brocc-exe.com/zcvisitor/f226f6f3-fb87-11ed-9db3-1255440d73d9/c2afc6a0-e0ed-11e7-8932-0ad5c55a6ed0
34.238.227.119 0 B URL brocc-exe.com/zcvisitor/f226f6f3-fb87-11ed-9db3-1255440d73d9/c2afc6a0-e0ed-11e7-8932-0ad5c55a6ed0
IP 34.238.227.119:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /zcvisitor/f226f6f3-fb87-11ed-9db3-1255440d73d9/c2afc6a0-e0ed-11e7-8932-0ad5c55a6ed0 HTTP/1.1
Host: brocc-exe.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 302
Date: Fri, 26 May 2023 05:43:23 GMT
Content-Length: 0
Connection: keep-alive
Cache-Control: no-store, no-cache, pre-check=0, post-check=0
content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline'
x-content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline'
X-WebKit-CSP: default-src 'self'; script-src 'self' 'unsafe-inline'
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET,POST,OPTIONS
Access-Control-Allow-Headers: X-Requested-With,Content-Type,x-exadsrtb-version,x-openrtb-version,x-zerortb-version,X-Flag
Location: https://freetrckr.com/bid?click_id=zrf226f6f3fb8711ed9db31255440d73d919c6d82d98a74a5b9eba82d1f31427260736133243d8b87cc2&sub_id=zulu-tye-v4o3rze7p3_rex_ua_mob&l=2008&t=e807a67b57ff274565f78878190ec04e
Server: HeswMdpu
fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2
142.250.74.3 16 kB URL fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2
IP 142.250.74.3:0
File type Web Open Font Format (Version 2), TrueType, length 15860, version 1.0\012- data
Hash e9f5aaf547f165386cd313b995dddd8e
acdef5603c2387b0e5bffd744b679a24a8bc1968
f5aebdfea35d1e7656ef4acc5db1f243209755ae3300943ef8fc6280f363c860
GET /s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://washingtonchronicles2.xyz
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15860
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Sat, 20 May 2023 03:11:48 GMT
expires: Sun, 19 May 2024 03:11:48 GMT
cache-control: public, max-age=31536000
age: 527497
last-modified: Wed, 11 May 2022 19:24:42 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
fonts.googleapis.com/css?family=Roboto:400,700,400i&subset=cyrillic
142.250.74.106 16 kB URL fonts.googleapis.com/css?family=Roboto:400,700,400i&subset=cyrillic
IP 142.250.74.106:0
File type gzip compressed data, max compression\012- data
Hash 7d7d6fedcf8bd50052f0a2803127f8bd
ac65786d3246b9c99b09b0aa434d158eac39556c
1d7532c692ade3cd1b08e37dbf754ea0a488e96269b866467545fbea2461099d
GET /css?family=Roboto:400,700,400i&subset=cyrillic HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://washingtonchronicles2.xyz/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Fri, 26 May 2023 05:43:25 GMT
date: Fri, 26 May 2023 05:43:25 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
imgspics.com/ie?v=4&c=G2FmAuNA1BAowCwELT0cTGi81M0t9Q6s2b9SOx-SYVUhbeZFeUSnF2r0QABgfPC2hL0LU7DEYWw-rNgAe_xB46UmBT5e6xxkljANbw8jhaiHa_mwDmrutWUXViKWJ9mdra9C-8n4JEm2-BZr3fvDiZY7hHh-Vt4WnCfaKxkpgJu2UzZdVSxp6u4_4Um7sjoK4xr3TZg8gVXdmnfHtvvHOGMOUvw27OchudJNK8dGJFcav06UhsLKzTxsmdltakf76dhxIzRP28EUWgBxO3MbLWE_vroJJFBWjm9Q8gksK8unkBxhjw3e9EcwLI4KrWrSrNpMfH4l8k6NEfn7ndpJ5H8DsmlBCQ2SnCZfg5OZAjnEMtq5pqnMBJNkgb4TSs4cz9B-Cnypp0-hUfvDsq1cCWeLJRS2juKovN8mnfBpHBUFBIRrvn1Aw2IFMb8-HfAVmjrc
213.239.207.252 0 B URL imgspics.com/ie?v=4&c=G2FmAuNA1BAowCwELT0cTGi81M0t9Q6s2b9SOx-SYVUhbeZFeUSnF2r0QABgfPC2hL0LU7DEYWw-rNgAe_xB46UmBT5e6xxkljANbw8jhaiHa_mwDmrutWUXViKWJ9mdra9C-8n4JEm2-BZr3fvDiZY7hHh-Vt4WnCfaKxkpgJu2UzZdVSxp6u4_4Um7sjoK4xr3TZg8gVXdmnfHtvvHOGMOUvw27OchudJNK8dGJFcav06UhsLKzTxsmdltakf76dhxIzRP28EUWgBxO3MbLWE_vroJJFBWjm9Q8gksK8unkBxhjw3e9EcwLI4KrWrSrNpMfH4l8k6NEfn7ndpJ5H8DsmlBCQ2SnCZfg5OZAjnEMtq5pqnMBJNkgb4TSs4cz9B-Cnypp0-hUfvDsq1cCWeLJRS2juKovN8mnfBpHBUFBIRrvn1Aw2IFMb8-HfAVmjrc
IP 213.239.207.252:0
ASN #24940 Hetzner Online GmbH
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /ie?v=4&c=G2FmAuNA1BAowCwELT0cTGi81M0t9Q6s2b9SOx-SYVUhbeZFeUSnF2r0QABgfPC2hL0LU7DEYWw-rNgAe_xB46UmBT5e6xxkljANbw8jhaiHa_mwDmrutWUXViKWJ9mdra9C-8n4JEm2-BZr3fvDiZY7hHh-Vt4WnCfaKxkpgJu2UzZdVSxp6u4_4Um7sjoK4xr3TZg8gVXdmnfHtvvHOGMOUvw27OchudJNK8dGJFcav06UhsLKzTxsmdltakf76dhxIzRP28EUWgBxO3MbLWE_vroJJFBWjm9Q8gksK8unkBxhjw3e9EcwLI4KrWrSrNpMfH4l8k6NEfn7ndpJ5H8DsmlBCQ2SnCZfg5OZAjnEMtq5pqnMBJNkgb4TSs4cz9B-Cnypp0-hUfvDsq1cCWeLJRS2juKovN8mnfBpHBUFBIRrvn1Aw2IFMb8-HfAVmjrc HTTP/1.1
Host: imgspics.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://washingtonchronicles2.xyz/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 301 Moved Permanently
server: fasthttp
date: Fri, 26 May 2023 05:43:24 GMT
content-length: 0
location: https://img.vmmcdn.com/get/26448872/75476_image.jpg
x-app-id: 12
imgspics.com/ie?v=4&c=wLR0H4vpBYO2I8fmWXzOdc3EePjJihnlLFAbKBMmIfBC8SJctew2h47AbhVZHnLG_r8XW95BteqrrOm6VPPPrkzhbbzBTrFrnFvfrIx9bJtXhGEs5njHP9hDByw8GJydjOmiXDzRcfKEurN1tT9AvhkRKWdB49B8WASGKowSNb8Nv99yW3eQHouvecgD-aUGH2wyhM0BzwWvZKBcX0GnOiHS1CHcHjfGbaTa7kXTU1wqw31W3YJ7cdJ6BXzZo9zQJXBDG8j6r2iygQY9q1lC4wnt8O-epXCcYWLrwGjKH4fktjD4Ll3JN2-xchryO93TbJXjiIOEvE-k94mvWR1s4UZ9tkEAPa8qveTKZiN2sATifjNGm8T048UFv4yDSfSN5GlsaHga3pLYFe6IG0PUDiINNrtZQgJmlphtzo8CqdF1W4v81nn7wp537pM76TlFAaI8
213.239.207.252 0 B URL imgspics.com/ie?v=4&c=wLR0H4vpBYO2I8fmWXzOdc3EePjJihnlLFAbKBMmIfBC8SJctew2h47AbhVZHnLG_r8XW95BteqrrOm6VPPPrkzhbbzBTrFrnFvfrIx9bJtXhGEs5njHP9hDByw8GJydjOmiXDzRcfKEurN1tT9AvhkRKWdB49B8WASGKowSNb8Nv99yW3eQHouvecgD-aUGH2wyhM0BzwWvZKBcX0GnOiHS1CHcHjfGbaTa7kXTU1wqw31W3YJ7cdJ6BXzZo9zQJXBDG8j6r2iygQY9q1lC4wnt8O-epXCcYWLrwGjKH4fktjD4Ll3JN2-xchryO93TbJXjiIOEvE-k94mvWR1s4UZ9tkEAPa8qveTKZiN2sATifjNGm8T048UFv4yDSfSN5GlsaHga3pLYFe6IG0PUDiINNrtZQgJmlphtzo8CqdF1W4v81nn7wp537pM76TlFAaI8
IP 213.239.207.252:0
ASN #24940 Hetzner Online GmbH
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /ie?v=4&c=wLR0H4vpBYO2I8fmWXzOdc3EePjJihnlLFAbKBMmIfBC8SJctew2h47AbhVZHnLG_r8XW95BteqrrOm6VPPPrkzhbbzBTrFrnFvfrIx9bJtXhGEs5njHP9hDByw8GJydjOmiXDzRcfKEurN1tT9AvhkRKWdB49B8WASGKowSNb8Nv99yW3eQHouvecgD-aUGH2wyhM0BzwWvZKBcX0GnOiHS1CHcHjfGbaTa7kXTU1wqw31W3YJ7cdJ6BXzZo9zQJXBDG8j6r2iygQY9q1lC4wnt8O-epXCcYWLrwGjKH4fktjD4Ll3JN2-xchryO93TbJXjiIOEvE-k94mvWR1s4UZ9tkEAPa8qveTKZiN2sATifjNGm8T048UFv4yDSfSN5GlsaHga3pLYFe6IG0PUDiINNrtZQgJmlphtzo8CqdF1W4v81nn7wp537pM76TlFAaI8 HTTP/1.1
Host: imgspics.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://washingtonchronicles2.xyz/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 301 Moved Permanently
server: fasthttp
date: Fri, 26 May 2023 05:43:24 GMT
content-length: 0
location: https://img.vmmcdn.com/get/26448872/75476_image.jpg
x-app-id: 12
imgspics.com/ie?v=4&c=AiUkHiXkSP_p1ttaqRtuevtUQVAmB9RvzhoXQiDH5HmMLuVfb9ZXXZA5QJ17Aw90Jcji8_3NBf3AMiu4TOFKVMI8G5HCOU1pKQ5_IInPYketur04HlRD_DNqzi0p32K5-7H-eBI1XNwd1amqmONdfGAk3kFH_-E0TiX6AJaULqs6bWNYyWD5-yDobrhKueyr4qUKshUHw3HQQrh6PoQrnuWhhH_PVCkWpmkwfwB4OFPfnsiqDpA0TM1lMuXxr-R2Fu09RNEswKcpSxaxdutsLManEThCs4WgEvgo0pW_O2W3CeMr-ypOlOqOtmOLc171Fi19kftnUGGxKqwW23KCGyHSeFqjcBnXdf4Cx0o-qIT8Mfpz_l1ZE9cp4bSde8Jo-HOhchBim2QTMLXOLds3IfWbibWSudX3adzXlIlr-ZxRiMclVg==
213.239.207.252 0 B URL imgspics.com/ie?v=4&c=AiUkHiXkSP_p1ttaqRtuevtUQVAmB9RvzhoXQiDH5HmMLuVfb9ZXXZA5QJ17Aw90Jcji8_3NBf3AMiu4TOFKVMI8G5HCOU1pKQ5_IInPYketur04HlRD_DNqzi0p32K5-7H-eBI1XNwd1amqmONdfGAk3kFH_-E0TiX6AJaULqs6bWNYyWD5-yDobrhKueyr4qUKshUHw3HQQrh6PoQrnuWhhH_PVCkWpmkwfwB4OFPfnsiqDpA0TM1lMuXxr-R2Fu09RNEswKcpSxaxdutsLManEThCs4WgEvgo0pW_O2W3CeMr-ypOlOqOtmOLc171Fi19kftnUGGxKqwW23KCGyHSeFqjcBnXdf4Cx0o-qIT8Mfpz_l1ZE9cp4bSde8Jo-HOhchBim2QTMLXOLds3IfWbibWSudX3adzXlIlr-ZxRiMclVg==
IP 213.239.207.252:0
ASN #24940 Hetzner Online GmbH
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /ie?v=4&c=AiUkHiXkSP_p1ttaqRtuevtUQVAmB9RvzhoXQiDH5HmMLuVfb9ZXXZA5QJ17Aw90Jcji8_3NBf3AMiu4TOFKVMI8G5HCOU1pKQ5_IInPYketur04HlRD_DNqzi0p32K5-7H-eBI1XNwd1amqmONdfGAk3kFH_-E0TiX6AJaULqs6bWNYyWD5-yDobrhKueyr4qUKshUHw3HQQrh6PoQrnuWhhH_PVCkWpmkwfwB4OFPfnsiqDpA0TM1lMuXxr-R2Fu09RNEswKcpSxaxdutsLManEThCs4WgEvgo0pW_O2W3CeMr-ypOlOqOtmOLc171Fi19kftnUGGxKqwW23KCGyHSeFqjcBnXdf4Cx0o-qIT8Mfpz_l1ZE9cp4bSde8Jo-HOhchBim2QTMLXOLds3IfWbibWSudX3adzXlIlr-ZxRiMclVg== HTTP/1.1
Host: imgspics.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://washingtonchronicles2.xyz/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 301 Moved Permanently
server: fasthttp
date: Fri, 26 May 2023 05:43:24 GMT
content-length: 0
location: https://img.vmmcdn.com/get/27344484/261868_image.png
x-app-id: 12
img.vmmcdn.com/get/27344484/261868_image.png
138.201.51.142 35 kB URL img.vmmcdn.com/get/27344484/261868_image.png
IP 138.201.51.142:0
ASN #24940 Hetzner Online GmbH
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 80", baseline, precision 8, 720x480, components 3\012- data
Hash 2f626ef8f136d2346b5da548d9c20499
37e5d20e29ac0ed0f323682738abb23fc1eaf779
dd316c3092663d4a696534f15c14bf22a7b8552e378e8cdf80f1a4f6508517f4
GET /get/27344484/261868_image.png HTTP/1.1
Host: img.vmmcdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://washingtonchronicles2.xyz/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: openresty
Date: Fri, 26 May 2023 05:43:25 GMT
Content-Type: image/png
Content-Length: 35248
Connection: keep-alive
Last-Modified: Tue, 17 Jan 2023 12:20:24 GMT
Cache-Control: public, max-age=604800
ETag: "63c69288-89b0"
X-Proxy-Cache: HIT
Accept-Ranges: bytes
img.vmmcdn.com/get/26448872/75476_image.jpg
138.201.51.142 46 kB URL img.vmmcdn.com/get/26448872/75476_image.jpg
IP 138.201.51.142:0
ASN #24940 Hetzner Online GmbH
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 80", baseline, precision 8, 720x480, components 3\012- data
Hash 20c6f2c347c19fb76f0d370460f5b550
5b557d236aaecd94ddaea0295f953ed69423e9d7
6b8ae8c7f603f02d7dc699c8cf4d9d7f26f027811c040be03a59d43a2d652066
GET /get/26448872/75476_image.jpg HTTP/1.1
Host: img.vmmcdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://washingtonchronicles2.xyz/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: openresty
Date: Fri, 26 May 2023 05:43:25 GMT
Content-Type: image/jpeg
Content-Length: 46331
Connection: keep-alive
Last-Modified: Fri, 10 Dec 2021 08:18:56 GMT
Cache-Control: public, max-age=604800
ETag: "61b30d70-b4fb"
X-Proxy-Cache: HIT
Accept-Ranges: bytes
img.vmmcdn.com/get/26448872/75476_image.jpg
138.201.51.142 46 kB URL img.vmmcdn.com/get/26448872/75476_image.jpg
IP 138.201.51.142:0
ASN #24940 Hetzner Online GmbH
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 80", baseline, precision 8, 720x480, components 3\012- data
Hash 20c6f2c347c19fb76f0d370460f5b550
5b557d236aaecd94ddaea0295f953ed69423e9d7
6b8ae8c7f603f02d7dc699c8cf4d9d7f26f027811c040be03a59d43a2d652066
GET /get/26448872/75476_image.jpg HTTP/1.1
Host: img.vmmcdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://washingtonchronicles2.xyz/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: openresty
Date: Fri, 26 May 2023 05:43:25 GMT
Content-Type: image/jpeg
Content-Length: 46331
Connection: keep-alive
Last-Modified: Fri, 10 Dec 2021 08:18:56 GMT
Cache-Control: public, max-age=604800
ETag: "61b30d70-b4fb"
X-Proxy-Cache: HIT
Accept-Ranges: bytes
imgspics.com/ie?v=4&c=aW0kQBK7LvwcXwNtF8dLEYQ-DmFu7eZsmOFCpfZF1GX9Qq89bw1xKQP_YOeLwZ4EzDyaI0L4-T_Fcd0ah66-RoykcZ0Av0HL9rMJeFqcM86cFMb8i0ODcvM05yBMvYq2705hNkGUpKj9Jl0Fuy-oQ9Fm4wvAU6EhWQNB9U7AuFxUaRnO6LEjM8zQXbp-0SWLaDQv7C8GcZh6lLciez3J8YdrJZOvyxIr0b7iWOyBViN6x1BWilg_ntqrIxrasIfwG_SyJabQw6c9rkj7QbkqRagReN8QyEFR2HrAJrxKxKJ0JA8AiU26hL-DitDS7X_iwcTaUxHaW0Y02d6hxBjN7yejekSFEvZI23y41K0mwMZZSivOH_1vDIJjpaf5ObP2XRaZNdy1Xpzd3JLMGIhOEQ9I6GPI6GjeyJcp9Py0z1qzMfGaaH5mqxrfZpUjYQ0syNQ7&v1=1531&v2=78053
213.239.207.252 0 B URL imgspics.com/ie?v=4&c=aW0kQBK7LvwcXwNtF8dLEYQ-DmFu7eZsmOFCpfZF1GX9Qq89bw1xKQP_YOeLwZ4EzDyaI0L4-T_Fcd0ah66-RoykcZ0Av0HL9rMJeFqcM86cFMb8i0ODcvM05yBMvYq2705hNkGUpKj9Jl0Fuy-oQ9Fm4wvAU6EhWQNB9U7AuFxUaRnO6LEjM8zQXbp-0SWLaDQv7C8GcZh6lLciez3J8YdrJZOvyxIr0b7iWOyBViN6x1BWilg_ntqrIxrasIfwG_SyJabQw6c9rkj7QbkqRagReN8QyEFR2HrAJrxKxKJ0JA8AiU26hL-DitDS7X_iwcTaUxHaW0Y02d6hxBjN7yejekSFEvZI23y41K0mwMZZSivOH_1vDIJjpaf5ObP2XRaZNdy1Xpzd3JLMGIhOEQ9I6GPI6GjeyJcp9Py0z1qzMfGaaH5mqxrfZpUjYQ0syNQ7&v1=1531&v2=78053
IP 213.239.207.252:0
ASN #24940 Hetzner Online GmbH
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /ie?v=4&c=aW0kQBK7LvwcXwNtF8dLEYQ-DmFu7eZsmOFCpfZF1GX9Qq89bw1xKQP_YOeLwZ4EzDyaI0L4-T_Fcd0ah66-RoykcZ0Av0HL9rMJeFqcM86cFMb8i0ODcvM05yBMvYq2705hNkGUpKj9Jl0Fuy-oQ9Fm4wvAU6EhWQNB9U7AuFxUaRnO6LEjM8zQXbp-0SWLaDQv7C8GcZh6lLciez3J8YdrJZOvyxIr0b7iWOyBViN6x1BWilg_ntqrIxrasIfwG_SyJabQw6c9rkj7QbkqRagReN8QyEFR2HrAJrxKxKJ0JA8AiU26hL-DitDS7X_iwcTaUxHaW0Y02d6hxBjN7yejekSFEvZI23y41K0mwMZZSivOH_1vDIJjpaf5ObP2XRaZNdy1Xpzd3JLMGIhOEQ9I6GPI6GjeyJcp9Py0z1qzMfGaaH5mqxrfZpUjYQ0syNQ7&v1=1531&v2=78053 HTTP/1.1
Host: imgspics.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://washingtonchronicles2.xyz/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 301 Moved Permanently
server: fasthttp
date: Fri, 26 May 2023 05:43:25 GMT
content-length: 0
location: https://img.vmmcdn.com/get/75859017/261868_icon.png
x-app-id: 12
imgspics.com/ie?v=4&c=1Z8Eccgan-FIdyAPWmzx07-DtAp2L96UjXpaM-wJsqa4eUpE1MxhoU8dRC7IzQuqpbrIIGCfASn3giVqKas0wlgrgAkJrnr17TrzS45PGeVcZgwNl6FU5DzpIkz7fH3MGJmlvDJ31DaqPcBG9mdXihFW9xUmjYSehlZU0BB0yktOMtGN2catuhxewJJRiDvlpCWrPeKfeBeAPq7PFDQMPSjw8NoxZDB_nKd1eFwL9FcFZEhwJ1OGLGc9bOe4fJNWikNC2aW96RiIRgOB0RWH2VrwWRtMNeEqAsSQeWiO62q41GfuxPCwLS6PrD-sLfo0pv8CHwJZmIopNbiuhwtRgTy4q120M7_xjyIgzxkLSXCQ1Zn-9THLeGyXGgWTr5LtRTbj5Lev6AmW1oTsIz0ngROjhqjwx2X1mwBrM5pqfPOPPi3EDzV3l7D1iWCdOgmGfEc=&v1=1532&v2=51057
213.239.207.252 0 B URL imgspics.com/ie?v=4&c=1Z8Eccgan-FIdyAPWmzx07-DtAp2L96UjXpaM-wJsqa4eUpE1MxhoU8dRC7IzQuqpbrIIGCfASn3giVqKas0wlgrgAkJrnr17TrzS45PGeVcZgwNl6FU5DzpIkz7fH3MGJmlvDJ31DaqPcBG9mdXihFW9xUmjYSehlZU0BB0yktOMtGN2catuhxewJJRiDvlpCWrPeKfeBeAPq7PFDQMPSjw8NoxZDB_nKd1eFwL9FcFZEhwJ1OGLGc9bOe4fJNWikNC2aW96RiIRgOB0RWH2VrwWRtMNeEqAsSQeWiO62q41GfuxPCwLS6PrD-sLfo0pv8CHwJZmIopNbiuhwtRgTy4q120M7_xjyIgzxkLSXCQ1Zn-9THLeGyXGgWTr5LtRTbj5Lev6AmW1oTsIz0ngROjhqjwx2X1mwBrM5pqfPOPPi3EDzV3l7D1iWCdOgmGfEc=&v1=1532&v2=51057
IP 213.239.207.252:0
ASN #24940 Hetzner Online GmbH
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /ie?v=4&c=1Z8Eccgan-FIdyAPWmzx07-DtAp2L96UjXpaM-wJsqa4eUpE1MxhoU8dRC7IzQuqpbrIIGCfASn3giVqKas0wlgrgAkJrnr17TrzS45PGeVcZgwNl6FU5DzpIkz7fH3MGJmlvDJ31DaqPcBG9mdXihFW9xUmjYSehlZU0BB0yktOMtGN2catuhxewJJRiDvlpCWrPeKfeBeAPq7PFDQMPSjw8NoxZDB_nKd1eFwL9FcFZEhwJ1OGLGc9bOe4fJNWikNC2aW96RiIRgOB0RWH2VrwWRtMNeEqAsSQeWiO62q41GfuxPCwLS6PrD-sLfo0pv8CHwJZmIopNbiuhwtRgTy4q120M7_xjyIgzxkLSXCQ1Zn-9THLeGyXGgWTr5LtRTbj5Lev6AmW1oTsIz0ngROjhqjwx2X1mwBrM5pqfPOPPi3EDzV3l7D1iWCdOgmGfEc=&v1=1532&v2=51057 HTTP/1.1
Host: imgspics.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://washingtonchronicles2.xyz/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 301 Moved Permanently
server: fasthttp
date: Fri, 26 May 2023 05:43:25 GMT
content-length: 0
location: https://img.vmmcdn.com/get/17593001/75476_icon.png
x-app-id: 12
img.vmmcdn.com/get/75859017/261868_icon.png
138.201.51.142 78 kB URL img.vmmcdn.com/get/75859017/261868_icon.png
IP 138.201.51.142:0
ASN #24940 Hetzner Online GmbH
File type PNG image data, 192 x 192, 8-bit/color RGBA, non-interlaced\012- data
Hash 53282b73b589873fa79c738c03b4e47d
ca5ab91a4e36ebddd6b326fa67071e915415085d
530d10989a16c4cbdec879d1f82bb200fe63f5fb111179d873354058460dacc8
GET /get/75859017/261868_icon.png HTTP/1.1
Host: img.vmmcdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://washingtonchronicles2.xyz/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: openresty
Date: Fri, 26 May 2023 05:43:26 GMT
Content-Type: image/png
Content-Length: 78410
Connection: keep-alive
Last-Modified: Tue, 17 Jan 2023 12:20:24 GMT
Cache-Control: public, max-age=604800
ETag: "63c69288-1324a"
X-Proxy-Cache: HIT
Accept-Ranges: bytes
img.vmmcdn.com/get/17593001/75476_icon.png
138.201.51.142 75 kB URL img.vmmcdn.com/get/17593001/75476_icon.png
IP 138.201.51.142:0
ASN #24940 Hetzner Online GmbH
File type PNG image data, 192 x 192, 8-bit/color RGBA, non-interlaced\012- data
Hash fd6ed6571defe6731d7a9c8b145bf486
7a9e544d7341aef7b0c83162ce8482be032ab14e
0d4a25737f9e4b5d8b737d7cfa08702df916b7db65d5866e77cc85fb67145221
GET /get/17593001/75476_icon.png HTTP/1.1
Host: img.vmmcdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://washingtonchronicles2.xyz/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: openresty
Date: Fri, 26 May 2023 05:43:26 GMT
Content-Type: image/png
Content-Length: 74960
Connection: keep-alive
Last-Modified: Fri, 10 Dec 2021 08:18:56 GMT
Cache-Control: public, max-age=604800
ETag: "61b30d70-124d0"
X-Proxy-Cache: HIT
Accept-Ranges: bytes
imgspics.com/ie?v=4&c=jyCilZwwh9dcAn8Hifao_gOuReyVuquOFifXRqGZtL1VVq3nABHB4652Fe1S2yLy3n-bBOK6smZ9-3fuyVlqBpra3EkB5nlyHm4cZibj7FA1zDDePlEXLZB0b5xuxi6WzLGtdwKLNlT57bM8H9Y9Sky1ywUBva2BR5U1CX5tYLqhe1lTmpNh0TrXX3ahvUDNt2KYs9oxi6oKen13MttVAIqT7EVNBG9MNfrdf75gN26XLvZfV2GYZOu1aF1PZen2yMLf_0Ph0z5RykgnGizF4dcLk0lKPjAy05Vx23oIA6pJ7pJaU_1U-eF1NFmB1TD9mQVz0sZTNsZ-Tet1xq-wcC8B2shcWKHBlc6Z3ZQs4khIxWJzgTt9uOGgRtJ2ep5o12JrdbExTc4xTp9gP3fWpYnaB0x5ViYjly7tX4NJ7g7Dz_Wag55dPR0zaxKr5ZStJRU=&v1=1532&v2=51057
213.239.207.252 0 B URL imgspics.com/ie?v=4&c=jyCilZwwh9dcAn8Hifao_gOuReyVuquOFifXRqGZtL1VVq3nABHB4652Fe1S2yLy3n-bBOK6smZ9-3fuyVlqBpra3EkB5nlyHm4cZibj7FA1zDDePlEXLZB0b5xuxi6WzLGtdwKLNlT57bM8H9Y9Sky1ywUBva2BR5U1CX5tYLqhe1lTmpNh0TrXX3ahvUDNt2KYs9oxi6oKen13MttVAIqT7EVNBG9MNfrdf75gN26XLvZfV2GYZOu1aF1PZen2yMLf_0Ph0z5RykgnGizF4dcLk0lKPjAy05Vx23oIA6pJ7pJaU_1U-eF1NFmB1TD9mQVz0sZTNsZ-Tet1xq-wcC8B2shcWKHBlc6Z3ZQs4khIxWJzgTt9uOGgRtJ2ep5o12JrdbExTc4xTp9gP3fWpYnaB0x5ViYjly7tX4NJ7g7Dz_Wag55dPR0zaxKr5ZStJRU=&v1=1532&v2=51057
IP 213.239.207.252:0
ASN #24940 Hetzner Online GmbH
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /ie?v=4&c=jyCilZwwh9dcAn8Hifao_gOuReyVuquOFifXRqGZtL1VVq3nABHB4652Fe1S2yLy3n-bBOK6smZ9-3fuyVlqBpra3EkB5nlyHm4cZibj7FA1zDDePlEXLZB0b5xuxi6WzLGtdwKLNlT57bM8H9Y9Sky1ywUBva2BR5U1CX5tYLqhe1lTmpNh0TrXX3ahvUDNt2KYs9oxi6oKen13MttVAIqT7EVNBG9MNfrdf75gN26XLvZfV2GYZOu1aF1PZen2yMLf_0Ph0z5RykgnGizF4dcLk0lKPjAy05Vx23oIA6pJ7pJaU_1U-eF1NFmB1TD9mQVz0sZTNsZ-Tet1xq-wcC8B2shcWKHBlc6Z3ZQs4khIxWJzgTt9uOGgRtJ2ep5o12JrdbExTc4xTp9gP3fWpYnaB0x5ViYjly7tX4NJ7g7Dz_Wag55dPR0zaxKr5ZStJRU=&v1=1532&v2=51057 HTTP/1.1
Host: imgspics.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://washingtonchronicles2.xyz/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 301 Moved Permanently
server: fasthttp
date: Fri, 26 May 2023 05:43:25 GMT
content-length: 0
location: https://img.vmmcdn.com/get/17593001/75476_icon.png
x-app-id: 12
img.vmmcdn.com/get/17593001/75476_icon.png
138.201.51.142 75 kB URL img.vmmcdn.com/get/17593001/75476_icon.png
IP 138.201.51.142:0
ASN #24940 Hetzner Online GmbH
File type PNG image data, 192 x 192, 8-bit/color RGBA, non-interlaced\012- data
Hash fd6ed6571defe6731d7a9c8b145bf486
7a9e544d7341aef7b0c83162ce8482be032ab14e
0d4a25737f9e4b5d8b737d7cfa08702df916b7db65d5866e77cc85fb67145221
GET /get/17593001/75476_icon.png HTTP/1.1
Host: img.vmmcdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://washingtonchronicles2.xyz/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: openresty
Date: Fri, 26 May 2023 05:43:26 GMT
Content-Type: image/png
Content-Length: 74960
Connection: keep-alive
Last-Modified: Fri, 10 Dec 2021 08:18:56 GMT
Cache-Control: public, max-age=604800
ETag: "61b30d70-124d0"
X-Proxy-Cache: HIT
Accept-Ranges: bytes
iopsdepo.com/ie?v=4&c=lpXSeXcdPy9zCPfx2B6N9Yp8GwDj_EeyaYn_7cgdHRn9OzXH0_gXVIUQ3jo0pjrGMrUmBNHImpnATUqHS3ghDbdN3B_5D948Br96etsvZ1r3FeTcCM6ctvd4BqSrXbcmEO_1g0pG2_HeED-CP2RP31_XOIZdYKNZuTPTU96TJGyVtKH0NAk_TrqgsIL6oMjUVDs6U3rl_GHUxLLnLwZQPnv4b5OeLCZsF89AYENvNABk1t7l-cEmMl8w33vWHo5ovMlr38DQ2U4a2HRO__b38CgC0Mk7llq0z2HiQTlwWae2cBP6DJBgpYqAU-EZX09VzuTpDa1tub8jQ3NPATz6aHQ8KzMemWlhacxqPMltxmaPwQvF8UjmaiU9OUu-FKMsjJeTX1pV5C80dSbQ8wGgnkH3gmbHbrdqQUrs17D4xstld_4INrr2mc6WAmZvaLGpyW-NS5e3YCokzlirnuCp_z1U3vp1IiPB6G4aHA86uLUprvLrA5h0RZaA9kABiyLSRbqr8r-epHM_2Sx-
