xfantazy.com/video/5fa9094a0c205613746667b6
172.64.163.22302 Found 0 B URL HTTP/1.1 xfantazy.com/video/5fa9094a0c205613746667b6
IP 172.64.163.22:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /video/5fa9094a0c205613746667b6 HTTP/1.1
Host: xfantazy.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 302 Found
Date: Fri, 02 Dec 2022 07:31:12 GMT
Content-Length: 0
Connection: keep-alive
location: https://xfantazy.com/video/5fa9094a0c205613746667b6
cache-control: no-cache
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=DmUjF4BBoO77c7rIVSFkBZ3yu1YPq6uxnWaDmzPWlzfpV3XWFysa9%2F7O%2F7%2BNRmDhQK19PhR0Mt1%2FHsednoc5LC690q17Gey9d4vIoZ9OCE8q0YIzh1%2FfCgFOPBZ07Uo%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 77325c93dcc375cb-LHR
alt-svc: h2=":443"; ma=60
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 3bbb845b153026fc5332dd4506585b57
3cad200fac28fd00f34ce6ef79373e661e188743
6035871c0de6ff2d120921461207cfa32bc286e1fe78849ce74815ffbb9ff950
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "6035871C0DE6FF2D120921461207CFA32BC286E1FE78849CE74815FFBB9FF950"
Last-Modified: Thu, 01 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3498
Expires: Fri, 02 Dec 2022 08:29:30 GMT
Date: Fri, 02 Dec 2022 07:31:12 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 55b4c61a1e99001307750e3647fe1102
7559f9f6770b7d3f45b723167062096312641e08
39f6bb64420bcfc8f0b010168fd35b67732984cd0698409f04d5ae40410422aa
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "39F6BB64420BCFC8F0B010168FD35B67732984CD0698409F04D5AE40410422AA"
Last-Modified: Thu, 01 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8623
Expires: Fri, 02 Dec 2022 09:54:55 GMT
Date: Fri, 02 Dec 2022 07:31:12 GMT
Connection: keep-alive
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 0c748388899e8a8d3680355da2ea5020
903c620cd137613daafb0da0508c37b2f4a67212
39eab80e022a9a1732872d9926b0ace80f818ec5c535e36a18b539ea63786fb2
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5954
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Fri, 02 Dec 2022 07:31:12 GMT
Last-Modified: Fri, 02 Dec 2022 05:51:58 GMT
Server: ECS (ska/F713)
X-Cache: HIT
Content-Length: 471
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain
34.160.144.191200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain
IP 34.160.144.191:0
File type PEM certificate\012- , ASCII text
Hash 9ebddc2b260d081ebbefee47c037cb28
492bad62a7ca6a74738921ef5ae6f0be5edebf39
74bbb7cba16f7d084a08a0907d47d7496e5c148f904707ec6950f8f6a61027e5
GET /chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: V+zIgpfLcb/B8GJHVoft4en10a2CQX2pUnXaQbuYGPg9l99TGnsP/VRZQvqPsZNcyDgUzOjWULWrIyraeNO+fg==
x-amz-request-id: 9G2R535HQS60R1M1
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Fri, 02 Dec 2022 06:46:00 GMT
age: 2712
last-modified: Thu, 10 Nov 2022 09:21:27 GMT
etag: "9ebddc2b260d081ebbefee47c037cb28"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
firefox.settings.services.mozilla.com/v1/
34.102.187.140200 OK 939 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/
IP 34.102.187.140:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash 30db107dcf4380cef05efea409c2e6a3
96e6a306fbc07299aba64e5c14e2bfca35872fa9
b64051a4a8e346e3c72b2aef77f360a5736ab5e16711d8e0bae3876feaa15b6e
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Retry-After, Content-Type, Backoff, Content-Length, Alert
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Fri, 02 Dec 2022 07:18:11 GMT
cache-control: public,max-age=3600
content-type: application/json
age: 781
alt-svc: clear
X-Firefox-Spdy: h2
ocsp.pki.goog/s/gts1p5/PrU7zFTubJs
142.250.74.131200 OK 471 B URL HTTP/1.1 ocsp.pki.goog/s/gts1p5/PrU7zFTubJs
IP 142.250.74.131:0
Hash 1c019ed7c3e83ba44b83c599d7cacb50
ba2df387477d36733df9f9b504db80a9a24aa39e
716702f5bd3eb7cbd12229ab6dd8e4aca76766fe03d9dd36667c0fdb10e98cc0
POST /s/gts1p5/PrU7zFTubJs HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 02 Dec 2022 07:31:13 GMT
Cache-Control: public, max-age=14400
Server: scaffolding on HTTPServer2
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Fri, 02 Dec 2022 07:31:12 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
34.102.187.140200 OK 329 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 34.102.187.140:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Last-Modified, Retry-After, Cache-Control, Content-Type, Pragma, Backoff, ETag, Expires, Content-Length, Alert
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Fri, 02 Dec 2022 07:08:57 GMT
cache-control: public,max-age=3600
age: 1336
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
alt-svc: clear
X-Firefox-Spdy: h2
ocsp.pki.goog/s/gts1p5/PrU7zFTubJs
142.250.74.131200 OK 471 B URL HTTP/1.1 ocsp.pki.goog/s/gts1p5/PrU7zFTubJs
IP 142.250.74.131:0
Hash 1c019ed7c3e83ba44b83c599d7cacb50
ba2df387477d36733df9f9b504db80a9a24aa39e
716702f5bd3eb7cbd12229ab6dd8e4aca76766fe03d9dd36667c0fdb10e98cc0
POST /s/gts1p5/PrU7zFTubJs HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 02 Dec 2022 07:31:13 GMT
Cache-Control: public, max-age=14400
Server: scaffolding on HTTPServer2
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 05917f7542a781275c12d43562be1507
1ea730e7e2b5a84fb0341ef9a64b141a4dd469b3
2f24492a077b583bd9dfe049c16c60b219d950712879f187ff2160214df9bd0e
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 02 Dec 2022 07:31:13 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 1f88399f3fdd89dbb9ca1229cb67143a
325c9dbfd932cf9a6fb9fab2dd8e27083f55a9a3
831ecd45dcd2d5ae2ae86cd63ea5e94ecd85281b7e51054af5df9a6386fb8d79
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6001
Cache-Control: max-age=98137
Content-Type: application/ocsp-response
Date: Fri, 02 Dec 2022 07:31:13 GMT
Etag: "63886ea9-1d7"
Expires: Sat, 03 Dec 2022 10:46:50 GMT
Last-Modified: Thu, 01 Dec 2022 09:06:49 GMT
Server: ECS (ska/F713)
X-Cache: HIT
Content-Length: 471
ocsp.sectigo.com/
104.18.32.68200 OK 472 B IP 104.18.32.68:0
Hash c4d9bada5f275432ee52bc8e20400dc0
1ffe803d60e7cb74bc9a1e6722950d03a3c342cd
2481c6cb423e76b181e3695eb38787792e9ab9b05cdf83961a74f9adb24c04c4
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 02 Dec 2022 07:31:13 GMT
Content-Type: application/ocsp-response
Content-Length: 472
Connection: keep-alive
Last-Modified: Tue, 29 Nov 2022 15:14:23 GMT
Expires: Tue, 06 Dec 2022 15:14:22 GMT
Etag: "1ffe803d60e7cb74bc9a1e6722950d03a3c342cd"
Cache-Control: max-age=372788,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb5
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 77325c9a6b070b55-OSL
ocsp.sectigo.com/
104.18.32.68200 OK 472 B IP 104.18.32.68:0
Hash c4d9bada5f275432ee52bc8e20400dc0
1ffe803d60e7cb74bc9a1e6722950d03a3c342cd
2481c6cb423e76b181e3695eb38787792e9ab9b05cdf83961a74f9adb24c04c4
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 02 Dec 2022 07:31:13 GMT
Content-Type: application/ocsp-response
Content-Length: 472
Connection: keep-alive
Last-Modified: Tue, 29 Nov 2022 15:14:23 GMT
Expires: Tue, 06 Dec 2022 15:14:22 GMT
Etag: "1ffe803d60e7cb74bc9a1e6722950d03a3c342cd"
Cache-Control: max-age=372788,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb6
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 77325c9a59ffb4f1-OSL
ocsp.sectigo.com/
104.18.32.68200 OK 472 B IP 104.18.32.68:0
Hash c4d9bada5f275432ee52bc8e20400dc0
1ffe803d60e7cb74bc9a1e6722950d03a3c342cd
2481c6cb423e76b181e3695eb38787792e9ab9b05cdf83961a74f9adb24c04c4
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 02 Dec 2022 07:31:13 GMT
Content-Type: application/ocsp-response
Content-Length: 472
Connection: keep-alive
Last-Modified: Tue, 29 Nov 2022 15:14:23 GMT
Expires: Tue, 06 Dec 2022 15:14:22 GMT
Etag: "1ffe803d60e7cb74bc9a1e6722950d03a3c342cd"
Cache-Control: max-age=372788,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb2
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 77325c9a6b23b524-OSL
static-cache.k2s.cc/thumbnail/cr_G6CKmm6_t_jWQ-Q/w320h240/0.jpeg
188.72.235.184200 OK 7.7 kB URL HTTP/2 static-cache.k2s.cc/thumbnail/cr_G6CKmm6_t_jWQ-Q/w320h240/0.jpeg
IP 188.72.235.184:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v80), quality = 80", baseline, precision 8, 320x240, components 3\012- data
Hash c782a06f70f2e4de9a8c57ea81fa9d3f
c282dd5dc5ff1346feeeeded21aa7602469a0847
a0aaf82ed8b4e5836dcee45c6e5076122682287cd4634497dddd0d7006a16c54
GET /thumbnail/cr_G6CKmm6_t_jWQ-Q/w320h240/0.jpeg HTTP/1.1
Host: static-cache.k2s.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: openresty
date: Fri, 02 Dec 2022 07:31:13 GMT
content-type: image/jpeg
content-length: 7663
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
strict-transport-security: max-age=15768000; preload
x-cache-status: HIT, HIT
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 05917f7542a781275c12d43562be1507
1ea730e7e2b5a84fb0341ef9a64b141a4dd469b3
2f24492a077b583bd9dfe049c16c60b219d950712879f187ff2160214df9bd0e
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 02 Dec 2022 07:31:13 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 8cd876589951719c94a6d49d1494bdbd
01600c8bb95fac543696e509b3e452b90d844572
e03942321526a2303220b1abd51f82f1d4cf80e0dd22a2582cf809b8bd729521
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 02 Dec 2022 07:31:13 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
static-cache.k2s.cc/thumbnail/J-SQvnL0zfq5-D-V-g/w320h240/0.jpeg
188.72.235.184200 OK 9.3 kB URL HTTP/2 static-cache.k2s.cc/thumbnail/J-SQvnL0zfq5-D-V-g/w320h240/0.jpeg
IP 188.72.235.184:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v80), quality = 80", baseline, precision 8, 320x240, components 3\012- data
Hash 15da2238d77a9baccc07d118ff17bb1b
8b2b5a40e352b4df735aa7fc234faec8d0e78be3
8fdc580606936ab24b3871f4f29d817f2f2c5c0f0b103f1a84b80f7ea960fb56
GET /thumbnail/J-SQvnL0zfq5-D-V-g/w320h240/0.jpeg HTTP/1.1
Host: static-cache.k2s.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: openresty
date: Fri, 02 Dec 2022 07:31:13 GMT
content-type: image/jpeg
content-length: 9326
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
access-control-allow-origin: *
x-cache-status: HIT
X-Firefox-Spdy: h2
static-cache.k2s.cc/thumbnail/LOTG6XGlyansrDqX-A/w320h240/0.jpeg
188.72.235.184200 OK 9.7 kB URL HTTP/2 static-cache.k2s.cc/thumbnail/LOTG6XGlyansrDqX-A/w320h240/0.jpeg
IP 188.72.235.184:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v80), quality = 80", baseline, precision 8, 320x240, components 3\012- data
Hash 533d67d040c590dff40b1fee6bb46583
8addc563ce5ccd26222781d669ea807fb2e198fd
f1ce903054a94781208694aa26688282c158dea65f22cbd5aa65f93709e171bb
GET /thumbnail/LOTG6XGlyansrDqX-A/w320h240/0.jpeg HTTP/1.1
Host: static-cache.k2s.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: openresty
date: Fri, 02 Dec 2022 07:31:13 GMT
content-type: image/jpeg
content-length: 9684
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
strict-transport-security: max-age=15768000; preload
x-cache-status: MISS, HIT
X-Firefox-Spdy: h2
ocsp.sectigo.com/
104.18.32.68200 OK 472 B IP 104.18.32.68:0
Hash c4d9bada5f275432ee52bc8e20400dc0
1ffe803d60e7cb74bc9a1e6722950d03a3c342cd
2481c6cb423e76b181e3695eb38787792e9ab9b05cdf83961a74f9adb24c04c4
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 02 Dec 2022 07:31:13 GMT
Content-Type: application/ocsp-response
Content-Length: 472
Connection: keep-alive
Last-Modified: Tue, 29 Nov 2022 15:14:23 GMT
Expires: Tue, 06 Dec 2022 15:14:22 GMT
Etag: "1ffe803d60e7cb74bc9a1e6722950d03a3c342cd"
Cache-Control: max-age=372788,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb5
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 77325c9a6d211c06-OSL
www.googletagmanager.com/gtm.js?id=GTM-PLKQLTX
142.250.74.168200 OK 54 kB URL HTTP/2 www.googletagmanager.com/gtm.js?id=GTM-PLKQLTX
IP 142.250.74.168:0
File type ASCII text, with very long lines (15971)
Hash 957c0f13adfea7be9ccfb8b7d126320a
544ddd3355c62b5816a748f84e1dbe8dbb39ff5f
1565a94fa03f12784cc5c6bd8e996d54473f7997828307153054c80410542fce
GET /gtm.js?id=GTM-PLKQLTX HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Fri, 02 Dec 2022 07:31:13 GMT
expires: Fri, 02 Dec 2022 07:31:13 GMT
cache-control: private, max-age=900
last-modified: Fri, 02 Dec 2022 06:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 54306
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
static-cache.k2s.cc/thumbnail/d74b390a43634/main/0.jpeg
188.72.235.184200 OK 31 kB URL HTTP/2 static-cache.k2s.cc/thumbnail/d74b390a43634/main/0.jpeg
IP 188.72.235.184:0
File type JPEG image data, JFIF standard 1.02, aspect ratio, density 1x1, segment length 16, comment: "Lavc58.35.100", baseline, precision 8, 1280x720, components 3\012- data
Hash 5033ffed79d095b4231b0d36b6491c3d
c84d5d45bc7cc7311273936c509dba37a6bcda99
f758084c479af15fcc866ee8ccac7029cbfe5f11ce19482529c9616562b8da66
GET /thumbnail/d74b390a43634/main/0.jpeg HTTP/1.1
Host: static-cache.k2s.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: openresty
date: Fri, 02 Dec 2022 07:31:13 GMT
content-type: image/jpeg
content-length: 30559
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
access-control-allow-origin: *
x-cache-status: HIT
X-Firefox-Spdy: h2
push.services.mozilla.com/
35.86.38.2101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 35.86.38.2:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: ADLxZns9KHU7rX8imYlM2w==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: CKFjb5xLQURq0Ba7jILi76hDNco=
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 8cd876589951719c94a6d49d1494bdbd
01600c8bb95fac543696e509b3e452b90d844572
e03942321526a2303220b1abd51f82f1d4cf80e0dd22a2582cf809b8bd729521
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 02 Dec 2022 07:31:13 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 27002fde234e78c7bde340bc621e933f
1bdbe4f1861601b9300101a1e6b3c143ce077e03
48d453fd9ded729e4775519885c13140e44421fe5a8c07fc464c9a354a04ef8f
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 02 Dec 2022 07:31:13 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 27002fde234e78c7bde340bc621e933f
1bdbe4f1861601b9300101a1e6b3c143ce077e03
48d453fd9ded729e4775519885c13140e44421fe5a8c07fc464c9a354a04ef8f
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 02 Dec 2022 07:31:13 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 27002fde234e78c7bde340bc621e933f
1bdbe4f1861601b9300101a1e6b3c143ce077e03
48d453fd9ded729e4775519885c13140e44421fe5a8c07fc464c9a354a04ef8f
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 02 Dec 2022 07:31:13 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2
142.250.74.163200 OK 16 kB URL HTTP/2 fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2
IP 142.250.74.163:0
File type Web Open Font Format (Version 2), TrueType, length 15744, version 1.0\012- data
Hash 15d9f621c3bd1599f0169dcf0bd5e63e
7ca9c5967f3bb8bffeab24b639b49c1e7d03fa52
f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615
GET /s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://xfantazy.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15744
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 30 Nov 2022 19:34:08 GMT
expires: Thu, 30 Nov 2023 19:34:08 GMT
cache-control: public, max-age=31536000
age: 129425
last-modified: Wed, 11 May 2022 19:24:48 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
fonts.googleapis.com/css?family=Roboto:100,300,400,500,700&display=swap
142.250.74.106200 OK 17 kB URL HTTP/2 fonts.googleapis.com/css?family=Roboto:100,300,400,500,700&display=swap
IP 142.250.74.106:0
Hash 18f890ab7f73076c95bd141ecd362190
46dc5f6499c925cf890f009a553a00251a2414bc
2093b2666dfdfaed05efa02560c1ad5068024732c504cdd4f66c988bacf870e3
GET /css?family=Roboto:100,300,400,500,700&display=swap HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Fri, 02 Dec 2022 07:31:13 GMT
date: Fri, 02 Dec 2022 07:31:13 GMT
cache-control: private, max-age=86400
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2
142.250.74.163200 OK 16 kB URL HTTP/2 fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2
IP 142.250.74.163:0
File type Web Open Font Format (Version 2), TrueType, length 15860, version 1.0\012- data
Hash e9f5aaf547f165386cd313b995dddd8e
acdef5603c2387b0e5bffd744b679a24a8bc1968
f5aebdfea35d1e7656ef4acc5db1f243209755ae3300943ef8fc6280f363c860
GET /s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://xfantazy.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15860
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 30 Nov 2022 18:53:49 GMT
expires: Thu, 30 Nov 2023 18:53:49 GMT
cache-control: public, max-age=31536000
age: 131844
last-modified: Wed, 11 May 2022 19:24:42 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 27002fde234e78c7bde340bc621e933f
1bdbe4f1861601b9300101a1e6b3c143ce077e03
48d453fd9ded729e4775519885c13140e44421fe5a8c07fc464c9a354a04ef8f
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 02 Dec 2022 07:31:13 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
cdn.jsdelivr.net/npm/yandex-metrica-watch/tag.js
151.101.193.229200 OK 85 kB URL HTTP/2 cdn.jsdelivr.net/npm/yandex-metrica-watch/tag.js
IP 151.101.193.229:0
File type Unicode text, UTF-8 (with BOM) text, with very long lines (586)
Hash 38bcc0f8505c69e2c6fe7f07747a688d
0f67a6ec36f89ac04a363efeec43ef2840508691
e499aad948729045fb029421fdc1dba4aa4cd0f4f1476d0aa74bdb8b8d48a06c
GET /npm/yandex-metrica-watch/tag.js HTTP/1.1
Host: cdn.jsdelivr.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: *
timing-allow-origin: *
cache-control: public, max-age=604800, s-maxage=43200
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/javascript; charset=utf-8
x-jsd-version: 1.250.0
x-jsd-version-type: version
etag: W/"346dd-nsZLR4YN/Jfyl2nmrii/8cxDozY"
content-encoding: gzip
accept-ranges: bytes
date: Fri, 02 Dec 2022 07:31:14 GMT
age: 4003
x-served-by: cache-fra-eddf8230060-FRA, cache-bma1644-BMA
x-cache: HIT, HIT
vary: Accept-Encoding
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 85055
X-Firefox-Spdy: h2
xfantazy.com/_next/static/chunks/47.6c9a4510342e4dd3af77.js
172.64.162.22200 OK 2.3 kB URL HTTP/2 xfantazy.com/_next/static/chunks/47.6c9a4510342e4dd3af77.js
IP 172.64.162.22:0
File type ASCII text, with very long lines (1568), with no line terminators
Hash f7c61d8b4345e1e887cb1c4f7cfcef95
5da87fd73dc3eb3d8bd2f90f793fa82d8fa4c86e
501c972dbecf6108b175fe40a92bfcedb488435cd9d045c4d72ff0b085066035
GET /_next/static/chunks/47.6c9a4510342e4dd3af77.js HTTP/1.1
Host: xfantazy.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/video/5fa9094a0c205613746667b6
Cookie: visitorId=b42rsi6fzq7hn6h9fdrixc; experiment-popup-payment-7=0; experiment-save-to-button-2=0
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Fri, 02 Dec 2022 07:31:13 GMT
content-type: application/javascript; charset=UTF-8
cf-bgj: minify
cache-control: public, max-age=31536000, immutable
etag: W/"620-17e057a0516"
last-modified: Wed, 29 Dec 2021 09:16:29 GMT
vary: Origin, Accept-Encoding
cf-cache-status: HIT
age: 28689316
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=oSfeyG6aaMN586s8NNczZyjyh23QybdWYSn%2BDonvPHy7lIoA%2F2xaPOMxLsCaSuzpHPQd6l%2F9fiuh0e5GrUNVKxR83z5jE5exH2JJ%2B9n7vSg8idA3kKrKBTHRinZCCrg%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 77325c99ae2e71c6-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
www.google-analytics.com/analytics.js
216.239.32.178200 OK 20 kB URL HTTP/2 www.google-analytics.com/analytics.js
IP 216.239.32.178:0
File type ASCII text, with very long lines (1325)
Hash 47e6f374ca946fddd5b59871b325736c
baa9282efc8785e84d247c3bff518eaa45f101c4
16580b5c87c58e5702e411f1888fdef511094e4cd6d62bb47d16291ffb25985e
GET /analytics.js HTTP/1.1
Host: www.google-analytics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 20039
date: Fri, 02 Dec 2022 06:46:55 GMT
expires: Fri, 02 Dec 2022 08:46:55 GMT
cache-control: public, max-age=7200
age: 2659
last-modified: Tue, 27 Sep 2022 22:01:05 GMT
content-type: text/javascript
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
xfantazy.com/_next/static/pSlyoXy7R5nE6sbZsP0Ue/pages/_app.js
172.64.162.22200 OK 53 kB URL HTTP/2 xfantazy.com/_next/static/pSlyoXy7R5nE6sbZsP0Ue/pages/_app.js
IP 172.64.162.22:0
File type ASCII text, with very long lines (65536), with no line terminators
Hash 5f49c6d8a13a45c8b846335a6bb6070c
246da3bd9d7663f15c1e0a32d05b05f8a9fc2cf0
23190f59ae6514cc8229acd806169e410c0b66d19450d5f78564a04d13a3effb
GET /_next/static/pSlyoXy7R5nE6sbZsP0Ue/pages/_app.js HTTP/1.1
Host: xfantazy.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/video/5fa9094a0c205613746667b6
Cookie: visitorId=b42rsi6fzq7hn6h9fdrixc; experiment-popup-payment-7=0; experiment-save-to-button-2=0
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Fri, 02 Dec 2022 07:31:13 GMT
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=31536000, immutable
cf-bgj: minify
etag: W/"20e2f-1835016291c"
last-modified: Sun, 18 Sep 2022 10:12:53 GMT
vary: Origin, Accept-Encoding
cf-cache-status: HIT
age: 6469986
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=goWvRkRadqOSZDGh8GCKzX2uFj7POlN6PBAPuFltmLF%2F2wEpTaBJ1E3ND4ihZbCoPRM54BKLxhGCe1ywzfnf29FC0XGm%2FYaxkXn15BNpxHiE0k1uPDkLnXlB9TLYAkI%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 77325c999e1f71c6-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 0b3a33a5de8ca9485b1d064aea17e1ec
30a32bd8cdbb1b1fb9478689671750ba219736f8
c7fc541e0e0dc3c3301bb41e640778d0f6f2edc258ef6270d9ed05e41f47f7a8
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C7FC541E0E0DC3C3301BB41E640778D0F6F2EDC258EF6270D9ED05E41F47F7A8"
Last-Modified: Thu, 01 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=242
Expires: Fri, 02 Dec 2022 07:35:16 GMT
Date: Fri, 02 Dec 2022 07:31:14 GMT
Connection: keep-alive
xfantazy.com/_next/static/runtime/main-8daa673a54696bb62abb.js
172.64.162.22200 OK 26 kB URL HTTP/2 xfantazy.com/_next/static/runtime/main-8daa673a54696bb62abb.js
IP 172.64.162.22:0
File type ASCII text, with very long lines (65536), with no line terminators
Hash 55ee7e4fff13f54ba37fc047cd1dac93
6bff956436102fff2b6fb429818545d6fdead696
f050676a1bcd6057a19c9131f56465277b4d4a341c39f8f98fcdbe34d5d5f3f9
GET /_next/static/runtime/main-8daa673a54696bb62abb.js HTTP/1.1
Host: xfantazy.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/video/5fa9094a0c205613746667b6
Cookie: visitorId=b42rsi6fzq7hn6h9fdrixc; experiment-popup-payment-7=0; experiment-save-to-button-2=0
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Fri, 02 Dec 2022 07:31:13 GMT
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=31536000, immutable
cf-bgj: minify
etag: W/"11cd7-1835016572f"
last-modified: Sun, 18 Sep 2022 10:13:04 GMT
vary: Origin, Accept-Encoding
cf-cache-status: HIT
age: 3197263
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=azUcZqv4CzxmLIuc9XjsbVWoCMEB01HKiI4koDRSga%2B8oGZMjMpC7xGDM82GxLABlowdP%2FPqEX1Kdb2dFBAjeMJ4dl%2BLUqwWk3SMl381B2dTKuJTvoAAxey9EmEJX1s%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 77325c99be5271c6-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
skiingsettling.com/21/fe/39/21fe3950f412e026c33f1b6cee613eba.js
173.233.137.60200 OK 14 kB URL HTTP/1.1 skiingsettling.com/21/fe/39/21fe3950f412e026c33f1b6cee613eba.js
IP 173.233.137.60:0
Hash 7888a2b194f4ddd431e117e4a95830f5
add2effa47a7ba09e9bc9b395c6b191da7997f2b
4a67dd0f01dde7cc8e37053c44c2162eb61fb659bd8a8d42c27580addee51a94
Analyzer Verdict Alert quad9 Sinkholed
GET /21/fe/39/21fe3950f412e026c33f1b6cee613eba.js HTTP/1.1
Host: skiingsettling.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Fri, 02 Dec 2022 07:31:14 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 65a2ef4367e2abb7243db106cc273a0c
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
exploredefinitely.com/a2/f9/90/a2f990f10476061c719d1c1aa3a2ecd2.js
173.233.139.164200 OK 13 kB URL HTTP/1.1 exploredefinitely.com/a2/f9/90/a2f990f10476061c719d1c1aa3a2ecd2.js
IP 173.233.139.164:0
File type ASCII text, with very long lines (37167), with no line terminators
Hash a691cf4527714a96132b23c0c0982548
eef0255221c09fbb855df8f999683c6f28ba5ec7
7a4797d4b949cb1b6160ad9bbbd78bef759c11466ee6eea0273da3ce7bf7fc64
GET /a2/f9/90/a2f990f10476061c719d1c1aa3a2ecd2.js HTTP/1.1
Host: exploredefinitely.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Fri, 02 Dec 2022 07:31:14 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 598dd71906fd1637461da6fc08981d18
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
ocsp.globalsign.com/gseccovsslca2018
104.18.20.226200 OK 1.9 kB URL HTTP/1.1 ocsp.globalsign.com/gseccovsslca2018
IP 104.18.20.226:0
Hash b216d1afc67f7338295c129522652ad6
d6286cfa040d07111ec9d8009a5544e42e3701b4
e4b91fa813024f4e228b23bb5c01e580843ea8f59c7cbbe72ff49435afa9919c
POST /gseccovsslca2018 HTTP/1.1
Host: ocsp.globalsign.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 79
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 02 Dec 2022 07:31:14 GMT
Content-Type: application/ocsp-response
Content-Length: 939
Connection: keep-alive
Expires: Tue, 06 Dec 2022 05:29:14 GMT
ETag: "01087c0c47937725a777b88b2423b2a721eec702"
Last-Modified: Fri, 02 Dec 2022 05:29:15 GMT
Cache-Control: public, no-transform, must-revalidate, s-maxage=3600
CF-Cache-Status: HIT
Age: 1063
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 77325ca25f1fb4ee-OSL
e1.o.lencr.org/
23.36.76.226200 OK 345 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 22697cff4db5ea5a4c791ce4358a971f
fa4d1ffe6a7354f75e8607231f57a5728e87dfb3
61575c6d3a055a65d09622357da8cdf97d57b96ed8d1d4a7360bd8432931d638
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "61575C6D3A055A65D09622357DA8CDF97D57B96ED8D1D4A7360BD8432931D638"
Last-Modified: Thu, 01 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6002
Expires: Fri, 02 Dec 2022 09:11:16 GMT
Date: Fri, 02 Dec 2022 07:31:14 GMT
Connection: keep-alive
e1.o.lencr.org/
23.36.76.226200 OK 345 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 22697cff4db5ea5a4c791ce4358a971f
fa4d1ffe6a7354f75e8607231f57a5728e87dfb3
61575c6d3a055a65d09622357da8cdf97d57b96ed8d1d4a7360bd8432931d638
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "61575C6D3A055A65D09622357DA8CDF97D57B96ED8D1D4A7360BD8432931D638"
Last-Modified: Thu, 01 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6002
Expires: Fri, 02 Dec 2022 09:11:16 GMT
Date: Fri, 02 Dec 2022 07:31:14 GMT
Connection: keep-alive
mc.yandex.ru/watch/49415098/1?wmode=7&page-url=https%3A%2F%2Fxfantazy.com%2Fvideo%2F5fa9094a0c205613746667b6&charset=utf-8&browser-info=pv%3A1%3Avf%3A2b7w95bdqfdb0kzrg7tcl8%3Afp%3A1374%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A933%3Acn%3A1%3Adp%3A0%3Als%3A759258217807%3Ahid%3A719502973%3Az%3A0%3Ai%3A20221202073113%3Aet%3A1669966273%3Ac%3A1%3Arn%3A427718169%3Arqn%3A1%3Au%3A1669966273884293464%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ads%3A2%2C113%2C406%2C0%2C365%2C0%2C%2C288%2C7%2C%2C%2C%2C1387%3Aco%3A0%3Ans%3A1669966270844%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1669966273%3At%3APutalocura.com-%20Qie%20Ana%20Spears%20-%20Spanish%20Glory%20Hole%20-%20XFantazy.com&t=gdpr%2814%29clc%280-0-0%29rqnt%281%29aw%281%29fip%281%29ti%282%29
93.158.134.119200 OK 419 B URL HTTP/2 mc.yandex.ru/watch/49415098/1?wmode=7&page-url=https%3A%2F%2Fxfantazy.com%2Fvideo%2F5fa9094a0c205613746667b6&charset=utf-8&browser-info=pv%3A1%3Avf%3A2b7w95bdqfdb0kzrg7tcl8%3Afp%3A1374%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A933%3Acn%3A1%3Adp%3A0%3Als%3A759258217807%3Ahid%3A719502973%3Az%3A0%3Ai%3A20221202073113%3Aet%3A1669966273%3Ac%3A1%3Arn%3A427718169%3Arqn%3A1%3Au%3A1669966273884293464%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ads%3A2%2C113%2C406%2C0%2C365%2C0%2C%2C288%2C7%2C%2C%2C%2C1387%3Aco%3A0%3Ans%3A1669966270844%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1669966273%3At%3APutalocura.com-%20Qie%20Ana%20Spears%20-%20Spanish%20Glory%20Hole%20-%20XFantazy.com&t=gdpr%2814%29clc%280-0-0%29rqnt%281%29aw%281%29fip%281%29ti%282%29
IP 93.158.134.119:0
File type JSON data\012- , ASCII text, with very long lines (419), with no line terminators
Hash f3641ef438faca89b17496cbbe960fab
933f7057ccf7509a8bf9efc2197e5f853faf638a
9365c09ef9c782da138aba4a17a92d679860b1035b4f20bcba7bfce9e9cdfba3
GET /watch/49415098/1?wmode=7&page-url=https%3A%2F%2Fxfantazy.com%2Fvideo%2F5fa9094a0c205613746667b6&charset=utf-8&browser-info=pv%3A1%3Avf%3A2b7w95bdqfdb0kzrg7tcl8%3Afp%3A1374%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A933%3Acn%3A1%3Adp%3A0%3Als%3A759258217807%3Ahid%3A719502973%3Az%3A0%3Ai%3A20221202073113%3Aet%3A1669966273%3Ac%3A1%3Arn%3A427718169%3Arqn%3A1%3Au%3A1669966273884293464%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ads%3A2%2C113%2C406%2C0%2C365%2C0%2C%2C288%2C7%2C%2C%2C%2C1387%3Aco%3A0%3Ans%3A1669966270844%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1669966273%3At%3APutalocura.com-%20Qie%20Ana%20Spears%20-%20Spanish%20Glory%20Hole%20-%20XFantazy.com&t=gdpr%2814%29clc%280-0-0%29rqnt%281%29aw%281%29fip%281%29ti%282%29 HTTP/1.1
Host: mc.yandex.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://xfantazy.com
Referer: https://xfantazy.com/
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-length: 419
date: Fri, 02 Dec 2022 07:31:15 GMT
x-content-type-options: nosniff
access-control-allow-origin: https://xfantazy.com
access-control-allow-credentials: true
pragma: no-cache
x-xss-protection: 1; mode=block
expires: Fri, 02-Dec-2022 07:31:15 GMT
last-modified: Fri, 02-Dec-2022 07:31:15 GMT
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
content-type: application/json; charset=utf-8
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
ocsp.sca1b.amazontrust.com/
143.204.42.88200 OK 471 B URL HTTP/1.1 ocsp.sca1b.amazontrust.com/
IP 143.204.42.88:0
Hash f60f02a95664f3be8fd0b4e614010c6a
bb83d56ac8ae98bff5e9954dffc7f2035b47f63f
eddc54420a811685bfd0c2c14dd13340c9380b529bf1bb8c0426baa0375a67f2
POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=113259
Date: Fri, 02 Dec 2022 07:31:15 GMT
Etag: "6388ac95-1d7"
Expires: Sat, 03 Dec 2022 14:58:54 GMT
Last-Modified: Thu, 01 Dec 2022 13:31:01 GMT
Server: ECS (nyb/1D14)
X-Cache: Miss from cloudfront
Via: 1.1 d4fd24ae65d4d2b97cfdea8d2f0c21a6.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: bUGWsHIR4wQwxPU84mdeMhgn-Y3pZGqcnEsfefx_Hjepi-RXhAJgug==
Age: 5273
simplewebanalysis.com/stats
18.185.190.54200 OK 40 B URL HTTP/2 simplewebanalysis.com/stats
IP 18.185.190.54:0
File type ASCII text, with no line terminators
Hash 79ce80609627c33afae2d9b58e7e464b
5f55a58f3142be10d04583cd345873c5d264a5cd
fb33bb4074cfac5803b4765b3ce381323e783d661b44254748928d4d440f9764
GET /stats HTTP/1.1
Host: simplewebanalysis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://xfantazy.com
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 02 Dec 2022 07:31:15 GMT
content-type: text/html; charset=UTF-8
content-length: 40
server: fasthttp
access-control-allow-origin: https://xfantazy.com
access-control-allow-credentials: true
set-cookie: uid_id2=987629f4-8860-49b4-91f6-ce458d4b99c3:3:1; expires=Mon, 29 Nov 2032 07:31:15 GMT; secure; SameSite=None
X-Firefox-Spdy: h2
simplewebanalysis.com/stats
18.185.190.54200 OK 1.2 kB URL HTTP/2 simplewebanalysis.com/stats
IP 18.185.190.54:0
Hash 99aff81ab39f3a95f484178f43d2ed7e
2f2fb4e24ec960dec4472ce2707a71d1740cf624
330c2b783cc3c1278e9c8795c3c4df9071f8f065be88050340cf0e5003ec8c6f
GET /stats HTTP/1.1
Host: simplewebanalysis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://xfantazy.com
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 02 Dec 2022 07:31:15 GMT
content-type: text/html; charset=UTF-8
content-length: 40
server: fasthttp
access-control-allow-origin: https://xfantazy.com
access-control-allow-credentials: true
set-cookie: uid_id2=0e261935-c89a-42b7-9386-175b95138375:3:1; expires=Mon, 29 Nov 2032 07:31:15 GMT; secure; SameSite=None
X-Firefox-Spdy: h2
e1.o.lencr.org/
23.36.76.226200 OK 345 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 22697cff4db5ea5a4c791ce4358a971f
fa4d1ffe6a7354f75e8607231f57a5728e87dfb3
61575c6d3a055a65d09622357da8cdf97d57b96ed8d1d4a7360bd8432931d638
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "61575C6D3A055A65D09622357DA8CDF97D57B96ED8D1D4A7360BD8432931D638"
Last-Modified: Thu, 01 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6001
Expires: Fri, 02 Dec 2022 09:11:16 GMT
Date: Fri, 02 Dec 2022 07:31:15 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash ea2c09ecc61cedd241d857445e454b36
8fba705f764118f5b74af9dd57c3c1add57aea89
716a1b1d51713b34de5a5a9840870249cea3a3c55a18c463f8b0f491e98497d7
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "716A1B1D51713B34DE5A5A9840870249CEA3A3C55A18C463F8B0F491E98497D7"
Last-Modified: Thu, 01 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=14597
Expires: Fri, 02 Dec 2022 11:34:32 GMT
Date: Fri, 02 Dec 2022 07:31:15 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash ecab83d593cc540b02689be5be7abc8a
81cda579b7b9b22332b85266b0126585f3d3f73f
d469c5adb69f261084b016f8e24edf8b69b62d9f930ca2d85cf35375e2303ecc
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "D469C5ADB69F261084B016F8E24EDF8B69B62D9F930CA2D85CF35375E2303ECC"
Last-Modified: Thu, 01 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5739
Expires: Fri, 02 Dec 2022 09:06:54 GMT
Date: Fri, 02 Dec 2022 07:31:15 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash ecab83d593cc540b02689be5be7abc8a
81cda579b7b9b22332b85266b0126585f3d3f73f
d469c5adb69f261084b016f8e24edf8b69b62d9f930ca2d85cf35375e2303ecc
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "D469C5ADB69F261084B016F8E24EDF8B69B62D9F930CA2D85CF35375E2303ECC"
Last-Modified: Thu, 01 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5739
Expires: Fri, 02 Dec 2022 09:06:54 GMT
Date: Fri, 02 Dec 2022 07:31:15 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash ecab83d593cc540b02689be5be7abc8a
81cda579b7b9b22332b85266b0126585f3d3f73f
d469c5adb69f261084b016f8e24edf8b69b62d9f930ca2d85cf35375e2303ecc
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "D469C5ADB69F261084B016F8E24EDF8B69B62D9F930CA2D85CF35375E2303ECC"
Last-Modified: Thu, 01 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5739
Expires: Fri, 02 Dec 2022 09:06:54 GMT
Date: Fri, 02 Dec 2022 07:31:15 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash ecab83d593cc540b02689be5be7abc8a
81cda579b7b9b22332b85266b0126585f3d3f73f
d469c5adb69f261084b016f8e24edf8b69b62d9f930ca2d85cf35375e2303ecc
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "D469C5ADB69F261084B016F8E24EDF8B69B62D9F930CA2D85CF35375E2303ECC"
Last-Modified: Thu, 01 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5739
Expires: Fri, 02 Dec 2022 09:06:54 GMT
Date: Fri, 02 Dec 2022 07:31:15 GMT
Connection: keep-alive
xfantazy.com/static/logo-tv-light.svg
172.64.162.22200 OK 5.4 kB URL HTTP/2 xfantazy.com/static/logo-tv-light.svg
IP 172.64.162.22:0
File type SVG Scalable Vector Graphics image\012- , ASCII text, with very long lines (1395)
Hash 997f4f762ecc18925cdeb91715e251ef
0bc548947837c85503ab87ea4091332ed2454e67
4f12df69e0c7c704deeb5d52b5bbd07efd8fa233b5d843711c8068b13b45f7c8
GET /static/logo-tv-light.svg HTTP/1.1
Host: xfantazy.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/video/5fa9094a0c205613746667b6
Cookie: visitorId=b42rsi6fzq7hn6h9fdrixc; experiment-popup-payment-7=0; experiment-save-to-button-2=0
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Fri, 02 Dec 2022 07:31:13 GMT
content-type: image/svg+xml
vary: Origin, Accept-Encoding
cache-control: public, max-age=14400
last-modified: Sun, 18 Sep 2022 10:07:53 GMT
etag: W/"101b-18350119774"
cf-cache-status: EXPIRED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=pmj3mDF70ad5oNPUyoX1ZvxNAGhcIBtOTZU3vNoJN2Unj96sdZgnMQkr7v63BK1ymXZfiqur6BN5RXgQcOvNgNmahKtOutI6XA%2BUkN2Shm4ANLNwlKphC%2FEw82pdR64%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 77325c99be5471c6-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
a.naturalhealthsource.club/zRdVuw7.js
135.181.208.216200 OK 47 kB URL HTTP/2 a.naturalhealthsource.club/zRdVuw7.js
IP 135.181.208.216:0
ASN #24940 Hetzner Online GmbH
Hash 1ee040d104aa0f8d8877bd6ea0f4bd1a
639dd97a368b597ac738b0f83954cdc6b8bc7a76
97f771090cd8996b7981b0c114522f284b449a09a69da8941dda49c456b9c3c3
GET /zRdVuw7.js HTTP/1.1
Host: a.naturalhealthsource.club
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Fri, 02 Dec 2022 07:31:14 GMT
content-type: application/javascript
last-modified: Sat, 22 Oct 2022 11:28:35 GMT
etag: W/"6353d3e3-1cfaf"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000, public
vary: Accept-Encoding, Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 a842e6ed7853f1a77f754cf5bae38910.cloudfront.net (CloudFront)
x-amz-cf-pop: ARN54-C1
alt-svc: h3=":443"; ma=86400
x-amz-cf-id: m8X9t3G03F-F16f1Mj59lvZy8dHsBlo3x7_1sxpZGdZ_HkEKZEgsLg==
age: 3186581
x-frame-options: DENY
x-content-type-options: nosniff
content-encoding: gzip
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb543a0f6-0efe-4518-9420-4eff88edf8e6.jpeg
34.120.237.76200 OK 4.8 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb543a0f6-0efe-4518-9420-4eff88edf8e6.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 60ccdde4ce64b4a3fe6fc2a059b3bde1
5ce119089f4a4cd139b523889b6cd84cd79191f4
2089225a6dc13845ab8e031416920d16952ae1461ca10d72c408ad001ed8f27b
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb543a0f6-0efe-4518-9420-4eff88edf8e6.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 4840
x-amzn-requestid: 6bc8fa91-5696-4bc6-b1e7-3c36b2c01801
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cfGxTFxyoAMFRzA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63891e6e-3e85b78905aaa73726eef85a;Sampled=0
x-amzn-remapped-date: Thu, 01 Dec 2022 21:36:46 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: UraCGe--VISONXzaUBpA7vuLuD5l7zihtQIph7LVn1QsS8MjLBbvKw==
via: 1.1 5a1753718d8b33365e5f693dd338c510.cloudfront.net (CloudFront), 1.1 61bc723adb3b1884ed759711e84e13a8.cloudfront.net (CloudFront), 1.1 google
date: Thu, 01 Dec 2022 21:48:51 GMT
age: 34944
etag: "5ce119089f4a4cd139b523889b6cd84cd79191f4"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F683f066f-699d-4765-8f4f-33c72e1672e2.jpeg
34.120.237.76200 OK 6.2 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F683f066f-699d-4765-8f4f-33c72e1672e2.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash b986f9fcbeca91ed5c8d58fbfaf47d19
6e6c8bd2bce144cc4da1cd7be375b046b60dca79
07a8938d2841f8c13bd646f4e79e41e46acd6463aa019cd70871b3741f12bb4f
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F683f066f-699d-4765-8f4f-33c72e1672e2.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 6174
x-amzn-requestid: f78f1e9d-8c0c-495d-a862-61838f8297e8
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cZ0iyH2WoAMFQdg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63870144-45442a8544259930564f685b;Sampled=0
x-amzn-remapped-date: Wed, 30 Nov 2022 07:07:48 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: QIOz71_Kr08pIIwOm2GUkWr421fO7-UyUI7LYld0JBaGnYQ0j3IDFg==
via: 1.1 eece508272520f70691e4eebdc5a6dea.cloudfront.net (CloudFront), 1.1 d6a002c70d55f415107618b0750d493c.cloudfront.net (CloudFront), 1.1 google
date: Fri, 02 Dec 2022 00:54:54 GMT
age: 23781
etag: "6e6c8bd2bce144cc4da1cd7be375b046b60dca79"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F864be807-d5f6-42e3-bd58-f7641a256b9a.jpeg
34.120.237.76200 OK 7.7 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F864be807-d5f6-42e3-bd58-f7641a256b9a.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 379a4a1b95d3aa3c5a4f8e7f9abb030f
d45dceb3dc58a07197aa5077582b5b1cd2ff791a
1b92dec5bf90beffbcd9060052b8788f08645dd4ba34219f7ddb2d40bbd2d151
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F864be807-d5f6-42e3-bd58-f7641a256b9a.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7732
x-amzn-requestid: 3781c2b7-082a-468a-a186-f7483494e749
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cfGeoEq3IAMFnKg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63891df7-679fe9f905e07abf4e6a812c;Sampled=0
x-amzn-remapped-date: Thu, 01 Dec 2022 21:34:47 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: V4Z3TZtTDMjnyxZx7VdJrKtZ-PbZkWnsQ0-1eFDem4TVyRGvk0dc7A==
via: 1.1 5ab5dc09da67e3ea794ec8a82992cc88.cloudfront.net (CloudFront), 1.1 e66162aafd55b64ba1478ff7105150fa.cloudfront.net (CloudFront), 1.1 google
date: Thu, 01 Dec 2022 21:47:56 GMT
age: 34999
etag: "d45dceb3dc58a07197aa5077582b5b1cd2ff791a"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb582f62c-d1ce-4054-b87e-36be40dadfa4.jpeg
34.120.237.76200 OK 9.5 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb582f62c-d1ce-4054-b87e-36be40dadfa4.jpeg
IP 34.120.237.76:0
Hash 7ba6cca286a7d11682f9856a127753c2
0c2c476d0575c4b5dcc8a44519341a46df033bc6
97246c97531023bdac5b4cd8b3646133598e545f8a32d9fbfd72a40c9278c1b8
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb582f62c-d1ce-4054-b87e-36be40dadfa4.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8863
x-amzn-requestid: 798d014b-0f9c-4787-a676-8f5e8fae3d11
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cdG14HBNIAMFdWg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638851bf-7549feac6d476a8512676412;Sampled=0
x-amzn-remapped-date: Thu, 01 Dec 2022 07:03:27 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: cgj3fw3lpngosMNOK7cZUZO94T__4RTy_p7wa6rI62OOvhI5E9wMSw==
via: 1.1 2afae0d44e2540f472c0635ab62c232a.cloudfront.net (CloudFront), 1.1 324a68a6c25ee50d774953f3e15a611c.cloudfront.net (CloudFront), 1.1 google
date: Thu, 01 Dec 2022 13:30:28 GMT
age: 64847
etag: "fc71ae3cae92ed6011904bb2367f23bf4e69fab4"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
mc.yandex.ru/metrika/advert.gif
93.158.134.119200 OK 43 B URL HTTP/2 mc.yandex.ru/metrika/advert.gif
IP 93.158.134.119:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash df3e567d6f16d040326c7a0ea29a4f41
ea7df583983133b62712b5e73bffbcd45cc53736
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
GET /metrika/advert.gif HTTP/1.1
Host: mc.yandex.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-length: 43
date: Fri, 02 Dec 2022 07:31:15 GMT
access-control-allow-origin: *
etag: "6388ac0c-2b"
expires: Fri, 02 Dec 2022 08:31:15 GMT
accept-ranges: bytes
last-modified: Thu, 01 Dec 2022 16:28:44 GMT
cache-control: max-age=3600
content-type: image/gif
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 49a9684674e0f1b3974c6427c5354fe4
c201e61bcda9cc91369f0c57f8236fcdd3db26c6
27b8d50242836a45aca1fcd0cb58e7f685011c1f93b57d0e3ea9a02400f8d801
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 02 Dec 2022 07:31:15 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j98&tid=UA-121614197-2&cid=1435464011.1669966273&jid=848927727&gjid=1841869881&_gid=58741001.1669966273&_u=YGBAiEABBAAAAEAAI~&z=850892380
108.177.14.156200 OK 1 B URL HTTP/2 stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j98&tid=UA-121614197-2&cid=1435464011.1669966273&jid=848927727&gjid=1841869881&_gid=58741001.1669966273&_u=YGBAiEABBAAAAEAAI~&z=850892380
IP 108.177.14.156:0
File type very short file (no magic)
Hash c4ca4238a0b923820dcc509a6f75849b
356a192b7913b04c54574d18c28d46e6395428ab
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
POST /j/collect?t=dc&aip=1&_r=3&v=1&_v=j98&tid=UA-121614197-2&cid=1435464011.1669966273&jid=848927727&gjid=1841869881&_gid=58741001.1669966273&_u=YGBAiEABBAAAAEAAI~&z=850892380 HTTP/1.1
Host: stats.g.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 0
Origin: https://xfantazy.com
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: https://xfantazy.com
strict-transport-security: max-age=10886400; includeSubDomains; preload
date: Fri, 02 Dec 2022 07:31:15 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
last-modified: Sun, 17 May 1998 03:00:00 GMT
access-control-allow-credentials: true
x-content-type-options: nosniff
content-type: text/plain
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 1
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 49a9684674e0f1b3974c6427c5354fe4
c201e61bcda9cc91369f0c57f8236fcdd3db26c6
27b8d50242836a45aca1fcd0cb58e7f685011c1f93b57d0e3ea9a02400f8d801
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 02 Dec 2022 07:31:15 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
tallysaturatesnare.com/4d/0a/fc/4d0afc2425eea6b0cd5a468c9f8a69ed.js
192.243.61.227200 OK 31 kB URL HTTP/1.1 tallysaturatesnare.com/4d/0a/fc/4d0afc2425eea6b0cd5a468c9f8a69ed.js
IP 192.243.61.227:0
ASN #39572 DataWeb Global Group B.V.
