r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash ec47f9eed203ae063b9c210009de54a9
19ff156471b9cffbc2432c5b65543bdd18e36271
3974208ce1840f6c9467287b7e220379ed881d76db64939f411dbc500c103d48
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "3974208CE1840F6C9467287B7E220379ED881D76DB64939F411DBC500C103D48"
Last-Modified: Thu, 02 Feb 2023 16:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6612
Expires: Sat, 04 Feb 2023 03:46:58 GMT
Date: Sat, 04 Feb 2023 01:56:46 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash d4e95d0d8982bcd07804baf6fc88231c
5027abda0875bd2529dd4d6691784c74da71a9ee
373799b5749d2cb08b5721699a3e4c6b94b0d41604ac07d4ef7179e47dabc71f
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "373799B5749D2CB08B5721699A3E4C6B94B0D41604AC07D4EF7179E47DABC71F"
Last-Modified: Wed, 01 Feb 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8005
Expires: Sat, 04 Feb 2023 04:10:11 GMT
Date: Sat, 04 Feb 2023 01:56:46 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/
35.241.9.150200 OK 939 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash ff250d3ef3fa45322bf05039a0122a9f
b3e7a2c383bce1bab807dbe1a03c375258b51f1d
d07f109a96e0ae6ec7b1d46ce8761b3f06fe845769ce65d69e053dd40aa561ba
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Length, Retry-After, Backoff, Content-Type, Alert
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Sat, 04 Feb 2023 01:43:35 GMT
content-type: application/json
age: 791
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 9a76feabb767086ae0fa54e0ffbf763f
3655d78994a1e9838340669462728b67c8c12e54
bf215ab858c7785b7c01f7d3d437a918f056f00fe9b065820e1cdd09b7bba8f9
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "BF215AB858C7785B7C01F7D3D437A918F056F00FE9B065820E1CDD09B7BBA8F9"
Last-Modified: Wed, 01 Feb 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8518
Expires: Sat, 04 Feb 2023 04:18:44 GMT
Date: Sat, 04 Feb 2023 01:56:46 GMT
Connection: keep-alive
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain
34.160.144.191200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain
IP 34.160.144.191:0
File type PEM certificate\012- , ASCII text
Hash 7b922915ebf1fa3639b333f994c74f24
144a3f80b98fd0652d4614f24cf6cbbee40f8938
adbb3e06df0e870f5c7a9cb81e8979d4e92735853d75c9b779c06470d4db5d9c
GET /chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: 3MGeKjXWoCuB/JLQrUMClMjPkw7YsMYKwB1AOHdG6QWCbKRX3SFdeoEQ8LjfIfBphZMzuvgdilI=
x-amz-request-id: SMQDSGRP4XX6R3W3
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Sat, 04 Feb 2023 01:52:39 GMT
age: 248
last-modified: Mon, 09 Jan 2023 18:04:21 GMT
etag: "7b922915ebf1fa3639b333f994c74f24"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Sat, 04 Feb 2023 01:56:47 GMT
content-type: application/json
content-length: 12
access-control-allow-credentials: true
access-control-expose-headers: content-type
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
bestpornbabes.com/search/a-blow-job-then-doggy-st-contact-me-from-cas-affair-com
104.21.78.100200 OK 21 kB URL HTTP/1.1 bestpornbabes.com/search/a-blow-job-then-doggy-st-contact-me-from-cas-affair-com
IP 104.21.78.100:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (39865), with CRLF, LF line terminators
Hash 9fe5805020a5d0d275fe82c7b0b5675b
7188662814afc15df3cc0f334375a76de70d56ee
0a54296a6a2d32d031c54d492af676e24b266e9bcb3885fcb7e995bd9fb83059
GET /search/a-blow-job-then-doggy-st-contact-me-from-cas-affair-com HTTP/1.1
Host: bestpornbabes.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Date: Sat, 04 Feb 2023 01:56:47 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
X-Powered-By: PHP/7.4.27
Link: <https://bestpornbabes.com/wp-json/>; rel="https://api.w.org/"
Vary: Accept-Encoding
Cache-Control: max-age=0
Expires: Sat, 04 Feb 2023 01:56:46 GMT
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=RNTJEnzY8dhOpq%2BIVpOYs5hJQsO1z906CJVynmKL3B1AQ34S3YVMbk2zlNZntg3GrRwtIwmPOGL8sGrbY%2BBoV2PKbsOx1I0yn0DC8ssXaAUqCB3mkFa915LQV5pgvhjdIMKy%2BQ%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 793fcaafb9f1b515-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
35.241.9.150200 OK 329 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Length, Retry-After, Last-Modified, Cache-Control, Pragma, ETag, Backoff, Content-Type, Alert, Expires
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Sat, 04 Feb 2023 01:49:07 GMT
age: 460
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 278 B IP 93.184.220.29:0
Hash 2dcff28279088b506179bf0268fcd9da
f0a593e38122d773a02e7223c3fb10a3c505d83e
ef86010b7d6fc02d9a91f2a411d7372db9543adcd4ce29bb133f1f5ec0d0da19
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Sat, 04 Feb 2023 01:56:47 GMT
Server: ECS (amb/6BB2)
Content-Length: 278
bestpornbabes.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js
104.21.78.100200 OK 3.9 kB URL HTTP/1.1 bestpornbabes.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js
IP 104.21.78.100:0
File type ASCII text, with very long lines (12331)
Hash 54c87b7a9007d256c837e382cab4170d
6c8f44204021f68596af9ae5a742c3ad1b76a6ec
3a09f98b09786cd8fbe71cc17d07660e767fc1c8d2ea467f912bc328766a54a1
GET /cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js HTTP/1.1
Host: bestpornbabes.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://bestpornbabes.com/search/a-blow-job-then-doggy-st-contact-me-from-cas-affair-com
HTTP/1.1 200 OK
Date: Sat, 04 Feb 2023 01:56:47 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Fri, 03 Feb 2023 16:56:26 GMT
ETag: W/"63dd3cba-302c"
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=i1EyfDIl6J%2FtGzedNHJ4vJggBFUTrB7mWckx8xYJk21AcxlrKs7cD%2BHxknyKX284TkuR64gTjW1vMjE%2B3YPekKHymiaQSVTlinHUo%2BkGpk9xFVasNt3S4q29JrhkKzgLqq0SEg%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 793fcab55d01b515-OSL
X-Frame-Options: DENY
X-Content-Type-Options: nosniff
Expires: Mon, 06 Feb 2023 01:56:47 GMT
Cache-Control: max-age=172800, public
Content-Encoding: gzip
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash dedf9c519ac38c4bece9c5bc895787d7
4911175c3f8a435978c5301c33c7a99a5e00a1d5
bddd7e3a4939f863642a7c5348c1c8b9bc569b35c10a27f4cf5ec71f7e6b9698
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "BDDD7E3A4939F863642A7C5348C1C8B9BC569B35C10A27F4CF5EC71F7E6B9698"
Last-Modified: Fri, 03 Feb 2023 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=13751
Expires: Sat, 04 Feb 2023 05:45:58 GMT
Date: Sat, 04 Feb 2023 01:56:47 GMT
Connection: keep-alive
bestpornbabes.com/wp-includes/css/classic-themes.min.css?ver=1
104.21.78.100200 OK 189 B URL HTTP/1.1 bestpornbabes.com/wp-includes/css/classic-themes.min.css?ver=1
IP 104.21.78.100:0
Hash 5a18e16eb01cbaa862eb32e6b77bedb2
3abf9b913cc9f558f02cba7c9b822f8d1812cb96
d2b5af913332941d5ae7786d1fa70e0d009315c4ede6ad5b80d0f663bb54521f
GET /wp-includes/css/classic-themes.min.css?ver=1 HTTP/1.1
Host: bestpornbabes.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://bestpornbabes.com/search/a-blow-job-then-doggy-st-contact-me-from-cas-affair-com
HTTP/1.1 200 OK
Date: Sat, 04 Feb 2023 01:56:47 GMT
Content-Type: text/css; charset=utf-8
Content-Length: 189
Connection: keep-alive
Vary: Accept-Encoding
Last-Modified: Tue, 08 Nov 2022 23:44:16 GMT
Content-Encoding: gzip
Cache-Control: public, max-age=31536000
Expires: Sun, 04 Feb 2024 01:56:47 GMT
CF-Cache-Status: MISS
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ShbfrkPu%2FwHjh6LzItqr8BY2Z00kc%2FMpwwecmxZC45t428tgGP4NOilJEYJv8OQ57ZC76kYFaGsQab1l4aHIZQNPGw2rAG86QMtI6tB2ZhjEV%2FQIYDd%2FBmtCf5s1LVq8r3xFfA%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 793fcab45df5b529-OSL
alt-svc: h2=":443"; ma=60
bestpornbabes.com/wp-includes/css/dist/block-library/style.min.css?ver=6.1.1
104.21.78.100200 OK 12 kB URL HTTP/1.1 bestpornbabes.com/wp-includes/css/dist/block-library/style.min.css?ver=6.1.1
IP 104.21.78.100:0
File type ASCII text, with very long lines (47826)
Hash 8fa87dd23394a22621248ec378d2af59
9305bc637a89b1700d7f56a19a80bd32b0feb2f7
c162f7de24fa2d4e93e0da254ef287ff72f4a3e03f42443265097968351388dc
GET /wp-includes/css/dist/block-library/style.min.css?ver=6.1.1 HTTP/1.1
Host: bestpornbabes.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://bestpornbabes.com/search/a-blow-job-then-doggy-st-contact-me-from-cas-affair-com
HTTP/1.1 200 OK
Date: Sat, 04 Feb 2023 01:56:47 GMT
Content-Type: text/css; charset=utf-8
Content-Length: 12518
Connection: keep-alive
Vary: Accept-Encoding
Last-Modified: Tue, 15 Nov 2022 21:39:46 GMT
Content-Encoding: gzip
Cache-Control: public, max-age=31536000
Expires: Sun, 04 Feb 2024 01:56:47 GMT
CF-Cache-Status: MISS
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=uTd6qWJvIYawksY%2BouEw7YjcVTVMQL%2FpUZVDMgw%2BUzr6ZFWwdiosfXgh1Mkh2ckKaJePmll0qL7orAAz8lyHSzy429bvpdQbO987QUfvbdmeYU6KXjXwHFcbQ9ZUq5pxd4WtOQ%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 793fcab45accb521-OSL
alt-svc: h2=":443"; ma=60
bestpornbabes.com/wp-content/themes/retrotube/assets/stylesheets/font-awesome/css/font-awesome.min.css?ver=4.7.0
104.21.78.100200 OK 7.1 kB URL HTTP/1.1 bestpornbabes.com/wp-content/themes/retrotube/assets/stylesheets/font-awesome/css/font-awesome.min.css?ver=4.7.0
IP 104.21.78.100:0
File type ASCII text, with very long lines (30837)
Hash 52f1a8a2ce85fa8432308b33bc1a2e79
fd80917af5371c8ecad0198592a1e7cce4b77b0e
07bd6a9ea0213e20f362485aadc17a88c486ecfb394004b41b8b38db6e6a35f6
GET /wp-content/themes/retrotube/assets/stylesheets/font-awesome/css/font-awesome.min.css?ver=4.7.0 HTTP/1.1
Host: bestpornbabes.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://bestpornbabes.com/search/a-blow-job-then-doggy-st-contact-me-from-cas-affair-com
HTTP/1.1 200 OK
Date: Sat, 04 Feb 2023 01:56:47 GMT
Content-Type: text/css; charset=utf-8
Content-Length: 7053
Connection: keep-alive
Vary: Accept-Encoding
Last-Modified: Mon, 18 Jul 2022 16:03:32 GMT
Content-Encoding: gzip
Cache-Control: public, max-age=31536000
Expires: Sun, 04 Feb 2024 01:56:47 GMT
CF-Cache-Status: MISS
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Cp3T7NnrNacNNFbKt0jd4kxfMJo14YnbDrHQi7YWVNFW7T8Y1dH6cfIYx61m0udJcoMN4UfSimQuCfvNZPGwBKP6HCDpOFTcsXjtSHViEZXKrndLrDZWtb2eQtAneeIoVfjIuw%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 793fcab46935b4ee-OSL
alt-svc: h2=":443"; ma=60
bestpornbabes.com/wp-content/themes/retrotube/style.css?ver=1.6.9.1658160212
104.21.78.100200 OK 14 kB URL HTTP/1.1 bestpornbabes.com/wp-content/themes/retrotube/style.css?ver=1.6.9.1658160212
IP 104.21.78.100:0
File type assembler source, ASCII text
Hash 54dc7232f884b4252f65790133450018
d7193daa7228769d9da7a2247daf8799836437b2
30c0553d70a23dd478127586a4fa2f4a60c309599698d8e52f77fc4d354ad470
GET /wp-content/themes/retrotube/style.css?ver=1.6.9.1658160212 HTTP/1.1
Host: bestpornbabes.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://bestpornbabes.com/search/a-blow-job-then-doggy-st-contact-me-from-cas-affair-com
HTTP/1.1 200 OK
Date: Sat, 04 Feb 2023 01:56:47 GMT
Content-Type: text/css; charset=utf-8
Content-Length: 14258
Connection: keep-alive
Vary: Accept-Encoding
Last-Modified: Mon, 18 Jul 2022 16:03:32 GMT
Content-Encoding: gzip
Cache-Control: public, max-age=31536000
Expires: Sun, 04 Feb 2024 01:56:47 GMT
CF-Cache-Status: MISS
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=8QB3K%2BS8%2FAhVEuBHBkIocItEruwoz0lycsBXgYBXnCrurzMJ14Moxk6O19FvwxjTgdiLU4MVgf368vg6EY5fWNOLb7ZzwwdJzBtqL8WwyTfOMkY2m2%2BAC%2FH26tB%2Bla62N9LHeA%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 793fcab46ad1b521-OSL
alt-svc: h2=":443"; ma=60
bestpornbabes.com/wp-content/themes/retrotube/assets/js/main.js?ver=1.6.9.1658160212
104.21.78.100200 OK 7.8 kB URL HTTP/1.1 bestpornbabes.com/wp-content/themes/retrotube/assets/js/main.js?ver=1.6.9.1658160212
IP 104.21.78.100:0
File type ASCII text, with very long lines (2119)
Hash 9da30c8bba0be7801de65bca25337501
40fefc9f2ee620819042c348c707ee5d5989460f
f57df3c4b5739793d67d84c1cd732f43dccecbc75c0354702851026b5ea6d2d6
GET /wp-content/themes/retrotube/assets/js/main.js?ver=1.6.9.1658160212 HTTP/1.1
Host: bestpornbabes.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://bestpornbabes.com/search/a-blow-job-then-doggy-st-contact-me-from-cas-affair-com
HTTP/1.1 200 OK
Date: Sat, 04 Feb 2023 01:56:47 GMT
Content-Type: application/javascript; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: public, max-age=31536000
Cf-Bgj: minify
Cf-Polished: origSize=39275
Expires: Fri, 02 Feb 2024 04:49:06 GMT
Last-Modified: Mon, 18 Jul 2022 16:03:32 GMT
Vary: Accept-Encoding
CF-Cache-Status: HIT
Age: 162461
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=olEjaR7GFYCtF3HIrfQh5%2F5d95Od78VNPO09bmWKOjbCNy9RwzwEY6So9Ff4julMzYxu2vS2HUxYs2tUhTKAV8C54wGXIYBgkWTmK7c2sMRbrXm%2BUT%2FHgn2MaIHLxfY5OsGHjw%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 793fcab70be7b521-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
bestpornbabes.com/wp-content/themes/retrotube/assets/js/jquery.touchSwipe.min.js?ver=1.6.18
104.21.78.100200 OK 5.1 kB URL HTTP/1.1 bestpornbabes.com/wp-content/themes/retrotube/assets/js/jquery.touchSwipe.min.js?ver=1.6.18
IP 104.21.78.100:0
File type ASCII text, with very long lines (20018)
Hash 48386131118e08b0ddd6a62fef4d704b
50eceeb6e9069fa5308bb957ec86dab7a6356175
fa1ebe789e4b4870306e61b3dda9900ea8cb75a3c18a494988fbca15ba5f4926
GET /wp-content/themes/retrotube/assets/js/jquery.touchSwipe.min.js?ver=1.6.18 HTTP/1.1
Host: bestpornbabes.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://bestpornbabes.com/search/a-blow-job-then-doggy-st-contact-me-from-cas-affair-com
HTTP/1.1 200 OK
Date: Sat, 04 Feb 2023 01:56:47 GMT
Content-Type: application/javascript; charset=utf-8
Content-Length: 5051
Connection: keep-alive
Vary: Accept-Encoding
Last-Modified: Mon, 18 Jul 2022 16:03:32 GMT
Content-Encoding: gzip
Cache-Control: public, max-age=31536000
Expires: Fri, 02 Feb 2024 04:49:06 GMT
CF-Cache-Status: HIT
Age: 162461
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=c1BubsclTY0MzAlk9VhJDqlp%2BhIws6R3gddmaWnE3p%2FGtfUlSQBXdo1zZOWwaSjbIlm4Xj9xlQiWi9WtuksdRBYbVC8U3vHdpD16EKXgmxp%2FnypmfKlVAEOn58jyuut3bSOg8Q%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 793fcab70f9bb529-OSL
alt-svc: h2=":443"; ma=60
ocsp.digicert.com/
93.184.220.29200 OK 312 B IP 93.184.220.29:0
Hash 3d84979ba8fb44b083716b6359684601
6779aa23c14e94569f1babb49c1cb8fe8a7e766f
c651a5fcaf1d770e4c62f0a105543f0b27556374d4464cd39326ae81fffafc9b
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 1582
Cache-Control: max-age=168126
Content-Type: application/ocsp-response
Date: Sat, 04 Feb 2023 01:56:47 GMT
Etag: "63dda2ef-138"
Expires: Mon, 06 Feb 2023 00:38:53 GMT
Last-Modified: Sat, 04 Feb 2023 00:12:31 GMT
Server: ECS (ska/F71B)
X-Cache: HIT
Content-Length: 312
push.services.mozilla.com/
44.227.71.100101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 44.227.71.100:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: VhwhmBdMLIStp+TtxxKOBQ==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: Ka1TV49bF7NT2nXrdcbT7MKtWh0=
ocsp.pki.goog/gts1c3
142.250.74.163200 OK 472 B IP 142.250.74.163:0
Hash 7d482750bf7fdfcaa38c0efd583ef4dc
a4f68a124e4be130bc838e70f23fd4c6d2f4ef2d
5e6f1cadf4bc425664bb26fa2b384cf13900461b689c77d0916b1d2edd41337c
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 04 Feb 2023 01:56:47 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.googletagmanager.com/gtag/js?id=UA-58634502-2
142.250.74.168200 OK 44 kB URL HTTP/2 www.googletagmanager.com/gtag/js?id=UA-58634502-2
IP 142.250.74.168:0
File type ASCII text, with very long lines (1759)
Hash 0dcbf68ccd7d70d7c00784132fad5ddd
c7f92a7805fb8c1f9d8b8bb6afc741061152bafe
db9abb66822b454b07c4de6d66a9a6fc3dfff03ed9f049ad7c7cf8f9707a9372
GET /gtag/js?id=UA-58634502-2 HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://bestpornbabes.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Sat, 04 Feb 2023 01:56:47 GMT
expires: Sat, 04 Feb 2023 01:56:47 GMT
cache-control: private, max-age=900
last-modified: Sat, 04 Feb 2023 00:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 43910
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
bestpornbabes.com/wp-content/themes/retrotube/assets/js/lazyload.js?ver=1.0.0
104.21.78.100200 OK 2.2 kB URL HTTP/1.1 bestpornbabes.com/wp-content/themes/retrotube/assets/js/lazyload.js?ver=1.0.0
IP 104.21.78.100:0
File type ASCII text, with very long lines (5710)
Hash b01f7bed8ef5ac33e9699aeaa9d4415b
e9a1da65c07be51368e15fb6d18bf743f0cffb2b
71965230da3191a8c607c8994e817bbf2f9c359e7a2cd492e92174739cba6b77
GET /wp-content/themes/retrotube/assets/js/lazyload.js?ver=1.0.0 HTTP/1.1
Host: bestpornbabes.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://bestpornbabes.com/search/a-blow-job-then-doggy-st-contact-me-from-cas-affair-com
HTTP/1.1 200 OK
Date: Sat, 04 Feb 2023 01:56:47 GMT
Content-Type: application/javascript; charset=utf-8
Content-Length: 2156
Connection: keep-alive
Vary: Accept-Encoding
Last-Modified: Mon, 18 Jul 2022 16:03:32 GMT
Content-Encoding: gzip
Cache-Control: public, max-age=31536000
Expires: Sun, 04 Feb 2024 01:56:47 GMT
CF-Cache-Status: MISS
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=qjzlP%2BhJlwHCaBcsWf%2FEfPHSqGmv5uyK58dgknGTqBjc3r2Xr8tGGEJ2YMyNQD%2Bdr5wgAxZS9bLr7I9QCDBvWW7l6fLC3a6VDJF9ec2qda1T9TS85jFuRG2UsaDuSqz1Yws4%2BQ%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 793fcab70b22b4ee-OSL
alt-svc: h2=":443"; ma=60
bestpornbabes.com/wp-content/themes/retrotube/assets/stylesheets/font-awesome/fonts/fontawesome-webfont.woff2?v=4.7.0
104.21.78.100200 OK 77 kB URL HTTP/1.1 bestpornbabes.com/wp-content/themes/retrotube/assets/stylesheets/font-awesome/fonts/fontawesome-webfont.woff2?v=4.7.0
IP 104.21.78.100:0
File type Web Open Font Format (Version 2), TrueType, length 77160, version 4.459\012- data
Hash af7ae505a9eed503f8b8e6982036873e
d6f48cba7d076fb6f2fd6ba993a75b9dc1ecbf0c
2adefcbc041e7d18fcf2d417879dc5a09997aa64d675b7a3c4b6ce33da13f3fe
GET /wp-content/themes/retrotube/assets/stylesheets/font-awesome/fonts/fontawesome-webfont.woff2?v=4.7.0 HTTP/1.1
Host: bestpornbabes.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: http://bestpornbabes.com/wp-content/themes/retrotube/assets/stylesheets/font-awesome/css/font-awesome.min.css?ver=4.7.0
HTTP/1.1 200 OK
Date: Sat, 04 Feb 2023 01:56:47 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Last-Modified: Mon, 18 Jul 2022 16:03:32 GMT
Cache-Control: max-age=2592000
Expires: Sat, 04 Mar 2023 04:49:06 GMT
CF-Cache-Status: HIT
Age: 162461
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=iWtDOoEY%2F7i30TWFuTbaGoZr69Ha7Livb8NwiYny35nnZns5w5wnbh3fKcuI8zxS1dX0dtvBkHcEwrvNglcai2%2BGIS8%2Fg32I6DGDGBIOWAmHHgvbkdtBXDz2SiwY9IwaKJRfoQ%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 793fcab7eb98b4ee-OSL
alt-svc: h2=":443"; ma=60
ocsp.pki.goog/gts1c3
142.250.74.163200 OK 472 B IP 142.250.74.163:0
Hash 7d482750bf7fdfcaa38c0efd583ef4dc
a4f68a124e4be130bc838e70f23fd4c6d2f4ef2d
5e6f1cadf4bc425664bb26fa2b384cf13900461b689c77d0916b1d2edd41337c
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 04 Feb 2023 01:56:47 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
bestpornbabes.com/wp-content/uploads/2020/04/bestpornbabes.png
104.21.78.100200 OK 3.5 kB URL HTTP/2 bestpornbabes.com/wp-content/uploads/2020/04/bestpornbabes.png
IP 104.21.78.100:0
File type PNG image data, 253 x 36, 8-bit colormap, non-interlaced\012- data
Hash c5fb07cfea69b42653c70e1e7b3980e7
d4f4c7dc2536f1e48bad9f9807d60ea004f0b5ff
69626de9beabd004956f3d5547555e7b405ac45b135d8d10c6d4879ee5f6eafb