157.90.94.146 0 B URL iopsdepo.com/ie?v=4&c=lpXSeXcdPy9zCPfx2B6N9Yp8GwDj_EeyaYn_7cgdHRn9OzXH0_gXVIUQ3jo0pjrGMrUmBNHImpnATUqHS3ghDbdN3B_5D948Br96etsvZ1r3FeTcCM6ctvd4BqSrXbcmEO_1g0pG2_HeED-CP2RP31_XOIZdYKNZuTPTU96TJGyVtKH0NAk_TrqgsIL6oMjUVDs6U3rl_GHUxLLnLwZQPnv4b5OeLCZsF89AYENvNABk1t7l-cEmMl8w33vWHo5ovMlr38DQ2U4a2HRO__b38CgC0Mk7llq0z2HiQTlwWae2cBP6DJBgpYqAU-EZX09VzuTpDa1tub8jQ3NPATz6aHQ8KzMemWlhacxqPMltxmaPwQvF8UjmaiU9OUu-FKMsjJeTX1pV5C80dSbQ8wGgnkH3gmbHbrdqQUrs17D4xstld_4INrr2mc6WAmZvaLGpyW-NS5e3YCokzlirnuCp_z1U3vp1IiPB6G4aHA86uLUprvLrA5h0RZaA9kABiyLSRbqr8r-epHM_2Sx-
IP 157.90.94.146:0
ASN #24940 Hetzner Online GmbH
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /ie?v=4&c=lpXSeXcdPy9zCPfx2B6N9Yp8GwDj_EeyaYn_7cgdHRn9OzXH0_gXVIUQ3jo0pjrGMrUmBNHImpnATUqHS3ghDbdN3B_5D948Br96etsvZ1r3FeTcCM6ctvd4BqSrXbcmEO_1g0pG2_HeED-CP2RP31_XOIZdYKNZuTPTU96TJGyVtKH0NAk_TrqgsIL6oMjUVDs6U3rl_GHUxLLnLwZQPnv4b5OeLCZsF89AYENvNABk1t7l-cEmMl8w33vWHo5ovMlr38DQ2U4a2HRO__b38CgC0Mk7llq0z2HiQTlwWae2cBP6DJBgpYqAU-EZX09VzuTpDa1tub8jQ3NPATz6aHQ8KzMemWlhacxqPMltxmaPwQvF8UjmaiU9OUu-FKMsjJeTX1pV5C80dSbQ8wGgnkH3gmbHbrdqQUrs17D4xstld_4INrr2mc6WAmZvaLGpyW-NS5e3YCokzlirnuCp_z1U3vp1IiPB6G4aHA86uLUprvLrA5h0RZaA9kABiyLSRbqr8r-epHM_2Sx- HTTP/1.1
Host: iopsdepo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 301 Moved Permanently
server: fasthttp
date: Fri, 26 May 2023 05:43:28 GMT
content-length: 0
location: http://intrafic22.com/lenite.cgi?9&group=cn&set=vmm&siteid=1532&clckid=cho4dutam5jofsv2tht0&camp=&creativeid=75476
x-app-id: 13
intrafic22.com/lenite.cgi?9&group=cn&set=vmm&siteid=1532&clckid=cho4dutam5jofsv2tht0&camp=&creativeid=75476
89.108.98.72 358 B URL intrafic22.com/lenite.cgi?9&group=cn&set=vmm&siteid=1532&clckid=cho4dutam5jofsv2tht0&camp=&creativeid=75476
IP 89.108.98.72:0
ASN #197695 Domain names registrar REG.RU, Ltd
File type HTML document text\012- HTML document text\012- HTML document, ASCII text
Hash fa562cdaad8c3a409aafe04a7f9b1b53
d9dab0aa97f25718c6e6a7947ea8d27461eec078
df537fe35282d48c342246137ce9953dcae964088b78d0caa0902d1851cf5b2a
NIDS Severity Alert suricata high ET EXPLOIT_KIT TDS Sutra - page redirecting to a SutraTDS
suricata high ET EXPLOIT_KIT TDS Sutra - HTTP header redirecting to a SutraTDS
suricata high ET EXPLOIT_KIT TDS Sutra - cookie set RULEZ
GET /lenite.cgi?9&group=cn&set=vmm&siteid=1532&clckid=cho4dutam5jofsv2tht0&camp=&creativeid=75476 HTTP/1.1
Host: intrafic22.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 302 Found
Server: nginx/1.20.2
Date: Fri, 26 May 2023 05:43:28 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: CS=1234567890sutraRULEZcookiessupport; expires=Sat, 25-May-2024 05:43:28 GMT; path=/; domain=intrafic22.com
Location: http://intrafic22.com/in.cgi?9&group=cn&set=vmm&siteid=1532&clckid=cho4dutam5jofsv2tht0&camp=&creativeid=75476&CS=1
intrafic22.com/in.cgi?9&group=cn&set=vmm&siteid=1532&clckid=cho4dutam5jofsv2tht0&camp=&creativeid=75476&CS=1
89.108.98.72 316 B URL intrafic22.com/in.cgi?9&group=cn&set=vmm&siteid=1532&clckid=cho4dutam5jofsv2tht0&camp=&creativeid=75476&CS=1
IP 89.108.98.72:0
ASN #197695 Domain names registrar REG.RU, Ltd
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash e83feb779a270666df137026e2350707
19fbb50936e1af80a4f305955e812a9e3804ca2e
09bb1f2eb749692a75673537dfe7878b5a9e0e72b49086fd0114a1cb69912b41
NIDS Severity Alert suricata high ET EXPLOIT_KIT TDS Sutra - request in.cgi
suricata high ET EXPLOIT_KIT TDS Sutra - cookie is set RULEZ
GET /in.cgi?9&group=cn&set=vmm&siteid=1532&clckid=cho4dutam5jofsv2tht0&camp=&creativeid=75476&CS=1 HTTP/1.1
Host: intrafic22.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Cookie: CS=1234567890sutraRULEZcookiessupport
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 302 Found
Server: nginx/1.20.2
Date: Fri, 26 May 2023 05:43:28 GMT
Content-Type: text/html; charset=iso-8859-1
Content-Length: 316
Connection: keep-alive
Set-Cookie: zorvm=zLcsADkAAgAYAABHcGT__wBHcGRAAAEAAAAAR3BkMTMAAgAWAABHcGT__wBHcGQA; expires=Sat, 25-May-2024 05:43:28 GMT; path=/; domain=intrafic22.com
Location: https://sfwdg.starssp.top/?pl=eEeNQaJCPEWE-YSBnP-wPw
sfwdg.starssp.top/?pl=eEeNQaJCPEWE-YSBnP-wPw
185.155.184.84 0 B URL sfwdg.starssp.top/?pl=eEeNQaJCPEWE-YSBnP-wPw
IP 185.155.184.84:0
ASN #6898 SERVER.swiss Sagl
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert fortinet Malware
quad9 Sinkholed
GET /?pl=eEeNQaJCPEWE-YSBnP-wPw HTTP/1.1
Host: sfwdg.starssp.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 302 Found
server: nginx
date: Fri, 26 May 2023 05:43:28 GMT
content-length: 0
location: https://sfwdg.crystalcrafter.top/video-bit/?pl=eEeNQaJCPEWE-YSBnP-wPw&sm=video-bit&hash=IDh3zRa4hppgwpEpdEiN6g&exp=1685080108
set-cookie: eEeNQaJCPEWE-YSBnP-wPw=16; max-age=345600; path=/; samesite=lax
__pl=e3afe5da-3b2c-4c8d-9fd1-9cc09777047f; expires=Mon, 26 May 2025 05:43:28 GMT; path=/; samesite=lax
__cap=1; max-age=3600; path=/; samesite=lax
cache-control: max-age=0, no-cache, no-store, must-revalidate
X-Firefox-Spdy: h2
sfwdg.crystalcrafter.top/video-bit/assets/mobile-header.jpg
104.21.7.3 16 kB URL sfwdg.crystalcrafter.top/video-bit/assets/mobile-header.jpg
IP 104.21.7.3:0
File type JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 623x71, components 3\012- data
Hash cd2599ebcf088e38b0136da54be6056b
831aa894f796523bb13da5295773fad0adf08a43
bad51e23bda3b86050e80b64301111fb7dab284ef6a5d40bc042f711d6844f5a
GET /video-bit/assets/mobile-header.jpg HTTP/1.1
Host: sfwdg.crystalcrafter.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://sfwdg.crystalcrafter.top/video-bit/?pl=eEeNQaJCPEWE-YSBnP-wPw&sm=video-bit&hash=IDh3zRa4hppgwpEpdEiN6g&exp=1685080108
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Fri, 26 May 2023 05:43:29 GMT
content-type: image/jpeg
content-length: 15684
last-modified: Tue, 18 Apr 2023 07:09:02 GMT
etag: "643e420e-3d44"
cache-control: max-age=14400
cf-cache-status: REVALIDATED
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=BbeCkFBKmh0CT%2FsoFAwyD7ZlhBuMlB6uGEtaJEGstuVY8Aklayq8JqTcXHS54WwUAgVAF8bIwiGS1JHU%2FvlybfLHmtEIRN6KpMN2Vssv7nT%2FMQ%2FaJzSrN3B9HwpSEoZR%2F1IOQU78fdjQ%2B00%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7cd3b3682dca1c0e-OSL
alt-svc: h3=":443"; ma=86400
sfwdg.crystalcrafter.top/video-bit/assets/pc-header.jpg
104.21.7.3 78 kB URL sfwdg.crystalcrafter.top/video-bit/assets/pc-header.jpg
IP 104.21.7.3:0
File type JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 1920x124, components 3\012- data
Hash 7b5471d796895489e8526d789b9d40f6
0239e9afbff1cf03adb273fd5b24e68f17f52659
f41b722bec971578de0605c37b14b241965d46d70c41becf7b153b2882478eac
GET /video-bit/assets/pc-header.jpg HTTP/1.1
Host: sfwdg.crystalcrafter.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://sfwdg.crystalcrafter.top/video-bit/?pl=eEeNQaJCPEWE-YSBnP-wPw&sm=video-bit&hash=IDh3zRa4hppgwpEpdEiN6g&exp=1685080108
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Fri, 26 May 2023 05:43:29 GMT
content-type: image/jpeg
content-length: 78090
last-modified: Tue, 18 Apr 2023 07:09:02 GMT
etag: "643e420e-1310a"
cache-control: max-age=14400
cf-cache-status: REVALIDATED
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=83KzeR7Mri7dV3iFAwCAA5D46mHnV4W11CcoAEmlaQIas34S01ups8c%2BPAlAEIPd3%2BO%2B%2FSrqGjrQ%2Bbs%2FrGx4Zj7eW%2BW2%2FFZ9SCWAvYQqfpw0mz511f3pBbViFm6XbrEoAF%2FXoqlsseMoO0s%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7cd3b3682dc71c0e-OSL
alt-svc: h3=":443"; ma=86400
sfwdg.crystalcrafter.top/video-bit/assets/pc-after-video.jpg
104.21.7.3 221 kB URL sfwdg.crystalcrafter.top/video-bit/assets/pc-after-video.jpg
IP 104.21.7.3:0
File type JPEG image data, Exif standard: [TIFF image data, big-endian, direntries=12, height=370, bps=0, PhotometricIntepretation=RGB, orientation=upper-left, width=1012], progressive, precision 8, 977x370, components 3\012- data
Size 221 kB (220788 bytes)
Hash bde3fee065c7408f2ba31b7633552644
75d8d5e0f57af3ac24337d0c496fcc549566c4fc
1263b5513a15315e3fa3e3ad73c9a4cfd21287bb9cc4eb5b94f0f60651d18c21
GET /video-bit/assets/pc-after-video.jpg HTTP/1.1
Host: sfwdg.crystalcrafter.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://sfwdg.crystalcrafter.top/video-bit/?pl=eEeNQaJCPEWE-YSBnP-wPw&sm=video-bit&hash=IDh3zRa4hppgwpEpdEiN6g&exp=1685080108
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Fri, 26 May 2023 05:43:29 GMT
content-type: image/jpeg
content-length: 220788
last-modified: Tue, 18 Apr 2023 07:09:02 GMT
etag: "643e420e-35e74"
cache-control: max-age=14400
cf-cache-status: REVALIDATED
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=cOzgiLjhexEO8C9DItU0ARsT3r3cvEqs2h4nt3MZv7QSWcfHvtWJzVoEk92ntOSioCPYya2sDPHzJl9euvTaR5Zv2g0522Y11LWKeZTOzTJIsBYqHH%2FOhyosjZnV%2FQ%2BftXzO9475oDvQ%2BPs%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7cd3b3683ded1c0e-OSL
alt-svc: h3=":443"; ma=86400
sfwdg.crystalcrafter.top/video-bit/assets/mobile-after-video.png
104.21.7.3 160 kB URL sfwdg.crystalcrafter.top/video-bit/assets/mobile-after-video.png
IP 104.21.7.3:0
File type PNG image data, 623 x 477, 8-bit/color RGBA, non-interlaced\012- data
Size 160 kB (159828 bytes)
Hash d443d6dbbc102de6552453c20708a93b
591fa73cc4a0406124ca56dce015db983f540a12
60d83b366e8b5951e24c08e424b3f22dc2b62ec58a7933fafbcd3370bb70bc93
GET /video-bit/assets/mobile-after-video.png HTTP/1.1
Host: sfwdg.crystalcrafter.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://sfwdg.crystalcrafter.top/video-bit/?pl=eEeNQaJCPEWE-YSBnP-wPw&sm=video-bit&hash=IDh3zRa4hppgwpEpdEiN6g&exp=1685080108
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Fri, 26 May 2023 05:43:29 GMT
content-type: image/png
content-length: 159828
last-modified: Tue, 18 Apr 2023 07:09:02 GMT
etag: "643e420e-27054"
cache-control: max-age=14400
cf-cache-status: REVALIDATED
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=JfGVspyQKsb2MoRw2L0YykwHReDRQds0ytLsBZS0DPqse7a2QB0LvWSkLd0CYI6u46fU33vxv5TRJ%2FcgRYibbxWm7EZ3z4oY%2BklxmulsdRVXSLYglLE0LyHgB6TpidzQ9YCME0wfvMKB%2FuA%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7cd3b3684df01c0e-OSL
alt-svc: h3=":443"; ma=86400
sfwdg.crystalcrafter.top/video-bit/assets/video.gif
104.21.7.3 1.3 MB URL sfwdg.crystalcrafter.top/video-bit/assets/video.gif
IP 104.21.7.3:0
File type GIF image data, version 89a, 300 x 225\012- data
Size 1.3 MB (1261197 bytes)
Hash 219f73ae12fc4696639ce99694cb6463
4265f8a22afe580964444a549afab5a07edde5c6
19bc7986406ae576bed6b1ce20044821d45e6377442e0756ea506e17ead6b59c
GET /video-bit/assets/video.gif HTTP/1.1
Host: sfwdg.crystalcrafter.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://sfwdg.crystalcrafter.top/video-bit/?pl=eEeNQaJCPEWE-YSBnP-wPw&sm=video-bit&hash=IDh3zRa4hppgwpEpdEiN6g&exp=1685080108
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Fri, 26 May 2023 05:43:29 GMT
content-type: image/gif
content-length: 1261197
last-modified: Tue, 18 Apr 2023 07:09:02 GMT
etag: "643e420e-133e8d"
cache-control: max-age=14400
cf-cache-status: REVALIDATED
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=LjW6Fmqm4ypB8h4pskzNBHGlBHrPLU2fCONnWqIz1SZb1wOJ6YxtzNIyzw%2B3LksYfLtFfNqUXpvMyzNtEp7qx6ieGoVlPWKx3eRJsjJI6EgoX2DOlrS8311RPVSYl7WKzce3QuPJH63gln8%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7cd3b3682dce1c0e-OSL
alt-svc: h3=":443"; ma=86400
sfwdg.crystalcrafter.top/video-bit/assets/pc-sidebar.jpg
104.21.7.3 163 kB URL sfwdg.crystalcrafter.top/video-bit/assets/pc-sidebar.jpg
IP 104.21.7.3:0
File type JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 332x647, components 3\012- data
Size 163 kB (162651 bytes)
Hash 2f5daa5004b75049f0bec772965b7943
a1336e046340afce9445ced5e26dc006fd47f6e9
121ae3a98c7fbba7d158fe1ee759e17994928c9332bbe65028cb0710c22fdf63
GET /video-bit/assets/pc-sidebar.jpg HTTP/1.1
Host: sfwdg.crystalcrafter.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://sfwdg.crystalcrafter.top/video-bit/?pl=eEeNQaJCPEWE-YSBnP-wPw&sm=video-bit&hash=IDh3zRa4hppgwpEpdEiN6g&exp=1685080108
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Fri, 26 May 2023 05:43:29 GMT
content-type: image/jpeg
content-length: 162651
last-modified: Tue, 18 Apr 2023 07:09:02 GMT
etag: "643e420e-27b5b"
cache-control: max-age=14400
cf-cache-status: REVALIDATED
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=uMbhY8o4%2B2AJtlLqX%2F3dNLyiD7W%2Ft3%2FzYlnEA8gbkyH6N5lLka6Sh5d8pwce4sdM0lWVn4qCvcRo%2FVI%2B6YcTJCY4xD%2BZX5sG11ixzWAQq5W0FMI7q0n0I3BCxVyyw6yGCTo92AXWObFAQ0I%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7cd3b3684df21c0e-OSL
alt-svc: h3=":443"; ma=86400
sfwdg.crystalcrafter.top/video-bit/?pl=eEeNQaJCPEWE-YSBnP-wPw&sm=video-bit&hash=IDh3zRa4hppgwpEpdEiN6g&exp=1685080108
104.21.7.3 16 kB URL sfwdg.crystalcrafter.top/video-bit/?pl=eEeNQaJCPEWE-YSBnP-wPw&sm=video-bit&hash=IDh3zRa4hppgwpEpdEiN6g&exp=1685080108
IP 104.21.7.3:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (445), with CRLF line terminators
Hash 4c8e6e1aff41a6602ac720d4709aafc0
4f95479f68c348f307f5e3ff65ebeebf0bc5c10a
cf31ce4a23c3805bbbee3ab242d3ad9865b6e67cb4f0582a4d554f814f84d5ca
GET /video-bit/?pl=eEeNQaJCPEWE-YSBnP-wPw&sm=video-bit&hash=IDh3zRa4hppgwpEpdEiN6g&exp=1685080108 HTTP/1.1
Host: sfwdg.crystalcrafter.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Fri, 26 May 2023 05:43:29 GMT
content-type: text/html
last-modified: Mon, 01 May 2023 15:50:37 GMT
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=AahFhlW8JEIL2D3tvaGWPzx3F3k%2B6BweBM5LgxK3VXk504L7kMMKtxOpBtOTeO1WaLCW33un6fUeN3lbCsKmH190FepefqwhmOk7U0ETH1UMsCkHmkR7ZUTJOWY0gGRzcBoXn%2BXpLko%2B0mA%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7cd3b366ae99b523-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
www.gstatic.com/firebasejs/8.4.1/firebase-messaging.js
142.250.74.35 11 kB URL www.gstatic.com/firebasejs/8.4.1/firebase-messaging.js
IP 142.250.74.35:0
File type ASCII text, with very long lines (40976)
Hash a498cb0f91ef52cc08969e1737b34638
c0e12b338ca7adea31b105546fde021edecbfc3c
a8d6389e6811b9fea7ff683cb31a57a6e0b29781407d7f5d45994aae1b5725b7
GET /firebasejs/8.4.1/firebase-messaging.js HTTP/1.1
Host: www.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://sfwdg.crystalcrafter.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
accept-ranges: bytes
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/firebase-js
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups; report-to="firebase-js"
report-to: {"group":"firebase-js","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/firebase-js"}]}
content-length: 10908
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 23 May 2023 18:53:40 GMT
expires: Wed, 22 May 2024 18:53:40 GMT
cache-control: public, max-age=31536000
last-modified: Tue, 13 Apr 2021 06:56:17 GMT
content-type: text/javascript; charset=UTF-8
vary: Accept-Encoding
age: 211789
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
a.crystalcrafter.top/video-bit/assets/pc-header.jpg
104.21.7.3 78 kB URL a.crystalcrafter.top/video-bit/assets/pc-header.jpg
IP 104.21.7.3:0
File type JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 1920x124, components 3\012- data
Hash 7b5471d796895489e8526d789b9d40f6
0239e9afbff1cf03adb273fd5b24e68f17f52659
f41b722bec971578de0605c37b14b241965d46d70c41becf7b153b2882478eac
GET /video-bit/assets/pc-header.jpg HTTP/1.1
Host: a.crystalcrafter.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://a.crystalcrafter.top/video-bit/?pl=eEeNQaJCPEWE-YSBnP-wPw&sm=video-bit&hash=IDh3zRa4hppgwpEpdEiN6g&exp=1685080108
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Fri, 26 May 2023 05:43:30 GMT
content-type: image/jpeg
content-length: 78090
last-modified: Tue, 18 Apr 2023 07:09:02 GMT
etag: "643e420e-1310a"
cache-control: max-age=14400
cf-cache-status: HIT
age: 234
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=sFAMML4qXfnvTOTPfe6EmahboDruRuLJRwMqeUaBKMUTDLqqQd6%2FCvVdbMXyN%2FFjNOlM8UkyZ0ziZyzNi3NRMbjWaqeric5nYo0Pm%2Fd02cgpV216x8g6KY9YkRVYlSgq5O5K0cIOlg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7cd3b36dbb2d1c0e-OSL
alt-svc: h3=":443"; ma=86400
a.crystalcrafter.top/video-bit/assets/mobile-header.jpg
104.21.7.3 16 kB URL a.crystalcrafter.top/video-bit/assets/mobile-header.jpg
IP 104.21.7.3:0
File type JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 623x71, components 3\012- data
Hash cd2599ebcf088e38b0136da54be6056b
831aa894f796523bb13da5295773fad0adf08a43
bad51e23bda3b86050e80b64301111fb7dab284ef6a5d40bc042f711d6844f5a
GET /video-bit/assets/mobile-header.jpg HTTP/1.1
Host: a.crystalcrafter.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://a.crystalcrafter.top/video-bit/?pl=eEeNQaJCPEWE-YSBnP-wPw&sm=video-bit&hash=IDh3zRa4hppgwpEpdEiN6g&exp=1685080108
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Fri, 26 May 2023 05:43:30 GMT
content-type: image/jpeg
content-length: 15684
last-modified: Tue, 18 Apr 2023 07:09:02 GMT
etag: "643e420e-3d44"
cache-control: max-age=14400
cf-cache-status: HIT
age: 234
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=5%2BYYrWKlXoZrU7iaURL2cAoVLVs3RzUyt2g6RuHNFganQu6fHsh94qHPnOKUvJNzn9hEZDlz6ohifI%2BnNOpsxAO1FvlO%2ByBxa9qpgS5Gqgu2Jpp4pWHcG82yFb1zgXkDXhDuPsau8A%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7cd3b36dbb2f1c0e-OSL
alt-svc: h3=":443"; ma=86400
a.crystalcrafter.top/video-bit/assets/mobile-after-video.png
104.21.7.3 160 kB URL a.crystalcrafter.top/video-bit/assets/mobile-after-video.png
IP 104.21.7.3:0
File type PNG image data, 623 x 477, 8-bit/color RGBA, non-interlaced\012- data
Size 160 kB (159828 bytes)
Hash d443d6dbbc102de6552453c20708a93b
591fa73cc4a0406124ca56dce015db983f540a12
60d83b366e8b5951e24c08e424b3f22dc2b62ec58a7933fafbcd3370bb70bc93
GET /video-bit/assets/mobile-after-video.png HTTP/1.1
Host: a.crystalcrafter.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://a.crystalcrafter.top/video-bit/?pl=eEeNQaJCPEWE-YSBnP-wPw&sm=video-bit&hash=IDh3zRa4hppgwpEpdEiN6g&exp=1685080108
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Fri, 26 May 2023 05:43:30 GMT
content-type: image/png
content-length: 159828
last-modified: Tue, 18 Apr 2023 07:09:02 GMT
etag: "643e420e-27054"
cache-control: max-age=14400
cf-cache-status: HIT
age: 234
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=9Lge8c%2FH0ZQtMZPy3TQvWSn6NQLLKINh77bKBoIUImWw4%2B65f%2BBWYo%2BZcKrAv6ABeUWO1BvdZoLDmIKXAP0MlAkKn2KcMuW6GopswL8IbZDtS9TD0bX1qkUnFRIo0Tk36G2U4gRg0g%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7cd3b36deb4c1c0e-OSL
alt-svc: h3=":443"; ma=86400
a.crystalcrafter.top/video-bit/assets/video.gif
104.21.7.3 1.3 MB URL a.crystalcrafter.top/video-bit/assets/video.gif
IP 104.21.7.3:0
File type GIF image data, version 89a, 300 x 225\012- data
Size 1.3 MB (1261197 bytes)
Hash 219f73ae12fc4696639ce99694cb6463
4265f8a22afe580964444a549afab5a07edde5c6
19bc7986406ae576bed6b1ce20044821d45e6377442e0756ea506e17ead6b59c
GET /video-bit/assets/video.gif HTTP/1.1
Host: a.crystalcrafter.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://a.crystalcrafter.top/video-bit/?pl=eEeNQaJCPEWE-YSBnP-wPw&sm=video-bit&hash=IDh3zRa4hppgwpEpdEiN6g&exp=1685080108
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Fri, 26 May 2023 05:43:30 GMT
content-type: image/gif
content-length: 1261197
last-modified: Tue, 18 Apr 2023 07:09:02 GMT
etag: "643e420e-133e8d"
cache-control: max-age=14400
cf-cache-status: HIT
age: 234
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=jw0iAubcIIfUX%2BP7S9cDk5UOSiqxYwFjXj9j7ZNsdop%2FQDGddB8xAXcc4E2s2pltau6fznKa6gMhEJNNQxE7riK8JuUHbljAcB5JJ4xxYvyNbPw6SYr0uQ2ikiw20f1Tfcf6WmP6cA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7cd3b36dbb311c0e-OSL
alt-svc: h3=":443"; ma=86400
a.crystalcrafter.top/video-bit/assets/pc-sidebar.jpg
104.21.7.3 163 kB URL a.crystalcrafter.top/video-bit/assets/pc-sidebar.jpg
IP 104.21.7.3:0
File type JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 332x647, components 3\012- data
Size 163 kB (162651 bytes)
Hash 2f5daa5004b75049f0bec772965b7943
a1336e046340afce9445ced5e26dc006fd47f6e9
121ae3a98c7fbba7d158fe1ee759e17994928c9332bbe65028cb0710c22fdf63
GET /video-bit/assets/pc-sidebar.jpg HTTP/1.1
Host: a.crystalcrafter.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://a.crystalcrafter.top/video-bit/?pl=eEeNQaJCPEWE-YSBnP-wPw&sm=video-bit&hash=IDh3zRa4hppgwpEpdEiN6g&exp=1685080108
