en.xvideos-dl.top/v/s:/twitter.com/pattyannspenser/status/996768377740853249?lang=eu/title/Patricia%20Anne%20Spenser%20-%20Wow,%20wow,%20wow!%20Just%20received%20this%20snippet%20from%20family%20sex%20club%20friends:%20older%20mother%20doing%20BOTH%20her%20grown%20sons%20while%20dad%20gets%20it%20all%20on%20video%20for%20their%20next%20sex%20club%20weekend!%20%20Here%27s%20the%20link%20to%20MY%20stories%20about%20that%20kind%20of%20fun:%20[0:27x720p]
208.109.191.82200 OK 9.9 kB URL HTTP/1.1 en.xvideos-dl.top/v/s:/twitter.com/pattyannspenser/status/996768377740853249?lang=eu/title/Patricia%20Anne%20Spenser%20-%20Wow,%20wow,%20wow!%20Just%20received%20this%20snippet%20from%20family%20sex%20club%20friends:%20older%20mother%20doing%20BOTH%20her%20grown%20sons%20while%20dad%20gets%20it%20all%20on%20video%20for%20their%20next%20sex%20club%20weekend!%20%20Here%27s%20the%20link%20to%20MY%20stories%20about%20that%20kind%20of%20fun:%20[0:27x720p]
IP 208.109.191.82:0
ASN #398101 GO-DADDY-COM-LLC
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (15032), with CRLF line terminators
Hash 68156471795612798197ea8b81d2a222
f24c714df929446e4c42611039b380ec60e3c8fd
e90262cc6cc4f6338d0e9deacff12c299e118faaa6aee06f51bf5bca2ebd2b48
GET /v/s:/twitter.com/pattyannspenser/status/996768377740853249?lang=eu/title/Patricia%20Anne%20Spenser%20-%20Wow,%20wow,%20wow!%20Just%20received%20this%20snippet%20from%20family%20sex%20club%20friends:%20older%20mother%20doing%20BOTH%20her%20grown%20sons%20while%20dad%20gets%20it%20all%20on%20video%20for%20their%20next%20sex%20club%20weekend!%20%20Here%27s%20the%20link%20to%20MY%20stories%20about%20that%20kind%20of%20fun:%20[0:27x720p] HTTP/1.1
Host: en.xvideos-dl.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Server: nginx/1.20.1
Date: Sun, 27 Nov 2022 20:54:05 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: close
Vary: Host,Accept-Encoding
pdo-line8: host-en.xvideos-dl.top127.0.0.1-myhost-en.xvideos-dl.top127.0.0.1/v/s://twitter.com/pattyannspenser/status/996768377740853249?lang=eu/title/Patricia%20Anne%20Spenser%20-%20Wow,%20wow,%20wow!%20Just%20received%20this%20snippet%20from%20family%20sex%20club%20friends:%20older%20mother%20doing%20BOTH%20her%20grown%20sons%20while%20dad%20gets%20it%20all%20on%20video%20for%20their%20next%20sex%20club%20weekend!%20%20Here's%20the%20link%20to%20MY%20stories%20about%20that%20kind%20of%20fun:%20[0:27x720p]
phost: en.xvideos-dl.top
line1066: notjp-nojp-myhost-en.xvideos-dl.top-filteron-
pdo106: feedvid-, cachefileb-cacpdo6/99/28/9f9e65, lfm-1-100, lmd-100, lud-2336443, xfvlen-1809085, fsize-1329494, played-1423
pdophp-line408: -; cachetime- 5939.3314852297; ctime- 20220628014215
line1514: method-5: ik-patricia|||anne|||spenser|||wow|||wow|||wow|||just|||received|||this|||snippet|||from|||family|||sex|||club|||friends|||older|||mother|||doing|||both|||her|||grown|||sons|||while|||dad|||gets|||it|||all|||on|||for|||their|||next|||sex|||club|||weekend|||here|||s|||the|||link|||to|||my|||stories|||about|||that|||kind|||of|||fun|||patricia anne spenser - wow, wow, wow! just received this snippet from family sex club friends: older mother doing both her grown sons while dad gets it all on for their next sex club weekend! here's the link to my stories about that kind of fun:: vidlang-nojp9374
line1528: method-5: ik-patricia|||anne|||spenser|||wow|||wow|||wow|||just|||received|||this|||snippet|||from|||family|||club|||friends|||older|||mother|||doing|||both|||grown|||sons|||while|||dad|||gets|||it|||all|||on|||for|||their|||next|||club|||weekend|||here|||s|||link|||to|||my|||stories|||about|||that|||kind|||of|||fun|||patricia anne spenser - wow, wow, wow! just received this snippet from family sex club friends: older mother doing both her grown sons while dad gets it all on for their next sex club weekend! here's the link to my stories about that kind of fun:: vidlang-nojp
pdoline1599: sarray-0nojp8080
pdoline1662: notjp-nojp: fvkwcnt-9369
pdoline1666: notjp-nojp: fvkwcnt-9369
pdo-line1950: $i-77$load-0.7053125
Cache-Control: max-age=18451, public
genre: genre=
Content-Encoding: gzip
Access-Control-Allow-Origin: *
X-Proxy-Cache-5950: EXPIRED
Xkey-5950: en./v/s:/twitter.com/pattyannspenser/status/996768377740853249?lang=eu-AB-en.xvideos-dl.top-en.xvideos-dl.top-cacpdo0---yes
X-Proxy-Cache-gla: HIT
Xkey-gla: en./v/s:/twitter.com/pattyannspenser/status/996768377740853249?lang=eu-AB-en.xvideos-dl.top--my_zone
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 150792cfc458af013998f4ef6bdf5f74
d5179b2dcb11d06f82606bf6eb6648319998d63e
72937c756d3feeae6d04a6f445398b0436bdf559f8c7437e3a3233263943900e
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "72937C756D3FEEAE6D04A6F445398B0436BDF559F8C7437E3A3233263943900E"
Last-Modified: Sat, 26 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3762
Expires: Sun, 27 Nov 2022 21:56:47 GMT
Date: Sun, 27 Nov 2022 20:54:05 GMT
Connection: keep-alive
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 64b2a23eab6e5ae8c010ec7242be930c
0673e4385ba01a5a245711bab96cafc34f765793
64751d193f7af72431e9689581faffcae1a30ff50ea425697b2b80ff61c87909
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4532
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Sun, 27 Nov 2022 20:54:05 GMT
Last-Modified: Sun, 27 Nov 2022 19:38:33 GMT
Server: ECS (ska/F71B)
X-Cache: HIT
Content-Length: 471
firefox.settings.services.mozilla.com/v1/
34.102.187.140200 OK 939 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/
IP 34.102.187.140:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash d130218d0e2841f39c99610fe1a2ab90
29fbe1e177ee55c7a61ae0a206afff271cf5f945
6b6d74dccf10c2bc98a91c3388280d7ba1d9596bf8cadd7db0e2f63720b3d152
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Backoff, Alert, Content-Type, Retry-After, Content-Length
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Sun, 27 Nov 2022 20:17:41 GMT
cache-control: public,max-age=3600
content-type: application/json
age: 2184
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 71f9c681a82440fd55e76c780a20e55d
3147768cfbcdd06e0c6e69684292e68e99917a80
5ea71ce6dd9e927f9bb3f97f59cc1ac7dc25a949024815965b29bc5835614786
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "5EA71CE6DD9E927F9BB3F97F59CC1AC7DC25A949024815965B29BC5835614786"
Last-Modified: Sat, 26 Nov 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2770
Expires: Sun, 27 Nov 2022 21:40:15 GMT
Date: Sun, 27 Nov 2022 20:54:05 GMT
Connection: keep-alive
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain
34.160.144.191200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain
IP 34.160.144.191:0
File type PEM certificate\012- , ASCII text
Hash 9ebddc2b260d081ebbefee47c037cb28
492bad62a7ca6a74738921ef5ae6f0be5edebf39
74bbb7cba16f7d084a08a0907d47d7496e5c148f904707ec6950f8f6a61027e5
GET /chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: grFr9uIAZGHDI6C8Eefu2EAtGu50ao+ZMRVbQRafytsos9F0wD/1bYhdGr4hzW4zrhA5OuBMOFM=
x-amz-request-id: XYR8ATX4D0KKN0QB
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Sun, 27 Nov 2022 20:44:46 GMT
age: 559
last-modified: Thu, 10 Nov 2022 09:21:27 GMT
etag: "9ebddc2b260d081ebbefee47c037cb28"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Sun, 27 Nov 2022 20:54:05 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 278 B IP 93.184.220.29:0
Hash 061b352465462dc63eff46fa71d7c1a2
4851835923038e23eca6678ca841e58b68074c85
18ef118ff0bc0062268d1a27ed0f697ab42534dc0aaa6732a0e3112cc84eff92
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3228
Cache-Control: max-age=101586
Content-Type: application/ocsp-response
Date: Sun, 27 Nov 2022 20:54:05 GMT
Etag: "6382aba3-116"
Expires: Tue, 29 Nov 2022 01:07:11 GMT
Last-Modified: Sun, 27 Nov 2022 00:13:23 GMT
Server: ECS (ska/F71B)
X-Cache: HIT
Content-Length: 278
ocsp.digicert.com/
93.184.220.29200 OK 278 B IP 93.184.220.29:0
Hash 061b352465462dc63eff46fa71d7c1a2
4851835923038e23eca6678ca841e58b68074c85
18ef118ff0bc0062268d1a27ed0f697ab42534dc0aaa6732a0e3112cc84eff92
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3228
Cache-Control: max-age=101586
Content-Type: application/ocsp-response
Date: Sun, 27 Nov 2022 20:54:05 GMT
Etag: "6382aba3-116"
Expires: Tue, 29 Nov 2022 01:07:11 GMT
Last-Modified: Sun, 27 Nov 2022 00:13:23 GMT
Server: ECS (ska/F71B)
X-Cache: HIT
Content-Length: 278
ocsp.digicert.com/
93.184.220.29200 OK 278 B IP 93.184.220.29:0
Hash 061b352465462dc63eff46fa71d7c1a2
4851835923038e23eca6678ca841e58b68074c85
18ef118ff0bc0062268d1a27ed0f697ab42534dc0aaa6732a0e3112cc84eff92
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3229
Cache-Control: max-age=101586
Content-Type: application/ocsp-response
Date: Sun, 27 Nov 2022 20:54:06 GMT
Etag: "6382aba3-116"
Expires: Tue, 29 Nov 2022 01:07:12 GMT
Last-Modified: Sun, 27 Nov 2022 00:13:23 GMT
Server: ECS (ska/F71B)
X-Cache: HIT
Content-Length: 278
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
34.102.187.140200 OK 329 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 34.102.187.140:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Type, Retry-After, Content-Length, Alert, Cache-Control, ETag, Pragma, Expires, Backoff, Last-Modified
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Sun, 27 Nov 2022 20:08:54 GMT
cache-control: public,max-age=3600
age: 2712
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
alt-svc: clear
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash a6fee11dfe1b88cd768a0ca3e2bd0c89
59cec9a44a4a92467678afe65f347f68641a2174
50870c499aae4d5dfd6df25a36cd04b6d185b66ef0590e46933984bf52e2483f
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5292
Cache-Control: max-age=135658
Content-Type: application/ocsp-response
Date: Sun, 27 Nov 2022 20:54:06 GMT
Etag: "638328ac-1d7"
Expires: Tue, 29 Nov 2022 10:35:04 GMT
Last-Modified: Sun, 27 Nov 2022 09:06:52 GMT
Server: ECS (ska/F71B)
X-Cache: HIT
Content-Length: 471
ocsp.digicert.com/
93.184.220.29200 OK 280 B IP 93.184.220.29:0
Hash ebed87c2caeb00f3daca76b91f1d5856
0b524def376f7bf90143e8c002fbbdc776d4b457
9d50a898f0edaf6c38ef9827dcfc72de00b8afd71fde693644c3e7424f6efaa4
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5174
Cache-Control: max-age=89835
Content-Type: application/ocsp-response
Date: Sun, 27 Nov 2022 20:54:06 GMT
Etag: "63827623-118"
Expires: Mon, 28 Nov 2022 21:51:21 GMT
Last-Modified: Sat, 26 Nov 2022 20:25:07 GMT
Server: ECS (ska/F71B)
X-Cache: HIT
Content-Length: 280
cacrip.nakadashi.pw/AV4.us.jpg
172.64.128.21200 OK 8.7 kB URL HTTP/1.1 cacrip.nakadashi.pw/AV4.us.jpg
IP 172.64.128.21:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 307x82, components 3\012- data
Hash edfe007a6e5b3d268b2528f564b60b43
1644c8ef97c871079e07e5079d613af5cb94052f
bf5bb657f5e788af0c02b9b437d3f15bec91e27175e5a654e3d431fb6d063390
GET /AV4.us.jpg HTTP/1.1
Host: cacrip.nakadashi.pw
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://en.xvideos-dl.top/
HTTP/1.1 200 OK
Date: Sun, 27 Nov 2022 20:54:06 GMT
Content-Type: image/jpeg
Content-Length: 8741
Connection: keep-alive
etag: "2225-5499bcea176c0"
access-control-allow-origin: *
cache-control: public, max-age=360000
CF-Cache-Status: HIT
Age: 145754
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2F7F0Saz4mCZrEAGFMKL2jxY890f2SXhWzXE8%2BNi7b6uXbHp7CDmlxcqCHrkxE2k4s12QFu66DkPT4vrI1JtMZedHkIq7S0skoh1ozYaouR9v0IlHFP0AK8drTB%2FMvgCsGo%2F2nqND"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 770dc1d24ad274c5-LHR
alt-svc: h2=":443"; ma=60
cdnjs.cloudflare.com/ajax/libs/nosleep/0.11.0/NoSleep.min.js
104.17.25.14200 OK 4.0 kB URL HTTP/2 cdnjs.cloudflare.com/ajax/libs/nosleep/0.11.0/NoSleep.min.js
IP 104.17.25.14:0
File type ASCII text, with very long lines (10613)
Hash 9653b380e66b38af571efdafa5763f0d
835aa2c117b6b3156a3b439ec302ffa268466c55
3181b9ecf39cca87ae50e71c715a2accc9787ac8655edf1d0fc5195bd688b38f
GET /ajax/libs/nosleep/0.11.0/NoSleep.min.js HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://en.xvideos-dl.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 27 Nov 2022 20:54:06 GMT
content-type: application/javascript; charset=utf-8
content-length: 3953
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "5ed16b69-29bf"
last-modified: Fri, 29 May 2020 20:07:05 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
cf-cache-status: HIT
age: 26337524
expires: Fri, 17 Nov 2023 20:54:06 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ciws%2FVxD%2BfEaPgNf6LyvFYPLBi45xwkSDRr3bSazSdaNdizd2RlT3xPxc4WYwdVO1YmXZGGPkbGj%2F60lBodBkrKxBRwoOQP8MDkLymwdf5zJGb0F4Vun8oZWS4cwXg065JRxn1jd"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 770dc1d27a240b49-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash 5af61422c4eaa1b995ec63e463abda26
db75634681ed688840773ce828c169ac9da7d131
506791493bb08d458008ad072ac34a26c2170c1e775b83f55f20cd8af97aa895
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 27 Nov 2022 20:54:06 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.digicert.com/
93.184.220.29200 OK 280 B IP 93.184.220.29:0
Hash ebed87c2caeb00f3daca76b91f1d5856
0b524def376f7bf90143e8c002fbbdc776d4b457
9d50a898f0edaf6c38ef9827dcfc72de00b8afd71fde693644c3e7424f6efaa4
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5174
Cache-Control: max-age=89835
Content-Type: application/ocsp-response
Date: Sun, 27 Nov 2022 20:54:06 GMT
Etag: "63827623-118"
Expires: Mon, 28 Nov 2022 21:51:21 GMT
Last-Modified: Sat, 26 Nov 2022 20:25:07 GMT
Server: ECS (ska/F71B)
X-Cache: HIT
Content-Length: 280
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash 0ee1d1a60ec1770ec3e880a25c257f5d
015b05feff63bdcf8fae4d1a8c0c83c923a2ca67
b6845619444a37f322c044933a44cf3fd283a18a54d03bad4f76a2ed8c2cbaf6
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 27 Nov 2022 20:54:06 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ajax.googleapis.com/ajax/libs/jquery/3.3.1/jquery.min.js
142.250.74.138200 OK 30 kB URL HTTP/2 ajax.googleapis.com/ajax/libs/jquery/3.3.1/jquery.min.js
IP 142.250.74.138:0
File type ASCII text, with very long lines (65451)
Hash 0f83cadc148d2ad7e53c91f6c4ee05bb
90035c5fffedf4b0f099465f6b929a030b46c92b
3f59aa77bbbed7760a9968af27d3c19ffddda021c948edf0bf0c0f828dd308ae
GET /ajax/libs/jquery/3.3.1/jquery.min.js HTTP/1.1
Host: ajax.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://en.xvideos-dl.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="hosted-libraries-pushers"
report-to: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
timing-allow-origin: *
content-length: 30399
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Sun, 27 Nov 2022 09:42:00 GMT
expires: Mon, 27 Nov 2023 09:42:00 GMT
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
last-modified: Tue, 03 Mar 2020 19:15:00 GMT
content-type: text/javascript; charset=UTF-8
age: 40326
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
comments.gazo.space/comments/embed.js?37
104.21.235.170200 OK 6.7 kB URL HTTP/1.1 comments.gazo.space/comments/embed.js?37
IP 104.21.235.170:0
File type ASCII text, with very long lines (14022)
Hash 352c889af2cf2163a866e7e381ae9252
dba161ee742e83c96891e1c3fa8e9a6ecd88ab55
aca3691a6709b371e3dedde66943ed3a1b9a8d2b67734123916d74c1a82e510c
Analyzer Verdict Alert fortinet Phishing
GET /comments/embed.js?37 HTTP/1.1
Host: comments.gazo.space
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://en.xvideos-dl.top/
HTTP/1.1 200 OK
Date: Sun, 27 Nov 2022 20:54:06 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=360000
Cf-Bgj: minify
Cf-Polished: origSize=20813
ETag: W/"514d-5e998fd344edc"
X-Proxy-Cache-Rip: HIT
XkeyRip: jcomments./comments/embed.js?37-A-comments.gazo.space--my_zone-yes
CF-Cache-Status: HIT
Age: 214695
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=mcntPCm0eggueh3tqR9DEsyE8R92oMFw7ntKawvY%2BdyX0Y3S90AHCVUwHklz4L%2Bh45iXY2nXd62izxkado97dWskznmFYHbJv%2FXf37wNtbXpM3dcy75En3ICsGdDHl6GMDIUmrDh"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 770dc1d26bb7072a-LHR
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
www.googletagmanager.com/gtag/js?id=UA-620120-3
142.250.74.168200 OK 44 kB URL HTTP/2 www.googletagmanager.com/gtag/js?id=UA-620120-3
IP 142.250.74.168:0
File type ASCII text, with very long lines (1921)
Hash d4f073c6d2ceb5c1740072f7fc42fdc1
411e9378be4027ca87b6f6ea017122f74823e665
89a878a25a9d425d48a531d17664bab4eb7457247c0df47043b2ae7eaebc9f8d
GET /gtag/js?id=UA-620120-3 HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://en.xvideos-dl.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Sun, 27 Nov 2022 20:54:06 GMT
expires: Sun, 27 Nov 2022 20:54:06 GMT
cache-control: private, max-age=900
last-modified: Sun, 27 Nov 2022 18:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 43650
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
js.gazo.space/mycss/av4.css?3
104.21.235.169200 OK 1.3 kB URL HTTP/1.1 js.gazo.space/mycss/av4.css?3
IP 104.21.235.169:0
File type Unicode text, UTF-8 text, with CRLF line terminators
Hash 91947d93b00450de35830a7838c75b9e
f3cbeac747d7aaef471fa96214247686a1e43369
50d14f8c12ee897ab7e0d5279f10b937a3d06911682c0a555922b769d407899a
GET /mycss/av4.css?3 HTTP/1.1
Host: js.gazo.space
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://en.xvideos-dl.top/
HTTP/1.1 200 OK
Date: Sun, 27 Nov 2022 20:54:06 GMT
Content-Type: text/css
Transfer-Encoding: chunked
Connection: keep-alive
ETag: W/"f05-5cc0d86532b3f"
Access-Control-Allow-Origin: *
Access-Control-Allow-Headers: Cake
Cache-Control: public, max-age=3600000
CF-Cache-Status: HIT
Age: 464491
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=sn1DWCBULDcQFNnWXAUW%2FGN3FcXywrv2wQilHDK%2BgaGgXiNmO5laAqF9vEuySrkotvfQUoFHCF0Ek4bHnnvpdIOE57V6xC80IdUeW2ho0w2DEUyaf%2BEGIVp9%2BXNZW2cu"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 770dc1d28c24dcfb-LHR
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
cdn.jsdelivr.net/npm/yandex-metrica-watch/watch.js
151.101.85.229200 OK 67 kB URL HTTP/2 cdn.jsdelivr.net/npm/yandex-metrica-watch/watch.js
IP 151.101.85.229:0
File type Unicode text, UTF-8 (with BOM) text, with very long lines (586)
Hash abdd26bf39ab05e9898e3cf1ddbd3fd9
93521bf8e710e9ec024f0e9e24441ccd81c4a6f1
06c56ad9020dc6ef1a5d0141d5c172c0029d18f2dafe0b79a84bb0c4db2aa52d
GET /npm/yandex-metrica-watch/watch.js HTTP/1.1
Host: cdn.jsdelivr.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://en.xvideos-dl.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: *
timing-allow-origin: *
cache-control: public, max-age=604800, s-maxage=43200
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/javascript; charset=utf-8
x-jsd-version: 1.249.0
x-jsd-version-type: version
etag: W/"28441-HHcPD8UUl0943tDpENjh6gMs5yQ"
content-encoding: gzip
accept-ranges: bytes
date: Sun, 27 Nov 2022 20:54:06 GMT
age: 8942
x-served-by: cache-fra-eddf8230043-FRA, cache-bma1680-BMA
x-cache: HIT, HIT
vary: Accept-Encoding
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 66654
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash 5af61422c4eaa1b995ec63e463abda26
db75634681ed688840773ce828c169ac9da7d131
506791493bb08d458008ad072ac34a26c2170c1e775b83f55f20cd8af97aa895
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 27 Nov 2022 20:54:06 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash 0ee1d1a60ec1770ec3e880a25c257f5d
015b05feff63bdcf8fae4d1a8c0c83c923a2ca67
b6845619444a37f322c044933a44cf3fd283a18a54d03bad4f76a2ed8c2cbaf6
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 27 Nov 2022 20:54:06 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.globalsign.com/ca/gsatlasr3dvtlsca2022q1
104.18.21.226200 OK 1.5 kB URL HTTP/1.1 ocsp.globalsign.com/ca/gsatlasr3dvtlsca2022q1
IP 104.18.21.226:0
Hash 4ba82f51b4cb4117825bfaac63aac53b
b3e2988090d5d1c8b8fa1bd485f85ab24f4b06d7
cda57204d04dc34d2544932d0795dedb70e7a6daabe187929e2e3db29ba9725a
POST /ca/gsatlasr3dvtlsca2022q1 HTTP/1.1
Host: ocsp.globalsign.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sun, 27 Nov 2022 20:54:06 GMT
Content-Type: application/ocsp-response
Transfer-Encoding: chunked
Connection: keep-alive
Etag: "BCA5D011F60FEE9D38B19C70DDD84C46057CE836"
Expires: Mon, 28 Nov 2022 07:00:00 GMT
Last-Modified: Sun, 27 Nov 2022 19:00:00 UTC
Cache-Control: s-maxage=3600, public, no-transform, must-revalidate
CF-Cache-Status: HIT
Age: 2823
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 770dc1d34ec1b50c-OSL
ocsp.digicert.com/
93.184.220.29200 OK 278 B IP 93.184.220.29:0
Hash efb85bdb2274abf336f4748eeb5d6bdc
6810b0f697c246d93648d569172e234376f3c2fe
f8af0676272c238c5eb8e2a65d932d5f5e8eebea3069c443da5edecbd114951b
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6544
Cache-Control: max-age=157798
Content-Type: application/ocsp-response
Date: Sun, 27 Nov 2022 20:54:06 GMT
Etag: "63837a44-116"
Expires: Tue, 29 Nov 2022 16:44:04 GMT
Last-Modified: Sun, 27 Nov 2022 14:55:00 GMT
Server: ECS (ska/F71B)
X-Cache: HIT
Content-Length: 278
ocsp.digicert.com/
93.184.220.29200 OK 279 B IP 93.184.220.29:0
Hash 61d92d948bf49dcd406ac0db56865f7a
fbad6b6fec56f97b6bcdfca57eefe54cfb1724ce
45eeecefa200f2df7feaf1738c415f902a9a1cdbeae3e0e0f282e9f87ea6058f
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 1936
Cache-Control: max-age=132677
Content-Type: application/ocsp-response
Date: Sun, 27 Nov 2022 20:54:06 GMT
Etag: "63832a23-117"
Expires: Tue, 29 Nov 2022 09:45:23 GMT
Last-Modified: Sun, 27 Nov 2022 09:13:07 GMT
Server: ECS (ska/F71B)
X-Cache: HIT
Content-Length: 279
cdn.sc.gl/videojs-hotkeys/latest/videojs.hotkeys.min.js
104.21.13.216200 OK 1.8 kB URL HTTP/1.1 cdn.sc.gl/videojs-hotkeys/latest/videojs.hotkeys.min.js
IP 104.21.13.216:0
File type ASCII text, with very long lines (4505)
Hash 62df3c3b9c50eb48c9bdf36e310babf2
1f69b85084ccd0348dcd55fba839be4f271a591d
883898451b3b4a6a893b54c87b71fe23df90be071936330b23eb2cd6c4f49274
GET /videojs-hotkeys/latest/videojs.hotkeys.min.js HTTP/1.1
Host: cdn.sc.gl
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://en.xvideos-dl.top/
HTTP/1.1 200 OK
Date: Sun, 27 Nov 2022 20:54:06 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Sun, 28 Aug 2022 02:39:12 GMT
Access-Control-Allow-Origin: *
Cache-Control: max-age=86400
CF-Cache-Status: HIT
Age: 2792
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=k56GFsELzqXpYMr%2Fj3w5Yf1Suw4%2BHymk6jIvkWa20DPEI%2Fiw0J0Ss0MkYS%2FbxFGsp9zvJFd1Hf7hQhAKV11hay8LDVyQ91%2BYc4mzFRyF1DPqJ4qiTsrr1CJshJ4%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 770dc1d3795fb518-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
jsjs.gazo.space/index.php?js=very
104.21.235.170200 OK 60 kB URL HTTP/2 jsjs.gazo.space/index.php?js=very
IP 104.21.235.170:0
File type ASCII text, with no line terminators
Hash e142981ada576f30fd6a01aff363d090
a2bedb32cd905e4202444c15bdeb8823a0e3a838
4c502d5e6dc947249297ab90800d915b0eadfe2e33873c4d89f5f22eee52c597
Analyzer Verdict Alert fortinet Phishing
GET /index.php?js=very HTTP/1.1
Host: jsjs.gazo.space
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://en.xvideos-dl.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 27 Nov 2022 20:54:06 GMT
content-type: text/html; charset=UTF-8
access-control-allow-origin: *
access-control-allow-headers: Cake
imghost: 240026512804c008ad763d1c3-h-jsjsgazospacmh--NO-rm2400cb003731024ac46a25c/index.php?js=very
55nloadrate: 0.498125
cache-control: max-age=360000, private
vary: Accept-Encoding
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=EdvzmRioBJym4TwFwQrQrVOfhJV3LDGaR4ZaitDswBoBUiBJaEHTLY6vqm%2BnsSDunJAuE3bWgdSq7lJcw1ii6tut4jZK8mKl6nnoiQ9P88fcLQ%2BwMxio8DbxbAUmL9630bI%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 770dc1ceead67423-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
vjs.zencdn.net/7.8.2/video-js.css
151.101.86.217200 OK 11 kB URL HTTP/2 vjs.zencdn.net/7.8.2/video-js.css
IP 151.101.86.217:0
File type Unicode text, UTF-8 text, with very long lines (5844)
Hash 8e0b9e4f5782827464baaa97ab90792a
25330bf40d7ad79648413156e6680a5c0de064b1
f26b66fc7b0a3f85500fe249594bfec05008ab32b33cd885a67fb588b6eb9ac5
GET /7.8.2/video-js.css HTTP/1.1
Host: vjs.zencdn.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://en.xvideos-dl.top/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
last-modified: Tue, 26 May 2020 21:39:05 GMT
etag: "9d2c20f32d2509c50bdcb9239fb9b62e"
cache-control: public, max-age=31536000
content-type: text/css; charset=utf-8
content-encoding: gzip
date: Sun, 27 Nov 2022 20:54:06 GMT
x-served-by: cache-bma1680-BMA
x-cache: HIT
x-cache-hits: 9460
vary: Accept-Encoding
access-control-allow-origin: *
timing-allow-origin: *
content-length: 10723
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 279 B IP 93.184.220.29:0
Hash 61d92d948bf49dcd406ac0db56865f7a
fbad6b6fec56f97b6bcdfca57eefe54cfb1724ce
45eeecefa200f2df7feaf1738c415f902a9a1cdbeae3e0e0f282e9f87ea6058f
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 1936
Cache-Control: max-age=132677
Content-Type: application/ocsp-response
Date: Sun, 27 Nov 2022 20:54:06 GMT
Etag: "63832a23-117"
Expires: Tue, 29 Nov 2022 09:45:23 GMT
Last-Modified: Sun, 27 Nov 2022 09:13:07 GMT
Server: ECS (ska/F71B)
X-Cache: HIT
Content-Length: 279
js.gazo.space/index.php?js=av4&advertisement&
104.21.235.169200 OK 36 kB URL HTTP/2 js.gazo.space/index.php?js=av4&advertisement&
IP 104.21.235.169:0
File type HTML document, Unicode text, UTF-8 text, with very long lines (6448), with CRLF line terminators
Hash 608fe4a0f4e0014caa621652f4dab1f6
c4d7788875a8063a6de0ac7121548057b975ab7b
f73a562008087a6ef43a62088b9377a445d72e8106fd18e58d57c64703e7b330
GET /index.php?js=av4&advertisement& HTTP/1.1
Host: js.gazo.space
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://en.xvideos-dl.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 27 Nov 2022 20:54:05 GMT
content-type: text/html; charset=UTF-8
access-control-allow-origin: *
access-control-allow-headers: Cake
imghost: 240026512804c008ad763d1c3-h-jsgazospacmh--GB-rm2400cb003761024ac4655a9/index.php?js=av4&advertisement&