GET /wp-content/uploads/2020/04/bestpornbabes.png HTTP/1.1
Host: bestpornbabes.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://bestpornbabes.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sat, 04 Feb 2023 01:56:48 GMT
content-type: image/png
content-length: 3527
cache-control: private, max-age=10368000, public
vary: Accept-Encoding,Accept
last-modified: Wed, 29 Apr 2020 22:28:25 GMT
expires: Sun, 04 Jun 2023 01:56:48 GMT
cf-cache-status: BYPASS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=y6ftlHmX5bHRlwmzULKB2OCK%2Bd0LFlZMFxZGqV8RUMQz20hVz1RxWKsZwk2t3pbaSxCrsxDhIJyVDqxa5Ma9lIOxirZqTqmgtO%2BQHwWuksW7xqk4hNWFb2m8Mce5qTsEJqI03g%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 793fcab52f0fb505-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
bestpornbabes.com/wp-includes/js/jquery/jquery-migrate.min.js?ver=3.3.2
104.21.78.100200 OK 4.2 kB URL HTTP/1.1 bestpornbabes.com/wp-includes/js/jquery/jquery-migrate.min.js?ver=3.3.2
IP 104.21.78.100:0
File type ASCII text, with very long lines (11126)
Hash 5629711d7fdd5b28441bac39b851299f
4e0bf2b7383097f7c352023a1b1b1b48a50356b6
44c444309c7a6c05ff4a9bc198bed9e9596bedb5658637c85689c9a471dcdd16
GET /wp-includes/js/jquery/jquery-migrate.min.js?ver=3.3.2 HTTP/1.1
Host: bestpornbabes.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://bestpornbabes.com/search/a-blow-job-then-doggy-st-contact-me-from-cas-affair-com
HTTP/1.1 200 OK
Date: Sat, 04 Feb 2023 01:56:48 GMT
Content-Type: application/javascript; charset=utf-8
Content-Length: 4169
Connection: keep-alive
Vary: Accept-Encoding
Last-Modified: Wed, 18 Nov 2020 09:06:06 GMT
Content-Encoding: gzip
Cache-Control: public, max-age=31536000
Expires: Sun, 04 Feb 2024 01:56:48 GMT
CF-Cache-Status: MISS
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=rHyxGEJOc7dgFf%2FpzeO3x1KakdJltIt15yJMDxkSOIKv5Fyq8QIH1l%2Fo%2B0z67GOhU3AZYObg5kKM0lW936%2FGXBI8UTQK2rkGJkQF%2BQQHh6i39CX7siJzePJN1AaDWH5QX%2FkIDQ%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 793fcab70beeb521-OSL
alt-svc: h2=":443"; ma=60
ocsp.digicert.com/
93.184.220.29200 OK 278 B IP 93.184.220.29:0
Hash 2dcff28279088b506179bf0268fcd9da
f0a593e38122d773a02e7223c3fb10a3c505d83e
ef86010b7d6fc02d9a91f2a411d7372db9543adcd4ce29bb133f1f5ec0d0da19
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 1
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Sat, 04 Feb 2023 01:56:48 GMT
Last-Modified: Sat, 04 Feb 2023 01:56:47 GMT
Server: ECS (ska/F71B)
X-Cache: HIT
Content-Length: 278
bestpornbabes.com/wp-content/themes/retrotube/assets/js/navigation.js?ver=1.0.0
104.21.78.100200 OK 1.6 kB URL HTTP/1.1 bestpornbabes.com/wp-content/themes/retrotube/assets/js/navigation.js?ver=1.0.0
IP 104.21.78.100:0
Hash d3bba87c78f1ccee1376daf7851fa92a
da86de99fbe48178c3984ccfe430c107b1ad5508
9d8b332fd04f33fb05caed93d9511188ab2dfe93fcc592cb5a1440e8982d9b13
GET /wp-content/themes/retrotube/assets/js/navigation.js?ver=1.0.0 HTTP/1.1
Host: bestpornbabes.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://bestpornbabes.com/search/a-blow-job-then-doggy-st-contact-me-from-cas-affair-com
HTTP/1.1 200 OK
Date: Sat, 04 Feb 2023 01:56:48 GMT
Content-Type: application/javascript; charset=utf-8
Content-Length: 1577
Connection: keep-alive
Vary: Accept-Encoding
Last-Modified: Mon, 18 Jul 2022 16:03:32 GMT
Content-Encoding: gzip
Cache-Control: public, max-age=31536000
Expires: Sun, 04 Feb 2024 01:56:48 GMT
CF-Cache-Status: MISS
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=gA26F2SG850XmpR%2FJQWLRSvPOOLS7rM2YoSWHruTAhTZPMBb85IAyHRDqhwYbBSmNO0keULEuwk5eT9azgGll1v67c2UwZyc0rvpAWKDtBTvR54mwwRpbhwfawOkQ2oxJsYV2g%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 793fcab70b311bfa-OSL
alt-svc: h2=":443"; ma=60
bestpornbabes.com/wp-content/themes/retrotube/assets/js/skip-link-focus-fix.js?ver=1.0.0
104.21.78.100200 OK 416 B URL HTTP/1.1 bestpornbabes.com/wp-content/themes/retrotube/assets/js/skip-link-focus-fix.js?ver=1.0.0
IP 104.21.78.100:0
Hash e6f53264ebf762f651ef3c426aba7d7a
c94c31f4cdc7976febd8b722771d433fcd460d87
e5dab0bbdb24e72cded213dba7acb5e41a11e2a317279a046e402d1146512404
GET /wp-content/themes/retrotube/assets/js/skip-link-focus-fix.js?ver=1.0.0 HTTP/1.1
Host: bestpornbabes.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://bestpornbabes.com/search/a-blow-job-then-doggy-st-contact-me-from-cas-affair-com
HTTP/1.1 200 OK
Date: Sat, 04 Feb 2023 01:56:48 GMT
Content-Type: application/javascript; charset=utf-8
Content-Length: 416
Connection: keep-alive
Vary: Accept-Encoding
Last-Modified: Mon, 18 Jul 2022 16:03:32 GMT
Content-Encoding: gzip
Cache-Control: public, max-age=31536000
Expires: Sun, 04 Feb 2024 01:56:48 GMT
CF-Cache-Status: MISS
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=mdPlDzfD7zhcpmnRPUUP8Gja1nlD6FhRnKLT3ytSENg0JEfNyvySXXuFLSjCQ9HxQNrcv3ltLlP7RV7zc5rB8RngV%2FMsgKAze0y0aacmYx5X9LPu3xZL0ML5TRQY62OPaP3OwA%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 793fcab6fbe6b521-OSL
alt-svc: h2=":443"; ma=60
bestpornbabes.com/wp-content/themes/retrotube/assets/js/jquery.bxslider.min.js?ver=4.2.15
104.21.78.100200 OK 6.3 kB URL HTTP/1.1 bestpornbabes.com/wp-content/themes/retrotube/assets/js/jquery.bxslider.min.js?ver=4.2.15
IP 104.21.78.100:0
File type ASCII text, with very long lines (24063)
Hash f2fcb11d0bc4cadbf0a212980e2ebffd
020d28edad6c70b8f9fe4578e58077133505ed0e
573821124d4ce62608c240c926a71a0c9ec6cee1581dd315fc26f010dfa15a3a
GET /wp-content/themes/retrotube/assets/js/jquery.bxslider.min.js?ver=4.2.15 HTTP/1.1
Host: bestpornbabes.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://bestpornbabes.com/search/a-blow-job-then-doggy-st-contact-me-from-cas-affair-com
HTTP/1.1 200 OK
Date: Sat, 04 Feb 2023 01:56:48 GMT
Content-Type: application/javascript; charset=utf-8
Content-Length: 6327
Connection: keep-alive
Vary: Accept-Encoding
Last-Modified: Mon, 18 Jul 2022 16:03:32 GMT
Content-Encoding: gzip
Cache-Control: public, max-age=31536000
Expires: Sun, 04 Feb 2024 01:56:48 GMT
CF-Cache-Status: MISS
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=hlzhuUnISLW9mK3DJ4nXQaNLo9fXV9wSDGM%2F2qn4vwGaK6OCRVWF7NTyb0J%2Fxy2aG2yc3apAz3Mq95wUirWZNN%2BjnTz%2B2apzp%2B7CXhgyWPDsoc8329UxfMHQyFHe%2BE8a2jOUgw%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 793fcab70dccb515-OSL
alt-svc: h2=":443"; ma=60
ocsp.digicert.com/
93.184.220.29200 OK 312 B IP 93.184.220.29:0
Hash 3d84979ba8fb44b083716b6359684601
6779aa23c14e94569f1babb49c1cb8fe8a7e766f
c651a5fcaf1d770e4c62f0a105543f0b27556374d4464cd39326ae81fffafc9b
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 1583
Cache-Control: max-age=168126
Content-Type: application/ocsp-response
Date: Sat, 04 Feb 2023 01:56:48 GMT
Etag: "63dda2ef-138"
Expires: Mon, 06 Feb 2023 00:38:54 GMT
Last-Modified: Sat, 04 Feb 2023 00:12:31 GMT
Server: ECS (ska/F71B)
X-Cache: HIT
Content-Length: 312
bestpornbabes.com/wp-includes/js/jquery/jquery.min.js?ver=3.6.1
104.21.78.100200 OK 31 kB URL HTTP/1.1 bestpornbabes.com/wp-includes/js/jquery/jquery.min.js?ver=3.6.1
IP 104.21.78.100:0
File type ASCII text, with very long lines (65447)
Hash 1b5264c989379b828aff60f65a518a24
98641237f14ccb33ac114f54329a33bd0aa17eb7
6c8e7b78c6dbc13426810c905572db7589cf3e00264e30ce797fddb0b1092237
GET /wp-includes/js/jquery/jquery.min.js?ver=3.6.1 HTTP/1.1
Host: bestpornbabes.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://bestpornbabes.com/search/a-blow-job-then-doggy-st-contact-me-from-cas-affair-com
HTTP/1.1 200 OK
Date: Sat, 04 Feb 2023 01:56:48 GMT
Content-Type: application/javascript; charset=utf-8
Content-Length: 30995
Connection: keep-alive
Vary: Accept-Encoding
Last-Modified: Tue, 08 Nov 2022 23:44:16 GMT
Content-Encoding: gzip
Cache-Control: public, max-age=31536000
Expires: Sun, 04 Feb 2024 01:56:48 GMT
CF-Cache-Status: MISS
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=J60VNT5Wn4Zna3TwHnseoEjokyhC%2BZxQGCzxDgjEGesmFjvcSlGLS4UfoNR6UTEYR4Hl0Mu0YQVc%2F6m1hfyldCYPl5wQkLLhkL%2Fmqlo9XYI17n8JhXLH%2BwDH2RlWgmM9Mxz9Bw%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 793fcab70f9eb529-OSL
alt-svc: h2=":443"; ma=60
syndication.exosrv.com/ads-iframe-display.php?idzone=3214913&type=300x100&p=http%3A//bestpornbabes.com/search/a-blow-job-then-doggy-st-contact-me-from-cas-affair-com&dt=1675475841679&sub=&tags=&cookieconsent=true&screen_resolution=1280x1024&el=%22
95.211.229.246200 OK 336 B URL HTTP/1.1 syndication.exosrv.com/ads-iframe-display.php?idzone=3214913&type=300x100&p=http%3A//bestpornbabes.com/search/a-blow-job-then-doggy-st-contact-me-from-cas-affair-com&dt=1675475841679&sub=&tags=&cookieconsent=true&screen_resolution=1280x1024&el=%22
IP 95.211.229.246:0
ASN #60781 LeaseWeb Netherlands B.V.
File type HTML document, ASCII text, with very long lines (453), with no line terminators
Hash 2d1f6276763a41649f79d81f30915228
7e7334121a8f4e0c91cde8cf29bb27bf3dd016b2
1a0893641f81a77c8dacbbe268e8dcf111aef51475fe52b7396e71c48bc4d343
GET /ads-iframe-display.php?idzone=3214913&type=300x100&p=http%3A//bestpornbabes.com/search/a-blow-job-then-doggy-st-contact-me-from-cas-affair-com&dt=1675475841679&sub=&tags=&cookieconsent=true&screen_resolution=1280x1024&el=%22 HTTP/1.1
Host: syndication.exosrv.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://bestpornbabes.com/
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 04 Feb 2023 01:56:48 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-cache, must-revalidate
Pragma: no-cache
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Set-Cookie: __uvt=a%3A1%3A%7Bi%3A0%3Bs%3A33%3A%2263ddbb6043cae9.609191442107786450%22%3B%7D; expires=Mon, 03 Feb 2025 01:56:48 GMT; path=; domain=.exosrv.com;
impressions=oslmrxbrnxgxamrcraoxsgeicxbmsbcenxgxamrcremlrgeimmccrbebnxgxamcbexxbmgeioslmrxbmnxgxamrcaxocmgeicxbmsbocnxgxamrcraoxsgeimmccrlaonxgxamrcremlrgeimmccrlacnxgxamcmlarclgeicxbmsboenxgxamrscrmeogeioslmrxlrnxgxamslescrogeimmccrbxenxgxamrescroogeislsaroornxgxamccolacbgeioslmroemnxgxamrcremlrgeioslmrxlsnxgxamroamsoegeicmmsxrbonxgxamsoeamlmgeimmccrlaenxgxamrsxxxmrgeimmccrbeanxgxamcssabxegeicaocmrmanxgxamolcrcergeimcclsxronxgxamsscrmclgeimcclsxmenxgxamrceerargeialbserebnxgxamccrrssogeimcclsxaonxgxamsxsxllxgeicxbmsbxcnxgxamrcaxocmgeimrblxebenxgxamselmborgeimcclsxconxgxamrcraoxsgeirbabxabbnxgxamrescroogeimcclsxacnxgxamsscrmclgeicmmsxaeenxgxamcmrmsrmgeialbsereanxgxamsoeabscgeicaxsscmbnxgxamsosomemgeimcclosconxgxamrcremlrgeimcclsoeonxgxamrcraoxsgeimcclsxlcnxgxamrceerargeimcclossbnxgxamcscxaesgeimcclsxscnxgxamsmoooeegeimcclsxlenxgxamcbrorxbgeimaecseaenxgxamrcremlrgeimaecsxcbnxgxamsmoooeegeimcclsxoanxgxamclrbcelgeimcclsxlbnxgxamcrbalrageimccloscanxgxamrceerargeiclsmrbsonxgxamsmmrbmbgeiclsmarsenxgxamsmmrbmbgeiccmmllebnxgxamclarlmmgeimcclsxsbnxgxamrcremlrgeiclsmrbxonxgxamsbebceegeiclsmrbxcnxgxamsbebceegeiclsmarscnxgxamsbebceegeiccmmlmlcnxgxamsbebceegeiclsmarrenxgxamsbebceegeicaormbaonxgxamsbxxbsrgeicaormlrenxgxamcememscgeimcclsxlonxgxamcsmlmxcgeimrblelronxgxamsbremaegeimaecsxobnxgxamsbremaegeiclsmrbrcnxgxamsbroemmgeiclsmrraanxgxamclsslaegeiclsmrmxbnxgxamsbroemmgeimccloscenxgxamrcraoxsgeimcclsxxonxgxamslescrogeimrblelxbnxgxamslescrogeimcclsoeenxgxamclrbcelgeimrblelmonxgxamcxcrasxgeimrbleloenxgxamcxcrasxgeiclsmrrmanxgxamcxabcxbgeiclsmrbeonxgxamcxabcxbgeiclsmrrcenxgxamcxabcxbgeiclsmrmxanxgxamcxabcxbgeiclsmrbxenxgxamcxabcxbgeiclsmaroonxgxamcxabcxbgeialbserxenxgxamcosraregeimcclsxsenxgxamrcraoxsgeimcclsxlanxgxamcblrlbcgeiccmmlleanxgxamccrrssogeicaormlabnxgxamcrllsmageicaormlconxgxamcrllsmageiclsmarsonxgxamclsslaegeiclsmrmlbnxgxamclsslaegeiclsmrmocnxgxamclsslaegeiccmmllecnxgxamclsslaegeimcclsxcanxgxamrceerscgeimrblelcenxgxamclrbcelgeimaecsxrcnxgxamclrbcelgeialbserxonxgxamclarlmmgeimcclosscnxgxamrceerscgeimaecobronxgxamrescroogeimaecobeenxgxamrescroogeimcclosccnxgxamrescroogeimaecoboonxgxamrescroogeimrblxelenxgxamrescroogeimxlbmoscnogxamrslosssgxcceimbsblroanxogxamrslosssgxcceixaoosscrnxgxamrslcexrgxcceicmarxbbonsgxamrslcexrgxcceimbrscsxcnsgxamrslaersgxcceimcssmlrcnsgxamrslamrrgxcceimxlbalscnxgxamrslamrrgxcceimblelambnxgxamrslamrrgxcceimaooloranxgxamrslboacgxcceimclsaoxbncgxamrslboacgxcceimlxocxoanogxamrceerscgxcceimbleabcanogxamrceerscgxcceiceecmorsnxgxamrceerscgxcceixaoossalnxgxamrceerargxcceimxlbmosenogxamrceerargxcceimxlbmosonogxamrceeraagxcceialaroxrcnxgxamrceeraagxcceimeembescnogxamrcxorsmgxcceimsacexoonxgxamrcxbbmsgxcceimeembecenxgxamrcxbbmsgxcceimeembesonxgxamrcoxcmagxcceimxeemblenogxamrcoxcmagxcceimcssmlrenogxamrcoxcbegxcceimxeemleonogxamrcoxcbegxcceimblraeabnsgxamrcooeelgxcceimrmaobxanogxamrcooeelgxcceimxlbmxlcnogxamrcoscrlgxcceimaoolslanxgxamrcobllogxcceirarrrcaenxgxamrcceorxgxcceimexexabbnxgxamrccrbsogxcceimbscxmxanxgxamrccarblgxcceimxlbmosanogxamrccmecbgxcceicxmecmcanxgxamrccmecbgxcceimcssmlronsgxamrcresmegxcceimrbxmxmanxgxamrcremlrgxcceimaecsxccnxgxamrcremlrgeimocbmmmbnxgxamrcrxblmgxcceimocbmmacnxgxamrcrxblmgxcceimocbmmaanxgxamrcrxblmgxcceimrxccosanxgxamrcrolmegxcceimrxccosenxgxamrcrolmegxcceimrxccoscnxgxamrcrolmegxcceimxlbmoconogxamrcraoxsgxcceimxeoxsacnogxamrcraoxsgxcceimlxbaxlonxgxamrcraoxsgeimxlbalsbnxgxamrcrblsagxcceimlxbaxbanxgxamrcaxocmgeimxlbmxlenxgxamrcaxocmgxcceimxlbalcenxgxamrcaxocbgxcceimxlbmoobnxgxamrcaobasgxcceimrxccosonxgxamrcacbrlgxcceimxlbmoaonxgxamrcabersgxcceimlxasascnxgxamrcmoorsgxcceimxelmbranxgxamrcmoormgxcceimbclraronsgxamrcmoscsgcbeimblelamenxgxamrcmoscagxcceimlxoblmonxgxamrcmoscagxcceimblelabenxgxamrcmsrbegcbeimlxocxobnxgxamrcmrbebgcbe; expires=Sun, 05 Feb 2023 01:56:48 GMT; path=/; domain=.exosrv.com;
X-Robots-Tag: noindex, follow
Content-Encoding: gzip
syndication.exosrv.com/ads-iframe-display.php?idzone=3594649&type=300x250&p=http%3A//bestpornbabes.com/search/a-blow-job-then-doggy-st-contact-me-from-cas-affair-com&dt=1675475841712&sub=&tags=&cookieconsent=true&screen_resolution=1280x1024&el=%22
95.211.229.246200 OK 194 B URL HTTP/1.1 syndication.exosrv.com/ads-iframe-display.php?idzone=3594649&type=300x250&p=http%3A//bestpornbabes.com/search/a-blow-job-then-doggy-st-contact-me-from-cas-affair-com&dt=1675475841712&sub=&tags=&cookieconsent=true&screen_resolution=1280x1024&el=%22
IP 95.211.229.246:0
ASN #60781 LeaseWeb Netherlands B.V.
File type HTML document text\012- HTML document, ASCII text, with no line terminators
Hash ff210595b4546ecf12f825e8f0e0fd0d
053997c71d81aa2e277c6ef0c9813e533f4dfd56
d18e5be85c539f1d4665b84cfe66fd8f6dba742571187b91b19ed9817ec68e73
GET /ads-iframe-display.php?idzone=3594649&type=300x250&p=http%3A//bestpornbabes.com/search/a-blow-job-then-doggy-st-contact-me-from-cas-affair-com&dt=1675475841712&sub=&tags=&cookieconsent=true&screen_resolution=1280x1024&el=%22 HTTP/1.1
Host: syndication.exosrv.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://bestpornbabes.com/
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 04 Feb 2023 01:56:48 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-cache, must-revalidate
Pragma: no-cache
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Set-Cookie: __uvt=a%3A1%3A%7Bi%3A0%3Bs%3A33%3A%2263ddbb60476dc8.558785063705512582%22%3B%7D; expires=Mon, 03 Feb 2025 01:56:48 GMT; path=; domain=.exosrv.com;
impressions=oslmrxbrnxgxamrcraoxsgeicxbmsbcenxgxamrcremlrgeimmccrbebnxgxamcbexxbmgeioslmrxbmnxgxamrcaxocmgeicxbmsbocnxgxamrcraoxsgeimmccrlaonxgxamrcremlrgeimmccrlacnxgxamcmlarclgeicxbmsboenxgxamrscrmeogeioslmrxlrnxgxamslescrogeimmccrbxenxgxamrescroogeislsaroornxgxamccolacbgeioslmroemnxgxamrcremlrgeioslmrxlsnxgxamroamsoegeicmmsxrbonxgxamsoeamlmgeimmccrlaenxgxamrsxxxmrgeimmccrbeanxgxamcssabxegeicaocmrmanxgxamolcrcergeimcclsxronxgxamsscrmclgeimcclsxmenxgxamrceerargeialbserebnxgxamccrrssogeimcclsxaonxgxamsxsxllxgeicxbmsbxcnxgxamrcaxocmgeimrblxebenxgxamselmborgeimcclsxconxgxamrcraoxsgeirbabxabbnxgxamrescroogeimcclsxacnxgxamsscrmclgeicmmsxaeenxgxamcmrmsrmgeialbsereanxgxamsoeabscgeicaxsscmbnxgxamsosomemgeimcclosconxgxamrcremlrgeimcclsoeonxgxamrcraoxsgeimcclsxlcnxgxamrceerargeimcclossbnxgxamcscxaesgeimcclsxscnxgxamsmoooeegeimcclsxlenxgxamcbrorxbgeimaecseaenxgxamrcremlrgeimaecsxcbnxgxamsmoooeegeimcclsxoanxgxamclrbcelgeimcclsxlbnxgxamcrbalrageimccloscanxgxamrceerargeiclsmrbsonxgxamsmmrbmbgeiclsmarsenxgxamsmmrbmbgeiccmmllebnxgxamclarlmmgeimcclsxsbnxgxamrcremlrgeiclsmrbxonxgxamsbebceegeiclsmrbxcnxgxamsbebceegeiclsmarscnxgxamsbebceegeiccmmlmlcnxgxamsbebceegeiclsmarrenxgxamsbebceegeicaormbaonxgxamsbxxbsrgeicaormlrenxgxamcememscgeimcclsxlonxgxamcsmlmxcgeimrblelronxgxamsbremaegeimaecsxobnxgxamsbremaegeiclsmrbrcnxgxamsbroemmgeiclsmrraanxgxamclsslaegeiclsmrmxbnxgxamsbroemmgeimccloscenxgxamrcraoxsgeimcclsxxonxgxamslescrogeimrblelxbnxgxamslescrogeimcclsoeenxgxamclrbcelgeimrblelmonxgxamcxcrasxgeimrbleloenxgxamcxcrasxgeiclsmrrmanxgxamcxabcxbgeiclsmrbeonxgxamcxabcxbgeiclsmrrcenxgxamcxabcxbgeiclsmrmxanxgxamcxabcxbgeiclsmrbxenxgxamcxabcxbgeiclsmaroonxgxamcxabcxbgeialbserxenxgxamcosraregeimcclsxsenxgxamrcraoxsgeimcclsxlanxgxamcblrlbcgeiccmmlleanxgxamccrrssogeicaormlabnxgxamcrllsmageicaormlconxgxamcrllsmageiclsmarsonxgxamclsslaegeiclsmrmlbnxgxamclsslaegeiclsmrmocnxgxamclsslaegeiccmmllecnxgxamclsslaegeimcclsxcanxgxamrceerscgeimrblelcenxgxamclrbcelgeimaecsxrcnxgxamclrbcelgeialbserxonxgxamclarlmmgeimcclosscnxgxamrceerscgeimaecobronxgxamrescroogeimaecobeenxgxamrescroogeimcclosccnxgxamrescroogeimaecoboonxgxamrescroogeimrblxelenxgxamrescroogeimxlbmoscnogxamrslosssgxcceimbsblroanxogxamrslosssgxcceixaoosscrnxgxamrslcexrgxcceicmarxbbonsgxamrslcexrgxcceimbrscsxcnsgxamrslaersgxcceimcssmlrcnsgxamrslamrrgxcceimxlbalscnxgxamrslamrrgxcceimblelambnxgxamrslamrrgxcceimaooloranxgxamrslboacgxcceimclsaoxbncgxamrslboacgxcceimlxocxoanogxamrceerscgxcceimbleabcanogxamrceerscgxcceiceecmorsnxgxamrceerscgxcceixaoossalnxgxamrceerargxcceimxlbmosenogxamrceerargxcceimxlbmosonogxamrceeraagxcceialaroxrcnxgxamrceeraagxcceimeembescnogxamrcxorsmgxcceimsacexoonxgxamrcxbbmsgxcceimeembecenxgxamrcxbbmsgxcceimeembesonxgxamrcoxcmagxcceimxeemblenogxamrcoxcmagxcceimcssmlrenogxamrcoxcbegxcceimxeemleonogxamrcoxcbegxcceimblraeabnsgxamrcooeelgxcceimrmaobxanogxamrcooeelgxcceimxlbmxlcnogxamrcoscrlgxcceimaoolslanxgxamrcobllogxcceirarrrcaenxgxamrcceorxgxcceimexexabbnxgxamrccrbsogxcceimbscxmxanxgxamrccarblgxcceimxlbmosanogxamrccmecbgxcceicxmecmcanxgxamrccmecbgxcceimcssmlronsgxamrcresmegxcceimrbxmxmanxgxamrcremlrgxcceimaecsxccnxgxamrcremlrgeimocbmmmbnxgxamrcrxblmgxcceimocbmmacnxgxamrcrxblmgxcceimocbmmaanxgxamrcrxblmgxcceimrxccosanxgxamrcrolmegxcceimrxccosenxgxamrcrolmegxcceimrxccoscnxgxamrcrolmegxcceimxlbmoconogxamrcraoxsgxcceimxeoxsacnogxamrcraoxsgxcceimlxbaxlonxgxamrcraoxsgeimxlbalsbnxgxamrcrblsagxcceimlxbaxbanxgxamrcaxocmgeimxlbmxlenxgxamrcaxocmgxcceimxlbalcenxgxamrcaxocbgxcceimxlbmoobnxgxamrcaobasgxcceimrxccosonxgxamrcacbrlgxcceimxlbmoaonxgxamrcabersgxcceimlxasascnxgxamrcmoorsgxcceimxelmbranxgxamrcmoormgxcceimbclraronsgxamrcmoscsgcbeimblelamenxgxamrcmoscagxcceimlxoblmonxgxamrcmoscagxcceimblelabenxgxamrcmsrbegcbeialrexexbnxgxamrcmrbebgxcce; expires=Sun, 05 Feb 2023 01:56:48 GMT; path=/; domain=.exosrv.com;
X-Robots-Tag: noindex, follow
Content-Encoding: gzip
syndication.exosrv.com/ads-iframe-display.php?idzone=3214913&type=300x100&p=http%3A//bestpornbabes.com/search/a-blow-job-then-doggy-st-contact-me-from-cas-affair-com&dt=1675475841696&sub=&tags=&cookieconsent=true&screen_resolution=1280x1024&el=%22
95.211.229.246200 OK 336 B URL HTTP/1.1 syndication.exosrv.com/ads-iframe-display.php?idzone=3214913&type=300x100&p=http%3A//bestpornbabes.com/search/a-blow-job-then-doggy-st-contact-me-from-cas-affair-com&dt=1675475841696&sub=&tags=&cookieconsent=true&screen_resolution=1280x1024&el=%22
IP 95.211.229.246:0
ASN #60781 LeaseWeb Netherlands B.V.