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Fri, 26 May 2023 05:43:30 GMT
content-type: image/jpeg
content-length: 162651
last-modified: Tue, 18 Apr 2023 07:09:02 GMT
etag: "643e420e-27b5b"
cache-control: max-age=14400
cf-cache-status: HIT
age: 234
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=pua%2Bnaz3s%2BbmyDlUwa0GoSgdGmNdgk5GEERcIK72wZRuSyirS5JBXHv1T1IVJSqsUyoVuYB55ccNHz9eDc9v7pmIXf6ayxsRTq8mYvEbA%2FQ8hXpx7ZBCaCVbFSP5a3Nrbr7GYpAS9g%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7cd3b36deb4a1c0e-OSL
alt-svc: h3=":443"; ma=86400
a.crystalcrafter.top/video-bit/assets/pc-after-video.jpg
104.21.7.3 221 kB URL a.crystalcrafter.top/video-bit/assets/pc-after-video.jpg
IP 104.21.7.3:0
File type JPEG image data, Exif standard: [TIFF image data, big-endian, direntries=12, height=370, bps=0, PhotometricIntepretation=RGB, orientation=upper-left, width=1012], progressive, precision 8, 977x370, components 3\012- data
Size 221 kB (220788 bytes)
Hash bde3fee065c7408f2ba31b7633552644
75d8d5e0f57af3ac24337d0c496fcc549566c4fc
1263b5513a15315e3fa3e3ad73c9a4cfd21287bb9cc4eb5b94f0f60651d18c21
GET /video-bit/assets/pc-after-video.jpg HTTP/1.1
Host: a.crystalcrafter.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://a.crystalcrafter.top/video-bit/?pl=eEeNQaJCPEWE-YSBnP-wPw&sm=video-bit&hash=IDh3zRa4hppgwpEpdEiN6g&exp=1685080108
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Fri, 26 May 2023 05:43:30 GMT
content-type: image/jpeg
content-length: 220788
last-modified: Tue, 18 Apr 2023 07:09:02 GMT
etag: "643e420e-35e74"
cache-control: max-age=14400
cf-cache-status: HIT
age: 234
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=xK06basgBeV06gBRhktJ97anR2E49CsImBMlxbUflbh4xioYyvreozrO8L47DzFBgxAK2mV%2BuCJ3R2UoPqEydc8jlQA2TOAqGyddgQBcF4jJdXHhKtT8N9z0CcfbUywm7Vx6VwTvKw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7cd3b36ddb411c0e-OSL
alt-svc: h3=":443"; ma=86400
a.crystalcrafter.top/video-bit/assets/style.css
104.21.7.3 8.2 kB URL a.crystalcrafter.top/video-bit/assets/style.css
IP 104.21.7.3:0
File type ASCII text, with CRLF line terminators
Hash e867c9e96e9a259c6a4b24730e434d03
be972bdccee721442af33479796f714c4b1a1d16
4a0441a0e8e9028aaa327956916e6c08ec7e49fc42b4d0aa3525d527f3742b5b
GET /video-bit/assets/style.css HTTP/1.1
Host: a.crystalcrafter.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://a.crystalcrafter.top/video-bit/?pl=eEeNQaJCPEWE-YSBnP-wPw&sm=video-bit&hash=IDh3zRa4hppgwpEpdEiN6g&exp=1685080108
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Fri, 26 May 2023 05:43:30 GMT
content-type: text/css
last-modified: Tue, 18 Apr 2023 07:09:02 GMT
etag: W/"643e420e-1a3c"
cache-control: max-age=14400
cf-cache-status: HIT
age: 235
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=NCyY22D9QUa75Jmrk9TQiD9uSvbHGcrNIKyNS0J%2BNUhpoPDSZ%2FW7kD%2BFuJrm4Yl4AKn3%2FrHxGHSwe%2FKrxc6wXvgC0m26GHaeiWoYzDk3IVNFo3xvFSy1dSiFflibbNqRMipIEG%2BXpg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7cd3b36dbb2c1c0e-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
sfwdg.crystalcrafter.top/video-bit/assets/spinning-circles2.svg
104.21.7.3 21 kB URL sfwdg.crystalcrafter.top/video-bit/assets/spinning-circles2.svg
IP 104.21.7.3:0
File type SVG Scalable Vector Graphics image\012- , ASCII text
Hash 14e6f9981fa27406176056df2451d27b
aa1b6fd6071391d0031bff2d74ae77347ec2fdb4
466d361db2f130d7e3d40a671c935e3e556c3a49567657afee2e44a0a390a84f
GET /video-bit/assets/spinning-circles2.svg HTTP/1.1
Host: sfwdg.crystalcrafter.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://sfwdg.crystalcrafter.top/video-bit/?pl=eEeNQaJCPEWE-YSBnP-wPw&sm=video-bit&hash=IDh3zRa4hppgwpEpdEiN6g&exp=1685080108
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Fri, 26 May 2023 05:43:29 GMT
content-type: image/svg+xml
last-modified: Tue, 18 Apr 2023 07:09:02 GMT
etag: W/"643e420e-1f7"
cache-control: max-age=14400
cf-cache-status: REVALIDATED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=uWb%2FxXcbYgpbDEubaNKi6rbJSCf9tjcbcyqklblUyiTbUEni1mVxTsUJSD1S7yWNX87YYdYwRHm1dZO5eDDkIO%2FCdXvGF9cQBHzrOIkw%2FSCEgWb6acp1qYQgqzDUZMS5OeuimbtWD%2BGcOsI%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7cd3b3683deb1c0e-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
b.crystalcrafter.top/video-bit/assets/mobile-header.jpg
104.21.7.3 16 kB URL b.crystalcrafter.top/video-bit/assets/mobile-header.jpg
IP 104.21.7.3:0
File type JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 623x71, components 3\012- data
Hash cd2599ebcf088e38b0136da54be6056b
831aa894f796523bb13da5295773fad0adf08a43
bad51e23bda3b86050e80b64301111fb7dab284ef6a5d40bc042f711d6844f5a
GET /video-bit/assets/mobile-header.jpg HTTP/1.1
Host: b.crystalcrafter.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://b.crystalcrafter.top/video-bit/?pl=eEeNQaJCPEWE-YSBnP-wPw&sm=video-bit&hash=IDh3zRa4hppgwpEpdEiN6g&exp=1685080108
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Fri, 26 May 2023 05:43:30 GMT
content-type: image/jpeg
content-length: 15684
last-modified: Tue, 18 Apr 2023 07:09:02 GMT
etag: "643e420e-3d44"
cache-control: max-age=14400
cf-cache-status: REVALIDATED
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=03lbzAEcaXCly7t%2FLkSYJWF6Ecn7GjvG92EC%2BWXLnv%2BkDsOE%2B%2BG2c4gzIFOP2SnhspdBl%2BHNMqyJbSdkLPlg4dNtUNmB7ZSkf7yEMfbxycmZCcPXG25%2FBrTCubibXC%2BQWsdBfZoJnA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7cd3b3721e381c0e-OSL
alt-svc: h3=":443"; ma=86400
b.crystalcrafter.top/video-bit/assets/video.gif
104.21.7.3 1.3 MB URL b.crystalcrafter.top/video-bit/assets/video.gif
IP 104.21.7.3:0
File type GIF image data, version 89a, 300 x 225\012- data
Size 1.3 MB (1261197 bytes)
Hash 219f73ae12fc4696639ce99694cb6463
4265f8a22afe580964444a549afab5a07edde5c6
19bc7986406ae576bed6b1ce20044821d45e6377442e0756ea506e17ead6b59c
GET /video-bit/assets/video.gif HTTP/1.1
Host: b.crystalcrafter.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://b.crystalcrafter.top/video-bit/?pl=eEeNQaJCPEWE-YSBnP-wPw&sm=video-bit&hash=IDh3zRa4hppgwpEpdEiN6g&exp=1685080108
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Fri, 26 May 2023 05:43:30 GMT
content-type: image/gif
content-length: 1261197
last-modified: Tue, 18 Apr 2023 07:09:02 GMT
etag: "643e420e-133e8d"
cache-control: max-age=14400
cf-cache-status: REVALIDATED
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=KY3M%2F46xeLBg9imCse4lN%2BL4QDE%2BHVRYlLhncHl%2FWkAV0iJidQkP1OZQtLopXgoQl7NyCAqhTFN%2FjT%2FfDxYZ%2FroZhau2yYsm2%2Ft21QefC0OGThGxqLSrDvQp2ifj4uO%2FUZTeIV9pXA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7cd3b3721e3d1c0e-OSL
alt-svc: h3=":443"; ma=86400
b.crystalcrafter.top/video-bit/assets/mobile-after-video.png
104.21.7.3 160 kB URL b.crystalcrafter.top/video-bit/assets/mobile-after-video.png
IP 104.21.7.3:0
File type PNG image data, 623 x 477, 8-bit/color RGBA, non-interlaced\012- data
Size 160 kB (159828 bytes)
Hash d443d6dbbc102de6552453c20708a93b
591fa73cc4a0406124ca56dce015db983f540a12
60d83b366e8b5951e24c08e424b3f22dc2b62ec58a7933fafbcd3370bb70bc93
GET /video-bit/assets/mobile-after-video.png HTTP/1.1
Host: b.crystalcrafter.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://b.crystalcrafter.top/video-bit/?pl=eEeNQaJCPEWE-YSBnP-wPw&sm=video-bit&hash=IDh3zRa4hppgwpEpdEiN6g&exp=1685080108
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Fri, 26 May 2023 05:43:30 GMT
content-type: image/png
content-length: 159828
last-modified: Tue, 18 Apr 2023 07:09:02 GMT
etag: "643e420e-27054"
cache-control: max-age=14400
cf-cache-status: REVALIDATED
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=NNa23WitVp5Z30wvuZV1rY8OyRq4iIFbej%2FiyAd83Jyt0LaCP8K5fKV79SFUHmQaNf6WBSmv9uNZfuJW9DlH9C3y8CwhY0u%2BwAhguAE5IT5S6DEWIe1CC9%2BCJkn9Ilm3BE0JFX2F8A%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7cd3b3722e4e1c0e-OSL
alt-svc: h3=":443"; ma=86400
b.crystalcrafter.top/video-bit/assets/pc-header.jpg
104.21.7.3 78 kB URL b.crystalcrafter.top/video-bit/assets/pc-header.jpg
IP 104.21.7.3:0
File type JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 1920x124, components 3\012- data
Hash 7b5471d796895489e8526d789b9d40f6
0239e9afbff1cf03adb273fd5b24e68f17f52659
f41b722bec971578de0605c37b14b241965d46d70c41becf7b153b2882478eac
GET /video-bit/assets/pc-header.jpg HTTP/1.1
Host: b.crystalcrafter.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://b.crystalcrafter.top/video-bit/?pl=eEeNQaJCPEWE-YSBnP-wPw&sm=video-bit&hash=IDh3zRa4hppgwpEpdEiN6g&exp=1685080108
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Fri, 26 May 2023 05:43:31 GMT
content-type: image/jpeg
content-length: 78090
last-modified: Tue, 18 Apr 2023 07:09:02 GMT
etag: "643e420e-1310a"
cache-control: max-age=14400
cf-cache-status: REVALIDATED
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=kDoQOZSbSD%2BX0QpR4lMy%2BoR1q5nK5%2BxHIv8asu6ap7EL5n%2BFtviTPJRkLEEpydQkDJT1zruLL3vBRZXQgvHL0jBMu1oVAqRreSHrklddEJ3FNigHJeucLQWCdcWiDWLIa%2BnICcSrEw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7cd3b3721e371c0e-OSL
alt-svc: h3=":443"; ma=86400
b.crystalcrafter.top/video-bit/assets/pc-after-video.jpg
104.21.7.3 221 kB URL b.crystalcrafter.top/video-bit/assets/pc-after-video.jpg
IP 104.21.7.3:0
File type JPEG image data, Exif standard: [TIFF image data, big-endian, direntries=12, height=370, bps=0, PhotometricIntepretation=RGB, orientation=upper-left, width=1012], progressive, precision 8, 977x370, components 3\012- data
Size 221 kB (220788 bytes)
Hash bde3fee065c7408f2ba31b7633552644
75d8d5e0f57af3ac24337d0c496fcc549566c4fc
1263b5513a15315e3fa3e3ad73c9a4cfd21287bb9cc4eb5b94f0f60651d18c21
GET /video-bit/assets/pc-after-video.jpg HTTP/1.1
Host: b.crystalcrafter.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://b.crystalcrafter.top/video-bit/?pl=eEeNQaJCPEWE-YSBnP-wPw&sm=video-bit&hash=IDh3zRa4hppgwpEpdEiN6g&exp=1685080108
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Fri, 26 May 2023 05:43:31 GMT
content-type: image/jpeg
content-length: 220788
last-modified: Tue, 18 Apr 2023 07:09:02 GMT
etag: "643e420e-35e74"
cache-control: max-age=14400
cf-cache-status: REVALIDATED
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=iqNdW0Zs95cSE7J4VQaMP03lGakDgAKuUf64EEFyuzVbvtkwG6cjONLIKrp2GrghA8Ekt8K0wL14byznsqmIA9Ba0VK7%2BTNutz%2B2Vo%2Bd9cp2WCd1yXVq0IgXoxQeq8MlxlKnI%2Ffe4A%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7cd3b3721e461c0e-OSL
alt-svc: h3=":443"; ma=86400
b.crystalcrafter.top/video-bit/assets/pc-sidebar.jpg
104.21.7.3 163 kB URL b.crystalcrafter.top/video-bit/assets/pc-sidebar.jpg
IP 104.21.7.3:0
File type JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 332x647, components 3\012- data
Size 163 kB (162651 bytes)
Hash 2f5daa5004b75049f0bec772965b7943
a1336e046340afce9445ced5e26dc006fd47f6e9
121ae3a98c7fbba7d158fe1ee759e17994928c9332bbe65028cb0710c22fdf63
GET /video-bit/assets/pc-sidebar.jpg HTTP/1.1
Host: b.crystalcrafter.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://b.crystalcrafter.top/video-bit/?pl=eEeNQaJCPEWE-YSBnP-wPw&sm=video-bit&hash=IDh3zRa4hppgwpEpdEiN6g&exp=1685080108
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Fri, 26 May 2023 05:43:31 GMT
content-type: image/jpeg
content-length: 162651
last-modified: Tue, 18 Apr 2023 07:09:02 GMT
etag: "643e420e-27b5b"
cache-control: max-age=14400
cf-cache-status: REVALIDATED
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2FDoPvQhFNWJBLm%2BJhsPSgKDC9EEr%2Fa1zqVD82%2FQGg0A45pHIcYwbZfsNpbSCfwoJwi%2BvfrGQHrN4NIxLyXqMnF%2FJWvEN1emXE%2FFyIwa07sDmHjh6HQ41rWiIx5EylEaoK08%2BLC5liw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7cd3b3722e4f1c0e-OSL
alt-svc: h3=":443"; ma=86400
freetrckr.com/bid?click_id=zrf226f6f3fb8711ed9db31255440d73d919c6d82d98a74a5b9eba82d1f31427260736133243d8b87cc2&sub_id=zulu-tye-v4o3rze7p3_rex_ua_mob&l=2008&t=e807a67b57ff274565f78878190ec04e
173.214.240.15 7.9 kB URL freetrckr.com/bid?click_id=zrf226f6f3fb8711ed9db31255440d73d919c6d82d98a74a5b9eba82d1f31427260736133243d8b87cc2&sub_id=zulu-tye-v4o3rze7p3_rex_ua_mob&l=2008&t=e807a67b57ff274565f78878190ec04e
IP 173.214.240.15:0
Hash 5844b12411c53a9a6c7b473a5fe2e8cd
df8829eca8c463d05ea0c849b9714fc76212423a
bcddd2c8d33673fe9df7ca2c186f8da270daef6b730ff6396e721c89abce78c8
GET /bid?click_id=zrf226f6f3fb8711ed9db31255440d73d919c6d82d98a74a5b9eba82d1f31427260736133243d8b87cc2&sub_id=zulu-tye-v4o3rze7p3_rex_ua_mob&l=2008&t=e807a67b57ff274565f78878190ec04e HTTP/1.1
Host: freetrckr.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 302 Found
server: nginx
date: Fri, 26 May 2023 05:43:24 GMT
location: https://washingtonchronicles2.xyz/sw_b9787c4f-a5eb-633b-953c-ef883513b1c7_301_0_2008.js
X-Firefox-Spdy: h2
www.gstatic.com/firebasejs/8.4.1/firebase-messaging.js
142.250.74.35 11 kB URL www.gstatic.com/firebasejs/8.4.1/firebase-messaging.js
IP 142.250.74.35:0
File type ASCII text, with very long lines (40976)
Hash a498cb0f91ef52cc08969e1737b34638
c0e12b338ca7adea31b105546fde021edecbfc3c
a8d6389e6811b9fea7ff683cb31a57a6e0b29781407d7f5d45994aae1b5725b7
GET /firebasejs/8.4.1/firebase-messaging.js HTTP/1.1
Host: www.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://b.crystalcrafter.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
accept-ranges: bytes
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/firebase-js
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups; report-to="firebase-js"
report-to: {"group":"firebase-js","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/firebase-js"}]}
content-length: 10908
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 23 May 2023 18:53:40 GMT
expires: Wed, 22 May 2024 18:53:40 GMT
cache-control: public, max-age=31536000
last-modified: Tue, 13 Apr 2021 06:56:17 GMT
content-type: text/javascript; charset=UTF-8
vary: Accept-Encoding
age: 211791
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
c.crystalcrafter.top/video-bit/assets/pc-after-video.jpg
104.21.7.3 221 kB URL c.crystalcrafter.top/video-bit/assets/pc-after-video.jpg
IP 104.21.7.3:0
File type JPEG image data, Exif standard: [TIFF image data, big-endian, direntries=12, height=370, bps=0, PhotometricIntepretation=RGB, orientation=upper-left, width=1012], progressive, precision 8, 977x370, components 3\012- data
Size 221 kB (220788 bytes)
Hash bde3fee065c7408f2ba31b7633552644
75d8d5e0f57af3ac24337d0c496fcc549566c4fc
1263b5513a15315e3fa3e3ad73c9a4cfd21287bb9cc4eb5b94f0f60651d18c21
GET /video-bit/assets/pc-after-video.jpg HTTP/1.1
Host: c.crystalcrafter.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://c.crystalcrafter.top/video-bit/?pl=eEeNQaJCPEWE-YSBnP-wPw&sm=video-bit&hash=IDh3zRa4hppgwpEpdEiN6g&exp=1685080108
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Fri, 26 May 2023 05:43:31 GMT
content-type: image/jpeg
content-length: 220788
last-modified: Tue, 18 Apr 2023 07:09:02 GMT
etag: "643e420e-35e74"
cache-control: max-age=14400
cf-cache-status: REVALIDATED
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=iR7VUxN51F69GVxYRJPdVpLvseNo6FP%2FsMiUWGu0DqiBdCtZncEHv%2FXJPTLkcM6ly9QWfp%2BmYH4B7HDpHzvOIGy0NOjFQ4YIXVVQ%2Fi9cR3FsTSNBWGOqgCmKYzN96HHc%2BwHeoOcaUA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7cd3b376ba6d1c0e-OSL
alt-svc: h3=":443"; ma=86400
c.crystalcrafter.top/video-bit/assets/pc-header.jpg
104.21.7.3 78 kB URL c.crystalcrafter.top/video-bit/assets/pc-header.jpg
IP 104.21.7.3:0
File type JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 1920x124, components 3\012- data
Hash 7b5471d796895489e8526d789b9d40f6
0239e9afbff1cf03adb273fd5b24e68f17f52659
f41b722bec971578de0605c37b14b241965d46d70c41becf7b153b2882478eac
GET /video-bit/assets/pc-header.jpg HTTP/1.1
Host: c.crystalcrafter.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://c.crystalcrafter.top/video-bit/?pl=eEeNQaJCPEWE-YSBnP-wPw&sm=video-bit&hash=IDh3zRa4hppgwpEpdEiN6g&exp=1685080108
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Fri, 26 May 2023 05:43:31 GMT
content-type: image/jpeg
content-length: 78090
last-modified: Tue, 18 Apr 2023 07:09:02 GMT
etag: "643e420e-1310a"
cache-control: max-age=14400
cf-cache-status: REVALIDATED
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=q0Cmo4MwohLNBEiJiGwjQ84QQE7dpeDcOdZopYxt7YFMM6LV4Kc6561w%2FimMYZ%2FKmKhuUWUlb5hu2MD%2BW1nP1uYI%2Baugld6dEqi92iik5Umg8v0qdTAybQ3fPSxTopPmYT8ZYqQhVQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7cd3b376aa601c0e-OSL
alt-svc: h3=":443"; ma=86400
c.crystalcrafter.top/video-bit/assets/mobile-header.jpg
104.21.7.3 16 kB URL c.crystalcrafter.top/video-bit/assets/mobile-header.jpg
IP 104.21.7.3:0
File type JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 623x71, components 3\012- data
Hash cd2599ebcf088e38b0136da54be6056b
831aa894f796523bb13da5295773fad0adf08a43
bad51e23bda3b86050e80b64301111fb7dab284ef6a5d40bc042f711d6844f5a
GET /video-bit/assets/mobile-header.jpg HTTP/1.1
Host: c.crystalcrafter.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://c.crystalcrafter.top/video-bit/?pl=eEeNQaJCPEWE-YSBnP-wPw&sm=video-bit&hash=IDh3zRa4hppgwpEpdEiN6g&exp=1685080108
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Fri, 26 May 2023 05:43:31 GMT
content-type: image/jpeg
content-length: 15684
last-modified: Tue, 18 Apr 2023 07:09:02 GMT
etag: "643e420e-3d44"
cache-control: max-age=14400
cf-cache-status: REVALIDATED
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ucM8zdczJxf%2F7zYRSsNEd75ST2zb3QafXSPv7JvC98JH1jZP3r%2B4LWYBDE1XTb3gTlIJfqO%2BMwgM8dwRPhsGGommM63dWLXQmeBpU5g4RaRunBrILQSFV1%2FB7%2FVk%2BFL05SYI7CGzXg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7cd3b376aa631c0e-OSL
alt-svc: h3=":443"; ma=86400
c.crystalcrafter.top/video-bit/assets/mobile-after-video.png
104.21.7.3 160 kB URL c.crystalcrafter.top/video-bit/assets/mobile-after-video.png
IP 104.21.7.3:0
File type PNG image data, 623 x 477, 8-bit/color RGBA, non-interlaced\012- data
Size 160 kB (159828 bytes)
Hash d443d6dbbc102de6552453c20708a93b
591fa73cc4a0406124ca56dce015db983f540a12
60d83b366e8b5951e24c08e424b3f22dc2b62ec58a7933fafbcd3370bb70bc93
GET /video-bit/assets/mobile-after-video.png HTTP/1.1
Host: c.crystalcrafter.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://c.crystalcrafter.top/video-bit/?pl=eEeNQaJCPEWE-YSBnP-wPw&sm=video-bit&hash=IDh3zRa4hppgwpEpdEiN6g&exp=1685080108
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Fri, 26 May 2023 05:43:31 GMT
content-type: image/png
content-length: 159828
last-modified: Tue, 18 Apr 2023 07:09:02 GMT
etag: "643e420e-27054"
cache-control: max-age=14400
cf-cache-status: REVALIDATED
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Lp55Ohtg1h6tg0PhIVAxsRomGlC5cc0CqkE6jGbnKGv6eMCAq7Y4tHr2a9Nm8LfMWuIspcNIlKKaQ7srVbJ6kCeL%2F%2F5sbJeuu8jbNoqODhkViN3Ual8nBE0IJVrTCWwJCrXZCoeGBg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7cd3b376ba6f1c0e-OSL
alt-svc: h3=":443"; ma=86400
c.crystalcrafter.top/video-bit/assets/pc-sidebar.jpg
104.21.7.3 163 kB URL c.crystalcrafter.top/video-bit/assets/pc-sidebar.jpg
IP 104.21.7.3:0
File type JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 332x647, components 3\012- data
Size 163 kB (162651 bytes)
Hash 2f5daa5004b75049f0bec772965b7943
a1336e046340afce9445ced5e26dc006fd47f6e9
121ae3a98c7fbba7d158fe1ee759e17994928c9332bbe65028cb0710c22fdf63
GET /video-bit/assets/pc-sidebar.jpg HTTP/1.1
Host: c.crystalcrafter.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://c.crystalcrafter.top/video-bit/?pl=eEeNQaJCPEWE-YSBnP-wPw&sm=video-bit&hash=IDh3zRa4hppgwpEpdEiN6g&exp=1685080108
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Fri, 26 May 2023 05:43:31 GMT
content-type: image/jpeg
content-length: 162651
last-modified: Tue, 18 Apr 2023 07:09:02 GMT
etag: "643e420e-27b5b"
cache-control: max-age=14400
cf-cache-status: REVALIDATED
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=YihxLn5BjpbcyHiBlpmFzkvnzAICMF6oQKS3ux4PeHQsJSPj4c1S%2B96FDF421l0%2Ben5L6iPRpS5MGdpSfsCD%2BjjARFL0HXL21hWhvz1vHue90gn54LTayBP8kUeYZPeHwdFLGoC1Cw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7cd3b376ba731c0e-OSL
