617f5b3eeea54fdcd0945b3eb7
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 25 Nov 2022 04:34:32 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.sectigo.com/
172.64.155.188200 OK 472 B IP 172.64.155.188:0
Hash 090a712ffd3fe703f9d001c547c88374
80f500c9cc1b84c3b799fc6f055ac1701464a2cc
db5d1b45ea9fe0e2b3297c6c93e4c8c71f1462e3ebe646f057da841920cb1e88
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 25 Nov 2022 04:34:32 GMT
Content-Type: application/ocsp-response
Content-Length: 472
Connection: keep-alive
Last-Modified: Tue, 22 Nov 2022 15:14:19 GMT
Expires: Tue, 29 Nov 2022 15:14:18 GMT
Etag: "80f500c9cc1b84c3b799fc6f055ac1701464a2cc"
Cache-Control: max-age=383385,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb1
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 76f7ac27c8ff0b3d-OSL
xfantazy.com/_next/static/chunks/commons.9b890646c0aa33eb63fe.js
172.64.162.22200 OK 401 kB URL HTTP/2 xfantazy.com/_next/static/chunks/commons.9b890646c0aa33eb63fe.js
IP 172.64.162.22:0
File type ASCII text, with very long lines (65536), with no line terminators
Size 401 kB (400695 bytes)
Hash 578813045c70d47798ef07e6a4bbd139
2df333c3a2f7ad554669f86eb392699fb88c3bff
b9112b8100670f1963c4a6c71f692fdb94405695f7773b12bb18555390aa02b2
GET /_next/static/chunks/commons.9b890646c0aa33eb63fe.js HTTP/1.1
Host: xfantazy.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/video/6051542a4ce90e0b3a572b0b?
Cookie: visitorId=aunxcne9m2bdujejini09; experiment-popup-payment-7=0; experiment-save-to-button-2=0
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Fri, 25 Nov 2022 04:34:32 GMT
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=31536000, immutable
cf-bgj: minify
cf-polished: origSize=1388386
etag: W/"152f62-1826d2b9f14"
last-modified: Fri, 05 Aug 2022 08:42:31 GMT
vary: Origin, Accept-Encoding
cf-cache-status: HIT
age: 9661826
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ETWYRcnmHZ40OUlOIaiDBXbfLN1VotDFcJEatl5pnkHMQex8x89MQRSNxiqXYR%2FKd4Tp5Ta7uJzqPOEVx4V5hDkPZaLzBe6uNWJC28uBZhLTsbSSmYYVEM6U5OZvaCw%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 76f7ac270d0875db-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
static-cache.k2s.cc/thumbnail/d7nAvXbzw6e9-DvE_w/w320h240/0.jpeg
188.72.235.185200 OK 11 kB URL HTTP/2 static-cache.k2s.cc/thumbnail/d7nAvXbzw6e9-DvE_w/w320h240/0.jpeg
IP 188.72.235.185:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v80), quality = 80", baseline, precision 8, 320x240, components 3\012- data
Hash 125a4edcf33be62b9e9e7b19bad888db
43027be2f9a90fa08be93b3f8ff8f7446b2863b6
8b5427269ecdb82208e60b8aef37b87238ea7ff55e3ac272b86d2f01ed7af8c3
GET /thumbnail/d7nAvXbzw6e9-DvE_w/w320h240/0.jpeg HTTP/1.1
Host: static-cache.k2s.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: openresty
date: Fri, 25 Nov 2022 04:34:32 GMT
content-type: image/jpeg
content-length: 10663
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
access-control-allow-origin: *
x-cache-status: HIT
X-Firefox-Spdy: h2
static-cache.k2s.cc/thumbnail/J-ub7HHwya7lrD2Wqw/w320h240/0.jpeg
188.72.235.185200 OK 8.5 kB URL HTTP/2 static-cache.k2s.cc/thumbnail/J-ub7HHwya7lrD2Wqw/w320h240/0.jpeg
IP 188.72.235.185:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v80), quality = 80", baseline, precision 8, 320x240, components 3\012- data
Hash 98820ad936b52a2b8c6b63d974812a30
e2e7bb461a9c3fe4ea8cac668b612fedad208c76
423bf00686050fc5923adc3d55cf5adff63dee08aa5aff13b1de4880296b17eb
GET /thumbnail/J-ub7HHwya7lrD2Wqw/w320h240/0.jpeg HTTP/1.1
Host: static-cache.k2s.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: openresty
date: Fri, 25 Nov 2022 04:34:32 GMT
content-type: image/jpeg
content-length: 8546
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
access-control-allow-origin: *
x-cache-status: HIT
X-Firefox-Spdy: h2
static-cache.k2s.cc/thumbnail/JOyRu36kn_3p_jvC_Q/w320h240/0.jpeg
188.72.235.185200 OK 13 kB URL HTTP/2 static-cache.k2s.cc/thumbnail/JOyRu36kn_3p_jvC_Q/w320h240/0.jpeg
IP 188.72.235.185:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v80), quality = 80", baseline, precision 8, 320x240, components 3\012- data
Hash d1125deed4e2e12de538306048958066
71a3b41b7f8261310c90232733e7d5d0bef47fb5
68d017adc263b0e6f17e6f28267b28c43163ed226e1e1c714e477547a581673b
GET /thumbnail/JOyRu36kn_3p_jvC_Q/w320h240/0.jpeg HTTP/1.1
Host: static-cache.k2s.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: openresty
date: Fri, 25 Nov 2022 04:34:32 GMT
content-type: image/jpeg
content-length: 13048
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
access-control-allow-origin: *
x-cache-status: HIT
X-Firefox-Spdy: h2
static-cache.k2s.cc/thumbnail/IeiT6CKmm6e6_mnCrQ/w320h240/0.jpeg
188.72.235.185200 OK 14 kB URL HTTP/2 static-cache.k2s.cc/thumbnail/IeiT6CKmm6e6_mnCrQ/w320h240/0.jpeg
IP 188.72.235.185:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v80), quality = 80", baseline, precision 8, 320x240, components 3\012- data
Hash be81a13d6635a5820793ab78dddfac41
9e35426095a3635b3a57ffdc7649edeb5088572f
8d763c5b9254996d169a5ee95034f6aeb78929a3ef9294457d723bdcdc471bf5
GET /thumbnail/IeiT6CKmm6e6_mnCrQ/w320h240/0.jpeg HTTP/1.1
Host: static-cache.k2s.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: openresty
date: Fri, 25 Nov 2022 04:34:32 GMT
content-type: image/jpeg
content-length: 14116
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
access-control-allow-origin: *
x-cache-status: HIT
X-Firefox-Spdy: h2
xfantazy.com/_next/static/chunks/16.2fcecc4fbe403da70f1d.js
172.64.162.22200 OK 6.7 kB URL HTTP/2 xfantazy.com/_next/static/chunks/16.2fcecc4fbe403da70f1d.js
IP 172.64.162.22:0
File type ASCII text, with very long lines (20298), with no line terminators
Hash 0e418dfd11118e1c9ef27d8a7b48b306
7f12af27027f53af47171735aac4d4b9c3c5e990
d5c2aac37d0c38d3d48963974720d811bc61e371a56f72d182d4dfbd54572c58
GET /_next/static/chunks/16.2fcecc4fbe403da70f1d.js HTTP/1.1
Host: xfantazy.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/video/6051542a4ce90e0b3a572b0b?
Cookie: visitorId=aunxcne9m2bdujejini09; experiment-popup-payment-7=0; experiment-save-to-button-2=0
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Fri, 25 Nov 2022 04:34:32 GMT
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=31536000, immutable
cf-bgj: minify
etag: W/"4f4a-1835015f16a"
last-modified: Sun, 18 Sep 2022 10:12:38 GMT
vary: Origin, Accept-Encoding
cf-cache-status: HIT
age: 2581860
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=zSq24LC3Am7AMOhprB5Jn3PsKnX2i05dE4I6maKtT2puDZcZggMnIfAn7bXhXno4%2FO4s0QMsy0oCFINP%2B4LAoYbhsfW5kkaBRr9gbBO1aBy9670ekQLO6arBArchSnc%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 76f7ac270d0b75db-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.sectigo.com/
172.64.155.188200 OK 472 B IP 172.64.155.188:0
Hash 090a712ffd3fe703f9d001c547c88374
80f500c9cc1b84c3b799fc6f055ac1701464a2cc
db5d1b45ea9fe0e2b3297c6c93e4c8c71f1462e3ebe646f057da841920cb1e88
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 25 Nov 2022 04:34:32 GMT
Content-Type: application/ocsp-response
Content-Length: 472
Connection: keep-alive
Last-Modified: Tue, 22 Nov 2022 15:14:19 GMT
Expires: Tue, 29 Nov 2022 15:14:18 GMT
Etag: "80f500c9cc1b84c3b799fc6f055ac1701464a2cc"
Cache-Control: max-age=383385,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb5
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 76f7ac27cb86b521-OSL
ocsp.sectigo.com/
172.64.155.188200 OK 472 B IP 172.64.155.188:0
Hash 090a712ffd3fe703f9d001c547c88374
80f500c9cc1b84c3b799fc6f055ac1701464a2cc
db5d1b45ea9fe0e2b3297c6c93e4c8c71f1462e3ebe646f057da841920cb1e88
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 25 Nov 2022 04:34:32 GMT
Content-Type: application/ocsp-response
Content-Length: 472
Connection: keep-alive
Last-Modified: Tue, 22 Nov 2022 15:14:19 GMT
Expires: Tue, 29 Nov 2022 15:14:18 GMT
Etag: "80f500c9cc1b84c3b799fc6f055ac1701464a2cc"
Cache-Control: max-age=383385,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb3
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 76f7ac27b89eb517-OSL
xfantazy.com/_next/static/CQQjK-JMZPEm6YR1Hp7eX/pages/video.js
172.64.162.22200 OK 45 kB URL HTTP/2 xfantazy.com/_next/static/CQQjK-JMZPEm6YR1Hp7eX/pages/video.js
IP 172.64.162.22:0
File type ASCII text, with very long lines (22910), with no line terminators
Hash 40254749abd5e34659c73bf59a587410
67cd2a00f59e1f6115d3966a2b0e226f784afe9a
b88960ad56998e6ca92c48bbe51213ca266f116698a4963eed62208e5ba701be
GET /_next/static/CQQjK-JMZPEm6YR1Hp7eX/pages/video.js HTTP/1.1
Host: xfantazy.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/video/6051542a4ce90e0b3a572b0b?
Cookie: visitorId=aunxcne9m2bdujejini09; experiment-popup-payment-7=0; experiment-save-to-button-2=0
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Fri, 25 Nov 2022 04:34:32 GMT
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=31536000, immutable
cf-bgj: minify
etag: W/"597e-18350160ab4"
last-modified: Sun, 18 Sep 2022 10:12:45 GMT
vary: Origin, Accept-Encoding
cf-cache-status: HIT
age: 5854655
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2FJMVkbfqpcofwntnoiOm7cqTJS2V9ZgFugbOBCiBQ%2Fq%2FtFrqzhxGsLtRE6ehSNj5GkVwfWdjEv%2B1mILV%2F99w0HFcYPbO7D41lG%2Bo1BvL1hNFkBSz0vdTuEbrPY%2BCh7w%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 76f7ac270d0675db-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
www.googletagmanager.com/gtm.js?id=GTM-PLKQLTX
142.250.74.168200 OK 54 kB URL HTTP/2 www.googletagmanager.com/gtm.js?id=GTM-PLKQLTX
IP 142.250.74.168:0
File type ASCII text, with very long lines (15971)
Hash 97caec1a07b0d07a0f7ca5cbfd4f1fcb
02dbb9d226967b9aae872b15f1e9181d2d525027
0d39286e9dcb4b14a2223f034a07aa354e10e7e228798e5e12afbd549fa91ec0
GET /gtm.js?id=GTM-PLKQLTX HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Fri, 25 Nov 2022 04:34:32 GMT
expires: Fri, 25 Nov 2022 04:34:32 GMT
cache-control: private, max-age=900
last-modified: Fri, 25 Nov 2022 03:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 54293
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.sectigo.com/
172.64.155.188200 OK 472 B IP 172.64.155.188:0
Hash 090a712ffd3fe703f9d001c547c88374
80f500c9cc1b84c3b799fc6f055ac1701464a2cc
db5d1b45ea9fe0e2b3297c6c93e4c8c71f1462e3ebe646f057da841920cb1e88
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 25 Nov 2022 04:34:32 GMT
Content-Type: application/ocsp-response
Content-Length: 472
Connection: keep-alive
Last-Modified: Tue, 22 Nov 2022 15:14:19 GMT
Expires: Tue, 29 Nov 2022 15:14:18 GMT
Etag: "80f500c9cc1b84c3b799fc6f055ac1701464a2cc"
Cache-Control: max-age=383385,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb4
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 76f7ac27bb21b51d-OSL
ocsp.pki.goog/gts1c3
142.250.74.35200 OK 472 B IP 142.250.74.35:0
Hash aee1eaa2ef2d0edbb0bc5703979e6439
8baa6d1cdd85ce2c5b6e30bd7a60096eeafce4db
095cc1e6ce8241ba22f88cb66d752587909fea3dc66936a72c369ef74b3134f1
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 25 Nov 2022 04:34:32 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.35200 OK 472 B IP 142.250.74.35:0
Hash aee1eaa2ef2d0edbb0bc5703979e6439
8baa6d1cdd85ce2c5b6e30bd7a60096eeafce4db
095cc1e6ce8241ba22f88cb66d752587909fea3dc66936a72c369ef74b3134f1
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 25 Nov 2022 04:34:32 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.35200 OK 472 B IP 142.250.74.35:0
Hash 87de3dd2c7dce12b01a337d1554a222a
30e0bd68bbb78995aa8a0686ac02848fd5a7a699
533c21806ef66401ea5faeeb37366a33f19f0e9052b4fb06f22981ec73b21a59
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 25 Nov 2022 04:34:32 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
xfantazy.com/_next/static/chunks/7.38d845e9473548212694.js
172.64.162.22200 OK 26 kB URL HTTP/2 xfantazy.com/_next/static/chunks/7.38d845e9473548212694.js
IP 172.64.162.22:0
File type ASCII text, with very long lines (38842), with no line terminators
Hash 619d28de9fa9c57889ba72380f7ccdb8
ead1f9e4a1285f965b582a120386715054fdb01a
d09b3a73f03420a8bdcdb51604bd183e06dc180d32f4663852bd0bd7a5873a39
GET /_next/static/chunks/7.38d845e9473548212694.js HTTP/1.1
Host: xfantazy.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/video/6051542a4ce90e0b3a572b0b?
Cookie: visitorId=aunxcne9m2bdujejini09; experiment-popup-payment-7=0; experiment-save-to-button-2=0
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Fri, 25 Nov 2022 04:34:32 GMT
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=31536000, immutable
cf-bgj: minify
etag: W/"97ba-183501608ac"
last-modified: Sun, 18 Sep 2022 10:12:44 GMT
vary: Origin, Accept-Encoding
cf-cache-status: HIT
age: 2581816
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=mItFbtmEHzrC5DzvqFWqpMpFh1wii%2BqNmHrWT2%2BcSdKPUp2IbMKDmjaExgQxLCSw9GS1BavoIKoSiATe5xxRHXmiOPPa%2BIL%2F%2FRr9zrHL6DSTyPWwy8F8vZ7MlMDVGCc%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 76f7ac270d0975db-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.35200 OK 472 B IP 142.250.74.35:0
Hash a0111a2443450172e5d2b48d350a8f57
75e89d4cd001303e66a93880f96d6c47e7d665ab
c9865c82b8f373aeb3a7333b0f65408211d832aba753c35d3544ecb2913f4f64
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 25 Nov 2022 04:34:32 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2
216.58.207.195200 OK 16 kB URL HTTP/2 fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2
IP 216.58.207.195:0
File type Web Open Font Format (Version 2), TrueType, length 15860, version 1.0\012- data
Hash e9f5aaf547f165386cd313b995dddd8e
acdef5603c2387b0e5bffd744b679a24a8bc1968
f5aebdfea35d1e7656ef4acc5db1f243209755ae3300943ef8fc6280f363c860
GET /s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://xfantazy.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15860
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 23 Nov 2022 18:53:49 GMT
expires: Thu, 23 Nov 2023 18:53:49 GMT
cache-control: public, max-age=31536000
age: 121243
last-modified: Wed, 11 May 2022 19:24:42 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmEU9fBBc4.woff2
216.58.207.195200 OK 16 kB URL HTTP/2 fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmEU9fBBc4.woff2
IP 216.58.207.195:0
File type Web Open Font Format (Version 2), TrueType, length 15920, version 1.0\012- data
Hash 3a44e06eb954b96aa043227f3534189d
23cef6993ddb2b2979e8e7647fc3763694e2ba7d
b019538234514166ec7665359d097403358f8a4c991901983922fb4d56989f1e
GET /s/roboto/v30/KFOlCnqEu92Fr1MmEU9fBBc4.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://xfantazy.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15920
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 23 Nov 2022 14:07:32 GMT
expires: Thu, 23 Nov 2023 14:07:32 GMT
cache-control: public, max-age=31536000
age: 138420
last-modified: Wed, 11 May 2022 19:24:45 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.35200 OK 472 B IP 142.250.74.35:0
Hash 87de3dd2c7dce12b01a337d1554a222a
30e0bd68bbb78995aa8a0686ac02848fd5a7a699
533c21806ef66401ea5faeeb37366a33f19f0e9052b4fb06f22981ec73b21a59
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 25 Nov 2022 04:34:32 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
push.services.mozilla.com/
54.189.139.67101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 54.189.139.67:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: 8SuSZ6MSSb335i+DymIAbA==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: WhZhQCHeW3rrYv9NiM059NAULJc=
www.google-analytics.com/analytics.js
142.250.74.174200 OK 20 kB URL HTTP/2 www.google-analytics.com/analytics.js
IP 142.250.74.174:0
File type ASCII text, with very long lines (1325)
Hash 47e6f374ca946fddd5b59871b325736c
baa9282efc8785e84d247c3bff518eaa45f101c4
16580b5c87c58e5702e411f1888fdef511094e4cd6d62bb47d16291ffb25985e
GET /analytics.js HTTP/1.1
Host: www.google-analytics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 20039
date: Fri, 25 Nov 2022 02:41:08 GMT
expires: Fri, 25 Nov 2022 04:41:08 GMT
cache-control: public, max-age=7200
age: 6804
last-modified: Tue, 27 Sep 2022 22:01:05 GMT
content-type: text/javascript
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
cdn.jsdelivr.net/npm/yandex-metrica-watch/tag.js
151.101.85.229200 OK 85 kB URL HTTP/2 cdn.jsdelivr.net/npm/yandex-metrica-watch/tag.js
IP 151.101.85.229:0
File type Unicode text, UTF-8 (with BOM) text, with very long lines (587)
Hash 48c6510db10510d25a14e132b6c6bd1a
de1feca854233a18bd70d0484154bcacbd138c1d
73c6bbad275690c160ed6e68c4cd317e8c8bc46e3ca5a1445d6195bfa3ef100b
GET /npm/yandex-metrica-watch/tag.js HTTP/1.1
Host: cdn.jsdelivr.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: *
timing-allow-origin: *
cache-control: public, max-age=604800, s-maxage=43200
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/javascript; charset=utf-8
x-jsd-version: 1.249.0
x-jsd-version-type: version
etag: W/"346a1-5pJjF6sMSAvD5NiPdWPuLzoQQcw"
content-encoding: gzip
accept-ranges: bytes
date: Fri, 25 Nov 2022 04:34:32 GMT
age: 36610
x-served-by: cache-fra-eddf8230060-FRA, cache-bma1682-BMA
x-cache: HIT, HIT
vary: Accept-Encoding
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 85108
X-Firefox-Spdy: h2
ocsp.globalsign.com/ca/gsatlasr3dvtlsca2022q1
104.18.21.226200 OK 16 kB URL HTTP/1.1 ocsp.globalsign.com/ca/gsatlasr3dvtlsca2022q1
IP 104.18.21.226:0
Hash 90c2787d73615138c6abe3e2ca95dcdb
98eb8b73fad582e36a94b831d829fb6271bcd1d7
a627e02a53ab4ad42a9f02d4705c81e37ac9040094e9bca71c1bd275865fb9a5
POST /ca/gsatlasr3dvtlsca2022q1 HTTP/1.1
Host: ocsp.globalsign.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 25 Nov 2022 04:34:32 GMT
Content-Type: application/ocsp-response
Transfer-Encoding: chunked
Connection: keep-alive
Etag: "018A3951B41DEF6AA2ED1611866A7E5A897CA95C"
Expires: Fri, 25 Nov 2022 15:00:00 GMT
Last-Modified: Fri, 25 Nov 2022 03:00:00 UTC
Cache-Control: s-maxage=3600, public, no-transform, must-revalidate
CF-Cache-Status: HIT
Age: 1984
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 76f7ac2b9f1ffac8-OSL
a.naturalhealthsource.club/zRdVuw7.js
135.181.208.216200 OK 37 kB URL HTTP/2 a.naturalhealthsource.club/zRdVuw7.js
IP 135.181.208.216:0
ASN #24940 Hetzner Online GmbH
Hash 9d2fc4e98a8fcb01a3513c2b63d763ee
16d6c946c5ea6bf87c47c4ac4ea5a675208faba2
c150c66fcb4046136dbe12330c525eaa6ec2630e5aeb33cd8f82ef326bbc5623
GET /zRdVuw7.js HTTP/1.1
Host: a.naturalhealthsource.club
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Fri, 25 Nov 2022 04:34:33 GMT
content-type: application/javascript
last-modified: Sat, 22 Oct 2022 11:28:35 GMT
etag: W/"6353d3e3-1cfaf"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000, public
vary: Accept-Encoding, Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 a30105057fbcc8761b99df13f333a9ea.cloudfront.net (CloudFront)
x-amz-cf-pop: ARN54-C1
alt-svc: h3=":443"; ma=86400
x-amz-cf-id: 3dhIfSF4qVJIn0erZwVR93Bg4fc358zoUV_hJgeGJlX-w2eKgXtYuw==
age: 2570725
x-frame-options: DENY
x-content-type-options: nosniff
content-encoding: gzip
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 1.6 kB IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash d90c672eff33f4747f496caa2d4af6ff
8db2df92ad95e63d25af7aa3902cf29131625fa9
d9a457f10f38f897731fe1c6cda956052be0e157745902f43f82ed2db038669e
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "2F2DAD5175C4AF75DE29B95E624718E6357D2F7C685C71AF04C2E89B87860AD7"
Last-Modified: Thu, 24 Nov 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=18524
Expires: Fri, 25 Nov 2022 09:43:17 GMT
Date: Fri, 25 Nov 2022 04:34:33 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 4.2 kB IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 37f079f5855e02d16cb6d537ca6d0d55
7b86de9e9f770744b0b80ae65f08eae2a5952c4d
17d8f5e3d61b280281d448cd7248ba5a7c74b49d5b912a3d212ca7a768c569db
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "EAC3156A5E13751A4CF955318DA2DEDA872F12001D9D7928F0F386A5934D7AF3"
Last-Modified: Thu, 24 Nov 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=1283
Expires: Fri, 25 Nov 2022 04:55:56 GMT
Date: Fri, 25 Nov 2022 04:34:33 GMT
Connection: keep-alive
mc.yandex.ru/watch/49415098/1?wmode=7&page-url=https%3A%2F%2Fxfantazy.com%2Fvideo%2F6051542a4ce90e0b3a572b0b%3F&charset=utf-8&browser-info=pv%3A1%3Agdpr%3A14%3Avf%3A15ly4knov7onia7cw1aby4%3Afp%3A1141%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A923%3Acn%3A1%3Adp%3A0%3Als%3A1311919842147%3Ahid%3A65875391%3Az%3A0%3Ai%3A20221125043432%3Aet%3A1669350873%3Ac%3A1%3Arn%3A944215714%3Arqn%3A1%3Au%3A1669350873358294287%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ads%3A0%2C94%2C267%2C0%2C356%2C0%2C%2C238%2C9%2C%2C%2C%2C1147%3Ans%3A1669350870843%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1669350873%3At%3Aonline%20xxx%20video%2032%20Pure%20Taboo%20-%20Gia%20Derza%20%7C%20art%20%7C%20hardcore%20porn%20hardcore%20sex%20reporter%20gif%20-%20XFantazy.com&t=gdpr%2814%29clc%280-0-0%29rqnt%281%29aw%281%29fip%281%29rqnl%281%29ti%282%29
77.88.21.119200 OK 419 B URL HTTP/2 mc.yandex.ru/watch/49415098/1?wmode=7&page-url=https%3A%2F%2Fxfantazy.com%2Fvideo%2F6051542a4ce90e0b3a572b0b%3F&charset=utf-8&browser-info=pv%3A1%3Agdpr%3A14%3Avf%3A15ly4knov7onia7cw1aby4%3Afp%3A1141%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A923%3Acn%3A1%3Adp%3A0%3Als%3A1311919842147%3Ahid%3A65875391%3Az%3A0%3Ai%3A20221125043432%3Aet%3A1669350873%3Ac%3A1%3Arn%3A944215714%3Arqn%3A1%3Au%3A1669350873358294287%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ads%3A0%2C94%2C267%2C0%2C356%2C0%2C%2C238%2C9%2C%2C%2C%2C1147%3Ans%3A1669350870843%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1669350873%3At%3Aonline%20xxx%20video%2032%20Pure%20Taboo%20-%20Gia%20Derza%20%7C%20art%20%7C%20hardcore%20porn%20hardcore%20sex%20reporter%20gif%20-%20XFantazy.com&t=gdpr%2814%29clc%280-0-0%29rqnt%281%29aw%281%29fip%281%29rqnl%281%29ti%282%29
IP 77.88.21.119:0
File type JSON data\012- , ASCII text, with very long lines (419), with no line terminators
Hash 5eeab3e669d4c5f05bb905422fb7635c
31d0f00129b49bcf3ab28a1db4a6d80a89c0e218
6e0a6ac8ed96b6e5af727d8d5dd279365a001c94c0f290a7434ed83b6db584e2
GET /watch/49415098/1?wmode=7&page-url=https%3A%2F%2Fxfantazy.com%2Fvideo%2F6051542a4ce90e0b3a572b0b%3F&charset=utf-8&browser-info=pv%3A1%3Agdpr%3A14%3Avf%3A15ly4knov7onia7cw1aby4%3Afp%3A1141%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A923%3Acn%3A1%3Adp%3A0%3Als%3A1311919842147%3Ahid%3A65875391%3Az%3A0%3Ai%3A20221125043432%3Aet%3A1669350873%3Ac%3A1%3Arn%3A944215714%3Arqn%3A1%3Au%3A1669350873358294287%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ads%3A0%2C94%2C267%2C0%2C356%2C0%2C%2C238%2C9%2C%2C%2C%2C1147%3Ans%3A1669350870843%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1669350873%3At%3Aonline%20xxx%20video%2032%20Pure%20Taboo%20-%20Gia%20Derza%20%7C%20art%20%7C%20hardcore%20porn%20hardcore%20sex%20reporter%20gif%20-%20XFantazy.com&t=gdpr%2814%29clc%280-0-0%29rqnt%281%29aw%281%29fip%281%29rqnl%281%29ti%282%29 HTTP/1.1
Host: mc.yandex.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://xfantazy.com
Referer: https://xfantazy.com/
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-length: 419
date: Fri, 25 Nov 2022 04:34:33 GMT
x-content-type-options: nosniff
access-control-allow-origin: https://xfantazy.com
access-control-allow-credentials: true
pragma: no-cache
x-xss-protection: 1; mode=block
expires: Fri, 25-Nov-2022 04:34:33 GMT
last-modified: Fri, 25-Nov-2022 04:34:33 GMT
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
content-type: application/json; charset=utf-8
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
mc.yandex.ru/metrika/advert.gif
77.88.21.119200 OK 43 B URL HTTP/2 mc.yandex.ru/metrika/advert.gif
IP 77.88.21.119:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash df3e567d6f16d040326c7a0ea29a4f41
ea7df583983133b62712b5e73bffbcd45cc53736
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
GET /metrika/advert.gif HTTP/1.1
Host: mc.yandex.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-length: 43
date: Fri, 25 Nov 2022 04:34:33 GMT
access-control-allow-origin: *
etag: "637f41b2-2b"
expires: Fri, 25 Nov 2022 05:34:33 GMT
accept-ranges: bytes
last-modified: Thu, 24 Nov 2022 13:04:34 GMT
cache-control: max-age=3600
content-type: image/gif
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
exploredefinitely.com/a2/f9/90/a2f990f10476061c719d1c1aa3a2ecd2.js
173.233.137.60200 OK 13 kB URL HTTP/1.1 exploredefinitely.com/a2/f9/90/a2f990f10476061c719d1c1aa3a2ecd2.js
IP 173.233.137.60:0
File type ASCII text, with very long lines (37164), with no line terminators
Hash e9be4af3a0cff955b5721db2a014262f
62ffd09e6353a6715b7adf3edf6b297ca6185fb0
9e8bdeff67ac9724f58ff8430bda2d96bf8964d590f6f1292506cd8b7b99ae46
GET /a2/f9/90/a2f990f10476061c719d1c1aa3a2ecd2.js HTTP/1.1
Host: exploredefinitely.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Fri, 25 Nov 2022 04:34:33 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 49020fe8fd88b73df80e1b44d41d7b52
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
ocsp.pki.goog/gts1c3
142.250.74.35200 OK 472 B IP 142.250.74.35:0
Hash d3d2d21ac304813a16da64921ce18ba4
98b1762c675c61eeb18254986461e6b1074ebc92
af00429c189464ddb8df704dc48035421f943444df6ca17390fb97466c2e7e9b
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 25 Nov 2022 04:34:33 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j98&tid=UA-121614197-2&cid=114694667.1669350873&jid=265596840&gjid=1940512941&_gid=1045273581.1669350873&_u=YGBAiEABBAAAAEAAI~&z=156207599
142.251.1.154200 OK 1 B URL HTTP/2 stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j98&tid=UA-121614197-2&cid=114694667.1669350873&jid=265596840&gjid=1940512941&_gid=1045273581.1669350873&_u=YGBAiEABBAAAAEAAI~&z=156207599
IP 142.251.1.154:0
File type very short file (no magic)
Hash c4ca4238a0b923820dcc509a6f75849b
356a192b7913b04c54574d18c28d46e6395428ab
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
POST /j/collect?t=dc&aip=1&_r=3&v=1&_v=j98&tid=UA-121614197-2&cid=114694667.1669350873&jid=265596840&gjid=1940512941&_gid=1045273581.1669350873&_u=YGBAiEABBAAAAEAAI~&z=156207599 HTTP/1.1
Host: stats.g.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 0
Origin: https://xfantazy.com
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: https://xfantazy.com
strict-transport-security: max-age=10886400; includeSubDomains; preload
date: Fri, 25 Nov 2022 04:34:33 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
last-modified: Sun, 17 May 1998 03:00:00 GMT
access-control-allow-credentials: true
x-content-type-options: nosniff
content-type: text/plain
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 1
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
skiingsettling.com/21/fe/39/21fe3950f412e026c33f1b6cee613eba.js
192.243.61.227200 OK 15 kB URL HTTP/1.1 skiingsettling.com/21/fe/39/21fe3950f412e026c33f1b6cee613eba.js
IP 192.243.61.227:0
ASN #39572 DataWeb Global Group B.V.
Hash aaa60985f261abebc6ca3ae640bbb68b
7fdf5fb341305db68c4eb14966f744d9ec460bed
9263ff392990470cae15de0bf844593ec52641ec9307c097191af49b7d9bd891
Analyzer Verdict Alert quad9 Sinkholed
GET /21/fe/39/21fe3950f412e026c33f1b6cee613eba.js HTTP/1.1
Host: skiingsettling.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.22.0
Date: Fri, 25 Nov 2022 04:34:33 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 380e14514ce9948de1708f5f0bd5b1d6
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
e1.o.lencr.org/
23.36.76.226200 OK 345 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash daedbf6ef8bc447ac2d08a42d4c4bf9f
2864128c9304bd42925932eda5b14ab62f805081
3d745fbf6d7563deeac08ec38de8db388536ff113a89fd20e8e51d9fd6f200d1
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "3D745FBF6D7563DEEAC08EC38DE8DB388536FF113A89FD20E8E51D9FD6F200D1"
Last-Modified: Tue, 22 Nov 2022 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11865
Expires: Fri, 25 Nov 2022 07:52:18 GMT
Date: Fri, 25 Nov 2022 04:34:33 GMT
Connection: keep-alive
ocsp.pki.goog/gts1c3
142.250.74.35200 OK 472 B IP 142.250.74.35:0
Hash d3d2d21ac304813a16da64921ce18ba4
98b1762c675c61eeb18254986461e6b1074ebc92
af00429c189464ddb8df704dc48035421f943444df6ca17390fb97466c2e7e9b
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 25 Nov 2022 04:34:33 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash b75c00c21f5854618bc06d14b8d83c40
ae14f585ae9682e6c2fad146c12c00ee4d83e8f3
a8e7585e49b01a64520051f8d38f499c8cb82645e3d146e6ca34378eac684e69
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "A8E7585E49B01A64520051F8D38F499C8CB82645E3D146E6CA34378EAC684E69"
Last-Modified: Wed, 23 Nov 2022 16:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4088
Expires: Fri, 25 Nov 2022 05:42:41 GMT
Date: Fri, 25 Nov 2022 04:34:33 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash b75c00c21f5854618bc06d14b8d83c40
ae14f585ae9682e6c2fad146c12c00ee4d83e8f3
a8e7585e49b01a64520051f8d38f499c8cb82645e3d146e6ca34378eac684e69
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "A8E7585E49B01A64520051F8D38F499C8CB82645E3D146E6CA34378EAC684E69"
Last-Modified: Wed, 23 Nov 2022 16:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4088
Expires: Fri, 25 Nov 2022 05:42:41 GMT
Date: Fri, 25 Nov 2022 04:34:33 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash b75c00c21f5854618bc06d14b8d83c40
ae14f585ae9682e6c2fad146c12c00ee4d83e8f3
a8e7585e49b01a64520051f8d38f499c8cb82645e3d146e6ca34378eac684e69
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "A8E7585E49B01A64520051F8D38F499C8CB82645E3D146E6CA34378EAC684E69"
Last-Modified: Wed, 23 Nov 2022 16:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4088
Expires: Fri, 25 Nov 2022 05:42:41 GMT
Date: Fri, 25 Nov 2022 04:34:33 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F00e89fb5-5cb3-4f68-936b-5ee31d6061bc.jpeg
34.120.237.76200 OK 8.0 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F00e89fb5-5cb3-4f68-936b-5ee31d6061bc.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 8b6ee13d43732f7c764a49500d092865
5d15fd672e968d59b541e4d5d0d01cd5e69f4075
fc3623d527147e1c6aab399251ed8d527e6eefdee6ad7183f00df2613498bfe4
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F00e89fb5-5cb3-4f68-936b-5ee31d6061bc.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8006
x-amzn-requestid: 78aab013-df11-464b-a1c7-ee41b7e77b40
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cIB-AHSrIAMFvKw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-637fe38c-4d795f410a57fc2c21d7075d;Sampled=0
x-amzn-remapped-date: Thu, 24 Nov 2022 21:35:08 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: q53jN1uOtSdeThbk2_0UF6Rl3g4_-_TW7uK1_6Z5oDwSTSRk8XRjyQ==
via: 1.1 da5952aa802df39905ceb16592e9698a.cloudfront.net (CloudFront), 1.1 112d82578d402a38d8d02e8b857617e0.cloudfront.net (CloudFront), 1.1 google
date: Thu, 24 Nov 2022 21:35:08 GMT
etag: "5d15fd672e968d59b541e4d5d0d01cd5e69f4075"
content-type: image/jpeg
age: 25165
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
d192r5l88wrng7.cloudfront.net/?rwlrd=961956
54.230.245.16200 OK 113 kB URL HTTP/2 d192r5l88wrng7.cloudfront.net/?rwlrd=961956
IP 54.230.245.16:0
Size 113 kB (112804 bytes)
Hash 54549123ccb5f3ce81037bddff2c4563
1ca7285a5d8bec106b0fb8822131ad7ffe379cec
57be907e23c38a73f4928e9b40e671ffc4ed77bdb0c24e75688db985e7415981
GET /?rwlrd=961956 HTTP/1.1
Host: d192r5l88wrng7.cloudfront.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-length: 112410
date: Fri, 25 Nov 2022 04:34:33 GMT
access-control-allow-origin: *
cache-control: no-store, no-cache, proxy-revalidate, must-revalidate, private, no-transform
content-encoding: gzip
pragma: no-cache
x-cache: Miss from cloudfront
via: 1.1 6a0f63864791329e89a4b233ec4c3a36.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: uYlJrV3etWzkxzC5EKn3zNrjWgnAHyZl2RkVXCYhWi4mH6Dx6PDyiQ==
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F216636c8-4200-4f0d-83d2-8579be32f1ac.jpeg
34.120.237.76200 OK 4.3 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F216636c8-4200-4f0d-83d2-8579be32f1ac.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 648677a7e7bab1896a190d2e5fb7243c
6217a262002244ef3f2e8034076a735cafd9888a
72f2913f7c0770ebab0f2683bdc1ec5a5db8872e8f2c62a8fd5c9178b95dbb06
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F216636c8-4200-4f0d-83d2-8579be32f1ac.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 4270
x-amzn-requestid: 7327f8fb-804b-4d09-83dc-628e35ffa74b
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cIB8xFwXoAMFkqQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-637fe384-33f83cea2c585279140f4f59;Sampled=0
x-amzn-remapped-date: Thu, 24 Nov 2022 21:35:00 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: NLXTbS53l_c-lByM8Ym4_tfOlgP2lB-F1dYxOSfdeEfBSM41X0Cpug==
via: 1.1 e291f351a18746d40754b367095a2872.cloudfront.net (CloudFront), 1.1 d8792dbd3191bbe722eba5b536b979c8.cloudfront.net (CloudFront), 1.1 google
date: Thu, 24 Nov 2022 21:35:01 GMT
etag: "6217a262002244ef3f2e8034076a735cafd9888a"
content-type: image/jpeg
age: 25172
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
ocsp.sca1b.amazontrust.com/
143.204.42.156200 OK 471 B URL HTTP/1.1 ocsp.sca1b.amazontrust.com/
IP 143.204.42.156:0
Hash 5348b4ee74a9c894db836c2b61cc7086
9a65195ea94f2f7326007ad86ca1675010f4c00e
d2c786795613bca9a9bee9143dc278307b828a07b40880cfa20e087895aa359a
POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=124697
Date: Fri, 25 Nov 2022 04:34:33 GMT
Etag: "637f7219-1d7"
Expires: Sat, 26 Nov 2022 15:12:50 GMT
Last-Modified: Thu, 24 Nov 2022 13:31:05 GMT
Server: ECS (dcb/7EA6)
X-Cache: Miss from cloudfront
Via: 1.1 f46f7100ad6fc83a021f62212f945830.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: qG8UJ3aDlR7jn1ziPF0jBGqidMqKtqIARADeklLTf7nBlxuV6sD0oQ==
Age: 6105
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F44e0daff-bc52-4621-aa2f-d9c59da29c1c.jpeg
34.120.237.76200 OK 4.0 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F44e0daff-bc52-4621-aa2f-d9c59da29c1c.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 4006a9037ab5f28dca62b0aa7a704c41
74cb2ccd6ae38b171bfbe5a74f0eccb09aa3836b
556ae6516a1f272a96569a3637858292731a34e82672b682f6e7442ca68f4b1d
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F44e0daff-bc52-4621-aa2f-d9c59da29c1c.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 3955
x-amzn-requestid: 42c8d309-a8d2-47cc-8d97-c7fa3a63f8cd
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cCM9NGJHoAMF4sQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-637d8eba-2a06cda9346bd02c46955444;Sampled=0
x-amzn-remapped-date: Wed, 23 Nov 2022 03:08:42 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: 5MlzpHpq7auKLSAYikINuPAylXI11VJL3xxIJ9Dyub-7rjQaPfg0WQ==
via: 1.1 6ba2a21321beeef65404429d0a4b6380.cloudfront.net (CloudFront), 1.1 7e87179efaa9e3c316bd3d3a74cfded8.cloudfront.net (CloudFront), 1.1 google
date: Fri, 25 Nov 2022 02:07:28 GMT
age: 8825
etag: "74cb2ccd6ae38b171bfbe5a74f0eccb09aa3836b"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F7d60bb22-4a30-4570-8561-eb3a2833a058.jpeg
34.120.237.76200 OK 8.3 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F7d60bb22-4a30-4570-8561-eb3a2833a058.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash f59a591b222397ff0f01c22a0786e660
6a8504212141af411a18ce58960c8bb52e8116ac
624847cfdfcd770d2dee8a2b85f3c7c480cda58ba2aef1135184f3dffc30d1f1
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F7d60bb22-4a30-4570-8561-eb3a2833a058.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8277
x-amzn-requestid: e84a5668-cd91-42af-b6de-5eb694ea56e6
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cIB-KFtmIAMF00Q=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-637fe38d-64513fb257d83b9847c82929;Sampled=0
x-amzn-remapped-date: Thu, 24 Nov 2022 21:35:09 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: rIKW7gaK37mlbk_TUo63AH9-XDOoF3Z-5mGaeOkzmESFLJ3GHz60lA==
via: 1.1 2dc111aa3ead15d061e41a423155a53a.cloudfront.net (CloudFront), 1.1 61bc723adb3b1884ed759711e84e13a8.cloudfront.net (CloudFront), 1.1 google
date: Thu, 24 Nov 2022 21:35:10 GMT
etag: "6a8504212141af411a18ce58960c8bb52e8116ac"
content-type: image/jpeg
age: 25163
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
simplewebanalysis.com/stats
18.185.190.54200 OK 40 B URL HTTP/2 simplewebanalysis.com/stats
IP 18.185.190.54:0
File type ASCII text, with no line terminators
Hash e499c89a7ed56bbc9ed84e86f71c907b
bbd0ce2be91f544f014813c17379e9d26ed075aa
e5c980cce45df1a35d4bdb8a268997c712386321634d49ef1a4c2faca9fa7350
GET /stats HTTP/1.1
Host: simplewebanalysis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://xfantazy.com
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 25 Nov 2022 04:34:33 GMT
content-type: text/html; charset=UTF-8
content-length: 40
server: fasthttp
access-control-allow-origin: https://xfantazy.com
access-control-allow-credentials: true
set-cookie: uid_id2=5ec3dee3-f9ea-424d-9c3b-07c9d3564787:2:1; expires=Mon, 22 Nov 2032 04:34:33 GMT; secure; SameSite=None
X-Firefox-Spdy: h2
ocsp.sca1b.amazontrust.com/
143.204.42.156200 OK 471 B URL HTTP/1.1 ocsp.sca1b.amazontrust.com/
IP 143.204.42.156:0
Hash 5348b4ee74a9c894db836c2b61cc7086
9a65195ea94f2f7326007ad86ca1675010f4c00e
d2c786795613bca9a9bee9143dc278307b828a07b40880cfa20e087895aa359a
POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=122578
Date: Fri, 25 Nov 2022 04:34:33 GMT
Etag: "637f7219-1d7"
Expires: Sat, 26 Nov 2022 14:37:31 GMT
Last-Modified: Thu, 24 Nov 2022 13:31:05 GMT
Server: ECS (bsa/EB20)
X-Cache: Miss from cloudfront
Via: 1.1 d4fd24ae65d4d2b97cfdea8d2f0c21a6.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: cV1v1JjbSH5QdNkhbTVkElB25wIOVU8255YJb-DoTmx_NAAwBn0V5Q==
Age: 3986
simplewebanalysis.com/stats
18.185.190.54200 OK 40 B URL HTTP/2 simplewebanalysis.com/stats
IP 18.185.190.54:0
File type ASCII text, with no line terminators
Hash 639dac7fab97701f3d099ce28969563c
04ac4f5f541515e6aa88d95320e2d425f73730f7
c861f1710e050ee6a555055b56422809892e238a2d47ded41f2087ee0395e970
GET /stats HTTP/1.1
Host: simplewebanalysis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://xfantazy.com
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 25 Nov 2022 04:34:34 GMT
content-type: text/html; charset=UTF-8
content-length: 40
server: fasthttp
access-control-allow-origin: https://xfantazy.com
access-control-allow-credentials: true
set-cookie: uid_id2=d0595856-e3f8-48d6-a6d3-a9c57ab29ee2:2:1; expires=Mon, 22 Nov 2032 04:34:34 GMT; secure; SameSite=None
X-Firefox-Spdy: h2
e1.o.lencr.org/
23.36.76.226200 OK 345 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 4f86e152e080297ee8cba39a80a13e38
f916875bce604836a95a022234321e02b375bb67
0ad073449cdc28013c246ef309c9c3792f582172d4686af74f0b737cb68df6f1
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "0AD073449CDC28013C246EF309C9C3792F582172D4686AF74F0B737CB68DF6F1"
Last-Modified: Wed, 23 Nov 2022 18:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=14758
Expires: Fri, 25 Nov 2022 08:40:32 GMT
Date: Fri, 25 Nov 2022 04:34:34 GMT
Connection: keep-alive
e1.o.lencr.org/
23.36.76.226200 OK 345 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash daedbf6ef8bc447ac2d08a42d4c4bf9f
2864128c9304bd42925932eda5b14ab62f805081
3d745fbf6d7563deeac08ec38de8db388536ff113a89fd20e8e51d9fd6f200d1
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "3D745FBF6D7563DEEAC08EC38DE8DB388536FF113A89FD20E8E51D9FD6F200D1"
Last-Modified: Tue, 22 Nov 2022 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11863
Expires: Fri, 25 Nov 2022 07:52:18 GMT
Date: Fri, 25 Nov 2022 04:34:35 GMT
Connection: keep-alive
e1.o.lencr.org/
23.36.76.226200 OK 345 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 4f86e152e080297ee8cba39a80a13e38
f916875bce604836a95a022234321e02b375bb67
0ad073449cdc28013c246ef309c9c3792f582172d4686af74f0b737cb68df6f1