File type HTML document, ASCII text, with very long lines (453), with no line terminators
Hash 2d1f6276763a41649f79d81f30915228
7e7334121a8f4e0c91cde8cf29bb27bf3dd016b2
1a0893641f81a77c8dacbbe268e8dcf111aef51475fe52b7396e71c48bc4d343
GET /ads-iframe-display.php?idzone=3214913&type=300x100&p=http%3A//bestpornbabes.com/search/a-blow-job-then-doggy-st-contact-me-from-cas-affair-com&dt=1675475841696&sub=&tags=&cookieconsent=true&screen_resolution=1280x1024&el=%22 HTTP/1.1
Host: syndication.exosrv.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://bestpornbabes.com/
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 04 Feb 2023 01:56:48 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-cache, must-revalidate
Pragma: no-cache
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Set-Cookie: __uvt=a%3A1%3A%7Bi%3A0%3Bs%3A33%3A%2263ddbb604b3787.337482411644474865%22%3B%7D; expires=Mon, 03 Feb 2025 01:56:48 GMT; path=; domain=.exosrv.com;
impressions=oslmrxbrnxgxamrcraoxsgeicxbmsbcenxgxamrcremlrgeimmccrbebnxgxamcbexxbmgeioslmrxbmnxgxamrcaxocmgeicxbmsbocnxgxamrcraoxsgeimmccrlaonxgxamrcremlrgeimmccrlacnxgxamcmlarclgeicxbmsboenxgxamrscrmeogeioslmrxlrnxgxamslescrogeimmccrbxenxgxamrescroogeislsaroornxgxamccolacbgeioslmroemnxgxamrcremlrgeioslmrxlsnxgxamroamsoegeicmmsxrbonxgxamsoeamlmgeimmccrlaenxgxamrsxxxmrgeimmccrbeanxgxamcssabxegeicaocmrmanxgxamolcrcergeimcclsxronxgxamsscrmclgeimcclsxmenxgxamrceerargeialbserebnxgxamccrrssogeimcclsxaonxgxamsxsxllxgeicxbmsbxcnxgxamrcaxocmgeimrblxebenxgxamselmborgeimcclsxconxgxamrcraoxsgeirbabxabbnxgxamrescroogeimcclsxacnxgxamsscrmclgeicmmsxaeenxgxamcmrmsrmgeialbsereanxgxamsoeabscgeicaxsscmbnxgxamsosomemgeimcclosconxgxamrcremlrgeimcclsoeonxgxamrcraoxsgeimcclsxlcnxgxamrceerargeimcclossbnxgxamcscxaesgeimcclsxscnxgxamsmoooeegeimcclsxlenxgxamcbrorxbgeimaecseaenxgxamrcremlrgeimaecsxcbnxgxamsmoooeegeimcclsxoanxgxamclrbcelgeimcclsxlbnxgxamcrbalrageimccloscanxgxamrceerargeiclsmrbsonxgxamsmmrbmbgeiclsmarsenxgxamsmmrbmbgeiccmmllebnxgxamclarlmmgeimcclsxsbnxgxamrcremlrgeiclsmrbxonxgxamsbebceegeiclsmrbxcnxgxamsbebceegeiclsmarscnxgxamsbebceegeiccmmlmlcnxgxamsbebceegeiclsmarrenxgxamsbebceegeicaormbaonxgxamsbxxbsrgeicaormlrenxgxamcememscgeimcclsxlonxgxamcsmlmxcgeimrblelronxgxamsbremaegeimaecsxobnxgxamsbremaegeiclsmrbrcnxgxamsbroemmgeiclsmrraanxgxamclsslaegeiclsmrmxbnxgxamsbroemmgeimccloscenxgxamrcraoxsgeimcclsxxonxgxamslescrogeimrblelxbnxgxamslescrogeimcclsoeenxgxamclrbcelgeimrblelmonxgxamcxcrasxgeimrbleloenxgxamcxcrasxgeiclsmrrmanxgxamcxabcxbgeiclsmrbeonxgxamcxabcxbgeiclsmrrcenxgxamcxabcxbgeiclsmrmxanxgxamcxabcxbgeiclsmrbxenxgxamcxabcxbgeiclsmaroonxgxamcxabcxbgeialbserxenxgxamcosraregeimcclsxsenxgxamrcraoxsgeimcclsxlanxgxamcblrlbcgeiccmmlleanxgxamccrrssogeicaormlabnxgxamcrllsmageicaormlconxgxamcrllsmageiclsmarsonxgxamclsslaegeiclsmrmlbnxgxamclsslaegeiclsmrmocnxgxamclsslaegeiccmmllecnxgxamclsslaegeimcclsxcanxgxamrceerscgeimrblelcenxgxamclrbcelgeimaecsxrcnxgxamclrbcelgeialbserxonxgxamclarlmmgeimcclosscnxgxamrceerscgeimaecobronxgxamrescroogeimaecobeenxgxamrescroogeimcclosccnxgxamrescroogeimaecoboonxgxamrescroogeimrblxelenxgxamrescroogeimxlbmoscnogxamrslosssgxcceimbsblroanxogxamrslosssgxcceixaoosscrnxgxamrslcexrgxcceicmarxbbonsgxamrslcexrgxcceimbrscsxcnsgxamrslaersgxcceimcssmlrcnsgxamrslamrrgxcceimxlbalscnxgxamrslamrrgxcceimblelambnxgxamrslamrrgxcceimaooloranxgxamrslboacgxcceimclsaoxbncgxamrslboacgxcceimlxocxoanogxamrceerscgxcceimbleabcanogxamrceerscgxcceiceecmorsnxgxamrceerscgxcceixaoossalnxgxamrceerargxcceimxlbmosenogxamrceerargxcceimxlbmosonogxamrceeraagxcceialaroxrcnxgxamrceeraagxcceimeembescnogxamrcxorsmgxcceimsacexoonxgxamrcxbbmsgxcceimeembecenxgxamrcxbbmsgxcceimeembesonxgxamrcoxcmagxcceimxeemblenogxamrcoxcmagxcceimcssmlrenogxamrcoxcbegxcceimxeemleonogxamrcoxcbegxcceimblraeabnsgxamrcooeelgxcceimrmaobxanogxamrcooeelgxcceimxlbmxlcnogxamrcoscrlgxcceimaoolslanxgxamrcobllogxcceirarrrcaenxgxamrcceorxgxcceimexexabbnxgxamrccrbsogxcceimbscxmxanxgxamrccarblgxcceimxlbmosanogxamrccmecbgxcceicxmecmcanxgxamrccmecbgxcceimcssmlronsgxamrcresmegxcceimrbxmxmanxgxamrcremlrgxcceimaecsxccnxgxamrcremlrgeimocbmmmbnxgxamrcrxblmgxcceimocbmmacnxgxamrcrxblmgxcceimocbmmaanxgxamrcrxblmgxcceimrxccosanxgxamrcrolmegxcceimrxccosenxgxamrcrolmegxcceimrxccoscnxgxamrcrolmegxcceimxlbmoconogxamrcraoxsgxcceimxeoxsacnogxamrcraoxsgxcceimlxbaxlonxgxamrcraoxsgeimxlbalsbnxgxamrcrblsagxcceimlxbaxbanxgxamrcaxocmgeimxlbmxlenxgxamrcaxocmgxcceimxlbalcenxgxamrcaxocbgxcceimxlbmoobnxgxamrcaobasgxcceimrxccosonxgxamrcacbrlgxcceimxlbmoaonxgxamrcabersgxcceimlxasascnxgxamrcmoorsgxcceimxelmbranxgxamrcmoormgxcceimbclraronsgxamrcmoscsgcbeimblelamenxgxamrcmoscagxcceimlxoblmonxgxamrcmoscagxcceimblelabenxgxamrcmsrbegcbeimlxocxobnxgxamrcmrbebgcbe; expires=Sun, 05 Feb 2023 01:56:48 GMT; path=/; domain=.exosrv.com;
X-Robots-Tag: noindex, follow
Content-Encoding: gzip
syndication.exosrv.com/ads-iframe-display.php?idzone=3596943&type=300x250&p=http%3A//bestpornbabes.com/search/a-blow-job-then-doggy-st-contact-me-from-cas-affair-com&dt=1675475841721&sub=&tags=&cookieconsent=true&screen_resolution=1280x1024&el=%22
95.211.229.246200 OK 194 B URL HTTP/1.1 syndication.exosrv.com/ads-iframe-display.php?idzone=3596943&type=300x250&p=http%3A//bestpornbabes.com/search/a-blow-job-then-doggy-st-contact-me-from-cas-affair-com&dt=1675475841721&sub=&tags=&cookieconsent=true&screen_resolution=1280x1024&el=%22
IP 95.211.229.246:0
ASN #60781 LeaseWeb Netherlands B.V.
File type HTML document text\012- HTML document, ASCII text, with no line terminators
Hash ff210595b4546ecf12f825e8f0e0fd0d
053997c71d81aa2e277c6ef0c9813e533f4dfd56
d18e5be85c539f1d4665b84cfe66fd8f6dba742571187b91b19ed9817ec68e73
GET /ads-iframe-display.php?idzone=3596943&type=300x250&p=http%3A//bestpornbabes.com/search/a-blow-job-then-doggy-st-contact-me-from-cas-affair-com&dt=1675475841721&sub=&tags=&cookieconsent=true&screen_resolution=1280x1024&el=%22 HTTP/1.1
Host: syndication.exosrv.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://bestpornbabes.com/
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 04 Feb 2023 01:56:48 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-cache, must-revalidate
Pragma: no-cache
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Set-Cookie: __uvt=a%3A1%3A%7Bi%3A0%3Bs%3A32%3A%2263ddbb60493848.79859841412138976%22%3B%7D; expires=Mon, 03 Feb 2025 01:56:48 GMT; path=; domain=.exosrv.com;
impressions=oslmrxbrnxgxamrcraoxsgeicxbmsbcenxgxamrcremlrgeimmccrbebnxgxamcbexxbmgeioslmrxbmnxgxamrcaxocmgeicxbmsbocnxgxamrcraoxsgeimmccrlaonxgxamrcremlrgeimmccrlacnxgxamcmlarclgeicxbmsboenxgxamrscrmeogeioslmrxlrnxgxamslescrogeimmccrbxenxgxamrescroogeislsaroornxgxamccolacbgeioslmroemnxgxamrcremlrgeioslmrxlsnxgxamroamsoegeicmmsxrbonxgxamsoeamlmgeimmccrlaenxgxamrsxxxmrgeimmccrbeanxgxamcssabxegeicaocmrmanxgxamolcrcergeimcclsxronxgxamsscrmclgeimcclsxmenxgxamrceerargeialbserebnxgxamccrrssogeimcclsxaonxgxamsxsxllxgeicxbmsbxcnxgxamrcaxocmgeimrblxebenxgxamselmborgeimcclsxconxgxamrcraoxsgeirbabxabbnxgxamrescroogeimcclsxacnxgxamsscrmclgeicmmsxaeenxgxamcmrmsrmgeialbsereanxgxamsoeabscgeicaxsscmbnxgxamsosomemgeimcclosconxgxamrcremlrgeimcclsoeonxgxamrcraoxsgeimcclsxlcnxgxamrceerargeimcclossbnxgxamcscxaesgeimcclsxscnxgxamsmoooeegeimcclsxlenxgxamcbrorxbgeimaecseaenxgxamrcremlrgeimaecsxcbnxgxamsmoooeegeimcclsxoanxgxamclrbcelgeimcclsxlbnxgxamcrbalrageimccloscanxgxamrceerargeiclsmrbsonxgxamsmmrbmbgeiclsmarsenxgxamsmmrbmbgeiccmmllebnxgxamclarlmmgeimcclsxsbnxgxamrcremlrgeiclsmrbxonxgxamsbebceegeiclsmrbxcnxgxamsbebceegeiclsmarscnxgxamsbebceegeiccmmlmlcnxgxamsbebceegeiclsmarrenxgxamsbebceegeicaormbaonxgxamsbxxbsrgeicaormlrenxgxamcememscgeimcclsxlonxgxamcsmlmxcgeimrblelronxgxamsbremaegeimaecsxobnxgxamsbremaegeiclsmrbrcnxgxamsbroemmgeiclsmrraanxgxamclsslaegeiclsmrmxbnxgxamsbroemmgeimccloscenxgxamrcraoxsgeimcclsxxonxgxamslescrogeimrblelxbnxgxamslescrogeimcclsoeenxgxamclrbcelgeimrblelmonxgxamcxcrasxgeimrbleloenxgxamcxcrasxgeiclsmrrmanxgxamcxabcxbgeiclsmrbeonxgxamcxabcxbgeiclsmrrcenxgxamcxabcxbgeiclsmrmxanxgxamcxabcxbgeiclsmrbxenxgxamcxabcxbgeiclsmaroonxgxamcxabcxbgeialbserxenxgxamcosraregeimcclsxsenxgxamrcraoxsgeimcclsxlanxgxamcblrlbcgeiccmmlleanxgxamccrrssogeicaormlabnxgxamcrllsmageicaormlconxgxamcrllsmageiclsmarsonxgxamclsslaegeiclsmrmlbnxgxamclsslaegeiclsmrmocnxgxamclsslaegeiccmmllecnxgxamclsslaegeimcclsxcanxgxamrceerscgeimrblelcenxgxamclrbcelgeimaecsxrcnxgxamclrbcelgeialbserxonxgxamclarlmmgeimcclosscnxgxamrceerscgeimaecobronxgxamrescroogeimaecobeenxgxamrescroogeimcclosccnxgxamrescroogeimaecoboonxgxamrescroogeimrblxelenxgxamrescroogeimxlbmoscnogxamrslosssgxcceimbsblroanxogxamrslosssgxcceixaoosscrnxgxamrslcexrgxcceicmarxbbonsgxamrslcexrgxcceimbrscsxcnsgxamrslaersgxcceimcssmlrcnsgxamrslamrrgxcceimxlbalscnxgxamrslamrrgxcceimblelambnxgxamrslamrrgxcceimaooloranxgxamrslboacgxcceimclsaoxbncgxamrslboacgxcceimlxocxoanogxamrceerscgxcceimbleabcanogxamrceerscgxcceiceecmorsnxgxamrceerscgxcceixaoossalnxgxamrceerargxcceimxlbmosenogxamrceerargxcceimxlbmosonogxamrceeraagxcceialaroxrcnxgxamrceeraagxcceimeembescnogxamrcxorsmgxcceimsacexoonxgxamrcxbbmsgxcceimeembecenxgxamrcxbbmsgxcceimeembesonxgxamrcoxcmagxcceimxeemblenogxamrcoxcmagxcceimcssmlrenogxamrcoxcbegxcceimxeemleonogxamrcoxcbegxcceimblraeabnsgxamrcooeelgxcceimrmaobxanogxamrcooeelgxcceimxlbmxlcnogxamrcoscrlgxcceimaoolslanxgxamrcobllogxcceirarrrcaenxgxamrcceorxgxcceimexexabbnxgxamrccrbsogxcceimbscxmxanxgxamrccarblgxcceimxlbmosanogxamrccmecbgxcceicxmecmcanxgxamrccmecbgxcceimcssmlronsgxamrcresmegxcceimrbxmxmanxgxamrcremlrgxcceimaecsxccnxgxamrcremlrgeimocbmmmbnxgxamrcrxblmgxcceimocbmmacnxgxamrcrxblmgxcceimocbmmaanxgxamrcrxblmgxcceimrxccosanxgxamrcrolmegxcceimrxccosenxgxamrcrolmegxcceimrxccoscnxgxamrcrolmegxcceimxlbmoconogxamrcraoxsgxcceimxeoxsacnogxamrcraoxsgxcceimlxbaxlonxgxamrcraoxsgeimxlbalsbnxgxamrcrblsagxcceimlxbaxbanxgxamrcaxocmgeimxlbmxlenxgxamrcaxocmgxcceimxlbalcenxgxamrcaxocbgxcceimxlbmoobnxgxamrcaobasgxcceimrxccosonxgxamrcacbrlgxcceimxlbmoaonxgxamrcabersgxcceimlxasascnxgxamrcmoorsgxcceimxelmbranxgxamrcmoormgxcceimbclraronsgxamrcmoscsgcbeimblelamenxgxamrcmoscagxcceimlxoblmonxgxamrcmoscagxcceimblelabenxgxamrcmsrbegcbeialrexexbnxgxamrcmrbebgxcce; expires=Sun, 05 Feb 2023 01:56:48 GMT; path=/; domain=.exosrv.com;
X-Robots-Tag: noindex, follow
Content-Encoding: gzip
di.phncdn.com/videos/201510/28/60463211/original/(m=eafTGgaaaa)(mh=bH6GJwAW8vKdkfxW)12.jpg
205.185.208.142200 OK 13 kB URL HTTP/2 di.phncdn.com/videos/201510/28/60463211/original/(m=eafTGgaaaa)(mh=bH6GJwAW8vKdkfxW)12.jpg
IP 205.185.208.142:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 320x180, components 3\012- data
Hash 15bc2a2a0e6d9cf6d03e5b9e54ddf878
3458476bdfa20d6ff90ed3c2ace9f35ed14980e4
3368a947f9031ddb2cd43e7b0105c0f1982885dece2164a5457f01fbfd5bf2dc
GET /videos/201510/28/60463211/original/(m=eafTGgaaaa)(mh=bH6GJwAW8vKdkfxW)12.jpg HTTP/1.1
Host: di.phncdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://bestpornbabes.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 04 Feb 2023 01:56:48 GMT
etag: "1573644692"
content-length: 13037
content-type: image/jpeg
last-modified: Wed, 13 Nov 2019 11:31:32 GMT
accept-ranges: bytes
cache-control: max-age=10256112
x-hw: 1675475808.dop215.sk1.t,1675475808.cds069.sk1.hn,1675475808.cds017.sk1.c
access-control-allow-origin: *
timing-allow-origin: *
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 279 B IP 93.184.220.29:0
Hash 38b8d382e4b8c88b9673d88d81f3b4ac
4bf629f9b0ae2a14a5d0e0a52be4cc7a96d381c5
58fdac02106fbb362254ae6058ab84176368d7d3912e0ae680871b44e34184f4
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4371
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Sat, 04 Feb 2023 01:56:48 GMT
Last-Modified: Sat, 04 Feb 2023 00:43:57 GMT
Server: ECS (ska/F71B)
X-Cache: HIT
Content-Length: 279
ocsp.digicert.com/
93.184.220.29200 OK 279 B IP 93.184.220.29:0
Hash 38b8d382e4b8c88b9673d88d81f3b4ac
4bf629f9b0ae2a14a5d0e0a52be4cc7a96d381c5
58fdac02106fbb362254ae6058ab84176368d7d3912e0ae680871b44e34184f4
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4371
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Sat, 04 Feb 2023 01:56:48 GMT
Last-Modified: Sat, 04 Feb 2023 00:43:57 GMT
Server: ECS (ska/F71B)
X-Cache: HIT
Content-Length: 279
cdn77-pic.xvideos-cdn.com/videos/thumbs169lll/da/b6/98/dab69825f1c1945347735ee32bb063b1/dab69825f1c1945347735ee32bb063b1.3.jpg
195.181.166.14200 OK 32 kB URL HTTP/2 cdn77-pic.xvideos-cdn.com/videos/thumbs169lll/da/b6/98/dab69825f1c1945347735ee32bb063b1/dab69825f1c1945347735ee32bb063b1.3.jpg
IP 195.181.166.14:0
ASN #60068 Datacamp Limited
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 85", baseline, precision 8, 600x337, components 3\012- data
Hash ed2eb58ad87dc5cea413169cc32a422c
b004c0a9230cce8a3558e6d1fc69ed604ce30db6
00f705b9fdb211f0602882c0f83604daaf19f327199d30b424e991e59f1443ee
GET /videos/thumbs169lll/da/b6/98/dab69825f1c1945347735ee32bb063b1/dab69825f1c1945347735ee32bb063b1.3.jpg HTTP/1.1
Host: cdn77-pic.xvideos-cdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://bestpornbabes.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 04 Feb 2023 01:56:48 GMT
content-type: image/jpeg
content-length: 31795
x-frame-options: sameorigin
last-modified: Wed, 19 Oct 2016 21:55:45 GMT
cache-control: max-age=10368000, public
access-control-allow-origin: *
x-accel-expires: @1685843808
x-77-nzt: A8O1pg3VXayh1GY4Ccl5d6GP9DrYaroqwQ
x-77-nzt-ray: ffffffffca2f5f7760bbdd634367b318
x-77-cache: MISS
server: CDN77-Turbo
x-cache-lb: MISS, MISS
x-77-pop: stockholmSE
accept-ranges: bytes
X-Firefox-Spdy: h2
go.strpjmp.com/i?userId=2f82e51a35f05029ccdc351923ae9788dc8b0f0c3fc79a5ea1419437e91975b8&campaignId=a9988d37c4a7422acf1f7b13b06aefa0acee3aba47179a8862b2e1349958ebc0&creativeId=5b053a3185f536205088645857111f85da1d459387845476807bc4b5b61622d9&banner=300x100%2Fenglish%2F1.gif&path=%2Fsignup&language=en
104.18.62.219302 Found 0 B URL HTTP/2 go.strpjmp.com/i?userId=2f82e51a35f05029ccdc351923ae9788dc8b0f0c3fc79a5ea1419437e91975b8&campaignId=a9988d37c4a7422acf1f7b13b06aefa0acee3aba47179a8862b2e1349958ebc0&creativeId=5b053a3185f536205088645857111f85da1d459387845476807bc4b5b61622d9&banner=300x100%2Fenglish%2F1.gif&path=%2Fsignup&language=en
IP 104.18.62.219:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /i?userId=2f82e51a35f05029ccdc351923ae9788dc8b0f0c3fc79a5ea1419437e91975b8&campaignId=a9988d37c4a7422acf1f7b13b06aefa0acee3aba47179a8862b2e1349958ebc0&creativeId=5b053a3185f536205088645857111f85da1d459387845476807bc4b5b61622d9&banner=300x100%2Fenglish%2F1.gif&path=%2Fsignup&language=en HTTP/1.1
Host: go.strpjmp.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://syndication.exosrv.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
date: Sat, 04 Feb 2023 01:56:48 GMT
content-length: 0
location: https://creative.strpjmp.com/widgets/wrapper/?banner=300x100%2Fenglish%2F1.gif&campaignId=a9988d37c4a7422acf1f7b13b06aefa0acee3aba47179a8862b2e1349958ebc0&creativeId=5b053a3185f536205088645857111f85da1d459387845476807bc4b5b61622d9&domain=stripchat&language=en&path=%2Fsignup&sound=off&trackOff=1&userId=2f82e51a35f05029ccdc351923ae9788dc8b0f0c3fc79a5ea1419437e91975b8
access-control-allow-origin: *
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=LETbruOgTEYRGmN7ewi9eFpUkrtVlN7Calom3DBKdfqs4hRdZvMMUvA2RBOfAOm%2B0if9KCblzCiW%2BvUHHseZz%2FY5YdNwTxozym%2BgzBMY6fO9XAF142MmwhFAl%2FiJwef9HA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 793fcabaa807b503-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
itchpotatoesdesigner.com/ab/b5/99/abb59928297afd9df742286326036dd3.js
192.243.61.225200 OK 13 kB URL HTTP/1.1 itchpotatoesdesigner.com/ab/b5/99/abb59928297afd9df742286326036dd3.js
IP 192.243.61.225:0
ASN #39572 DataWeb Global Group B.V.
