xfantazy.com/video/60e0061a89db0071206f8822
172.64.143.8302 Found 0 B URL HTTP/1.1 xfantazy.com/video/60e0061a89db0071206f8822
IP 172.64.143.8:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /video/60e0061a89db0071206f8822 HTTP/1.1
Host: xfantazy.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 302 Found
Date: Wed, 26 Oct 2022 05:38:58 GMT
Content-Length: 0
Connection: keep-alive
location: https://xfantazy.com/video/60e0061a89db0071206f8822
cache-control: no-cache
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=lYNODOnLhNcyIoMOuSGn2tUIAsn%2BEEKL3NRonkLQvFLl4%2FO1qqU7GFIYRCD1zlaGBxxAq%2Fvh0FdEcey3ZXPBD9Edon3%2B7TNclqCL6jPtV8%2F%2F4cesE6KQG0d1yxPH5gs%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 7600d94bdd8674b5-LHR
alt-svc: h2=":443"; ma=60
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash b3537658770790ad6cf0d727f0c0acd2
8365cadda05ef27b2ebd627d545e31886b512bde
df992311f130f15459739841de925c7eec2604d5a68ca6b2a67b6dc8d229212c
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "DF992311F130F15459739841DE925C7EEC2604D5A68CA6B2A67B6DC8D229212C"
Last-Modified: Mon, 24 Oct 2022 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4187
Expires: Wed, 26 Oct 2022 06:48:45 GMT
Date: Wed, 26 Oct 2022 05:38:58 GMT
Connection: keep-alive
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash c2bba4cad162918b17858b60e909e4d9
d9a1d4f7fb7635ab233ebbf776e6de1a2857032b
3a1d27ec3d034d6326b32f6054b6be46079a86a33e75d5a2a3796a0c4c5eadab
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4508
Cache-Control: max-age=104841
Content-Type: application/ocsp-response
Date: Wed, 26 Oct 2022 05:38:58 GMT
Etag: "6357acdf-1d7"
Expires: Thu, 27 Oct 2022 10:46:19 GMT
Last-Modified: Tue, 25 Oct 2022 09:31:11 GMT
Server: ECS (ska/F718)
X-Cache: HIT
Content-Length: 471
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash a39eea1096852891690eaee02a64383e
c273000f799fc3676e8e3ef3617611a31252cffc
d9d95319013d64bc2ef6d9870f4adba902ee970b6f9e96279c9ed86f556e0001
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "D9D95319013D64BC2EF6D9870F4ADBA902EE970B6F9E96279C9ED86F556E0001"
Last-Modified: Mon, 24 Oct 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3877
Expires: Wed, 26 Oct 2022 06:43:35 GMT
Date: Wed, 26 Oct 2022 05:38:58 GMT
Connection: keep-alive
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-11-19-18-50-54.chain
34.160.144.191200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-11-19-18-50-54.chain
IP 34.160.144.191:0
File type PEM certificate\012- , ASCII text
Hash 67d5a988edcda47bc3b3b3f65d32b4b6
d4f0e0da8b3690cc7da925026d3414b68c7d954f
55e4848e3ec682e808ce7ee70950f86179c43af4f81926d826a95edfda395a78
GET /chains/remote-settings.content-signature.mozilla.org-2022-11-19-18-50-54.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: As67gYWIWsr6Ks3iQqZihu/FQmHY+9VyGGE8R7dYTExE8q+LRimhAMR8mjZ9dTXYinRvJ2C4T2w=
x-amz-request-id: HSRHZBMV4TBDGS1G
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Wed, 26 Oct 2022 05:09:14 GMT
age: 1784
last-modified: Fri, 30 Sep 2022 18:50:55 GMT
etag: "67d5a988edcda47bc3b3b3f65d32b4b6"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
ocsp.pki.goog/s/gts1p5/PrU7zFTubJs
142.250.74.3200 OK 471 B URL HTTP/1.1 ocsp.pki.goog/s/gts1p5/PrU7zFTubJs
IP 142.250.74.3:0
Hash 58df2be764ccb8149231ff985a3318ec
b06100aab8f23724b4475bdba3726910d4bb1eec
004a90438548a24570e470eb885ae448d4aeb778dcaa37ad98f1160508885726
POST /s/gts1p5/PrU7zFTubJs HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 26 Oct 2022 05:38:58 GMT
Cache-Control: public, max-age=14400
Server: scaffolding on HTTPServer2
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Wed, 26 Oct 2022 05:38:58 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 518ff04fd536958e285cf07aaf4a2786
fa5dad2391c2a9957340bd629f0462db4f412a5c
608c78964412d5dc7025e9cbfaef345d448a29eae0f11257c49a41f274917b9a
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6442
Cache-Control: max-age=101711
Content-Type: application/ocsp-response
Date: Wed, 26 Oct 2022 05:38:59 GMT
Etag: "63579918-1d7"
Expires: Thu, 27 Oct 2022 09:54:10 GMT
Last-Modified: Tue, 25 Oct 2022 08:06:48 GMT
Server: ECS (ska/F718)
X-Cache: HIT
Content-Length: 471
ocsp.pki.goog/s/gts1p5/PrU7zFTubJs
142.250.74.3200 OK 471 B URL HTTP/1.1 ocsp.pki.goog/s/gts1p5/PrU7zFTubJs
IP 142.250.74.3:0
Hash 58df2be764ccb8149231ff985a3318ec
b06100aab8f23724b4475bdba3726910d4bb1eec
004a90438548a24570e470eb885ae448d4aeb778dcaa37ad98f1160508885726
POST /s/gts1p5/PrU7zFTubJs HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 26 Oct 2022 05:38:59 GMT
Cache-Control: public, max-age=14400
Server: scaffolding on HTTPServer2
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash 19132f29a8811a10f90eca2d81e5deb8
3b9e0bbf9f40f46b57dad5567b008e58b5770565
708aeab241760b108d60c1462b1979e59cf473242222e9270705ba70642b04f6
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 26 Oct 2022 05:38:59 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
push.services.mozilla.com/
52.89.136.7101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 52.89.136.7:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: hJDEpLJf86guUtZ563HLig==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: ySz6S6aoT/tkg6hpsZp8JjkZ36s=
xfantazy.com/video/60e0061a89db0071206f8822
172.64.142.8200 OK 32 kB URL HTTP/2 xfantazy.com/video/60e0061a89db0071206f8822
IP 172.64.142.8:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (18261)
Hash 9bf6b4f1dbc455628313f2f87fe64f74
1bdc5f5b8a1bb0e52e16385f68c3cc9acbb4f9f5
f34621619791d162e829391f2461e8192c82baf7eeeb05c171266c43bd6f7b6d
GET /video/60e0061a89db0071206f8822 HTTP/1.1
Host: xfantazy.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/2 200 OK
date: Wed, 26 Oct 2022 05:38:59 GMT
content-type: text/html; charset=utf-8
vary: Origin
set-cookie: visitorId=meueu3ejyvgofo9uolr7da; Domain=xfantazy.com; Path=/; Expires=Tue, 26 Oct 2032 05:38:58 GMT; HttpOnly
experiment-popup-payment-7=0; Path=/; Expires=Wed, 02 Nov 2022 05:38:58 GMT
experiment-save-to-button-2=0; Path=/; Expires=Wed, 02 Nov 2022 05:38:58 GMT
x-powered-by: Next.js
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2BjiBh9vZlPoxLshEDtDWEp%2Bis6PcRn3pozscpha7A9ch%2BsAMI98U1QDkZcWjPT7IPdMpQfJ%2FFFzWActk1Tnp86UgaCAqMN9p%2FzusvIXpSpA%2BJldrcNzYsLPctqNeZXE%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7600d94e7a67768b-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
xfantazy.com/_next/static/chunks/9.be198c87e436634bf765.js
172.64.142.8200 OK 11 kB URL HTTP/2 xfantazy.com/_next/static/chunks/9.be198c87e436634bf765.js
IP 172.64.142.8:0
File type ASCII text, with very long lines (40085), with no line terminators
Hash e2e85fefda0cc5c23e0d1e7ad02f58fe
f36ac53e51bf9d47d423b7b3b406cc04c005e387
30811f52390c944df7d25f891dba97112f5e847da65536d1cc9e53a609fb8e85
GET /_next/static/chunks/9.be198c87e436634bf765.js HTTP/1.1
Host: xfantazy.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/video/60e0061a89db0071206f8822
Cookie: visitorId=meueu3ejyvgofo9uolr7da; experiment-popup-payment-7=0; experiment-save-to-button-2=0
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Wed, 26 Oct 2022 05:38:59 GMT
content-type: application/javascript; charset=UTF-8
cf-bgj: minify
cache-control: public, max-age=31536000, immutable
etag: W/"9c95-17c56c3648d"
last-modified: Wed, 06 Oct 2021 18:00:18 GMT
vary: Origin, Accept-Encoding
cf-cache-status: HIT
age: 31500963
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=zoTkPJhLQu57gjxk2eVJKwmYILk0n9syvVV37PhIIpPz5pckWY9ikVDMDpGyLAM4HxUGLxmxgD6mFtzM91tHAA8h52kvuvcrSe4iCL2Yo3Qj5E4tFAT8%2B7ICN6m3pGQ%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7600d952f84d768b-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash e4f7139b125683bac76c2b5638a1a643
2f84ea7104d659754e5962f88f504a7189f6f914
c9c550489201a92e8bbe162bca49d4aa6b21fa22b254a6a29502186423b3b579
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 26 Oct 2022 05:38:59 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
static-cache.k2s.cc/thumbnail/LLnG6HH1zvi5_Dqe_g/w320h240/0.jpeg
188.72.235.184200 OK 11 kB URL HTTP/2 static-cache.k2s.cc/thumbnail/LLnG6HH1zvi5_Dqe_g/w320h240/0.jpeg
IP 188.72.235.184:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v80), quality = 80", baseline, precision 8, 320x240, components 3\012- data
Hash 5c4177b2975228c94a5de3950f9f6e9e
1417b78a9ab7118a3dab03875f12f2748b77fb7c
713ecb3855dc8a0a57497f2163f1477fd2c3f80c5d3b4b00ca3a103e5c7b4389
GET /thumbnail/LLnG6HH1zvi5_Dqe_g/w320h240/0.jpeg HTTP/1.1
Host: static-cache.k2s.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: openresty
date: Wed, 26 Oct 2022 05:38:59 GMT
content-type: image/jpeg
content-length: 11176
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
strict-transport-security: max-age=15768000; preload
x-cache-status: HIT, HIT
X-Firefox-Spdy: h2
xfantazy.com/_next/static/M4935t4SEcOsE8Gz67yk_/pages/_app.js
172.64.142.8200 OK 92 kB URL HTTP/2 xfantazy.com/_next/static/M4935t4SEcOsE8Gz67yk_/pages/_app.js
IP 172.64.142.8:0
File type ASCII text, with very long lines (65536), with no line terminators
Hash d3c98f44f704263b42b4460908da1106
af03df64588391b6db28f78251c88546ddfaad9a
28e0cf2f0f00e66d827b765dcc31d4b3c6ec4ad6de3b2d8f5f290225cca92f8a
GET /_next/static/M4935t4SEcOsE8Gz67yk_/pages/_app.js HTTP/1.1
Host: xfantazy.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/video/60e0061a89db0071206f8822
Cookie: visitorId=meueu3ejyvgofo9uolr7da; experiment-popup-payment-7=0; experiment-save-to-button-2=0
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Wed, 26 Oct 2022 05:38:59 GMT
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=31536000, immutable
cf-bgj: minify
etag: W/"20e2f-1835015f20e"
last-modified: Sun, 18 Sep 2022 10:12:39 GMT
vary: Origin, Accept-Encoding
cf-cache-status: HIT
age: 3266123
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=pyMaanPtFzMOJB%2FXv7CsaBx%2B7cl9GJzWgjLyq4eXHY7yXNp5x2zlWK6MWNAPaxsiwdxAQhcU8icwg%2B9LPMtt1VqXXaZqF4oU9RxgmOxPpDVrpK2rB3mOcfo6J57ZMLE%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7600d952f83f768b-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
static-cache.k2s.cc/thumbnail/d-qV6COuyfy4_z7FrA/w320h240/0.jpeg
188.72.235.184200 OK 15 kB URL HTTP/2 static-cache.k2s.cc/thumbnail/d-qV6COuyfy4_z7FrA/w320h240/0.jpeg
IP 188.72.235.184:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v80), quality = 80", baseline, precision 8, 320x240, components 3\012- data
Hash 8e335d2bc1c8ad70f9546bd4db147ef3
3122500b027e7c2e61a3ac923cba48664e37f289
38e2fd462ac2d15dceb0eac403210afc21efa138670ac10e04c3211fec9d4e82
GET /thumbnail/d-qV6COuyfy4_z7FrA/w320h240/0.jpeg HTTP/1.1
Host: static-cache.k2s.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: openresty
date: Wed, 26 Oct 2022 05:38:59 GMT
content-type: image/jpeg
content-length: 15359
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
strict-transport-security: max-age=15768000; preload
x-cache-status: MISS, HIT
X-Firefox-Spdy: h2
static-cache.k2s.cc/thumbnail/cL_F6H-imfju-TWXrg/w320h240/0.jpeg
188.72.235.184200 OK 9.8 kB URL HTTP/2 static-cache.k2s.cc/thumbnail/cL_F6H-imfju-TWXrg/w320h240/0.jpeg
IP 188.72.235.184:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v80), quality = 80", baseline, precision 8, 320x240, components 3\012- data
Hash 19c07108c9cea7a33295de7b5f4aa436
269f856b7a046463a953855723147dc9be271baf
b5933cca8f1eaec3148b9b811033240a87b4bb638b3f8bc21fd8a51c6e2022f3
GET /thumbnail/cL_F6H-imfju-TWXrg/w320h240/0.jpeg HTTP/1.1
Host: static-cache.k2s.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: openresty
date: Wed, 26 Oct 2022 05:38:59 GMT
content-type: image/jpeg
content-length: 9754
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
strict-transport-security: max-age=15768000; preload
x-cache-status: MISS, HIT
X-Firefox-Spdy: h2
fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2
216.58.207.195200 OK 16 kB URL HTTP/2 fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2
IP 216.58.207.195:0
File type Web Open Font Format (Version 2), TrueType, length 15744, version 1.0\012- data
Hash 15d9f621c3bd1599f0169dcf0bd5e63e
7ca9c5967f3bb8bffeab24b639b49c1e7d03fa52
f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615
GET /s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://xfantazy.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15744
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 19 Oct 2022 19:34:08 GMT
expires: Thu, 19 Oct 2023 19:34:08 GMT
cache-control: public, max-age=31536000
age: 554691
last-modified: Wed, 11 May 2022 19:24:48 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
xfantazy.com/_next/static/chunks/commons.9b890646c0aa33eb63fe.js
172.64.142.8200 OK 416 kB URL HTTP/2 xfantazy.com/_next/static/chunks/commons.9b890646c0aa33eb63fe.js
IP 172.64.142.8:0
File type ASCII text, with very long lines (65536), with no line terminators
Size 416 kB (416144 bytes)
Hash 23b8ba236ee14d8880a0be43910072ac
d7d78fa52ff2fc29170e7cddc71171d538e3cc01
b6c4fa0936cecc9f209bc802f60f3e62f2b254316de89a340c492729131381fa
GET /_next/static/chunks/commons.9b890646c0aa33eb63fe.js HTTP/1.1
Host: xfantazy.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/video/60e0061a89db0071206f8822
Cookie: visitorId=meueu3ejyvgofo9uolr7da; experiment-popup-payment-7=0; experiment-save-to-button-2=0
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Wed, 26 Oct 2022 05:38:59 GMT
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=31536000, immutable
cf-bgj: minify
cf-polished: origSize=1388386
etag: W/"152f62-1826d2c11bc"
last-modified: Fri, 05 Aug 2022 08:43:00 GMT
vary: Origin, Accept-Encoding
cf-cache-status: HIT
age: 7073695
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Uty6w8IPlfmIRxQtwnnd9g6yKevXvRdhmx8UktlmARHez6OPgHm4z03uZ%2FD2akGinYzeJoDe8%2BRc1fHG6Vp58CaoWucP3phUyF7IvhOiemHSmpVq%2F55k3xiZ%2BQLSxDM%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7600d952f842768b-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash e7f1de4025eee44eed5a0ada1e998d6c
fd8bfad40b964ffd3534ac3aff68aaf31d38ba37
fba4107e5627b68a00dc9c31a657be714c85dc7c648b8e8e1c7373cc305f8228
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 26 Oct 2022 05:38:59 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
static-cache.k2s.cc/thumbnail/J7ma73Wvm_jk_W_FrQ/w320h240/0.jpeg
188.72.235.184200 OK 18 kB URL HTTP/2 static-cache.k2s.cc/thumbnail/J7ma73Wvm_jk_W_FrQ/w320h240/0.jpeg
IP 188.72.235.184:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v80), quality = 80", baseline, precision 8, 320x240, components 3\012- data
Hash d5d36839c62cdd2a947ea15fab1c37df
d01c52e68da772120289b18152c5dae42b5ea227
aa9b8c9d4e19e9cc889266946c385ffda0d7cdf0dc5f1e6f2869db763d798a97
GET /thumbnail/J7ma73Wvm_jk_W_FrQ/w320h240/0.jpeg HTTP/1.1
Host: static-cache.k2s.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: openresty
date: Wed, 26 Oct 2022 05:38:59 GMT
content-type: image/jpeg
content-length: 17767
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
strict-transport-security: max-age=15768000; preload
x-cache-status: HIT, HIT
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash e4f7139b125683bac76c2b5638a1a643
2f84ea7104d659754e5962f88f504a7189f6f914
c9c550489201a92e8bbe162bca49d4aa6b21fa22b254a6a29502186423b3b579
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 26 Oct 2022 05:38:59 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.sectigo.com/
104.18.32.68200 OK 472 B IP 104.18.32.68:0
Hash 5a00020f45eb623ab49ea989e62a6762
4e92af7d3b53936d8e321a4a000ca4874fecf648
043dfc1bc3212ad6ee1ce917a31f098520c4b4025dc0187b5f4cbc2c3d8c57bb
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Wed, 26 Oct 2022 05:38:59 GMT
Content-Type: application/ocsp-response
Content-Length: 472
Connection: keep-alive
Last-Modified: Tue, 25 Oct 2022 15:14:21 GMT
Expires: Tue, 01 Nov 2022 15:14:20 GMT
Etag: "4e92af7d3b53936d8e321a4a000ca4874fecf648"
Cache-Control: max-age=552320,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb1
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 7600d9538e730b49-OSL
xfantazy.com/_next/static/runtime/main-8daa673a54696bb62abb.js
172.64.142.8200 OK 26 kB URL HTTP/2 xfantazy.com/_next/static/runtime/main-8daa673a54696bb62abb.js
IP 172.64.142.8:0
File type ASCII text, with very long lines (65536), with no line terminators
Hash 815c92a3be642e73b7d539ef2d8f1a24
e11e7998c71ca973617327b6e3236b3065a680fe
817d8447a65c31544e98295794eaa21a7d24400483ee6eec4eeeacede6b06983
GET /_next/static/runtime/main-8daa673a54696bb62abb.js HTTP/1.1
Host: xfantazy.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/video/60e0061a89db0071206f8822
Cookie: visitorId=meueu3ejyvgofo9uolr7da; experiment-popup-payment-7=0; experiment-save-to-button-2=0
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Wed, 26 Oct 2022 05:38:59 GMT
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=31536000, immutable
cf-bgj: minify
etag: W/"11cd7-18350160ab4"
last-modified: Sun, 18 Sep 2022 10:12:45 GMT
vary: Origin, Accept-Encoding
cf-cache-status: HIT
age: 1198103
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=EU4VKVZO9Q35O%2BLJhK7D%2F8sGIV%2BGGRm3B9Gj%2B3pd3jYAFRMynHP9t%2BtBdLcYkJzCO2MT8BtS7TGjc5f0NXJ9aWvB3Avbj0zvdJyiTG5PRzSuG8doNxOXd3VdcAeDdhA%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7600d95318ba768b-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.sectigo.com/
104.18.32.68200 OK 472 B IP 104.18.32.68:0
Hash 5a00020f45eb623ab49ea989e62a6762
4e92af7d3b53936d8e321a4a000ca4874fecf648
043dfc1bc3212ad6ee1ce917a31f098520c4b4025dc0187b5f4cbc2c3d8c57bb
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Wed, 26 Oct 2022 05:38:59 GMT
Content-Type: application/ocsp-response
Content-Length: 472
Connection: keep-alive
Last-Modified: Tue, 25 Oct 2022 15:14:21 GMT
Expires: Tue, 01 Nov 2022 15:14:20 GMT
Etag: "4e92af7d3b53936d8e321a4a000ca4874fecf648"
Cache-Control: max-age=552320,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb4
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 7600d9538d510b69-OSL
xfantazy.com/_next/static/runtime/webpack-f4d22593ad73f080a168.js
172.64.142.8200 OK 6.0 kB URL HTTP/2 xfantazy.com/_next/static/runtime/webpack-f4d22593ad73f080a168.js
IP 172.64.142.8:0
File type ASCII text, with very long lines (12210), with no line terminators
Hash 076a37949de84e93512b6ade94321457
291b8f58f9d16954ba44445ee9d111de0f27f0b4
8e0db562c1ccee7f7f35865f12537b4649fbe4eac9a76cb93251401058ded015
GET /_next/static/runtime/webpack-f4d22593ad73f080a168.js HTTP/1.1
Host: xfantazy.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/video/60e0061a89db0071206f8822
Cookie: visitorId=meueu3ejyvgofo9uolr7da; experiment-popup-payment-7=0; experiment-save-to-button-2=0
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Wed, 26 Oct 2022 05:38:59 GMT
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=31536000, immutable
cf-bgj: minify
etag: W/"2fb2-1826d2bb0af"
last-modified: Fri, 05 Aug 2022 08:42:36 GMT
vary: Origin, Accept-Encoding
cf-cache-status: HIT
age: 7073695
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=oxWZQf6OZQzl3q79sUaXGND5fQSOcZnTRBBfTsSqgdlyH4C%2Fp3oa%2BDW8BdP8278Q2y3%2Flr3U%2FSB%2FVXmAUE2Ra5vU3t%2BvmYtbQ3WaYkcqtLIEvCHSRPHuwV7jlTXYMvc%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7600d9530877768b-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
www.google-analytics.com/analytics.js
142.250.74.174200 OK 20 kB URL HTTP/2 www.google-analytics.com/analytics.js
IP 142.250.74.174:0
File type ASCII text, with very long lines (1325)
Hash 47e6f374ca946fddd5b59871b325736c
baa9282efc8785e84d247c3bff518eaa45f101c4
16580b5c87c58e5702e411f1888fdef511094e4cd6d62bb47d16291ffb25985e
GET /analytics.js HTTP/1.1
Host: www.google-analytics.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 20039
date: Wed, 26 Oct 2022 04:41:09 GMT
expires: Wed, 26 Oct 2022 06:41:09 GMT
cache-control: public, max-age=7200
age: 3471
last-modified: Tue, 27 Sep 2022 22:01:05 GMT
content-type: text/javascript
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
cdn.jsdelivr.net/npm/yandex-metrica-watch/tag.js
151.101.85.229200 OK 85 kB URL HTTP/2 cdn.jsdelivr.net/npm/yandex-metrica-watch/tag.js
IP 151.101.85.229:0
File type Unicode text, UTF-8 (with BOM) text, with very long lines (587)
Hash fbfd766ebfca8f75b9875252a78addce
ca2110b00b852006b5737393b15a010d3293e764
d448f5b8fe10825d00cf6397079c3664cbfdf3c0830e6e79ce1836b9fc18ca3f
GET /npm/yandex-metrica-watch/tag.js HTTP/1.1
Host: cdn.jsdelivr.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: *
timing-allow-origin: *
cache-control: public, max-age=604800, s-maxage=43200
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/javascript; charset=utf-8
x-jsd-version: 1.248.0
x-jsd-version-type: version
etag: W/"346fc-af2z7qF2rEuERVVyudEDx70SML4"
content-encoding: gzip
accept-ranges: bytes
date: Wed, 26 Oct 2022 05:39:00 GMT
age: 30466
x-served-by: cache-fra19157-FRA, cache-bma1653-BMA
x-cache: HIT, HIT
vary: Accept-Encoding
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 85147
X-Firefox-Spdy: h2
ocsp.globalsign.com/ca/gsatlasr3dvtlsca2022q1
104.18.21.226200 OK 2.8 kB URL HTTP/1.1 ocsp.globalsign.com/ca/gsatlasr3dvtlsca2022q1
IP 104.18.21.226:0
Hash a729ce25686b1b9385d42a9a8b789fc0
791753384b13cd745693c0e5a15e92fa5180c0db
4427222440af8841bc02429f9c20940f8189f9a8f783f9d7a8fafec46b5bb1a0
POST /ca/gsatlasr3dvtlsca2022q1 HTTP/1.1
Host: ocsp.globalsign.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Wed, 26 Oct 2022 05:39:00 GMT
Content-Type: application/ocsp-response
Transfer-Encoding: chunked
Connection: keep-alive
Etag: "6D6DCE4143DD86FDB1E74F482E8508AA5D980D08"
Expires: Wed, 26 Oct 2022 16:00:00 GMT
Last-Modified: Wed, 26 Oct 2022 04:00:00 UTC
Cache-Control: s-maxage=3600, public, no-transform, must-revalidate
CF-Cache-Status: HIT
Age: 761
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 7600d957caffb503-OSL
a.focusde.info/zRdVuw7.js
135.181.208.216200 OK 34 kB URL HTTP/2 a.focusde.info/zRdVuw7.js
IP 135.181.208.216:0
ASN #24940 Hetzner Online GmbH
File type Unicode text, UTF-8 text, with very long lines (37787), with NEL line terminators
Hash d011077c91262c2fadb88f4641078818
c55158a77ddf5bd4d5e7db5ea6a9d490ad276377
d692317624623adc15131422c1f1ffc8b41dc5ba8b28fe6e3a9e7cdfb5d0aed8
GET /zRdVuw7.js HTTP/1.1
Host: a.focusde.info
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Wed, 26 Oct 2022 05:39:00 GMT
content-type: application/javascript
content-length: 34403
expires: Sun, 22 Oct 2023 11:33:09 GMT
content-encoding: gzip
last-modified: Sat, 22 Oct 2022 11:28:35 GMT
etag: "6353d3e3-8663"
cache-control: max-age=315360000, public
x-hw: 1666438389.dop228.am5.t,1666438389.cds267.am5.c
access-control-allow-origin: *
x-frame-options: DENY
x-content-type-options: nosniff
accept-ranges: bytes
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash d68830f33c12f2aa839ecd5c96146bb2
c4eca00dde1d737943bc2980b58a7288c06f808c
0b8dd5b33360dae55b75de1bb81fc9404103824c8d987372d1c44f425052f0d7
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 26 Oct 2022 05:39:01 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 358ecd0ec047d700042e2a62f9847199
7bf4c552f47536fe451dc6ccfb0930c592084ef9
e14317aace5d64e9901867578379dd4dd4252b059070d37722f82ebb2e649d27
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "E14317AACE5D64E9901867578379DD4DD4252B059070D37722F82EBB2E649D27"
Last-Modified: Mon, 24 Oct 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=13522
Expires: Wed, 26 Oct 2022 09:24:23 GMT
Date: Wed, 26 Oct 2022 05:39:01 GMT
Connection: keep-alive
xfantazy.com/_next/static/chunks/7.38d845e9473548212694.js
172.64.142.8200 OK 503 B URL HTTP/2 xfantazy.com/_next/static/chunks/7.38d845e9473548212694.js