55nloadrate: 0.465
cache-control: public, max-age=7200, s-max-age=1800
vary: Accept-Encoding
cf-cache-status: HIT
age: 1726
last-modified: Sun, 27 Nov 2022 20:25:19 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=jvcZHwzozWhukIc3TNNI0iglgeHrLKw3X0z1x6iUXvO54D9xdkLCCkBymEIGjrtuaWfoI7m6%2BTv1SM5Qc%2F3Faull1CiDLOCla5KYY8pDxMYxsILq%2BQT4FFV4EkfUQcx9"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 770dc1ceea4276c5-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.globalsign.com/gseccovsslca2018
104.18.21.226200 OK 939 B URL HTTP/1.1 ocsp.globalsign.com/gseccovsslca2018
IP 104.18.21.226:0
Hash c22413fc14fa74d8a917efe3fff6600f
a22a52aa26c35d98e34a388cf36b05e428582869
fcfde3302c49d4810766c711d10d9e21b7d82469999e4250dd2aa5829ff22045
POST /gseccovsslca2018 HTTP/1.1
Host: ocsp.globalsign.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 79
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sun, 27 Nov 2022 20:54:07 GMT
Content-Type: application/ocsp-response
Content-Length: 939
Connection: keep-alive
Expires: Thu, 01 Dec 2022 17:05:50 GMT
ETag: "a22a52aa26c35d98e34a388cf36b05e428582869"
Last-Modified: Sun, 27 Nov 2022 17:05:51 GMT
Cache-Control: public, no-transform, must-revalidate, s-maxage=3600
CF-Cache-Status: HIT
Age: 3145
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 770dc1d5bb57b50c-OSL
mc.yandex.ru/watch/48140495?wmode=7&page-url=http%3A%2F%2Fen.xvideos-dl.top%2Fv%2Fs%3A%2Ftwitter.com%2Fpattyannspenser%2Fstatus%2F996768377740853249%3Flang%3Deu%2Ftitle%2FPatricia%2520Anne%2520Spenser%2520-%2520Wow%2C%2520wow%2C%2520wow!%2520Just%2520received%2520this%2520snippet%2520from%2520family%2520sex%2520club%2520friends%3A%2520older%2520mother%2520doing%2520BOTH%2520her%2520grown%2520sons%2520while%2520dad%2520gets%2520it%2520all%2520on%2520video%2520for%2520their%2520next%2520sex%2520club%2520weekend!%2520%2520Here%2527s%2520the%2520link%2520to%2520MY%2520stories%2520about%2520that%2520kind%2520of%2520fun%3A%2520%5B0%3A27x720p%5D&charset=utf-8&browser-info=pv%3A1%3Agdpr%3A14%3Avf%3A12kpamsypdk9qpokppnvg4%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A923%3Acn%3A1%3Adp%3A0%3Als%3A1629153889900%3Ahid%3A558784529%3Az%3A0%3Ai%3A20221127205406%3Aet%3A1669582446%3Ac%3A1%3Arn%3A813847207%3Arqn%3A1%3Au%3A1669582446636674913%3Aw%3A1280x939%3As%3A1280x1024x24%3Ask%3A1%3Ads%3A3%2C150%2C151%2C2%2C-7%2C0%2C%2C%2C%2C%2C%2C%2C%3Ans%3A1669582444846%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1669582446%3At%3APatricia%20Anne%20Spenser%20-%20Wow%2C%20wow%2C%20wow!%20Just%20received%20this%20snippet%20from%20family%20sex%20club%20friends%3A%20older%20mother%20doing%20BOTH%20her%20grown%20sons%20while%20dad%20gets%20it%20all%20on%20video%20for%20their%20next%20sex%20club%20weekend!%20Here%27s%20the%20link%20to%20MY%20stories%20about%20that%20kind%20of%20fun%3A&t=gdpr(14)clc(0-0-0)rqnt(1)aw(1)fip(1)rqnl(1)ti(2)
87.250.251.119302 Found 400 B URL HTTP/2 mc.yandex.ru/watch/48140495?wmode=7&page-url=http%3A%2F%2Fen.xvideos-dl.top%2Fv%2Fs%3A%2Ftwitter.com%2Fpattyannspenser%2Fstatus%2F996768377740853249%3Flang%3Deu%2Ftitle%2FPatricia%2520Anne%2520Spenser%2520-%2520Wow%2C%2520wow%2C%2520wow!%2520Just%2520received%2520this%2520snippet%2520from%2520family%2520sex%2520club%2520friends%3A%2520older%2520mother%2520doing%2520BOTH%2520her%2520grown%2520sons%2520while%2520dad%2520gets%2520it%2520all%2520on%2520video%2520for%2520their%2520next%2520sex%2520club%2520weekend!%2520%2520Here%2527s%2520the%2520link%2520to%2520MY%2520stories%2520about%2520that%2520kind%2520of%2520fun%3A%2520%5B0%3A27x720p%5D&charset=utf-8&browser-info=pv%3A1%3Agdpr%3A14%3Avf%3A12kpamsypdk9qpokppnvg4%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A923%3Acn%3A1%3Adp%3A0%3Als%3A1629153889900%3Ahid%3A558784529%3Az%3A0%3Ai%3A20221127205406%3Aet%3A1669582446%3Ac%3A1%3Arn%3A813847207%3Arqn%3A1%3Au%3A1669582446636674913%3Aw%3A1280x939%3As%3A1280x1024x24%3Ask%3A1%3Ads%3A3%2C150%2C151%2C2%2C-7%2C0%2C%2C%2C%2C%2C%2C%2C%3Ans%3A1669582444846%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1669582446%3At%3APatricia%20Anne%20Spenser%20-%20Wow%2C%20wow%2C%20wow!%20Just%20received%20this%20snippet%20from%20family%20sex%20club%20friends%3A%20older%20mother%20doing%20BOTH%20her%20grown%20sons%20while%20dad%20gets%20it%20all%20on%20video%20for%20their%20next%20sex%20club%20weekend!%20Here%27s%20the%20link%20to%20MY%20stories%20about%20that%20kind%20of%20fun%3A&t=gdpr(14)clc(0-0-0)rqnt(1)aw(1)fip(1)rqnl(1)ti(2)
IP 87.250.251.119:0
File type JSON data\012- , ASCII text, with very long lines (400), with no line terminators
Hash e0f6e0afeaf48032300b4c81bc31da48
6e690060994118631b37cbde64f568dad76fbab5
209effb119f5e6d60f6bce3001c5282b3de24cd9ddef3acec11de844a8a640d0
GET /watch/48140495?wmode=7&page-url=http%3A%2F%2Fen.xvideos-dl.top%2Fv%2Fs%3A%2Ftwitter.com%2Fpattyannspenser%2Fstatus%2F996768377740853249%3Flang%3Deu%2Ftitle%2FPatricia%2520Anne%2520Spenser%2520-%2520Wow%2C%2520wow%2C%2520wow!%2520Just%2520received%2520this%2520snippet%2520from%2520family%2520sex%2520club%2520friends%3A%2520older%2520mother%2520doing%2520BOTH%2520her%2520grown%2520sons%2520while%2520dad%2520gets%2520it%2520all%2520on%2520video%2520for%2520their%2520next%2520sex%2520club%2520weekend!%2520%2520Here%2527s%2520the%2520link%2520to%2520MY%2520stories%2520about%2520that%2520kind%2520of%2520fun%3A%2520%5B0%3A27x720p%5D&charset=utf-8&browser-info=pv%3A1%3Agdpr%3A14%3Avf%3A12kpamsypdk9qpokppnvg4%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A923%3Acn%3A1%3Adp%3A0%3Als%3A1629153889900%3Ahid%3A558784529%3Az%3A0%3Ai%3A20221127205406%3Aet%3A1669582446%3Ac%3A1%3Arn%3A813847207%3Arqn%3A1%3Au%3A1669582446636674913%3Aw%3A1280x939%3As%3A1280x1024x24%3Ask%3A1%3Ads%3A3%2C150%2C151%2C2%2C-7%2C0%2C%2C%2C%2C%2C%2C%2C%3Ans%3A1669582444846%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1669582446%3At%3APatricia%20Anne%20Spenser%20-%20Wow%2C%20wow%2C%20wow!%20Just%20received%20this%20snippet%20from%20family%20sex%20club%20friends%3A%20older%20mother%20doing%20BOTH%20her%20grown%20sons%20while%20dad%20gets%20it%20all%20on%20video%20for%20their%20next%20sex%20club%20weekend!%20Here%27s%20the%20link%20to%20MY%20stories%20about%20that%20kind%20of%20fun%3A&t=gdpr(14)clc(0-0-0)rqnt(1)aw(1)fip(1)rqnl(1)ti(2) HTTP/1.1
Host: mc.yandex.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://en.xvideos-dl.top
Connection: keep-alive
Referer: http://en.xvideos-dl.top/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
location: /watch/48140495/1?wmode=7&page-url=http%3A%2F%2Fen.xvideos-dl.top%2Fv%2Fs%3A%2Ftwitter.com%2Fpattyannspenser%2Fstatus%2F996768377740853249%3Flang%3Deu%2Ftitle%2FPatricia%2520Anne%2520Spenser%2520-%2520Wow%2C%2520wow%2C%2520wow%21%2520Just%2520received%2520this%2520snippet%2520from%2520family%2520sex%2520club%2520friends%3A%2520older%2520mother%2520doing%2520BOTH%2520her%2520grown%2520sons%2520while%2520dad%2520gets%2520it%2520all%2520on%2520video%2520for%2520their%2520next%2520sex%2520club%2520weekend%21%2520%2520Here%2527s%2520the%2520link%2520to%2520MY%2520stories%2520about%2520that%2520kind%2520of%2520fun%3A%2520%5B0%3A27x720p%5D&charset=utf-8&browser-info=pv%3A1%3Agdpr%3A14%3Avf%3A12kpamsypdk9qpokppnvg4%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A923%3Acn%3A1%3Adp%3A0%3Als%3A1629153889900%3Ahid%3A558784529%3Az%3A0%3Ai%3A20221127205406%3Aet%3A1669582446%3Ac%3A1%3Arn%3A813847207%3Arqn%3A1%3Au%3A1669582446636674913%3Aw%3A1280x939%3As%3A1280x1024x24%3Ask%3A1%3Ads%3A3%2C150%2C151%2C2%2C-7%2C0%2C%2C%2C%2C%2C%2C%2C%3Ans%3A1669582444846%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1669582446%3At%3APatricia%20Anne%20Spenser%20-%20Wow%2C%20wow%2C%20wow%21%20Just%20received%20this%20snippet%20from%20family%20sex%20club%20friends%3A%20older%20mother%20doing%20BOTH%20her%20grown%20sons%20while%20dad%20gets%20it%20all%20on%20video%20for%20their%20next%20sex%20club%20weekend%21%20Here%27s%20the%20link%20to%20MY%20stories%20about%20that%20kind%20of%20fun%3A&t=gdpr%2814%29clc%280-0-0%29rqnt%281%29aw%281%29fip%281%29rqnl%281%29ti%282%29
date: Sun, 27 Nov 2022 20:54:07 GMT
access-control-allow-origin: http://en.xvideos-dl.top
set-cookie: yandexuid=766882051669582447; Expires=Mon, 27-Nov-2023 20:54:07 GMT; Domain=.yandex.ru; Path=/; SameSite=None; Secure
yuidss=766882051669582447; Expires=Mon, 27-Nov-2023 20:54:07 GMT; Domain=.yandex.ru; Path=/; SameSite=None; Secure
yabs-sid=1945351941669582447; Path=/; SameSite=None; Secure
i=89Aq7hrS3vqRHNcDX8AGXWMX9mDYcryqkB/6+p1GcXwU0VjCAsINqehB4QkF5gUnx2ciFgvC/CSgdTtxLfrUElnJsJE=; Expires=Wed, 24-Nov-2032 20:53:49 GMT; Domain=.yandex.ru; Path=/; Secure; HttpOnly; SameSite=None
ymex=1701118447.yc.1669582447#1701118447.yrts.1669582447#1701118447.yrtsi.1669582447; Expires=Mon, 27-Nov-2023 20:54:07 GMT; Domain=.yandex.ru; Path=/; SameSite=None; Secure
access-control-allow-credentials: true
pragma: no-cache
x-xss-protection: 1; mode=block
expires: Sun, 27-Nov-2022 20:54:07 GMT
last-modified: Sun, 27-Nov-2022 20:54:07 GMT
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
page.myfile-host.info/myda.php
150.95.129.59200 OK 0 B URL HTTP/1.1 page.myfile-host.info/myda.php
IP 150.95.129.59:0
ASN #7506 GMO Internet,Inc
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /myda.php HTTP/1.1
Host: page.myfile-host.info
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
HTTP/1.1 200 OK
Date: Sun, 27 Nov 2022 20:54:07 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.1e-fips mod_fcgid/2.3.9 PHP/7.4.20
X-Powered-By: PHP/7.4.20
Access-Control-Allow-Origin: *
Content-Length: 0
Connection: close
Content-Type: text/html; charset=utf-8
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash aebda342a81ad83f60d2523f54ccda67
e590d9326e4a283e0929a8ffccb13cc4308af0e6
bd123fe3fce93216e2635f9dbc356f081b7599784fb6b67984032f11d82bc7cb
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "BD123FE3FCE93216E2635F9DBC356F081B7599784FB6B67984032F11D82BC7CB"
Last-Modified: Sat, 26 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4070
Expires: Sun, 27 Nov 2022 22:01:57 GMT
Date: Sun, 27 Nov 2022 20:54:07 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash aebda342a81ad83f60d2523f54ccda67
e590d9326e4a283e0929a8ffccb13cc4308af0e6
bd123fe3fce93216e2635f9dbc356f081b7599784fb6b67984032f11d82bc7cb
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "BD123FE3FCE93216E2635F9DBC356F081B7599784FB6B67984032F11D82BC7CB"
Last-Modified: Sat, 26 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4070
Expires: Sun, 27 Nov 2022 22:01:57 GMT
Date: Sun, 27 Nov 2022 20:54:07 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 25 kB IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 74e6ae4846aa6ee5b9bf19a3ae5a65d0
d25c05e9be3a7a4f2bb0d4aec10cbcb18ef33075
1ea32a604ff5c978879f0b55caf2f4832fbb9a55f9dd4abad2dbd1061f13641c
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "BD123FE3FCE93216E2635F9DBC356F081B7599784FB6B67984032F11D82BC7CB"
Last-Modified: Sat, 26 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4070
Expires: Sun, 27 Nov 2022 22:01:57 GMT
Date: Sun, 27 Nov 2022 20:54:07 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1dd98515-d0af-440a-8f3d-4c9986928081.jpeg
34.120.237.76200 OK 4.3 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1dd98515-d0af-440a-8f3d-4c9986928081.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 841a4b110022a99ddea6f7bf66df0fa1
126771b86638108050cf57c0d12faa27f80f0edb
240fbffc1f9104433297d3ff7afba2d0b58d7f1b13d9a9260a1bad25216665db
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1dd98515-d0af-440a-8f3d-4c9986928081.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 4309
x-amzn-requestid: a22b4d7e-e208-4bda-81c2-d13e6463380e
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: blE0hGNioAMF_Tg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6371e81c-1b13846866f56a0e47675e56;Sampled=0
x-amzn-remapped-date: Mon, 14 Nov 2022 07:02:52 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: 0sYKpJWi2Tv9Atz3PYXm5j7kmncAOxjcLcK4hgAkJ5b4pNMDmjdB6g==
via: 1.1 ddd913fbbe7367d44af4ac06097e7a2a.cloudfront.net (CloudFront), 1.1 28390a4d24ed4fdccd685d99cd06cf4e.cloudfront.net (CloudFront), 1.1 google
date: Sun, 27 Nov 2022 02:31:24 GMT
age: 66163
etag: "126771b86638108050cf57c0d12faa27f80f0edb"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
vjs.zencdn.net/7.8.2/video.js
151.101.86.217200 OK 8.4 kB URL HTTP/2 vjs.zencdn.net/7.8.2/video.js
IP 151.101.86.217:0
Hash 4e97baa4851785eac92c719abf481c64
c32a57038d3cdbc514c9081c9938eca6a04fb481
adb59e982648082e5421f58899a5331b2747e9d45be33c495fbe3ab8cc872b22
GET /7.8.2/video.js HTTP/1.1
Host: vjs.zencdn.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://en.xvideos-dl.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
last-modified: Tue, 26 May 2020 21:39:10 GMT
etag: "52c53a33bb2cd149f293eb14fb22505d"
cache-control: public, max-age=31536000
content-type: application/javascript; charset=utf-8
content-encoding: gzip
date: Sun, 27 Nov 2022 20:54:06 GMT
x-served-by: cache-bma1680-BMA
x-cache: HIT
x-cache-hits: 2
vary: Accept-Encoding
access-control-allow-origin: *
timing-allow-origin: *
content-length: 419634
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F297e7532-86f8-4631-9062-cdd6a291b40b.jpeg
34.120.237.76200 OK 5.1 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F297e7532-86f8-4631-9062-cdd6a291b40b.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 433875a1b1fef34e45f2d8ac344c07e3
f2129466436cbbdd58abe42a47fb7af19eba58e6
ab1e7b46f3804640c7dd94d70c8c31ec2dfc3e2f0f015a8556d04d9d9089c450
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F297e7532-86f8-4631-9062-cdd6a291b40b.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 5099
x-amzn-requestid: 57648043-7820-453d-9549-0f743b6c2557
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cOo4jFBvoAMFl1w=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63828836-53b59d607b82c264180f469d;Sampled=0
x-amzn-remapped-date: Sat, 26 Nov 2022 21:42:14 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: VsdLWuh4rCawI5V0YYGaHxEMl2YEVNgsbjfCwzDsrnCZhRK2FkCkVw==
via: 1.1 470e3fe246a660ba6ace67a79f78d246.cloudfront.net (CloudFront), 1.1 7eb3b782ab09047ce0d11ee03763894c.cloudfront.net (CloudFront), 1.1 google
date: Sat, 26 Nov 2022 21:51:41 GMT
age: 82946
etag: "f2129466436cbbdd58abe42a47fb7af19eba58e6"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fdee4f5d4-5a5e-4a39-9681-50795cecc0f4.jpeg
34.120.237.76200 OK 10 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fdee4f5d4-5a5e-4a39-9681-50795cecc0f4.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 2cd887044e91d7ed0f1a8d7119ff7dd0
ae8aa4ce6ddaccba771fe65446926b60fc5628da
bad283c15531000b7a8c126d442154b64a880cc26196a46cbd2e6266a526db67
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fdee4f5d4-5a5e-4a39-9681-50795cecc0f4.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 10199
x-amzn-requestid: baee3bbe-7ded-425a-ae39-fccfc8169217
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cOo4iF1VIAMF09g=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63828836-5522727b2f09b27e63b23270;Sampled=0
x-amzn-remapped-date: Sat, 26 Nov 2022 21:42:14 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: CXOqm7bjsSV0aJBTkTI7LsMovjgPeISPt3sZotEc7CjZnUL_y4_OoQ==
via: 1.1 01c28b52813cd0e82f810c492808b142.cloudfront.net (CloudFront), 1.1 d6b180eb367f7de26d67a9f3901b96a6.cloudfront.net (CloudFront), 1.1 google
date: Sat, 26 Nov 2022 21:51:41 GMT
age: 82946
etag: "ae8aa4ce6ddaccba771fe65446926b60fc5628da"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff0b2959f-9d1d-41c7-a7c1-b9f52a7766ac.jpeg
34.120.237.76200 OK 7.4 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff0b2959f-9d1d-41c7-a7c1-b9f52a7766ac.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 76c00eceed956377d7469ef58b0815cb
97a135335f5b1b042adeb385718f8808cb78528b
81fb72ab752b2eb39ab6ee015055304490b3b6c3259968703fd07c2a2eed1e61
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff0b2959f-9d1d-41c7-a7c1-b9f52a7766ac.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7380
x-amzn-requestid: 18589644-299c-4a39-9376-db1bd1472009
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cOo4iEegIAMFeuQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63828836-23990acc0fdc599a75a534e3;Sampled=0
x-amzn-remapped-date: Sat, 26 Nov 2022 21:42:14 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: RqsZxAtbOkWBGbXJ3sZHxcS-ZvWOw7Yg2Qd4zj0QLhrp3wAXC8w6jA==
via: 1.1 c34da255183aa208dd1c722ff211f9b2.cloudfront.net (CloudFront), 1.1 aef00f14752da9aa504d392fd46eff94.cloudfront.net (CloudFront), 1.1 google
date: Sat, 26 Nov 2022 21:50:08 GMT
age: 83039
etag: "97a135335f5b1b042adeb385718f8808cb78528b"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fba57ea10-c30b-4188-bb72-b589f3564094.jpeg
34.120.237.76200 OK 8.8 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fba57ea10-c30b-4188-bb72-b589f3564094.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 741ddfb19764ac9a77509e7e87cfbfb2
308c08784ce4a0757cbd112807555b83e17a1d56
e9271a76da94d8b655860c3b00d111396c5d3a227fd2f19e0ef400fd5e84d87e
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fba57ea10-c30b-4188-bb72-b589f3564094.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8817
x-amzn-requestid: 31bd21c7-1d75-4159-af51-52035da16da4
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: b-krGE6AIAMF2Kg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-637c1b13-32a7b9c6642592c70783a0cf;Sampled=0
x-amzn-remapped-date: Tue, 22 Nov 2022 00:42:59 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: I6egDH0h7D08HhaoQHQ0vgghBhPfje2lGIbnWD-t7p4txzHsFxmZfg==
via: 1.1 1cc6ed0d2d3dd9529ce544f9dfe61a52.cloudfront.net (CloudFront), 1.1 61bc723adb3b1884ed759711e84e13a8.cloudfront.net (CloudFront), 1.1 google
date: Sun, 27 Nov 2022 16:15:23 GMT
age: 16724
etag: "308c08784ce4a0757cbd112807555b83e17a1d56"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
av.xvideos-dl.top//cacrip.nakadashi.pw/AV4.us.jpg
148.72.246.38200 OK 2.4 kB URL HTTP/1.1 av.xvideos-dl.top//cacrip.nakadashi.pw/AV4.us.jpg
IP 148.72.246.38:0
ASN #26496 AS-26496-GO-DADDY-COM-LLC
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (1346), with CRLF, LF line terminators
Hash 3289dba602a8bd27fd5685594c8ac116
dfdf857e644ce040724101af0eada56796b4b3f3
7f65f1e20628218c1674d6dba208c5e63d0b45aa8b28a824099be644490ed0d0
GET //cacrip.nakadashi.pw/AV4.us.jpg HTTP/1.1
Host: av.xvideos-dl.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
HTTP/1.1 200 OK
Server: nginx/1.20.1
Date: Sun, 27 Nov 2022 20:54:07 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: close
Vary: Host,Accept-Encoding
pdo-line8: host-av.xvideos-dl.top127.0.0.1-myhost-av.xvideos-dl.top127.0.0.1//cacrip.nakadashi.pw/AV4.us.jpg
phost: av.xvideos-dl.top
line1066: notjp--myhost-av.xvideos-dl.top-filteron-
line2430: notjp-//cacrip.nakadashi.pw/AV4.us.jpg-myhost-av.xvideos-dl.top-filteron-
Cache-Control: max-age=102446, public
Content-Encoding: gzip
Access-Control-Allow-Origin: *
X-Proxy-Cache-5950: EXPIRED
Xkey-5950: av.//cacrip.nakadashi.pw/AV4.us.jpg-A-av.xvideos-dl.top-av.xvideos-dl.top-cacpdo0---yes
X-Proxy-Cache-g-jp: HIT
Xkey-g-jp2: av.//cacrip.nakadashi.pw/AV4.us.jpg-A-av.xvideos-dl.top--my_zone
pbs.twimg.com/ext_tw_video_thumb/996768156889862146/pu/img/Lv0RYA9Xpo2PBVbE.jpg?name=orig
151.101.84.159200 OK 39 kB URL HTTP/2 pbs.twimg.com/ext_tw_video_thumb/996768156889862146/pu/img/Lv0RYA9Xpo2PBVbE.jpg?name=orig
IP 151.101.84.159:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 1200x675, components 3\012- data
Hash 5a16df281ca1f594108c1fd0e13a9874
0f5cc35959a2c9e31dbc1c7ef8c241cb31f23605
ff29b28d396e2b666c52cd36df13a8ea836155cf03fc68e9d79e47ed35c2234c
GET /ext_tw_video_thumb/996768156889862146/pu/img/Lv0RYA9Xpo2PBVbE.jpg?name=orig HTTP/1.1
Host: pbs.twimg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://en.xvideos-dl.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
perf: 7626143928
content-type: image/jpeg
cache-control: max-age=604800, must-revalidate
last-modified: Wed, 16 May 2018 15:01:42 GMT
x-transaction-id: cc96f2f33d571481
timing-allow-origin: https://twitter.com, https://mobile.twitter.com
strict-transport-security: max-age=631138519
access-control-allow-origin: *
access-control-expose-headers: Content-Length
x-content-type-options: nosniff
accept-ranges: bytes
date: Sun, 27 Nov 2022 20:54:08 GMT
x-cache: HIT, HIT
x-tw-cdn: FT
x-served-by: cache-lhr7383-LHR, cache-bma1640-BMA, cache-tw-ZZZ1
server-timing: x-cache;desc=HIT, x-tw-cdn;desc=FT
content-length: 39025
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 313 B IP 93.184.220.29:0
Hash 1a58ed5fee887cdf0ed235f015100876
c6d2c24934bc5b93e963d5b0a20fe9a138dc02a2
b105689de326de7ea4d237b3571bfd2250d873086bc29bb95137634d2f7fa07d
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5917
Cache-Control: max-age=137718
Content-Type: application/ocsp-response
Date: Sun, 27 Nov 2022 20:54:09 GMT
Etag: "63832e4a-139"
Expires: Tue, 29 Nov 2022 11:09:27 GMT
Last-Modified: Sun, 27 Nov 2022 09:30:50 GMT
Server: ECS (ska/F71B)
X-Cache: HIT
Content-Length: 313
twitter.com/favicon.ico
104.244.42.65200 OK 1.2 kB IP 104.244.42.65:0
File type MS Windows icon resource - 1 icon, 16x16, 32 bits/pixel\012- data
Hash 630d203cdeba06df4c0e289c8c8094f6
eee14e8a36b0512c12ba26c0516b4553618dea36
bbce71345828a27c5572637dbe88a3dd1e065266066600c8a841985588bf2902
GET /favicon.ico HTTP/1.1
Host: twitter.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://en.xvideos-dl.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 27 Nov 2022 20:54:09 UTC
perf: 7626143928
server: tsa_o
set-cookie: guest_id=v1%3A166958244908867860; Max-Age=34214400; Expires=Thu, 28 Dec 2023 20:54:09 GMT; Path=/; Domain=.twitter.com; Secure; SameSite=None
content-type: image/x-icon
cache-control: no-cache, no-store, max-age=0
content-length: 1150
x-transaction-id: 2606bf0f7afd4ebf
strict-transport-security: max-age=631138519
x-response-time: 107
x-connection-hash: 766b454b58cb112d8b0d6cec4a809599f3c72fa3187c448f4b56011dcd9fd90c
X-Firefox-Spdy: h2
www.w3schools.com/w3css/4/w3.css
192.229.133.221200 OK 5.3 kB URL HTTP/2 www.w3schools.com/w3css/4/w3.css
IP 192.229.133.221:0
File type Unicode text, UTF-8 (with BOM) text
Hash 94faabffc57cc57216dd144f322d95d2
372afce88f064afacff3af328993713986baff32
2ec8866edf3f9350e9ed8a0133f56e3e03b5a345f927ec3d14df70e3f5dfc855
GET /w3css/4/w3.css HTTP/1.1
Host: www.w3schools.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-encoding: gzip
accept-ranges: bytes
age: 5061
cache-control: public,max-age=14400,public
content-security-policy: frame-ancestors 'self' https://mycourses.w3schools.com;
content-type: text/css
date: Sun, 27 Nov 2022 20:54:09 GMT
etag: "0f7d0847c1d91:0+gzip"
last-modified: Sat, 26 Nov 2022 09:50:30 GMT
server: ECS (ska/F716)
vary: Accept-Encoding
x-cache: HIT
x-content-security-policy: frame-ancestors 'self' https://mycourses.w3schools.com;
x-powered-by: ASP.NET
content-length: 5256
X-Firefox-Spdy: h2
motherless.com/favicon.ico
185.107.81.234200 OK 1.2 kB URL HTTP/1.1 motherless.com/favicon.ico
IP 185.107.81.234:0
ASN #43350 NForce Entertainment B.V.
File type MS Windows icon resource - 1 icon, 16x16, 32 bits/pixel\012- data
Hash 71fed71dccb91a13bdf68a6444f25ce4
38da7202842147ecda5521d50f094a54d1381f2c
18f6675d329e6cb3bb7d7d1e546a1c68c5cc599f1b3ae98c2abbd21a53dc42c2
GET /favicon.ico HTTP/1.1
Host: motherless.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
HTTP/1.1 200 OK
Server: nginx/1.14.2
Date: Sun, 27 Nov 2022 20:54:09 GMT
Content-Type: image/x-icon
Content-Length: 1150
Connection: keep-alive
Last-Modified: Mon, 12 Aug 2019 11:39:08 GMT
ETag: "5d514fdc-47e"
X-Server-W: web04
Expires: Thu, 31 Dec 2037 23:55:55 GMT
Cache-Control: max-age=315360000
X-Cache-Status: HIT
Accept-Ranges: bytes
unpkg.com/videojs-flash/dist/videojs-flash.js
104.16.126.175302 Found 12 kB URL HTTP/2 unpkg.com/videojs-flash/dist/videojs-flash.js
IP 104.16.126.175:0
Hash d024c990591fafb0c2478438b0b711a7
4f3f97c24915c6fc29c78d6b059e62b5dfd8711d
0abdad039e751dcd64a74a3858903e9db14a9114dfb30a8602e2960b6fcc7a25
GET /videojs-flash/dist/videojs-flash.js HTTP/1.1
Host: unpkg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://en.xvideos-dl.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
date: Sun, 27 Nov 2022 20:54:06 GMT
content-type: text/plain; charset=utf-8
access-control-allow-origin: *
cache-control: public, s-maxage=600, max-age=60
location: /videojs-flash@2.2.1/dist/videojs-flash.js
vary: Accept, Accept-Encoding
via: 1.1 fly.io
fly-request-id: 01GJXDHA2QCPSV61QDDVJQ3667-fra
cf-cache-status: HIT
age: 375
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
server: cloudflare
cf-ray: 770dc1d3b92f1bfe-OSL
X-Firefox-Spdy: h2
cdn5-thumbs.motherlessmedia.com/thumbs/FCDBDAB.jpg
185.107.92.224200 OK 20 kB URL HTTP/1.1 cdn5-thumbs.motherlessmedia.com/thumbs/FCDBDAB.jpg
IP 185.107.92.224:0
ASN #43350 NForce Entertainment B.V.
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 2000x2001, segment length 16, baseline, precision 8, 640x480, components 3\012- data
Hash 724ae2eacf0d794acfc4553dd844a581
cf18e7735b204bd146d6946e30f2ad6f234bce89
ca3fea729b24aba3a15588d65eefbf9487e0753bc008106d0bade5b1f133888f
GET /thumbs/FCDBDAB.jpg HTTP/1.1
Host: cdn5-thumbs.motherlessmedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
HTTP/1.1 200 OK
server: openresty/1.21.4.1
date: Sun, 27 Nov 2022 20:54:09 GMT
content-type: image/jpeg
content-length: 20071
last-modified: Mon, 08 Oct 2018 04:31:44 GMT
etag: "1cab4d346-4e67-577b01930b1e9"
expires: Mon, 27 Mar 2023 06:07:28 GMT
cache-control: max-age=10527676
x-cache: HIT
x-whom: srv6142
accept-ranges: bytes
cdn5-thumbs.motherlessmedia.com/thumbs/739D613.jpg
185.107.92.224200 OK 25 kB URL HTTP/1.1 cdn5-thumbs.motherlessmedia.com/thumbs/739D613.jpg
IP 185.107.92.224:0
ASN #43350 NForce Entertainment B.V.