File type ASCII text, with very long lines (37164), with no line terminators
Hash aed2c50a980dd68ed3c8c4d0edc035f4
c8a5b381565d3d7128d3ee313ed40f351e79ab60
f50150500da9a4c0f15d6191b1223c782d0d1499f473c1b50e4d38868c8e3195
Analyzer Verdict Alert quad9 Sinkholed
GET /ab/b5/99/abb59928297afd9df742286326036dd3.js HTTP/1.1
Host: itchpotatoesdesigner.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://bestpornbabes.com/
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Sat, 04 Feb 2023 01:56:48 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: d102e529dae8c2ad065522fd9c2e1503
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
itchpotatoesdesigner.com/ae/ef/f3/aeeff3a384f751393c86e53c82feeee7.js
192.243.61.225200 OK 29 kB URL HTTP/1.1 itchpotatoesdesigner.com/ae/ef/f3/aeeff3a384f751393c86e53c82feeee7.js
IP 192.243.61.225:0
ASN #39572 DataWeb Global Group B.V.
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (65536), with no line terminators
Hash cac2d612840d441c65f7246af40c7530
a789786497086a7f07f7c4e1200b7bb79154f886
ec55fcae7e563bb2aa3b5d4db222dd952abb6b8813544179cc7939cd80d1df1b
Analyzer Verdict Alert quad9 Sinkholed
GET /ae/ef/f3/aeeff3a384f751393c86e53c82feeee7.js HTTP/1.1
Host: itchpotatoesdesigner.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://bestpornbabes.com/
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Sat, 04 Feb 2023 01:56:48 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 543094040a841401a17940d6ee1ab1ac
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
ocsp.digicert.com/
93.184.220.29200 OK 279 B IP 93.184.220.29:0
Hash 38b8d382e4b8c88b9673d88d81f3b4ac
4bf629f9b0ae2a14a5d0e0a52be4cc7a96d381c5
58fdac02106fbb362254ae6058ab84176368d7d3912e0ae680871b44e34184f4
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4371
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Sat, 04 Feb 2023 01:56:48 GMT
Last-Modified: Sat, 04 Feb 2023 00:43:57 GMT
Server: ECS (ska/F71B)
X-Cache: HIT
Content-Length: 279
go.strpjmp.com/i?userId=2f82e51a35f05029ccdc351923ae9788dc8b0f0c3fc79a5ea1419437e91975b8&campaignId=a9988d37c4a7422acf1f7b13b06aefa0acee3aba47179a8862b2e1349958ebc0&creativeId=5b053a3185f536205088645857111f85da1d459387845476807bc4b5b61622d9&banner=300x100%2Fenglish%2F1.gif&path=%2Fsignup&language=en
104.18.62.219302 Found 0 B URL HTTP/2 go.strpjmp.com/i?userId=2f82e51a35f05029ccdc351923ae9788dc8b0f0c3fc79a5ea1419437e91975b8&campaignId=a9988d37c4a7422acf1f7b13b06aefa0acee3aba47179a8862b2e1349958ebc0&creativeId=5b053a3185f536205088645857111f85da1d459387845476807bc4b5b61622d9&banner=300x100%2Fenglish%2F1.gif&path=%2Fsignup&language=en
IP 104.18.62.219:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /i?userId=2f82e51a35f05029ccdc351923ae9788dc8b0f0c3fc79a5ea1419437e91975b8&campaignId=a9988d37c4a7422acf1f7b13b06aefa0acee3aba47179a8862b2e1349958ebc0&creativeId=5b053a3185f536205088645857111f85da1d459387845476807bc4b5b61622d9&banner=300x100%2Fenglish%2F1.gif&path=%2Fsignup&language=en HTTP/1.1
Host: go.strpjmp.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://syndication.exosrv.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 302 Found
date: Sat, 04 Feb 2023 01:56:48 GMT
content-length: 0
location: https://creative.strpjmp.com/widgets/wrapper/?banner=300x100%2Fenglish%2F1.gif&campaignId=a9988d37c4a7422acf1f7b13b06aefa0acee3aba47179a8862b2e1349958ebc0&creativeId=5b053a3185f536205088645857111f85da1d459387845476807bc4b5b61622d9&domain=stripchat&language=en&path=%2Fsignup&sound=off&trackOff=1&userId=2f82e51a35f05029ccdc351923ae9788dc8b0f0c3fc79a5ea1419437e91975b8
access-control-allow-origin: *
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=BzArNDx5Aejwxl0ZHSS2nZhaB49R4NeaBCu1KoVVSHpq%2BvSfaXxLPkNEMrtZj1Ze%2BaYlGmiauCbJFsddcZF1Pj10F5s9rP1UGB7hlI1AQWStpjArr6AzPJa6xeDLqEGN4g%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 793fcabb6859b503-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
friendshipmale.com/sfp.js
104.21.234.93200 OK 28 kB URL HTTP/1.1 friendshipmale.com/sfp.js
IP 104.21.234.93:0
File type Unicode text, UTF-8 text, with very long lines (65529), with no line terminators
Hash b1fa950e77a7db5425f9a5257af02e9c
2d5580451f34ad96218f8b97edf9708f9ee1be87
d999c4320df27dc4a1d3de5aec22bb3ef201560b47a7eff3f28f4133c1997a14
Analyzer Verdict Alert fortinet Malware
GET /sfp.js HTTP/1.1
Host: friendshipmale.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://bestpornbabes.com/
HTTP/1.1 200 OK
Date: Sat, 04 Feb 2023 01:56:48 GMT
Content-Type: application/javascript; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: max-age=14400
X-Request-ID: 26f5ef04122e4dc228e58aaa79fc420e
Strict-Transport-Security: max-age=0; includeSubdomains
CF-Cache-Status: EXPIRED
Last-Modified: Sat, 04 Feb 2023 01:56:47 GMT
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=1Pwet4%2BxTfX24bsXV0Pne402HcP722QQRxRseujWjLD5qwZrjIsE2qmMz%2BKHR8spEpgIK6GNHi4X2WeWWn1OTAxWCXimdiHdhze0PMz0jRPKwmOw6EYn2CIki8Ha9DuxvCHy3YA%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 793fcabbfac7072a-LHR
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
ocsp.sca1b.amazontrust.com/
54.230.245.118200 OK 471 B URL HTTP/1.1 ocsp.sca1b.amazontrust.com/
IP 54.230.245.118:0
Hash 51587a23f66c8249b593bdd3bc316c26
a44589aa9cf9e0a703e280f130f13783a4dce154
9d3982efed953d409b9ff9e88be9f517be1f563d0569bc8f39ca9c75be104477
POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: 'max-age=158059'
Date: Sat, 04 Feb 2023 01:56:48 GMT
Last-Modified: Sat, 04 Feb 2023 00:20:40 GMT
Server: ECS (nyb/1D32)
X-Cache: Miss from cloudfront
Via: 1.1 6259d2cd8a5947ad41a420527bbed7a6.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: 1F6KmkYlxcBcFEOo03VdbysskRvmhm7wHLOscykZlbFErzsLANtfMg==
Age: 5768
ocsp.sca1b.amazontrust.com/
54.230.245.118200 OK 471 B URL HTTP/1.1 ocsp.sca1b.amazontrust.com/
IP 54.230.245.118:0
Hash 51587a23f66c8249b593bdd3bc316c26
a44589aa9cf9e0a703e280f130f13783a4dce154
9d3982efed953d409b9ff9e88be9f517be1f563d0569bc8f39ca9c75be104477
POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=134176
Date: Sat, 04 Feb 2023 01:56:48 GMT
Etag: "63dd0c95-1d7"
Expires: Sun, 05 Feb 2023 15:13:04 GMT
Last-Modified: Fri, 03 Feb 2023 13:31:01 GMT
Server: ECS (nyb/1D31)
X-Cache: Miss from cloudfront
Via: 1.1 c26775cc34c23943f6f5cfc9a3da9b4a.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: 5uBUUyTMZfpgq7nZHBpfw6ZuRBtDC82cOqAIctr8E5ZarlZ8kvWw8Q==
Age: 6123
simplewebanalysis.com/stats
35.156.167.37200 OK 40 B URL HTTP/2 simplewebanalysis.com/stats
IP 35.156.167.37:0
File type ASCII text, with no line terminators
Hash f34a4a5b9f52510e3c0fcd2327263438
cead0e5a91c5ea4e898f70e4afe022b7a4bedcf8
aaa4cc2694664621a3ea200f3369b1a8947df02038a54d18a9053132db0dd7c6
GET /stats HTTP/1.1
Host: simplewebanalysis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://bestpornbabes.com
Connection: keep-alive
Referer: http://bestpornbabes.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 04 Feb 2023 01:56:48 GMT
content-type: text/html; charset=UTF-8
content-length: 40
server: fasthttp
access-control-allow-origin: http://bestpornbabes.com
access-control-allow-credentials: true
set-cookie: uid_id2=96c020f6-f3d3-4e10-bbf2-651fa828dbf2:2:1; expires=Tue, 01 Feb 2033 01:56:48 GMT; secure; SameSite=None
X-Firefox-Spdy: h2
simplewebanalysis.com/stats
35.156.167.37200 OK 40 B URL HTTP/2 simplewebanalysis.com/stats
IP 35.156.167.37:0
File type ASCII text, with no line terminators
Hash a040d8af50d9378a721c5b49807a96a9
13775a3d84a7d1f419badb7a84f08c36234cc1e7
692699019f5a6ff39c6fc2acca0350b625ab3abc80dafa31c1fbf52c81d1ef51
GET /stats HTTP/1.1
Host: simplewebanalysis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://bestpornbabes.com
Connection: keep-alive
Referer: http://bestpornbabes.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 04 Feb 2023 01:56:48 GMT
content-type: text/html; charset=UTF-8
content-length: 40
server: fasthttp
access-control-allow-origin: http://bestpornbabes.com
access-control-allow-credentials: true
set-cookie: uid_id2=36213229-821c-40cb-a201-c9962aa16879:1:1; expires=Tue, 01 Feb 2033 01:56:48 GMT; secure; SameSite=None
X-Firefox-Spdy: h2
ads.adxadserv.com/ad?spotid=5dd2237361d6e216933bd502&type=300x250&output=html&extra1=0&ref=http%3A//bestpornbabes.com/&dt=1675475842056&screen=1280x1024&tags=
185.98.53.2200 OK 2.1 kB URL HTTP/1.1 ads.adxadserv.com/ad?spotid=5dd2237361d6e216933bd502&type=300x250&output=html&extra1=0&ref=http%3A//bestpornbabes.com/&dt=1675475842056&screen=1280x1024&tags=
IP 185.98.53.2:0
ASN #39572 DataWeb Global Group B.V.
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (591)
Hash f9763db951649ffed33a636c4a813762
e67bc91b15fd0b5c82328a09a90b4296ed7b38bb
c997701229b04157a363165d96a31ee38586a140fa7136173278b1c8a994bfd2
GET /ad?spotid=5dd2237361d6e216933bd502&type=300x250&output=html&extra1=0&ref=http%3A//bestpornbabes.com/&dt=1675475842056&screen=1280x1024&tags= HTTP/1.1
Host: ads.adxadserv.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://syndication.exosrv.com/
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 04 Feb 2023 01:56:48 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: no-cache
ads.adxadserv.com/ad?spotid=5dd2237361d6e216933bd502&type=300x250&output=html&extra1=0&ref=http%3A//bestpornbabes.com/&dt=1675475842068&screen=1280x1024&tags=
185.98.53.2200 OK 2.1 kB URL HTTP/1.1 ads.adxadserv.com/ad?spotid=5dd2237361d6e216933bd502&type=300x250&output=html&extra1=0&ref=http%3A//bestpornbabes.com/&dt=1675475842068&screen=1280x1024&tags=
IP 185.98.53.2:0
ASN #39572 DataWeb Global Group B.V.
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (591)
Hash 4726419583c9c05624766f63a3497700
6f0be1226a1a478b8d6bb574d4f8e43a504d799f
5affd70883f5c200338b9f489528883c2748f2bf43a6c57fd73bcad238d87411
GET /ad?spotid=5dd2237361d6e216933bd502&type=300x250&output=html&extra1=0&ref=http%3A//bestpornbabes.com/&dt=1675475842068&screen=1280x1024&tags= HTTP/1.1
Host: ads.adxadserv.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://syndication.exosrv.com/
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 04 Feb 2023 01:56:48 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: no-cache
ocsp.digicert.com/
93.184.220.29200 OK 279 B IP 93.184.220.29:0
Hash cad2cbbea1ce1230e86b9e7a892b56f8
81e79b16a92501828fc595fefb99ef628e35b3fb
3303b6ba1771ad887bf7de1aa9063018d03a2fee929992b3c0c7964e13c4c079
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5919
Cache-Control: max-age=94746
Content-Type: application/ocsp-response
Date: Sat, 04 Feb 2023 01:56:48 GMT
Etag: "63dc735b-117"
Expires: Sun, 05 Feb 2023 04:15:54 GMT
Last-Modified: Fri, 03 Feb 2023 02:37:15 GMT
Server: ECS (ska/F71B)
X-Cache: HIT
Content-Length: 279
ei.phncdn.com/videos/201509/30/58390281/original/(m=eafTGgaaaa)(mh=n4t3DzfDW9Zhqr0Q)12.jpg
64.210.135.119200 OK 21 kB URL HTTP/2 ei.phncdn.com/videos/201509/30/58390281/original/(m=eafTGgaaaa)(mh=n4t3DzfDW9Zhqr0Q)12.jpg
IP 64.210.135.119:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 320x180, components 3\012- data
Hash 75e6d02fbe9ca091da248401282d54ea
b342bf2a99eb362d55eaf7323732903710f7b26e
8802e14a582694c55a5d0db449c95ad9730a57b5e89c24095159eca57ca36c77
GET /videos/201509/30/58390281/original/(m=eafTGgaaaa)(mh=n4t3DzfDW9Zhqr0Q)12.jpg HTTP/1.1
Host: ei.phncdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://bestpornbabes.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 04 Feb 2023 01:56:48 GMT
content-type: image/jpeg
content-length: 20587
expires: Sat, 22 Apr 2023 09:02:57 GMT
cache-control: max-age=10271277
last-modified: Tue, 26 Nov 2019 12:05:12 GMT
etag: "387b487ab-28f85-5983eb1352e00"
access-control-allow-origin: *
access-control-allow-methods: GET,HEAD,OPTIONS
timing-allow-origin: *
x-cdn-diag: ams5-6140-3-28561-h-0-0---;6141-23-6322----0-0-1
X-Firefox-Spdy: h2
ei.phncdn.com/videos/201806/06/169379642/original/(m=eafTGgaaaa)(mh=AMHlqoj5BcqHe2D1)12.jpg
64.210.135.119200 OK 15 kB URL HTTP/2 ei.phncdn.com/videos/201806/06/169379642/original/(m=eafTGgaaaa)(mh=AMHlqoj5BcqHe2D1)12.jpg
IP 64.210.135.119:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 320x180, components 3\012- data
Hash e4bd4be0959b36c03450a7886aa6beee
f48a847185300145823d5714aef40c07176ae571
63f2391f0aeaa2c1342c08e9d103f172850d8506e20f1cb78eda1ba281ae21b8
GET /videos/201806/06/169379642/original/(m=eafTGgaaaa)(mh=AMHlqoj5BcqHe2D1)12.jpg HTTP/1.1
Host: ei.phncdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://bestpornbabes.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 04 Feb 2023 01:56:48 GMT
content-type: image/jpeg
content-length: 15161
expires: Wed, 08 Feb 2023 08:48:14 GMT
cache-control: max-age=10361193
last-modified: Thu, 07 Jun 2018 00:41:32 GMT
etag: "1812f1a1b-1f92b-56e028b72a1f1"
access-control-allow-origin: *
access-control-allow-methods: GET,HEAD,OPTIONS
timing-allow-origin: *
x-cdn-diag: ams5-6139-2-14978-h-0-0---;6141-23-6322----0-0-1
X-Firefox-Spdy: h2
video.ktkjmp.com/adsbygoogle.js
104.18.48.21200 OK 16 B URL HTTP/2 video.ktkjmp.com/adsbygoogle.js
IP 104.18.48.21:0
Hash 3d7f7a60216d40dea48e495fef6903c9
fecdb5184f55cf012563d78940eb97b10b9cc99b
96d83ac9f20fc0b88404f307f135e212642e02d6ea295c96b28aed0d771a224f
GET /adsbygoogle.js HTTP/1.1
Host: video.ktkjmp.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://creative.strpjmp.com/
Origin: https://creative.strpjmp.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 04 Feb 2023 01:56:48 GMT
content-type: application/javascript
content-length: 16
x-amz-id-2: MHp3mTaftqXY5FD0LO5BlZsWMcPAkBhTWh8uBDl6N3BLUbQfUiZdRY4pttDH0qPuSs1udq6sceU=
x-amz-request-id: DNFK91VSJBX30152
last-modified: Thu, 10 Mar 2022 13:52:07 GMT
etag: "3d7f7a60216d40dea48e495fef6903c9"
x-amz-meta-s3cmd-attrs: atime:1646920284/ctime:1646920283/gid:20/gname:staff/md5:3d7f7a60216d40dea48e495fef6903c9/mode:33188/mtime:1646920283/uid:501/uname:mikhailchubar
x-amz-version-id: eIgLIBoMMcsEXtxOH6UDjWyfAquRpkIG
access-control-allow-origin: https://creative.strpjmp.com
access-control-allow-credentials: true
access-control-allow-headers: Content-Type, Content-Length, Accept-Encoding, x-requested-with
cf-cache-status: HIT
age: 5818
expires: Sat, 04 Feb 2023 05:56:48 GMT
cache-control: public, max-age=14400
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 793fcabe0c8d1c06-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 279 B IP 93.184.220.29:0
Hash cad2cbbea1ce1230e86b9e7a892b56f8
81e79b16a92501828fc595fefb99ef628e35b3fb
3303b6ba1771ad887bf7de1aa9063018d03a2fee929992b3c0c7964e13c4c079
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5919
Cache-Control: max-age=94746
Content-Type: application/ocsp-response
Date: Sat, 04 Feb 2023 01:56:48 GMT
Etag: "63dc735b-117"
Expires: Sun, 05 Feb 2023 04:15:54 GMT
Last-Modified: Fri, 03 Feb 2023 02:37:15 GMT
Server: ECS (ska/F71B)
X-Cache: HIT
Content-Length: 279
static.adxadserv.com/css/wm.css
185.76.9.23200 OK 651 B URL HTTP/1.1 static.adxadserv.com/css/wm.css
IP 185.76.9.23:0
ASN #60068 Datacamp Limited
File type ASCII text, with CRLF line terminators
Hash 8492f240bb77d1f7902b04d4671de455
ffba0325fcfb074d74b9c33dcd7e98c568ce100f
19a774be8ba134a8c549fd2f1458f79cf5d9289fbf1cbfa08f63fb5909948aa6
GET /css/wm.css HTTP/1.1
Host: static.adxadserv.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ads.adxadserv.com/
HTTP/1.1 200 OK
Date: Sat, 04 Feb 2023 01:56:48 GMT
Content-Type: text/css
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Mon, 03 Aug 2020 09:41:06 GMT
ETag: W/"5f27dbb2-711"
X-Accel-Expires: @1676019710
Server: CDN77-Turbo
X-77-NZT: AblMCRTRfsj/YoUHAA
X-77-NZT-Ray: af585630ebb5768b60bbdd6337aecb39
X-Cache: HIT
X-Age: 492898
X-77-POP: stockholmSE
X-77-Cache: HIT
Content-Encoding: gzip
ocsp.digicert.com/
93.184.220.29200 OK 279 B IP 93.184.220.29:0
Hash cad2cbbea1ce1230e86b9e7a892b56f8
81e79b16a92501828fc595fefb99ef628e35b3fb
3303b6ba1771ad887bf7de1aa9063018d03a2fee929992b3c0c7964e13c4c079
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5919
Cache-Control: max-age=94746
Content-Type: application/ocsp-response
Date: Sat, 04 Feb 2023 01:56:48 GMT
Etag: "63dc735b-117"
Expires: Sun, 05 Feb 2023 04:15:54 GMT
Last-Modified: Fri, 03 Feb 2023 02:37:15 GMT
Server: ECS (ska/F71B)
X-Cache: HIT
Content-Length: 279
www.google-analytics.com/analytics.js
142.250.74.110200 OK 20 kB URL HTTP/2 www.google-analytics.com/analytics.js
IP 142.250.74.110:0
File type ASCII text, with very long lines (1490)
Hash ca7fbbfd120e3e329633044190bbf134
d17f81e03dd827554ddd207ea081fb46b3415445
847004cefb32f85a9cc16b0b1eb77529ff5753680c145bfcb23f651d214737db
GET /analytics.js HTTP/1.1
Host: www.google-analytics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://bestpornbabes.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 20085
date: Sat, 04 Feb 2023 01:44:08 GMT
expires: Sat, 04 Feb 2023 03:44:08 GMT
cache-control: public, max-age=7200
age: 761
last-modified: Tue, 10 Jan 2023 21:29:14 GMT
content-type: text/javascript
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.163200 OK 471 B IP 142.250.74.163:0
Hash c181c51a9326d56e60915a792c306c2c
de1cc0ce1384905e65a9fa9575743091d785e528
b74bc74e2920124b3288a980f9a7b59e3450ba63f2333027440cd6ebbdfdbf8d
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 04 Feb 2023 01:56:49 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.163200 OK 471 B IP 142.250.74.163:0
Hash c181c51a9326d56e60915a792c306c2c
de1cc0ce1384905e65a9fa9575743091d785e528
b74bc74e2920124b3288a980f9a7b59e3450ba63f2333027440cd6ebbdfdbf8d
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 04 Feb 2023 01:56:49 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.163200 OK 471 B IP 142.250.74.163:0
Hash 23287a0337047631e479bb3cbe8b0fcd
15ec24f5ee1990ee456a6fd3bbcbdbe27bf62c99
da05b381eec3589d2689bc5fab2b89eb5d65f9a5652f9254f3353e30a4540034
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 04 Feb 2023 01:56:49 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
fonts.gstatic.com/s/ubuntu/v20/4iCs6KVjbNBYlgoKfw72.woff2
216.58.207.227200 OK 35 kB URL HTTP/2 fonts.gstatic.com/s/ubuntu/v20/4iCs6KVjbNBYlgoKfw72.woff2
IP 216.58.207.227:0
File type Web Open Font Format (Version 2), TrueType, length 34852, version 1.0\012- data
Hash 0e8eefb4549a2edf26c560cb9845952e
8d0b1718aacad934fd0043c87cbc54aa091396bf
7f653b3ce9d3277457fc6da4edb246ae2f6c913f088c42dcb8cd2e96267aa21a
GET /s/ubuntu/v20/4iCs6KVjbNBYlgoKfw72.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://ads.adxadserv.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 34852
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Mon, 30 Jan 2023 00:48:39 GMT
expires: Tue, 30 Jan 2024 00:48:39 GMT
cache-control: public, max-age=31536000
age: 436090
last-modified: Wed, 27 Apr 2022 16:31:23 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash db4a9daa3b446a019da83f80eec46533
c6907276a2a9a0820868f428cfdb7a0f07ebc5ce
baef0a0ae1d90bcf4455bd241f127e15b2da1cb551fcefbfabbaca80f2c78158
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "BAEF0A0AE1D90BCF4455BD241F127E15B2DA1CB551FCEFBFABBACA80F2C78158"
Last-Modified: Fri, 03 Feb 2023 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5664
Expires: Sat, 04 Feb 2023 03:31:13 GMT
Date: Sat, 04 Feb 2023 01:56:49 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash db4a9daa3b446a019da83f80eec46533
c6907276a2a9a0820868f428cfdb7a0f07ebc5ce
baef0a0ae1d90bcf4455bd241f127e15b2da1cb551fcefbfabbaca80f2c78158
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "BAEF0A0AE1D90BCF4455BD241F127E15B2DA1CB551FCEFBFABBACA80F2C78158"
Last-Modified: Fri, 03 Feb 2023 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5664
Expires: Sat, 04 Feb 2023 03:31:13 GMT
Date: Sat, 04 Feb 2023 01:56:49 GMT
Connection: keep-alive
ocsp.pki.goog/gts1c3
142.250.74.163200 OK 471 B IP 142.250.74.163:0
Hash 23287a0337047631e479bb3cbe8b0fcd
15ec24f5ee1990ee456a6fd3bbcbdbe27bf62c99
da05b381eec3589d2689bc5fab2b89eb5d65f9a5652f9254f3353e30a4540034
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 04 Feb 2023 01:56:49 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
r.trackwilltrk.com/s1/e766d629-8aa2-4f64-800f-7458117d07a9?externalId=2fadd870-a42f-11ed-93df-e2e38133f3a0&cv1=2fadd870-a42f-11ed-93df-e2e38133f3a0&cv2=0c1c5c30286e1db21a741e4b62c8b6e4&cv3=desktop&cv4=623d833161d6e27cf559bde1&cv5=623d831361d6e2739a0c4ca4&cv6=en&cv7=bestpornabes.com+NTV-A&cv8=Firefox&cv9=5dd2237361d6e216933bd502&cv10=exim_adxad_stub1_300x250_
185.98.53.17200 OK 997 B URL HTTP/1.1 r.trackwilltrk.com/s1/e766d629-8aa2-4f64-800f-7458117d07a9?externalId=2fadd870-a42f-11ed-93df-e2e38133f3a0&cv1=2fadd870-a42f-11ed-93df-e2e38133f3a0&cv2=0c1c5c30286e1db21a741e4b62c8b6e4&cv3=desktop&cv4=623d833161d6e27cf559bde1&cv5=623d831361d6e2739a0c4ca4&cv6=en&cv7=bestpornabes.com+NTV-A&cv8=Firefox&cv9=5dd2237361d6e216933bd502&cv10=exim_adxad_stub1_300x250_
IP 185.98.53.17:0
ASN #39572 DataWeb Global Group B.V.