IP 172.64.142.8:0
Hash 358ecd0ec047d700042e2a62f9847199
7bf4c552f47536fe451dc6ccfb0930c592084ef9
e14317aace5d64e9901867578379dd4dd4252b059070d37722f82ebb2e649d27
GET /_next/static/chunks/7.38d845e9473548212694.js HTTP/1.1
Host: xfantazy.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/video/60e0061a89db0071206f8822
Cookie: visitorId=meueu3ejyvgofo9uolr7da; experiment-popup-payment-7=0; experiment-save-to-button-2=0
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Wed, 26 Oct 2022 05:38:59 GMT
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=31536000, immutable
cf-bgj: minify
etag: W/"97ba-1826d2c11c0"
last-modified: Fri, 05 Aug 2022 08:43:00 GMT
vary: Origin, Accept-Encoding
cf-cache-status: HIT
age: 4645963
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=mIeXUyjEH%2B4Ze9g2Zh7YDTJ8nivMvhAy3QVo4uTJAf6DPJYqQjWCaQ%2B5xR%2FJduFykQLhT3N9LY5yHoXXZe70841IiBgc5DsAX9X3rJ98ThZk1qsdnQhb1tfLHK5qd%2FA%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7600d952f848768b-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
xfantazy.com/_next/static/chunks/16.2fcecc4fbe403da70f1d.js
172.64.142.8200 OK 6.8 kB URL HTTP/2 xfantazy.com/_next/static/chunks/16.2fcecc4fbe403da70f1d.js
IP 172.64.142.8:0
File type ASCII text, with very long lines (20298), with no line terminators
Hash f72282a8f10f5968900972613d480d09
f7ee9ae4a8149d8cd4b108e282b1cdb7c9bb8814
99b55a66ec3a1d175fafd1c57fbb3d36331e526e538595fa8468ffb62436bb49
GET /_next/static/chunks/16.2fcecc4fbe403da70f1d.js HTTP/1.1
Host: xfantazy.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/video/60e0061a89db0071206f8822
Cookie: visitorId=meueu3ejyvgofo9uolr7da; experiment-popup-payment-7=0; experiment-save-to-button-2=0
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Wed, 26 Oct 2022 05:38:59 GMT
content-type: application/javascript; charset=UTF-8
cf-bgj: minify
cache-control: public, max-age=31536000, immutable
etag: W/"4f4a-17c56c34819"
last-modified: Wed, 06 Oct 2021 18:00:11 GMT
vary: Origin, Accept-Encoding
cf-cache-status: HIT
age: 31500964
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2FU%2BIiWwYsuE7%2BP0R%2FXvmWF%2FjeydiePExT4ujoiLpINC7aTaVs4FP3ivKmc7DkzG0fJZurfsDFerO08q%2Fgn1F96xz2qPCIiPD5upGVWGBBnoF9Ykv7mtPtZ8JWYn8qww%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7600d952f854768b-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j98&tid=UA-121614197-2&cid=865280008.1666762738&jid=1211359087&gjid=114015033&_gid=987962311.1666762738&_u=YGBAiEABBAAAAEAAI~&z=1972246941
173.194.222.157200 OK 1 B URL HTTP/2 stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j98&tid=UA-121614197-2&cid=865280008.1666762738&jid=1211359087&gjid=114015033&_gid=987962311.1666762738&_u=YGBAiEABBAAAAEAAI~&z=1972246941
IP 173.194.222.157:0
File type very short file (no magic)
Hash c4ca4238a0b923820dcc509a6f75849b
356a192b7913b04c54574d18c28d46e6395428ab
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
POST /j/collect?t=dc&aip=1&_r=3&v=1&_v=j98&tid=UA-121614197-2&cid=865280008.1666762738&jid=1211359087&gjid=114015033&_gid=987962311.1666762738&_u=YGBAiEABBAAAAEAAI~&z=1972246941 HTTP/1.1
Host: stats.g.doubleclick.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 0
Origin: https://xfantazy.com
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: https://xfantazy.com
strict-transport-security: max-age=10886400; includeSubDomains; preload
date: Wed, 26 Oct 2022 05:39:01 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
last-modified: Sun, 17 May 1998 03:00:00 GMT
access-control-allow-credentials: true
x-content-type-options: nosniff
content-type: text/plain
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 1
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F710265b5-7594-45dd-ae3b-49cf84887c51.jpeg
34.120.237.76200 OK 8.0 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F710265b5-7594-45dd-ae3b-49cf84887c51.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 656b64fb178a96cdeab7d54d0d3df5ba
f628269fc4ba16b1c4b11a8bc965a7dba93755cb
eb1126cfc2a686ea8d845a4898d904a133ff3284578f3a42a45fe01138df6c8c
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F710265b5-7594-45dd-ae3b-49cf84887c51.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7971
x-amzn-requestid: d7e1e331-09cc-4bdd-83a3-594b65e50d79
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: alK-TEWXIAMFoCA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6358585b-6e2c04ed0d36eea85de94a22;Sampled=0
x-amzn-remapped-date: Tue, 25 Oct 2022 21:42:51 GMT
x-amz-cf-pop: SEA19-C1, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: XHxcZGaZvSBzOOUBp85RIirtQl05uAQ-b-Lzy0LOjav3avtSzXPPIA==
via: 1.1 c9b161639a9353c2354b895548ea9fca.cloudfront.net (CloudFront), 1.1 ee330666adf9f04c8c30094f8ddcd004.cloudfront.net (CloudFront), 1.1 google
date: Tue, 25 Oct 2022 21:49:21 GMT
age: 28180
etag: "f628269fc4ba16b1c4b11a8bc965a7dba93755cb"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
ocsp.globalsign.com/gseccovsslca2018
104.18.21.226200 OK 938 B URL HTTP/1.1 ocsp.globalsign.com/gseccovsslca2018
IP 104.18.21.226:0
Hash 2f8d53df55db4d371bc0e81f52e7418a
67a679d8bd31d6319186c9bebceed9f9f33f9758
f35430450cff0ff591b750cec59554ec84c4d96971aec47cdc8d44503edff903
POST /gseccovsslca2018 HTTP/1.1
Host: ocsp.globalsign.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 79
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Wed, 26 Oct 2022 05:39:01 GMT
Content-Type: application/ocsp-response
Content-Length: 938
Connection: keep-alive
Expires: Sun, 30 Oct 2022 03:19:12 GMT
ETag: "67a679d8bd31d6319186c9bebceed9f9f33f9758"
Last-Modified: Wed, 26 Oct 2022 03:19:13 GMT
Cache-Control: public, no-transform, must-revalidate, s-maxage=3600
CF-Cache-Status: HIT
Age: 217
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 7600d95bceb8b503-OSL
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5da11cdb-c8be-46f4-95b0-792c49d930a7.jpeg
34.120.237.76200 OK 8.6 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5da11cdb-c8be-46f4-95b0-792c49d930a7.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 5987bcd44ab0db5313aa4f409a8a212f
691a36cde98a9fe1660745dd811e0be2ae67036c
e47ce3587c647b52669f675dc7e84e21555f82138091fb04febc951b4c06ba30
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5da11cdb-c8be-46f4-95b0-792c49d930a7.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8553
x-amzn-requestid: 69931a9c-027e-428e-a88d-61c5fac64daa
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: alJ2iEnzoAMFZAA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63585690-12c78c5157fb3fa41a13548c;Sampled=0
x-amzn-remapped-date: Tue, 25 Oct 2022 21:35:12 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: E4t7XezEVl1x_4sbidtDPjCuZoCh7N01y7ZeYZWlAL1w8ut4Qx95TA==
via: 1.1 e291f351a18746d40754b367095a2872.cloudfront.net (CloudFront), 1.1 2f7934de1dfe281c3e4446892eab6462.cloudfront.net (CloudFront), 1.1 google
date: Tue, 25 Oct 2022 21:46:50 GMT
age: 28331
etag: "691a36cde98a9fe1660745dd811e0be2ae67036c"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc635673e-499c-4d9c-8bc5-a713fb19e221.jpeg
34.120.237.76200 OK 14 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc635673e-499c-4d9c-8bc5-a713fb19e221.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash b946c4f2f177828cf7b76c5764e97157
c3856686b98e1883133aa1824c496d34512769a0
be818a015fc9c745ea561a0b9c2aca6ba25ade24acd696fa651163d47b195371
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc635673e-499c-4d9c-8bc5-a713fb19e221.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 13796
x-amzn-requestid: 90b1e032-78c6-499d-b564-f25c15e20304
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: alJ2OG0SoAMFx-w=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6358568e-599d0f526fc6a01f77b67dcf;Sampled=0
x-amzn-remapped-date: Tue, 25 Oct 2022 21:35:10 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: qxBQMJAnYNJVLBf5LSOTC7v3hPl9sh-G-OIqrK7d5KpdVITaQCcGMA==
via: 1.1 d1151317ba32afe0e6370fd69fed222e.cloudfront.net (CloudFront), 1.1 e95ec8f1dc02e32f0cb9e113963ceb4e.cloudfront.net (CloudFront), 1.1 google
date: Tue, 25 Oct 2022 21:47:18 GMT
age: 28303
etag: "c3856686b98e1883133aa1824c496d34512769a0"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Feac38eda-2bed-4703-8560-7d07ad90dabc.webp
34.120.237.76200 OK 3.3 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Feac38eda-2bed-4703-8560-7d07ad90dabc.webp
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 494a826ce7609ee5cc8157ea5de5f4f7
3d28f2daeef33f37c91bd26cb527793288635103
09f702f40e29e6b0c27abc5c7bb4605e504453b543c92805ba4045bd3d65c4d0
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Feac38eda-2bed-4703-8560-7d07ad90dabc.webp HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 3337
x-amzn-requestid: 5a06b710-2b88-435e-8863-3e0e58742e6d
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: alJ21FjooAMFp8Q=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63585691-2adc1ac2375e087b20ad0e32;Sampled=0
x-amzn-remapped-date: Tue, 25 Oct 2022 21:35:13 GMT
x-amz-cf-pop: SEA73-P2, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: iVIdtyyk_ph8AiTsWdQgDfWFHVIMh2pw4yrkufwogd3rsZFXwslwkg==
via: 1.1 a8e5d5aeee6eacca5c379e5059b1f68c.cloudfront.net (CloudFront), 1.1 ebe4011a81a36e2bf678f69ce1711330.cloudfront.net (CloudFront), 1.1 google
date: Tue, 25 Oct 2022 21:46:52 GMT
age: 28329
etag: "3d28f2daeef33f37c91bd26cb527793288635103"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6fe27cf2-33a8-42cc-a8cd-f5e804e60e26.jpeg
34.120.237.76200 OK 7.9 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6fe27cf2-33a8-42cc-a8cd-f5e804e60e26.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash c3ae78510434fd68063fc144bf614382
3bb87ca5274ce9f6d81da60ab940d23ccd12843b
f42d89328435cb37cba1111903a6bd5e900857d0942e1506ea2115b4e6301541
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6fe27cf2-33a8-42cc-a8cd-f5e804e60e26.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7929
x-amzn-requestid: 6324abd6-8e27-4903-8bfc-a0fc6a8625be
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: alK9LEeoIAMF5mg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63585854-2900343b1ae208a903fe58fd;Sampled=0
x-amzn-remapped-date: Tue, 25 Oct 2022 21:42:44 GMT
x-amz-cf-pop: SEA19-C1, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: 5MR4UzoW6rVsSpEyPAWrcFb2LCRICaG-toy3JflaXRrzZwcgMs48VQ==
via: 1.1 331202b5b8aab67acbf389883133f256.cloudfront.net (CloudFront), 1.1 5397b304713f6301c7c94ac084b6ed08.cloudfront.net (CloudFront), 1.1 google
date: Tue, 25 Oct 2022 21:49:35 GMT
age: 28166
etag: "3bb87ca5274ce9f6d81da60ab940d23ccd12843b"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fadc5382d-fbb1-4d8e-8ee0-d7dcda16508e.jpeg
34.120.237.76200 OK 4.5 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fadc5382d-fbb1-4d8e-8ee0-d7dcda16508e.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 91ee720c15dc69de45080d0c951353af
5292b31a99d90bcb7071f327b93d52034bdf9dcb
7fbe9f0f6db08fd539f2e8d4ac22e3b4d5ca14f7cde69f8424cce8b361d026e6
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fadc5382d-fbb1-4d8e-8ee0-d7dcda16508e.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 4524
x-amzn-requestid: a493efe7-11c7-4032-b36b-7f838f8180bc
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: aljicH_6IAMFqpQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63587fa9-0f15eae7680ea7b15e5e47ec;Sampled=0
x-amzn-remapped-date: Wed, 26 Oct 2022 00:30:33 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: OV7g4Y4fcQGijljebzHQtnpKdcPKw6LTxqORxxBJL2lFPYQLLoyNuQ==
via: 1.1 c34da255183aa208dd1c722ff211f9b2.cloudfront.net (CloudFront), 1.1 31119c39c5a6dc62dfa1fe940afd7be2.cloudfront.net (CloudFront), 1.1 google
date: Wed, 26 Oct 2022 00:34:40 GMT
age: 18261
etag: "5292b31a99d90bcb7071f327b93d52034bdf9dcb"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash d68830f33c12f2aa839ecd5c96146bb2
c4eca00dde1d737943bc2980b58a7288c06f808c
0b8dd5b33360dae55b75de1bb81fc9404103824c8d987372d1c44f425052f0d7
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 26 Oct 2022 05:39:01 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
d192r5l88wrng7.cloudfront.net/?rwlrd=961956
54.230.245.4200 OK 112 kB URL HTTP/2 d192r5l88wrng7.cloudfront.net/?rwlrd=961956
IP 54.230.245.4:0
File type Unicode text, UTF-8 text, with very long lines (15952)
Size 112 kB (111915 bytes)
Hash 4c3131480bd361325a8f0e9c4d639a30
cf30765965b2a6bc11192c92a28ae76d2aee3847
7a9fc6604ac6d4f31c72715f3ab568e7d8d5edec29f06b05f79cb90fe2922a20
GET /?rwlrd=961956 HTTP/1.1
Host: d192r5l88wrng7.cloudfront.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-length: 111915
date: Wed, 26 Oct 2022 05:39:01 GMT
access-control-allow-origin: *
cache-control: no-store, no-cache, proxy-revalidate, must-revalidate, private, no-transform
content-encoding: gzip
pragma: no-cache
x-cache: Miss from cloudfront
via: 1.1 6259d2cd8a5947ad41a420527bbed7a6.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: Lg4d-QwTz8uqppo3YJOwJMrnXPTYCj9vjXjBx4Vztiml3frsxgTT0w==
X-Firefox-Spdy: h2
ocsp.pki.goog/s/gts1p5/bmiDRxqR27w
142.250.74.3200 OK 471 B URL HTTP/1.1 ocsp.pki.goog/s/gts1p5/bmiDRxqR27w
IP 142.250.74.3:0
Hash b6048b646139ddc5cbfa86a0117dfcfe
deaeae3de84e324b7062eb190daf184ea7254b69
e4adb7b8241681efe2409196c40482b21690d47587c8fdeb81153d5f56f608f0
POST /s/gts1p5/bmiDRxqR27w HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 26 Oct 2022 05:39:01 GMT
Cache-Control: public, max-age=14400
Server: scaffolding on HTTPServer2
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/s/gts1p5/bmiDRxqR27w
142.250.74.3200 OK 471 B URL HTTP/1.1 ocsp.pki.goog/s/gts1p5/bmiDRxqR27w
IP 142.250.74.3:0
Hash b6048b646139ddc5cbfa86a0117dfcfe
deaeae3de84e324b7062eb190daf184ea7254b69
e4adb7b8241681efe2409196c40482b21690d47587c8fdeb81153d5f56f608f0
POST /s/gts1p5/bmiDRxqR27w HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 26 Oct 2022 05:39:01 GMT
Cache-Control: public, max-age=14400
Server: scaffolding on HTTPServer2
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/s/gts1p5/bmiDRxqR27w
142.250.74.3200 OK 471 B URL HTTP/1.1 ocsp.pki.goog/s/gts1p5/bmiDRxqR27w
IP 142.250.74.3:0
Hash b6048b646139ddc5cbfa86a0117dfcfe
deaeae3de84e324b7062eb190daf184ea7254b69
e4adb7b8241681efe2409196c40482b21690d47587c8fdeb81153d5f56f608f0
POST /s/gts1p5/bmiDRxqR27w HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 26 Oct 2022 05:39:01 GMT
Cache-Control: public, max-age=14400
Server: scaffolding on HTTPServer2
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
htthereflewove.xyz/N1IzRUlWMFAodlZvUWM8RT4OYHtxdwEDLQZrATd8W2oLMjtZNQRrKls9RiEvRT1dMWdZN0dge3E6V3U9RR91Lhx9E2USE1AfWgE+BjViHTlkEGR8G34AWyMHQDYBBHhuAHcdOlExVHEddSsKLwYGFxZ3D3IEYS4bBWJ7EB1UA1cueGEcSxd7YDpqcQxOPmQHAQ8WfDIbVQhyDCVzY2Zge3EaWhAGYRoLBgJbCFcLLgc7cXQ+AwddLj11ClcNK1s5ciYYDmRkLR9GHGRwE3YWZiADZWd6IwxhZXYyIUEZe3QvcQVcdCtbOXIOPnEnZA0PUANkEytwCksDLEB/SxMGXyVYES5+NGEdPVYTdCkOUmNcEygHMUcEIn5qdhYYYxRkNjFUPgMgKGEXFncLYTV2YyNEPV01dF80ez95QxBkIQVzAVE
143.204.55.16200 OK 1.2 kB URL HTTP/2 htthereflewove.xyz/N1IzRUlWMFAodlZvUWM8RT4OYHtxdwEDLQZrATd8W2oLMjtZNQRrKls9RiEvRT1dMWdZN0dge3E6V3U9RR91Lhx9E2USE1AfWgE+BjViHTlkEGR8G34AWyMHQDYBBHhuAHcdOlExVHEddSsKLwYGFxZ3D3IEYS4bBWJ7EB1UA1cueGEcSxd7YDpqcQxOPmQHAQ8WfDIbVQhyDCVzY2Zge3EaWhAGYRoLBgJbCFcLLgc7cXQ+AwddLj11ClcNK1s5ciYYDmRkLR9GHGRwE3YWZiADZWd6IwxhZXYyIUEZe3QvcQVcdCtbOXIOPnEnZA0PUANkEytwCksDLEB/SxMGXyVYES5+NGEdPVYTdCkOUmNcEygHMUcEIn5qdhYYYxRkNjFUPgMgKGEXFncLYTV2YyNEPV01dF80ez95QxBkIQVzAVE
IP 143.204.55.16:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (3019), with no line terminators
Hash 838a4dbc2477e7e0b7485eb2bf2736bf
369879afa2eb123006c8c47e055dd5cae809ff4c
a4e804073a036b1ca0e5e084870dfbf2f04782c1a1fb7bb8a55f3a7041d6ee05
GET /N1IzRUlWMFAodlZvUWM8RT4OYHtxdwEDLQZrATd8W2oLMjtZNQRrKls9RiEvRT1dMWdZN0dge3E6V3U9RR91Lhx9E2USE1AfWgE+BjViHTlkEGR8G34AWyMHQDYBBHhuAHcdOlExVHEddSsKLwYGFxZ3D3IEYS4bBWJ7EB1UA1cueGEcSxd7YDpqcQxOPmQHAQ8WfDIbVQhyDCVzY2Zge3EaWhAGYRoLBgJbCFcLLgc7cXQ+AwddLj11ClcNK1s5ciYYDmRkLR9GHGRwE3YWZiADZWd6IwxhZXYyIUEZe3QvcQVcdCtbOXIOPnEnZA0PUANkEytwCksDLEB/SxMGXyVYES5+NGEdPVYTdCkOUmNcEygHMUcEIn5qdhYYYxRkNjFUPgMgKGEXFncLYTV2YyNEPV01dF80ez95QxBkIQVzAVE HTTP/1.1
Host: htthereflewove.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/html
content-length: 1174
date: Wed, 26 Oct 2022 05:39:01 GMT
server: openresty/1.17.8.2
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
content-encoding: gzip
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
x-cache: Miss from cloudfront
via: 1.1 057fdebf738f5915bf38a78949190758.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: cIN--v7f6SHNRl2FwDLiTDvjmtqihHAdHTZFUI0XWrpPcZyz3x2_wA==
X-Firefox-Spdy: h2
htthereflewove.xyz/MGNwWmhRARM3V1FeEnwdQg9Nf1p2RkIcDAFaQihdXFtILRpeBEd0C1wMBT4OQgweLkZeBgR/WnYUKjYmBC5BMS5gISoMMlgqRhIpBQQlHS55Ih0uKX8yBDkmSDkFEj1pFiAgKn8HCWMweSYINyxKWhgXAGUXOB4MdiJDYiN9CyoPMnUiQhwEcggmaT1qNQouCmpSRR0ndhBVaCp2UxstK1pbKhwFQwQqNjF0BTYIAmUmBDU+Azk8OTBINikiOlEtCBcaaDI2KiBdFz84LwkwFDEcSAU2CAJzCCZiPmIpMhgwVDQVNlhyAiEfWndSF2g5AiZVaCpxNBwCMQBOFxkJZgdCCQ99RkIcLEkmFAw8aQYUMRgBOjYYUWMhJSk/AipWMBtfDQBnDUUUKTledBVBKVxlNSloIg
143.204.55.16200 OK 1.2 kB URL HTTP/2 htthereflewove.xyz/MGNwWmhRARM3V1FeEnwdQg9Nf1p2RkIcDAFaQihdXFtILRpeBEd0C1wMBT4OQgweLkZeBgR/WnYUKjYmBC5BMS5gISoMMlgqRhIpBQQlHS55Ih0uKX8yBDkmSDkFEj1pFiAgKn8HCWMweSYINyxKWhgXAGUXOB4MdiJDYiN9CyoPMnUiQhwEcggmaT1qNQouCmpSRR0ndhBVaCp2UxstK1pbKhwFQwQqNjF0BTYIAmUmBDU+Azk8OTBINikiOlEtCBcaaDI2KiBdFz84LwkwFDEcSAU2CAJzCCZiPmIpMhgwVDQVNlhyAiEfWndSF2g5AiZVaCpxNBwCMQBOFxkJZgdCCQ99RkIcLEkmFAw8aQYUMRgBOjYYUWMhJSk/AipWMBtfDQBnDUUUKTledBVBKVxlNSloIg
IP 143.204.55.16:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (3006), with no line terminators
Hash c78468b55adcedb0165cf3d83af559ab
da3aa024eb160cc4e04dcf58a22e3d34e2075672
dba18e315e8fbf84b3e6a55635a72a3da56ba6d372b05997aace6d4017846ac6
GET /MGNwWmhRARM3V1FeEnwdQg9Nf1p2RkIcDAFaQihdXFtILRpeBEd0C1wMBT4OQgweLkZeBgR/WnYUKjYmBC5BMS5gISoMMlgqRhIpBQQlHS55Ih0uKX8yBDkmSDkFEj1pFiAgKn8HCWMweSYINyxKWhgXAGUXOB4MdiJDYiN9CyoPMnUiQhwEcggmaT1qNQouCmpSRR0ndhBVaCp2UxstK1pbKhwFQwQqNjF0BTYIAmUmBDU+Azk8OTBINikiOlEtCBcaaDI2KiBdFz84LwkwFDEcSAU2CAJzCCZiPmIpMhgwVDQVNlhyAiEfWndSF2g5AiZVaCpxNBwCMQBOFxkJZgdCCQ99RkIcLEkmFAw8aQYUMRgBOjYYUWMhJSk/AipWMBtfDQBnDUUUKTledBVBKVxlNSloIg HTTP/1.1
Host: htthereflewove.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: text/html
content-length: 1165
date: Wed, 26 Oct 2022 05:39:01 GMT
server: openresty/1.17.8.2
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
content-encoding: gzip
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
x-cache: Miss from cloudfront
via: 1.1 057fdebf738f5915bf38a78949190758.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: 2zZk5CV87g9ZnUDscWRh8FsRPjwgR8rfyAQRnbCPTfHQ6S-CZF7fvg==
X-Firefox-Spdy: h2
htthereflewove.xyz/am12OEoLDxVVdQtQFB4/GAFLHXgsSER+LltUREp/BlVOTzgECkEWKQYCA1wsGAIYTGQECAIdeCwML1UPEDk+bQguAUZJGQI0P255LCAgfgcuCyN+DyldN1INEicVaXk7KzNUGBo9EQAlJzw/aA8CPB1+Hg09NFQ9LgweUw4uXCRAHx0OJm0CLCgkeQgyIR1QHThdFQANDQEVaSMjDjd5Jjs9AW0oLD8jDQwsVTtgDjMOMl97OQwjWyE8L0cAHywvJH8wOCgjCBsrKRp6Gz87TlQNEg4sfiRfKzFUISwoRnYdOCw3dx8sLyRpHho8I2sLIQgaTBk5L1tib1gvJGkfLzg1Wys4XDgJLAE7Im0bJFQkbgQvLC5PHikVOG8BAgIXagsvJiJ+GDosRFcLMlw3HiAZAhhIdxpVBkh/MB8MchpbLhFODw
143.204.55.16200 OK 1.2 kB URL HTTP/2 htthereflewove.xyz/am12OEoLDxVVdQtQFB4/GAFLHXgsSER+LltUREp/BlVOTzgECkEWKQYCA1wsGAIYTGQECAIdeCwML1UPEDk+bQguAUZJGQI0P255LCAgfgcuCyN+DyldN1INEicVaXk7KzNUGBo9EQAlJzw/aA8CPB1+Hg09NFQ9LgweUw4uXCRAHx0OJm0CLCgkeQgyIR1QHThdFQANDQEVaSMjDjd5Jjs9AW0oLD8jDQwsVTtgDjMOMl97OQwjWyE8L0cAHywvJH8wOCgjCBsrKRp6Gz87TlQNEg4sfiRfKzFUISwoRnYdOCw3dx8sLyRpHho8I2sLIQgaTBk5L1tib1gvJGkfLzg1Wys4XDgJLAE7Im0bJFQkbgQvLC5PHikVOG8BAgIXagsvJiJ+GDosRFcLMlw3HiAZAhhIdxpVBkh/MB8MchpbLhFODw
IP 143.204.55.16:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (3025), with no line terminators
Hash d6917e1225232e04c6196890ed76bd81
4be1f4da5a2696dea5669791326e85077f5c7a4d
6d005405c6ab017db99a1a9491b2f4c4edcf109ee371c1728c381519f2875452
GET /am12OEoLDxVVdQtQFB4/GAFLHXgsSER+LltUREp/BlVOTzgECkEWKQYCA1wsGAIYTGQECAIdeCwML1UPEDk+bQguAUZJGQI0P255LCAgfgcuCyN+DyldN1INEicVaXk7KzNUGBo9EQAlJzw/aA8CPB1+Hg09NFQ9LgweUw4uXCRAHx0OJm0CLCgkeQgyIR1QHThdFQANDQEVaSMjDjd5Jjs9AW0oLD8jDQwsVTtgDjMOMl97OQwjWyE8L0cAHywvJH8wOCgjCBsrKRp6Gz87TlQNEg4sfiRfKzFUISwoRnYdOCw3dx8sLyRpHho8I2sLIQgaTBk5L1tib1gvJGkfLzg1Wys4XDgJLAE7Im0bJFQkbgQvLC5PHikVOG8BAgIXagsvJiJ+GDosRFcLMlw3HiAZAhhIdxpVBkh/MB8MchpbLhFODw HTTP/1.1
Host: htthereflewove.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: text/html
content-length: 1179
date: Wed, 26 Oct 2022 05:39:01 GMT
server: openresty/1.17.8.2
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
content-encoding: gzip
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
x-cache: Miss from cloudfront
via: 1.1 057fdebf738f5915bf38a78949190758.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: Dp2x2MIMveoHxLtEh48BhNRZ_U15lAfSIkxzLfMul1B8_jDcfU97VA==
X-Firefox-Spdy: h2
chestfoollo.one/eTNFWVdWDCYqaiBYISECS1sXOhIVQh1oDQFhAikFLl0HHg0VQGMtPh0OfG9lSQJxfycQV3hocQpHJC0iCg50fz4XVSpkcQ8OdHdkTR13YHlJFTBkZl9HNTgwRAJjKSMNX3hoYU8Fcm9lTgB9amVA
172.67.154.214204 No Content 0 B URL HTTP/2 chestfoollo.one/eTNFWVdWDCYqaiBYISECS1sXOhIVQh1oDQFhAikFLl0HHg0VQGMtPh0OfG9lSQJxfycQV3hocQpHJC0iCg50fz4XVSpkcQ8OdHdkTR13YHlJFTBkZl9HNTgwRAJjKSMNX3hoYU8Fcm9lTgB9amVA
IP 172.67.154.214:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /eTNFWVdWDCYqaiBYISECS1sXOhIVQh1oDQFhAikFLl0HHg0VQGMtPh0OfG9lSQJxfycQV3hocQpHJC0iCg50fz4XVSpkcQ8OdHdkTR13YHlJFTBkZl9HNTgwRAJjKSMNX3hoYU8Fcm9lTgB9amVA HTTP/1.1
Host: chestfoollo.one
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 204 No Content
date: Wed, 26 Oct 2022 05:39:01 GMT
access-control-allow-origin: *
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=0k1KjSV8K6H%2BIq2ioEXB%2FMFXu6AWijRf0S0ouXaNJOHqXcb0se%2B3aWUc46GBgtWRnycNfo%2F%2FLh7Wn0LRcEzYwtDJClTf94G7UPVPE2QVOX%2BOQKFAM1sPhshZt0dyRKpvQqw%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7600d95d7b5fb50f-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
chestfoollo.one/MW5sWVYeUQ8qa2QEOWo3ARoLGAdnNAlrE3QqAGBuaxklHQ4CAUotP1VTVW9nCFtafyZYClFqZBcdGDgiRB1Ra2YBWUowOFcBUWhwR1Ncd24fX1x3ZhcbUWhwRR4NPmsASBwtIl1TXW9gB1laa2ECVl5hYw
172.67.154.214204 No Content 0 B URL HTTP/2 chestfoollo.one/MW5sWVYeUQ8qa2QEOWo3ARoLGAdnNAlrE3QqAGBuaxklHQ4CAUotP1VTVW9nCFtafyZYClFqZBcdGDgiRB1Ra2YBWUowOFcBUWhwR1Ncd24fX1x3ZhcbUWhwRR4NPmsASBwtIl1TXW9gB1laa2ECVl5hYw
IP 172.67.154.214:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /MW5sWVYeUQ8qa2QEOWo3ARoLGAdnNAlrE3QqAGBuaxklHQ4CAUotP1VTVW9nCFtafyZYClFqZBcdGDgiRB1Ra2YBWUowOFcBUWhwR1Ncd24fX1x3ZhcbUWhwRR4NPmsASBwtIl1TXW9gB1laa2ECVl5hYw HTTP/1.1
Host: chestfoollo.one
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 204 No Content
date: Wed, 26 Oct 2022 05:39:01 GMT
access-control-allow-origin: *
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=MG0%2BCDyNZYmuuphm%2Bl1ilEGNUIXk5dV03z5ACMviuEzKRMryHl51%2BkUOXWDRpqMPD9ElirqUY6asKuiGmC3ScZ7g4KLGbd0cdf6AHu6%2B7GNdvtTlSMVk7256rL15YzUvKBw%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7600d95d6b54b50f-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
chestfoollo.one/Nm9hSU4ZUAI6c28BOHscW14AGx9wFzcPPnMtDxsXYV80Cy1nSRUgKgtWV3t+B11HOSdSUlBxaEUbAD07RVJQbydYCQ50aEBSUGd+GF1PeWhDUlBvOkYOBnR/EB8VPSILXld/eAFZU359Dl1Yfg
172.67.154.214204 No Content 0 B URL HTTP/2 chestfoollo.one/Nm9hSU4ZUAI6c28BOHscW14AGx9wFzcPPnMtDxsXYV80Cy1nSRUgKgtWV3t+B11HOSdSUlBxaEUbAD07RVJQbydYCQ50aEBSUGd+GF1PeWhDUlBvOkYOBnR/EB8VPSILXld/eAFZU359Dl1Yfg
IP 172.67.154.214:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /Nm9hSU4ZUAI6c28BOHscW14AGx9wFzcPPnMtDxsXYV80Cy1nSRUgKgtWV3t+B11HOSdSUlBxaEUbAD07RVJQbydYCQ50aEBSUGd+GF1PeWhDUlBvOkYOBnR/EB8VPSILXld/eAFZU359Dl1Yfg HTTP/1.1