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 32x27, segment length 16, baseline, precision 8, 640x480, components 3\012- data
Hash f91b29a9a6b33353ca7db5b3c36477e9
5b4f681f70fd0f733485cd15b43d892eee993c60
f74991490e4879c21c255926cb60f0c287b0d4017f175b68017e845c3faab2ec
GET /thumbs/739D613.jpg HTTP/1.1
Host: cdn5-thumbs.motherlessmedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
HTTP/1.1 200 OK
server: openresty/1.21.4.1
date: Sun, 27 Nov 2022 20:54:09 GMT
content-type: image/jpeg
content-length: 24737
last-modified: Thu, 04 Oct 2018 13:17:35 GMT
etag: "1ce020279-60a1-57766fa70311f"
expires: Sat, 25 Mar 2023 16:46:41 GMT
cache-control: max-age=10392016
x-cache: HIT
x-whom: srv6066
accept-ranges: bytes
ocsp.digicert.com/
93.184.220.29200 OK 279 B IP 93.184.220.29:0
Hash d5d0ee4b8bfe36e14a4d44d02350e1bc
c8efae1e3ae361f055f0430a874477bf09996b97
868fbaa44979c9a2cc4ef3d06a71f8f1c30a5c54ecc1846624b1662f84fdfd2a
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5211
Cache-Control: max-age=121149
Content-Type: application/ocsp-response
Date: Sun, 27 Nov 2022 20:54:09 GMT
Etag: "6382f053-117"
Expires: Tue, 29 Nov 2022 06:33:18 GMT
Last-Modified: Sun, 27 Nov 2022 05:06:27 GMT
Server: ECS (amb/6BAB)
X-Cache: HIT
Content-Length: 279
cdn5-thumbs.motherlessmedia.com/thumbs/37454F3.jpg
185.107.92.224200 OK 24 kB URL HTTP/1.1 cdn5-thumbs.motherlessmedia.com/thumbs/37454F3.jpg
IP 185.107.92.224:0
ASN #43350 NForce Entertainment B.V.
File type JPEG image data, JFIF standard 1.01, aspect ratio, density -23144x-14517, segment length 16, baseline, precision 8, 640x480, components 3\012- data
Hash 0dbee299be618062d8661bd14e5f4846
c30e486c54fa95225c4a24accc7d3918900e4be1
6d333745177931e7dcbbbe22fb58c68d9e76c7458ae0d464409fd69115f3f0e4
GET /thumbs/37454F3.jpg HTTP/1.1
Host: cdn5-thumbs.motherlessmedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
HTTP/1.1 200 OK
server: openresty/1.21.4.1
date: Sun, 27 Nov 2022 20:54:09 GMT
content-type: image/jpeg
content-length: 24339
last-modified: Wed, 03 Oct 2018 05:05:37 GMT
etag: "1c6d4576c-5f13-5774bfd34714b"
expires: Sat, 25 Mar 2023 20:23:05 GMT
cache-control: max-age=10406465
x-cache: HIT
x-whom: srv6066
accept-ranges: bytes
cdn5-thumbs.motherlessmedia.com/thumbs/CB425CA.jpg
185.107.92.224200 OK 17 kB URL HTTP/1.1 cdn5-thumbs.motherlessmedia.com/thumbs/CB425CA.jpg
IP 185.107.92.224:0
ASN #43350 NForce Entertainment B.V.
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 2000x2001, segment length 16, baseline, precision 8, 640x480, components 3\012- data
Hash c5c65385b9508c830f1b159d988a0c2e
24b40523a8975ab8b14fdd114ec042ab78ddf36b
1fc325b8281ce77e38557f8edc576639c79359300f3a0fc79e56d1e5019e1432
GET /thumbs/CB425CA.jpg HTTP/1.1
Host: cdn5-thumbs.motherlessmedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
HTTP/1.1 200 OK
server: openresty/1.21.4.1
date: Sun, 27 Nov 2022 20:54:09 GMT
content-type: image/jpeg
content-length: 17209
last-modified: Sun, 07 Oct 2018 00:21:31 GMT
etag: "1ca011fd9-4339-577987c862bd9"
expires: Wed, 29 Mar 2023 12:54:38 GMT
cache-control: max-age=10724901
x-cache: HIT
x-whom: srv6171
accept-ranges: bytes
wonporn.com/favicon.ico
172.67.154.104200 OK 429 B IP 172.67.154.104:0
File type MS Windows icon resource - 1 icon, 16x16, 32 bits/pixel\012- data
Hash d3b572d1838e127011c38b1c385d1b51
c8e06c1a62b3711ad113547753858135bd2aa633
8a514efd69ff5a2df1eee5f2a24215713b50bb5d9ab1eee20a6a05002f28f9f7
GET /favicon.ico HTTP/1.1
Host: wonporn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
HTTP/1.1 200 OK
Date: Sun, 27 Nov 2022 20:54:09 GMT
Content-Type: image/x-icon
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Thu, 18 Nov 2021 15:48:32 GMT
ETag: W/"619675d0-47e"
Expires: Fri, 23 Dec 2022 10:07:42 GMT
Cache-Control: max-age=2592000
CF-Cache-Status: HIT
Age: 384387
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=v8McbVCAAI%2Bgo6EzqGhsCSoPSsEyMpwr9kekzF8CBwlzs3gebx9MHxzDbAyH4SNJy1t7x%2BmEyR4wIMLS2RzD3M8L9OClEzc%2BkEXXT8Z%2BORddK%2FDgcXPJksTXdcg4Ug%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 770dc1e50a231c0a-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
cdn5-thumbs.motherlessmedia.com/thumbs/3D346D2.jpg
185.107.92.224200 OK 31 kB URL HTTP/1.1 cdn5-thumbs.motherlessmedia.com/thumbs/3D346D2.jpg
IP 185.107.92.224:0
ASN #43350 NForce Entertainment B.V.
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 8000x8001, segment length 16, baseline, precision 8, 640x480, components 3\012- data
Hash 150c2f3075bb5b7776c54e0d9ad1d7c1
064d600fe879fbcce4be2ad7d09ec82cb8b4e29e
482379bcd50c77e7dd68d5ed3125c44bec8134ade24aa0a40f1224fd76c77992
GET /thumbs/3D346D2.jpg HTTP/1.1
Host: cdn5-thumbs.motherlessmedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
HTTP/1.1 200 OK
server: openresty/1.21.4.1
date: Sun, 27 Nov 2022 20:54:09 GMT
content-type: image/jpeg
content-length: 30876
last-modified: Wed, 03 Oct 2018 08:14:01 GMT
etag: "1c6d3757e-789c-5774e9ef5e386"
expires: Wed, 29 Mar 2023 16:49:26 GMT
cache-control: max-age=10738926
x-cache: HIT
x-whom: srv6087
accept-ranges: bytes
cdn5-thumbs.motherlessmedia.com/thumbs/484AE0F.jpg
185.107.92.224200 OK 21 kB URL HTTP/1.1 cdn5-thumbs.motherlessmedia.com/thumbs/484AE0F.jpg
IP 185.107.92.224:0
ASN #43350 NForce Entertainment B.V.
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 8000x8001, segment length 16, baseline, precision 8, 640x480, components 3\012- data
Hash 278f9dc755d4ec59047c388b1b68a9db
7523cb912b38ecb54d5508a59deace7fe9131016
44c171ccce54b5ded718c0d5889990d5da1fb35d5c1164c3aefcea9827e9e14d
GET /thumbs/484AE0F.jpg HTTP/1.1
Host: cdn5-thumbs.motherlessmedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
HTTP/1.1 200 OK
server: openresty/1.21.4.1
date: Sun, 27 Nov 2022 20:54:09 GMT
content-type: image/jpeg
content-length: 20808
last-modified: Wed, 03 Oct 2018 14:07:58 GMT
etag: "1d1364679-5148-5775390cc827b"
expires: Thu, 30 Mar 2023 03:56:53 GMT
cache-control: max-age=10779270
x-cache: HIT
x-whom: srv6172
accept-ranges: bytes
rapefilms.net/favicon.ico
5.63.144.85301 Moved Permanently 169 B URL HTTP/1.1 rapefilms.net/favicon.ico
IP 5.63.144.85:0
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash bd6987d71fad7058a993a9028dc40454
3ed872fa3a00837bb008ad9d201850e2ea57a79f
f0e759f444eb3a324b621f0548919424455e81441d42ea6bc6bcd2b24fce1b92
GET /favicon.ico HTTP/1.1
Host: rapefilms.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
HTTP/1.1 301 Moved Permanently
Server: nginx/1.16.1
Date: Sun, 27 Nov 2022 20:16:42 GMT
Content-Type: text/html
Content-Length: 169
Connection: keep-alive
Location: http://rtgallery.net/favicon.ico
www.xxxaporn.com/favicon.ico
89.185.228.36200 OK 919 B URL HTTP/1.1 www.xxxaporn.com/favicon.ico
IP 89.185.228.36:0
ASN #24971 Master Internet s.r.o.
File type PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced\012- data
Hash 889da0edcac2e40fc650d34baa54402e
647666c1087b9067b5285f85839d3247bf5e795f
e6b7eeb8b6d410ad23431eaf892920b5d8dcfda8e649f420c976524a2da9c108
GET /favicon.ico HTTP/1.1
Host: www.xxxaporn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
HTTP/1.1 200 OK
Server: nginx/1.15.1
Date: Sun, 27 Nov 2022 20:54:09 GMT
Content-Type: image/x-icon
Last-Modified: Tue, 10 Jun 2014 05:35:06 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=60
Vary: Accept-Encoding
ETag: W/"5396990a-380"
Expires: Thu, 31 Dec 2037 23:55:55 GMT
Cache-Control: max-age=315360000
Content-Encoding: gzip
e1.o.lencr.org/
23.36.77.32200 OK 345 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash b7b7cd43b8103154f1b7191a82d00b06
f65e5dbaee50ef28ceb18a3ef56e916968752791
f1622f4ebad97ecf823f95ec5399fe24d1608988ef9d64f940f201ca9034c838
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "F1622F4EBAD97ECF823F95EC5399FE24D1608988EF9D64F940F201CA9034C838"
Last-Modified: Sat, 26 Nov 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=17207
Expires: Mon, 28 Nov 2022 01:40:56 GMT
Date: Sun, 27 Nov 2022 20:54:09 GMT
Connection: keep-alive
cdn5-thumbs.motherlessmedia.com/thumbs/711CC86.jpg
185.107.92.224200 OK 32 kB URL HTTP/1.1 cdn5-thumbs.motherlessmedia.com/thumbs/711CC86.jpg
IP 185.107.92.224:0
ASN #43350 NForce Entertainment B.V.
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 640x480, components 3\012- data
Hash da1f15582a18eea0fd33c802f5c0ab6f
787943ba3105ae0c1ed8ec7acd6401882ab844ba
5296111f8d0023cffa03f168a8edcc9e4ccc75579aa7d181cc6bcb2159c7bcbb
GET /thumbs/711CC86.jpg HTTP/1.1
Host: cdn5-thumbs.motherlessmedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
HTTP/1.1 200 OK
server: openresty/1.21.4.1
date: Sun, 27 Nov 2022 20:54:09 GMT
content-type: image/jpeg
content-length: 32093
last-modified: Thu, 04 Oct 2018 12:00:02 GMT
etag: "1d158874c-7d5d-57765e51378b7"
expires: Wed, 29 Mar 2023 18:09:05 GMT
cache-control: max-age=10744018
x-cache: HIT
x-whom: srv6066
accept-ranges: bytes
ocsp.usertrust.com/
104.18.32.68200 OK 471 B IP 104.18.32.68:0
Hash 73dee9e405cf0b26c5a92da4494a0005
124efbb3b0f06188671e001a3cffa74ce5c5d2e1
74be7ac13bc30776b0e58d6e98f7f4e81a5fbcb5f996b45f94dadefe03ed5969
POST / HTTP/1.1
Host: ocsp.usertrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sun, 27 Nov 2022 20:54:09 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Sun, 27 Nov 2022 07:16:30 GMT
Expires: Sun, 04 Dec 2022 07:16:29 GMT
Etag: "124efbb3b0f06188671e001a3cffa74ce5c5d2e1"
Cache-Control: max-age=601421,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb5
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: HIT
Age: 718
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 770dc1e5ce570afe-OSL
motherless.com/favicon.ico
185.107.81.234200 OK 1.2 kB URL HTTP/1.1 motherless.com/favicon.ico
IP 185.107.81.234:0
ASN #43350 NForce Entertainment B.V.
File type MS Windows icon resource - 1 icon, 16x16, 32 bits/pixel\012- data
Hash 71fed71dccb91a13bdf68a6444f25ce4
38da7202842147ecda5521d50f094a54d1381f2c
18f6675d329e6cb3bb7d7d1e546a1c68c5cc599f1b3ae98c2abbd21a53dc42c2
GET /favicon.ico HTTP/1.1
Host: motherless.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Sun, 27 Nov 2022 20:54:09 GMT
Content-Type: image/x-icon
Content-Length: 1150
Connection: keep-alive
Last-Modified: Mon, 12 Aug 2019 11:39:08 GMT
ETag: "5d514fdc-47e"
X-Server-W: web04
Expires: Thu, 31 Dec 2037 23:55:55 GMT
Cache-Control: max-age=315360000
X-Cache-Status: HIT
Accept-Ranges: bytes
ocsp.digicert.com/
93.184.220.29200 OK 278 B IP 93.184.220.29:0
Hash 6f1a63f9f0b5056a63679ae4e99d5d3b
7edee4e5900539b656f4dc6816efa786e6cb8193
ff3287d1055e305796293c6883ad9ed68f723dffc64ff1d4342f4ef86ed49614
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 2024
Cache-Control: max-age=113285
Content-Type: application/ocsp-response
Date: Sun, 27 Nov 2022 20:54:09 GMT
Etag: "6382de0e-116"
Expires: Tue, 29 Nov 2022 04:22:14 GMT
Last-Modified: Sun, 27 Nov 2022 03:48:30 GMT
Server: ECS (amb/6B96)
X-Cache: HIT
Content-Length: 278
rtgallery.net/favicon.ico
5.63.144.85200 OK 894 B URL HTTP/1.1 rtgallery.net/favicon.ico
IP 5.63.144.85:0
File type MS Windows icon resource - 1 icon, 16x16, 24 bits/pixel\012- data
Hash ecfa03337847c3b30c7c0c5c4bbb5c5f
55457dd13b92fd876c253e3a74d46aec83429441
903d49ac2a65b3e7452534fc61790a686d1be8b936e8e6bcd9f49b1739a746f9
GET /favicon.ico HTTP/1.1
Host: rtgallery.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
HTTP/1.1 200 OK
Server: nginx/1.16.1
Date: Sun, 27 Nov 2022 20:16:42 GMT
Content-Type: image/x-icon
Content-Length: 894
Last-Modified: Sat, 03 Jun 2017 05:36:38 GMT
Connection: keep-alive
ETag: "59324ae6-37e"
Accept-Ranges: bytes
ocsp.digicert.com/
93.184.220.29200 OK 279 B IP 93.184.220.29:0
Hash 9c92f9b904190790317d2ae0e475d679
492a3b7bd26ee101029c9c5cc163859a4a021e2c
fbf4a2b81289454b8619e409a7fb8bbb340356a1de11b21c44111bb58df4502e
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 980
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Sun, 27 Nov 2022 20:54:09 GMT
Etag: "63837e8c-117"
Last-Modified: Sun, 27 Nov 2022 20:37:50 GMT
Server: ECS (ska/F705)
X-Cache: HIT
Content-Length: 279
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 924ff2079c31392367b7c1384febcd88
aa4e1602fcf249b160c659655e1989b9b34d8667
0eebb855d407f38e585ceb6c9ac9d78f9baec487eb61b7befaf9ae72c149940f
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "0EEBB855D407F38E585CEB6C9AC9D78F9BAEC487EB61B7BEFAF9AE72C149940F"
Last-Modified: Sat, 26 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7358
Expires: Sun, 27 Nov 2022 22:56:47 GMT
Date: Sun, 27 Nov 2022 20:54:09 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash f10c2994ac97c11e306e2ed1561fa562
67f2477059d1a2173d43c993c7f2c02e62b7e522
76521a5f2561851a771c831497ab970ffeb9469ff51ca167a69cad7f4df45fe9
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "76521A5F2561851A771C831497AB970FFEB9469FF51CA167A69CAD7F4DF45FE9"
Last-Modified: Sat, 26 Nov 2022 22:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4594
Expires: Sun, 27 Nov 2022 22:10:43 GMT
Date: Sun, 27 Nov 2022 20:54:09 GMT
Connection: keep-alive
e1.o.lencr.org/
23.36.77.32200 OK 345 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash b7b7cd43b8103154f1b7191a82d00b06
f65e5dbaee50ef28ceb18a3ef56e916968752791
f1622f4ebad97ecf823f95ec5399fe24d1608988ef9d64f940f201ca9034c838
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "F1622F4EBAD97ECF823F95EC5399FE24D1608988EF9D64F940F201CA9034C838"
Last-Modified: Sat, 26 Nov 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=17207
Expires: Mon, 28 Nov 2022 01:40:56 GMT
Date: Sun, 27 Nov 2022 20:54:09 GMT
Connection: keep-alive
ocsp.sectigo.com/
104.18.32.68200 OK 472 B IP 104.18.32.68:0
Hash 37f08ef30e3f967e07fb4ad84673c493
bc74d5daf305bd0eeeee6dc0e2143eca8b8a93d0
339bdf96b97d2509d61aa6f8f065122368d22f12fb6ad3a1251afc7fb4a71bc5
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sun, 27 Nov 2022 20:54:09 GMT
Content-Type: application/ocsp-response
Content-Length: 472
Connection: keep-alive
Last-Modified: Fri, 25 Nov 2022 21:07:02 GMT
Expires: Fri, 02 Dec 2022 21:07:01 GMT
Etag: "bc74d5daf305bd0eeeee6dc0e2143eca8b8a93d0"
Cache-Control: max-age=432171,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb1
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 770dc1e62f95b4eb-OSL
sex18.photos/favicon.ico
31.10.5.97404 Not Found 186 B IP 31.10.5.97:0
ASN #207728 EUROHOSTER Ltd.
File type HTML document text\012- HTML document, ISO-8859 text
Hash c8ec0913b3a74880a0b8dd5aaaa6ebae
eca628e3067c203c1daf89877509aed92ebb086c
f20033daa00189dc78b801858463c38b335489aaf140a94f76afa0d00d616c37
GET /favicon.ico HTTP/1.1
Host: sex18.photos
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 404 Not Found
Server: nginx
Date: Sun, 27 Nov 2022 20:54:09 GMT
Content-Type: text/html; charset=WINDOWS-1251
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Content-Encoding: gzip
www.publimetro.com.mx/favicon.ico
104.84.153.177404 Not Found 33 kB URL HTTP/2 www.publimetro.com.mx/favicon.ico
IP 104.84.153.177:0
ASN #20940 Akamai International B.V.
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (65536), with no line terminators
Hash 8e603489f271e47d32b9788559732394
92569c7589f8181edfe58934e7b8ee59bbd338f6
fbb9531420eb77aa394783a962d8440e41bcd8c0cc2e4432e192099d018486ea
GET /favicon.ico HTTP/1.1
Host: www.publimetro.com.mx
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 404 Not Found
content-type: text/html; charset=utf-8
content-length: 33419
server: openresty
content-encoding: gzip
etag: W/"2e30f-7k2rVG9Sv/04TAmVQVaIXE4xBpA"
last-modified: Sun, 27 Nov 2022 20:52:22 GMT
vary: Accept-Encoding
cache-control: private, max-age=31
expires: Sun, 27 Nov 2022 20:54:40 GMT
date: Sun, 27 Nov 2022 20:54:09 GMT
set-cookie: arc-geo={"country_code":"NO"}; path=/
server-timing: cdn-cache; desc=HIT, edge; dur=10
akamai-true-ttl: -1
X-Firefox-Spdy: h2
7dak.com/favicon.ico
51.195.63.200200 OK 1.2 kB IP 51.195.63.200:0
File type MS Windows icon resource - 3 icons, 48x48, 32 bits/pixel, 32x32, 32 bits/pixel\012- data
Hash bcd4f5f80dbe73ec229e0d6f5154f6b4
293b0104bb92a7be9228d1fae5fcbe78ab118286
863a0695a43ea25618342c66c33daacdae13a900a5518e73aff2b5ee65584ad7
GET /favicon.ico HTTP/1.1
Host: 7dak.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Sun, 27 Nov 2022 20:54:09 GMT
content-type: image/x-icon
last-modified: Tue, 11 Aug 2020 18:52:14 GMT
vary: Accept-Encoding
etag: W/"5f32e8de-3aee"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
strict-transport-security: max-age=31536000
content-encoding: br
X-Firefox-Spdy: h2
thepervs.com/favicon.ico
172.67.134.4403 Forbidden 4.8 kB IP 172.67.134.4:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (2072)
Hash 2ced65ed273b936d763f5f72ac10c5f9
a09750cd5e4cefcdc14190ce448ef8340a1e7831
6f4802960c701521377a99c886223b28b008d3b1547c37f9eb5f4f95a0748b0e
GET /favicon.ico HTTP/1.1
Host: thepervs.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 403 Forbidden
date: Sun, 27 Nov 2022 20:54:09 GMT
content-type: text/html; charset=UTF-8
cf-chl-bypass: 1
referrer-policy: same-origin
permissions-policy: accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),fullscreen=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
expires: Thu, 01 Jan 1970 00:00:01 GMT
x-frame-options: SAMEORIGIN
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=KT7P1bPSXu86hC6aAEHHspN8YFU8AcdsVqOk%2FifOQXJAb0y8AnutI%2FGwdZBOg3G9JukdqEmyXebClZs72tgE8rhXV04K%2FC8JoD7P1PWbOCNPkBofwuHUNTa%2BKgCkonY%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 770dc1e66f36b529-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.sca1b.amazontrust.com/
143.204.42.158200 OK 471 B URL HTTP/1.1 ocsp.sca1b.amazontrust.com/
IP 143.204.42.158:0
Hash ee10e9bfe59952b4bf4bcf0c4e0ac3fd
bbf249cedf10c028fd988b6e29e5ba0bba712764
a43267bafd6b626ae3b044bdbf10c43dc63581d7bb775cf7e327b760592017de
POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=104320
Date: Sun, 27 Nov 2022 20:54:09 GMT
Etag: "6382aceb-1d7"
Expires: Tue, 29 Nov 2022 01:52:49 GMT
Last-Modified: Sun, 27 Nov 2022 00:18:51 GMT
Server: ECS (dcb/7EA2)
X-Cache: Miss from cloudfront
Via: 1.1 a2b4f68a89fc87406bff22c95fc07fba.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: 2ItgPaBBuRolI9MXDX2MF3_qYfWDosdNI1gKAd5Yt-I7IubWFho-vA==
Age: 5638
www.youjizz.com/favicon.ico
66.254.114.242200 OK 5.6 kB URL HTTP/1.1 www.youjizz.com/favicon.ico
IP 66.254.114.242:0
Hash ba8e3ebbc893feb926b398a9de99172e
7abe1bd960fb8efc75fa24482586332a928be5c3
a2f3971a17d97889c0884a066fb06934b0720c3e514a189ab091ef40744e9266
GET /favicon.ico HTTP/1.1
Host: www.youjizz.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
server: nginx
date: Sun, 27 Nov 2022 20:54:09 GMT
content-type: image/x-icon
content-length: 4286
last-modified: Tue, 25 Feb 2020 06:57:19 GMT
etag: "5e54c54f-10be"
accept-ranges: bytes
set-cookie: RNLBSERVERID=ded6725; path=/
x-request-id: 6383CE71-42FE72F201BB7D06-1012282
ocsp.digicert.com/
93.184.220.29200 OK 278 B IP 93.184.220.29:0
Hash ba7b9a62a64281cdb2ef5929f4ecaf46
d8eb5ccd9335b957140adcd7b2834388c63f2945
91842f2bb27d5dfae9185c09cc5f202aaa06f90f0205e9477dbae0beb93cd6b5
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Cache-Control: max-age=156313
Content-Type: application/ocsp-response
Date: Sun, 27 Nov 2022 20:54:09 GMT
Etag: "63838e0a-116"
Expires: Tue, 29 Nov 2022 16:19:22 GMT
Last-Modified: Sun, 27 Nov 2022 16:19:22 GMT
Server: nginx
Content-Length: 278
es.123rf.com/favicon.ico
54.230.111.64200 OK 1.2 kB IP 54.230.111.64:0
File type MS Windows icon resource - 1 icon, 16x16, 32 bits/pixel\012- data
Hash 74285e6d66aa4085ddf8ac7dcd9bff24
ca0ef6f24754e3a566ccdf858d21ad14dda5b386
e5529420865636531b1e925e072956a402bd01dfd7ad32138a92302810512798
GET /favicon.ico HTTP/1.1
Host: es.123rf.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: image/vnd.microsoft.icon
Content-Length: 1150
Connection: keep-alive
Date: Sun, 27 Nov 2022 20:54:09 GMT
Server: nginx
Last-Modified: Tue, 21 Dec 2021 09:13:34 GMT
ETag: "2054-47e-5d3a46b7c6847"
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
X-Cache: Miss from cloudfront
Via: 1.1 fc5e625db631bc657fc73f189d53fa14.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: y6Dad5yV14JQvJClQcO04MgIQtna5PQ4LFFcrmEBBsf2Dn8oyVV07Q==
av.xvideos-dl.top//cacrip.nakadashi.pw/AV4.us.jpg
148.72.246.38200 OK 2.4 kB URL HTTP/1.1 av.xvideos-dl.top//cacrip.nakadashi.pw/AV4.us.jpg
IP 148.72.246.38:0
ASN #26496 AS-26496-GO-DADDY-COM-LLC
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (1346), with CRLF, LF line terminators
Hash 3289dba602a8bd27fd5685594c8ac116
dfdf857e644ce040724101af0eada56796b4b3f3
7f65f1e20628218c1674d6dba208c5e63d0b45aa8b28a824099be644490ed0d0
GET //cacrip.nakadashi.pw/AV4.us.jpg HTTP/1.1
Host: av.xvideos-dl.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
HTTP/1.1 200 OK
Server: nginx/1.20.1
Date: Sun, 27 Nov 2022 20:54:09 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: close
Vary: Host,Accept-Encoding
pdo-line8: host-av.xvideos-dl.top127.0.0.1-myhost-av.xvideos-dl.top127.0.0.1//cacrip.nakadashi.pw/AV4.us.jpg
phost: av.xvideos-dl.top
line1066: notjp--myhost-av.xvideos-dl.top-filteron-
line2430: notjp-//cacrip.nakadashi.pw/AV4.us.jpg-myhost-av.xvideos-dl.top-filteron-
Cache-Control: max-age=102446, public
Content-Encoding: gzip
Access-Control-Allow-Origin: *
X-Proxy-Cache-5950: EXPIRED
Xkey-5950: av.//cacrip.nakadashi.pw/AV4.us.jpg-A-av.xvideos-dl.top-av.xvideos-dl.top-cacpdo0---yes
X-Proxy-Cache-g-jp: HIT
Xkey-g-jp2: av.//cacrip.nakadashi.pw/AV4.us.jpg-A-av.xvideos-dl.top--my_zone
hifiporn.fun/favicon.ico
104.167.223.181301 Moved Permanently 162 B IP 104.167.223.181:0
ASN #399045 DEDIOUTLET-NETWORKS
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash 4f8e702cc244ec5d4de32740c0ecbd97
3adb1f02d5b6054de0046e367c1d687b6cdf7aff
9e17cb15dd75bbbd5dbb984eda674863c3b10ab72613cf8a39a00c3e11a8492a
GET /favicon.ico HTTP/1.1
Host: hifiporn.fun
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 301 Moved Permanently
server: nginx
date: Sun, 27 Nov 2022 20:54:10 GMT
content-type: text/html
content-length: 162
location: https://hifiporn.fun/
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: sameorigin
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
X-Firefox-Spdy: h2
hifiporn.fun/
104.167.223.181301 Moved Permanently 162 B IP 104.167.223.181:0
ASN #399045 DEDIOUTLET-NETWORKS
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash 4f8e702cc244ec5d4de32740c0ecbd97
3adb1f02d5b6054de0046e367c1d687b6cdf7aff
9e17cb15dd75bbbd5dbb984eda674863c3b10ab72613cf8a39a00c3e11a8492a
GET / HTTP/1.1
Host: hifiporn.fun
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 301 Moved Permanently
server: nginx
date: Sun, 27 Nov 2022 20:54:10 GMT
content-type: text/html
content-length: 162
location: https://hifiporn.fun/xxx/
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: sameorigin
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
X-Firefox-Spdy: h2
www.reddit.com/favicon.ico
151.101.85.140200 OK 2.4 kB URL HTTP/2 www.reddit.com/favicon.ico
IP 151.101.85.140:0
File type PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced\012- data
Hash 4f450017f68decfda3027242b57e4811
3bceac8d2b1869b991c2d03de385354a05fca2ec
3fcb0febd3450b5edbd536a86dbfe6dd7bad6bd39d3976801b069e14d15da5d3
GET /favicon.ico HTTP/1.1
Host: www.reddit.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
last-modified: Mon, 07 Jan 2019 21:19:55 GMT
etag: "4f450017f68decfda3027242b57e4811"
content-type: image/vnd.microsoft.icon
accept-ranges: bytes
date: Sun, 27 Nov 2022 20:54:11 GMT
via: 1.1 varnish
strict-transport-security: max-age=31536000; includeSubdomains
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
cache-control: public, max-age=86400
server: snooserv
report-to: {"group": "w3-reporting-nel", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting-nel.reddit.com/reports" }]}, {"group": "w3-reporting", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting.reddit.com/reports" }]}
nel: {"report_to": "w3-reporting-nel", "max_age": 14400, "include_subdomains": false, "success_fraction": 0.2, "failure_fraction": 0.2}
content-length: 2441
X-Firefox-Spdy: h2
twitter.com/favicon.ico
104.244.42.65200 OK 1.2 kB IP 104.244.42.65:0
File type MS Windows icon resource - 1 icon, 16x16, 32 bits/pixel\012- data
Hash 630d203cdeba06df4c0e289c8c8094f6
eee14e8a36b0512c12ba26c0516b4553618dea36
bbce71345828a27c5572637dbe88a3dd1e065266066600c8a841985588bf2902
GET /favicon.ico HTTP/1.1
Host: twitter.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sun, 27 Nov 2022 20:54:11 UTC
perf: 7626143928
server: tsa_o
set-cookie: guest_id=v1%3A166958245162784224; Max-Age=34214400; Expires=Thu, 28 Dec 2023 20:54:11 GMT; Path=/; Domain=.twitter.com; Secure; SameSite=None
content-type: image/x-icon
cache-control: no-cache, no-store, max-age=0
content-length: 1150
x-transaction-id: d84d60ec46425ac9
strict-transport-security: max-age=631138519
x-response-time: 102
x-connection-hash: 766b454b58cb112d8b0d6cec4a809599f3c72fa3187c448f4b56011dcd9fd90c
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 279 B IP 93.184.220.29:0
Hash 7d69365d1a6994d038ab03c289790f52
bf2c4bf957fe432052a767426449259fc2654ad9
bfaf95865b8024a3e70cb1f47226176f0a282bb995da2adc97eafe0990dffaf3
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5377
Cache-Control: max-age=137943
Content-Type: application/ocsp-response
Date: Sun, 27 Nov 2022 20:54:11 GMT
Etag: "63833149-117"
Expires: Tue, 29 Nov 2022 11:13:14 GMT
Last-Modified: Sun, 27 Nov 2022 09:43:37 GMT