Hash 2cf65d96e4fe034c31984395bb4d33dd
c7297eeb942facc0ce4c71d369c6855f343d6308
dfb55b4f82d1d2dbc0a3a6eade03c5a48567e7602695f907e14e5dec6e636d45
Analyzer Verdict Alert fortinet Malware
quad9 Sinkholed
GET /4d/0a/fc/4d0afc2425eea6b0cd5a468c9f8a69ed.js HTTP/1.1
Host: tallysaturatesnare.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.22.0
Date: Fri, 02 Dec 2022 07:31:15 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 1f588d6d959ce36602b04076a468d20e
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
d3t87ooo0697p8.cloudfront.net/?oootd=971975
143.204.42.2200 OK 112 kB URL HTTP/2 d3t87ooo0697p8.cloudfront.net/?oootd=971975
IP 143.204.42.2:0
File type Unicode text, UTF-8 text, with very long lines (15952)
Size 112 kB (112494 bytes)
Hash 2df731d4198ae269df4ed5dc374be0b2
e51bf3956aab418cc1c5a69636e6a21331532b74
670eb346e905f0a46367519951578b79b603357cd5d5cc162f2a05b55172e6ff
GET /?oootd=971975 HTTP/1.1
Host: d3t87ooo0697p8.cloudfront.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-length: 112494
date: Fri, 02 Dec 2022 07:31:15 GMT
access-control-allow-origin: *
cache-control: no-store, no-cache, proxy-revalidate, must-revalidate, private, no-transform
content-encoding: gzip
pragma: no-cache
x-cache: Miss from cloudfront
via: 1.1 41dc61beb3fe8e8c2c299a2522d8330c.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: g21WVSfkbpub6hyeAdsEQMW9zvqQNlU5Y6GOWRLc-ejgC24Hp2FalQ==
X-Firefox-Spdy: h2
simplewebanalysis.com/stats
18.185.190.54200 OK 40 B URL HTTP/2 simplewebanalysis.com/stats
IP 18.185.190.54:0
File type ASCII text, with no line terminators
Hash 611bf9435ff27c51d4cd2c8307807510
699d02215194a0037f143fd539eb5d7e26906569
ee6b2484a190949db66092dcc26c345f778ac6e97b8c6f202c4cfde8dc1a6cd2
GET /stats HTTP/1.1
Host: simplewebanalysis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://xfantazy.com
Connection: keep-alive
Referer: https://xfantazy.com/
Cookie: uid_id2=0e261935-c89a-42b7-9386-175b95138375:3:1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Fri, 02 Dec 2022 07:31:15 GMT
content-type: text/html; charset=UTF-8
content-length: 40
server: fasthttp
access-control-allow-origin: https://xfantazy.com
access-control-allow-credentials: true
X-Firefox-Spdy: h2
ocsp.pki.goog/s/gts1p5/dCF-Qj_WHqY
142.250.74.131200 OK 472 B URL HTTP/1.1 ocsp.pki.goog/s/gts1p5/dCF-Qj_WHqY
IP 142.250.74.131:0
Hash 1883a5abb177dd5c8c8928d1280a19c3
082dac7d452a638aa649ceb39f89ab9d6ca478d0
1d4206b362c04826df0b60877e5ad9c6cf67e82316b079f6a855af635b12eb0f
POST /s/gts1p5/dCF-Qj_WHqY HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 02 Dec 2022 07:31:15 GMT
Cache-Control: public, max-age=14400
Server: scaffolding on HTTPServer2
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/s/gts1p5/dCF-Qj_WHqY
142.250.74.131200 OK 472 B URL HTTP/1.1 ocsp.pki.goog/s/gts1p5/dCF-Qj_WHqY
IP 142.250.74.131:0
Hash 1883a5abb177dd5c8c8928d1280a19c3
082dac7d452a638aa649ceb39f89ab9d6ca478d0
1d4206b362c04826df0b60877e5ad9c6cf67e82316b079f6a855af635b12eb0f
POST /s/gts1p5/dCF-Qj_WHqY HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 02 Dec 2022 07:31:15 GMT
Cache-Control: public, max-age=14400
Server: scaffolding on HTTPServer2
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
gedspecificano.com/dGsxYjkVCVIPBhVWU0RMBgcMRwsyTgMkXUcfCVVWGwQBVABDGwlMWhgERAZfBgRfFhcaDkVHCzIhVDRvRToDL1g7A0IOYTVbCSdhQQplD2s5D3c4XyQcaBF9JQdeI1A9PGIwVjEkYg1bMCleG38lUwY3QxcxeTVRMjFgWmA7E3tHCzY5YxUOMgUEMWEOOmMrb0ElUhV8Di9zKFY1KAEqcTAmUi5oLQ9SFXgdM1kzDzASXjJ/IDlgAWoiJlRSbxk+ZA4ANQJeLHEgBHIvfC4nazBKRzlaFlUmI38saiwpdiNsLidrM3AFL2RbUSEjcAphMw93LQgiJVInFC0pYwlNGClLNH4nA2MnWkUxaThvDAZkN1INLnIjcDIFcyp7Ii17OHwiEWQJVR8+eSRtPBFGKnMTPmYubzYTezdRGDp2U20sEnMrWhNNWxFWGhsMFVgBW34TQz0JaA1IAh1f
143.204.55.16200 OK 1.2 kB URL HTTP/2 gedspecificano.com/dGsxYjkVCVIPBhVWU0RMBgcMRwsyTgMkXUcfCVVWGwQBVABDGwlMWhgERAZfBgRfFhcaDkVHCzIhVDRvRToDL1g7A0IOYTVbCSdhQQplD2s5D3c4XyQcaBF9JQdeI1A9PGIwVjEkYg1bMCleG38lUwY3QxcxeTVRMjFgWmA7E3tHCzY5YxUOMgUEMWEOOmMrb0ElUhV8Di9zKFY1KAEqcTAmUi5oLQ9SFXgdM1kzDzASXjJ/IDlgAWoiJlRSbxk+ZA4ANQJeLHEgBHIvfC4nazBKRzlaFlUmI38saiwpdiNsLidrM3AFL2RbUSEjcAphMw93LQgiJVInFC0pYwlNGClLNH4nA2MnWkUxaThvDAZkN1INLnIjcDIFcyp7Ii17OHwiEWQJVR8+eSRtPBFGKnMTPmYubzYTezdRGDp2U20sEnMrWhNNWxFWGhsMFVgBW34TQz0JaA1IAh1f
IP 143.204.55.16:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (3048), with no line terminators
Hash c74b74bd0e8033b224d55f8266e80337
f069204f8b899e4a2b0761580dd591c01766bb96
0c98157a6a56acac2a8cd7f2245f22f2e78561e187efb0b0e3a3d4e5763ea6ab
GET /dGsxYjkVCVIPBhVWU0RMBgcMRwsyTgMkXUcfCVVWGwQBVABDGwlMWhgERAZfBgRfFhcaDkVHCzIhVDRvRToDL1g7A0IOYTVbCSdhQQplD2s5D3c4XyQcaBF9JQdeI1A9PGIwVjEkYg1bMCleG38lUwY3QxcxeTVRMjFgWmA7E3tHCzY5YxUOMgUEMWEOOmMrb0ElUhV8Di9zKFY1KAEqcTAmUi5oLQ9SFXgdM1kzDzASXjJ/IDlgAWoiJlRSbxk+ZA4ANQJeLHEgBHIvfC4nazBKRzlaFlUmI38saiwpdiNsLidrM3AFL2RbUSEjcAphMw93LQgiJVInFC0pYwlNGClLNH4nA2MnWkUxaThvDAZkN1INLnIjcDIFcyp7Ii17OHwiEWQJVR8+eSRtPBFGKnMTPmYubzYTezdRGDp2U20sEnMrWhNNWxFWGhsMFVgBW34TQz0JaA1IAh1f HTTP/1.1
Host: gedspecificano.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/html
content-length: 1198
date: Fri, 02 Dec 2022 07:31:15 GMT
server: openresty/1.17.8.2
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
content-encoding: gzip
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
x-cache: Miss from cloudfront
via: 1.1 410f51195842d9b592b15d6588c36654.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: fO84dOeZLXZFzxYamfjIIrIUP5qxe-6qiSLGajrs6QHL1N31YzvcLA==
X-Firefox-Spdy: h2
ocsp.pki.goog/s/gts1p5/dCF-Qj_WHqY
142.250.74.131200 OK 472 B URL HTTP/1.1 ocsp.pki.goog/s/gts1p5/dCF-Qj_WHqY
IP 142.250.74.131:0
Hash 1883a5abb177dd5c8c8928d1280a19c3
082dac7d452a638aa649ceb39f89ab9d6ca478d0
1d4206b362c04826df0b60877e5ad9c6cf67e82316b079f6a855af635b12eb0f
POST /s/gts1p5/dCF-Qj_WHqY HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 02 Dec 2022 07:31:15 GMT
Cache-Control: public, max-age=14400
Server: scaffolding on HTTPServer2
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
gedspecificano.com/TWRsN1UsBg9aaixZDhEgPwhREmcLQV5xMX4QVAA6IgtcAWx6FFQZNiELGVMzPwsCQ3sjARgSZws0InMxJAYqRw0aJRt8DxgmCXU5Cw4tUAMePDtQBhU2KXMbCDUndRQMVzZwFHk8FEMCGQMhfRAmADlhZSIROFsbKzwkTwwbAxt7DzUuP3MUdAouZRAJJyhQHwxUPW0aOggNcwcUHjtxJgk3O18sDA8UVDM6PSRkPT4eO1sYAyMVXAcPMiV0GSUhKmI5fBUrUDEFPBRQBw8yJVUYfAsuYT4hFAhfHxw8L34WDFQIURIPISpiPXkXKWYEJzw7WBcKMkF9EysTNX8XHA9Zb2QlLDRfIgomXXk2LAM5fwB9CAN1EwgoJF1sHjMuRx8sLCVwACEIXHUXCDw5YCZrDh9YOz1ZCls4HTM2BBQvHQ1SHT4HWQ
143.204.55.16200 OK 1.2 kB URL HTTP/2 gedspecificano.com/TWRsN1UsBg9aaixZDhEgPwhREmcLQV5xMX4QVAA6IgtcAWx6FFQZNiELGVMzPwsCQ3sjARgSZws0InMxJAYqRw0aJRt8DxgmCXU5Cw4tUAMePDtQBhU2KXMbCDUndRQMVzZwFHk8FEMCGQMhfRAmADlhZSIROFsbKzwkTwwbAxt7DzUuP3MUdAouZRAJJyhQHwxUPW0aOggNcwcUHjtxJgk3O18sDA8UVDM6PSRkPT4eO1sYAyMVXAcPMiV0GSUhKmI5fBUrUDEFPBRQBw8yJVUYfAsuYT4hFAhfHxw8L34WDFQIURIPISpiPXkXKWYEJzw7WBcKMkF9EysTNX8XHA9Zb2QlLDRfIgomXXk2LAM5fwB9CAN1EwgoJF1sHjMuRx8sLCVwACEIXHUXCDw5YCZrDh9YOz1ZCls4HTM2BBQvHQ1SHT4HWQ
IP 143.204.55.16:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (3030), with no line terminators
Hash 779a55a11d1b576961c8c7733ec8d3f7
dc8d51fe8426d937f060cceca4e8df559e1bb6c6
1e4cbbeb94b583c38bd998968a05d68d82db30b910571054f4d6f6d82ca03770
GET /TWRsN1UsBg9aaixZDhEgPwhREmcLQV5xMX4QVAA6IgtcAWx6FFQZNiELGVMzPwsCQ3sjARgSZws0InMxJAYqRw0aJRt8DxgmCXU5Cw4tUAMePDtQBhU2KXMbCDUndRQMVzZwFHk8FEMCGQMhfRAmADlhZSIROFsbKzwkTwwbAxt7DzUuP3MUdAouZRAJJyhQHwxUPW0aOggNcwcUHjtxJgk3O18sDA8UVDM6PSRkPT4eO1sYAyMVXAcPMiV0GSUhKmI5fBUrUDEFPBRQBw8yJVUYfAsuYT4hFAhfHxw8L34WDFQIURIPISpiPXkXKWYEJzw7WBcKMkF9EysTNX8XHA9Zb2QlLDRfIgomXXk2LAM5fwB9CAN1EwgoJF1sHjMuRx8sLCVwACEIXHUXCDw5YCZrDh9YOz1ZCls4HTM2BBQvHQ1SHT4HWQ HTTP/1.1
Host: gedspecificano.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: text/html
content-length: 1180
date: Fri, 02 Dec 2022 07:31:15 GMT
server: openresty/1.17.8.2
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
content-encoding: gzip
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
x-cache: Miss from cloudfront
via: 1.1 410f51195842d9b592b15d6588c36654.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: oQoJdCnK0P200_mHqDfoTuoYS35zv_YbrsC5Fqm15xl8lyeTFbgXcg==
X-Firefox-Spdy: h2
ocsp.pki.goog/s/gts1p5/dCF-Qj_WHqY
142.250.74.131200 OK 472 B URL HTTP/1.1 ocsp.pki.goog/s/gts1p5/dCF-Qj_WHqY
IP 142.250.74.131:0
Hash 1883a5abb177dd5c8c8928d1280a19c3
082dac7d452a638aa649ceb39f89ab9d6ca478d0
1d4206b362c04826df0b60877e5ad9c6cf67e82316b079f6a855af635b12eb0f
POST /s/gts1p5/dCF-Qj_WHqY HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 02 Dec 2022 07:31:15 GMT
Cache-Control: public, max-age=14400
Server: scaffolding on HTTPServer2
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
tallysaturatesnare.com/sbar.json?key=a2f990f10476061c719d1c1aa3a2ecd2
192.243.61.227200 OK 4.3 kB URL HTTP/1.1 tallysaturatesnare.com/sbar.json?key=a2f990f10476061c719d1c1aa3a2ecd2
IP 192.243.61.227:0
ASN #39572 DataWeb Global Group B.V.
File type JSON data\012- , Unicode text, UTF-8 text, with very long lines (5920), with no line terminators
Hash a0bcac77477b13db2cdffe0fba22598e
2fc352baa2f96e3e55c3ebcfb55a3f056373462d
3b5ec259aef075ebc5319593716e324a1bc73c725ed32cb239d2f261c1b75901
Analyzer Verdict Alert quad9 Sinkholed
GET /sbar.json?key=a2f990f10476061c719d1c1aa3a2ecd2 HTTP/1.1
Host: tallysaturatesnare.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://xfantazy.com
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.22.0
Date: Fri, 02 Dec 2022 07:31:15 GMT
Content-Type: text/plain; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: https://xfantazy.com
Access-Control-Allow-Origin: https://xfantazy.com
Access-Control-Allow-Credentials: true
Set-Cookie: u_pl=15600826; expires=Sat, 03 Dec 2022 07:31:15 GMT; secure; SameSite=None
pdhtkv=true; expires=Sat, 03 Dec 2022 07:31:15 GMT; secure; SameSite=None
uncs=1; expires=Sat, 03 Dec 2022 07:31:15 GMT; secure; SameSite=None
pdhtkv29=true; expires=Sat, 03 Dec 2022 07:31:15 GMT; secure; SameSite=None
uncs29=1; expires=Sat, 03 Dec 2022 07:31:15 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 2d0617114f3aa7e75df7dd18e3eb4590
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
gedspecificano.com/VEFSaGI1IzEFXTV8ME4XJi1vTVASZGAuBmc1al8NOy5iXltjMWpGATguJwwEJi48HEw6JCZNUBIlMSAsJQ4WAzYcAAANIDMQMywFAQAAAyQ1AgNZNRMTPjA0IwMdJCQsEBo9OxIABAwqHgVnHTotEwQgCR4lBj0sGRcUDwcSBzENOhZ1Az4VPycXOgEdAwNZNRY5IjA3P3EYLQ5hGBEAUhYVYhskAhNrMiAWcTEtJBIXGiooBAI8USQMFz0MIWQDMCA0EhkUKhUwEioQIQU2ACUqEQsWPxUzGQMuOA4kOhAhBTljOjRkGxo8FSB2BD0kNRATUScCLX8EVBwEGCwlEXUxORgeIxEpGjEQYiUGF3ETPSZlNQEgUw4YNA8WFRA+BysXBBArNiMuGC4KOxgKPloyAmJQKTJxFCw6LBgYPgUOGRE5RD4yPQYSaQc2AQ9hLmsGVQMVBA42
143.204.55.16200 OK 1.2 kB URL HTTP/2 gedspecificano.com/VEFSaGI1IzEFXTV8ME4XJi1vTVASZGAuBmc1al8NOy5iXltjMWpGATguJwwEJi48HEw6JCZNUBIlMSAsJQ4WAzYcAAANIDMQMywFAQAAAyQ1AgNZNRMTPjA0IwMdJCQsEBo9OxIABAwqHgVnHTotEwQgCR4lBj0sGRcUDwcSBzENOhZ1Az4VPycXOgEdAwNZNRY5IjA3P3EYLQ5hGBEAUhYVYhskAhNrMiAWcTEtJBIXGiooBAI8USQMFz0MIWQDMCA0EhkUKhUwEioQIQU2ACUqEQsWPxUzGQMuOA4kOhAhBTljOjRkGxo8FSB2BD0kNRATUScCLX8EVBwEGCwlEXUxORgeIxEpGjEQYiUGF3ETPSZlNQEgUw4YNA8WFRA+BysXBBArNiMuGC4KOxgKPloyAmJQKTJxFCw6LBgYPgUOGRE5RD4yPQYSaQc2AQ9hLmsGVQMVBA42
IP 143.204.55.16:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (3047), with no line terminators
Hash 3e1b4ea0759677f45f74fe8bc1f32481
5b3d19a9913d72fc1c918dae54e22862601f1cb7
a7b3383b0f0a50d2d7fb8d2bccf57fe22a4813f6940617bd367a42835c232d30
GET /VEFSaGI1IzEFXTV8ME4XJi1vTVASZGAuBmc1al8NOy5iXltjMWpGATguJwwEJi48HEw6JCZNUBIlMSAsJQ4WAzYcAAANIDMQMywFAQAAAyQ1AgNZNRMTPjA0IwMdJCQsEBo9OxIABAwqHgVnHTotEwQgCR4lBj0sGRcUDwcSBzENOhZ1Az4VPycXOgEdAwNZNRY5IjA3P3EYLQ5hGBEAUhYVYhskAhNrMiAWcTEtJBIXGiooBAI8USQMFz0MIWQDMCA0EhkUKhUwEioQIQU2ACUqEQsWPxUzGQMuOA4kOhAhBTljOjRkGxo8FSB2BD0kNRATUScCLX8EVBwEGCwlEXUxORgeIxEpGjEQYiUGF3ETPSZlNQEgUw4YNA8WFRA+BysXBBArNiMuGC4KOxgKPloyAmJQKTJxFCw6LBgYPgUOGRE5RD4yPQYSaQc2AQ9hLmsGVQMVBA42 HTTP/1.1
Host: gedspecificano.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: text/html
content-length: 1193
date: Fri, 02 Dec 2022 07:31:15 GMT
server: openresty/1.17.8.2
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
content-encoding: gzip
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
x-cache: Miss from cloudfront
via: 1.1 410f51195842d9b592b15d6588c36654.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: XxkX32RtMxANoZq50G9Xg33_NaTuvm3kJHb5ALAmkLlKTkKZeLundQ==
X-Firefox-Spdy: h2
mc.yandex.ru/watch/49415098/1?page-url=https%3A%2F%2Fxfantazy.com%2Fvideo%2F5fa9094a0c205613746667b6&charset=utf-8&hittoken=1669966275_3df8f2435556764cb0d93b21397778d7a8c33b4d4121671a457a2b70fccf4a64&browser-info=pa%3A1%3Aar%3A1%3Avf%3A2b7w95bdqfdb0kzrg7tcl8%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A933%3Acn%3A1%3Adp%3A0%3Als%3A759258217807%3Ahid%3A719502973%3Az%3A0%3Ai%3A20221202073114%3Aet%3A1669966274%3Ac%3A1%3Arn%3A715155104%3Arqn%3A2%3Au%3A1669966273884293464%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Aco%3A0%3Ans%3A1669966270844%3Aadb%3A2%3Arqnl%3A1%3Ast%3A1669966274&t=gdpr(14)mc(p-7-h-1)clc(0-0-0)rqnt(2)aw(1)ti(2)
93.158.134.119200 OK 43 B URL HTTP/2 mc.yandex.ru/watch/49415098/1?page-url=https%3A%2F%2Fxfantazy.com%2Fvideo%2F5fa9094a0c205613746667b6&charset=utf-8&hittoken=1669966275_3df8f2435556764cb0d93b21397778d7a8c33b4d4121671a457a2b70fccf4a64&browser-info=pa%3A1%3Aar%3A1%3Avf%3A2b7w95bdqfdb0kzrg7tcl8%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A933%3Acn%3A1%3Adp%3A0%3Als%3A759258217807%3Ahid%3A719502973%3Az%3A0%3Ai%3A20221202073114%3Aet%3A1669966274%3Ac%3A1%3Arn%3A715155104%3Arqn%3A2%3Au%3A1669966273884293464%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Aco%3A0%3Ans%3A1669966270844%3Aadb%3A2%3Arqnl%3A1%3Ast%3A1669966274&t=gdpr(14)mc(p-7-h-1)clc(0-0-0)rqnt(2)aw(1)ti(2)
IP 93.158.134.119:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash df3e567d6f16d040326c7a0ea29a4f41
ea7df583983133b62712b5e73bffbcd45cc53736
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
POST /watch/49415098/1?page-url=https%3A%2F%2Fxfantazy.com%2Fvideo%2F5fa9094a0c205613746667b6&charset=utf-8&hittoken=1669966275_3df8f2435556764cb0d93b21397778d7a8c33b4d4121671a457a2b70fccf4a64&browser-info=pa%3A1%3Aar%3A1%3Avf%3A2b7w95bdqfdb0kzrg7tcl8%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A933%3Acn%3A1%3Adp%3A0%3Als%3A759258217807%3Ahid%3A719502973%3Az%3A0%3Ai%3A20221202073114%3Aet%3A1669966274%3Ac%3A1%3Arn%3A715155104%3Arqn%3A2%3Au%3A1669966273884293464%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Aco%3A0%3Ans%3A1669966270844%3Aadb%3A2%3Arqnl%3A1%3Ast%3A1669966274&t=gdpr(14)mc(p-7-h-1)clc(0-0-0)rqnt(2)aw(1)ti(2) HTTP/1.1
Host: mc.yandex.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Content-Length: 45
Origin: https://xfantazy.com
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-length: 43
date: Fri, 02 Dec 2022 07:31:15 GMT
access-control-allow-origin: https://xfantazy.com
access-control-allow-credentials: true
pragma: no-cache
x-xss-protection: 1; mode=block
expires: Fri, 02-Dec-2022 07:31:15 GMT
last-modified: Fri, 02-Dec-2022 07:31:15 GMT
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
content-type: image/gif
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
ummerciseha.com/UG5KTEx/USk/cTQFECIpO1cPL30CJC4neXVcDBknPEt4Ch0+NB0dfyNIPiUobVd8fnxhWmw8JTRTe2o/JA8+OT9tX2wlIjYBd2o6bV9kf3h+XXtifXYbd31qJB4rK3FhSDo4ODxTe3p6aVd8en5nWnp8fA
104.21.71.102204 No Content 0 B URL HTTP/2 ummerciseha.com/UG5KTEx/USk/cTQFECIpO1cPL30CJC4neXVcDBknPEt4Ch0+NB0dfyNIPiUobVd8fnxhWmw8JTRTe2o/JA8+OT9tX2wlIjYBd2o6bV9kf3h+XXtifXYbd31qJB4rK3FhSDo4ODxTe3p6aVd8en5nWnp8fA
IP 104.21.71.102:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /UG5KTEx/USk/cTQFECIpO1cPL30CJC4neXVcDBknPEt4Ch0+NB0dfyNIPiUobVd8fnxhWmw8JTRTe2o/JA8+OT9tX2wlIjYBd2o6bV9kf3h+XXtifXYbd31qJB4rK3FhSDo4ODxTe3p6aVd8en5nWnp8fA HTTP/1.1
Host: ummerciseha.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 204 No Content
date: Fri, 02 Dec 2022 07:31:15 GMT
access-control-allow-origin: *
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=koFt8OVbuivT1DrTHBzJEDd1ebY58p%2Fbi7H1BYPgoqAN4vUDHP9dDz5iMIF3ghBxPIsor5nLt3CIKXB9Kc9y%2BMdd4xUsfX3XIrj%2FRddoPZbpyj4b4E0nXnj%2FUPIXHxKRyLs%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 77325ca77ecab4f1-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
mc.yandex.ru/watch/49415098/1?page-url=https%3A%2F%2Fxfantazy.com%2Fvideo%2F5fa9094a0c205613746667b6&charset=utf-8&hittoken=1669966275_3df8f2435556764cb0d93b21397778d7a8c33b4d4121671a457a2b70fccf4a64&browser-info=pa%3A1%3Aar%3A1%3Avf%3A2b7w95bdqfdb0kzrg7tcl8%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A933%3Acn%3A1%3Adp%3A0%3Als%3A759258217807%3Ahid%3A719502973%3Az%3A0%3Ai%3A20221202073114%3Aet%3A1669966274%3Ac%3A1%3Arn%3A22797946%3Arqn%3A4%3Au%3A1669966273884293464%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Aco%3A0%3Ans%3A1669966270844%3Aadb%3A2%3Arqnl%3A1%3Ast%3A1669966274&t=gdpr(14)mc(p-7-h-1)clc(0-0-0)rqnt(4)aw(1)ti(2)
93.158.134.119200 OK 43 B URL HTTP/2 mc.yandex.ru/watch/49415098/1?page-url=https%3A%2F%2Fxfantazy.com%2Fvideo%2F5fa9094a0c205613746667b6&charset=utf-8&hittoken=1669966275_3df8f2435556764cb0d93b21397778d7a8c33b4d4121671a457a2b70fccf4a64&browser-info=pa%3A1%3Aar%3A1%3Avf%3A2b7w95bdqfdb0kzrg7tcl8%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A933%3Acn%3A1%3Adp%3A0%3Als%3A759258217807%3Ahid%3A719502973%3Az%3A0%3Ai%3A20221202073114%3Aet%3A1669966274%3Ac%3A1%3Arn%3A22797946%3Arqn%3A4%3Au%3A1669966273884293464%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Aco%3A0%3Ans%3A1669966270844%3Aadb%3A2%3Arqnl%3A1%3Ast%3A1669966274&t=gdpr(14)mc(p-7-h-1)clc(0-0-0)rqnt(4)aw(1)ti(2)
IP 93.158.134.119:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash df3e567d6f16d040326c7a0ea29a4f41
ea7df583983133b62712b5e73bffbcd45cc53736
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
POST /watch/49415098/1?page-url=https%3A%2F%2Fxfantazy.com%2Fvideo%2F5fa9094a0c205613746667b6&charset=utf-8&hittoken=1669966275_3df8f2435556764cb0d93b21397778d7a8c33b4d4121671a457a2b70fccf4a64&browser-info=pa%3A1%3Aar%3A1%3Avf%3A2b7w95bdqfdb0kzrg7tcl8%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A933%3Acn%3A1%3Adp%3A0%3Als%3A759258217807%3Ahid%3A719502973%3Az%3A0%3Ai%3A20221202073114%3Aet%3A1669966274%3Ac%3A1%3Arn%3A22797946%3Arqn%3A4%3Au%3A1669966273884293464%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Aco%3A0%3Ans%3A1669966270844%3Aadb%3A2%3Arqnl%3A1%3Ast%3A1669966274&t=gdpr(14)mc(p-7-h-1)clc(0-0-0)rqnt(4)aw(1)ti(2) HTTP/1.1
Host: mc.yandex.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Content-Length: 122
Origin: https://xfantazy.com
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-length: 43
date: Fri, 02 Dec 2022 07:31:15 GMT
access-control-allow-origin: https://xfantazy.com
access-control-allow-credentials: true
pragma: no-cache
x-xss-protection: 1; mode=block
expires: Fri, 02-Dec-2022 07:31:15 GMT
last-modified: Fri, 02-Dec-2022 07:31:15 GMT
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
content-type: image/gif
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
mc.yandex.ru/watch/49415098/1?page-url=https%3A%2F%2Fxfantazy.com%2Fvideo%2F5fa9094a0c205613746667b6&charset=utf-8&hittoken=1669966275_3df8f2435556764cb0d93b21397778d7a8c33b4d4121671a457a2b70fccf4a64&browser-info=pa%3A1%3Aar%3A1%3Avf%3A2b7w95bdqfdb0kzrg7tcl8%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A933%3Acn%3A1%3Adp%3A0%3Als%3A759258217807%3Ahid%3A719502973%3Az%3A0%3Ai%3A20221202073114%3Aet%3A1669966274%3Ac%3A1%3Arn%3A304914260%3Arqn%3A5%3Au%3A1669966273884293464%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Aco%3A0%3Ans%3A1669966270844%3Aadb%3A2%3Arqnl%3A1%3Ast%3A1669966274&t=gdpr(14)mc(p-7-h-1)clc(0-0-0)rqnt(5)aw(1)ti(2)
93.158.134.119200 OK 43 B URL HTTP/2 mc.yandex.ru/watch/49415098/1?page-url=https%3A%2F%2Fxfantazy.com%2Fvideo%2F5fa9094a0c205613746667b6&charset=utf-8&hittoken=1669966275_3df8f2435556764cb0d93b21397778d7a8c33b4d4121671a457a2b70fccf4a64&browser-info=pa%3A1%3Aar%3A1%3Avf%3A2b7w95bdqfdb0kzrg7tcl8%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A933%3Acn%3A1%3Adp%3A0%3Als%3A759258217807%3Ahid%3A719502973%3Az%3A0%3Ai%3A20221202073114%3Aet%3A1669966274%3Ac%3A1%3Arn%3A304914260%3Arqn%3A5%3Au%3A1669966273884293464%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Aco%3A0%3Ans%3A1669966270844%3Aadb%3A2%3Arqnl%3A1%3Ast%3A1669966274&t=gdpr(14)mc(p-7-h-1)clc(0-0-0)rqnt(5)aw(1)ti(2)
IP 93.158.134.119:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash df3e567d6f16d040326c7a0ea29a4f41
ea7df583983133b62712b5e73bffbcd45cc53736
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
POST /watch/49415098/1?page-url=https%3A%2F%2Fxfantazy.com%2Fvideo%2F5fa9094a0c205613746667b6&charset=utf-8&hittoken=1669966275_3df8f2435556764cb0d93b21397778d7a8c33b4d4121671a457a2b70fccf4a64&browser-info=pa%3A1%3Aar%3A1%3Avf%3A2b7w95bdqfdb0kzrg7tcl8%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A933%3Acn%3A1%3Adp%3A0%3Als%3A759258217807%3Ahid%3A719502973%3Az%3A0%3Ai%3A20221202073114%3Aet%3A1669966274%3Ac%3A1%3Arn%3A304914260%3Arqn%3A5%3Au%3A1669966273884293464%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Aco%3A0%3Ans%3A1669966270844%3Aadb%3A2%3Arqnl%3A1%3Ast%3A1669966274&t=gdpr(14)mc(p-7-h-1)clc(0-0-0)rqnt(5)aw(1)ti(2) HTTP/1.1
Host: mc.yandex.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Content-Length: 98
Origin: https://xfantazy.com
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-length: 43
date: Fri, 02 Dec 2022 07:31:15 GMT
access-control-allow-origin: https://xfantazy.com
access-control-allow-credentials: true
pragma: no-cache
x-xss-protection: 1; mode=block
expires: Fri, 02-Dec-2022 07:31:15 GMT
last-modified: Fri, 02-Dec-2022 07:31:15 GMT
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
content-type: image/gif
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
mc.yandex.ru/watch/49415098/1?page-url=https%3A%2F%2Fxfantazy.com%2Fvideo%2F5fa9094a0c205613746667b6&charset=utf-8&hittoken=1669966275_3df8f2435556764cb0d93b21397778d7a8c33b4d4121671a457a2b70fccf4a64&browser-info=pa%3A1%3Aar%3A1%3Avf%3A2b7w95bdqfdb0kzrg7tcl8%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A933%3Acn%3A1%3Adp%3A0%3Als%3A759258217807%3Ahid%3A719502973%3Az%3A0%3Ai%3A20221202073114%3Aet%3A1669966274%3Ac%3A1%3Arn%3A949507332%3Arqn%3A6%3Au%3A1669966273884293464%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Aco%3A0%3Ans%3A1669966270844%3Aadb%3A2%3Arqnl%3A1%3Ast%3A1669966274&t=gdpr(14)mc(p-7-h-1)clc(0-0-0)rqnt(6)aw(1)ti(2)
93.158.134.119200 OK 43 B URL HTTP/2 mc.yandex.ru/watch/49415098/1?page-url=https%3A%2F%2Fxfantazy.com%2Fvideo%2F5fa9094a0c205613746667b6&charset=utf-8&hittoken=1669966275_3df8f2435556764cb0d93b21397778d7a8c33b4d4121671a457a2b70fccf4a64&browser-info=pa%3A1%3Aar%3A1%3Avf%3A2b7w95bdqfdb0kzrg7tcl8%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A933%3Acn%3A1%3Adp%3A0%3Als%3A759258217807%3Ahid%3A719502973%3Az%3A0%3Ai%3A20221202073114%3Aet%3A1669966274%3Ac%3A1%3Arn%3A949507332%3Arqn%3A6%3Au%3A1669966273884293464%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Aco%3A0%3Ans%3A1669966270844%3Aadb%3A2%3Arqnl%3A1%3Ast%3A1669966274&t=gdpr(14)mc(p-7-h-1)clc(0-0-0)rqnt(6)aw(1)ti(2)
IP 93.158.134.119:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash df3e567d6f16d040326c7a0ea29a4f41
ea7df583983133b62712b5e73bffbcd45cc53736
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
POST /watch/49415098/1?page-url=https%3A%2F%2Fxfantazy.com%2Fvideo%2F5fa9094a0c205613746667b6&charset=utf-8&hittoken=1669966275_3df8f2435556764cb0d93b21397778d7a8c33b4d4121671a457a2b70fccf4a64&browser-info=pa%3A1%3Aar%3A1%3Avf%3A2b7w95bdqfdb0kzrg7tcl8%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A933%3Acn%3A1%3Adp%3A0%3Als%3A759258217807%3Ahid%3A719502973%3Az%3A0%3Ai%3A20221202073114%3Aet%3A1669966274%3Ac%3A1%3Arn%3A949507332%3Arqn%3A6%3Au%3A1669966273884293464%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Aco%3A0%3Ans%3A1669966270844%3Aadb%3A2%3Arqnl%3A1%3Ast%3A1669966274&t=gdpr(14)mc(p-7-h-1)clc(0-0-0)rqnt(6)aw(1)ti(2) HTTP/1.1
Host: mc.yandex.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Content-Length: 99
Origin: https://xfantazy.com
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-length: 43
date: Fri, 02 Dec 2022 07:31:15 GMT
access-control-allow-origin: https://xfantazy.com
access-control-allow-credentials: true
pragma: no-cache
x-xss-protection: 1; mode=block
expires: Fri, 02-Dec-2022 07:31:15 GMT
last-modified: Fri, 02-Dec-2022 07:31:15 GMT
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
content-type: image/gif
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
mc.yandex.ru/watch/49415098/1?page-url=https%3A%2F%2Fxfantazy.com%2Fvideo%2F5fa9094a0c205613746667b6&charset=utf-8&hittoken=1669966275_3df8f2435556764cb0d93b21397778d7a8c33b4d4121671a457a2b70fccf4a64&browser-info=pa%3A1%3Aar%3A1%3Avf%3A2b7w95bdqfdb0kzrg7tcl8%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A933%3Acn%3A1%3Adp%3A0%3Als%3A759258217807%3Ahid%3A719502973%3Az%3A0%3Ai%3A20221202073114%3Aet%3A1669966274%3Ac%3A1%3Arn%3A978761372%3Arqn%3A3%3Au%3A1669966273884293464%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Aco%3A0%3Ans%3A1669966270844%3Aadb%3A2%3Arqnl%3A1%3Ast%3A1669966274&t=gdpr(14)mc(p-7-h-1)clc(0-0-0)rqnt(3)aw(1)ti(2)
93.158.134.119200 OK 43 B URL HTTP/2 mc.yandex.ru/watch/49415098/1?page-url=https%3A%2F%2Fxfantazy.com%2Fvideo%2F5fa9094a0c205613746667b6&charset=utf-8&hittoken=1669966275_3df8f2435556764cb0d93b21397778d7a8c33b4d4121671a457a2b70fccf4a64&browser-info=pa%3A1%3Aar%3A1%3Avf%3A2b7w95bdqfdb0kzrg7tcl8%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A933%3Acn%3A1%3Adp%3A0%3Als%3A759258217807%3Ahid%3A719502973%3Az%3A0%3Ai%3A20221202073114%3Aet%3A1669966274%3Ac%3A1%3Arn%3A978761372%3Arqn%3A3%3Au%3A1669966273884293464%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Aco%3A0%3Ans%3A1669966270844%3Aadb%3A2%3Arqnl%3A1%3Ast%3A1669966274&t=gdpr(14)mc(p-7-h-1)clc(0-0-0)rqnt(3)aw(1)ti(2)
IP 93.158.134.119:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash df3e567d6f16d040326c7a0ea29a4f41
ea7df583983133b62712b5e73bffbcd45cc53736
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
POST /watch/49415098/1?page-url=https%3A%2F%2Fxfantazy.com%2Fvideo%2F5fa9094a0c205613746667b6&charset=utf-8&hittoken=1669966275_3df8f2435556764cb0d93b21397778d7a8c33b4d4121671a457a2b70fccf4a64&browser-info=pa%3A1%3Aar%3A1%3Avf%3A2b7w95bdqfdb0kzrg7tcl8%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A933%3Acn%3A1%3Adp%3A0%3Als%3A759258217807%3Ahid%3A719502973%3Az%3A0%3Ai%3A20221202073114%3Aet%3A1669966274%3Ac%3A1%3Arn%3A978761372%3Arqn%3A3%3Au%3A1669966273884293464%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Aco%3A0%3Ans%3A1669966270844%3Aadb%3A2%3Arqnl%3A1%3Ast%3A1669966274&t=gdpr(14)mc(p-7-h-1)clc(0-0-0)rqnt(3)aw(1)ti(2) HTTP/1.1
Host: mc.yandex.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Content-Length: 52
Origin: https://xfantazy.com
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-length: 43
date: Fri, 02 Dec 2022 07:31:15 GMT
access-control-allow-origin: https://xfantazy.com
access-control-allow-credentials: true
pragma: no-cache
x-xss-protection: 1; mode=block
expires: Fri, 02-Dec-2022 07:31:15 GMT
last-modified: Fri, 02-Dec-2022 07:31:15 GMT
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
content-type: image/gif
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
mc.yandex.ru/watch/49415098/1?page-url=https%3A%2F%2Fxfantazy.com%2Fvideo%2F5fa9094a0c205613746667b6&charset=utf-8&hittoken=1669966275_3df8f2435556764cb0d93b21397778d7a8c33b4d4121671a457a2b70fccf4a64&browser-info=pa%3A1%3Aar%3A1%3Avf%3A2b7w95bdqfdb0kzrg7tcl8%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A933%3Acn%3A1%3Adp%3A0%3Als%3A759258217807%3Ahid%3A719502973%3Az%3A0%3Ai%3A20221202073114%3Aet%3A1669966274%3Ac%3A1%3Arn%3A238850571%3Arqn%3A9%3Au%3A1669966273884293464%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Aco%3A0%3Ans%3A1669966270844%3Aadb%3A2%3Arqnl%3A1%3Ast%3A1669966274&t=gdpr(14)mc(p-7-h-1)clc(0-0-0)rqnt(9)aw(1)ti(2)
93.158.134.119200 OK 43 B URL HTTP/2 mc.yandex.ru/watch/49415098/1?page-url=https%3A%2F%2Fxfantazy.com%2Fvideo%2F5fa9094a0c205613746667b6&charset=utf-8&hittoken=1669966275_3df8f2435556764cb0d93b21397778d7a8c33b4d4121671a457a2b70fccf4a64&browser-info=pa%3A1%3Aar%3A1%3Avf%3A2b7w95bdqfdb0kzrg7tcl8%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A933%3Acn%3A1%3Adp%3A0%3Als%3A759258217807%3Ahid%3A719502973%3Az%3A0%3Ai%3A20221202073114%3Aet%3A1669966274%3Ac%3A1%3Arn%3A238850571%3Arqn%3A9%3Au%3A1669966273884293464%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Aco%3A0%3Ans%3A1669966270844%3Aadb%3A2%3Arqnl%3A1%3Ast%3A1669966274&t=gdpr(14)mc(p-7-h-1)clc(0-0-0)rqnt(9)aw(1)ti(2)
IP 93.158.134.119:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash df3e567d6f16d040326c7a0ea29a4f41
ea7df583983133b62712b5e73bffbcd45cc53736
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
POST /watch/49415098/1?page-url=https%3A%2F%2Fxfantazy.com%2Fvideo%2F5fa9094a0c205613746667b6&charset=utf-8&hittoken=1669966275_3df8f2435556764cb0d93b21397778d7a8c33b4d4121671a457a2b70fccf4a64&browser-info=pa%3A1%3Aar%3A1%3Avf%3A2b7w95bdqfdb0kzrg7tcl8%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A933%3Acn%3A1%3Adp%3A0%3Als%3A759258217807%3Ahid%3A719502973%3Az%3A0%3Ai%3A20221202073114%3Aet%3A1669966274%3Ac%3A1%3Arn%3A238850571%3Arqn%3A9%3Au%3A1669966273884293464%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Aco%3A0%3Ans%3A1669966270844%3Aadb%3A2%3Arqnl%3A1%3Ast%3A1669966274&t=gdpr(14)mc(p-7-h-1)clc(0-0-0)rqnt(9)aw(1)ti(2) HTTP/1.1
Host: mc.yandex.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Content-Length: 39
Origin: https://xfantazy.com
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-length: 43
date: Fri, 02 Dec 2022 07:31:15 GMT
access-control-allow-origin: https://xfantazy.com
access-control-allow-credentials: true
pragma: no-cache
x-xss-protection: 1; mode=block
expires: Fri, 02-Dec-2022 07:31:15 GMT
last-modified: Fri, 02-Dec-2022 07:31:15 GMT
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
content-type: image/gif
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
ummerciseha.com/c1pKZjVcZSkVCCExOVdXOwh4AHQpOxsIDAoYexJ0FxIhJWMmE2wSXBdnc1EESm1/QEUaPndVB1UpPgdBBil3VAVDbWwPWxU1d1cTBWd6SA1da3lIBVUvd1cTByorAQhCfDoSQR9ne1ADSmN8UAdEaXNTDA
104.21.71.102204 No Content 0 B URL HTTP/2 ummerciseha.com/c1pKZjVcZSkVCCExOVdXOwh4AHQpOxsIDAoYexJ0FxIhJWMmE2wSXBdnc1EESm1/QEUaPndVB1UpPgdBBil3VAVDbWwPWxU1d1cTBWd6SA1da3lIBVUvd1cTByorAQhCfDoSQR9ne1ADSmN8UAdEaXNTDA
IP 104.21.71.102:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /c1pKZjVcZSkVCCExOVdXOwh4AHQpOxsIDAoYexJ0FxIhJWMmE2wSXBdnc1EESm1/QEUaPndVB1UpPgdBBil3VAVDbWwPWxU1d1cTBWd6SA1da3lIBVUvd1cTByorAQhCfDoSQR9ne1ADSmN8UAdEaXNTDA HTTP/1.1
Host: ummerciseha.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 204 No Content
date: Fri, 02 Dec 2022 07:31:15 GMT
access-control-allow-origin: *
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=1xjbqlVVH%2Fa88%2BWRFgynwHcOpm5Spjv%2F%2F1dpy5g6ojChAvLMCQPSSw28m4UOnwi%2FS47mhuzcbmfoc2NTV7pVZ4YpsfbkUyxpzm3poS2P2gb9Paksl4BpJS%2FtqXW8%2Bad5f3I%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 77325ca7bf19b4f1-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.pki.goog/s/gts1p5/dCF-Qj_WHqY
142.250.74.131200 OK 472 B URL HTTP/1.1 ocsp.pki.goog/s/gts1p5/dCF-Qj_WHqY
IP 142.250.74.131:0
Hash 1883a5abb177dd5c8c8928d1280a19c3
082dac7d452a638aa649ceb39f89ab9d6ca478d0
1d4206b362c04826df0b60877e5ad9c6cf67e82316b079f6a855af635b12eb0f
POST /s/gts1p5/dCF-Qj_WHqY HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 02 Dec 2022 07:31:15 GMT
Cache-Control: public, max-age=14400
Server: scaffolding on HTTPServer2
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
mc.yandex.ru/watch/49415098/1?page-url=https%3A%2F%2Fxfantazy.com%2Fvideo%2F5fa9094a0c205613746667b6&charset=utf-8&hittoken=1669966275_3df8f2435556764cb0d93b21397778d7a8c33b4d4121671a457a2b70fccf4a64&browser-info=pa%3A1%3Aar%3A1%3Avf%3A2b7w95bdqfdb0kzrg7tcl8%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A933%3Acn%3A1%3Adp%3A0%3Als%3A759258217807%3Ahid%3A719502973%3Az%3A0%3Ai%3A20221202073114%3Aet%3A1669966274%3Ac%3A1%3Arn%3A253591269%3Arqn%3A7%3Au%3A1669966273884293464%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Aco%3A0%3Ans%3A1669966270844%3Aadb%3A2%3Arqnl%3A1%3Ast%3A1669966274&t=gdpr(14)mc(p-7-h-1)clc(0-0-0)rqnt(7)aw(1)ti(2)
93.158.134.119200 OK 43 B URL HTTP/2 mc.yandex.ru/watch/49415098/1?page-url=https%3A%2F%2Fxfantazy.com%2Fvideo%2F5fa9094a0c205613746667b6&charset=utf-8&hittoken=1669966275_3df8f2435556764cb0d93b21397778d7a8c33b4d4121671a457a2b70fccf4a64&browser-info=pa%3A1%3Aar%3A1%3Avf%3A2b7w95bdqfdb0kzrg7tcl8%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A933%3Acn%3A1%3Adp%3A0%3Als%3A759258217807%3Ahid%3A719502973%3Az%3A0%3Ai%3A20221202073114%3Aet%3A1669966274%3Ac%3A1%3Arn%3A253591269%3Arqn%3A7%3Au%3A1669966273884293464%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Aco%3A0%3Ans%3A1669966270844%3Aadb%3A2%3Arqnl%3A1%3Ast%3A1669966274&t=gdpr(14)mc(p-7-h-1)clc(0-0-0)rqnt(7)aw(1)ti(2)
IP 93.158.134.119:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash df3e567d6f16d040326c7a0ea29a4f41
ea7df583983133b62712b5e73bffbcd45cc53736
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
POST /watch/49415098/1?page-url=https%3A%2F%2Fxfantazy.com%2Fvideo%2F5fa9094a0c205613746667b6&charset=utf-8&hittoken=1669966275_3df8f2435556764cb0d93b21397778d7a8c33b4d4121671a457a2b70fccf4a64&browser-info=pa%3A1%3Aar%3A1%3Avf%3A2b7w95bdqfdb0kzrg7tcl8%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A933%3Acn%3A1%3Adp%3A0%3Als%3A759258217807%3Ahid%3A719502973%3Az%3A0%3Ai%3A20221202073114%3Aet%3A1669966274%3Ac%3A1%3Arn%3A253591269%3Arqn%3A7%3Au%3A1669966273884293464%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Aco%3A0%3Ans%3A1669966270844%3Aadb%3A2%3Arqnl%3A1%3Ast%3A1669966274&t=gdpr(14)mc(p-7-h-1)clc(0-0-0)rqnt(7)aw(1)ti(2) HTTP/1.1
Host: mc.yandex.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Content-Length: 98
Origin: https://xfantazy.com
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-length: 43
date: Fri, 02 Dec 2022 07:31:15 GMT
access-control-allow-origin: https://xfantazy.com
access-control-allow-credentials: true
pragma: no-cache
x-xss-protection: 1; mode=block
expires: Fri, 02-Dec-2022 07:31:15 GMT
last-modified: Fri, 02-Dec-2022 07:31:15 GMT
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
content-type: image/gif
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
ummerciseha.com/c0NsMXVcfA9CSBJzHGsWNQ02VyILCjZdHUcaKVkEJHBdXiQeCkpFHBd+VQdHQ3JeFwUaJ1EATVUwGFABBjBRAFMaLQpeSFU1UQBbQ21eH0dVNlEAUwczDVZIQmUcRQEffl0HQ0p6WgdHRHBVB00
104.21.71.102204 No Content 0 B URL HTTP/2 ummerciseha.com/c0NsMXVcfA9CSBJzHGsWNQ02VyILCjZdHUcaKVkEJHBdXiQeCkpFHBd+VQdHQ3JeFwUaJ1EATVUwGFABBjBRAFMaLQpeSFU1UQBbQ21eH0dVNlEAUwczDVZIQmUcRQEffl0HQ0p6WgdHRHBVB00
IP 104.21.71.102:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /c0NsMXVcfA9CSBJzHGsWNQ02VyILCjZdHUcaKVkEJHBdXiQeCkpFHBd+VQdHQ3JeFwUaJ1EATVUwGFABBjBRAFMaLQpeSFU1UQBbQ21eH0dVNlEAUwczDVZIQmUcRQEffl0HQ0p6WgdHRHBVB00 HTTP/1.1
Host: ummerciseha.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 204 No Content
date: Fri, 02 Dec 2022 07:31:15 GMT
access-control-allow-origin: *
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=lKuBUVk3FwFJAVvZZcX4yFToqgIut%2FAMvnE05KM3l69gsp%2B3z77e1LBoQoD7fo4EuCuaCc%2BS1jDWFQZaecbvrBi%2FKsySYJTDlKDq7V%2BhBy6WDSm8LBcBlNBQM6KRjQe%2BV8E%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 77325ca7cf4db4f1-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
mc.yandex.ru/watch/49415098/1?page-url=https%3A%2F%2Fxfantazy.com%2Fvideo%2F5fa9094a0c205613746667b6&charset=utf-8&hittoken=1669966275_3df8f2435556764cb0d93b21397778d7a8c33b4d4121671a457a2b70fccf4a64&browser-info=pv%3A1%3Aar%3A1%3Avf%3A2b7w95bdqfdb0kzrg7tcl8%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A933%3Acn%3A1%3Adp%3A0%3Als%3A759258217807%3Ahid%3A719502973%3Az%3A0%3Ai%3A20221202073114%3Aet%3A1669966274%3Ac%3A1%3Arn%3A493254474%3Arqn%3A8%3Au%3A1669966273884293464%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Aco%3A0%3Ans%3A1669966270844%3Aadb%3A2%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1669966274%3At%3APutalocura.com-%20Qie%20Ana%20Spears%20-%20Spanish%20Glory%20Hole%20-%20XFantazy.com&t=gdpr%2814%29mc%28p-7-h-1%29clc%280-0-0%29rqnt%288%29aw%281%29fip%281%29ti%282%29
93.158.134.119200 OK 43 B URL HTTP/2 mc.yandex.ru/watch/49415098/1?page-url=https%3A%2F%2Fxfantazy.com%2Fvideo%2F5fa9094a0c205613746667b6&charset=utf-8&hittoken=1669966275_3df8f2435556764cb0d93b21397778d7a8c33b4d4121671a457a2b70fccf4a64&browser-info=pv%3A1%3Aar%3A1%3Avf%3A2b7w95bdqfdb0kzrg7tcl8%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A933%3Acn%3A1%3Adp%3A0%3Als%3A759258217807%3Ahid%3A719502973%3Az%3A0%3Ai%3A20221202073114%3Aet%3A1669966274%3Ac%3A1%3Arn%3A493254474%3Arqn%3A8%3Au%3A1669966273884293464%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Aco%3A0%3Ans%3A1669966270844%3Aadb%3A2%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1669966274%3At%3APutalocura.com-%20Qie%20Ana%20Spears%20-%20Spanish%20Glory%20Hole%20-%20XFantazy.com&t=gdpr%2814%29mc%28p-7-h-1%29clc%280-0-0%29rqnt%288%29aw%281%29fip%281%29ti%282%29
IP 93.158.134.119:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash df3e567d6f16d040326c7a0ea29a4f41
ea7df583983133b62712b5e73bffbcd45cc53736
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
GET /watch/49415098/1?page-url=https%3A%2F%2Fxfantazy.com%2Fvideo%2F5fa9094a0c205613746667b6&charset=utf-8&hittoken=1669966275_3df8f2435556764cb0d93b21397778d7a8c33b4d4121671a457a2b70fccf4a64&browser-info=pv%3A1%3Aar%3A1%3Avf%3A2b7w95bdqfdb0kzrg7tcl8%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A933%3Acn%3A1%3Adp%3A0%3Als%3A759258217807%3Ahid%3A719502973%3Az%3A0%3Ai%3A20221202073114%3Aet%3A1669966274%3Ac%3A1%3Arn%3A493254474%3Arqn%3A8%3Au%3A1669966273884293464%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Aco%3A0%3Ans%3A1669966270844%3Aadb%3A2%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1669966274%3At%3APutalocura.com-%20Qie%20Ana%20Spears%20-%20Spanish%20Glory%20Hole%20-%20XFantazy.com&t=gdpr%2814%29mc%28p-7-h-1%29clc%280-0-0%29rqnt%288%29aw%281%29fip%281%29ti%282%29 HTTP/1.1
Host: mc.yandex.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://xfantazy.com
Referer: https://xfantazy.com/
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-length: 43
date: Fri, 02 Dec 2022 07:31:15 GMT
access-control-allow-origin: https://xfantazy.com
access-control-allow-credentials: true
pragma: no-cache
x-xss-protection: 1; mode=block
expires: Fri, 02-Dec-2022 07:31:15 GMT
last-modified: Fri, 02-Dec-2022 07:31:15 GMT
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
content-type: image/gif
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
organexpectationsmaintain.com/01/f7/5a/01f75a95a38a8db0a8e82d995253a076.js
192.243.61.225200 OK 29 kB URL HTTP/1.1 organexpectationsmaintain.com/01/f7/5a/01f75a95a38a8db0a8e82d995253a076.js
IP 192.243.61.225:0
ASN #39572 DataWeb Global Group B.V.
