xfantazy.com/tag/bondageliberation
172.64.163.22302 Found 0 B URL HTTP/1.1 xfantazy.com/tag/bondageliberation
IP 172.64.163.22:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /tag/bondageliberation HTTP/1.1
Host: xfantazy.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 302 Found
Date: Tue, 27 Dec 2022 05:48:53 GMT
Content-Length: 0
Connection: keep-alive
location: https://xfantazy.com/tag/bondageliberation
cache-control: no-cache
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Qi8sXs3mMfxkMTDujt5lREF0JfXuegaxn7GaT%2Fg1CEZZNw8gsazJwg1d65HBkWIorSj%2BYud9sa4ydRCMz6WcYwN5QvrdqeeCTr9JDkB3CtRqoBOYV0Hbi%2F26ctEDVak%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 77ffc50f7ac3772c-LHR
alt-svc: h2=":443"; ma=60
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash fb20c18681040b740ab1730562beb45c
abedefb801b0e13987d6619a77e0368771f9dfcb
288c1832db391da57e3d74ffa893ec2c47ef9c1945f85b88473c563b55a3dfb3
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "288C1832DB391DA57E3D74FFA893EC2C47EF9C1945F85B88473C563B55A3DFB3"
Last-Modified: Sun, 25 Dec 2022 04:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8963
Expires: Tue, 27 Dec 2022 08:18:16 GMT
Date: Tue, 27 Dec 2022 05:48:53 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 9cce060ddc316540d079e6816a1e7412
709a74969d1996d2b35ef0f7f34ae18455169f1e
6d58b895476c9ab451d8fc51df98809adca445bc6e9d720430e80a0c85242879
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "6D58B895476C9AB451D8FC51DF98809ADCA445BC6E9D720430E80A0C85242879"
Last-Modified: Sun, 25 Dec 2022 04:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5240
Expires: Tue, 27 Dec 2022 07:16:13 GMT
Date: Tue, 27 Dec 2022 05:48:53 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/
35.241.9.150200 OK 939 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash dcd75ca6daca51c5e39d431468511793
07f76d3bf23d65c9110d810fa71a994e39e085d3
73672a816da4450fe2c938b08d7ae002d9ca29fdcbd3e29cc97084d826f8b459
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Length, Alert, Content-Type, Retry-After, Backoff
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Tue, 27 Dec 2022 05:46:38 GMT
content-type: application/json
age: 135
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash b2d59bdbb1ca6324590988ec031cf1fc
bfd4e25af37dcde4bac38d9b178c5ac8e50f8834
cef2180120ef42ff09d54577229c058d41d2c569d485f5a6dcfadc74bf8aa647
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "CEF2180120EF42FF09D54577229C058D41D2C569D485F5A6DCFADC74BF8AA647"
Last-Modified: Mon, 26 Dec 2022 11:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2855
Expires: Tue, 27 Dec 2022 06:36:28 GMT
Date: Tue, 27 Dec 2022 05:48:53 GMT
Connection: keep-alive
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-08-14-47-57.chain
34.160.144.191200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-08-14-47-57.chain
IP 34.160.144.191:0
File type PEM certificate\012- , ASCII text
Hash b1fcd419a4245617397846e8d17233f6
2a037ce244587640b27ead9a0ec2af4f862d91b2
e059b6d834c06e58494c43fb2ff42acbc27c1a1d8f7f30e2f32ca0e167599e2f
GET /chains/remote-settings.content-signature.mozilla.org-2023-02-08-14-47-57.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: yoN8k5TTZOFJRt9bcVBK5GWZYTvIknLVpmyoTBEuyZztlUa09G5Esp+JUkwsFMzm2mlfIq2FBKs=
x-amz-request-id: 8WPX0GB2R049NSFP
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Tue, 27 Dec 2022 04:55:36 GMT
age: 3197
last-modified: Tue, 20 Dec 2022 14:47:58 GMT
etag: "b1fcd419a4245617397846e8d17233f6"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
ocsp.pki.goog/s/gts1p5/HHuh0f0kcFg
142.250.74.131200 OK 472 B URL HTTP/1.1 ocsp.pki.goog/s/gts1p5/HHuh0f0kcFg
IP 142.250.74.131:0
Hash bbb36e06e7b02473b1cfef1b13c77337
38b5c521d210e51d872211f927cd9652cec77f34
37ab82cee099dd9555fb918402d9590b7f33d4d6490dabf3309c0360d9281efd
POST /s/gts1p5/HHuh0f0kcFg HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 27 Dec 2022 05:48:53 GMT
Cache-Control: public, max-age=14400
Server: scaffolding on HTTPServer2
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Tue, 27 Dec 2022 05:48:53 GMT
content-type: application/json
content-length: 12
access-control-allow-credentials: true
access-control-expose-headers: content-type
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
35.241.9.150200 OK 329 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Length, ETag, Pragma, Last-Modified, Expires, Alert, Content-Type, Retry-After, Cache-Control, Backoff
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Tue, 27 Dec 2022 05:33:30 GMT
age: 923
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
ocsp.pki.goog/s/gts1p5/HHuh0f0kcFg
142.250.74.131200 OK 472 B URL HTTP/1.1 ocsp.pki.goog/s/gts1p5/HHuh0f0kcFg
IP 142.250.74.131:0
Hash bbb36e06e7b02473b1cfef1b13c77337
38b5c521d210e51d872211f927cd9652cec77f34
37ab82cee099dd9555fb918402d9590b7f33d4d6490dabf3309c0360d9281efd
POST /s/gts1p5/HHuh0f0kcFg HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 27 Dec 2022 05:48:53 GMT
Cache-Control: public, max-age=14400
Server: scaffolding on HTTPServer2
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
xfantazy.com/_next/static/GghJOoWGLywaoqERj_9tp/pages/_app.js
172.64.163.22200 OK 38 kB URL HTTP/2 xfantazy.com/_next/static/GghJOoWGLywaoqERj_9tp/pages/_app.js
IP 172.64.163.22:0
File type ASCII text, with very long lines (65536), with no line terminators
Hash 0aed951a48c8caf80262bda23797debd
b8c5c4950127de8f030a2e8347fa32c43870c5cd
53984a6b99e28edecd7a11aa2452783d43c429d8059c049a62ef97b1b8cf38dd
GET /_next/static/GghJOoWGLywaoqERj_9tp/pages/_app.js HTTP/1.1
Host: xfantazy.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/tag/bondageliberation
Cookie: visitorId=z5gtri4q638y2fo0a9346; experiment-popup-payment-7=0; experiment-save-to-button-2=0
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Tue, 27 Dec 2022 05:48:53 GMT
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=31536000, immutable
cf-bgj: minify
etag: W/"20e2f-1852f092b28"
last-modified: Tue, 20 Dec 2022 10:16:48 GMT
vary: Origin, Accept-Encoding
cf-cache-status: HIT
age: 588613
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=BNicSbQMRjZTbFGx512G7DFODWsmJloPYnqtTxGMAZiGcIn%2Fa1qGjg%2BpppAHhWzji8nl1MyC5Eu3TZAzvS4JIppiVrsJG4CInPvc9S50SpzeDa1Oja%2FdZHJ1Hf9eab8%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 77ffc5150caf24d5-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
xfantazy.com/_next/static/chunks/6.b0d9041d281c2518efb2.js
172.64.163.22200 OK 13 kB URL HTTP/2 xfantazy.com/_next/static/chunks/6.b0d9041d281c2518efb2.js
IP 172.64.163.22:0
File type ASCII text, with very long lines (61955), with no line terminators
Hash a1da3e0130579416d2ba46736cfa8ccb
a759da663f92659256fae8e9db7622c1b8cf728d
20ae071d2b73bffef04c6394b3b487da44275342a08e1497b01de3970c58ed8c
GET /_next/static/chunks/6.b0d9041d281c2518efb2.js HTTP/1.1
Host: xfantazy.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/tag/bondageliberation
Cookie: visitorId=z5gtri4q638y2fo0a9346; experiment-popup-payment-7=0; experiment-save-to-button-2=0
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Tue, 27 Dec 2022 05:48:53 GMT
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=31536000, immutable
cf-bgj: minify
etag: W/"f203-18350162904"
last-modified: Sun, 18 Sep 2022 10:12:53 GMT
vary: Origin, Accept-Encoding
cf-cache-status: HIT
age: 1901567
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2BK9QSCTBaBZcWeu7EL1MGMZwsSFRpP4McSg5NiEGvDDae7STFZUqKpEjDnI9s3UXS%2BOptTaDxskA5ShPFHXOtTaE1al%2BS%2FqQwhk4U9yqDdfpk6Kya9ekHnnt5CRgds8%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 77ffc5151cb424d5-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
fonts.googleapis.com/css?family=Roboto:100,300,400,500,700&display=swap
142.250.74.106200 OK 1.3 kB URL HTTP/2 fonts.googleapis.com/css?family=Roboto:100,300,400,500,700&display=swap
IP 142.250.74.106:0
Hash 7a01535ec34e0a2ebd6915045d5a6d6b
d223289bae3fbd62064623f1966ae645a4f9ef82
60a33d214e3b2e144b732dafcd826455a338939decf23554a7ca3b6d018e5d81
GET /css?family=Roboto:100,300,400,500,700&display=swap HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Tue, 27 Dec 2022 05:48:54 GMT
date: Tue, 27 Dec 2022 05:48:54 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash 5d3978967108a479b633f820f75e3371
e8dba45f8d70fac26a8d3f4c05afce32231ca23d
29c90351aec95c22fbddc08ce6a1b8223186fc4215e2d522238bf4bff36f2d8a
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 27 Dec 2022 05:48:54 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
xfantazy.com/tag/bondageliberation
172.64.163.22200 OK 24 kB URL HTTP/2 xfantazy.com/tag/bondageliberation
IP 172.64.163.22:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (24307)
Hash f1cd7b98ed947b5421b963812762f0da
2869edb15f0ad403d52c424f635f2ec16e2e41bd
e30e3d80e6a77ec20a0b8585543718fe960c3e8005972be0240a4a43833ddada
GET /tag/bondageliberation HTTP/1.1
Host: xfantazy.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/2 200 OK
date: Tue, 27 Dec 2022 05:48:53 GMT
content-type: text/html; charset=utf-8
vary: Origin
set-cookie: visitorId=z5gtri4q638y2fo0a9346; Domain=xfantazy.com; Path=/; Expires=Mon, 27 Dec 2032 05:48:53 GMT; HttpOnly
experiment-popup-payment-7=0; Path=/; Expires=Tue, 03 Jan 2023 05:48:53 GMT
experiment-save-to-button-2=0; Path=/; Expires=Tue, 03 Jan 2023 05:48:53 GMT
x-powered-by: Next.js
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=S02%2F3cp0j%2BWx83KqhEF5UBYZMY70phpWrNq92YXluF1rRoaELTPHWlj66ErFhKk%2BaHNqOMeZeyhF7byIoVe8cyYmmO0Bhts%2FFcdXMJ9B3zJrSCEUNhPCgHGca8xT%2BPE%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 77ffc511da6a24d5-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash 7f2ed0d8a18af500682ec994cd3a5e15
48032c29ccc60c09f0c003042d059e83ea493ecb
8c49d81420b293298bd75222f60fbc608c322b36944963d93b6a15b12bcb0e8b
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 27 Dec 2022 05:48:54 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash 7f2ed0d8a18af500682ec994cd3a5e15
48032c29ccc60c09f0c003042d059e83ea493ecb
8c49d81420b293298bd75222f60fbc608c322b36944963d93b6a15b12bcb0e8b
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 27 Dec 2022 05:48:54 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmEU9fBBc4.woff2
216.58.207.227200 OK 16 kB URL HTTP/2 fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmEU9fBBc4.woff2
IP 216.58.207.227:0
File type Web Open Font Format (Version 2), TrueType, length 15920, version 1.0\012- data
Hash 3a44e06eb954b96aa043227f3534189d
23cef6993ddb2b2979e8e7647fc3763694e2ba7d
b019538234514166ec7665359d097403358f8a4c991901983922fb4d56989f1e
GET /s/roboto/v30/KFOlCnqEu92Fr1MmEU9fBBc4.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://xfantazy.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15920
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 21 Dec 2022 19:33:56 GMT
expires: Thu, 21 Dec 2023 19:33:56 GMT
cache-control: public, max-age=31536000
age: 468898
last-modified: Wed, 11 May 2022 19:24:45 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
xfantazy.com/_next/static/chunks/commons.9b890646c0aa33eb63fe.js
172.64.163.22200 OK 416 kB URL HTTP/2 xfantazy.com/_next/static/chunks/commons.9b890646c0aa33eb63fe.js
IP 172.64.163.22:0
File type ASCII text, with very long lines (65536), with no line terminators
Size 416 kB (416084 bytes)
Hash d90674010074fe61256168b7dd160987
0b7554de600e43281d801eff01f4fcc1e57fd15d
2215aaa8205e804eb11755406781ec2107924e698933e76301edf42fdc7b029e
GET /_next/static/chunks/commons.9b890646c0aa33eb63fe.js HTTP/1.1
Host: xfantazy.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/tag/bondageliberation
Cookie: visitorId=z5gtri4q638y2fo0a9346; experiment-popup-payment-7=0; experiment-save-to-button-2=0
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Tue, 27 Dec 2022 05:48:53 GMT
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=31536000, immutable
cf-bgj: minify
cf-polished: origSize=1388386
etag: W/"152f62-183501656eb"
last-modified: Sun, 18 Sep 2022 10:13:04 GMT
vary: Origin, Accept-Encoding
cf-cache-status: HIT
age: 1902402
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=HxQw7xOjEssE3Jy%2FOjxFqZSxJfNdmyvv1303md4jK8pPZbw8LkkGQo%2F9FPMc8ChuLEs8XaL5McwhMoybHCza6zTw5Huq%2Fn9r6ix3pEQY1VllI8E5LDQbmHKOv%2Bcvr2c%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 77ffc5150cb024d5-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
xfantazy.com/_next/static/chunks/115.a53b426d7c2988930dfc.js
172.64.163.22200 OK 16 kB URL HTTP/2 xfantazy.com/_next/static/chunks/115.a53b426d7c2988930dfc.js
IP 172.64.163.22:0
File type ASCII text, with very long lines (715), with no line terminators
Hash e83c85b0c866ace59ec021fb652a4810
a6d0f0823602c73993301212698cb324ba8f11da
c3c595f5e5e589eb6c43368dcad2cb5f3e7cac4e59de8546dc298d036c67ef9d
GET /_next/static/chunks/115.a53b426d7c2988930dfc.js HTTP/1.1
Host: xfantazy.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/tag/bondageliberation
Cookie: visitorId=z5gtri4q638y2fo0a9346; experiment-popup-payment-7=0; experiment-save-to-button-2=0
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Tue, 27 Dec 2022 05:48:53 GMT
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=31536000, immutable
cf-bgj: minify
etag: W/"2cb-1852f08c117"
last-modified: Tue, 20 Dec 2022 10:16:21 GMT
vary: Origin, Accept-Encoding
cf-cache-status: HIT
age: 2400
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=7z5nofKW1Hc4IPz%2FuovMbP%2FkIdppJtLfLqF8YtDQ%2B69dmIdRimAqCrHO%2FeGRgIlAAx4VIinLe2nv2kKTv65P2fO2V%2F4Um0cGG65sYA5UKFH8PInYtue244ZOvL4nCN8%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 77ffc5151cb324d5-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
www.googletagmanager.com/gtm.js?id=GTM-PLKQLTX
142.250.74.168200 OK 54 kB URL HTTP/2 www.googletagmanager.com/gtm.js?id=GTM-PLKQLTX
IP 142.250.74.168:0
File type ASCII text, with very long lines (15971)
Hash 9952ed2c82d787d600565e48b71231a6
11a09872a25c2746eb8771510799cd52d14e7d3f
5dd2ec7abedd6f33e1b68baf857247104221ae4ab0a44b692a036b55e6076574
GET /gtm.js?id=GTM-PLKQLTX HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Tue, 27 Dec 2022 05:48:54 GMT
expires: Tue, 27 Dec 2022 05:48:54 GMT
cache-control: private, max-age=900
last-modified: Tue, 27 Dec 2022 03:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 54282
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash 7f2ed0d8a18af500682ec994cd3a5e15
48032c29ccc60c09f0c003042d059e83ea493ecb
8c49d81420b293298bd75222f60fbc608c322b36944963d93b6a15b12bcb0e8b
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 27 Dec 2022 05:48:54 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash 5d3978967108a479b633f820f75e3371
e8dba45f8d70fac26a8d3f4c05afce32231ca23d
29c90351aec95c22fbddc08ce6a1b8223186fc4215e2d522238bf4bff36f2d8a
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 27 Dec 2022 05:48:54 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
xfantazy.com/_next/static/runtime/main-8daa673a54696bb62abb.js
172.64.163.22200 OK 26 kB URL HTTP/2 xfantazy.com/_next/static/runtime/main-8daa673a54696bb62abb.js
IP 172.64.163.22:0
File type ASCII text, with very long lines (65536), with no line terminators
Hash 6b901a6223d7dca9896e48029f293a23
1def24e1547b2cd7e3441371a24a99d3a2f7a218
dcfe66bf5450abbd40a50d27e0f1528285aedc18612d8481a0c09bbfd1c9aa46
GET /_next/static/runtime/main-8daa673a54696bb62abb.js HTTP/1.1
Host: xfantazy.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/tag/bondageliberation
Cookie: visitorId=z5gtri4q638y2fo0a9346; experiment-popup-payment-7=0; experiment-save-to-button-2=0
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Tue, 27 Dec 2022 05:48:53 GMT
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=31536000, immutable
cf-bgj: minify
etag: W/"11cd7-18350162aec"
last-modified: Sun, 18 Sep 2022 10:12:53 GMT
vary: Origin, Accept-Encoding
cf-cache-status: HIT
age: 1902402
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=hUIxF7tcbrSDbPMkqVEUkhN5MJpItyrmJKB2FEG00Knjx5Fgt8baXbcnwnxgOpUJnm5ZWNF41t5otM2gNQLLWjST1eDO8SNSTPv0stVcxptkahwc88Y4%2BUOrmKajX%2FA%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 77ffc5151cbf24d5-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
push.services.mozilla.com/
52.42.234.253101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 52.42.234.253:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: 3zIMFoWZVnTe8n++NWkckg==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: t1no3tRzcMLFO+cy8GmXqMCLyFI=
cdn.jsdelivr.net/npm/yandex-metrica-watch/tag.js
151.101.193.229200 OK 86 kB URL HTTP/2 cdn.jsdelivr.net/npm/yandex-metrica-watch/tag.js
IP 151.101.193.229:0
File type Unicode text, UTF-8 (with BOM) text, with very long lines (659)
Hash 7ffa06a6434a46f38f3a58cecebdfe8e
371c8efd7d7c9464d052482435c2474b0e9847f8
877b4a7e19c52b354c083c73ca53f752e9ab21963c11f22e1259d6e716c3e36b
GET /npm/yandex-metrica-watch/tag.js HTTP/1.1
Host: cdn.jsdelivr.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: *
timing-allow-origin: *
cache-control: public, max-age=604800, s-maxage=43200
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/javascript; charset=utf-8
x-jsd-version: 1.255.0
x-jsd-version-type: version
etag: W/"34dfe-lTaq29MlUt6eCLmFLZo4qfZAEqA"
content-encoding: gzip
accept-ranges: bytes
date: Tue, 27 Dec 2022 05:48:54 GMT
age: 41031
x-served-by: cache-fra-eddf8230060-FRA, cache-bma1647-BMA
x-cache: HIT, HIT
vary: Accept-Encoding
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 85687
X-Firefox-Spdy: h2
ocsp.globalsign.com/ca/gsatlasr3dvtlsca2022q4
151.101.66.133200 OK 1.5 kB URL HTTP/1.1 ocsp.globalsign.com/ca/gsatlasr3dvtlsca2022q4
IP 151.101.66.133:0
Hash d9a20a8bcd0ea1641228548e4e92db6c
2ad6081616f4ce406f3962bbfd85416c99a75828
db31f9c54a56af4096b08d9240f108a305cee4ab888d13a6566092bad1cb8189
POST /ca/gsatlasr3dvtlsca2022q4 HTTP/1.1
Host: ocsp.globalsign.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Connection: keep-alive
Content-Length: 1462
Content-Type: application/ocsp-response
Etag: "C65C99B548317D94BA0FE23B2EBF36BADBA9ADFA"
Expires: Tue, 27 Dec 2022 17:00:00 UTC
Last-Modified: Tue, 27 Dec 2022 05:00:00 UTC
Cache-Control: s-maxage=3600, public, no-transform, must-revalidate
Accept-Ranges: bytes
Date: Tue, 27 Dec 2022 05:48:54 GMT
Via: 1.1 varnish
Age: 826
X-Served-By: cache-bma1625-BMA
X-Cache: HIT
X-Cache-Hits: 2
X-Timer: S1672120134.376576,VS0,VE0
www.google-analytics.com/analytics.js
142.250.74.110200 OK 20 kB URL HTTP/2 www.google-analytics.com/analytics.js
IP 142.250.74.110:0
File type ASCII text, with very long lines (1325)
Hash 47e6f374ca946fddd5b59871b325736c
baa9282efc8785e84d247c3bff518eaa45f101c4
16580b5c87c58e5702e411f1888fdef511094e4cd6d62bb47d16291ffb25985e
GET /analytics.js HTTP/1.1
Host: www.google-analytics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 20039
date: Tue, 27 Dec 2022 04:41:11 GMT
expires: Tue, 27 Dec 2022 06:41:11 GMT
cache-control: public, max-age=7200
age: 4063
last-modified: Tue, 27 Sep 2022 22:01:05 GMT
content-type: text/javascript
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.globalsign.com/gseccovsslca2018
151.101.66.133200 OK 2.1 kB URL HTTP/1.1 ocsp.globalsign.com/gseccovsslca2018
IP 151.101.66.133:0
Hash a05a666308a27365d1d0ab0364dafdaa
e4a9c7804a8e8d94f8d4d5dccfa2be9dc4f9df25
9829ac4429eb7ff781feef0a8c296b156580bcf1329e221a26451825a6a5133f
POST /gseccovsslca2018 HTTP/1.1
Host: ocsp.globalsign.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 79
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Connection: keep-alive
Content-Length: 937
Server: nginx
Content-Type: application/ocsp-response
Expires: Sat, 31 Dec 2022 02:45:58 GMT
ETag: "a896e2532c73957d2f6b0652ff34ce787a4f1399"
Last-Modified: Tue, 27 Dec 2022 02:45:59 GMT
Cache-Control: public, no-transform, must-revalidate, s-maxage=3600
Via: 1.1 varnish, 1.1 varnish
Accept-Ranges: bytes
Date: Tue, 27 Dec 2022 05:48:54 GMT
Age: 2254
X-Served-By: cache-qpg1244-QPG, cache-bma1625-BMA
X-Cache: MISS, HIT
X-Cache-Hits: 0, 1100
X-Timer: S1672120135.985170,VS0,VE0
mc.yandex.ru/watch/49415098/1?wmode=7&page-url=https%3A%2F%2Fxfantazy.com%2Ftag%2Fbondageliberation&charset=utf-8&browser-info=pv%3A1%3Avf%3A14qzoz81s4a176hik6jd9j%3Afp%3A1178%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A952%3Acn%3A1%3Adp%3A0%3Als%3A1321012787163%3Ahid%3A271991179%3Az%3A0%3Ai%3A20221227054851%3Aet%3A1672120131%3Ac%3A1%3Arn%3A115130534%3Arqn%3A1%3Au%3A1672120131729037475%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ads%3A1%2C113%2C379%2C0%2C319%2C0%2C%2C264%2C5%2C%2C%2C%2C1170%3Aco%3A0%3Ans%3A1672120129184%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1672120131%3At%3Abondageliberation%20-%20XFantazy.com&t=gdpr%2814%29clc%280-0-0%29rqnt%281%29aw%281%29fip%281%29ti%282%29
93.158.134.119200 OK 419 B URL HTTP/2 mc.yandex.ru/watch/49415098/1?wmode=7&page-url=https%3A%2F%2Fxfantazy.com%2Ftag%2Fbondageliberation&charset=utf-8&browser-info=pv%3A1%3Avf%3A14qzoz81s4a176hik6jd9j%3Afp%3A1178%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A952%3Acn%3A1%3Adp%3A0%3Als%3A1321012787163%3Ahid%3A271991179%3Az%3A0%3Ai%3A20221227054851%3Aet%3A1672120131%3Ac%3A1%3Arn%3A115130534%3Arqn%3A1%3Au%3A1672120131729037475%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ads%3A1%2C113%2C379%2C0%2C319%2C0%2C%2C264%2C5%2C%2C%2C%2C1170%3Aco%3A0%3Ans%3A1672120129184%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1672120131%3At%3Abondageliberation%20-%20XFantazy.com&t=gdpr%2814%29clc%280-0-0%29rqnt%281%29aw%281%29fip%281%29ti%282%29
IP 93.158.134.119:0
File type JSON data\012- , ASCII text, with very long lines (419), with no line terminators
Hash 12be40dae77820f2c578625c9573604b
e3028cf9d6df65c75658b7a7f90a5f7ab8ecbf79
d9b39d30eb99ff5dfb3c577f2af3b9e0bd3d38456c4c7ad82228ceab0e0ac5b6
GET /watch/49415098/1?wmode=7&page-url=https%3A%2F%2Fxfantazy.com%2Ftag%2Fbondageliberation&charset=utf-8&browser-info=pv%3A1%3Avf%3A14qzoz81s4a176hik6jd9j%3Afp%3A1178%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A952%3Acn%3A1%3Adp%3A0%3Als%3A1321012787163%3Ahid%3A271991179%3Az%3A0%3Ai%3A20221227054851%3Aet%3A1672120131%3Ac%3A1%3Arn%3A115130534%3Arqn%3A1%3Au%3A1672120131729037475%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ads%3A1%2C113%2C379%2C0%2C319%2C0%2C%2C264%2C5%2C%2C%2C%2C1170%3Aco%3A0%3Ans%3A1672120129184%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1672120131%3At%3Abondageliberation%20-%20XFantazy.com&t=gdpr%2814%29clc%280-0-0%29rqnt%281%29aw%281%29fip%281%29ti%282%29 HTTP/1.1
Host: mc.yandex.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://xfantazy.com
Referer: https://xfantazy.com/
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-length: 419
date: Tue, 27 Dec 2022 05:48:55 GMT
x-content-type-options: nosniff
access-control-allow-origin: https://xfantazy.com
access-control-allow-credentials: true
pragma: no-cache
x-xss-protection: 1; mode=block
expires: Tue, 27-Dec-2022 05:48:55 GMT
last-modified: Tue, 27-Dec-2022 05:48:55 GMT
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
content-type: application/json; charset=utf-8
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash e54490c273adacb4ab7b8901c69a119b
0547fcd474b1c19f1c42109bf20585b077fde3c0
684bfd9b1281d751d365d104d7de923af8929d83ddc1703d73485d52366766b6
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "684BFD9B1281D751D365D104D7DE923AF8929D83DDC1703D73485D52366766B6"
Last-Modified: Mon, 26 Dec 2022 07:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=13906
Expires: Tue, 27 Dec 2022 09:40:41 GMT
Date: Tue, 27 Dec 2022 05:48:55 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash c0aada18c1ff2f87ff2f98def38c3df9
67c1bbb644eb21adf448893a5c13860fcfaa6db7
b3f8fac24eb8249e540af68ea15b5690dca853636ec38c7943f456b545f19183
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "B3F8FAC24EB8249E540AF68EA15B5690DCA853636EC38C7943F456B545F19183"
Last-Modified: Sun, 25 Dec 2022 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7958
Expires: Tue, 27 Dec 2022 08:01:33 GMT
Date: Tue, 27 Dec 2022 05:48:55 GMT
Connection: keep-alive
exploredefinitely.com/a2/f9/90/a2f990f10476061c719d1c1aa3a2ecd2.js
173.233.137.60200 OK 13 kB URL HTTP/1.1 exploredefinitely.com/a2/f9/90/a2f990f10476061c719d1c1aa3a2ecd2.js
IP 173.233.137.60:0
File type ASCII text, with very long lines (37152), with no line terminators
Hash b7393e4779cc82124160d2261dde24a2
6703e965d615a984f3ddfbb488d1f52984e6d9b4
f5d4455cdf9957db8c014b98a31c9a38618a5f2ed60395e3a86f38e23ba2172a
GET /a2/f9/90/a2f990f10476061c719d1c1aa3a2ecd2.js HTTP/1.1
Host: exploredefinitely.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Tue, 27 Dec 2022 05:48:55 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: ae28c27af98fb65fc2970ec2095e886d
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
mc.yandex.ru/metrika/advert.gif
93.158.134.119200 OK 43 B URL HTTP/2 mc.yandex.ru/metrika/advert.gif
IP 93.158.134.119:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash df3e567d6f16d040326c7a0ea29a4f41
ea7df583983133b62712b5e73bffbcd45cc53736
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
GET /metrika/advert.gif HTTP/1.1
Host: mc.yandex.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-length: 43
date: Tue, 27 Dec 2022 05:48:55 GMT
access-control-allow-origin: *
etag: "63a5613b-2b"
expires: Tue, 27 Dec 2022 06:48:55 GMT
accept-ranges: bytes
last-modified: Fri, 23 Dec 2022 11:05:15 GMT
cache-control: max-age=3600
content-type: image/gif
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 3af81a4a724e07b85af443dd0f8259bf
b4373b435185a44c195a479645583304229dfd0d
fa25756164d1964b223357b760ad589af9781d599686a751248ea9a44dcc30cf
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 27 Dec 2022 05:48:55 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j98&tid=UA-121614197-2&cid=854313436.1672120131&jid=1760847169&gjid=925865877&_gid=902423683.1672120131&_u=YGBAiEABBAAAAEAAI~&z=764824529
209.85.233.154200 OK 1 B URL HTTP/2 stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j98&tid=UA-121614197-2&cid=854313436.1672120131&jid=1760847169&gjid=925865877&_gid=902423683.1672120131&_u=YGBAiEABBAAAAEAAI~&z=764824529
IP 209.85.233.154:0
File type very short file (no magic)
Hash c4ca4238a0b923820dcc509a6f75849b
356a192b7913b04c54574d18c28d46e6395428ab
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
POST /j/collect?t=dc&aip=1&_r=3&v=1&_v=j98&tid=UA-121614197-2&cid=854313436.1672120131&jid=1760847169&gjid=925865877&_gid=902423683.1672120131&_u=YGBAiEABBAAAAEAAI~&z=764824529 HTTP/1.1
Host: stats.g.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 0
Origin: https://xfantazy.com
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: https://xfantazy.com
strict-transport-security: max-age=10886400; includeSubDomains; preload
date: Tue, 27 Dec 2022 05:48:55 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
last-modified: Sun, 17 May 1998 03:00:00 GMT
access-control-allow-credentials: true
x-content-type-options: nosniff
content-type: text/plain
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 1
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
e1.o.lencr.org/
23.36.77.32200 OK 345 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash d09cd06954dd62bd9b0ad900272459a7
8da001ba52acea3255b45645171c2bca3a6d0af1
d9be9b2d4bc0769330a8318db1e21f4589220aea15447100cbe945acdcd52b99
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "D9BE9B2D4BC0769330A8318DB1E21F4589220AEA15447100CBE945ACDCD52B99"
Last-Modified: Mon, 26 Dec 2022 23:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12927
Expires: Tue, 27 Dec 2022 09:24:22 GMT
Date: Tue, 27 Dec 2022 05:48:55 GMT
Connection: keep-alive
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 3af81a4a724e07b85af443dd0f8259bf
b4373b435185a44c195a479645583304229dfd0d
fa25756164d1964b223357b760ad589af9781d599686a751248ea9a44dcc30cf
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 27 Dec 2022 05:48:55 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
skiingsettling.com/21/fe/39/21fe3950f412e026c33f1b6cee613eba.js
192.243.61.227200 OK 13 kB URL HTTP/1.1 skiingsettling.com/21/fe/39/21fe3950f412e026c33f1b6cee613eba.js
IP 192.243.61.227:0
ASN #39572 DataWeb Global Group B.V.
File type ASCII text, with very long lines (37203), with no line terminators
Hash 22854a15f1a6484380bfa903aa77b2d5
491a84e664f74b00ac9401329bcf9838d7d59fdd
73ce2feaf4132119c5f42e03277ce95f70893dbd1f0e3bd6ed98366aaddefbe8
Analyzer Verdict Alert quad9 Sinkholed
GET /21/fe/39/21fe3950f412e026c33f1b6cee613eba.js HTTP/1.1
Host: skiingsettling.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Tue, 27 Dec 2022 05:48:55 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 312833b9757e644a72ff864ee93b04c6
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 5b2790419bb1f19fd29300d548278b98
64671f1c88a1271e9bcda28ac13a01e330a2a07e
1ce1ca2a9d6783fa668b57c8764e8c3a17fde26812161af8ce8096b3691b9279
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "1CE1CA2A9D6783FA668B57C8764E8C3A17FDE26812161AF8CE8096B3691B9279"
Last-Modified: Sun, 25 Dec 2022 04:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21413
Expires: Tue, 27 Dec 2022 11:45:48 GMT
Date: Tue, 27 Dec 2022 05:48:55 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 5b2790419bb1f19fd29300d548278b98
64671f1c88a1271e9bcda28ac13a01e330a2a07e
1ce1ca2a9d6783fa668b57c8764e8c3a17fde26812161af8ce8096b3691b9279
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "1CE1CA2A9D6783FA668B57C8764E8C3A17FDE26812161AF8CE8096B3691B9279"
Last-Modified: Sun, 25 Dec 2022 04:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21413
Expires: Tue, 27 Dec 2022 11:45:48 GMT
Date: Tue, 27 Dec 2022 05:48:55 GMT
Connection: keep-alive
d3t87ooo0697p8.cloudfront.net/?oootd=971975
143.204.42.94200 OK 113 kB URL HTTP/2 d3t87ooo0697p8.cloudfront.net/?oootd=971975
IP 143.204.42.94:0
File type Unicode text, UTF-8 text, with very long lines (15952)
Size 113 kB (113154 bytes)
Hash 5048d5cb394f6c6380517e2c3ebaf329
eca96d836318f2aa423a48ab5c6437ced4c3d17c
29089551943d5158307066f7356c3a2973547097b3ac54b239eef6549849b595
GET /?oootd=971975 HTTP/1.1
Host: d3t87ooo0697p8.cloudfront.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-length: 113154
date: Tue, 27 Dec 2022 05:48:55 GMT
access-control-allow-origin: *
cache-control: no-store, no-cache, proxy-revalidate, must-revalidate, private, no-transform
content-encoding: gzip
pragma: no-cache
x-cache: Miss from cloudfront
via: 1.1 6a757ab2991da716151f94ca00b38098.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: zNpcFSqW-5Qg6ZkVJLfo4XDPXkLERgN6URcRLOQ8SM7Sm2a5VHxTsA==
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 5b2790419bb1f19fd29300d548278b98
64671f1c88a1271e9bcda28ac13a01e330a2a07e
1ce1ca2a9d6783fa668b57c8764e8c3a17fde26812161af8ce8096b3691b9279
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "1CE1CA2A9D6783FA668B57C8764E8C3A17FDE26812161AF8CE8096B3691B9279"
Last-Modified: Sun, 25 Dec 2022 04:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21413
Expires: Tue, 27 Dec 2022 11:45:48 GMT
Date: Tue, 27 Dec 2022 05:48:55 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F69c55865-95c6-4d05-a856-6d61c10bd012.jpeg
34.120.237.76200 OK 7.9 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F69c55865-95c6-4d05-a856-6d61c10bd012.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash a4a7ec0fdc177ed09c8949dcd68efb35
8ad28905291f4a184c0f32292415d1af0db3cead
7862e695c7eea224263bccaabcc54fc337ea533d6f1fafe0426b8699f3880922
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F69c55865-95c6-4d05-a856-6d61c10bd012.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7924
x-amzn-requestid: 30d67a34-fa95-4aa8-84d7-7c769a9e7fc6
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: dxfYgEnNoAMF7ng=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63aa129c-743b9f4845f2c6f312463662;Sampled=0
x-amzn-remapped-date: Mon, 26 Dec 2022 21:31:08 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: DARBFo3gGdqpiutH2AJvUFtxyaamlecRtekmlCERttcXoXZ9FNswGg==
via: 1.1 112c6b3f9aea37a6cb00b7d933e5af6e.cloudfront.net (CloudFront), 1.1 aef00f14752da9aa504d392fd46eff94.cloudfront.net (CloudFront), 1.1 google
date: Mon, 26 Dec 2022 21:45:05 GMT
age: 29030
etag: "8ad28905291f4a184c0f32292415d1af0db3cead"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9f2714bb-b993-4a59-8060-2731a83cad48.jpeg
34.120.237.76200 OK 9.8 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9f2714bb-b993-4a59-8060-2731a83cad48.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash d1964c05c10407de7a80602733f4e740
ad4906adb14904182746eac5935433fba1c7783c
521aa22be37143a80eb3314f57cf9b99d48a9ad77bebb8012c96464b93530b63
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9f2714bb-b993-4a59-8060-2731a83cad48.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 9772
x-amzn-requestid: 92ffab03-243e-432f-bbeb-be90fa5e0ee6
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: dxfYDFvfIAMFajA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63aa1299-7cb9a9b729db72b7550fcf7c;Sampled=0
x-amzn-remapped-date: Mon, 26 Dec 2022 21:31:05 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: MogTHBdmwt6knnv1C_t_LNy98cz8k61YRJqfbHrT8jNGXcj8VQCdYg==
via: 1.1 f13aef0c4b52f6f681401f232d03eb68.cloudfront.net (CloudFront), 1.1 7e87179efaa9e3c316bd3d3a74cfded8.cloudfront.net (CloudFront), 1.1 google
date: Mon, 26 Dec 2022 21:44:56 GMT
age: 29039
etag: "ad4906adb14904182746eac5935433fba1c7783c"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb9fad15f-1e28-43a3-83d8-06aeab608d9f.jpeg
34.120.237.76200 OK 15 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb9fad15f-1e28-43a3-83d8-06aeab608d9f.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash a4b903e264b412e69e5f22091bf423ea
92d157f8b56dd0af2ce0f1f5c11b5c90969cf36f
8d5d90968489731604a2286d9e2b9a307147a3cc0b1ffd32f1186ceea9b8fcff
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb9fad15f-1e28-43a3-83d8-06aeab608d9f.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 15371
x-amzn-requestid: 63d10011-ae3d-48fb-b892-26d94dc6ef83
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: diVs8EVDIAMFTOw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63a4031f-3da712a621773d56567c014f;Sampled=0
x-amzn-remapped-date: Thu, 22 Dec 2022 07:11:27 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: UeMu2JuyiBhp1D-T8We8YZFCLFeqnJ0EeAVrLZN047WMREZyCzOOVg==
via: 1.1 e291f351a18746d40754b367095a2872.cloudfront.net (CloudFront), 1.1 556b99c6be8d7078b9f067347c62df6a.cloudfront.net (CloudFront), 1.1 google
date: Mon, 26 Dec 2022 07:24:36 GMT
age: 80659
etag: "92d157f8b56dd0af2ce0f1f5c11b5c90969cf36f"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
ocsp.sca1b.amazontrust.com/
143.204.42.165200 OK 471 B URL HTTP/1.1 ocsp.sca1b.amazontrust.com/
IP 143.204.42.165:0
Hash f141a49438ae24100662388b9a0f9857
d1ef1f8d58be61b36308c8c2547f72dcd61562ee
397a56a3b108cd4bedbfd981293ed97320323e8087d411b8ce93263f7a4f40d5
POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=117465
Date: Tue, 27 Dec 2022 05:48:55 GMT
Etag: "63a9a21d-1d7"
Expires: Wed, 28 Dec 2022 14:26:40 GMT
Last-Modified: Mon, 26 Dec 2022 13:31:09 GMT
Server: ECS (nyb/1D0F)
X-Cache: Miss from cloudfront
Via: 1.1 8e6dce34fd223e0c9d89fd938d1784a2.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: FsUApNn9Lariqs5xtZN9SoehMoxhHHLKvDQR4DmX3hNW8wZki0iNYA==
Age: 3331
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F305f952f-68d1-4090-b1d7-04817f0a2ab7.jpeg
34.120.237.76200 OK 10 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F305f952f-68d1-4090-b1d7-04817f0a2ab7.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash be693dc109dd4beeee6f7f3ae2061dae
349168c24483cf12e3c10e176643b5f02316cbf4
2e4cf6b6d7f4e75d4dfd631a76a921734f3824563f039a6da20826d0bb3afc0d
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F305f952f-68d1-4090-b1d7-04817f0a2ab7.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 10281
x-amzn-requestid: 6f952ba1-d992-4521-83f7-ce18a4b75798
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: dxfYMFdtIAMFwyA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63aa129a-5b1ad9041a52fc8f049d37eb;Sampled=0
x-amzn-remapped-date: Mon, 26 Dec 2022 21:31:06 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: H3u62So8Z-Pe1gQiIpOjTUEvozSDuV3d2wZMKlZMDioFrtIwYjrV5Q==
via: 1.1 c7c3cdef911c9ee3c1a83a78f425dc5a.cloudfront.net (CloudFront), 1.1 b2f9564ebf9c745cc2ceae96d434977e.cloudfront.net (CloudFront), 1.1 google
date: Mon, 26 Dec 2022 21:44:56 GMT
age: 29039
etag: "349168c24483cf12e3c10e176643b5f02316cbf4"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F2802b3e9-0a7b-4384-abe0-5d84d1cde92f.jpeg
34.120.237.76200 OK 8.1 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F2802b3e9-0a7b-4384-abe0-5d84d1cde92f.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 5b5bce6cae03ce2c843809467165891e
71a8a2440c66ae80bf577c4d7f32525b6597ed8f
59b0c452ef6bb9a68f7fb7ee2caca66d66d137f7cd498d1fd88bb5f2f4d90ace
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F2802b3e9-0a7b-4384-abe0-5d84d1cde92f.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8057