Server: ECS (ska/F71B)
X-Cache: HIT
Content-Length: 279
ocsp.digicert.com/
93.184.220.29200 OK 279 B IP 93.184.220.29:0
Hash 7d69365d1a6994d038ab03c289790f52
bf2c4bf957fe432052a767426449259fc2654ad9
bfaf95865b8024a3e70cb1f47226176f0a282bb995da2adc97eafe0990dffaf3
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5377
Cache-Control: max-age=137943
Content-Type: application/ocsp-response
Date: Sun, 27 Nov 2022 20:54:11 GMT
Etag: "63833149-117"
Expires: Tue, 29 Nov 2022 11:13:14 GMT
Last-Modified: Sun, 27 Nov 2022 09:43:37 GMT
Server: ECS (ska/F71B)
X-Cache: HIT
Content-Length: 279
ocsp.digicert.com/
93.184.220.29200 OK 279 B IP 93.184.220.29:0
Hash 7d69365d1a6994d038ab03c289790f52
bf2c4bf957fe432052a767426449259fc2654ad9
bfaf95865b8024a3e70cb1f47226176f0a282bb995da2adc97eafe0990dffaf3
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 1356
Cache-Control: max-age=133922
Content-Type: application/ocsp-response
Date: Sun, 27 Nov 2022 20:54:11 GMT
Etag: "63833149-117"
Expires: Tue, 29 Nov 2022 10:06:13 GMT
Last-Modified: Sun, 27 Nov 2022 09:43:37 GMT
Server: ECS (ska/F716)
X-Cache: HIT
Content-Length: 279
ocsp.digicert.com/
93.184.220.29200 OK 279 B IP 93.184.220.29:0
Hash 7d69365d1a6994d038ab03c289790f52
bf2c4bf957fe432052a767426449259fc2654ad9
bfaf95865b8024a3e70cb1f47226176f0a282bb995da2adc97eafe0990dffaf3
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5377
Cache-Control: max-age=137943
Content-Type: application/ocsp-response
Date: Sun, 27 Nov 2022 20:54:11 GMT
Etag: "63833149-117"
Expires: Tue, 29 Nov 2022 11:13:14 GMT
Last-Modified: Sun, 27 Nov 2022 09:43:37 GMT
Server: ECS (ska/F71B)
X-Cache: HIT
Content-Length: 279
ocsp.digicert.com/
93.184.220.29200 OK 279 B IP 93.184.220.29:0
Hash 7d69365d1a6994d038ab03c289790f52
bf2c4bf957fe432052a767426449259fc2654ad9
bfaf95865b8024a3e70cb1f47226176f0a282bb995da2adc97eafe0990dffaf3
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3024
Cache-Control: max-age=135590
Content-Type: application/ocsp-response
Date: Sun, 27 Nov 2022 20:54:11 GMT
Etag: "63833149-117"
Expires: Tue, 29 Nov 2022 10:34:01 GMT
Last-Modified: Sun, 27 Nov 2022 09:43:37 GMT
Server: ECS (ska/F717)
X-Cache: HIT
Content-Length: 279
rz.nakadashi.pw/v/s://twitter.com/natnoota/status/945552380539551745/title/myhash/3
172.64.128.21200 OK 423 B URL HTTP/2 rz.nakadashi.pw/v/s://twitter.com/natnoota/status/945552380539551745/title/myhash/3
IP 172.64.128.21:0
File type ASCII text, with no line terminators
Hash 15edbb76bfe152faa8666ddd60a0a7e1
3e213483e22f58555641e342c81a6619a66fa01f
a6bc941e5017c9dda7cda9efd6adec2770e6a15e5d1d795cb866a786b10cbbcb
Analyzer Verdict Alert fortinet Phishing
GET /v/s://twitter.com/natnoota/status/945552380539551745/title/myhash/3 HTTP/1.1
Host: rz.nakadashi.pw
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://en.xvideos-dl.top
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sun, 27 Nov 2022 20:54:11 GMT
content-type: text/html; charset=UTF-8
vary: Host,Accept-Encoding
pdo-line8: host-rz.nakadashi.pw127.0.0.1-myhost-127.0.0.1/v/s://twitter.com/natnoota/status/945552380539551745/title/myhash/3
phost: rz.nakadashi.pw
line1066: notjp-nakadashi-myhost--filteron-
pdo106: feedvid-, cachefileb-cacpdo2/2a/4e/a21b50, lfm-1-836, lmd-836, lud-3697035, xfvlen-793715, fsize-460646, played-233
access-control-allow-headers: X-Requested-With
cache-control: public, max-age=3600000
access-control-allow-origin: *
x-proxy-cache-5950: HIT
xkey-5950: rz./v/s://twitter.com/natnoota/status/945552380539551745/title/myhash/3-A-rz.nakadashi.pw--cacpdo0---yes
x-proxy-cache-la2: HIT
xkey-la2: rz./v/s://twitter.com/natnoota/status/945552380539551745/title/myhash/3-A-rz.nakadashi.pw--my_zone
cf-cache-status: HIT
age: 1015997
last-modified: Wed, 16 Nov 2022 02:40:54 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=V17zQXAwRS1DMa%2Ff9FP40SfmR2obkNGkFxTmalWZ6dpeAF5qX7aerRnOkOThdgk361SpZv1CCf7qtKgtJWYmIfDwheDmsk%2Bpqqlh9ZK%2FPKEM%2FP4Q0Trbvcb1mfznmqq1YxU%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 770dc1f4d937778c-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
rz.nakadashi.pw/v/s://7dak.com/video/1035311/k%C3%BC%C3%A7%C3%BCv%C3%BCk-amc%C4%B1kl%C4%B1-k%C4%B1z%C4%B1-dev-yarra%C4%9F%C4%B1yla-darma-duman-ediyor/title/myhash/3
172.64.128.21200 OK 39 kB URL HTTP/2 rz.nakadashi.pw/v/s://7dak.com/video/1035311/k%C3%BC%C3%A7%C3%BCv%C3%BCk-amc%C4%B1kl%C4%B1-k%C4%B1z%C4%B1-dev-yarra%C4%9F%C4%B1yla-darma-duman-ediyor/title/myhash/3
IP 172.64.128.21:0
File type ASCII text, with very long lines (542), with no line terminators
Hash b8a87cd688f3e8deeccfe9f86188180b
f7e64edf88b35b9b5cb6e312197f0a9206153aa8
dd56eab989fa62ec8c32b848cc25ba0f49155446d5827cfcd868d09a174790f7
Analyzer Verdict Alert fortinet Phishing
GET /v/s://7dak.com/video/1035311/k%C3%BC%C3%A7%C3%BCv%C3%BCk-amc%C4%B1kl%C4%B1-k%C4%B1z%C4%B1-dev-yarra%C4%9F%C4%B1yla-darma-duman-ediyor/title/myhash/3 HTTP/1.1
Host: rz.nakadashi.pw
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://en.xvideos-dl.top
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sun, 27 Nov 2022 20:54:11 GMT
content-type: text/html; charset=UTF-8
vary: Host,Accept-Encoding
pdo-line8: host-rz.nakadashi.pw127.0.0.1-myhost-127.0.0.1/v/s://7dak.com/video/1035311/k%C3%BC%C3%A7%C3%BCv%C3%BCk-amc%C4%B1kl%C4%B1-k%C4%B1z%C4%B1-dev-yarra%C4%9F%C4%B1yla-darma-duman-ediyor/title/myhash/3
phost: rz.nakadashi.pw
line1066: notjp-nakadashi-myhost--filteron-
pdo106: feedvid-, cachefileb-cacpdo1/04/1f/48c091, lfm-1-14, lmd-15, lud-74302, xfvlen-980390, fsize-310775, played-150
access-control-allow-headers: X-Requested-With
cache-control: public, max-age=3600000
access-control-allow-origin: *
x-proxy-cache-5950: MISS
xkey-5950: rz./v/s://7dak.com/video/1035311/k%C3%BC%C3%A7%C3%BCv%C3%BCk-amc%C4%B1kl%C4%B1-k%C4%B1z%C4%B1-dev-yarra%C4%9F%C4%B1yla-darma-duman-ediyor/title/myhash/3-A-rz.nakadashi.pw--cacpdo0---yes
x-proxy-cache-la2: HIT
xkey-la2: rz./v/s://7dak.com/video/1035311/k%C3%BC%C3%A7%C3%BCv%C3%BCk-amc%C4%B1kl%C4%B1-k%C4%B1z%C4%B1-dev-yarra%C4%9F%C4%B1yla-darma-duman-ediyor/title/myhash/3-A-rz.nakadashi.pw--my_zone
cf-cache-status: HIT
age: 2345594
last-modified: Mon, 31 Oct 2022 17:20:57 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=HG%2F3C2ZxK%2BKqNdImiVEFABCSdtNT9z8HwxZi%2BwP8ckxAXFKN3awGJ64Bewefivvgj37puR%2FoiRhfFdBE9%2FeA%2B96EGuSXf9v771TDGvC5%2FPeuHARa6RTjZfSfbtMlweK55iU%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 770dc1f4e949778c-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
rz.nakadashi.pw/v/s://twitter.com/gril_real/status/1302027657375252480/title/myhash/3
172.64.128.21200 OK 33 kB URL HTTP/2 rz.nakadashi.pw/v/s://twitter.com/gril_real/status/1302027657375252480/title/myhash/3
IP 172.64.128.21:0
File type ASCII text, with very long lines (305), with no line terminators
Hash ed84add7ee9229a3e5057ca50233666f
d70ef823ef5a521350de409feecd008170025b01
e3059782d92f3339dad7841fee87b6c4d1baecc3a0b58be3b508c0907305d269
Analyzer Verdict Alert fortinet Phishing
GET /v/s://twitter.com/gril_real/status/1302027657375252480/title/myhash/3 HTTP/1.1
Host: rz.nakadashi.pw
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://en.xvideos-dl.top
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sun, 27 Nov 2022 20:54:11 GMT
content-type: text/html; charset=UTF-8
vary: Host,Accept-Encoding
pdo-line8: host-rz.nakadashi.pw127.0.0.1-myhost-127.0.0.1/v/s://twitter.com/gril_real/status/1302027657375252480/title/myhash/3
phost: rz.nakadashi.pw
line1066: notjp-nakadashi-myhost--filteron-
pdo106: feedvid-, cachefileb-cacpdo9/62/25/128e52, lfm-1-8211, lmd-8211, lud-2064199, xfvlen-2109346, fsize-910633, played-358
access-control-allow-headers: X-Requested-With
cache-control: public, max-age=3600000
access-control-allow-origin: *
x-proxy-cache-5950: MISS
xkey-5950: rz./v/s://twitter.com/gril_real/status/1302027657375252480/title/myhash/3-A-rz.nakadashi.pw--cacpdo0---yes
x-proxy-cache-la2: HIT
xkey-la2: rz./v/s://twitter.com/gril_real/status/1302027657375252480/title/myhash/3-A-rz.nakadashi.pw--my_zone
cf-cache-status: HIT
age: 1111
last-modified: Sun, 27 Nov 2022 20:35:40 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=jIfH17DB5drhhdEchUa75voLYnfGwlYYEb3BtLgSeYi1tvsUi2vyMSRWccy3jUx93c9bSFUeQirJN4Mjx%2FbkAMtCV1tzSke9iHBuqDb4B3SC6nlowYS4JIbiFw52%2FicoTBE%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 770dc1f4d93c778c-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
rz.nakadashi.pw/v/s://twitter.com/nba/status/999364372446236672/title/myhash/3
172.64.128.21200 OK 49 kB URL HTTP/2 rz.nakadashi.pw/v/s://twitter.com/nba/status/999364372446236672/title/myhash/3
IP 172.64.128.21:0
File type ASCII text, with very long lines (301), with no line terminators
Hash 1f69570fe392c8a3b6a1b4e639fceb8f
6ef692daa627ae79d394bdbed01835e9caa94f16
50b2e934afebcb1d1072a90e61dff03b2d2403feb48c66879965d6b778b0a073
Analyzer Verdict Alert fortinet Phishing
GET /v/s://twitter.com/nba/status/999364372446236672/title/myhash/3 HTTP/1.1
Host: rz.nakadashi.pw
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://en.xvideos-dl.top
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 27 Nov 2022 20:54:12 GMT
content-type: text/html; charset=UTF-8
vary: Host,Accept-Encoding
pdo-line8: host-rz.nakadashi.pw127.0.0.1-myhost-127.0.0.1/v/s://twitter.com/nba/status/999364372446236672/title/myhash/3
phost: rz.nakadashi.pw
line1066: notjp-nakadashi-myhost--filteron-
pdo106: feedvid-, cachefileb-cacpdo3/da/b1/4f2345, lfm-1-4267, lmd-4267, lud-891175, xfvlen-2158020, fsize-813249, played-566
access-control-allow-headers: X-Requested-With
cache-control: public, max-age=3600000
access-control-allow-origin: *
x-proxy-cache-5950: MISS
xkey-5950: rz./v/s://twitter.com/nba/status/999364372446236672/title/myhash/3-A-rz.nakadashi.pw--cacpdo0---yes
x-proxy-cache-la2: HIT
xkey-la2: rz./v/s://twitter.com/nba/status/999364372446236672/title/myhash/3-A-rz.nakadashi.pw--my_zone
cf-cache-status: HIT
age: 74249
last-modified: Sun, 27 Nov 2022 00:16:43 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=1QkXcO6Ui4DjOHwkLP9oVhl3czMq2pKYolC9ZXEjLL%2B6kLllBCLakM8LOeb4jyU5qVsgyO4DaMHdY6zmJUKTwJJR4aDAJu9rkAiPy3s5ec5p0PwAkiZvRjXVkOD9owZ6rGM%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 770dc1f4f97f778c-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
rz.nakadashi.pw/v/s://twitter.com/GMA/status/1016708889503584256/title/myhash/3
172.64.128.21200 OK 32 kB URL HTTP/2 rz.nakadashi.pw/v/s://twitter.com/GMA/status/1016708889503584256/title/myhash/3
IP 172.64.128.21:0
File type ASCII text, with very long lines (304), with no line terminators
Hash e94849eb656a0b6b9180e1e730c2c08c
ded46aff182a12a0a6d4ffd3ef56f767e1d5944d
304c9aa24eeae5b9d6ba5d86df89c0bcf3f24a9c9602e1a22d86d7f00bc29681
Analyzer Verdict Alert fortinet Phishing
GET /v/s://twitter.com/GMA/status/1016708889503584256/title/myhash/3 HTTP/1.1
Host: rz.nakadashi.pw
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://en.xvideos-dl.top
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sun, 27 Nov 2022 20:54:12 GMT
content-type: text/html; charset=UTF-8
vary: Host,Accept-Encoding
pdo-line8: host-rz.nakadashi.pw127.0.0.1-myhost-127.0.0.1/v/s://twitter.com/GMA/status/1016708889503584256/title/myhash/3
phost: rz.nakadashi.pw
line1066: notjp-nakadashi-myhost--filteron-
pdo106: feedvid-, cachefileb-cacpdo2/25/9d/757346, lfm-1-332, lmd-332, lud-1197672, xfvlen-1580333, fsize-590824, played-2856
access-control-allow-headers: X-Requested-With
cache-control: public, max-age=3600000
access-control-allow-origin: *
x-proxy-cache-5950: MISS
xkey-5950: rz./v/s://twitter.com/GMA/status/1016708889503584256/title/myhash/3-A-rz.nakadashi.pw--cacpdo0---yes
x-proxy-cache-la2: HIT
xkey-la2: rz./v/s://twitter.com/GMA/status/1016708889503584256/title/myhash/3-A-rz.nakadashi.pw--my_zone
cf-cache-status: HIT
age: 414104
last-modified: Wed, 23 Nov 2022 01:52:27 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=kL7xqkkZnczGcuYaEo9KcZ1D2xgxSSZutxhrgWFchq8nK50O4zXeIXEr5%2FHPTpNZK0oQ9C%2Bk7yR4qpayAzE3Yk6dNnaMV7bARltFndI7QS%2B5TnEz7Zk%2BP6YC8KUUTmZYF5o%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 770dc1f4d93d778c-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
pic.wonporn.com/imgr/a/j/d/n/f/father_and_daughter_have_sex_in_bathroom-3_tmb.jpg
172.67.154.104200 OK 10 kB URL HTTP/1.1 pic.wonporn.com/imgr/a/j/d/n/f/father_and_daughter_have_sex_in_bathroom-3_tmb.jpg
IP 172.67.154.104:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 80", baseline, precision 8, 320x240, components 3\012- data
Hash 1f84b2fa48c7fcae1ad5334adc80213f
1f5e6bbb506e9028d5ba805f680b33ac57b06379
f4a9bd2c76f26af60452d5c1d17f772007f26c9521bd91b068f3959330e98203
GET /imgr/a/j/d/n/f/father_and_daughter_have_sex_in_bathroom-3_tmb.jpg HTTP/1.1
Host: pic.wonporn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://en.xvideos-dl.top/
HTTP/1.1 200 OK
Date: Sun, 27 Nov 2022 20:54:12 GMT
Content-Type: image/jpeg
Content-Length: 10028
Connection: keep-alive
Last-Modified: Wed, 29 Apr 2015 06:18:02 GMT
ETag: "5540779a-272c"
Expires: Sun, 25 Dec 2022 21:06:14 GMT
Cache-Control: max-age=2592000
CF-Cache-Status: HIT
Age: 172078
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=GK3e9MAZNWq4M5JXr1DiWmbO7Ls%2BI%2FOYViUaEuzxmQiPuIj0sWSB0YjGKUOKYkoPqoD53M1SnFqFY1AEy%2FEMwNez2PpaZRlTBF%2FLLIP4exzXd48GTM0ZMTQaqS6tFfFH8cY%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 770dc1f62f8d1c0e-OSL
alt-svc: h2=":443"; ma=60
rz.nakadashi.pw/v/s://twitter.com/gril_real/status/1330952368133976065/title/myhash/3
172.64.128.21200 OK 621 B URL HTTP/2 rz.nakadashi.pw/v/s://twitter.com/gril_real/status/1330952368133976065/title/myhash/3
IP 172.64.128.21:0
File type ASCII text, with very long lines (305), with no line terminators
Hash 52904d25065718c188fb8ba939ae22ce
a9f30bc0510f64356a6e0193a1cfabd26bafc53e
eee528c935a124a665f1bbf4d75207449ba83ed511b6b875b2bd87ca6d1520c5
Analyzer Verdict Alert fortinet Phishing
GET /v/s://twitter.com/gril_real/status/1330952368133976065/title/myhash/3 HTTP/1.1
Host: rz.nakadashi.pw
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://en.xvideos-dl.top
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sun, 27 Nov 2022 20:54:11 GMT
content-type: text/html; charset=UTF-8
vary: Host,Accept-Encoding
pdo-line8: host-rz.nakadashi.pw127.0.0.1-myhost-127.0.0.1/v/s://twitter.com/gril_real/status/1330952368133976065/title/myhash/3
phost: rz.nakadashi.pw
line1066: notjp-nakadashi-myhost--filteron-
pdo106: feedvid-, cachefileb-cacpdo3/eb/aa/fc9552, lfm-1-1263, lmd-1264, lud-1892640, xfvlen-2036662, fsize-806885, played-72
access-control-allow-headers: X-Requested-With
cache-control: public, max-age=3600000
access-control-allow-origin: *
x-proxy-cache-5950: MISS
xkey-5950: rz./v/s://twitter.com/gril_real/status/1330952368133976065/title/myhash/3-A-rz.nakadashi.pw--cacpdo0---yes
x-proxy-cache-la2: HIT
xkey-la2: rz./v/s://twitter.com/gril_real/status/1330952368133976065/title/myhash/3-A-rz.nakadashi.pw--my_zone
cf-cache-status: HIT
age: 373340
last-modified: Wed, 23 Nov 2022 13:11:51 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Eve9%2FzmXk9zn%2BaX3QkZnCEBxI7zzlvv7rI%2Fd2IpVwpPXHEDNTSESqZmItF7n7vq3jP7Hcqhmwkw6QGJh%2F1mGE0y2twESvC9iZATgQbrw9zguyXveeNjDJZzXbH%2FxM8CiY6U%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 770dc1f4d92a778c-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
videos.clipstock.com/s3fs-public/styles/inline_image/public/preview-thumbnails/009a03a0-1a9b-4767-b56c-9835e00a7e4b.thumbnail.jpg?VersionId=XSVNnCnXMVAXnnjqePgKn6l4GUkEPUmg&itok=Cihy8B1q
172.67.9.92200 OK 62 kB URL HTTP/2 videos.clipstock.com/s3fs-public/styles/inline_image/public/preview-thumbnails/009a03a0-1a9b-4767-b56c-9835e00a7e4b.thumbnail.jpg?VersionId=XSVNnCnXMVAXnnjqePgKn6l4GUkEPUmg&itok=Cihy8B1q
IP 172.67.9.92:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 90", baseline, precision 8, 938x528, components 3\012- data
Hash c23a642425818096cc8937b67f157295
3e5f42af97acc94085dbde7accc605631cdd73c6
7c910dbc21f8da6a120607d88d64d2853c726f860b518a46f063987f4b2cb58a
GET /s3fs-public/styles/inline_image/public/preview-thumbnails/009a03a0-1a9b-4767-b56c-9835e00a7e4b.thumbnail.jpg?VersionId=XSVNnCnXMVAXnnjqePgKn6l4GUkEPUmg&itok=Cihy8B1q HTTP/1.1
Host: videos.clipstock.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://en.xvideos-dl.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sun, 27 Nov 2022 20:54:12 GMT
content-type: image/jpeg
content-length: 62287
cf-bgj: h2pri
age: 4835
etag: "c23a642425818096cc8937b67f157295"
last-modified: Fri, 07 Oct 2022 11:01:44 GMT
vary: Accept-Encoding
via: 1.1 e2f427863e6bdb72ad8bed72b596d81e.cloudfront.net (CloudFront)
x-amz-cf-id: xyQN-y-5ms_vO78LhJRKDeqZgy98FZ9TxkRnHhtbOBYbAetPWacmdw==
x-amz-cf-pop: OSL50-P1
x-amz-server-side-encryption: AES256
x-amz-version-id: XSVNnCnXMVAXnnjqePgKn6l4GUkEPUmg
x-cache: Hit from cloudfront
cache-control: max-age=86400
cf-cache-status: HIT
accept-ranges: bytes
server: cloudflare
cf-ray: 770dc1f6aba21bfe-OSL
X-Firefox-Spdy: h2
rz.nakadashi.pw/v/://wonporn.com/itm/real_father_and_daughter_nude_sex_seens/title/myhash/3
172.64.128.21200 OK 234 B URL HTTP/2 rz.nakadashi.pw/v/://wonporn.com/itm/real_father_and_daughter_nude_sex_seens/title/myhash/3
IP 172.64.128.21:0
File type ASCII text, with no line terminators
Hash debc33d348fc21a0184af6f234973891
9e4a2b6f1d6fa2db9f6755e3d4b991aae316fe14
5d569bd869ea11fd25f8d26f85e453668c9ff8e04c806fb94f3a6972f408a679
Analyzer Verdict Alert fortinet Phishing
GET /v/://wonporn.com/itm/real_father_and_daughter_nude_sex_seens/title/myhash/3 HTTP/1.1
Host: rz.nakadashi.pw
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://en.xvideos-dl.top
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sun, 27 Nov 2022 20:54:11 GMT
content-type: text/html; charset=UTF-8
vary: Host,Accept-Encoding
pdo-line8: host-rz.nakadashi.pw127.0.0.1-myhost-127.0.0.1/v/://wonporn.com/itm/real_father_and_daughter_nude_sex_seens/title/myhash/3
phost: rz.nakadashi.pw
line1066: notjp-nakadashi-myhost--filteron-
pdo106: feedvid-, cachefileb-cacpdo1/0a/46/91ee58, lfm-1-2333, lmd-2333, lud-1285032, xfvlen-1452582, fsize-480536, played-255
access-control-allow-headers: X-Requested-With
cache-control: public, max-age=3600000
access-control-allow-origin: *
x-proxy-cache-5950: MISS
xkey-5950: rz./v/://wonporn.com/itm/real_father_and_daughter_nude_sex_seens/title/myhash/3-A-rz.nakadashi.pw--cacpdo0---yes
x-proxy-cache-la2: HIT
xkey-la2: rz./v/://wonporn.com/itm/real_father_and_daughter_nude_sex_seens/title/myhash/3-A-rz.nakadashi.pw--my_zone
cf-cache-status: HIT
age: 348148
last-modified: Wed, 23 Nov 2022 20:11:43 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=QVCGzoaxvfkvomWYVkcsqN7q86N2Epkw8cZOg%2FlVjCVloUQH4Yi2sxACIQu6VIMSkmZocelVwxYab9%2BjpJ688ArJKfCCPn8zmIfjZwx8LC1%2Bg6aK5qa66ctYk4%2FkmruTfAc%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 770dc1f4d929778c-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 278 B IP 93.184.220.29:0
Hash 7a390b0db8e02ec4baf2c22ce975c37a
8e55ab8e2f3f47b19f0a66d36a4388df3a50eb6a
99a35d06980262d7c7223b1c25bfbc29fdeeee2cc830eed7ba13c178115633d8
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 2628
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Sun, 27 Nov 2022 20:54:12 GMT
Last-Modified: Sun, 27 Nov 2022 20:10:24 GMT
Server: ECS (ska/F71B)
X-Cache: HIT
Content-Length: 278
thumbs.7dakcdn.com/resimler/b/1035311/k%C3%BC%C3%A7%C3%BCc%C3%BCk-amc%C4%B1kl%C4%B1-k%C4%B1z%C4%B1-dev-yarra%C4%9F%C4%B1yla-darma-duman-ediyor.jpg
104.21.91.186200 OK 68 kB URL HTTP/2 thumbs.7dakcdn.com/resimler/b/1035311/k%C3%BC%C3%A7%C3%BCc%C3%BCk-amc%C4%B1kl%C4%B1-k%C4%B1z%C4%B1-dev-yarra%C4%9F%C4%B1yla-darma-duman-ediyor.jpg
IP 104.21.91.186:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 1920x1080, components 3\012- data
Hash 4adea2ce1752de6b5f477c849be6bf4d
0a7bfdd42b6329d8c6410a523dcf4e5f04ca5733
6f0e4f17cb704dca10c706331a6c3f4fd06ccf408735c551434c4f410428edf4
GET /resimler/b/1035311/k%C3%BC%C3%A7%C3%BCc%C3%BCk-amc%C4%B1kl%C4%B1-k%C4%B1z%C4%B1-dev-yarra%C4%9F%C4%B1yla-darma-duman-ediyor.jpg HTTP/1.1
Host: thumbs.7dakcdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://en.xvideos-dl.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 27 Nov 2022 20:54:12 GMT
content-type: image/jpeg
content-length: 67654
last-modified: Mon, 25 Oct 2021 05:20:30 GMT
vary: Accept-Encoding
etag: "61763e9e-10846"
expires: Sun, 04 Dec 2022 04:30:31 GMT
cache-control: max-age=2592000
cf-cache-status: HIT
age: 2046221
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=2fpkrDYfa9HTvULHbQI4l2Mplw3kNhOPVotQDysKXRPzZq1vm0SE85xu19PDjHiPQ4GnwFc80qaEhYS8iQj3Q8p7YBJ5e3lxG2VJQ2001MbqQnYKKl8MyRtOVOT7VbhHTPA2SRk%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 770dc1f6ff0fb4ed-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
cdne-pics.youjizz.com/0/0/e/00eeae05e75ccbf7971648159bf3d7921605915846-1280-720-1087-h264.mp4-9.jpg
64.210.135.114200 OK 29 kB URL HTTP/1.1 cdne-pics.youjizz.com/0/0/e/00eeae05e75ccbf7971648159bf3d7921605915846-1280-720-1087-h264.mp4-9.jpg
IP 64.210.135.114:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 308x232, components 3\012- data
Hash 067bbdfc0cf4ce27c669fc2e930650ad
277c885d71c1a6640d077a807dccb2662d2bc349
e1b4d12129fa002b89e861e977bf05625df7aa7e4966e66c0c82cefb904e90ca
GET /0/0/e/00eeae05e75ccbf7971648159bf3d7921605915846-1280-720-1087-h264.mp4-9.jpg HTTP/1.1
Host: cdne-pics.youjizz.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://en.xvideos-dl.top/
HTTP/1.1 200 OK
date: Sun, 27 Nov 2022 20:54:12 GMT
Content-Type: image/jpeg
Content-Length: 29445
last-modified: Fri, 20 Nov 2020 23:47:16 GMT
etag: "7305-5b49276dfc78c"
expires: Sun, 30 Oct 2022 00:33:47 GMT
cache-control: max-age=10530911
access-control-allow-origin: *
access-control-allow-methods: GET,HEAD,OPTIONS
timing-allow-origin: *
access-control-expose-headers: Content-Length
Accept-Ranges: bytes
x-cdn-diag: ams5-7846-2-5885-h-0-0---;6141-22-46435----0-0-0
ocsp.digicert.com/
93.184.220.29200 OK 278 B IP 93.184.220.29:0
Hash 7a390b0db8e02ec4baf2c22ce975c37a
8e55ab8e2f3f47b19f0a66d36a4388df3a50eb6a
99a35d06980262d7c7223b1c25bfbc29fdeeee2cc830eed7ba13c178115633d8
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 2628
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Sun, 27 Nov 2022 20:54:12 GMT
Last-Modified: Sun, 27 Nov 2022 20:10:24 GMT
Server: ECS (ska/F71B)
X-Cache: HIT
Content-Length: 278
rz.nakadashi.pw/v/s://www.reddit.com/r/LaBrantFamSnark/comments/uis68g/tw_pedophilia_its_so_fucking_sick_that_sex_dolls/title/myhash/3
172.64.128.21200 OK 407 B URL HTTP/2 rz.nakadashi.pw/v/s://www.reddit.com/r/LaBrantFamSnark/comments/uis68g/tw_pedophilia_its_so_fucking_sick_that_sex_dolls/title/myhash/3
IP 172.64.128.21:0
File type ASCII text, with very long lines (436), with no line terminators
Hash eaf16dcb1743f00ff34f7761b752c562
9fcf548d807f36fc7311bf2d52a42b8bd7563408
34ccd7a2805c7523bf1c32ca4ffbefcdb59b7f320399484c877a4e5e19a3d15c
Analyzer Verdict Alert fortinet Phishing
GET /v/s://www.reddit.com/r/LaBrantFamSnark/comments/uis68g/tw_pedophilia_its_so_fucking_sick_that_sex_dolls/title/myhash/3 HTTP/1.1
Host: rz.nakadashi.pw
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://en.xvideos-dl.top
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sun, 27 Nov 2022 20:54:11 GMT
content-type: text/html; charset=UTF-8
vary: Host,Accept-Encoding
pdo-line8: host-rz.nakadashi.pw127.0.0.1-myhost-127.0.0.1/v/s://www.reddit.com/r/LaBrantFamSnark/comments/uis68g/tw_pedophilia_its_so_fucking_sick_that_sex_dolls/title/myhash/3
phost: rz.nakadashi.pw
line1066: notjp-nakadashi-myhost--filteron-
pdo106: feedvid-, cachefileb-cacpdo3/ec/79/e9, lfm-9-110, lmd-110, lud-110, xfvlen-242486, fsize-536215, played-
access-control-allow-headers: X-Requested-With
cache-control: public, max-age=3600000
access-control-allow-origin: *
x-proxy-cache-5950: MISS
xkey-5950: rz./v/s://www.reddit.com/r/LaBrantFamSnark/comments/uis68g/tw_pedophilia_its_so_fucking_sick_that_sex_dolls/title/myhash/3-A-rz.nakadashi.pw--myzone---yes
x-proxy-cache-la2: HIT
xkey-la2: rz./v/s://www.reddit.com/r/LaBrantFamSnark/comments/uis68g/tw_pedophilia_its_so_fucking_sick_that_sex_dolls/title/myhash/3-A-rz.nakadashi.pw--my_zone
cf-cache-status: HIT
age: 406196
last-modified: Wed, 23 Nov 2022 04:04:15 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Kn1be9uOPAY3Q%2FgoUq6%2BDz0gAXxbMEXAm%2FIVZREcpIaYypgzDy6RKnT3GMolVNwNOLh3zjWUx7v1leCJq35ytQcEgYk9E0bbTL4wAdz4pYkn4B4h2VGsoVEMOaih7knGM74%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 770dc1f4d944778c-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
img-egc.xvideos.com/videos/thumbsll/3f/a9/69/3fa969e440f315242e29f0770c0b9face3c8885d/3fa969e440f315242e29f0770c0b9face3c8885d.25.jpg
195.181.166.12404 Not Found 173 B URL HTTP/1.1 img-egc.xvideos.com/videos/thumbsll/3f/a9/69/3fa969e440f315242e29f0770c0b9face3c8885d/3fa969e440f315242e29f0770c0b9face3c8885d.25.jpg
IP 195.181.166.12:0
ASN #60068 Datacamp Limited
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash 6b185e9eafe6f2c1c66e11ed5c647e1b
dee4e0c0c7227ecc6e9d06e1d184ba65b6cc5d32
1559afddc0cccaa2575ada7e6f9605336cfa020e9d24653d5bb785388698c1fa
GET /videos/thumbsll/3f/a9/69/3fa969e440f315242e29f0770c0b9face3c8885d/3fa969e440f315242e29f0770c0b9face3c8885d.25.jpg HTTP/1.1
Host: img-egc.xvideos.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://en.xvideos-dl.top/