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (801)
Hash e25ca9f44646a6a1563847dbbbd081e4
d83748e82b6aa7890573261addfc1aa4c1a45397
92efd580b3fea98af4e5e622c3da83c7aebafcd9442569d1cbe55146fded491a
GET /s1/e766d629-8aa2-4f64-800f-7458117d07a9?externalId=2fadd870-a42f-11ed-93df-e2e38133f3a0&cv1=2fadd870-a42f-11ed-93df-e2e38133f3a0&cv2=0c1c5c30286e1db21a741e4b62c8b6e4&cv3=desktop&cv4=623d833161d6e27cf559bde1&cv5=623d831361d6e2739a0c4ca4&cv6=en&cv7=bestpornabes.com+NTV-A&cv8=Firefox&cv9=5dd2237361d6e216933bd502&cv10=exim_adxad_stub1_300x250_ HTTP/1.1
Host: r.trackwilltrk.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://ads.adxadserv.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.20.1
Date: Sat, 04 Feb 2023 01:56:49 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 997
Connection: close
Set-Cookie: uid=1y4bVOstMp; Path=/; Domain=trackwilltrk.com; Expires=Sun, 05 Feb 2023 01:56:49 GMT; HttpOnly
X-Request-Id: a2a66b35-a4a8-4a3e-aa14-c7f5c126b742
fonts.googleapis.com/css?family=Ubuntu&display=swap
142.250.74.138200 OK 1.3 kB URL HTTP/2 fonts.googleapis.com/css?family=Ubuntu&display=swap
IP 142.250.74.138:0
Hash 018c41304783ad001267e8a66f4ff276
037f1027f7eccc75516ded28a38b3b6098fa0474
959130564535ec8ca51e8d1adcdb60050c5804df05775772af4c73a009ac86c2
GET /css?family=Ubuntu&display=swap HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://static.adxadserv.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Sat, 04 Feb 2023 01:56:49 GMT
date: Sat, 04 Feb 2023 01:56:49 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash d719402de0cd695e55dab2767247da49
f12f4795987a284820f6785ec16b5032b9861d79
98a14bd950cec10aeb3d76fa956fe13514f52c742adbded7a0fcef218c7195ba
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "98A14BD950CEC10AEB3D76FA956FE13514F52C742ADBDED7A0FCEF218C7195BA"
Last-Modified: Wed, 01 Feb 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7813
Expires: Sat, 04 Feb 2023 04:07:02 GMT
Date: Sat, 04 Feb 2023 01:56:49 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash d719402de0cd695e55dab2767247da49
f12f4795987a284820f6785ec16b5032b9861d79
98a14bd950cec10aeb3d76fa956fe13514f52c742adbded7a0fcef218c7195ba
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "98A14BD950CEC10AEB3D76FA956FE13514F52C742ADBDED7A0FCEF218C7195BA"
Last-Modified: Wed, 01 Feb 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7813
Expires: Sat, 04 Feb 2023 04:07:02 GMT
Date: Sat, 04 Feb 2023 01:56:49 GMT
Connection: keep-alive
ocsp.pki.goog/gts1c3
142.250.74.163200 OK 472 B IP 142.250.74.163:0
Hash 42f7bb86070a306c0902a2947bfd5db1
679751d86f7520d1e5e30b5bc050015450de75a7
ebccfef4e98d659e8e275dd6b2797b1154e42572695aefc916825bc0819e96dd
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 04 Feb 2023 01:56:49 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash d719402de0cd695e55dab2767247da49
f12f4795987a284820f6785ec16b5032b9861d79
98a14bd950cec10aeb3d76fa956fe13514f52c742adbded7a0fcef218c7195ba
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "98A14BD950CEC10AEB3D76FA956FE13514F52C742ADBDED7A0FCEF218C7195BA"
Last-Modified: Wed, 01 Feb 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7813
Expires: Sat, 04 Feb 2023 04:07:02 GMT
Date: Sat, 04 Feb 2023 01:56:49 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash d719402de0cd695e55dab2767247da49
f12f4795987a284820f6785ec16b5032b9861d79
98a14bd950cec10aeb3d76fa956fe13514f52c742adbded7a0fcef218c7195ba
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "98A14BD950CEC10AEB3D76FA956FE13514F52C742ADBDED7A0FCEF218C7195BA"
Last-Modified: Wed, 01 Feb 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7813
Expires: Sat, 04 Feb 2023 04:07:02 GMT
Date: Sat, 04 Feb 2023 01:56:49 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3a6c7026-85a2-4419-bd6b-ba1bac463dda.jpeg
34.120.237.76200 OK 8.5 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3a6c7026-85a2-4419-bd6b-ba1bac463dda.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 6661b7263315f5eb3cd2465f671e1fcd
b7b5831c6b3ccc41d7a980b6088adc10ff8785f1
eb25507950d81db4b54a1af7fadaceee1bcff780eb28b6a04dbfb3886785f5b7
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3a6c7026-85a2-4419-bd6b-ba1bac463dda.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8527
x-amzn-requestid: f95a2821-ae89-4ea9-93b2-43e570285df3
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fyEC3FyboAMFe0A=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63dd8078-7e2177f11d5715d4092cad2c;Sampled=0
x-amzn-remapped-date: Fri, 03 Feb 2023 21:45:28 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: dcFgY5x3Ef0J__7wGn3llTjZ9as5nX1H4HErIT3VlKfeQaQTjymW2g==
via: 1.1 a4fe306096165bb1e86e69365dc8fac2.cloudfront.net (CloudFront), 1.1 a3bd0eb50c22e4d5fbda56a30b96002c.cloudfront.net (CloudFront), 1.1 google
date: Fri, 03 Feb 2023 22:10:33 GMT
etag: "b7b5831c6b3ccc41d7a980b6088adc10ff8785f1"
content-type: image/jpeg
age: 13576
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd74fd89c-32f8-4ed4-ab23-e95f810fbc57.jpeg
34.120.237.76200 OK 9.3 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd74fd89c-32f8-4ed4-ab23-e95f810fbc57.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 4b5c35cdff2fb0758db780212b0b1f77
edbb557a3bf57128467335685aebbd4831d802f8
e0fa59843073ba8bd171c66610bc1b3d59a1a94c4991e6023507b9453ca0edba
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd74fd89c-32f8-4ed4-ab23-e95f810fbc57.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 9349
x-amzn-requestid: ecd1913d-7dbe-4ffd-ba85-0549aab51a06
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fyayOGPlIAMFQ7Q=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63dda4da-6a9b8d146155fa8b6c1c02d6;Sampled=0
x-amzn-remapped-date: Sat, 04 Feb 2023 00:20:42 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: jGBEz2d-SXXPBZhwlJgR4w248y-NY2c-18euLre5PULjWUIfhfUmNQ==
via: 1.1 a20e81b65d2465c729ce2f6bfe539dd0.cloudfront.net (CloudFront), 1.1 6172bb1a5d00a3b06ae3700570ebe116.cloudfront.net (CloudFront), 1.1 google
date: Sat, 04 Feb 2023 00:20:43 GMT
etag: "edbb557a3bf57128467335685aebbd4831d802f8"
content-type: image/jpeg
age: 5766
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash fcfded24631a1b18f0c0f0ca0d37a32d
40a4731eb28232749631636c3ad4924248cfe059
aea7c9ebb4fbbd587bb77a4d1b40674f72a1e573778272ab025186599ea60c2a
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "AEA7C9EBB4FBBD587BB77A4D1B40674F72A1E573778272AB025186599EA60C2A"
Last-Modified: Thu, 02 Feb 2023 13:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=1982
Expires: Sat, 04 Feb 2023 02:29:51 GMT
Date: Sat, 04 Feb 2023 01:56:49 GMT
Connection: keep-alive
stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j99&tid=UA-58634502-2&cid=742679481.1675475843&jid=1191679860&gjid=227259867&_gid=1329707549.1675475843&_u=YEBAAUAAAAAAACAAI~&z=480429269
64.233.165.154200 OK 1 B URL HTTP/2 stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j99&tid=UA-58634502-2&cid=742679481.1675475843&jid=1191679860&gjid=227259867&_gid=1329707549.1675475843&_u=YEBAAUAAAAAAACAAI~&z=480429269
IP 64.233.165.154:0
File type very short file (no magic)
Hash c4ca4238a0b923820dcc509a6f75849b
356a192b7913b04c54574d18c28d46e6395428ab
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
POST /j/collect?t=dc&aip=1&_r=3&v=1&_v=j99&tid=UA-58634502-2&cid=742679481.1675475843&jid=1191679860&gjid=227259867&_gid=1329707549.1675475843&_u=YEBAAUAAAAAAACAAI~&z=480429269 HTTP/1.1
Host: stats.g.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 0
Origin: http://bestpornbabes.com
Connection: keep-alive
Referer: http://bestpornbabes.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: http://bestpornbabes.com
strict-transport-security: max-age=10886400; includeSubDomains; preload
date: Sat, 04 Feb 2023 01:56:49 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
last-modified: Sun, 17 May 1998 03:00:00 GMT
access-control-allow-credentials: true
x-content-type-options: nosniff
content-type: text/plain
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 1
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc5300360-6063-4d18-8dd2-28dbcf47d371.jpeg
34.120.237.76200 OK 14 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc5300360-6063-4d18-8dd2-28dbcf47d371.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 9ab97f766ee1ed6ebbb2b3889a9157b4
f87f165404dec4d65531e6e25146cb77601f3616
f3d0f76f956371b1733a526f10a8253fc3396a459d7af59380d8e8db7dee8ec2
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc5300360-6063-4d18-8dd2-28dbcf47d371.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 14071
x-amzn-requestid: 40cb363f-2c4d-4361-9fe1-10e4c8b2fe29
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fiTo4Ek2oAMFs6g=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d73305-6cb63d3c49f9f84e639467f6;Sampled=0
x-amzn-remapped-date: Mon, 30 Jan 2023 03:01:25 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: b7r7phj8i49RMSuWufxF1L34K9udWa0mJ4dY12izM9ofwAuCFBGEZQ==
via: 1.1 4d7fa73f804f1c93f20cfc24c4b1266e.cloudfront.net (CloudFront), 1.1 1b74ccf4cb51eacf97a0e6d60ae46a3e.cloudfront.net (CloudFront), 1.1 google
date: Fri, 03 Feb 2023 21:48:05 GMT
age: 14924
etag: "f87f165404dec4d65531e6e25146cb77601f3616"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F651be34f-d4ea-4a24-987c-b006e5f9a876.jpeg
34.120.237.76200 OK 13 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F651be34f-d4ea-4a24-987c-b006e5f9a876.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash f926cd4f39b1a10b152e5959b28ae29e
2b1982d21321071394e363888e007598e968fb35
a51b246a9aa5a2583cae7fd4f0a3bdf73f0b318b7838828d36ea5674a5f26753
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F651be34f-d4ea-4a24-987c-b006e5f9a876.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 13309
x-amzn-requestid: f6a3f0f3-d91b-4f4d-8265-0f87742ba5d2
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fyFeBFX4oAMFfpA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63dd82bf-5808ceec265756c702d212dc;Sampled=0
x-amzn-remapped-date: Fri, 03 Feb 2023 21:55:12 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: WWjzs8W8GmSAM0-Uc8XBTxz67RJJCIzp3fBYhkoIWZ26UrobmZV8mw==
via: 1.1 e5af640ced3aa8764b82c4bc3f7af38e.cloudfront.net (CloudFront), 1.1 a3bd0eb50c22e4d5fbda56a30b96002c.cloudfront.net (CloudFront), 1.1 google
date: Fri, 03 Feb 2023 22:28:17 GMT
age: 12512
etag: "2b1982d21321071394e363888e007598e968fb35"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F10640252-429d-4110-bf18-1908ac233402.jpeg
34.120.237.76200 OK 10 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F10640252-429d-4110-bf18-1908ac233402.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 392b61306c346508d3ac4a2f28218f9c
d2de32b52e0d3f4fc6acaf687b3521294b01dc03
018712a4d6734b84ac1777124f97dae4d93b1e5b297a5dcfe0955b52710b8a35
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F10640252-429d-4110-bf18-1908ac233402.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 10253
x-amzn-requestid: a90cb6b3-8a72-4b4b-b4f5-6dafc8c6752a
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fyD7GGv5IAMFu8A=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63dd8046-3ca59e7c52800a4e44bda8fd;Sampled=0
x-amzn-remapped-date: Fri, 03 Feb 2023 21:44:38 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: G8F3Fflod6HB4QFtjpD09xzi-2LKPw_DBJT0PKYKU3bs3pvOwO_LRw==
via: 1.1 9c60d6224ac0b44e908b5c9dcf70e9a4.cloudfront.net (CloudFront), 1.1 caf6806821bc479b28a6f1ce3043b8a6.cloudfront.net (CloudFront), 1.1 google
date: Fri, 03 Feb 2023 22:10:32 GMT
age: 13577
etag: "d2de32b52e0d3f4fc6acaf687b3521294b01dc03"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F18e70636-fb7d-4a6e-9742-a039e4d7253d.jpeg
34.120.237.76200 OK 7.1 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F18e70636-fb7d-4a6e-9742-a039e4d7253d.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 41580a501cc07c328e6ab6b167a110dc
a4dfa0f479b5f9a036b75b2eea6dffabd3a3486e
0fa45161e563101b3f1293f951a3edf84c88c9f3b29bed9b54f952ca325bf21d
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F18e70636-fb7d-4a6e-9742-a039e4d7253d.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7101
x-amzn-requestid: 479d8004-430a-45b9-99fa-11cbcc605a7c
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fyD7EHxqoAMFaug=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63dd8046-25ac3c54427748bc191fd1ba;Sampled=0
x-amzn-remapped-date: Fri, 03 Feb 2023 21:44:38 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: 6h25M_XSVuTCF-9FkTtwujV0X-0-M9fvw4ouOBFmSnMWeApCSHmBsA==
via: 1.1 1b0911478686968732f973d6e5e31d10.cloudfront.net (CloudFront), 1.1 d8792dbd3191bbe722eba5b536b979c8.cloudfront.net (CloudFront), 1.1 google
date: Fri, 03 Feb 2023 22:13:30 GMT
age: 13399
etag: "a4dfa0f479b5f9a036b75b2eea6dffabd3a3486e"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
adxadserv.com/ascripts/pxl.js
185.98.53.29200 OK 78 kB URL HTTP/1.1 adxadserv.com/ascripts/pxl.js
IP 185.98.53.29:0
ASN #39572 DataWeb Global Group B.V.
File type Unicode text, UTF-8 text, with very long lines (36114)
Hash 8348b78d100940ba1808a8e9b93f2e94
c2aa612dc3256c9f235dcfc6e330d0ecaf957768
9c983adf86ebc949957bdf55d524dfa278a79bea8d13f2efa9512c6dd37b86f5
GET /ascripts/pxl.js HTTP/1.1
Host: adxadserv.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://ads.adxadserv.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.20.1
Date: Sat, 04 Feb 2023 01:56:49 GMT
Content-Type: application/javascript
Content-Length: 77806
Connection: keep-alive
Last-Modified: Fri, 25 Sep 2020 09:55:25 GMT
ETag: "5f6dbe8d-12fee"
Expires: Fri, 03 Feb 2023 08:34:11 GMT
Cache-Control: max-age=86400, public
X-77-NZT: AblMCgGfTED/XfQAAA
X-77-NZT-Ray: 382b0f19d8ff75ee61bbdd63538e4412
X-Cache: HIT
X-Age: 62557
X-77-POP: amsterdamNL
X-77-Cache: HIT
Accept-Ranges: bytes
ocsp.pki.goog/gts1c3
142.250.74.163200 OK 472 B IP 142.250.74.163:0
Hash 42f7bb86070a306c0902a2947bfd5db1
679751d86f7520d1e5e30b5bc050015450de75a7
ebccfef4e98d659e8e275dd6b2797b1154e42572695aefc916825bc0819e96dd
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 04 Feb 2023 01:56:49 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
adxadserv.com/ascripts/pxl.js
185.98.53.29200 OK 78 kB URL HTTP/1.1 adxadserv.com/ascripts/pxl.js
IP 185.98.53.29:0
ASN #39572 DataWeb Global Group B.V.
File type Unicode text, UTF-8 text, with very long lines (36114)
Hash 8348b78d100940ba1808a8e9b93f2e94
c2aa612dc3256c9f235dcfc6e330d0ecaf957768
9c983adf86ebc949957bdf55d524dfa278a79bea8d13f2efa9512c6dd37b86f5
GET /ascripts/pxl.js HTTP/1.1
Host: adxadserv.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://ads.adxadserv.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.20.1
Date: Sat, 04 Feb 2023 01:56:49 GMT
Content-Type: application/javascript
Content-Length: 77806
Connection: keep-alive
Last-Modified: Fri, 25 Sep 2020 09:55:25 GMT
ETag: "5f6dbe8d-12fee"
Expires: Fri, 03 Feb 2023 08:34:11 GMT
Cache-Control: max-age=86400, public
X-77-NZT: AblMCgEa6p3/XfQAAA
X-77-NZT-Ray: 382b0f197305dfee61bbdd63b4401416
X-Cache: HIT
X-Age: 62557
X-77-POP: amsterdamNL
X-77-Cache: HIT
Accept-Ranges: bytes
ocsp.pki.goog/s/gts1p5/ZdSHE9_fHNo
142.250.74.163200 OK 472 B URL HTTP/1.1 ocsp.pki.goog/s/gts1p5/ZdSHE9_fHNo
IP 142.250.74.163:0
Hash 0d3d813c586721f8cc3abd5c289b5f34
0dd221982cb847e67966d4e8aa1f8e8efa9fdb14
49fe537a423d578259d945eaed047d43ed89b3a0554733b427de69bcb4e952db
POST /s/gts1p5/ZdSHE9_fHNo HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 04 Feb 2023 01:56:49 GMT
Cache-Control: public, max-age=14400
Server: scaffolding on HTTPServer2
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
adxadserv.com/px/event/v1?e_t=pageview&url=http%253A%252F%252Fads.adxadserv.com%252Fad%253Fspotid%253D5dd2237361d6e216933bd502%2526type%253D300x250%2526output%253Dhtml%2526extra1%253D0%2526ref%253Dhttp%25253A%252F%252Fbestpornbabes.com%252F%2526dt%253D1675475842056%2526screen%253D1280x1024%2526tags%253D&ref=http%253A%252F%252Fsyndication.exosrv.com%252F&d_r=1&d_s=1280x1024&d_w=300x250&t_s=1675475842392&t_i=1675475842551&u_tz=0&u_l=en-US&u_l2=&u_l3=&pv_uid=6c4a74e8-321f-4f42-8123-0da9d6bf4ea0&nav_rc=0&nav_nt=NAVIGATE&p_nn=adxad-rtb&p_pt=IFRAME&imid=2fadb3ae-a42f-11ed-8703-e25a5bb9767f&spid=5dd2237361d6e216933bd502&fpid_sa=1675475842551&fpid=&feid_sa=1675475842551&sid_sa=1675475842551&feid=7f58dcd9ab0dbcd8eb7eaf889bd053ae&sid=46e8893ba509513b110ff8a07e985aeb&u_adb=0&vn=T-0.1.1&utm_typ=referral&utm_src=syndication.exosrv.com&s_rst=1&ts=%5B0%2Cfalse%2Cfalse%5D&pl=Linux%20x86_64&cc=NA&ss=1&ls=1&idb=1&ab=0&od=0&ll=0&lr=0&lo=1&lb=0&cd=24&hc=16&dm=-1&dt=2&ed=-1&sr=5497558139882&e_d=%7B%22isResetRequired%22%3Atrue%7D&t_op=0.43