alt-svc: h3=":443"; ma=86400
c.crystalcrafter.top/video-bit/assets/video.gif
104.21.7.3 1.3 MB URL c.crystalcrafter.top/video-bit/assets/video.gif
IP 104.21.7.3:0
File type GIF image data, version 89a, 300 x 225\012- data
Size 1.3 MB (1261197 bytes)
Hash 219f73ae12fc4696639ce99694cb6463
4265f8a22afe580964444a549afab5a07edde5c6
19bc7986406ae576bed6b1ce20044821d45e6377442e0756ea506e17ead6b59c
GET /video-bit/assets/video.gif HTTP/1.1
Host: c.crystalcrafter.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://c.crystalcrafter.top/video-bit/?pl=eEeNQaJCPEWE-YSBnP-wPw&sm=video-bit&hash=IDh3zRa4hppgwpEpdEiN6g&exp=1685080108
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Fri, 26 May 2023 05:43:31 GMT
content-type: image/gif
content-length: 1261197
last-modified: Tue, 18 Apr 2023 07:09:02 GMT
etag: "643e420e-133e8d"
cache-control: max-age=14400
cf-cache-status: REVALIDATED
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=HI6zkNo251l3Ihm0aU%2FOyyFe2Zhpy2icQyQoNzlK1rFk1TWJt2wWdOwaf39qdxKZRPooGAnpPJwIZLVAx3qAa1vuZHaSQ2v7jY4kZXMkqFGJlSHG0rvurmbNhhoQ%2FQTNCdTUvm%2FfiA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7cd3b376ba671c0e-OSL
alt-svc: h3=":443"; ma=86400
feed.streampsh.top/ps/config.js?id=eEeNQaJCPEWE-YSBnP-wPw
172.67.169.207 7.0 kB URL feed.streampsh.top/ps/config.js?id=eEeNQaJCPEWE-YSBnP-wPw
IP 172.67.169.207:0
File type ASCII text, with CRLF line terminators
Hash 7b9735de10e6d0a2ffe8e42f8986c659
38a544a3f6c7d28319cd944b2ae755c7d192cf1a
bc8f01c22a60dbb9098f8be9baa7e484bce7ec5335a6dcf02fee212202fb2045
GET /ps/config.js?id=eEeNQaJCPEWE-YSBnP-wPw HTTP/1.1
Host: feed.streampsh.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://c.crystalcrafter.top/
Cookie: __psu=59d272a0-f599-4bf8-9808-a1b1f1edbf3a
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Fri, 26 May 2023 05:43:32 GMT
content-type: application/javascript
cache-control: max-age=0, no-cache, no-store, must-revalidate
cf-cache-status: BYPASS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Los%2FBPyF8lg9v%2BI%2Ffmg1yoD8BNs%2BQe%2FO2gObIBO6aEiwzU3FYtIWebJUFFGMmt4LbgLOyI5nmnQ9QNaTwJvpePNfCx2vl74kIzqzqoFHuv8jdz0K3ny0fKWsnXdTCyMQW%2B%2FC7zo%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7cd3b378ea230b45-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
js.streampsh.top/ps/ps.js?edg=true&fullscreen=true&pl=true&id=eEeNQaJCPEWE-YSBnP-wPw&sm=video-bit&click_id=&sub_id=&appspot=
172.67.169.207 19 kB URL js.streampsh.top/ps/ps.js?edg=true&fullscreen=true&pl=true&id=eEeNQaJCPEWE-YSBnP-wPw&sm=video-bit&click_id=&sub_id=&appspot=
IP 172.67.169.207:0
File type Unicode text, UTF-8 text, with very long lines (23213), with no line terminators
Hash d732d3ae5d848859b636e0af52962bbc
39ba2086c7628d0f7830187b6857d4e8a284bbdd
0da9b8247eb6e444faab6a4a301c1e6284419086540a4223f16544e642ed9bba
GET /ps/ps.js?edg=true&fullscreen=true&pl=true&id=eEeNQaJCPEWE-YSBnP-wPw&sm=video-bit&click_id=&sub_id=&appspot= HTTP/1.1
Host: js.streampsh.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://c.crystalcrafter.top/
Cookie: __psu=2e0a93c8-7521-4c52-aa3f-1e10d471c4bd
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Fri, 26 May 2023 05:43:31 GMT
content-type: application/javascript
cache-control: max-age=0, no-cache, no-store, must-revalidate
cf-cache-status: BYPASS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=1vZbCqa3l1w5AkyEFAAK%2Ft9%2FdO2WyQhxDVN060JUMyAI5MwUls3CkfZ3I1d0vXIQwpHUOIp9bEqxZdxviCPyG%2FDQ2JBN%2B73iP5mWOXyTBnud6hauiHLyDr1eHtaDr3mfdm8S"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7cd3b37819780b45-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
d.crystalcrafter.top/video-bit/assets/pc-header.jpg
104.21.7.3 78 kB URL d.crystalcrafter.top/video-bit/assets/pc-header.jpg
IP 104.21.7.3:0
File type JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 1920x124, components 3\012- data
Hash 7b5471d796895489e8526d789b9d40f6
0239e9afbff1cf03adb273fd5b24e68f17f52659
f41b722bec971578de0605c37b14b241965d46d70c41becf7b153b2882478eac
GET /video-bit/assets/pc-header.jpg HTTP/1.1
Host: d.crystalcrafter.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://d.crystalcrafter.top/video-bit/?pl=eEeNQaJCPEWE-YSBnP-wPw&sm=video-bit&hash=IDh3zRa4hppgwpEpdEiN6g&exp=1685080108
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Fri, 26 May 2023 05:43:32 GMT
content-type: image/jpeg
content-length: 78090
last-modified: Tue, 18 Apr 2023 07:09:02 GMT
etag: "643e420e-1310a"
cache-control: max-age=14400
cf-cache-status: REVALIDATED
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=jjwxDN5PyQrpKCc2wiBzgP2UYgsqHlWAtMeJbar7Ht7bz2NN2bmmUoZWO%2BAAzODWYIzB8Z6W0jrPK8J9zVon1i8AlAUBrGQY3AP7bU1B%2Fg5sOeio0EFIr5MC9eXZGm3ZI4PXugZTZQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7cd3b37afd721c0e-OSL
alt-svc: h3=":443"; ma=86400
d.crystalcrafter.top/video-bit/assets/mobile-header.jpg
104.21.7.3 16 kB URL d.crystalcrafter.top/video-bit/assets/mobile-header.jpg
IP 104.21.7.3:0
File type JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 623x71, components 3\012- data
Hash cd2599ebcf088e38b0136da54be6056b
831aa894f796523bb13da5295773fad0adf08a43
bad51e23bda3b86050e80b64301111fb7dab284ef6a5d40bc042f711d6844f5a
GET /video-bit/assets/mobile-header.jpg HTTP/1.1
Host: d.crystalcrafter.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://d.crystalcrafter.top/video-bit/?pl=eEeNQaJCPEWE-YSBnP-wPw&sm=video-bit&hash=IDh3zRa4hppgwpEpdEiN6g&exp=1685080108
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Fri, 26 May 2023 05:43:32 GMT
content-type: image/jpeg
content-length: 15684
last-modified: Tue, 18 Apr 2023 07:09:02 GMT
etag: "643e420e-3d44"
cache-control: max-age=14400
cf-cache-status: REVALIDATED
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=EYsBrg0vAwWSfwnCwCJzzvmBtTmPIAXCI4ky4r6qDkqUIi9PcLWwQ52Zu%2BfdP9WFtzxJ56nyUdGBlEz9%2BJUgZW5WITmEuLV%2FA5ulerWdfN2vcuz%2F2znOTQzo8iyi7ux8VrunCuldoQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7cd3b37afd761c0e-OSL
alt-svc: h3=":443"; ma=86400
d.crystalcrafter.top/video-bit/assets/pc-after-video.jpg
104.21.7.3 221 kB URL d.crystalcrafter.top/video-bit/assets/pc-after-video.jpg
IP 104.21.7.3:0
File type JPEG image data, Exif standard: [TIFF image data, big-endian, direntries=12, height=370, bps=0, PhotometricIntepretation=RGB, orientation=upper-left, width=1012], progressive, precision 8, 977x370, components 3\012- data
Size 221 kB (220788 bytes)
Hash bde3fee065c7408f2ba31b7633552644
75d8d5e0f57af3ac24337d0c496fcc549566c4fc
1263b5513a15315e3fa3e3ad73c9a4cfd21287bb9cc4eb5b94f0f60651d18c21
GET /video-bit/assets/pc-after-video.jpg HTTP/1.1
Host: d.crystalcrafter.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://d.crystalcrafter.top/video-bit/?pl=eEeNQaJCPEWE-YSBnP-wPw&sm=video-bit&hash=IDh3zRa4hppgwpEpdEiN6g&exp=1685080108
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Fri, 26 May 2023 05:43:32 GMT
content-type: image/jpeg
content-length: 220788
last-modified: Tue, 18 Apr 2023 07:09:02 GMT
etag: "643e420e-35e74"
cache-control: max-age=14400
cf-cache-status: REVALIDATED
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Rv1UcV0Yu3DY10F9fv7b4iBL2MhEBzndrjFI63qZXGT3J4snusreRaI5FJTJqKlgLHubtkzXxtTkihRUsW4HrqYz1WXs%2Bz5HMQ7RRaz6sNX%2BdbXz7%2B8RUS2%2FEmCX9MvntqCiZ2RwHg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7cd3b37afd7f1c0e-OSL
alt-svc: h3=":443"; ma=86400
d.crystalcrafter.top/video-bit/assets/pc-sidebar.jpg
104.21.7.3 163 kB URL d.crystalcrafter.top/video-bit/assets/pc-sidebar.jpg
IP 104.21.7.3:0
File type JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 332x647, components 3\012- data
Size 163 kB (162651 bytes)
Hash 2f5daa5004b75049f0bec772965b7943
a1336e046340afce9445ced5e26dc006fd47f6e9
121ae3a98c7fbba7d158fe1ee759e17994928c9332bbe65028cb0710c22fdf63
GET /video-bit/assets/pc-sidebar.jpg HTTP/1.1
Host: d.crystalcrafter.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://d.crystalcrafter.top/video-bit/?pl=eEeNQaJCPEWE-YSBnP-wPw&sm=video-bit&hash=IDh3zRa4hppgwpEpdEiN6g&exp=1685080108
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Fri, 26 May 2023 05:43:32 GMT
content-type: image/jpeg
content-length: 162651
last-modified: Tue, 18 Apr 2023 07:09:02 GMT
etag: "643e420e-27b5b"
cache-control: max-age=14400
cf-cache-status: REVALIDATED
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ICby3Aiw50I5I0PpA7SlihoTqL%2BRCwDpTNMVizjR%2BeIvDGLBpvmPvtMywthhZBaih2RGT%2BIpUxtUaEXao64AMJ5vQ52nVeHrEnBTobLgc3E5FsmDRb2he9M8OENuJr30BUf6QiUtAQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7cd3b37b0d841c0e-OSL
alt-svc: h3=":443"; ma=86400
d.crystalcrafter.top/video-bit/assets/mobile-after-video.png
104.21.7.3 160 kB URL d.crystalcrafter.top/video-bit/assets/mobile-after-video.png
IP 104.21.7.3:0
File type PNG image data, 623 x 477, 8-bit/color RGBA, non-interlaced\012- data
Size 160 kB (159828 bytes)
Hash d443d6dbbc102de6552453c20708a93b
591fa73cc4a0406124ca56dce015db983f540a12
60d83b366e8b5951e24c08e424b3f22dc2b62ec58a7933fafbcd3370bb70bc93
GET /video-bit/assets/mobile-after-video.png HTTP/1.1
Host: d.crystalcrafter.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://d.crystalcrafter.top/video-bit/?pl=eEeNQaJCPEWE-YSBnP-wPw&sm=video-bit&hash=IDh3zRa4hppgwpEpdEiN6g&exp=1685080108
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Fri, 26 May 2023 05:43:32 GMT
content-type: image/png
content-length: 159828
last-modified: Tue, 18 Apr 2023 07:09:02 GMT
etag: "643e420e-27054"
cache-control: max-age=14400
cf-cache-status: REVALIDATED
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ShQvuomS74iS7p0%2FxUgkFtE1QEpUp70aYyrKGeAA%2BQ5mzmkI2YUp3zh45oNZJQcy7cLh%2FQfE2EVW%2BF%2BaEbRPiNGMJrVzyL1BeaFReBSuTPBYR0ng7CZX91VmAnjlWk9L0KQq%2Bx%2B9fQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7cd3b37b0d821c0e-OSL
alt-svc: h3=":443"; ma=86400
c.crystalcrafter.top/video-bit/assets/spinning-circles2.svg
104.21.7.3 1.3 MB URL c.crystalcrafter.top/video-bit/assets/spinning-circles2.svg
IP 104.21.7.3:0
File type SVG Scalable Vector Graphics image\012- , ASCII text
Size 1.3 MB (1261521 bytes)
Hash 14e6f9981fa27406176056df2451d27b
aa1b6fd6071391d0031bff2d74ae77347ec2fdb4
466d361db2f130d7e3d40a671c935e3e556c3a49567657afee2e44a0a390a84f
GET /video-bit/assets/spinning-circles2.svg HTTP/1.1
Host: c.crystalcrafter.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://c.crystalcrafter.top/video-bit/?pl=eEeNQaJCPEWE-YSBnP-wPw&sm=video-bit&hash=IDh3zRa4hppgwpEpdEiN6g&exp=1685080108
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Fri, 26 May 2023 05:43:31 GMT
content-type: image/svg+xml
last-modified: Tue, 18 Apr 2023 07:09:02 GMT
etag: W/"643e420e-1f7"
cache-control: max-age=14400
cf-cache-status: REVALIDATED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=EaWOSF1hDB0RXU7GXuB9%2Fi1e5z0VZTl4MBZrfhUz%2FF8auu0CQO1FHrBJE8o2kbFzAfKZrpgUcartbi8WMuv64q5yFdbv%2Fytec2BmYoz1nbPL1ASf9KlxStSwmKCem2V%2BDjHGirFxRw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7cd3b376ba681c0e-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
feed.streampsh.top/ps/config.js?id=eEeNQaJCPEWE-YSBnP-wPw
172.67.169.207 7.0 kB URL feed.streampsh.top/ps/config.js?id=eEeNQaJCPEWE-YSBnP-wPw
IP 172.67.169.207:0
File type ASCII text, with CRLF line terminators
Hash 7b9735de10e6d0a2ffe8e42f8986c659
38a544a3f6c7d28319cd944b2ae755c7d192cf1a
bc8f01c22a60dbb9098f8be9baa7e484bce7ec5335a6dcf02fee212202fb2045
GET /ps/config.js?id=eEeNQaJCPEWE-YSBnP-wPw HTTP/1.1
Host: feed.streampsh.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://d.crystalcrafter.top/
Cookie: __psu=59d272a0-f599-4bf8-9808-a1b1f1edbf3a
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Fri, 26 May 2023 05:43:32 GMT
content-type: application/javascript
cache-control: max-age=0, no-cache, no-store, must-revalidate
cf-cache-status: BYPASS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=sU1ZJpkhIUQeKkOeqmCTZf1UQw%2Bh%2F%2F9a1NRjYKxWIKMiPeCWy9JHXoZ3ISvmk0StA0aw2I7NNBKBy4BQSMhd6QDga52fMX4CnwwkwKcEScWyTHU7hll6bOwz4snVXd0XBVyyC8U%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7cd3b37ccd9f0b45-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
www.gstatic.com/firebasejs/8.4.1/firebase-messaging.js
142.250.74.35 11 kB URL www.gstatic.com/firebasejs/8.4.1/firebase-messaging.js
IP 142.250.74.35:0
File type ASCII text, with very long lines (40976)
Hash a498cb0f91ef52cc08969e1737b34638
c0e12b338ca7adea31b105546fde021edecbfc3c
a8d6389e6811b9fea7ff683cb31a57a6e0b29781407d7f5d45994aae1b5725b7
GET /firebasejs/8.4.1/firebase-messaging.js HTTP/1.1
Host: www.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://d.crystalcrafter.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
accept-ranges: bytes
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/firebase-js
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups; report-to="firebase-js"
report-to: {"group":"firebase-js","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/firebase-js"}]}
content-length: 10908
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 23 May 2023 18:53:40 GMT
expires: Wed, 22 May 2024 18:53:40 GMT
cache-control: public, max-age=31536000
last-modified: Tue, 13 Apr 2021 06:56:17 GMT
content-type: text/javascript; charset=UTF-8
vary: Accept-Encoding
age: 211792
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
sfwdg.crystalcrafter.top/video-bit/assets/style.css
104.21.7.3 1.5 kB URL sfwdg.crystalcrafter.top/video-bit/assets/style.css
IP 104.21.7.3:0
File type ASCII text, with CRLF line terminators
Hash e867c9e96e9a259c6a4b24730e434d03
be972bdccee721442af33479796f714c4b1a1d16
4a0441a0e8e9028aaa327956916e6c08ec7e49fc42b4d0aa3525d527f3742b5b
GET /video-bit/assets/style.css HTTP/1.1
Host: sfwdg.crystalcrafter.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://sfwdg.crystalcrafter.top/video-bit/?pl=eEeNQaJCPEWE-YSBnP-wPw&sm=video-bit&hash=IDh3zRa4hppgwpEpdEiN6g&exp=1685080108
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Fri, 26 May 2023 05:43:29 GMT
content-type: text/css
last-modified: Tue, 18 Apr 2023 07:09:02 GMT
etag: W/"643e420e-1a3c"
cache-control: max-age=14400
cf-cache-status: REVALIDATED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=rNW0OC8v9yfdhWmcNOVm8Qq8UR0mGVErNcG1HaN2zaX5N0OO0ivlw5jcxO%2FVv1GjhrAHbVCEoc6vx0bc1CvaN8N7NEW29A90eZe6Kf1KvKaaBgNDr2SVKMvYvLSpJj3iMPcy23ciyxuc4l8%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7cd3b3681dc41c0e-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
js.streampsh.top/ps/ps.js?edg=true&fullscreen=true&pl=true&id=eEeNQaJCPEWE-YSBnP-wPw&sm=video-bit&click_id=&sub_id=&appspot=
172.67.169.207 8.8 kB URL js.streampsh.top/ps/ps.js?edg=true&fullscreen=true&pl=true&id=eEeNQaJCPEWE-YSBnP-wPw&sm=video-bit&click_id=&sub_id=&appspot=
IP 172.67.169.207:0
File type Unicode text, UTF-8 text, with very long lines (23213), with no line terminators
Hash d732d3ae5d848859b636e0af52962bbc
39ba2086c7628d0f7830187b6857d4e8a284bbdd
0da9b8247eb6e444faab6a4a301c1e6284419086540a4223f16544e642ed9bba
GET /ps/ps.js?edg=true&fullscreen=true&pl=true&id=eEeNQaJCPEWE-YSBnP-wPw&sm=video-bit&click_id=&sub_id=&appspot= HTTP/1.1
Host: js.streampsh.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://d.crystalcrafter.top/
Cookie: __psu=2e0a93c8-7521-4c52-aa3f-1e10d471c4bd
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Fri, 26 May 2023 05:43:32 GMT
content-type: application/javascript
cache-control: max-age=0, no-cache, no-store, must-revalidate
cf-cache-status: BYPASS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=M3QoCfgjWlbtpvJFzCV6ku1O45%2FOna7AzDGa3U68g6KElpsKvJekJKBmm4ghS68b5H9h2hXYg6mll27wsR8yX%2BgE00J5I2A9HF%2Behp7UFDh128CIqL%2FQd%2BvHU3P%2FEjEecvsD"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7cd3b37bdced0b45-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
news-xehola.com/lands/38/lp.js
193.108.118.59 1.4 kB URL news-xehola.com/lands/38/lp.js
IP 193.108.118.59:0
ASN #61003 GlobalTeleHost Corp.
Hash 8441b469fa0c093bd106a66a4068d944
c3698e755cd1ef7b5d29e233ef615219559a96f3
befe8e9f55c6e3fe10fd398534acb713129764b05d852089ac34bfa535a53902
Analyzer Verdict Alert fortinet Phishing
GET /lands/38/lp.js HTTP/1.1
Host: news-xehola.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://news-xehola.com/lands/38/?site=8051484&sub1=&sub2=&sub3=&sub4=
Cookie: clickdata=ODA1MTQ4NHw6fDM4fDp8fDp8fDp8fDp8
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 26 May 2023 05:43:33 GMT
content-type: application/javascript
content-length: 1418
last-modified: Thu, 12 Sep 2019 09:25:04 GMT
etag: "5d7a0ef0-58a"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
accept-ranges: bytes
X-Firefox-Spdy: h2
news-xehola.com/revopush.js?v=4
193.108.118.59 10 kB URL news-xehola.com/revopush.js?v=4
IP 193.108.118.59:0
ASN #61003 GlobalTeleHost Corp.
File type ASCII text, with very long lines (9954), with no line terminators
Hash fc284a0e5d580856ae4863715ad6733e
eb69f303c80ff8e44abc9601b8616c0cf92faafa
2240a1d10744494668058ba210d0d87203609def9fd69d2ac82092ebc79583c0
Analyzer Verdict Alert fortinet Phishing
GET /revopush.js?v=4 HTTP/1.1
Host: news-xehola.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://news-xehola.com/lands/38/?site=8051484&sub1=&sub2=&sub3=&sub4=
Cookie: clickdata=ODA1MTQ4NHw6fDM4fDp8fDp8fDp8fDp8
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 26 May 2023 05:43:33 GMT
content-type: application/javascript
content-length: 9954
last-modified: Thu, 15 Dec 2022 09:31:10 GMT
etag: "639ae95e-26e2"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
accept-ranges: bytes
X-Firefox-Spdy: h2
news-xehola.com/lands/38/landings/Ihyam_7H2-fd/index.php_files/modals_commons.css
193.108.118.59 4.0 kB URL news-xehola.com/lands/38/landings/Ihyam_7H2-fd/index.php_files/modals_commons.css
IP 193.108.118.59:0
ASN #61003 GlobalTeleHost Corp.
File type ASCII text, with very long lines (4028), with no line terminators
Hash 64f6d7d923f18e5d25a4506b45fcd51d
0e636e489bba7af08cb17f8a72c5dc5685774057
18818b4b5458636324d294a8dee67dbde4808ae542e6cefa18ca6d90c1fc4479
GET /lands/38/landings/Ihyam_7H2-fd/index.php_files/modals_commons.css HTTP/1.1
Host: news-xehola.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://news-xehola.com/lands/38/?site=8051484&sub1=&sub2=&sub3=&sub4=
Cookie: clickdata=ODA1MTQ4NHw6fDM4fDp8fDp8fDp8fDp8
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 26 May 2023 05:43:33 GMT
content-type: text/css
content-length: 4028
last-modified: Wed, 12 Jan 2022 11:10:28 GMT
etag: "61deb724-fbc"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
accept-ranges: bytes
X-Firefox-Spdy: h2
d.crystalcrafter.top/video-bit/?pl=eEeNQaJCPEWE-YSBnP-wPw&sm=video-bit&hash=IDh3zRa4hppgwpEpdEiN6g&exp=1685080108
104.21.7.3 6.9 kB URL d.crystalcrafter.top/video-bit/?pl=eEeNQaJCPEWE-YSBnP-wPw&sm=video-bit&hash=IDh3zRa4hppgwpEpdEiN6g&exp=1685080108
IP 104.21.7.3:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (445), with CRLF line terminators
Hash 4c8e6e1aff41a6602ac720d4709aafc0
4f95479f68c348f307f5e3ff65ebeebf0bc5c10a
cf31ce4a23c3805bbbee3ab242d3ad9865b6e67cb4f0582a4d554f814f84d5ca
GET /video-bit/?pl=eEeNQaJCPEWE-YSBnP-wPw&sm=video-bit&hash=IDh3zRa4hppgwpEpdEiN6g&exp=1685080108 HTTP/1.1
Host: d.crystalcrafter.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://c.crystalcrafter.top/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Fri, 26 May 2023 05:43:32 GMT
content-type: text/html
last-modified: Mon, 01 May 2023 15:50:37 GMT
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=8Ee5YBQJm%2BF8hHJfGdAqbyqAOh9tmoiRdOF%2FgjTXw3j3Isqb93ADckSioz5IbxRiporGzJ%2FdcVoVE%2FHQs6MhOheNLHmzQ5mi4vHAMm7NhmLTf4dkHASPo8y7wqNsb%2Bxj8Ha%2B%2BGO0jQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7cd3b37a2cdf1c0e-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
news-xehola.com/lands/38/landings/Ihyam_7H2-fd/index.php_files/widgets-comments.css
193.108.118.59 8.3 kB URL news-xehola.com/lands/38/landings/Ihyam_7H2-fd/index.php_files/widgets-comments.css
IP 193.108.118.59:0
ASN #61003 GlobalTeleHost Corp.
