xfantazy.com/video/6034cee1d7357618a3d2dc9d
172.67.69.220302 Found 0 B URL HTTP/1.1 xfantazy.com/video/6034cee1d7357618a3d2dc9d
IP 172.67.69.220:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /video/6034cee1d7357618a3d2dc9d HTTP/1.1
Host: xfantazy.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 302 Found
Date: Tue, 20 Sep 2022 21:13:30 GMT
Content-Length: 0
Connection: keep-alive
location: https://xfantazy.com/video/6034cee1d7357618a3d2dc9d
cache-control: no-cache
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=N3Byh58TAV2FQl7PBOmB0uUlm2Ew%2FOKZwtiKBUhKC0ehnYujajOVNtg6CmHs3pUizSPnGMcj7FbCINYfMUfgFuiUuOtTgQFLIBVSf7v6%2FR9sFluNh0PA2jLAp4RRbQ%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 74dd90bd1a28b4fa-OSL
alt-svc: h2=":443"; ma=60
firefox.settings.services.mozilla.com/v1/
143.204.55.115200 OK 939 B URL HTTP/1.1 firefox.settings.services.mozilla.com/v1/
IP 143.204.55.115:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash 1b3053fa528e28810f8a2cc9284cc921
cca9eb471d941881a6b9a1793aecb6c281908f6a
a2427848ba35575dda8a82cf88f104978234c05389deebc3fc8279d9075eff45
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 939
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Content-Length, Backoff, Retry-After, Content-Type, Alert
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Date: Tue, 20 Sep 2022 21:13:15 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
X-Cache: Hit from cloudfront
Via: 1.1 a7d2a4ec2f50830f128dc406960aef9a.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: kH8liJ5iNfrbYaA5z1-XFDhxCAQAjHfspvo1DPAMBY9Aq1dMX4VvDw==
Age: 15
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 861cfa99de956423d917ed0ddbea4b9c
ad65dbc394b48b04a45c205f56af296c8d008db4
5c706b2718b1698995f4feb91223779aef4bf6dc967c31f9ef9a93873197d5f9
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "5C706B2718B1698995F4FEB91223779AEF4BF6DC967C31F9EF9A93873197D5F9"
Last-Modified: Sun, 18 Sep 2022 06:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5164
Expires: Tue, 20 Sep 2022 22:39:34 GMT
Date: Tue, 20 Sep 2022 21:13:30 GMT
Connection: keep-alive
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-10-30-18-47-44.chain
143.204.55.110200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-10-30-18-47-44.chain
IP 143.204.55.110:0
File type PEM certificate\012- , ASCII text
Hash 6113f8408c59aebe188d6af273b90743
7398873bf00f99944eaa77ad3ebc0d43c23dba6b
b6e0cc9ad68306208a160f3835fb8da76acc5a82d8fde1da5a98e1de1c11a770
GET /chains/remote-settings.content-signature.mozilla.org-2022-10-30-18-47-44.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: binary/octet-stream
content-length: 5348
last-modified: Sat, 10 Sep 2022 18:47:45 GMT
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
date: Tue, 20 Sep 2022 04:35:14 GMT
etag: "6113f8408c59aebe188d6af273b90743"
x-cache: Hit from cloudfront
via: 1.1 f66e3db0f0449307dba3fbf72bbf3bac.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: NR9ZTSyqUgpkQ7FYSOmYkEE_nko-CToqJqLE7vPQeCXyJUJ86--7Rg==
age: 59897
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Tue, 20 Sep 2022 21:13:30 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
143.204.55.115200 OK 329 B URL HTTP/1.1 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 143.204.55.115:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 329
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: ETag, Expires, Content-Length, Cache-Control, Pragma, Content-Type, Alert, Backoff, Last-Modified, Retry-After
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Last-Modified: Fri, 25 Mar 2022 17:45:46 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
Cache-Control: max-age=3600
Date: Tue, 20 Sep 2022 21:03:22 GMT
Expires: Tue, 20 Sep 2022 21:33:01 GMT
ETag: "1648230346554"
X-Cache: Hit from cloudfront
Via: 1.1 e49f22f18c16784c0f42291e768d1daa.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: DG7g-_ngl_P94sCFFFPEyeN1f5qSNr6dcQpy3vWXQYqyO9GTRHJ9Ug==
Age: 609
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash edf07cd621f733b0eb50c632387ebf4f
61a082d26501c2c8d481b1676d0de2e585269613
e5c4324e4c55824b86f48bf0b9a1d317a82e7d3c19bdea7a91d78ce98d68a980
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 1529
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Tue, 20 Sep 2022 21:13:31 GMT
Last-Modified: Tue, 20 Sep 2022 20:48:02 GMT
Server: ECS (ska/F6FE)
X-Cache: HIT
Content-Length: 471
push.services.mozilla.com/
35.80.131.74101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 35.80.131.74:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: 225J6CQBmHv5pS1WhMirkw==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: F4dY58YJvr1T2oesCd0RWDOvbqE=
xfantazy.com/_next/static/runtime/main-8daa673a54696bb62abb.js
104.26.0.188200 OK 26 kB URL HTTP/2 xfantazy.com/_next/static/runtime/main-8daa673a54696bb62abb.js
IP 104.26.0.188:0
File type ASCII text, with very long lines (65536), with no line terminators
Hash 7911a0af4f69e6ad39feea4a93c6e47d
93f251cad10666caa01652eb02ff963994ededbc
55787566c52cad37c24722acf224f8ed71f501ea56ce3895915dbeee4d2ddb9a
GET /_next/static/runtime/main-8daa673a54696bb62abb.js HTTP/1.1
Host: xfantazy.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/video/6034cee1d7357618a3d2dc9d
Cookie: visitorId=horncvam62vvxmy2otezz; experiment-popup-payment-7=0; experiment-save-to-button-2=0
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Tue, 20 Sep 2022 21:13:31 GMT
content-type: application/javascript; charset=UTF-8
cf-bgj: minify
cache-control: public, max-age=31536000, immutable
etag: W/"11cd7-179fb717a09"
last-modified: Fri, 11 Jun 2021 14:19:48 GMT
vary: Origin, Accept-Encoding
cf-cache-status: HIT
age: 30165478
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2BsEcF7mcVKjmwAp0gi5knKXwG9195DS3dBQIK3n3KnyjL54XCbEvv4lw8Z7gUuR8GwEp1rid4yozPjUvkuVGzDplVKb%2FEBkupmPTC0%2BNYcwAAKsjH9Bm2teDPLMyGA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 74dd90c51a5bb503-OSL
content-encoding: br
X-Firefox-Spdy: h2
xfantazy.com/_next/static/chunks/9.be198c87e436634bf765.js
104.26.0.188200 OK 11 kB URL HTTP/2 xfantazy.com/_next/static/chunks/9.be198c87e436634bf765.js
IP 104.26.0.188:0
File type ASCII text, with very long lines (40085), with no line terminators
Hash 5e199214c449e8941052b30a6cbf0b20
f38da67fced2d2a01c210a63fa5e6ac7e5e6ddc9
e5c65fde0ef2970d7c4058ec8df09235462c5776288a627b493cb9b44f369996
GET /_next/static/chunks/9.be198c87e436634bf765.js HTTP/1.1
Host: xfantazy.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/video/6034cee1d7357618a3d2dc9d
Cookie: visitorId=horncvam62vvxmy2otezz; experiment-popup-payment-7=0; experiment-save-to-button-2=0
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Tue, 20 Sep 2022 21:13:31 GMT
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=31536000, immutable
cf-bgj: minify
etag: W/"9c95-181397f9e55"
last-modified: Mon, 06 Jun 2022 14:51:13 GMT
vary: Origin, Accept-Encoding
cf-cache-status: HIT
age: 9149170
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=rTdXND%2BJjvzz0n8Oz3XB%2FRWe%2FZFyLi%2F4WpG09aTli%2Bxrt5Gm5%2BC%2Bj63cPyWZl9tqoDKSc0kEUlh8J11cleIphGcSbDu2YXVTcJ0hQoC7myosC5XJiBrbm1BrGrcZyA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 74dd90c51a52b503-OSL
content-encoding: br
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash 596ea0e7cffcb12819c214fd7e55e6b5
fdf581b35743d7693bf8c7f6154471a1b2646f06
a78eee2be3725b096407fde832e7762dad74ac69165f57a10b1ef76b5b2d9874
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 20 Sep 2022 21:13:31 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.sectigo.com/
104.18.32.68200 OK 472 B IP 104.18.32.68:0
Hash bfcf21dc7df8c672d9cc209982b29500
481b4efd27b2308f773bc920a3d9bb6d0a1b8c23
818df66e0e75afd76e6609ba788e8d1608353c18437f5d5d9884baa8c3bfb917
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Tue, 20 Sep 2022 21:13:31 GMT
Content-Type: application/ocsp-response
Content-Length: 472
Connection: keep-alive
Last-Modified: Tue, 20 Sep 2022 15:14:20 GMT
Expires: Tue, 27 Sep 2022 15:14:19 GMT
Etag: "481b4efd27b2308f773bc920a3d9bb6d0a1b8c23"
Cache-Control: max-age=582647,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb6
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 74dd90c5baf4b517-OSL
ocsp.sectigo.com/
104.18.32.68200 OK 472 B IP 104.18.32.68:0
Hash bfcf21dc7df8c672d9cc209982b29500
481b4efd27b2308f773bc920a3d9bb6d0a1b8c23
818df66e0e75afd76e6609ba788e8d1608353c18437f5d5d9884baa8c3bfb917
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Tue, 20 Sep 2022 21:13:32 GMT
Content-Type: application/ocsp-response
Content-Length: 472
Connection: keep-alive
Last-Modified: Tue, 20 Sep 2022 15:14:20 GMT
Expires: Tue, 27 Sep 2022 15:14:19 GMT
Etag: "481b4efd27b2308f773bc920a3d9bb6d0a1b8c23"
Cache-Control: max-age=582647,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb1
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 74dd90c5bed8b4fd-OSL
ocsp.sectigo.com/
104.18.32.68200 OK 472 B IP 104.18.32.68:0
Hash bfcf21dc7df8c672d9cc209982b29500
481b4efd27b2308f773bc920a3d9bb6d0a1b8c23
818df66e0e75afd76e6609ba788e8d1608353c18437f5d5d9884baa8c3bfb917
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Tue, 20 Sep 2022 21:13:32 GMT
Content-Type: application/ocsp-response
Content-Length: 472
Connection: keep-alive
Last-Modified: Tue, 20 Sep 2022 15:14:20 GMT
Expires: Tue, 27 Sep 2022 15:14:19 GMT
Etag: "481b4efd27b2308f773bc920a3d9bb6d0a1b8c23"
Cache-Control: max-age=582647,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb4
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 74dd90c5cf50b50f-OSL
ocsp.sectigo.com/
104.18.32.68200 OK 472 B IP 104.18.32.68:0
Hash bfcf21dc7df8c672d9cc209982b29500
481b4efd27b2308f773bc920a3d9bb6d0a1b8c23
818df66e0e75afd76e6609ba788e8d1608353c18437f5d5d9884baa8c3bfb917
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Tue, 20 Sep 2022 21:13:32 GMT
Content-Type: application/ocsp-response
Content-Length: 472
Connection: keep-alive
Last-Modified: Tue, 20 Sep 2022 15:14:20 GMT
Expires: Tue, 27 Sep 2022 15:14:19 GMT
Etag: "481b4efd27b2308f773bc920a3d9bb6d0a1b8c23"
Cache-Control: max-age=582647,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb5
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 74dd90c5c9e4b4ee-OSL
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash 596ea0e7cffcb12819c214fd7e55e6b5
fdf581b35743d7693bf8c7f6154471a1b2646f06
a78eee2be3725b096407fde832e7762dad74ac69165f57a10b1ef76b5b2d9874
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 20 Sep 2022 21:13:32 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
static-cache.k2s.cc/thumbnail/LevBuSOjyq_k_Tyf-A/w320h240/0.jpeg
188.72.235.186200 OK 12 kB URL HTTP/2 static-cache.k2s.cc/thumbnail/LevBuSOjyq_k_Tyf-A/w320h240/0.jpeg
IP 188.72.235.186:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v80), quality = 80", baseline, precision 8, 320x240, components 3\012- data
Hash 6124c422f14171f236bc561250a9fb35
91c2a3485ff8cda2dfdb67fbfef180dabeb192c6
0413aed793d7581f758c9e93b4a70d1daae37296f00a97d6d907a21b2f63a25b
GET /thumbnail/LevBuSOjyq_k_Tyf-A/w320h240/0.jpeg HTTP/1.1
Host: static-cache.k2s.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: openresty
date: Tue, 20 Sep 2022 21:13:32 GMT
content-type: image/jpeg
content-length: 11643
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
access-control-allow-origin: *
x-cache-status: HIT
X-Firefox-Spdy: h2
static-cache.k2s.cc/thumbnail/Jr6UtH-hn_vq-Dye-w/w320h240/0.jpeg
188.72.235.186200 OK 11 kB URL HTTP/2 static-cache.k2s.cc/thumbnail/Jr6UtH-hn_vq-Dye-w/w320h240/0.jpeg
IP 188.72.235.186:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v80), quality = 80", baseline, precision 8, 320x240, components 3\012- data
Hash 340f5bc7a693e2327c530e7aa0c04749
80a907bb54912275c6167ee34e43b0dbc364b5c4
65d449dee5a1848ddc47cba3473c6b21729ab452d4b2aefb0cc241fec4370c2c
GET /thumbnail/Jr6UtH-hn_vq-Dye-w/w320h240/0.jpeg HTTP/1.1
Host: static-cache.k2s.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: openresty
date: Tue, 20 Sep 2022 21:13:32 GMT
content-type: image/jpeg
content-length: 11407
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
access-control-allow-origin: *
x-cache-status: HIT
X-Firefox-Spdy: h2
static-cache.k2s.cc/thumbnail/LO_GvyD1m6_krTiU9g/w320h240/0.jpeg
188.72.235.186200 OK 8.4 kB URL HTTP/2 static-cache.k2s.cc/thumbnail/LO_GvyD1m6_krTiU9g/w320h240/0.jpeg
IP 188.72.235.186:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v80), quality = 80", baseline, precision 8, 320x240, components 3\012- data
Hash c580b57c523ff7d694881b0fefb5dd0b
13c56dfcf47cb9b164bdd74a72de89c85d6e5781
2e68872b5c3044ac7b0395e7dc750302f39ab120920a1fa344a2147f9d81c5fd
GET /thumbnail/LO_GvyD1m6_krTiU9g/w320h240/0.jpeg HTTP/1.1
Host: static-cache.k2s.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: openresty
date: Tue, 20 Sep 2022 21:13:32 GMT
content-type: image/jpeg
content-length: 8444
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
access-control-allow-origin: *
x-cache-status: HIT
X-Firefox-Spdy: h2
static-cache.k2s.cc/thumbnail/cLuUvCfwyaa5_zqV-A/w320h240/0.jpeg
188.72.235.186200 OK 14 kB URL HTTP/2 static-cache.k2s.cc/thumbnail/cLuUvCfwyaa5_zqV-A/w320h240/0.jpeg
IP 188.72.235.186:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v80), quality = 80", baseline, precision 8, 320x240, components 3\012- data
Hash 05f1d653dc5111d3adf26075884a4c87
50d538cf1ff8bf13bf7951b7a0c083f4e093a74d
6bf77249164f30795d882612c2676fedf2da4943c8d34a2dba6a4fc629385056
GET /thumbnail/cLuUvCfwyaa5_zqV-A/w320h240/0.jpeg HTTP/1.1
Host: static-cache.k2s.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: openresty
date: Tue, 20 Sep 2022 21:13:32 GMT
content-type: image/jpeg
content-length: 14057
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
access-control-allow-origin: *
x-cache-status: HIT
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash c683e61e63df92799aa274fdac42cd3b
191aeec95861fa8596a90a10c60b22434431c033
898c007bc0e7d5f4d3180c9fe28b88036102ba64912d0773c023e1f4f07d7beb
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 20 Sep 2022 21:13:32 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash c683e61e63df92799aa274fdac42cd3b
191aeec95861fa8596a90a10c60b22434431c033
898c007bc0e7d5f4d3180c9fe28b88036102ba64912d0773c023e1f4f07d7beb
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 20 Sep 2022 21:13:32 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
static-cache.k2s.cc/thumbnail/009a58a507423/main/0.jpeg
188.72.235.186200 OK 45 kB URL HTTP/2 static-cache.k2s.cc/thumbnail/009a58a507423/main/0.jpeg
IP 188.72.235.186:0
File type JPEG image data, JFIF standard 1.02, aspect ratio, density 1x1, segment length 16, comment: "Lavc58.54.100", baseline, precision 8, 720x576, components 3\012- data
Hash 048d649225eb40abf3b9c9ea83bc8b7f
55ba2f46f1ece8b257bf009856768bcd2235c182
35cbbdbee3b1ca38c26716bbdb3165efaf6c03fad704e71583845d451aedd1a1
GET /thumbnail/009a58a507423/main/0.jpeg HTTP/1.1
Host: static-cache.k2s.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: openresty
date: Tue, 20 Sep 2022 21:13:32 GMT
content-type: image/jpeg
content-length: 44860
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
access-control-allow-origin: *
x-cache-status: MISS
X-Firefox-Spdy: h2
xfantazy.com/_next/static/chunks/69.b3ff95d1d1b8e7cf25a2.js
104.26.0.188200 OK 1.3 kB URL HTTP/2 xfantazy.com/_next/static/chunks/69.b3ff95d1d1b8e7cf25a2.js
IP 104.26.0.188:0
File type ASCII text, with very long lines (1564), with no line terminators
Hash affd5c98eed54e329f8bcb47af95946c
a773ccd6130ebd6981712c3d18a7bc1bab618ef2
45a6631f2c962fbf5f6c8051491d617d10121793f080c607e4671391bbbe1174
GET /_next/static/chunks/69.b3ff95d1d1b8e7cf25a2.js HTTP/1.1
Host: xfantazy.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/video/6034cee1d7357618a3d2dc9d
Cookie: visitorId=horncvam62vvxmy2otezz; experiment-popup-payment-7=0; experiment-save-to-button-2=0
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Tue, 20 Sep 2022 21:13:31 GMT
content-type: application/javascript; charset=UTF-8
cf-bgj: minify
cache-control: public, max-age=31536000, immutable
etag: W/"61c-179fb7179e1"
last-modified: Fri, 11 Jun 2021 14:19:48 GMT
vary: Origin, Accept-Encoding
cf-cache-status: HIT
age: 30165479
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Y6ocwQBd4U%2Ba7aciV0yz%2FNuQjjs35JDm4B37ewst82sYtDsIVu6l0nII03ea78j32LeouoH%2BXeWCpHuoO10b%2B399go2eTYGLlDub%2BJLjhr8bygN46bJC8Mv%2Bm3vmrA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 74dd90c51a57b503-OSL
content-encoding: br
X-Firefox-Spdy: h2
fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2
142.250.74.163200 OK 16 kB URL HTTP/2 fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2
IP 142.250.74.163:0
File type Web Open Font Format (Version 2), TrueType, length 15744, version 1.0\012- data
Hash 15d9f621c3bd1599f0169dcf0bd5e63e
7ca9c5967f3bb8bffeab24b639b49c1e7d03fa52
f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615
GET /s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://xfantazy.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15744
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 14 Sep 2022 19:34:08 GMT
expires: Thu, 14 Sep 2023 19:34:08 GMT
cache-control: public, max-age=31536000
age: 524364
last-modified: Wed, 11 May 2022 19:24:48 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
fonts.googleapis.com/css?family=Roboto:100,300,400,500,700&display=swap
216.58.211.10200 OK 16 kB URL HTTP/2 fonts.googleapis.com/css?family=Roboto:100,300,400,500,700&display=swap
IP 216.58.211.10:0
Hash 3a44e06eb954b96aa043227f3534189d
23cef6993ddb2b2979e8e7647fc3763694e2ba7d
b019538234514166ec7665359d097403358f8a4c991901983922fb4d56989f1e
GET /css?family=Roboto:100,300,400,500,700&display=swap HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Tue, 20 Sep 2022 21:13:31 GMT
date: Tue, 20 Sep 2022 21:13:31 GMT
cache-control: private, max-age=86400
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2
142.250.74.163200 OK 16 kB URL HTTP/2 fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2
IP 142.250.74.163:0
File type Web Open Font Format (Version 2), TrueType, length 15860, version 1.0\012- data
Hash e9f5aaf547f165386cd313b995dddd8e
acdef5603c2387b0e5bffd744b679a24a8bc1968
f5aebdfea35d1e7656ef4acc5db1f243209755ae3300943ef8fc6280f363c860
GET /s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://xfantazy.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15860
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 14 Sep 2022 19:34:08 GMT
expires: Thu, 14 Sep 2023 19:34:08 GMT
cache-control: public, max-age=31536000
age: 524364
last-modified: Wed, 11 May 2022 19:24:42 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
xfantazy.com/static/xf-small.png
104.26.0.188200 OK 1.2 kB URL HTTP/2 xfantazy.com/static/xf-small.png
IP 104.26.0.188:0
File type PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced\012- data
Hash 73788af337ff4a5e7c8d8ea19dba155f
e0bd72878475603f40ebd05077c626816ed3285c
be4a320fd44fdaaced2a2056ff7a4c0765a6ed0996c9b4c94a0cb2458967e8df
GET /static/xf-small.png HTTP/1.1
Host: xfantazy.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/video/6034cee1d7357618a3d2dc9d
Cookie: visitorId=horncvam62vvxmy2otezz; experiment-popup-payment-7=0; experiment-save-to-button-2=0
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Tue, 20 Sep 2022 21:13:32 GMT
content-type: image/png
content-length: 1153
vary: Origin, Accept-Encoding
cache-control: public, max-age=14400
last-modified: Sun, 18 Sep 2022 10:07:54 GMT
etag: W/"481-1835011995d"
cf-cache-status: HIT
age: 6556
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=sf1RgMS0uGCoibCUliAMSYQ%2FFTEX9Ic0ORZsWFyD%2BTjVoUFG1vOAHFVW54A2j2pARvFc6iSqSvpPrHw3CWD0OLKUOKSm9pSlAsHq96ASP0FHDfYqvbEx98TdeGMoxQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 74dd90c80dbcb503-OSL
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash c683e61e63df92799aa274fdac42cd3b
191aeec95861fa8596a90a10c60b22434431c033
898c007bc0e7d5f4d3180c9fe28b88036102ba64912d0773c023e1f4f07d7beb
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 20 Sep 2022 21:13:32 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.google-analytics.com/analytics.js
142.250.74.174200 OK 20 kB URL HTTP/2 www.google-analytics.com/analytics.js
IP 142.250.74.174:0
File type ASCII text, with very long lines (1325)
Hash 56f5d7f608e25d64207135f045f988cb
901eb59372ae330ae85e1384da93479b21ae1082
1910daea79e5a9d04829a91e432dfa56f45a80a3e14a8cf667fec73af9fd3d29
GET /analytics.js HTTP/1.1
Host: www.google-analytics.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 20006
date: Tue, 20 Sep 2022 20:41:12 GMT
expires: Tue, 20 Sep 2022 22:41:12 GMT
cache-control: public, max-age=7200
age: 1940
last-modified: Wed, 13 Apr 2022 21:02:38 GMT
content-type: text/javascript
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
cdn.jsdelivr.net/npm/yandex-metrica-watch/tag.js
151.101.85.229200 OK 84 kB URL HTTP/2 cdn.jsdelivr.net/npm/yandex-metrica-watch/tag.js
IP 151.101.85.229:0
File type Unicode text, UTF-8 (with BOM) text, with very long lines (593)
Hash 93da68520075687596d7c4a0cb3c93a0
677e814d36fb09115d31b029c55b920c2b78f7aa
7ae325ea4d6de04c789cf4e147f9a334e8feb936d2d785ef48be82c5bbe3621d
GET /npm/yandex-metrica-watch/tag.js HTTP/1.1
Host: cdn.jsdelivr.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: *
timing-allow-origin: *
cache-control: public, max-age=604800, s-maxage=43200
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/javascript; charset=utf-8
x-jsd-version: 1.244.0
x-jsd-version-type: version
etag: W/"3392e-Qi3gEcZr1l3TqINcJ23fMrDsrI8"
content-encoding: gzip
accept-ranges: bytes
date: Tue, 20 Sep 2022 21:13:32 GMT
age: 165
x-served-by: cache-fra19174-FRA, cache-bma1644-BMA
x-cache: HIT, HIT
vary: Accept-Encoding
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 83683
X-Firefox-Spdy: h2
ocsp.globalsign.com/ca/gsatlasr3dvtlsca2022q1
104.18.20.226200 OK 1.5 kB URL HTTP/1.1 ocsp.globalsign.com/ca/gsatlasr3dvtlsca2022q1
IP 104.18.20.226:0
Hash 55c131f23e802c9368bc50ad6f8b6b09
3a93a5e24dcd33d10f4481833c41e75e904579e3
145e478b320329d4b71ee1515f38801f98c394bdcd84b21487b4332b73574503
POST /ca/gsatlasr3dvtlsca2022q1 HTTP/1.1
Host: ocsp.globalsign.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Tue, 20 Sep 2022 21:13:32 GMT
Content-Type: application/ocsp-response
Transfer-Encoding: chunked
Connection: keep-alive
Etag: "93A7C584416BE5ED87CBB48429417040F1CE655D"
Expires: Wed, 21 Sep 2022 08:00:00 GMT
Last-Modified: Tue, 20 Sep 2022 20:00:00 UTC
Cache-Control: s-maxage=3600, public, no-transform, must-revalidate
CF-Cache-Status: HIT
Age: 1782
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 74dd90cb1ad0b4eb-OSL
xfantazy.com/_next/static/chunks/70.aeba4e9e28ccf1bae13a.js
104.26.0.188200 OK 805 B URL HTTP/2 xfantazy.com/_next/static/chunks/70.aeba4e9e28ccf1bae13a.js
IP 104.26.0.188:0
File type ASCII text, with very long lines (1389), with no line terminators
Hash be30d94d7cf869f40fcbc95643655ca5
a8a77fd5b1ed8ce33781a4e44d760064ab030ded
34e7865137d7296801630cf66bac4b4483f30b654e20440723b8106aa4a3d963
GET /_next/static/chunks/70.aeba4e9e28ccf1bae13a.js HTTP/1.1
Host: xfantazy.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/video/6034cee1d7357618a3d2dc9d
Cookie: visitorId=horncvam62vvxmy2otezz; experiment-popup-payment-7=0; experiment-save-to-button-2=0; safeMode=0; advancedOptions=0; viewedVideoCounter=0
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Tue, 20 Sep 2022 21:13:32 GMT
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=31536000, immutable
cf-bgj: minify
etag: W/"56d-181397f9e5d"
last-modified: Mon, 06 Jun 2022 14:51:13 GMT
vary: Origin, Accept-Encoding
cf-cache-status: HIT
age: 9154675
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=LaH7EJt4vQci6sLuR09YAkGlvloqJ1iDD2NR8PFeO1kGAQJ1BkMX0uROhzCm6IEW%2FuItBre8vwiUV8ElTol4GoM7feelbVJqnbYjIIHZnijGmg%2Bg3NXBYw2MHfbsQA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 74dd90cc09d9b503-OSL
content-encoding: br
X-Firefox-Spdy: h2
xfantazy.com/_next/static/chunks/51.21792104df3f91cda445.js
104.26.0.188200 OK 1.6 kB URL HTTP/2 xfantazy.com/_next/static/chunks/51.21792104df3f91cda445.js
IP 104.26.0.188:0
File type ASCII text, with very long lines (3301), with no line terminators
Hash 4973591acd0442614083d61ad71de2f6
a050ff8c14f9ab93bc380d45ed83fd5ca9203d39
dd568b1a5d115abf90f2daa5b4652d5ace1048c64033529e882a4268ac1b426f
GET /_next/static/chunks/51.21792104df3f91cda445.js HTTP/1.1
Host: xfantazy.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/video/6034cee1d7357618a3d2dc9d
Cookie: visitorId=horncvam62vvxmy2otezz; experiment-popup-payment-7=0; experiment-save-to-button-2=0; safeMode=0; advancedOptions=0; viewedVideoCounter=0
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Tue, 20 Sep 2022 21:13:32 GMT
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=31536000, immutable
cf-bgj: minify
etag: W/"ce5-181397f9e59"
last-modified: Mon, 06 Jun 2022 14:51:13 GMT
vary: Origin, Accept-Encoding
cf-cache-status: HIT
age: 9154661
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=KzpnE03%2F7nhYiAQOiJuscLNwa4zeNvcsAwff0t03SFkXgsYahyaE38MVoX5DVsXG50nF53nEl72Bq8%2FEUOLNJDWUraLAAu2B%2FuKlPPdcUapxcreRLw9m%2FYSKRyt15w%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 74dd90cc09d5b503-OSL
content-encoding: br
X-Firefox-Spdy: h2
xfantazy.com/_next/static/chunks/styles.77acb212b856be16971e.js
104.26.0.188200 OK 34 kB URL HTTP/2 xfantazy.com/_next/static/chunks/styles.77acb212b856be16971e.js
IP 104.26.0.188:0
File type ASCII text, with no line terminators
Hash 08dc5e6f6057ff38624e66ba56cd43a7
f36b9df17012d15ac669d0e4a9460086ce13ddf8
165fe466d541228ce43d03a65385aa7d6246f533083574c0189e9241379ff5d9
GET /_next/static/chunks/styles.77acb212b856be16971e.js HTTP/1.1
Host: xfantazy.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/video/6034cee1d7357618a3d2dc9d
Cookie: visitorId=horncvam62vvxmy2otezz; experiment-popup-payment-7=0; experiment-save-to-button-2=0; safeMode=0; advancedOptions=0; viewedVideoCounter=0
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Tue, 20 Sep 2022 21:13:32 GMT
content-type: application/javascript; charset=UTF-8
cf-bgj: minify
cache-control: public, max-age=31536000, immutable
etag: W/"55-179fb70cfea"
last-modified: Fri, 11 Jun 2021 14:19:05 GMT
vary: Origin, Accept-Encoding
cf-cache-status: HIT
age: 30165232
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=piWR9MVwLv0uCtUNUd2uY%2FVBR4LOrxwHfoCmxYAhBfTLeNxZHfJUSzpBI1KtvtJayEH3cWwrixbyis45SI%2FWYDQe54%2F1N%2BzVsPjAoWYqNa9fSfIIL7mVUDYmn9K1TQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 74dd90caa852b503-OSL
content-encoding: br
X-Firefox-Spdy: h2
a.focusde.info/5qpfbg7.js
135.181.208.216200 OK 34 kB URL HTTP/2 a.focusde.info/5qpfbg7.js
IP 135.181.208.216:0
ASN #24940 Hetzner Online GmbH
File type Unicode text, UTF-8 text, with very long lines (37787), with NEL line terminators
Hash 92a34128721b26541b784fc8e7c4cf29
0b97412171de36e5a4cdfba28a69341e0fe6b0de
93f6ba12753327849a8da02eb5b2b1698b8e7058486b5b3bde40c3053e7ca0b8
GET /5qpfbg7.js HTTP/1.1
Host: a.focusde.info
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Tue, 20 Sep 2022 21:13:32 GMT
content-type: application/javascript
content-length: 34366
expires: Tue, 19 Sep 2023 11:44:01 GMT
content-encoding: gzip
last-modified: Mon, 19 Sep 2022 11:41:48 GMT
etag: "6328557c-863e"
cache-control: max-age=315360000, public
x-hw: 1663587841.dop143.am5.t,1663587841.cds267.am5.c
access-control-allow-origin: *
x-frame-options: DENY
x-content-type-options: nosniff
accept-ranges: bytes
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 85aa2dcaf76d25900c78356e5e1c254f
46cd66c9921a162c9e67cfa7d85bc82e5967d531
741815f43b76661b9edde512bc9061cb4bc659b297e7d822bf8e68e5aac9d23d
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "741815F43B76661B9EDDE512BC9061CB4BC659B297E7D822BF8E68E5AAC9D23D"
Last-Modified: Sun, 18 Sep 2022 10:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2347
Expires: Tue, 20 Sep 2022 21:52:40 GMT
Date: Tue, 20 Sep 2022 21:13:33 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 85aa2dcaf76d25900c78356e5e1c254f
46cd66c9921a162c9e67cfa7d85bc82e5967d531
741815f43b76661b9edde512bc9061cb4bc659b297e7d822bf8e68e5aac9d23d
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "741815F43B76661B9EDDE512BC9061CB4BC659B297E7D822BF8E68E5AAC9D23D"
Last-Modified: Sun, 18 Sep 2022 10:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2347
Expires: Tue, 20 Sep 2022 21:52:40 GMT
Date: Tue, 20 Sep 2022 21:13:33 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 85aa2dcaf76d25900c78356e5e1c254f
46cd66c9921a162c9e67cfa7d85bc82e5967d531
741815f43b76661b9edde512bc9061cb4bc659b297e7d822bf8e68e5aac9d23d
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "741815F43B76661B9EDDE512BC9061CB4BC659B297E7D822BF8E68E5AAC9D23D"
Last-Modified: Sun, 18 Sep 2022 10:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2347
Expires: Tue, 20 Sep 2022 21:52:40 GMT
Date: Tue, 20 Sep 2022 21:13:33 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 85aa2dcaf76d25900c78356e5e1c254f
46cd66c9921a162c9e67cfa7d85bc82e5967d531
741815f43b76661b9edde512bc9061cb4bc659b297e7d822bf8e68e5aac9d23d
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "741815F43B76661B9EDDE512BC9061CB4BC659B297E7D822BF8E68E5AAC9D23D"
Last-Modified: Sun, 18 Sep 2022 10:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2347
Expires: Tue, 20 Sep 2022 21:52:40 GMT
Date: Tue, 20 Sep 2022 21:13:33 GMT
Connection: keep-alive
xfantazy.com/_next/static/chunks/7.38d845e9473548212694.js
104.26.0.188200 OK 11 kB URL HTTP/2 xfantazy.com/_next/static/chunks/7.38d845e9473548212694.js
IP 104.26.0.188:0
File type ASCII text, with very long lines (38842), with no line terminators
Hash 58aebdac1029833c2f0f07e188fa945e
4f02a3535c7e434deb71cd5369be11744533999c
d6d3c2649d296be12b970c984a089501396da1313e92dd538e9759d406a5689f
GET /_next/static/chunks/7.38d845e9473548212694.js HTTP/1.1
Host: xfantazy.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/video/6034cee1d7357618a3d2dc9d
Cookie: visitorId=horncvam62vvxmy2otezz; experiment-popup-payment-7=0; experiment-save-to-button-2=0
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Tue, 20 Sep 2022 21:13:31 GMT
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=31536000, immutable
cf-bgj: minify
etag: W/"97ba-181397f9e55"
last-modified: Mon, 06 Jun 2022 14:51:13 GMT
vary: Origin, Accept-Encoding
cf-cache-status: HIT
age: 9148804
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=LPlfvsgUOpFhvCZZdbH6smwMmXOV8rByiWjesV68y4O7GVWPohVC%2Bt4K8enS35pDiAJFkO2OI8DYV8W4CV6Z0wQGHAcorRzhULgT3j9Ep09SjG10%2FjpA3YvbXLvWJw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 74dd90c51a4eb503-OSL
content-encoding: br
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4c2e0de8-088f-449b-a3cb-bbb83e3883a6.jpeg
34.120.237.76200 OK 12 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4c2e0de8-088f-449b-a3cb-bbb83e3883a6.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 2ed7323b395e757f7766ea0045efdaca
8b91bc3069a3217bc719c27959d578b353b5d9dc
8daf8cb1464daa5f72bc4f1049adb4aba00b2c2dec11cb3ade3454ec2ebbfb63
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4c2e0de8-088f-449b-a3cb-bbb83e3883a6.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 11832
x-amzn-requestid: 75065a71-5f2d-4987-915b-9bddc772c76a
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YugI_EsLIAMFdmQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6328e09f-1248d25405209da3353d4a4a;Sampled=0
x-amzn-remapped-date: Mon, 19 Sep 2022 21:35:27 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: 7sCevVX1nGXxZxnrXSURjUcap1a7vCZwrMMIXfzcBPR1srMxJHLGUg==
via: 1.1 00f0a41f749793b9dd653153037c957e.cloudfront.net (CloudFront), 1.1 fda3b2797d2719576f6b916583a28e52.cloudfront.net (CloudFront), 1.1 google
date: Mon, 19 Sep 2022 22:07:05 GMT
age: 83188
etag: "8b91bc3069a3217bc719c27959d578b353b5d9dc"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1d1af9c9-23b5-42e1-b7c6-655c21db6627.jpeg
34.120.237.76200 OK 9.9 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1d1af9c9-23b5-42e1-b7c6-655c21db6627.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 7ca0c1a7f205ad07f1cce80b26448873
0e14f5062e40ce94346494ff947bfcf74b5e88c1
ebc960279032671136749823c126ec807334d9eaf2b019abcc63b41bcdbf4a7f
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1d1af9c9-23b5-42e1-b7c6-655c21db6627.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 9873
x-amzn-requestid: 7171299f-e6e3-40ef-a292-33779346e1ee
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YugI-FDIIAMF-xg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6328e09f-31f9413434a6b00e77e7709b;Sampled=0
x-amzn-remapped-date: Mon, 19 Sep 2022 21:35:27 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: evL3aL1ULo6B2a8Rp6iILKCX7F14O9HMSbEqkEY3XHFhmMptE8FaVw==
via: 1.1 5ab5dc09da67e3ea794ec8a82992cc88.cloudfront.net (CloudFront), 1.1 112d82578d402a38d8d02e8b857617e0.cloudfront.net (CloudFront), 1.1 google
date: Mon, 19 Sep 2022 21:50:04 GMT
age: 84209
etag: "0e14f5062e40ce94346494ff947bfcf74b5e88c1"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3a91bc33-86f4-4bda-af70-da083ceb7c72.jpeg
34.120.237.76200 OK 11 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3a91bc33-86f4-4bda-af70-da083ceb7c72.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash d3e70b2859ca89b353682d03f6b46b93
ebd83f29edd95217dfa4f4c7a94eddf34dd58b14
43ad8f8b0a664bbec39e0410c1201498a2d2e36e5bd7d5ece8d65b15230ec50b
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3a91bc33-86f4-4bda-af70-da083ceb7c72.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 10894
x-amzn-requestid: f7aad96e-af80-4db7-8bc1-d1e09a9b37e8
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YeJQGHhOIAMFYuw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6322559a-538534e91448af217c59ab3d;Sampled=0
x-amzn-remapped-date: Wed, 14 Sep 2022 22:28:42 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: P7aZQzmAvqn2rcHJUQjHo0Dcg8dsrqseey5mNOabfq1b857M4SUMDQ==
via: 1.1 28a7186077f9b5270d98dd053f31303e.cloudfront.net (CloudFront), 1.1 73cb83fe6699afc2791b5c690c1ff8c6.cloudfront.net (CloudFront), 1.1 google
date: Tue, 20 Sep 2022 02:46:17 GMT
age: 66436
etag: "ebd83f29edd95217dfa4f4c7a94eddf34dd58b14"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc72c9eb8-103b-4d09-b405-97d1a7ae99a8.webp
34.120.237.76200 OK 9.5 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc72c9eb8-103b-4d09-b405-97d1a7ae99a8.webp
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 30fbdfee7ec4513a5ff3dfcb7282f816
a852edb64a7220532aa619ab2a440c3a7e11b97a
4adee59f97bea412c6a0a786d0a27e431a497198b9047a75841b0a530803bdfe
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc72c9eb8-103b-4d09-b405-97d1a7ae99a8.webp HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 9543
x-amzn-requestid: 17be04c9-54f0-4988-82dd-f13911a2a629
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YugINHN1IAMF8iA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6328e09a-35496b4c21c23dec75257964;Sampled=0
x-amzn-remapped-date: Mon, 19 Sep 2022 21:35:22 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: y3urrVdjZEds_DKf3yL2XfaOy-5UPBwU-YVWe5eKYsDpl3JPmqffsw==
via: 1.1 470e3fe246a660ba6ace67a79f78d246.cloudfront.net (CloudFront), 1.1 b36bf2c460ac693ce304817aed073112.cloudfront.net (CloudFront), 1.1 google
date: Mon, 19 Sep 2022 22:23:30 GMT
age: 82203
etag: "a852edb64a7220532aa619ab2a440c3a7e11b97a"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F28b8af49-2631-4a57-aeca-43e33f0f6d83.jpeg
34.120.237.76200 OK 11 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F28b8af49-2631-4a57-aeca-43e33f0f6d83.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash c283017ec789693602177a2785177e21
ff8286c4d2cf87a1865d56d082bc5235dba60ad7
520db2567ad5529d35d2ac63b94d4186848382e9c86d0c4355ab979b34f0e0ab
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F28b8af49-2631-4a57-aeca-43e33f0f6d83.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 11145
x-amzn-requestid: dcb726a6-2f43-4170-a53c-4f0d2883309e
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Yuh7yHfHIAMFu4g=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6328e37e-11bf06e96123e01c11854cbb;Sampled=0
x-amzn-remapped-date: Mon, 19 Sep 2022 21:47:42 GMT
x-amz-cf-pop: SEA73-P2, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: DwufJXA1yHz_jnJL0PWjCQYF9fa3jlJ0e-2hIomInAXCpmPISX3mjg==
via: 1.1 b47618c03bd47cf085f27b1e215f76cc.cloudfront.net (CloudFront), 1.1 35575576af8067e30cfb17c6b9fde8e2.cloudfront.net (CloudFront), 1.1 google
date: Mon, 19 Sep 2022 22:02:33 GMT
age: 83460
etag: "ff8286c4d2cf87a1865d56d082bc5235dba60ad7"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1b9b6fcc-4a98-463a-8c9c-a60812d5b535.jpeg
34.120.237.76200 OK 9.9 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1b9b6fcc-4a98-463a-8c9c-a60812d5b535.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 1a7d863845e96c5927e812f325c08c16
b8484fb5443344b03e52dd56b1d6c5682eb6221a
fcb382029332a44deaf212298b618074a752d674d0c735a1b8b861ab4bb6ff0f
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1b9b6fcc-4a98-463a-8c9c-a60812d5b535.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 9865
x-amzn-requestid: 7eeeff5b-cb13-4060-96a6-bf5a4be57331
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YugokGQVoAMFXmA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6328e169-4211dbbe1a22d0255a45aff0;Sampled=0
x-amzn-remapped-date: Mon, 19 Sep 2022 21:38:49 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: zDPKSOJ7SJImKcluUMhGvVMHv4t2oKLD2AJfGKAFSfedsdSA4VgZ_g==
via: 1.1 e5af640ced3aa8764b82c4bc3f7af38e.cloudfront.net (CloudFront), 1.1 e95ec8f1dc02e32f0cb9e113963ceb4e.cloudfront.net (CloudFront), 1.1 google
date: Mon, 19 Sep 2022 22:02:56 GMT
etag: "b8484fb5443344b03e52dd56b1d6c5682eb6221a"
content-type: image/jpeg
age: 83437
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
xfantazy.com/_next/static/pSlyoXy7R5nE6sbZsP0Ue/pages/login.js
104.26.0.188200 OK 1.6 kB URL HTTP/2 xfantazy.com/_next/static/pSlyoXy7R5nE6sbZsP0Ue/pages/login.js
IP 104.26.0.188:0
File type ASCII text, with very long lines (2981), with no line terminators
Hash ac606117209e578bba5fb3febb833d25
5dab8e96ca6b7b01f976e4807f03232ab6ec28e3
f7ae60cdcd50e137322a8d7a07170835692b28fd899c205cd1b058dab5f7097f
GET /_next/static/pSlyoXy7R5nE6sbZsP0Ue/pages/login.js HTTP/1.1
Host: xfantazy.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/video/6034cee1d7357618a3d2dc9d
Cookie: visitorId=horncvam62vvxmy2otezz; experiment-popup-payment-7=0; experiment-save-to-button-2=0; safeMode=0; advancedOptions=0; viewedVideoCounter=0; adScript2Groups=push1-push1%2Cpush2-push2%2Cpop-desk%2CTest-Code%20; k2sAccessToken=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiI1YjM5Y2ZjY2ZjNGUwNzFjNzE4MWQ0ZmQiLCJhdWQiOiJjbGllbnQiLCJ0eXBlIjoiYWNjZXNzVG9rZW4iLCJpc3MiOiJrMnMiLCJjSWQiOiI1YjM5Y2ZjY2ZjNGUwNzFjNzE4MWQ0ZmQiLCJqdGkiOiI1ODE5MGM3ZWFjNGFhIiwiaWF0IjoxNjYzNzA4NDEyLCJleHAiOjE2NjQzMTMyMTJ9.J-52W5qxoXYbgJdXnqJVRdZVyMp3smh-_dcHf5oa3DQ; k2sRefreshToken=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiI1YjM5Y2ZjY2ZjNGUwNzFjNzE4MWQ0ZmQiLCJhdWQiOiJjbGllbnQiLCJ0eXBlIjoicmVmcmVzaFRva2VuIiwiaXNzIjoiazJzIiwiY0lkIjoiNWIzOWNmY2NmYzRlMDcxYzcxODFkNGZkIiwianRpIjoiY2ZjZmQ4ZTJmNzBiMCIsImlhdCI6MTY2MzcwODQxMiwiZXhwIjoxNjY2MzAwNDEyfQ.HmMDp9n8qVrKYvCtGt_HA1_xdu-EjwinqqsOq54QK_A
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Tue, 20 Sep 2022 21:13:33 GMT
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=31536000, immutable
cf-bgj: minify
etag: W/"ba5-1835016291c"
last-modified: Sun, 18 Sep 2022 10:12:53 GMT
vary: Origin, Accept-Encoding
cf-cache-status: HIT
age: 212140
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=jZgO19ctEtZTdICBZeumn0h6hjsUy95ZYZhvDs%2FaAHErEzy3suTfo3J8buCbzH3AABdjTfgoQeFMZajPc7YrM0xGqBLfEcVVpeEmDa8ereKyXNjK3PJzevaSUaR5wA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 74dd90cf0cddb503-OSL
content-encoding: br
X-Firefox-Spdy: h2
d192r5l88wrng7.cloudfront.net/?rwlrd=961956
54.230.245.63200 OK 112 kB URL HTTP/2 d192r5l88wrng7.cloudfront.net/?rwlrd=961956
IP 54.230.245.63:0
File type Unicode text, UTF-8 text, with very long lines (15952)
Size 112 kB (111871 bytes)
Hash 8638efdc9d854c39d55b6e0c0f9eed89
66a4bf7f9e6d9497939f4e65bcfd70f020272de6
60a6ccf174c474f016aa1a89019a6542d7b11ae1326476be9abda8ecc5316067
GET /?rwlrd=961956 HTTP/1.1
Host: d192r5l88wrng7.cloudfront.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-length: 111871
date: Tue, 20 Sep 2022 21:13:33 GMT
access-control-allow-origin: *
cache-control: no-store, no-cache, proxy-revalidate, must-revalidate, private, no-transform
content-encoding: gzip
pragma: no-cache
x-cache: Miss from cloudfront
via: 1.1 a2c3c8b833b34851dca4f7753ecaae58.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: QV1ke8okb3jzSw0oeBooZOfG31HZLCMD4pDLFGihmcMTSJByy2ADsw==
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash 9baaa3878151bf5d83c8d7014da17e5d
d8952bdd01ddec1d9a5a480f17ff5e39f6bdb037
1734ff9035c0a9c965cb5047e9fdbc2c1184b6c568066e856c6dbf0b8dc51df3
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 20 Sep 2022 21:13:33 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j96&tid=UA-121614197-2&cid=1411574122.1663708413&jid=113320289&gjid=2045634449&_gid=1169492789.1663708413&_u=YGBAiEABBAAAAE~&z=613867579
142.251.1.155200 OK 1 B URL HTTP/2 stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j96&tid=UA-121614197-2&cid=1411574122.1663708413&jid=113320289&gjid=2045634449&_gid=1169492789.1663708413&_u=YGBAiEABBAAAAE~&z=613867579
IP 142.251.1.155:0
File type very short file (no magic)
Hash c4ca4238a0b923820dcc509a6f75849b
356a192b7913b04c54574d18c28d46e6395428ab
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
POST /j/collect?t=dc&aip=1&_r=3&v=1&_v=j96&tid=UA-121614197-2&cid=1411574122.1663708413&jid=113320289&gjid=2045634449&_gid=1169492789.1663708413&_u=YGBAiEABBAAAAE~&z=613867579 HTTP/1.1
Host: stats.g.doubleclick.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 0
Origin: https://xfantazy.com
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: https://xfantazy.com
strict-transport-security: max-age=10886400; includeSubDomains; preload
date: Tue, 20 Sep 2022 21:13:33 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
last-modified: Sun, 17 May 1998 03:00:00 GMT
access-control-allow-credentials: true
x-content-type-options: nosniff
content-type: text/plain
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 1
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
xfantazy.com/_next/static/css/styles.f80584c6.chunk.css