x-amzn-requestid: 3e067f3c-c98a-4aa5-88f0-7ec61df01ea5
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: dxfXYF20IAMFU5g=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63aa1295-0dfe81b80a016e59489b2980;Sampled=0
x-amzn-remapped-date: Mon, 26 Dec 2022 21:31:01 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: hBHFDq1KdoHcwMhNAX16o6ImLf9Xfrci_4t1nvdyuSU9UvxdHX3Weg==
via: 1.1 8f22423015641505b8c857a37450d6c0.cloudfront.net (CloudFront), 1.1 591683988172c7980c4ebb318cbf18a8.cloudfront.net (CloudFront), 1.1 google
date: Mon, 26 Dec 2022 21:44:56 GMT
age: 29039
etag: "71a8a2440c66ae80bf577c4d7f32525b6597ed8f"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F7288c653-bb50-4403-a0ed-0b63bcfb8d1d.jpeg
34.120.237.76200 OK 5.5 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F7288c653-bb50-4403-a0ed-0b63bcfb8d1d.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 018b8ee828d9bbc1e7d9fb592a46bd45
35337c1d6da6d39e74a141ea8b9a1ffe937b2ae1
632f8cb925865b6e448c87b938170712a8507e50a5777ab58ffd353e8bb3443e
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F7288c653-bb50-4403-a0ed-0b63bcfb8d1d.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 5469
x-amzn-requestid: 2431c74d-7cc1-4246-bd21-030864572719
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: du-DdEVroAMFbcg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63a9107c-3ed43f2c07ea20dd466c0dbc;Sampled=0
x-amzn-remapped-date: Mon, 26 Dec 2022 03:09:48 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: AFLt8BL0kgYnuNjYunc2i22uhn3RYvkhMPS4wFlAWabA7pSoJeyzjg==
via: 1.1 eece508272520f70691e4eebdc5a6dea.cloudfront.net (CloudFront), 1.1 7e87179efaa9e3c316bd3d3a74cfded8.cloudfront.net (CloudFront), 1.1 google
date: Tue, 27 Dec 2022 03:29:53 GMT
age: 8342
etag: "35337c1d6da6d39e74a141ea8b9a1ffe937b2ae1"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 626e0fc65439f6e7e7b13ba079d1eae8
d6233bf70bfb94d434aa9db512fcba66e4609930
57367558e17bceb0275413475211737182a09d423b9e04d58358257c6cab5152
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "57367558E17BCEB0275413475211737182A09D423B9E04D58358257C6CAB5152"
Last-Modified: Mon, 26 Dec 2022 01:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2209
Expires: Tue, 27 Dec 2022 06:25:44 GMT
Date: Tue, 27 Dec 2022 05:48:55 GMT
Connection: keep-alive
simplewebanalysis.com/stats
52.59.105.91200 OK 40 B URL HTTP/2 simplewebanalysis.com/stats
IP 52.59.105.91:0
File type ASCII text, with no line terminators
Hash 6e5af78473b71c492e99c0971118b63f
97bcb2a5832b90a6ebb0a8e782f6f701985abf09
2bbe0f50ae660216eb548d9389ed2fff398271ae29581f1ca4f1c0b67cde4bdf
Analyzer Verdict Alert fortinet Malware
GET /stats HTTP/1.1
Host: simplewebanalysis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://xfantazy.com
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Tue, 27 Dec 2022 05:48:55 GMT
content-type: text/html; charset=UTF-8
content-length: 40
server: fasthttp
access-control-allow-origin: https://xfantazy.com
access-control-allow-credentials: true
set-cookie: uid_id2=63b26555-e394-433b-9dae-4c078af477f6:2:1; expires=Fri, 24 Dec 2032 05:48:55 GMT; secure; SameSite=None
X-Firefox-Spdy: h2
e1.o.lencr.org/
23.36.77.32200 OK 345 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash d09cd06954dd62bd9b0ad900272459a7
8da001ba52acea3255b45645171c2bca3a6d0af1
d9be9b2d4bc0769330a8318db1e21f4589220aea15447100cbe945acdcd52b99
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "D9BE9B2D4BC0769330A8318DB1E21F4589220AEA15447100CBE945ACDCD52B99"
Last-Modified: Mon, 26 Dec 2022 23:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12927
Expires: Tue, 27 Dec 2022 09:24:22 GMT
Date: Tue, 27 Dec 2022 05:48:55 GMT
Connection: keep-alive
simplewebanalysis.com/stats
52.59.105.91200 OK 40 B URL HTTP/2 simplewebanalysis.com/stats
IP 52.59.105.91:0
File type ASCII text, with no line terminators
Hash 2009167d9ba62afecc1d7497aace4b25
4f778f64441afb7a2e31ef5d68ec69f263bb47aa
a5ab3c5ba99999839580cc93984eeea00f8fe70ccdb3018cbcfc0dc68a695e31
Analyzer Verdict Alert fortinet Malware
GET /stats HTTP/1.1
Host: simplewebanalysis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://xfantazy.com
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Tue, 27 Dec 2022 05:48:55 GMT
content-type: text/html; charset=UTF-8
content-length: 40
server: fasthttp
access-control-allow-origin: https://xfantazy.com
access-control-allow-credentials: true
set-cookie: uid_id2=c4449fff-ab5e-448c-9538-e2faf35ce531:1:1; expires=Fri, 24 Dec 2032 05:48:55 GMT; secure; SameSite=None
X-Firefox-Spdy: h2
e1.o.lencr.org/
23.36.77.32200 OK 345 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 35962dc99143b9b61b1a429df7d27f77
4869481c1ff7fdc6144cacdb7089aa94d9016f32
69f73899571abc3fbd79fe5c5d1850a6f1eeb5c20e9636e53673fba68ace0aee
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "69F73899571ABC3FBD79FE5C5D1850A6F1EEB5C20E9636E53673FBA68ACE0AEE"
Last-Modified: Sat, 24 Dec 2022 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9526
Expires: Tue, 27 Dec 2022 08:27:41 GMT
Date: Tue, 27 Dec 2022 05:48:55 GMT
Connection: keep-alive
e1.o.lencr.org/
23.36.77.32200 OK 345 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 35962dc99143b9b61b1a429df7d27f77
4869481c1ff7fdc6144cacdb7089aa94d9016f32
69f73899571abc3fbd79fe5c5d1850a6f1eeb5c20e9636e53673fba68ace0aee
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "69F73899571ABC3FBD79FE5C5D1850A6F1EEB5C20E9636E53673FBA68ACE0AEE"
Last-Modified: Sat, 24 Dec 2022 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9526
Expires: Tue, 27 Dec 2022 08:27:41 GMT
Date: Tue, 27 Dec 2022 05:48:55 GMT
Connection: keep-alive
e1.o.lencr.org/
23.36.77.32200 OK 345 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 35962dc99143b9b61b1a429df7d27f77
4869481c1ff7fdc6144cacdb7089aa94d9016f32
69f73899571abc3fbd79fe5c5d1850a6f1eeb5c20e9636e53673fba68ace0aee
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "69F73899571ABC3FBD79FE5C5D1850A6F1EEB5C20E9636E53673FBA68ACE0AEE"
Last-Modified: Sat, 24 Dec 2022 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9526
Expires: Tue, 27 Dec 2022 08:27:41 GMT
Date: Tue, 27 Dec 2022 05:48:55 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 57575555119bdcd3b2f2651df130b7e2
41956e81aed0b9d0959f5122bd04d26bd3c388d2
38c641a397ded6e9f304f22c92166827b3540d19d03c2e75c83074046bd7e660
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "38C641A397DED6E9F304F22C92166827B3540D19D03C2E75C83074046BD7E660"
Last-Modified: Mon, 26 Dec 2022 13:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=18252
Expires: Tue, 27 Dec 2022 10:53:07 GMT
Date: Tue, 27 Dec 2022 05:48:55 GMT
Connection: keep-alive
mc.yandex.ru/watch/49415098/1?page-url=https%3A%2F%2Fxfantazy.com%2Ftag%2Fbondageliberation&charset=utf-8&hittoken=1672120135_2f60e362ed0acc9dc7dfccd09991f1047cb0dbb0395e37898ef7f009f5a57d25&browser-info=pa%3A1%3Aar%3A1%3Avf%3A14qzoz81s4a176hik6jd9j%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A952%3Acn%3A1%3Adp%3A0%3Als%3A1321012787163%3Ahid%3A271991179%3Az%3A0%3Ai%3A20221227054851%3Aet%3A1672120132%3Ac%3A1%3Arn%3A511558640%3Arqn%3A3%3Au%3A1672120131729037475%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Aco%3A0%3Ans%3A1672120129184%3Aadb%3A2%3Ast%3A1672120132&t=gdpr(14)mc(p-5)clc(0-0-0)rqnt(3)aw(1)ti(2)
93.158.134.119200 OK 43 B URL HTTP/2 mc.yandex.ru/watch/49415098/1?page-url=https%3A%2F%2Fxfantazy.com%2Ftag%2Fbondageliberation&charset=utf-8&hittoken=1672120135_2f60e362ed0acc9dc7dfccd09991f1047cb0dbb0395e37898ef7f009f5a57d25&browser-info=pa%3A1%3Aar%3A1%3Avf%3A14qzoz81s4a176hik6jd9j%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A952%3Acn%3A1%3Adp%3A0%3Als%3A1321012787163%3Ahid%3A271991179%3Az%3A0%3Ai%3A20221227054851%3Aet%3A1672120132%3Ac%3A1%3Arn%3A511558640%3Arqn%3A3%3Au%3A1672120131729037475%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Aco%3A0%3Ans%3A1672120129184%3Aadb%3A2%3Ast%3A1672120132&t=gdpr(14)mc(p-5)clc(0-0-0)rqnt(3)aw(1)ti(2)
IP 93.158.134.119:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash df3e567d6f16d040326c7a0ea29a4f41
ea7df583983133b62712b5e73bffbcd45cc53736
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
POST /watch/49415098/1?page-url=https%3A%2F%2Fxfantazy.com%2Ftag%2Fbondageliberation&charset=utf-8&hittoken=1672120135_2f60e362ed0acc9dc7dfccd09991f1047cb0dbb0395e37898ef7f009f5a57d25&browser-info=pa%3A1%3Aar%3A1%3Avf%3A14qzoz81s4a176hik6jd9j%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A952%3Acn%3A1%3Adp%3A0%3Als%3A1321012787163%3Ahid%3A271991179%3Az%3A0%3Ai%3A20221227054851%3Aet%3A1672120132%3Ac%3A1%3Arn%3A511558640%3Arqn%3A3%3Au%3A1672120131729037475%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Aco%3A0%3Ans%3A1672120129184%3Aadb%3A2%3Ast%3A1672120132&t=gdpr(14)mc(p-5)clc(0-0-0)rqnt(3)aw(1)ti(2) HTTP/1.1
Host: mc.yandex.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Content-Length: 52
Origin: https://xfantazy.com
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-length: 43
date: Tue, 27 Dec 2022 05:48:55 GMT
access-control-allow-origin: https://xfantazy.com
access-control-allow-credentials: true
pragma: no-cache
x-xss-protection: 1; mode=block
expires: Tue, 27-Dec-2022 05:48:55 GMT
last-modified: Tue, 27-Dec-2022 05:48:55 GMT
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
content-type: image/gif
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
mc.yandex.ru/watch/49415098/1?page-url=https%3A%2F%2Fxfantazy.com%2Ftag%2Fbondageliberation&charset=utf-8&hittoken=1672120135_2f60e362ed0acc9dc7dfccd09991f1047cb0dbb0395e37898ef7f009f5a57d25&browser-info=pa%3A1%3Aar%3A1%3Avf%3A14qzoz81s4a176hik6jd9j%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A952%3Acn%3A1%3Adp%3A0%3Als%3A1321012787163%3Ahid%3A271991179%3Az%3A0%3Ai%3A20221227054851%3Aet%3A1672120132%3Ac%3A1%3Arn%3A688869335%3Arqn%3A2%3Au%3A1672120131729037475%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Aco%3A0%3Ans%3A1672120129184%3Aadb%3A2%3Ast%3A1672120132&t=gdpr(14)mc(p-5)clc(0-0-0)rqnt(2)aw(1)ti(2)
93.158.134.119200 OK 43 B URL HTTP/2 mc.yandex.ru/watch/49415098/1?page-url=https%3A%2F%2Fxfantazy.com%2Ftag%2Fbondageliberation&charset=utf-8&hittoken=1672120135_2f60e362ed0acc9dc7dfccd09991f1047cb0dbb0395e37898ef7f009f5a57d25&browser-info=pa%3A1%3Aar%3A1%3Avf%3A14qzoz81s4a176hik6jd9j%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A952%3Acn%3A1%3Adp%3A0%3Als%3A1321012787163%3Ahid%3A271991179%3Az%3A0%3Ai%3A20221227054851%3Aet%3A1672120132%3Ac%3A1%3Arn%3A688869335%3Arqn%3A2%3Au%3A1672120131729037475%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Aco%3A0%3Ans%3A1672120129184%3Aadb%3A2%3Ast%3A1672120132&t=gdpr(14)mc(p-5)clc(0-0-0)rqnt(2)aw(1)ti(2)
IP 93.158.134.119:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash df3e567d6f16d040326c7a0ea29a4f41
ea7df583983133b62712b5e73bffbcd45cc53736
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
POST /watch/49415098/1?page-url=https%3A%2F%2Fxfantazy.com%2Ftag%2Fbondageliberation&charset=utf-8&hittoken=1672120135_2f60e362ed0acc9dc7dfccd09991f1047cb0dbb0395e37898ef7f009f5a57d25&browser-info=pa%3A1%3Aar%3A1%3Avf%3A14qzoz81s4a176hik6jd9j%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A952%3Acn%3A1%3Adp%3A0%3Als%3A1321012787163%3Ahid%3A271991179%3Az%3A0%3Ai%3A20221227054851%3Aet%3A1672120132%3Ac%3A1%3Arn%3A688869335%3Arqn%3A2%3Au%3A1672120131729037475%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Aco%3A0%3Ans%3A1672120129184%3Aadb%3A2%3Ast%3A1672120132&t=gdpr(14)mc(p-5)clc(0-0-0)rqnt(2)aw(1)ti(2) HTTP/1.1
Host: mc.yandex.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Content-Length: 45
Origin: https://xfantazy.com
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-length: 43
date: Tue, 27 Dec 2022 05:48:55 GMT
access-control-allow-origin: https://xfantazy.com
access-control-allow-credentials: true
pragma: no-cache
x-xss-protection: 1; mode=block
expires: Tue, 27-Dec-2022 05:48:55 GMT
last-modified: Tue, 27-Dec-2022 05:48:55 GMT
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
content-type: image/gif
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
mc.yandex.ru/watch/49415098/1?page-url=https%3A%2F%2Fxfantazy.com%2Ftag%2Fbondageliberation&charset=utf-8&hittoken=1672120135_2f60e362ed0acc9dc7dfccd09991f1047cb0dbb0395e37898ef7f009f5a57d25&browser-info=pa%3A1%3Aar%3A1%3Avf%3A14qzoz81s4a176hik6jd9j%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A952%3Acn%3A1%3Adp%3A0%3Als%3A1321012787163%3Ahid%3A271991179%3Az%3A0%3Ai%3A20221227054851%3Aet%3A1672120132%3Ac%3A1%3Arn%3A460317449%3Arqn%3A6%3Au%3A1672120131729037475%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Aco%3A0%3Ans%3A1672120129184%3Aadb%3A2%3Ast%3A1672120132&t=gdpr(14)mc(p-5)clc(0-0-0)rqnt(6)aw(1)ti(2)
93.158.134.119200 OK 43 B URL HTTP/2 mc.yandex.ru/watch/49415098/1?page-url=https%3A%2F%2Fxfantazy.com%2Ftag%2Fbondageliberation&charset=utf-8&hittoken=1672120135_2f60e362ed0acc9dc7dfccd09991f1047cb0dbb0395e37898ef7f009f5a57d25&browser-info=pa%3A1%3Aar%3A1%3Avf%3A14qzoz81s4a176hik6jd9j%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A952%3Acn%3A1%3Adp%3A0%3Als%3A1321012787163%3Ahid%3A271991179%3Az%3A0%3Ai%3A20221227054851%3Aet%3A1672120132%3Ac%3A1%3Arn%3A460317449%3Arqn%3A6%3Au%3A1672120131729037475%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Aco%3A0%3Ans%3A1672120129184%3Aadb%3A2%3Ast%3A1672120132&t=gdpr(14)mc(p-5)clc(0-0-0)rqnt(6)aw(1)ti(2)
IP 93.158.134.119:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash df3e567d6f16d040326c7a0ea29a4f41
ea7df583983133b62712b5e73bffbcd45cc53736
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
POST /watch/49415098/1?page-url=https%3A%2F%2Fxfantazy.com%2Ftag%2Fbondageliberation&charset=utf-8&hittoken=1672120135_2f60e362ed0acc9dc7dfccd09991f1047cb0dbb0395e37898ef7f009f5a57d25&browser-info=pa%3A1%3Aar%3A1%3Avf%3A14qzoz81s4a176hik6jd9j%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A952%3Acn%3A1%3Adp%3A0%3Als%3A1321012787163%3Ahid%3A271991179%3Az%3A0%3Ai%3A20221227054851%3Aet%3A1672120132%3Ac%3A1%3Arn%3A460317449%3Arqn%3A6%3Au%3A1672120131729037475%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Aco%3A0%3Ans%3A1672120129184%3Aadb%3A2%3Ast%3A1672120132&t=gdpr(14)mc(p-5)clc(0-0-0)rqnt(6)aw(1)ti(2) HTTP/1.1
Host: mc.yandex.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Content-Length: 98
Origin: https://xfantazy.com
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-length: 43
date: Tue, 27 Dec 2022 05:48:55 GMT
access-control-allow-origin: https://xfantazy.com
access-control-allow-credentials: true
pragma: no-cache
x-xss-protection: 1; mode=block
expires: Tue, 27-Dec-2022 05:48:55 GMT
last-modified: Tue, 27-Dec-2022 05:48:55 GMT
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
content-type: image/gif
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
mc.yandex.ru/watch/49415098/1?page-url=https%3A%2F%2Fxfantazy.com%2Ftag%2Fbondageliberation&charset=utf-8&hittoken=1672120135_2f60e362ed0acc9dc7dfccd09991f1047cb0dbb0395e37898ef7f009f5a57d25&browser-info=pa%3A1%3Aar%3A1%3Avf%3A14qzoz81s4a176hik6jd9j%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A952%3Acn%3A1%3Adp%3A0%3Als%3A1321012787163%3Ahid%3A271991179%3Az%3A0%3Ai%3A20221227054851%3Aet%3A1672120132%3Ac%3A1%3Arn%3A312565685%3Arqn%3A5%3Au%3A1672120131729037475%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Aco%3A0%3Ans%3A1672120129184%3Aadb%3A2%3Ast%3A1672120132&t=gdpr(14)mc(p-5)clc(0-0-0)rqnt(5)aw(1)ti(2)
93.158.134.119200 OK 43 B URL HTTP/2 mc.yandex.ru/watch/49415098/1?page-url=https%3A%2F%2Fxfantazy.com%2Ftag%2Fbondageliberation&charset=utf-8&hittoken=1672120135_2f60e362ed0acc9dc7dfccd09991f1047cb0dbb0395e37898ef7f009f5a57d25&browser-info=pa%3A1%3Aar%3A1%3Avf%3A14qzoz81s4a176hik6jd9j%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A952%3Acn%3A1%3Adp%3A0%3Als%3A1321012787163%3Ahid%3A271991179%3Az%3A0%3Ai%3A20221227054851%3Aet%3A1672120132%3Ac%3A1%3Arn%3A312565685%3Arqn%3A5%3Au%3A1672120131729037475%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Aco%3A0%3Ans%3A1672120129184%3Aadb%3A2%3Ast%3A1672120132&t=gdpr(14)mc(p-5)clc(0-0-0)rqnt(5)aw(1)ti(2)
IP 93.158.134.119:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash df3e567d6f16d040326c7a0ea29a4f41
ea7df583983133b62712b5e73bffbcd45cc53736
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
POST /watch/49415098/1?page-url=https%3A%2F%2Fxfantazy.com%2Ftag%2Fbondageliberation&charset=utf-8&hittoken=1672120135_2f60e362ed0acc9dc7dfccd09991f1047cb0dbb0395e37898ef7f009f5a57d25&browser-info=pa%3A1%3Aar%3A1%3Avf%3A14qzoz81s4a176hik6jd9j%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A952%3Acn%3A1%3Adp%3A0%3Als%3A1321012787163%3Ahid%3A271991179%3Az%3A0%3Ai%3A20221227054851%3Aet%3A1672120132%3Ac%3A1%3Arn%3A312565685%3Arqn%3A5%3Au%3A1672120131729037475%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Aco%3A0%3Ans%3A1672120129184%3Aadb%3A2%3Ast%3A1672120132&t=gdpr(14)mc(p-5)clc(0-0-0)rqnt(5)aw(1)ti(2) HTTP/1.1
Host: mc.yandex.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Content-Length: 99
Origin: https://xfantazy.com
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-length: 43
date: Tue, 27 Dec 2022 05:48:55 GMT
access-control-allow-origin: https://xfantazy.com
access-control-allow-credentials: true
pragma: no-cache
x-xss-protection: 1; mode=block
expires: Tue, 27-Dec-2022 05:48:55 GMT
last-modified: Tue, 27-Dec-2022 05:48:55 GMT
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
content-type: image/gif
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
mc.yandex.ru/watch/49415098/1?page-url=https%3A%2F%2Fxfantazy.com%2Ftag%2Fbondageliberation&charset=utf-8&hittoken=1672120135_2f60e362ed0acc9dc7dfccd09991f1047cb0dbb0395e37898ef7f009f5a57d25&browser-info=pa%3A1%3Aar%3A1%3Avf%3A14qzoz81s4a176hik6jd9j%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A952%3Acn%3A1%3Adp%3A0%3Als%3A1321012787163%3Ahid%3A271991179%3Az%3A0%3Ai%3A20221227054851%3Aet%3A1672120132%3Ac%3A1%3Arn%3A197527154%3Arqn%3A4%3Au%3A1672120131729037475%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Aco%3A0%3Ans%3A1672120129184%3Aadb%3A2%3Ast%3A1672120132&t=gdpr(14)mc(p-5)clc(0-0-0)rqnt(4)aw(1)ti(2)
93.158.134.119200 OK 43 B URL HTTP/2 mc.yandex.ru/watch/49415098/1?page-url=https%3A%2F%2Fxfantazy.com%2Ftag%2Fbondageliberation&charset=utf-8&hittoken=1672120135_2f60e362ed0acc9dc7dfccd09991f1047cb0dbb0395e37898ef7f009f5a57d25&browser-info=pa%3A1%3Aar%3A1%3Avf%3A14qzoz81s4a176hik6jd9j%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A952%3Acn%3A1%3Adp%3A0%3Als%3A1321012787163%3Ahid%3A271991179%3Az%3A0%3Ai%3A20221227054851%3Aet%3A1672120132%3Ac%3A1%3Arn%3A197527154%3Arqn%3A4%3Au%3A1672120131729037475%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Aco%3A0%3Ans%3A1672120129184%3Aadb%3A2%3Ast%3A1672120132&t=gdpr(14)mc(p-5)clc(0-0-0)rqnt(4)aw(1)ti(2)
IP 93.158.134.119:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash df3e567d6f16d040326c7a0ea29a4f41
ea7df583983133b62712b5e73bffbcd45cc53736
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
POST /watch/49415098/1?page-url=https%3A%2F%2Fxfantazy.com%2Ftag%2Fbondageliberation&charset=utf-8&hittoken=1672120135_2f60e362ed0acc9dc7dfccd09991f1047cb0dbb0395e37898ef7f009f5a57d25&browser-info=pa%3A1%3Aar%3A1%3Avf%3A14qzoz81s4a176hik6jd9j%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A952%3Acn%3A1%3Adp%3A0%3Als%3A1321012787163%3Ahid%3A271991179%3Az%3A0%3Ai%3A20221227054851%3Aet%3A1672120132%3Ac%3A1%3Arn%3A197527154%3Arqn%3A4%3Au%3A1672120131729037475%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Aco%3A0%3Ans%3A1672120129184%3Aadb%3A2%3Ast%3A1672120132&t=gdpr(14)mc(p-5)clc(0-0-0)rqnt(4)aw(1)ti(2) HTTP/1.1
Host: mc.yandex.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Content-Length: 98
Origin: https://xfantazy.com
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-length: 43
date: Tue, 27 Dec 2022 05:48:55 GMT
access-control-allow-origin: https://xfantazy.com
access-control-allow-credentials: true
pragma: no-cache
x-xss-protection: 1; mode=block
expires: Tue, 27-Dec-2022 05:48:55 GMT
last-modified: Tue, 27-Dec-2022 05:48:55 GMT
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
content-type: image/gif
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
othdgemanow.xyz/WUpWQVN2dTUybhYcDAUyHH4fGD0fGzA2ZiwuEAdnGg0EOAYRPXA1Oj13b3ZgbX1lZyMwLmtwa385IiAnLDlrcHUwJDAubn88a3B9aWRkb2F/P2twdS06NyZuaGwmNSc1d2d3ZGt7ZHFiantudGE
188.114.96.1204 No Content 0 B URL HTTP/2 othdgemanow.xyz/WUpWQVN2dTUybhYcDAUyHH4fGD0fGzA2ZiwuEAdnGg0EOAYRPXA1Oj13b3ZgbX1lZyMwLmtwa385IiAnLDlrcHUwJDAubn88a3B9aWRkb2F/P2twdS06NyZuaGwmNSc1d2d3ZGt7ZHFiantudGE
IP 188.114.96.1:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /WUpWQVN2dTUybhYcDAUyHH4fGD0fGzA2ZiwuEAdnGg0EOAYRPXA1Oj13b3ZgbX1lZyMwLmtwa385IiAnLDlrcHUwJDAubn88a3B9aWRkb2F/P2twdS06NyZuaGwmNSc1d2d3ZGt7ZHFiantudGE HTTP/1.1
Host: othdgemanow.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 204 No Content
date: Tue, 27 Dec 2022 05:48:55 GMT
access-control-allow-origin: *
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=5YPdRZW2c0nLyNXXJUFz1Ao6exmJdN06IMTv5%2FqzMi4fKZcciATfDRe7oK75i5ArqzlnlDC%2B47GgIFYw5RSbP1fkW6cogjLDmYSkrt24zYM%2FR%2FqCx1PlYe0wm7cO0yFwyG0%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 77ffc52038411c0a-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
othdgemanow.xyz/VXlMRTd6Ri82CgwXHjR6Az8YF2EcPBUpeRQsOylbABIaJnZnHmoxXjFEdXMFZUh4Y0c8HXF0ESYNLTFCJkR9Y147HyN4ESNEfWsEYVd/dBlnXzl4BnMNPCRQaEhqNUMhFXF0AWJLfXcHZEp9fQ9n
188.114.96.1204 No Content 0 B URL HTTP/2 othdgemanow.xyz/VXlMRTd6Ri82CgwXHjR6Az8YF2EcPBUpeRQsOylbABIaJnZnHmoxXjFEdXMFZUh4Y0c8HXF0ESYNLTFCJkR9Y147HyN4ESNEfWsEYVd/dBlnXzl4BnMNPCRQaEhqNUMhFXF0AWJLfXcHZEp9fQ9n
IP 188.114.96.1:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /VXlMRTd6Ri82CgwXHjR6Az8YF2EcPBUpeRQsOylbABIaJnZnHmoxXjFEdXMFZUh4Y0c8HXF0ESYNLTFCJkR9Y147HyN4ESNEfWsEYVd/dBlnXzl4BnMNPCRQaEhqNUMhFXF0AWJLfXcHZEp9fQ9n HTTP/1.1
Host: othdgemanow.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 204 No Content
date: Tue, 27 Dec 2022 05:48:55 GMT
access-control-allow-origin: *
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=J3RSMsKFVPRcAroO4WBItBZw9vXE%2FeVxm%2B1Y0Y9TywyRCmeyaYMHY4A5FUUuRzNgLbLwSMgmXw4EZaxImFbx760O9uRFjLQDbfFqJW9Soy3jL9si9xh0e34p%2BCLZA3f5HUE%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 77ffc52048451c0a-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
othdgemanow.xyz/TWMyRGZiXFE3WwIrcB01Iwx9FzE1VWYzEgUBenUpDlNeKwB9VxQwDyleC3NXdFQHYhYkBw93VGsQRiUSOBAPdUAkDVQrW2sVD3RIdU0DcUh9RUd5V2sXQiUBcFIUNBI5Dw91UHpRA3ZWfFADfFJ+
188.114.96.1204 No Content 0 B URL HTTP/2 othdgemanow.xyz/TWMyRGZiXFE3WwIrcB01Iwx9FzE1VWYzEgUBenUpDlNeKwB9VxQwDyleC3NXdFQHYhYkBw93VGsQRiUSOBAPdUAkDVQrW2sVD3RIdU0DcUh9RUd5V2sXQiUBcFIUNBI5Dw91UHpRA3ZWfFADfFJ+
IP 188.114.96.1:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /TWMyRGZiXFE3WwIrcB01Iwx9FzE1VWYzEgUBenUpDlNeKwB9VxQwDyleC3NXdFQHYhYkBw93VGsQRiUSOBAPdUAkDVQrW2sVD3RIdU0DcUh9RUd5V2sXQiUBcFIUNBI5Dw91UHpRA3ZWfFADfFJ+ HTTP/1.1
Host: othdgemanow.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 204 No Content
date: Tue, 27 Dec 2022 05:48:55 GMT
access-control-allow-origin: *
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=iYtohVMY9FR6clnyLrmzm5HTvvWrv7FMWUVWccj92DaCkOOoeHC7jSzlCCo0w4ZISOMNpbhnRPbM0lcj1VN5VdchpkqH7kyU4DrSdmpX2ZMeXf8BjCp4wVF7YHNACAj2RzU%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 77ffc52048461c0a-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
othdgemanow.xyz/eG5Gb0xXUSUccRoCBCwaSzQfDhQiABdefRYKKy0PIDkqFhUTJ2AbJRxTf1h9QVlzSTwRCntcfl4dMg44DR17XXxIWWAGIh4Be15qDlN2QXRWX3NBfF4be15qDB4nCHFJSDYbOBRTd1l7Sl90X31LX35beQ
188.114.96.1204 No Content 0 B URL HTTP/2 othdgemanow.xyz/eG5Gb0xXUSUccRoCBCwaSzQfDhQiABdefRYKKy0PIDkqFhUTJ2AbJRxTf1h9QVlzSTwRCntcfl4dMg44DR17XXxIWWAGIh4Be15qDlN2QXRWX3NBfF4be15qDB4nCHFJSDYbOBRTd1l7Sl90X31LX35beQ
IP 188.114.96.1:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /eG5Gb0xXUSUccRoCBCwaSzQfDhQiABdefRYKKy0PIDkqFhUTJ2AbJRxTf1h9QVlzSTwRCntcfl4dMg44DR17XXxIWWAGIh4Be15qDlN2QXRWX3NBfF4be15qDB4nCHFJSDYbOBRTd1l7Sl90X31LX35beQ HTTP/1.1
Host: othdgemanow.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 204 No Content
date: Tue, 27 Dec 2022 05:48:55 GMT
access-control-allow-origin: *
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=VLiTJxcfVnR%2Be%2FEcFomtKXohOzLSOaG1BX7P%2BNUcECFO1X0PR3RQdPfyj89oE6TsZ3QFnD9Go64ms8GHArpgLvV2gE5Roi0j8ph%2B60titP4LgPvnwWnsIYP3Tnn8JdRCiuQ%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 77ffc52048471c0a-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
friendshipmale.com/sfp.js
172.64.141.24200 OK 28 kB URL HTTP/2 friendshipmale.com/sfp.js
IP 172.64.141.24:0
File type Unicode text, UTF-8 text, with very long lines (65529), with no line terminators
Hash 7a07d6e5b73045890774e622886272d1
3d1584c7e08dadb3177cd96173fa7a2f21fbf6d7
e0a54f0f3227d59e468bc965f4024250af54c361ac69a659c260308b6ba27430
GET /sfp.js HTTP/1.1
Host: friendshipmale.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Tue, 27 Dec 2022 05:48:55 GMT
content-type: application/javascript; charset=utf-8
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
access-control-allow-origin: *
expires: Thu, 01 Jan 1970 00:00:01 GMT
cache-control: max-age=14400
x-request-id: d22804a846de1a52aadb1d38a3fdac9e
strict-transport-security: max-age=0; includeSubdomains
cf-cache-status: EXPIRED
last-modified: Tue, 27 Dec 2022 05:48:55 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=hoTrZw%2BgPcPF3SUT3%2BWEvHEk0yx%2FpqoVTFeMCEs9EmEMn9rSRDXpGt0TTTf%2FZomwjNt%2Bc3AYnGzl1VW8v3aesxA%2FKyrdACAr3r67FLDhYAGQxOQjqeS0HS240vYVoQNEGO%2FGQZ0%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 77ffc51ec9d17753-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
himhedrankslo.xyz/cVR2QlUQNhUvahBpFGQgAzhLZ2c3cUQEMUIgTnU6HjtGdGxGJE5sNh07AyYzAzsYNnsfMQJnZzcwIygERDcdJS0mZRUXMQgOEhoASCwsEwAwBi5zZSk/GSYfGB08FAQwJSYuJUMdIjUzIwEdBR0gDjAKIigtOCU+OwI1Ey8mOEMSNxswFxU+SGESBAMVET4UODQ/RgEfCz88FhcGJzhzHyAcNXJnND8BFjElbRQTLQI/Ji4AEgU3dzs2MxoaMBwdFRY9Ajk4LiE+FSFzMjMSFQU3JhUzARA7OS8qEDoZMXMyMxFCIB8cBTcKEDQfEjUMOxcYdzg0BVstIhMDNwcGBgYCGw0kHScsZEkWNAANFDk8Fg0zERwSBzQYOAolGBYnLhYUAz8EHTQWQgwTQBgwO2FIADQ6FDU5OwcRNyxCJhA0ESc1cxsnGSwlTDgEIDkfGyU2GAAkAhcBAA
52.222.214.88200 OK 1.2 kB URL HTTP/2 himhedrankslo.xyz/cVR2QlUQNhUvahBpFGQgAzhLZ2c3cUQEMUIgTnU6HjtGdGxGJE5sNh07AyYzAzsYNnsfMQJnZzcwIygERDcdJS0mZRUXMQgOEhoASCwsEwAwBi5zZSk/GSYfGB08FAQwJSYuJUMdIjUzIwEdBR0gDjAKIigtOCU+OwI1Ey8mOEMSNxswFxU+SGESBAMVET4UODQ/RgEfCz88FhcGJzhzHyAcNXJnND8BFjElbRQTLQI/Ji4AEgU3dzs2MxoaMBwdFRY9Ajk4LiE+FSFzMjMSFQU3JhUzARA7OS8qEDoZMXMyMxFCIB8cBTcKEDQfEjUMOxcYdzg0BVstIhMDNwcGBgYCGw0kHScsZEkWNAANFDk8Fg0zERwSBzQYOAolGBYnLhYUAz8EHTQWQgwTQBgwO2FIADQ6FDU5OwcRNyxCJhA0ESc1cxsnGSwlTDgEIDkfGyU2GAAkAhcBAA
IP 52.222.214.88:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (3048), with no line terminators
Hash bdfef3e0edca978584ce844572d6f015
102bdaa2d1d43593260fc4bf3a9d1a9cc9921daa
7b80a2108be04de61332146ecb611c2a838e0de9f3755b3ca6fe29017c09f96d
GET /cVR2QlUQNhUvahBpFGQgAzhLZ2c3cUQEMUIgTnU6HjtGdGxGJE5sNh07AyYzAzsYNnsfMQJnZzcwIygERDcdJS0mZRUXMQgOEhoASCwsEwAwBi5zZSk/GSYfGB08FAQwJSYuJUMdIjUzIwEdBR0gDjAKIigtOCU+OwI1Ey8mOEMSNxswFxU+SGESBAMVET4UODQ/RgEfCz88FhcGJzhzHyAcNXJnND8BFjElbRQTLQI/Ji4AEgU3dzs2MxoaMBwdFRY9Ajk4LiE+FSFzMjMSFQU3JhUzARA7OS8qEDoZMXMyMxFCIB8cBTcKEDQfEjUMOxcYdzg0BVstIhMDNwcGBgYCGw0kHScsZEkWNAANFDk8Fg0zERwSBzQYOAolGBYnLhYUAz8EHTQWQgwTQBgwO2FIADQ6FDU5OwcRNyxCJhA0ESc1cxsnGSwlTDgEIDkfGyU2GAAkAhcBAA HTTP/1.1
Host: himhedrankslo.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/html
content-length: 1198
date: Tue, 27 Dec 2022 05:48:55 GMT
server: openresty/1.17.8.2
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
content-encoding: gzip
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
x-cache: Miss from cloudfront
via: 1.1 54fc556adf6e8c787574c6f132d70178.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P3
x-amz-cf-id: W4FngOZlvqnhVNxxiN3B0Vhywvh2LJM90xSTUtkhkBHyGtIj7ubJUg==
X-Firefox-Spdy: h2
e1.o.lencr.org/
23.36.77.32200 OK 345 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 35962dc99143b9b61b1a429df7d27f77
4869481c1ff7fdc6144cacdb7089aa94d9016f32
69f73899571abc3fbd79fe5c5d1850a6f1eeb5c20e9636e53673fba68ace0aee
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "69F73899571ABC3FBD79FE5C5D1850A6F1EEB5C20E9636E53673FBA68ACE0AEE"
Last-Modified: Sat, 24 Dec 2022 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9526
Expires: Tue, 27 Dec 2022 08:27:41 GMT
Date: Tue, 27 Dec 2022 05:48:55 GMT
Connection: keep-alive
mc.yandex.ru/watch/49415098/1?page-url=https%3A%2F%2Fxfantazy.com%2Ftag%2Fbondageliberation&charset=utf-8&hittoken=1672120135_2f60e362ed0acc9dc7dfccd09991f1047cb0dbb0395e37898ef7f009f5a57d25&browser-info=pa%3A1%3Aar%3A1%3Avf%3A14qzoz81s4a176hik6jd9j%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A952%3Acn%3A1%3Adp%3A0%3Als%3A1321012787163%3Ahid%3A271991179%3Az%3A0%3Ai%3A20221227054851%3Aet%3A1672120132%3Ac%3A1%3Arn%3A134800973%3Arqn%3A8%3Au%3A1672120131729037475%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Aco%3A0%3Aeu%3A1%3Ans%3A1672120129184%3Aadb%3A2%3Ast%3A1672120132&t=gdpr(14)mc(p-5-h-1)clc(0-0-0)rqnt(8)aw(1)ti(2)
93.158.134.119200 OK 43 B URL HTTP/2 mc.yandex.ru/watch/49415098/1?page-url=https%3A%2F%2Fxfantazy.com%2Ftag%2Fbondageliberation&charset=utf-8&hittoken=1672120135_2f60e362ed0acc9dc7dfccd09991f1047cb0dbb0395e37898ef7f009f5a57d25&browser-info=pa%3A1%3Aar%3A1%3Avf%3A14qzoz81s4a176hik6jd9j%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A952%3Acn%3A1%3Adp%3A0%3Als%3A1321012787163%3Ahid%3A271991179%3Az%3A0%3Ai%3A20221227054851%3Aet%3A1672120132%3Ac%3A1%3Arn%3A134800973%3Arqn%3A8%3Au%3A1672120131729037475%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Aco%3A0%3Aeu%3A1%3Ans%3A1672120129184%3Aadb%3A2%3Ast%3A1672120132&t=gdpr(14)mc(p-5-h-1)clc(0-0-0)rqnt(8)aw(1)ti(2)
IP 93.158.134.119:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash df3e567d6f16d040326c7a0ea29a4f41
ea7df583983133b62712b5e73bffbcd45cc53736
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
POST /watch/49415098/1?page-url=https%3A%2F%2Fxfantazy.com%2Ftag%2Fbondageliberation&charset=utf-8&hittoken=1672120135_2f60e362ed0acc9dc7dfccd09991f1047cb0dbb0395e37898ef7f009f5a57d25&browser-info=pa%3A1%3Aar%3A1%3Avf%3A14qzoz81s4a176hik6jd9j%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A952%3Acn%3A1%3Adp%3A0%3Als%3A1321012787163%3Ahid%3A271991179%3Az%3A0%3Ai%3A20221227054851%3Aet%3A1672120132%3Ac%3A1%3Arn%3A134800973%3Arqn%3A8%3Au%3A1672120131729037475%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Aco%3A0%3Aeu%3A1%3Ans%3A1672120129184%3Aadb%3A2%3Ast%3A1672120132&t=gdpr(14)mc(p-5-h-1)clc(0-0-0)rqnt(8)aw(1)ti(2) HTTP/1.1
Host: mc.yandex.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Content-Length: 39
Origin: https://xfantazy.com
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-length: 43
date: Tue, 27 Dec 2022 05:48:55 GMT
access-control-allow-origin: https://xfantazy.com
access-control-allow-credentials: true
pragma: no-cache
x-xss-protection: 1; mode=block
expires: Tue, 27-Dec-2022 05:48:55 GMT
last-modified: Tue, 27-Dec-2022 05:48:55 GMT
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
content-type: image/gif
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
himhedrankslo.xyz/bVYxU0wMNFI+cwxrU3U5HzoMdn4rcwMVKF4iCWQjAjkBZXVaJgl9LwE5RDcqHzlfJ2IDM0V2fisFVBsoOzVkHi4qEkILKiwhVB4ZFWBlYx4FBF8RKSUFaDYAPD56HzYgFXkpPz0XSxEOOAV0HwZdAHkwNF0/dzsOAgBIChsrEVkSFj89ZR18FWVpNAVdAnJnFCkCRjcAFTpiCTYJZGc4KBoHAh0dLBJGNQYVNXAZID8uYhEnBQB5FQU/O2c1L1xndBV9Py5iEg1VHgIFATg7aCkWBiZ5HxkJZWkGHTUAeRUFLwV/Bi8pOnYJGT8iYhV5GgcCHiooPBwKLSEQABUJXRhLABkJOmAbAicDXDcOJwR0FQEvNUISCic4f2AGJAdfJw43BwAYFixwWyAjAyYMKQ4sMX0JPh5v
52.222.214.88200 OK 1.2 kB URL HTTP/2 himhedrankslo.xyz/bVYxU0wMNFI+cwxrU3U5HzoMdn4rcwMVKF4iCWQjAjkBZXVaJgl9LwE5RDcqHzlfJ2IDM0V2fisFVBsoOzVkHi4qEkILKiwhVB4ZFWBlYx4FBF8RKSUFaDYAPD56HzYgFXkpPz0XSxEOOAV0HwZdAHkwNF0/dzsOAgBIChsrEVkSFj89ZR18FWVpNAVdAnJnFCkCRjcAFTpiCTYJZGc4KBoHAh0dLBJGNQYVNXAZID8uYhEnBQB5FQU/O2c1L1xndBV9Py5iEg1VHgIFATg7aCkWBiZ5HxkJZWkGHTUAeRUFLwV/Bi8pOnYJGT8iYhV5GgcCHiooPBwKLSEQABUJXRhLABkJOmAbAicDXDcOJwR0FQEvNUISCic4f2AGJAdfJw43BwAYFixwWyAjAyYMKQ4sMX0JPh5v
IP 52.222.214.88:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (3014), with no line terminators
Hash fa27df9101894d6f4712a79717580ad8
dab93838f9e80998913111f7b4f5019ef7ad3a72
1937604f3dec1d9034f5962031552b4e6722b5815c35d9ce6ed303acd1484d39
GET /bVYxU0wMNFI+cwxrU3U5HzoMdn4rcwMVKF4iCWQjAjkBZXVaJgl9LwE5RDcqHzlfJ2IDM0V2fisFVBsoOzVkHi4qEkILKiwhVB4ZFWBlYx4FBF8RKSUFaDYAPD56HzYgFXkpPz0XSxEOOAV0HwZdAHkwNF0/dzsOAgBIChsrEVkSFj89ZR18FWVpNAVdAnJnFCkCRjcAFTpiCTYJZGc4KBoHAh0dLBJGNQYVNXAZID8uYhEnBQB5FQU/O2c1L1xndBV9Py5iEg1VHgIFATg7aCkWBiZ5HxkJZWkGHTUAeRUFLwV/Bi8pOnYJGT8iYhV5GgcCHiooPBwKLSEQABUJXRhLABkJOmAbAicDXDcOJwR0FQEvNUISCic4f2AGJAdfJw43BwAYFixwWyAjAyYMKQ4sMX0JPh5v HTTP/1.1
Host: himhedrankslo.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/html
content-length: 1169
date: Tue, 27 Dec 2022 05:48:55 GMT
server: openresty/1.17.8.2
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
content-encoding: gzip
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
x-cache: Miss from cloudfront
via: 1.1 54fc556adf6e8c787574c6f132d70178.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P3
x-amz-cf-id: OY2mUzyOoO9fFl860lG86B0r7bFfx5IL4gMOU-ytPFIUtFfJJ6WedA==
X-Firefox-Spdy: h2
chapelcertain.com/4d/0a/fc/4d0afc2425eea6b0cd5a468c9f8a69ed.js
173.233.139.164200 OK 29 kB URL HTTP/1.1 chapelcertain.com/4d/0a/fc/4d0afc2425eea6b0cd5a468c9f8a69ed.js
IP 173.233.139.164:0
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (65536), with no line terminators
Hash 401fdceb3b4f70ed75e52f6253dfac0a
4f786f9e9109863bdf6c4142f1df5e74654d8176
d43f2726539af3f0a11c74ce3a90ad6985ec438c2f6d45f27c51071e8b4ba361
Analyzer Verdict Alert quad9 Sinkholed
GET /4d/0a/fc/4d0afc2425eea6b0cd5a468c9f8a69ed.js HTTP/1.1
Host: chapelcertain.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Tue, 27 Dec 2022 05:48:55 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 63b24bc41069dcee7809b5ea20006cfb
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
mc.yandex.ru/watch/49415098/1?page-url=https%3A%2F%2Fxfantazy.com%2Ftag%2Fbondageliberation&charset=utf-8&hittoken=1672120135_2f60e362ed0acc9dc7dfccd09991f1047cb0dbb0395e37898ef7f009f5a57d25&browser-info=pv%3A1%3Aar%3A1%3Avf%3A14qzoz81s4a176hik6jd9j%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A952%3Acn%3A1%3Adp%3A0%3Als%3A1321012787163%3Ahid%3A271991179%3Az%3A0%3Ai%3A20221227054851%3Aet%3A1672120132%3Ac%3A1%3Arn%3A717964938%3Arqn%3A7%3Au%3A1672120131729037475%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Aco%3A0%3Aeu%3A1%3Ans%3A1672120129184%3Aadb%3A2%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1672120132%3At%3Abondageliberation%20-%20XFantazy.com&t=gdpr%2814%29mc%28p-5%29clc%280-0-0%29rqnt%287%29aw%281%29fip%281%29ti%282%29
93.158.134.119200 OK 43 B URL HTTP/2 mc.yandex.ru/watch/49415098/1?page-url=https%3A%2F%2Fxfantazy.com%2Ftag%2Fbondageliberation&charset=utf-8&hittoken=1672120135_2f60e362ed0acc9dc7dfccd09991f1047cb0dbb0395e37898ef7f009f5a57d25&browser-info=pv%3A1%3Aar%3A1%3Avf%3A14qzoz81s4a176hik6jd9j%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A952%3Acn%3A1%3Adp%3A0%3Als%3A1321012787163%3Ahid%3A271991179%3Az%3A0%3Ai%3A20221227054851%3Aet%3A1672120132%3Ac%3A1%3Arn%3A717964938%3Arqn%3A7%3Au%3A1672120131729037475%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Aco%3A0%3Aeu%3A1%3Ans%3A1672120129184%3Aadb%3A2%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1672120132%3At%3Abondageliberation%20-%20XFantazy.com&t=gdpr%2814%29mc%28p-5%29clc%280-0-0%29rqnt%287%29aw%281%29fip%281%29ti%282%29
IP 93.158.134.119:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash df3e567d6f16d040326c7a0ea29a4f41
ea7df583983133b62712b5e73bffbcd45cc53736
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
GET /watch/49415098/1?page-url=https%3A%2F%2Fxfantazy.com%2Ftag%2Fbondageliberation&charset=utf-8&hittoken=1672120135_2f60e362ed0acc9dc7dfccd09991f1047cb0dbb0395e37898ef7f009f5a57d25&browser-info=pv%3A1%3Aar%3A1%3Avf%3A14qzoz81s4a176hik6jd9j%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A952%3Acn%3A1%3Adp%3A0%3Als%3A1321012787163%3Ahid%3A271991179%3Az%3A0%3Ai%3A20221227054851%3Aet%3A1672120132%3Ac%3A1%3Arn%3A717964938%3Arqn%3A7%3Au%3A1672120131729037475%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Aco%3A0%3Aeu%3A1%3Ans%3A1672120129184%3Aadb%3A2%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1672120132%3At%3Abondageliberation%20-%20XFantazy.com&t=gdpr%2814%29mc%28p-5%29clc%280-0-0%29rqnt%287%29aw%281%29fip%281%29ti%282%29 HTTP/1.1
Host: mc.yandex.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://xfantazy.com
Referer: https://xfantazy.com/
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-length: 43
date: Tue, 27 Dec 2022 05:48:55 GMT
access-control-allow-origin: https://xfantazy.com
access-control-allow-credentials: true
pragma: no-cache
x-xss-protection: 1; mode=block
expires: Tue, 27-Dec-2022 05:48:55 GMT
last-modified: Tue, 27-Dec-2022 05:48:55 GMT