File type ASCII text, with very long lines (8327), with no line terminators
Hash 8cd6ca47d55ffed774fde852523940e0
49e1e837355b3de08055c650488d0a3382bff9c0
17528d5914a702bb12ac6b36c8e3bbbfbcd3d52b54dd613acbacf8f4bb17ae33
GET /lands/38/landings/Ihyam_7H2-fd/index.php_files/widgets-comments.css HTTP/1.1
Host: news-xehola.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://news-xehola.com/lands/38/?site=8051484&sub1=&sub2=&sub3=&sub4=
Cookie: clickdata=ODA1MTQ4NHw6fDM4fDp8fDp8fDp8fDp8
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 26 May 2023 05:43:33 GMT
content-type: text/css
content-length: 8327
last-modified: Wed, 12 Jan 2022 11:10:28 GMT
etag: "61deb724-2087"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
accept-ranges: bytes
X-Firefox-Spdy: h2
news-xehola.com/lands/38/landings/Ihyam_7H2-fd/index.php_files/pb_block.css
193.108.118.59 1.4 kB URL news-xehola.com/lands/38/landings/Ihyam_7H2-fd/index.php_files/pb_block.css
IP 193.108.118.59:0
ASN #61003 GlobalTeleHost Corp.
File type ASCII text, with very long lines (1391), with no line terminators
Hash 677a255a4a9dc3411b8013e8afb09c42
ec9f1a722b028da2eceb06cdc8c26fc6490a4e70
cc4494353809adb8bdfbbdea2ad72a1a0fc9c84816dc23c7ee1f9466e620eb5e
GET /lands/38/landings/Ihyam_7H2-fd/index.php_files/pb_block.css HTTP/1.1
Host: news-xehola.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://news-xehola.com/lands/38/?site=8051484&sub1=&sub2=&sub3=&sub4=
Cookie: clickdata=ODA1MTQ4NHw6fDM4fDp8fDp8fDp8fDp8
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 26 May 2023 05:43:33 GMT
content-type: text/css
content-length: 1391
last-modified: Thu, 12 Sep 2019 09:25:02 GMT
etag: "5d7a0eee-56f"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
accept-ranges: bytes
X-Firefox-Spdy: h2
js.streampsh.top/ps/pl.js?edg=true&fullscreen=true
172.67.169.207 13 kB URL js.streampsh.top/ps/pl.js?edg=true&fullscreen=true
IP 172.67.169.207:0
File type ASCII text, with very long lines (2763), with no line terminators
Hash c8409dd7d34d07dcb58bcc964fb674da
09110579eed1a3a7cedf79aa258bd337a74bd644
daa69a5e86f32de4ab6cdac3ee241b8a3b7a30d60ecb335bfc20236fb675cbdb
GET /ps/pl.js?edg=true&fullscreen=true HTTP/1.1
Host: js.streampsh.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://c.crystalcrafter.top/
Cookie: __psu=2e0a93c8-7521-4c52-aa3f-1e10d471c4bd
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Fri, 26 May 2023 05:43:31 GMT
content-type: application/javascript
cache-control: max-age=0, no-cache, no-store, must-revalidate
cf-cache-status: BYPASS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Ofg1fYWxvkiKUUPwyn%2FJ0Q6ZzkmLs4dXt9OqvI8LrzC43QkXakQ4V5IpgGWLh0btgkjNZTnufStvgiR6I3fgrZXSMm08NO8r10rL8req584lK7HrB7nzC4lQwHuHQGJpeXcM"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7cd3b376b8500b45-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
news-xehola.com/lands/38/landings/Ihyam_7H2-fd/index.php_files/681.png
193.108.118.59 22 kB URL news-xehola.com/lands/38/landings/Ihyam_7H2-fd/index.php_files/681.png
IP 193.108.118.59:0
ASN #61003 GlobalTeleHost Corp.
File type PNG image data, 150 x 40, 8-bit/color RGBA, non-interlaced\012- data
Hash 19b197d779dd9ee78737a456dbd5c1a6
a3f0b1d0659e5a76bdfaa52bb8f68096d1ab1359
806a8a4abe09c02f4e4b3ed4d6514bfcf1a93a941e838aadf56afaef858d8e37
GET /lands/38/landings/Ihyam_7H2-fd/index.php_files/681.png HTTP/1.1
Host: news-xehola.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://news-xehola.com/lands/38/?site=8051484&sub1=&sub2=&sub3=&sub4=
Cookie: clickdata=ODA1MTQ4NHw6fDM4fDp8fDp8fDp8fDp8
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 26 May 2023 05:43:33 GMT
content-type: image/png
content-length: 21724
last-modified: Thu, 12 Sep 2019 09:25:02 GMT
etag: "5d7a0eee-54dc"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
accept-ranges: bytes
X-Firefox-Spdy: h2
d.crystalcrafter.top/video-bit/assets/style.css
104.21.7.3 30 kB URL d.crystalcrafter.top/video-bit/assets/style.css
IP 104.21.7.3:0
File type ASCII text, with CRLF line terminators
Hash e867c9e96e9a259c6a4b24730e434d03
be972bdccee721442af33479796f714c4b1a1d16
4a0441a0e8e9028aaa327956916e6c08ec7e49fc42b4d0aa3525d527f3742b5b
GET /video-bit/assets/style.css HTTP/1.1
Host: d.crystalcrafter.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://d.crystalcrafter.top/video-bit/?pl=eEeNQaJCPEWE-YSBnP-wPw&sm=video-bit&hash=IDh3zRa4hppgwpEpdEiN6g&exp=1685080108
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Fri, 26 May 2023 05:43:32 GMT
content-type: text/css
last-modified: Tue, 18 Apr 2023 07:09:02 GMT
etag: W/"643e420e-1a3c"
cache-control: max-age=14400
cf-cache-status: REVALIDATED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=QIIT0qW6l%2FDZQeSJAE7rerH0zY1Trd7PcUTr7Iqo%2BzGHmstgvhQum3qxIqTn34joveKXPARzL%2BghcUREBd3yvqDSKiVjWiE9KW5cw%2BqBALAun698eE9jVzYxve73S2qnvtwQI2snqA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7cd3b37aed701c0e-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
news-xehola.com/lands/38/landings/Ihyam_7H2-fd/index.php_files/36.jpg
193.108.118.59 17 kB URL news-xehola.com/lands/38/landings/Ihyam_7H2-fd/index.php_files/36.jpg
IP 193.108.118.59:0
ASN #61003 GlobalTeleHost Corp.
File type JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 118x88, components 3\012- data
Hash 215029a9775d1e9a56c93912ab03f4c6
6a3dbd676e2ea61850d2a20086b9ec84127da0ae
e071c52839ef37679439165349ffdd98cf19aa7e35d0293a1bec69743db70b16
GET /lands/38/landings/Ihyam_7H2-fd/index.php_files/36.jpg HTTP/1.1
Host: news-xehola.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://news-xehola.com/lands/38/?site=8051484&sub1=&sub2=&sub3=&sub4=
Cookie: clickdata=ODA1MTQ4NHw6fDM4fDp8fDp8fDp8fDp8
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 26 May 2023 05:43:33 GMT
content-type: image/jpeg
content-length: 17350
last-modified: Thu, 12 Sep 2019 09:25:02 GMT
etag: "5d7a0eee-43c6"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
accept-ranges: bytes
X-Firefox-Spdy: h2
news-xehola.com/lands/38/landings/Ihyam_7H2-fd/index.php_files/27.jpg
193.108.118.59 12 kB URL news-xehola.com/lands/38/landings/Ihyam_7H2-fd/index.php_files/27.jpg
IP 193.108.118.59:0
ASN #61003 GlobalTeleHost Corp.
File type JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 118x88, components 3\012- data
Hash ea52ae32ae4319fb03da1672b0c20ed3
4efd8189179b260a4b51fd4b28d729b6143ef00a
43a4ca83560d5720ffeccf17478d6a1741f86639f35744fb61fcb139dc3020a6
GET /lands/38/landings/Ihyam_7H2-fd/index.php_files/27.jpg HTTP/1.1
Host: news-xehola.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://news-xehola.com/lands/38/?site=8051484&sub1=&sub2=&sub3=&sub4=
Cookie: clickdata=ODA1MTQ4NHw6fDM4fDp8fDp8fDp8fDp8
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 26 May 2023 05:43:33 GMT
content-type: image/jpeg
content-length: 12525
last-modified: Thu, 12 Sep 2019 09:25:02 GMT
etag: "5d7a0eee-30ed"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
accept-ranges: bytes
X-Firefox-Spdy: h2
news-xehola.com/lands/38/landings/Ihyam_7H2-fd/index.php_files/8.jpg
193.108.118.59 11 kB URL news-xehola.com/lands/38/landings/Ihyam_7H2-fd/index.php_files/8.jpg
IP 193.108.118.59:0
ASN #61003 GlobalTeleHost Corp.
File type JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], progressive, precision 8, 118x88, components 3\012- data
Hash 2f03fbd61721fdf46883333595050c77
8361f15c906a9457340fc21febd22b5ede56ac61
9f6c76cf695bc0785f4e4f8bb3abe93255af3ea1597307d567dc0fc93fa70560
GET /lands/38/landings/Ihyam_7H2-fd/index.php_files/8.jpg HTTP/1.1
Host: news-xehola.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://news-xehola.com/lands/38/?site=8051484&sub1=&sub2=&sub3=&sub4=
Cookie: clickdata=ODA1MTQ4NHw6fDM4fDp8fDp8fDp8fDp8
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 26 May 2023 05:43:33 GMT
content-type: image/jpeg
content-length: 11238
last-modified: Thu, 12 Sep 2019 09:25:02 GMT
etag: "5d7a0eee-2be6"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
accept-ranges: bytes
X-Firefox-Spdy: h2
news-xehola.com/lands/38/landings/Ihyam_7H2-fd/index.php_files/35.jpg
193.108.118.59 14 kB URL news-xehola.com/lands/38/landings/Ihyam_7H2-fd/index.php_files/35.jpg
IP 193.108.118.59:0
ASN #61003 GlobalTeleHost Corp.
File type JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], progressive, precision 8, 118x88, components 3\012- data
Hash 9903db279cf9714141daac34523f39b6
ac412f9ce9b8c50155e9adb9f5095d82519ccd24
f562892c60fef407c954fd73d6908003c42f832c4ae86f8264438a576ce2c1cd
GET /lands/38/landings/Ihyam_7H2-fd/index.php_files/35.jpg HTTP/1.1
Host: news-xehola.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://news-xehola.com/lands/38/?site=8051484&sub1=&sub2=&sub3=&sub4=
Cookie: clickdata=ODA1MTQ4NHw6fDM4fDp8fDp8fDp8fDp8
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 26 May 2023 05:43:33 GMT
content-type: image/jpeg
content-length: 13505
last-modified: Thu, 12 Sep 2019 09:25:02 GMT
etag: "5d7a0eee-34c1"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
accept-ranges: bytes
X-Firefox-Spdy: h2
news-xehola.com/lands/38/landings/Ihyam_7H2-fd/index.php_files/73.jpg
193.108.118.59 13 kB URL news-xehola.com/lands/38/landings/Ihyam_7H2-fd/index.php_files/73.jpg
IP 193.108.118.59:0
ASN #61003 GlobalTeleHost Corp.
File type JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 118x88, components 3\012- data
Hash 99a404d25bcdd47a141dafdbe046d0cf
04de642c5cbc865c29ab3599c1c4fa19f2a6ba8e
fbe779bcef340ba0b148f84b50a8323a2bbb493674e130bf877d87c6d163ed36
GET /lands/38/landings/Ihyam_7H2-fd/index.php_files/73.jpg HTTP/1.1
Host: news-xehola.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://news-xehola.com/lands/38/?site=8051484&sub1=&sub2=&sub3=&sub4=
Cookie: clickdata=ODA1MTQ4NHw6fDM4fDp8fDp8fDp8fDp8
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 26 May 2023 05:43:33 GMT
content-type: image/jpeg
content-length: 13106
last-modified: Thu, 12 Sep 2019 09:25:02 GMT
etag: "5d7a0eee-3332"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
accept-ranges: bytes
X-Firefox-Spdy: h2
news-xehola.com/lands/38/landings/Ihyam_7H2-fd/index.php_files/7.jpg
193.108.118.59 16 kB URL news-xehola.com/lands/38/landings/Ihyam_7H2-fd/index.php_files/7.jpg
IP 193.108.118.59:0
ASN #61003 GlobalTeleHost Corp.
File type JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], progressive, precision 8, 118x88, components 3\012- data
Hash 5a34545daf4bc481bcbc3573062aa426
132d09d36ede8f32c3168ecaaa631e5959ce38ef
c044a81b14812c50f3142ad20d0ca862923daba2483eb164b0348ba98d3b7855
GET /lands/38/landings/Ihyam_7H2-fd/index.php_files/7.jpg HTTP/1.1
Host: news-xehola.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://news-xehola.com/lands/38/?site=8051484&sub1=&sub2=&sub3=&sub4=
Cookie: clickdata=ODA1MTQ4NHw6fDM4fDp8fDp8fDp8fDp8
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 26 May 2023 05:43:33 GMT
content-type: image/jpeg
content-length: 15481
last-modified: Thu, 12 Sep 2019 09:25:02 GMT
etag: "5d7a0eee-3c79"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
accept-ranges: bytes
X-Firefox-Spdy: h2
news-xehola.com/lands/38/landings/Ihyam_7H2-fd/index.php_files/28.jpg
193.108.118.59 18 kB URL news-xehola.com/lands/38/landings/Ihyam_7H2-fd/index.php_files/28.jpg
IP 193.108.118.59:0
ASN #61003 GlobalTeleHost Corp.
File type JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], progressive, precision 8, 118x88, components 3\012- data
Hash 10e8794e65f20d32932985bf814b8965
0627b8648373340d2ba949fd7fe50611d11b033b
43b9f39f94acb50efb3b6981a6c931dcf25eefcc7b7734a927036255263eee39
GET /lands/38/landings/Ihyam_7H2-fd/index.php_files/28.jpg HTTP/1.1
Host: news-xehola.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://news-xehola.com/lands/38/?site=8051484&sub1=&sub2=&sub3=&sub4=
Cookie: clickdata=ODA1MTQ4NHw6fDM4fDp8fDp8fDp8fDp8
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 26 May 2023 05:43:33 GMT
content-type: image/jpeg
content-length: 17978
last-modified: Thu, 12 Sep 2019 09:25:02 GMT
etag: "5d7a0eee-463a"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
accept-ranges: bytes
X-Firefox-Spdy: h2
news-xehola.com/lands/38/landings/Ihyam_7H2-fd/index.php_files/categories_seeall.gif
193.108.118.59 2.4 kB URL news-xehola.com/lands/38/landings/Ihyam_7H2-fd/index.php_files/categories_seeall.gif
IP 193.108.118.59:0
ASN #61003 GlobalTeleHost Corp.
File type GIF image data, version 89a, 116 x 86\012- data
Hash ec706a0634f1e5e06ad775b2b2ebdcf2
5a18c424f7b84b40709a6b78b2d632639bb3ff2b
9613f59211bd2194336c666d11a0d2e1daa4dd96d543e661f5835e0a621c2f5d
GET /lands/38/landings/Ihyam_7H2-fd/index.php_files/categories_seeall.gif HTTP/1.1
Host: news-xehola.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://news-xehola.com/lands/38/?site=8051484&sub1=&sub2=&sub3=&sub4=
Cookie: clickdata=ODA1MTQ4NHw6fDM4fDp8fDp8fDp8fDp8
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 26 May 2023 05:43:33 GMT
content-type: image/gif
content-length: 2350
last-modified: Thu, 12 Sep 2019 09:25:02 GMT
etag: "5d7a0eee-92e"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
accept-ranges: bytes
X-Firefox-Spdy: h2
news-xehola.com/lands/38/landings/Ihyam_7H2-fd/index.php_files/2.jpg
193.108.118.59 9.0 kB URL news-xehola.com/lands/38/landings/Ihyam_7H2-fd/index.php_files/2.jpg
IP 193.108.118.59:0
ASN #61003 GlobalTeleHost Corp.
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, comment: "Optimized by JPEGmini 3.12.0.4 0xae3bf698", progressive, precision 8, 258x145, components 3\012- data
Hash 58357cada0f0171d2a84540391219649
57123e69e055b4d818faedec09884135c5d4a31e
742c68ecf3dcc1096143a0a5d00f4a15a3edb13fd497ea2931e67e66826addd0
GET /lands/38/landings/Ihyam_7H2-fd/index.php_files/2.jpg HTTP/1.1
Host: news-xehola.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://news-xehola.com/lands/38/?site=8051484&sub1=&sub2=&sub3=&sub4=
Cookie: clickdata=ODA1MTQ4NHw6fDM4fDp8fDp8fDp8fDp8
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 26 May 2023 05:43:33 GMT
content-type: image/jpeg
content-length: 9007
last-modified: Thu, 12 Sep 2019 09:25:02 GMT
etag: "5d7a0eee-232f"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
accept-ranges: bytes
X-Firefox-Spdy: h2
news-xehola.com/lands/38/landings/Ihyam_7H2-fd/index.php_files/8(1).jpg
193.108.118.59 9.6 kB URL news-xehola.com/lands/38/landings/Ihyam_7H2-fd/index.php_files/8(1).jpg
IP 193.108.118.59:0
ASN #61003 GlobalTeleHost Corp.
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, comment: "Optimized by JPEGmini 3.12.0.4 0x70755b56", progressive, precision 8, 258x145, components 3\012- data
Hash 8fcd27f0bcc790f75f46d275a19a6300
556d3ca4dec168c77ae4a73c0c6e8291ef1291c0
78410be719ee73e00845d44e100e280d3989fc3d0fa4d3dcfcd888f13ded1843
GET /lands/38/landings/Ihyam_7H2-fd/index.php_files/8(1).jpg HTTP/1.1
Host: news-xehola.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://news-xehola.com/lands/38/?site=8051484&sub1=&sub2=&sub3=&sub4=
Cookie: clickdata=ODA1MTQ4NHw6fDM4fDp8fDp8fDp8fDp8
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 26 May 2023 05:43:33 GMT
content-type: image/jpeg
content-length: 9565
last-modified: Thu, 12 Sep 2019 09:25:02 GMT
etag: "5d7a0eee-255d"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
accept-ranges: bytes
X-Firefox-Spdy: h2
b.crystalcrafter.top/video-bit/assets/spinning-circles2.svg
104.21.7.3 15 kB URL b.crystalcrafter.top/video-bit/assets/spinning-circles2.svg
IP 104.21.7.3:0
File type SVG Scalable Vector Graphics image\012- , ASCII text
Hash 14e6f9981fa27406176056df2451d27b
aa1b6fd6071391d0031bff2d74ae77347ec2fdb4
466d361db2f130d7e3d40a671c935e3e556c3a49567657afee2e44a0a390a84f
GET /video-bit/assets/spinning-circles2.svg HTTP/1.1
Host: b.crystalcrafter.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://b.crystalcrafter.top/video-bit/?pl=eEeNQaJCPEWE-YSBnP-wPw&sm=video-bit&hash=IDh3zRa4hppgwpEpdEiN6g&exp=1685080108
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Fri, 26 May 2023 05:43:31 GMT
content-type: image/svg+xml
last-modified: Tue, 18 Apr 2023 07:09:02 GMT
etag: W/"643e420e-1f7"
cache-control: max-age=14400
cf-cache-status: REVALIDATED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=SgWWAWmkaxStA2jsCcTla%2FzowO0qyBrUKV5PS3YwSQF3W4OOS%2Fc%2Fg8aVHhMaxpqUnDVJ7cn9bowpA0mOkNsXv2CG6kB1El9ALMSqMUziKNDddrb%2BgoXGhqy0G1qwFKha286vJ9pfjw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7cd3b3721e401c0e-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
news-xehola.com/lands/38/landings/Ihyam_7H2-fd/index.php_files/10.jpg
193.108.118.59 10 kB URL news-xehola.com/lands/38/landings/Ihyam_7H2-fd/index.php_files/10.jpg
IP 193.108.118.59:0
ASN #61003 GlobalTeleHost Corp.
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, comment: "Optimized by JPEGmini 3.12.0.4 0x1d6d8e5e", progressive, precision 8, 258x145, components 3\012- data
Hash 1541881a313c963dc754657aefd89ef0
fb41198c81ac17da4f9a34e4b4bf21c8c7fe6001
75e1629d9fad2e22b9d9983c65874a19a3f639db43c11db713a7f972b8f72117
GET /lands/38/landings/Ihyam_7H2-fd/index.php_files/10.jpg HTTP/1.1
Host: news-xehola.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://news-xehola.com/lands/38/?site=8051484&sub1=&sub2=&sub3=&sub4=
Cookie: clickdata=ODA1MTQ4NHw6fDM4fDp8fDp8fDp8fDp8
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 26 May 2023 05:43:33 GMT
content-type: image/jpeg
content-length: 10352
last-modified: Thu, 12 Sep 2019 09:25:02 GMT
etag: "5d7a0eee-2870"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
accept-ranges: bytes
X-Firefox-Spdy: h2
news-xehola.com/lands/38/landings/Ihyam_7H2-fd/index.php_files/0.jpg
193.108.118.59 9.0 kB URL news-xehola.com/lands/38/landings/Ihyam_7H2-fd/index.php_files/0.jpg
IP 193.108.118.59:0
ASN #61003 GlobalTeleHost Corp.
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, comment: "Optimized by JPEGmini 3.12.0.4 0x905c306b", progressive, precision 8, 258x145, components 3\012- data
Hash 6c17c634ebd856cc85bedd931ac01680
d1e1b9358749b9fd4ff851bb4cbdce54a6223ce8
c1ced3a91bde391f64c6cef03b164cd89ffd499fa5d75a3f797bc57b1fc3c191
GET /lands/38/landings/Ihyam_7H2-fd/index.php_files/0.jpg HTTP/1.1
Host: news-xehola.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://news-xehola.com/lands/38/?site=8051484&sub1=&sub2=&sub3=&sub4=
Cookie: clickdata=ODA1MTQ4NHw6fDM4fDp8fDp8fDp8fDp8
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 26 May 2023 05:43:33 GMT
content-type: image/jpeg
content-length: 9032
last-modified: Thu, 12 Sep 2019 09:25:02 GMT
etag: "5d7a0eee-2348"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
accept-ranges: bytes
X-Firefox-Spdy: h2
news-xehola.com/lands/38/landings/Ihyam_7H2-fd/index.php_files/14.jpg
193.108.118.59 8.3 kB URL news-xehola.com/lands/38/landings/Ihyam_7H2-fd/index.php_files/14.jpg
IP 193.108.118.59:0
ASN #61003 GlobalTeleHost Corp.
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, comment: "Optimized by JPEGmini 3.12.0.4 0x8c97c7da", progressive, precision 8, 258x145, components 3\012- data
Hash bc1cdeea817d887b981f26bc84236b93
4528ed7010e2e0c774890d6041a60cbeb3c69c92
d737ffd9379d8f2734c1dc6304e4ff75f1c946de29371a1ec9ddc01f423076dd
GET /lands/38/landings/Ihyam_7H2-fd/index.php_files/14.jpg HTTP/1.1
Host: news-xehola.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://news-xehola.com/lands/38/?site=8051484&sub1=&sub2=&sub3=&sub4=
Cookie: clickdata=ODA1MTQ4NHw6fDM4fDp8fDp8fDp8fDp8
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 26 May 2023 05:43:33 GMT
content-type: image/jpeg
content-length: 8266
last-modified: Thu, 12 Sep 2019 09:25:02 GMT
etag: "5d7a0eee-204a"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
accept-ranges: bytes
X-Firefox-Spdy: h2
news-xehola.com/lands/38/landings/Ihyam_7H2-fd/index.php_files/13.jpg
193.108.118.59 9.3 kB URL news-xehola.com/lands/38/landings/Ihyam_7H2-fd/index.php_files/13.jpg
IP 193.108.118.59:0
ASN #61003 GlobalTeleHost Corp.
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, comment: "Optimized by JPEGmini 3.12.0.4 0x7cd1fc83", progressive, precision 8, 258x145, components 3\012- data
Hash 5ec2461279f77afe0c6fbb935bd0b94a
95c6e9171db79ea69ce718b02484e36816d1a1cd
ac60e5738d3cf6d32004e1ddfcf4368e256f1928ea923f9369869b8e9af665ba
GET /lands/38/landings/Ihyam_7H2-fd/index.php_files/13.jpg HTTP/1.1
Host: news-xehola.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://news-xehola.com/lands/38/?site=8051484&sub1=&sub2=&sub3=&sub4=
Cookie: clickdata=ODA1MTQ4NHw6fDM4fDp8fDp8fDp8fDp8
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 26 May 2023 05:43:33 GMT
content-type: image/jpeg
content-length: 9338
last-modified: Thu, 12 Sep 2019 09:25:02 GMT
etag: "5d7a0eee-247a"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
accept-ranges: bytes
X-Firefox-Spdy: h2
news-xehola.com/lands/38/jquery-3.2.1.min.js
193.108.118.59 40 kB URL news-xehola.com/lands/38/jquery-3.2.1.min.js
IP 193.108.118.59:0
ASN #61003 GlobalTeleHost Corp.
File type gzip compressed data, from Unix\012- data
Hash a5a035d418f1c98c6dd1b5311cc8389d
67e9a9e08fa1c82fd668377d5a5d198750b8d18b
771f9b800926e9262eec139cfc221518c857ce6eebd67215e892ad29decd411f
Analyzer Verdict Alert fortinet Phishing
GET /lands/38/jquery-3.2.1.min.js HTTP/1.1
Host: news-xehola.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://news-xehola.com/lands/38/?site=8051484&sub1=&sub2=&sub3=&sub4=
Cookie: clickdata=ODA1MTQ4NHw6fDM4fDp8fDp8fDp8fDp8
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 26 May 2023 05:43:33 GMT
content-type: application/javascript
last-modified: Thu, 12 Sep 2019 09:33:06 GMT
etag: W/"5d7a10d2-15283"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
content-encoding: gzip
X-Firefox-Spdy: h2
news-xehola.com/lands/38/landings/Ihyam_7H2-fd/index.php_files/8(2).jpg
193.108.118.59 8.9 kB URL news-xehola.com/lands/38/landings/Ihyam_7H2-fd/index.php_files/8(2).jpg
IP 193.108.118.59:0
ASN #61003 GlobalTeleHost Corp.