104.26.0.188200 OK 28 kB URL HTTP/2 xfantazy.com/_next/static/css/styles.f80584c6.chunk.css
IP 104.26.0.188:0
File type ASCII text, with very long lines (65536), with no line terminators
Hash eaf781198abccf6ada6ae31a3f7ad47f
17404872592aa287d28eab7a6438586d55406c45
ccff18b3a378db30e85277e85325f2f31ec30ed6ee43c2090d52a4104bbdc038
GET /_next/static/css/styles.f80584c6.chunk.css HTTP/1.1
Host: xfantazy.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/video/6034cee1d7357618a3d2dc9d
Cookie: visitorId=horncvam62vvxmy2otezz; experiment-popup-payment-7=0; experiment-save-to-button-2=0; safeMode=0; advancedOptions=0; viewedVideoCounter=0
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Tue, 20 Sep 2022 21:13:32 GMT
content-type: text/css; charset=UTF-8
cache-control: public, max-age=14400
cf-bgj: minify
cf-polished: origSize=195904
etag: W/"2fd40-18350160aa8"
last-modified: Sun, 18 Sep 2022 10:12:45 GMT
vary: Origin, Accept-Encoding
cf-cache-status: HIT
age: 5200
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=h2guHT0LWEqCJYCxTM255V5hUqwN98Z22feN6XE9UP4GXB4RsXXjGXq2DCjpF%2FfiBDS3v0d2XJPjPGJxljdNbS%2BizqZfPY6ofFkzQwSa%2BMmt6cnIBFbfIPfW1LIyxw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 74dd90caa850b503-OSL
content-encoding: br
X-Firefox-Spdy: h2
ocsp.globalsign.com/gseccovsslca2018
104.18.20.226200 OK 940 B URL HTTP/1.1 ocsp.globalsign.com/gseccovsslca2018
IP 104.18.20.226:0
Hash 3a3edb87d5976c0ac6d135dfb363c36f
a28aab0ff8d6ed216e5cb195901897cf6c0aaf37
915c1a3d65ae115d676a0fae8a755474db45721ea355b67096a56c29010a1db2
POST /gseccovsslca2018 HTTP/1.1
Host: ocsp.globalsign.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 79
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Tue, 20 Sep 2022 21:13:33 GMT
Content-Type: application/ocsp-response
Content-Length: 940
Connection: keep-alive
Expires: Sat, 24 Sep 2022 18:46:21 GMT
ETag: "a28aab0ff8d6ed216e5cb195901897cf6c0aaf37"
Last-Modified: Tue, 20 Sep 2022 18:46:22 GMT
Cache-Control: public, no-transform, must-revalidate, s-maxage=3600
CF-Cache-Status: HIT
Age: 1722
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 74dd90d1cafdb4eb-OSL
ocsp.digicert.com/
93.184.220.29200 OK 279 B IP 93.184.220.29:0
Hash 0528286dace12ef154588bb423e5877c
01494fb0d18b32da2d1f80d37cef4420c0506c5d
39c8eb46e99b438b8c912728eb96977e932ef6ff8da39294beaa2fa8df1921b0
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4551
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Tue, 20 Sep 2022 21:13:33 GMT
Last-Modified: Tue, 20 Sep 2022 19:57:42 GMT
Server: ECS (ska/F6FE)
X-Cache: HIT
Content-Length: 279
e1.o.lencr.org/
23.36.77.32200 OK 346 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 359edf3112df375e1800fb176242c6bf
77136382fac9194ee5bad925bfe229dd4a495c86
77ebbb15481bf7f879714fe74da0df603558e67469fbac837eea61d061be86eb
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 346
ETag: "77EBBB15481BF7F879714FE74DA0DF603558E67469FBAC837EEA61D061BE86EB"
Last-Modified: Tue, 20 Sep 2022 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=17347
Expires: Wed, 21 Sep 2022 02:02:40 GMT
Date: Tue, 20 Sep 2022 21:13:33 GMT
Connection: keep-alive
e1.o.lencr.org/
23.36.77.32200 OK 346 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 359edf3112df375e1800fb176242c6bf
77136382fac9194ee5bad925bfe229dd4a495c86
77ebbb15481bf7f879714fe74da0df603558e67469fbac837eea61d061be86eb
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 346
ETag: "77EBBB15481BF7F879714FE74DA0DF603558E67469FBAC837EEA61D061BE86EB"
Last-Modified: Tue, 20 Sep 2022 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=17347
Expires: Wed, 21 Sep 2022 02:02:40 GMT
Date: Tue, 20 Sep 2022 21:13:33 GMT
Connection: keep-alive
e1.o.lencr.org/
23.36.77.32200 OK 345 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash c188d12765e59977002a334ff98b0a1d
5877ffd2a18ee0769e262fc9671c242307a654a6
262ef072d3c7b2530c2b4b3c4b317e98fb7eff5eac95c51d2337bd5d6610ea65
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "262EF072D3C7B2530C2B4B3C4B317E98FB7EFF5EAC95C51D2337BD5D6610EA65"
Last-Modified: Mon, 19 Sep 2022 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=15679
Expires: Wed, 21 Sep 2022 01:34:52 GMT
Date: Tue, 20 Sep 2022 21:13:33 GMT
Connection: keep-alive
ocsp.sca1b.amazontrust.com/
54.230.245.100200 OK 471 B URL HTTP/1.1 ocsp.sca1b.amazontrust.com/
IP 54.230.245.100:0
Hash f4c9b7ff62fa66a4f516525d8c8ca467
6c113f795d7ca72bacf3c1712d0d6dd2ad86c274
300442f861166c3ba6bdc82beaea50023343d05c1ba38f90450107870e63511b
POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: 'max-age=158059'
Date: Tue, 20 Sep 2022 21:13:33 GMT
Last-Modified: Tue, 20 Sep 2022 19:57:27 GMT
Server: ECS (bsa/EB1A)
X-Cache: Miss from cloudfront
Via: 1.1 ee04daa979e7a02cc5ca472521bc18a6.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: -qv9K2Xwna8FCEg_jr00ITYzLMTCGB92fPTPqbDWEDrqeSQnuzqisw==
Age: 4566
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 75dca872bfd7312cec1f1ae83dc36932
35423ac5fe0444bacff7bbe20b54d6cd9a068763
2a0f27901ccd51dec23d267170b350813cdfb52a5534a48725c4f6b3814d090a
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "2A0F27901CCD51DEC23D267170B350813CDFB52A5534A48725C4F6B3814D090A"
Last-Modified: Mon, 19 Sep 2022 03:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6393
Expires: Tue, 20 Sep 2022 23:00:06 GMT
Date: Tue, 20 Sep 2022 21:13:33 GMT
Connection: keep-alive
simplewebanalysis.com/stats
3.64.106.196200 OK 40 B URL HTTP/2 simplewebanalysis.com/stats
IP 3.64.106.196:0
File type ASCII text, with no line terminators
Hash 172414eba5a75fc57ee56057aa975403
9fb38d61b77812e448e87e13bf8b992d6258fb15
4848c6d74618368e80c10a5feb1ab1efdd619fce53f6bb9253993a5e27879341
GET /stats HTTP/1.1
Host: simplewebanalysis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://xfantazy.com
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Tue, 20 Sep 2022 21:13:33 GMT
content-type: text/html; charset=UTF-8
content-length: 40
server: fasthttp
access-control-allow-origin: https://xfantazy.com
access-control-allow-credentials: true
set-cookie: uid_id2=0300d0bf-fbfe-4711-9541-1997cabdaa46:1:1; expires=Fri, 17 Sep 2032 21:13:33 GMT; secure; SameSite=None
X-Firefox-Spdy: h2
ningukmodu.one/eTRIVFlWCysnZB1OLBo8En4OFRFMZCs/Oj9SIyxoK3UacWs7ZyYBfw1dLGlgTwVxYW9fRCEwZEoGbictGEA9J2RLBHhjfxBaLjtkSBI+aWlXDGZtd0gSPWloX0A4NT5EBW4kLQ1YdWVvTwd/ZGFNBXtjaEE
104.21.2.144204 No Content 0 B URL HTTP/2 ningukmodu.one/eTRIVFlWCysnZB1OLBo8En4OFRFMZCs/Oj9SIyxoK3UacWs7ZyYBfw1dLGlgTwVxYW9fRCEwZEoGbictGEA9J2RLBHhjfxBaLjtkSBI+aWlXDGZtd0gSPWloX0A4NT5EBW4kLQ1YdWVvTwd/ZGFNBXtjaEE
IP 104.21.2.144:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /eTRIVFlWCysnZB1OLBo8En4OFRFMZCs/Oj9SIyxoK3UacWs7ZyYBfw1dLGlgTwVxYW9fRCEwZEoGbictGEA9J2RLBHhjfxBaLjtkSBI+aWlXDGZtd0gSPWloX0A4NT5EBW4kLQ1YdWVvTwd/ZGFNBXtjaEE HTTP/1.1
Host: ningukmodu.one
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 204 No Content
date: Tue, 20 Sep 2022 21:13:33 GMT
access-control-allow-origin: *
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=aRjYZi6Fwx93SeW4vERKIvltFAQb5eTIx38X8Ky67elWlt3giR3m2T7RsVTkpWCt%2FtBrAjPR%2FwBj%2F1bNMm9tKrA1Xgn%2BzZCDfeC%2BGfJKRRPvzTxEt91%2Fa2cUIzkuU1hiNQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 74dd90d23a1ab518-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ningukmodu.one/TEJkNGJjfQdHXxYuCHo0IAACVgx9KT5yBiQkI24LFC8QADsLE0JACyh/XQJQfHNQEhIlJlkFRD82BUAXP39VEgsiJAsJRDp/VRpReGxWDEx9ZBEJU2o2FFUFcXNCRBY4LlkFVHpxUwRaeHNXA1V6
104.21.2.144204 No Content 0 B URL HTTP/2 ningukmodu.one/TEJkNGJjfQdHXxYuCHo0IAACVgx9KT5yBiQkI24LFC8QADsLE0JACyh/XQJQfHNQEhIlJlkFRD82BUAXP39VEgsiJAsJRDp/VRpReGxWDEx9ZBEJU2o2FFUFcXNCRBY4LlkFVHpxUwRaeHNXA1V6
IP 104.21.2.144:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /TEJkNGJjfQdHXxYuCHo0IAACVgx9KT5yBiQkI24LFC8QADsLE0JACyh/XQJQfHNQEhIlJlkFRD82BUAXP39VEgsiJAsJRDp/VRpReGxWDEx9ZBEJU2o2FFUFcXNCRBY4LlkFVHpxUwRaeHNXA1V6 HTTP/1.1
Host: ningukmodu.one
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 204 No Content
date: Tue, 20 Sep 2022 21:13:33 GMT
access-control-allow-origin: *
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=x%2FCe8b7a3TeF47nbrzcdl7CXnQtGL%2B14s5SkaKrVQ0g9dymYkAeUiiPelCepu0y%2FmofmT1TaHu0YetpOtcaNoNbzFa74kJ2xM7Oc%2F5AZ3wrxlHdwHHPSDx76tdW%2FGBWoog%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 74dd90d23a1cb518-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ningukmodu.one/NEc2TDEbeFU/DFYsbAhkYg1VL2l2LG8gBAQkcShdbB9gO2hjEhA4WFB6D3oADXIAakFdIwt/AxI0Qi1FQTQLfRddKVAjDBIxC3wfDGkPYgASMgt9F0A3VysMBWFGOEVYegd6BwdwBnQFBXQBfQQ
104.21.2.144204 No Content 0 B URL HTTP/2 ningukmodu.one/NEc2TDEbeFU/DFYsbAhkYg1VL2l2LG8gBAQkcShdbB9gO2hjEhA4WFB6D3oADXIAakFdIwt/AxI0Qi1FQTQLfRddKVAjDBIxC3wfDGkPYgASMgt9F0A3VysMBWFGOEVYegd6BwdwBnQFBXQBfQQ
IP 104.21.2.144:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /NEc2TDEbeFU/DFYsbAhkYg1VL2l2LG8gBAQkcShdbB9gO2hjEhA4WFB6D3oADXIAakFdIwt/AxI0Qi1FQTQLfRddKVAjDBIxC3wfDGkPYgASMgt9F0A3VysMBWFGOEVYegd6BwdwBnQFBXQBfQQ HTTP/1.1
Host: ningukmodu.one
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 204 No Content
date: Tue, 20 Sep 2022 21:13:33 GMT
access-control-allow-origin: *
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=8c9bsPs5hXv3q0Z2FLqHjb2XwDL1PlpykIIfdPqnM%2FcdC163hVLk8qcv0wB1%2Bw5kzxR9wBbOkg5l%2Fd0xEWBsbDI4iZGTTP8Dka8PE60aLeYHK%2FfLxRvjmjYrJwtDUmuvEw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 74dd90d24a27b518-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ningukmodu.one/NWgxVWoaV1ImV28SWRk8czpUESIEAmtkXn8NXBcGYDlFbDAHJRchA1FVCGNYBVkDcxpcDAxkUhMbRTQeQBsMZExcBlc6VxMeDGREBUYAe1kTHQxkTEEYUDJXBE5BIR5ZVQBjXAZfAW1eBFsGZl4
104.21.2.144204 No Content 0 B URL HTTP/2 ningukmodu.one/NWgxVWoaV1ImV28SWRk8czpUESIEAmtkXn8NXBcGYDlFbDAHJRchA1FVCGNYBVkDcxpcDAxkUhMbRTQeQBsMZExcBlc6VxMeDGREBUYAe1kTHQxkTEEYUDJXBE5BIR5ZVQBjXAZfAW1eBFsGZl4
IP 104.21.2.144:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /NWgxVWoaV1ImV28SWRk8czpUESIEAmtkXn8NXBcGYDlFbDAHJRchA1FVCGNYBVkDcxpcDAxkUhMbRTQeQBsMZExcBlc6VxMeDGREBUYAe1kTHQxkTEEYUDJXBE5BIR5ZVQBjXAZfAW1eBFsGZl4 HTTP/1.1
Host: ningukmodu.one
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 204 No Content
date: Tue, 20 Sep 2022 21:13:33 GMT
access-control-allow-origin: *
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=mBaPaVJBzFl0pHGB9i%2BVdxaRwexcTSBP5LtaIuqB1r026PhuQFB9opPCibfjlJ3tJ27jtEtdlGG4%2BPBAUYTM5GJMRjLBMXITjze2y9Z80jtFrlmYG1NWKPXQyLM3c280Ww%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 74dd90d24a28b518-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
lewoverthecit.xyz/QW1NdW4gDy4YUSBQL1MbMwFwUFwHSH8zCnBUfwdbLVV1AhwvCnpbDS0COBEIMwIjAUAvCDlQXAcPFzMGEiMFNCYPFzUmOjksNTsJLScYGB4oLxg/LQwECxcmKT8hOhkQKw42HXEvDj88BAMfNC0mLyEsBggODyE3cC4bLCwPBwg/PxQkeDsCGyMYPVovOxhFJA8UJREmAAp4ERkYXxgtNCgoGD87Ii4iMz8UKz8wLAcuGzE/djoqIA0nOgwwLQcVODE/CygcIh0QKBg/OwoEHCc/ODslLywxLBktXyYvDxYsDhchFzgXNCgsLxMvGzIGKy8IMywgAGA/PQY/FEwgBx4EJDkuOAkgNAoMBScsFTsYUwQyAiMFUyhdOBkdJ10fQCQ
172.64.196.29200 OK 1.2 kB URL HTTP/2 lewoverthecit.xyz/QW1NdW4gDy4YUSBQL1MbMwFwUFwHSH8zCnBUfwdbLVV1AhwvCnpbDS0COBEIMwIjAUAvCDlQXAcPFzMGEiMFNCYPFzUmOjksNTsJLScYGB4oLxg/LQwECxcmKT8hOhkQKw42HXEvDj88BAMfNC0mLyEsBggODyE3cC4bLCwPBwg/PxQkeDsCGyMYPVovOxhFJA8UJREmAAp4ERkYXxgtNCgoGD87Ii4iMz8UKz8wLAcuGzE/djoqIA0nOgwwLQcVODE/CygcIh0QKBg/OwoEHCc/ODslLywxLBktXyYvDxYsDhchFzgXNCgsLxMvGzIGKy8IMywgAGA/PQY/FEwgBx4EJDkuOAkgNAoMBScsFTsYUwQyAiMFUyhdOBkdJ10fQCQ
IP 172.64.196.29:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (2992), with no line terminators
Hash e19bbdfe43145295cf3e6cf8bfa58801
3b06cf9e2951ffe3265a5453c2f940829d4e4885
b724b43210c30930c8274fc9e396c60f63bb98e7628f8a79d1731eb6e231c96b
GET /QW1NdW4gDy4YUSBQL1MbMwFwUFwHSH8zCnBUfwdbLVV1AhwvCnpbDS0COBEIMwIjAUAvCDlQXAcPFzMGEiMFNCYPFzUmOjksNTsJLScYGB4oLxg/LQwECxcmKT8hOhkQKw42HXEvDj88BAMfNC0mLyEsBggODyE3cC4bLCwPBwg/PxQkeDsCGyMYPVovOxhFJA8UJREmAAp4ERkYXxgtNCgoGD87Ii4iMz8UKz8wLAcuGzE/djoqIA0nOgwwLQcVODE/CygcIh0QKBg/OwoEHCc/ODslLywxLBktXyYvDxYsDhchFzgXNCgsLxMvGzIGKy8IMywgAGA/PQY/FEwgBx4EJDkuOAkgNAoMBScsFTsYUwQyAiMFUyhdOBkdJ10fQCQ HTTP/1.1
Host: lewoverthecit.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Tue, 20 Sep 2022 21:13:33 GMT
content-type: text/html
content-length: 1152
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
content-encoding: gzip
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=vHR%2BQXCrBGWRh%2BXcNrcl%2F2PisigoBq99Ru3A71ZQGo%2F06y8Wx75nMVSelbP9ynp1%2B2I566urZ%2FyjTwFheqraHKlsb1kzPoWcgmJ53qbBLBp2fZUtQiwSfstXBjlHQdtmzIF3OQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 74dd90d27bdf73e3-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
lewoverthecit.xyz/V1QzZDc2NlAJCDZpUUJCJTgOQQURcQEiU2ZtARYCO2wLE0U5MwRKVDs7RgBRJTtdEBk5MUdBBREyZTEDZhpYFwUeAkc1UxQRXTFmIy1qVw8aFQBVTR0RaT59BAJJMnE8J3o2TxMCYANcHzpcNWcubEIndg0gfDcONQFrPk0cZUcyUzoGXDJxHiRSLFgDBVkXAR0FWyB9AxFBMQZvOH4nWAMFShRYHmVDKX49P1oydRlhdldENRZeUVkxPAIrUjoGQSZZBSFpVwINDEoxUBk8ciFSLmUBJQU7bWozRBAwdFFZMT9XJVU6DWMgdhU4aTNUBhZ7F04cZR4+Ux0ccVxUIAYEPn9jEnFXQzw1RAdwGwBEXGIRFVgoYCQcUCx9PQ1yMWYHOVtBBRFyWRdYOSQOBVgwIGESVDQlYys
172.64.196.29200 OK 1.2 kB URL HTTP/2 lewoverthecit.xyz/V1QzZDc2NlAJCDZpUUJCJTgOQQURcQEiU2ZtARYCO2wLE0U5MwRKVDs7RgBRJTtdEBk5MUdBBREyZTEDZhpYFwUeAkc1UxQRXTFmIy1qVw8aFQBVTR0RaT59BAJJMnE8J3o2TxMCYANcHzpcNWcubEIndg0gfDcONQFrPk0cZUcyUzoGXDJxHiRSLFgDBVkXAR0FWyB9AxFBMQZvOH4nWAMFShRYHmVDKX49P1oydRlhdldENRZeUVkxPAIrUjoGQSZZBSFpVwINDEoxUBk8ciFSLmUBJQU7bWozRBAwdFFZMT9XJVU6DWMgdhU4aTNUBhZ7F04cZR4+Ux0ccVxUIAYEPn9jEnFXQzw1RAdwGwBEXGIRFVgoYCQcUCx9PQ1yMWYHOVtBBRFyWRdYOSQOBVgwIGESVDQlYys
IP 172.64.196.29:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (3014), with no line terminators
Hash ec8b00c106548ed5b8c9d033cdb760b2
3a27f5385b03b5cd99856edf538daf31ff22b931
c94694cfc41722e824bba54f5183ab9e4568e71c3f4d39d7dbe1ee9f234e0ad3
GET /V1QzZDc2NlAJCDZpUUJCJTgOQQURcQEiU2ZtARYCO2wLE0U5MwRKVDs7RgBRJTtdEBk5MUdBBREyZTEDZhpYFwUeAkc1UxQRXTFmIy1qVw8aFQBVTR0RaT59BAJJMnE8J3o2TxMCYANcHzpcNWcubEIndg0gfDcONQFrPk0cZUcyUzoGXDJxHiRSLFgDBVkXAR0FWyB9AxFBMQZvOH4nWAMFShRYHmVDKX49P1oydRlhdldENRZeUVkxPAIrUjoGQSZZBSFpVwINDEoxUBk8ciFSLmUBJQU7bWozRBAwdFFZMT9XJVU6DWMgdhU4aTNUBhZ7F04cZR4+Ux0ccVxUIAYEPn9jEnFXQzw1RAdwGwBEXGIRFVgoYCQcUCx9PQ1yMWYHOVtBBRFyWRdYOSQOBVgwIGESVDQlYys HTTP/1.1
Host: lewoverthecit.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Tue, 20 Sep 2022 21:13:33 GMT
content-type: text/html
content-length: 1170
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
content-encoding: gzip
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Z%2B8P1LveMUOxztmtRhi2EOzw%2BGlyXKldaIgWCn7YF5Gd8M0Vzt29fS6xB9USzJ10l6ZxnaZLAhtS7vHfoP4UtKZ6whm0DKzBwNwLcVALBQBPPN%2BClxdK2WxZ6fQltzzcJu3qlw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 74dd90d26bd273e3-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
lewoverthecit.xyz/NFpRSDVVODIlClVnM25ARjZsbQdyf2MOUQVjYzoAWGJpP0daPWZmVlg1JCxTRjU/PBtaPyVtB3ISCHpdRQAWJ3R2LQALY2Y5EwxZWA4HHkVVDAd9c3UyOgR3dhQHAgRyDh0wdHIMEglZfhkceHdxDzINdHYCBHgBcxgAGXBiDyYKd3UYBx8FfRYTP0VsDxQ/bXMbBBhjQwMXCkJTHRMvBVcZJnFzfAslEndDLQIJQlMdECMEbRM9cXtjH2gfYl8pAB8EYgoEC0VkDD0nZXULABpwXwAwH11MCQccUVcPFHFkfzFoH2JcHzQcBFcoBiQAcQwUBnJjNnwncXAtEAx3YRwIAmNEOwceRWANBzhjYGsXEXF1aggKUgAcGQ0MZhY9BmZmHB8HfQU2M25fRzU/OAh5b2gETVtqGw55fQo/
172.64.196.29200 OK 1.2 kB URL HTTP/2 lewoverthecit.xyz/NFpRSDVVODIlClVnM25ARjZsbQdyf2MOUQVjYzoAWGJpP0daPWZmVlg1JCxTRjU/PBtaPyVtB3ISCHpdRQAWJ3R2LQALY2Y5EwxZWA4HHkVVDAd9c3UyOgR3dhQHAgRyDh0wdHIMEglZfhkceHdxDzINdHYCBHgBcxgAGXBiDyYKd3UYBx8FfRYTP0VsDxQ/bXMbBBhjQwMXCkJTHRMvBVcZJnFzfAslEndDLQIJQlMdECMEbRM9cXtjH2gfYl8pAB8EYgoEC0VkDD0nZXULABpwXwAwH11MCQccUVcPFHFkfzFoH2JcHzQcBFcoBiQAcQwUBnJjNnwncXAtEAx3YRwIAmNEOwceRWANBzhjYGsXEXF1aggKUgAcGQ0MZhY9BmZmHB8HfQU2M25fRzU/OAh5b2gETVtqGw55fQo/
IP 172.64.196.29:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (3020), with no line terminators
Hash 7520c7342923e1e392c0459425d564ae
4f204ad1dd40670e4bd7ea0142493276d3cdd1c3
7925f337fc469d1df291aad3fb4ef6509eb3042e41c744e8b40a379c75d3a488
GET /NFpRSDVVODIlClVnM25ARjZsbQdyf2MOUQVjYzoAWGJpP0daPWZmVlg1JCxTRjU/PBtaPyVtB3ISCHpdRQAWJ3R2LQALY2Y5EwxZWA4HHkVVDAd9c3UyOgR3dhQHAgRyDh0wdHIMEglZfhkceHdxDzINdHYCBHgBcxgAGXBiDyYKd3UYBx8FfRYTP0VsDxQ/bXMbBBhjQwMXCkJTHRMvBVcZJnFzfAslEndDLQIJQlMdECMEbRM9cXtjH2gfYl8pAB8EYgoEC0VkDD0nZXULABpwXwAwH11MCQccUVcPFHFkfzFoH2JcHzQcBFcoBiQAcQwUBnJjNnwncXAtEAx3YRwIAmNEOwceRWANBzhjYGsXEXF1aggKUgAcGQ0MZhY9BmZmHB8HfQU2M25fRzU/OAh5b2gETVtqGw55fQo/ HTTP/1.1
Host: lewoverthecit.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Tue, 20 Sep 2022 21:13:33 GMT
content-type: text/html
content-length: 1172
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
content-encoding: gzip
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=yVMBLQqsqT27uFH7h4XWbBXN3PEkGm6E8HnaR2Sfz6N3HfGuCvrC3WBFij0l98zQ%2Bm79gC%2FYnpzZB%2FuMYrC8z09G%2FFbQrwWGfTnjSDMY%2B%2Fg8kcOU8wXmmrBIcPF3R%2F%2FbCkM8PA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 74dd90d26bd373e3-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
e1.o.lencr.org/
23.36.77.32200 OK 346 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 359edf3112df375e1800fb176242c6bf
77136382fac9194ee5bad925bfe229dd4a495c86
77ebbb15481bf7f879714fe74da0df603558e67469fbac837eea61d061be86eb
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 346
ETag: "77EBBB15481BF7F879714FE74DA0DF603558E67469FBAC837EEA61D061BE86EB"
Last-Modified: Tue, 20 Sep 2022 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=17347
Expires: Wed, 21 Sep 2022 02:02:40 GMT
Date: Tue, 20 Sep 2022 21:13:33 GMT
Connection: keep-alive
mc.yandex.ru/watch/49415098/1?wmode=7&page-url=https%3A%2F%2Fxfantazy.com%2Fvideo%2F6034cee1d7357618a3d2dc9d&charset=utf-8&browser-info=pv%3A1%3Agdpr%3A14%3Avf%3Aat6op7b9z7b01ildvcz5k%3Afp%3A1744%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A903%3Acn%3A1%3Adp%3A0%3Als%3A1357840599175%3Ahid%3A855902350%3Az%3A0%3Ai%3A20220920211333%3Aet%3A1663708413%3Ac%3A1%3Arn%3A457177162%3Arqn%3A1%3Au%3A1663708413517017636%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ads%3A0%2C28%2C902%2C0%2C292%2C0%2C%2C291%2C16%2C%2C%2C%2C1778%3Ans%3A1663708410365%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1663708414%3At%3Acreampie%20%7C%20Helena%20Douglas%20%28%20Dead%20or%20Alive%20%29%20assembly%20%7C%20interracial%20-%20XFantazy.com&t=gdpr%2814%29clc%280-0-0%29aw%281%29rqnt%281%29fip%281%29rqnl%281%29ti%282%29
93.158.134.119200 OK 419 B URL HTTP/2 mc.yandex.ru/watch/49415098/1?wmode=7&page-url=https%3A%2F%2Fxfantazy.com%2Fvideo%2F6034cee1d7357618a3d2dc9d&charset=utf-8&browser-info=pv%3A1%3Agdpr%3A14%3Avf%3Aat6op7b9z7b01ildvcz5k%3Afp%3A1744%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A903%3Acn%3A1%3Adp%3A0%3Als%3A1357840599175%3Ahid%3A855902350%3Az%3A0%3Ai%3A20220920211333%3Aet%3A1663708413%3Ac%3A1%3Arn%3A457177162%3Arqn%3A1%3Au%3A1663708413517017636%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ads%3A0%2C28%2C902%2C0%2C292%2C0%2C%2C291%2C16%2C%2C%2C%2C1778%3Ans%3A1663708410365%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1663708414%3At%3Acreampie%20%7C%20Helena%20Douglas%20%28%20Dead%20or%20Alive%20%29%20assembly%20%7C%20interracial%20-%20XFantazy.com&t=gdpr%2814%29clc%280-0-0%29aw%281%29rqnt%281%29fip%281%29rqnl%281%29ti%282%29
IP 93.158.134.119:0
File type JSON data\012- , ASCII text, with very long lines (419), with no line terminators
Hash 3247b5daf075d4da2c2007e83a9dd3d4
425c418d4e006258edadc1fdc99649a63c2a9ae8
fbb252e6460152daaffa7199c9ac73c243e5c1bdcf81db5a9943d8ea1c7963c6
GET /watch/49415098/1?wmode=7&page-url=https%3A%2F%2Fxfantazy.com%2Fvideo%2F6034cee1d7357618a3d2dc9d&charset=utf-8&browser-info=pv%3A1%3Agdpr%3A14%3Avf%3Aat6op7b9z7b01ildvcz5k%3Afp%3A1744%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A903%3Acn%3A1%3Adp%3A0%3Als%3A1357840599175%3Ahid%3A855902350%3Az%3A0%3Ai%3A20220920211333%3Aet%3A1663708413%3Ac%3A1%3Arn%3A457177162%3Arqn%3A1%3Au%3A1663708413517017636%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ads%3A0%2C28%2C902%2C0%2C292%2C0%2C%2C291%2C16%2C%2C%2C%2C1778%3Ans%3A1663708410365%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1663708414%3At%3Acreampie%20%7C%20Helena%20Douglas%20%28%20Dead%20or%20Alive%20%29%20assembly%20%7C%20interracial%20-%20XFantazy.com&t=gdpr%2814%29clc%280-0-0%29aw%281%29rqnt%281%29fip%281%29rqnl%281%29ti%282%29 HTTP/1.1
Host: mc.yandex.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://xfantazy.com
Referer: https://xfantazy.com/
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-length: 419
date: Tue, 20 Sep 2022 21:13:33 GMT
x-content-type-options: nosniff
access-control-allow-origin: https://xfantazy.com
access-control-allow-credentials: true
pragma: no-cache
x-xss-protection: 1; mode=block
expires: Tue, 20-Sep-2022 21:13:33 GMT
last-modified: Tue, 20-Sep-2022 21:13:33 GMT
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
content-type: application/json; charset=utf-8
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 279 B IP 93.184.220.29:0
Hash 0528286dace12ef154588bb423e5877c
01494fb0d18b32da2d1f80d37cef4420c0506c5d
39c8eb46e99b438b8c912728eb96977e932ef6ff8da39294beaa2fa8df1921b0
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4551
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Tue, 20 Sep 2022 21:13:33 GMT
Last-Modified: Tue, 20 Sep 2022 19:57:42 GMT
Server: ECS (ska/F6FE)
X-Cache: HIT
Content-Length: 279
e1.o.lencr.org/
23.36.77.32200 OK 345 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash c188d12765e59977002a334ff98b0a1d
5877ffd2a18ee0769e262fc9671c242307a654a6
262ef072d3c7b2530c2b4b3c4b317e98fb7eff5eac95c51d2337bd5d6610ea65
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "262EF072D3C7B2530C2B4B3C4B317E98FB7EFF5EAC95C51D2337BD5D6610EA65"
Last-Modified: Mon, 19 Sep 2022 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=15679
Expires: Wed, 21 Sep 2022 01:34:52 GMT
Date: Tue, 20 Sep 2022 21:13:33 GMT
Connection: keep-alive
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 9405985bfe6aab7c008cf3a305f79b0f
d698b786300ea45e2cd1b9d3fadf2639e71efe5e
28c7a840f64d83b92b41d7255788845fbe83aefbee8acf3d8cb131ffd81f6267
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 1420
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Tue, 20 Sep 2022 21:13:34 GMT
Last-Modified: Tue, 20 Sep 2022 20:49:55 GMT
Server: ECS (ska/F6FE)
X-Cache: HIT
Content-Length: 471
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash 3d2761b1a3fedeb7e00a122148ffd245
99a1dd8c59c36325d722ff751154e55a789af58b
69dc599e96ce0e553637ca5b3d45dddcdd4b0eb0a73eeae55aa36955419182ac
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 20 Sep 2022 21:13:34 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash 3d2761b1a3fedeb7e00a122148ffd245
99a1dd8c59c36325d722ff751154e55a789af58b
69dc599e96ce0e553637ca5b3d45dddcdd4b0eb0a73eeae55aa36955419182ac
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 20 Sep 2022 21:13:34 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
e1.o.lencr.org/
23.36.77.32200 OK 346 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash e7425029cb87581653a2d298f1e0f1cf
8c79864e7d39c9bd209b6d051f98f4f44d92f804
1b61227954588bd684190c9897ba69590605e5d0f42e85de265506255329d2c6
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 346
ETag: "1B61227954588BD684190C9897BA69590605E5D0F42E85DE265506255329D2C6"
Last-Modified: Mon, 19 Sep 2022 19:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7166
Expires: Tue, 20 Sep 2022 23:13:00 GMT
Date: Tue, 20 Sep 2022 21:13:34 GMT
Connection: keep-alive
e1.o.lencr.org/
23.36.77.32200 OK 346 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash e7425029cb87581653a2d298f1e0f1cf
8c79864e7d39c9bd209b6d051f98f4f44d92f804
1b61227954588bd684190c9897ba69590605e5d0f42e85de265506255329d2c6
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 346
ETag: "1B61227954588BD684190C9897BA69590605E5D0F42E85DE265506255329D2C6"
Last-Modified: Mon, 19 Sep 2022 19:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7166
Expires: Tue, 20 Sep 2022 23:13:00 GMT
Date: Tue, 20 Sep 2022 21:13:34 GMT
Connection: keep-alive
mc.yandex.ru/metrika/advert.gif
93.158.134.119200 OK 43 B URL HTTP/2 mc.yandex.ru/metrika/advert.gif
IP 93.158.134.119:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash df3e567d6f16d040326c7a0ea29a4f41
ea7df583983133b62712b5e73bffbcd45cc53736
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
GET /metrika/advert.gif HTTP/1.1
Host: mc.yandex.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-length: 43
date: Tue, 20 Sep 2022 21:13:34 GMT
access-control-allow-origin: *
etag: "63295b76-2b"
expires: Tue, 20 Sep 2022 22:13:34 GMT
accept-ranges: bytes
last-modified: Tue, 20 Sep 2022 09:19:34 GMT
cache-control: max-age=3600
content-type: image/gif
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
d192r5l88wrng7.cloudfront.net/HY2hqZGoABwQCVRcBDllTVVpaVV5FAhkLBBNVJ1FTLxAFVCAlJCM0BEUcEABXU04GBQQEVUwBBABVW0ILBwpXUEwXGAUPVwYFBwgGBg0cCw9FHQtZBwwSAwgGAk1YIl9NWE9WWksQW1VPUCpPVloPAQQREkZaWhxSVTdcUE9QKk9WWhEeT1crWl5EVENGWl-oDDwADBUFYJVpaVVpTWVpVT1FYDA0YBg4FHE9RLlNSRFNOH1lb
54.230.245.63200 OK 592 B URL HTTP/2 d192r5l88wrng7.cloudfront.net/HY2hqZGoABwQCVRcBDllTVVpaVV5FAhkLBBNVJ1FTLxAFVCAlJCM0BEUcEABXU04GBQQEVUwBBABVW0ILBwpXUEwXGAUPVwYFBwgGBg0cCw9FHQtZBwwSAwgGAk1YIl9NWE9WWksQW1VPUCpPVloPAQQREkZaWhxSVTdcUE9QKk9WWhEeT1crWl5EVENGWl-oDDwADBUFYJVpaVVpTWVpVT1FYDA0YBg4FHE9RLlNSRFNOH1lb
IP 54.230.245.63:0
File type ASCII text, with very long lines (825), with no line terminators
Hash 6c8f79e5af8a2db291f04ebf0becc42f
b8226f17bb578e6ac0570050d24d22369df0ba0e
bf5e28196317c4518f38da0ebda6caf8ec4f4a05b6b9d385fa053389346527ba
GET /HY2hqZGoABwQCVRcBDllTVVpaVV5FAhkLBBNVJ1FTLxAFVCAlJCM0BEUcEABXU04GBQQEVUwBBABVW0ILBwpXUEwXGAUPVwYFBwgGBg0cCw9FHQtZBwwSAwgGAk1YIl9NWE9WWksQW1VPUCpPVloPAQQREkZaWhxSVTdcUE9QKk9WWhEeT1crWl5EVENGWl-oDDwADBUFYJVpaVVpTWVpVT1FYDA0YBg4FHE9RLlNSRFNOH1lb HTTP/1.1
Host: d192r5l88wrng7.cloudfront.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://lewoverthecit.xyz/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-length: 592
date: Tue, 20 Sep 2022 21:13:34 GMT
access-control-allow-origin: *
cache-control: max-age=31556926
content-encoding: gzip
x-cache: Miss from cloudfront
via: 1.1 a2c3c8b833b34851dca4f7753ecaae58.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: kvsRhT7cl8TijyKRgfUZnF1mntwKUAI3qKVNRV3zg-Sl4jtFeIoCvw==
X-Firefox-Spdy: h2
d192r5l88wrng7.cloudfront.net/fVU41Nks2IVtQdCEnUQtyY38MA31zJEZZJSVzVFksIRxDVSgkHnoQPy8qCAZtOS9bUXZzK1tVdmRoVFIpaHoTQjs6JQhDJTErU18lMCoTQypoI1pMIjkiVBN5E3sbBm5nfh1OemRrBnRuZ35ZXyUgNhAEey12A2l9YWsGdG5nfkdAbmYPDABlZWcQBHsyK1-ZdJHB8cwR7ZH4FB3tkawcGLTw8UFAkLWsHcHJjYAUQPmh/
54.230.245.63200 OK 323 B URL HTTP/2 d192r5l88wrng7.cloudfront.net/fVU41Nks2IVtQdCEnUQtyY38MA31zJEZZJSVzVFksIRxDVSgkHnoQPy8qCAZtOS9bUXZzK1tVdmRoVFIpaHoTQjs6JQhDJTErU18lMCoTQypoI1pMIjkiVBN5E3sbBm5nfh1OemRrBnRuZ35ZXyUgNhAEey12A2l9YWsGdG5nfkdAbmYPDABlZWcQBHsyK1-ZdJHB8cwR7ZH4FB3tkawcGLTw8UFAkLWsHcHJjYAUQPmh/
IP 54.230.245.63:0
File type ASCII text, with very long lines (403), with no line terminators
Hash c814bada68959baf7764f4cde3800625
acfaef54be75a378715bd847cb5b2f78bd2d5419
e2fe68d65d1fec5a6b2493e541b9640d8e8e0d9ef579d9069e38b4ff203c0309
GET /fVU41Nks2IVtQdCEnUQtyY38MA31zJEZZJSVzVFksIRxDVSgkHnoQPy8qCAZtOS9bUXZzK1tVdmRoVFIpaHoTQjs6JQhDJTErU18lMCoTQypoI1pMIjkiVBN5E3sbBm5nfh1OemRrBnRuZ35ZXyUgNhAEey12A2l9YWsGdG5nfkdAbmYPDABlZWcQBHsyK1-ZdJHB8cwR7ZH4FB3tkawcGLTw8UFAkLWsHcHJjYAUQPmh/ HTTP/1.1
Host: d192r5l88wrng7.cloudfront.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://lewoverthecit.xyz/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-length: 323
date: Tue, 20 Sep 2022 21:13:34 GMT
access-control-allow-origin: *
cache-control: max-age=31556926
content-encoding: gzip
x-cache: Miss from cloudfront
via: 1.1 a2c3c8b833b34851dca4f7753ecaae58.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: oNMXKIbQM7bAoxI_FRhYYy-mDBI6SRYsmWY_1bnssFJtVlLk9TWOIg==
X-Firefox-Spdy: h2
d192r5l88wrng7.cloudfront.net/bZFhSNHAHNzxSTxAxNglJUmpiBUJCMiFbHhRlOwQFCCs0BCJREnRACgBlYhIcBTY1CVYBNjEJQUI5NlZNUH4nVU0JNyhdHAg5dwY2UXZiEUJUcCoFQUFrEBFCVDQ7WgUcfWAECFxuDQJEQWsQEUJUKiQRQyVhZBpATX1gBBcBOzlbVVYeYARBVGhjBEFBam-JSGRY9NFsIQWoUDUZKaHRBTVU
54.230.245.63200 OK 186 B URL HTTP/2 d192r5l88wrng7.cloudfront.net/bZFhSNHAHNzxSTxAxNglJUmpiBUJCMiFbHhRlOwQFCCs0BCJREnRACgBlYhIcBTY1CVYBNjEJQUI5NlZNUH4nVU0JNyhdHAg5dwY2UXZiEUJUcCoFQUFrEBFCVDQ7WgUcfWAECFxuDQJEQWsQEUJUKiQRQyVhZBpATX1gBBcBOzlbVVYeYARBVGhjBEFBam-JSGRY9NFsIQWoUDUZKaHRBTVU
IP 54.230.245.63:0
File type ASCII text, with no line terminators
Hash 0493b03726a4023189d950a4e723e452
14364a88c9924c91b663ec512bca0c0b6a3f5bd9
3d46d293885bd2bdfa7d6de95356bbeed580df989d7d80bdd27dc5333f95975d
GET /bZFhSNHAHNzxSTxAxNglJUmpiBUJCMiFbHhRlOwQFCCs0BCJREnRACgBlYhIcBTY1CVYBNjEJQUI5NlZNUH4nVU0JNyhdHAg5dwY2UXZiEUJUcCoFQUFrEBFCVDQ7WgUcfWAECFxuDQJEQWsQEUJUKiQRQyVhZBpATX1gBBcBOzlbVVYeYARBVGhjBEFBam-JSGRY9NFsIQWoUDUZKaHRBTVU HTTP/1.1
Host: d192r5l88wrng7.cloudfront.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://lewoverthecit.xyz/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-length: 186
date: Tue, 20 Sep 2022 21:13:34 GMT
access-control-allow-origin: *
cache-control: max-age=31556926
content-encoding: gzip
x-cache: Miss from cloudfront
via: 1.1 a2c3c8b833b34851dca4f7753ecaae58.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: Ssixvkic85c64jC9OjMV8Wn-jsT6Xtt8udYgoCFRi4_7oub_Wuq0oQ==
X-Firefox-Spdy: h2
accounts.google.com/ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&uilel=3&hl=en&service=mail
216.58.207.237302 Found 387 B URL HTTP/2 accounts.google.com/ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&uilel=3&hl=en&service=mail
IP 216.58.207.237:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (379)
Hash c6ae6350ba9de55560543c68abb2bc26
4f6e58dfcc4f28e68a4d848c6b393c5a8203c5ed
16286c91b1ac9094be69772b4f5c8c12a9dc71229084bffc51826976efd985d5
GET /ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&uilel=3&hl=en&service=mail HTTP/1.1
Host: accounts.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
content-type: text/html; charset=UTF-8
x-frame-options: DENY
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Tue, 20 Sep 2022 21:13:34 GMT
location: https://accounts.google.com/v3/signin/identifier?dsh=S-1660452330%3A1663708414141843&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&hl=en&passive=true&service=mail&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&ifkv=AQDHYWoUMsyM3YM73FZozDrBoFR25uFt2c8iWAlZeIvg78k1KB7f3yTe8anC_NJeusL-sa7oBW-P
strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: require-trusted-types-for 'script';report-uri /cspreport, script-src 'nonce-VaaVqN6vKf18f_r4Q7N9xg' 'unsafe-inline' 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /cspreport
cross-origin-opener-policy-report-only: same-origin; report-to="coop_gse_qebhlk"
report-to: {"group":"coop_gse_qebhlk","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gse_qebhlk"}]}
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 387
server: GSE
set-cookie: __Host-GAPS=1:VdV__TkcJ8lL2r-wvOlsQSF_Ql7pcw:-Oz2L-wmXuVoj2r7;Path=/;Expires=Thu, 19-Sep-2024 21:13:34 GMT;Secure;HttpOnly;Priority=HIGH
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
accounts.google.com/ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&uilel=3&hl=en&service=youtube
216.58.207.237302 Found 389 B URL HTTP/2 accounts.google.com/ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&uilel=3&hl=en&service=youtube
IP 216.58.207.237:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (381)
Hash b462c7254ba0f12f67b35c0e8f7c8361
3e8dd21b91a724fc7364c5159d5e2b7b74124d40
4b959636670d5a4833e2a0ad6ab17f46aa3e9a3b21c09c533d109624e595b0c1
GET /ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&uilel=3&hl=en&service=youtube HTTP/1.1
Host: accounts.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
content-type: text/html; charset=UTF-8
x-frame-options: DENY
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Tue, 20 Sep 2022 21:13:34 GMT
location: https://accounts.google.com/v3/signin/identifier?dsh=S855712526%3A1663708414151111&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&hl=en&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&ifkv=AQDHYWqNm2sW_gSsyBPWds2SbvtyuE6ILCQqucS_rmcHKu2zynxmjfeaE2WebZKHltptJvGAAhHn
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-opener-policy-report-only: same-origin; report-to="coop_gse_qebhlk"
report-to: {"group":"coop_gse_qebhlk","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gse_qebhlk"}]}
content-security-policy: script-src 'nonce-T46YTp8_VnakTTdtUF1ctQ' 'unsafe-inline' 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /cspreport, require-trusted-types-for 'script';report-uri /cspreport
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 389
server: GSE
set-cookie: __Host-GAPS=1:8g_1NCIbJ5czN_zAHuPCLVTBEdNcYQ:AXs1gv3pg28212G2;Path=/;Expires=Thu, 19-Sep-2024 21:13:34 GMT;Secure;HttpOnly;Priority=HIGH
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
exerciseundergone.com/4d/0a/fc/4d0afc2425eea6b0cd5a468c9f8a69ed.js
173.233.137.36200 OK 29 kB URL HTTP/1.1 exerciseundergone.com/4d/0a/fc/4d0afc2425eea6b0cd5a468c9f8a69ed.js
IP 173.233.137.36:0
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (65536), with no line terminators
Hash dce780375793088c1534f031fee3006f
a04aa0b2d5d9e5d58d79b1dc869ccaeea061e65f
b91e69bbfde652e443b71753de9c0827e79ed06620084937efcf0619ecff23f0
Analyzer Verdict Alert quad9 Sinkholed
GET /4d/0a/fc/4d0afc2425eea6b0cd5a468c9f8a69ed.js HTTP/1.1
Host: exerciseundergone.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Tue, 20 Sep 2022 21:13:34 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA-Full-Version-ListSec-CH-UA-MobileSec-CH-UA-Platform,Sec-CH-UA-Mobile,Sec-CH-UA-Platform,Sec-CH-UA-PlatformSec-CH-UA-ModelSec-CH-UA-Mobile,Sec-CH-UA-PlatformSec-CH-UA-Platform-Version,Sec-CH-UASec-CH-UA-MobileSec-CH-UA-Platform,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 6977d5cac39c0e509e803336e5067e56
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash bb4bdc4c3c6869c822618f0b9ef1bdc5
6a438b8d9d87aa30e0989ace7fc0d4cafce1f29d
eb762661b0a0ecc4ccdf50229ce134d0062e8d60698b7ed1970c5073b18f31ac
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 20 Sep 2022 21:13:34 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
accounts.google.com/v3/signin/identifier?dsh=S-1660452330%3A1663708414141843&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&hl=en&passive=true&service=mail&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&ifkv=AQDHYWoUMsyM3YM73FZozDrBoFR25uFt2c8iWAlZeIvg78k1KB7f3yTe8anC_NJeusL-sa7oBW-P
216.58.207.237403 Forbidden 1.2 kB URL HTTP/2 accounts.google.com/v3/signin/identifier?dsh=S-1660452330%3A1663708414141843&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&hl=en&passive=true&service=mail&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&ifkv=AQDHYWoUMsyM3YM73FZozDrBoFR25uFt2c8iWAlZeIvg78k1KB7f3yTe8anC_NJeusL-sa7oBW-P
IP 216.58.207.237:0
Hash c71500d894f9ab980919745ba09a00ca
0d2009b59924c238a2fb1504ada42ad34597cb2a
41fbdcff2447930b8b5eb48ccf788f75895bb3a4fe279eb5b093609f7c8508c2
GET /v3/signin/identifier?dsh=S-1660452330%3A1663708414141843&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&hl=en&passive=true&service=mail&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&ifkv=AQDHYWoUMsyM3YM73FZozDrBoFR25uFt2c8iWAlZeIvg78k1KB7f3yTe8anC_NJeusL-sa7oBW-P HTTP/1.1
Host: accounts.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://xfantazy.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 403 Forbidden
content-type: text/html; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Tue, 20 Sep 2022 21:13:34 GMT
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
p3p: CP="This is not a P3P policy! See g.co/p3phelp for more info."
strict-transport-security: max-age=31536000; includeSubDomains
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-platform=*, ch-ua-platform-version=*
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-opener-policy-report-only: same-origin; report-to="AccountsSignInUi"
content-security-policy: script-src 'nonce-aJ-vKesPT-MXlZmy6EEhRA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /v3/signin/_/AccountsSignInUi/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com;report-uri /v3/signin/_/AccountsSignInUi/cspreport/allowlist, require-trusted-types-for 'script';report-uri /v3/signin/_/AccountsSignInUi/cspreport
report-to: {"group":"AccountsSignInUi","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/AccountsSignInUi/external"}]}
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-content-type-options: nosniff
set-cookie: NID=511=VXC3z9OfPQ0tkz-pC8K_eA2jRCxVtEHuTiVtIJwVouTmSbGyEDDRKZUsLjza0_VHR1e-uVSaP1Ud7qG8E9EuixpCBDl1HOOYGpp4s0CEXKl70Xpe6IZW1T91GfPjlrwweys9Y2kqbuIDH_iWfOiY7OgIhpdfAlUNcx7mk9t68zE; expires=Wed, 22-Mar-2023 21:13:34 GMT; path=/; domain=.google.com; Secure; HttpOnly; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
pogothere.xyz/asd100.bin
172.64.107.19200 OK 103 kB IP 172.64.107.19:0
Size 103 kB (102871 bytes)
Hash d23984644582b19e83d6de5da8521732
7ec92e185f5bb99bf1281868052b568840022914
0842efabf00cd7884acfe5b177f364fb8485a256c973aba2689ad774a4304dfb
GET /asd100.bin HTTP/1.1
Host: pogothere.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://xfantazy.com/
Origin: https://xfantazy.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Tue, 20 Sep 2022 21:13:34 GMT
content-type: binary/octet-stream
access-control-allow-origin: https://xfantazy.com
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-headers: X-Requested-With, content-type
cache-control: max-age=14400
cf-cache-status: HIT
age: 3610
last-modified: Tue, 20 Sep 2022 20:13:24 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=eE3i%2FAQ%2FpsusaYcExV4HKxTs9zr70BL%2FL8aAcBEvSMHI8lQeHg74Oit%2BQ8CkPM%2BU8hrpTVcWLh3%2B3df0Wt50e8Bg28ngwNuRwF2B72kw%2BaqGc3XikER66CjZksOPY8Wt"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 74dd90d46fad71b1-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
pogothere.xyz/
172.64.107.19200 OK 373 B IP 172.64.107.19:0
File type ASCII text, with no line terminators
Hash 5d13ba6489cd9d39c6d34c852b033a48
4c085a3734fe8e04e2c7d421ee89578ef79e107c
c7bb3bc01cc8924b6616d41e2fbf727a0f2b3f6e4a05cd31499afced7a14614a
GET / HTTP/1.1
Host: pogothere.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://xfantazy.com/
Origin: https://xfantazy.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Tue, 20 Sep 2022 21:13:34 GMT
content-type: text/plain
set-cookie: csu=956308276231974@1@1663708414; Max-Age=31104000; Secure; SameSite=None
access-control-allow-origin: https://xfantazy.com
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-headers: X-Requested-With, content-type
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ebtQXxiYo4M68p4oGhf5HONS%2FUBnu%2FkihrwyAJ6qbO8mzcjtVVZffsqE%2FVss5%2Fc7HkepoqkJK2iV9IUKiE2OfGBR4goNzVPkUuKqKkv7Xw2UlCW4P3K6F%2FTyyXE6uD2P"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 74dd90d46faf71b1-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash f10090ae8708800127ba099f9fd9b1f7
98cc3574c699ce86fd0f58c832a97d5c5042ea7c
79dbef1b72a40214c47dac974e195b257af3b700fe894ef45a525453c16767d7
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "79DBEF1B72A40214C47DAC974E195B257AF3B700FE894EF45A525453C16767D7"
Last-Modified: Mon, 19 Sep 2022 02:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8425
Expires: Tue, 20 Sep 2022 23:33:59 GMT
Date: Tue, 20 Sep 2022 21:13:34 GMT
Connection: keep-alive
mc.yandex.ru/watch/49415098/1?page-url=https%3A%2F%2Fxfantazy.com%2Fvideo%2F6034cee1d7357618a3d2dc9d&charset=utf-8&hittoken=1663708413_63b858021ebe6eb7fa3778e4e4962cda2b3e9dcfa8177ff5effda31c985a7a16&browser-info=pa%3A1%3Aar%3A1%3Agdpr%3A14%3Avf%3Aat6op7b9z7b01ildvcz5k%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A903%3Acn%3A1%3Adp%3A0%3Als%3A1357840599175%3Ahid%3A855902350%3Az%3A0%3Ai%3A20220920211334%3Aet%3A1663708414%3Ac%3A1%3Arn%3A1028670331%3Arqn%3A2%3Au%3A1663708413517017636%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ans%3A1663708410365%3Aadb%3A2%3Arqnl%3A1%3Ast%3A1663708414&t=gdpr(14)mc(p-7-h-1)clc(0-0-0)aw(1)rqnt(2)rqnl(1)ti(2)
93.158.134.119200 OK 43 B URL HTTP/2 mc.yandex.ru/watch/49415098/1?page-url=https%3A%2F%2Fxfantazy.com%2Fvideo%2F6034cee1d7357618a3d2dc9d&charset=utf-8&hittoken=1663708413_63b858021ebe6eb7fa3778e4e4962cda2b3e9dcfa8177ff5effda31c985a7a16&browser-info=pa%3A1%3Aar%3A1%3Agdpr%3A14%3Avf%3Aat6op7b9z7b01ildvcz5k%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A903%3Acn%3A1%3Adp%3A0%3Als%3A1357840599175%3Ahid%3A855902350%3Az%3A0%3Ai%3A20220920211334%3Aet%3A1663708414%3Ac%3A1%3Arn%3A1028670331%3Arqn%3A2%3Au%3A1663708413517017636%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ans%3A1663708410365%3Aadb%3A2%3Arqnl%3A1%3Ast%3A1663708414&t=gdpr(14)mc(p-7-h-1)clc(0-0-0)aw(1)rqnt(2)rqnl(1)ti(2)
IP 93.158.134.119:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash df3e567d6f16d040326c7a0ea29a4f41
ea7df583983133b62712b5e73bffbcd45cc53736
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
POST /watch/49415098/1?page-url=https%3A%2F%2Fxfantazy.com%2Fvideo%2F6034cee1d7357618a3d2dc9d&charset=utf-8&hittoken=1663708413_63b858021ebe6eb7fa3778e4e4962cda2b3e9dcfa8177ff5effda31c985a7a16&browser-info=pa%3A1%3Aar%3A1%3Agdpr%3A14%3Avf%3Aat6op7b9z7b01ildvcz5k%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A903%3Acn%3A1%3Adp%3A0%3Als%3A1357840599175%3Ahid%3A855902350%3Az%3A0%3Ai%3A20220920211334%3Aet%3A1663708414%3Ac%3A1%3Arn%3A1028670331%3Arqn%3A2%3Au%3A1663708413517017636%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ans%3A1663708410365%3Aadb%3A2%3Arqnl%3A1%3Ast%3A1663708414&t=gdpr(14)mc(p-7-h-1)clc(0-0-0)aw(1)rqnt(2)rqnl(1)ti(2) HTTP/1.1
Host: mc.yandex.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Content-Length: 45
Origin: https://xfantazy.com
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-length: 43
date: Tue, 20 Sep 2022 21:13:34 GMT
access-control-allow-origin: https://xfantazy.com
access-control-allow-credentials: true
pragma: no-cache
x-xss-protection: 1; mode=block
expires: Tue, 20-Sep-2022 21:13:34 GMT
last-modified: Tue, 20-Sep-2022 21:13:34 GMT
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
content-type: image/gif
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
mc.yandex.ru/watch/49415098/1?page-url=https%3A%2F%2Fxfantazy.com%2Fvideo%2F6034cee1d7357618a3d2dc9d&charset=utf-8&hittoken=1663708413_63b858021ebe6eb7fa3778e4e4962cda2b3e9dcfa8177ff5effda31c985a7a16&browser-info=pa%3A1%3Aar%3A1%3Agdpr%3A14%3Avf%3Aat6op7b9z7b01ildvcz5k%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A903%3Acn%3A1%3Adp%3A0%3Als%3A1357840599175%3Ahid%3A855902350%3Az%3A0%3Ai%3A20220920211334%3Aet%3A1663708414%3Ac%3A1%3Arn%3A369883796%3Arqn%3A3%3Au%3A1663708413517017636%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ans%3A1663708410365%3Aadb%3A2%3Arqnl%3A1%3Ast%3A1663708414&t=gdpr(14)mc(p-7-h-1)clc(0-0-0)aw(1)rqnt(3)rqnl(1)ti(2)