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (65536), with no line terminators
Hash 12be38d482a6d459fbabd0d0d6f9d8ce
60717a506a49474d03e2b1897f70b70c39405c87
7f086256ff8c4315cae88ef13152a906208a6e056c59f37488f318f08c104089
Analyzer Verdict Alert quad9 Sinkholed
GET /01/f7/5a/01f75a95a38a8db0a8e82d995253a076.js HTTP/1.1
Host: organexpectationsmaintain.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.22.0
Date: Fri, 02 Dec 2022 07:31:15 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 80f19019f0d20b08335d3e5f3694120e
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
ummerciseha.com/ZEtURzJLdDc0DzJ6HnRRCg06HWc2DgZ1BxYZARF0PhwWBmFUKHIzWwB2bXADXXxhYUINL2l0AEI4ICZGEThpdhQNJTIoD0I9aXccXGVldBxUbSF6A0I/JCZVWXpyN0YQJ2l2BFJybXEEVnxnfgdS
104.21.71.102204 No Content 0 B URL HTTP/2 ummerciseha.com/ZEtURzJLdDc0DzJ6HnRRCg06HWc2DgZ1BxYZARF0PhwWBmFUKHIzWwB2bXADXXxhYUINL2l0AEI4ICZGEThpdhQNJTIoD0I9aXccXGVldBxUbSF6A0I/JCZVWXpyN0YQJ2l2BFJybXEEVnxnfgdS
IP 104.21.71.102:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /ZEtURzJLdDc0DzJ6HnRRCg06HWc2DgZ1BxYZARF0PhwWBmFUKHIzWwB2bXADXXxhYUINL2l0AEI4ICZGEThpdhQNJTIoD0I9aXccXGVldBxUbSF6A0I/JCZVWXpyN0YQJ2l2BFJybXEEVnxnfgdS HTTP/1.1
Host: ummerciseha.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 204 No Content
date: Fri, 02 Dec 2022 07:31:15 GMT
access-control-allow-origin: *
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Ktbzob6r%2BxdMU0FfU0aZy90SgZx04D3AE8YDt6C16%2BsCT0rs2IPVG9h%2BGr%2BI2rg1wushRPaASQSY0lbK2QIZX%2B75Vn0RarRxOikXADWZbODa1cTRd3l3KIsLpsGAk24zTmA%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 77325ca81fa1b4f1-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
simplewebanalysis.com/stats
18.185.190.54200 OK 40 B URL HTTP/2 simplewebanalysis.com/stats
IP 18.185.190.54:0
File type ASCII text, with no line terminators
Hash 611bf9435ff27c51d4cd2c8307807510
699d02215194a0037f143fd539eb5d7e26906569
ee6b2484a190949db66092dcc26c345f778ac6e97b8c6f202c4cfde8dc1a6cd2
GET /stats HTTP/1.1
Host: simplewebanalysis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://xfantazy.com
Connection: keep-alive
Referer: https://xfantazy.com/
Cookie: uid_id2=0e261935-c89a-42b7-9386-175b95138375:3:1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Fri, 02 Dec 2022 07:31:15 GMT
content-type: text/html; charset=UTF-8
content-length: 40
server: fasthttp
access-control-allow-origin: https://xfantazy.com
access-control-allow-credentials: true
X-Firefox-Spdy: h2
organexpectationsmaintain.com/pixel/purst?dl=0&th=0&sc=0&rs=2969&rd=2969&fd=595&bv=22.10.v.10&tmpl=136
192.243.61.225200 OK 0 B URL HTTP/1.1 organexpectationsmaintain.com/pixel/purst?dl=0&th=0&sc=0&rs=2969&rd=2969&fd=595&bv=22.10.v.10&tmpl=136
IP 192.243.61.225:0
ASN #39572 DataWeb Global Group B.V.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /pixel/purst?dl=0&th=0&sc=0&rs=2969&rd=2969&fd=595&bv=22.10.v.10&tmpl=136 HTTP/1.1
Host: organexpectationsmaintain.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.22.0
Date: Fri, 02 Dec 2022 07:31:15 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
d3t87ooo0697p8.cloudfront.net/JeVV1Q2MaOhslXA08EX5aTmRMdFZfPwYsDQloAiIWSRoEOSobDBoyFQ87UzcZHWhFZQ8YOxJ+RRw7Fn5SXzQRIV5NcwEzDBJoAC0HHDMcLQYdcwAiXhQ6DyoPFTRQcSVMe0VmUUl9AioNHToCMEZLZRs3RktlRHNNSXBGAUZLZQIqDU9hUHAhXGdFO1VNcE-YBRktlBzVGShREc1ZXZVxmUUkyECAIFnBHBVFJZEVzUklkUHFTHzwHJgUWLVBxJUhlQG1TXyBIcg
143.204.42.2200 OK 328 B URL HTTP/2 d3t87ooo0697p8.cloudfront.net/JeVV1Q2MaOhslXA08EX5aTmRMdFZfPwYsDQloAiIWSRoEOSobDBoyFQ87UzcZHWhFZQ8YOxJ+RRw7Fn5SXzQRIV5NcwEzDBJoAC0HHDMcLQYdcwAiXhQ6DyoPFTRQcSVMe0VmUUl9AioNHToCMEZLZRs3RktlRHNNSXBGAUZLZQIqDU9hUHAhXGdFO1VNcE-YBRktlBzVGShREc1ZXZVxmUUkyECAIFnBHBVFJZEVzUklkUHFTHzwHJgUWLVBxJUhlQG1TXyBIcg
IP 143.204.42.2:0
File type ASCII text, with very long lines (419), with no line terminators
Hash 54fed09419e8110214a30de38c347205
378d3be97da219ba74fcffbad64fc841e0d98188
595de975a3e8b529a5d5af5358cb1544c0327356ed20f55961acd2fe2ce6e334
GET /JeVV1Q2MaOhslXA08EX5aTmRMdFZfPwYsDQloAiIWSRoEOSobDBoyFQ87UzcZHWhFZQ8YOxJ+RRw7Fn5SXzQRIV5NcwEzDBJoAC0HHDMcLQYdcwAiXhQ6DyoPFTRQcSVMe0VmUUl9AioNHToCMEZLZRs3RktlRHNNSXBGAUZLZQIqDU9hUHAhXGdFO1VNcE-YBRktlBzVGShREc1ZXZVxmUUkyECAIFnBHBVFJZEVzUklkUHFTHzwHJgUWLVBxJUhlQG1TXyBIcg HTTP/1.1
Host: d3t87ooo0697p8.cloudfront.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gedspecificano.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-length: 328
date: Fri, 02 Dec 2022 07:31:16 GMT
access-control-allow-origin: *
cache-control: max-age=31556926
content-encoding: gzip
x-cache: Miss from cloudfront
via: 1.1 41dc61beb3fe8e8c2c299a2522d8330c.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: 9jVXxMWPu23pe7s74Ub-jiX2JNGk_M_zB6giRUsypRal_3L3uWXSuA==
X-Firefox-Spdy: h2
organexpectationsmaintain.com/sbar.json?key=21fe3950f412e026c33f1b6cee613eba
192.243.61.225200 OK 4.4 kB URL HTTP/1.1 organexpectationsmaintain.com/sbar.json?key=21fe3950f412e026c33f1b6cee613eba
IP 192.243.61.225:0
ASN #39572 DataWeb Global Group B.V.
File type JSON data\012- , Unicode text, UTF-8 text, with very long lines (6040), with no line terminators
Hash 148608f3ce3c545657ca89c287eb9ebe
ceae8adba41a00c22c4acf13d962ed1920fbb86b
e6afac9a3c8354e066c5fff4a1a33bab33eceb0c799e3221933a2dd7db63ca57
Analyzer Verdict Alert quad9 Sinkholed
GET /sbar.json?key=21fe3950f412e026c33f1b6cee613eba HTTP/1.1
Host: organexpectationsmaintain.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://xfantazy.com
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.22.0
Date: Fri, 02 Dec 2022 07:31:15 GMT
Content-Type: text/plain; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: https://xfantazy.com
Access-Control-Allow-Origin: https://xfantazy.com
Access-Control-Allow-Credentials: true
Set-Cookie: u_pl=17661735; expires=Sat, 03 Dec 2022 07:31:15 GMT; secure; SameSite=None
pdhtkv=true; expires=Sat, 03 Dec 2022 07:31:15 GMT; secure; SameSite=None
uncs=1; expires=Sat, 03 Dec 2022 07:31:15 GMT; secure; SameSite=None
pdhtkv29=true; expires=Sat, 03 Dec 2022 07:31:15 GMT; secure; SameSite=None
uncs29=1; expires=Sat, 03 Dec 2022 07:31:15 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: cc536f7a971e27527ad0da55e9da928d
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
d3t87ooo0697p8.cloudfront.net/dcHNqODkTHAReBgQaDgUARkFaCQ1WGRlXVwBOLFxQHUYFAVdHJD5uXyRVHkJdTUNMVFgeFFceXB4QVwkfERcIBQ1WBxpXUk0JEl5YCh0BT0sFVR9ZBB0cEFFVHBJPCn9FXVodC0BbHVFXFBwdSxxCQwRMHEJDWwgXQFZZehxCQx1RV0ZHTwt7VUFaQA9EVl-l6HEJDGE4cQzJbCAxeQ0MdC0AUD1tSH1ZYfgtAQloICEBCTwoJFhoYXV8fC08Kf0FDXxYJVgZXCQ
143.204.42.2200 OK 578 B URL HTTP/2 d3t87ooo0697p8.cloudfront.net/dcHNqODkTHAReBgQaDgUARkFaCQ1WGRlXVwBOLFxQHUYFAVdHJD5uXyRVHkJdTUNMVFgeFFceXB4QVwkfERcIBQ1WBxpXUk0JEl5YCh0BT0sFVR9ZBB0cEFFVHBJPCn9FXVodC0BbHVFXFBwdSxxCQwRMHEJDWwgXQFZZehxCQx1RV0ZHTwt7VUFaQA9EVl-l6HEJDGE4cQzJbCAxeQ0MdC0AUD1tSH1ZYfgtAQloICEBCTwoJFhoYXV8fC08Kf0FDXxYJVgZXCQ
IP 143.204.42.2:0
File type ASCII text, with very long lines (822), with no line terminators
Hash 71dccdab73f72edfe7a80a0b4556aab1
4f87929d8314735eb3d80363687e4b54aecbf0c0
470fb2392c07f8455e72637c8d035c71685d6edb9617500c5ae26e8b57864213
GET /dcHNqODkTHAReBgQaDgUARkFaCQ1WGRlXVwBOLFxQHUYFAVdHJD5uXyRVHkJdTUNMVFgeFFceXB4QVwkfERcIBQ1WBxpXUk0JEl5YCh0BT0sFVR9ZBB0cEFFVHBJPCn9FXVodC0BbHVFXFBwdSxxCQwRMHEJDWwgXQFZZehxCQx1RV0ZHTwt7VUFaQA9EVl-l6HEJDGE4cQzJbCAxeQ0MdC0AUD1tSH1ZYfgtAQloICEBCTwoJFhoYXV8fC08Kf0FDXxYJVgZXCQ HTTP/1.1
Host: d3t87ooo0697p8.cloudfront.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gedspecificano.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-length: 578
date: Fri, 02 Dec 2022 07:31:16 GMT
access-control-allow-origin: *
cache-control: max-age=31556926
content-encoding: gzip
x-cache: Miss from cloudfront
via: 1.1 41dc61beb3fe8e8c2c299a2522d8330c.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: eednqrJzVeewEDgS8TcwNbVd80ocWl1zqqlC_FB80Dip_Jw483w3Tw==
X-Firefox-Spdy: h2
d3t87ooo0697p8.cloudfront.net/PNDdibFpXWAwKZUBeBlFjAgVSXWgSXREDNEQKBAA3ZGA4XxtWTgMJEkdUV0ouTlNfXHxYVgwLZxJSDA9nBREDCDgJA0QZOwlaDRYzWFsDSWhyAkxcfwYHShszWlMNGykRBVICLhEFUl1qGgdHXxgRBVIbM1oBVklpdhJQXCICA0dfGBEFUh4sEQQjXWoBGV-JFfwYHBQk5X1hHXhwGB1NcagUHU0loBFELHj9SWBpJaHIGUll0BBEXUWs
143.204.42.2200 OK 189 B URL HTTP/2 d3t87ooo0697p8.cloudfront.net/PNDdibFpXWAwKZUBeBlFjAgVSXWgSXREDNEQKBAA3ZGA4XxtWTgMJEkdUV0ouTlNfXHxYVgwLZxJSDA9nBREDCDgJA0QZOwlaDRYzWFsDSWhyAkxcfwYHShszWlMNGykRBVICLhEFUl1qGgdHXxgRBVIbM1oBVklpdhJQXCICA0dfGBEFUh4sEQQjXWoBGV-JFfwYHBQk5X1hHXhwGB1NcagUHU0loBFELHj9SWBpJaHIGUll0BBEXUWs
IP 143.204.42.2:0
File type ASCII text, with no line terminators
Hash 1aea46f0aa58e4afe9d8698e51cfb4e1
2702d2846bf8d056d8d1c5180915fa07628764af
548a16d7efd0657bcb5120d9a987f22b39008d9946156c0b846fe3ee4ef78fdc
GET /PNDdibFpXWAwKZUBeBlFjAgVSXWgSXREDNEQKBAA3ZGA4XxtWTgMJEkdUV0ouTlNfXHxYVgwLZxJSDA9nBREDCDgJA0QZOwlaDRYzWFsDSWhyAkxcfwYHShszWlMNGykRBVICLhEFUl1qGgdHXxgRBVIbM1oBVklpdhJQXCICA0dfGBEFUh4sEQQjXWoBGV-JFfwYHBQk5X1hHXhwGB1NcagUHU0loBFELHj9SWBpJaHIGUll0BBEXUWs HTTP/1.1
Host: d3t87ooo0697p8.cloudfront.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gedspecificano.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-length: 189
date: Fri, 02 Dec 2022 07:31:16 GMT
access-control-allow-origin: *
cache-control: max-age=31556926
content-encoding: gzip
x-cache: Miss from cloudfront
via: 1.1 41dc61beb3fe8e8c2c299a2522d8330c.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: u3hOATO4fn3YBezdoCkaG52AVH2Fos9q-_WB6PlEPOic32i5BDvHEQ==
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash c770ed8e1043091817cf67c2338116d2
eb799e23dbf7d7fd82d63ec0220007e5b8196e48
addff025294dc6a89ff5f686910eb51ba8791c40f50b1c6b63ddc4c8db5808cf
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "ADDFF025294DC6A89FF5F686910EB51BA8791C40F50B1C6B63DDC4C8DB5808CF"
Last-Modified: Thu, 01 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4345
Expires: Fri, 02 Dec 2022 08:43:41 GMT
Date: Fri, 02 Dec 2022 07:31:16 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash a1a125695fbcd312685fe655dedb60d2
c26e91d38e6bbb5dec2c62b73bdea02f9dd39b43
220b199f2775f9b0c86f9e1d85a95983aac4c0f01a1b6e7c60a13d95235e0dfd
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "220B199F2775F9B0C86F9E1D85A95983AAC4C0F01A1B6E7C60A13D95235E0DFD"
Last-Modified: Thu, 01 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9621
Expires: Fri, 02 Dec 2022 10:11:37 GMT
Date: Fri, 02 Dec 2022 07:31:16 GMT
Connection: keep-alive
tallysaturatesnare.com/ren.gif?sid=H4sIAAAAAAAC%2F1RS3WtcxRue06Y3v5%2BIlV5YRNxLBd3M2Y9str0I1hoJxiS21aAFcc7MnM2YOWcOM%2Bfs2SwIoQWpd1u86eXJs0ljNZXWS8EPNt5IQOl6IbkwF%2F4Bggi9VXazGHxh5n3fed6L53ne%2BXgrOyIUGTtcedN0ldZsul6mpRdWVSxM7kpL10o%2BLdOLpVUVz9Quljqjy7Yv%2BLRepi%2BWXpd83UxXqE%2BpT%2F3SvLIyNJ3pMQqV7DX9cpOWa5WyX6%2BhY%2F%2Fbu8yDYx5E%2B4g8DSWGZ9Z%2BfAjFB4ijB5elW09N8tJrUaZZaizaYvfteD02eYzopAythzDenUzDuCEhd07BxLsTBTDt7ZECBGpIvF99BPHuhCaC9s4x00BDxgjE%2F5G3B5B6AMUG4OYmlHhEAC6wtIw4urtkbM42jlE2Qodk6vFfUPmQTP12DnH05SWtOqWrRmepMrFDJyygOgOo1gBJto%2B060Hl%2B%2BDpDSjxE5l%2BvIg42l522kCJYqxeqQFUOICWPTDnIRsd5SELPWSJh0gclli9GVLaCIOwWp2tcc6rVc7rszOiLqq12ZAi4yN6PaRJD1z3wO0mEruJdXV7SMiNbdjse7i1Ak54cOmQeG9toi0K5JIgdwQ5I8gVQZ4S5O1iR2hXccVdoV0W%2BJNcmeRq0Tdpa4vtmLQlY7KVHJGzY3P%2BeOJrrMvDEquEzSYNfVprzNAZnzf8pvC5z1iVVSQXFThVQLlTY71dNSTnnv0dyWhjH%2F2NgO3D6X1w9RRY9hxY3m9UKNhavzZL0Y33OiGLU9bdKHMTQZgCSTqFdMPb0kfk%2FJjHhes%2FQ%2FKDuQff3l9%2B9%2FRn4LZAYgt8qH4gaOlb%2FSsmJ9tXTO7Iw%2BUkVZHqstECr6YslWc%2Bf0Nu5MaKhcuud%2B8VPgJG5d416dJFFgsVtxz54pISQtp5Y7kk3yy4VRmsZG7tUmbjLFlceXV%2BIUqsdE6ZeACmHn3wHbgakv%2F1zo6%2F5vOz70HZAWxWIMoOyCSgzAA82YRLDubun7%2F%2B5533KZwhsPpkJkg85FnRt5Xg5FErAi1PehYUcPJg7quXn3xn6plPEch%2F7dhyt9CyHlh6E3FUoG0LtHUBpntw2el%2BmtiDuV%2Bq40CgvX6grbcdaKtvH1vr1GFJ1kMaSlqRQdgMwgajohnWmgFr%2BrIR1JmP1A35J%2Ff2%2FwEAAP%2F%2FAQAA%2F%2F%2BsbmYZcgQAAA%3D%3D
192.243.61.227200 OK 7 B URL HTTP/1.1 tallysaturatesnare.com/ren.gif?sid=H4sIAAAAAAAC%2F1RS3WtcxRue06Y3v5%2BIlV5YRNxLBd3M2Y9str0I1hoJxiS21aAFcc7MnM2YOWcOM%2Bfs2SwIoQWpd1u86eXJs0ljNZXWS8EPNt5IQOl6IbkwF%2F4Bggi9VXazGHxh5n3fed6L53ne%2BXgrOyIUGTtcedN0ldZsul6mpRdWVSxM7kpL10o%2BLdOLpVUVz9Quljqjy7Yv%2BLRepi%2BWXpd83UxXqE%2BpT%2F3SvLIyNJ3pMQqV7DX9cpOWa5WyX6%2BhY%2F%2Fbu8yDYx5E%2B4g8DSWGZ9Z%2BfAjFB4ijB5elW09N8tJrUaZZaizaYvfteD02eYzopAythzDenUzDuCEhd07BxLsTBTDt7ZECBGpIvF99BPHuhCaC9s4x00BDxgjE%2F5G3B5B6AMUG4OYmlHhEAC6wtIw4urtkbM42jlE2Qodk6vFfUPmQTP12DnH05SWtOqWrRmepMrFDJyygOgOo1gBJto%2B060Hl%2B%2BDpDSjxE5l%2BvIg42l522kCJYqxeqQFUOICWPTDnIRsd5SELPWSJh0gclli9GVLaCIOwWp2tcc6rVc7rszOiLqq12ZAi4yN6PaRJD1z3wO0mEruJdXV7SMiNbdjse7i1Ak54cOmQeG9toi0K5JIgdwQ5I8gVQZ4S5O1iR2hXccVdoV0W%2BJNcmeRq0Tdpa4vtmLQlY7KVHJGzY3P%2BeOJrrMvDEquEzSYNfVprzNAZnzf8pvC5z1iVVSQXFThVQLlTY71dNSTnnv0dyWhjH%2F2NgO3D6X1w9RRY9hxY3m9UKNhavzZL0Y33OiGLU9bdKHMTQZgCSTqFdMPb0kfk%2FJjHhes%2FQ%2FKDuQff3l9%2B9%2FRn4LZAYgt8qH4gaOlb%2FSsmJ9tXTO7Iw%2BUkVZHqstECr6YslWc%2Bf0Nu5MaKhcuud%2B8VPgJG5d416dJFFgsVtxz54pISQtp5Y7kk3yy4VRmsZG7tUmbjLFlceXV%2BIUqsdE6ZeACmHn3wHbgakv%2F1zo6%2F5vOz70HZAWxWIMoOyCSgzAA82YRLDubun7%2F%2B5533KZwhsPpkJkg85FnRt5Xg5FErAi1PehYUcPJg7quXn3xn6plPEch%2F7dhyt9CyHlh6E3FUoG0LtHUBpntw2el%2BmtiDuV%2Bq40CgvX6grbcdaKtvH1vr1GFJ1kMaSlqRQdgMwgajohnWmgFr%2BrIR1JmP1A35J%2Ff2%2FwEAAP%2F%2FAQAA%2F%2F%2BsbmYZcgQAAA%3D%3D
IP 192.243.61.227:0
ASN #39572 DataWeb Global Group B.V.