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, comment: "Optimized by JPEGmini 3.12.0.4 0x1f7d625b", progressive, precision 8, 258x145, components 3\012- data
Hash 77df6b7e2677b46a053508a92026cb8a
decad70c5281062495250250fdf985b6073a8a91
6143cd3687b480264dad4e3d3a237c30c26c859ef7fe1c2a7b32472fb65710c0
GET /lands/38/landings/Ihyam_7H2-fd/index.php_files/8(2).jpg HTTP/1.1
Host: news-xehola.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://news-xehola.com/lands/38/?site=8051484&sub1=&sub2=&sub3=&sub4=
Cookie: clickdata=ODA1MTQ4NHw6fDM4fDp8fDp8fDp8fDp8
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 26 May 2023 05:43:33 GMT
content-type: image/jpeg
content-length: 8885
last-modified: Thu, 12 Sep 2019 09:25:02 GMT
etag: "5d7a0eee-22b5"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
accept-ranges: bytes
X-Firefox-Spdy: h2
news-xehola.com/lands/38/landings/Ihyam_7H2-fd/index.php_files/5.jpg
193.108.118.59 12 kB URL news-xehola.com/lands/38/landings/Ihyam_7H2-fd/index.php_files/5.jpg
IP 193.108.118.59:0
ASN #61003 GlobalTeleHost Corp.
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, comment: "Optimized by JPEGmini 3.12.0.4 0x905c306b", progressive, precision 8, 258x145, components 3\012- data
Hash 081a01df58865529d3edcbc765c4dcb5
a7fe3ca35fe5e244926a80addda994218806f613
edebf400c8f60c306491e7b2f8a695b7dde10cf49eed66125423571a1cd60d05
GET /lands/38/landings/Ihyam_7H2-fd/index.php_files/5.jpg HTTP/1.1
Host: news-xehola.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://news-xehola.com/lands/38/?site=8051484&sub1=&sub2=&sub3=&sub4=
Cookie: clickdata=ODA1MTQ4NHw6fDM4fDp8fDp8fDp8fDp8
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 26 May 2023 05:43:33 GMT
content-type: image/jpeg
content-length: 12127
last-modified: Thu, 12 Sep 2019 09:25:02 GMT
etag: "5d7a0eee-2f5f"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
accept-ranges: bytes
X-Firefox-Spdy: h2
news-xehola.com/lands/38/landings/Ihyam_7H2-fd/button.png
193.108.118.59 20 kB URL news-xehola.com/lands/38/landings/Ihyam_7H2-fd/button.png
IP 193.108.118.59:0
ASN #61003 GlobalTeleHost Corp.
File type PNG image data, 107 x 93, 8-bit/color RGBA, non-interlaced\012- data
Hash e2aadceedde9aef1bf42c176b31c585c
76c14eae7537160a304aa458bf11a985d5a57375
2b1ff8c49202306d33deac4cf49841f59c1a49d15c80a77c1e001369578cef3f
GET /lands/38/landings/Ihyam_7H2-fd/button.png HTTP/1.1
Host: news-xehola.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://news-xehola.com/lands/38/?site=8051484&sub1=&sub2=&sub3=&sub4=
Cookie: clickdata=ODA1MTQ4NHw6fDM4fDp8fDp8fDp8fDp8
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 26 May 2023 05:43:33 GMT
content-type: image/png
content-length: 19948
last-modified: Thu, 12 Sep 2019 09:25:02 GMT
etag: "5d7a0eee-4dec"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
accept-ranges: bytes
X-Firefox-Spdy: h2
news-xehola.com/lands/38/landings/Ihyam_7H2-fd/load.gif
193.108.118.59 15 kB URL news-xehola.com/lands/38/landings/Ihyam_7H2-fd/load.gif
IP 193.108.118.59:0
ASN #61003 GlobalTeleHost Corp.
File type GIF image data, version 89a, 64 x 64\012- data
Hash 571dfe045d66b88d2d5c82151a1bf579
8966eb7cd27754263bd2861737b695386273f423
7c7cd7a7155d3d38bb49fc82c83aa14ed24d56f6886623299b13b6a81486a871
GET /lands/38/landings/Ihyam_7H2-fd/load.gif HTTP/1.1
Host: news-xehola.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://news-xehola.com/lands/38/?site=8051484&sub1=&sub2=&sub3=&sub4=
Cookie: clickdata=ODA1MTQ4NHw6fDM4fDp8fDp8fDp8fDp8
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 26 May 2023 05:43:33 GMT
content-type: image/gif
content-length: 14574
last-modified: Thu, 12 Sep 2019 09:25:02 GMT
etag: "5d7a0eee-38ee"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
accept-ranges: bytes
X-Firefox-Spdy: h2
news-xehola.com/lands/38/landings/Ihyam_7H2-fd/flash.jpg
193.108.118.59 3.8 kB URL news-xehola.com/lands/38/landings/Ihyam_7H2-fd/flash.jpg
IP 193.108.118.59:0
ASN #61003 GlobalTeleHost Corp.
File type PNG image data, 100 x 100, 8-bit/color RGB, non-interlaced\012- data
Hash d660b4b574161fdee86ae57edc8ed0ab
0b947dc39c7ba7415dd78683e06366ff3848b2d5
7483a49fc67a21c7a295b03880aa6c37425f3e96d60dff1ac36eff743ecf6078
GET /lands/38/landings/Ihyam_7H2-fd/flash.jpg HTTP/1.1
Host: news-xehola.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://news-xehola.com/lands/38/?site=8051484&sub1=&sub2=&sub3=&sub4=
Cookie: clickdata=ODA1MTQ4NHw6fDM4fDp8fDp8fDp8fDp8
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 26 May 2023 05:43:33 GMT
content-type: image/jpeg
content-length: 3829
last-modified: Thu, 12 Sep 2019 09:25:02 GMT
etag: "5d7a0eee-ef5"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
accept-ranges: bytes
X-Firefox-Spdy: h2
news-xehola.com/lands/38/landings/Ihyam_7H2-fd/panel.jpg
193.108.118.59 24 kB URL news-xehola.com/lands/38/landings/Ihyam_7H2-fd/panel.jpg
IP 193.108.118.59:0
ASN #61003 GlobalTeleHost Corp.
File type JPEG image data, Exif standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop CC (Windows), datetime=2016:05:13 17:11:55], baseline, precision 8, 990x36, components 3\012- data
Hash ab6b76c0cc6683324bd7fe5923b24d17
559b8b1e50f80b7a218e25ce443e523401882577
a923ea85ee73e53db73038b2ea8712e7e40b067cde25b05ffa999608b17a304d
GET /lands/38/landings/Ihyam_7H2-fd/panel.jpg HTTP/1.1
Host: news-xehola.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://news-xehola.com/lands/38/?site=8051484&sub1=&sub2=&sub3=&sub4=
Cookie: clickdata=ODA1MTQ4NHw6fDM4fDp8fDp8fDp8fDp8
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 26 May 2023 05:43:33 GMT
content-type: image/jpeg
content-length: 23598
last-modified: Thu, 12 Sep 2019 09:25:04 GMT
etag: "5d7a0ef0-5c2e"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
accept-ranges: bytes
X-Firefox-Spdy: h2
news-xehola.com/lands/38/landings/Ihyam_7H2-fd/index.php_files/male.jpg
193.108.118.59 887 B URL news-xehola.com/lands/38/landings/Ihyam_7H2-fd/index.php_files/male.jpg
IP 193.108.118.59:0
ASN #61003 GlobalTeleHost Corp.
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, comment: "Optimized by JPEGmini 3.12.0.4 0x6e5cd524", progressive, precision 8, 60x60, components 3\012- data
Hash 7754ce192cf45ea10de0706da442d2ff
b5b7d0fcf5e84b04b34629d5a5a9c0bb69ca5238
0bfd7fc5264b6cede1f78a26a96cee917f96989822aa2aa20ac854e13ad46b2b
GET /lands/38/landings/Ihyam_7H2-fd/index.php_files/male.jpg HTTP/1.1
Host: news-xehola.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://news-xehola.com/lands/38/?site=8051484&sub1=&sub2=&sub3=&sub4=
Cookie: clickdata=ODA1MTQ4NHw6fDM4fDp8fDp8fDp8fDp8
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 26 May 2023 05:43:33 GMT
content-type: image/jpeg
content-length: 887
last-modified: Thu, 12 Sep 2019 09:25:02 GMT
etag: "5d7a0eee-377"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
accept-ranges: bytes
X-Firefox-Spdy: h2
news-xehola.com/lands/38/landings/Ihyam_7H2-fd/index.php_files/200x200.jpg
193.108.118.59 1.9 kB URL news-xehola.com/lands/38/landings/Ihyam_7H2-fd/index.php_files/200x200.jpg
IP 193.108.118.59:0
ASN #61003 GlobalTeleHost Corp.
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, comment: "Optimized by JPEGmini 3.12.0.2 0x6e5cd524", progressive, precision 8, 60x60, components 3\012- data
Hash ddf58dd1f8745a81264b21bcf1f9cc77
73a35df521dc648af06e2e490cac929bc681a06c
a2315bfaefeae19a449f38fe4131531c7603f5c7e75e956c240074da66123134
GET /lands/38/landings/Ihyam_7H2-fd/index.php_files/200x200.jpg HTTP/1.1
Host: news-xehola.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://news-xehola.com/lands/38/?site=8051484&sub1=&sub2=&sub3=&sub4=
Cookie: clickdata=ODA1MTQ4NHw6fDM4fDp8fDp8fDp8fDp8
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 26 May 2023 05:43:33 GMT
content-type: image/jpeg
content-length: 1889
last-modified: Thu, 12 Sep 2019 09:25:02 GMT
etag: "5d7a0eee-761"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
accept-ranges: bytes
X-Firefox-Spdy: h2
b.crystalcrafter.top/video-bit/assets/style.css
104.21.7.3 7.3 kB URL b.crystalcrafter.top/video-bit/assets/style.css
IP 104.21.7.3:0
File type ASCII text, with CRLF line terminators
Hash e867c9e96e9a259c6a4b24730e434d03
be972bdccee721442af33479796f714c4b1a1d16
4a0441a0e8e9028aaa327956916e6c08ec7e49fc42b4d0aa3525d527f3742b5b
GET /video-bit/assets/style.css HTTP/1.1
Host: b.crystalcrafter.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://b.crystalcrafter.top/video-bit/?pl=eEeNQaJCPEWE-YSBnP-wPw&sm=video-bit&hash=IDh3zRa4hppgwpEpdEiN6g&exp=1685080108
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Fri, 26 May 2023 05:43:30 GMT
content-type: text/css
last-modified: Tue, 18 Apr 2023 07:09:02 GMT
etag: W/"643e420e-1a3c"
cache-control: max-age=14400
cf-cache-status: REVALIDATED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=GEvNXHbe6uFI%2B7zKK38nHU8F3%2BWUtPGj%2Fy3NSxprx4Ztmy1qV4gWBCkXZj9by8udxmT3W1IjJ0l7QLYWrRFGo%2FCuO6UKlLLS8H%2FbDmrEgO1BgOJosGnj0HjSNpvTxSAUSGIfFalf8w%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7cd3b3721e361c0e-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
news-xehola.com/lands/38/landings/Ihyam_7H2-fd/index.php_files/200x200(2).jpg
193.108.118.59 2.6 kB URL news-xehola.com/lands/38/landings/Ihyam_7H2-fd/index.php_files/200x200(2).jpg
IP 193.108.118.59:0
ASN #61003 GlobalTeleHost Corp.
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, comment: "Optimized by JPEGmini 3.12.0.4 0xe705e0c1", progressive, precision 8, 60x60, components 3\012- data
Hash 677577d8c6ffb0107ee5c9fbabaa4af7
0bfcbbafee19eeeae113103080c41cd95b4083e5
3a215afa0d15ae2985cfb88e51e90b727f0ba03fe10f8e0b0980ef55af91bdb0
GET /lands/38/landings/Ihyam_7H2-fd/index.php_files/200x200(2).jpg HTTP/1.1
Host: news-xehola.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://news-xehola.com/lands/38/?site=8051484&sub1=&sub2=&sub3=&sub4=
Cookie: clickdata=ODA1MTQ4NHw6fDM4fDp8fDp8fDp8fDp8
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 26 May 2023 05:43:33 GMT
content-type: image/jpeg
content-length: 2646
last-modified: Thu, 12 Sep 2019 09:25:02 GMT
etag: "5d7a0eee-a56"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
accept-ranges: bytes
X-Firefox-Spdy: h2
news-xehola.com/lands/38/landings/Ihyam_7H2-fd/index.php_files/200x200(3).jpg
193.108.118.59 1.2 kB URL news-xehola.com/lands/38/landings/Ihyam_7H2-fd/index.php_files/200x200(3).jpg
IP 193.108.118.59:0
ASN #61003 GlobalTeleHost Corp.
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, comment: "Optimized by JPEGmini 3.12.0.4 0x6e5cd524", progressive, precision 8, 60x60, components 3\012- data
Hash 1226a24c469c0fba3970548aab13650f
a6d371e4acc2a9181d1d6bf13b5d51f82c49a943
6a1513dacd3fcffe47245068fe9fa6a49cdc9c352b8d9cbf8f72005c4cf5cafc
GET /lands/38/landings/Ihyam_7H2-fd/index.php_files/200x200(3).jpg HTTP/1.1
Host: news-xehola.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://news-xehola.com/lands/38/?site=8051484&sub1=&sub2=&sub3=&sub4=
Cookie: clickdata=ODA1MTQ4NHw6fDM4fDp8fDp8fDp8fDp8
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 26 May 2023 05:43:33 GMT
content-type: image/jpeg
content-length: 1191
last-modified: Thu, 12 Sep 2019 09:25:02 GMT
etag: "5d7a0eee-4a7"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
accept-ranges: bytes
X-Firefox-Spdy: h2
news-xehola.com/lands/38/landings/Ihyam_7H2-fd/index.php_files/200x200(4).jpg
193.108.118.59 1.7 kB URL news-xehola.com/lands/38/landings/Ihyam_7H2-fd/index.php_files/200x200(4).jpg
IP 193.108.118.59:0
ASN #61003 GlobalTeleHost Corp.
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, comment: "Optimized by JPEGmini 3.12.0.4 0x6e5cd524", progressive, precision 8, 60x60, components 3\012- data
Hash 3db490cc8f824e29d6fb07ba75a97a20
84c2c26447f7b49c76999f31c0ed526bde13c6c4
5c13ca439c63d5f3e5d638ba055f399058117d3b554ae3fb751d4a39043a14fd
GET /lands/38/landings/Ihyam_7H2-fd/index.php_files/200x200(4).jpg HTTP/1.1
Host: news-xehola.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://news-xehola.com/lands/38/?site=8051484&sub1=&sub2=&sub3=&sub4=
Cookie: clickdata=ODA1MTQ4NHw6fDM4fDp8fDp8fDp8fDp8
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 26 May 2023 05:43:33 GMT
content-type: image/jpeg
content-length: 1729
last-modified: Thu, 12 Sep 2019 09:25:02 GMT
etag: "5d7a0eee-6c1"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
accept-ranges: bytes
X-Firefox-Spdy: h2
news-xehola.com/lands/38/landings/Ihyam_7H2-fd/index.php_files/200x200(5).jpg
193.108.118.59 1.4 kB URL news-xehola.com/lands/38/landings/Ihyam_7H2-fd/index.php_files/200x200(5).jpg
IP 193.108.118.59:0
ASN #61003 GlobalTeleHost Corp.
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, comment: "Optimized by JPEGmini 3.12.0.4 0xb7d2e3cb", progressive, precision 8, 60x60, components 3\012- data
Hash 47e765dc1abef2d79edafb5fce1c64b5
93d3e7f1e11dd2d98ca3ffb3b49a0211ed76f273
185540f06acc82b2dc4bdfa6d2deb4ce7454bb1e28783acdde67f8a9a90597b1
GET /lands/38/landings/Ihyam_7H2-fd/index.php_files/200x200(5).jpg HTTP/1.1
Host: news-xehola.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://news-xehola.com/lands/38/?site=8051484&sub1=&sub2=&sub3=&sub4=
Cookie: clickdata=ODA1MTQ4NHw6fDM4fDp8fDp8fDp8fDp8
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 26 May 2023 05:43:33 GMT
content-type: image/jpeg
content-length: 1441
last-modified: Thu, 12 Sep 2019 09:25:02 GMT
etag: "5d7a0eee-5a1"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
accept-ranges: bytes
X-Firefox-Spdy: h2
news-xehola.com/lands/38/landings/Ihyam_7H2-fd/index.php_files/200x200(6).jpg
193.108.118.59 1.8 kB URL news-xehola.com/lands/38/landings/Ihyam_7H2-fd/index.php_files/200x200(6).jpg
IP 193.108.118.59:0
ASN #61003 GlobalTeleHost Corp.
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, comment: "Optimized by JPEGmini 3.12.0.2 0x6e5cd524", progressive, precision 8, 60x60, components 3\012- data
Hash f042aa7a438ca85be0afeba44a3ac116
183c8b20394fdaf6ba757ff76d3f25e33092369e
05b76ed86b70990f4307223391e1c9abfff59ec545d75d94683c0f69713eed79
GET /lands/38/landings/Ihyam_7H2-fd/index.php_files/200x200(6).jpg HTTP/1.1
Host: news-xehola.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://news-xehola.com/lands/38/?site=8051484&sub1=&sub2=&sub3=&sub4=
Cookie: clickdata=ODA1MTQ4NHw6fDM4fDp8fDp8fDp8fDp8
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 26 May 2023 05:43:33 GMT
content-type: image/jpeg
content-length: 1809
last-modified: Thu, 12 Sep 2019 09:25:02 GMT
etag: "5d7a0eee-711"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
accept-ranges: bytes
X-Firefox-Spdy: h2
news-xehola.com/lands/38/landings/Ihyam_7H2-fd/index.php_files/200x200(7).jpg
193.108.118.59 1.9 kB URL news-xehola.com/lands/38/landings/Ihyam_7H2-fd/index.php_files/200x200(7).jpg
IP 193.108.118.59:0
ASN #61003 GlobalTeleHost Corp.
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, comment: "Optimized by JPEGmini 3.12.0.4 0x6e5cd524", progressive, precision 8, 60x60, components 3\012- data
Hash 16b2fab44ddad0b620d0eaec2fc1e425
24fa279de6ceb2c0434ff4e750639e15eb22ed29
58076ed17c6377d23375ec949c6cb2eade75010dcf82ba0e64dbdcbd67583912
GET /lands/38/landings/Ihyam_7H2-fd/index.php_files/200x200(7).jpg HTTP/1.1
Host: news-xehola.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://news-xehola.com/lands/38/?site=8051484&sub1=&sub2=&sub3=&sub4=
Cookie: clickdata=ODA1MTQ4NHw6fDM4fDp8fDp8fDp8fDp8
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 26 May 2023 05:43:33 GMT
content-type: image/jpeg
content-length: 1902
last-modified: Thu, 12 Sep 2019 09:25:02 GMT
etag: "5d7a0eee-76e"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
accept-ranges: bytes
X-Firefox-Spdy: h2
news-xehola.com/lands/38/landings/Ihyam_7H2-fd/index.php_files/200x200(8).jpg
193.108.118.59 1.1 kB URL news-xehola.com/lands/38/landings/Ihyam_7H2-fd/index.php_files/200x200(8).jpg
IP 193.108.118.59:0
ASN #61003 GlobalTeleHost Corp.
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, comment: "Optimized by JPEGmini 3.12.0.4 0x0bb5b909", progressive, precision 8, 60x60, components 3\012- data
Hash 01ed303509acb0c822fa3c55976d4b96
7ed250f181498962ebafd21f1bde4ca15e6953c6
fba198ced4795895d1f6d0bc2247d315eb8cc6dda60ad119c99846d68d0ce445
GET /lands/38/landings/Ihyam_7H2-fd/index.php_files/200x200(8).jpg HTTP/1.1
Host: news-xehola.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://news-xehola.com/lands/38/?site=8051484&sub1=&sub2=&sub3=&sub4=
Cookie: clickdata=ODA1MTQ4NHw6fDM4fDp8fDp8fDp8fDp8
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 26 May 2023 05:43:33 GMT
content-type: image/jpeg
content-length: 1085
last-modified: Thu, 12 Sep 2019 09:25:02 GMT
etag: "5d7a0eee-43d"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
accept-ranges: bytes
X-Firefox-Spdy: h2
news-xehola.com/lands/38/landings/Ihyam_7H2-fd/index.php_files/200x200(9).jpg
193.108.118.59 2.4 kB URL news-xehola.com/lands/38/landings/Ihyam_7H2-fd/index.php_files/200x200(9).jpg
IP 193.108.118.59:0
ASN #61003 GlobalTeleHost Corp.
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, comment: "Optimized by JPEGmini 3.12.0.4 0xd191bb02", progressive, precision 8, 60x60, components 3\012- data
Hash ec2823c426475d6766008dabf85a4bc2
f0681ce27ba96a1b4f6547a42495ebb5b0ca514a
2316f8554d54e907f9992475ced3bf03fc95412e98b2bc29aa6e5407260bcddd
GET /lands/38/landings/Ihyam_7H2-fd/index.php_files/200x200(9).jpg HTTP/1.1
Host: news-xehola.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://news-xehola.com/lands/38/?site=8051484&sub1=&sub2=&sub3=&sub4=
Cookie: clickdata=ODA1MTQ4NHw6fDM4fDp8fDp8fDp8fDp8
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 26 May 2023 05:43:33 GMT
content-type: image/jpeg
content-length: 2350
last-modified: Thu, 12 Sep 2019 09:25:02 GMT
etag: "5d7a0eee-92e"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
accept-ranges: bytes
X-Firefox-Spdy: h2
xml.galaxypush.com/click?s=1&tid=1642&sid=5435a05ea7a7f9bf641a72b68d792a32&rnd=971874263
199.182.164.180 2.0 kB URL xml.galaxypush.com/click?s=1&tid=1642&sid=5435a05ea7a7f9bf641a72b68d792a32&rnd=971874263
IP 199.182.164.180:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, comment: "Optimized by JPEGmini 3.12.0.4 0xe0e89376", progressive, precision 8, 60x60, components 3\012- data
Hash 3f809b94b5e5607da5b5c6506a8729c1
26f4376095902a56db86ea2c76689f15ba3cf9c2
7b84461772bad27e431676a53efae81d8584a102f3f6f407ae0a54469a938ff6
GET /click?s=1&tid=1642&sid=5435a05ea7a7f9bf641a72b68d792a32&rnd=971874263 HTTP/1.1
Host: xml.galaxypush.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 302 Found
server: nginx
date: Fri, 26 May 2023 05:43:28 GMT
location: http://iopsdepo.com/ie?v=4&c=lpXSeXcdPy9zCPfx2B6N9Yp8GwDj_EeyaYn_7cgdHRn9OzXH0_gXVIUQ3jo0pjrGMrUmBNHImpnATUqHS3ghDbdN3B_5D948Br96etsvZ1r3FeTcCM6ctvd4BqSrXbcmEO_1g0pG2_HeED-CP2RP31_XOIZdYKNZuTPTU96TJGyVtKH0NAk_TrqgsIL6oMjUVDs6U3rl_GHUxLLnLwZQPnv4b5OeLCZsF89AYENvNABk1t7l-cEmMl8w33vWHo5ovMlr38DQ2U4a2HRO__b38CgC0Mk7llq0z2HiQTlwWae2cBP6DJBgpYqAU-EZX09VzuTpDa1tub8jQ3NPATz6aHQ8KzMemWlhacxqPMltxmaPwQvF8UjmaiU9OUu-FKMsjJeTX1pV5C80dSbQ8wGgnkH3gmbHbrdqQUrs17D4xstld_4INrr2mc6WAmZvaLGpyW-NS5e3YCokzlirnuCp_z1U3vp1IiPB6G4aHA86uLUprvLrA5h0RZaA9kABiyLSRbqr8r-epHM_2Sx-
X-Firefox-Spdy: h2
news-xehola.com/lands/38/landings/Ihyam_7H2-fd/index.php_files/200x200(11).jpg
193.108.118.59 3.1 kB URL news-xehola.com/lands/38/landings/Ihyam_7H2-fd/index.php_files/200x200(11).jpg
IP 193.108.118.59:0
ASN #61003 GlobalTeleHost Corp.
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, comment: "Optimized by JPEGmini 3.12.0.4 0xd191bb02", progressive, precision 8, 60x60, components 3\012- data
Hash cbff1c490bcdcad2989c2549f278eae5
56e1b4489cfc0d54f9f72e15777788beba396c95
6d96d3de01207ab505c62b2da624ba787cabe4fee767c181b175186e50c23af4
GET /lands/38/landings/Ihyam_7H2-fd/index.php_files/200x200(11).jpg HTTP/1.1
Host: news-xehola.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://news-xehola.com/lands/38/?site=8051484&sub1=&sub2=&sub3=&sub4=
Cookie: clickdata=ODA1MTQ4NHw6fDM4fDp8fDp8fDp8fDp8
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 26 May 2023 05:43:33 GMT
content-type: image/jpeg
content-length: 3063
last-modified: Thu, 12 Sep 2019 09:25:02 GMT
etag: "5d7a0eee-bf7"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
accept-ranges: bytes
X-Firefox-Spdy: h2
news-xehola.com/lands/38/landings/Ihyam_7H2-fd/index.php_files/200x200(12).jpg
193.108.118.59 1.8 kB URL news-xehola.com/lands/38/landings/Ihyam_7H2-fd/index.php_files/200x200(12).jpg
IP 193.108.118.59:0
ASN #61003 GlobalTeleHost Corp.
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, comment: "Optimized by JPEGmini 3.12.0.4 0x6e5cd524", progressive, precision 8, 60x60, components 3\012- data
Hash 52eba434e5411806cd92add275d164ea
0cc9df3c52de111a307dc3d8d22254cf51b0c77f
a4c2a01f64274d0ede23e233e2be19225c68e5e5a6206b338fb8bc6410f7005f
GET /lands/38/landings/Ihyam_7H2-fd/index.php_files/200x200(12).jpg HTTP/1.1
Host: news-xehola.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://news-xehola.com/lands/38/?site=8051484&sub1=&sub2=&sub3=&sub4=
Cookie: clickdata=ODA1MTQ4NHw6fDM4fDp8fDp8fDp8fDp8
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 26 May 2023 05:43:33 GMT
content-type: image/jpeg
content-length: 1758
last-modified: Thu, 12 Sep 2019 09:25:02 GMT
etag: "5d7a0eee-6de"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
accept-ranges: bytes
X-Firefox-Spdy: h2
news-xehola.com/lands/38/landings/Ihyam_7H2-fd/index.php_files/wink.png
193.108.118.59 1.0 kB URL news-xehola.com/lands/38/landings/Ihyam_7H2-fd/index.php_files/wink.png
IP 193.108.118.59:0
ASN #61003 GlobalTeleHost Corp.