93.158.134.119200 OK 43 B URL HTTP/2 mc.yandex.ru/watch/49415098/1?page-url=https%3A%2F%2Fxfantazy.com%2Fvideo%2F6034cee1d7357618a3d2dc9d&charset=utf-8&hittoken=1663708413_63b858021ebe6eb7fa3778e4e4962cda2b3e9dcfa8177ff5effda31c985a7a16&browser-info=pa%3A1%3Aar%3A1%3Agdpr%3A14%3Avf%3Aat6op7b9z7b01ildvcz5k%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A903%3Acn%3A1%3Adp%3A0%3Als%3A1357840599175%3Ahid%3A855902350%3Az%3A0%3Ai%3A20220920211334%3Aet%3A1663708414%3Ac%3A1%3Arn%3A369883796%3Arqn%3A3%3Au%3A1663708413517017636%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ans%3A1663708410365%3Aadb%3A2%3Arqnl%3A1%3Ast%3A1663708414&t=gdpr(14)mc(p-7-h-1)clc(0-0-0)aw(1)rqnt(3)rqnl(1)ti(2)
IP 93.158.134.119:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash df3e567d6f16d040326c7a0ea29a4f41
ea7df583983133b62712b5e73bffbcd45cc53736
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
POST /watch/49415098/1?page-url=https%3A%2F%2Fxfantazy.com%2Fvideo%2F6034cee1d7357618a3d2dc9d&charset=utf-8&hittoken=1663708413_63b858021ebe6eb7fa3778e4e4962cda2b3e9dcfa8177ff5effda31c985a7a16&browser-info=pa%3A1%3Aar%3A1%3Agdpr%3A14%3Avf%3Aat6op7b9z7b01ildvcz5k%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A903%3Acn%3A1%3Adp%3A0%3Als%3A1357840599175%3Ahid%3A855902350%3Az%3A0%3Ai%3A20220920211334%3Aet%3A1663708414%3Ac%3A1%3Arn%3A369883796%3Arqn%3A3%3Au%3A1663708413517017636%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ans%3A1663708410365%3Aadb%3A2%3Arqnl%3A1%3Ast%3A1663708414&t=gdpr(14)mc(p-7-h-1)clc(0-0-0)aw(1)rqnt(3)rqnl(1)ti(2) HTTP/1.1
Host: mc.yandex.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Content-Length: 52
Origin: https://xfantazy.com
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-length: 43
date: Tue, 20 Sep 2022 21:13:34 GMT
access-control-allow-origin: https://xfantazy.com
access-control-allow-credentials: true
pragma: no-cache
x-xss-protection: 1; mode=block
expires: Tue, 20-Sep-2022 21:13:34 GMT
last-modified: Tue, 20-Sep-2022 21:13:34 GMT
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
content-type: image/gif
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
e1.o.lencr.org/
23.36.77.32200 OK 345 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 737cc6f4b8c7d91c15f348a27d8322ec
5b99cbda2ec6f3ff0b8b9115bd8ba096db9ce4f1
685c08333c217cd90d1742bc7d1ab85801ed350e4f5189e575dac285156128eb
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "685C08333C217CD90D1742BC7D1AB85801ED350E4F5189E575DAC285156128EB"
Last-Modified: Mon, 19 Sep 2022 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12100
Expires: Wed, 21 Sep 2022 00:35:14 GMT
Date: Tue, 20 Sep 2022 21:13:34 GMT
Connection: keep-alive
mc.yandex.ru/watch/49415098/1?page-url=https%3A%2F%2Fxfantazy.com%2Fvideo%2F6034cee1d7357618a3d2dc9d&charset=utf-8&hittoken=1663708413_63b858021ebe6eb7fa3778e4e4962cda2b3e9dcfa8177ff5effda31c985a7a16&browser-info=pa%3A1%3Aar%3A1%3Agdpr%3A14%3Avf%3Aat6op7b9z7b01ildvcz5k%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A903%3Acn%3A1%3Adp%3A0%3Als%3A1357840599175%3Ahid%3A855902350%3Az%3A0%3Ai%3A20220920211334%3Aet%3A1663708414%3Ac%3A1%3Arn%3A307592496%3Arqn%3A5%3Au%3A1663708413517017636%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ans%3A1663708410365%3Aadb%3A2%3Arqnl%3A1%3Ast%3A1663708414&t=gdpr(14)mc(p-7-h-1)clc(0-0-0)aw(1)rqnt(5)rqnl(1)ti(2)
93.158.134.119200 OK 43 B URL HTTP/2 mc.yandex.ru/watch/49415098/1?page-url=https%3A%2F%2Fxfantazy.com%2Fvideo%2F6034cee1d7357618a3d2dc9d&charset=utf-8&hittoken=1663708413_63b858021ebe6eb7fa3778e4e4962cda2b3e9dcfa8177ff5effda31c985a7a16&browser-info=pa%3A1%3Aar%3A1%3Agdpr%3A14%3Avf%3Aat6op7b9z7b01ildvcz5k%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A903%3Acn%3A1%3Adp%3A0%3Als%3A1357840599175%3Ahid%3A855902350%3Az%3A0%3Ai%3A20220920211334%3Aet%3A1663708414%3Ac%3A1%3Arn%3A307592496%3Arqn%3A5%3Au%3A1663708413517017636%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ans%3A1663708410365%3Aadb%3A2%3Arqnl%3A1%3Ast%3A1663708414&t=gdpr(14)mc(p-7-h-1)clc(0-0-0)aw(1)rqnt(5)rqnl(1)ti(2)
IP 93.158.134.119:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash df3e567d6f16d040326c7a0ea29a4f41
ea7df583983133b62712b5e73bffbcd45cc53736
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
POST /watch/49415098/1?page-url=https%3A%2F%2Fxfantazy.com%2Fvideo%2F6034cee1d7357618a3d2dc9d&charset=utf-8&hittoken=1663708413_63b858021ebe6eb7fa3778e4e4962cda2b3e9dcfa8177ff5effda31c985a7a16&browser-info=pa%3A1%3Aar%3A1%3Agdpr%3A14%3Avf%3Aat6op7b9z7b01ildvcz5k%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A903%3Acn%3A1%3Adp%3A0%3Als%3A1357840599175%3Ahid%3A855902350%3Az%3A0%3Ai%3A20220920211334%3Aet%3A1663708414%3Ac%3A1%3Arn%3A307592496%3Arqn%3A5%3Au%3A1663708413517017636%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ans%3A1663708410365%3Aadb%3A2%3Arqnl%3A1%3Ast%3A1663708414&t=gdpr(14)mc(p-7-h-1)clc(0-0-0)aw(1)rqnt(5)rqnl(1)ti(2) HTTP/1.1
Host: mc.yandex.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Content-Length: 39
Origin: https://xfantazy.com
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-length: 43
date: Tue, 20 Sep 2022 21:13:34 GMT
access-control-allow-origin: https://xfantazy.com
access-control-allow-credentials: true
pragma: no-cache
x-xss-protection: 1; mode=block
expires: Tue, 20-Sep-2022 21:13:34 GMT
last-modified: Tue, 20-Sep-2022 21:13:34 GMT
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
content-type: image/gif
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
mc.yandex.ru/watch/49415098/1?page-url=https%3A%2F%2Fxfantazy.com%2Fvideo%2F6034cee1d7357618a3d2dc9d&charset=utf-8&hittoken=1663708413_63b858021ebe6eb7fa3778e4e4962cda2b3e9dcfa8177ff5effda31c985a7a16&browser-info=pa%3A1%3Aar%3A1%3Agdpr%3A14%3Avf%3Aat6op7b9z7b01ildvcz5k%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A903%3Acn%3A1%3Adp%3A0%3Als%3A1357840599175%3Ahid%3A855902350%3Az%3A0%3Ai%3A20220920211334%3Aet%3A1663708414%3Ac%3A1%3Arn%3A228773709%3Arqn%3A6%3Au%3A1663708413517017636%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ans%3A1663708410365%3Aadb%3A2%3Arqnl%3A1%3Ast%3A1663708414&t=gdpr(14)mc(p-7-h-1)clc(0-0-0)aw(1)rqnt(6)rqnl(1)ti(2)
93.158.134.119200 OK 43 B URL HTTP/2 mc.yandex.ru/watch/49415098/1?page-url=https%3A%2F%2Fxfantazy.com%2Fvideo%2F6034cee1d7357618a3d2dc9d&charset=utf-8&hittoken=1663708413_63b858021ebe6eb7fa3778e4e4962cda2b3e9dcfa8177ff5effda31c985a7a16&browser-info=pa%3A1%3Aar%3A1%3Agdpr%3A14%3Avf%3Aat6op7b9z7b01ildvcz5k%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A903%3Acn%3A1%3Adp%3A0%3Als%3A1357840599175%3Ahid%3A855902350%3Az%3A0%3Ai%3A20220920211334%3Aet%3A1663708414%3Ac%3A1%3Arn%3A228773709%3Arqn%3A6%3Au%3A1663708413517017636%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ans%3A1663708410365%3Aadb%3A2%3Arqnl%3A1%3Ast%3A1663708414&t=gdpr(14)mc(p-7-h-1)clc(0-0-0)aw(1)rqnt(6)rqnl(1)ti(2)
IP 93.158.134.119:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash df3e567d6f16d040326c7a0ea29a4f41
ea7df583983133b62712b5e73bffbcd45cc53736
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
POST /watch/49415098/1?page-url=https%3A%2F%2Fxfantazy.com%2Fvideo%2F6034cee1d7357618a3d2dc9d&charset=utf-8&hittoken=1663708413_63b858021ebe6eb7fa3778e4e4962cda2b3e9dcfa8177ff5effda31c985a7a16&browser-info=pa%3A1%3Aar%3A1%3Agdpr%3A14%3Avf%3Aat6op7b9z7b01ildvcz5k%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A903%3Acn%3A1%3Adp%3A0%3Als%3A1357840599175%3Ahid%3A855902350%3Az%3A0%3Ai%3A20220920211334%3Aet%3A1663708414%3Ac%3A1%3Arn%3A228773709%3Arqn%3A6%3Au%3A1663708413517017636%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ans%3A1663708410365%3Aadb%3A2%3Arqnl%3A1%3Ast%3A1663708414&t=gdpr(14)mc(p-7-h-1)clc(0-0-0)aw(1)rqnt(6)rqnl(1)ti(2) HTTP/1.1
Host: mc.yandex.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Content-Length: 108
Origin: https://xfantazy.com
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-length: 43
date: Tue, 20 Sep 2022 21:13:34 GMT
access-control-allow-origin: https://xfantazy.com
access-control-allow-credentials: true
pragma: no-cache
x-xss-protection: 1; mode=block
expires: Tue, 20-Sep-2022 21:13:34 GMT
last-modified: Tue, 20-Sep-2022 21:13:34 GMT
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
content-type: image/gif
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
exerciseundergone.com/sbar.json?key=a2f990f10476061c719d1c1aa3a2ecd2&uuid=0300d0bf-fbfe-4711-9541-1997cabdaa46%3A1%3A1
173.233.137.36200 OK 4.2 kB URL HTTP/1.1 exerciseundergone.com/sbar.json?key=a2f990f10476061c719d1c1aa3a2ecd2&uuid=0300d0bf-fbfe-4711-9541-1997cabdaa46%3A1%3A1
IP 173.233.137.36:0
File type JSON data\012- , ASCII text, with very long lines (5702), with no line terminators
Hash eaf321722f7db772de13f174529f2995
e7fa3c44d13ce00c168104250ae3c50c9c180e14
8c62cdb2944b3eb00ad7e0a6529e7c9291a231ecd5bb0faed22b632eaf65301a
Analyzer Verdict Alert quad9 Sinkholed
GET /sbar.json?key=a2f990f10476061c719d1c1aa3a2ecd2&uuid=0300d0bf-fbfe-4711-9541-1997cabdaa46%3A1%3A1 HTTP/1.1
Host: exerciseundergone.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://xfantazy.com
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Tue, 20 Sep 2022 21:13:34 GMT
Content-Type: text/plain; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA-Full-Version-ListSec-CH-UA-MobileSec-CH-UA-Platform,Sec-CH-UA-Mobile,Sec-CH-UA-Platform,Sec-CH-UA-PlatformSec-CH-UA-ModelSec-CH-UA-Mobile,Sec-CH-UA-PlatformSec-CH-UA-Platform-Version,Sec-CH-UASec-CH-UA-MobileSec-CH-UA-Platform,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: https://xfantazy.com
Access-Control-Allow-Origin: https://xfantazy.com
Access-Control-Allow-Credentials: true
Set-Cookie: u_pl=15600826; expires=Wed, 21 Sep 2022 21:13:34 GMT; secure; SameSite=None
uid_id2=0300d0bf-fbfe-4711-9541-1997cabdaa46:1:1; expires=Tue, 27 Sep 2022 21:13:34 GMT; secure; SameSite=None
pdhtkv=true; expires=Wed, 21 Sep 2022 21:13:34 GMT; secure; SameSite=None
uncs=1; expires=Wed, 21 Sep 2022 21:13:34 GMT; secure; SameSite=None
pdhtkv29=true; expires=Wed, 21 Sep 2022 21:13:34 GMT; secure; SameSite=None
uncs29=1; expires=Wed, 21 Sep 2022 21:13:34 GMT; secure; SameSite=None
sleca2f990f10476061c719d1c1aa3a2ecd2=[3364901]; expires=Tue, 20 Sep 2022 21:13:39 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 320cd3dc082c35e71276d275dc02dbfc
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
mc.yandex.ru/watch/49415098/1?page-url=https%3A%2F%2Fxfantazy.com%2Fvideo%2F6034cee1d7357618a3d2dc9d&charset=utf-8&hittoken=1663708413_63b858021ebe6eb7fa3778e4e4962cda2b3e9dcfa8177ff5effda31c985a7a16&browser-info=pa%3A1%3Aar%3A1%3Agdpr%3A14%3Avf%3Aat6op7b9z7b01ildvcz5k%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A903%3Acn%3A1%3Adp%3A0%3Als%3A1357840599175%3Ahid%3A855902350%3Az%3A0%3Ai%3A20220920211334%3Aet%3A1663708414%3Ac%3A1%3Arn%3A126536316%3Arqn%3A7%3Au%3A1663708413517017636%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ans%3A1663708410365%3Aadb%3A2%3Arqnl%3A1%3Ast%3A1663708414&t=gdpr(14)mc(p-7-h-1)clc(0-0-0)aw(1)rqnt(7)rqnl(1)ti(2)
93.158.134.119200 OK 43 B URL HTTP/2 mc.yandex.ru/watch/49415098/1?page-url=https%3A%2F%2Fxfantazy.com%2Fvideo%2F6034cee1d7357618a3d2dc9d&charset=utf-8&hittoken=1663708413_63b858021ebe6eb7fa3778e4e4962cda2b3e9dcfa8177ff5effda31c985a7a16&browser-info=pa%3A1%3Aar%3A1%3Agdpr%3A14%3Avf%3Aat6op7b9z7b01ildvcz5k%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A903%3Acn%3A1%3Adp%3A0%3Als%3A1357840599175%3Ahid%3A855902350%3Az%3A0%3Ai%3A20220920211334%3Aet%3A1663708414%3Ac%3A1%3Arn%3A126536316%3Arqn%3A7%3Au%3A1663708413517017636%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ans%3A1663708410365%3Aadb%3A2%3Arqnl%3A1%3Ast%3A1663708414&t=gdpr(14)mc(p-7-h-1)clc(0-0-0)aw(1)rqnt(7)rqnl(1)ti(2)
IP 93.158.134.119:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash df3e567d6f16d040326c7a0ea29a4f41
ea7df583983133b62712b5e73bffbcd45cc53736
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
POST /watch/49415098/1?page-url=https%3A%2F%2Fxfantazy.com%2Fvideo%2F6034cee1d7357618a3d2dc9d&charset=utf-8&hittoken=1663708413_63b858021ebe6eb7fa3778e4e4962cda2b3e9dcfa8177ff5effda31c985a7a16&browser-info=pa%3A1%3Aar%3A1%3Agdpr%3A14%3Avf%3Aat6op7b9z7b01ildvcz5k%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A903%3Acn%3A1%3Adp%3A0%3Als%3A1357840599175%3Ahid%3A855902350%3Az%3A0%3Ai%3A20220920211334%3Aet%3A1663708414%3Ac%3A1%3Arn%3A126536316%3Arqn%3A7%3Au%3A1663708413517017636%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ans%3A1663708410365%3Aadb%3A2%3Arqnl%3A1%3Ast%3A1663708414&t=gdpr(14)mc(p-7-h-1)clc(0-0-0)aw(1)rqnt(7)rqnl(1)ti(2) HTTP/1.1
Host: mc.yandex.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Content-Length: 98
Origin: https://xfantazy.com
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-length: 43
date: Tue, 20 Sep 2022 21:13:34 GMT
access-control-allow-origin: https://xfantazy.com
access-control-allow-credentials: true
pragma: no-cache
x-xss-protection: 1; mode=block
expires: Tue, 20-Sep-2022 21:13:34 GMT
last-modified: Tue, 20-Sep-2022 21:13:34 GMT
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
content-type: image/gif
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
mc.yandex.ru/watch/49415098?wmode=7&page-url=https%3A%2F%2Fxfantazy.com%2Fvideo%2F6034cee1d7357618a3d2dc9d&charset=utf-8&browser-info=pv%3A1%3Agdpr%3A14%3Avf%3Aat6op7b9z7b01ildvcz5k%3Afp%3A1744%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A903%3Acn%3A1%3Adp%3A0%3Als%3A1357840599175%3Ahid%3A855902350%3Az%3A0%3Ai%3A20220920211333%3Aet%3A1663708413%3Ac%3A1%3Arn%3A457177162%3Arqn%3A1%3Au%3A1663708413517017636%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ads%3A0%2C28%2C902%2C0%2C292%2C0%2C%2C291%2C16%2C%2C%2C%2C1778%3Ans%3A1663708410365%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1663708414%3At%3Acreampie%20%7C%20Helena%20Douglas%20(%20Dead%20or%20Alive%20)%20assembly%20%7C%20interracial%20-%20XFantazy.com&t=gdpr(14)clc(0-0-0)aw(1)rqnt(1)fip(1)rqnl(1)ti(2)
93.158.134.119302 Found 43 B URL HTTP/2 mc.yandex.ru/watch/49415098?wmode=7&page-url=https%3A%2F%2Fxfantazy.com%2Fvideo%2F6034cee1d7357618a3d2dc9d&charset=utf-8&browser-info=pv%3A1%3Agdpr%3A14%3Avf%3Aat6op7b9z7b01ildvcz5k%3Afp%3A1744%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A903%3Acn%3A1%3Adp%3A0%3Als%3A1357840599175%3Ahid%3A855902350%3Az%3A0%3Ai%3A20220920211333%3Aet%3A1663708413%3Ac%3A1%3Arn%3A457177162%3Arqn%3A1%3Au%3A1663708413517017636%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ads%3A0%2C28%2C902%2C0%2C292%2C0%2C%2C291%2C16%2C%2C%2C%2C1778%3Ans%3A1663708410365%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1663708414%3At%3Acreampie%20%7C%20Helena%20Douglas%20(%20Dead%20or%20Alive%20)%20assembly%20%7C%20interracial%20-%20XFantazy.com&t=gdpr(14)clc(0-0-0)aw(1)rqnt(1)fip(1)rqnl(1)ti(2)
IP 93.158.134.119:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash df3e567d6f16d040326c7a0ea29a4f41
ea7df583983133b62712b5e73bffbcd45cc53736
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
GET /watch/49415098?wmode=7&page-url=https%3A%2F%2Fxfantazy.com%2Fvideo%2F6034cee1d7357618a3d2dc9d&charset=utf-8&browser-info=pv%3A1%3Agdpr%3A14%3Avf%3Aat6op7b9z7b01ildvcz5k%3Afp%3A1744%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A903%3Acn%3A1%3Adp%3A0%3Als%3A1357840599175%3Ahid%3A855902350%3Az%3A0%3Ai%3A20220920211333%3Aet%3A1663708413%3Ac%3A1%3Arn%3A457177162%3Arqn%3A1%3Au%3A1663708413517017636%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ads%3A0%2C28%2C902%2C0%2C292%2C0%2C%2C291%2C16%2C%2C%2C%2C1778%3Ans%3A1663708410365%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1663708414%3At%3Acreampie%20%7C%20Helena%20Douglas%20(%20Dead%20or%20Alive%20)%20assembly%20%7C%20interracial%20-%20XFantazy.com&t=gdpr(14)clc(0-0-0)aw(1)rqnt(1)fip(1)rqnl(1)ti(2) HTTP/1.1
Host: mc.yandex.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://xfantazy.com
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
location: /watch/49415098/1?wmode=7&page-url=https%3A%2F%2Fxfantazy.com%2Fvideo%2F6034cee1d7357618a3d2dc9d&charset=utf-8&browser-info=pv%3A1%3Agdpr%3A14%3Avf%3Aat6op7b9z7b01ildvcz5k%3Afp%3A1744%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A903%3Acn%3A1%3Adp%3A0%3Als%3A1357840599175%3Ahid%3A855902350%3Az%3A0%3Ai%3A20220920211333%3Aet%3A1663708413%3Ac%3A1%3Arn%3A457177162%3Arqn%3A1%3Au%3A1663708413517017636%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ads%3A0%2C28%2C902%2C0%2C292%2C0%2C%2C291%2C16%2C%2C%2C%2C1778%3Ans%3A1663708410365%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1663708414%3At%3Acreampie%20%7C%20Helena%20Douglas%20%28%20Dead%20or%20Alive%20%29%20assembly%20%7C%20interracial%20-%20XFantazy.com&t=gdpr%2814%29clc%280-0-0%29aw%281%29rqnt%281%29fip%281%29rqnl%281%29ti%282%29
date: Tue, 20 Sep 2022 21:13:33 GMT
access-control-allow-origin: https://xfantazy.com
set-cookie: yandexuid=672553241663708413; Expires=Wed, 20-Sep-2023 21:13:33 GMT; Domain=.yandex.ru; Path=/; SameSite=None; Secure
yuidss=672553241663708413; Expires=Wed, 20-Sep-2023 21:13:33 GMT; Domain=.yandex.ru; Path=/; SameSite=None; Secure
yabs-sid=2454128131663708413; Path=/; SameSite=None; Secure
i=eIOYYMlaiMxoMHt7UCApz6hPcf81lMZVOc8gKbcgaDvz94PD3QFqI2HSUm3njmIJkUFQw21scc2U0OgcQs8BHjuCe0U=; Expires=Fri, 17-Sep-2032 21:13:32 GMT; Domain=.yandex.ru; Path=/; Secure; HttpOnly; SameSite=None
ymex=1695244413.yrts.1663708413#1695244413.yrtsi.1663708413; Expires=Wed, 20-Sep-2023 21:13:33 GMT; Domain=.yandex.ru; Path=/; SameSite=None; Secure
access-control-allow-credentials: true
pragma: no-cache
x-xss-protection: 1; mode=block
expires: Tue, 20-Sep-2022 21:13:33 GMT
last-modified: Tue, 20-Sep-2022 21:13:33 GMT
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
mc.yandex.ru/watch/49415098/1?page-url=https%3A%2F%2Fxfantazy.com%2Fvideo%2F6034cee1d7357618a3d2dc9d&charset=utf-8&hittoken=1663708413_63b858021ebe6eb7fa3778e4e4962cda2b3e9dcfa8177ff5effda31c985a7a16&browser-info=pa%3A1%3Aar%3A1%3Agdpr%3A14%3Avf%3Aat6op7b9z7b01ildvcz5k%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A903%3Acn%3A1%3Adp%3A0%3Als%3A1357840599175%3Ahid%3A855902350%3Az%3A0%3Ai%3A20220920211334%3Aet%3A1663708414%3Ac%3A1%3Arn%3A1043068139%3Arqn%3A9%3Au%3A1663708413517017636%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ans%3A1663708410365%3Aadb%3A2%3Arqnl%3A1%3Ast%3A1663708414&t=gdpr(14)mc(p-7-h-1)clc(0-0-0)aw(1)rqnt(9)rqnl(1)ti(2)
93.158.134.119200 OK 43 B URL HTTP/2 mc.yandex.ru/watch/49415098/1?page-url=https%3A%2F%2Fxfantazy.com%2Fvideo%2F6034cee1d7357618a3d2dc9d&charset=utf-8&hittoken=1663708413_63b858021ebe6eb7fa3778e4e4962cda2b3e9dcfa8177ff5effda31c985a7a16&browser-info=pa%3A1%3Aar%3A1%3Agdpr%3A14%3Avf%3Aat6op7b9z7b01ildvcz5k%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A903%3Acn%3A1%3Adp%3A0%3Als%3A1357840599175%3Ahid%3A855902350%3Az%3A0%3Ai%3A20220920211334%3Aet%3A1663708414%3Ac%3A1%3Arn%3A1043068139%3Arqn%3A9%3Au%3A1663708413517017636%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ans%3A1663708410365%3Aadb%3A2%3Arqnl%3A1%3Ast%3A1663708414&t=gdpr(14)mc(p-7-h-1)clc(0-0-0)aw(1)rqnt(9)rqnl(1)ti(2)
IP 93.158.134.119:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash df3e567d6f16d040326c7a0ea29a4f41
ea7df583983133b62712b5e73bffbcd45cc53736
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
POST /watch/49415098/1?page-url=https%3A%2F%2Fxfantazy.com%2Fvideo%2F6034cee1d7357618a3d2dc9d&charset=utf-8&hittoken=1663708413_63b858021ebe6eb7fa3778e4e4962cda2b3e9dcfa8177ff5effda31c985a7a16&browser-info=pa%3A1%3Aar%3A1%3Agdpr%3A14%3Avf%3Aat6op7b9z7b01ildvcz5k%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A903%3Acn%3A1%3Adp%3A0%3Als%3A1357840599175%3Ahid%3A855902350%3Az%3A0%3Ai%3A20220920211334%3Aet%3A1663708414%3Ac%3A1%3Arn%3A1043068139%3Arqn%3A9%3Au%3A1663708413517017636%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ans%3A1663708410365%3Aadb%3A2%3Arqnl%3A1%3Ast%3A1663708414&t=gdpr(14)mc(p-7-h-1)clc(0-0-0)aw(1)rqnt(9)rqnl(1)ti(2) HTTP/1.1
Host: mc.yandex.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Content-Length: 98
Origin: https://xfantazy.com
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-length: 43
date: Tue, 20 Sep 2022 21:13:34 GMT
access-control-allow-origin: https://xfantazy.com
access-control-allow-credentials: true
pragma: no-cache
x-xss-protection: 1; mode=block
expires: Tue, 20-Sep-2022 21:13:34 GMT
last-modified: Tue, 20-Sep-2022 21:13:34 GMT
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
content-type: image/gif
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
creepingbrings.com/sfp.js
172.64.104.16200 OK 23 kB URL HTTP/2 creepingbrings.com/sfp.js
IP 172.64.104.16:0
File type Unicode text, UTF-8 text, with very long lines (65529), with no line terminators
Hash 600fafa90a357ba59de46876312dbd3e
2b8fdd50e545689f3cae01f97f4a9144114541ba
a0bc242e3b0275fa378fbd23c2ff4dfb7e42728fc7dc606c5475491786b0d412
GET /sfp.js HTTP/1.1
Host: creepingbrings.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Tue, 20 Sep 2022 21:13:33 GMT
content-type: application/javascript; charset=utf-8
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
access-control-allow-origin: *
expires: Thu, 01 Jan 1970 00:00:01 GMT
cache-control: max-age=14400
x-request-id: 4196b5696415979aeccee9ae1afa867c
strict-transport-security: max-age=0; includeSubdomains
cf-cache-status: EXPIRED
last-modified: Tue, 20 Sep 2022 21:13:33 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=N5xOB9fzs1LdmHpAFdlFUyrTXXsiiLplyg8Ng5F3Q%2FoaklHcggH160ng4Gf0cLGc6re81tzQTQnVrsoJm4WMVGsuZbJ2BG51k8mDe2Jed2z9VkSNqqqRfXQrWX%2FZ0LM6SQbnnpg%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 74dd90d23d5372eb-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
kazanwhoeveryowl.com/pixel/purst?dl=0&th=0&sc=0&rs=3824&rd=3824&fd=501&bv=22.8.v.2&tmpl=136
192.243.61.227200 OK 0 B URL HTTP/1.1 kazanwhoeveryowl.com/pixel/purst?dl=0&th=0&sc=0&rs=3824&rd=3824&fd=501&bv=22.8.v.2&tmpl=136
IP 192.243.61.227:0
ASN #39572 DataWeb Global Group B.V.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /pixel/purst?dl=0&th=0&sc=0&rs=3824&rd=3824&fd=501&bv=22.8.v.2&tmpl=136 HTTP/1.1
Host: kazanwhoeveryowl.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.22.0
Date: Tue, 20 Sep 2022 21:13:34 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
static-cache.k2s.cc/thumbnail/IeSUvnb0zqbl_2qSqQ/w320h240/0.jpeg
188.72.235.186200 OK 18 kB URL HTTP/2 static-cache.k2s.cc/thumbnail/IeSUvnb0zqbl_2qSqQ/w320h240/0.jpeg
IP 188.72.235.186:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v80), quality = 80", baseline, precision 8, 320x240, components 3\012- data
Hash 98e3efc56db5bcff71f3e26434908bf0
0e220c1aa0bac384b586f4915cf6272944ae8a49
df7e85f70ffaf81fcdc67401b4a34ef7a66ced07cce3751793778e6527e6a041
GET /thumbnail/IeSUvnb0zqbl_2qSqQ/w320h240/0.jpeg HTTP/1.1
Host: static-cache.k2s.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: openresty
date: Tue, 20 Sep 2022 21:13:34 GMT
content-type: image/jpeg
content-length: 17733
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
access-control-allow-origin: *
x-cache-status: HIT
X-Firefox-Spdy: h2
static-cache.k2s.cc/thumbnail/cO7Gv3Smz_2_-W-R_Q/w320h240/0.jpeg
188.72.235.186200 OK 11 kB URL HTTP/2 static-cache.k2s.cc/thumbnail/cO7Gv3Smz_2_-W-R_Q/w320h240/0.jpeg
IP 188.72.235.186:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v80), quality = 80", baseline, precision 8, 320x240, components 3\012- data
Hash a2e4489946eb04386888babbe64bb730
7b87eb045abda2828131ebb0ef6fe4ea0b551e5d
bed58de7d2dd0109f885b54d7378ccd82e464e7392b2550e3b4f61a32feb01bc
GET /thumbnail/cO7Gv3Smz_2_-W-R_Q/w320h240/0.jpeg HTTP/1.1
Host: static-cache.k2s.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: openresty
date: Tue, 20 Sep 2022 21:13:34 GMT
content-type: image/jpeg
content-length: 11408
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
access-control-allow-origin: *
x-cache-status: HIT
X-Firefox-Spdy: h2
static-cache.k2s.cc/thumbnail/driTviP3nvi4-j6T_A/w320h240/0.jpeg
188.72.235.186200 OK 11 kB URL HTTP/2 static-cache.k2s.cc/thumbnail/driTviP3nvi4-j6T_A/w320h240/0.jpeg
IP 188.72.235.186:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v80), quality = 80", baseline, precision 8, 320x240, components 3\012- data
Hash 78017fcfc1c1e1a62f15c81ecd4959d2
f36a36b3736ff16898ab3d8658527173efc69377
bbb8d441555b1e4f52785ee71643082e4e4dec68c9ddfda4f795ac05ea7478e3
GET /thumbnail/driTviP3nvi4-j6T_A/w320h240/0.jpeg HTTP/1.1
Host: static-cache.k2s.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: openresty
date: Tue, 20 Sep 2022 21:13:34 GMT
content-type: image/jpeg
content-length: 11191
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
access-control-allow-origin: *
x-cache-status: HIT
X-Firefox-Spdy: h2
static-cache.k2s.cc/thumbnail/IbiW7yCmw6_prmrG-Q/w320h240/0.jpeg
188.72.235.186200 OK 13 kB URL HTTP/2 static-cache.k2s.cc/thumbnail/IbiW7yCmw6_prmrG-Q/w320h240/0.jpeg
IP 188.72.235.186:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v80), quality = 80", baseline, precision 8, 320x240, components 3\012- data
Hash ad9aa367ddb5fa7f20cee3eed1dc80a6
8955613ae22ddfc0a5786dcc1f9cd564ba4d6732
8564636cd543c59551a0ad087c53314237399d96f4d5cd913c09ca6a84f1a3a7
GET /thumbnail/IbiW7yCmw6_prmrG-Q/w320h240/0.jpeg HTTP/1.1
Host: static-cache.k2s.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: openresty
date: Tue, 20 Sep 2022 21:13:34 GMT
content-type: image/jpeg
content-length: 12734
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
access-control-allow-origin: *
x-cache-status: HIT
X-Firefox-Spdy: h2
static-cache.k2s.cc/thumbnail/J-6XvyX1zP29qzTE_w/w320h240/0.jpeg
188.72.235.186200 OK 9.6 kB URL HTTP/2 static-cache.k2s.cc/thumbnail/J-6XvyX1zP29qzTE_w/w320h240/0.jpeg
IP 188.72.235.186:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v80), quality = 80", baseline, precision 8, 320x240, components 3\012- data
Hash 1f1c9b494163f7f98d0a91ce04b7930d
d73a56ec10a7697212fa8df3f88bf0ee8f73a593
d86fc707d91539801a38b8173119216913d53b2aa968fe92735991010aaed56e
GET /thumbnail/J-6XvyX1zP29qzTE_w/w320h240/0.jpeg HTTP/1.1
Host: static-cache.k2s.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: openresty
date: Tue, 20 Sep 2022 21:13:34 GMT
content-type: image/jpeg
content-length: 9621
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
access-control-allow-origin: *
x-cache-status: HIT
X-Firefox-Spdy: h2
static-cache.k2s.cc/thumbnail/cLzG7HejzvvsqzrD_A/w320h240/0.jpeg
188.72.235.186200 OK 16 kB URL HTTP/2 static-cache.k2s.cc/thumbnail/cLzG7HejzvvsqzrD_A/w320h240/0.jpeg
IP 188.72.235.186:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v80), quality = 80", baseline, precision 8, 320x240, components 3\012- data
Hash a93bfd90a837a4e341eca74c1dc1ddd5
2e4e5f8e6b844d86beac7d90713860fb9452b29e
dfabf83ca464b670c63b64ba9655a5dbcafb7aa613e8edd021aaa9ce50a4da0b
GET /thumbnail/cLzG7HejzvvsqzrD_A/w320h240/0.jpeg HTTP/1.1
Host: static-cache.k2s.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: openresty
date: Tue, 20 Sep 2022 21:13:34 GMT
content-type: image/jpeg
content-length: 15753
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
access-control-allow-origin: *
x-cache-status: HIT
X-Firefox-Spdy: h2
static-cache.k2s.cc/thumbnail/cuqW63KuyazoqzvC_g/w320h240/0.jpeg
188.72.235.186200 OK 21 kB URL HTTP/2 static-cache.k2s.cc/thumbnail/cuqW63KuyazoqzvC_g/w320h240/0.jpeg
IP 188.72.235.186:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v80), quality = 80", baseline, precision 8, 320x240, components 3\012- data
Hash 4e6b4c101fdfbea59d02de64754205bd
9641ff4743c9bdb27fc48b77bccf2cd1e573673c
ba4f3539c75de013700cd55adf244c1c50ff25377fd94f7c1f9f0170f0bf96e9
GET /thumbnail/cuqW63KuyazoqzvC_g/w320h240/0.jpeg HTTP/1.1
Host: static-cache.k2s.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: openresty
date: Tue, 20 Sep 2022 21:13:34 GMT
content-type: image/jpeg
content-length: 21063
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
access-control-allow-origin: *
x-cache-status: HIT
X-Firefox-Spdy: h2
static-cache.k2s.cc/thumbnail/JezGv3b1wqe6rTWT9g/w320h240/0.jpeg
188.72.235.186200 OK 13 kB URL HTTP/2 static-cache.k2s.cc/thumbnail/JezGv3b1wqe6rTWT9g/w320h240/0.jpeg
IP 188.72.235.186:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v80), quality = 80", baseline, precision 8, 320x240, components 3\012- data
Hash 6a808aa0bd8b5474b27b512ef92766a2
55494bd5ec7136e57769536325036a32f561525f
e1955af42ebe0eb631d7ef7d6f8eda5b72e298b03eb1682c51665d3e08f84acf
GET /thumbnail/JezGv3b1wqe6rTWT9g/w320h240/0.jpeg HTTP/1.1
Host: static-cache.k2s.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: openresty
date: Tue, 20 Sep 2022 21:13:34 GMT
content-type: image/jpeg
content-length: 12795
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
access-control-allow-origin: *
x-cache-status: HIT
X-Firefox-Spdy: h2
static-cache.k2s.cc/thumbnail/dbmau3Cmm6e4-jjGrg/w320h240/0.jpeg
188.72.235.186200 OK 12 kB URL HTTP/2 static-cache.k2s.cc/thumbnail/dbmau3Cmm6e4-jjGrg/w320h240/0.jpeg
IP 188.72.235.186:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v80), quality = 80", baseline, precision 8, 320x240, components 3\012- data
Hash e35186761fc600c30d1a3e8f54ff047c
cee108a5995282f8712d08fa9a6aec44492adbdf
3703ffd624ea62646b347a0ef7fb9a036a99a0d7c6d2dd38ea851d385cf86504
GET /thumbnail/dbmau3Cmm6e4-jjGrg/w320h240/0.jpeg HTTP/1.1
Host: static-cache.k2s.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: openresty
date: Tue, 20 Sep 2022 21:13:34 GMT
content-type: image/jpeg
content-length: 11554
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
access-control-allow-origin: *
x-cache-status: HIT
X-Firefox-Spdy: h2
a.focusde.info/api/spots/395190?host=xfantazy.com&ev=196&wh=939&ww=1280
135.181.208.216200 OK 0 B URL HTTP/2 a.focusde.info/api/spots/395190?host=xfantazy.com&ev=196&wh=939&ww=1280
IP 135.181.208.216:0
ASN #24940 Hetzner Online GmbH
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /api/spots/395190?host=xfantazy.com&ev=196&wh=939&ww=1280 HTTP/1.1
Host: a.focusde.info
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Cookie: nauid=CMjYjSexL4DNQytkRjPW
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 20 Sep 2022 21:13:34 GMT
content-length: 0
cache-control: private
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 279 B IP 93.184.220.29:0
Hash a2b39113a70529527307eb2feae6d112
a91848aee8648b986ee238008b30c19211afee7e
5503aa902278ea78a58fee7b81e884975ce8c4c29c596812b9ca6e6711ad9231
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6332
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Tue, 20 Sep 2022 21:13:34 GMT
Last-Modified: Tue, 20 Sep 2022 19:28:03 GMT
Server: ECS (ska/F6FE)
X-Cache: HIT
Content-Length: 279
exerciseundergone.com/ren.gif?sid=H4sIAAAAAAAC%2F1SSz2skxRvGq3dz%2BMLXg0ouKsocFFQ2k66eSXfGPSzGGAlmf7CruDetrqqelKnpaqq6pycDQthlZY%2Bz%2F0HnmWTDahAFT4KLTBb2kNOOpxzMwT9AEMGTqMxscPSF5n3fft7Dp573%2FXy3OCU%2BCnayetn0ldZscanu116%2FSenF2oZKi16ttxx%2BHDYv1mz3rVZY99%2BovSf5llkMfOr71Ke1NWVlYnqLExEqO2zResuvN4M6XWqiZ%2F%2Fbu8KDYx5E95Q8DyXGc4%2B8eSg%2BQtr5elW6rdxkF97tFJrlxqIrDj5Mt1JTpujMysR6SNKDs2kY92TtIUy6P8WF6f4zGKsx8R4%2FRJwenEEi7u5NOWMNmSIW%2F0fZHUHqERQbgZvbUOIJAbjAlatIO%2FevGFuy7acqm6hjMvf7b1DlmMz9NI%2B089WKVr3aDaOLXJnUoZdUUL0RVHuErDhC3j8HVR6B57egBEHaqaDEyat%2Bw%2FeFHycLSZzIhWZE6UJrqUkXaKsVcRYLxprh1BilRlDJCFoOwJyHYvIpD0Xiocg8dMRJjVNKI19w5i%2B3OG%2BISMah8CmLEsqoHy6j4BP2AfJsAK4H4HYHmd3Blro3JuTWHmzxA9xmBSc8uJygKyqUkqB0BCUjKBVBmROU3WpfaBe46r7QrojpWQ7OcqMamry9y%2FZN3pYp2c1OyXNT13555jtsyZMaC5JWy0%2Bo34xCP6Q8oi1BOWWswQLJRQCnKih3bvrWvhqT%2BZd%2BRjbZ5Gd%2FIWZHcPoIXD0LVrwMVg6jwAfbHDaXffTTw17C0pz1t%2BvcdCBMhSyfQ77t7epT8sKUo3HzNUh%2BfOmT%2BPL41wd%2FgNsKma3wqXpE0NZ3h9dNSfaum9KRb65mueqoPpts9kbOcnn%2Bi%2FfldmmsWF91gwdv84kwKQ8%2FkC7fYKlQaduRL1eUENKuGcsl%2BX7dfSTja4XbXClsWmQb195ZW%2B9kVjqnTDoCU2NCHh%2BDqzH537f706N98c4dKDuCLSp0imNyFlDmCDzbgctm%2FM6ch9WzmTjzUBbV0Abx7KdWBFrOehZXcP%2Fq41m96%2B6ibV8By29Pb7VrK3R1BaYHcMX5YZ7Z40s%2FNqaBWHvDWFtvL9ZW33tqrlMntajR8FnYWqJRxGQUN4PlJKSCsaAZBmHIGsjdmL954c%2B%2FAQAA%2F%2F8BAAD%2F%2F8dlJjt%2FBAAA
173.233.137.36200 OK 7 B URL HTTP/1.1 exerciseundergone.com/ren.gif?sid=H4sIAAAAAAAC%2F1SSz2skxRvGq3dz%2BMLXg0ouKsocFFQ2k66eSXfGPSzGGAlmf7CruDetrqqelKnpaqq6pycDQthlZY%2Bz%2F0HnmWTDahAFT4KLTBb2kNOOpxzMwT9AEMGTqMxscPSF5n3fft7Dp573%2FXy3OCU%2BCnayetn0ldZscanu116%2FSenF2oZKi16ttxx%2BHDYv1mz3rVZY99%2BovSf5llkMfOr71Ke1NWVlYnqLExEqO2zResuvN4M6XWqiZ%2F%2Fbu8KDYx5E95Q8DyXGc4%2B8eSg%2BQtr5elW6rdxkF97tFJrlxqIrDj5Mt1JTpujMysR6SNKDs2kY92TtIUy6P8WF6f4zGKsx8R4%2FRJwenEEi7u5NOWMNmSIW%2F0fZHUHqERQbgZvbUOIJAbjAlatIO%2FevGFuy7acqm6hjMvf7b1DlmMz9NI%2B089WKVr3aDaOLXJnUoZdUUL0RVHuErDhC3j8HVR6B57egBEHaqaDEyat%2Bw%2FeFHycLSZzIhWZE6UJrqUkXaKsVcRYLxprh1BilRlDJCFoOwJyHYvIpD0Xiocg8dMRJjVNKI19w5i%2B3OG%2BISMah8CmLEsqoHy6j4BP2AfJsAK4H4HYHmd3Blro3JuTWHmzxA9xmBSc8uJygKyqUkqB0BCUjKBVBmROU3WpfaBe46r7QrojpWQ7OcqMamry9y%2FZN3pYp2c1OyXNT13555jtsyZMaC5JWy0%2Bo34xCP6Q8oi1BOWWswQLJRQCnKih3bvrWvhqT%2BZd%2BRjbZ5Gd%2FIWZHcPoIXD0LVrwMVg6jwAfbHDaXffTTw17C0pz1t%2BvcdCBMhSyfQ77t7epT8sKUo3HzNUh%2BfOmT%2BPL41wd%2FgNsKma3wqXpE0NZ3h9dNSfaum9KRb65mueqoPpts9kbOcnn%2Bi%2FfldmmsWF91gwdv84kwKQ8%2FkC7fYKlQaduRL1eUENKuGcsl%2BX7dfSTja4XbXClsWmQb195ZW%2B9kVjqnTDoCU2NCHh%2BDqzH537f706N98c4dKDuCLSp0imNyFlDmCDzbgctm%2FM6ch9WzmTjzUBbV0Abx7KdWBFrOehZXcP%2Fq41m96%2B6ibV8By29Pb7VrK3R1BaYHcMX5YZ7Z40s%2FNqaBWHvDWFtvL9ZW33tqrlMntajR8FnYWqJRxGQUN4PlJKSCsaAZBmHIGsjdmL954c%2B%2FAQAA%2F%2F8BAAD%2F%2F8dlJjt%2FBAAA
IP 173.233.137.36:0
File type ASCII text, with no line terminators
Hash 132d6af1b46048b45cf86cdee7991d31
eb7007d03d59b65bc6da7e098c4d38fc6dfb6285
ab852e838deccd742a03ca81d4a8d75cf1a00b327db3eaf46bd7da6b6db9384c
Analyzer Verdict Alert quad9 Sinkholed
GET /ren.gif?sid=H4sIAAAAAAAC%2F1SSz2skxRvGq3dz%2BMLXg0ouKsocFFQ2k66eSXfGPSzGGAlmf7CruDetrqqelKnpaqq6pycDQthlZY%2Bz%2F0HnmWTDahAFT4KLTBb2kNOOpxzMwT9AEMGTqMxscPSF5n3fft7Dp573%2FXy3OCU%2BCnayetn0ldZscanu116%2FSenF2oZKi16ttxx%2BHDYv1mz3rVZY99%2BovSf5llkMfOr71Ke1NWVlYnqLExEqO2zResuvN4M6XWqiZ%2F%2Fbu8KDYx5E95Q8DyXGc4%2B8eSg%2BQtr5elW6rdxkF97tFJrlxqIrDj5Mt1JTpujMysR6SNKDs2kY92TtIUy6P8WF6f4zGKsx8R4%2FRJwenEEi7u5NOWMNmSIW%2F0fZHUHqERQbgZvbUOIJAbjAlatIO%2FevGFuy7acqm6hjMvf7b1DlmMz9NI%2B089WKVr3aDaOLXJnUoZdUUL0RVHuErDhC3j8HVR6B57egBEHaqaDEyat%2Bw%2FeFHycLSZzIhWZE6UJrqUkXaKsVcRYLxprh1BilRlDJCFoOwJyHYvIpD0Xiocg8dMRJjVNKI19w5i%2B3OG%2BISMah8CmLEsqoHy6j4BP2AfJsAK4H4HYHmd3Blro3JuTWHmzxA9xmBSc8uJygKyqUkqB0BCUjKBVBmROU3WpfaBe46r7QrojpWQ7OcqMamry9y%2FZN3pYp2c1OyXNT13555jtsyZMaC5JWy0%2Bo34xCP6Q8oi1BOWWswQLJRQCnKih3bvrWvhqT%2BZd%2BRjbZ5Gd%2FIWZHcPoIXD0LVrwMVg6jwAfbHDaXffTTw17C0pz1t%2BvcdCBMhSyfQ77t7epT8sKUo3HzNUh%2BfOmT%2BPL41wd%2FgNsKma3wqXpE0NZ3h9dNSfaum9KRb65mueqoPpts9kbOcnn%2Bi%2FfldmmsWF91gwdv84kwKQ8%2FkC7fYKlQaduRL1eUENKuGcsl%2BX7dfSTja4XbXClsWmQb195ZW%2B9kVjqnTDoCU2NCHh%2BDqzH537f706N98c4dKDuCLSp0imNyFlDmCDzbgctm%2FM6ch9WzmTjzUBbV0Abx7KdWBFrOehZXcP%2Fq41m96%2B6ibV8By29Pb7VrK3R1BaYHcMX5YZ7Z40s%2FNqaBWHvDWFtvL9ZW33tqrlMntajR8FnYWqJRxGQUN4PlJKSCsaAZBmHIGsjdmL954c%2B%2FAQAA%2F%2F8BAAD%2F%2F8dlJjt%2FBAAA HTTP/1.1
Host: exerciseundergone.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Cookie: u_pl=15600826; uid_id2=0300d0bf-fbfe-4711-9541-1997cabdaa46:1:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1; sleca2f990f10476061c719d1c1aa3a2ecd2=[3364901]
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Tue, 20 Sep 2022 21:13:34 GMT
Content-Type: image/gif
Content-Length: 7
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA-Full-Version-ListSec-CH-UA-MobileSec-CH-UA-Platform,Sec-CH-UA-Mobile,Sec-CH-UA-Platform,Sec-CH-UA-PlatformSec-CH-UA-ModelSec-CH-UA-Mobile,Sec-CH-UA-PlatformSec-CH-UA-Platform-Version,Sec-CH-UASec-CH-UA-MobileSec-CH-UA-Platform,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: a55974b158f388158f7010139b303fdb
Strict-Transport-Security: max-age=0; includeSubdomains
a.focusde.info/api/click/16841266301691310095?c=90
135.181.208.216200 OK 0 B URL HTTP/2 a.focusde.info/api/click/16841266301691310095?c=90
IP 135.181.208.216:0
ASN #24940 Hetzner Online GmbH
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /api/click/16841266301691310095?c=90 HTTP/1.1
Host: a.focusde.info
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://a.focusde.info/api/spots/312873?p=1&s1=%subid1%&kw=
Cookie: nauid=CMjYjSexL4DNQytkRjPW
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 20 Sep 2022 21:13:34 GMT
content-length: 0
access-control-allow-credentials: true
access-control-allow-origin: *
cache-control: private
X-Firefox-Spdy: h2
e1.o.lencr.org/
23.36.77.32200 OK 345 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash a72130ae7c499a48ceed4d717ba04279
686cf6c69ee0bc3b20f334e1f40162b0a348ece2
18117375cc72fba620f3e53df7f99a61ab02c4adf834566eb46d63be66f1ca54
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "18117375CC72FBA620F3E53DF7F99A61AB02C4ADF834566EB46D63BE66F1CA54"
Last-Modified: Mon, 19 Sep 2022 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5917
Expires: Tue, 20 Sep 2022 22:52:11 GMT
Date: Tue, 20 Sep 2022 21:13:34 GMT
Connection: keep-alive
exerciseundergone.com/pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.yourwebbars.com%2Fsb%2Fnotifications%2Futility%2Fdefault%2Fus%2Fblog%2FProgamerage%2Fsimple_bubbleicon%2F16%2Findex.html&l=2211&fd=123
173.233.137.36200 OK 0 B URL HTTP/1.1 exerciseundergone.com/pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.yourwebbars.com%2Fsb%2Fnotifications%2Futility%2Fdefault%2Fus%2Fblog%2FProgamerage%2Fsimple_bubbleicon%2F16%2Findex.html&l=2211&fd=123
IP 173.233.137.36:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.yourwebbars.com%2Fsb%2Fnotifications%2Futility%2Fdefault%2Fus%2Fblog%2FProgamerage%2Fsimple_bubbleicon%2F16%2Findex.html&l=2211&fd=123 HTTP/1.1
Host: exerciseundergone.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Cookie: u_pl=15600826; uid_id2=0300d0bf-fbfe-4711-9541-1997cabdaa46:1:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1; sleca2f990f10476061c719d1c1aa3a2ecd2=[3364901]
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Tue, 20 Sep 2022 21:13:34 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
cdn.sb4you1.com/sb/notifications/utility/default/us/blog/Progamerage/simple_bubbleicon/16/img/arrow.png
172.64.200.2200 OK 2.0 kB URL HTTP/2 cdn.sb4you1.com/sb/notifications/utility/default/us/blog/Progamerage/simple_bubbleicon/16/img/arrow.png
IP 172.64.200.2:0
File type PNG image data, 52 x 81, 8-bit/color RGBA, non-interlaced\012- data
Hash ef2bad0eceeff00bf615df0a433a5bff
a910af81d23d78c96283b46c241d3d9652562009
9c362044a93ac6919b7174a1620d4d82dbe1940a450aea1abca32a48fd160d40
GET /sb/notifications/utility/default/us/blog/Progamerage/simple_bubbleicon/16/img/arrow.png HTTP/1.1
Host: cdn.sb4you1.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Tue, 20 Sep 2022 21:13:35 GMT
content-type: image/png
content-length: 2008
last-modified: Fri, 21 May 2021 10:10:48 GMT
etag: "60a78728-7d8"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 4187335
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=foIHIAa6iHhENPfy118MSYvXdMf6F74vcHbZFNr1EiQ6Uq18XYc92j%2FncaSZvTUIEHrpBc1REduuqjosp1tsxEECz76Z6mj1bHqw8vNHNkhlOaer2A2pFgKgN1Elh%2BtLaIw%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 74dd90da5dab88a7-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
a.focusde.info/api/spots/303892?p=1&s1=%subid1%&kw=
135.181.208.216200 OK 4.9 kB URL HTTP/2 a.focusde.info/api/spots/303892?p=1&s1=%subid1%&kw=
IP 135.181.208.216:0
ASN #24940 Hetzner Online GmbH
Hash 7eadb1421eb540f0d2b5793195ab5307
0059f8c7abd4b455b609eada9504318de45105d8
e20a9530b8600a51d3a393d54b4e4a49765ec03b4cfff0caecec5b5615f1f248
GET /api/spots/303892?p=1&s1=%subid1%&kw= HTTP/1.1
Host: a.focusde.info
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 20 Sep 2022 21:13:34 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
set-cookie: nauid=CMjYjSexL4DNQytkRjPW; Path=/; Expires=Wed, 11 Nov 2037 11:11:11 GMT; Secure; SameSite=None
cache-control: private
content-encoding: gzip
X-Firefox-Spdy: h2
cdn.sb4you1.com/sb/notifications/utility/default/us/blog/Progamerage/simple_bubbleicon/16/css/animate.css
172.64.200.2200 OK 11 kB URL HTTP/2 cdn.sb4you1.com/sb/notifications/utility/default/us/blog/Progamerage/simple_bubbleicon/16/css/animate.css
IP 172.64.200.2:0
Hash 9b3e74ba0653c958b92faaf400fae4da
5f19ef781436822a9fbaa9c1ef0a4248620b7f34
99151b98de90ae061c515569ed88899537975b7f2834932182fbaed46cc91e88
GET /sb/notifications/utility/default/us/blog/Progamerage/simple_bubbleicon/16/css/animate.css HTTP/1.1
Host: cdn.sb4you1.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://xfantazy.com
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Tue, 20 Sep 2022 21:13:35 GMT
content-type: text/css
last-modified: Fri, 21 May 2021 10:10:46 GMT
etag: W/"60a78726-13591"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 4180301
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=0FOwAVEXeKR1B0iOh5p%2FYu582XTHhDKYO8grF9aEc3PmdDcC0j2KYcwAhH6FhJtEAoEYUoFaFjfvEj3rLjXHjwpUh48dl0cdqKeSRbPOsFpfTEsqls0OTstq9FqfTOFQ724%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 74dd90da1cf088a7-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
accounts.google.com/v3/signin/identifier?dsh=S855712526%3A1663708414151111&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&hl=en&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&ifkv=AQDHYWqNm2sW_gSsyBPWds2SbvtyuE6ILCQqucS_rmcHKu2zynxmjfeaE2WebZKHltptJvGAAhHn
216.58.207.237403 Forbidden 111 kB URL HTTP/2 accounts.google.com/v3/signin/identifier?dsh=S855712526%3A1663708414151111&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&hl=en&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&ifkv=AQDHYWqNm2sW_gSsyBPWds2SbvtyuE6ILCQqucS_rmcHKu2zynxmjfeaE2WebZKHltptJvGAAhHn
IP 216.58.207.237:0
Size 111 kB (111283 bytes)
Hash f87890fd665bca9efbf9d90994dae4e7
0e5b9a7b13301121968505802dd656eeb6da983a
9ec756377d13714b5c4b1de0dc481fa4aae474082ef4e236f02d2a2cfc1b20bd
GET /v3/signin/identifier?dsh=S855712526%3A1663708414151111&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&hl=en&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&ifkv=AQDHYWqNm2sW_gSsyBPWds2SbvtyuE6ILCQqucS_rmcHKu2zynxmjfeaE2WebZKHltptJvGAAhHn HTTP/1.1
Host: accounts.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://xfantazy.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 403 Forbidden
content-type: text/html; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Tue, 20 Sep 2022 21:13:34 GMT
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
p3p: CP="This is not a P3P policy! See g.co/p3phelp for more info."