File type ASCII text, with no line terminators
Hash 132d6af1b46048b45cf86cdee7991d31
eb7007d03d59b65bc6da7e098c4d38fc6dfb6285
ab852e838deccd742a03ca81d4a8d75cf1a00b327db3eaf46bd7da6b6db9384c
Analyzer Verdict Alert fortinet Malware
quad9 Sinkholed
GET /ren.gif?sid=H4sIAAAAAAAC%2F1RS3WtcxRue06Y3v5%2BIlV5YRNxLBd3M2Y9str0I1hoJxiS21aAFcc7MnM2YOWcOM%2Bfs2SwIoQWpd1u86eXJs0ljNZXWS8EPNt5IQOl6IbkwF%2F4Bggi9VXazGHxh5n3fed6L53ne%2BXgrOyIUGTtcedN0ldZsul6mpRdWVSxM7kpL10o%2BLdOLpVUVz9Quljqjy7Yv%2BLRepi%2BWXpd83UxXqE%2BpT%2F3SvLIyNJ3pMQqV7DX9cpOWa5WyX6%2BhY%2F%2Fbu8yDYx5E%2B4g8DSWGZ9Z%2BfAjFB4ijB5elW09N8tJrUaZZaizaYvfteD02eYzopAythzDenUzDuCEhd07BxLsTBTDt7ZECBGpIvF99BPHuhCaC9s4x00BDxgjE%2F5G3B5B6AMUG4OYmlHhEAC6wtIw4urtkbM42jlE2Qodk6vFfUPmQTP12DnH05SWtOqWrRmepMrFDJyygOgOo1gBJto%2B060Hl%2B%2BDpDSjxE5l%2BvIg42l522kCJYqxeqQFUOICWPTDnIRsd5SELPWSJh0gclli9GVLaCIOwWp2tcc6rVc7rszOiLqq12ZAi4yN6PaRJD1z3wO0mEruJdXV7SMiNbdjse7i1Ak54cOmQeG9toi0K5JIgdwQ5I8gVQZ4S5O1iR2hXccVdoV0W%2BJNcmeRq0Tdpa4vtmLQlY7KVHJGzY3P%2BeOJrrMvDEquEzSYNfVprzNAZnzf8pvC5z1iVVSQXFThVQLlTY71dNSTnnv0dyWhjH%2F2NgO3D6X1w9RRY9hxY3m9UKNhavzZL0Y33OiGLU9bdKHMTQZgCSTqFdMPb0kfk%2FJjHhes%2FQ%2FKDuQff3l9%2B9%2FRn4LZAYgt8qH4gaOlb%2FSsmJ9tXTO7Iw%2BUkVZHqstECr6YslWc%2Bf0Nu5MaKhcuud%2B8VPgJG5d416dJFFgsVtxz54pISQtp5Y7kk3yy4VRmsZG7tUmbjLFlceXV%2BIUqsdE6ZeACmHn3wHbgakv%2F1zo6%2F5vOz70HZAWxWIMoOyCSgzAA82YRLDubun7%2F%2B5533KZwhsPpkJkg85FnRt5Xg5FErAi1PehYUcPJg7quXn3xn6plPEch%2F7dhyt9CyHlh6E3FUoG0LtHUBpntw2el%2BmtiDuV%2Bq40CgvX6grbcdaKtvH1vr1GFJ1kMaSlqRQdgMwgajohnWmgFr%2BrIR1JmP1A35J%2Ff2%2FwEAAP%2F%2FAQAA%2F%2F%2BsbmYZcgQAAA%3D%3D HTTP/1.1
Host: tallysaturatesnare.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Cookie: u_pl=15600826; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.22.0
Date: Fri, 02 Dec 2022 07:31:16 GMT
Content-Type: image/gif
Content-Length: 7
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: e46c822a84f514d2e4ff8d94fc3c22aa
Strict-Transport-Security: max-age=0; includeSubdomains
integrityprinciplesthorough.com/pixel/purst?dl=0&th=0&sc=0&rs=3419&rd=3419&fd=1056&bv=22.10.v.10&tmpl=136
173.233.137.44200 OK 0 B URL HTTP/1.1 integrityprinciplesthorough.com/pixel/purst?dl=0&th=0&sc=0&rs=3419&rd=3419&fd=1056&bv=22.10.v.10&tmpl=136
IP 173.233.137.44:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /pixel/purst?dl=0&th=0&sc=0&rs=3419&rd=3419&fd=1056&bv=22.10.v.10&tmpl=136 HTTP/1.1
Host: integrityprinciplesthorough.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Fri, 02 Dec 2022 07:31:16 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash a11a991958dbd78dfb3392214590ef38
c5fb54ce1ad1c51598623b66827af482c565e0d5
01d67dc39941deea93712fa87453fd27679357916ab856358e0bda7a63b2624d
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5975
Cache-Control: max-age=150693
Content-Type: application/ocsp-response
Date: Fri, 02 Dec 2022 07:31:16 GMT
Etag: "63893c12-1d7"
Expires: Sun, 04 Dec 2022 01:22:49 GMT
Last-Modified: Thu, 01 Dec 2022 23:43:14 GMT
Server: ECS (ska/F713)
X-Cache: HIT
Content-Length: 471
e1.o.lencr.org/
23.36.76.226200 OK 345 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 1e667a2ef09b074335a72154b467b817
23bbe0ae105e2f7c68da2dc8b9f97aa2615a6f95
228f93b50ce9a919708078d7be6bee880bb4ba71acff797fda87421ec4f0b60f
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "228F93B50CE9A919708078D7BE6BEE880BB4BA71ACFF797FDA87421EC4F0B60F"
Last-Modified: Thu, 01 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3925
Expires: Fri, 02 Dec 2022 08:36:41 GMT
Date: Fri, 02 Dec 2022 07:31:16 GMT
Connection: keep-alive
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash a26afaaadb2a0ed8f3adf3ba46f076b0
fd5066cc90bd627ab0cf7f2463ae71b26f7ebf38
0ef7ce87cf40f2eabf3daab6d1336bfd51f0539f6d174a5f66afdd898acd1d06
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 02 Dec 2022 07:31:16 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash a26afaaadb2a0ed8f3adf3ba46f076b0
fd5066cc90bd627ab0cf7f2463ae71b26f7ebf38
0ef7ce87cf40f2eabf3daab6d1336bfd51f0539f6d174a5f66afdd898acd1d06
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 02 Dec 2022 07:31:16 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
accounts.google.com/ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&uilel=3&hl=en&service=mail
216.58.207.237302 Found 390 B URL HTTP/2 accounts.google.com/ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&uilel=3&hl=en&service=mail
IP 216.58.207.237:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (380)
Hash 088181cf6aa1586fd98c521c9a4db175
bfe9076533d8a2b7222c91806690e4d8a6ebb5af
9bde4f661e79100cd38094d8932425980c8702241ee3a710646732fba67d146d
GET /ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&uilel=3&hl=en&service=mail HTTP/1.1
Host: accounts.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
content-type: text/html; charset=UTF-8
x-frame-options: DENY
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Fri, 02 Dec 2022 07:31:16 GMT
location: https://accounts.google.com/v3/signin/identifier?dsh=S1459657700%3A1669966276410645&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&hl=en&passive=true&service=mail&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&ifkv=ARgdvAtNfvjWEkROuWe6JWwdl2G0POPabJ21nLSUmKpfRpMie49hP0oY0EM5kS2PZcaZHVpDBP_3Vw
strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: script-src 'nonce-5F2IGD1lNjDomayVW0Y1Ug' 'unsafe-inline' 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /cspreport, require-trusted-types-for 'script';report-uri /cspreport
report-to: {"group":"coop_gse_qebhlk","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gse_qebhlk"}]}
cross-origin-opener-policy-report-only: same-origin; report-to="coop_gse_qebhlk"
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 390
server: GSE
set-cookie: __Host-GAPS=1:vBqLzhN-jQOg6NNjnuVWLEsyfZyEkw:z_Yk_puPnmyo2vZ3;Path=/;Expires=Sun, 01-Dec-2024 07:31:16 GMT;Secure;HttpOnly;Priority=HIGH
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
accounts.google.com/ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&uilel=3&hl=en&service=youtube
216.58.207.237302 Found 396 B URL HTTP/2 accounts.google.com/ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&uilel=3&hl=en&service=youtube
IP 216.58.207.237:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (384)
Hash 0a4c29861de7179aedd35bc3a02e23a9
0073b391ee2e7c99957f6a7b1f3b6d9a17dab62f
86115f28b753f09f851ae7389487525f121bc978782e35b6e3f06dc07d7b9184
GET /ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&uilel=3&hl=en&service=youtube HTTP/1.1
Host: accounts.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
content-type: text/html; charset=UTF-8
x-frame-options: DENY
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Fri, 02 Dec 2022 07:31:16 GMT
location: https://accounts.google.com/v3/signin/identifier?dsh=S-519900666%3A1669966276418027&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&hl=en&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&ifkv=ARgdvAtZW4jIhUMtAqadxHqksYTPw61W47GC3zZYjB5zgv4aP-ZGHU2yRUsamaBDm8daXReljvDjrw
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-opener-policy-report-only: same-origin; report-to="coop_gse_qebhlk"
content-security-policy: script-src 'nonce-d3Cp-SZZBugw5ranpYc8nA' 'unsafe-inline' 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /cspreport, require-trusted-types-for 'script';report-uri /cspreport
report-to: {"group":"coop_gse_qebhlk","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gse_qebhlk"}]}
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 396
server: GSE
set-cookie: __Host-GAPS=1:clPPzK9eRehnTZOtTyvuoTK5EHSaSQ:6x0xAf_-DFqGKADH;Path=/;Expires=Sun, 01-Dec-2024 07:31:16 GMT;Secure;HttpOnly;Priority=HIGH
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
gedspecificano.com/utx?cb=JXKjEJHE8PNR&top=xfantazy.com&tid=962014
143.204.55.16204 No Content 0 B URL HTTP/2 gedspecificano.com/utx?cb=JXKjEJHE8PNR&top=xfantazy.com&tid=962014
IP 143.204.55.16:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /utx?cb=JXKjEJHE8PNR&top=xfantazy.com&tid=962014 HTTP/1.1
Host: gedspecificano.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://xfantazy.com
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 204 No Content
date: Fri, 02 Dec 2022 07:31:16 GMT
server: openresty/1.17.8.2
access-control-allow-credentials: true
access-control-allow-origin: https://xfantazy.com
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
set-cookie: ut=x; Expires=Fri, 02 Dec 2022 07:32:16 GMT; Max-Age=60
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
x-cache: Miss from cloudfront
via: 1.1 410f51195842d9b592b15d6588c36654.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: Rp_9UbarhEp1axyWDFTtBvcGTkI4aAZmuhwT6rp7j1UMQ5_9jOVAcQ==
X-Firefox-Spdy: h2
mc.yandex.ru/watch/49415098?page-url=https%3A%2F%2Fxfantazy.com%2Fvideo%2F5fa9094a0c205613746667b6&charset=utf-8&hittoken=1669966275_3df8f2435556764cb0d93b21397778d7a8c33b4d4121671a457a2b70fccf4a64&browser-info=pv%3A1%3Aar%3A1%3Avf%3A2b7w95bdqfdb0kzrg7tcl8%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A933%3Acn%3A1%3Adp%3A0%3Als%3A759258217807%3Ahid%3A719502973%3Az%3A0%3Ai%3A20221202073114%3Aet%3A1669966274%3Ac%3A1%3Arn%3A493254474%3Arqn%3A8%3Au%3A1669966273884293464%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Aco%3A0%3Ans%3A1669966270844%3Aadb%3A2%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1669966274%3At%3APutalocura.com-%20Qie%20Ana%20Spears%20-%20Spanish%20Glory%20Hole%20-%20XFantazy.com&t=gdpr(14)mc(p-7-h-1)clc(0-0-0)rqnt(8)aw(1)fip(1)ti(2)
93.158.134.119302 Found 0 B URL HTTP/2 mc.yandex.ru/watch/49415098?page-url=https%3A%2F%2Fxfantazy.com%2Fvideo%2F5fa9094a0c205613746667b6&charset=utf-8&hittoken=1669966275_3df8f2435556764cb0d93b21397778d7a8c33b4d4121671a457a2b70fccf4a64&browser-info=pv%3A1%3Aar%3A1%3Avf%3A2b7w95bdqfdb0kzrg7tcl8%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A933%3Acn%3A1%3Adp%3A0%3Als%3A759258217807%3Ahid%3A719502973%3Az%3A0%3Ai%3A20221202073114%3Aet%3A1669966274%3Ac%3A1%3Arn%3A493254474%3Arqn%3A8%3Au%3A1669966273884293464%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Aco%3A0%3Ans%3A1669966270844%3Aadb%3A2%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1669966274%3At%3APutalocura.com-%20Qie%20Ana%20Spears%20-%20Spanish%20Glory%20Hole%20-%20XFantazy.com&t=gdpr(14)mc(p-7-h-1)clc(0-0-0)rqnt(8)aw(1)fip(1)ti(2)
IP 93.158.134.119:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /watch/49415098?page-url=https%3A%2F%2Fxfantazy.com%2Fvideo%2F5fa9094a0c205613746667b6&charset=utf-8&hittoken=1669966275_3df8f2435556764cb0d93b21397778d7a8c33b4d4121671a457a2b70fccf4a64&browser-info=pv%3A1%3Aar%3A1%3Avf%3A2b7w95bdqfdb0kzrg7tcl8%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A933%3Acn%3A1%3Adp%3A0%3Als%3A759258217807%3Ahid%3A719502973%3Az%3A0%3Ai%3A20221202073114%3Aet%3A1669966274%3Ac%3A1%3Arn%3A493254474%3Arqn%3A8%3Au%3A1669966273884293464%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Aco%3A0%3Ans%3A1669966270844%3Aadb%3A2%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1669966274%3At%3APutalocura.com-%20Qie%20Ana%20Spears%20-%20Spanish%20Glory%20Hole%20-%20XFantazy.com&t=gdpr(14)mc(p-7-h-1)clc(0-0-0)rqnt(8)aw(1)fip(1)ti(2) HTTP/1.1
Host: mc.yandex.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://xfantazy.com
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 302 Found
location: /watch/49415098/1?page-url=https%3A%2F%2Fxfantazy.com%2Fvideo%2F5fa9094a0c205613746667b6&charset=utf-8&hittoken=1669966275_3df8f2435556764cb0d93b21397778d7a8c33b4d4121671a457a2b70fccf4a64&browser-info=pv%3A1%3Aar%3A1%3Avf%3A2b7w95bdqfdb0kzrg7tcl8%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A933%3Acn%3A1%3Adp%3A0%3Als%3A759258217807%3Ahid%3A719502973%3Az%3A0%3Ai%3A20221202073114%3Aet%3A1669966274%3Ac%3A1%3Arn%3A493254474%3Arqn%3A8%3Au%3A1669966273884293464%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Aco%3A0%3Ans%3A1669966270844%3Aadb%3A2%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1669966274%3At%3APutalocura.com-%20Qie%20Ana%20Spears%20-%20Spanish%20Glory%20Hole%20-%20XFantazy.com&t=gdpr%2814%29mc%28p-7-h-1%29clc%280-0-0%29rqnt%288%29aw%281%29fip%281%29ti%282%29
date: Fri, 02 Dec 2022 07:31:15 GMT
access-control-allow-origin: https://xfantazy.com
set-cookie: yabs-sid=1629744751669966275; Path=/; SameSite=None; Secure
i=1L4eXC1PH1IUBLs6tVS+O8iI41N1UCLjuMzlXJ7zKBY/npjSnq7CF/N6ygmbrKc7XYrhYDpwke8boSHXfGBOtJUtK44=; Expires=Mon, 29-Nov-2032 07:31:12 GMT; Domain=.yandex.ru; Path=/; Secure; HttpOnly; SameSite=None
yandexuid=7845154731669966275; Expires=Sat, 02-Dec-2023 07:31:15 GMT; Domain=.yandex.ru; Path=/; SameSite=None; Secure
yuidss=7845154731669966275; Expires=Sat, 02-Dec-2023 07:31:15 GMT; Domain=.yandex.ru; Path=/; SameSite=None; Secure
ymex=1701502275.yc.1669966275#1701502275.yrts.1669966275#1701502275.yrtsi.1669966275; Expires=Sat, 02-Dec-2023 07:31:15 GMT; Domain=.yandex.ru; Path=/; SameSite=None; Secure
access-control-allow-credentials: true
pragma: no-cache
x-xss-protection: 1; mode=block
expires: Fri, 02-Dec-2022 07:31:15 GMT
last-modified: Fri, 02-Dec-2022 07:31:15 GMT
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
e1.o.lencr.org/
23.36.76.226200 OK 345 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 1e667a2ef09b074335a72154b467b817
23bbe0ae105e2f7c68da2dc8b9f97aa2615a6f95
228f93b50ce9a919708078d7be6bee880bb4ba71acff797fda87421ec4f0b60f
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "228F93B50CE9A919708078D7BE6BEE880BB4BA71ACFF797FDA87421EC4F0B60F"
Last-Modified: Thu, 01 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3925
Expires: Fri, 02 Dec 2022 08:36:41 GMT
Date: Fri, 02 Dec 2022 07:31:16 GMT
Connection: keep-alive
pogothere.xyz/asd100.bin
172.64.172.27200 OK 103 kB IP 172.64.172.27:0
Size 103 kB (102872 bytes)
Hash 036b1f62ce62f5c641e7f6e4b7372220
26edc4fdc71dded5aa2df721bd0c4fa405e6ae46
00fb1321a8e3d60fd94112b26afc319a085aaca00c5b759c67f0a413578c0571
GET /asd100.bin HTTP/1.1
Host: pogothere.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://xfantazy.com/
Origin: https://xfantazy.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Fri, 02 Dec 2022 07:31:16 GMT
content-type: binary/octet-stream
access-control-allow-origin: https://xfantazy.com
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-headers: X-Requested-With, content-type
cache-control: max-age=14400
cf-cache-status: HIT
age: 7006
last-modified: Fri, 02 Dec 2022 05:34:30 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=cQ1FRkADM%2FvA4VGqcyJPVNPq52%2BzJd2aryUv7xlqV6fwQ15AkoGL5Ygxb5AtNhrQ2fLbe4LvId6wRu%2FeCm31T80vqrR2e%2Fwv7Y6TZmedhk48P7qz8Sq1z3LNN71wHXey"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 77325cab799f757a-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 506 B IP 93.184.220.29:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash 35afc4b2636e23b20d015b836d4a7eb5
5becd1a21ad26d22641c74c680f4575e3ca87b72
75014d311c27eb92add0e4cbe92dc702c916ec9bb42d7984cdab1513cc9078bb
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5975
Cache-Control: max-age=150693
Content-Type: application/ocsp-response
Date: Fri, 02 Dec 2022 07:31:16 GMT
Etag: "63893c12-1d7"
Expires: Sun, 04 Dec 2022 01:22:49 GMT
Last-Modified: Thu, 01 Dec 2022 23:43:14 GMT
Server: ECS (ska/F713)
X-Cache: HIT
Content-Length: 471
www.facebook.com/login.php?next=https%3A%2F%2Fwww.facebook.com%2Ffavicon.ico%3F_rdr%3Dp
31.13.72.36200 OK 10 kB URL HTTP/2 www.facebook.com/login.php?next=https%3A%2F%2Fwww.facebook.com%2Ffavicon.ico%3F_rdr%3Dp
IP 31.13.72.36:0
Hash 1b9c3f9e5b0437e89532e12cd3c32454
88070afbadcc185bf8d640d5f1b70d6253dde793
8f06ee126ff0842e03bea3cddd0488ee865d2bcb5a75aa85ad9beadcb0bbfb6f
GET /login.php?next=https%3A%2F%2Fwww.facebook.com%2Ffavicon.ico%3F_rdr%3Dp HTTP/1.1
Host: www.facebook.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-encoding: br
pragma: no-cache
cache-control: private, no-cache, no-store, must-revalidate
expires: Sat, 01 Jan 2000 00:00:00 GMT
content-security-policy-report-only: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* wss://*.fbcdn.net attachment.fbsbx.com blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ *.fbsbx.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster: *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: *.fbcdn.net;worker-src blob: *.facebook.com data:;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
content-security-policy: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* wss://*.fbcdn.net attachment.fbsbx.com blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ *.fbsbx.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster: *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: *.fbcdn.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
report-to: {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown"}]}
x-frame-options: DENY
x-content-type-options: nosniff
x-xss-protection: 0
cross-origin-opener-policy: same-origin-allow-popups
vary: Sec-Fetch-Site, Sec-Fetch-Mode, Accept-Encoding
strict-transport-security: max-age=15552000; preload
content-type: text/html; charset="utf-8"
x-fb-debug: kWZPH5x6XDHhBXpamfomn08jpw9Gfb5xLOklbKs3xjr6MM6oMDCriBR8JYhKESgUpMPPgul2XbA5EbPn2f5ZJA==
date: Fri, 02 Dec 2022 07:31:16 GMT
priority: u=3,i
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
static-cache.k2s.cc/thumbnail/driVvHemwvi6_zyXqw/w320h240/0.jpeg
188.72.235.184200 OK 13 kB URL HTTP/2 static-cache.k2s.cc/thumbnail/driVvHemwvi6_zyXqw/w320h240/0.jpeg
IP 188.72.235.184:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v80), quality = 80", baseline, precision 8, 320x240, components 3\012- data
Hash e300998304792992c4b38706c7781fc0
ccd447b4a96a9ed6cbd110434407f855674ba651
406ce859e0742eee082b35addbdea3cbd3f30b5fb47172db85c61c38ced08df8
GET /thumbnail/driVvHemwvi6_zyXqw/w320h240/0.jpeg HTTP/1.1
Host: static-cache.k2s.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: openresty
date: Fri, 02 Dec 2022 07:31:16 GMT
content-type: image/jpeg
content-length: 12744
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
strict-transport-security: max-age=15768000; preload
x-cache-status: HIT, HIT
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 279 B IP 93.184.220.29:0
Hash d37691429e1a25a71f8cdf06dd749bfa
7c4213e475b377bae45346f124ca7e0089eb0a9d
a1c24d98c40cff7c6c407c911e90f72dbdbccac850d43b00a78bb835b710d8ae
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6471
Cache-Control: max-age=95028
Content-Type: application/ocsp-response
Date: Fri, 02 Dec 2022 07:31:16 GMT
Etag: "638860b1-117"
Expires: Sat, 03 Dec 2022 09:55:04 GMT
Last-Modified: Thu, 01 Dec 2022 08:07:13 GMT
Server: ECS (ska/F713)
X-Cache: HIT
Content-Length: 279
static-cache.k2s.cc/thumbnail/IOuQvHCvmafl-D2X9w/w320h240/0.jpeg
188.72.235.184200 OK 11 kB URL HTTP/2 static-cache.k2s.cc/thumbnail/IOuQvHCvmafl-D2X9w/w320h240/0.jpeg
IP 188.72.235.184:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v80), quality = 80", baseline, precision 8, 320x240, components 3\012- data
Hash cb2f9ea88c29ecf291084b7af70ce068
ef2de14c9618d46fac1e65097c8f0b656a621630
836d9c5a3bf3db8302355df17f8671ad11fcef10df9e2767b0ac6f87eda85f8f
GET /thumbnail/IOuQvHCvmafl-D2X9w/w320h240/0.jpeg HTTP/1.1
Host: static-cache.k2s.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: openresty
date: Fri, 02 Dec 2022 07:31:16 GMT
content-type: image/jpeg
content-length: 10642
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
strict-transport-security: max-age=15768000; preload
x-cache-status: HIT, HIT
X-Firefox-Spdy: h2
static-cache.k2s.cc/thumbnail/JOjAuHSkya3r_TXC_A/w320h240/0.jpeg
188.72.235.184200 OK 9.2 kB URL HTTP/2 static-cache.k2s.cc/thumbnail/JOjAuHSkya3r_TXC_A/w320h240/0.jpeg
IP 188.72.235.184:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v80), quality = 80", baseline, precision 8, 320x240, components 3\012- data
Hash b54574b516a15ec34f31c5b5058ef902
f0c6bc0a703b37199153eb02fb5b526b19bc7975
5d2ac0d434480408ea610b4abd979f4220de53f11e7b7f5789abf4eaeebaf3a6
GET /thumbnail/JOjAuHSkya3r_TXC_A/w320h240/0.jpeg HTTP/1.1
Host: static-cache.k2s.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: openresty
date: Fri, 02 Dec 2022 07:31:16 GMT
content-type: image/jpeg
content-length: 9188
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
strict-transport-security: max-age=15768000; preload
x-cache-status: HIT, HIT
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 279 B IP 93.184.220.29:0
Hash d37691429e1a25a71f8cdf06dd749bfa
7c4213e475b377bae45346f124ca7e0089eb0a9d
a1c24d98c40cff7c6c407c911e90f72dbdbccac850d43b00a78bb835b710d8ae
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6471
Cache-Control: max-age=95028
Content-Type: application/ocsp-response
Date: Fri, 02 Dec 2022 07:31:16 GMT
Etag: "638860b1-117"
Expires: Sat, 03 Dec 2022 09:55:04 GMT
Last-Modified: Thu, 01 Dec 2022 08:07:13 GMT
Server: ECS (ska/F713)
X-Cache: HIT
Content-Length: 279
static-cache.k2s.cc/thumbnail/J-nC63Xzy_ru-G6Q-A/w320h240/0.jpeg
188.72.235.184200 OK 11 kB URL HTTP/2 static-cache.k2s.cc/thumbnail/J-nC63Xzy_ru-G6Q-A/w320h240/0.jpeg
IP 188.72.235.184:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v80), quality = 80", baseline, precision 8, 320x240, components 3\012- data
Hash 689058afe098d7a6bdf0f2c0eff216f7
b9a92e8fd09c3500f070c79fe5299865122d2a7f
ee86497cb15754946d02faa47da3d313c887e5237a46dca27e71c2161e4296d3
GET /thumbnail/J-nC63Xzy_ru-G6Q-A/w320h240/0.jpeg HTTP/1.1
Host: static-cache.k2s.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: openresty
date: Fri, 02 Dec 2022 07:31:16 GMT
content-type: image/jpeg
content-length: 10997
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
strict-transport-security: max-age=15768000; preload
x-cache-status: HIT, HIT
X-Firefox-Spdy: h2
static-cache.k2s.cc/thumbnail/J-ub6ST3mavp8GjFqw/w320h240/0.jpeg
188.72.235.184200 OK 10 kB URL HTTP/2 static-cache.k2s.cc/thumbnail/J-ub6ST3mavp8GjFqw/w320h240/0.jpeg
IP 188.72.235.184:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v80), quality = 80", baseline, precision 8, 320x240, components 3\012- data
Hash 56211b1e0e3c51af2a2369fedf1ea04c
f58050774919c10ce1c2f76bff4482cc5452a4e7
d53638e629836f20525489012e10d7dfc4eb1870be245141e77b55245de003ab
GET /thumbnail/J-ub6ST3mavp8GjFqw/w320h240/0.jpeg HTTP/1.1
Host: static-cache.k2s.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: openresty
date: Fri, 02 Dec 2022 07:31:16 GMT
content-type: image/jpeg
content-length: 10009
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
strict-transport-security: max-age=15768000; preload
x-cache-status: HIT, HIT
X-Firefox-Spdy: h2
xfantazy.com/_next/static/runtime/webpack-f4d22593ad73f080a168.js
172.64.162.22200 OK 16 kB URL HTTP/2 xfantazy.com/_next/static/runtime/webpack-f4d22593ad73f080a168.js
IP 172.64.162.22:0
File type ASCII text, with very long lines (12210), with no line terminators
Hash 93da17494d7bfb05af60d289946bbcb5
09fbd4886914e951149551dbe423364d59ea3cb7
7e9e61fefc8c7a9b182226cb7c6f66aa3ed5c2b75efc799d65df3143d760ccdc
GET /_next/static/runtime/webpack-f4d22593ad73f080a168.js HTTP/1.1
Host: xfantazy.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/video/5fa9094a0c205613746667b6
Cookie: visitorId=b42rsi6fzq7hn6h9fdrixc; experiment-popup-payment-7=0; experiment-save-to-button-2=0
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Fri, 02 Dec 2022 07:31:13 GMT
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=31536000, immutable
cf-bgj: minify
etag: W/"2fb2-18350162900"
last-modified: Sun, 18 Sep 2022 10:12:53 GMT
vary: Origin, Accept-Encoding
cf-cache-status: HIT
age: 4769840
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=7duLhjS5irrF%2BGr2ByImZifg0FveNkdwwScJHNBqQA2kmJMzfBaudgozA%2FvQR9SlT0Z4hWuB%2FjAOUk3SqsRAWckIHdTSGQnJyCWiysjwzo9FAQo6rpLFNKADbIn2EhY%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 77325c99ae3171c6-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
static-cache.k2s.cc/thumbnail/JeWS7nWly669_jmeqQ/w320h240/0.jpeg
188.72.235.184200 OK 11 kB URL HTTP/2 static-cache.k2s.cc/thumbnail/JeWS7nWly669_jmeqQ/w320h240/0.jpeg
IP 188.72.235.184:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v80), quality = 80", baseline, precision 8, 320x240, components 3\012- data
Hash f751a371cadf0c75ced57ef991f7e7e6
4c3e203b40178225e35d140dda8125bd9a9362c9
143bb4c20a8536b27797d33921c12861814a15148e055cf7943bce54f33c6571
GET /thumbnail/JeWS7nWly669_jmeqQ/w320h240/0.jpeg HTTP/1.1
Host: static-cache.k2s.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: openresty
date: Fri, 02 Dec 2022 07:31:16 GMT
content-type: image/jpeg
content-length: 10601
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
access-control-allow-origin: *
x-cache-status: HIT
X-Firefox-Spdy: h2
static-cache.k2s.cc/thumbnail/d76RvXbzwqvr_TjFqg/w320h240/0.jpeg
188.72.235.184200 OK 9.5 kB URL HTTP/2 static-cache.k2s.cc/thumbnail/d76RvXbzwqvr_TjFqg/w320h240/0.jpeg
IP 188.72.235.184:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v80), quality = 80", baseline, precision 8, 320x240, components 3\012- data
Hash 15d057514e19ba149e94da419149cbda
35707dd1d8e5faef75ff464aebde57018f856ec0
f35d1955db77d465c00e3cc786902f49a7640a7d537f911621b4a9b99864ca11
GET /thumbnail/d76RvXbzwqvr_TjFqg/w320h240/0.jpeg HTTP/1.1
Host: static-cache.k2s.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: openresty
date: Fri, 02 Dec 2022 07:31:16 GMT
content-type: image/jpeg
content-length: 9503
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
access-control-allow-origin: *
strict-transport-security: max-age=15768000; preload
x-cache-status: HIT
X-Firefox-Spdy: h2
static-cache.k2s.cc/thumbnail/IOvHuSWgzK6_rmjB9g/w320h240/0.jpeg
188.72.235.184200 OK 10 kB URL HTTP/2 static-cache.k2s.cc/thumbnail/IOvHuSWgzK6_rmjB9g/w320h240/0.jpeg
IP 188.72.235.184:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v80), quality = 80", baseline, precision 8, 320x240, components 3\012- data
Hash 8d710f30fc08bf2d3219f673e6d7c613
e58a9022a110e2c9d20bfa121ebbbcdd58aab400
c205fc29bc09e40dc52fb986a8e4ed8f5798d6c849542118ce6d41bf7d64e929
GET /thumbnail/IOvHuSWgzK6_rmjB9g/w320h240/0.jpeg HTTP/1.1
Host: static-cache.k2s.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: openresty
date: Fri, 02 Dec 2022 07:31:16 GMT
content-type: image/jpeg
content-length: 10116
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
access-control-allow-origin: *
strict-transport-security: max-age=15768000; preload
x-cache-status: HIT
X-Firefox-Spdy: h2
a.naturalhealthsource.club/api/spots/289411?host=xfantazy.com&ev=197&wh=939&ww=1280&uuid=
135.181.208.216200 OK 0 B URL HTTP/2 a.naturalhealthsource.club/api/spots/289411?host=xfantazy.com&ev=197&wh=939&ww=1280&uuid=
IP 135.181.208.216:0
ASN #24940 Hetzner Online GmbH
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /api/spots/289411?host=xfantazy.com&ev=197&wh=939&ww=1280&uuid= HTTP/1.1
Host: a.naturalhealthsource.club
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Cookie: nauid=cl9G5jxZ35l3GnY68oiI
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 02 Dec 2022 07:31:16 GMT
content-length: 0
cache-control: private
X-Firefox-Spdy: h2
a.naturalhealthsource.club/api/spots/380873?host=xfantazy.com&ev=197&wh=939&ww=1280&uuid=
135.181.208.216200 OK 0 B URL HTTP/2 a.naturalhealthsource.club/api/spots/380873?host=xfantazy.com&ev=197&wh=939&ww=1280&uuid=
IP 135.181.208.216:0
ASN #24940 Hetzner Online GmbH
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /api/spots/380873?host=xfantazy.com&ev=197&wh=939&ww=1280&uuid= HTTP/1.1
Host: a.naturalhealthsource.club
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Cookie: nauid=cl9G5jxZ35l3GnY68oiI
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 02 Dec 2022 07:31:16 GMT
content-length: 0
cache-control: private
X-Firefox-Spdy: h2
a.naturalhealthsource.club/api/spots/391860?host=xfantazy.com&ev=197&wh=939&ww=1280&uuid=
135.181.208.216200 OK 0 B URL HTTP/2 a.naturalhealthsource.club/api/spots/391860?host=xfantazy.com&ev=197&wh=939&ww=1280&uuid=
IP 135.181.208.216:0
ASN #24940 Hetzner Online GmbH
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /api/spots/391860?host=xfantazy.com&ev=197&wh=939&ww=1280&uuid= HTTP/1.1
Host: a.naturalhealthsource.club
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Cookie: nauid=cl9G5jxZ35l3GnY68oiI
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 02 Dec 2022 07:31:16 GMT
content-length: 0
cache-control: private
X-Firefox-Spdy: h2
a.naturalhealthsource.club/api/spots/406858?host=xfantazy.com&ev=197&wh=939&ww=1280&uuid=
135.181.208.216200 OK 0 B URL HTTP/2 a.naturalhealthsource.club/api/spots/406858?host=xfantazy.com&ev=197&wh=939&ww=1280&uuid=
IP 135.181.208.216:0
ASN #24940 Hetzner Online GmbH
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /api/spots/406858?host=xfantazy.com&ev=197&wh=939&ww=1280&uuid= HTTP/1.1
Host: a.naturalhealthsource.club
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Cookie: nauid=cl9G5jxZ35l3GnY68oiI
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 02 Dec 2022 07:31:16 GMT
content-length: 0
cache-control: private
X-Firefox-Spdy: h2
cdn.barscreative1.com/sb/au/b6/cf/48/b6cf48ca3e8ab4bdbcfaa2279b0fb2bc/1613726822.html
45.133.44.3200 OK 815 B URL HTTP/2 cdn.barscreative1.com/sb/au/b6/cf/48/b6cf48ca3e8ab4bdbcfaa2279b0fb2bc/1613726822.html
IP 45.133.44.3:0
ASN #39572 DataWeb Global Group B.V.
Hash 752a46eb0038cb5eb3a984ba1fce32d7
f71eea200d9ecb9c23ff8c1c207ced96e165421e
d947caa4b41cb1f7b8865cbea57930ffe4915a6cf75727edabd1ef237acdf01f
Analyzer Verdict Alert fortinet Phishing
GET /sb/au/b6/cf/48/b6cf48ca3e8ab4bdbcfaa2279b0fb2bc/1613726822.html HTTP/1.1
Host: cdn.barscreative1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://xfantazy.com
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Fri, 02 Dec 2022 07:31:16 GMT
content-type: text/html; charset=utf-8
server: nginx/1.17.6
last-modified: Fri, 19 Feb 2021 09:27:09 GMT
etag: W/"602f846d-4fa"
cache-control: max-age=3600
access-control-allow-origin: *
access-control-expose-headers: Date
content-encoding: gzip
expires: Fri, 02 Dec 2022 08:31:16 GMT
x-proxy-cache: HIT
X-Firefox-Spdy: h2
e1.o.lencr.org/
23.36.76.226200 OK 345 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 7007a042a79310c8938c279ae7eec8e5
8b72d7da27205ce31ff5497ba5428808a498dd7e
8188a5b1208fea4f2bdb97e404aefeb04a89ad62bc16ba2512e3a660b68b67af
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "8188A5B1208FEA4F2BDB97E404AEFEB04A89AD62BC16BA2512E3A660B68B67AF"
Last-Modified: Thu, 01 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2273
Expires: Fri, 02 Dec 2022 08:09:09 GMT
Date: Fri, 02 Dec 2022 07:31:16 GMT
Connection: keep-alive
organexpectationsmaintain.com/ren.gif?sid=H4sIAAAAAAAC%2F1RSz2skRRuu3s0HHy6KihcP6uDFFWTSPT%2BSzC4SjGskGJO4u5KLl6rq6pkyNV1NVdf0JBfDLkgE0dmbx84zyYbVRdybF2Hp0YMEhG0PkoP5J8Q9y0wGRl%2Boet%2BnnvfwPO9bnx%2B6c%2BLD0bOtD%2FWeVIrON6t%2B5eq2jEOd2crG7UrgV%2F3rlW0ZLzSuV%2Frjy%2FSuBX6z6r9ZeV%2FwHT1f8wPfD%2FygsiqNiHR%2FfsJCJg9bQbXlVxu1atBsoG%2F%2Bi63zYKmHsHdOXoQMy%2F91fn0EyQvE3R9uCLuT6uSt97pO0VQb9MKTj%2BOdWGcxurMyMh6i%2BGTaDW1LQr65BB2fTB1A947GDsBkSbw%2FArD4ZCoTrHd8oZQpiBgsvIKsV0CoApIW4PouZPiEADzExibi7v0NbTK6e8HSMVuSuad%2FQWYlmfvzJcTd71eU7FduaeVSqWOLfpRD9gvIdoHEjZDueZDZCDy9Axn%2BRuafriPuHm1apSHDfOJeygIyKqDEANR6cOMjPbjIg0s8dMOzCm22It9fjFhUry81OOf1OufNpYWwGdYbS5EPx8fyBkiTAbgagJt9JGYfO%2FJeScidIxj3GLaTw4YebFoS76N99MIcmSDILEFGCTJJkKUEWS8%2FDpWt2fx%2BqKxjwTTXprmeD3XaPqTHOm2LmBwm5%2BSF8XC8Zz97AzvirFILIlFvNf2oEdSEX1vg9XoUsAUuxEJQF4zCyhzSXpr43ZMlebV5BYksyf%2BXH4PREawagcvnQd0roNlwseaDdoaNJR978Y8xTZ2hqiOoSjtWO8NFlSvHEOocSTqHdNc7VOfk5cnCrr39HAQ%2FXf6l%2BPqTq3%2BPwE2OxOT4VP5M0FYHw5s6I0c3dWbJo80klV25R8fLvJXSVFz%2B9gOxm2kTrt2wgwfv8DExLh%2FeFjZdp3Eo47Yl363IMBRmVRsuyE9rdluwLWc7K87ELlnfend1rZsYYa3UcQEqn9gvwWVJnjn4avJNX3s9gTQFjMvRdadkGpC6AE%2F2YZOZeqsJjJr1sMRD5vKhqbHZo5IESswwZTnsvzCb1Yf2AG3jgaZ3EXdz9EyOnspB1QDWXR6miTld%2Fr0%2BCTDlDZky3hFTRt27GK2VZxXRjPxI%2BDXBohaLFqkftqJGi9FWIBZZkwZIbcm%2FeDD6BwAA%2F%2F8BAAD%2F%2F%2FqpM0h%2BBAAA
192.243.61.225200 OK 7 B URL HTTP/1.1 organexpectationsmaintain.com/ren.gif?sid=H4sIAAAAAAAC%2F1RSz2skRRuu3s0HHy6KihcP6uDFFWTSPT%2BSzC4SjGskGJO4u5KLl6rq6pkyNV1NVdf0JBfDLkgE0dmbx84zyYbVRdybF2Hp0YMEhG0PkoP5J8Q9y0wGRl%2Boet%2BnnvfwPO9bnx%2B6c%2BLD0bOtD%2FWeVIrON6t%2B5eq2jEOd2crG7UrgV%2F3rlW0ZLzSuV%2Frjy%2FSuBX6z6r9ZeV%2FwHT1f8wPfD%2FygsiqNiHR%2FfsJCJg9bQbXlVxu1atBsoG%2F%2Bi63zYKmHsHdOXoQMy%2F91fn0EyQvE3R9uCLuT6uSt97pO0VQb9MKTj%2BOdWGcxurMyMh6i%2BGTaDW1LQr65BB2fTB1A947GDsBkSbw%2FArD4ZCoTrHd8oZQpiBgsvIKsV0CoApIW4PouZPiEADzExibi7v0NbTK6e8HSMVuSuad%2FQWYlmfvzJcTd71eU7FduaeVSqWOLfpRD9gvIdoHEjZDueZDZCDy9Axn%2BRuafriPuHm1apSHDfOJeygIyKqDEANR6cOMjPbjIg0s8dMOzCm22It9fjFhUry81OOf1OufNpYWwGdYbS5EPx8fyBkiTAbgagJt9JGYfO%2FJeScidIxj3GLaTw4YebFoS76N99MIcmSDILEFGCTJJkKUEWS8%2FDpWt2fx%2BqKxjwTTXprmeD3XaPqTHOm2LmBwm5%2BSF8XC8Zz97AzvirFILIlFvNf2oEdSEX1vg9XoUsAUuxEJQF4zCyhzSXpr43ZMlebV5BYksyf%2BXH4PREawagcvnQd0roNlwseaDdoaNJR978Y8xTZ2hqiOoSjtWO8NFlSvHEOocSTqHdNc7VOfk5cnCrr39HAQ%2FXf6l%2BPqTq3%2BPwE2OxOT4VP5M0FYHw5s6I0c3dWbJo80klV25R8fLvJXSVFz%2B9gOxm2kTrt2wgwfv8DExLh%2FeFjZdp3Eo47Yl363IMBRmVRsuyE9rdluwLWc7K87ELlnfend1rZsYYa3UcQEqn9gvwWVJnjn4avJNX3s9gTQFjMvRdadkGpC6AE%2F2YZOZeqsJjJr1sMRD5vKhqbHZo5IESswwZTnsvzCb1Yf2AG3jgaZ3EXdz9EyOnspB1QDWXR6miTld%2Fr0%2BCTDlDZky3hFTRt27GK2VZxXRjPxI%2BDXBohaLFqkftqJGi9FWIBZZkwZIbcm%2FeDD6BwAA%2F%2F8BAAD%2F%2F%2FqpM0h%2BBAAA
IP 192.243.61.225:0
ASN #39572 DataWeb Global Group B.V.
File type ASCII text, with no line terminators
Hash 132d6af1b46048b45cf86cdee7991d31
eb7007d03d59b65bc6da7e098c4d38fc6dfb6285
ab852e838deccd742a03ca81d4a8d75cf1a00b327db3eaf46bd7da6b6db9384c
Analyzer Verdict Alert quad9 Sinkholed
GET /ren.gif?sid=H4sIAAAAAAAC%2F1RSz2skRRuu3s0HHy6KihcP6uDFFWTSPT%2BSzC4SjGskGJO4u5KLl6rq6pkyNV1NVdf0JBfDLkgE0dmbx84zyYbVRdybF2Hp0YMEhG0PkoP5J8Q9y0wGRl%2Boet%2BnnvfwPO9bnx%2B6c%2BLD0bOtD%2FWeVIrON6t%2B5eq2jEOd2crG7UrgV%2F3rlW0ZLzSuV%2Frjy%2FSuBX6z6r9ZeV%2FwHT1f8wPfD%2FygsiqNiHR%2FfsJCJg9bQbXlVxu1atBsoG%2F%2Bi63zYKmHsHdOXoQMy%2F91fn0EyQvE3R9uCLuT6uSt97pO0VQb9MKTj%2BOdWGcxurMyMh6i%2BGTaDW1LQr65BB2fTB1A947GDsBkSbw%2FArD4ZCoTrHd8oZQpiBgsvIKsV0CoApIW4PouZPiEADzExibi7v0NbTK6e8HSMVuSuad%2FQWYlmfvzJcTd71eU7FduaeVSqWOLfpRD9gvIdoHEjZDueZDZCDy9Axn%2BRuafriPuHm1apSHDfOJeygIyKqDEANR6cOMjPbjIg0s8dMOzCm22It9fjFhUry81OOf1OufNpYWwGdYbS5EPx8fyBkiTAbgagJt9JGYfO%2FJeScidIxj3GLaTw4YebFoS76N99MIcmSDILEFGCTJJkKUEWS8%2FDpWt2fx%2BqKxjwTTXprmeD3XaPqTHOm2LmBwm5%2BSF8XC8Zz97AzvirFILIlFvNf2oEdSEX1vg9XoUsAUuxEJQF4zCyhzSXpr43ZMlebV5BYksyf%2BXH4PREawagcvnQd0roNlwseaDdoaNJR978Y8xTZ2hqiOoSjtWO8NFlSvHEOocSTqHdNc7VOfk5cnCrr39HAQ%2FXf6l%2BPqTq3%2BPwE2OxOT4VP5M0FYHw5s6I0c3dWbJo80klV25R8fLvJXSVFz%2B9gOxm2kTrt2wgwfv8DExLh%2FeFjZdp3Eo47Yl363IMBRmVRsuyE9rdluwLWc7K87ELlnfend1rZsYYa3UcQEqn9gvwWVJnjn4avJNX3s9gTQFjMvRdadkGpC6AE%2F2YZOZeqsJjJr1sMRD5vKhqbHZo5IESswwZTnsvzCb1Yf2AG3jgaZ3EXdz9EyOnspB1QDWXR6miTld%2Fr0%2BCTDlDZky3hFTRt27GK2VZxXRjPxI%2BDXBohaLFqkftqJGi9FWIBZZkwZIbcm%2FeDD6BwAA%2F%2F8BAAD%2F%2F%2FqpM0h%2BBAAA HTTP/1.1
Host: organexpectationsmaintain.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Cookie: u_pl=17661735; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.22.0
Date: Fri, 02 Dec 2022 07:31:16 GMT
Content-Type: image/gif
Content-Length: 7
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 221a3d3cede1528ca25797f46ffbd086
Strict-Transport-Security: max-age=0; includeSubdomains
tallysaturatesnare.com/pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.barscreative1.com%2Fsb%2Fau%2Fef%2F6d%2F9c%2Fef6d9ce2996acaba379ea30acdea20ae%2F1632400430.html&l=1218&fd=98
192.243.61.227200 OK 0 B URL HTTP/1.1 tallysaturatesnare.com/pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.barscreative1.com%2Fsb%2Fau%2Fef%2F6d%2F9c%2Fef6d9ce2996acaba379ea30acdea20ae%2F1632400430.html&l=1218&fd=98
IP 192.243.61.227:0
ASN #39572 DataWeb Global Group B.V.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.barscreative1.com%2Fsb%2Fau%2Fef%2F6d%2F9c%2Fef6d9ce2996acaba379ea30acdea20ae%2F1632400430.html&l=1218&fd=98 HTTP/1.1
Host: tallysaturatesnare.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Cookie: u_pl=15600826; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.22.0
Date: Fri, 02 Dec 2022 07:31:16 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
tallysaturatesnare.com/pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.barscreative1.com%2Fsb%2Fau%2Fb6%2Fcf%2F48%2Fb6cf48ca3e8ab4bdbcfaa2279b0fb2bc%2F1613726822.html&l=1274&fd=52
192.243.61.227200 OK 0 B URL HTTP/1.1 tallysaturatesnare.com/pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.barscreative1.com%2Fsb%2Fau%2Fb6%2Fcf%2F48%2Fb6cf48ca3e8ab4bdbcfaa2279b0fb2bc%2F1613726822.html&l=1274&fd=52
IP 192.243.61.227:0
ASN #39572 DataWeb Global Group B.V.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.barscreative1.com%2Fsb%2Fau%2Fb6%2Fcf%2F48%2Fb6cf48ca3e8ab4bdbcfaa2279b0fb2bc%2F1613726822.html&l=1274&fd=52 HTTP/1.1
Host: tallysaturatesnare.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Cookie: u_pl=15600826; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.22.0
Date: Fri, 02 Dec 2022 07:31:16 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
gedspecificano.com/floater?cs=b3JlTW9fRVZ7WVZLV3pbXUBSdFk&abt=0&red=1&sm=83&k=putalocura%20spanish%20hole%20xfantazy%20lefa%20pero%20como%20semen%20esta%20para%20guardarla%20glory%20spears&v=0.8.13.0&sts=0&prn=1&emb=0&tid=971975&rxy=1280_1024&fs=1&t=600&m=1&ns=1&ndp=1&asi=1&ref=https%3A%2F%2Fxfantazy.com%2Fvideo%2F5fa9094a0c205613746667b6&jst=4&enr=0&lcua=mozilla%2F5.0%20(windows%20nt%2010.0%3B%20win64%3B%20x64%3B%20rv%3A105.0)%20gecko%2F20100101%20firefox%2F105.0&tzd=0&uloc=&if=0&aa=td3_oi3_&_NJfF=1669966274860&crc=1
143.204.55.16200 OK 2.8 kB URL HTTP/2 gedspecificano.com/floater?cs=b3JlTW9fRVZ7WVZLV3pbXUBSdFk&abt=0&red=1&sm=83&k=putalocura%20spanish%20hole%20xfantazy%20lefa%20pero%20como%20semen%20esta%20para%20guardarla%20glory%20spears&v=0.8.13.0&sts=0&prn=1&emb=0&tid=971975&rxy=1280_1024&fs=1&t=600&m=1&ns=1&ndp=1&asi=1&ref=https%3A%2F%2Fxfantazy.com%2Fvideo%2F5fa9094a0c205613746667b6&jst=4&enr=0&lcua=mozilla%2F5.0%20(windows%20nt%2010.0%3B%20win64%3B%20x64%3B%20rv%3A105.0)%20gecko%2F20100101%20firefox%2F105.0&tzd=0&uloc=&if=0&aa=td3_oi3_&_NJfF=1669966274860&crc=1
IP 143.204.55.16:0
File type ASCII text, with very long lines (5207), with no line terminators
Hash e637bb434fc8042ea6a9af269484679e
a5f51283fa2fb7401fb6f60dee74ac124d1eb530
66e708ae416949b2cdebbe645abbbe31acec255bb0df52058bb6253498a71118
GET /floater?cs=b3JlTW9fRVZ7WVZLV3pbXUBSdFk&abt=0&red=1&sm=83&k=putalocura%20spanish%20hole%20xfantazy%20lefa%20pero%20como%20semen%20esta%20para%20guardarla%20glory%20spears&v=0.8.13.0&sts=0&prn=1&emb=0&tid=971975&rxy=1280_1024&fs=1&t=600&m=1&ns=1&ndp=1&asi=1&ref=https%3A%2F%2Fxfantazy.com%2Fvideo%2F5fa9094a0c205613746667b6&jst=4&enr=0&lcua=mozilla%2F5.0%20(windows%20nt%2010.0%3B%20win64%3B%20x64%3B%20rv%3A105.0)%20gecko%2F20100101%20firefox%2F105.0&tzd=0&uloc=&if=0&aa=td3_oi3_&_NJfF=1669966274860&crc=1 HTTP/1.1
Host: gedspecificano.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://xfantazy.com
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: text/plain
content-length: 2811
date: Fri, 02 Dec 2022 07:31:16 GMT
server: openresty/1.17.8.2
access-control-allow-credentials: true
access-control-allow-origin: https://xfantazy.com
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
set-cookie: csu=6facc731-1dcc-4d41-ad93-c5a7f09065ee
content-encoding: gzip
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
x-cache: Miss from cloudfront
via: 1.1 410f51195842d9b592b15d6588c36654.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: 0tuJsTQ7r787Y26WrZsZF4gn-v2tzIDMjnBT_nQ3sILDQdDvssKTag==
X-Firefox-Spdy: h2
cdn.creative-bars1.com/sb/ssp/utility/social-media/facebook/css/style.css
172.64.108.13200 OK 1.8 kB URL HTTP/2 cdn.creative-bars1.com/sb/ssp/utility/social-media/facebook/css/style.css
IP 172.64.108.13:0
Hash f35ad3f8d789c904248a58423d902993
d3f386223c3af9285532d384ed179a27fe66ef1c
623874b2323c5948cd0a434059f7ccd42f06dd0a31c6c8edd3361ecc726c3a23
GET /sb/ssp/utility/social-media/facebook/css/style.css HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://xfantazy.com
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 02 Dec 2022 07:31:16 GMT
content-type: text/css
last-modified: Fri, 27 Aug 2021 12:19:14 GMT
etag: W/"6128d842-18be"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 1445982
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=b%2FnjRCSc8yWCUhgIsy7GEITmS%2BQzMyhunSXQeLmehvrlHsFNwKfb2S6R9UUP5xleJ0h%2FvCK5vJ12SECcINd9hG4ddvRBbR8Nv2Uo1Zn30olP7bs3a52Y5yt74nBPgbByF3UPh80RZx0y"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 77325cae9f23004a-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
media.aso1.net/js/ifr.html
172.64.163.11200 OK 1.2 kB URL HTTP/2 media.aso1.net/js/ifr.html
IP 172.64.163.11:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash f9c964d55abb9d7e2b3242e14ee896c9
0b2ba0fc1da88251fde3d8766bcace5f0c2a063d
12ef37aab7c4dc4559fb3615a3f710df23287296d8d62d140e914d9e4a9350c8
GET /js/ifr.html HTTP/1.1
Host: media.aso1.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 02 Dec 2022 07:31:16 GMT
content-type: text/html
last-modified: Thu, 24 Nov 2022 16:06:01 GMT
etag: W/"637f9669-6ff"
expires: Mon, 28 Nov 2022 07:22:28 GMT
cache-control: max-age=259200
x-robots-tag: noindex, nofollow, noarchive, noimageindex
cf-cache-status: HIT
age: 129372
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=mF7QtpF62i8gd1YiVVjFG8kgKlw3gZVZDHoYBM8LTFTMWRDoYra0Kkn2UluLGqIUPZdH8jlgbaGpnbJvdo%2FmgWxnjsf2J39vWqRCoBjF8XFRTx73i8nNaBmIExj5Cyfc9w%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 77325cad885e75a5-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
e1.o.lencr.org/
23.36.76.226200 OK 345 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 7007a042a79310c8938c279ae7eec8e5
8b72d7da27205ce31ff5497ba5428808a498dd7e
8188a5b1208fea4f2bdb97e404aefeb04a89ad62bc16ba2512e3a660b68b67af
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "8188A5B1208FEA4F2BDB97E404AEFEB04A89AD62BC16BA2512E3A660B68B67AF"
Last-Modified: Thu, 01 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2272
Expires: Fri, 02 Dec 2022 08:09:09 GMT
Date: Fri, 02 Dec 2022 07:31:17 GMT
Connection: keep-alive
tallysaturatesnare.com/pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fssp%2Futility%2Fsocial-media%2Ffacebook%2Fcss%2Fstyle.css&l=6334&fd=128
192.243.61.227200 OK 0 B URL HTTP/1.1 tallysaturatesnare.com/pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fssp%2Futility%2Fsocial-media%2Ffacebook%2Fcss%2Fstyle.css&l=6334&fd=128
IP 192.243.61.227:0
ASN #39572 DataWeb Global Group B.V.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fssp%2Futility%2Fsocial-media%2Ffacebook%2Fcss%2Fstyle.css&l=6334&fd=128 HTTP/1.1
Host: tallysaturatesnare.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Cookie: u_pl=15600826; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.22.0
Date: Fri, 02 Dec 2022 07:31:17 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
tallysaturatesnare.com/pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fssp%2Futility%2Fsocial-media%2Ffacebook%2Fjs%2Fscript.js&l=444&fd=131
192.243.61.227200 OK 0 B URL HTTP/1.1 tallysaturatesnare.com/pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fssp%2Futility%2Fsocial-media%2Ffacebook%2Fjs%2Fscript.js&l=444&fd=131
IP 192.243.61.227:0
ASN #39572 DataWeb Global Group B.V.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fssp%2Futility%2Fsocial-media%2Ffacebook%2Fjs%2Fscript.js&l=444&fd=131 HTTP/1.1
Host: tallysaturatesnare.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Cookie: u_pl=15600826; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.22.0
Date: Fri, 02 Dec 2022 07:31:17 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
cdn.creative-bars1.com/sb/ssp/vpn/os-box/small/img/close.png
172.64.108.13200 OK 769 B URL HTTP/2 cdn.creative-bars1.com/sb/ssp/vpn/os-box/small/img/close.png
IP 172.64.108.13:0
File type PNG image data, 23 x 23, 8-bit/color RGBA, non-interlaced\012- data
Hash 13b3b0cc6ce924780c0eec0b24c40c33
53b78225158a60f9327e135be26e365eb842f0df
7907c875d2dd81230f15826dffe1faa695cfb1f385adbb4d9480058d0d0112ad
GET /sb/ssp/vpn/os-box/small/img/close.png HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Fri, 02 Dec 2022 07:31:17 GMT
content-type: image/png
content-length: 769
last-modified: Tue, 21 Sep 2021 12:06:12 GMT
etag: "6149cab4-301"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 1445942
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=3JmUxyh4LIwDkHlhga57GZyuJ4c2mBSNVvRCrsGeT5l6YUd%2Bf8knQ%2BQ%2Fx%2Bd9aVcbF9rKESvmy09jpN39b0huiF5rtqoMvP%2FmKawUvIknrXM0n0FmaS7BQJhvhqaOrbDW88GWIxZq%2FmeU"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 77325cafbfbc004a-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
a.naturalhealthsource.club/api/spots/303894?p=1&s1=%subid1%&kw=
135.181.208.216200 OK 3.5 kB URL HTTP/2 a.naturalhealthsource.club/api/spots/303894?p=1&s1=%subid1%&kw=
IP 135.181.208.216:0
ASN #24940 Hetzner Online GmbH
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- assembler source, ASCII text, with very long lines (712)
Hash c7bdbc520465932c8fa099e86d0382c7
0769545ec0eb3f845ae21f2f0219dc04a494cb37
24411797dd93217f6343b3321bc1d2a9d3fe72de80bf143c445270a6212fa548
GET /api/spots/303894?p=1&s1=%subid1%&kw= HTTP/1.1
Host: a.naturalhealthsource.club
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Cookie: nauid=cl9G5jxZ35l3GnY68oiI
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 02 Dec 2022 07:31:16 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
cache-control: private
content-encoding: gzip
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 3c0282fb1989711e4a48dce935bf7813
30bed8a42fc820e4feb64bd22ddfefe120889014
81e304f070d6b7aa4dc67c727523578cd18a665a5cfe674a3b1391f3f39fc11a
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "81E304F070D6B7AA4DC67C727523578CD18A665A5CFE674A3B1391F3F39FC11A"
Last-Modified: Thu, 01 Dec 2022 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5688
Expires: Fri, 02 Dec 2022 09:06:05 GMT
Date: Fri, 02 Dec 2022 07:31:17 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 3c0282fb1989711e4a48dce935bf7813
30bed8a42fc820e4feb64bd22ddfefe120889014
81e304f070d6b7aa4dc67c727523578cd18a665a5cfe674a3b1391f3f39fc11a
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "81E304F070D6B7AA4DC67C727523578CD18A665A5CFE674A3B1391F3F39FC11A"
Last-Modified: Thu, 01 Dec 2022 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5688
Expires: Fri, 02 Dec 2022 09:06:05 GMT
Date: Fri, 02 Dec 2022 07:31:17 GMT
Connection: keep-alive
ocsp.digicert.com/
93.184.220.29200 OK 278 B IP 93.184.220.29:0
Hash 1b65187813ca5ec5d8bbb99da260d842
8dc738fee7655f32be50db4d342e6a7e37f66a32
b6ecdd8564575b90c7fd6c8f389d32a3e80642fcb0560bd852d2e492c0ceea87
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 1996
Cache-Control: max-age=148129
Content-Type: application/ocsp-response
Date: Fri, 02 Dec 2022 07:31:17 GMT
Etag: "6389419a-116"
Expires: Sun, 04 Dec 2022 00:40:07 GMT
Last-Modified: Fri, 02 Dec 2022 00:06:50 GMT
Server: ECS (ska/F713)
X-Cache: HIT
Content-Length: 278
cdn.creative-bars1.com/sb/ssp/vpn/os-box/small/css/style.css
172.64.108.13200 OK 1.0 kB URL HTTP/2 cdn.creative-bars1.com/sb/ssp/vpn/os-box/small/css/style.css
IP 172.64.108.13:0
Hash de6c1dce35c5e01b8c4251aa1fc195c0
99957c8e9c79b2692935c3bae35066bae0d04029
eb97f9baed94ca22d574610473ee98d23bfa16a34bd9bf23e6b283ad80197287
GET /sb/ssp/vpn/os-box/small/css/style.css HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://xfantazy.com
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 02 Dec 2022 07:31:16 GMT
content-type: text/css
last-modified: Mon, 24 Jan 2022 10:19:55 GMT
etag: W/"61ee7d4b-e58"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 1445941
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Wvu4f3zziWSTs6r%2FGRlkxq9cqOhjAN5LOfoyYMPNL81YW7DDRfoHdvURvKsmpXFUBJ%2FkKaWYWnRQOnNUB3CF9jsoFz%2BuWByV%2BsRd9tst%2Fvmlt46TREl9VLhKPiLzgAPFSWJHarXSayyc"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 77325cae6f07004a-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
tallysaturatesnare.com/pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fssp%2Fvpn%2Fos-box%2Fsmall%2Fcss%2Fanimate.css&l=79249&fd=169
192.243.61.227200 OK 0 B URL HTTP/1.1 tallysaturatesnare.com/pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fssp%2Fvpn%2Fos-box%2Fsmall%2Fcss%2Fanimate.css&l=79249&fd=169
IP 192.243.61.227:0
ASN #39572 DataWeb Global Group B.V.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fssp%2Fvpn%2Fos-box%2Fsmall%2Fcss%2Fanimate.css&l=79249&fd=169 HTTP/1.1
Host: tallysaturatesnare.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Cookie: u_pl=15600826; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.22.0
Date: Fri, 02 Dec 2022 07:31:17 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
cdn.cloudimagesb.com/si/11/cf/48/11cf48d4558fb051074d81f264532bb0/1669734286.png
45.133.44.10200 OK 133 kB URL HTTP/2 cdn.cloudimagesb.com/si/11/cf/48/11cf48d4558fb051074d81f264532bb0/1669734286.png
IP 45.133.44.10:0
ASN #39572 DataWeb Global Group B.V.