File type PNG image data, 20 x 20, 8-bit/color RGBA, non-interlaced\012- data
Hash c840b43a0575b0a1742c50f186a67c22
d1ac0da47b4394a9dbea90eee26a260b5268c4d9
6a8ef9be89e89c23d6d96c50e2fa62bd25473e9cc7a79e2cd1ef64e2647cb38a
GET /lands/38/landings/Ihyam_7H2-fd/index.php_files/wink.png HTTP/1.1
Host: news-xehola.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://news-xehola.com/lands/38/?site=8051484&sub1=&sub2=&sub3=&sub4=
Cookie: clickdata=ODA1MTQ4NHw6fDM4fDp8fDp8fDp8fDp8
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 26 May 2023 05:43:33 GMT
content-type: image/png
content-length: 1045
last-modified: Thu, 12 Sep 2019 09:25:02 GMT
etag: "5d7a0eee-415"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
accept-ranges: bytes
X-Firefox-Spdy: h2
news-xehola.com/lands/38/landings/Ihyam_7H2-fd/index.php_files/200x200(13).jpg
193.108.118.59 1.4 kB URL news-xehola.com/lands/38/landings/Ihyam_7H2-fd/index.php_files/200x200(13).jpg
IP 193.108.118.59:0
ASN #61003 GlobalTeleHost Corp.
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, comment: "Optimized by JPEGmini 3.12.0.2 0x2a0818fe", progressive, precision 8, 60x60, components 3\012- data
Hash a08c2c5266f9701e422f042b4a3809c5
9884cf987f84b282f920634b2ab811077dfef7a3
054df6bf8ee2bcb904269745cd2c0830918d9e1a6ff1f965673af5f2946a3c37
GET /lands/38/landings/Ihyam_7H2-fd/index.php_files/200x200(13).jpg HTTP/1.1
Host: news-xehola.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://news-xehola.com/lands/38/?site=8051484&sub1=&sub2=&sub3=&sub4=
Cookie: clickdata=ODA1MTQ4NHw6fDM4fDp8fDp8fDp8fDp8
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 26 May 2023 05:43:33 GMT
content-type: image/jpeg
content-length: 1373
last-modified: Thu, 12 Sep 2019 09:25:02 GMT
etag: "5d7a0eee-55d"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
accept-ranges: bytes
X-Firefox-Spdy: h2
news-xehola.com/lands/38/landings/Ihyam_7H2-fd/index.php_files/200x200(14).jpg
193.108.118.59 1.6 kB URL news-xehola.com/lands/38/landings/Ihyam_7H2-fd/index.php_files/200x200(14).jpg
IP 193.108.118.59:0
ASN #61003 GlobalTeleHost Corp.
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, comment: "Optimized by JPEGmini 3.12.0.4 0xe0e89376", progressive, precision 8, 60x60, components 3\012- data
Hash bfa11442f9457a03384ecf8128a586a2
a30e6f6a18be085197605b6463f840cb249d0510
941411042624c554a5828ee596c1e3ade4a787ae2fad6e5b6d585ab6a6e1e3c6
GET /lands/38/landings/Ihyam_7H2-fd/index.php_files/200x200(14).jpg HTTP/1.1
Host: news-xehola.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://news-xehola.com/lands/38/?site=8051484&sub1=&sub2=&sub3=&sub4=
Cookie: clickdata=ODA1MTQ4NHw6fDM4fDp8fDp8fDp8fDp8
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 26 May 2023 05:43:33 GMT
content-type: image/jpeg
content-length: 1563
last-modified: Thu, 12 Sep 2019 09:25:02 GMT
etag: "5d7a0eee-61b"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
accept-ranges: bytes
X-Firefox-Spdy: h2
news-xehola.com/lands/38/landings/Ihyam_7H2-fd/index.php_files/tongue.png
193.108.118.59 1.0 kB URL news-xehola.com/lands/38/landings/Ihyam_7H2-fd/index.php_files/tongue.png
IP 193.108.118.59:0
ASN #61003 GlobalTeleHost Corp.
File type PNG image data, 20 x 20, 8-bit/color RGBA, non-interlaced\012- data
Hash 96f46fad8cda5895b895f6ec3f95cda4
3bd79ef305bfa4b7c1a3f328828c63f89a818878
8e48576faf920cae224c669d61831d0ad5fc23f6220e83955275a3115bb568fc
GET /lands/38/landings/Ihyam_7H2-fd/index.php_files/tongue.png HTTP/1.1
Host: news-xehola.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://news-xehola.com/lands/38/?site=8051484&sub1=&sub2=&sub3=&sub4=
Cookie: clickdata=ODA1MTQ4NHw6fDM4fDp8fDp8fDp8fDp8
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 26 May 2023 05:43:33 GMT
content-type: image/png
content-length: 1046
last-modified: Thu, 12 Sep 2019 09:25:02 GMT
etag: "5d7a0eee-416"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
accept-ranges: bytes
X-Firefox-Spdy: h2
news-xehola.com/lands/38/landings/Ihyam_7H2-fd/index.php_files/male(1).jpg
193.108.118.59 887 B URL news-xehola.com/lands/38/landings/Ihyam_7H2-fd/index.php_files/male(1).jpg
IP 193.108.118.59:0
ASN #61003 GlobalTeleHost Corp.
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, comment: "Optimized by JPEGmini 3.12.0.4 0x6e5cd524", progressive, precision 8, 60x60, components 3\012- data
Hash 7754ce192cf45ea10de0706da442d2ff
b5b7d0fcf5e84b04b34629d5a5a9c0bb69ca5238
0bfd7fc5264b6cede1f78a26a96cee917f96989822aa2aa20ac854e13ad46b2b
GET /lands/38/landings/Ihyam_7H2-fd/index.php_files/male(1).jpg HTTP/1.1
Host: news-xehola.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://news-xehola.com/lands/38/?site=8051484&sub1=&sub2=&sub3=&sub4=
Cookie: clickdata=ODA1MTQ4NHw6fDM4fDp8fDp8fDp8fDp8
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 26 May 2023 05:43:33 GMT
content-type: image/jpeg
content-length: 887
last-modified: Thu, 12 Sep 2019 09:25:02 GMT
etag: "5d7a0eee-377"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
accept-ranges: bytes
X-Firefox-Spdy: h2
news-xehola.com/lands/38/landings/Ihyam_7H2-fd/index.php_files/200x200(15).jpg
193.108.118.59 841 B URL news-xehola.com/lands/38/landings/Ihyam_7H2-fd/index.php_files/200x200(15).jpg
IP 193.108.118.59:0
ASN #61003 GlobalTeleHost Corp.
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, comment: "Optimized by JPEGmini 3.12.0.4 0x6e5cd524", progressive, precision 8, 60x60, components 3\012- data
Hash 9cf522c306866742c2806e0c14c8bca7
7a3ff28af2c6f7cfd036ec4fc162651eaf634f7e
fa09bef7875241c06a9e2505bc698a189d3b3ce012af29c65817fd476627ec87
GET /lands/38/landings/Ihyam_7H2-fd/index.php_files/200x200(15).jpg HTTP/1.1
Host: news-xehola.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://news-xehola.com/lands/38/?site=8051484&sub1=&sub2=&sub3=&sub4=
Cookie: clickdata=ODA1MTQ4NHw6fDM4fDp8fDp8fDp8fDp8
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 26 May 2023 05:43:33 GMT
content-type: image/jpeg
content-length: 841
last-modified: Thu, 12 Sep 2019 09:25:02 GMT
etag: "5d7a0eee-349"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
accept-ranges: bytes
X-Firefox-Spdy: h2
news-xehola.com/lands/38/landings/Ihyam_7H2-fd/index.php_files/200x200(16).jpg
193.108.118.59 2.6 kB URL news-xehola.com/lands/38/landings/Ihyam_7H2-fd/index.php_files/200x200(16).jpg
IP 193.108.118.59:0
ASN #61003 GlobalTeleHost Corp.
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, comment: "Optimized by JPEGmini 3.12.0.4 0xe705e0c1", progressive, precision 8, 60x60, components 3\012- data
Hash 950ff8ae916df997fea302859ca2ccb4
42232e28878f65aaf4120d9435784ad46c2be71c
c0b01da5a48a7ddd619a2dee26bec77300b68bb1b028716320719f9c1a5f769e
GET /lands/38/landings/Ihyam_7H2-fd/index.php_files/200x200(16).jpg HTTP/1.1
Host: news-xehola.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://news-xehola.com/lands/38/?site=8051484&sub1=&sub2=&sub3=&sub4=
Cookie: clickdata=ODA1MTQ4NHw6fDM4fDp8fDp8fDp8fDp8
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 26 May 2023 05:43:33 GMT
content-type: image/jpeg
content-length: 2553
last-modified: Thu, 12 Sep 2019 09:25:02 GMT
etag: "5d7a0eee-9f9"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
accept-ranges: bytes
X-Firefox-Spdy: h2
news-xehola.com/lands/38/landings/Ihyam_7H2-fd/index.php_files/11.jpg
193.108.118.59 4.6 kB URL news-xehola.com/lands/38/landings/Ihyam_7H2-fd/index.php_files/11.jpg
IP 193.108.118.59:0
ASN #61003 GlobalTeleHost Corp.
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, comment: "Optimized by JPEGmini 3.12.0.4 0x905c306b", progressive, precision 8, 150x84, components 3\012- data
Hash 0fa4a903a2adc9da58b52661ebc8d38c
061c6359c2951da7509f6ae4039c2f0bc1ce6b62
79d6da7e0398c3f607c4bbc93562cf6ab96bb800cdab4ef6df82718cf0a0d3e5
GET /lands/38/landings/Ihyam_7H2-fd/index.php_files/11.jpg HTTP/1.1
Host: news-xehola.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://news-xehola.com/lands/38/?site=8051484&sub1=&sub2=&sub3=&sub4=
Cookie: clickdata=ODA1MTQ4NHw6fDM4fDp8fDp8fDp8fDp8
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 26 May 2023 05:43:33 GMT
content-type: image/jpeg
content-length: 4644
last-modified: Thu, 12 Sep 2019 09:25:02 GMT
etag: "5d7a0eee-1224"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
accept-ranges: bytes
X-Firefox-Spdy: h2
news-xehola.com/lands/38/landings/Ihyam_7H2-fd/index.php_files/12(1).jpg
193.108.118.59 4.4 kB URL news-xehola.com/lands/38/landings/Ihyam_7H2-fd/index.php_files/12(1).jpg
IP 193.108.118.59:0
ASN #61003 GlobalTeleHost Corp.
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, comment: "Optimized by JPEGmini 3.12.0.4 0x550d5e4d", progressive, precision 8, 150x84, components 3\012- data
Hash 58477c52a9d639b91b16f022d4676bcf
51a85ef703617e996c50cd76b38f2507517a9f25
a0653cc819b252702f55439d6f8763d212fca2f9f604d67224a2a9891e8eadbe
GET /lands/38/landings/Ihyam_7H2-fd/index.php_files/12(1).jpg HTTP/1.1
Host: news-xehola.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://news-xehola.com/lands/38/?site=8051484&sub1=&sub2=&sub3=&sub4=
Cookie: clickdata=ODA1MTQ4NHw6fDM4fDp8fDp8fDp8fDp8
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 26 May 2023 05:43:33 GMT
content-type: image/jpeg
content-length: 4397
last-modified: Thu, 12 Sep 2019 09:25:02 GMT
etag: "5d7a0eee-112d"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
accept-ranges: bytes
X-Firefox-Spdy: h2
news-xehola.com/lands/38/landings/Ihyam_7H2-fd/index.php_files/12(2).jpg
193.108.118.59 7.0 kB URL news-xehola.com/lands/38/landings/Ihyam_7H2-fd/index.php_files/12(2).jpg
IP 193.108.118.59:0
ASN #61003 GlobalTeleHost Corp.
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, comment: "Optimized by JPEGmini 3.12.0.4 0x7ab4f024", progressive, precision 8, 233x131, components 3\012- data
Hash 2a4d527ed65de8e2e0a69dc9d50442d2
8ec4547a38c9e3d37469acfe21ea755531776f09
275876bbb5190da100ae4f9aca976ec15cea0de20d42e167f522a0a50ba8ca02
GET /lands/38/landings/Ihyam_7H2-fd/index.php_files/12(2).jpg HTTP/1.1
Host: news-xehola.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://news-xehola.com/lands/38/?site=8051484&sub1=&sub2=&sub3=&sub4=
Cookie: clickdata=ODA1MTQ4NHw6fDM4fDp8fDp8fDp8fDp8
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 26 May 2023 05:43:33 GMT
content-type: image/jpeg
content-length: 6972
last-modified: Thu, 12 Sep 2019 09:25:02 GMT
etag: "5d7a0eee-1b3c"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
accept-ranges: bytes
X-Firefox-Spdy: h2
news-xehola.com/lands/38/landings/Ihyam_7H2-fd/index.php_files/10(1).jpg
193.108.118.59 4.3 kB URL news-xehola.com/lands/38/landings/Ihyam_7H2-fd/index.php_files/10(1).jpg
IP 193.108.118.59:0
ASN #61003 GlobalTeleHost Corp.
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, comment: "Optimized by JPEGmini 3.12.0.4 0x852b408e", progressive, precision 8, 150x84, components 3\012- data
Hash 365e215442256548316a73bc7c79edf1
13078402132cb89939a39edf11181fb88ebe390f
f8c35c02ff055694af23c83b1e3019a8c29965ab57ed7db8173a23a38494ff58
GET /lands/38/landings/Ihyam_7H2-fd/index.php_files/10(1).jpg HTTP/1.1
Host: news-xehola.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://news-xehola.com/lands/38/?site=8051484&sub1=&sub2=&sub3=&sub4=
Cookie: clickdata=ODA1MTQ4NHw6fDM4fDp8fDp8fDp8fDp8
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 26 May 2023 05:43:33 GMT
content-type: image/jpeg
content-length: 4315
last-modified: Thu, 12 Sep 2019 09:25:02 GMT
etag: "5d7a0eee-10db"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
accept-ranges: bytes
X-Firefox-Spdy: h2
news-xehola.com/lands/38/landings/Ihyam_7H2-fd/index.php_files/12(3).jpg
193.108.118.59 4.0 kB URL news-xehola.com/lands/38/landings/Ihyam_7H2-fd/index.php_files/12(3).jpg
IP 193.108.118.59:0
ASN #61003 GlobalTeleHost Corp.
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, comment: "Optimized by JPEGmini 3.12.0.4 0x541b39db", progressive, precision 8, 150x84, components 3\012- data
Hash 416ec3af020687541765d48acb81fc08
48b80345ffb951535d4d6ca811d19bd9dd726998
75c30d77f900b2f4c91f502f45f00606b57a47bb84e6b700fb18482389d88f3c
GET /lands/38/landings/Ihyam_7H2-fd/index.php_files/12(3).jpg HTTP/1.1
Host: news-xehola.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://news-xehola.com/lands/38/?site=8051484&sub1=&sub2=&sub3=&sub4=
Cookie: clickdata=ODA1MTQ4NHw6fDM4fDp8fDp8fDp8fDp8
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 26 May 2023 05:43:33 GMT
content-type: image/jpeg
content-length: 4035
last-modified: Thu, 12 Sep 2019 09:25:02 GMT
etag: "5d7a0eee-fc3"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
accept-ranges: bytes
X-Firefox-Spdy: h2
news-xehola.com/lands/38/landings/Ihyam_7H2-fd/index.php_files/12(4).jpg
193.108.118.59 8.6 kB URL news-xehola.com/lands/38/landings/Ihyam_7H2-fd/index.php_files/12(4).jpg
IP 193.108.118.59:0
ASN #61003 GlobalTeleHost Corp.
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, comment: "Optimized by JPEGmini 3.12.0.4 0x905c306b", progressive, precision 8, 233x131, components 3\012- data
Hash 55778c73ba99a9477464e5c90cdd7e02
bc49e8058f1dafe10e817441de952ba6aa3b7b58
c362fc3a2aafd1b0d8069fb1fae83b5f0abb06443d3e00b21b37be13aeb75bfa
GET /lands/38/landings/Ihyam_7H2-fd/index.php_files/12(4).jpg HTTP/1.1
Host: news-xehola.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://news-xehola.com/lands/38/?site=8051484&sub1=&sub2=&sub3=&sub4=
Cookie: clickdata=ODA1MTQ4NHw6fDM4fDp8fDp8fDp8fDp8
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 26 May 2023 05:43:33 GMT
content-type: image/jpeg
content-length: 8615
last-modified: Thu, 12 Sep 2019 09:25:02 GMT
etag: "5d7a0eee-21a7"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
accept-ranges: bytes
X-Firefox-Spdy: h2
news-xehola.com/lands/38/landings/Ihyam_7H2-fd/index.php_files/3(2).jpg
193.108.118.59 5.1 kB URL news-xehola.com/lands/38/landings/Ihyam_7H2-fd/index.php_files/3(2).jpg
IP 193.108.118.59:0
ASN #61003 GlobalTeleHost Corp.
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, comment: "Optimized by JPEGmini 3.12.0.4 0x852b408e", progressive, precision 8, 150x84, components 3\012- data
Hash 72e270f7041c2fe2f326d11e162fb249
3f918a2023f10a01a2ed74713d292df415d14e05
b17ce663fab4421f728ea0dd218d2a8a6a10a4314759fdf139b9388fa26e37f6
GET /lands/38/landings/Ihyam_7H2-fd/index.php_files/3(2).jpg HTTP/1.1
Host: news-xehola.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://news-xehola.com/lands/38/?site=8051484&sub1=&sub2=&sub3=&sub4=
Cookie: clickdata=ODA1MTQ4NHw6fDM4fDp8fDp8fDp8fDp8
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 26 May 2023 05:43:33 GMT
content-type: image/jpeg
content-length: 5080
last-modified: Thu, 12 Sep 2019 09:25:02 GMT
etag: "5d7a0eee-13d8"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
accept-ranges: bytes
X-Firefox-Spdy: h2
news-xehola.com/lands/38/landings/Ihyam_7H2-fd/index.php_files/7(2).jpg
193.108.118.59 4.4 kB URL news-xehola.com/lands/38/landings/Ihyam_7H2-fd/index.php_files/7(2).jpg
IP 193.108.118.59:0
ASN #61003 GlobalTeleHost Corp.
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, comment: "Optimized by JPEGmini 3.12.0.4 0x6359dcbc", progressive, precision 8, 150x84, components 3\012- data
Hash 447470b34b66b570c8fc0dbc11c06609
863180b376242e256189888eb99282e597d894c9
dd57f5a80517b8109279b57d702278f31a9878295045c6766931a0453244d749
GET /lands/38/landings/Ihyam_7H2-fd/index.php_files/7(2).jpg HTTP/1.1
Host: news-xehola.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://news-xehola.com/lands/38/?site=8051484&sub1=&sub2=&sub3=&sub4=
Cookie: clickdata=ODA1MTQ4NHw6fDM4fDp8fDp8fDp8fDp8
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 26 May 2023 05:43:33 GMT
content-type: image/jpeg
content-length: 4417
last-modified: Thu, 12 Sep 2019 09:25:02 GMT
etag: "5d7a0eee-1141"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
accept-ranges: bytes
X-Firefox-Spdy: h2
news-xehola.com/lands/38/landings/Ihyam_7H2-fd/index.php_files/13(1).jpg
193.108.118.59 7.9 kB URL news-xehola.com/lands/38/landings/Ihyam_7H2-fd/index.php_files/13(1).jpg
IP 193.108.118.59:0
ASN #61003 GlobalTeleHost Corp.
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 233x131, components 3\012- data
Hash 5df975e7a8c0b2610069610c54c5ce6c
ab6390fbb7be1be9a0f4477b4439e34d5175b6fc
bbfb6830dabc55fd598cc0948049f2367d17c80f286e0821e660ba7f5a6b360c
GET /lands/38/landings/Ihyam_7H2-fd/index.php_files/13(1).jpg HTTP/1.1
Host: news-xehola.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://news-xehola.com/lands/38/?site=8051484&sub1=&sub2=&sub3=&sub4=
Cookie: clickdata=ODA1MTQ4NHw6fDM4fDp8fDp8fDp8fDp8
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 26 May 2023 05:43:33 GMT
content-type: image/jpeg
content-length: 7904
last-modified: Thu, 12 Sep 2019 09:25:02 GMT
etag: "5d7a0eee-1ee0"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
accept-ranges: bytes
X-Firefox-Spdy: h2
news-xehola.com/lands/38/landings/Ihyam_7H2-fd/index.php_files/12(5).jpg
193.108.118.59 3.8 kB URL news-xehola.com/lands/38/landings/Ihyam_7H2-fd/index.php_files/12(5).jpg
IP 193.108.118.59:0
ASN #61003 GlobalTeleHost Corp.
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, comment: "Optimized by JPEGmini 3.12.0.4 0x8c97c7da", progressive, precision 8, 150x84, components 3\012- data
Hash 6ed4eca1ed776930746531005fcf22aa
11e8643932e35a8ef65be8ef585afee241c8eddc
28849006b773d85fb8fb2295a86bcee5d2cdabb9a23d854ffebbd8dfd203588c
GET /lands/38/landings/Ihyam_7H2-fd/index.php_files/12(5).jpg HTTP/1.1
Host: news-xehola.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://news-xehola.com/lands/38/?site=8051484&sub1=&sub2=&sub3=&sub4=
Cookie: clickdata=ODA1MTQ4NHw6fDM4fDp8fDp8fDp8fDp8
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 26 May 2023 05:43:33 GMT
content-type: image/jpeg
content-length: 3835
last-modified: Thu, 12 Sep 2019 09:25:02 GMT
etag: "5d7a0eee-efb"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
accept-ranges: bytes
X-Firefox-Spdy: h2
news-xehola.com/lands/38/landings/Ihyam_7H2-fd/index.php_files/13(2).jpg
193.108.118.59 4.7 kB URL news-xehola.com/lands/38/landings/Ihyam_7H2-fd/index.php_files/13(2).jpg
IP 193.108.118.59:0
ASN #61003 GlobalTeleHost Corp.
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, comment: "Optimized by JPEGmini 3.12.0.4 0x550d5e4d", progressive, precision 8, 150x84, components 3\012- data
Hash 12f0c14e5943fd57577ce11155107bdb
a484cb296770fe6cb55d25cba19f831cf1aaf7d1
9eb468f7688a901a3626fdde8d0b07dc490a830718c2938d32f70f0ec122a344
GET /lands/38/landings/Ihyam_7H2-fd/index.php_files/13(2).jpg HTTP/1.1
Host: news-xehola.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://news-xehola.com/lands/38/?site=8051484&sub1=&sub2=&sub3=&sub4=
Cookie: clickdata=ODA1MTQ4NHw6fDM4fDp8fDp8fDp8fDp8
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 26 May 2023 05:43:33 GMT
content-type: image/jpeg
content-length: 4664
last-modified: Thu, 12 Sep 2019 09:25:02 GMT
etag: "5d7a0eee-1238"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
accept-ranges: bytes
X-Firefox-Spdy: h2
news-xehola.com/lands/38/landings/Ihyam_7H2-fd/index.php_files/3(3).jpg
193.108.118.59 6.8 kB URL news-xehola.com/lands/38/landings/Ihyam_7H2-fd/index.php_files/3(3).jpg
IP 193.108.118.59:0
ASN #61003 GlobalTeleHost Corp.
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, comment: "Optimized by JPEGmini 3.12.0.4 0x1f7d625b", progressive, precision 8, 233x131, components 3\012- data
Hash 2ad4260dc1204ad8f3c0c29bd919830a
fd2ddfca32f55ba5d180af812a787e61ce136480
acc8f76a570c0833d34835f5694409e082b4af09783366596c2e151e0b0ed128
GET /lands/38/landings/Ihyam_7H2-fd/index.php_files/3(3).jpg HTTP/1.1
Host: news-xehola.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://news-xehola.com/lands/38/?site=8051484&sub1=&sub2=&sub3=&sub4=
Cookie: clickdata=ODA1MTQ4NHw6fDM4fDp8fDp8fDp8fDp8
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 26 May 2023 05:43:33 GMT
content-type: image/jpeg
content-length: 6827
last-modified: Thu, 12 Sep 2019 09:25:02 GMT
etag: "5d7a0eee-1aab"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
accept-ranges: bytes
X-Firefox-Spdy: h2
news-xehola.com/lands/38/landings/Ihyam_7H2-fd/index.php_files/rta-1.gif
193.108.118.59 1.9 kB URL news-xehola.com/lands/38/landings/Ihyam_7H2-fd/index.php_files/rta-1.gif
IP 193.108.118.59:0
ASN #61003 GlobalTeleHost Corp.
File type GIF image data, version 89a, 88 x 31\012- data
Hash 2bcf55138cde4a65770426a67ea247fc
13d8c808a4276dc88937817d7df7720182c093f6
348fd1e58aec8d99001aca1dd12b72eafef534c2d11725b2280a173d03b5fa6b
GET /lands/38/landings/Ihyam_7H2-fd/index.php_files/rta-1.gif HTTP/1.1
Host: news-xehola.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://news-xehola.com/lands/38/?site=8051484&sub1=&sub2=&sub3=&sub4=
Cookie: clickdata=ODA1MTQ4NHw6fDM4fDp8fDp8fDp8fDp8
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 26 May 2023 05:43:33 GMT
content-type: image/gif
content-length: 1882
last-modified: Thu, 12 Sep 2019 09:25:02 GMT
etag: "5d7a0eee-75a"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
accept-ranges: bytes
X-Firefox-Spdy: h2
intrafic22.com/lenite.cgi?13&group=cn
89.108.98.72 327 B URL User Request GET intrafic22.com/lenite.cgi?13&group=cn
IP 89.108.98.72:0
ASN #197695 Domain names registrar REG.RU, Ltd
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash a7b51b3e562bfcd0dd609796abb7fbb6
8fa80f48eeb8cf4bf52a722b8603ae1f28b06bf1
3d325f920bdd6ab48bb89fd9639bbc5c442b60ae97fb7f119d107350fdbbad8e
NIDS Severity Alert suricata high ET EXPLOIT_KIT TDS Sutra - cookie is set RULEZ
suricata high ET EXPLOIT_KIT TDS Sutra - cookie is set RULEZ
GET /lenite.cgi?13&group=cn HTTP/1.1
Host: intrafic22.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Cookie: CS=1234567890sutraRULEZcookiessupport; zorvm=K6gyADkAAgAYAABHcGT__wBHcGRAAAEAAAAAR3BkMTMAAwAWAABHcGT__wBHcGQBAARHcGQA
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 302 Found
Server: nginx/1.20.2
Date: Fri, 26 May 2023 05:43:34 GMT
Content-Type: text/html; charset=iso-8859-1
Content-Length: 327
Connection: keep-alive
Set-Cookie: zorvm=HCA4ADkAAgAYAABHcGT__wBHcGRAAAEAAAAAR3BkMTMABAAWAABHcGT__wBHcGQBAARHcGQDAAZHcGQA; expires=Sat, 25-May-2024 05:43:34 GMT; path=/; domain=intrafic22.com
Location: https://18plus-online.com/?p=g5stozjygu5gi3bpgq3dimi&sub1=2
news-xehola.com/lands/38/landings/Ihyam_7H2-fd/index.php_files/large_temp.css
193.108.118.59 13 kB URL news-xehola.com/lands/38/landings/Ihyam_7H2-fd/index.php_files/large_temp.css
IP 193.108.118.59:0
ASN #61003 GlobalTeleHost Corp.