strict-transport-security: max-age=31536000; includeSubDomains
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-platform=*, ch-ua-platform-version=*
content-security-policy: require-trusted-types-for 'script';report-uri /v3/signin/_/AccountsSignInUi/cspreport, script-src 'nonce-1vvNo3j40YDIHGA9KzjuXA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /v3/signin/_/AccountsSignInUi/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com;report-uri /v3/signin/_/AccountsSignInUi/cspreport/allowlist
report-to: {"group":"AccountsSignInUi","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/AccountsSignInUi/external"}]}
cross-origin-opener-policy-report-only: same-origin; report-to="AccountsSignInUi"
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-content-type-options: nosniff
set-cookie: NID=511=b_xBrNCxIMt1hE1f3TmG16xDZtGRVXLceflMOleELJ5TjHgLFawosDsTmofS-3te-qrTX3V9byAPUZ6WmgF1YdKgE-vbzUjVSPB0j2yGeqI3Zkq2AkrtfmsDB2tH7_8k7-lyTiFzNVvQBwhXujEzVNvdiv-RnAWPdzfJ4zHYVIs; expires=Wed, 22-Mar-2023 21:13:34 GMT; path=/; domain=.google.com; Secure; HttpOnly; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
e1.o.lencr.org/
23.36.77.32200 OK 345 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash a72130ae7c499a48ceed4d717ba04279
686cf6c69ee0bc3b20f334e1f40162b0a348ece2
18117375cc72fba620f3e53df7f99a61ab02c4adf834566eb46d63be66f1ca54
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "18117375CC72FBA620F3E53DF7F99A61AB02C4ADF834566EB46D63BE66F1CA54"
Last-Modified: Mon, 19 Sep 2022 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5916
Expires: Tue, 20 Sep 2022 22:52:11 GMT
Date: Tue, 20 Sep 2022 21:13:35 GMT
Connection: keep-alive
ocsp.sectigo.com/
104.18.32.68200 OK 471 B IP 104.18.32.68:0
Hash e51c1ba3b9a6492a5d4ea91d6962e991
65eaa920420e0d9118f14f0e111df9e97384e3a0
0f4732b02feb21b4c162ccbeb2668d915651615508efbe428fcf1d7c166fb4d4
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Tue, 20 Sep 2022 21:13:35 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Mon, 19 Sep 2022 17:56:26 GMT
Expires: Mon, 26 Sep 2022 17:56:25 GMT
Etag: "65eaa920420e0d9118f14f0e111df9e97384e3a0"
Cache-Control: max-age=505969,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb5
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 74dd90d998afb517-OSL
a.focusde.info/api/spots/391868?host=xfantazy.com&ev=196&wh=939&ww=1280
135.181.208.216200 OK 13 kB URL HTTP/2 a.focusde.info/api/spots/391868?host=xfantazy.com&ev=196&wh=939&ww=1280
IP 135.181.208.216:0
ASN #24940 Hetzner Online GmbH
File type ASCII text, with very long lines (28232)
Hash 6808d75dab1e6b25aae3f235ed38f068
57dfdd6a9aba9b83af9dfb055e9d30e7862cce1f
2daa6c53213272b8abd21ab4bf4a5f79e452d06d1860783e0b5795f8e717b221
GET /api/spots/391868?host=xfantazy.com&ev=196&wh=939&ww=1280 HTTP/1.1
Host: a.focusde.info
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Cookie: nauid=CMjYjSexL4DNQytkRjPW
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 20 Sep 2022 21:13:34 GMT
content-type: text/javascript; charset=utf-8
vary: Accept-Encoding
cache-control: private
content-encoding: gzip
X-Firefox-Spdy: h2
exerciseundergone.com/pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.sb4you1.com%2Fsb%2Fnotifications%2Futility%2Fdefault%2Fus%2Fblog%2FProgamerage%2Fsimple_bubbleicon%2F16%2Fcss%2Fanimate.css&l=79249&fd=168
173.233.137.36200 OK 0 B URL HTTP/1.1 exerciseundergone.com/pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.sb4you1.com%2Fsb%2Fnotifications%2Futility%2Fdefault%2Fus%2Fblog%2FProgamerage%2Fsimple_bubbleicon%2F16%2Fcss%2Fanimate.css&l=79249&fd=168
IP 173.233.137.36:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.sb4you1.com%2Fsb%2Fnotifications%2Futility%2Fdefault%2Fus%2Fblog%2FProgamerage%2Fsimple_bubbleicon%2F16%2Fcss%2Fanimate.css&l=79249&fd=168 HTTP/1.1
Host: exerciseundergone.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Cookie: u_pl=15600826; uid_id2=0300d0bf-fbfe-4711-9541-1997cabdaa46:1:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1; sleca2f990f10476061c719d1c1aa3a2ecd2=[3364901]
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Tue, 20 Sep 2022 21:13:35 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
exerciseundergone.com/pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.sb4you1.com%2Fsb%2Fnotifications%2Futility%2Fdefault%2Fus%2Fblog%2FProgamerage%2Fsimple_bubbleicon%2F16%2Fcss%2Fstyle.css&l=9494&fd=160
173.233.137.36200 OK 0 B URL HTTP/1.1 exerciseundergone.com/pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.sb4you1.com%2Fsb%2Fnotifications%2Futility%2Fdefault%2Fus%2Fblog%2FProgamerage%2Fsimple_bubbleicon%2F16%2Fcss%2Fstyle.css&l=9494&fd=160
IP 173.233.137.36:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.sb4you1.com%2Fsb%2Fnotifications%2Futility%2Fdefault%2Fus%2Fblog%2FProgamerage%2Fsimple_bubbleicon%2F16%2Fcss%2Fstyle.css&l=9494&fd=160 HTTP/1.1
Host: exerciseundergone.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Cookie: u_pl=15600826; uid_id2=0300d0bf-fbfe-4711-9541-1997cabdaa46:1:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1; sleca2f990f10476061c719d1c1aa3a2ecd2=[3364901]
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Tue, 20 Sep 2022 21:13:35 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
a.focusde.info/api/spots/303894?p=1&s1=%subid1%&kw=
135.181.208.216200 OK 3.9 kB URL HTTP/2 a.focusde.info/api/spots/303894?p=1&s1=%subid1%&kw=
IP 135.181.208.216:0
ASN #24940 Hetzner Online GmbH
Hash 48da90dd729f44dee1a233a694d40954
83c0a1e16110cd6c25c05f71d9ced4de14cb74b5
a31d77ad3962c75b00a84623ade0b664d1b9b082b4d79d21135cc610ae5e3fa5
GET /api/spots/303894?p=1&s1=%subid1%&kw= HTTP/1.1
Host: a.focusde.info
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Cookie: nauid=CMjYjSexL4DNQytkRjPW
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 20 Sep 2022 21:13:34 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
cache-control: private
content-encoding: gzip
X-Firefox-Spdy: h2
exerciseundergone.com/pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.sb4you1.com%2Fsb%2Fnotifications%2Futility%2Fdefault%2Fus%2Fblog%2FProgamerage%2Fsimple_bubbleicon%2F16%2Fjs%2Fscript.js&l=711&fd=46
173.233.137.36200 OK 0 B URL HTTP/1.1 exerciseundergone.com/pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.sb4you1.com%2Fsb%2Fnotifications%2Futility%2Fdefault%2Fus%2Fblog%2FProgamerage%2Fsimple_bubbleicon%2F16%2Fjs%2Fscript.js&l=711&fd=46
IP 173.233.137.36:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.sb4you1.com%2Fsb%2Fnotifications%2Futility%2Fdefault%2Fus%2Fblog%2FProgamerage%2Fsimple_bubbleicon%2F16%2Fjs%2Fscript.js&l=711&fd=46 HTTP/1.1
Host: exerciseundergone.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Cookie: u_pl=15600826; uid_id2=0300d0bf-fbfe-4711-9541-1997cabdaa46:1:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1; sleca2f990f10476061c719d1c1aa3a2ecd2=[3364901]
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Tue, 20 Sep 2022 21:13:35 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
cdn.tsyndicate.com/sdk/v1/video.instant.message.js
8.254.252.211200 OK 3.5 kB URL HTTP/2 cdn.tsyndicate.com/sdk/v1/video.instant.message.js
IP 8.254.252.211:0
File type ASCII text, with very long lines (539)
Hash b4ccf5d14fbe6be7a62784f96fbed92e
9d3391b4a10cc28bb455ebfbe1caccb3db1c4efd
e3f294d4f9f7227ebaaeb508792345e6bda148885c2d6335e8595338312b67e1
GET /sdk/v1/video.instant.message.js HTTP/1.1
Host: cdn.tsyndicate.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://media.aso1.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Tue, 20 Sep 2022 21:13:35 GMT
content-type: application/javascript
content-length: 3512
last-modified: Mon, 19 Sep 2022 08:52:46 GMT
server: nginx
x-robots-tag: noindex, nofollow
content-encoding: gzip
vary: Accept-Encoding
etag: W/"63282dde-21d4"
age: 128207
accept-ranges: bytes
X-Firefox-Spdy: h2
exerciseundergone.com/impr.gif?sid=H4sIAAAAAAAC%2F1SSTWsk1RfGb81k8Ye%2FC5VsVJReKKhMOnX7vZ3FYIyRYOaFGcXZ6X2rzjW36xb3VnV1GoQww8gse75B5elkwmgQBVeCg3QGZpHVtKsszMIPIIjgSlS6J9h6oDjn1HMWv%2Fuc8%2FludkpCZOxk9bIdaGPYcr0cll6%2FSenF0oaOs36p32p83KhdLLneW%2B1GOXyj9J4SW3a5EtIwpCEtrWmnIttfnorQyWGbltthuVYp03oNffff3mcBPAsge6fkeWg5WXgULEKLMeLu16vKb6U2ufBuNzMstQ49efBhvBXbPEZ3XkYuQBQfnE3D%2BidrD2Hj%2FRkubO%2BfQa4nJHj8EDw%2BOIME7%2B3NOLmBisHl%2F5H3xlBmDM3GEPY2tHxCACFx5Sri7v0r1uVs%2B6nKpuqELPz%2BG3Q%2BIQs%2FLSLufrVidL90w5os1Tb26EcFdH8M3RkjyY6QDs5B50cQ6S1oSRB3C2h58mpYDUMZ8mgp4pFaqjUpXWrXa3SJtttNwbhkrNaYGaP1GDoaw6ghmA%2BQTT8dIIsCZEmArjwpCUppM5SCha22EFXZVLwhQ8qaEWU0bLSQiSn7EGkyhDBDCLeDxO1gS9%2BbEHJrDy77AX6zgJcBfErQkwVyRZB7gpwR5JogTwnyXrEvja%2F44r40PuP0LFfOcrUY2bSzy%2FZt2lEx2U1OyXMz13555jtsqZMSq0TtdhjRsNZshA0qmrQtqaCMVVlFCVmB1wW0Pzd760BPyOJLPyOZbvKzv8DZEbw5gtDPgmUvg%2BWjZiUE2xzVWiEG8WE%2FYnHKBttlYbuQtkCSLiDdDnbNKXlhxlG9%2BRqUOL70Cb88%2BfXBHxCuQOIKfKofEXTM3dF1m5O96zb35JurSaq7esCmm72RslSd%2F%2BJ9tZ1bJ9dX%2FfDB22IqTMvDD5RPN1gsddzx5MsVLaVya9YJRb5f9x8pfi3zmyuZi7Nk49o7a%2BvdxCnvtY3HYHpCyONjCD0h%2F%2Ft2f3a0L965A%2B3GcFmBbnZMzgLaHkEkO%2FDJnN%2Fb83BmPsOTAHlWjFyFz38aTWDUvGe8gP9Xz%2Bf1rr%2BLjnsFLL09u9WeK9AzBZgZwmfnR2niji%2F9WJ0FuAlG3Lhgjxtn7j011%2BuTUjWUTa4i1eSqVq9FSkher%2FNQRIJXZaslkPqJePPCn38DAAD%2F%2FwEAAP%2F%2FR7Hz038EAAA%3D
173.233.137.36200 OK 7 B URL HTTP/1.1 exerciseundergone.com/impr.gif?sid=H4sIAAAAAAAC%2F1SSTWsk1RfGb81k8Ye%2FC5VsVJReKKhMOnX7vZ3FYIyRYOaFGcXZ6X2rzjW36xb3VnV1GoQww8gse75B5elkwmgQBVeCg3QGZpHVtKsszMIPIIjgSlS6J9h6oDjn1HMWv%2Fuc8%2FludkpCZOxk9bIdaGPYcr0cll6%2FSenF0oaOs36p32p83KhdLLneW%2B1GOXyj9J4SW3a5EtIwpCEtrWmnIttfnorQyWGbltthuVYp03oNffff3mcBPAsge6fkeWg5WXgULEKLMeLu16vKb6U2ufBuNzMstQ49efBhvBXbPEZ3XkYuQBQfnE3D%2BidrD2Hj%2FRkubO%2BfQa4nJHj8EDw%2BOIME7%2B3NOLmBisHl%2F5H3xlBmDM3GEPY2tHxCACFx5Sri7v0r1uVs%2B6nKpuqELPz%2BG3Q%2BIQs%2FLSLufrVidL90w5os1Tb26EcFdH8M3RkjyY6QDs5B50cQ6S1oSRB3C2h58mpYDUMZ8mgp4pFaqjUpXWrXa3SJtttNwbhkrNaYGaP1GDoaw6ghmA%2BQTT8dIIsCZEmArjwpCUppM5SCha22EFXZVLwhQ8qaEWU0bLSQiSn7EGkyhDBDCLeDxO1gS9%2BbEHJrDy77AX6zgJcBfErQkwVyRZB7gpwR5JogTwnyXrEvja%2F44r40PuP0LFfOcrUY2bSzy%2FZt2lEx2U1OyXMz13555jtsqZMSq0TtdhjRsNZshA0qmrQtqaCMVVlFCVmB1wW0Pzd760BPyOJLPyOZbvKzv8DZEbw5gtDPgmUvg%2BWjZiUE2xzVWiEG8WE%2FYnHKBttlYbuQtkCSLiDdDnbNKXlhxlG9%2BRqUOL70Cb88%2BfXBHxCuQOIKfKofEXTM3dF1m5O96zb35JurSaq7esCmm72RslSd%2F%2BJ9tZ1bJ9dX%2FfDB22IqTMvDD5RPN1gsddzx5MsVLaVya9YJRb5f9x8pfi3zmyuZi7Nk49o7a%2BvdxCnvtY3HYHpCyONjCD0h%2F%2Ft2f3a0L965A%2B3GcFmBbnZMzgLaHkEkO%2FDJnN%2Fb83BmPsOTAHlWjFyFz38aTWDUvGe8gP9Xz%2Bf1rr%2BLjnsFLL09u9WeK9AzBZgZwmfnR2niji%2F9WJ0FuAlG3Lhgjxtn7j011%2BuTUjWUTa4i1eSqVq9FSkher%2FNQRIJXZaslkPqJePPCn38DAAD%2F%2FwEAAP%2F%2FR7Hz038EAAA%3D
IP 173.233.137.36:0
File type ASCII text, with no line terminators
Hash 132d6af1b46048b45cf86cdee7991d31
eb7007d03d59b65bc6da7e098c4d38fc6dfb6285
ab852e838deccd742a03ca81d4a8d75cf1a00b327db3eaf46bd7da6b6db9384c
Analyzer Verdict Alert quad9 Sinkholed
GET /impr.gif?sid=H4sIAAAAAAAC%2F1SSTWsk1RfGb81k8Ye%2FC5VsVJReKKhMOnX7vZ3FYIyRYOaFGcXZ6X2rzjW36xb3VnV1GoQww8gse75B5elkwmgQBVeCg3QGZpHVtKsszMIPIIjgSlS6J9h6oDjn1HMWv%2Fuc8%2FludkpCZOxk9bIdaGPYcr0cll6%2FSenF0oaOs36p32p83KhdLLneW%2B1GOXyj9J4SW3a5EtIwpCEtrWmnIttfnorQyWGbltthuVYp03oNffff3mcBPAsge6fkeWg5WXgULEKLMeLu16vKb6U2ufBuNzMstQ49efBhvBXbPEZ3XkYuQBQfnE3D%2BidrD2Hj%2FRkubO%2BfQa4nJHj8EDw%2BOIME7%2B3NOLmBisHl%2F5H3xlBmDM3GEPY2tHxCACFx5Sri7v0r1uVs%2B6nKpuqELPz%2BG3Q%2BIQs%2FLSLufrVidL90w5os1Tb26EcFdH8M3RkjyY6QDs5B50cQ6S1oSRB3C2h58mpYDUMZ8mgp4pFaqjUpXWrXa3SJtttNwbhkrNaYGaP1GDoaw6ghmA%2BQTT8dIIsCZEmArjwpCUppM5SCha22EFXZVLwhQ8qaEWU0bLSQiSn7EGkyhDBDCLeDxO1gS9%2BbEHJrDy77AX6zgJcBfErQkwVyRZB7gpwR5JogTwnyXrEvja%2F44r40PuP0LFfOcrUY2bSzy%2FZt2lEx2U1OyXMz13555jtsqZMSq0TtdhjRsNZshA0qmrQtqaCMVVlFCVmB1wW0Pzd760BPyOJLPyOZbvKzv8DZEbw5gtDPgmUvg%2BWjZiUE2xzVWiEG8WE%2FYnHKBttlYbuQtkCSLiDdDnbNKXlhxlG9%2BRqUOL70Cb88%2BfXBHxCuQOIKfKofEXTM3dF1m5O96zb35JurSaq7esCmm72RslSd%2F%2BJ9tZ1bJ9dX%2FfDB22IqTMvDD5RPN1gsddzx5MsVLaVya9YJRb5f9x8pfi3zmyuZi7Nk49o7a%2BvdxCnvtY3HYHpCyONjCD0h%2F%2Ft2f3a0L965A%2B3GcFmBbnZMzgLaHkEkO%2FDJnN%2Fb83BmPsOTAHlWjFyFz38aTWDUvGe8gP9Xz%2Bf1rr%2BLjnsFLL09u9WeK9AzBZgZwmfnR2niji%2F9WJ0FuAlG3Lhgjxtn7j011%2BuTUjWUTa4i1eSqVq9FSkher%2FNQRIJXZaslkPqJePPCn38DAAD%2F%2FwEAAP%2F%2FR7Hz038EAAA%3D HTTP/1.1
Host: exerciseundergone.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Cookie: u_pl=15600826; uid_id2=0300d0bf-fbfe-4711-9541-1997cabdaa46:1:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1; sleca2f990f10476061c719d1c1aa3a2ecd2=[3364901]
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Tue, 20 Sep 2022 21:13:35 GMT
Content-Type: image/gif
Content-Length: 7
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA-Full-Version-ListSec-CH-UA-MobileSec-CH-UA-Platform,Sec-CH-UA-Mobile,Sec-CH-UA-Platform,Sec-CH-UA-PlatformSec-CH-UA-ModelSec-CH-UA-Mobile,Sec-CH-UA-PlatformSec-CH-UA-Platform-Version,Sec-CH-UASec-CH-UA-MobileSec-CH-UA-Platform,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: ee92eed71049d9b0ac71a466dbbd3edb
Strict-Transport-Security: max-age=0; includeSubdomains
exerciseundergone.com/pixel/sbs?c=1
173.233.137.36200 OK 0 B URL HTTP/1.1 exerciseundergone.com/pixel/sbs?c=1
IP 173.233.137.36:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /pixel/sbs?c=1 HTTP/1.1
Host: exerciseundergone.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Cookie: u_pl=15600826; uid_id2=0300d0bf-fbfe-4711-9541-1997cabdaa46:1:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1; sleca2f990f10476061c719d1c1aa3a2ecd2=[3364901]
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Tue, 20 Sep 2022 21:13:35 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
tsyndicate.com/do2/gtpedNcWKkqbcJr5gX4hNBaeGvryR5tY/master?w=1280&h=1024&tz=0&count=5
148.251.120.78200 OK 2.9 kB URL HTTP/2 tsyndicate.com/do2/gtpedNcWKkqbcJr5gX4hNBaeGvryR5tY/master?w=1280&h=1024&tz=0&count=5
IP 148.251.120.78:0
ASN #24940 Hetzner Online GmbH
Hash 33ff6c51af7b3018b7cba765c4499ae0
197add9eccd9f9e0a296c1806829a6c202f69fb4
0c246f045ed07d10f766f3d0cea9a3e2f40a63443323f5f5ce326465844667c2
GET /do2/gtpedNcWKkqbcJr5gX4hNBaeGvryR5tY/master?w=1280&h=1024&tz=0&count=5 HTTP/1.1
Host: tsyndicate.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://a.focusde.info
Connection: keep-alive
Referer: https://a.focusde.info/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Tue, 20 Sep 2022 21:13:35 GMT
content-type: application/json; charset=utf-8
access-control-allow-origin: https://a.focusde.info
access-control-allow-methods: POST, GET, HEAD
access-control-allow-headers: Accept, X-Requested-With, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, X-Legacy
access-control-allow-credentials: true
pragma: no-cache
expires: 0
vary: Accept-Encoding, *
x-api-version: 2
link: <https://lcdn.tsyndicate.com/sdk/v1/b.b.js>; rel=preload; as=script
x-request-id: 3b80f02d70661005
set-cookie: ts_uid=df49caed-4b37-4896-a75f-e8a2c9c13992; expires=Mon, 20 Mar 2023 21:13:35 GMT; domain=.tsyndicate.com; path=/; HttpOnly; secure; SameSite=None
bfq=APeIECNCxxYZOGDEwFGjRhcWIsYU3BLjoYgyE2PYsDHjRg4aOGI47KMg; expires=Wed, 21 Sep 2022 21:13:35 GMT; domain=.tsyndicate.com; path=/; secure; SameSite=None
cache-control: no-cache, no-store, no-transform, must-revalidate, no-transform
x-robots-tag: none, noindex, nofollow
report-to: { "url": "https://pxl.tsyndicate.com/api/v1/heavy-ad/report", "max_age": 86401 }
content-encoding: gzip
X-Firefox-Spdy: h2
cdn3.medfoodsafety.com/14/6a/76069/00000448460.gif
172.64.173.19200 OK 88 kB URL HTTP/2 cdn3.medfoodsafety.com/14/6a/76069/00000448460.gif
IP 172.64.173.19:0
File type GIF image data, version 89a, 900 x 250\012- data
Hash 088141450c51c118b500fd492161d609
ed09a4d2ba8fdf734806baeb5e4ced907e9065d3
e9366c272e124c0856f97b860ccb97293fa37a32c66fb042503d0b2f28a8f1e5
GET /14/6a/76069/00000448460.gif HTTP/1.1
Host: cdn3.medfoodsafety.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://a.medfoodsafety.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 200 OK
date: Tue, 20 Sep 2022 21:13:35 GMT
content-type: image/gif
content-length: 88126
last-modified: Wed, 18 Nov 2020 21:06:07 GMT
etag: "088141450c51c118b500fd492161d609"
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
via: 1.1 da1b51482b08b4548d36c4cddfb34c00.cloudfront.net (CloudFront)
x-amz-cf-pop: LHR61-C2
x-amz-cf-id: XkEU_Bq5EEkzfMxXQtC5OI0C27fS2trB6EFsa4J9lW-hYEpCuYtHGA==
cache-control: max-age=14400
cf-cache-status: REVALIDATED
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2FIQLRkC87Tvhj%2Bc%2FofxJc6t2av1h3CdrcbkODLBNJeR3zDlIZz1vwp62%2B4Z4HUuL97hP4Jw82t6fq%2BRTNfb6khFSdXApVbC5a24uyeRXLhdq%2FhR8IYzXJSrTDU7Q4SrIRJGr2OXTbHos"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 74dd90dd39ea776d-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.sectigo.com/
104.18.32.68200 OK 472 B IP 104.18.32.68:0
Hash ae3922f2fc60224cc1b34f69b1259603
9c308637cae3f6cf1e7cae6a57e3a315990dcafe
cb1b866b0e49257f6546559ccafaf089dcc54bb05395047eeade368ef6675e7c
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Tue, 20 Sep 2022 21:13:35 GMT
Content-Type: application/ocsp-response
Content-Length: 472
Connection: keep-alive
Last-Modified: Sat, 17 Sep 2022 15:56:19 GMT
Expires: Sat, 24 Sep 2022 15:56:18 GMT
Etag: "9c308637cae3f6cf1e7cae6a57e3a315990dcafe"
Cache-Control: max-age=325962,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb6
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 74dd90dd8c18b50f-OSL
cdn3.medfoodsafety.com/9b/27/37628/00000353029.gif
172.64.173.19200 OK 209 kB URL HTTP/2 cdn3.medfoodsafety.com/9b/27/37628/00000353029.gif
IP 172.64.173.19:0
File type GIF image data, version 89a, 300 x 250\012- data
Size 209 kB (209192 bytes)
Hash e5c5f3522a8fa182ab99ccfe9cf5b088
ea8980e15114dfbb31adcd64b83487be028dcfb3
65b708ca564b71d88af885a517cc597b4fdda108377613d71cc41eb1aa09d597
GET /9b/27/37628/00000353029.gif HTTP/1.1
Host: cdn3.medfoodsafety.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://a.medfoodsafety.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 200 OK
date: Tue, 20 Sep 2022 21:13:35 GMT
content-type: image/gif
content-length: 209192
last-modified: Fri, 31 Jul 2020 20:52:23 GMT
etag: "e5c5f3522a8fa182ab99ccfe9cf5b088"
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
via: 1.1 9f7475378931ebe64377681caa6a6ff0.cloudfront.net (CloudFront)
x-amz-cf-pop: LHR62-C2
x-amz-cf-id: TmdDkriR9lYnDORTwHMUMLqOk1CnxR2tRGbZ63XE6dUC2NUXTuMHNg==
cache-control: max-age=14400
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=akEVdp07EfzbgjBb9k9rRqR61ii8eJcM%2BYlAb18z3sRAqvjC27JdEYWw%2FcqA%2B1D%2BayaTKYapHPp4RBpPfxwAr0q8GT8l%2BztpdA4raX2czmYCgWHvv7WTWVl2tdoRKe3mpmDG6h8fBk46"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 74dd90dd6a2c776d-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.sectigo.com/
104.18.32.68200 OK 472 B IP 104.18.32.68:0
Hash ae3922f2fc60224cc1b34f69b1259603
9c308637cae3f6cf1e7cae6a57e3a315990dcafe
cb1b866b0e49257f6546559ccafaf089dcc54bb05395047eeade368ef6675e7c
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Tue, 20 Sep 2022 21:13:35 GMT
Content-Type: application/ocsp-response
Content-Length: 472
Connection: keep-alive
Last-Modified: Sat, 17 Sep 2022 15:56:19 GMT
Expires: Sat, 24 Sep 2022 15:56:18 GMT
Etag: "9c308637cae3f6cf1e7cae6a57e3a315990dcafe"
Cache-Control: max-age=325962,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb4
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 74dd90ddafa9b4ee-OSL
a.medfoodsafety.com/i?tid=eaef6c26-0228-4dbf-95a2-ec2a86db788b&cf=affcg0hdae
172.64.173.19200 OK 60 B URL HTTP/2 a.medfoodsafety.com/i?tid=eaef6c26-0228-4dbf-95a2-ec2a86db788b&cf=affcg0hdae
IP 172.64.173.19:0
File type ASCII text, with no line terminators
Hash cea81d6017b53c6c7bd076407db21a0a
063acf4f87ec5b0c7f9631779c264ee045945c52
1665c0045c0d9a05857431f46362283793d0b844d9e157692079bcbc69ff6154
GET /i?tid=eaef6c26-0228-4dbf-95a2-ec2a86db788b&cf=affcg0hdae HTTP/1.1
Host: a.medfoodsafety.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://a.medfoodsafety.com/loader?a=4788749&v=2&t=30&s=4776911&p=8575&if=true
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Tue, 20 Sep 2022 21:13:35 GMT
content-type: image/gif
content-length: 60
cache-control: no-cache, no-store, must-revalidate
expires: Sat, 26 Jul 1997 05:00:00 GMT
last-modified: Sun, 17 May 1998 03:00:00 GMT
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=aZfq8lt9TLJEPKUuUVCeiHY1TVLwwofcyoKu2Z%2Bc3ViCOyjLJXbpnfd2%2B8LJEL6QzLh2YedAxtvjzsbMTlDw7decpLF60UScOwSteTBtuPqw2kfq%2FALas9%2FaCcOUgWaIlokS4C0t"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 74dd90dd39e2776d-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
a.bestcontentfood.top/warp/4788749?r=79048
172.64.105.34200 OK 4.9 kB URL HTTP/2 a.bestcontentfood.top/warp/4788749?r=79048
IP 172.64.105.34:0
File type ASCII text, with very long lines (4179), with no line terminators
Hash c3db2f29474cf6066aa3a1c03e2b6615
a0a8c86e5dc1301b0787598c29902a52916b5e31
316d4a6e00fd62e61fb278459ce806f007058d6013fdd1211b5956ec27c26ca9
Analyzer Verdict Alert fortinet Phishing
GET /warp/4788749?r=79048 HTTP/1.1
Host: a.bestcontentfood.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://a.focusde.info/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Tue, 20 Sep 2022 21:13:35 GMT
content-type: application/javascript; charset=UTF-8
referer: a.medfoodsafety.com
cache-control: public, max-age=900
etag: W/"b5bfe5efa4321a0b085300dd0d4edb9f"
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Jse1dFHHflXyuNCQ0Gue5gJKhgmrAqs7V729E%2Foob53tKxZ14a3pm0%2Bc8PACLniiMV03fOeZ%2FLDNnpaT7eTkOkK8Bi2EWkvCAlKf8VU%2BxlW3MhA7NWyKVvbdctjSf1X7kNoJDtrxr%2BI%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 74dd90da29ea0702-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 0a0093dbac56b7a27ab47c1139f554d3
95e5b1eac324639a3d095ac86eb2382e8e2975bb
d6042aa3d1bb277bfd37caf6ea4dd9e068135550839fd1890727ab0d5e7ae8a8
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "D6042AA3D1BB277BFD37CAF6EA4DD9E068135550839FD1890727AB0D5E7AE8A8"
Last-Modified: Mon, 19 Sep 2022 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2654
Expires: Tue, 20 Sep 2022 21:57:49 GMT
Date: Tue, 20 Sep 2022 21:13:35 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 0a0093dbac56b7a27ab47c1139f554d3
95e5b1eac324639a3d095ac86eb2382e8e2975bb
d6042aa3d1bb277bfd37caf6ea4dd9e068135550839fd1890727ab0d5e7ae8a8
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "D6042AA3D1BB277BFD37CAF6EA4DD9E068135550839FD1890727AB0D5E7AE8A8"
Last-Modified: Mon, 19 Sep 2022 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2654
Expires: Tue, 20 Sep 2022 21:57:49 GMT
Date: Tue, 20 Sep 2022 21:13:35 GMT
Connection: keep-alive
a.medfoodsafety.com/i?tid=9f1f90e4-a519-4533-8acc-f741d3438243&cf=affcg0hdae
172.64.173.19200 OK 60 B URL HTTP/2 a.medfoodsafety.com/i?tid=9f1f90e4-a519-4533-8acc-f741d3438243&cf=affcg0hdae
IP 172.64.173.19:0
File type ASCII text, with no line terminators
Hash cea81d6017b53c6c7bd076407db21a0a
063acf4f87ec5b0c7f9631779c264ee045945c52
1665c0045c0d9a05857431f46362283793d0b844d9e157692079bcbc69ff6154
GET /i?tid=9f1f90e4-a519-4533-8acc-f741d3438243&cf=affcg0hdae HTTP/1.1
Host: a.medfoodsafety.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://a.medfoodsafety.com/loader?a=4788752&v=2&t=30&s=4776911&p=8575&if=true
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Tue, 20 Sep 2022 21:13:35 GMT
content-type: image/gif
content-length: 60
cache-control: no-cache, no-store, must-revalidate
expires: Sat, 26 Jul 1997 05:00:00 GMT
last-modified: Sun, 17 May 1998 03:00:00 GMT
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=IQxBqWaPN%2FSnTUEtgdw%2Bl%2FK8ed%2FaUtroJ0bhlQUz%2Fzv7BeVn518F3K21enMc%2B8OksvZo1YdM%2BDQLQGqNJ7ZLvOlmExedTaWCRl3wU4yd2PQMJrjXBRP%2B53pU0QYkBVN9Mof1LzVe"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 74dd90dd5a03776d-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
a.bestcontentfood.top/warp/4788752?r=4357
172.64.105.34200 OK 2.3 kB URL HTTP/2 a.bestcontentfood.top/warp/4788752?r=4357
IP 172.64.105.34:0
File type ASCII text, with very long lines (4179), with no line terminators
Hash fe564e975e18a0e7319ad632e12a4abd
cfdd70e902a154ca47ad001107e5c8c6085e152f
6763433938b7682ae4808608596465add078810e1960c7f670522058517f3d38
Analyzer Verdict Alert fortinet Phishing
GET /warp/4788752?r=4357 HTTP/1.1
Host: a.bestcontentfood.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://a.focusde.info/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Tue, 20 Sep 2022 21:13:35 GMT
content-type: application/javascript; charset=UTF-8
referer: a.medfoodsafety.com
cache-control: public, max-age=900
etag: W/"b5bfe5efa4321a0b085300dd0d4edb9f"
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=8jigFpyk%2B1mgxOKoSdgA70wKuFuU1VsHUUEorB3KJYK2t2AMURUVndLb1Wv%2BrlL0%2F7zhWhUhk%2B8nfkEnx%2B79qlCKnN9nUH8cA9y%2F65IVMM5ekNOAXHw15Q76OoOM1jOYmsFzs98Z0ZA%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 74dd90da4a0d0702-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
a.medfoodsafety.com/i?tid=9b18d3c8-1a7c-4d8b-8c65-de48eca0b9a7&cf=affcg0hdae
172.64.173.19200 OK 60 B URL HTTP/2 a.medfoodsafety.com/i?tid=9b18d3c8-1a7c-4d8b-8c65-de48eca0b9a7&cf=affcg0hdae
IP 172.64.173.19:0
File type ASCII text, with no line terminators
Hash cea81d6017b53c6c7bd076407db21a0a
063acf4f87ec5b0c7f9631779c264ee045945c52
1665c0045c0d9a05857431f46362283793d0b844d9e157692079bcbc69ff6154
GET /i?tid=9b18d3c8-1a7c-4d8b-8c65-de48eca0b9a7&cf=affcg0hdae HTTP/1.1
Host: a.medfoodsafety.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://a.medfoodsafety.com/loader?a=4787912&v=2&t=1&s=4776911&p=8575&if=true
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Tue, 20 Sep 2022 21:13:35 GMT
content-type: image/gif
content-length: 60
cache-control: no-cache, no-store, must-revalidate
expires: Sat, 26 Jul 1997 05:00:00 GMT
last-modified: Sun, 17 May 1998 03:00:00 GMT
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=x%2FPRQgFg50YYA7y8ruDy34Hl7XgO%2F7oSe3CTa9ge501kpmW%2Bst%2FgP9tJGhSaUQ2ITNJVzJPsUCEPovL8puKnSphx4HhEelTVG5cL%2BE30yOoFok70edjRKscmAPGOjHzoAjQMSKRE"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 74dd90dd6a25776d-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
a.medfoodsafety.com/loader?a=4788752&v=2&t=30&s=4776911&p=8575&if=true
172.64.173.19200 OK 957 B URL HTTP/2 a.medfoodsafety.com/loader?a=4788752&v=2&t=30&s=4776911&p=8575&if=true
IP 172.64.173.19:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash 96252d20836ac5a9c56b733c088e10df
b7d144ef59fb2cbebb4b85c78d5d217f6b687a22
de984aaa285639ae72dc9c9b5023d8afba7c62e8f666a2e4828c3cff4e632db5
GET /loader?a=4788752&v=2&t=30&s=4776911&p=8575&if=true HTTP/1.1
Host: a.medfoodsafety.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://a.focusde.info/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Tue, 20 Sep 2022 21:13:35 GMT
content-type: text/html
cache-control: no-cache, no-store, must-revalidate
expires: Sat, 26 Jul 1997 05:00:00 GMT
last-modified: Sun, 17 May 1998 03:00:00 GMT
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=GiyNvPpPEu%2Bc8ZVdMgrL%2FM414QklmjyF9MdL0rALPrt7VruGlsILmt380DSpdlPvwbz%2B%2FDIRN1HYnqjr2kdvFrvJu6c5swd4t6Zk27F1M5BIu8kr88p3YUcNLNyWVH9E3TNrz%2BF9"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 74dd90dc181a776d-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
cdn.tsyndicate.com/sdk/v1/video.instant.message.css
8.254.252.211200 OK 4.7 kB URL HTTP/2 cdn.tsyndicate.com/sdk/v1/video.instant.message.css
IP 8.254.252.211:0
File type ASCII text, with very long lines (4667), with no line terminators
Hash 9fba1a3e7202a1124dec5d68f4f07bd1
6d880383c56bbe8244e98f135c7e8ef76e65ebfb
857634cc0df9324a79abf3ae0dc675507c22f020260e3c6ba8b2f2d04c1d24ec
GET /sdk/v1/video.instant.message.css HTTP/1.1
Host: cdn.tsyndicate.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://media.aso1.net/
Cookie: ts_uid=df49caed-4b37-4896-a75f-e8a2c9c13992; bfq=APeIECNCxxYZOGDEwFGjRhcWIsYU3BLjoYgyE2PYsDHjRg4aOGI47KMg
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Tue, 20 Sep 2022 21:13:35 GMT
content-type: text/css
content-length: 4667
etag: "63282dde-123b"
last-modified: Mon, 19 Sep 2022 08:52:46 GMT
server: nginx
x-robots-tag: noindex, nofollow
age: 128209
accept-ranges: bytes
X-Firefox-Spdy: h2
poweredby.jads.co/js/jads.js
185.94.237.64301 Moved Permanently 178 B URL HTTP/1.1 poweredby.jads.co/js/jads.js
IP 185.94.237.64:0
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash cd2e0e43980a00fb6a2742d3afd803b8
81ffbd1712afe8cdf138b570c0fc9934742c33c1
bd9df047d51943acc4bc6cf55d88edb5b6785a53337ee2a0f74dd521aedde87d
GET /js/jads.js HTTP/1.1
Host: poweredby.jads.co
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://media.aso1.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Tue, 20 Sep 2022 21:13:35 GMT
Content-Type: text/html
Content-Length: 178
Connection: keep-alive
Location: jads2.js
ocsp.digicert.com/
93.184.220.29200 OK 314 B IP 93.184.220.29:0
Hash 0afc43013db8eda962a9ee2b5649e281
8d0b5694da6d99c7b62582c6138a0aa31cccea26
9297b560da66b137df52d4bbc40559b78d6153d4ee4a3581968e37f078ff964f
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6077
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Tue, 20 Sep 2022 21:13:35 GMT
Last-Modified: Tue, 20 Sep 2022 19:32:18 GMT
Server: ECS (ska/F6FE)
X-Cache: HIT
Content-Length: 314
poweredby.jads.co/js/jads2.js
185.94.237.64200 OK 1.7 kB URL HTTP/1.1 poweredby.jads.co/js/jads2.js
IP 185.94.237.64:0
File type ASCII text, with very long lines (3758), with no line terminators
Hash 558e1b61fc513016183a3812938e79fb
5f72ea61a2aad8f7a0956321d3fd8524db70eddf
a79f8c0aabfc2d1d45e4df2a86ca9172d292b08987f7a9d5c10bd10abf3aef54
GET /js/jads2.js HTTP/1.1
Host: poweredby.jads.co
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://media.aso1.net/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Tue, 20 Sep 2022 21:13:35 GMT
Content-Type: application/x-javascript
Last-Modified: Mon, 11 Jul 2022 00:36:11 GMT
Transfer-Encoding: chunked
Connection: close
ETag: W/"62cb707b-eae"
Content-Encoding: gzip
chaturbate.com/in/?track=adnium-xfantazy.com&tour=dTm0&campaign=taOsB&disable_sound=1&mobileRedirect=auto&embed_video_only=1&target=_blank
104.18.101.40302 Found 503 B URL HTTP/2 chaturbate.com/in/?track=adnium-xfantazy.com&tour=dTm0&campaign=taOsB&disable_sound=1&mobileRedirect=auto&embed_video_only=1&target=_blank
IP 104.18.101.40:0
Hash 6b24123051d51f0f3320b5d56492b7ea
7342398f9d946fe91b0909aa5b95287c935d295d
2a7ef8294ba25d066101f2c917592434246f57b748e9e3745aa1c63ddbb17fa2
GET /in/?track=adnium-xfantazy.com&tour=dTm0&campaign=taOsB&disable_sound=1&mobileRedirect=auto&embed_video_only=1&target=_blank HTTP/1.1
Host: chaturbate.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://a.medfoodsafety.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
date: Tue, 20 Sep 2022 21:13:35 GMT
content-type: text/html; charset=utf-8
location: /topembed/?join_overlay=1&tour=dTm0&campaign=taOsB&disable_sound=1&mobileRedirect=auto&embed_video_only=1&target=_blank
p3p: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"
vary: Accept-Language, Cookie
content-language: en
content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.mmcdn.com https://*.highwebmedia.com https://*.chaturbate.com https://chaturbate.com https://ajax.googleapis.com https://js-agent.newrelic.com https://cdnjs.cloudflare.com https://www.google-analytics.com https://www.google.com/recaptcha/ https://www.google.com/cv/ https://www.gstatic.com/recaptcha/ https://www.gstatic.com/cv/ https://www.gstatic.com/eureka/ https://www.gstatic.com/cast/ https://*.nr-data.net https://certify-js.alexametrics.com https://player.vimeo.com/api/player.js http://static.hotjar.com https://static.hotjar.com https://script.hotjar.com ; style-src 'self' data: 'unsafe-inline' https://*.highwebmedia.com https://cdnjs.cloudflare.com https://fonts.googleapis.com ; img-src 'self' data: https://*.mmcdn.com https://*.highwebmedia.com https://*.stream.highwebmedia.com https://*.chaturbate.com https://chaturbate.com https://www.google-analytics.com https://static-pub.highwebmedia.com https://s3pv.highwebmedia.com https://cbphotovideo.s3.amazonaws.com https://cbphotovideo-eu.s3.amazonaws.com https://static-pub.highwebmedia.com.s3.amazonaws.com https://wowdvr.s3.amazonaws.com https://cbvideoupload.s3.amazonaws.com https://cdnjs.cloudflare.com https://www.gstatic.com https://*.nr-data.net https://certify.alexametrics.com https://stats.g.doubleclick.net https://cbgames.s3.amazonaws.com https://player.vimeo.com https://script.hotjar.com http://script.hotjar.com ; font-src 'self' data: https://*.mmcdn.com https://*.highwebmedia.com https://cdnjs.cloudflare.com https://fonts.gstatic.com http://script.hotjar.com https://script.hotjar.com ; connect-src 'self' blob: blob https://*.mmcdn.com wss://*.mmcdn.com wss://*.mmcdn.com:8443 https://*.highwebmedia.com wss://*.highwebmedia.com wss://*.highwebmedia.com:8443 https://*.nr-data.net https://*.chaturbate.com https://chaturbate.com https://www.google-analytics.com https://cbvideoupload.s3-accelerate.amazonaws.com https://stats.g.doubleclick.net https://internet-up.ably-realtime.com https://static-pub.highwebmedia.com https://s3pv.highwebmedia.com https://cbphotovideo.s3.amazonaws.com https://cbphotovideo-eu.s3.amazonaws.com https://static-pub.highwebmedia.com.s3.amazonaws.com https://wowdvr.s3.amazonaws.com https://cbvideoupload.s3.amazonaws.com https://tls-use1.fpapi.io http://*.hotjar.com:* https://*.hotjar.com:* https://vc.hotjar.io:* https://surveystats.hotjar.io wss://*.hotjar.com ; media-src 'self' https://*.mmcdn.com https://*.highwebmedia.com https://*.chaturbate.com https://chaturbate.com mediasource: blob: data: https://static-pub.highwebmedia.com https://s3pv.highwebmedia.com https://cbphotovideo.s3.amazonaws.com https://cbphotovideo-eu.s3.amazonaws.com https://static-pub.highwebmedia.com.s3.amazonaws.com https://wowdvr.s3.amazonaws.com https://cbvideoupload.s3.amazonaws.com; object-src 'self' https://*.mmcdn.com https://*.highwebmedia.com https://download.macromedia.com https://static-pub.highwebmedia.com https://s3pv.highwebmedia.com https://cbphotovideo.s3.amazonaws.com https://cbphotovideo-eu.s3.amazonaws.com https://static-pub.highwebmedia.com.s3.amazonaws.com https://wowdvr.s3.amazonaws.com https://cbvideoupload.s3.amazonaws.com ; frame-src 'self' https://*.mmcdn.com https://*.chaturbate.com https://chaturbate.com https://*.highwebmedia.com https://adserver.exoticads.com https://www.google.com/recaptcha/ https://*.wnu.com https://wnu.com https://checkout.2000charge.com https://www.sofort.com https://*.girogate.de https://player.vimeo.com https://vars.hotjar.com ; child-src 'self' blob: blob ; worker-src 'self' blob: blob ; form-action 'self' https://*.chaturbate.com https://chaturbate.com https://*.stream.highwebmedia.com https://www.coinpayments.net https://*.wnu.com https://wnu.com https://devportal.cb.dev https://*.web.amer-1.jumio.ai https://smartpay.coinsmart.com ; manifest-src 'self' https://*.mmcdn.com https://*.highwebmedia.com ; report-uri https://report-uri.mmcdn.com/r/t/csp/enforce;
report-to: {"group":"default","max_age":2592000,"endpoints":[{"url":"https://report-uri.mmcdn.com/a/t/g"}],"include_subdomains":true}
nel: {"report_to":"default","max_age":2592000,"include_subdomains":true}
x-frame-options: DENY
cache-control: no-cache
x-content-type-options: nosniff
x-xss-protection: 1; mode=block; report=https://report-uri.highwebmedia.com/r/t/xss/enforce
referrer-policy: strict-origin-when-cross-origin
via: 1.1 google
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cf-cache-status: DYNAMIC
set-cookie: u_dTm0=1; expires=Sun, 25-Sep-2022 21:13:35 GMT; Max-Age=432000; Path=/
us_dTm0=1; Path=/
affkey="eJwdjUEOQDAQRa8is0axtHQBGxcYbSdERqUdiRJ3l7F8/73kPyDQF+AmbqAswPKhKDimQVnipoxuX0+uLsJd8M61Daw2qltEjtQbgzV7RyG4hOTlb4xGSKSZzbOPvG5et/+ka+H9AHQbJg4="; Domain=.chaturbate.com; expires=Thu, 20-Oct-2022 21:13:35 GMT; Max-Age=2592000; Path=/
fromaffiliate=1; Domain=.chaturbate.com; Path=/
noads=1; expires=Wed, 21-Sep-2022 03:13:35 GMT; Max-Age=21600; Path=/
stcki="pOtSwZ=0\054FqPd9a=0\0546pduSG=0\054aDBbcK=1"; expires=Thu, 20-Oct-2022 21:13:35 GMT; Max-Age=2592000; Path=/
sbr=sec:sbr7d564f09-3dc1-470c-b606-dcc43da70ffb:1oakYh:bpMBzmDXZps_xOlZbFwezdSG6nw; Domain=.chaturbate.com; expires=Sun, 15-Jun-2025 21:13:35 GMT; HttpOnly; Max-Age=86313600; Path=/; Secure
__cf_bm=_b0ekgA6k1oh24UKz4oE.v8FSs.rUw7q2jQjHddccNQ-1663708415-0-AR+yF+7Z6B0itLdJlmf6mXJTs5yNZ24mEksN/iPkShYWmOfqqHprs6MuIFnPdkVtsJaHHXI0GYY03RF/sewfPYY=; path=/; expires=Tue, 20-Sep-22 21:43:35 GMT; domain=.chaturbate.com; HttpOnly; Secure; SameSite=None
strict-transport-security: max-age=31536000; includeSubDomains; preload
server: cloudflare
cf-ray: 74dd90de1c2c0b4d-OSL
X-Firefox-Spdy: h2
unseenreport.com/pxf.gif?uuid=0300d0bf-fbfe-4711-9541-1997cabdaa46&eb=da08d6844107154a138edda4653a0f4b&te=f6ce28b9ffd697cd2ee52a12f20448bb&ua=Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64%3B%20rv%3A96.0)%20Gecko%2F20100101%20Firefox%2F96.0&dev=r&res=13.31&b_frame=0&pk=4d0afc2425eea6b0cd5a468c9f8a69ed&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=21
192.243.59.20200 OK 1 B URL HTTP/1.1 unseenreport.com/pxf.gif?uuid=0300d0bf-fbfe-4711-9541-1997cabdaa46&eb=da08d6844107154a138edda4653a0f4b&te=f6ce28b9ffd697cd2ee52a12f20448bb&ua=Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64%3B%20rv%3A96.0)%20Gecko%2F20100101%20Firefox%2F96.0&dev=r&res=13.31&b_frame=0&pk=4d0afc2425eea6b0cd5a468c9f8a69ed&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=21
IP 192.243.59.20:0
ASN #39572 DataWeb Global Group B.V.
File type very short file (no magic)
Hash 93b885adfe0da089cdf634904fd59f71
5ba93c9db0cff93f52b521d7420e43f6eda2784f
6e340b9cffb37a989ca544e6bb780a2c78901d3fb33738768511a30617afa01d
Analyzer Verdict Alert quad9 Sinkholed
GET /pxf.gif?uuid=0300d0bf-fbfe-4711-9541-1997cabdaa46&eb=da08d6844107154a138edda4653a0f4b&te=f6ce28b9ffd697cd2ee52a12f20448bb&ua=Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64%3B%20rv%3A96.0)%20Gecko%2F20100101%20Firefox%2F96.0&dev=r&res=13.31&b_frame=0&pk=4d0afc2425eea6b0cd5a468c9f8a69ed&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=21 HTTP/1.1
Host: unseenreport.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.17.9
Date: Tue, 20 Sep 2022 21:13:35 GMT
Content-Type: image/gif
Content-Length: 1
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: fd606692dc7ade0170a2b02d5276e962
Strict-Transport-Security: max-age=0; includeSubdomains
unseenreport.com/pxf.gif?uuid=0300d0bf-fbfe-4711-9541-1997cabdaa46&eb=da08d6844107154a138edda4653a0f4b&te=f6ce28b9ffd697cd2ee52a12f20448bb&ua=Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64%3B%20rv%3A96.0)%20Gecko%2F20100101%20Firefox%2F96.0&dev=r&res=13.31&b_frame=0&pk=a2f990f10476061c719d1c1aa3a2ecd2&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=21
192.243.59.20200 OK 1 B URL HTTP/1.1 unseenreport.com/pxf.gif?uuid=0300d0bf-fbfe-4711-9541-1997cabdaa46&eb=da08d6844107154a138edda4653a0f4b&te=f6ce28b9ffd697cd2ee52a12f20448bb&ua=Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64%3B%20rv%3A96.0)%20Gecko%2F20100101%20Firefox%2F96.0&dev=r&res=13.31&b_frame=0&pk=a2f990f10476061c719d1c1aa3a2ecd2&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=21
IP 192.243.59.20:0
ASN #39572 DataWeb Global Group B.V.
File type very short file (no magic)
Hash 93b885adfe0da089cdf634904fd59f71
5ba93c9db0cff93f52b521d7420e43f6eda2784f
6e340b9cffb37a989ca544e6bb780a2c78901d3fb33738768511a30617afa01d
Analyzer Verdict Alert quad9 Sinkholed
GET /pxf.gif?uuid=0300d0bf-fbfe-4711-9541-1997cabdaa46&eb=da08d6844107154a138edda4653a0f4b&te=f6ce28b9ffd697cd2ee52a12f20448bb&ua=Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64%3B%20rv%3A96.0)%20Gecko%2F20100101%20Firefox%2F96.0&dev=r&res=13.31&b_frame=0&pk=a2f990f10476061c719d1c1aa3a2ecd2&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=21 HTTP/1.1
Host: unseenreport.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.17.9
Date: Tue, 20 Sep 2022 21:13:35 GMT
Content-Type: image/gif
Content-Length: 1
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 544b3e430d7839118f94244114d7acd6
Strict-Transport-Security: max-age=0; includeSubdomains
a.adtng.com/get/10010248?time=1592494928726&atc=425995&apb=0A_6OdS7IaP1jws2YIHy3PYNhm6wzZPuvzSP6Cpl5mitcBJEsP5RZ6s4kJzEgvYhFVwuoeM_TnhT6WVVWwJ6yz0mI0WbM5OEMcTuAGeJSada_gUIDRUi
66.254.114.171200 OK 14 kB URL HTTP/2 a.adtng.com/get/10010248?time=1592494928726&atc=425995&apb=0A_6OdS7IaP1jws2YIHy3PYNhm6wzZPuvzSP6Cpl5mitcBJEsP5RZ6s4kJzEgvYhFVwuoeM_TnhT6WVVWwJ6yz0mI0WbM5OEMcTuAGeJSada_gUIDRUi
IP 66.254.114.171:0
Hash cf8639961b7ac29ebfda91930e7b4061
40c7ebcb70ff0815f174c877cb2ef37f5ad34397
7eccdf89b34f89631efc284bf6806be2402d926842bb8866574100dc2e0ae429
GET /get/10010248?time=1592494928726&atc=425995&apb=0A_6OdS7IaP1jws2YIHy3PYNhm6wzZPuvzSP6Cpl5mitcBJEsP5RZ6s4kJzEgvYhFVwuoeM_TnhT6WVVWwJ6yz0mI0WbM5OEMcTuAGeJSada_gUIDRUi HTTP/1.1
Host: a.adtng.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://a.focusde.info/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: openresty
date: Tue, 20 Sep 2022 21:13:35 GMT
content-type: text/html
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-headers: Accept,Authorization,Cache-Control,Content-Type,DNT,If-Modified-Since,Keep-Alive,Origin,User-Agent,X-Requested-With
content-encoding: gzip
set-cookie: adtool_guid=Ch5KBmMqLP8PsFeIZcQpAg==; expires=Thu, 31-Dec-37 23:55:55 GMT; path=/; Secure; HTTPOnly; SameSite=None;
RNLBSERVERID=ded6974; path=/; HttpOnly; Secure; SameSite=None
x-request-id: 632A2CFF-42FE72AB01BB2159-30CC2F05
X-Firefox-Spdy: h2
a.bestcontentfood.top/warp/4787912?r=11098
172.64.105.34200 OK 5.5 kB URL HTTP/2 a.bestcontentfood.top/warp/4787912?r=11098
IP 172.64.105.34:0
File type ASCII text, with very long lines (4178), with no line terminators
Hash 0bdb64b761b80c0c48a9311117af7a39
327d7533dd0281dca89c3d1ecef3d64edffe2826
b4ef9d5300d0462b38b8034422060193027f7749212d3207c09575f496de24fc
Analyzer Verdict Alert fortinet Phishing
GET /warp/4787912?r=11098 HTTP/1.1
Host: a.bestcontentfood.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://a.focusde.info/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Tue, 20 Sep 2022 21:13:35 GMT
content-type: application/javascript; charset=UTF-8
referer: a.medfoodsafety.com
cache-control: public, max-age=900
etag: W/"b5bfe5efa4321a0b085300dd0d4edb9f"
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=11FHayXvIDwpzNt%2BPEAwBfKjt1FMb7K7IbZZV4OK%2B%2FQgvRyYdUfSAvfRLNcb7Xk0cq2wQpPdhAsJ%2BSBG6v7ps7mF%2Br52xjLpcc4dtxYI%2FhbZmMa2MhMEa%2BpOpanhuLNdlQbw27lNqjc%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 74dd90da19da0702-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
hw-cdn2.adtng.com/delivery/intersection_observer/IntersectionObserver.js
209.197.3.25200 OK 17 kB URL HTTP/1.1 hw-cdn2.adtng.com/delivery/intersection_observer/IntersectionObserver.js
IP 209.197.3.25:0
File type ASCII text, with very long lines (16885), with no line terminators
Hash 48c80c7c28b5b00a8b4ff94a22b72fe3
d57303c2ad2fd5cedc5cb20f264a6965a7819cee
6e9be773031b3234fb9c2d6cf3d9740db1208f4351beca325ec34f76fd38f356
GET /delivery/intersection_observer/IntersectionObserver.js HTTP/1.1
Host: hw-cdn2.adtng.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://a.adtng.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
HTTP/1.1 200 OK
Date: Tue, 20 Sep 2022 21:13:35 GMT
Connection: Keep-Alive
ETag: "1649192094"
Content-Length: 16885
Content-Type: application/javascript
Last-Modified: Tue, 05 Apr 2022 20:54:54 GMT
Accept-Ranges: bytes
Cache-Control: max-age=10721591
X-HW: 1663708415.dop001.sk1.t,1663708415.cds012.sk1.shn,1663708415.dop001.sk1.t,1663708415.cds228.sk1.c
Access-Control-Allow-Origin: *
a.adtng.com/get/10005363?time=1592491455431&atc=416763&apb=NFiEuDtT9fGZYnqhpF0BphiroAoMorT-7WIk4PHiYuKnMKNuL8h6yhZkNQrc8v0zs7lA95_7QIDy6QVNM8Zcobcs2QbDBvsuybpnEBt9xuSiSg_gUIDRUi
66.254.114.171200 OK 77 kB URL HTTP/2 a.adtng.com/get/10005363?time=1592491455431&atc=416763&apb=NFiEuDtT9fGZYnqhpF0BphiroAoMorT-7WIk4PHiYuKnMKNuL8h6yhZkNQrc8v0zs7lA95_7QIDy6QVNM8Zcobcs2QbDBvsuybpnEBt9xuSiSg_gUIDRUi
IP 66.254.114.171:0
Hash 1d0949b3f11dd79171cf3f74fbda8db2
efb808911637c33acea352c51c61fa4847cf4e0f
26f5e6b2e3084375eb3f56406aaef0744cc42d13f61e631e4478f3b2799ba915
GET /get/10005363?time=1592491455431&atc=416763&apb=NFiEuDtT9fGZYnqhpF0BphiroAoMorT-7WIk4PHiYuKnMKNuL8h6yhZkNQrc8v0zs7lA95_7QIDy6QVNM8Zcobcs2QbDBvsuybpnEBt9xuSiSg_gUIDRUi HTTP/1.1
Host: a.adtng.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://tsyndicate.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: openresty
date: Tue, 20 Sep 2022 21:13:35 GMT
content-type: text/html
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-headers: Accept,Authorization,Cache-Control,Content-Type,DNT,If-Modified-Since,Keep-Alive,Origin,User-Agent,X-Requested-With
content-encoding: gzip
set-cookie: adtool_guid=Ch5KBmMqLP8QVVfJiJlEAg==; expires=Thu, 31-Dec-37 23:55:55 GMT; path=/; Secure; HTTPOnly; SameSite=None;
RNLBSERVERID=ded6974; path=/; HttpOnly; Secure; SameSite=None
x-request-id: 632A2CFF-42FE72AB01BB2159-30CC2F04
X-Firefox-Spdy: h2
pxl.tsyndicate.com/api/v1/p/p.js?p=APeIQFMmDJkycuaI0BGjBgsRYcbQWRjjIZ0zC0WMgVFDTJgyMcq0uAEDRowWNHLAsNFCDJkwLG3QqHHDhscyOMjEmCHiYZg6YzLiKEODDI0ZKluUyUEGB0oaMViKuUFDJI6oZlbCIHMjR4wYPSGSsbPQRg4bMh7CqSNm4QwcNmrA8AkHjlsaOEg-nANnog6oMmHcmPFwTBu7f6PWJCzWDMWHYty4WSijJg0bMxi3cYNRR-UZZtVu7hwDagwcD-uA1TGQDh04c3S8eBHGhUE6nF2MedPmxZkydF7EKMkR9IwfdNK0KdOjYQ4ZKUvXqHE0Bpc6JWXYCENnTA_Ai69n3w5HTI8jb-rUoaGnjYw3vJkgeYKnSBAaU6bICMOGjR4rMSzBBhxBSKGGFGSgQYMTMsxAhBFVWQFFFErEIUQbTDzRhhVIKHFEEGJIQYVkeJChRgxxZEGHHVC8YYUUVZgRxRsj4kFFFTmc4QQWMZxBhRFqpCFGEzAk8UQSadBBhhNTtHHEE3d8cUYVSRABYxphwdHGYyK8oSWXZPCW0XJkpFFbGHO8EYMLbgAX1hjcLbTFDDF0oZYcQekAgwslVSSCGI7pySdHhWn5BRx4LlRVC4SKIIcdiMn1UBljfKnDUIw6JIJ6WLJWQxhh4GCGGaW1EJcZTtEwhg0n5TCDDE6tZAMOY5gRxltiTBVWGoiJ4JULKrlAgwwuNERDWHJ8wWtGvwY7bLHUhVVHGBk18YYeafQXxgs18AkCCjzGsAMITKThRh14gIAHXF_INO6jOpzFZwogHEHpGm-8IINJfZoEghFpyFGGGW_g8YK8MLyZpwhOPBHWG8mOsXDDYbGxcBFOhHWQHV8IzAZFNN2AA2g4lPSQHGdM5lkNeT208RdiyLEQDqiJ8HIbb5BBGVx-kiHHG2499IZCnt1ZcB6KnjxwRmi4BptsL5Bppm1prtlmcGHN8WhGP9PBHcQt1OFGkqZ2S8YYMcig8cIHfXF22mHRsSVDNmBGEg5QaSq32nTbDQPext5wg09kdFwGX1_E2fcMd-c9Kcf8IUQH0XPSYCdEYvhl88A_sTGRWhYvNJdGncHQhwIBAQ%3D%3D&s=352c83c2dfba785b14abe4e2fcb7022220a584b7c052ac48128cbb17650bff741663708415&w=t&r=1&d=333&priv=false
136.243.46.156200 OK 24 B URL HTTP/2 pxl.tsyndicate.com/api/v1/p/p.js?p=APeIQFMmDJkycuaI0BGjBgsRYcbQWRjjIZ0zC0WMgVFDTJgyMcq0uAEDRowWNHLAsNFCDJkwLG3QqHHDhscyOMjEmCHiYZg6YzLiKEODDI0ZKluUyUEGB0oaMViKuUFDJI6oZlbCIHMjR4wYPSGSsbPQRg4bMh7CqSNm4QwcNmrA8AkHjlsaOEg-nANnog6oMmHcmPFwTBu7f6PWJCzWDMWHYty4WSijJg0bMxi3cYNRR-UZZtVu7hwDagwcD-uA1TGQDh04c3S8eBHGhUE6nF2MedPmxZkydF7EKMkR9IwfdNK0KdOjYQ4ZKUvXqHE0Bpc6JWXYCENnTA_Ai69n3w5HTI8jb-rUoaGnjYw3vJkgeYKnSBAaU6bICMOGjR4rMSzBBhxBSKGGFGSgQYMTMsxAhBFVWQFFFErEIUQbTDzRhhVIKHFEEGJIQYVkeJChRgxxZEGHHVC8YYUUVZgRxRsj4kFFFTmc4QQWMZxBhRFqpCFGEzAk8UQSadBBhhNTtHHEE3d8cUYVSRABYxphwdHGYyK8oSWXZPCW0XJkpFFbGHO8EYMLbgAX1hjcLbTFDDF0oZYcQekAgwslVSSCGI7pySdHhWn5BRx4LlRVC4SKIIcdiMn1UBljfKnDUIw6JIJ6WLJWQxhh4GCGGaW1EJcZTtEwhg0n5TCDDE6tZAMOY5gRxltiTBVWGoiJ4JULKrlAgwwuNERDWHJ8wWtGvwY7bLHUhVVHGBk18YYeafQXxgs18AkCCjzGsAMITKThRh14gIAHXF_INO6jOpzFZwogHEHpGm-8IINJfZoEghFpyFGGGW_g8YK8MLyZpwhOPBHWG8mOsXDDYbGxcBFOhHWQHV8IzAZFNN2AA2g4lPSQHGdM5lkNeT208RdiyLEQDqiJ8HIbb5BBGVx-kiHHG2499IZCnt1ZcB6KnjxwRmi4BptsL5Bppm1prtlmcGHN8WhGP9PBHcQt1OFGkqZ2S8YYMcig8cIHfXF22mHRsSVDNmBGEg5QaSq32nTbDQPext5wg09kdFwGX1_E2fcMd-c9Kcf8IUQH0XPSYCdEYvhl88A_sTGRWhYvNJdGncHQhwIBAQ%3D%3D&s=352c83c2dfba785b14abe4e2fcb7022220a584b7c052ac48128cbb17650bff741663708415&w=t&r=1&d=333&priv=false
IP 136.243.46.156:0
ASN #24940 Hetzner Online GmbH
File type ASCII text, with no line terminators
Hash 0959ba36d476b6dc1994ba3c678b07c4
d30b94da72daa02766965206a85b7e0356375f5e
897410b87e27e3dfba3a7d6caab315a5e69cc941bb96d91fc74878a9b051843a
GET /api/v1/p/p.js?p=APeIQFMmDJkycuaI0BGjBgsRYcbQWRjjIZ0zC0WMgVFDTJgyMcq0uAEDRowWNHLAsNFCDJkwLG3QqHHDhscyOMjEmCHiYZg6YzLiKEODDI0ZKluUyUEGB0oaMViKuUFDJI6oZlbCIHMjR4wYPSGSsbPQRg4bMh7CqSNm4QwcNmrA8AkHjlsaOEg-nANnog6oMmHcmPFwTBu7f6PWJCzWDMWHYty4WSijJg0bMxi3cYNRR-UZZtVu7hwDagwcD-uA1TGQDh04c3S8eBHGhUE6nF2MedPmxZkydF7EKMkR9IwfdNK0KdOjYQ4ZKUvXqHE0Bpc6JWXYCENnTA_Ai69n3w5HTI8jb-rUoaGnjYw3vJkgeYKnSBAaU6bICMOGjR4rMSzBBhxBSKGGFGSgQYMTMsxAhBFVWQFFFErEIUQbTDzRhhVIKHFEEGJIQYVkeJChRgxxZEGHHVC8YYUUVZgRxRsj4kFFFTmc4QQWMZxBhRFqpCFGEzAk8UQSadBBhhNTtHHEE3d8cUYVSRABYxphwdHGYyK8oSWXZPCW0XJkpFFbGHO8EYMLbgAX1hjcLbTFDDF0oZYcQekAgwslVSSCGI7pySdHhWn5BRx4LlRVC4SKIIcdiMn1UBljfKnDUIw6JIJ6WLJWQxhh4GCGGaW1EJcZTtEwhg0n5TCDDE6tZAMOY5gRxltiTBVWGoiJ4JULKrlAgwwuNERDWHJ8wWtGvwY7bLHUhVVHGBk18YYeafQXxgs18AkCCjzGsAMITKThRh14gIAHXF_INO6jOpzFZwogHEHpGm-8IINJfZoEghFpyFGGGW_g8YK8MLyZpwhOPBHWG8mOsXDDYbGxcBFOhHWQHV8IzAZFNN2AA2g4lPSQHGdM5lkNeT208RdiyLEQDqiJ8HIbb5BBGVx-kiHHG2499IZCnt1ZcB6KnjxwRmi4BptsL5Bppm1prtlmcGHN8WhGP9PBHcQt1OFGkqZ2S8YYMcig8cIHfXF22mHRsSVDNmBGEg5QaSq32nTbDQPext5wg09kdFwGX1_E2fcMd-c9Kcf8IUQH0XPSYCdEYvhl88A_sTGRWhYvNJdGncHQhwIBAQ%3D%3D&s=352c83c2dfba785b14abe4e2fcb7022220a584b7c052ac48128cbb17650bff741663708415&w=t&r=1&d=333&priv=false HTTP/1.1
Host: pxl.tsyndicate.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://tsyndicate.com/
Cookie: ts_uid=df49caed-4b37-4896-a75f-e8a2c9c13992; bfq=APeIECNCxxYZOGDEwFGjRhcWIsYU3BLjoYgyE2PYsDHjRg4aOGI47KMg
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
HTTP/2 200 OK
server: nginx
date: Tue, 20 Sep 2022 21:13:36 GMT
content-type: text/plain; charset=utf-8
content-length: 24
x-robots-tag: noindex, nofollow
X-Firefox-Spdy: h2
pxl.tsyndicate.com/api/v1/p/p.js?p=APeIQFMmDJkycuaI0BGjBgsRYcbQWRjjIZ0zC0WQgXGjRhkcYWC0oDFGTIyRM27caCHGI5kWMD7moBHGBoyWM8KIeBimzpiMNGLkgCFDRgwZLW7YKFNjpIwcM1rgmBEDRwszM2zMKCqjjBkZNsjshEjGzkIbOWzIeAinjhiKT2FUhAgHzkIcN2jMeDgHzkQdM3DAEIwDx8M2ff_SgGGjRg2wD8e0sauDhowaOXI4JGtmoQzDIsS4ceNZcFXHh91g1CHjRtYcbNuoPlsj6MM6MTKioUMHzhwdL16EcWGQjmoXY960eXGmDJ0XMWDIJUoDxw86adqU6dEwhwwaM73jBculjnSwYeiM6WEZs-by522EgSOmxw0mVaDcKTIjzYw4TGiBxRpuiNGGEW7UcQYUYTyBhxNVrKGEHHJ88cUQWViRhRxJZKHGHTTYcQQSZ9TxhQxIxCBGGXPgMQYbVrjxBBMEiZFEDm8UkYMeWmihRgxEwOCGFTKsUUQcRtzxBg1QLBEHgVaUUYUVbExhBBRi3JCEHUFcSMUXZ1SRBBFSVJHGWHC0QdFDb6S5pkbKZTScGW-MUcccB7mQhht0jjVGegttQVUXbMnxkw4wuCDdXGJ0hqiic8lhB2UN3VbHmTpoZAZ4f5bxEg1ipDQSDmm1EEZHZrTwURgyjJHDGDHMkJkMY6VBmQg5xODCUC5Y5kJDNIxVoa0Z5bpror4CO1YdOmXaxBt6pMEGG2G8UIOiIKCARQwx7AACE3vWgQcIeOBgwxc20OCtpDqkpWgKIBxRxhhrvPGCDNNNFwMIRqQhh1dv4PGCuzD4eagITjwx1hsVjnFwwmOxcXARTox1kB1f_MsGRTWoNJUNgsHwkBxnkMZaDXg9dPEXYshxF2grt_GGWKyZOxcZcryx0F4ivKEQa4UGnMdCNIzslW68-QaccC7QaSeeZejJp71j3ZHRUYKNhcbV1I01h6QZ5UxHegy3UIcbadDRAsoukAErrSoffNAXbh81Fh1qMmSDVjcMFtRmeNOqN99-N_SYyGRlzCIcXwA6eEqFb1YGxmGwgRAdPwtKA6EQifGXRl71xMZEbEm8EOJjrAZDHwoEBA%3D%3D&s=df9240e0b18f14d6566e844fd2b95ffa209c9a5aad44833a91b8d6aa2105d0791663708415&w=t&r=1&d=268&priv=false
136.243.46.156200 OK 24 B URL HTTP/2 pxl.tsyndicate.com/api/v1/p/p.js?p=APeIQFMmDJkycuaI0BGjBgsRYcbQWRjjIZ0zC0WQgXGjRhkcYWC0oDFGTIyRM27caCHGI5kWMD7moBHGBoyWM8KIeBimzpiMNGLkgCFDRgwZLW7YKFNjpIwcM1rgmBEDRwszM2zMKCqjjBkZNsjshEjGzkIbOWzIeAinjhiKT2FUhAgHzkIcN2jMeDgHzkQdM3DAEIwDx8M2ff_SgGGjRg2wD8e0sauDhowaOXI4JGtmoQzDIsS4ceNZcFXHh91g1CHjRtYcbNuoPlsj6MM6MTKioUMHzhwdL16EcWGQjmoXY960eXGmDJ0XMWDIJUoDxw86adqU6dEwhwwaM73jBculjnSwYeiM6WEZs-by522EgSOmxw0mVaDcKTIjzYw4TGiBxRpuiNGGEW7UcQYUYTyBhxNVrKGEHHJ88cUQWViRhRxJZKHGHTTYcQQSZ9TxhQxIxCBGGXPgMQYbVrjxBBMEiZFEDm8UkYMeWmihRgxEwOCGFTKsUUQcRtzxBg1QLBEHgVaUUYUVbExhBBRi3JCEHUFcSMUXZ1SRBBFSVJHGWHC0QdFDb6S5pkbKZTScGW-MUcccB7mQhht0jjVGegttQVUXbMnxkw4wuCDdXGJ0hqiic8lhB2UN3VbHmTpoZAZ4f5bxEg1ipDQSDmm1EEZHZrTwURgyjJHDGDHMkJkMY6VBmQg5xODCUC5Y5kJDNIxVoa0Z5bpror4CO1YdOmXaxBt6pMEGG2G8UIOiIKCARQwx7AACE3vWgQcIeOBgwxc20OCtpDqkpWgKIBxRxhhrvPGCDNNNFwMIRqQhh1dv4PGCuzD4eagITjwx1hsVjnFwwmOxcXARTox1kB1f_MsGRTWoNJUNgsHwkBxnkMZaDXg9dPEXYshxF2grt_GGWKyZOxcZcryx0F4ivKEQa4UGnMdCNIzslW68-QaccC7QaSeeZejJp71j3ZHRUYKNhcbV1I01h6QZ5UxHegy3UIcbadDRAsoukAErrSoffNAXbh81Fh1qMmSDVjcMFtRmeNOqN99-N_SYyGRlzCIcXwA6eEqFb1YGxmGwgRAdPwtKA6EQifGXRl71xMZEbEm8EOJjrAZDHwoEBA%3D%3D&s=df9240e0b18f14d6566e844fd2b95ffa209c9a5aad44833a91b8d6aa2105d0791663708415&w=t&r=1&d=268&priv=false
IP 136.243.46.156:0
ASN #24940 Hetzner Online GmbH
File type ASCII text, with no line terminators
Hash 0959ba36d476b6dc1994ba3c678b07c4
d30b94da72daa02766965206a85b7e0356375f5e
897410b87e27e3dfba3a7d6caab315a5e69cc941bb96d91fc74878a9b051843a
GET /api/v1/p/p.js?p=APeIQFMmDJkycuaI0BGjBgsRYcbQWRjjIZ0zC0WQgXGjRhkcYWC0oDFGTIyRM27caCHGI5kWMD7moBHGBoyWM8KIeBimzpiMNGLkgCFDRgwZLW7YKFNjpIwcM1rgmBEDRwszM2zMKCqjjBkZNsjshEjGzkIbOWzIeAinjhiKT2FUhAgHzkIcN2jMeDgHzkQdM3DAEIwDx8M2ff_SgGGjRg2wD8e0sauDhowaOXI4JGtmoQzDIsS4ceNZcFXHh91g1CHjRtYcbNuoPlsj6MM6MTKioUMHzhwdL16EcWGQjmoXY960eXGmDJ0XMWDIJUoDxw86adqU6dEwhwwaM73jBculjnSwYeiM6WEZs-by522EgSOmxw0mVaDcKTIjzYw4TGiBxRpuiNGGEW7UcQYUYTyBhxNVrKGEHHJ88cUQWViRhRxJZKHGHTTYcQQSZ9TxhQxIxCBGGXPgMQYbVrjxBBMEiZFEDm8UkYMeWmihRgxEwOCGFTKsUUQcRtzxBg1QLBEHgVaUUYUVbExhBBRi3JCEHUFcSMUXZ1SRBBFSVJHGWHC0QdFDb6S5pkbKZTScGW-MUcccB7mQhht0jjVGegttQVUXbMnxkw4wuCDdXGJ0hqiic8lhB2UN3VbHmTpoZAZ4f5bxEg1ipDQSDmm1EEZHZrTwURgyjJHDGDHMkJkMY6VBmQg5xODCUC5Y5kJDNIxVoa0Z5bpror4CO1YdOmXaxBt6pMEGG2G8UIOiIKCARQwx7AACE3vWgQcIeOBgwxc20OCtpDqkpWgKIBxRxhhrvPGCDNNNFwMIRqQhh1dv4PGCuzD4eagITjwx1hsVjnFwwmOxcXARTox1kB1f_MsGRTWoNJUNgsHwkBxnkMZaDXg9dPEXYshxF2grt_GGWKyZOxcZcryx0F4ivKEQa4UGnMdCNIzslW68-QaccC7QaSeeZejJp71j3ZHRUYKNhcbV1I01h6QZ5UxHegy3UIcbadDRAsoukAErrSoffNAXbh81Fh1qMmSDVjcMFtRmeNOqN99-N_SYyGRlzCIcXwA6eEqFb1YGxmGwgRAdPwtKA6EQifGXRl71xMZEbEm8EOJjrAZDHwoEBA%3D%3D&s=df9240e0b18f14d6566e844fd2b95ffa209c9a5aad44833a91b8d6aa2105d0791663708415&w=t&r=1&d=268&priv=false HTTP/1.1
Host: pxl.tsyndicate.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://a.focusde.info/
Cookie: ts_uid=df49caed-4b37-4896-a75f-e8a2c9c13992; bfq=APeIECNCxxYZOGDEwFGjRhcWIsYU3BLjoYgyE2PYsDHjRg4aOGI47KMg
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Tue, 20 Sep 2022 21:13:36 GMT
content-type: text/plain; charset=utf-8
content-length: 24
x-robots-tag: noindex, nofollow
X-Firefox-Spdy: h2
s.optnx.com/cimp.php?data=TVRZMk16Y3dPRFF4Tkh3elpHVXpOMkl6TmpWbU1UWXhPRGM0WW1FeE1UZG1OMkppT0RRNU1HSm1NZy0tfC9saWJyYXJ5Lzc1NDY3NC9iNzRhZGZmYzIyNjIwMzE1MDQxYjRkZWQ4Y2E4NWFmZGFiY2JkYTNmLmpwZ3xodHRwc3w5MS45MC40Mi4xNTR8Tk9SfDQxfGFkLW1hdmVuLmNvbXw3NTQ2NzR8NDMwNjc1fDg2NzMwMHw0NDQ0NzE0fDUwOHw1Mjg0ODk0fDc1MjcyODY0fDE1fDN8MHwwfDI1MzQ0fDk2MTk1Nnx8NzV8VVNEfFVTRHwxfDF8NDN8fDF8Tk9SfHwyMHwxfDF8fDk1NjMwODI3NjIzMTk3NHwxY2ZmYTI2Y2FiOTIyN2UxNjAwMzQzYTlmZmJmMGRlMnwxfDB8eGZhbnRhenkuY29tfDB8MHwwfDB8MXwwfGV4Y2hhbmdlX2luX3BhZ2VfcHVzaF9ub3RpZmljYXRpb258MHwwfDB8LTF8MHwwfHx8MXwxNDQwfHwwfDB8MHwwfDB8MHwxfDB8fDh8MXxNb3ppbGxhLzUuMCAoWDExOyBMaW51eCB4ODZfNjQ7IHJ2Ojk2LjApIEdlY2tvLzIwMTAwMTAxIEZpcmVmb3gvOTYuMHxPS3xhZjdjZDhkYTY0OTlkZjcxNWFhODA2M2Y1MmExN2VhOQ--
95.211.229.245302 Found 0 B URL HTTP/1.1 s.optnx.com/cimp.php?data=TVRZMk16Y3dPRFF4Tkh3elpHVXpOMkl6TmpWbU1UWXhPRGM0WW1FeE1UZG1OMkppT0RRNU1HSm1NZy0tfC9saWJyYXJ5Lzc1NDY3NC9iNzRhZGZmYzIyNjIwMzE1MDQxYjRkZWQ4Y2E4NWFmZGFiY2JkYTNmLmpwZ3xodHRwc3w5MS45MC40Mi4xNTR8Tk9SfDQxfGFkLW1hdmVuLmNvbXw3NTQ2NzR8NDMwNjc1fDg2NzMwMHw0NDQ0NzE0fDUwOHw1Mjg0ODk0fDc1MjcyODY0fDE1fDN8MHwwfDI1MzQ0fDk2MTk1Nnx8NzV8VVNEfFVTRHwxfDF8NDN8fDF8Tk9SfHwyMHwxfDF8fDk1NjMwODI3NjIzMTk3NHwxY2ZmYTI2Y2FiOTIyN2UxNjAwMzQzYTlmZmJmMGRlMnwxfDB8eGZhbnRhenkuY29tfDB8MHwwfDB8MXwwfGV4Y2hhbmdlX2luX3BhZ2VfcHVzaF9ub3RpZmljYXRpb258MHwwfDB8LTF8MHwwfHx8MXwxNDQwfHwwfDB8MHwwfDB8MHwxfDB8fDh8MXxNb3ppbGxhLzUuMCAoWDExOyBMaW51eCB4ODZfNjQ7IHJ2Ojk2LjApIEdlY2tvLzIwMTAwMTAxIEZpcmVmb3gvOTYuMHxPS3xhZjdjZDhkYTY0OTlkZjcxNWFhODA2M2Y1MmExN2VhOQ--
IP 95.211.229.245:0
ASN #60781 LeaseWeb Netherlands B.V.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /cimp.php?data=TVRZMk16Y3dPRFF4Tkh3elpHVXpOMkl6TmpWbU1UWXhPRGM0WW1FeE1UZG1OMkppT0RRNU1HSm1NZy0tfC9saWJyYXJ5Lzc1NDY3NC9iNzRhZGZmYzIyNjIwMzE1MDQxYjRkZWQ4Y2E4NWFmZGFiY2JkYTNmLmpwZ3xodHRwc3w5MS45MC40Mi4xNTR8Tk9SfDQxfGFkLW1hdmVuLmNvbXw3NTQ2NzR8NDMwNjc1fDg2NzMwMHw0NDQ0NzE0fDUwOHw1Mjg0ODk0fDc1MjcyODY0fDE1fDN8MHwwfDI1MzQ0fDk2MTk1Nnx8NzV8VVNEfFVTRHwxfDF8NDN8fDF8Tk9SfHwyMHwxfDF8fDk1NjMwODI3NjIzMTk3NHwxY2ZmYTI2Y2FiOTIyN2UxNjAwMzQzYTlmZmJmMGRlMnwxfDB8eGZhbnRhenkuY29tfDB8MHwwfDB8MXwwfGV4Y2hhbmdlX2luX3BhZ2VfcHVzaF9ub3RpZmljYXRpb258MHwwfDB8LTF8MHwwfHx8MXwxNDQwfHwwfDB8MHwwfDB8MHwxfDB8fDh8MXxNb3ppbGxhLzUuMCAoWDExOyBMaW51eCB4ODZfNjQ7IHJ2Ojk2LjApIEdlY2tvLzIwMTAwMTAxIEZpcmVmb3gvOTYuMHxPS3xhZjdjZDhkYTY0OTlkZjcxNWFhODA2M2Y1MmExN2VhOQ-- HTTP/1.1
Host: s.optnx.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 302 Found
Server: nginx
Date: Tue, 20 Sep 2022 21:13:36 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: __uvt=a%3A1%3A%7Bi%3A0%3Bs%3A33%3A%22632a2d0038b146.810957062467842141%22%3B%7D; expires=Thu, 19 Sep 2024 21:13:36 GMT; path=; domain=.optnx.com; Secure; SameSite=none
Location: https://s3t3d2y8.afcdn.net/library/754674/b74adffc22620315041b4ded8ca85afdabcbda3f.jpg
X-Robots-Tag: noindex, follow
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 14f010eaa7c30de5fd73a91aaad6046f
9ffb3fb20e41ee5dd968a8a9139d523b4ae1d969
d54cb754e4198636d3bfd60db10f6dd5b96a95e7cb466c786a8624b9da3aedf3
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "D54CB754E4198636D3BFD60DB10F6DD5B96A95E7CB466C786A8624B9DA3AEDF3"
Last-Modified: Mon, 19 Sep 2022 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11084
Expires: Wed, 21 Sep 2022 00:18:20 GMT
Date: Tue, 20 Sep 2022 21:13:36 GMT
Connection: keep-alive
s3t3d2y8.afcdn.net/library/754674/b74adffc22620315041b4ded8ca85afdabcbda3f.jpg
185.76.9.16200 OK 12 kB URL HTTP/2 s3t3d2y8.afcdn.net/library/754674/b74adffc22620315041b4ded8ca85afdabcbda3f.jpg
IP 185.76.9.16:0
ASN #60068 Datacamp Limited
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 90", baseline, precision 8, 192x192, components 3\012- data
Hash 7048112cf47ac1c3ff75557494f2eb23
b74adffc22620315041b4ded8ca85afdabcbda3f
893779968f8afb5400950b97dbef154739f70d0157c09fc268a22b5362d19500
GET /library/754674/b74adffc22620315041b4ded8ca85afdabcbda3f.jpg HTTP/1.1
Host: s3t3d2y8.afcdn.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Tue, 20 Sep 2022 21:13:36 GMT
content-type: image/jpeg
content-length: 12250
last-modified: Tue, 31 Aug 2021 12:54:36 GMT
etag: "612e268c-2fda"
expires: Fri, 15 Sep 2023 21:02:31 GMT
cache-control: max-age=31536000
access-control-allow-origin: *
x-robots-tag: noindex, follow
x-cache-op: HIT
x-accel-expires: @1694811934
server: CDN77-Turbo
x-77-nzt: AblMCQ3gybr/YpkGAA
x-77-nzt-ray: qn3nj0qcY90
x-cache: HIT
x-age: 432482
x-77-pop: stockholmSE
x-77-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
camschat.net/900250/adnium.php
66.230.180.98200 OK 949 B URL HTTP/2 camschat.net/900250/adnium.php
IP 66.230.180.98:0
Hash b1de1b905877115a99aa242d383bdfa6
e62ea59de5d27b925b9ab972d44e5964e4f0dd89
b6dd3390138ab1da57b136c7118337ef2a445eb08f1626cf6f23ef1b0d98adfc
GET /900250/adnium.php HTTP/1.1
Host: camschat.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://a.medfoodsafety.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Tue, 20 Sep 2022 21:13:35 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
x-powered-by: PHP/7.4.3
content-encoding: gzip
X-Firefox-Spdy: h2
as.sexad.net/as/if?p=reseller&w=1&h=1&v=5106&adType=cats&adWidth=900&adHeight=75&niche=female&fontSize=15&font_color=%23fff&background_color=%23000000&hn=fap247.com&AFNO=1-286
216.127.52.241200 3.0 kB URL HTTP/1.1 as.sexad.net/as/if?p=reseller&w=1&h=1&v=5106&adType=cats&adWidth=900&adHeight=75&niche=female&fontSize=15&font_color=%23fff&background_color=%23000000&hn=fap247.com&AFNO=1-286
IP 216.127.52.241:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash 1e56b402ccdd084ba966ae52b581abae
6544db541358ec176e37d23b9150dd6c670f15bf
c37af05af05a5cb6199ab7b70ae5331f2ec2c89f8db57c9902d24dbab67e7e77
GET /as/if?p=reseller&w=1&h=1&v=5106&adType=cats&adWidth=900&adHeight=75&niche=female&fontSize=15&font_color=%23fff&background_color=%23000000&hn=fap247.com&AFNO=1-286 HTTP/1.1
Host: as.sexad.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://camschat.net/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 200
Server: nginx/1.18.0
Date: Tue, 20 Sep 2022 21:13:36 GMT
Content-Type: text/html;charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: no-store
Access-Control-Allow-Origin: *
Set-Cookie: at11663708416937_0_5106_4398=0001000; expires=Thu, 20-Oct-2022 21:13:36 GMT; Max-Age=2592000; path=/as; secure; SameSite=None
iid=1209-1663708416; expires=Fri, 17-Sep-2032 21:13:36 GMT; Max-Age=315360000; path=/; secure; SameSite=None
P3P: policyref="/w3c/p3p.xml", CP="This is not our comprehensive privacy policy (P3P). For complete information, please see http://streamate.com/privacy.html"
Content-Encoding: gzip
as.sexad.net/as/if?p=reseller&w=1&h=1&v=5104&noplaybtn=1&adHeight=175&adWidth=235&adType=live&autoplay=true&hn=fap247.com&AFNO=1-286
216.127.52.241200 4.9 kB URL HTTP/1.1 as.sexad.net/as/if?p=reseller&w=1&h=1&v=5104&noplaybtn=1&adHeight=175&adWidth=235&adType=live&autoplay=true&hn=fap247.com&AFNO=1-286
IP 216.127.52.241:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with very long lines (634)
Hash 7953aae98b02e911faeb04a602cac419
ad244983d4e77cd88b27fdb5ebe1a6cfaf488669
849c957b65c9eb7a25637873bcf67544b4329e5c0b642f96ee8ab51684ca81f1
GET /as/if?p=reseller&w=1&h=1&v=5104&noplaybtn=1&adHeight=175&adWidth=235&adType=live&autoplay=true&hn=fap247.com&AFNO=1-286 HTTP/1.1
Host: as.sexad.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://camschat.net/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 200
Server: nginx/1.18.0
Date: Tue, 20 Sep 2022 21:13:36 GMT
Content-Type: text/html;charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: no-store
Access-Control-Allow-Origin: *
Set-Cookie: at11663708416937_0_5104_5671=0001000; expires=Thu, 20-Oct-2022 21:13:36 GMT; Max-Age=2592000; path=/as; secure; SameSite=None
iid=1056-1663708416; expires=Fri, 17-Sep-2032 21:13:36 GMT; Max-Age=315360000; path=/; secure; SameSite=None
P3P: policyref="/w3c/p3p.xml", CP="This is not our comprehensive privacy policy (P3P). For complete information, please see http://streamate.com/privacy.html"
Content-Encoding: gzip
roomimg.stream.highwebmedia.com/riw/mollyflwers.jpg?1663708410
104.19.242.83200 OK 12 kB URL HTTP/2 roomimg.stream.highwebmedia.com/riw/mollyflwers.jpg?1663708410
IP 104.19.242.83:0
File type JPEG image data, JFIF standard 1.02, aspect ratio, density 548x549, segment length 16, progressive, precision 8, 480x270, components 3\012- data
Hash f2dfdf33e7fc7e3857e69d0ea6811c75
ffe2bbfd8e574e4ceabafa8b5c5c7d30e259ad04
a48b87b42e00aa7efce519b482dadf6c9222ce230a99f0468f23616476b626d0
GET /riw/mollyflwers.jpg?1663708410 HTTP/1.1
Host: roomimg.stream.highwebmedia.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://chaturbate.com/
Connection: keep-alive
Cookie: _cfuvid=Mz.3OIkblVbUOt3p8avfJgQVvR0nswAWvSQebRbBaIo-1663708416526-0-604800000
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Tue, 20 Sep 2022 21:13:36 GMT
content-type: image/jpeg
content-length: 12363
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
cache-control: public, max-age=30
cf-bgj: imgq:100,h2pri
cf-polished: origSize=12391
content-security-policy: default-src 'none'; img-src data:; style-src 'unsafe-inline'
referrer-policy: strict-origin-when-cross-origin
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
x-frame-options: DENY
x-xss-protection: 1; mode=block
cf-cache-status: HIT
age: 24
last-modified: Tue, 20 Sep 2022 21:13:12 GMT
expires: Tue, 20 Sep 2022 21:14:06 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=dQBPkCyZxr9kVkezbsJqPhxLtFjKlrNUKDfVxOK1cKvUg27G6lddmzVfhBxCwWR25bHgkZCk6QStQq4vo8sJtHMJlL1G5341kHwQlHigDMdIdGsxd%2Fh8Q56XqtSpIXbl%2BqGsOuB0QMZC6aDlxAy%2B2%2Bk%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 74dd90e5fee9b4eb-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 6df727141da94a756a1d84068fb46ab9
e408b3ae14e26dee974998aa188407933718547a
022d683efd991b7b4777edeb888f8bb4b09691d422a651af4b2b803b902fa57a
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "022D683EFD991B7B4777EDEB888F8BB4B09691D422A651AF4B2B803B902FA57A"
Last-Modified: Mon, 19 Sep 2022 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10271
Expires: Wed, 21 Sep 2022 00:04:48 GMT
Date: Tue, 20 Sep 2022 21:13:37 GMT
Connection: keep-alive
pt-static1.ptlwmstc.com/npe/_common/script/adblock/advertisement-v319042.js
93.93.51.200200 OK 21 B URL HTTP/2 pt-static1.ptlwmstc.com/npe/_common/script/adblock/advertisement-v319042.js
IP 93.93.51.200:0
ASN #34655 DuoDecad IT Services Luxembourg S.a r.l.