File type PNG image data, 320 x 180, 8-bit/color RGBA, non-interlaced\012- data
Size 133 kB (133206 bytes)
Hash cdfb8db89366e933cc7475f5309eaea6
a310f5e5f738447abf8c43b5df2ba01d0f61d206
eeca6aa074302eecc1294fa1a44297f08adf932abd6c579541a535736a9ec0de
GET /si/11/cf/48/11cf48d4558fb051074d81f264532bb0/1669734286.png HTTP/1.1
Host: cdn.cloudimagesb.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 02 Dec 2022 07:31:17 GMT
content-type: image/png
content-length: 133206
server: nginx/1.17.6
last-modified: Tue, 29 Nov 2022 15:04:55 GMT
etag: "63861f97-20856"
expires: Sun, 04 Dec 2022 07:31:17 GMT
cache-control: max-age=172800
x-proxy-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
cdn.cloudimagesb.com/si/88/20/d7/8820d768c143122c4a8f72673febf558/1669388682.png
45.133.44.10200 OK 77 kB URL HTTP/2 cdn.cloudimagesb.com/si/88/20/d7/8820d768c143122c4a8f72673febf558/1669388682.png
IP 45.133.44.10:0
ASN #39572 DataWeb Global Group B.V.
File type PNG image data, 192 x 192, 8-bit/color RGBA, non-interlaced\012- data
Hash 26cea52015acfd8c5d5a865936fc6a31
54d4ceb358870ea19f8feff669b5d55eb2f1498c
0ad3d172d193c3d75d6df7486d1b2ffa211c553184ad29e3eaba421f01776043
GET /si/88/20/d7/8820d768c143122c4a8f72673febf558/1669388682.png HTTP/1.1
Host: cdn.cloudimagesb.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 02 Dec 2022 07:31:17 GMT
content-type: image/png
content-length: 76891
server: nginx/1.17.6
last-modified: Fri, 25 Nov 2022 15:04:51 GMT
etag: "6380d993-12c5b"
expires: Sun, 04 Dec 2022 07:31:17 GMT
cache-control: max-age=172800
x-proxy-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
tallysaturatesnare.com/pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fssp%2Fvpn%2Fos-box%2Fsmall%2Fcss%2Fstyle.css&l=3672&fd=170
192.243.61.227200 OK 0 B URL HTTP/1.1 tallysaturatesnare.com/pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fssp%2Fvpn%2Fos-box%2Fsmall%2Fcss%2Fstyle.css&l=3672&fd=170
IP 192.243.61.227:0
ASN #39572 DataWeb Global Group B.V.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fssp%2Fvpn%2Fos-box%2Fsmall%2Fcss%2Fstyle.css&l=3672&fd=170 HTTP/1.1
Host: tallysaturatesnare.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Cookie: u_pl=15600826; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.22.0
Date: Fri, 02 Dec 2022 07:31:17 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
e1.o.lencr.org/
23.36.76.226200 OK 345 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash b6fd52f6112bf3ad4083e4a9f918a2b9
e76003a2bc23b743aeac46b26b92822bba39ba6c
f9fc672ad75ebba6fb945272c29eabadfd99107edb4b5c7597d87a675d6c9ffb
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "F9FC672AD75EBBA6FB945272C29EABADFD99107EDB4B5C7597D87A675D6C9FFB"
Last-Modified: Thu, 01 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2782
Expires: Fri, 02 Dec 2022 08:17:39 GMT
Date: Fri, 02 Dec 2022 07:31:17 GMT
Connection: keep-alive
a.naturalhealthsource.club/api/spots/312873?p=1&s1=%subid1%&kw=
135.181.208.216200 OK 6.4 kB URL HTTP/2 a.naturalhealthsource.club/api/spots/312873?p=1&s1=%subid1%&kw=
IP 135.181.208.216:0
ASN #24940 Hetzner Online GmbH
Hash 85f87444c7a415e47f3d8bcd17d569c9
6dc0dfcaaecf0df85e54c16c424dff3dabb889b0
d1640a3182307e168e5459d001f61cc4e827243aec4b7c2438c7526d1ef093f7
GET /api/spots/312873?p=1&s1=%subid1%&kw= HTTP/1.1
Host: a.naturalhealthsource.club
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 02 Dec 2022 07:31:16 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
set-cookie: nauid=RpfOPil4ETNOQmk8NiCa; Path=/; Expires=Wed, 11 Nov 2037 11:11:11 GMT; Secure; SameSite=None
cache-control: private
content-encoding: gzip
X-Firefox-Spdy: h2
a.naturalhealthsource.club/api/spots/312875?p=1&s1=%subid1%&kw=
135.181.208.216200 OK 4.5 kB URL HTTP/2 a.naturalhealthsource.club/api/spots/312875?p=1&s1=%subid1%&kw=
IP 135.181.208.216:0
ASN #24940 Hetzner Online GmbH
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- assembler source, ASCII text, with very long lines (1483)
Hash c6bf6a789641f01214b461f22a89e965
77b357003d3f8bb0e37635b22a0f2ad83e33840b
cc12e6e2d6eeead54e8b14371acfdc9445f8424251953535ddd0fb5344a541a3
GET /api/spots/312875?p=1&s1=%subid1%&kw= HTTP/1.1
Host: a.naturalhealthsource.club
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 02 Dec 2022 07:31:16 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
set-cookie: nauid=gOtKOxmZTe8xocf6eF9x; Path=/; Expires=Wed, 11 Nov 2037 11:11:11 GMT; Secure; SameSite=None
cache-control: private
content-encoding: gzip
X-Firefox-Spdy: h2
syndication.realsrv.com/cimp.php?t=api&data=H4sIAAAAAAAAA3VOS2pCQRC8Si7g0L/5tOu4TcDgAcbnDC7EgPrAQB0+8zS4SxcN1dW/EhJZsaxI3kjWymvOcA5OwSRwNHx8bmGMc73Nl3o6tnq6Ha/f82VqYTrNe2j2LAUxJfMEz0SaYLmk6EOlkapJc0GOOUnh0SQoaECimi0sEDEKYbPbYvf1PgRPGsEQKNFdIg2+GFl2bXC6L/upHyjnHGtSJa/qeaJmJocUk3ftyyBq+Nc6PREoan48+xOgbComWPGrMIwgPNr1+nOegNf4E/FxQMBmi120fe1t6lKbcXGvZd+7MzWPw3Gp/RfkZX9BegEAAA==
95.211.229.247200 OK 20 B URL HTTP/1.1 syndication.realsrv.com/cimp.php?t=api&data=H4sIAAAAAAAAA3VOS2pCQRC8Si7g0L/5tOu4TcDgAcbnDC7EgPrAQB0+8zS4SxcN1dW/EhJZsaxI3kjWymvOcA5OwSRwNHx8bmGMc73Nl3o6tnq6Ha/f82VqYTrNe2j2LAUxJfMEz0SaYLmk6EOlkapJc0GOOUnh0SQoaECimi0sEDEKYbPbYvf1PgRPGsEQKNFdIg2+GFl2bXC6L/upHyjnHGtSJa/qeaJmJocUk3ftyyBq+Nc6PREoan48+xOgbComWPGrMIwgPNr1+nOegNf4E/FxQMBmi120fe1t6lKbcXGvZd+7MzWPw3Gp/RfkZX9BegEAAA==
IP 95.211.229.247:0
ASN #60781 LeaseWeb Netherlands B.V.
Hash a4745abc5e7fdb89cc6df3069f3c6e69
74789f7ddbebd5b7323f6f8174005b4bf8c1f1ed
d1111b245f685176180e6f1631e6dc49badf6672368e9ce260c71355165effdf
GET /cimp.php?t=api&data=H4sIAAAAAAAAA3VOS2pCQRC8Si7g0L/5tOu4TcDgAcbnDC7EgPrAQB0+8zS4SxcN1dW/EhJZsaxI3kjWymvOcA5OwSRwNHx8bmGMc73Nl3o6tnq6Ha/f82VqYTrNe2j2LAUxJfMEz0SaYLmk6EOlkapJc0GOOUnh0SQoaECimi0sEDEKYbPbYvf1PgRPGsEQKNFdIg2+GFl2bXC6L/upHyjnHGtSJa/qeaJmJocUk3ftyyBq+Nc6PREoan48+xOgbComWPGrMIwgPNr1+nOegNf4E/FxQMBmi120fe1t6lKbcXGvZd+7MzWPw3Gp/RfkZX9BegEAAA== HTTP/1.1
Host: syndication.realsrv.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://a.naturalhealthsource.club
Connection: keep-alive
Referer: https://a.naturalhealthsource.club/
Cookie: __uvt=a%3A1%3A%7Bi%3A0%3Bs%3A32%3A%226389a9c53767d8.71553100446927639%22%3B%7D
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 02 Dec 2022 07:31:17 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Origin: https://a.naturalhealthsource.club
Access-Control-Allow-Credentials: true
Set-Cookie: __uvt=a%3A1%3A%7Bi%3A0%3Bs%3A32%3A%226389a9c53767d8.71553100446927639%22%3B%7D; expires=Sun, 01 Dec 2024 07:31:17 GMT; path=; domain=.realsrv.com; Secure; SameSite=none
__upt=%7B%22v%22%3A1%2C%22id%22%3A%226389a9c53767d8.71553100446927639%22%2C%22pcma%22%3A%22%22%2C%22acma%22%3A%22508.0199%22%7D; expires=Sun, 01 Dec 2024 07:31:17 GMT; path=/; domain=.realsrv.com; Secure; SameSite=none
X-Robots-Tag: noindex, follow
Content-Encoding: gzip
organexpectationsmaintain.com/impr.gif?sid=H4sIAAAAAAAC%2F1RSwWskxReu3t0f%2FHBRVLx4UAcvriCT7umZZGYXWYxrJBiTuLuSi5fqquqZMjVdTVXX9CQXwy5IBNHZm8fON8mG1UXcmxdh6dGDBIQdD5KD%2BSfEPctMBkYfVL331fcO3%2FdefX7gzogPR083P9S7Uim60Kj6lStbMuE6t5X125XAr%2FrXKlsyWaxfq%2FQnl%2BldDfxG1X%2Bz8r5g23qh5ge%2BH%2FhBZUUaEev%2BwpSFTB%2B2gmrLr9Zr1aBRR9%2F8F1vnwVIPvHdGXoTk4%2F91fn0EyUok3R9uCLud6fSt97pO0Uwb9Pjxx8l2ovME3XkZGw9xcjzrhrZjQr65AJ0czxxA9w4nDhDJMfH%2BCBAlxzOZiHpH50ojBZEg4peR90oIVULSEkzfheRPCMA41jeQdO%2Bva5PTnXOWTtgxufT0L8h8TC79%2BRKS7vfLSvYrt7RymdSJRT8uIPslZLtE6kbIdj3IfASW3YHkv5GFp2tIuocbVmlIXkzdS1lCxiWUGIBaD25ypAcXe3Cphy4%2FrdBGK%2Fb9pTiKw7BZZ4yFIWON5iJv8LDejH04NpE3QJYOwNQAzOwhNXvYlvfGhNw5hHGPYTsFLPdgszHxPtpDjxfIBUFuCXJKkEuCPCPIe8URV7Zmi%2FtcWRcFs1yb5bAY6qx9QI901hYJOUjPyAuT4XjPfvYGtsVppRbEImw1%2FLge1IRfW2RhGAfRIhNiMQhFRGFlAWkvTP3uyjF5tXEZqRyT%2F19%2FjIiOYNUITD4P6l4BzYdLNR%2B0M6w3fewmPyY0c4aqjqAq61jtDBNVplwErguk2SVkO96BOiMvTxd29e3nINjJ9V%2FKrz%2B58vcIzBRITYFP5c8EbbU%2FvKlzcnhT55Y82kgz2ZW7dLLMWxnNxMVvPxA7uTZ89YYdPHiHTYhJ%2BfC2sNkaTbhM2pZ8tyw5F2ZFGybIT6t2S0SbznaWnUlcurb57spqNzXCWqmTElQ%2BsV%2BCyTF5Zv%2Br6Td97fUU0pQwrkDXnZBZQOoSLN2DTefqrSYwat4TpR5yVwxNLZo%2FKkmgxBzTqID9F47m9YHdR9t4oNldJN0CPVOgpwpQNYB1F4dZak6u%2Fx5OA5HyhpEy3mGkjLp3PlorTyuNoC6aUXOJcR4JxoOlWtgMfb%2FGeX2pJYIWMjtmXzwY%2FQMAAP%2F%2FAQAA%2F%2F%2Fuob2ufgQAAA%3D%3D
192.243.61.225200 OK 7 B URL HTTP/1.1 organexpectationsmaintain.com/impr.gif?sid=H4sIAAAAAAAC%2F1RSwWskxReu3t0f%2FHBRVLx4UAcvriCT7umZZGYXWYxrJBiTuLuSi5fqquqZMjVdTVXX9CQXwy5IBNHZm8fON8mG1UXcmxdh6dGDBIQdD5KD%2BSfEPctMBkYfVL331fcO3%2FdefX7gzogPR083P9S7Uim60Kj6lStbMuE6t5X125XAr%2FrXKlsyWaxfq%2FQnl%2BldDfxG1X%2Bz8r5g23qh5ge%2BH%2FhBZUUaEev%2BwpSFTB%2B2gmrLr9Zr1aBRR9%2F8F1vnwVIPvHdGXoTk4%2F91fn0EyUok3R9uCLud6fSt97pO0Uwb9Pjxx8l2ovME3XkZGw9xcjzrhrZjQr65AJ0czxxA9w4nDhDJMfH%2BCBAlxzOZiHpH50ojBZEg4peR90oIVULSEkzfheRPCMA41jeQdO%2Bva5PTnXOWTtgxufT0L8h8TC79%2BRKS7vfLSvYrt7RymdSJRT8uIPslZLtE6kbIdj3IfASW3YHkv5GFp2tIuocbVmlIXkzdS1lCxiWUGIBaD25ypAcXe3Cphy4%2FrdBGK%2Fb9pTiKw7BZZ4yFIWON5iJv8LDejH04NpE3QJYOwNQAzOwhNXvYlvfGhNw5hHGPYTsFLPdgszHxPtpDjxfIBUFuCXJKkEuCPCPIe8URV7Zmi%2FtcWRcFs1yb5bAY6qx9QI901hYJOUjPyAuT4XjPfvYGtsVppRbEImw1%2FLge1IRfW2RhGAfRIhNiMQhFRGFlAWkvTP3uyjF5tXEZqRyT%2F19%2FjIiOYNUITD4P6l4BzYdLNR%2B0M6w3fewmPyY0c4aqjqAq61jtDBNVplwErguk2SVkO96BOiMvTxd29e3nINjJ9V%2FKrz%2B58vcIzBRITYFP5c8EbbU%2FvKlzcnhT55Y82kgz2ZW7dLLMWxnNxMVvPxA7uTZ89YYdPHiHTYhJ%2BfC2sNkaTbhM2pZ8tyw5F2ZFGybIT6t2S0SbznaWnUlcurb57spqNzXCWqmTElQ%2BsV%2BCyTF5Zv%2Br6Td97fUU0pQwrkDXnZBZQOoSLN2DTefqrSYwat4TpR5yVwxNLZo%2FKkmgxBzTqID9F47m9YHdR9t4oNldJN0CPVOgpwpQNYB1F4dZak6u%2Fx5OA5HyhpEy3mGkjLp3PlorTyuNoC6aUXOJcR4JxoOlWtgMfb%2FGeX2pJYIWMjtmXzwY%2FQMAAP%2F%2FAQAA%2F%2F%2Fuob2ufgQAAA%3D%3D
IP 192.243.61.225:0
ASN #39572 DataWeb Global Group B.V.
File type ASCII text, with no line terminators
Hash 132d6af1b46048b45cf86cdee7991d31
eb7007d03d59b65bc6da7e098c4d38fc6dfb6285
ab852e838deccd742a03ca81d4a8d75cf1a00b327db3eaf46bd7da6b6db9384c
Analyzer Verdict Alert quad9 Sinkholed
GET /impr.gif?sid=H4sIAAAAAAAC%2F1RSwWskxReu3t0f%2FHBRVLx4UAcvriCT7umZZGYXWYxrJBiTuLuSi5fqquqZMjVdTVXX9CQXwy5IBNHZm8fON8mG1UXcmxdh6dGDBIQdD5KD%2BSfEPctMBkYfVL331fcO3%2FdefX7gzogPR083P9S7Uim60Kj6lStbMuE6t5X125XAr%2FrXKlsyWaxfq%2FQnl%2BldDfxG1X%2Bz8r5g23qh5ge%2BH%2FhBZUUaEev%2BwpSFTB%2B2gmrLr9Zr1aBRR9%2F8F1vnwVIPvHdGXoTk4%2F91fn0EyUok3R9uCLud6fSt97pO0Uwb9Pjxx8l2ovME3XkZGw9xcjzrhrZjQr65AJ0czxxA9w4nDhDJMfH%2BCBAlxzOZiHpH50ojBZEg4peR90oIVULSEkzfheRPCMA41jeQdO%2Bva5PTnXOWTtgxufT0L8h8TC79%2BRKS7vfLSvYrt7RymdSJRT8uIPslZLtE6kbIdj3IfASW3YHkv5GFp2tIuocbVmlIXkzdS1lCxiWUGIBaD25ypAcXe3Cphy4%2FrdBGK%2Fb9pTiKw7BZZ4yFIWON5iJv8LDejH04NpE3QJYOwNQAzOwhNXvYlvfGhNw5hHGPYTsFLPdgszHxPtpDjxfIBUFuCXJKkEuCPCPIe8URV7Zmi%2FtcWRcFs1yb5bAY6qx9QI901hYJOUjPyAuT4XjPfvYGtsVppRbEImw1%2FLge1IRfW2RhGAfRIhNiMQhFRGFlAWkvTP3uyjF5tXEZqRyT%2F19%2FjIiOYNUITD4P6l4BzYdLNR%2B0M6w3fewmPyY0c4aqjqAq61jtDBNVplwErguk2SVkO96BOiMvTxd29e3nINjJ9V%2FKrz%2B58vcIzBRITYFP5c8EbbU%2FvKlzcnhT55Y82kgz2ZW7dLLMWxnNxMVvPxA7uTZ89YYdPHiHTYhJ%2BfC2sNkaTbhM2pZ8tyw5F2ZFGybIT6t2S0SbznaWnUlcurb57spqNzXCWqmTElQ%2BsV%2BCyTF5Zv%2Br6Td97fUU0pQwrkDXnZBZQOoSLN2DTefqrSYwat4TpR5yVwxNLZo%2FKkmgxBzTqID9F47m9YHdR9t4oNldJN0CPVOgpwpQNYB1F4dZak6u%2Fx5OA5HyhpEy3mGkjLp3PlorTyuNoC6aUXOJcR4JxoOlWtgMfb%2FGeX2pJYIWMjtmXzwY%2FQMAAP%2F%2FAQAA%2F%2F%2Fuob2ufgQAAA%3D%3D HTTP/1.1
Host: organexpectationsmaintain.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Cookie: u_pl=17661735; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.22.0
Date: Fri, 02 Dec 2022 07:31:17 GMT
Content-Type: image/gif
Content-Length: 7
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 55ee295e605cc1f7b86d8f87e98c19d4
Strict-Transport-Security: max-age=0; includeSubdomains
syndication.realsrv.com/splash.php?idzone=4853636&cookieconsent=true
95.211.229.247200 OK 2.7 kB URL HTTP/1.1 syndication.realsrv.com/splash.php?idzone=4853636&cookieconsent=true
IP 95.211.229.247:0
ASN #60781 LeaseWeb Netherlands B.V.
File type XML 1.0 document text\012- XML document, ASCII text, with very long lines (1570)
Hash 1ca7d7a3c76e901ed8d7c6bff0e0ba0f
283639342c99106b789b5f42036f3c6c57fe1aef
85afb9fae3664fdaaaaf4915fb138dcb65975b2cfc7022d16b5cd2fcf3c93f87
GET /splash.php?idzone=4853636&cookieconsent=true HTTP/1.1
Host: syndication.realsrv.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://media.aso1.net
Connection: keep-alive
Referer: https://media.aso1.net/
Cookie: __uvt=a%3A1%3A%7Bi%3A0%3Bs%3A33%3A%226389a9c53ef6a3.997539581630177934%22%3B%7D
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 02 Dec 2022 07:31:17 GMT
Content-Type: text/xml;charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: __uvt=a%3A1%3A%7Bi%3A0%3Bs%3A33%3A%226389a9c53ef6a3.997539581630177934%22%3B%7D; expires=Sun, 01 Dec 2024 07:31:17 GMT; path=; domain=.realsrv.com; Secure; SameSite=none
c-tag=%7B%22tag-video%22%3A%22v3%7C%7CNOR%7C4853636%7C59493762%7C0%7C%7C508%7C41%7C3%7C40%7C0%7C0%7C0%7C25344%7C3143242%7C3143244%7C0%7C1%7C0%7C0%7C0%7C0%7C1%7C0%7C0%7C1%7C6389a9c53ef6a3.997539581630177934%7C%7C0%7Cmedia.aso1.net%7C%7C%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7Cok%22%7D; expires=Sat, 03 Dec 2022 07:31:17 GMT; path=/; domain=.realsrv.com; Secure; SameSite=none
Cache-Control: no-store
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: https://media.aso1.net
Access-Control-Allow-Credentials: true
X-Robots-Tag: noindex, follow
Content-Encoding: gzip
syndication.realsrv.com/cimp.php?t=api&data=H4sIAAAAAAAAA3VPS2pDMQy8Si8Qo58lK/tuWwj0APaLH1mEFPKBFHT42gnNrhoEI2k0SAREG6QN0BvQlnGLFo7JIQklzBIfn7sQjFO93s71eOj1eD1cvm/npafleGshpJA9sqq4hhsAa4gVzV4iQ5ncsmmYkRY1CYHggAHKLDJZAkDKoEBoJsYWBeL9a/dIDEzA5kHBAPehG6151TSSweE+zfbaGQ3Fu7a2uFVtujerVdo6OE9h1PTvH/BEglzy0NJfIxiFSSg2+CokRkA8xvXyc1oiXvIn8sOAQ8q8dqxV72uW2vcNuNiykquv6k1a7aq/BtA27IYBAAA=
95.211.229.247200 OK 20 B URL HTTP/1.1 syndication.realsrv.com/cimp.php?t=api&data=H4sIAAAAAAAAA3VPS2pDMQy8Si8Qo58lK/tuWwj0APaLH1mEFPKBFHT42gnNrhoEI2k0SAREG6QN0BvQlnGLFo7JIQklzBIfn7sQjFO93s71eOj1eD1cvm/npafleGshpJA9sqq4hhsAa4gVzV4iQ5ncsmmYkRY1CYHggAHKLDJZAkDKoEBoJsYWBeL9a/dIDEzA5kHBAPehG6151TSSweE+zfbaGQ3Fu7a2uFVtujerVdo6OE9h1PTvH/BEglzy0NJfIxiFSSg2+CokRkA8xvXyc1oiXvIn8sOAQ8q8dqxV72uW2vcNuNiykquv6k1a7aq/BtA27IYBAAA=
IP 95.211.229.247:0
ASN #60781 LeaseWeb Netherlands B.V.
Hash a4745abc5e7fdb89cc6df3069f3c6e69
74789f7ddbebd5b7323f6f8174005b4bf8c1f1ed
d1111b245f685176180e6f1631e6dc49badf6672368e9ce260c71355165effdf
GET /cimp.php?t=api&data=H4sIAAAAAAAAA3VPS2pDMQy8Si8Qo58lK/tuWwj0APaLH1mEFPKBFHT42gnNrhoEI2k0SAREG6QN0BvQlnGLFo7JIQklzBIfn7sQjFO93s71eOj1eD1cvm/npafleGshpJA9sqq4hhsAa4gVzV4iQ5ncsmmYkRY1CYHggAHKLDJZAkDKoEBoJsYWBeL9a/dIDEzA5kHBAPehG6151TSSweE+zfbaGQ3Fu7a2uFVtujerVdo6OE9h1PTvH/BEglzy0NJfIxiFSSg2+CokRkA8xvXyc1oiXvIn8sOAQ8q8dqxV72uW2vcNuNiykquv6k1a7aq/BtA27IYBAAA= HTTP/1.1
Host: syndication.realsrv.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://a.naturalhealthsource.club
Connection: keep-alive
Referer: https://a.naturalhealthsource.club/
Cookie: __uvt=a%3A1%3A%7Bi%3A0%3Bs%3A33%3A%226389a9c53ef6a3.997539581630177934%22%3B%7D
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 02 Dec 2022 07:31:17 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Origin: https://a.naturalhealthsource.club
Access-Control-Allow-Credentials: true
Set-Cookie: __uvt=a%3A1%3A%7Bi%3A0%3Bs%3A33%3A%226389a9c53ef6a3.997539581630177934%22%3B%7D; expires=Sun, 01 Dec 2024 07:31:17 GMT; path=; domain=.realsrv.com; Secure; SameSite=none
__upt=%7B%22v%22%3A1%2C%22id%22%3A%226389a9c53ef6a3.997539581630177934%22%2C%22pcma%22%3A%22%22%2C%22acma%22%3A%22508.0199%22%7D; expires=Sun, 01 Dec 2024 07:31:17 GMT; path=/; domain=.realsrv.com; Secure; SameSite=none
X-Robots-Tag: noindex, follow
Content-Encoding: gzip
tallysaturatesnare.com/pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fssp%2Fvpn%2Fos-box%2Fsmall%2Fjs%2Fscript.js&l=775&fd=64
192.243.61.227200 OK 0 B URL HTTP/1.1 tallysaturatesnare.com/pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fssp%2Fvpn%2Fos-box%2Fsmall%2Fjs%2Fscript.js&l=775&fd=64
IP 192.243.61.227:0
ASN #39572 DataWeb Global Group B.V.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fssp%2Fvpn%2Fos-box%2Fsmall%2Fjs%2Fscript.js&l=775&fd=64 HTTP/1.1
Host: tallysaturatesnare.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Cookie: u_pl=15600826; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.22.0
Date: Fri, 02 Dec 2022 07:31:17 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
organexpectationsmaintain.com/pixel/sbs?c=1
192.243.61.225200 OK 1.3 kB URL HTTP/1.1 organexpectationsmaintain.com/pixel/sbs?c=1
IP 192.243.61.225:0
ASN #39572 DataWeb Global Group B.V.
Hash cdb1df73eca21b0e92d365db91c1be89
96e2421786b884ff30b8540c1493c5430ecd6ea7
ad483b27e3ab04bccff19243c33d7034d9039c70a6a9ad9e30e56bd7d1795cf8
Analyzer Verdict Alert quad9 Sinkholed
GET /pixel/sbs?c=1 HTTP/1.1
Host: organexpectationsmaintain.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Cookie: u_pl=17661735; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.22.0
Date: Fri, 02 Dec 2022 07:31:17 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
cdn.creative-bars1.com/sb/ssp/vpn/os-box/small/js/jquery.min.js
172.64.108.13200 OK 32 kB URL HTTP/2 cdn.creative-bars1.com/sb/ssp/vpn/os-box/small/js/jquery.min.js
IP 172.64.108.13:0
File type ASCII text, with very long lines (32025)
Hash 33a048a072f6217f6f4f6104a369f223
29fea634275a7194dc506ee196885fd6cf033ca1
f82410626b8fa20980f9588ed84072ce89a58f8cbabca44f90e78656dad30aa6
GET /sb/ssp/vpn/os-box/small/js/jquery.min.js HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Fri, 02 Dec 2022 07:31:17 GMT
content-type: application/javascript
last-modified: Tue, 21 Sep 2021 12:06:14 GMT
etag: W/"6149cab6-1499c"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 1445942
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=iIKrCOIHFKR1Ldwwcp%2B20ybsR6jm8%2F8rtogFdRNsBBqGOo4VGbJ4VDkW1jc6ZWDmMOR%2Bc8rlVYE3Cth%2BOip%2B0xlOb5dzqAtBp3AiO1ZSlxy4cmylkYG%2BHG6ydbwSf2YzgeCCOo%2FMBdLV"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 77325cafbfbe004a-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 279 B IP 93.184.220.29:0
Hash 93a61e013cdf5f59584d5e191e0523bb
d0f5467066b204530d024cd2ce59c377e5392bad
af0c7dab579ae2f90afb51927aa9524fb768fa82506e5ceacc3c86a4506a5eae
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5727
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Fri, 02 Dec 2022 07:31:17 GMT
Last-Modified: Fri, 02 Dec 2022 05:55:50 GMT
Server: ECS (ska/F713)
X-Cache: HIT
Content-Length: 279
syndication.realsrv.com/v1/api.php
95.211.229.247200 OK 1.1 kB URL HTTP/1.1 syndication.realsrv.com/v1/api.php
IP 95.211.229.247:0
ASN #60781 LeaseWeb Netherlands B.V.
File type JSON data\012- , ASCII text, with very long lines (1407), with no line terminators
Hash f43807c429bf2b6e0d0d43bc3d8655de
252f6304b5ac2d15b03953ad039baf8b1d34f2f7
a55afd398ab57574a9baf4049cacf1ad64ced7a0210a8cf5cab09046e465f8b8
POST /v1/api.php HTTP/1.1
Host: syndication.realsrv.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 335
Origin: https://a.naturalhealthsource.club
Connection: keep-alive
Referer: https://a.naturalhealthsource.club/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 02 Dec 2022 07:31:17 GMT
Content-Type: application/json
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Origin: https://a.naturalhealthsource.club
Access-Control-Allow-Headers: Authorization, Content-Type
Access-Control-Request-Method: POST
Access-Control-Allow-Credentials: true
Set-Cookie: __uvt=a%3A1%3A%7Bi%3A0%3Bs%3A33%3A%226389a9c53f73c0.251650224170387577%22%3B%7D; expires=Sun, 01-Dec-2024 07:31:17 GMT; Max-Age=63072000; path=/; domain=realsrv.com; secure; SameSite=None
X-Robots-Tag: noindex, follow
Content-Encoding: gzip
a.medfoodsafety.com/loader?a=4787908&v=2&t=1&s=4776911&p=8575&if=true
172.64.205.2200 OK 345 B URL HTTP/2 a.medfoodsafety.com/loader?a=4787908&v=2&t=1&s=4776911&p=8575&if=true
IP 172.64.205.2:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash b609cfeebd973710d1bf1e94ba0905a5
c8500d72dceec11ef8bc95d593be54cc4f2ebe7b
c6ffc06a5267f15efc8e6cf39ad2bdbd0743ed5144d8736e6a8ef8d2183f7ffe
GET /loader?a=4787908&v=2&t=1&s=4776911&p=8575&if=true HTTP/1.1
Host: a.medfoodsafety.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://a.naturalhealthsource.club/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 02 Dec 2022 07:31:17 GMT
content-type: text/html
cache-control: no-cache, no-store, must-revalidate
expires: Sat, 26 Jul 1997 05:00:00 GMT
last-modified: Sun, 17 May 1998 03:00:00 GMT
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=R2fzwMSMhpg7neFGEf%2BES60SxmmatAl3Slo65Fb1y2%2BvJ7EdUKSxzcYsdBL3M6Zk9vIyCcdd1pKVxeMaXI6U%2BBdf6fvJosKIswngPcXerG49Cn%2BNPo8ttuEgi6IQlVPwubxjS0dp"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 77325cb1497274e1-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
go.xlivrdr.com/smartpop/165aea9bcdd7aabac45f72d02f58fd24b8416bc57cfc540b1b4409ac823564af?userId=1f2ad638bb163e0f21b19d6cbbcd5805b56eb7b1ef21117b6157eaf2a11915c9&memberId=ooc4ASOptqorordVdTdRZXO6VzqpbXUzOodTK6V0rpXT1UU0uomponpndRNTRPTS6V0zpXSuldK6Z0rpXTOrotuzu1qo34rzojuusqouqtmrolmssuopc6V3..3eceZQzRg3M5zpXSuldK6V0rpXSulcH2A-&sourceId=4853636&p1=4581534&skipOffset=00:00:05
104.18.51.106302 Found 0 B URL HTTP/2 go.xlivrdr.com/smartpop/165aea9bcdd7aabac45f72d02f58fd24b8416bc57cfc540b1b4409ac823564af?userId=1f2ad638bb163e0f21b19d6cbbcd5805b56eb7b1ef21117b6157eaf2a11915c9&memberId=ooc4ASOptqorordVdTdRZXO6VzqpbXUzOodTK6V0rpXT1UU0uomponpndRNTRPTS6V0zpXSuldK6Z0rpXTOrotuzu1qo34rzojuusqouqtmrolmssuopc6V3..3eceZQzRg3M5zpXSuldK6V0rpXSulcH2A-&sourceId=4853636&p1=4581534&skipOffset=00:00:05
IP 104.18.51.106:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /smartpop/165aea9bcdd7aabac45f72d02f58fd24b8416bc57cfc540b1b4409ac823564af?userId=1f2ad638bb163e0f21b19d6cbbcd5805b56eb7b1ef21117b6157eaf2a11915c9&memberId=ooc4ASOptqorordVdTdRZXO6VzqpbXUzOodTK6V0rpXT1UU0uomponpndRNTRPTS6V0zpXSuldK6Z0rpXTOrotuzu1qo34rzojuusqouqtmrolmssuopc6V3..3eceZQzRg3M5zpXSuldK6V0rpXSulcH2A-&sourceId=4853636&p1=4581534&skipOffset=00:00:05 HTTP/1.1
Host: go.xlivrdr.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://media.aso1.net
Connection: keep-alive
Referer: https://media.aso1.net/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
date: Fri, 02 Dec 2022 07:31:17 GMT
content-length: 0
location: https://go.xlivrdr.com/api/models/vast?campaignId=165aea9bcdd7aabac45f72d02f58fd24b8416bc57cfc540b1b4409ac823564af&campaignType=smartpop&creativeId=b1e02e2720203f684f246d97afe36747c347d0383f37e85772df9f975015b451&duration=00%3A00%3A30&endpoint=room&iterationId=257107&masterSmartpopId=2683&memberId=ooc4ASOptqorordVdTdRZXO6VzqpbXUzOodTK6V0rpXT1UU0uomponpndRNTRPTS6V0zpXSuldK6Z0rpXTOrotuzu1qo34rzojuusqouqtmrolmssuopc6V3..3eceZQzRg3M5zpXSuldK6V0rpXSulcH2A-&p1=4581534&ruleId=157&skipOffset=00%3A00%3A05&smartpopId=3564&sourceId=4853636&tag=-girls%2Findian&userId=1f2ad638bb163e0f21b19d6cbbcd5805b56eb7b1ef21117b6157eaf2a11915c9&variationId=29475&videosList=oil-show11
access-control-allow-origin: https://media.aso1.net
access-control-allow-credentials: true
access-control-allow-headers: Content-Type, Content-Length, Accept-Encoding, x-requested-with
cf-cache-status: DYNAMIC
set-cookie: _var=7868025.29475; Path=/; HttpOnly; SameSite=Strict
__cflb=02DiuDfsBaY2bRYJiCg3Rc4wrBy1LXpo8VXRt6vUCDp1z; SameSite=None; Secure; path=/; expires=Sat, 03-Dec-22 06:31:17 GMT; HttpOnly
server: cloudflare
cf-ray: 77325cb249abb506-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.pki.goog/s/gts1p5/_29EuSYUrhk
142.250.74.131200 OK 471 B URL HTTP/1.1 ocsp.pki.goog/s/gts1p5/_29EuSYUrhk
IP 142.250.74.131:0
Hash 741f2cec56edf7f6848f43a344aff866
efb02f933a138d675fe7d80c6c533f1f64bc0d3f
0daae791c93b12cb6a228c22e20198648d42682ce0696cdfc13183c49bb1c10b
POST /s/gts1p5/_29EuSYUrhk HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 02 Dec 2022 07:31:17 GMT
Cache-Control: public, max-age=14400
Server: scaffolding on HTTPServer2
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
fonts.gstatic.com/s/ubuntu/v20/4iCs6KVjbNBYlgoKfw72.woff2
142.250.74.163200 OK 35 kB URL HTTP/2 fonts.gstatic.com/s/ubuntu/v20/4iCs6KVjbNBYlgoKfw72.woff2
IP 142.250.74.163:0
File type Web Open Font Format (Version 2), TrueType, length 34852, version 1.0\012- data
Hash 0e8eefb4549a2edf26c560cb9845952e
8d0b1718aacad934fd0043c87cbc54aa091396bf
7f653b3ce9d3277457fc6da4edb246ae2f6c913f088c42dcb8cd2e96267aa21a
GET /s/ubuntu/v20/4iCs6KVjbNBYlgoKfw72.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://ads.adxadserv.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 34852
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 30 Nov 2022 08:17:47 GMT
expires: Thu, 30 Nov 2023 08:17:47 GMT
cache-control: public, max-age=31536000
age: 170010
last-modified: Wed, 27 Apr 2022 16:31:23 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 77a6b6638e0ee5ec4eeb988d3d3af050
219272781fc7a6ac331496b257c7976daa7b62de
d3092d8548c448fab08751eb00cce0ffb883786084d77320da1e0a858b70c5cb
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "D3092D8548C448FAB08751EB00CCE0FFB883786084D77320DA1E0A858B70C5CB"
Last-Modified: Thu, 01 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2804
Expires: Fri, 02 Dec 2022 08:18:01 GMT
Date: Fri, 02 Dec 2022 07:31:17 GMT
Connection: keep-alive
syndication.realsrv.com/cimp.php?t=api&data=H4sIAAAAAAAAA3VPSWoDQQz8Sj7gRlKr1ZLPyTUBBz+gZzE+GAe8gAP1+PRMgm9RXUoLpSohkQ3LhuSFZJt5yxXBKSipJC6K948dlHFut/ulnY5zO92O16/7ZZzTeLoPyFwtC4qZhiEqUTZodSvRp+RQLRZ9VauIeFdUQgZ1SMmqC0tEoh4OJ7ztd9h/vvZhWC5gCILoIYU6X8xACNo5PRaNiT1anr3KLFnN26HaGM5K2Yu3uhyipX/tE8ylm2IJ6TEo9TjrU/pDZs2igg0/G0Uvwrpu1+/zCDzPf1FWAQGrLrZBB7KDjiOZTdoGYw4ubY6h6jQMMf0AMb3pz4YBAAA=
95.211.229.247200 OK 20 B URL HTTP/1.1 syndication.realsrv.com/cimp.php?t=api&data=H4sIAAAAAAAAA3VPSWoDQQz8Sj7gRlKr1ZLPyTUBBz+gZzE+GAe8gAP1+PRMgm9RXUoLpSohkQ3LhuSFZJt5yxXBKSipJC6K948dlHFut/ulnY5zO92O16/7ZZzTeLoPyFwtC4qZhiEqUTZodSvRp+RQLRZ9VauIeFdUQgZ1SMmqC0tEoh4OJ7ztd9h/vvZhWC5gCILoIYU6X8xACNo5PRaNiT1anr3KLFnN26HaGM5K2Yu3uhyipX/tE8ylm2IJ6TEo9TjrU/pDZs2igg0/G0Uvwrpu1+/zCDzPf1FWAQGrLrZBB7KDjiOZTdoGYw4ubY6h6jQMMf0AMb3pz4YBAAA=
IP 95.211.229.247:0
ASN #60781 LeaseWeb Netherlands B.V.
Hash a4745abc5e7fdb89cc6df3069f3c6e69
74789f7ddbebd5b7323f6f8174005b4bf8c1f1ed
d1111b245f685176180e6f1631e6dc49badf6672368e9ce260c71355165effdf
GET /cimp.php?t=api&data=H4sIAAAAAAAAA3VPSWoDQQz8Sj7gRlKr1ZLPyTUBBz+gZzE+GAe8gAP1+PRMgm9RXUoLpSohkQ3LhuSFZJt5yxXBKSipJC6K948dlHFut/ulnY5zO92O16/7ZZzTeLoPyFwtC4qZhiEqUTZodSvRp+RQLRZ9VauIeFdUQgZ1SMmqC0tEoh4OJ7ztd9h/vvZhWC5gCILoIYU6X8xACNo5PRaNiT1anr3KLFnN26HaGM5K2Yu3uhyipX/tE8ylm2IJ6TEo9TjrU/pDZs2igg0/G0Uvwrpu1+/zCDzPf1FWAQGrLrZBB7KDjiOZTdoGYw4ubY6h6jQMMf0AMb3pz4YBAAA= HTTP/1.1
Host: syndication.realsrv.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://a.naturalhealthsource.club
Connection: keep-alive
Referer: https://a.naturalhealthsource.club/
Cookie: __uvt=a%3A1%3A%7Bi%3A0%3Bs%3A33%3A%226389a9c53788b7.205502431077818338%22%3B%7D; __upt=%7B%22v%22%3A1%2C%22id%22%3A%226389a9c53ef6a3.997539581630177934%22%2C%22pcma%22%3A%22%22%2C%22acma%22%3A%22508.029701%22%7D; c-tag=%7B%22tag-video%22%3A%22v3%7C%7CNOR%7C4853636%7C59493762%7C0%7C%7C508%7C41%7C3%7C40%7C0%7C0%7C0%7C25344%7C3143242%7C3143244%7C0%7C1%7C0%7C0%7C0%7C0%7C1%7C0%7C0%7C1%7C6389a9c53ef6a3.997539581630177934%7C%7C0%7Cmedia.aso1.net%7C%7C%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7Cok%22%7D
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 02 Dec 2022 07:31:17 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Origin: https://a.naturalhealthsource.club
Access-Control-Allow-Credentials: true
Set-Cookie: __uvt=a%3A1%3A%7Bi%3A0%3Bs%3A33%3A%226389a9c53788b7.205502431077818338%22%3B%7D; expires=Sun, 01 Dec 2024 07:31:17 GMT; path=; domain=.realsrv.com; Secure; SameSite=none
__upt=%7B%22v%22%3A1%2C%22id%22%3A%226389a9c53ef6a3.997539581630177934%22%2C%22pcma%22%3A%22%22%2C%22acma%22%3A%22508.03940399%22%7D; expires=Sun, 01 Dec 2024 07:31:17 GMT; path=/; domain=.realsrv.com; Secure; SameSite=none
X-Robots-Tag: noindex, follow
Content-Encoding: gzip
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 77a6b6638e0ee5ec4eeb988d3d3af050
219272781fc7a6ac331496b257c7976daa7b62de
d3092d8548c448fab08751eb00cce0ffb883786084d77320da1e0a858b70c5cb
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "D3092D8548C448FAB08751EB00CCE0FFB883786084D77320DA1E0A858B70C5CB"
Last-Modified: Thu, 01 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2804
Expires: Fri, 02 Dec 2022 08:18:01 GMT
Date: Fri, 02 Dec 2022 07:31:17 GMT
Connection: keep-alive
syndication.realsrv.com/v1/api.php
95.211.229.247200 OK 2.6 kB URL HTTP/1.1 syndication.realsrv.com/v1/api.php
IP 95.211.229.247:0
ASN #60781 LeaseWeb Netherlands B.V.