Host: chestfoollo.one
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 204 No Content
date: Wed, 26 Oct 2022 05:39:01 GMT
access-control-allow-origin: *
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=pyXpMGBM25nnd%2BdIv6nu1wHZRoJxLhynl2L3DYg4Ly2rZpv0ywHLcW41MsaVkXcsIFAuJ1jKjxgujw%2BfKJnEjzwz2o8dR1a7tEZjfeA4IHVNJvgoXv9%2BF1giifosaJv2XGE%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7600d95d8b6cb50f-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.pki.goog/s/gts1p5/bmiDRxqR27w
142.250.74.3200 OK 471 B URL HTTP/1.1 ocsp.pki.goog/s/gts1p5/bmiDRxqR27w
IP 142.250.74.3:0
Hash b6048b646139ddc5cbfa86a0117dfcfe
deaeae3de84e324b7062eb190daf184ea7254b69
e4adb7b8241681efe2409196c40482b21690d47587c8fdeb81153d5f56f608f0
POST /s/gts1p5/bmiDRxqR27w HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 26 Oct 2022 05:39:01 GMT
Cache-Control: public, max-age=14400
Server: scaffolding on HTTPServer2
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
mc.yandex.ru/watch/49415098/1?page-url=https%3A%2F%2Fxfantazy.com%2Fvideo%2F60e0061a89db0071206f8822&charset=utf-8&hittoken=1666762741_fe2688273a8149ed0becbff79a8a5b2ebecc3d601fb732a48020af84d8f8357f&browser-info=pa%3A1%3Aar%3A1%3Agdpr%3A14%3Avf%3A15m5t3makqb6yg1f8bcanw%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A921%3Acn%3A1%3Adp%3A0%3Als%3A1067924522870%3Ahid%3A425662377%3Az%3A0%3Ai%3A20221026053858%3Aet%3A1666762738%3Ac%3A1%3Arn%3A249272162%3Arqn%3A2%3Au%3A1666762738974967683%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ans%3A1666762735464%3Arqnl%3A1%3Ast%3A1666762739&t=gdpr(14)mc(p-7-h-1)clc(0-0-0)rqnt(2)aw(1)rqnl(1)ti(2)
77.88.21.119200 OK 43 B URL HTTP/2 mc.yandex.ru/watch/49415098/1?page-url=https%3A%2F%2Fxfantazy.com%2Fvideo%2F60e0061a89db0071206f8822&charset=utf-8&hittoken=1666762741_fe2688273a8149ed0becbff79a8a5b2ebecc3d601fb732a48020af84d8f8357f&browser-info=pa%3A1%3Aar%3A1%3Agdpr%3A14%3Avf%3A15m5t3makqb6yg1f8bcanw%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A921%3Acn%3A1%3Adp%3A0%3Als%3A1067924522870%3Ahid%3A425662377%3Az%3A0%3Ai%3A20221026053858%3Aet%3A1666762738%3Ac%3A1%3Arn%3A249272162%3Arqn%3A2%3Au%3A1666762738974967683%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ans%3A1666762735464%3Arqnl%3A1%3Ast%3A1666762739&t=gdpr(14)mc(p-7-h-1)clc(0-0-0)rqnt(2)aw(1)rqnl(1)ti(2)
IP 77.88.21.119:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash df3e567d6f16d040326c7a0ea29a4f41
ea7df583983133b62712b5e73bffbcd45cc53736
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
POST /watch/49415098/1?page-url=https%3A%2F%2Fxfantazy.com%2Fvideo%2F60e0061a89db0071206f8822&charset=utf-8&hittoken=1666762741_fe2688273a8149ed0becbff79a8a5b2ebecc3d601fb732a48020af84d8f8357f&browser-info=pa%3A1%3Aar%3A1%3Agdpr%3A14%3Avf%3A15m5t3makqb6yg1f8bcanw%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A921%3Acn%3A1%3Adp%3A0%3Als%3A1067924522870%3Ahid%3A425662377%3Az%3A0%3Ai%3A20221026053858%3Aet%3A1666762738%3Ac%3A1%3Arn%3A249272162%3Arqn%3A2%3Au%3A1666762738974967683%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ans%3A1666762735464%3Arqnl%3A1%3Ast%3A1666762739&t=gdpr(14)mc(p-7-h-1)clc(0-0-0)rqnt(2)aw(1)rqnl(1)ti(2) HTTP/1.1
Host: mc.yandex.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Content-Length: 45
Origin: https://xfantazy.com
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-length: 43
date: Wed, 26 Oct 2022 05:39:01 GMT
access-control-allow-origin: https://xfantazy.com
access-control-allow-credentials: true
pragma: no-cache
x-xss-protection: 1; mode=block
expires: Wed, 26-Oct-2022 05:39:01 GMT
last-modified: Wed, 26-Oct-2022 05:39:01 GMT
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
content-type: image/gif
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
mc.yandex.ru/watch/49415098/1?page-url=https%3A%2F%2Fxfantazy.com%2Fvideo%2F60e0061a89db0071206f8822&charset=utf-8&hittoken=1666762741_fe2688273a8149ed0becbff79a8a5b2ebecc3d601fb732a48020af84d8f8357f&browser-info=pa%3A1%3Aar%3A1%3Agdpr%3A14%3Avf%3A15m5t3makqb6yg1f8bcanw%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A921%3Acn%3A1%3Adp%3A0%3Als%3A1067924522870%3Ahid%3A425662377%3Az%3A0%3Ai%3A20221026053858%3Aet%3A1666762738%3Ac%3A1%3Arn%3A532859745%3Arqn%3A4%3Au%3A1666762738974967683%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ans%3A1666762735464%3Arqnl%3A1%3Ast%3A1666762739&t=gdpr(14)mc(p-7-h-1)clc(0-0-0)rqnt(4)aw(1)rqnl(1)ti(2)
77.88.21.119200 OK 43 B URL HTTP/2 mc.yandex.ru/watch/49415098/1?page-url=https%3A%2F%2Fxfantazy.com%2Fvideo%2F60e0061a89db0071206f8822&charset=utf-8&hittoken=1666762741_fe2688273a8149ed0becbff79a8a5b2ebecc3d601fb732a48020af84d8f8357f&browser-info=pa%3A1%3Aar%3A1%3Agdpr%3A14%3Avf%3A15m5t3makqb6yg1f8bcanw%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A921%3Acn%3A1%3Adp%3A0%3Als%3A1067924522870%3Ahid%3A425662377%3Az%3A0%3Ai%3A20221026053858%3Aet%3A1666762738%3Ac%3A1%3Arn%3A532859745%3Arqn%3A4%3Au%3A1666762738974967683%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ans%3A1666762735464%3Arqnl%3A1%3Ast%3A1666762739&t=gdpr(14)mc(p-7-h-1)clc(0-0-0)rqnt(4)aw(1)rqnl(1)ti(2)
IP 77.88.21.119:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash df3e567d6f16d040326c7a0ea29a4f41
ea7df583983133b62712b5e73bffbcd45cc53736
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
POST /watch/49415098/1?page-url=https%3A%2F%2Fxfantazy.com%2Fvideo%2F60e0061a89db0071206f8822&charset=utf-8&hittoken=1666762741_fe2688273a8149ed0becbff79a8a5b2ebecc3d601fb732a48020af84d8f8357f&browser-info=pa%3A1%3Aar%3A1%3Agdpr%3A14%3Avf%3A15m5t3makqb6yg1f8bcanw%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A921%3Acn%3A1%3Adp%3A0%3Als%3A1067924522870%3Ahid%3A425662377%3Az%3A0%3Ai%3A20221026053858%3Aet%3A1666762738%3Ac%3A1%3Arn%3A532859745%3Arqn%3A4%3Au%3A1666762738974967683%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ans%3A1666762735464%3Arqnl%3A1%3Ast%3A1666762739&t=gdpr(14)mc(p-7-h-1)clc(0-0-0)rqnt(4)aw(1)rqnl(1)ti(2) HTTP/1.1
Host: mc.yandex.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Content-Length: 122
Origin: https://xfantazy.com
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-length: 43
date: Wed, 26 Oct 2022 05:39:01 GMT
access-control-allow-origin: https://xfantazy.com
access-control-allow-credentials: true
pragma: no-cache
x-xss-protection: 1; mode=block
expires: Wed, 26-Oct-2022 05:39:01 GMT
last-modified: Wed, 26-Oct-2022 05:39:01 GMT
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
content-type: image/gif
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
mc.yandex.ru/watch/49415098/1?page-url=https%3A%2F%2Fxfantazy.com%2Fvideo%2F60e0061a89db0071206f8822&charset=utf-8&hittoken=1666762741_fe2688273a8149ed0becbff79a8a5b2ebecc3d601fb732a48020af84d8f8357f&browser-info=pa%3A1%3Aar%3A1%3Agdpr%3A14%3Avf%3A15m5t3makqb6yg1f8bcanw%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A921%3Acn%3A1%3Adp%3A0%3Als%3A1067924522870%3Ahid%3A425662377%3Az%3A0%3Ai%3A20221026053858%3Aet%3A1666762738%3Ac%3A1%3Arn%3A227533088%3Arqn%3A3%3Au%3A1666762738974967683%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ans%3A1666762735464%3Arqnl%3A1%3Ast%3A1666762739&t=gdpr(14)mc(p-7-h-1)clc(0-0-0)rqnt(3)aw(1)rqnl(1)ti(2)
77.88.21.119200 OK 43 B URL HTTP/2 mc.yandex.ru/watch/49415098/1?page-url=https%3A%2F%2Fxfantazy.com%2Fvideo%2F60e0061a89db0071206f8822&charset=utf-8&hittoken=1666762741_fe2688273a8149ed0becbff79a8a5b2ebecc3d601fb732a48020af84d8f8357f&browser-info=pa%3A1%3Aar%3A1%3Agdpr%3A14%3Avf%3A15m5t3makqb6yg1f8bcanw%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A921%3Acn%3A1%3Adp%3A0%3Als%3A1067924522870%3Ahid%3A425662377%3Az%3A0%3Ai%3A20221026053858%3Aet%3A1666762738%3Ac%3A1%3Arn%3A227533088%3Arqn%3A3%3Au%3A1666762738974967683%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ans%3A1666762735464%3Arqnl%3A1%3Ast%3A1666762739&t=gdpr(14)mc(p-7-h-1)clc(0-0-0)rqnt(3)aw(1)rqnl(1)ti(2)
IP 77.88.21.119:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash df3e567d6f16d040326c7a0ea29a4f41
ea7df583983133b62712b5e73bffbcd45cc53736
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
POST /watch/49415098/1?page-url=https%3A%2F%2Fxfantazy.com%2Fvideo%2F60e0061a89db0071206f8822&charset=utf-8&hittoken=1666762741_fe2688273a8149ed0becbff79a8a5b2ebecc3d601fb732a48020af84d8f8357f&browser-info=pa%3A1%3Aar%3A1%3Agdpr%3A14%3Avf%3A15m5t3makqb6yg1f8bcanw%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A921%3Acn%3A1%3Adp%3A0%3Als%3A1067924522870%3Ahid%3A425662377%3Az%3A0%3Ai%3A20221026053858%3Aet%3A1666762738%3Ac%3A1%3Arn%3A227533088%3Arqn%3A3%3Au%3A1666762738974967683%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ans%3A1666762735464%3Arqnl%3A1%3Ast%3A1666762739&t=gdpr(14)mc(p-7-h-1)clc(0-0-0)rqnt(3)aw(1)rqnl(1)ti(2) HTTP/1.1
Host: mc.yandex.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Content-Length: 52
Origin: https://xfantazy.com
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-length: 43
date: Wed, 26 Oct 2022 05:39:01 GMT
access-control-allow-origin: https://xfantazy.com
access-control-allow-credentials: true
pragma: no-cache
x-xss-protection: 1; mode=block
expires: Wed, 26-Oct-2022 05:39:01 GMT
last-modified: Wed, 26-Oct-2022 05:39:01 GMT
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
content-type: image/gif
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
mc.yandex.ru/watch/49415098/1?page-url=https%3A%2F%2Fxfantazy.com%2Fvideo%2F60e0061a89db0071206f8822&charset=utf-8&hittoken=1666762741_fe2688273a8149ed0becbff79a8a5b2ebecc3d601fb732a48020af84d8f8357f&browser-info=pa%3A1%3Aar%3A1%3Agdpr%3A14%3Avf%3A15m5t3makqb6yg1f8bcanw%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A921%3Acn%3A1%3Adp%3A0%3Als%3A1067924522870%3Ahid%3A425662377%3Az%3A0%3Ai%3A20221026053858%3Aet%3A1666762738%3Ac%3A1%3Arn%3A988272043%3Arqn%3A5%3Au%3A1666762738974967683%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ans%3A1666762735464%3Arqnl%3A1%3Ast%3A1666762739&t=gdpr(14)mc(p-7-h-1)clc(0-0-0)rqnt(5)aw(1)rqnl(1)ti(2)
77.88.21.119200 OK 43 B URL HTTP/2 mc.yandex.ru/watch/49415098/1?page-url=https%3A%2F%2Fxfantazy.com%2Fvideo%2F60e0061a89db0071206f8822&charset=utf-8&hittoken=1666762741_fe2688273a8149ed0becbff79a8a5b2ebecc3d601fb732a48020af84d8f8357f&browser-info=pa%3A1%3Aar%3A1%3Agdpr%3A14%3Avf%3A15m5t3makqb6yg1f8bcanw%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A921%3Acn%3A1%3Adp%3A0%3Als%3A1067924522870%3Ahid%3A425662377%3Az%3A0%3Ai%3A20221026053858%3Aet%3A1666762738%3Ac%3A1%3Arn%3A988272043%3Arqn%3A5%3Au%3A1666762738974967683%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ans%3A1666762735464%3Arqnl%3A1%3Ast%3A1666762739&t=gdpr(14)mc(p-7-h-1)clc(0-0-0)rqnt(5)aw(1)rqnl(1)ti(2)
IP 77.88.21.119:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash df3e567d6f16d040326c7a0ea29a4f41
ea7df583983133b62712b5e73bffbcd45cc53736
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
POST /watch/49415098/1?page-url=https%3A%2F%2Fxfantazy.com%2Fvideo%2F60e0061a89db0071206f8822&charset=utf-8&hittoken=1666762741_fe2688273a8149ed0becbff79a8a5b2ebecc3d601fb732a48020af84d8f8357f&browser-info=pa%3A1%3Aar%3A1%3Agdpr%3A14%3Avf%3A15m5t3makqb6yg1f8bcanw%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A921%3Acn%3A1%3Adp%3A0%3Als%3A1067924522870%3Ahid%3A425662377%3Az%3A0%3Ai%3A20221026053858%3Aet%3A1666762738%3Ac%3A1%3Arn%3A988272043%3Arqn%3A5%3Au%3A1666762738974967683%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ans%3A1666762735464%3Arqnl%3A1%3Ast%3A1666762739&t=gdpr(14)mc(p-7-h-1)clc(0-0-0)rqnt(5)aw(1)rqnl(1)ti(2) HTTP/1.1
Host: mc.yandex.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Content-Length: 98
Origin: https://xfantazy.com
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-length: 43
date: Wed, 26 Oct 2022 05:39:01 GMT
access-control-allow-origin: https://xfantazy.com
access-control-allow-credentials: true
pragma: no-cache
x-xss-protection: 1; mode=block
expires: Wed, 26-Oct-2022 05:39:01 GMT
last-modified: Wed, 26-Oct-2022 05:39:01 GMT
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
content-type: image/gif
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
mc.yandex.ru/watch/49415098/1?page-url=https%3A%2F%2Fxfantazy.com%2Fvideo%2F60e0061a89db0071206f8822&charset=utf-8&hittoken=1666762741_fe2688273a8149ed0becbff79a8a5b2ebecc3d601fb732a48020af84d8f8357f&browser-info=pa%3A1%3Aar%3A1%3Agdpr%3A14%3Avf%3A15m5t3makqb6yg1f8bcanw%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A921%3Acn%3A1%3Adp%3A0%3Als%3A1067924522870%3Ahid%3A425662377%3Az%3A0%3Ai%3A20221026053858%3Aet%3A1666762738%3Ac%3A1%3Arn%3A646667817%3Arqn%3A6%3Au%3A1666762738974967683%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ans%3A1666762735464%3Arqnl%3A1%3Ast%3A1666762739&t=gdpr(14)mc(p-7-h-1)clc(0-0-0)rqnt(6)aw(1)rqnl(1)ti(2)
77.88.21.119200 OK 43 B URL HTTP/2 mc.yandex.ru/watch/49415098/1?page-url=https%3A%2F%2Fxfantazy.com%2Fvideo%2F60e0061a89db0071206f8822&charset=utf-8&hittoken=1666762741_fe2688273a8149ed0becbff79a8a5b2ebecc3d601fb732a48020af84d8f8357f&browser-info=pa%3A1%3Aar%3A1%3Agdpr%3A14%3Avf%3A15m5t3makqb6yg1f8bcanw%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A921%3Acn%3A1%3Adp%3A0%3Als%3A1067924522870%3Ahid%3A425662377%3Az%3A0%3Ai%3A20221026053858%3Aet%3A1666762738%3Ac%3A1%3Arn%3A646667817%3Arqn%3A6%3Au%3A1666762738974967683%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ans%3A1666762735464%3Arqnl%3A1%3Ast%3A1666762739&t=gdpr(14)mc(p-7-h-1)clc(0-0-0)rqnt(6)aw(1)rqnl(1)ti(2)
IP 77.88.21.119:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash df3e567d6f16d040326c7a0ea29a4f41
ea7df583983133b62712b5e73bffbcd45cc53736
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
POST /watch/49415098/1?page-url=https%3A%2F%2Fxfantazy.com%2Fvideo%2F60e0061a89db0071206f8822&charset=utf-8&hittoken=1666762741_fe2688273a8149ed0becbff79a8a5b2ebecc3d601fb732a48020af84d8f8357f&browser-info=pa%3A1%3Aar%3A1%3Agdpr%3A14%3Avf%3A15m5t3makqb6yg1f8bcanw%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A921%3Acn%3A1%3Adp%3A0%3Als%3A1067924522870%3Ahid%3A425662377%3Az%3A0%3Ai%3A20221026053858%3Aet%3A1666762738%3Ac%3A1%3Arn%3A646667817%3Arqn%3A6%3Au%3A1666762738974967683%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ans%3A1666762735464%3Arqnl%3A1%3Ast%3A1666762739&t=gdpr(14)mc(p-7-h-1)clc(0-0-0)rqnt(6)aw(1)rqnl(1)ti(2) HTTP/1.1
Host: mc.yandex.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Content-Length: 99
Origin: https://xfantazy.com
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-length: 43
date: Wed, 26 Oct 2022 05:39:01 GMT
access-control-allow-origin: https://xfantazy.com
access-control-allow-credentials: true
pragma: no-cache
x-xss-protection: 1; mode=block
expires: Wed, 26-Oct-2022 05:39:01 GMT
last-modified: Wed, 26-Oct-2022 05:39:01 GMT
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
content-type: image/gif
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
mc.yandex.ru/watch/49415098/1?page-url=https%3A%2F%2Fxfantazy.com%2Fvideo%2F60e0061a89db0071206f8822&charset=utf-8&hittoken=1666762741_fe2688273a8149ed0becbff79a8a5b2ebecc3d601fb732a48020af84d8f8357f&browser-info=pa%3A1%3Aar%3A1%3Agdpr%3A14%3Avf%3A15m5t3makqb6yg1f8bcanw%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A921%3Acn%3A1%3Adp%3A0%3Als%3A1067924522870%3Ahid%3A425662377%3Az%3A0%3Ai%3A20221026053858%3Aet%3A1666762738%3Ac%3A1%3Arn%3A297955975%3Arqn%3A7%3Au%3A1666762738974967683%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ans%3A1666762735464%3Arqnl%3A1%3Ast%3A1666762739&t=gdpr(14)mc(p-7-h-1)clc(0-0-0)rqnt(7)aw(1)rqnl(1)ti(2)
77.88.21.119200 OK 43 B URL HTTP/2 mc.yandex.ru/watch/49415098/1?page-url=https%3A%2F%2Fxfantazy.com%2Fvideo%2F60e0061a89db0071206f8822&charset=utf-8&hittoken=1666762741_fe2688273a8149ed0becbff79a8a5b2ebecc3d601fb732a48020af84d8f8357f&browser-info=pa%3A1%3Aar%3A1%3Agdpr%3A14%3Avf%3A15m5t3makqb6yg1f8bcanw%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A921%3Acn%3A1%3Adp%3A0%3Als%3A1067924522870%3Ahid%3A425662377%3Az%3A0%3Ai%3A20221026053858%3Aet%3A1666762738%3Ac%3A1%3Arn%3A297955975%3Arqn%3A7%3Au%3A1666762738974967683%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ans%3A1666762735464%3Arqnl%3A1%3Ast%3A1666762739&t=gdpr(14)mc(p-7-h-1)clc(0-0-0)rqnt(7)aw(1)rqnl(1)ti(2)
IP 77.88.21.119:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash df3e567d6f16d040326c7a0ea29a4f41
ea7df583983133b62712b5e73bffbcd45cc53736
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
POST /watch/49415098/1?page-url=https%3A%2F%2Fxfantazy.com%2Fvideo%2F60e0061a89db0071206f8822&charset=utf-8&hittoken=1666762741_fe2688273a8149ed0becbff79a8a5b2ebecc3d601fb732a48020af84d8f8357f&browser-info=pa%3A1%3Aar%3A1%3Agdpr%3A14%3Avf%3A15m5t3makqb6yg1f8bcanw%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A921%3Acn%3A1%3Adp%3A0%3Als%3A1067924522870%3Ahid%3A425662377%3Az%3A0%3Ai%3A20221026053858%3Aet%3A1666762738%3Ac%3A1%3Arn%3A297955975%3Arqn%3A7%3Au%3A1666762738974967683%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ans%3A1666762735464%3Arqnl%3A1%3Ast%3A1666762739&t=gdpr(14)mc(p-7-h-1)clc(0-0-0)rqnt(7)aw(1)rqnl(1)ti(2) HTTP/1.1
Host: mc.yandex.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Content-Length: 98
Origin: https://xfantazy.com
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-length: 43
date: Wed, 26 Oct 2022 05:39:01 GMT
access-control-allow-origin: https://xfantazy.com
access-control-allow-credentials: true
pragma: no-cache
x-xss-protection: 1; mode=block
expires: Wed, 26-Oct-2022 05:39:01 GMT
last-modified: Wed, 26-Oct-2022 05:39:01 GMT
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
content-type: image/gif
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
mc.yandex.ru/watch/49415098/1?page-url=https%3A%2F%2Fxfantazy.com%2Fvideo%2F60e0061a89db0071206f8822&charset=utf-8&hittoken=1666762741_fe2688273a8149ed0becbff79a8a5b2ebecc3d601fb732a48020af84d8f8357f&browser-info=pa%3A1%3Aar%3A1%3Agdpr%3A14%3Avf%3A15m5t3makqb6yg1f8bcanw%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A921%3Acn%3A1%3Adp%3A0%3Als%3A1067924522870%3Ahid%3A425662377%3Az%3A0%3Ai%3A20221026053858%3Aet%3A1666762738%3Ac%3A1%3Arn%3A426754004%3Arqn%3A9%3Au%3A1666762738974967683%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ans%3A1666762735464%3Arqnl%3A1%3Ast%3A1666762739&t=gdpr(14)mc(p-7-h-1)clc(0-0-0)rqnt(9)aw(1)rqnl(1)ti(2)
77.88.21.119200 OK 43 B URL HTTP/2 mc.yandex.ru/watch/49415098/1?page-url=https%3A%2F%2Fxfantazy.com%2Fvideo%2F60e0061a89db0071206f8822&charset=utf-8&hittoken=1666762741_fe2688273a8149ed0becbff79a8a5b2ebecc3d601fb732a48020af84d8f8357f&browser-info=pa%3A1%3Aar%3A1%3Agdpr%3A14%3Avf%3A15m5t3makqb6yg1f8bcanw%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A921%3Acn%3A1%3Adp%3A0%3Als%3A1067924522870%3Ahid%3A425662377%3Az%3A0%3Ai%3A20221026053858%3Aet%3A1666762738%3Ac%3A1%3Arn%3A426754004%3Arqn%3A9%3Au%3A1666762738974967683%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ans%3A1666762735464%3Arqnl%3A1%3Ast%3A1666762739&t=gdpr(14)mc(p-7-h-1)clc(0-0-0)rqnt(9)aw(1)rqnl(1)ti(2)
IP 77.88.21.119:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash df3e567d6f16d040326c7a0ea29a4f41
ea7df583983133b62712b5e73bffbcd45cc53736
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
POST /watch/49415098/1?page-url=https%3A%2F%2Fxfantazy.com%2Fvideo%2F60e0061a89db0071206f8822&charset=utf-8&hittoken=1666762741_fe2688273a8149ed0becbff79a8a5b2ebecc3d601fb732a48020af84d8f8357f&browser-info=pa%3A1%3Aar%3A1%3Agdpr%3A14%3Avf%3A15m5t3makqb6yg1f8bcanw%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A921%3Acn%3A1%3Adp%3A0%3Als%3A1067924522870%3Ahid%3A425662377%3Az%3A0%3Ai%3A20221026053858%3Aet%3A1666762738%3Ac%3A1%3Arn%3A426754004%3Arqn%3A9%3Au%3A1666762738974967683%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ans%3A1666762735464%3Arqnl%3A1%3Ast%3A1666762739&t=gdpr(14)mc(p-7-h-1)clc(0-0-0)rqnt(9)aw(1)rqnl(1)ti(2) HTTP/1.1
Host: mc.yandex.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Content-Length: 39
Origin: https://xfantazy.com
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-length: 43
date: Wed, 26 Oct 2022 05:39:01 GMT
access-control-allow-origin: https://xfantazy.com
access-control-allow-credentials: true
pragma: no-cache
x-xss-protection: 1; mode=block
expires: Wed, 26-Oct-2022 05:39:01 GMT
last-modified: Wed, 26-Oct-2022 05:39:01 GMT
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
content-type: image/gif
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
chestfoollo.one/VDJsTmJ7DQ89XzYANjs3LmAIGw4sWi4IGgxkXi0mA14qLzgjZ0o6CzAPVXhTbQdaaBI9VlF9UHJBGC8WIUFRf0Q9XAohX3JEUX5MbBxdfkxkFBlzU3JGHC8FaQNKPhYgXlF/VGIEW3hQYwFUfFpm
172.67.154.214204 No Content 0 B URL HTTP/2 chestfoollo.one/VDJsTmJ7DQ89XzYANjs3LmAIGw4sWi4IGgxkXi0mA14qLzgjZ0o6CzAPVXhTbQdaaBI9VlF9UHJBGC8WIUFRf0Q9XAohX3JEUX5MbBxdfkxkFBlzU3JGHC8FaQNKPhYgXlF/VGIEW3hQYwFUfFpm
IP 172.67.154.214:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /VDJsTmJ7DQ89XzYANjs3LmAIGw4sWi4IGgxkXi0mA14qLzgjZ0o6CzAPVXhTbQdaaBI9VlF9UHJBGC8WIUFRf0Q9XAohX3JEUX5MbBxdfkxkFBlzU3JGHC8FaQNKPhYgXlF/VGIEW3hQYwFUfFpm HTTP/1.1
Host: chestfoollo.one
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 204 No Content
date: Wed, 26 Oct 2022 05:39:01 GMT
access-control-allow-origin: *
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=71%2FtSEoB3AWFVfve3djauyjDkg%2Bz299X7g2beh9sIQPdJ3DBlJngAzqKrq%2Fw9zRXReeoJ28FycqBPd9hluTnJxvpkPKkAIxIwYmrySVjynCotTSE93n1GhQVSaSW7ZMUwPM%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7600d95d6b57b50f-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
mc.yandex.ru/watch/49415098/1?page-url=https%3A%2F%2Fxfantazy.com%2Fvideo%2F60e0061a89db0071206f8822&charset=utf-8&hittoken=1666762741_fe2688273a8149ed0becbff79a8a5b2ebecc3d601fb732a48020af84d8f8357f&browser-info=pv%3A1%3Aar%3A1%3Agdpr%3A14%3Avf%3A15m5t3makqb6yg1f8bcanw%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A921%3Acn%3A1%3Adp%3A0%3Als%3A1067924522870%3Ahid%3A425662377%3Az%3A0%3Ai%3A20221026053858%3Aet%3A1666762738%3Ac%3A1%3Arn%3A365186692%3Arqn%3A8%3Au%3A1666762738974967683%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ans%3A1666762735464%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1666762739%3At%3Afree%20porn%20video%2030%20milf%20porn%20%7C%20redfoxx92%20%E2%80%93%20Cumwalk%20in%20Paradise%20%E2%80%93%20%2410.99%20%28Premium%20user%20request%29%20%7C%20redfoxx92%20-%20XFantazy.com&t=gdpr%2814%29mc%28p-7-h-1%29clc%280-0-0%29rqnt%288%29aw%281%29fip%281%29rqnl%281%29ti%282%29
77.88.21.119200 OK 43 B URL HTTP/2 mc.yandex.ru/watch/49415098/1?page-url=https%3A%2F%2Fxfantazy.com%2Fvideo%2F60e0061a89db0071206f8822&charset=utf-8&hittoken=1666762741_fe2688273a8149ed0becbff79a8a5b2ebecc3d601fb732a48020af84d8f8357f&browser-info=pv%3A1%3Aar%3A1%3Agdpr%3A14%3Avf%3A15m5t3makqb6yg1f8bcanw%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A921%3Acn%3A1%3Adp%3A0%3Als%3A1067924522870%3Ahid%3A425662377%3Az%3A0%3Ai%3A20221026053858%3Aet%3A1666762738%3Ac%3A1%3Arn%3A365186692%3Arqn%3A8%3Au%3A1666762738974967683%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ans%3A1666762735464%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1666762739%3At%3Afree%20porn%20video%2030%20milf%20porn%20%7C%20redfoxx92%20%E2%80%93%20Cumwalk%20in%20Paradise%20%E2%80%93%20%2410.99%20%28Premium%20user%20request%29%20%7C%20redfoxx92%20-%20XFantazy.com&t=gdpr%2814%29mc%28p-7-h-1%29clc%280-0-0%29rqnt%288%29aw%281%29fip%281%29rqnl%281%29ti%282%29
IP 77.88.21.119:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash df3e567d6f16d040326c7a0ea29a4f41
ea7df583983133b62712b5e73bffbcd45cc53736
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