File type ASCII text, with no line terminators
Hash 01c6e7ecb819ef28b0c9b962513a1596
1a49f493db7b91ed34a7040d36732352b9a5dc39
e97a9988dce8067f81f57557b349dd481e0335e75175179b6b01322be2ff13a5
GET /npe/_common/script/adblock/advertisement-v319042.js HTTP/1.1
Host: pt-static1.ptlwmstc.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://pt.wmptctl.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Tue, 20 Sep 2022 21:13:37 GMT
content-type: application/javascript
content-length: 21
last-modified: Tue, 20 Sep 2022 09:34:52 GMT
etag: "6329893c-15"
access-control-allow-origin: *
server: unknown
x-cdn-node: sesto
x-cache-status: R-HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
code.jquery.com/jquery-2.1.3.min.js
69.16.175.10200 OK 30 kB URL HTTP/2 code.jquery.com/jquery-2.1.3.min.js
IP 69.16.175.10:0
File type ASCII text, with very long lines (32180)
Hash de4fdb8e2e5d9b9624bad7ed2b726525
053a31e8e83b261e3863c4f9e652caba910a2b89
f44c9556d0ecebc0716a7fce2899c0b40ed96394bebafb2937f4305bf3b118f3
GET /jquery-2.1.3.min.js HTTP/1.1
Host: code.jquery.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://as.sexad.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Tue, 20 Sep 2022 21:13:37 GMT
content-encoding: gzip
content-length: 29507
content-type: application/javascript; charset=utf-8
last-modified: Wed, 16 Feb 2022 10:50:39 GMT
accept-ranges: bytes
server: nginx
etag: W/"620cd6ff-14960"
cache-control: max-age=315360000, public
access-control-allow-origin: *
vary: Accept-Encoding
x-hw: 1663708417.dop227.sk1.t,1663708417.cds261.sk1.hn,1663708417.cds215.sk1.c
X-Firefox-Spdy: h2
poweredby.jads.co/adshow.php?adzone=969388
185.94.237.64200 OK 3.4 kB URL HTTP/1.1 poweredby.jads.co/adshow.php?adzone=969388
IP 185.94.237.64:0
Hash 2ff58529a73ca1ce35c67d4633c4044e
d6e3728a7ab29b4e59e3c4e30292880f2357201a
b5fefeb6248dc8d7a3aee1a8d1249d546a9b990caf8258463cbc0bd49793438b
GET /adshow.php?adzone=969388 HTTP/1.1
Host: poweredby.jads.co
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://media.aso1.net/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Tue, 20 Sep 2022 21:13:37 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: close
X-Powered-By: PHP/5.6.40
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CUR OUR IND STA"
Set-Cookie: surferid=627e8608f93dcc7241d90de87ed38538; expires=Wed, 20-Sep-2023 21:13:36 GMT; Max-Age=31536000; path=/; SameSite=None; Secure; domain=.jads.co
juicy_data_1=YTowOnt9; expires=Fri, 23-Sep-2022 21:13:36 GMT; Max-Age=259200; path=/; SameSite=None; Secure; domain=jads.co
juicy_data=YToxOntzOjEyOiJqdWljeV9kYXRhXzEiO3M6MToiMSI7fQ%3D%3D; expires=Fri, 23-Sep-2022 21:13:36 GMT; Max-Age=259200; path=/; SameSite=None; Secure; domain=jads.co
Content-Encoding: gzip
m.sancdn.net/common/fontawesome-430/font-awesome.min.css
69.16.175.42200 OK 24 kB URL HTTP/1.1 m.sancdn.net/common/fontawesome-430/font-awesome.min.css
IP 69.16.175.42:0
File type ASCII text, with very long lines (23523)
Hash 3738ef90dad175977dc8a695809bb71a
98aa676ba7987caa86d49ab1b71f73896d08ad13
c86f7b62a894d5799f1aa0a535efb34ed6f914447f901f1da50c837dee13fa72
GET /common/fontawesome-430/font-awesome.min.css HTTP/1.1
Host: m.sancdn.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://as.sexad.net/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Date: Tue, 20 Sep 2022 21:13:37 GMT
Connection: Keep-Alive
ETag: "1422564509"
Cache-Control: max-age=86400
Content-Length: 23685
Content-Type: text/css
Last-Modified: Thu, 29 Jan 2015 20:48:29 GMT
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
X-HW: 1663708417.dop229.sk1.t,1663708417.cds259.sk1.shn,1663708417.dop229.sk1.t,1663708417.cds206.sk1.c
m.sancdn.net/jquery-plugins/modernizr-2.6.2-respond-1.1.0.min.js
69.16.175.42200 OK 20 kB URL HTTP/1.1 m.sancdn.net/jquery-plugins/modernizr-2.6.2-respond-1.1.0.min.js
IP 69.16.175.42:0
File type HTML document, ASCII text, with very long lines (14756)
Hash 70d492eca4141bdd1452977dd893dd63
9cd9504b3afdeca86a03251591e1afab36ae2c57
ce0f70d9e807bb959717d8350c21a107f5b6b7221a774b6d1ed057219468a260
GET /jquery-plugins/modernizr-2.6.2-respond-1.1.0.min.js HTTP/1.1
Host: m.sancdn.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://as.sexad.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Date: Tue, 20 Sep 2022 21:13:37 GMT
Connection: Keep-Alive
ETag: "1367368554"
Cache-Control: max-age=86400
Content-Length: 19484
Content-Type: application/javascript
Last-Modified: Wed, 01 May 2013 00:35:54 GMT
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
X-HW: 1663708417.dop229.sk1.t,1663708417.cds259.sk1.shn,1663708417.dop229.sk1.t,1663708417.cds026.sk1.c
m.sancdn.net/common/videojs/videojs.min-original-v2.css
69.16.175.42200 OK 12 kB URL HTTP/1.1 m.sancdn.net/common/videojs/videojs.min-original-v2.css
IP 69.16.175.42:0
File type ASCII text, with very long lines (11336)
Hash 4b6813504d31e3b11655aafacf165db4
96517f0033bd59f277cd2eefa7d088ae6ff82dad
063b4a568733054fea7f238a10b384170ce29c136d3194feed44d8c8b451f55d
GET /common/videojs/videojs.min-original-v2.css HTTP/1.1
Host: m.sancdn.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://as.sexad.net/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Date: Tue, 20 Sep 2022 21:13:37 GMT
Connection: Keep-Alive
ETag: "1385146323"
Cache-Control: max-age=77971
Content-Length: 11451
Content-Type: text/css
Last-Modified: Fri, 22 Nov 2013 18:52:03 GMT
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
X-HW: 1663708417.dop229.sk1.t,1663708417.cds259.sk1.shn,1663708417.dop229.sk1.t,1663708417.cds026.sk1.c
m.sancdn.net/common/videojs/videojs-411.js
69.16.175.42200 OK 71 kB URL HTTP/1.1 m.sancdn.net/common/videojs/videojs-411.js
IP 69.16.175.42:0
Hash e5a66876d058b6f464f502d215ffefe9
35efb97a9098643780964a857011fc90e5f0af4b
94ecee835037241735238fa6a48a65c112a4e1a5e9f866db927abea22c29f25c
GET /common/videojs/videojs-411.js HTTP/1.1
Host: m.sancdn.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://as.sexad.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Date: Tue, 20 Sep 2022 21:13:37 GMT
Connection: Keep-Alive
ETag: "1448403647"
Cache-Control: max-age=86400
Content-Length: 71023
Content-Type: application/javascript
Last-Modified: Tue, 24 Nov 2015 22:20:47 GMT
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
X-HW: 1663708417.dop216.sk1.shc,1663708417.dop216.sk1.t,1663708417.cds205.sk1.c
pt-static5.ptlwmstc.com/npe/ba/fklf/script/fk.lf-v319042.js
93.93.51.200200 OK 117 kB URL HTTP/2 pt-static5.ptlwmstc.com/npe/ba/fklf/script/fk.lf-v319042.js
IP 93.93.51.200:0
ASN #34655 DuoDecad IT Services Luxembourg S.a r.l.
Size 117 kB (116681 bytes)
Hash ea6e3690b626b249f880de9f1d978275
251da31f632ec05f6683448a2bbbb736ab8b90ec
3bbabe018d10c64454b5b5b8fb0a7b8e3fe45c097ae3a421ced6ab0e51c9a3fb
GET /npe/ba/fklf/script/fk.lf-v319042.js HTTP/1.1
Host: pt-static5.ptlwmstc.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://pt.wmptctl.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Tue, 20 Sep 2022 21:13:37 GMT
content-type: application/javascript
last-modified: Tue, 20 Sep 2022 09:34:52 GMT
vary: Accept-Encoding, Accept-Encoding
etag: W/"6329893c-4f951"
access-control-allow-origin: *
server: unknown
x-cdn-node: sesto
x-cache-status: R-HIT
content-encoding: gzip
X-Firefox-Spdy: h2
cbjpeg.stream.highwebmedia.com/stream?room=nico_rock&f=0.8832346897736096
131.153.88.91200 OK 32 kB URL HTTP/2 cbjpeg.stream.highwebmedia.com/stream?room=nico_rock&f=0.8832346897736096
IP 131.153.88.91:0
ASN #50389 Phoenix Nap, LLC.
Hash c10050e8234d254ce8e453b2b242638c
b9577577cbb6627cece8a01c3bf199392158db36
2bc09f5f4ef90ec56baf2e055a4d0729e86b4d34bb40a6685f175fce4b470afc
GET /stream?room=nico_rock&f=0.8832346897736096 HTTP/1.1
Host: cbjpeg.stream.highwebmedia.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://chaturbate.com/
Connection: keep-alive
Cookie: _cfuvid=Mz.3OIkblVbUOt3p8avfJgQVvR0nswAWvSQebRbBaIo-1663708416526-0-604800000
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Tue, 20 Sep 2022 21:13:37 GMT
content-type: image/jpeg
content-length: 32013
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: default-src 'none'; img-src data:; style-src 'unsafe-inline'
cache-tag: cbjpeg
x-frame-options: DENY
X-Firefox-Spdy: h2
as.sexad.net/px.gif?stno=3-937-fap247.com-0-5104-0-0-3001-5671-3&p=reseller&w=1&h=1&v=5104&noplaybtn=1&adHeight=175&adWidth=235&adType=live&autoplay=true&hn=fap247.com&AFNO=1-286&cam=0&adv=0&ctry=NO&lang=en&dev=Other
216.127.52.241200 431 B URL HTTP/1.1 as.sexad.net/px.gif?stno=3-937-fap247.com-0-5104-0-0-3001-5671-3&p=reseller&w=1&h=1&v=5104&noplaybtn=1&adHeight=175&adWidth=235&adType=live&autoplay=true&hn=fap247.com&AFNO=1-286&cam=0&adv=0&ctry=NO&lang=en&dev=Other
IP 216.127.52.241:0
Hash cfcdcca0c291dea1817f1b99d9093370
6b858603d26060ad779dfe8c048412813f6e03fd
b5a3927a2154b9ceb887056bcdd83473c1307db251338c563fb0c5f582480824
GET /px.gif?stno=3-937-fap247.com-0-5104-0-0-3001-5671-3&p=reseller&w=1&h=1&v=5104&noplaybtn=1&adHeight=175&adWidth=235&adType=live&autoplay=true&hn=fap247.com&AFNO=1-286&cam=0&adv=0&ctry=NO&lang=en&dev=Other HTTP/1.1
Host: as.sexad.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://as.sexad.net/as/if?p=reseller&w=1&h=1&v=5104&noplaybtn=1&adHeight=175&adWidth=235&adType=live&autoplay=true&hn=fap247.com&AFNO=1-286
Cookie: iid=1056-1663708416
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200
Server: nginx/1.18.0
Date: Tue, 20 Sep 2022 21:13:37 GMT
Content-Type: image/gif
Content-Length: 35
Connection: keep-alive
Cache-Control: no-cache, no-store, must-revalidate, private, max-age=0
Access-Control-Allow-Origin: *
Set-Cookie: ust=1663708417; expires=Fri, 17-Sep-2032 21:13:37 GMT; Max-Age=315360000; path=/; secure; SameSite=None
P3P: policyref="/w3c/p3p.xml", CP="This is not our comprehensive privacy policy (P3P). For complete information, please see http://streamate.com/privacy.html"
pt-static1.ptlwmstc.com/npe/image/smilies_ex.png
93.93.51.200200 OK 8.5 kB URL HTTP/2 pt-static1.ptlwmstc.com/npe/image/smilies_ex.png
IP 93.93.51.200:0
ASN #34655 DuoDecad IT Services Luxembourg S.a r.l.
File type PNG image data, 536 x 138, 8-bit colormap, non-interlaced\012- data
Hash 53fc00ebf44066190d5faea2a7931e7c
21178ac1ffb10f958d26d17a0fe49d5d31a00720
63526a6642f64fadb44cd33d634bb626f8e96af3f850215cfdd78a9c609fc85c
GET /npe/image/smilies_ex.png HTTP/1.1
Host: pt-static1.ptlwmstc.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://pt.wmptctl.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Tue, 20 Sep 2022 21:13:37 GMT
content-type: image/png
content-length: 8533
last-modified: Wed, 03 Aug 2022 06:46:21 GMT
etag: "62ea19bd-2155"
access-control-allow-origin: *
server: unknown
x-cdn-node: sesto
x-cache-status: R-HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
galleryn10.awemdia.com/ff268cab8d9fbae1ed7506f97496274f1c/c0fa345e069a0b374b669c6f7a64530e_glamour_896x504.jpg
93.93.51.190200 OK 88 kB URL HTTP/2 galleryn10.awemdia.com/ff268cab8d9fbae1ed7506f97496274f1c/c0fa345e069a0b374b669c6f7a64530e_glamour_896x504.jpg
IP 93.93.51.190:0
ASN #34655 DuoDecad IT Services Luxembourg S.a r.l.
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 72x72, segment length 16, progressive, precision 8, 896x504, components 3\012- data
Hash cf0bec9b827cdad2fc6079c21c405655
e94fd2095906a1cf29b200e92f9aea96ad6422c1
ecabb1a81635ef3823b7b71635bea360a9efeac610c19ee08007f114eb9c0c23
GET /ff268cab8d9fbae1ed7506f97496274f1c/c0fa345e069a0b374b669c6f7a64530e_glamour_896x504.jpg HTTP/1.1
Host: galleryn10.awemdia.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://pt.wmptctl.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Tue, 20 Sep 2022 21:13:37 GMT
content-type: image/jpeg
content-length: 87965
last-modified: Mon, 05 Sep 2022 19:52:30 GMT
etag: "cf0bec9b827cdad2fc6079c21c405655"
access-control-allow-origin: *
x-content-type-options: nosniff
x-cache-source: Origin
x-cache-status: R-HIT
expires: Tue, 04 Oct 2022 21:13:37 GMT
server: unknown
x-cdn-node: sesto
cache-control: max-age=1209600
x-real-source: -
accept-ranges: bytes
X-Firefox-Spdy: h2
m.sancdn.net/common/fontawesome-430/fontawesome-webfont.woff2?v=4.3.0
69.16.175.42200 OK 57 kB URL HTTP/1.1 m.sancdn.net/common/fontawesome-430/fontawesome-webfont.woff2?v=4.3.0
IP 69.16.175.42:0
File type Web Open Font Format (Version 2), TrueType, length 56780, version 4.197\012- data
Hash 97493d3f11c0a3bd5cbd959f5d19b699
1075231650f579955905bb2f6527148a8e2b4b16
aadc3580d2b64ff5a7e6f1425587db4e8b033efcbf8f5c332ca52a5ed580c87c
GET /common/fontawesome-430/fontawesome-webfont.woff2?v=4.3.0 HTTP/1.1
Host: m.sancdn.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://as.sexad.net
Connection: keep-alive
Referer: https://m.sancdn.net/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Date: Tue, 20 Sep 2022 21:13:37 GMT
Connection: Keep-Alive
ETag: "1422564509"
Cache-Control: max-age=86400
Content-Length: 56780
Content-Type: application/octet-stream
Last-Modified: Thu, 29 Jan 2015 20:48:29 GMT
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
X-HW: 1663708417.dop020.sk1.t,1663708417.cds231.sk1.shn,1663708417.dop020.sk1.t,1663708417.cds252.sk1.c
js-agent.newrelic.com/nr-spa-1216.min.js
151.101.86.137200 OK 18 kB URL HTTP/2 js-agent.newrelic.com/nr-spa-1216.min.js
IP 151.101.86.137:0
File type ASCII text, with very long lines (32010)
Hash 6561a2403142205f966207d61576f1a6
1310e72f494e12ab63a4280fc1600a2c89dc9bb8
0e496fcab0b9120938373e271fa6631b7da17adf33f8a490637467c170a3e37a
GET /nr-spa-1216.min.js HTTP/1.1
Host: js-agent.newrelic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://chaturbate.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: TAwVDFAylU9PwNPPW/eXC4UyIMC8EQ1d6JNW9Q+uXGnPmL1fuimq9M3lAe733gCMeKNDiCQX1YM=
x-amz-request-id: SYTECJR5CMD8NJ8E
last-modified: Thu, 14 Apr 2022 16:45:57 GMT
etag: "63e2df852d15ab21d7ff8fc4363222e8"
x-amz-version-id: UU.F5jvoumAjQChriwTQHbisCFw_OInU
content-type: application/javascript
server: AmazonS3
cache-control: public, max-age=7200, stale-if-error=604800
content-encoding: gzip
accept-ranges: bytes
date: Tue, 20 Sep 2022 21:13:38 GMT
via: 1.1 varnish
x-served-by: cache-bma1625-BMA
x-cache: HIT
x-cache-hits: 1296
x-timer: S1663708418.027734,VS0,VE0
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
content-length: 18216
X-Firefox-Spdy: h2
cbjpeg.stream.highwebmedia.com/stream?room=nico_rock&f=0.3460297570498355
131.153.88.91200 OK 32 kB URL HTTP/2 cbjpeg.stream.highwebmedia.com/stream?room=nico_rock&f=0.3460297570498355
IP 131.153.88.91:0
ASN #50389 Phoenix Nap, LLC.
File type JPEG image data, JFIF standard 1.02, aspect ratio, density 1280x1281, segment length 16, comment: "Lavc58.91.100", baseline, precision 8, 854x480, components 3\012- data
Hash aed6dd98d488d0af36b491756bb6ec86
7f8421f806471b17052992d82ba970a5a6be571d
7366bce586271abcba6996330101500f3bb0143543a40bdb0f26c1f7408ceee3
GET /stream?room=nico_rock&f=0.3460297570498355 HTTP/1.1
Host: cbjpeg.stream.highwebmedia.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://chaturbate.com/
Connection: keep-alive
Cookie: _cfuvid=Mz.3OIkblVbUOt3p8avfJgQVvR0nswAWvSQebRbBaIo-1663708416526-0-604800000
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 20 Sep 2022 21:13:38 GMT
content-type: image/jpeg
content-length: 31738
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: default-src 'none'; img-src data:; style-src 'unsafe-inline'
cache-tag: cbjpeg
x-frame-options: DENY
X-Firefox-Spdy: h2
pt.wmptctl.com/4xURB/Arf.gif?c=object_container&site=wl3&cobrandId=240622&psid=cybermike&pstool=202_1&psprogram=cbrnd&campaign_id=118122&vp%5BshowChat%5D=false&vp%5BchatAutoHide%5D=false&vp%5BshowCallToAction%5D=false&vp%5BshowPerformerName%5D=false&vp%5BshowPerformerStatus%5D=false&filters=&subAffId=%7BSUBAFFID%7D&categoryName=girl&embedTool=1&origin=camschat.net
93.93.51.191200 OK 43 B URL HTTP/2 pt.wmptctl.com/4xURB/Arf.gif?c=object_container&site=wl3&cobrandId=240622&psid=cybermike&pstool=202_1&psprogram=cbrnd&campaign_id=118122&vp%5BshowChat%5D=false&vp%5BchatAutoHide%5D=false&vp%5BshowCallToAction%5D=false&vp%5BshowPerformerName%5D=false&vp%5BshowPerformerStatus%5D=false&filters=&subAffId=%7BSUBAFFID%7D&categoryName=girl&embedTool=1&origin=camschat.net
IP 93.93.51.191:0
ASN #34655 DuoDecad IT Services Luxembourg S.a r.l.
File type GIF image data, version 89a, 1 x 1\012- data
Hash ad4b0f606e0f8465bc4c4c170b37e1a3
50b30fd5f87c85fe5cba2635cb83316ca71250d7
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
GET /4xURB/Arf.gif?c=object_container&site=wl3&cobrandId=240622&psid=cybermike&pstool=202_1&psprogram=cbrnd&campaign_id=118122&vp%5BshowChat%5D=false&vp%5BchatAutoHide%5D=false&vp%5BshowCallToAction%5D=false&vp%5BshowPerformerName%5D=false&vp%5BshowPerformerStatus%5D=false&filters=&subAffId=%7BSUBAFFID%7D&categoryName=girl&embedTool=1&origin=camschat.net HTTP/1.1
Host: pt.wmptctl.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://pt.wmptctl.com/live-feed/fk/?c=object_container&site=wl3&cobrandId=240622&psid=cybermike&pstool=202_1&psprogram=cbrnd&campaign_id=118122&forcedPerformers%5B0%5D=&vp%5BshowChat%5D=false&vp%5BchatAutoHide%5D=false&vp%5BshowCallToAction%5D=false&vp%5BshowPerformerName%5D=false&vp%5BshowPerformerStatus%5D=false&filters=&subAffId=%7BSUBAFFID%7D&categoryName=girl&embedTool=1&origin=camschat.net
Cookie: psui=c11170dca089cc3d7eb6d01a7f1a1068
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Tue, 20 Sep 2022 21:13:38 GMT
content-type: image/gif
content-length: 43
last-modified: Mon, 28 Sep 1970 06:00:00 GMT
server: unknown
set-cookie: psui=c11170dca089cc3d7eb6d01a7f1a1068; Path=/; Expires=Thu, 20-Oct-22 21:13:38 GMT; SameSite=None; Secure
expires: Tue, 20 Sep 2022 21:13:37 GMT
cache-control: no-cache
access-control-allow-origin: *
X-Firefox-Spdy: h2
ocsp.usertrust.com/
172.64.155.188200 OK 472 B IP 172.64.155.188:0
Hash b0ad1c0872ef579a1c6fc84c85af1f5a
3a8cb4292df8e36399db15ecd41628b64e53116b
9ea4b465d658cab2c88c2622d4fcc55e77900660ffb0a3c86d543d76f1ad74b9
POST / HTTP/1.1
Host: ocsp.usertrust.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Tue, 20 Sep 2022 21:13:38 GMT
Content-Type: application/ocsp-response
Content-Length: 472
Connection: keep-alive
Last-Modified: Mon, 19 Sep 2022 08:56:04 GMT
Expires: Mon, 26 Sep 2022 08:56:03 GMT
Etag: "3a8cb4292df8e36399db15ecd41628b64e53116b"
Cache-Control: max-age=602414,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb1
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: HIT
Age: 249
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 74dd90ed2fe5b529-OSL
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash b83a6b6b4befc3dde083b82c36d63a58
ee43af38bbdbf69c7f6697aa9edd70b0d1263b2b
177757fc5a4865f99a033f45e5e278d9c88ddc3344e7af940a6a7c0d934f368d
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5552
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Tue, 20 Sep 2022 21:13:38 GMT
Last-Modified: Tue, 20 Sep 2022 19:41:06 GMT
Server: ECS (ska/F6FE)
X-Cache: HIT
Content-Length: 471
ocsp.digicert.com/
93.184.220.29200 OK 278 B IP 93.184.220.29:0
Hash 5f7b9100747718b92779cfe128d604c6
4759689911b02f8b5ba3f569f238cd38b310ea97
690eb82375cce19e73353e6059d13b1ab20ea027914d140356c08842f05eb026
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 1903
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Tue, 20 Sep 2022 21:13:38 GMT
Last-Modified: Tue, 20 Sep 2022 20:41:55 GMT
Server: ECS (ska/F6FE)
X-Cache: HIT
Content-Length: 278
bcprm.com/promo.php?type=direct_link&v=2&c=401977&amute=1&page=popular_chat
185.75.254.28302 Found 192 B URL HTTP/2 bcprm.com/promo.php?type=direct_link&v=2&c=401977&amute=1&page=popular_chat
IP 185.75.254.28:0
ASN #48684 Viking Host B.V.
Hash 1ec2977299b91fb0c516e974ef03c36c
19b1e11a8ff52215b4f7a1c946de2285a3ca0821
b00c6706b46b3826e594e680f892cfb113be9196a8e89b10111474cae0d199eb
GET /promo.php?type=direct_link&v=2&c=401977&amute=1&page=popular_chat HTTP/1.1
Host: bcprm.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://poweredby.jads.co/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
server: nginx
date: Tue, 20 Sep 2022 21:13:38 GMT
content-type: text/html; charset=UTF-8
access-control-allow-origin:
location: https://bongacams.net/track?c=401977&ps=direct_link&amute=1&csurl=https://bongacams.net/popular-chat
expires: Tue, 20 Sep 2022 21:13:37 GMT
x-bcs: ded7383
strict-transport-security: max-age=0;
cache-control: no-cache, public
x-bc-bl: 105
X-Firefox-Spdy: h2
bam.nr-data.net/1/6f524845d1?a=24279235&v=1216.487a282&to=MwYEbUdYXxJQWhULDApMIExbWkUIXldOFgwRERUXQ1BUFkIDFQ0WFlA%3D&rst=2005&ck=1&ref=https://chaturbate.com/tours/3/&ap=138&be=815&fe=1857&dc=1478&af=err,xhr,stn,ins,spa&perf=%7B%22timing%22:%7B%22of%22:1663708416106,%22n%22:0,%22r%22:1,%22re%22:183,%22f%22:183,%22dn%22:183,%22dne%22:183,%22c%22:183,%22s%22:183,%22ce%22:183,%22rq%22:186,%22rp%22:487,%22rpe%22:491,%22dl%22:773,%22di%22:1242,%22ds%22:1477,%22de%22:1484,%22dc%22:1855,%22l%22:1855,%22le%22:1857%7D,%22navigation%22:%7B%22rc%22:1%7D%7D&at=H0ETGw9CExRCXBM9CgBBXAkZG0QSVEsPAw4BQVwbamZQD15XPj1BSEEVUFJXRBFuXQAWBkZZVhUXenc%2BY1gYQFlGVFJdUQABBABaAlBQBlZUChh2Yi0TFUMhJTshCU0XAwlUHRsiJDwmDBJ8TU1DABMDQwQCCBADFVNYXRJUG01AEQECCmZcSRNbEwBQTFpUTVILGwgEVRMVQwMNCw05X1lYVhITA0NAT0YBA0pBZlYUVEoSPQoUQVwbDAgfWAEXVVBNVVZSGxkbUwRCTT4FFgEQFWZSXF5DCxsvLUFIQQ9JalpeFF9NExtBXkEodhcVEwhBZgINFgoXFEBqWl4PV1AFBw0HBkQDFwAIQx0bCBI8CgYSTlpLWkMLGwMOChxNBVZYGx1DWEk%2BDREDAghQT1hFCF5XQ1hBJg8PQRVqXg1ETQgNDRdBShtcSW4IQklDWEEmDw9BFWpeDURNCA0NF0FKG1xJbgBCV0NYVlRQVg0ZG1gRblgSDDwLEQEbDxtzDVhBQTEMCBYSUFpXQkFwakNOQQ0TOVpaV18EUk0IDQ07Fx9JUBsLQ3JYAw4GSyc1dRcVEwhBZhQRBhY8EkBFXBNbE0sEEQoABghNXFhdQx0bEwcSEQYVTWpJUBVZG1tATBAME0tGFgJOExVDFQ87CwlKQRsLQ1JRABYWFgEHTVAXUg5cG01AEA0XA2ZcXRNbABVDEQoQBjldWlRQCF8bW0AADAISTEdbUBVUFwINDkZPREtQSEQEQk0%2BCgwXF0QDF1pZAEVMEwACEAZIWlpUE00TWxMNFBcGFGZcXRNbEwlYA1RTVFQNGFpQAAYUVQBTXE4EAVQIHFYJD1QDAldXA1xUDhNNE0sEBAYWBhQbDxtZFUVJElhMSwAHVEZaWQBFFw8HF0tBShtHXEAUVEoVPQ4BFw5WURsLQ3Z8NUBPRhMfTV1WXz5HXBMRCgsNRAMXCh9WExVDFwI7BwNPXFpUPldYDAsPHUFcG3pNWQRDG01AFgU8AlxDUFIEbk0YEgZGWURdUEpaFV5JQ05BEQI5VkZmVwBcUA0bQV5BKlBbTElDHRsUAzwLEDlPUEtCCF5XQ1hBRk9ETFRmUxNeThIHETsFB1RcVUhDCxsnCxEBBQlBFxUTFFBmAxAMExADS2pPVBNCUA4MQV5BXw8bCRNNE0wAPRAQEQ9XUhsLQ3xWGwsPCAJJDBsJEUlpCFBZQygKCExNGUlZB2ZXVlhEERADDA8fURgZJgcADwxJCwUIAVEACVBCJQ0RA19aQR5YBxdRQE9GBA9NalpeDFxQFUBZRlpfWFYIVQAGDgRSUkZPRElUS1AMQhtbQBg4QRJWQEttQwsZPUAbVTECZRcVET0TWgAPEwUKAVdpGwtBbRsVAywXITobGRltQ1JlQ1hDOEFXZRcVET0TST1AWUQ/RAlpGx1BbRsGBw0ABhRlFwMRPRNfPUBPRD9EXVxKUANdXD4RDBENAmUXAxE9Ewk9QB5GT0RcWVBWCFNVBD0QFA8PTWpNVBJFSkNYQUQnFVpDS3NQEX0SARUWIVQZcUpSF0N7UkInFwAQS3cNEUMdGwQOCgMKBFVQZkIRXVAVPRcBEBJKaldCQwsbQQYKFwAJT1BLSD5BWAYHQ0ZPRFhWTVgXVGYSEg8NFzlNUEpFEhMDQ0InFwAQS3cLEUMdGwABFw0VA2ZGSV0IRWYVBxAQEDlXRhsLQxFdCBEACxUDS0xmQQBWXEFAHhk%3D&jsonp=NREUM.setToken
162.247.241.14200 OK 77 B URL HTTP/1.1 bam.nr-data.net/1/6f524845d1?a=24279235&v=1216.487a282&to=MwYEbUdYXxJQWhULDApMIExbWkUIXldOFgwRERUXQ1BUFkIDFQ0WFlA%3D&rst=2005&ck=1&ref=https://chaturbate.com/tours/3/&ap=138&be=815&fe=1857&dc=1478&af=err,xhr,stn,ins,spa&perf=%7B%22timing%22:%7B%22of%22:1663708416106,%22n%22:0,%22r%22:1,%22re%22:183,%22f%22:183,%22dn%22:183,%22dne%22:183,%22c%22:183,%22s%22:183,%22ce%22:183,%22rq%22:186,%22rp%22:487,%22rpe%22:491,%22dl%22:773,%22di%22:1242,%22ds%22:1477,%22de%22:1484,%22dc%22:1855,%22l%22:1855,%22le%22:1857%7D,%22navigation%22:%7B%22rc%22:1%7D%7D&at=H0ETGw9CExRCXBM9CgBBXAkZG0QSVEsPAw4BQVwbamZQD15XPj1BSEEVUFJXRBFuXQAWBkZZVhUXenc%2BY1gYQFlGVFJdUQABBABaAlBQBlZUChh2Yi0TFUMhJTshCU0XAwlUHRsiJDwmDBJ8TU1DABMDQwQCCBADFVNYXRJUG01AEQECCmZcSRNbEwBQTFpUTVILGwgEVRMVQwMNCw05X1lYVhITA0NAT0YBA0pBZlYUVEoSPQoUQVwbDAgfWAEXVVBNVVZSGxkbUwRCTT4FFgEQFWZSXF5DCxsvLUFIQQ9JalpeFF9NExtBXkEodhcVEwhBZgINFgoXFEBqWl4PV1AFBw0HBkQDFwAIQx0bCBI8CgYSTlpLWkMLGwMOChxNBVZYGx1DWEk%2BDREDAghQT1hFCF5XQ1hBJg8PQRVqXg1ETQgNDRdBShtcSW4IQklDWEEmDw9BFWpeDURNCA0NF0FKG1xJbgBCV0NYVlRQVg0ZG1gRblgSDDwLEQEbDxtzDVhBQTEMCBYSUFpXQkFwakNOQQ0TOVpaV18EUk0IDQ07Fx9JUBsLQ3JYAw4GSyc1dRcVEwhBZhQRBhY8EkBFXBNbE0sEEQoABghNXFhdQx0bEwcSEQYVTWpJUBVZG1tATBAME0tGFgJOExVDFQ87CwlKQRsLQ1JRABYWFgEHTVAXUg5cG01AEA0XA2ZcXRNbABVDEQoQBjldWlRQCF8bW0AADAISTEdbUBVUFwINDkZPREtQSEQEQk0%2BCgwXF0QDF1pZAEVMEwACEAZIWlpUE00TWxMNFBcGFGZcXRNbEwlYA1RTVFQNGFpQAAYUVQBTXE4EAVQIHFYJD1QDAldXA1xUDhNNE0sEBAYWBhQbDxtZFUVJElhMSwAHVEZaWQBFFw8HF0tBShtHXEAUVEoVPQ4BFw5WURsLQ3Z8NUBPRhMfTV1WXz5HXBMRCgsNRAMXCh9WExVDFwI7BwNPXFpUPldYDAsPHUFcG3pNWQRDG01AFgU8AlxDUFIEbk0YEgZGWURdUEpaFV5JQ05BEQI5VkZmVwBcUA0bQV5BKlBbTElDHRsUAzwLEDlPUEtCCF5XQ1hBRk9ETFRmUxNeThIHETsFB1RcVUhDCxsnCxEBBQlBFxUTFFBmAxAMExADS2pPVBNCUA4MQV5BXw8bCRNNE0wAPRAQEQ9XUhsLQ3xWGwsPCAJJDBsJEUlpCFBZQygKCExNGUlZB2ZXVlhEERADDA8fURgZJgcADwxJCwUIAVEACVBCJQ0RA19aQR5YBxdRQE9GBA9NalpeDFxQFUBZRlpfWFYIVQAGDgRSUkZPRElUS1AMQhtbQBg4QRJWQEttQwsZPUAbVTECZRcVET0TWgAPEwUKAVdpGwtBbRsVAywXITobGRltQ1JlQ1hDOEFXZRcVET0TST1AWUQ/RAlpGx1BbRsGBw0ABhRlFwMRPRNfPUBPRD9EXVxKUANdXD4RDBENAmUXAxE9Ewk9QB5GT0RcWVBWCFNVBD0QFA8PTWpNVBJFSkNYQUQnFVpDS3NQEX0SARUWIVQZcUpSF0N7UkInFwAQS3cNEUMdGwQOCgMKBFVQZkIRXVAVPRcBEBJKaldCQwsbQQYKFwAJT1BLSD5BWAYHQ0ZPRFhWTVgXVGYSEg8NFzlNUEpFEhMDQ0InFwAQS3cLEUMdGwABFw0VA2ZGSV0IRWYVBxAQEDlXRhsLQxFdCBEACxUDS0xmQQBWXEFAHhk%3D&jsonp=NREUM.setToken
IP 162.247.241.14:0
File type ASCII text, with no line terminators
Hash f1442f5831dbbe0210da2d7a4180d6b8
2ade23c6c7a001c66f0c0a9a101ec152747b434e
c6acf9fb2ecc1b144c51bd0337bbf1c26db3df2f649ac2da5c56db20d93eb3ef
GET /1/6f524845d1?a=24279235&v=1216.487a282&to=MwYEbUdYXxJQWhULDApMIExbWkUIXldOFgwRERUXQ1BUFkIDFQ0WFlA%3D&rst=2005&ck=1&ref=https://chaturbate.com/tours/3/&ap=138&be=815&fe=1857&dc=1478&af=err,xhr,stn,ins,spa&perf=%7B%22timing%22:%7B%22of%22:1663708416106,%22n%22:0,%22r%22:1,%22re%22:183,%22f%22:183,%22dn%22:183,%22dne%22:183,%22c%22:183,%22s%22:183,%22ce%22:183,%22rq%22:186,%22rp%22:487,%22rpe%22:491,%22dl%22:773,%22di%22:1242,%22ds%22:1477,%22de%22:1484,%22dc%22:1855,%22l%22:1855,%22le%22:1857%7D,%22navigation%22:%7B%22rc%22:1%7D%7D&at=H0ETGw9CExRCXBM9CgBBXAkZG0QSVEsPAw4BQVwbamZQD15XPj1BSEEVUFJXRBFuXQAWBkZZVhUXenc%2BY1gYQFlGVFJdUQABBABaAlBQBlZUChh2Yi0TFUMhJTshCU0XAwlUHRsiJDwmDBJ8TU1DABMDQwQCCBADFVNYXRJUG01AEQECCmZcSRNbEwBQTFpUTVILGwgEVRMVQwMNCw05X1lYVhITA0NAT0YBA0pBZlYUVEoSPQoUQVwbDAgfWAEXVVBNVVZSGxkbUwRCTT4FFgEQFWZSXF5DCxsvLUFIQQ9JalpeFF9NExtBXkEodhcVEwhBZgINFgoXFEBqWl4PV1AFBw0HBkQDFwAIQx0bCBI8CgYSTlpLWkMLGwMOChxNBVZYGx1DWEk%2BDREDAghQT1hFCF5XQ1hBJg8PQRVqXg1ETQgNDRdBShtcSW4IQklDWEEmDw9BFWpeDURNCA0NF0FKG1xJbgBCV0NYVlRQVg0ZG1gRblgSDDwLEQEbDxtzDVhBQTEMCBYSUFpXQkFwakNOQQ0TOVpaV18EUk0IDQ07Fx9JUBsLQ3JYAw4GSyc1dRcVEwhBZhQRBhY8EkBFXBNbE0sEEQoABghNXFhdQx0bEwcSEQYVTWpJUBVZG1tATBAME0tGFgJOExVDFQ87CwlKQRsLQ1JRABYWFgEHTVAXUg5cG01AEA0XA2ZcXRNbABVDEQoQBjldWlRQCF8bW0AADAISTEdbUBVUFwINDkZPREtQSEQEQk0%2BCgwXF0QDF1pZAEVMEwACEAZIWlpUE00TWxMNFBcGFGZcXRNbEwlYA1RTVFQNGFpQAAYUVQBTXE4EAVQIHFYJD1QDAldXA1xUDhNNE0sEBAYWBhQbDxtZFUVJElhMSwAHVEZaWQBFFw8HF0tBShtHXEAUVEoVPQ4BFw5WURsLQ3Z8NUBPRhMfTV1WXz5HXBMRCgsNRAMXCh9WExVDFwI7BwNPXFpUPldYDAsPHUFcG3pNWQRDG01AFgU8AlxDUFIEbk0YEgZGWURdUEpaFV5JQ05BEQI5VkZmVwBcUA0bQV5BKlBbTElDHRsUAzwLEDlPUEtCCF5XQ1hBRk9ETFRmUxNeThIHETsFB1RcVUhDCxsnCxEBBQlBFxUTFFBmAxAMExADS2pPVBNCUA4MQV5BXw8bCRNNE0wAPRAQEQ9XUhsLQ3xWGwsPCAJJDBsJEUlpCFBZQygKCExNGUlZB2ZXVlhEERADDA8fURgZJgcADwxJCwUIAVEACVBCJQ0RA19aQR5YBxdRQE9GBA9NalpeDFxQFUBZRlpfWFYIVQAGDgRSUkZPRElUS1AMQhtbQBg4QRJWQEttQwsZPUAbVTECZRcVET0TWgAPEwUKAVdpGwtBbRsVAywXITobGRltQ1JlQ1hDOEFXZRcVET0TST1AWUQ/RAlpGx1BbRsGBw0ABhRlFwMRPRNfPUBPRD9EXVxKUANdXD4RDBENAmUXAxE9Ewk9QB5GT0RcWVBWCFNVBD0QFA8PTWpNVBJFSkNYQUQnFVpDS3NQEX0SARUWIVQZcUpSF0N7UkInFwAQS3cNEUMdGwQOCgMKBFVQZkIRXVAVPRcBEBJKaldCQwsbQQYKFwAJT1BLSD5BWAYHQ0ZPRFhWTVgXVGYSEg8NFzlNUEpFEhMDQ0InFwAQS3cLEUMdGwABFw0VA2ZGSV0IRWYVBxAQEDlXRhsLQxFdCBEACxUDS0xmQQBWXEFAHhk%3D&jsonp=NREUM.setToken HTTP/1.1
Host: bam.nr-data.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://chaturbate.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Date: Tue, 20 Sep 2022 21:13:38 GMT
Content-Type: text/javascript
Transfer-Encoding: chunked
Connection: keep-alive
CF-Ray: 74dd90ed7adcb500-OSL
Access-Control-Allow-Origin: *
Set-Cookie: JSESSIONID=7fc018846d36e0b5; Path=/; Domain=.nr-data.net; Secure; SameSite=None
CF-Cache-Status: DYNAMIC
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, PUT, HEAD, OPTIONS
Cross-Origin-Resource-Policy: cross-origin
Vary: Accept-Encoding
Server: cloudflare
Content-Encoding: gzip
m1.nsimg.net//media/1/2/6/12624040.jpg
207.178.0.89200 OK 12 kB URL HTTP/1.1 m1.nsimg.net//media/1/2/6/12624040.jpg
IP 207.178.0.89:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 90", baseline, precision 8, 320x240, components 3\012- data
Hash bc97b89145a6809fc51c8be11a2f9a8b
a087b08bc3caf22e107206fe6887d7614a835cda
6186bc372aeabfb653065e015dcb4d4e5d58ca010a48a3f812e5248998ba2e54
GET //media/1/2/6/12624040.jpg HTTP/1.1
Host: m1.nsimg.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://as.sexad.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Tue, 20 Sep 2022 21:13:38 GMT
Content-Type: image/jpeg
Content-Length: 12199
Connection: keep-alive
Last-Modified: Tue, 03 May 2022 15:42:55 GMT
ETag: "62714d7f-2fa7"
Expires: Wed, 20 Sep 2023 20:19:51 GMT
Cache-Control: max-age=31536000
X-Varnish: 178937128
Age: 0
Access-Control-Allow-Origin: *
Accept-Ranges: bytes
galleryn10.awemdia.com/ff268cab8d9fbae1ed7506f97496274f1c/c0bfaf149ab13176434dde7dff79dc91_glamour_896x504.jpg
93.93.51.190200 OK 66 kB URL HTTP/2 galleryn10.awemdia.com/ff268cab8d9fbae1ed7506f97496274f1c/c0bfaf149ab13176434dde7dff79dc91_glamour_896x504.jpg
IP 93.93.51.190:0
ASN #34655 DuoDecad IT Services Luxembourg S.a r.l.
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 72x72, segment length 16, progressive, precision 8, 896x504, components 3\012- data
Hash b18d08fdf05a8e3de67912dc21276fe9
1ee784a5d8dd1346a2bddd970251332d6434e3cd
2b1136b83d1b6418b23d260366c1d59f8bd69f61630fb6a9491e4c2a6207c0b3
GET /ff268cab8d9fbae1ed7506f97496274f1c/c0bfaf149ab13176434dde7dff79dc91_glamour_896x504.jpg HTTP/1.1
Host: galleryn10.awemdia.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://pt.wmptctl.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Tue, 20 Sep 2022 21:13:38 GMT
content-type: image/jpeg
content-length: 66006
last-modified: Tue, 20 Sep 2022 00:14:52 GMT
etag: "b18d08fdf05a8e3de67912dc21276fe9"
access-control-allow-origin: *
x-content-type-options: nosniff
x-cache-source: Origin
x-cache-status: R-HIT
expires: Tue, 04 Oct 2022 21:13:38 GMT
server: unknown
x-cdn-node: sesto
cache-control: max-age=1209600
x-real-source: -
accept-ranges: bytes
X-Firefox-Spdy: h2
ocsp.usertrust.com/
172.64.155.188200 OK 471 B IP 172.64.155.188:0
Hash 7d9ebdd2602fac867f1b15e49f2b60ad
3741404ff24909294983ce173fc117fe7a5e3aa7
f1d9dc592716ad88f27cf288027c5239ab4d3e67dccae31d9d9349950329a229
POST / HTTP/1.1
Host: ocsp.usertrust.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Tue, 20 Sep 2022 21:13:38 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Sat, 17 Sep 2022 15:56:31 GMT
Expires: Sat, 24 Sep 2022 15:56:30 GMT
Etag: "3741404ff24909294983ce173fc117fe7a5e3aa7"
Cache-Control: max-age=603061,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb5
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: HIT
Age: 562
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 74dd90eea959b529-OSL
galleryn10.awemdia.com/ff268cab8d9fbae1ed7506f97496274f10/0b06fec1ebf634b11aea306448b75725_glamour_896x504.jpg
93.93.51.190200 OK 53 kB URL HTTP/2 galleryn10.awemdia.com/ff268cab8d9fbae1ed7506f97496274f10/0b06fec1ebf634b11aea306448b75725_glamour_896x504.jpg
IP 93.93.51.190:0
ASN #34655 DuoDecad IT Services Luxembourg S.a r.l.
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, progressive, precision 8, 896x504, components 3\012- data
Hash ed85f8827110ed12b35857e124116738
5fd2822a88747f8cd570336103a6c41c75d66ff8
32975ad7fb3644f75abb559583622fe1473dc4f9e06998a2a97b5454340da209
GET /ff268cab8d9fbae1ed7506f97496274f10/0b06fec1ebf634b11aea306448b75725_glamour_896x504.jpg HTTP/1.1
Host: galleryn10.awemdia.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://pt.wmptctl.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Tue, 20 Sep 2022 21:13:38 GMT
content-type: image/jpeg
content-length: 53146
last-modified: Tue, 19 Jul 2022 20:50:11 GMT
etag: "ed85f8827110ed12b35857e124116738"
access-control-allow-origin: *
x-content-type-options: nosniff
x-cache-source: Origin
x-cache-status: R-HIT
expires: Tue, 04 Oct 2022 21:13:38 GMT
server: unknown
x-cdn-node: sesto
cache-control: max-age=1209600
x-real-source: -
accept-ranges: bytes
X-Firefox-Spdy: h2
galleryn10.awemdia.com/ff268cab8d9fbae1ed7506f97496274f1e/e16ac792e32b2cbda1f3844e0ea03e49_glamour_896x504.jpg
93.93.51.190200 OK 61 kB URL HTTP/2 galleryn10.awemdia.com/ff268cab8d9fbae1ed7506f97496274f1e/e16ac792e32b2cbda1f3844e0ea03e49_glamour_896x504.jpg
IP 93.93.51.190:0
ASN #34655 DuoDecad IT Services Luxembourg S.a r.l.