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
content-type: image/gif
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
simplewebanalysis.com/stats
52.59.105.91200 OK 40 B URL HTTP/2 simplewebanalysis.com/stats
IP 52.59.105.91:0
File type ASCII text, with no line terminators
Hash 2009167d9ba62afecc1d7497aace4b25
4f778f64441afb7a2e31ef5d68ec69f263bb47aa
a5ab3c5ba99999839580cc93984eeea00f8fe70ccdb3018cbcfc0dc68a695e31
Analyzer Verdict Alert fortinet Malware
GET /stats HTTP/1.1
Host: simplewebanalysis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://xfantazy.com
Connection: keep-alive
Referer: https://xfantazy.com/
Cookie: uid_id2=c4449fff-ab5e-448c-9538-e2faf35ce531:1:1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Tue, 27 Dec 2022 05:48:55 GMT
content-type: text/html; charset=UTF-8
content-length: 40
server: fasthttp
access-control-allow-origin: https://xfantazy.com
access-control-allow-credentials: true
X-Firefox-Spdy: h2
d3t87ooo0697p8.cloudfront.net/TMXJWa09SHTgNcEUbMlZ2B0BmWnsXGCUEIUFPPg4nSz1gCH1DB3AfNVVPZk0jUBwxVmlUHDVWfhcTMglyBVQiGyBaTyUOPlkCPBIqQxhwHi4MHzkRJl0eN059d0d4W2oDQn4cJl8WORw8FEBmBTsUQGZafx9Cc1gNFEBmHCZfRGJOfHNXZFs3B0ZzWA0UQG-YZORRBF1p/BFxmQmoDQjEOLFodc1kJA0JnW38AQmdOfQEUPxkqVx0uTn13Q2ZeYQFUI1Z+
143.204.42.94200 OK 581 B URL HTTP/2 d3t87ooo0697p8.cloudfront.net/TMXJWa09SHTgNcEUbMlZ2B0BmWnsXGCUEIUFPPg4nSz1gCH1DB3AfNVVPZk0jUBwxVmlUHDVWfhcTMglyBVQiGyBaTyUOPlkCPBIqQxhwHi4MHzkRJl0eN059d0d4W2oDQn4cJl8WORw8FEBmBTsUQGZafx9Cc1gNFEBmHCZfRGJOfHNXZFs3B0ZzWA0UQG-YZORRBF1p/BFxmQmoDQjEOLFodc1kJA0JnW38AQmdOfQEUPxkqVx0uTn13Q2ZeYQFUI1Z+
IP 143.204.42.94:0
File type ASCII text, with very long lines (818), with no line terminators
Hash e2c732a163cd8a7f87bf7ac7ee0f1c8e
7b29d309895adf683dad4727b805e5429b2961f7
12fa693ab155b2387de5ac463a87115e839be8e30dae679913c3ef385a738496
GET /TMXJWa09SHTgNcEUbMlZ2B0BmWnsXGCUEIUFPPg4nSz1gCH1DB3AfNVVPZk0jUBwxVmlUHDVWfhcTMglyBVQiGyBaTyUOPlkCPBIqQxhwHi4MHzkRJl0eN059d0d4W2oDQn4cJl8WORw8FEBmBTsUQGZafx9Cc1gNFEBmHCZfRGJOfHNXZFs3B0ZzWA0UQG-YZORRBF1p/BFxmQmoDQjEOLFodc1kJA0JnW38AQmdOfQEUPxkqVx0uTn13Q2ZeYQFUI1Z+ HTTP/1.1
Host: d3t87ooo0697p8.cloudfront.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://himhedrankslo.xyz/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-length: 581
date: Tue, 27 Dec 2022 05:48:56 GMT
access-control-allow-origin: *
cache-control: max-age=31556926
content-encoding: gzip
x-cache: Miss from cloudfront
via: 1.1 6a757ab2991da716151f94ca00b38098.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: laQdFrqlOu2gMMJ0jm7OKdyk2MCaexfK1fydaqeWAW3L7GVFZ8XCnA==
X-Firefox-Spdy: h2
warilycommercialconstitutional.com/01/f7/5a/01f75a95a38a8db0a8e82d995253a076.js
173.233.137.60200 OK 29 kB URL HTTP/1.1 warilycommercialconstitutional.com/01/f7/5a/01f75a95a38a8db0a8e82d995253a076.js
IP 173.233.137.60:0
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (65536), with no line terminators
Hash 3c6972f85515f69b9517f71dcceded26
b0e01c403e7ac6ec1550a2706a567bf0e9709d6b
f19ea99fba216afcdf6535a2983d37f26dab854f802bf91b467412408634205b
Analyzer Verdict Alert quad9 Sinkholed
GET /01/f7/5a/01f75a95a38a8db0a8e82d995253a076.js HTTP/1.1
Host: warilycommercialconstitutional.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Tue, 27 Dec 2022 05:48:55 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 3df510216f909acebb723cf47614e611
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
d3t87ooo0697p8.cloudfront.net/SeHdVcUMbGDsXfAweMUx6T0RhRnBeHSYeLQhKLzMCHzsPAzBBUSELJ0VHcx0iFhBoVyYWFGhAZRkTN0x3XgI0TC4XDTwdLxlSZzd2VkdwQ3NQADwfJxcAJlRxSBkhVHFIRmVfc11EF1RxSAA8H3VMUmYzZkpHLUd3XUQXVHFIBSNUcDlGZURtSF5wQ3MfEj-YaLF1FE0NzSUdlQHNJUmdBJREFMBcsAFJnN3JIQntBZQ1KZA
143.204.42.94200 OK 184 B URL HTTP/2 d3t87ooo0697p8.cloudfront.net/SeHdVcUMbGDsXfAweMUx6T0RhRnBeHSYeLQhKLzMCHzsPAzBBUSELJ0VHcx0iFhBoVyYWFGhAZRkTN0x3XgI0TC4XDTwdLxlSZzd2VkdwQ3NQADwfJxcAJlRxSBkhVHFIRmVfc11EF1RxSAA8H3VMUmYzZkpHLUd3XUQXVHFIBSNUcDlGZURtSF5wQ3MfEj-YaLF1FE0NzSUdlQHNJUmdBJREFMBcsAFJnN3JIQntBZQ1KZA
IP 143.204.42.94:0
File type ASCII text, with no line terminators
Hash edb09154c10b2d3084d57170ec718cac
a52b80626c9e33fd5c01f7d226ab04db70714471
fc75dc1f654619ba9794c679b7c2866fd002895bf1ac84ec6cccf0e3b2a53580
GET /SeHdVcUMbGDsXfAweMUx6T0RhRnBeHSYeLQhKLzMCHzsPAzBBUSELJ0VHcx0iFhBoVyYWFGhAZRkTN0x3XgI0TC4XDTwdLxlSZzd2VkdwQ3NQADwfJxcAJlRxSBkhVHFIRmVfc11EF1RxSAA8H3VMUmYzZkpHLUd3XUQXVHFIBSNUcDlGZURtSF5wQ3MfEj-YaLF1FE0NzSUdlQHNJUmdBJREFMBcsAFJnN3JIQntBZQ1KZA HTTP/1.1
Host: d3t87ooo0697p8.cloudfront.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://himhedrankslo.xyz/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-length: 184
date: Tue, 27 Dec 2022 05:48:56 GMT
access-control-allow-origin: *
cache-control: max-age=31556926
content-encoding: gzip
x-cache: Miss from cloudfront
via: 1.1 6a757ab2991da716151f94ca00b38098.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: OV7LZTI4_JfS2YZAcM4zGPBEMP9qJt-F8-IJcnILawqM1kfojU-uuQ==
X-Firefox-Spdy: h2
d3t87ooo0697p8.cloudfront.net/dUjQ5ckgxW1cUdyZdXU9xZQUARX10XkodJiIJVQAqPlp2ITwfRUkGHQZFHwYyNgkJVCQzWl5PbjdaWk95dFVdEHVmEk0CJzkJTBwsN1JQHC02EkwTdT9bQxskPlUcQA5nGglXemIcThsmNltOAW1gBFcGbWAECEJmYhEKMG1gBE4bJmQAHEEKdwYJCn5mEQ-owbWAESwRtYXUIQn18BBBXemJTXBEjPRELNHpiBQlCeWIFHEB4NF1LFy49TBxADmMEDFx4dEEEQw
143.204.42.94200 OK 327 B URL HTTP/2 d3t87ooo0697p8.cloudfront.net/dUjQ5ckgxW1cUdyZdXU9xZQUARX10XkodJiIJVQAqPlp2ITwfRUkGHQZFHwYyNgkJVCQzWl5PbjdaWk95dFVdEHVmEk0CJzkJTBwsN1JQHC02EkwTdT9bQxskPlUcQA5nGglXemIcThsmNltOAW1gBFcGbWAECEJmYhEKMG1gBE4bJmQAHEEKdwYJCn5mEQ-owbWAESwRtYXUIQn18BBBXemJTXBEjPRELNHpiBQlCeWIFHEB4NF1LFy49TBxADmMEDFx4dEEEQw
IP 143.204.42.94:0
File type ASCII text, with very long lines (415), with no line terminators
Hash c37af65dbfa0c61536ba9f16c83c3e0a
fd59f02513ae4b53baf8c025a63a6f0e7c48d91e
f97e36bbbbcba511681768fc07dcf3c5bda8d31342d9ed107c466fb9bca16c2f
GET /dUjQ5ckgxW1cUdyZdXU9xZQUARX10XkodJiIJVQAqPlp2ITwfRUkGHQZFHwYyNgkJVCQzWl5PbjdaWk95dFVdEHVmEk0CJzkJTBwsN1JQHC02EkwTdT9bQxskPlUcQA5nGglXemIcThsmNltOAW1gBFcGbWAECEJmYhEKMG1gBE4bJmQAHEEKdwYJCn5mEQ-owbWAESwRtYXUIQn18BBBXemJTXBEjPRELNHpiBQlCeWIFHEB4NF1LFy49TBxADmMEDFx4dEEEQw HTTP/1.1
Host: d3t87ooo0697p8.cloudfront.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://himhedrankslo.xyz/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-length: 327
date: Tue, 27 Dec 2022 05:48:56 GMT
access-control-allow-origin: *
cache-control: max-age=31556926
content-encoding: gzip
x-cache: Miss from cloudfront
via: 1.1 6a757ab2991da716151f94ca00b38098.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: Poz35Vu4zF6PjEIpJnWL05gk2QCl7tg83KQ3OvNwIF-XNNZ-cv9EyQ==
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 060ea6b2c25b60488817895e18a6adde
907dede93ded3e7f2531e1e632cde33bdde3a152
13744deefce3307c3a75088c7015d442783705db40d208d79a99ddcb0df87d11
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "13744DEEFCE3307C3A75088C7015D442783705DB40D208D79A99DDCB0DF87D11"
Last-Modified: Mon, 26 Dec 2022 01:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10039
Expires: Tue, 27 Dec 2022 08:36:15 GMT
Date: Tue, 27 Dec 2022 05:48:56 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash f2fdfdf3805d927d58ec1cdfeea2b523
d356779d68c1e415cbcfb28ae36132ef6b0bfcc8
8139c3a05dc271c4b401ff7d6d943bbc90a0404bbedffd502c64dea1cf89a1eb
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "8139C3A05DC271C4B401FF7D6D943BBC90A0404BBEDFFD502C64DEA1CF89A1EB"
Last-Modified: Sun, 25 Dec 2022 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=18339
Expires: Tue, 27 Dec 2022 10:54:35 GMT
Date: Tue, 27 Dec 2022 05:48:56 GMT
Connection: keep-alive
chapelcertain.com/sbar.json?key=a2f990f10476061c719d1c1aa3a2ecd2
173.233.139.164200 OK 5.0 kB URL HTTP/1.1 chapelcertain.com/sbar.json?key=a2f990f10476061c719d1c1aa3a2ecd2
IP 173.233.139.164:0
File type JSON data\012- , Unicode text, UTF-8 text, with very long lines (6872), with no line terminators
Hash a6d1148f0e808296b391f1ff2137305b
38a844aa3506d928ac39ef7239d53096cecab1dc
f98849c1422c04c48998c0c87c3dd6dc0d91dcf50d6516ac0ad065d6d3f8356e
Analyzer Verdict Alert quad9 Sinkholed
GET /sbar.json?key=a2f990f10476061c719d1c1aa3a2ecd2 HTTP/1.1
Host: chapelcertain.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://xfantazy.com
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Tue, 27 Dec 2022 05:48:56 GMT
Content-Type: text/plain; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: https://xfantazy.com
Access-Control-Allow-Origin: https://xfantazy.com
Access-Control-Allow-Credentials: true
Set-Cookie: u_pl=15600826; expires=Wed, 28 Dec 2022 05:48:56 GMT; secure; SameSite=None
pdhtkv=true; expires=Wed, 28 Dec 2022 05:48:56 GMT; secure; SameSite=None
uncs=1; expires=Wed, 28 Dec 2022 05:48:56 GMT; secure; SameSite=None
pdhtkv29=true; expires=Wed, 28 Dec 2022 05:48:56 GMT; secure; SameSite=None
uncs29=1; expires=Wed, 28 Dec 2022 05:48:56 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: b235429eaeb4a8af5ec85cb564f96010
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
warilycommercialconstitutional.com/sbar.json?key=21fe3950f412e026c33f1b6cee613eba
173.233.137.60200 OK 5.0 kB URL HTTP/1.1 warilycommercialconstitutional.com/sbar.json?key=21fe3950f412e026c33f1b6cee613eba
IP 173.233.137.60:0
File type JSON data\012- , Unicode text, UTF-8 text, with very long lines (6916), with no line terminators
Hash 68ea4c745a9624c4467e6a0e0d520233
0142e8186351fee7e966a81d0fd25b7a5e9aab4f
52e61a4f0a4e91cd48d3ef67f6c75f87ae5aa4ec562dd0d35cd68c38d3c2f088
Analyzer Verdict Alert quad9 Sinkholed
GET /sbar.json?key=21fe3950f412e026c33f1b6cee613eba HTTP/1.1
Host: warilycommercialconstitutional.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://xfantazy.com
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Tue, 27 Dec 2022 05:48:56 GMT
Content-Type: text/plain; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: https://xfantazy.com
Access-Control-Allow-Origin: https://xfantazy.com
Access-Control-Allow-Credentials: true
Set-Cookie: u_pl=17661735; expires=Wed, 28 Dec 2022 05:48:56 GMT; secure; SameSite=None
pdhtkv=true; expires=Wed, 28 Dec 2022 05:48:56 GMT; secure; SameSite=None
uncs=1; expires=Wed, 28 Dec 2022 05:48:56 GMT; secure; SameSite=None
pdhtkv29=true; expires=Wed, 28 Dec 2022 05:48:56 GMT; secure; SameSite=None
uncs29=1; expires=Wed, 28 Dec 2022 05:48:56 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 99e0220707498a1d3f217d2e51506b5d
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
mc.yandex.ru/watch/49415098?page-url=https%3A%2F%2Fxfantazy.com%2Ftag%2Fbondageliberation&charset=utf-8&hittoken=1672120135_2f60e362ed0acc9dc7dfccd09991f1047cb0dbb0395e37898ef7f009f5a57d25&browser-info=pv%3A1%3Aar%3A1%3Avf%3A14qzoz81s4a176hik6jd9j%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A952%3Acn%3A1%3Adp%3A0%3Als%3A1321012787163%3Ahid%3A271991179%3Az%3A0%3Ai%3A20221227054851%3Aet%3A1672120132%3Ac%3A1%3Arn%3A717964938%3Arqn%3A7%3Au%3A1672120131729037475%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Aco%3A0%3Aeu%3A1%3Ans%3A1672120129184%3Aadb%3A2%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1672120132%3At%3Abondageliberation%20-%20XFantazy.com&t=gdpr(14)mc(p-5)clc(0-0-0)rqnt(7)aw(1)fip(1)ti(2)
93.158.134.119302 Found 0 B URL HTTP/2 mc.yandex.ru/watch/49415098?page-url=https%3A%2F%2Fxfantazy.com%2Ftag%2Fbondageliberation&charset=utf-8&hittoken=1672120135_2f60e362ed0acc9dc7dfccd09991f1047cb0dbb0395e37898ef7f009f5a57d25&browser-info=pv%3A1%3Aar%3A1%3Avf%3A14qzoz81s4a176hik6jd9j%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A952%3Acn%3A1%3Adp%3A0%3Als%3A1321012787163%3Ahid%3A271991179%3Az%3A0%3Ai%3A20221227054851%3Aet%3A1672120132%3Ac%3A1%3Arn%3A717964938%3Arqn%3A7%3Au%3A1672120131729037475%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Aco%3A0%3Aeu%3A1%3Ans%3A1672120129184%3Aadb%3A2%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1672120132%3At%3Abondageliberation%20-%20XFantazy.com&t=gdpr(14)mc(p-5)clc(0-0-0)rqnt(7)aw(1)fip(1)ti(2)
IP 93.158.134.119:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /watch/49415098?page-url=https%3A%2F%2Fxfantazy.com%2Ftag%2Fbondageliberation&charset=utf-8&hittoken=1672120135_2f60e362ed0acc9dc7dfccd09991f1047cb0dbb0395e37898ef7f009f5a57d25&browser-info=pv%3A1%3Aar%3A1%3Avf%3A14qzoz81s4a176hik6jd9j%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A952%3Acn%3A1%3Adp%3A0%3Als%3A1321012787163%3Ahid%3A271991179%3Az%3A0%3Ai%3A20221227054851%3Aet%3A1672120132%3Ac%3A1%3Arn%3A717964938%3Arqn%3A7%3Au%3A1672120131729037475%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Aco%3A0%3Aeu%3A1%3Ans%3A1672120129184%3Aadb%3A2%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1672120132%3At%3Abondageliberation%20-%20XFantazy.com&t=gdpr(14)mc(p-5)clc(0-0-0)rqnt(7)aw(1)fip(1)ti(2) HTTP/1.1
Host: mc.yandex.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://xfantazy.com
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 302 Found
location: /watch/49415098/1?page-url=https%3A%2F%2Fxfantazy.com%2Ftag%2Fbondageliberation&charset=utf-8&hittoken=1672120135_2f60e362ed0acc9dc7dfccd09991f1047cb0dbb0395e37898ef7f009f5a57d25&browser-info=pv%3A1%3Aar%3A1%3Avf%3A14qzoz81s4a176hik6jd9j%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A952%3Acn%3A1%3Adp%3A0%3Als%3A1321012787163%3Ahid%3A271991179%3Az%3A0%3Ai%3A20221227054851%3Aet%3A1672120132%3Ac%3A1%3Arn%3A717964938%3Arqn%3A7%3Au%3A1672120131729037475%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Aco%3A0%3Aeu%3A1%3Ans%3A1672120129184%3Aadb%3A2%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1672120132%3At%3Abondageliberation%20-%20XFantazy.com&t=gdpr%2814%29mc%28p-5%29clc%280-0-0%29rqnt%287%29aw%281%29fip%281%29ti%282%29
date: Tue, 27 Dec 2022 05:48:55 GMT
access-control-allow-origin: https://xfantazy.com
set-cookie: yabs-sid=2161649411672120135; Path=/; SameSite=None; Secure
i=pz1i5k2BZK9y6VQVrL8X+FzbbYbPVW21L9Z8usBugJJ2UcuOIVLuAfHwRdM9rSOAQyrg3uVojJIBFBm4v8NOTwHSciA=; Expires=Fri, 24-Dec-2032 05:48:55 GMT; Domain=.yandex.ru; Path=/; Secure; HttpOnly; SameSite=None
yandexuid=8203779781672120135; Expires=Wed, 27-Dec-2023 05:48:55 GMT; Domain=.yandex.ru; Path=/; SameSite=None; Secure
yuidss=8203779781672120135; Expires=Wed, 27-Dec-2023 05:48:55 GMT; Domain=.yandex.ru; Path=/; SameSite=None; Secure
ymex=1703656135.yc.1672120135#1703656135.yrts.1672120135#1703656135.yrtsi.1672120135; Expires=Wed, 27-Dec-2023 05:48:55 GMT; Domain=.yandex.ru; Path=/; SameSite=None; Secure
access-control-allow-credentials: true
pragma: no-cache
x-xss-protection: 1; mode=block
expires: Tue, 27-Dec-2022 05:48:55 GMT
last-modified: Tue, 27-Dec-2022 05:48:55 GMT
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
temperrunnersdale.com/pixel/purst?dl=0&th=0&sc=0&rs=3082&rd=3082&fd=544&bv=22.10.v.10&tmpl=136
173.233.137.36200 OK 0 B URL HTTP/1.1 temperrunnersdale.com/pixel/purst?dl=0&th=0&sc=0&rs=3082&rd=3082&fd=544&bv=22.10.v.10&tmpl=136
IP 173.233.137.36:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /pixel/purst?dl=0&th=0&sc=0&rs=3082&rd=3082&fd=544&bv=22.10.v.10&tmpl=136 HTTP/1.1
Host: temperrunnersdale.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Tue, 27 Dec 2022 05:48:56 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 79761ce053938abea0d013383dacbef4
f691b168bcf8aa73f28e36a2bb456bcc00e06a04
2bae4811d2c191b4f3207e4170e9623ec95f2eeb258329e6edcd2ca75d3b91bf
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5834
Cache-Control: max-age=105207
Content-Type: application/ocsp-response
Date: Tue, 27 Dec 2022 05:48:56 GMT
Etag: "63a96875-1d7"
Expires: Wed, 28 Dec 2022 11:02:23 GMT
Last-Modified: Mon, 26 Dec 2022 09:25:09 GMT
Server: ECS (ska/F719)
X-Cache: HIT
Content-Length: 471
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash c369fc9c5758cbb293cdc023c7468824
064daa6d61388909a901160cdd648c9efbe6a8cd
f870eceff6ac7f9816fa4d8789f35ef91a00e55e40c8d6b48a397512c3a6de9d
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 27 Dec 2022 05:48:56 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash c369fc9c5758cbb293cdc023c7468824
064daa6d61388909a901160cdd648c9efbe6a8cd
f870eceff6ac7f9816fa4d8789f35ef91a00e55e40c8d6b48a397512c3a6de9d
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 27 Dec 2022 05:48:56 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
accounts.google.com/ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&uilel=3&hl=en&service=youtube
142.250.74.109302 Found 430 B URL HTTP/2 accounts.google.com/ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&uilel=3&hl=en&service=youtube
IP 142.250.74.109:0
Hash 7ec01a1325fd3aea2f288e879dccb2fc
b712c2beae47c2a1015355fee3e1c3b1a940262d
48d1f82ac74d2eede58542c164755e75380a88a4289b4cd0bdd402df9156dc94
GET /ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&uilel=3&hl=en&service=youtube HTTP/1.1
Host: accounts.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
content-type: text/html; charset=UTF-8
x-frame-options: DENY
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Tue, 27 Dec 2022 05:48:56 GMT
location: https://accounts.google.com/v3/signin/identifier?dsh=S318796526%3A1672120136577123&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&hl=en&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&ifkv=AeAAQh7szN9q5Q2Wo_FtoYQB2A63seAUWS7YSqd9iua89CGDzzJYqSP3S2mJHeulca2OYtOTfmyYJg
strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: require-trusted-types-for 'script';report-uri /cspreport, script-src 'nonce-ZSRPv3w6FEPb8JDfjhDucw' 'unsafe-inline' 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /cspreport
report-to: {"group":"coop_gse_qebhlk","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gse_qebhlk"}]}
cross-origin-opener-policy-report-only: same-origin; report-to="coop_gse_qebhlk"
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 395
server: GSE
set-cookie: __Host-GAPS=1:JMXGl6xnVBa_pzemGdWkhXMx1aMqlw:RlRMprgdvKREtEiv;Path=/;Expires=Thu, 26-Dec-2024 05:48:56 GMT;Secure;HttpOnly;Priority=HIGH
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
e1.o.lencr.org/
23.36.77.32200 OK 345 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash c8177855127771e0c20fc1f61dc743b8
fadc8db18babd27e88e4e323e2f38d6cca2261fe
344605a754731ad78d46d2f10397ba04aec5c94b937874a930d48df25eb2dfbc
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "344605A754731AD78D46D2F10397BA04AEC5C94B937874A930D48DF25EB2DFBC"
Last-Modified: Sun, 25 Dec 2022 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=17927
Expires: Tue, 27 Dec 2022 10:47:43 GMT
Date: Tue, 27 Dec 2022 05:48:56 GMT
Connection: keep-alive
e1.o.lencr.org/
23.36.77.32200 OK 345 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash c8177855127771e0c20fc1f61dc743b8
fadc8db18babd27e88e4e323e2f38d6cca2261fe
344605a754731ad78d46d2f10397ba04aec5c94b937874a930d48df25eb2dfbc
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "344605A754731AD78D46D2F10397BA04AEC5C94B937874A930D48DF25EB2DFBC"
Last-Modified: Sun, 25 Dec 2022 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=17927
Expires: Tue, 27 Dec 2022 10:47:43 GMT
Date: Tue, 27 Dec 2022 05:48:56 GMT
Connection: keep-alive
accounts.google.com/ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&uilel=3&hl=en&service=mail
142.250.74.109302 Found 393 B URL HTTP/2 accounts.google.com/ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&uilel=3&hl=en&service=mail
IP 142.250.74.109:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (381)
Hash 879d12774736dabb5f48a636c528e194
93c80b812425007e33e11de4491b24b64620d327
c01c341e39f262c25effd7092b2d375848f81bd5c73fcf04ed2ea567e293ef2b
GET /ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&uilel=3&hl=en&service=mail HTTP/1.1
Host: accounts.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
content-type: text/html; charset=UTF-8
x-frame-options: DENY
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Tue, 27 Dec 2022 05:48:56 GMT
location: https://accounts.google.com/v3/signin/identifier?dsh=S-1055931544%3A1672120136619999&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&hl=en&passive=true&service=mail&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&ifkv=AeAAQh5PZyfnZLglbeKNYqLB869IFzfMDCw6xDbgPCMuXyDKZc0RBId7SOAG9ETuKRH0XIIMzr2YxQ
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-opener-policy-report-only: same-origin; report-to="coop_gse_qebhlk"
content-security-policy: script-src 'nonce-DkQOj0cakMrRmNZED2f69A' 'unsafe-inline' 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /cspreport, require-trusted-types-for 'script';report-uri /cspreport
report-to: {"group":"coop_gse_qebhlk","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gse_qebhlk"}]}
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 393
server: GSE
set-cookie: __Host-GAPS=1:8q0nZu-jpgyPURWS5J6IfekgfxChxA:HH9qCR0h89hIQ2j8;Path=/;Expires=Thu, 26-Dec-2024 05:48:56 GMT;Secure;HttpOnly;Priority=HIGH
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash c77f7447ba7820276d1ac891e88fee86
fd8aaa5cea881578d44ea5dd7a203c1d81ca1908
06655edfa86ea943cc8e188d953b4dc230b18a98c7268177edb9c728ceeacb33
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 27 Dec 2022 05:48:56 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 6b5ccc58ac9d0d27f40eca3e98ebd67a
2180e695790a8bad148ffa0162d81aa81c42fb0c
296bfd237985165541cff2dcbc92a72a755a361efc1d45a8e81d40aff1fe44c7
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "296BFD237985165541CFF2DCBC92A72A755A361EFC1D45A8E81D40AFF1FE44C7"
Last-Modified: Sun, 25 Dec 2022 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11483
Expires: Tue, 27 Dec 2022 09:00:19 GMT
Date: Tue, 27 Dec 2022 05:48:56 GMT
Connection: keep-alive
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 79761ce053938abea0d013383dacbef4
f691b168bcf8aa73f28e36a2bb456bcc00e06a04
2bae4811d2c191b4f3207e4170e9623ec95f2eeb258329e6edcd2ca75d3b91bf
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5834
Cache-Control: max-age=105207
Content-Type: application/ocsp-response
Date: Tue, 27 Dec 2022 05:48:56 GMT
Etag: "63a96875-1d7"
Expires: Wed, 28 Dec 2022 11:02:23 GMT
Last-Modified: Mon, 26 Dec 2022 09:25:09 GMT
Server: ECS (ska/F719)
X-Cache: HIT
Content-Length: 471
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 6b5ccc58ac9d0d27f40eca3e98ebd67a
2180e695790a8bad148ffa0162d81aa81c42fb0c
296bfd237985165541cff2dcbc92a72a755a361efc1d45a8e81d40aff1fe44c7
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "296BFD237985165541CFF2DCBC92A72A755A361EFC1D45A8E81D40AFF1FE44C7"
Last-Modified: Sun, 25 Dec 2022 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11483
Expires: Tue, 27 Dec 2022 09:00:19 GMT
Date: Tue, 27 Dec 2022 05:48:56 GMT
Connection: keep-alive
chapelcertain.com/ren.gif?sid=H4sIAAAAAAAC%2F5RTX2hcRRef2y8ffPCJ%2F%2BiLinDpgiiUzdz9k2RTSkzTtC5Nk5hESn0pc2fmbqY7d%2BYyc%2B%2FeTaQQ2qJ9TMWH2pfenGQbW4ttH0QQBdn1RfLU9UFWMA8%2BqxQL0jdlN4Gq4IMHZs45%2FOYwv9%2BcM%2B9uJLsIQ0J686f1qpCSDJfz2H31jFBMp9adXXI9nMdH3DNCjZSOuM3%2BZhrjHi7n8WvuSU7reriAPYw97LknhOGBbg4PUBDRnYqXr%2BB8qZD3yiVomr%2FmNnHAEgdYYxc9D4J1%2F7v8zX0QtA0qvHec23qso8PTYSJJrA002PZbqq50qiB8EgbGgUBt758GbbsIXTsAWm3vKwDd2OorAF90kfOdB77a3qcJfqO1x9SXwBX47P%2BQNtrAZRsEaQPVl0CwBwiAMpidAxXenNUmJSt7KOmjXTT02yMQaRcN%2FXAQVPjJMSma7qKWSSy0stAMMhDNNohaG6KkA%2FGqAyLtAI0vgmAIVJiBYNlAtRBtEEEbJF8HYh1I%2Bks4kAQOJJEDIeu5pFwJMB4N%2FKBYHCtRSotFSstjI6zMiqWxAENC%2B7TWIY7Wgcp1oGYNIrMGdXG1i9DFLTDJV2CXM7DMARt3kfPmGjRYBilHkFoEKUGQCgRpjCBtZC0mbcFmN5m0ie%2Ft%2B8K%2BL2abOq5tkJaOa1yhjWgXPTd4lF%2Be%2BhzqvOeSQlCp4MDDpdERPOLRUa%2FCPOoRUiQFTlkBrMhA2AMDvauiiw6%2B9CNE%2FU5d%2BB180gErO0DFs0CSl4Gkm6MFDGR5szSGYVXdaQZExWR1JU91CExnEMVDEK84G3IXvTDgUfj5EXC68%2FrTvw6dPXThHaAmg8hkcF58jaAmr2wu6BRtLejUovtzUSxCsUr6jVuMSczR7VN8JdWGVY%2Fb9VuTtA%2F0wztL3MYzRDGhahZ9fEwwxs0JbShHX1btGe7PJ3b5WGJUEs3MT52ohpHh1gqt2kDEg%2BbbQEUX%2Fe%2FTrcFIvjh5GYTpgEl6h5fjOBofHqZS0Ho%2BorKeVyTke%2FmEOBqdnUoXcWlJrUyewxAmOxOfLXx%2FrXbegNBtoNHlu7nc8enFqYXq%2FFJ1bjaX6x1arK8o5jJeczstN%2Bi03AaXdR3a2NcqsQ9vvH%2Fvbi43M7lwcvpc9fTkyelcrof%2FgUW8nIS%2BIkL%2BnclHuVx1anDd%2BL8tfUWEtfiooFrdyuWWqkszfQLDD2980FoSzPq8ZriyPHZjIf2EjbsextidnTvlBtoMVD28cX0NbLSD9g2sRmDkk9yPHEiTbNMU%2FJ2J1hc%2FXX78uAVSdNGRZ1KQfGfi1od9uw7Ez8DyPxU%2BiTfsFagZB0h8afBfGyaDhsyAyHWwyX8248jsTHxbHBj40tn0pXG2fGnk1b0JtKLn8nKAA44L3A8qfjBKMKsEpYpPKh4f9cvEg9h26e333vgDAAD%2F%2FwEAAP%2F%2F19S1nJEFAAA%3D
173.233.139.164200 OK 7 B URL HTTP/1.1 chapelcertain.com/ren.gif?sid=H4sIAAAAAAAC%2F5RTX2hcRRef2y8ffPCJ%2F%2BiLinDpgiiUzdz9k2RTSkzTtC5Nk5hESn0pc2fmbqY7d%2BYyc%2B%2FeTaQQ2qJ9TMWH2pfenGQbW4ttH0QQBdn1RfLU9UFWMA8%2BqxQL0jdlN4Gq4IMHZs45%2FOYwv9%2BcM%2B9uJLsIQ0J686f1qpCSDJfz2H31jFBMp9adXXI9nMdH3DNCjZSOuM3%2BZhrjHi7n8WvuSU7reriAPYw97LknhOGBbg4PUBDRnYqXr%2BB8qZD3yiVomr%2FmNnHAEgdYYxc9D4J1%2F7v8zX0QtA0qvHec23qso8PTYSJJrA002PZbqq50qiB8EgbGgUBt758GbbsIXTsAWm3vKwDd2OorAF90kfOdB77a3qcJfqO1x9SXwBX47P%2BQNtrAZRsEaQPVl0CwBwiAMpidAxXenNUmJSt7KOmjXTT02yMQaRcN%2FXAQVPjJMSma7qKWSSy0stAMMhDNNohaG6KkA%2FGqAyLtAI0vgmAIVJiBYNlAtRBtEEEbJF8HYh1I%2Bks4kAQOJJEDIeu5pFwJMB4N%2FKBYHCtRSotFSstjI6zMiqWxAENC%2B7TWIY7Wgcp1oGYNIrMGdXG1i9DFLTDJV2CXM7DMARt3kfPmGjRYBilHkFoEKUGQCgRpjCBtZC0mbcFmN5m0ie%2Ft%2B8K%2BL2abOq5tkJaOa1yhjWgXPTd4lF%2Be%2BhzqvOeSQlCp4MDDpdERPOLRUa%2FCPOoRUiQFTlkBrMhA2AMDvauiiw6%2B9CNE%2FU5d%2BB180gErO0DFs0CSl4Gkm6MFDGR5szSGYVXdaQZExWR1JU91CExnEMVDEK84G3IXvTDgUfj5EXC68%2FrTvw6dPXThHaAmg8hkcF58jaAmr2wu6BRtLejUovtzUSxCsUr6jVuMSczR7VN8JdWGVY%2Fb9VuTtA%2F0wztL3MYzRDGhahZ9fEwwxs0JbShHX1btGe7PJ3b5WGJUEs3MT52ohpHh1gqt2kDEg%2BbbQEUX%2Fe%2FTrcFIvjh5GYTpgEl6h5fjOBofHqZS0Ho%2BorKeVyTke%2FmEOBqdnUoXcWlJrUyewxAmOxOfLXx%2FrXbegNBtoNHlu7nc8enFqYXq%2FFJ1bjaX6x1arK8o5jJeczstN%2Bi03AaXdR3a2NcqsQ9vvH%2Fvbi43M7lwcvpc9fTkyelcrof%2FgUW8nIS%2BIkL%2BnclHuVx1anDd%2BL8tfUWEtfiooFrdyuWWqkszfQLDD2980FoSzPq8ZriyPHZjIf2EjbsextidnTvlBtoMVD28cX0NbLSD9g2sRmDkk9yPHEiTbNMU%2FJ2J1hc%2FXX78uAVSdNGRZ1KQfGfi1od9uw7Ez8DyPxU%2BiTfsFagZB0h8afBfGyaDhsyAyHWwyX8248jsTHxbHBj40tn0pXG2fGnk1b0JtKLn8nKAA44L3A8qfjBKMKsEpYpPKh4f9cvEg9h26e333vgDAAD%2F%2FwEAAP%2F%2F19S1nJEFAAA%3D
IP 173.233.139.164:0
File type ASCII text, with no line terminators
Hash 132d6af1b46048b45cf86cdee7991d31
eb7007d03d59b65bc6da7e098c4d38fc6dfb6285
ab852e838deccd742a03ca81d4a8d75cf1a00b327db3eaf46bd7da6b6db9384c
Analyzer Verdict Alert quad9 Sinkholed
GET /ren.gif?sid=H4sIAAAAAAAC%2F5RTX2hcRRef2y8ffPCJ%2F%2BiLinDpgiiUzdz9k2RTSkzTtC5Nk5hESn0pc2fmbqY7d%2BYyc%2B%2FeTaQQ2qJ9TMWH2pfenGQbW4ttH0QQBdn1RfLU9UFWMA8%2BqxQL0jdlN4Gq4IMHZs45%2FOYwv9%2BcM%2B9uJLsIQ0J686f1qpCSDJfz2H31jFBMp9adXXI9nMdH3DNCjZSOuM3%2BZhrjHi7n8WvuSU7reriAPYw97LknhOGBbg4PUBDRnYqXr%2BB8qZD3yiVomr%2FmNnHAEgdYYxc9D4J1%2F7v8zX0QtA0qvHec23qso8PTYSJJrA002PZbqq50qiB8EgbGgUBt758GbbsIXTsAWm3vKwDd2OorAF90kfOdB77a3qcJfqO1x9SXwBX47P%2BQNtrAZRsEaQPVl0CwBwiAMpidAxXenNUmJSt7KOmjXTT02yMQaRcN%2FXAQVPjJMSma7qKWSSy0stAMMhDNNohaG6KkA%2FGqAyLtAI0vgmAIVJiBYNlAtRBtEEEbJF8HYh1I%2Bks4kAQOJJEDIeu5pFwJMB4N%2FKBYHCtRSotFSstjI6zMiqWxAENC%2B7TWIY7Wgcp1oGYNIrMGdXG1i9DFLTDJV2CXM7DMARt3kfPmGjRYBilHkFoEKUGQCgRpjCBtZC0mbcFmN5m0ie%2Ft%2B8K%2BL2abOq5tkJaOa1yhjWgXPTd4lF%2Be%2BhzqvOeSQlCp4MDDpdERPOLRUa%2FCPOoRUiQFTlkBrMhA2AMDvauiiw6%2B9CNE%2FU5d%2BB180gErO0DFs0CSl4Gkm6MFDGR5szSGYVXdaQZExWR1JU91CExnEMVDEK84G3IXvTDgUfj5EXC68%2FrTvw6dPXThHaAmg8hkcF58jaAmr2wu6BRtLejUovtzUSxCsUr6jVuMSczR7VN8JdWGVY%2Fb9VuTtA%2F0wztL3MYzRDGhahZ9fEwwxs0JbShHX1btGe7PJ3b5WGJUEs3MT52ohpHh1gqt2kDEg%2BbbQEUX%2Fe%2FTrcFIvjh5GYTpgEl6h5fjOBofHqZS0Ho%2BorKeVyTke%2FmEOBqdnUoXcWlJrUyewxAmOxOfLXx%2FrXbegNBtoNHlu7nc8enFqYXq%2FFJ1bjaX6x1arK8o5jJeczstN%2Bi03AaXdR3a2NcqsQ9vvH%2Fvbi43M7lwcvpc9fTkyelcrof%2FgUW8nIS%2BIkL%2BnclHuVx1anDd%2BL8tfUWEtfiooFrdyuWWqkszfQLDD2980FoSzPq8ZriyPHZjIf2EjbsextidnTvlBtoMVD28cX0NbLSD9g2sRmDkk9yPHEiTbNMU%2FJ2J1hc%2FXX78uAVSdNGRZ1KQfGfi1od9uw7Ez8DyPxU%2BiTfsFagZB0h8afBfGyaDhsyAyHWwyX8248jsTHxbHBj40tn0pXG2fGnk1b0JtKLn8nKAA44L3A8qfjBKMKsEpYpPKh4f9cvEg9h26e333vgDAAD%2F%2FwEAAP%2F%2F19S1nJEFAAA%3D HTTP/1.1
Host: chapelcertain.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Cookie: u_pl=15600826; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Tue, 27 Dec 2022 05:48:56 GMT
Content-Type: image/gif
Content-Length: 7
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 54a8a8731965593fc102ade3e0bfc25b
Strict-Transport-Security: max-age=0; includeSubdomains
warilycommercialconstitutional.com/ren.gif?sid=H4sIAAAAAAAC%2F5RT32tcxRef22%2B%2BIBRFxRcFy6UL%2FoC6uXd%2FJNmUEtM0rWvTJE0iRV%2FKzNy5u9OdO3OZmbs3iYihrdrHVHwovvTmJNvYWmz7IPZBoWx8UPLU9UFWMP%2BACsWC9FF2E6gKPnjg3nMOn5kzn8%2BcMx%2BuJTvIgwR3Z0%2BpZS4EHiznPfeVM1wGKjXu9ILre3nvsHuGy6HSYXex99PNUd8r571X3ROMNtRgwfM9z%2Fd89zjXLFSLg30UeHyz4ucrXr5UyPvlEizqv%2BcmccBgB4LmDnoWeND5f%2F37O8BpG2R0%2BxgzDaviQ5NRIrBVGprB5luyIVUqIXochtqBUG7urQZlOghd2QdKbu4pANXc6CkAwjvI%2BdEHIjf3aAJptnaZEgFMAgn2Q9psAxNt4LgNVF0AHtxHADSA6RmQ0bVppVO8tIviHtpBA388BJ520MDPz4GMvjgq%2BKI7r0RiuZIGFsMM%2BGIbeK0NcbIFdtkBnm4BteeBBwhklAEPsr5qztvAwzYItgrYOJD0Pu5AEjqQxA5EQdfF5UroecMhCYvFkRKltFiktDwyFJSDYmkk9CChPVqrYONVoGIVqF6BWK9Ag1%2FuIHR%2BA3RyD0w9AxM4YGwHOadXoBlkkDIEqUGQYgQpR5BaBGkzawXCFEx2LRAmIf6eL%2Bz5YraubG0Nt5StMYnW4h30TO9SnCfffxkarOsW%2FJAVK2UvLPkF5hWGaLEY%2BmSIMjbkFxnBYHgG3Ozr613mHXSgvB9i3kFPjN0DgrfAiC2g%2FGnAyYuA0%2FXhgge4vl4a8WBZ3pXYJhqLOsPC1o1KNGV5KhICgcogtgNgl5w1sYOe7zeq8NtDYHT79ad%2BH3j74HvvAtUZxDqDc%2FxbBDVxaX1OpWhjTqUG3ZmJLY%2F4Mu41cd5iy9CNk2wpVTqoHjOr18dpD%2BiFNxeYsVNYBlzWDPr8KA8Cpo8rTRn6pmrOMDKbmPrRRMsknpqdOF6NYs2M4Uq2AfP7i%2B8A7Yn9cqM%2Fni%2BMXwSut0An3UN1a%2BPRwUEqOG3kYyoaeYkjtpuP8SNvToy8Vlw%2B7ZGh6lkPomR77Ku5n67Uzmngqg00vvhZLledmJnO5bqj%2F1LK1pOISMzFP8u9xKOaPcKpktdzuYXqwtRkLtcdfHD1k9YCDwxhNc2kYda1XJAkGHV9z%2FPc6ZmTbqi0G7Ca%2B%2BDqpyu3crljk%2FMTc9XZhWqfxsH5xpIM%2BvhWyw23Wm6TiYaKjCVKJubB1Y9v38rlpsbnTkyerZ4aP9E71Puv1MHE22jPwCgEWjzOSexAmmTrukC2x1pf%2F3rx0aMWCN5Bo0f2g2DbY9%2Bd%2FuWDA3fnAJMMDPvLxsfxmrkENe0Athf6b7epM2iKDLBYBZP8b93Genvsh2LfgAhnnQjtbBChxeXdCTS867Jy6IXMKzASVkg4jL2gEpYqBFd8NkzK2AdrOvTGR2%2F8CQAA%2F%2F8BAAD%2F%2F2NM4rGdBQAA
173.233.137.60200 OK 7 B URL HTTP/1.1 warilycommercialconstitutional.com/ren.gif?sid=H4sIAAAAAAAC%2F5RT32tcxRef22%2B%2BIBRFxRcFy6UL%2FoC6uXd%2FJNmUEtM0rWvTJE0iRV%2FKzNy5u9OdO3OZmbs3iYihrdrHVHwovvTmJNvYWmz7IPZBoWx8UPLU9UFWMP%2BACsWC9FF2E6gKPnjg3nMOn5kzn8%2BcMx%2BuJTvIgwR3Z0%2BpZS4EHiznPfeVM1wGKjXu9ILre3nvsHuGy6HSYXex99PNUd8r571X3ROMNtRgwfM9z%2Fd89zjXLFSLg30UeHyz4ucrXr5UyPvlEizqv%2BcmccBgB4LmDnoWeND5f%2F37O8BpG2R0%2BxgzDaviQ5NRIrBVGprB5luyIVUqIXochtqBUG7urQZlOghd2QdKbu4pANXc6CkAwjvI%2BdEHIjf3aAJptnaZEgFMAgn2Q9psAxNt4LgNVF0AHtxHADSA6RmQ0bVppVO8tIviHtpBA388BJ520MDPz4GMvjgq%2BKI7r0RiuZIGFsMM%2BGIbeK0NcbIFdtkBnm4BteeBBwhklAEPsr5qztvAwzYItgrYOJD0Pu5AEjqQxA5EQdfF5UroecMhCYvFkRKltFiktDwyFJSDYmkk9CChPVqrYONVoGIVqF6BWK9Ag1%2FuIHR%2BA3RyD0w9AxM4YGwHOadXoBlkkDIEqUGQYgQpR5BaBGkzawXCFEx2LRAmIf6eL%2Bz5YraubG0Nt5StMYnW4h30TO9SnCfffxkarOsW%2FJAVK2UvLPkF5hWGaLEY%2BmSIMjbkFxnBYHgG3Ozr613mHXSgvB9i3kFPjN0DgrfAiC2g%2FGnAyYuA0%2FXhgge4vl4a8WBZ3pXYJhqLOsPC1o1KNGV5KhICgcogtgNgl5w1sYOe7zeq8NtDYHT79ad%2BH3j74HvvAtUZxDqDc%2FxbBDVxaX1OpWhjTqUG3ZmJLY%2F4Mu41cd5iy9CNk2wpVTqoHjOr18dpD%2BiFNxeYsVNYBlzWDPr8KA8Cpo8rTRn6pmrOMDKbmPrRRMsknpqdOF6NYs2M4Uq2AfP7i%2B8A7Yn9cqM%2Fni%2BMXwSut0An3UN1a%2BPRwUEqOG3kYyoaeYkjtpuP8SNvToy8Vlw%2B7ZGh6lkPomR77Ku5n67Uzmngqg00vvhZLledmJnO5bqj%2F1LK1pOISMzFP8u9xKOaPcKpktdzuYXqwtRkLtcdfHD1k9YCDwxhNc2kYda1XJAkGHV9z%2FPc6ZmTbqi0G7Ca%2B%2BDqpyu3crljk%2FMTc9XZhWqfxsH5xpIM%2BvhWyw23Wm6TiYaKjCVKJubB1Y9v38rlpsbnTkyerZ4aP9E71Puv1MHE22jPwCgEWjzOSexAmmTrukC2x1pf%2F3rx0aMWCN5Bo0f2g2DbY9%2Bd%2FuWDA3fnAJMMDPvLxsfxmrkENe0Athf6b7epM2iKDLBYBZP8b93Genvsh2LfgAhnnQjtbBChxeXdCTS867Jy6IXMKzASVkg4jL2gEpYqBFd8NkzK2AdrOvTGR2%2F8CQAA%2F%2F8BAAD%2F%2F2NM4rGdBQAA
IP 173.233.137.60:0
File type ASCII text, with no line terminators
Hash 132d6af1b46048b45cf86cdee7991d31
eb7007d03d59b65bc6da7e098c4d38fc6dfb6285
ab852e838deccd742a03ca81d4a8d75cf1a00b327db3eaf46bd7da6b6db9384c
Analyzer Verdict Alert quad9 Sinkholed
GET /ren.gif?sid=H4sIAAAAAAAC%2F5RT32tcxRef22%2B%2BIBRFxRcFy6UL%2FoC6uXd%2FJNmUEtM0rWvTJE0iRV%2FKzNy5u9OdO3OZmbs3iYihrdrHVHwovvTmJNvYWmz7IPZBoWx8UPLU9UFWMP%2BACsWC9FF2E6gKPnjg3nMOn5kzn8%2BcMx%2BuJTvIgwR3Z0%2BpZS4EHiznPfeVM1wGKjXu9ILre3nvsHuGy6HSYXex99PNUd8r571X3ROMNtRgwfM9z%2Fd89zjXLFSLg30UeHyz4ucrXr5UyPvlEizqv%2BcmccBgB4LmDnoWeND5f%2F37O8BpG2R0%2BxgzDaviQ5NRIrBVGprB5luyIVUqIXochtqBUG7urQZlOghd2QdKbu4pANXc6CkAwjvI%2BdEHIjf3aAJptnaZEgFMAgn2Q9psAxNt4LgNVF0AHtxHADSA6RmQ0bVppVO8tIviHtpBA388BJ520MDPz4GMvjgq%2BKI7r0RiuZIGFsMM%2BGIbeK0NcbIFdtkBnm4BteeBBwhklAEPsr5qztvAwzYItgrYOJD0Pu5AEjqQxA5EQdfF5UroecMhCYvFkRKltFiktDwyFJSDYmkk9CChPVqrYONVoGIVqF6BWK9Ag1%2FuIHR%2BA3RyD0w9AxM4YGwHOadXoBlkkDIEqUGQYgQpR5BaBGkzawXCFEx2LRAmIf6eL%2Bz5YraubG0Nt5StMYnW4h30TO9SnCfffxkarOsW%2FJAVK2UvLPkF5hWGaLEY%2BmSIMjbkFxnBYHgG3Ozr613mHXSgvB9i3kFPjN0DgrfAiC2g%2FGnAyYuA0%2FXhgge4vl4a8WBZ3pXYJhqLOsPC1o1KNGV5KhICgcogtgNgl5w1sYOe7zeq8NtDYHT79ad%2BH3j74HvvAtUZxDqDc%2FxbBDVxaX1OpWhjTqUG3ZmJLY%2F4Mu41cd5iy9CNk2wpVTqoHjOr18dpD%2BiFNxeYsVNYBlzWDPr8KA8Cpo8rTRn6pmrOMDKbmPrRRMsknpqdOF6NYs2M4Uq2AfP7i%2B8A7Yn9cqM%2Fni%2BMXwSut0An3UN1a%2BPRwUEqOG3kYyoaeYkjtpuP8SNvToy8Vlw%2B7ZGh6lkPomR77Ku5n67Uzmngqg00vvhZLledmJnO5bqj%2F1LK1pOISMzFP8u9xKOaPcKpktdzuYXqwtRkLtcdfHD1k9YCDwxhNc2kYda1XJAkGHV9z%2FPc6ZmTbqi0G7Ca%2B%2BDqpyu3crljk%2FMTc9XZhWqfxsH5xpIM%2BvhWyw23Wm6TiYaKjCVKJubB1Y9v38rlpsbnTkyerZ4aP9E71Puv1MHE22jPwCgEWjzOSexAmmTrukC2x1pf%2F3rx0aMWCN5Bo0f2g2DbY9%2Bd%2FuWDA3fnAJMMDPvLxsfxmrkENe0Athf6b7epM2iKDLBYBZP8b93Genvsh2LfgAhnnQjtbBChxeXdCTS867Jy6IXMKzASVkg4jL2gEpYqBFd8NkzK2AdrOvTGR2%2F8CQAA%2F%2F8BAAD%2F%2F2NM4rGdBQAA HTTP/1.1
Host: warilycommercialconstitutional.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Cookie: u_pl=17661735; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Tue, 27 Dec 2022 05:48:56 GMT
Content-Type: image/gif
Content-Length: 7
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 2757443e59cdfec2370bb86dc75e6766
Strict-Transport-Security: max-age=0; includeSubdomains
himhedrankslo.xyz/utx?cb=ONFsnfjvv6VX&top=xfantazy.com&tid=971975
52.222.214.88204 No Content 0 B URL HTTP/2 himhedrankslo.xyz/utx?cb=ONFsnfjvv6VX&top=xfantazy.com&tid=971975
IP 52.222.214.88:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /utx?cb=ONFsnfjvv6VX&top=xfantazy.com&tid=971975 HTTP/1.1
Host: himhedrankslo.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://xfantazy.com
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 204 No Content
date: Tue, 27 Dec 2022 05:48:56 GMT
server: openresty/1.17.8.2
access-control-allow-credentials: true
access-control-allow-origin: https://xfantazy.com
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
set-cookie: ut=x; Expires=Tue, 27 Dec 2022 05:49:56 GMT; Max-Age=60
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
x-cache: Miss from cloudfront
via: 1.1 54fc556adf6e8c787574c6f132d70178.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P3
x-amz-cf-id: 0TPHI6OMeCe7fOc23r6UaQmS4UKNpjOaRP9BMzr9cABKUAkVms4eNg==
X-Firefox-Spdy: h2
himhedrankslo.xyz/utx?cb=AhfPdlb3oVUD&top=xfantazy.com&tid=962014
52.222.214.88204 No Content 0 B URL HTTP/2 himhedrankslo.xyz/utx?cb=AhfPdlb3oVUD&top=xfantazy.com&tid=962014
IP 52.222.214.88:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /utx?cb=AhfPdlb3oVUD&top=xfantazy.com&tid=962014 HTTP/1.1
Host: himhedrankslo.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://xfantazy.com
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 204 No Content
date: Tue, 27 Dec 2022 05:48:56 GMT
server: openresty/1.17.8.2
access-control-allow-credentials: true
access-control-allow-origin: https://xfantazy.com
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
set-cookie: ut=x; Expires=Tue, 27 Dec 2022 05:49:56 GMT; Max-Age=60
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
x-cache: Miss from cloudfront
via: 1.1 54fc556adf6e8c787574c6f132d70178.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P3
x-amz-cf-id: 4w0YAvDdHG695jxkf19S2C9QcMRGnvPkx48WehOBwfcpcq9tAiSqhg==
X-Firefox-Spdy: h2
e1.o.lencr.org/
23.36.77.32200 OK 345 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash c8177855127771e0c20fc1f61dc743b8
fadc8db18babd27e88e4e323e2f38d6cca2261fe
344605a754731ad78d46d2f10397ba04aec5c94b937874a930d48df25eb2dfbc
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "344605A754731AD78D46D2F10397BA04AEC5C94B937874A930D48DF25EB2DFBC"
Last-Modified: Sun, 25 Dec 2022 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=17927
Expires: Tue, 27 Dec 2022 10:47:43 GMT
Date: Tue, 27 Dec 2022 05:48:56 GMT
Connection: keep-alive
himhedrankslo.xyz/floater?cs=YUliZTRXcFZVAVJ%2BVlIAUnBSUAA&abt=0&red=1&sm=83&k=xfantazy&v=0.8.15.0&sts=0&prn=1&emb=0&tid=971975&rxy=1280_1024&fs=1&t=600&m=1&ns=1&ndp=1&asi=1&ref=https%3A%2F%2Fxfantazy.com%2Ftag%2Fbondageliberation&jst=4&enr=0&lcua=mozilla%2F5.0%20(windows%20nt%2010.0%3B%20win64%3B%20x64%3B%20rv%3A105.0)%20gecko%2F20100101%20firefox%2F105.0&tzd=0&uloc=&if=0&aa=oi3_&_dzzu=1672120132699&crc=1
52.222.214.88200 OK 3.0 kB URL HTTP/2 himhedrankslo.xyz/floater?cs=YUliZTRXcFZVAVJ%2BVlIAUnBSUAA&abt=0&red=1&sm=83&k=xfantazy&v=0.8.15.0&sts=0&prn=1&emb=0&tid=971975&rxy=1280_1024&fs=1&t=600&m=1&ns=1&ndp=1&asi=1&ref=https%3A%2F%2Fxfantazy.com%2Ftag%2Fbondageliberation&jst=4&enr=0&lcua=mozilla%2F5.0%20(windows%20nt%2010.0%3B%20win64%3B%20x64%3B%20rv%3A105.0)%20gecko%2F20100101%20firefox%2F105.0&tzd=0&uloc=&if=0&aa=oi3_&_dzzu=1672120132699&crc=1