GET /watch/49415098/1?page-url=https%3A%2F%2Fxfantazy.com%2Fvideo%2F60e0061a89db0071206f8822&charset=utf-8&hittoken=1666762741_fe2688273a8149ed0becbff79a8a5b2ebecc3d601fb732a48020af84d8f8357f&browser-info=pv%3A1%3Aar%3A1%3Agdpr%3A14%3Avf%3A15m5t3makqb6yg1f8bcanw%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A921%3Acn%3A1%3Adp%3A0%3Als%3A1067924522870%3Ahid%3A425662377%3Az%3A0%3Ai%3A20221026053858%3Aet%3A1666762738%3Ac%3A1%3Arn%3A365186692%3Arqn%3A8%3Au%3A1666762738974967683%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ans%3A1666762735464%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1666762739%3At%3Afree%20porn%20video%2030%20milf%20porn%20%7C%20redfoxx92%20%E2%80%93%20Cumwalk%20in%20Paradise%20%E2%80%93%20%2410.99%20%28Premium%20user%20request%29%20%7C%20redfoxx92%20-%20XFantazy.com&t=gdpr%2814%29mc%28p-7-h-1%29clc%280-0-0%29rqnt%288%29aw%281%29fip%281%29rqnl%281%29ti%282%29 HTTP/1.1
Host: mc.yandex.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://xfantazy.com
Referer: https://xfantazy.com/
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-length: 43
date: Wed, 26 Oct 2022 05:39:01 GMT
access-control-allow-origin: https://xfantazy.com
access-control-allow-credentials: true
pragma: no-cache
x-xss-protection: 1; mode=block
expires: Wed, 26-Oct-2022 05:39:01 GMT
last-modified: Wed, 26-Oct-2022 05:39:01 GMT
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
content-type: image/gif
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
d192r5l88wrng7.cloudfront.net/hd0trMFkUJAVWZgMiDw1gQXpSBW9RIRhfNwd2A1YRDXsfcg4TBy9jO1E/EVRkR20HUTcQdk1VNxR2WhY4EylWBH8DOwRbZAIlD1U/HiUOVH8CKlZdNg0iB1w4UnktBXdHblkAcQ96WhVqNW5ZADUeJR5IfEV7EwhvKH1fFWo1blkAKwFuWHFgQWVbGXxFew-xVOhwkTgIfRXtaAGlGe1oVa0ctAkI8ESQTFWsxcl0eaVE+VgE
54.230.245.4200 OK 328 B URL HTTP/2 d192r5l88wrng7.cloudfront.net/hd0trMFkUJAVWZgMiDw1gQXpSBW9RIRhfNwd2A1YRDXsfcg4TBy9jO1E/EVRkR20HUTcQdk1VNxR2WhY4EylWBH8DOwRbZAIlD1U/HiUOVH8CKlZdNg0iB1w4UnktBXdHblkAcQ96WhVqNW5ZADUeJR5IfEV7EwhvKH1fFWo1blkAKwFuWHFgQWVbGXxFew-xVOhwkTgIfRXtaAGlGe1oVa0ctAkI8ESQTFWsxcl0eaVE+VgE
IP 54.230.245.4:0
File type ASCII text, with very long lines (409), with no line terminators
Hash 8fff423f7a9c97f3b1cb9c8d4f212f72
3c56120cc7ae5271c254be3c5ae84de66fc2d9a9
6aa6d36d17158f1602a7350e609a3e5f1acf6715a1e3c8df7da1a492cd93dd1e
GET /hd0trMFkUJAVWZgMiDw1gQXpSBW9RIRhfNwd2A1YRDXsfcg4TBy9jO1E/EVRkR20HUTcQdk1VNxR2WhY4EylWBH8DOwRbZAIlD1U/HiUOVH8CKlZdNg0iB1w4UnktBXdHblkAcQ96WhVqNW5ZADUeJR5IfEV7EwhvKH1fFWo1blkAKwFuWHFgQWVbGXxFew-xVOhwkTgIfRXtaAGlGe1oVa0ctAkI8ESQTFWsxcl0eaVE+VgE HTTP/1.1
Host: d192r5l88wrng7.cloudfront.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://htthereflewove.xyz/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-length: 328
date: Wed, 26 Oct 2022 05:39:01 GMT
access-control-allow-origin: *
cache-control: max-age=31556926
content-encoding: gzip
x-cache: Miss from cloudfront
via: 1.1 6259d2cd8a5947ad41a420527bbed7a6.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: 8hQH_XheJLp3O41oaMCVOJIdS9I_GTdsCtsUGglODeFLThrsGA8ilg==
X-Firefox-Spdy: h2
d192r5l88wrng7.cloudfront.net/aYmEzTHUBDl0qShYIV3FMVFMDfUFEC0AjGxJcQ3QFElRpPg8oMQIPEhQkFTgPBlwDahkDD1RxUwcPUHFERABXLkhWR0c8GglcQiIcAAlQPwUbFRU5FF8MXDYcDg1SaUckVB18UFBRGzREU0QADlBQUV8lGxcZFn5FGlkFE0NWRAAOUFBRQTpQUSAKeltSSB-Z+RQUEUCcaR1N1fkVTUQN9RVNEAXwTCxNWKhoaRAEKTFRPA2oAX1A
54.230.245.4200 OK 574 B URL HTTP/2 d192r5l88wrng7.cloudfront.net/aYmEzTHUBDl0qShYIV3FMVFMDfUFEC0AjGxJcQ3QFElRpPg8oMQIPEhQkFTgPBlwDahkDD1RxUwcPUHFERABXLkhWR0c8GglcQiIcAAlQPwUbFRU5FF8MXDYcDg1SaUckVB18UFBRGzREU0QADlBQUV8lGxcZFn5FGlkFE0NWRAAOUFBRQTpQUSAKeltSSB-Z+RQUEUCcaR1N1fkVTUQN9RVNEAXwTCxNWKhoaRAEKTFRPA2oAX1A
IP 54.230.245.4:0
File type ASCII text, with very long lines (827), with no line terminators
Hash 8703bd35e45bc34b543375ce81c3f792
48b1c09e83bb7fd942187d8adac14fcdb157b4a5
165a5a325f62d4d42d71346f56073a225e3e2e5ba65604a9c41b693320baa683
GET /aYmEzTHUBDl0qShYIV3FMVFMDfUFEC0AjGxJcQ3QFElRpPg8oMQIPEhQkFTgPBlwDahkDD1RxUwcPUHFERABXLkhWR0c8GglcQiIcAAlQPwUbFRU5FF8MXDYcDg1SaUckVB18UFBRGzREU0QADlBQUV8lGxcZFn5FGlkFE0NWRAAOUFBRQTpQUSAKeltSSB-Z+RQUEUCcaR1N1fkVTUQN9RVNEAXwTCxNWKhoaRAEKTFRPA2oAX1A HTTP/1.1
Host: d192r5l88wrng7.cloudfront.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://htthereflewove.xyz/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-length: 574
date: Wed, 26 Oct 2022 05:39:01 GMT
access-control-allow-origin: *
cache-control: max-age=31556926
content-encoding: gzip
x-cache: Miss from cloudfront
via: 1.1 6259d2cd8a5947ad41a420527bbed7a6.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: 2akqox9ZGw1Zz_0iDjho5Qe6-CaUsXNqdjR3Oeag37LnOfRo62yVtw==
X-Firefox-Spdy: h2
d192r5l88wrng7.cloudfront.net/wZlN4M1kFPBZVZhI6HA5gUGFIAmtAOQtcNxZuHUYuPzBOdy9XIExmDz9hMhUtHDdFA38KMhZUZEA2FlBkV3UZVztbZ15GOFs+F0kwCj8ZFmsgZlYDfFRjUEtoV3ZLcXxUYxRaNxMrXQFpHmtObG9SdktxfFRjCkV8VRJBBXdWel0BaQE2G1g2Q2E+AWlXY0-gCaVd2SgM/DyEdVTYedkp1YFB9SBUsW2I
54.230.245.4200 OK 191 B URL HTTP/2 d192r5l88wrng7.cloudfront.net/wZlN4M1kFPBZVZhI6HA5gUGFIAmtAOQtcNxZuHUYuPzBOdy9XIExmDz9hMhUtHDdFA38KMhZUZEA2FlBkV3UZVztbZ15GOFs+F0kwCj8ZFmsgZlYDfFRjUEtoV3ZLcXxUYxRaNxMrXQFpHmtObG9SdktxfFRjCkV8VRJBBXdWel0BaQE2G1g2Q2E+AWlXY0-gCaVd2SgM/DyEdVTYedkp1YFB9SBUsW2I
IP 54.230.245.4:0
File type ASCII text, with no line terminators
Hash 6d349e1763738d7c35fe9172dafe68a5
9ce24ea4c5da3dc2729b3693989ad863df0df17c
f7059ce1654ac48a34d19e78c0839723444c75481d8714edaee83671ee63214f
GET /wZlN4M1kFPBZVZhI6HA5gUGFIAmtAOQtcNxZuHUYuPzBOdy9XIExmDz9hMhUtHDdFA38KMhZUZEA2FlBkV3UZVztbZ15GOFs+F0kwCj8ZFmsgZlYDfFRjUEtoV3ZLcXxUYxRaNxMrXQFpHmtObG9SdktxfFRjCkV8VRJBBXdWel0BaQE2G1g2Q2E+AWlXY0-gCaVd2SgM/DyEdVTYedkp1YFB9SBUsW2I HTTP/1.1
Host: d192r5l88wrng7.cloudfront.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://htthereflewove.xyz/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-length: 191
date: Wed, 26 Oct 2022 05:39:01 GMT
access-control-allow-origin: *
cache-control: max-age=31556926
content-encoding: gzip
x-cache: Miss from cloudfront
via: 1.1 6259d2cd8a5947ad41a420527bbed7a6.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: 1C40nd3ROlagkA_hFyak7Nb7m_r5ZqgynVULObFj1WkcRtA_8RCZ-w==
X-Firefox-Spdy: h2
mc.yandex.ru/metrika/advert.gif
77.88.21.119200 OK 43 B URL HTTP/2 mc.yandex.ru/metrika/advert.gif
IP 77.88.21.119:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash df3e567d6f16d040326c7a0ea29a4f41
ea7df583983133b62712b5e73bffbcd45cc53736
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
GET /metrika/advert.gif HTTP/1.1
Host: mc.yandex.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-length: 43
date: Wed, 26 Oct 2022 05:39:01 GMT
access-control-allow-origin: *
etag: "63575841-2b"
expires: Wed, 26 Oct 2022 06:39:01 GMT
accept-ranges: bytes
last-modified: Tue, 25 Oct 2022 06:30:09 GMT
cache-control: max-age=3600
content-type: image/gif
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash 0b21021a9952aee1a74f3bd0a3dab020
df8dd2d33f9505ecdf4b57372050ffe264ea34ca
5fb04e8d818840ea60d750ec6a1230a3318202fc25790f0c45cac8fe8302a1f4
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 26 Oct 2022 05:39:01 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash 0b21021a9952aee1a74f3bd0a3dab020
df8dd2d33f9505ecdf4b57372050ffe264ea34ca
5fb04e8d818840ea60d750ec6a1230a3318202fc25790f0c45cac8fe8302a1f4
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 26 Oct 2022 05:39:01 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
e1.o.lencr.org/
23.36.77.32200 OK 345 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 9bea0d25c10f5b633941d1f7d30f7354
f15f6da0e068bdfd6125c85f23c8708051de07d6
2e69d450173c5a92b279aa10a62d9540dd6e7c4396041921dfe99862664ae3e8
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "2E69D450173C5A92B279AA10A62D9540DD6E7C4396041921DFE99862664AE3E8"
Last-Modified: Mon, 24 Oct 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=14093
Expires: Wed, 26 Oct 2022 09:33:54 GMT
Date: Wed, 26 Oct 2022 05:39:01 GMT
Connection: keep-alive
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash e51b6855c0480724d286847fa91528fe
ee6a114e7bc79b1aa1f07b31cb90674c2ba77bbc
174e93f5d04840d025c9807d0c752ad4b96a4350ab968025b0856c5e59599d47
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3898
Cache-Control: max-age=134428
Content-Type: application/ocsp-response
Date: Wed, 26 Oct 2022 05:39:01 GMT
Etag: "635822d7-1d7"
Expires: Thu, 27 Oct 2022 18:59:29 GMT
Last-Modified: Tue, 25 Oct 2022 17:54:31 GMT
Server: ECS (ska/F718)
X-Cache: HIT
Content-Length: 471
accounts.google.com/ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&uilel=3&hl=en&service=youtube
216.58.207.237302 Found 398 B URL HTTP/2 accounts.google.com/ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&uilel=3&hl=en&service=youtube
IP 216.58.207.237:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (383)
Hash 3e2b05e673e5b2d66b2b2b59ef169cdf
205bfc4032117925091e2348b4ea3c10b23f87b4
ee893ef8c00090301b53009a3d6dade34fc71059ad13fa8858db816548c24bfb
GET /ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&uilel=3&hl=en&service=youtube HTTP/1.1
Host: accounts.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
content-type: text/html; charset=UTF-8
x-frame-options: DENY
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Wed, 26 Oct 2022 05:39:01 GMT
location: https://accounts.google.com/v3/signin/identifier?dsh=S571389619%3A1666762741901915&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&hl=en&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&ifkv=AQDHYWojmCShFwWCZmLSC03DdTe_J8v22m5tl4w6MK39qlDfsYVBBLAnZUkENyCX2px2cfJHXEr1sw
strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: require-trusted-types-for 'script';report-uri /cspreport, script-src 'nonce-rcZpdEXGoHm-Lri_qGOdmQ' 'unsafe-inline' 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /cspreport
report-to: {"group":"coop_gse_qebhlk","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gse_qebhlk"}]}
cross-origin-opener-policy-report-only: same-origin; report-to="coop_gse_qebhlk"
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 398
server: GSE
set-cookie: __Host-GAPS=1:7j2K21Jl9zn3rTVuTfAhock1NQOFig:MkUvAMVEYV6P6OPU;Path=/;Expires=Fri, 25-Oct-2024 05:39:01 GMT;Secure;HttpOnly;Priority=HIGH
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
htthereflewove.xyz/utx?cb=ESIff7BXDcLB&top=xfantazy.com&tid=961956
143.204.55.16204 No Content 0 B URL HTTP/2 htthereflewove.xyz/utx?cb=ESIff7BXDcLB&top=xfantazy.com&tid=961956
IP 143.204.55.16:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /utx?cb=ESIff7BXDcLB&top=xfantazy.com&tid=961956 HTTP/1.1
Host: htthereflewove.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://xfantazy.com
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 204 No Content
date: Wed, 26 Oct 2022 05:39:01 GMT
server: openresty/1.17.8.2
access-control-allow-credentials: true
access-control-allow-origin: https://xfantazy.com
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
set-cookie: ut=x; Expires=Wed, 26 Oct 2022 05:40:01 GMT; Max-Age=60
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
x-cache: Miss from cloudfront
via: 1.1 057fdebf738f5915bf38a78949190758.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: XJcgqQ3xBk4QDM5UYQwy86-x-2F8caBtJgNjrIZlUpjOIvfAD3Tc4g==
X-Firefox-Spdy: h2
htthereflewove.xyz/utx?cb=nHOPW8yv3toC&top=xfantazy.com&tid=962014
143.204.55.16204 No Content 0 B URL HTTP/2 htthereflewove.xyz/utx?cb=nHOPW8yv3toC&top=xfantazy.com&tid=962014
IP 143.204.55.16:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /utx?cb=nHOPW8yv3toC&top=xfantazy.com&tid=962014 HTTP/1.1
Host: htthereflewove.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://xfantazy.com
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 204 No Content
date: Wed, 26 Oct 2022 05:39:01 GMT
server: openresty/1.17.8.2
access-control-allow-credentials: true
access-control-allow-origin: https://xfantazy.com
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
set-cookie: ut=x; Expires=Wed, 26 Oct 2022 05:40:01 GMT; Max-Age=60
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
x-cache: Miss from cloudfront
via: 1.1 057fdebf738f5915bf38a78949190758.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: l_e9AC3KIAWBKDIsQ08VbSUf1TUeOmXIqkp1acgS-OfWOuM2AYfETw==
X-Firefox-Spdy: h2
accounts.google.com/ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&uilel=3&hl=en&service=mail
216.58.207.237302 Found 398 B URL HTTP/2 accounts.google.com/ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&uilel=3&hl=en&service=mail
IP 216.58.207.237:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (381)
Hash 0fee728d9660a0b2ebe161ef2bd3121c
048dab04d366aa52588b9f2dfdc4c20ba27e3068
4079421cc78e362098e9c680df17443853faeaedc7ef7ce393017e4ba6954bf0
GET /ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&uilel=3&hl=en&service=mail HTTP/1.1
Host: accounts.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
content-type: text/html; charset=UTF-8
x-frame-options: DENY
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Wed, 26 Oct 2022 05:39:01 GMT
location: https://accounts.google.com/v3/signin/identifier?dsh=S-2146574058%3A1666762741938754&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&hl=en&passive=true&service=mail&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&ifkv=AQDHYWoisKiSSpjiQdJkcMEXeK9n22VR70ahNTJv0ZV5pjLDGcutExeJ-3_JRpq1jiy-fzKLA2SZpQ
strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: script-src 'nonce-QLalW09Reu7Nw0J6AXy3ng' 'unsafe-inline' 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /cspreport, require-trusted-types-for 'script';report-uri /cspreport
report-to: {"group":"coop_gse_qebhlk","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gse_qebhlk"}]}
cross-origin-opener-policy-report-only: same-origin; report-to="coop_gse_qebhlk"
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 398
server: GSE
set-cookie: __Host-GAPS=1:pXJBrKPMpgO4pfJSW2M4H9XEffn5pw:GZosq9VtedIxCWgI;Path=/;Expires=Fri, 25-Oct-2024 05:39:01 GMT;Secure;HttpOnly;Priority=HIGH
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash 130509513bc271340f20f1c556b2592a
6fd8b0623344d4c06ecf4e0708eb51a37d79ed9d
6a69bfbb5b21f5cfae366b21ab59426e78d51467926430c7bbf44d7f8ac704de
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 26 Oct 2022 05:39:01 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
e1.o.lencr.org/
23.36.77.32200 OK 345 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 9bea0d25c10f5b633941d1f7d30f7354
f15f6da0e068bdfd6125c85f23c8708051de07d6
2e69d450173c5a92b279aa10a62d9540dd6e7c4396041921dfe99862664ae3e8
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "2E69D450173C5A92B279AA10A62D9540DD6E7C4396041921DFE99862664AE3E8"
Last-Modified: Mon, 24 Oct 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=14093
Expires: Wed, 26 Oct 2022 09:33:54 GMT
Date: Wed, 26 Oct 2022 05:39:01 GMT
Connection: keep-alive
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash e51b6855c0480724d286847fa91528fe
ee6a114e7bc79b1aa1f07b31cb90674c2ba77bbc
174e93f5d04840d025c9807d0c752ad4b96a4350ab968025b0856c5e59599d47
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3899
Cache-Control: max-age=134428
Content-Type: application/ocsp-response
Date: Wed, 26 Oct 2022 05:39:02 GMT
Etag: "635822d7-1d7"
Expires: Thu, 27 Oct 2022 18:59:30 GMT
Last-Modified: Tue, 25 Oct 2022 17:54:31 GMT
Server: ECS (ska/F718)
X-Cache: HIT
Content-Length: 471
www.facebook.com/login.php?next=https%3A%2F%2Fwww.facebook.com%2Ffavicon.ico%3F_rdr%3Dp
157.240.221.35200 OK 7.5 kB URL HTTP/2 www.facebook.com/login.php?next=https%3A%2F%2Fwww.facebook.com%2Ffavicon.ico%3F_rdr%3Dp
IP 157.240.221.35:0
Hash 95d80a75f0389e7672747eaf2cd52bbe
da9c9ba47187a37dca6b9671cd8d419d52585ef8
f078104442c6d320a4e7079aad8553b82f53efe6792c9f125d352e0f7fb1a907
GET /login.php?next=https%3A%2F%2Fwww.facebook.com%2Ffavicon.ico%3F_rdr%3Dp HTTP/1.1
Host: www.facebook.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-encoding: br
pragma: no-cache
cache-control: private, no-cache, no-store, must-revalidate
expires: Sat, 01 Jan 2000 00:00:00 GMT
content-security-policy-report-only: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* wss://*.fbcdn.net attachment.fbsbx.com blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ *.fbsbx.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster: *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: *.fbcdn.net;worker-src blob: *.facebook.com data:;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
content-security-policy: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* wss://*.fbcdn.net attachment.fbsbx.com blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ *.fbsbx.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster: *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: *.fbcdn.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
report-to: {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown"}]}
x-frame-options: DENY
x-content-type-options: nosniff
x-xss-protection: 0
cross-origin-opener-policy: same-origin-allow-popups
vary: Sec-Fetch-Site, Sec-Fetch-Mode, Accept-Encoding
strict-transport-security: max-age=15552000; preload
content-type: text/html; charset="utf-8"
x-fb-debug: reWeTjtGu26sX++QjIxgglcILVfAH8tFWZuiSiFKuxSvc2F8GWtL7MDwdiG5g0jTrpeeUgVGroFY921LLPJ0Qg==
date: Wed, 26 Oct 2022 05:39:01 GMT
priority: u=3,i
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
accounts.google.com/v3/signin/identifier?dsh=S-2146574058%3A1666762741938754&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&hl=en&passive=true&service=mail&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&ifkv=AQDHYWoisKiSSpjiQdJkcMEXeK9n22VR70ahNTJv0ZV5pjLDGcutExeJ-3_JRpq1jiy-fzKLA2SZpQ
216.58.207.237403 Forbidden 838 B URL HTTP/2 accounts.google.com/v3/signin/identifier?dsh=S-2146574058%3A1666762741938754&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&hl=en&passive=true&service=mail&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&ifkv=AQDHYWoisKiSSpjiQdJkcMEXeK9n22VR70ahNTJv0ZV5pjLDGcutExeJ-3_JRpq1jiy-fzKLA2SZpQ
IP 216.58.207.237:0
Hash 017e7f8548047ed3a513ce3c56c6f314
f082d78673b5c01157338cb5410905323d26ce44
508b9b2e1c0337b09291b329b411529a942dddc438d3cc9e7b8d5cdd54b6ee3e
GET /v3/signin/identifier?dsh=S-2146574058%3A1666762741938754&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&hl=en&passive=true&service=mail&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&ifkv=AQDHYWoisKiSSpjiQdJkcMEXeK9n22VR70ahNTJv0ZV5pjLDGcutExeJ-3_JRpq1jiy-fzKLA2SZpQ HTTP/1.1
Host: accounts.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://xfantazy.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 403 Forbidden
content-type: text/html; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Wed, 26 Oct 2022 05:39:01 GMT
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-opener-policy-report-only: same-origin
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-platform=*, ch-ua-platform-version=*
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
content-security-policy: script-src 'nonce-jf8mIoNqyYGT6rnL2MJweQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /v3/signin/_/AccountsSignInUi/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com;report-uri /v3/signin/_/AccountsSignInUi/cspreport/allowlist, require-trusted-types-for 'script';report-uri /v3/signin/_/AccountsSignInUi/cspreport
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
pogothere.xyz/asd100.bin
172.64.172.27200 OK 104 kB IP 172.64.172.27:0
Size 104 kB (103555 bytes)
Hash 67359660bad2834a3d54cf0f7a577f04
363dd83d0c5e6032d3aa76d8f461ca81b59b2b51
7eb4a610de23e197484b612d542fbd1be3bc39dd6e2322dd17b59a81eeabf15f
GET /asd100.bin HTTP/1.1
Host: pogothere.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://xfantazy.com/
Origin: https://xfantazy.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Wed, 26 Oct 2022 05:39:01 GMT
content-type: binary/octet-stream
access-control-allow-origin: https://xfantazy.com
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-headers: X-Requested-With, content-type
cache-control: max-age=14400
cf-cache-status: HIT
age: 1861
last-modified: Wed, 26 Oct 2022 05:08:00 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2FyEmcViDYnlRVztPb9U39Wg1UJnxnuUhNfvqjbZBa7VF1yBZRlWeVd%2FzEwcxZsxKT91BCuKbh%2FCelJpa7U9svdY6zbAGsbut8VuN%2FwSYcsOBlBh%2Fq9T3w4o7b4W2%2BU5t"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7600d960ef6d06f5-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
a.focusde.info/api/spots/289411?host=xfantazy.com&ev=197&wh=939&ww=1280&uuid=
135.181.208.216200 OK 0 B URL HTTP/2 a.focusde.info/api/spots/289411?host=xfantazy.com&ev=197&wh=939&ww=1280&uuid=
IP 135.181.208.216:0
ASN #24940 Hetzner Online GmbH
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /api/spots/289411?host=xfantazy.com&ev=197&wh=939&ww=1280&uuid= HTTP/1.1
Host: a.focusde.info
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 26 Oct 2022 05:39:02 GMT
content-length: 0
set-cookie: nauid=eChgpnla1CGepa0NDhIQ; Path=/; Expires=Wed, 11 Nov 2037 11:11:11 GMT; Secure; SameSite=None
cache-control: private
X-Firefox-Spdy: h2
a.focusde.info/api/spots/380873?host=xfantazy.com&ev=197&wh=939&ww=1280&uuid=
135.181.208.216200 OK 0 B URL HTTP/2 a.focusde.info/api/spots/380873?host=xfantazy.com&ev=197&wh=939&ww=1280&uuid=
IP 135.181.208.216:0
ASN #24940 Hetzner Online GmbH
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /api/spots/380873?host=xfantazy.com&ev=197&wh=939&ww=1280&uuid= HTTP/1.1
Host: a.focusde.info
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 26 Oct 2022 05:39:02 GMT
content-length: 0
set-cookie: nauid=D3HRrxPRhnEmhaS1PCHN; Path=/; Expires=Wed, 11 Nov 2037 11:11:11 GMT; Secure; SameSite=None
cache-control: private
X-Firefox-Spdy: h2
a.focusde.info/api/spots/391860?host=xfantazy.com&ev=197&wh=939&ww=1280&uuid=
135.181.208.216200 OK 0 B URL HTTP/2 a.focusde.info/api/spots/391860?host=xfantazy.com&ev=197&wh=939&ww=1280&uuid=
IP 135.181.208.216:0
ASN #24940 Hetzner Online GmbH
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /api/spots/391860?host=xfantazy.com&ev=197&wh=939&ww=1280&uuid= HTTP/1.1
Host: a.focusde.info
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 26 Oct 2022 05:39:02 GMT
content-length: 0
set-cookie: nauid=f4pS1ro8chK1D8XCDlRn; Path=/; Expires=Wed, 11 Nov 2037 11:11:11 GMT; Secure; SameSite=None
cache-control: private
X-Firefox-Spdy: h2
a.focusde.info/api/spots/406858?host=xfantazy.com&ev=197&wh=939&ww=1280&uuid=
135.181.208.216200 OK 0 B URL HTTP/2 a.focusde.info/api/spots/406858?host=xfantazy.com&ev=197&wh=939&ww=1280&uuid=
IP 135.181.208.216:0
ASN #24940 Hetzner Online GmbH
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /api/spots/406858?host=xfantazy.com&ev=197&wh=939&ww=1280&uuid= HTTP/1.1
Host: a.focusde.info
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 26 Oct 2022 05:39:02 GMT
content-length: 0
set-cookie: nauid=EDrfagI3Y1RuIBh5GxHj; Path=/; Expires=Wed, 11 Nov 2037 11:11:11 GMT; Secure; SameSite=None
cache-control: private
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 29ecae7b3c922d5ae30cf14c8dbba474
e9f6a1fb600d99b113a9afc0d258f3e1f9ae08c8
6c51ee3d9359df0287d76ac5137bb1e28f971611baba401a9595fc82305cef6f
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "6C51EE3D9359DF0287D76AC5137BB1E28F971611BABA401A9595FC82305CEF6F"
Last-Modified: Tue, 25 Oct 2022 07:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4724
Expires: Wed, 26 Oct 2022 06:57:47 GMT
Date: Wed, 26 Oct 2022 05:39:03 GMT
Connection: keep-alive
assurednesssalesmanmaud.com/21/fe/39/21fe3950f412e026c33f1b6cee613eba.js
192.243.61.225200 OK 14 kB URL HTTP/1.1 assurednesssalesmanmaud.com/21/fe/39/21fe3950f412e026c33f1b6cee613eba.js
IP 192.243.61.225:0
ASN #39572 DataWeb Global Group B.V.