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 72x72, segment length 16, progressive, precision 8, 896x504, components 3\012- data
Hash 2e42040034d0766c9cfbba04bcd3eb5c
60fe31a9f9a3be3905d1914fc010a0cf314dd50d
47a970e726336c66ef26c869431deeb9363f0f36b98a500b04a7693b1aa780d4
GET /ff268cab8d9fbae1ed7506f97496274f1e/e16ac792e32b2cbda1f3844e0ea03e49_glamour_896x504.jpg HTTP/1.1
Host: galleryn10.awemdia.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://pt.wmptctl.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Tue, 20 Sep 2022 21:13:38 GMT
content-type: image/jpeg
content-length: 60963
last-modified: Thu, 10 Mar 2022 14:56:52 GMT
etag: "2e42040034d0766c9cfbba04bcd3eb5c"
access-control-allow-origin: *
x-content-type-options: nosniff
x-cache-source: Origin
x-cache-status: R-HIT
expires: Tue, 04 Oct 2022 21:13:38 GMT
server: unknown
x-cdn-node: sesto
cache-control: max-age=1209600
x-real-source: -
accept-ranges: bytes
X-Firefox-Spdy: h2
galleryn10.awemdia.com/ff268cab8d9fbae1ed7506f97496274f12/297e0cc90754a3b90afe612d142bb992_glamour_896x504.jpg
93.93.51.190200 OK 58 kB URL HTTP/2 galleryn10.awemdia.com/ff268cab8d9fbae1ed7506f97496274f12/297e0cc90754a3b90afe612d142bb992_glamour_896x504.jpg
IP 93.93.51.190:0
ASN #34655 DuoDecad IT Services Luxembourg S.a r.l.
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, progressive, precision 8, 896x504, components 3\012- data
Hash 1e43eb38a2121189a79197cffcf542f1
c07bdc752d4a8806d6178d1981baf7cd97f14e48
06d41ffbde0cfcf8d0d4dc14d7d72e3b62f2a4d625ad235fdf4c664703306407
GET /ff268cab8d9fbae1ed7506f97496274f12/297e0cc90754a3b90afe612d142bb992_glamour_896x504.jpg HTTP/1.1
Host: galleryn10.awemdia.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://pt.wmptctl.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Tue, 20 Sep 2022 21:13:38 GMT
content-type: image/jpeg
content-length: 57857
last-modified: Fri, 24 Jun 2022 23:14:11 GMT
etag: "1e43eb38a2121189a79197cffcf542f1"
access-control-allow-origin: *
x-content-type-options: nosniff
x-cache-source: Origin
x-cache-status: R-HIT
expires: Tue, 04 Oct 2022 21:13:38 GMT
server: unknown
x-cdn-node: sesto
cache-control: max-age=1209600
x-real-source: -
accept-ranges: bytes
X-Firefox-Spdy: h2
trkbng.com/hit.php?c=401977&ps=direct_link&amute=1&csurl=https://bongacams.net/popular-chat
31.192.112.221302 Found 32 kB URL HTTP/2 trkbng.com/hit.php?c=401977&ps=direct_link&amute=1&csurl=https://bongacams.net/popular-chat
IP 31.192.112.221:0
ASN #48684 Viking Host B.V.
File type JPEG image data, JFIF standard 1.02, aspect ratio, density 1280x1281, segment length 16, comment: "Lavc58.91.100", baseline, precision 8, 854x480, components 3\012- data
Hash 2a6ba23731be57803473740137dde066
8856cb47704f52b8e176a2c72192e395140170ea
4366e0a6182803d9a79f5c206a2f31d61c7f2a16a388cd7276e94ebf0ec7e452
GET /hit.php?c=401977&ps=direct_link&amute=1&csurl=https://bongacams.net/popular-chat HTTP/1.1
Host: trkbng.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://poweredby.jads.co/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
server: nginx
date: Tue, 20 Sep 2022 21:13:38 GMT
content-type: text/html; charset=UTF-8
access-control-allow-origin: *
set-cookie: BCH_H=4c48efe91a130d98228d393a44dca970%7C2022-09-21; expires=Wed, 07-Sep-2072 21:13:38 GMT; Max-Age=1576800000; path=/; domain=.promo-bc.com
BCH_H=4c48efe91a130d98228d393a44dca970%7C2022-09-21; expires=Wed, 07-Sep-2072 21:13:38 GMT; Max-Age=1576800000; path=/; domain=.bongacams.com
BCH_H=4c48efe91a130d98228d393a44dca970%7C2022-09-21; expires=Wed, 07-Sep-2072 21:13:38 GMT; Max-Age=1576800000; path=/; domain=.bongacams.net
BCH_H=4c48efe91a130d98228d393a44dca970%7C2022-09-21; expires=Wed, 07-Sep-2072 21:13:38 GMT; Max-Age=1576800000; path=/; domain=.bongocams.biz
BCH_H=4c48efe91a130d98228d393a44dca970%7C2022-09-21; expires=Wed, 07-Sep-2072 21:13:38 GMT; Max-Age=1576800000; path=/; domain=.bongacams.org
BCH_H=4c48efe91a130d98228d393a44dca970%7C2022-09-21; expires=Wed, 07-Sep-2072 21:13:38 GMT; Max-Age=1576800000; path=/; domain=.bongacams10.com
BCH_H=4c48efe91a130d98228d393a44dca970%7C2022-09-21; expires=Wed, 07-Sep-2072 21:13:38 GMT; Max-Age=1576800000; path=/; domain=.bcmspt.com
BCH_H=4c48efe91a130d98228d393a44dca970%7C2022-09-21; expires=Wed, 07-Sep-2072 21:13:38 GMT; Max-Age=1576800000; path=/; domain=.bngwlt.com
BCH_H=4c48efe91a130d98228d393a44dca970%7C2022-09-21; expires=Wed, 07-Sep-2072 21:13:38 GMT; Max-Age=1576800000; path=/; domain=.bngpt.com
BCH_H=4c48efe91a130d98228d393a44dca970%7C2022-09-21; expires=Wed, 07-Sep-2072 21:13:38 GMT; Max-Age=1576800000; path=/; domain=.bngpst.com
BCH_H=4c48efe91a130d98228d393a44dca970%7C2022-09-21; expires=Wed, 07-Sep-2072 21:13:38 GMT; Max-Age=1576800000; path=/; domain=.bngprl.com
BCH_H=4c48efe91a130d98228d393a44dca970%7C2022-09-21; expires=Wed, 07-Sep-2072 21:13:38 GMT; Max-Age=1576800000; path=/; domain=.bngpop.com
BCH_H=4c48efe91a130d98228d393a44dca970%7C2022-09-21; expires=Wed, 07-Sep-2072 21:13:38 GMT; Max-Age=1576800000; path=/; domain=.bngosv.com
BCH_H=4c48efe91a130d98228d393a44dca970%7C2022-09-21; expires=Wed, 07-Sep-2072 21:13:38 GMT; Max-Age=1576800000; path=/; domain=.bngvs.com
BCH_H=4c48efe91a130d98228d393a44dca970%7C2022-09-21; expires=Wed, 07-Sep-2072 21:13:38 GMT; Max-Age=1576800000; path=/; domain=.bngdyn.com
BCH_H=4c48efe91a130d98228d393a44dca970%7C2022-09-21; expires=Wed, 07-Sep-2072 21:13:38 GMT; Max-Age=1576800000; path=/; domain=.dynspt.com
BCH_H=4c48efe91a130d98228d393a44dca970%7C2022-09-21; expires=Wed, 07-Sep-2072 21:13:38 GMT; Max-Age=1576800000; path=/; domain=.ecdyn.com
BCH_H=4c48efe91a130d98228d393a44dca970%7C2022-09-21; expires=Wed, 07-Sep-2072 21:13:38 GMT; Max-Age=1576800000; path=/; domain=.trkbc.com
BCH_H=4c48efe91a130d98228d393a44dca970%7C2022-09-21; expires=Wed, 07-Sep-2072 21:13:38 GMT; Max-Age=1576800000; path=/; domain=.trkbng.com
BCH_H=4c48efe91a130d98228d393a44dca970%7C2022-09-21; expires=Wed, 07-Sep-2072 21:13:38 GMT; Max-Age=1576800000; path=/; domain=.bcprm.com
location: https://bongacams.net/popular-chat?bcs=b3JoaTRjNDhlZmU5MWExMzBkOTgyMjhkMzkzYTQ0ZGNhOTcwOjoxODk0MjA6Omh0dHBzOi8vcG93ZXJlZGJ5LmphZHMuY28vOjo6Ojo6NDAxOTc3OjowOjowOjowOjpkaXJlY3RfbGluazo6MDo6ZGVmYXVsdDo6MA~~&amute=1
expires: Tue, 20 Sep 2022 21:13:37 GMT
x-bcs: ded7015
strict-transport-security: max-age=0;
cache-control: no-cache, public
X-Firefox-Spdy: h2
bam.nr-data.net/1/6f524845d1?a=24279235&v=1216.487a282&to=MwYEbUdYXxJQWhULDApMIExbWkUIXldOAQsFF0hPXFxGEgtrDg0OMgoDThteVBU%3D&rst=2657&ck=1&ref=https://chaturbate.com/embed/nico_rock/&ap=152&be=817&fe=2341&dc=1684&af=err,xhr,stn,ins,spa&perf=%7B%22timing%22:%7B%22of%22:1663708415637,%22n%22:0,%22r%22:0,%22re%22:447,%22f%22:447,%22dn%22:447,%22dne%22:447,%22c%22:447,%22s%22:447,%22ce%22:447,%22rq%22:455,%22rp%22:769,%22rpe%22:786,%22dl%22:791,%22di%22:1599,%22ds%22:1684,%22de%22:1699,%22dc%22:2340,%22l%22:2340,%22le%22:2343%7D,%22navigation%22:%7B%22rc%22:2%7D%7D&fcp=2065&at=H0ETGw9CExRCXBM9CgBBXAkZG0QSVEsPAw4BQVwbamZQD15XPj1BSEEVUFJXRBFuXQAWBkZZVhUXenc%2BY1gYQFlGVFJdUQABBAEBAARWBlZUChh2Yi0TFUMhJTshCU0XAwlUHRsiJDwmDBJ8TU1DABMDQwQCCBADFVNYXRJUG01AEQECCmZcSRNbEwBQTFpUTVILGwgEVRMVQwMNCw05X1lYVhITA0NAT0YBA0pBZlYUVEoSPQoUQVwbDAgfWAEXVVBNVVZSGxkbUwRCTT4FFgEQFWZSXF5DCxsvLUFIQQ9JalpeFF9NExtBXkEodhcVEwhBZgINFgoXFEBqWl4PV1AFBw0HBkQDFwAIQx0bCBI8CgYSTlpLWkMLGwMOChxNBVZYGx1DWEk%2BDREDAghQT1hFCF5XQ1hBJg8PQRVqXg1ETQgNDRdBShtcSW4IQklDWEEmDw9BFWpeDURNCA0NF0FKG1xJbgBCV0NYVlRQVg0ZG1gRblgSDDwLEQEbDxtzDVhBQTEMCBYSUFpXQkFwakNOQQ0TOVpaV18EUk0IDQ07Fx9JUBsLQ3JYAw4GSyc1dRcVEwhBZhQRBhY8EkBFXBNbE0sEEQoABghNXFhdQx0bEwcSEQYVTWpJUBVZG1tATAEOBFxRFl8IUlY%2BEAwHCEkbGRtGDW5RDhEXRllEWl1YRRRDWwAWBkoACVQXFRMSWE0EPQoAQVwIGRtCCEVcPgYMCQIPVxcDEwJZWBUXEQYCElwbWl4MExVDEAYVFgNKQWZZDkJNQ1hBBwsHTUBLUwBFXE8BDAlBShtXS14WQlwTPQoAQVwbVggBA1dbA1ZOVQJXWhgNUlAFFAMHUAdOUQpWWwkDB1wEUVFSQUobR1xXBENcE0BZRgsSTUVKC04eWE8PBgAFCVZRSlAHVE0YTAALDkkbGRtDBEBMBBEXOw4DTV1WVUMLGyYnN0ZPRElMTVkOX2YXBxEXCglXFwMTUh8OQ05BEQI5XVBPWAJUZgcDDg0PHxsPG34VWVwTQE9GFgdmUVxHCFJcPhYaFAZEAxddVBJaTQ4SQUhBE1hqVkI%2BV1gMCw8dQVwbeVBfFEkbTUAWBTwJSmpPVBNCUA4MQV5BRBUXTFA%2BU0sOFRABETlfVFRYDUgbW0AlDREDX1pBE00TTAA9ARYMEUpQS24XVEsSCwwKQVwbDA8fURMVQxcCOxASS1xXVkMLGywNGQ0PClgaDB9RERE5U1JfQypQW0xJQUkBVz1VUFhGS0MDCFcfCUhCJAEADVYaCwFQAQlQUlJEJQ9LUF9eGR4AV0xTRk9EXlxNbgJeVAwLF0ZZRAAMWFJQVVhWVQZUUkQVF0lQE1BUEkBZRhg6G19WWA9uVhcHEQgCH2UXAxE9Ewg9QE9EP0RNWkxDPRMDQT5BADcLCWkbHUFtGwIDDhQCD15bZRNbEWVDFgIrECRlFxURPRNdCBECBg8DZkZWRA9VZUNYQzhBV2UXFRE9E1QOAAoIBjRcUVBDBFJNPUBZRD9EWEBNXj0TFUE%2BQQEOBFxRZkcIVVwOPQwKDx9lFwMRPRMIPUBPRD9ETVRLVgRFZUNYQzhBOVtZWF8KbRscQE9GBgpQUlBTDVRmEhIPDRc5TVBKRRITA0NCJxcAEEt3CBElQloXECFWQyJKVk9DIwIZJREAEhEkDRV0Qy1abQkxERBXRnRHdVo1WWoTFlZELhR1Xm1ZMkNNV0JBSEEDVVxeWANdXD4REwgKEmZBXEIVQmYPEUFeQUZdXEpSDkdcExs8FAIBXBVUXhNUZg0LCAE8FVZHTVQFERtNQAIHFw9PUGZCEV1QFT0XARASShcDE0F1SgIUESZXRnRHdVo1WWoTFlVEQUobVFpFCEdcPhETCAoSZkFcQhVCZg8RQV5BRl1cSlIOR1wTGzwUAgFcFVReE1RmDQsIATwVVkdNVAURG01AAAUOOU1UXhNbE0kUAA8NAEQVF1peDV5LPg8MAAZEAxdVWAZZTQwNBwFBShtHVl4MbkoVAxcREEQDF1VYF1QbHB8%3D&jsonp=NREUM.setToken
162.247.241.14200 OK 77 B URL HTTP/1.1 bam.nr-data.net/1/6f524845d1?a=24279235&v=1216.487a282&to=MwYEbUdYXxJQWhULDApMIExbWkUIXldOAQsFF0hPXFxGEgtrDg0OMgoDThteVBU%3D&rst=2657&ck=1&ref=https://chaturbate.com/embed/nico_rock/&ap=152&be=817&fe=2341&dc=1684&af=err,xhr,stn,ins,spa&perf=%7B%22timing%22:%7B%22of%22:1663708415637,%22n%22:0,%22r%22:0,%22re%22:447,%22f%22:447,%22dn%22:447,%22dne%22:447,%22c%22:447,%22s%22:447,%22ce%22:447,%22rq%22:455,%22rp%22:769,%22rpe%22:786,%22dl%22:791,%22di%22:1599,%22ds%22:1684,%22de%22:1699,%22dc%22:2340,%22l%22:2340,%22le%22:2343%7D,%22navigation%22:%7B%22rc%22:2%7D%7D&fcp=2065&at=H0ETGw9CExRCXBM9CgBBXAkZG0QSVEsPAw4BQVwbamZQD15XPj1BSEEVUFJXRBFuXQAWBkZZVhUXenc%2BY1gYQFlGVFJdUQABBAEBAARWBlZUChh2Yi0TFUMhJTshCU0XAwlUHRsiJDwmDBJ8TU1DABMDQwQCCBADFVNYXRJUG01AEQECCmZcSRNbEwBQTFpUTVILGwgEVRMVQwMNCw05X1lYVhITA0NAT0YBA0pBZlYUVEoSPQoUQVwbDAgfWAEXVVBNVVZSGxkbUwRCTT4FFgEQFWZSXF5DCxsvLUFIQQ9JalpeFF9NExtBXkEodhcVEwhBZgINFgoXFEBqWl4PV1AFBw0HBkQDFwAIQx0bCBI8CgYSTlpLWkMLGwMOChxNBVZYGx1DWEk%2BDREDAghQT1hFCF5XQ1hBJg8PQRVqXg1ETQgNDRdBShtcSW4IQklDWEEmDw9BFWpeDURNCA0NF0FKG1xJbgBCV0NYVlRQVg0ZG1gRblgSDDwLEQEbDxtzDVhBQTEMCBYSUFpXQkFwakNOQQ0TOVpaV18EUk0IDQ07Fx9JUBsLQ3JYAw4GSyc1dRcVEwhBZhQRBhY8EkBFXBNbE0sEEQoABghNXFhdQx0bEwcSEQYVTWpJUBVZG1tATAEOBFxRFl8IUlY%2BEAwHCEkbGRtGDW5RDhEXRllEWl1YRRRDWwAWBkoACVQXFRMSWE0EPQoAQVwIGRtCCEVcPgYMCQIPVxcDEwJZWBUXEQYCElwbWl4MExVDEAYVFgNKQWZZDkJNQ1hBBwsHTUBLUwBFXE8BDAlBShtXS14WQlwTPQoAQVwbVggBA1dbA1ZOVQJXWhgNUlAFFAMHUAdOUQpWWwkDB1wEUVFSQUobR1xXBENcE0BZRgsSTUVKC04eWE8PBgAFCVZRSlAHVE0YTAALDkkbGRtDBEBMBBEXOw4DTV1WVUMLGyYnN0ZPRElMTVkOX2YXBxEXCglXFwMTUh8OQ05BEQI5XVBPWAJUZgcDDg0PHxsPG34VWVwTQE9GFgdmUVxHCFJcPhYaFAZEAxddVBJaTQ4SQUhBE1hqVkI%2BV1gMCw8dQVwbeVBfFEkbTUAWBTwJSmpPVBNCUA4MQV5BRBUXTFA%2BU0sOFRABETlfVFRYDUgbW0AlDREDX1pBE00TTAA9ARYMEUpQS24XVEsSCwwKQVwbDA8fURMVQxcCOxASS1xXVkMLGywNGQ0PClgaDB9RERE5U1JfQypQW0xJQUkBVz1VUFhGS0MDCFcfCUhCJAEADVYaCwFQAQlQUlJEJQ9LUF9eGR4AV0xTRk9EXlxNbgJeVAwLF0ZZRAAMWFJQVVhWVQZUUkQVF0lQE1BUEkBZRhg6G19WWA9uVhcHEQgCH2UXAxE9Ewg9QE9EP0RNWkxDPRMDQT5BADcLCWkbHUFtGwIDDhQCD15bZRNbEWVDFgIrECRlFxURPRNdCBECBg8DZkZWRA9VZUNYQzhBV2UXFRE9E1QOAAoIBjRcUVBDBFJNPUBZRD9EWEBNXj0TFUE%2BQQEOBFxRZkcIVVwOPQwKDx9lFwMRPRMIPUBPRD9ETVRLVgRFZUNYQzhBOVtZWF8KbRscQE9GBgpQUlBTDVRmEhIPDRc5TVBKRRITA0NCJxcAEEt3CBElQloXECFWQyJKVk9DIwIZJREAEhEkDRV0Qy1abQkxERBXRnRHdVo1WWoTFlZELhR1Xm1ZMkNNV0JBSEEDVVxeWANdXD4REwgKEmZBXEIVQmYPEUFeQUZdXEpSDkdcExs8FAIBXBVUXhNUZg0LCAE8FVZHTVQFERtNQAIHFw9PUGZCEV1QFT0XARASShcDE0F1SgIUESZXRnRHdVo1WWoTFlVEQUobVFpFCEdcPhETCAoSZkFcQhVCZg8RQV5BRl1cSlIOR1wTGzwUAgFcFVReE1RmDQsIATwVVkdNVAURG01AAAUOOU1UXhNbE0kUAA8NAEQVF1peDV5LPg8MAAZEAxdVWAZZTQwNBwFBShtHVl4MbkoVAxcREEQDF1VYF1QbHB8%3D&jsonp=NREUM.setToken
IP 162.247.241.14:0
File type ASCII text, with no line terminators
Hash f1442f5831dbbe0210da2d7a4180d6b8
2ade23c6c7a001c66f0c0a9a101ec152747b434e
c6acf9fb2ecc1b144c51bd0337bbf1c26db3df2f649ac2da5c56db20d93eb3ef
GET /1/6f524845d1?a=24279235&v=1216.487a282&to=MwYEbUdYXxJQWhULDApMIExbWkUIXldOAQsFF0hPXFxGEgtrDg0OMgoDThteVBU%3D&rst=2657&ck=1&ref=https://chaturbate.com/embed/nico_rock/&ap=152&be=817&fe=2341&dc=1684&af=err,xhr,stn,ins,spa&perf=%7B%22timing%22:%7B%22of%22:1663708415637,%22n%22:0,%22r%22:0,%22re%22:447,%22f%22:447,%22dn%22:447,%22dne%22:447,%22c%22:447,%22s%22:447,%22ce%22:447,%22rq%22:455,%22rp%22:769,%22rpe%22:786,%22dl%22:791,%22di%22:1599,%22ds%22:1684,%22de%22:1699,%22dc%22:2340,%22l%22:2340,%22le%22:2343%7D,%22navigation%22:%7B%22rc%22:2%7D%7D&fcp=2065&at=H0ETGw9CExRCXBM9CgBBXAkZG0QSVEsPAw4BQVwbamZQD15XPj1BSEEVUFJXRBFuXQAWBkZZVhUXenc%2BY1gYQFlGVFJdUQABBAEBAARWBlZUChh2Yi0TFUMhJTshCU0XAwlUHRsiJDwmDBJ8TU1DABMDQwQCCBADFVNYXRJUG01AEQECCmZcSRNbEwBQTFpUTVILGwgEVRMVQwMNCw05X1lYVhITA0NAT0YBA0pBZlYUVEoSPQoUQVwbDAgfWAEXVVBNVVZSGxkbUwRCTT4FFgEQFWZSXF5DCxsvLUFIQQ9JalpeFF9NExtBXkEodhcVEwhBZgINFgoXFEBqWl4PV1AFBw0HBkQDFwAIQx0bCBI8CgYSTlpLWkMLGwMOChxNBVZYGx1DWEk%2BDREDAghQT1hFCF5XQ1hBJg8PQRVqXg1ETQgNDRdBShtcSW4IQklDWEEmDw9BFWpeDURNCA0NF0FKG1xJbgBCV0NYVlRQVg0ZG1gRblgSDDwLEQEbDxtzDVhBQTEMCBYSUFpXQkFwakNOQQ0TOVpaV18EUk0IDQ07Fx9JUBsLQ3JYAw4GSyc1dRcVEwhBZhQRBhY8EkBFXBNbE0sEEQoABghNXFhdQx0bEwcSEQYVTWpJUBVZG1tATAEOBFxRFl8IUlY%2BEAwHCEkbGRtGDW5RDhEXRllEWl1YRRRDWwAWBkoACVQXFRMSWE0EPQoAQVwIGRtCCEVcPgYMCQIPVxcDEwJZWBUXEQYCElwbWl4MExVDEAYVFgNKQWZZDkJNQ1hBBwsHTUBLUwBFXE8BDAlBShtXS14WQlwTPQoAQVwbVggBA1dbA1ZOVQJXWhgNUlAFFAMHUAdOUQpWWwkDB1wEUVFSQUobR1xXBENcE0BZRgsSTUVKC04eWE8PBgAFCVZRSlAHVE0YTAALDkkbGRtDBEBMBBEXOw4DTV1WVUMLGyYnN0ZPRElMTVkOX2YXBxEXCglXFwMTUh8OQ05BEQI5XVBPWAJUZgcDDg0PHxsPG34VWVwTQE9GFgdmUVxHCFJcPhYaFAZEAxddVBJaTQ4SQUhBE1hqVkI%2BV1gMCw8dQVwbeVBfFEkbTUAWBTwJSmpPVBNCUA4MQV5BRBUXTFA%2BU0sOFRABETlfVFRYDUgbW0AlDREDX1pBE00TTAA9ARYMEUpQS24XVEsSCwwKQVwbDA8fURMVQxcCOxASS1xXVkMLGywNGQ0PClgaDB9RERE5U1JfQypQW0xJQUkBVz1VUFhGS0MDCFcfCUhCJAEADVYaCwFQAQlQUlJEJQ9LUF9eGR4AV0xTRk9EXlxNbgJeVAwLF0ZZRAAMWFJQVVhWVQZUUkQVF0lQE1BUEkBZRhg6G19WWA9uVhcHEQgCH2UXAxE9Ewg9QE9EP0RNWkxDPRMDQT5BADcLCWkbHUFtGwIDDhQCD15bZRNbEWVDFgIrECRlFxURPRNdCBECBg8DZkZWRA9VZUNYQzhBV2UXFRE9E1QOAAoIBjRcUVBDBFJNPUBZRD9EWEBNXj0TFUE%2BQQEOBFxRZkcIVVwOPQwKDx9lFwMRPRMIPUBPRD9ETVRLVgRFZUNYQzhBOVtZWF8KbRscQE9GBgpQUlBTDVRmEhIPDRc5TVBKRRITA0NCJxcAEEt3CBElQloXECFWQyJKVk9DIwIZJREAEhEkDRV0Qy1abQkxERBXRnRHdVo1WWoTFlZELhR1Xm1ZMkNNV0JBSEEDVVxeWANdXD4REwgKEmZBXEIVQmYPEUFeQUZdXEpSDkdcExs8FAIBXBVUXhNUZg0LCAE8FVZHTVQFERtNQAIHFw9PUGZCEV1QFT0XARASShcDE0F1SgIUESZXRnRHdVo1WWoTFlVEQUobVFpFCEdcPhETCAoSZkFcQhVCZg8RQV5BRl1cSlIOR1wTGzwUAgFcFVReE1RmDQsIATwVVkdNVAURG01AAAUOOU1UXhNbE0kUAA8NAEQVF1peDV5LPg8MAAZEAxdVWAZZTQwNBwFBShtHVl4MbkoVAxcREEQDF1VYF1QbHB8%3D&jsonp=NREUM.setToken HTTP/1.1
Host: bam.nr-data.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://chaturbate.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Date: Tue, 20 Sep 2022 21:13:38 GMT
Content-Type: text/javascript
Transfer-Encoding: chunked
Connection: keep-alive
CF-Ray: 74dd90ee888b0b69-OSL
Access-Control-Allow-Origin: *
Set-Cookie: JSESSIONID=c8c0e7bda8f54187; Path=/; Domain=.nr-data.net; Secure; SameSite=None
CF-Cache-Status: DYNAMIC
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, PUT, HEAD, OPTIONS
Cross-Origin-Resource-Policy: cross-origin
Vary: Accept-Encoding
Server: cloudflare
Content-Encoding: gzip
cbjpeg.stream.highwebmedia.com/stream?room=nico_rock&f=0.5945126737540193
131.153.88.91200 OK 32 kB URL HTTP/2 cbjpeg.stream.highwebmedia.com/stream?room=nico_rock&f=0.5945126737540193
IP 131.153.88.91:0
ASN #50389 Phoenix Nap, LLC.
File type JPEG image data, JFIF standard 1.02, aspect ratio, density 1280x1281, segment length 16, comment: "Lavc58.91.100", baseline, precision 8, 854x480, components 3\012- data
Hash 43271b991484cc605042fd0740229eae
1e3cecd18acb35bcbf9ac39839b092d6344886ec
1d57059cc3ec61e5380111c4fb16e8968b7119cbbe01abc509abcac331b0be08
GET /stream?room=nico_rock&f=0.5945126737540193 HTTP/1.1
Host: cbjpeg.stream.highwebmedia.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://chaturbate.com/
Connection: keep-alive
Cookie: _cfuvid=Mz.3OIkblVbUOt3p8avfJgQVvR0nswAWvSQebRbBaIo-1663708416526-0-604800000
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 20 Sep 2022 21:13:38 GMT
content-type: image/jpeg
content-length: 31905
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: default-src 'none'; img-src data:; style-src 'unsafe-inline'
cache-tag: cbjpeg
x-frame-options: DENY
X-Firefox-Spdy: h2
realtime.pa.highwebmedia.com/keys/KSKw2g.L36ISg/requestToken?rnd=4431376567584705
54.230.111.8204 No Content 0 B URL HTTP/2 realtime.pa.highwebmedia.com/keys/KSKw2g.L36ISg/requestToken?rnd=4431376567584705
IP 54.230.111.8:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
OPTIONS /keys/KSKw2g.L36ISg/requestToken?rnd=4431376567584705 HTTP/1.1
Host: realtime.pa.highwebmedia.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: ably-agent,content-type,x-ably-version
Referer: https://chaturbate.com/
Origin: https://chaturbate.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 204 No Content
access-control-allow-credentials: true
access-control-allow-headers: Origin,X-Requested-With,Content-Type,Content-Length,Accept,Authorization,X-Ably-Version,X-Ably-Lib,X-Ably-ClientId,Ably-Agent
access-control-allow-methods: GET,PUT,POST,DELETE,OPTIONS
access-control-allow-origin: https://chaturbate.com
access-control-max-age: 3600
date: Tue, 20 Sep 2022 21:13:38 GMT
x-cache: Miss from cloudfront
via: 1.1 db0992ba349fc51d5151ec8330e36c28.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: 5cU5XmTvNmi0Q-5kG_mIgd1lOnDGTurRJE8GYKGQufmVJPP-PKxiBw==
X-Firefox-Spdy: h2
realtime.pa.highwebmedia.com/keys/KSKw2g.L36ISg/requestToken?rnd=4431376567584705
54.230.111.8201 Created 1.0 kB URL HTTP/2 realtime.pa.highwebmedia.com/keys/KSKw2g.L36ISg/requestToken?rnd=4431376567584705
IP 54.230.111.8:0
File type JSON data\012- , ASCII text, with very long lines (804)
Hash 3aae3e3853b7629a94d0697252e98102
5c151ea9ce733907222fe3ed5d3336162b8c7f9d
c73fae1080b4e333f79cdeed984c094cbcf5aff0836cf608ded13d9241975200
POST /keys/KSKw2g.L36ISg/requestToken?rnd=4431376567584705 HTTP/1.1
Host: realtime.pa.highwebmedia.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://chaturbate.com/
content-type: application/json
X-Ably-Version: 1.2
Ably-Agent: ably-js/1.2.13 browser
Content-Length: 1039
Origin: https://chaturbate.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 201 Created
content-type: application/json
content-length: 1036
access-control-allow-credentials: true
access-control-allow-origin: https://chaturbate.com
access-control-expose-headers: Link,Transfer-Encoding,Content-Length,X-Ably-ErrorCode,X-Ably-ErrorMessage,X-Ably-ServerId,Server
date: Tue, 20 Sep 2022 21:13:38 GMT
vary: Origin
x-ably-serverid: frontend.5e69.4.eu-central-1-A.i-0878ea88f960d3bfa.e91chKAQwBG3Ik
x-robots-tag: noindex
x-cache: Miss from cloudfront
via: 1.1 db0992ba349fc51d5151ec8330e36c28.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: Z8MhHT6wUU8c9r1n9fepOBoPiigTMwplX7npuYp3P3VizNUngs6rUw==
X-Firefox-Spdy: h2
pt-static3.ptlwmstc.com/npe/ba/elf/css/elf-v319042.css
93.93.51.200200 OK 2.8 kB URL HTTP/2 pt-static3.ptlwmstc.com/npe/ba/elf/css/elf-v319042.css
IP 93.93.51.200:0
ASN #34655 DuoDecad IT Services Luxembourg S.a r.l.
Hash 9c552a2ede55cf1ac3a7403ccdd64752
9c9c40367c43151f05001e3c143458252c453165
f35f0b03c87569f875babe2c994c6d6b78ee97c600041fe46c9e4db55a9f867e
GET /npe/ba/elf/css/elf-v319042.css HTTP/1.1
Host: pt-static3.ptlwmstc.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://pt.wmptctl.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Tue, 20 Sep 2022 21:13:38 GMT
content-type: text/css
last-modified: Tue, 20 Sep 2022 09:34:52 GMT
vary: Accept-Encoding, Accept-Encoding
etag: W/"6329893c-2e86"
access-control-allow-origin: *
server: unknown
x-cdn-node: sesto
x-cache-status: R-HIT
content-encoding: gzip
X-Firefox-Spdy: h2
static-assets.highwebmedia.com/CACHE/js/output.1486cd5aa4f0.js
104.16.93.42200 OK 41 kB URL HTTP/2 static-assets.highwebmedia.com/CACHE/js/output.1486cd5aa4f0.js
IP 104.16.93.42:0
File type HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (32769)
Hash 07e26b853a04a2020611ed058eaba6ff
ef6469d6b6cc2566e40e1580f311cbbcc555d112
b57b9f1c2251531a7c817beb4d8bb4abc9d1bb44ba6f03a61444f98f92f992ea
GET /CACHE/js/output.1486cd5aa4f0.js HTTP/1.1
Host: static-assets.highwebmedia.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://chaturbate.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Tue, 20 Sep 2022 21:13:36 GMT
content-type: application/javascript
cache-control: public, max-age=2592000
cf-bgj: minify
cf-polished: origSize=117895
etag: W/"eb2259ff6dbd950ae158f73065752aa1"
last-modified: Thu, 21 Oct 2021 18:11:54 GMT
x-amz-id-2: k6NhlyRh+XXZM7+pSOMylQwAMSlxLRy7teDHalfRWz7mnIIf6Ig6amIFaKAolUjBHmL3PkEkULk=
x-amz-meta-s3cmd-attrs: md5:eb2259ff6dbd950ae158f73065752aa1
x-amz-request-id: FHZ86T60E9WK32PB
cf-cache-status: HIT
age: 1381207
expires: Thu, 20 Oct 2022 21:13:36 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=PUmvqEiJwdqfxVr4%2FainIh95wmyNmPubCgPgQkW%2BEbzEa39n6FyF4340o0cs5BRzRYOTMDodBuQ7gb6b8Ax5mCKD2cXCqk1QSVCKLNuNaxcpQb2dGf7JCUIerq1Y7B8WclTZH%2FtZ6m0RDv75lHFk7w%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
set-cookie: _cfuvid=1uDINWP4b6ZxKnu4XwITcMv1R9oP4_8TviX8TZLg81M-1663708416521-0-604800000; path=/; domain=.highwebmedia.com; HttpOnly; Secure; SameSite=None
server: cloudflare
cf-ray: 74dd90e33ad9b503-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
cbjpeg.stream.highwebmedia.com/stream?room=nico_rock&f=0.6397952574884872
131.153.88.91200 OK 32 kB URL HTTP/2 cbjpeg.stream.highwebmedia.com/stream?room=nico_rock&f=0.6397952574884872
IP 131.153.88.91:0
ASN #50389 Phoenix Nap, LLC.
File type JPEG image data, JFIF standard 1.02, aspect ratio, density 1280x1281, segment length 16, comment: "Lavc58.91.100", baseline, precision 8, 854x480, components 3\012- data
Hash c18add4d8f03501f3e6176d22afba5cb
81039c937aa68dde7d71d6964af97d358588c486
5e1b0f5a41ee47a3b4fa716eb896831f30c6d8798b3e3b7bc0ae85c7984002a9
GET /stream?room=nico_rock&f=0.6397952574884872 HTTP/1.1
Host: cbjpeg.stream.highwebmedia.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://chaturbate.com/
Connection: keep-alive
Cookie: _cfuvid=Mz.3OIkblVbUOt3p8avfJgQVvR0nswAWvSQebRbBaIo-1663708416526-0-604800000
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 20 Sep 2022 21:13:39 GMT
content-type: image/jpeg
content-length: 31596
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: default-src 'none'; img-src data:; style-src 'unsafe-inline'
cache-tag: cbjpeg
x-frame-options: DENY
X-Firefox-Spdy: h2
realtime.pa.highwebmedia.com/comet/connect?access_token=KSKw2g.AL36ISg4yvC9oodGzN6z5keGbTJes6Q1EkJtOr3yvdxhKFie5E&stream=false&heartbeats=true&v=1.2&agent=ably-js%2F1.2.13%20browser&remainPresentFor=0&rnd=3034311805143899
54.230.111.8200 OK 1.2 kB URL HTTP/2 realtime.pa.highwebmedia.com/comet/connect?access_token=KSKw2g.AL36ISg4yvC9oodGzN6z5keGbTJes6Q1EkJtOr3yvdxhKFie5E&stream=false&heartbeats=true&v=1.2&agent=ably-js%2F1.2.13%20browser&remainPresentFor=0&rnd=3034311805143899
IP 54.230.111.8:0
Hash 2b30996c8a47c9b54ae151b8bfc04e4f
b66359e7984626005faa94601d3c3ba78dcace3f
afad785c86a76893ef55cb77f12094a20f8e766d010b34e3f4c7b058c2a9b50b
GET /comet/connect?access_token=KSKw2g.AL36ISg4yvC9oodGzN6z5keGbTJes6Q1EkJtOr3yvdxhKFie5E&stream=false&heartbeats=true&v=1.2&agent=ably-js%2F1.2.13%20browser&remainPresentFor=0&rnd=3034311805143899 HTTP/1.1
Host: realtime.pa.highwebmedia.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://chaturbate.com/
Origin: https://chaturbate.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: application/json
content-length: 572
access-control-allow-credentials: true
access-control-allow-origin: https://chaturbate.com
access-control-expose-headers: Link,Transfer-Encoding,Content-Length,X-Ably-ErrorCode,X-Ably-ErrorMessage,X-Ably-ServerId,Server
date: Tue, 20 Sep 2022 21:13:39 GMT
vary: Origin
x-ably-serverid: frontend.aad5.5.eu-central-1-A.i-0a6a3f495fe1d0fc7.e91WwAJTABG3mZ
x-robots-tag: noindex
x-cache: Miss from cloudfront
via: 1.1 db0992ba349fc51d5151ec8330e36c28.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: 0avH6gYSYznzjWIazL1VWwQDOXbADNvd7Px0mrq6Og7MG70ffzznlQ==
X-Firefox-Spdy: h2
chatw-40.stream.highwebmedia.com/ws/533/2y32cg33/websocket
104.19.241.83101 Switching Protocols 827 B URL HTTP/1.1 chatw-40.stream.highwebmedia.com/ws/533/2y32cg33/websocket
IP 104.19.241.83:0
Hash aeb11774df1f4dd39b846d64ee216060
5d09cfab18bfb182fbdcae8c0ad29d1c3631be23
2dee463e55274f47baa7fb9d6ed8c49599750d3372ce92593007e61e8e6004c0
GET /ws/533/2y32cg33/websocket HTTP/1.1
Host: chatw-40.stream.highwebmedia.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: https://chaturbate.com
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: bU2YQOaC5S1t4i2WsRzNyw==
Connection: keep-alive, Upgrade
Cookie: _cfuvid=Mz.3OIkblVbUOt3p8avfJgQVvR0nswAWvSQebRbBaIo-1663708416526-0-604800000
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Date: Tue, 20 Sep 2022 21:13:39 GMT
Connection: upgrade
Upgrade: websocket
Sec-WebSocket-Accept: DNUcmNbVj0N2QZfnGIgbdE7j4XI=
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=gWJRzAmyYxAz0a40rqkzcFA%2FCSUw2ge%2BXswN5rLw3kWCipJrUWoZwoVJ7RNvMN17pqIxgaaCVDEULA7pSQdw7cNRMyA5v0shEoz2WpF64skiDrOqwWRyZYCB%2F6kXpTTHJvl2QTfJicNxzys2xAWo0q%2BG"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 74dd90f16e64b50c-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 5a0b8dc32abba28ba92e56965ce96a10
4ab67f3af56401e0d970d857d8b81f65f15c3e07
96e192d6cd80116f11d69e524e11f4398d346783774dd3e74ef49bcadca4e09e
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "96E192D6CD80116F11D69E524E11F4398D346783774DD3E74EF49BCADCA4E09E"
Last-Modified: Mon, 19 Sep 2022 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10863
Expires: Wed, 21 Sep 2022 00:14:42 GMT
Date: Tue, 20 Sep 2022 21:13:39 GMT
Connection: keep-alive
cbjpeg.stream.highwebmedia.com/stream?room=nico_rock&f=0.3079346079673211
131.153.88.91200 OK 32 kB URL HTTP/2 cbjpeg.stream.highwebmedia.com/stream?room=nico_rock&f=0.3079346079673211
IP 131.153.88.91:0
ASN #50389 Phoenix Nap, LLC.
File type JPEG image data, JFIF standard 1.02, aspect ratio, density 1280x1281, segment length 16, comment: "Lavc58.91.100", baseline, precision 8, 854x480, components 3\012- data
Hash 228720baf84852f867db92ab15851a81
8dab56d3b58ce52e2ab588fce43ccbeb46fa30fb
6a69b6e3693a6d0e0dd98155ab66e6d1b9e99f217a9599e77b1c814a8567fe52
GET /stream?room=nico_rock&f=0.3079346079673211 HTTP/1.1
Host: cbjpeg.stream.highwebmedia.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://chaturbate.com/
Connection: keep-alive
Cookie: _cfuvid=Mz.3OIkblVbUOt3p8avfJgQVvR0nswAWvSQebRbBaIo-1663708416526-0-604800000
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 20 Sep 2022 21:13:39 GMT
content-type: image/jpeg
content-length: 31605
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: default-src 'none'; img-src data:; style-src 'unsafe-inline'
cache-tag: cbjpeg
x-frame-options: DENY
X-Firefox-Spdy: h2
pt.wmptctl.com/09jjh/QsJ.gif?c=object_container&%3Bsite=wl3&%3BcobrandId=240622&%3Bpsid=cybermike&%3Bpstool=302_1&%3Bpsprogram=cbrnd&%3Bcampaign_id=118122&%3BforcedPerformers%5B0%5D=&%3Bvp%5BshowChat%5D=false&%3Bvp%5BchatAutoHide%5D=false&%3Bvp%5BshowCallToAction%5D=false&%3Bvp%5BshowPerformerName%5D=false&%3Bvp%5BshowPerformerStatus%5D=false&%3Bfilters=&%3BsubAffId=%7BSUBAFFID%7D&%3BcategoryName=girl&%3BembedTool=1&%3Borigin=camschat.net&%3Brrc=3
93.93.51.191200 OK 43 B URL HTTP/2 pt.wmptctl.com/09jjh/QsJ.gif?c=object_container&%3Bsite=wl3&%3BcobrandId=240622&%3Bpsid=cybermike&%3Bpstool=302_1&%3Bpsprogram=cbrnd&%3Bcampaign_id=118122&%3BforcedPerformers%5B0%5D=&%3Bvp%5BshowChat%5D=false&%3Bvp%5BchatAutoHide%5D=false&%3Bvp%5BshowCallToAction%5D=false&%3Bvp%5BshowPerformerName%5D=false&%3Bvp%5BshowPerformerStatus%5D=false&%3Bfilters=&%3BsubAffId=%7BSUBAFFID%7D&%3BcategoryName=girl&%3BembedTool=1&%3Borigin=camschat.net&%3Brrc=3
IP 93.93.51.191:0
ASN #34655 DuoDecad IT Services Luxembourg S.a r.l.
File type GIF image data, version 89a, 1 x 1\012- data
Hash ad4b0f606e0f8465bc4c4c170b37e1a3
50b30fd5f87c85fe5cba2635cb83316ca71250d7
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
GET /09jjh/QsJ.gif?c=object_container&%3Bsite=wl3&%3BcobrandId=240622&%3Bpsid=cybermike&%3Bpstool=302_1&%3Bpsprogram=cbrnd&%3Bcampaign_id=118122&%3BforcedPerformers%5B0%5D=&%3Bvp%5BshowChat%5D=false&%3Bvp%5BchatAutoHide%5D=false&%3Bvp%5BshowCallToAction%5D=false&%3Bvp%5BshowPerformerName%5D=false&%3Bvp%5BshowPerformerStatus%5D=false&%3Bfilters=&%3BsubAffId=%7BSUBAFFID%7D&%3BcategoryName=girl&%3BembedTool=1&%3Borigin=camschat.net&%3Brrc=3 HTTP/1.1
Host: pt.wmptctl.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://pt.wmptctl.com/live-feed?c=object_container&site=wl3&cobrandId=240622&psid=cybermike&pstool=302_1&psprogram=cbrnd&campaign_id=118122&forcedPerformers%5B0%5D=&vp%5BshowChat%5D=false&vp%5BchatAutoHide%5D=false&vp%5BshowCallToAction%5D=false&vp%5BshowPerformerName%5D=false&vp%5BshowPerformerStatus%5D=false&filters=&subAffId=%7BSUBAFFID%7D&categoryName=girl&embedTool=1&origin=camschat.net&rrc=3
Cookie: psui=c11170dca089cc3d7eb6d01a7f1a1068
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Tue, 20 Sep 2022 21:13:39 GMT
content-type: image/gif
content-length: 43
last-modified: Mon, 28 Sep 1970 06:00:00 GMT
server: unknown
set-cookie: psui=c11170dca089cc3d7eb6d01a7f1a1068; Path=/; Expires=Thu, 20-Oct-22 21:13:39 GMT; SameSite=None; Secure
expires: Tue, 20 Sep 2022 21:13:38 GMT
cache-control: no-cache
access-control-allow-origin: *
X-Firefox-Spdy: h2
realtime.pa.highwebmedia.com/comet/e91WwAJTABG3mZ!D2PuxGq9wq4B97Xq-21073e91WwAJTABG3mZ/send?access_token=KSKw2g.AL36ISg4yvC9oodGzN6z5keGbTJes6Q1EkJtOr3yvdxhKFie5E&rnd=16324274557625407
54.230.111.8204 No Content 0 B URL HTTP/2 realtime.pa.highwebmedia.com/comet/e91WwAJTABG3mZ!D2PuxGq9wq4B97Xq-21073e91WwAJTABG3mZ/send?access_token=KSKw2g.AL36ISg4yvC9oodGzN6z5keGbTJes6Q1EkJtOr3yvdxhKFie5E&rnd=16324274557625407
IP 54.230.111.8:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
OPTIONS /comet/e91WwAJTABG3mZ!D2PuxGq9wq4B97Xq-21073e91WwAJTABG3mZ/send?access_token=KSKw2g.AL36ISg4yvC9oodGzN6z5keGbTJes6Q1EkJtOr3yvdxhKFie5E&rnd=16324274557625407 HTTP/1.1
Host: realtime.pa.highwebmedia.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: https://chaturbate.com/
Origin: https://chaturbate.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 204 No Content
access-control-allow-credentials: true
access-control-allow-headers: Origin,X-Requested-With,Content-Type,Content-Length,Accept,Authorization,X-Ably-Version,X-Ably-Lib,X-Ably-ClientId,Ably-Agent
access-control-allow-methods: GET,PUT,POST,DELETE,OPTIONS
access-control-allow-origin: https://chaturbate.com
access-control-max-age: 3600
date: Tue, 20 Sep 2022 21:13:39 GMT
x-cache: Miss from cloudfront
via: 1.1 db0992ba349fc51d5151ec8330e36c28.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: oczWwMwRlSKxYOMAd2TZcQE9mio7TxZ7cBP6d9PItn-f-emTLXuPdQ==
X-Firefox-Spdy: h2
realtime.pa.highwebmedia.com/comet/e91WwAJTABG3mZ!D2PuxGq9wq4B97Xq-21073e91WwAJTABG3mZ/recv?access_token=KSKw2g.AL36ISg4yvC9oodGzN6z5keGbTJes6Q1EkJtOr3yvdxhKFie5E&rnd=7383844680999996
54.230.111.8200 OK 148 B URL HTTP/2 realtime.pa.highwebmedia.com/comet/e91WwAJTABG3mZ!D2PuxGq9wq4B97Xq-21073e91WwAJTABG3mZ/recv?access_token=KSKw2g.AL36ISg4yvC9oodGzN6z5keGbTJes6Q1EkJtOr3yvdxhKFie5E&rnd=7383844680999996
IP 54.230.111.8:0
File type JSON data\012- , ASCII text
Hash d4d2b30e5956dbcff6045b519e299ab0
734f9cc139d109e52147d3d27616098b8db026a0
697c8825cf146e52bc19b23cf686e78132ff52dadb4873790f97c390c1a49836
GET /comet/e91WwAJTABG3mZ!D2PuxGq9wq4B97Xq-21073e91WwAJTABG3mZ/recv?access_token=KSKw2g.AL36ISg4yvC9oodGzN6z5keGbTJes6Q1EkJtOr3yvdxhKFie5E&rnd=7383844680999996 HTTP/1.1
Host: realtime.pa.highwebmedia.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://chaturbate.com/
Origin: https://chaturbate.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: application/json
content-length: 148
access-control-allow-credentials: true
access-control-allow-origin: https://chaturbate.com
access-control-expose-headers: Link,Transfer-Encoding,Content-Length,X-Ably-ErrorCode,X-Ably-ErrorMessage,X-Ably-ServerId,Server
date: Tue, 20 Sep 2022 21:13:39 GMT
vary: Origin
x-ably-serverid: frontend.aad5.5.eu-central-1-A.i-0a6a3f495fe1d0fc7.e91WwAJTABG3mZ
x-robots-tag: noindex
x-cache: Miss from cloudfront
via: 1.1 db0992ba349fc51d5151ec8330e36c28.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: UZ_2I6HXjAggIQp0eJCFhfsfnQq_RKQHWcMCtlzb2fWbVrq5fC84Rg==
X-Firefox-Spdy: h2
realtime.pa.highwebmedia.com/comet/e91WwAJTABG3mZ!D2PuxGq9wq4B97Xq-21073e91WwAJTABG3mZ/send?access_token=KSKw2g.AL36ISg4yvC9oodGzN6z5keGbTJes6Q1EkJtOr3yvdxhKFie5E&rnd=16324274557625407
54.230.111.8201 Created 2 B URL HTTP/2 realtime.pa.highwebmedia.com/comet/e91WwAJTABG3mZ!D2PuxGq9wq4B97Xq-21073e91WwAJTABG3mZ/send?access_token=KSKw2g.AL36ISg4yvC9oodGzN6z5keGbTJes6Q1EkJtOr3yvdxhKFie5E&rnd=16324274557625407
IP 54.230.111.8:0
File type JSON data\012- , ASCII text, with no line terminators
Hash d751713988987e9331980363e24189ce
97d170e1550eee4afc0af065b78cda302a97674c
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
POST /comet/e91WwAJTABG3mZ!D2PuxGq9wq4B97Xq-21073e91WwAJTABG3mZ/send?access_token=KSKw2g.AL36ISg4yvC9oodGzN6z5keGbTJes6Q1EkJtOr3yvdxhKFie5E&rnd=16324274557625407 HTTP/1.1
Host: realtime.pa.highwebmedia.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://chaturbate.com/
content-type: application/json
Content-Length: 77
Origin: https://chaturbate.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 201 Created
content-type: application/json
content-length: 2
access-control-allow-credentials: true
access-control-allow-origin: https://chaturbate.com
access-control-expose-headers: Link,Transfer-Encoding,Content-Length,X-Ably-ErrorCode,X-Ably-ErrorMessage,X-Ably-ServerId,Server
date: Tue, 20 Sep 2022 21:13:39 GMT
vary: Origin
x-ably-serverid: frontend.aad5.5.eu-central-1-A.i-0a6a3f495fe1d0fc7.e91WwAJTABG3mZ
x-robots-tag: noindex
x-cache: Miss from cloudfront
via: 1.1 db0992ba349fc51d5151ec8330e36c28.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: mGlj8egSFnb4k2EFnZ1KAAAaBz1i7_zuBmaUNQOjeHZV8WXpAA992Q==
X-Firefox-Spdy: h2
realtime.pa.highwebmedia.com/?access_token=KSKw2g.AL36ISg4yvC9oodGzN6z5keGbTJes6Q1EkJtOr3yvdxhKFie5E&upgrade=e91WwAJTABG3mZ!D2PuxGq9wq4B97Xq-21073e91WwAJTABG3mZ&format=json&heartbeats=true&v=1.2&agent=ably-js%2F1.2.13%20browser&remainPresentFor=0
54.230.111.129101 Switching Protocols 0 B URL HTTP/1.1 realtime.pa.highwebmedia.com/?access_token=KSKw2g.AL36ISg4yvC9oodGzN6z5keGbTJes6Q1EkJtOr3yvdxhKFie5E&upgrade=e91WwAJTABG3mZ!D2PuxGq9wq4B97Xq-21073e91WwAJTABG3mZ&format=json&heartbeats=true&v=1.2&agent=ably-js%2F1.2.13%20browser&remainPresentFor=0
IP 54.230.111.129:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /?access_token=KSKw2g.AL36ISg4yvC9oodGzN6z5keGbTJes6Q1EkJtOr3yvdxhKFie5E&upgrade=e91WwAJTABG3mZ!D2PuxGq9wq4B97Xq-21073e91WwAJTABG3mZ&format=json&heartbeats=true&v=1.2&agent=ably-js%2F1.2.13%20browser&remainPresentFor=0 HTTP/1.1
Host: realtime.pa.highwebmedia.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: https://chaturbate.com
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: FzBuPkOS8iHX4/hRgknhsA==
Connection: keep-alive, Upgrade
Cookie: _cfuvid=Mz.3OIkblVbUOt3p8avfJgQVvR0nswAWvSQebRbBaIo-1663708416526-0-604800000
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Date: Tue, 20 Sep 2022 21:13:39 GMT
Connection: upgrade
Sec-Websocket-Accept: EsN336r8bXlz7oC+q3HhDCRKd68=
Upgrade: websocket
X-Cache: Miss from cloudfront
Via: 1.1 227a1815a1677b9cf6dd587e443000b8.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: DexA4VDO0ZZIvl8KnzSvCZssSSZ1UPfdxUduXtTkuU1xLkSPgLSnoQ==
api-protected.protoawegw.com/v2/player/performer/get?noRedirect=1&mitigable=1&includeTestAccounts=0&product=livejasmin&presets=&certified=0&streamType=rtmp&category=girl&performerIds[]=LaraRouss
93.93.51.225200 OK 31 kB URL HTTP/2 api-protected.protoawegw.com/v2/player/performer/get?noRedirect=1&mitigable=1&includeTestAccounts=0&product=livejasmin&presets=&certified=0&streamType=rtmp&category=girl&performerIds[]=LaraRouss
IP 93.93.51.225:0
ASN #34655 DuoDecad IT Services Luxembourg S.a r.l.
Hash 9e5df84e3e66f030f9cdfb3d46d10aad
f036da69f764589f9440acb84920727512a32f84
ed430536f0875baa81edf5380e29e96335b85b791590a25a8667a558172cfd9e
GET /v2/player/performer/get?noRedirect=1&mitigable=1&includeTestAccounts=0&product=livejasmin&presets=&certified=0&streamType=rtmp&category=girl&performerIds[]=LaraRouss HTTP/1.1
Host: api-protected.protoawegw.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://pt.wmptctl.com/
Origin: https://pt.wmptctl.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Tue, 20 Sep 2022 21:13:39 GMT
content-type: application/json
vary: Accept-Encoding
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: X-Requested-With, Content-Type
access-control-allow-methods: OPTIONS, GET, POST, PUT, DELETE, PATCH
server: unknown
content-encoding: gzip
X-Firefox-Spdy: h2
realtime.pa.highwebmedia.com/comet/e91WwAJTABG3mZ!D2PuxGq9wq4B97Xq-21073e91WwAJTABG3mZ/send?access_token=KSKw2g.AL36ISg4yvC9oodGzN6z5keGbTJes6Q1EkJtOr3yvdxhKFie5E&rnd=8513299120544532
54.230.111.8204 No Content 0 B URL HTTP/2 realtime.pa.highwebmedia.com/comet/e91WwAJTABG3mZ!D2PuxGq9wq4B97Xq-21073e91WwAJTABG3mZ/send?access_token=KSKw2g.AL36ISg4yvC9oodGzN6z5keGbTJes6Q1EkJtOr3yvdxhKFie5E&rnd=8513299120544532
IP 54.230.111.8:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
OPTIONS /comet/e91WwAJTABG3mZ!D2PuxGq9wq4B97Xq-21073e91WwAJTABG3mZ/send?access_token=KSKw2g.AL36ISg4yvC9oodGzN6z5keGbTJes6Q1EkJtOr3yvdxhKFie5E&rnd=8513299120544532 HTTP/1.1
Host: realtime.pa.highwebmedia.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: https://chaturbate.com/
Origin: https://chaturbate.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 204 No Content
access-control-allow-credentials: true
access-control-allow-headers: Origin,X-Requested-With,Content-Type,Content-Length,Accept,Authorization,X-Ably-Version,X-Ably-Lib,X-Ably-ClientId,Ably-Agent
access-control-allow-methods: GET,PUT,POST,DELETE,OPTIONS
access-control-allow-origin: https://chaturbate.com
access-control-max-age: 3600
date: Tue, 20 Sep 2022 21:13:39 GMT
x-cache: Miss from cloudfront
via: 1.1 db0992ba349fc51d5151ec8330e36c28.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: Px9F3wymbEPPNfFTZXf76uZKO7BmOQHkLpnsYtq0MVNmcr5_ldF4Rg==
X-Firefox-Spdy: h2
bongacams.net/popular-chat?bcs=b3JoaTRjNDhlZmU5MWExMzBkOTgyMjhkMzkzYTQ0ZGNhOTcwOjoxODk0MjA6Omh0dHBzOi8vcG93ZXJlZGJ5LmphZHMuY28vOjo6Ojo6NDAxOTc3OjowOjowOjowOjpkaXJlY3RfbGluazo6MDo6ZGVmYXVsdDo6MA~~&amute=1
195.85.23.80302 Found 136 kB URL HTTP/2 bongacams.net/popular-chat?bcs=b3JoaTRjNDhlZmU5MWExMzBkOTgyMjhkMzkzYTQ0ZGNhOTcwOjoxODk0MjA6Omh0dHBzOi8vcG93ZXJlZGJ5LmphZHMuY28vOjo6Ojo6NDAxOTc3OjowOjowOjowOjpkaXJlY3RfbGluazo6MDo6ZGVmYXVsdDo6MA~~&amute=1
IP 195.85.23.80:0
ASN #209242 Cloudflare London, LLC
Size 136 kB (135622 bytes)
Hash 1b41ad53fd48b1bced50655e084fc7ad
0a4278d4446298548bab18f1097854782ddca1d4
e778a749c6c6d5189591777dc172c4229777985214b6387bbba9c8b3d7828c15
GET /popular-chat?bcs=b3JoaTRjNDhlZmU5MWExMzBkOTgyMjhkMzkzYTQ0ZGNhOTcwOjoxODk0MjA6Omh0dHBzOi8vcG93ZXJlZGJ5LmphZHMuY28vOjo6Ojo6NDAxOTc3OjowOjowOjowOjpkaXJlY3RfbGluazo6MDo6ZGVmYXVsdDo6MA~~&amute=1 HTTP/1.1
Host: bongacams.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://poweredby.jads.co/
Connection: keep-alive
Cookie: __cf_bm=Od5WUtSmEin15tjeNsQGI_EwfShrPc5UpEkH7LLdL8M-1663708418-0-AUVw9M7pnR2YYiOqmWfRrkWF5JA75JfGb+H+3gsDllH3Up95EjksN/mwaE46acE4uaLLzAiMbcMmBjSYMp9sAGU=
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 302 Found
date: Tue, 20 Sep 2022 21:13:38 GMT
content-type: text/html; charset=utf-8
location: https://no.bongacams.net/popular-chat?bcs=b3JoaTRjNDhlZmU5MWExMzBkOTgyMjhkMzkzYTQ0ZGNhOTcwOjoxODk0MjA6Omh0dHBzOi8vcG93ZXJlZGJ5LmphZHMuY28vOjo6Ojo6NDAxOTc3OjowOjowOjowOjpkaXJlY3RfbGluazo6MDo6ZGVmYXVsdDo6MA~~&amute=1
cache-control: no-cache, no-store, must-revalidate
set-cookie: bonga20120608=aec88a6fc6dc6f55d1c685d785560beb; path=/; domain=.bongacams.net; secure; HttpOnly; SameSite=None
ts_type=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/; domain=.bongacams.net
ts_type2=1; expires=Wed, 20-Sep-2023 21:13:38 GMT; Max-Age=31536000; path=/; domain=.bongacams.net
fv=BQR0BQN3ZmL2ZD==; expires=Wed, 20-Sep-2023 21:13:38 GMT; Max-Age=31536000; path=/; domain=.bongacams.net
uh=oQMloaSuIyMAK3uTA08jK21JrK5ZEN==; expires=Wed, 20-Sep-2023 21:13:38 GMT; Max-Age=31536000; path=/; domain=.bongacams.net
ratr=189420%3A%3A401977%3A%3A2022-09-21%2000%3A13%3A38%3A%3Ahttps%3A%2F%2Fpoweredby.jads.co%2F%3A%3A%3A%3A; expires=Wed, 07-Sep-2072 21:13:38 GMT; Max-Age=1576800000; path=/; domain=.bongacams.net; HttpOnly
cf-cache-status: DYNAMIC
server: cloudflare
cf-ray: 74dd90eefe921c0a-OSL
X-Firefox-Spdy: h2
pt-static3.ptlwmstc.com/npe/ba/elf/script/elf-v319042.js
93.93.51.200200 OK 193 kB URL HTTP/2 pt-static3.ptlwmstc.com/npe/ba/elf/script/elf-v319042.js
IP 93.93.51.200:0
ASN #34655 DuoDecad IT Services Luxembourg S.a r.l.