185.98.53.29200 OK 0 B URL HTTP/1.1 adxadserv.com/px/event/v1?e_t=pageview&url=http%253A%252F%252Fads.adxadserv.com%252Fad%253Fspotid%253D5dd2237361d6e216933bd502%2526type%253D300x250%2526output%253Dhtml%2526extra1%253D0%2526ref%253Dhttp%25253A%252F%252Fbestpornbabes.com%252F%2526dt%253D1675475842056%2526screen%253D1280x1024%2526tags%253D&ref=http%253A%252F%252Fsyndication.exosrv.com%252F&d_r=1&d_s=1280x1024&d_w=300x250&t_s=1675475842392&t_i=1675475842551&u_tz=0&u_l=en-US&u_l2=&u_l3=&pv_uid=6c4a74e8-321f-4f42-8123-0da9d6bf4ea0&nav_rc=0&nav_nt=NAVIGATE&p_nn=adxad-rtb&p_pt=IFRAME&imid=2fadb3ae-a42f-11ed-8703-e25a5bb9767f&spid=5dd2237361d6e216933bd502&fpid_sa=1675475842551&fpid=&feid_sa=1675475842551&sid_sa=1675475842551&feid=7f58dcd9ab0dbcd8eb7eaf889bd053ae&sid=46e8893ba509513b110ff8a07e985aeb&u_adb=0&vn=T-0.1.1&utm_typ=referral&utm_src=syndication.exosrv.com&s_rst=1&ts=%5B0%2Cfalse%2Cfalse%5D&pl=Linux%20x86_64&cc=NA&ss=1&ls=1&idb=1&ab=0&od=0&ll=0&lr=0&lo=1&lb=0&cd=24&hc=16&dm=-1&dt=2&ed=-1&sr=5497558139882&e_d=%7B%22isResetRequired%22%3Atrue%7D&t_op=0.43
IP 185.98.53.29:0
ASN #39572 DataWeb Global Group B.V.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /px/event/v1?e_t=pageview&url=http%253A%252F%252Fads.adxadserv.com%252Fad%253Fspotid%253D5dd2237361d6e216933bd502%2526type%253D300x250%2526output%253Dhtml%2526extra1%253D0%2526ref%253Dhttp%25253A%252F%252Fbestpornbabes.com%252F%2526dt%253D1675475842056%2526screen%253D1280x1024%2526tags%253D&ref=http%253A%252F%252Fsyndication.exosrv.com%252F&d_r=1&d_s=1280x1024&d_w=300x250&t_s=1675475842392&t_i=1675475842551&u_tz=0&u_l=en-US&u_l2=&u_l3=&pv_uid=6c4a74e8-321f-4f42-8123-0da9d6bf4ea0&nav_rc=0&nav_nt=NAVIGATE&p_nn=adxad-rtb&p_pt=IFRAME&imid=2fadb3ae-a42f-11ed-8703-e25a5bb9767f&spid=5dd2237361d6e216933bd502&fpid_sa=1675475842551&fpid=&feid_sa=1675475842551&sid_sa=1675475842551&feid=7f58dcd9ab0dbcd8eb7eaf889bd053ae&sid=46e8893ba509513b110ff8a07e985aeb&u_adb=0&vn=T-0.1.1&utm_typ=referral&utm_src=syndication.exosrv.com&s_rst=1&ts=%5B0%2Cfalse%2Cfalse%5D&pl=Linux%20x86_64&cc=NA&ss=1&ls=1&idb=1&ab=0&od=0&ll=0&lr=0&lo=1&lb=0&cd=24&hc=16&dm=-1&dt=2&ed=-1&sr=5497558139882&e_d=%7B%22isResetRequired%22%3Atrue%7D&t_op=0.43 HTTP/1.1
Host: adxadserv.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ads.adxadserv.com/
HTTP/1.1 200 OK
Server: nginx/1.20.1
Date: Sat, 04 Feb 2023 01:56:49 GMT
Content-Length: 0
Connection: keep-alive
static.javhdhello.com/h5/files/overlay/1602-overlay-preview.png
185.76.9.19200 OK 1.5 kB URL HTTP/2 static.javhdhello.com/h5/files/overlay/1602-overlay-preview.png
IP 185.76.9.19:0
ASN #60068 Datacamp Limited
File type PNG image data, 300 x 250, 8-bit/color RGBA, non-interlaced\012- data
Hash 7083a71bc40e5d85670940c518cacca2
a2caeb7c6ca3960af2881434fb0df0c2241d7288
7c4049c76ecd35b05855df0c6ce7e1157213d9fb92c3b2b05ebf9b5d9bdff03a
GET /h5/files/overlay/1602-overlay-preview.png HTTP/1.1
Host: static.javhdhello.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://static.javhdhello.com/h5/files/16514/300x250.html?targetUrl=http%3A%2F%2Fr.trackwilltrk.com%2Fc1%2Ffaec45e5-c3cb-4b38-b158-2fd2c0bf1489%3Fcv1%3D2fadd870-a42f-11ed-93df-e2e38133f3a0%26cv10%3Dexim_adxad_stub1_300x250_%26cv2%3D0c1c5c30286e1db21a741e4b62c8b6e4%26cv3%3Ddesktop%26cv4%3D623d833161d6e27cf559bde1%26cv5%3D623d831361d6e2739a0c4ca4%26cv6%3Den%26cv7%3Dbestpornabes.com%2BNTV-A%26cv8%3DFirefox%26cv9%3D5dd2237361d6e216933bd502%26externalId%3D2fadd870-a42f-11ed-93df-e2e38133f3a0%26p%3DeyJiIjoyNzgzMjcsImJoIjoyNTAsImJ3IjozMDAsImYiOjEsIm8iOjQsInAiOjEsInMiOjI1MzMzfQ
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sat, 04 Feb 2023 01:56:49 GMT
content-type: image/png
content-length: 1546
last-modified: Wed, 20 Apr 2022 13:56:48 GMT
etag: "62601120-60a"
expires: Tue, 23 May 2023 11:04:47 GMT
cache-control: max-age=31536000
access-control-allow-origin: *
x-accel-expires: @1684839887
server: CDN77-Turbo
x-77-nzt: AblMCQ1iUg//ElFSAQ
x-77-nzt-ray: c0a4cc288703391e61bbdd63e4cecc23
x-cache: HIT
x-age: 22171922
x-77-pop: stockholmSE
x-77-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
static.javhdhello.com/h5/files/overlay/1602-overlay.png
185.76.9.19200 OK 1.8 kB URL HTTP/2 static.javhdhello.com/h5/files/overlay/1602-overlay.png
IP 185.76.9.19:0
ASN #60068 Datacamp Limited
File type PNG image data, 300 x 250, 8-bit/color RGBA, non-interlaced\012- data
Hash f4403fc07b7c414db6ec613317885035
457d3e8f9e9fb0456292efdbd5f18b318e804ea7
00ffbfa9483f4a6e8b85b6ab368a9547cf29e54c1aeb2bfcf81f34ec2bf50ee7
GET /h5/files/overlay/1602-overlay.png HTTP/1.1
Host: static.javhdhello.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://static.javhdhello.com/h5/files/16514/300x250.html?targetUrl=http%3A%2F%2Fr.trackwilltrk.com%2Fc1%2Ffaec45e5-c3cb-4b38-b158-2fd2c0bf1489%3Fcv1%3D2fadd870-a42f-11ed-93df-e2e38133f3a0%26cv10%3Dexim_adxad_stub1_300x250_%26cv2%3D0c1c5c30286e1db21a741e4b62c8b6e4%26cv3%3Ddesktop%26cv4%3D623d833161d6e27cf559bde1%26cv5%3D623d831361d6e2739a0c4ca4%26cv6%3Den%26cv7%3Dbestpornabes.com%2BNTV-A%26cv8%3DFirefox%26cv9%3D5dd2237361d6e216933bd502%26externalId%3D2fadd870-a42f-11ed-93df-e2e38133f3a0%26p%3DeyJiIjoyNzgzMjcsImJoIjoyNTAsImJ3IjozMDAsImYiOjEsIm8iOjQsInAiOjEsInMiOjI1MzMzfQ
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sat, 04 Feb 2023 01:56:49 GMT
content-type: image/png
content-length: 1839
last-modified: Wed, 20 Apr 2022 13:56:47 GMT
etag: "6260111f-72f"
expires: Tue, 23 May 2023 11:04:47 GMT
cache-control: max-age=31536000
access-control-allow-origin: *
x-accel-expires: @1684839887
server: CDN77-Turbo
x-77-nzt: AblMCQ2zZRn/ElFSAQ
x-77-nzt-ray: c0a4cc288703391e61bbdd638b443224
x-cache: HIT
x-age: 22171922
x-77-pop: stockholmSE
x-77-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
static.javhdhello.com/h5/files/button/29-button.png
185.76.9.19200 OK 733 B URL HTTP/2 static.javhdhello.com/h5/files/button/29-button.png
IP 185.76.9.19:0
ASN #60068 Datacamp Limited
File type PNG image data, 300 x 250, 8-bit/color RGBA, non-interlaced\012- data
Hash 82a66a2d222379716ca9a03ff50d8f42
ae43d917ff791f9172edc527baa6266416182aaa
cc5da7b40e498d30bf5eaae43e59cae32202737076422676489dd8d3030803de
GET /h5/files/button/29-button.png HTTP/1.1
Host: static.javhdhello.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://static.javhdhello.com/h5/files/16514/300x250.html?targetUrl=http%3A%2F%2Fr.trackwilltrk.com%2Fc1%2Ffaec45e5-c3cb-4b38-b158-2fd2c0bf1489%3Fcv1%3D2fadd870-a42f-11ed-93df-e2e38133f3a0%26cv10%3Dexim_adxad_stub1_300x250_%26cv2%3D0c1c5c30286e1db21a741e4b62c8b6e4%26cv3%3Ddesktop%26cv4%3D623d833161d6e27cf559bde1%26cv5%3D623d831361d6e2739a0c4ca4%26cv6%3Den%26cv7%3Dbestpornabes.com%2BNTV-A%26cv8%3DFirefox%26cv9%3D5dd2237361d6e216933bd502%26externalId%3D2fadd870-a42f-11ed-93df-e2e38133f3a0%26p%3DeyJiIjoyNzgzMjcsImJoIjoyNTAsImJ3IjozMDAsImYiOjEsIm8iOjQsInAiOjEsInMiOjI1MzMzfQ
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sat, 04 Feb 2023 01:56:49 GMT
content-type: image/png
content-length: 733
last-modified: Tue, 22 Dec 2015 18:41:22 GMT
etag: "56799952-2dd"
expires: Tue, 23 May 2023 11:04:47 GMT
cache-control: max-age=31536000
access-control-allow-origin: *
x-accel-expires: @1684839887
server: CDN77-Turbo
x-77-nzt: AblMCQ2os4b/ElFSAQ
x-77-nzt-ray: c0a4cc288703391e61bbdd63888a4424
x-cache: HIT
x-age: 22171922
x-77-pop: stockholmSE
x-77-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
static.javhdhello.com/h5/files/16514/300x250.html?targetUrl=http%3A%2F%2Fr.trackwilltrk.com%2Fc1%2Ffaec45e5-c3cb-4b38-b158-2fd2c0bf1489%3Fcv1%3D2fadd870-a42f-11ed-93df-e2e38133f3a0%26cv10%3Dexim_adxad_stub1_300x250_%26cv2%3D0c1c5c30286e1db21a741e4b62c8b6e4%26cv3%3Ddesktop%26cv4%3D623d833161d6e27cf559bde1%26cv5%3D623d831361d6e2739a0c4ca4%26cv6%3Den%26cv7%3Dbestpornabes.com%2BNTV-A%26cv8%3DFirefox%26cv9%3D5dd2237361d6e216933bd502%26externalId%3D2fadd870-a42f-11ed-93df-e2e38133f3a0%26p%3DeyJiIjoyNzgzMjcsImJoIjoyNTAsImJ3IjozMDAsImYiOjEsIm8iOjQsInAiOjEsInMiOjI1MzMzfQ
185.76.9.19200 OK 1.2 kB URL HTTP/2 static.javhdhello.com/h5/files/16514/300x250.html?targetUrl=http%3A%2F%2Fr.trackwilltrk.com%2Fc1%2Ffaec45e5-c3cb-4b38-b158-2fd2c0bf1489%3Fcv1%3D2fadd870-a42f-11ed-93df-e2e38133f3a0%26cv10%3Dexim_adxad_stub1_300x250_%26cv2%3D0c1c5c30286e1db21a741e4b62c8b6e4%26cv3%3Ddesktop%26cv4%3D623d833161d6e27cf559bde1%26cv5%3D623d831361d6e2739a0c4ca4%26cv6%3Den%26cv7%3Dbestpornabes.com%2BNTV-A%26cv8%3DFirefox%26cv9%3D5dd2237361d6e216933bd502%26externalId%3D2fadd870-a42f-11ed-93df-e2e38133f3a0%26p%3DeyJiIjoyNzgzMjcsImJoIjoyNTAsImJ3IjozMDAsImYiOjEsIm8iOjQsInAiOjEsInMiOjI1MzMzfQ
IP 185.76.9.19:0
ASN #60068 Datacamp Limited
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with CRLF line terminators
Hash 5a648b2448df6ecbf744d1ea74f32f29
a88488b3b22bd9e946f717d5f691731d007c486e
57c56d1c28baec619c8f603a67a32e88c28dde9052d27ca192f3344b8d5ddb9a
GET /h5/files/16514/300x250.html?targetUrl=http%3A%2F%2Fr.trackwilltrk.com%2Fc1%2Ffaec45e5-c3cb-4b38-b158-2fd2c0bf1489%3Fcv1%3D2fadd870-a42f-11ed-93df-e2e38133f3a0%26cv10%3Dexim_adxad_stub1_300x250_%26cv2%3D0c1c5c30286e1db21a741e4b62c8b6e4%26cv3%3Ddesktop%26cv4%3D623d833161d6e27cf559bde1%26cv5%3D623d831361d6e2739a0c4ca4%26cv6%3Den%26cv7%3Dbestpornabes.com%2BNTV-A%26cv8%3DFirefox%26cv9%3D5dd2237361d6e216933bd502%26externalId%3D2fadd870-a42f-11ed-93df-e2e38133f3a0%26p%3DeyJiIjoyNzgzMjcsImJoIjoyNTAsImJ3IjozMDAsImYiOjEsIm8iOjQsInAiOjEsInMiOjI1MzMzfQ HTTP/1.1
Host: static.javhdhello.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://r.trackwilltrk.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 04 Feb 2023 01:56:49 GMT
content-type: text/html
last-modified: Tue, 27 Dec 2022 14:38:03 GMT
etag: W/"63ab034b-ca4"
expires: Mon, 06 Mar 2023 01:56:49 GMT
cache-control: max-age=2592000
access-control-allow-origin: *
x-accel-expires: @1678067809
server: CDN77-Turbo
x-77-nzt: AblMCQ3mhQyh
x-77-nzt-ray: c0a4cc288703391e61bbdd63782ac218
x-cache: MISS
x-77-pop: stockholmSE
x-77-cache: MISS
content-encoding: gzip
X-Firefox-Spdy: h2
subscribestormyapprobation.com/sbar.json?key=abb59928297afd9df742286326036dd3&uuid=36213229-821c-40cb-a201-c9962aa16879%3A1%3A1
192.243.59.13200 OK 4.4 kB URL HTTP/1.1 subscribestormyapprobation.com/sbar.json?key=abb59928297afd9df742286326036dd3&uuid=36213229-821c-40cb-a201-c9962aa16879%3A1%3A1
IP 192.243.59.13:0
ASN #39572 DataWeb Global Group B.V.
File type JSON data\012- , Unicode text, UTF-8 text, with very long lines (6199), with no line terminators
Hash eb3a685929cf7948a03103e30c8cb794
078d9d40786aed8a0128cfb7b6d5f32a4bd59a63
64032d4cce99f3af0370bc485e47c47a3bfc0d656ab4c537cbee4b1aafe73019
Analyzer Verdict Alert quad9 Sinkholed
GET /sbar.json?key=abb59928297afd9df742286326036dd3&uuid=36213229-821c-40cb-a201-c9962aa16879%3A1%3A1 HTTP/1.1
Host: subscribestormyapprobation.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://bestpornbabes.com
Connection: keep-alive
Referer: http://bestpornbabes.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.17.6
Date: Sat, 04 Feb 2023 01:56:49 GMT
Content-Type: text/plain; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: http://bestpornbabes.com
Access-Control-Allow-Origin: http://bestpornbabes.com
Access-Control-Allow-Credentials: true
Set-Cookie: u_pl=15323372; expires=Sun, 05 Feb 2023 01:56:49 GMT; secure; SameSite=None
uid_id2=36213229-821c-40cb-a201-c9962aa16879:1:1; expires=Sat, 11 Feb 2023 01:56:49 GMT; secure; SameSite=None
pdhtkv=true; expires=Sun, 05 Feb 2023 01:56:49 GMT; secure; SameSite=None
uncs=1; expires=Sun, 05 Feb 2023 01:56:49 GMT; secure; SameSite=None
pdhtkv29=true; expires=Sun, 05 Feb 2023 01:56:49 GMT; secure; SameSite=None
uncs29=1; expires=Sun, 05 Feb 2023 01:56:49 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 193157e0fa2ff9a5cffd15301344255d
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
creative.xlrdr.com/widgets/v4/Universal?tag=girls&modelsLanguage=en&thumbsMargin=0&gridRows=1&gridColumns=1&sourceId=300x250_ased_adx_st_dt_en&creativeId=300x250_ased_adx_st_dt_en&responsive=0&hideButton=1&hideTitle=1&userId=2ff61e17e3557af46fe2d3810f37b5c411b3fbc3852006cff0fa2d8d6e4a6f7d&autoplay=all&autoplayForce=1&showModal=signup&memberId={clickid}
104.18.51.106200 OK 530 kB URL HTTP/2 creative.xlrdr.com/widgets/v4/Universal?tag=girls&modelsLanguage=en&thumbsMargin=0&gridRows=1&gridColumns=1&sourceId=300x250_ased_adx_st_dt_en&creativeId=300x250_ased_adx_st_dt_en&responsive=0&hideButton=1&hideTitle=1&userId=2ff61e17e3557af46fe2d3810f37b5c411b3fbc3852006cff0fa2d8d6e4a6f7d&autoplay=all&autoplayForce=1&showModal=signup&memberId={clickid}
IP 104.18.51.106:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size 530 kB (530158 bytes)
Hash f4c1d36e7fc2e724816bff04c3ac7d95
98a266e4e69a6fe01eef1b9138ad52c7693531de
2fe43f6d4e0f4395e4d1b0992782f995b80f44ad8a12536f76dfad12c407e70b
GET /widgets/v4/Universal?tag=girls&modelsLanguage=en&thumbsMargin=0&gridRows=1&gridColumns=1&sourceId=300x250_ased_adx_st_dt_en&creativeId=300x250_ased_adx_st_dt_en&responsive=0&hideButton=1&hideTitle=1&userId=2ff61e17e3557af46fe2d3810f37b5c411b3fbc3852006cff0fa2d8d6e4a6f7d&autoplay=all&autoplayForce=1&showModal=signup&memberId={clickid} HTTP/1.1
Host: creative.xlrdr.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://r.trackwilltrk.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 04 Feb 2023 01:56:49 GMT
content-type: text/html
last-modified: Tue, 31 Jan 2023 09:49:21 GMT
expires: Sat, 04 Feb 2023 01:56:48 GMT
cache-control: max-age=10
strict-transport-security: max-age=15768000
pragma: public
report-to: { "endpoints":[{ "url": "https://go.stripchat.com/report" }], "group": "default", "max_age": 1048576 }
cf-cache-status: HIT
age: 2
vary: Accept-Encoding
server: cloudflare
cf-ray: 793fcac1fb0bb512-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.pki.goog/s/gts1p5/ZdSHE9_fHNo
142.250.74.163200 OK 472 B URL HTTP/1.1 ocsp.pki.goog/s/gts1p5/ZdSHE9_fHNo
IP 142.250.74.163:0
Hash 0d3d813c586721f8cc3abd5c289b5f34
0dd221982cb847e67966d4e8aa1f8e8efa9fdb14
49fe537a423d578259d945eaed047d43ed89b3a0554733b427de69bcb4e952db
POST /s/gts1p5/ZdSHE9_fHNo HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 04 Feb 2023 01:56:49 GMT
Cache-Control: public, max-age=14400
Server: scaffolding on HTTPServer2
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
r3.o.lencr.org/
23.36.76.226200 OK 1.8 kB IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 5660c258d2bd6cf5636cc127b757b666
d51a406e1d5805418da9c92f6591de672f991a9a
8c97bc09f447bcf9e2bc7e75f2359d697abb5e529be0654b98857573e0e287b6
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "04F32494A66D0CD2ED4B1A8078B86EDCFCA40190FEDCF0334D9CD62CA2CA6D19"
Last-Modified: Wed, 01 Feb 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10585
Expires: Sat, 04 Feb 2023 04:53:14 GMT
Date: Sat, 04 Feb 2023 01:56:49 GMT
Connection: keep-alive
subscribestormyapprobation.com/ren.gif?sid=H4sIAAAAAAAC%2F1RSTYgcVRd9leTbfNkYdeNCbMRFBKdTP%2F1XCRISYyQYkyGJzMaF7696nlNVr3ivqqtnFjIYkBHEdBaCG6Hm9EwGNUhmLYLUuJHZmBaUWWR2LgQ3IrqW7mkYvVB173vnPjjn3PvhZnFIXBT0YPEtvabimJ5rN93G2SWVCl3axo07Dc9tuhcaSyrttC40htOfGZz33HbTfbnxhuQr%2Bpzveq7ruV7jqjIy0sNzMxQqexh6zdBttvym125haP57toUDSx2IwSF5GkpM%2Frf8wy4Ur5Emj65Iu5Lr7JXXkyKmuTYYiJ2305VUlymS4zIyDqJ0Z94NbSeEfHYCOt2ZK4AebE0VgKkJcX7xwNKdOU2wwfYRUxZDpmDiNMpBDRnXULQG13ehxGMCcIEbN5EmD25oU9LVI5RO0Qk59fefUOWEnHryLNLk68uxGjZu67jIlU4thlEFNayh%2BjWyYg%2F5mgNV7oHnH0AJgjSpoMTBS0HH9wLfDxd6vscXWi5nC9R3vQUehh2fUq%2FT64Yza5SqoaIasRyBWgfF9FMOishBkTlIxEGDtsPIdbsRi4Kg1%2BKcBwHn7V5HtEXQ6kUuCj7lPkKejcDjEbhZR2bWsaLuT%2F37FKb4Dna5ghUObE4wEBVKSVBagpISlIqgzAnKQbUtYuvb6oGIbcG8efbnOajGOu9v0m2d92VKNrNDcmbm2m8%2F%2Fo4VedCgjLXD0O%2F5YZdGIhRRt%2BX7vU7gd9ygI0QAqyooe2KmdU1NyDPvf45sOsrVP8DoHmy8B66eAi2eBy3HXd8FXR63ei7W0l0mbZ5pkzLKpG1ynUDoCll%2BCvmqsxkfkudmZM6%2FehqS71%2Bc3Hvn7F%2F1PXBTITMV3lPfE%2FTjjfEtXZKtW7q0ZPdmlqtErdHpeG%2FnNJcnv3xTrpbaiGtX7OiLS3wKTMuHd6TNr9NUqLRvyVeXlRDSXNWGS%2FLtNbsk2WJhly8XJi2y64uvXb2WZEZaq3Rag6rH9mNwNSH%2F3%2FhktrgvvJhAmRqmqJAU%2B2QeULoGz9Zhs2P2VhOY%2BLiHZQ7Kohobnx1fxmpCmmd%2BRiz3Lz769d1LH3Wvg7IKVv7r4XG9aTfQNw5ofne2sgNTYRBXoPEItjg5zjOzf%2FGnYBZgsTNmsXG2WGzi%2B0f2WnXQkO3IjaTrSxaFLOpSV4RRK2Q09GSXtamH3E74k2%2FoPwAAAP%2F%2FAQAA%2F%2F%2FAqs4plAQAAA%3D%3D
192.243.59.13200 OK 7 B URL HTTP/1.1 subscribestormyapprobation.com/ren.gif?sid=H4sIAAAAAAAC%2F1RSTYgcVRd9leTbfNkYdeNCbMRFBKdTP%2F1XCRISYyQYkyGJzMaF7696nlNVr3ivqqtnFjIYkBHEdBaCG6Hm9EwGNUhmLYLUuJHZmBaUWWR2LgQ3IrqW7mkYvVB173vnPjjn3PvhZnFIXBT0YPEtvabimJ5rN93G2SWVCl3axo07Dc9tuhcaSyrttC40htOfGZz33HbTfbnxhuQr%2Bpzveq7ruV7jqjIy0sNzMxQqexh6zdBttvym125haP57toUDSx2IwSF5GkpM%2Frf8wy4Ur5Emj65Iu5Lr7JXXkyKmuTYYiJ2305VUlymS4zIyDqJ0Z94NbSeEfHYCOt2ZK4AebE0VgKkJcX7xwNKdOU2wwfYRUxZDpmDiNMpBDRnXULQG13ehxGMCcIEbN5EmD25oU9LVI5RO0Qk59fefUOWEnHryLNLk68uxGjZu67jIlU4thlEFNayh%2BjWyYg%2F5mgNV7oHnH0AJgjSpoMTBS0HH9wLfDxd6vscXWi5nC9R3vQUehh2fUq%2FT64Yza5SqoaIasRyBWgfF9FMOishBkTlIxEGDtsPIdbsRi4Kg1%2BKcBwHn7V5HtEXQ6kUuCj7lPkKejcDjEbhZR2bWsaLuT%2F37FKb4Dna5ghUObE4wEBVKSVBagpISlIqgzAnKQbUtYuvb6oGIbcG8efbnOajGOu9v0m2d92VKNrNDcmbm2m8%2F%2Fo4VedCgjLXD0O%2F5YZdGIhRRt%2BX7vU7gd9ygI0QAqyooe2KmdU1NyDPvf45sOsrVP8DoHmy8B66eAi2eBy3HXd8FXR63ei7W0l0mbZ5pkzLKpG1ynUDoCll%2BCvmqsxkfkudmZM6%2FehqS71%2Bc3Hvn7F%2F1PXBTITMV3lPfE%2FTjjfEtXZKtW7q0ZPdmlqtErdHpeG%2FnNJcnv3xTrpbaiGtX7OiLS3wKTMuHd6TNr9NUqLRvyVeXlRDSXNWGS%2FLtNbsk2WJhly8XJi2y64uvXb2WZEZaq3Rag6rH9mNwNSH%2F3%2FhktrgvvJhAmRqmqJAU%2B2QeULoGz9Zhs2P2VhOY%2BLiHZQ7Kohobnx1fxmpCmmd%2BRiz3Lz769d1LH3Wvg7IKVv7r4XG9aTfQNw5ofne2sgNTYRBXoPEItjg5zjOzf%2FGnYBZgsTNmsXG2WGzi%2B0f2WnXQkO3IjaTrSxaFLOpSV4RRK2Q09GSXtamH3E74k2%2FoPwAAAP%2F%2FAQAA%2F%2F%2FAqs4plAQAAA%3D%3D
IP 192.243.59.13:0
ASN #39572 DataWeb Global Group B.V.