HTTP/1.1 404 Not Found
Date: Sun, 27 Nov 2022 20:54:12 GMT
Content-Type: text/html; charset=iso-8859-1
Transfer-Encoding: chunked
Connection: keep-alive
X-Frame-Options: sameorigin
Cache-Control: max-age=10368000, public
Access-Control-Allow-Origin: *
X-Accel-Expires: @1677394016
X-77-NZT: A8O1pgroozD/BBwRANRmOAmBPIr/TuIJAI/0Otjd34T/wgMMAA
X-77-Cache: HIT
Server: CDN77-Turbo
X-77-NZT-Ray: td8VSi7CMKI
X-Cache-LB: HIT, HIT
X-Age-LB: 647758, 1121284
X-77-POP: stockholmSE
Content-Encoding: gzip
img-egc.xvideos.com/videos/thumbsll/3f/a9/69/3fa969e440f315242e29f0770c0b9face3c8885d/3fa969e440f315242e29f0770c0b9face3c8885d.15.jpg
195.181.166.12404 Not Found 173 B URL HTTP/1.1 img-egc.xvideos.com/videos/thumbsll/3f/a9/69/3fa969e440f315242e29f0770c0b9face3c8885d/3fa969e440f315242e29f0770c0b9face3c8885d.15.jpg
IP 195.181.166.12:0
ASN #60068 Datacamp Limited
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash 6b185e9eafe6f2c1c66e11ed5c647e1b
dee4e0c0c7227ecc6e9d06e1d184ba65b6cc5d32
1559afddc0cccaa2575ada7e6f9605336cfa020e9d24653d5bb785388698c1fa
GET /videos/thumbsll/3f/a9/69/3fa969e440f315242e29f0770c0b9face3c8885d/3fa969e440f315242e29f0770c0b9face3c8885d.15.jpg HTTP/1.1
Host: img-egc.xvideos.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://en.xvideos-dl.top/
HTTP/1.1 404 Not Found
Date: Sun, 27 Nov 2022 20:54:12 GMT
Content-Type: text/html; charset=iso-8859-1
Transfer-Encoding: chunked
Connection: keep-alive
X-Frame-Options: sameorigin
Cache-Control: max-age=10368000, public
Access-Control-Allow-Origin: *
X-Accel-Expires: @1677394016
X-77-NZT: A8O1pgrVMbT/BBwRAIrHJcFQz2L/T+IJAI/0OtgX9cH/wQMMAA
X-77-Cache: HIT
Server: CDN77-Turbo
X-77-NZT-Ray: mvC89uWxZJg
X-Cache-LB: HIT, HIT
X-Age-LB: 647759, 1121284
X-77-POP: stockholmSE
Content-Encoding: gzip
rz.nakadashi.pw/v/s://twitter.com/i/web/status/1007685284987916288/title/myhash/3
172.64.128.21200 OK 622 B URL HTTP/2 rz.nakadashi.pw/v/s://twitter.com/i/web/status/1007685284987916288/title/myhash/3
IP 172.64.128.21:0
File type ASCII text, with very long lines (304), with no line terminators
Hash 9091e89f39cf2d4f53f293f3814770e0
238fb8a027d2cb8ad4d04334029fa9d76cb38672
6c9a8eda7251f6338441d64824778570ce4a35bec4f7d0c6b70d5b20ffdeffe5
Analyzer Verdict Alert fortinet Phishing
GET /v/s://twitter.com/i/web/status/1007685284987916288/title/myhash/3 HTTP/1.1
Host: rz.nakadashi.pw
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://en.xvideos-dl.top
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 27 Nov 2022 20:54:11 GMT
content-type: text/html; charset=UTF-8
vary: Host,Accept-Encoding
pdo-line8: host-rz.nakadashi.pw127.0.0.1-myhost-127.0.0.1/v/s://twitter.com/i/web/status/1007685284987916288/title/myhash/3
phost: rz.nakadashi.pw
line1066: notjp-nakadashi-myhost--filteron-
pdo106: feedvid-, cachefileb-cacpdo9/63/71/166248, lfm-1-1414, lmd-1414, lud-1800720, xfvlen-2140201, fsize-822890, played-2042
access-control-allow-headers: X-Requested-With
cache-control: public, max-age=3600000
access-control-allow-origin: *
x-proxy-cache-5950: MISS
xkey-5950: rz./v/s://twitter.com/i/web/status/1007685284987916288/title/myhash/3-A-rz.nakadashi.pw--cacpdo0---yes
x-proxy-cache-la2: HIT
xkey-la2: rz./v/s://twitter.com/i/web/status/1007685284987916288/title/myhash/3-A-rz.nakadashi.pw--my_zone
cf-cache-status: HIT
age: 369741
last-modified: Wed, 23 Nov 2022 14:11:50 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=45C2blANTcILg63gNEn6KvOLwvDl3skCme9oJKZ2ozMRKC3a%2FNKHcr6BalvS7OsaR9sgeAmPTNAYlEzf0VYAs9j7R7ZLGy53Ef7v4iCzUyBB7vYy4KwlujZGRzNYvdrQY18%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 770dc1f4b8fd778c-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
img-egc.xvideos.com/videos/thumbsll/3f/a9/69/3fa969e440f315242e29f0770c0b9face3c8885d/3fa969e440f315242e29f0770c0b9face3c8885d.20.jpg
195.181.166.12404 Not Found 173 B URL HTTP/1.1 img-egc.xvideos.com/videos/thumbsll/3f/a9/69/3fa969e440f315242e29f0770c0b9face3c8885d/3fa969e440f315242e29f0770c0b9face3c8885d.20.jpg
IP 195.181.166.12:0
ASN #60068 Datacamp Limited
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash 6b185e9eafe6f2c1c66e11ed5c647e1b
dee4e0c0c7227ecc6e9d06e1d184ba65b6cc5d32
1559afddc0cccaa2575ada7e6f9605336cfa020e9d24653d5bb785388698c1fa
GET /videos/thumbsll/3f/a9/69/3fa969e440f315242e29f0770c0b9face3c8885d/3fa969e440f315242e29f0770c0b9face3c8885d.20.jpg HTTP/1.1
Host: img-egc.xvideos.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://en.xvideos-dl.top/
HTTP/1.1 404 Not Found
Date: Sun, 27 Nov 2022 20:54:12 GMT
Content-Type: text/html; charset=iso-8859-1
Transfer-Encoding: chunked
Connection: keep-alive
X-Frame-Options: sameorigin
Cache-Control: max-age=10368000, public
Access-Control-Allow-Origin: *
X-Accel-Expires: @1677394016
X-77-NZT: A8O1pgozgvn/BBwRAJySIS4J8uf/T+IJAI/0OshvWf//wQMMAA
X-77-Cache: HIT
Server: CDN77-Turbo
X-77-NZT-Ray: 8AMLpQVm6dU
X-Cache-LB: HIT, HIT
X-Age-LB: 647759, 1121284
X-77-POP: stockholmSE
Content-Encoding: gzip
rz.nakadashi.pw/v/s://www.fairynudes.com/ja/sex-videos/little-boy-eatin-his-young-sister-pussy//title/myhash/3
172.64.128.21200 OK 11 kB URL HTTP/2 rz.nakadashi.pw/v/s://www.fairynudes.com/ja/sex-videos/little-boy-eatin-his-young-sister-pussy//title/myhash/3
IP 172.64.128.21:0
File type ASCII text, with no line terminators
Hash 8ac56f4eac2d3a37d0fd1f3f00cdd104
8a86666ce760369639880f6b835b70c39d5623d9
ef988fe1bd7ef11a1f36b619a1290d6905f041ece7e2f6777b98b94591816543
Analyzer Verdict Alert fortinet Phishing
GET /v/s://www.fairynudes.com/ja/sex-videos/little-boy-eatin-his-young-sister-pussy//title/myhash/3 HTTP/1.1
Host: rz.nakadashi.pw
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://en.xvideos-dl.top
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sun, 27 Nov 2022 20:54:11 GMT
content-type: text/html; charset=UTF-8
vary: Host,Accept-Encoding
pdo-line8: host-rz.nakadashi.pw127.0.0.1-myhost-127.0.0.1/v/s://www.fairynudes.com/ja/sex-videos/little-boy-eatin-his-young-sister-pussy//title/myhash/3
phost: rz.nakadashi.pw
line1066: notjp-nakadashi-myhost--filteron-
pdo106: feedvid-, cachefileb-cacpdo6/7d/96/c46777, lfm-1-125, lmd-125, lud-1283998, xfvlen-1146965, fsize-396513, played-29
access-control-allow-headers: X-Requested-With
cache-control: public, max-age=3600000
access-control-allow-origin: *
x-proxy-cache-5950: MISS
xkey-5950: rz./v/s://www.fairynudes.com/ja/sex-videos/little-boy-eatin-his-young-sister-pussy//title/myhash/3-A-rz.nakadashi.pw--cacpdo0---yes
x-proxy-cache-la2: HIT
xkey-la2: rz./v/s://www.fairynudes.com/ja/sex-videos/little-boy-eatin-his-young-sister-pussy//title/myhash/3-A-rz.nakadashi.pw--my_zone
cf-cache-status: HIT
age: 1213713
last-modified: Sun, 13 Nov 2022 19:45:38 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=eLkac5BWJ%2BSAn7Erc%2FHM13dygFYhlpXyaK3MSmbd%2BRJ63ZeDm0yFtZ%2BQrOX7b2lZyq2vflj1ZxLsHR28umvrlvyN%2Bd9%2BhTV2nYs%2BIvH7T9lE9fnKeGmCZw6Js9sAiZMcXb4%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 770dc1f4b900778c-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
rz.nakadashi.pw/v/s://twitter.com/gril_real/status/1348757344776282116?lang=bg/title/myhash/3
172.64.128.21200 OK 325 B URL HTTP/2 rz.nakadashi.pw/v/s://twitter.com/gril_real/status/1348757344776282116?lang=bg/title/myhash/3
IP 172.64.128.21:0
File type ASCII text, with very long lines (305), with no line terminators
Hash 0e820a253f85435631f949e7b2331fb4
4a02f8b539527f904524c509feb9d55ea8d96151
a15cb818f8d6b215fa072e0edf81a0ee5e484323a9cf5a6c619334fef301b8c7
Analyzer Verdict Alert fortinet Phishing
GET /v/s://twitter.com/gril_real/status/1348757344776282116?lang=bg/title/myhash/3 HTTP/1.1
Host: rz.nakadashi.pw
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://en.xvideos-dl.top
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sun, 27 Nov 2022 20:54:11 GMT
content-type: text/html; charset=UTF-8
vary: Host,Accept-Encoding
pdo-line8: host-rz.nakadashi.pw127.0.0.1-myhost-127.0.0.1/v/s://twitter.com/gril_real/status/1348757344776282116?lang=bg/title/myhash/3
phost: rz.nakadashi.pw
line1066: notjp-nakadashi-myhost--filteron-
pdo106: feedvid-, cachefileb-cacpdo1/3a/91/738c60, lfm-1-75, lmd-75, lud-400185, xfvlen-1568448, fsize-620703, played-263
access-control-allow-headers: X-Requested-With
cache-control: public, max-age=3600000
access-control-allow-origin: *
x-proxy-cache-5950: MISS
xkey-5950: rz./v/s://twitter.com/gril_real/status/1348757344776282116?lang=bg/title/myhash/3-A-rz.nakadashi.pw--cacpdo0---yes
x-proxy-cache-la2: HIT
xkey-la2: rz./v/s://twitter.com/gril_real/status/1348757344776282116?lang=bg/title/myhash/3-A-rz.nakadashi.pw--my_zone
cf-cache-status: HIT
age: 415071
last-modified: Wed, 23 Nov 2022 01:36:20 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=46TAY5J31pidFxNyY7rGfEnz0wH82loBej8nbQCo08d7v8BqwIAoMDxGvcZCzbd3PfvbLT6umAHTs3cp8F23trRRQULEFlloMp0L9PlnF6ajPKyl02T%2BxTnzGPHg4PgqKTo%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 770dc1f4d934778c-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ocsps.ssl.com/
52.6.97.148200 OK 1.8 kB IP 52.6.97.148:0
Hash c993a0b1aeac9d13e5c29124cdb3056f
c3fb2e66b0807bbab2b5a3c8678d5f47c5cce3aa
0803b38ae1dc0e01923f7fa2cfca3bb6a779907e1f249b6dbe3c54d5f789247b
POST / HTTP/1.1
Host: ocsps.ssl.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Sun, 27 Nov 2022 20:54:12 GMT
Content-Type: application/ocsp-response
Content-Length: 1810
Connection: keep-alive
Expires: Sun, 04 Dec 2022 20:53:12 GMT
Cache-Control: max-age=86400,public,no-transform,must-revalidate
ETag: "c3fb2e66b0807bbab2b5a3c8678d5f47c5cce3aa"
Last-Modified: Sun, 27 Nov 2022 20:53:13 GMT
X-Proxy-Cache: HIT
page.myfile-host.info/myda.php
150.95.129.59200 OK 0 B URL HTTP/1.1 page.myfile-host.info/myda.php
IP 150.95.129.59:0
ASN #7506 GMO Internet,Inc
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /myda.php HTTP/1.1
Host: page.myfile-host.info
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
HTTP/1.1 200 OK
Date: Sun, 27 Nov 2022 20:54:07 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.1e-fips mod_fcgid/2.3.9 PHP/7.4.20
X-Powered-By: PHP/7.4.20
Access-Control-Allow-Origin: *
Content-Length: 0
Connection: close
Content-Type: text/html; charset=utf-8
static.heavy-r.com/scr/70/5f/8f/705f8f641b81d43_1.jpg
37.48.81.1200 OK 11 kB URL HTTP/1.1 static.heavy-r.com/scr/70/5f/8f/705f8f641b81d43_1.jpg
IP 37.48.81.1:0
ASN #60781 LeaseWeb Netherlands B.V.
File type JPEG image data, JFIF standard 1.02, aspect ratio, density 4x3, segment length 16, comment: "Lavc56.1.100", baseline, precision 8, 400x300, components 3\012- data
Hash 80376757fc5827d8d4b9de1d936ca600
f2f1b342ee9073e719d50ad3b5881095cce37765
76e106f0aa6bb4d1b91660a4002c5707f3cdf82fcf174c1046e7012a77ff706d
GET /scr/70/5f/8f/705f8f641b81d43_1.jpg HTTP/1.1
Host: static.heavy-r.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://en.xvideos-dl.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Expires: Mon, 27 Nov 2023 20:54:12 GMT
Cache-Control: max-age=31536000
Content-Type: image/jpeg
Accept-Ranges: bytes
ETag: "2827512001"
Last-Modified: Fri, 14 Apr 2017 10:42:01 GMT
Content-Length: 10636
Date: Sun, 27 Nov 2022 20:54:12 GMT
Server: lighttpd/1.4.28
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 87ba15080000bdb5443986bcef01da4c
d9f7316e0860794a336f9321dbe1fa685d6d2fc7
c8db87e589044bb801dc6967e9142e02de8a2be3a4aca6d2ebf818482d6d5440
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C8DB87E589044BB801DC6967E9142E02DE8A2BE3A4ACA6D2EBF818482D6D5440"
Last-Modified: Sat, 26 Nov 2022 15:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2345
Expires: Sun, 27 Nov 2022 21:33:17 GMT
Date: Sun, 27 Nov 2022 20:54:12 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash cadbf233f12e981d9da7c182770450f7
426348a8785a97c7c8fc394afced90886ca7cfa0
756b894f2885a33f84f39ed0de8b34b5a44c4297ffc333fe6c0c73bcd57b8eae
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "756B894F2885A33F84F39ED0DE8B34B5A44C4297FFC333FE6C0C73BCD57B8EAE"
Last-Modified: Sat, 26 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3874
Expires: Sun, 27 Nov 2022 21:58:46 GMT
Date: Sun, 27 Nov 2022 20:54:12 GMT
Connection: keep-alive
js.wpadmngr.com/npc/sdk/wp-banners.js
45.133.44.24200 OK 0 B URL HTTP/2 js.wpadmngr.com/npc/sdk/wp-banners.js
IP 45.133.44.24:0
ASN #39572 DataWeb Global Group B.V.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /npc/sdk/wp-banners.js HTTP/1.1
Host: js.wpadmngr.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://en.xvideos-dl.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 27 Nov 2022 20:54:12 GMT
content-type: application/javascript; charset=utf-8
content-length: 0
server: nginx/1.18.0
last-modified: Fri, 20 Aug 2021 15:14:31 GMT
etag: "611fc6d7-0"
expires: Sun, 27 Nov 2022 20:59:12 GMT
cache-control: max-age=300
x-proxy-cache: HIT
access-control-allow-origin: *
accept-ranges: bytes
X-Firefox-Spdy: h2
rz.nakadashi.pw/v/s://thepervs.com/spa-and-massage-happy-ending-in-korea-%EC%82%AC%EC%82%AC%ED%82%A4%EC%95%84%EC%9A%98girl//title/myhash/3
172.64.128.21200 OK 4.5 kB URL HTTP/2 rz.nakadashi.pw/v/s://thepervs.com/spa-and-massage-happy-ending-in-korea-%EC%82%AC%EC%82%AC%ED%82%A4%EC%95%84%EC%9A%98girl//title/myhash/3
IP 172.64.128.21:0
File type ASCII text, with no line terminators
Hash 57f39f8e029af8c871005b66a3f99107
ca11feb0b5075e765c6ef4a971d06142b6cfd50c
b4a79aaa87a274b36642c4ad77f88b9428b2a0eae461e6a2f49857dbfd1dd2ff
Analyzer Verdict Alert fortinet Phishing
GET /v/s://thepervs.com/spa-and-massage-happy-ending-in-korea-%EC%82%AC%EC%82%AC%ED%82%A4%EC%95%84%EC%9A%98girl//title/myhash/3 HTTP/1.1
Host: rz.nakadashi.pw
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://en.xvideos-dl.top
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sun, 27 Nov 2022 20:54:12 GMT
content-type: text/html; charset=UTF-8
vary: Host,Accept-Encoding
pdo-line8: host-rz.nakadashi.pw127.0.0.1-myhost-127.0.0.1/v/s://thepervs.com/spa-and-massage-happy-ending-in-korea-%EC%82%AC%EC%82%AC%ED%82%A4%EC%95%84%EC%9A%98girl//title/myhash/3
phost: rz.nakadashi.pw
line1066: notjp-nakadashi-myhost--filteron-
pdo106: feedvid-, cachefileb-cacpdo2/a7/ad/726a75, lfm-1-5111, lmd-5111, lud-2317585, xfvlen-1568200, fsize-659261, played-2493
access-control-allow-headers: X-Requested-With
cache-control: public, max-age=3600000
access-control-allow-origin: *
x-proxy-cache-5950: MISS
xkey-5950: rz./v/s://thepervs.com/spa-and-massage-happy-ending-in-korea-%EC%82%AC%EC%82%AC%ED%82%A4%EC%95%84%EC%9A%98girl//title/myhash/3-A-rz.nakadashi.pw--cacpdo0---yes
x-proxy-cache-la2: HIT
xkey-la2: rz./v/s://thepervs.com/spa-and-massage-happy-ending-in-korea-%EC%82%AC%EC%82%AC%ED%82%A4%EC%95%84%EC%9A%98girl//title/myhash/3-A-rz.nakadashi.pw--my_zone
cf-cache-status: MISS
last-modified: Sun, 27 Nov 2022 20:54:12 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=vMCQav6RmVlkps1u%2FyD39LmdDOWn%2FUj0dKuE5mawXylmzkNVktwpJ8P2qJsLGCibs%2FoQTJnZH91bbMXVSCnHtkBrZcikYeW4mJQrtW32c1pRSeHE%2B5Pe9aokSlP4Bc%2FqWXE%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 770dc1f4d93a778c-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
rz.nakadashi.pw/v/://rapefilms.net/insest/2884.html/title/myhash/3
172.64.128.21200 OK 13 kB URL HTTP/2 rz.nakadashi.pw/v/://rapefilms.net/insest/2884.html/title/myhash/3
IP 172.64.128.21:0
File type ASCII text, with no line terminators
Hash f39cb7831ed36585a2867931ed0d5e9f
6c46c16665db01287eda7c1dc80adc7b968a3a96
55f4fef620a59f13f754f52a381881c372a8d12c512283972206e579254388d1
Analyzer Verdict Alert fortinet Phishing
GET /v/://rapefilms.net/insest/2884.html/title/myhash/3 HTTP/1.1
Host: rz.nakadashi.pw
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://en.xvideos-dl.top
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sun, 27 Nov 2022 20:54:12 GMT
content-type: text/html; charset=UTF-8
vary: Host,Accept-Encoding
pdo-line8: host-rz.nakadashi.pw127.0.0.1-myhost-127.0.0.1/v/://rapefilms.net/insest/2884.html/title/myhash/3
phost: rz.nakadashi.pw
line1066: notjp-nakadashi-myhost--filteron-
pdo106: feedvid-, cachefileb-cacpdo3/cd/6f/440733, lfm-1-4297, lmd-4297, lud-639577, xfvlen-1526630, fsize-722915, played-3137
access-control-allow-headers: X-Requested-With
cache-control: public, max-age=3600000
access-control-allow-origin: *
x-proxy-cache-5950: HIT
xkey-5950: rz./v/://rapefilms.net/insest/2884.html/title/myhash/3-A-rz.nakadashi.pw--cacpdo0---yes
x-proxy-cache-la2: HIT
xkey-la2: rz./v/://rapefilms.net/insest/2884.html/title/myhash/3-A-rz.nakadashi.pw--my_zone
cf-cache-status: MISS
last-modified: Sun, 27 Nov 2022 20:54:12 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=4NwL0FDyr1O%2F%2F5SpQeYPl5iRL6yNaMyMPbU%2FuWSY8bIjF2nv8suIIOrpn42oNs8mkYLcVFelaN3T4Dy6rvUYY%2FgpSIri13spTkd7nk9wQc2Qo0ihPzMbMHRKRltzdiYu%2FV8%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 770dc1f4c902778c-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
rz.nakadashi.pw/v/s://twitter.com/daliule2/status/1505942096427028483/title/myhash/3
172.64.128.21200 OK 153 B URL HTTP/2 rz.nakadashi.pw/v/s://twitter.com/daliule2/status/1505942096427028483/title/myhash/3
IP 172.64.128.21:0
File type ASCII text, with very long lines (304), with no line terminators
Hash cd33b205118077bd40faec2326218113
42d5930ece99b2493949bcccb62509997cbee61b
f47ebf7c38b56abd16cfcc6f3397c26d812f8af4df7390b650671c8cea213a4a
Analyzer Verdict Alert fortinet Phishing
GET /v/s://twitter.com/daliule2/status/1505942096427028483/title/myhash/3 HTTP/1.1
Host: rz.nakadashi.pw
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://en.xvideos-dl.top
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 27 Nov 2022 20:54:11 GMT
content-type: text/html; charset=UTF-8
vary: Host,Accept-Encoding
pdo-line8: host-rz.nakadashi.pw127.0.0.1-myhost-127.0.0.1/v/s://twitter.com/daliule2/status/1505942096427028483/title/myhash/3
phost: rz.nakadashi.pw
line1066: notjp-nakadashi-myhost--filteron-
pdo106: feedvid-, cachefileb-cacpdo4/1d/08/bf4151, lfm-1-6, lmd-6, lud-1564481, xfvlen-1345038, fsize-441882, played-
access-control-allow-headers: X-Requested-With
cache-control: public, max-age=3600000
access-control-allow-origin: *
x-proxy-cache-5950: HIT
xkey-5950: rz./v/s://twitter.com/daliule2/status/1505942096427028483/title/myhash/3-A-rz.nakadashi.pw--cacpdo0---yes
x-proxy-cache-la2: HIT
xkey-la2: rz./v/s://twitter.com/daliule2/status/1505942096427028483/title/myhash/3-A-rz.nakadashi.pw--my_zone
cf-cache-status: HIT
age: 3134323
last-modified: Sat, 22 Oct 2022 14:15:28 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=pUkLt%2BNl1U9IAtpbiw70bK4GsoNRKWW5C86ninoVyrBvbezOsxL7ZD%2BiZQrYWTxwoZSA%2FWs%2F6825gHh%2BqmaiJyB6qNNFyv1655bQ8s3BEHz644enDmhkoPJC3qh8rPHNF6o%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 770dc1f4e951778c-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
rz.nakadashi.pw/v/s://www.heavy-r.com/video/264783/Sucking_Very_Small_Penis//title/myhash/3
172.64.128.21200 OK 28 kB URL HTTP/2 rz.nakadashi.pw/v/s://www.heavy-r.com/video/264783/Sucking_Very_Small_Penis//title/myhash/3
IP 172.64.128.21:0
File type ASCII text, with no line terminators
Hash ba241b99b30b7ec4ab602d44b1de14c2
9689d3a6a148b3bb6a80464d6f84578fe1b768cf
2c6f92596eef171a50b882ecce1c28734b7f097cff33e97ca4fa767f8474e0a4
Analyzer Verdict Alert fortinet Phishing
GET /v/s://www.heavy-r.com/video/264783/Sucking_Very_Small_Penis//title/myhash/3 HTTP/1.1
Host: rz.nakadashi.pw
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://en.xvideos-dl.top
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 27 Nov 2022 20:54:11 GMT
content-type: text/html; charset=UTF-8
vary: Host,Accept-Encoding
pdo-line8: host-rz.nakadashi.pw127.0.0.1-myhost-127.0.0.1/v/s://www.heavy-r.com/video/264783/Sucking_Very_Small_Penis//title/myhash/3
phost: rz.nakadashi.pw
line1066: notjp-nakadashi-myhost--filteron-
pdo106: feedvid-, cachefileb-cacpdo6/80/a3/e61958, lfm-1-42, lmd-42, lud-5020, xfvlen-1358885, fsize-862352, played-421
access-control-allow-headers: X-Requested-With
cache-control: public, max-age=3600000
access-control-allow-origin: *
x-proxy-cache-5950: MISS
xkey-5950: rz./v/s://www.heavy-r.com/video/264783/Sucking_Very_Small_Penis//title/myhash/3-A-rz.nakadashi.pw--cacpdo0---yes
x-proxy-cache-la2: HIT
xkey-la2: rz./v/s://www.heavy-r.com/video/264783/Sucking_Very_Small_Penis//title/myhash/3-A-rz.nakadashi.pw--my_zone
cf-cache-status: HIT
age: 414223
last-modified: Wed, 23 Nov 2022 01:50:28 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=zmjNb%2BmGPF%2Fi0vUVTmb5Yedj0HWwJLnt42ZZn4rv9IRLXvrwgFQ1xkDNXOx1Grtj7jLhy16N5mVzqIUvTBkszxzyA%2B6D%2BzyEYZkB1Zz22m7o%2B%2FB%2FXCl1vAohdgGbWJl%2BbHU%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 770dc1f4e94f778c-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
rz.nakadashi.pw/v/s://es.extremesexchannels.tv/maxlistvid/violando-a-mi-hermanita-virgen-y-la-hace-sangrar-casero/title/myhash/3
172.64.128.21200 OK 596 B URL HTTP/2 rz.nakadashi.pw/v/s://es.extremesexchannels.tv/maxlistvid/violando-a-mi-hermanita-virgen-y-la-hace-sangrar-casero/title/myhash/3
IP 172.64.128.21:0
File type ASCII text, with no line terminators
Hash 7b361198d68d68266699fdfcabba8a19
672d2a404c077e8db77ff179a645f61d67c0a350
7eb21ee5576b50a065e9ee3302498d9178c7a0fc9497ce307bdcb924a177368f
Analyzer Verdict Alert fortinet Phishing
GET /v/s://es.extremesexchannels.tv/maxlistvid/violando-a-mi-hermanita-virgen-y-la-hace-sangrar-casero/title/myhash/3 HTTP/1.1
Host: rz.nakadashi.pw
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://en.xvideos-dl.top
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sun, 27 Nov 2022 20:54:11 GMT
content-type: text/html; charset=UTF-8
vary: Host,Accept-Encoding
pdo-line8: host-rz.nakadashi.pw127.0.0.1-myhost-127.0.0.1/v/s://es.extremesexchannels.tv/maxlistvid/violando-a-mi-hermanita-virgen-y-la-hace-sangrar-casero/title/myhash/3
phost: rz.nakadashi.pw
line1066: notjp-nakadashi-myhost--filteron-
pdo106: feedvid-, cachefileb-cacpdo6/7b/fe/e44895, lfm-1-209, lmd-209, lud-2128507, xfvlen-815727, fsize-376482, played-611
access-control-allow-headers: X-Requested-With
cache-control: public, max-age=3600000
access-control-allow-origin: *
x-proxy-cache-5950: MISS
xkey-5950: rz./v/s://es.extremesexchannels.tv/maxlistvid/violando-a-mi-hermanita-virgen-y-la-hace-sangrar-casero/title/myhash/3-A-rz.nakadashi.pw--cacpdo0---yes
x-proxy-cache-la2: HIT
xkey-la2: rz./v/s://es.extremesexchannels.tv/maxlistvid/violando-a-mi-hermanita-virgen-y-la-hace-sangrar-casero/title/myhash/3-A-rz.nakadashi.pw--my_zone
cf-cache-status: HIT
age: 3072778
last-modified: Sun, 23 Oct 2022 07:21:13 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=fvQRlaXlHihCNiY0vQMfzRgP8lLrzCHXdUu4IhsN5RcT9x1alKUNzBZipHqS5abqaexV4f4OB1fR76L4H1nS7eHmnnpzz5Taf1gZqNbBl1WGk%2FSC4IvlPldf%2BbHSAzWJB7Q%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 770dc1f4c903778c-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
rtgallery.net/tb/swit-sister.jpg
5.63.144.85200 OK 17 kB URL HTTP/1.1 rtgallery.net/tb/swit-sister.jpg
IP 5.63.144.85:0
File type JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 320x240, components 3\012- data
Hash c93cec1ab85c88c8c75dbfe93a22bbe2
bc22751ac9b510c7a05ec56195c18aed4f27ef75
724ae2d10b84b71b7071cf1c84ea74f5debe69b7184a3477e0e2f6be1efe8585
GET /tb/swit-sister.jpg HTTP/1.1
Host: rtgallery.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://en.xvideos-dl.top/
HTTP/1.1 200 OK
Server: nginx/1.16.1
Date: Sun, 27 Nov 2022 20:16:45 GMT
Content-Type: image/jpeg
Content-Length: 16866
Last-Modified: Fri, 02 Jun 2017 16:13:23 GMT
Connection: keep-alive
ETag: "59318ea3-41e2"
Accept-Ranges: bytes
rz.nakadashi.pw/v/s://twitter.com/PattyAnnSpenser/status/1007223708463886336/title/myhash/3
172.64.128.21200 OK 32 kB URL HTTP/2 rz.nakadashi.pw/v/s://twitter.com/PattyAnnSpenser/status/1007223708463886336/title/myhash/3
IP 172.64.128.21:0
File type ASCII text, with very long lines (304), with no line terminators
Hash 7392f5a572658b6b6b9aa549a7881055
ef76fb58c1b6f4a3bed60db5ea0dc1a8ab7b0c5a
731c4706a98833a995054f2e5db7bc330f63ef2aa1b018a0514202b960f287f1
Analyzer Verdict Alert fortinet Phishing
GET /v/s://twitter.com/PattyAnnSpenser/status/1007223708463886336/title/myhash/3 HTTP/1.1
Host: rz.nakadashi.pw
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://en.xvideos-dl.top
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 27 Nov 2022 20:54:12 GMT
content-type: text/html; charset=UTF-8
vary: Host,Accept-Encoding
pdo-line8: host-rz.nakadashi.pw127.0.0.1-myhost-127.0.0.1/v/s://twitter.com/PattyAnnSpenser/status/1007223708463886336/title/myhash/3
phost: rz.nakadashi.pw
line1066: notjp-nakadashi-myhost--filteron-
pdo106: feedvid-, cachefileb-cacpdo3/e6/9d/5cef58, lfm-1-523, lmd-523, lud-2272474, xfvlen-1249457, fsize-361527, played-1234
access-control-allow-headers: X-Requested-With
cache-control: public, max-age=3600000
access-control-allow-origin: *
x-proxy-cache-5950: HIT
xkey-5950: rz./v/s://twitter.com/PattyAnnSpenser/status/1007223708463886336/title/myhash/3-A-rz.nakadashi.pw--cacpdo0---yes
x-proxy-cache-la2: HIT
xkey-la2: rz./v/s://twitter.com/PattyAnnSpenser/status/1007223708463886336/title/myhash/3-A-rz.nakadashi.pw--my_zone
cf-cache-status: HIT
age: 3165598
last-modified: Sat, 22 Oct 2022 05:34:13 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=dvfMmOtDf5u93RyjFCLAZa5WRRtJ08dB9VZ%2Bq%2BovAWhTHwoi9Gk9r6GysatHOVWPepfpVgJD%2B%2FDgeHZ%2BXyWCSxMU17pRYhlbCcDXiXFvbPcwJYNCyoHjVgOB3l2LTMrmcHc%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 770dc1f4e96a778c-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