File type JSON data\012- , ASCII text, with very long lines (5515), with no line terminators
Hash be53b3673d40cf1af9873959226efe3f
ba94afa006a09d118dba3ba80f8fadbc0b1e3db1
97274723672a0d3075b7985f56215a0dfb0bafe1a678a14d93e4d6242c275e5e
POST /v1/api.php HTTP/1.1
Host: syndication.realsrv.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 284
Origin: https://media.aso1.net
Connection: keep-alive
Referer: https://media.aso1.net/
Cookie: __uvt=a%3A1%3A%7Bi%3A0%3Bs%3A33%3A%226389a9c53ef6a3.997539581630177934%22%3B%7D; __upt=%7B%22v%22%3A1%2C%22id%22%3A%226389a9c53ef6a3.997539581630177934%22%2C%22pcma%22%3A%22%22%2C%22acma%22%3A%22508.0199%22%7D; c-tag=%7B%22tag-video%22%3A%22v3%7C%7CNOR%7C4853636%7C59493762%7C0%7C%7C508%7C41%7C3%7C40%7C0%7C0%7C0%7C25344%7C3143242%7C3143244%7C0%7C1%7C0%7C0%7C0%7C0%7C1%7C0%7C0%7C1%7C6389a9c53ef6a3.997539581630177934%7C%7C0%7Cmedia.aso1.net%7C%7C%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7Cok%22%7D
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 02 Dec 2022 07:31:17 GMT
Content-Type: application/json
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Origin: https://media.aso1.net
Access-Control-Allow-Headers: Authorization, Content-Type
Access-Control-Request-Method: POST
Access-Control-Allow-Credentials: true
X-Robots-Tag: noindex, follow
Content-Encoding: gzip
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 77a6b6638e0ee5ec4eeb988d3d3af050
219272781fc7a6ac331496b257c7976daa7b62de
d3092d8548c448fab08751eb00cce0ffb883786084d77320da1e0a858b70c5cb
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "D3092D8548C448FAB08751EB00CCE0FFB883786084D77320DA1E0A858B70C5CB"
Last-Modified: Thu, 01 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2804
Expires: Fri, 02 Dec 2022 08:18:01 GMT
Date: Fri, 02 Dec 2022 07:31:17 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 77a6b6638e0ee5ec4eeb988d3d3af050
219272781fc7a6ac331496b257c7976daa7b62de
d3092d8548c448fab08751eb00cce0ffb883786084d77320da1e0a858b70c5cb
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "D3092D8548C448FAB08751EB00CCE0FFB883786084D77320DA1E0A858B70C5CB"
Last-Modified: Thu, 01 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2804
Expires: Fri, 02 Dec 2022 08:18:01 GMT
Date: Fri, 02 Dec 2022 07:31:17 GMT
Connection: keep-alive
ocsp.digicert.com/
93.184.220.29200 OK 279 B IP 93.184.220.29:0
Hash 93a61e013cdf5f59584d5e191e0523bb
d0f5467066b204530d024cd2ce59c377e5392bad
af0c7dab579ae2f90afb51927aa9524fb768fa82506e5ceacc3c86a4506a5eae
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5727
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Fri, 02 Dec 2022 07:31:17 GMT
Last-Modified: Fri, 02 Dec 2022 05:55:50 GMT
Server: ECS (ska/F713)
X-Cache: HIT
Content-Length: 279
a.medfoodsafety.com/i?tid=435dcbdc-b80c-4536-bc1d-f4bbf6497be2&cf=affiiffbgg
172.64.205.2200 OK 60 B URL HTTP/2 a.medfoodsafety.com/i?tid=435dcbdc-b80c-4536-bc1d-f4bbf6497be2&cf=affiiffbgg
IP 172.64.205.2:0
File type ASCII text, with no line terminators
Hash cea81d6017b53c6c7bd076407db21a0a
063acf4f87ec5b0c7f9631779c264ee045945c52
1665c0045c0d9a05857431f46362283793d0b844d9e157692079bcbc69ff6154
GET /i?tid=435dcbdc-b80c-4536-bc1d-f4bbf6497be2&cf=affiiffbgg HTTP/1.1
Host: a.medfoodsafety.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://a.medfoodsafety.com/loader?a=4787908&v=2&t=1&s=4776911&p=8575&if=true
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Fri, 02 Dec 2022 07:31:17 GMT
content-type: image/gif
content-length: 60
cache-control: no-cache, no-store, must-revalidate
expires: Sat, 26 Jul 1997 05:00:00 GMT
last-modified: Sun, 17 May 1998 03:00:00 GMT
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=g4Mo13CZ%2BLiPmu80JCMy6zaFa0yr9THW1%2BEHk%2FK%2BMFEi3RlsnZkkJCRRi11FbFWxjXTPJCgAMEXeLL1jps4Ax3AQQeErPzyRjFc1n40nijjjlkgIH4hSRR31G9jZCHpWkY4VEySU"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 77325cb25a9c74e1-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
a.realsrv.com/video-slider.js
185.76.9.15200 OK 37 kB URL HTTP/2 a.realsrv.com/video-slider.js
IP 185.76.9.15:0
ASN #60068 Datacamp Limited
File type ASCII text, with very long lines (51128), with no line terminators
Hash 9d7e42d3e64f8d4d79d3da5c26379913
64465159970ed80706871ac66a793841e286ef8b
9d913f41ebaf18c0a729df32a161039f01ed21d2c98d9d9d2cdd56ff81f66292
GET /video-slider.js HTTP/1.1
Host: a.realsrv.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://media.aso1.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Fri, 02 Dec 2022 07:31:17 GMT
content-type: application/javascript
etag: W/"bfe8e0d358572ef0cbb85c26f8a"
expires: Tue, 29 Nov 2022 13:18:12 GMT
cache-control: max-age=10800
access-control-allow-origin: *
x-cache-op: HIT
x-accel-expires: @1669976360
server: CDN77-Turbo
x-77-nzt: AblMCQ2NBBj/zQIAAA
x-77-nzt-ray: c0a4cc2829d8037bc5a989636822ca15
x-cache: HIT
x-age: 717
x-77-pop: stockholmSE
x-77-cache: HIT
content-encoding: br
X-Firefox-Spdy: h2
e1.o.lencr.org/
23.36.76.226200 OK 345 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash b6fd52f6112bf3ad4083e4a9f918a2b9
e76003a2bc23b743aeac46b26b92822bba39ba6c
f9fc672ad75ebba6fb945272c29eabadfd99107edb4b5c7597d87a675d6c9ffb
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "F9FC672AD75EBBA6FB945272C29EABADFD99107EDB4B5C7597D87A675D6C9FFB"
Last-Modified: Thu, 01 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2782
Expires: Fri, 02 Dec 2022 08:17:39 GMT
Date: Fri, 02 Dec 2022 07:31:17 GMT
Connection: keep-alive
syndication.realsrv.com/cimp.php?t=api&data=H4sIAAAAAAAAAz1PUUpEMQy8ihfYkqRp0+y33wqKB+h72+Iirh+7gsIc3rwnbIcpUxomM0IiB5YDyQPJMfORDc7JKakkLoqn5xco4/zx/T4ut35Ol3FDtWruMGMShquTV2gr0riiUAuK1dZg7C2oUEIGBaRk1U0lItbsHC54e33cyQEhxL2t3aSGph9Czc27ryWPWXtO7layl1iXic08K2yZs2tlHUvjRmtnq1LrrKTDxmybET7H6dxTv37x3oNQJBzARHVLlZh8z7BH3ZAjo6jgwPeHIg5h/+7X38sK3Mf/q6HsDgLW6M3Rp3TSZe0tL6c8vThRn6VN42X0pY8/UlYXV4YBAAA=
95.211.229.247200 OK 20 B URL HTTP/1.1 syndication.realsrv.com/cimp.php?t=api&data=H4sIAAAAAAAAAz1PUUpEMQy8ihfYkqRp0+y33wqKB+h72+Iirh+7gsIc3rwnbIcpUxomM0IiB5YDyQPJMfORDc7JKakkLoqn5xco4/zx/T4ut35Ol3FDtWruMGMShquTV2gr0riiUAuK1dZg7C2oUEIGBaRk1U0lItbsHC54e33cyQEhxL2t3aSGph9Czc27ryWPWXtO7layl1iXic08K2yZs2tlHUvjRmtnq1LrrKTDxmybET7H6dxTv37x3oNQJBzARHVLlZh8z7BH3ZAjo6jgwPeHIg5h/+7X38sK3Mf/q6HsDgLW6M3Rp3TSZe0tL6c8vThRn6VN42X0pY8/UlYXV4YBAAA=
IP 95.211.229.247:0
ASN #60781 LeaseWeb Netherlands B.V.
Hash a4745abc5e7fdb89cc6df3069f3c6e69
74789f7ddbebd5b7323f6f8174005b4bf8c1f1ed
d1111b245f685176180e6f1631e6dc49badf6672368e9ce260c71355165effdf
GET /cimp.php?t=api&data=H4sIAAAAAAAAAz1PUUpEMQy8ihfYkqRp0+y33wqKB+h72+Iirh+7gsIc3rwnbIcpUxomM0IiB5YDyQPJMfORDc7JKakkLoqn5xco4/zx/T4ut35Ol3FDtWruMGMShquTV2gr0riiUAuK1dZg7C2oUEIGBaRk1U0lItbsHC54e33cyQEhxL2t3aSGph9Czc27ryWPWXtO7layl1iXic08K2yZs2tlHUvjRmtnq1LrrKTDxmybET7H6dxTv37x3oNQJBzARHVLlZh8z7BH3ZAjo6jgwPeHIg5h/+7X38sK3Mf/q6HsDgLW6M3Rp3TSZe0tL6c8vThRn6VN42X0pY8/UlYXV4YBAAA= HTTP/1.1
Host: syndication.realsrv.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://media.aso1.net
Connection: keep-alive
Referer: https://media.aso1.net/
Cookie: __uvt=a%3A1%3A%7Bi%3A0%3Bs%3A33%3A%226389a9c53788b7.205502431077818338%22%3B%7D; __upt=%7B%22v%22%3A1%2C%22id%22%3A%226389a9c53ef6a3.997539581630177934%22%2C%22pcma%22%3A%22%22%2C%22acma%22%3A%22508.03940399%22%7D; c-tag=%7B%22tag-video%22%3A%22v3%7C%7CNOR%7C4853636%7C59493762%7C0%7C%7C508%7C41%7C3%7C40%7C0%7C0%7C0%7C25344%7C3143242%7C3143244%7C0%7C1%7C0%7C0%7C0%7C0%7C1%7C0%7C0%7C1%7C6389a9c53ef6a3.997539581630177934%7C%7C0%7Cmedia.aso1.net%7C%7C%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7Cok%22%7D
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 02 Dec 2022 07:31:17 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Origin: https://media.aso1.net
Access-Control-Allow-Credentials: true
Set-Cookie: __uvt=a%3A1%3A%7Bi%3A0%3Bs%3A33%3A%226389a9c53788b7.205502431077818338%22%3B%7D; expires=Sun, 01 Dec 2024 07:31:17 GMT; path=; domain=.realsrv.com; Secure; SameSite=none
__upt=%7B%22v%22%3A1%2C%22id%22%3A%226389a9c53ef6a3.997539581630177934%22%2C%22pcma%22%3A%22%22%2C%22acma%22%3A%22508.0490099501%22%7D; expires=Sun, 01 Dec 2024 07:31:17 GMT; path=/; domain=.realsrv.com; Secure; SameSite=none
X-Robots-Tag: noindex, follow
Content-Encoding: gzip
s3t3d2y8.afcdn.net/library/676799/cd5710823e62b921a06dc0045d7f2b1b663076c9.jpg
185.76.9.17200 OK 19 kB URL HTTP/2 s3t3d2y8.afcdn.net/library/676799/cd5710823e62b921a06dc0045d7f2b1b663076c9.jpg
IP 185.76.9.17:0
ASN #60068 Datacamp Limited
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 90", baseline, precision 8, 300x300, components 3\012- data
Hash e14b72a35908bf1d0aa5be9f877917e1
cd5710823e62b921a06dc0045d7f2b1b663076c9
ace2d7b48d4ce56f5df3d44e08dacb1ee3251c631af636a3ca793005309a31b3
GET /library/676799/cd5710823e62b921a06dc0045d7f2b1b663076c9.jpg HTTP/1.1
Host: s3t3d2y8.afcdn.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://media.aso1.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Fri, 02 Dec 2022 07:31:17 GMT
content-type: image/jpeg
content-length: 18726
last-modified: Fri, 29 May 2020 12:09:23 GMT
etag: "5ed0fb73-4926"
expires: Fri, 30 Jun 2023 18:47:20 GMT
cache-control: max-age=31536000
access-control-allow-origin: *
x-cache-op: HIT
x-accel-expires: @1688195208
server: CDN77-Turbo
x-robots-tag: noindex, follow
x-77-nzt: AblMCQ3lU+7/vQzLAA
x-77-nzt-ray: c0a4cc286fe32b82c5a9896352da7025
x-cache: HIT
x-age: 13307069
x-77-pop: stockholmSE
x-77-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
s3t3d2y8.afcdn.net/library/426059/c1a24994bc881cf022e6d63ef9c1eec8b98cbb02.mp4
185.76.9.17206 Partial Content 15 kB URL HTTP/2 s3t3d2y8.afcdn.net/library/426059/c1a24994bc881cf022e6d63ef9c1eec8b98cbb02.mp4
IP 185.76.9.17:0
ASN #60068 Datacamp Limited
File type ISO Media, MP4 Base Media v1 [ISO 14496-12:2003]\012- data
Hash 84aab959c68075ee40e677cd10aa257e
c1a24994bc881cf022e6d63ef9c1eec8b98cbb02
84fcda8fecea6427923cfe5641d88565f323d5f1dccf9e1e33d8115ff20cd132
GET /library/426059/c1a24994bc881cf022e6d63ef9c1eec8b98cbb02.mp4 HTTP/1.1
Host: s3t3d2y8.afcdn.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: video/webm,video/ogg,video/*;q=0.9,application/ogg;q=0.7,audio/*;q=0.6,*/*;q=0.5
Accept-Language: en-US,en;q=0.5
Range: bytes=0-
Connection: keep-alive
Referer: https://a.naturalhealthsource.club/
Sec-Fetch-Dest: video
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 206 Partial Content
date: Fri, 02 Dec 2022 07:31:17 GMT
content-type: video/mp4
content-length: 15306
last-modified: Thu, 11 Aug 2022 15:21:08 GMT
etag: "62f51e64-3bca"
expires: Tue, 28 Nov 2023 15:54:33 GMT
cache-control: max-age=31536000
access-control-allow-origin: *
x-robots-tag: noindex, follow
x-cache-op: MISS
x-accel-expires: @1701186873
server: CDN77-Turbo
x-77-nzt: AblMCQ1vw43/DNAEAA
x-77-nzt-ray: c0a4cc286fe32b82c5a98963d518c925
x-cache: HIT
x-age: 315404
x-77-pop: stockholmSE
x-77-cache: HIT
content-range: bytes 0-15305/15306
X-Firefox-Spdy: h2
xfantazy.com/video/5fa9094a0c205613746667b6
172.64.162.22200 OK 84 kB URL HTTP/2 xfantazy.com/video/5fa9094a0c205613746667b6
IP 172.64.162.22:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (17087)
Hash d05300b14a9211523332290d22e348cd
af5f7f591e2b3d5699b4ab3b4fc630499c97857f
4b0b60c9d41ce9ed6e7757d7d0dc123b4c74cdbcd723d33c87e5b51213463383
GET /video/5fa9094a0c205613746667b6 HTTP/1.1
Host: xfantazy.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/2 200 OK
date: Fri, 02 Dec 2022 07:31:13 GMT
content-type: text/html; charset=utf-8
vary: Origin
set-cookie: visitorId=b42rsi6fzq7hn6h9fdrixc; Domain=xfantazy.com; Path=/; Expires=Thu, 02 Dec 2032 07:31:13 GMT; HttpOnly
experiment-popup-payment-7=0; Path=/; Expires=Fri, 09 Dec 2022 07:31:13 GMT
experiment-save-to-button-2=0; Path=/; Expires=Fri, 09 Dec 2022 07:31:13 GMT
x-powered-by: Next.js
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=q4jZjtVGk626L6NeyKwfkcmOKdZhJE3tgKb8sFI0%2BRGAliRuIuy4Vi8Jt2NTKdtCBJhpmqDJnnEdCNTaF6Rk60A7rN6L0BWaHOBByB1NXy2uZfo97UntPFJp4erddhY%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 77325c967a8b71c6-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 279 B IP 93.184.220.29:0
Hash ca8c1cd11a19ddef292f87cdb5f71624
659d6b2b6336a903c683f3bde6da7f46b72841af
c38f2d7a240e022dfd8539138e33b0d14e925cb17791081259e879893c457317
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 745
Cache-Control: max-age=163807
Content-Type: application/ocsp-response
Date: Fri, 02 Dec 2022 07:31:17 GMT
Etag: "638983bb-117"
Expires: Sun, 04 Dec 2022 05:01:24 GMT
Last-Modified: Fri, 02 Dec 2022 04:48:59 GMT
Server: ECS (ska/F713)
X-Cache: HIT
Content-Length: 279
s3t3d2y8.afcdn.net/library/317632/6f08c582fb5c25927f040b71f3c7ebc033a212e7.gif
185.76.9.17200 OK 41 kB URL HTTP/2 s3t3d2y8.afcdn.net/library/317632/6f08c582fb5c25927f040b71f3c7ebc033a212e7.gif
IP 185.76.9.17:0
ASN #60068 Datacamp Limited
File type GIF image data, version 87a, 900 x 250\012- data
Hash 35c163835326d80cf7ab769ba934cd17
6f08c582fb5c25927f040b71f3c7ebc033a212e7
84652cc6c291379671e8cadbe7b66ef39986fa7302783acf097e48d054baa0b5
GET /library/317632/6f08c582fb5c25927f040b71f3c7ebc033a212e7.gif HTTP/1.1
Host: s3t3d2y8.afcdn.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://a.naturalhealthsource.club/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 02 Dec 2022 07:31:17 GMT
content-type: image/gif
content-length: 41349
last-modified: Thu, 10 Mar 2022 12:30:32 GMT
etag: "6229ef68-a185"
expires: Sat, 25 Nov 2023 08:05:07 GMT
cache-control: max-age=31536000
access-control-allow-origin: *
x-robots-tag: noindex, follow
x-cache-op: HIT
x-accel-expires: @1700903087
server: CDN77-Turbo
x-77-nzt: AblMCQ3sq6b/liQJAA
x-77-nzt-ray: c0a4cc286fe32b82c5a989635650cc26
x-cache: HIT
x-age: 599190
x-77-pop: stockholmSE
x-77-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
cdn.creative-bars1.com/sb/ssp/vpn/os-box/small/css/animate.css
172.64.108.13200 OK 5.9 kB URL HTTP/2 cdn.creative-bars1.com/sb/ssp/vpn/os-box/small/css/animate.css
IP 172.64.108.13:0
Hash d2d37d4fdca2ea4df4403db1be7fd707
f9b2321f441339c321f122a2c4de1a110be057a2
1f32d34d73ed311e25986997607ba232932813b8b95fab706a7aa9e9aab7a91b
GET /sb/ssp/vpn/os-box/small/css/animate.css HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://xfantazy.com
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 02 Dec 2022 07:31:16 GMT
content-type: text/css
last-modified: Tue, 21 Sep 2021 12:06:11 GMT
etag: W/"6149cab3-13591"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 1445941
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=cV6VPjiRPIK8nednOhTkx9O7XGajMWo4D%2FDQzerXFoXjkJNhfqyH1MtyE56OQlg%2FCNU0R8NwoLgvl3mbdvRGVJimX9EOkU4HwYync6CNxK%2FVcjBIV9Bx%2FlM467ni%2B%2FPnj9GCR10OTMzZ"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 77325cae6f03004a-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.sectigo.com/
104.18.32.68200 OK 472 B IP 104.18.32.68:0
Hash e14645a5d64641f43408392e7bca55a4
84a9309034a7c09084d2a9730e01910c7d3c30ed
d07749fc5c9a5efd92dc1e4abeae29655a57dc120f8700a430176d3acfe22882
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 02 Dec 2022 07:31:17 GMT
Content-Type: application/ocsp-response
Content-Length: 472
Connection: keep-alive
Last-Modified: Tue, 29 Nov 2022 08:27:05 GMT
Expires: Tue, 06 Dec 2022 08:27:04 GMT
Etag: "84a9309034a7c09084d2a9730e01910c7d3c30ed"
Cache-Control: max-age=348346,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb3
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 77325cb20ab50b55-OSL
adxadserv.com/ascripts/gcr.js
185.98.53.29200 OK 23 kB URL HTTP/1.1 adxadserv.com/ascripts/gcr.js
IP 185.98.53.29:0
ASN #39572 DataWeb Global Group B.V.
File type Unicode text, UTF-8 text, with very long lines (48738)
Hash 4bcc622fafa6d39f3d41ee9e46b585f5
f4870a326a8c0f449cbcd79673406ac1d5e6f6c8
c7ef60433000d6807163ee4643bd7774e783e4d0711513d134ae008f04f4a8e9
GET /ascripts/gcr.js HTTP/1.1
Host: adxadserv.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ads.adxadserv.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
HTTP/1.1 200 OK
Server: nginx/1.20.1
Date: Fri, 02 Dec 2022 07:31:17 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Thu, 16 Dec 2021 16:04:11 GMT
ETag: W/"61bb637b-1434f"
Expires: Wed, 30 Nov 2022 08:33:12 GMT
Cache-Control: max-age=86400, public
X-77-NZT: Abk73hGk+2n/+0IBAA
X-77-NZT-Ray: f4787b27d1084df0c5a98963c130a728
X-Cache: HIT
X-Age: 82683
X-77-POP: amsterdamNL
X-77-Cache: HIT
Content-Encoding: br
ocsp.pki.goog/s/gts1p5/_29EuSYUrhk
142.250.74.131200 OK 471 B URL HTTP/1.1 ocsp.pki.goog/s/gts1p5/_29EuSYUrhk
IP 142.250.74.131:0
Hash 741f2cec56edf7f6848f43a344aff866
efb02f933a138d675fe7d80c6c533f1f64bc0d3f
0daae791c93b12cb6a228c22e20198648d42682ce0696cdfc13183c49bb1c10b
POST /s/gts1p5/_29EuSYUrhk HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 02 Dec 2022 07:31:17 GMT
Cache-Control: public, max-age=14400
Server: scaffolding on HTTPServer2
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
poweredby.jads.co/js/jads.js
185.94.237.64301 Moved Permanently 178 B URL HTTP/1.1 poweredby.jads.co/js/jads.js
IP 185.94.237.64:0
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash cd2e0e43980a00fb6a2742d3afd803b8
81ffbd1712afe8cdf138b570c0fc9934742c33c1
bd9df047d51943acc4bc6cf55d88edb5b6785a53337ee2a0f74dd521aedde87d
GET /js/jads.js HTTP/1.1
Host: poweredby.jads.co
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://media.aso1.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Fri, 02 Dec 2022 07:31:17 GMT
Content-Type: text/html
Content-Length: 178
Connection: keep-alive
Location: jads2.js
adxadserv.com/ascripts/pxl.js
185.98.53.29200 OK 23 kB URL HTTP/1.1 adxadserv.com/ascripts/pxl.js
IP 185.98.53.29:0
ASN #39572 DataWeb Global Group B.V.
File type Unicode text, UTF-8 text, with very long lines (36114)
Hash 72d1139e9f2e6ebe3f51c9193edb4439
cd356eb9eaab433ac792406ba36d4304b6450571
74553d0effe74cd6a4f1424940f7fd133c5457ff1d5c53030e651ec6612bec88
GET /ascripts/pxl.js HTTP/1.1
Host: adxadserv.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ads.adxadserv.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
HTTP/1.1 200 OK
Server: nginx/1.20.1
Date: Fri, 02 Dec 2022 07:31:17 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Fri, 25 Sep 2020 09:55:25 GMT
ETag: W/"5f6dbe8d-12fee"
Expires: Thu, 01 Dec 2022 08:33:11 GMT
Cache-Control: max-age=86400, public
X-77-NZT: Abk73hEMuf7//UIBAA
X-77-NZT-Ray: f4787b272efd5ff0c5a989633b5e1729
X-Cache: HIT
X-Age: 82685
X-77-POP: amsterdamNL
X-77-Cache: HIT
Content-Encoding: br
ocsp.digicert.com/
93.184.220.29200 OK 279 B IP 93.184.220.29:0
Hash ca8c1cd11a19ddef292f87cdb5f71624
659d6b2b6336a903c683f3bde6da7f46b72841af
c38f2d7a240e022dfd8539138e33b0d14e925cb17791081259e879893c457317
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 745
Cache-Control: max-age=163807
Content-Type: application/ocsp-response
Date: Fri, 02 Dec 2022 07:31:17 GMT
Etag: "638983bb-117"
Expires: Sun, 04 Dec 2022 05:01:24 GMT
Last-Modified: Fri, 02 Dec 2022 04:48:59 GMT
Server: ECS (ska/F713)
X-Cache: HIT
Content-Length: 279
unseenreport.com/pxf.gif?uuid=0e261935-c89a-42b7-9386-175b95138375&eb=afa55bd8bbaeee6cbf2f0b21fb513961&te=9e4947f35751465411fd1a4f5c358c78&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&dev=e&res=14.1055&b_frame=0&pk=4d0afc2425eea6b0cd5a468c9f8a69ed&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=7
192.243.59.12200 OK 1 B URL HTTP/1.1 unseenreport.com/pxf.gif?uuid=0e261935-c89a-42b7-9386-175b95138375&eb=afa55bd8bbaeee6cbf2f0b21fb513961&te=9e4947f35751465411fd1a4f5c358c78&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&dev=e&res=14.1055&b_frame=0&pk=4d0afc2425eea6b0cd5a468c9f8a69ed&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=7
IP 192.243.59.12:0
ASN #39572 DataWeb Global Group B.V.
File type very short file (no magic)
Hash 93b885adfe0da089cdf634904fd59f71
5ba93c9db0cff93f52b521d7420e43f6eda2784f
6e340b9cffb37a989ca544e6bb780a2c78901d3fb33738768511a30617afa01d
Analyzer Verdict Alert quad9 Sinkholed
GET /pxf.gif?uuid=0e261935-c89a-42b7-9386-175b95138375&eb=afa55bd8bbaeee6cbf2f0b21fb513961&te=9e4947f35751465411fd1a4f5c358c78&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&dev=e&res=14.1055&b_frame=0&pk=4d0afc2425eea6b0cd5a468c9f8a69ed&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=7 HTTP/1.1
Host: unseenreport.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.17.6
Date: Fri, 02 Dec 2022 07:31:17 GMT
Content-Type: image/gif
Content-Length: 1
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: b45f6cb64370c16148c057dd6e67cb7c
Strict-Transport-Security: max-age=0; includeSubdomains
unseenreport.com/pxf.gif?uuid=0e261935-c89a-42b7-9386-175b95138375&eb=afa55bd8bbaeee6cbf2f0b21fb513961&te=9e4947f35751465411fd1a4f5c358c78&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&dev=e&res=14.1055&b_frame=0&pk=01f75a95a38a8db0a8e82d995253a076&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=7
192.243.59.12200 OK 2.1 kB URL HTTP/1.1 unseenreport.com/pxf.gif?uuid=0e261935-c89a-42b7-9386-175b95138375&eb=afa55bd8bbaeee6cbf2f0b21fb513961&te=9e4947f35751465411fd1a4f5c358c78&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&dev=e&res=14.1055&b_frame=0&pk=01f75a95a38a8db0a8e82d995253a076&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=7
IP 192.243.59.12:0
ASN #39572 DataWeb Global Group B.V.
Hash 0a25fa6d8deb2d43e6bb8160d3128fcd
27b5f19a6f033e27775167b21fae6d4b0083f092
caa934c33da7a99e24180980f773e8ba539a51a547dd9839621bbb6fdb5f3278
Analyzer Verdict Alert quad9 Sinkholed
GET /pxf.gif?uuid=0e261935-c89a-42b7-9386-175b95138375&eb=afa55bd8bbaeee6cbf2f0b21fb513961&te=9e4947f35751465411fd1a4f5c358c78&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&dev=e&res=14.1055&b_frame=0&pk=01f75a95a38a8db0a8e82d995253a076&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=7 HTTP/1.1
Host: unseenreport.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.17.6
Date: Fri, 02 Dec 2022 07:31:17 GMT
Content-Type: image/gif
Content-Length: 1
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: da41bf2e1479de0f7818ba9ed8aa0923
Strict-Transport-Security: max-age=0; includeSubdomains
unseenreport.com/pxf.gif?uuid=0e261935-c89a-42b7-9386-175b95138375&eb=afa55bd8bbaeee6cbf2f0b21fb513961&te=9e4947f35751465411fd1a4f5c358c78&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&dev=e&res=14.1055&b_frame=0&pk=21fe3950f412e026c33f1b6cee613eba&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=7
192.243.59.12200 OK 1 B URL HTTP/1.1 unseenreport.com/pxf.gif?uuid=0e261935-c89a-42b7-9386-175b95138375&eb=afa55bd8bbaeee6cbf2f0b21fb513961&te=9e4947f35751465411fd1a4f5c358c78&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&dev=e&res=14.1055&b_frame=0&pk=21fe3950f412e026c33f1b6cee613eba&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=7
IP 192.243.59.12:0
ASN #39572 DataWeb Global Group B.V.
File type very short file (no magic)
Hash 93b885adfe0da089cdf634904fd59f71
5ba93c9db0cff93f52b521d7420e43f6eda2784f
6e340b9cffb37a989ca544e6bb780a2c78901d3fb33738768511a30617afa01d
Analyzer Verdict Alert quad9 Sinkholed
GET /pxf.gif?uuid=0e261935-c89a-42b7-9386-175b95138375&eb=afa55bd8bbaeee6cbf2f0b21fb513961&te=9e4947f35751465411fd1a4f5c358c78&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&dev=e&res=14.1055&b_frame=0&pk=21fe3950f412e026c33f1b6cee613eba&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=7 HTTP/1.1
Host: unseenreport.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.17.6
Date: Fri, 02 Dec 2022 07:31:17 GMT
Content-Type: image/gif
Content-Length: 1
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: fd6d66c09b28676f2b8e6c6b39e0d251
Strict-Transport-Security: max-age=0; includeSubdomains
unseenreport.com/pxf.gif?uuid=0e261935-c89a-42b7-9386-175b95138375&eb=afa55bd8bbaeee6cbf2f0b21fb513961&te=9e4947f35751465411fd1a4f5c358c78&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&dev=e&res=14.1055&b_frame=0&pk=a2f990f10476061c719d1c1aa3a2ecd2&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=7
192.243.59.12200 OK 1 B URL HTTP/1.1 unseenreport.com/pxf.gif?uuid=0e261935-c89a-42b7-9386-175b95138375&eb=afa55bd8bbaeee6cbf2f0b21fb513961&te=9e4947f35751465411fd1a4f5c358c78&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&dev=e&res=14.1055&b_frame=0&pk=a2f990f10476061c719d1c1aa3a2ecd2&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=7
IP 192.243.59.12:0
ASN #39572 DataWeb Global Group B.V.
File type very short file (no magic)
Hash 93b885adfe0da089cdf634904fd59f71
5ba93c9db0cff93f52b521d7420e43f6eda2784f
6e340b9cffb37a989ca544e6bb780a2c78901d3fb33738768511a30617afa01d
Analyzer Verdict Alert quad9 Sinkholed
GET /pxf.gif?uuid=0e261935-c89a-42b7-9386-175b95138375&eb=afa55bd8bbaeee6cbf2f0b21fb513961&te=9e4947f35751465411fd1a4f5c358c78&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&dev=e&res=14.1055&b_frame=0&pk=a2f990f10476061c719d1c1aa3a2ecd2&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=7 HTTP/1.1
Host: unseenreport.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.17.6
Date: Fri, 02 Dec 2022 07:31:17 GMT
Content-Type: image/gif
Content-Length: 1
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: ccbaf4c9ccaef63c3d7c146540642cee
Strict-Transport-Security: max-age=0; includeSubdomains
ocsp.digicert.com/
93.184.220.29200 OK 279 B IP 93.184.220.29:0
Hash 2d6f1c1522a347f71ed48b388396a4b3
f501d965f023b0a4f4211825e761778b01957539
d86be182435dfcd143a5966fde3d8e724b8e8171025ed9481daee643c4a7c6b1
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 1972
Cache-Control: max-age=116762
Content-Type: application/ocsp-response
Date: Fri, 02 Dec 2022 07:31:17 GMT
Etag: "6388c72b-117"
Expires: Sat, 03 Dec 2022 15:57:19 GMT
Last-Modified: Thu, 01 Dec 2022 15:24:27 GMT
Server: ECS (ska/F713)
X-Cache: HIT
Content-Length: 279
s3t3d2y8.afcdn.net/library/426059/da0ccb93dad3a85e574f5bab0a23b3e9fe78d102.mp4
185.76.9.17206 Partial Content 614 kB URL HTTP/2 s3t3d2y8.afcdn.net/library/426059/da0ccb93dad3a85e574f5bab0a23b3e9fe78d102.mp4
IP 185.76.9.17:0
ASN #60068 Datacamp Limited
File type ISO Media, MP4 Base Media v1 [ISO 14496-12:2003]\012- data
Size 614 kB (613509 bytes)
Hash cb56d87c639242a191fa70bea5dca4bf
9a69fa0b38a420287c0090234110ddc6d937e303
bfc0f48210355f6b8ef917e39272f9bdad58963be338a222c4e3a0df6d34f30c
GET /library/426059/da0ccb93dad3a85e574f5bab0a23b3e9fe78d102.mp4 HTTP/1.1
Host: s3t3d2y8.afcdn.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: video/webm,video/ogg,video/*;q=0.9,application/ogg;q=0.7,audio/*;q=0.6,*/*;q=0.5
Accept-Language: en-US,en;q=0.5
Range: bytes=0-
Connection: keep-alive
Referer: https://a.naturalhealthsource.club/
Sec-Fetch-Dest: video
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 206 Partial Content
date: Fri, 02 Dec 2022 07:31:17 GMT
content-type: video/mp4
content-length: 21828
last-modified: Thu, 08 Sep 2022 14:48:28 GMT
etag: "631a00bc-5544"
expires: Fri, 27 Oct 2023 12:47:34 GMT
cache-control: max-age=31536000
access-control-allow-origin: *
x-robots-tag: noindex, follow
x-cache-op: HIT
x-accel-expires: @1701453365
server: CDN77-Turbo
x-77-nzt: AblMCQ1VsfX/EL8AAA
x-77-nzt-ray: c0a4cc286fe32b82c5a98963aae71a37
x-cache: HIT
x-age: 48912
x-77-pop: stockholmSE
x-77-cache: HIT
content-range: bytes 0-21827/21828
X-Firefox-Spdy: h2
syndication.realsrv.com/cimp.php?t=api&data=H4sIAAAAAAAAA3VPS2pDMQy8Si8Qo58tO/tuWwj0APb7kEVIIcmDFObwtZOSXTVIjD6MJCGRHcuO5I1kr7xnR+FQKJgEjoaPzwOMca637VJPx6Websfr93aZljCdtgaTRLEgpmQloTiRJpjnFEtGpDy4R0/oQciVYAQFdUhUs8ECEYuzl5zF4tDJhPevw8MZHEi9QKBEd4nUS+OqIWSd032IzWlRdraypNam4jW1NLvXam3tXMcgavj3D3oiqMa+sS/7K0DZVEyw41di6EZ4tOv15zwBr/En4kNAYXlci1q00kpznmvlNerkcyYzq63M3tb1F4p6scOGAQAA
95.211.229.247200 OK 20 B URL HTTP/1.1 syndication.realsrv.com/cimp.php?t=api&data=H4sIAAAAAAAAA3VPS2pDMQy8Si8Qo58tO/tuWwj0APb7kEVIIcmDFObwtZOSXTVIjD6MJCGRHcuO5I1kr7xnR+FQKJgEjoaPzwOMca637VJPx6Websfr93aZljCdtgaTRLEgpmQloTiRJpjnFEtGpDy4R0/oQciVYAQFdUhUs8ECEYuzl5zF4tDJhPevw8MZHEi9QKBEd4nUS+OqIWSd032IzWlRdraypNam4jW1NLvXam3tXMcgavj3D3oiqMa+sS/7K0DZVEyw41di6EZ4tOv15zwBr/En4kNAYXlci1q00kpznmvlNerkcyYzq63M3tb1F4p6scOGAQAA
IP 95.211.229.247:0
ASN #60781 LeaseWeb Netherlands B.V.
Hash a4745abc5e7fdb89cc6df3069f3c6e69
74789f7ddbebd5b7323f6f8174005b4bf8c1f1ed
d1111b245f685176180e6f1631e6dc49badf6672368e9ce260c71355165effdf
GET /cimp.php?t=api&data=H4sIAAAAAAAAA3VPS2pDMQy8Si8Qo58tO/tuWwj0APb7kEVIIcmDFObwtZOSXTVIjD6MJCGRHcuO5I1kr7xnR+FQKJgEjoaPzwOMca637VJPx6Websfr93aZljCdtgaTRLEgpmQloTiRJpjnFEtGpDy4R0/oQciVYAQFdUhUs8ECEYuzl5zF4tDJhPevw8MZHEi9QKBEd4nUS+OqIWSd032IzWlRdraypNam4jW1NLvXam3tXMcgavj3D3oiqMa+sS/7K0DZVEyw41di6EZ4tOv15zwBr/En4kNAYXlci1q00kpznmvlNerkcyYzq63M3tb1F4p6scOGAQAA HTTP/1.1
Host: syndication.realsrv.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://a.naturalhealthsource.club
Connection: keep-alive
Referer: https://a.naturalhealthsource.club/
Cookie: __uvt=a%3A1%3A%7Bi%3A0%3Bs%3A32%3A%226389a9c543d7a4.94947220159586887%22%3B%7D; __upt=%7B%22v%22%3A1%2C%22id%22%3A%226389a9c53ef6a3.997539581630177934%22%2C%22pcma%22%3A%22%22%2C%22acma%22%3A%22508.0490099501%22%7D; c-tag=%7B%22tag-video%22%3A%22v3%7C%7CNOR%7C4853636%7C59493762%7C0%7C%7C508%7C41%7C3%7C40%7C0%7C0%7C0%7C25344%7C3143242%7C3143244%7C0%7C1%7C0%7C0%7C0%7C0%7C1%7C0%7C0%7C1%7C6389a9c53ef6a3.997539581630177934%7C%7C0%7Cmedia.aso1.net%7C%7C%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7Cok%22%7D
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 02 Dec 2022 07:31:17 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Origin: https://a.naturalhealthsource.club
Access-Control-Allow-Credentials: true
Set-Cookie: __uvt=a%3A1%3A%7Bi%3A0%3Bs%3A32%3A%226389a9c543d7a4.94947220159586887%22%3B%7D; expires=Sun, 01 Dec 2024 07:31:17 GMT; path=; domain=.realsrv.com; Secure; SameSite=none
__upt=%7B%22v%22%3A1%2C%22id%22%3A%226389a9c53ef6a3.997539581630177934%22%2C%22pcma%22%3A%22%22%2C%22acma%22%3A%22508.058519850599%22%7D; expires=Sun, 01 Dec 2024 07:31:17 GMT; path=/; domain=.realsrv.com; Secure; SameSite=none
X-Robots-Tag: noindex, follow
Content-Encoding: gzip
adxadserv.com/px/event/v1?e_t=pageview&url=https%253A%252F%252Fads.adxadserv.com%252Fad%253Fspotid%253D636bc5d561d6e27071201a23%2526type%253D300x250%2526output%253Dhtml&ref=https%253A%252F%252Fxfantazy.com%252F&d_r=1&d_s=1280x1024&d_w=300x250&t_s=1669966275539&t_i=1669966275814&u_tz=0&u_l=en-US&u_l2=&u_l3=&pv_uid=7a30edd2-134d-4b1f-b71d-2cf351aca704&nav_rc=0&nav_nt=NAVIGATE&p_nn=adxad-rtb&p_pt=IFRAME&imid=4ed0c00e-7213-11ed-b056-e2e38133f3a0&spid=636bc5d561d6e27071201a23&fpid_sa=1669966275814&fpid=&feid_sa=1669966275814&sid_sa=1669966275814&feid=9c03dd5e581db9d4c293d6f3bb58f442&sid=3aea4ff534bd4182b75625ef958f0afa&u_adb=0&vn=T-0.1.1&utm_typ=referral&utm_src=xfantazy.com&s_rst=1&e_d=%7B%22isResetRequired%22%3Atrue%7D&t_op=0.466
185.98.53.29200 OK 0 B URL HTTP/1.1 adxadserv.com/px/event/v1?e_t=pageview&url=https%253A%252F%252Fads.adxadserv.com%252Fad%253Fspotid%253D636bc5d561d6e27071201a23%2526type%253D300x250%2526output%253Dhtml&ref=https%253A%252F%252Fxfantazy.com%252F&d_r=1&d_s=1280x1024&d_w=300x250&t_s=1669966275539&t_i=1669966275814&u_tz=0&u_l=en-US&u_l2=&u_l3=&pv_uid=7a30edd2-134d-4b1f-b71d-2cf351aca704&nav_rc=0&nav_nt=NAVIGATE&p_nn=adxad-rtb&p_pt=IFRAME&imid=4ed0c00e-7213-11ed-b056-e2e38133f3a0&spid=636bc5d561d6e27071201a23&fpid_sa=1669966275814&fpid=&feid_sa=1669966275814&sid_sa=1669966275814&feid=9c03dd5e581db9d4c293d6f3bb58f442&sid=3aea4ff534bd4182b75625ef958f0afa&u_adb=0&vn=T-0.1.1&utm_typ=referral&utm_src=xfantazy.com&s_rst=1&e_d=%7B%22isResetRequired%22%3Atrue%7D&t_op=0.466
IP 185.98.53.29:0
ASN #39572 DataWeb Global Group B.V.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /px/event/v1?e_t=pageview&url=https%253A%252F%252Fads.adxadserv.com%252Fad%253Fspotid%253D636bc5d561d6e27071201a23%2526type%253D300x250%2526output%253Dhtml&ref=https%253A%252F%252Fxfantazy.com%252F&d_r=1&d_s=1280x1024&d_w=300x250&t_s=1669966275539&t_i=1669966275814&u_tz=0&u_l=en-US&u_l2=&u_l3=&pv_uid=7a30edd2-134d-4b1f-b71d-2cf351aca704&nav_rc=0&nav_nt=NAVIGATE&p_nn=adxad-rtb&p_pt=IFRAME&imid=4ed0c00e-7213-11ed-b056-e2e38133f3a0&spid=636bc5d561d6e27071201a23&fpid_sa=1669966275814&fpid=&feid_sa=1669966275814&sid_sa=1669966275814&feid=9c03dd5e581db9d4c293d6f3bb58f442&sid=3aea4ff534bd4182b75625ef958f0afa&u_adb=0&vn=T-0.1.1&utm_typ=referral&utm_src=xfantazy.com&s_rst=1&e_d=%7B%22isResetRequired%22%3Atrue%7D&t_op=0.466 HTTP/1.1
Host: adxadserv.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ads.adxadserv.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
HTTP/1.1 200 OK
Server: nginx/1.20.1
Date: Fri, 02 Dec 2022 07:31:17 GMT
Content-Length: 0
Connection: keep-alive
tallysaturatesnare.com/pixel/sbs?c=1
192.243.61.227200 OK 0 B URL HTTP/1.1 tallysaturatesnare.com/pixel/sbs?c=1
IP 192.243.61.227:0
ASN #39572 DataWeb Global Group B.V.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /pixel/sbs?c=1 HTTP/1.1
Host: tallysaturatesnare.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Cookie: u_pl=15600826; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.22.0
Date: Fri, 02 Dec 2022 07:31:17 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
tallysaturatesnare.com/impr.gif?sid=H4sIAAAAAAAC%2F1RSz2skRRSu3s1eVMSVPbiIOEcFnXTPj8zM7iEY10gwJnF3NeiCWF1VPSlT3dVUdU9PBoSwC7LeZvGyx843ycbVrOx6FPxBx4sElB0PkoM5%2BAcIIuxVmclg2AdV77363uH7vlefbqVHxEVKD1fe1j2pFJ2ul93SS6sy4jqzpaWrJc8tuxdLqzKaqV0sdUeX6Vzw3HrZfbn0pmDrerrieq7ruV5pXhoR6O70GIWM91peueWWa5WyV6%2Bhax7vberAUge8c0SeheTDM2s%2FP4BkBaLw%2FiVh1xMdv%2FJGmCqaaIMO3303Wo90FiE8KQPjIIh2J9PQdkjI7VPQ0e5EAXRne6QAvhwS53cPfrQ7oQm%2Fs3PM1FcQEXz%2BJLJOAaEKSFqA6RuQ%2FCEBGMfSMqLwzpI2Gd04RukIHZKpR%2F9AZkMy9cc5ROHXc0p2S1e0ShOpI4tukEN2C8h2gTjdR9JzILN9sOQ6JP%2BFTD9aRBRuL1ulIXk%2BVi9lARkUUKIPah2koyMdpIGDNHYQ8sMSrbcC120EflCtNmuMsWqVsXpzhtd5tdYMXKRsRK%2BPJO6DqT6Y2URsNrEubw0Jub4Nk%2F4Iu5bDcgc2GRLnnU10eI5MEGSWIKMEmSTIEoKsk%2B9wZSs2v8OVTX1vkiuTXM0HOmlv0R2dtEVEtuIjcnZszl9PfYt1cViilaDVcgPPrTVm3BmPNbwW95hHaZVWBOMVWJlD2lNjvT05JOee%2FxPxaGOf%2FAuf7sOqfTD5DGj6Amg2aFRc0LVBremiF%2B11AxoltLdRZjoE1zniZArJhrOljsj5MY8L136FYAez97%2B%2Ft%2Fz%2B6S%2FATI7Y5PhY%2FkTQVjcHl3VGti%2FrzJIHy3EiQ9mjowVeSWgiznz5ltjItOELl2z%2F7mtsBIzKvavCJos04jJqW%2FLVnORcmHltmCDfLdhV4a%2Bkdm0uNVEaL668Pr8QxkZYK3VUgMqHH%2F0AJofkif7Z8dd8sfkBpClg0hxhekAmAakLsHgTNj6YvXf%2B2t%2B3P3RhNYFRJzN%2B7CBL84Gp%2BCePShIocdJTP4cVB7PfvPr0e1PPfQ5f%2FG%2FHlr2JtnFAkxuIwhwdk6OjclDVh01PD5LYHMz%2BVh0HfOUMfGWcbV8ZdevYWisPS3WvJpp%2Bs8E49wXjXqNSbVZdt8J5rdESXguJHbLP7u7%2FBwAA%2F%2F8BAAD%2F%2F7hm6P9yBAAA
192.243.61.227200 OK 7 B URL HTTP/1.1 tallysaturatesnare.com/impr.gif?sid=H4sIAAAAAAAC%2F1RSz2skRRSu3s1eVMSVPbiIOEcFnXTPj8zM7iEY10gwJnF3NeiCWF1VPSlT3dVUdU9PBoSwC7LeZvGyx843ycbVrOx6FPxBx4sElB0PkoM5%2BAcIIuxVmclg2AdV77363uH7vlefbqVHxEVKD1fe1j2pFJ2ul93SS6sy4jqzpaWrJc8tuxdLqzKaqV0sdUeX6Vzw3HrZfbn0pmDrerrieq7ruV5pXhoR6O70GIWM91peueWWa5WyV6%2Bhax7vberAUge8c0SeheTDM2s%2FP4BkBaLw%2FiVh1xMdv%2FJGmCqaaIMO3303Wo90FiE8KQPjIIh2J9PQdkjI7VPQ0e5EAXRne6QAvhwS53cPfrQ7oQm%2Fs3PM1FcQEXz%2BJLJOAaEKSFqA6RuQ%2FCEBGMfSMqLwzpI2Gd04RukIHZKpR%2F9AZkMy9cc5ROHXc0p2S1e0ShOpI4tukEN2C8h2gTjdR9JzILN9sOQ6JP%2BFTD9aRBRuL1ulIXk%2BVi9lARkUUKIPah2koyMdpIGDNHYQ8sMSrbcC120EflCtNmuMsWqVsXpzhtd5tdYMXKRsRK%2BPJO6DqT6Y2URsNrEubw0Jub4Nk%2F4Iu5bDcgc2GRLnnU10eI5MEGSWIKMEmSTIEoKsk%2B9wZSs2v8OVTX1vkiuTXM0HOmlv0R2dtEVEtuIjcnZszl9PfYt1cViilaDVcgPPrTVm3BmPNbwW95hHaZVWBOMVWJlD2lNjvT05JOee%2FxPxaGOf%2FAuf7sOqfTD5DGj6Amg2aFRc0LVBremiF%2B11AxoltLdRZjoE1zniZArJhrOljsj5MY8L136FYAez97%2B%2Ft%2Fz%2B6S%2FATI7Y5PhY%2FkTQVjcHl3VGti%2FrzJIHy3EiQ9mjowVeSWgiznz5ltjItOELl2z%2F7mtsBIzKvavCJos04jJqW%2FLVnORcmHltmCDfLdhV4a%2Bkdm0uNVEaL668Pr8QxkZYK3VUgMqHH%2F0AJofkif7Z8dd8sfkBpClg0hxhekAmAakLsHgTNj6YvXf%2B2t%2B3P3RhNYFRJzN%2B7CBL84Gp%2BCePShIocdJTP4cVB7PfvPr0e1PPfQ5f%2FG%2FHlr2JtnFAkxuIwhwdk6OjclDVh01PD5LYHMz%2BVh0HfOUMfGWcbV8ZdevYWisPS3WvJpp%2Bs8E49wXjXqNSbVZdt8J5rdESXguJHbLP7u7%2FBwAA%2F%2F8BAAD%2F%2F7hm6P9yBAAA
IP 192.243.61.227:0
ASN #39572 DataWeb Global Group B.V.