File type ASCII text, with no line terminators
Hash 132d6af1b46048b45cf86cdee7991d31
eb7007d03d59b65bc6da7e098c4d38fc6dfb6285
ab852e838deccd742a03ca81d4a8d75cf1a00b327db3eaf46bd7da6b6db9384c
Analyzer Verdict Alert quad9 Sinkholed
GET /ren.gif?sid=H4sIAAAAAAAC%2F1RSTYgcVRd9leTbfNkYdeNCbMRFBKdTP%2F1XCRISYyQYkyGJzMaF7696nlNVr3ivqqtnFjIYkBHEdBaCG6Hm9EwGNUhmLYLUuJHZmBaUWWR2LgQ3IrqW7mkYvVB173vnPjjn3PvhZnFIXBT0YPEtvabimJ5rN93G2SWVCl3axo07Dc9tuhcaSyrttC40htOfGZz33HbTfbnxhuQr%2Bpzveq7ruV7jqjIy0sNzMxQqexh6zdBttvym125haP57toUDSx2IwSF5GkpM%2Frf8wy4Ur5Emj65Iu5Lr7JXXkyKmuTYYiJ2305VUlymS4zIyDqJ0Z94NbSeEfHYCOt2ZK4AebE0VgKkJcX7xwNKdOU2wwfYRUxZDpmDiNMpBDRnXULQG13ehxGMCcIEbN5EmD25oU9LVI5RO0Qk59fefUOWEnHryLNLk68uxGjZu67jIlU4thlEFNayh%2BjWyYg%2F5mgNV7oHnH0AJgjSpoMTBS0HH9wLfDxd6vscXWi5nC9R3vQUehh2fUq%2FT64Yza5SqoaIasRyBWgfF9FMOishBkTlIxEGDtsPIdbsRi4Kg1%2BKcBwHn7V5HtEXQ6kUuCj7lPkKejcDjEbhZR2bWsaLuT%2F37FKb4Dna5ghUObE4wEBVKSVBagpISlIqgzAnKQbUtYuvb6oGIbcG8efbnOajGOu9v0m2d92VKNrNDcmbm2m8%2F%2Fo4VedCgjLXD0O%2F5YZdGIhRRt%2BX7vU7gd9ygI0QAqyooe2KmdU1NyDPvf45sOsrVP8DoHmy8B66eAi2eBy3HXd8FXR63ei7W0l0mbZ5pkzLKpG1ynUDoCll%2BCvmqsxkfkudmZM6%2FehqS71%2Bc3Hvn7F%2F1PXBTITMV3lPfE%2FTjjfEtXZKtW7q0ZPdmlqtErdHpeG%2FnNJcnv3xTrpbaiGtX7OiLS3wKTMuHd6TNr9NUqLRvyVeXlRDSXNWGS%2FLtNbsk2WJhly8XJi2y64uvXb2WZEZaq3Rag6rH9mNwNSH%2F3%2FhktrgvvJhAmRqmqJAU%2B2QeULoGz9Zhs2P2VhOY%2BLiHZQ7Kohobnx1fxmpCmmd%2BRiz3Lz769d1LH3Wvg7IKVv7r4XG9aTfQNw5ofne2sgNTYRBXoPEItjg5zjOzf%2FGnYBZgsTNmsXG2WGzi%2B0f2WnXQkO3IjaTrSxaFLOpSV4RRK2Q09GSXtamH3E74k2%2FoPwAAAP%2F%2FAQAA%2F%2F%2FAqs4plAQAAA%3D%3D HTTP/1.1
Host: subscribestormyapprobation.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://bestpornbabes.com/
Cookie: u_pl=15323372; uid_id2=36213229-821c-40cb-a201-c9962aa16879:1:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.17.6
Date: Sat, 04 Feb 2023 01:56:49 GMT
Content-Type: image/gif
Content-Length: 7
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 0d566b51a28092800908b7951d52d1b0
Strict-Transport-Security: max-age=0; includeSubdomains
e1.o.lencr.org/
23.36.77.32200 OK 346 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash de26603d2dd53bbc97ab84a98a423fc8
0ef00c310251712fe1993300278436541a835629
a751738f67caaaf0a6be71b9a542dc444fe76fa18cadbaa963090627d01e894d
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 346
ETag: "A751738F67CAAAF0A6BE71B9A542DC444FE76FA18CADBAA963090627D01E894D"
Last-Modified: Fri, 03 Feb 2023 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=14997
Expires: Sat, 04 Feb 2023 06:06:47 GMT
Date: Sat, 04 Feb 2023 01:56:50 GMT
Connection: keep-alive
e1.o.lencr.org/
23.36.77.32200 OK 346 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash de26603d2dd53bbc97ab84a98a423fc8
0ef00c310251712fe1993300278436541a835629
a751738f67caaaf0a6be71b9a542dc444fe76fa18cadbaa963090627d01e894d
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 346
ETag: "A751738F67CAAAF0A6BE71B9A542DC444FE76FA18CADBAA963090627D01E894D"
Last-Modified: Fri, 03 Feb 2023 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=14997
Expires: Sat, 04 Feb 2023 06:06:47 GMT
Date: Sat, 04 Feb 2023 01:56:50 GMT
Connection: keep-alive
e1.o.lencr.org/
23.36.77.32200 OK 346 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash de26603d2dd53bbc97ab84a98a423fc8
0ef00c310251712fe1993300278436541a835629
a751738f67caaaf0a6be71b9a542dc444fe76fa18cadbaa963090627d01e894d
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 346
ETag: "A751738F67CAAAF0A6BE71B9A542DC444FE76FA18CADBAA963090627D01E894D"
Last-Modified: Fri, 03 Feb 2023 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=14997
Expires: Sat, 04 Feb 2023 06:06:47 GMT
Date: Sat, 04 Feb 2023 01:56:50 GMT
Connection: keep-alive
fonts.googleapis.com/css?family=Roboto:300,400,700&display=swap
142.250.74.138200 OK 660 B URL HTTP/1.1 fonts.googleapis.com/css?family=Roboto:300,400,700&display=swap
IP 142.250.74.138:0
Hash 55130bf120bd75a4bba7d678be617cdf
77b172c0cc1d15e60ab95edccf3ac1e640d16812
262b9e8c2eeba18bdc3dd53ac7bbacdbbec713a9443ff5dc34e359de56ea040d
GET /css?family=Roboto:300,400,700&display=swap HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
HTTP/1.1 200 OK
Content-Type: text/css; charset=utf-8
Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
Link: <http://fonts.gstatic.com>; rel=preconnect; crossorigin
Expires: Sat, 04 Feb 2023 01:56:50 GMT
Date: Sat, 04 Feb 2023 01:56:50 GMT
Cache-Control: private, max-age=86400
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy: same-origin-allow-popups
Content-Encoding: gzip
Transfer-Encoding: chunked
Server: ESF
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
ocsp.digicert.com/
93.184.220.29200 OK 279 B IP 93.184.220.29:0
Hash 8df5ddf201e54283a25881c0f3f76082
c0915ec39a113a65908e4956ae0f1e9919dfd992
fdb686441eb7b5b55c915bf8fc5200a0173bfc2a0949cdef442368c1b2809a18
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4895
Cache-Control: max-age=105967
Content-Type: application/ocsp-response
Date: Sat, 04 Feb 2023 01:56:50 GMT
Etag: "63dca332-117"
Expires: Sun, 05 Feb 2023 07:22:57 GMT
Last-Modified: Fri, 03 Feb 2023 06:01:22 GMT
Server: ECS (ska/F71B)
X-Cache: HIT
Content-Length: 279
img.strpst.com/thumbs/1675475761/93440835
104.18.63.132200 OK 65 kB URL HTTP/2 img.strpst.com/thumbs/1675475761/93440835
IP 104.18.63.132:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 0x0, segment length 16, progressive, precision 8, 640x360, components 3\012- data
Hash 67b38502f8ec5a075718f23f027564f4
52df8514fbcb2d1a629ebc9e0ac8f7f5254f176d
7abd76846074968cce9e4eae7673b1d04f3523be24110080216e7cd47ba6fbd1
GET /thumbs/1675475761/93440835 HTTP/1.1
Host: img.strpst.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://creative.xlrdr.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 04 Feb 2023 01:56:50 GMT
content-type: image/jpeg
content-length: 64762
access-control-allow-credentials: true
access-control-allow-headers: *
access-control-allow-methods: GET
access-control-allow-origin: *
cf-bgj: imgq:100,h2pri
cf-polished: origSize=67043, status=webp_bigger
etag: "f6cc3dd1fee63816283f1401436067fa"
last-modified: Sat, 04 Feb 2023 01:55:34 GMT
cf-cache-status: HIT
age: 18
expires: Sat, 04 Feb 2023 02:26:50 GMT
cache-control: public, max-age=1800
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 793fcac5787a0b3d-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
cdn.creative-bars1.com/sb/ssp/utility/social-media/facebook/img/close.svg
172.64.166.9200 OK 1.1 kB URL HTTP/2 cdn.creative-bars1.com/sb/ssp/utility/social-media/facebook/img/close.svg
IP 172.64.166.9:0
File type SVG Scalable Vector Graphics image\012- XML 1.0 document text\012- XML document text\012- exported SGML document, ASCII text, with CRLF line terminators
Hash edb1d59c5b13639d5887c988790fc2bf
db08b7c62a65d991388dd066e3310e8bb7eccb29
9c35585d5916b83a40ca44cae8b94151456302cccbdc19116673a4ac2532b581
GET /sb/ssp/utility/social-media/facebook/img/close.svg HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sat, 04 Feb 2023 01:56:50 GMT
content-type: image/svg+xml
last-modified: Thu, 11 Feb 2021 15:13:59 GMT
etag: W/"602549b7-52a"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 729469
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=yceQ%2Fp6S0dB%2FJtLDEXAh7q9XCJNFnlvnv%2FalVsVNWRidUyZRl0ul%2BKTou95x1giKs12aFI%2Bi97%2FlNRIHKyJOXY1sckWpOc94A8eqSXzWJWLDxXLX7r%2Fi8%2Be7sbRpILc3EATWkgohFaUU"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 793fcac56fd28867-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 279 B IP 93.184.220.29:0
Hash 8df5ddf201e54283a25881c0f3f76082
c0915ec39a113a65908e4956ae0f1e9919dfd992
fdb686441eb7b5b55c915bf8fc5200a0173bfc2a0949cdef442368c1b2809a18
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4895
Cache-Control: max-age=105967
Content-Type: application/ocsp-response
Date: Sat, 04 Feb 2023 01:56:50 GMT
Etag: "63dca332-117"
Expires: Sun, 05 Feb 2023 07:22:57 GMT
Last-Modified: Fri, 03 Feb 2023 06:01:22 GMT
Server: ECS (ska/F71B)
X-Cache: HIT
Content-Length: 279
e1.o.lencr.org/
23.36.77.32200 OK 346 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash de26603d2dd53bbc97ab84a98a423fc8
0ef00c310251712fe1993300278436541a835629
a751738f67caaaf0a6be71b9a542dc444fe76fa18cadbaa963090627d01e894d
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 346
ETag: "A751738F67CAAAF0A6BE71B9A542DC444FE76FA18CADBAA963090627D01E894D"
Last-Modified: Fri, 03 Feb 2023 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=14997
Expires: Sat, 04 Feb 2023 06:06:47 GMT
Date: Sat, 04 Feb 2023 01:56:50 GMT
Connection: keep-alive
cdn.cloudimagesb.com/si/83/3d/e5/833de546c56c331bebb4de53b31dba05/1669388537.png
45.133.44.9200 OK 78 kB URL HTTP/2 cdn.cloudimagesb.com/si/83/3d/e5/833de546c56c331bebb4de53b31dba05/1669388537.png
IP 45.133.44.9:0
ASN #39572 DataWeb Global Group B.V.
File type PNG image data, 192 x 192, 8-bit/color RGBA, non-interlaced\012- data
Hash b5363f9084c2365d15b9c8524ef0bad7
61bb4d49ffa7276b01447c15de4f4f9fc3da3c79
7939092319490c3a974f459a094ead8ab72bdc3915af2956c1fba6cf489d732a
GET /si/83/3d/e5/833de546c56c331bebb4de53b31dba05/1669388537.png HTTP/1.1
Host: cdn.cloudimagesb.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 04 Feb 2023 01:56:50 GMT
content-type: image/png
content-length: 78101
server: nginx/1.17.6
last-modified: Fri, 25 Nov 2022 15:02:26 GMT
etag: "6380d902-13115"
expires: Mon, 06 Feb 2023 01:56:50 GMT
cache-control: max-age=172800
x-proxy-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2
216.58.207.227200 OK 16 kB URL HTTP/1.1 fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2
IP 216.58.207.227:0
File type Web Open Font Format (Version 2), TrueType, length 15860, version 1.0\012- data
Hash e9f5aaf547f165386cd313b995dddd8e
acdef5603c2387b0e5bffd744b679a24a8bc1968
f5aebdfea35d1e7656ef4acc5db1f243209755ae3300943ef8fc6280f363c860
GET /s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://bestpornbabes.com
Connection: keep-alive
Referer: http://fonts.googleapis.com/
HTTP/1.1 200 OK
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Content-Security-Policy-Report-Only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy: same-origin; report-to="apps-themes"
Report-To: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
Timing-Allow-Origin: *
Content-Length: 15860
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 0
Date: Thu, 02 Feb 2023 00:13:21 GMT
Expires: Fri, 02 Feb 2024 00:13:21 GMT
Cache-Control: public, max-age=31536000
Age: 179009
Last-Modified: Wed, 11 May 2022 19:24:42 GMT
Content-Type: font/woff2
fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2
216.58.207.227200 OK 16 kB URL HTTP/1.1 fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2
IP 216.58.207.227:0
File type Web Open Font Format (Version 2), TrueType, length 15744, version 1.0\012- data
Hash 15d9f621c3bd1599f0169dcf0bd5e63e
7ca9c5967f3bb8bffeab24b639b49c1e7d03fa52
f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615
GET /s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://bestpornbabes.com
Connection: keep-alive
Referer: http://fonts.googleapis.com/
HTTP/1.1 200 OK
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Content-Security-Policy-Report-Only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy: same-origin; report-to="apps-themes"
Report-To: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
Timing-Allow-Origin: *
Content-Length: 15744
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 0
Date: Fri, 03 Feb 2023 18:19:39 GMT
Expires: Sat, 03 Feb 2024 18:19:39 GMT
Cache-Control: public, max-age=31536000
Age: 27431
Last-Modified: Wed, 11 May 2022 19:24:48 GMT
Content-Type: font/woff2
subscribestormyapprobation.com/impr.gif?sid=H4sIAAAAAAAC%2F1RST2gkxReu3s3v8tuLq148iIN4WMFM%2Bs%2F8610kbFwjwZgNuyu5eLC6qnpSprurqeqenuQgwQWJIO7sQfAidL5JNqiLbM4iSMeL5OKOoOSwuXkQvIjoWWYyEH3Q%2FV7V9wq%2B73vvw938lNjI6cnqW2pLRhGda9bt2pU1mXBVmNrKnZpj1%2B1rtTWZtBrXav3xT%2FeuOnazbr9ce0OwDTXn2o5tO7ZTW5RahKo%2FN0Eh04e%2BU%2FftesOtO80G%2Bvq%2FZ5NbMNQC752SpyH56H%2FrPxxCsgpJ%2FOiGMBuZSl95Pc4jmimNHj94O9lIVJEgPi9DbSFMDqbdUGZEyGcXoJKDqQKo3t5YAQI5ItYvDoLkYEoTQW%2F%2FjGkQQSQI%2BCUUvQoiqiBpBabuQvLHBGAcKzeRxA9WlC7o5hlKx%2BiIzPz9J2QxIjNPnkUSf70QyX7ttoryTKrEoB%2BWkP0KslshzY%2BQbVmQxRFY9gEkJ0jiEpKfvOS1XMdzXX%2B24zpstmGzYJa6tjPLfL%2FlUuq0Om1%2FYo2UFWRYIRIDUGMhH3%2FSQh5ayFMLMT%2Bp0aYf2nY7DELP6zQYY57HWLPT4k3uNTqhjZyNuQ%2BQpQOwaACmt5HqbWzI%2B2P%2FPoXOv4NZL2G4BZMR9HiJQhAUhqCgBIUkKDKColfu88i4pnzAI5MHzjS70%2ByVQ5V1d%2Bm%2ByroiIbvpKbk8ce23H3%2FHhjip0SBo%2Br7bcf02DbnPw3bDdTstz23ZXotzD0aWkObCROuWHJFn3v8c6XiUm38goEcw0RGYfAo0fx60GLZdG3R92OjY2EoOA2GyVOkkoIEwdaZicFUizWaQbVq70Sl5bkLm6quXINjx%2FOjeO1f%2Bqu6B6RKpLvGe%2FJ6gG%2B0Mb6mC7N1ShSGHN9NMxnKLjsd7O6OZuPjlm2KzUJov3TCDL66zMTAuH94RJlumCZdJ15CvFiTnQi8qzQT5dsmsiWA1N%2BsLuU7ydHn1tcWlONXCGKmSClQ%2BNh%2BDyRH5%2F84nk8V94cUYUlfQeYk4PybTgFQVWLoNk56zN4pAR%2Bc9QWqhyMuhdoPzy0iOSP3yz4jE8fyjX9%2B9%2FlF7GTQoYcS%2FHp7Xu2YHXW2BZncnK9vTJXpRCRoNYPKLwyzVx%2FM%2FeZNAEFnDINLWXhDp6P6ZvUae1JpOQ3SCTptxHgjGnbbrdTzbdjlvtH3h%2BMjMiD35hv4DAAD%2F%2FwEAAP%2F%2F1KJAz5QEAAA%3D
192.243.59.13200 OK 7 B URL HTTP/1.1 subscribestormyapprobation.com/impr.gif?sid=H4sIAAAAAAAC%2F1RST2gkxReu3s3v8tuLq148iIN4WMFM%2Bs%2F8610kbFwjwZgNuyu5eLC6qnpSprurqeqenuQgwQWJIO7sQfAidL5JNqiLbM4iSMeL5OKOoOSwuXkQvIjoWWYyEH3Q%2FV7V9wq%2B73vvw938lNjI6cnqW2pLRhGda9bt2pU1mXBVmNrKnZpj1%2B1rtTWZtBrXav3xT%2FeuOnazbr9ce0OwDTXn2o5tO7ZTW5RahKo%2FN0Eh04e%2BU%2FftesOtO80G%2Bvq%2FZ5NbMNQC752SpyH56H%2FrPxxCsgpJ%2FOiGMBuZSl95Pc4jmimNHj94O9lIVJEgPi9DbSFMDqbdUGZEyGcXoJKDqQKo3t5YAQI5ItYvDoLkYEoTQW%2F%2FjGkQQSQI%2BCUUvQoiqiBpBabuQvLHBGAcKzeRxA9WlC7o5hlKx%2BiIzPz9J2QxIjNPnkUSf70QyX7ttoryTKrEoB%2BWkP0KslshzY%2BQbVmQxRFY9gEkJ0jiEpKfvOS1XMdzXX%2B24zpstmGzYJa6tjPLfL%2FlUuq0Om1%2FYo2UFWRYIRIDUGMhH3%2FSQh5ayFMLMT%2Bp0aYf2nY7DELP6zQYY57HWLPT4k3uNTqhjZyNuQ%2BQpQOwaACmt5HqbWzI%2B2P%2FPoXOv4NZL2G4BZMR9HiJQhAUhqCgBIUkKDKColfu88i4pnzAI5MHzjS70%2ByVQ5V1d%2Bm%2ByroiIbvpKbk8ce23H3%2FHhjip0SBo%2Br7bcf02DbnPw3bDdTstz23ZXotzD0aWkObCROuWHJFn3v8c6XiUm38goEcw0RGYfAo0fx60GLZdG3R92OjY2EoOA2GyVOkkoIEwdaZicFUizWaQbVq70Sl5bkLm6quXINjx%2FOjeO1f%2Bqu6B6RKpLvGe%2FJ6gG%2B0Mb6mC7N1ShSGHN9NMxnKLjsd7O6OZuPjlm2KzUJov3TCDL66zMTAuH94RJlumCZdJ15CvFiTnQi8qzQT5dsmsiWA1N%2BsLuU7ydHn1tcWlONXCGKmSClQ%2BNh%2BDyRH5%2F84nk8V94cUYUlfQeYk4PybTgFQVWLoNk56zN4pAR%2Bc9QWqhyMuhdoPzy0iOSP3yz4jE8fyjX9%2B9%2FlF7GTQoYcS%2FHp7Xu2YHXW2BZncnK9vTJXpRCRoNYPKLwyzVx%2FM%2FeZNAEFnDINLWXhDp6P6ZvUae1JpOQ3SCTptxHgjGnbbrdTzbdjlvtH3h%2BMjMiD35hv4DAAD%2F%2FwEAAP%2F%2F1KJAz5QEAAA%3D
IP 192.243.59.13:0
ASN #39572 DataWeb Global Group B.V.