rz.nakadashi.pw/v/s://www.heavy-r.com/video/139589/Barely_Legal_Teen_Couple_Fucking//title/myhash/3
172.64.128.21200 OK 2.4 kB URL HTTP/2 rz.nakadashi.pw/v/s://www.heavy-r.com/video/139589/Barely_Legal_Teen_Couple_Fucking//title/myhash/3
IP 172.64.128.21:0
File type ASCII text, with no line terminators
Hash 85312674bdb93f18ad63fbe5b560e593
b7dc440b259b0c680682068a96b1995ced60a211
500c3d59a8a0ea9fa8340ffe3b61cd1771b8ad05d88c84a424865610ad652085
Analyzer Verdict Alert fortinet Phishing
GET /v/s://www.heavy-r.com/video/139589/Barely_Legal_Teen_Couple_Fucking//title/myhash/3 HTTP/1.1
Host: rz.nakadashi.pw
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://en.xvideos-dl.top
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sun, 27 Nov 2022 20:54:12 GMT
content-type: text/html; charset=UTF-8
vary: Host,Accept-Encoding
pdo-line8: host-rz.nakadashi.pw127.0.0.1-myhost-127.0.0.1/v/s://www.heavy-r.com/video/139589/Barely_Legal_Teen_Couple_Fucking//title/myhash/3
phost: rz.nakadashi.pw
line1066: notjp-nakadashi-myhost--filteron-
pdo106: feedvid-, cachefileb-cacpdo6/9c/e4/7cd166, lfm-1-3556, lmd-3556, lud-15287, xfvlen-1490140, fsize-492469, played-397
access-control-allow-headers: X-Requested-With
cache-control: public, max-age=3600000
access-control-allow-origin: *
x-proxy-cache-5950: MISS
xkey-5950: rz./v/s://www.heavy-r.com/video/139589/Barely_Legal_Teen_Couple_Fucking//title/myhash/3-A-rz.nakadashi.pw--cacpdo0---yes
x-proxy-cache-la2: HIT
xkey-la2: rz./v/s://www.heavy-r.com/video/139589/Barely_Legal_Teen_Couple_Fucking//title/myhash/3-A-rz.nakadashi.pw--my_zone
cf-cache-status: MISS
last-modified: Sun, 27 Nov 2022 20:54:12 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=oVktk1OOQzKLPWryWufwVIs1NvawTLE4TVNZfYNfofVjBwBC84LfrBzpQ5YPghZ64Q4BFhI8Etv45Zu0y%2BMR7yk4W%2BKyh2lBo8Pi%2FCYp86yIDdu7lDDIJUCFq18OlGcAigM%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 770dc1f4d932778c-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 02b7915fb64e429abef1debfda86820c
60f5fc84ce296753aab64b3bd2107bca395c8cf0
4b7810344ca139e7094a9498a2e470f3e703379a4d0037f47c41e357f83c6304
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "4B7810344CA139E7094A9498A2E470F3E703379A4D0037F47C41E357F83C6304"
Last-Modified: Sat, 26 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10670
Expires: Sun, 27 Nov 2022 23:52:03 GMT
Date: Sun, 27 Nov 2022 20:54:13 GMT
Connection: keep-alive
rz.nakadashi.pw/v/s://m.sextvx.com/ja/video/654242/chinese-massage-parlor-hidden-camera-8/title/myhash/3
172.64.128.21200 OK 97 B URL HTTP/2 rz.nakadashi.pw/v/s://m.sextvx.com/ja/video/654242/chinese-massage-parlor-hidden-camera-8/title/myhash/3
IP 172.64.128.21:0
File type ASCII text, with no line terminators
Hash 438e331c14bbefe11af870ff1e458d59
4968b1d3b1c441f342939be585f074fd6fd7b35b
981db14d4a8d5cbcbef4f674b96408af21c1bd4e30a1e2a044be4bd03cd0d792
Analyzer Verdict Alert fortinet Phishing
GET /v/s://m.sextvx.com/ja/video/654242/chinese-massage-parlor-hidden-camera-8/title/myhash/3 HTTP/1.1
Host: rz.nakadashi.pw
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://en.xvideos-dl.top
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sun, 27 Nov 2022 20:54:12 GMT
content-type: text/html; charset=UTF-8
vary: Host,Accept-Encoding
pdo-line8: host-rz.nakadashi.pw127.0.0.1-myhost-127.0.0.1/v/s://m.sextvx.com/ja/video/654242/chinese-massage-parlor-hidden-camera-8/title/myhash/3
phost: rz.nakadashi.pw
line1066: notjp-nakadashi-myhost--filteron-
pdo106: feedvid-, cachefileb-cacpdo9/6b/d5/4c2771, lfm-1-29930, lmd-29930, lud-2400622, xfvlen-1614424, fsize-529341, played-135
access-control-allow-headers: X-Requested-With
cache-control: public, max-age=3600000
access-control-allow-origin: *
x-proxy-cache-5950: MISS
xkey-5950: rz./v/s://m.sextvx.com/ja/video/654242/chinese-massage-parlor-hidden-camera-8/title/myhash/3-A-rz.nakadashi.pw--cacpdo0---yes
x-proxy-cache-la2: HIT
xkey-la2: rz./v/s://m.sextvx.com/ja/video/654242/chinese-massage-parlor-hidden-camera-8/title/myhash/3-A-rz.nakadashi.pw--my_zone
cf-cache-status: MISS
last-modified: Sun, 27 Nov 2022 20:54:12 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=msI4kQJoYqomalGhG3YcaqB8oJ9BT09FkpQbNPmBHzJQY6IbKdSzJ8YM%2FVjUPzWzwGeTkM%2F8OtwYjPwVtmvmD7IBIVQTSAJ9hgUAAV5aMHTlyV5QF2Enx4IHt73wVDjPxyU%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 770dc1f4d92f778c-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
rz.nakadashi.pw/v/s://es.123rf.com/footage_54387437_una-pequena-nina-de-8-ano-de-edad-asiatica-linda-lee-un-cuento-a-su-osito-de-peluche-usando-su-nueva.html/title/myhash/3
172.64.128.21200 OK 15 kB URL HTTP/2 rz.nakadashi.pw/v/s://es.123rf.com/footage_54387437_una-pequena-nina-de-8-ano-de-edad-asiatica-linda-lee-un-cuento-a-su-osito-de-peluche-usando-su-nueva.html/title/myhash/3
IP 172.64.128.21:0
File type ASCII text, with no line terminators
Hash b3348ead489623b710b6d096ad5e9c72
fb74b7285505d1aa6d68f8d6a6259b88a36e2b77
0f39799c33fb72a504e6f1b44558cd254406e55515b2d0d65014431c38216bb5
Analyzer Verdict Alert fortinet Phishing
GET /v/s://es.123rf.com/footage_54387437_una-pequena-nina-de-8-ano-de-edad-asiatica-linda-lee-un-cuento-a-su-osito-de-peluche-usando-su-nueva.html/title/myhash/3 HTTP/1.1
Host: rz.nakadashi.pw
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://en.xvideos-dl.top
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sun, 27 Nov 2022 20:54:11 GMT
content-type: text/html; charset=UTF-8
vary: Host,Accept-Encoding
pdo-line8: host-rz.nakadashi.pw127.0.0.1-myhost-127.0.0.1/v/s://es.123rf.com/footage_54387437_una-pequena-nina-de-8-ano-de-edad-asiatica-linda-lee-un-cuento-a-su-osito-de-peluche-usando-su-nueva.html/title/myhash/3
phost: rz.nakadashi.pw
line1066: notjp-nakadashi-myhost--filteron-
pdo106: feedvid-, cachefileb-cacpdo1/fd/e1/6277139, lfm-1-300, lmd-300, lud-1425231, xfvlen-1346693, fsize-600838, played-112
access-control-allow-headers: X-Requested-With
cache-control: public, max-age=3600000
access-control-allow-origin: *
x-proxy-cache-5950: MISS
xkey-5950: rz./v/s://es.123rf.com/footage_54387437_una-pequena-nina-de-8-ano-de-edad-asiatica-linda-lee-un-cuento-a-su-osito-de-peluche-usando-su-nueva.html/title/myhash/3-A-rz.nakadashi.pw--cacpdo0---yes
x-proxy-cache-la2: HIT
xkey-la2: rz./v/s://es.123rf.com/footage_54387437_una-pequena-nina-de-8-ano-de-edad-asiatica-linda-lee-un-cuento-a-su-osito-de-peluche-usando-su-nueva.html/title/myhash/3-A-rz.nakadashi.pw--my_zone
cf-cache-status: HIT
age: 427377
last-modified: Tue, 22 Nov 2022 22:11:14 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=2EHf7waTarTWIIcemHt07onzuvJTZTED5dTY%2FbUX5kBBnGdbJBE3h3aR6XeIcPBoZZj501Bmd7ubpFl3vxRdlQrM30sU68Kjxc39vMKWG7SrvrKuBgwIpr0eKqOn9BRzl60%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 770dc1f4d938778c-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
str13.sextvx.com/6/5/4/2/4/654242/screenshots_orig/4-chinese-massage.jpg
141.94.248.40200 OK 26 kB URL HTTP/1.1 str13.sextvx.com/6/5/4/2/4/654242/screenshots_orig/4-chinese-massage.jpg
IP 141.94.248.40:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 640x480, components 3\012- data
Hash df6e686900a366a418ed1a9a35a38044
c9d60581882ca580326ce90e2102d881bc1004ff
89ecb50897f18ed1d13cc256b871cd4e157373aef0bfa290ba3a1f238c238973
GET /6/5/4/2/4/654242/screenshots_orig/4-chinese-massage.jpg HTTP/1.1
Host: str13.sextvx.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://en.xvideos-dl.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Sun, 27 Nov 2022 20:54:13 GMT
Content-Type: image/jpeg
Content-Length: 25888
Last-Modified: Fri, 17 Jul 2020 02:18:56 GMT
Connection: keep-alive
ETag: "5f110a90-6520"
Expires: Wed, 28 Dec 2022 20:54:13 GMT
Cache-Control: max-age=2678400
Strict-Transport-Security: max-age=63072000; includeSubdomains
X-Frame-Options: ALLOW-FROM *.sextvx.com
Content-Security-Policy: frame-ancestors *.sextvx.com
X-Content-Type-Options: nosniff
Server-Available: 1
Accept-Ranges: bytes
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 13b26ac133ad25ea6583f12f18384908
ee2c8e36ceb57e3f20e79297622f000d10a2d45f
378a453e603f05376de058e2b083e5bcfbd63a26fb77c817f800ec963c7c4fb2
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "378A453E603F05376DE058E2B083E5BCFBD63A26FB77C817F800EC963C7C4FB2"
Last-Modified: Sat, 26 Nov 2022 15:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2444
Expires: Sun, 27 Nov 2022 21:34:57 GMT
Date: Sun, 27 Nov 2022 20:54:13 GMT
Connection: keep-alive
rz.nakadashi.pw/v/s://twitter.com/asiansmallboy1/status/1238883927911280641%20%20[0:41x720p]/title/myhash/3
172.64.128.21200 OK 19 kB URL HTTP/2 rz.nakadashi.pw/v/s://twitter.com/asiansmallboy1/status/1238883927911280641%20%20[0:41x720p]/title/myhash/3
IP 172.64.128.21:0
File type ASCII text, with very long lines (304), with no line terminators
Hash 5f9e42258b3878d801757e92371c688b
03ccbc12655bc1183d9a3d4b12f3a21f0e785f13
26d1edc6195467e7f7d7ed7ff1dbdac48088a68e30dabb7883dfd5b99e42ff7a
Analyzer Verdict Alert fortinet Phishing
GET /v/s://twitter.com/asiansmallboy1/status/1238883927911280641%20%20[0:41x720p]/title/myhash/3 HTTP/1.1
Host: rz.nakadashi.pw
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://en.xvideos-dl.top
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sun, 27 Nov 2022 20:54:11 GMT
content-type: text/html; charset=UTF-8
vary: Host,Accept-Encoding
pdo-line8: host-rz.nakadashi.pw127.0.0.1-myhost-127.0.0.1/v/s://twitter.com/asiansmallboy1/status/1238883927911280641%20%20[0:41x720p]/title/myhash/3
phost: rz.nakadashi.pw
line1066: notjp-nakadashi-myhost--filteron-
pdo106: feedvid-, cachefileb-cacpdo6/80/45/6ddf70, lfm-1-3779, lmd-3779, lud-2058653, xfvlen-2158644, fsize-921228, played-1389
access-control-allow-headers: X-Requested-With
cache-control: public, max-age=3600000
access-control-allow-origin: *
x-proxy-cache-5950: MISS
xkey-5950: rz./v/s://twitter.com/asiansmallboy1/status/1238883927911280641%20%20[0:41x720p]/title/myhash/3-A-rz.nakadashi.pw--cacpdo0---yes
x-proxy-cache-la2: HIT
xkey-la2: rz./v/s://twitter.com/asiansmallboy1/status/1238883927911280641%20%20[0:41x720p]/title/myhash/3-A-rz.nakadashi.pw--my_zone
cf-cache-status: HIT
age: 84075
last-modified: Sat, 26 Nov 2022 21:32:56 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2BEPrZ8deeBTu7PmqPJujXnRCf34OC%2F3d5eAe%2BpxsQLaiRlFkz41oXiBONRWlx6qrSKjML3yXv66mTpqsgst6ikLTxT49gaR7mi6LBrNAhi1aID6Ku7H65MXEL%2BkK4hzCW%2Fs%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 770dc1f4d941778c-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
dec5c7295d.47daeb1eac.com/in/track?data=eyJ3bCI6MSwic3ViaWQiOjAsInVzZXJfaWQiOiIxMTg5NjA1MDk1NjY3OTA4NjAwMCIsInRpbWV6b25lIjowLCJ2ZXIiOiIzLjE3LjIiLCJ0YWdfaWQiOjIzNzgyLCJzY3JlZW5fcmVzb2x1dGlvbiI6IjEyODB4MTAyNCIsImFkYmxvY2siOjAsInRpbWV6b25lX29sc29uIjoiVVRDIiwidXRtX3NvdXJjZSI6IiIsInV0bV9tZWRpdW0iOiIiLCJ1dG1fY2FtcGFpZ24iOiIiLCJ1dG1fY29udGVudCI6IiIsIm1tIjowLCJpbml0X3N0YXJ0X2xhdGVuY3kiOjAuNDEsImlzX3YyIjoxLCJpc192Ml9lbXB0eSI6bnVsbCwidXNlcl9rZXl3b3JkcyI6IlBhdHJpY2lhJTJDQW5uZSUyQ1NwZW5zZXIlMkNXb3clMkN3b3clMkN3b3clMkNKdXN0JTJDcmVjZWl2ZWQlMkN0aGlzJTJDc25pcHBldCUyQ2Zyb20lMkNmYW1pbHklMkNzZXglMkNjbHViJTJDZnJpZW5kcyUyQ29sZGVyJTJDbW90aGVyJTJDZG9pbmclMkNCT1RIJTJDaGVyJTJDZ3Jvd24lMkNzb25zJTJDd2hpbGUlMkNkYWQlMkNnZXRzJTJDaXQlMkNhbGwlMkNvbiUyQ3ZpZGVvJTJDZm9yJTJDdGhlaXIlMkNuZXh0JTJDc2V4JTJDY2x1YiUyQ3dlZWtlbmQlMkNIZXJlJ3MlMkN0aGUlMkNsaW5rJTJDdG8lMkNNWSUyQ3N0b3JpZXMlMkNhYm91dCUyQ3RoYXQlMkNraW5kJTJDb2YlMkNmdW4lMkNmYW1pbHlzZXhuZXh0JTQwcGF3b29QYXRyaWNpYUFubmVTcGVuc2VyJTdDJTdDJTJDZmFtaWx5c2V4bmV4dCU0MHBhd29vUGF0cmljaWFBbm5lU3BlbnNlciU3QyU3QyU3Q1N1Y2tpbmclMkNWZXJ5JTJDU21hbGwlMkNQZW5pcyUyQ0FGUklDQU4lMkNTRVglMkNSSVRVQUxTJTJDT0REJTJDQUZSSUNBJTJDMS5tcDQlMkNOZXRoZXJsYW5kcyUyQ21vbSUyQ2FuZCUyQ3NvbiUyQ2luJTJDc2F1bmElMjAifQ==
45.133.44.24200 OK 0 B URL HTTP/2 dec5c7295d.47daeb1eac.com/in/track?data=eyJ3bCI6MSwic3ViaWQiOjAsInVzZXJfaWQiOiIxMTg5NjA1MDk1NjY3OTA4NjAwMCIsInRpbWV6b25lIjowLCJ2ZXIiOiIzLjE3LjIiLCJ0YWdfaWQiOjIzNzgyLCJzY3JlZW5fcmVzb2x1dGlvbiI6IjEyODB4MTAyNCIsImFkYmxvY2siOjAsInRpbWV6b25lX29sc29uIjoiVVRDIiwidXRtX3NvdXJjZSI6IiIsInV0bV9tZWRpdW0iOiIiLCJ1dG1fY2FtcGFpZ24iOiIiLCJ1dG1fY29udGVudCI6IiIsIm1tIjowLCJpbml0X3N0YXJ0X2xhdGVuY3kiOjAuNDEsImlzX3YyIjoxLCJpc192Ml9lbXB0eSI6bnVsbCwidXNlcl9rZXl3b3JkcyI6IlBhdHJpY2lhJTJDQW5uZSUyQ1NwZW5zZXIlMkNXb3clMkN3b3clMkN3b3clMkNKdXN0JTJDcmVjZWl2ZWQlMkN0aGlzJTJDc25pcHBldCUyQ2Zyb20lMkNmYW1pbHklMkNzZXglMkNjbHViJTJDZnJpZW5kcyUyQ29sZGVyJTJDbW90aGVyJTJDZG9pbmclMkNCT1RIJTJDaGVyJTJDZ3Jvd24lMkNzb25zJTJDd2hpbGUlMkNkYWQlMkNnZXRzJTJDaXQlMkNhbGwlMkNvbiUyQ3ZpZGVvJTJDZm9yJTJDdGhlaXIlMkNuZXh0JTJDc2V4JTJDY2x1YiUyQ3dlZWtlbmQlMkNIZXJlJ3MlMkN0aGUlMkNsaW5rJTJDdG8lMkNNWSUyQ3N0b3JpZXMlMkNhYm91dCUyQ3RoYXQlMkNraW5kJTJDb2YlMkNmdW4lMkNmYW1pbHlzZXhuZXh0JTQwcGF3b29QYXRyaWNpYUFubmVTcGVuc2VyJTdDJTdDJTJDZmFtaWx5c2V4bmV4dCU0MHBhd29vUGF0cmljaWFBbm5lU3BlbnNlciU3QyU3QyU3Q1N1Y2tpbmclMkNWZXJ5JTJDU21hbGwlMkNQZW5pcyUyQ0FGUklDQU4lMkNTRVglMkNSSVRVQUxTJTJDT0REJTJDQUZSSUNBJTJDMS5tcDQlMkNOZXRoZXJsYW5kcyUyQ21vbSUyQ2FuZCUyQ3NvbiUyQ2luJTJDc2F1bmElMjAifQ==
IP 45.133.44.24:0
ASN #39572 DataWeb Global Group B.V.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /in/track?data=eyJ3bCI6MSwic3ViaWQiOjAsInVzZXJfaWQiOiIxMTg5NjA1MDk1NjY3OTA4NjAwMCIsInRpbWV6b25lIjowLCJ2ZXIiOiIzLjE3LjIiLCJ0YWdfaWQiOjIzNzgyLCJzY3JlZW5fcmVzb2x1dGlvbiI6IjEyODB4MTAyNCIsImFkYmxvY2siOjAsInRpbWV6b25lX29sc29uIjoiVVRDIiwidXRtX3NvdXJjZSI6IiIsInV0bV9tZWRpdW0iOiIiLCJ1dG1fY2FtcGFpZ24iOiIiLCJ1dG1fY29udGVudCI6IiIsIm1tIjowLCJpbml0X3N0YXJ0X2xhdGVuY3kiOjAuNDEsImlzX3YyIjoxLCJpc192Ml9lbXB0eSI6bnVsbCwidXNlcl9rZXl3b3JkcyI6IlBhdHJpY2lhJTJDQW5uZSUyQ1NwZW5zZXIlMkNXb3clMkN3b3clMkN3b3clMkNKdXN0JTJDcmVjZWl2ZWQlMkN0aGlzJTJDc25pcHBldCUyQ2Zyb20lMkNmYW1pbHklMkNzZXglMkNjbHViJTJDZnJpZW5kcyUyQ29sZGVyJTJDbW90aGVyJTJDZG9pbmclMkNCT1RIJTJDaGVyJTJDZ3Jvd24lMkNzb25zJTJDd2hpbGUlMkNkYWQlMkNnZXRzJTJDaXQlMkNhbGwlMkNvbiUyQ3ZpZGVvJTJDZm9yJTJDdGhlaXIlMkNuZXh0JTJDc2V4JTJDY2x1YiUyQ3dlZWtlbmQlMkNIZXJlJ3MlMkN0aGUlMkNsaW5rJTJDdG8lMkNNWSUyQ3N0b3JpZXMlMkNhYm91dCUyQ3RoYXQlMkNraW5kJTJDb2YlMkNmdW4lMkNmYW1pbHlzZXhuZXh0JTQwcGF3b29QYXRyaWNpYUFubmVTcGVuc2VyJTdDJTdDJTJDZmFtaWx5c2V4bmV4dCU0MHBhd29vUGF0cmljaWFBbm5lU3BlbnNlciU3QyU3QyU3Q1N1Y2tpbmclMkNWZXJ5JTJDU21hbGwlMkNQZW5pcyUyQ0FGUklDQU4lMkNTRVglMkNSSVRVQUxTJTJDT0REJTJDQUZSSUNBJTJDMS5tcDQlMkNOZXRoZXJsYW5kcyUyQ21vbSUyQ2FuZCUyQ3NvbiUyQ2luJTJDc2F1bmElMjAifQ== HTTP/1.1
Host: dec5c7295d.47daeb1eac.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://en.xvideos-dl.top
Connection: keep-alive
Referer: http://en.xvideos-dl.top/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 27 Nov 2022 20:54:13 GMT
content-length: 0
server: nginx/1.18.0
vary: Origin
cache-control: no-transform, no-cache, no-store, must-revalidate
pragma: no-cache
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: *
X-Firefox-Spdy: h2
fp.metricswpsh.com/fp?tag_id=23782
157.90.84.242200 OK 28 B URL HTTP/1.1 fp.metricswpsh.com/fp?tag_id=23782
IP 157.90.84.242:0
ASN #24940 Hetzner Online GmbH
File type JSON data\012- , ASCII text
Hash e3af49472d683a217237a6ebaf79bcb7
378db4d7e6171a2676ee15c80b4475d7f5ec9742
7714898d715fb8b1ce7a1de73e0e7c9f6394acc8a08cf1a3b342a7829d4de84a
POST /fp?tag_id=23782 HTTP/1.1
Host: fp.metricswpsh.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json;charset=utf-8
Content-Length: 22292
Origin: http://en.xvideos-dl.top
Connection: keep-alive
Referer: http://en.xvideos-dl.top/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.20.1
Date: Sun, 27 Nov 2022 20:54:13 GMT
Content-Type: application/json; charset=UTF-8
Content-Length: 28
Connection: keep-alive
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: http://en.xvideos-dl.top
Set-Cookie: id=11353651561219103030; Expires=Mon, 27 Nov 2023 20:54:13 GMT; Secure; SameSite=None
Vary: Origin
pbs.twimg.com/ext_tw_video_thumb/1007684964526288901/pu/img/ML74RJ8rlHW01RA6.jpg?name=orig
151.101.84.159200 OK 82 kB URL HTTP/2 pbs.twimg.com/ext_tw_video_thumb/1007684964526288901/pu/img/ML74RJ8rlHW01RA6.jpg?name=orig
IP 151.101.84.159:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 1200x675, components 3\012- data
Hash 5a4adee0331d7fb6fbd2982dc9facb8c
65c38a7b26a773756565439e2dc9ccfe3440a1c5
851528e52c07e8a6ad878812159e9334c87588bfd6c93338cd1a5dd6f31ef30d
GET /ext_tw_video_thumb/1007684964526288901/pu/img/ML74RJ8rlHW01RA6.jpg?name=orig HTTP/1.1
Host: pbs.twimg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://en.xvideos-dl.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
perf: 7626143928
content-type: image/jpeg
cache-control: max-age=604800, must-revalidate
last-modified: Fri, 15 Jun 2018 18:01:12 GMT
x-transaction-id: d2f36b90720fe031
timing-allow-origin: https://twitter.com, https://mobile.twitter.com
strict-transport-security: max-age=631138519
access-control-allow-origin: *
access-control-expose-headers: Content-Length
x-content-type-options: nosniff
accept-ranges: bytes
date: Sun, 27 Nov 2022 20:54:13 GMT
x-cache: HIT, HIT
x-tw-cdn: FT
x-served-by: cache-lhr7369-LHR, cache-bma1640-BMA, cache-tw-ZZZ1
server-timing: x-cache;desc=HIT, x-tw-cdn;desc=FT
content-length: 82032
X-Firefox-Spdy: h2
mc.yandex.ru/metrika/advert.gif
87.250.251.119200 OK 43 B URL HTTP/2 mc.yandex.ru/metrika/advert.gif
IP 87.250.251.119:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash df3e567d6f16d040326c7a0ea29a4f41
ea7df583983133b62712b5e73bffbcd45cc53736
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
GET /metrika/advert.gif HTTP/1.1
Host: mc.yandex.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://en.xvideos-dl.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-length: 43
date: Sun, 27 Nov 2022 20:54:13 GMT
access-control-allow-origin: *
etag: "637f41b2-2b"
expires: Sun, 27 Nov 2022 21:54:13 GMT
accept-ranges: bytes
last-modified: Thu, 24 Nov 2022 13:04:34 GMT
cache-control: max-age=3600
content-type: image/gif
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
pbs.twimg.com/ext_tw_video_thumb/1552481817642647552/pu/img/LnP72aIPt2Bkbesc.jpg?name=orig
151.101.84.159404 Not Found 4.4 kB URL HTTP/2 pbs.twimg.com/ext_tw_video_thumb/1552481817642647552/pu/img/LnP72aIPt2Bkbesc.jpg?name=orig
IP 151.101.84.159:0
Hash 2752cc0c1483636ad300b72e99ef9a71
1711b217dfd04a7229a75dadb247d7cf08409a01
8e92293a5c06f7082c75f24b624ea171764beabdbb9f6b3db75584690a301dcf
GET /ext_tw_video_thumb/1552481817642647552/pu/img/LnP72aIPt2Bkbesc.jpg?name=orig HTTP/1.1
Host: pbs.twimg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://en.xvideos-dl.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 404 Not Found
perf: 7626143928
cache-control: max-age=86400, must-revalidate
x-transaction-id: eecaef35b44dd8b1
timing-allow-origin: https://twitter.com, https://mobile.twitter.com
strict-transport-security: max-age=631138519
access-control-allow-origin: *
access-control-expose-headers: Content-Length
x-content-type-options: nosniff
accept-ranges: bytes
date: Sun, 27 Nov 2022 20:54:13 GMT
x-cache: HIT, HIT
x-tw-cdn: FT
x-served-by: cache-lhr7350-LHR, cache-bma1640-BMA, cache-tw-ZZZ1
server-timing: x-cache;desc=HIT, x-tw-cdn;desc=FT
content-length: 0
X-Firefox-Spdy: h2
pbs.twimg.com/ext_tw_video_thumb/1302027457604792325/pu/img/KmIGZqd1xyitMtTN.jpg?name=orig
151.101.84.159200 OK 66 kB URL HTTP/2 pbs.twimg.com/ext_tw_video_thumb/1302027457604792325/pu/img/KmIGZqd1xyitMtTN.jpg?name=orig
IP 151.101.84.159:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 1200x675, components 3\012- data
Hash a5e3ce1457e19410629f53001da1da1d
a42a4b865af929fad08ae3e33f5bdceabf3af816
0103e3c26de3e9acfc6f1af05cc54ef3b50498c91d02a455cb9c139cc389aa0b
GET /ext_tw_video_thumb/1302027457604792325/pu/img/KmIGZqd1xyitMtTN.jpg?name=orig HTTP/1.1
Host: pbs.twimg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://en.xvideos-dl.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
perf: 7626143928
content-type: image/jpeg
cache-control: max-age=604800, must-revalidate
last-modified: Fri, 04 Sep 2020 23:33:11 GMT
x-transaction-id: 8547994042a051f7
timing-allow-origin: https://twitter.com, https://mobile.twitter.com
strict-transport-security: max-age=631138519
access-control-allow-origin: *
access-control-expose-headers: Content-Length
x-content-type-options: nosniff
accept-ranges: bytes
date: Sun, 27 Nov 2022 20:54:13 GMT
x-cache: HIT, HIT
x-tw-cdn: FT
x-served-by: cache-lhr7349-LHR, cache-bma1640-BMA, cache-tw-ZZZ1
server-timing: x-cache;desc=HIT, x-tw-cdn;desc=FT
content-length: 66166
X-Firefox-Spdy: h2
pbs.twimg.com/amplify_video_thumb/1280911147294552064/img/o_7k0QtqGEKKCHTq.jpg?name=orig
151.101.84.159200 OK 43 kB URL HTTP/2 pbs.twimg.com/amplify_video_thumb/1280911147294552064/img/o_7k0QtqGEKKCHTq.jpg?name=orig
IP 151.101.84.159:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 720x404, components 3\012- data
Hash 441b0745edcfe533805d8d9a66d9e13e
a438c640a817713c456ef4925ab7b39a1dd1d100
c609b55f529b23892cc9bae4f0664e9120b798568ea217f51247d2f202017305
GET /amplify_video_thumb/1280911147294552064/img/o_7k0QtqGEKKCHTq.jpg?name=orig HTTP/1.1
Host: pbs.twimg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://en.xvideos-dl.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
perf: 7626143928
content-type: image/jpeg
cache-control: max-age=604800, must-revalidate
last-modified: Wed, 08 Jul 2020 17:04:30 GMT
x-transaction-id: d74564a95005965e
timing-allow-origin: https://twitter.com, https://mobile.twitter.com
strict-transport-security: max-age=631138519
access-control-allow-origin: *
access-control-expose-headers: Content-Length
x-content-type-options: nosniff
accept-ranges: bytes
date: Sun, 27 Nov 2022 20:54:13 GMT
x-cache: HIT, HIT
x-tw-cdn: FT
x-served-by: cache-lhr6627-LHR, cache-bma1640-BMA, cache-tw-ZZZ1
server-timing: x-cache;desc=HIT, x-tw-cdn;desc=FT
content-length: 42889
X-Firefox-Spdy: h2
hifiporn.fun/xxx/
104.167.223.181200 OK 96 kB IP 104.167.223.181:0
ASN #399045 DEDIOUTLET-NETWORKS
Hash 9e264d1372e136ea5706e63379d2b299
bd49fdf3a3a0862e2d3493c48c5f3ed5e1f797f8
81c2a1555187afde25c51ef8431cccd5e758d2a8939e06bb415580f5ad4f0c15
GET /xxx/ HTTP/1.1
Host: hifiporn.fun
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 27 Nov 2022 20:54:10 GMT
content-type: text/html; charset=utf-8
vary: Accept-Encoding
cache-control: max-age=604800
expires: Sun, 04 Dec 2022 20:54:10 GMT
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: sameorigin
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-encoding: gzip
X-Firefox-Spdy: h2
pbs.twimg.com/ext_tw_video_thumb/1505941772500979712/pu/img/b-7tvOnbj6OY6kEN.jpg?name=orig
151.101.84.159200 OK 19 kB URL HTTP/2 pbs.twimg.com/ext_tw_video_thumb/1505941772500979712/pu/img/b-7tvOnbj6OY6kEN.jpg?name=orig
IP 151.101.84.159:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 766x432, components 3\012- data
Hash 64e38a22967d085cc33bd80cbecb6fc7
8e27b0ac3d232fc0f19099a743224b5259e2ec15
71d44ff3fbfe4b58281a5ad58d49b7e96ab9ee7225717d558c7748882cce12e4
GET /ext_tw_video_thumb/1505941772500979712/pu/img/b-7tvOnbj6OY6kEN.jpg?name=orig HTTP/1.1
Host: pbs.twimg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://en.xvideos-dl.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
perf: 7626143928
content-type: image/jpeg
cache-control: max-age=604800, must-revalidate
last-modified: Mon, 21 Mar 2022 16:15:52 GMT
x-transaction-id: 5123de1a577efef5
timing-allow-origin: https://twitter.com, https://mobile.twitter.com
strict-transport-security: max-age=631138519
access-control-allow-origin: *
access-control-expose-headers: Content-Length
x-content-type-options: nosniff
accept-ranges: bytes
date: Sun, 27 Nov 2022 20:54:13 GMT
x-cache: HIT, HIT
x-tw-cdn: FT
x-served-by: cache-lhr7345-LHR, cache-bma1640-BMA, cache-tw-ZZZ1
server-timing: x-cache;desc=HIT, x-tw-cdn;desc=FT
content-length: 19077
X-Firefox-Spdy: h2
pbs.twimg.com/ext_tw_video_thumb/1007223598438903808/pu/img/2zO3juaOf4GsfljR.jpg?name=orig
151.101.84.159200 OK 40 kB URL HTTP/2 pbs.twimg.com/ext_tw_video_thumb/1007223598438903808/pu/img/2zO3juaOf4GsfljR.jpg?name=orig
IP 151.101.84.159:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 1200x675, components 3\012- data
Hash 867ced971e5f0b6e3dc3b82f829128c5
4c91d86846dabba65411937695ec5e34ad324cf1
8571e6e5105d01f1f9a6daac7a25ab452971dbd3e0855fe21056ec28f8e5f665
GET /ext_tw_video_thumb/1007223598438903808/pu/img/2zO3juaOf4GsfljR.jpg?name=orig HTTP/1.1
Host: pbs.twimg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://en.xvideos-dl.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
perf: 7626143928
content-type: image/jpeg
cache-control: max-age=604800, must-revalidate
last-modified: Thu, 14 Jun 2018 11:27:53 GMT
x-transaction-id: 362bcc2da01272e3
timing-allow-origin: https://twitter.com, https://mobile.twitter.com
strict-transport-security: max-age=631138519
access-control-allow-origin: *
access-control-expose-headers: Content-Length
x-content-type-options: nosniff
accept-ranges: bytes
date: Sun, 27 Nov 2022 20:54:13 GMT
x-cache: HIT, HIT
x-tw-cdn: FT
x-served-by: cache-lhr7383-LHR, cache-bma1640-BMA, cache-tw-ZZZ1
server-timing: x-cache;desc=HIT, x-tw-cdn;desc=FT
content-length: 40213
X-Firefox-Spdy: h2
4a65d58a18.7a07c25a29.com/0475c3a213601220913ee6b1e280a0b9.js
45.133.44.24200 OK 107 kB URL HTTP/2 4a65d58a18.7a07c25a29.com/0475c3a213601220913ee6b1e280a0b9.js
IP 45.133.44.24:0
ASN #39572 DataWeb Global Group B.V.