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "0AD073449CDC28013C246EF309C9C3792F582172D4686AF74F0B737CB68DF6F1"
Last-Modified: Wed, 23 Nov 2022 18:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=14757
Expires: Fri, 25 Nov 2022 08:40:32 GMT
Date: Fri, 25 Nov 2022 04:34:35 GMT
Connection: keep-alive
e1.o.lencr.org/
23.36.76.226200 OK 345 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 4f86e152e080297ee8cba39a80a13e38
f916875bce604836a95a022234321e02b375bb67
0ad073449cdc28013c246ef309c9c3792f582172d4686af74f0b737cb68df6f1
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "0AD073449CDC28013C246EF309C9C3792F582172D4686AF74F0B737CB68DF6F1"
Last-Modified: Wed, 23 Nov 2022 18:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=14757
Expires: Fri, 25 Nov 2022 08:40:32 GMT
Date: Fri, 25 Nov 2022 04:34:35 GMT
Connection: keep-alive
mc.yandex.ru/watch/49415098/1?page-url=https%3A%2F%2Fxfantazy.com%2Fvideo%2F6051542a4ce90e0b3a572b0b%3F&charset=utf-8&hittoken=1669350873_73ef624b1d644b5e2cfedad7294766650f23c2227fe97e18941e4b5ad51202e4&browser-info=pa%3A1%3Aar%3A1%3Agdpr%3A14%3Avf%3A15ly4knov7onia7cw1aby4%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A923%3Acn%3A1%3Adp%3A0%3Als%3A1311919842147%3Ahid%3A65875391%3Az%3A0%3Ai%3A20221125043434%3Aet%3A1669350874%3Ac%3A1%3Arn%3A379714731%3Arqn%3A3%3Au%3A1669350873358294287%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ans%3A1669350870843%3Aadb%3A2%3Arqnl%3A1%3Ast%3A1669350874&t=gdpr(14)mc(p-7-h-1)clc(0-0-0)rqnt(3)aw(1)rqnl(1)ti(2)
77.88.21.119200 OK 43 B URL HTTP/2 mc.yandex.ru/watch/49415098/1?page-url=https%3A%2F%2Fxfantazy.com%2Fvideo%2F6051542a4ce90e0b3a572b0b%3F&charset=utf-8&hittoken=1669350873_73ef624b1d644b5e2cfedad7294766650f23c2227fe97e18941e4b5ad51202e4&browser-info=pa%3A1%3Aar%3A1%3Agdpr%3A14%3Avf%3A15ly4knov7onia7cw1aby4%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A923%3Acn%3A1%3Adp%3A0%3Als%3A1311919842147%3Ahid%3A65875391%3Az%3A0%3Ai%3A20221125043434%3Aet%3A1669350874%3Ac%3A1%3Arn%3A379714731%3Arqn%3A3%3Au%3A1669350873358294287%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ans%3A1669350870843%3Aadb%3A2%3Arqnl%3A1%3Ast%3A1669350874&t=gdpr(14)mc(p-7-h-1)clc(0-0-0)rqnt(3)aw(1)rqnl(1)ti(2)
IP 77.88.21.119:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash df3e567d6f16d040326c7a0ea29a4f41
ea7df583983133b62712b5e73bffbcd45cc53736
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
POST /watch/49415098/1?page-url=https%3A%2F%2Fxfantazy.com%2Fvideo%2F6051542a4ce90e0b3a572b0b%3F&charset=utf-8&hittoken=1669350873_73ef624b1d644b5e2cfedad7294766650f23c2227fe97e18941e4b5ad51202e4&browser-info=pa%3A1%3Aar%3A1%3Agdpr%3A14%3Avf%3A15ly4knov7onia7cw1aby4%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A923%3Acn%3A1%3Adp%3A0%3Als%3A1311919842147%3Ahid%3A65875391%3Az%3A0%3Ai%3A20221125043434%3Aet%3A1669350874%3Ac%3A1%3Arn%3A379714731%3Arqn%3A3%3Au%3A1669350873358294287%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ans%3A1669350870843%3Aadb%3A2%3Arqnl%3A1%3Ast%3A1669350874&t=gdpr(14)mc(p-7-h-1)clc(0-0-0)rqnt(3)aw(1)rqnl(1)ti(2) HTTP/1.1
Host: mc.yandex.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Content-Length: 52
Origin: https://xfantazy.com
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-length: 43
date: Fri, 25 Nov 2022 04:34:35 GMT
access-control-allow-origin: https://xfantazy.com
access-control-allow-credentials: true
pragma: no-cache
x-xss-protection: 1; mode=block
expires: Fri, 25-Nov-2022 04:34:35 GMT
last-modified: Fri, 25-Nov-2022 04:34:35 GMT
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
content-type: image/gif
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
mc.yandex.ru/watch/49415098/1?page-url=https%3A%2F%2Fxfantazy.com%2Fvideo%2F6051542a4ce90e0b3a572b0b%3F&charset=utf-8&hittoken=1669350873_73ef624b1d644b5e2cfedad7294766650f23c2227fe97e18941e4b5ad51202e4&browser-info=pa%3A1%3Aar%3A1%3Agdpr%3A14%3Avf%3A15ly4knov7onia7cw1aby4%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A923%3Acn%3A1%3Adp%3A0%3Als%3A1311919842147%3Ahid%3A65875391%3Az%3A0%3Ai%3A20221125043434%3Aet%3A1669350874%3Ac%3A1%3Arn%3A73931272%3Arqn%3A2%3Au%3A1669350873358294287%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ans%3A1669350870843%3Aadb%3A2%3Arqnl%3A1%3Ast%3A1669350874&t=gdpr(14)mc(p-7-h-1)clc(0-0-0)rqnt(2)aw(1)rqnl(1)ti(2)
77.88.21.119200 OK 43 B URL HTTP/2 mc.yandex.ru/watch/49415098/1?page-url=https%3A%2F%2Fxfantazy.com%2Fvideo%2F6051542a4ce90e0b3a572b0b%3F&charset=utf-8&hittoken=1669350873_73ef624b1d644b5e2cfedad7294766650f23c2227fe97e18941e4b5ad51202e4&browser-info=pa%3A1%3Aar%3A1%3Agdpr%3A14%3Avf%3A15ly4knov7onia7cw1aby4%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A923%3Acn%3A1%3Adp%3A0%3Als%3A1311919842147%3Ahid%3A65875391%3Az%3A0%3Ai%3A20221125043434%3Aet%3A1669350874%3Ac%3A1%3Arn%3A73931272%3Arqn%3A2%3Au%3A1669350873358294287%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ans%3A1669350870843%3Aadb%3A2%3Arqnl%3A1%3Ast%3A1669350874&t=gdpr(14)mc(p-7-h-1)clc(0-0-0)rqnt(2)aw(1)rqnl(1)ti(2)
IP 77.88.21.119:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash df3e567d6f16d040326c7a0ea29a4f41
ea7df583983133b62712b5e73bffbcd45cc53736
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
POST /watch/49415098/1?page-url=https%3A%2F%2Fxfantazy.com%2Fvideo%2F6051542a4ce90e0b3a572b0b%3F&charset=utf-8&hittoken=1669350873_73ef624b1d644b5e2cfedad7294766650f23c2227fe97e18941e4b5ad51202e4&browser-info=pa%3A1%3Aar%3A1%3Agdpr%3A14%3Avf%3A15ly4knov7onia7cw1aby4%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A923%3Acn%3A1%3Adp%3A0%3Als%3A1311919842147%3Ahid%3A65875391%3Az%3A0%3Ai%3A20221125043434%3Aet%3A1669350874%3Ac%3A1%3Arn%3A73931272%3Arqn%3A2%3Au%3A1669350873358294287%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ans%3A1669350870843%3Aadb%3A2%3Arqnl%3A1%3Ast%3A1669350874&t=gdpr(14)mc(p-7-h-1)clc(0-0-0)rqnt(2)aw(1)rqnl(1)ti(2) HTTP/1.1
Host: mc.yandex.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Content-Length: 45
Origin: https://xfantazy.com
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-length: 43
date: Fri, 25 Nov 2022 04:34:35 GMT
access-control-allow-origin: https://xfantazy.com
access-control-allow-credentials: true
pragma: no-cache
x-xss-protection: 1; mode=block
expires: Fri, 25-Nov-2022 04:34:35 GMT
last-modified: Fri, 25-Nov-2022 04:34:35 GMT
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
content-type: image/gif
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
mc.yandex.ru/watch/49415098/1?page-url=https%3A%2F%2Fxfantazy.com%2Fvideo%2F6051542a4ce90e0b3a572b0b%3F&charset=utf-8&hittoken=1669350873_73ef624b1d644b5e2cfedad7294766650f23c2227fe97e18941e4b5ad51202e4&browser-info=pa%3A1%3Aar%3A1%3Agdpr%3A14%3Avf%3A15ly4knov7onia7cw1aby4%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A923%3Acn%3A1%3Adp%3A0%3Als%3A1311919842147%3Ahid%3A65875391%3Az%3A0%3Ai%3A20221125043434%3Aet%3A1669350874%3Ac%3A1%3Arn%3A468123273%3Arqn%3A6%3Au%3A1669350873358294287%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ans%3A1669350870843%3Aadb%3A2%3Arqnl%3A1%3Ast%3A1669350874&t=gdpr(14)mc(p-7-h-1)clc(0-0-0)rqnt(6)aw(1)rqnl(1)ti(2)
77.88.21.119200 OK 43 B URL HTTP/2 mc.yandex.ru/watch/49415098/1?page-url=https%3A%2F%2Fxfantazy.com%2Fvideo%2F6051542a4ce90e0b3a572b0b%3F&charset=utf-8&hittoken=1669350873_73ef624b1d644b5e2cfedad7294766650f23c2227fe97e18941e4b5ad51202e4&browser-info=pa%3A1%3Aar%3A1%3Agdpr%3A14%3Avf%3A15ly4knov7onia7cw1aby4%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A923%3Acn%3A1%3Adp%3A0%3Als%3A1311919842147%3Ahid%3A65875391%3Az%3A0%3Ai%3A20221125043434%3Aet%3A1669350874%3Ac%3A1%3Arn%3A468123273%3Arqn%3A6%3Au%3A1669350873358294287%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ans%3A1669350870843%3Aadb%3A2%3Arqnl%3A1%3Ast%3A1669350874&t=gdpr(14)mc(p-7-h-1)clc(0-0-0)rqnt(6)aw(1)rqnl(1)ti(2)
IP 77.88.21.119:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash df3e567d6f16d040326c7a0ea29a4f41
ea7df583983133b62712b5e73bffbcd45cc53736
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
POST /watch/49415098/1?page-url=https%3A%2F%2Fxfantazy.com%2Fvideo%2F6051542a4ce90e0b3a572b0b%3F&charset=utf-8&hittoken=1669350873_73ef624b1d644b5e2cfedad7294766650f23c2227fe97e18941e4b5ad51202e4&browser-info=pa%3A1%3Aar%3A1%3Agdpr%3A14%3Avf%3A15ly4knov7onia7cw1aby4%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A923%3Acn%3A1%3Adp%3A0%3Als%3A1311919842147%3Ahid%3A65875391%3Az%3A0%3Ai%3A20221125043434%3Aet%3A1669350874%3Ac%3A1%3Arn%3A468123273%3Arqn%3A6%3Au%3A1669350873358294287%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ans%3A1669350870843%3Aadb%3A2%3Arqnl%3A1%3Ast%3A1669350874&t=gdpr(14)mc(p-7-h-1)clc(0-0-0)rqnt(6)aw(1)rqnl(1)ti(2) HTTP/1.1
Host: mc.yandex.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Content-Length: 99
Origin: https://xfantazy.com
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-length: 43
date: Fri, 25 Nov 2022 04:34:35 GMT
access-control-allow-origin: https://xfantazy.com
access-control-allow-credentials: true
pragma: no-cache
x-xss-protection: 1; mode=block
expires: Fri, 25-Nov-2022 04:34:35 GMT
last-modified: Fri, 25-Nov-2022 04:34:35 GMT
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
content-type: image/gif
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
friendshipmale.com/sfp.js
172.64.202.23200 OK 27 kB URL HTTP/2 friendshipmale.com/sfp.js
IP 172.64.202.23:0
File type Unicode text, UTF-8 text, with very long lines (65529), with no line terminators
Hash e7e03604b3ce4c388d505f30039573e3
c38b5b26be9648732efa959e9aa80858ceac27e7
6b029a6aabd032aa6389a5b91acb466611397e0ed4e2bf8891d5543db6e177df
GET /sfp.js HTTP/1.1
Host: friendshipmale.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 25 Nov 2022 04:34:33 GMT
content-type: application/javascript; charset=utf-8
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
access-control-allow-origin: *
expires: Thu, 01 Jan 1970 00:00:01 GMT
cache-control: max-age=14400
x-request-id: abee5be725b4c2dc8d34ca6b926cfd80
strict-transport-security: max-age=0; includeSubdomains
cf-cache-status: EXPIRED
last-modified: Fri, 25 Nov 2022 04:34:33 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=8xnuN%2FpeI23Bxoc3riqoxzEnfyflhgE0OJuXcUOba0evFFTmAJ3d3NFeWm2bllL4x3jyd8wS6kHUXdMnZpONJ1Zwg7kijZDy%2BCP5wZWmHhb4WczqTl0QdJeLlWEFmIYn8Yh0dpE%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 76f7ac31cbc60079-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
mc.yandex.ru/watch/49415098/1?page-url=https%3A%2F%2Fxfantazy.com%2Fvideo%2F6051542a4ce90e0b3a572b0b%3F&charset=utf-8&hittoken=1669350873_73ef624b1d644b5e2cfedad7294766650f23c2227fe97e18941e4b5ad51202e4&browser-info=pa%3A1%3Aar%3A1%3Agdpr%3A14%3Avf%3A15ly4knov7onia7cw1aby4%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A923%3Acn%3A1%3Adp%3A0%3Als%3A1311919842147%3Ahid%3A65875391%3Az%3A0%3Ai%3A20221125043434%3Aet%3A1669350874%3Ac%3A1%3Arn%3A646817413%3Arqn%3A5%3Au%3A1669350873358294287%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ans%3A1669350870843%3Aadb%3A2%3Arqnl%3A1%3Ast%3A1669350874&t=gdpr(14)mc(p-7-h-1)clc(0-0-0)rqnt(5)aw(1)rqnl(1)ti(2)
77.88.21.119200 OK 43 B URL HTTP/2 mc.yandex.ru/watch/49415098/1?page-url=https%3A%2F%2Fxfantazy.com%2Fvideo%2F6051542a4ce90e0b3a572b0b%3F&charset=utf-8&hittoken=1669350873_73ef624b1d644b5e2cfedad7294766650f23c2227fe97e18941e4b5ad51202e4&browser-info=pa%3A1%3Aar%3A1%3Agdpr%3A14%3Avf%3A15ly4knov7onia7cw1aby4%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A923%3Acn%3A1%3Adp%3A0%3Als%3A1311919842147%3Ahid%3A65875391%3Az%3A0%3Ai%3A20221125043434%3Aet%3A1669350874%3Ac%3A1%3Arn%3A646817413%3Arqn%3A5%3Au%3A1669350873358294287%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ans%3A1669350870843%3Aadb%3A2%3Arqnl%3A1%3Ast%3A1669350874&t=gdpr(14)mc(p-7-h-1)clc(0-0-0)rqnt(5)aw(1)rqnl(1)ti(2)
IP 77.88.21.119:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash df3e567d6f16d040326c7a0ea29a4f41
ea7df583983133b62712b5e73bffbcd45cc53736
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
POST /watch/49415098/1?page-url=https%3A%2F%2Fxfantazy.com%2Fvideo%2F6051542a4ce90e0b3a572b0b%3F&charset=utf-8&hittoken=1669350873_73ef624b1d644b5e2cfedad7294766650f23c2227fe97e18941e4b5ad51202e4&browser-info=pa%3A1%3Aar%3A1%3Agdpr%3A14%3Avf%3A15ly4knov7onia7cw1aby4%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A923%3Acn%3A1%3Adp%3A0%3Als%3A1311919842147%3Ahid%3A65875391%3Az%3A0%3Ai%3A20221125043434%3Aet%3A1669350874%3Ac%3A1%3Arn%3A646817413%3Arqn%3A5%3Au%3A1669350873358294287%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ans%3A1669350870843%3Aadb%3A2%3Arqnl%3A1%3Ast%3A1669350874&t=gdpr(14)mc(p-7-h-1)clc(0-0-0)rqnt(5)aw(1)rqnl(1)ti(2) HTTP/1.1
Host: mc.yandex.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Content-Length: 98
Origin: https://xfantazy.com
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-length: 43
date: Fri, 25 Nov 2022 04:34:35 GMT
access-control-allow-origin: https://xfantazy.com
access-control-allow-credentials: true
pragma: no-cache
x-xss-protection: 1; mode=block
expires: Fri, 25-Nov-2022 04:34:35 GMT
last-modified: Fri, 25-Nov-2022 04:34:35 GMT
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
content-type: image/gif
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
e1.o.lencr.org/
23.36.76.226200 OK 345 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 4f86e152e080297ee8cba39a80a13e38
f916875bce604836a95a022234321e02b375bb67
0ad073449cdc28013c246ef309c9c3792f582172d4686af74f0b737cb68df6f1
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "0AD073449CDC28013C246EF309C9C3792F582172D4686AF74F0B737CB68DF6F1"
Last-Modified: Wed, 23 Nov 2022 18:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=14757
Expires: Fri, 25 Nov 2022 08:40:32 GMT
Date: Fri, 25 Nov 2022 04:34:35 GMT
Connection: keep-alive
mc.yandex.ru/watch/49415098/1?page-url=https%3A%2F%2Fxfantazy.com%2Fvideo%2F6051542a4ce90e0b3a572b0b%3F&charset=utf-8&hittoken=1669350873_73ef624b1d644b5e2cfedad7294766650f23c2227fe97e18941e4b5ad51202e4&browser-info=pa%3A1%3Aar%3A1%3Agdpr%3A14%3Avf%3A15ly4knov7onia7cw1aby4%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A923%3Acn%3A1%3Adp%3A0%3Als%3A1311919842147%3Ahid%3A65875391%3Az%3A0%3Ai%3A20221125043434%3Aet%3A1669350874%3Ac%3A1%3Arn%3A701626175%3Arqn%3A7%3Au%3A1669350873358294287%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ans%3A1669350870843%3Aadb%3A2%3Arqnl%3A1%3Ast%3A1669350874&t=gdpr(14)mc(p-7-h-1)clc(0-0-0)rqnt(7)aw(1)rqnl(1)ti(2)
77.88.21.119200 OK 43 B URL HTTP/2 mc.yandex.ru/watch/49415098/1?page-url=https%3A%2F%2Fxfantazy.com%2Fvideo%2F6051542a4ce90e0b3a572b0b%3F&charset=utf-8&hittoken=1669350873_73ef624b1d644b5e2cfedad7294766650f23c2227fe97e18941e4b5ad51202e4&browser-info=pa%3A1%3Aar%3A1%3Agdpr%3A14%3Avf%3A15ly4knov7onia7cw1aby4%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A923%3Acn%3A1%3Adp%3A0%3Als%3A1311919842147%3Ahid%3A65875391%3Az%3A0%3Ai%3A20221125043434%3Aet%3A1669350874%3Ac%3A1%3Arn%3A701626175%3Arqn%3A7%3Au%3A1669350873358294287%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ans%3A1669350870843%3Aadb%3A2%3Arqnl%3A1%3Ast%3A1669350874&t=gdpr(14)mc(p-7-h-1)clc(0-0-0)rqnt(7)aw(1)rqnl(1)ti(2)
IP 77.88.21.119:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash df3e567d6f16d040326c7a0ea29a4f41
ea7df583983133b62712b5e73bffbcd45cc53736
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
POST /watch/49415098/1?page-url=https%3A%2F%2Fxfantazy.com%2Fvideo%2F6051542a4ce90e0b3a572b0b%3F&charset=utf-8&hittoken=1669350873_73ef624b1d644b5e2cfedad7294766650f23c2227fe97e18941e4b5ad51202e4&browser-info=pa%3A1%3Aar%3A1%3Agdpr%3A14%3Avf%3A15ly4knov7onia7cw1aby4%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A923%3Acn%3A1%3Adp%3A0%3Als%3A1311919842147%3Ahid%3A65875391%3Az%3A0%3Ai%3A20221125043434%3Aet%3A1669350874%3Ac%3A1%3Arn%3A701626175%3Arqn%3A7%3Au%3A1669350873358294287%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ans%3A1669350870843%3Aadb%3A2%3Arqnl%3A1%3Ast%3A1669350874&t=gdpr(14)mc(p-7-h-1)clc(0-0-0)rqnt(7)aw(1)rqnl(1)ti(2) HTTP/1.1
Host: mc.yandex.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Content-Length: 98
Origin: https://xfantazy.com
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-length: 43
date: Fri, 25 Nov 2022 04:34:35 GMT
access-control-allow-origin: https://xfantazy.com
access-control-allow-credentials: true
pragma: no-cache
x-xss-protection: 1; mode=block
expires: Fri, 25-Nov-2022 04:34:35 GMT
last-modified: Fri, 25-Nov-2022 04:34:35 GMT
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
content-type: image/gif
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
mc.yandex.ru/watch/49415098/1?page-url=https%3A%2F%2Fxfantazy.com%2Fvideo%2F6051542a4ce90e0b3a572b0b%3F&charset=utf-8&hittoken=1669350873_73ef624b1d644b5e2cfedad7294766650f23c2227fe97e18941e4b5ad51202e4&browser-info=pa%3A1%3Aar%3A1%3Agdpr%3A14%3Avf%3A15ly4knov7onia7cw1aby4%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A923%3Acn%3A1%3Adp%3A0%3Als%3A1311919842147%3Ahid%3A65875391%3Az%3A0%3Ai%3A20221125043434%3Aet%3A1669350874%3Ac%3A1%3Arn%3A15246786%3Arqn%3A9%3Au%3A1669350873358294287%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ans%3A1669350870843%3Anp%3ATGludXggeDg2XzY0%3Aadb%3A2%3Arqnl%3A1%3Ast%3A1669350874&t=gdpr(14)mc(p-7-h-1)clc(0-0-0)rqnt(9)aw(1)rqnl(1)ti(2)
77.88.21.119200 OK 43 B URL HTTP/2 mc.yandex.ru/watch/49415098/1?page-url=https%3A%2F%2Fxfantazy.com%2Fvideo%2F6051542a4ce90e0b3a572b0b%3F&charset=utf-8&hittoken=1669350873_73ef624b1d644b5e2cfedad7294766650f23c2227fe97e18941e4b5ad51202e4&browser-info=pa%3A1%3Aar%3A1%3Agdpr%3A14%3Avf%3A15ly4knov7onia7cw1aby4%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A923%3Acn%3A1%3Adp%3A0%3Als%3A1311919842147%3Ahid%3A65875391%3Az%3A0%3Ai%3A20221125043434%3Aet%3A1669350874%3Ac%3A1%3Arn%3A15246786%3Arqn%3A9%3Au%3A1669350873358294287%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ans%3A1669350870843%3Anp%3ATGludXggeDg2XzY0%3Aadb%3A2%3Arqnl%3A1%3Ast%3A1669350874&t=gdpr(14)mc(p-7-h-1)clc(0-0-0)rqnt(9)aw(1)rqnl(1)ti(2)
IP 77.88.21.119:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash df3e567d6f16d040326c7a0ea29a4f41
ea7df583983133b62712b5e73bffbcd45cc53736
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
POST /watch/49415098/1?page-url=https%3A%2F%2Fxfantazy.com%2Fvideo%2F6051542a4ce90e0b3a572b0b%3F&charset=utf-8&hittoken=1669350873_73ef624b1d644b5e2cfedad7294766650f23c2227fe97e18941e4b5ad51202e4&browser-info=pa%3A1%3Aar%3A1%3Agdpr%3A14%3Avf%3A15ly4knov7onia7cw1aby4%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A923%3Acn%3A1%3Adp%3A0%3Als%3A1311919842147%3Ahid%3A65875391%3Az%3A0%3Ai%3A20221125043434%3Aet%3A1669350874%3Ac%3A1%3Arn%3A15246786%3Arqn%3A9%3Au%3A1669350873358294287%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ans%3A1669350870843%3Anp%3ATGludXggeDg2XzY0%3Aadb%3A2%3Arqnl%3A1%3Ast%3A1669350874&t=gdpr(14)mc(p-7-h-1)clc(0-0-0)rqnt(9)aw(1)rqnl(1)ti(2) HTTP/1.1
Host: mc.yandex.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Content-Length: 39
Origin: https://xfantazy.com
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-length: 43
date: Fri, 25 Nov 2022 04:34:35 GMT
access-control-allow-origin: https://xfantazy.com
access-control-allow-credentials: true
pragma: no-cache
x-xss-protection: 1; mode=block
expires: Fri, 25-Nov-2022 04:34:35 GMT
last-modified: Fri, 25-Nov-2022 04:34:35 GMT
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
content-type: image/gif
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
mc.yandex.ru/watch/49415098/1?page-url=https%3A%2F%2Fxfantazy.com%2Fvideo%2F6051542a4ce90e0b3a572b0b%3F&charset=utf-8&hittoken=1669350873_73ef624b1d644b5e2cfedad7294766650f23c2227fe97e18941e4b5ad51202e4&browser-info=pv%3A1%3Aar%3A1%3Agdpr%3A14%3Avf%3A15ly4knov7onia7cw1aby4%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A923%3Acn%3A1%3Adp%3A0%3Als%3A1311919842147%3Ahid%3A65875391%3Az%3A0%3Ai%3A20221125043434%3Aet%3A1669350874%3Ac%3A1%3Arn%3A700058684%3Arqn%3A8%3Au%3A1669350873358294287%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ans%3A1669350870843%3Aadb%3A2%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1669350874%3At%3Aonline%20xxx%20video%2032%20Pure%20Taboo%20-%20Gia%20Derza%20%7C%20art%20%7C%20hardcore%20porn%20hardcore%20sex%20reporter%20gif%20-%20XFantazy.com&t=gdpr%2814%29mc%28p-7-h-1%29clc%280-0-0%29rqnt%288%29aw%281%29fip%281%29rqnl%281%29ti%282%29
77.88.21.119200 OK 43 B URL HTTP/2 mc.yandex.ru/watch/49415098/1?page-url=https%3A%2F%2Fxfantazy.com%2Fvideo%2F6051542a4ce90e0b3a572b0b%3F&charset=utf-8&hittoken=1669350873_73ef624b1d644b5e2cfedad7294766650f23c2227fe97e18941e4b5ad51202e4&browser-info=pv%3A1%3Aar%3A1%3Agdpr%3A14%3Avf%3A15ly4knov7onia7cw1aby4%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A923%3Acn%3A1%3Adp%3A0%3Als%3A1311919842147%3Ahid%3A65875391%3Az%3A0%3Ai%3A20221125043434%3Aet%3A1669350874%3Ac%3A1%3Arn%3A700058684%3Arqn%3A8%3Au%3A1669350873358294287%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ans%3A1669350870843%3Aadb%3A2%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1669350874%3At%3Aonline%20xxx%20video%2032%20Pure%20Taboo%20-%20Gia%20Derza%20%7C%20art%20%7C%20hardcore%20porn%20hardcore%20sex%20reporter%20gif%20-%20XFantazy.com&t=gdpr%2814%29mc%28p-7-h-1%29clc%280-0-0%29rqnt%288%29aw%281%29fip%281%29rqnl%281%29ti%282%29
IP 77.88.21.119:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash df3e567d6f16d040326c7a0ea29a4f41
ea7df583983133b62712b5e73bffbcd45cc53736
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
GET /watch/49415098/1?page-url=https%3A%2F%2Fxfantazy.com%2Fvideo%2F6051542a4ce90e0b3a572b0b%3F&charset=utf-8&hittoken=1669350873_73ef624b1d644b5e2cfedad7294766650f23c2227fe97e18941e4b5ad51202e4&browser-info=pv%3A1%3Aar%3A1%3Agdpr%3A14%3Avf%3A15ly4knov7onia7cw1aby4%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A923%3Acn%3A1%3Adp%3A0%3Als%3A1311919842147%3Ahid%3A65875391%3Az%3A0%3Ai%3A20221125043434%3Aet%3A1669350874%3Ac%3A1%3Arn%3A700058684%3Arqn%3A8%3Au%3A1669350873358294287%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ans%3A1669350870843%3Aadb%3A2%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1669350874%3At%3Aonline%20xxx%20video%2032%20Pure%20Taboo%20-%20Gia%20Derza%20%7C%20art%20%7C%20hardcore%20porn%20hardcore%20sex%20reporter%20gif%20-%20XFantazy.com&t=gdpr%2814%29mc%28p-7-h-1%29clc%280-0-0%29rqnt%288%29aw%281%29fip%281%29rqnl%281%29ti%282%29 HTTP/1.1
Host: mc.yandex.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://xfantazy.com
Referer: https://xfantazy.com/
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-length: 43
date: Fri, 25 Nov 2022 04:34:35 GMT
access-control-allow-origin: https://xfantazy.com
access-control-allow-credentials: true
pragma: no-cache
x-xss-protection: 1; mode=block
expires: Fri, 25-Nov-2022 04:34:35 GMT
last-modified: Fri, 25-Nov-2022 04:34:35 GMT
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
content-type: image/gif
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 70f8773d7c1eccf4306ad3d53cae01e6
1b2756900ae188b5b8c0eadab8527389ec2c9d2f
3bcde7ef68f8d91ea51c79994968ab6a41b5594055d71823cbf13eb16cdad69c
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "3BCDE7EF68F8D91EA51C79994968AB6A41B5594055D71823CBF13EB16CDAD69C"
Last-Modified: Wed, 23 Nov 2022 19:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3846
Expires: Fri, 25 Nov 2022 05:38:41 GMT
Date: Fri, 25 Nov 2022 04:34:35 GMT
Connection: keep-alive
pemainedperio.com/TGlkaGEtCwcFXi1UBk4UPgVZTVMKTFYuBX1QVhpUIFFcHxMiDlNGAiAGEQwHPgYKHE8iDBBNUwo9MD87DwhXLRQPOhMmNSYCNCINFiABWQV7MQ8MEwgtIS0pNlgGLggeKiYAFgAmNy1YHA4xBCc0GjUqUXwvKh8raVsiP1AvASYRFgE9IxslACgMJQcJKA4sGQIeMQUwKig3IS8qEVAOKh0kDykJdAYlBTApLCwpLQA7ITEoHQYOPAoBJTFaGS4/LFE2LQETMSg7IBAgIAYGMiAoCiszADQvBRQqOH0zCj8lAgYyICgvLicmMCgCUSslfCcTPxYgXjEFTCgwKVoJGQoMAyktLzEsNicvUDspBioyIFgbIzVcMgYOCAY2GA1BWicaByoKMBQRMwtReS0COSA+LjY5Ew89FCcwOx08Cw15DwI9IH8/DylHJhoLBhFxPStbKjYgNjgRFC4qDjc6LA
54.230.111.124200 OK 1.2 kB URL HTTP/2 pemainedperio.com/TGlkaGEtCwcFXi1UBk4UPgVZTVMKTFYuBX1QVhpUIFFcHxMiDlNGAiAGEQwHPgYKHE8iDBBNUwo9MD87DwhXLRQPOhMmNSYCNCINFiABWQV7MQ8MEwgtIS0pNlgGLggeKiYAFgAmNy1YHA4xBCc0GjUqUXwvKh8raVsiP1AvASYRFgE9IxslACgMJQcJKA4sGQIeMQUwKig3IS8qEVAOKh0kDykJdAYlBTApLCwpLQA7ITEoHQYOPAoBJTFaGS4/LFE2LQETMSg7IBAgIAYGMiAoCiszADQvBRQqOH0zCj8lAgYyICgvLicmMCgCUSslfCcTPxYgXjEFTCgwKVoJGQoMAyktLzEsNicvUDspBioyIFgbIzVcMgYOCAY2GA1BWicaByoKMBQRMwtReS0COSA+LjY5Ew89FCcwOx08Cw15DwI9IH8/DylHJhoLBhFxPStbKjYgNjgRFC4qDjc6LA
IP 54.230.111.124:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (3050), with no line terminators
Hash cdadb0f273f45ac5b019f9cde9928bc1
f23e073711f971994cb5e1c18501e6a4f081f96d
d13eed25596ed3cf52e8c4d7b3d03acf8ef2c809b8e98ad253b46aa62aaa6204
GET /TGlkaGEtCwcFXi1UBk4UPgVZTVMKTFYuBX1QVhpUIFFcHxMiDlNGAiAGEQwHPgYKHE8iDBBNUwo9MD87DwhXLRQPOhMmNSYCNCINFiABWQV7MQ8MEwgtIS0pNlgGLggeKiYAFgAmNy1YHA4xBCc0GjUqUXwvKh8raVsiP1AvASYRFgE9IxslACgMJQcJKA4sGQIeMQUwKig3IS8qEVAOKh0kDykJdAYlBTApLCwpLQA7ITEoHQYOPAoBJTFaGS4/LFE2LQETMSg7IBAgIAYGMiAoCiszADQvBRQqOH0zCj8lAgYyICgvLicmMCgCUSslfCcTPxYgXjEFTCgwKVoJGQoMAyktLzEsNicvUDspBioyIFgbIzVcMgYOCAY2GA1BWicaByoKMBQRMwtReS0COSA+LjY5Ew89FCcwOx08Cw15DwI9IH8/DylHJhoLBhFxPStbKjYgNjgRFC4qDjc6LA HTTP/1.1
Host: pemainedperio.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/html
content-length: 1201
date: Fri, 25 Nov 2022 04:34:35 GMT
server: openresty/1.17.8.2
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
content-encoding: gzip
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
x-cache: Miss from cloudfront
via: 1.1 db0992ba349fc51d5151ec8330e36c28.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: jCux9lQUXbNRNT7yYLHtgfuB7EcuqiTiSe7I-GhObvkL_dDZUPD8Jg==
X-Firefox-Spdy: h2
pemainedperio.com/cUdkZ3YQJQcKSRB6BkEDAytZQkQ3YlYhEkB+VhVDHX9cEAQfIFNJFR0oEQMQAygKE1gfIhBCRDceBlcOOyYsIjs4PgcoIhk0CCsgJw4zP0NEEDEpPDstCy8+CX4cIDIwNTwlQkUKMD4SNT4iKDQjEgsDMBkfJR5GHwNUHzw6FAcrIjdyFSw3BhMxCR4HDzYlJTgUPTQxMAoDLDNAAy8/Gh8QIjUSFwAhATEwAgstHkkENwlDRAUDMT0XKQg9JyQBXAUwAj03CUNEDxwANBQpVSknGHYUAkcWDTM/HgIQHik9FykPBjRBN0FVMDIBCCUhHA1RNiAjIwIkW0UJIQAnGyUiCEUpHxxTITQBAQE+GQk1Vk4ADiYIIzIUKR8iJAoUAS4dIzxWTwAXIjE3Vy0XCBgBejU/LEIVFT4xAwQM
54.230.111.124200 OK 1.2 kB URL HTTP/2 pemainedperio.com/cUdkZ3YQJQcKSRB6BkEDAytZQkQ3YlYhEkB+VhVDHX9cEAQfIFNJFR0oEQMQAygKE1gfIhBCRDceBlcOOyYsIjs4PgcoIhk0CCsgJw4zP0NEEDEpPDstCy8+CX4cIDIwNTwlQkUKMD4SNT4iKDQjEgsDMBkfJR5GHwNUHzw6FAcrIjdyFSw3BhMxCR4HDzYlJTgUPTQxMAoDLDNAAy8/Gh8QIjUSFwAhATEwAgstHkkENwlDRAUDMT0XKQg9JyQBXAUwAj03CUNEDxwANBQpVSknGHYUAkcWDTM/HgIQHik9FykPBjRBN0FVMDIBCCUhHA1RNiAjIwIkW0UJIQAnGyUiCEUpHxxTITQBAQE+GQk1Vk4ADiYIIzIUKR8iJAoUAS4dIzxWTwAXIjE3Vy0XCBgBejU/LEIVFT4xAwQM
IP 54.230.111.124:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (3018), with no line terminators
Hash 527c16188e73dceab8a9f4b3b71edb8d
647f75fb9d5f3e167113e1cdac331e46946a17a2
eafe788b69e0e60ba963388c84af9c11f93feb3f1a1913b88646dca9c42016c5
GET /cUdkZ3YQJQcKSRB6BkEDAytZQkQ3YlYhEkB+VhVDHX9cEAQfIFNJFR0oEQMQAygKE1gfIhBCRDceBlcOOyYsIjs4PgcoIhk0CCsgJw4zP0NEEDEpPDstCy8+CX4cIDIwNTwlQkUKMD4SNT4iKDQjEgsDMBkfJR5GHwNUHzw6FAcrIjdyFSw3BhMxCR4HDzYlJTgUPTQxMAoDLDNAAy8/Gh8QIjUSFwAhATEwAgstHkkENwlDRAUDMT0XKQg9JyQBXAUwAj03CUNEDxwANBQpVSknGHYUAkcWDTM/HgIQHik9FykPBjRBN0FVMDIBCCUhHA1RNiAjIwIkW0UJIQAnGyUiCEUpHxxTITQBAQE+GQk1Vk4ADiYIIzIUKR8iJAoUAS4dIzxWTwAXIjE3Vy0XCBgBejU/LEIVFT4xAwQM HTTP/1.1
Host: pemainedperio.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: text/html
content-length: 1173
date: Fri, 25 Nov 2022 04:34:35 GMT
server: openresty/1.17.8.2
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
content-encoding: gzip
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
x-cache: Miss from cloudfront
via: 1.1 db0992ba349fc51d5151ec8330e36c28.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: x6kzgJG8fXvja2Zhiqj0HVfhs7Ss8FGVj8COfJSp-V6ZHePFC0t8UQ==
X-Firefox-Spdy: h2
pemainedperio.com/d21qTTQWDwkgCxZQCGtBBQFXaAYxSFgLUEZUWD8BG1VSOkYZCl1jVxsCHylSBQIEORoZCB5oBjE3DydmAA4veW4gFV4aVyZYDgtxRl4+DG42PDI9Vy8KJyt9NgIgBGYiVSIhDEA9OT5bNiszCHo1WSAcci4ELXxbLzk9KlIgBSQDUkYVPAt2PRc+JX0yLCkIZjQ8Oyl+JRkwD0MYGykYfiAvOXR8ID9SBn4PNzMIYiFVOgxyEjwtOX01Kw0Ffg8/OwVDFFQyOm42JQA9UjUGKA9SGzwvG2E6IDI6bjYvEy5hNgY4G1IjCjgcXzZfPgx2ITwdNVI1BkcMdzgrUgV5IitPf3YjFRoMYyAZIw92FDsmH3IVOz8EfSQsOA9lP1gmD3ExOwwIRCQqOwRGPysZBGIvGlIPYTUrMwhbJC8/fBFFK0wnRxgDGnBlEh8OJn86CDh5
54.230.111.124200 OK 1.2 kB URL HTTP/2 pemainedperio.com/d21qTTQWDwkgCxZQCGtBBQFXaAYxSFgLUEZUWD8BG1VSOkYZCl1jVxsCHylSBQIEORoZCB5oBjE3DydmAA4veW4gFV4aVyZYDgtxRl4+DG42PDI9Vy8KJyt9NgIgBGYiVSIhDEA9OT5bNiszCHo1WSAcci4ELXxbLzk9KlIgBSQDUkYVPAt2PRc+JX0yLCkIZjQ8Oyl+JRkwD0MYGykYfiAvOXR8ID9SBn4PNzMIYiFVOgxyEjwtOX01Kw0Ffg8/OwVDFFQyOm42JQA9UjUGKA9SGzwvG2E6IDI6bjYvEy5hNgY4G1IjCjgcXzZfPgx2ITwdNVI1BkcMdzgrUgV5IitPf3YjFRoMYyAZIw92FDsmH3IVOz8EfSQsOA9lP1gmD3ExOwwIRCQqOwRGPysZBGIvGlIPYTUrMwhbJC8/fBFFK0wnRxgDGnBlEh8OJn86CDh5
IP 54.230.111.124:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (3037), with no line terminators
Hash 195f8264ece24c9d9efc5b7b15d56a33
2b20f6996527b9b885340ce8c085e68077e30ab5
2eb921476c542c3556c68943318362475181e27208b3e17e6ab919b0098c2ff8
GET /d21qTTQWDwkgCxZQCGtBBQFXaAYxSFgLUEZUWD8BG1VSOkYZCl1jVxsCHylSBQIEORoZCB5oBjE3DydmAA4veW4gFV4aVyZYDgtxRl4+DG42PDI9Vy8KJyt9NgIgBGYiVSIhDEA9OT5bNiszCHo1WSAcci4ELXxbLzk9KlIgBSQDUkYVPAt2PRc+JX0yLCkIZjQ8Oyl+JRkwD0MYGykYfiAvOXR8ID9SBn4PNzMIYiFVOgxyEjwtOX01Kw0Ffg8/OwVDFFQyOm42JQA9UjUGKA9SGzwvG2E6IDI6bjYvEy5hNgY4G1IjCjgcXzZfPgx2ITwdNVI1BkcMdzgrUgV5IitPf3YjFRoMYyAZIw92FDsmH3IVOz8EfSQsOA9lP1gmD3ExOwwIRCQqOwRGPysZBGIvGlIPYTUrMwhbJC8/fBFFK0wnRxgDGnBlEh8OJn86CDh5 HTTP/1.1
Host: pemainedperio.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: text/html
content-length: 1188
date: Fri, 25 Nov 2022 04:34:35 GMT
server: openresty/1.17.8.2
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
content-encoding: gzip
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
x-cache: Miss from cloudfront
via: 1.1 db0992ba349fc51d5151ec8330e36c28.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: MOMBSX4Zy3kzRh1qkVtXwNTxyoLUEphIaIAu7zqX95KJPut1X7eFzg==
X-Firefox-Spdy: h2
engingsecondu.com/QW1vUUxuUgwicSQqACgdFlQlCSsxXDlhfRUsJxcbEDtXECkHGkklJSVQVmd9eFhZdzwoCVJifmceGzA4NB5SYGooAwk+cWcbUmFieUNeY2JxSxpsfWcZHzArfFxJITg1AVJgendUXGR8eVpcZHpw
104.21.55.224204 No Content 0 B URL HTTP/2 engingsecondu.com/QW1vUUxuUgwicSQqACgdFlQlCSsxXDlhfRUsJxcbEDtXECkHGkklJSVQVmd9eFhZdzwoCVJifmceGzA4NB5SYGooAwk+cWcbUmFieUNeY2JxSxpsfWcZHzArfFxJITg1AVJgendUXGR8eVpcZHpw
IP 104.21.55.224:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /QW1vUUxuUgwicSQqACgdFlQlCSsxXDlhfRUsJxcbEDtXECkHGkklJSVQVmd9eFhZdzwoCVJifmceGzA4NB5SYGooAwk+cWcbUmFieUNeY2JxSxpsfWcZHzArfFxJITg1AVJgendUXGR8eVpcZHpw HTTP/1.1
Host: engingsecondu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 204 No Content
date: Fri, 25 Nov 2022 04:34:35 GMT
access-control-allow-origin: *
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=n6svrCzp5Fl7AEMCqzJiwmFO4v0c5c4DAKxcMv3L9Q926ylVFIZFrJ9Cw8BroO%2F4niKJO9NElCcO5DyaYuVehph3B0LPpWhrN6Ci2b5UW9WzxmWP9GXWpQzDKctDOBSZK8y12w%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 76f7ac3999f80b59-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
engingsecondu.com/MVlUa3keZjcYRH8BJAQoWzIRPxVzaxU6O3UOOiI4dRxtChxGNnIfEFVkbV1ICGxiTQlYPWlYSxcqIAoNRCppWUkBbnICF1c2aVpfR2RkRUEfaGZFSRcsaVpfRSk1DEQAfyQfDV1kZV1PCGphW0EGamFdTQ
104.21.55.224204 No Content 0 B URL HTTP/2 engingsecondu.com/MVlUa3keZjcYRH8BJAQoWzIRPxVzaxU6O3UOOiI4dRxtChxGNnIfEFVkbV1ICGxiTQlYPWlYSxcqIAoNRCppWUkBbnICF1c2aVpfR2RkRUEfaGZFSRcsaVpfRSk1DEQAfyQfDV1kZV1PCGphW0EGamFdTQ
IP 104.21.55.224:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /MVlUa3keZjcYRH8BJAQoWzIRPxVzaxU6O3UOOiI4dRxtChxGNnIfEFVkbV1ICGxiTQlYPWlYSxcqIAoNRCppWUkBbnICF1c2aVpfR2RkRUEfaGZFSRcsaVpfRSk1DEQAfyQfDV1kZV1PCGphW0EGamFdTQ HTTP/1.1
Host: engingsecondu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 204 No Content
date: Fri, 25 Nov 2022 04:34:35 GMT
access-control-allow-origin: *
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=3%2Fz5xbGAGFUhnbiWc%2BFvt%2BbCJuQ8Wx6GSoc1XC4TL2JM%2F1IwRJS%2BE7Q5LyY8sLUdhmz813v9g%2Bt8%2FZjaK%2FpAsjaXjBiP63J9m%2F8oCUnFe9d5U0dWpLXmH1i%2FMsVNSDzVY0XgSA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 76f7ac3999fc0b59-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
engingsecondu.com/OWVBcDQWWiIDCV0yCyVgUiMCJllrUiQlemoHCRgBaDMXGFFhBmcEXV1YeEYGCVR1VkRQAXxBEkoRIARBSlhwVl1XAy5NEk9YcF4HDUtyQRoIQzRNBR8RMRFTBFRnAEBNCXxBAg9cckUEAVJyRgUP
104.21.55.224204 No Content 0 B URL HTTP/2 engingsecondu.com/OWVBcDQWWiIDCV0yCyVgUiMCJllrUiQlemoHCRgBaDMXGFFhBmcEXV1YeEYGCVR1VkRQAXxBEkoRIARBSlhwVl1XAy5NEk9YcF4HDUtyQRoIQzRNBR8RMRFTBFRnAEBNCXxBAg9cckUEAVJyRgUP
IP 104.21.55.224:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /OWVBcDQWWiIDCV0yCyVgUiMCJllrUiQlemoHCRgBaDMXGFFhBmcEXV1YeEYGCVR1VkRQAXxBEkoRIARBSlhwVl1XAy5NEk9YcF4HDUtyQRoIQzRNBR8RMRFTBFRnAEBNCXxBAg9cckUEAVJyRgUP HTTP/1.1
Host: engingsecondu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 204 No Content
date: Fri, 25 Nov 2022 04:34:35 GMT
access-control-allow-origin: *
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=B2Z4TI5hKGJxttNqE0miefwU5pzNc6InZyYIEOZez%2BCyC2uEJIJKFXhkE%2FcumRNNXs6WjHEElMFLMra4TmILQ8srBekpwcfMTnD54h7dNc2PPkcWXCIs9QUorRZN4x3Yh0wsVw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 76f7ac3999fa0b59-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
engingsecondu.com/d2tTRDFYVDA3DC0GJwdjMQ8LHF89HAkCdxYPPXVaIj1idFUaPnUwWBNWanIDR1phYkEeD251CVEYJyVFAhhudRceBTUrDFEdbnUfR0VhagNRHm51FwMbMiMMRk0jMEUbVmJyB05YZnQJQFhmcwg
104.21.55.224204 No Content 0 B URL HTTP/2 engingsecondu.com/d2tTRDFYVDA3DC0GJwdjMQ8LHF89HAkCdxYPPXVaIj1idFUaPnUwWBNWanIDR1phYkEeD251CVEYJyVFAhhudRceBTUrDFEdbnUfR0VhagNRHm51FwMbMiMMRk0jMEUbVmJyB05YZnQJQFhmcwg
IP 104.21.55.224:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /d2tTRDFYVDA3DC0GJwdjMQ8LHF89HAkCdxYPPXVaIj1idFUaPnUwWBNWanIDR1phYkEeD251CVEYJyVFAhhudRceBTUrDFEdbnUfR0VhagNRHm51FwMbMiMMRk0jMEUbVmJyB05YZnQJQFhmcwg HTTP/1.1
Host: engingsecondu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 204 No Content
date: Fri, 25 Nov 2022 04:34:35 GMT
access-control-allow-origin: *
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=xwMuhjoxMttJLH5uYAE23UPTuzv6%2FGYR66IciqJUwCepkpZHjD1lJf%2B3UBamXGbi4RXjCdanTYKCQ84sNfaM4v7DpLlglxoi6JsRCj%2B5y0%2BtlNlqhSM7Tp3G7rgXb0wQBDpOeQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 76f7ac39a9fe0b59-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
engingsecondu.com/TXlKdHRiRikHSQMUJjciCSgCLCw9Hg41OhwaDSU6CUgyAxYcGmwAHSlEc0JFdEx8UgQkHXdHRmsKPhUAOAp3RkR9TmwdGisWd0VSO0R6WkxjSHhaRGsMd0VSOQkrE0l8XzoAACFEe0JCdEp/REx6TXxCRA
104.21.55.224204 No Content 0 B URL HTTP/2 engingsecondu.com/TXlKdHRiRikHSQMUJjciCSgCLCw9Hg41OhwaDSU6CUgyAxYcGmwAHSlEc0JFdEx8UgQkHXdHRmsKPhUAOAp3RkR9TmwdGisWd0VSO0R6WkxjSHhaRGsMd0VSOQkrE0l8XzoAACFEe0JCdEp/REx6TXxCRA
IP 104.21.55.224:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /TXlKdHRiRikHSQMUJjciCSgCLCw9Hg41OhwaDSU6CUgyAxYcGmwAHSlEc0JFdEx8UgQkHXdHRmsKPhUAOAp3RkR9TmwdGisWd0VSO0R6WkxjSHhaRGsMd0VSOQkrE0l8XzoAACFEe0JCdEp/REx6TXxCRA HTTP/1.1
Host: engingsecondu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://xfantazy.com
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0
TE: trailers
HTTP/2 204 No Content
date: Fri, 25 Nov 2022 04:34:35 GMT
access-control-allow-origin: *
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Chcct3FWzZyQLeWIFpzwL5jKK4vT%2BO7M24NT3jGbbEz62fNOJdl7EWkpjXCGi%2BD4oWPkFgG0t2m87AevOYkjwoSLUZIry7L4qMvR1CpSjtsI3ClNsIeoloV9GK1WiFGU49%2FK%2BA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 76f7ac39ba010b59-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash c2c3b6f01bcf5f0b23525c971d471b78
645ea202a65555a197d287d6b01e492a8dfc4b0a
af1876e84a84e68805ab80adff1a3aff55be92c87af888dda8cb83b85fbb773d
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "AF1876E84A84E68805AB80ADFF1A3AFF55BE92C87AF888DDA8CB83B85FBB773D"
Last-Modified: Thu, 24 Nov 2022 13:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4059
Expires: Fri, 25 Nov 2022 05:42:14 GMT
Date: Fri, 25 Nov 2022 04:34:35 GMT
Connection: keep-alive
d192r5l88wrng7.cloudfront.net/Yb0xJaHEMIycOThslLVVIWX55WUNJJjoHHx9xGDArXB44MTYdDyFOBRUodFhXAy0nD0xJKScLTF5qKAwTUnhvHRBSISYSGAMgKE1DKXlnWFRdfGEfGAEoJh8CSn55BgVKfnlZQUF8bFszSn55HxgBen1NQi1pe1gJWXhsWzNKfnkaB0p/CFlBWmJ5QVRdfC-4NEgQjbFo3XXx4WEFefHhNQ18qIBoUCSMxTUMpfXldX19qPFVA
54.230.245.16200 OK 186 B URL HTTP/2 d192r5l88wrng7.cloudfront.net/Yb0xJaHEMIycOThslLVVIWX55WUNJJjoHHx9xGDArXB44MTYdDyFOBRUodFhXAy0nD0xJKScLTF5qKAwTUnhvHRBSISYSGAMgKE1DKXlnWFRdfGEfGAEoJh8CSn55BgVKfnlZQUF8bFszSn55HxgBen1NQi1pe1gJWXhsWzNKfnkaB0p/CFlBWmJ5QVRdfC-4NEgQjbFo3XXx4WEFefHhNQ18qIBoUCSMxTUMpfXldX19qPFVA
IP 54.230.245.16:0
File type ASCII text, with no line terminators
Hash e0a207ef3d36a204d24734ce085f1379
55ee3db01569c5e3825dfddb4f27f1f503bcacc7
c825e813d8728f5c56841c931885d1513c0759ccca22ec0e46eac50fc5df89b1
GET /Yb0xJaHEMIycOThslLVVIWX55WUNJJjoHHx9xGDArXB44MTYdDyFOBRUodFhXAy0nD0xJKScLTF5qKAwTUnhvHRBSISYSGAMgKE1DKXlnWFRdfGEfGAEoJh8CSn55BgVKfnlZQUF8bFszSn55HxgBen1NQi1pe1gJWXhsWzNKfnkaB0p/CFlBWmJ5QVRdfC-4NEgQjbFo3XXx4WEFefHhNQ18qIBoUCSMxTUMpfXldX19qPFVA HTTP/1.1
Host: d192r5l88wrng7.cloudfront.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://pemainedperio.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-length: 186
date: Fri, 25 Nov 2022 04:34:35 GMT
access-control-allow-origin: *
cache-control: max-age=31556926
content-encoding: gzip
x-cache: Miss from cloudfront
via: 1.1 6a0f63864791329e89a4b233ec4c3a36.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: onngDEFOVnyzh3HeFQwRjGLtSsvhBEvpwrF3zZeTHBkBF_PyPMCPKA==
X-Firefox-Spdy: h2
d192r5l88wrng7.cloudfront.net/TTWZCa3EuCSwNTjkPJlZIe1d7XkdrDDEEHz1bFiRCBhwLOSE9PgUlFxsQB00FNwJ/W1chBywMTGsDLAhMfEAjDxNwUmQfASINfx4fKQMkAh8oAmQeEHALLREYIQojTkMLU2xbVH9WahwYIwItHAJoVHIFBWhUclpBY1ZnWDNoVHIcGCNQdk5CD0NwWwl7Um-dYM2hUchkHaFUDWkF4SHJCVH9WJQ4SJglnWTd/VnNbQXxWc05DfQArGRQrCTpOQwtXcl5ffUA3VkA
54.230.245.16200 OK 332 B URL HTTP/2 d192r5l88wrng7.cloudfront.net/TTWZCa3EuCSwNTjkPJlZIe1d7XkdrDDEEHz1bFiRCBhwLOSE9PgUlFxsQB00FNwJ/W1chBywMTGsDLAhMfEAjDxNwUmQfASINfx4fKQMkAh8oAmQeEHALLREYIQojTkMLU2xbVH9WahwYIwItHAJoVHIFBWhUclpBY1ZnWDNoVHIcGCNQdk5CD0NwWwl7Um-dYM2hUchkHaFUDWkF4SHJCVH9WJQ4SJglnWTd/VnNbQXxWc05DfQArGRQrCTpOQwtXcl5ffUA3VkA
IP 54.230.245.16:0
File type ASCII text, with very long lines (420), with no line terminators
Hash 85347d342ddde5b99d1afcc294044efe
fa6f007670660888936a584af2ad2db13d206015
1fd564326a17456dc0969331f842825e8c079a05958bcd1442fe17aef9825f9c
GET /TTWZCa3EuCSwNTjkPJlZIe1d7XkdrDDEEHz1bFiRCBhwLOSE9PgUlFxsQB00FNwJ/W1chBywMTGsDLAhMfEAjDxNwUmQfASINfx4fKQMkAh8oAmQeEHALLREYIQojTkMLU2xbVH9WahwYIwItHAJoVHIFBWhUclpBY1ZnWDNoVHIcGCNQdk5CD0NwWwl7Um-dYM2hUchkHaFUDWkF4SHJCVH9WJQ4SJglnWTd/VnNbQXxWc05DfQArGRQrCTpOQwtXcl5ffUA3VkA HTTP/1.1
Host: d192r5l88wrng7.cloudfront.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://pemainedperio.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-length: 332
date: Fri, 25 Nov 2022 04:34:35 GMT
access-control-allow-origin: *
cache-control: max-age=31556926
content-encoding: gzip
x-cache: Miss from cloudfront
via: 1.1 6a0f63864791329e89a4b233ec4c3a36.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: IHKXG9o0vD_5_Q_-ydZcD4juw8tqs-Zc-bCgHnbbzhSLuHj4VsuGTw==
X-Firefox-Spdy: h2
d192r5l88wrng7.cloudfront.net/ZejRwcE4ZWx4WcQ5dFE13TAZAQXpcXgMfIAoJIRU8Hl87PSsoAFYENB4JQFYiG1oXTWgfWhNNf1xVFBJzThIEACERCQQdJRtZBwovCUJWBS9HWR8KJxZYEVV8PAFeQGtIBFgHJxRQHwc9XwZAHjpfBkBBflQEVUMMXwZABycUAkRVfTgRQkA2TABVQwxfBk-ACOF8HMUF+TxpAWWtIBBcVLRFbVUIISARBQH5LBEFVfEpSGQIrHFsIVXw8BUBFYEoSBU1/
54.230.245.16200 OK 594 B URL HTTP/2 d192r5l88wrng7.cloudfront.net/ZejRwcE4ZWx4WcQ5dFE13TAZAQXpcXgMfIAoJIRU8Hl87PSsoAFYENB4JQFYiG1oXTWgfWhNNf1xVFBJzThIEACERCQQdJRtZBwovCUJWBS9HWR8KJxZYEVV8PAFeQGtIBFgHJxRQHwc9XwZAHjpfBkBBflQEVUMMXwZABycUAkRVfTgRQkA2TABVQwxfBk-ACOF8HMUF+TxpAWWtIBBcVLRFbVUIISARBQH5LBEFVfEpSGQIrHFsIVXw8BUBFYEoSBU1/