File type ASCII text, with no line terminators
Hash 132d6af1b46048b45cf86cdee7991d31
eb7007d03d59b65bc6da7e098c4d38fc6dfb6285
ab852e838deccd742a03ca81d4a8d75cf1a00b327db3eaf46bd7da6b6db9384c
Analyzer Verdict Alert fortinet Malware
quad9 Sinkholed
GET /impr.gif?sid=H4sIAAAAAAAC%2F1RSz2skRRSu3s1eVMSVPbiIOEcFnXTPj8zM7iEY10gwJnF3NeiCWF1VPSlT3dVUdU9PBoSwC7LeZvGyx843ycbVrOx6FPxBx4sElB0PkoM5%2BAcIIuxVmclg2AdV77363uH7vlefbqVHxEVKD1fe1j2pFJ2ul93SS6sy4jqzpaWrJc8tuxdLqzKaqV0sdUeX6Vzw3HrZfbn0pmDrerrieq7ruV5pXhoR6O70GIWM91peueWWa5WyV6%2Bhax7vberAUge8c0SeheTDM2s%2FP4BkBaLw%2FiVh1xMdv%2FJGmCqaaIMO3303Wo90FiE8KQPjIIh2J9PQdkjI7VPQ0e5EAXRne6QAvhwS53cPfrQ7oQm%2Fs3PM1FcQEXz%2BJLJOAaEKSFqA6RuQ%2FCEBGMfSMqLwzpI2Gd04RukIHZKpR%2F9AZkMy9cc5ROHXc0p2S1e0ShOpI4tukEN2C8h2gTjdR9JzILN9sOQ6JP%2BFTD9aRBRuL1ulIXk%2BVi9lARkUUKIPah2koyMdpIGDNHYQ8sMSrbcC120EflCtNmuMsWqVsXpzhtd5tdYMXKRsRK%2BPJO6DqT6Y2URsNrEubw0Jub4Nk%2F4Iu5bDcgc2GRLnnU10eI5MEGSWIKMEmSTIEoKsk%2B9wZSs2v8OVTX1vkiuTXM0HOmlv0R2dtEVEtuIjcnZszl9PfYt1cViilaDVcgPPrTVm3BmPNbwW95hHaZVWBOMVWJlD2lNjvT05JOee%2FxPxaGOf%2FAuf7sOqfTD5DGj6Amg2aFRc0LVBremiF%2B11AxoltLdRZjoE1zniZArJhrOljsj5MY8L136FYAez97%2B%2Ft%2Fz%2B6S%2FATI7Y5PhY%2FkTQVjcHl3VGti%2FrzJIHy3EiQ9mjowVeSWgiznz5ltjItOELl2z%2F7mtsBIzKvavCJos04jJqW%2FLVnORcmHltmCDfLdhV4a%2Bkdm0uNVEaL668Pr8QxkZYK3VUgMqHH%2F0AJofkif7Z8dd8sfkBpClg0hxhekAmAakLsHgTNj6YvXf%2B2t%2B3P3RhNYFRJzN%2B7CBL84Gp%2BCePShIocdJTP4cVB7PfvPr0e1PPfQ5f%2FG%2FHlr2JtnFAkxuIwhwdk6OjclDVh01PD5LYHMz%2BVh0HfOUMfGWcbV8ZdevYWisPS3WvJpp%2Bs8E49wXjXqNSbVZdt8J5rdESXguJHbLP7u7%2FBwAA%2F%2F8BAAD%2F%2F7hm6P9yBAAA HTTP/1.1
Host: tallysaturatesnare.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Cookie: u_pl=15600826; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.22.0
Date: Fri, 02 Dec 2022 07:31:17 GMT
Content-Type: image/gif
Content-Length: 7
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: f69180ef6c28871a4d1bf06cbca9ce4b
Strict-Transport-Security: max-age=0; includeSubdomains
poweredby.jads.co/js/jads2.js
185.94.237.64200 OK 1.7 kB URL HTTP/1.1 poweredby.jads.co/js/jads2.js
IP 185.94.237.64:0
File type ASCII text, with very long lines (3758), with no line terminators
Hash 558e1b61fc513016183a3812938e79fb
5f72ea61a2aad8f7a0956321d3fd8524db70eddf
a79f8c0aabfc2d1d45e4df2a86ca9172d292b08987f7a9d5c10bd10abf3aef54
GET /js/jads2.js HTTP/1.1
Host: poweredby.jads.co
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://media.aso1.net/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 02 Dec 2022 07:31:18 GMT
Content-Type: application/x-javascript
Last-Modified: Mon, 11 Jul 2022 00:36:11 GMT
Transfer-Encoding: chunked
Connection: close
ETag: W/"62cb707b-eae"
Content-Encoding: gzip
cloudflare.com/cdn-cgi/trace
104.16.132.229200 OK 509 B URL HTTP/2 cloudflare.com/cdn-cgi/trace
IP 104.16.132.229:0
Hash 787702f95d84f06e2c697ad26eadf82f
8b5bd34440d20ff3e0e54e18e0d91933285c2dba
b0e70470d612ec6a7735cfae0f4de2f21aa51aaebe11d5e116963f804d71dbb8
GET /cdn-cgi/trace HTTP/1.1
Host: cloudflare.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://media.aso1.net/
Origin: https://media.aso1.net
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 02 Dec 2022 07:31:17 GMT
content-type: text/plain
access-control-allow-origin: *
server: cloudflare
cf-ray: 77325cb4bd9cb4fd-OSL
x-frame-options: DENY
x-content-type-options: nosniff
expires: Thu, 01 Jan 1970 00:00:01 GMT
cache-control: no-cache
content-encoding: gzip
X-Firefox-Spdy: h2
cdn3.medfoodsafety.com/9b/27/37628/00000163308.gif
172.64.205.2200 OK 124 kB URL HTTP/2 cdn3.medfoodsafety.com/9b/27/37628/00000163308.gif
IP 172.64.205.2:0
File type GIF image data, version 89a, 300 x 250\012- data
Size 124 kB (124518 bytes)
Hash 3249330ecc29487cd16d38fd738919aa
cb54e847a00af35d976b20e3a383801325569cdd
32e604d33273edf430ed733d7ff6e6152f0060935b2b83f0b6378772876bd279
GET /9b/27/37628/00000163308.gif HTTP/1.1
Host: cdn3.medfoodsafety.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://a.medfoodsafety.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 200 OK
date: Fri, 02 Dec 2022 07:31:17 GMT
content-type: image/gif
content-length: 124518
last-modified: Wed, 30 Jan 2019 21:16:23 GMT
etag: "3249330ecc29487cd16d38fd738919aa"
x-amz-server-side-encryption: AES256
x-cache: Miss from cloudfront
via: 1.1 32a13ceef956a784d69d32b657a9ef6a.cloudfront.net (CloudFront)
x-amz-cf-pop: IAH50-P1
x-amz-cf-id: w5v80XEKQrBW33zLfTbFn17k2mT2m1pvuTeKB4ZqdG8IgtV3qIdk4Q==
cache-control: max-age=14400
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=oOcqA7Dk7K0Sm2SZNUn%2BhR91Mpa6g1CmZgY9xPA5ILqsuG%2FUbqiLxO3Y9luLNqCIBhODtFXrv2ccw9u87PMUKlb2jPbA5JlaATIm7GTOBtOJ1YK9oj2Pko91Vb4BpZEK2m179Dnz8630"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 77325cb26ab374e1-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
go.xlirdr.com/i?campaignId=banner2609start&creativeId=300x250&modelsCountry=&modelsLanguage=&sourceId=xfanta&tag=females&targetDomain=&buttonColor=&hideModelNameOnSmallSpots=0&hideTitleOnSmallSpots=1&liveBadgeColor=%2324d7d7&showButton=1&showModelName=1&showTitle=0&showLiveBadge=1&isXhDesign=0&actionButtonPlacement=bottom&thumbSizeKey=small&hideButtonOnSmallSpots=1&userId=b47aedc2c088e2f21e0cc23e0318384c557941461efdbc48212e7282df45f2f4&landing=WidgetV4Universal
104.18.51.106302 Found 0 B URL HTTP/2 go.xlirdr.com/i?campaignId=banner2609start&creativeId=300x250&modelsCountry=&modelsLanguage=&sourceId=xfanta&tag=females&targetDomain=&buttonColor=&hideModelNameOnSmallSpots=0&hideTitleOnSmallSpots=1&liveBadgeColor=%2324d7d7&showButton=1&showModelName=1&showTitle=0&showLiveBadge=1&isXhDesign=0&actionButtonPlacement=bottom&thumbSizeKey=small&hideButtonOnSmallSpots=1&userId=b47aedc2c088e2f21e0cc23e0318384c557941461efdbc48212e7282df45f2f4&landing=WidgetV4Universal
IP 104.18.51.106:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /i?campaignId=banner2609start&creativeId=300x250&modelsCountry=&modelsLanguage=&sourceId=xfanta&tag=females&targetDomain=&buttonColor=&hideModelNameOnSmallSpots=0&hideTitleOnSmallSpots=1&liveBadgeColor=%2324d7d7&showButton=1&showModelName=1&showTitle=0&showLiveBadge=1&isXhDesign=0&actionButtonPlacement=bottom&thumbSizeKey=small&hideButtonOnSmallSpots=1&userId=b47aedc2c088e2f21e0cc23e0318384c557941461efdbc48212e7282df45f2f4&landing=WidgetV4Universal HTTP/1.1
Host: go.xlirdr.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://cams.gratis/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
date: Fri, 02 Dec 2022 07:31:18 GMT
content-length: 0
location: https://creative.xlirdr.com/widgets/v4/Universal/?actionButtonPlacement=bottom&buttonColor=&campaignId=banner2609start&creativeId=300x250&domain=stripchat&hideButtonOnSmallSpots=1&hideModelNameOnSmallSpots=0&hideTitleOnSmallSpots=1&isXhDesign=0&liveBadgeColor=%2324d7d7&modelsCountry=&modelsLanguage=&showButton=1&showLiveBadge=1&showModelName=1&showTitle=0&sound=off&sourceId=xfanta&tag=females&targetDomain=&thumbSizeKey=small&trackOff=1&userId=b47aedc2c088e2f21e0cc23e0318384c557941461efdbc48212e7282df45f2f4
access-control-allow-origin: *
cf-cache-status: DYNAMIC
set-cookie: __cflb=02DiuDfsBaY2bRYJiCg3Rc4wrBy1LXpo8WGFQJV7pVUWQ; SameSite=None; Secure; path=/; expires=Sat, 03-Dec-22 06:31:18 GMT; HttpOnly
server: cloudflare
cf-ray: 77325cb5ecfdb4ed-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 278 B IP 93.184.220.29:0
Hash 24a1297be2f0d085fd039bf9bae9aa95
40abe11c383d36b78515aceed7296c7d69f5b16f
f18787cd72e6872817fb5c19f643359c11df816c53db774c53a8093def600d00
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4648
Cache-Control: max-age=139276
Content-Type: application/ocsp-response
Date: Fri, 02 Dec 2022 07:31:18 GMT
Etag: "638914aa-116"
Expires: Sat, 03 Dec 2022 22:12:34 GMT
Last-Modified: Thu, 01 Dec 2022 20:55:06 GMT
Server: ECS (ska/F713)
X-Cache: HIT
Content-Length: 278
prhzxq.com/wnload?a=1&e=aeyJwaWQiOjExMDcyMDUsInNpZCI6MTEyNzg1NCwid2lkIjozMDM5ODEsImQiOiJtZWRpYS5hc28xLm5ldCIsImxpIjoyfQ==&tz=0&if=1&u=aHR0cHM6Ly9tZWRpYS5hc28xLm5ldC9qcy9pZnIuaHRtbA==&inc=0
185.162.85.20200 OK 0 B URL HTTP/2 prhzxq.com/wnload?a=1&e=aeyJwaWQiOjExMDcyMDUsInNpZCI6MTEyNzg1NCwid2lkIjozMDM5ODEsImQiOiJtZWRpYS5hc28xLm5ldCIsImxpIjoyfQ==&tz=0&if=1&u=aHR0cHM6Ly9tZWRpYS5hc28xLm5ldC9qcy9pZnIuaHRtbA==&inc=0
IP 185.162.85.20:0
ASN #39572 DataWeb Global Group B.V.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /wnload?a=1&e=aeyJwaWQiOjExMDcyMDUsInNpZCI6MTEyNzg1NCwid2lkIjozMDM5ODEsImQiOiJtZWRpYS5hc28xLm5ldCIsImxpIjoyfQ==&tz=0&if=1&u=aHR0cHM6Ly9tZWRpYS5hc28xLm5ldC9qcy9pZnIuaHRtbA==&inc=0 HTTP/1.1
Host: prhzxq.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://media.aso1.net/
Origin: https://media.aso1.net
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx/1.18.0
date: Fri, 02 Dec 2022 07:31:18 GMT
content-type: application/javascript; charset=utf-8
content-length: 0
access-control-allow-origin: *
access-control-allow-credentials: true
X-Firefox-Spdy: h2
chaturbate.com/in/?track=xfanta&tour=x1Rd&campaign=NcAyU&c=3&p=0&gender=f
104.18.100.40302 Found 65 B URL HTTP/2 chaturbate.com/in/?track=xfanta&tour=x1Rd&campaign=NcAyU&c=3&p=0&gender=f
IP 104.18.100.40:0
File type ASCII text, with no line terminators
Hash f43656e33471c50b0a8848a2814691c1
4f55490076303daead857bcae9fd7ba1c97c8e1c
2186ddccfab327ab26cbf6d789001eea42ef6332386cc37ead0e8befe906fdeb
GET /in/?track=xfanta&tour=x1Rd&campaign=NcAyU&c=3&p=0&gender=f HTTP/1.1
Host: chaturbate.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://cams.gratis/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
date: Fri, 02 Dec 2022 07:31:18 GMT
content-type: text/html; charset=utf-8
location: /tours/3/?tour=x1Rd&campaign=NcAyU&c=3&p=0&gender=f&disable_sound=0
p3p: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"
vary: Accept-Language, Cookie
content-language: en
content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.mmcdn.com https://*.highwebmedia.com https://*.chaturbate.com https://chaturbate.com https://ajax.googleapis.com https://js-agent.newrelic.com https://cdnjs.cloudflare.com https://www.google-analytics.com https://www.google.com/recaptcha/ https://www.google.com/cv/ https://www.gstatic.com/recaptcha/ https://www.gstatic.com/cv/ https://www.gstatic.com/eureka/ https://www.gstatic.com/cast/ https://*.nr-data.net https://certify-js.alexametrics.com https://player.vimeo.com/api/player.js http://static.hotjar.com https://static.hotjar.com https://script.hotjar.com ; style-src 'self' data: 'unsafe-inline' https://*.highwebmedia.com https://cdnjs.cloudflare.com https://fonts.googleapis.com ; img-src 'self' data: https://*.mmcdn.com https://*.highwebmedia.com https://*.stream.highwebmedia.com https://*.chaturbate.com https://chaturbate.com https://www.google-analytics.com https://static-pub.highwebmedia.com https://s3pv.highwebmedia.com https://cbphotovideo.s3.amazonaws.com https://cbphotovideo-eu.s3.amazonaws.com https://static-pub.highwebmedia.com.s3.amazonaws.com https://wowdvr.s3.amazonaws.com https://cbvideoupload.s3.amazonaws.com https://cdnjs.cloudflare.com https://www.gstatic.com https://*.nr-data.net https://certify.alexametrics.com https://stats.g.doubleclick.net https://cbgames.s3.amazonaws.com https://player.vimeo.com https://script.hotjar.com http://script.hotjar.com ; font-src 'self' data: https://*.mmcdn.com https://*.highwebmedia.com https://cdnjs.cloudflare.com https://fonts.gstatic.com http://script.hotjar.com https://script.hotjar.com ; connect-src 'self' blob: blob https://*.mmcdn.com wss://*.mmcdn.com wss://*.mmcdn.com:8443 https://*.highwebmedia.com wss://*.highwebmedia.com wss://*.highwebmedia.com:8443 https://*.nr-data.net https://*.chaturbate.com https://chaturbate.com https://www.google-analytics.com https://cbvideoupload.s3-accelerate.amazonaws.com https://stats.g.doubleclick.net https://internet-up.ably-realtime.com https://static-pub.highwebmedia.com https://s3pv.highwebmedia.com https://cbphotovideo.s3.amazonaws.com https://cbphotovideo-eu.s3.amazonaws.com https://static-pub.highwebmedia.com.s3.amazonaws.com https://wowdvr.s3.amazonaws.com https://cbvideoupload.s3.amazonaws.com https://tls-use1.fpapi.io https://use1.fptls.com https://eun1.fptls.com https://aps1.fptls.com http://*.hotjar.com:* https://*.hotjar.com:* https://vc.hotjar.io:* https://surveystats.hotjar.io wss://*.hotjar.com ; media-src 'self' https://*.mmcdn.com https://*.highwebmedia.com https://*.chaturbate.com https://chaturbate.com mediasource: blob: data: https://static-pub.highwebmedia.com https://s3pv.highwebmedia.com https://cbphotovideo.s3.amazonaws.com https://cbphotovideo-eu.s3.amazonaws.com https://static-pub.highwebmedia.com.s3.amazonaws.com https://wowdvr.s3.amazonaws.com https://cbvideoupload.s3.amazonaws.com; object-src 'self' https://*.mmcdn.com https://*.highwebmedia.com https://download.macromedia.com https://static-pub.highwebmedia.com https://s3pv.highwebmedia.com https://cbphotovideo.s3.amazonaws.com https://cbphotovideo-eu.s3.amazonaws.com https://static-pub.highwebmedia.com.s3.amazonaws.com https://wowdvr.s3.amazonaws.com https://cbvideoupload.s3.amazonaws.com ; frame-src 'self' https://*.mmcdn.com https://*.chaturbate.com https://chaturbate.com https://*.highwebmedia.com https://adserver.exoticads.com https://www.google.com/recaptcha/ https://*.wnu.com https://wnu.com https://checkout.2000charge.com https://www.sofort.com https://*.girogate.de https://player.vimeo.com https://vars.hotjar.com ; child-src 'self' blob: blob ; worker-src 'self' blob: blob ; form-action 'self' https://*.chaturbate.com https://chaturbate.com https://*.stream.highwebmedia.com https://www.coinpayments.net https://*.wnu.com https://wnu.com https://devportal.cb.dev https://*.web.amer-1.jumio.ai https://smartpay.coinsmart.com ; manifest-src 'self' https://*.mmcdn.com https://*.highwebmedia.com ; report-uri https://report-uri.mmcdn.com/r/t/csp/enforce;
report-to: {"group":"default","max_age":2592000,"endpoints":[{"url":"https://report-uri.mmcdn.com/a/t/g"}],"include_subdomains":true}
nel: {"report_to":"default","max_age":2592000,"include_subdomains":true}
x-frame-options: DENY
cache-control: no-cache
x-content-type-options: nosniff
x-xss-protection: 1; mode=block; report=https://report-uri.highwebmedia.com/r/t/xss/enforce
referrer-policy: strict-origin-when-cross-origin
via: 1.1 google
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cf-cache-status: DYNAMIC
set-cookie: u_x1Rd=1; expires=Wed, 07-Dec-2022 07:31:18 GMT; Max-Age=432000; Path=/
us_x1Rd=1; Path=/
affkey="eJyrVipRslJQqjAMSlHSUVBKzi0Acf2SHStDQfySomywdFpiXkkiSKAIxM0oKSkottLXT07MLdZLL0osySzWB0kmpqWBpHMTKyoqclNTMhONDAwtQBJgQ40MlWoBzegfMA=="; Domain=.chaturbate.com; expires=Sun, 01-Jan-2023 07:31:18 GMT; Max-Age=2592000; Path=/
fromaffiliate=1; Domain=.chaturbate.com; Path=/
noads=1; expires=Fri, 02-Dec-2022 13:31:18 GMT; Max-Age=21600; Path=/
stcki="iuhY4r=0"; expires=Sun, 01-Jan-2023 07:31:18 GMT; Max-Age=2592000; Path=/
sbr=sec:sbr53498bd1-0590-4e7e-85c0-d8525c4b0ade:1p10Vy:m_0jIfBi99ppQ6KZ_gv35YGQ-7k; Domain=.chaturbate.com; expires=Wed, 27-Aug-2025 07:31:18 GMT; HttpOnly; Max-Age=86313600; Path=/; Secure
__cf_bm=T_iz2TFvxeGRHUoQqTuVaQ9tfpF3UYemO7VlHEYDaG0-1669966278-0-AawWlOY3eNqAQJUkRfIx4yLnQzz/j0zTa2HJ2Sy/Srh0RtFZPL6shfOWy/fKC+hH1ajpdp9ENBGoR0Vn7lVMj+k=; path=/; expires=Fri, 02-Dec-22 08:01:18 GMT; domain=.chaturbate.com; HttpOnly; Secure; SameSite=None
strict-transport-security: max-age=31536000; includeSubDomains; preload
server: cloudflare
cf-ray: 77325cb5f9e4b511-OSL
X-Firefox-Spdy: h2
creative.xlirdr.com/widgets/v4/Universal/?actionButtonPlacement=bottom&buttonColor=&campaignId=banner2609start&creativeId=300x250&domain=stripchat&hideButtonOnSmallSpots=1&hideModelNameOnSmallSpots=0&hideTitleOnSmallSpots=1&isXhDesign=0&liveBadgeColor=%2324d7d7&modelsCountry=&modelsLanguage=&showButton=1&showLiveBadge=1&showModelName=1&showTitle=0&sound=off&sourceId=xfanta&tag=females&targetDomain=&thumbSizeKey=small&trackOff=1&userId=b47aedc2c088e2f21e0cc23e0318384c557941461efdbc48212e7282df45f2f4
104.18.51.106200 OK 589 B URL HTTP/2 creative.xlirdr.com/widgets/v4/Universal/?actionButtonPlacement=bottom&buttonColor=&campaignId=banner2609start&creativeId=300x250&domain=stripchat&hideButtonOnSmallSpots=1&hideModelNameOnSmallSpots=0&hideTitleOnSmallSpots=1&isXhDesign=0&liveBadgeColor=%2324d7d7&modelsCountry=&modelsLanguage=&showButton=1&showLiveBadge=1&showModelName=1&showTitle=0&sound=off&sourceId=xfanta&tag=females&targetDomain=&thumbSizeKey=small&trackOff=1&userId=b47aedc2c088e2f21e0cc23e0318384c557941461efdbc48212e7282df45f2f4
IP 104.18.51.106:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash b8f818f63b837f8327964c5b4e79db44
2cec19df615efa43c6e60da3814229cf60d5596e
de4dfcdb73a115eb767fc999fdd59aeef445aaeb4acd34a4deae7c044a34cfdd
GET /widgets/v4/Universal/?actionButtonPlacement=bottom&buttonColor=&campaignId=banner2609start&creativeId=300x250&domain=stripchat&hideButtonOnSmallSpots=1&hideModelNameOnSmallSpots=0&hideTitleOnSmallSpots=1&isXhDesign=0&liveBadgeColor=%2324d7d7&modelsCountry=&modelsLanguage=&showButton=1&showLiveBadge=1&showModelName=1&showTitle=0&sound=off&sourceId=xfanta&tag=females&targetDomain=&thumbSizeKey=small&trackOff=1&userId=b47aedc2c088e2f21e0cc23e0318384c557941461efdbc48212e7282df45f2f4 HTTP/1.1
Host: creative.xlirdr.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://cams.gratis/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Fri, 02 Dec 2022 07:31:18 GMT
content-type: text/html
last-modified: Wed, 30 Nov 2022 08:42:41 GMT
expires: Fri, 02 Dec 2022 07:31:23 GMT
cache-control: max-age=10
strict-transport-security: max-age=15768000
pragma: public
report-to: { "endpoints":[{ "url": "https://go.stripchat.com/report" }], "group": "default", "max_age": 1048576 }
cf-cache-status: HIT
age: 4
vary: Accept-Encoding
server: cloudflare
cf-ray: 77325cb6bdb3b4ed-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
kiynew.com/admc?a=2&pid=1107205&sid=1127854&wid=303981&fp=b0143518e841b2470af84d86e1b09d3b&tz=0
185.162.85.19200 OK 466 B URL HTTP/2 kiynew.com/admc?a=2&pid=1107205&sid=1127854&wid=303981&fp=b0143518e841b2470af84d86e1b09d3b&tz=0
IP 185.162.85.19:0
ASN #39572 DataWeb Global Group B.V.
File type gzip compressed data, max compression\012- data
Hash cd47aaaff4e4601dbd014afdc4ecfebc
85456d20605215127df85008fb4ae812f709cef7
b83eb5df548aecb02630507ae4ef2d316f31935f479c0b637a276317cbfc797a
GET /admc?a=2&pid=1107205&sid=1127854&wid=303981&fp=b0143518e841b2470af84d86e1b09d3b&tz=0 HTTP/1.1
Host: kiynew.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://media.aso1.net/
Origin: https://media.aso1.net
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx/1.18.0
date: Fri, 02 Dec 2022 07:31:18 GMT
content-length: 0
access-control-allow-origin: https://media.aso1.net
access-control-allow-credentials: true
X-Firefox-Spdy: h2
video.ktkjmp.com/adsbygoogle.js
104.18.51.106200 OK 16 B URL HTTP/2 video.ktkjmp.com/adsbygoogle.js
IP 104.18.51.106:0
Hash 3d7f7a60216d40dea48e495fef6903c9
fecdb5184f55cf012563d78940eb97b10b9cc99b
96d83ac9f20fc0b88404f307f135e212642e02d6ea295c96b28aed0d771a224f
GET /adsbygoogle.js HTTP/1.1
Host: video.ktkjmp.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://creative.xlirdr.com/
Origin: https://creative.xlirdr.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 02 Dec 2022 07:31:18 GMT
content-type: application/javascript
content-length: 16
x-amz-id-2: lcNIxMaAofF7Fv+CenZmpGJJrSUFrD74EH/RfdAjL9Jhx1+3B0JyXF3qWYdsiZqTewxi/ePstns=
x-amz-request-id: 3YWB4S6N4MZ3W6PX
last-modified: Thu, 10 Mar 2022 13:52:07 GMT
etag: "3d7f7a60216d40dea48e495fef6903c9"
x-amz-meta-s3cmd-attrs: atime:1646920284/ctime:1646920283/gid:20/gname:staff/md5:3d7f7a60216d40dea48e495fef6903c9/mode:33188/mtime:1646920283/uid:501/uname:mikhailchubar
x-amz-version-id: eIgLIBoMMcsEXtxOH6UDjWyfAquRpkIG
access-control-allow-origin: https://creative.xlirdr.com
access-control-allow-credentials: true
access-control-allow-headers: Content-Type, Content-Length, Accept-Encoding, x-requested-with
cf-cache-status: HIT
age: 4729
expires: Fri, 02 Dec 2022 11:31:18 GMT
cache-control: public, max-age=14400
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 77325cb81f630b06-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 374 B IP 93.184.220.29:0
Hash b60a53ec163892e934c6962835c43ba9
47acdc40c5b6b4bc1ddbee44ac27dd1c64473b8b
54801d3e85c4b1f8a911d558fd5862e533ba5eee99ce965b5e9ef26627806724
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5264
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Fri, 02 Dec 2022 07:31:18 GMT
Last-Modified: Fri, 02 Dec 2022 06:03:35 GMT
Server: ECS (ska/F713)
X-Cache: HIT
Content-Length: 280
ocsp.sca1b.amazontrust.com/
143.204.42.88200 OK 471 B URL HTTP/1.1 ocsp.sca1b.amazontrust.com/
IP 143.204.42.88:0
Hash 9abb0ed3effce38a94e35450ae4008e3
6650bab55d44eadc9393030071caa1f0dbc70000
9222982381cb732667e6249ebde9e0b3b445460e52812a039f06ff08b02fe64e
POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=164004
Date: Fri, 02 Dec 2022 07:31:18 GMT
Etag: "63898234-1d7"
Expires: Sun, 04 Dec 2022 05:04:42 GMT
Last-Modified: Fri, 02 Dec 2022 04:42:28 GMT
Server: ECS (nyb/1D0E)
X-Cache: Miss from cloudfront
Via: 1.1 d4fd24ae65d4d2b97cfdea8d2f0c21a6.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: WjpwiQk8nWUFMzYckVdSoQF61UHCuiaXOYAlofBGzuRIAlraDKqMlQ==
Age: 1334
r3.o.lencr.org/
23.36.76.226200 OK 2.2 kB IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 881c3768a87f7a22ef70541c440433df
d776fa99553e5ebe081e71c3ae2329f360cc3889
48c5bd9db3f2935b52db165e005196b2b1fb744a134bd20e94c2f126593b5ad9
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "E72EBDF45378915E055DDBD27DBA3F34BFCFFED4C17D1CEF451EC19B00D19A41"
Last-Modified: Thu, 01 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=17373
Expires: Fri, 02 Dec 2022 12:20:51 GMT
Date: Fri, 02 Dec 2022 07:31:18 GMT
Connection: keep-alive
roomimg.stream.highwebmedia.com/riw/girl_of_yourdreams.jpg?1669966260
104.19.242.83200 OK 15 kB URL HTTP/2 roomimg.stream.highwebmedia.com/riw/girl_of_yourdreams.jpg?1669966260
IP 104.19.242.83:0
File type JPEG image data, JFIF standard 1.02, aspect ratio, density 959x960, segment length 16, progressive, precision 8, 480x270, components 3\012- data
Hash 3adf7f5416f7d68c0706c146629f99d4
cbc41026685621df89d953823a2845defa00398b
f3ff93cc244df69b9e569d748abf3b9bf2d3b17eabded4036a872610b4cb1c33
GET /riw/girl_of_yourdreams.jpg?1669966260 HTTP/1.1
Host: roomimg.stream.highwebmedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://chaturbate.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Fri, 02 Dec 2022 07:31:18 GMT
content-type: image/jpeg
content-length: 15119
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
cache-control: public, max-age=30
cf-bgj: imgq:100,h2pri
cf-polished: origSize=15309
content-security-policy: default-src 'none'; img-src data:; style-src 'unsafe-inline'
referrer-policy: strict-origin-when-cross-origin
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
x-frame-options: DENY
x-xss-protection: 1; mode=block
cf-cache-status: HIT
age: 22
last-modified: Fri, 02 Dec 2022 07:30:56 GMT
expires: Fri, 02 Dec 2022 07:31:48 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=1s5Jl4HNJt%2FsF9u%2BkfSPDx3W9ttowKkMUt%2BZ7B4ct0Z105FjJSub5bzdlDj2e2uhk%2FM34dmnCBdaQqXGCNbus6CYNViJVIet44rdEEAfQDXpbiCngkOA34Cr05k2EseU6wEbRaVUG5wQlN5u6hV3AX4%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
set-cookie: _cfuvid=2x89LdhfNz6q5JRMe5Mj0_pj20GM.6wuPJAYLgMcq9c-1669966278607-0-604800000; path=/; domain=.highwebmedia.com; HttpOnly; Secure; SameSite=None
server: cloudflare
cf-ray: 77325cb94bc70b39-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
roomimg.stream.highwebmedia.com/riw/annaceleste.jpg?1669966260
104.19.242.83200 OK 11 kB URL HTTP/2 roomimg.stream.highwebmedia.com/riw/annaceleste.jpg?1669966260
IP 104.19.242.83:0
File type JPEG image data, JFIF standard 1.02, aspect ratio, density 959x960, segment length 16, progressive, precision 8, 480x270, components 3\012- data
Hash 4efff5bffa0d442a01e062fb631ea282
59b77e5be4a065c6fdbb1aa548a9913558ae45d6
d6b6d5ccf0ada1c38220c49314e6400f27da5881c48f3eab114c33dfa769abb1
GET /riw/annaceleste.jpg?1669966260 HTTP/1.1
Host: roomimg.stream.highwebmedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://chaturbate.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Fri, 02 Dec 2022 07:31:18 GMT
content-type: image/jpeg
content-length: 11077
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
cache-control: public, max-age=30
cf-bgj: imgq:100,h2pri
cf-polished: origSize=12271
content-security-policy: default-src 'none'; img-src data:; style-src 'unsafe-inline'
referrer-policy: strict-origin-when-cross-origin
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
x-frame-options: DENY
x-xss-protection: 1; mode=block
cf-cache-status: HIT
age: 22
last-modified: Fri, 02 Dec 2022 07:30:56 GMT
expires: Fri, 02 Dec 2022 07:31:48 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=0%2F1bLh722Xy3Hh9k04HdlNHgDhld022NW%2FtZZD3Z643DJLgpaAMGGVtL4tj1ll1DYT%2B%2BzxJt1Egrms5HRWvUBP579cW3HaAKN74ypiaGh3BmfGaB9%2FG%2FzETdJfelD7bRlUeuoAMj4zQR9jZm%2B6QFHj0%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
set-cookie: _cfuvid=SqZliAfauwvNnqot2RC.NTMlVo._6B.uIjSHpTQ_gCo-1669966278608-0-604800000; path=/; domain=.highwebmedia.com; HttpOnly; Secure; SameSite=None
server: cloudflare
cf-ray: 77325cb94bc90b39-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
roomimg.stream.highwebmedia.com/riw/alicia_uwu.jpg?1669966260
104.19.242.83200 OK 8.9 kB URL HTTP/2 roomimg.stream.highwebmedia.com/riw/alicia_uwu.jpg?1669966260
IP 104.19.242.83:0
File type JPEG image data, JFIF standard 1.02, aspect ratio, density 548x549, segment length 16, progressive, precision 8, 480x270, components 3\012- data
Hash b708beff3c67ab1ef11f22d23d6c8fd3
06d8135e757f0e8416db76b20c938074fb376218
02033b2a9a1af45069c4d0fd99a2cba0f84e1bcf66314faf540aaf06b1fc6f42
GET /riw/alicia_uwu.jpg?1669966260 HTTP/1.1
Host: roomimg.stream.highwebmedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://chaturbate.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Fri, 02 Dec 2022 07:31:18 GMT
content-type: image/jpeg
content-length: 8948
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
cache-control: public, max-age=30
cf-bgj: imgq:100,h2pri
cf-polished: origSize=8973
content-security-policy: default-src 'none'; img-src data:; style-src 'unsafe-inline'
referrer-policy: strict-origin-when-cross-origin
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
x-frame-options: DENY
x-xss-protection: 1; mode=block
cf-cache-status: HIT
age: 1
last-modified: Fri, 02 Dec 2022 07:31:17 GMT
expires: Fri, 02 Dec 2022 07:31:48 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=D%2FXUSd378dFhybpNnDqoIFvFRiX239x5bPvZXyvs%2BuJOtCULySz6GR2jkdsK4MzlKhOUx77DXMfA8%2BNTRx6K3H%2Bk95P%2FTeTT7qB%2FE%2BIApaC3GTXv%2Frv2eVYh58tWmrnxCfy7plf%2BAZdXxbnqVsFGRno%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
set-cookie: _cfuvid=SqZliAfauwvNnqot2RC.NTMlVo._6B.uIjSHpTQ_gCo-1669966278608-0-604800000; path=/; domain=.highwebmedia.com; HttpOnly; Secure; SameSite=None
server: cloudflare
cf-ray: 77325cb94bc80b39-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 280 B IP 93.184.220.29:0
Hash b107f714ba105577ca480d2ced57e674
d55d44b2f2c7c7d323bc76a66f2636ecbf22c554
f47f0de727eb9315dfcbf6179c302213e9b7a3ef645c43dbefcef812a1480733
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5741
Cache-Control: max-age=86747
Content-Type: application/ocsp-response
Date: Fri, 02 Dec 2022 07:31:18 GMT
Etag: "63884335-118"
Expires: Sat, 03 Dec 2022 07:37:05 GMT
Last-Modified: Thu, 01 Dec 2022 06:01:25 GMT
Server: ECS (ska/F713)
X-Cache: HIT
Content-Length: 280
analitits.com/t/xfeid?cb=gl.cb.xf
31.220.24.19200 OK 65 B URL HTTP/1.1 analitits.com/t/xfeid?cb=gl.cb.xf
IP 31.220.24.19:0
ASN #39572 DataWeb Global Group B.V.