Size 107 kB (106645 bytes)
Hash 901f5c398b707aee876bf3800eb399ad
1448e184791bc9db0a1a0ad79d98ca71ec81b582
10249d34b287794b45bc455da09bdc01a1de02048dedfb934221d4203744592f
Analyzer Verdict Alert quad9 Sinkholed
GET /0475c3a213601220913ee6b1e280a0b9.js HTTP/1.1
Host: 4a65d58a18.7a07c25a29.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://en.xvideos-dl.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sun, 27 Nov 2022 20:54:13 GMT
content-type: application/javascript; charset=utf-8
server: nginx/1.18.0
last-modified: Tue, 22 Nov 2022 16:27:58 GMT
etag: W/"637cf88e-48777"
content-encoding: gzip
expires: Sun, 27 Nov 2022 20:59:13 GMT
cache-control: max-age=300
x-proxy-cache: HIT
access-control-allow-origin: *
X-Firefox-Spdy: h2
pbs.twimg.com/ext_tw_video_thumb/1330952171177848832/pu/img/hMbdI3oLjL0agw-u.jpg?name=orig
151.101.84.159200 OK 53 kB URL HTTP/2 pbs.twimg.com/ext_tw_video_thumb/1330952171177848832/pu/img/hMbdI3oLjL0agw-u.jpg?name=orig
IP 151.101.84.159:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 675x1200, components 3\012- data
Hash 52d45d1a65b4f051744715053080128a
24ec09d354c55635fb0ee794cd2b39f2712a5655
cc1a9595a35fb8325a9954516e7c51107ee68c1a3888defc0f41c45bc20fbc4b
GET /ext_tw_video_thumb/1330952171177848832/pu/img/hMbdI3oLjL0agw-u.jpg?name=orig HTTP/1.1
Host: pbs.twimg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://en.xvideos-dl.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
perf: 7626143928
content-type: image/jpeg
cache-control: max-age=604800, must-revalidate
last-modified: Mon, 23 Nov 2020 19:09:40 GMT
x-transaction-id: 8d910c74a6618169
timing-allow-origin: https://twitter.com, https://mobile.twitter.com
strict-transport-security: max-age=631138519
access-control-allow-origin: *
access-control-expose-headers: Content-Length
x-content-type-options: nosniff
accept-ranges: bytes
date: Sun, 27 Nov 2022 20:54:13 GMT
x-cache: HIT, HIT
x-tw-cdn: FT
x-served-by: cache-lhr7364-LHR, cache-bma1640-BMA, cache-tw-ZZZ1
server-timing: x-cache;desc=HIT, x-tw-cdn;desc=FT
content-length: 52638
X-Firefox-Spdy: h2
rz.nakadashi.pw/v/s://www.youjizz.com/videos/chinese-massage-parlor-62799471.html/title/myhash/3
172.64.128.21200 OK 131 B URL HTTP/2 rz.nakadashi.pw/v/s://www.youjizz.com/videos/chinese-massage-parlor-62799471.html/title/myhash/3
IP 172.64.128.21:0
File type ASCII text, with no line terminators
Hash 8d6264abc5bded54dc727e878e597ba0
4ab6d6444abe60854021cdef2b8fb5a1c7ccba33
4f6a6ffef4a6e78b90abf76d12aa41111f12d88676c8fac213feea4a63bc46a8
Analyzer Verdict Alert fortinet Phishing
GET /v/s://www.youjizz.com/videos/chinese-massage-parlor-62799471.html/title/myhash/3 HTTP/1.1
Host: rz.nakadashi.pw
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://en.xvideos-dl.top
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sun, 27 Nov 2022 20:54:12 GMT
content-type: text/html; charset=UTF-8
vary: Host,Accept-Encoding
pdo-line8: host-rz.nakadashi.pw127.0.0.1-myhost-127.0.0.1/v/s://www.youjizz.com/videos/chinese-massage-parlor-62799471.html/title/myhash/3
phost: rz.nakadashi.pw
line1066: notjp-nakadashi-myhost--filteron-
pdo106: feedvid-, cachefileb-cacpdo3/ed/c5/e12a63, lfm-1-1472, lmd-1472, lud-919635, xfvlen-1182159, fsize-711063, played-1244
access-control-allow-headers: X-Requested-With
cache-control: public, max-age=3600000
access-control-allow-origin: *
x-proxy-cache-5950: MISS
xkey-5950: rz./v/s://www.youjizz.com/videos/chinese-massage-parlor-62799471.html/title/myhash/3-A-rz.nakadashi.pw--cacpdo0---yes
x-proxy-cache-la2: HIT
xkey-la2: rz./v/s://www.youjizz.com/videos/chinese-massage-parlor-62799471.html/title/myhash/3-A-rz.nakadashi.pw--my_zone
cf-cache-status: MISS
last-modified: Sun, 27 Nov 2022 20:54:12 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=YWozg36YWrJleqK330dfrPTmqRgfyI19jchT2Ns4t60OiIfZoBA8OG%2F858fOsS2jQFdg7C49jxRcFpq2lbOopfN1SDoql87iw9ffg0jhBMdSKsHznWS7WMd8H9GaF4JSSR4%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 770dc1f4d933778c-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
pbs.twimg.com/ext_tw_video_thumb/1002212270863192065/pu/img/X-7YfhV4uzNxw4oc.jpg?name=orig
151.101.84.159200 OK 52 kB URL HTTP/2 pbs.twimg.com/ext_tw_video_thumb/1002212270863192065/pu/img/X-7YfhV4uzNxw4oc.jpg?name=orig
IP 151.101.84.159:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 1200x675, components 3\012- data
Hash 43cfacb8985f33b34ae8cc9bc7317288
3d4d52b3cbca013f0c7c38849f1ed01aa2d9aefb
216b0af21f1d376b0c4996576c52ac9c8494b846cc2494b2e271ca8ccbb4ad81
GET /ext_tw_video_thumb/1002212270863192065/pu/img/X-7YfhV4uzNxw4oc.jpg?name=orig HTTP/1.1
Host: pbs.twimg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://en.xvideos-dl.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
perf: 7626143928
content-type: image/jpeg
cache-control: max-age=604800, must-revalidate
last-modified: Thu, 31 May 2018 15:34:40 GMT
x-transaction-id: f4e14e5b2d972ce7
timing-allow-origin: https://twitter.com, https://mobile.twitter.com
strict-transport-security: max-age=631138519
access-control-allow-origin: *
access-control-expose-headers: Content-Length
x-content-type-options: nosniff
accept-ranges: bytes
date: Sun, 27 Nov 2022 20:54:13 GMT
x-cache: HIT, HIT
x-tw-cdn: FT
x-served-by: cache-lhr7325-LHR, cache-bma1640-BMA, cache-tw-ZZZ1
server-timing: x-cache;desc=HIT, x-tw-cdn;desc=FT
content-length: 52255
X-Firefox-Spdy: h2
pbs.twimg.com/ext_tw_video_thumb/1016708775938576385/pu/img/mBhLVd4JGQVCre4c.jpg?name=orig
151.101.84.159200 OK 60 kB URL HTTP/2 pbs.twimg.com/ext_tw_video_thumb/1016708775938576385/pu/img/mBhLVd4JGQVCre4c.jpg?name=orig
IP 151.101.84.159:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 1200x675, components 3\012- data
Hash c80189d606ee8516333b9f895b256585
c7707db2135f67f2cf9f40b70d99072e21c32884
6996a9801610506db6fc8c58a0cce21c17eba8cf595efa15a7f32448d39bfb8e
GET /ext_tw_video_thumb/1016708775938576385/pu/img/mBhLVd4JGQVCre4c.jpg?name=orig HTTP/1.1
Host: pbs.twimg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://en.xvideos-dl.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
perf: 7626143928
content-type: image/jpeg
cache-control: max-age=604800, must-revalidate
last-modified: Tue, 10 Jul 2018 15:38:36 GMT
x-transaction-id: ec2cc73aec89eb13
timing-allow-origin: https://twitter.com, https://mobile.twitter.com
strict-transport-security: max-age=631138519
access-control-allow-origin: *
access-control-expose-headers: Content-Length
x-content-type-options: nosniff
accept-ranges: bytes
date: Sun, 27 Nov 2022 20:54:13 GMT
x-cache: HIT, HIT
x-tw-cdn: FT
x-served-by: cache-lhr7367-LHR, cache-bma1640-BMA, cache-tw-ZZZ1
server-timing: x-cache;desc=HIT, x-tw-cdn;desc=FT
content-length: 60431
X-Firefox-Spdy: h2
4a65d58a18.7a07c25a29.com/7ae3e31cd8a320c7a419e3c728b486f7.js
45.133.44.24200 OK 81 kB URL HTTP/2 4a65d58a18.7a07c25a29.com/7ae3e31cd8a320c7a419e3c728b486f7.js
IP 45.133.44.24:0
ASN #39572 DataWeb Global Group B.V.
Hash 505db7427c09bbddc55d70dd6d8017b1
d42faaa403df9549b73e29398fb02f749409808d
5bacbcf1867079d12db3d74a5818d3524fe1f65ee9d73bb6039cdda3a3edbb03
Analyzer Verdict Alert quad9 Sinkholed
GET /7ae3e31cd8a320c7a419e3c728b486f7.js HTTP/1.1
Host: 4a65d58a18.7a07c25a29.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://en.xvideos-dl.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sun, 27 Nov 2022 20:54:13 GMT
content-type: application/javascript; charset=utf-8
server: nginx/1.18.0
last-modified: Thu, 13 Oct 2022 09:19:10 GMT
etag: W/"6347d80e-16007"
content-encoding: gzip
expires: Sun, 27 Nov 2022 20:59:13 GMT
cache-control: max-age=300
x-proxy-cache: HIT
access-control-allow-origin: *
X-Firefox-Spdy: h2
pbs.twimg.com/ext_tw_video_thumb/999364245060907008/pu/img/iQpDgjNdYSIYPxdf.jpg?name=orig
151.101.84.159200 OK 80 kB URL HTTP/2 pbs.twimg.com/ext_tw_video_thumb/999364245060907008/pu/img/iQpDgjNdYSIYPxdf.jpg?name=orig
IP 151.101.84.159:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 1200x675, components 3\012- data
Hash 5adb9377b8b10af56af9b851ba81c333
ecc93c6f63f49236ca3cf1811610042bc49d2708
879acd5cad94b78efb26813c3816af370e89f9a5ace09b2918776c5ab34bd9e6
GET /ext_tw_video_thumb/999364245060907008/pu/img/iQpDgjNdYSIYPxdf.jpg?name=orig HTTP/1.1
Host: pbs.twimg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://en.xvideos-dl.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
perf: 7626143928
content-type: image/jpeg
cache-control: max-age=604800, must-revalidate
last-modified: Wed, 23 May 2018 18:57:37 GMT
x-transaction-id: f9fb607c4bc135fa
timing-allow-origin: https://twitter.com, https://mobile.twitter.com
strict-transport-security: max-age=631138519
access-control-allow-origin: *
access-control-expose-headers: Content-Length
x-content-type-options: nosniff
accept-ranges: bytes
date: Sun, 27 Nov 2022 20:54:13 GMT
x-cache: HIT, HIT
x-tw-cdn: FT
x-served-by: cache-lhr7323-LHR, cache-bma1640-BMA, cache-tw-ZZZ1
server-timing: x-cache;desc=HIT, x-tw-cdn;desc=FT
content-length: 79734
X-Firefox-Spdy: h2
rz.nakadashi.pw/v/s://twitter.com/gril_real/status/1369772967761215493/title/myhash/3
172.64.128.21200 OK 81 kB URL HTTP/2 rz.nakadashi.pw/v/s://twitter.com/gril_real/status/1369772967761215493/title/myhash/3
IP 172.64.128.21:0
File type ASCII text, with very long lines (305), with no line terminators
Hash eaccd0a6091d48acb6881143839bc827
ac83178e112f39fb496d452f8f4e801705a91e1a
145b5ad842c8c120faa93e4257c585795001c4deb19a9008a40ce0e769f4711f
Analyzer Verdict Alert fortinet Phishing
GET /v/s://twitter.com/gril_real/status/1369772967761215493/title/myhash/3 HTTP/1.1
Host: rz.nakadashi.pw
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://en.xvideos-dl.top
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sun, 27 Nov 2022 20:54:11 GMT
content-type: text/html; charset=UTF-8
vary: Host,Accept-Encoding
pdo-line8: host-rz.nakadashi.pw127.0.0.1-myhost-127.0.0.1/v/s://twitter.com/gril_real/status/1369772967761215493/title/myhash/3
phost: rz.nakadashi.pw
line1066: notjp-nakadashi-myhost--filteron-
pdo106: feedvid-, cachefileb-cacpdo1/3d/aa/7d9452, lfm-1-2465, lmd-2465, lud-5919816, xfvlen-3103489, fsize-880967, played-14
access-control-allow-headers: X-Requested-With
cache-control: public, max-age=3600000
access-control-allow-origin: *
x-proxy-cache-5950: MISS
xkey-5950: rz./v/s://twitter.com/gril_real/status/1369772967761215493/title/myhash/3-A-rz.nakadashi.pw--cacpdo0---yes
x-proxy-cache-la2: HIT
xkey-la2: rz./v/s://twitter.com/gril_real/status/1369772967761215493/title/myhash/3-A-rz.nakadashi.pw--my_zone
cf-cache-status: HIT
age: 51703
last-modified: Sun, 27 Nov 2022 06:32:28 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=frC%2BoL2GUcTLvycsBYE7XlrC4dVRKzRSLKAe06s22cO2n3GfVcf4HoNaYdQN%2BR%2FlBdQDRpl%2BaSfQFwJRLVvD%2Fv2DT%2BYzzVN7g3%2BqTNv0W3R0BSC7zlor2ha3hg0S422vzWg%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 770dc1f4e94e778c-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 1e5cc6bfa6ea848a329d167cd9c2da4e
1e109c56dd57be3b762a19228ea5aa75fedb7789
23eb322a4473cca78be24ac6dfa011259d01a76266adeef65ff96cbd812c0c97
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "23EB322A4473CCA78BE24AC6DFA011259D01A76266ADEEF65FF96CBD812C0C97"
Last-Modified: Sat, 26 Nov 2022 16:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2701
Expires: Sun, 27 Nov 2022 21:39:14 GMT
Date: Sun, 27 Nov 2022 20:54:13 GMT
Connection: keep-alive
rz.nakadashi.pw/v/s://sex18.photos/93085-nevesta-la-sposa-1995.html/title/myhash/3
172.64.128.21200 OK 636 B URL HTTP/2 rz.nakadashi.pw/v/s://sex18.photos/93085-nevesta-la-sposa-1995.html/title/myhash/3
IP 172.64.128.21:0
File type ASCII text, with no line terminators
Hash 68612af646b1c7c4a13f2fea52f73cd8
eed8b0c6dd87df8988fe7351a966de3ea74ea8b5
23e4f968c3c80953cc99ace45784b0f1b5ec84857ae2c1d00247d89f784c7267
Analyzer Verdict Alert fortinet Phishing
GET /v/s://sex18.photos/93085-nevesta-la-sposa-1995.html/title/myhash/3 HTTP/1.1
Host: rz.nakadashi.pw
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://en.xvideos-dl.top
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sun, 27 Nov 2022 20:54:12 GMT
content-type: text/html; charset=UTF-8
vary: Host,Accept-Encoding
pdo-line8: host-rz.nakadashi.pw127.0.0.1-myhost-127.0.0.1/v/s://sex18.photos/93085-nevesta-la-sposa-1995.html/title/myhash/3
phost: rz.nakadashi.pw
line1066: notjp-nakadashi-myhost--filteron-
pdo106: feedvid-, cachefileb-cacpdo9/59/e4/96ba49, lfm-1-157, lmd-157, lud-750625, xfvlen-1666430, fsize-901627, played-185
access-control-allow-headers: X-Requested-With
cache-control: public, max-age=3600000
access-control-allow-origin: *
x-proxy-cache-5950: MISS
xkey-5950: rz./v/s://sex18.photos/93085-nevesta-la-sposa-1995.html/title/myhash/3-A-rz.nakadashi.pw--cacpdo0---yes
x-proxy-cache-la2: HIT
xkey-la2: rz./v/s://sex18.photos/93085-nevesta-la-sposa-1995.html/title/myhash/3-A-rz.nakadashi.pw--my_zone
cf-cache-status: MISS
last-modified: Sun, 27 Nov 2022 20:54:12 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=S5rMqL1F8bIWOA%2B0JHXS0%2FKJF8OeV2IWDIqgKU20xYAnU7oZEyMbCGrmM74g7pMxX1sOUPVyqFrNlc8EQlQvwjQvE9RfOzTMrKQZyPTSo9tUsx3jDzw5ErTR3IU23voRA1o%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 770dc1f4d931778c-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
pbs.twimg.com/media/FTnaG2NXoAACZNS.jpg?name=orig
151.101.84.159200 OK 194 kB URL HTTP/2 pbs.twimg.com/media/FTnaG2NXoAACZNS.jpg?name=orig
IP 151.101.84.159:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 1920x1080, components 3\012- data
Size 194 kB (194240 bytes)
Hash 465019f7b5ea784472f9a7529dbfd911
c38db034b632c683a9a75f4838249c6c95f1942e
fde26a3b6cc5f99a46801dee357af74f7afbc252ce57e7def4f3bbbafc85cbad
GET /media/FTnaG2NXoAACZNS.jpg?name=orig HTTP/1.1
Host: pbs.twimg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://en.xvideos-dl.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
perf: 7626143928
content-type: image/jpeg
cache-control: max-age=604800, must-revalidate
last-modified: Wed, 25 May 2022 16:01:28 GMT
x-transaction-id: c1d1cb026ad9b780
timing-allow-origin: https://twitter.com, https://mobile.twitter.com
strict-transport-security: max-age=631138519
access-control-allow-origin: *
access-control-expose-headers: Content-Length
x-content-type-options: nosniff
accept-ranges: bytes
date: Sun, 27 Nov 2022 20:54:13 GMT
x-cache: HIT, HIT
x-tw-cdn: FT
x-served-by: cache-lhr7364-LHR, cache-bma1640-BMA, cache-tw-ZZZ1
server-timing: x-cache;desc=HIT, x-tw-cdn;desc=FT
content-length: 194240
X-Firefox-Spdy: h2
rz.nakadashi.pw/v/s://hifiporn.fun/xxx/9/lanka-blu-fiim-bangladashi-sexy-vedio-comaree-cfnm/sexy-wife-sucks-cock-and-takes-cum-in-her-mouth-in-this-homemade-blowjob-filmed-in-pov/title/myhash/3
172.64.128.21200 OK 556 B URL HTTP/2 rz.nakadashi.pw/v/s://hifiporn.fun/xxx/9/lanka-blu-fiim-bangladashi-sexy-vedio-comaree-cfnm/sexy-wife-sucks-cock-and-takes-cum-in-her-mouth-in-this-homemade-blowjob-filmed-in-pov/title/myhash/3
IP 172.64.128.21:0
File type ASCII text, with very long lines (1144), with no line terminators
Hash e96f4d8cb4ca7b4b15685368c0e8f0e2
c514c78dad875a87a209acfa1b85bd6d4da0611d
b208377d08f6c55e6c1a7ea100025371f492aa80a31f150ae5eae7308e96ac02
Analyzer Verdict Alert fortinet Phishing
GET /v/s://hifiporn.fun/xxx/9/lanka-blu-fiim-bangladashi-sexy-vedio-comaree-cfnm/sexy-wife-sucks-cock-and-takes-cum-in-her-mouth-in-this-homemade-blowjob-filmed-in-pov/title/myhash/3 HTTP/1.1
Host: rz.nakadashi.pw
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://en.xvideos-dl.top
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sun, 27 Nov 2022 20:54:11 GMT
content-type: text/html; charset=UTF-8
vary: Host,Accept-Encoding
pdo-line8: host-rz.nakadashi.pw127.0.0.1-myhost-127.0.0.1/v/s://hifiporn.fun/xxx/9/lanka-blu-fiim-bangladashi-sexy-vedio-comaree-cfnm/sexy-wife-sucks-cock-and-takes-cum-in-her-mouth-in-this-homemade-blowjob-filmed-in-pov/title/myhash/3
phost: rz.nakadashi.pw
line1066: notjp-nakadashi-myhost--filteron-
pdo106: feedvid-, cachefileb-cacpdo2/ad/92/181e160, lfm-1-1049, lmd-1049, lud-2403438, xfvlen-990606, fsize-475594, played-8016
access-control-allow-headers: X-Requested-With
cache-control: public, max-age=3600000
access-control-allow-origin: *
x-proxy-cache-5950: MISS
xkey-5950: rz./v/s://hifiporn.fun/xxx/9/lanka-blu-fiim-bangladashi-sexy-vedio-comaree-cfnm/sexy-wife-sucks-cock-and-takes-cum-in-her-mouth-in-this-homemade-blowjob-filmed-in-pov/title/myhash/3-A-rz.nakadashi.pw--cacpdo0---yes
x-proxy-cache-la2: HIT
xkey-la2: rz./v/s://hifiporn.fun/xxx/9/lanka-blu-fiim-bangladashi-sexy-vedio-comaree-cfnm/sexy-wife-sucks-cock-and-takes-cum-in-her-mouth-in-this-homemade-blowjob-filmed-in-pov/title/myhash/3-A-rz.nakadashi.pw--my_zone
cf-cache-status: HIT
age: 1844508
last-modified: Sun, 06 Nov 2022 12:32:23 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=eyr3Mb5Zk%2FyN%2BkLL117gVTKtVm9qFcdY%2FfFo9yKBFjTp9sMkmSyc6no4DQ91KYFHsF25ob7sYe6oyiNdNBrWlscS570wZtDtKjKyrFiROwdAjZg59OarxuGE9OPvXIKBGtE%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 770dc1f4d940778c-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
rz.nakadashi.pw/v/s://www.publimetro.com.mx/mx/noticias/2018/04/18/denuncian-manoseo-una-pequena-transporte-publico-michoacan.html/title/myhash/3
172.64.128.21200 OK 0 B URL HTTP/2 rz.nakadashi.pw/v/s://www.publimetro.com.mx/mx/noticias/2018/04/18/denuncian-manoseo-una-pequena-transporte-publico-michoacan.html/title/myhash/3
IP 172.64.128.21:0
Analyzer Verdict Alert fortinet Phishing
GET /v/s://www.publimetro.com.mx/mx/noticias/2018/04/18/denuncian-manoseo-una-pequena-transporte-publico-michoacan.html/title/myhash/3 HTTP/1.1
Host: rz.nakadashi.pw
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://en.xvideos-dl.top
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sun, 27 Nov 2022 20:54:11 GMT
content-type: text/html; charset=UTF-8
vary: Host,Accept-Encoding
pdo-line8: host-rz.nakadashi.pw127.0.0.1-myhost-127.0.0.1/v/s://www.publimetro.com.mx/mx/noticias/2018/04/18/denuncian-manoseo-una-pequena-transporte-publico-michoacan.html/title/myhash/3
phost: rz.nakadashi.pw
line1066: notjp-nakadashi-myhost--filteron-
pdo106: feedvid-, cachefileb-cacpdo3/da/06/8b8a112, lfm-1-71242, lmd-71242, lud-9997054, xfvlen-595867, fsize-211799, played-
access-control-allow-headers: X-Requested-With
cache-control: public, max-age=3600000
access-control-allow-origin: *
x-proxy-cache-5950: HIT
xkey-5950: rz./v/s://www.publimetro.com.mx/mx/noticias/2018/04/18/denuncian-manoseo-una-pequena-transporte-publico-michoacan.html/title/myhash/3-A-rz.nakadashi.pw--cacpdo0---yes
x-proxy-cache-la2: HIT
xkey-la2: rz./v/s://www.publimetro.com.mx/mx/noticias/2018/04/18/denuncian-manoseo-una-pequena-transporte-publico-michoacan.html/title/myhash/3-A-rz.nakadashi.pw--my_zone
cf-cache-status: HIT
age: 2670402
last-modified: Thu, 27 Oct 2022 23:07:29 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=h9xkhKotK3G5yU4%2B6IrZf9uKhJxMxy61AaMi4Qxt0iBz8bS7rLq%2Bb%2FeJf0QomtCChnvrtFx2NiEmHHMrd4rT8bS35CILV6cRXVTTsg7bECw%2BeH%2FcgDE7S7GGEQp2ChRc6zs%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 770dc1f4c904778c-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
rz.nakadashi.pw/v/s://twitter.com/jav_grandpa/status/1281626988806111240/title/myhash/3
172.64.128.21200 OK 0 B URL HTTP/2 rz.nakadashi.pw/v/s://twitter.com/jav_grandpa/status/1281626988806111240/title/myhash/3
IP 172.64.128.21:0
Analyzer Verdict Alert fortinet Phishing
GET /v/s://twitter.com/jav_grandpa/status/1281626988806111240/title/myhash/3 HTTP/1.1
Host: rz.nakadashi.pw
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://en.xvideos-dl.top
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sun, 27 Nov 2022 20:54:11 GMT
content-type: text/html; charset=UTF-8
vary: Host,Accept-Encoding
pdo-line8: host-rz.nakadashi.pw127.0.0.1-myhost-127.0.0.1/v/s://twitter.com/jav_grandpa/status/1281626988806111240/title/myhash/3
phost: rz.nakadashi.pw
line1066: notjp-nakadashi-myhost--filteron-
pdo106: feedvid-, cachefileb-cacpdo9/5f/12/876b54, lfm-1-273, lmd-273, lud-3091709, xfvlen-1156976, fsize-588914, played-619
access-control-allow-headers: X-Requested-With
cache-control: public, max-age=3600000
access-control-allow-origin: *
x-proxy-cache-5950: HIT
xkey-5950: rz./v/s://twitter.com/jav_grandpa/status/1281626988806111240/title/myhash/3-A-rz.nakadashi.pw--cacpdo0---yes
x-proxy-cache-la2: HIT
xkey-la2: rz./v/s://twitter.com/jav_grandpa/status/1281626988806111240/title/myhash/3-A-rz.nakadashi.pw--my_zone
cf-cache-status: HIT
age: 508631
last-modified: Mon, 21 Nov 2022 23:37:00 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=qqRgf6yBxjJMg21LrHatK5IdnMrumDsb0YFIry8bzrNwsLKMxqLZIcMpIozsPMC7Q1awMBiwwfT3p7vshW3gT6Sno3h10TUzO6ISKO89dtJx%2FbQTBbUOd9nV9RWmvtKQEwk%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 770dc1f4e94b778c-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
www.heavy-r.com/favicon.ico
104.22.5.193200 OK 0 B URL HTTP/2 www.heavy-r.com/favicon.ico
IP 104.22.5.193:0
GET /favicon.ico HTTP/1.1
Host: www.heavy-r.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 27 Nov 2022 20:54:09 GMT
content-type: image/vnd.microsoft.icon
etag: W/"4080963554"
last-modified: Mon, 11 Dec 2017 19:49:52 GMT
cache-control: max-age=14400
cf-cache-status: HIT
age: 5195
vary: Accept-Encoding
server: cloudflare
cf-ray: 770dc1e53d36b4ee-OSL
content-encoding: br
X-Firefox-Spdy: h2
rz.nakadashi.pw/v/://www.xxxaporn.com/50960/Hot_passionate_blowjob_from_sexy_teen_GF.html/title/myhash/3
172.64.128.21200 OK 0 B URL HTTP/2 rz.nakadashi.pw/v/://www.xxxaporn.com/50960/Hot_passionate_blowjob_from_sexy_teen_GF.html/title/myhash/3
IP 172.64.128.21:0
Analyzer Verdict Alert fortinet Phishing
GET /v/://www.xxxaporn.com/50960/Hot_passionate_blowjob_from_sexy_teen_GF.html/title/myhash/3 HTTP/1.1
Host: rz.nakadashi.pw
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://en.xvideos-dl.top
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sun, 27 Nov 2022 20:54:11 GMT
content-type: text/html; charset=UTF-8
vary: Host,Accept-Encoding
pdo-line8: host-rz.nakadashi.pw127.0.0.1-myhost-127.0.0.1/v/://www.xxxaporn.com/50960/Hot_passionate_blowjob_from_sexy_teen_GF.html/title/myhash/3
phost: rz.nakadashi.pw
line1066: notjp-nakadashi-myhost--filteron-
pdo106: feedvid-, cachefileb-cacpdo3/ef/d3/642d71, lfm-1-1047, lmd-1048, lud-3633257, xfvlen-1133199, fsize-353774, played-104
access-control-allow-headers: X-Requested-With
cache-control: public, max-age=3600000
access-control-allow-origin: *
x-proxy-cache-5950: MISS
xkey-5950: rz./v/://www.xxxaporn.com/50960/Hot_passionate_blowjob_from_sexy_teen_GF.html/title/myhash/3-A-rz.nakadashi.pw--cacpdo0---yes
x-proxy-cache-la2: HIT
xkey-la2: rz./v/://www.xxxaporn.com/50960/Hot_passionate_blowjob_from_sexy_teen_GF.html/title/myhash/3-A-rz.nakadashi.pw--my_zone
cf-cache-status: HIT
age: 2488804
last-modified: Sun, 30 Oct 2022 01:34:07 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Lh8VJrTBpiu8ApYWu53rsCuZ5yxog6jIuHCKelrhAoKgOhBfVWwhSI2ph3TbSb1wifbGH6bckg6%2Bxp9P0cTQ%2FMsAsbdu22i3pQLtwjqy6jjv3OqEczwxOErW3F0twVJnVJo%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 770dc1f4c906778c-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
4a65d58a18.7a07c25a29.com/ec8384a546668869aeca46562f679d38.js
45.133.44.24200 OK 0 B URL HTTP/2 4a65d58a18.7a07c25a29.com/ec8384a546668869aeca46562f679d38.js
IP 45.133.44.24:0
ASN #39572 DataWeb Global Group B.V.