IP 54.230.245.16:0
File type ASCII text, with very long lines (818), with no line terminators
Hash 9ac2709f84aed4fe2a3bda8766c2c331
36950dd4b6e56da45f69a5460faa16aca8400d66
beff21e9130511bff124036ac13b1797023608c1bd76663263b1b12ed9017656
GET /ZejRwcE4ZWx4WcQ5dFE13TAZAQXpcXgMfIAoJIRU8Hl87PSsoAFYENB4JQFYiG1oXTWgfWhNNf1xVFBJzThIEACERCQQdJRtZBwovCUJWBS9HWR8KJxZYEVV8PAFeQGtIBFgHJxRQHwc9XwZAHjpfBkBBflQEVUMMXwZABycUAkRVfTgRQkA2TABVQwxfBk-ACOF8HMUF+TxpAWWtIBBcVLRFbVUIISARBQH5LBEFVfEpSGQIrHFsIVXw8BUBFYEoSBU1/ HTTP/1.1
Host: d192r5l88wrng7.cloudfront.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://pemainedperio.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-length: 594
date: Fri, 25 Nov 2022 04:34:35 GMT
access-control-allow-origin: *
cache-control: max-age=31556926
content-encoding: gzip
x-cache: Miss from cloudfront
via: 1.1 6a0f63864791329e89a4b233ec4c3a36.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: WFm3n3Opnq6P2uLm3gOvCSRPBcWmfZFU1JxyPWP5MTu6-xfb5n8srA==
X-Firefox-Spdy: h2
a.naturalhealthsource.club/api/spots/289411?host=xfantazy.com&ev=197&wh=939&ww=1280&uuid=
135.181.208.216200 OK 0 B URL HTTP/2 a.naturalhealthsource.club/api/spots/289411?host=xfantazy.com&ev=197&wh=939&ww=1280&uuid=
IP 135.181.208.216:0
ASN #24940 Hetzner Online GmbH
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /api/spots/289411?host=xfantazy.com&ev=197&wh=939&ww=1280&uuid= HTTP/1.1
Host: a.naturalhealthsource.club
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 25 Nov 2022 04:34:35 GMT
content-length: 0
set-cookie: nauid=rvtGXWtHTO1ozcgUayK0; Path=/; Expires=Wed, 11 Nov 2037 11:11:11 GMT; Secure; SameSite=None
cache-control: private
X-Firefox-Spdy: h2
a.naturalhealthsource.club/api/spots/380873?host=xfantazy.com&ev=197&wh=939&ww=1280&uuid=
135.181.208.216200 OK 0 B URL HTTP/2 a.naturalhealthsource.club/api/spots/380873?host=xfantazy.com&ev=197&wh=939&ww=1280&uuid=
IP 135.181.208.216:0
ASN #24940 Hetzner Online GmbH
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /api/spots/380873?host=xfantazy.com&ev=197&wh=939&ww=1280&uuid= HTTP/1.1
Host: a.naturalhealthsource.club
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 25 Nov 2022 04:34:35 GMT
content-length: 0
set-cookie: nauid=ZMfKcJkOobCykmcyHSzJ; Path=/; Expires=Wed, 11 Nov 2037 11:11:11 GMT; Secure; SameSite=None
cache-control: private
X-Firefox-Spdy: h2
a.naturalhealthsource.club/api/spots/391860?host=xfantazy.com&ev=197&wh=939&ww=1280&uuid=
135.181.208.216200 OK 0 B URL HTTP/2 a.naturalhealthsource.club/api/spots/391860?host=xfantazy.com&ev=197&wh=939&ww=1280&uuid=
IP 135.181.208.216:0
ASN #24940 Hetzner Online GmbH
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /api/spots/391860?host=xfantazy.com&ev=197&wh=939&ww=1280&uuid= HTTP/1.1
Host: a.naturalhealthsource.club
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 25 Nov 2022 04:34:35 GMT
content-length: 0
set-cookie: nauid=f53T3wN5IPdKkshJoJGX; Path=/; Expires=Wed, 11 Nov 2037 11:11:11 GMT; Secure; SameSite=None
cache-control: private
X-Firefox-Spdy: h2
a.naturalhealthsource.club/api/spots/406858?host=xfantazy.com&ev=197&wh=939&ww=1280&uuid=
135.181.208.216200 OK 0 B URL HTTP/2 a.naturalhealthsource.club/api/spots/406858?host=xfantazy.com&ev=197&wh=939&ww=1280&uuid=
IP 135.181.208.216:0
ASN #24940 Hetzner Online GmbH
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /api/spots/406858?host=xfantazy.com&ev=197&wh=939&ww=1280&uuid= HTTP/1.1
Host: a.naturalhealthsource.club
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 25 Nov 2022 04:34:35 GMT
content-length: 0
set-cookie: nauid=KPnC3FUMOHbRfXMilo2d; Path=/; Expires=Wed, 11 Nov 2037 11:11:11 GMT; Secure; SameSite=None
cache-control: private
X-Firefox-Spdy: h2
lightssyrupdecree.com/4d/0a/fc/4d0afc2425eea6b0cd5a468c9f8a69ed.js
173.233.137.60200 OK 29 kB URL HTTP/1.1 lightssyrupdecree.com/4d/0a/fc/4d0afc2425eea6b0cd5a468c9f8a69ed.js
IP 173.233.137.60:0
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (65536), with no line terminators
Hash ea0d2ba24b25b72c55a3d5577127fe77
dc0b936b38b3dc581478914bec0a85e3e26e6fcf
e469f151b684d830e941baddfab1a5c2f62375a83c8b278f92c020c8cecf0c44
Analyzer Verdict Alert quad9 Sinkholed
GET /4d/0a/fc/4d0afc2425eea6b0cd5a468c9f8a69ed.js HTTP/1.1
Host: lightssyrupdecree.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Fri, 25 Nov 2022 04:34:35 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 83783d652f08a8eb7b8e909576a54bcd
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
reproductiontape.com/01/f7/5a/01f75a95a38a8db0a8e82d995253a076.js
173.233.137.36200 OK 29 kB URL HTTP/1.1 reproductiontape.com/01/f7/5a/01f75a95a38a8db0a8e82d995253a076.js
IP 173.233.137.36:0
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (65536), with no line terminators
Hash 3481dd7c44e9f372ff3822fd63755625
b2bdc7c5d59e24d27309f3802416325abf5836da
43726cc7718a282288aa1c1a3fc1fd470a962dd2ff8f6f48a4701ebce3842f09
Analyzer Verdict Alert fortinet Malware
quad9 Sinkholed
GET /01/f7/5a/01f75a95a38a8db0a8e82d995253a076.js HTTP/1.1
Host: reproductiontape.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Fri, 25 Nov 2022 04:34:35 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: f99fd7e033cc8d03942239846df73487
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
lightssyrupdecree.com/sbar.json?key=a2f990f10476061c719d1c1aa3a2ecd2
173.233.137.60200 OK 4.0 kB URL HTTP/1.1 lightssyrupdecree.com/sbar.json?key=a2f990f10476061c719d1c1aa3a2ecd2
IP 173.233.137.60:0
File type JSON data\012- , ASCII text, with very long lines (5664), with no line terminators
Hash 3749a813efb32386534fef5d8fa99559
4ea6adac0e1afbd81d37820206a305e46e2f6935
2afee4cb02d1537a8928efd0296eda571691f454197e2803268c35384fb72f4c
Analyzer Verdict Alert quad9 Sinkholed
GET /sbar.json?key=a2f990f10476061c719d1c1aa3a2ecd2 HTTP/1.1
Host: lightssyrupdecree.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://xfantazy.com
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Fri, 25 Nov 2022 04:34:35 GMT
Content-Type: text/plain; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: https://xfantazy.com
Access-Control-Allow-Origin: https://xfantazy.com
Access-Control-Allow-Credentials: true
Set-Cookie: u_pl=15600826; expires=Sat, 26 Nov 2022 04:34:35 GMT; secure; SameSite=None
pdhtkv=true; expires=Sat, 26 Nov 2022 04:34:35 GMT; secure; SameSite=None
uncs=1; expires=Sat, 26 Nov 2022 04:34:35 GMT; secure; SameSite=None
pdhtkv29=true; expires=Sat, 26 Nov 2022 04:34:35 GMT; secure; SameSite=None
uncs29=1; expires=Sat, 26 Nov 2022 04:34:35 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 8cb757c829a10ad54057405ff40efbdf
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
reproductiontape.com/sbar.json?key=21fe3950f412e026c33f1b6cee613eba
173.233.137.36200 OK 4.3 kB URL HTTP/1.1 reproductiontape.com/sbar.json?key=21fe3950f412e026c33f1b6cee613eba
IP 173.233.137.36:0
File type JSON data\012- , Unicode text, UTF-8 text, with very long lines (6023), with no line terminators
Hash 1d299b19171bd800078c90e2b42c7c28
482786018cbd785f5819e86fd17b35cdb3a10a07
98831f01671627208e3276eaa4a1bec92b2315b88b8172704d918e71249b223a
Analyzer Verdict Alert fortinet Malware
quad9 Sinkholed
GET /sbar.json?key=21fe3950f412e026c33f1b6cee613eba HTTP/1.1
Host: reproductiontape.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://xfantazy.com
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Fri, 25 Nov 2022 04:34:35 GMT
Content-Type: text/plain; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: https://xfantazy.com
Access-Control-Allow-Origin: https://xfantazy.com
Access-Control-Allow-Credentials: true
Set-Cookie: u_pl=17661735; expires=Sat, 26 Nov 2022 04:34:35 GMT; secure; SameSite=None
pdhtkv=true; expires=Sat, 26 Nov 2022 04:34:35 GMT; secure; SameSite=None
uncs=1; expires=Sat, 26 Nov 2022 04:34:35 GMT; secure; SameSite=None
pdhtkv29=true; expires=Sat, 26 Nov 2022 04:34:35 GMT; secure; SameSite=None
uncs29=1; expires=Sat, 26 Nov 2022 04:34:35 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: b097bbd7c745279b6b0ca54d4dface58
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
lightssyrupdecree.com/ren.gif?sid=H4sIAAAAAAAC%2F1RSTWgkRRSu3o0X9aCyFxFljgoy6Z6fTMY9LMbdSDQmcXcl5%2Bqq6kk51VVNVff0ZEAIuyB7ktmbeup8k2xYDeJeBUEmXiQg2CISxBz05MWLsFdlJgPjPqh676vvHb7vvfp4PzsnPjJ6tvWeGUil6GKz6lde3Zaam9xVNm5XAr%2FqX61sS73UuFrpTy7beyPwm1X%2FtcrbgnXNYs0PfD%2Fwg8qqtCIy%2FcUpC5kct4Nq2682atWg2UDfPold5sFRD7x3Tl6A5OVTOz88gmRj6Pjr68J1U5O8fiPOFE2NRY8ffaC72uQa8byMrIdIH826YVxJyKeXYPTRzAFM72DiAKEsifdrgFAfzWQi7B1eKA0VhEbIn0HeG0OoMSQdg5m7kPwnAjCOjU3o%2BMGGsTndvWDphC3JwuN%2FIPOSLPx%2BBTr%2BakXJfuWWUVkqjXboRwVkfwzZGSPJTpAOPMj8BCy9A8l%2FJIuP16Hjg02nDCQvpu6lHENGYygxBHUessmRHrLIQ5Z4iPlZhTbbke%2B3ojCq15cbjLF6nbHm8hJv8npjOfKRsYm8IdJkCKaGYHYPid1DV94vCblzAJt9B7dTwHEPLi2J9%2F4eerxALghyR5BTglwS5ClB3isOuXI1VzzgymVhMMu1Wa4XI5N29umhSTtCk%2F3knDw%2FHc7fz36Drjir0FrUbvtR4DdaS%2F5SwFpBmwcsoLROa4LxGpwsIN2lqd%2BBLMmVl%2F5AMtnYR%2F8ipCdw6gRMPgeavQyaj1o1H3Rn1Fj2MdDH%2FYjqlA52q8zE4KZAki4g3fX21Tl5caqjffonBDu99vCzSXwOZgsktsCH8nuCjro3umlycnDT5I482kxSGcsBnSzwVkpTcfmLd8Vubixfu%2B6GD99kE2JSHt8WLl2nmkvdceTLFcm5sKvGMkG%2BXXPbItzK3M5KZnWWrG%2B9tboWJ1Y4J40eg8qSkE%2F%2BApMlebr7zvRzvvJLC9KOYbMCcXZKZgFpxmDJHlwy1%2B8MgVXznjDxkGfFyNbC%2BaOSBErMMQ0LuP%2FhcF7vu3voWA80vQsdF%2BjZAj1VgKohXHZ5lCb29NrP9WkgVN4oVNY7CJVV9y%2BG6%2BRZRTQjPxJ%2BTYRRO4xa1OftqNEOaTsQrbBJA6SuZHs3fvsPAAD%2F%2FwEAAP%2F%2FjXDSFHQEAAA%3D
173.233.137.60200 OK 7 B URL HTTP/1.1 lightssyrupdecree.com/ren.gif?sid=H4sIAAAAAAAC%2F1RSTWgkRRSu3o0X9aCyFxFljgoy6Z6fTMY9LMbdSDQmcXcl5%2Bqq6kk51VVNVff0ZEAIuyB7ktmbeup8k2xYDeJeBUEmXiQg2CISxBz05MWLsFdlJgPjPqh676vvHb7vvfp4PzsnPjJ6tvWeGUil6GKz6lde3Zaam9xVNm5XAr%2FqX61sS73UuFrpTy7beyPwm1X%2FtcrbgnXNYs0PfD%2Fwg8qqtCIy%2FcUpC5kct4Nq2682atWg2UDfPold5sFRD7x3Tl6A5OVTOz88gmRj6Pjr68J1U5O8fiPOFE2NRY8ffaC72uQa8byMrIdIH826YVxJyKeXYPTRzAFM72DiAKEsifdrgFAfzWQi7B1eKA0VhEbIn0HeG0OoMSQdg5m7kPwnAjCOjU3o%2BMGGsTndvWDphC3JwuN%2FIPOSLPx%2BBTr%2BakXJfuWWUVkqjXboRwVkfwzZGSPJTpAOPMj8BCy9A8l%2FJIuP16Hjg02nDCQvpu6lHENGYygxBHUessmRHrLIQ5Z4iPlZhTbbke%2B3ojCq15cbjLF6nbHm8hJv8npjOfKRsYm8IdJkCKaGYHYPid1DV94vCblzAJt9B7dTwHEPLi2J9%2F4eerxALghyR5BTglwS5ClB3isOuXI1VzzgymVhMMu1Wa4XI5N29umhSTtCk%2F3knDw%2FHc7fz36Drjir0FrUbvtR4DdaS%2F5SwFpBmwcsoLROa4LxGpwsIN2lqd%2BBLMmVl%2F5AMtnYR%2F8ipCdw6gRMPgeavQyaj1o1H3Rn1Fj2MdDH%2FYjqlA52q8zE4KZAki4g3fX21Tl5caqjffonBDu99vCzSXwOZgsktsCH8nuCjro3umlycnDT5I482kxSGcsBnSzwVkpTcfmLd8Vubixfu%2B6GD99kE2JSHt8WLl2nmkvdceTLFcm5sKvGMkG%2BXXPbItzK3M5KZnWWrG%2B9tboWJ1Y4J40eg8qSkE%2F%2BApMlebr7zvRzvvJLC9KOYbMCcXZKZgFpxmDJHlwy1%2B8MgVXznjDxkGfFyNbC%2BaOSBErMMQ0LuP%2FhcF7vu3voWA80vQsdF%2BjZAj1VgKohXHZ5lCb29NrP9WkgVN4oVNY7CJVV9y%2BG6%2BRZRTQjPxJ%2BTYRRO4xa1OftqNEOaTsQrbBJA6SuZHs3fvsPAAD%2F%2FwEAAP%2F%2FjXDSFHQEAAA%3D
IP 173.233.137.60:0
File type ASCII text, with no line terminators
Hash 132d6af1b46048b45cf86cdee7991d31
eb7007d03d59b65bc6da7e098c4d38fc6dfb6285
ab852e838deccd742a03ca81d4a8d75cf1a00b327db3eaf46bd7da6b6db9384c
Analyzer Verdict Alert quad9 Sinkholed
GET /ren.gif?sid=H4sIAAAAAAAC%2F1RSTWgkRRSu3o0X9aCyFxFljgoy6Z6fTMY9LMbdSDQmcXcl5%2Bqq6kk51VVNVff0ZEAIuyB7ktmbeup8k2xYDeJeBUEmXiQg2CISxBz05MWLsFdlJgPjPqh676vvHb7vvfp4PzsnPjJ6tvWeGUil6GKz6lde3Zaam9xVNm5XAr%2FqX61sS73UuFrpTy7beyPwm1X%2FtcrbgnXNYs0PfD%2Fwg8qqtCIy%2FcUpC5kct4Nq2682atWg2UDfPold5sFRD7x3Tl6A5OVTOz88gmRj6Pjr68J1U5O8fiPOFE2NRY8ffaC72uQa8byMrIdIH826YVxJyKeXYPTRzAFM72DiAKEsifdrgFAfzWQi7B1eKA0VhEbIn0HeG0OoMSQdg5m7kPwnAjCOjU3o%2BMGGsTndvWDphC3JwuN%2FIPOSLPx%2BBTr%2BakXJfuWWUVkqjXboRwVkfwzZGSPJTpAOPMj8BCy9A8l%2FJIuP16Hjg02nDCQvpu6lHENGYygxBHUessmRHrLIQ5Z4iPlZhTbbke%2B3ojCq15cbjLF6nbHm8hJv8npjOfKRsYm8IdJkCKaGYHYPid1DV94vCblzAJt9B7dTwHEPLi2J9%2F4eerxALghyR5BTglwS5ClB3isOuXI1VzzgymVhMMu1Wa4XI5N29umhSTtCk%2F3knDw%2FHc7fz36Drjir0FrUbvtR4DdaS%2F5SwFpBmwcsoLROa4LxGpwsIN2lqd%2BBLMmVl%2F5AMtnYR%2F8ipCdw6gRMPgeavQyaj1o1H3Rn1Fj2MdDH%2FYjqlA52q8zE4KZAki4g3fX21Tl5caqjffonBDu99vCzSXwOZgsktsCH8nuCjro3umlycnDT5I482kxSGcsBnSzwVkpTcfmLd8Vubixfu%2B6GD99kE2JSHt8WLl2nmkvdceTLFcm5sKvGMkG%2BXXPbItzK3M5KZnWWrG%2B9tboWJ1Y4J40eg8qSkE%2F%2BApMlebr7zvRzvvJLC9KOYbMCcXZKZgFpxmDJHlwy1%2B8MgVXznjDxkGfFyNbC%2BaOSBErMMQ0LuP%2FhcF7vu3voWA80vQsdF%2BjZAj1VgKohXHZ5lCb29NrP9WkgVN4oVNY7CJVV9y%2BG6%2BRZRTQjPxJ%2BTYRRO4xa1OftqNEOaTsQrbBJA6SuZHs3fvsPAAD%2F%2FwEAAP%2F%2FjXDSFHQEAAA%3D HTTP/1.1
Host: lightssyrupdecree.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Cookie: u_pl=15600826; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Fri, 25 Nov 2022 04:34:35 GMT
Content-Type: image/gif
Content-Length: 7
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: d897b9c35d32e58954ab55997b6896e4
Strict-Transport-Security: max-age=0; includeSubdomains
reproductiontape.com/ren.gif?sid=H4sIAAAAAAAC%2F1RSz2sbRxSeTVwoDYW25NJDg25toci7%2BmFbzcHUTRxMXdtNUnyemZ2Vph7NLDM7WlmXmgRKDj0otx7Xn%2By4P0JoTu2lEORcWkMh6qGYUkP%2BhkKgtyJZoObBzHvffO%2Fwfe%2FNV%2Fv%2BjITw9HTrU9OTStH5ejksvbctdWxyV9q4XYrCcni1tC31Qu1qqTu%2BbOfDKKyXw%2FdLNwTfMfOVMArDKIxKq9KKxHTnJyxk%2BrARlRthuVYpR%2FUauvZl7HwARwPEnTPyFmQ8eqX162NIPoRu%2F3hNuJ3MpB9cb3tFM2PRiY8%2B1zva5BrtWZnYAIk%2BmnbDuBEh31yA0UdTBzCdg7EDMDkiwZ8RmD6aygTrHJ4rZQpCg8WXkHeGEGoISYfg5i5k%2FIwAPMbGJnT7wYaxOd09Z%2BmYHZG5F%2F9A5iMy9%2Fdl6PajFSW7pVtG%2BUwa7dBNCsjuELI5ROqPkfUCyPwYPLsDGf9O5l%2BsQ7cPNp0ykHExcS%2FlEDIZQok%2BqAvgx0cG8EkAnwZox6clWm8kYbiYsKRaXapxzqtVzutLC3E9rtaWkhCej%2BX1kaV9cNUHt3tI7R525P0RIXcOYP0TuFYBFwdw2YgEn%2B2hExfIBUHuCHJKkEuCPCPIO8VhrFzFFQ9i5TyLprkyzdViYLLmPj00WVNosp%2BekTfHwwle%2F%2FJd7IjTUiVKRLVRD5NaVBFhZYFXq0nEFrgQC1FVMAonC0h3YeK3J0fkSv0SUjkiry4%2FAaPHcOoYXL4B6t8BzQeLlRC0NagthejpnzXNvKWqJajKWs54y0WZK88QmwJpNodsN9hXZ%2BTtycIaP30LwU%2BWf3t%2B49Hl3nNwWyC1Bb6QTwma6t7gpsnJwU2TO%2FJ4M81kW%2FboeJm3MpqJi99%2FInZzY%2BO1a67%2F3Ud8TIzLh7eFy9apjqVuOvLDioxjYVeN5YL8sua2BdvyrrXirfbp%2BtbHq2vt1ArnpNFDUPnMfQ0uR%2BQ1cTj5plee%2Fgtph7C%2BQNufkGlAmiF4ugeXztQ7Q2DVrIelAXJfDGyFzR6VJFBihikr4P6H2azed%2FfQtAFodhe6XaBjC3RUAar6cP7iIEvtyfIf1UmAqWDAlA0OmLLq%2FvlonTwtiXoSJiKsCJY0WLJIw7iR1BqMNiKxyOo0QuZGfO%2F6X%2F8BAAD%2F%2FwEAAP%2F%2FPkGSC34EAAA%3D
173.233.137.36200 OK 7 B URL HTTP/1.1 reproductiontape.com/ren.gif?sid=H4sIAAAAAAAC%2F1RSz2sbRxSeTVwoDYW25NJDg25toci7%2BmFbzcHUTRxMXdtNUnyemZ2Vph7NLDM7WlmXmgRKDj0otx7Xn%2By4P0JoTu2lEORcWkMh6qGYUkP%2BhkKgtyJZoObBzHvffO%2Fwfe%2FNV%2Fv%2BjITw9HTrU9OTStH5ejksvbctdWxyV9q4XYrCcni1tC31Qu1qqTu%2BbOfDKKyXw%2FdLNwTfMfOVMArDKIxKq9KKxHTnJyxk%2BrARlRthuVYpR%2FUauvZl7HwARwPEnTPyFmQ8eqX162NIPoRu%2F3hNuJ3MpB9cb3tFM2PRiY8%2B1zva5BrtWZnYAIk%2BmnbDuBEh31yA0UdTBzCdg7EDMDkiwZ8RmD6aygTrHJ4rZQpCg8WXkHeGEGoISYfg5i5k%2FIwAPMbGJnT7wYaxOd09Z%2BmYHZG5F%2F9A5iMy9%2Fdl6PajFSW7pVtG%2BUwa7dBNCsjuELI5ROqPkfUCyPwYPLsDGf9O5l%2BsQ7cPNp0ykHExcS%2FlEDIZQok%2BqAvgx0cG8EkAnwZox6clWm8kYbiYsKRaXapxzqtVzutLC3E9rtaWkhCej%2BX1kaV9cNUHt3tI7R525P0RIXcOYP0TuFYBFwdw2YgEn%2B2hExfIBUHuCHJKkEuCPCPIO8VhrFzFFQ9i5TyLprkyzdViYLLmPj00WVNosp%2BekTfHwwle%2F%2FJd7IjTUiVKRLVRD5NaVBFhZYFXq0nEFrgQC1FVMAonC0h3YeK3J0fkSv0SUjkiry4%2FAaPHcOoYXL4B6t8BzQeLlRC0NagthejpnzXNvKWqJajKWs54y0WZK88QmwJpNodsN9hXZ%2BTtycIaP30LwU%2BWf3t%2B49Hl3nNwWyC1Bb6QTwma6t7gpsnJwU2TO%2FJ4M81kW%2FboeJm3MpqJi99%2FInZzY%2BO1a67%2F3Ud8TIzLh7eFy9apjqVuOvLDioxjYVeN5YL8sua2BdvyrrXirfbp%2BtbHq2vt1ArnpNFDUPnMfQ0uR%2BQ1cTj5plee%2Fgtph7C%2BQNufkGlAmiF4ugeXztQ7Q2DVrIelAXJfDGyFzR6VJFBihikr4P6H2azed%2FfQtAFodhe6XaBjC3RUAar6cP7iIEvtyfIf1UmAqWDAlA0OmLLq%2FvlonTwtiXoSJiKsCJY0WLJIw7iR1BqMNiKxyOo0QuZGfO%2F6X%2F8BAAD%2F%2FwEAAP%2F%2FPkGSC34EAAA%3D
IP 173.233.137.36:0
File type ASCII text, with no line terminators
Hash 132d6af1b46048b45cf86cdee7991d31
eb7007d03d59b65bc6da7e098c4d38fc6dfb6285
ab852e838deccd742a03ca81d4a8d75cf1a00b327db3eaf46bd7da6b6db9384c
Analyzer Verdict Alert fortinet Malware
quad9 Sinkholed
GET /ren.gif?sid=H4sIAAAAAAAC%2F1RSz2sbRxSeTVwoDYW25NJDg25toci7%2BmFbzcHUTRxMXdtNUnyemZ2Vph7NLDM7WlmXmgRKDj0otx7Xn%2By4P0JoTu2lEORcWkMh6qGYUkP%2BhkKgtyJZoObBzHvffO%2Fwfe%2FNV%2Fv%2BjITw9HTrU9OTStH5ejksvbctdWxyV9q4XYrCcni1tC31Qu1qqTu%2BbOfDKKyXw%2FdLNwTfMfOVMArDKIxKq9KKxHTnJyxk%2BrARlRthuVYpR%2FUauvZl7HwARwPEnTPyFmQ8eqX162NIPoRu%2F3hNuJ3MpB9cb3tFM2PRiY8%2B1zva5BrtWZnYAIk%2BmnbDuBEh31yA0UdTBzCdg7EDMDkiwZ8RmD6aygTrHJ4rZQpCg8WXkHeGEGoISYfg5i5k%2FIwAPMbGJnT7wYaxOd09Z%2BmYHZG5F%2F9A5iMy9%2Fdl6PajFSW7pVtG%2BUwa7dBNCsjuELI5ROqPkfUCyPwYPLsDGf9O5l%2BsQ7cPNp0ykHExcS%2FlEDIZQok%2BqAvgx0cG8EkAnwZox6clWm8kYbiYsKRaXapxzqtVzutLC3E9rtaWkhCej%2BX1kaV9cNUHt3tI7R525P0RIXcOYP0TuFYBFwdw2YgEn%2B2hExfIBUHuCHJKkEuCPCPIO8VhrFzFFQ9i5TyLprkyzdViYLLmPj00WVNosp%2BekTfHwwle%2F%2FJd7IjTUiVKRLVRD5NaVBFhZYFXq0nEFrgQC1FVMAonC0h3YeK3J0fkSv0SUjkiry4%2FAaPHcOoYXL4B6t8BzQeLlRC0NagthejpnzXNvKWqJajKWs54y0WZK88QmwJpNodsN9hXZ%2BTtycIaP30LwU%2BWf3t%2B49Hl3nNwWyC1Bb6QTwma6t7gpsnJwU2TO%2FJ4M81kW%2FboeJm3MpqJi99%2FInZzY%2BO1a67%2F3Ud8TIzLh7eFy9apjqVuOvLDioxjYVeN5YL8sua2BdvyrrXirfbp%2BtbHq2vt1ArnpNFDUPnMfQ0uR%2BQ1cTj5plee%2Fgtph7C%2BQNufkGlAmiF4ugeXztQ7Q2DVrIelAXJfDGyFzR6VJFBihikr4P6H2azed%2FfQtAFodhe6XaBjC3RUAar6cP7iIEvtyfIf1UmAqWDAlA0OmLLq%2FvlonTwtiXoSJiKsCJY0WLJIw7iR1BqMNiKxyOo0QuZGfO%2F6X%2F8BAAD%2F%2FwEAAP%2F%2FPkGSC34EAAA%3D HTTP/1.1
Host: reproductiontape.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Cookie: u_pl=17661735; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Fri, 25 Nov 2022 04:34:35 GMT
Content-Type: image/gif
Content-Length: 7
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 5eaa5a6a0316ecc9a9e7a58f5f0bc54e
Strict-Transport-Security: max-age=0; includeSubdomains
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash e35fa4dae40bd0e50b8721139c5c1e96
29c62a374706992243f28a55ccde2c170e0957f4
906b12ecb187e42e1a0522ad8a6418b1901f7c87adb31afe4b602e3756ade39f
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "906B12ECB187E42E1A0522AD8A6418B1901F7C87ADB31AFE4B602E3756ADE39F"
Last-Modified: Wed, 23 Nov 2022 16:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9333
Expires: Fri, 25 Nov 2022 07:10:09 GMT
Date: Fri, 25 Nov 2022 04:34:36 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash d363aefd1a49a8d1bee47992e20e469c
c6f6d65427abcb94cf47475bcc5eeba92dc5eb88
94a7bd6ac9bd7809afd8615a15a598f0bd81c00d65739193a7d26a1e0b400b49
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "94A7BD6AC9BD7809AFD8615A15A598F0BD81C00D65739193A7D26A1E0B400B49"
Last-Modified: Wed, 23 Nov 2022 16:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2054
Expires: Fri, 25 Nov 2022 05:08:50 GMT
Date: Fri, 25 Nov 2022 04:34:36 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash f46bbbaed40ddd7d66dc07a510d128e6
63f0c610a767c70c337b06cfaa01a7a152249196
9d1088838a00c0d99333fb0e41c67616e11f6df0169d4337a38ac3384e66aca4
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "9D1088838A00C0D99333FB0E41C67616E11F6DF0169D4337A38AC3384E66ACA4"
Last-Modified: Wed, 23 Nov 2022 22:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10886
Expires: Fri, 25 Nov 2022 07:36:02 GMT
Date: Fri, 25 Nov 2022 04:34:36 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash f46bbbaed40ddd7d66dc07a510d128e6
63f0c610a767c70c337b06cfaa01a7a152249196
9d1088838a00c0d99333fb0e41c67616e11f6df0169d4337a38ac3384e66aca4
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "9D1088838A00C0D99333FB0E41C67616E11F6DF0169D4337A38AC3384E66ACA4"
Last-Modified: Wed, 23 Nov 2022 22:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10886
Expires: Fri, 25 Nov 2022 07:36:02 GMT
Date: Fri, 25 Nov 2022 04:34:36 GMT
Connection: keep-alive
e1.o.lencr.org/
23.36.76.226200 OK 345 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 666f0822fa3b2bd37642dc6f1f9b95ea
b082ce304fa32d1afd9eee2c00c4d751d444f730
ea0fd5b59bc464c03f64e107247d245f8b9e65b5ad6593400952e0f978ba5251
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "EA0FD5B59BC464C03F64E107247D245F8B9E65B5AD6593400952E0F978BA5251"
Last-Modified: Thu, 24 Nov 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3366
Expires: Fri, 25 Nov 2022 05:30:42 GMT
Date: Fri, 25 Nov 2022 04:34:36 GMT
Connection: keep-alive
ifknittedhurtful.com/pixel/purst?dl=0&th=0&sc=0&rs=4173&rd=4173&fd=1719&bv=22.10.v.10&tmpl=136
192.243.59.13200 OK 0 B URL HTTP/1.1 ifknittedhurtful.com/pixel/purst?dl=0&th=0&sc=0&rs=4173&rd=4173&fd=1719&bv=22.10.v.10&tmpl=136
IP 192.243.59.13:0
ASN #39572 DataWeb Global Group B.V.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /pixel/purst?dl=0&th=0&sc=0&rs=4173&rd=4173&fd=1719&bv=22.10.v.10&tmpl=136 HTTP/1.1
Host: ifknittedhurtful.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.17.6
Date: Fri, 25 Nov 2022 04:34:36 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
e1.o.lencr.org/
23.36.76.226200 OK 345 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 666f0822fa3b2bd37642dc6f1f9b95ea
b082ce304fa32d1afd9eee2c00c4d751d444f730
ea0fd5b59bc464c03f64e107247d245f8b9e65b5ad6593400952e0f978ba5251
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "EA0FD5B59BC464C03F64E107247D245F8B9E65B5AD6593400952E0F978BA5251"
Last-Modified: Thu, 24 Nov 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3366
Expires: Fri, 25 Nov 2022 05:30:42 GMT
Date: Fri, 25 Nov 2022 04:34:36 GMT
Connection: keep-alive
cdn.barscreative1.com/sb/au/e6/d7/97/e6d797a3a7be0e7ec1877d1b33146dfa/1657714258.html
45.133.44.4200 OK 403 B URL HTTP/2 cdn.barscreative1.com/sb/au/e6/d7/97/e6d797a3a7be0e7ec1877d1b33146dfa/1657714258.html
IP 45.133.44.4:0
ASN #39572 DataWeb Global Group B.V.
File type HTML document, ASCII text
Hash 7af11c609bc1cd0ba8692aac78ce0a48
93a7a4b2afc623533ffec6edf15adab365812b45
eb5b706390e15df5ffe68b8eddf9c1448617ff910c0e49822c0c210c02bed8d8
Analyzer Verdict Alert fortinet Phishing
GET /sb/au/e6/d7/97/e6d797a3a7be0e7ec1877d1b33146dfa/1657714258.html HTTP/1.1
Host: cdn.barscreative1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://xfantazy.com
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 25 Nov 2022 04:34:36 GMT
content-type: text/html; charset=utf-8
server: nginx/1.17.6
last-modified: Wed, 13 Jul 2022 12:11:03 GMT
etag: W/"62ceb657-4a6"
cache-control: max-age=3600
access-control-allow-origin: *
access-control-expose-headers: Date
content-encoding: gzip
expires: Fri, 25 Nov 2022 05:34:36 GMT
x-proxy-cache: HIT
X-Firefox-Spdy: h2
yearbookhobblespinal.com/pixel/purst?dl=0&th=0&sc=0&rs=4317&rd=4317&fd=1787&bv=22.10.v.10&tmpl=136
173.233.137.36200 OK 0 B URL HTTP/1.1 yearbookhobblespinal.com/pixel/purst?dl=0&th=0&sc=0&rs=4317&rd=4317&fd=1787&bv=22.10.v.10&tmpl=136
IP 173.233.137.36:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /pixel/purst?dl=0&th=0&sc=0&rs=4317&rd=4317&fd=1787&bv=22.10.v.10&tmpl=136 HTTP/1.1
Host: yearbookhobblespinal.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Fri, 25 Nov 2022 04:34:36 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
cdn.creative-bars1.com/sb/chat/mob/ssp/v2/new/3/img/close.png
172.64.109.13200 OK 6.0 kB URL HTTP/2 cdn.creative-bars1.com/sb/chat/mob/ssp/v2/new/3/img/close.png
IP 172.64.109.13:0
File type PNG image data, 522 x 391, 8-bit/color RGBA, non-interlaced\012- data
Hash c489ce2c491a22ee37a55e26a92dfd73
2fa588ab09e94dd902e5bd24b48f98ad1949c9d6
1eed147c7d5de6291c25fbc5274830c12d5549262fb144271576d4e15966e5bd
GET /sb/chat/mob/ssp/v2/new/3/img/close.png HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Fri, 25 Nov 2022 04:34:36 GMT
content-type: image/png
content-length: 5982
last-modified: Tue, 05 Jul 2022 10:43:39 GMT
etag: "62c415db-175e"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 830616
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=rYtV%2BtcwRMcYtGCPPBwhwjpuNIE4PNszFeTJTPTlB6LR3puFWX06UKolIci6yl8NdPAxOtMQ6opZOeoE1LeBaKPwY7G9hKmkBfAV3FOv7ov4mvSxfIttYUXKluPUNcb2o0sCHJH1vduL"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 76f7ac4129cbd188-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
reproductiontape.com/pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.barscreative1.com%2Fsb%2Fau%2Fb6%2Fcf%2F48%2Fb6cf48ca3e8ab4bdbcfaa2279b0fb2bc%2F1613726822.html&l=1274&fd=386
173.233.137.36200 OK 0 B URL HTTP/1.1 reproductiontape.com/pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.barscreative1.com%2Fsb%2Fau%2Fb6%2Fcf%2F48%2Fb6cf48ca3e8ab4bdbcfaa2279b0fb2bc%2F1613726822.html&l=1274&fd=386
IP 173.233.137.36:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.barscreative1.com%2Fsb%2Fau%2Fb6%2Fcf%2F48%2Fb6cf48ca3e8ab4bdbcfaa2279b0fb2bc%2F1613726822.html&l=1274&fd=386 HTTP/1.1
Host: reproductiontape.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Cookie: u_pl=17661735; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Fri, 25 Nov 2022 04:34:36 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
cdn.barscreative1.com/sb/au/b6/cf/48/b6cf48ca3e8ab4bdbcfaa2279b0fb2bc/1613726822.html
45.133.44.4200 OK 2.3 kB URL HTTP/2 cdn.barscreative1.com/sb/au/b6/cf/48/b6cf48ca3e8ab4bdbcfaa2279b0fb2bc/1613726822.html
IP 45.133.44.4:0
ASN #39572 DataWeb Global Group B.V.
Hash 9024cad659e2d201b2f906852993e4c5
03d55aab13011a102894cf8547ec7abed2dfb6e4
2b89a7f27d56abecf8a08b1a7205d4eb2caf9498d54a21b1aa63f24d611da5fd
Analyzer Verdict Alert fortinet Phishing
GET /sb/au/b6/cf/48/b6cf48ca3e8ab4bdbcfaa2279b0fb2bc/1613726822.html HTTP/1.1
Host: cdn.barscreative1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://xfantazy.com
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 25 Nov 2022 04:34:36 GMT
content-type: text/html; charset=utf-8
server: nginx/1.17.6
last-modified: Fri, 19 Feb 2021 09:27:09 GMT
etag: W/"602f846d-4fa"
cache-control: max-age=3600
access-control-allow-origin: *
access-control-expose-headers: Date
content-encoding: gzip
expires: Fri, 25 Nov 2022 05:34:36 GMT
x-proxy-cache: HIT
X-Firefox-Spdy: h2
e1.o.lencr.org/
23.36.76.226200 OK 345 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 666f0822fa3b2bd37642dc6f1f9b95ea
b082ce304fa32d1afd9eee2c00c4d751d444f730
ea0fd5b59bc464c03f64e107247d245f8b9e65b5ad6593400952e0f978ba5251
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "EA0FD5B59BC464C03F64E107247D245F8B9E65B5AD6593400952E0F978BA5251"
Last-Modified: Thu, 24 Nov 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3366
Expires: Fri, 25 Nov 2022 05:30:42 GMT
Date: Fri, 25 Nov 2022 04:34:36 GMT
Connection: keep-alive
ocsp.pki.goog/gts1c3
142.250.74.35200 OK 471 B IP 142.250.74.35:0
Hash e61028bc752671cea11924bc1a42a422
b2555d630c063dda53f0e5a84324759e42b48352
23c45f9941b1a476fe0cd4650c9ea13a22e05e5640025e380b13faa4997109ca
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 25 Nov 2022 04:34:36 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.35200 OK 471 B IP 142.250.74.35:0
Hash e61028bc752671cea11924bc1a42a422
b2555d630c063dda53f0e5a84324759e42b48352
23c45f9941b1a476fe0cd4650c9ea13a22e05e5640025e380b13faa4997109ca
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 25 Nov 2022 04:34:36 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 670dda5fda45a89db08867e9109f65b7
2a64bc381f8e795fe7a46a98c3e8add2f1ade404
7c2085a52a32eab3f4ab73c4ab3718cf1e7d67502e83001ce45d2857b37a0755
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5019
Cache-Control: max-age=93334
Content-Type: application/ocsp-response
Date: Fri, 25 Nov 2022 04:34:36 GMT
Etag: "637efbd7-1d7"
Expires: Sat, 26 Nov 2022 06:30:10 GMT
Last-Modified: Thu, 24 Nov 2022 05:06:31 GMT
Server: ECS (ska/F714)
X-Cache: HIT
Content-Length: 471
e1.o.lencr.org/
23.36.76.226200 OK 344 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 3f4a7fb0a46243afcdef495930802d62
979a0675885be263f28e6b3cf9a699c8cdd69f04
6428e7f877dc58c23c7ac0d9597d40db3548026b8e5aa5f5c58706841b45bd1c
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 344
ETag: "6428E7F877DC58C23C7AC0D9597D40DB3548026B8E5AA5F5C58706841B45BD1C"
Last-Modified: Thu, 24 Nov 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4656
Expires: Fri, 25 Nov 2022 05:52:12 GMT
Date: Fri, 25 Nov 2022 04:34:36 GMT
Connection: keep-alive
e1.o.lencr.org/
23.36.76.226200 OK 344 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 3f4a7fb0a46243afcdef495930802d62
979a0675885be263f28e6b3cf9a699c8cdd69f04
6428e7f877dc58c23c7ac0d9597d40db3548026b8e5aa5f5c58706841b45bd1c
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 344
ETag: "6428E7F877DC58C23C7AC0D9597D40DB3548026B8E5AA5F5C58706841B45BD1C"
Last-Modified: Thu, 24 Nov 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4656
Expires: Fri, 25 Nov 2022 05:52:12 GMT
Date: Fri, 25 Nov 2022 04:34:36 GMT
Connection: keep-alive
pemainedperio.com/utx?cb=q89Mg5l7GtyT&top=xfantazy.com&tid=961956
54.230.111.124204 No Content 0 B URL HTTP/2 pemainedperio.com/utx?cb=q89Mg5l7GtyT&top=xfantazy.com&tid=961956
IP 54.230.111.124:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /utx?cb=q89Mg5l7GtyT&top=xfantazy.com&tid=961956 HTTP/1.1
Host: pemainedperio.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://xfantazy.com
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 204 No Content
date: Fri, 25 Nov 2022 04:34:36 GMT
server: openresty/1.17.8.2
access-control-allow-credentials: true
access-control-allow-origin: https://xfantazy.com
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
set-cookie: ut=x; Expires=Fri, 25 Nov 2022 04:35:36 GMT; Max-Age=60
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
x-cache: Miss from cloudfront
via: 1.1 db0992ba349fc51d5151ec8330e36c28.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: 2l6NCM4iQCrTVYVhSDXzqHmU1vNTX2Bf7si1W_2YC-YtYAYRgrxOWw==
X-Firefox-Spdy: h2
accounts.google.com/ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&uilel=3&hl=en&service=mail
216.58.207.237302 Found 392 B URL HTTP/2 accounts.google.com/ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&uilel=3&hl=en&service=mail
IP 216.58.207.237:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (380)
Hash bef9b31187c7c02e6af3f254a1d9c849
774aafcf706244abe3ce5b85e598960446443f9e
c64725807d7f2be93eeeea16935fbce56991d078408786e19b351bcec84f5d37
GET /ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&uilel=3&hl=en&service=mail HTTP/1.1
Host: accounts.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
content-type: text/html; charset=UTF-8
x-frame-options: DENY
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Fri, 25 Nov 2022 04:34:36 GMT
location: https://accounts.google.com/v3/signin/identifier?dsh=S1762565696%3A1669350876466042&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&hl=en&passive=true&service=mail&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&ifkv=ARgdvAuKMlINnnegAqSXpfj8W88ojcwPz27-HzrCAie94nhNxLSE2E5j3VtvSDx3UTDPFROsC_90sw
strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: require-trusted-types-for 'script';report-uri /cspreport, script-src 'nonce-UaaWqGLSrrtZMDt2_VMGUQ' 'unsafe-inline' 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /cspreport
report-to: {"group":"coop_gse_qebhlk","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gse_qebhlk"}]}
cross-origin-opener-policy-report-only: same-origin; report-to="coop_gse_qebhlk"
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 392
server: GSE
set-cookie: __Host-GAPS=1:fNqUNbEuAWvsKZ_1pIhMTnTo1STK6g:_85rVteaVpIB6k0a;Path=/;Expires=Sun, 24-Nov-2024 04:34:36 GMT;Secure;HttpOnly;Priority=HIGH
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 4f6c1497d491ebdec0b24caf356dad1f
6efe847d68565760b80862295cb809e7efee7de8
5a7ebb4a3bfc1046cd3c07cef6bd550f3452c3cf4d48d48e6428473f2de44c51
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "5A7EBB4A3BFC1046CD3C07CEF6BD550F3452C3CF4D48D48E6428473F2DE44C51"
Last-Modified: Wed, 23 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5889
Expires: Fri, 25 Nov 2022 06:12:45 GMT
Date: Fri, 25 Nov 2022 04:34:36 GMT
Connection: keep-alive
pemainedperio.com/utx?cb=WecJwUDqzXJa&top=xfantazy.com&tid=962014
54.230.111.124204 No Content 0 B URL HTTP/2 pemainedperio.com/utx?cb=WecJwUDqzXJa&top=xfantazy.com&tid=962014
IP 54.230.111.124:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /utx?cb=WecJwUDqzXJa&top=xfantazy.com&tid=962014 HTTP/1.1
Host: pemainedperio.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://xfantazy.com
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 204 No Content
date: Fri, 25 Nov 2022 04:34:36 GMT
server: openresty/1.17.8.2
access-control-allow-credentials: true
access-control-allow-origin: https://xfantazy.com
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
set-cookie: ut=x; Expires=Fri, 25 Nov 2022 04:35:36 GMT; Max-Age=60
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
x-cache: Miss from cloudfront
via: 1.1 db0992ba349fc51d5151ec8330e36c28.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: OcyCLi_61ZVNhUTOHiVeYNjParJsLXIux4ui5rqTgkXbzCTGdQadog==
X-Firefox-Spdy: h2
reproductiontape.com/pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fchat%2Fmob%2Fssp%2Fv2%2Fnew%2F3%2Fcss%2Fstyle.css&l=4649&fd=121
173.233.137.36200 OK 0 B URL HTTP/1.1 reproductiontape.com/pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fchat%2Fmob%2Fssp%2Fv2%2Fnew%2F3%2Fcss%2Fstyle.css&l=4649&fd=121
IP 173.233.137.36:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fchat%2Fmob%2Fssp%2Fv2%2Fnew%2F3%2Fcss%2Fstyle.css&l=4649&fd=121 HTTP/1.1
Host: reproductiontape.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Cookie: u_pl=17661735; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Fri, 25 Nov 2022 04:34:36 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
cdn.creative-bars1.com/sb/ssp/utility/social-media/facebook/css/style.css
172.64.109.13200 OK 1.5 kB URL HTTP/2 cdn.creative-bars1.com/sb/ssp/utility/social-media/facebook/css/style.css
IP 172.64.109.13:0
Hash 908dce303e802b45f99455bfa3c26ef2
2f064693d34a6eac3903455fc3de8477c4554e40
60eed66130c70fbeb214c6ab5a7f747cfaaad001a5f10d33d3da7d57f70d6f98
GET /sb/ssp/utility/social-media/facebook/css/style.css HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://xfantazy.com
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Fri, 25 Nov 2022 04:34:36 GMT
content-type: text/css
last-modified: Fri, 27 Aug 2021 12:19:14 GMT
etag: W/"6128d842-18be"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 830574
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=M0Mhwrv%2FnOa3JrAEWr9zitF5088VkjOhT92lWPakLx37eMmwnOsc6%2BW9r%2FeeATyMGHHvTpCNh2%2BkghGgdksL8g2cmfBUdlQORN14HglsoEHIufaL4Q0HGLWIjXnQbapnoYLwK%2BN85K4r"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 76f7ac40e982d188-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
e1.o.lencr.org/
23.36.76.226200 OK 344 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 3f4a7fb0a46243afcdef495930802d62
979a0675885be263f28e6b3cf9a699c8cdd69f04
6428e7f877dc58c23c7ac0d9597d40db3548026b8e5aa5f5c58706841b45bd1c
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 344
ETag: "6428E7F877DC58C23C7AC0D9597D40DB3548026B8E5AA5F5C58706841B45BD1C"
Last-Modified: Thu, 24 Nov 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4656
Expires: Fri, 25 Nov 2022 05:52:12 GMT
Date: Fri, 25 Nov 2022 04:34:36 GMT
Connection: keep-alive
cdn.cloudimagesb.com/si/e2/d0/7c/e2d07cfc54a4a2629ecb06a4ac9d023c/1658144633.jpg
45.133.44.10200 OK 13 kB URL HTTP/2 cdn.cloudimagesb.com/si/e2/d0/7c/e2d07cfc54a4a2629ecb06a4ac9d023c/1658144633.jpg
IP 45.133.44.10:0
ASN #39572 DataWeb Global Group B.V.
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 192x192, components 3\012- data
Hash 9a26092fd440aa10142a9e87e8370c2c
b1c33219c136dc2ee76d081d02f0cb9c15032f41
ef6e3d4a4df9d2c4f104857ab7b5b545e6f3e6c0dda989d6fcd0707513136445
GET /si/e2/d0/7c/e2d07cfc54a4a2629ecb06a4ac9d023c/1658144633.jpg HTTP/1.1
Host: cdn.cloudimagesb.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 25 Nov 2022 04:34:36 GMT
content-type: image/jpeg
content-length: 12632
server: nginx/1.17.6
last-modified: Mon, 18 Jul 2022 11:44:01 GMT
etag: "62d54781-3158"
expires: Sun, 27 Nov 2022 04:34:36 GMT
cache-control: max-age=172800
x-proxy-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 4f6c1497d491ebdec0b24caf356dad1f
6efe847d68565760b80862295cb809e7efee7de8
5a7ebb4a3bfc1046cd3c07cef6bd550f3452c3cf4d48d48e6428473f2de44c51
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "5A7EBB4A3BFC1046CD3C07CEF6BD550F3452C3CF4D48D48E6428473F2DE44C51"
Last-Modified: Wed, 23 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5889
Expires: Fri, 25 Nov 2022 06:12:45 GMT
Date: Fri, 25 Nov 2022 04:34:36 GMT
Connection: keep-alive
accounts.google.com/ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&uilel=3&hl=en&service=youtube
216.58.207.237302 Found 396 B URL HTTP/2 accounts.google.com/ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&uilel=3&hl=en&service=youtube
IP 216.58.207.237:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (383)
Hash eb22724928c1c8baa35c84fffba530b6
3b1c6fd91acdaed05a02a2bdf62a48e48e448141
2bbf933d692a5b72f81691439596212de8c55bbe1d5b91a8b6ca1ee7185d7863
GET /ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&uilel=3&hl=en&service=youtube HTTP/1.1
Host: accounts.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
content-type: text/html; charset=UTF-8
x-frame-options: DENY
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Fri, 25 Nov 2022 04:34:36 GMT
location: https://accounts.google.com/v3/signin/identifier?dsh=S739132518%3A1669350876512461&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&hl=en&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&ifkv=ARgdvAtdY394USLNuGW5AxEi5wY5XNLzux5XmXlxcXUpdWFNz1yOtw7GVcS1u-YMBveF5Li5CZ10sQ
strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: script-src 'nonce-H1i2ZkTGQkz4aQfWcgRFpQ' 'unsafe-inline' 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /cspreport, require-trusted-types-for 'script';report-uri /cspreport
report-to: {"group":"coop_gse_qebhlk","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gse_qebhlk"}]}
cross-origin-opener-policy-report-only: same-origin; report-to="coop_gse_qebhlk"
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 396
server: GSE
set-cookie: __Host-GAPS=1:mjGoTg2qZxV7s5gA9M5j1eM3shrWoQ:vr94IqtOoVUCIZ47;Path=/;Expires=Sun, 24-Nov-2024 04:34:36 GMT;Secure;HttpOnly;Priority=HIGH
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.35200 OK 472 B IP 142.250.74.35:0
Hash 65992aeb8efb9a0b8fd59687090733fe
526a2afccc93d32849185d153fafe44b72797df9
b6677984b6c3602d7b62df776158c09a3e57eec4c0edbddafb0624200715f10e
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 25 Nov 2022 04:34:36 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
e1.o.lencr.org/
23.36.76.226200 OK 344 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 3f4a7fb0a46243afcdef495930802d62
979a0675885be263f28e6b3cf9a699c8cdd69f04
6428e7f877dc58c23c7ac0d9597d40db3548026b8e5aa5f5c58706841b45bd1c
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 344
ETag: "6428E7F877DC58C23C7AC0D9597D40DB3548026B8E5AA5F5C58706841B45BD1C"
Last-Modified: Thu, 24 Nov 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4656
Expires: Fri, 25 Nov 2022 05:52:12 GMT
Date: Fri, 25 Nov 2022 04:34:36 GMT
Connection: keep-alive
reproductiontape.com/pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fssp%2Futility%2Fsocial-media%2Ffacebook%2Fcss%2Fanimate.css&l=79245&fd=55
173.233.137.36200 OK 0 B URL HTTP/1.1 reproductiontape.com/pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fssp%2Futility%2Fsocial-media%2Ffacebook%2Fcss%2Fanimate.css&l=79245&fd=55
IP 173.233.137.36:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fssp%2Futility%2Fsocial-media%2Ffacebook%2Fcss%2Fanimate.css&l=79245&fd=55 HTTP/1.1
Host: reproductiontape.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Cookie: u_pl=17661735; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Fri, 25 Nov 2022 04:34:36 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
cdn.cloudimagesb.com/si/65/47/65/654765e3c493cad95a71028b28aea4d4/1668237264.png
45.133.44.10200 OK 65 kB URL HTTP/2 cdn.cloudimagesb.com/si/65/47/65/654765e3c493cad95a71028b28aea4d4/1668237264.png
IP 45.133.44.10:0
ASN #39572 DataWeb Global Group B.V.