File type ASCII text, with no line terminators
Hash 078e36aeb5e7fe7ff8fa0a323969d4a2
a571636bcd340e2ac4cbaa9b588c789c6024f0b7
396c20011a53656447d8e7a58496664850cab7a128c272d4d9bf6869148ea7f4
GET /t/xfeid?cb=gl.cb.xf HTTP/1.1
Host: analitits.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ads.adxadserv.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.10.3 (Ubuntu)
Date: Fri, 02 Dec 2022 07:31:18 GMT
Content-Type: application/octet-stream
Content-Length: 65
Connection: keep-alive
Set-Cookie: xfeid=f1070e3f06b6b4ea46e28d764acb220a; expires=Tue, 01 Jan 2030 00:00:00 GMT; path=/; domain=.analitits.com
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET
Access-Control-Allow-Headers: content-type
Access-Control-Max-Age: 864000
img.strpst.com/thumbs/1669965901/96706841
104.18.63.124200 OK 23 kB URL HTTP/2 img.strpst.com/thumbs/1669965901/96706841
IP 104.18.63.124:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 0x0, segment length 16, progressive, precision 8, 270x360, components 3\012- data
Hash 775f77cddfd31c048783b6a43add0248
a0ef15201163e654138ead6771f2134acce393f4
c4cea4f65c433bb1cb17debd2e20ceaef76d7c1e8bdc9b93fa84a7b8a7e24b19
GET /thumbs/1669965901/96706841 HTTP/1.1
Host: img.strpst.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://creative.xlirdr.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 02 Dec 2022 07:31:18 GMT
content-type: image/jpeg
content-length: 22964
access-control-allow-credentials: true
access-control-allow-headers: *
access-control-allow-methods: PUT, POST, GET, DELETE, OPTIONS
access-control-allow-origin: *
cf-bgj: imgq:100,h2pri
cf-polished: origSize=23906, status=webp_bigger
etag: "f427176e61089ef7e040a443aeaf80f4"
last-modified: Fri, 02 Dec 2022 07:25:00 GMT
cf-cache-status: HIT
age: 232
expires: Fri, 02 Dec 2022 07:32:18 GMT
cache-control: public, max-age=60
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 77325cb99ee2fab4-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 280 B IP 93.184.220.29:0
Hash b107f714ba105577ca480d2ced57e674
d55d44b2f2c7c7d323bc76a66f2636ecbf22c554
f47f0de727eb9315dfcbf6179c302213e9b7a3ef645c43dbefcef812a1480733
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5741
Cache-Control: max-age=86747
Content-Type: application/ocsp-response
Date: Fri, 02 Dec 2022 07:31:18 GMT
Etag: "63884335-118"
Expires: Sat, 03 Dec 2022 07:37:05 GMT
Last-Modified: Thu, 01 Dec 2022 06:01:25 GMT
Server: ECS (ska/F713)
X-Cache: HIT
Content-Length: 280
static.adxadserv.com/css/wm.css
185.76.9.18200 OK 4.0 kB URL HTTP/2 static.adxadserv.com/css/wm.css
IP 185.76.9.18:0
ASN #60068 Datacamp Limited
File type ASCII text, with CRLF line terminators
Hash 10006ff56829ad180bcfd7a04cdc4c6c
e3a2c357ad313cf8f266ec2fed29914b02b2cb35
ba667e2ccf47e6f4c47015f81224653e1ec9a6ea30a6affc2a11b7d6979c7f20
GET /css/wm.css HTTP/1.1
Host: static.adxadserv.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ads.adxadserv.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
HTTP/2 200 OK
date: Fri, 02 Dec 2022 07:31:17 GMT
content-type: text/css
last-modified: Mon, 03 Aug 2020 09:41:06 GMT
etag: W/"5f27dbb2-711"
x-accel-expires: @1670929819
server: CDN77-Turbo
x-77-nzt: AblMCQ3sO7r/Kh4BAA
x-77-nzt-ray: c0a4cc2812d78080c5a989636ae3121a
x-cache: HIT
x-age: 73258
x-77-pop: stockholmSE
x-77-cache: HIT
content-encoding: br
X-Firefox-Spdy: h2
js-agent.newrelic.com/nr-spa-1216.min.js
151.101.130.137200 OK 18 kB URL HTTP/2 js-agent.newrelic.com/nr-spa-1216.min.js
IP 151.101.130.137:0
File type ASCII text, with very long lines (32010)
Hash 6561a2403142205f966207d61576f1a6
1310e72f494e12ab63a4280fc1600a2c89dc9bb8
0e496fcab0b9120938373e271fa6631b7da17adf33f8a490637467c170a3e37a
GET /nr-spa-1216.min.js HTTP/1.1
Host: js-agent.newrelic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://chaturbate.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: TAwVDFAylU9PwNPPW/eXC4UyIMC8EQ1d6JNW9Q+uXGnPmL1fuimq9M3lAe733gCMeKNDiCQX1YM=
x-amz-request-id: SYTECJR5CMD8NJ8E
last-modified: Thu, 14 Apr 2022 16:45:57 GMT
etag: "63e2df852d15ab21d7ff8fc4363222e8"
x-amz-version-id: UU.F5jvoumAjQChriwTQHbisCFw_OInU
content-type: application/javascript
server: AmazonS3
cache-control: public, max-age=7200, stale-if-error=604800
content-encoding: gzip
accept-ranges: bytes
date: Fri, 02 Dec 2022 07:31:18 GMT
via: 1.1 varnish
x-served-by: cache-bma1656-BMA
x-cache: HIT
x-cache-hits: 2223
x-timer: S1669966279.839561,VS0,VE0
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
content-length: 18216
X-Firefox-Spdy: h2
bam.nr-data.net/1/6f524845d1?a=24279235&v=1216.487a282&to=MwYEbUdYXxJQWhULDApMIExbWkUIXldOFgwRERUXQ1BUFkIDFQ0WFlA%3D&rst=834&ck=1&ref=https://chaturbate.com/tours/3/&ap=17&be=488&fe=757&dc=635&af=err,xhr,stn,ins,spa&perf=%7B%22timing%22:%7B%22of%22:1669966276344,%22n%22:0,%22r%22:0,%22re%22:212,%22f%22:212,%22dn%22:212,%22dne%22:212,%22c%22:212,%22s%22:212,%22ce%22:212,%22rq%22:224,%22rp%22:404,%22rpe%22:405,%22dl%22:466,%22di%22:606,%22ds%22:634,%22de%22:640,%22dc%22:756,%22l%22:756,%22le%22:757%7D,%22navigation%22:%7B%22rc%22:1%7D%7D&fcp=636&at=H0ETGw9CExRCXBM9CgBBXAkZG0QSVEsPAw4BQVwbamZQD15XPj1BSEEVUFJXRBFuXQAWBkZZVhUXenc%2BY1gYQFlGVFEKBwxSAwYIA1NRBlZXCBh4Yy8TFUMhJTshCU0XAwhTHRsiJDwmDBJ8TU1DABMDQwQCCBADFVNYXRJUG01AEQECCmZcSRNbEwBQTFpUTVILGwgEVRMVQwMNCw05X1lYVhITA0NAT0YBA0pBZlYUVEoSPQoUQVwbDAgfWAEXVVBNVVZSGxkbUwRCTT4FFgEQFWZSXF5DCxsvLUFIQQ9JalpeFF9NExtBXkEodhcVEwhBZgINFgoXFEBqWl4PV1AFBw0HBkQDFwwBQx0bCBI8CgYSTlpLWkMLGwMOChxNBVZYGx1DWEk%2BDREDAghQT1hFCF5XQ1hBJg8PQRVqXg1ETQgNDRdBShtcSW4IQklDWEEmDw9BFWpeDURNCA0NF0FKG1xJbgBCV0NYVlRQVg0ZG1gRblgSDDwLEQEbDxtzDVhBQTEMCBYSUFpXQkFwakNOQQ0TOVpaV18EUk0IDQ07Fx9JUBsLQ3JYAw4GSyc1dRcVEwhBZhQRBhY8EkBFXBNbE0sEEQoABghNXFhdQx0bEwcSEQYVTWpJUBVZG1tATBAME0tGFgJOExVDFQ87CwlKQRsLQ1JRABYWFgEHTVAXUg5cG01AEA0XA2ZcXRNbABVDEQoQBjldWlRQCF8bW0AADAISTEdbUBVUFwINDkZPREtQSEQEQk0%2BCgwXF0QDF1pZAEVMEwACEAZIWlpUE00TWxMNFBcGFGZcXRNbEwoEWwFcAQRdGABTUwAUVQAGUE5eXQBaHFcJWFMEU1VTVwFWWxNNE0sEBAYWBhQbDxtZFUVJElhMSwAHVEYXVhNQTQgRTEZPREtQSEQEQk0%2BDwYQCwldFwMTJnRtQ05BFBoSUVpXbhdUSxILDApBXBsGFwZDHRsUAzwABhBQVlxuB1BUCA4aRllEdkFRVBMTFUMXAjsHA09cWlQ%2BRUARB0FeQQJcRlJFDkEbTUAWBTwJSmpfUAxYVRhAWUY0D1dRVkYSExVDFwI7DBVmQ1xDElhWD0BZRlJWGxkbRABuWxMNFBcGFGZTWFwIXUBDWEEiChRcU1ZJQx0bFAM8BhEJTkZcQz5HXBMRCgsNRAMXCAFUHwlDTkERAjlKQUtYD1YbW0AuCxkPVVlYHlQfCUFKNA0NAlZCShEvZRlQUk1UWEZuXFcHVQoZGVRXX0MUTw8IAVQfCUhCJAEADVYaCwFQAQlQUlJEJQ9LUF9eGR4IUVdNVEFKG1JQRT5SVgwPChBBXBsECAFVB11RW1JSAlUbGRtBAENYDBFBXkEdZRdNXhRDZUNYQzhBHghnXW1DHRk9QAAFDhZYXF5fPRMDQT5BKgAnQGBlE00RZUMBP0ZZRmUXCm1DHRk9QBM4QVwZaRsBPRMVQT5BAwYIXVBLbUMLGT1ABThBShlpG1UIQlgDDgY7EAlMW11tQwsZPUBTOEEbGxkbVA1YXggADwE8FUlZUEU%2BRVwSFhBGWUQZZWp9CEdcQUBPRgYKUFJQUw1UZhISDw0XOU1QSkUSblcSQFlGQxZMRlFuFFgZQx8e&jsonp=NREUM.setToken
162.247.241.14200 OK 77 B URL HTTP/1.1 bam.nr-data.net/1/6f524845d1?a=24279235&v=1216.487a282&to=MwYEbUdYXxJQWhULDApMIExbWkUIXldOFgwRERUXQ1BUFkIDFQ0WFlA%3D&rst=834&ck=1&ref=https://chaturbate.com/tours/3/&ap=17&be=488&fe=757&dc=635&af=err,xhr,stn,ins,spa&perf=%7B%22timing%22:%7B%22of%22:1669966276344,%22n%22:0,%22r%22:0,%22re%22:212,%22f%22:212,%22dn%22:212,%22dne%22:212,%22c%22:212,%22s%22:212,%22ce%22:212,%22rq%22:224,%22rp%22:404,%22rpe%22:405,%22dl%22:466,%22di%22:606,%22ds%22:634,%22de%22:640,%22dc%22:756,%22l%22:756,%22le%22:757%7D,%22navigation%22:%7B%22rc%22:1%7D%7D&fcp=636&at=H0ETGw9CExRCXBM9CgBBXAkZG0QSVEsPAw4BQVwbamZQD15XPj1BSEEVUFJXRBFuXQAWBkZZVhUXenc%2BY1gYQFlGVFEKBwxSAwYIA1NRBlZXCBh4Yy8TFUMhJTshCU0XAwhTHRsiJDwmDBJ8TU1DABMDQwQCCBADFVNYXRJUG01AEQECCmZcSRNbEwBQTFpUTVILGwgEVRMVQwMNCw05X1lYVhITA0NAT0YBA0pBZlYUVEoSPQoUQVwbDAgfWAEXVVBNVVZSGxkbUwRCTT4FFgEQFWZSXF5DCxsvLUFIQQ9JalpeFF9NExtBXkEodhcVEwhBZgINFgoXFEBqWl4PV1AFBw0HBkQDFwwBQx0bCBI8CgYSTlpLWkMLGwMOChxNBVZYGx1DWEk%2BDREDAghQT1hFCF5XQ1hBJg8PQRVqXg1ETQgNDRdBShtcSW4IQklDWEEmDw9BFWpeDURNCA0NF0FKG1xJbgBCV0NYVlRQVg0ZG1gRblgSDDwLEQEbDxtzDVhBQTEMCBYSUFpXQkFwakNOQQ0TOVpaV18EUk0IDQ07Fx9JUBsLQ3JYAw4GSyc1dRcVEwhBZhQRBhY8EkBFXBNbE0sEEQoABghNXFhdQx0bEwcSEQYVTWpJUBVZG1tATBAME0tGFgJOExVDFQ87CwlKQRsLQ1JRABYWFgEHTVAXUg5cG01AEA0XA2ZcXRNbABVDEQoQBjldWlRQCF8bW0AADAISTEdbUBVUFwINDkZPREtQSEQEQk0%2BCgwXF0QDF1pZAEVMEwACEAZIWlpUE00TWxMNFBcGFGZcXRNbEwoEWwFcAQRdGABTUwAUVQAGUE5eXQBaHFcJWFMEU1VTVwFWWxNNE0sEBAYWBhQbDxtZFUVJElhMSwAHVEYXVhNQTQgRTEZPREtQSEQEQk0%2BDwYQCwldFwMTJnRtQ05BFBoSUVpXbhdUSxILDApBXBsGFwZDHRsUAzwABhBQVlxuB1BUCA4aRllEdkFRVBMTFUMXAjsHA09cWlQ%2BRUARB0FeQQJcRlJFDkEbTUAWBTwJSmpfUAxYVRhAWUY0D1dRVkYSExVDFwI7DBVmQ1xDElhWD0BZRlJWGxkbRABuWxMNFBcGFGZTWFwIXUBDWEEiChRcU1ZJQx0bFAM8BhEJTkZcQz5HXBMRCgsNRAMXCAFUHwlDTkERAjlKQUtYD1YbW0AuCxkPVVlYHlQfCUFKNA0NAlZCShEvZRlQUk1UWEZuXFcHVQoZGVRXX0MUTw8IAVQfCUhCJAEADVYaCwFQAQlQUlJEJQ9LUF9eGR4IUVdNVEFKG1JQRT5SVgwPChBBXBsECAFVB11RW1JSAlUbGRtBAENYDBFBXkEdZRdNXhRDZUNYQzhBHghnXW1DHRk9QAAFDhZYXF5fPRMDQT5BKgAnQGBlE00RZUMBP0ZZRmUXCm1DHRk9QBM4QVwZaRsBPRMVQT5BAwYIXVBLbUMLGT1ABThBShlpG1UIQlgDDgY7EAlMW11tQwsZPUBTOEEbGxkbVA1YXggADwE8FUlZUEU%2BRVwSFhBGWUQZZWp9CEdcQUBPRgYKUFJQUw1UZhISDw0XOU1QSkUSblcSQFlGQxZMRlFuFFgZQx8e&jsonp=NREUM.setToken
IP 162.247.241.14:0
File type ASCII text, with no line terminators
Hash f1442f5831dbbe0210da2d7a4180d6b8
2ade23c6c7a001c66f0c0a9a101ec152747b434e
c6acf9fb2ecc1b144c51bd0337bbf1c26db3df2f649ac2da5c56db20d93eb3ef
GET /1/6f524845d1?a=24279235&v=1216.487a282&to=MwYEbUdYXxJQWhULDApMIExbWkUIXldOFgwRERUXQ1BUFkIDFQ0WFlA%3D&rst=834&ck=1&ref=https://chaturbate.com/tours/3/&ap=17&be=488&fe=757&dc=635&af=err,xhr,stn,ins,spa&perf=%7B%22timing%22:%7B%22of%22:1669966276344,%22n%22:0,%22r%22:0,%22re%22:212,%22f%22:212,%22dn%22:212,%22dne%22:212,%22c%22:212,%22s%22:212,%22ce%22:212,%22rq%22:224,%22rp%22:404,%22rpe%22:405,%22dl%22:466,%22di%22:606,%22ds%22:634,%22de%22:640,%22dc%22:756,%22l%22:756,%22le%22:757%7D,%22navigation%22:%7B%22rc%22:1%7D%7D&fcp=636&at=H0ETGw9CExRCXBM9CgBBXAkZG0QSVEsPAw4BQVwbamZQD15XPj1BSEEVUFJXRBFuXQAWBkZZVhUXenc%2BY1gYQFlGVFEKBwxSAwYIA1NRBlZXCBh4Yy8TFUMhJTshCU0XAwhTHRsiJDwmDBJ8TU1DABMDQwQCCBADFVNYXRJUG01AEQECCmZcSRNbEwBQTFpUTVILGwgEVRMVQwMNCw05X1lYVhITA0NAT0YBA0pBZlYUVEoSPQoUQVwbDAgfWAEXVVBNVVZSGxkbUwRCTT4FFgEQFWZSXF5DCxsvLUFIQQ9JalpeFF9NExtBXkEodhcVEwhBZgINFgoXFEBqWl4PV1AFBw0HBkQDFwwBQx0bCBI8CgYSTlpLWkMLGwMOChxNBVZYGx1DWEk%2BDREDAghQT1hFCF5XQ1hBJg8PQRVqXg1ETQgNDRdBShtcSW4IQklDWEEmDw9BFWpeDURNCA0NF0FKG1xJbgBCV0NYVlRQVg0ZG1gRblgSDDwLEQEbDxtzDVhBQTEMCBYSUFpXQkFwakNOQQ0TOVpaV18EUk0IDQ07Fx9JUBsLQ3JYAw4GSyc1dRcVEwhBZhQRBhY8EkBFXBNbE0sEEQoABghNXFhdQx0bEwcSEQYVTWpJUBVZG1tATBAME0tGFgJOExVDFQ87CwlKQRsLQ1JRABYWFgEHTVAXUg5cG01AEA0XA2ZcXRNbABVDEQoQBjldWlRQCF8bW0AADAISTEdbUBVUFwINDkZPREtQSEQEQk0%2BCgwXF0QDF1pZAEVMEwACEAZIWlpUE00TWxMNFBcGFGZcXRNbEwoEWwFcAQRdGABTUwAUVQAGUE5eXQBaHFcJWFMEU1VTVwFWWxNNE0sEBAYWBhQbDxtZFUVJElhMSwAHVEYXVhNQTQgRTEZPREtQSEQEQk0%2BDwYQCwldFwMTJnRtQ05BFBoSUVpXbhdUSxILDApBXBsGFwZDHRsUAzwABhBQVlxuB1BUCA4aRllEdkFRVBMTFUMXAjsHA09cWlQ%2BRUARB0FeQQJcRlJFDkEbTUAWBTwJSmpfUAxYVRhAWUY0D1dRVkYSExVDFwI7DBVmQ1xDElhWD0BZRlJWGxkbRABuWxMNFBcGFGZTWFwIXUBDWEEiChRcU1ZJQx0bFAM8BhEJTkZcQz5HXBMRCgsNRAMXCAFUHwlDTkERAjlKQUtYD1YbW0AuCxkPVVlYHlQfCUFKNA0NAlZCShEvZRlQUk1UWEZuXFcHVQoZGVRXX0MUTw8IAVQfCUhCJAEADVYaCwFQAQlQUlJEJQ9LUF9eGR4IUVdNVEFKG1JQRT5SVgwPChBBXBsECAFVB11RW1JSAlUbGRtBAENYDBFBXkEdZRdNXhRDZUNYQzhBHghnXW1DHRk9QAAFDhZYXF5fPRMDQT5BKgAnQGBlE00RZUMBP0ZZRmUXCm1DHRk9QBM4QVwZaRsBPRMVQT5BAwYIXVBLbUMLGT1ABThBShlpG1UIQlgDDgY7EAlMW11tQwsZPUBTOEEbGxkbVA1YXggADwE8FUlZUEU%2BRVwSFhBGWUQZZWp9CEdcQUBPRgYKUFJQUw1UZhISDw0XOU1QSkUSblcSQFlGQxZMRlFuFFgZQx8e&jsonp=NREUM.setToken HTTP/1.1
Host: bam.nr-data.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://chaturbate.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Date: Fri, 02 Dec 2022 07:31:19 GMT
Content-Type: text/javascript
Transfer-Encoding: chunked
Connection: keep-alive
CF-Ray: 77325cbb2b7fb4f7-OSL
Access-Control-Allow-Origin: *
Set-Cookie: JSESSIONID=4864f305e9af5d6a; Path=/; Domain=.nr-data.net; Secure; SameSite=None
CF-Cache-Status: DYNAMIC
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, PUT, HEAD, OPTIONS
Cross-Origin-Resource-Policy: cross-origin
Vary: Accept-Encoding
Server: cloudflare
Content-Encoding: gzip
bam.nr-data.net/events/1/6f524845d1?a=24279235&v=1216.487a282&to=MwYEbUdYXxJQWhULDApMIExbWkUIXldOFgwRERUXQ1BUFkIDFQ0WFlA%3D&rst=1056&ck=1&ref=https://chaturbate.com/tours/3/
162.247.241.14200 OK 24 B URL HTTP/1.1 bam.nr-data.net/events/1/6f524845d1?a=24279235&v=1216.487a282&to=MwYEbUdYXxJQWhULDApMIExbWkUIXldOFgwRERUXQ1BUFkIDFQ0WFlA%3D&rst=1056&ck=1&ref=https://chaturbate.com/tours/3/
IP 162.247.241.14:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash bc32ed98d624acb4008f986349a20d26
2d3df8c11d2168ce2c27e0937421d11d85016361
0c9cf152a0ad00d4f102c93c613c104914be5517ac8f8e0831727f8bfbe8b300
POST /events/1/6f524845d1?a=24279235&v=1216.487a282&to=MwYEbUdYXxJQWhULDApMIExbWkUIXldOFgwRERUXQ1BUFkIDFQ0WFlA%3D&rst=1056&ck=1&ref=https://chaturbate.com/tours/3/ HTTP/1.1
Host: bam.nr-data.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://chaturbate.com/
content-type: text/plain
Content-Length: 1777
Origin: https://chaturbate.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Date: Fri, 02 Dec 2022 07:31:19 GMT
Content-Type: image/gif
Content-Length: 24
Connection: keep-alive
CF-Ray: 77325cbc5ccdb4f7-OSL
Access-Control-Allow-Origin: https://chaturbate.com
CF-Cache-Status: DYNAMIC
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, PUT, HEAD, OPTIONS
Vary: Accept-Encoding
Server: cloudflare
pogothere.xyz/asd100.bin
172.64.172.27200 OK 0 B IP 172.64.172.27:0
GET /asd100.bin HTTP/1.1
Host: pogothere.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://xfantazy.com/
Origin: https://xfantazy.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Fri, 02 Dec 2022 07:31:16 GMT
content-type: binary/octet-stream
access-control-allow-origin: https://xfantazy.com
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-headers: X-Requested-With, content-type
cache-control: max-age=14400
cf-cache-status: HIT
age: 7006
last-modified: Fri, 02 Dec 2022 05:34:30 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=zH6bEh9PT0l%2F5CF3xYQCMTbImN78UPsHuHGPezkUUtmFiFxkTvI8iB0i%2FoEu6ZHBVwmhTw3pmPxKhmOXHdDWtr3l1Q7yuk1ZXJZ0%2FOMyna975p72uVcTeiybVojtXQeu"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 77325cab99b8757a-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
xfantazy.com/_next/static/chunks/59.edff5ae0d8d83054b552.js
172.64.162.22200 OK 0 B URL HTTP/2 xfantazy.com/_next/static/chunks/59.edff5ae0d8d83054b552.js
IP 172.64.162.22:0
GET /_next/static/chunks/59.edff5ae0d8d83054b552.js HTTP/1.1
Host: xfantazy.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/video/5fa9094a0c205613746667b6
Cookie: visitorId=b42rsi6fzq7hn6h9fdrixc; experiment-popup-payment-7=0; experiment-save-to-button-2=0
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Fri, 02 Dec 2022 07:31:13 GMT
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=31536000, immutable
cf-bgj: minify
etag: W/"c8b-183501608b0"
last-modified: Sun, 18 Sep 2022 10:12:44 GMT
vary: Origin, Accept-Encoding
cf-cache-status: HIT
age: 3197253
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=mBWjYhUtUqkGmrSREF8ek3jt8ife4D%2Bd6%2BNyDKhCFWsdt35nLl%2BlYLOZ9KFadyUUA%2F56Mbp4aM5%2FWOvBQItY6RDyG2uYuGsKWWknS8LTWZ1iCcnAqYARK3KM9f4tzWg%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 77325c99ae2d71c6-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
zatnoh.com/pw/waWQiOjExMDcyMDUsInNpZCI6MTEyNzg1NCwid2lkIjozMDM5ODEsInNyYyI6Mn0=eyJ.js
172.67.207.232200 OK 0 B URL HTTP/2 zatnoh.com/pw/waWQiOjExMDcyMDUsInNpZCI6MTEyNzg1NCwid2lkIjozMDM5ODEsInNyYyI6Mn0=eyJ.js
IP 172.67.207.232:0
GET /pw/waWQiOjExMDcyMDUsInNpZCI6MTEyNzg1NCwid2lkIjozMDM5ODEsInNyYyI6Mn0=eyJ.js HTTP/1.1
Host: zatnoh.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://media.aso1.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 02 Dec 2022 07:31:17 GMT
content-type: application/javascript; charset=UTF-8
vary: Accept-Encoding
access-control-allow-origin: https://media.aso1.net
e-tag: a4a965a49531d03f9b2e6815c34f671d
cache-control: max-age=14400
cf-cache-status: HIT
age: 1116
last-modified: Fri, 02 Dec 2022 07:12:41 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=XrABLkzV7X4hL51x2pbAX4AnIGtUt%2BPAHC4pN2QdA6hZ%2FyAiKKdUda3HUK17iMZmgUf%2BY5iQwfFzYENaeRXXA7i8THb9K8UcEhHDqigipYQpu7yFf6yFsxklaLqg"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 77325cb2a862b51b-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
media.aso1.net/js/ifr.html
172.64.163.11200 OK 0 B URL HTTP/2 media.aso1.net/js/ifr.html
IP 172.64.163.11:0
GET /js/ifr.html HTTP/1.1
Host: media.aso1.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Fri, 02 Dec 2022 07:31:16 GMT
content-type: text/html
last-modified: Thu, 24 Nov 2022 16:06:01 GMT
etag: W/"637f9669-6ff"
expires: Mon, 28 Nov 2022 07:22:28 GMT
cache-control: max-age=259200
x-robots-tag: noindex, nofollow, noarchive, noimageindex
cf-cache-status: HIT
age: 129372
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=NJhT0E5Pdlb1%2B56%2FMSusloosxjoYRytKCh4M45FQRsS1ieenXsWrB4%2F%2FTL7hiGSy8bxKZF7SyWp8BLykPnuucewdHTXvlPgMXQPgHMb87qwfL5cvkfk8Ad9RL8%2BlnKrC7A%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 77325cadc88975a5-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
cdn.creative-bars1.com/sb/ssp/vpn/os-box/small/js/script.js
172.64.108.13200 OK 0 B URL HTTP/2 cdn.creative-bars1.com/sb/ssp/vpn/os-box/small/js/script.js
IP 172.64.108.13:0
GET /sb/ssp/vpn/os-box/small/js/script.js HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://xfantazy.com
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Fri, 02 Dec 2022 07:31:17 GMT
content-type: application/javascript
last-modified: Tue, 21 Sep 2021 12:06:14 GMT
etag: W/"6149cab6-307"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 1445942
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=dXNdAdSL9j%2FarftA9ulru%2BtJTqzo0afVs%2F9cRu5b88T4m9a9QknRd%2FlDsq%2FF1ejfuf2Jg8bCsOlU4stmldsUXKmD%2FYNnAAjrhCQ%2FGKWuWWBlzhfkJGkAH1LzjSxxIFBYOFFR%2BmVRygbP"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 77325cb0d869004a-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
xfantazy.com/_next/static/pSlyoXy7R5nE6sbZsP0Ue/pages/video.js
172.64.162.22200 OK 0 B URL HTTP/2 xfantazy.com/_next/static/pSlyoXy7R5nE6sbZsP0Ue/pages/video.js
IP 172.64.162.22:0
GET /_next/static/pSlyoXy7R5nE6sbZsP0Ue/pages/video.js HTTP/1.1
Host: xfantazy.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/video/5fa9094a0c205613746667b6
Cookie: visitorId=b42rsi6fzq7hn6h9fdrixc; experiment-popup-payment-7=0; experiment-save-to-button-2=0
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Fri, 02 Dec 2022 07:31:13 GMT
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=31536000, immutable
cf-bgj: minify
etag: W/"597e-18350162aec"
last-modified: Sun, 18 Sep 2022 10:12:53 GMT
vary: Origin, Accept-Encoding
cf-cache-status: HIT
age: 6469979
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=LG0tSz3ohoXWrYkiwUZQkq82OQeLm212nXqMYSjKkAWgYPWFFtSIzfNVeCuFDpHYUEP5XqTSjapVwwcAE1%2Bw1wQS9cbrCxgTRFmb6X5SK6nb7uR0kKskIjSnKyob098%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 77325c999e1e71c6-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
xfantazy.com/_next/static/chunks/69.b3ff95d1d1b8e7cf25a2.js
172.64.162.22200 OK 0 B URL HTTP/2 xfantazy.com/_next/static/chunks/69.b3ff95d1d1b8e7cf25a2.js
IP 172.64.162.22:0
GET /_next/static/chunks/69.b3ff95d1d1b8e7cf25a2.js HTTP/1.1
Host: xfantazy.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/video/5fa9094a0c205613746667b6
Cookie: visitorId=b42rsi6fzq7hn6h9fdrixc; experiment-popup-payment-7=0; experiment-save-to-button-2=0
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Fri, 02 Dec 2022 07:31:13 GMT
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=31536000, immutable
cf-bgj: minify
etag: W/"61c-183501608b4"
last-modified: Sun, 18 Sep 2022 10:12:44 GMT
vary: Origin, Accept-Encoding
cf-cache-status: HIT
age: 3197224
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2Fd%2FvwzIldDxdD1ig%2BEHnSGH5TbOhJLTK2sxq5UlGnkV7iNszKPxVSVkFIZ58E6vnwLUOaaQW7FSD1sLUGzwbbORHhBfivtLnTweDhhr7PbBPXqJSin1L77Fc2uZsS3Y%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 77325c99ae3071c6-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
xfantazy.com/_next/static/chunks/commons.9b890646c0aa33eb63fe.js
172.64.162.22200 OK 0 B URL HTTP/2 xfantazy.com/_next/static/chunks/commons.9b890646c0aa33eb63fe.js
IP 172.64.162.22:0
GET /_next/static/chunks/commons.9b890646c0aa33eb63fe.js HTTP/1.1
Host: xfantazy.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/video/5fa9094a0c205613746667b6
Cookie: visitorId=b42rsi6fzq7hn6h9fdrixc; experiment-popup-payment-7=0; experiment-save-to-button-2=0
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Fri, 02 Dec 2022 07:31:13 GMT
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=31536000, immutable
cf-bgj: minify
cf-polished: origSize=1388386
etag: W/"152f62-1826d2bb0af"
last-modified: Fri, 05 Aug 2022 08:42:36 GMT
vary: Origin, Accept-Encoding
cf-cache-status: HIT
age: 10277228
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=5nVvmX66MT65WQ3QE0c2hN5rW4b%2FxgmTBmwMMl3uuc3PE0q632%2FgHhOh4PEKVaY5ApaEPxB9AzgFgrfxI6QzEYmJjMTeoBIpOSIMjWkgxeG1DrV71cHe2FyOP2WOlUE%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 77325c999e2171c6-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
cdn.barscreative1.com/sb/au/ef/6d/9c/ef6d9ce2996acaba379ea30acdea20ae/1632400430.html
45.133.44.3200 OK 0 B URL HTTP/2 cdn.barscreative1.com/sb/au/ef/6d/9c/ef6d9ce2996acaba379ea30acdea20ae/1632400430.html
IP 45.133.44.3:0
ASN #39572 DataWeb Global Group B.V.
Analyzer Verdict Alert fortinet Phishing
GET /sb/au/ef/6d/9c/ef6d9ce2996acaba379ea30acdea20ae/1632400430.html HTTP/1.1
Host: cdn.barscreative1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://xfantazy.com
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 02 Dec 2022 07:31:16 GMT
content-type: text/html; charset=utf-8
server: nginx/1.17.6
last-modified: Thu, 23 Sep 2021 12:33:57 GMT
etag: W/"614c7435-4c2"
cache-control: max-age=3600
access-control-allow-origin: *
access-control-expose-headers: Date
content-encoding: gzip
expires: Fri, 02 Dec 2022 08:31:16 GMT
x-proxy-cache: HIT
X-Firefox-Spdy: h2
pogothere.xyz/
172.64.172.27200 OK 0 B IP 172.64.172.27:0
GET / HTTP/1.1
Host: pogothere.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://xfantazy.com/
Origin: https://xfantazy.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 02 Dec 2022 07:31:16 GMT
content-type: text/plain
set-cookie: csu=626680297616532@1@1669966276; Max-Age=31104000; Secure; SameSite=None
access-control-allow-origin: https://xfantazy.com
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-headers: X-Requested-With, content-type
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Wu5WI50AkYX%2Fl5NvUz78Uq8Bw%2F0zrjQVy8YlC639SXR6B7%2F%2FEETusRtw8IjJuG7EjjTjX2OP5obDm48fxGjMgvGMcdoDk5QQNp9suaBVPAau7cEgCQhUaYrPzbScrvWX"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 77325cab99b6757a-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
cdn.creative-bars1.com/sb/ssp/utility/social-media/facebook/js/script.js
172.64.108.13200 OK 0 B URL HTTP/2 cdn.creative-bars1.com/sb/ssp/utility/social-media/facebook/js/script.js
IP 172.64.108.13:0
GET /sb/ssp/utility/social-media/facebook/js/script.js HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://xfantazy.com
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 02 Dec 2022 07:31:16 GMT
content-type: application/javascript
last-modified: Sat, 20 Feb 2021 08:47:14 GMT
etag: W/"6030cc92-1bc"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 1445982
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=cfDiDCLxHdQbMJzSAR%2F7Gc0hyShSluwcLG65BCavHm6XU9DXNM3S0%2Fggs9LQ5J3Ay8zOulsWhDahhvWwhjN2T%2Ba7bsUsvxVh%2B4q3fpALRJ9Bo8aLH%2BPGjlNA74%2Fl27089y6DuZMxOSvT"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 77325cae9f28004a-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
cdn.creative-bars1.com/sb/ssp/utility/social-media/facebook/css/animate.css
172.64.108.13200 OK 0 B URL HTTP/2 cdn.creative-bars1.com/sb/ssp/utility/social-media/facebook/css/animate.css
IP 172.64.108.13:0
GET /sb/ssp/utility/social-media/facebook/css/animate.css HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://xfantazy.com
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 02 Dec 2022 07:31:16 GMT
content-type: text/css
last-modified: Sat, 20 Feb 2021 08:44:40 GMT
etag: W/"6030cbf8-1358d"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 1445982
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=QT8GGp8mC5T%2FziZ6EbuXCprWdR8oprrYHoM9c4hn51ztDZ79bW1HAGO2dssCfy2xCrIxP9CAbzFVr7pzIJGhIA39m98fG9IpmJGSEd%2FiLCYmuOgjkA7MKrWTThUT5RLqAkOT7QN2oMZA"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 77325caeaf2f004a-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
xfantazy.com/_next/static/chunks/16.2fcecc4fbe403da70f1d.js
172.64.162.22200 OK 0 B URL HTTP/2 xfantazy.com/_next/static/chunks/16.2fcecc4fbe403da70f1d.js
IP 172.64.162.22:0
GET /_next/static/chunks/16.2fcecc4fbe403da70f1d.js HTTP/1.1
Host: xfantazy.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/video/5fa9094a0c205613746667b6
Cookie: visitorId=b42rsi6fzq7hn6h9fdrixc; experiment-popup-payment-7=0; experiment-save-to-button-2=0
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Fri, 02 Dec 2022 07:31:13 GMT
content-type: application/javascript; charset=UTF-8
cf-bgj: minify
cache-control: public, max-age=31536000, immutable
etag: W/"4f4a-17c56c3aeb1"
last-modified: Wed, 06 Oct 2021 18:00:37 GMT
vary: Origin, Accept-Encoding
cf-cache-status: HIT
age: 30031593
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=sWR5wDMF%2FD1GkZuljO%2B3l4XhHcVL%2BEEbveLZMk0r5Lj0e29J5mbbLKD5gdPIS4wEpb6EbNMAPoccHtCmd2O4Q0hA1Dmxzby%2FQVx23NZIZQE79k88fHvQljbF8PrXZ0w%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 77325c999e2c71c6-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
xfantazy.com/_next/static/chunks/9.be198c87e436634bf765.js
172.64.162.22200 OK 0 B URL HTTP/2 xfantazy.com/_next/static/chunks/9.be198c87e436634bf765.js
IP 172.64.162.22:0
GET /_next/static/chunks/9.be198c87e436634bf765.js HTTP/1.1
Host: xfantazy.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/video/5fa9094a0c205613746667b6
Cookie: visitorId=b42rsi6fzq7hn6h9fdrixc; experiment-popup-payment-7=0; experiment-save-to-button-2=0
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Fri, 02 Dec 2022 07:31:13 GMT
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=31536000, immutable
cf-bgj: minify
etag: W/"9c95-1835015f14e"
last-modified: Sun, 18 Sep 2022 10:12:38 GMT
vary: Origin, Accept-Encoding
cf-cache-status: HIT
age: 3197253
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2BPG%2BhMgL%2FXCu63OU90CHdZu2Kg%2BUkvCyBmRTs0xeYKUwn5k9sjXeReZ%2BERv0L5qsw4Uzwtkys%2BlNNzeebuo4kh%2FLDZDM3cR6v2YvSCuyWgokzzAFQSatruAI4sE6eAo%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 77325c999e2b71c6-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
friendshipmale.com/sfp.js
172.64.203.23200 OK 0 B URL HTTP/2 friendshipmale.com/sfp.js
IP 172.64.203.23:0
GET /sfp.js HTTP/1.1
Host: friendshipmale.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 02 Dec 2022 07:31:15 GMT
content-type: application/javascript; charset=utf-8
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
access-control-allow-origin: *
expires: Thu, 01 Jan 1970 00:00:01 GMT
cache-control: max-age=14400
x-request-id: f43fe51eaf5189411539fbd636aca5c8
strict-transport-security: max-age=0; includeSubdomains
cf-cache-status: EXPIRED
last-modified: Fri, 02 Dec 2022 07:31:14 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=spobk8MBKAnucZv514GFqvBVi4paoTDXSzyxIQHKeV91sTJ4xxvv%2FBiDJ2UIcYZynj7MSGoE%2F1Nn%2BEnUeBUyzji3sEmbmaPfKj2QBCjpGP3RiETyXSusmzyfZU2yO%2BmtQXvgKaQ%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 77325ca2ab14f413-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
accounts.google.com/v3/signin/identifier?dsh=S-519900666%3A1669966276418027&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&hl=en&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&ifkv=ARgdvAtZW4jIhUMtAqadxHqksYTPw61W47GC3zZYjB5zgv4aP-ZGHU2yRUsamaBDm8daXReljvDjrw
216.58.207.237403 Forbidden 0 B URL HTTP/2 accounts.google.com/v3/signin/identifier?dsh=S-519900666%3A1669966276418027&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&hl=en&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&ifkv=ARgdvAtZW4jIhUMtAqadxHqksYTPw61W47GC3zZYjB5zgv4aP-ZGHU2yRUsamaBDm8daXReljvDjrw
IP 216.58.207.237:0
GET /v3/signin/identifier?dsh=S-519900666%3A1669966276418027&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&hl=en&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&ifkv=ARgdvAtZW4jIhUMtAqadxHqksYTPw61W47GC3zZYjB5zgv4aP-ZGHU2yRUsamaBDm8daXReljvDjrw HTTP/1.1
Host: accounts.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://xfantazy.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 403 Forbidden
content-type: text/html; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Fri, 02 Dec 2022 07:31:16 GMT
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: script-src 'nonce-3RHFrVj-5Oy65lF4MlqF_w' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /v3/signin/_/AccountsSignInUi/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com;report-uri /v3/signin/_/AccountsSignInUi/cspreport/allowlist, require-trusted-types-for 'script';report-uri /v3/signin/_/AccountsSignInUi/cspreport
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-opener-policy-report-only: same-origin; report-to="AccountsSignInUi"
report-to: {"group":"AccountsSignInUi","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/AccountsSignInUi/external"}]}
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-platform=*, ch-ua-platform-version=*
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
a.naturalhealthsource.club/api/spots/312875?p=1&s1=%subid1%&kw=
135.181.208.216200 OK 0 B URL HTTP/2 a.naturalhealthsource.club/api/spots/312875?p=1&s1=%subid1%&kw=
IP 135.181.208.216:0
ASN #24940 Hetzner Online GmbH
GET /api/spots/312875?p=1&s1=%subid1%&kw= HTTP/1.1
Host: a.naturalhealthsource.club
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 02 Dec 2022 07:31:16 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
set-cookie: nauid=cl9G5jxZ35l3GnY68oiI; Path=/; Expires=Wed, 11 Nov 2037 11:11:11 GMT; Secure; SameSite=None
cache-control: private
content-encoding: gzip
X-Firefox-Spdy: h2
a.naturalhealthsource.club/api/spots/303892?p=1&s1=%subid1%&kw=
135.181.208.216200 OK 0 B URL HTTP/2 a.naturalhealthsource.club/api/spots/303892?p=1&s1=%subid1%&kw=
IP 135.181.208.216:0
ASN #24940 Hetzner Online GmbH
GET /api/spots/303892?p=1&s1=%subid1%&kw= HTTP/1.1
Host: a.naturalhealthsource.club
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 02 Dec 2022 07:31:16 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
set-cookie: nauid=zE2YU4wLXt4nmZM4u8qT; Path=/; Expires=Wed, 11 Nov 2037 11:11:11 GMT; Secure; SameSite=None
cache-control: private
content-encoding: gzip
X-Firefox-Spdy: h2
go.xlivrdr.com/api/models/vast?campaignId=165aea9bcdd7aabac45f72d02f58fd24b8416bc57cfc540b1b4409ac823564af&campaignType=smartpop&creativeId=b1e02e2720203f684f246d97afe36747c347d0383f37e85772df9f975015b451&duration=00%3A00%3A30&endpoint=room&iterationId=257107&masterSmartpopId=2683&memberId=ooc4ASOptqorordVdTdRZXO6VzqpbXUzOodTK6V0rpXT1UU0uomponpndRNTRPTS6V0zpXSuldK6Z0rpXTOrotuzu1qo34rzojuusqouqtmrolmssuopc6V3..3eceZQzRg3M5zpXSuldK6V0rpXSulcH2A-&p1=4581534&ruleId=157&skipOffset=00%3A00%3A05&smartpopId=3564&sourceId=4853636&tag=-girls%2Findian&userId=1f2ad638bb163e0f21b19d6cbbcd5805b56eb7b1ef21117b6157eaf2a11915c9&variationId=29475&videosList=oil-show11
104.18.51.106200 OK 0 B URL HTTP/2 go.xlivrdr.com/api/models/vast?campaignId=165aea9bcdd7aabac45f72d02f58fd24b8416bc57cfc540b1b4409ac823564af&campaignType=smartpop&creativeId=b1e02e2720203f684f246d97afe36747c347d0383f37e85772df9f975015b451&duration=00%3A00%3A30&endpoint=room&iterationId=257107&masterSmartpopId=2683&memberId=ooc4ASOptqorordVdTdRZXO6VzqpbXUzOodTK6V0rpXT1UU0uomponpndRNTRPTS6V0zpXSuldK6Z0rpXTOrotuzu1qo34rzojuusqouqtmrolmssuopc6V3..3eceZQzRg3M5zpXSuldK6V0rpXSulcH2A-&p1=4581534&ruleId=157&skipOffset=00%3A00%3A05&smartpopId=3564&sourceId=4853636&tag=-girls%2Findian&userId=1f2ad638bb163e0f21b19d6cbbcd5805b56eb7b1ef21117b6157eaf2a11915c9&variationId=29475&videosList=oil-show11
IP 104.18.51.106:0
GET /api/models/vast?campaignId=165aea9bcdd7aabac45f72d02f58fd24b8416bc57cfc540b1b4409ac823564af&campaignType=smartpop&creativeId=b1e02e2720203f684f246d97afe36747c347d0383f37e85772df9f975015b451&duration=00%3A00%3A30&endpoint=room&iterationId=257107&masterSmartpopId=2683&memberId=ooc4ASOptqorordVdTdRZXO6VzqpbXUzOodTK6V0rpXT1UU0uomponpndRNTRPTS6V0zpXSuldK6Z0rpXTOrotuzu1qo34rzojuusqouqtmrolmssuopc6V3..3eceZQzRg3M5zpXSuldK6V0rpXSulcH2A-&p1=4581534&ruleId=157&skipOffset=00%3A00%3A05&smartpopId=3564&sourceId=4853636&tag=-girls%2Findian&userId=1f2ad638bb163e0f21b19d6cbbcd5805b56eb7b1ef21117b6157eaf2a11915c9&variationId=29475&videosList=oil-show11 HTTP/1.1
Host: go.xlivrdr.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://media.aso1.net
Referer: https://media.aso1.net/
Connection: keep-alive
Cookie: __cflb=02DiuDfsBaY2bRYJiCg3Rc4wrBy1LXpo8VXRt6vUCDp1z
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Fri, 02 Dec 2022 07:31:17 GMT
content-type: text/xml; charset=utf-8
access-control-allow-origin: https://media.aso1.net
access-control-allow-credentials: true
access-control-allow-headers: Content-Type, Content-Length, Accept-Encoding, x-requested-with
cf-cache-status: DYNAMIC
server: cloudflare
cf-ray: 77325cb2ca1eb506-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
cams.gratis/banner/300x250.php?site=xfanta
172.64.195.8200 OK 0 B URL HTTP/2 cams.gratis/banner/300x250.php?site=xfanta
IP 172.64.195.8:0
GET /banner/300x250.php?site=xfanta HTTP/1.1
Host: cams.gratis
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ads.adxadserv.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 02 Dec 2022 07:31:17 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding,User-Agent
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=pTN5A21IuKk5dcNuWm9ouHtEkyVpdAyelcewpb%2FvDB8hveURUP1VYsmtcJXZ%2F8lVdTlSOG5mevcaKdAuHDTMunVFpNs9q9d7vTvTY1LqFqPfdnuqyPcDatP5MMNDyA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 77325cb37dbc06d5-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
chaturbate.com/tours/3/?tour=x1Rd&campaign=NcAyU&c=3&p=0&gender=f&disable_sound=0
104.18.100.40200 OK 0 B URL HTTP/2 chaturbate.com/tours/3/?tour=x1Rd&campaign=NcAyU&c=3&p=0&gender=f&disable_sound=0
IP 104.18.100.40:0
GET /tours/3/?tour=x1Rd&campaign=NcAyU&c=3&p=0&gender=f&disable_sound=0 HTTP/1.1
Host: chaturbate.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://cams.gratis/
Connection: keep-alive
Cookie: __cf_bm=T_iz2TFvxeGRHUoQqTuVaQ9tfpF3UYemO7VlHEYDaG0-1669966278-0-AawWlOY3eNqAQJUkRfIx4yLnQzz/j0zTa2HJ2Sy/Srh0RtFZPL6shfOWy/fKC+hH1ajpdp9ENBGoR0Vn7lVMj+k=
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Fri, 02 Dec 2022 07:31:18 GMT
content-type: text/html; charset=utf-8
vary: Accept-Encoding, Accept-Language, Cookie
p3p: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"
content-language: en
content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.mmcdn.com https://*.highwebmedia.com https://*.chaturbate.com https://chaturbate.com https://ajax.googleapis.com https://js-agent.newrelic.com https://cdnjs.cloudflare.com https://www.google-analytics.com https://www.google.com/recaptcha/ https://www.google.com/cv/ https://www.gstatic.com/recaptcha/ https://www.gstatic.com/cv/ https://www.gstatic.com/eureka/ https://www.gstatic.com/cast/ https://*.nr-data.net https://certify-js.alexametrics.com https://player.vimeo.com/api/player.js http://static.hotjar.com https://static.hotjar.com https://script.hotjar.com ; style-src 'self' data: 'unsafe-inline' https://*.highwebmedia.com https://cdnjs.cloudflare.com https://fonts.googleapis.com ; img-src 'self' data: https://*.mmcdn.com https://*.highwebmedia.com https://*.stream.highwebmedia.com https://*.chaturbate.com https://chaturbate.com https://www.google-analytics.com https://static-pub.highwebmedia.com https://s3pv.highwebmedia.com https://cbphotovideo.s3.amazonaws.com https://cbphotovideo-eu.s3.amazonaws.com https://static-pub.highwebmedia.com.s3.amazonaws.com https://wowdvr.s3.amazonaws.com https://cbvideoupload.s3.amazonaws.com https://cdnjs.cloudflare.com https://www.gstatic.com https://*.nr-data.net https://certify.alexametrics.com https://stats.g.doubleclick.net https://cbgames.s3.amazonaws.com https://player.vimeo.com https://script.hotjar.com http://script.hotjar.com ; font-src 'self' data: https://*.mmcdn.com https://*.highwebmedia.com https://cdnjs.cloudflare.com https://fonts.gstatic.com http://script.hotjar.com https://script.hotjar.com ; connect-src 'self' blob: blob https://*.mmcdn.com wss://*.mmcdn.com wss://*.mmcdn.com:8443 https://*.highwebmedia.com wss://*.highwebmedia.com wss://*.highwebmedia.com:8443 https://*.nr-data.net https://*.chaturbate.com https://chaturbate.com https://www.google-analytics.com https://cbvideoupload.s3-accelerate.amazonaws.com https://stats.g.doubleclick.net https://internet-up.ably-realtime.com https://static-pub.highwebmedia.com https://s3pv.highwebmedia.com https://cbphotovideo.s3.amazonaws.com https://cbphotovideo-eu.s3.amazonaws.com https://static-pub.highwebmedia.com.s3.amazonaws.com https://wowdvr.s3.amazonaws.com https://cbvideoupload.s3.amazonaws.com https://tls-use1.fpapi.io https://use1.fptls.com https://eun1.fptls.com https://aps1.fptls.com http://*.hotjar.com:* https://*.hotjar.com:* https://vc.hotjar.io:* https://surveystats.hotjar.io wss://*.hotjar.com ; media-src 'self' https://*.mmcdn.com https://*.highwebmedia.com https://*.chaturbate.com https://chaturbate.com mediasource: blob: data: https://static-pub.highwebmedia.com https://s3pv.highwebmedia.com https://cbphotovideo.s3.amazonaws.com https://cbphotovideo-eu.s3.amazonaws.com https://static-pub.highwebmedia.com.s3.amazonaws.com https://wowdvr.s3.amazonaws.com https://cbvideoupload.s3.amazonaws.com; object-src 'self' https://*.mmcdn.com https://*.highwebmedia.com https://download.macromedia.com https://static-pub.highwebmedia.com https://s3pv.highwebmedia.com https://cbphotovideo.s3.amazonaws.com https://cbphotovideo-eu.s3.amazonaws.com https://static-pub.highwebmedia.com.s3.amazonaws.com https://wowdvr.s3.amazonaws.com https://cbvideoupload.s3.amazonaws.com ; frame-src 'self' https://*.mmcdn.com https://*.chaturbate.com https://chaturbate.com https://*.highwebmedia.com https://adserver.exoticads.com https://www.google.com/recaptcha/ https://*.wnu.com https://wnu.com https://checkout.2000charge.com https://www.sofort.com https://*.girogate.de https://player.vimeo.com https://vars.hotjar.com ; child-src 'self' blob: blob ; worker-src 'self' blob: blob ; form-action 'self' https://*.chaturbate.com https://chaturbate.com https://*.stream.highwebmedia.com https://www.coinpayments.net https://*.wnu.com https://wnu.com https://devportal.cb.dev https://*.web.amer-1.jumio.ai https://smartpay.coinsmart.com ; manifest-src 'self' https://*.mmcdn.com https://*.highwebmedia.com ; report-uri https://report-uri.mmcdn.com/r/t/csp/enforce;
report-to: {"group":"default","max_age":2592000,"endpoints":[{"url":"https://report-uri.mmcdn.com/a/t/g"}],"include_subdomains":true}
nel: {"report_to":"default","max_age":2592000,"include_subdomains":true}
cache-control: no-cache
x-content-type-options: nosniff
x-xss-protection: 1; mode=block; report=https://report-uri.highwebmedia.com/r/t/xss/enforce
referrer-policy: strict-origin-when-cross-origin
via: 1.1 google
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
set-cookie: stcki="iuhY4r=0"; expires=Sun, 01-Jan-2023 07:31:18 GMT; Max-Age=2592000; Path=/
affkey="eJyrVipSslJQyigpKSi20tdPTswt1ksvSizJLNZXqgUAilAJow=="; Domain=.chaturbate.com; expires=Sun, 01-Jan-2023 07:31:18 GMT; Max-Age=2592000; Path=/
sbr=sec:sbr3e9b8bbd-9b21-4be4-8d5c-68a2f01018cb:1p10Vy:yVAONus-m7YpGaTcZ2_d1bguw34; Domain=.chaturbate.com; expires=Wed, 27-Aug-2025 07:31:18 GMT; HttpOnly; Max-Age=86313600; Path=/; Secure
cf-cache-status: DYNAMIC
strict-transport-security: max-age=31536000; includeSubDomains; preload
server: cloudflare
cf-ray: 77325cb71b12b511-OSL
content-encoding: br
X-Firefox-Spdy: h2
static-assets.highwebmedia.com/CACHE/js/output.6f6724a00cb8.js
104.16.94.42200 OK 0 B URL HTTP/2 static-assets.highwebmedia.com/CACHE/js/output.6f6724a00cb8.js
IP 104.16.94.42:0
GET /CACHE/js/output.6f6724a00cb8.js HTTP/1.1
Host: static-assets.highwebmedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://chaturbate.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 02 Dec 2022 07:31:18 GMT
content-type: application/javascript
cache-control: public, max-age=2592000
cf-bgj: minify
etag: W/"a708027bfbbde438a72a93082d4bc4b5"
last-modified: Thu, 24 Jun 2021 21:24:05 GMT
x-amz-id-2: JSy2VAlm3gAahvlCm5/iqNOQuasckcIrq13CGup8iDmNjJ/I2mSXsAw6q4OzSeK3RH88h3oFZ3U=
x-amz-meta-s3cmd-attrs: md5:a708027bfbbde438a72a93082d4bc4b5
x-amz-request-id: 2D5V5B3Y2TWH6PZC
cf-cache-status: HIT
age: 1332235
expires: Sun, 01 Jan 2023 07:31:18 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=99eeWLRseptjZzfyQQrb9xcgLFnLJof1m%2BzuGd%2BBB6qJw0bx2wm9I%2FkVSz19%2FnD16LhIfTe%2BYWOWTxiG6WZVFyQCSQzfaeSWEiD%2FKKKns%2FbH4uqu4hjbEZaB9AN%2Be%2FJpCjwtZ%2FII6fYOSL2D07o%2Bag%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
set-cookie: _cfuvid=j1lc.Xj4FGxJAHbYY0kDHyk_gljhVjctXqR4flMlksw-1669966278612-0-604800000; path=/; domain=.highwebmedia.com; HttpOnly; Secure; SameSite=None
server: cloudflare
cf-ray: 77325cb949d9b521-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ads.adxadserv.com/ad?spotid=636bc5d561d6e27071201a23&type=300x250&output=html
185.98.53.2200 OK 0 B URL HTTP/2 ads.adxadserv.com/ad?spotid=636bc5d561d6e27071201a23&type=300x250&output=html
IP 185.98.53.2:0
ASN #39572 DataWeb Global Group B.V.
GET /ad?spotid=636bc5d561d6e27071201a23&type=300x250&output=html HTTP/1.1
Host: ads.adxadserv.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Fri, 02 Dec 2022 07:31:17 GMT
content-type: text/html; charset=utf-8
cache-control: no-cache
X-Firefox-Spdy: h2