Hash 3fbc05543d393c951a7fb9f0c23bfb06
8de381b914fc9435e920e0ed69004f6608a14805
2b92cc0fb2aceb5474d30ae1ce8a03962c36c6c520317fe8e7e6384c33c5adb4
Analyzer Verdict Alert quad9 Sinkholed
GET /21/fe/39/21fe3950f412e026c33f1b6cee613eba.js HTTP/1.1
Host: assurednesssalesmanmaud.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.22.0
Date: Wed, 26 Oct 2022 05:39:03 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA-Full-Version-ListSec-CH-UA-MobileSec-CH-UA-Platform,Sec-CH-UA-Mobile,Sec-CH-UA-Platform,Sec-CH-UA-PlatformSec-CH-UA-ModelSec-CH-UA-Mobile,Sec-CH-UA-PlatformSec-CH-UA-Platform-Version,Sec-CH-UASec-CH-UA-MobileSec-CH-UA-Platform,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: bf12b29e587d2d80363d5097b331124c
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
e1.o.lencr.org/
23.36.77.32200 OK 345 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash a968c7378f35e7ea49bc6f045e4212db
fd63962c9ad878f71ec77be2da4e5ce573454f0b
7ac19cd3a19183b8fcdec57a474a11f29eeea3a8f333fe04ea7d67455cf61f8f
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "7AC19CD3A19183B8FCDEC57A474A11F29EEEA3A8F333FE04EA7D67455CF61F8F"
Last-Modified: Sun, 23 Oct 2022 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6701
Expires: Wed, 26 Oct 2022 07:30:44 GMT
Date: Wed, 26 Oct 2022 05:39:03 GMT
Connection: keep-alive
ocsp.sca1b.amazontrust.com/
54.230.245.100200 OK 471 B URL HTTP/1.1 ocsp.sca1b.amazontrust.com/
IP 54.230.245.100:0
Hash 787b1fc5d5f4cff91f5aee14f0cc2abf
a27036e3eeb9e273c9d9b5175237ff400b341c92
02cf018bf2716a3128a827ea3cc1daca23e98e0469c0dd24807e140af1a8f7b2
POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=114970
Date: Wed, 26 Oct 2022 05:39:03 GMT
Etag: "6357d705-1d7"
Expires: Thu, 27 Oct 2022 13:35:13 GMT
Last-Modified: Tue, 25 Oct 2022 12:31:01 GMT
Server: ECS (dcb/7EA4)
X-Cache: Miss from cloudfront
Via: 1.1 a343e36742f64defd0a2caf1f96ff772.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: 1hzOaEYN66559SsIvPce06b6CvCry2RsAPvMpMIyIVnadDPfJKWjnw==
Age: 3852
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash c263a9cbd716927fb7ddf07249807c34
c6ec1ec9477a16adca65c70e42f8aefbf148b935
972a4fcaa2f29c6fcc8c8c6961ce2b62b3b8667e0457e791ed71d368853e1f86
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "972A4FCAA2F29C6FCC8C8C6961CE2B62B3B8667E0457E791ED71D368853E1F86"
Last-Modified: Wed, 26 Oct 2022 01:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8066
Expires: Wed, 26 Oct 2022 07:53:30 GMT
Date: Wed, 26 Oct 2022 05:39:04 GMT
Connection: keep-alive
mc.yandex.ru/watch/49415098?page-url=https%3A%2F%2Fxfantazy.com%2Fvideo%2F60e0061a89db0071206f8822&charset=utf-8&hittoken=1666762741_fe2688273a8149ed0becbff79a8a5b2ebecc3d601fb732a48020af84d8f8357f&browser-info=pv%3A1%3Aar%3A1%3Agdpr%3A14%3Avf%3A15m5t3makqb6yg1f8bcanw%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A921%3Acn%3A1%3Adp%3A0%3Als%3A1067924522870%3Ahid%3A425662377%3Az%3A0%3Ai%3A20221026053858%3Aet%3A1666762738%3Ac%3A1%3Arn%3A365186692%3Arqn%3A8%3Au%3A1666762738974967683%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ans%3A1666762735464%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1666762739%3At%3Afree%20porn%20video%2030%20milf%20porn%20%7C%20redfoxx92%20%E2%80%93%20Cumwalk%20in%20Paradise%20%E2%80%93%20%2410.99%20(Premium%20user%20request)%20%7C%20redfoxx92%20-%20XFantazy.com&t=gdpr(14)mc(p-7-h-1)clc(0-0-0)rqnt(8)aw(1)fip(1)rqnl(1)ti(2)
77.88.21.119302 Found 40 B URL HTTP/2 mc.yandex.ru/watch/49415098?page-url=https%3A%2F%2Fxfantazy.com%2Fvideo%2F60e0061a89db0071206f8822&charset=utf-8&hittoken=1666762741_fe2688273a8149ed0becbff79a8a5b2ebecc3d601fb732a48020af84d8f8357f&browser-info=pv%3A1%3Aar%3A1%3Agdpr%3A14%3Avf%3A15m5t3makqb6yg1f8bcanw%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A921%3Acn%3A1%3Adp%3A0%3Als%3A1067924522870%3Ahid%3A425662377%3Az%3A0%3Ai%3A20221026053858%3Aet%3A1666762738%3Ac%3A1%3Arn%3A365186692%3Arqn%3A8%3Au%3A1666762738974967683%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ans%3A1666762735464%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1666762739%3At%3Afree%20porn%20video%2030%20milf%20porn%20%7C%20redfoxx92%20%E2%80%93%20Cumwalk%20in%20Paradise%20%E2%80%93%20%2410.99%20(Premium%20user%20request)%20%7C%20redfoxx92%20-%20XFantazy.com&t=gdpr(14)mc(p-7-h-1)clc(0-0-0)rqnt(8)aw(1)fip(1)rqnl(1)ti(2)
IP 77.88.21.119:0
File type ASCII text, with no line terminators
Hash ba29b5533ac44eee46b3fc8a586bb31b
cdd3cf73ddfc3b178b2f3823349be7c9d02fc528
7b75eb465289f70449c406f7f0f14ffeb23af635062fcd324c860939f8825608
GET /watch/49415098?page-url=https%3A%2F%2Fxfantazy.com%2Fvideo%2F60e0061a89db0071206f8822&charset=utf-8&hittoken=1666762741_fe2688273a8149ed0becbff79a8a5b2ebecc3d601fb732a48020af84d8f8357f&browser-info=pv%3A1%3Aar%3A1%3Agdpr%3A14%3Avf%3A15m5t3makqb6yg1f8bcanw%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A921%3Acn%3A1%3Adp%3A0%3Als%3A1067924522870%3Ahid%3A425662377%3Az%3A0%3Ai%3A20221026053858%3Aet%3A1666762738%3Ac%3A1%3Arn%3A365186692%3Arqn%3A8%3Au%3A1666762738974967683%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ans%3A1666762735464%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1666762739%3At%3Afree%20porn%20video%2030%20milf%20porn%20%7C%20redfoxx92%20%E2%80%93%20Cumwalk%20in%20Paradise%20%E2%80%93%20%2410.99%20(Premium%20user%20request)%20%7C%20redfoxx92%20-%20XFantazy.com&t=gdpr(14)mc(p-7-h-1)clc(0-0-0)rqnt(8)aw(1)fip(1)rqnl(1)ti(2) HTTP/1.1
Host: mc.yandex.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://xfantazy.com
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 302 Found
location: /watch/49415098/1?page-url=https%3A%2F%2Fxfantazy.com%2Fvideo%2F60e0061a89db0071206f8822&charset=utf-8&hittoken=1666762741_fe2688273a8149ed0becbff79a8a5b2ebecc3d601fb732a48020af84d8f8357f&browser-info=pv%3A1%3Aar%3A1%3Agdpr%3A14%3Avf%3A15m5t3makqb6yg1f8bcanw%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A921%3Acn%3A1%3Adp%3A0%3Als%3A1067924522870%3Ahid%3A425662377%3Az%3A0%3Ai%3A20221026053858%3Aet%3A1666762738%3Ac%3A1%3Arn%3A365186692%3Arqn%3A8%3Au%3A1666762738974967683%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ans%3A1666762735464%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1666762739%3At%3Afree%20porn%20video%2030%20milf%20porn%20%7C%20redfoxx92%20%E2%80%93%20Cumwalk%20in%20Paradise%20%E2%80%93%20%2410.99%20%28Premium%20user%20request%29%20%7C%20redfoxx92%20-%20XFantazy.com&t=gdpr%2814%29mc%28p-7-h-1%29clc%280-0-0%29rqnt%288%29aw%281%29fip%281%29rqnl%281%29ti%282%29
date: Wed, 26 Oct 2022 05:39:01 GMT
access-control-allow-origin: https://xfantazy.com
set-cookie: yandexuid=8059547451666762741; Expires=Thu, 26-Oct-2023 05:39:01 GMT; Domain=.yandex.ru; Path=/; SameSite=None; Secure
yuidss=8059547451666762741; Expires=Thu, 26-Oct-2023 05:39:01 GMT; Domain=.yandex.ru; Path=/; SameSite=None; Secure
yabs-sid=1149523441666762741; Path=/; SameSite=None; Secure
i=w1dU0uZbrqHYjI8tgY5pD9g1UKJwBGhNP7LdrxhI42Ani6gfjLqhkPRYywXS3xgzXrpNrGVyMToy1SnpD125sIengt4=; Expires=Sat, 23-Oct-2032 05:39:01 GMT; Domain=.yandex.ru; Path=/; Secure; HttpOnly; SameSite=None
ymex=1698298741.yrts.1666762741#1698298741.yrtsi.1666762741; Expires=Thu, 26-Oct-2023 05:39:01 GMT; Domain=.yandex.ru; Path=/; SameSite=None; Secure
access-control-allow-credentials: true
pragma: no-cache
x-xss-protection: 1; mode=block
expires: Wed, 26-Oct-2022 05:39:01 GMT
last-modified: Wed, 26-Oct-2022 05:39:01 GMT
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
e1.o.lencr.org/
23.36.77.32200 OK 345 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash a968c7378f35e7ea49bc6f045e4212db
fd63962c9ad878f71ec77be2da4e5ce573454f0b
7ac19cd3a19183b8fcdec57a474a11f29eeea3a8f333fe04ea7d67455cf61f8f
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "7AC19CD3A19183B8FCDEC57A474A11F29EEEA3A8F333FE04EA7D67455CF61F8F"
Last-Modified: Sun, 23 Oct 2022 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6700
Expires: Wed, 26 Oct 2022 07:30:44 GMT
Date: Wed, 26 Oct 2022 05:39:04 GMT
Connection: keep-alive
withholdsubsequently.com/01/f7/5a/01f75a95a38a8db0a8e82d995253a076.js
173.233.137.60200 OK 29 kB URL HTTP/1.1 withholdsubsequently.com/01/f7/5a/01f75a95a38a8db0a8e82d995253a076.js
IP 173.233.137.60:0
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (65536), with no line terminators
Hash 408a57dd2cc523c36a53461b57822da9
e6846010b40b43ba6a6b5c1b543d1888d6ee8a14
ad365d1e99fed3453c6597f1cb573944fe947e25b473c06cbe2233aa1774e5f0
Analyzer Verdict Alert fortinet Phishing
quad9 Sinkholed
GET /01/f7/5a/01f75a95a38a8db0a8e82d995253a076.js HTTP/1.1
Host: withholdsubsequently.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Wed, 26 Oct 2022 05:39:04 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA-Full-Version-ListSec-CH-UA-MobileSec-CH-UA-Platform,Sec-CH-UA-Mobile,Sec-CH-UA-Platform,Sec-CH-UA-PlatformSec-CH-UA-ModelSec-CH-UA-Mobile,Sec-CH-UA-PlatformSec-CH-UA-Platform-Version,Sec-CH-UASec-CH-UA-MobileSec-CH-UA-Platform,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: e24140105e3ee0e169bef76b6d974067
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
e1.o.lencr.org/
23.36.77.32200 OK 345 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 13c51695bfc0986bc4e4efc19d0845f1
431a0175f4735f8fa8c0e54eba8d2515fcf22d76
a0b6128d03df09119f28ea616e0442d008b708922c173fdfc4824f86c11a8296
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "A0B6128D03DF09119F28EA616E0442D008B708922C173FDFC4824F86C11A8296"
Last-Modified: Mon, 24 Oct 2022 11:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3222
Expires: Wed, 26 Oct 2022 06:32:46 GMT
Date: Wed, 26 Oct 2022 05:39:04 GMT
Connection: keep-alive
mc.yandex.ru/watch/49415098?wmode=7&page-url=https%3A%2F%2Fxfantazy.com%2Fvideo%2F60e0061a89db0071206f8822&charset=utf-8&browser-info=pv%3A1%3Agdpr%3A14%3Avf%3A15m5t3makqb6yg1f8bcanw%3Afp%3A1477%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A921%3Acn%3A1%3Adp%3A0%3Als%3A1067924522870%3Ahid%3A425662377%3Az%3A0%3Ai%3A20221026053857%3Aet%3A1666762738%3Ac%3A1%3Arn%3A524017449%3Arqn%3A1%3Au%3A1666762738974967683%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ads%3A1%2C111%2C636%2C0%2C366%2C0%2C%2C186%2C8%2C%2C%2C%2C1472%3Ans%3A1666762735464%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1666762738%3At%3Afree%20porn%20video%2030%20milf%20porn%20%7C%20redfoxx92%20%E2%80%93%20Cumwalk%20in%20Paradise%20%E2%80%93%20%2410.99%20(Premium%20user%20request)%20%7C%20redfoxx92%20-%20XFantazy.com&t=gdpr(14)clc(0-0-0)rqnt(1)aw(1)fip(1)rqnl(1)ti(2)
77.88.21.119302 Found 471 B URL HTTP/2 mc.yandex.ru/watch/49415098?wmode=7&page-url=https%3A%2F%2Fxfantazy.com%2Fvideo%2F60e0061a89db0071206f8822&charset=utf-8&browser-info=pv%3A1%3Agdpr%3A14%3Avf%3A15m5t3makqb6yg1f8bcanw%3Afp%3A1477%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A921%3Acn%3A1%3Adp%3A0%3Als%3A1067924522870%3Ahid%3A425662377%3Az%3A0%3Ai%3A20221026053857%3Aet%3A1666762738%3Ac%3A1%3Arn%3A524017449%3Arqn%3A1%3Au%3A1666762738974967683%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ads%3A1%2C111%2C636%2C0%2C366%2C0%2C%2C186%2C8%2C%2C%2C%2C1472%3Ans%3A1666762735464%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1666762738%3At%3Afree%20porn%20video%2030%20milf%20porn%20%7C%20redfoxx92%20%E2%80%93%20Cumwalk%20in%20Paradise%20%E2%80%93%20%2410.99%20(Premium%20user%20request)%20%7C%20redfoxx92%20-%20XFantazy.com&t=gdpr(14)clc(0-0-0)rqnt(1)aw(1)fip(1)rqnl(1)ti(2)
IP 77.88.21.119:0
Hash a3a58839446c911202fbc0705a8e019b
7d6031b540cc549d7cdd8409b9c3e0fbcf729df7
d4428ff04d771610e28fbe5f14281e1455276112486550e3cffc976eaadcecd7
GET /watch/49415098?wmode=7&page-url=https%3A%2F%2Fxfantazy.com%2Fvideo%2F60e0061a89db0071206f8822&charset=utf-8&browser-info=pv%3A1%3Agdpr%3A14%3Avf%3A15m5t3makqb6yg1f8bcanw%3Afp%3A1477%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A921%3Acn%3A1%3Adp%3A0%3Als%3A1067924522870%3Ahid%3A425662377%3Az%3A0%3Ai%3A20221026053857%3Aet%3A1666762738%3Ac%3A1%3Arn%3A524017449%3Arqn%3A1%3Au%3A1666762738974967683%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ads%3A1%2C111%2C636%2C0%2C366%2C0%2C%2C186%2C8%2C%2C%2C%2C1472%3Ans%3A1666762735464%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1666762738%3At%3Afree%20porn%20video%2030%20milf%20porn%20%7C%20redfoxx92%20%E2%80%93%20Cumwalk%20in%20Paradise%20%E2%80%93%20%2410.99%20(Premium%20user%20request)%20%7C%20redfoxx92%20-%20XFantazy.com&t=gdpr(14)clc(0-0-0)rqnt(1)aw(1)fip(1)rqnl(1)ti(2) HTTP/1.1
Host: mc.yandex.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://xfantazy.com
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
location: /watch/49415098/1?wmode=7&page-url=https%3A%2F%2Fxfantazy.com%2Fvideo%2F60e0061a89db0071206f8822&charset=utf-8&browser-info=pv%3A1%3Agdpr%3A14%3Avf%3A15m5t3makqb6yg1f8bcanw%3Afp%3A1477%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A921%3Acn%3A1%3Adp%3A0%3Als%3A1067924522870%3Ahid%3A425662377%3Az%3A0%3Ai%3A20221026053857%3Aet%3A1666762738%3Ac%3A1%3Arn%3A524017449%3Arqn%3A1%3Au%3A1666762738974967683%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ads%3A1%2C111%2C636%2C0%2C366%2C0%2C%2C186%2C8%2C%2C%2C%2C1472%3Ans%3A1666762735464%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1666762738%3At%3Afree%20porn%20video%2030%20milf%20porn%20%7C%20redfoxx92%20%E2%80%93%20Cumwalk%20in%20Paradise%20%E2%80%93%20%2410.99%20%28Premium%20user%20request%29%20%7C%20redfoxx92%20-%20XFantazy.com&t=gdpr%2814%29clc%280-0-0%29rqnt%281%29aw%281%29fip%281%29rqnl%281%29ti%282%29
date: Wed, 26 Oct 2022 05:39:01 GMT
access-control-allow-origin: https://xfantazy.com
set-cookie: yandexuid=3271105871666762741; Expires=Thu, 26-Oct-2023 05:39:01 GMT; Domain=.yandex.ru; Path=/; SameSite=None; Secure
yuidss=3271105871666762741; Expires=Thu, 26-Oct-2023 05:39:01 GMT; Domain=.yandex.ru; Path=/; SameSite=None; Secure
yabs-sid=2560941361666762741; Path=/; SameSite=None; Secure
i=t9vZQ2JGQ8tDeYx3wVRHwZqtOX+7wI2mRmetevkhwGFahF2GQPCVwp+4c8M3Aje5MIs2pterFtSiAFAPRINHoUxB+o0=; Expires=Sat, 23-Oct-2032 05:38:59 GMT; Domain=.yandex.ru; Path=/; Secure; HttpOnly; SameSite=None
ymex=1698298741.yrts.1666762741#1698298741.yrtsi.1666762741; Expires=Thu, 26-Oct-2023 05:39:01 GMT; Domain=.yandex.ru; Path=/; SameSite=None; Secure
access-control-allow-credentials: true
pragma: no-cache
x-xss-protection: 1; mode=block
expires: Wed, 26-Oct-2022 05:39:01 GMT
last-modified: Wed, 26-Oct-2022 05:39:01 GMT
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
e1.o.lencr.org/
23.36.77.32200 OK 345 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 13c51695bfc0986bc4e4efc19d0845f1
431a0175f4735f8fa8c0e54eba8d2515fcf22d76
a0b6128d03df09119f28ea616e0442d008b708922c173fdfc4824f86c11a8296
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "A0B6128D03DF09119F28EA616E0442D008B708922C173FDFC4824F86C11A8296"
Last-Modified: Mon, 24 Oct 2022 11:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3222
Expires: Wed, 26 Oct 2022 06:32:46 GMT
Date: Wed, 26 Oct 2022 05:39:04 GMT
Connection: keep-alive
withholdsubsequently.com/sbar.json?key=21fe3950f412e026c33f1b6cee613eba&uuid=692d69e8-9194-4838-b25f-2c5fec5fd7f9%3A1%3A1
173.233.137.60200 OK 4.4 kB URL HTTP/1.1 withholdsubsequently.com/sbar.json?key=21fe3950f412e026c33f1b6cee613eba&uuid=692d69e8-9194-4838-b25f-2c5fec5fd7f9%3A1%3A1
IP 173.233.137.60:0
File type JSON data\012- , Unicode text, UTF-8 text, with very long lines (6125), with no line terminators
Hash 7052e25bbc8017eb23baa339ffb3e742
cb42dac02136f5a411251971fe1ca032771dae58
0b920f2b695da6c058428b23594a91f248f6faa9f430a097edf0f47620b419e9
Analyzer Verdict Alert quad9 Sinkholed
GET /sbar.json?key=21fe3950f412e026c33f1b6cee613eba&uuid=692d69e8-9194-4838-b25f-2c5fec5fd7f9%3A1%3A1 HTTP/1.1
Host: withholdsubsequently.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://xfantazy.com
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Wed, 26 Oct 2022 05:39:04 GMT
Content-Type: text/plain; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA-Full-Version-ListSec-CH-UA-MobileSec-CH-UA-Platform,Sec-CH-UA-Mobile,Sec-CH-UA-Platform,Sec-CH-UA-PlatformSec-CH-UA-ModelSec-CH-UA-Mobile,Sec-CH-UA-PlatformSec-CH-UA-Platform-Version,Sec-CH-UASec-CH-UA-MobileSec-CH-UA-Platform,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: https://xfantazy.com
Access-Control-Allow-Origin: https://xfantazy.com
Access-Control-Allow-Credentials: true
Set-Cookie: u_pl=17661735; expires=Thu, 27 Oct 2022 05:39:04 GMT; secure; SameSite=None
uid_id2=692d69e8-9194-4838-b25f-2c5fec5fd7f9:1:1; expires=Wed, 02 Nov 2022 05:39:04 GMT; secure; SameSite=None
pdhtkv=true; expires=Thu, 27 Oct 2022 05:39:04 GMT; secure; SameSite=None
uncs=1; expires=Thu, 27 Oct 2022 05:39:04 GMT; secure; SameSite=None
pdhtkv29=true; expires=Thu, 27 Oct 2022 05:39:04 GMT; secure; SameSite=None
uncs29=1; expires=Thu, 27 Oct 2022 05:39:04 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: e0c7282b99d56d20302bd1ac3b299878
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
webpick-cdn.s3-us-west-2.amazonaws.com/getlaid.jpeg
52.218.217.241200 OK 9.3 kB URL HTTP/1.1 webpick-cdn.s3-us-west-2.amazonaws.com/getlaid.jpeg
IP 52.218.217.241:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 192x192, components 3\012- data
Hash e73bda30c82b74c32e5f03e4ed4e4bb1
e2b381468138921e418865ca53fd7b91ab8febb8
e6a18e81d67bc6cfadbe2c86c78b99c0e01644cdeafb48144663121b629ea227
GET /getlaid.jpeg HTTP/1.1
Host: webpick-cdn.s3-us-west-2.amazonaws.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
x-amz-id-2: OPlDi1tzvZY4plBho04swXxvRLaTPOcu8RdcMJmuEw1UqLpxkFJ//6QtvO2TaUruH4rxm1Ak47c=
x-amz-request-id: 1TPXDK3G9SHZ9F5J
Date: Wed, 26 Oct 2022 05:39:05 GMT
Last-Modified: Thu, 25 Jun 2020 08:18:14 GMT
ETag: "e73bda30c82b74c32e5f03e4ed4e4bb1"
x-amz-meta-s3b-last-modified: 20200625T081632Z
Accept-Ranges: bytes
Content-Type: image/jpeg
Server: AmazonS3
Content-Length: 9313
withholdsubsequently.com/ren.gif?sid=H4sIAAAAAAAC%2F1RSwYscxRutTvbw%2BxEElVwElTkIRnBnu3tmembMIRjjyuKaDYliDoJUV1XPVramq6nqmp7di0sCkoPg5D%2FofbObRQ2iNxEMoTeSw4Kw42kP7j8hBvEkM1kc%2FaD5vtfvHd73vvp8x50QH44eX%2FlAb0ml6FKr7tcu3AyCi7VVmbphbdiJPo2aF2tm8FY3qvtv1N4TbEMvhX7g%2B4Ef1JalEYkeLk1JyOxBN6h3%2FXozrAetJobmv9g6D5Z64IMT8iIknyw89s5Dsgpp%2F7srwm7kOnvz3b5TNNcGA77%2FUbqR6iJFfz4mxkOS7p%2Bqoe3R8kPodG9mF3rwjzCWE%2BI9eYg43T81iXiwO%2FMZK4gUMT%2BHYlBBqAqSVmD6DiQ%2FIgDjuLqGtH%2F%2FqjYF3XzG0ik7IQtPf4csJmTht%2FNI%2B99eVnJYu6GVy6VOLYZJCTmsIHsVMneAfOsMZHEAlt%2BG5L%2BQpaerSPu7a1ZpSH78WtQNedQVncVu0G0uNjuNzmIctpLFkLUSwVoJbyfdWUBSVpBJBSVGoNaDm37Sg0s8uMxDnx%2FXWBAEbZ8z6ne6jDV4W8QR9wPaTgIa%2BFEHjk13GCHPRmBqBGa2kZltbMh7E0Ju78K4R7DrJSz3YHOCAS9RCILCEhSUoJAERU5QDMo9rmxoy%2FtcWRcHpz087Y1yrPPeDt3TeU%2BkZCc7IS9M0%2FOe%2B%2Bx1bIjjWhgkotFt%2BUkzCIUfRqzRSII4YkJEQUPEFFaWkPbMbNctOSGvts4hkxPyv0uPENMDWHUAJp8Hda%2BAFuN26IOuj5sdH1vpDynNnaFqXVCVr1vtDBN1plwMrktk%2BQLyTW9HnZCXZheNwr8g2OGln6svP7nwxwGYKZGZErfkY4Keuju%2Brguye10Xlny%2FluWyL7fo9No3cpqLs1%2B%2FLzYLbfjKFTv66m02Jabjgw%2BFzVdpymXas%2BSby5JzYZa1YYL8tGI%2FFvE1Z9cvO5O6bPXaO8sr%2FcwIa6VOK1B5ZL8AkxPyf6pnz%2FjlWz9CmgrGlei7Q3JakLoCy7Zhs7l7qwmMmmvizEPhyrEJ4%2FlPJQmUmGMal7D%2FwvF83rF30TMeaH4Hab%2FEwJQYqBJUjWDd2XGemcNLvzZmhVh541gZbzdWRt17Fq2Vx7V2o%2BHTqNsK2m0q2nEz7CRRwCkNm1EYRbSB3E7YzSd%2F%2Fg0AAP%2F%2FAQAA%2F%2F%2BQZrC6kQQAAA%3D%3D
173.233.137.60200 OK 7 B URL HTTP/1.1 withholdsubsequently.com/ren.gif?sid=H4sIAAAAAAAC%2F1RSwYscxRutTvbw%2BxEElVwElTkIRnBnu3tmembMIRjjyuKaDYliDoJUV1XPVramq6nqmp7di0sCkoPg5D%2FofbObRQ2iNxEMoTeSw4Kw42kP7j8hBvEkM1kc%2FaD5vtfvHd73vvp8x50QH44eX%2FlAb0ml6FKr7tcu3AyCi7VVmbphbdiJPo2aF2tm8FY3qvtv1N4TbEMvhX7g%2B4Ef1JalEYkeLk1JyOxBN6h3%2FXozrAetJobmv9g6D5Z64IMT8iIknyw89s5Dsgpp%2F7srwm7kOnvz3b5TNNcGA77%2FUbqR6iJFfz4mxkOS7p%2Bqoe3R8kPodG9mF3rwjzCWE%2BI9eYg43T81iXiwO%2FMZK4gUMT%2BHYlBBqAqSVmD6DiQ%2FIgDjuLqGtH%2F%2FqjYF3XzG0ik7IQtPf4csJmTht%2FNI%2B99eVnJYu6GVy6VOLYZJCTmsIHsVMneAfOsMZHEAlt%2BG5L%2BQpaerSPu7a1ZpSH78WtQNedQVncVu0G0uNjuNzmIctpLFkLUSwVoJbyfdWUBSVpBJBSVGoNaDm37Sg0s8uMxDnx%2FXWBAEbZ8z6ne6jDV4W8QR9wPaTgIa%2BFEHjk13GCHPRmBqBGa2kZltbMh7E0Ju78K4R7DrJSz3YHOCAS9RCILCEhSUoJAERU5QDMo9rmxoy%2FtcWRcHpz087Y1yrPPeDt3TeU%2BkZCc7IS9M0%2FOe%2B%2Bx1bIjjWhgkotFt%2BUkzCIUfRqzRSII4YkJEQUPEFFaWkPbMbNctOSGvts4hkxPyv0uPENMDWHUAJp8Hda%2BAFuN26IOuj5sdH1vpDynNnaFqXVCVr1vtDBN1plwMrktk%2BQLyTW9HnZCXZheNwr8g2OGln6svP7nwxwGYKZGZErfkY4Keuju%2Brguye10Xlny%2FluWyL7fo9No3cpqLs1%2B%2FLzYLbfjKFTv66m02Jabjgw%2BFzVdpymXas%2BSby5JzYZa1YYL8tGI%2FFvE1Z9cvO5O6bPXaO8sr%2FcwIa6VOK1B5ZL8AkxPyf6pnz%2FjlWz9CmgrGlei7Q3JakLoCy7Zhs7l7qwmMmmvizEPhyrEJ4%2FlPJQmUmGMal7D%2FwvF83rF30TMeaH4Hab%2FEwJQYqBJUjWDd2XGemcNLvzZmhVh541gZbzdWRt17Fq2Vx7V2o%2BHTqNsK2m0q2nEz7CRRwCkNm1EYRbSB3E7YzSd%2F%2Fg0AAP%2F%2FAQAA%2F%2F%2BQZrC6kQQAAA%3D%3D
IP 173.233.137.60:0
File type ASCII text, with no line terminators
Hash 132d6af1b46048b45cf86cdee7991d31
eb7007d03d59b65bc6da7e098c4d38fc6dfb6285
ab852e838deccd742a03ca81d4a8d75cf1a00b327db3eaf46bd7da6b6db9384c
Analyzer Verdict Alert quad9 Sinkholed
GET /ren.gif?sid=H4sIAAAAAAAC%2F1RSwYscxRutTvbw%2BxEElVwElTkIRnBnu3tmembMIRjjyuKaDYliDoJUV1XPVramq6nqmp7di0sCkoPg5D%2FofbObRQ2iNxEMoTeSw4Kw42kP7j8hBvEkM1kc%2FaD5vtfvHd73vvp8x50QH44eX%2FlAb0ml6FKr7tcu3AyCi7VVmbphbdiJPo2aF2tm8FY3qvtv1N4TbEMvhX7g%2B4Ef1JalEYkeLk1JyOxBN6h3%2FXozrAetJobmv9g6D5Z64IMT8iIknyw89s5Dsgpp%2F7srwm7kOnvz3b5TNNcGA77%2FUbqR6iJFfz4mxkOS7p%2Bqoe3R8kPodG9mF3rwjzCWE%2BI9eYg43T81iXiwO%2FMZK4gUMT%2BHYlBBqAqSVmD6DiQ%2FIgDjuLqGtH%2F%2FqjYF3XzG0ik7IQtPf4csJmTht%2FNI%2B99eVnJYu6GVy6VOLYZJCTmsIHsVMneAfOsMZHEAlt%2BG5L%2BQpaerSPu7a1ZpSH78WtQNedQVncVu0G0uNjuNzmIctpLFkLUSwVoJbyfdWUBSVpBJBSVGoNaDm37Sg0s8uMxDnx%2FXWBAEbZ8z6ne6jDV4W8QR9wPaTgIa%2BFEHjk13GCHPRmBqBGa2kZltbMh7E0Ju78K4R7DrJSz3YHOCAS9RCILCEhSUoJAERU5QDMo9rmxoy%2FtcWRcHpz087Y1yrPPeDt3TeU%2BkZCc7IS9M0%2FOe%2B%2Bx1bIjjWhgkotFt%2BUkzCIUfRqzRSII4YkJEQUPEFFaWkPbMbNctOSGvts4hkxPyv0uPENMDWHUAJp8Hda%2BAFuN26IOuj5sdH1vpDynNnaFqXVCVr1vtDBN1plwMrktk%2BQLyTW9HnZCXZheNwr8g2OGln6svP7nwxwGYKZGZErfkY4Keuju%2Brguye10Xlny%2FluWyL7fo9No3cpqLs1%2B%2FLzYLbfjKFTv66m02Jabjgw%2BFzVdpymXas%2BSby5JzYZa1YYL8tGI%2FFvE1Z9cvO5O6bPXaO8sr%2FcwIa6VOK1B5ZL8AkxPyf6pnz%2FjlWz9CmgrGlei7Q3JakLoCy7Zhs7l7qwmMmmvizEPhyrEJ4%2FlPJQmUmGMal7D%2FwvF83rF30TMeaH4Hab%2FEwJQYqBJUjWDd2XGemcNLvzZmhVh541gZbzdWRt17Fq2Vx7V2o%2BHTqNsK2m0q2nEz7CRRwCkNm1EYRbSB3E7YzSd%2F%2Fg0AAP%2F%2FAQAA%2F%2F%2BQZrC6kQQAAA%3D%3D HTTP/1.1
Host: withholdsubsequently.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Cookie: u_pl=17661735; uid_id2=692d69e8-9194-4838-b25f-2c5fec5fd7f9:1:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Wed, 26 Oct 2022 05:39:04 GMT
Content-Type: image/gif
Content-Length: 7
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA-Full-Version-ListSec-CH-UA-MobileSec-CH-UA-Platform,Sec-CH-UA-Mobile,Sec-CH-UA-Platform,Sec-CH-UA-PlatformSec-CH-UA-ModelSec-CH-UA-Mobile,Sec-CH-UA-PlatformSec-CH-UA-Platform-Version,Sec-CH-UASec-CH-UA-MobileSec-CH-UA-Platform,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 61d5008b38dd8dad68b2f3a28c14cb38
Strict-Transport-Security: max-age=0; includeSubdomains
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash f48778a5fcbc4a835f8c5575e4ac2c9a
7a6b2b9f0faa5f332c23aa41cd7522f0bc54870e
6f211a0cc0c1c5a9ebd8210f6c752f3d990595241eea2e686605a5a56652bfb6
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "6F211A0CC0C1C5A9EBD8210F6C752F3D990595241EEA2E686605A5A56652BFB6"
Last-Modified: Mon, 24 Oct 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2212
Expires: Wed, 26 Oct 2022 06:15:56 GMT
Date: Wed, 26 Oct 2022 05:39:04 GMT
Connection: keep-alive
e1.o.lencr.org/
23.36.77.32200 OK 346 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 828e18f94b117185ae1741950339f151
9e5be482e5cb0e4b214b064b936b15d2718d1c99
add008da2c5eff2e1e787e88d616cc7f3003c4ea5a5e81b9158dfa64ce290199
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 346
ETag: "ADD008DA2C5EFF2E1E787E88D616CC7F3003C4EA5A5E81B9158DFA64CE290199"
Last-Modified: Mon, 24 Oct 2022 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2479
Expires: Wed, 26 Oct 2022 06:20:23 GMT
Date: Wed, 26 Oct 2022 05:39:04 GMT
Connection: keep-alive
withholdsubsequently.com/pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.barscreative1.com%2Fsb%2Fau%2Fb6%2Fcf%2F48%2Fb6cf48ca3e8ab4bdbcfaa2279b0fb2bc%2F1613726822.html&l=1274&fd=165
173.233.137.60200 OK 0 B URL HTTP/1.1 withholdsubsequently.com/pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.barscreative1.com%2Fsb%2Fau%2Fb6%2Fcf%2F48%2Fb6cf48ca3e8ab4bdbcfaa2279b0fb2bc%2F1613726822.html&l=1274&fd=165
IP 173.233.137.60:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.barscreative1.com%2Fsb%2Fau%2Fb6%2Fcf%2F48%2Fb6cf48ca3e8ab4bdbcfaa2279b0fb2bc%2F1613726822.html&l=1274&fd=165 HTTP/1.1
Host: withholdsubsequently.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Cookie: u_pl=17661735; uid_id2=692d69e8-9194-4838-b25f-2c5fec5fd7f9:1:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Wed, 26 Oct 2022 05:39:04 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
cdn.sb4you1.com/sb/ssp/utility/social-media/facebook/js/script.js
172.64.110.27200 OK 1.1 kB URL HTTP/2 cdn.sb4you1.com/sb/ssp/utility/social-media/facebook/js/script.js
IP 172.64.110.27:0
Hash 28d4a7781e929bcfc7d27aef59c4be3e
502211c0f2303669ae1a63bc1a6804fb91fa12ee
08ff5240032ca7f1fd4c5e3a742d9fa5dfbda731100e21f111395c69df1aec26
GET /sb/ssp/utility/social-media/facebook/js/script.js HTTP/1.1
Host: cdn.sb4you1.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://xfantazy.com
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Wed, 26 Oct 2022 05:39:04 GMT
content-type: application/javascript
last-modified: Sat, 20 Feb 2021 08:47:14 GMT
etag: W/"6030cc92-1bc"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 7241638
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=9e2BPyaHoYlWZ6j5EbnJ4hg0xAWfkn79O%2BpqgRP%2BQENnrhFHzbssTgqFuY5omk4mMCYqoqFqmmxolTd%2BJHJShQQ9MEYyDXkv18jYQ16wKKVc2LVg5aOlPGffnIehibMt4a8%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7600d9737ff47695-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 380e7faa2a3932803d3733d161018673
671bbc32cbc3ea575f244c175a1ca175196a3735
22d6ef29a9d8ea66a602103f9a9cbadf3eae78e38436a8476e75b6925eb6e4bb
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "22D6EF29A9D8EA66A602103F9A9CBADF3EAE78E38436A8476E75B6925EB6E4BB"
Last-Modified: Tue, 25 Oct 2022 07:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=1855
Expires: Wed, 26 Oct 2022 06:10:00 GMT
Date: Wed, 26 Oct 2022 05:39:05 GMT
Connection: keep-alive
cdn.sb4you1.com/sb/ssp/utility/social-media/facebook/css/style.css
172.64.110.27200 OK 1.5 kB URL HTTP/2 cdn.sb4you1.com/sb/ssp/utility/social-media/facebook/css/style.css
IP 172.64.110.27:0
Hash 908dce303e802b45f99455bfa3c26ef2
2f064693d34a6eac3903455fc3de8477c4554e40
60eed66130c70fbeb214c6ab5a7f747cfaaad001a5f10d33d3da7d57f70d6f98
GET /sb/ssp/utility/social-media/facebook/css/style.css HTTP/1.1
Host: cdn.sb4you1.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://xfantazy.com
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Wed, 26 Oct 2022 05:39:04 GMT
content-type: text/css
last-modified: Fri, 27 Aug 2021 12:19:14 GMT
etag: W/"6128d842-18be"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 7241638
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=fUWQTJxDGpa1difuqX2UN0Ihob25BTk2%2BYLt2WeCahqicUY2YtqoN0xcUsLFlEvV%2BAEHXJCEAwv365iZxeeJmar171D6JFLXbrzbXCk9eWJUSUS%2F6pP9pffs21yP4rAzaR4%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7600d9738ffd7695-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
cdn.cloudimagesb.com/si/a5/38/82/a538823dc3936f2d56da6943c137a79d/1658144826.jpg
45.133.44.10200 OK 17 kB URL HTTP/2 cdn.cloudimagesb.com/si/a5/38/82/a538823dc3936f2d56da6943c137a79d/1658144826.jpg
IP 45.133.44.10:0
ASN #39572 DataWeb Global Group B.V.