File type PNG image data, 192 x 192, 8-bit/color RGBA, non-interlaced\012- data
Hash 87430aa60e4fe605f0d87d7017e3cf31
e1025f730c3d0bd208cb6a356531a4e38a383d84
c7a1680fdc7106832194d6778708487878fe653929d55a8a55a35ea57aa1f499
GET /si/65/47/65/654765e3c493cad95a71028b28aea4d4/1668237264.png HTTP/1.1
Host: cdn.cloudimagesb.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 25 Nov 2022 04:34:36 GMT
content-type: image/png
content-length: 65033
server: nginx/1.17.6
last-modified: Sat, 12 Nov 2022 07:14:33 GMT
etag: "636f47d9-fe09"
expires: Sun, 27 Nov 2022 04:34:36 GMT
cache-control: max-age=172800
x-proxy-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
reproductiontape.com/pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fssp%2Futility%2Fsocial-media%2Ffacebook%2Fjs%2Fscript.js&l=444&fd=53
173.233.137.36200 OK 0 B URL HTTP/1.1 reproductiontape.com/pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fssp%2Futility%2Fsocial-media%2Ffacebook%2Fjs%2Fscript.js&l=444&fd=53
IP 173.233.137.36:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fssp%2Futility%2Fsocial-media%2Ffacebook%2Fjs%2Fscript.js&l=444&fd=53 HTTP/1.1
Host: reproductiontape.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Cookie: u_pl=17661735; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Fri, 25 Nov 2022 04:34:36 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 670dda5fda45a89db08867e9109f65b7
2a64bc381f8e795fe7a46a98c3e8add2f1ade404
7c2085a52a32eab3f4ab73c4ab3718cf1e7d67502e83001ce45d2857b37a0755
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5019
Cache-Control: max-age=93334
Content-Type: application/ocsp-response
Date: Fri, 25 Nov 2022 04:34:36 GMT
Etag: "637efbd7-1d7"
Expires: Sat, 26 Nov 2022 06:30:10 GMT
Last-Modified: Thu, 24 Nov 2022 05:06:31 GMT
Server: ECS (ska/F714)
X-Cache: HIT
Content-Length: 471
cdn.creative-bars1.com/sb/ssp/utility/social-media/facebook/css/animate.css
172.64.109.13200 OK 6.0 kB URL HTTP/2 cdn.creative-bars1.com/sb/ssp/utility/social-media/facebook/css/animate.css
IP 172.64.109.13:0
Hash 361ac70cea67f094113ad9d279ecd445
326a4592449302b702e5986f3e8a51b7674b1608
096c9ac6cc3a547f2016cfd62f583729184e616636dc868644ea4ce933c43981
GET /sb/ssp/utility/social-media/facebook/css/animate.css HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://xfantazy.com
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Fri, 25 Nov 2022 04:34:36 GMT
content-type: text/css
last-modified: Sat, 20 Feb 2021 08:44:40 GMT
etag: W/"6030cbf8-1358d"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 830574
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=bXaEYXfRrbUo8LoO8Dc9l3qYapyfe%2FVTK8tjLYthuaKIz7Z0jorSsib05FuFWMHENWRMO3GSRwvmzi6dhSBiWT3KaSJFF2mgDioAkY3KWCpSgfhr0tK5G6w8BxhZ2lJ3S3hlRijhSuAl"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 76f7ac40e985d188-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
reproductiontape.com/pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fchat%2Fmob%2Fssp%2Fv2%2Fnew%2F3%2Fcss%2Fanimate.css&l=79313&fd=133
173.233.137.36200 OK 0 B URL HTTP/1.1 reproductiontape.com/pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fchat%2Fmob%2Fssp%2Fv2%2Fnew%2F3%2Fcss%2Fanimate.css&l=79313&fd=133
IP 173.233.137.36:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fchat%2Fmob%2Fssp%2Fv2%2Fnew%2F3%2Fcss%2Fanimate.css&l=79313&fd=133 HTTP/1.1
Host: reproductiontape.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Cookie: u_pl=17661735; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Fri, 25 Nov 2022 04:34:36 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
reproductiontape.com/pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fchat%2Fmob%2Fssp%2Fv2%2Fnew%2F3%2Fjs%2Fscript.js&l=383&fd=42
173.233.137.36200 OK 0 B URL HTTP/1.1 reproductiontape.com/pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fchat%2Fmob%2Fssp%2Fv2%2Fnew%2F3%2Fjs%2Fscript.js&l=383&fd=42
IP 173.233.137.36:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fchat%2Fmob%2Fssp%2Fv2%2Fnew%2F3%2Fjs%2Fscript.js&l=383&fd=42 HTTP/1.1
Host: reproductiontape.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Cookie: u_pl=17661735; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Fri, 25 Nov 2022 04:34:36 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
lightssyrupdecree.com/impr.gif?sid=H4sIAAAAAAAC%2F1RST2gkxReu3t3f5acHlb2IKHNUkEn3%2FMnMuIfFuBuJxiTuruRcXVU9Kae6qqnqnp4MCGEXZE8ye1NPnW%2BSDatB3KsgyMSLBARbRIKYg568eBH2qsxkYPRB1Xtffe%2Fwfe%2FVh%2FvZOfGR0bOtd8xQKkWXmlW%2F8vK21NzkrrJxpxL4Vf9aZVvq5ca1ymB62f5rgd%2Bs%2Bq9U3hSsZ5ZqfuD7gR9UVqUVkRkszVjI5LgTVDt%2BtVGrBs0GBva%2F2GUeHPXA%2B%2BfkOUhe%2Fm%2Fnu8eQbAIdf3lDuF5qkldvxpmiqbHo86P3dE%2BbXCNelJH1EOmjeTeMKwn5%2BBKMPpo7gOkfTB0glCXxfg4Q6qO5TIT9wwuloYLQCPlTyPsTCDWBpBMwcw%2BS%2F0AAxrGxCR0%2F3DA2p7sXLJ2yJbny5C%2FIvCRXfr0KHX%2BxouSgctuoLJVGOwyiAnIwgexOkGQnSIceZH4Clt6F5N%2BTpSfr0PHBplMGkhcz91JOIKMJlBiBOg%2FZ9EgPWeQhSzzE%2FKxCm53I91tRGNXr7QZjrF5nrNle5k1eb7QjHxmbyhshTUZgagRm95DYPfTkg5KQuwew2TdwOwUc9%2BDSknjv7qHPC%2BSCIHcEOSXIJUGeEuT94pArV3PFQ65cFgbzXJvnejE2aXefHpq0KzTZT87Js7Ph%2FPn0V%2BiJswqtRZ2OHwV%2Bo7XsLwesFXR4wAJK67QmGK%2FByQLSXZr5HcqSXH3hNyTTjX3wN0J6AqdOwOQzoNmLoPm4VfNBd8aNto%2BhPh5EVKd0uFtlJgY3BZL0CtJdb1%2Bdk%2BdnOjqnv0Ow0%2BuPPpnGp2C2QGILvC%2B%2FJeiq%2B%2BNbJicHt0zuyOPNJJWxHNLpAm%2BnNBWXP3tb7ObG8rUbbvTodTYlpuXxHeHSdaq51F1HPl%2BRnAu7aiwT5Os1ty3CrcztrGRWZ8n61hura3FihXPS6AmoLAn56A8wWZL%2F996afc6XfmpB2glsViDOTsk8IM0ELNmDSxb6nSGwatETJh7yrBjbWrh4VJJAiQWmYQH3Lxwu6n13H13rgab3oOMCfVugrwpQNYLLLo%2FTxJ5e%2F7E%2BC4TKG4fKegehsurBxXCdPKs0g4Zoh%2B0W4zwUjAetWr1d9%2F0a541WRwQdpK5kezd%2F%2BQcAAP%2F%2FAQAA%2F%2F%2BZeFzydAQAAA%3D%3D
173.233.137.60200 OK 7 B URL HTTP/1.1 lightssyrupdecree.com/impr.gif?sid=H4sIAAAAAAAC%2F1RST2gkxReu3t3f5acHlb2IKHNUkEn3%2FMnMuIfFuBuJxiTuruRcXVU9Kae6qqnqnp4MCGEXZE8ye1NPnW%2BSDatB3KsgyMSLBARbRIKYg568eBH2qsxkYPRB1Xtffe%2Fwfe%2FVh%2FvZOfGR0bOtd8xQKkWXmlW%2F8vK21NzkrrJxpxL4Vf9aZVvq5ca1ymB62f5rgd%2Bs%2Bq9U3hSsZ5ZqfuD7gR9UVqUVkRkszVjI5LgTVDt%2BtVGrBs0GBva%2F2GUeHPXA%2B%2BfkOUhe%2Fm%2Fnu8eQbAIdf3lDuF5qkldvxpmiqbHo86P3dE%2BbXCNelJH1EOmjeTeMKwn5%2BBKMPpo7gOkfTB0glCXxfg4Q6qO5TIT9wwuloYLQCPlTyPsTCDWBpBMwcw%2BS%2F0AAxrGxCR0%2F3DA2p7sXLJ2yJbny5C%2FIvCRXfr0KHX%2BxouSgctuoLJVGOwyiAnIwgexOkGQnSIceZH4Clt6F5N%2BTpSfr0PHBplMGkhcz91JOIKMJlBiBOg%2FZ9EgPWeQhSzzE%2FKxCm53I91tRGNXr7QZjrF5nrNle5k1eb7QjHxmbyhshTUZgagRm95DYPfTkg5KQuwew2TdwOwUc9%2BDSknjv7qHPC%2BSCIHcEOSXIJUGeEuT94pArV3PFQ65cFgbzXJvnejE2aXefHpq0KzTZT87Js7Ph%2FPn0V%2BiJswqtRZ2OHwV%2Bo7XsLwesFXR4wAJK67QmGK%2FByQLSXZr5HcqSXH3hNyTTjX3wN0J6AqdOwOQzoNmLoPm4VfNBd8aNto%2BhPh5EVKd0uFtlJgY3BZL0CtJdb1%2Bdk%2BdnOjqnv0Ow0%2BuPPpnGp2C2QGILvC%2B%2FJeiq%2B%2BNbJicHt0zuyOPNJJWxHNLpAm%2BnNBWXP3tb7ObG8rUbbvTodTYlpuXxHeHSdaq51F1HPl%2BRnAu7aiwT5Os1ty3CrcztrGRWZ8n61hura3FihXPS6AmoLAn56A8wWZL%2F996afc6XfmpB2glsViDOTsk8IM0ELNmDSxb6nSGwatETJh7yrBjbWrh4VJJAiQWmYQH3Lxwu6n13H13rgab3oOMCfVugrwpQNYLLLo%2FTxJ5e%2F7E%2BC4TKG4fKegehsurBxXCdPKs0g4Zoh%2B0W4zwUjAetWr1d9%2F0a541WRwQdpK5kezd%2F%2BQcAAP%2F%2FAQAA%2F%2F%2BZeFzydAQAAA%3D%3D
IP 173.233.137.60:0
File type ASCII text, with no line terminators
Hash 132d6af1b46048b45cf86cdee7991d31
eb7007d03d59b65bc6da7e098c4d38fc6dfb6285
ab852e838deccd742a03ca81d4a8d75cf1a00b327db3eaf46bd7da6b6db9384c
Analyzer Verdict Alert quad9 Sinkholed
GET /impr.gif?sid=H4sIAAAAAAAC%2F1RST2gkxReu3t3f5acHlb2IKHNUkEn3%2FMnMuIfFuBuJxiTuruRcXVU9Kae6qqnqnp4MCGEXZE8ye1NPnW%2BSDatB3KsgyMSLBARbRIKYg568eBH2qsxkYPRB1Xtffe%2Fwfe%2FVh%2FvZOfGR0bOtd8xQKkWXmlW%2F8vK21NzkrrJxpxL4Vf9aZVvq5ca1ymB62f5rgd%2Bs%2Bq9U3hSsZ5ZqfuD7gR9UVqUVkRkszVjI5LgTVDt%2BtVGrBs0GBva%2F2GUeHPXA%2B%2BfkOUhe%2Fm%2Fnu8eQbAIdf3lDuF5qkldvxpmiqbHo86P3dE%2BbXCNelJH1EOmjeTeMKwn5%2BBKMPpo7gOkfTB0glCXxfg4Q6qO5TIT9wwuloYLQCPlTyPsTCDWBpBMwcw%2BS%2F0AAxrGxCR0%2F3DA2p7sXLJ2yJbny5C%2FIvCRXfr0KHX%2BxouSgctuoLJVGOwyiAnIwgexOkGQnSIceZH4Clt6F5N%2BTpSfr0PHBplMGkhcz91JOIKMJlBiBOg%2FZ9EgPWeQhSzzE%2FKxCm53I91tRGNXr7QZjrF5nrNle5k1eb7QjHxmbyhshTUZgagRm95DYPfTkg5KQuwew2TdwOwUc9%2BDSknjv7qHPC%2BSCIHcEOSXIJUGeEuT94pArV3PFQ65cFgbzXJvnejE2aXefHpq0KzTZT87Js7Ph%2FPn0V%2BiJswqtRZ2OHwV%2Bo7XsLwesFXR4wAJK67QmGK%2FByQLSXZr5HcqSXH3hNyTTjX3wN0J6AqdOwOQzoNmLoPm4VfNBd8aNto%2BhPh5EVKd0uFtlJgY3BZL0CtJdb1%2Bdk%2BdnOjqnv0Ow0%2BuPPpnGp2C2QGILvC%2B%2FJeiq%2B%2BNbJicHt0zuyOPNJJWxHNLpAm%2BnNBWXP3tb7ObG8rUbbvTodTYlpuXxHeHSdaq51F1HPl%2BRnAu7aiwT5Os1ty3CrcztrGRWZ8n61hura3FihXPS6AmoLAn56A8wWZL%2F996afc6XfmpB2glsViDOTsk8IM0ELNmDSxb6nSGwatETJh7yrBjbWrh4VJJAiQWmYQH3Lxwu6n13H13rgab3oOMCfVugrwpQNYLLLo%2FTxJ5e%2F7E%2BC4TKG4fKegehsurBxXCdPKs0g4Zoh%2B0W4zwUjAetWr1d9%2F0a541WRwQdpK5kezd%2F%2BQcAAP%2F%2FAQAA%2F%2F%2BZeFzydAQAAA%3D%3D HTTP/1.1
Host: lightssyrupdecree.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Cookie: u_pl=15600826; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Fri, 25 Nov 2022 04:34:36 GMT
Content-Type: image/gif
Content-Length: 7
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 22795eeea40c262c9a13a35fa989d7ba
Strict-Transport-Security: max-age=0; includeSubdomains
lightssyrupdecree.com/pixel/sbs?c=1
173.233.137.60200 OK 0 B URL HTTP/1.1 lightssyrupdecree.com/pixel/sbs?c=1
IP 173.233.137.60:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /pixel/sbs?c=1 HTTP/1.1
Host: lightssyrupdecree.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Cookie: u_pl=15600826; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Fri, 25 Nov 2022 04:34:36 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
cdn.creative-bars1.com/sb/ssp/utility/social-media/facebook/img/close.svg
172.64.109.13200 OK 585 B URL HTTP/2 cdn.creative-bars1.com/sb/ssp/utility/social-media/facebook/img/close.svg
IP 172.64.109.13:0
File type SVG Scalable Vector Graphics image\012- XML 1.0 document text\012- XML document text\012- exported SGML document, ASCII text, with CRLF line terminators
Hash bce897c680cae17c899994ba9f1a68da
698c9fbcd96ab6e61b7bb9b6039eb439a24839fd
8313e273fc788c1d37c114316ecf3b22cc7cd3c65c8585acc9c6b3595dd06734
GET /sb/ssp/utility/social-media/facebook/img/close.svg HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Fri, 25 Nov 2022 04:34:36 GMT
content-type: image/svg+xml
last-modified: Thu, 11 Feb 2021 15:13:59 GMT
etag: W/"602549b7-52a"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 830611
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=HCNspRkFrHSDRNiBqq1xIfC1HqbZgS1ejtiVAUsDnVEDPkeMJtHdYUdTK%2F4ZYBI2JjX%2B2Wz9QUjxm3fg%2FDHe7ZtLhQZrqS4LwMtvHrbGPJR36lGBHwxUHqC1iZHzb06JcTvNbgzTMqjC"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 76f7ac417a16d188-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
reproductiontape.com/impr.gif?sid=H4sIAAAAAAAC%2F1RSz2sbRxueTfLBR0OhLbn00KBbWyjyrlaypeZg6iYOpq7tJik%2Bz87MSlOPdpaZHa2sS00CJYcelFuP60d23B8hNKf2UghyLq2hkO2hmFJD%2FoZCoLciWaD2hZn3feZ5D8%2FzvvPFvjsjPhw93fpYD6RSdKFR9SvvbMuE69xWNu5UAr%2FqX6tsy2Sxfq3Sn1ym937gN6r%2Bu5Wbgu3ohZof%2BH7gB5VVaUSs%2BwtTFjJ91AqqLb9ar1WDRh19819snQdLPfDeGXkDkpf%2F6%2Fz8BJKNkXS%2Fvy7sTqbT9250naKZNujxo0%2BTnUTnCbrzMjYe4uRo1g1tS0K%2BugCdHM0cQPcOJg4QyZJ4vweIkqOZTES9w3OlkYJIEPHLyHtjCDWGpGMwfQ%2BSPycA49jYRNJ9uKFNTnfPWTphS3Lp5V%2BQeUku%2FXkFSffxipL9ym2tXCZ1YtGPC8j%2BGLI9RuqOkQ08yPwYLLsLyX8lCy%2FXkXQPNq3SkLyYupdyDBmPocQQ1HpwkyM9uNiDSz10%2BWmFNlqx7y%2FFURyGzTpjLAwZazQXeYOH9Wbsw7GJvCGydAimhmBmD6nZw458UBJy9wDGPYXtFLDcg81K4n2yhx4vkAuC3BLklCCXBHlGkPeKQ65szRYPubIuCma5NsthMdJZe58e6qwtErKfnpHXJ8PxXv38beyI00otiEXYavhxPagJv7bIwjAOokUmxGIQiojCygLSXpj6HciSXG1cRipL8v%2Flp4joMaw6BpOvgbq3QPPRUs0H7YzqTR%2BD5MeEZs5Q1RFUZR2rnWGiypSLwHWBNLuEbNfbV2fkzenCWj98DcFOln95cfPxlcELMFMgNQU%2Bk88I2ur%2B6JbOycEtnVvyZDPNZFcO6GSZtzOaiYvffiR2c2342nU7%2FOYDNiEm5aM7wmbrNOEyaVvy3YrkXJhVbZggP63ZbRFtOdtZcSZx6frWh6tr3dQIa6VOxqDyuf0STJbkFXE4%2FaZXn%2F0NacYwrkDXnZBZQOoxWLoHm87VW01g1LwnSj3krhiZWjR%2FVJJAiTmmUQH7LxzN6317H23jgWb3kHQL9EyBnipA1RDWXRxlqTlZ%2Fi2cBiLljSJlvINIGfXgfLRWnlYaQV00o%2BYS4zwSjAdLtbAZ%2Bn6N8%2FpSSwQtZLZkezf%2B%2BAcAAP%2F%2FAQAA%2F%2F8qSRztfgQAAA%3D%3D
173.233.137.36200 OK 7 B URL HTTP/1.1 reproductiontape.com/impr.gif?sid=H4sIAAAAAAAC%2F1RSz2sbRxueTfLBR0OhLbn00KBbWyjyrlaypeZg6iYOpq7tJik%2Bz87MSlOPdpaZHa2sS00CJYcelFuP60d23B8hNKf2UghyLq2hkO2hmFJD%2FoZCoLciWaD2hZn3feZ5D8%2FzvvPFvjsjPhw93fpYD6RSdKFR9SvvbMuE69xWNu5UAr%2FqX6tsy2Sxfq3Sn1ym937gN6r%2Bu5Wbgu3ohZof%2BH7gB5VVaUSs%2BwtTFjJ91AqqLb9ar1WDRh19819snQdLPfDeGXkDkpf%2F6%2Fz8BJKNkXS%2Fvy7sTqbT9250naKZNujxo0%2BTnUTnCbrzMjYe4uRo1g1tS0K%2BugCdHM0cQPcOJg4QyZJ4vweIkqOZTES9w3OlkYJIEPHLyHtjCDWGpGMwfQ%2BSPycA49jYRNJ9uKFNTnfPWTphS3Lp5V%2BQeUku%2FXkFSffxipL9ym2tXCZ1YtGPC8j%2BGLI9RuqOkQ08yPwYLLsLyX8lCy%2FXkXQPNq3SkLyYupdyDBmPocQQ1HpwkyM9uNiDSz10%2BWmFNlqx7y%2FFURyGzTpjLAwZazQXeYOH9Wbsw7GJvCGydAimhmBmD6nZw458UBJy9wDGPYXtFLDcg81K4n2yhx4vkAuC3BLklCCXBHlGkPeKQ65szRYPubIuCma5NsthMdJZe58e6qwtErKfnpHXJ8PxXv38beyI00otiEXYavhxPagJv7bIwjAOokUmxGIQiojCygLSXpj6HciSXG1cRipL8v%2Flp4joMaw6BpOvgbq3QPPRUs0H7YzqTR%2BD5MeEZs5Q1RFUZR2rnWGiypSLwHWBNLuEbNfbV2fkzenCWj98DcFOln95cfPxlcELMFMgNQU%2Bk88I2ur%2B6JbOycEtnVvyZDPNZFcO6GSZtzOaiYvffiR2c2342nU7%2FOYDNiEm5aM7wmbrNOEyaVvy3YrkXJhVbZggP63ZbRFtOdtZcSZx6frWh6tr3dQIa6VOxqDyuf0STJbkFXE4%2FaZXn%2F0NacYwrkDXnZBZQOoxWLoHm87VW01g1LwnSj3krhiZWjR%2FVJJAiTmmUQH7LxzN6317H23jgWb3kHQL9EyBnipA1RDWXRxlqTlZ%2Fi2cBiLljSJlvINIGfXgfLRWnlYaQV00o%2BYS4zwSjAdLtbAZ%2Bn6N8%2FpSSwQtZLZkezf%2B%2BAcAAP%2F%2FAQAA%2F%2F8qSRztfgQAAA%3D%3D
IP 173.233.137.36:0
File type ASCII text, with no line terminators
Hash 132d6af1b46048b45cf86cdee7991d31
eb7007d03d59b65bc6da7e098c4d38fc6dfb6285
ab852e838deccd742a03ca81d4a8d75cf1a00b327db3eaf46bd7da6b6db9384c
Analyzer Verdict Alert quad9 Sinkholed
GET /impr.gif?sid=H4sIAAAAAAAC%2F1RSz2sbRxueTfLBR0OhLbn00KBbWyjyrlaypeZg6iYOpq7tJik%2Bz87MSlOPdpaZHa2sS00CJYcelFuP60d23B8hNKf2UghyLq2hkO2hmFJD%2FoZCoLciWaD2hZn3feZ5D8%2FzvvPFvjsjPhw93fpYD6RSdKFR9SvvbMuE69xWNu5UAr%2FqX6tsy2Sxfq3Sn1ym937gN6r%2Bu5Wbgu3ohZof%2BH7gB5VVaUSs%2BwtTFjJ91AqqLb9ar1WDRh19819snQdLPfDeGXkDkpf%2F6%2Fz8BJKNkXS%2Fvy7sTqbT9250naKZNujxo0%2BTnUTnCbrzMjYe4uRo1g1tS0K%2BugCdHM0cQPcOJg4QyZJ4vweIkqOZTES9w3OlkYJIEPHLyHtjCDWGpGMwfQ%2BSPycA49jYRNJ9uKFNTnfPWTphS3Lp5V%2BQeUku%2FXkFSffxipL9ym2tXCZ1YtGPC8j%2BGLI9RuqOkQ08yPwYLLsLyX8lCy%2FXkXQPNq3SkLyYupdyDBmPocQQ1HpwkyM9uNiDSz10%2BWmFNlqx7y%2FFURyGzTpjLAwZazQXeYOH9Wbsw7GJvCGydAimhmBmD6nZw458UBJy9wDGPYXtFLDcg81K4n2yhx4vkAuC3BLklCCXBHlGkPeKQ65szRYPubIuCma5NsthMdJZe58e6qwtErKfnpHXJ8PxXv38beyI00otiEXYavhxPagJv7bIwjAOokUmxGIQiojCygLSXpj6HciSXG1cRipL8v%2Flp4joMaw6BpOvgbq3QPPRUs0H7YzqTR%2BD5MeEZs5Q1RFUZR2rnWGiypSLwHWBNLuEbNfbV2fkzenCWj98DcFOln95cfPxlcELMFMgNQU%2Bk88I2ur%2B6JbOycEtnVvyZDPNZFcO6GSZtzOaiYvffiR2c2342nU7%2FOYDNiEm5aM7wmbrNOEyaVvy3YrkXJhVbZggP63ZbRFtOdtZcSZx6frWh6tr3dQIa6VOxqDyuf0STJbkFXE4%2FaZXn%2F0NacYwrkDXnZBZQOoxWLoHm87VW01g1LwnSj3krhiZWjR%2FVJJAiTmmUQH7LxzN6317H23jgWb3kHQL9EyBnipA1RDWXRxlqTlZ%2Fi2cBiLljSJlvINIGfXgfLRWnlYaQV00o%2BYS4zwSjAdLtbAZ%2Bn6N8%2FpSSwQtZLZkezf%2B%2BAcAAP%2F%2FAQAA%2F%2F8qSRztfgQAAA%3D%3D HTTP/1.1
Host: reproductiontape.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Cookie: u_pl=17661735; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Fri, 25 Nov 2022 04:34:36 GMT
Content-Type: image/gif
Content-Length: 7
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 0d7c3d2e725ce10876922b24fb4a5eea
Strict-Transport-Security: max-age=0; includeSubdomains
static-cache.k2s.cc/thumbnail/Iu-RvHCgyqnt_DyQ-g/w320h240/0.jpeg
188.72.235.185200 OK 9.8 kB URL HTTP/2 static-cache.k2s.cc/thumbnail/Iu-RvHCgyqnt_DyQ-g/w320h240/0.jpeg
IP 188.72.235.185:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v80), quality = 80", baseline, precision 8, 320x240, components 3\012- data
Hash b8e36536a1df0a4c197c82d14e8c3ddd
739d957b71b9969d99ea9b0ed5af3da00dedd985
dc68a7f2ec2d7f58c74a9608193f51576d90a187375e94ade1bae3c53b98b5e9
GET /thumbnail/Iu-RvHCgyqnt_DyQ-g/w320h240/0.jpeg HTTP/1.1
Host: static-cache.k2s.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: openresty
date: Fri, 25 Nov 2022 04:34:37 GMT
content-type: image/jpeg
content-length: 9786
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
access-control-allow-origin: *
x-cache-status: HIT
X-Firefox-Spdy: h2
static-cache.k2s.cc/thumbnail/Ir_HvyTwwv2__G-W-A/w320h240/0.jpeg
188.72.235.185200 OK 8.5 kB URL HTTP/2 static-cache.k2s.cc/thumbnail/Ir_HvyTwwv2__G-W-A/w320h240/0.jpeg
IP 188.72.235.185:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v80), quality = 80", baseline, precision 8, 320x240, components 3\012- data
Hash 03873fa11d16a3ffd5f8c64b32a30d93
02b0088d802822c7f79fb35cb80f71d676f4caea
cbfc21108dce5d38ce124fb995d85827fd429a49792c5cbbcd983e98802c7536
GET /thumbnail/Ir_HvyTwwv2__G-W-A/w320h240/0.jpeg HTTP/1.1
Host: static-cache.k2s.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: openresty
date: Fri, 25 Nov 2022 04:34:37 GMT
content-type: image/jpeg
content-length: 8490
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
access-control-allow-origin: *
x-cache-status: HIT
X-Firefox-Spdy: h2
cdn.creative-bars1.com/sb/chat/mob/ssp/v2/new/3/js/script.js
172.64.109.13200 OK 12 kB URL HTTP/2 cdn.creative-bars1.com/sb/chat/mob/ssp/v2/new/3/js/script.js
IP 172.64.109.13:0
Hash 9ffeca3bbd2687ad75f0d476ac6fcb4e
ccf27dbd1e9e8453ed87e0dd484cea46e4cc9fef
ed20be960b200e13accbd0236eb0f9704cd8266c2b87101bbb411cba0f50a847
GET /sb/chat/mob/ssp/v2/new/3/js/script.js HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://xfantazy.com
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Fri, 25 Nov 2022 04:34:36 GMT
content-type: application/javascript
last-modified: Wed, 13 Jul 2022 12:13:56 GMT
etag: W/"62ceb704-17f"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 830528
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=uzrP3c4rGBH4hq315aspD3uSlhNcyjLAU%2BEJrbStfFMv2iTRwi8A4VhspfoSHzk9lzbp7zO8%2FDB0%2FGIwFXTWim9MGucOw0tTSC3%2BFB0GqR0v6N3VBrNGuuricQ%2BP9G3VoWvOuX0kDrev"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 76f7ac41aa32d188-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 280 B IP 93.184.220.29:0
Hash bd7d76dba5dcb75ecabd6890b6759d06
4f7f00fc6a299b65f55ff97207b591b0b18f8b90
3cd6da3e8cb69aa4cd2e836a8eba3df54b28fef81bb82a4fdda872c9e6047618
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4540
Cache-Control: max-age=103691
Content-Type: application/ocsp-response
Date: Fri, 25 Nov 2022 04:34:37 GMT
Etag: "637f262c-118"
Expires: Sat, 26 Nov 2022 09:22:48 GMT
Last-Modified: Thu, 24 Nov 2022 08:07:08 GMT
Server: ECS (ska/F714)
X-Cache: HIT
Content-Length: 280
static-cache.k2s.cc/thumbnail/I-iQvCSvyK_k-jTF-g/w320h240/0.jpeg
188.72.235.185200 OK 9.8 kB URL HTTP/2 static-cache.k2s.cc/thumbnail/I-iQvCSvyK_k-jTF-g/w320h240/0.jpeg
IP 188.72.235.185:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v80), quality = 80", baseline, precision 8, 320x240, components 3\012- data
Hash 67e3650080b955c62d336a454720928f
6b19df573380c8009d6a5531fdd1535d2c5a6d63
5dbfeb2dcac828581ca03381e43c33fb445d39785b812f5f56c9c3d1c6ab8807
GET /thumbnail/I-iQvCSvyK_k-jTF-g/w320h240/0.jpeg HTTP/1.1
Host: static-cache.k2s.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: openresty
date: Fri, 25 Nov 2022 04:34:37 GMT
content-type: image/jpeg
content-length: 9833
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
access-control-allow-origin: *
x-cache-status: HIT
X-Firefox-Spdy: h2
static-cache.k2s.cc/thumbnail/ILuQunL0z_25rW_F_A/w320h240/0.jpeg
188.72.235.185200 OK 6.8 kB URL HTTP/2 static-cache.k2s.cc/thumbnail/ILuQunL0z_25rW_F_A/w320h240/0.jpeg
IP 188.72.235.185:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v80), quality = 80", baseline, precision 8, 320x240, components 3\012- data
Hash 6f4d21da854c9c3a6a2e77cde4d03564
2079fdde88eb22efa6cc667015871990aaecfacc
716f1f0fc61ce79652a860930ab38a0c33635ad69ecea17ca186d8a34bc9c447
GET /thumbnail/ILuQunL0z_25rW_F_A/w320h240/0.jpeg HTTP/1.1
Host: static-cache.k2s.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: openresty
date: Fri, 25 Nov 2022 04:34:37 GMT
content-type: image/jpeg
content-length: 6834
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
access-control-allow-origin: *
x-cache-status: HIT
X-Firefox-Spdy: h2
static-cache.k2s.cc/thumbnail/LL_FviD0mKfo_2-e_g/w320h240/0.jpeg
188.72.235.185200 OK 11 kB URL HTTP/2 static-cache.k2s.cc/thumbnail/LL_FviD0mKfo_2-e_g/w320h240/0.jpeg
IP 188.72.235.185:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v80), quality = 80", baseline, precision 8, 320x240, components 3\012- data
Hash 8c1560ae52ae7fa413cb06ce94c5e5be
8932690412df5bea4c9e468472f5ecea320082ea
82e0b310e917fa45b6c5f21f045d0f9f244ae54497fabfb6bf3fe88e75aad240
GET /thumbnail/LL_FviD0mKfo_2-e_g/w320h240/0.jpeg HTTP/1.1
Host: static-cache.k2s.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: openresty
date: Fri, 25 Nov 2022 04:34:37 GMT
content-type: image/jpeg
content-length: 11221
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
access-control-allow-origin: *
x-cache-status: HIT
X-Firefox-Spdy: h2
static-cache.k2s.cc/thumbnail/Ir-auSX1zf3o_2mR_w/w320h240/0.jpeg
188.72.235.185200 OK 12 kB URL HTTP/2 static-cache.k2s.cc/thumbnail/Ir-auSX1zf3o_2mR_w/w320h240/0.jpeg
IP 188.72.235.185:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v80), quality = 80", baseline, precision 8, 320x240, components 3\012- data
Hash 5d133eeeb9baa3c655aa7b02f97b774c
3b4e773fef70eea5325b403e7ae93b08a913be44
b71f932cd31002d2e7c7ca9732460a92a536e1dacc6ea519154436aea26c4c35
GET /thumbnail/Ir-auSX1zf3o_2mR_w/w320h240/0.jpeg HTTP/1.1
Host: static-cache.k2s.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: openresty
date: Fri, 25 Nov 2022 04:34:37 GMT
content-type: image/jpeg
content-length: 12244
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
access-control-allow-origin: *
x-cache-status: HIT
X-Firefox-Spdy: h2
static-cache.k2s.cc/thumbnail/cbzA6SLynPzoqW6e-Q/w320h240/0.jpeg
188.72.235.185200 OK 11 kB URL HTTP/2 static-cache.k2s.cc/thumbnail/cbzA6SLynPzoqW6e-Q/w320h240/0.jpeg
IP 188.72.235.185:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v80), quality = 80", baseline, precision 8, 320x240, components 3\012- data
Hash 7bbb30acd91bd53e6dc069d106b423a2
c0bb8810f4d4aec212fee441785dadc7d67b25e2
4db5fa840327f07416e00ce624fd6135ec8e2d062a9663580a83c1bc4add2d6c
GET /thumbnail/cbzA6SLynPzoqW6e-Q/w320h240/0.jpeg HTTP/1.1
Host: static-cache.k2s.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: openresty
date: Fri, 25 Nov 2022 04:34:37 GMT
content-type: image/jpeg
content-length: 11315
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
access-control-allow-origin: *
x-cache-status: HIT
X-Firefox-Spdy: h2
static-cache.k2s.cc/thumbnail/J-2atXGumKzs-WmR-g/w320h240/0.jpeg
188.72.235.185200 OK 8.5 kB URL HTTP/2 static-cache.k2s.cc/thumbnail/J-2atXGumKzs-WmR-g/w320h240/0.jpeg
IP 188.72.235.185:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v80), quality = 80", baseline, precision 8, 320x240, components 3\012- data
Hash 03873fa11d16a3ffd5f8c64b32a30d93
02b0088d802822c7f79fb35cb80f71d676f4caea
cbfc21108dce5d38ce124fb995d85827fd429a49792c5cbbcd983e98802c7536
GET /thumbnail/J-2atXGumKzs-WmR-g/w320h240/0.jpeg HTTP/1.1
Host: static-cache.k2s.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: openresty
date: Fri, 25 Nov 2022 04:34:37 GMT
content-type: image/jpeg
content-length: 8490
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
access-control-allow-origin: *
x-cache-status: HIT
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 280 B IP 93.184.220.29:0
Hash bd7d76dba5dcb75ecabd6890b6759d06
4f7f00fc6a299b65f55ff97207b591b0b18f8b90
3cd6da3e8cb69aa4cd2e836a8eba3df54b28fef81bb82a4fdda872c9e6047618
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4540
Cache-Control: max-age=103691
Content-Type: application/ocsp-response
Date: Fri, 25 Nov 2022 04:34:37 GMT
Etag: "637f262c-118"
Expires: Sat, 26 Nov 2022 09:22:48 GMT
Last-Modified: Thu, 24 Nov 2022 08:07:08 GMT
Server: ECS (ska/F714)
X-Cache: HIT
Content-Length: 280
a.naturalhealthsource.club/api/spots/312874?p=1&s1=%subid1%&kw=
135.181.208.216200 OK 3.9 kB URL HTTP/2 a.naturalhealthsource.club/api/spots/312874?p=1&s1=%subid1%&kw=
IP 135.181.208.216:0
ASN #24940 Hetzner Online GmbH
Hash 6df4effb4fe3100c6a115f498baea013
c47ca48b91b7777b052ac3335cd3d704ba4152f4
047ea708957ddb59ba63da84cfea9e9906ce39e7b8f3121e343bee0a0b841613
GET /api/spots/312874?p=1&s1=%subid1%&kw= HTTP/1.1
Host: a.naturalhealthsource.club
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Cookie: nauid=KPnC3FUMOHbRfXMilo2d
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 25 Nov 2022 04:34:37 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
cache-control: private
content-encoding: gzip
X-Firefox-Spdy: h2
ocsp.sectigo.com/
172.64.155.188200 OK 471 B IP 172.64.155.188:0
Hash 4241f24a0272f050b15cde8a1fc1bea1
375c8b3fd24e63fec3f4d91c69e72c9add431744
129b1a8369522a3f4878f9ab61a76e1c1e092c5e9c3d7ba175b7d8e34de9761a
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 25 Nov 2022 04:34:37 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Mon, 21 Nov 2022 17:56:29 GMT
Expires: Mon, 28 Nov 2022 17:56:28 GMT
Etag: "375c8b3fd24e63fec3f4d91c69e72c9add431744"
Cache-Control: max-age=306710,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb3
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 76f7ac47fb1f0b3d-OSL
cdn.tsyndicate.com/sdk/v1/master.spot.js
8.247.218.249200 OK 13 kB URL HTTP/2 cdn.tsyndicate.com/sdk/v1/master.spot.js
IP 8.247.218.249:0
File type ASCII text, with very long lines (28267)
Hash 2302d49bf491a9778085df04b4da3cf0
5ef4ce33d0fd46d9c5d399ed7f15f0d9031a92ad
0591e83eaf13b272e80594297303e0435272faed43520f07773da71e989c4135
GET /sdk/v1/master.spot.js HTTP/1.1
Host: cdn.tsyndicate.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://a.naturalhealthsource.club/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 25 Nov 2022 04:34:37 GMT
content-type: application/javascript
content-length: 12771
last-modified: Wed, 23 Nov 2022 12:53:01 GMT
server: nginx
x-robots-tag: noindex, nofollow
content-encoding: gzip
vary: Accept-Encoding
etag: W/"637e17ad-890f"
age: 142209
accept-ranges: bytes
X-Firefox-Spdy: h2
syndication.realsrv.com/v1/api.php
95.211.229.248200 OK 903 B URL HTTP/1.1 syndication.realsrv.com/v1/api.php
IP 95.211.229.248:0
ASN #60781 LeaseWeb Netherlands B.V.
File type JSON data\012- , ASCII text, with very long lines (1187), with no line terminators
Hash dccb8005f701ed68ed23255f2eb9f2bd
1b7d37ab4d2d67767c5df17acc463e4d9803818d
efa0f2944e27a1cc99f5dce66df652a33aa911078598d9e2c941e8a6415fc409
POST /v1/api.php HTTP/1.1
Host: syndication.realsrv.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 335
Origin: https://a.naturalhealthsource.club
Connection: keep-alive
Referer: https://a.naturalhealthsource.club/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 25 Nov 2022 04:34:37 GMT
Content-Type: application/json
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Origin: https://a.naturalhealthsource.club
Access-Control-Allow-Headers: Authorization, Content-Type
Access-Control-Request-Method: POST
Access-Control-Allow-Credentials: true
Set-Cookie: __uvt=a%3A1%3A%7Bi%3A0%3Bs%3A33%3A%22638045dd704708.366622444276319227%22%3B%7D; expires=Sun, 24-Nov-2024 04:34:37 GMT; Max-Age=63072000; path=/; domain=realsrv.com; secure; SameSite=None
X-Robots-Tag: noindex, follow
Content-Encoding: gzip
pogothere.xyz/asd100.bin
172.64.173.27200 OK 107 kB IP 172.64.173.27:0
Size 107 kB (106973 bytes)
Hash 527e32039dafeaa2c412a2733f6cd18d
2e03893cd5f969b61f462e0433cfc162b3dc28a9
bccb9f8e155d65cead3d065378fc0b75ecdadd235cb35da8cd18151998a33661
GET /asd100.bin HTTP/1.1
Host: pogothere.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://xfantazy.com/
Origin: https://xfantazy.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Fri, 25 Nov 2022 04:34:36 GMT
content-type: binary/octet-stream
access-control-allow-origin: https://xfantazy.com
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-headers: X-Requested-With, content-type
cache-control: max-age=14400
cf-cache-status: HIT
age: 4900
last-modified: Fri, 25 Nov 2022 03:12:56 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=SUZ%2BoTqm%2Fdl3ZjV72S8%2Bxzj75LXsljBlxbOS5d%2F%2F%2F1wKSJhqzKmcTSF1ePv006I2FcZjRTFbSA2UymmUcydGHXajFPEvjYzouyRnSsvpdMGNQl%2BIkCmtaQx7yDj2TDFJ"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 76f7ac42082d8871-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
syndication.realsrv.com/v1/api.php
95.211.229.248200 OK 1.1 kB URL HTTP/1.1 syndication.realsrv.com/v1/api.php
IP 95.211.229.248:0
ASN #60781 LeaseWeb Netherlands B.V.
File type JSON data\012- , ASCII text, with very long lines (1392), with no line terminators
Hash b9fc77fdc47d57de4a47d6d9c3c4524c
764d02ab79c48e8c0be5560f63675e6c2adf2ed1
fbeec5aaed90654439d5e313713420b6f8c835ea6a4058e9135d391602e0edd6
POST /v1/api.php HTTP/1.1
Host: syndication.realsrv.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 335
Origin: https://a.naturalhealthsource.club
Connection: keep-alive
Referer: https://a.naturalhealthsource.club/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 25 Nov 2022 04:34:37 GMT
Content-Type: application/json
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Origin: https://a.naturalhealthsource.club
Access-Control-Allow-Headers: Authorization, Content-Type
Access-Control-Request-Method: POST
Access-Control-Allow-Credentials: true
Set-Cookie: __uvt=a%3A1%3A%7Bi%3A0%3Bs%3A33%3A%22638045dd71f468.081414712587184129%22%3B%7D; expires=Sun, 24-Nov-2024 04:34:37 GMT; Max-Age=63072000; path=/; domain=realsrv.com; secure; SameSite=None
X-Robots-Tag: noindex, follow
Content-Encoding: gzip
media.aso1.net/js/ifr.html
104.21.234.223200 OK 1.7 kB URL HTTP/2 media.aso1.net/js/ifr.html
IP 104.21.234.223:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash 3a29d9e15cb8ae660551600c26ee61b3
688652c7f24dcbe6386132c853fe93592352440c
504e1fbbb37b14860ec0a3282875b7db7036802143d530e000591768312ef033
GET /js/ifr.html HTTP/1.1
Host: media.aso1.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 25 Nov 2022 04:34:37 GMT
content-type: text/html
last-modified: Thu, 10 Nov 2022 13:01:32 GMT
etag: W/"636cf62c-6ff"
expires: Mon, 14 Nov 2022 07:22:27 GMT
cache-control: max-age=259200
x-robots-tag: noindex, nofollow, noarchive, noimageindex
cf-cache-status: HIT
age: 732555
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=e%2B3KG0wLa4Vd%2FDY%2Bm%2BHRoe1HblXuCNMQqin%2FAo72KfFagmLSo8%2BCoCYjtbUqCe6J4SbyfjwrHq%2BXR9gc%2Fnj23MOnS7yLxxfK74ryAhhXV8dKtVjjRNOKRrxn%2B%2F0gMC9efw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 76f7ac460dac06e5-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
syndication.realsrv.com/cimp.php?t=api&data=H4sIAAAAAAAAA3VOSWoDQQz8Sj7gRmsvPsfXBBz8AM14Bh+MA17AgXp8euzgW1QHlaSiVEIiK+aV2JvoWm2tBY1To2SS2A0fn1sY4xTX2zmOhymO18Pl+3YepzQeb0O/5SrwnK1ltEKkGVZq9mZwqrBqLCUjt1oaKcEICuoQV7OFJSJhRiVsdlvsvt77qi2uDEEjuotT50sSFIF1TvfFIYY6tHmaRx9833KwDlop7z3YJtVYhIj0b3Z6IhGLPZ79LaBsKiZY8Wsw9CI8znH5OY3AS/6EPwwYbLY0eM9mXmMwtnnMQbPHHLqX0bKIll/Ez8utewEAAA==
95.211.229.248200 OK 20 B URL HTTP/1.1 syndication.realsrv.com/cimp.php?t=api&data=H4sIAAAAAAAAA3VOSWoDQQz8Sj7gRmsvPsfXBBz8AM14Bh+MA17AgXp8euzgW1QHlaSiVEIiK+aV2JvoWm2tBY1To2SS2A0fn1sY4xTX2zmOhymO18Pl+3YepzQeb0O/5SrwnK1ltEKkGVZq9mZwqrBqLCUjt1oaKcEICuoQV7OFJSJhRiVsdlvsvt77qi2uDEEjuotT50sSFIF1TvfFIYY6tHmaRx9833KwDlop7z3YJtVYhIj0b3Z6IhGLPZ79LaBsKiZY8Wsw9CI8znH5OY3AS/6EPwwYbLY0eM9mXmMwtnnMQbPHHLqX0bKIll/Ez8utewEAAA==
IP 95.211.229.248:0
ASN #60781 LeaseWeb Netherlands B.V.
Hash a4745abc5e7fdb89cc6df3069f3c6e69
74789f7ddbebd5b7323f6f8174005b4bf8c1f1ed
d1111b245f685176180e6f1631e6dc49badf6672368e9ce260c71355165effdf
GET /cimp.php?t=api&data=H4sIAAAAAAAAA3VOSWoDQQz8Sj7gRmsvPsfXBBz8AM14Bh+MA17AgXp8euzgW1QHlaSiVEIiK+aV2JvoWm2tBY1To2SS2A0fn1sY4xTX2zmOhymO18Pl+3YepzQeb0O/5SrwnK1ltEKkGVZq9mZwqrBqLCUjt1oaKcEICuoQV7OFJSJhRiVsdlvsvt77qi2uDEEjuotT50sSFIF1TvfFIYY6tHmaRx9833KwDlop7z3YJtVYhIj0b3Z6IhGLPZ79LaBsKiZY8Wsw9CI8znH5OY3AS/6EPwwYbLY0eM9mXmMwtnnMQbPHHLqX0bKIll/Ez8utewEAAA== HTTP/1.1
Host: syndication.realsrv.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://a.naturalhealthsource.club
Connection: keep-alive
Referer: https://a.naturalhealthsource.club/
Cookie: __uvt=a%3A1%3A%7Bi%3A0%3Bs%3A33%3A%22638045dd704708.366622444276319227%22%3B%7D
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 25 Nov 2022 04:34:37 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Origin: https://a.naturalhealthsource.club
Access-Control-Allow-Credentials: true
Set-Cookie: __uvt=a%3A1%3A%7Bi%3A0%3Bs%3A33%3A%22638045dd704708.366622444276319227%22%3B%7D; expires=Sun, 24 Nov 2024 04:34:37 GMT; path=; domain=.realsrv.com; Secure; SameSite=none
__upt=%7B%22v%22%3A1%2C%22id%22%3A%22638045dd704708.366622444276319227%22%2C%22pcma%22%3A%22%22%2C%22acma%22%3A%22508.0199%22%7D; expires=Sun, 24 Nov 2024 04:34:37 GMT; path=/; domain=.realsrv.com; Secure; SameSite=none
X-Robots-Tag: noindex, follow
Content-Encoding: gzip
syndication.realsrv.com/v1/api.php
95.211.229.248200 OK 1.1 kB URL HTTP/1.1 syndication.realsrv.com/v1/api.php
IP 95.211.229.248:0
ASN #60781 LeaseWeb Netherlands B.V.
File type JSON data\012- , ASCII text, with very long lines (1394), with no line terminators
Hash ecd783a5267f9bb6f56973ea4faa0a5b
b96ffe210fc53c60599c89c2774019b108f81fe8
53b05b4fb608ab70db38afa7da51f624f1374c01eb3d379ded3fec66574a5536
POST /v1/api.php HTTP/1.1
Host: syndication.realsrv.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 335
Origin: https://a.naturalhealthsource.club
Connection: keep-alive
Referer: https://a.naturalhealthsource.club/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 25 Nov 2022 04:34:37 GMT
Content-Type: application/json
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Origin: https://a.naturalhealthsource.club
Access-Control-Allow-Headers: Authorization, Content-Type
Access-Control-Request-Method: POST
Access-Control-Allow-Credentials: true
Set-Cookie: __uvt=a%3A1%3A%7Bi%3A0%3Bs%3A33%3A%22638045dd7996e7.341755572953247564%22%3B%7D; expires=Sun, 24-Nov-2024 04:34:37 GMT; Max-Age=63072000; path=/; domain=realsrv.com; secure; SameSite=None
X-Robots-Tag: noindex, follow
Content-Encoding: gzip
static.adxadserv.com/css/wm.css
185.76.9.19200 OK 568 B URL HTTP/2 static.adxadserv.com/css/wm.css
IP 185.76.9.19:0
ASN #60068 Datacamp Limited
File type ASCII text, with CRLF line terminators
Hash 9e152ce62dd625375dbf1bfe1d160d47
b0a3acf719822cd0898ce7e83ccf8c9a9f2d01aa
7c2c254a85d2407ccf302bb6d1a2d87de8925ee9f75acfc1f760b86cb3bf08ce
GET /css/wm.css HTTP/1.1
Host: static.adxadserv.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ads.adxadserv.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
HTTP/2 200 OK
date: Fri, 25 Nov 2022 04:34:37 GMT
content-type: text/css
last-modified: Mon, 03 Aug 2020 09:41:06 GMT
etag: W/"5f27dbb2-711"
x-accel-expires: @1669892989
server: CDN77-Turbo
x-77-nzt: AblMCQ2wb5j/YIwHAA
x-77-nzt-ray: c0a4cc283dc93e4cdd45806337379626
x-cache: HIT
x-age: 494688
x-77-pop: stockholmSE
x-77-cache: HIT
content-encoding: br
X-Firefox-Spdy: h2
syndication.realsrv.com/cimp.php?t=api&data=H4sIAAAAAAAAA3VPSWoDQQz8Sj7gRmurx/dcEzDkAT3tHnwwDngBB+rx6bGJb1Eh0FIqSUIiG+aN2JvoVm2rgYnTRMkksRs+Pncwxqleb+d6PPR6vB4u37dz66kdbzOKqJnAc7YpYwoizbAoORPBqcAt+1iCCFYvucAIChoQH6NrlIhY1H3KxGReUAjvX7uHMziRSkCgRHdxGqX1KPCQGjHdVy3nfW+lR2d3DanWaumkLSTqsriuRNT07xv0RCJXH1z5K0DZVMaDG34lhmGER7tefk4NeNGf8IfAWGq2nov9zGWeY2Je+kzivigz5f3cJFoO/QWhMvK/hgEAAA==
95.211.229.248200 OK 20 B URL HTTP/1.1 syndication.realsrv.com/cimp.php?t=api&data=H4sIAAAAAAAAA3VPSWoDQQz8Sj7gRmurx/dcEzDkAT3tHnwwDngBB+rx6bGJb1Eh0FIqSUIiG+aN2JvoVm2rgYnTRMkksRs+Pncwxqleb+d6PPR6vB4u37dz66kdbzOKqJnAc7YpYwoizbAoORPBqcAt+1iCCFYvucAIChoQH6NrlIhY1H3KxGReUAjvX7uHMziRSkCgRHdxGqX1KPCQGjHdVy3nfW+lR2d3DanWaumkLSTqsriuRNT07xv0RCJXH1z5K0DZVMaDG34lhmGER7tefk4NeNGf8IfAWGq2nov9zGWeY2Je+kzivigz5f3cJFoO/QWhMvK/hgEAAA==
IP 95.211.229.248:0
ASN #60781 LeaseWeb Netherlands B.V.