IP 52.222.214.88:0
File type ASCII text, with very long lines (4239), with no line terminators
Hash 8eebc1b2061ad46c7007ce7d217a2c4e
1b755d93535eb8a8834fdc1ba0792d1852e451b8
6a77ad13b58a5c16d5c350f5132e236c61c919f5f2cc4646f64f2f5327dde23c
GET /floater?cs=YUliZTRXcFZVAVJ%2BVlIAUnBSUAA&abt=0&red=1&sm=83&k=xfantazy&v=0.8.15.0&sts=0&prn=1&emb=0&tid=971975&rxy=1280_1024&fs=1&t=600&m=1&ns=1&ndp=1&asi=1&ref=https%3A%2F%2Fxfantazy.com%2Ftag%2Fbondageliberation&jst=4&enr=0&lcua=mozilla%2F5.0%20(windows%20nt%2010.0%3B%20win64%3B%20x64%3B%20rv%3A105.0)%20gecko%2F20100101%20firefox%2F105.0&tzd=0&uloc=&if=0&aa=oi3_&_dzzu=1672120132699&crc=1 HTTP/1.1
Host: himhedrankslo.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://xfantazy.com
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: text/plain
content-length: 3023
date: Tue, 27 Dec 2022 05:48:56 GMT
server: openresty/1.17.8.2
access-control-allow-credentials: true
access-control-allow-origin: https://xfantazy.com
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
set-cookie: csu=df476efd-6386-4e0e-a7bf-3593dbbe2dbd
content-encoding: gzip
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
x-cache: Miss from cloudfront
via: 1.1 54fc556adf6e8c787574c6f132d70178.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P3
x-amz-cf-id: Kar6AT5rqN4Heq4DAJsTefn6QsU4g1mkNTjy-Yo5x3WIwYcE9fcEdg==
X-Firefox-Spdy: h2
warilycommercialconstitutional.com/pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.barscreative1.com%2Fsb%2Finterstitial%2Frtb%2Fdefault%2F3%2Findex.html&l=1317&fd=124
173.233.137.60200 OK 0 B URL HTTP/1.1 warilycommercialconstitutional.com/pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.barscreative1.com%2Fsb%2Finterstitial%2Frtb%2Fdefault%2F3%2Findex.html&l=1317&fd=124
IP 173.233.137.60:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.barscreative1.com%2Fsb%2Finterstitial%2Frtb%2Fdefault%2F3%2Findex.html&l=1317&fd=124 HTTP/1.1
Host: warilycommercialconstitutional.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Cookie: u_pl=17661735; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Tue, 27 Dec 2022 05:48:57 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
ocsp.sectigo.com/
104.18.32.68200 OK 472 B IP 104.18.32.68:0
Hash 8ea05705d332e4c5bcc3ac4678f57736
8c21ade604bdd81af9fd63ad269b409a04401186
1ab8059d3a4637c621547b016f996cef4cabdeab738cde15e5057ee7340db18c
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Tue, 27 Dec 2022 05:48:57 GMT
Content-Type: application/ocsp-response
Content-Length: 472
Connection: keep-alive
Last-Modified: Sat, 24 Dec 2022 03:14:18 GMT
Expires: Sat, 31 Dec 2022 03:14:17 GMT
Etag: "8c21ade604bdd81af9fd63ad269b409a04401186"
Cache-Control: max-age=335719,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb5
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 77ffc5288a0cfabc-OSL
ocsp.sectigo.com/
104.18.32.68200 OK 472 B IP 104.18.32.68:0
Hash 8ea05705d332e4c5bcc3ac4678f57736
8c21ade604bdd81af9fd63ad269b409a04401186
1ab8059d3a4637c621547b016f996cef4cabdeab738cde15e5057ee7340db18c
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Tue, 27 Dec 2022 05:48:57 GMT
Content-Type: application/ocsp-response
Content-Length: 472
Connection: keep-alive
Last-Modified: Sat, 24 Dec 2022 03:14:18 GMT
Expires: Sat, 31 Dec 2022 03:14:17 GMT
Etag: "8c21ade604bdd81af9fd63ad269b409a04401186"
Cache-Control: max-age=335719,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb1
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 77ffc5289c55b4f4-OSL
e1.o.lencr.org/
23.36.77.32200 OK 345 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash b3e2de7e91b633bac1f995d8a1d26bb8
ae9b63ba9aa4b7582bd83e916442feba19f20295
4bdd83cd4a2dfe3e31902505557b13522c0cc5b2a5a255630160863393771075
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "4BDD83CD4A2DFE3E31902505557B13522C0CC5B2A5A255630160863393771075"
Last-Modified: Sun, 25 Dec 2022 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3755
Expires: Tue, 27 Dec 2022 06:51:32 GMT
Date: Tue, 27 Dec 2022 05:48:57 GMT
Connection: keep-alive
static-cache.k2s.cc/thumbnail/cu_AvnKhnqnl_zST-g/w320h240/0.jpeg
188.72.235.185200 OK 12 kB URL HTTP/2 static-cache.k2s.cc/thumbnail/cu_AvnKhnqnl_zST-g/w320h240/0.jpeg
IP 188.72.235.185:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v80), quality = 80", baseline, precision 8, 320x240, components 3\012- data
Hash a637a51d3c39aa96f9f19d744e28ac16
e2600072570f155150bafc50a7a50103780f2ab0
ad4518ad1a1390027d3a993cf25354326c612e6a3f8cc5889bfc30a074ebd441
GET /thumbnail/cu_AvnKhnqnl_zST-g/w320h240/0.jpeg HTTP/1.1
Host: static-cache.k2s.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: openresty
date: Tue, 27 Dec 2022 05:48:57 GMT
content-type: image/jpeg
content-length: 12487
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
access-control-allow-origin: *
x-cache-status: HIT
X-Firefox-Spdy: h2
static-cache.k2s.cc/thumbnail/IOuQvSP1yK_uqTuW9g/w320h240/0.jpeg
188.72.235.185200 OK 8.2 kB URL HTTP/2 static-cache.k2s.cc/thumbnail/IOuQvSP1yK_uqTuW9g/w320h240/0.jpeg
IP 188.72.235.185:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v80), quality = 80", baseline, precision 8, 320x240, components 3\012- data
Hash 93a623f624159be0766ac3a9909f2071
3e42bbdd6b7a89607213416a937a6960880b5d35
23a072011c3974da9d98c87c5a74d524a8b3ee34327c0ef7a7e72d428428b112
GET /thumbnail/IOuQvSP1yK_uqTuW9g/w320h240/0.jpeg HTTP/1.1
Host: static-cache.k2s.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: openresty
date: Tue, 27 Dec 2022 05:48:57 GMT
content-type: image/jpeg
content-length: 8228
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
access-control-allow-origin: *
x-cache-status: HIT
X-Firefox-Spdy: h2
static-cache.k2s.cc/thumbnail/LOnCv3P1yvq_-GrD9w/w320h240/0.jpeg
188.72.235.185200 OK 16 kB URL HTTP/2 static-cache.k2s.cc/thumbnail/LOnCv3P1yvq_-GrD9w/w320h240/0.jpeg
IP 188.72.235.185:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v80), quality = 80", baseline, precision 8, 320x240, components 3\012- data
Hash 823497fd76d6dc3a278343d41255ba36
c4909ee010d5f1fee8cd624012ef4ecbb68f9a62
4daa85950e77041020b8c5b503cca880ce1acd19f25193d7922ef1ad70b63692
GET /thumbnail/LOnCv3P1yvq_-GrD9w/w320h240/0.jpeg HTTP/1.1
Host: static-cache.k2s.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: openresty
date: Tue, 27 Dec 2022 05:48:57 GMT
content-type: image/jpeg
content-length: 16135
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
access-control-allow-origin: *
x-cache-status: HIT
X-Firefox-Spdy: h2
e1.o.lencr.org/
23.36.77.32200 OK 345 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash b3e2de7e91b633bac1f995d8a1d26bb8
ae9b63ba9aa4b7582bd83e916442feba19f20295
4bdd83cd4a2dfe3e31902505557b13522c0cc5b2a5a255630160863393771075
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "4BDD83CD4A2DFE3E31902505557B13522C0CC5B2A5A255630160863393771075"
Last-Modified: Sun, 25 Dec 2022 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3755
Expires: Tue, 27 Dec 2022 06:51:32 GMT
Date: Tue, 27 Dec 2022 05:48:57 GMT
Connection: keep-alive
static-cache.k2s.cc/thumbnail/db7GvnSlyPrp_GqTqQ/w320h240/0.jpeg
188.72.235.185200 OK 10 kB URL HTTP/2 static-cache.k2s.cc/thumbnail/db7GvnSlyPrp_GqTqQ/w320h240/0.jpeg
IP 188.72.235.185:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v80), quality = 80", baseline, precision 8, 320x240, components 3\012- data
Hash f17ba39f05f2ae615757877cf0688ab3
f06a86723dfc457b7368d3bf4154dfc871983841
8c15d60d3edb328d0972e10fe0e88360a6fe85d1bf1038180b9fc801eb1b8aac
GET /thumbnail/db7GvnSlyPrp_GqTqQ/w320h240/0.jpeg HTTP/1.1
Host: static-cache.k2s.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: openresty
date: Tue, 27 Dec 2022 05:48:57 GMT
content-type: image/jpeg
content-length: 10184
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
access-control-allow-origin: *
x-cache-status: HIT
X-Firefox-Spdy: h2
static-cache.k2s.cc/thumbnail/Le7F73WnzKrrrjyUrA/w320h240/0.jpeg
188.72.235.185200 OK 9.0 kB URL HTTP/2 static-cache.k2s.cc/thumbnail/Le7F73WnzKrrrjyUrA/w320h240/0.jpeg
IP 188.72.235.185:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v80), quality = 80", baseline, precision 8, 320x240, components 3\012- data
Hash e3eb8385d1686be32508704e0241136f
e097c5e354a9205ee1c0199f7a509b8025829324
102e4ed62aae838639badfdd6978f8271d1bc8c1db4e93a078410d1182df026e
GET /thumbnail/Le7F73WnzKrrrjyUrA/w320h240/0.jpeg HTTP/1.1
Host: static-cache.k2s.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: openresty
date: Tue, 27 Dec 2022 05:48:57 GMT
content-type: image/jpeg
content-length: 9019
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
access-control-allow-origin: *
x-cache-status: HIT
X-Firefox-Spdy: h2
static-cache.k2s.cc/thumbnail/cOyVuHbwmKnpqz7Grg/w320h240/0.jpeg
188.72.235.185200 OK 15 kB URL HTTP/2 static-cache.k2s.cc/thumbnail/cOyVuHbwmKnpqz7Grg/w320h240/0.jpeg
IP 188.72.235.185:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v80), quality = 80", baseline, precision 8, 320x240, components 3\012- data
Hash 861ee67409b205a07b785032defc4cfd
cf5baca9fdf30333c53f5a31cddeaa838c666ce7
b3a1284f99ec7b1776fa2b2f10c9abbbae0068ea1f6fd701096aee4362fbac44
GET /thumbnail/cOyVuHbwmKnpqz7Grg/w320h240/0.jpeg HTTP/1.1
Host: static-cache.k2s.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: openresty
date: Tue, 27 Dec 2022 05:48:57 GMT
content-type: image/jpeg
content-length: 14718
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
access-control-allow-origin: *
x-cache-status: HIT
X-Firefox-Spdy: h2
static-cache.k2s.cc/thumbnail/IOjA6yCvzq2-_zmUrg/w320h240/0.jpeg
188.72.235.185200 OK 11 kB URL HTTP/2 static-cache.k2s.cc/thumbnail/IOjA6yCvzq2-_zmUrg/w320h240/0.jpeg
IP 188.72.235.185:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v80), quality = 80", baseline, precision 8, 320x240, components 3\012- data
Hash c1c084898ca8d6ea7b8672eb46e732f6
baf0a53acc25ccd351b6293418228cec6c943773
82605cac157e068ff3c3184e26536c9cb1e9573dbe9b95114506ffd2bcbea85c
GET /thumbnail/IOjA6yCvzq2-_zmUrg/w320h240/0.jpeg HTTP/1.1
Host: static-cache.k2s.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: openresty
date: Tue, 27 Dec 2022 05:48:57 GMT
content-type: image/jpeg
content-length: 11433
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
access-control-allow-origin: *
x-cache-status: HIT
X-Firefox-Spdy: h2
static-cache.k2s.cc/thumbnail/Ju6Q7yelnK_uqj6fqw/w320h240/0.jpeg
188.72.235.185200 OK 11 kB URL HTTP/2 static-cache.k2s.cc/thumbnail/Ju6Q7yelnK_uqj6fqw/w320h240/0.jpeg
IP 188.72.235.185:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v80), quality = 80", baseline, precision 8, 320x240, components 3\012- data
Hash 8bf3752e611e502427968576f741e143
3cd9f1bb9a353987baa76abe884dc47fe43dc751
bf637a222ef8b384e7ff9956796185b79bbff424c974dab3a333bd6ce37922e3
GET /thumbnail/Ju6Q7yelnK_uqj6fqw/w320h240/0.jpeg HTTP/1.1
Host: static-cache.k2s.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: openresty
date: Tue, 27 Dec 2022 05:48:57 GMT
content-type: image/jpeg
content-length: 10866
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
access-control-allow-origin: *
x-cache-status: HIT
X-Firefox-Spdy: h2
static-cache.k2s.cc/thumbnail/J7jB6HOknvrtrW-eqQ/w320h240/0.jpeg
188.72.235.185200 OK 11 kB URL HTTP/2 static-cache.k2s.cc/thumbnail/J7jB6HOknvrtrW-eqQ/w320h240/0.jpeg
IP 188.72.235.185:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v80), quality = 80", baseline, precision 8, 320x240, components 3\012- data
Hash d2e933d70aad92f2ce415d2c39342032
02251397badccd7a9f36469f57fe0b88732da118
bbb07b1d3378de39b371422c57f6f5fa2d2c7172a09f4b6a9bf58b20c363f23e
GET /thumbnail/J7jB6HOknvrtrW-eqQ/w320h240/0.jpeg HTTP/1.1
Host: static-cache.k2s.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: openresty
date: Tue, 27 Dec 2022 05:48:57 GMT
content-type: image/jpeg
content-length: 10992
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
access-control-allow-origin: *
x-cache-status: HIT
X-Firefox-Spdy: h2
static-cache.k2s.cc/thumbnail/JbiXvnSmmKzt_m-T_Q/w320h240/0.jpeg
188.72.235.185200 OK 11 kB URL HTTP/2 static-cache.k2s.cc/thumbnail/JbiXvnSmmKzt_m-T_Q/w320h240/0.jpeg
IP 188.72.235.185:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v80), quality = 80", baseline, precision 8, 320x240, components 3\012- data
Hash d62b50bbe8cf27e5a97fd479e4a239fb
0522c896fa412d28276c72c5fcc28b3caa4509b4
805dd507b76616c351b626a8dc82e418630288317cc2d11200e38815dd8f6858
GET /thumbnail/JbiXvnSmmKzt_m-T_Q/w320h240/0.jpeg HTTP/1.1
Host: static-cache.k2s.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: openresty
date: Tue, 27 Dec 2022 05:48:57 GMT
content-type: image/jpeg
content-length: 10876
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
access-control-allow-origin: *
x-cache-status: HIT
X-Firefox-Spdy: h2
static-cache.k2s.cc/thumbnail/LbiVtX6gyae6qTzG_w/w320h240/0.jpeg
188.72.235.185200 OK 11 kB URL HTTP/2 static-cache.k2s.cc/thumbnail/LbiVtX6gyae6qTzG_w/w320h240/0.jpeg
IP 188.72.235.185:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v80), quality = 80", baseline, precision 8, 320x240, components 3\012- data
Hash af967bd07558e78ea4a826422a2f6cbe
bd1830e97a3b81555fab1222cf084ced501d3583
c3b4c0044af955428a08570515160a4a6e2967ea9ec897ce847d75304a84e970
GET /thumbnail/LbiVtX6gyae6qTzG_w/w320h240/0.jpeg HTTP/1.1
Host: static-cache.k2s.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: openresty
date: Tue, 27 Dec 2022 05:48:57 GMT
content-type: image/jpeg
content-length: 10817
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
access-control-allow-origin: *
x-cache-status: HIT
X-Firefox-Spdy: h2
static-cache.k2s.cc/thumbnail/JL7Gvnavz6zsqjrC-w/w320h240/0.jpeg
188.72.235.185200 OK 12 kB URL HTTP/2 static-cache.k2s.cc/thumbnail/JL7Gvnavz6zsqjrC-w/w320h240/0.jpeg
IP 188.72.235.185:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v80), quality = 80", baseline, precision 8, 320x240, components 3\012- data
Hash 61c435bddc26c570054644d865c094dc
b0a6fe03e7947a2744cf067e7dadf8c2955df3f3
2b3d1cafb454f810c4ea67de922d0fbed0954ea71c36fed63afdcef209471130
GET /thumbnail/JL7Gvnavz6zsqjrC-w/w320h240/0.jpeg HTTP/1.1
Host: static-cache.k2s.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: openresty
date: Tue, 27 Dec 2022 05:48:57 GMT
content-type: image/jpeg
content-length: 12169
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
access-control-allow-origin: *
x-cache-status: HIT
X-Firefox-Spdy: h2
static-cache.k2s.cc/thumbnail/I-yRv3GnyqfkrTTC-w/w320h240/2.jpeg
188.72.235.185200 OK 12 kB URL HTTP/2 static-cache.k2s.cc/thumbnail/I-yRv3GnyqfkrTTC-w/w320h240/2.jpeg
IP 188.72.235.185:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v80), quality = 80", baseline, precision 8, 320x240, components 3\012- data
Hash 3667180028f635e79187eb3b4f9705ca
4b46b55c7b0bff29ea2f1714cbf2237aabb79e94
ac6e4f75c80c95f1ecb1e78d4ce425accca200e9048111411e86bb3b0b81f90e
GET /thumbnail/I-yRv3GnyqfkrTTC-w/w320h240/2.jpeg HTTP/1.1
Host: static-cache.k2s.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: openresty
date: Tue, 27 Dec 2022 05:48:57 GMT
content-type: image/jpeg
content-length: 11523
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
access-control-allow-origin: *
x-cache-status: HIT
X-Firefox-Spdy: h2
static-cache.k2s.cc/thumbnail/JOuSvCWkwqa6rjXFrQ/w320h240/0.jpeg
188.72.235.185200 OK 14 kB URL HTTP/2 static-cache.k2s.cc/thumbnail/JOuSvCWkwqa6rjXFrQ/w320h240/0.jpeg
IP 188.72.235.185:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v80), quality = 80", baseline, precision 8, 320x240, components 3\012- data
Hash 038f2959d490e9e10d9db54ae24a9839
aa4ea8cee642647958dc20871f3907c3990769a9
defc9f6e018893c23ebe8eab4c6a02ef5fc059a1c8c8155bd4a488cf6cb5d0ab
GET /thumbnail/JOuSvCWkwqa6rjXFrQ/w320h240/0.jpeg HTTP/1.1
Host: static-cache.k2s.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: openresty
date: Tue, 27 Dec 2022 05:48:57 GMT
content-type: image/jpeg
content-length: 14225
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
access-control-allow-origin: *
x-cache-status: HIT
X-Firefox-Spdy: h2
static-cache.k2s.cc/thumbnail/LbvBtCSnzqjprm-U_Q/w320h240/0.jpeg
188.72.235.185200 OK 9.3 kB URL HTTP/2 static-cache.k2s.cc/thumbnail/LbvBtCSnzqjprm-U_Q/w320h240/0.jpeg
IP 188.72.235.185:0
Hash 60516234e841f13ca88892e315971fbd
d9c7c77eef99eb5000f9f6843995286fc54c75be
fa5b305e8f0d11338e828b8c062fa05834e5c1c3c20f9be4762f986129aef8ba
GET /thumbnail/LbvBtCSnzqjprm-U_Q/w320h240/0.jpeg HTTP/1.1
Host: static-cache.k2s.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: openresty
date: Tue, 27 Dec 2022 05:48:57 GMT
content-type: image/jpeg
content-length: 8936
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
access-control-allow-origin: *
x-cache-status: HIT
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash ac575349f797cba4383653682c066fbf
89f4265fe17de5970bba8622612bfcfe741be9df
672c94428cd12be3cb3d4f75c7224f1b8fbaa8aa73800c170eabdd836cf541d8
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "672C94428CD12BE3CB3D4F75C7224F1B8FBAA8AA73800C170EABDD836CF541D8"
Last-Modified: Mon, 26 Dec 2022 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=1924
Expires: Tue, 27 Dec 2022 06:21:01 GMT
Date: Tue, 27 Dec 2022 05:48:57 GMT
Connection: keep-alive
cdn.creative-bars1.com/sb/interstitial/rtb/default/3/css/animate.css
172.64.109.13200 OK 5.2 kB URL HTTP/2 cdn.creative-bars1.com/sb/interstitial/rtb/default/3/css/animate.css
IP 172.64.109.13:0
Hash 39c8043ecd7a387603e79b3bf34adb5b
f396db501e93e3853b74a5ea5ca0aa1b7bb10a12
3f89eeae871d1f84bf5c59346b4905f067b3ffae597630b22fef1371450dff8e
GET /sb/interstitial/rtb/default/3/css/animate.css HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://xfantazy.com
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Tue, 27 Dec 2022 05:48:57 GMT
content-type: text/css
last-modified: Wed, 23 Jun 2021 13:33:20 GMT
etag: W/"60d33820-13591"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 3599625
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=tq8aKHO5pvqnxOOqw5DZwB6o399wPhP43Xn9gQ3WPhTaz9sSqm95vo%2BX2FnzuxgOKoGca5bqTDB8X5RNoVRsfRlNmx7eh7ojz05i3wbp6jpBMnBef9eU2lgMw4ai1roEDXdzPlV1k2b8"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 77ffc5292a567332-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.sectigo.com/
104.18.32.68200 OK 472 B IP 104.18.32.68:0
Hash 8ea05705d332e4c5bcc3ac4678f57736
8c21ade604bdd81af9fd63ad269b409a04401186
1ab8059d3a4637c621547b016f996cef4cabdeab738cde15e5057ee7340db18c
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Tue, 27 Dec 2022 05:48:57 GMT
Content-Type: application/ocsp-response
Content-Length: 472
Connection: keep-alive
Last-Modified: Sat, 24 Dec 2022 03:14:18 GMT
Expires: Sat, 31 Dec 2022 03:14:17 GMT
Etag: "8c21ade604bdd81af9fd63ad269b409a04401186"
Cache-Control: max-age=335719,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb1
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 77ffc528888fb524-OSL
ads.adxadserv.com/ad?spotid=636bc5d561d6e27071201a23&type=300x250&output=html
185.98.53.2200 OK 1.6 kB URL HTTP/2 ads.adxadserv.com/ad?spotid=636bc5d561d6e27071201a23&type=300x250&output=html
IP 185.98.53.2:0
ASN #39572 DataWeb Global Group B.V.
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (579)
Hash fc6c97a561613fcb80d415d2c20eb6bd
d114d3073101e254a00feb82e976f6361e017cbc
eae7eb5b2acd8a99ec74eadea78da4a284d5318e608a2494554e1305ed5bd2c6
GET /ad?spotid=636bc5d561d6e27071201a23&type=300x250&output=html HTTP/1.1
Host: ads.adxadserv.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Tue, 27 Dec 2022 05:48:57 GMT
content-type: text/html; charset=utf-8
content-length: 1631
cache-control: no-cache
X-Firefox-Spdy: h2
cdn.creative-bars1.com/sb/interstitial/rtb/default/3/img/close.png
172.64.109.13200 OK 49 kB URL HTTP/2 cdn.creative-bars1.com/sb/interstitial/rtb/default/3/img/close.png
IP 172.64.109.13:0
File type PNG image data, 2063 x 2063, 8-bit/color RGBA, non-interlaced\012- data
Hash c468e1d251e84cbbd9fd43f1bf756866
29512569a2da569797a545eb36c6176d6285a8da
b0da14eff7c6fe39d973148b55c51ee6ce3948e76e488c401eb6dca5dfbd1cd8
GET /sb/interstitial/rtb/default/3/img/close.png HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Tue, 27 Dec 2022 05:48:57 GMT
content-type: image/png
content-length: 48623
last-modified: Wed, 23 Jun 2021 13:33:23 GMT
etag: "60d33823-bdef"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 1901113
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=NxQPQ4Gn5olzGjUOyuMEoOm4s8pat3Irg30EE4Gq062r%2FsbAMm9weouXjwOUN6G8Sos471pqB4mie%2Bqv4A3%2F6W58HUsuoA%2FS3sw8W8U06GnIK2wf%2BdMdzHU42i%2BkRZZ%2FHzj0wV5TKuR%2B"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 77ffc5299d5124e4-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
static-cache.k2s.cc/thumbnail/Ie6S73egyP_v_2rF-w/w320h240/0.jpeg
188.72.235.185200 OK 8.9 kB URL HTTP/2 static-cache.k2s.cc/thumbnail/Ie6S73egyP_v_2rF-w/w320h240/0.jpeg
IP 188.72.235.185:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v80), quality = 80", baseline, precision 8, 320x240, components 3\012- data
Hash 25ae43141231d12c3ecaa18e43e08ae6
dca1c9865015413a04900b0c0033b9cb960d7f0c
49f05106a4cb604a45ecb74c7a490f83178079c4dd7800fb46be0f34401114a1
GET /thumbnail/Ie6S73egyP_v_2rF-w/w320h240/0.jpeg HTTP/1.1
Host: static-cache.k2s.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: openresty
date: Tue, 27 Dec 2022 05:48:57 GMT
content-type: image/jpeg
content-length: 8936
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
access-control-allow-origin: *
x-cache-status: HIT
X-Firefox-Spdy: h2
ocsp.sectigo.com/
104.18.32.68200 OK 472 B IP 104.18.32.68:0
Hash 8ea05705d332e4c5bcc3ac4678f57736
8c21ade604bdd81af9fd63ad269b409a04401186
1ab8059d3a4637c621547b016f996cef4cabdeab738cde15e5057ee7340db18c
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Tue, 27 Dec 2022 05:48:57 GMT
Content-Type: application/ocsp-response
Content-Length: 472
Connection: keep-alive
Last-Modified: Sat, 24 Dec 2022 03:14:18 GMT
Expires: Sat, 31 Dec 2022 03:14:17 GMT
Etag: "8c21ade604bdd81af9fd63ad269b409a04401186"
Cache-Control: max-age=335719,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb1
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 77ffc528ca1dfabc-OSL
static-cache.k2s.cc/thumbnail/LOWT6yWunPjlrDSe9g/w320h240/0.jpeg
188.72.235.185200 OK 16 kB URL HTTP/2 static-cache.k2s.cc/thumbnail/LOWT6yWunPjlrDSe9g/w320h240/0.jpeg
IP 188.72.235.185:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v80), quality = 80", baseline, precision 8, 320x240, components 3\012- data
Hash d8157730a22f5e6dccb34ed61f194045
a6172168db2c06b63d9b55318e817952e7687909
55816fe41eb7d07eefae45bca63e2b1e09a4977a01b9f182814dbfa21d9b1a60
GET /thumbnail/LOWT6yWunPjlrDSe9g/w320h240/0.jpeg HTTP/1.1
Host: static-cache.k2s.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: openresty
date: Tue, 27 Dec 2022 05:48:57 GMT
content-type: image/jpeg
content-length: 15629
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
access-control-allow-origin: *
x-cache-status: HIT
X-Firefox-Spdy: h2
warilycommercialconstitutional.com/pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Finterstitial%2Frtb%2Fdefault%2F3%2Fjs%2Fjquery-3.2.1.min.js&l=129575&fd=317
173.233.137.60200 OK 14 kB URL HTTP/1.1 warilycommercialconstitutional.com/pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Finterstitial%2Frtb%2Fdefault%2F3%2Fjs%2Fjquery-3.2.1.min.js&l=129575&fd=317
IP 173.233.137.60:0
Hash 4236195fd055e83eaa2a18baf584611f
63b66d35ee86f93d8e83ae8a407bd790f9f28969
4f444576a58bd581e65787bfcca67d27358bcdf2259652b1535715e86a1d10b4
Analyzer Verdict Alert quad9 Sinkholed
GET /pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Finterstitial%2Frtb%2Fdefault%2F3%2Fjs%2Fjquery-3.2.1.min.js&l=129575&fd=317 HTTP/1.1
Host: warilycommercialconstitutional.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Cookie: u_pl=17661735; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Tue, 27 Dec 2022 05:48:57 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
cdn.creative-bars1.com/sb/interstitial/rtb/default/3/css/style.css
172.64.109.13200 OK 1.5 kB URL HTTP/2 cdn.creative-bars1.com/sb/interstitial/rtb/default/3/css/style.css
IP 172.64.109.13:0
Hash 79abab276cc2d87b2d112c4bba430632
c40c356482cd9050de7b116c5c197f1405bbafe7
14c967a07f792fd99b5a2230b8c512ba32b57989dea8b045a5440ee6234b23e8
GET /sb/interstitial/rtb/default/3/css/style.css HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://xfantazy.com
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Tue, 27 Dec 2022 05:48:57 GMT
content-type: text/css
last-modified: Wed, 23 Jun 2021 13:33:21 GMT
etag: W/"60d33821-14da"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 3599625
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=nUkm7AwTlIqt1%2FdJntbAAyyqTUMfFrSKbErVgfg%2BJgb6yN2uxYadQzGP1GJwCFwVlC7g%2BsvicS%2B%2BtfjcyTlZybRH2jMnZbS8HRA920NLgdqKCSP5yGFZSilCpguZjIQssvWAVmKwUcJ6"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 77ffc5297a927332-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
click.pclk.name/thumbnail?i=pYCwS04TnyA_0&imgt=icon
173.239.53.24302 Found 0 B URL HTTP/1.1 click.pclk.name/thumbnail?i=pYCwS04TnyA_0&imgt=icon
IP 173.239.53.24:0
ASN #27257 WEBAIR-INTERNET
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /thumbnail?i=pYCwS04TnyA_0&imgt=icon HTTP/1.1
Host: click.pclk.name
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
HTTP/1.1 302 Found
Cache-Control: no-store
Content-Length: 0
Age: 0
Connection: keep-alive
Location: https://us.doctorpost.net/metrics/save.img?event=impressions&bid-id=v2-1672120136069-7-8077-1178228-b2a04662-82c1-431d-9e97-393851497278&img=https%3A%2F%2Ftrack.trackingtraffo.com%2Fpush%2Fic%3Fauth%3Dpz6u78%26c%3DT3cGUtCzL20_fI73-DPP5y-CEIM7e3n7-8auj33lmEVjzRE8h1PDjPNjRYVdBo6RM8wUDTZ8oVbNs4bnpAoqu3Ymlpa39oDROSlUQTKhEoekzA3im906YmgVOwYTZGK6IkyfURH3bnYNbLTb7-2e7F9DvyWo2rXuzRDaqdlxmFJ00tJc2ONtV4rGs5IKnqGEfI8Yvu0QIlYx0q6wqv5Fh6J7u45pvB7kpxmYEFWi-U7vaTetiL-Mvf1ApopsjQPSvlXgwPo6wdacxKhfzhdR9JYlNGyCLpJA4N0Hu9-XlygC3Q2rWcFi0JPBzIl2DFKxwOQ-8v8TPW61HhkyFsMx1W56VRjIEiH9kxKRfytaby_p4HSXV61kKVLGhdWDxSj11tHqkJx8gwNRveWAqluVYNxdyqmXQ6tMBpmBMba7NRC0DV2bXEa-sIai5_TYDfEwa-MevUCnsR4mekho6hmeYW5F4-AuAqd9uNz0ZlV4WZzqofpahDmFnfQ_A8DdNMrqVVFfVmJiGEnD0UlNfuyZx2jCESuHR3EZGDH-99bC0AzarZcQQAsMQ0ChMYgBxiIQ_ooS_VCmDCz9zHTxwWExqlHMc3am2frBhu6kzLRwbXJ_1Vki
Pragma: no-cache
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 07d2b01d8d7005248b1c94df635fc442
5deb05e42e916426edc8397978a1a025ea08dec9
8ab77d8661ef971344f63562fdb1aa773a7fc5ef60a3705acba57a1d2f786b5a
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "8AB77D8661EF971344F63562FDB1AA773A7FC5EF60A3705ACBA57A1D2F786B5A"
Last-Modified: Sun, 25 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4125
Expires: Tue, 27 Dec 2022 06:57:42 GMT
Date: Tue, 27 Dec 2022 05:48:57 GMT
Connection: keep-alive
warilycommercialconstitutional.com/pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Finterstitial%2Frtb%2Fdefault%2F3%2Fcss%2Fstyle.css&l=5338&fd=343
173.233.137.60200 OK 0 B URL HTTP/1.1 warilycommercialconstitutional.com/pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Finterstitial%2Frtb%2Fdefault%2F3%2Fcss%2Fstyle.css&l=5338&fd=343
IP 173.233.137.60:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Finterstitial%2Frtb%2Fdefault%2F3%2Fcss%2Fstyle.css&l=5338&fd=343 HTTP/1.1
Host: warilycommercialconstitutional.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Cookie: u_pl=17661735; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Tue, 27 Dec 2022 05:48:57 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
syndication.realsrv.com/v1/api.php
95.211.229.247200 OK 857 B URL HTTP/1.1 syndication.realsrv.com/v1/api.php
IP 95.211.229.247:0
ASN #60781 LeaseWeb Netherlands B.V.
File type JSON data\012- , ASCII text, with very long lines (1127), with no line terminators
Hash e8ba6eaea9eaaec002ddff66267ab32b
0bc3f6375ca75d280640f53572a71f2dd146da66
40a61a8b51f5fd325b877d2554ef72c254e74ed0fd326cd809831aaa10c848c2
POST /v1/api.php HTTP/1.1
Host: syndication.realsrv.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 335
Origin: https://a.naturalhealthsource.club
Connection: keep-alive
Referer: https://a.naturalhealthsource.club/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Tue, 27 Dec 2022 05:48:57 GMT
Content-Type: application/json
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Origin: https://a.naturalhealthsource.club
Access-Control-Allow-Headers: Authorization, Content-Type
Access-Control-Request-Method: POST
Access-Control-Allow-Credentials: true
Set-Cookie: __uvt=a%3A1%3A%7Bi%3A0%3Bs%3A33%3A%2263aa8749621cf6.370072483021348138%22%3B%7D; expires=Thu, 26-Dec-2024 05:48:57 GMT; Max-Age=63072000; path=/; domain=realsrv.com; secure; SameSite=None
X-Robots-Tag: noindex, follow
Content-Encoding: gzip
fonts.gstatic.com/s/ubuntu/v20/4iCs6KVjbNBYlgoKfw72.woff2
216.58.207.227200 OK 35 kB URL HTTP/2 fonts.gstatic.com/s/ubuntu/v20/4iCs6KVjbNBYlgoKfw72.woff2
IP 216.58.207.227:0
File type Web Open Font Format (Version 2), TrueType, length 34852, version 1.0\012- data
Hash 0e8eefb4549a2edf26c560cb9845952e
8d0b1718aacad934fd0043c87cbc54aa091396bf
7f653b3ce9d3277457fc6da4edb246ae2f6c913f088c42dcb8cd2e96267aa21a
GET /s/ubuntu/v20/4iCs6KVjbNBYlgoKfw72.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://ads.adxadserv.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 34852
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Fri, 23 Dec 2022 13:33:12 GMT
expires: Sat, 23 Dec 2023 13:33:12 GMT
cache-control: public, max-age=31536000
age: 317745
last-modified: Wed, 27 Apr 2022 16:31:23 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
a.realsrv.com/video-slider.js
185.76.9.21200 OK 16 kB URL HTTP/2 a.realsrv.com/video-slider.js
IP 185.76.9.21:0
ASN #60068 Datacamp Limited
File type ASCII text, with very long lines (51166)
Hash a56fa64dd41ebc7f448f8e6f4e7ac030
5edce239f8af88f47aaa6b55390c3daf540012e2
82eddc9aa567674ae550be126ad8db4e80edd3d51cf0712ad084db07a8a3bec6
GET /video-slider.js HTTP/1.1
Host: a.realsrv.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://media.aso1.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Tue, 27 Dec 2022 05:48:57 GMT
content-type: application/javascript
etag: W/"bfe8e0d358572ef0cbb85c26f8a"
expires: Fri, 23 Dec 2022 11:55:31 GMT
cache-control: max-age=10800
access-control-allow-origin: *
x-cache-op: HIT
x-accel-expires: @1672120743
server: CDN77-Turbo
x-77-nzt: AblMCRS/Ilr/0icAAA
x-77-nzt-ray: af585630aef1182b4987aa636d40461b
x-cache: HIT
x-age: 10194
x-77-pop: stockholmSE
x-77-cache: HIT
content-encoding: gzip
X-Firefox-Spdy: h2
media.aso1.net/js/ifr.html
104.21.234.222200 OK 1.5 kB URL HTTP/2 media.aso1.net/js/ifr.html
IP 104.21.234.222:0
Hash 933c3d2e624151470c9eec11c0ee5a65
17c42763a799f72891b4bf56f3b8409bcef5d950
58248ad06b95590c77f4e9b30b03415233ca59147c2892462306275061532854
GET /js/ifr.html HTTP/1.1
Host: media.aso1.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Tue, 27 Dec 2022 05:48:56 GMT
content-type: text/html
last-modified: Thu, 15 Dec 2022 09:50:03 GMT
etag: W/"639aedcb-6ff"
expires: Sun, 18 Dec 2022 19:07:48 GMT
cache-control: max-age=259200
x-robots-tag: noindex, nofollow, noarchive, noimageindex
cf-cache-status: HIT
age: 483719
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=gwBKzfsHiuEtz%2FYlE7CpDXmqgf8r268amNQjVud0SIg701tTIyfM0uAaFslI01eqhN%2Fu1KYCL5FyGqm1d0zVpSFdxWN%2FSl%2FU%2Bwi%2FpiOsSveIYvIqkLIIDYGF8KmTHHXQaA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 77ffc527fe49dd50-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
a.naturalhealthsource.club/api/spots/391868?host=xfantazy.com&ev=197&wh=939&ww=1280&uuid=
135.181.208.216200 OK 852 B URL HTTP/2 a.naturalhealthsource.club/api/spots/391868?host=xfantazy.com&ev=197&wh=939&ww=1280&uuid=
IP 135.181.208.216:0
ASN #24940 Hetzner Online GmbH
Hash 223ea4e8288c05cbfe279d210a867e40
f784912a4d64ba6d6edbc688481b28fe5c8c88fe
025197fc8618b3dc2fbc1b36a1ad1a8186f7df5018f04ea2a072dd3284f80ebb
GET /api/spots/391868?host=xfantazy.com&ev=197&wh=939&ww=1280&uuid= HTTP/1.1
Host: a.naturalhealthsource.club
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Cookie: nauid=qfxLyNBPRhg9S2EyUD56
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 27 Dec 2022 05:48:56 GMT
content-type: text/javascript; charset=utf-8
vary: Accept-Encoding
cache-control: private
content-encoding: gzip
X-Firefox-Spdy: h2
unseenreport.com/pxf.gif?uuid=c4449fff-ab5e-448c-9538-e2faf35ce531&eb=afa55bd8bbaeee6cbf2f0b21fb513961&te=9e4947f35751465411fd1a4f5c358c78&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&dev=e&res=14.1055&b_frame=0&pk=a2f990f10476061c719d1c1aa3a2ecd2&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=5
192.243.61.227200 OK 1 B URL HTTP/1.1 unseenreport.com/pxf.gif?uuid=c4449fff-ab5e-448c-9538-e2faf35ce531&eb=afa55bd8bbaeee6cbf2f0b21fb513961&te=9e4947f35751465411fd1a4f5c358c78&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&dev=e&res=14.1055&b_frame=0&pk=a2f990f10476061c719d1c1aa3a2ecd2&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=5
IP 192.243.61.227:0
ASN #39572 DataWeb Global Group B.V.
File type very short file (no magic)
Hash 93b885adfe0da089cdf634904fd59f71
5ba93c9db0cff93f52b521d7420e43f6eda2784f
6e340b9cffb37a989ca544e6bb780a2c78901d3fb33738768511a30617afa01d
Analyzer Verdict Alert quad9 Sinkholed
GET /pxf.gif?uuid=c4449fff-ab5e-448c-9538-e2faf35ce531&eb=afa55bd8bbaeee6cbf2f0b21fb513961&te=9e4947f35751465411fd1a4f5c358c78&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&dev=e&res=14.1055&b_frame=0&pk=a2f990f10476061c719d1c1aa3a2ecd2&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=5 HTTP/1.1
Host: unseenreport.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Tue, 27 Dec 2022 05:48:57 GMT
Content-Type: image/gif
Content-Length: 1
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 0c293adde472124c848fe81bbe10d7db
Strict-Transport-Security: max-age=0; includeSubdomains
cams.gratis/banner/300x250.php?site=xfanta
172.64.134.7200 OK 1.4 kB URL HTTP/2 cams.gratis/banner/300x250.php?site=xfanta
IP 172.64.134.7:0
Hash e878100a25b076171ad608f31aab9da8
c9cbf0ed2be6bdba1a92eb98caa3a4dd1cf4596f
db4ef8b210b41099ea643be5f04abb283e519b850b9eae08fe30a26378b0b18e
GET /banner/300x250.php?site=xfanta HTTP/1.1
Host: cams.gratis
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ads.adxadserv.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Tue, 27 Dec 2022 05:48:57 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding,User-Agent
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=i8W8d%2F7uIxsa%2Fn3fkhVBcYi9%2BPhtERKlar1mPcChaedHPe9DMLqJqC8%2BF5N4IdCpRD1SAcboSJJ06Xou7n179r%2FIWWa721xZUkvFPuz1lcaSXJMkwFO%2BYG8b7G1a7g%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 77ffc52c08587729-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
unseenreport.com/pxf.gif?uuid=c4449fff-ab5e-448c-9538-e2faf35ce531&eb=afa55bd8bbaeee6cbf2f0b21fb513961&te=9e4947f35751465411fd1a4f5c358c78&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&dev=e&res=14.1055&b_frame=0&pk=21fe3950f412e026c33f1b6cee613eba&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=5
192.243.61.227200 OK 1 B URL HTTP/1.1 unseenreport.com/pxf.gif?uuid=c4449fff-ab5e-448c-9538-e2faf35ce531&eb=afa55bd8bbaeee6cbf2f0b21fb513961&te=9e4947f35751465411fd1a4f5c358c78&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&dev=e&res=14.1055&b_frame=0&pk=21fe3950f412e026c33f1b6cee613eba&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=5
IP 192.243.61.227:0
ASN #39572 DataWeb Global Group B.V.
File type very short file (no magic)
Hash 93b885adfe0da089cdf634904fd59f71
5ba93c9db0cff93f52b521d7420e43f6eda2784f
6e340b9cffb37a989ca544e6bb780a2c78901d3fb33738768511a30617afa01d
Analyzer Verdict Alert quad9 Sinkholed
GET /pxf.gif?uuid=c4449fff-ab5e-448c-9538-e2faf35ce531&eb=afa55bd8bbaeee6cbf2f0b21fb513961&te=9e4947f35751465411fd1a4f5c358c78&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&dev=e&res=14.1055&b_frame=0&pk=21fe3950f412e026c33f1b6cee613eba&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=5 HTTP/1.1
Host: unseenreport.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Tue, 27 Dec 2022 05:48:57 GMT
Content-Type: image/gif
Content-Length: 1
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 9fbee969a12b65edb5178a43f71b6ecd
Strict-Transport-Security: max-age=0; includeSubdomains
unseenreport.com/pxf.gif?uuid=c4449fff-ab5e-448c-9538-e2faf35ce531&eb=afa55bd8bbaeee6cbf2f0b21fb513961&te=9e4947f35751465411fd1a4f5c358c78&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&dev=e&res=14.1055&b_frame=0&pk=4d0afc2425eea6b0cd5a468c9f8a69ed&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=5
192.243.61.227200 OK 1 B URL HTTP/1.1 unseenreport.com/pxf.gif?uuid=c4449fff-ab5e-448c-9538-e2faf35ce531&eb=afa55bd8bbaeee6cbf2f0b21fb513961&te=9e4947f35751465411fd1a4f5c358c78&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&dev=e&res=14.1055&b_frame=0&pk=4d0afc2425eea6b0cd5a468c9f8a69ed&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=5
IP 192.243.61.227:0
ASN #39572 DataWeb Global Group B.V.