Size 193 kB (192866 bytes)
Hash 1fbc1b1efd12cb44e013b071f3efd90d
f2f417799e20c353eeb8c4ec9e99a6078b84af13
50f9c55b64a0a94b842f4c54ee7526f5c6912bf15c59029b6be894ad1489533e
GET /npe/ba/elf/script/elf-v319042.js HTTP/1.1
Host: pt-static3.ptlwmstc.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://pt.wmptctl.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Tue, 20 Sep 2022 21:13:38 GMT
content-type: application/javascript
last-modified: Tue, 20 Sep 2022 09:34:52 GMT
vary: Accept-Encoding, Accept-Encoding
etag: W/"6329893c-8d554"
access-control-allow-origin: *
server: unknown
x-cdn-node: sesto
x-cache-status: R-HIT
content-encoding: gzip
X-Firefox-Spdy: h2
realtime.pa.highwebmedia.com/comet/e91WwAJTABG3mZ!D2PuxGq9wq4B97Xq-21073e91WwAJTABG3mZ/recv?access_token=KSKw2g.AL36ISg4yvC9oodGzN6z5keGbTJes6Q1EkJtOr3yvdxhKFie5E&rnd=732930197381374
54.230.111.8200 OK 1.5 kB URL HTTP/2 realtime.pa.highwebmedia.com/comet/e91WwAJTABG3mZ!D2PuxGq9wq4B97Xq-21073e91WwAJTABG3mZ/recv?access_token=KSKw2g.AL36ISg4yvC9oodGzN6z5keGbTJes6Q1EkJtOr3yvdxhKFie5E&rnd=732930197381374
IP 54.230.111.8:0
File type JSON data\012- , ASCII text
Hash c3ee130e9cecb1b00e460c3e1b6d9295
7dbea5d201bf6ef894e2b8c2203ebbe8dc0a3583
3f35f187335b9b6f51202acbf476dfed18004162ac06b6f8d80a746adf0df538
GET /comet/e91WwAJTABG3mZ!D2PuxGq9wq4B97Xq-21073e91WwAJTABG3mZ/recv?access_token=KSKw2g.AL36ISg4yvC9oodGzN6z5keGbTJes6Q1EkJtOr3yvdxhKFie5E&rnd=732930197381374 HTTP/1.1
Host: realtime.pa.highwebmedia.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://chaturbate.com/
Origin: https://chaturbate.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: application/json
content-length: 1459
access-control-allow-credentials: true
access-control-allow-origin: https://chaturbate.com
access-control-expose-headers: Link,Transfer-Encoding,Content-Length,X-Ably-ErrorCode,X-Ably-ErrorMessage,X-Ably-ServerId,Server
date: Tue, 20 Sep 2022 21:13:39 GMT
vary: Origin
x-ably-serverid: frontend.aad5.5.eu-central-1-A.i-0a6a3f495fe1d0fc7.e91WwAJTABG3mZ
x-robots-tag: noindex
x-cache: Miss from cloudfront
via: 1.1 db0992ba349fc51d5151ec8330e36c28.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: vNJ5hAazB9bo6WwSzEqShVOGA9m5cNqKRLcwi-ly_23BqdiNSMbbRw==
X-Firefox-Spdy: h2
realtime.pa.highwebmedia.com/comet/e91WwAJTABG3mZ!D2PuxGq9wq4B97Xq-21073e91WwAJTABG3mZ/send?access_token=KSKw2g.AL36ISg4yvC9oodGzN6z5keGbTJes6Q1EkJtOr3yvdxhKFie5E&rnd=8513299120544532
54.230.111.8201 Created 2 B URL HTTP/2 realtime.pa.highwebmedia.com/comet/e91WwAJTABG3mZ!D2PuxGq9wq4B97Xq-21073e91WwAJTABG3mZ/send?access_token=KSKw2g.AL36ISg4yvC9oodGzN6z5keGbTJes6Q1EkJtOr3yvdxhKFie5E&rnd=8513299120544532
IP 54.230.111.8:0
File type JSON data\012- , ASCII text, with no line terminators
Hash d751713988987e9331980363e24189ce
97d170e1550eee4afc0af065b78cda302a97674c
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
POST /comet/e91WwAJTABG3mZ!D2PuxGq9wq4B97Xq-21073e91WwAJTABG3mZ/send?access_token=KSKw2g.AL36ISg4yvC9oodGzN6z5keGbTJes6Q1EkJtOr3yvdxhKFie5E&rnd=8513299120544532 HTTP/1.1
Host: realtime.pa.highwebmedia.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://chaturbate.com/
content-type: application/json
Content-Length: 1304
Origin: https://chaturbate.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 201 Created
content-type: application/json
content-length: 2
access-control-allow-credentials: true
access-control-allow-origin: https://chaturbate.com
access-control-expose-headers: Link,Transfer-Encoding,Content-Length,X-Ably-ErrorCode,X-Ably-ErrorMessage,X-Ably-ServerId,Server
date: Tue, 20 Sep 2022 21:13:39 GMT
vary: Origin
x-ably-serverid: frontend.aad5.5.eu-central-1-A.i-0a6a3f495fe1d0fc7.e91WwAJTABG3mZ
x-robots-tag: noindex
x-cache: Miss from cloudfront
via: 1.1 db0992ba349fc51d5151ec8330e36c28.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: RqJJvS_u5hO0G98M1P81cgAYyDxaiZWGDawh2u25AGNZzfPTAGX1gQ==
X-Firefox-Spdy: h2
i.bcicdn.com/04a/233/342/3389c79004aec7edf496f4d6a312702a_avatars.jpg
195.85.23.30200 OK 1.0 kB URL HTTP/2 i.bcicdn.com/04a/233/342/3389c79004aec7edf496f4d6a312702a_avatars.jpg
IP 195.85.23.30:0
ASN #209242 Cloudflare London, LLC
File type JPEG image data, progressive, precision 8, 32x32, components 3\012- data
Hash 162ae4bffba7bba8515a78b4033c614d
689d4972d7553cccbfbdcef103e4cacb29550e21
64f1142ec4bf7d99f57a64276d20ee01b1913969371c06c380fabe95dbfc466c
GET /04a/233/342/3389c79004aec7edf496f4d6a312702a_avatars.jpg HTTP/1.1
Host: i.bcicdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://no.bongacams.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Tue, 20 Sep 2022 21:13:39 GMT
content-type: image/jpeg
content-length: 1017
access-control-allow-origin: *
cache-control: max-age=2592000
cf-bgj: h2pri
etag: "61e072fc-3f9"
expires: Thu, 20 Oct 2022 15:35:12 GMT
last-modified: Thu, 13 Jan 2022 18:44:12 GMT
x-o1-p4: EXPIRED
x-bc-o: 2
cf-cache-status: HIT
age: 19832
accept-ranges: bytes
vary: Accept-Encoding
strict-transport-security: max-age=15552000; includeSubDomains
x-content-type-options: nosniff
server: cloudflare
cf-ray: 74dd90f75b6c0b02-OSL
X-Firefox-Spdy: h2
i.bcicdn.com/04a/233/342/3389c79004aec7edf496f4d6a312702a_profile_s.jpg
195.85.23.30200 OK 11 kB URL HTTP/2 i.bcicdn.com/04a/233/342/3389c79004aec7edf496f4d6a312702a_profile_s.jpg
IP 195.85.23.30:0
ASN #209242 Cloudflare London, LLC
File type JPEG image data, progressive, precision 8, 226x224, components 3\012- data
Hash 43e9ddc7b21e14ecd3f853fcab3185db
37ef19b4fa4afccc1c0ef2d24d9c08bf7d1f7604
92863428a4ea64edfb83489c797d28f2c1aaafe64422a66ce263a546e204a5d9
GET /04a/233/342/3389c79004aec7edf496f4d6a312702a_profile_s.jpg HTTP/1.1
Host: i.bcicdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://no.bongacams.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Tue, 20 Sep 2022 21:13:39 GMT
content-type: image/jpeg
content-length: 11427
access-control-allow-origin: *
cache-control: max-age=2592000
cf-bgj: h2pri
etag: "61e072fc-2ca3"
expires: Wed, 19 Oct 2022 14:00:41 GMT
last-modified: Thu, 13 Jan 2022 18:44:12 GMT
x-o1-p4: HIT
x-bc-o: 2
cf-cache-status: HIT
age: 87874
accept-ranges: bytes
vary: Accept-Encoding
strict-transport-security: max-age=15552000; includeSubDomains
x-content-type-options: nosniff
server: cloudflare
cf-ray: 74dd90f75b6e0b02-OSL
X-Firefox-Spdy: h2
i.bcicdn.com/gifts/901/771be9d5e351d1e4888537352321debb_th.png
195.85.23.30200 OK 20 kB URL HTTP/2 i.bcicdn.com/gifts/901/771be9d5e351d1e4888537352321debb_th.png
IP 195.85.23.30:0
ASN #209242 Cloudflare London, LLC
File type PNG image data, 155 x 155, 8-bit/color RGBA, non-interlaced\012- data
Hash b625446ac227298550d01479011e9bcc
278523298af00f936dcad9b5d230d4835b743726
0a77445d70f74cf91ec3ec5e3797ecd6ab7c0a16f1432235f5f921ce1f2b61c1
GET /gifts/901/771be9d5e351d1e4888537352321debb_th.png HTTP/1.1
Host: i.bcicdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://no.bongacams.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Tue, 20 Sep 2022 21:13:39 GMT
content-type: image/png
content-length: 19980
last-modified: Mon, 04 Feb 2019 08:50:36 GMT
etag: "5c57fcdc-4e0c"
expires: Wed, 19 Oct 2022 13:47:23 GMT
cache-control: max-age=2592000
vary: Accept-Encoding
x-cache-0: 1
cf-cache-status: HIT
age: 113091
accept-ranges: bytes
strict-transport-security: max-age=15552000; includeSubDomains
x-content-type-options: nosniff
server: cloudflare
cf-ray: 74dd90f75b7b0b02-OSL
X-Firefox-Spdy: h2
i.bcicdn.com/promotions/invisible_mode/3/182x600/no.jpg
195.85.23.30200 OK 61 kB URL HTTP/2 i.bcicdn.com/promotions/invisible_mode/3/182x600/no.jpg
IP 195.85.23.30:0
ASN #209242 Cloudflare London, LLC
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, progressive, precision 8, 182x600, components 3\012- data
Hash e575adffc76ebf091fa18ba145483adb
1854a4ce8a9b83a80c37c4c67d23b5e7fdccd2bc
626c782739c06c9408614c7cb89c1118320588226dbe105673175b326d43cc4c
GET /promotions/invisible_mode/3/182x600/no.jpg HTTP/1.1
Host: i.bcicdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://no.bongacams.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Tue, 20 Sep 2022 21:13:39 GMT
content-type: image/jpeg
content-length: 60919
cache-control: max-age=2592000
cf-bgj: h2pri
etag: "624a9c92-edf7"
expires: Wed, 19 Oct 2022 13:48:01 GMT
last-modified: Mon, 04 Apr 2022 07:21:54 GMT
vary: Accept-Encoding
x-cache-0: 1
cf-cache-status: HIT
age: 113138
accept-ranges: bytes
strict-transport-security: max-age=15552000; includeSubDomains
x-content-type-options: nosniff
server: cloudflare
cf-ray: 74dd90f76b930b02-OSL
X-Firefox-Spdy: h2
cbjpeg.stream.highwebmedia.com/stream?room=nico_rock&f=0.7494335784276466
131.153.88.91200 OK 30 kB URL HTTP/2 cbjpeg.stream.highwebmedia.com/stream?room=nico_rock&f=0.7494335784276466
IP 131.153.88.91:0
ASN #50389 Phoenix Nap, LLC.
File type JPEG image data, JFIF standard 1.02, aspect ratio, density 1280x1281, segment length 16, comment: "Lavc58.91.100", baseline, precision 8, 854x480, components 3\012- data
Hash 7f3f8ca6be5ac2ba6dbe73bcf2cc0d96
5c285f614c577a69e5cc9b7e8161751718167b04
e0b60de97328b02217c5c13b87ef72de55a046b067a5b2876c034213d770073a
GET /stream?room=nico_rock&f=0.7494335784276466 HTTP/1.1
Host: cbjpeg.stream.highwebmedia.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://chaturbate.com/
Connection: keep-alive
Cookie: _cfuvid=Mz.3OIkblVbUOt3p8avfJgQVvR0nswAWvSQebRbBaIo-1663708416526-0-604800000
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 20 Sep 2022 21:13:39 GMT
content-type: image/jpeg
content-length: 30027
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: default-src 'none'; img-src data:; style-src 'unsafe-inline'
cache-tag: cbjpeg
x-frame-options: DENY
X-Firefox-Spdy: h2
realtime.pa.highwebmedia.com/comet/connect?access_token=KSKw2g.AL36ISg4yvC9oodGzN6z5keGbTJes6Q1EkJtOr3yvdxhKFie5E&upgrade=e91WwAJTABG3mZ!D2PuxGq9wq4B97Xq-21073e91WwAJTABG3mZ&heartbeats=true&v=1.2&agent=ably-js%2F1.2.13%20browser&remainPresentFor=0&rnd=5158341524049036
54.230.111.8200 OK 779 B URL HTTP/2 realtime.pa.highwebmedia.com/comet/connect?access_token=KSKw2g.AL36ISg4yvC9oodGzN6z5keGbTJes6Q1EkJtOr3yvdxhKFie5E&upgrade=e91WwAJTABG3mZ!D2PuxGq9wq4B97Xq-21073e91WwAJTABG3mZ&heartbeats=true&v=1.2&agent=ably-js%2F1.2.13%20browser&remainPresentFor=0&rnd=5158341524049036
IP 54.230.111.8:0
Hash bfb9e985ae4be89f350ed315ba443c1b
bd3371386b055756bfe1a974a09ef372033f6be2
bdb1f6ba578a04c5dd2b8378738471470bfa9f3a61a1bed967655b0bbf241d24
GET /comet/connect?access_token=KSKw2g.AL36ISg4yvC9oodGzN6z5keGbTJes6Q1EkJtOr3yvdxhKFie5E&upgrade=e91WwAJTABG3mZ!D2PuxGq9wq4B97Xq-21073e91WwAJTABG3mZ&heartbeats=true&v=1.2&agent=ably-js%2F1.2.13%20browser&remainPresentFor=0&rnd=5158341524049036 HTTP/1.1
Host: realtime.pa.highwebmedia.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://chaturbate.com/
Origin: https://chaturbate.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: application/json
access-control-allow-credentials: true
access-control-allow-origin: https://chaturbate.com
access-control-expose-headers: Link,Transfer-Encoding,Content-Length,X-Ably-ErrorCode,X-Ably-ErrorMessage,X-Ably-ServerId,Server
date: Tue, 20 Sep 2022 21:13:39 GMT
vary: Origin
x-ably-serverid: frontend.aad5.5.eu-central-1-A.i-0a6a3f495fe1d0fc7.e91WwAJTABG3mZ
x-content-type-options: nosniff
x-robots-tag: noindex
x-cache: Miss from cloudfront
via: 1.1 db0992ba349fc51d5151ec8330e36c28.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: 0Ueq82J8RYQoBBdEcauTErNcS0xqThf5A1ESlE2xVOHM_A45OoG7qQ==
X-Firefox-Spdy: h2
ocsp.sectigo.com/
104.18.32.68200 OK 472 B IP 104.18.32.68:0
Hash 9f6d6def9a69942f9efa5e8bb949c4fe
cabdb03424db3d54134138cad6bff60834b07871
569913693b665f28123b8a0cb81f1930962fb5c4759ab0d63dc0bba47a6718e4
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Tue, 20 Sep 2022 21:13:39 GMT
Content-Type: application/ocsp-response
Content-Length: 472
Connection: keep-alive
Last-Modified: Tue, 20 Sep 2022 07:51:03 GMT
Expires: Tue, 27 Sep 2022 07:51:02 GMT
Etag: "cabdb03424db3d54134138cad6bff60834b07871"
Cache-Control: max-age=556042,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb5
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 74dd90f71e02b517-OSL
i.bcicdn.com/css-min/1x3Eh/extra/listing_catrows.css
195.85.23.30200 OK 1.3 kB URL HTTP/2 i.bcicdn.com/css-min/1x3Eh/extra/listing_catrows.css
IP 195.85.23.30:0
ASN #209242 Cloudflare London, LLC
File type ASCII text, with very long lines (5204), with no line terminators
Hash 42c7dcd886e171b2a38969ed5236d45f
5c9d08b9c9ba00c6146fafdc1b84925c800a6dc5
8d6d1e9f272ffb4dabdd98e7ea2e0e6260c473040f98772ee0491cca896a43c2
GET /css-min/1x3Eh/extra/listing_catrows.css HTTP/1.1
Host: i.bcicdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://no.bongacams.net/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Tue, 20 Sep 2022 21:13:39 GMT
content-type: text/css
last-modified: Tue, 20 Sep 2022 05:06:48 GMT
etag: W/"63294a68-1454"
expires: Thu, 20 Oct 2022 05:07:00 GMT
cache-control: max-age=2592000
x-bc-o: 1, 2
x-o1-css: MISS
vary: Accept-Encoding
access-control-allow-origin: *
cf-cache-status: HIT
age: 57996
strict-transport-security: max-age=15552000; includeSubDomains
x-content-type-options: nosniff
server: cloudflare
cf-ray: 74dd90f7bbe70b02-OSL
content-encoding: br
X-Firefox-Spdy: h2
i.bcicdn.com/css-min/1x3Eh/lt.css
195.85.23.30200 OK 20 kB URL HTTP/2 i.bcicdn.com/css-min/1x3Eh/lt.css
IP 195.85.23.30:0
ASN #209242 Cloudflare London, LLC
File type ASCII text, with very long lines (65536), with no line terminators
Hash 5bb70d0aa88ffcfb0cc6b5528b135b44
755c3e32655a26779d84defd7d4dd0a4c5a0a179
b131b03764e5939272baac2b7901a92dc7bb76afcbb51185b1b89a271e16c608
GET /css-min/1x3Eh/lt.css HTTP/1.1
Host: i.bcicdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://no.bongacams.net/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Tue, 20 Sep 2022 21:13:39 GMT
content-type: text/css
last-modified: Tue, 20 Sep 2022 05:06:48 GMT
etag: W/"63294a68-19eca"
expires: Thu, 20 Oct 2022 05:07:00 GMT
cache-control: max-age=2592000
x-bc-o: 2, 1
x-o1-css: MISS
vary: Accept-Encoding
access-control-allow-origin: *
cf-cache-status: HIT
age: 57996
strict-transport-security: max-age=15552000; includeSubDomains
x-content-type-options: nosniff
server: cloudflare
cf-ray: 74dd90f7bbe60b02-OSL
content-encoding: br
X-Firefox-Spdy: h2
i.bcicdn.com/css-min/1x3Eh/cr.css
195.85.23.30200 OK 16 kB URL HTTP/2 i.bcicdn.com/css-min/1x3Eh/cr.css
IP 195.85.23.30:0
ASN #209242 Cloudflare London, LLC
File type ASCII text, with very long lines (65536), with no line terminators
Hash b3c4fdebff91c04eabf0ffae587607f9
6125b366041704e99a96644e4bbbe98fc4381a22
780167a85e31abe54b14797eec7c73511498b35122938119030be01a79f4e037
GET /css-min/1x3Eh/cr.css HTTP/1.1
Host: i.bcicdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://no.bongacams.net/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Tue, 20 Sep 2022 21:13:39 GMT
content-type: text/css
last-modified: Tue, 20 Sep 2022 05:06:48 GMT
etag: W/"63294a68-1346f"
expires: Thu, 20 Oct 2022 05:07:00 GMT
cache-control: max-age=2592000
x-bc-o: 1, 2
x-o1-css: MISS
vary: Accept-Encoding
access-control-allow-origin: *
cf-cache-status: HIT
age: 57996
strict-transport-security: max-age=15552000; includeSubDomains
x-content-type-options: nosniff
server: cloudflare
cf-ray: 74dd90f7bbe20b02-OSL
content-encoding: br
X-Firefox-Spdy: h2
i.bcicdn.com/css-min/1x3Eh/extra/listing.css
195.85.23.30200 OK 15 kB URL HTTP/2 i.bcicdn.com/css-min/1x3Eh/extra/listing.css
IP 195.85.23.30:0
ASN #209242 Cloudflare London, LLC
File type ASCII text, with very long lines (65536), with no line terminators
Hash a2595700e2642e8bf42ca491cce61522
5a0cc67f2f37811e1a72d1da98f5880fccd3ad95
4596d3bacd6a0d6cc630c3bee823fbd6208c61bdc56ce9bcdc0d55668da324e2
GET /css-min/1x3Eh/extra/listing.css HTTP/1.1
Host: i.bcicdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://no.bongacams.net/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Tue, 20 Sep 2022 21:13:39 GMT
content-type: text/css
last-modified: Tue, 20 Sep 2022 05:06:48 GMT
etag: W/"63294a68-120f5"
expires: Thu, 20 Oct 2022 05:06:57 GMT
cache-control: max-age=2592000
x-bc-o: 1, 2
x-o1-css: MISS
vary: Accept-Encoding
access-control-allow-origin: *
cf-cache-status: HIT
age: 57996
strict-transport-security: max-age=15552000; includeSubDomains
x-content-type-options: nosniff
server: cloudflare
cf-ray: 74dd90f7bbe30b02-OSL
content-encoding: br
X-Firefox-Spdy: h2
chaturbate.com/topembed/?join_overlay=1&tour=dTm0&campaign=taOsB&disable_sound=1&mobileRedirect=auto&embed_video_only=1&target=_blank
104.18.101.40302 Found 0 B URL HTTP/2 chaturbate.com/topembed/?join_overlay=1&tour=dTm0&campaign=taOsB&disable_sound=1&mobileRedirect=auto&embed_video_only=1&target=_blank
IP 104.18.101.40:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /topembed/?join_overlay=1&tour=dTm0&campaign=taOsB&disable_sound=1&mobileRedirect=auto&embed_video_only=1&target=_blank HTTP/1.1
Host: chaturbate.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://a.medfoodsafety.com/
Connection: keep-alive
Cookie: __cf_bm=_b0ekgA6k1oh24UKz4oE.v8FSs.rUw7q2jQjHddccNQ-1663708415-0-AR+yF+7Z6B0itLdJlmf6mXJTs5yNZ24mEksN/iPkShYWmOfqqHprs6MuIFnPdkVtsJaHHXI0GYY03RF/sewfPYY=
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 302 Found
date: Tue, 20 Sep 2022 21:13:36 GMT
content-type: text/html; charset=utf-8
location: /embed/nico_rock/?join_overlay=1&tour=dTm0&campaign=taOsB&disable_sound=1&mobileRedirect=auto&embed_video_only=1&target=_blank
p3p: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"
vary: Accept-Language, Cookie
content-language: en
content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.mmcdn.com https://*.highwebmedia.com https://*.chaturbate.com https://chaturbate.com https://ajax.googleapis.com https://js-agent.newrelic.com https://cdnjs.cloudflare.com https://www.google-analytics.com https://www.google.com/recaptcha/ https://www.google.com/cv/ https://www.gstatic.com/recaptcha/ https://www.gstatic.com/cv/ https://www.gstatic.com/eureka/ https://www.gstatic.com/cast/ https://*.nr-data.net https://certify-js.alexametrics.com https://player.vimeo.com/api/player.js http://static.hotjar.com https://static.hotjar.com https://script.hotjar.com ; style-src 'self' data: 'unsafe-inline' https://*.highwebmedia.com https://cdnjs.cloudflare.com https://fonts.googleapis.com ; img-src 'self' data: https://*.mmcdn.com https://*.highwebmedia.com https://*.stream.highwebmedia.com https://*.chaturbate.com https://chaturbate.com https://www.google-analytics.com https://static-pub.highwebmedia.com https://s3pv.highwebmedia.com https://cbphotovideo.s3.amazonaws.com https://cbphotovideo-eu.s3.amazonaws.com https://static-pub.highwebmedia.com.s3.amazonaws.com https://wowdvr.s3.amazonaws.com https://cbvideoupload.s3.amazonaws.com https://cdnjs.cloudflare.com https://www.gstatic.com https://*.nr-data.net https://certify.alexametrics.com https://stats.g.doubleclick.net https://cbgames.s3.amazonaws.com https://player.vimeo.com https://script.hotjar.com http://script.hotjar.com ; font-src 'self' data: https://*.mmcdn.com https://*.highwebmedia.com https://cdnjs.cloudflare.com https://fonts.gstatic.com http://script.hotjar.com https://script.hotjar.com ; connect-src 'self' blob: blob https://*.mmcdn.com wss://*.mmcdn.com wss://*.mmcdn.com:8443 https://*.highwebmedia.com wss://*.highwebmedia.com wss://*.highwebmedia.com:8443 https://*.nr-data.net https://*.chaturbate.com https://chaturbate.com https://www.google-analytics.com https://cbvideoupload.s3-accelerate.amazonaws.com https://stats.g.doubleclick.net https://internet-up.ably-realtime.com https://static-pub.highwebmedia.com https://s3pv.highwebmedia.com https://cbphotovideo.s3.amazonaws.com https://cbphotovideo-eu.s3.amazonaws.com https://static-pub.highwebmedia.com.s3.amazonaws.com https://wowdvr.s3.amazonaws.com https://cbvideoupload.s3.amazonaws.com https://tls-use1.fpapi.io http://*.hotjar.com:* https://*.hotjar.com:* https://vc.hotjar.io:* https://surveystats.hotjar.io wss://*.hotjar.com ; media-src 'self' https://*.mmcdn.com https://*.highwebmedia.com https://*.chaturbate.com https://chaturbate.com mediasource: blob: data: https://static-pub.highwebmedia.com https://s3pv.highwebmedia.com https://cbphotovideo.s3.amazonaws.com https://cbphotovideo-eu.s3.amazonaws.com https://static-pub.highwebmedia.com.s3.amazonaws.com https://wowdvr.s3.amazonaws.com https://cbvideoupload.s3.amazonaws.com; object-src 'self' https://*.mmcdn.com https://*.highwebmedia.com https://download.macromedia.com https://static-pub.highwebmedia.com https://s3pv.highwebmedia.com https://cbphotovideo.s3.amazonaws.com https://cbphotovideo-eu.s3.amazonaws.com https://static-pub.highwebmedia.com.s3.amazonaws.com https://wowdvr.s3.amazonaws.com https://cbvideoupload.s3.amazonaws.com ; frame-src 'self' https://*.mmcdn.com https://*.chaturbate.com https://chaturbate.com https://*.highwebmedia.com https://adserver.exoticads.com https://www.google.com/recaptcha/ https://*.wnu.com https://wnu.com https://checkout.2000charge.com https://www.sofort.com https://*.girogate.de https://player.vimeo.com https://vars.hotjar.com ; child-src 'self' blob: blob ; worker-src 'self' blob: blob ; form-action 'self' https://*.chaturbate.com https://chaturbate.com https://*.stream.highwebmedia.com https://www.coinpayments.net https://*.wnu.com https://wnu.com https://devportal.cb.dev https://*.web.amer-1.jumio.ai https://smartpay.coinsmart.com ; manifest-src 'self' https://*.mmcdn.com https://*.highwebmedia.com ; report-uri https://report-uri.mmcdn.com/r/t/csp/enforce;
report-to: {"group":"default","max_age":2592000,"endpoints":[{"url":"https://report-uri.mmcdn.com/a/t/g"}],"include_subdomains":true}
nel: {"report_to":"default","max_age":2592000,"include_subdomains":true}
x-frame-options: DENY
cache-control: no-cache
set-cookie: stcki="pOtSwZ=0\054FqPd9a=1\0546pduSG=0\054aDBbcK=0"; expires=Thu, 20-Oct-2022 21:13:35 GMT; Max-Age=2592000; Path=/
affkey=eJyrVipSslJQyigpKSi20tdP1MtNTUnLz08pTkxLLanUS87P1VeqBQDmXQyt; Domain=.chaturbate.com; expires=Thu, 20-Oct-2022 21:13:35 GMT; Max-Age=2592000; Path=/
sbr=sec:sbr4af5ce44-49aa-483e-aef4-5750ca44a088:1oakYh:mQWhTPG5Q0GHNlsyND-ufeEMDhE; Domain=.chaturbate.com; expires=Sun, 15-Jun-2025 21:13:35 GMT; HttpOnly; Max-Age=86313600; Path=/; Secure
x-content-type-options: nosniff
x-xss-protection: 1; mode=block; report=https://report-uri.highwebmedia.com/r/t/xss/enforce
referrer-policy: strict-origin-when-cross-origin
via: 1.1 google
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cf-cache-status: DYNAMIC
strict-transport-security: max-age=31536000; includeSubDomains; preload
server: cloudflare
cf-ray: 74dd90df3d320b4d-OSL
X-Firefox-Spdy: h2
xfantazy.com/_next/static/pSlyoXy7R5nE6sbZsP0Ue/pages/top.js
104.26.0.188200 OK 0 B URL HTTP/2 xfantazy.com/_next/static/pSlyoXy7R5nE6sbZsP0Ue/pages/top.js
IP 104.26.0.188:0
GET /_next/static/pSlyoXy7R5nE6sbZsP0Ue/pages/top.js HTTP/1.1
Host: xfantazy.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/video/6034cee1d7357618a3d2dc9d
Cookie: visitorId=horncvam62vvxmy2otezz; experiment-popup-payment-7=0; experiment-save-to-button-2=0; safeMode=0; advancedOptions=0; viewedVideoCounter=0; adScript2Groups=push1-push1%2Cpush2-push2%2Cpop-desk%2CTest-Code%20; k2sAccessToken=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiI1YjM5Y2ZjY2ZjNGUwNzFjNzE4MWQ0ZmQiLCJhdWQiOiJjbGllbnQiLCJ0eXBlIjoiYWNjZXNzVG9rZW4iLCJpc3MiOiJrMnMiLCJjSWQiOiI1YjM5Y2ZjY2ZjNGUwNzFjNzE4MWQ0ZmQiLCJqdGkiOiI1ODE5MGM3ZWFjNGFhIiwiaWF0IjoxNjYzNzA4NDEyLCJleHAiOjE2NjQzMTMyMTJ9.J-52W5qxoXYbgJdXnqJVRdZVyMp3smh-_dcHf5oa3DQ; k2sRefreshToken=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiI1YjM5Y2ZjY2ZjNGUwNzFjNzE4MWQ0ZmQiLCJhdWQiOiJjbGllbnQiLCJ0eXBlIjoicmVmcmVzaFRva2VuIiwiaXNzIjoiazJzIiwiY0lkIjoiNWIzOWNmY2NmYzRlMDcxYzcxODFkNGZkIiwianRpIjoiY2ZjZmQ4ZTJmNzBiMCIsImlhdCI6MTY2MzcwODQxMiwiZXhwIjoxNjY2MzAwNDEyfQ.HmMDp9n8qVrKYvCtGt_HA1_xdu-EjwinqqsOq54QK_A
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Tue, 20 Sep 2022 21:13:33 GMT
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=31536000, immutable
cf-bgj: minify
etag: W/"582-18350162aec"
last-modified: Sun, 18 Sep 2022 10:12:53 GMT
vary: Origin, Accept-Encoding
cf-cache-status: HIT
age: 212140
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=DEPVWed9Ds5FpzZ7M9gdQj%2F1LE75AnWM0g60iKDc9dUgqUh6Ho4lLm1Ho1dFDdRLBhF%2FKuEWbt0KtoJS3C66NfeXWBZhD6C22So3OwEVl%2B%2Bg926dN%2BxW1ajyhyz9fQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 74dd90cf1ce5b503-OSL
content-encoding: br
X-Firefox-Spdy: h2
a.focusde.info/api/spots/312874?p=1&s1=%subid1%&kw=
135.181.208.216200 OK 0 B URL HTTP/2 a.focusde.info/api/spots/312874?p=1&s1=%subid1%&kw=
IP 135.181.208.216:0
ASN #24940 Hetzner Online GmbH
GET /api/spots/312874?p=1&s1=%subid1%&kw= HTTP/1.1
Host: a.focusde.info
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 20 Sep 2022 21:13:34 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
set-cookie: nauid=yMnooWc9BBUqQXzTbf5a; Path=/; Expires=Wed, 11 Nov 2037 11:11:11 GMT; Secure; SameSite=None
cache-control: private
content-encoding: gzip
X-Firefox-Spdy: h2
awecre.com/embed/lf?c=object_container&site=wl3&cobrandId=240622&psid=cybermike&pstool=202_1&psprogram=cbrnd&campaign_id=118122&category=girl&forcedPerformers[]=&vp[showChat]=false&vp[chatAutoHide]=false&vp[showCallToAction]=false&vp[showPerformerName]=false&vp[showPerformerStatus]=false&filters=&ms_notrack=1&subAffId={SUBAFFID}
93.93.51.191200 OK 0 B URL HTTP/2 awecre.com/embed/lf?c=object_container&site=wl3&cobrandId=240622&psid=cybermike&pstool=202_1&psprogram=cbrnd&campaign_id=118122&category=girl&forcedPerformers[]=&vp[showChat]=false&vp[chatAutoHide]=false&vp[showCallToAction]=false&vp[showPerformerName]=false&vp[showPerformerStatus]=false&filters=&ms_notrack=1&subAffId={SUBAFFID}
IP 93.93.51.191:0
ASN #34655 DuoDecad IT Services Luxembourg S.a r.l.
GET /embed/lf?c=object_container&site=wl3&cobrandId=240622&psid=cybermike&pstool=202_1&psprogram=cbrnd&campaign_id=118122&category=girl&forcedPerformers[]=&vp[showChat]=false&vp[chatAutoHide]=false&vp[showCallToAction]=false&vp[showPerformerName]=false&vp[showPerformerStatus]=false&filters=&ms_notrack=1&subAffId={SUBAFFID} HTTP/1.1
Host: awecre.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://camschat.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript
cache-control: no-cache
date: Tue, 20 Sep 2022 21:13:36 GMT
server: unknown
set-cookie: psui=c11170dca089cc3d7eb6d01a7f1a1068; Path=/; Expires=Thu, 20-Oct-22 21:13:36 GMT; SameSite=None; Secure
X-Firefox-Spdy: h2
tsyndicate.com/iframes2/fea554760f03469997df274d7645375f.html?
148.251.120.78200 OK 0 B URL HTTP/2 tsyndicate.com/iframes2/fea554760f03469997df274d7645375f.html?
IP 148.251.120.78:0
ASN #24940 Hetzner Online GmbH
GET /iframes2/fea554760f03469997df274d7645375f.html? HTTP/1.1
Host: tsyndicate.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://media.aso1.net/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 20 Sep 2022 21:13:35 GMT
content-type: text/html; charset=utf-8
pragma: no-cache
expires: 0
vary: Accept-Encoding, *
x-api-version: 2
link: <https://lcdn.tsyndicate.com/sdk/v1/b.b.js>; rel=preload; as=script
x-request-id: 0a0f09fab8addcda
set-cookie: ts_uid=5aa8ff14-65f8-4c61-9328-0668cfa38bb7; expires=Mon, 20 Mar 2023 21:13:35 GMT; domain=.tsyndicate.com; path=/; HttpOnly; secure; SameSite=None
bfq=APeIECNCxxYZN2zQsDFjRhcWIsYU3BLjoYgyE2PYYHgjBw0cMWp06aMg; expires=Wed, 21 Sep 2022 21:13:35 GMT; domain=.tsyndicate.com; path=/; secure; SameSite=None
cache-control: no-cache, no-store, no-transform, must-revalidate, no-transform
x-robots-tag: none, noindex, nofollow
report-to: { "url": "https://pxl.tsyndicate.com/api/v1/heavy-ad/report", "max_age": 86401 }
content-encoding: gzip
X-Firefox-Spdy: h2
static-assets.highwebmedia.com/CACHE/js/output.e1067846ea15.js
104.16.93.42200 OK 0 B URL HTTP/2 static-assets.highwebmedia.com/CACHE/js/output.e1067846ea15.js
IP 104.16.93.42:0
GET /CACHE/js/output.e1067846ea15.js HTTP/1.1
Host: static-assets.highwebmedia.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://chaturbate.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Tue, 20 Sep 2022 21:13:36 GMT
content-type: application/javascript
cache-control: public, max-age=2592000
cf-bgj: minify
cf-polished: origSize=108152
etag: W/"97a23c5e27826ee4bed1dbcfe0601da8"
last-modified: Thu, 24 Jun 2021 21:24:09 GMT
x-amz-id-2: gJdq637yDaGW5b/k/xLZcaVgKR2zPrz11wa1iwf3/kEEAF2JWIngCVC4T9LIrDSnBaklrTBcytM=
x-amz-meta-s3cmd-attrs: md5:97a23c5e27826ee4bed1dbcfe0601da8
x-amz-request-id: C8A0N4S7KE12CYZQ
cf-cache-status: HIT
age: 258369
expires: Thu, 20 Oct 2022 21:13:36 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=5E5czNT0MPm3YkDNQeKMcRCNysOvBFmkumK%2BdWwY1IqDx3lJQpphTpFl5pJe%2Fml4qZA%2FRmZOURxqaPc8TGDrfzsYYAhv8BAb0UK%2F%2BOGMQNJBUMhGChmivhmqnN3mybblWWEMjWPqxUxvNhMUxPvrMw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
set-cookie: _cfuvid=1uDINWP4b6ZxKnu4XwITcMv1R9oP4_8TviX8TZLg81M-1663708416521-0-604800000; path=/; domain=.highwebmedia.com; HttpOnly; Secure; SameSite=None
server: cloudflare
cf-ray: 74dd90e33adcb503-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
i.bcicdn.com/images/default/social/instagram.svg
195.85.23.30200 OK 0 B URL HTTP/2 i.bcicdn.com/images/default/social/instagram.svg
IP 195.85.23.30:0
ASN #209242 Cloudflare London, LLC
GET /images/default/social/instagram.svg HTTP/1.1
Host: i.bcicdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://no.bongacams.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Tue, 20 Sep 2022 21:13:39 GMT
content-type: image/svg+xml
last-modified: Tue, 16 Apr 2019 09:47:35 GMT
etag: W/"5cb5a4b7-d1d"
expires: Wed, 19 Oct 2022 13:47:23 GMT
cache-control: max-age=2592000
x-bc-o: 2
x-o1-p4: HIT
vary: Accept-Encoding
access-control-allow-origin: *
cf-cache-status: HIT
age: 113100
strict-transport-security: max-age=15552000; includeSubDomains
x-content-type-options: nosniff
server: cloudflare
cf-ray: 74dd90f75b6f0b02-OSL
content-encoding: br
X-Firefox-Spdy: h2
xfantazy.com/_next/static/pSlyoXy7R5nE6sbZsP0Ue/pages/channels.js
104.26.0.188200 OK 0 B URL HTTP/2 xfantazy.com/_next/static/pSlyoXy7R5nE6sbZsP0Ue/pages/channels.js
IP 104.26.0.188:0
GET /_next/static/pSlyoXy7R5nE6sbZsP0Ue/pages/channels.js HTTP/1.1
Host: xfantazy.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/video/6034cee1d7357618a3d2dc9d
Cookie: visitorId=horncvam62vvxmy2otezz; experiment-popup-payment-7=0; experiment-save-to-button-2=0; safeMode=0; advancedOptions=0; viewedVideoCounter=0; adScript2Groups=push1-push1%2Cpush2-push2%2Cpop-desk%2CTest-Code%20; k2sAccessToken=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiI1YjM5Y2ZjY2ZjNGUwNzFjNzE4MWQ0ZmQiLCJhdWQiOiJjbGllbnQiLCJ0eXBlIjoiYWNjZXNzVG9rZW4iLCJpc3MiOiJrMnMiLCJjSWQiOiI1YjM5Y2ZjY2ZjNGUwNzFjNzE4MWQ0ZmQiLCJqdGkiOiI1ODE5MGM3ZWFjNGFhIiwiaWF0IjoxNjYzNzA4NDEyLCJleHAiOjE2NjQzMTMyMTJ9.J-52W5qxoXYbgJdXnqJVRdZVyMp3smh-_dcHf5oa3DQ; k2sRefreshToken=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiI1YjM5Y2ZjY2ZjNGUwNzFjNzE4MWQ0ZmQiLCJhdWQiOiJjbGllbnQiLCJ0eXBlIjoicmVmcmVzaFRva2VuIiwiaXNzIjoiazJzIiwiY0lkIjoiNWIzOWNmY2NmYzRlMDcxYzcxODFkNGZkIiwianRpIjoiY2ZjZmQ4ZTJmNzBiMCIsImlhdCI6MTY2MzcwODQxMiwiZXhwIjoxNjY2MzAwNDEyfQ.HmMDp9n8qVrKYvCtGt_HA1_xdu-EjwinqqsOq54QK_A
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Tue, 20 Sep 2022 21:13:33 GMT
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=31536000, immutable
cf-bgj: minify
etag: W/"975-1835016291c"
last-modified: Sun, 18 Sep 2022 10:12:53 GMT
vary: Origin, Accept-Encoding
cf-cache-status: HIT
age: 212141
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=NSYBTO2KTzTyxUsARIo8XpBDuG%2FhOFzlrjmAD%2FDebpCMhwWU2LsUywfW%2BQjopTttzOaUCHmSLwzxlpEguas8qUqozpH5gdU2R6OAKowbBLgBlAAcT23rJLIQXTbs3w%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 74dd90cf2cf2b503-OSL
content-encoding: br
X-Firefox-Spdy: h2
pogothere.xyz/asd100.bin
172.64.107.19200 OK 0 B IP 172.64.107.19:0
GET /asd100.bin HTTP/1.1
Host: pogothere.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://xfantazy.com/
Origin: https://xfantazy.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Tue, 20 Sep 2022 21:13:34 GMT
content-type: binary/octet-stream
access-control-allow-origin: https://xfantazy.com
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-headers: X-Requested-With, content-type
cache-control: max-age=14400
cf-cache-status: HIT
age: 3610
last-modified: Tue, 20 Sep 2022 20:13:24 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Ofed4zrLeLddCV5wMTqj4TbG7I1onJPn3m%2FzXP8FtxxTuu3RBH9Poaz3uqLQQAQig3I28U13tPrdH9tV4WXucdqoggWJ3dMRe9aV88EqLwWAypT3jHqPWMs0di0pEjDf"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 74dd90d46fb071b1-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
a.focusde.info/api/spots/391866?host=xfantazy.com&ev=196&wh=939&ww=1280
135.181.208.216200 OK 0 B URL HTTP/2 a.focusde.info/api/spots/391866?host=xfantazy.com&ev=196&wh=939&ww=1280
IP 135.181.208.216:0
ASN #24940 Hetzner Online GmbH
GET /api/spots/391866?host=xfantazy.com&ev=196&wh=939&ww=1280 HTTP/1.1
Host: a.focusde.info
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Cookie: nauid=CMjYjSexL4DNQytkRjPW
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 20 Sep 2022 21:13:34 GMT
content-type: text/javascript; charset=utf-8
vary: Accept-Encoding
cache-control: private
content-encoding: gzip
X-Firefox-Spdy: h2
a.focusde.info/api/spots/391867?host=xfantazy.com&ev=196&wh=939&ww=1280
135.181.208.216200 OK 0 B URL HTTP/2 a.focusde.info/api/spots/391867?host=xfantazy.com&ev=196&wh=939&ww=1280
IP 135.181.208.216:0
ASN #24940 Hetzner Online GmbH
GET /api/spots/391867?host=xfantazy.com&ev=196&wh=939&ww=1280 HTTP/1.1
Host: a.focusde.info
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Cookie: nauid=CMjYjSexL4DNQytkRjPW
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 20 Sep 2022 21:13:34 GMT
content-type: text/javascript; charset=utf-8
vary: Accept-Encoding
cache-control: private
content-encoding: gzip
X-Firefox-Spdy: h2
pt.wmptctl.com/live-feed?c=object_container&site=wl3&cobrandId=240622&psid=cybermike&pstool=302_1&psprogram=cbrnd&campaign_id=118122&forcedPerformers%5B0%5D=&vp%5BshowChat%5D=false&vp%5BchatAutoHide%5D=false&vp%5BshowCallToAction%5D=false&vp%5BshowPerformerName%5D=false&vp%5BshowPerformerStatus%5D=false&filters=&subAffId=%7BSUBAFFID%7D&categoryName=girl&embedTool=1&origin=camschat.net&rrc=3
93.93.51.191200 OK 0 B URL HTTP/2 pt.wmptctl.com/live-feed?c=object_container&site=wl3&cobrandId=240622&psid=cybermike&pstool=302_1&psprogram=cbrnd&campaign_id=118122&forcedPerformers%5B0%5D=&vp%5BshowChat%5D=false&vp%5BchatAutoHide%5D=false&vp%5BshowCallToAction%5D=false&vp%5BshowPerformerName%5D=false&vp%5BshowPerformerStatus%5D=false&filters=&subAffId=%7BSUBAFFID%7D&categoryName=girl&embedTool=1&origin=camschat.net&rrc=3
IP 93.93.51.191:0
ASN #34655 DuoDecad IT Services Luxembourg S.a r.l.
GET /live-feed?c=object_container&site=wl3&cobrandId=240622&psid=cybermike&pstool=302_1&psprogram=cbrnd&campaign_id=118122&forcedPerformers%5B0%5D=&vp%5BshowChat%5D=false&vp%5BchatAutoHide%5D=false&vp%5BshowCallToAction%5D=false&vp%5BshowPerformerName%5D=false&vp%5BshowPerformerStatus%5D=false&filters=&subAffId=%7BSUBAFFID%7D&categoryName=girl&embedTool=1&origin=camschat.net&rrc=3 HTTP/1.1
Host: pt.wmptctl.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://pt.wmptctl.com/live-feed/fk/?c=object_container&site=wl3&cobrandId=240622&psid=cybermike&pstool=202_1&psprogram=cbrnd&campaign_id=118122&forcedPerformers%5B0%5D=&vp%5BshowChat%5D=false&vp%5BchatAutoHide%5D=false&vp%5BshowCallToAction%5D=false&vp%5BshowPerformerName%5D=false&vp%5BshowPerformerStatus%5D=false&filters=&subAffId=%7BSUBAFFID%7D&categoryName=girl&embedTool=1&origin=camschat.net
Cookie: psui=c11170dca089cc3d7eb6d01a7f1a1068
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
cache-control: no-cache
date: Tue, 20 Sep 2022 21:13:38 GMT
server: unknown
set-cookie: psui=c11170dca089cc3d7eb6d01a7f1a1068; Path=/; Expires=Thu, 20-Oct-22 21:13:38 GMT; SameSite=None; Secure
content-encoding: gzip
X-Firefox-Spdy: h2
i.bcicdn.com/images/replace/10/arial/999/bnct_add1_v2.svg
195.85.23.30200 OK 0 B URL HTTP/2 i.bcicdn.com/images/replace/10/arial/999/bnct_add1_v2.svg
IP 195.85.23.30:0
ASN #209242 Cloudflare London, LLC
GET /images/replace/10/arial/999/bnct_add1_v2.svg HTTP/1.1
Host: i.bcicdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://no.bongacams.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Tue, 20 Sep 2022 21:13:39 GMT
content-type: image/svg+xml
last-modified: Wed, 16 Mar 2022 11:31:02 GMT
etag: W/"6231ca76-35ac"
expires: Wed, 19 Oct 2022 13:47:19 GMT
cache-control: max-age=2592000
x-bc-o: 1
x-o1-p4: HIT
vary: Accept-Encoding
access-control-allow-origin: *
cf-cache-status: HIT
age: 113163
strict-transport-security: max-age=15552000; includeSubDomains
x-content-type-options: nosniff
server: cloudflare
cf-ray: 74dd90f78bb70b02-OSL
content-encoding: br
X-Firefox-Spdy: h2
xfantazy.com/_next/static/pSlyoXy7R5nE6sbZsP0Ue/pages/signup.js
104.26.0.188200 OK 0 B URL HTTP/2 xfantazy.com/_next/static/pSlyoXy7R5nE6sbZsP0Ue/pages/signup.js
IP 104.26.0.188:0
GET /_next/static/pSlyoXy7R5nE6sbZsP0Ue/pages/signup.js HTTP/1.1
Host: xfantazy.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/video/6034cee1d7357618a3d2dc9d
Cookie: visitorId=horncvam62vvxmy2otezz; experiment-popup-payment-7=0; experiment-save-to-button-2=0; safeMode=0; advancedOptions=0; viewedVideoCounter=0; adScript2Groups=push1-push1%2Cpush2-push2%2Cpop-desk%2CTest-Code%20; k2sAccessToken=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiI1YjM5Y2ZjY2ZjNGUwNzFjNzE4MWQ0ZmQiLCJhdWQiOiJjbGllbnQiLCJ0eXBlIjoiYWNjZXNzVG9rZW4iLCJpc3MiOiJrMnMiLCJjSWQiOiI1YjM5Y2ZjY2ZjNGUwNzFjNzE4MWQ0ZmQiLCJqdGkiOiI1ODE5MGM3ZWFjNGFhIiwiaWF0IjoxNjYzNzA4NDEyLCJleHAiOjE2NjQzMTMyMTJ9.J-52W5qxoXYbgJdXnqJVRdZVyMp3smh-_dcHf5oa3DQ; k2sRefreshToken=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiI1YjM5Y2ZjY2ZjNGUwNzFjNzE4MWQ0ZmQiLCJhdWQiOiJjbGllbnQiLCJ0eXBlIjoicmVmcmVzaFRva2VuIiwiaXNzIjoiazJzIiwiY0lkIjoiNWIzOWNmY2NmYzRlMDcxYzcxODFkNGZkIiwianRpIjoiY2ZjZmQ4ZTJmNzBiMCIsImlhdCI6MTY2MzcwODQxMiwiZXhwIjoxNjY2MzAwNDEyfQ.HmMDp9n8qVrKYvCtGt_HA1_xdu-EjwinqqsOq54QK_A
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Tue, 20 Sep 2022 21:13:33 GMT
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=31536000, immutable
cf-bgj: minify
etag: W/"bac-18350162aec"
last-modified: Sun, 18 Sep 2022 10:12:53 GMT
vary: Origin, Accept-Encoding
cf-cache-status: HIT
age: 212140
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=zvhTLaof%2BoT%2BoYdTuP6JTr4Qp%2Bmu83E906pQ3ZegaGl9ucZGMRzIWuBPzgdi3jEjT0YlHaEnFyVnLQ94Wzw7rt42QIj%2Fr0DrllxjQ3nMqP0cfei95oYZDtUDP786Qw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 74dd90cf0ce1b503-OSL
content-encoding: br
X-Firefox-Spdy: h2
pt.wmptctl.com/live-feed/fk/?c=object_container&site=wl3&cobrandId=240622&psid=cybermike&pstool=202_1&psprogram=cbrnd&campaign_id=118122&forcedPerformers%5B0%5D=&vp%5BshowChat%5D=false&vp%5BchatAutoHide%5D=false&vp%5BshowCallToAction%5D=false&vp%5BshowPerformerName%5D=false&vp%5BshowPerformerStatus%5D=false&filters=&subAffId=%7BSUBAFFID%7D&categoryName=girl&embedTool=1&origin=camschat.net
93.93.51.191200 OK 0 B URL HTTP/2 pt.wmptctl.com/live-feed/fk/?c=object_container&site=wl3&cobrandId=240622&psid=cybermike&pstool=202_1&psprogram=cbrnd&campaign_id=118122&forcedPerformers%5B0%5D=&vp%5BshowChat%5D=false&vp%5BchatAutoHide%5D=false&vp%5BshowCallToAction%5D=false&vp%5BshowPerformerName%5D=false&vp%5BshowPerformerStatus%5D=false&filters=&subAffId=%7BSUBAFFID%7D&categoryName=girl&embedTool=1&origin=camschat.net
IP 93.93.51.191:0
ASN #34655 DuoDecad IT Services Luxembourg S.a r.l.