Hash a4745abc5e7fdb89cc6df3069f3c6e69
74789f7ddbebd5b7323f6f8174005b4bf8c1f1ed
d1111b245f685176180e6f1631e6dc49badf6672368e9ce260c71355165effdf
GET /cimp.php?t=api&data=H4sIAAAAAAAAA3VPSWoDQQz8Sj7gRmurx/dcEzDkAT3tHnwwDngBB+rx6bGJb1Eh0FIqSUIiG+aN2JvoVm2rgYnTRMkksRs+Pncwxqleb+d6PPR6vB4u37dz66kdbzOKqJnAc7YpYwoizbAoORPBqcAt+1iCCFYvucAIChoQH6NrlIhY1H3KxGReUAjvX7uHMziRSkCgRHdxGqX1KPCQGjHdVy3nfW+lR2d3DanWaumkLSTqsriuRNT07xv0RCJXH1z5K0DZVMaDG34lhmGER7tefk4NeNGf8IfAWGq2nov9zGWeY2Je+kzivigz5f3cJFoO/QWhMvK/hgEAAA== HTTP/1.1
Host: syndication.realsrv.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://a.naturalhealthsource.club
Connection: keep-alive
Referer: https://a.naturalhealthsource.club/
Cookie: __uvt=a%3A1%3A%7Bi%3A0%3Bs%3A33%3A%22638045dd71f468.081414712587184129%22%3B%7D; __upt=%7B%22v%22%3A1%2C%22id%22%3A%22638045dd704708.366622444276319227%22%2C%22pcma%22%3A%22%22%2C%22acma%22%3A%22508.0199%22%7D
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 25 Nov 2022 04:34:37 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Origin: https://a.naturalhealthsource.club
Access-Control-Allow-Credentials: true
Set-Cookie: __uvt=a%3A1%3A%7Bi%3A0%3Bs%3A33%3A%22638045dd71f468.081414712587184129%22%3B%7D; expires=Sun, 24 Nov 2024 04:34:37 GMT; path=; domain=.realsrv.com; Secure; SameSite=none
__upt=%7B%22v%22%3A1%2C%22id%22%3A%22638045dd704708.366622444276319227%22%2C%22pcma%22%3A%22%22%2C%22acma%22%3A%22508.029701%22%7D; expires=Sun, 24 Nov 2024 04:34:37 GMT; path=/; domain=.realsrv.com; Secure; SameSite=none
X-Robots-Tag: noindex, follow
Content-Encoding: gzip
syndication.realsrv.com/cimp.php?t=api&data=H4sIAAAAAAAAA3VPS2pDMQy8Si8Qo7/t7LttIdAD+P3IIqSQ5EEKc/j6JTS7ehBIsjSaERLZMe/E3kT3anvNqJwqJZPEbvj4PMAY53ZbL+10nNvpdrx+r5dxTuNpHVBEzQQeYTVQM5EGLJfwWuDUw8L7EeTM6iUKjKCgDvG+umWJiCWyO1OuUQ2F8P51eASDE6lkCJToLk69tYkCd6qe033jimWinLO3UKXatOaR5i5sCo+66LINoqV/bdATiTw2UvlrQNlUusEdvwpDf4THd7v+nEfgNf6EPwgUbLbJhS9lLt7921TKZHNUGabahqbzIkL+C1QTAlGGAQAA
95.211.229.248200 OK 20 B URL HTTP/1.1 syndication.realsrv.com/cimp.php?t=api&data=H4sIAAAAAAAAA3VPS2pDMQy8Si8Qo7/t7LttIdAD+P3IIqSQ5EEKc/j6JTS7ehBIsjSaERLZMe/E3kT3anvNqJwqJZPEbvj4PMAY53ZbL+10nNvpdrx+r5dxTuNpHVBEzQQeYTVQM5EGLJfwWuDUw8L7EeTM6iUKjKCgDvG+umWJiCWyO1OuUQ2F8P51eASDE6lkCJToLk69tYkCd6qe033jimWinLO3UKXatOaR5i5sCo+66LINoqV/bdATiTw2UvlrQNlUusEdvwpDf4THd7v+nEfgNf6EPwgUbLbJhS9lLt7921TKZHNUGabahqbzIkL+C1QTAlGGAQAA
IP 95.211.229.248:0
ASN #60781 LeaseWeb Netherlands B.V.
Hash a4745abc5e7fdb89cc6df3069f3c6e69
74789f7ddbebd5b7323f6f8174005b4bf8c1f1ed
d1111b245f685176180e6f1631e6dc49badf6672368e9ce260c71355165effdf
GET /cimp.php?t=api&data=H4sIAAAAAAAAA3VPS2pDMQy8Si8Qo7/t7LttIdAD+P3IIqSQ5EEKc/j6JTS7ehBIsjSaERLZMe/E3kT3anvNqJwqJZPEbvj4PMAY53ZbL+10nNvpdrx+r5dxTuNpHVBEzQQeYTVQM5EGLJfwWuDUw8L7EeTM6iUKjKCgDvG+umWJiCWyO1OuUQ2F8P51eASDE6lkCJToLk69tYkCd6qe033jimWinLO3UKXatOaR5i5sCo+66LINoqV/bdATiTw2UvlrQNlUusEdvwpDf4THd7v+nEfgNf6EPwgUbLbJhS9lLt7921TKZHNUGabahqbzIkL+C1QTAlGGAQAA HTTP/1.1
Host: syndication.realsrv.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://a.naturalhealthsource.club
Connection: keep-alive
Referer: https://a.naturalhealthsource.club/
Cookie: __uvt=a%3A1%3A%7Bi%3A0%3Bs%3A33%3A%22638045dd73f616.272708844048668197%22%3B%7D; __upt=%7B%22v%22%3A1%2C%22id%22%3A%22638045dd704708.366622444276319227%22%2C%22pcma%22%3A%22%22%2C%22acma%22%3A%22508.0199%22%7D
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 25 Nov 2022 04:34:37 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Origin: https://a.naturalhealthsource.club
Access-Control-Allow-Credentials: true
Set-Cookie: __uvt=a%3A1%3A%7Bi%3A0%3Bs%3A33%3A%22638045dd73f616.272708844048668197%22%3B%7D; expires=Sun, 24 Nov 2024 04:34:37 GMT; path=; domain=.realsrv.com; Secure; SameSite=none
__upt=%7B%22v%22%3A1%2C%22id%22%3A%22638045dd704708.366622444276319227%22%2C%22pcma%22%3A%22%22%2C%22acma%22%3A%22508.029701%22%7D; expires=Sun, 24 Nov 2024 04:34:37 GMT; path=/; domain=.realsrv.com; Secure; SameSite=none
X-Robots-Tag: noindex, follow
Content-Encoding: gzip
syndication.realsrv.com/cimp.php?t=api&data=H4sIAAAAAAAAA3VPS2oDMQy9Si8wRn/Z2XebQqAH8LgeshhSyAdS0OHrSWh21UOgz9OTREA0IU4kb8Q7lh17FEwFklBCldh/HEIwTvV6O9f12Ot6PV6+b+fWU1tvc2RiEQo1k2JRHIAtxLMZQCjkUDEdS8IdWbPlEAgOGCAdo1uUAJByziqiBbN4ZIj3z8PDMTABkwcFA9xJYZS2qwKH1ojhvokpfvWWu3dUZacqreYO3Jy8LovyRoya/v0DnkigVgaX/grBKEzjwwlficQwiEe7Xn5OLeJFf0IfAmOpyHZusBVYvDnbgg65WK8wI7nNxh1g/gUZxWcQhwEAAA==
95.211.229.248200 OK 20 B URL HTTP/1.1 syndication.realsrv.com/cimp.php?t=api&data=H4sIAAAAAAAAA3VPS2oDMQy9Si8wRn/Z2XebQqAH8LgeshhSyAdS0OHrSWh21UOgz9OTREA0IU4kb8Q7lh17FEwFklBCldh/HEIwTvV6O9f12Ot6PV6+b+fWU1tvc2RiEQo1k2JRHIAtxLMZQCjkUDEdS8IdWbPlEAgOGCAdo1uUAJByziqiBbN4ZIj3z8PDMTABkwcFA9xJYZS2qwKH1ojhvokpfvWWu3dUZacqreYO3Jy8LovyRoya/v0DnkigVgaX/grBKEzjwwlficQwiEe7Xn5OLeJFf0IfAmOpyHZusBVYvDnbgg65WK8wI7nNxh1g/gUZxWcQhwEAAA==
IP 95.211.229.248:0
ASN #60781 LeaseWeb Netherlands B.V.
Hash a4745abc5e7fdb89cc6df3069f3c6e69
74789f7ddbebd5b7323f6f8174005b4bf8c1f1ed
d1111b245f685176180e6f1631e6dc49badf6672368e9ce260c71355165effdf
GET /cimp.php?t=api&data=H4sIAAAAAAAAA3VPS2oDMQy9Si8wRn/Z2XebQqAH8LgeshhSyAdS0OHrSWh21UOgz9OTREA0IU4kb8Q7lh17FEwFklBCldh/HEIwTvV6O9f12Ot6PV6+b+fWU1tvc2RiEQo1k2JRHIAtxLMZQCjkUDEdS8IdWbPlEAgOGCAdo1uUAJByziqiBbN4ZIj3z8PDMTABkwcFA9xJYZS2qwKH1ojhvokpfvWWu3dUZacqreYO3Jy8LovyRoya/v0DnkigVgaX/grBKEzjwwlficQwiEe7Xn5OLeJFf0IfAmOpyHZusBVYvDnbgg65WK8wI7nNxh1g/gUZxWcQhwEAAA== HTTP/1.1
Host: syndication.realsrv.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://a.naturalhealthsource.club
Connection: keep-alive
Referer: https://a.naturalhealthsource.club/
Cookie: __uvt=a%3A1%3A%7Bi%3A0%3Bs%3A33%3A%22638045dd7996e7.341755572953247564%22%3B%7D; __upt=%7B%22v%22%3A1%2C%22id%22%3A%22638045dd704708.366622444276319227%22%2C%22pcma%22%3A%22%22%2C%22acma%22%3A%22508.029701%22%7D
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 25 Nov 2022 04:34:37 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Origin: https://a.naturalhealthsource.club
Access-Control-Allow-Credentials: true
Set-Cookie: __uvt=a%3A1%3A%7Bi%3A0%3Bs%3A33%3A%22638045dd7996e7.341755572953247564%22%3B%7D; expires=Sun, 24 Nov 2024 04:34:37 GMT; path=; domain=.realsrv.com; Secure; SameSite=none
__upt=%7B%22v%22%3A1%2C%22id%22%3A%22638045dd704708.366622444276319227%22%2C%22pcma%22%3A%22%22%2C%22acma%22%3A%22508.03940399%22%7D; expires=Sun, 24 Nov 2024 04:34:37 GMT; path=/; domain=.realsrv.com; Secure; SameSite=none
X-Robots-Tag: noindex, follow
Content-Encoding: gzip
s3t3d2y8.afcdn.net/library/41682/3a53f2892170dcd0d0dad297581c6271c4b75c8a.mp4
185.76.9.14206 Partial Content 54 kB URL HTTP/2 s3t3d2y8.afcdn.net/library/41682/3a53f2892170dcd0d0dad297581c6271c4b75c8a.mp4
IP 185.76.9.14:0
ASN #60068 Datacamp Limited
File type ISO Media, MP4 Base Media v1 [ISO 14496-12:2003]\012- data
Hash f33ab83e22b10a6408163585cfe96e34
3a53f2892170dcd0d0dad297581c6271c4b75c8a
d9b637efdaac422db1560b20edf3270acaecf151fe2113e1f8344e630972213a
GET /library/41682/3a53f2892170dcd0d0dad297581c6271c4b75c8a.mp4 HTTP/1.1
Host: s3t3d2y8.afcdn.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: video/webm,video/ogg,video/*;q=0.9,application/ogg;q=0.7,audio/*;q=0.6,*/*;q=0.5
Accept-Language: en-US,en;q=0.5
Range: bytes=0-
Connection: keep-alive
Referer: https://a.naturalhealthsource.club/
Sec-Fetch-Dest: video
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 206 Partial Content
date: Fri, 25 Nov 2022 04:34:37 GMT
content-type: video/mp4
content-length: 54164
last-modified: Sun, 07 Nov 2021 01:10:04 GMT
etag: "6187276c-d394"
expires: Fri, 30 Jun 2023 18:47:00 GMT
cache-control: max-age=31536000
access-control-allow-origin: *
x-cache-op: HIT
x-accel-expires: @1688195259
server: CDN77-Turbo
x-robots-tag: noindex, follow
x-77-nzt: AblMCQ01vCX/oqjBAA
x-77-nzt-ray: c0a4cc2892c9ba4cdd45806363108c2b
x-cache: HIT
x-age: 12691618
x-77-pop: stockholmSE
x-77-cache: HIT
content-range: bytes 0-54163/54164
X-Firefox-Spdy: h2
xfantazy.com/_next/static/runtime/main-8daa673a54696bb62abb.js
172.64.162.22200 OK 237 kB URL HTTP/2 xfantazy.com/_next/static/runtime/main-8daa673a54696bb62abb.js
IP 172.64.162.22:0
File type ASCII text, with very long lines (65536), with no line terminators
Size 237 kB (236614 bytes)
Hash fd1baa73403ff54effcba19c90058850
74e86e7cf1ec7bf2c0df7988b578e4cc09a2f036
162cd750def99b9348c611abfe2a446e6c1c44dd4aee8e04da0e380ef2b7769a
GET /_next/static/runtime/main-8daa673a54696bb62abb.js HTTP/1.1
Host: xfantazy.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/video/6051542a4ce90e0b3a572b0b?
Cookie: visitorId=aunxcne9m2bdujejini09; experiment-popup-payment-7=0; experiment-save-to-button-2=0
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Fri, 25 Nov 2022 04:34:32 GMT
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=31536000, immutable
cf-bgj: minify
etag: W/"11cd7-1835016572f"
last-modified: Sun, 18 Sep 2022 10:13:04 GMT
vary: Origin, Accept-Encoding
cf-cache-status: HIT
age: 1843529
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=xk%2BKLvgB01dDXxLdbkxTI3c9AJlwrawX90GQHyxb%2B%2BzS7T%2FAoMBJrj%2F1TmN%2BWPHi0f%2FWqoJGXY%2FuY7pFH0ORsJoEIvdNJLheTe4cq9yDQjFuxnYX44RY2N9hrMwwEtI%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 76f7ac271d2575db-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
e1.o.lencr.org/
23.36.76.226200 OK 345 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 2e6d361864dc7df25449d987390b4580
b31810e4d1f722f291d9e0115adede9d8f5fff55
fe6f09bffe208e0aedffa45395437fefbd27af3b370df0d8d9916673fcee80ce
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "FE6F09BFFE208E0AEDFFA45395437FEFBD27AF3B370DF0D8D9916673FCEE80CE"
Last-Modified: Thu, 24 Nov 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3800
Expires: Fri, 25 Nov 2022 05:37:57 GMT
Date: Fri, 25 Nov 2022 04:34:37 GMT
Connection: keep-alive
fonts.gstatic.com/s/ubuntu/v20/4iCs6KVjbNBYlgoKfw72.woff2
216.58.207.195200 OK 35 kB URL HTTP/2 fonts.gstatic.com/s/ubuntu/v20/4iCs6KVjbNBYlgoKfw72.woff2
IP 216.58.207.195:0
File type Web Open Font Format (Version 2), TrueType, length 34852, version 1.0\012- data
Hash 0e8eefb4549a2edf26c560cb9845952e
8d0b1718aacad934fd0043c87cbc54aa091396bf
7f653b3ce9d3277457fc6da4edb246ae2f6c913f088c42dcb8cd2e96267aa21a
GET /s/ubuntu/v20/4iCs6KVjbNBYlgoKfw72.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://ads.adxadserv.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 34852
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 23 Nov 2022 08:17:47 GMT
expires: Thu, 23 Nov 2023 08:17:47 GMT
cache-control: public, max-age=31536000
age: 159410
last-modified: Wed, 27 Apr 2022 16:31:23 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
s3t3d2y8.afcdn.net/library/823442/7484a10379d3aa453002876fd3c72642bf4b9be5.mp4
185.76.9.14206 Partial Content 66 kB URL HTTP/2 s3t3d2y8.afcdn.net/library/823442/7484a10379d3aa453002876fd3c72642bf4b9be5.mp4
IP 185.76.9.14:0
ASN #60068 Datacamp Limited
File type ISO Media, MP4 Base Media v1 [ISO 14496-12:2003]\012- data
Hash e41d03c0c8fd34d84c71ec4b73b36e35
bc41af1fed62a74376543904fc996c70b2079322
162275ff71a521987d7fb93bcf516bdf1192028d504764933b8476741afa5a27
GET /library/823442/7484a10379d3aa453002876fd3c72642bf4b9be5.mp4 HTTP/1.1
Host: s3t3d2y8.afcdn.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: video/webm,video/ogg,video/*;q=0.9,application/ogg;q=0.7,audio/*;q=0.6,*/*;q=0.5
Accept-Language: en-US,en;q=0.5
Range: bytes=0-
Connection: keep-alive
Referer: https://a.naturalhealthsource.club/
Sec-Fetch-Dest: video
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 206 Partial Content
date: Fri, 25 Nov 2022 04:34:37 GMT
content-type: video/mp4
content-length: 211266
last-modified: Fri, 18 Nov 2022 09:40:08 GMT
etag: "637752f8-33942"
expires: Tue, 21 Nov 2023 19:46:20 GMT
cache-control: max-age=31536000
access-control-allow-origin: *
x-robots-tag: noindex, follow
x-cache-op: HIT
x-accel-expires: @1700649095
server: CDN77-Turbo
x-77-nzt: AblMCQ2ftTX/1qADAA
x-77-nzt-ray: c0a4cc2892c9ba4cdd45806305b5c52b
x-cache: HIT
x-age: 237782
x-77-pop: stockholmSE
x-77-cache: HIT
content-range: bytes 0-211265/211266
X-Firefox-Spdy: h2
xfantazy.com/_next/static/chunks/47.6c9a4510342e4dd3af77.js
172.64.162.22200 OK 794 B URL HTTP/2 xfantazy.com/_next/static/chunks/47.6c9a4510342e4dd3af77.js
IP 172.64.162.22:0
File type ASCII text, with very long lines (1568), with no line terminators
Hash 0c341b41d855c9968df4342272f54cec
47899d78b04eab1075dbfd6dc1505b8b35c5c7ba
7ce950ed271a3eeb2e6f73860ff1b3269e0ef891e32f92cda1e0c4f4f3085182
GET /_next/static/chunks/47.6c9a4510342e4dd3af77.js HTTP/1.1
Host: xfantazy.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/video/6051542a4ce90e0b3a572b0b?
Cookie: visitorId=aunxcne9m2bdujejini09; experiment-popup-payment-7=0; experiment-save-to-button-2=0
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Fri, 25 Nov 2022 04:34:32 GMT
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=31536000, immutable
cf-bgj: minify
etag: W/"620-183501656fb"
last-modified: Sun, 18 Sep 2022 10:13:04 GMT
vary: Origin, Accept-Encoding
cf-cache-status: HIT
age: 2581814
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=YmRZ54guraRy%2B1ygGqg8qFBFXK44VmoikEucsOJs%2BuBytBW9fsqlopgvIwddM3yG7JmD%2BQe2CJUzZF47V7BhgQcilgZ9wfJUh8BnAcuu5RI5T%2FrxGvGAB6ZKn2u9Xz8%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 76f7ac270d1875db-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
xml.serve-servee.com/thumbnail?i=EoMd2RI1ALk_0&imgt=icon
172.64.111.7302 Found 0 B URL HTTP/2 xml.serve-servee.com/thumbnail?i=EoMd2RI1ALk_0&imgt=icon
IP 172.64.111.7:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /thumbnail?i=EoMd2RI1ALk_0&imgt=icon HTTP/1.1
Host: xml.serve-servee.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 302 Found
date: Fri, 25 Nov 2022 04:34:37 GMT
content-length: 0
location: https://static.serve-servee.com/n337/ad/300x300_IowD1YVbaTd1b9t5tKhN.jpeg
cache-control: no-store
age: 0
pragma: no-cache
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=5ULPqJEwh%2FPeSSEnyQIMZwzxJln%2F3c%2FarLfhDXw8w8NKmH1T%2BZymCjAK1AFoSKIABh9R4pCDJoGrx6%2Fzb1JXk9AP6GYgVC1rdP8%2FSPVHfnPzZGObK%2BLmnSTVLR5inoWYj%2FDUuJXpeQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 76f7ac4aacbe8e26-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
syndication.realsrv.com/splash.php?idzone=4822350&cookieconsent=true
95.211.229.248200 OK 2.7 kB URL HTTP/1.1 syndication.realsrv.com/splash.php?idzone=4822350&cookieconsent=true
IP 95.211.229.248:0
ASN #60781 LeaseWeb Netherlands B.V.
File type XML 1.0 document text\012- XML document, ASCII text, with very long lines (1574)
Hash 2ce50c257e14c73037847ba4cc7f3af4
4d623cfb0808b275ddd396f44723acccbe4d6046
296e7214fd1703fbf38219ea373d4385528d976c9b4b9a3c0512ebdaae291f75
GET /splash.php?idzone=4822350&cookieconsent=true HTTP/1.1
Host: syndication.realsrv.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://media.aso1.net
Connection: keep-alive
Referer: https://media.aso1.net/
Cookie: __uvt=a%3A1%3A%7Bi%3A0%3Bs%3A33%3A%22638045dd7996e7.341755572953247564%22%3B%7D; __upt=%7B%22v%22%3A1%2C%22id%22%3A%22638045dd704708.366622444276319227%22%2C%22pcma%22%3A%22%22%2C%22acma%22%3A%22508.03940399%22%7D
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 25 Nov 2022 04:34:37 GMT
Content-Type: text/xml;charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: __uvt=a%3A1%3A%7Bi%3A0%3Bs%3A33%3A%22638045dd7996e7.341755572953247564%22%3B%7D; expires=Sun, 24 Nov 2024 04:34:37 GMT; path=; domain=.realsrv.com; Secure; SameSite=none
c-tag=%7B%22tag-video%22%3A%22v3%7C%7CNOR%7C4822350%7C59493762%7C0%7C%7C508%7C41%7C3%7C40%7C0%7C0%7C0%7C25344%7C3143242%7C3143244%7C0%7C1%7C0%7C0%7C0%7C0%7C1%7C0%7C0%7C1%7C638045dd7996e7.341755572953247564%7C%7C0%7Cmedia.aso1.net%7C%7C%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7Cok%22%7D; expires=Sat, 26 Nov 2022 04:34:37 GMT; path=/; domain=.realsrv.com; Secure; SameSite=none
Cache-Control: no-store
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: https://media.aso1.net
Access-Control-Allow-Credentials: true
X-Robots-Tag: noindex, follow
Content-Encoding: gzip
static.serve-servee.com/n337/ad/300x300_IowD1YVbaTd1b9t5tKhN.jpeg
172.64.111.7200 OK 9.5 kB URL HTTP/2 static.serve-servee.com/n337/ad/300x300_IowD1YVbaTd1b9t5tKhN.jpeg
IP 172.64.111.7:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 300x300, components 3\012- data
Hash 3775c5d0dccc317209174213affce12b
ebd7139de8946562df59f6eb7b67004b77b9782c
9b918416929ee4d01d8c1885ed03748577e0eafe49c780f2b3ecc48648b52776
GET /n337/ad/300x300_IowD1YVbaTd1b9t5tKhN.jpeg HTTP/1.1
Host: static.serve-servee.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Fri, 25 Nov 2022 04:34:38 GMT
content-type: image/jpeg
content-length: 9529
last-modified: Sat, 12 Nov 2022 11:16:45 GMT
accept-ranges: bytes
etag: "636f809d-2539"
cache-control: max-age=86400
x-hw: 1669350877.cds265.lo4.h2,1669350878.cds275.lo4.c
access-control-allow-origin: *
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=UbauYdkno0GN6OnyM6UjxKxUsnDplHpNqlgcLT%2B5cWZ51XJhRTevuhSafoPUiUERRMML9jYmrLnLQc9hbgWBzrKZ9tvi823l9Y0W1%2FWhZ0%2FNHU9M%2F2KY%2FBxBzGXOlJBX2%2FnEwux7K%2F79tQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 76f7ac4b6ceb8e26-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
adxadserv.com/ascripts/gcr.js
185.98.53.29200 OK 23 kB URL HTTP/1.1 adxadserv.com/ascripts/gcr.js
IP 185.98.53.29:0
ASN #39572 DataWeb Global Group B.V.
File type Unicode text, UTF-8 text, with very long lines (48738)
Hash 4bcc622fafa6d39f3d41ee9e46b585f5
f4870a326a8c0f449cbcd79673406ac1d5e6f6c8
c7ef60433000d6807163ee4643bd7774e783e4d0711513d134ae008f04f4a8e9
GET /ascripts/gcr.js HTTP/1.1
Host: adxadserv.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ads.adxadserv.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
HTTP/1.1 200 OK
Server: nginx/1.20.1
Date: Fri, 25 Nov 2022 04:34:37 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Thu, 16 Dec 2021 16:04:19 GMT
ETag: W/"61bb6383-1434f"
Expires: Wed, 23 Nov 2022 08:33:12 GMT
Cache-Control: max-age=86400, public
X-77-NZT: AblMCgpuNwf/kxkBAA
X-77-NZT-Ray: 2109d11020f10e91dd4580634b69fe3a
X-Cache: HIT
X-Age: 72083
X-77-POP: amsterdamNL
X-77-Cache: HIT
Content-Encoding: br
adxadserv.com/ascripts/pxl.js
185.98.53.29200 OK 23 kB URL HTTP/1.1 adxadserv.com/ascripts/pxl.js
IP 185.98.53.29:0
ASN #39572 DataWeb Global Group B.V.
File type Unicode text, UTF-8 text, with very long lines (36114)
Hash 72d1139e9f2e6ebe3f51c9193edb4439
cd356eb9eaab433ac792406ba36d4304b6450571
74553d0effe74cd6a4f1424940f7fd133c5457ff1d5c53030e651ec6612bec88
GET /ascripts/pxl.js HTTP/1.1
Host: adxadserv.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ads.adxadserv.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
HTTP/1.1 200 OK
Server: nginx/1.20.1
Date: Fri, 25 Nov 2022 04:34:37 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Fri, 25 Sep 2020 09:55:41 GMT
ETag: W/"5f6dbe9d-12fee"
Expires: Fri, 25 Nov 2022 08:33:05 GMT
Cache-Control: max-age=86400, public
X-77-NZT: Abk73hHuO0//nBkBAA
X-77-NZT-Ray: f4787b27139c643edd458063c860323b
X-Cache: HIT
X-Age: 72092
X-77-POP: amsterdamNL
X-77-Cache: HIT
Content-Encoding: br
e1.o.lencr.org/
23.36.76.226200 OK 345 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 2e6d361864dc7df25449d987390b4580
b31810e4d1f722f291d9e0115adede9d8f5fff55
fe6f09bffe208e0aedffa45395437fefbd27af3b370df0d8d9916673fcee80ce
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "FE6F09BFFE208E0AEDFFA45395437FEFBD27AF3B370DF0D8D9916673FCEE80CE"
Last-Modified: Thu, 24 Nov 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3799
Expires: Fri, 25 Nov 2022 05:37:57 GMT
Date: Fri, 25 Nov 2022 04:34:38 GMT
Connection: keep-alive
ocsp.digicert.com/
93.184.220.29200 OK 278 B IP 93.184.220.29:0
Hash dcde7ae0b59932e7ed5afa1db37a175e
f30358bd81ff95a15c0d3cc5b639824bfed3083f
d74d870142dd29cdbd0357f0e735ccfb1db54b2898b8893612ef86f51531c363
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 1896
Cache-Control: max-age=128415
Content-Type: application/ocsp-response
Date: Fri, 25 Nov 2022 04:34:38 GMT
Etag: "637f9115-116"
Expires: Sat, 26 Nov 2022 16:14:53 GMT
Last-Modified: Thu, 24 Nov 2022 15:43:17 GMT
Server: ECS (ska/F714)
X-Cache: HIT
Content-Length: 278
ocsp.sectigo.com/
172.64.155.188200 OK 472 B IP 172.64.155.188:0
Hash e238b3d81c4cebbbdef2975be450bec0
ca3c31ff2418da628f98ad427af626b6db3477f7
3d5213a5052d7090676e7a13ec0c5807f370aa58eed4855de838c457b04efa79
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 25 Nov 2022 04:34:38 GMT
Content-Type: application/ocsp-response
Content-Length: 472
Connection: keep-alive
Last-Modified: Tue, 22 Nov 2022 08:27:05 GMT
Expires: Tue, 29 Nov 2022 08:27:04 GMT
Etag: "ca3c31ff2418da628f98ad427af626b6db3477f7"
Cache-Control: max-age=358945,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb3
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 76f7ac4baa55b521-OSL
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 65f96a268c71dd2240b791911c212326
1c35b60c96efc632a131cb94748ee415a879f3b2
eecc5be54045ae30a37b00d7b96102d40dacc0e1c761a6432425673e04761c3a
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "EECC5BE54045AE30A37B00D7B96102D40DACC0E1C761A6432425673E04761C3A"
Last-Modified: Wed, 23 Nov 2022 22:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3703
Expires: Fri, 25 Nov 2022 05:36:21 GMT
Date: Fri, 25 Nov 2022 04:34:38 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 65f96a268c71dd2240b791911c212326
1c35b60c96efc632a131cb94748ee415a879f3b2
eecc5be54045ae30a37b00d7b96102d40dacc0e1c761a6432425673e04761c3a
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "EECC5BE54045AE30A37B00D7B96102D40DACC0E1C761A6432425673E04761C3A"
Last-Modified: Wed, 23 Nov 2022 22:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3703
Expires: Fri, 25 Nov 2022 05:36:21 GMT
Date: Fri, 25 Nov 2022 04:34:38 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 65f96a268c71dd2240b791911c212326
1c35b60c96efc632a131cb94748ee415a879f3b2
eecc5be54045ae30a37b00d7b96102d40dacc0e1c761a6432425673e04761c3a
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "EECC5BE54045AE30A37B00D7B96102D40DACC0E1C761A6432425673E04761C3A"
Last-Modified: Wed, 23 Nov 2022 22:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3703
Expires: Fri, 25 Nov 2022 05:36:21 GMT
Date: Fri, 25 Nov 2022 04:34:38 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 65f96a268c71dd2240b791911c212326
1c35b60c96efc632a131cb94748ee415a879f3b2
eecc5be54045ae30a37b00d7b96102d40dacc0e1c761a6432425673e04761c3a
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "EECC5BE54045AE30A37B00D7B96102D40DACC0E1C761A6432425673E04761C3A"
Last-Modified: Wed, 23 Nov 2022 22:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3703
Expires: Fri, 25 Nov 2022 05:36:21 GMT
Date: Fri, 25 Nov 2022 04:34:38 GMT
Connection: keep-alive
a.realsrv.com/video-slider.js
185.76.9.22200 OK 12 kB URL HTTP/2 a.realsrv.com/video-slider.js
IP 185.76.9.22:0
ASN #60068 Datacamp Limited
File type ASCII text, with very long lines (50799), with no line terminators
Hash 608bc7901781885eacc95596514705d6
c0f80a1c772205d6cdb4ced75332ff51bd49f4ca
066d1a79077e92cd737d1e647419103af2e61ebd68a7213e9290901247fbb8cb
GET /video-slider.js HTTP/1.1
Host: a.realsrv.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://media.aso1.net/
Cookie: __uvt=a%3A1%3A%7Bi%3A0%3Bs%3A33%3A%22638045dd7996e7.341755572953247564%22%3B%7D; __upt=%7B%22v%22%3A1%2C%22id%22%3A%22638045dd704708.366622444276319227%22%2C%22pcma%22%3A%22%22%2C%22acma%22%3A%22508.03940399%22%7D
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Fri, 25 Nov 2022 04:34:37 GMT
content-type: application/javascript
etag: W/"df85cb3251e415fb570ae9b4dba"
expires: Thu, 24 Nov 2022 17:05:32 GMT
cache-control: max-age=10800
access-control-allow-origin: *
x-cache-op: HIT
x-accel-expires: @1669352763
server: CDN77-Turbo
x-77-nzt: AblMCRRNvX7/0iIAAA
x-77-nzt-ray: af5856309fb08022dd45806368637a35
x-cache: HIT
x-age: 8914
x-77-pop: stockholmSE
x-77-cache: HIT
content-encoding: br
X-Firefox-Spdy: h2
syndication.realsrv.com/v1/api.php
95.211.229.248200 OK 2.4 kB URL HTTP/1.1 syndication.realsrv.com/v1/api.php
IP 95.211.229.248:0
ASN #60781 LeaseWeb Netherlands B.V.
File type JSON data\012- , ASCII text, with very long lines (5338), with no line terminators
Hash c817adc5813d3cc86a66915d3e72bd8d
bc9a00d93f6f0bd23e2b63260029e9e4e04c1c1c
239c5bf6a7cb19509ab5f2f5f9f8cd6f25ca4e41d9dff505762b01e957346998
POST /v1/api.php HTTP/1.1
Host: syndication.realsrv.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 284
Origin: https://media.aso1.net
Connection: keep-alive
Referer: https://media.aso1.net/
Cookie: __uvt=a%3A1%3A%7Bi%3A0%3Bs%3A33%3A%22638045dd7996e7.341755572953247564%22%3B%7D; __upt=%7B%22v%22%3A1%2C%22id%22%3A%22638045dd704708.366622444276319227%22%2C%22pcma%22%3A%22%22%2C%22acma%22%3A%22508.03940399%22%7D
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 25 Nov 2022 04:34:38 GMT
Content-Type: application/json
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Origin: https://media.aso1.net
Access-Control-Allow-Headers: Authorization, Content-Type
Access-Control-Request-Method: POST
Access-Control-Allow-Credentials: true
X-Robots-Tag: noindex, follow
Content-Encoding: gzip
go.xlivrdr.com/smartpop/165aea9bcdd7aabac45f72d02f58fd24b8416bc57cfc540b1b4409ac823564af?userId=1f2ad638bb163e0f21b19d6cbbcd5805b56eb7b1ef21117b6157eaf2a11915c9&memberId=ooc4ASOptnnoqldVdTdRZXO6VzqpbXUzOodTK6V0rpXT1UU0uomponpndRNTRPTS6V0zpXSuldK6Z0rpXTOrotlpq22suur3sjopmsqqqsnuqonpsqrpc6V3..3eceZQzRg3M5zpXSuldK6V0rpXSulcH2A-&sourceId=4822350&p1=4581534&skipOffset=00:00:05
104.18.59.150302 Found 0 B URL HTTP/2 go.xlivrdr.com/smartpop/165aea9bcdd7aabac45f72d02f58fd24b8416bc57cfc540b1b4409ac823564af?userId=1f2ad638bb163e0f21b19d6cbbcd5805b56eb7b1ef21117b6157eaf2a11915c9&memberId=ooc4ASOptnnoqldVdTdRZXO6VzqpbXUzOodTK6V0rpXT1UU0uomponpndRNTRPTS6V0zpXSuldK6Z0rpXTOrotlpq22suur3sjopmsqqqsnuqonpsqrpc6V3..3eceZQzRg3M5zpXSuldK6V0rpXSulcH2A-&sourceId=4822350&p1=4581534&skipOffset=00:00:05
IP 104.18.59.150:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /smartpop/165aea9bcdd7aabac45f72d02f58fd24b8416bc57cfc540b1b4409ac823564af?userId=1f2ad638bb163e0f21b19d6cbbcd5805b56eb7b1ef21117b6157eaf2a11915c9&memberId=ooc4ASOptnnoqldVdTdRZXO6VzqpbXUzOodTK6V0rpXT1UU0uomponpndRNTRPTS6V0zpXSuldK6Z0rpXTOrotlpq22suur3sjopmsqqqsnuqonpsqrpc6V3..3eceZQzRg3M5zpXSuldK6V0rpXSulcH2A-&sourceId=4822350&p1=4581534&skipOffset=00:00:05 HTTP/1.1
Host: go.xlivrdr.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://media.aso1.net
Connection: keep-alive
Referer: https://media.aso1.net/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
date: Fri, 25 Nov 2022 04:34:38 GMT
content-length: 0
location: https://go.xlivrdr.com/api/models/vast?campaignId=165aea9bcdd7aabac45f72d02f58fd24b8416bc57cfc540b1b4409ac823564af&campaignType=smartpop&creativeId=b1e02e2720203f684f246d97afe36747c347d0383f37e85772df9f975015b451&duration=00%3A00%3A30&endpoint=room&iterationId=257107&masterSmartpopId=2683&memberId=ooc4ASOptnnoqldVdTdRZXO6VzqpbXUzOodTK6V0rpXT1UU0uomponpndRNTRPTS6V0zpXSuldK6Z0rpXTOrotlpq22suur3sjopmsqqqsnuqonpsqrpc6V3..3eceZQzRg3M5zpXSuldK6V0rpXSulcH2A-&p1=4581534&ruleId=157&skipOffset=00%3A00%3A05&smartpopId=3564&sourceId=4822350&tag=-girls%2Findian&userId=1f2ad638bb163e0f21b19d6cbbcd5805b56eb7b1ef21117b6157eaf2a11915c9&variationId=29475&videosList=oil-show11
access-control-allow-origin: https://media.aso1.net
access-control-allow-credentials: true
access-control-allow-headers: Content-Type, Content-Length, Accept-Encoding, x-requested-with
cf-cache-status: DYNAMIC
set-cookie: _var=7868025.29475; Path=/; HttpOnly; SameSite=Strict
__cflb=02DiuDfsBaY2bRYJiCeSRSGTzNwtDfLbrz26xhh2KpLrg; SameSite=None; Secure; path=/; expires=Sat, 26-Nov-22 03:34:38 GMT; HttpOnly
server: cloudflare
cf-ray: 76f7ac4c1cf0b50f-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 278 B IP 93.184.220.29:0
Hash dcde7ae0b59932e7ed5afa1db37a175e
f30358bd81ff95a15c0d3cc5b639824bfed3083f
d74d870142dd29cdbd0357f0e735ccfb1db54b2898b8893612ef86f51531c363
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 1896
Cache-Control: max-age=128415
Content-Type: application/ocsp-response
Date: Fri, 25 Nov 2022 04:34:38 GMT
Etag: "637f9115-116"
Expires: Sat, 26 Nov 2022 16:14:53 GMT
Last-Modified: Thu, 24 Nov 2022 15:43:17 GMT
Server: ECS (ska/F714)
X-Cache: HIT
Content-Length: 278
s3t3d2y8.afcdn.net/library/623611/ed0885e8288645e4cca003a57f3a486611122606.jpg
185.76.9.14200 OK 29 kB URL HTTP/2 s3t3d2y8.afcdn.net/library/623611/ed0885e8288645e4cca003a57f3a486611122606.jpg
IP 185.76.9.14:0
ASN #60068 Datacamp Limited
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 90", baseline, precision 8, 300x300, components 3\012- data
Hash de65c02764f5d04b7ac0a815d366c969
ed0885e8288645e4cca003a57f3a486611122606
05e417d7c0294dfb542e9de1f1f8c763d8bbfe3f08316fd1b0c78ebb1c22e7f9
GET /library/623611/ed0885e8288645e4cca003a57f3a486611122606.jpg HTTP/1.1
Host: s3t3d2y8.afcdn.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://media.aso1.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Fri, 25 Nov 2022 04:34:38 GMT
content-type: image/jpeg
content-length: 28796
last-modified: Mon, 25 May 2020 13:58:36 GMT
etag: "5ecbcf0c-707c"
expires: Fri, 30 Jun 2023 11:10:15 GMT
cache-control: max-age=31536000
access-control-allow-origin: *
x-cache-op: HIT
x-accel-expires: @1688195204
server: CDN77-Turbo
x-robots-tag: noindex, follow
x-77-nzt: AblMCQ1lzgr/2qjBAA
x-77-nzt-ray: c0a4cc2892c9ba4cde458063516ab30c
x-cache: HIT
x-age: 12691674
x-77-pop: stockholmSE
x-77-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
adxadserv.com/px/event/v1?e_t=pageview&url=https%253A%252F%252Fads.adxadserv.com%252Fad%253Fspotid%253D636bc5d561d6e27071201a23%2526type%253D300x250%2526output%253Dhtml&ref=https%253A%252F%252Fxfantazy.com%252F&d_r=1&d_s=1280x1024&d_w=300x250&t_s=1669350876991&t_i=1669350877361&u_tz=0&u_l=en-US&u_l2=&u_l3=&pv_uid=1f87cade-2f32-4757-a954-fa59527a7ae8&nav_rc=0&nav_nt=NAVIGATE&p_nn=adxad-rtb&p_pt=IFRAME&imid=77f36d11-6c7a-11ed-9b66-52ca5d2668e1&spid=636bc5d561d6e27071201a23&fpid_sa=1669350877361&fpid=&feid_sa=1669350877361&sid_sa=1669350877361&feid=e20c95bc57129503de7409cd87b61220&sid=718185cb0930b0d1e99744de9c3ca40d&u_adb=0&vn=T-0.1.1&utm_typ=referral&utm_src=xfantazy.com&s_rst=1&e_d=%7B%22isResetRequired%22%3Atrue%7D&t_op=0.343
185.98.53.29200 OK 0 B URL HTTP/1.1 adxadserv.com/px/event/v1?e_t=pageview&url=https%253A%252F%252Fads.adxadserv.com%252Fad%253Fspotid%253D636bc5d561d6e27071201a23%2526type%253D300x250%2526output%253Dhtml&ref=https%253A%252F%252Fxfantazy.com%252F&d_r=1&d_s=1280x1024&d_w=300x250&t_s=1669350876991&t_i=1669350877361&u_tz=0&u_l=en-US&u_l2=&u_l3=&pv_uid=1f87cade-2f32-4757-a954-fa59527a7ae8&nav_rc=0&nav_nt=NAVIGATE&p_nn=adxad-rtb&p_pt=IFRAME&imid=77f36d11-6c7a-11ed-9b66-52ca5d2668e1&spid=636bc5d561d6e27071201a23&fpid_sa=1669350877361&fpid=&feid_sa=1669350877361&sid_sa=1669350877361&feid=e20c95bc57129503de7409cd87b61220&sid=718185cb0930b0d1e99744de9c3ca40d&u_adb=0&vn=T-0.1.1&utm_typ=referral&utm_src=xfantazy.com&s_rst=1&e_d=%7B%22isResetRequired%22%3Atrue%7D&t_op=0.343
IP 185.98.53.29:0
ASN #39572 DataWeb Global Group B.V.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /px/event/v1?e_t=pageview&url=https%253A%252F%252Fads.adxadserv.com%252Fad%253Fspotid%253D636bc5d561d6e27071201a23%2526type%253D300x250%2526output%253Dhtml&ref=https%253A%252F%252Fxfantazy.com%252F&d_r=1&d_s=1280x1024&d_w=300x250&t_s=1669350876991&t_i=1669350877361&u_tz=0&u_l=en-US&u_l2=&u_l3=&pv_uid=1f87cade-2f32-4757-a954-fa59527a7ae8&nav_rc=0&nav_nt=NAVIGATE&p_nn=adxad-rtb&p_pt=IFRAME&imid=77f36d11-6c7a-11ed-9b66-52ca5d2668e1&spid=636bc5d561d6e27071201a23&fpid_sa=1669350877361&fpid=&feid_sa=1669350877361&sid_sa=1669350877361&feid=e20c95bc57129503de7409cd87b61220&sid=718185cb0930b0d1e99744de9c3ca40d&u_adb=0&vn=T-0.1.1&utm_typ=referral&utm_src=xfantazy.com&s_rst=1&e_d=%7B%22isResetRequired%22%3Atrue%7D&t_op=0.343 HTTP/1.1
Host: adxadserv.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ads.adxadserv.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
HTTP/1.1 200 OK
Server: nginx/1.20.1
Date: Fri, 25 Nov 2022 04:34:38 GMT
Content-Length: 0
Connection: keep-alive
syndication.realsrv.com/cimp.php?t=api&data=H4sIAAAAAAAAAz1PQU4DMQz8Ch/YyGM7dtIzZ5BAPCDdzYoe2kq0B5D8eLJFbKxE47EzHjMxT8DE+sRyED1IiYpUKSknZI2X17dQxGe/3Nvp1r/SfD2HsRgQ7iBG1KwY37ToICwACqnI1QaH4lKYQgcXNIKzqG4oEREPifh4f35cjBid491mblAHpm8Kk0Kal8Vrte5JFJ5zdq5ZWD2bhh/XtalB+7Gg0NzgxmarkXbva9mE4tyXU0vtdkW69PvDzeYD7Nsg/idCoEOXY8KeaIxD8Si3289ljtjb/9aJvCtgmK+5dRybFKy2uPemXWVu4mLLutAv1h5txXcBAAA=
95.211.229.248200 OK 20 B URL HTTP/1.1 syndication.realsrv.com/cimp.php?t=api&data=H4sIAAAAAAAAAz1PQU4DMQz8Ch/YyGM7dtIzZ5BAPCDdzYoe2kq0B5D8eLJFbKxE47EzHjMxT8DE+sRyED1IiYpUKSknZI2X17dQxGe/3Nvp1r/SfD2HsRgQ7iBG1KwY37ToICwACqnI1QaH4lKYQgcXNIKzqG4oEREPifh4f35cjBid491mblAHpm8Kk0Kal8Vrte5JFJ5zdq5ZWD2bhh/XtalB+7Gg0NzgxmarkXbva9mE4tyXU0vtdkW69PvDzeYD7Nsg/idCoEOXY8KeaIxD8Si3289ljtjb/9aJvCtgmK+5dRybFKy2uPemXWVu4mLLutAv1h5txXcBAAA=
IP 95.211.229.248:0
ASN #60781 LeaseWeb Netherlands B.V.
Hash a4745abc5e7fdb89cc6df3069f3c6e69
74789f7ddbebd5b7323f6f8174005b4bf8c1f1ed
d1111b245f685176180e6f1631e6dc49badf6672368e9ce260c71355165effdf
GET /cimp.php?t=api&data=H4sIAAAAAAAAAz1PQU4DMQz8Ch/YyGM7dtIzZ5BAPCDdzYoe2kq0B5D8eLJFbKxE47EzHjMxT8DE+sRyED1IiYpUKSknZI2X17dQxGe/3Nvp1r/SfD2HsRgQ7iBG1KwY37ToICwACqnI1QaH4lKYQgcXNIKzqG4oEREPifh4f35cjBid491mblAHpm8Kk0Kal8Vrte5JFJ5zdq5ZWD2bhh/XtalB+7Gg0NzgxmarkXbva9mE4tyXU0vtdkW69PvDzeYD7Nsg/idCoEOXY8KeaIxD8Si3289ljtjb/9aJvCtgmK+5dRybFKy2uPemXWVu4mLLutAv1h5txXcBAAA= HTTP/1.1
Host: syndication.realsrv.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://media.aso1.net
Connection: keep-alive
Referer: https://media.aso1.net/
Cookie: __uvt=a%3A1%3A%7Bi%3A0%3Bs%3A33%3A%22638045dd7996e7.341755572953247564%22%3B%7D; __upt=%7B%22v%22%3A1%2C%22id%22%3A%22638045dd704708.366622444276319227%22%2C%22pcma%22%3A%22%22%2C%22acma%22%3A%22508.03940399%22%7D; c-tag=%7B%22tag-video%22%3A%22v3%7C%7CNOR%7C4822350%7C59493762%7C0%7C%7C508%7C41%7C3%7C40%7C0%7C0%7C0%7C25344%7C3143242%7C3143244%7C0%7C1%7C0%7C0%7C0%7C0%7C1%7C0%7C0%7C1%7C638045dd7996e7.341755572953247564%7C%7C0%7Cmedia.aso1.net%7C%7C%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7Cok%22%7D
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 25 Nov 2022 04:34:38 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Origin: https://media.aso1.net
Access-Control-Allow-Credentials: true
Set-Cookie: __uvt=a%3A1%3A%7Bi%3A0%3Bs%3A33%3A%22638045dd7996e7.341755572953247564%22%3B%7D; expires=Sun, 24 Nov 2024 04:34:38 GMT; path=; domain=.realsrv.com; Secure; SameSite=none
__upt=%7B%22v%22%3A1%2C%22id%22%3A%22638045dd704708.366622444276319227%22%2C%22pcma%22%3A%22%22%2C%22acma%22%3A%22508.0390099501%7C110.0199%22%7D; expires=Sun, 24 Nov 2024 04:34:38 GMT; path=/; domain=.realsrv.com; Secure; SameSite=none
X-Robots-Tag: noindex, follow
Content-Encoding: gzip
unseenreport.com/pxf.gif?uuid=d0595856-e3f8-48d6-a6d3-a9c57ab29ee2&eb=afa55bd8bbaeee6cbf2f0b21fb513961&te=9e4947f35751465411fd1a4f5c358c78&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&dev=e&res=14.1055&b_frame=0&pk=21fe3950f412e026c33f1b6cee613eba&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=4
192.243.61.227200 OK 1 B URL HTTP/1.1 unseenreport.com/pxf.gif?uuid=d0595856-e3f8-48d6-a6d3-a9c57ab29ee2&eb=afa55bd8bbaeee6cbf2f0b21fb513961&te=9e4947f35751465411fd1a4f5c358c78&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&dev=e&res=14.1055&b_frame=0&pk=21fe3950f412e026c33f1b6cee613eba&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=4
IP 192.243.61.227:0
ASN #39572 DataWeb Global Group B.V.
File type very short file (no magic)
Hash 93b885adfe0da089cdf634904fd59f71
5ba93c9db0cff93f52b521d7420e43f6eda2784f
6e340b9cffb37a989ca544e6bb780a2c78901d3fb33738768511a30617afa01d
Analyzer Verdict Alert quad9 Sinkholed
GET /pxf.gif?uuid=d0595856-e3f8-48d6-a6d3-a9c57ab29ee2&eb=afa55bd8bbaeee6cbf2f0b21fb513961&te=9e4947f35751465411fd1a4f5c358c78&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&dev=e&res=14.1055&b_frame=0&pk=21fe3950f412e026c33f1b6cee613eba&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=4 HTTP/1.1
Host: unseenreport.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.22.0
Date: Fri, 25 Nov 2022 04:34:38 GMT
Content-Type: image/gif
Content-Length: 1
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 5bf8ff056e1ec18b69bb6a07671df3e1
Strict-Transport-Security: max-age=0; includeSubdomains
unseenreport.com/pxf.gif?uuid=d0595856-e3f8-48d6-a6d3-a9c57ab29ee2&eb=afa55bd8bbaeee6cbf2f0b21fb513961&te=9e4947f35751465411fd1a4f5c358c78&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&dev=e&res=14.1055&b_frame=0&pk=a2f990f10476061c719d1c1aa3a2ecd2&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=4
192.243.61.227200 OK 1 B URL HTTP/1.1 unseenreport.com/pxf.gif?uuid=d0595856-e3f8-48d6-a6d3-a9c57ab29ee2&eb=afa55bd8bbaeee6cbf2f0b21fb513961&te=9e4947f35751465411fd1a4f5c358c78&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&dev=e&res=14.1055&b_frame=0&pk=a2f990f10476061c719d1c1aa3a2ecd2&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=4
IP 192.243.61.227:0
ASN #39572 DataWeb Global Group B.V.
File type very short file (no magic)
Hash 93b885adfe0da089cdf634904fd59f71
5ba93c9db0cff93f52b521d7420e43f6eda2784f
6e340b9cffb37a989ca544e6bb780a2c78901d3fb33738768511a30617afa01d
Analyzer Verdict Alert quad9 Sinkholed
GET /pxf.gif?uuid=d0595856-e3f8-48d6-a6d3-a9c57ab29ee2&eb=afa55bd8bbaeee6cbf2f0b21fb513961&te=9e4947f35751465411fd1a4f5c358c78&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&dev=e&res=14.1055&b_frame=0&pk=a2f990f10476061c719d1c1aa3a2ecd2&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=4 HTTP/1.1
Host: unseenreport.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.22.0
Date: Fri, 25 Nov 2022 04:34:38 GMT
Content-Type: image/gif
Content-Length: 1
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 52f9e425bd963b592ee3eb1c38d50b82
Strict-Transport-Security: max-age=0; includeSubdomains
poweredby.jads.co/js/jads2.js
185.94.236.253200 OK 1.7 kB URL HTTP/1.1 poweredby.jads.co/js/jads2.js
IP 185.94.236.253:0
File type ASCII text, with very long lines (3758), with no line terminators
Hash 558e1b61fc513016183a3812938e79fb
5f72ea61a2aad8f7a0956321d3fd8524db70eddf
a79f8c0aabfc2d1d45e4df2a86ca9172d292b08987f7a9d5c10bd10abf3aef54
GET /js/jads2.js HTTP/1.1
Host: poweredby.jads.co
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://media.aso1.net/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 25 Nov 2022 04:34:38 GMT
Content-Type: application/x-javascript
Last-Modified: Mon, 11 Jul 2022 00:36:11 GMT
Transfer-Encoding: chunked
Connection: close
ETag: W/"62cb707b-eae"
Content-Encoding: gzip
adxadserv.com/t/re/v4?e_t=pageview&url=https%253A%252F%252Fads.adxadserv.com%252Fad%253Fspotid%253D636bc5d561d6e27071201a23%2526type%253D300x250%2526output%253Dhtml&ref=https%253A%252F%252Fxfantazy.com%252F&d_r=1&d_s=1280x1024&d_w=300x250&t_s=1669350876991&t_i=1669350877360&u_tz=0&u_l=en-US&u_l2=&u_l3=&n_c=&n_s=&pv_uid=42ae7d3e-556a-4bf5-bbaa-92216cb85ff9&nav_rc=0&nav_nt=NAVIGATE&p_nn=adxad-rtb&p_pt=IFRAME&p_tt=desktop&p_l=en&p_z=NONAUTHORIZED&p_u_s=GUEST&fpid_sa=null&fpid=&feid_sa=null&sid_sa=null&feid=cebad4edac4214d16503d2ff47c5f57e&sid=d98c044369f1568b30e2a74b2d4d6cf7&u_adb=0&vn=R-1.0&utm_typ=referral&utm_src=xfantazy.com&s_rst=1&st_d=%7B%7D&e_d=%7B%22spotId%22%3A%22636bc5d561d6e27071201a23%22%2C%22impressionId%22%3A%2277f36d11-6c7a-11ed-9b66-52ca5d2668e1%22%7D&t_op=0.414&cb=gl.cb.pv
185.98.53.29200 OK 65 B URL HTTP/1.1 adxadserv.com/t/re/v4?e_t=pageview&url=https%253A%252F%252Fads.adxadserv.com%252Fad%253Fspotid%253D636bc5d561d6e27071201a23%2526type%253D300x250%2526output%253Dhtml&ref=https%253A%252F%252Fxfantazy.com%252F&d_r=1&d_s=1280x1024&d_w=300x250&t_s=1669350876991&t_i=1669350877360&u_tz=0&u_l=en-US&u_l2=&u_l3=&n_c=&n_s=&pv_uid=42ae7d3e-556a-4bf5-bbaa-92216cb85ff9&nav_rc=0&nav_nt=NAVIGATE&p_nn=adxad-rtb&p_pt=IFRAME&p_tt=desktop&p_l=en&p_z=NONAUTHORIZED&p_u_s=GUEST&fpid_sa=null&fpid=&feid_sa=null&sid_sa=null&feid=cebad4edac4214d16503d2ff47c5f57e&sid=d98c044369f1568b30e2a74b2d4d6cf7&u_adb=0&vn=R-1.0&utm_typ=referral&utm_src=xfantazy.com&s_rst=1&st_d=%7B%7D&e_d=%7B%22spotId%22%3A%22636bc5d561d6e27071201a23%22%2C%22impressionId%22%3A%2277f36d11-6c7a-11ed-9b66-52ca5d2668e1%22%7D&t_op=0.414&cb=gl.cb.pv
IP 185.98.53.29:0
ASN #39572 DataWeb Global Group B.V.