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 192x192, components 3\012- data
Hash 11e8fa77a29b9c78b6a9b759abff4667
b67f409f364c567805e7fcd0d9f14fe882cf0592
27e7345cc77747f44f5acbc02bf5afbebb0d831a4e4f06a171d7876382ffd049
GET /si/a5/38/82/a538823dc3936f2d56da6943c137a79d/1658144826.jpg HTTP/1.1
Host: cdn.cloudimagesb.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Wed, 26 Oct 2022 05:39:05 GMT
content-type: image/jpeg
content-length: 16913
server: nginx/1.17.6
last-modified: Mon, 18 Jul 2022 11:47:14 GMT
etag: "62d54842-4211"
expires: Fri, 28 Oct 2022 05:39:05 GMT
cache-control: max-age=172800
x-proxy-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
withholdsubsequently.com/pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.sb4you1.com%2Fsb%2Fssp%2Futility%2Fsocial-media%2Ffacebook%2Fcss%2Fstyle.css&l=6334&fd=104
173.233.137.60200 OK 0 B URL HTTP/1.1 withholdsubsequently.com/pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.sb4you1.com%2Fsb%2Fssp%2Futility%2Fsocial-media%2Ffacebook%2Fcss%2Fstyle.css&l=6334&fd=104
IP 173.233.137.60:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.sb4you1.com%2Fsb%2Fssp%2Futility%2Fsocial-media%2Ffacebook%2Fcss%2Fstyle.css&l=6334&fd=104 HTTP/1.1
Host: withholdsubsequently.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Cookie: u_pl=17661735; uid_id2=692d69e8-9194-4838-b25f-2c5fec5fd7f9:1:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Wed, 26 Oct 2022 05:39:05 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
withholdsubsequently.com/pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.sb4you1.com%2Fsb%2Fssp%2Futility%2Fsocial-media%2Ffacebook%2Fjs%2Fscript.js&l=444&fd=96
173.233.137.60200 OK 0 B URL HTTP/1.1 withholdsubsequently.com/pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.sb4you1.com%2Fsb%2Fssp%2Futility%2Fsocial-media%2Ffacebook%2Fjs%2Fscript.js&l=444&fd=96
IP 173.233.137.60:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.sb4you1.com%2Fsb%2Fssp%2Futility%2Fsocial-media%2Ffacebook%2Fjs%2Fscript.js&l=444&fd=96 HTTP/1.1
Host: withholdsubsequently.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Cookie: u_pl=17661735; uid_id2=692d69e8-9194-4838-b25f-2c5fec5fd7f9:1:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Wed, 26 Oct 2022 05:39:05 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
withholdsubsequently.com/impr.gif?sid=H4sIAAAAAAAC%2F1RST4sc1Rd9lczi9yMIKtkIKr0QjOD0VFX%2FN4tgjCPBMQmJYhaCvH%2FV8zKv6xXv1evqzMaQgGQh2PkGNadnMqhBdCeCIdREshgQpl3NwvkSYhBX0p3B1gvFvafOWZx77vt8yx%2BREJ4eXvjAbCqt6UqrHtbOXI%2Bis7U1lfpRbdRtf9punq3Z4Vu9dj18o%2Fae5BtmJQ6jMIzCqLaqrEzMaGVGQmUPelG9F9abcT1qNTGy%2F8XOB3A0gBgekRehxHTpcXAaildIB99dkG4jN9mb7w68prmxGIrdj9KN1BQpBosxsQGSdPdYDeMOVh%2FCpDtzuzDDf4RMTUnw5CFYuntsEmy4PffJNGQKJk6hGFaQuoKiFbi5AyUOCMAFLl1GOrh%2FydiC3nzG0hk7JUtPf4cqpmTpt9NIB9%2Be12pUu2a0z5VJHUZJCTWqoPoVMr%2BHfPMEVLEHnt%2BGEr%2BQladrSAfbl502UOLwtXYvFu2e7C73ol5zudltdJdZ3EqWY95KJG8lopP05gEpVUElFbQcg7oAfvapAD4J4LMAA3FY41EUdULBadjtcd4QHcnaIoxoJ4loFLa78Hy2wxh5NgbXY3B7C5m9hQ11b0rI7W1Y%2FwhuvYQTAVxOMBQlCklQOIKCEhSKoMgJimG5I7SLXXlfaOdZdNzj494oJybvb9Edk%2FdlSrayI%2FLCLL3guc9ex4Y8rMVRIhu9Vpg0o1iGcZs3GknE2lzKdtSQjMKpEsqdmO%2B6qabk1dYpZGpK%2FnfuERjdg9N74Op5UP8KaDHpxCHo%2BqTZDbGZ%2FpDS3Fuq1yXV%2Bboz3nJZ59ozCFMiy5eQ3wy29BF5aX7RdvwXJN8%2F93P15Sdn%2FtgDtyUyW%2BKGekzQ13cnV01Btq%2BawpHvL2e5GqhNOrv2tZzm8uTX78ubhbHi4gU3%2FuptPiNm44MPpcvXaCpU2nfkm%2FNKCGlXjeWS%2FHTRfSzZFe%2FWz3ub%2BmztyjurFweZlc4pk1ag6sB9Aa6m5P%2FUzJ%2Fxyzd%2BhLIVrC8x8PvkuKBMBZ7dgssW7p0hsHqhYVmAwpcTG7PFT60ItFxgykq4f2G2mLfcXfRtAJrfQTooMbQlhroE1WM4f3KSZ3b%2F3K%2BNeYHpYMK0DbaZtvres2idOqw1QtFhMpEdJputZiK5YK0WC3nCWUN0uxy5m%2FLrT%2F78GwAA%2F%2F8BAAD%2F%2FxCyZVKRBAAA
173.233.137.60200 OK 7 B URL HTTP/1.1 withholdsubsequently.com/impr.gif?sid=H4sIAAAAAAAC%2F1RST4sc1Rd9lczi9yMIKtkIKr0QjOD0VFX%2FN4tgjCPBMQmJYhaCvH%2FV8zKv6xXv1evqzMaQgGQh2PkGNadnMqhBdCeCIdREshgQpl3NwvkSYhBX0p3B1gvFvafOWZx77vt8yx%2BREJ4eXvjAbCqt6UqrHtbOXI%2Bis7U1lfpRbdRtf9punq3Z4Vu9dj18o%2Fae5BtmJQ6jMIzCqLaqrEzMaGVGQmUPelG9F9abcT1qNTGy%2F8XOB3A0gBgekRehxHTpcXAaildIB99dkG4jN9mb7w68prmxGIrdj9KN1BQpBosxsQGSdPdYDeMOVh%2FCpDtzuzDDf4RMTUnw5CFYuntsEmy4PffJNGQKJk6hGFaQuoKiFbi5AyUOCMAFLl1GOrh%2FydiC3nzG0hk7JUtPf4cqpmTpt9NIB9%2Be12pUu2a0z5VJHUZJCTWqoPoVMr%2BHfPMEVLEHnt%2BGEr%2BQladrSAfbl502UOLwtXYvFu2e7C73ol5zudltdJdZ3EqWY95KJG8lopP05gEpVUElFbQcg7oAfvapAD4J4LMAA3FY41EUdULBadjtcd4QHcnaIoxoJ4loFLa78Hy2wxh5NgbXY3B7C5m9hQ11b0rI7W1Y%2FwhuvYQTAVxOMBQlCklQOIKCEhSKoMgJimG5I7SLXXlfaOdZdNzj494oJybvb9Edk%2FdlSrayI%2FLCLL3guc9ex4Y8rMVRIhu9Vpg0o1iGcZs3GknE2lzKdtSQjMKpEsqdmO%2B6qabk1dYpZGpK%2FnfuERjdg9N74Op5UP8KaDHpxCHo%2BqTZDbGZ%2FpDS3Fuq1yXV%2Bboz3nJZ59ozCFMiy5eQ3wy29BF5aX7RdvwXJN8%2F93P15Sdn%2FtgDtyUyW%2BKGekzQ13cnV01Btq%2BawpHvL2e5GqhNOrv2tZzm8uTX78ubhbHi4gU3%2FuptPiNm44MPpcvXaCpU2nfkm%2FNKCGlXjeWS%2FHTRfSzZFe%2FWz3ub%2BmztyjurFweZlc4pk1ag6sB9Aa6m5P%2FUzJ%2Fxyzd%2BhLIVrC8x8PvkuKBMBZ7dgssW7p0hsHqhYVmAwpcTG7PFT60ItFxgykq4f2G2mLfcXfRtAJrfQTooMbQlhroE1WM4f3KSZ3b%2F3K%2BNeYHpYMK0DbaZtvres2idOqw1QtFhMpEdJputZiK5YK0WC3nCWUN0uxy5m%2FLrT%2F78GwAA%2F%2F8BAAD%2F%2FxCyZVKRBAAA
IP 173.233.137.60:0
File type ASCII text, with no line terminators
Hash 132d6af1b46048b45cf86cdee7991d31
eb7007d03d59b65bc6da7e098c4d38fc6dfb6285
ab852e838deccd742a03ca81d4a8d75cf1a00b327db3eaf46bd7da6b6db9384c
Analyzer Verdict Alert fortinet Phishing
quad9 Sinkholed
GET /impr.gif?sid=H4sIAAAAAAAC%2F1RST4sc1Rd9lczi9yMIKtkIKr0QjOD0VFX%2FN4tgjCPBMQmJYhaCvH%2FV8zKv6xXv1evqzMaQgGQh2PkGNadnMqhBdCeCIdREshgQpl3NwvkSYhBX0p3B1gvFvafOWZx77vt8yx%2BREJ4eXvjAbCqt6UqrHtbOXI%2Bis7U1lfpRbdRtf9punq3Z4Vu9dj18o%2Fae5BtmJQ6jMIzCqLaqrEzMaGVGQmUPelG9F9abcT1qNTGy%2F8XOB3A0gBgekRehxHTpcXAaildIB99dkG4jN9mb7w68prmxGIrdj9KN1BQpBosxsQGSdPdYDeMOVh%2FCpDtzuzDDf4RMTUnw5CFYuntsEmy4PffJNGQKJk6hGFaQuoKiFbi5AyUOCMAFLl1GOrh%2FydiC3nzG0hk7JUtPf4cqpmTpt9NIB9%2Be12pUu2a0z5VJHUZJCTWqoPoVMr%2BHfPMEVLEHnt%2BGEr%2BQladrSAfbl502UOLwtXYvFu2e7C73ol5zudltdJdZ3EqWY95KJG8lopP05gEpVUElFbQcg7oAfvapAD4J4LMAA3FY41EUdULBadjtcd4QHcnaIoxoJ4loFLa78Hy2wxh5NgbXY3B7C5m9hQ11b0rI7W1Y%2FwhuvYQTAVxOMBQlCklQOIKCEhSKoMgJimG5I7SLXXlfaOdZdNzj494oJybvb9Edk%2FdlSrayI%2FLCLL3guc9ex4Y8rMVRIhu9Vpg0o1iGcZs3GknE2lzKdtSQjMKpEsqdmO%2B6qabk1dYpZGpK%2FnfuERjdg9N74Op5UP8KaDHpxCHo%2BqTZDbGZ%2FpDS3Fuq1yXV%2Bboz3nJZ59ozCFMiy5eQ3wy29BF5aX7RdvwXJN8%2F93P15Sdn%2FtgDtyUyW%2BKGekzQ13cnV01Btq%2BawpHvL2e5GqhNOrv2tZzm8uTX78ubhbHi4gU3%2FuptPiNm44MPpcvXaCpU2nfkm%2FNKCGlXjeWS%2FHTRfSzZFe%2FWz3ub%2BmztyjurFweZlc4pk1ag6sB9Aa6m5P%2FUzJ%2Fxyzd%2BhLIVrC8x8PvkuKBMBZ7dgssW7p0hsHqhYVmAwpcTG7PFT60ItFxgykq4f2G2mLfcXfRtAJrfQTooMbQlhroE1WM4f3KSZ3b%2F3K%2BNeYHpYMK0DbaZtvres2idOqw1QtFhMpEdJputZiK5YK0WC3nCWUN0uxy5m%2FLrT%2F78GwAA%2F%2F8BAAD%2F%2FxCyZVKRBAAA HTTP/1.1
Host: withholdsubsequently.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Cookie: u_pl=17661735; uid_id2=692d69e8-9194-4838-b25f-2c5fec5fd7f9:1:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Wed, 26 Oct 2022 05:39:05 GMT
Content-Type: image/gif
Content-Length: 7
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA-Full-Version-ListSec-CH-UA-MobileSec-CH-UA-Platform,Sec-CH-UA-Mobile,Sec-CH-UA-Platform,Sec-CH-UA-PlatformSec-CH-UA-ModelSec-CH-UA-Mobile,Sec-CH-UA-PlatformSec-CH-UA-Platform-Version,Sec-CH-UASec-CH-UA-MobileSec-CH-UA-Platform,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 72eda63bb9f356396bbc66ca9c4ea9b6
Strict-Transport-Security: max-age=0; includeSubdomains
withholdsubsequently.com/pixel/sbs?c=1
173.233.137.60200 OK 0 B URL HTTP/1.1 withholdsubsequently.com/pixel/sbs?c=1
IP 173.233.137.60:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert fortinet Phishing
quad9 Sinkholed
GET /pixel/sbs?c=1 HTTP/1.1
Host: withholdsubsequently.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Cookie: u_pl=17661735; uid_id2=692d69e8-9194-4838-b25f-2c5fec5fd7f9:1:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Wed, 26 Oct 2022 05:39:05 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
cdn.barscreative1.com/sb/au/b6/cf/48/b6cf48ca3e8ab4bdbcfaa2279b0fb2bc/1613726822.html
45.133.44.4200 OK 1.0 kB URL HTTP/2 cdn.barscreative1.com/sb/au/b6/cf/48/b6cf48ca3e8ab4bdbcfaa2279b0fb2bc/1613726822.html
IP 45.133.44.4:0
ASN #39572 DataWeb Global Group B.V.
Hash 4ce7f691ee3a0ab9f7522df0eba78699
c83eb6485a11bda18984151dac1d945d83530281
59491e86cdf9613f2dc00634efc07ecbc33d6a671df10156b9bbdd5b2d6fde22
Analyzer Verdict Alert fortinet Phishing
GET /sb/au/b6/cf/48/b6cf48ca3e8ab4bdbcfaa2279b0fb2bc/1613726822.html HTTP/1.1
Host: cdn.barscreative1.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://xfantazy.com
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Wed, 26 Oct 2022 05:39:04 GMT
content-type: text/html; charset=utf-8
server: nginx/1.17.6
last-modified: Fri, 19 Feb 2021 09:27:09 GMT
etag: W/"602f846d-4fa"
cache-control: max-age=3600
access-control-allow-origin: *
access-control-expose-headers: Date
content-encoding: gzip
expires: Wed, 26 Oct 2022 06:39:04 GMT
x-proxy-cache: HIT
X-Firefox-Spdy: h2
exploredefinitely.com/a2/f9/90/a2f990f10476061c719d1c1aa3a2ecd2.js
192.243.59.20403 Forbidden 67 B URL HTTP/1.1 exploredefinitely.com/a2/f9/90/a2f990f10476061c719d1c1aa3a2ecd2.js
IP 192.243.59.20:0
ASN #39572 DataWeb Global Group B.V.
Hash 17b33238d4affcf93d221246010f85a8
909075ad5c6536742a447978a872661358c65dd2
2f13fc84ca4ef19a1ae2908009e371f4233f0807fe2a096e63d9fae2423c156e
GET /a2/f9/90/a2f990f10476061c719d1c1aa3a2ecd2.js HTTP/1.1
Host: exploredefinitely.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 403 Forbidden
Server: nginx/1.17.9
Date: Wed, 26 Oct 2022 05:39:06 GMT
Content-Type: application/javascript
Content-Length: 0
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA-Full-Version-ListSec-CH-UA-MobileSec-CH-UA-Platform,Sec-CH-UA-Mobile,Sec-CH-UA-Platform,Sec-CH-UA-PlatformSec-CH-UA-ModelSec-CH-UA-Mobile,Sec-CH-UA-PlatformSec-CH-UA-Platform-Version,Sec-CH-UASec-CH-UA-MobileSec-CH-UA-Platform,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 351384ffc7c7daed258f3e50068a4d48
9485de7ac9d2df674a88a43e9494f24a9f510794
89185cc9342e3feff268c091653109f70ef012d0a13f2d0421f6c0eda88a45ec
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "89185CC9342E3FEFF268C091653109F70EF012D0A13F2D0421F6C0EDA88A45EC"
Last-Modified: Tue, 25 Oct 2022 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5794
Expires: Wed, 26 Oct 2022 07:15:40 GMT
Date: Wed, 26 Oct 2022 05:39:06 GMT
Connection: keep-alive
indoorsbeliefgrew.com/pixel/purst?dl=0&th=0&sc=0&rs=5837&rd=5837&fd=489&bv=22.8.v.2&tmpl=136
192.243.59.13200 OK 0 B URL HTTP/1.1 indoorsbeliefgrew.com/pixel/purst?dl=0&th=0&sc=0&rs=5837&rd=5837&fd=489&bv=22.8.v.2&tmpl=136
IP 192.243.59.13:0
ASN #39572 DataWeb Global Group B.V.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /pixel/purst?dl=0&th=0&sc=0&rs=5837&rd=5837&fd=489&bv=22.8.v.2&tmpl=136 HTTP/1.1
Host: indoorsbeliefgrew.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.17.6
Date: Wed, 26 Oct 2022 05:39:06 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
ocsp.digicert.com/
93.184.220.29200 OK 280 B IP 93.184.220.29:0
Hash 2b17f237fa7c65183ada0524e34f4e89
8a5c9f9f2b5fd3782747bc50eff344357af9fce8
f30adbb008d648fd421e88b1411adc569d4b4348d5ab67f6430b02b6418a80d2
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4136
Cache-Control: max-age=95822
Content-Type: application/ocsp-response
Date: Wed, 26 Oct 2022 05:39:06 GMT
Etag: "63578b20-118"
Expires: Thu, 27 Oct 2022 08:16:08 GMT
Last-Modified: Tue, 25 Oct 2022 07:07:12 GMT
Server: ECS (ska/F718)
X-Cache: HIT
Content-Length: 280
static-cache.k2s.cc/thumbnail/I7uTtSeiw66_qTWSrQ/w320h240/0.jpeg
188.72.235.184200 OK 10 kB URL HTTP/2 static-cache.k2s.cc/thumbnail/I7uTtSeiw66_qTWSrQ/w320h240/0.jpeg
IP 188.72.235.184:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v80), quality = 80", baseline, precision 8, 320x240, components 3\012- data
Hash 3fdec74aef9d5b98615bf6dca6f753ae
64b26fc0642c5f26a91c64ce34f61f21c1b4c231
2fa6ef39cc59441f2337a98f49a13e09674e987c1ff61662b94e16bf3719dd72
GET /thumbnail/I7uTtSeiw66_qTWSrQ/w320h240/0.jpeg HTTP/1.1
Host: static-cache.k2s.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: openresty
date: Wed, 26 Oct 2022 05:39:06 GMT
content-type: image/jpeg
content-length: 10287
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
strict-transport-security: max-age=15768000; preload
x-cache-status: HIT, HIT
X-Firefox-Spdy: h2
static-cache.k2s.cc/thumbnail/ce6X63D3n67kqm-VqQ/w320h240/0.jpeg
188.72.235.184200 OK 17 kB URL HTTP/2 static-cache.k2s.cc/thumbnail/ce6X63D3n67kqm-VqQ/w320h240/0.jpeg
IP 188.72.235.184:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v80), quality = 80", baseline, precision 8, 320x240, components 3\012- data
Hash c823db8717c017428d7f5b6a44bea404
4c6d2a05879851beca95474fe0c334780bc5706a
bd1e7c411f3b2f4cbfa4a987345814ea3999107a0dd70ff3cf8ee23b176d6871
GET /thumbnail/ce6X63D3n67kqm-VqQ/w320h240/0.jpeg HTTP/1.1
Host: static-cache.k2s.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: openresty
date: Wed, 26 Oct 2022 05:39:06 GMT
content-type: image/jpeg
content-length: 17184
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
strict-transport-security: max-age=15768000; preload
x-cache-status: HIT, HIT
X-Firefox-Spdy: h2
static-cache.k2s.cc/thumbnail/LLjHv3GgnK3k_GrB-g/w320h240/0.jpeg
188.72.235.184200 OK 9.3 kB URL HTTP/2 static-cache.k2s.cc/thumbnail/LLjHv3GgnK3k_GrB-g/w320h240/0.jpeg
IP 188.72.235.184:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v80), quality = 80", baseline, precision 8, 320x240, components 3\012- data
Hash 896354db90d3c05e248f34d936349d11
5627b0a10ffd3d800b591dfb5a92997c33a6262c
c3ee5cdeb8070d154a28ba8a246672abf56600941238fe4fab91dd5051d173e9
GET /thumbnail/LLjHv3GgnK3k_GrB-g/w320h240/0.jpeg HTTP/1.1
Host: static-cache.k2s.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: openresty
date: Wed, 26 Oct 2022 05:39:06 GMT
content-type: image/jpeg
content-length: 9322
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
strict-transport-security: max-age=15768000; preload
x-cache-status: HIT, HIT
X-Firefox-Spdy: h2
static-cache.k2s.cc/thumbnail/Ir6btCT3zKq98TqT_g/w320h240/0.jpeg
188.72.235.184200 OK 12 kB URL HTTP/2 static-cache.k2s.cc/thumbnail/Ir6btCT3zKq98TqT_g/w320h240/0.jpeg
IP 188.72.235.184:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v80), quality = 80", baseline, precision 8, 320x240, components 3\012- data
Hash 49e2abf162a84e2cfe2222748e37cadf
8b71d3dee812af95a30c8dda2190f921b74b424e
88ea609830f588be20b3f8c389077c57d8b44b8f29b626ba3c1d6f456ec96104
GET /thumbnail/Ir6btCT3zKq98TqT_g/w320h240/0.jpeg HTTP/1.1
Host: static-cache.k2s.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: openresty
date: Wed, 26 Oct 2022 05:39:06 GMT
content-type: image/jpeg
content-length: 12211
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
strict-transport-security: max-age=15768000; preload
x-cache-status: HIT, HIT
X-Firefox-Spdy: h2
static-cache.k2s.cc/thumbnail/IrzAvnL1yK_t_m-Q_w/w320h240/0.jpeg
188.72.235.184200 OK 14 kB URL HTTP/2 static-cache.k2s.cc/thumbnail/IrzAvnL1yK_t_m-Q_w/w320h240/0.jpeg
IP 188.72.235.184:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v80), quality = 80", baseline, precision 8, 320x240, components 3\012- data
Hash 8ed0a32de46698ca01725057f1c92de4
7634c7f3348de7c1711c30f534efad40e2e685b8
03d7df9d27c2dbbc4268fc03d795b5b9f3c774f071fb6e5567153633b9b590ba
GET /thumbnail/IrzAvnL1yK_t_m-Q_w/w320h240/0.jpeg HTTP/1.1
Host: static-cache.k2s.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: openresty
date: Wed, 26 Oct 2022 05:39:06 GMT
content-type: image/jpeg
content-length: 13956
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
strict-transport-security: max-age=15768000; preload
x-cache-status: HIT, HIT
X-Firefox-Spdy: h2
static-cache.k2s.cc/thumbnail/d-6UuiWvyqa6_TSV_w/w320h240/0.jpeg
188.72.235.184200 OK 12 kB URL HTTP/2 static-cache.k2s.cc/thumbnail/d-6UuiWvyqa6_TSV_w/w320h240/0.jpeg
IP 188.72.235.184:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v80), quality = 80", baseline, precision 8, 320x240, components 3\012- data
Hash 2124836010fff2a2db6c23d4c04357c3
a76b0899d5f4362c5ecc25e78c1274ded740457d
f280c10e5684d6705f738ad7a9307964017ac22275430ab3c196b214f69ff7d7
GET /thumbnail/d-6UuiWvyqa6_TSV_w/w320h240/0.jpeg HTTP/1.1
Host: static-cache.k2s.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: openresty
date: Wed, 26 Oct 2022 05:39:06 GMT
content-type: image/jpeg
content-length: 12167
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
strict-transport-security: max-age=15768000; preload
x-cache-status: HIT, HIT
X-Firefox-Spdy: h2
static-cache.k2s.cc/thumbnail/drmbvXCjzK7urjrCrA/w320h240/0.jpeg
188.72.235.184200 OK 12 kB URL HTTP/2 static-cache.k2s.cc/thumbnail/drmbvXCjzK7urjrCrA/w320h240/0.jpeg
IP 188.72.235.184:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v80), quality = 80", baseline, precision 8, 320x240, components 3\012- data
Hash eb8dceacfab170b74e2cacdd32c03db7
d8ac11df462d87c4c71edb31c419fe694752f3f3
d56fe6ace0e0ed5063f2b816d0eedc4a0025bee5a4009565bbd97c30e85fc38a
GET /thumbnail/drmbvXCjzK7urjrCrA/w320h240/0.jpeg HTTP/1.1
Host: static-cache.k2s.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: openresty
date: Wed, 26 Oct 2022 05:39:06 GMT
content-type: image/jpeg
content-length: 11943
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
strict-transport-security: max-age=15768000; preload
x-cache-status: HIT, HIT
X-Firefox-Spdy: h2
static-cache.k2s.cc/thumbnail/J77BuCT1zf_t8D3Bqw/w320h240/0.jpeg
188.72.235.184200 OK 14 kB URL HTTP/2 static-cache.k2s.cc/thumbnail/J77BuCT1zf_t8D3Bqw/w320h240/0.jpeg
IP 188.72.235.184:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v80), quality = 80", baseline, precision 8, 320x240, components 3\012- data
Hash 9cf950854fd110fa0e764c5a5f975775
d1542fac60123ccaebe2506d7780800a0590bf51
013398b85c4de27d15da3a41c5d35228425d056374d28065eb161b7729fbe009
GET /thumbnail/J77BuCT1zf_t8D3Bqw/w320h240/0.jpeg HTTP/1.1
Host: static-cache.k2s.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: openresty
date: Wed, 26 Oct 2022 05:39:06 GMT
content-type: image/jpeg
content-length: 14162
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
strict-transport-security: max-age=15768000; preload
x-cache-status: HIT, HIT
X-Firefox-Spdy: h2
static-cache.k2s.cc/thumbnail/JuqX73Xyz6a__zWQ-g/w320h240/0.jpeg
188.72.235.184200 OK 14 kB URL HTTP/2 static-cache.k2s.cc/thumbnail/JuqX73Xyz6a__zWQ-g/w320h240/0.jpeg
IP 188.72.235.184:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v80), quality = 80", baseline, precision 8, 320x240, components 3\012- data
Hash 60c005d00c6f257a443f38558d4bd7db
92a010ccbedd85225608cbd6b424c8b4a18ba24f
6847f83c7b6f8fe55816f30bf36420882cb08ac685c7664cc7ce51c5e9ad35f1
GET /thumbnail/JuqX73Xyz6a__zWQ-g/w320h240/0.jpeg HTTP/1.1
Host: static-cache.k2s.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: openresty
date: Wed, 26 Oct 2022 05:39:06 GMT
content-type: image/jpeg
content-length: 14370
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
strict-transport-security: max-age=15768000; preload
x-cache-status: MISS, HIT
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 280 B IP 93.184.220.29:0
Hash 2b17f237fa7c65183ada0524e34f4e89
8a5c9f9f2b5fd3782747bc50eff344357af9fce8
f30adbb008d648fd421e88b1411adc569d4b4348d5ab67f6430b02b6418a80d2
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4136
Cache-Control: max-age=95822
Content-Type: application/ocsp-response
Date: Wed, 26 Oct 2022 05:39:06 GMT
Etag: "63578b20-118"
Expires: Thu, 27 Oct 2022 08:16:08 GMT
Last-Modified: Tue, 25 Oct 2022 07:07:12 GMT
Server: ECS (ska/F718)
X-Cache: HIT
Content-Length: 280
ocsp.digicert.com/
93.184.220.29200 OK 278 B IP 93.184.220.29:0
Hash 4b501d73b4760c1a29b5faf70b0e58dc
d6197e584f883fa18fae81e467f35336c59dc73b
6c000606cbbca9f524005c9b0ff0290881d09bcfbee4c34f7e4093a7f34483d0
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5343
Cache-Control: max-age=154602
Content-Type: application/ocsp-response
Date: Wed, 26 Oct 2022 05:39:06 GMT
Etag: "63586c06-116"
Expires: Fri, 28 Oct 2022 00:35:48 GMT
Last-Modified: Tue, 25 Oct 2022 23:06:46 GMT
Server: ECS (ska/F718)
X-Cache: HIT
Content-Length: 278
a.focusde.info/api/spots/303891?p=1&s1=%subid1%&kw=
135.181.208.216200 OK 29 kB URL HTTP/2 a.focusde.info/api/spots/303891?p=1&s1=%subid1%&kw=
IP 135.181.208.216:0
ASN #24940 Hetzner Online GmbH
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- assembler source, ASCII text, with very long lines (49719)
Hash 926505419304b2efbd6e515174e81d42
cbadd48c49f6f5cfa1c1f1d790d0a73f0460b469
a992d92e19e5522f0a546ba571a5f2a01b4d527be3c091f4246d21bd2f2be2d6
GET /api/spots/303891?p=1&s1=%subid1%&kw= HTTP/1.1
Host: a.focusde.info
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Cookie: nauid=EDrfagI3Y1RuIBh5GxHj
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 26 Oct 2022 05:39:06 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
cache-control: private
content-encoding: gzip
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 278 B IP 93.184.220.29:0
Hash 4b501d73b4760c1a29b5faf70b0e58dc
d6197e584f883fa18fae81e467f35336c59dc73b
6c000606cbbca9f524005c9b0ff0290881d09bcfbee4c34f7e4093a7f34483d0
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5343
Cache-Control: max-age=154602
Content-Type: application/ocsp-response
Date: Wed, 26 Oct 2022 05:39:06 GMT
Etag: "63586c06-116"
Expires: Fri, 28 Oct 2022 00:35:48 GMT
Last-Modified: Tue, 25 Oct 2022 23:06:46 GMT
Server: ECS (ska/F718)
X-Cache: HIT
Content-Length: 278
syndication.realsrv.com/v1/api.php
95.211.229.248200 OK 2.8 kB URL HTTP/1.1 syndication.realsrv.com/v1/api.php
IP 95.211.229.248:0
ASN #60781 LeaseWeb Netherlands B.V.