GET /live-feed/fk/?c=object_container&site=wl3&cobrandId=240622&psid=cybermike&pstool=202_1&psprogram=cbrnd&campaign_id=118122&forcedPerformers%5B0%5D=&vp%5BshowChat%5D=false&vp%5BchatAutoHide%5D=false&vp%5BshowCallToAction%5D=false&vp%5BshowPerformerName%5D=false&vp%5BshowPerformerStatus%5D=false&filters=&subAffId=%7BSUBAFFID%7D&categoryName=girl&embedTool=1&origin=camschat.net HTTP/1.1
Host: pt.wmptctl.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://camschat.net/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
cache-control: no-cache
date: Tue, 20 Sep 2022 21:13:36 GMT
server: unknown
set-cookie: psui=c11170dca089cc3d7eb6d01a7f1a1068; Path=/; Expires=Thu, 20-Oct-22 21:13:36 GMT; SameSite=None; Secure
content-encoding: gzip
X-Firefox-Spdy: h2
i.bcicdn.com/css-min/1x3Eh/ft.css
195.85.23.30200 OK 0 B URL HTTP/2 i.bcicdn.com/css-min/1x3Eh/ft.css
IP 195.85.23.30:0
ASN #209242 Cloudflare London, LLC
GET /css-min/1x3Eh/ft.css HTTP/1.1
Host: i.bcicdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://no.bongacams.net/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Tue, 20 Sep 2022 21:13:39 GMT
content-type: text/css
last-modified: Tue, 20 Sep 2022 05:06:48 GMT
etag: W/"63294a68-3a14"
expires: Thu, 20 Oct 2022 05:06:57 GMT
cache-control: max-age=2592000
x-bc-o: 1, 2
x-o1-css: MISS
vary: Accept-Encoding
access-control-allow-origin: *
cf-cache-status: HIT
age: 57996
strict-transport-security: max-age=15552000; includeSubDomains
x-content-type-options: nosniff
server: cloudflare
cf-ray: 74dd90f74b5e0b02-OSL
content-encoding: br
X-Firefox-Spdy: h2
static-assets.highwebmedia.com/CACHE/js/output.caee332d326d.js
104.16.93.42200 OK 0 B URL HTTP/2 static-assets.highwebmedia.com/CACHE/js/output.caee332d326d.js
IP 104.16.93.42:0
GET /CACHE/js/output.caee332d326d.js HTTP/1.1
Host: static-assets.highwebmedia.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://chaturbate.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Tue, 20 Sep 2022 21:13:36 GMT
content-type: application/javascript
cache-control: public, max-age=2592000
cf-bgj: minify
etag: W/"b61e15511bf0db70d0d422e98c465403"
last-modified: Thu, 24 Jun 2021 21:24:08 GMT
x-amz-id-2: gAJe87IyJM0OkbaBgua73HTcoEANURYYk4wpsNNClr414DBIRL/v+K+9hxRFHrgcwnw38qlmXmM=
x-amz-meta-s3cmd-attrs: md5:b61e15511bf0db70d0d422e98c465403
x-amz-request-id: 2D5TZ021KE4200HB
cf-cache-status: HIT
age: 258375
expires: Thu, 20 Oct 2022 21:13:36 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ngZFXFmOR%2Bb6P%2Bs2oaBy312izyhmIYODQRNRzXvutURxYZqd02e%2B2MulxVfu%2BJt7%2BFYnKgZgFnGdZh70PZLnY2YWfl11%2BhloXSAl%2B5Ll3K27ssw6XmwFcycio5pU6C4FWVoSFU2j5%2FzSsbPXYyYv5Q%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
set-cookie: _cfuvid=9dSZTGkrNKz4up510yQVwk.VBFZGwRi.n4SP.bsOYBs-1663708416519-0-604800000; path=/; domain=.highwebmedia.com; HttpOnly; Secure; SameSite=None
server: cloudflare
cf-ray: 74dd90e33adab503-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
tsyndicate.com/do2/e5993a33c9004fac947c6136a5c5e687/vast?w=1280&h=1024&keywords=ifr&tz=0
148.251.120.78200 OK 0 B URL HTTP/2 tsyndicate.com/do2/e5993a33c9004fac947c6136a5c5e687/vast?w=1280&h=1024&keywords=ifr&tz=0
IP 148.251.120.78:0
ASN #24940 Hetzner Online GmbH
GET /do2/e5993a33c9004fac947c6136a5c5e687/vast?w=1280&h=1024&keywords=ifr&tz=0 HTTP/1.1
Host: tsyndicate.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://media.aso1.net
Connection: keep-alive
Referer: https://media.aso1.net/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 20 Sep 2022 21:13:35 GMT
content-type: application/xml; charset=utf-8
access-control-allow-origin: https://media.aso1.net
access-control-allow-methods: POST, GET, HEAD
access-control-allow-headers: Accept, X-Requested-With, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, X-Legacy
access-control-allow-credentials: true
pragma: no-cache
expires: 0
vary: Accept-Encoding, *
x-api-version: 2
x-vast: 3.0
x-request-id: 1420b9aa6b199aac
set-cookie: ts_uid=83e6f497-b466-4bcb-a2cc-95a1dfe0d364; expires=Mon, 20 Mar 2023 21:13:35 GMT; domain=.tsyndicate.com; path=/; HttpOnly; secure; SameSite=None
bfq=APeIECNCxxYZOWjAiDFDRhcWIsYU3BLjoYgyE2PYsDHjRkIcMWp06aMg; expires=Wed, 21 Sep 2022 21:13:35 GMT; domain=.tsyndicate.com; path=/; secure; SameSite=None
cache-control: no-cache, no-store, no-transform, must-revalidate, no-transform
x-robots-tag: none, noindex, nofollow
report-to: { "url": "https://pxl.tsyndicate.com/api/v1/heavy-ad/report", "max_age": 86401 }
content-encoding: gzip
X-Firefox-Spdy: h2
static-assets.highwebmedia.com/CACHE/js/output.9b823bb2f723.js
104.16.93.42200 OK 0 B URL HTTP/2 static-assets.highwebmedia.com/CACHE/js/output.9b823bb2f723.js
IP 104.16.93.42:0
GET /CACHE/js/output.9b823bb2f723.js HTTP/1.1
Host: static-assets.highwebmedia.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://chaturbate.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Tue, 20 Sep 2022 21:13:36 GMT
content-type: application/javascript
cache-control: public, max-age=2592000
cf-bgj: minify
etag: W/"1360376b8f5657814f662391b765d655"
last-modified: Tue, 24 May 2022 17:14:17 GMT
x-amz-id-2: KTWJY/HCZAzfCN7zvoTtoCRDkjCDtsx43npe+RSp0Ebo2HF6WHgess4Ct9QL7Zi8XExzaRuhmCw=
x-amz-meta-s3cmd-attrs: md5:1360376b8f5657814f662391b765d655
x-amz-request-id: M1HHWCFNA8C6CV81
cf-cache-status: HIT
age: 1373991
expires: Thu, 20 Oct 2022 21:13:36 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=omOsb7TGvqe9I1E6ZCvs8XtFT0OCyeAf6YBkSPXkNAbCi%2BhElAKL6YvOEgSHc4vPs%2FkomgpRBFALP5tv0EXJSzU0PZ6vsfm0R4J5AZab31Im%2B3v4UyuSIjF7tt2nxmmLhBAY9muE3N3FZ3vFYeFhMw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
set-cookie: _cfuvid=1uDINWP4b6ZxKnu4XwITcMv1R9oP4_8TviX8TZLg81M-1663708416521-0-604800000; path=/; domain=.highwebmedia.com; HttpOnly; Secure; SameSite=None
server: cloudflare
cf-ray: 74dd90e33adbb503-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
xfantazy.com/video/6034cee1d7357618a3d2dc9d
104.26.0.188200 OK 0 B URL HTTP/2 xfantazy.com/video/6034cee1d7357618a3d2dc9d
IP 104.26.0.188:0
GET /video/6034cee1d7357618a3d2dc9d HTTP/1.1
Host: xfantazy.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/2 200 OK
date: Tue, 20 Sep 2022 21:13:31 GMT
content-type: text/html; charset=utf-8
vary: Origin
set-cookie: visitorId=horncvam62vvxmy2otezz; Domain=xfantazy.com; Path=/; Expires=Mon, 20 Sep 2032 21:13:30 GMT; HttpOnly
experiment-popup-payment-7=0; Path=/; Expires=Tue, 27 Sep 2022 21:13:30 GMT
experiment-save-to-button-2=0; Path=/; Expires=Tue, 27 Sep 2022 21:13:30 GMT
x-powered-by: Next.js
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=vQmctTkJMDo%2FTbKy%2BTQuZiebNtQDjHVw3uVN31cV0spFWGYK9pbPaYS85le5Ex2ZNRpRceaXdHLvZBPoP5gKuMckaClmc6WNKZX%2BwvzCFAhGtXr4NH3GrP5IF63czA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 74dd90beda3eb503-OSL
content-encoding: br
X-Firefox-Spdy: h2
xfantazy.com/_next/static/chunks/47.6c9a4510342e4dd3af77.js
104.26.0.188200 OK 0 B URL HTTP/2 xfantazy.com/_next/static/chunks/47.6c9a4510342e4dd3af77.js
IP 104.26.0.188:0
GET /_next/static/chunks/47.6c9a4510342e4dd3af77.js HTTP/1.1
Host: xfantazy.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/video/6034cee1d7357618a3d2dc9d
Cookie: visitorId=horncvam62vvxmy2otezz; experiment-popup-payment-7=0; experiment-save-to-button-2=0
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Tue, 20 Sep 2022 21:13:31 GMT
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=31536000, immutable
cf-bgj: minify
etag: W/"620-181397f9e59"
last-modified: Mon, 06 Jun 2022 14:51:13 GMT
vary: Origin, Accept-Encoding
cf-cache-status: HIT
age: 9149572
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=IXaw3DsFgTqrqOtsOBVfGQ6M6g%2F4A6EqmQEX1Qu9KCJClmOkWdYi%2FlzLAISLL2Fx1jqRdt2qpudTLwL1m6jgpNBENq21H%2BAhePeJ%2F2OC9Yuqf2PDUTYuR78B8s%2BKlQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 74dd90c51a56b503-OSL
content-encoding: br
X-Firefox-Spdy: h2
a.focusde.info/api/spots/312873?p=1&s1=%subid1%&kw=
135.181.208.216200 OK 0 B URL HTTP/2 a.focusde.info/api/spots/312873?p=1&s1=%subid1%&kw=
IP 135.181.208.216:0
ASN #24940 Hetzner Online GmbH
GET /api/spots/312873?p=1&s1=%subid1%&kw= HTTP/1.1
Host: a.focusde.info
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 20 Sep 2022 21:13:34 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
set-cookie: nauid=LpJOynq931uARFaC7d1D; Path=/; Expires=Wed, 11 Nov 2037 11:11:11 GMT; Secure; SameSite=None
cache-control: private
content-encoding: gzip
X-Firefox-Spdy: h2
camschat.net/900250/awe900250.php
66.230.180.98200 OK 0 B URL HTTP/2 camschat.net/900250/awe900250.php
IP 66.230.180.98:0
GET /900250/awe900250.php HTTP/1.1
Host: camschat.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://camschat.net/900250/adnium.php
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 20 Sep 2022 21:13:36 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
x-powered-by: PHP/7.4.3
content-encoding: gzip
X-Firefox-Spdy: h2
xfantazy.com/_next/static/chunks/16.2fcecc4fbe403da70f1d.js
104.26.0.188200 OK 0 B URL HTTP/2 xfantazy.com/_next/static/chunks/16.2fcecc4fbe403da70f1d.js
IP 104.26.0.188:0
GET /_next/static/chunks/16.2fcecc4fbe403da70f1d.js HTTP/1.1
Host: xfantazy.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/video/6034cee1d7357618a3d2dc9d
Cookie: visitorId=horncvam62vvxmy2otezz; experiment-popup-payment-7=0; experiment-save-to-button-2=0
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Tue, 20 Sep 2022 21:13:31 GMT
content-type: application/javascript; charset=UTF-8
cf-bgj: minify
cache-control: public, max-age=31536000, immutable
etag: W/"4f4a-179fb7093d6"
last-modified: Fri, 11 Jun 2021 14:18:49 GMT
vary: Origin, Accept-Encoding
cf-cache-status: HIT
age: 30165479
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=14K50AUFpQ%2F0M8vL%2B2gBXnRbCKtKkmTOCE6GyhPLDNyQSgRizYLiZk%2BbCmHhBqDSucrH89%2BM7WuSbqDfYKErAwTa3eMCxqRFDXQjR7kqdj8%2BikZk1RRruF1CP9SbkQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 74dd90c51a53b503-OSL
content-encoding: br
X-Firefox-Spdy: h2
xfantazy.com/_next/static/pSlyoXy7R5nE6sbZsP0Ue/pages/categories.js
104.26.0.188200 OK 0 B URL HTTP/2 xfantazy.com/_next/static/pSlyoXy7R5nE6sbZsP0Ue/pages/categories.js
IP 104.26.0.188:0
GET /_next/static/pSlyoXy7R5nE6sbZsP0Ue/pages/categories.js HTTP/1.1
Host: xfantazy.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/video/6034cee1d7357618a3d2dc9d
Cookie: visitorId=horncvam62vvxmy2otezz; experiment-popup-payment-7=0; experiment-save-to-button-2=0; safeMode=0; advancedOptions=0; viewedVideoCounter=0; adScript2Groups=push1-push1%2Cpush2-push2%2Cpop-desk%2CTest-Code%20; k2sAccessToken=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiI1YjM5Y2ZjY2ZjNGUwNzFjNzE4MWQ0ZmQiLCJhdWQiOiJjbGllbnQiLCJ0eXBlIjoiYWNjZXNzVG9rZW4iLCJpc3MiOiJrMnMiLCJjSWQiOiI1YjM5Y2ZjY2ZjNGUwNzFjNzE4MWQ0ZmQiLCJqdGkiOiI1ODE5MGM3ZWFjNGFhIiwiaWF0IjoxNjYzNzA4NDEyLCJleHAiOjE2NjQzMTMyMTJ9.J-52W5qxoXYbgJdXnqJVRdZVyMp3smh-_dcHf5oa3DQ; k2sRefreshToken=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiI1YjM5Y2ZjY2ZjNGUwNzFjNzE4MWQ0ZmQiLCJhdWQiOiJjbGllbnQiLCJ0eXBlIjoicmVmcmVzaFRva2VuIiwiaXNzIjoiazJzIiwiY0lkIjoiNWIzOWNmY2NmYzRlMDcxYzcxODFkNGZkIiwianRpIjoiY2ZjZmQ4ZTJmNzBiMCIsImlhdCI6MTY2MzcwODQxMiwiZXhwIjoxNjY2MzAwNDEyfQ.HmMDp9n8qVrKYvCtGt_HA1_xdu-EjwinqqsOq54QK_A
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Tue, 20 Sep 2022 21:13:33 GMT
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=31536000, immutable
cf-bgj: minify
etag: W/"240b-1835016291c"
last-modified: Sun, 18 Sep 2022 10:12:53 GMT
vary: Origin, Accept-Encoding
cf-cache-status: HIT
age: 212140
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ToHEt2T7n%2BjuodFn%2FBo7Ihvnb5xlh%2FNyJc3ZVu3TK2FgbCnmPoqM1LpUEvexLCVXioefh3gXMWSaVxDp5E6xUwN6MYmv6GDYxxFHOEq3YF%2BE16LdJ8AFRxf2tERj1w%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 74dd90cf1cebb503-OSL
content-encoding: br
X-Firefox-Spdy: h2
a.focusde.info/api/spots/391865?host=xfantazy.com&ev=196&wh=939&ww=1280
135.181.208.216200 OK 0 B URL HTTP/2 a.focusde.info/api/spots/391865?host=xfantazy.com&ev=196&wh=939&ww=1280
IP 135.181.208.216:0
ASN #24940 Hetzner Online GmbH
GET /api/spots/391865?host=xfantazy.com&ev=196&wh=939&ww=1280 HTTP/1.1
Host: a.focusde.info
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Cookie: nauid=CMjYjSexL4DNQytkRjPW
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 20 Sep 2022 21:13:34 GMT
content-type: text/javascript; charset=utf-8
vary: Accept-Encoding
cache-control: private
content-encoding: gzip
X-Firefox-Spdy: h2
i.bcicdn.com/js-min/1x97P/h.js
195.85.23.30200 OK 0 B URL HTTP/2 i.bcicdn.com/js-min/1x97P/h.js
IP 195.85.23.30:0
ASN #209242 Cloudflare London, LLC
GET /js-min/1x97P/h.js HTTP/1.1
Host: i.bcicdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://no.bongacams.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Tue, 20 Sep 2022 21:13:39 GMT
content-type: application/javascript
last-modified: Tue, 20 Sep 2022 10:59:17 GMT
etag: W/"63299d05-a875c"
expires: Thu, 20 Oct 2022 10:59:59 GMT
cache-control: max-age=2592000
x-bc-o: 2, 1
x-o1-css: MISS
vary: Accept-Encoding
access-control-allow-origin: *
cf-cache-status: HIT
age: 36812
strict-transport-security: max-age=15552000; includeSubDomains
x-content-type-options: nosniff
server: cloudflare
cf-ray: 74dd90f7bbdf0b02-OSL
content-encoding: br
X-Firefox-Spdy: h2
static-assets.highwebmedia.com/cachebust/chatembed-prod-99ac1da77e01.js
104.16.93.42200 OK 0 B URL HTTP/2 static-assets.highwebmedia.com/cachebust/chatembed-prod-99ac1da77e01.js
IP 104.16.93.42:0
GET /cachebust/chatembed-prod-99ac1da77e01.js HTTP/1.1
Host: static-assets.highwebmedia.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://chaturbate.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Tue, 20 Sep 2022 21:13:36 GMT
content-type: application/javascript
cache-control: public, max-age=2592000
cf-bgj: minify
cf-polished: origSize=910044
etag: W/"5c630ab97ecaf3a22bb1ec9be7db2926"
last-modified: Tue, 20 Sep 2022 17:13:17 GMT
x-amz-id-2: Utc/Z+4whpyfpCCse3mV0MWkryEzuLi2CLrrMUFcCzB8K8ei9rekCnhyBPsiWidI/divyEBQvcM=
x-amz-meta-s3cmd-attrs: md5:5c630ab97ecaf3a22bb1ec9be7db2926
x-amz-request-id: 2NXX1ZZM81AKW8HB
cf-cache-status: HIT
age: 14233
expires: Thu, 20 Oct 2022 21:13:36 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=hoeYEP0xOFNWzk4OmZ8uFOOgqa%2FWCzUXpAQJiGWuhq17tMV01hON0PJ0XG5Crou7NgN0wgN3yVKTi5zdg0TrhwlSCfG3OStOpJmYzquVQJXkVmkdBJUH0Y%2BZFbg2A8cYsWOGrLavVPB0VFArOoltYA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
set-cookie: _cfuvid=Mz.3OIkblVbUOt3p8avfJgQVvR0nswAWvSQebRbBaIo-1663708416526-0-604800000; path=/; domain=.highwebmedia.com; HttpOnly; Secure; SameSite=None
server: cloudflare
cf-ray: 74dd90e33ae8b503-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
xfantazy.com/_next/static/pSlyoXy7R5nE6sbZsP0Ue/pages/video.js
104.26.0.188200 OK 0 B URL HTTP/2 xfantazy.com/_next/static/pSlyoXy7R5nE6sbZsP0Ue/pages/video.js
IP 104.26.0.188:0
GET /_next/static/pSlyoXy7R5nE6sbZsP0Ue/pages/video.js HTTP/1.1
Host: xfantazy.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/video/6034cee1d7357618a3d2dc9d
Cookie: visitorId=horncvam62vvxmy2otezz; experiment-popup-payment-7=0; experiment-save-to-button-2=0
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Tue, 20 Sep 2022 21:13:31 GMT
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=31536000, immutable
cf-bgj: minify
etag: W/"597e-18350162aec"
last-modified: Sun, 18 Sep 2022 10:12:53 GMT
vary: Origin, Accept-Encoding
cf-cache-status: HIT
age: 212138
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=cNe6OkFJi7EDOf40LHXDHQ58DUL2xWFeW9mBBuUni9QC1ho8HDIRtGhWS0fRYkxJAMHa2VRxvEc8MWlEfHyljMu5sRXY1n7Up7B3TP3DRQ1S60kUoA%2BQVDr2Ct%2FWDA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 74dd90c51a4ab503-OSL
content-encoding: br
X-Firefox-Spdy: h2
cdn.sb4you1.com/sb/notifications/utility/default/us/blog/Progamerage/simple_bubbleicon/16/js/script.js
172.64.200.2200 OK 0 B URL HTTP/2 cdn.sb4you1.com/sb/notifications/utility/default/us/blog/Progamerage/simple_bubbleicon/16/js/script.js
IP 172.64.200.2:0
GET /sb/notifications/utility/default/us/blog/Progamerage/simple_bubbleicon/16/js/script.js HTTP/1.1
Host: cdn.sb4you1.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://xfantazy.com
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Tue, 20 Sep 2022 21:13:35 GMT
content-type: application/javascript
last-modified: Fri, 21 May 2021 10:10:50 GMT
etag: W/"60a7872a-2c7"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 4180300
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=3tJ1SDykT0NlVESipwewAf43I5jW4p9i%2FScIhdjGOSCuigahkhwczixFJRqmWwYizDZSNkNod6MplknglHrIvEl8rE1nhfIh0tcICVwNAXddFj9p08FsRQL2fhbt5MrXha8%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 74dd90db5f8488a7-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
xfantazy.com/_next/static/pSlyoXy7R5nE6sbZsP0Ue/pages/index.js
104.26.0.188200 OK 0 B URL HTTP/2 xfantazy.com/_next/static/pSlyoXy7R5nE6sbZsP0Ue/pages/index.js
IP 104.26.0.188:0
GET /_next/static/pSlyoXy7R5nE6sbZsP0Ue/pages/index.js HTTP/1.1
Host: xfantazy.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/video/6034cee1d7357618a3d2dc9d
Cookie: visitorId=horncvam62vvxmy2otezz; experiment-popup-payment-7=0; experiment-save-to-button-2=0; safeMode=0; advancedOptions=0; viewedVideoCounter=0; adScript2Groups=push1-push1%2Cpush2-push2%2Cpop-desk%2CTest-Code%20; k2sAccessToken=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiI1YjM5Y2ZjY2ZjNGUwNzFjNzE4MWQ0ZmQiLCJhdWQiOiJjbGllbnQiLCJ0eXBlIjoiYWNjZXNzVG9rZW4iLCJpc3MiOiJrMnMiLCJjSWQiOiI1YjM5Y2ZjY2ZjNGUwNzFjNzE4MWQ0ZmQiLCJqdGkiOiI1ODE5MGM3ZWFjNGFhIiwiaWF0IjoxNjYzNzA4NDEyLCJleHAiOjE2NjQzMTMyMTJ9.J-52W5qxoXYbgJdXnqJVRdZVyMp3smh-_dcHf5oa3DQ; k2sRefreshToken=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiI1YjM5Y2ZjY2ZjNGUwNzFjNzE4MWQ0ZmQiLCJhdWQiOiJjbGllbnQiLCJ0eXBlIjoicmVmcmVzaFRva2VuIiwiaXNzIjoiazJzIiwiY0lkIjoiNWIzOWNmY2NmYzRlMDcxYzcxODFkNGZkIiwianRpIjoiY2ZjZmQ4ZTJmNzBiMCIsImlhdCI6MTY2MzcwODQxMiwiZXhwIjoxNjY2MzAwNDEyfQ.HmMDp9n8qVrKYvCtGt_HA1_xdu-EjwinqqsOq54QK_A
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Tue, 20 Sep 2022 21:13:33 GMT
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=31536000, immutable
cf-bgj: minify
etag: W/"2b7-1835016291c"
last-modified: Sun, 18 Sep 2022 10:12:53 GMT
vary: Origin, Accept-Encoding
cf-cache-status: HIT
age: 212140
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Ks%2BX%2FTHeAlzujlpidvZuT9MJk%2Fmic34t6ANgsfVi%2FnNl7DhUriD8V0TnufvvZvH24BL8y7Zp060ORZfnWGaQPhOWvrtpw7pch52qhE9egSLMcF6rgQhrjQFkXOoK2A%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 74dd90cefcd7b503-OSL
content-encoding: br
X-Firefox-Spdy: h2
xfantazy.com/_next/static/pSlyoXy7R5nE6sbZsP0Ue/pages/tags.js
104.26.0.188200 OK 0 B URL HTTP/2 xfantazy.com/_next/static/pSlyoXy7R5nE6sbZsP0Ue/pages/tags.js
IP 104.26.0.188:0
GET /_next/static/pSlyoXy7R5nE6sbZsP0Ue/pages/tags.js HTTP/1.1
Host: xfantazy.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/video/6034cee1d7357618a3d2dc9d
Cookie: visitorId=horncvam62vvxmy2otezz; experiment-popup-payment-7=0; experiment-save-to-button-2=0; safeMode=0; advancedOptions=0; viewedVideoCounter=0; adScript2Groups=push1-push1%2Cpush2-push2%2Cpop-desk%2CTest-Code%20; k2sAccessToken=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiI1YjM5Y2ZjY2ZjNGUwNzFjNzE4MWQ0ZmQiLCJhdWQiOiJjbGllbnQiLCJ0eXBlIjoiYWNjZXNzVG9rZW4iLCJpc3MiOiJrMnMiLCJjSWQiOiI1YjM5Y2ZjY2ZjNGUwNzFjNzE4MWQ0ZmQiLCJqdGkiOiI1ODE5MGM3ZWFjNGFhIiwiaWF0IjoxNjYzNzA4NDEyLCJleHAiOjE2NjQzMTMyMTJ9.J-52W5qxoXYbgJdXnqJVRdZVyMp3smh-_dcHf5oa3DQ; k2sRefreshToken=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiI1YjM5Y2ZjY2ZjNGUwNzFjNzE4MWQ0ZmQiLCJhdWQiOiJjbGllbnQiLCJ0eXBlIjoicmVmcmVzaFRva2VuIiwiaXNzIjoiazJzIiwiY0lkIjoiNWIzOWNmY2NmYzRlMDcxYzcxODFkNGZkIiwianRpIjoiY2ZjZmQ4ZTJmNzBiMCIsImlhdCI6MTY2MzcwODQxMiwiZXhwIjoxNjY2MzAwNDEyfQ.HmMDp9n8qVrKYvCtGt_HA1_xdu-EjwinqqsOq54QK_A
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Tue, 20 Sep 2022 21:13:33 GMT
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=31536000, immutable
cf-bgj: minify
etag: W/"f20-18350162aec"
last-modified: Sun, 18 Sep 2022 10:12:53 GMT
vary: Origin, Accept-Encoding
cf-cache-status: HIT
age: 212140
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=JHPcUsnsgE6m8Jg2OcSQ0cJs%2FKHDAcjz5BE5Wg9HRrfQAdVqP7%2BTelKgBg9oUDMZ5e46O90wlypSSnzeRvpEMqOMNaMRBIgj%2FimWDe4TfM9vd%2Bg9NTlNuKI%2FKMSyKw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 74dd90cf1ce7b503-OSL
content-encoding: br
X-Firefox-Spdy: h2
i.bcicdn.com/images/default/social/snapchat.svg
195.85.23.30200 OK 0 B URL HTTP/2 i.bcicdn.com/images/default/social/snapchat.svg
IP 195.85.23.30:0
ASN #209242 Cloudflare London, LLC
GET /images/default/social/snapchat.svg HTTP/1.1
Host: i.bcicdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://no.bongacams.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Tue, 20 Sep 2022 21:13:39 GMT
content-type: image/svg+xml
last-modified: Wed, 10 Apr 2019 02:37:07 GMT
etag: W/"5cad56d3-1563"
expires: Wed, 19 Oct 2022 13:47:21 GMT
cache-control: max-age=2592000
x-bc-o: 1
x-o1-p4: HIT
vary: Accept-Encoding
access-control-allow-origin: *
cf-cache-status: HIT
age: 113168
strict-transport-security: max-age=15552000; includeSubDomains
x-content-type-options: nosniff
server: cloudflare
cf-ray: 74dd90f75b710b02-OSL
content-encoding: br
X-Firefox-Spdy: h2
xfantazy.com/_next/static/runtime/webpack-f4d22593ad73f080a168.js
104.26.0.188200 OK 0 B URL HTTP/2 xfantazy.com/_next/static/runtime/webpack-f4d22593ad73f080a168.js
IP 104.26.0.188:0
GET /_next/static/runtime/webpack-f4d22593ad73f080a168.js HTTP/1.1
Host: xfantazy.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/video/6034cee1d7357618a3d2dc9d
Cookie: visitorId=horncvam62vvxmy2otezz; experiment-popup-payment-7=0; experiment-save-to-button-2=0
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Tue, 20 Sep 2022 21:13:31 GMT
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=31536000, immutable
cf-bgj: minify
etag: W/"2fb2-1826d2b92c0"
last-modified: Fri, 05 Aug 2022 08:42:28 GMT
vary: Origin, Accept-Encoding
cf-cache-status: HIT
age: 4019352
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=gK%2Br1pFI6XqnrFwzXqTqZOFneSS1vG0M6wAk1NhN36xgeBLBzHIMFWlet92hd28jS0hs9qo7%2Fiw8LFIxWP1wGki1ynpu1UOY%2FhZzFabuVTjB0AVVU%2F6vwRVflXwnhQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 74dd90c51a59b503-OSL
content-encoding: br
X-Firefox-Spdy: h2
www.facebook.com/login.php?next=https%3A%2F%2Fwww.facebook.com%2Ffavicon.ico%3F_rdr%3Dp
157.240.200.35200 OK 0 B URL HTTP/2 www.facebook.com/login.php?next=https%3A%2F%2Fwww.facebook.com%2Ffavicon.ico%3F_rdr%3Dp
IP 157.240.200.35:0
GET /login.php?next=https%3A%2F%2Fwww.facebook.com%2Ffavicon.ico%3F_rdr%3Dp HTTP/1.1
Host: www.facebook.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-encoding: br
pragma: no-cache
cache-control: private, no-cache, no-store, must-revalidate
expires: Sat, 01 Jan 2000 00:00:00 GMT
content-security-policy-report-only: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* wss://*.fbcdn.net attachment.fbsbx.com blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ *.fbsbx.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster: *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: *.fbcdn.net;worker-src blob: *.facebook.com data:;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
content-security-policy: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* wss://*.fbcdn.net attachment.fbsbx.com blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ *.fbsbx.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster: *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: *.fbcdn.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
report-to: {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown"}]}
x-frame-options: DENY
x-content-type-options: nosniff
x-xss-protection: 0
cross-origin-opener-policy: same-origin-allow-popups
vary: Sec-Fetch-Site, Sec-Fetch-Mode, Accept-Encoding
strict-transport-security: max-age=15552000; preload
content-type: text/html; charset="utf-8"
x-fb-debug: Zz1AP4lUrTVQaeP7huYtEgRN4djIkWMvvPjAlzz7qGJ5dj+ZEVYhThilE/Tr1tdBVsXK6EYAysXwxasBehHGtQ==
date: Tue, 20 Sep 2022 21:13:34 GMT
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
static-assets.highwebmedia.com/jsi18n/en/djangojs.js?hash=99ac1da77e01
104.16.93.42200 OK 0 B URL HTTP/2 static-assets.highwebmedia.com/jsi18n/en/djangojs.js?hash=99ac1da77e01
IP 104.16.93.42:0
GET /jsi18n/en/djangojs.js?hash=99ac1da77e01 HTTP/1.1
Host: static-assets.highwebmedia.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://chaturbate.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Tue, 20 Sep 2022 21:13:36 GMT
content-type: application/javascript
cache-control: public, max-age=2592000
cf-bgj: minify
cf-polished: origSize=3271
etag: W/"32cad827f4958bb8450fc33065ba4b42"
last-modified: Thu, 28 Apr 2022 02:42:35 GMT
x-amz-id-2: +azZtiHcBQPEnfLc5i4Wu0v8U6n35Ii0O61lazRh9lDZNYIp2jwLX5mlnUOZYAFNMbNEbeznGQE=
x-amz-meta-s3cmd-attrs: md5:32cad827f4958bb8450fc33065ba4b42
x-amz-request-id: 2NXJR9Z2A3G29YCX
cf-cache-status: HIT
age: 14233
expires: Thu, 20 Oct 2022 21:13:36 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=1IgWVPy10f8p6uGKfTAgIcsT%2BF0Bl2VVI5Vc73HKjrNSnPtdX%2BtrOC%2B2q44ZwzRXPwVivmSUcs9rKfZkj0SFvMOMihQ%2Bq%2ByDYBLO2gPQPDkd8Ox%2FmgOjOjtlvbxXoIsFn9nZY7FNUsGyg2tErzptVw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
set-cookie: _cfuvid=JqPw47X5DSMNX4O71nV3MnjxAFtoQOJxWX5evCa42ss-1663708416518-0-604800000; path=/; domain=.highwebmedia.com; HttpOnly; Secure; SameSite=None
server: cloudflare
cf-ray: 74dd90e33ad8b503-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
camschat.net/900250/game.php
66.230.180.98200 OK 0 B URL HTTP/2 camschat.net/900250/game.php
IP 66.230.180.98:0
GET /900250/game.php HTTP/1.1
Host: camschat.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://camschat.net/900250/adnium.php
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 20 Sep 2022 21:13:36 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
x-powered-by: PHP/7.4.3
content-encoding: gzip
X-Firefox-Spdy: h2
static-assets.highwebmedia.com/cachebust/theatermode-react-99ac1da77e01.js
104.16.93.42200 OK 0 B URL HTTP/2 static-assets.highwebmedia.com/cachebust/theatermode-react-99ac1da77e01.js
IP 104.16.93.42:0
GET /cachebust/theatermode-react-99ac1da77e01.js HTTP/1.1
Host: static-assets.highwebmedia.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://chaturbate.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Tue, 20 Sep 2022 21:13:36 GMT
content-type: application/javascript
cache-control: public, max-age=2592000
cf-bgj: minify
cf-polished: origSize=193979
etag: W/"9addfe54ae91605192ec56420f31ce6b"
last-modified: Tue, 20 Sep 2022 17:13:15 GMT
x-amz-id-2: +uA2aoelOX5HMIRRvIA5cfs50ODnJqDchjGYpDj+GbzzN8UIFt4PV9YgHSFZEy3mXDHt0UMCbNM=
x-amz-meta-s3cmd-attrs: md5:9addfe54ae91605192ec56420f31ce6b
x-amz-request-id: 2NXY11196AXAQDHA
cf-cache-status: HIT
age: 14233
expires: Thu, 20 Oct 2022 21:13:36 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=S%2F3cqUqiw%2BrR4L6VXt%2FmeGNGavyYlUwoJWs%2BKl9r4uSa1KUGfTnHfiahPutTGmlnE%2B7nbc0IrjwpUUVVg%2FLMtsCpqtU31RVuDK920IqKE4Ha0tCQgoHpBzs7PoK55H3DdEI8ZHjylgM6HVWLwMdb8g%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
set-cookie: _cfuvid=Mz.3OIkblVbUOt3p8avfJgQVvR0nswAWvSQebRbBaIo-1663708416526-0-604800000; path=/; domain=.highwebmedia.com; HttpOnly; Secure; SameSite=None
server: cloudflare
cf-ray: 74dd90e33ae6b503-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
i.bcicdn.com/images/replace/10/arial/999/bnct_add2.svg
195.85.23.30200 OK 0 B URL HTTP/2 i.bcicdn.com/images/replace/10/arial/999/bnct_add2.svg
IP 195.85.23.30:0
ASN #209242 Cloudflare London, LLC
GET /images/replace/10/arial/999/bnct_add2.svg HTTP/1.1
Host: i.bcicdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://no.bongacams.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Tue, 20 Sep 2022 21:13:39 GMT
content-type: image/svg+xml
last-modified: Wed, 09 Jun 2021 09:45:11 GMT
etag: W/"60c08da7-2a63"
expires: Wed, 19 Oct 2022 13:47:19 GMT
cache-control: max-age=2592000
x-bc-o: 1
x-o1-p4: HIT
vary: Accept-Encoding
access-control-allow-origin: *
cf-cache-status: HIT
age: 113163
strict-transport-security: max-age=15552000; includeSubDomains
x-content-type-options: nosniff
server: cloudflare
cf-ray: 74dd90f79bbf0b02-OSL
content-encoding: br
X-Firefox-Spdy: h2
a.focusde.info/api/spots/382499?host=xfantazy.com&ev=196&wh=939&ww=1280
135.181.208.216200 OK 0 B URL HTTP/2 a.focusde.info/api/spots/382499?host=xfantazy.com&ev=196&wh=939&ww=1280
IP 135.181.208.216:0
ASN #24940 Hetzner Online GmbH
GET /api/spots/382499?host=xfantazy.com&ev=196&wh=939&ww=1280 HTTP/1.1
Host: a.focusde.info
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Cookie: nauid=CMjYjSexL4DNQytkRjPW
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 20 Sep 2022 21:13:34 GMT
content-type: text/javascript; charset=utf-8
vary: Accept-Encoding
cache-control: private
content-encoding: gzip
X-Firefox-Spdy: h2
rtb.exoclick.com/not.php?zid=4444714&data=TVRZMk16Y3dPRFF4Tkh3elpHVXpOMkl6TmpWbU1UWXhPRGM0WW1FeE1UZG1OMkppT0RRNU1HSm1NZy0tfDIwMjItMDktMjAgMTc6MTM6MzR8OTEuOTAuNDIuMTU0fE5PUnw0MXxhZC1tYXZlbi5jb218NzU0Njc0fDQzMDY3NXw4NjczMDB8NDQ0NDcxNHw1MDh8NTI4NDg5NHw3NTI3Mjg2NHwxNXwzfDB8MHwyNTM0NHw5NjE5NTZ8MHwwfFVTRHxVU0R8MXwxfDQzfHwxfE5PUnx8MjB8MXwxfHw5NTYzMDgyNzYyMzE5NzR8MWNmZmEyNmNhYjkyMjdlMTYwMDM0M2E5ZmZiZjBkZTJ8eGZhbnRhenkuY29tfDB8MHwwfDB8fDB8MHwwfFdJTk5FUnx8MXwwLjAwOTI0MjYxODc0MTk3Njl8NHwwfDJ8MHwwfDB8MHwtMXwwfDB8fHx8MHwwfDB8fHx8MHwwfDB8MXwwfDB8OHwxfDB8fE9LfGM3MzhhNDMyNzViZDYyYjIwY2JhMzkzMzhiZTg5YWFi
198.244.170.144200 OK 0 B URL HTTP/2 rtb.exoclick.com/not.php?zid=4444714&data=TVRZMk16Y3dPRFF4Tkh3elpHVXpOMkl6TmpWbU1UWXhPRGM0WW1FeE1UZG1OMkppT0RRNU1HSm1NZy0tfDIwMjItMDktMjAgMTc6MTM6MzR8OTEuOTAuNDIuMTU0fE5PUnw0MXxhZC1tYXZlbi5jb218NzU0Njc0fDQzMDY3NXw4NjczMDB8NDQ0NDcxNHw1MDh8NTI4NDg5NHw3NTI3Mjg2NHwxNXwzfDB8MHwyNTM0NHw5NjE5NTZ8MHwwfFVTRHxVU0R8MXwxfDQzfHwxfE5PUnx8MjB8MXwxfHw5NTYzMDgyNzYyMzE5NzR8MWNmZmEyNmNhYjkyMjdlMTYwMDM0M2E5ZmZiZjBkZTJ8eGZhbnRhenkuY29tfDB8MHwwfDB8fDB8MHwwfFdJTk5FUnx8MXwwLjAwOTI0MjYxODc0MTk3Njl8NHwwfDJ8MHwwfDB8MHwtMXwwfDB8fHx8MHwwfDB8fHx8MHwwfDB8MXwwfDB8OHwxfDB8fE9LfGM3MzhhNDMyNzViZDYyYjIwY2JhMzkzMzhiZTg5YWFi
IP 198.244.170.144:0
GET /not.php?zid=4444714&data=TVRZMk16Y3dPRFF4Tkh3elpHVXpOMkl6TmpWbU1UWXhPRGM0WW1FeE1UZG1OMkppT0RRNU1HSm1NZy0tfDIwMjItMDktMjAgMTc6MTM6MzR8OTEuOTAuNDIuMTU0fE5PUnw0MXxhZC1tYXZlbi5jb218NzU0Njc0fDQzMDY3NXw4NjczMDB8NDQ0NDcxNHw1MDh8NTI4NDg5NHw3NTI3Mjg2NHwxNXwzfDB8MHwyNTM0NHw5NjE5NTZ8MHwwfFVTRHxVU0R8MXwxfDQzfHwxfE5PUnx8MjB8MXwxfHw5NTYzMDgyNzYyMzE5NzR8MWNmZmEyNmNhYjkyMjdlMTYwMDM0M2E5ZmZiZjBkZTJ8eGZhbnRhenkuY29tfDB8MHwwfDB8fDB8MHwwfFdJTk5FUnx8MXwwLjAwOTI0MjYxODc0MTk3Njl8NHwwfDJ8MHwwfDB8MHwtMXwwfDB8fHx8MHwwfDB8fHx8MHwwfDB8MXwwfDB8OHwxfDB8fE9LfGM3MzhhNDMyNzViZDYyYjIwY2JhMzkzMzhiZTg5YWFi HTTP/1.1
Host: rtb.exoclick.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://xfantazy.com
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Tue, 20 Sep 2022 21:13:36 GMT
content-type: text/html; charset=UTF-8
content-encoding: gzip
x-served-by: hap10-web40-lon1-0
X-Firefox-Spdy: h2
static-assets.highwebmedia.com/CACHE/css/output.33f071a5d3ef.css
104.16.93.42200 OK 0 B URL HTTP/2 static-assets.highwebmedia.com/CACHE/css/output.33f071a5d3ef.css
IP 104.16.93.42:0
GET /CACHE/css/output.33f071a5d3ef.css HTTP/1.1
Host: static-assets.highwebmedia.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://chaturbate.com/
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Tue, 20 Sep 2022 21:13:36 GMT
content-type: text/css
cache-control: public, max-age=2592000
cf-bgj: minify
cf-polished: origSize=246602
etag: W/"c251d546bbd23367b2eee257f5cbb084"
last-modified: Tue, 20 Sep 2022 01:24:13 GMT
x-amz-id-2: nFiBdeJKBLpbEdvK1UEFNV8aEbquhVRuZpVUqOIPzvv3J+Ax73yi0YG7oND96uUGq7TSjbmPpe8=
x-amz-meta-s3cmd-attrs: md5:c251d546bbd23367b2eee257f5cbb084
x-amz-request-id: J0NGMAVF53DGQAER
cf-cache-status: HIT
age: 71222
expires: Thu, 20 Oct 2022 21:13:36 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=O9x6sCoDJ4gqkTPVsXGCvzCDbK%2FA48LvgviKZk0fOsksn%2Bn0Rbo8s4fhUCe3zW29Z0DRYe%2F9o8eaB34ZoRJR30H7zfrXJFN2woe8k7A%2BOq2oPie6MpbxxRcc8QQapfzBGRphRhV0UnUz1kSBraz4fg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
set-cookie: _cfuvid=lVofKGU7TLEMMR3JHTOfwNyTb8VTg4i89Sxj5vhSZJo-1663708416527-0-604800000; path=/; domain=.highwebmedia.com; HttpOnly; Secure; SameSite=None
server: cloudflare
cf-ray: 74dd90e33aedb503-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
i.bcicdn.com/images/svg/bc/model_of_hour/female_2.svg
195.85.23.30200 OK 0 B URL HTTP/2 i.bcicdn.com/images/svg/bc/model_of_hour/female_2.svg
IP 195.85.23.30:0
ASN #209242 Cloudflare London, LLC
GET /images/svg/bc/model_of_hour/female_2.svg HTTP/1.1
Host: i.bcicdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://no.bongacams.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Tue, 20 Sep 2022 21:13:39 GMT
content-type: image/svg+xml
last-modified: Mon, 30 Dec 2019 03:04:32 GMT
etag: W/"5e096940-3744"
expires: Wed, 19 Oct 2022 13:47:19 GMT
cache-control: max-age=2592000
x-bc-o: 2
x-o1-p4: HIT
vary: Accept-Encoding
access-control-allow-origin: *
cf-cache-status: HIT
age: 113168
strict-transport-security: max-age=15552000; includeSubDomains
x-content-type-options: nosniff
server: cloudflare
cf-ray: 74dd90f76b810b02-OSL
content-encoding: br
X-Firefox-Spdy: h2
xfantazy.com/static/logo-tv-light.svg
104.26.0.188200 OK 0 B URL HTTP/2 xfantazy.com/static/logo-tv-light.svg
IP 104.26.0.188:0
GET /static/logo-tv-light.svg HTTP/1.1
Host: xfantazy.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/video/6034cee1d7357618a3d2dc9d
Cookie: visitorId=horncvam62vvxmy2otezz; experiment-popup-payment-7=0; experiment-save-to-button-2=0
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Tue, 20 Sep 2022 21:13:32 GMT
content-type: image/svg+xml
vary: Origin, Accept-Encoding
cache-control: public, max-age=14400
last-modified: Sun, 18 Sep 2022 10:07:53 GMT
etag: W/"101b-18350119774"
cf-cache-status: REVALIDATED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2FaHD9i5MuV%2BGrWDgODD4K%2BJbgN8CfMWe2RhSQN0jKTVIOuFQLuuLoPMhuaCwun6ZkByQOLqa0KrZXfb6pk8hn1mIJRpCP3EfKGBlTDl9L7l6UU8f0KRHTyoTHtw7QA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 74dd90c52a66b503-OSL
content-encoding: br
X-Firefox-Spdy: h2
cdn.yourwebbars.com/sb/notifications/utility/default/us/blog/Progamerage/simple_bubbleicon/16/index.html
104.26.6.19200 OK 0 B URL HTTP/2 cdn.yourwebbars.com/sb/notifications/utility/default/us/blog/Progamerage/simple_bubbleicon/16/index.html
IP 104.26.6.19:0
GET /sb/notifications/utility/default/us/blog/Progamerage/simple_bubbleicon/16/index.html HTTP/1.1
Host: cdn.yourwebbars.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://xfantazy.com
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Tue, 20 Sep 2022 21:13:34 GMT
content-type: text/html
last-modified: Wed, 09 Feb 2022 14:15:28 GMT
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 469104
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=cuSenoqFQLGDm90Lz7OxRPYl%2FYSZxWV4ZMadoq6xEpLrkcG%2B9JrkQHPwVILGeuCFlkMXL08EXTCs9HOvePQ4hmC3MkSR3PgmMmsGnce6gcQJjb94a%2BGqNlHhwYDaU0mYfY9QKmQ%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 74dd90d8fff1fab8-OSL
content-encoding: br
X-Firefox-Spdy: h2
cdn.sb4you1.com/sb/notifications/utility/default/us/blog/Progamerage/simple_bubbleicon/16/js/jquery.min.js
172.64.200.2200 OK 0 B URL HTTP/2 cdn.sb4you1.com/sb/notifications/utility/default/us/blog/Progamerage/simple_bubbleicon/16/js/jquery.min.js
IP 172.64.200.2:0
GET /sb/notifications/utility/default/us/blog/Progamerage/simple_bubbleicon/16/js/jquery.min.js HTTP/1.1
Host: cdn.sb4you1.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Tue, 20 Sep 2022 21:13:35 GMT
content-type: application/javascript
last-modified: Fri, 21 May 2021 10:10:50 GMT
etag: W/"60a7872a-15d94"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 4187335
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=5G60%2B%2FGWZQPk1AW9qITw%2FYcJhCiFvj1IITOtmBxaslCUNYNzbnuyghwWWnNhxuPMcsp1QeVwTV6WZ5ywn%2FPv4Pe9n%2FNRujYDTAlonJinyrcJy27OjKrw8Y%2F4vz6UxKLhOYU%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 74dd90da9e3488a7-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
static-assets.highwebmedia.com/CACHE/js/output.bc85e791cb2f.js
104.16.93.42200 OK 0 B URL HTTP/2 static-assets.highwebmedia.com/CACHE/js/output.bc85e791cb2f.js
IP 104.16.93.42:0
GET /CACHE/js/output.bc85e791cb2f.js HTTP/1.1
Host: static-assets.highwebmedia.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://chaturbate.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Tue, 20 Sep 2022 21:13:36 GMT
content-type: application/javascript
cache-control: public, max-age=2592000
cf-bgj: minify
cf-polished: origSize=202270
etag: W/"7d90e856406997eee24123ea8a61c92d"
last-modified: Fri, 10 Sep 2021 01:29:44 GMT
x-amz-id-2: HJqgrzmpP8NIgQA+YW8wx4YmDeOFkE860/zZrYgEfEOOhSRenFjn4mxx7ChaQYvyWjZAxImMIY8=
x-amz-meta-s3cmd-attrs: md5:7d90e856406997eee24123ea8a61c92d
x-amz-request-id: EVKN10SQAKNB8VZG
cf-cache-status: HIT
age: 1373992
expires: Thu, 20 Oct 2022 21:13:36 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=1jRRG9u%2FrlOfaQSraQWfMkEGnuti16UfX8L6SfDcGXQxveqnxIwl47U41AqSuEQUhPhxu6F%2BnktJZNzvLK5PplEAz0KkflnURic8HXyDie2fSIo766jSf%2B0essV0%2B7ZnbCf3q23b8%2F5b3uFS%2FQQ3xg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
set-cookie: _cfuvid=fASSTcJdwBMOt5siIkIlwW5zJ2dvm_c1xyDcuNdZ51A-1663708416524-0-604800000; path=/; domain=.highwebmedia.com; HttpOnly; Secure; SameSite=None
server: cloudflare
cf-ray: 74dd90e33ae7b503-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
i.bcicdn.com/css-min/1x3Eh/hg.css
195.85.23.30200 OK 0 B URL HTTP/2 i.bcicdn.com/css-min/1x3Eh/hg.css
IP 195.85.23.30:0
ASN #209242 Cloudflare London, LLC
GET /css-min/1x3Eh/hg.css HTTP/1.1
Host: i.bcicdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://no.bongacams.net/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Tue, 20 Sep 2022 21:13:39 GMT
content-type: text/css
last-modified: Tue, 20 Sep 2022 05:06:48 GMT
etag: W/"63294a68-c440"
expires: Thu, 20 Oct 2022 05:07:00 GMT
cache-control: max-age=2592000
x-bc-o: 2, 1
x-o1-css: MISS
vary: Accept-Encoding
access-control-allow-origin: *
cf-cache-status: HIT
age: 57995
strict-transport-security: max-age=15552000; includeSubDomains
x-content-type-options: nosniff
server: cloudflare
cf-ray: 74dd90f7bbe80b02-OSL
content-encoding: br
X-Firefox-Spdy: h2
xfantazy.com/_next/static/pSlyoXy7R5nE6sbZsP0Ue/pages/_app.js
104.26.0.188200 OK 0 B URL HTTP/2 xfantazy.com/_next/static/pSlyoXy7R5nE6sbZsP0Ue/pages/_app.js
IP 104.26.0.188:0
GET /_next/static/pSlyoXy7R5nE6sbZsP0Ue/pages/_app.js HTTP/1.1
Host: xfantazy.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/video/6034cee1d7357618a3d2dc9d
Cookie: visitorId=horncvam62vvxmy2otezz; experiment-popup-payment-7=0; experiment-save-to-button-2=0
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Tue, 20 Sep 2022 21:13:31 GMT
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=31536000, immutable
cf-bgj: minify
etag: W/"20e2f-1835016291c"
last-modified: Sun, 18 Sep 2022 10:12:53 GMT
vary: Origin, Accept-Encoding
cf-cache-status: HIT
age: 212144
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=kDTYUqwp6fwNwuI%2FTFOZT2neJaR5AXMpgMevyng3wgvv5gmHd3Jou1WURO%2F9n%2FKNUamwhmH7LMpBaXGXPCwCi4ZuyR6ZOCf04DARCVD2uKsFuXLKwtblgijbTSM4MA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 74dd90c51a4bb503-OSL
content-encoding: br
X-Firefox-Spdy: h2
media.aso1.net/js/ifr.html
172.64.138.12200 OK 0 B URL HTTP/2 media.aso1.net/js/ifr.html
IP 172.64.138.12:0
GET /js/ifr.html HTTP/1.1
Host: media.aso1.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Tue, 20 Sep 2022 21:13:34 GMT
content-type: text/html
last-modified: Mon, 29 Aug 2022 13:18:49 GMT
etag: W/"630cbcb9-6ea"
expires: Fri, 02 Sep 2022 06:53:13 GMT
cache-control: max-age=259200
x-robots-tag: noindex, nofollow, noarchive, noimageindex
cf-cache-status: HIT
age: 206323
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=pH0fV%2BUJkG9EaTPN1WGV6GRgfNWpDAt9p10%2Bsd37uJzfaghE4F%2BYBDGV5CYOMiXojSYz6pf7yJ6m0qJcqMgVTq0O6s2diO8q9oFk3nadiKnZPVz8Nm%2B9cri2DZ%2BQJThsVg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 74dd90d8bdaa75ad-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
addresseepaper.com/sfp.js
172.64.100.4200 OK 0 B URL HTTP/2 addresseepaper.com/sfp.js
IP 172.64.100.4:0
GET /sfp.js HTTP/1.1
Host: addresseepaper.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Tue, 20 Sep 2022 21:13:34 GMT
content-type: application/javascript; charset=utf-8
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
access-control-allow-origin: *
expires: Thu, 01 Jan 1970 00:00:01 GMT
cache-control: max-age=14400
x-request-id: b13a83d36b5c35d67ac9ff0731e4c676
strict-transport-security: max-age=0; includeSubdomains
cf-cache-status: EXPIRED
last-modified: Tue, 20 Sep 2022 21:13:34 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=uUBu%2FUF9T6o6K9Ya7x%2F3PLyGsnXkb4uGpbbxI05ZD6mxDAL%2FVW004Q%2BiENZvub69KIlyZB2LTWFxL1w43oCDRIkV2blIabWoppwOq9C5%2FBf1a5q9vXyWMm6Rc6pp7F5n64f741o%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 74dd90d56b5c71b6-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
media.aso1.net/js/ifr.html
172.64.138.12200 OK 0 B URL HTTP/2 media.aso1.net/js/ifr.html
IP 172.64.138.12:0
GET /js/ifr.html HTTP/1.1
Host: media.aso1.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Tue, 20 Sep 2022 21:13:34 GMT
content-type: text/html
last-modified: Mon, 29 Aug 2022 13:18:49 GMT
etag: W/"630cbcb9-6ea"
expires: Fri, 02 Sep 2022 06:53:13 GMT
cache-control: max-age=259200
x-robots-tag: noindex, nofollow, noarchive, noimageindex
cf-cache-status: HIT
age: 206323
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=mR09tyJexT7ygNNVd8e0qB3%2F4RPizjKFZHwLrGl23q6Zhiqth2QBpG8SGDDqgbwFI3fnzSUAXl5whhDCmH53Ju20SAzALRE72ER2DdAlsP6i6umkvIVPy04F45iDWCdmmg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 74dd90d87d6a75ad-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
i.bcicdn.com/i18n-min/1663396804/messages/no.js
195.85.23.30200 OK 0 B URL HTTP/2 i.bcicdn.com/i18n-min/1663396804/messages/no.js
IP 195.85.23.30:0
ASN #209242 Cloudflare London, LLC
GET /i18n-min/1663396804/messages/no.js HTTP/1.1
Host: i.bcicdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://no.bongacams.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Tue, 20 Sep 2022 21:13:39 GMT
content-type: application/javascript
last-modified: Sat, 17 Sep 2022 06:40:33 GMT
etag: W/"63256be1-24cf6"
expires: Wed, 19 Oct 2022 13:47:23 GMT
cache-control: max-age=2592000
x-bc-o: 1
x-o1-css: HIT
vary: Accept-Encoding
access-control-allow-origin: *
cf-cache-status: HIT
age: 113177
strict-transport-security: max-age=15552000; includeSubDomains
x-content-type-options: nosniff
server: cloudflare
cf-ray: 74dd90f7bbde0b02-OSL
content-encoding: br
X-Firefox-Spdy: h2
xfantazy.com/cdn-cgi/challenge-platform/h/b/scripts/alpha/invisible.js?ts=1663704000
104.26.0.188200 OK 0 B URL HTTP/2 xfantazy.com/cdn-cgi/challenge-platform/h/b/scripts/alpha/invisible.js?ts=1663704000
IP 104.26.0.188:0
GET /cdn-cgi/challenge-platform/h/b/scripts/alpha/invisible.js?ts=1663704000 HTTP/1.1
Host: xfantazy.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Cookie: visitorId=horncvam62vvxmy2otezz; experiment-popup-payment-7=0; experiment-save-to-button-2=0
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Tue, 20 Sep 2022 21:13:32 GMT
content-type: application/javascript; charset=UTF-8
x-control-type-options: nosniff
cache-control: max-age=14400, public
vary: accept-encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=EgXXv3na9DYwzaY4rj8zCA7b9gauqnG7ALvQDh0tMun9Fzp8F%2FZ9vNeIFd5etyn2WAUs48UdqGX8LWB0o%2BFfGYz1vvQCjPF0E0PhjWBsxbEjXvTGHvejwKNZZfWQeA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 74dd90c7ed96b503-OSL
content-encoding: br
X-Firefox-Spdy: h2
xfantazy.com/_next/static/chunks/59.edff5ae0d8d83054b552.js
104.26.0.188200 OK 0 B URL HTTP/2 xfantazy.com/_next/static/chunks/59.edff5ae0d8d83054b552.js
IP 104.26.0.188:0
GET /_next/static/chunks/59.edff5ae0d8d83054b552.js HTTP/1.1
Host: xfantazy.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/video/6034cee1d7357618a3d2dc9d
Cookie: visitorId=horncvam62vvxmy2otezz; experiment-popup-payment-7=0; experiment-save-to-button-2=0
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Tue, 20 Sep 2022 21:13:31 GMT
content-type: application/javascript; charset=UTF-8
cf-bgj: minify
cache-control: public, max-age=31536000, immutable
etag: W/"c8b-179fb71df0d"
last-modified: Fri, 11 Jun 2021 14:20:14 GMT
vary: Origin, Accept-Encoding
cf-cache-status: HIT
age: 30165479
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=V5oMB8dB2378ybxXmFVps7i6vo%2FI0Br4Wl0Kft7ICSw7T0fn9YtdnI8Ge79vojxVigb8AmURtXaLtromexlSbwl5FZoSCuVaV9oRuEyrvlyQv6giyY4ouOxkNb%2Fd2w%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 74dd90c51a55b503-OSL
content-encoding: br
X-Firefox-Spdy: h2
xfantazy.com/_next/static/chunks/242.e6062ff562716b6e41db.js
104.26.0.188200 OK 0 B URL HTTP/2 xfantazy.com/_next/static/chunks/242.e6062ff562716b6e41db.js
IP 104.26.0.188:0
GET /_next/static/chunks/242.e6062ff562716b6e41db.js HTTP/1.1
Host: xfantazy.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xfantazy.com/video/6034cee1d7357618a3d2dc9d
Cookie: visitorId=horncvam62vvxmy2otezz; experiment-popup-payment-7=0; experiment-save-to-button-2=0; safeMode=0; advancedOptions=0; viewedVideoCounter=0
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Tue, 20 Sep 2022 21:13:32 GMT
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=31536000, immutable
cf-bgj: minify
etag: W/"26cdb-181a9f40d06"
last-modified: Tue, 28 Jun 2022 10:55:52 GMT
vary: Origin, Accept-Encoding
cf-cache-status: HIT
age: 7294542
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2FtjhAjmi%2BOKE%2FfBVIH08p5KlQERq89Y1Hj0RuA4INU%2F892Us8HgUGgTpM5xdABVgyM4wJpX8mbiU5Th%2BnSUFYTQvqwUDpHLxioOUmYEd9YuJpF3thVJdat6vcb6Ipw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 74dd90caa853b503-OSL
content-encoding: br
X-Firefox-Spdy: h2
static-assets.highwebmedia.com/CACHE/js/output.97a5db11ca63.js
104.16.93.42200 OK 0 B URL HTTP/2 static-assets.highwebmedia.com/CACHE/js/output.97a5db11ca63.js
IP 104.16.93.42:0
GET /CACHE/js/output.97a5db11ca63.js HTTP/1.1
Host: static-assets.highwebmedia.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://chaturbate.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Tue, 20 Sep 2022 21:13:36 GMT
content-type: application/javascript
cache-control: public, max-age=2592000
cf-bgj: minify
cf-polished: origSize=827275
etag: W/"692ec922d2a39b4037073f70286968b3"
last-modified: Fri, 13 May 2022 09:09:46 GMT
x-amz-id-2: VZ8ol5gj9DR4cR1Ys+gd3EdgeEH8vduV/GWCX0hMYtqbtTyLc8wtgelbUHUwXR/km7ekid2PJdA=
x-amz-meta-s3cmd-attrs: md5:692ec922d2a39b4037073f70286968b3
x-amz-request-id: WKBNH94P832M1DR9
cf-cache-status: HIT
age: 906897
expires: Thu, 20 Oct 2022 21:13:36 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=mtWietO3sdCRPRl%2B9Bwlp5cRvfjcV1uHesZ9JH2NoXf0kEOTCqZvmcY%2FMYkXuUESD5D7vTQKviP3CAIAUfyTwAsO1HskvkoeUgJMXVPIUQGnjGAD%2BR7bXUFmzAnrEvvfHOS6xouCmjRQBnqHhNxX5w%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
set-cookie: _cfuvid=PQ2o_y6wKfG5lQhDfwbL8D4uicz0SziZYs5ySqAuh1A-1663708416520-0-604800000; path=/; domain=.highwebmedia.com; HttpOnly; Secure; SameSite=None
server: cloudflare
cf-ray: 74dd90e33addb503-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
i.bcicdn.com/images/svg/bc/model_of_hour/female_1.svg
195.85.23.30200 OK 0 B URL HTTP/2 i.bcicdn.com/images/svg/bc/model_of_hour/female_1.svg
IP 195.85.23.30:0
ASN #209242 Cloudflare London, LLC
GET /images/svg/bc/model_of_hour/female_1.svg HTTP/1.1
Host: i.bcicdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://no.bongacams.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Tue, 20 Sep 2022 21:13:39 GMT
content-type: image/svg+xml
last-modified: Mon, 30 Dec 2019 03:04:32 GMT
etag: W/"5e096940-31eb"
expires: Wed, 19 Oct 2022 13:47:19 GMT
cache-control: max-age=2592000
x-bc-o: 1
x-o1-p4: HIT
vary: Accept-Encoding
access-control-allow-origin: *
cf-cache-status: HIT
age: 113168
strict-transport-security: max-age=15552000; includeSubDomains
x-content-type-options: nosniff
server: cloudflare
cf-ray: 74dd90f75b7c0b02-OSL
content-encoding: br
X-Firefox-Spdy: h2
static-assets.highwebmedia.com/CACHE/js/output.09a0bf741d47.js
104.16.93.42200 OK 0 B URL HTTP/2 static-assets.highwebmedia.com/CACHE/js/output.09a0bf741d47.js
IP 104.16.93.42:0
GET /CACHE/js/output.09a0bf741d47.js HTTP/1.1
Host: static-assets.highwebmedia.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://chaturbate.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Tue, 20 Sep 2022 21:13:36 GMT
content-type: application/javascript
cache-control: public, max-age=2592000
cf-bgj: minify
etag: W/"bb81bca2482741d6c4dcf148cb33a79d"
last-modified: Wed, 17 Aug 2022 00:26:59 GMT
x-amz-id-2: 3dz298/kgeP1Pq/aBz8wop8Gas15qR9oG1wjU5FgYthy7g6Z9MZpPydhaAydlHaKkHGU8KIJbDw=
x-amz-meta-s3cmd-attrs: md5:bb81bca2482741d6c4dcf148cb33a79d
x-amz-request-id: RGGA1ZRYYYSSRXHH
cf-cache-status: HIT
age: 420202
expires: Thu, 20 Oct 2022 21:13:36 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ZgMvGtEf%2FZJ46FdIIkBUHOg%2BUa3wA5Zr37oSQXFEhNq78k80KNvrqZ0SLQkExQZ6TWFARl1i%2Bphe7FQWWibbKwVaEeIIgZRDdMCDUkHtA4Oknz3bwkZDy905oExw3S1Bh0%2F0YT1f1ziniypivw961A%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
set-cookie: _cfuvid=s7Zwhro2pORVcqzPSyu9nKsBrCI5qVskXvx1t1SV9hs-1663708416522-0-604800000; path=/; domain=.highwebmedia.com; HttpOnly; Secure; SameSite=None
server: cloudflare
cf-ray: 74dd90e33adeb503-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
i.bcicdn.com/css-min/1x3Eh/extra/chat.css
195.85.23.30200 OK 0 B URL HTTP/2 i.bcicdn.com/css-min/1x3Eh/extra/chat.css
IP 195.85.23.30:0
ASN #209242 Cloudflare London, LLC
GET /css-min/1x3Eh/extra/chat.css HTTP/1.1
Host: i.bcicdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://no.bongacams.net/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Tue, 20 Sep 2022 21:13:39 GMT
content-type: text/css
last-modified: Tue, 20 Sep 2022 05:06:48 GMT
etag: W/"63294a68-5705f"
expires: Thu, 20 Oct 2022 05:07:00 GMT
cache-control: max-age=2592000
x-bc-o: 1, 2
x-o1-css: MISS
vary: Accept-Encoding
access-control-allow-origin: *
cf-cache-status: HIT
age: 57984
strict-transport-security: max-age=15552000; includeSubDomains
x-content-type-options: nosniff
server: cloudflare
cf-ray: 74dd90f75b6b0b02-OSL
content-encoding: br
X-Firefox-Spdy: h2
i.bcicdn.com/images/replace/10/arial/999/bnct_v2.svg
195.85.23.30200 OK 0 B URL HTTP/2 i.bcicdn.com/images/replace/10/arial/999/bnct_v2.svg
IP 195.85.23.30:0
ASN #209242 Cloudflare London, LLC
GET /images/replace/10/arial/999/bnct_v2.svg HTTP/1.1
Host: i.bcicdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://no.bongacams.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Tue, 20 Sep 2022 21:13:39 GMT
content-type: image/svg+xml
last-modified: Wed, 16 Mar 2022 11:31:02 GMT
etag: W/"6231ca76-345d"
expires: Wed, 19 Oct 2022 13:47:20 GMT
cache-control: max-age=2592000
x-bc-o: 2
x-o1-p4: HIT
vary: Accept-Encoding
access-control-allow-origin: *
cf-cache-status: HIT
age: 113180
strict-transport-security: max-age=15552000; includeSubDomains
x-content-type-options: nosniff
server: cloudflare
cf-ray: 74dd90f78bb10b02-OSL
content-encoding: br
X-Firefox-Spdy: h2