File type very short file (no magic)
Hash 93b885adfe0da089cdf634904fd59f71
5ba93c9db0cff93f52b521d7420e43f6eda2784f
6e340b9cffb37a989ca544e6bb780a2c78901d3fb33738768511a30617afa01d
Analyzer Verdict Alert quad9 Sinkholed
GET /pxf.gif?uuid=c4449fff-ab5e-448c-9538-e2faf35ce531&eb=afa55bd8bbaeee6cbf2f0b21fb513961&te=9e4947f35751465411fd1a4f5c358c78&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&dev=e&res=14.1055&b_frame=0&pk=4d0afc2425eea6b0cd5a468c9f8a69ed&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=5 HTTP/1.1
Host: unseenreport.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Tue, 27 Dec 2022 05:48:57 GMT
Content-Type: image/gif
Content-Length: 1
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 39fcd615adb7f4d1a7800bd560f7d6da
Strict-Transport-Security: max-age=0; includeSubdomains
cams.gratis/banner/bg6.jpg
172.64.134.7200 OK 37 kB URL HTTP/2 cams.gratis/banner/bg6.jpg
IP 172.64.134.7:0
File type JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 405x252, components 3\012- data
Hash 7ee983f81d742869a176e874651c7231
3072b7ce2833a2611d679374493a5533bd1bd32e
ab168995f8ac84c48b20c8850d35aa43723211710953253ce75c1811bbb0ecbc
GET /banner/bg6.jpg HTTP/1.1
Host: cams.gratis
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://cams.gratis/banner/300x250.php?site=xfanta
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Tue, 27 Dec 2022 05:48:57 GMT
content-type: image/jpeg
content-length: 37209
last-modified: Tue, 18 Oct 2022 10:44:50 GMT
cache-control: max-age=2592000
expires: Tue, 10 Jan 2023 08:46:36 GMT
cf-cache-status: HIT
age: 1371741
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=h7d4H6jxs0HnHPEjpQgqsFjMok0FiQTmR3We%2BX0I8f4bNBBM1B9oSIREenXp0y8YXG3fYgHCR3HgLdGy1PATi1%2BbU3WpJBLPIlYtu1sVimSjqSeHSYNM4v0X%2BVbsJQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 77ffc52c689a7729-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
cdn.creative-bars1.com/sb/interstitial/rtb/default/3/js/jquery-3.2.1.min.js
172.64.109.13200 OK 37 kB URL HTTP/2 cdn.creative-bars1.com/sb/interstitial/rtb/default/3/js/jquery-3.2.1.min.js
IP 172.64.109.13:0
File type ASCII text, with very long lines (745)
Hash ed3ea6da9d0287579d7f407ce21c3343
ba4fb509ff1158b3a65015dbe8dd46e44a05e86e
3745dede9501763980c887b157070f7b80af1fac5b7d5fea792cde06c7679137
GET /sb/interstitial/rtb/default/3/js/jquery-3.2.1.min.js HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://xfantazy.com
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Tue, 27 Dec 2022 05:48:57 GMT
content-type: application/javascript
last-modified: Wed, 23 Jun 2021 13:33:25 GMT
etag: W/"60d33825-1fa27"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 3599625
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=1zoLnINAPY4OT6wYIwXR1DL6r4fKZewV1cjBkvTEL7wn1z9klsfFBJjirjg4vCVJPBkMSao7urtk5elNr8itBxYV9FVUmXCz1fBFEh%2B621jADtJ%2F9DhaYDcY6VSgPyxl6MkTBa5B5vi2"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 77ffc5294a6c7332-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
syndication.realsrv.com/v1/api.php
95.211.229.247200 OK 838 B URL HTTP/1.1 syndication.realsrv.com/v1/api.php
IP 95.211.229.247:0
ASN #60781 LeaseWeb Netherlands B.V.
File type JSON data\012- , ASCII text, with very long lines (1105), with no line terminators
Hash d8c7c0d6ad6700be97782bf867a61812
ce03668dbc7b51b82654d61c5b529f3078e2e819
ff911460f6cfcaa7582e42268a8934faba3d753c673152d71c9e351f4d98d39a
POST /v1/api.php HTTP/1.1
Host: syndication.realsrv.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 284
Origin: https://media.aso1.net
Connection: keep-alive
Referer: https://media.aso1.net/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Tue, 27 Dec 2022 05:48:57 GMT
Content-Type: application/json
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Origin: https://media.aso1.net
Access-Control-Allow-Headers: Authorization, Content-Type
Access-Control-Request-Method: POST
Access-Control-Allow-Credentials: true
Set-Cookie: __uvt=a%3A1%3A%7Bi%3A0%3Bs%3A33%3A%2263aa87498c7d68.236931351904971097%22%3B%7D; expires=Thu, 26-Dec-2024 05:48:57 GMT; Max-Age=63072000; path=/; domain=realsrv.com; secure; SameSite=None
X-Robots-Tag: noindex, follow
Content-Encoding: gzip
ocsp.digicert.com/
93.184.220.29200 OK 314 B IP 93.184.220.29:0
Hash 98cc23b4b87c2874e2368fe378300596
b426af4befcc0b6d75e813f53b246f93c21868ec
a0c2be07d783e59287fa620b54c341db303a1d7a0494f9210524bf55b160c676
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 1431
Cache-Control: max-age=154046
Content-Type: application/ocsp-response
Date: Tue, 27 Dec 2022 05:48:57 GMT
Etag: "63aa3870-13a"
Expires: Thu, 29 Dec 2022 00:36:23 GMT
Last-Modified: Tue, 27 Dec 2022 00:12:32 GMT
Server: ECS (ska/F719)
X-Cache: HIT
Content-Length: 314
ocsp.digicert.com/
93.184.220.29200 OK 280 B IP 93.184.220.29:0
Hash fba0d2eab578717dd7621ae76a1372ad
be84fcece436ece597ec80354a33efad422a178e
3960daca0a01b04c7129032a835afb328791de0f87ce4073335b84245a89dcbb
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 27
Cache-Control: max-age=140813
Content-Type: application/ocsp-response
Date: Tue, 27 Dec 2022 05:48:57 GMT
Etag: "63aa0a3b-118"
Expires: Wed, 28 Dec 2022 20:55:50 GMT
Last-Modified: Mon, 26 Dec 2022 20:55:23 GMT
Server: ECS (ska/F719)
X-Cache: HIT
Content-Length: 280
static-cache.k2s.cc/thumbnail/I-yRv3GnyqfkrTTC-w/w320h240/3.jpeg
188.72.235.185200 OK 12 kB URL HTTP/2 static-cache.k2s.cc/thumbnail/I-yRv3GnyqfkrTTC-w/w320h240/3.jpeg
IP 188.72.235.185:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v80), quality = 80", baseline, precision 8, 320x240, components 3\012- data
Hash 6f7dc16b4456629594eefb1c0a933a3a
2492d2e79a48c0ee43f58b81c0674413f722ca49
6e6543d1a68ce91ce2fefcffe7d6ec5475d72fc90c1e5650ced0be2983024876
GET /thumbnail/I-yRv3GnyqfkrTTC-w/w320h240/3.jpeg HTTP/1.1
Host: static-cache.k2s.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: openresty
date: Tue, 27 Dec 2022 05:48:57 GMT
content-type: image/jpeg
content-length: 11829
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
access-control-allow-origin: *
x-cache-status: HIT
X-Firefox-Spdy: h2
go.xlivrdr.com/smartpop/165aea9bcdd7aabac45f72d02f58fd24b8416bc57cfc540b1b4409ac823564af?userId=1f2ad638bb163e0f21b19d6cbbcd5805b56eb7b1ef21117b6157eaf2a11915c9&memberId=ooc4ASOptrultrdVdTdRZXO6VzqpbXUzOodTK6V0rpXT1UU0uldK6V0zpXSuldK6Z0rpXTOc6V3..3eceZQzRg3M5zpXSuldK6V0rpXSulcH2A--&sourceId=4869086&p1=4581534&skipOffset=00:00:05
104.18.59.150302 Found 0 B URL HTTP/2 go.xlivrdr.com/smartpop/165aea9bcdd7aabac45f72d02f58fd24b8416bc57cfc540b1b4409ac823564af?userId=1f2ad638bb163e0f21b19d6cbbcd5805b56eb7b1ef21117b6157eaf2a11915c9&memberId=ooc4ASOptrultrdVdTdRZXO6VzqpbXUzOodTK6V0rpXT1UU0uldK6V0zpXSuldK6Z0rpXTOc6V3..3eceZQzRg3M5zpXSuldK6V0rpXSulcH2A--&sourceId=4869086&p1=4581534&skipOffset=00:00:05
IP 104.18.59.150:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /smartpop/165aea9bcdd7aabac45f72d02f58fd24b8416bc57cfc540b1b4409ac823564af?userId=1f2ad638bb163e0f21b19d6cbbcd5805b56eb7b1ef21117b6157eaf2a11915c9&memberId=ooc4ASOptrultrdVdTdRZXO6VzqpbXUzOodTK6V0rpXT1UU0uldK6V0zpXSuldK6Z0rpXTOc6V3..3eceZQzRg3M5zpXSuldK6V0rpXSulcH2A--&sourceId=4869086&p1=4581534&skipOffset=00:00:05 HTTP/1.1
Host: go.xlivrdr.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://media.aso1.net
Connection: keep-alive
Referer: https://media.aso1.net/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
date: Tue, 27 Dec 2022 05:48:57 GMT
content-length: 0
location: https://go.xlivrdr.com/api/models/vast?campaignId=165aea9bcdd7aabac45f72d02f58fd24b8416bc57cfc540b1b4409ac823564af&campaignType=smartpop&creativeId=b1e02e2720203f684f246d97afe36747c347d0383f37e85772df9f975015b451&duration=00%3A00%3A30&endpoint=room&iterationId=257107&masterSmartpopId=2683&memberId=ooc4ASOptrultrdVdTdRZXO6VzqpbXUzOodTK6V0rpXT1UU0uldK6V0zpXSuldK6Z0rpXTOc6V3..3eceZQzRg3M5zpXSuldK6V0rpXSulcH2A--&p1=4581534&ruleId=157&skipOffset=00%3A00%3A05&smartpopId=3564&sourceId=4869086&tag=-girls%2Findian&userId=1f2ad638bb163e0f21b19d6cbbcd5805b56eb7b1ef21117b6157eaf2a11915c9&variationId=29475&videosList=oil-show11
access-control-allow-origin: https://media.aso1.net
access-control-allow-credentials: true
access-control-allow-headers: Content-Type, Content-Length, Accept-Encoding, x-requested-with
cf-cache-status: DYNAMIC
set-cookie: _var=7868025.29475; Path=/; HttpOnly; SameSite=Strict
__cflb=02DiuDfsBaY2bRYJiCeSRSGTzNwtDfLbriXRgf7PVaJBv; SameSite=None; Secure; path=/; expires=Wed, 28-Dec-22 04:48:57 GMT; HttpOnly
server: cloudflare
cf-ray: 77ffc52c9973b51d-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
go.xlivrdr.com/smartpop/519fe30cdea876d1b02b3e92894492ca6c8136dabaff4c3273c5dd7492202a01?userId=1f2ad638bb163e0f21b19d6cbbcd5805b56eb7b1ef21117b6157eaf2a11915c9&sourceId=5304026&memberId=ooddNHdLHTPHNVS4ASOpstrrlldZXPPbVbW6V1Esqp6pXVS2upmdQ6mV0rpXSunqoppdK6V0rpnSuldK6V0zpXSumc7aveiayam7evTTW6zOvSvayzPOnTjOvSh0rs4wZmOTP7rfP43RQnJrvHr8fRznSuldK6V0rpXSuldK4Ps-&p1=5304026&trackOff=1&kbLimit=1000
104.18.59.150302 Found 0 B URL HTTP/2 go.xlivrdr.com/smartpop/519fe30cdea876d1b02b3e92894492ca6c8136dabaff4c3273c5dd7492202a01?userId=1f2ad638bb163e0f21b19d6cbbcd5805b56eb7b1ef21117b6157eaf2a11915c9&sourceId=5304026&memberId=ooddNHdLHTPHNVS4ASOpstrrlldZXPPbVbW6V1Esqp6pXVS2upmdQ6mV0rpXSunqoppdK6V0rpnSuldK6V0zpXSumc7aveiayam7evTTW6zOvSvayzPOnTjOvSh0rs4wZmOTP7rfP43RQnJrvHr8fRznSuldK6V0rpXSuldK4Ps-&p1=5304026&trackOff=1&kbLimit=1000
IP 104.18.59.150:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /smartpop/519fe30cdea876d1b02b3e92894492ca6c8136dabaff4c3273c5dd7492202a01?userId=1f2ad638bb163e0f21b19d6cbbcd5805b56eb7b1ef21117b6157eaf2a11915c9&sourceId=5304026&memberId=ooddNHdLHTPHNVS4ASOpstrrlldZXPPbVbW6V1Esqp6pXVS2upmdQ6mV0rpXSunqoppdK6V0rpnSuldK6V0zpXSumc7aveiayam7evTTW6zOvSvayzPOnTjOvSh0rs4wZmOTP7rfP43RQnJrvHr8fRznSuldK6V0rpXSuldK4Ps-&p1=5304026&trackOff=1&kbLimit=1000 HTTP/1.1
Host: go.xlivrdr.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://a.naturalhealthsource.club/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
date: Tue, 27 Dec 2022 05:48:57 GMT
content-length: 0
location: https://creative.xlivrdr.com/widgets/v4/Universal?campaignId=519fe30cdea876d1b02b3e92894492ca6c8136dabaff4c3273c5dd7492202a01&campaignType=smartpop&creativeId=37acc769fa476626fe6b90aec4a1f923bc4ff59b110ff874761e96a2a9218620&iterationId=379946&kbLimit=1000&masterSmartpopId=1914&memberId=ooddNHdLHTPHNVS4ASOpstrrlldZXPPbVbW6V1Esqp6pXVS2upmdQ6mV0rpXSunqoppdK6V0rpnSuldK6V0zpXSumc7aveiayam7evTTW6zOvSvayzPOnTjOvSh0rs4wZmOTP7rfP43RQnJrvHr8fRznSuldK6V0rpXSuldK4Ps-&p1=5304026&quality=optimal&ruleId=17&smartpopId=432&sourceId=5304026&tag=-girls%2Findian&trackOff=1&userId=1f2ad638bb163e0f21b19d6cbbcd5805b56eb7b1ef21117b6157eaf2a11915c9&variationId=30009
access-control-allow-credentials: true
access-control-allow-headers: Content-Type, Content-Length, Accept-Encoding, x-requested-with
cf-cache-status: DYNAMIC
set-cookie: _var=732574.30009; Path=/; HttpOnly; SameSite=Strict
__cflb=02DiuDfsBaY2bRYJiCeS4Kkib9dpHBnhae8qsFA7P8fhe; SameSite=None; Secure; path=/; expires=Wed, 28-Dec-22 04:48:57 GMT; HttpOnly
server: cloudflare
cf-ray: 77ffc52c9974b51d-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.sectigo.com/
104.18.32.68200 OK 471 B IP 104.18.32.68:0
Hash 402916c0e0e9544c007a7fc44006795e
55836ead138b0f7d14720f46047fb4bf836fa6d9
e3de184a2d27d8ba529f20f8dd598287a1b6e0d7bdfcbde030ab2be1ade57997
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Tue, 27 Dec 2022 05:48:57 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Mon, 26 Dec 2022 17:56:28 GMT
Expires: Mon, 02 Jan 2023 17:56:27 GMT
Etag: "55836ead138b0f7d14720f46047fb4bf836fa6d9"
Cache-Control: max-age=561449,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb4
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 77ffc52aed4cb4f4-OSL
syndication.realsrv.com/cimp.php?t=api&data=H4sIAAAAAAAAA02OMWoEMQxFr5ILjJFkSba3Tp1AQg7g9dhkip2B3Sk2oMPHdhGij9Av/ueJgGhBWii8AFw4XiRYQpfAMTkUtrf3D2O0ej/OrSzfdT/z5spxM0GUyBYCAqElTopkHANoIBOIJh4YSC0oUZSoxmDeoIvEMw/nALykHhH7+nydi11kHuBJAt0PvmEvdw/P0Q7X1jIrcr1GjFAydoJqU+AaaosjaLe6btnlx4Fur+ekTp6wTgD8acF5+oBNlx8/ezH7FxmSWfKGzOMty7lQpoLqGYtAw8SMqQQtK69U0i8xJaymWQEAAA==
95.211.229.247200 OK 20 B URL HTTP/1.1 syndication.realsrv.com/cimp.php?t=api&data=H4sIAAAAAAAAA02OMWoEMQxFr5ILjJFkSba3Tp1AQg7g9dhkip2B3Sk2oMPHdhGij9Av/ueJgGhBWii8AFw4XiRYQpfAMTkUtrf3D2O0ej/OrSzfdT/z5spxM0GUyBYCAqElTopkHANoIBOIJh4YSC0oUZSoxmDeoIvEMw/nALykHhH7+nydi11kHuBJAt0PvmEvdw/P0Q7X1jIrcr1GjFAydoJqU+AaaosjaLe6btnlx4Fur+ekTp6wTgD8acF5+oBNlx8/ezH7FxmSWfKGzOMty7lQpoLqGYtAw8SMqQQtK69U0i8xJaymWQEAAA==
IP 95.211.229.247:0
ASN #60781 LeaseWeb Netherlands B.V.
Hash a4745abc5e7fdb89cc6df3069f3c6e69
74789f7ddbebd5b7323f6f8174005b4bf8c1f1ed
d1111b245f685176180e6f1631e6dc49badf6672368e9ce260c71355165effdf
GET /cimp.php?t=api&data=H4sIAAAAAAAAA02OMWoEMQxFr5ILjJFkSba3Tp1AQg7g9dhkip2B3Sk2oMPHdhGij9Av/ueJgGhBWii8AFw4XiRYQpfAMTkUtrf3D2O0ej/OrSzfdT/z5spxM0GUyBYCAqElTopkHANoIBOIJh4YSC0oUZSoxmDeoIvEMw/nALykHhH7+nydi11kHuBJAt0PvmEvdw/P0Q7X1jIrcr1GjFAydoJqU+AaaosjaLe6btnlx4Fur+ekTp6wTgD8acF5+oBNlx8/ezH7FxmSWfKGzOMty7lQpoLqGYtAw8SMqQQtK69U0i8xJaymWQEAAA== HTTP/1.1
Host: syndication.realsrv.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://media.aso1.net
Connection: keep-alive
Referer: https://media.aso1.net/
Cookie: __uvt=a%3A1%3A%7Bi%3A0%3Bs%3A33%3A%2263aa87498c7d68.236931351904971097%22%3B%7D; c-tag=%7B%22tag-video%22%3A%22v3%7C%7CNOR%7C4869086%7C59493762%7C0%7C%7C508%7C41%7C3%7C40%7C0%7C0%7C0%7C25344%7C0%7C0%7C0%7C1%7C0%7C0%7C0%7C0%7C1%7C0%7C0%7C1%7C%7C%7C0%7Cmedia.aso1.net%7C%7C%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7Cok%22%7D; __upt=%7B%22v%22%3A1%2C%22id%22%3A%220%22%2C%22pcma%22%3A%22%22%2C%22acma%22%3A%22508.0199%22%7D
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Tue, 27 Dec 2022 05:48:57 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Origin: https://media.aso1.net
Access-Control-Allow-Credentials: true
Set-Cookie: __upt=%7B%22v%22%3A1%2C%22id%22%3A%220%22%2C%22pcma%22%3A%22%22%2C%22acma%22%3A%22508.029701%22%7D; expires=Thu, 26 Dec 2024 05:48:57 GMT; path=/; domain=.realsrv.com; Secure; SameSite=none
X-Robots-Tag: noindex, follow
Content-Encoding: gzip
cdn.tsyndicate.com/sdk/v1/master.spot.js
8.247.219.121200 OK 13 kB URL HTTP/2 cdn.tsyndicate.com/sdk/v1/master.spot.js
IP 8.247.219.121:0
File type ASCII text, with very long lines (28408)
Hash 8e5010b64624038c64b9bcc645d06e7f
006af6a47c076823f367094e4495365ea39e82ae
e1f3981db203e912bf82eaa818f7a93061009943dca6053fd609276305d174e0
GET /sdk/v1/master.spot.js HTTP/1.1
Host: cdn.tsyndicate.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://a.naturalhealthsource.club/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Tue, 27 Dec 2022 05:48:57 GMT
content-type: application/javascript
content-length: 12821
last-modified: Thu, 15 Dec 2022 13:15:10 GMT
server: nginx
x-robots-tag: noindex, nofollow
content-encoding: gzip
vary: Accept-Encoding
etag: W/"639b1dde-899c"
age: 1009419
accept-ranges: bytes
X-Firefox-Spdy: h2
go.xlivrdr.com/smartpop/519fe30cdea876d1b02b3e92894492ca6c8136dabaff4c3273c5dd7492202a01?userId=1f2ad638bb163e0f21b19d6cbbcd5805b56eb7b1ef21117b6157eaf2a11915c9&sourceId=5304026&memberId=ooddNHdLHTPHNVS4ASOptslrsndZXPPbVbW6V1Esqp6pXVS2upmdQ6mV0rpXSunqoppdK6V0rpnSuldK6V0zpXSumc6zTjjOmuanfS2a2XXOayueuviuWnezfi10rv99u848yhmjBuZznSuldK6V0rpXSuldK4Ps&p1=5304026&trackOff=1&kbLimit=1000
104.18.59.150302 Found 0 B URL HTTP/2 go.xlivrdr.com/smartpop/519fe30cdea876d1b02b3e92894492ca6c8136dabaff4c3273c5dd7492202a01?userId=1f2ad638bb163e0f21b19d6cbbcd5805b56eb7b1ef21117b6157eaf2a11915c9&sourceId=5304026&memberId=ooddNHdLHTPHNVS4ASOptslrsndZXPPbVbW6V1Esqp6pXVS2upmdQ6mV0rpXSunqoppdK6V0rpnSuldK6V0zpXSumc6zTjjOmuanfS2a2XXOayueuviuWnezfi10rv99u848yhmjBuZznSuldK6V0rpXSuldK4Ps&p1=5304026&trackOff=1&kbLimit=1000
IP 104.18.59.150:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /smartpop/519fe30cdea876d1b02b3e92894492ca6c8136dabaff4c3273c5dd7492202a01?userId=1f2ad638bb163e0f21b19d6cbbcd5805b56eb7b1ef21117b6157eaf2a11915c9&sourceId=5304026&memberId=ooddNHdLHTPHNVS4ASOptslrsndZXPPbVbW6V1Esqp6pXVS2upmdQ6mV0rpXSunqoppdK6V0rpnSuldK6V0zpXSumc6zTjjOmuanfS2a2XXOayueuviuWnezfi10rv99u848yhmjBuZznSuldK6V0rpXSuldK4Ps&p1=5304026&trackOff=1&kbLimit=1000 HTTP/1.1
Host: go.xlivrdr.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://media.aso1.net/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 302 Found
date: Tue, 27 Dec 2022 05:48:57 GMT
content-length: 0
location: https://creative.xlivrdr.com/widgets/v4/Universal?campaignId=519fe30cdea876d1b02b3e92894492ca6c8136dabaff4c3273c5dd7492202a01&campaignType=smartpop&creativeId=37acc769fa476626fe6b90aec4a1f923bc4ff59b110ff874761e96a2a9218620&iterationId=379946&kbLimit=1000&masterSmartpopId=1914&memberId=ooddNHdLHTPHNVS4ASOptslrsndZXPPbVbW6V1Esqp6pXVS2upmdQ6mV0rpXSunqoppdK6V0rpnSuldK6V0zpXSumc6zTjjOmuanfS2a2XXOayueuviuWnezfi10rv99u848yhmjBuZznSuldK6V0rpXSuldK4Ps&p1=5304026&quality=optimal&ruleId=17&smartpopId=432&sourceId=5304026&tag=-girls%2Findian&trackOff=1&userId=1f2ad638bb163e0f21b19d6cbbcd5805b56eb7b1ef21117b6157eaf2a11915c9&variationId=30009
access-control-allow-credentials: true
access-control-allow-headers: Content-Type, Content-Length, Accept-Encoding, x-requested-with
cf-cache-status: DYNAMIC
set-cookie: _var=732574.30009; Path=/; HttpOnly; SameSite=Strict
__cflb=0H28uukSkGJRy5UBr1u9iAwwBfboBLDtqnSUscpHSha; SameSite=None; Secure; path=/; expires=Wed, 28-Dec-22 04:48:57 GMT; HttpOnly
server: cloudflare
cf-ray: 77ffc52cc98db51d-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
go.xlirdr.com/i?campaignId=banner2609start&creativeId=300x250&modelsCountry=&modelsLanguage=&sourceId=xfanta&tag=females&targetDomain=&buttonColor=&hideModelNameOnSmallSpots=0&hideTitleOnSmallSpots=1&liveBadgeColor=%2324d7d7&showButton=1&showModelName=1&showTitle=0&showLiveBadge=1&isXhDesign=0&actionButtonPlacement=bottom&thumbSizeKey=small&hideButtonOnSmallSpots=1&userId=b47aedc2c088e2f21e0cc23e0318384c557941461efdbc48212e7282df45f2f4&landing=WidgetV4Universal
104.18.59.150302 Found 0 B URL HTTP/2 go.xlirdr.com/i?campaignId=banner2609start&creativeId=300x250&modelsCountry=&modelsLanguage=&sourceId=xfanta&tag=females&targetDomain=&buttonColor=&hideModelNameOnSmallSpots=0&hideTitleOnSmallSpots=1&liveBadgeColor=%2324d7d7&showButton=1&showModelName=1&showTitle=0&showLiveBadge=1&isXhDesign=0&actionButtonPlacement=bottom&thumbSizeKey=small&hideButtonOnSmallSpots=1&userId=b47aedc2c088e2f21e0cc23e0318384c557941461efdbc48212e7282df45f2f4&landing=WidgetV4Universal
IP 104.18.59.150:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /i?campaignId=banner2609start&creativeId=300x250&modelsCountry=&modelsLanguage=&sourceId=xfanta&tag=females&targetDomain=&buttonColor=&hideModelNameOnSmallSpots=0&hideTitleOnSmallSpots=1&liveBadgeColor=%2324d7d7&showButton=1&showModelName=1&showTitle=0&showLiveBadge=1&isXhDesign=0&actionButtonPlacement=bottom&thumbSizeKey=small&hideButtonOnSmallSpots=1&userId=b47aedc2c088e2f21e0cc23e0318384c557941461efdbc48212e7282df45f2f4&landing=WidgetV4Universal HTTP/1.1
Host: go.xlirdr.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://cams.gratis/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
date: Tue, 27 Dec 2022 05:48:57 GMT
content-length: 0
location: https://creative.xlirdr.com/widgets/v4/Universal/?actionButtonPlacement=bottom&buttonColor=&campaignId=banner2609start&creativeId=300x250&domain=stripchat&hideButtonOnSmallSpots=1&hideModelNameOnSmallSpots=0&hideTitleOnSmallSpots=1&isXhDesign=0&liveBadgeColor=%2324d7d7&modelsCountry=&modelsLanguage=&showButton=1&showLiveBadge=1&showModelName=1&showTitle=0&sound=off&sourceId=xfanta&tag=females&targetDomain=&thumbSizeKey=small&trackOff=1&userId=b47aedc2c088e2f21e0cc23e0318384c557941461efdbc48212e7282df45f2f4
access-control-allow-origin: *
cf-cache-status: DYNAMIC
set-cookie: __cflb=0H28uukSkGJRy5UBr1MAvzNuwf2BatFUp52SEjYQHKi; SameSite=None; Secure; path=/; expires=Wed, 28-Dec-22 04:48:57 GMT; HttpOnly
server: cloudflare
cf-ray: 77ffc52cd81ab4eb-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
adxadserv.com/ascripts/pxl.js
185.98.53.29200 OK 78 kB URL HTTP/1.1 adxadserv.com/ascripts/pxl.js
IP 185.98.53.29:0
ASN #39572 DataWeb Global Group B.V.
File type Unicode text, UTF-8 text, with very long lines (36114)
Hash 8348b78d100940ba1808a8e9b93f2e94
c2aa612dc3256c9f235dcfc6e330d0ecaf957768
9c983adf86ebc949957bdf55d524dfa278a79bea8d13f2efa9512c6dd37b86f5
GET /ascripts/pxl.js HTTP/1.1
Host: adxadserv.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ads.adxadserv.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
HTTP/1.1 200 OK
Server: nginx/1.20.1
Date: Tue, 27 Dec 2022 05:48:57 GMT
Content-Type: application/javascript
Content-Length: 77806
Connection: keep-alive
Last-Modified: Fri, 25 Sep 2020 09:55:41 GMT
ETag: "5f6dbe9d-12fee"
Expires: Tue, 27 Dec 2022 14:15:11 GMT
Cache-Control: max-age=86400, public
X-77-NZT: AblMCgoh7k//2toAAA
X-77-NZT-Ray: 2109d1109513d7b14987aa63548e452a
X-Cache: HIT
X-Age: 56026
X-77-POP: amsterdamNL
X-77-Cache: HIT
Accept-Ranges: bytes
go.xlivrdr.com/api/models/vast?campaignId=165aea9bcdd7aabac45f72d02f58fd24b8416bc57cfc540b1b4409ac823564af&campaignType=smartpop&creativeId=b1e02e2720203f684f246d97afe36747c347d0383f37e85772df9f975015b451&duration=00%3A00%3A30&endpoint=room&iterationId=257107&masterSmartpopId=2683&memberId=ooc4ASOptrultrdVdTdRZXO6VzqpbXUzOodTK6V0rpXT1UU0uldK6V0zpXSuldK6Z0rpXTOc6V3..3eceZQzRg3M5zpXSuldK6V0rpXSulcH2A--&p1=4581534&ruleId=157&skipOffset=00%3A00%3A05&smartpopId=3564&sourceId=4869086&tag=-girls%2Findian&userId=1f2ad638bb163e0f21b19d6cbbcd5805b56eb7b1ef21117b6157eaf2a11915c9&variationId=29475&videosList=oil-show11
104.18.59.150200 OK 1.1 kB URL HTTP/2 go.xlivrdr.com/api/models/vast?campaignId=165aea9bcdd7aabac45f72d02f58fd24b8416bc57cfc540b1b4409ac823564af&campaignType=smartpop&creativeId=b1e02e2720203f684f246d97afe36747c347d0383f37e85772df9f975015b451&duration=00%3A00%3A30&endpoint=room&iterationId=257107&masterSmartpopId=2683&memberId=ooc4ASOptrultrdVdTdRZXO6VzqpbXUzOodTK6V0rpXT1UU0uldK6V0zpXSuldK6Z0rpXTOc6V3..3eceZQzRg3M5zpXSuldK6V0rpXSulcH2A--&p1=4581534&ruleId=157&skipOffset=00%3A00%3A05&smartpopId=3564&sourceId=4869086&tag=-girls%2Findian&userId=1f2ad638bb163e0f21b19d6cbbcd5805b56eb7b1ef21117b6157eaf2a11915c9&variationId=29475&videosList=oil-show11
IP 104.18.59.150:0
File type XML 1.0 document text\012- XML document, ASCII text, with very long lines (2078), with no line terminators
Hash 565a0f6ae3fb6f45026aa30f1adc19ab
c97bae7fde414ba9bee0d25ea8802e386125cf60
ccf0a51b302c459cc4b428795c326259af1c59b6962b2a9e6b432d2508154fa9
GET /api/models/vast?campaignId=165aea9bcdd7aabac45f72d02f58fd24b8416bc57cfc540b1b4409ac823564af&campaignType=smartpop&creativeId=b1e02e2720203f684f246d97afe36747c347d0383f37e85772df9f975015b451&duration=00%3A00%3A30&endpoint=room&iterationId=257107&masterSmartpopId=2683&memberId=ooc4ASOptrultrdVdTdRZXO6VzqpbXUzOodTK6V0rpXT1UU0uldK6V0zpXSuldK6Z0rpXTOc6V3..3eceZQzRg3M5zpXSuldK6V0rpXSulcH2A--&p1=4581534&ruleId=157&skipOffset=00%3A00%3A05&smartpopId=3564&sourceId=4869086&tag=-girls%2Findian&userId=1f2ad638bb163e0f21b19d6cbbcd5805b56eb7b1ef21117b6157eaf2a11915c9&variationId=29475&videosList=oil-show11 HTTP/1.1
Host: go.xlivrdr.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://media.aso1.net
Referer: https://media.aso1.net/
Connection: keep-alive
Cookie: __cflb=02DiuDfsBaY2bRYJiCeS4Kkib9dpHBnhae8qsFA7P8fhe
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Tue, 27 Dec 2022 05:48:57 GMT
content-type: text/xml; charset=utf-8
access-control-allow-origin: https://media.aso1.net
access-control-allow-credentials: true
access-control-allow-headers: Content-Type, Content-Length, Accept-Encoding, x-requested-with
cf-cache-status: DYNAMIC
server: cloudflare
cf-ray: 77ffc52ce996b51d-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 7f4b618aeb3e3280e8ce4414ed4fcd3c
4f0e7a81c7292974ed9b53cf8d460f956a1bd49b
5b1097bd9b32df5d4b6fcd22e682a5de410500a46ee39eef49fd519f3c8346e9
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "5B1097BD9B32DF5D4B6FCD22E682A5DE410500A46EE39EEF49FD519F3C8346E9"
Last-Modified: Sun, 25 Dec 2022 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6896
Expires: Tue, 27 Dec 2022 07:43:53 GMT
Date: Tue, 27 Dec 2022 05:48:57 GMT
Connection: keep-alive
adxadserv.com/px/event/v1?e_t=pageview&url=https%253A%252F%252Fads.adxadserv.com%252Fad%253Fspotid%253D636bc5d561d6e27071201a23%2526type%253D300x250%2526output%253Dhtml&ref=https%253A%252F%252Fxfantazy.com%252F&d_r=1&d_s=1280x1024&d_w=300x250&t_s=1672120133548&t_i=1672120133744&u_tz=0&u_l=en-US&u_l2=&u_l3=&pv_uid=34bdc898-eb4f-4662-9aa1-2cf44c4027d2&nav_rc=0&nav_nt=NAVIGATE&p_nn=adxad-rtb&p_pt=IFRAME&imid=27860e18-85aa-11ed-9eb5-52ca5d2668e1&spid=636bc5d561d6e27071201a23&fpid_sa=1672120133744&fpid=&feid_sa=1672120133744&sid_sa=1672120133744&feid=c2a365d9e0aabbb1f1f7115e6da79d02&sid=3463e342f393afcc57438eb7d083290e&u_adb=0&vn=T-0.1.1&utm_typ=referral&utm_src=xfantazy.com&s_rst=1&e_d=%7B%22isResetRequired%22%3Atrue%7D&t_op=0.34
185.98.53.29200 OK 79 kB URL HTTP/1.1 adxadserv.com/px/event/v1?e_t=pageview&url=https%253A%252F%252Fads.adxadserv.com%252Fad%253Fspotid%253D636bc5d561d6e27071201a23%2526type%253D300x250%2526output%253Dhtml&ref=https%253A%252F%252Fxfantazy.com%252F&d_r=1&d_s=1280x1024&d_w=300x250&t_s=1672120133548&t_i=1672120133744&u_tz=0&u_l=en-US&u_l2=&u_l3=&pv_uid=34bdc898-eb4f-4662-9aa1-2cf44c4027d2&nav_rc=0&nav_nt=NAVIGATE&p_nn=adxad-rtb&p_pt=IFRAME&imid=27860e18-85aa-11ed-9eb5-52ca5d2668e1&spid=636bc5d561d6e27071201a23&fpid_sa=1672120133744&fpid=&feid_sa=1672120133744&sid_sa=1672120133744&feid=c2a365d9e0aabbb1f1f7115e6da79d02&sid=3463e342f393afcc57438eb7d083290e&u_adb=0&vn=T-0.1.1&utm_typ=referral&utm_src=xfantazy.com&s_rst=1&e_d=%7B%22isResetRequired%22%3Atrue%7D&t_op=0.34
IP 185.98.53.29:0
ASN #39572 DataWeb Global Group B.V.
Hash 436c7766e03dd04571e07287d4900382
79add0f0e05de23f687e41a2118fc1e6b57feeff
e5957e54895259b4f21dcda4fd625a88c5d30008d2a3fabc00c5b7db8eb69f2e
GET /px/event/v1?e_t=pageview&url=https%253A%252F%252Fads.adxadserv.com%252Fad%253Fspotid%253D636bc5d561d6e27071201a23%2526type%253D300x250%2526output%253Dhtml&ref=https%253A%252F%252Fxfantazy.com%252F&d_r=1&d_s=1280x1024&d_w=300x250&t_s=1672120133548&t_i=1672120133744&u_tz=0&u_l=en-US&u_l2=&u_l3=&pv_uid=34bdc898-eb4f-4662-9aa1-2cf44c4027d2&nav_rc=0&nav_nt=NAVIGATE&p_nn=adxad-rtb&p_pt=IFRAME&imid=27860e18-85aa-11ed-9eb5-52ca5d2668e1&spid=636bc5d561d6e27071201a23&fpid_sa=1672120133744&fpid=&feid_sa=1672120133744&sid_sa=1672120133744&feid=c2a365d9e0aabbb1f1f7115e6da79d02&sid=3463e342f393afcc57438eb7d083290e&u_adb=0&vn=T-0.1.1&utm_typ=referral&utm_src=xfantazy.com&s_rst=1&e_d=%7B%22isResetRequired%22%3Atrue%7D&t_op=0.34 HTTP/1.1
Host: adxadserv.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ads.adxadserv.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
HTTP/1.1 200 OK
Server: nginx/1.20.1
Date: Tue, 27 Dec 2022 05:48:57 GMT
Content-Length: 0
Connection: keep-alive
cdn.barscreative1.com/sb/interstitial/rtb/default/3/index.html
45.133.44.4200 OK 803 B URL HTTP/2 cdn.barscreative1.com/sb/interstitial/rtb/default/3/index.html
IP 45.133.44.4:0
ASN #39572 DataWeb Global Group B.V.
Hash d3ac7d0a0203397f495c578fc9314192
35f407ce6c62e9c1ff19b226d7d64f54ac904608
3fdad024e7d4944a425b6887bffb19b78afabcec3bcb61b3272725d6d03ff398
Analyzer Verdict Alert fortinet Phishing
GET /sb/interstitial/rtb/default/3/index.html HTTP/1.1
Host: cdn.barscreative1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://xfantazy.com
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Tue, 27 Dec 2022 05:48:56 GMT
content-type: text/html; charset=utf-8
server: nginx/1.17.6
last-modified: Sat, 07 May 2022 03:21:27 GMT
etag: W/"6275e5b7-525"
cache-control: max-age=3600
access-control-allow-origin: *
access-control-expose-headers: Date
content-encoding: gzip
expires: Tue, 27 Dec 2022 06:48:56 GMT
x-proxy-cache: HIT
X-Firefox-Spdy: h2
cdn.barscreative1.com/sb/interstitial/rtb/default/3/index.html
45.133.44.4200 OK 73 kB URL HTTP/2 cdn.barscreative1.com/sb/interstitial/rtb/default/3/index.html
IP 45.133.44.4:0
ASN #39572 DataWeb Global Group B.V.