File type ASCII text, with no line terminators
Hash 8ed27ab2f2460f6ea1b1c8abca8908dc
f2532a71fa884d41e637a911f17f096c0ca1d871
6351f4f0b6911bdd6f06f2eed3500d42323b7044077590662c0900f792496881
GET /t/re/v4?e_t=pageview&url=https%253A%252F%252Fads.adxadserv.com%252Fad%253Fspotid%253D636bc5d561d6e27071201a23%2526type%253D300x250%2526output%253Dhtml&ref=https%253A%252F%252Fxfantazy.com%252F&d_r=1&d_s=1280x1024&d_w=300x250&t_s=1669350876991&t_i=1669350877360&u_tz=0&u_l=en-US&u_l2=&u_l3=&n_c=&n_s=&pv_uid=42ae7d3e-556a-4bf5-bbaa-92216cb85ff9&nav_rc=0&nav_nt=NAVIGATE&p_nn=adxad-rtb&p_pt=IFRAME&p_tt=desktop&p_l=en&p_z=NONAUTHORIZED&p_u_s=GUEST&fpid_sa=null&fpid=&feid_sa=null&sid_sa=null&feid=cebad4edac4214d16503d2ff47c5f57e&sid=d98c044369f1568b30e2a74b2d4d6cf7&u_adb=0&vn=R-1.0&utm_typ=referral&utm_src=xfantazy.com&s_rst=1&st_d=%7B%7D&e_d=%7B%22spotId%22%3A%22636bc5d561d6e27071201a23%22%2C%22impressionId%22%3A%2277f36d11-6c7a-11ed-9b66-52ca5d2668e1%22%7D&t_op=0.414&cb=gl.cb.pv HTTP/1.1
Host: adxadserv.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ads.adxadserv.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
HTTP/1.1 200 OK
Server: nginx/1.20.1
Date: Fri, 25 Nov 2022 04:34:38 GMT
Content-Type: text/javascript
Content-Length: 65
Connection: keep-alive
Set-Cookie: xfeid=2535858787f74102fa784cc0d92fa335; expires=Tue, 01 Jan 2030 00:00:00 GMT; path=/; domain=.adxadserv.com
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET
Access-Control-Allow-Headers: content-type
Access-Control-Max-Age: 864000
unseenreport.com/pxf.gif?uuid=d0595856-e3f8-48d6-a6d3-a9c57ab29ee2&eb=afa55bd8bbaeee6cbf2f0b21fb513961&te=9e4947f35751465411fd1a4f5c358c78&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&dev=e&res=14.1055&b_frame=0&pk=4d0afc2425eea6b0cd5a468c9f8a69ed&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=4
192.243.61.227200 OK 1 B URL HTTP/1.1 unseenreport.com/pxf.gif?uuid=d0595856-e3f8-48d6-a6d3-a9c57ab29ee2&eb=afa55bd8bbaeee6cbf2f0b21fb513961&te=9e4947f35751465411fd1a4f5c358c78&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&dev=e&res=14.1055&b_frame=0&pk=4d0afc2425eea6b0cd5a468c9f8a69ed&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=4
IP 192.243.61.227:0
ASN #39572 DataWeb Global Group B.V.
File type very short file (no magic)
Hash 93b885adfe0da089cdf634904fd59f71
5ba93c9db0cff93f52b521d7420e43f6eda2784f
6e340b9cffb37a989ca544e6bb780a2c78901d3fb33738768511a30617afa01d
Analyzer Verdict Alert quad9 Sinkholed
GET /pxf.gif?uuid=d0595856-e3f8-48d6-a6d3-a9c57ab29ee2&eb=afa55bd8bbaeee6cbf2f0b21fb513961&te=9e4947f35751465411fd1a4f5c358c78&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&dev=e&res=14.1055&b_frame=0&pk=4d0afc2425eea6b0cd5a468c9f8a69ed&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=4 HTTP/1.1
Host: unseenreport.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.22.0
Date: Fri, 25 Nov 2022 04:34:38 GMT
Content-Type: image/gif
Content-Length: 1
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: ab7ec0d5ceee2d0c0740a4152329b084
Strict-Transport-Security: max-age=0; includeSubdomains
unseenreport.com/pxf.gif?uuid=d0595856-e3f8-48d6-a6d3-a9c57ab29ee2&eb=afa55bd8bbaeee6cbf2f0b21fb513961&te=9e4947f35751465411fd1a4f5c358c78&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&dev=e&res=14.1055&b_frame=0&pk=01f75a95a38a8db0a8e82d995253a076&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=4
192.243.61.227200 OK 1 B URL HTTP/1.1 unseenreport.com/pxf.gif?uuid=d0595856-e3f8-48d6-a6d3-a9c57ab29ee2&eb=afa55bd8bbaeee6cbf2f0b21fb513961&te=9e4947f35751465411fd1a4f5c358c78&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&dev=e&res=14.1055&b_frame=0&pk=01f75a95a38a8db0a8e82d995253a076&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=4
IP 192.243.61.227:0
ASN #39572 DataWeb Global Group B.V.
File type very short file (no magic)
Hash 93b885adfe0da089cdf634904fd59f71
5ba93c9db0cff93f52b521d7420e43f6eda2784f
6e340b9cffb37a989ca544e6bb780a2c78901d3fb33738768511a30617afa01d
Analyzer Verdict Alert quad9 Sinkholed
GET /pxf.gif?uuid=d0595856-e3f8-48d6-a6d3-a9c57ab29ee2&eb=afa55bd8bbaeee6cbf2f0b21fb513961&te=9e4947f35751465411fd1a4f5c358c78&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&dev=e&res=14.1055&b_frame=0&pk=01f75a95a38a8db0a8e82d995253a076&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=4 HTTP/1.1
Host: unseenreport.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.22.0
Date: Fri, 25 Nov 2022 04:34:38 GMT
Content-Type: image/gif
Content-Length: 1
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 6ee969a8d7bf661742461a5ef8dc5016
Strict-Transport-Security: max-age=0; includeSubdomains
ocsp.sectigo.com/
172.64.155.188200 OK 472 B IP 172.64.155.188:0
Hash 6f63796a977aee0a727627edaa898d6a
f8bbc2bdd5fa91e4e265527a6eefcf872585881f
49fae2f38cd26ead02b8ba37149214aed08efac83b8a7aa3d25b79d17faf8a11
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 25 Nov 2022 04:34:38 GMT
Content-Type: application/ocsp-response
Content-Length: 472
Connection: keep-alive
Last-Modified: Wed, 23 Nov 2022 03:56:18 GMT
Expires: Wed, 30 Nov 2022 03:56:17 GMT
Etag: "f8bbc2bdd5fa91e4e265527a6eefcf872585881f"
Cache-Control: max-age=429098,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb3
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 76f7ac4d3d18b51d-OSL
ocsp.sectigo.com/
172.64.155.188200 OK 501 B IP 172.64.155.188:0
Hash dfdce25d2a1708127df15900604222e6
376fdafe0a214c4afd2fa201a35461ad280804ff
b97528b85dbabee1143c1c5c78f271b6e26f3fb3fb58943a69c4786de93a1e08
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 25 Nov 2022 04:34:38 GMT
Content-Type: application/ocsp-response
Content-Length: 472
Connection: keep-alive
Last-Modified: Wed, 23 Nov 2022 03:56:18 GMT
Expires: Wed, 30 Nov 2022 03:56:17 GMT
Etag: "f8bbc2bdd5fa91e4e265527a6eefcf872585881f"
Cache-Control: max-age=429098,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb1
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 76f7ac4d3d100b3d-OSL
lcdn.tsyndicate.com/sdk/v1/b.b.js
8.247.219.121200 OK 2.8 kB URL HTTP/2 lcdn.tsyndicate.com/sdk/v1/b.b.js
IP 8.247.219.121:0
File type ASCII text, with very long lines (2590)
Hash 01c3ce239d639853ba1e41661c115938
704741ca41e890a26eef6190c2d61131ff294f56
9aabcddb7b91826c4b8bf721d77fa448ceba501616a38c6fe0d6c4f11091ed47
GET /sdk/v1/b.b.js HTTP/1.1
Host: lcdn.tsyndicate.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://a.naturalhealthsource.club/
Cookie: ts_uid=c9b0ac95-c0c6-4fbe-a7cb-bb0cd31e65a2; bfq=APeIECNCx5YZMWLgqBHjBguEChnS6MJCxJiCW2SwiEFRRBmMMWzYyEFjxg0ZN3BsFEnSJEocXfoo
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 25 Nov 2022 04:34:38 GMT
content-type: application/javascript
content-length: 2808
last-modified: Tue, 22 Feb 2022 13:07:15 GMT
server: nginx
x-robots-tag: noindex, nofollow
content-encoding: gzip
vary: Accept-Encoding
etag: W/"6214e003-1eb1"
age: 22616615
accept-ranges: bytes
X-Firefox-Spdy: h2
lcdn.tsyndicate.com/sdk/v1/b.b.js
8.247.219.121304 Not Modified 0 B URL HTTP/2 lcdn.tsyndicate.com/sdk/v1/b.b.js
IP 8.247.219.121:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /sdk/v1/b.b.js HTTP/1.1
Host: lcdn.tsyndicate.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://a.naturalhealthsource.club/
Cookie: ts_uid=c9b0ac95-c0c6-4fbe-a7cb-bb0cd31e65a2; bfq=APeIECNCx5YZMWLgqBHjBguEChnS6MJCxJiCW2SwiEFRRBmMMWzYyEFjxg0ZN3BsFEnSJEocXfoo
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
If-Modified-Since: Tue, 22 Feb 2022 13:07:15 GMT
If-None-Match: W/"6214e003-1eb1"
TE: trailers
HTTP/2 304 Not Modified
date: Fri, 25 Nov 2022 04:34:38 GMT
last-modified: Tue, 22 Feb 2022 13:07:15 GMT
server: nginx
x-robots-tag: noindex, nofollow
vary: Accept-Encoding
etag: W/"6214e003-1eb1"
age: 22616615
X-Firefox-Spdy: h2
lcdn.tsyndicate.com/sdk/v1/b.b.js
8.247.219.121304 Not Modified 0 B URL HTTP/2 lcdn.tsyndicate.com/sdk/v1/b.b.js
IP 8.247.219.121:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /sdk/v1/b.b.js HTTP/1.1
Host: lcdn.tsyndicate.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://a.naturalhealthsource.club/
Cookie: ts_uid=c9b0ac95-c0c6-4fbe-a7cb-bb0cd31e65a2; bfq=APeIECNCx5YZMWLgqBHjBguEChnS6MJCxJiCW2SwiEFRRBmMMWzYyEFjxg0ZN3BsFEnSJEocXfoo
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
If-Modified-Since: Tue, 22 Feb 2022 13:07:15 GMT
If-None-Match: W/"6214e003-1eb1"
TE: trailers
HTTP/2 304 Not Modified
date: Fri, 25 Nov 2022 04:34:38 GMT
last-modified: Tue, 22 Feb 2022 13:07:15 GMT
server: nginx
x-robots-tag: noindex, nofollow
vary: Accept-Encoding
etag: W/"6214e003-1eb1"
age: 22616615
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 0adda2ac7c68f298d33342886acd56da
60874a49b4d892e330d5a8875790ae76b124dd50
16514de0d6d33785b738aff44f5a9d5a3d16572068ed1945d42b2bed2bfa4fd3
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "16514DE0D6D33785B738AFF44F5A9D5A3D16572068ED1945D42B2BED2BFA4FD3"
Last-Modified: Tue, 22 Nov 2022 19:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=13117
Expires: Fri, 25 Nov 2022 08:13:15 GMT
Date: Fri, 25 Nov 2022 04:34:38 GMT
Connection: keep-alive
ocsp.sectigo.com/
172.64.155.188200 OK 472 B IP 172.64.155.188:0
Hash 6f63796a977aee0a727627edaa898d6a
f8bbc2bdd5fa91e4e265527a6eefcf872585881f
49fae2f38cd26ead02b8ba37149214aed08efac83b8a7aa3d25b79d17faf8a11
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 25 Nov 2022 04:34:38 GMT
Content-Type: application/ocsp-response
Content-Length: 472
Connection: keep-alive
Last-Modified: Wed, 23 Nov 2022 03:56:18 GMT
Expires: Wed, 30 Nov 2022 03:56:17 GMT
Etag: "f8bbc2bdd5fa91e4e265527a6eefcf872585881f"
Cache-Control: max-age=429098,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb3
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 76f7ac4d3f5db517-OSL
lcdn.tsyndicate.com/images/f/9/c6542954e657f07ad90fa19d17c7da6431db37.gif
8.247.219.121200 OK 30 kB URL HTTP/2 lcdn.tsyndicate.com/images/f/9/c6542954e657f07ad90fa19d17c7da6431db37.gif
IP 8.247.219.121:0
File type GIF image data, version 89a, 300 x 250\012- data
Hash 3fe2f330f3ede17d1d391277ce897f9f
218e20c40065ad735caffabd1cfa4b7651ce0061
087ca840a17774dc21d371a1cc8a3bd57c983a96c3e8ee95391bdb01fd0cf3e5
GET /images/f/9/c6542954e657f07ad90fa19d17c7da6431db37.gif HTTP/1.1
Host: lcdn.tsyndicate.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://a.naturalhealthsource.club/
Cookie: ts_uid=c9b0ac95-c0c6-4fbe-a7cb-bb0cd31e65a2; bfq=APeIECNCx5YZMWLgqBHjBguEChnS6MJCxJiCW2SwiEFRRBmMMWzYyEFjxg0ZN3BsFEnSJEocXfoo
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 25 Nov 2022 04:34:38 GMT
content-type: image/gif
content-length: 30350
etag: "637a185c-768e"
last-modified: Sun, 20 Nov 2022 12:06:52 GMT
server: nginx
x-robots-tag: noindex, nofollow
age: 403796
accept-ranges: bytes
X-Firefox-Spdy: h2
s3t3d2y8.afcdn.net/library/823442/7484a10379d3aa453002876fd3c72642bf4b9be5.mp4
185.76.9.14206 Partial Content 66 kB URL HTTP/2 s3t3d2y8.afcdn.net/library/823442/7484a10379d3aa453002876fd3c72642bf4b9be5.mp4
IP 185.76.9.14:0
ASN #60068 Datacamp Limited
File type ISO Media, MP4 Base Media v1 [ISO 14496-12:2003]\012- data
Hash bcc29e8f60cad5153178a3801d7e82a2
07b1a25e5f6fff43c73856d4c4c6ee35b215dd82
22ae4bdf5a031c797ca8b96ed703f6d9247297e6d0a1c2e498d7e3cb451d71c9
GET /library/823442/7484a10379d3aa453002876fd3c72642bf4b9be5.mp4 HTTP/1.1
Host: s3t3d2y8.afcdn.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: video/webm,video/ogg,video/*;q=0.9,application/ogg;q=0.7,audio/*;q=0.6,*/*;q=0.5
Accept-Language: en-US,en;q=0.5
Range: bytes=0-
Connection: keep-alive
Referer: https://a.naturalhealthsource.club/
Sec-Fetch-Dest: video
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 206 Partial Content
date: Fri, 25 Nov 2022 04:34:37 GMT
content-type: video/mp4
content-length: 211266
last-modified: Fri, 18 Nov 2022 09:40:08 GMT
etag: "637752f8-33942"
expires: Tue, 21 Nov 2023 19:46:20 GMT
cache-control: max-age=31536000
access-control-allow-origin: *
x-robots-tag: noindex, follow
x-cache-op: HIT
x-accel-expires: @1700649095
server: CDN77-Turbo
x-77-nzt: AblMCQ2a3T3/1qADAA
x-77-nzt-ray: c0a4cc2892c9ba4cdd45806311f6902b
x-cache: HIT
x-age: 237782
x-77-pop: stockholmSE
x-77-cache: HIT
content-range: bytes 0-211265/211266
X-Firefox-Spdy: h2
lcdn.tsyndicate.com/images/c/9/d31d344234514c2ab939845e768879fc00c705/main.jpg
8.247.219.121200 OK 9.3 kB URL HTTP/2 lcdn.tsyndicate.com/images/c/9/d31d344234514c2ab939845e768879fc00c705/main.jpg
IP 8.247.219.121:0
File type JPEG image data, baseline, precision 8, 300x250, components 3\012- data
Hash 805670f91f12571d449ba751a9102677
a5af166dccf53739e88f7488a2dc81888136504f
9ff3a879e49cd65125b6483bb224285425f2e0b68bade7728e8f36c80a11b506
GET /images/c/9/d31d344234514c2ab939845e768879fc00c705/main.jpg HTTP/1.1
Host: lcdn.tsyndicate.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://a.naturalhealthsource.club/
Cookie: ts_uid=c9b0ac95-c0c6-4fbe-a7cb-bb0cd31e65a2; bfq=APeIECNCx5YZMWLgqBHjBguEChnS6MJCxJiCW2SwiEFRRBmMMWzYyEFjxg0ZN3BsFEnSJEocXfoo
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 25 Nov 2022 04:34:38 GMT
content-type: image/jpeg
content-length: 9259
last-modified: Sun, 20 Nov 2022 12:06:56 GMT
server: nginx
x-robots-tag: noindex, nofollow
content-encoding: gzip
vary: Accept-Encoding
etag: W/"637a1860-2460"
age: 403797
accept-ranges: bytes
X-Firefox-Spdy: h2
ocsp.sectigo.com/
172.64.155.188200 OK 2.6 kB IP 172.64.155.188:0
File type gzip compressed data, max compression\012- data
Hash 8830d9c312420c37beb7f40c23799bbd
8a474c568b6032da59ad1c37ece1f521d883c19b
2fd829ffc6596272b982e87226b15705929aeee322a71053460a3758361a97f6
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 25 Nov 2022 04:34:38 GMT
Content-Type: application/ocsp-response
Content-Length: 472
Connection: keep-alive
Last-Modified: Wed, 23 Nov 2022 03:56:18 GMT
Expires: Wed, 30 Nov 2022 03:56:17 GMT
Etag: "f8bbc2bdd5fa91e4e265527a6eefcf872585881f"
Cache-Control: max-age=429098,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb4
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 76f7ac4d3b40b521-OSL
analitits.com/t/xfeid?cb=gl.cb.xf
31.220.24.19200 OK 65 B URL HTTP/1.1 analitits.com/t/xfeid?cb=gl.cb.xf
IP 31.220.24.19:0
ASN #39572 DataWeb Global Group B.V.
File type ASCII text, with no line terminators
Hash 67e46fa5ba39652606141a02721b31eb
db6dd116d693069f6b59a4ec710480d8556cb391
5f15417cfec1dc1f3c6e9d9074a2121c4739c79ca91bf66b37921ed887384671
GET /t/xfeid?cb=gl.cb.xf HTTP/1.1
Host: analitits.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ads.adxadserv.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.10.3 (Ubuntu)
Date: Fri, 25 Nov 2022 04:34:38 GMT
Content-Type: application/octet-stream
Content-Length: 65
Connection: keep-alive
Set-Cookie: xfeid=718358f1139f9a95e227952cba59bee0; expires=Tue, 01 Jan 2030 00:00:00 GMT; path=/; domain=.analitits.com
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET
Access-Control-Allow-Headers: content-type
Access-Control-Max-Age: 864000
pxl.tsyndicate.com/api/v1/p/p.js?p=APeIQFMmDJkycuaI0BGjBgsRYcbQWRjjIZ0zC0XMsJHjRpkcNGq0kFGDDI4WNGbkINNCjEuRNmKMkZGjRgwYM2CEFPEwTJ0xGcOAtIGDDA0YLRquRClDTJmWRMegDDPjxowxOHLIyHmDJ0QydhbKiCEDx4yHcOqIoUgTRkWIcOAsxHEj5cM5cCbqOGrDZo6zItrg1cvX742HY9rI3fsXBs6eZMxQfCjGjZuFM2LEwGHzcGA3GHXQrPFYBJw2oBf2pfG2jhw2mKt2JPqwjoyMaOjQgTNHx4sXbfCccdEmDJ40Z8K0Ke5izJs2L2TAEFNj5ZinOs3cQFmjhpgWYcKYEdlwDI2_OMKIGWvjxxjlcNKQ6XE-J04udRzLsDFGzhf5PWS2WWf46cdfGHT0EAQZdbBBBwhHlOEGQmGwUSAM-80RQw8d5XBhhmnQUUYVUjDRAx5mhOEGHWHokUdzz31owxwhlvHffHSlJGMZcDzXwx48PteHjAbh9QYdN9IHQ18x_EUkhxjKaAYbb9yR5B5TVnnjkPlhyB8baYyxRpJ1RGGGFWfU8IYca5ChRxVQQDGDGWIgMQcUdMSAhBZF4EGGFnOcQYQcNtCwhBbnrTGFFUnIcIcbQjyBxA1nGHGDGlYMMUYNV6whBxN41JHSF2SckUQTN1BRxhJFtPGGDE3IEIUQSOTBhh41EKHFFUeYgUUUYWBBhRZT4EDFEFgw8cUZVSRBhBRVpOEVGc8F5YIbCLpWIUEV0oHGHG-4dl1zbKjl1Xt6bZFZF2jJARRD2DkkghiS6QCDC24hdtoXcLi70L2OcfaQHHYs1tBDZYxx2r_4tlaHtDqIMEYOYsAQUU0tjAHDGDagROdTYdwwxncubUxGZmX0FcZtD6WxmAg5xOBCDvfSIIMLDdHglX8uZxTzzDXfnLNXdYSRURNv6JEGG2yE8UIN-IKAwhVpuEHtHXOA4AQVINyE7w4gUO1GoWDjQTYIBDMEA9QwpABhwmu8EZ1bjt0UAwhGpCFHGWa8gccLN7F97rsiOPGEV2t-MQbhhnvFBuFFODFtGXZ8sTdsDNVwww1mEeXYwGdcJloNdD10UOViyDEXDqZT_oWrZIiFQ0ymy_EGZg-9odBe7fqdx0I0mJ6H6HTIUUcZA_ONm268-fZCGNdmK8e2BTn4bbjulkGuWi94dUdGZOEAg1dogI-hzncRnJHtLNKxZgt1uBHiSDeTMQZZ0xJ-EKn3sywCHW2giA04MgPS0IV1_2vDbRgywL8YkHNegozlyoCXLyBIgAR8IALVoxcRHCRFDZoIWh73L8SEBgZ9UEBAAA%3D%3D&s=6ddccb6c2f23f79339310b6cd5ff705c343af8109f842e6f2591ed74e685bc5a1669350878&w=t&r=1&d=84&priv=false
136.243.51.205200 OK 24 B URL HTTP/2 pxl.tsyndicate.com/api/v1/p/p.js?p=APeIQFMmDJkycuaI0BGjBgsRYcbQWRjjIZ0zC0XMsJHjRpkcNGq0kFGDDI4WNGbkINNCjEuRNmKMkZGjRgwYM2CEFPEwTJ0xGcOAtIGDDA0YLRquRClDTJmWRMegDDPjxowxOHLIyHmDJ0QydhbKiCEDx4yHcOqIoUgTRkWIcOAsxHEj5cM5cCbqOGrDZo6zItrg1cvX742HY9rI3fsXBs6eZMxQfCjGjZuFM2LEwGHzcGA3GHXQrPFYBJw2oBf2pfG2jhw2mKt2JPqwjoyMaOjQgTNHx4sXbfCccdEmDJ40Z8K0Ke5izJs2L2TAEFNj5ZinOs3cQFmjhpgWYcKYEdlwDI2_OMKIGWvjxxjlcNKQ6XE-J04udRzLsDFGzhf5PWS2WWf46cdfGHT0EAQZdbBBBwhHlOEGQmGwUSAM-80RQw8d5XBhhmnQUUYVUjDRAx5mhOEGHWHokUdzz31owxwhlvHffHSlJGMZcDzXwx48PteHjAbh9QYdN9IHQ18x_EUkhxjKaAYbb9yR5B5TVnnjkPlhyB8baYyxRpJ1RGGGFWfU8IYca5ChRxVQQDGDGWIgMQcUdMSAhBZF4EGGFnOcQYQcNtCwhBbnrTGFFUnIcIcbQjyBxA1nGHGDGlYMMUYNV6whBxN41JHSF2SckUQTN1BRxhJFtPGGDE3IEIUQSOTBhh41EKHFFUeYgUUUYWBBhRZT4EDFEFgw8cUZVSRBhBRVpOEVGc8F5YIbCLpWIUEV0oHGHG-4dl1zbKjl1Xt6bZFZF2jJARRD2DkkghiS6QCDC24hdtoXcLi70L2OcfaQHHYs1tBDZYxx2r_4tlaHtDqIMEYOYsAQUU0tjAHDGDagROdTYdwwxncubUxGZmX0FcZtD6WxmAg5xOBCDvfSIIMLDdHglX8uZxTzzDXfnLNXdYSRURNv6JEGG2yE8UIN-IKAwhVpuEHtHXOA4AQVINyE7w4gUO1GoWDjQTYIBDMEA9QwpABhwmu8EZ1bjt0UAwhGpCFHGWa8gccLN7F97rsiOPGEV2t-MQbhhnvFBuFFODFtGXZ8sTdsDNVwww1mEeXYwGdcJloNdD10UOViyDEXDqZT_oWrZIiFQ0ymy_EGZg-9odBe7fqdx0I0mJ6H6HTIUUcZA_ONm268-fZCGNdmK8e2BTn4bbjulkGuWi94dUdGZOEAg1dogI-hzncRnJHtLNKxZgt1uBHiSDeTMQZZ0xJ-EKn3sywCHW2giA04MgPS0IV1_2vDbRgywL8YkHNegozlyoCXLyBIgAR8IALVoxcRHCRFDZoIWh73L8SEBgZ9UEBAAA%3D%3D&s=6ddccb6c2f23f79339310b6cd5ff705c343af8109f842e6f2591ed74e685bc5a1669350878&w=t&r=1&d=84&priv=false
IP 136.243.51.205:0
ASN #24940 Hetzner Online GmbH
File type ASCII text, with no line terminators
Hash 0959ba36d476b6dc1994ba3c678b07c4
d30b94da72daa02766965206a85b7e0356375f5e
897410b87e27e3dfba3a7d6caab315a5e69cc941bb96d91fc74878a9b051843a
GET /api/v1/p/p.js?p=APeIQFMmDJkycuaI0BGjBgsRYcbQWRjjIZ0zC0XMsJHjRpkcNGq0kFGDDI4WNGbkINNCjEuRNmKMkZGjRgwYM2CEFPEwTJ0xGcOAtIGDDA0YLRquRClDTJmWRMegDDPjxowxOHLIyHmDJ0QydhbKiCEDx4yHcOqIoUgTRkWIcOAsxHEj5cM5cCbqOGrDZo6zItrg1cvX742HY9rI3fsXBs6eZMxQfCjGjZuFM2LEwGHzcGA3GHXQrPFYBJw2oBf2pfG2jhw2mKt2JPqwjoyMaOjQgTNHx4sXbfCccdEmDJ40Z8K0Ke5izJs2L2TAEFNj5ZinOs3cQFmjhpgWYcKYEdlwDI2_OMKIGWvjxxjlcNKQ6XE-J04udRzLsDFGzhf5PWS2WWf46cdfGHT0EAQZdbBBBwhHlOEGQmGwUSAM-80RQw8d5XBhhmnQUUYVUjDRAx5mhOEGHWHokUdzz31owxwhlvHffHSlJGMZcDzXwx48PteHjAbh9QYdN9IHQ18x_EUkhxjKaAYbb9yR5B5TVnnjkPlhyB8baYyxRpJ1RGGGFWfU8IYca5ChRxVQQDGDGWIgMQcUdMSAhBZF4EGGFnOcQYQcNtCwhBbnrTGFFUnIcIcbQjyBxA1nGHGDGlYMMUYNV6whBxN41JHSF2SckUQTN1BRxhJFtPGGDE3IEIUQSOTBhh41EKHFFUeYgUUUYWBBhRZT4EDFEFgw8cUZVSRBhBRVpOEVGc8F5YIbCLpWIUEV0oHGHG-4dl1zbKjl1Xt6bZFZF2jJARRD2DkkghiS6QCDC24hdtoXcLi70L2OcfaQHHYs1tBDZYxx2r_4tlaHtDqIMEYOYsAQUU0tjAHDGDagROdTYdwwxncubUxGZmX0FcZtD6WxmAg5xOBCDvfSIIMLDdHglX8uZxTzzDXfnLNXdYSRURNv6JEGG2yE8UIN-IKAwhVpuEHtHXOA4AQVINyE7w4gUO1GoWDjQTYIBDMEA9QwpABhwmu8EZ1bjt0UAwhGpCFHGWa8gccLN7F97rsiOPGEV2t-MQbhhnvFBuFFODFtGXZ8sTdsDNVwww1mEeXYwGdcJloNdD10UOViyDEXDqZT_oWrZIiFQ0ymy_EGZg-9odBe7fqdx0I0mJ6H6HTIUUcZA_ONm268-fZCGNdmK8e2BTn4bbjulkGuWi94dUdGZOEAg1dogI-hzncRnJHtLNKxZgt1uBHiSDeTMQZZ0xJ-EKn3sywCHW2giA04MgPS0IV1_2vDbRgywL8YkHNegozlyoCXLyBIgAR8IALVoxcRHCRFDZoIWh73L8SEBgZ9UEBAAA%3D%3D&s=6ddccb6c2f23f79339310b6cd5ff705c343af8109f842e6f2591ed74e685bc5a1669350878&w=t&r=1&d=84&priv=false HTTP/1.1
Host: pxl.tsyndicate.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://a.naturalhealthsource.club/
Cookie: ts_uid=c9b0ac95-c0c6-4fbe-a7cb-bb0cd31e65a2; bfq=APeIECNCx5YZMWLgqBHjBguEChnS6MJCxJiCW2SwiEFRRBmMMWzYyEFjxg0ZN3BsFEnSJEocXfoo
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Fri, 25 Nov 2022 04:34:38 GMT
content-type: text/plain; charset=utf-8
content-length: 24
x-robots-tag: noindex, nofollow
X-Firefox-Spdy: h2
pxl.tsyndicate.com/api/v1/p/p.js?p=APeIQFMmDJkycuaI0BGjBgsRYcbQWRjjIZ0zC0XgkBEGRowbMsq0sBEyTAsaMmTkaJHjxg2RMGrcoBEmhwwYZG5EFPEwTJ0xGWvSsIGDDA0YLRrmIHNShhiRYoiOORlmxo0ZY3DYnAHjBk-IZOwslBFDBo4ZD-HUEUNRpceecOAsxDETrYg5cCbqOGqjRowcdtvg1cvXb8uHY9rI3QsYBgy7Bs1QfCjGjZuFM2LEwOGXxsM2bjDqUFnjcVrQovvSqCiijhw2mK227PuwjoyMaOjQgTNHx4sXbfCccdEmDJ40Z8K0Ke5izJs2L26KqbF0DEwaZm6crFFDTIswYczUSFpjDA3AOMKIIWvjxxjlcNKQ6XGe62MudRzLsDFGzhf5PWS2WWf46cdfGHT0EAQZdbBBBwhHlOEGQmGwUSAM-80RQw8t5XBhhmnQUUYVUjDRAx5mhOEGHWHokUdzz31owxwhlvHffHTRMIOMZcDxXA979PhcHzIahNcbdNxIHwx9_bVjfhjaEAaHGMpoBhtv3KHkHldmeSORUO43BhtpjLGGklAMIYQeS5hxRwtlZEEFDFMw4QQTUHyxxn5yWBFHE-_NMEUOT6QxhxIzuAHHGnSoYYMcOMRBRRlYXGFGHG9AEYcQVUABRxZEiKEFFi2QkYYeayz6xgxS3KDHGDXgEccRR8gxxRJ0QIGFDG4s8QQbNCRBhxZBTIHHFVS00AYdWp5RRRJESFFFGl-R8VxQLriBoGsVElQhHWjM8YZr1jXHxlpfvafXFpl1kZYcQDEEk0MiiCGZDjC48JYIY8DRxhdwwLtQvo5x9pAcdizW0ENl9NvGwPqyVkcd1OrAbw5iwBBRDuONAcMYNpxkxlPf3TCGd2JkPAYZmZXRVxi3PZTGYiLkEIMLOeSLkgsN0fCVfzNnZDPOOsvAcw0-1xZGRk28oUcabLARxgs16AsCClek4Ya1d8wBghNUgBADwTuAkLUbNtBQNh5pl40wQzHpmwKEDa_xRnQeOTZ2DCAYkYYcZZjxBh4vjF01DOnGK4ITT3z1hn9jKM74V2woXoQT1ZZhxxeAw8aQTDecRZRjB59x2Wg10PXQQZuLIcdcOKyu-RdtvEHGWDjYwBoZcryB2UNvKLTXu4PnsZBnIpCRx-l0yFFHGQcHjptuvPn2QhjZbitHtwU5GO648JZh7lovfHVHRmXhgPhDaKCPYdJ3IZxR7yzS8XgLdbgRYgspuUDGGGWpluIO8oX_BdAiD2OIDWwAmNLQJXYioEMbbqNABs7AgaGLUk_IwLky4OULCKLIAhsIgwf2RAx6SV7gfOKgr8ChcgNDjGhg0AcFBAQ%3D&s=8fcce5aba100c1e67dbe4cf4e7ee70d3aa679fa7072900a21eb9a895fccc353f1669350878&w=t&r=1&d=6&priv=false
136.243.51.205200 OK 24 B URL HTTP/2 pxl.tsyndicate.com/api/v1/p/p.js?p=APeIQFMmDJkycuaI0BGjBgsRYcbQWRjjIZ0zC0XgkBEGRowbMsq0sBEyTAsaMmTkaJHjxg2RMGrcoBEmhwwYZG5EFPEwTJ0xGWvSsIGDDA0YLRrmIHNShhiRYoiOORlmxo0ZY3DYnAHjBk-IZOwslBFDBo4ZD-HUEUNRpceecOAsxDETrYg5cCbqOGqjRowcdtvg1cvXb8uHY9rI3QsYBgy7Bs1QfCjGjZuFM2LEwOGXxsM2bjDqUFnjcVrQovvSqCiijhw2mK227PuwjoyMaOjQgTNHx4sXbfCccdEmDJ40Z8K0Ke5izJs2L26KqbF0DEwaZm6crFFDTIswYczUSFpjDA3AOMKIIWvjxxjlcNKQ6XGe62MudRzLsDFGzhf5PWS2WWf46cdfGHT0EAQZdbBBBwhHlOEGQmGwUSAM-80RQw8t5XBhhmnQUUYVUjDRAx5mhOEGHWHokUdzz31owxwhlvHffHTRMIOMZcDxXA979PhcHzIahNcbdNxIHwx9_bVjfhjaEAaHGMpoBhtv3KHkHldmeSORUO43BhtpjLGGklAMIYQeS5hxRwtlZEEFDFMw4QQTUHyxxn5yWBFHE-_NMEUOT6QxhxIzuAHHGnSoYYMcOMRBRRlYXGFGHG9AEYcQVUABRxZEiKEFFi2QkYYeayz6xgxS3KDHGDXgEccRR8gxxRJ0QIGFDG4s8QQbNCRBhxZBTIHHFVS00AYdWp5RRRJESFFFGl-R8VxQLriBoGsVElQhHWjM8YZr1jXHxlpfvafXFpl1kZYcQDEEk0MiiCGZDjC48JYIY8DRxhdwwLtQvo5x9pAcdizW0ENl9NvGwPqyVkcd1OrAbw5iwBBRDuONAcMYNpxkxlPf3TCGd2JkPAYZmZXRVxi3PZTGYiLkEIMLOeSLkgsN0fCVfzNnZDPOOsvAcw0-1xZGRk28oUcabLARxgs16AsCClek4Ya1d8wBghNUgBADwTuAkLUbNtBQNh5pl40wQzHpmwKEDa_xRnQeOTZ2DCAYkYYcZZjxBh4vjF01DOnGK4ITT3z1hn9jKM74V2woXoQT1ZZhxxeAw8aQTDecRZRjB59x2Wg10PXQQZuLIcdcOKyu-RdtvEHGWDjYwBoZcryB2UNvKLTXu4PnsZBnIpCRx-l0yFFHGQcHjptuvPn2QhjZbitHtwU5GO648JZh7lovfHVHRmXhgPhDaKCPYdJ3IZxR7yzS8XgLdbgRYgspuUDGGGWpluIO8oX_BdAiD2OIDWwAmNLQJXYioEMbbqNABs7AgaGLUk_IwLky4OULCKLIAhsIgwf2RAx6SV7gfOKgr8ChcgNDjGhg0AcFBAQ%3D&s=8fcce5aba100c1e67dbe4cf4e7ee70d3aa679fa7072900a21eb9a895fccc353f1669350878&w=t&r=1&d=6&priv=false
IP 136.243.51.205:0
ASN #24940 Hetzner Online GmbH
File type ASCII text, with no line terminators
Hash 0959ba36d476b6dc1994ba3c678b07c4
d30b94da72daa02766965206a85b7e0356375f5e
897410b87e27e3dfba3a7d6caab315a5e69cc941bb96d91fc74878a9b051843a
GET /api/v1/p/p.js?p=APeIQFMmDJkycuaI0BGjBgsRYcbQWRjjIZ0zC0XgkBEGRowbMsq0sBEyTAsaMmTkaJHjxg2RMGrcoBEmhwwYZG5EFPEwTJ0xGWvSsIGDDA0YLRrmIHNShhiRYoiOORlmxo0ZY3DYnAHjBk-IZOwslBFDBo4ZD-HUEUNRpceecOAsxDETrYg5cCbqOGqjRowcdtvg1cvXb8uHY9rI3QsYBgy7Bs1QfCjGjZuFM2LEwOGXxsM2bjDqUFnjcVrQovvSqCiijhw2mK227PuwjoyMaOjQgTNHx4sXbfCccdEmDJ40Z8K0Ke5izJs2L26KqbF0DEwaZm6crFFDTIswYczUSFpjDA3AOMKIIWvjxxjlcNKQ6XGe62MudRzLsDFGzhf5PWS2WWf46cdfGHT0EAQZdbBBBwhHlOEGQmGwUSAM-80RQw8t5XBhhmnQUUYVUjDRAx5mhOEGHWHokUdzz31owxwhlvHffHTRMIOMZcDxXA979PhcHzIahNcbdNxIHwx9_bVjfhjaEAaHGMpoBhtv3KHkHldmeSORUO43BhtpjLGGklAMIYQeS5hxRwtlZEEFDFMw4QQTUHyxxn5yWBFHE-_NMEUOT6QxhxIzuAHHGnSoYYMcOMRBRRlYXGFGHG9AEYcQVUABRxZEiKEFFi2QkYYeayz6xgxS3KDHGDXgEccRR8gxxRJ0QIGFDG4s8QQbNCRBhxZBTIHHFVS00AYdWp5RRRJESFFFGl-R8VxQLriBoGsVElQhHWjM8YZr1jXHxlpfvafXFpl1kZYcQDEEk0MiiCGZDjC48JYIY8DRxhdwwLtQvo5x9pAcdizW0ENl9NvGwPqyVkcd1OrAbw5iwBBRDuONAcMYNpxkxlPf3TCGd2JkPAYZmZXRVxi3PZTGYiLkEIMLOeSLkgsN0fCVfzNnZDPOOsvAcw0-1xZGRk28oUcabLARxgs16AsCClek4Ya1d8wBghNUgBADwTuAkLUbNtBQNh5pl40wQzHpmwKEDa_xRnQeOTZ2DCAYkYYcZZjxBh4vjF01DOnGK4ITT3z1hn9jKM74V2woXoQT1ZZhxxeAw8aQTDecRZRjB59x2Wg10PXQQZuLIcdcOKyu-RdtvEHGWDjYwBoZcryB2UNvKLTXu4PnsZBnIpCRx-l0yFFHGQcHjptuvPn2QhjZbitHtwU5GO648JZh7lovfHVHRmXhgPhDaKCPYdJ3IZxR7yzS8XgLdbgRYgspuUDGGGWpluIO8oX_BdAiD2OIDWwAmNLQJXYioEMbbqNABs7AgaGLUk_IwLky4OULCKLIAhsIgwf2RAx6SV7gfOKgr8ChcgNDjGhg0AcFBAQ%3D&s=8fcce5aba100c1e67dbe4cf4e7ee70d3aa679fa7072900a21eb9a895fccc353f1669350878&w=t&r=1&d=6&priv=false HTTP/1.1
Host: pxl.tsyndicate.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://a.naturalhealthsource.club/
Cookie: ts_uid=c9b0ac95-c0c6-4fbe-a7cb-bb0cd31e65a2; bfq=APeIECNCx5YZMWLgqBHjBguEChnS6MJCxJiCW2SwiEFRRBmMMWzYyEFjxg0ZN3BsFEnSJEocXfoo
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Fri, 25 Nov 2022 04:34:38 GMT
content-type: text/plain; charset=utf-8
content-length: 24
x-robots-tag: noindex, nofollow
X-Firefox-Spdy: h2
pxl.tsyndicate.com/api/v1/p/p.js?p=APeIQFMmDJkycuaI0BGjBgsRYcbQWRjjIZ0zC0WIsUFjjBgaZsy0sDHjRo4WNGTcKNNCDIwYMFqYmSEDJI4YY8bgMFNDxMMwdcZkDJODhg0cZGjEbJiDDEoZYlhuxDEGZZiSM3TmkDEDxg2fEMnYWSgjhgwcMx7CqSOGoowcL3_CgbMQxw0aaUXMgTNRh1IbNWLkyNtmb9-_gXPceDimDV2_g2HAyGvQDMWHYty4WTgjRgwcgReLaOMGo463NSarJW0aMI2KIurIYcO5pOKjD-vIyIiGDh04c3S8eNEGzxkXbcLgSXMmTJvkLsa8afNCBgwxNZqOYQkD5A2UNWqIaREmDM8WDcfQGIwjjJiyNn6McQ4nDZke67tO5lJHsgwbY8jxhX09dPZZaPz5B2AYdPQQBBl1sEEHCEeU4QZCYbCRIAz_zRFDD4rlsGGHadBRRhVSMNEDHmaE4QYdYeiRR3TTjWjDHCWWMeB9duFlYxlwTNfDHkBO14eNBu31Bh074gcDYILNgCSIHNpoBhtv3NHkHldmueOR_XEIIBtpjLFGk3G0UMUVZVCRhxpylKkFFFSYkUQYWpZxwxVzRUGEE3UwQUMcMMwhxxBhnFEGFm-4MYYWVdRRBRRstJGGG3lYkcMZZNxRgxxr5LBEE0UkEYMUZSzBBhlUXCESFEnYkEcVVhixBh1a1OCEHXi04AYNVzQxxRFCDLEEHI6VIcUXZ1SRBBFSVJEGWGRMN5QLbjAoW4YEZUgHGnO8Idt20bHBFljz9bVFZ12oJYdQDHHnkEaW6QCDC3GJMAayX8Dx7kL3SgbaQ3LY8VhDD5WxbxsA4wtbHXVMq4O-ObgUUQ41tDAGDGPYgJIZUZF3g0ctuTQGGZ2VAVgYuz2UxmMi5BCDC3C5kJILDdEAloAvZyQzzffenDNYdYSRURNv6JEGG2yE8UIN-IKAwhWXVnvHHCA4QQUIMOG7AwhUu8HR13iMDULBDMEANQwpUKjwGm9U95JkMMUAghFpyFGGGW_g8QJMa6MLrwhOPAHWGwLmlFHhYLExeBFOUFuGHV_oTRtDNdxwA1pHSUbwGZudVoNdDx1EuRhy1IVD6ZN_0cYbZJCFgw2wkSHHG5w99IZCfrnbdx4L0VB6HqHTIUcdZRC8N2--ASfcC2Fgq60c3BYkIbjivltGuWy9ANYdGZmFAwxgoRE-hzo_ZOhYE98OIx2It1CHGyW2IIMMLpAxhlnUDn7QF_rjn0UYxhAb2GAwqbHL6kRAhzbspoAHnEECN8eheRmkcmXYyxcYRBEDIhAGCvyJGPoigoO0KEITUYvjAMYY08CgDwoICA%3D%3D&s=6fda5a126382ea329ddb5c29f5e451d2e0b5573e6c2c99e8725cbaf98a1c6b431669350878&w=t&r=1&d=97&priv=false
136.243.51.205200 OK 24 B URL HTTP/2 pxl.tsyndicate.com/api/v1/p/p.js?p=APeIQFMmDJkycuaI0BGjBgsRYcbQWRjjIZ0zC0WIsUFjjBgaZsy0sDHjRo4WNGTcKNNCDIwYMFqYmSEDJI4YY8bgMFNDxMMwdcZkDJODhg0cZGjEbJiDDEoZYlhuxDEGZZiSM3TmkDEDxg2fEMnYWSgjhgwcMx7CqSOGoowcL3_CgbMQxw0aaUXMgTNRh1IbNWLkyNtmb9-_gXPceDimDV2_g2HAyGvQDMWHYty4WTgjRgwcgReLaOMGo463NSarJW0aMI2KIurIYcO5pOKjD-vIyIiGDh04c3S8eNEGzxkXbcLgSXMmTJvkLsa8afNCBgwxNZqOYQkD5A2UNWqIaREmDM8WDcfQGIwjjJiyNn6McQ4nDZke67tO5lJHsgwbY8jxhX09dPZZaPz5B2AYdPQQBBl1sEEHCEeU4QZCYbCRIAz_zRFDD4rlsGGHadBRRhVSMNEDHmaE4QYdYeiRR3TTjWjDHCWWMeB9duFlYxlwTNfDHkBO14eNBu31Bh074gcDYILNgCSIHNpoBhtv3NHkHldmueOR_XEIIBtpjLFGk3G0UMUVZVCRhxpylKkFFFSYkUQYWpZxwxVzRUGEE3UwQUMcMMwhxxBhnFEGFm-4MYYWVdRRBRRstJGGG3lYkcMZZNxRgxxr5LBEE0UkEYMUZSzBBhlUXCESFEnYkEcVVhixBh1a1OCEHXi04AYNVzQxxRFCDLEEHI6VIcUXZ1SRBBFSVJEGWGRMN5QLbjAoW4YEZUgHGnO8Idt20bHBFljz9bVFZ12oJYdQDHHnkEaW6QCDC3GJMAayX8Dx7kL3SgbaQ3LY8VhDD5WxbxsA4wtbHXVMq4O-ObgUUQ41tDAGDGPYgJIZUZF3g0ctuTQGGZ2VAVgYuz2UxmMi5BCDC3C5kJILDdEAloAvZyQzzffenDNYdYSRURNv6JEGG2yE8UIN-IKAwhWXVnvHHCA4QQUIMOG7AwhUu8HR13iMDULBDMEANQwpUKjwGm9U95JkMMUAghFpyFGGGW_g8QJMa6MLrwhOPAHWGwLmlFHhYLExeBFOUFuGHV_oTRtDNdxwA1pHSUbwGZudVoNdDx1EuRhy1IVD6ZN_0cYbZJCFgw2wkSHHG5w99IZCfrnbdx4L0VB6HqHTIUcdZRC8N2--ASfcC2Fgq60c3BYkIbjivltGuWy9ANYdGZmFAwxgoRE-hzo_ZOhYE98OIx2It1CHGyW2IIMMLpAxhlnUDn7QF_rjn0UYxhAb2GAwqbHL6kRAhzbspoAHnEECN8eheRmkcmXYyxcYRBEDIhAGCvyJGPoigoO0KEITUYvjAMYY08CgDwoICA%3D%3D&s=6fda5a126382ea329ddb5c29f5e451d2e0b5573e6c2c99e8725cbaf98a1c6b431669350878&w=t&r=1&d=97&priv=false
IP 136.243.51.205:0
ASN #24940 Hetzner Online GmbH
File type ASCII text, with no line terminators
Hash 0959ba36d476b6dc1994ba3c678b07c4
d30b94da72daa02766965206a85b7e0356375f5e
897410b87e27e3dfba3a7d6caab315a5e69cc941bb96d91fc74878a9b051843a
GET /api/v1/p/p.js?p=APeIQFMmDJkycuaI0BGjBgsRYcbQWRjjIZ0zC0WIsUFjjBgaZsy0sDHjRo4WNGTcKNNCDIwYMFqYmSEDJI4YY8bgMFNDxMMwdcZkDJODhg0cZGjEbJiDDEoZYlhuxDEGZZiSM3TmkDEDxg2fEMnYWSgjhgwcMx7CqSOGoowcL3_CgbMQxw0aaUXMgTNRh1IbNWLkyNtmb9-_gXPceDimDV2_g2HAyGvQDMWHYty4WTgjRgwcgReLaOMGo463NSarJW0aMI2KIurIYcO5pOKjD-vIyIiGDh04c3S8eNEGzxkXbcLgSXMmTJvkLsa8afNCBgwxNZqOYQkD5A2UNWqIaREmDM8WDcfQGIwjjJiyNn6McQ4nDZke67tO5lJHsgwbY8jxhX09dPZZaPz5B2AYdPQQBBl1sEEHCEeU4QZCYbCRIAz_zRFDD4rlsGGHadBRRhVSMNEDHmaE4QYdYeiRR3TTjWjDHCWWMeB9duFlYxlwTNfDHkBO14eNBu31Bh074gcDYILNgCSIHNpoBhtv3NHkHldmueOR_XEIIBtpjLFGk3G0UMUVZVCRhxpylKkFFFSYkUQYWpZxwxVzRUGEE3UwQUMcMMwhxxBhnFEGFm-4MYYWVdRRBRRstJGGG3lYkcMZZNxRgxxr5LBEE0UkEYMUZSzBBhlUXCESFEnYkEcVVhixBh1a1OCEHXi04AYNVzQxxRFCDLEEHI6VIcUXZ1SRBBFSVJEGWGRMN5QLbjAoW4YEZUgHGnO8Idt20bHBFljz9bVFZ12oJYdQDHHnkEaW6QCDC3GJMAayX8Dx7kL3SgbaQ3LY8VhDD5WxbxsA4wtbHXVMq4O-ObgUUQ41tDAGDGPYgJIZUZF3g0ctuTQGGZ2VAVgYuz2UxmMi5BCDC3C5kJILDdEAloAvZyQzzffenDNYdYSRURNv6JEGG2yE8UIN-IKAwhWXVnvHHCA4QQUIMOG7AwhUu8HR13iMDULBDMEANQwpUKjwGm9U95JkMMUAghFpyFGGGW_g8QJMa6MLrwhOPAHWGwLmlFHhYLExeBFOUFuGHV_oTRtDNdxwA1pHSUbwGZudVoNdDx1EuRhy1IVD6ZN_0cYbZJCFgw2wkSHHG5w99IZCfrnbdx4L0VB6HqHTIUcdZRC8N2--ASfcC2Fgq60c3BYkIbjivltGuWy9ANYdGZmFAwxgoRE-hzo_ZOhYE98OIx2It1CHGyW2IIMMLpAxhlnUDn7QF_rjn0UYxhAb2GAwqbHL6kRAhzbspoAHnEECN8eheRmkcmXYyxcYRBEDIhAGCvyJGPoigoO0KEITUYvjAMYY08CgDwoICA%3D%3D&s=6fda5a126382ea329ddb5c29f5e451d2e0b5573e6c2c99e8725cbaf98a1c6b431669350878&w=t&r=1&d=97&priv=false HTTP/1.1
Host: pxl.tsyndicate.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://a.naturalhealthsource.club/
Cookie: ts_uid=c9b0ac95-c0c6-4fbe-a7cb-bb0cd31e65a2; bfq=APeIECNCx5YZMWLgqBHjBguEChnS6MJCxJiCW2SwiEFRRBmMMWzYyEFjxg0ZN3BsFEnSJEocXfoo
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Fri, 25 Nov 2022 04:34:38 GMT
content-type: text/plain; charset=utf-8
content-length: 24
x-robots-tag: noindex, nofollow
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 279 B IP 93.184.220.29:0
Hash b363fcc771add230d5cb4602d4d0b247
6455a1dd363610ae379fb1da2f0ad8bb52101bd7
5e0a917c3b797c3dd8fe633bf74506ae669de5c1046b0d035eff21928d97a8c0
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 1983
Cache-Control: max-age=89242
Content-Type: application/ocsp-response
Date: Fri, 25 Nov 2022 04:34:38 GMT
Etag: "637ef7b9-117"
Expires: Sat, 26 Nov 2022 05:22:00 GMT
Last-Modified: Thu, 24 Nov 2022 04:48:57 GMT
Server: ECS (ska/F714)
X-Cache: HIT
Content-Length: 279
ocsp.digicert.com/
93.184.220.29200 OK 279 B IP 93.184.220.29:0
Hash b363fcc771add230d5cb4602d4d0b247
6455a1dd363610ae379fb1da2f0ad8bb52101bd7
5e0a917c3b797c3dd8fe633bf74506ae669de5c1046b0d035eff21928d97a8c0
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 1983
Cache-Control: max-age=89242
Content-Type: application/ocsp-response
Date: Fri, 25 Nov 2022 04:34:38 GMT
Etag: "637ef7b9-117"
Expires: Sat, 26 Nov 2022 05:22:00 GMT
Last-Modified: Thu, 24 Nov 2022 04:48:57 GMT
Server: ECS (ska/F714)
X-Cache: HIT
Content-Length: 279
cdn.creative-bars1.com/sb/ssp/utility/social-media/facebook/js/script.js
172.64.109.13200 OK 32 kB URL HTTP/2 cdn.creative-bars1.com/sb/ssp/utility/social-media/facebook/js/script.js
IP 172.64.109.13:0
Hash d993eea0edac7519cfe639900bba0555
e77bd57cd73d87289b9583f9adf3bf8780d3e6da
fe0b0f74376fa36321d84848a413779be5a1e0f573ebd87a4d9f71051a34190e
GET /sb/ssp/utility/social-media/facebook/js/script.js HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://xfantazy.com
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Fri, 25 Nov 2022 04:34:36 GMT
content-type: application/javascript
last-modified: Sat, 20 Feb 2021 08:47:14 GMT
etag: W/"6030cc92-1bc"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 830574
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ou%2FndGSURyAc2E8wpjTAi4rmpQJZXR%2BFLLsoRLIAoIDUdzItOtvPkvWLAGZjverXOrrwVfftuiajs92Wq3IbDTj2I%2Fmd0jFnTiQkibGMWJ7RNMPwHDRd0KFaxJe2U8MHiwnQ6D2RaDNN"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 76f7ac40e986d188-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 313 B IP 93.184.220.29:0
Hash 987520e4109a1a36a882e6d95b39f657
02a81865169862c321faaf04b1496ba83c422746
ef00a91bb28b5beb35a9a54dc2e28d696540fa942c201d1c247c1ea7377d2a44
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 358
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Fri, 25 Nov 2022 04:34:38 GMT
Last-Modified: Fri, 25 Nov 2022 04:28:40 GMT
Server: ECS (ska/F714)
X-Cache: HIT
Content-Length: 313
ocsp.digicert.com/
93.184.220.29200 OK 279 B IP 93.184.220.29:0
Hash 8d54149dd362542b3d3d463e314d8c39
afdba2e2c8f9078f35a0a4455e46ec5a9373f097
9527761b52d17e8a14a8c779735c7982b6c1d90346eec6268bb0dda8cb415f03
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4308
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Fri, 25 Nov 2022 04:34:38 GMT
Last-Modified: Fri, 25 Nov 2022 03:22:51 GMT
Server: ECS (ska/F714)
X-Cache: HIT
Content-Length: 279
go.xlirdr.com/i?campaignId=banner2609start&creativeId=300x250&modelsCountry=&modelsLanguage=&sourceId=xfanta&tag=females&targetDomain=&buttonColor=&hideModelNameOnSmallSpots=0&hideTitleOnSmallSpots=1&liveBadgeColor=%2324d7d7&showButton=1&showModelName=1&showTitle=0&showLiveBadge=1&isXhDesign=0&actionButtonPlacement=bottom&thumbSizeKey=small&hideButtonOnSmallSpots=1&userId=b47aedc2c088e2f21e0cc23e0318384c557941461efdbc48212e7282df45f2f4&landing=WidgetV4Universal
104.18.59.150302 Found 0 B URL HTTP/2 go.xlirdr.com/i?campaignId=banner2609start&creativeId=300x250&modelsCountry=&modelsLanguage=&sourceId=xfanta&tag=females&targetDomain=&buttonColor=&hideModelNameOnSmallSpots=0&hideTitleOnSmallSpots=1&liveBadgeColor=%2324d7d7&showButton=1&showModelName=1&showTitle=0&showLiveBadge=1&isXhDesign=0&actionButtonPlacement=bottom&thumbSizeKey=small&hideButtonOnSmallSpots=1&userId=b47aedc2c088e2f21e0cc23e0318384c557941461efdbc48212e7282df45f2f4&landing=WidgetV4Universal
IP 104.18.59.150:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /i?campaignId=banner2609start&creativeId=300x250&modelsCountry=&modelsLanguage=&sourceId=xfanta&tag=females&targetDomain=&buttonColor=&hideModelNameOnSmallSpots=0&hideTitleOnSmallSpots=1&liveBadgeColor=%2324d7d7&showButton=1&showModelName=1&showTitle=0&showLiveBadge=1&isXhDesign=0&actionButtonPlacement=bottom&thumbSizeKey=small&hideButtonOnSmallSpots=1&userId=b47aedc2c088e2f21e0cc23e0318384c557941461efdbc48212e7282df45f2f4&landing=WidgetV4Universal HTTP/1.1
Host: go.xlirdr.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://cams.gratis/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
date: Fri, 25 Nov 2022 04:34:39 GMT
content-length: 0
location: https://creative.xlirdr.com/widgets/v4/Universal/?actionButtonPlacement=bottom&buttonColor=&campaignId=banner2609start&creativeId=300x250&domain=stripchat&hideButtonOnSmallSpots=1&hideModelNameOnSmallSpots=0&hideTitleOnSmallSpots=1&isXhDesign=0&liveBadgeColor=%2324d7d7&modelsCountry=&modelsLanguage=&showButton=1&showLiveBadge=1&showModelName=1&showTitle=0&sound=off&sourceId=xfanta&tag=females&targetDomain=&thumbSizeKey=small&trackOff=1&userId=b47aedc2c088e2f21e0cc23e0318384c557941461efdbc48212e7282df45f2f4
access-control-allow-origin: *
cf-cache-status: DYNAMIC
set-cookie: __cflb=02DiuDfsBaY2bRYJiCeSRSGTzNwtDfLbrz26xhh2KpLrg; SameSite=None; Secure; path=/; expires=Sat, 26-Nov-22 03:34:39 GMT; HttpOnly
server: cloudflare
cf-ray: 76f7ac519f8eb4f1-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 279 B IP 93.184.220.29:0
Hash 8d54149dd362542b3d3d463e314d8c39
afdba2e2c8f9078f35a0a4455e46ec5a9373f097