File type JSON data\012- , ASCII text, with very long lines (6603), with no line terminators
Hash c01a7f88bae59c64dd6d15c6053c5ca9
f8770ee1e29a8a96d1e782a3719995dd792e1461
b2a1b38d118d6fe69a93c9442e04efa9696a5886e0ea16dcbb2ca1e3f6f3b085
POST /v1/api.php HTTP/1.1
Host: syndication.realsrv.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 289
Origin: https://a.focusde.info
Connection: keep-alive
Referer: https://a.focusde.info/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Wed, 26 Oct 2022 05:39:06 GMT
Content-Type: application/json
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Origin: https://a.focusde.info
Access-Control-Allow-Headers: Authorization, Content-Type
Access-Control-Request-Method: POST
Access-Control-Allow-Credentials: true
Set-Cookie: __uvt=a%3A1%3A%7Bi%3A0%3Bs%3A33%3A%226358c7fada43a3.372590942286184040%22%3B%7D; expires=Fri, 25-Oct-2024 05:39:06 GMT; Max-Age=63072000; path=/; domain=realsrv.com; secure; SameSite=None
X-Robots-Tag: noindex, follow
Content-Encoding: gzip
a.focusde.info/api/spots/303891?p=1&s1=%subid1%&kw=
135.181.208.216200 OK 4.5 kB URL HTTP/2 a.focusde.info/api/spots/303891?p=1&s1=%subid1%&kw=
IP 135.181.208.216:0
ASN #24940 Hetzner Online GmbH
Hash d49c05f7eabb6676a3b97bbf39feffd5
076360c1b135f103d82406f9979c3ea3a16901b9
ec0524228be483a33c4983f20d0f8cadecc4b7e76bfd90b391eabf327a0c5a10
GET /api/spots/303891?p=1&s1=%subid1%&kw= HTTP/1.1
Host: a.focusde.info
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Cookie: nauid=EDrfagI3Y1RuIBh5GxHj
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 26 Oct 2022 05:39:06 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
cache-control: private
content-encoding: gzip
X-Firefox-Spdy: h2
syndication.realsrv.com/v1/api.php
95.211.229.248200 OK 2.6 kB URL HTTP/1.1 syndication.realsrv.com/v1/api.php
IP 95.211.229.248:0
ASN #60781 LeaseWeb Netherlands B.V.
File type JSON data\012- , ASCII text, with very long lines (5618), with no line terminators
Hash e997dad1e8ceb885ec363faf8a12db0f
c7d51ffc97c8c857adaacd775d8a6c942d973b64
35214bc147dd8bf406556c85be9be192d7695f62cb4fdfdb050a1468c12121bf
POST /v1/api.php HTTP/1.1
Host: syndication.realsrv.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 289
Origin: https://a.focusde.info
Connection: keep-alive
Referer: https://a.focusde.info/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Wed, 26 Oct 2022 05:39:07 GMT
Content-Type: application/json
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Origin: https://a.focusde.info
Access-Control-Allow-Headers: Authorization, Content-Type
Access-Control-Request-Method: POST
Access-Control-Allow-Credentials: true
Set-Cookie: __uvt=a%3A1%3A%7Bi%3A0%3Bs%3A33%3A%226358c7fadc6e34.010272852481247109%22%3B%7D; expires=Fri, 25-Oct-2024 05:39:07 GMT; Max-Age=63072000; path=/; domain=realsrv.com; secure; SameSite=None
X-Robots-Tag: noindex, follow
Content-Encoding: gzip
media.aso1.net/js/ifr.html
172.64.162.11200 OK 683 B URL HTTP/2 media.aso1.net/js/ifr.html
IP 172.64.162.11:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash d2d3bf2d2fb4aa7316837dc403cb26f7
0f631c4efa9813231605dce847849ec7af6b2467
7fdebf2db5e4be585bd71d9ada9d5e9e4b2821e8f1f853747460d61179335d4b
GET /js/ifr.html HTTP/1.1
Host: media.aso1.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Wed, 26 Oct 2022 05:39:06 GMT
content-type: text/html
last-modified: Tue, 11 Oct 2022 12:27:41 GMT
etag: W/"6345613d-6ff"
expires: Mon, 17 Oct 2022 06:53:16 GMT
cache-control: max-age=259200
x-robots-tag: noindex, nofollow, noarchive, noimageindex
cf-cache-status: HIT
age: 562041
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=aCt%2BoBuP6hQKOoggw74i7fdwNP%2FnbBCI4plAk%2FXikFaLcR%2FYF57TNNylGCvSj7gvHLxwGTuOfdhN5vJd%2B2ys%2FXsNFCD8RC82DTRNaVEw9wwXXsYJ78q9%2Fe5DMgOLKw3uWQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7600d97e3a09e684-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
syndication.realsrv.com/cimp.php?t=api&data=H4sIAAAAAAAAAz1PbWrDMAy9yi5Qoy/LVn9vfzfo6AEcx6GD0kDTwAY6/Jyw1Q9JT3pCkgmIDggH0hfAI9sRkhsGgyAUMIq/f5xc0G/lsd7L9dLK9XFZ5vVeW6jXdehaRECPqmLqlgBYXVLWaNkjdBOw3GNS4U7UMTo7dFBkkZ1l8Lfzyc+fr44BCNjRCbz7bf1GsQO+wZVjrmkqY9XGEgCBEuVIkpEkIZhLy20yi8JJixqSIo3W5UwoqHEb5CVMc12XsYWv2zTvN3QE5Ejb6v+CMwqTkB/wmYj3B77LZfm5Vfdn+9934nMC+lArjEI1cTIb6iRaapOJdeg3mcAvP60NKoEBAAA=
95.211.229.248200 OK 20 B URL HTTP/1.1 syndication.realsrv.com/cimp.php?t=api&data=H4sIAAAAAAAAAz1PbWrDMAy9yi5Qoy/LVn9vfzfo6AEcx6GD0kDTwAY6/Jyw1Q9JT3pCkgmIDggH0hfAI9sRkhsGgyAUMIq/f5xc0G/lsd7L9dLK9XFZ5vVeW6jXdehaRECPqmLqlgBYXVLWaNkjdBOw3GNS4U7UMTo7dFBkkZ1l8Lfzyc+fr44BCNjRCbz7bf1GsQO+wZVjrmkqY9XGEgCBEuVIkpEkIZhLy20yi8JJixqSIo3W5UwoqHEb5CVMc12XsYWv2zTvN3QE5Ejb6v+CMwqTkB/wmYj3B77LZfm5Vfdn+9934nMC+lArjEI1cTIb6iRaapOJdeg3mcAvP60NKoEBAAA=
IP 95.211.229.248:0
ASN #60781 LeaseWeb Netherlands B.V.
Hash a4745abc5e7fdb89cc6df3069f3c6e69
74789f7ddbebd5b7323f6f8174005b4bf8c1f1ed
d1111b245f685176180e6f1631e6dc49badf6672368e9ce260c71355165effdf
GET /cimp.php?t=api&data=H4sIAAAAAAAAAz1PbWrDMAy9yi5Qoy/LVn9vfzfo6AEcx6GD0kDTwAY6/Jyw1Q9JT3pCkgmIDggH0hfAI9sRkhsGgyAUMIq/f5xc0G/lsd7L9dLK9XFZ5vVeW6jXdehaRECPqmLqlgBYXVLWaNkjdBOw3GNS4U7UMTo7dFBkkZ1l8Lfzyc+fr44BCNjRCbz7bf1GsQO+wZVjrmkqY9XGEgCBEuVIkpEkIZhLy20yi8JJixqSIo3W5UwoqHEb5CVMc12XsYWv2zTvN3QE5Ejb6v+CMwqTkB/wmYj3B77LZfm5Vfdn+9934nMC+lArjEI1cTIb6iRaapOJdeg3mcAvP60NKoEBAAA= HTTP/1.1
Host: syndication.realsrv.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://a.focusde.info
Connection: keep-alive
Referer: https://a.focusde.info/
Cookie: __uvt=a%3A1%3A%7Bi%3A0%3Bs%3A33%3A%226358c7fada43a3.372590942286184040%22%3B%7D; __upt=%7B%22v%22%3A1%2C%22id%22%3A%226358c7fada43a3.372590942286184040%22%2C%22pcma%22%3A%22%22%2C%22acma%22%3A%22508.0199%22%7D
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Wed, 26 Oct 2022 05:39:07 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Origin: https://a.focusde.info
Access-Control-Allow-Credentials: true
Set-Cookie: __uvt=a%3A1%3A%7Bi%3A0%3Bs%3A33%3A%226358c7fada43a3.372590942286184040%22%3B%7D; expires=Fri, 25 Oct 2024 05:39:07 GMT; path=; domain=.realsrv.com; Secure; SameSite=none
__upt=%7B%22v%22%3A1%2C%22id%22%3A%226358c7fada43a3.372590942286184040%22%2C%22pcma%22%3A%22%22%2C%22acma%22%3A%22508.029701%22%7D; expires=Fri, 25 Oct 2024 05:39:07 GMT; path=/; domain=.realsrv.com; Secure; SameSite=none
X-Robots-Tag: noindex, follow
Content-Encoding: gzip
s3t3d2y8.afcdn.net/library/415101/2a5c1628bbcbf135a12aa57fe4e98d740fc6b45e.jpg
185.76.9.18200 OK 31 kB URL HTTP/2 s3t3d2y8.afcdn.net/library/415101/2a5c1628bbcbf135a12aa57fe4e98d740fc6b45e.jpg
IP 185.76.9.18:0
ASN #60068 Datacamp Limited
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 90", baseline, precision 8, 300x300, components 3\012- data
Hash 819bb3bd6d51199e201a4a3a9a5229d7
2a5c1628bbcbf135a12aa57fe4e98d740fc6b45e
805b631ab8b0723bdc8a10df9f0a465d020f39daf55b4c709de825199c31b16b
GET /library/415101/2a5c1628bbcbf135a12aa57fe4e98d740fc6b45e.jpg HTTP/1.1
Host: s3t3d2y8.afcdn.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://a.focusde.info/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Wed, 26 Oct 2022 05:39:07 GMT
content-type: image/jpeg
content-length: 31174
last-modified: Tue, 25 Oct 2022 08:10:47 GMT
etag: "63579a07-79c6"
expires: Wed, 25 Oct 2023 08:21:06 GMT
cache-control: max-age=31536000
access-control-allow-origin: *
x-robots-tag: noindex, follow
x-cache-op: HIT
x-accel-expires: @1698224516
server: CDN77-Turbo
x-77-nzt: AblMCQ300wn/9yEBAA
x-77-nzt-ray: ffffffff86779f2cfbc75863ef27b406
x-cache: HIT
x-age: 74231
x-77-pop: stockholmSE
x-77-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
a.medfoodsafety.com/loader?a=4787908&v=2&t=1&s=4776911&p=8575&if=true
172.64.139.21200 OK 673 B URL HTTP/2 a.medfoodsafety.com/loader?a=4787908&v=2&t=1&s=4776911&p=8575&if=true
IP 172.64.139.21:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash 0708dafd5d020b7987bff90b76a4aefe
b59ea600802a4fc34b88ae8e71008fc61b80d125
d71d4350562f0f168914a97c73283b861f6a4d6410ddcc46728a4456354a35ef
GET /loader?a=4787908&v=2&t=1&s=4776911&p=8575&if=true HTTP/1.1
Host: a.medfoodsafety.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://a.focusde.info/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Wed, 26 Oct 2022 05:39:07 GMT
content-type: text/html
cache-control: no-cache, no-store, must-revalidate
expires: Sat, 26 Jul 1997 05:00:00 GMT
last-modified: Sun, 17 May 1998 03:00:00 GMT
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=VZiL%2Fc5QMdxjoC6y0FsMZ8qedqbhfqjL99%2FqvoCKc5%2F%2F20J2dzH79P2q7KDKQ7InW8fBjjDlw93ERkNAip8xNlj1cZnb2HNf3lWuwPpM71%2FjhfRJ2mZ4%2Fq9oGWRq9H9G0laj1sC7"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7600d980ca7e76cf-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
a.realsrv.com/video-slider.js
205.185.216.10200 OK 15 kB URL HTTP/1.1 a.realsrv.com/video-slider.js
IP 205.185.216.10:0
File type ASCII text, with very long lines (50565), with no line terminators
Hash ff672b4c086c488fb9c987941887e677
53254fd430914c4954624a053961d3fe3b61e336
5e1a9a2be665b011788980a01478a3b368b930d8ff11f8364f5b6b5bc58ba924
GET /video-slider.js HTTP/1.1
Host: a.realsrv.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://media.aso1.net/
Cookie: __uvt=a%3A1%3A%7Bi%3A0%3Bs%3A33%3A%226358c7fada43a3.372590942286184040%22%3B%7D; __upt=%7B%22v%22%3A1%2C%22id%22%3A%226358c7fada43a3.372590942286184040%22%2C%22pcma%22%3A%22%22%2C%22acma%22%3A%22508.029701%22%7D
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Date: Wed, 26 Oct 2022 05:39:07 GMT
Connection: Keep-Alive
Content-Encoding: gzip
Content-Length: 14794
Content-Type: application/javascript
Accept-Ranges: bytes
Cache-Control: max-age=10800
Server: nginx
etag: W/"25678912ae86a044048d3ec663b"
X-HW: 1666762746.dop009.sk1.t,1666762746.cds234.sk1.shn,1666762746.dop009.sk1.t,1666762747.cds207.sk1.c
Access-Control-Allow-Origin: *, *
syndication.realsrv.com/splash.php?idzone=4822360&cookieconsent=true
95.211.229.248200 OK 2.7 kB URL HTTP/1.1 syndication.realsrv.com/splash.php?idzone=4822360&cookieconsent=true
IP 95.211.229.248:0
ASN #60781 LeaseWeb Netherlands B.V.
File type XML 1.0 document text\012- XML document, ASCII text, with very long lines (1574)
Hash 39774b2007eaad14ec56060fc35bc450
621059da604dc0e8815f317d2032a0c90e69db66
9111ce44ae671248e4039d1958746ffd049742c7479ce66f2f9894134e09d71b
GET /splash.php?idzone=4822360&cookieconsent=true HTTP/1.1
Host: syndication.realsrv.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://media.aso1.net
Connection: keep-alive
Referer: https://media.aso1.net/
Cookie: __uvt=a%3A1%3A%7Bi%3A0%3Bs%3A33%3A%226358c7fada43a3.372590942286184040%22%3B%7D; __upt=%7B%22v%22%3A1%2C%22id%22%3A%226358c7fada43a3.372590942286184040%22%2C%22pcma%22%3A%22%22%2C%22acma%22%3A%22508.029701%22%7D
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Wed, 26 Oct 2022 05:39:07 GMT
Content-Type: text/xml;charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: __uvt=a%3A1%3A%7Bi%3A0%3Bs%3A33%3A%226358c7fada43a3.372590942286184040%22%3B%7D; expires=Fri, 25 Oct 2024 05:39:07 GMT; path=; domain=.realsrv.com; Secure; SameSite=none
c-tag=%7B%22tag-video%22%3A%22v3%7C%7CNOR%7C4822360%7C76144442%7C0%7C%7C508%7C41%7C3%7C15%7C0%7C0%7C0%7C25344%7C3143242%7C3143244%7C0%7C1%7C0%7C0%7C0%7C0%7C1%7C0%7C0%7C1%7C6358c7fada43a3.372590942286184040%7C%7C0%7Cmedia.aso1.net%7C%7C%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7Cok%22%7D; expires=Thu, 27 Oct 2022 05:39:07 GMT; path=/; domain=.realsrv.com; Secure; SameSite=none
Cache-Control: no-store
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: https://media.aso1.net
Access-Control-Allow-Credentials: true
X-Robots-Tag: noindex, follow
Content-Encoding: gzip
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 46aa43b9899b994f8415b685c0b7b670
a6393407d13c56881fa2bcc9838cf96ca7b734f6
5c5680eaeb44172df0c2f19906052f4732aa56304149db7be325c1cb28e21687
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "5C5680EAEB44172DF0C2F19906052F4732AA56304149DB7BE325C1CB28E21687"
Last-Modified: Mon, 24 Oct 2022 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5116
Expires: Wed, 26 Oct 2022 07:04:23 GMT
Date: Wed, 26 Oct 2022 05:39:07 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 46aa43b9899b994f8415b685c0b7b670
a6393407d13c56881fa2bcc9838cf96ca7b734f6
5c5680eaeb44172df0c2f19906052f4732aa56304149db7be325c1cb28e21687
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "5C5680EAEB44172DF0C2F19906052F4732AA56304149DB7BE325C1CB28E21687"
Last-Modified: Mon, 24 Oct 2022 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5116
Expires: Wed, 26 Oct 2022 07:04:23 GMT
Date: Wed, 26 Oct 2022 05:39:07 GMT
Connection: keep-alive
a.focusde.info/api/spots/312874?p=1&s1=%subid1%&kw=
135.181.208.216200 OK 5.4 kB URL HTTP/2 a.focusde.info/api/spots/312874?p=1&s1=%subid1%&kw=
IP 135.181.208.216:0
ASN #24940 Hetzner Online GmbH
Hash a2e100ff09cf0744f87fa3c6f2019b26
0f424322fab4bfe9104530d85870e3fc3de1e730
64e93f30f48b53e9aa8574accfee28ddf6b2429ec1fe947945e2edd2834127ea
GET /api/spots/312874?p=1&s1=%subid1%&kw= HTTP/1.1
Host: a.focusde.info
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Cookie: nauid=EDrfagI3Y1RuIBh5GxHj
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 26 Oct 2022 05:39:06 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
cache-control: private
content-encoding: gzip
X-Firefox-Spdy: h2
ocsp.sectigo.com/
104.18.32.68200 OK 472 B IP 104.18.32.68:0
Hash 4cb78912c53580064fb893b526787078
9133524621940b0fb175706b7135a3864435574b
b60056b3694f082302da725899fead1521c06c447457503d87d4fdf1e8a41548
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Wed, 26 Oct 2022 05:39:07 GMT
Content-Type: application/ocsp-response
Content-Length: 472
Connection: keep-alive
Last-Modified: Tue, 25 Oct 2022 08:27:03 GMT
Expires: Tue, 01 Nov 2022 08:27:02 GMT
Etag: "9133524621940b0fb175706b7135a3864435574b"
Cache-Control: max-age=527874,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb1
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 7600d982ed51b51d-OSL
poweredby.jads.co/js/jads.js
185.94.236.244301 Moved Permanently 178 B URL HTTP/1.1 poweredby.jads.co/js/jads.js
IP 185.94.236.244:0
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash cd2e0e43980a00fb6a2742d3afd803b8
81ffbd1712afe8cdf138b570c0fc9934742c33c1
bd9df047d51943acc4bc6cf55d88edb5b6785a53337ee2a0f74dd521aedde87d
GET /js/jads.js HTTP/1.1
Host: poweredby.jads.co
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://media.aso1.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Wed, 26 Oct 2022 05:39:07 GMT
Content-Type: text/html
Content-Length: 178
Connection: keep-alive
Location: jads2.js
syndication.realsrv.com/v1/api.php
95.211.229.248200 OK 2.4 kB URL HTTP/1.1 syndication.realsrv.com/v1/api.php
IP 95.211.229.248:0
ASN #60781 LeaseWeb Netherlands B.V.
File type JSON data\012- , ASCII text, with very long lines (5355), with no line terminators
Hash 2cb694360c33f5125b9ae593ab835c7c
78612a4449da112a950d12eadfbe7b2f4480e622
759ea8b37b382140bc399b25391ef125fc1af7b9d2723fd9322e1df7d924a173
POST /v1/api.php HTTP/1.1
Host: syndication.realsrv.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 250
Origin: https://media.aso1.net
Connection: keep-alive
Referer: https://media.aso1.net/
Cookie: __uvt=a%3A1%3A%7Bi%3A0%3Bs%3A33%3A%226358c7fada43a3.372590942286184040%22%3B%7D; __upt=%7B%22v%22%3A1%2C%22id%22%3A%226358c7fada43a3.372590942286184040%22%2C%22pcma%22%3A%22%22%2C%22acma%22%3A%22508.029701%22%7D
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Wed, 26 Oct 2022 05:39:07 GMT
Content-Type: application/json
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Origin: https://media.aso1.net
Access-Control-Allow-Headers: Authorization, Content-Type
Access-Control-Request-Method: POST
Access-Control-Allow-Credentials: true
X-Robots-Tag: noindex, follow
Content-Encoding: gzip
u3y8v8u4.aucdn.net/library/802424/b6a89ee9d081f89e9b2322022b00f14734e003c8.mp4
185.76.9.18206 Partial Content 82 kB URL HTTP/2 u3y8v8u4.aucdn.net/library/802424/b6a89ee9d081f89e9b2322022b00f14734e003c8.mp4
IP 185.76.9.18:0
ASN #60068 Datacamp Limited
File type ISO Media, MP4 Base Media v1 [ISO 14496-12:2003]\012- data
Hash 0d690e9431151d1944894a3d605a8217
57d038b7f07cc37d4a437e1d7e16fcd8c04be69f
12225f4b59e0e7b03078efe0d6b7aef9e2a5510583f47eb4d7152a94d5fd7df0
GET /library/802424/b6a89ee9d081f89e9b2322022b00f14734e003c8.mp4 HTTP/1.1
Host: u3y8v8u4.aucdn.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: video/webm,video/ogg,video/*;q=0.9,application/ogg;q=0.7,audio/*;q=0.6,*/*;q=0.5
Accept-Language: en-US,en;q=0.5
Range: bytes=0-
Connection: keep-alive
Referer: https://media.aso1.net/
Sec-Fetch-Dest: video
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 206 Partial Content
date: Wed, 26 Oct 2022 05:39:07 GMT
content-type: video/mp4
content-length: 5436709
last-modified: Fri, 07 Oct 2022 10:31:02 GMT
etag: "633fffe6-52f525"
expires: Sat, 07 Oct 2023 11:13:11 GMT
cache-control: max-age=31536000
access-control-allow-origin: *
x-robots-tag: noindex, follow
x-cache-op: HIT
x-accel-expires: @1696677306
server: CDN77-Turbo
x-77-nzt: AblMCQ0kaT//wb0YAA
x-77-nzt-ray: ffffffff86779f2cfbc7586323eb2116
x-cache: HIT
x-age: 1621441
x-77-pop: stockholmSE
x-77-cache: HIT
content-range: bytes 0-5436708/5436709
X-Firefox-Spdy: h2
s3t3d2y8.afcdn.net/library/623611/d072faccd5bf786646901428e54895921ab50f73.jpg
185.76.9.18200 OK 34 kB URL HTTP/2 s3t3d2y8.afcdn.net/library/623611/d072faccd5bf786646901428e54895921ab50f73.jpg
IP 185.76.9.18:0
ASN #60068 Datacamp Limited
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 90", baseline, precision 8, 300x300, components 3\012- data
Hash b91c96358753ce1ab4086e875c84c4e8
d072faccd5bf786646901428e54895921ab50f73
3be413c893134d87bd9a4532d47ad5726d31893c10330b23e8c6fb7935d307c5
GET /library/623611/d072faccd5bf786646901428e54895921ab50f73.jpg HTTP/1.1
Host: s3t3d2y8.afcdn.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://media.aso1.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Wed, 26 Oct 2022 05:39:07 GMT
content-type: image/jpeg
content-length: 34098
last-modified: Thu, 14 May 2020 09:51:02 GMT
etag: "5ebd1486-8532"
expires: Fri, 30 Jun 2023 11:33:09 GMT
cache-control: max-age=31536000
access-control-allow-origin: *
x-cache-op: HIT
x-accel-expires: @1688195214
server: CDN77-Turbo
x-robots-tag: noindex, follow
x-77-nzt: AblMCQ2huIP/7SqaAA
x-77-nzt-ray: ffffffff86779f2cfbc75863b3708b1c
x-cache: HIT
x-age: 10103533
x-77-pop: stockholmSE
x-77-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
poweredby.jads.co/js/jads2.js
185.94.236.244200 OK 1.7 kB URL HTTP/1.1 poweredby.jads.co/js/jads2.js
IP 185.94.236.244:0
File type ASCII text, with very long lines (3758), with no line terminators
Hash 558e1b61fc513016183a3812938e79fb
5f72ea61a2aad8f7a0956321d3fd8524db70eddf
a79f8c0aabfc2d1d45e4df2a86ca9172d292b08987f7a9d5c10bd10abf3aef54
GET /js/jads2.js HTTP/1.1
Host: poweredby.jads.co
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://media.aso1.net/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Wed, 26 Oct 2022 05:39:07 GMT
Content-Type: application/x-javascript
Last-Modified: Mon, 11 Jul 2022 00:36:11 GMT
Transfer-Encoding: chunked
Connection: close
ETag: W/"62cb707b-eae"
Content-Encoding: gzip
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 7e055b2a1f2295c8c15f94930fc29cf0
7957991c7b2eb8102dc6812cb3230d87009a03b0
a2c8b68c9fe1eb9341acb288ece1ffd80c87101bc343ec156d476a343f952365
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "A2C8B68C9FE1EB9341ACB288ECE1FFD80C87101BC343EC156D476A343F952365"
Last-Modified: Mon, 24 Oct 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9178
Expires: Wed, 26 Oct 2022 08:12:05 GMT
Date: Wed, 26 Oct 2022 05:39:07 GMT
Connection: keep-alive
a.bestcontentfood.top/warp/4788752?r=82846
172.64.135.39200 OK 3.2 kB URL HTTP/2 a.bestcontentfood.top/warp/4788752?r=82846
IP 172.64.135.39:0
File type ASCII text, with very long lines (4179), with no line terminators
Hash fb02c0d575881f87d9d12b71c94d14f4
f52d01a78f230b2aa0726aefe42337e80921c997
42661d97d8a55c91c33f3c60e8f030fd6d9a3f756444f439ce72d4ec23694432
Analyzer Verdict Alert fortinet Phishing
GET /warp/4788752?r=82846 HTTP/1.1
Host: a.bestcontentfood.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://a.focusde.info/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Wed, 26 Oct 2022 05:39:06 GMT
content-type: application/javascript; charset=UTF-8
referer: a.medfoodsafety.com
cache-control: public, max-age=900
etag: W/"b5bfe5efa4321a0b085300dd0d4edb9f"
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=TRHquAheSjrGAmU55W8XrCVRxo9FUXo2eu%2BOedscaV2QUCCe91y65NUKqb%2B0toz4npyIGHRaubl23vcgrBxpKG%2FHNCH5CDfmNc17kS6LaYqJzNutAflqorEJgWJM8nKjj29LbR40qnE%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7600d97f1bd775d2-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
unseenreport.com/pxf.gif?uuid=692d69e8-9194-4838-b25f-2c5fec5fd7f9&eb=afa55bd8bbaeee6cbf2f0b21fb513961&te=9e4947f35751465411fd1a4f5c358c78&ua=Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64%3B%20rv%3A96.0)%20Gecko%2F20100101%20Firefox%2F96.0&dev=r&res=14.31&b_frame=0&pk=01f75a95a38a8db0a8e82d995253a076&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=5
192.243.59.12200 OK 1 B URL HTTP/1.1 unseenreport.com/pxf.gif?uuid=692d69e8-9194-4838-b25f-2c5fec5fd7f9&eb=afa55bd8bbaeee6cbf2f0b21fb513961&te=9e4947f35751465411fd1a4f5c358c78&ua=Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64%3B%20rv%3A96.0)%20Gecko%2F20100101%20Firefox%2F96.0&dev=r&res=14.31&b_frame=0&pk=01f75a95a38a8db0a8e82d995253a076&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=5
IP 192.243.59.12:0
ASN #39572 DataWeb Global Group B.V.