Hash cf2547ee6ff23b5cf462984d391ff71e
d0f71fa1856608052d359fab2e274f9b2efcf3a0
4557160d0b30f45280c1d30930c5dbac696ccd60aa4bc109815ec43c0e32e275
Analyzer Verdict Alert fortinet Phishing
GET /sb/interstitial/rtb/default/3/index.html HTTP/1.1
Host: cdn.barscreative1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://xfantazy.com
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Tue, 27 Dec 2022 05:48:56 GMT
content-type: text/html; charset=utf-8
server: nginx/1.17.6
last-modified: Sat, 07 May 2022 03:21:27 GMT
etag: W/"6275e5b7-525"
cache-control: max-age=3600
access-control-allow-origin: *
access-control-expose-headers: Date
content-encoding: gzip
expires: Tue, 27 Dec 2022 06:48:56 GMT
x-proxy-cache: HIT
X-Firefox-Spdy: h2
pogothere.xyz/asd100.bin
172.64.172.27200 OK 106 kB IP 172.64.172.27:0
Size 106 kB (106314 bytes)
Hash a59f903dacc83f9d56eee5a8a70df719
d4975675c5937b403c090a500c679f3b09f51641
22ee962b9571573704d6dcd0595ce4b2d75a5dc62e9ca56ce842d3ec88a26fe5
GET /asd100.bin HTTP/1.1
Host: pogothere.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://xfantazy.com/
Origin: https://xfantazy.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Tue, 27 Dec 2022 05:48:56 GMT
content-type: binary/octet-stream
access-control-allow-origin: https://xfantazy.com
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-headers: X-Requested-With, content-type
cache-control: max-age=14400
cf-cache-status: HIT
age: 5450
last-modified: Tue, 27 Dec 2022 04:18:06 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=1r9Wt8VyFkyD7%2B4V7oPgIcuoPAdCky7H6kezSZ034oNYls4KX%2F%2BirzY%2Fw2kEe4N%2BCNhK9rh3H3O3gl7GW4nFh1YpCo6Y6NZGPtd1H%2Bj%2BrCYd4Srr0z89LwraElD926%2FA"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 77ffc525ffe1756e-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
static-cache.k2s.cc/thumbnail/cruS7HagmKjurDyRrg/w320h240/0.jpeg
188.72.235.185200 OK 10 kB URL HTTP/2 static-cache.k2s.cc/thumbnail/cruS7HagmKjurDyRrg/w320h240/0.jpeg
IP 188.72.235.185:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v80), quality = 80", baseline, precision 8, 320x240, components 3\012- data
Hash 7bde17c9faedd3e0b582b32e24058f4c
9ca2d0a542e18df4b83a01343b5d0451460b0045
32c81529cfe4c993f794ee0d01919ed071f876c9c940bb8ca7a764d6e4d56c28
GET /thumbnail/cruS7HagmKjurDyRrg/w320h240/0.jpeg HTTP/1.1
Host: static-cache.k2s.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: openresty
date: Tue, 27 Dec 2022 05:48:57 GMT
content-type: image/jpeg
content-length: 10536
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
access-control-allow-origin: *
x-cache-status: HIT
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 4.6 kB IP 93.184.220.29:0
Hash 0d724ddb2b1e3b9ed3a9b979e3b96ad3
aa3eb654e6135469863f514e474fe3f0c514c403
d3701e8e366631eeb70f26df2c76e218c4e039d0de55691228de4802f01bb108
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4663
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Tue, 27 Dec 2022 05:48:58 GMT
Last-Modified: Tue, 27 Dec 2022 04:31:15 GMT
Server: ECS (ska/F719)
X-Cache: HIT
Content-Length: 280
ocsp.digicert.com/
93.184.220.29200 OK 280 B IP 93.184.220.29:0
Hash 3d5fdf27d6fa5a576097372624cdf7ee
c18a7fd685a3923a206dbd11080528252d57b2dc
f0202ed46e1fe36a42e972bf70779a4211092dbd7d47527771a9044578f53e22
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5320
Cache-Control: max-age=166623
Content-Type: application/ocsp-response
Date: Tue, 27 Dec 2022 05:48:58 GMT
Etag: "63aa5a61-118"
Expires: Thu, 29 Dec 2022 04:06:01 GMT
Last-Modified: Tue, 27 Dec 2022 02:37:21 GMT
Server: ECS (ska/F717)
X-Cache: HIT
Content-Length: 280
chapelcertain.com/impr.gif?sid=H4sIAAAAAAAC%2F5RTT4gcRRevzrcffPCJ%2F8hFRWgyIAphtnv%2B7MxsCOtms4lDNrvr7kiIl1BdVT1bmeqqpqp7enYlsCRBc9yIh5hLet%2FsZE0MJjmIIAoy40X2lPEgI7gHzyrBgOSmzOxCVPDgg%2B73Hr96vN%2Bv3qt3N%2BNd5ECMB4un1RoXAo8Xs4796hkuqUqMPV%2BzXSfrHLHPcDlROGK3hj%2FdnHSdYtZ5zT7JSEON5xzXcVzHtU9wzXzVGh%2BhwMM7FTdbcbKFXNYtFqCl%2F5qb2AKDLaDNXfQ8cNr%2F78o394GTLsjg3nFmGpEKD88GscCR0tCk22%2FJhlSJhOBJ6GsLfLm9fxqU6SN07QAoub2vAFRza6gAPN5H1ncueHJ7nyZ4zc4eU08Ak%2BDR%2F0PS7AITXeC4C0RdAk4fIABCYX4BZHBzXukEr%2B6heIj20dhvj4AnfTT2w0GQwSfHBG%2FZy0rEEVfSQMtPgbe6wOtdCOMeRGsW8KQHJLoInCKQQQqcpiPVnHeB%2B10QbAOwsSAeftyC2LcgDi0I6MDGxYrvOCXf8%2FP5coEQks8TUixP0CLNF8q%2BAzEZ0tqAKNwAIjaA6HUI9To0%2BNU%2BQhe3QMdfgVlJwVALTNRH1pvr0KQpJAxBYhAkGEHCESQRgqSZdqgwOZPepMLEnrvvc%2Fs%2Bn7ZVVN%2FEHRXVmUSb4S56bnQpvzz1OTTYwMY5v1JxfNcplCacCZeU3Ap1iYtxHucYoTkwPAVuDoz0rvE%2BOvjSjxAOJ3Xhd%2FBwD4zoAeHPAo5fBpy0SzkH8Eq7UHZgTd5p%2BVhGeG01S1QAVKUQRmMQrVqbYhe9MOKR%2B%2FkRMLLz%2BtO%2Fjp09dOEdIDqFUKdwnn%2BNoC6utJdUgraWVGLQ%2FYUw4gFfw8PBLUc4Yuj2KbaaKE2rx83GrWkyBIbhnRoz0RyWlMu6QR8f45QyfUJpwtCXVXOGeYuxWTkWaxmHc4szJ6pBqJkxXMkuYP6g9TYQ3kf%2F%2B3RrtJIvTl8Grnug48HhlSgKJ8fHieCkkQ2JaGQlDthePsWPhmdnkmWnUJOr0%2BccCOKdqc%2BWvr9WP6%2BBqy6Q8PKtTKZWrc3NZjKD8Yc3PujUODUeq2smDYvsiAsvppO26ziOPb9wyvaVtimr2w9vXF%2B%2Fm8kcn12eWaou1qoL85nM4NByY1XSEd7r2H6vYzeZaKjARJ6SsXl44%2F17dzOZuemlk7PnqqenTw6bOv8gIFqJA09iLv4u4qNMpjozajf5b0tf4UE9OsqJkmDCHbRvYBQCLZ7kXmhBEqdtnfN2pjpf%2FHT58eMOCN5HR55JQLCdqVsfDu06YC8Fw%2F5U%2BCTeNFegri3A0aXRe23qFJoiBSw2wMT%2FaUeh3pn6Nj8y8ITV9oS2tjyhxdW9DTR8YBfdAit75RKh1GOEuqVcvpx3nBylhVKFuRWITJ%2Fcfu%2BNPwAAAP%2F%2FAQAA%2F%2F8ubE0nkQUAAA%3D%3D
173.233.139.164200 OK 316 B URL HTTP/1.1 chapelcertain.com/impr.gif?sid=H4sIAAAAAAAC%2F5RTT4gcRRevzrcffPCJ%2F8hFRWgyIAphtnv%2B7MxsCOtms4lDNrvr7kiIl1BdVT1bmeqqpqp7enYlsCRBc9yIh5hLet%2FsZE0MJjmIIAoy40X2lPEgI7gHzyrBgOSmzOxCVPDgg%2B73Hr96vN%2Bv3qt3N%2BNd5ECMB4un1RoXAo8Xs4796hkuqUqMPV%2BzXSfrHLHPcDlROGK3hj%2FdnHSdYtZ5zT7JSEON5xzXcVzHtU9wzXzVGh%2BhwMM7FTdbcbKFXNYtFqCl%2F5qb2AKDLaDNXfQ8cNr%2F78o394GTLsjg3nFmGpEKD88GscCR0tCk22%2FJhlSJhOBJ6GsLfLm9fxqU6SN07QAoub2vAFRza6gAPN5H1ncueHJ7nyZ4zc4eU08Ak%2BDR%2F0PS7AITXeC4C0RdAk4fIABCYX4BZHBzXukEr%2B6heIj20dhvj4AnfTT2w0GQwSfHBG%2FZy0rEEVfSQMtPgbe6wOtdCOMeRGsW8KQHJLoInCKQQQqcpiPVnHeB%2B10QbAOwsSAeftyC2LcgDi0I6MDGxYrvOCXf8%2FP5coEQks8TUixP0CLNF8q%2BAzEZ0tqAKNwAIjaA6HUI9To0%2BNU%2BQhe3QMdfgVlJwVALTNRH1pvr0KQpJAxBYhAkGEHCESQRgqSZdqgwOZPepMLEnrvvc%2Fs%2Bn7ZVVN%2FEHRXVmUSb4S56bnQpvzz1OTTYwMY5v1JxfNcplCacCZeU3Ap1iYtxHucYoTkwPAVuDoz0rvE%2BOvjSjxAOJ3Xhd%2FBwD4zoAeHPAo5fBpy0SzkH8Eq7UHZgTd5p%2BVhGeG01S1QAVKUQRmMQrVqbYhe9MOKR%2B%2FkRMLLz%2BtO%2Fjp09dOEdIDqFUKdwnn%2BNoC6utJdUgraWVGLQ%2FYUw4gFfw8PBLUc4Yuj2KbaaKE2rx83GrWkyBIbhnRoz0RyWlMu6QR8f45QyfUJpwtCXVXOGeYuxWTkWaxmHc4szJ6pBqJkxXMkuYP6g9TYQ3kf%2F%2B3RrtJIvTl8Grnug48HhlSgKJ8fHieCkkQ2JaGQlDthePsWPhmdnkmWnUJOr0%2BccCOKdqc%2BWvr9WP6%2BBqy6Q8PKtTKZWrc3NZjKD8Yc3PujUODUeq2smDYvsiAsvppO26ziOPb9wyvaVtimr2w9vXF%2B%2Fm8kcn12eWaou1qoL85nM4NByY1XSEd7r2H6vYzeZaKjARJ6SsXl44%2F17dzOZuemlk7PnqqenTw6bOv8gIFqJA09iLv4u4qNMpjozajf5b0tf4UE9OsqJkmDCHbRvYBQCLZ7kXmhBEqdtnfN2pjpf%2FHT58eMOCN5HR55JQLCdqVsfDu06YC8Fw%2F5U%2BCTeNFegri3A0aXRe23qFJoiBSw2wMT%2FaUeh3pn6Nj8y8ITV9oS2tjyhxdW9DTR8YBfdAit75RKh1GOEuqVcvpx3nBylhVKFuRWITJ%2Fcfu%2BNPwAAAP%2F%2FAQAA%2F%2F8ubE0nkQUAAA%3D%3D
IP 173.233.139.164:0
Hash e9df420adc87ae9e37e7da0d3c6eca9f
bedfa4d9d30e6cb552ba205d6be446a609a6af92
d054b60b223fa0f87457ea53a209b715c40b18d62968c89c320af94cea6c583f
Analyzer Verdict Alert quad9 Sinkholed
GET /impr.gif?sid=H4sIAAAAAAAC%2F5RTT4gcRRevzrcffPCJ%2F8hFRWgyIAphtnv%2B7MxsCOtms4lDNrvr7kiIl1BdVT1bmeqqpqp7enYlsCRBc9yIh5hLet%2FsZE0MJjmIIAoy40X2lPEgI7gHzyrBgOSmzOxCVPDgg%2B73Hr96vN%2Bv3qt3N%2BNd5ECMB4un1RoXAo8Xs4796hkuqUqMPV%2BzXSfrHLHPcDlROGK3hj%2FdnHSdYtZ5zT7JSEON5xzXcVzHtU9wzXzVGh%2BhwMM7FTdbcbKFXNYtFqCl%2F5qb2AKDLaDNXfQ8cNr%2F78o394GTLsjg3nFmGpEKD88GscCR0tCk22%2FJhlSJhOBJ6GsLfLm9fxqU6SN07QAoub2vAFRza6gAPN5H1ncueHJ7nyZ4zc4eU08Ak%2BDR%2F0PS7AITXeC4C0RdAk4fIABCYX4BZHBzXukEr%2B6heIj20dhvj4AnfTT2w0GQwSfHBG%2FZy0rEEVfSQMtPgbe6wOtdCOMeRGsW8KQHJLoInCKQQQqcpiPVnHeB%2B10QbAOwsSAeftyC2LcgDi0I6MDGxYrvOCXf8%2FP5coEQks8TUixP0CLNF8q%2BAzEZ0tqAKNwAIjaA6HUI9To0%2BNU%2BQhe3QMdfgVlJwVALTNRH1pvr0KQpJAxBYhAkGEHCESQRgqSZdqgwOZPepMLEnrvvc%2Fs%2Bn7ZVVN%2FEHRXVmUSb4S56bnQpvzz1OTTYwMY5v1JxfNcplCacCZeU3Ap1iYtxHucYoTkwPAVuDoz0rvE%2BOvjSjxAOJ3Xhd%2FBwD4zoAeHPAo5fBpy0SzkH8Eq7UHZgTd5p%2BVhGeG01S1QAVKUQRmMQrVqbYhe9MOKR%2B%2FkRMLLz%2BtO%2Fjp09dOEdIDqFUKdwnn%2BNoC6utJdUgraWVGLQ%2FYUw4gFfw8PBLUc4Yuj2KbaaKE2rx83GrWkyBIbhnRoz0RyWlMu6QR8f45QyfUJpwtCXVXOGeYuxWTkWaxmHc4szJ6pBqJkxXMkuYP6g9TYQ3kf%2F%2B3RrtJIvTl8Grnug48HhlSgKJ8fHieCkkQ2JaGQlDthePsWPhmdnkmWnUJOr0%2BccCOKdqc%2BWvr9WP6%2BBqy6Q8PKtTKZWrc3NZjKD8Yc3PujUODUeq2smDYvsiAsvppO26ziOPb9wyvaVtimr2w9vXF%2B%2Fm8kcn12eWaou1qoL85nM4NByY1XSEd7r2H6vYzeZaKjARJ6SsXl44%2F17dzOZuemlk7PnqqenTw6bOv8gIFqJA09iLv4u4qNMpjozajf5b0tf4UE9OsqJkmDCHbRvYBQCLZ7kXmhBEqdtnfN2pjpf%2FHT58eMOCN5HR55JQLCdqVsfDu06YC8Fw%2F5U%2BCTeNFegri3A0aXRe23qFJoiBSw2wMT%2FaUeh3pn6Nj8y8ITV9oS2tjyhxdW9DTR8YBfdAit75RKh1GOEuqVcvpx3nBylhVKFuRWITJ%2Fcfu%2BNPwAAAP%2F%2FAQAA%2F%2F8ubE0nkQUAAA%3D%3D HTTP/1.1
Host: chapelcertain.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Cookie: u_pl=15600826; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Tue, 27 Dec 2022 05:48:57 GMT
Content-Type: image/gif
Content-Length: 7
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: b70af8c2ca29512e5753ceb78409c61b
Strict-Transport-Security: max-age=0; includeSubdomains
video.ktkjmp.com/adsbygoogle.js
104.18.59.150200 OK 16 B URL HTTP/2 video.ktkjmp.com/adsbygoogle.js
IP 104.18.59.150:0
Hash 3d7f7a60216d40dea48e495fef6903c9
fecdb5184f55cf012563d78940eb97b10b9cc99b
96d83ac9f20fc0b88404f307f135e212642e02d6ea295c96b28aed0d771a224f
GET /adsbygoogle.js HTTP/1.1
Host: video.ktkjmp.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://creative.xlivrdr.com/
Origin: https://creative.xlivrdr.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Tue, 27 Dec 2022 05:48:58 GMT
content-type: application/javascript
content-length: 16
x-amz-id-2: umnGOMVCjminO+qe5UBV06OrSizh/U59KvaEibge5v1gMRbq/UnThpljPBepeh+5w7wEpQIcu/4=
x-amz-request-id: 3YW9SERF7DC7262X
last-modified: Thu, 10 Mar 2022 13:52:07 GMT
etag: "3d7f7a60216d40dea48e495fef6903c9"
x-amz-meta-s3cmd-attrs: atime:1646920284/ctime:1646920283/gid:20/gname:staff/md5:3d7f7a60216d40dea48e495fef6903c9/mode:33188/mtime:1646920283/uid:501/uname:mikhailchubar
x-amz-version-id: eIgLIBoMMcsEXtxOH6UDjWyfAquRpkIG
access-control-allow-origin: https://creative.xlivrdr.com
access-control-allow-credentials: true
access-control-allow-headers: Content-Type, Content-Length, Accept-Encoding, x-requested-with
cf-cache-status: HIT
age: 1459
expires: Tue, 27 Dec 2022 09:48:58 GMT
cache-control: public, max-age=14400
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 77ffc52ea898b4f7-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
pogothere.xyz/
172.64.172.27200 OK 337 B IP 172.64.172.27:0
File type ASCII text, with no line terminators
Hash 0c9f54aa908982a7eadeed8af9cb9d86
c1a9c3d57f420aa0b3cd56d0bb84837809ada43d
200280f00cde8beaaf45fc1ef467bc7521fd3f344f6d56b59685df50c8102e2e
GET / HTTP/1.1
Host: pogothere.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://xfantazy.com/
Origin: https://xfantazy.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Tue, 27 Dec 2022 05:48:56 GMT
content-type: text/plain
set-cookie: csu=1080711969661220@1@1672120136; Max-Age=31104000; Secure; SameSite=None
access-control-allow-origin: https://xfantazy.com
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-headers: X-Requested-With, content-type
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Xdbsk6ZYv1mCfZ4uWVZ%2BPWblMBy728tXZ98lJ8pOwIBDZrN73a2taCFqcAZBXaxk08dbr23pU5fAkgtU5aUWYQpPktn0ctmerPUIb713RUg%2FncosbjfMuqL8sQ9AuEeH"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 77ffc525ffe5756e-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
warilycommercialconstitutional.com/impr.gif?sid=H4sIAAAAAAAC%2F5RT32tcxRef22%2B%2BIBRFxRcFy6UL%2FoC6uXfvbrJJKTFN07o2TdIkUvSlzJ2ZuzvduXcuM3P3JhExtFX7mIoPxZfenM02thbbPoh9UCi7Pih56vogK5h%2FQIViQfoouwlUBR88cO85h8%2FMmc9nzpkPN5Id5ECCe%2FOn5CoXAg%2BX8o79yhkeUZlqe3bJdp28c9g%2Bw6OR4mF7uf9TjXHXKeWdV%2B0TjNTlcMFxHcd1XPs4VyyQy8MDFHh8c8zNjzn5YiHvloqwrP6e68QCjS2gjR30LHDa%2FX%2Ft%2BzvASRui8PYxputGxoemw0RgIxU06NZbUT2SaQTh4zBQFgTR1t5qkLqL0JV9IKOtPQUgG5t9BeDzLrJ%2BdMGPtvZogt9o7TL1BbAIfLof0kYbmGgDx20g8gJweh8BEAqzcxCF12alSvHKLor7aBcN%2FfEQeNpFQz8%2FB1H4xVHBl%2B1FKRLDZaRhOciAL7eBV9sQJx0wqxbwtAPEnAdOEURhBpxmA9Wct4EHbRBsHbC2IOl%2F3IIksCCJLQhpz8alscBxRgM%2F8LxykRDieYSUyiO0RL1iOXAgIX1a62DidSBiHYhag1itQZ1f7iJ0fhNUcg90LQNNLdCmi6zTa9CgGaQMQaoRpBhByhGkBkHayFpU6ILOrlGhE9%2Fd84U972VNaaobuCVNlUVoI95Bz%2FQvxXry%2FZehznp2wQ2YN1ZygqJbYE5hhHhe4PojhLER12M%2BBs0z4HrfQO8q76IDpf0Q8y56YuIe%2BLgDWnSA8KcBJy8CTpujBQdwrVksO7Aa3Y2wSRQWNYaFqWmZKMLyRCQ%2BUJlBbIbArFgbYgc9P2hU4beHwMj260%2F9PvT2wffeBaIyiFUG5%2Fi3CKriUnNBpmhzQaYa3ZmLDQ%2F5Ku43cdFgw9CNk2wllYpWjun165OkD%2FTDm0tMmxkcUR5VNfr8KKeUqeNSEYa%2BqegzzJ9PdO1ooqIknpmfOl4JY8W05jJqA%2Bb3l98B0hf75eZgPF%2BYvAhcdUAlvUM1Y%2BLx4WEiOKnnYyLq%2BQiHbDef4EfenCq%2F5q2edvyRylkHwmR74quFn65Uzyngsg0kvvhZLleZmpvN5Xrj%2F1LK1JLQjzAX%2Fyz3Eg%2Br5ggnMrqeyy1Vlmamc7ne8IOrn7SWONU%2BqyoWaWZsw4Wf0HHbdRzHnp07aQdS2ZRV7QdXP127lcsdm16cWqjML1UGNA4u1lciOsA7LTvotOwGE3UZauPLKNEPrn58%2B1YuNzO5cGL6bOXU5In%2Boc5%2FpQ463kZ7BloiUOJx7scWpEnWVAV%2Fe6L19a8XHz1qgeBdNH5kPwi2PfHd6V8%2BOHB3AbCfgWZ%2F2fg43tCXoKoswObC4O02VAYNkQEW66CT%2FzVNrLYnfvAGBr6wmr5Q1qYvlLi8O4Ga9%2BySW2RlvzxKKPUZoe5owSt7jlOgtDg6xtwxMLpLbnz0xp8AAAD%2F%2FwEAAP%2F%2Fd0RsV50FAAA%3D
173.233.137.60200 OK 7 B URL HTTP/1.1 warilycommercialconstitutional.com/impr.gif?sid=H4sIAAAAAAAC%2F5RT32tcxRef22%2B%2BIBRFxRcFy6UL%2FoC6uXfvbrJJKTFN07o2TdIkUvSlzJ2ZuzvduXcuM3P3JhExtFX7mIoPxZfenM02thbbPoh9UCi7Pih56vogK5h%2FQIViQfoouwlUBR88cO85h8%2FMmc9nzpkPN5Id5ECCe%2FOn5CoXAg%2BX8o79yhkeUZlqe3bJdp28c9g%2Bw6OR4mF7uf9TjXHXKeWdV%2B0TjNTlcMFxHcd1XPs4VyyQy8MDFHh8c8zNjzn5YiHvloqwrP6e68QCjS2gjR30LHDa%2FX%2Ft%2BzvASRui8PYxputGxoemw0RgIxU06NZbUT2SaQTh4zBQFgTR1t5qkLqL0JV9IKOtPQUgG5t9BeDzLrJ%2BdMGPtvZogt9o7TL1BbAIfLof0kYbmGgDx20g8gJweh8BEAqzcxCF12alSvHKLor7aBcN%2FfEQeNpFQz8%2FB1H4xVHBl%2B1FKRLDZaRhOciAL7eBV9sQJx0wqxbwtAPEnAdOEURhBpxmA9Wct4EHbRBsHbC2IOl%2F3IIksCCJLQhpz8alscBxRgM%2F8LxykRDieYSUyiO0RL1iOXAgIX1a62DidSBiHYhag1itQZ1f7iJ0fhNUcg90LQNNLdCmi6zTa9CgGaQMQaoRpBhByhGkBkHayFpU6ILOrlGhE9%2Fd84U972VNaaobuCVNlUVoI95Bz%2FQvxXry%2FZehznp2wQ2YN1ZygqJbYE5hhHhe4PojhLER12M%2BBs0z4HrfQO8q76IDpf0Q8y56YuIe%2BLgDWnSA8KcBJy8CTpujBQdwrVksO7Aa3Y2wSRQWNYaFqWmZKMLyRCQ%2BUJlBbIbArFgbYgc9P2hU4beHwMj260%2F9PvT2wffeBaIyiFUG5%2Fi3CKriUnNBpmhzQaYa3ZmLDQ%2F5Ku43cdFgw9CNk2wllYpWjun165OkD%2FTDm0tMmxkcUR5VNfr8KKeUqeNSEYa%2BqegzzJ9PdO1ooqIknpmfOl4JY8W05jJqA%2Bb3l98B0hf75eZgPF%2BYvAhcdUAlvUM1Y%2BLx4WEiOKnnYyLq%2BQiHbDef4EfenCq%2F5q2edvyRylkHwmR74quFn65Uzyngsg0kvvhZLleZmpvN5Xrj%2F1LK1JLQjzAX%2Fyz3Eg%2Br5ggnMrqeyy1Vlmamc7ne8IOrn7SWONU%2BqyoWaWZsw4Wf0HHbdRzHnp07aQdS2ZRV7QdXP127lcsdm16cWqjML1UGNA4u1lciOsA7LTvotOwGE3UZauPLKNEPrn58%2B1YuNzO5cGL6bOXU5In%2Boc5%2FpQ463kZ7BloiUOJx7scWpEnWVAV%2Fe6L19a8XHz1qgeBdNH5kPwi2PfHd6V8%2BOHB3AbCfgWZ%2F2fg43tCXoKoswObC4O02VAYNkQEW66CT%2FzVNrLYnfvAGBr6wmr5Q1qYvlLi8O4Ga9%2BySW2RlvzxKKPUZoe5owSt7jlOgtDg6xtwxMLpLbnz0xp8AAAD%2F%2FwEAAP%2F%2Fd0RsV50FAAA%3D
IP 173.233.137.60:0
File type ASCII text, with no line terminators
Hash 132d6af1b46048b45cf86cdee7991d31
eb7007d03d59b65bc6da7e098c4d38fc6dfb6285
ab852e838deccd742a03ca81d4a8d75cf1a00b327db3eaf46bd7da6b6db9384c
Analyzer Verdict Alert quad9 Sinkholed
GET /impr.gif?sid=H4sIAAAAAAAC%2F5RT32tcxRef22%2B%2BIBRFxRcFy6UL%2FoC6uXfvbrJJKTFN07o2TdIkUvSlzJ2ZuzvduXcuM3P3JhExtFX7mIoPxZfenM02thbbPoh9UCi7Pih56vogK5h%2FQIViQfoouwlUBR88cO85h8%2FMmc9nzpkPN5Id5ECCe%2FOn5CoXAg%2BX8o79yhkeUZlqe3bJdp28c9g%2Bw6OR4mF7uf9TjXHXKeWdV%2B0TjNTlcMFxHcd1XPs4VyyQy8MDFHh8c8zNjzn5YiHvloqwrP6e68QCjS2gjR30LHDa%2FX%2Ft%2BzvASRui8PYxputGxoemw0RgIxU06NZbUT2SaQTh4zBQFgTR1t5qkLqL0JV9IKOtPQUgG5t9BeDzLrJ%2BdMGPtvZogt9o7TL1BbAIfLof0kYbmGgDx20g8gJweh8BEAqzcxCF12alSvHKLor7aBcN%2FfEQeNpFQz8%2FB1H4xVHBl%2B1FKRLDZaRhOciAL7eBV9sQJx0wqxbwtAPEnAdOEURhBpxmA9Wct4EHbRBsHbC2IOl%2F3IIksCCJLQhpz8alscBxRgM%2F8LxykRDieYSUyiO0RL1iOXAgIX1a62DidSBiHYhag1itQZ1f7iJ0fhNUcg90LQNNLdCmi6zTa9CgGaQMQaoRpBhByhGkBkHayFpU6ILOrlGhE9%2Fd84U972VNaaobuCVNlUVoI95Bz%2FQvxXry%2FZehznp2wQ2YN1ZygqJbYE5hhHhe4PojhLER12M%2BBs0z4HrfQO8q76IDpf0Q8y56YuIe%2BLgDWnSA8KcBJy8CTpujBQdwrVksO7Aa3Y2wSRQWNYaFqWmZKMLyRCQ%2BUJlBbIbArFgbYgc9P2hU4beHwMj260%2F9PvT2wffeBaIyiFUG5%2Fi3CKriUnNBpmhzQaYa3ZmLDQ%2F5Ku43cdFgw9CNk2wllYpWjun165OkD%2FTDm0tMmxkcUR5VNfr8KKeUqeNSEYa%2BqegzzJ9PdO1ooqIknpmfOl4JY8W05jJqA%2Bb3l98B0hf75eZgPF%2BYvAhcdUAlvUM1Y%2BLx4WEiOKnnYyLq%2BQiHbDef4EfenCq%2F5q2edvyRylkHwmR74quFn65Uzyngsg0kvvhZLleZmpvN5Xrj%2F1LK1JLQjzAX%2Fyz3Eg%2Br5ggnMrqeyy1Vlmamc7ne8IOrn7SWONU%2BqyoWaWZsw4Wf0HHbdRzHnp07aQdS2ZRV7QdXP127lcsdm16cWqjML1UGNA4u1lciOsA7LTvotOwGE3UZauPLKNEPrn58%2B1YuNzO5cGL6bOXU5In%2Boc5%2FpQ463kZ7BloiUOJx7scWpEnWVAV%2Fe6L19a8XHz1qgeBdNH5kPwi2PfHd6V8%2BOHB3AbCfgWZ%2F2fg43tCXoKoswObC4O02VAYNkQEW66CT%2FzVNrLYnfvAGBr6wmr5Q1qYvlLi8O4Ga9%2BySW2RlvzxKKPUZoe5owSt7jlOgtDg6xtwxMLpLbnz0xp8AAAD%2F%2FwEAAP%2F%2Fd0RsV50FAAA%3D HTTP/1.1
Host: warilycommercialconstitutional.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Cookie: u_pl=17661735; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Tue, 27 Dec 2022 05:48:58 GMT
Content-Type: image/gif
Content-Length: 7
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 6fecc6961ae2c12e974dc588e0299dd4
Strict-Transport-Security: max-age=0; includeSubdomains
us.doctorpost.net/metrics/save.img?event=impressions&bid-id=v2-1672120136069-7-8077-1178228-b2a04662-82c1-431d-9e97-393851497278&img=https%3A%2F%2Ftrack.trackingtraffo.com%2Fpush%2Fic%3Fauth%3Dpz6u78%26c%3DT3cGUtCzL20_fI73-DPP5y-CEIM7e3n7-8auj33lmEVjzRE8h1PDjPNjRYVdBo6RM8wUDTZ8oVbNs4bnpAoqu3Ymlpa39oDROSlUQTKhEoekzA3im906YmgVOwYTZGK6IkyfURH3bnYNbLTb7-2e7F9DvyWo2rXuzRDaqdlxmFJ00tJc2ONtV4rGs5IKnqGEfI8Yvu0QIlYx0q6wqv5Fh6J7u45pvB7kpxmYEFWi-U7vaTetiL-Mvf1ApopsjQPSvlXgwPo6wdacxKhfzhdR9JYlNGyCLpJA4N0Hu9-XlygC3Q2rWcFi0JPBzIl2DFKxwOQ-8v8TPW61HhkyFsMx1W56VRjIEiH9kxKRfytaby_p4HSXV61kKVLGhdWDxSj11tHqkJx8gwNRveWAqluVYNxdyqmXQ6tMBpmBMba7NRC0DV2bXEa-sIai5_TYDfEwa-MevUCnsR4mekho6hmeYW5F4-AuAqd9uNz0ZlV4WZzqofpahDmFnfQ_A8DdNMrqVVFfVmJiGEnD0UlNfuyZx2jCESuHR3EZGDH-99bC0AzarZcQQAsMQ0ChMYgBxiIQ_ooS_VCmDCz9zHTxwWExqlHMc3am2frBhu6kzLRwbXJ_1Vki
38.100.129.135302 Found 0 B URL HTTP/2 us.doctorpost.net/metrics/save.img?event=impressions&bid-id=v2-1672120136069-7-8077-1178228-b2a04662-82c1-431d-9e97-393851497278&img=https%3A%2F%2Ftrack.trackingtraffo.com%2Fpush%2Fic%3Fauth%3Dpz6u78%26c%3DT3cGUtCzL20_fI73-DPP5y-CEIM7e3n7-8auj33lmEVjzRE8h1PDjPNjRYVdBo6RM8wUDTZ8oVbNs4bnpAoqu3Ymlpa39oDROSlUQTKhEoekzA3im906YmgVOwYTZGK6IkyfURH3bnYNbLTb7-2e7F9DvyWo2rXuzRDaqdlxmFJ00tJc2ONtV4rGs5IKnqGEfI8Yvu0QIlYx0q6wqv5Fh6J7u45pvB7kpxmYEFWi-U7vaTetiL-Mvf1ApopsjQPSvlXgwPo6wdacxKhfzhdR9JYlNGyCLpJA4N0Hu9-XlygC3Q2rWcFi0JPBzIl2DFKxwOQ-8v8TPW61HhkyFsMx1W56VRjIEiH9kxKRfytaby_p4HSXV61kKVLGhdWDxSj11tHqkJx8gwNRveWAqluVYNxdyqmXQ6tMBpmBMba7NRC0DV2bXEa-sIai5_TYDfEwa-MevUCnsR4mekho6hmeYW5F4-AuAqd9uNz0ZlV4WZzqofpahDmFnfQ_A8DdNMrqVVFfVmJiGEnD0UlNfuyZx2jCESuHR3EZGDH-99bC0AzarZcQQAsMQ0ChMYgBxiIQ_ooS_VCmDCz9zHTxwWExqlHMc3am2frBhu6kzLRwbXJ_1Vki
IP 38.100.129.135:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /metrics/save.img?event=impressions&bid-id=v2-1672120136069-7-8077-1178228-b2a04662-82c1-431d-9e97-393851497278&img=https%3A%2F%2Ftrack.trackingtraffo.com%2Fpush%2Fic%3Fauth%3Dpz6u78%26c%3DT3cGUtCzL20_fI73-DPP5y-CEIM7e3n7-8auj33lmEVjzRE8h1PDjPNjRYVdBo6RM8wUDTZ8oVbNs4bnpAoqu3Ymlpa39oDROSlUQTKhEoekzA3im906YmgVOwYTZGK6IkyfURH3bnYNbLTb7-2e7F9DvyWo2rXuzRDaqdlxmFJ00tJc2ONtV4rGs5IKnqGEfI8Yvu0QIlYx0q6wqv5Fh6J7u45pvB7kpxmYEFWi-U7vaTetiL-Mvf1ApopsjQPSvlXgwPo6wdacxKhfzhdR9JYlNGyCLpJA4N0Hu9-XlygC3Q2rWcFi0JPBzIl2DFKxwOQ-8v8TPW61HhkyFsMx1W56VRjIEiH9kxKRfytaby_p4HSXV61kKVLGhdWDxSj11tHqkJx8gwNRveWAqluVYNxdyqmXQ6tMBpmBMba7NRC0DV2bXEa-sIai5_TYDfEwa-MevUCnsR4mekho6hmeYW5F4-AuAqd9uNz0ZlV4WZzqofpahDmFnfQ_A8DdNMrqVVFfVmJiGEnD0UlNfuyZx2jCESuHR3EZGDH-99bC0AzarZcQQAsMQ0ChMYgBxiIQ_ooS_VCmDCz9zHTxwWExqlHMc3am2frBhu6kzLRwbXJ_1Vki HTTP/1.1
Host: us.doctorpost.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
server: openresty/1.15.8.3
date: Tue, 27 Dec 2022 05:48:58 GMT
content-length: 0
location: https://track.trackingtraffo.com/push/ic?auth=pz6u78&c=T3cGUtCzL20_fI73-DPP5y-CEIM7e3n7-8auj33lmEVjzRE8h1PDjPNjRYVdBo6RM8wUDTZ8oVbNs4bnpAoqu3Ymlpa39oDROSlUQTKhEoekzA3im906YmgVOwYTZGK6IkyfURH3bnYNbLTb7-2e7F9DvyWo2rXuzRDaqdlxmFJ00tJc2ONtV4rGs5IKnqGEfI8Yvu0QIlYx0q6wqv5Fh6J7u45pvB7kpxmYEFWi-U7vaTetiL-Mvf1ApopsjQPSvlXgwPo6wdacxKhfzhdR9JYlNGyCLpJA4N0Hu9-XlygC3Q2rWcFi0JPBzIl2DFKxwOQ-8v8TPW61HhkyFsMx1W56VRjIEiH9kxKRfytaby_p4HSXV61kKVLGhdWDxSj11tHqkJx8gwNRveWAqluVYNxdyqmXQ6tMBpmBMba7NRC0DV2bXEa-sIai5_TYDfEwa-MevUCnsR4mekho6hmeYW5F4-AuAqd9uNz0ZlV4WZzqofpahDmFnfQ_A8DdNMrqVVFfVmJiGEnD0UlNfuyZx2jCESuHR3EZGDH-99bC0AzarZcQQAsMQ0ChMYgBxiIQ_ooS_VCmDCz9zHTxwWExqlHMc3am2frBhu6kzLRwbXJ_1Vki
X-Firefox-Spdy: h2
warilycommercialconstitutional.com/pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Finterstitial%2Frtb%2Fdefault%2F3%2Fjs%2Fscript.js&l=749&fd=269
173.233.137.60200 OK 0 B URL HTTP/1.1 warilycommercialconstitutional.com/pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Finterstitial%2Frtb%2Fdefault%2F3%2Fjs%2Fscript.js&l=749&fd=269
IP 173.233.137.60:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Finterstitial%2Frtb%2Fdefault%2F3%2Fjs%2Fscript.js&l=749&fd=269 HTTP/1.1
Host: warilycommercialconstitutional.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Cookie: u_pl=17661735; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Tue, 27 Dec 2022 05:48:58 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
warilycommercialconstitutional.com/pixel/sbs?c=1
173.233.137.60200 OK 0 B URL HTTP/1.1 warilycommercialconstitutional.com/pixel/sbs?c=1
IP 173.233.137.60:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /pixel/sbs?c=1 HTTP/1.1
Host: warilycommercialconstitutional.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Cookie: u_pl=17661735; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Tue, 27 Dec 2022 05:48:58 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
chapelcertain.com/pixel/sbs?c=1
173.233.139.164200 OK 0 B URL HTTP/1.1 chapelcertain.com/pixel/sbs?c=1
IP 173.233.139.164:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /pixel/sbs?c=1 HTTP/1.1
Host: chapelcertain.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Cookie: u_pl=15600826; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Tue, 27 Dec 2022 05:48:58 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
img.strpst.com/thumbs/1672119662/96689290
104.18.63.124200 OK 24 kB URL HTTP/2 img.strpst.com/thumbs/1672119662/96689290
IP 104.18.63.124:0
Hash c6087ea92cac49a5d45c1ad2c131f9bc
9c0bb3a66d4cf5ad89b1c715f1d53b168f3bbdfa
e54879a30135a11e48e57f480da65380f362e3e1e646b68342dbd0dc0abb5fb3
GET /thumbs/1672119662/96689290 HTTP/1.1
Host: img.strpst.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://creative.xlivrdr.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Tue, 27 Dec 2022 05:48:58 GMT
content-type: image/jpeg
content-length: 18549
access-control-allow-credentials: true
access-control-allow-headers: *
access-control-allow-methods: PUT, POST, GET, DELETE, OPTIONS
access-control-allow-origin: *
cf-bgj: imgq:100,h2pri
cf-polished: origSize=19393, status=webp_bigger
etag: "89e6c3fb9ba10c2f096189b6286e72b0"
last-modified: Tue, 27 Dec 2022 05:40:51 GMT
cf-cache-status: HIT
age: 285
expires: Tue, 27 Dec 2022 06:18:58 GMT
cache-control: public, max-age=1800
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 77ffc53048ffb4ee-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
img.strpst.com/thumbs/1672119662/95501563
104.18.63.124200 OK 26 kB URL HTTP/2 img.strpst.com/thumbs/1672119662/95501563
IP 104.18.63.124:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 0x0, segment length 16, progressive, precision 8, 640x360, components 3\012- data
Hash 67a925bc9ee2b4e8bf4881f301b51248
d54e496c174c7ae3780c265f8e01375d78131768
9399fbdd9d1c515cfd76ff5e958f9db3a23dd55e67d5f344355a5dbbde5cd776
GET /thumbs/1672119662/95501563 HTTP/1.1
Host: img.strpst.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://creative.xlirdr.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Tue, 27 Dec 2022 05:48:58 GMT
content-type: image/jpeg
content-length: 26252
cf-bgj: imgq:100,h2pri
cf-polished: origSize=27152, status=webp_bigger
etag: "dde6b1395b1ad21436a0f5d08228905b"
last-modified: Tue, 27 Dec 2022 05:41:00 GMT
cf-cache-status: HIT
age: 285
expires: Tue, 27 Dec 2022 06:18:58 GMT
cache-control: public, max-age=1800
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 77ffc5309930b4ee-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 313 B IP 93.184.220.29:0
Hash b01c130300cd9da08482194de703efb4
5272be9c6950a3b043bb5ff01eef02c0aa7cf8fd
441192a9e584470b0a62b055c3eb45e40be90605d4d46dcc2169c2b611d9bb88
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 2491
Cache-Control: max-age=145423
Content-Type: application/ocsp-response
Date: Tue, 27 Dec 2022 05:48:58 GMT
Etag: "63aa129e-139"
Expires: Wed, 28 Dec 2022 22:12:41 GMT
Last-Modified: Mon, 26 Dec 2022 21:31:10 GMT
Server: ECS (ska/F719)
X-Cache: HIT
Content-Length: 313
ocsp.digicert.com/
93.184.220.29200 OK 313 B IP 93.184.220.29:0
Hash b01c130300cd9da08482194de703efb4
5272be9c6950a3b043bb5ff01eef02c0aa7cf8fd
441192a9e584470b0a62b055c3eb45e40be90605d4d46dcc2169c2b611d9bb88
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 2603
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Tue, 27 Dec 2022 05:48:58 GMT
Last-Modified: Tue, 27 Dec 2022 05:05:35 GMT
Server: ECS (ska/F717)
X-Cache: HIT
Content-Length: 313
roomimg.stream.highwebmedia.com/riw/madeline_jackson.jpg?1672120110
104.19.242.83200 OK 13 kB URL HTTP/2 roomimg.stream.highwebmedia.com/riw/madeline_jackson.jpg?1672120110
IP 104.19.242.83:0
File type JPEG image data, JFIF standard 1.02, aspect ratio, density 548x549, segment length 16, comment: "Lavc58.91.100", baseline, precision 8, 480x270, components 3\012- data
Hash 1af9fec237ca07ec1a2a69a2c38c428c
f8101b60941fd1d9105e343f4d33dcc07c9a126c
d22e4c0889aead6771294efc0ba054cdf84c8a5b2dd23d128df60468649624e2
GET /riw/madeline_jackson.jpg?1672120110 HTTP/1.1
Host: roomimg.stream.highwebmedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://chaturbate.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Tue, 27 Dec 2022 05:48:58 GMT
content-type: image/jpeg
content-length: 12800
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
cache-control: public, max-age=30
cf-bgj: imgq:100,h2pri
cf-polished: status=not_needed
content-security-policy: default-src 'none'; img-src data:; style-src 'unsafe-inline'
referrer-policy: strict-origin-when-cross-origin
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
x-frame-options: DENY
x-xss-protection: 1; mode=block
cf-cache-status: HIT
age: 5
last-modified: Tue, 27 Dec 2022 05:48:53 GMT
expires: Tue, 27 Dec 2022 05:49:28 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=gbaAbz6VXiGJCHQ36n3r%2B2YswnYyBtVa6rYHDAhXJN7wSJspGafWvWVBkr7Wqv1o4xgPIIaxflHmBHLmqi%2F2MlL9Icvn%2BIIQm4nzzwNfNF8cEAbHqP7vYQAmQnl8iqV8NazMifIjLzA%2F8aBFDoCHCGA%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
set-cookie: _cfuvid=tHrnOexTzHAn1qhVTrk1.7Xes3sYxRwI9K9dEovd62w-1672120138378-0-604800000; path=/; domain=.highwebmedia.com; HttpOnly; Secure; SameSite=None
server: cloudflare
cf-ray: 77ffc530dea9b4f3-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
roomimg.stream.highwebmedia.com/riw/gabrielaa_18.jpg?1672120110
104.19.242.83200 OK 5.7 kB URL HTTP/2 roomimg.stream.highwebmedia.com/riw/gabrielaa_18.jpg?1672120110
IP 104.19.242.83:0
File type JPEG image data, JFIF standard 1.02, aspect ratio, density 959x960, segment length 16, progressive, precision 8, 480x270, components 3\012- data
Hash e5c6bacb77bc5c75b44316a46aaf45e2
8bfb7a3a286fd17379c28140324e9164c42bc170
bf60b652c4e810a4f2e2f9990a37d6d001586f0497a75dc607650f98d15ebd58
GET /riw/gabrielaa_18.jpg?1672120110 HTTP/1.1
Host: roomimg.stream.highwebmedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://chaturbate.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Tue, 27 Dec 2022 05:48:58 GMT
content-type: image/jpeg
content-length: 5709
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
cache-control: public, max-age=30
cf-bgj: imgq:100,h2pri
cf-polished: origSize=5796
content-security-policy: default-src 'none'; img-src data:; style-src 'unsafe-inline'
referrer-policy: strict-origin-when-cross-origin
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
x-frame-options: DENY
x-xss-protection: 1; mode=block
cf-cache-status: HIT
age: 26
last-modified: Tue, 27 Dec 2022 05:48:32 GMT
expires: Tue, 27 Dec 2022 05:49:28 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=eTgDWRf5pf2cBxMVIf71ZCPF8n2ZRkVHQ%2BSMZR6U5W9v4%2FJM4onPD7cECHvv3ApInhGZlQoBs8VHwmLtx2rbHJeMLzHaeq5RRx9LQjKQqnx2JP4owS2FbHZWwdrRLbueCylxWT5vlFDVNdPzNcjuSQY%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
set-cookie: _cfuvid=tHrnOexTzHAn1qhVTrk1.7Xes3sYxRwI9K9dEovd62w-1672120138378-0-604800000; path=/; domain=.highwebmedia.com; HttpOnly; Secure; SameSite=None
server: cloudflare
cf-ray: 77ffc530dea8b4f3-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
roomimg.stream.highwebmedia.com/riw/_xobbylizziexo.jpg?1672120110
104.19.242.83200 OK 14 kB URL HTTP/2 roomimg.stream.highwebmedia.com/riw/_xobbylizziexo.jpg?1672120110
IP 104.19.242.83:0
File type JPEG image data, JFIF standard 1.02, aspect ratio, density 959x960, segment length 16, comment: "Lavc58.91.100", baseline, precision 8, 480x270, components 3\012- data
Hash 59b95151bdd363d014af96dfe6a7e9ed
245c791d6661390a8d7bc362e6bf04538d17521d
f218fcfd4544f7b0550cff59ad4231ede3fe62a0deed04eec02862bef2804586
GET /riw/_xobbylizziexo.jpg?1672120110 HTTP/1.1
Host: roomimg.stream.highwebmedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://chaturbate.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Tue, 27 Dec 2022 05:48:58 GMT
content-type: image/jpeg
content-length: 13964
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
cache-control: public, max-age=30
cf-bgj: imgq:100,h2pri
cf-polished: status=not_needed
content-security-policy: default-src 'none'; img-src data:; style-src 'unsafe-inline'
referrer-policy: strict-origin-when-cross-origin
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
x-frame-options: DENY
x-xss-protection: 1; mode=block
cf-cache-status: HIT
age: 21
last-modified: Tue, 27 Dec 2022 05:48:37 GMT
expires: Tue, 27 Dec 2022 05:49:28 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=aPkVJoQ%2FD5BilT6U7a5N0PS5m8mNYxR4tDoAe9cXxFtETT40wSl4s6FdVar634u0zdmy9uR4pNgQfP1ngqPpoHWfvE9pgINcDTXVTyu3rdC1CXBC1kyuX96EXYcCApKNw%2F5vRVHQrFzjFlYMVfr9wfc%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
set-cookie: _cfuvid=5KieTmuiE3n6DzDiJYyLRE7.kJIFnY30oqVnZt_FSBo-1672120138384-0-604800000; path=/; domain=.highwebmedia.com; HttpOnly; Secure; SameSite=None
server: cloudflare
cf-ray: 77ffc530deacb4f3-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 313 B IP 93.184.220.29:0
Hash b01c130300cd9da08482194de703efb4
5272be9c6950a3b043bb5ff01eef02c0aa7cf8fd
441192a9e584470b0a62b055c3eb45e40be90605d4d46dcc2169c2b611d9bb88
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 2491
Cache-Control: max-age=145423
Content-Type: application/ocsp-response
Date: Tue, 27 Dec 2022 05:48:58 GMT
Etag: "63aa129e-139"
Expires: Wed, 28 Dec 2022 22:12:41 GMT
Last-Modified: Mon, 26 Dec 2022 21:31:10 GMT
Server: ECS (ska/F719)
X-Cache: HIT
Content-Length: 313
ocsp.sectigo.com/
104.18.32.68200 OK 472 B IP 104.18.32.68:0
Hash 380f7b86a73a26224c781f90f4a4e6f6
cf330786c62bf584974134496b782220aea9d5eb
ed5ce43da1311e9548bd402b46b411268e237c329cfa2e49c3d2668613530227
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Tue, 27 Dec 2022 05:48:58 GMT
Content-Type: application/ocsp-response
Content-Length: 472
Connection: keep-alive
Last-Modified: Sat, 24 Dec 2022 15:56:20 GMT
Expires: Sat, 31 Dec 2022 15:56:19 GMT
Etag: "cf330786c62bf584974134496b782220aea9d5eb"
Cache-Control: max-age=381440,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb1
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 77ffc530fc78b524-OSL
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash c2ed15db473329cc36f7e7f070abcd3d
dd09aa9b2a8b62e98a3d4346c55d1d102a8db12b
a8f29f3416d2fd5a2129e788015cad1625614023e109e2cddfeb00f98448533b
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "A8F29F3416D2FD5A2129E788015CAD1625614023E109E2CDDFEB00F98448533B"
Last-Modified: Sun, 25 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=895
Expires: Tue, 27 Dec 2022 06:03:53 GMT
Date: Tue, 27 Dec 2022 05:48:58 GMT
Connection: keep-alive
lcdn.tsyndicate.com/sdk/v1/b.b.js
8.247.218.249200 OK 2.9 kB URL HTTP/2 lcdn.tsyndicate.com/sdk/v1/b.b.js
IP 8.247.218.249:0
Hash d6bc378e1e49a2f670a87a2d399234b5
9c0561eee030e4c6a9631836dbab039867a350b7
fd1c4957e65ace22ba9627a22f6977fb871623092425f5e9ca712086d76619ba
GET /sdk/v1/b.b.js HTTP/1.1
Host: lcdn.tsyndicate.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://a.naturalhealthsource.club/
Cookie: ts_uid=de2cff2a-113d-4f84-b305-7aa13a9b2a1c; bfq=APeIECNCxxYZOGDEwFGjRhcWIsYU3BLjoYgyE2PYuCFDBgwbNWbg6NJH
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Tue, 27 Dec 2022 05:48:58 GMT
content-type: application/javascript
content-length: 2808
last-modified: Tue, 22 Feb 2022 13:07:15 GMT
server: nginx
x-robots-tag: noindex, nofollow
content-encoding: gzip
vary: Accept-Encoding
etag: W/"6214e003-1eb1"
age: 25385875
accept-ranges: bytes
X-Firefox-Spdy: h2
ocsp.sectigo.com/
104.18.32.68200 OK 471 B IP 104.18.32.68:0
Hash f2007688836492686eaa9290cb9470ef
2d68e7c08a3dfa27bb529d0fb25a56b077ed04ff
bef767639198615a51d871071d376d22496783399a324ea17e2dfd9279a40e4f
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Tue, 27 Dec 2022 05:48:58 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Sat, 24 Dec 2022 18:28:18 GMT
Expires: Sat, 31 Dec 2022 18:28:17 GMT
Etag: "2d68e7c08a3dfa27bb529d0fb25a56b077ed04ff"
Cache-Control: max-age=390558,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb2
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 77ffc5316bd7fabc-OSL
imgdelnw.com/ie?v=4&c=mqwt2uPZ8eafceKB8nJuJFOMUmrc3NrNE6ClBSY5K6gB1OVu9eYexhfqN45YcdYt5JhiPXAJWSlxlSmMUp_k7ealIB8tA6J154eh9R5wDZruzPrmEn4rN_fn-QyOG0W6lqEdzjwYqhLjRh7lLHlhneYDJBE1NncKhe05jgTaIYHlf27ohLlHa8SF7wtQb6SWFpMK5fTD9mm6JP5AzmBzMf-pxcuIfKoichF-eoxKL-rqOuyQUZ48woWXyC6mbn8C_Ut6zxYXPW7mbXOGUzLqRu-1stvBtSWe77P35VgW-UHbBiw6iCoMVjR_vqcR8zuTFaWWtD-Dg3gGBHrUqEO4mhLJXVL4t5Ho_Iau-kkUVUcEOmx6tfe1HM1XyZi6hTf0wOzRk3_V0vCPLfW1w7bLf1A2T45SsMus52R9LdF9v3aD&v1=86&v2=68678
162.55.246.161301 Moved Permanently 0 B URL HTTP/1.1 imgdelnw.com/ie?v=4&c=mqwt2uPZ8eafceKB8nJuJFOMUmrc3NrNE6ClBSY5K6gB1OVu9eYexhfqN45YcdYt5JhiPXAJWSlxlSmMUp_k7ealIB8tA6J154eh9R5wDZruzPrmEn4rN_fn-QyOG0W6lqEdzjwYqhLjRh7lLHlhneYDJBE1NncKhe05jgTaIYHlf27ohLlHa8SF7wtQb6SWFpMK5fTD9mm6JP5AzmBzMf-pxcuIfKoichF-eoxKL-rqOuyQUZ48woWXyC6mbn8C_Ut6zxYXPW7mbXOGUzLqRu-1stvBtSWe77P35VgW-UHbBiw6iCoMVjR_vqcR8zuTFaWWtD-Dg3gGBHrUqEO4mhLJXVL4t5Ho_Iau-kkUVUcEOmx6tfe1HM1XyZi6hTf0wOzRk3_V0vCPLfW1w7bLf1A2T45SsMus52R9LdF9v3aD&v1=86&v2=68678
IP 162.55.246.161:0
ASN #24940 Hetzner Online GmbH
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /ie?v=4&c=mqwt2uPZ8eafceKB8nJuJFOMUmrc3NrNE6ClBSY5K6gB1OVu9eYexhfqN45YcdYt5JhiPXAJWSlxlSmMUp_k7ealIB8tA6J154eh9R5wDZruzPrmEn4rN_fn-QyOG0W6lqEdzjwYqhLjRh7lLHlhneYDJBE1NncKhe05jgTaIYHlf27ohLlHa8SF7wtQb6SWFpMK5fTD9mm6JP5AzmBzMf-pxcuIfKoichF-eoxKL-rqOuyQUZ48woWXyC6mbn8C_Ut6zxYXPW7mbXOGUzLqRu-1stvBtSWe77P35VgW-UHbBiw6iCoMVjR_vqcR8zuTFaWWtD-Dg3gGBHrUqEO4mhLJXVL4t5Ho_Iau-kkUVUcEOmx6tfe1HM1XyZi6hTf0wOzRk3_V0vCPLfW1w7bLf1A2T45SsMus52R9LdF9v3aD&v1=86&v2=68678 HTTP/1.1