File type gzip compressed data, from Unix\012- data
Hash eaf95c60190a8cd198616c0607a3714a
0e678b31399d51cd6b90c0e1d26e58b439e09093
6d5434f452d9699795566b20376de42cec710b3553e17092a72d6a3eb93a5308
GET /lands/38/landings/Ihyam_7H2-fd/index.php_files/large_temp.css HTTP/1.1
Host: news-xehola.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://news-xehola.com/lands/38/?site=8051484&sub1=&sub2=&sub3=&sub4=
Cookie: clickdata=ODA1MTQ4NHw6fDM4fDp8fDp8fDp8fDp8
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 26 May 2023 05:43:33 GMT
content-type: text/css
last-modified: Wed, 12 Jan 2022 11:10:28 GMT
etag: W/"61deb724-8353"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
content-encoding: gzip
X-Firefox-Spdy: h2
18plus-online.com/?p=g5stozjygu5gi3bpgq3dimi&sub1=2
185.177.93.28200 OK 34 kB URL User Request GET HTTP/2 18plus-online.com/?p=g5stozjygu5gi3bpgq3dimi&sub1=2
IP 185.177.93.28:443
ASN #39572 DataWeb Global Group B.V.
Certificate IssuerLet's Encrypt
Subject3.18plus-online.com
FingerprintB2:D7:7F:17:0E:A6:7D:6B:92:51:CC:8A:3F:B5:84:BA:C1:A1:A4:D5
ValiditySun, 07 May 2023 16:11:38 GMT - Sat, 05 Aug 2023 16:11:37 GMT
Hash 11fcdb95b452081e221b76bc8ce58ab3
72cacd10b7f7fe91afed0bc34b1ec3587c387cee
ec26922f8b9d4bc365bb5931039491f2211014eea5df55b1aa5dd9a3bb458d08
GET /?p=g5stozjygu5gi3bpgq3dimi&sub1=2 HTTP/1.1
Host: 18plus-online.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Fri, 26 May 2023 05:43:33 GMT
content-type: text/html; charset=UTF-8
access-control-allow-origin: *
set-cookie: uuid=9479aa21-4651-40ab-ab9d-3a952dd456b0; expires=Sun, 25-Jun-2023 05:43:34 GMT; Max-Age=2592000; path=/; domain=18plus-online.com
strict-transport-security: max-age=31536000
content-security-policy: img-src https: data:; upgrade-insecure-requests
X-Firefox-Spdy: h2
d.crystalcrafter.top/video-bit/assets/trls.js
104.21.7.3 12 kB URL d.crystalcrafter.top/video-bit/assets/trls.js
IP 104.21.7.3:0
File type Unicode text, UTF-8 text, with very long lines (362), with CRLF line terminators
Hash b767ee59dbb45d5194c091f2bf1048a6
40148a6771c377c7f8f63bd43f3538918674d22c
4a50a676ee32bacd29ab8f1d36699268e3d000c9e588f8cdd730084d19360a19
GET /video-bit/assets/trls.js HTTP/1.1
Host: d.crystalcrafter.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://d.crystalcrafter.top/video-bit/?pl=eEeNQaJCPEWE-YSBnP-wPw&sm=video-bit&hash=IDh3zRa4hppgwpEpdEiN6g&exp=1685080108
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Fri, 26 May 2023 05:43:32 GMT
content-type: application/javascript
last-modified: Tue, 18 Apr 2023 07:09:02 GMT
etag: W/"643e420e-1643"
cache-control: max-age=14400
cf-cache-status: REVALIDATED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=rcrgqpwdEZCoyfmisEdSsT3fiVLZ%2BOT2F2qX91%2BDb%2B0DFhuHuykuOBTSamzk5sR3k7tbxf5VGSWAHxzkhGSN6VPYMho5q1x90H5GBfdGETf1OYXOR2jlTB2KZlI4%2FRwBXEtw9IOb1w%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7cd3b37aed6e1c0e-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
18plus-online.com/img/18/btn-icon.png
185.177.93.28200 OK 395 B URL GET HTTP/2 18plus-online.com/img/18/btn-icon.png
IP 185.177.93.28:443
ASN #39572 DataWeb Global Group B.V.
Requested by https://18plus-online.com/?p=g5stozjygu5gi3bpgq3dimi&sub1=2
Certificate IssuerLet's Encrypt
Subject3.18plus-online.com
FingerprintB2:D7:7F:17:0E:A6:7D:6B:92:51:CC:8A:3F:B5:84:BA:C1:A1:A4:D5
ValiditySun, 07 May 2023 16:11:38 GMT - Sat, 05 Aug 2023 16:11:37 GMT
File type PNG image data, 52 x 56, 8-bit gray+alpha, non-interlaced\012- data
Hash 06f18f63c3036edde4e88c1d5f200104
33c1e2780dc0a6f595afc2d87ed438ccb3d8922b
005e42b95bb1fef26b792467deeba4e0aeadc51bb9726d20dc301c1c80d99d2d
GET /img/18/btn-icon.png HTTP/1.1
Host: 18plus-online.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://18plus-online.com/?p=g5stozjygu5gi3bpgq3dimi&sub1=2
Cookie: uuid=9479aa21-4651-40ab-ab9d-3a952dd456b0
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 26 May 2023 05:43:34 GMT
content-type: image/png
content-length: 395
last-modified: Tue, 25 Feb 2020 07:15:00 GMT
etag: "5e54c974-18b"
expires: Sun, 25 Jun 2023 05:43:34 GMT
cache-control: max-age=2592000
strict-transport-security: max-age=31536000
content-security-policy: img-src https: data:; upgrade-insecure-requests
accept-ranges: bytes
X-Firefox-Spdy: h2
d.crystalcrafter.top/video-bit/assets/spinning-circles2.svg
104.21.7.3 33 kB URL d.crystalcrafter.top/video-bit/assets/spinning-circles2.svg
IP 104.21.7.3:0
File type SVG Scalable Vector Graphics image\012- , ASCII text
Hash 14e6f9981fa27406176056df2451d27b
aa1b6fd6071391d0031bff2d74ae77347ec2fdb4
466d361db2f130d7e3d40a671c935e3e556c3a49567657afee2e44a0a390a84f
GET /video-bit/assets/spinning-circles2.svg HTTP/1.1
Host: d.crystalcrafter.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://d.crystalcrafter.top/video-bit/?pl=eEeNQaJCPEWE-YSBnP-wPw&sm=video-bit&hash=IDh3zRa4hppgwpEpdEiN6g&exp=1685080108
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Fri, 26 May 2023 05:43:32 GMT
content-type: image/svg+xml
last-modified: Tue, 18 Apr 2023 07:09:02 GMT
etag: W/"643e420e-1f7"
cache-control: max-age=14400
cf-cache-status: REVALIDATED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Ybl8rePV3QqcSoaMmCROYEombGWJfWGepjfuq79l%2FjsLDz6VnAmLveBMpSMSk5wBdWoKhnjLy8zowyRre84uoihuFfrJYYfmMlemuQmoMaaDGGFYzn5lx1wowkYV%2FdmI%2FgeSuvLv2g%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7cd3b37afd7c1c0e-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
18plus-online.com/img/18/player-ui-r.png
185.177.93.28200 OK 1.1 kB URL GET HTTP/2 18plus-online.com/img/18/player-ui-r.png
IP 185.177.93.28:443
ASN #39572 DataWeb Global Group B.V.
Requested by https://18plus-online.com/?p=g5stozjygu5gi3bpgq3dimi&sub1=2
Certificate IssuerLet's Encrypt
Subject3.18plus-online.com
FingerprintB2:D7:7F:17:0E:A6:7D:6B:92:51:CC:8A:3F:B5:84:BA:C1:A1:A4:D5
ValiditySun, 07 May 2023 16:11:38 GMT - Sat, 05 Aug 2023 16:11:37 GMT
File type PNG image data, 226 x 100, 8-bit/color RGBA, non-interlaced\012- data
Hash 74174fa53d52a184fa0a586f988f0d94
6fc2f64667c7cfabd7ae7a2409d20de7a501d9a3
4e0fbe743a42b8a641daec0745e3a80e22ed9df424b7e0e0c852ba27b9b409d3
GET /img/18/player-ui-r.png HTTP/1.1
Host: 18plus-online.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://18plus-online.com/?p=g5stozjygu5gi3bpgq3dimi&sub1=2
Cookie: uuid=9479aa21-4651-40ab-ab9d-3a952dd456b0
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 26 May 2023 05:43:34 GMT
content-type: image/png
content-length: 1118
last-modified: Tue, 25 Feb 2020 07:15:00 GMT
etag: "5e54c974-45e"
expires: Sun, 25 Jun 2023 05:43:34 GMT
cache-control: max-age=2592000
strict-transport-security: max-age=31536000
content-security-policy: img-src https: data:; upgrade-insecure-requests
accept-ranges: bytes
X-Firefox-Spdy: h2
18plus-online.com/img/18/views.png
185.177.93.28200 OK 461 B URL GET HTTP/2 18plus-online.com/img/18/views.png
IP 185.177.93.28:443
ASN #39572 DataWeb Global Group B.V.
Requested by https://18plus-online.com/?p=g5stozjygu5gi3bpgq3dimi&sub1=2
Certificate IssuerLet's Encrypt
Subject3.18plus-online.com
FingerprintB2:D7:7F:17:0E:A6:7D:6B:92:51:CC:8A:3F:B5:84:BA:C1:A1:A4:D5
ValiditySun, 07 May 2023 16:11:38 GMT - Sat, 05 Aug 2023 16:11:37 GMT
File type PNG image data, 32 x 28, 8-bit/color RGBA, non-interlaced\012- data
Hash 0ad8de150ced2f4ab8828c02c23ab95c
b7620db8dc0ef0075c79de9c0f3409d292413b80
efb233df0a528dd04d7b9725ad679738f043478ced654fe0e9a9b59b205d447b
GET /img/18/views.png HTTP/1.1
Host: 18plus-online.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://18plus-online.com/?p=g5stozjygu5gi3bpgq3dimi&sub1=2
Cookie: uuid=9479aa21-4651-40ab-ab9d-3a952dd456b0
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 26 May 2023 05:43:34 GMT
content-type: image/png
content-length: 461
last-modified: Tue, 25 Feb 2020 07:15:00 GMT
etag: "5e54c974-1cd"
expires: Sun, 25 Jun 2023 05:43:34 GMT
cache-control: max-age=2592000
strict-transport-security: max-age=31536000
content-security-policy: img-src https: data:; upgrade-insecure-requests
accept-ranges: bytes
X-Firefox-Spdy: h2
18plus-online.com/img/18/stars.png
185.177.93.28200 OK 589 B URL GET HTTP/2 18plus-online.com/img/18/stars.png
IP 185.177.93.28:443
ASN #39572 DataWeb Global Group B.V.
Requested by https://18plus-online.com/?p=g5stozjygu5gi3bpgq3dimi&sub1=2
Certificate IssuerLet's Encrypt
Subject3.18plus-online.com
FingerprintB2:D7:7F:17:0E:A6:7D:6B:92:51:CC:8A:3F:B5:84:BA:C1:A1:A4:D5
ValiditySun, 07 May 2023 16:11:38 GMT - Sat, 05 Aug 2023 16:11:37 GMT
File type PNG image data, 169 x 28, 8-bit/color RGBA, non-interlaced\012- data
Hash 586e70ae8cf2f823dc7876917d90be92
33d61043ae53a9377ad37bfd5b84c73f770c4105
894bcd381abf4e10bbbe8802a7c52396d8b6b73cdf9d2837caf8f6a0d7aea707
GET /img/18/stars.png HTTP/1.1
Host: 18plus-online.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://18plus-online.com/?p=g5stozjygu5gi3bpgq3dimi&sub1=2
Cookie: uuid=9479aa21-4651-40ab-ab9d-3a952dd456b0
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 26 May 2023 05:43:34 GMT
content-type: image/png
content-length: 589
last-modified: Tue, 25 Feb 2020 07:16:00 GMT
etag: "5e54c9b0-24d"
expires: Sun, 25 Jun 2023 05:43:34 GMT
cache-control: max-age=2592000
strict-transport-security: max-age=31536000
content-security-policy: img-src https: data:; upgrade-insecure-requests
accept-ranges: bytes
X-Firefox-Spdy: h2
18plus-online.com/img/18/pics-1.jpg
185.177.93.28200 OK 9.4 kB URL GET HTTP/2 18plus-online.com/img/18/pics-1.jpg
IP 185.177.93.28:443
ASN #39572 DataWeb Global Group B.V.
Requested by https://18plus-online.com/?p=g5stozjygu5gi3bpgq3dimi&sub1=2
Certificate IssuerLet's Encrypt
Subject3.18plus-online.com
FingerprintB2:D7:7F:17:0E:A6:7D:6B:92:51:CC:8A:3F:B5:84:BA:C1:A1:A4:D5
ValiditySun, 07 May 2023 16:11:38 GMT - Sat, 05 Aug 2023 16:11:37 GMT
File type JPEG image data\012- data
Hash 0fdbe8ac7fda89d3ed4d0845d4f86384
b14ff199e53771631d302442b22ecdd1867c88e4
733eb3487f5a82cdb71eda01d36247bf57ad107ee3be967d6561fa7f2f78664e
GET /img/18/pics-1.jpg HTTP/1.1
Host: 18plus-online.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://18plus-online.com/?p=g5stozjygu5gi3bpgq3dimi&sub1=2
Cookie: uuid=9479aa21-4651-40ab-ab9d-3a952dd456b0
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 26 May 2023 05:43:34 GMT
content-type: image/jpeg
content-length: 9415
last-modified: Tue, 25 Feb 2020 07:16:00 GMT
etag: "5e54c9b0-24c7"
expires: Sun, 25 Jun 2023 05:43:34 GMT
cache-control: max-age=2592000
strict-transport-security: max-age=31536000
content-security-policy: img-src https: data:; upgrade-insecure-requests
accept-ranges: bytes
X-Firefox-Spdy: h2
18plus-online.com/img/18/pics-2.jpg
185.177.93.28200 OK 6.0 kB URL GET HTTP/2 18plus-online.com/img/18/pics-2.jpg
IP 185.177.93.28:443
ASN #39572 DataWeb Global Group B.V.
Requested by https://18plus-online.com/?p=g5stozjygu5gi3bpgq3dimi&sub1=2
Certificate IssuerLet's Encrypt
Subject3.18plus-online.com
FingerprintB2:D7:7F:17:0E:A6:7D:6B:92:51:CC:8A:3F:B5:84:BA:C1:A1:A4:D5
ValiditySun, 07 May 2023 16:11:38 GMT - Sat, 05 Aug 2023 16:11:37 GMT
File type JPEG image data\012- data
Hash 7ca024e2ee360dee3a5ed409d8694295
55ac5fb299e34092ec8323e8f32cba0f33fd4105
0e6b67b963746ceeb4785fe5041806aca4d98a6fce7a2585240d25e32b5fe999
GET /img/18/pics-2.jpg HTTP/1.1
Host: 18plus-online.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://18plus-online.com/?p=g5stozjygu5gi3bpgq3dimi&sub1=2
Cookie: uuid=9479aa21-4651-40ab-ab9d-3a952dd456b0
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 26 May 2023 05:43:34 GMT
content-type: image/jpeg
content-length: 5972
last-modified: Tue, 25 Feb 2020 07:16:00 GMT
etag: "5e54c9b0-1754"
expires: Sun, 25 Jun 2023 05:43:34 GMT
cache-control: max-age=2592000
strict-transport-security: max-age=31536000
content-security-policy: img-src https: data:; upgrade-insecure-requests
accept-ranges: bytes
X-Firefox-Spdy: h2
18plus-online.com/img/18/pics-3.jpg
185.177.93.28200 OK 9.2 kB URL GET HTTP/2 18plus-online.com/img/18/pics-3.jpg
IP 185.177.93.28:443
ASN #39572 DataWeb Global Group B.V.
Requested by https://18plus-online.com/?p=g5stozjygu5gi3bpgq3dimi&sub1=2
Certificate IssuerLet's Encrypt
Subject3.18plus-online.com
FingerprintB2:D7:7F:17:0E:A6:7D:6B:92:51:CC:8A:3F:B5:84:BA:C1:A1:A4:D5
ValiditySun, 07 May 2023 16:11:38 GMT - Sat, 05 Aug 2023 16:11:37 GMT
File type JPEG image data\012- data
Hash 5f69e27fa1a7f979ca9e375da09d24dc
22699243d1b2bb1da09e8db42cb4f7cdccb71820
d775a68996acfd4e425c30b5ecb82549361b9f18fadea8509c312b4f420d3634
GET /img/18/pics-3.jpg HTTP/1.1
Host: 18plus-online.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://18plus-online.com/?p=g5stozjygu5gi3bpgq3dimi&sub1=2
Cookie: uuid=9479aa21-4651-40ab-ab9d-3a952dd456b0
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 26 May 2023 05:43:34 GMT
content-type: image/jpeg
content-length: 9158
last-modified: Tue, 25 Feb 2020 07:16:00 GMT
etag: "5e54c9b0-23c6"
expires: Sun, 25 Jun 2023 05:43:34 GMT
cache-control: max-age=2592000
strict-transport-security: max-age=31536000
content-security-policy: img-src https: data:; upgrade-insecure-requests
accept-ranges: bytes
X-Firefox-Spdy: h2
18plus-online.com/img/18/pics-4.jpg
185.177.93.28200 OK 9.7 kB URL GET HTTP/2 18plus-online.com/img/18/pics-4.jpg
IP 185.177.93.28:443
ASN #39572 DataWeb Global Group B.V.
Requested by https://18plus-online.com/?p=g5stozjygu5gi3bpgq3dimi&sub1=2
Certificate IssuerLet's Encrypt
Subject3.18plus-online.com
FingerprintB2:D7:7F:17:0E:A6:7D:6B:92:51:CC:8A:3F:B5:84:BA:C1:A1:A4:D5
ValiditySun, 07 May 2023 16:11:38 GMT - Sat, 05 Aug 2023 16:11:37 GMT
File type JPEG image data\012- data
Hash bb74abbad9688a711d5c26b38a9836e3
8bec5939654c02d7b800c66547e1aa778c2d438c
3fb9e79f5a0a5fe0f0d466b9d715562c6abeed5b2b32dc4b9673b80494137dbe
GET /img/18/pics-4.jpg HTTP/1.1
Host: 18plus-online.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://18plus-online.com/?p=g5stozjygu5gi3bpgq3dimi&sub1=2
Cookie: uuid=9479aa21-4651-40ab-ab9d-3a952dd456b0
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 26 May 2023 05:43:34 GMT
content-type: image/jpeg
content-length: 9707
last-modified: Tue, 25 Feb 2020 07:16:00 GMT
etag: "5e54c9b0-25eb"
expires: Sun, 25 Jun 2023 05:43:34 GMT
cache-control: max-age=2592000
strict-transport-security: max-age=31536000
content-security-policy: img-src https: data:; upgrade-insecure-requests
accept-ranges: bytes
X-Firefox-Spdy: h2
18plus-online.com/favicon.ico
185.177.93.28204 No Content 0 B URL GET HTTP/2 18plus-online.com/favicon.ico
IP 185.177.93.28:443
ASN #39572 DataWeb Global Group B.V.
Requested by https://18plus-online.com/?p=g5stozjygu5gi3bpgq3dimi&sub1=2
Certificate IssuerLet's Encrypt
Subject3.18plus-online.com
FingerprintB2:D7:7F:17:0E:A6:7D:6B:92:51:CC:8A:3F:B5:84:BA:C1:A1:A4:D5
ValiditySun, 07 May 2023 16:11:38 GMT - Sat, 05 Aug 2023 16:11:37 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /favicon.ico HTTP/1.1
Host: 18plus-online.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://18plus-online.com/?p=g5stozjygu5gi3bpgq3dimi&sub1=2
Cookie: uuid=9479aa21-4651-40ab-ab9d-3a952dd456b0
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 204 No Content
server: nginx
date: Fri, 26 May 2023 05:43:34 GMT
strict-transport-security: max-age=31536000
content-security-policy: img-src https: data:; upgrade-insecure-requests
X-Firefox-Spdy: h2
18plus-online.com/img/18/search-icon.png
185.177.93.28200 OK 516 B URL GET HTTP/2 18plus-online.com/img/18/search-icon.png
IP 185.177.93.28:443
ASN #39572 DataWeb Global Group B.V.
Requested by https://18plus-online.com/?p=g5stozjygu5gi3bpgq3dimi&sub1=2
Certificate IssuerLet's Encrypt
Subject3.18plus-online.com
FingerprintB2:D7:7F:17:0E:A6:7D:6B:92:51:CC:8A:3F:B5:84:BA:C1:A1:A4:D5
ValiditySun, 07 May 2023 16:11:38 GMT - Sat, 05 Aug 2023 16:11:37 GMT
File type PNG image data, 56 x 50, 8-bit gray+alpha, non-interlaced\012- data
Hash 34123928575ef4cf3df12db2fa095e99
8d5873549768bcbf278e04c6baf6404c2971b07b
0ff5216f552496405eca9c9449f77dd8a913bce909fa9ae8662cb85969f96272
GET /img/18/search-icon.png HTTP/1.1
Host: 18plus-online.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://18plus-online.com/?p=g5stozjygu5gi3bpgq3dimi&sub1=2
Cookie: uuid=9479aa21-4651-40ab-ab9d-3a952dd456b0
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Fri, 26 May 2023 05:43:34 GMT
content-type: image/png
content-length: 516
last-modified: Tue, 25 Feb 2020 07:15:00 GMT
etag: "5e54c974-204"
expires: Sun, 25 Jun 2023 05:43:34 GMT
cache-control: max-age=2592000
strict-transport-security: max-age=31536000
content-security-policy: img-src https: data:; upgrade-insecure-requests
accept-ranges: bytes
X-Firefox-Spdy: h2
18plus-online.com/img/18/logo.png
185.177.93.28200 OK 7.2 kB URL GET HTTP/2 18plus-online.com/img/18/logo.png
IP 185.177.93.28:443
ASN #39572 DataWeb Global Group B.V.
Requested by https://18plus-online.com/?p=g5stozjygu5gi3bpgq3dimi&sub1=2
Certificate IssuerLet's Encrypt
Subject3.18plus-online.com
FingerprintB2:D7:7F:17:0E:A6:7D:6B:92:51:CC:8A:3F:B5:84:BA:C1:A1:A4:D5
ValiditySun, 07 May 2023 16:11:38 GMT - Sat, 05 Aug 2023 16:11:37 GMT
File type PNG image data, 298 x 48, 8-bit/color RGBA, non-interlaced\012- data
Hash 9fa0c2649b56a64bf24ec059fd49b982
802c9d794cc845927439ce8a3077975199015ebb
a513d2e457125cd443461746199793cd61f2e4511a9acfcda504f70b5000c774
GET /img/18/logo.png HTTP/1.1
Host: 18plus-online.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://18plus-online.com/?p=g5stozjygu5gi3bpgq3dimi&sub1=2
Cookie: uuid=9479aa21-4651-40ab-ab9d-3a952dd456b0
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Fri, 26 May 2023 05:43:34 GMT
content-type: image/png
content-length: 7171
last-modified: Tue, 25 Feb 2020 07:15:00 GMT
etag: "5e54c974-1c03"
expires: Sun, 25 Jun 2023 05:43:34 GMT
cache-control: max-age=2592000
strict-transport-security: max-age=31536000
content-security-policy: img-src https: data:; upgrade-insecure-requests
accept-ranges: bytes
X-Firefox-Spdy: h2
18plus-online.com/img/18/burger.png
185.177.93.28200 OK 295 B URL GET HTTP/2 18plus-online.com/img/18/burger.png
IP 185.177.93.28:443
ASN #39572 DataWeb Global Group B.V.
Requested by https://18plus-online.com/?p=g5stozjygu5gi3bpgq3dimi&sub1=2
Certificate IssuerLet's Encrypt
Subject3.18plus-online.com
FingerprintB2:D7:7F:17:0E:A6:7D:6B:92:51:CC:8A:3F:B5:84:BA:C1:A1:A4:D5
ValiditySun, 07 May 2023 16:11:38 GMT - Sat, 05 Aug 2023 16:11:37 GMT
File type PNG image data, 56 x 50, 8-bit gray+alpha, non-interlaced\012- data
Hash fdea660170d6a7330b24d167c2c3d1d6
c95db01c09abcd2c3b3375ea2baa1443d1473af0
415ba400194f72a1511c8cd22b4bfe13acfeebbf3e9ff958d1e39cbb738d07c8
GET /img/18/burger.png HTTP/1.1
Host: 18plus-online.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://18plus-online.com/?p=g5stozjygu5gi3bpgq3dimi&sub1=2
Cookie: uuid=9479aa21-4651-40ab-ab9d-3a952dd456b0
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Fri, 26 May 2023 05:43:34 GMT
content-type: image/png
content-length: 295
last-modified: Tue, 25 Feb 2020 07:15:00 GMT
etag: "5e54c974-127"
expires: Sun, 25 Jun 2023 05:43:34 GMT
cache-control: max-age=2592000
strict-transport-security: max-age=31536000
content-security-policy: img-src https: data:; upgrade-insecure-requests
accept-ranges: bytes
X-Firefox-Spdy: h2
18plus-online.com/img/18/player-ui-l.png
185.177.93.28200 OK 663 B URL GET HTTP/2 18plus-online.com/img/18/player-ui-l.png
IP 185.177.93.28:443
ASN #39572 DataWeb Global Group B.V.
Requested by https://18plus-online.com/?p=g5stozjygu5gi3bpgq3dimi&sub1=2
Certificate IssuerLet's Encrypt
Subject3.18plus-online.com
FingerprintB2:D7:7F:17:0E:A6:7D:6B:92:51:CC:8A:3F:B5:84:BA:C1:A1:A4:D5
ValiditySun, 07 May 2023 16:11:38 GMT - Sat, 05 Aug 2023 16:11:37 GMT
File type PNG image data, 144 x 100, 8-bit gray+alpha, non-interlaced\012- data
Hash 5159265d4e4ecc1bfa2e8b028fc0534d
443e7f825760d81906a5c1a4ca660e0385b435fe
46a01582282a1e9326a84e445ba3da470e059b5d091d326e45271b698d6d62a1
GET /img/18/player-ui-l.png HTTP/1.1
Host: 18plus-online.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://18plus-online.com/?p=g5stozjygu5gi3bpgq3dimi&sub1=2
Cookie: uuid=9479aa21-4651-40ab-ab9d-3a952dd456b0
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Fri, 26 May 2023 05:43:34 GMT
content-type: image/png
content-length: 663
last-modified: Tue, 25 Feb 2020 07:15:00 GMT
etag: "5e54c974-297"
expires: Sun, 25 Jun 2023 05:43:34 GMT
cache-control: max-age=2592000
strict-transport-security: max-age=31536000
content-security-policy: img-src https: data:; upgrade-insecure-requests
accept-ranges: bytes
X-Firefox-Spdy: h2