Analyzer Verdict Alert quad9 Sinkholed
GET /ec8384a546668869aeca46562f679d38.js HTTP/1.1
Host: 4a65d58a18.7a07c25a29.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://en.xvideos-dl.top
Connection: keep-alive
Referer: http://en.xvideos-dl.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 27 Nov 2022 20:54:12 GMT
content-type: application/javascript; charset=utf-8
server: nginx/1.18.0
last-modified: Tue, 15 Nov 2022 13:38:16 GMT
etag: W/"63739648-17810"
content-encoding: gzip
expires: Sun, 27 Nov 2022 20:59:12 GMT
cache-control: max-age=300
x-proxy-cache: HIT
access-control-allow-origin: *
X-Firefox-Spdy: h2
rz.nakadashi.pw/v/s://www.clipstock.com/clip/cute-young-little-girl-waking-next-sister-bedroom/title/myhash/3
172.64.128.21200 OK 0 B URL HTTP/2 rz.nakadashi.pw/v/s://www.clipstock.com/clip/cute-young-little-girl-waking-next-sister-bedroom/title/myhash/3
IP 172.64.128.21:0
Analyzer Verdict Alert fortinet Phishing
GET /v/s://www.clipstock.com/clip/cute-young-little-girl-waking-next-sister-bedroom/title/myhash/3 HTTP/1.1
Host: rz.nakadashi.pw
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://en.xvideos-dl.top
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sun, 27 Nov 2022 20:54:11 GMT
content-type: text/html; charset=UTF-8
vary: Host,Accept-Encoding
pdo-line8: host-rz.nakadashi.pw127.0.0.1-myhost-127.0.0.1/v/s://www.clipstock.com/clip/cute-young-little-girl-waking-next-sister-bedroom/title/myhash/3
phost: rz.nakadashi.pw
line1066: notjp-nakadashi-myhost--filteron-
pdo106: feedvid-, cachefileb-cacpdo2/ad/ec/c10776, lfm-1-104, lmd-104, lud-38628, xfvlen-1131394, fsize-382643, played-733
access-control-allow-headers: X-Requested-With
cache-control: public, max-age=3600000
access-control-allow-origin: *
x-proxy-cache-5950: HIT
xkey-5950: rz./v/s://www.clipstock.com/clip/cute-young-little-girl-waking-next-sister-bedroom/title/myhash/3-A-rz.nakadashi.pw--cacpdo0---yes
x-proxy-cache-la2: HIT
xkey-la2: rz./v/s://www.clipstock.com/clip/cute-young-little-girl-waking-next-sister-bedroom/title/myhash/3-A-rz.nakadashi.pw--my_zone
cf-cache-status: HIT
age: 1084188
last-modified: Tue, 15 Nov 2022 07:44:23 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=mWKOcBaIhtjGLkEQVVDtj9mJV6E%2FrrobFq561W52VJrOSqcfH%2Fg6OsvFW0vhRSp6kLKk%2FhKNX2xDpsXxqKkjzo7Kxfnxx0X5K3UB7fRAnNFwu5clGgc%2F9yUj%2F41MKArY%2Bus%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 770dc1f4d924778c-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
www.clipstock.com/favicon.ico
172.67.9.92200 OK 0 B URL HTTP/2 www.clipstock.com/favicon.ico
IP 172.67.9.92:0
GET /favicon.ico HTTP/1.1
Host: www.clipstock.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 27 Nov 2022 20:54:09 GMT
content-type: image/x-icon
cache-control: max-age=1209600
etag: W/"6373f4a2-3aee"
expires: Tue, 06 Dec 2022 10:30:13 GMT
last-modified: Tue, 15 Nov 2022 20:20:50 GMT
x-debug-info: eyJyZXRyaWVzIjowfQ==
x-platform-cluster: cifwxwt6nn7ki-master-7rqtwti
x-platform-processor: r7aqtg5yj5vbaf3oq3sgc46wry
x-platform-router: o2364h4tmzxbj2s3mljjoyzjfq
traceresponse: 00-1729e1714fa810ca3b031cd8393328e2-89515a31e4b964f6-00
age: 469436
x-served-by: cache-iad-kcgs7200109-IAD, cache-bma1678-BMA
x-cache: HIT, HIT
x-cache-hits: 4, 1
x-timer: S1669582450.798997,VS0,VE1
vary: Accept-Encoding, Origin
strict-transport-security: max-age=300
cf-cache-status: DYNAMIC
server: cloudflare
cf-ray: 770dc1e709b71bfe-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
m.sextvx.com/favicon.ico
172.67.137.76200 OK 0 B IP 172.67.137.76:0
GET /favicon.ico HTTP/1.1
Host: m.sextvx.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 27 Nov 2022 20:54:09 GMT
content-type: image/x-icon
last-modified: Thu, 01 Jan 2015 05:27:22 GMT
vary: Accept-Encoding
etag: W/"54a4daba-57e"
strict-transport-security: max-age=63072000; includeSubdomains
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
cf-cache-status: HIT
age: 455
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=W4%2FeoWSrMEdPHp56HdpZkEEyv9Cdhm7B4j0rzLkHz6nVNmRxLmVvbe0uNuMEvLHt3pkYTMxfCV0mpN%2Fhq8AMYLHigLFPFGzIPcYHJdPwn7xxa9rdNAWUoUJkilDdo3I%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 770dc1e63cd61c0a-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
rz.nakadashi.pw/v/://rapefilms.net/insest/1508.html/title/myhash/3
172.64.128.21200 OK 0 B URL HTTP/2 rz.nakadashi.pw/v/://rapefilms.net/insest/1508.html/title/myhash/3
IP 172.64.128.21:0
Analyzer Verdict Alert fortinet Phishing
GET /v/://rapefilms.net/insest/1508.html/title/myhash/3 HTTP/1.1
Host: rz.nakadashi.pw
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://en.xvideos-dl.top
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 27 Nov 2022 20:54:12 GMT
content-type: text/html; charset=UTF-8
vary: Host,Accept-Encoding
pdo-line8: host-rz.nakadashi.pw127.0.0.1-myhost-127.0.0.1/v/://rapefilms.net/insest/1508.html/title/myhash/3
phost: rz.nakadashi.pw
line1066: notjp-nakadashi-myhost--filteron-
pdo106: feedvid-, cachefileb-cacpdo6/7d/c6/363633, lfm-1-14749, lmd-14750, lud-2233243, xfvlen-1868070, fsize-639668, played-1858
access-control-allow-headers: X-Requested-With
cache-control: public, max-age=3600000
access-control-allow-origin: *
x-proxy-cache-5950: HIT
xkey-5950: rz./v/://rapefilms.net/insest/1508.html/title/myhash/3-A-rz.nakadashi.pw--cacpdo0---yes
x-proxy-cache-la2: HIT
xkey-la2: rz./v/://rapefilms.net/insest/1508.html/title/myhash/3-A-rz.nakadashi.pw--my_zone
cf-cache-status: MISS
last-modified: Sun, 27 Nov 2022 20:54:12 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=JAlZPSKQLmayomvtPRTxmzbcIhdIOe8SqrC%2FVg2SGbSI9SQpDTZiEoD%2FWgxv5FZwhnwXauN9xu045evyQhM19sr3z4D6boKYKsb5F8hHh2EnNIiBG9uZwi81Uk%2B%2B8v%2BFSLI%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 770dc1f4f983778c-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
rz.nakadashi.pw/v/://rapefilms.net/insest/2454.html/title/myhash/3
172.64.128.21200 OK 0 B URL HTTP/2 rz.nakadashi.pw/v/://rapefilms.net/insest/2454.html/title/myhash/3
IP 172.64.128.21:0
Analyzer Verdict Alert fortinet Phishing
GET /v/://rapefilms.net/insest/2454.html/title/myhash/3 HTTP/1.1
Host: rz.nakadashi.pw
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://en.xvideos-dl.top
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sun, 27 Nov 2022 20:54:12 GMT
content-type: text/html; charset=UTF-8
vary: Host,Accept-Encoding
pdo-line8: host-rz.nakadashi.pw127.0.0.1-myhost-127.0.0.1/v/://rapefilms.net/insest/2454.html/title/myhash/3
phost: rz.nakadashi.pw
line1066: notjp-nakadashi-myhost--filteron-
pdo106: feedvid-, cachefileb-cacpdo9/68/72/7cbc33, lfm-1-2430, lmd-2430, lud-839148, xfvlen-1916895, fsize-717914, played-3758
access-control-allow-headers: X-Requested-With
cache-control: public, max-age=3600000
access-control-allow-origin: *
x-proxy-cache-5950: MISS
xkey-5950: rz./v/://rapefilms.net/insest/2454.html/title/myhash/3-A-rz.nakadashi.pw--cacpdo0---yes
x-proxy-cache-la2: HIT
xkey-la2: rz./v/://rapefilms.net/insest/2454.html/title/myhash/3-A-rz.nakadashi.pw--my_zone
cf-cache-status: MISS
last-modified: Sun, 27 Nov 2022 20:54:12 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=v%2FOAtKYOhi8%2B9q9Y%2B1wGj8bkTcTjaWthKP5aXA42S6ysmVnOyz8OX9nlZmXoDO1ymgltF%2BuX2%2B6xkFSGMlmD%2FO%2FL8%2FY%2FfFrSMTe%2Ba9UpX5kzDl5aQ6HgJ%2FfHCCqvq30nCE0%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 770dc1f4d92d778c-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
www.fairynudes.com/favicon.ico
104.21.26.221404 Not Found 0 B URL HTTP/2 www.fairynudes.com/favicon.ico
IP 104.21.26.221:0
GET /favicon.ico HTTP/1.1
Host: www.fairynudes.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 404 Not Found
date: Sun, 27 Nov 2022 20:54:09 GMT
content-type: text/html
vary: Accept-Encoding
cache-control: max-age=14400
cf-cache-status: HIT
age: 60
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Czf8Slv877CywgKKukDPC4r1xUA6h5hhlDan4lrrnh6Oluhe5yYX94L9AHnufRp%2FoMOIAqBrLhzmAY52tbujKTGxJhBbCMfA0RbRzoGQkXozIjYH%2F2Ig604PBm5Zhk1TDZRL%2B7o%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 770dc1e5a8f30b02-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
unpkg.com/videojs-flash@2.2.1/dist/videojs-flash.js
104.16.126.175200 OK 0 B URL HTTP/2 unpkg.com/videojs-flash@2.2.1/dist/videojs-flash.js
IP 104.16.126.175:0
GET /videojs-flash@2.2.1/dist/videojs-flash.js HTTP/1.1
Host: unpkg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://en.xvideos-dl.top/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sun, 27 Nov 2022 20:54:07 GMT
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
last-modified: Sat, 26 Oct 1985 08:15:00 GMT
etag: W/"99ef-EigKzOQZJEjpPjsu+eGt9sbrqUo"
via: 1.1 fly.io
fly-request-id: 01G4XED00012H0FHS4H5YGBK8Y-fra
cf-cache-status: HIT
age: 15031774
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
server: cloudflare
cf-ray: 770dc1d5bc141bfe-OSL
content-encoding: br
X-Firefox-Spdy: h2
rz.nakadashi.pw/v/s://twitter.com/myscreenshots21/status/1552482504288124929/title/myhash/3
172.64.128.21200 OK 0 B URL HTTP/2 rz.nakadashi.pw/v/s://twitter.com/myscreenshots21/status/1552482504288124929/title/myhash/3
IP 172.64.128.21:0
Analyzer Verdict Alert fortinet Phishing
GET /v/s://twitter.com/myscreenshots21/status/1552482504288124929/title/myhash/3 HTTP/1.1
Host: rz.nakadashi.pw
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://en.xvideos-dl.top
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sun, 27 Nov 2022 20:54:11 GMT
content-type: text/html; charset=UTF-8
vary: Host,Accept-Encoding
pdo-line8: host-rz.nakadashi.pw127.0.0.1-myhost-127.0.0.1/v/s://twitter.com/myscreenshots21/status/1552482504288124929/title/myhash/3
phost: rz.nakadashi.pw
line1066: notjp-nakadashi-myhost--filteron-
pdo106: feedvid-, cachefileb-cacpdo2/be/79/8d2358, lfm-1-31, lmd-31, lud-296417, xfvlen-256273, fsize-72973, played-
access-control-allow-headers: X-Requested-With
cache-control: public, max-age=3600000
access-control-allow-origin: *
x-proxy-cache-5950: MISS
xkey-5950: rz./v/s://twitter.com/myscreenshots21/status/1552482504288124929/title/myhash/3-A-rz.nakadashi.pw--cacpdo0---yes
x-proxy-cache-la2: HIT
xkey-la2: rz./v/s://twitter.com/myscreenshots21/status/1552482504288124929/title/myhash/3-A-rz.nakadashi.pw--my_zone
cf-cache-status: HIT
age: 1095743
last-modified: Tue, 15 Nov 2022 04:31:48 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=NHW9sfunQre9I3hHCTwD8%2BjAPNPuJYNAOv4iLipc1D38n60ksKOTcDydNrttR6W2SW2drpxsCCcPEYNco7DK1Q57n07dU8JxpWhMCOgXLAR9kIxK9gHHjOv6WHWsSwnJ0wA%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 770dc1f4c901778c-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
cdn.sc.gl/videojs-hotkeys/latest/videojs.hotkeys.min.js
104.21.13.216200 OK 0 B URL HTTP/2 cdn.sc.gl/videojs-hotkeys/latest/videojs.hotkeys.min.js
IP 104.21.13.216:0
GET /videojs-hotkeys/latest/videojs.hotkeys.min.js HTTP/1.1
Host: cdn.sc.gl
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://en.xvideos-dl.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 27 Nov 2022 20:54:06 GMT
content-type: application/javascript
last-modified: Sun, 28 Aug 2022 02:39:12 GMT
access-control-allow-origin: *
cache-control: max-age=86400
cf-cache-status: HIT
age: 316
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=4jyny6T6xNSO%2FCfYQiz572smCu8uIox17iMUNYVcPJAX31UV4qpTIfrMA4S1CHjNeam5x09QTHadiqaDoH00glM2glseYiww2wHemv3dxpjZ6VTKqB1rp0TvkYs%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 770dc1d3ff040b41-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
xvideosporno.blog.br/favicon.ico
104.26.10.106200 OK 0 B URL HTTP/2 xvideosporno.blog.br/favicon.ico
IP 104.26.10.106:0
GET /favicon.ico HTTP/1.1
Host: xvideosporno.blog.br
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 27 Nov 2022 20:54:09 GMT
content-type: image/x-icon
last-modified: Thu, 20 Feb 2020 07:14:14 GMT
vary: Accept-Encoding
etag: W/"5e4e31c6-25be"
age: 3661
x-cache: MISS
x-cache-hits: 0
cache-control: max-age=432000
cf-cache-status: HIT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=euuCaGvoxriUBMoQriVWZXlo6sAzRveMz2KYsNsEQjnM2nBgBiBfedDm8mM2hMsS8JyW1lA82y3UDfnBcen%2FSEulBH21nlvHZo5pHvxLOY2ivxkJpoSW%2BCEEE0%2FJLJRb7FoF0ba1"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 770dc1e4fc59b4ff-OSL
content-encoding: br
X-Firefox-Spdy: h2
video.twimg.com/ext_tw_video/996768156889862146/pu/vid/1280x720/Jwh7WQW792ZEyiJG.mp4?tag=3
151.101.84.158206 Partial Content 0 B URL HTTP/2 video.twimg.com/ext_tw_video/996768156889862146/pu/vid/1280x720/Jwh7WQW792ZEyiJG.mp4?tag=3
IP 151.101.84.158:0
GET /ext_tw_video/996768156889862146/pu/vid/1280x720/Jwh7WQW792ZEyiJG.mp4?tag=3 HTTP/1.1
Host: video.twimg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: video/webm,video/ogg,video/*;q=0.9,application/ogg;q=0.7,audio/*;q=0.6,*/*;q=0.5
Accept-Language: en-US,en;q=0.5
Range: bytes=0-
Connection: keep-alive
Sec-Fetch-Dest: video
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 206 Partial Content
perf: 7626143928
content-type: video/mp4
cache-control: max-age=604800, must-revalidate
last-modified: Wed, 16 May 2018 15:01:42 GMT
x-transaction-id: 8e140d74abc58593
timing-allow-origin: https://twitter.com, https://mobile.twitter.com
x-content-type-options: nosniff
strict-transport-security: max-age=631138519
access-control-allow-origin: *
access-control-expose-headers: Content-Length
accept-ranges: bytes
content-range: bytes 0-3824704/3824705
date: Sun, 27 Nov 2022 20:54:08 GMT
x-served-by: cache-lhr7323-LHR, cache-bma1673-BMA
x-cache: HIT, HIT
x-tw-cdn: FT
server-timing: x-cache;desc=HIT, x-tw-cdn;desc=FT
content-length: 3824705
X-Firefox-Spdy: h2
rz.nakadashi.pw/v/s://www.fairynudes.com/fr/sex-videos/very-young-barely-legal//title/myhash/3
172.64.128.21200 OK 0 B URL HTTP/2 rz.nakadashi.pw/v/s://www.fairynudes.com/fr/sex-videos/very-young-barely-legal//title/myhash/3
IP 172.64.128.21:0
Analyzer Verdict Alert fortinet Phishing
GET /v/s://www.fairynudes.com/fr/sex-videos/very-young-barely-legal//title/myhash/3 HTTP/1.1
Host: rz.nakadashi.pw
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://en.xvideos-dl.top
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sun, 27 Nov 2022 20:54:11 GMT
content-type: text/html; charset=UTF-8
vary: Host,Accept-Encoding
pdo-line8: host-rz.nakadashi.pw127.0.0.1-myhost-127.0.0.1/v/s://www.fairynudes.com/fr/sex-videos/very-young-barely-legal//title/myhash/3
phost: rz.nakadashi.pw
line1066: notjp-nakadashi-myhost--filteron-
pdo106: feedvid-, cachefileb-cacpdo6/7b/33/a43d61, lfm-1-923, lmd-923, lud-228367, xfvlen-1473956, fsize-628235, played-1078
access-control-allow-headers: X-Requested-With
cache-control: public, max-age=3600000
access-control-allow-origin: *
x-proxy-cache-5950: MISS
xkey-5950: rz./v/s://www.fairynudes.com/fr/sex-videos/very-young-barely-legal//title/myhash/3-A-rz.nakadashi.pw--cacpdo0---yes
x-proxy-cache-la2: HIT
xkey-la2: rz./v/s://www.fairynudes.com/fr/sex-videos/very-young-barely-legal//title/myhash/3-A-rz.nakadashi.pw--my_zone
cf-cache-status: HIT
age: 405189
last-modified: Wed, 23 Nov 2022 04:21:02 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=GaR43SogLfxygS%2FFznF6yfMcfA9dal7aadCYZoShpkmWMMM36UWXDySboESZwvPaFPBmwpFoFCgtFX%2F8nAAGQFw%2BCLNZaA32K7vz4bdHAUmAmF%2B0nQTFcwxJKsVkKFnSdQA%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 770dc1f4d927778c-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
rz.nakadashi.pw/v/s://twitter.com/i/web/status/1002212444402528256/title/myhash/3
172.64.128.21200 OK 0 B URL HTTP/2 rz.nakadashi.pw/v/s://twitter.com/i/web/status/1002212444402528256/title/myhash/3
IP 172.64.128.21:0
Analyzer Verdict Alert fortinet Phishing
GET /v/s://twitter.com/i/web/status/1002212444402528256/title/myhash/3 HTTP/1.1
Host: rz.nakadashi.pw
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://en.xvideos-dl.top
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sun, 27 Nov 2022 20:54:12 GMT
content-type: text/html; charset=UTF-8
vary: Host,Accept-Encoding
pdo-line8: host-rz.nakadashi.pw127.0.0.1-myhost-127.0.0.1/v/s://twitter.com/i/web/status/1002212444402528256/title/myhash/3
phost: rz.nakadashi.pw
line1066: notjp-nakadashi-myhost--filteron-
pdo106: feedvid-, cachefileb-cacpdo1/f0/b0/9e2c48, lfm-1-1060, lmd-1060, lud-887594, xfvlen-1721081, fsize-891631, played-1430
access-control-allow-headers: X-Requested-With
cache-control: public, max-age=3600000
access-control-allow-origin: *
x-proxy-cache-5950: HIT
xkey-5950: rz./v/s://twitter.com/i/web/status/1002212444402528256/title/myhash/3-A-rz.nakadashi.pw--cacpdo0---yes
x-proxy-cache-la2: HIT
xkey-la2: rz./v/s://twitter.com/i/web/status/1002212444402528256/title/myhash/3-A-rz.nakadashi.pw--my_zone
cf-cache-status: MISS
last-modified: Sun, 27 Nov 2022 20:54:12 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=bXvlr4YtbdAXYEiHJanmlf09lB5AqgQBI%2BXO4dCLJQm84I1hkte5VgFFosVpHyWjeyf7%2FgOoUE7UbWzn%2B18dscjpr%2BjD%2FDvHOHC58r%2Bsta5g%2BAV8qnp9s53HpP6TtTAGQfA%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 770dc1f4b8ff778c-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
rz.nakadashi.pw/v/s://twitter.com/MSNBC/status/1529493365036916737/title/myhash/3
172.64.128.21200 OK 0 B URL HTTP/2 rz.nakadashi.pw/v/s://twitter.com/MSNBC/status/1529493365036916737/title/myhash/3
IP 172.64.128.21:0
Analyzer Verdict Alert fortinet Phishing
GET /v/s://twitter.com/MSNBC/status/1529493365036916737/title/myhash/3 HTTP/1.1
Host: rz.nakadashi.pw
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://en.xvideos-dl.top
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sun, 27 Nov 2022 20:54:11 GMT
content-type: text/html; charset=UTF-8
vary: Host,Accept-Encoding
pdo-line8: host-rz.nakadashi.pw127.0.0.1-myhost-127.0.0.1/v/s://twitter.com/MSNBC/status/1529493365036916737/title/myhash/3
phost: rz.nakadashi.pw
line1066: notjp-nakadashi-myhost--filteron-
pdo106: feedvid-, cachefileb-cacpdo2/29/0c/92dc48, lfm-1-32507, lmd-32507, lud-991448, xfvlen-1434534, fsize-583355, played-80
access-control-allow-headers: X-Requested-With
cache-control: public, max-age=3600000
access-control-allow-origin: *
x-proxy-cache-5950: MISS
xkey-5950: rz./v/s://twitter.com/MSNBC/status/1529493365036916737/title/myhash/3-A-rz.nakadashi.pw--cacpdo0---yes
x-proxy-cache-la2: HIT
xkey-la2: rz./v/s://twitter.com/MSNBC/status/1529493365036916737/title/myhash/3-A-rz.nakadashi.pw--my_zone
cf-cache-status: HIT
age: 850809
last-modified: Fri, 18 Nov 2022 00:34:02 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=4C%2F09WBHuQNVJAMo2Lv4HRvCr%2B%2F712PROEedXcW65aFkT2xmWONqQ7JT6lXGSIbCLIFScawr5yeXeSm0vzmRvHyDowrl%2FiJ6OfdmLfmqiwFfPtpyq4S1KScyN7sKEyrm6Js%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 770dc1f4d92b778c-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
video.twimg.com/ext_tw_video/996768156889862146/pu/vid/1280x720/Jwh7WQW792ZEyiJG.mp4?tag=3
151.101.84.158206 Partial Content 0 B URL HTTP/2 video.twimg.com/ext_tw_video/996768156889862146/pu/vid/1280x720/Jwh7WQW792ZEyiJG.mp4?tag=3
IP 151.101.84.158:0
GET /ext_tw_video/996768156889862146/pu/vid/1280x720/Jwh7WQW792ZEyiJG.mp4?tag=3 HTTP/1.1
Host: video.twimg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: video/webm,video/ogg,video/*;q=0.9,application/ogg;q=0.7,audio/*;q=0.6,*/*;q=0.5
Accept-Language: en-US,en;q=0.5
Range: bytes=0-
Connection: keep-alive
Sec-Fetch-Dest: video
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 206 Partial Content
perf: 7626143928
content-type: video/mp4
cache-control: max-age=604800, must-revalidate
last-modified: Wed, 16 May 2018 15:01:42 GMT
x-transaction-id: 8e140d74abc58593
timing-allow-origin: https://twitter.com, https://mobile.twitter.com
x-content-type-options: nosniff
strict-transport-security: max-age=631138519
access-control-allow-origin: *
access-control-expose-headers: Content-Length
accept-ranges: bytes
content-range: bytes 0-3824704/3824705
date: Sun, 27 Nov 2022 20:54:08 GMT
x-served-by: cache-lhr7323-LHR, cache-bma1673-BMA
x-cache: HIT, HIT
x-tw-cdn: FT
server-timing: x-cache;desc=HIT, x-tw-cdn;desc=FT
content-length: 3824705
X-Firefox-Spdy: h2