9527761b52d17e8a14a8c779735c7982b6c1d90346eec6268bb0dda8cb415f03
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4309
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Fri, 25 Nov 2022 04:34:39 GMT
Last-Modified: Fri, 25 Nov 2022 03:22:51 GMT
Server: ECS (ska/F714)
X-Cache: HIT
Content-Length: 279
ocsp.digicert.com/
93.184.220.29200 OK 313 B IP 93.184.220.29:0
Hash 987520e4109a1a36a882e6d95b39f657
02a81865169862c321faaf04b1496ba83c422746
ef00a91bb28b5beb35a9a54dc2e28d696540fa942c201d1c247c1ea7377d2a44
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 359
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Fri, 25 Nov 2022 04:34:39 GMT
Last-Modified: Fri, 25 Nov 2022 04:28:40 GMT
Server: ECS (ska/F714)
X-Cache: HIT
Content-Length: 313
ocsp.digicert.com/
93.184.220.29200 OK 4.6 kB IP 93.184.220.29:0
Hash 4f9b0647d0f8ac5a64d476b7be844338
2c30c129c2c29ad23a1f82adf6835e715e04bcf3
dc2e63bfdb3acd5b1b2a4e1c99eed569ae74addb1ee5318977e3dce9d1cdf6d8
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5864
Cache-Control: max-age=171631
Content-Type: application/ocsp-response
Date: Fri, 25 Nov 2022 04:34:39 GMT
Etag: "63802a66-118"
Expires: Sun, 27 Nov 2022 04:15:10 GMT
Last-Modified: Fri, 25 Nov 2022 02:37:26 GMT
Server: ECS (ska/F714)
X-Cache: HIT
Content-Length: 280
video.ktkjmp.com/adsbygoogle.js
104.18.51.106200 OK 79 kB URL HTTP/2 video.ktkjmp.com/adsbygoogle.js
IP 104.18.51.106:0
Hash 31f7fec4cffc9aae5c3179b6fe0ded45
8b3bfdd1f05ee11fdd6cbc21cb0117f3b3d63375
a0422b3a5c89998c2473c32b1a9d1f099ec95e404574f4a54db5a77326e6a8d0
GET /adsbygoogle.js HTTP/1.1
Host: video.ktkjmp.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://creative.xlirdr.com/
Origin: https://creative.xlirdr.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 25 Nov 2022 04:34:39 GMT
content-type: application/javascript
content-length: 16
x-amz-id-2: lcNIxMaAofF7Fv+CenZmpGJJrSUFrD74EH/RfdAjL9Jhx1+3B0JyXF3qWYdsiZqTewxi/ePstns=
x-amz-request-id: 3YWB4S6N4MZ3W6PX
last-modified: Thu, 10 Mar 2022 13:52:07 GMT
etag: "3d7f7a60216d40dea48e495fef6903c9"
x-amz-meta-s3cmd-attrs: atime:1646920284/ctime:1646920283/gid:20/gname:staff/md5:3d7f7a60216d40dea48e495fef6903c9/mode:33188/mtime:1646920283/uid:501/uname:mikhailchubar
x-amz-version-id: eIgLIBoMMcsEXtxOH6UDjWyfAquRpkIG
access-control-allow-origin: https://creative.xlirdr.com
access-control-allow-credentials: true
access-control-allow-headers: Content-Type, Content-Length, Accept-Encoding, x-requested-with
cf-cache-status: HIT
age: 1483
expires: Fri, 25 Nov 2022 08:34:39 GMT
cache-control: public, max-age=14400
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 76f7ac5329ab0b59-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
cams.gratis/banner/300x250.php?site=xfanta
172.64.135.7200 OK 886 B URL HTTP/2 cams.gratis/banner/300x250.php?site=xfanta
IP 172.64.135.7:0
File type HTML document text\012- HTML document, ASCII text, with very long lines (739)
Hash 6d70973a7a5978229a78333e3d5ca47b
5f0b5f84c586c49d99ec89eaf752c73aed603c9c
26c9607dabb212436839a4d5e1a754d62e07cd632ce88e1742e79433a040b3e9
GET /banner/300x250.php?site=xfanta HTTP/1.1
Host: cams.gratis
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ads.adxadserv.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 25 Nov 2022 04:34:38 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding,User-Agent
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=WAQjm35jj4hUOPe3VMsGxnCxQ3K%2F%2F1CUJfELfH8QWInM%2BJwQ%2F8yINHUecGZjDJKTxuzddz%2B4p9iaPl%2F0WgRfsy22M0RN9QwG4RG5gcyeDqhPAcwXoK3csAZGUWcuqg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 76f7ac503d737780-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 278 B IP 93.184.220.29:0
Hash 79bf3e13ff6ba71e188f64c5adad61ea
2837cab50b603d1340c5df394b8bdb14e61af710
6b5ff3c0ce773465a3c179b72c8abf20521a25178a14e0b5efafd5d9b06d46fe
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3580
Cache-Control: max-age=95182
Content-Type: application/ocsp-response
Date: Fri, 25 Nov 2022 04:34:39 GMT
Etag: "637f08b1-116"
Expires: Sat, 26 Nov 2022 07:01:01 GMT
Last-Modified: Thu, 24 Nov 2022 06:01:21 GMT
Server: ECS (ska/F714)
X-Cache: HIT
Content-Length: 278
ocsp.digicert.com/
93.184.220.29200 OK 313 B IP 93.184.220.29:0
Hash 538ba0e7e66eee9258eb4c1737c1d2d7
44015de1d8c676eda9849c5681f24045077bd497
042b30dd3fcccdeba04cc4d18aa05eac182688653c7778e6ef60280ea7335543
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5834
Cache-Control: max-age=153221
Content-Type: application/ocsp-response
Date: Fri, 25 Nov 2022 04:34:39 GMT
Etag: "637fe29a-139"
Expires: Sat, 26 Nov 2022 23:08:20 GMT
Last-Modified: Thu, 24 Nov 2022 21:31:06 GMT
Server: ECS (ska/F714)
X-Cache: HIT
Content-Length: 313
img.strpst.com/thumbs/1669350421/19172495
104.18.63.124200 OK 12 kB URL HTTP/2 img.strpst.com/thumbs/1669350421/19172495
IP 104.18.63.124:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 0x0, segment length 16, progressive, precision 8, 270x360, components 3\012- data
Hash 35e34035ea002712bc7b81e0536abed9
e29d04f3752f39eeef942bfbe8605871889eef00
ef09644276b9eeeb76fa39d0ed80958238a5e0ca89485d224f538fa774c828a1
GET /thumbs/1669350421/19172495 HTTP/1.1
Host: img.strpst.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://creative.xlirdr.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 25 Nov 2022 04:34:39 GMT
content-type: image/jpeg
content-length: 12497
access-control-allow-credentials: true
access-control-allow-headers: *
access-control-allow-methods: PUT, POST, GET, DELETE, OPTIONS
access-control-allow-origin: *
cf-bgj: imgq:100,h2pri
cf-polished: origSize=13084, status=webp_bigger
etag: "e59e866ed1b9dcdce03fb937f323baeb"
last-modified: Fri, 25 Nov 2022 04:26:36 GMT
cf-cache-status: HIT
age: 175
expires: Fri, 25 Nov 2022 04:35:39 GMT
cache-control: public, max-age=60
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 76f7ac549fe7b4ff-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 313 B IP 93.184.220.29:0
Hash 538ba0e7e66eee9258eb4c1737c1d2d7
44015de1d8c676eda9849c5681f24045077bd497
042b30dd3fcccdeba04cc4d18aa05eac182688653c7778e6ef60280ea7335543
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6547
Cache-Control: max-age=153934
Content-Type: application/ocsp-response
Date: Fri, 25 Nov 2022 04:34:39 GMT
Etag: "637fe29a-139"
Expires: Sat, 26 Nov 2022 23:20:13 GMT
Last-Modified: Thu, 24 Nov 2022 21:31:06 GMT
Server: ECS (ska/F70B)
X-Cache: HIT
Content-Length: 313
ocsp.digicert.com/
93.184.220.29200 OK 313 B IP 93.184.220.29:0
Hash 538ba0e7e66eee9258eb4c1737c1d2d7
44015de1d8c676eda9849c5681f24045077bd497
042b30dd3fcccdeba04cc4d18aa05eac182688653c7778e6ef60280ea7335543
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5834
Cache-Control: max-age=153221
Content-Type: application/ocsp-response
Date: Fri, 25 Nov 2022 04:34:39 GMT
Etag: "637fe29a-139"
Expires: Sat, 26 Nov 2022 23:08:20 GMT
Last-Modified: Thu, 24 Nov 2022 21:31:06 GMT
Server: ECS (ska/F714)
X-Cache: HIT
Content-Length: 313
roomimg.stream.highwebmedia.com/riw/_2strangers.jpg?1669350870
104.19.241.83200 OK 7.5 kB URL HTTP/2 roomimg.stream.highwebmedia.com/riw/_2strangers.jpg?1669350870
IP 104.19.241.83:0
File type JPEG image data, JFIF standard 1.02, aspect ratio, density 548x549, segment length 16, comment: "Lavc58.91.100", baseline, precision 8, 480x270, components 3\012- data
Hash 22371add268ab080d6f8da6a24abd315
540f5a3d3af53fd5fee6fcc3105b3c0eccf36ab6
a7d54b3af6cb43f359aed6ba0ea6c9449adf07f1f3159a18849428dab3edf107
GET /riw/_2strangers.jpg?1669350870 HTTP/1.1
Host: roomimg.stream.highwebmedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://chaturbate.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Fri, 25 Nov 2022 04:34:39 GMT
content-type: image/jpeg
content-length: 7454
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
cache-control: public, max-age=30
cf-bgj: imgq:100,h2pri
cf-polished: status=not_needed
content-security-policy: default-src 'none'; img-src data:; style-src 'unsafe-inline'
referrer-policy: strict-origin-when-cross-origin
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
x-frame-options: DENY
x-xss-protection: 1; mode=block
cf-cache-status: HIT
age: 26
last-modified: Fri, 25 Nov 2022 04:34:13 GMT
expires: Fri, 25 Nov 2022 04:35:09 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=AAdJQG6XeWexHlUThHbcxvw8N8NKmj24Q2ywf1SLunYPIlR0wyRpyrtkk4Or1yRYlmqT612dh%2BnnYkxoNajqkCCLrbbltvGL3u%2FxcNMfmIVDTT1ao8loNjrlSilvYHsGLkwJnJzr6h6QKo9RonNUZn4%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
set-cookie: _cfuvid=k3kl6fVXG8K.plTrDXTMtoycg6UwTTAE0z0ppdNnHz8-1669350879501-0-604800000; path=/; domain=.highwebmedia.com; HttpOnly; Secure; SameSite=None
server: cloudflare
cf-ray: 76f7ac54dd9cb50b-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 278 B IP 93.184.220.29:0
Hash 79bf3e13ff6ba71e188f64c5adad61ea
2837cab50b603d1340c5df394b8bdb14e61af710
6b5ff3c0ce773465a3c179b72c8abf20521a25178a14e0b5efafd5d9b06d46fe
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3580
Cache-Control: max-age=95182
Content-Type: application/ocsp-response
Date: Fri, 25 Nov 2022 04:34:39 GMT
Etag: "637f08b1-116"
Expires: Sat, 26 Nov 2022 07:01:01 GMT
Last-Modified: Thu, 24 Nov 2022 06:01:21 GMT
Server: ECS (ska/F714)
X-Cache: HIT
Content-Length: 278
static-assets.highwebmedia.com/images/ico-cams.png?829027f88094
104.16.94.42200 OK 549 B URL HTTP/2 static-assets.highwebmedia.com/images/ico-cams.png?829027f88094
IP 104.16.94.42:0
File type PNG image data, 13 x 15, 8-bit colormap, non-interlaced\012- data
Hash 4437b02e2efeaa0eb69858a7eb957af6
2dfa9c3fa2fc56c7504c043876eaad9526abed62
52dc5730b7afd3f35531dcca2bd7b9984f0271d15c8b449c4b1d425dddf12a33
GET /images/ico-cams.png?829027f88094 HTTP/1.1
Host: static-assets.highwebmedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://static-assets.highwebmedia.com/CACHE/css/output.ef7436bc2788.css
Cookie: _cfuvid=A7T6Z.CxKia8JQVglCcWn_Sh8sxQfQytULTNQJdross-1669350879464-0-604800000
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Fri, 25 Nov 2022 04:34:39 GMT
content-type: image/png
content-length: 549
cache-control: public, max-age=2592000
cf-bgj: imgq:100,h2pri,csam-hash
cf-polished: origSize=1457
etag: "58ecd9d7af4908cce84eccd4cbd6f0d0"
last-modified: Tue, 19 Jan 2021 22:03:22 GMT
x-amz-id-2: uk+Y+mMt51OLA32rfvOrwKQRVhebnzwVD7WNGN89HYS/N/FIKgMltVMzadOcg1MyUuhiPycAlHk=
x-amz-meta-s3cmd-attrs: md5:58ecd9d7af4908cce84eccd4cbd6f0d0
x-amz-request-id: 2BDHEK7PHQPF17BP
cf-cache-status: HIT
age: 949658
expires: Sun, 25 Dec 2022 04:34:39 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=OMISvtT%2FiYt4etH2SlDbrDki8GFOjWvJcYBRwEQ59E4Hu9mHBoCw3B6HZ39HIXfU6VYPZmzAb06HBu8Uvh6S4%2FHx16kZ%2Fl7mHaKFDvVS7RLUigX9b6Rks0NtWXRLF8epLrU0wx0hLTdTT1XYih3IPQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 76f7ac54d8a5b51d-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
roomimg.stream.highwebmedia.com/riw/angela_5.jpg?1669350870
104.19.241.83200 OK 5.0 kB URL HTTP/2 roomimg.stream.highwebmedia.com/riw/angela_5.jpg?1669350870
IP 104.19.241.83:0
File type JPEG image data, JFIF standard 1.02, aspect ratio, density 548x549, segment length 16, comment: "Lavc58.91.100", baseline, precision 8, 480x270, components 3\012- data
Hash dd7bb47d4666d9f7a045a2a019aa2e76
976c41e89759c1800c19656010304487b1953974
abf29a72d2f7719639f02c026a8ab53936bf23377c1db08ab22be56197f6e758
GET /riw/angela_5.jpg?1669350870 HTTP/1.1
Host: roomimg.stream.highwebmedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://chaturbate.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Fri, 25 Nov 2022 04:34:39 GMT
content-type: image/jpeg
content-length: 4988
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
cache-control: public, max-age=30
cf-bgj: imgq:100,h2pri
cf-polished: status=not_needed
content-security-policy: default-src 'none'; img-src data:; style-src 'unsafe-inline'
referrer-policy: strict-origin-when-cross-origin
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
x-frame-options: DENY
x-xss-protection: 1; mode=block
cf-cache-status: HIT
age: 1
last-modified: Fri, 25 Nov 2022 04:34:38 GMT
expires: Fri, 25 Nov 2022 04:35:09 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2Bkmyvv4vicK7nj10Kzieeb%2FWgW%2FYpPLsBWMPut1TsqzQzO7UqA3LWMbGFqPWDh4kXBbEWUz3O1FmUNhjHGCSrJc5btamvdH%2BpAItRHILB97tluSvG99IsEq%2FpESCmFMY1PqzdpyMJChkUeIRsDfh9HA%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
set-cookie: _cfuvid=TmwrbmLFqEW3Alvn1ZN7HHfLuHIX9ripQa3yllQSq80-1669350879504-0-604800000; path=/; domain=.highwebmedia.com; HttpOnly; Secure; SameSite=None
server: cloudflare
cf-ray: 76f7ac54dd9bb50b-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
chaturbate.com/tours/3/?tour=x1Rd&campaign=NcAyU&c=3&p=0&gender=f&disable_sound=0
104.18.101.40200 OK 53 kB URL HTTP/2 chaturbate.com/tours/3/?tour=x1Rd&campaign=NcAyU&c=3&p=0&gender=f&disable_sound=0
IP 104.18.101.40:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (31162)
Hash 49acc63f7cd3288f22bff92269d54d9c
3b10f724579c2b31d44ace67329889b0c56479d8
63f6b4a9b44b908737282b9de550a8e3a078ba806f9b628e682ffd192a8cd031
GET /tours/3/?tour=x1Rd&campaign=NcAyU&c=3&p=0&gender=f&disable_sound=0 HTTP/1.1
Host: chaturbate.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://cams.gratis/
Connection: keep-alive
Cookie: __cf_bm=trGhF.HPInQ9oHo9XuCLzMBnNPjAhaotjCj5RHlVZes-1669350879-0-AfRzI/M04rZvegIn6I+h5u858lalMgEs6O438JVnxmB9GvIrLt1csD/jjSYiKV+kL/NInalNH8n/fGmDmMoEXho=
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Fri, 25 Nov 2022 04:34:39 GMT
content-type: text/html; charset=utf-8
vary: Accept-Encoding, Accept-Language, Cookie
p3p: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"
content-language: en
content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.mmcdn.com https://*.highwebmedia.com https://*.chaturbate.com https://chaturbate.com https://ajax.googleapis.com https://js-agent.newrelic.com https://cdnjs.cloudflare.com https://www.google-analytics.com https://www.google.com/recaptcha/ https://www.google.com/cv/ https://www.gstatic.com/recaptcha/ https://www.gstatic.com/cv/ https://www.gstatic.com/eureka/ https://www.gstatic.com/cast/ https://*.nr-data.net https://certify-js.alexametrics.com https://player.vimeo.com/api/player.js http://static.hotjar.com https://static.hotjar.com https://script.hotjar.com ; style-src 'self' data: 'unsafe-inline' https://*.highwebmedia.com https://cdnjs.cloudflare.com https://fonts.googleapis.com ; img-src 'self' data: https://*.mmcdn.com https://*.highwebmedia.com https://*.stream.highwebmedia.com https://*.chaturbate.com https://chaturbate.com https://www.google-analytics.com https://static-pub.highwebmedia.com https://s3pv.highwebmedia.com https://cbphotovideo.s3.amazonaws.com https://cbphotovideo-eu.s3.amazonaws.com https://static-pub.highwebmedia.com.s3.amazonaws.com https://wowdvr.s3.amazonaws.com https://cbvideoupload.s3.amazonaws.com https://cdnjs.cloudflare.com https://www.gstatic.com https://*.nr-data.net https://certify.alexametrics.com https://stats.g.doubleclick.net https://cbgames.s3.amazonaws.com https://player.vimeo.com https://script.hotjar.com http://script.hotjar.com ; font-src 'self' data: https://*.mmcdn.com https://*.highwebmedia.com https://cdnjs.cloudflare.com https://fonts.gstatic.com http://script.hotjar.com https://script.hotjar.com ; connect-src 'self' blob: blob https://*.mmcdn.com wss://*.mmcdn.com wss://*.mmcdn.com:8443 https://*.highwebmedia.com wss://*.highwebmedia.com wss://*.highwebmedia.com:8443 https://*.nr-data.net https://*.chaturbate.com https://chaturbate.com https://www.google-analytics.com https://cbvideoupload.s3-accelerate.amazonaws.com https://stats.g.doubleclick.net https://internet-up.ably-realtime.com https://static-pub.highwebmedia.com https://s3pv.highwebmedia.com https://cbphotovideo.s3.amazonaws.com https://cbphotovideo-eu.s3.amazonaws.com https://static-pub.highwebmedia.com.s3.amazonaws.com https://wowdvr.s3.amazonaws.com https://cbvideoupload.s3.amazonaws.com https://tls-use1.fpapi.io https://use1.fptls.com https://eun1.fptls.com https://aps1.fptls.com http://*.hotjar.com:* https://*.hotjar.com:* https://vc.hotjar.io:* https://surveystats.hotjar.io wss://*.hotjar.com ; media-src 'self' https://*.mmcdn.com https://*.highwebmedia.com https://*.chaturbate.com https://chaturbate.com mediasource: blob: data: https://static-pub.highwebmedia.com https://s3pv.highwebmedia.com https://cbphotovideo.s3.amazonaws.com https://cbphotovideo-eu.s3.amazonaws.com https://static-pub.highwebmedia.com.s3.amazonaws.com https://wowdvr.s3.amazonaws.com https://cbvideoupload.s3.amazonaws.com; object-src 'self' https://*.mmcdn.com https://*.highwebmedia.com https://download.macromedia.com https://static-pub.highwebmedia.com https://s3pv.highwebmedia.com https://cbphotovideo.s3.amazonaws.com https://cbphotovideo-eu.s3.amazonaws.com https://static-pub.highwebmedia.com.s3.amazonaws.com https://wowdvr.s3.amazonaws.com https://cbvideoupload.s3.amazonaws.com ; frame-src 'self' https://*.mmcdn.com https://*.chaturbate.com https://chaturbate.com https://*.highwebmedia.com https://adserver.exoticads.com https://www.google.com/recaptcha/ https://*.wnu.com https://wnu.com https://checkout.2000charge.com https://www.sofort.com https://*.girogate.de https://player.vimeo.com https://vars.hotjar.com ; child-src 'self' blob: blob ; worker-src 'self' blob: blob ; form-action 'self' https://*.chaturbate.com https://chaturbate.com https://*.stream.highwebmedia.com https://www.coinpayments.net https://*.wnu.com https://wnu.com https://devportal.cb.dev https://*.web.amer-1.jumio.ai https://smartpay.coinsmart.com ; manifest-src 'self' https://*.mmcdn.com https://*.highwebmedia.com ; report-uri https://report-uri.mmcdn.com/r/t/csp/enforce;
report-to: {"group":"default","max_age":2592000,"endpoints":[{"url":"https://report-uri.mmcdn.com/a/t/g"}],"include_subdomains":true}
nel: {"report_to":"default","max_age":2592000,"include_subdomains":true}
cache-control: no-cache
x-content-type-options: nosniff
x-xss-protection: 1; mode=block; report=https://report-uri.highwebmedia.com/r/t/xss/enforce
referrer-policy: strict-origin-when-cross-origin
via: 1.1 google
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
set-cookie: affkey="eJyrVipSslJQyigpKSi20tdPTswt1ksvSizJLNZXqgUAilAJow=="; Domain=.chaturbate.com; expires=Sun, 25-Dec-2022 04:34:39 GMT; Max-Age=2592000; Path=/
sbr=sec:sbr625ecd0c-f2ca-41f7-bc8c-c02d204c1cf9:1oyQQB:8yMgo8qKHC0SxR5hPETBEpC8Z1Q; Domain=.chaturbate.com; expires=Wed, 20-Aug-2025 04:34:39 GMT; HttpOnly; Max-Age=86313600; Path=/; Secure
cf-cache-status: DYNAMIC
strict-transport-security: max-age=31536000; includeSubDomains; preload
server: cloudflare
cf-ray: 76f7ac528f07b4fd-OSL
content-encoding: br
X-Firefox-Spdy: h2
roomimg.stream.highwebmedia.com/riw/girl_of_yourdreams.jpg?1669350870
104.19.241.83200 OK 12 kB URL HTTP/2 roomimg.stream.highwebmedia.com/riw/girl_of_yourdreams.jpg?1669350870
IP 104.19.241.83:0
File type JPEG image data, JFIF standard 1.02, aspect ratio, density 959x960, segment length 16, comment: "Lavc58.91.100", baseline, precision 8, 480x270, components 3\012- data
Hash dbda7b7d8011a1ac77eb0639a842468f
d4ee390dff136ef16fc0eace717e5ac14f58a8fc
94c7732e4893bfe7eeca6b662860a9021e2059aed35ad52c92e8a4dd79766271
GET /riw/girl_of_yourdreams.jpg?1669350870 HTTP/1.1
Host: roomimg.stream.highwebmedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://chaturbate.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Fri, 25 Nov 2022 04:34:39 GMT
content-type: image/jpeg
content-length: 12010
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
cache-control: public, max-age=30
cf-bgj: imgq:100,h2pri
cf-polished: status=not_needed
content-security-policy: default-src 'none'; img-src data:; style-src 'unsafe-inline'
referrer-policy: strict-origin-when-cross-origin
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
x-frame-options: DENY
x-xss-protection: 1; mode=block
cf-cache-status: HIT
age: 15
last-modified: Fri, 25 Nov 2022 04:34:24 GMT
expires: Fri, 25 Nov 2022 04:35:09 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=g4%2BbqzLcFIzn9poPkJRC2FfRII3RYwT0CkhRScwfrMQEvgRTSZrMRB%2Bv%2FeNU1u%2BYt1rT%2BpocJQZqs5zrA0vhOJRG%2F92kiJme4L%2FwrgTZI4yKoR9oFeYRIpmX%2BWhtgcVQzMT4oUPHl136WmRU8OuEqrk%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
set-cookie: _cfuvid=mSj1xWL7JaEwNIjQ2bMBz17C3TQIRubBmI9UaOmv2nc-1669350879506-0-604800000; path=/; domain=.highwebmedia.com; HttpOnly; Secure; SameSite=None
server: cloudflare
cf-ray: 76f7ac54dd9ab50b-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
static-assets.highwebmedia.com/fonts/ubuntur-webfont.woff?896a82003cd1
104.16.94.42200 OK 33 kB URL HTTP/2 static-assets.highwebmedia.com/fonts/ubuntur-webfont.woff?896a82003cd1
IP 104.16.94.42:0
File type Web Open Font Format, TrueType, length 32960, version 1.0\012- data
Hash 30556905d926944a6ada140546bcf5ce
b9346ce355c8259d71707ab65c13e0629d01a48e
896a82003cd1a9134b0404c129bb7b8292e1d8a91298e275141b21086baa8a9d
GET /fonts/ubuntur-webfont.woff?896a82003cd1 HTTP/1.1
Host: static-assets.highwebmedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://chaturbate.com
Connection: keep-alive
Referer: https://static-assets.highwebmedia.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Fri, 25 Nov 2022 04:34:39 GMT
content-type: application/font-woff
content-length: 32960
x-amz-id-2: oQRN32iQRWNI2tD7F2N8drq+SpOONefvkFBuj6xfuUwNrtUzFxjUH3DLm/7IAXKOFQJxrDF3NDU=
x-amz-request-id: MA2EZ9YMX1DP219W
access-control-allow-origin: *
access-control-allow-methods: GET
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method, Accept-Encoding
last-modified: Tue, 19 Jan 2021 22:07:55 GMT
etag: "30556905d926944a6ada140546bcf5ce"
x-amz-meta-s3cmd-attrs: md5:30556905d926944a6ada140546bcf5ce
cache-control: public, max-age=2592000
cf-cache-status: HIT
age: 949660
expires: Sun, 25 Dec 2022 04:34:39 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=X5QEZjIRPyT%2FAeQwa%2FhLyE165I0gIOCs0FQUjc6bW0tK1h%2Fi8IgCcdAoV15fFjcGCciiXkPceOYxGfo4gAU7EB3uP5ZoY3wqHWGPu%2BE3cEaQNq7C6vxL7iVsofuZSwDodiBIb1p0%2BU9cSBGfE6qsRg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
set-cookie: _cfuvid=VG.PUdBLfUa4jqXGiFpN1V4OEJAY2vOy0joXTrB3Znc-1669350879509-0-604800000; path=/; domain=.highwebmedia.com; HttpOnly; Secure; SameSite=None
server: cloudflare
cf-ray: 76f7ac54d8a8b51d-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 313 B IP 93.184.220.29:0
Hash 538ba0e7e66eee9258eb4c1737c1d2d7
44015de1d8c676eda9849c5681f24045077bd497
042b30dd3fcccdeba04cc4d18aa05eac182688653c7778e6ef60280ea7335543
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5834
Cache-Control: max-age=153221
Content-Type: application/ocsp-response
Date: Fri, 25 Nov 2022 04:34:39 GMT
Etag: "637fe29a-139"
Expires: Sat, 26 Nov 2022 23:08:20 GMT
Last-Modified: Thu, 24 Nov 2022 21:31:06 GMT
Server: ECS (ska/F714)
X-Cache: HIT
Content-Length: 313
js-agent.newrelic.com/nr-spa-1216.min.js
151.101.86.137200 OK 18 kB URL HTTP/2 js-agent.newrelic.com/nr-spa-1216.min.js
IP 151.101.86.137:0
File type ASCII text, with very long lines (32010)
Hash 6561a2403142205f966207d61576f1a6
1310e72f494e12ab63a4280fc1600a2c89dc9bb8
0e496fcab0b9120938373e271fa6631b7da17adf33f8a490637467c170a3e37a
GET /nr-spa-1216.min.js HTTP/1.1
Host: js-agent.newrelic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://chaturbate.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: TAwVDFAylU9PwNPPW/eXC4UyIMC8EQ1d6JNW9Q+uXGnPmL1fuimq9M3lAe733gCMeKNDiCQX1YM=
x-amz-request-id: SYTECJR5CMD8NJ8E
last-modified: Thu, 14 Apr 2022 16:45:57 GMT
etag: "63e2df852d15ab21d7ff8fc4363222e8"
x-amz-version-id: UU.F5jvoumAjQChriwTQHbisCFw_OInU
content-type: application/javascript
server: AmazonS3
cache-control: public, max-age=7200, stale-if-error=604800
content-encoding: gzip
accept-ranges: bytes
date: Fri, 25 Nov 2022 04:34:39 GMT
via: 1.1 varnish
x-served-by: cache-bma1630-BMA
x-cache: HIT
x-cache-hits: 968
x-timer: S1669350880.651387,VS0,VE0
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
content-length: 18216
X-Firefox-Spdy: h2
poweredby.jads.co/adshow.php?adzone=969388
185.94.236.253200 OK 1.5 kB URL HTTP/1.1 poweredby.jads.co/adshow.php?adzone=969388
IP 185.94.236.253:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with very long lines (414), with CRLF, LF line terminators
Hash 76d78c946dd7c94d96516bba6553c9e0
9092891f52ff681229d53d5e406f24a9f69df1c4
56b0d7e53574feb581c81a31dae31de1fd40679241940d9700ba62b0728ccbc7
GET /adshow.php?adzone=969388 HTTP/1.1
Host: poweredby.jads.co
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://media.aso1.net/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 25 Nov 2022 04:34:39 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: close
X-Powered-By: PHP/5.6.40
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CUR OUR IND STA"
Set-Cookie: surferid=742fe52f487354b3a403db9ac96ad257; expires=Sat, 25-Nov-2023 04:34:38 GMT; Max-Age=31536000; path=/; SameSite=None; Secure; domain=.jads.co
juicy_data_1=YTowOnt9; expires=Mon, 28-Nov-2022 04:34:38 GMT; Max-Age=259200; path=/; SameSite=None; Secure; domain=jads.co
juicy_data=YToxOntzOjEyOiJqdWljeV9kYXRhXzEiO3M6MToiMSI7fQ%3D%3D; expires=Mon, 28-Nov-2022 04:34:38 GMT; Max-Age=259200; path=/; SameSite=None; Secure; domain=jads.co
Content-Encoding: gzip
bam.nr-data.net/1/6f524845d1?a=24279235&v=1216.487a282&to=MwYEbUdYXxJQWhULDApMIExbWkUIXldOFgwRERUXQ1BUFkIDFQ0WFlA%3D&rst=793&ck=1&ref=https://chaturbate.com/tours/3/&ap=18&be=512&fe=727&dc=667&af=err,xhr,stn,ins,spa&perf=%7B%22timing%22:%7B%22of%22:1669350878394,%22n%22:0,%22r%22:0,%22re%22:241,%22f%22:241,%22dn%22:241,%22dne%22:241,%22c%22:241,%22s%22:241,%22ce%22:241,%22rq%22:246,%22rp%22:431,%22rpe%22:433,%22dl%22:497,%22di%22:655,%22ds%22:666,%22de%22:673,%22dc%22:726,%22l%22:726,%22le%22:727%7D,%22navigation%22:%7B%22rc%22:1%7D%7D&fcp=658&at=H0ETGw9CExRCXBM9CgBBXAkZG0QSVEsPAw4BQVwbamZQD15XPj1BSEEVUFJXRBFuXQAWBkZZVhUXenc%2BY1gYQFlGVFBfAlhSVAMBB1JUBlcAXRh4Yy8TFUMhJTshCU0XAwlXHRsiJDwmDBJ8TU1DABMDQwQCCBADFVNYXRJUG01AEQECCmZcSRNbEwBQTFpUTVILGwgEVRMVQwMNCw05X1lYVhITA0NAT0YBA0pBZlYUVEoSPQoUQVwbDAgfWAEXVVBNVVZSGxkbUwRCTT4FFgEQFWZSXF5DCxsvLUFIQQ9JalpeFF9NExtBXkEodhcVEwhBZgINFgoXFEBqWl4PV1AFBw0HBkQDFwwBQx0bCBI8CgYSTlpLWkMLGwMOChxNBVZYGx1DWEk%2BDREDAghQT1hFCF5XQ1hBJg8PQRVqXg1ETQgNDRdBShtcSW4IQklDWEEmDw9BFWpeDURNCA0NF0FKG1xJbgBCV0NYVlRQVg0ZG1gRblgSDDwLEQEbDxtzDVhBQTEMCBYSUFpXQkFwakNOQQ0TOVpaV18EUk0IDQ07Fx9JUBsLQ3JYAw4GSyc1dRcVEwhBZhQRBhY8EkBFXBNbE0sEEQoABghNXFhdQx0bEwcSEQYVTWpJUBVZG1tATBAME0tGFgJOExVDFQ87CwlKQRsLQ1JRABYWFgEHTVAXUg5cG01AEA0XA2ZcXRNbABVDEQoQBjldWlRQCF8bW0AADAISTEdbUBVUFwINDkZPREtQSEQEQk0%2BCgwXF0QDF1pZAEVMEwACEAZIWlpUE00TWxMNFBcGFGZcXRNbEw9TVwYHB1ZaGF8DAlAUVVMFU04EWg1aHAIBCwVQU1AAV1pTABNNE0sEBAYWBhQbDxtZFUVJElhMSwAHVEYXVhNQTQgRTEZPREtQSEQEQk0%2BDwYQCwldFwMTJnRtQ05BFBoSUVpXbhdUSxILDApBXBsGFwZDHRsUAzwABhBQVlxuB1BUCA4aRllEdkFRVBMTFUMXAjsHA09cWlQ%2BRUARB0FeQQJcRlJFDkEbTUAWBTwJSmpfUAxYVRhAWUY0D1dRVkYSExVDFwI7DBVmQ1xDElhWD0BZRlJWGxkbRABuWxMNFBcGFGZTWFwIXUBDWEEiChRcU1ZJQx0bFAM8BhEJTkZcQz5HXBMRCgsNRAMXCAFUHwlDTkERAjlKQUtYD1YbW0AuCxkPVVlYHlQfCUFKNA0NAlZCShEvZRlQUk1UWEZuXFcHVQoZGVRXX0MUTw8IAVQfCUhCJAEADVYaCwFQAQlQUlJEJQ9LUF9eGR4IUVdNVEFKG1JQRT5SVgwPChBBXBsBXVcCU1wFUldUUAQbGRtBAENYDBFBXkEdZRdNXhRDZUNYQzhBHghnXW1DHRk9QAAFDhZYXF5fPRMDQT5BKgAnQGBlE00RZUMBP0ZZRmUXCm1DHRk9QBM4QVwZaRsBPRMVQT5BAwYIXVBLbUMLGT1ABThBShlpG1UIQlgDDgY7EAlMW11tQwsZPUBTOEEbG0hE&jsonp=NREUM.setToken
162.247.241.14200 OK 77 B URL HTTP/1.1 bam.nr-data.net/1/6f524845d1?a=24279235&v=1216.487a282&to=MwYEbUdYXxJQWhULDApMIExbWkUIXldOFgwRERUXQ1BUFkIDFQ0WFlA%3D&rst=793&ck=1&ref=https://chaturbate.com/tours/3/&ap=18&be=512&fe=727&dc=667&af=err,xhr,stn,ins,spa&perf=%7B%22timing%22:%7B%22of%22:1669350878394,%22n%22:0,%22r%22:0,%22re%22:241,%22f%22:241,%22dn%22:241,%22dne%22:241,%22c%22:241,%22s%22:241,%22ce%22:241,%22rq%22:246,%22rp%22:431,%22rpe%22:433,%22dl%22:497,%22di%22:655,%22ds%22:666,%22de%22:673,%22dc%22:726,%22l%22:726,%22le%22:727%7D,%22navigation%22:%7B%22rc%22:1%7D%7D&fcp=658&at=H0ETGw9CExRCXBM9CgBBXAkZG0QSVEsPAw4BQVwbamZQD15XPj1BSEEVUFJXRBFuXQAWBkZZVhUXenc%2BY1gYQFlGVFBfAlhSVAMBB1JUBlcAXRh4Yy8TFUMhJTshCU0XAwlXHRsiJDwmDBJ8TU1DABMDQwQCCBADFVNYXRJUG01AEQECCmZcSRNbEwBQTFpUTVILGwgEVRMVQwMNCw05X1lYVhITA0NAT0YBA0pBZlYUVEoSPQoUQVwbDAgfWAEXVVBNVVZSGxkbUwRCTT4FFgEQFWZSXF5DCxsvLUFIQQ9JalpeFF9NExtBXkEodhcVEwhBZgINFgoXFEBqWl4PV1AFBw0HBkQDFwwBQx0bCBI8CgYSTlpLWkMLGwMOChxNBVZYGx1DWEk%2BDREDAghQT1hFCF5XQ1hBJg8PQRVqXg1ETQgNDRdBShtcSW4IQklDWEEmDw9BFWpeDURNCA0NF0FKG1xJbgBCV0NYVlRQVg0ZG1gRblgSDDwLEQEbDxtzDVhBQTEMCBYSUFpXQkFwakNOQQ0TOVpaV18EUk0IDQ07Fx9JUBsLQ3JYAw4GSyc1dRcVEwhBZhQRBhY8EkBFXBNbE0sEEQoABghNXFhdQx0bEwcSEQYVTWpJUBVZG1tATBAME0tGFgJOExVDFQ87CwlKQRsLQ1JRABYWFgEHTVAXUg5cG01AEA0XA2ZcXRNbABVDEQoQBjldWlRQCF8bW0AADAISTEdbUBVUFwINDkZPREtQSEQEQk0%2BCgwXF0QDF1pZAEVMEwACEAZIWlpUE00TWxMNFBcGFGZcXRNbEw9TVwYHB1ZaGF8DAlAUVVMFU04EWg1aHAIBCwVQU1AAV1pTABNNE0sEBAYWBhQbDxtZFUVJElhMSwAHVEYXVhNQTQgRTEZPREtQSEQEQk0%2BDwYQCwldFwMTJnRtQ05BFBoSUVpXbhdUSxILDApBXBsGFwZDHRsUAzwABhBQVlxuB1BUCA4aRllEdkFRVBMTFUMXAjsHA09cWlQ%2BRUARB0FeQQJcRlJFDkEbTUAWBTwJSmpfUAxYVRhAWUY0D1dRVkYSExVDFwI7DBVmQ1xDElhWD0BZRlJWGxkbRABuWxMNFBcGFGZTWFwIXUBDWEEiChRcU1ZJQx0bFAM8BhEJTkZcQz5HXBMRCgsNRAMXCAFUHwlDTkERAjlKQUtYD1YbW0AuCxkPVVlYHlQfCUFKNA0NAlZCShEvZRlQUk1UWEZuXFcHVQoZGVRXX0MUTw8IAVQfCUhCJAEADVYaCwFQAQlQUlJEJQ9LUF9eGR4IUVdNVEFKG1JQRT5SVgwPChBBXBsBXVcCU1wFUldUUAQbGRtBAENYDBFBXkEdZRdNXhRDZUNYQzhBHghnXW1DHRk9QAAFDhZYXF5fPRMDQT5BKgAnQGBlE00RZUMBP0ZZRmUXCm1DHRk9QBM4QVwZaRsBPRMVQT5BAwYIXVBLbUMLGT1ABThBShlpG1UIQlgDDgY7EAlMW11tQwsZPUBTOEEbG0hE&jsonp=NREUM.setToken
IP 162.247.241.14:0
File type ASCII text, with no line terminators
Hash f1442f5831dbbe0210da2d7a4180d6b8
2ade23c6c7a001c66f0c0a9a101ec152747b434e
c6acf9fb2ecc1b144c51bd0337bbf1c26db3df2f649ac2da5c56db20d93eb3ef
GET /1/6f524845d1?a=24279235&v=1216.487a282&to=MwYEbUdYXxJQWhULDApMIExbWkUIXldOFgwRERUXQ1BUFkIDFQ0WFlA%3D&rst=793&ck=1&ref=https://chaturbate.com/tours/3/&ap=18&be=512&fe=727&dc=667&af=err,xhr,stn,ins,spa&perf=%7B%22timing%22:%7B%22of%22:1669350878394,%22n%22:0,%22r%22:0,%22re%22:241,%22f%22:241,%22dn%22:241,%22dne%22:241,%22c%22:241,%22s%22:241,%22ce%22:241,%22rq%22:246,%22rp%22:431,%22rpe%22:433,%22dl%22:497,%22di%22:655,%22ds%22:666,%22de%22:673,%22dc%22:726,%22l%22:726,%22le%22:727%7D,%22navigation%22:%7B%22rc%22:1%7D%7D&fcp=658&at=H0ETGw9CExRCXBM9CgBBXAkZG0QSVEsPAw4BQVwbamZQD15XPj1BSEEVUFJXRBFuXQAWBkZZVhUXenc%2BY1gYQFlGVFBfAlhSVAMBB1JUBlcAXRh4Yy8TFUMhJTshCU0XAwlXHRsiJDwmDBJ8TU1DABMDQwQCCBADFVNYXRJUG01AEQECCmZcSRNbEwBQTFpUTVILGwgEVRMVQwMNCw05X1lYVhITA0NAT0YBA0pBZlYUVEoSPQoUQVwbDAgfWAEXVVBNVVZSGxkbUwRCTT4FFgEQFWZSXF5DCxsvLUFIQQ9JalpeFF9NExtBXkEodhcVEwhBZgINFgoXFEBqWl4PV1AFBw0HBkQDFwwBQx0bCBI8CgYSTlpLWkMLGwMOChxNBVZYGx1DWEk%2BDREDAghQT1hFCF5XQ1hBJg8PQRVqXg1ETQgNDRdBShtcSW4IQklDWEEmDw9BFWpeDURNCA0NF0FKG1xJbgBCV0NYVlRQVg0ZG1gRblgSDDwLEQEbDxtzDVhBQTEMCBYSUFpXQkFwakNOQQ0TOVpaV18EUk0IDQ07Fx9JUBsLQ3JYAw4GSyc1dRcVEwhBZhQRBhY8EkBFXBNbE0sEEQoABghNXFhdQx0bEwcSEQYVTWpJUBVZG1tATBAME0tGFgJOExVDFQ87CwlKQRsLQ1JRABYWFgEHTVAXUg5cG01AEA0XA2ZcXRNbABVDEQoQBjldWlRQCF8bW0AADAISTEdbUBVUFwINDkZPREtQSEQEQk0%2BCgwXF0QDF1pZAEVMEwACEAZIWlpUE00TWxMNFBcGFGZcXRNbEw9TVwYHB1ZaGF8DAlAUVVMFU04EWg1aHAIBCwVQU1AAV1pTABNNE0sEBAYWBhQbDxtZFUVJElhMSwAHVEYXVhNQTQgRTEZPREtQSEQEQk0%2BDwYQCwldFwMTJnRtQ05BFBoSUVpXbhdUSxILDApBXBsGFwZDHRsUAzwABhBQVlxuB1BUCA4aRllEdkFRVBMTFUMXAjsHA09cWlQ%2BRUARB0FeQQJcRlJFDkEbTUAWBTwJSmpfUAxYVRhAWUY0D1dRVkYSExVDFwI7DBVmQ1xDElhWD0BZRlJWGxkbRABuWxMNFBcGFGZTWFwIXUBDWEEiChRcU1ZJQx0bFAM8BhEJTkZcQz5HXBMRCgsNRAMXCAFUHwlDTkERAjlKQUtYD1YbW0AuCxkPVVlYHlQfCUFKNA0NAlZCShEvZRlQUk1UWEZuXFcHVQoZGVRXX0MUTw8IAVQfCUhCJAEADVYaCwFQAQlQUlJEJQ9LUF9eGR4IUVdNVEFKG1JQRT5SVgwPChBBXBsBXVcCU1wFUldUUAQbGRtBAENYDBFBXkEdZRdNXhRDZUNYQzhBHghnXW1DHRk9QAAFDhZYXF5fPRMDQT5BKgAnQGBlE00RZUMBP0ZZRmUXCm1DHRk9QBM4QVwZaRsBPRMVQT5BAwYIXVBLbUMLGT1ABThBShlpG1UIQlgDDgY7EAlMW11tQwsZPUBTOEEbG0hE&jsonp=NREUM.setToken HTTP/1.1
Host: bam.nr-data.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://chaturbate.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Date: Fri, 25 Nov 2022 04:34:39 GMT
Content-Type: text/javascript
Transfer-Encoding: chunked
Connection: keep-alive
CF-Ray: 76f7ac561a3db500-OSL
Access-Control-Allow-Origin: *
Set-Cookie: JSESSIONID=977b175650d1ad85; Path=/; Domain=.nr-data.net; Secure; SameSite=None
CF-Cache-Status: DYNAMIC
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, PUT, HEAD, OPTIONS
Cross-Origin-Resource-Policy: cross-origin
Vary: Accept-Encoding
Server: cloudflare
Content-Encoding: gzip
i.jads.co/network/user1037/78-1639151702-0195345001639151702.jpg
69.16.175.10200 OK 76 kB URL HTTP/2 i.jads.co/network/user1037/78-1639151702-0195345001639151702.jpg
IP 69.16.175.10:0
Hash 610ca78b29eae6090381d3ecd1ab1702
23f7a98f0382532b8febc34e4aea91424df0f9e1
36c52f1366392f7b52ffdee210153eeb6da6fdf1589cd481a1910362357b66e4
GET /network/user1037/78-1639151702-0195345001639151702.jpg HTTP/1.1
Host: i.jads.co
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://poweredby.jads.co/
Cookie: surferid=742fe52f487354b3a403db9ac96ad257; juicy_data_1=YTowOnt9; juicy_data=YToxOntzOjEyOiJqdWljeV9kYXRhXzEiO3M6MToiMSI7fQ%3D%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
HTTP/2 200 OK
date: Fri, 25 Nov 2022 04:34:39 GMT
etag: "1639151702"
cache-control: max-age=10336974
content-length: 74596
content-type: image/jpeg
last-modified: Fri, 10 Dec 2021 15:55:02 GMT
accept-ranges: bytes
x-hw: 1669350879.dop224.sk1.t,1669350879.cds218.sk1.hn,1669350879.cds250.sk1.c
X-Firefox-Spdy: h2
bam.nr-data.net/events/1/6f524845d1?a=24279235&v=1216.487a282&to=MwYEbUdYXxJQWhULDApMIExbWkUIXldOFgwRERUXQ1BUFkIDFQ0WFlA%3D&rst=971&ck=1&ref=https://chaturbate.com/tours/3/
162.247.241.14200 OK 24 B URL HTTP/1.1 bam.nr-data.net/events/1/6f524845d1?a=24279235&v=1216.487a282&to=MwYEbUdYXxJQWhULDApMIExbWkUIXldOFgwRERUXQ1BUFkIDFQ0WFlA%3D&rst=971&ck=1&ref=https://chaturbate.com/tours/3/
IP 162.247.241.14:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash bc32ed98d624acb4008f986349a20d26
2d3df8c11d2168ce2c27e0937421d11d85016361
0c9cf152a0ad00d4f102c93c613c104914be5517ac8f8e0831727f8bfbe8b300
POST /events/1/6f524845d1?a=24279235&v=1216.487a282&to=MwYEbUdYXxJQWhULDApMIExbWkUIXldOFgwRERUXQ1BUFkIDFQ0WFlA%3D&rst=971&ck=1&ref=https://chaturbate.com/tours/3/ HTTP/1.1
Host: bam.nr-data.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://chaturbate.com/
content-type: text/plain
Content-Length: 1681
Origin: https://chaturbate.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Date: Fri, 25 Nov 2022 04:34:39 GMT
Content-Type: image/gif
Content-Length: 24
Connection: keep-alive
CF-Ray: 76f7ac571aaeb500-OSL
Access-Control-Allow-Origin: https://chaturbate.com
CF-Cache-Status: DYNAMIC
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, PUT, HEAD, OPTIONS
Vary: Accept-Encoding
Server: cloudflare
pogothere.xyz/asd100.bin
172.64.173.27200 OK 0 B IP 172.64.173.27:0
GET /asd100.bin HTTP/1.1
Host: pogothere.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://xfantazy.com/
Origin: https://xfantazy.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Fri, 25 Nov 2022 04:34:36 GMT
content-type: binary/octet-stream
access-control-allow-origin: https://xfantazy.com
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-headers: X-Requested-With, content-type
cache-control: max-age=14400
cf-cache-status: HIT
age: 4900
last-modified: Fri, 25 Nov 2022 03:12:56 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=WWOcsIudcbxywm6Wqew%2FRukeN12Awt3XXsF2pOB%2BYtVOSX6%2BfnYDCSIuteXY9nR0oSIk97m9BQGOSC145dVNy10ybw6ZPteP%2BitPfDtXXF6XUl6aMgBq7FODZp7J%2FAld"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 76f7ac4218378871-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ads.adxadserv.com/ad?spotid=636bc5d561d6e27071201a23&type=300x250&output=html
185.98.53.2200 OK 0 B URL HTTP/2 ads.adxadserv.com/ad?spotid=636bc5d561d6e27071201a23&type=300x250&output=html
IP 185.98.53.2:0
ASN #39572 DataWeb Global Group B.V.