Host: imgdelnw.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 301 Moved Permanently
server: fasthttp
date: Tue, 27 Dec 2022 05:48:58 GMT
content-length: 0
location: https://img.vmmcdn.com/get/7609021/200747_icon.png
x-app-id: 11
ocsp.digicert.com/
93.184.220.29200 OK 314 B IP 93.184.220.29:0
Hash 1c91bd38a49bc7c17147b4ab6a6b4c9b
c0eef5d8852808cb06767557f11c15384d0bd799
867a8e06b216b6c6b457600901e6d860c36de0b47c392b73b59e37e0ab8ea5c8
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 299
Cache-Control: max-age=127037
Content-Type: application/ocsp-response
Date: Tue, 27 Dec 2022 05:48:58 GMT
Etag: "63a9d35c-13a"
Expires: Wed, 28 Dec 2022 17:06:15 GMT
Last-Modified: Mon, 26 Dec 2022 17:01:16 GMT
Server: ECS (ska/F719)
X-Cache: HIT
Content-Length: 314
js-agent.newrelic.com/552.2d6a2503-1220.js
151.101.130.137200 OK 5.9 kB URL HTTP/2 js-agent.newrelic.com/552.2d6a2503-1220.js
IP 151.101.130.137:0
File type ASCII text, with very long lines (21423)
Hash 097ef34c5f5d635a147bca3721bd605b
3b31ef3cfb1d62d9884d631ec2467b9d6b0d46e2
3e05d4e42c1e87b516b525574b20d2570dccc50d1bd1b2956d6421699aa19914
GET /552.2d6a2503-1220.js HTTP/1.1
Host: js-agent.newrelic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://chaturbate.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: Lx7LUNyC193WWpSv5hW/L7UEeNSlDwufm33KpA2sv5a1ht8efI/6s62/R2OVbNZKkoG/gUHXaFI=
x-amz-request-id: VK0V8BCV38T7WVVS
last-modified: Wed, 05 Oct 2022 14:53:43 GMT
etag: "777ac0df4dba632ad1b2955c88dd51ac"
x-amz-version-id: 7EjqUQ3uiXAFqO0VnIOp2ymSTJq3JZwD
content-type: application/javascript
server: AmazonS3
access-control-allow-origin: *
cache-control: public, max-age=7200, stale-if-error=604800
content-encoding: gzip
accept-ranges: bytes
date: Tue, 27 Dec 2022 05:48:58 GMT
via: 1.1 varnish
x-served-by: cache-bma1631-BMA
x-cache: HIT
x-cache-hits: 1139
x-timer: S1672120139.662004,VS0,VE0
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
content-length: 5890
X-Firefox-Spdy: h2
chaturbate.com/tours/3/?tour=x1Rd&campaign=NcAyU&c=3&p=0&gender=f&disable_sound=0
104.18.101.40200 OK 350 kB URL HTTP/2 chaturbate.com/tours/3/?tour=x1Rd&campaign=NcAyU&c=3&p=0&gender=f&disable_sound=0
IP 104.18.101.40:0
Size 350 kB (349937 bytes)
Hash a3a4f0861885185a91c63a6ee64919a2
572905c0ef65ec908d48a897c1b0d556f40433de
a6126f001e272d244d36a972c01d092566df47acab055e34a0aad76701dd31bc
GET /tours/3/?tour=x1Rd&campaign=NcAyU&c=3&p=0&gender=f&disable_sound=0 HTTP/1.1
Host: chaturbate.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://cams.gratis/
Connection: keep-alive
Cookie: __cf_bm=sADbGLdpKjqL6QjW2WfKeLiLZXdsvib_uNRF2fvtDKY-1672120137-0-AcJsKyC/GXBtIY5BNeNvpdKYdQNsCkVpCLioPfRJsdHhcsg0bNUtiYpIVMaNvk2iia6nOzyLYaCQZW1B20Hh+q8=
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Tue, 27 Dec 2022 05:48:58 GMT
content-type: text/html; charset=utf-8
vary: Accept-Encoding, Accept-Language, Cookie
p3p: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"
content-language: en
content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.mmcdn.com https://*.highwebmedia.com https://*.chaturbate.com https://chaturbate.com https://ajax.googleapis.com https://js-agent.newrelic.com https://cdnjs.cloudflare.com https://www.google-analytics.com https://www.google.com/recaptcha/ https://www.google.com/cv/ https://www.gstatic.com/recaptcha/ https://www.gstatic.com/cv/ https://www.gstatic.com/eureka/ https://www.gstatic.com/cast/ https://*.nr-data.net https://certify-js.alexametrics.com https://player.vimeo.com/api/player.js http://static.hotjar.com https://static.hotjar.com https://script.hotjar.com ; style-src 'self' data: 'unsafe-inline' https://*.highwebmedia.com https://cdnjs.cloudflare.com https://fonts.googleapis.com ; img-src 'self' data: https://*.mmcdn.com https://*.highwebmedia.com https://*.stream.highwebmedia.com https://*.chaturbate.com https://chaturbate.com https://www.google-analytics.com https://static-pub.highwebmedia.com https://s3pv.highwebmedia.com https://cbphotovideo.s3.amazonaws.com https://cbphotovideo-eu.s3.amazonaws.com https://static-pub.highwebmedia.com.s3.amazonaws.com https://wowdvr.s3.amazonaws.com https://cbvideoupload.s3.amazonaws.com https://cdnjs.cloudflare.com https://www.gstatic.com https://*.nr-data.net https://certify.alexametrics.com https://stats.g.doubleclick.net https://cbgames.s3.amazonaws.com https://player.vimeo.com https://script.hotjar.com http://script.hotjar.com ; font-src 'self' data: https://*.mmcdn.com https://*.highwebmedia.com https://cdnjs.cloudflare.com https://fonts.gstatic.com http://script.hotjar.com https://script.hotjar.com ; connect-src 'self' blob: blob https://*.mmcdn.com wss://*.mmcdn.com wss://*.mmcdn.com:8443 https://*.highwebmedia.com wss://*.highwebmedia.com wss://*.highwebmedia.com:8443 https://*.nr-data.net https://*.chaturbate.com https://chaturbate.com https://www.google-analytics.com https://cbvideoupload.s3-accelerate.amazonaws.com https://stats.g.doubleclick.net https://internet-up.ably-realtime.com https://static-pub.highwebmedia.com https://s3pv.highwebmedia.com https://cbphotovideo.s3.amazonaws.com https://cbphotovideo-eu.s3.amazonaws.com https://static-pub.highwebmedia.com.s3.amazonaws.com https://wowdvr.s3.amazonaws.com https://cbvideoupload.s3.amazonaws.com https://tls-use1.fpapi.io https://use1.fptls.com https://eun1.fptls.com https://aps1.fptls.com http://*.hotjar.com:* https://*.hotjar.com:* https://vc.hotjar.io:* https://surveystats.hotjar.io wss://*.hotjar.com ; media-src 'self' https://*.mmcdn.com https://*.highwebmedia.com https://*.chaturbate.com https://chaturbate.com mediasource: blob: data: https://static-pub.highwebmedia.com https://s3pv.highwebmedia.com https://cbphotovideo.s3.amazonaws.com https://cbphotovideo-eu.s3.amazonaws.com https://static-pub.highwebmedia.com.s3.amazonaws.com https://wowdvr.s3.amazonaws.com https://cbvideoupload.s3.amazonaws.com; object-src 'self' https://*.mmcdn.com https://*.highwebmedia.com https://download.macromedia.com https://static-pub.highwebmedia.com https://s3pv.highwebmedia.com https://cbphotovideo.s3.amazonaws.com https://cbphotovideo-eu.s3.amazonaws.com https://static-pub.highwebmedia.com.s3.amazonaws.com https://wowdvr.s3.amazonaws.com https://cbvideoupload.s3.amazonaws.com ; frame-src 'self' https://*.mmcdn.com https://*.chaturbate.com https://chaturbate.com https://*.highwebmedia.com https://adserver.exoticads.com https://www.google.com/recaptcha/ https://*.wnu.com https://wnu.com https://checkout.2000charge.com https://www.sofort.com https://*.girogate.de https://player.vimeo.com https://vars.hotjar.com ; child-src 'self' blob: blob ; worker-src 'self' blob: blob ; form-action 'self' https://*.chaturbate.com https://chaturbate.com https://*.stream.highwebmedia.com https://*.wnu.com https://wnu.com https://devportal.cb.dev https://*.web.amer-1.jumio.ai https://smartpay.coinsmart.com https://secure.paygarden.com ; manifest-src 'self' https://*.mmcdn.com https://*.highwebmedia.com ; report-uri https://report-uri.mmcdn.com/r/t/csp/enforce;
report-to: {"group":"default","max_age":2592000,"endpoints":[{"url":"https://report-uri.mmcdn.com/a/t/g"}],"include_subdomains":true}
nel: {"report_to":"default","max_age":2592000,"include_subdomains":true}
cache-control: no-cache
set-cookie: affkey="eJyrVipSslJQyigpKSi20tdPTswt1ksvSizJLNZXqgUAilAJow=="; Domain=.chaturbate.com; expires=Thu, 26-Jan-2023 05:48:58 GMT; Max-Age=2592000; Path=/
sbr=sec:sbr04dd61d4-4e03-4442-b222-c7bdcbfaf9c2:1pA2pe:urmUR6oa0fn7WKI8KfyAc2B6LKo; Domain=.chaturbate.com; expires=Sun, 21-Sep-2025 05:48:58 GMT; HttpOnly; Max-Age=86313600; Path=/; Secure
x-content-type-options: nosniff
x-xss-protection: 1; mode=block; report=https://report-uri.highwebmedia.com/r/t/xss/enforce
referrer-policy: strict-origin-when-cross-origin
via: 1.1 google
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cf-cache-status: DYNAMIC
strict-transport-security: max-age=31536000; includeSubDomains; preload
server: cloudflare
cf-ray: 77ffc52dd817b4f7-OSL
content-encoding: br
X-Firefox-Spdy: h2
js-agent.newrelic.com/290.2d6a2503-1220.js
151.101.130.137200 OK 3.4 kB URL HTTP/2 js-agent.newrelic.com/290.2d6a2503-1220.js
IP 151.101.130.137:0
File type ASCII text, with very long lines (8544)
Hash b9baa2cb6a3b1a3d0fda03cd7db51631
42d37467e05182e3cab2fcb54577dc462adcf50b
31a8b4d47298cae24c66e37256a51474ae88a745fdfec79f99b2d43608e6d822
GET /290.2d6a2503-1220.js HTTP/1.1
Host: js-agent.newrelic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://chaturbate.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
x-amz-id-2: fhmr6WetDM+g2i2QlvVMRpxUR5FtkKdG9L63CCQ3CSWsvtR6j++f9vvc73sttpIYqURa2xyYTRk=
x-amz-request-id: VK0ZFWF8T6343F8V
last-modified: Wed, 05 Oct 2022 14:53:42 GMT
etag: "13898fbb4d7a1f83fc6722c4c12faf40"
x-amz-version-id: C4hj6k9j4I7xXuTBZvcbX78Bf.Ep8KMk
content-type: application/javascript
server: AmazonS3
access-control-allow-origin: *
cache-control: public, max-age=7200, stale-if-error=604800
content-encoding: gzip
accept-ranges: bytes
date: Tue, 27 Dec 2022 05:48:58 GMT
via: 1.1 varnish
x-served-by: cache-bma1631-BMA
x-cache: HIT
x-cache-hits: 1123
x-timer: S1672120139.729111,VS0,VE0
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
content-length: 3424
X-Firefox-Spdy: h2
js-agent.newrelic.com/768.2d6a2503-1220.js
151.101.130.137200 OK 2.2 kB URL HTTP/2 js-agent.newrelic.com/768.2d6a2503-1220.js
IP 151.101.130.137:0
File type ASCII text, with very long lines (5523)
Hash 98a96a3306b7723c0b8c4bff074cdd9f
e9070da7daa34fa2d8ac2e4ec00e3c499ea37516
a6079d50fa4c72b521fd865e67be080b5b21c336a71dbf7a1800a12ad42384f7
GET /768.2d6a2503-1220.js HTTP/1.1
Host: js-agent.newrelic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://chaturbate.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
x-amz-id-2: YghQGw//W98CcE+uLEc2bIpyY1zfBy1cvSl3ZbHItGIBbBbjBYrgjjDhKdNnyagoNGaVfLpI2xM=
x-amz-request-id: VK0XNZM280HMN60Q
last-modified: Wed, 05 Oct 2022 14:53:42 GMT
etag: "d6cc8b42eda6fd7734014b03b87b5787"
x-amz-version-id: 0CJw6LdyBdZcjhOiVrtC0pLcOFtA3d5G
content-type: application/javascript
server: AmazonS3
access-control-allow-origin: *
cache-control: public, max-age=7200, stale-if-error=604800
content-encoding: gzip
accept-ranges: bytes
date: Tue, 27 Dec 2022 05:48:58 GMT
via: 1.1 varnish
x-served-by: cache-bma1631-BMA
x-cache: HIT
x-cache-hits: 1129
x-timer: S1672120139.732615,VS0,VE0
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
content-length: 2225
X-Firefox-Spdy: h2
js-agent.newrelic.com/790.2d6a2503-1220.js
151.101.130.137200 OK 6.1 kB URL HTTP/2 js-agent.newrelic.com/790.2d6a2503-1220.js
IP 151.101.130.137:0
File type ASCII text, with very long lines (17591)
Hash b3193d37837e2f200e10db13deff83a9
d8577b8a972583e81cfd8e31436dcd039aa049b2
5ba2e421fa78af3094294f4f8e30ba63225537da3ad68e35fbab63b2d22a0288
GET /790.2d6a2503-1220.js HTTP/1.1
Host: js-agent.newrelic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://chaturbate.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
x-amz-id-2: veWtlyFq4FXZZ3C91QZ1ydEfJVdBNkWk12lPeQHXsOtJd4oL/94W2O+vIrequr5Q4TsFmN49oJA=
x-amz-request-id: VK0VJC72617ZJQFB
last-modified: Wed, 05 Oct 2022 14:53:43 GMT
etag: "af8c077a247e90dff929d7af81c94f57"
x-amz-version-id: TFyNie.wEelbO4xbna5bJ14MRDIkKCak
content-type: application/javascript
server: AmazonS3
access-control-allow-origin: *
cache-control: public, max-age=7200, stale-if-error=604800
content-encoding: gzip
accept-ranges: bytes
date: Tue, 27 Dec 2022 05:48:58 GMT
via: 1.1 varnish
x-served-by: cache-bma1631-BMA
x-cache: HIT
x-cache-hits: 434
x-timer: S1672120139.749745,VS0,VE0
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
content-length: 6064
X-Firefox-Spdy: h2
a.adtng.com/get/10010248?time=1592494928726&atc=425995&apb=2RrZ5ZCyPMZaTSnaLN_gOgSt6pPaLy6gX9sCGedM7vbuHMa_n5OSwaM6SsFWmIo0dGr9XrJ-EgDbNLSZy9bnS71Y0nG5vaVERNIokjcvYbc7kDF6GlfH_gUIDRUi
66.254.114.171200 OK 10 kB URL HTTP/2 a.adtng.com/get/10010248?time=1592494928726&atc=425995&apb=2RrZ5ZCyPMZaTSnaLN_gOgSt6pPaLy6gX9sCGedM7vbuHMa_n5OSwaM6SsFWmIo0dGr9XrJ-EgDbNLSZy9bnS71Y0nG5vaVERNIokjcvYbc7kDF6GlfH_gUIDRUi
IP 66.254.114.171:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (25395)
Hash 447861b48c9a0f7cb97f140bd73d4e46
9911cea171369ccf198739924dd46b082cbe7575
314f5b2d15b6e93b49d69d9e853cbfd3ac1f6ad15437432fba7b98c03dced8e0
GET /get/10010248?time=1592494928726&atc=425995&apb=2RrZ5ZCyPMZaTSnaLN_gOgSt6pPaLy6gX9sCGedM7vbuHMa_n5OSwaM6SsFWmIo0dGr9XrJ-EgDbNLSZy9bnS71Y0nG5vaVERNIokjcvYbc7kDF6GlfH_gUIDRUi HTTP/1.1
Host: a.adtng.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://a.naturalhealthsource.club/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: openresty
date: Tue, 27 Dec 2022 05:48:58 GMT
content-type: text/html
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-headers: Accept,Authorization,Cache-Control,Content-Type,DNT,If-Modified-Since,Keep-Alive,Origin,User-Agent,X-Requested-With
content-encoding: gzip
set-cookie: adtool_guid=Ch5KGmOqh0qSxRn4Z1nlAg==; expires=Thu, 31-Dec-37 23:55:55 GMT; path=/; Secure; HTTPOnly; SameSite=None;
RNLBSERVERID=ded7077; path=/; HttpOnly; Secure; SameSite=None
x-request-id: 63AA874A-42FE72AB01BBE405-D3E13A8
X-Firefox-Spdy: h2
js-agent.newrelic.com/775.2d6a2503-1220.js
151.101.130.137200 OK 632 B URL HTTP/2 js-agent.newrelic.com/775.2d6a2503-1220.js
IP 151.101.130.137:0
File type ASCII text, with very long lines (1169)
Hash 661520fd0dfebb919d68a69b60ca426f
b85ef80a0e0d95bf4904f9ce4fad56c49ae035be
ecd489671c6255fee8370fc1f8f4e99519ef8d4c4c0ab06640b0c021642e1db7
GET /775.2d6a2503-1220.js HTTP/1.1
Host: js-agent.newrelic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://chaturbate.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
x-amz-id-2: n5W3M8HU3EdwDhPARC2iiAf1as95kdLfrN2+qdL0W35SMVzIqjIlMR9W7ck8oTAzeIw6lrJi5fM=
x-amz-request-id: VK0MRM6MJ78HXF3Y
last-modified: Wed, 05 Oct 2022 14:53:42 GMT
etag: "1dfdb74c0491489bf04c6deadb56add2"
x-amz-version-id: y1AQ2bnjUbwuFOuSS5MP1vew1dGw.1iz
content-type: application/javascript
server: AmazonS3
access-control-allow-origin: *
cache-control: public, max-age=7200, stale-if-error=604800
content-encoding: gzip
accept-ranges: bytes
date: Tue, 27 Dec 2022 05:48:58 GMT
via: 1.1 varnish
x-served-by: cache-bma1631-BMA
x-cache: HIT
x-cache-hits: 1119
x-timer: S1672120139.751681,VS0,VE0
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
content-length: 632
X-Firefox-Spdy: h2
js-agent.newrelic.com/0.2d6a2503-1220.js
151.101.130.137200 OK 2.3 kB URL HTTP/2 js-agent.newrelic.com/0.2d6a2503-1220.js
IP 151.101.130.137:0
File type ASCII text, with very long lines (5198)
Hash 852267b16c136b977ccd94900c6c6308
e013e1b2c6de5b625ebbfe2e7cf3cfb09cee6c16
9bb09a133a1b33e9cecb06aa44e1ea67b3ad4ea74df5c6a89b1580064364cced
GET /0.2d6a2503-1220.js HTTP/1.1
Host: js-agent.newrelic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://chaturbate.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
x-amz-id-2: yaLgSlI/o1YgPR64REKW7tJGngFFiymXOCq3qvC8FibvMh/NPjIov1s2Y43sA3Nk7dOb/Jeu8n0=
x-amz-request-id: VK0HGZZCMTDZKH5X
last-modified: Wed, 05 Oct 2022 14:53:42 GMT
etag: "cc9b3d207e9ea2c79974f46bf474e6dd"
x-amz-version-id: 5C7ygpPS6JvoVHQoGDIm5lCTgaPcqmFc
content-type: application/javascript
server: AmazonS3
access-control-allow-origin: *
cache-control: public, max-age=7200, stale-if-error=604800
content-encoding: gzip
accept-ranges: bytes
date: Tue, 27 Dec 2022 05:48:58 GMT
via: 1.1 varnish
x-served-by: cache-bma1631-BMA
x-cache: HIT
x-cache-hits: 616
x-timer: S1672120139.752076,VS0,VE0
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
content-length: 2349
X-Firefox-Spdy: h2
js-agent.newrelic.com/39.2d6a2503-1220.js
151.101.130.137200 OK 2.8 kB URL HTTP/2 js-agent.newrelic.com/39.2d6a2503-1220.js
IP 151.101.130.137:0
File type ASCII text, with very long lines (7169)
Hash a0a406e7bdf3e14f047e46bcea27640c
c1fbc88d260f16a092c1b7b0e58e4291401478e8
2309d4e82574d5402ec3454a76051987336fe3b4e4d546f6565a3a443c6d4049
GET /39.2d6a2503-1220.js HTTP/1.1
Host: js-agent.newrelic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://chaturbate.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
x-amz-id-2: YVIhZ0s+kfqfyw3/OOPaabzaoXb/XwD4VELrgCLiMtI8cGCxgyDD6Y3bdLzWtK9lY7b2Y9dtVwM=
x-amz-request-id: VK0GJZ5NDAT42H61
last-modified: Wed, 05 Oct 2022 14:53:42 GMT
etag: "0448380a8f2cd0426bbdf04dd45b5408"
x-amz-version-id: rKoZQfJFmGD6aC9Xn3l7.fk4j9L96MM_
content-type: application/javascript
server: AmazonS3
access-control-allow-origin: *
cache-control: public, max-age=7200, stale-if-error=604800
content-encoding: gzip
accept-ranges: bytes
date: Tue, 27 Dec 2022 05:48:58 GMT
via: 1.1 varnish
x-served-by: cache-bma1631-BMA
x-cache: HIT
x-cache-hits: 620
x-timer: S1672120139.752101,VS0,VE0
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
content-length: 2755
X-Firefox-Spdy: h2
js-agent.newrelic.com/571.2d6a2503-1220.js
151.101.130.137200 OK 1.1 kB URL HTTP/2 js-agent.newrelic.com/571.2d6a2503-1220.js
IP 151.101.130.137:0
File type ASCII text, with very long lines (2412)
Hash d392a55faa7a0a2a43781a495891c9aa
1998ba6f85354606c186fa1a29285676f0b596f0
33b4cb21373961aa88430ff72406d46e95ceddf50afc086598ea5bdc3a311815
GET /571.2d6a2503-1220.js HTTP/1.1
Host: js-agent.newrelic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://chaturbate.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
x-amz-id-2: Yb3onr5wgE7GyebmH4WnkKwnI2MQKfjQMqMso3BN0Y71/Vtt12keZBjkbAuB5UJTI/GRzVXSccI=
x-amz-request-id: VK0WTM9PM29FXD43
last-modified: Wed, 05 Oct 2022 14:53:42 GMT
etag: "04b00905b32fd8d29459545bc125cff6"
x-amz-version-id: ySPuP7kOqGri8HjzDqW2TYirQNYv9NMF
content-type: application/javascript
server: AmazonS3
access-control-allow-origin: *
cache-control: public, max-age=7200, stale-if-error=604800
content-encoding: gzip
accept-ranges: bytes
date: Tue, 27 Dec 2022 05:48:58 GMT
via: 1.1 varnish
x-served-by: cache-bma1631-BMA
x-cache: HIT
x-cache-hits: 614
x-timer: S1672120139.752288,VS0,VE0
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
content-length: 1108
X-Firefox-Spdy: h2
js-agent.newrelic.com/820.2d6a2503-1220.js
151.101.130.137200 OK 3.0 kB URL HTTP/2 js-agent.newrelic.com/820.2d6a2503-1220.js
IP 151.101.130.137:0
File type ASCII text, with very long lines (7460)
Hash 7d1295a839190615b34d5a62acceee4f
eef26f5c6d2ae14cb81b3a9b669da224faceacd0
4d59d58f31b6638fbc3792a0b5fddca6e8eafc19a0c9e9aabadb5ad4d9197198
GET /820.2d6a2503-1220.js HTTP/1.1
Host: js-agent.newrelic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://chaturbate.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
x-amz-id-2: FgITvf3WklEMWkZwakon8gl0N9aTQ94pdNptn966xzqmGm/5HblQmQGcNcywcu4tvf5sbwoyl9E=
x-amz-request-id: VK0ZG74SYEQQ4TER
last-modified: Wed, 05 Oct 2022 14:53:42 GMT
etag: "897a1a72a47e4f4a24c05aec49af638f"
x-amz-version-id: P6j2S.7Iht6lmVHyZ_zkYmp136j6E8IA
content-type: application/javascript
server: AmazonS3
access-control-allow-origin: *
cache-control: public, max-age=7200, stale-if-error=604800
content-encoding: gzip
accept-ranges: bytes
date: Tue, 27 Dec 2022 05:48:58 GMT
via: 1.1 varnish
x-served-by: cache-bma1631-BMA
x-cache: HIT
x-cache-hits: 617
x-timer: S1672120139.752464,VS0,VE0
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
content-length: 2979
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash b15fbcb6f24af0b1d87b55fae20590f9
6798fa69bd41dd3d4701ad036f7096dac395468b
0282f647eb1ee40184de471c91f444206841f606aecd84d30b551d1ae73dce04
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "0282F647EB1EE40184DE471C91F444206841F606AECD84D30B551D1AE73DCE04"
Last-Modified: Sun, 25 Dec 2022 10:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7375
Expires: Tue, 27 Dec 2022 07:51:53 GMT
Date: Tue, 27 Dec 2022 05:48:58 GMT
Connection: keep-alive
img.vmmcdn.com/get/7609021/200747_icon.png
138.201.51.142200 OK 78 kB URL HTTP/1.1 img.vmmcdn.com/get/7609021/200747_icon.png
IP 138.201.51.142:0
ASN #24940 Hetzner Online GmbH
File type PNG image data, 192 x 192, 8-bit/color RGBA, non-interlaced\012- data
Hash 53282b73b589873fa79c738c03b4e47d
ca5ab91a4e36ebddd6b326fa67071e915415085d
530d10989a16c4cbdec879d1f82bb200fe63f5fb111179d873354058460dacc8
GET /get/7609021/200747_icon.png HTTP/1.1
Host: img.vmmcdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: openresty
Date: Tue, 27 Dec 2022 05:48:58 GMT
Content-Type: image/png
Content-Length: 78410
Connection: keep-alive
Last-Modified: Mon, 07 Nov 2022 15:29:52 GMT
Cache-Control: public, max-age=604800
ETag: "63692470-1324a"
X-Proxy-Cache: HIT
Accept-Ranges: bytes
hw-cdn2.ang-content.com/delivery/vortex/vortex-simple-1.0.0.js
205.185.208.20200 OK 5.0 kB URL HTTP/1.1 hw-cdn2.ang-content.com/delivery/vortex/vortex-simple-1.0.0.js
IP 205.185.208.20:0
File type ASCII text, with very long lines (5027), with no line terminators
Hash 5e5817bcf4c82c7c85d1d88636d221ce
b5c32cc6c931c33c1297884016e13d3b9a5bf261
6f0e50ac39121175ca0427c4e87cdfa2520b526c8497e23cffbca726eb6ca42c
GET /delivery/vortex/vortex-simple-1.0.0.js HTTP/1.1
Host: hw-cdn2.ang-content.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://a.adtng.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Date: Tue, 27 Dec 2022 05:48:58 GMT
Connection: Keep-Alive
ETag: "1541168231"
Content-Length: 5027
Content-Type: application/javascript
Last-Modified: Fri, 02 Nov 2018 14:17:11 GMT
Accept-Ranges: bytes
Cache-Control: max-age=10429762
X-HW: 1672120138.dop017.sk1.t,1672120138.cds262.sk1.shn,1672120138.cds262.sk1.c
Access-Control-Allow-Origin: *
hw-cdn2.adtng.com/delivery/intersection_observer/IntersectionObserver.js
209.197.3.25200 OK 17 kB URL HTTP/1.1 hw-cdn2.adtng.com/delivery/intersection_observer/IntersectionObserver.js
IP 209.197.3.25:0
File type ASCII text, with very long lines (16885), with no line terminators
Hash 48c80c7c28b5b00a8b4ff94a22b72fe3
d57303c2ad2fd5cedc5cb20f264a6965a7819cee
6e9be773031b3234fb9c2d6cf3d9740db1208f4351beca325ec34f76fd38f356
GET /delivery/intersection_observer/IntersectionObserver.js HTTP/1.1
Host: hw-cdn2.adtng.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://a.adtng.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
HTTP/1.1 200 OK
Date: Tue, 27 Dec 2022 05:48:58 GMT
Connection: Keep-Alive
ETag: "1649192094"
Content-Length: 16885
Content-Type: application/javascript
Last-Modified: Tue, 05 Apr 2022 20:54:54 GMT
Accept-Ranges: bytes
Cache-Control: max-age=10700585
X-HW: 1672120138.dop024.sk1.t,1672120138.cds013.sk1.shn,1672120138.cds013.sk1.c
Access-Control-Allow-Origin: *
hw-cdn2.ang-content.com/a7/creatives/1/49/814444/1030998/1030998_logo.png
205.185.208.20200 OK 60 kB URL HTTP/1.1 hw-cdn2.ang-content.com/a7/creatives/1/49/814444/1030998/1030998_logo.png
IP 205.185.208.20:0
File type PNG image data, 900 x 250, 8-bit colormap, non-interlaced\012- data
Hash 798caea0d314426d40fd500d8b96732f
7557efc84bcc649381c8118eb37e4243fe52df0e
0898893d60e07543ca69ed24331f3558234250d3bcdeb78d762959683c46754c
GET /a7/creatives/1/49/814444/1030998/1030998_logo.png HTTP/1.1
Host: hw-cdn2.ang-content.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://a.adtng.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Date: Tue, 27 Dec 2022 05:48:58 GMT
Connection: Keep-Alive
ETag: "1651856942"
Content-Length: 59993
Content-Type: image/png
Last-Modified: Fri, 06 May 2022 17:09:02 GMT
Accept-Ranges: bytes
Cache-Control: max-age=10579643
X-HW: 1672120138.dop232.sk1.t,1672120138.cds022.sk1.shn,1672120138.cds022.sk1.c
Access-Control-Allow-Origin: *
ads.trackingtraffo.com/creatives/k1qy286gxmd5g3dpr397nw5v/1659514995116-National%20Casino%20black.png
142.132.194.196200 OK 6.7 kB URL HTTP/1.1 ads.trackingtraffo.com/creatives/k1qy286gxmd5g3dpr397nw5v/1659514995116-National%20Casino%20black.png
IP 142.132.194.196:0
ASN #24940 Hetzner Online GmbH
Hash 6db88b9acaa9a19c44ffab006c919b1f
7210dbcc326d4d5af2bf052b6e80bb3bbe785f76
e135dd0eb718469d0009e9787f350b6853a839180edc0f37d65033f5e4b40dbd
GET /creatives/k1qy286gxmd5g3dpr397nw5v/1659514995116-National%20Casino%20black.png HTTP/1.1
Host: ads.trackingtraffo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.18.0 (Ubuntu)
Date: Tue, 27 Dec 2022 05:48:58 GMT
Content-Type: image/png
Content-Length: 4456
Last-Modified: Wed, 03 Aug 2022 08:23:15 GMT
Connection: keep-alive
ETag: "62ea3073-1168"
Accept-Ranges: bytes
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash eb58cc719fd0d1d6f662e03d942de8a3
7f231271af4288a9dcb973f9a3151b989bf51e8a
d1e151936c2060c8aa406dd2a5ff16779de6c33aa46b1936a18270f691c386df
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5308
Cache-Control: max-age=151841
Content-Type: application/ocsp-response
Date: Tue, 27 Dec 2022 05:48:58 GMT
Etag: "63aa20af-1d7"
Expires: Wed, 28 Dec 2022 23:59:39 GMT
Last-Modified: Mon, 26 Dec 2022 22:31:11 GMT
Server: ECS (ska/F719)
X-Cache: HIT
Content-Length: 471
bam.nr-data.net/1/6f524845d1?a=24279235&v=1220.PROD&to=MwYEbUdYXxJQWhULDApMIExbWkUIXldOFgwRERUXQ1BUFkIDFQ0WFlA%3D&rst=1204&ck=0&s=6feb198490ba4e6c&ref=https://chaturbate.com/tours/3/&ap=23&be=597&fe=363&dc=227&af=err,xhr,stn,ins,spa&perf=%7B%22timing%22:%7B%22of%22:1672120133867,%22n%22:0,%22r%22:0,%22re%22:249,%22f%22:249,%22dn%22:249,%22dne%22:249,%22c%22:249,%22s%22:249,%22ce%22:249,%22rq%22:257,%22rp%22:438,%22rpe%22:441,%22dl%22:563,%22di%22:820,%22ds%22:823,%22de%22:830,%22dc%22:959,%22l%22:959,%22le%22:964%7D,%22navigation%22:%7B%22rc%22:1%7D%7D&fcp=799&at=H0ETGw9CExRCXBM9CgBBXAkZG0QSVEsPAw4BQVwbamZQD15XPj1BSEEVUFJXRBFuXQAWBkZZVhUXenc%2BY1gYQFlGVFFfU1oEU1VdWVNUBlcADhh2Yi0TFUMhJTshCU0XAwlZHRsiJDwmDBJ8TU1DABMDQwQCCBADFVNYXRJUG01AEQECCmZcSRNbEwBQTFpUTVILGwgEVRMVQwMNCw05X1lYVhITA0NAT0YBA0pBZlYUVEoSPQoUQVwbDAgfWAEXVVBNVVZSGxkbUwRCTT4FFgEQFWZSXF5DCxsvLUFIQQ9JalpeFF9NExtBXkEodhcVEwhBZgINFgoXFEBqWl4PV1AFBw0HBkQDFwAIQx0bCBI8CgYSTlpLWkMLGwMOChxNBVZYGx1DWEk%2BDREDAghQT1hFCF5XQ1hBJg8PQRVqXg1ETQgNDRdBShtcSW4IQklDWEEmDw9BFWpeDURNCA0NF0FKG1xJbgBCV0NYVlRQVg0ZG1gRblgSDDwLEQEbDxtzDVhBQTEMCBYSUFpXQkFwakNOQQ0TOVpaV18EUk0IDQ07Fx9JUBsLQ3JYAw4GSyc1dRcVEwhBZhQRBhY8EkBFXBNbE0sEEQoABghNXFhdQx0bEwcSEQYVTWpJUBVZG1tATBAME0tGFgJOExVDFQ87CwlKQRsLQ1JRABYWFgEHTVAXUg5cG01AEA0XA2ZcXRNbABVDEQoQBjldWlRQCF8bW0AADAISTEdbUBVUFwINDkZPREtQSEQEQk0%2BCgwXF0QDF1pZAEVMEwACEAZIWlpUE00TWxMNFBcGFGZcXRNbEwlVBgdSUgINGA1UUQIUVVZXVk4ECwcLHAIGWwUBAQICAABWCxNNE0sEBAYWBhQbDxtZFUVJElhMSwAHVEYXVhNQTQgRTEZPREtQSEQEQk0%2BDwYQCwldFwMTJnRtQ05BFBoSUVpXbhdUSxILDApBXBsGFwZDHRsUAzwABhBQVlxuB1BUCA4aRllEdkFRVBMTFUMXAjsHA09cWlQ%2BRUARB0FeQQJcRlJFDkEbTUAWBTwJSmpfUAxYVRhAWUY0D1dRVkYSExVDFwI7DBVmQ1xDElhWD0BZRlJWGxkbRABuWxMNFBcGFGZTWFwIXUBDWEEiChRcU1ZJQx0bFAM8BhEJTkZcQz5HXBMRCgsNRAMXCAFUHwlDTkERAjlKQUtYD1YbW0AuCxkPVVlYHlQfCUFKNA0NAlZCShEvZRlQUk1UWEZuXFcHVQoZGVRXX0MUTw8IAVQfCUhCJAEADVYaCwFQAQlQUlJEJQ9LUF9eGR4IUVdNVEFKG1JQRT5SVgwPChBBXBsFCgdZBFwHUlpQAQAbGRtBAENYDBFBXkEdZRdNXhRDZUNYQzhBHghnXW1DHRk9QAAFDhZYXF5fPRMDQT5BKgAnQGBlE00RZUMBP0ZZRmUXCm1DHRk9QBM4QVwZaRsBPRMVQT5BAwYIXVBLbUMLGT1ABThBShlpG1UIQlgDDgY7EAlMW11tQwsZPUBTOEEbG0hE&jsonp=NREUM.setToken
162.247.241.14200 OK 77 B URL HTTP/1.1 bam.nr-data.net/1/6f524845d1?a=24279235&v=1220.PROD&to=MwYEbUdYXxJQWhULDApMIExbWkUIXldOFgwRERUXQ1BUFkIDFQ0WFlA%3D&rst=1204&ck=0&s=6feb198490ba4e6c&ref=https://chaturbate.com/tours/3/&ap=23&be=597&fe=363&dc=227&af=err,xhr,stn,ins,spa&perf=%7B%22timing%22:%7B%22of%22:1672120133867,%22n%22:0,%22r%22:0,%22re%22:249,%22f%22:249,%22dn%22:249,%22dne%22:249,%22c%22:249,%22s%22:249,%22ce%22:249,%22rq%22:257,%22rp%22:438,%22rpe%22:441,%22dl%22:563,%22di%22:820,%22ds%22:823,%22de%22:830,%22dc%22:959,%22l%22:959,%22le%22:964%7D,%22navigation%22:%7B%22rc%22:1%7D%7D&fcp=799&at=H0ETGw9CExRCXBM9CgBBXAkZG0QSVEsPAw4BQVwbamZQD15XPj1BSEEVUFJXRBFuXQAWBkZZVhUXenc%2BY1gYQFlGVFFfU1oEU1VdWVNUBlcADhh2Yi0TFUMhJTshCU0XAwlZHRsiJDwmDBJ8TU1DABMDQwQCCBADFVNYXRJUG01AEQECCmZcSRNbEwBQTFpUTVILGwgEVRMVQwMNCw05X1lYVhITA0NAT0YBA0pBZlYUVEoSPQoUQVwbDAgfWAEXVVBNVVZSGxkbUwRCTT4FFgEQFWZSXF5DCxsvLUFIQQ9JalpeFF9NExtBXkEodhcVEwhBZgINFgoXFEBqWl4PV1AFBw0HBkQDFwAIQx0bCBI8CgYSTlpLWkMLGwMOChxNBVZYGx1DWEk%2BDREDAghQT1hFCF5XQ1hBJg8PQRVqXg1ETQgNDRdBShtcSW4IQklDWEEmDw9BFWpeDURNCA0NF0FKG1xJbgBCV0NYVlRQVg0ZG1gRblgSDDwLEQEbDxtzDVhBQTEMCBYSUFpXQkFwakNOQQ0TOVpaV18EUk0IDQ07Fx9JUBsLQ3JYAw4GSyc1dRcVEwhBZhQRBhY8EkBFXBNbE0sEEQoABghNXFhdQx0bEwcSEQYVTWpJUBVZG1tATBAME0tGFgJOExVDFQ87CwlKQRsLQ1JRABYWFgEHTVAXUg5cG01AEA0XA2ZcXRNbABVDEQoQBjldWlRQCF8bW0AADAISTEdbUBVUFwINDkZPREtQSEQEQk0%2BCgwXF0QDF1pZAEVMEwACEAZIWlpUE00TWxMNFBcGFGZcXRNbEwlVBgdSUgINGA1UUQIUVVZXVk4ECwcLHAIGWwUBAQICAABWCxNNE0sEBAYWBhQbDxtZFUVJElhMSwAHVEYXVhNQTQgRTEZPREtQSEQEQk0%2BDwYQCwldFwMTJnRtQ05BFBoSUVpXbhdUSxILDApBXBsGFwZDHRsUAzwABhBQVlxuB1BUCA4aRllEdkFRVBMTFUMXAjsHA09cWlQ%2BRUARB0FeQQJcRlJFDkEbTUAWBTwJSmpfUAxYVRhAWUY0D1dRVkYSExVDFwI7DBVmQ1xDElhWD0BZRlJWGxkbRABuWxMNFBcGFGZTWFwIXUBDWEEiChRcU1ZJQx0bFAM8BhEJTkZcQz5HXBMRCgsNRAMXCAFUHwlDTkERAjlKQUtYD1YbW0AuCxkPVVlYHlQfCUFKNA0NAlZCShEvZRlQUk1UWEZuXFcHVQoZGVRXX0MUTw8IAVQfCUhCJAEADVYaCwFQAQlQUlJEJQ9LUF9eGR4IUVdNVEFKG1JQRT5SVgwPChBBXBsFCgdZBFwHUlpQAQAbGRtBAENYDBFBXkEdZRdNXhRDZUNYQzhBHghnXW1DHRk9QAAFDhZYXF5fPRMDQT5BKgAnQGBlE00RZUMBP0ZZRmUXCm1DHRk9QBM4QVwZaRsBPRMVQT5BAwYIXVBLbUMLGT1ABThBShlpG1UIQlgDDgY7EAlMW11tQwsZPUBTOEEbG0hE&jsonp=NREUM.setToken
IP 162.247.241.14:0
File type ASCII text, with no line terminators
Hash f1442f5831dbbe0210da2d7a4180d6b8
2ade23c6c7a001c66f0c0a9a101ec152747b434e
c6acf9fb2ecc1b144c51bd0337bbf1c26db3df2f649ac2da5c56db20d93eb3ef
GET /1/6f524845d1?a=24279235&v=1220.PROD&to=MwYEbUdYXxJQWhULDApMIExbWkUIXldOFgwRERUXQ1BUFkIDFQ0WFlA%3D&rst=1204&ck=0&s=6feb198490ba4e6c&ref=https://chaturbate.com/tours/3/&ap=23&be=597&fe=363&dc=227&af=err,xhr,stn,ins,spa&perf=%7B%22timing%22:%7B%22of%22:1672120133867,%22n%22:0,%22r%22:0,%22re%22:249,%22f%22:249,%22dn%22:249,%22dne%22:249,%22c%22:249,%22s%22:249,%22ce%22:249,%22rq%22:257,%22rp%22:438,%22rpe%22:441,%22dl%22:563,%22di%22:820,%22ds%22:823,%22de%22:830,%22dc%22:959,%22l%22:959,%22le%22:964%7D,%22navigation%22:%7B%22rc%22:1%7D%7D&fcp=799&at=H0ETGw9CExRCXBM9CgBBXAkZG0QSVEsPAw4BQVwbamZQD15XPj1BSEEVUFJXRBFuXQAWBkZZVhUXenc%2BY1gYQFlGVFFfU1oEU1VdWVNUBlcADhh2Yi0TFUMhJTshCU0XAwlZHRsiJDwmDBJ8TU1DABMDQwQCCBADFVNYXRJUG01AEQECCmZcSRNbEwBQTFpUTVILGwgEVRMVQwMNCw05X1lYVhITA0NAT0YBA0pBZlYUVEoSPQoUQVwbDAgfWAEXVVBNVVZSGxkbUwRCTT4FFgEQFWZSXF5DCxsvLUFIQQ9JalpeFF9NExtBXkEodhcVEwhBZgINFgoXFEBqWl4PV1AFBw0HBkQDFwAIQx0bCBI8CgYSTlpLWkMLGwMOChxNBVZYGx1DWEk%2BDREDAghQT1hFCF5XQ1hBJg8PQRVqXg1ETQgNDRdBShtcSW4IQklDWEEmDw9BFWpeDURNCA0NF0FKG1xJbgBCV0NYVlRQVg0ZG1gRblgSDDwLEQEbDxtzDVhBQTEMCBYSUFpXQkFwakNOQQ0TOVpaV18EUk0IDQ07Fx9JUBsLQ3JYAw4GSyc1dRcVEwhBZhQRBhY8EkBFXBNbE0sEEQoABghNXFhdQx0bEwcSEQYVTWpJUBVZG1tATBAME0tGFgJOExVDFQ87CwlKQRsLQ1JRABYWFgEHTVAXUg5cG01AEA0XA2ZcXRNbABVDEQoQBjldWlRQCF8bW0AADAISTEdbUBVUFwINDkZPREtQSEQEQk0%2BCgwXF0QDF1pZAEVMEwACEAZIWlpUE00TWxMNFBcGFGZcXRNbEwlVBgdSUgINGA1UUQIUVVZXVk4ECwcLHAIGWwUBAQICAABWCxNNE0sEBAYWBhQbDxtZFUVJElhMSwAHVEYXVhNQTQgRTEZPREtQSEQEQk0%2BDwYQCwldFwMTJnRtQ05BFBoSUVpXbhdUSxILDApBXBsGFwZDHRsUAzwABhBQVlxuB1BUCA4aRllEdkFRVBMTFUMXAjsHA09cWlQ%2BRUARB0FeQQJcRlJFDkEbTUAWBTwJSmpfUAxYVRhAWUY0D1dRVkYSExVDFwI7DBVmQ1xDElhWD0BZRlJWGxkbRABuWxMNFBcGFGZTWFwIXUBDWEEiChRcU1ZJQx0bFAM8BhEJTkZcQz5HXBMRCgsNRAMXCAFUHwlDTkERAjlKQUtYD1YbW0AuCxkPVVlYHlQfCUFKNA0NAlZCShEvZRlQUk1UWEZuXFcHVQoZGVRXX0MUTw8IAVQfCUhCJAEADVYaCwFQAQlQUlJEJQ9LUF9eGR4IUVdNVEFKG1JQRT5SVgwPChBBXBsFCgdZBFwHUlpQAQAbGRtBAENYDBFBXkEdZRdNXhRDZUNYQzhBHghnXW1DHRk9QAAFDhZYXF5fPRMDQT5BKgAnQGBlE00RZUMBP0ZZRmUXCm1DHRk9QBM4QVwZaRsBPRMVQT5BAwYIXVBLbUMLGT1ABThBShlpG1UIQlgDDgY7EAlMW11tQwsZPUBTOEEbG0hE&jsonp=NREUM.setToken HTTP/1.1
Host: bam.nr-data.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://chaturbate.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Date: Tue, 27 Dec 2022 05:48:59 GMT
Content-Type: text/javascript
Transfer-Encoding: chunked
Connection: keep-alive
CF-Ray: 77ffc5346ba3b509-OSL
Access-Control-Allow-Origin: *
CF-Cache-Status: DYNAMIC
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, PUT, HEAD, OPTIONS
Cross-Origin-Resource-Policy: cross-origin
Vary: Accept-Encoding
Server: cloudflare
Content-Encoding: gzip
pxl.tsyndicate.com/api/v1/p/p.js?p=APeIQFMmDJkycuaI0BGjBgsRYcbQWRjjIZ0zC0WImWEmjIwxOMy0yNExRgsaYWzAaGFwBo4WHHPImEFmRo4ZMMzQEPEwTJ0xGW-MKRMjxpgYIsvguCGSRhkbIsMgDdNCzA0xMGiQMYOjzA0aYnhCJGNnoY0cNmQ8hFMnLEMZOWBUhAgHzsKlNGY8nANnog6XMHDAiPuwDV-_NGDYqBEjx42HY9rY1UFDRo0cORyONbNQBo6HYty46Sw4Bo4amtu4wahDxo0ZZ9eqZr2Yxtw6MTKioUMHzhwdL16EcWGQzmoXY960eXGmDJ0XMWDIhSGDBo4fdNK0KdOjoUwaOcB7viHDBpc60suHoTOmR-XLmc-ntxEGjpgeS2CE-UKjiZMwShxRwxJonCGHFnAkIUQNVuThhhhBkHEGGWlE8UYdWMyBoRxnrHFGE0I48YYdQlyRhR01GCEEGlGcgcMcNdARBxpCPEFDHOg9cUcLVeDxRhxFuPEEEVTEQEQeM8yRxRlSoCEHEkcE0UYUNlRxwx10KKGEHWzo4UQQZmTBBBsUTtGCFmZ8cUYVSRAhRRVpiAVHGxQ99MacdYpAhnIZDefGenXIEQYbBA1KBxpzXCjHUMix0ZZYY6y30BYzxNDFWosuBIML0s0lBmc6bCoXZHN-AUemoXIqHQ446CWCHHZM1tBDZYyBZ6qdwmDTQ3XUEacOepbxkRlmyEBVUTSdxBUNVeFUQws3hCHVDGHkIIaxRomVxmQi5BCDC3G5UJkLDe30kBxfbJuRt-BuOm65YtURRkZNvKFHGmywEcYLNXAKAgpXpOHGnnfMAYITVIAQHac7gBCwGzbQ0DAeETcMK0Mw9AtDCiAcUesab7wgw3TTxQCCEWnIUYYZb-ABXcacQgoUsE48IdYb6I4xswg1i8XGzkU4IdZBdnyhMhsU1XDDDa3aIBgM554xWms1LPUQ0V-IIcddnwVbdBtvkEGaDXORIccbC7n6hkKUYdpyHgvRcO7KuvHmG3DCufAnHYEOWigbhyYaKKNjOCrGC2LdkVEMnsEgFhqLU2euCHPAmtHZdKyHcwt1uJEGHTBtSsZRMgy980FfjM64WHTQyZAN5DEul0sWtVH667GPHANghI1ldBl8fSEp7jLIvvtjIpRR9KAI0cE2pTRcCpEYfgXbUR2Ay_mzppCxBkMfCgQE&s=68bf5dc4734dfb1dfc7ca87bf03a7b54cbb75238647c78c4992762978436ecb51672120138&w=t&r=1&d=450&priv=false
136.243.81.150200 OK 24 B URL HTTP/2 pxl.tsyndicate.com/api/v1/p/p.js?p=APeIQFMmDJkycuaI0BGjBgsRYcbQWRjjIZ0zC0WImWEmjIwxOMy0yNExRgsaYWzAaGFwBo4WHHPImEFmRo4ZMMzQEPEwTJ0xGW-MKRMjxpgYIsvguCGSRhkbIsMgDdNCzA0xMGiQMYOjzA0aYnhCJGNnoY0cNmQ8hFMnLEMZOWBUhAgHzsKlNGY8nANnog6XMHDAiPuwDV-_NGDYqBEjx42HY9rY1UFDRo0cORyONbNQBo6HYty46Sw4Bo4amtu4wahDxo0ZZ9eqZr2Yxtw6MTKioUMHzhwdL16EcWGQzmoXY960eXGmDJ0XMWDIhSGDBo4fdNK0KdOjoUwaOcB7viHDBpc60suHoTOmR-XLmc-ntxEGjpgeS2CE-UKjiZMwShxRwxJonCGHFnAkIUQNVuThhhhBkHEGGWlE8UYdWMyBoRxnrHFGE0I48YYdQlyRhR01GCEEGlGcgcMcNdARBxpCPEFDHOg9cUcLVeDxRhxFuPEEEVTEQEQeM8yRxRlSoCEHEkcE0UYUNlRxwx10KKGEHWzo4UQQZmTBBBsUTtGCFmZ8cUYVSRAhRRVpiAVHGxQ99MacdYpAhnIZDefGenXIEQYbBA1KBxpzXCjHUMix0ZZYY6y30BYzxNDFWosuBIML0s0lBmc6bCoXZHN-AUemoXIqHQ446CWCHHZM1tBDZYyBZ6qdwmDTQ3XUEacOepbxkRlmyEBVUTSdxBUNVeFUQws3hCHVDGHkIIaxRomVxmQi5BCDC3G5UJkLDe30kBxfbJuRt-BuOm65YtURRkZNvKFHGmywEcYLNXAKAgpXpOHGnnfMAYITVIAQHac7gBCwGzbQ0DAeETcMK0Mw9AtDCiAcUesab7wgw3TTxQCCEWnIUYYZb-ABXcacQgoUsE48IdYb6I4xswg1i8XGzkU4IdZBdnyhMhsU1XDDDa3aIBgM554xWms1LPUQ0V-IIcddnwVbdBtvkEGaDXORIccbC7n6hkKUYdpyHgvRcO7KuvHmG3DCufAnHYEOWigbhyYaKKNjOCrGC2LdkVEMnsEgFhqLU2euCHPAmtHZdKyHcwt1uJEGHTBtSsZRMgy980FfjM64WHTQyZAN5DEul0sWtVH667GPHANghI1ldBl8fSEp7jLIvvtjIpRR9KAI0cE2pTRcCpEYfgXbUR2Ay_mzppCxBkMfCgQE&s=68bf5dc4734dfb1dfc7ca87bf03a7b54cbb75238647c78c4992762978436ecb51672120138&w=t&r=1&d=450&priv=false
IP 136.243.81.150:0
ASN #24940 Hetzner Online GmbH
File type ASCII text, with no line terminators
Hash 0959ba36d476b6dc1994ba3c678b07c4
d30b94da72daa02766965206a85b7e0356375f5e
897410b87e27e3dfba3a7d6caab315a5e69cc941bb96d91fc74878a9b051843a