File type ASCII text, with no line terminators
Hash 132d6af1b46048b45cf86cdee7991d31
eb7007d03d59b65bc6da7e098c4d38fc6dfb6285
ab852e838deccd742a03ca81d4a8d75cf1a00b327db3eaf46bd7da6b6db9384c
Analyzer Verdict Alert quad9 Sinkholed
GET /impr.gif?sid=H4sIAAAAAAAC%2F1RST2gkxReu3s3v8tuLq148iIN4WMFM%2Bs%2F8610kbFwjwZgNuyu5eLC6qnpSprurqeqenuQgwQWJIO7sQfAidL5JNqiLbM4iSMeL5OKOoOSwuXkQvIjoWWYyEH3Q%2FV7V9wq%2B73vvw938lNjI6cnqW2pLRhGda9bt2pU1mXBVmNrKnZpj1%2B1rtTWZtBrXav3xT%2FeuOnazbr9ce0OwDTXn2o5tO7ZTW5RahKo%2FN0Eh04e%2BU%2FftesOtO80G%2Bvq%2FZ5NbMNQC752SpyH56H%2FrPxxCsgpJ%2FOiGMBuZSl95Pc4jmimNHj94O9lIVJEgPi9DbSFMDqbdUGZEyGcXoJKDqQKo3t5YAQI5ItYvDoLkYEoTQW%2F%2FjGkQQSQI%2BCUUvQoiqiBpBabuQvLHBGAcKzeRxA9WlC7o5hlKx%2BiIzPz9J2QxIjNPnkUSf70QyX7ttoryTKrEoB%2BWkP0KslshzY%2BQbVmQxRFY9gEkJ0jiEpKfvOS1XMdzXX%2B24zpstmGzYJa6tjPLfL%2FlUuq0Om1%2FYo2UFWRYIRIDUGMhH3%2FSQh5ayFMLMT%2Bp0aYf2nY7DELP6zQYY57HWLPT4k3uNTqhjZyNuQ%2BQpQOwaACmt5HqbWzI%2B2P%2FPoXOv4NZL2G4BZMR9HiJQhAUhqCgBIUkKDKColfu88i4pnzAI5MHzjS70%2ByVQ5V1d%2Bm%2ByroiIbvpKbk8ce23H3%2FHhjip0SBo%2Br7bcf02DbnPw3bDdTstz23ZXotzD0aWkObCROuWHJFn3v8c6XiUm38goEcw0RGYfAo0fx60GLZdG3R92OjY2EoOA2GyVOkkoIEwdaZicFUizWaQbVq70Sl5bkLm6quXINjx%2FOjeO1f%2Bqu6B6RKpLvGe%2FJ6gG%2B0Mb6mC7N1ShSGHN9NMxnKLjsd7O6OZuPjlm2KzUJov3TCDL66zMTAuH94RJlumCZdJ15CvFiTnQi8qzQT5dsmsiWA1N%2BsLuU7ydHn1tcWlONXCGKmSClQ%2BNh%2BDyRH5%2F84nk8V94cUYUlfQeYk4PybTgFQVWLoNk56zN4pAR%2Bc9QWqhyMuhdoPzy0iOSP3yz4jE8fyjX9%2B9%2FlF7GTQoYcS%2FHp7Xu2YHXW2BZncnK9vTJXpRCRoNYPKLwyzVx%2FM%2FeZNAEFnDINLWXhDp6P6ZvUae1JpOQ3SCTptxHgjGnbbrdTzbdjlvtH3h%2BMjMiD35hv4DAAD%2F%2FwEAAP%2F%2F1KJAz5QEAAA%3D HTTP/1.1
Host: subscribestormyapprobation.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://bestpornbabes.com/
Cookie: u_pl=15323372; uid_id2=36213229-821c-40cb-a201-c9962aa16879:1:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.17.6
Date: Sat, 04 Feb 2023 01:56:50 GMT
Content-Type: image/gif
Content-Length: 7
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 7c003e0d0ef7469b4aeef08b8c912f6f
Strict-Transport-Security: max-age=0; includeSubdomains
subscribestormyapprobation.com/pixel/sbs?c=1
192.243.59.13200 OK 0 B URL HTTP/1.1 subscribestormyapprobation.com/pixel/sbs?c=1
IP 192.243.59.13:0
ASN #39572 DataWeb Global Group B.V.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /pixel/sbs?c=1 HTTP/1.1
Host: subscribestormyapprobation.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://bestpornbabes.com/
Cookie: u_pl=15323372; uid_id2=36213229-821c-40cb-a201-c9962aa16879:1:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.17.6
Date: Sat, 04 Feb 2023 01:56:50 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
adxadserv.com/px/heartbeat/v1?pv_uid=6c4a74e8-321f-4f42-8123-0da9d6bf4ea0&t_op=5.431&p_nn=adxad-rtb&fpid_sa=1675475842551&fpid=a123ccc038c6ea9a38feaaf71c6e9493&feid_sa=1675475842551&sid_sa=1675475842551&feid=7f58dcd9ab0dbcd8eb7eaf889bd053ae&sid=46e8893ba509513b110ff8a07e985aeb&u_adb=0&vn=T-0.1.1&utm_typ=referral&utm_src=syndication.exosrv.com&s_rst=0&ts=%5B0%2Cfalse%2Cfalse%5D&pl=Linux%20x86_64&cc=NA&ss=1&ls=1&idb=1&ab=0&od=0&ll=0&lr=0&lo=1&lb=0&cd=24&hc=16&dm=-1&dt=2&ed=-1&sr=5497558139882&fb=10384
185.98.53.29200 OK 0 B URL HTTP/1.1 adxadserv.com/px/heartbeat/v1?pv_uid=6c4a74e8-321f-4f42-8123-0da9d6bf4ea0&t_op=5.431&p_nn=adxad-rtb&fpid_sa=1675475842551&fpid=a123ccc038c6ea9a38feaaf71c6e9493&feid_sa=1675475842551&sid_sa=1675475842551&feid=7f58dcd9ab0dbcd8eb7eaf889bd053ae&sid=46e8893ba509513b110ff8a07e985aeb&u_adb=0&vn=T-0.1.1&utm_typ=referral&utm_src=syndication.exosrv.com&s_rst=0&ts=%5B0%2Cfalse%2Cfalse%5D&pl=Linux%20x86_64&cc=NA&ss=1&ls=1&idb=1&ab=0&od=0&ll=0&lr=0&lo=1&lb=0&cd=24&hc=16&dm=-1&dt=2&ed=-1&sr=5497558139882&fb=10384
IP 185.98.53.29:0
ASN #39572 DataWeb Global Group B.V.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /px/heartbeat/v1?pv_uid=6c4a74e8-321f-4f42-8123-0da9d6bf4ea0&t_op=5.431&p_nn=adxad-rtb&fpid_sa=1675475842551&fpid=a123ccc038c6ea9a38feaaf71c6e9493&feid_sa=1675475842551&sid_sa=1675475842551&feid=7f58dcd9ab0dbcd8eb7eaf889bd053ae&sid=46e8893ba509513b110ff8a07e985aeb&u_adb=0&vn=T-0.1.1&utm_typ=referral&utm_src=syndication.exosrv.com&s_rst=0&ts=%5B0%2Cfalse%2Cfalse%5D&pl=Linux%20x86_64&cc=NA&ss=1&ls=1&idb=1&ab=0&od=0&ll=0&lr=0&lo=1&lb=0&cd=24&hc=16&dm=-1&dt=2&ed=-1&sr=5497558139882&fb=10384 HTTP/1.1
Host: adxadserv.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: text/plain;charset=UTF-8
Content-Length: 1
Origin: http://ads.adxadserv.com
Connection: keep-alive
Referer: http://ads.adxadserv.com/
HTTP/1.1 200 OK
Server: nginx/1.20.1
Date: Sat, 04 Feb 2023 01:56:54 GMT
Content-Length: 0
Connection: keep-alive
adxadserv.com/px/heartbeat/v1?pv_uid=a7ff51aa-2824-492e-b8bc-77147d3633c0&t_op=5.47&p_nn=adxad-rtb&fpid_sa=1675475842551&fpid=42375006a186011f55b46873e42698f7&feid_sa=1675475842551&sid_sa=1675475842551&feid=7f58dcd9ab0dbcd8eb7eaf889bd053ae&sid=46e8893ba509513b110ff8a07e985aeb&u_adb=1&vn=T-0.1.1&utm_typ=referral&utm_src=syndication.exosrv.com&s_rst=0&ts=%5B0%2Cfalse%2Cfalse%5D&pl=Linux%20x86_64&cc=NA&ss=1&ls=1&idb=1&ab=0&od=0&ll=0&lr=0&lo=1&lb=0&cd=24&hc=16&dm=-1&dt=2&ed=-1&sr=5497558139882&fb=0
185.98.53.29200 OK 0 B URL HTTP/1.1 adxadserv.com/px/heartbeat/v1?pv_uid=a7ff51aa-2824-492e-b8bc-77147d3633c0&t_op=5.47&p_nn=adxad-rtb&fpid_sa=1675475842551&fpid=42375006a186011f55b46873e42698f7&feid_sa=1675475842551&sid_sa=1675475842551&feid=7f58dcd9ab0dbcd8eb7eaf889bd053ae&sid=46e8893ba509513b110ff8a07e985aeb&u_adb=1&vn=T-0.1.1&utm_typ=referral&utm_src=syndication.exosrv.com&s_rst=0&ts=%5B0%2Cfalse%2Cfalse%5D&pl=Linux%20x86_64&cc=NA&ss=1&ls=1&idb=1&ab=0&od=0&ll=0&lr=0&lo=1&lb=0&cd=24&hc=16&dm=-1&dt=2&ed=-1&sr=5497558139882&fb=0
IP 185.98.53.29:0
ASN #39572 DataWeb Global Group B.V.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /px/heartbeat/v1?pv_uid=a7ff51aa-2824-492e-b8bc-77147d3633c0&t_op=5.47&p_nn=adxad-rtb&fpid_sa=1675475842551&fpid=42375006a186011f55b46873e42698f7&feid_sa=1675475842551&sid_sa=1675475842551&feid=7f58dcd9ab0dbcd8eb7eaf889bd053ae&sid=46e8893ba509513b110ff8a07e985aeb&u_adb=1&vn=T-0.1.1&utm_typ=referral&utm_src=syndication.exosrv.com&s_rst=0&ts=%5B0%2Cfalse%2Cfalse%5D&pl=Linux%20x86_64&cc=NA&ss=1&ls=1&idb=1&ab=0&od=0&ll=0&lr=0&lo=1&lb=0&cd=24&hc=16&dm=-1&dt=2&ed=-1&sr=5497558139882&fb=0 HTTP/1.1
Host: adxadserv.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: text/plain;charset=UTF-8
Content-Length: 1
Origin: http://ads.adxadserv.com
Connection: keep-alive
Referer: http://ads.adxadserv.com/
HTTP/1.1 200 OK
Server: nginx/1.20.1
Date: Sat, 04 Feb 2023 01:56:54 GMT
Content-Length: 0
Connection: keep-alive
a.exosrv.com/ads.js
185.76.9.26200 OK 0 B IP 185.76.9.26:0
ASN #60068 Datacamp Limited
GET /ads.js HTTP/1.1
Host: a.exosrv.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://bestpornbabes.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 04 Feb 2023 01:56:47 GMT
content-type: application/javascript
etag: W/"b60fdcc211f42a1f246a8c80b56"
expires: Thu, 02 Feb 2023 18:45:33 GMT
cache-control: max-age=10800
access-control-allow-origin: *
x-cache-op: HIT
x-accel-expires: @1675482412
server: CDN77-Turbo
x-77-nzt: AblMCRRC/7H/YxAAAA
x-77-nzt-ray: af58563008b238885fbbdd631f610339
x-cache: HIT
x-age: 4195
x-77-pop: stockholmSE
x-77-cache: HIT
content-encoding: gzip
X-Firefox-Spdy: h2
chaturbate.com/affiliates/promotools/popup/uZhag/popchaturbaterevshare.js
104.18.101.40200 OK 0 B URL HTTP/2 chaturbate.com/affiliates/promotools/popup/uZhag/popchaturbaterevshare.js
IP 104.18.101.40:0
GET /affiliates/promotools/popup/uZhag/popchaturbaterevshare.js HTTP/1.1
Host: chaturbate.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://bestpornbabes.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 04 Feb 2023 01:56:48 GMT
content-type: application/javascript
p3p: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"
vary: Accept-Language, Cookie, Accept-Encoding
content-language: en
content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.mmcdn.com https://*.highwebmedia.com https://*.chaturbate.com https://chaturbate.com https://ajax.googleapis.com https://js-agent.newrelic.com https://cdnjs.cloudflare.com https://www.google-analytics.com https://www.google.com/recaptcha/ https://www.google.com/cv/ https://www.gstatic.com/recaptcha/ https://www.gstatic.com/cv/ https://www.gstatic.com/eureka/ https://www.gstatic.com/cast/ https://*.nr-data.net https://certify-js.alexametrics.com https://player.vimeo.com/api/player.js https://static.hotjar.com https://script.hotjar.com ; style-src 'self' data: 'unsafe-inline' https://*.highwebmedia.com https://cdnjs.cloudflare.com https://fonts.googleapis.com https://static.hotjar.com https://script.hotjar.com; img-src 'self' data: https://*.mmcdn.com https://*.highwebmedia.com https://*.stream.highwebmedia.com https://*.chaturbate.com https://chaturbate.com https://www.google-analytics.com https://static-pub.highwebmedia.com https://s3pv.highwebmedia.com https://cbphotovideo.s3.amazonaws.com https://cbphotovideo-eu.s3.amazonaws.com https://static-pub.highwebmedia.com.s3.amazonaws.com https://wowdvr.s3.amazonaws.com https://cbvideoupload.s3.amazonaws.com https://cdnjs.cloudflare.com https://www.gstatic.com https://*.nr-data.net https://certify.alexametrics.com https://stats.g.doubleclick.net https://cbgames.s3.amazonaws.com https://player.vimeo.com https://script.hotjar.com http://script.hotjar.com ; font-src 'self' data: https://*.mmcdn.com https://*.highwebmedia.com https://cdnjs.cloudflare.com https://fonts.gstatic.com http://script.hotjar.com https://script.hotjar.com ; connect-src 'self' blob: blob https://*.mmcdn.com wss://*.mmcdn.com wss://*.mmcdn.com:8443 https://*.highwebmedia.com wss://*.highwebmedia.com wss://*.highwebmedia.com:8443 https://*.nr-data.net https://*.chaturbate.com https://chaturbate.com https://www.google-analytics.com https://cbvideoupload.s3-accelerate.amazonaws.com https://stats.g.doubleclick.net https://internet-up.ably-realtime.com https://static-pub.highwebmedia.com https://s3pv.highwebmedia.com https://cbphotovideo.s3.amazonaws.com https://cbphotovideo-eu.s3.amazonaws.com https://static-pub.highwebmedia.com.s3.amazonaws.com https://wowdvr.s3.amazonaws.com https://cbvideoupload.s3.amazonaws.com https://tls-use1.fpapi.io https://use1.fptls.com https://eun1.fptls.com https://aps1.fptls.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com ; media-src 'self' https://*.mmcdn.com https://*.highwebmedia.com https://*.chaturbate.com https://chaturbate.com mediasource: blob: data: https://static-pub.highwebmedia.com https://s3pv.highwebmedia.com https://cbphotovideo.s3.amazonaws.com https://cbphotovideo-eu.s3.amazonaws.com https://static-pub.highwebmedia.com.s3.amazonaws.com https://wowdvr.s3.amazonaws.com https://cbvideoupload.s3.amazonaws.com; object-src 'self' https://*.mmcdn.com https://*.highwebmedia.com https://download.macromedia.com https://static-pub.highwebmedia.com https://s3pv.highwebmedia.com https://cbphotovideo.s3.amazonaws.com https://cbphotovideo-eu.s3.amazonaws.com https://static-pub.highwebmedia.com.s3.amazonaws.com https://wowdvr.s3.amazonaws.com https://cbvideoupload.s3.amazonaws.com ; frame-src 'self' https://*.mmcdn.com https://*.chaturbate.com https://chaturbate.com https://*.highwebmedia.com https://adserver.exoticads.com https://www.google.com/recaptcha/ https://*.wnu.com https://wnu.com https://checkout.2000charge.com https://www.sofort.com https://*.girogate.de https://player.vimeo.com https://vars.hotjar.com ; child-src 'self' blob: blob ; worker-src 'self' blob: blob ; form-action 'self' https://*.chaturbate.com https://chaturbate.com https://*.stream.highwebmedia.com https://*.wnu.com https://wnu.com https://devportal.cb.dev https://*.web.amer-1.jumio.ai https://smartpay.coinsmart.com https://secure.paygarden.com ; manifest-src 'self' https://*.mmcdn.com https://*.highwebmedia.com ; report-uri https://report-uri.mmcdn.com/r/t/csp/enforce;
report-to: {"group":"default","max_age":2592000,"endpoints":[{"url":"https://report-uri.mmcdn.com/a/t/g"}],"include_subdomains":true}
nel: {"report_to":"default","max_age":2592000,"include_subdomains":true}
x-frame-options: DENY
cache-control: no-cache
x-content-type-options: nosniff
x-xss-protection: 1; mode=block; report=https://report-uri.highwebmedia.com/r/t/xss/enforce
referrer-policy: strict-origin-when-cross-origin
via: 1.1 google
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cf-cache-status: MISS
last-modified: Sat, 04 Feb 2023 01:56:48 GMT
set-cookie: __cf_bm=sQxUeEv6wfLvJiscOYilqxIyn_CUjYxtMyhpqkOxzqM-1675475808-0-ASVZIuXvTtp1o0KNiMOczafBim6sEmClfC1ngzWBY3wrfQQ/dl7ks3YwgbfCKnoS7ioRC6gRn6a53wPHh9j9PhY=; path=/; expires=Sat, 04-Feb-23 02:26:48 GMT; domain=.chaturbate.com; HttpOnly; Secure; SameSite=None
strict-transport-security: max-age=31536000; includeSubDomains; preload
server: cloudflare
cf-ray: 793fcab78c540b65-OSL
content-encoding: br
X-Firefox-Spdy: h2
static.adxadserv.com/js/adb.js
185.76.9.23200 OK 0 B URL HTTP/2 static.adxadserv.com/js/adb.js
IP 185.76.9.23:0
ASN #60068 Datacamp Limited
GET /js/adb.js HTTP/1.1
Host: static.adxadserv.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://syndication.exosrv.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 04 Feb 2023 01:56:48 GMT
content-type: application/javascript
last-modified: Tue, 24 Mar 2020 11:15:59 GMT
etag: W/"5e79ebef-532"
x-accel-expires: @1676019704
server: CDN77-Turbo
x-77-nzt: AblMCRQGy8L/aIUHAA
x-77-nzt-ray: af585630ebb5208a60bbdd633b646821
x-cache: HIT
x-age: 492904
x-77-pop: stockholmSE
x-77-cache: HIT
content-encoding: gzip
X-Firefox-Spdy: h2
creative.strpjmp.com/widgets/wrapper/?banner=300x100%2Fenglish%2F1.gif&campaignId=a9988d37c4a7422acf1f7b13b06aefa0acee3aba47179a8862b2e1349958ebc0&creativeId=5b053a3185f536205088645857111f85da1d459387845476807bc4b5b61622d9&domain=stripchat&language=en&path=%2Fsignup&sound=off&trackOff=1&userId=2f82e51a35f05029ccdc351923ae9788dc8b0f0c3fc79a5ea1419437e91975b8
104.18.62.219200 OK 0 B URL HTTP/2 creative.strpjmp.com/widgets/wrapper/?banner=300x100%2Fenglish%2F1.gif&campaignId=a9988d37c4a7422acf1f7b13b06aefa0acee3aba47179a8862b2e1349958ebc0&creativeId=5b053a3185f536205088645857111f85da1d459387845476807bc4b5b61622d9&domain=stripchat&language=en&path=%2Fsignup&sound=off&trackOff=1&userId=2f82e51a35f05029ccdc351923ae9788dc8b0f0c3fc79a5ea1419437e91975b8
IP 104.18.62.219:0
GET /widgets/wrapper/?banner=300x100%2Fenglish%2F1.gif&campaignId=a9988d37c4a7422acf1f7b13b06aefa0acee3aba47179a8862b2e1349958ebc0&creativeId=5b053a3185f536205088645857111f85da1d459387845476807bc4b5b61622d9&domain=stripchat&language=en&path=%2Fsignup&sound=off&trackOff=1&userId=2f82e51a35f05029ccdc351923ae9788dc8b0f0c3fc79a5ea1419437e91975b8 HTTP/1.1
Host: creative.strpjmp.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://syndication.exosrv.com/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sat, 04 Feb 2023 01:56:48 GMT
content-type: text/html
last-modified: Tue, 31 Jan 2023 09:49:28 GMT
expires: Sat, 04 Feb 2023 01:56:58 GMT
cache-control: max-age=10
strict-transport-security: max-age=15768000
pragma: public
report-to: { "endpoints":[{ "url": "https://go.stripchat.com/report" }], "group": "default", "max_age": 1048576 }
cf-cache-status: DYNAMIC
server: cloudflare
cf-ray: 793fcabb986ab503-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
creative.xlrdr.com/widgets/v4/Universal/main.33831b792a3809ba493a.css
104.18.51.106200 OK 0 B URL HTTP/2 creative.xlrdr.com/widgets/v4/Universal/main.33831b792a3809ba493a.css
IP 104.18.51.106:0
GET /widgets/v4/Universal/main.33831b792a3809ba493a.css HTTP/1.1
Host: creative.xlrdr.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://creative.xlrdr.com/widgets/v4/Universal?tag=girls&modelsLanguage=en&thumbsMargin=0&gridRows=1&gridColumns=1&sourceId=300x250_ased_adx_st_dt_en&creativeId=300x250_ased_adx_st_dt_en&responsive=0&hideButton=1&hideTitle=1&userId=2ff61e17e3557af46fe2d3810f37b5c411b3fbc3852006cff0fa2d8d6e4a6f7d&autoplay=all&autoplayForce=1&showModal=signup&memberId={clickid}
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sat, 04 Feb 2023 01:56:49 GMT
content-type: text/css
last-modified: Tue, 31 Jan 2023 09:52:08 GMT
etag: W/"63d8e4c8-3403"
expires: Sat, 04 Feb 2023 01:56:46 GMT
cache-control: max-age=10
pragma: public
cf-cache-status: HIT
age: 4
vary: Accept-Encoding
server: cloudflare
cf-ray: 793fcac29b44b512-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
cdn.barscreative1.com/sb/au/b6/cf/48/b6cf48ca3e8ab4bdbcfaa2279b0fb2bc/1613726822.html
45.133.44.3200 OK 0 B URL HTTP/2 cdn.barscreative1.com/sb/au/b6/cf/48/b6cf48ca3e8ab4bdbcfaa2279b0fb2bc/1613726822.html
IP 45.133.44.3:0
ASN #39572 DataWeb Global Group B.V.
Analyzer Verdict Alert fortinet Phishing
GET /sb/au/b6/cf/48/b6cf48ca3e8ab4bdbcfaa2279b0fb2bc/1613726822.html HTTP/1.1
Host: cdn.barscreative1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://bestpornbabes.com
Connection: keep-alive
Referer: http://bestpornbabes.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 04 Feb 2023 01:56:49 GMT
content-type: text/html; charset=utf-8
server: nginx/1.17.6
last-modified: Fri, 19 Feb 2021 09:27:09 GMT
etag: W/"602f846d-4fa"
cache-control: max-age=3600
access-control-allow-origin: *
access-control-expose-headers: Date
content-encoding: gzip
expires: Sat, 04 Feb 2023 02:56:49 GMT
x-proxy-cache: HIT
X-Firefox-Spdy: h2
go.xlrdr.com/config?url=https%3A%2F%2Fcreative.xlrdr.com%2Fwidgets%2Fv4%2FUniversal%3Ftag%3Dgirls%26modelsLanguage%3Den%26thumbsMargin%3D0%26gridRows%3D1%26gridColumns%3D1%26sourceId%3D300x250_ased_adx_st_dt_en%26creativeId%3D300x250_ased_adx_st_dt_en%26responsive%3D0%26hideButton%3D1%26hideTitle%3D1%26userId%3D2ff61e17e3557af46fe2d3810f37b5c411b3fbc3852006cff0fa2d8d6e4a6f7d%26autoplay%3Dall%26autoplayForce%3D1%26showModal%3Dsignup%26memberId%3D%7Bclickid%7D
104.18.59.150200 OK 0 B URL HTTP/2 go.xlrdr.com/config?url=https%3A%2F%2Fcreative.xlrdr.com%2Fwidgets%2Fv4%2FUniversal%3Ftag%3Dgirls%26modelsLanguage%3Den%26thumbsMargin%3D0%26gridRows%3D1%26gridColumns%3D1%26sourceId%3D300x250_ased_adx_st_dt_en%26creativeId%3D300x250_ased_adx_st_dt_en%26responsive%3D0%26hideButton%3D1%26hideTitle%3D1%26userId%3D2ff61e17e3557af46fe2d3810f37b5c411b3fbc3852006cff0fa2d8d6e4a6f7d%26autoplay%3Dall%26autoplayForce%3D1%26showModal%3Dsignup%26memberId%3D%7Bclickid%7D
IP 104.18.59.150:0
GET /config?url=https%3A%2F%2Fcreative.xlrdr.com%2Fwidgets%2Fv4%2FUniversal%3Ftag%3Dgirls%26modelsLanguage%3Den%26thumbsMargin%3D0%26gridRows%3D1%26gridColumns%3D1%26sourceId%3D300x250_ased_adx_st_dt_en%26creativeId%3D300x250_ased_adx_st_dt_en%26responsive%3D0%26hideButton%3D1%26hideTitle%3D1%26userId%3D2ff61e17e3557af46fe2d3810f37b5c411b3fbc3852006cff0fa2d8d6e4a6f7d%26autoplay%3Dall%26autoplayForce%3D1%26showModal%3Dsignup%26memberId%3D%7Bclickid%7D HTTP/1.1
Host: go.xlrdr.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://creative.xlrdr.com/
Origin: https://creative.xlrdr.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
HTTP/2 200 OK
date: Sat, 04 Feb 2023 01:56:49 GMT
content-type: application/json
access-control-allow-origin: *
last-modified: Fri, 03 Feb 2023 20:39:40 GMT
cf-cache-status: EXPIRED
set-cookie: __cflb=02DiuDfsBaY2bRYJiCdcdyuoKGiEHEbzXyxceFen5jMmE; SameSite=None; Secure; path=/; expires=Sun, 05-Feb-23 00:56:49 GMT; HttpOnly
vary: Accept-Encoding
server: cloudflare
cf-ray: 793fcac3e8be0b69-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
cdn.creative-bars1.com/sb/ssp/utility/social-media/facebook/css/animate.css
172.64.166.9200 OK 0 B URL HTTP/2 cdn.creative-bars1.com/sb/ssp/utility/social-media/facebook/css/animate.css
IP 172.64.166.9:0
GET /sb/ssp/utility/social-media/facebook/css/animate.css HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://bestpornbabes.com
Connection: keep-alive
Referer: http://bestpornbabes.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 04 Feb 2023 01:56:50 GMT
content-type: text/css
last-modified: Sat, 20 Feb 2021 08:44:40 GMT
etag: W/"6030cbf8-1358d"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=PlwONScf%2FG96GCCBQiPh43unZH0el%2B0vPVD856zAAdTrwrWsfk5jWyML2OmHebyvoQLA93%2FlzpIAe2K48etnB13qViOWUfnqVhbn7cw4%2FKypUuvHnnXqu1EvfgtZ0Mvi%2B2BinC4OSYf2"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 793fcac51b4923c6-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
static.javhdhello.com/h5/files/css/style.css
185.76.9.19200 OK 0 B URL HTTP/2 static.javhdhello.com/h5/files/css/style.css
IP 185.76.9.19:0
ASN #60068 Datacamp Limited
GET /h5/files/css/style.css HTTP/1.1
Host: static.javhdhello.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://static.javhdhello.com/h5/files/16514/300x250.html?targetUrl=http%3A%2F%2Fr.trackwilltrk.com%2Fc1%2Ffaec45e5-c3cb-4b38-b158-2fd2c0bf1489%3Fcv1%3D2fadd870-a42f-11ed-93df-e2e38133f3a0%26cv10%3Dexim_adxad_stub1_300x250_%26cv2%3D0c1c5c30286e1db21a741e4b62c8b6e4%26cv3%3Ddesktop%26cv4%3D623d833161d6e27cf559bde1%26cv5%3D623d831361d6e2739a0c4ca4%26cv6%3Den%26cv7%3Dbestpornabes.com%2BNTV-A%26cv8%3DFirefox%26cv9%3D5dd2237361d6e216933bd502%26externalId%3D2fadd870-a42f-11ed-93df-e2e38133f3a0%26p%3DeyJiIjoyNzgzMjcsImJoIjoyNTAsImJ3IjozMDAsImYiOjEsIm8iOjQsInAiOjEsInMiOjI1MzMzfQ
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sat, 04 Feb 2023 01:56:49 GMT
content-type: text/css
last-modified: Wed, 25 May 2016 08:29:12 GMT
etag: W/"57456258-7bd"
expires: Tue, 23 May 2023 11:04:47 GMT
cache-control: max-age=31536000
access-control-allow-origin: *
x-accel-expires: @1684839887
server: CDN77-Turbo
x-77-nzt: AblMCQ1j/Pv/ElFSAQ
x-77-nzt-ray: c0a4cc288703391e61bbdd63fa6c4223
x-cache: HIT
x-age: 22171922
x-77-pop: stockholmSE
x-77-cache: HIT
content-encoding: gzip
X-Firefox-Spdy: h2
go.xlrdr.com/thumbs/view
104.18.59.150200 OK 0 B IP 104.18.59.150:0
POST /thumbs/view HTTP/1.1
Host: go.xlrdr.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://creative.xlrdr.com/
Content-Type: text/plain;charset=UTF-8
Origin: https://creative.xlrdr.com
Content-Length: 81
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 200 OK
date: Sat, 04 Feb 2023 01:56:50 GMT
content-type: application/json
access-control-allow-origin: *
cf-cache-status: DYNAMIC
set-cookie: __cflb=02DiuDfsBaY2bRYJiCdd1Ddb6YkKuSHYDAEuLEeweoKx8; SameSite=None; Secure; path=/; expires=Sun, 05-Feb-23 00:56:50 GMT; HttpOnly
server: cloudflare
cf-ray: 793fcac5a9370b69-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
cdn.creative-bars1.com/sb/ssp/utility/social-media/facebook/css/style.css
172.64.166.9200 OK 0 B URL HTTP/2 cdn.creative-bars1.com/sb/ssp/utility/social-media/facebook/css/style.css
IP 172.64.166.9:0
GET /sb/ssp/utility/social-media/facebook/css/style.css HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://bestpornbabes.com
Connection: keep-alive
Referer: http://bestpornbabes.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 04 Feb 2023 01:56:50 GMT
content-type: text/css
last-modified: Fri, 27 Aug 2021 12:19:14 GMT
etag: W/"6128d842-18be"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Lu6xx4TspFjmeijcRj5BCYnip4rVE7lCNBfmpDk9k3FYOtZqDsBv7UVQjiiA0mw7SiyBUcTiLiDQtAY4MF%2BPyVEn%2FU4H%2BCyf4HqAUKt0iFmhw%2Bc73xRobnuwxBC13rrKuIeynn9XAzvw"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 793fcac52b5923c6-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2