GET /ad?spotid=636bc5d561d6e27071201a23&type=300x250&output=html HTTP/1.1
Host: ads.adxadserv.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Fri, 25 Nov 2022 04:34:37 GMT
content-type: text/html; charset=utf-8
cache-control: no-cache
X-Firefox-Spdy: h2
static-assets.highwebmedia.com/images/ico-female.svg?818c9c4c368f
104.16.94.42200 OK 0 B URL HTTP/2 static-assets.highwebmedia.com/images/ico-female.svg?818c9c4c368f
IP 104.16.94.42:0
GET /images/ico-female.svg?818c9c4c368f HTTP/1.1
Host: static-assets.highwebmedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://static-assets.highwebmedia.com/CACHE/css/output.ef7436bc2788.css
Cookie: _cfuvid=A7T6Z.CxKia8JQVglCcWn_Sh8sxQfQytULTNQJdross-1669350879464-0-604800000
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Fri, 25 Nov 2022 04:34:39 GMT
content-type: image/svg+xml
x-amz-id-2: SJJrNwVRov8N2XC88Y79re1WW5F9HPkqgb23MKyJYfSKA/6A8G8zqZPx3mPabUpoYiIi2DaJyOo=
x-amz-request-id: B65B7C33MY399T80
last-modified: Tue, 09 Mar 2021 22:37:01 GMT
etag: W/"304b64c8f4b6c7e0c36c86b419151c45"
x-amz-meta-s3cmd-attrs: md5:304b64c8f4b6c7e0c36c86b419151c45
cache-control: public, max-age=2592000
cf-cache-status: HIT
age: 2341193
expires: Sun, 25 Dec 2022 04:34:39 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=jYeZgUg3ttFNNLC5ksrQfED41CIiypyzCWNdnQylxvpli%2BT2m%2F%2ByARIq9OzEymy%2FLtker5i73CIs5%2FFrZjN%2FH1F%2Fx%2FX1iDgcAU4Z6grwDiYwy6rwa0WrOuS3u3mbT89wLZfabPyUIM4l2omuQNqQAA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 76f7ac54d8a4b51d-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
cdn.creative-bars1.com/sb/chat/mob/ssp/v2/new/3/css/animate.css
172.64.109.13200 OK 0 B URL HTTP/2 cdn.creative-bars1.com/sb/chat/mob/ssp/v2/new/3/css/animate.css
IP 172.64.109.13:0
GET /sb/chat/mob/ssp/v2/new/3/css/animate.css HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://xfantazy.com
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 25 Nov 2022 04:34:36 GMT
content-type: text/css
last-modified: Wed, 13 Jul 2022 12:13:56 GMT
etag: W/"62ceb704-135d1"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 830528
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=VYxPlBm8w5s7yONcSVfDf%2F60wS3gDCVelrTJfSUnxT7BTskelr0%2BZ4WFCgVS02oPV5H0n%2BG0GdZA9aw2wtQMN02SYujNDD5N5oj%2F1hNqEVgO%2FZIJXTaHVlV%2FG8bMAtWfqNtMVU6dXaT7"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 76f7ac40f98dd188-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
xfantazy.com/_next/static/chunks/69.b3ff95d1d1b8e7cf25a2.js
172.64.162.22200 OK 0 B URL HTTP/2 xfantazy.com/_next/static/chunks/69.b3ff95d1d1b8e7cf25a2.js
IP 172.64.162.22:0
GET /_next/static/chunks/69.b3ff95d1d1b8e7cf25a2.js HTTP/1.1
Host: xfantazy.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/video/6051542a4ce90e0b3a572b0b?
Cookie: visitorId=aunxcne9m2bdujejini09; experiment-popup-payment-7=0; experiment-save-to-button-2=0
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Fri, 25 Nov 2022 04:34:32 GMT
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=31536000, immutable
cf-bgj: minify
etag: W/"61c-1835015f17e"
last-modified: Sun, 18 Sep 2022 10:12:38 GMT
vary: Origin, Accept-Encoding
cf-cache-status: HIT
age: 2581816
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=UHKryrBWP6k%2FJPkkKCzMZ5EKEizoayE5YRWpJqmDbGu2IbWbJohmVNI%2FiyA76k3eP3hcFk7UZdchITPcEd6Zb8Di2pGianulqApf2unqVe7zZsWjTevInoRESlHCZo8%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 76f7ac270d1c75db-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
creative.xlirdr.com/widgets/v4/Universal/?actionButtonPlacement=bottom&buttonColor=&campaignId=banner2609start&creativeId=300x250&domain=stripchat&hideButtonOnSmallSpots=1&hideModelNameOnSmallSpots=0&hideTitleOnSmallSpots=1&isXhDesign=0&liveBadgeColor=%2324d7d7&modelsCountry=&modelsLanguage=&showButton=1&showLiveBadge=1&showModelName=1&showTitle=0&sound=off&sourceId=xfanta&tag=females&targetDomain=&thumbSizeKey=small&trackOff=1&userId=b47aedc2c088e2f21e0cc23e0318384c557941461efdbc48212e7282df45f2f4
104.18.59.150200 OK 0 B URL HTTP/2 creative.xlirdr.com/widgets/v4/Universal/?actionButtonPlacement=bottom&buttonColor=&campaignId=banner2609start&creativeId=300x250&domain=stripchat&hideButtonOnSmallSpots=1&hideModelNameOnSmallSpots=0&hideTitleOnSmallSpots=1&isXhDesign=0&liveBadgeColor=%2324d7d7&modelsCountry=&modelsLanguage=&showButton=1&showLiveBadge=1&showModelName=1&showTitle=0&sound=off&sourceId=xfanta&tag=females&targetDomain=&thumbSizeKey=small&trackOff=1&userId=b47aedc2c088e2f21e0cc23e0318384c557941461efdbc48212e7282df45f2f4
IP 104.18.59.150:0
GET /widgets/v4/Universal/?actionButtonPlacement=bottom&buttonColor=&campaignId=banner2609start&creativeId=300x250&domain=stripchat&hideButtonOnSmallSpots=1&hideModelNameOnSmallSpots=0&hideTitleOnSmallSpots=1&isXhDesign=0&liveBadgeColor=%2324d7d7&modelsCountry=&modelsLanguage=&showButton=1&showLiveBadge=1&showModelName=1&showTitle=0&sound=off&sourceId=xfanta&tag=females&targetDomain=&thumbSizeKey=small&trackOff=1&userId=b47aedc2c088e2f21e0cc23e0318384c557941461efdbc48212e7282df45f2f4 HTTP/1.1
Host: creative.xlirdr.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://cams.gratis/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Fri, 25 Nov 2022 04:34:39 GMT
content-type: text/html
last-modified: Wed, 16 Nov 2022 07:56:27 GMT
expires: Fri, 25 Nov 2022 04:34:38 GMT
cache-control: max-age=10
strict-transport-security: max-age=15768000
pragma: public
report-to: { "endpoints":[{ "url": "https://go.stripchat.com/report" }], "group": "default", "max_age": 1048576 }
cf-cache-status: HIT
age: 9
vary: Accept-Encoding
server: cloudflare
cf-ray: 76f7ac521fc6b4f1-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
a.realsrv.com/ad-provider.js
185.76.9.22200 OK 0 B URL HTTP/2 a.realsrv.com/ad-provider.js
IP 185.76.9.22:0
ASN #60068 Datacamp Limited
GET /ad-provider.js HTTP/1.1
Host: a.realsrv.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://a.naturalhealthsource.club/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 25 Nov 2022 04:34:37 GMT
content-type: application/javascript
etag: W/"8a1c299d9cff368e594ca42b1af"
expires: Thu, 24 Nov 2022 17:05:30 GMT
cache-control: max-age=10800
access-control-allow-origin: *
x-cache-op: HIT
x-accel-expires: @1669352763
server: CDN77-Turbo
x-77-nzt: AblMCRTlqu//0iIAAA
x-77-nzt-ray: af5856309fb08022dd4580639221670e
x-cache: HIT
x-age: 8914
x-77-pop: stockholmSE
x-77-cache: HIT
content-encoding: br
X-Firefox-Spdy: h2
static-assets.highwebmedia.com/CACHE/js/output.6f6724a00cb8.js
104.16.94.42200 OK 0 B URL HTTP/2 static-assets.highwebmedia.com/CACHE/js/output.6f6724a00cb8.js
IP 104.16.94.42:0
GET /CACHE/js/output.6f6724a00cb8.js HTTP/1.1
Host: static-assets.highwebmedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://chaturbate.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 25 Nov 2022 04:34:39 GMT
content-type: application/javascript
cache-control: public, max-age=2592000
cf-bgj: minify
etag: W/"a708027bfbbde438a72a93082d4bc4b5"
last-modified: Thu, 24 Jun 2021 21:24:05 GMT
x-amz-id-2: JSy2VAlm3gAahvlCm5/iqNOQuasckcIrq13CGup8iDmNjJ/I2mSXsAw6q4OzSeK3RH88h3oFZ3U=
x-amz-meta-s3cmd-attrs: md5:a708027bfbbde438a72a93082d4bc4b5
x-amz-request-id: 2D5V5B3Y2TWH6PZC
cf-cache-status: HIT
age: 716836
expires: Sun, 25 Dec 2022 04:34:39 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=JbX7WXHHcPEwCt%2FhSeRpXxXlsn3nx%2FKDon8tr50piALU9k6SQ%2BhStEkdKXP3tRTJN%2F7ssT9p3Xsy9kQ5bFiFsvW6e9fBWkkaOXgJD1ymBxaDdtDqp6RCrcs5oVMFkkWL26y5%2FD%2BR0utUL3GgK4M7og%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
set-cookie: _cfuvid=A7T6Z.CxKia8JQVglCcWn_Sh8sxQfQytULTNQJdross-1669350879464-0-604800000; path=/; domain=.highwebmedia.com; HttpOnly; Secure; SameSite=None
server: cloudflare
cf-ray: 76f7ac549891b51d-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
www.facebook.com/login.php?next=https%3A%2F%2Fwww.facebook.com%2Ffavicon.ico%3F_rdr%3Dp
157.240.200.35200 OK 0 B URL HTTP/2 www.facebook.com/login.php?next=https%3A%2F%2Fwww.facebook.com%2Ffavicon.ico%3F_rdr%3Dp
IP 157.240.200.35:0
GET /login.php?next=https%3A%2F%2Fwww.facebook.com%2Ffavicon.ico%3F_rdr%3Dp HTTP/1.1
Host: www.facebook.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-encoding: br
pragma: no-cache
cache-control: private, no-cache, no-store, must-revalidate
expires: Sat, 01 Jan 2000 00:00:00 GMT
content-security-policy-report-only: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* wss://*.fbcdn.net attachment.fbsbx.com blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ *.fbsbx.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster: *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: *.fbcdn.net;worker-src blob: *.facebook.com data:;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
content-security-policy: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* wss://*.fbcdn.net attachment.fbsbx.com blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ *.fbsbx.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster: *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: *.fbcdn.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
report-to: {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown"}]}
x-frame-options: DENY
x-content-type-options: nosniff
x-xss-protection: 0
cross-origin-opener-policy: same-origin-allow-popups
vary: Sec-Fetch-Site, Sec-Fetch-Mode, Accept-Encoding
strict-transport-security: max-age=15552000; preload
content-type: text/html; charset="utf-8"
x-fb-debug: wOl/O4kd+GVORMuIdQCIguoTiAahaPKCOGsPG8mmlyG6rOKL7GKWNIswjuMDbOm3NyKZjHZRI9/toziJLwTuQw==
date: Fri, 25 Nov 2022 04:34:36 GMT
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
tsyndicate.com/do2/WF8qxoGQpTQRg0uYg8RBqicfsIjfiOk4/master?w=1280&h=1024&tz=0&count=5
148.251.152.17200 OK 0 B URL HTTP/2 tsyndicate.com/do2/WF8qxoGQpTQRg0uYg8RBqicfsIjfiOk4/master?w=1280&h=1024&tz=0&count=5
IP 148.251.152.17:0
ASN #24940 Hetzner Online GmbH
GET /do2/WF8qxoGQpTQRg0uYg8RBqicfsIjfiOk4/master?w=1280&h=1024&tz=0&count=5 HTTP/1.1
Host: tsyndicate.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://a.naturalhealthsource.club
Connection: keep-alive
Referer: https://a.naturalhealthsource.club/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Fri, 25 Nov 2022 04:34:38 GMT
content-type: application/json; charset=utf-8
access-control-allow-origin: https://a.naturalhealthsource.club
access-control-allow-methods: POST, GET, HEAD
access-control-allow-headers: Accept, X-Requested-With, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, X-Legacy
access-control-allow-credentials: true
pragma: no-cache
expires: 0
vary: Accept-Encoding, *
x-api-version: 2
link: <https://lcdn.tsyndicate.com/sdk/v1/b.b.js>; rel=preload; as=script, <https://lcdn.tsyndicate.com/images/f/9/c6542954e657f07ad90fa19d17c7da6431db37.gif>; rel=preload; as=image, <https://lcdn.tsyndicate.com/sdk/v1/b.b.js>; rel=preload; as=script, <https://lcdn.tsyndicate.com/sdk/v1/b.b.js>; rel=preload; as=script, <https://lcdn.tsyndicate.com/images/f/9/c6542954e657f07ad90fa19d17c7da6431db37.gif>; rel=preload; as=image
x-request-id: b87dbc40339e6bc1
set-cookie: ts_uid=c9b0ac95-c0c6-4fbe-a7cb-bb0cd31e65a2; expires=Thu, 25 May 2023 04:34:38 GMT; domain=.tsyndicate.com; path=/; HttpOnly; secure; SameSite=None
bfq=APeIECNCx5YZMWLgqBHjBguEChnS6MJCxJiCW2SwiEFRRBmMMWzYyEFjxg0ZN3BsFEnSJEocXfoo; expires=Sat, 26 Nov 2022 04:34:38 GMT; domain=.tsyndicate.com; path=/; secure; SameSite=None
cache-control: no-cache, no-store, no-transform, must-revalidate, no-transform
x-robots-tag: none, noindex, nofollow
report-to: { "url": "https://pxl.tsyndicate.com/api/v1/heavy-ad/report", "max_age": 86401 }
content-encoding: gzip
X-Firefox-Spdy: h2
xfantazy.com/_next/static/runtime/webpack-f4d22593ad73f080a168.js
172.64.162.22200 OK 0 B URL HTTP/2 xfantazy.com/_next/static/runtime/webpack-f4d22593ad73f080a168.js
IP 172.64.162.22:0
GET /_next/static/runtime/webpack-f4d22593ad73f080a168.js HTTP/1.1
Host: xfantazy.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/video/6051542a4ce90e0b3a572b0b?
Cookie: visitorId=aunxcne9m2bdujejini09; experiment-popup-payment-7=0; experiment-save-to-button-2=0
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Fri, 25 Nov 2022 04:34:32 GMT
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=31536000, immutable
cf-bgj: minify
etag: W/"2fb2-1826d2b9f14"
last-modified: Fri, 05 Aug 2022 08:42:31 GMT
vary: Origin, Accept-Encoding
cf-cache-status: HIT
age: 9661826
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=1VC%2BzLJyo74YnRP5nPFJdyaYCJ9Db8z0t4UCvXT1KGyNTgSTq0hQdEBwp3j7mJ2YvMcUQrJGBYgLywHppMPqw%2BF5FSWCbNfFZi3YaPmoTq7hZmeNBwAJ%2BC8Jy8tfXw4%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 76f7ac270d1d75db-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
mc.yandex.ru/watch/49415098?wmode=7&page-url=https%3A%2F%2Fxfantazy.com%2Fvideo%2F6051542a4ce90e0b3a572b0b%3F&charset=utf-8&browser-info=pv%3A1%3Agdpr%3A14%3Avf%3A15ly4knov7onia7cw1aby4%3Afp%3A1141%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A923%3Acn%3A1%3Adp%3A0%3Als%3A1311919842147%3Ahid%3A65875391%3Az%3A0%3Ai%3A20221125043432%3Aet%3A1669350873%3Ac%3A1%3Arn%3A944215714%3Arqn%3A1%3Au%3A1669350873358294287%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ads%3A0%2C94%2C267%2C0%2C356%2C0%2C%2C238%2C9%2C%2C%2C%2C1147%3Ans%3A1669350870843%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1669350873%3At%3Aonline%20xxx%20video%2032%20Pure%20Taboo%20-%20Gia%20Derza%20%7C%20art%20%7C%20hardcore%20porn%20hardcore%20sex%20reporter%20gif%20-%20XFantazy.com&t=gdpr(14)clc(0-0-0)rqnt(1)aw(1)fip(1)rqnl(1)ti(2)
77.88.21.119302 Found 0 B URL HTTP/2 mc.yandex.ru/watch/49415098?wmode=7&page-url=https%3A%2F%2Fxfantazy.com%2Fvideo%2F6051542a4ce90e0b3a572b0b%3F&charset=utf-8&browser-info=pv%3A1%3Agdpr%3A14%3Avf%3A15ly4knov7onia7cw1aby4%3Afp%3A1141%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A923%3Acn%3A1%3Adp%3A0%3Als%3A1311919842147%3Ahid%3A65875391%3Az%3A0%3Ai%3A20221125043432%3Aet%3A1669350873%3Ac%3A1%3Arn%3A944215714%3Arqn%3A1%3Au%3A1669350873358294287%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ads%3A0%2C94%2C267%2C0%2C356%2C0%2C%2C238%2C9%2C%2C%2C%2C1147%3Ans%3A1669350870843%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1669350873%3At%3Aonline%20xxx%20video%2032%20Pure%20Taboo%20-%20Gia%20Derza%20%7C%20art%20%7C%20hardcore%20porn%20hardcore%20sex%20reporter%20gif%20-%20XFantazy.com&t=gdpr(14)clc(0-0-0)rqnt(1)aw(1)fip(1)rqnl(1)ti(2)
IP 77.88.21.119:0
GET /watch/49415098?wmode=7&page-url=https%3A%2F%2Fxfantazy.com%2Fvideo%2F6051542a4ce90e0b3a572b0b%3F&charset=utf-8&browser-info=pv%3A1%3Agdpr%3A14%3Avf%3A15ly4knov7onia7cw1aby4%3Afp%3A1141%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A923%3Acn%3A1%3Adp%3A0%3Als%3A1311919842147%3Ahid%3A65875391%3Az%3A0%3Ai%3A20221125043432%3Aet%3A1669350873%3Ac%3A1%3Arn%3A944215714%3Arqn%3A1%3Au%3A1669350873358294287%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ads%3A0%2C94%2C267%2C0%2C356%2C0%2C%2C238%2C9%2C%2C%2C%2C1147%3Ans%3A1669350870843%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1669350873%3At%3Aonline%20xxx%20video%2032%20Pure%20Taboo%20-%20Gia%20Derza%20%7C%20art%20%7C%20hardcore%20porn%20hardcore%20sex%20reporter%20gif%20-%20XFantazy.com&t=gdpr(14)clc(0-0-0)rqnt(1)aw(1)fip(1)rqnl(1)ti(2) HTTP/1.1
Host: mc.yandex.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://xfantazy.com
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
location: /watch/49415098/1?wmode=7&page-url=https%3A%2F%2Fxfantazy.com%2Fvideo%2F6051542a4ce90e0b3a572b0b%3F&charset=utf-8&browser-info=pv%3A1%3Agdpr%3A14%3Avf%3A15ly4knov7onia7cw1aby4%3Afp%3A1141%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A923%3Acn%3A1%3Adp%3A0%3Als%3A1311919842147%3Ahid%3A65875391%3Az%3A0%3Ai%3A20221125043432%3Aet%3A1669350873%3Ac%3A1%3Arn%3A944215714%3Arqn%3A1%3Au%3A1669350873358294287%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ads%3A0%2C94%2C267%2C0%2C356%2C0%2C%2C238%2C9%2C%2C%2C%2C1147%3Ans%3A1669350870843%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1669350873%3At%3Aonline%20xxx%20video%2032%20Pure%20Taboo%20-%20Gia%20Derza%20%7C%20art%20%7C%20hardcore%20porn%20hardcore%20sex%20reporter%20gif%20-%20XFantazy.com&t=gdpr%2814%29clc%280-0-0%29rqnt%281%29aw%281%29fip%281%29rqnl%281%29ti%282%29
date: Fri, 25 Nov 2022 04:34:33 GMT
access-control-allow-origin: https://xfantazy.com
set-cookie: yandexuid=1956748981669350873; Expires=Sat, 25-Nov-2023 04:34:33 GMT; Domain=.yandex.ru; Path=/; SameSite=None; Secure
yuidss=1956748981669350873; Expires=Sat, 25-Nov-2023 04:34:33 GMT; Domain=.yandex.ru; Path=/; SameSite=None; Secure
yabs-sid=569304901669350873; Path=/; SameSite=None; Secure
i=GdrW0/ge58Lkyw4YcRMtKov2wzha8BukTlC5WIX7K7jtuiB/VdVViPz2tmBiK5NooKnLe5rW2CqkUdN9aYRJ4yZEugY=; Expires=Mon, 22-Nov-2032 04:34:31 GMT; Domain=.yandex.ru; Path=/; Secure; HttpOnly; SameSite=None
ymex=1700886873.yc.1669350873#1700886873.yrts.1669350873#1700886873.yrtsi.1669350873; Expires=Sat, 25-Nov-2023 04:34:33 GMT; Domain=.yandex.ru; Path=/; SameSite=None; Secure
access-control-allow-credentials: true
pragma: no-cache
x-xss-protection: 1; mode=block
expires: Fri, 25-Nov-2022 04:34:33 GMT
last-modified: Fri, 25-Nov-2022 04:34:33 GMT
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
a.naturalhealthsource.club/api/spots/312873?p=1&s1=%subid1%&kw=
135.181.208.216200 OK 0 B URL HTTP/2 a.naturalhealthsource.club/api/spots/312873?p=1&s1=%subid1%&kw=
IP 135.181.208.216:0
ASN #24940 Hetzner Online GmbH
GET /api/spots/312873?p=1&s1=%subid1%&kw= HTTP/1.1
Host: a.naturalhealthsource.club
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Cookie: nauid=KPnC3FUMOHbRfXMilo2d
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Fri, 25 Nov 2022 04:34:37 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
cache-control: private
content-encoding: gzip
X-Firefox-Spdy: h2
engingsecondu.com/popunder.gif
104.21.55.224200 OK 0 B URL HTTP/2 engingsecondu.com/popunder.gif
IP 104.21.55.224:0
GET /popunder.gif HTTP/1.1
Host: engingsecondu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Fri, 25 Nov 2022 04:34:35 GMT
content-type: image/gif
access-control-allow-origin: *
pragma: public
cache-control: public, max-age=604800, immutable
cf-cache-status: HIT
age: 123574
last-modified: Wed, 23 Nov 2022 18:15:01 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=b9uhJUpbkQZ%2FF3MN2ZL47lUo9M1slcNQQPYtTlj%2Fc7sLQrzIm%2FXhtXsPTVWlwTnDxPQNfVy9s8U8LoBjSdcplYk1uMqdLmueh6DbU5L3Uqo6zAE76%2F%2FLyq7j1tcwkHbYd0qm4w%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 76f7ac3999f90b59-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
xfantazy.com/_next/static/chunks/59.edff5ae0d8d83054b552.js
172.64.162.22200 OK 0 B URL HTTP/2 xfantazy.com/_next/static/chunks/59.edff5ae0d8d83054b552.js
IP 172.64.162.22:0
GET /_next/static/chunks/59.edff5ae0d8d83054b552.js HTTP/1.1
Host: xfantazy.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/video/6051542a4ce90e0b3a572b0b?
Cookie: visitorId=aunxcne9m2bdujejini09; experiment-popup-payment-7=0; experiment-save-to-button-2=0
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Fri, 25 Nov 2022 04:34:32 GMT
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=31536000, immutable
cf-bgj: minify
etag: W/"c8b-183501656fb"
last-modified: Sun, 18 Sep 2022 10:13:04 GMT
vary: Origin, Accept-Encoding
cf-cache-status: HIT
age: 2581860
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=4viKnZUcK9NoQuLs7SN8k4LM2jVPAJA0jFIaZJQ1eRFhZqoWb9esvUwcgNkXL7auY4yxYOQeFxhXYN4luV1NGxKjaZohQ8IRlRZKz5s6Wemt3mUIPC8txy9R9Cd4CMg%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 76f7ac270d1275db-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
s3t3d2y8.afcdn.net/library/823442/7484a10379d3aa453002876fd3c72642bf4b9be5.mp4
185.76.9.14206 Partial Content 0 B URL HTTP/2 s3t3d2y8.afcdn.net/library/823442/7484a10379d3aa453002876fd3c72642bf4b9be5.mp4
IP 185.76.9.14:0
ASN #60068 Datacamp Limited
GET /library/823442/7484a10379d3aa453002876fd3c72642bf4b9be5.mp4 HTTP/1.1
Host: s3t3d2y8.afcdn.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: video/webm,video/ogg,video/*;q=0.9,application/ogg;q=0.7,audio/*;q=0.6,*/*;q=0.5
Accept-Language: en-US,en;q=0.5
Range: bytes=0-
Connection: keep-alive
Referer: https://a.naturalhealthsource.club/
Sec-Fetch-Dest: video
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 206 Partial Content
date: Fri, 25 Nov 2022 04:34:37 GMT
content-type: video/mp4
content-length: 211266
last-modified: Fri, 18 Nov 2022 09:40:08 GMT
etag: "637752f8-33942"
expires: Tue, 21 Nov 2023 19:46:20 GMT
cache-control: max-age=31536000
access-control-allow-origin: *
x-robots-tag: noindex, follow
x-cache-op: HIT
x-accel-expires: @1700649095
server: CDN77-Turbo
x-77-nzt: AblMCQ0nec//1qADAA
x-77-nzt-ray: c0a4cc2892c9ba4cdd4580637895502c
x-cache: HIT
x-age: 237782
x-77-pop: stockholmSE
x-77-cache: HIT
content-range: bytes 0-211265/211266
X-Firefox-Spdy: h2
xfantazy.com/static/logo-tv-light.svg
172.64.162.22200 OK 0 B URL HTTP/2 xfantazy.com/static/logo-tv-light.svg
IP 172.64.162.22:0
GET /static/logo-tv-light.svg HTTP/1.1
Host: xfantazy.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/video/6051542a4ce90e0b3a572b0b?
Cookie: visitorId=aunxcne9m2bdujejini09; experiment-popup-payment-7=0; experiment-save-to-button-2=0
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Fri, 25 Nov 2022 04:34:32 GMT
content-type: image/svg+xml
vary: Origin, Accept-Encoding
cache-control: public, max-age=14400
last-modified: Sun, 18 Sep 2022 10:07:54 GMT
etag: W/"101b-18350119b51"
cf-cache-status: EXPIRED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Xxw7awsi0tvXTrjYIUSojhMMFOfAny2wcOVqiV%2FaOCyomsHAh6cCWX0CAjaWxpMZxBT5ZcLilASweJtsPh1QlGJAqhovBeYGXhAAgvB%2FvGYhQ%2Fotz%2FOG93AKhRbaUsY%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 76f7ac271d2675db-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
fonts.googleapis.com/css?family=Roboto:100,300,400,500,700&display=swap
142.250.74.10200 OK 0 B URL HTTP/2 fonts.googleapis.com/css?family=Roboto:100,300,400,500,700&display=swap
IP 142.250.74.10:0
GET /css?family=Roboto:100,300,400,500,700&display=swap HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Fri, 25 Nov 2022 04:34:32 GMT
date: Fri, 25 Nov 2022 04:34:32 GMT
cache-control: private, max-age=86400
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
a.naturalhealthsource.club/api/spots/303892?p=1&s1=%subid1%&kw=
135.181.208.216200 OK 0 B URL HTTP/2 a.naturalhealthsource.club/api/spots/303892?p=1&s1=%subid1%&kw=
IP 135.181.208.216:0
ASN #24940 Hetzner Online GmbH
GET /api/spots/303892?p=1&s1=%subid1%&kw= HTTP/1.1
Host: a.naturalhealthsource.club
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Cookie: nauid=KPnC3FUMOHbRfXMilo2d
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 25 Nov 2022 04:34:37 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
cache-control: private
content-encoding: gzip
X-Firefox-Spdy: h2
xfantazy.com/video/6051542a4ce90e0b3a572b0b?
172.64.162.22200 OK 0 B URL HTTP/2 xfantazy.com/video/6051542a4ce90e0b3a572b0b?
IP 172.64.162.22:0
GET /video/6051542a4ce90e0b3a572b0b? HTTP/1.1
Host: xfantazy.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/2 200 OK
date: Fri, 25 Nov 2022 04:34:32 GMT
content-type: text/html; charset=utf-8
vary: Origin
set-cookie: visitorId=aunxcne9m2bdujejini09; Domain=xfantazy.com; Path=/; Expires=Thu, 25 Nov 2032 04:34:31 GMT; HttpOnly
experiment-popup-payment-7=0; Path=/; Expires=Fri, 02 Dec 2022 04:34:31 GMT
experiment-save-to-button-2=0; Path=/; Expires=Fri, 02 Dec 2022 04:34:31 GMT
x-powered-by: Next.js
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=aClac1HXUx30jpONfczkX24nRL%2FW5WUCbMH1QxToq5gEJZrKiinLpcWs0ttWJLIY%2B2pw%2BdfQ%2FnV88tgaLKDb18nPy%2BwJS11urufaX28pLH8Tg%2F4zdKhVZCruK5zIQ9Y%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 76f7ac24cbe575db-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
xfantazy.com/_next/static/chunks/9.be198c87e436634bf765.js
172.64.162.22200 OK 0 B URL HTTP/2 xfantazy.com/_next/static/chunks/9.be198c87e436634bf765.js
IP 172.64.162.22:0
GET /_next/static/chunks/9.be198c87e436634bf765.js HTTP/1.1
Host: xfantazy.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/video/6051542a4ce90e0b3a572b0b?
Cookie: visitorId=aunxcne9m2bdujejini09; experiment-popup-payment-7=0; experiment-save-to-button-2=0
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Fri, 25 Nov 2022 04:34:32 GMT
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=31536000, immutable
cf-bgj: minify
etag: W/"9c95-183501656f3"
last-modified: Sun, 18 Sep 2022 10:13:04 GMT
vary: Origin, Accept-Encoding
cf-cache-status: HIT
age: 2581816
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ypkPCPEyS%2BkcsElJISt4f3FiwAJ5r3fehoWSEhq98bj8oX7QepdBKKyH0qpH%2BO2O5Hi0YLCdCmLGm2aOMfbvuHfrR7T4tTRSvJ8nMhYBdoq2td4hwUAdGfo2sDoWuTc%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 76f7ac270d0a75db-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
xfantazy.com/_next/static/CQQjK-JMZPEm6YR1Hp7eX/pages/_app.js
172.64.162.22200 OK 0 B URL HTTP/2 xfantazy.com/_next/static/CQQjK-JMZPEm6YR1Hp7eX/pages/_app.js
IP 172.64.162.22:0
GET /_next/static/CQQjK-JMZPEm6YR1Hp7eX/pages/_app.js HTTP/1.1
Host: xfantazy.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/video/6051542a4ce90e0b3a572b0b?
Cookie: visitorId=aunxcne9m2bdujejini09; experiment-popup-payment-7=0; experiment-save-to-button-2=0
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Fri, 25 Nov 2022 04:34:32 GMT
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=31536000, immutable
cf-bgj: minify
etag: W/"20e2f-183501608c8"
last-modified: Sun, 18 Sep 2022 10:12:44 GMT
vary: Origin, Accept-Encoding
cf-cache-status: HIT
age: 5854655
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=V%2BBcoWeIsO2ITwrR9E%2BDh5g7mSg7i0xODe1iuh6L5jHmX36HpGvnHKneoRkTa%2Fyax2DbH%2FkGMiqgtnR59nT6Jz99sUt%2F4eq4HdoIQph0vxJ%2B4H8mNk%2FKXalPfevziRM%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 76f7ac270d0775db-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
xfantazy.com/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js
172.64.162.22200 OK 0 B URL HTTP/2 xfantazy.com/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js
IP 172.64.162.22:0
GET /cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js HTTP/1.1
Host: xfantazy.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/video/6051542a4ce90e0b3a572b0b?
Cookie: visitorId=aunxcne9m2bdujejini09; experiment-popup-payment-7=0; experiment-save-to-button-2=0
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Fri, 25 Nov 2022 04:34:32 GMT
content-type: application/javascript
last-modified: Tue, 22 Nov 2022 13:35:09 GMT
etag: W/"637cd00d-4d7"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=vmCJyv1N8jnXMs8tbVxl3gI2yYgg7XtzfgE9I7%2BCCkkoPTqp104oQ0Waqs%2B3G63JPhPxUDHnEx9ql9lSQK1OsQdr%2FsNIZi2Ta%2BvAGGnoObrDcFt0%2B14pRyLbdQmQt9A%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 76f7ac271d2775db-LHR
x-frame-options: DENY
x-content-type-options: nosniff
expires: Sun, 27 Nov 2022 04:34:32 GMT
cache-control: max-age=172800, public
content-encoding: gzip
X-Firefox-Spdy: h2
mc.yandex.ru/watch/49415098?page-url=https%3A%2F%2Fxfantazy.com%2Fvideo%2F6051542a4ce90e0b3a572b0b%3F&charset=utf-8&hittoken=1669350873_73ef624b1d644b5e2cfedad7294766650f23c2227fe97e18941e4b5ad51202e4&browser-info=pv%3A1%3Aar%3A1%3Agdpr%3A14%3Avf%3A15ly4knov7onia7cw1aby4%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A923%3Acn%3A1%3Adp%3A0%3Als%3A1311919842147%3Ahid%3A65875391%3Az%3A0%3Ai%3A20221125043434%3Aet%3A1669350874%3Ac%3A1%3Arn%3A700058684%3Arqn%3A8%3Au%3A1669350873358294287%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ans%3A1669350870843%3Aadb%3A2%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1669350874%3At%3Aonline%20xxx%20video%2032%20Pure%20Taboo%20-%20Gia%20Derza%20%7C%20art%20%7C%20hardcore%20porn%20hardcore%20sex%20reporter%20gif%20-%20XFantazy.com&t=gdpr(14)mc(p-7-h-1)clc(0-0-0)rqnt(8)aw(1)fip(1)rqnl(1)ti(2)
77.88.21.119302 Found 0 B URL HTTP/2 mc.yandex.ru/watch/49415098?page-url=https%3A%2F%2Fxfantazy.com%2Fvideo%2F6051542a4ce90e0b3a572b0b%3F&charset=utf-8&hittoken=1669350873_73ef624b1d644b5e2cfedad7294766650f23c2227fe97e18941e4b5ad51202e4&browser-info=pv%3A1%3Aar%3A1%3Agdpr%3A14%3Avf%3A15ly4knov7onia7cw1aby4%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A923%3Acn%3A1%3Adp%3A0%3Als%3A1311919842147%3Ahid%3A65875391%3Az%3A0%3Ai%3A20221125043434%3Aet%3A1669350874%3Ac%3A1%3Arn%3A700058684%3Arqn%3A8%3Au%3A1669350873358294287%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ans%3A1669350870843%3Aadb%3A2%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1669350874%3At%3Aonline%20xxx%20video%2032%20Pure%20Taboo%20-%20Gia%20Derza%20%7C%20art%20%7C%20hardcore%20porn%20hardcore%20sex%20reporter%20gif%20-%20XFantazy.com&t=gdpr(14)mc(p-7-h-1)clc(0-0-0)rqnt(8)aw(1)fip(1)rqnl(1)ti(2)
IP 77.88.21.119:0
GET /watch/49415098?page-url=https%3A%2F%2Fxfantazy.com%2Fvideo%2F6051542a4ce90e0b3a572b0b%3F&charset=utf-8&hittoken=1669350873_73ef624b1d644b5e2cfedad7294766650f23c2227fe97e18941e4b5ad51202e4&browser-info=pv%3A1%3Aar%3A1%3Agdpr%3A14%3Avf%3A15ly4knov7onia7cw1aby4%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A923%3Acn%3A1%3Adp%3A0%3Als%3A1311919842147%3Ahid%3A65875391%3Az%3A0%3Ai%3A20221125043434%3Aet%3A1669350874%3Ac%3A1%3Arn%3A700058684%3Arqn%3A8%3Au%3A1669350873358294287%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ans%3A1669350870843%3Aadb%3A2%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1669350874%3At%3Aonline%20xxx%20video%2032%20Pure%20Taboo%20-%20Gia%20Derza%20%7C%20art%20%7C%20hardcore%20porn%20hardcore%20sex%20reporter%20gif%20-%20XFantazy.com&t=gdpr(14)mc(p-7-h-1)clc(0-0-0)rqnt(8)aw(1)fip(1)rqnl(1)ti(2) HTTP/1.1
Host: mc.yandex.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://xfantazy.com
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 302 Found
location: /watch/49415098/1?page-url=https%3A%2F%2Fxfantazy.com%2Fvideo%2F6051542a4ce90e0b3a572b0b%3F&charset=utf-8&hittoken=1669350873_73ef624b1d644b5e2cfedad7294766650f23c2227fe97e18941e4b5ad51202e4&browser-info=pv%3A1%3Aar%3A1%3Agdpr%3A14%3Avf%3A15ly4knov7onia7cw1aby4%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A923%3Acn%3A1%3Adp%3A0%3Als%3A1311919842147%3Ahid%3A65875391%3Az%3A0%3Ai%3A20221125043434%3Aet%3A1669350874%3Ac%3A1%3Arn%3A700058684%3Arqn%3A8%3Au%3A1669350873358294287%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ans%3A1669350870843%3Aadb%3A2%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1669350874%3At%3Aonline%20xxx%20video%2032%20Pure%20Taboo%20-%20Gia%20Derza%20%7C%20art%20%7C%20hardcore%20porn%20hardcore%20sex%20reporter%20gif%20-%20XFantazy.com&t=gdpr%2814%29mc%28p-7-h-1%29clc%280-0-0%29rqnt%288%29aw%281%29fip%281%29rqnl%281%29ti%282%29
date: Fri, 25 Nov 2022 04:34:35 GMT
access-control-allow-origin: https://xfantazy.com
set-cookie: yandexuid=4125945971669350875; Expires=Sat, 25-Nov-2023 04:34:35 GMT; Domain=.yandex.ru; Path=/; SameSite=None; Secure
yuidss=4125945971669350875; Expires=Sat, 25-Nov-2023 04:34:35 GMT; Domain=.yandex.ru; Path=/; SameSite=None; Secure
yabs-sid=251531941669350875; Path=/; SameSite=None; Secure
i=dOq0H/37dz9Mcr3g6n6BaOXel27YiplGeYJFPTZMGtXImjB3SXjwYOVsAkEUzfy7pHvUzUzCzRKpowtQzGoS9A55ZQE=; Expires=Mon, 22-Nov-2032 04:34:28 GMT; Domain=.yandex.ru; Path=/; Secure; HttpOnly; SameSite=None
ymex=1700886875.yc.1669350875#1700886875.yrts.1669350875#1700886875.yrtsi.1669350875; Expires=Sat, 25-Nov-2023 04:34:35 GMT; Domain=.yandex.ru; Path=/; SameSite=None; Secure
access-control-allow-credentials: true
pragma: no-cache
x-xss-protection: 1; mode=block
expires: Fri, 25-Nov-2022 04:34:35 GMT
last-modified: Fri, 25-Nov-2022 04:34:35 GMT
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
a.naturalhealthsource.club/api/spots/303894?p=1&s1=%subid1%&kw=
135.181.208.216200 OK 0 B URL HTTP/2 a.naturalhealthsource.club/api/spots/303894?p=1&s1=%subid1%&kw=
IP 135.181.208.216:0
ASN #24940 Hetzner Online GmbH
GET /api/spots/303894?p=1&s1=%subid1%&kw= HTTP/1.1
Host: a.naturalhealthsource.club
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Cookie: nauid=KPnC3FUMOHbRfXMilo2d
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 25 Nov 2022 04:34:37 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
cache-control: private
content-encoding: gzip
X-Firefox-Spdy: h2
a.naturalhealthsource.club/api/spots/312873?p=1&s1=%subid1%&kw=
135.181.208.216200 OK 0 B URL HTTP/2 a.naturalhealthsource.club/api/spots/312873?p=1&s1=%subid1%&kw=
IP 135.181.208.216:0
ASN #24940 Hetzner Online GmbH
GET /api/spots/312873?p=1&s1=%subid1%&kw= HTTP/1.1
Host: a.naturalhealthsource.club
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Cookie: nauid=KPnC3FUMOHbRfXMilo2d
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 25 Nov 2022 04:34:37 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
cache-control: private
content-encoding: gzip
X-Firefox-Spdy: h2
a.naturalhealthsource.club/api/spots/312874?p=1&s1=%subid1%&kw=
135.181.208.216200 OK 0 B URL HTTP/2 a.naturalhealthsource.club/api/spots/312874?p=1&s1=%subid1%&kw=
IP 135.181.208.216:0
ASN #24940 Hetzner Online GmbH
GET /api/spots/312874?p=1&s1=%subid1%&kw= HTTP/1.1
Host: a.naturalhealthsource.club
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Cookie: nauid=KPnC3FUMOHbRfXMilo2d
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 25 Nov 2022 04:34:37 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
cache-control: private
content-encoding: gzip
X-Firefox-Spdy: h2
chaturbate.com/in/?track=xfanta&tour=x1Rd&campaign=NcAyU&c=3&p=0&gender=f
104.18.101.40302 Found 0 B URL HTTP/2 chaturbate.com/in/?track=xfanta&tour=x1Rd&campaign=NcAyU&c=3&p=0&gender=f
IP 104.18.101.40:0
GET /in/?track=xfanta&tour=x1Rd&campaign=NcAyU&c=3&p=0&gender=f HTTP/1.1
Host: chaturbate.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://cams.gratis/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
date: Fri, 25 Nov 2022 04:34:39 GMT
content-type: text/html; charset=utf-8
location: /tours/3/?tour=x1Rd&campaign=NcAyU&c=3&p=0&gender=f&disable_sound=0
p3p: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"
vary: Accept-Language, Cookie
content-language: en
content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.mmcdn.com https://*.highwebmedia.com https://*.chaturbate.com https://chaturbate.com https://ajax.googleapis.com https://js-agent.newrelic.com https://cdnjs.cloudflare.com https://www.google-analytics.com https://www.google.com/recaptcha/ https://www.google.com/cv/ https://www.gstatic.com/recaptcha/ https://www.gstatic.com/cv/ https://www.gstatic.com/eureka/ https://www.gstatic.com/cast/ https://*.nr-data.net https://certify-js.alexametrics.com https://player.vimeo.com/api/player.js http://static.hotjar.com https://static.hotjar.com https://script.hotjar.com ; style-src 'self' data: 'unsafe-inline' https://*.highwebmedia.com https://cdnjs.cloudflare.com https://fonts.googleapis.com ; img-src 'self' data: https://*.mmcdn.com https://*.highwebmedia.com https://*.stream.highwebmedia.com https://*.chaturbate.com https://chaturbate.com https://www.google-analytics.com https://static-pub.highwebmedia.com https://s3pv.highwebmedia.com https://cbphotovideo.s3.amazonaws.com https://cbphotovideo-eu.s3.amazonaws.com https://static-pub.highwebmedia.com.s3.amazonaws.com https://wowdvr.s3.amazonaws.com https://cbvideoupload.s3.amazonaws.com https://cdnjs.cloudflare.com https://www.gstatic.com https://*.nr-data.net https://certify.alexametrics.com https://stats.g.doubleclick.net https://cbgames.s3.amazonaws.com https://player.vimeo.com https://script.hotjar.com http://script.hotjar.com ; font-src 'self' data: https://*.mmcdn.com https://*.highwebmedia.com https://cdnjs.cloudflare.com https://fonts.gstatic.com http://script.hotjar.com https://script.hotjar.com ; connect-src 'self' blob: blob https://*.mmcdn.com wss://*.mmcdn.com wss://*.mmcdn.com:8443 https://*.highwebmedia.com wss://*.highwebmedia.com wss://*.highwebmedia.com:8443 https://*.nr-data.net https://*.chaturbate.com https://chaturbate.com https://www.google-analytics.com https://cbvideoupload.s3-accelerate.amazonaws.com https://stats.g.doubleclick.net https://internet-up.ably-realtime.com https://static-pub.highwebmedia.com https://s3pv.highwebmedia.com https://cbphotovideo.s3.amazonaws.com https://cbphotovideo-eu.s3.amazonaws.com https://static-pub.highwebmedia.com.s3.amazonaws.com https://wowdvr.s3.amazonaws.com https://cbvideoupload.s3.amazonaws.com https://tls-use1.fpapi.io https://use1.fptls.com https://eun1.fptls.com https://aps1.fptls.com http://*.hotjar.com:* https://*.hotjar.com:* https://vc.hotjar.io:* https://surveystats.hotjar.io wss://*.hotjar.com ; media-src 'self' https://*.mmcdn.com https://*.highwebmedia.com https://*.chaturbate.com https://chaturbate.com mediasource: blob: data: https://static-pub.highwebmedia.com https://s3pv.highwebmedia.com https://cbphotovideo.s3.amazonaws.com https://cbphotovideo-eu.s3.amazonaws.com https://static-pub.highwebmedia.com.s3.amazonaws.com https://wowdvr.s3.amazonaws.com https://cbvideoupload.s3.amazonaws.com; object-src 'self' https://*.mmcdn.com https://*.highwebmedia.com https://download.macromedia.com https://static-pub.highwebmedia.com https://s3pv.highwebmedia.com https://cbphotovideo.s3.amazonaws.com https://cbphotovideo-eu.s3.amazonaws.com https://static-pub.highwebmedia.com.s3.amazonaws.com https://wowdvr.s3.amazonaws.com https://cbvideoupload.s3.amazonaws.com ; frame-src 'self' https://*.mmcdn.com https://*.chaturbate.com https://chaturbate.com https://*.highwebmedia.com https://adserver.exoticads.com https://www.google.com/recaptcha/ https://*.wnu.com https://wnu.com https://checkout.2000charge.com https://www.sofort.com https://*.girogate.de https://player.vimeo.com https://vars.hotjar.com ; child-src 'self' blob: blob ; worker-src 'self' blob: blob ; form-action 'self' https://*.chaturbate.com https://chaturbate.com https://*.stream.highwebmedia.com https://www.coinpayments.net https://*.wnu.com https://wnu.com https://devportal.cb.dev https://*.web.amer-1.jumio.ai https://smartpay.coinsmart.com ; manifest-src 'self' https://*.mmcdn.com https://*.highwebmedia.com ; report-uri https://report-uri.mmcdn.com/r/t/csp/enforce;
report-to: {"group":"default","max_age":2592000,"endpoints":[{"url":"https://report-uri.mmcdn.com/a/t/g"}],"include_subdomains":true}
nel: {"report_to":"default","max_age":2592000,"include_subdomains":true}
x-frame-options: DENY
cache-control: no-cache
x-content-type-options: nosniff
x-xss-protection: 1; mode=block; report=https://report-uri.highwebmedia.com/r/t/xss/enforce
referrer-policy: strict-origin-when-cross-origin
via: 1.1 google
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cf-cache-status: DYNAMIC
set-cookie: u_x1Rd=1; expires=Wed, 30-Nov-2022 04:34:39 GMT; Max-Age=432000; Path=/
us_x1Rd=1; Path=/
affkey="eJyrVipRslJQqjAMSlHSUVBKzi0Acf2SHStDQfySomywdFpiXkkiSKAIxM0oKSkottLXT07MLdZLL0osySzWB0kmpqWBpHMTKyoqclNTMhONDAwtQBJgQ40MlWoBzegfMA=="; Domain=.chaturbate.com; expires=Sun, 25-Dec-2022 04:34:39 GMT; Max-Age=2592000; Path=/
fromaffiliate=1; Domain=.chaturbate.com; Path=/
noads=1; expires=Fri, 25-Nov-2022 10:34:39 GMT; Max-Age=21600; Path=/
sbr=sec:sbre3faa40c-9d13-4d17-a1f6-70e1271c5cb5:1oyQQB:5m_T5xzjmgt8ehxXGeXAQ_nT_hk; Domain=.chaturbate.com; expires=Wed, 20-Aug-2025 04:34:39 GMT; HttpOnly; Max-Age=86313600; Path=/; Secure
__cf_bm=trGhF.HPInQ9oHo9XuCLzMBnNPjAhaotjCj5RHlVZes-1669350879-0-AfRzI/M04rZvegIn6I+h5u858lalMgEs6O438JVnxmB9GvIrLt1csD/jjSYiKV+kL/NInalNH8n/fGmDmMoEXho=; path=/; expires=Fri, 25-Nov-22 05:04:39 GMT; domain=.chaturbate.com; HttpOnly; Secure; SameSite=None
strict-transport-security: max-age=31536000; includeSubDomains; preload
server: cloudflare
cf-ray: 76f7ac516e8fb4fd-OSL
X-Firefox-Spdy: h2