File type very short file (no magic)
Hash 93b885adfe0da089cdf634904fd59f71
5ba93c9db0cff93f52b521d7420e43f6eda2784f
6e340b9cffb37a989ca544e6bb780a2c78901d3fb33738768511a30617afa01d
Analyzer Verdict Alert quad9 Sinkholed
GET /pxf.gif?uuid=692d69e8-9194-4838-b25f-2c5fec5fd7f9&eb=afa55bd8bbaeee6cbf2f0b21fb513961&te=9e4947f35751465411fd1a4f5c358c78&ua=Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64%3B%20rv%3A96.0)%20Gecko%2F20100101%20Firefox%2F96.0&dev=r&res=14.31&b_frame=0&pk=01f75a95a38a8db0a8e82d995253a076&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=5 HTTP/1.1
Host: unseenreport.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.17.6
Date: Wed, 26 Oct 2022 05:39:07 GMT
Content-Type: image/gif
Content-Length: 1
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: b82043e196588770e08ff822265527de
Strict-Transport-Security: max-age=0; includeSubdomains
ocsp.digicert.com/
93.184.220.29200 OK 313 B IP 93.184.220.29:0
Hash 2ffaa516ab1f29e9ddd3ddeda33e2411
10211554e713fd0557878e2a4602d528570c0df1
051f28115af7dd7708e1e0a19b695803bcae5282d630e24dc6d2e9d4d593c51e
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5675
Cache-Control: max-age=155278
Content-Type: application/ocsp-response
Date: Wed, 26 Oct 2022 05:39:07 GMT
Etag: "63586d5e-139"
Expires: Fri, 28 Oct 2022 00:47:05 GMT
Last-Modified: Tue, 25 Oct 2022 23:12:30 GMT
Server: ECS (ska/F718)
X-Cache: HIT
Content-Length: 313
ocsp.digicert.com/
93.184.220.29200 OK 313 B IP 93.184.220.29:0
Hash 2ffaa516ab1f29e9ddd3ddeda33e2411
10211554e713fd0557878e2a4602d528570c0df1
051f28115af7dd7708e1e0a19b695803bcae5282d630e24dc6d2e9d4d593c51e
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5675
Cache-Control: max-age=155278
Content-Type: application/ocsp-response
Date: Wed, 26 Oct 2022 05:39:07 GMT
Etag: "63586d5e-139"
Expires: Fri, 28 Oct 2022 00:47:05 GMT
Last-Modified: Tue, 25 Oct 2022 23:12:30 GMT
Server: ECS (ska/F718)
X-Cache: HIT
Content-Length: 313
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 90d325d9fec629e9060b2a2e9fe3e112
6da581763a0bf154f139dd7b8f94624b5045b129
ccb6025bc9ec42dbdc8ff034d0b2cbbe3226884366f853d8bd596dd91b7ba885
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "CCB6025BC9EC42DBDC8FF034D0B2CBBE3226884366F853D8BD596DD91B7BA885"
Last-Modified: Mon, 24 Oct 2022 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5025
Expires: Wed, 26 Oct 2022 07:02:52 GMT
Date: Wed, 26 Oct 2022 05:39:07 GMT
Connection: keep-alive
addresseepaper.com/sfp.js
172.64.193.5200 OK 0 B URL HTTP/2 addresseepaper.com/sfp.js
IP 172.64.193.5:0
GET /sfp.js HTTP/1.1
Host: addresseepaper.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Wed, 26 Oct 2022 05:39:04 GMT
content-type: application/javascript; charset=utf-8
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
access-control-allow-origin: *
expires: Thu, 01 Jan 1970 00:00:01 GMT
cache-control: max-age=14400
x-request-id: 8331c788b851fb5446a1defff47a74f0
strict-transport-security: max-age=0; includeSubdomains
cf-cache-status: EXPIRED
last-modified: Wed, 26 Oct 2022 05:39:04 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=6JlTHUowOkzxqg35gChWIchmIdu8rJcUvErhBfLwwIklena8VcNI2hVT9gBt5%2FODhh5S9F9iVPlDnW08nJLF%2FNVGHcNujJWwjP7eru3nUFg0ok2Tu3e9enfuclDBp%2FYSl3o1Vxw%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7600d9707c258871-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
pogothere.xyz/
172.64.172.27200 OK 0 B IP 172.64.172.27:0
GET / HTTP/1.1
Host: pogothere.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://xfantazy.com/
Origin: https://xfantazy.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Wed, 26 Oct 2022 05:39:01 GMT
content-type: text/plain
set-cookie: csu=826049399327017@1@1666762741; Max-Age=31104000; Secure; SameSite=None
access-control-allow-origin: https://xfantazy.com
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-headers: X-Requested-With, content-type
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=juwFJqDK0%2B5QaylbahmsJ%2FHbSTByQl9YMyb4391qU%2FZ%2BQcfRAKWXbn%2BsxM5jWNbIJBu7cCoDxvpGT3dhKm9yY0qog2tYyWOrC4ZFEw2ih04q%2F%2BzgKSSbRCE5e%2Bt10KXQ"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7600d960ef7706f5-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
a.focusde.info/api/spots/312873?p=1&s1=%subid1%&kw=
135.181.208.216200 OK 0 B URL HTTP/2 a.focusde.info/api/spots/312873?p=1&s1=%subid1%&kw=
IP 135.181.208.216:0
ASN #24940 Hetzner Online GmbH
GET /api/spots/312873?p=1&s1=%subid1%&kw= HTTP/1.1
Host: a.focusde.info
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Cookie: nauid=EDrfagI3Y1RuIBh5GxHj
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 26 Oct 2022 05:39:06 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
cache-control: private
content-encoding: gzip
X-Firefox-Spdy: h2
a.medfoodsafety.com/loader?a=4788750&v=2&t=30&s=4776911&p=8575&if=true
172.64.139.21200 OK 0 B URL HTTP/2 a.medfoodsafety.com/loader?a=4788750&v=2&t=30&s=4776911&p=8575&if=true
IP 172.64.139.21:0
GET /loader?a=4788750&v=2&t=30&s=4776911&p=8575&if=true HTTP/1.1
Host: a.medfoodsafety.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://a.focusde.info/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Wed, 26 Oct 2022 05:39:07 GMT
content-type: text/html
cache-control: no-cache, no-store, must-revalidate
expires: Sat, 26 Jul 1997 05:00:00 GMT
last-modified: Sun, 17 May 1998 03:00:00 GMT
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=bZfyMX751CCEQX0PA5DwUzzOOPUxuOYJ493DNc7UhAjnGPhYcKHzDbIbPu57DF2ExPGlfmLVuFcDXcWN0nGww%2Barto%2BAwKCy%2BgXzJIZLooPQdtjy8zo%2BwZCAHR9eS0AefzAf9VlZ"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7600d980da8276cf-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
pogothere.xyz/asd100.bin
172.64.172.27200 OK 0 B IP 172.64.172.27:0
GET /asd100.bin HTTP/1.1
Host: pogothere.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://xfantazy.com/
Origin: https://xfantazy.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Wed, 26 Oct 2022 05:39:01 GMT
content-type: binary/octet-stream
access-control-allow-origin: https://xfantazy.com
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-headers: X-Requested-With, content-type
cache-control: max-age=14400
cf-cache-status: HIT
age: 1861
last-modified: Wed, 26 Oct 2022 05:08:00 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=pXPvKZKzv0bEASZ7FerA1MisHBRgdlxDFY5Sh4P1o%2FTlgOYI%2B%2BV%2B1qlin7VWookFK5GCW8sJSbAQtSi5sRNj3A2WCmDbaRtnpxLfnpxSXUuKiEf6xSEQ1OJ5nzwmrOgB"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7600d960ff7e06f5-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
cdn.sb4you1.com/sb/ssp/utility/social-media/facebook/css/animate.css
172.64.110.27200 OK 0 B URL HTTP/2 cdn.sb4you1.com/sb/ssp/utility/social-media/facebook/css/animate.css
IP 172.64.110.27:0
GET /sb/ssp/utility/social-media/facebook/css/animate.css HTTP/1.1
Host: cdn.sb4you1.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://xfantazy.com
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Wed, 26 Oct 2022 05:39:04 GMT
content-type: text/css
last-modified: Sat, 20 Feb 2021 08:44:40 GMT
etag: W/"6030cbf8-1358d"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 4645818
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=mIWnHnVcDtZOtFzls34a%2Fu%2FBldKMjj%2Fvg97aKlbangPsuWQgS5ghmjdiucm6l2pOM0tpRvTNrzcv0PgXochcgyLZ5gKYvmZUifpCUPV8stmIKR%2F%2BUm59LzvlfsmaIzW6iwE%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7600d9737ff37695-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
fonts.googleapis.com/css?family=Roboto:100,300,400,500,700&display=swap
142.250.74.10200 OK 0 B URL HTTP/2 fonts.googleapis.com/css?family=Roboto:100,300,400,500,700&display=swap
IP 142.250.74.10:0
GET /css?family=Roboto:100,300,400,500,700&display=swap HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Wed, 26 Oct 2022 05:38:59 GMT
date: Wed, 26 Oct 2022 05:38:59 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
chaturbate.com/in/?track=adnium-900x250&tour=x1Rd&campaign=taOsB&c=1&p=0&gender=f
104.18.101.40302 Found 0 B URL HTTP/2 chaturbate.com/in/?track=adnium-900x250&tour=x1Rd&campaign=taOsB&c=1&p=0&gender=f
IP 104.18.101.40:0
GET /in/?track=adnium-900x250&tour=x1Rd&campaign=taOsB&c=1&p=0&gender=f HTTP/1.1
Host: chaturbate.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://camschat.net/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
date: Wed, 26 Oct 2022 05:39:07 GMT
content-type: text/html; charset=utf-8
location: /tours/3/?tour=x1Rd&campaign=taOsB&c=1&p=0&gender=f&disable_sound=0
p3p: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"
vary: Accept-Language, Cookie
content-language: en
content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.mmcdn.com https://*.highwebmedia.com https://*.chaturbate.com https://chaturbate.com https://ajax.googleapis.com https://js-agent.newrelic.com https://cdnjs.cloudflare.com https://www.google-analytics.com https://www.google.com/recaptcha/ https://www.google.com/cv/ https://www.gstatic.com/recaptcha/ https://www.gstatic.com/cv/ https://www.gstatic.com/eureka/ https://www.gstatic.com/cast/ https://*.nr-data.net https://certify-js.alexametrics.com https://player.vimeo.com/api/player.js http://static.hotjar.com https://static.hotjar.com https://script.hotjar.com ; style-src 'self' data: 'unsafe-inline' https://*.highwebmedia.com https://cdnjs.cloudflare.com https://fonts.googleapis.com ; img-src 'self' data: https://*.mmcdn.com https://*.highwebmedia.com https://*.stream.highwebmedia.com https://*.chaturbate.com https://chaturbate.com https://www.google-analytics.com https://static-pub.highwebmedia.com https://s3pv.highwebmedia.com https://cbphotovideo.s3.amazonaws.com https://cbphotovideo-eu.s3.amazonaws.com https://static-pub.highwebmedia.com.s3.amazonaws.com https://wowdvr.s3.amazonaws.com https://cbvideoupload.s3.amazonaws.com https://cdnjs.cloudflare.com https://www.gstatic.com https://*.nr-data.net https://certify.alexametrics.com https://stats.g.doubleclick.net https://cbgames.s3.amazonaws.com https://player.vimeo.com https://script.hotjar.com http://script.hotjar.com ; font-src 'self' data: https://*.mmcdn.com https://*.highwebmedia.com https://cdnjs.cloudflare.com https://fonts.gstatic.com http://script.hotjar.com https://script.hotjar.com ; connect-src 'self' blob: blob https://*.mmcdn.com wss://*.mmcdn.com wss://*.mmcdn.com:8443 https://*.highwebmedia.com wss://*.highwebmedia.com wss://*.highwebmedia.com:8443 https://*.nr-data.net https://*.chaturbate.com https://chaturbate.com https://www.google-analytics.com https://cbvideoupload.s3-accelerate.amazonaws.com https://stats.g.doubleclick.net https://internet-up.ably-realtime.com https://static-pub.highwebmedia.com https://s3pv.highwebmedia.com https://cbphotovideo.s3.amazonaws.com https://cbphotovideo-eu.s3.amazonaws.com https://static-pub.highwebmedia.com.s3.amazonaws.com https://wowdvr.s3.amazonaws.com https://cbvideoupload.s3.amazonaws.com https://tls-use1.fpapi.io https://use1.fptls.com https://eun1.fptls.com https://aps1.fptls.com http://*.hotjar.com:* https://*.hotjar.com:* https://vc.hotjar.io:* https://surveystats.hotjar.io wss://*.hotjar.com ; media-src 'self' https://*.mmcdn.com https://*.highwebmedia.com https://*.chaturbate.com https://chaturbate.com mediasource: blob: data: https://static-pub.highwebmedia.com https://s3pv.highwebmedia.com https://cbphotovideo.s3.amazonaws.com https://cbphotovideo-eu.s3.amazonaws.com https://static-pub.highwebmedia.com.s3.amazonaws.com https://wowdvr.s3.amazonaws.com https://cbvideoupload.s3.amazonaws.com; object-src 'self' https://*.mmcdn.com https://*.highwebmedia.com https://download.macromedia.com https://static-pub.highwebmedia.com https://s3pv.highwebmedia.com https://cbphotovideo.s3.amazonaws.com https://cbphotovideo-eu.s3.amazonaws.com https://static-pub.highwebmedia.com.s3.amazonaws.com https://wowdvr.s3.amazonaws.com https://cbvideoupload.s3.amazonaws.com ; frame-src 'self' https://*.mmcdn.com https://*.chaturbate.com https://chaturbate.com https://*.highwebmedia.com https://adserver.exoticads.com https://www.google.com/recaptcha/ https://*.wnu.com https://wnu.com https://checkout.2000charge.com https://www.sofort.com https://*.girogate.de https://player.vimeo.com https://vars.hotjar.com ; child-src 'self' blob: blob ; worker-src 'self' blob: blob ; form-action 'self' https://*.chaturbate.com https://chaturbate.com https://*.stream.highwebmedia.com https://www.coinpayments.net https://*.wnu.com https://wnu.com https://devportal.cb.dev https://*.web.amer-1.jumio.ai https://smartpay.coinsmart.com ; manifest-src 'self' https://*.mmcdn.com https://*.highwebmedia.com ; report-uri https://report-uri.mmcdn.com/r/t/csp/enforce;
report-to: {"group":"default","max_age":2592000,"endpoints":[{"url":"https://report-uri.mmcdn.com/a/t/g"}],"include_subdomains":true}
nel: {"report_to":"default","max_age":2592000,"include_subdomains":true}
x-frame-options: DENY
cache-control: no-cache
x-content-type-options: nosniff
x-xss-protection: 1; mode=block; report=https://report-uri.highwebmedia.com/r/t/xss/enforce
referrer-policy: strict-origin-when-cross-origin
via: 1.1 google
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cf-cache-status: DYNAMIC
set-cookie: u_x1Rd=1; expires=Mon, 31-Oct-2022 05:39:07 GMT; Max-Age=432000; Path=/
us_x1Rd=1; Path=/
affkey="eJwdjFsKgCAQAK8S+135gD7qswsE3WAzRREjdAMjuntsnzMD8wDB1EBV6w5tAyadjIRLmZkpR2bcj3ClbpSy6kFyyKw90VkmIQymYjxSf1gSXNE57ubebE4hWnb/WCt4PzeUIDE="; Domain=.chaturbate.com; expires=Fri, 25-Nov-2022 05:39:07 GMT; Max-Age=2592000; Path=/
fromaffiliate=1; Domain=.chaturbate.com; Path=/
noads=1; expires=Wed, 26-Oct-2022 11:39:07 GMT; Max-Age=21600; Path=/
sbr=sec:sbr0a0826b4-1f58-48e1-9493-7fd6dc11e429:1onZ87:F09n1jYGLKAqav40G0c35-sy9gU; Domain=.chaturbate.com; expires=Mon, 21-Jul-2025 05:39:07 GMT; HttpOnly; Max-Age=86313600; Path=/; Secure
__cf_bm=jiOyd0PHm9fSHCNOj5qbkQGMO.yDgNCsLRURzaepxJM-1666762747-0-AVidMxx1qYoMwP+1XWfjUt+KGe1KrfXEGczwYMgu7ShCiGwgUpDX8OdREs/3GsB/cDZEPokKjyPjxGwey2fgitY=; path=/; expires=Wed, 26-Oct-22 06:09:07 GMT; domain=.chaturbate.com; HttpOnly; Secure; SameSite=None
strict-transport-security: max-age=31536000; includeSubDomains; preload
server: cloudflare
cf-ray: 7600d9853bef0b06-OSL
X-Firefox-Spdy: h2
xfantazy.com/_next/static/chunks/47.6c9a4510342e4dd3af77.js
172.64.142.8200 OK 0 B URL HTTP/2 xfantazy.com/_next/static/chunks/47.6c9a4510342e4dd3af77.js
IP 172.64.142.8:0
GET /_next/static/chunks/47.6c9a4510342e4dd3af77.js HTTP/1.1
Host: xfantazy.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/video/60e0061a89db0071206f8822
Cookie: visitorId=meueu3ejyvgofo9uolr7da; experiment-popup-payment-7=0; experiment-save-to-button-2=0
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Wed, 26 Oct 2022 05:38:59 GMT
content-type: application/javascript; charset=UTF-8
cf-bgj: minify
cache-control: public, max-age=31536000, immutable
etag: W/"620-17c56c3481d"
last-modified: Wed, 06 Oct 2021 18:00:11 GMT
vary: Origin, Accept-Encoding
cf-cache-status: HIT
age: 31500998
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=EasbOI2H6CRz%2FHyFr%2BKqYitumr3kpKh4pmkL0n%2B2GVFZtK4dZMC8Wotnt%2FcSn%2Fm7C9YoZDCos8LUndNgS7m31rX3DuJXFN8rPQXqkXfxCVKI79GDcKpeKPneIIy37j8%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7600d9530857768b-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
xfantazy.com/_next/static/chunks/69.b3ff95d1d1b8e7cf25a2.js
172.64.142.8200 OK 0 B URL HTTP/2 xfantazy.com/_next/static/chunks/69.b3ff95d1d1b8e7cf25a2.js
IP 172.64.142.8:0
GET /_next/static/chunks/69.b3ff95d1d1b8e7cf25a2.js HTTP/1.1
Host: xfantazy.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/video/60e0061a89db0071206f8822
Cookie: visitorId=meueu3ejyvgofo9uolr7da; experiment-popup-payment-7=0; experiment-save-to-button-2=0
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Wed, 26 Oct 2022 05:38:59 GMT
content-type: application/javascript; charset=UTF-8
cf-bgj: minify
cache-control: public, max-age=31536000, immutable
etag: W/"61c-17c56c34821"
last-modified: Wed, 06 Oct 2021 18:00:11 GMT
vary: Origin, Accept-Encoding
cf-cache-status: HIT
age: 31500963
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=HieLxu9XMA%2BoUAxUy8hsf0m6VtSTXl4YSNaGAvZraVjCuHCGv9oX7WfsEMYAvJ3rPNriEFePaLJH%2FJ2nNh8W7dpcUU%2BhdtQYkDKuSnJdt639dLN%2B%2BgxINr6BSfOUpv0%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7600d9530859768b-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
a.focusde.info/api/spots/303894?p=1&s1=%subid1%&kw=
135.181.208.216200 OK 0 B URL HTTP/2 a.focusde.info/api/spots/303894?p=1&s1=%subid1%&kw=
IP 135.181.208.216:0
ASN #24940 Hetzner Online GmbH
GET /api/spots/303894?p=1&s1=%subid1%&kw= HTTP/1.1
Host: a.focusde.info
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Cookie: nauid=EDrfagI3Y1RuIBh5GxHj
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 26 Oct 2022 05:39:06 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
cache-control: private
content-encoding: gzip
X-Firefox-Spdy: h2
a.bestcontentfood.top/warp/4787908?r=55572
172.64.135.39200 OK 0 B URL HTTP/2 a.bestcontentfood.top/warp/4787908?r=55572
IP 172.64.135.39:0
Analyzer Verdict Alert fortinet Phishing
GET /warp/4787908?r=55572 HTTP/1.1
Host: a.bestcontentfood.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://a.focusde.info/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Wed, 26 Oct 2022 05:39:06 GMT
content-type: application/javascript; charset=UTF-8
referer: a.medfoodsafety.com
cache-control: public, max-age=900
etag: W/"b5bfe5efa4321a0b085300dd0d4edb9f"
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=hFTWlR8UXwNsB5TFlPrcSUgo0y5v35IoHXhhnqQNHIitnVhj1K0AkK1MnxteRpotqPMTdtSZ9wLZ2cf9nBjRvKVuXbW0gV9x9KzKMuKERWjb1rZ3tCpoaKY0MCSrOgvjT5iR9bLFUuA%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7600d97eebaf75d2-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
camschat.net/900250/game.php
66.230.180.98200 OK 0 B URL HTTP/2 camschat.net/900250/game.php
IP 66.230.180.98:0
GET /900250/game.php HTTP/1.1
Host: camschat.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://camschat.net/900250/adnium.php
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 26 Oct 2022 05:39:07 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
x-powered-by: PHP/7.4.3
content-encoding: gzip
X-Firefox-Spdy: h2
xfantazy.com/_next/static/chunks/59.edff5ae0d8d83054b552.js
172.64.142.8200 OK 0 B URL HTTP/2 xfantazy.com/_next/static/chunks/59.edff5ae0d8d83054b552.js
IP 172.64.142.8:0
GET /_next/static/chunks/59.edff5ae0d8d83054b552.js HTTP/1.1
Host: xfantazy.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/video/60e0061a89db0071206f8822
Cookie: visitorId=meueu3ejyvgofo9uolr7da; experiment-popup-payment-7=0; experiment-save-to-button-2=0
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Wed, 26 Oct 2022 05:38:59 GMT
content-type: application/javascript; charset=UTF-8
cf-bgj: minify
cache-control: public, max-age=31536000, immutable
etag: W/"c8b-17c56c36495"
last-modified: Wed, 06 Oct 2021 18:00:18 GMT
vary: Origin, Accept-Encoding
cf-cache-status: HIT
age: 31500964
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=0egXW8r8x%2FbkiRGGsWUT2%2FovH1k%2BGmKSretNnWEvb8H5Zg%2FK87KlcYgFzP1KAc0rDdUwiN217Fqeyb1ymswoGV0NsgiuRfpmcf9sl6Lg7P6mrFlH65W1L2JQpL%2BvAag%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7600d9530856768b-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
friendshipmale.com/sfp.js
172.64.203.23200 OK 0 B URL HTTP/2 friendshipmale.com/sfp.js
IP 172.64.203.23:0
Analyzer Verdict Alert quad9 Sinkholed
GET /sfp.js HTTP/1.1
Host: friendshipmale.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Wed, 26 Oct 2022 05:39:03 GMT
content-type: application/javascript; charset=utf-8
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
access-control-allow-origin: *
expires: Thu, 01 Jan 1970 00:00:01 GMT
cache-control: max-age=14400
x-request-id: bb55a8fbbd14fa73669bb74c338ba6a2
strict-transport-security: max-age=0; includeSubdomains
cf-cache-status: EXPIRED
last-modified: Wed, 26 Oct 2022 05:39:03 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=z3GuFVx4r6FIjwCOfQWj0KDuMraec0TxU9SZuzAo%2BvXj32EO2uXhC0pod7OmAl2REWoQL20fxAGte8amaMuZzkxt7sc%2FL4MY8HqTgvNKRE1CLP3M23PNL3s0KQj5YDTAam6N8pI%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7600d96d4c6606e9-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
accounts.google.com/v3/signin/identifier?dsh=S571389619%3A1666762741901915&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&hl=en&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&ifkv=AQDHYWojmCShFwWCZmLSC03DdTe_J8v22m5tl4w6MK39qlDfsYVBBLAnZUkENyCX2px2cfJHXEr1sw
216.58.207.237403 Forbidden 0 B URL HTTP/2 accounts.google.com/v3/signin/identifier?dsh=S571389619%3A1666762741901915&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&hl=en&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&ifkv=AQDHYWojmCShFwWCZmLSC03DdTe_J8v22m5tl4w6MK39qlDfsYVBBLAnZUkENyCX2px2cfJHXEr1sw
IP 216.58.207.237:0
GET /v3/signin/identifier?dsh=S571389619%3A1666762741901915&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&hl=en&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&ifkv=AQDHYWojmCShFwWCZmLSC03DdTe_J8v22m5tl4w6MK39qlDfsYVBBLAnZUkENyCX2px2cfJHXEr1sw HTTP/1.1
Host: accounts.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://xfantazy.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 403 Forbidden
content-type: text/html; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Wed, 26 Oct 2022 05:39:01 GMT
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
strict-transport-security: max-age=31536000; includeSubDomains
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-platform=*, ch-ua-platform-version=*
cross-origin-opener-policy-report-only: same-origin; report-to="AccountsSignInUi"
report-to: {"group":"AccountsSignInUi","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/AccountsSignInUi/external"}]}
content-security-policy: script-src 'nonce-Az4lf2O9ghLRo03CKRcE4A' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /v3/signin/_/AccountsSignInUi/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com;report-uri /v3/signin/_/AccountsSignInUi/cspreport/allowlist, require-trusted-types-for 'script';report-uri /v3/signin/_/AccountsSignInUi/cspreport
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
a.focusde.info/api/spots/303892?p=1&s1=%subid1%&kw=
135.181.208.216200 OK 0 B URL HTTP/2 a.focusde.info/api/spots/303892?p=1&s1=%subid1%&kw=
IP 135.181.208.216:0
ASN #24940 Hetzner Online GmbH
GET /api/spots/303892?p=1&s1=%subid1%&kw= HTTP/1.1
Host: a.focusde.info
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Cookie: nauid=EDrfagI3Y1RuIBh5GxHj
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 26 Oct 2022 05:39:06 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
cache-control: private
content-encoding: gzip
X-Firefox-Spdy: h2
fonts.googleapis.com/css?family=Roboto:300,400,700&display=swap
142.250.74.10200 OK 0 B URL HTTP/2 fonts.googleapis.com/css?family=Roboto:300,400,700&display=swap
IP 142.250.74.10:0
GET /css?family=Roboto:300,400,700&display=swap HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Wed, 26 Oct 2022 05:39:04 GMT
date: Wed, 26 Oct 2022 05:39:04 GMT
cache-control: private, max-age=86400
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2