GET /api/v1/p/p.js?p=APeIQFMmDJkycuaI0BGjBgsRYcbQWRjjIZ0zC0WImWEmjIwxOMy0yNExRgsaYWzAaGFwBo4WHHPImEFmRo4ZMMzQEPEwTJ0xGW-MKRMjxpgYIsvguCGSRhkbIsMgDdNCzA0xMGiQMYOjzA0aYnhCJGNnoY0cNmQ8hFMnLEMZOWBUhAgHzsKlNGY8nANnog6XMHDAiPuwDV-_NGDYqBEjx42HY9rY1UFDRo0cORyONbNQBo6HYty46Sw4Bo4amtu4wahDxo0ZZ9eqZr2Yxtw6MTKioUMHzhwdL16EcWGQzmoXY960eXGmDJ0XMWDIhSGDBo4fdNK0KdOjoUwaOcB7viHDBpc60suHoTOmR-XLmc-ntxEGjpgeS2CE-UKjiZMwShxRwxJonCGHFnAkIUQNVuThhhhBkHEGGWlE8UYdWMyBoRxnrHFGE0I48YYdQlyRhR01GCEEGlGcgcMcNdARBxpCPEFDHOg9cUcLVeDxRhxFuPEEEVTEQEQeM8yRxRlSoCEHEkcE0UYUNlRxwx10KKGEHWzo4UQQZmTBBBsUTtGCFmZ8cUYVSRAhRRVpiAVHGxQ99MacdYpAhnIZDefGenXIEQYbBA1KBxpzXCjHUMix0ZZYY6y30BYzxNDFWosuBIML0s0lBmc6bCoXZHN-AUemoXIqHQ446CWCHHZM1tBDZYyBZ6qdwmDTQ3XUEacOepbxkRlmyEBVUTSdxBUNVeFUQws3hCHVDGHkIIaxRomVxmQi5BCDC3G5UJkLDe30kBxfbJuRt-BuOm65YtURRkZNvKFHGmywEcYLNXAKAgpXpOHGnnfMAYITVIAQHac7gBCwGzbQ0DAeETcMK0Mw9AtDCiAcUesab7wgw3TTxQCCEWnIUYYZb-ABXcacQgoUsE48IdYb6I4xswg1i8XGzkU4IdZBdnyhMhsU1XDDDa3aIBgM554xWms1LPUQ0V-IIcddnwVbdBtvkEGaDXORIccbC7n6hkKUYdpyHgvRcO7KuvHmG3DCufAnHYEOWigbhyYaKKNjOCrGC2LdkVEMnsEgFhqLU2euCHPAmtHZdKyHcwt1uJEGHTBtSsZRMgy980FfjM64WHTQyZAN5DEul0sWtVH667GPHANghI1ldBl8fSEp7jLIvvtjIpRR9KAI0cE2pTRcCpEYfgXbUR2Ay_mzppCxBkMfCgQE&s=68bf5dc4734dfb1dfc7ca87bf03a7b54cbb75238647c78c4992762978436ecb51672120138&w=t&r=1&d=450&priv=false HTTP/1.1
Host: pxl.tsyndicate.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://a.naturalhealthsource.club/
Cookie: ts_uid=de2cff2a-113d-4f84-b305-7aa13a9b2a1c; bfq=APeIECNCxxYZOGDEwFGjRhcWIsYU3BLjoYgyE2PYuCFDBgwbNWbg6NJH
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Tue, 27 Dec 2022 05:48:59 GMT
content-type: text/plain; charset=utf-8
content-length: 24
x-robots-tag: noindex, nofollow
X-Firefox-Spdy: h2
bam.nr-data.net/events/1/6f524845d1?a=24279235&v=1220.PROD&to=MwYEbUdYXxJQWhULDApMIExbWkUIXldOFgwRERUXQ1BUFkIDFQ0WFlA%3D&rst=1479&ck=0&s=6feb198490ba4e6c&ref=https://chaturbate.com/tours/3/
162.247.241.14429 Too Many Requests 2 B URL HTTP/1.1 bam.nr-data.net/events/1/6f524845d1?a=24279235&v=1220.PROD&to=MwYEbUdYXxJQWhULDApMIExbWkUIXldOFgwRERUXQ1BUFkIDFQ0WFlA%3D&rst=1479&ck=0&s=6feb198490ba4e6c&ref=https://chaturbate.com/tours/3/
IP 162.247.241.14:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 99914b932bd37a50b983c5e7c90ae93b
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
POST /events/1/6f524845d1?a=24279235&v=1220.PROD&to=MwYEbUdYXxJQWhULDApMIExbWkUIXldOFgwRERUXQ1BUFkIDFQ0WFlA%3D&rst=1479&ck=0&s=6feb198490ba4e6c&ref=https://chaturbate.com/tours/3/ HTTP/1.1
Host: bam.nr-data.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://chaturbate.com/
content-type: text/plain
Content-Length: 1681
Origin: https://chaturbate.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 429 Too Many Requests
Date: Tue, 27 Dec 2022 05:48:59 GMT
Content-Type: application/json; charset=UTF-8
Content-Length: 2
Connection: keep-alive
CF-Ray: 77ffc5359c08b509-OSL
Access-Control-Allow-Origin: https://chaturbate.com
Retry-After: 55
CF-Cache-Status: DYNAMIC
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, PUT, HEAD, OPTIONS
Vary: Accept-Encoding
Server: cloudflare
xfantazy.com/static/logo-tv-light.svg
172.64.163.22200 OK 0 B URL HTTP/2 xfantazy.com/static/logo-tv-light.svg
IP 172.64.163.22:0
GET /static/logo-tv-light.svg HTTP/1.1
Host: xfantazy.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/tag/bondageliberation
Cookie: visitorId=z5gtri4q638y2fo0a9346; experiment-popup-payment-7=0; experiment-save-to-button-2=0
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Tue, 27 Dec 2022 05:48:53 GMT
content-type: image/svg+xml
vary: Origin, Accept-Encoding
cache-control: public, max-age=14400
last-modified: Tue, 20 Dec 2022 10:11:39 GMT
etag: W/"101b-1852f0476b0"
cf-cache-status: REVALIDATED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Ijt%2B7WYIwAz5h%2FVQEXnlWBKuF8d2XiZVEFm%2F4nO8czDTaVo4l0e5vAeRGBdtrpCbvdu31qJmDZ0dc67qkDGrKURO6Or3CDlHKk%2F89%2FzXbXHY90pDm7j73uormBo6stg%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 77ffc5153ccb24d5-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
mc.yandex.ru/watch/49415098?wmode=7&page-url=https%3A%2F%2Fxfantazy.com%2Ftag%2Fbondageliberation&charset=utf-8&browser-info=pv%3A1%3Avf%3A14qzoz81s4a176hik6jd9j%3Afp%3A1178%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A952%3Acn%3A1%3Adp%3A0%3Als%3A1321012787163%3Ahid%3A271991179%3Az%3A0%3Ai%3A20221227054851%3Aet%3A1672120131%3Ac%3A1%3Arn%3A115130534%3Arqn%3A1%3Au%3A1672120131729037475%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ads%3A1%2C113%2C379%2C0%2C319%2C0%2C%2C264%2C5%2C%2C%2C%2C1170%3Aco%3A0%3Ans%3A1672120129184%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1672120131%3At%3Abondageliberation%20-%20XFantazy.com&t=gdpr(14)clc(0-0-0)rqnt(1)aw(1)fip(1)ti(2)
93.158.134.119302 Found 0 B URL HTTP/2 mc.yandex.ru/watch/49415098?wmode=7&page-url=https%3A%2F%2Fxfantazy.com%2Ftag%2Fbondageliberation&charset=utf-8&browser-info=pv%3A1%3Avf%3A14qzoz81s4a176hik6jd9j%3Afp%3A1178%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A952%3Acn%3A1%3Adp%3A0%3Als%3A1321012787163%3Ahid%3A271991179%3Az%3A0%3Ai%3A20221227054851%3Aet%3A1672120131%3Ac%3A1%3Arn%3A115130534%3Arqn%3A1%3Au%3A1672120131729037475%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ads%3A1%2C113%2C379%2C0%2C319%2C0%2C%2C264%2C5%2C%2C%2C%2C1170%3Aco%3A0%3Ans%3A1672120129184%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1672120131%3At%3Abondageliberation%20-%20XFantazy.com&t=gdpr(14)clc(0-0-0)rqnt(1)aw(1)fip(1)ti(2)
IP 93.158.134.119:0
GET /watch/49415098?wmode=7&page-url=https%3A%2F%2Fxfantazy.com%2Ftag%2Fbondageliberation&charset=utf-8&browser-info=pv%3A1%3Avf%3A14qzoz81s4a176hik6jd9j%3Afp%3A1178%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A952%3Acn%3A1%3Adp%3A0%3Als%3A1321012787163%3Ahid%3A271991179%3Az%3A0%3Ai%3A20221227054851%3Aet%3A1672120131%3Ac%3A1%3Arn%3A115130534%3Arqn%3A1%3Au%3A1672120131729037475%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ads%3A1%2C113%2C379%2C0%2C319%2C0%2C%2C264%2C5%2C%2C%2C%2C1170%3Aco%3A0%3Ans%3A1672120129184%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1672120131%3At%3Abondageliberation%20-%20XFantazy.com&t=gdpr(14)clc(0-0-0)rqnt(1)aw(1)fip(1)ti(2) HTTP/1.1
Host: mc.yandex.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://xfantazy.com
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
location: /watch/49415098/1?wmode=7&page-url=https%3A%2F%2Fxfantazy.com%2Ftag%2Fbondageliberation&charset=utf-8&browser-info=pv%3A1%3Avf%3A14qzoz81s4a176hik6jd9j%3Afp%3A1178%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A952%3Acn%3A1%3Adp%3A0%3Als%3A1321012787163%3Ahid%3A271991179%3Az%3A0%3Ai%3A20221227054851%3Aet%3A1672120131%3Ac%3A1%3Arn%3A115130534%3Arqn%3A1%3Au%3A1672120131729037475%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ads%3A1%2C113%2C379%2C0%2C319%2C0%2C%2C264%2C5%2C%2C%2C%2C1170%3Aco%3A0%3Ans%3A1672120129184%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1672120131%3At%3Abondageliberation%20-%20XFantazy.com&t=gdpr%2814%29clc%280-0-0%29rqnt%281%29aw%281%29fip%281%29ti%282%29
date: Tue, 27 Dec 2022 05:48:55 GMT
access-control-allow-origin: https://xfantazy.com
set-cookie: yabs-sid=537052181672120135; Path=/; SameSite=None; Secure
i=6ddMjzQrRcWQe0QUUeILcNhb2zi8vrLiAElM3eiAKOM62IqGDqX2xj0pymVOZiHsZgHNttqpBdlmTxBREsDYKweR68o=; Expires=Fri, 24-Dec-2032 05:48:46 GMT; Domain=.yandex.ru; Path=/; Secure; HttpOnly; SameSite=None
yandexuid=4577288101672120135; Expires=Wed, 27-Dec-2023 05:48:55 GMT; Domain=.yandex.ru; Path=/; SameSite=None; Secure
yuidss=4577288101672120135; Expires=Wed, 27-Dec-2023 05:48:55 GMT; Domain=.yandex.ru; Path=/; SameSite=None; Secure
ymex=1703656135.yc.1672120135#1703656135.yrts.1672120135#1703656135.yrtsi.1672120135; Expires=Wed, 27-Dec-2023 05:48:55 GMT; Domain=.yandex.ru; Path=/; SameSite=None; Secure
access-control-allow-credentials: true
pragma: no-cache
x-xss-protection: 1; mode=block
expires: Tue, 27-Dec-2022 05:48:55 GMT
last-modified: Tue, 27-Dec-2022 05:48:55 GMT
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
xfantazy.com/_next/static/chunks/7.38d845e9473548212694.js
172.64.163.22200 OK 0 B URL HTTP/2 xfantazy.com/_next/static/chunks/7.38d845e9473548212694.js
IP 172.64.163.22:0
GET /_next/static/chunks/7.38d845e9473548212694.js HTTP/1.1
Host: xfantazy.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/tag/bondageliberation
Cookie: visitorId=z5gtri4q638y2fo0a9346; experiment-popup-payment-7=0; experiment-save-to-button-2=0
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Tue, 27 Dec 2022 05:48:53 GMT
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=31536000, immutable
cf-bgj: minify
etag: W/"97ba-183501608ac"
last-modified: Sun, 18 Sep 2022 10:12:44 GMT
vary: Origin, Accept-Encoding
cf-cache-status: HIT
age: 1902332
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=6hiIaDEMj1sYey6on%2FPXWUizanKnJIg31jpSGZaWUbfORSGtw5zz7znSNTE54rqWvHkWjZN0vk7JmvLrxzaaTqxe5gXRaQIas22VL3HnCb4y14x4ooeHOTbicJ3vPwU%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 77ffc5151cb124d5-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
www.facebook.com/login.php?next=https%3A%2F%2Fwww.facebook.com%2Ffavicon.ico%3F_rdr%3Dp
31.13.72.36200 OK 0 B URL HTTP/2 www.facebook.com/login.php?next=https%3A%2F%2Fwww.facebook.com%2Ffavicon.ico%3F_rdr%3Dp
IP 31.13.72.36:0
GET /login.php?next=https%3A%2F%2Fwww.facebook.com%2Ffavicon.ico%3F_rdr%3Dp HTTP/1.1
Host: www.facebook.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-encoding: br
pragma: no-cache
cache-control: private, no-cache, no-store, must-revalidate
expires: Sat, 01 Jan 2000 00:00:00 GMT
content-security-policy-report-only: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* wss://*.fbcdn.net attachment.fbsbx.com blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ *.fbsbx.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster: *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: *.fbcdn.net;worker-src blob: *.facebook.com data:;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
content-security-policy: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* wss://*.fbcdn.net attachment.fbsbx.com blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ *.fbsbx.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster: *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: *.fbcdn.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
report-to: {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown"}]}
x-frame-options: DENY
x-content-type-options: nosniff
x-xss-protection: 0
cross-origin-opener-policy: same-origin-allow-popups
vary: Sec-Fetch-Site, Sec-Fetch-Mode, Accept-Encoding
strict-transport-security: max-age=15552000; preload
content-type: text/html; charset="utf-8"
x-fb-debug: txOTSw0D/nPEcqZXNDjXoTysyHxiACeqFr1GWMNns6N516ggU4XwovNZb785KCFxFhyoLtyJUO7Y+RptiSN9bw==
date: Tue, 27 Dec 2022 05:48:56 GMT
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
cdn.creative-bars1.com/sb/interstitial/rtb/default/3/css/style.css
172.64.109.13200 OK 0 B URL HTTP/2 cdn.creative-bars1.com/sb/interstitial/rtb/default/3/css/style.css
IP 172.64.109.13:0
GET /sb/interstitial/rtb/default/3/css/style.css HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://xfantazy.com
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Tue, 27 Dec 2022 05:48:57 GMT
content-type: text/css
last-modified: Wed, 23 Jun 2021 13:33:21 GMT
etag: W/"60d33821-14da"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 3599625
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=tz5q8nLonEWNE%2FyQpQ002ALtU008GhFK3w6IQRmoKqQldojnTf%2FYvLW07yy%2FAM63n4ldt%2BA1%2FXVqa7T5NyVkP8mynqnstCu6zsSEEa48dpA%2FaeFhF9rXSqDR%2BCcKbfGscCHkZePmJpn0"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 77ffc5295a797332-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
static.adxadserv.com/css/wm.css
185.76.9.18200 OK 0 B URL HTTP/2 static.adxadserv.com/css/wm.css
IP 185.76.9.18:0
ASN #60068 Datacamp Limited
GET /css/wm.css HTTP/1.1
Host: static.adxadserv.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ads.adxadserv.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
HTTP/2 200 OK
date: Tue, 27 Dec 2022 05:48:57 GMT
content-type: text/css
last-modified: Mon, 03 Aug 2020 09:41:06 GMT
etag: W/"5f27dbb2-711"
x-accel-expires: @1673003472
server: CDN77-Turbo
x-77-nzt: AblMCQ1cqwr/eVcCAA
x-77-nzt-ray: c0a4cc28c1f7ca7b4987aa636f5e9b1c
x-cache: HIT
x-age: 153465
x-77-pop: stockholmSE
x-77-cache: HIT
content-encoding: gzip
X-Firefox-Spdy: h2
a.naturalhealthsource.club/api/settings/382499
135.181.208.216200 OK 0 B URL HTTP/2 a.naturalhealthsource.club/api/settings/382499
IP 135.181.208.216:0
ASN #24940 Hetzner Online GmbH
GET /api/settings/382499 HTTP/1.1
Host: a.naturalhealthsource.club
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://xfantazy.com/
Origin: https://xfantazy.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Tue, 27 Dec 2022 05:48:54 GMT
content-type: application/json
vary: Accept-Encoding
access-control-allow-origin: *
cache-control: private
content-encoding: gzip
X-Firefox-Spdy: h2
pogothere.xyz/asd100.bin
172.64.172.27200 OK 0 B IP 172.64.172.27:0
GET /asd100.bin HTTP/1.1
Host: pogothere.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://xfantazy.com/
Origin: https://xfantazy.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Tue, 27 Dec 2022 05:48:56 GMT
content-type: binary/octet-stream
access-control-allow-origin: https://xfantazy.com
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-headers: X-Requested-With, content-type
cache-control: max-age=14400
cf-cache-status: HIT
age: 5450
last-modified: Tue, 27 Dec 2022 04:18:06 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=5jDIcYyCoEQJmkW3pkoJiTHxyIa6GhPe6SKPSt9cHlrTsR1Z5UF%2FdJcU0DSy%2BVDyxmht0KI4hMwg2wxwqFZPKIFvZTSsRn7U%2F6LUn4BMD4BPV90ImjC1jnU5mtrKRyCZ"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 77ffc525efde756e-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
static-assets.highwebmedia.com/CACHE/css/output.ef7436bc2788.css
104.16.94.42200 OK 0 B URL HTTP/2 static-assets.highwebmedia.com/CACHE/css/output.ef7436bc2788.css
IP 104.16.94.42:0
GET /CACHE/css/output.ef7436bc2788.css HTTP/1.1
Host: static-assets.highwebmedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://chaturbate.com/
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Tue, 27 Dec 2022 05:48:58 GMT
content-type: text/css
cache-control: public, max-age=2592000
cf-bgj: minify
cf-polished: origSize=29618
etag: W/"ade681e2fa92be6f93f43294ddc58941"
last-modified: Thu, 17 Nov 2022 16:34:23 GMT
x-amz-id-2: azvjfLhsZQz0cag4muV1nCoqw4kMQf5PSauhF7VXnYrO6hWxTMgQHmT8X4/+31fVT28kfu+Uu6Q=
x-amz-meta-s3cmd-attrs: md5:ade681e2fa92be6f93f43294ddc58941
x-amz-request-id: X33R15MJ639RYB32
cf-cache-status: HIT
age: 825143
expires: Thu, 26 Jan 2023 05:48:58 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Rn2AuC9n6hKYgiBqe9SjlLSC5eXeDslR1erTyMFbIzeKxYLX5H%2F82l36c2PubpVY1xs7ZNCWAA2v0HyaqMvr9TNNmiGNSXgNDxxZZlD%2F7rO9aCKLQnDwhhDb973SPmdmz4IWWAvW7rQdEaKputGahQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
set-cookie: _cfuvid=VNnXth73CHtsKYxyTyG6XsjvQlxCJoerUBk9DQ3ZLaM-1672120138353-0-604800000; path=/; domain=.highwebmedia.com; HttpOnly; Secure; SameSite=None
server: cloudflare
cf-ray: 77ffc530abf90b39-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
a.naturalhealthsource.club/zRdVuw7.js
135.181.208.216200 OK 0 B URL HTTP/2 a.naturalhealthsource.club/zRdVuw7.js
IP 135.181.208.216:0
ASN #24940 Hetzner Online GmbH
GET /zRdVuw7.js HTTP/1.1
Host: a.naturalhealthsource.club
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Tue, 27 Dec 2022 05:48:54 GMT
content-type: application/javascript
last-modified: Tue, 13 Dec 2022 09:50:49 GMT
etag: W/"63984af9-29f99"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000, public
vary: Accept-Encoding, Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 a842e6ed7853f1a77f754cf5bae38910.cloudfront.net (CloudFront)
x-amz-cf-pop: ARN54-C1
alt-svc: h3=":443"; ma=86400
x-amz-cf-id: VZclCGPEs4QO9lAiRAyKyLEy3kvRaxtZw_vSb9K2t81BORnpz_QHbw==
age: 253948
x-frame-options: DENY
x-content-type-options: nosniff
content-encoding: gzip
X-Firefox-Spdy: h2
chaturbate.com/in/?track=xfanta&tour=x1Rd&campaign=NcAyU&c=3&p=0&gender=f
104.18.101.40302 Found 0 B URL HTTP/2 chaturbate.com/in/?track=xfanta&tour=x1Rd&campaign=NcAyU&c=3&p=0&gender=f
IP 104.18.101.40:0
GET /in/?track=xfanta&tour=x1Rd&campaign=NcAyU&c=3&p=0&gender=f HTTP/1.1
Host: chaturbate.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://cams.gratis/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
date: Tue, 27 Dec 2022 05:48:57 GMT
content-type: text/html; charset=utf-8
location: /tours/3/?tour=x1Rd&campaign=NcAyU&c=3&p=0&gender=f&disable_sound=0
p3p: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"
vary: Accept-Language, Cookie
content-language: en
content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.mmcdn.com https://*.highwebmedia.com https://*.chaturbate.com https://chaturbate.com https://ajax.googleapis.com https://js-agent.newrelic.com https://cdnjs.cloudflare.com https://www.google-analytics.com https://www.google.com/recaptcha/ https://www.google.com/cv/ https://www.gstatic.com/recaptcha/ https://www.gstatic.com/cv/ https://www.gstatic.com/eureka/ https://www.gstatic.com/cast/ https://*.nr-data.net https://certify-js.alexametrics.com https://player.vimeo.com/api/player.js http://static.hotjar.com https://static.hotjar.com https://script.hotjar.com ; style-src 'self' data: 'unsafe-inline' https://*.highwebmedia.com https://cdnjs.cloudflare.com https://fonts.googleapis.com ; img-src 'self' data: https://*.mmcdn.com https://*.highwebmedia.com https://*.stream.highwebmedia.com https://*.chaturbate.com https://chaturbate.com https://www.google-analytics.com https://static-pub.highwebmedia.com https://s3pv.highwebmedia.com https://cbphotovideo.s3.amazonaws.com https://cbphotovideo-eu.s3.amazonaws.com https://static-pub.highwebmedia.com.s3.amazonaws.com https://wowdvr.s3.amazonaws.com https://cbvideoupload.s3.amazonaws.com https://cdnjs.cloudflare.com https://www.gstatic.com https://*.nr-data.net https://certify.alexametrics.com https://stats.g.doubleclick.net https://cbgames.s3.amazonaws.com https://player.vimeo.com https://script.hotjar.com http://script.hotjar.com ; font-src 'self' data: https://*.mmcdn.com https://*.highwebmedia.com https://cdnjs.cloudflare.com https://fonts.gstatic.com http://script.hotjar.com https://script.hotjar.com ; connect-src 'self' blob: blob https://*.mmcdn.com wss://*.mmcdn.com wss://*.mmcdn.com:8443 https://*.highwebmedia.com wss://*.highwebmedia.com wss://*.highwebmedia.com:8443 https://*.nr-data.net https://*.chaturbate.com https://chaturbate.com https://www.google-analytics.com https://cbvideoupload.s3-accelerate.amazonaws.com https://stats.g.doubleclick.net https://internet-up.ably-realtime.com https://static-pub.highwebmedia.com https://s3pv.highwebmedia.com https://cbphotovideo.s3.amazonaws.com https://cbphotovideo-eu.s3.amazonaws.com https://static-pub.highwebmedia.com.s3.amazonaws.com https://wowdvr.s3.amazonaws.com https://cbvideoupload.s3.amazonaws.com https://tls-use1.fpapi.io https://use1.fptls.com https://eun1.fptls.com https://aps1.fptls.com http://*.hotjar.com:* https://*.hotjar.com:* https://vc.hotjar.io:* https://surveystats.hotjar.io wss://*.hotjar.com ; media-src 'self' https://*.mmcdn.com https://*.highwebmedia.com https://*.chaturbate.com https://chaturbate.com mediasource: blob: data: https://static-pub.highwebmedia.com https://s3pv.highwebmedia.com https://cbphotovideo.s3.amazonaws.com https://cbphotovideo-eu.s3.amazonaws.com https://static-pub.highwebmedia.com.s3.amazonaws.com https://wowdvr.s3.amazonaws.com https://cbvideoupload.s3.amazonaws.com; object-src 'self' https://*.mmcdn.com https://*.highwebmedia.com https://download.macromedia.com https://static-pub.highwebmedia.com https://s3pv.highwebmedia.com https://cbphotovideo.s3.amazonaws.com https://cbphotovideo-eu.s3.amazonaws.com https://static-pub.highwebmedia.com.s3.amazonaws.com https://wowdvr.s3.amazonaws.com https://cbvideoupload.s3.amazonaws.com ; frame-src 'self' https://*.mmcdn.com https://*.chaturbate.com https://chaturbate.com https://*.highwebmedia.com https://adserver.exoticads.com https://www.google.com/recaptcha/ https://*.wnu.com https://wnu.com https://checkout.2000charge.com https://www.sofort.com https://*.girogate.de https://player.vimeo.com https://vars.hotjar.com ; child-src 'self' blob: blob ; worker-src 'self' blob: blob ; form-action 'self' https://*.chaturbate.com https://chaturbate.com https://*.stream.highwebmedia.com https://*.wnu.com https://wnu.com https://devportal.cb.dev https://*.web.amer-1.jumio.ai https://smartpay.coinsmart.com https://secure.paygarden.com ; manifest-src 'self' https://*.mmcdn.com https://*.highwebmedia.com ; report-uri https://report-uri.mmcdn.com/r/t/csp/enforce;
report-to: {"group":"default","max_age":2592000,"endpoints":[{"url":"https://report-uri.mmcdn.com/a/t/g"}],"include_subdomains":true}
nel: {"report_to":"default","max_age":2592000,"include_subdomains":true}
x-frame-options: DENY
cache-control: no-cache
x-content-type-options: nosniff
x-xss-protection: 1; mode=block; report=https://report-uri.highwebmedia.com/r/t/xss/enforce
referrer-policy: strict-origin-when-cross-origin
via: 1.1 google
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cf-cache-status: DYNAMIC
set-cookie: u_x1Rd=1; expires=Sun, 01-Jan-2023 05:48:57 GMT; Max-Age=432000; Path=/
us_x1Rd=1; Path=/
affkey="eJyrVipRslJQqjAMSlHSUVBKzi0Acf2SHStDQfySomywdFpiXkkiSKAIxM0oKSkottLXT07MLdZLL0osySzWB0kmpqWBpHMTKyoqclNTMhONDAwtQBJgQ40MlWoBzegfMA=="; Domain=.chaturbate.com; expires=Thu, 26-Jan-2023 05:48:57 GMT; Max-Age=2592000; Path=/
fromaffiliate=1; Domain=.chaturbate.com; Path=/
noads=1; expires=Tue, 27-Dec-2022 11:48:57 GMT; Max-Age=21600; Path=/
sbr=sec:sbr05aca747-5a49-43f6-b711-017ae3669418:1pA2pd:BMeKcdSjJJJdR-FvpFbMwlWmcXg; Domain=.chaturbate.com; expires=Sun, 21-Sep-2025 05:48:57 GMT; HttpOnly; Max-Age=86313600; Path=/; Secure
__cf_bm=sADbGLdpKjqL6QjW2WfKeLiLZXdsvib_uNRF2fvtDKY-1672120137-0-AcJsKyC/GXBtIY5BNeNvpdKYdQNsCkVpCLioPfRJsdHhcsg0bNUtiYpIVMaNvk2iia6nOzyLYaCQZW1B20Hh+q8=; path=/; expires=Tue, 27-Dec-22 06:18:57 GMT; domain=.chaturbate.com; HttpOnly; Secure; SameSite=None
strict-transport-security: max-age=31536000; includeSubDomains; preload
server: cloudflare
cf-ray: 77ffc52ccf93b4f7-OSL
X-Firefox-Spdy: h2
cdn.creative-bars1.com/sb/interstitial/rtb/default/3/js/jquery-3.2.1.min.js
172.64.109.13200 OK 0 B URL HTTP/2 cdn.creative-bars1.com/sb/interstitial/rtb/default/3/js/jquery-3.2.1.min.js
IP 172.64.109.13:0
GET /sb/interstitial/rtb/default/3/js/jquery-3.2.1.min.js HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://xfantazy.com
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Tue, 27 Dec 2022 05:48:57 GMT
content-type: application/javascript
last-modified: Wed, 23 Jun 2021 13:33:25 GMT
etag: W/"60d33825-1fa27"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 3599625
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2BBBiTbjbE1iS9fnRcNM2FZa6bXMWZ5Rw0srbLQQnU1gFRvP8nT8vA50422GX0qUdYE3yJc7C71L8ii54LQflYajFDpzHGGvRuuRPwvyDzAjopV6uJJgS0xnS6KUUc%2FcN6Z4SkpexGALV"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 77ffc5293a627332-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
cdn.creative-bars1.com/sb/interstitial/rtb/default/3/js/script.js
172.64.109.13200 OK 0 B URL HTTP/2 cdn.creative-bars1.com/sb/interstitial/rtb/default/3/js/script.js
IP 172.64.109.13:0
GET /sb/interstitial/rtb/default/3/js/script.js HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://xfantazy.com
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Tue, 27 Dec 2022 05:48:57 GMT
content-type: application/javascript
last-modified: Wed, 23 Jun 2021 13:33:24 GMT
etag: W/"60d33824-2ed"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Mg4nyX5mnvepY%2BL0JipXwdqsU9cBLhYtmzwyGZ9K%2FmxhjQQgLKJ8iTlXb0stbcOw5pK7IhHY7n%2FtF%2FNGnNlG1uOO9Q85Fj%2B0PYw9fH3O%2Bp6e5Bbz3oibOxm7RoMBaSkTOfN%2BEcFAiviL"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 77ffc529eadb7332-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
a.naturalhealthsource.club/api/spots/391865?host=xfantazy.com&ev=197&wh=939&ww=1280&uuid=
135.181.208.216200 OK 0 B URL HTTP/2 a.naturalhealthsource.club/api/spots/391865?host=xfantazy.com&ev=197&wh=939&ww=1280&uuid=
IP 135.181.208.216:0
ASN #24940 Hetzner Online GmbH
GET /api/spots/391865?host=xfantazy.com&ev=197&wh=939&ww=1280&uuid= HTTP/1.1
Host: a.naturalhealthsource.club
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Cookie: nauid=qfxLyNBPRhg9S2EyUD56
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 27 Dec 2022 05:48:56 GMT
content-type: text/javascript; charset=utf-8
vary: Accept-Encoding
cache-control: private
content-encoding: gzip
X-Firefox-Spdy: h2
xfantazy.com/_next/static/GghJOoWGLywaoqERj_9tp/pages/tag.js
172.64.163.22200 OK 0 B URL HTTP/2 xfantazy.com/_next/static/GghJOoWGLywaoqERj_9tp/pages/tag.js
IP 172.64.163.22:0
GET /_next/static/GghJOoWGLywaoqERj_9tp/pages/tag.js HTTP/1.1
Host: xfantazy.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/tag/bondageliberation
Cookie: visitorId=z5gtri4q638y2fo0a9346; experiment-popup-payment-7=0; experiment-save-to-button-2=0
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Tue, 27 Dec 2022 05:48:53 GMT
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=31536000, immutable
cf-bgj: minify
etag: W/"71a-1852f092d20"
last-modified: Tue, 20 Dec 2022 10:16:48 GMT
vary: Origin, Accept-Encoding
cf-cache-status: HIT
age: 588472
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=IH7qFHRQOtE4O18N2t53hTRIAfurraS8PuCslJk3KXnw2%2FXFfBc%2FFnEELXm5%2F3qN7yB4Iq5CLGPcRaj4NYvenqQDxPtAHr7L5sD53SbjzTyG1rORuJH5Jq4UzGPBgOI%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 77ffc5150cad24d5-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
xfantazy.com/_next/static/chunks/59.edff5ae0d8d83054b552.js
172.64.163.22200 OK 0 B URL HTTP/2 xfantazy.com/_next/static/chunks/59.edff5ae0d8d83054b552.js
IP 172.64.163.22:0
GET /_next/static/chunks/59.edff5ae0d8d83054b552.js HTTP/1.1
Host: xfantazy.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/tag/bondageliberation
Cookie: visitorId=z5gtri4q638y2fo0a9346; experiment-popup-payment-7=0; experiment-save-to-button-2=0
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Tue, 27 Dec 2022 05:48:53 GMT
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=31536000, immutable
cf-bgj: minify
etag: W/"c8b-18350162908"
last-modified: Sun, 18 Sep 2022 10:12:53 GMT
vary: Origin, Accept-Encoding
cf-cache-status: HIT
age: 1902389
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=rXHxrehIdiKq4ZCFrPRVCWtn9Sv55uZcx8xuF6FVxjC%2BRff9mlDM38WHX6jmkEn0Xn95AC6PKbOQoBBRNEXkkE9g59r9U%2FC4OXv%2FGNkKSr2A0cUENJ8gy8alsVgOufk%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 77ffc5151cbc24d5-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
a.naturalhealthsource.club/api/spots/303894?p=1&s1=%subid1%&kw=
135.181.208.216200 OK 0 B URL HTTP/2 a.naturalhealthsource.club/api/spots/303894?p=1&s1=%subid1%&kw=
IP 135.181.208.216:0
ASN #24940 Hetzner Online GmbH
GET /api/spots/303894?p=1&s1=%subid1%&kw= HTTP/1.1
Host: a.naturalhealthsource.club
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Cookie: nauid=qfxLyNBPRhg9S2EyUD56
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 27 Dec 2022 05:48:56 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
cache-control: private
content-encoding: gzip
X-Firefox-Spdy: h2
xfantazy.com/_next/static/chunks/16.2fcecc4fbe403da70f1d.js
172.64.163.22200 OK 0 B URL HTTP/2 xfantazy.com/_next/static/chunks/16.2fcecc4fbe403da70f1d.js
IP 172.64.163.22:0
GET /_next/static/chunks/16.2fcecc4fbe403da70f1d.js HTTP/1.1
Host: xfantazy.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/tag/bondageliberation
Cookie: visitorId=z5gtri4q638y2fo0a9346; experiment-popup-payment-7=0; experiment-save-to-button-2=0
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Tue, 27 Dec 2022 05:48:53 GMT
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=31536000, immutable
cf-bgj: minify
etag: W/"4f4a-183501634e6"
last-modified: Sun, 18 Sep 2022 10:12:56 GMT
vary: Origin, Accept-Encoding
cf-cache-status: HIT
age: 1902388
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Sx%2F0KhrK52%2Fjb9%2FY8ftZ4Sdxo%2Fs2z49%2FBT0IcNvN8hD3neCwV6Wecn9B%2B1ISWfIDkALOwIvvds3mMtc%2BLhrak0b70vPbB3FVViF%2B5B88V0l1f3YGnE8Wk8DQa1SLYDM%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 77ffc5151cba24d5-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
cdn.creative-bars1.com/sb/interstitial/rtb/default/3/css/animate.css
172.64.109.13200 OK 0 B URL HTTP/2 cdn.creative-bars1.com/sb/interstitial/rtb/default/3/css/animate.css
IP 172.64.109.13:0
GET /sb/interstitial/rtb/default/3/css/animate.css HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://xfantazy.com
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Tue, 27 Dec 2022 05:48:57 GMT
content-type: text/css
last-modified: Wed, 23 Jun 2021 13:33:20 GMT
etag: W/"60d33820-13591"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 3599625
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=o1hmpeg44kTsUO%2F9DExyYzHBvsgjerFtS0Hd0NvOruKO7D%2BQFwvC3M0DpB98AZi%2BqXEYBkHSVtrRxfFkWm1SBPIPx57WkYz5gNhwKjiw7XpHDdF9W6NlEkYeh78p24iQiTDbrlg5e9gz"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 77ffc5298a997332-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
a.naturalhealthsource.club/api/spots/391866?host=xfantazy.com&ev=197&wh=939&ww=1280&uuid=
135.181.208.216200 OK 0 B URL HTTP/2 a.naturalhealthsource.club/api/spots/391866?host=xfantazy.com&ev=197&wh=939&ww=1280&uuid=
IP 135.181.208.216:0
ASN #24940 Hetzner Online GmbH
GET /api/spots/391866?host=xfantazy.com&ev=197&wh=939&ww=1280&uuid= HTTP/1.1
Host: a.naturalhealthsource.club
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Cookie: nauid=qfxLyNBPRhg9S2EyUD56
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 27 Dec 2022 05:48:56 GMT
content-type: text/javascript; charset=utf-8
vary: Accept-Encoding
cache-control: private
content-encoding: gzip
X-Firefox-Spdy: h2
a.naturalhealthsource.club/api/spots/406857?host=xfantazy.com&ev=197&wh=939&ww=1280&uuid=
135.181.208.216200 OK 0 B URL HTTP/2 a.naturalhealthsource.club/api/spots/406857?host=xfantazy.com&ev=197&wh=939&ww=1280&uuid=
IP 135.181.208.216:0
ASN #24940 Hetzner Online GmbH
GET /api/spots/406857?host=xfantazy.com&ev=197&wh=939&ww=1280&uuid= HTTP/1.1
Host: a.naturalhealthsource.club
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Cookie: nauid=qfxLyNBPRhg9S2EyUD56
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 27 Dec 2022 05:48:56 GMT
content-type: text/javascript; charset=utf-8
vary: Accept-Encoding
cache-control: private
content-encoding: gzip
X-Firefox-Spdy: h2
a.realsrv.com/ad-provider.js
185.76.9.21200 OK 0 B URL HTTP/2 a.realsrv.com/ad-provider.js
IP 185.76.9.21:0
ASN #60068 Datacamp Limited
GET /ad-provider.js HTTP/1.1
Host: a.realsrv.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://a.naturalhealthsource.club/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Tue, 27 Dec 2022 05:48:57 GMT
content-type: application/javascript
etag: W/"f26c91d131ffc1bbddb296d644e"
expires: Fri, 23 Dec 2022 11:55:27 GMT
cache-control: max-age=10800
access-control-allow-origin: *
x-cache-op: HIT
x-accel-expires: @1672120743
server: CDN77-Turbo
x-77-nzt: AblMCRTG8nz/0icAAA
x-77-nzt-ray: af585630aef1182b4987aa6347f8ea0b
x-cache: HIT
x-age: 10194
x-77-pop: stockholmSE
x-77-cache: HIT
content-encoding: gzip
X-Firefox-Spdy: h2
tsyndicate.com/do2/WF8qxoGQpTQRg0uYg8RBqicfsIjfiOk4/master?w=1280&h=1024&tz=0&count=5
148.251.120.78200 OK 0 B URL HTTP/2 tsyndicate.com/do2/WF8qxoGQpTQRg0uYg8RBqicfsIjfiOk4/master?w=1280&h=1024&tz=0&count=5
IP 148.251.120.78:0
ASN #24940 Hetzner Online GmbH
GET /do2/WF8qxoGQpTQRg0uYg8RBqicfsIjfiOk4/master?w=1280&h=1024&tz=0&count=5 HTTP/1.1
Host: tsyndicate.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://a.naturalhealthsource.club
Connection: keep-alive
Referer: https://a.naturalhealthsource.club/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Tue, 27 Dec 2022 05:48:58 GMT
content-type: application/json; charset=utf-8
access-control-allow-origin: https://a.naturalhealthsource.club
access-control-allow-methods: POST, GET, HEAD
access-control-allow-headers: Accept, X-Requested-With, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, X-Legacy
access-control-allow-credentials: true
pragma: no-cache
expires: 0
vary: Accept-Encoding, *
x-api-version: 2
link: <https://lcdn.tsyndicate.com/sdk/v1/b.b.js>; rel=preload; as=script
x-request-id: 56e97a34808bfe1e
set-cookie: ts_uid=de2cff2a-113d-4f84-b305-7aa13a9b2a1c; expires=Tue, 27 Jun 2023 05:48:58 GMT; domain=.tsyndicate.com; path=/; HttpOnly; secure; SameSite=None
bfq=APeIECNCxxYZOGDEwFGjRhcWIsYU3BLjoYgyE2PYuCFDBgwbNWbg6NJH; expires=Wed, 28 Dec 2022 05:48:58 GMT; domain=.tsyndicate.com; path=/; secure; SameSite=None
cache-control: no-cache, no-store, no-transform, must-revalidate, no-transform
x-robots-tag: none, noindex, nofollow
report-to: { "url": "https://pxl.tsyndicate.com/api/v1/heavy-ad/report", "max_age": 86401 }
content-encoding: gzip
X-Firefox-Spdy: h2
static-assets.highwebmedia.com/CACHE/js/output.6f6724a00cb8.js
104.16.94.42200 OK 0 B URL HTTP/2 static-assets.highwebmedia.com/CACHE/js/output.6f6724a00cb8.js
IP 104.16.94.42:0
GET /CACHE/js/output.6f6724a00cb8.js HTTP/1.1
Host: static-assets.highwebmedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://chaturbate.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Tue, 27 Dec 2022 05:48:58 GMT
content-type: application/javascript
cache-control: public, max-age=2592000
cf-bgj: minify
etag: W/"a708027bfbbde438a72a93082d4bc4b5"
last-modified: Thu, 24 Jun 2021 21:24:05 GMT
x-amz-id-2: JSy2VAlm3gAahvlCm5/iqNOQuasckcIrq13CGup8iDmNjJ/I2mSXsAw6q4OzSeK3RH88h3oFZ3U=
x-amz-meta-s3cmd-attrs: md5:a708027bfbbde438a72a93082d4bc4b5
x-amz-request-id: 2D5V5B3Y2TWH6PZC
cf-cache-status: HIT
age: 894094
expires: Thu, 26 Jan 2023 05:48:58 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Ih06qj9ksKbZg1BxhAVdnlUACyNqoX0I%2FNWPAF5s8163kdw%2F43Q6qd0XqoHmOXCs00FPb4z0ErbOHFrCeH0Cx54N40s6JWVe07%2B5GA33TnTI4tcg6CHfIigktxAoftEK5WmIOCTT7oG4XAJ2LANiRQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
set-cookie: _cfuvid=hCuND4.cvVSfgQKz0mUe50W0B9hPVN.qkS2Xy0ro4Y8-1672120138360-0-604800000; path=/; domain=.highwebmedia.com; HttpOnly; Secure; SameSite=None
server: cloudflare
cf-ray: 77ffc530bbff0b39-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
a.naturalhealthsource.club/api/spots/382499?host=xfantazy.com&ev=197&wh=939&ww=1280&uuid=
135.181.208.216200 OK 0 B URL HTTP/2 a.naturalhealthsource.club/api/spots/382499?host=xfantazy.com&ev=197&wh=939&ww=1280&uuid=
IP 135.181.208.216:0
ASN #24940 Hetzner Online GmbH
GET /api/spots/382499?host=xfantazy.com&ev=197&wh=939&ww=1280&uuid= HTTP/1.1
Host: a.naturalhealthsource.club
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Cookie: nauid=qfxLyNBPRhg9S2EyUD56
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 27 Dec 2022 05:48:56 GMT
content-type: text/javascript; charset=utf-8
vary: Accept-Encoding
cache-control: private
content-encoding: gzip
X-Firefox-Spdy: h2